Return to
CIMTrustCommand.cpp
CVS log
Up to [Pegasus] / pegasus / src / Clients / cimtrust
|
Return to
CIMTrustCommand.cpp
CVS log
|
Up to [Pegasus] / pegasus / src / Clients / cimtrust
|
|
File: [Pegasus] / pegasus / src / Clients / cimtrust / CIMTrustCommand.cpp
(download)
Revision: 1.13, Wed Mar 21 17:38:41 2012 UTC (12 years, 2 months ago) by karl Branch: MAIN CVS Tags: preBug9676, postBug9676, TASK-TASK_PEP362_RestfulService_branch-root, TASK-TASK_PEP362_RestfulService_branch-merged_out_from_trunk, TASK-TASK_PEP362_RestfulService_branch-merged_in_to_trunk, TASK-TASK_PEP362_RestfulService_branch-merged_in_from_branch, TASK-TASK_PEP362_RestfulService_branch-branch, TASK-PEP362_RestfulService-root, TASK-PEP362_RestfulService-merged_out_to_branch, TASK-PEP362_RestfulService-merged_out_from_trunk, TASK-PEP362_RestfulService-merged_in_to_trunk, TASK-PEP362_RestfulService-merged_in_from_branch, TASK-PEP362_RestfulService-branch, TASK-PEP317_pullop-merged_out_from_trunk, TASK-PEP317_pullop-merged_in_to_trunk, RELEASE_2_14_1, RELEASE_2_14_0-RC2, RELEASE_2_14_0-RC1, RELEASE_2_14_0, RELEASE_2_14-root, RELEASE_2_14-branch, RELEASE_2_13_0-RC2, RELEASE_2_13_0-RC1, RELEASE_2_13_0-FC, RELEASE_2_13_0, RELEASE_2_13-root, RELEASE_2_13-branch, RELEASE_2_12_1-RC1, RELEASE_2_12_1, RELEASE_2_12_0-RC1, RELEASE_2_12_0-FC, RELEASE_2_12_0, RELEASE_2_12-root, RELEASE_2_12-branch, HEAD, CIMRS_WORK_20130824 Changes since 1.12: +17 -6 lines BUG#: 9203 TITLE: cimtrust app undocumented option (-T) DESCRIPTION: Add documentation for the types and also clean up a couple of long lines in the help. |
//%LICENSE////////////////////////////////////////////////////////////////
//
// Licensed to The Open Group (TOG) under one or more contributor license
// agreements. Refer to the OpenPegasusNOTICE.txt file distributed with
// this work for additional information regarding copyright ownership.
// Each contributor licenses this file to you under the OpenPegasus Open
// Source License; you may not use this file except in compliance with the
// License.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the "Software"),
// to deal in the Software without restriction, including without limitation
// the rights to use, copy, modify, merge, publish, distribute, sublicense,
// and/or sell copies of the Software, and to permit persons to whom the
// Software is furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
//////////////////////////////////////////////////////////////////////////
//
//%/////////////////////////////////////////////////////////////////////////////
// define asprintf used to implement ultostr on Linux
#if defined(PEGASUS_LINUX_GENERIC_GNU)
#define _GNU_SOURCE
#include <features.h>
#include <stdio.h>
#endif
#include <iostream>
#include <Pegasus/Common/Config.h>
#include <Pegasus/Common/Constants.h>
#include <Pegasus/Common/System.h>
#include <Pegasus/Common/FileSystem.h>
#include <Pegasus/Common/String.h>
#include <Pegasus/Common/SSLContext.h>
#include <Pegasus/Common/InternalException.h>
#include <Pegasus/Common/PegasusAssert.h>
#include <Pegasus/Common/PegasusVersion.h>
#include <Pegasus/getoopt/getoopt.h>
#include <Clients/cliutils/CommandException.h>
#include "CIMTrustCommand.h"
PEGASUS_NAMESPACE_BEGIN
//l10n
/**
* The CLI message resource name
*/
static const char MSG_PATH [] = "pegasus/pegasusCLI";
/**
The command name.
*/
const char CIMTrustCommand::COMMAND_NAME [] = "cimtrust";
/**
Label for the usage string for this command.
*/
const char CIMTrustCommand::_USAGE [] = "Usage: ";
/**
The option character used to specify add certificate.
*/
const char CIMTrustCommand::_OPTION_ADD = 'a';
/**
The option character used to specify remove certificate.
*/
const char CIMTrustCommand::_OPTION_REMOVE = 'r';
/**
The option character used to specify list certificates.
*/
const char CIMTrustCommand::_OPTION_LIST = 'l';
/**
The option character used to specify the certificate file path.
*/
const char CIMTrustCommand::_OPTION_CERTFILE = 'f';
/**
The option character used to specify the certificate user name.
*/
const char CIMTrustCommand::_OPTION_CERTUSER = 'U';
/**
The option character used to specify the issuer name.
*/
const char CIMTrustCommand::_OPTION_ISSUER = 'i';
/**
The option character used to specify the serial number.
*/
const char CIMTrustCommand::_OPTION_SERIALNUMBER = 'n';
/**
The option character used to specify the subject.
*/
const char CIMTrustCommand::_OPTION_SUBJECT = 'S';
/**
The option character used to specify the certificate type.
*/
const char CIMTrustCommand::_OPTION_TYPE= 'T';
/**
The option character used to specify the authority type.
*/
const String CIMTrustCommand::_ARG_TYPE_AUTHORITY = "a";
/**
The option character used to specify the authority issued end-entity type.
*/
const String CIMTrustCommand::_ARG_TYPE_AUTHORITY_END_ENTITY = "e";
/**
The option character used to specify the self-signed identity type.
*/
const String CIMTrustCommand::_ARG_TYPE_SELF_SIGNED_IDENTITY= "s";
/**
Constant to represent unknown type certificate.
*/
const String TYPE_UNKNOWN = "Unknown";
/**
Constant to represent authority type certificate.
*/
const String TYPE_AUTHORITY_STR = "Authority";
/**
Constant to represent authority issued end-entity type certificate.
*/
const String TYPE_AUTHORITY_END_ENTITY_STR = "Authority issued end-entity";
/**
Constant to represent self-signed identity type certificate.
*/
const String TYPE_SELF_SIGNED_IDENTITY_STR = "Self-signed identity";
/**
This constant signifies that an operation option has not
been recorded
*/
const Uint32 CIMTrustCommand::_OPERATION_TYPE_UNINITIALIZED = 0;
/**
The constant representing an add operation
*/
const Uint32 CIMTrustCommand::_OPERATION_TYPE_ADD = 1;
/**
The constant representing a remove operation
*/
const Uint32 CIMTrustCommand::_OPERATION_TYPE_REMOVE = 2;
/**
The constant representing a list operation
*/
const Uint32 CIMTrustCommand::_OPERATION_TYPE_LIST = 4;
/**
The constant representing a help operation
*/
const Uint32 CIMTrustCommand::_OPERATION_TYPE_HELP = 5;
/**
The constant representing a version display operation
*/
const Uint32 CIMTrustCommand::_OPERATION_TYPE_VERSION = 6;
/**
The name of the Method that implements add certificate to the
trust store.
*/
static const CIMName ADD_CERTIFICATE_METHOD = CIMName ("addCertificate");
/**
This constant represents the name of the Issuer name
property in the schema
*/
static const CIMName PROPERTY_NAME_ISSUER = CIMName ("IssuerName");
/**
This constant represents the name of the Serial number
property in the schema
*/
static const CIMName PROPERTY_NAME_SERIALNUMBER = CIMName ("SerialNumber");
/**
This constant represents the name of the Subject name type
property in the schema
*/
static const CIMName PROPERTY_NAME_SUBJECTNAME = CIMName ("SubjectName");
/**
This constant represents the name of the RegisteredUserName
property in the schema
*/
static const CIMName PROPERTY_NAME_REGISTERED_USER_NAME
= CIMName ("RegisteredUserName");
/**
This constant represents the name of the type
property in the schema
*/
static const CIMName PROPERTY_NAME_TYPE = CIMName ("CertificateType");
/**
This constant represents the name of the notBefore type
property in the schema
*/
static const CIMName PROPERTY_NAME_NOTBEFORE = CIMName ("NotBefore");
/**
This constant represents the name of the notAfter type
property in the schema
*/
static const CIMName PROPERTY_NAME_NOTAFTER = CIMName ("NotAfter");
/**
This constant represents the name of the lastUpdate type
property in the schema
*/
static const CIMName PROPERTY_NAME_LASTUPDATE = CIMName ("LastUpdate");
/**
This constant represents the name of the nextUpdate type
property in the schema
*/
static const CIMName PROPERTY_NAME_NEXTUPDATE = CIMName ("NextUpdate");
/**
The input parameter name for certificate content.
*/
static const char CERT_CONTENTS [] = "certificateContents";
/**
The input parameter name for registered certificate user.
*/
static const char CERT_USERNAME [] = "userName";
/**
The input parameter name for certificate type.
*/
static const char CERT_TYPE [] = "certificateType";
/**
The constants representing the display messages.
*/
static const char LONG_HELP [] = "help";
static const char LONG_VERSION [] = "version";
static const char REQUIRED_ARGS_MISSING [] =
"Required arguments missing.";
static const char REQUIRED_ARGS_MISSING_KEY [] =
"Clients.cimtrust.CIMTrustCommand.REQUIRED_ARGS_MISSING";
static const char CANNOT_CONNECT_CIMSERVER_NOT_RUNNING [] =
"Cannot connect to CIM Server; CIM Server may not be running.";
static const char CANNOT_CONNECT_CIMSERVER_NOT_RUNNING_KEY [] =
"Clients.cimtrust."
"CIMTrustCommand.CANNOT_CONNECT_CIMSERVER_NOT_RUNNING";
static const char CONNECTION_TIMEOUT [] =
"Connection timed out.";
static const char CONNECTION_TIMEOUT_KEY [] =
"Clients.cimtrust.CIMTrustCommand.CONNECTION_TIMEOUT";
static const char ADD_CERT_FAILURE [] =
"Failed to add certificate.";
static const char ADD_CERT_FAILURE_KEY [] =
"Clients.cimtrust.CIMTrustCommand.ADD_CERT_FAILURE";
static const char ADD_CERTIFICATE_SUCCESS [] =
"Certificate added successfully.";
static const char ADD_CERTIFICATE_SUCCESS_KEY [] =
"Clients.cimtrust.CIMTrustCommand.ADD_CERT_SUCCESS";
static const char REMOVE_CERTIFICATE_SUCCESS [] =
"Certificate removed successfully.";
static const char REMOVE_CERTIFICATE_SUCCESS_KEY [] =
"Clients.cimtrust.CIMTrustCommand.REMOVE_CERT_SUCCESS";
static const char CERT_ALREADY_EXISTS [] =
"Specified certificate already exists.";
static const char CERT_ALREADY_EXISTS_KEY [] =
"Clients.cimtrust.CIMTrustCommand.CERT_ALREADY_EXISTS";
static const char CERT_NOT_FOUND [] =
"Specified certificate does not exist.";
static const char CERT_NOT_FOUND_KEY [] =
"Clients.cimtrust.CIMTrustCommand.CERT_NOT_FOUND";
static const char CERT_SCHEMA_NOT_LOADED [] =
"Please restore the internal repository on the CIM Server.";
static const char CERT_SCHEMA_NOT_LOADED_KEY [] =
"Clients.cimtrust.CIMTrustCommand.CERT_SCHEMA_NOT_LOADED";
static const char REMOVE_CERT_FAILURE [] =
"Failed to remove certificate.";
static const char REMOVE_CERT_FAILURE_KEY [] =
"Clients.cimtrust.CIMTrustCommand.REMOVE_CERT_FAILURE";
static const char LIST_CERT_FAILURE [] =
"Failed to list certificate.";
static const char LIST_CERT_FAILURE_KEY [] =
"Clients.cimtrust.CIMTrustCommand.LIST_CERT_FAILURE";
static const char CERT_WITHOUT_ASSOCIATED_USER_KEY [] =
"Clients.cimtrust.CIMTrustCommand.CERT_WITHOUT_ASSOCIATED_USER";
static const char CERT_WITHOUT_ASSOCIATED_USER [] =
"NOTE: No user name will be associated with the certificate"
" in the truststore.";
static const char INVALID_SYSTEM_USER [] =
"Specified user is not a valid system user.";
static const char INVALID_SYSTEM_USER_KEY [] =
"Clients.cimtrust.CIMTrustCommand.INVALID_SYSTEM_USER";
// Return codes
static const Uint32 RC_CONNECTION_FAILED = 2;
static const Uint32 RC_CONNECTION_TIMEOUT = 3;
static const Uint32 RC_CERTIFICATE_ALREADY_EXISTS = 4;
static const Uint32 RC_CERTIFICATE_DOES_NOT_EXIST = 5;
static const Uint32 RC_INVALID_SYSTEM_USER = 6;
/**
Constructs a CIMTrustCommand and initializes instance variables.
*/
CIMTrustCommand::CIMTrustCommand ()
{
//
// Initialize the instance variables.
//
_operationType = _OPERATION_TYPE_UNINITIALIZED;
_certFileSet = false;
_certUserSet = false;
_issuerSet = false;
_serialNumberSet = false;
_subjectSet = false;
_typeSet = false;
_timeout = DEFAULT_TIMEOUT_MILLISECONDS;
//
// build Usage string.
//
_usage = String (_USAGE);
_usage.append (COMMAND_NAME);
//
// Add option 1
//
_usage.append (" -").append (_OPTION_ADD);
_usage.append (" [ -").append (_OPTION_CERTUSER).append (" certuser")
.append (" ]");
_usage.append (" -").append (_OPTION_CERTFILE).append (" certfile");
_usage.append (" -").append (_OPTION_TYPE).append (" ( ")
.append(_ARG_TYPE_AUTHORITY);
_usage.append (" | ").append (_ARG_TYPE_AUTHORITY_END_ENTITY);
_usage.append (" | ").append (_ARG_TYPE_SELF_SIGNED_IDENTITY).append(" ) ");
_usage.append ("\n");
//
// Remove option 1
//
//_usage.append (" -").append (_OPTION_REMOVE);
_usage.append(" ").append (COMMAND_NAME);
_usage.append (" -").append (_OPTION_REMOVE);
_usage.append (" -").append (_OPTION_ISSUER).append (" issuer");
_usage.append (" ( -").append (_OPTION_SERIALNUMBER).
append (" serialnumber");
_usage.append (" | -").append (_OPTION_SUBJECT).append (" subject )");
_usage.append ("\n");
//
// List option 1
//
//_usage.append (" -").append (_OPTION_LIST);
_usage.append(" ").append (COMMAND_NAME);
_usage.append (" -").append (_OPTION_LIST);
_usage.append (" [ -").append (_OPTION_ISSUER).append (" issuer");
_usage.append (" [ -").append (_OPTION_SERIALNUMBER)
.append (" serialnumber");
_usage.append (" | -").append (_OPTION_SUBJECT)
.append (" subject")
.append (" ] ]");
_usage.append ("\n");
//
// Version option
//
_usage.append(" ").append (COMMAND_NAME);
_usage.append (" --").append (LONG_VERSION)
.append("\n");
//
// Help option
//
_usage.append(" ").append (COMMAND_NAME);
_usage.append (" --").append (LONG_HELP)
.append("\n");
//
// Options description
//
_usage.append("Options : \n");
_usage.append(" -a ");
_usage.append("- Adds the specified certificate to the trust store\n");
_usage.append(" -r ");
_usage.append("- Removes the specified certificate from the trust store\n");
_usage.append(" -l ");
_usage.append("- Displays the certificates in the trust store\n");
_usage.append(" -f certfile ");
_usage.append("- Specifies the PEM format file containing an X509\n"
" certificate\n");
_usage.append(" -U certuser ");
_usage.append("- Specifies the user name to be associated with the\n"
" certificate\n");
_usage.append(" -T (a|e|s) ");
_usage.append("- Specifies the certificate type as follows:\n"
" -a (authority): root/intermediate authority\n"
" certificates. This type added to trusted\n"
" certificate store. certuser optional. If\n"
" no certUser specified certificate may not \n"
" be used to authenticate user.\n"
" -e (authority issued end-entity): Certificates\n"
" of this type are not added to trusted\n"
" certificate store. certuser is required.\n"
" -s (Self-signed identity certificate): Added\n"
" to trusted certificate store. certuser is\n"
" required.\n");
_usage.append(" -i issuer ");
_usage.append("- Specifies the certificate issuer name\n");
_usage.append(" -n serialnumber ");
_usage.append("- Specifies the certificate serial number\n");
_usage.append(" -S subject ");
_usage.append("- Specifies the certificate subject\n");
_usage.append(" --help - Display this help message\n");
_usage.append(" --version - Display CIM Server version number\n");
_usage.append("\nUsage note: The cimtrust command requires that ");
_usage.append("the CIM Server is running.\n");
//l10n localize usage
#ifdef PEGASUS_HAS_ICU
MessageLoaderParms menuparms(
"Clients.cimtrust.CIMTrustCommand.MENU.STANDARD", _usage);
menuparms.msg_src_path = MSG_PATH;
_usage = MessageLoader::getMessage(menuparms);
#endif
setUsage (_usage);
}
/**
Connect to cimserver.
@param client the handle to CIMClient object
@param outPrintWriter the ostream to which output should be
written
*/
void CIMTrustCommand::_connectToServer( CIMClient& client,
ostream& outPrintWriter )
{
client.connectLocal();
}
/**
Convert CIMDateTime to user-readable string of the format
month day-of-month, year hour:minute:second (value-hrs-GMT-offset)
@param cimDateTimeStr CIM formated DateTime String
@return String user-readable date time string.
*/
String CIMTrustCommand::_formatCIMDateTime(const String& cimDateTimeStr)
{
Uint32 year = 0;
Uint32 month = 0;
Uint32 day = 0;
Uint32 hour = 0;
Uint32 minute = 0;
Uint32 second = 0;
Uint32 microsecond = 0;
Sint32 timezone = 0;
sscanf(cimDateTimeStr.getCString(), "%04u%02u%02u%02u%02u%02u.%06u%04d",
&year, &month, &day, &hour, &minute, &second,
µsecond, &timezone);
char monthString[5];
switch (month)
{
case 1 :
sprintf(monthString, "Jan");
break;
case 2 :
sprintf(monthString, "Feb");
break;
case 3 :
sprintf(monthString, "Mar");
break;
case 4 :
sprintf(monthString, "Apr");
break;
case 5 :
sprintf(monthString, "May");
break;
case 6 :
sprintf(monthString, "Jun");
break;
case 7 :
sprintf(monthString, "Jul");
break;
case 8 :
sprintf(monthString, "Aug");
break;
case 9 :
sprintf(monthString, "Sep");
break;
case 10 :
sprintf(monthString, "Oct");
break;
case 11 :
sprintf(monthString, "Nov");
break;
case 12 :
sprintf(monthString, "Dec");
break;
// covered all known cases, if get to default, just
// return the input string as received.
default :
return (cimDateTimeStr);
}
char dateTimeStr[80];
sprintf(dateTimeStr, "%s %u, %u %u:%02u:%02u (%+03d%02u)",
monthString, day, year, hour, minute, second,
timezone/60, timezone%60);
return String(dateTimeStr);
}
/**
Read certificate content.
@param certFilePath the certificate file path
@return Buffer containing the certificate content
*/
Buffer CIMTrustCommand::_readCertificateContent(const String &certFilePath)
{
Buffer content;
//
// Check that cert file exists
//
if (!FileSystem::exists(certFilePath))
{
throw NoSuchFile(certFilePath);
}
//
// Check that cert file is readable
//
if (!FileSystem::canRead(certFilePath))
{
throw FileNotReadable(certFilePath);
}
//
// Load file content to memory
//
FileSystem::loadFileToMemory(content, certFilePath);
return content;
}
/**
Add a new certificate to the trust store
@param client the handle to CIMClient object
@param outPrintWriter the ostream to which output should be written
*/
void CIMTrustCommand::_addCertificate (
CIMClient& client,
ostream& outPrintWriter)
{
Buffer content;
Array<CIMKeyBinding> kbArray;
CIMKeyBinding kb;
Array<CIMParamValue> inParams;
Array<CIMParamValue> outParams;
Uint16 certificateType;
content = _readCertificateContent(_certFile);
String contentStr = String(content.getData());
if (_type == _ARG_TYPE_AUTHORITY)
{
certificateType = _CERTIFICATE_TYPE_AUTHORITY;
}
else if ( _type == _ARG_TYPE_AUTHORITY_END_ENTITY )
{
certificateType = _CERTIFICATE_TYPE_AUTHORITY_END_ENTITY;
}
else
{
PEGASUS_ASSERT(_type == _ARG_TYPE_SELF_SIGNED_IDENTITY);
certificateType = _CERTIFICATE_TYPE_SELF_SIGNED_IDENTITY;
}
//
// Build the input params
//
inParams.append ( CIMParamValue ( CERT_CONTENTS,
CIMValue (contentStr)));
inParams.append ( CIMParamValue ( CERT_USERNAME,
CIMValue (_certUser)));
inParams.append ( CIMParamValue ( CERT_TYPE,
CIMValue (certificateType)));
CIMObjectPath reference(
String::EMPTY, PEGASUS_NAMESPACENAME_CERTIFICATE,
PEGASUS_CLASSNAME_CERTIFICATE, kbArray);
//
// If an associated username has not been specified, display an
// informational message.
//
if ( !_certUserSet )
{
outPrintWriter << localizeMessage(MSG_PATH,
CERT_WITHOUT_ASSOCIATED_USER_KEY,
CERT_WITHOUT_ASSOCIATED_USER) << endl;
}
//
// Call the invokeMethod with the input parameters
//
client.invokeMethod (
PEGASUS_NAMESPACENAME_CERTIFICATE,
reference,
ADD_CERTIFICATE_METHOD,
inParams,
outParams );
outPrintWriter << localizeMessage(MSG_PATH, ADD_CERTIFICATE_SUCCESS_KEY,
ADD_CERTIFICATE_SUCCESS) << endl;
}
/**
Remove an existing certificate from the trust store
@param client the handle to CIMClient object
@param outPrintWriter the ostream to which output should be written
*/
void CIMTrustCommand::_removeCertificate (
CIMClient& client,
ostream& outPrintWriter)
{
Array<CIMKeyBinding> kbArray;
CIMKeyBinding kb;
//
// Build the input params
//
kb.setName(PROPERTY_NAME_ISSUER);
kb.setValue(_issuer);
kb.setType(CIMKeyBinding::STRING);
kbArray.append(kb);
if (_serialNumberSet)
{
kb.setName(PROPERTY_NAME_SERIALNUMBER);
kb.setValue(_serialNumber);
kb.setType(CIMKeyBinding::STRING);
kbArray.append(kb);
}
else
{
//
// Pass the subject name
//
kb.setName(PROPERTY_NAME_SUBJECTNAME);
kb.setValue(_subject);
kb.setType(CIMKeyBinding::STRING);
kbArray.append(kb);
}
CIMObjectPath reference(
String::EMPTY, PEGASUS_NAMESPACENAME_CERTIFICATE,
PEGASUS_CLASSNAME_CERTIFICATE, kbArray);
client.deleteInstance(
PEGASUS_NAMESPACENAME_CERTIFICATE,
reference);
outPrintWriter << localizeMessage(MSG_PATH, REMOVE_CERTIFICATE_SUCCESS_KEY,
REMOVE_CERTIFICATE_SUCCESS) << endl;
}
/**
List certificates in the trust store
@param client the handle to CIMClient object
@param outPrintWriter the ostream to which output should be written
*/
void CIMTrustCommand::_listCertificates (
CIMClient& client,
ostream& outPrintWriter)
{
Array<CIMInstance> certificateNamedInstances;
//
// get all the instances of class PG_SSLCertificate
//
certificateNamedInstances =
client.enumerateInstances(
PEGASUS_NAMESPACENAME_CERTIFICATE,
PEGASUS_CLASSNAME_CERTIFICATE);
//
// copy all the certificate contents
//
Uint32 numberInstances = certificateNamedInstances.size();
Boolean issuerFound = false;
for (Uint32 i = 0; i < numberInstances; i++)
{
CIMInstance& certificateInstance =
certificateNamedInstances[i];
String issuer;
String serialNumber;
String subjectName;
String registeredUserName;
Uint16 type;
String typeStr;
CIMDateTime notBefore;
String notBeforeStr;
CIMDateTime notAfter;
String notAfterStr;
CIMProperty prop;
//
// Check if issuer name and serial number are specified
// and they match
//
Uint32 pos = certificateInstance.findProperty(PROPERTY_NAME_ISSUER);
if (pos != PEG_NOT_FOUND)
{
prop = certificateInstance.getProperty(pos);
prop.getValue().get(issuer);
}
pos = certificateInstance.findProperty(PROPERTY_NAME_SERIALNUMBER);
if (pos != PEG_NOT_FOUND)
{
prop = certificateInstance.getProperty(pos);
prop.getValue().get(serialNumber);
}
pos = certificateInstance.findProperty(PROPERTY_NAME_SUBJECTNAME);
if (pos != PEG_NOT_FOUND)
{
prop = certificateInstance.getProperty(pos);
prop.getValue().get(subjectName);
}
if (_issuerSet)
{
if (String::equal(_issuer, issuer))
{
if (_serialNumberSet &&
!String::equal(_serialNumber, serialNumber))
{
continue;
}
else if (_subjectSet &&
!String::equal(_subject, subjectName))
{
continue;
}
else
{
issuerFound = true;
}
}
else
{
continue;
}
}
//
// Get the remaining properties and display them.
//
pos = certificateInstance.findProperty(
PROPERTY_NAME_REGISTERED_USER_NAME);
if (pos != PEG_NOT_FOUND)
{
prop = certificateInstance.getProperty(pos);
prop.getValue().get(registeredUserName);
}
pos = certificateInstance.findProperty(PROPERTY_NAME_NOTBEFORE);
if (pos != PEG_NOT_FOUND)
{
prop = certificateInstance.getProperty(pos);
prop.getValue().get(notBefore);
notBeforeStr = _formatCIMDateTime(notBefore.toString());
}
pos = certificateInstance.findProperty(PROPERTY_NAME_NOTAFTER);
if (pos != PEG_NOT_FOUND)
{
prop = certificateInstance.getProperty(pos);
prop.getValue().get(notAfter);
notAfterStr = _formatCIMDateTime(notAfter.toString());
}
pos = certificateInstance.findProperty(PROPERTY_NAME_TYPE);
if (pos != PEG_NOT_FOUND)
{
prop = certificateInstance.getProperty(pos);
prop.getValue().get(type);
if (type == _CERTIFICATE_TYPE_AUTHORITY)
{
typeStr = TYPE_AUTHORITY_STR;
}
else if (type == _CERTIFICATE_TYPE_AUTHORITY_END_ENTITY)
{
typeStr = TYPE_AUTHORITY_END_ENTITY_STR;
}
else if (type == _CERTIFICATE_TYPE_SELF_SIGNED_IDENTITY)
{
typeStr = TYPE_SELF_SIGNED_IDENTITY_STR;
}
else if (type == _CERTIFICATE_TYPE_UNKNOWN)
{
typeStr = TYPE_UNKNOWN;
}
}
//
// Display the certificate content
//
outPrintWriter << "Issuer: " << issuer << endl;
outPrintWriter << "Serial Number: " << serialNumber << endl;
outPrintWriter << "Subject: " << subjectName << endl;
outPrintWriter << "Registered User Name: "
<< registeredUserName << endl;
outPrintWriter << "Type: "
<< typeStr << endl;
outPrintWriter << "Validity:" << endl;
outPrintWriter << " NotBefore: " << notBeforeStr << endl;
outPrintWriter << " NotAfter : " << notAfterStr << endl ;
outPrintWriter <<
"---------------------------------------------"<< endl;
}
if (_issuerSet && !issuerFound)
{
CIMException ce(CIM_ERR_NOT_FOUND);
throw ce;
}
}
/**
Parses the command line, validates the options, and sets instance
variables based on the option arguments.
@param argc the number of command line arguments
@param argv the string vector of command line arguments
@exception CommandFormatException if an error is encountered in parsing
the command line
*/
void CIMTrustCommand::setCommand (Uint32 argc, char* argv [])
{
Uint32 i = 0;
Uint32 c = 0;
String timeoutStr;
String serialNumberStr;
String optString;
getoopt getOpts;
//
// Construct optString
//
optString.append (_OPTION_ADD);
optString.append (getoopt::NOARG);
optString.append (_OPTION_CERTFILE);
optString.append (getoopt::GETOPT_ARGUMENT_DESIGNATOR);
optString.append (_OPTION_CERTUSER);
optString.append (getoopt::GETOPT_ARGUMENT_DESIGNATOR);
optString.append (_OPTION_TYPE);
optString.append (getoopt::GETOPT_ARGUMENT_DESIGNATOR);
optString.append (_OPTION_REMOVE);
optString.append (getoopt::NOARG);
optString.append (_OPTION_ISSUER);
optString.append (getoopt::GETOPT_ARGUMENT_DESIGNATOR);
optString.append (_OPTION_SERIALNUMBER);
optString.append (getoopt::GETOPT_ARGUMENT_DESIGNATOR);
optString.append (_OPTION_SUBJECT);
optString.append (getoopt::GETOPT_ARGUMENT_DESIGNATOR);
optString.append (_OPTION_LIST);
optString.append (getoopt::NOARG);
optString.append (_OPTION_ISSUER);
optString.append (getoopt::GETOPT_ARGUMENT_DESIGNATOR);
optString.append (_OPTION_SERIALNUMBER);
optString.append (getoopt::GETOPT_ARGUMENT_DESIGNATOR);
optString.append (_OPTION_SUBJECT);
optString.append (getoopt::GETOPT_ARGUMENT_DESIGNATOR);
//
// Initialize and parse getOpts
//
getOpts = getoopt ();
getOpts.addFlagspec (optString);
//
// Add long flag options for 'help' and 'version'
//
getOpts.addLongFlagspec (LONG_HELP, getoopt::NOARG);
getOpts.addLongFlagspec (LONG_VERSION, getoopt::NOARG);
getOpts.parse (argc, argv);
if (getOpts.hasErrors ())
{
throw CommandFormatException(getOpts.getErrorStrings()[0]);
}
_operationType = _OPERATION_TYPE_UNINITIALIZED;
//
// Get options and arguments from the command line
//
for (i = getOpts.first (); i < getOpts.last (); i++)
{
if (getOpts [i].getType () == Optarg::LONGFLAG)
{
if (getOpts [i].getopt () == LONG_HELP)
{
if (_operationType != _OPERATION_TYPE_UNINITIALIZED)
{
//
// More than one operation option was found
//
throw UnexpectedOptionException(String(LONG_HELP));
}
_operationType = _OPERATION_TYPE_HELP;
}
else if (getOpts [i].getopt () == LONG_VERSION)
{
if (_operationType != _OPERATION_TYPE_UNINITIALIZED)
{
//
// More than one operation option was found
//
throw UnexpectedOptionException(String(LONG_VERSION));
}
_operationType = _OPERATION_TYPE_VERSION;
}
}
else if (getOpts [i].getType () == Optarg::REGULAR)
{
//
// The cimtrust command has no non-option argument options
//
throw UnexpectedArgumentException(getOpts[i].Value());
}
else /* getOpts [i].getType () == FLAG */
{
c = getOpts [i].getopt () [0];
switch (c)
{
case _OPTION_ADD:
{
if (_operationType != _OPERATION_TYPE_UNINITIALIZED)
{
//
// More than one operation option was found
//
throw UnexpectedOptionException(_OPTION_ADD);
}
if (getOpts.isSet (_OPTION_ADD) > 1)
{
//
// More than one add option was found
//
throw DuplicateOptionException(_OPTION_ADD);
}
_operationType = _OPERATION_TYPE_ADD;
break;
}
case _OPTION_REMOVE:
{
if (_operationType != _OPERATION_TYPE_UNINITIALIZED)
{
//
// More than one operation option was found
//
throw UnexpectedOptionException(_OPTION_REMOVE);
}
if (getOpts.isSet (_OPTION_REMOVE) > 1)
{
//
// More than one remove option was found
//
throw DuplicateOptionException(_OPTION_REMOVE);
}
_operationType = _OPERATION_TYPE_REMOVE;
break;
}
case _OPTION_LIST:
{
if (_operationType != _OPERATION_TYPE_UNINITIALIZED)
{
//
// More than one operation option was found
//
throw UnexpectedOptionException(_OPTION_LIST);
}
if (getOpts.isSet (_OPTION_LIST) > 1)
{
//
// More than one list option was found
//
throw DuplicateOptionException(_OPTION_LIST);
}
_operationType = _OPERATION_TYPE_LIST;
break;
}
case _OPTION_CERTUSER:
{
if (getOpts.isSet (_OPTION_CERTUSER) > 1)
{
//
// More than one certificate user option was found
//
throw DuplicateOptionException(_OPTION_CERTUSER);
}
_certUser = getOpts [i].Value ();
_certUserSet = true;
break;
}
case _OPTION_CERTFILE:
{
if (getOpts.isSet (_OPTION_CERTFILE) > 1)
{
//
// More than one cert file option was found
//
throw DuplicateOptionException(_OPTION_CERTFILE);
}
_certFile = getOpts [i].Value ();
_certFileSet = true;
break;
}
case _OPTION_ISSUER:
{
if (getOpts.isSet (_OPTION_ISSUER) > 1)
{
//
// More than one issuer name option was found
//
throw DuplicateOptionException(_OPTION_ISSUER);
}
_issuer = getOpts [i].Value ();
_issuerSet = true;
break;
}
case _OPTION_TYPE:
{
if (getOpts.isSet (_OPTION_TYPE) > 1)
{
//
// More than one type option was found
//
throw DuplicateOptionException(_OPTION_TYPE);
}
_type = getOpts [i].Value ();
_typeSet = true;
break;
}
case _OPTION_SERIALNUMBER:
{
if (getOpts.isSet (_OPTION_SERIALNUMBER) > 1)
{
//
// More than one serial number option was found
//
throw DuplicateOptionException(_OPTION_SERIALNUMBER);
}
if (_subjectSet)
{
//
// Both the subject and serial number may not be
// specified.
//
throw UnexpectedOptionException(_OPTION_SERIALNUMBER);
}
_serialNumber = getOpts [i].Value ();
_serialNumberSet = true;
break;
}
case _OPTION_SUBJECT:
{
if (getOpts.isSet (_OPTION_SUBJECT) > 1)
{
//
// More than one subject option was found
//
throw DuplicateOptionException(_OPTION_SUBJECT);
}
if (_serialNumberSet)
{
// Both the subject and serial number may not be
// specified.
throw UnexpectedOptionException(_OPTION_SUBJECT);
}
_subject = getOpts [i].Value ();
_subjectSet = true;
break;
}
default:
{
//
// This path should not be hit
//
break;
}
}
}
}
if ( _operationType == _OPERATION_TYPE_UNINITIALIZED )
{
//
// No operation type was specified
// Show the usage
//
throw CommandFormatException(localizeMessage(
MSG_PATH, REQUIRED_ARGS_MISSING_KEY, REQUIRED_ARGS_MISSING));
}
if ( _operationType == _OPERATION_TYPE_ADD )
{
//
// For -a option, the next required option is -f,
// make sure it is set.
//
if ( !_certFileSet )
{
//
// A required option is missing
//
throw MissingOptionException(_OPTION_CERTFILE);
}
if ( !_typeSet )
{
//
// A required option is missing
//
throw MissingOptionException(_OPTION_TYPE);
}
if (!(_type == _ARG_TYPE_AUTHORITY ||
_type == _ARG_TYPE_AUTHORITY_END_ENTITY ||
_type == _ARG_TYPE_SELF_SIGNED_IDENTITY ))
{
throw InvalidOptionArgumentException(_type, _OPTION_TYPE);
}
if ((_type == _ARG_TYPE_AUTHORITY_END_ENTITY ||
_type == _ARG_TYPE_SELF_SIGNED_IDENTITY) &&
!_certUserSet)
{
//
// A required option is missing
//
throw MissingOptionException(_OPTION_CERTUSER);
}
}
if ( _operationType == _OPERATION_TYPE_REMOVE ||
_operationType == _OPERATION_TYPE_LIST )
{
if ( _operationType == _OPERATION_TYPE_REMOVE )
{
if (_certFileSet)
{
throw UnexpectedOptionException(_OPTION_CERTFILE);
}
if (_certUserSet)
{
throw UnexpectedOptionException(_OPTION_CERTUSER);
}
//
// For -r option, the required option is -i,
// make sure it is set.
//
if ( !_issuerSet )
{
//
// A required option is missing
//
throw MissingOptionException(_OPTION_ISSUER);
}
else if ( !_serialNumberSet && !_subjectSet )
{
//
// A required option is missing
//
throw CommandFormatException(localizeMessage(
MSG_PATH,
REQUIRED_ARGS_MISSING_KEY,
REQUIRED_ARGS_MISSING));
}
}
else if ( _operationType == _OPERATION_TYPE_LIST )
{
//
// For -l option, there is no required option.
//
//
// Serial number specified without issuer name
//
if ( (_serialNumberSet || _subjectSet) && !_issuerSet )
{
throw MissingOptionException(_OPTION_ISSUER);
}
}
}
}
/**
Executes the command and writes the results to the PrintWriters.
@param outPrintWriter the ostream to which output should be
written
@param errPrintWriter the ostream to which error output should be
written
@return 0 if the command is successful
1 if an error occurs in executing the command
*/
Uint32 CIMTrustCommand::execute (
ostream& outPrintWriter,
ostream& errPrintWriter)
{
if ( _operationType == _OPERATION_TYPE_UNINITIALIZED )
{
//
// The command was not initialized
//
return 1;
}
//
// Check if a specified certificate user is valid
//
if (_certUserSet)
{
if (!System::isSystemUser(_certUser.getCString()))
{
outPrintWriter << localizeMessage(MSG_PATH, INVALID_SYSTEM_USER_KEY,
INVALID_SYSTEM_USER) << endl;
return ( RC_INVALID_SYSTEM_USER );
}
}
//
// Options HELP and VERSION
// CIMServer need not be running for these options to work
//
else if (_operationType == _OPERATION_TYPE_HELP)
{
errPrintWriter << _usage << endl;
return (RC_SUCCESS);
}
else if(_operationType == _OPERATION_TYPE_VERSION)
{
errPrintWriter << "Version " << PEGASUS_PRODUCT_VERSION << endl;
return (RC_SUCCESS);
}
CIMClient client;
client.setTimeout( _timeout );
client.setRequestDefaultLanguages(); //l10n
try
{
_connectToServer(client, outPrintWriter);
}
catch (CannotConnectException&)
{
outPrintWriter << localizeMessage(MSG_PATH,
CANNOT_CONNECT_CIMSERVER_NOT_RUNNING_KEY,
CANNOT_CONNECT_CIMSERVER_NOT_RUNNING)
<< endl;
return RC_CONNECTION_FAILED;
}
catch (Exception& e)
{
outPrintWriter << e.getMessage() << endl;
return RC_ERROR;
}
//
// Perform the requested operation
//
switch ( _operationType )
{
case _OPERATION_TYPE_ADD:
try
{
_addCertificate( client, outPrintWriter );
}
catch (ConnectionTimeoutException&)
{
outPrintWriter << localizeMessage(MSG_PATH,
CONNECTION_TIMEOUT_KEY,
CONNECTION_TIMEOUT) << endl;
return RC_CONNECTION_TIMEOUT;
}
catch (CIMException& e)
{
CIMStatusCode code = e.getCode();
if (code == CIM_ERR_FAILED || code == CIM_ERR_NOT_SUPPORTED)
{
outPrintWriter << localizeMessage(MSG_PATH,
ADD_CERT_FAILURE_KEY, ADD_CERT_FAILURE) << endl;
errPrintWriter << e.getMessage() << endl;
}
else if (code == CIM_ERR_ALREADY_EXISTS)
{
outPrintWriter << localizeMessage(MSG_PATH,
ADD_CERT_FAILURE_KEY, ADD_CERT_FAILURE) << endl;
outPrintWriter << localizeMessage(MSG_PATH,
CERT_ALREADY_EXISTS_KEY,
CERT_ALREADY_EXISTS) << endl;
errPrintWriter << e.getMessage() << endl;
return RC_CERTIFICATE_ALREADY_EXISTS;
}
else if (code == CIM_ERR_INVALID_CLASS)
{
outPrintWriter << localizeMessage(MSG_PATH,
ADD_CERT_FAILURE_KEY, ADD_CERT_FAILURE) << endl;
outPrintWriter << localizeMessage(MSG_PATH,
CERT_SCHEMA_NOT_LOADED_KEY,
CERT_SCHEMA_NOT_LOADED) << endl;
}
else
{
errPrintWriter << e.getMessage() << endl;
}
return RC_ERROR;
}
catch (Exception& e)
{
outPrintWriter << localizeMessage(MSG_PATH,
ADD_CERT_FAILURE_KEY,
ADD_CERT_FAILURE) << endl << e.getMessage() << endl;
return RC_ERROR;
}
break;
case _OPERATION_TYPE_REMOVE:
try
{
_removeCertificate ( client, outPrintWriter );
}
catch (ConnectionTimeoutException&)
{
outPrintWriter << localizeMessage(MSG_PATH,
CONNECTION_TIMEOUT_KEY,
CONNECTION_TIMEOUT);
return RC_CONNECTION_TIMEOUT;
}
catch (CIMException& e)
{
CIMStatusCode code = e.getCode();
if (code == CIM_ERR_FAILED || code == CIM_ERR_NOT_SUPPORTED)
{
outPrintWriter << localizeMessage(MSG_PATH,
REMOVE_CERT_FAILURE_KEY,
REMOVE_CERT_FAILURE) << endl;
errPrintWriter << e.getMessage() << endl;
}
else if (code == CIM_ERR_NOT_FOUND)
{
outPrintWriter << localizeMessage(MSG_PATH,
REMOVE_CERT_FAILURE_KEY,
REMOVE_CERT_FAILURE) << endl;
outPrintWriter << localizeMessage(MSG_PATH,
CERT_NOT_FOUND_KEY, CERT_NOT_FOUND) << endl;
errPrintWriter << e.getMessage() << endl;
return RC_CERTIFICATE_DOES_NOT_EXIST;
}
else if (code == CIM_ERR_INVALID_CLASS)
{
outPrintWriter << localizeMessage(MSG_PATH,
REMOVE_CERT_FAILURE_KEY,
REMOVE_CERT_FAILURE) << endl;
outPrintWriter << localizeMessage(MSG_PATH,
CERT_SCHEMA_NOT_LOADED_KEY,
CERT_SCHEMA_NOT_LOADED) << endl;
}
else
{
errPrintWriter << e.getMessage() << endl;
}
return RC_ERROR;
}
catch (Exception& e)
{
outPrintWriter << localizeMessage(MSG_PATH,
REMOVE_CERT_FAILURE_KEY,
REMOVE_CERT_FAILURE) << endl
<< e.getMessage() << endl;
return RC_ERROR;
}
break;
case _OPERATION_TYPE_LIST:
try
{
_listCertificates ( client, outPrintWriter );
}
catch (ConnectionTimeoutException&)
{
outPrintWriter << localizeMessage(MSG_PATH,
CONNECTION_TIMEOUT_KEY,
CONNECTION_TIMEOUT);
return RC_CONNECTION_TIMEOUT;
}
catch (CIMException& e)
{
CIMStatusCode code = e.getCode();
if (code == CIM_ERR_NOT_FOUND)
{
return RC_CERTIFICATE_DOES_NOT_EXIST;
}
if (code == CIM_ERR_FAILED || code == CIM_ERR_NOT_SUPPORTED)
{
outPrintWriter << localizeMessage(MSG_PATH,
LIST_CERT_FAILURE_KEY, LIST_CERT_FAILURE) << endl;
errPrintWriter << e.getMessage() << endl;
}
else if (code == CIM_ERR_INVALID_CLASS)
{
outPrintWriter << localizeMessage(MSG_PATH,
LIST_CERT_FAILURE_KEY, LIST_CERT_FAILURE) << endl;
outPrintWriter << localizeMessage(MSG_PATH,
CERT_SCHEMA_NOT_LOADED_KEY,
CERT_SCHEMA_NOT_LOADED) << endl;
}
else
{
errPrintWriter << e.getMessage() << endl;
}
return RC_ERROR;
}
catch (Exception& e)
{
outPrintWriter << localizeMessage(MSG_PATH,
LIST_CERT_FAILURE_KEY,
LIST_CERT_FAILURE) << endl << e.getMessage() << endl;
return RC_ERROR;
}
break;
default:
//
// This path should not be hit
//
break;
}
return RC_SUCCESS;
}
PEGASUS_NAMESPACE_END
// exclude main from the Pegasus Namespace
PEGASUS_USING_PEGASUS;
PEGASUS_USING_STD;
///////////////////////////////////////////////////////////////////////////
/**
Parses the command line, and executes the command.
@param argc the number of command line arguments
@param argv the string vector of command line arguments
@return 0 if the command is successful
1 if an error occurs in executing the command
*/
///////////////////////////////////////////////////////////////////////////
int main (int argc, char* argv [])
{
//l10n set message loading to process locale
MessageLoader::_useProcessLocale = true;
CIMTrustCommand command = CIMTrustCommand();
int retCode;
try
{
command.setCommand (argc, argv);
}
catch (CommandFormatException& cfe)
{
cerr << CIMTrustCommand::COMMAND_NAME << ": " << cfe.getMessage ()
<< endl;
cerr << "Use '--help' to obtain command syntax." << endl;
exit (Command::RC_ERROR);
}
retCode = command.execute (cout, cerr);
exit (retCode);
return 0;
}
| No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |