cert_cmd.c File Reference

Certificate management commands. More...

#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <getopt.h>
#include <ipxe/x509.h>
#include <ipxe/certstore.h>
#include <ipxe/image.h>
#include <ipxe/command.h>
#include <ipxe/parseopt.h>
#include <usr/imgmgmt.h>
#include <usr/certmgmt.h>

Go to the source code of this file.

Data Structures
struct	cert_options
	"cert<xxx>" options More...
struct	cert_command_descriptor
	A "cert<xxx>" command descriptor. More...

Macros
#define	CERT_COMMAND_DESC(_struct, _options, _min_args, _max_args, _usage, _payload)
	Construct "cert<xxx>" command descriptor. More...

Functions
	FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
static int	cert_exec (int argc, char **argv, struct cert_command_descriptor *certcmd)
	Execute "cert<xxx>" command. More...
static int	certstat_payload (struct x509_certificate *cert)
	"certstat" payload More...
static int	certstat_exec (int argc, char **argv)
	The "certstat" command. More...
static int	certstore_payload (struct x509_certificate *cert)
	"certstore" payload More...
static int	certstore_exec (int argc, char **argv)
	The "certstore" command. More...
static int	certfree_payload (struct x509_certificate *cert)
	"certfree" payload More...
static int	certfree_exec (int argc, char **argv)
	The "certfree" command. More...
	COMMAND (certstat, certstat_exec)
	Certificate management commands. More...
	COMMAND (certstore, certstore_exec)
	COMMAND (certfree, certfree_exec)

Variables
union {
struct option_descriptor   certstore [2]
struct option_descriptor   certstat [1]
struct option_descriptor   certfree [1]
}	opts
	"cert<xxx>" option list More...
static struct cert_command_descriptor	certstat_cmd
	"certstat" command descriptor More...
static struct cert_command_descriptor	certstore_cmd
	"certstore" command descriptor More...
static struct cert_command_descriptor	certfree_cmd
	"certfree" command descriptor More...

Detailed Description

Certificate management commands.

Definition in file cert_cmd.c.

Macro Definition Documentation

CERT_COMMAND_DESC

#define CERT_COMMAND_DESC	(		_struct,
			_options,
			_min_args,
			_max_args,
			_usage,
			_payload
	)

Value:

{                                                               \
                .cmd = COMMAND_DESC ( _struct, _options, _min_args,     \
                                      _max_args, _usage ),              \
                .payload = _payload,                                    \
        }

Construct "cert<xxx>" command descriptor.

Parameters

_struct	Options structure type
_options	Option descriptor array
_min_args	Minimum number of non-option arguments
_max_args	Maximum number of non-option arguments
_usage	Command usage
_payload	Payload method

Return values

_command

Command descriptor

Definition at line 92 of file cert_cmd.c.

Function Documentation

FILE_LICENCE()

FILE_LICENCE

(

GPL2_OR_LATER_OR_UBDL

)

cert_exec()

static int cert_exec ( int  argc, char **  argv, struct cert_command_descriptor *  certcmd  )

static

Execute "cert<xxx>" command.

Parameters

argc	Argument count
argv	Argument list
certcmd	Command descriptor

Return values

rc	Return status code

Definition at line 108 of file cert_cmd.c.

                                                                 {
        struct command_descriptor *cmd = &certcmd->cmd;
        struct cert_options opts;
        struct image *image = NULL;
        struct x509_certificate *cert;
        struct x509_certificate *tmp;
        unsigned int count = 0;
        size_t offset = 0;
        int next;
        int rc;

        /* Parse options */
        if ( ( rc = parse_options ( argc, argv, cmd, &opts ) ) != 0 )
                goto err_parse;

        /* Acquire image, if applicable */
        if ( ( optind < argc ) &&
             ( ( rc = imgacquire ( argv[optind], 0, &image ) ) != 0 ) )
                goto err_acquire;

        /* Get first entry in certificate store */
        tmp = list_first_entry ( &certstore.links, struct x509_certificate,
                                 store.list );

        /* Iterate over certificates */
        while ( 1 ) {

                /* Get next certificate from image or store as applicable */
                if ( image ) {

                        /* Get next certificate from image */
                        if ( offset >= image->len )
                                break;
                        next = image_x509 ( image, offset, &cert );
                        if ( next < 0 ) {
                                rc = next;
                                printf ( "Could not parse certificate: %s\n",
                                         strerror ( rc ) );
                                goto err_x509;
                        }
                        offset = next;

                } else {

                        /* Get next certificate from store */
                        cert = tmp;
                        if ( ! cert )
                                break;
                        tmp = list_next_entry ( tmp, &certstore.links,
                                                store.list );
                        x509_get ( cert );
                }

                /* Skip non-matching names, if a name was specified */
                if ( opts.name && ( x509_check_name ( cert, opts.name ) != 0 )){
                        x509_put ( cert );
                        continue;
                }

                /* Execute payload */
                if ( ( rc = certcmd->payload ( cert ) ) != 0 ) {
                        x509_put ( cert );
                        goto err_payload;
                }

                /* Count number of certificates processed */
                count++;

                /* Drop reference to certificate */
                x509_put ( cert );
        }

        /* Fail if a name was specified and no matching certificates
         * were found.
         */
        if ( opts.name && ( count == 0 ) ) {
                printf ( "\"%s\" : no such certificate\n", opts.name );
                rc = -ENOENT;
                goto err_none;
        }

 err_none:
 err_payload:
 err_x509:
        if ( image && ( ! opts.keep ) )
                unregister_image ( image );
 err_acquire:
 err_parse:
        return rc;
}

References certstore, cmd, cert_command_descriptor::cmd, count, ENOENT, image_x509(), imgacquire(), image::len, x509_link::list, list_first_entry, list_next_entry, next, NULL, offset, optind, opts, parse_options(), cert_command_descriptor::payload, printf(), rc, x509_certificate::store, strerror(), tmp, unregister_image(), x509_check_name(), x509_get(), and x509_put().

Referenced by certfree_exec(), certstat_exec(), and certstore_exec().

certstat_payload()

static int certstat_payload ( struct x509_certificate *  cert )

static

"certstat" payload

Parameters

cert	X.509 certificate

Return values

rc	Return status code

Definition at line 206 of file cert_cmd.c.

                                                              {

        certstat ( cert );
        return 0;
}

References certstat.

certstat_exec()

static int certstat_exec ( int  argc, char **  argv  )

static

The "certstat" command.

Parameters

argc	Argument count
argv	Argument list

Return values

rc	Return status code

Definition at line 224 of file cert_cmd.c.

                                                   {

        return cert_exec ( argc, argv, &certstat_cmd );
}

References cert_exec(), and certstat_cmd.

certstore_payload()

static int certstore_payload ( struct x509_certificate *  cert )

static

"certstore" payload

Parameters

cert	X.509 certificate

Return values

rc	Return status code

Definition at line 235 of file cert_cmd.c.

                                                               {

        /* Mark certificate as having been added explicitly */
        cert->flags |= X509_FL_EXPLICIT;

        return 0;
}

References x509_certificate::flags, and X509_FL_EXPLICIT.

certstore_exec()

static int certstore_exec ( int  argc, char **  argv  )

static

The "certstore" command.

Parameters

argc	Argument count
argv	Argument list

Return values

rc	Return status code

Definition at line 255 of file cert_cmd.c.

                                                    {

        return cert_exec ( argc, argv, &certstore_cmd );
}

References cert_exec(), and certstore_cmd.

certfree_payload()

static int certfree_payload ( struct x509_certificate *  cert )

static

"certfree" payload

Parameters

cert	X.509 certificate

Return values

rc	Return status code

Definition at line 266 of file cert_cmd.c.

                                                              {

        /* Remove from certificate store */
        certstore_del ( cert );

        return 0;
}

References certstore_del().

certfree_exec()

static int certfree_exec ( int  argc, char **  argv  )

static

The "certfree" command.

Parameters

argc	Argument count
argv	Argument list

Return values

rc	Return status code

Definition at line 286 of file cert_cmd.c.

                                                   {

        return cert_exec ( argc, argv, &certfree_cmd );
}

References cert_exec(), and certfree_cmd.

COMMAND() [1/3]

COMMAND	(	certstat	,
		certstat_exec
	)

Certificate management commands.

COMMAND() [2/3]

COMMAND	(	certstore	,
		certstore_exec
	)

COMMAND() [3/3]

COMMAND	(	certfree	,
		certfree_exec
	)

Variable Documentation

certstore

struct option_descriptor certstore[2]

Certificate store.

Definition at line 55 of file cert_cmd.c.

Referenced by cert_exec().

certstat

struct option_descriptor certstat[1]

Definition at line 57 of file cert_cmd.c.

Referenced by certstat_payload().

certfree

struct option_descriptor certfree[1]

Definition at line 59 of file cert_cmd.c.

opts

union { ... } opts

Initial value:

= {
        .certstore = {
                OPTION_DESC ( "subject", 's', required_argument,
                              struct cert_options, name, parse_string ),
                OPTION_DESC ( "keep", 'k', no_argument,
                              struct cert_options, keep, parse_flag ),
        },
}

"cert<xxx>" option list

Referenced by attr_get(), attr_off(), attr_on(), attr_set(), cert_exec(), choose_exec(), colour_exec(), colour_set(), config_exec(), console_exec(), cpair_exec(), cpuid_exec(), digest_exec(), dynui_exec(), echo_exec(), exit_exec(), fcels_exec(), fcstat_exec(), fdt_exec(), gdbstub_exec(), goto_exec(), gve_describe(), ibstat_exec(), ifcommon_exec(), ifconf_payload(), iflinkwait_payload(), imgdecrypt_exec(), imgextract_exec(), imgmem_exec(), imgtrust_exec(), imgverify_exec(), inc_exec(), ipstat_exec(), iseq_exec(), isset_exec(), item_exec(), login_exec(), lotest_exec(), nslookup_exec(), nstat_exec(), ntp_exec(), param_exec(), params_exec(), parse_options(), pciscan_exec(), ping_exec(), poweroff_exec(), present_exec(), profstat_exec(), prompt_exec(), pxebs_exec(), read_value(), reboot_exec(), reparse_options(), route_exec(), set_core_exec(), shell_exec(), shim_exec(), show_exec(), sleep_exec(), stoppxe_exec(), sync_exec(), time_exec(), usbscan_exec(), vcreate_exec(), and vdestroy_exec().

certstat_cmd

struct cert_command_descriptor certstat_cmd

static

Initial value:

=
        CERT_COMMAND_DESC ( struct cert_options, opts.certstat, 0, 0, NULL,
                            certstat_payload )

"certstat" command descriptor

Definition at line 213 of file cert_cmd.c.

Referenced by certstat_exec().

certstore_cmd

struct cert_command_descriptor certstore_cmd

static

Initial value:

=
        CERT_COMMAND_DESC ( struct cert_options, opts.certstore, 0, 1,
                            "[<uri|image>]", certstore_payload )

"certstore" command descriptor

Definition at line 244 of file cert_cmd.c.

Referenced by certstore_exec().

certfree_cmd

struct cert_command_descriptor certfree_cmd

static

Initial value:

=
        CERT_COMMAND_DESC ( struct cert_options, opts.certfree, 0, 0, NULL,
                            certfree_payload )

"certfree" command descriptor

Definition at line 275 of file cert_cmd.c.

Referenced by certfree_exec().