cimtrustcommand.cpp

Pegasus is an open-source implementationof the DMTF CIM and WBEM standards. It is designed to be por

    //
    // Remove option 1
    //
    //_usage.append ("                   -").append (_OPTION_REMOVE);
    _usage.append("       ").append (COMMAND_NAME);
    _usage.append (" -").append (_OPTION_REMOVE);
    _usage.append (" -").append (_OPTION_ISSUER).append (" issuer");
    _usage.append (" ( -").append (_OPTION_SERIALNUMBER).append (" serialnumber");
    _usage.append (" | -").append (_OPTION_SUBJECT).append (" subject )");
    _usage.append ("\n");

    //
    // List option 1
    //
    //_usage.append ("                   -").append (_OPTION_LIST);
    _usage.append("       ").append (COMMAND_NAME);
    _usage.append (" -").append (_OPTION_LIST);
    _usage.append (" [ -").append (_OPTION_ISSUER).append (" issuer");
    _usage.append (" [ -").append (_OPTION_SERIALNUMBER)
         .append (" serialnumber");
    _usage.append (" | -").append (_OPTION_SUBJECT)
         .append (" subject")
         .append (" ] ]");
    _usage.append ("\n");

    //
    // Version option
    //
    _usage.append("       ").append (COMMAND_NAME);
    _usage.append (" --").append (LONG_VERSION)
         .append("\n");

    //
    // Help option
    //
    _usage.append("       ").append (COMMAND_NAME);
    _usage.append (" --").append (LONG_HELP)
         .append("\n");

    //
    // Options description
    //
    _usage.append("Options : \n");
    _usage.append("    -a              ");
    _usage.append("- Adds the specified certificate to the trust store\n");

    _usage.append("    -r              ");
    _usage.append("- Removes the specified certificate from the trust store\n");

    _usage.append("    -l              ");
    _usage.append("- Displays the certificates in the trust store\n");

    _usage.append("    -f certfile     ");
    _usage.append("- Specifies the PEM format file containing ");
    _usage.append("an X509 certificate\n");

    _usage.append("    -U certuser     ");
    _usage.append("- Specifies the user name to be associated with the ");
    _usage.append("certificate\n");

    _usage.append("    -T type         ");
    _usage.append("- Specifies the certificate type\n");

    _usage.append("    -i issuer       ");
    _usage.append("- Specifies the certificate issuer name\n");

    _usage.append("    -n serialnumber ");
    _usage.append("- Specifies the certificate serial number\n");

    _usage.append("    -S subject      ");
    _usage.append("- Specifies the certificate subject\n");

    _usage.append("    --help          - Display this help message\n");
    _usage.append("    --version       - Display CIM Server version number\n");

    _usage.append("\nUsage note: The cimtrust command requires that ");
    _usage.append("the CIM Server is running.\n");

//l10n localize usage
#ifdef PEGASUS_HAS_ICU

    MessageLoaderParms menuparms(
        "Clients.cimtrust.CIMTrustCommand.MENU.STANDARD", _usage);
    menuparms.msg_src_path = MSG_PATH;
    _usage = MessageLoader::getMessage(menuparms);

#endif

    setUsage (_usage);
}

/**
    Connect to cimserver.

    @param  client             the handle to CIMClient object

    @param  outPrintWriter     the ostream to which output should be
                               written
 */
void CIMTrustCommand::_connectToServer( CIMClient& client,
                                    ostream& outPrintWriter )
{
    client.connectLocal();
}


/**
    Convert CIMDateTime to user-readable string of the format
    month day-of-month, year  hour:minute:second (value-hrs-GMT-offset)

    @param  cimDateTimeStr  CIM formated DateTime String

    @return  String user-readable date time string.
 */
String CIMTrustCommand::_formatCIMDateTime(const String& cimDateTimeStr)
{
   Uint32 year = 0;
   Uint32 month = 0;
   Uint32 day = 0;
   Uint32 hour = 0;
   Uint32 minute = 0;
   Uint32 second = 0;
   Uint32 microsecond = 0;
   Uint32 timezone = 0;

   sscanf(cimDateTimeStr.getCString(), "%04d%02d%02d%02d%02d%02d.%06d%04d",
          &year, &month, &day, &hour, &minute, &second,
          &microsecond, &timezone);

   char monthString[5];

   switch (month)
   {
      case 1 :
          sprintf(monthString, "Jan");
          break;
      case 2 :
          sprintf(monthString, "Feb");
          break;
      case 3 :
          sprintf(monthString, "Mar");
          break;
      case 4 :
          sprintf(monthString, "Apr");
          break;
      case 5 :
          sprintf(monthString, "May");
          break;
      case 6 :
          sprintf(monthString, "Jun");
          break;
      case 7 :
          sprintf(monthString, "Jul");
          break;
      case 8 :
          sprintf(monthString, "Aug");
          break;
      case 9 :
          sprintf(monthString, "Sep");
          break;
      case 10 :
          sprintf(monthString, "Oct");
          break;
      case 11 :
          sprintf(monthString, "Nov");
          break;
      case 12 :
          sprintf(monthString, "Dec");
          break;

      // covered all known cases, if get to default, just
      // return the input string as received.
      default :
          return (cimDateTimeStr);
   }

   char dateTimeStr[80];
   sprintf(dateTimeStr, "%s %d, %d  %d:%02d:%02d (%03d%02d)",
           monthString, day, year, hour, minute, second,
           timezone/60, timezone%60);

   String retVal = String(dateTimeStr);

   return (retVal);
}


/**
    Read certificate content.

    @param  certFilePath     the certificate file path

    @return  Buffer containing the certificate content
 */
Buffer CIMTrustCommand::_readCertificateContent(const String &certFilePath)
{
    Buffer content;

    //
    //  Check that cert file exists
    //
    if (!FileSystem::exists (certFilePath))

    {
        NoSuchFile e (certFilePath);
        throw e;
    }

    //
    //  Check that cert file is readable
    //
    if (!FileSystem::canRead (certFilePath))
    {
        FileNotReadable e (certFilePath);
        throw e;
    }

    //
    //  Load file content to memory
    //
    try
    {
        FileSystem::loadFileToMemory (content, certFilePath);
        content.append ('\0');
    }
    catch (const CannotOpenFile&)
    {
        throw;
    }

    return content;
}


/**
   Add a new certificate to the trust store

   @param  client           the handle to CIMClient object

   @param  outPrintWriter   the ostream to which output should be written
 */
void CIMTrustCommand::_addCertificate (
    CIMClient&   client,
    ostream&     outPrintWriter)
{
    Buffer              content;
    Array<CIMKeyBinding>   kbArray;
    CIMKeyBinding          kb;
    Array<CIMParamValue>   inParams;
    Array<CIMParamValue>   outParams;
    Uint16                 certificateType;

    content = _readCertificateContent(_certFile);

    String contentStr = String(content.getData());

    if (_type == _ARG_TYPE_AUTHORITY)
    {
        certificateType = _CERTIFICATE_TYPE_AUTHORITY;
    }
    else if ( _type == _ARG_TYPE_AUTHORITY_END_ENTITY )
    {
        certificateType = _CERTIFICATE_TYPE_AUTHORITY_END_ENTITY;
    }
    else if ( _type == _ARG_TYPE_SELF_SIGNED_IDENTITY )
    {
        certificateType = _CERTIFICATE_TYPE_SELF_SIGNED_IDENTITY;
    }

    //
    // Build the input params
    //
    inParams.append ( CIMParamValue ( CERT_CONTENTS,
                                      CIMValue (contentStr)));
    inParams.append ( CIMParamValue ( CERT_USERNAME,
                                      CIMValue (_certUser)));
    inParams.append ( CIMParamValue ( CERT_TYPE,
                                      CIMValue (certificateType)));

    CIMObjectPath reference(
        String::EMPTY, PEGASUS_NAMESPACENAME_CERTIFICATE,
        PEGASUS_CLASSNAME_CERTIFICATE, kbArray);

    //
    // If an associated username has not been specified, display an 
    // informational message.
    //
    if ( !_certUserSet )
    {
          outPrintWriter << localizeMessage(MSG_PATH, 
                            CERT_WITHOUT_ASSOCIATED_USER_KEY,
                            CERT_WITHOUT_ASSOCIATED_USER) << endl;
    }

    //
    // Call the invokeMethod with the input parameters
    //

    client.invokeMethod (
        PEGASUS_NAMESPACENAME_CERTIFICATE,
        reference,
        ADD_CERTIFICATE_METHOD,
        inParams,
        outParams );

    outPrintWriter << localizeMessage(MSG_PATH, ADD_CERTIFICATE_SUCCESS_KEY,
        ADD_CERTIFICATE_SUCCESS) << endl;
}

/**
   Remove an existing certificate from the trust store

   @param  client           the handle to CIMClient object

   @param  outPrintWriter   the ostream to which output should be written
 */
void CIMTrustCommand::_removeCertificate (
    CIMClient&   client,
    ostream&     outPrintWriter)
{
    Array<CIMKeyBinding> kbArray;
    CIMKeyBinding        kb;

    //
    // Build the input params
    //
    kb.setName(PROPERTY_NAME_ISSUER);
    kb.setValue(_issuer);
    kb.setType(CIMKeyBinding::STRING);

    kbArray.append(kb);

    if (_serialNumberSet)
    {
        kb.setName(PROPERTY_NAME_SERIALNUMBER);
        kb.setValue(_serialNumber);
        kb.setType(CIMKeyBinding::STRING);

        kbArray.append(kb);
    }
    else 
    {
        //
        // Pass the subject name
        //
        kb.setName(PROPERTY_NAME_SUBJECTNAME);
        kb.setValue(_subject);
        kb.setType(CIMKeyBinding::STRING);

        kbArray.append(kb);
    }

    CIMObjectPath reference(
        String::EMPTY, PEGASUS_NAMESPACENAME_CERTIFICATE,
        PEGASUS_CLASSNAME_CERTIFICATE, kbArray);

    client.deleteInstance(
        PEGASUS_NAMESPACENAME_CERTIFICATE,
        reference);

    outPrintWriter << localizeMessage(MSG_PATH, REMOVE_CERTIFICATE_SUCCESS_KEY,
        REMOVE_CERTIFICATE_SUCCESS) << endl;
}

/**
   List certificates in the trust store

   @param  client           the handle to CIMClient object

   @param  outPrintWriter   the ostream to which output should be written
 */
void CIMTrustCommand::_listCertificates (
    CIMClient&   client,
    ostream&     outPrintWriter)
{
    Array<CIMInstance> certificateNamedInstances;

    //
    // get all the instances of class PG_SSLCertificate
    //
    certificateNamedInstances =
        client.enumerateInstances(
            PEGASUS_NAMESPACENAME_CERTIFICATE,
            PEGASUS_CLASSNAME_CERTIFICATE);

    //
    // copy all the certificate contents
    //
    Uint32 numberInstances = certificateNamedInstances.size();
    Boolean issuerFound = false;

    for (Uint32 i = 0; i < numberInstances; i++)
    {
        CIMInstance& certificateInstance =
            certificateNamedInstances[i];

        String issuer;
        String serialNumber;
        String subjectName;
        String registeredUserName;
        Uint16 type;
        String typeStr;
        CIMDateTime notBefore;
        CIMDateTime notAfter;

        //
        // Check if issuer name and serial number are specified
        // and they match
        //
        Uint32 pos = certificateInstance.findProperty(PROPERTY_NAME_ISSUER);
        CIMProperty prop = certificateInstance.getProperty(pos);
        prop.getValue().get(issuer);

        pos = certificateInstance.findProperty(PROPERTY_NAME_SERIALNUMBER);
        prop = certificateInstance.getProperty(pos);
        prop.getValue().get(serialNumber);