4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
21 * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
32 #include <cryptoutil.h>
37 pk_download(int argc
, char *argv
[])
42 extern char *optarg_av
;
45 char *http_proxy
= NULL
;
50 KMF_HANDLE_T kmfhandle
= NULL
;
51 KMF_ENCODE_FORMAT format
;
52 KMF_RETURN ch_rv
= KMF_OK
;
53 char *fullpath
= NULL
;
54 KMF_DATA cert
= { 0, NULL
};
55 KMF_DATA cert_der
= { 0, NULL
};
57 while ((opt
= getopt_av(argc
, argv
,
58 "t:(objtype)u:(url)h:(http_proxy)o:(outfile)d:(dir)")) != EOF
) {
60 if (EMPTYSTRING(optarg_av
))
61 return (PK_ERR_USAGE
);
65 return (PK_ERR_USAGE
);
66 oclass
= OT2Int(optarg_av
);
67 if (!(oclass
& (PK_CERT_OBJ
| PK_CRL_OBJ
)))
68 return (PK_ERR_USAGE
);
72 return (PK_ERR_USAGE
);
77 return (PK_ERR_USAGE
);
78 http_proxy
= optarg_av
;
82 return (PK_ERR_USAGE
);
87 return (PK_ERR_USAGE
);
91 cryptoerror(LOG_STDERR
, gettext(
92 "unrecognized download option '%s'\n"),
94 return (PK_ERR_USAGE
);
98 /* No additional args allowed. */
102 return (PK_ERR_USAGE
);
105 /* Check the dir and outfile options */
106 if (outfile
== NULL
) {
107 /* If outfile is not specified, use the basename of URI */
108 outfile
= basename(url
);
111 fullpath
= get_fullpath(dir
, outfile
);
112 if (fullpath
== NULL
) {
113 cryptoerror(LOG_STDERR
, gettext("Incorrect dir or outfile "
115 return (PK_ERR_USAGE
);
117 /* Check if the file exists and might be overwritten. */
118 if (verify_file(fullpath
) != KMF_OK
) {
119 cryptoerror(LOG_STDERR
,
120 gettext("Warning: file \"%s\" exists, "
121 "will be overwritten."), fullpath
);
122 if (yesno(gettext("Continue with download? "),
123 gettext("Respond with yes or no.\n"), B_FALSE
) == B_FALSE
) {
127 /* URI MUST be specified */
129 cryptoerror(LOG_STDERR
, gettext("A URL must be specified\n"));
135 * Get the http proxy from the command "http_proxy" option or the
136 * environment variable. The command option has a higher priority.
138 if (http_proxy
== NULL
)
139 http_proxy
= getenv("http_proxy");
141 if (http_proxy
!= NULL
) {
142 char *ptmp
= http_proxy
;
145 if (strncasecmp(ptmp
, "http://", 7) == 0)
146 ptmp
+= 7; /* skip the scheme prefix */
148 proxy
= strtok(ptmp
, ":");
149 proxy_port_s
= strtok(NULL
, "\0");
150 if (proxy_port_s
!= NULL
)
151 proxy_port
= strtol(proxy_port_s
, NULL
, 0);
156 /* If objtype is not specified, default to CRL */
161 if ((rv
= kmf_initialize(&kmfhandle
, NULL
, NULL
)) != KMF_OK
) {
162 cryptoerror(LOG_STDERR
, gettext("Error initializing KMF\n"));
167 /* Now we are ready to download */
168 if (oclass
& PK_CRL_OBJ
) {
169 rv
= kmf_download_crl(kmfhandle
, url
, proxy
, proxy_port
, 30,
171 } else if (oclass
& PK_CERT_OBJ
) {
172 rv
= kmf_download_cert(kmfhandle
, url
, proxy
, proxy_port
, 30,
178 case KMF_ERR_BAD_URI
:
179 cryptoerror(LOG_STDERR
,
180 gettext("Error in parsing URI\n"));
183 case KMF_ERR_OPEN_FILE
:
184 cryptoerror(LOG_STDERR
,
185 gettext("Error in opening file\n"));
188 case KMF_ERR_WRITE_FILE
:
189 cryptoerror(LOG_STDERR
,
190 gettext("Error in writing file\n"));
193 case KMF_ERR_BAD_CRLFILE
:
194 cryptoerror(LOG_STDERR
, gettext("Not a CRL file\n"));
197 case KMF_ERR_BAD_CERTFILE
:
198 cryptoerror(LOG_STDERR
,
199 gettext("Not a certificate file\n"));
203 cryptoerror(LOG_STDERR
,
204 gettext("Not enough memory\n"));
208 cryptoerror(LOG_STDERR
,
209 gettext("Error in downloading the file.\n"));
217 * If the file is successfully downloaded, we also check the date.
218 * If the downloaded file is outdated, give a warning.
220 if (oclass
& PK_CRL_OBJ
) {
221 ch_rv
= kmf_check_crl_date(kmfhandle
, fullpath
);
222 } else { /* certificate */
223 ch_rv
= kmf_read_input_file(kmfhandle
, fullpath
, &cert
);
227 if (format
== KMF_FORMAT_PEM
) {
229 ch_rv
= kmf_pem_to_der(cert
.Data
, cert
.Length
,
230 &cert_der
.Data
, &len
);
233 cert_der
.Length
= (size_t)len
;
236 ch_rv
= kmf_check_cert_date(kmfhandle
,
237 format
== KMF_FORMAT_ASN1
? &cert
: &cert_der
);
241 if (ch_rv
== KMF_ERR_VALIDITY_PERIOD
) {
242 cryptoerror(LOG_STDERR
,
243 gettext("Warning: the downloaded file is expired.\n"));
244 } else if (ch_rv
!= KMF_OK
) {
245 cryptoerror(LOG_STDERR
,
246 gettext("Warning: failed to check the validity.\n"));
252 kmf_free_data(&cert
);
253 kmf_free_data(&cert_der
);
255 (void) kmf_finalize(kmfhandle
);