199ebb4cwyllys/*
299ebb4cwyllys * CDDL HEADER START
399ebb4cwyllys *
499ebb4cwyllys * The contents of this file are subject to the terms of the
599ebb4cwyllys * Common Development and Distribution License (the "License").
699ebb4cwyllys * You may not use this file except in compliance with the License.
799ebb4cwyllys *
899ebb4cwyllys * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
999ebb4cwyllys * or http://www.opensolaris.org/os/licensing.
1099ebb4cwyllys * See the License for the specific language governing permissions
1199ebb4cwyllys * and limitations under the License.
1299ebb4cwyllys *
1399ebb4cwyllys * When distributing Covered Code, include this CDDL HEADER in each
1499ebb4cwyllys * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
1599ebb4cwyllys * If applicable, add the following below this CDDL HEADER, with the
1699ebb4cwyllys * fields enclosed by brackets "[]" replaced with your own identifying
1799ebb4cwyllys * information: Portions Copyright [yyyy] [name of copyright owner]
1899ebb4cwyllys *
1999ebb4cwyllys * CDDL HEADER END
2099ebb4cwyllys *
2130a5e8fwyllys * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
2299ebb4cwyllys * Use is subject to license terms.
2399ebb4cwyllys */
2499ebb4cwyllys
2599ebb4cwyllys#include <stdio.h>
2699ebb4cwyllys#include <strings.h>
2799ebb4cwyllys#include <ctype.h>
2899ebb4cwyllys#include <libgen.h>
2999ebb4cwyllys#include <libintl.h>
3099ebb4cwyllys
3199ebb4cwyllys#include <libxml/tree.h>
3299ebb4cwyllys#include <libxml/parser.h>
3399ebb4cwyllys
3499ebb4cwyllys#include <kmfapiP.h>
3599ebb4cwyllys#include "util.h"
3699ebb4cwyllys
37431deaahylee
3899ebb4cwyllys/* Supporting structures and global variables for getopt_av(). */
3999ebb4cwyllystypedef struct	av_opts_s {
4099ebb4cwyllys	int		shortnm;	/* short name character */
4199ebb4cwyllys	char		*longnm;	/* long name string, NOT terminated */
4299ebb4cwyllys	int		longnm_len;	/* length of long name string */
4399ebb4cwyllys	boolean_t	has_arg;	/* takes optional argument */
4499ebb4cwyllys} av_opts;
4599ebb4cwyllys
4699ebb4cwyllysstatic av_opts		*opts_av = NULL;
4799ebb4cwyllysstatic const char	*_save_optstr = NULL;
4899ebb4cwyllysstatic int		_save_numopts = 0;
4999ebb4cwyllysint			optind_av = 1;
5099ebb4cwyllyschar			*optarg_av = NULL;
5199ebb4cwyllys
5299ebb4cwyllysvoid
5399ebb4cwyllysfree_policy_list(POLICY_LIST *plist)
5499ebb4cwyllys{
5599ebb4cwyllys	POLICY_LIST *n = plist, *old;
5699ebb4cwyllys
5799ebb4cwyllys	if (plist == NULL)
5899ebb4cwyllys		return;
5999ebb4cwyllys
6099ebb4cwyllys	while (n != NULL) {
6199ebb4cwyllys		old = n;
6230a5e8fwyllys		kmf_free_policy_record(&n->plc);
6399ebb4cwyllys		n = n->next;
6499ebb4cwyllys		free(old);
6599ebb4cwyllys	}
6699ebb4cwyllys	plist = NULL;
6799ebb4cwyllys}
6899ebb4cwyllys
6999ebb4cwyllysint
7099ebb4cwyllysload_policies(char *file, POLICY_LIST **policy_list)
7199ebb4cwyllys{
7299ebb4cwyllys	int rv = KC_OK;
7399ebb4cwyllys	KMF_RETURN kmfrv = KMF_OK;
7499ebb4cwyllys	POLICY_LIST *newitem, *plist = NULL;
7599ebb4cwyllys	xmlParserCtxtPtr ctxt;
7699ebb4cwyllys	xmlDocPtr doc = NULL;
7799ebb4cwyllys	xmlNodePtr cur, node;
7899ebb4cwyllys
7999ebb4cwyllys	/* Create a parser context */
8099ebb4cwyllys	ctxt = xmlNewParserCtxt();
8199ebb4cwyllys	if (ctxt == NULL)
8299ebb4cwyllys		return (KMF_ERR_POLICY_DB_FORMAT);
8399ebb4cwyllys
8499ebb4cwyllys	/* Read the policy DB and verify it against the schema. */
8599ebb4cwyllys	doc = xmlCtxtReadFile(ctxt, file, NULL,
8699ebb4cwyllys	    XML_PARSE_DTDVALID | XML_PARSE_NOERROR | XML_PARSE_NOWARNING);
8799ebb4cwyllys	if (doc == NULL || ctxt->valid == 0) {
8899ebb4cwyllys		kmfrv = KMF_ERR_POLICY_DB_FORMAT;
8999ebb4cwyllys		goto end;
9099ebb4cwyllys	}
9199ebb4cwyllys
9299ebb4cwyllys	cur = xmlDocGetRootElement(doc);
9399ebb4cwyllys	if (cur == NULL) {
9499ebb4cwyllys		kmfrv = KMF_ERR_POLICY_DB_FORMAT;
9599ebb4cwyllys		goto end;
9699ebb4cwyllys	}
9799ebb4cwyllys
9899ebb4cwyllys	node = cur->xmlChildrenNode;
9999ebb4cwyllys	while (node != NULL) {
10099ebb4cwyllys		char *c;
10199ebb4cwyllys		/*
10299ebb4cwyllys		 * Search for the policy that matches the given name.
10399ebb4cwyllys		 */
10499ebb4cwyllys		if (!xmlStrcmp((const xmlChar *)node->name,
10530a5e8fwyllys		    (const xmlChar *)KMF_POLICY_ELEMENT)) {
10699ebb4cwyllys			/* Check the name attribute */
10799ebb4cwyllys			c = (char *)xmlGetProp(node,
10830a5e8fwyllys			    (const xmlChar *)KMF_POLICY_NAME_ATTR);
10999ebb4cwyllys
11099ebb4cwyllys			/* If a match, parse the rest of the data */
11199ebb4cwyllys			if (c != NULL) {
11299ebb4cwyllys				xmlFree(c);
11399ebb4cwyllys				newitem = malloc(sizeof (POLICY_LIST));
11499ebb4cwyllys				if (newitem != NULL) {
11599ebb4cwyllys					(void) memset(newitem, 0,
11630a5e8fwyllys					    sizeof (POLICY_LIST));
11799ebb4cwyllys					kmfrv = parsePolicyElement(node,
11830a5e8fwyllys					    &newitem->plc);
11999ebb4cwyllys				} else {
12099ebb4cwyllys					kmfrv = KMF_ERR_MEMORY;
12199ebb4cwyllys					goto end;
12299ebb4cwyllys				}
12399ebb4cwyllys				/* add to linked list */
12499ebb4cwyllys				if (plist == NULL) {
12599ebb4cwyllys					plist = newitem;
12699ebb4cwyllys				} else {
12799ebb4cwyllys					POLICY_LIST *n = plist;
12899ebb4cwyllys					while (n->next != NULL)
12999ebb4cwyllys						n = n->next;
13099ebb4cwyllys
13199ebb4cwyllys					n->next = newitem;
13299ebb4cwyllys					newitem->next = NULL;
13399ebb4cwyllys				}
13499ebb4cwyllys			}
13599ebb4cwyllys		}
13699ebb4cwyllys		node = node->next;
13799ebb4cwyllys	}
13899ebb4cwyllys
13999ebb4cwyllysend:
14099ebb4cwyllys	if (ctxt != NULL)
14199ebb4cwyllys		xmlFreeParserCtxt(ctxt);
14299ebb4cwyllys
14399ebb4cwyllys	if (doc != NULL)
14499ebb4cwyllys		xmlFreeDoc(doc);
14599ebb4cwyllys
14699ebb4cwyllys	if (kmfrv != KMF_OK) {
14799ebb4cwyllys		free_policy_list(plist);
14899ebb4cwyllys		rv = KC_ERR_LOADDB;
14999ebb4cwyllys	} else {
15099ebb4cwyllys		*policy_list = plist;
15199ebb4cwyllys	}
15299ebb4cwyllys
15399ebb4cwyllys	return (rv);
15499ebb4cwyllys}
15599ebb4cwyllys
15699ebb4cwyllys/*
15799ebb4cwyllys * Return 0 if there is any error in the input string.
15899ebb4cwyllys */
15999ebb4cwyllysuint16_t
16099ebb4cwyllysparseKUlist(char *kustring)
16199ebb4cwyllys{
16299ebb4cwyllys	uint16_t cur_bit;
16399ebb4cwyllys	uint16_t kubits = 0;
16499ebb4cwyllys	char *p;
16599ebb4cwyllys
16699ebb4cwyllys	p = strtok(kustring, ",");
16799ebb4cwyllys	while (p != NULL) {
16830a5e8fwyllys		cur_bit = kmf_string_to_ku(p);
16999ebb4cwyllys		if (cur_bit == 0) {
17099ebb4cwyllys			kubits = 0;
17199ebb4cwyllys			break;
17299ebb4cwyllys		}
17399ebb4cwyllys		kubits |= cur_bit;
17499ebb4cwyllys		p = strtok(NULL, ",");
17599ebb4cwyllys	}
17699ebb4cwyllys
17799ebb4cwyllys	return (kubits);
17899ebb4cwyllys}
17999ebb4cwyllys
18099ebb4cwyllysstatic void
18199ebb4cwyllysaddToEKUList(KMF_EKU_POLICY *ekus, KMF_OID *newoid)
18299ebb4cwyllys{
18399ebb4cwyllys	if (newoid != NULL && ekus != NULL) {
18499ebb4cwyllys		ekus->eku_count++;
18599ebb4cwyllys		ekus->ekulist = realloc(
18630a5e8fwyllys		    ekus->ekulist, ekus->eku_count * sizeof (KMF_OID));
18799ebb4cwyllys		if (ekus->ekulist != NULL) {
18899ebb4cwyllys			ekus->ekulist[ekus->eku_count-1] = *newoid;
18999ebb4cwyllys		}
19099ebb4cwyllys	}
19199ebb4cwyllys}
19299ebb4cwyllys
19399ebb4cwyllysint
19499ebb4cwyllysparseEKUNames(char *ekulist, KMF_POLICY_RECORD *plc)
19599ebb4cwyllys{
19699ebb4cwyllys	int rv = KC_OK;
19799ebb4cwyllys	char *p;
19899ebb4cwyllys	KMF_OID *newoid;
19999ebb4cwyllys	KMF_EKU_POLICY *ekus = &plc->eku_set;
20099ebb4cwyllys
20199ebb4cwyllys	if (ekulist == NULL || !strlen(ekulist))
20299ebb4cwyllys		return (0);
20399ebb4cwyllys
20499ebb4cwyllys	/*
20599ebb4cwyllys	 * The list should be comma separated list of EKU Names.
20699ebb4cwyllys	 */
20799ebb4cwyllys	p = strtok(ekulist, ",");
20899ebb4cwyllys
20999ebb4cwyllys	/* If no tokens found, then maybe its just a single EKU value */
21099ebb4cwyllys	if (p == NULL) {
21130a5e8fwyllys		newoid = kmf_ekuname_to_oid(ekulist);
21299ebb4cwyllys		if (newoid != NULL) {
21399ebb4cwyllys			addToEKUList(ekus, newoid);
21499ebb4cwyllys			free(newoid);
21599ebb4cwyllys		} else {
21699ebb4cwyllys			rv = KC_ERR_USAGE;
21799ebb4cwyllys		}
21899ebb4cwyllys	}
21999ebb4cwyllys
22099ebb4cwyllys	while (p != NULL) {
22130a5e8fwyllys		newoid = kmf_ekuname_to_oid(p);
22299ebb4cwyllys		if (newoid != NULL) {
22399ebb4cwyllys			addToEKUList(ekus, newoid);
22499ebb4cwyllys			free(newoid);
22599ebb4cwyllys		} else {
22699ebb4cwyllys			rv = KC_ERR_USAGE;
22799ebb4cwyllys			break;
22899ebb4cwyllys		}
22999ebb4cwyllys		p = strtok(NULL, ",");
23099ebb4cwyllys	}
23199ebb4cwyllys
23299ebb4cwyllys	if (rv != KC_OK)
23330a5e8fwyllys		kmf_free_eku_policy(ekus);
23499ebb4cwyllys
23599ebb4cwyllys	return (rv);
23699ebb4cwyllys}
23799ebb4cwyllys
23899ebb4cwyllysint
23999ebb4cwyllysparseEKUOIDs(char *ekulist, KMF_POLICY_RECORD *plc)
24099ebb4cwyllys{
24199ebb4cwyllys	int rv = KC_OK;
24299ebb4cwyllys	char *p;
2436b35cb3Richard PALO	KMF_OID newoid = { 0, NULL };
24499ebb4cwyllys	KMF_EKU_POLICY *ekus = &plc->eku_set;
24599ebb4cwyllys
24699ebb4cwyllys	if (ekulist == NULL || !strlen(ekulist))
24799ebb4cwyllys		return (0);
24899ebb4cwyllys
24999ebb4cwyllys	/*
25099ebb4cwyllys	 * The list should be comma separated list of EKU Names.
25199ebb4cwyllys	 */
25299ebb4cwyllys	p = strtok(ekulist, ",");
25399ebb4cwyllys	if (p == NULL) {
25430a5e8fwyllys		if (kmf_string_to_oid(ekulist, &newoid) == KMF_OK) {
25530a5e8fwyllys			addToEKUList(ekus, &newoid);
25699ebb4cwyllys		} else {
25799ebb4cwyllys			rv = KC_ERR_USAGE;
25899ebb4cwyllys		}
25999ebb4cwyllys	}
26099ebb4cwyllys
26199ebb4cwyllys	while (p != NULL && rv == 0) {
26230a5e8fwyllys		if (kmf_string_to_oid(p, &newoid) == KMF_OK) {
26330a5e8fwyllys			addToEKUList(ekus, &newoid);
26499ebb4cwyllys		} else {
26599ebb4cwyllys			rv = KC_ERR_USAGE;
26699ebb4cwyllys			break;
26799ebb4cwyllys		}
26899ebb4cwyllys		p = strtok(NULL, ",");
26999ebb4cwyllys	}
27099ebb4cwyllys
27199ebb4cwyllys	if (rv != KC_OK)
27230a5e8fwyllys		kmf_free_eku_policy(ekus);
27399ebb4cwyllys
27499ebb4cwyllys	return (rv);
27599ebb4cwyllys}
27699ebb4cwyllys
27799ebb4cwyllysint
27899ebb4cwyllysget_boolean(char *arg)
27999ebb4cwyllys{
28099ebb4cwyllys	if (arg == NULL)
28199ebb4cwyllys		return (-1);
28299ebb4cwyllys	if (strcasecmp(arg, "true") == 0)
28399ebb4cwyllys		return (1);
28499ebb4cwyllys	if (strcasecmp(arg, "false") == 0)
28599ebb4cwyllys		return (0);
28699ebb4cwyllys	return (-1);
28799ebb4cwyllys}
28899ebb4cwyllys
28999ebb4cwyllys/*
29099ebb4cwyllys * This function processes the input string.  It removes the beginning
29199ebb4cwyllys * and ending blank's first, makes a copy of the resulting string and
29299ebb4cwyllys * return it.
29399ebb4cwyllys *
29499ebb4cwyllys * This function returns NULL, if there is an error in the
29599ebb4cwyllys * input string or when the system is out of memory.  The output
29699ebb4cwyllys * "err_flag" argument will record the error code, if it is not NULL.
29799ebb4cwyllys */
29899ebb4cwyllyschar *
29999ebb4cwyllysget_string(char *str, int *err_flag)
30099ebb4cwyllys{
30199ebb4cwyllys	char *p;
30299ebb4cwyllys	int len, i;
30399ebb4cwyllys	char *retstr = NULL;
30499ebb4cwyllys
30599ebb4cwyllys	if (str == NULL) {
30699ebb4cwyllys		if (err_flag != NULL)
30799ebb4cwyllys			*err_flag = KC_ERR_USAGE;
30899ebb4cwyllys		return (NULL);
30999ebb4cwyllys	}
31099ebb4cwyllys
31199ebb4cwyllys	/* Remove beginning whitespace */
31299ebb4cwyllys	p = str;
31399ebb4cwyllys	while (p != NULL && isspace(*p))
31499ebb4cwyllys		p++;
31599ebb4cwyllys
31699ebb4cwyllys	if (p == NULL) {
31799ebb4cwyllys		if (err_flag != NULL)
31899ebb4cwyllys			*err_flag = KC_ERR_USAGE;
31999ebb4cwyllys		return (NULL);
32099ebb4cwyllys	}
32199ebb4cwyllys
32299ebb4cwyllys	/* Remove the trailing blanks */
32399ebb4cwyllys	len = strlen(p);
32499ebb4cwyllys	while (len > 0 && isspace(p[len-1]))
32599ebb4cwyllys		len--;
32699ebb4cwyllys
32799ebb4cwyllys	if (len == 0) {
32899ebb4cwyllys		if (err_flag != NULL)
32999ebb4cwyllys			*err_flag = KC_ERR_USAGE;
33099ebb4cwyllys		return (NULL);
33199ebb4cwyllys	}
33299ebb4cwyllys
33399ebb4cwyllys	/* Check if there is any non-printable character */
33499ebb4cwyllys	i = 0;
33599ebb4cwyllys	while (i < len) {
33699ebb4cwyllys		if (isprint(p[i]))
33799ebb4cwyllys			i++;
33899ebb4cwyllys		else {
33999ebb4cwyllys			if (err_flag != NULL)
34099ebb4cwyllys				*err_flag = KC_ERR_USAGE;
34199ebb4cwyllys			return (NULL);
34299ebb4cwyllys		}
34399ebb4cwyllys	}
34499ebb4cwyllys
34599ebb4cwyllys	/* Make a copy of the string and return it */
34699ebb4cwyllys	retstr = malloc(len + 1);
34799ebb4cwyllys	if (retstr == NULL) {
34899ebb4cwyllys		if (err_flag != NULL)
34999ebb4cwyllys			*err_flag = KC_ERR_MEMORY;
35099ebb4cwyllys		return (NULL);
35199ebb4cwyllys	}
35299ebb4cwyllys
35399ebb4cwyllys	if (err_flag != NULL)
35499ebb4cwyllys		*err_flag = KC_OK;
35599ebb4cwyllys
35699ebb4cwyllys	(void) strncpy(retstr, p, len);
35799ebb4cwyllys	retstr[len] = '\0';
35899ebb4cwyllys	return (retstr);
35999ebb4cwyllys}
36099ebb4cwyllys
36199ebb4cwyllys/*
36299ebb4cwyllys * Breaks out the getopt-style option string into a structure that can be
36399ebb4cwyllys * traversed later for calls to getopt_av().  Option string is NOT altered,
36499ebb4cwyllys * but the struct fields point to locations within option string.
36599ebb4cwyllys */
36699ebb4cwyllysstatic int
36799ebb4cwyllyspopulate_opts(char *optstring)
36899ebb4cwyllys{
36999ebb4cwyllys	int		i;
37099ebb4cwyllys	av_opts		*temp;
37199ebb4cwyllys	char		*marker;
37299ebb4cwyllys
37399ebb4cwyllys	if (optstring == NULL || *optstring == '\0')
37499ebb4cwyllys		return (0);
37599ebb4cwyllys
37699ebb4cwyllys	/*
37799ebb4cwyllys	 * This tries to imitate getopt(3c) Each option must conform to:
37899ebb4cwyllys	 * <short name char> [ ':' ] [ '(' <long name string> ')' ]
37999ebb4cwyllys	 * If long name is missing, the short name is used for long name.
38099ebb4cwyllys	 */
38199ebb4cwyllys	for (i = 0; *optstring != '\0'; i++) {
38299ebb4cwyllys		if ((temp = (av_opts *)((i == 0) ? malloc(sizeof (av_opts)) :
38399ebb4cwyllys		    realloc(opts_av, (i+1) * sizeof (av_opts)))) == NULL) {
38499ebb4cwyllys			free(opts_av);
38599ebb4cwyllys			opts_av = NULL;
38699ebb4cwyllys			return (0);
38799ebb4cwyllys		} else
38899ebb4cwyllys			opts_av = (av_opts *)temp;
38999ebb4cwyllys
39099ebb4cwyllys		marker = optstring;		/* may need optstring later */
39199ebb4cwyllys
39299ebb4cwyllys		opts_av[i].shortnm = *marker++;	/* set short name */
39399ebb4cwyllys
39499ebb4cwyllys		if (*marker == ':') {		/* check for opt arg */
39599ebb4cwyllys			marker++;
39699ebb4cwyllys			opts_av[i].has_arg = B_TRUE;
39799ebb4cwyllys		}
39899ebb4cwyllys
39999ebb4cwyllys		if (*marker == '(') {		/* check and set long name */
40099ebb4cwyllys			marker++;
40199ebb4cwyllys			opts_av[i].longnm = marker;
40299ebb4cwyllys			opts_av[i].longnm_len = strcspn(marker, ")");
40399ebb4cwyllys			optstring = marker + opts_av[i].longnm_len + 1;
40499ebb4cwyllys		} else {
40599ebb4cwyllys			/* use short name option character */
40699ebb4cwyllys			opts_av[i].longnm = optstring;
40799ebb4cwyllys			opts_av[i].longnm_len = 1;
40899ebb4cwyllys			optstring = marker;
40999ebb4cwyllys		}
41099ebb4cwyllys	}
41199ebb4cwyllys
41299ebb4cwyllys	return (i);
41399ebb4cwyllys}
41499ebb4cwyllys
41599ebb4cwyllys/*
41699ebb4cwyllys * getopt_av() is very similar to getopt(3c) in that the takes an option
41799ebb4cwyllys * string, compares command line arguments for matches, and returns a single
41899ebb4cwyllys * letter option when a match is found.  However, getopt_av() differs from
41999ebb4cwyllys * getopt(3c) by allowing both longname options and values be found
42099ebb4cwyllys * on the command line.
42199ebb4cwyllys */
42299ebb4cwyllysint
42399ebb4cwyllysgetopt_av(int argc, char * const *argv, const char *optstring)
42499ebb4cwyllys{
42599ebb4cwyllys	int	i;
42699ebb4cwyllys	int	len;
42799ebb4cwyllys
42899ebb4cwyllys	if (optind_av >= argc)
42999ebb4cwyllys		return (EOF);
43099ebb4cwyllys
43199ebb4cwyllys	/* First time or when optstring changes from previous one */
43299ebb4cwyllys	if (_save_optstr != optstring) {
43399ebb4cwyllys		if (opts_av != NULL)
43430a5e8fwyllys			free(opts_av);
43599ebb4cwyllys		opts_av = NULL;
43699ebb4cwyllys		_save_optstr = optstring;
43799ebb4cwyllys		_save_numopts = populate_opts((char *)optstring);
43899ebb4cwyllys	}
43999ebb4cwyllys
44099ebb4cwyllys	for (i = 0; i < _save_numopts; i++) {
44199ebb4cwyllys		if (strcmp(argv[optind_av], "--") == 0) {
44299ebb4cwyllys			optind_av++;
44399ebb4cwyllys			break;
44499ebb4cwyllys		}
44599ebb4cwyllys
44699ebb4cwyllys		len = strcspn(argv[optind_av], "=");
44799ebb4cwyllys
44899ebb4cwyllys		if (len == opts_av[i].longnm_len && strncmp(argv[optind_av],
44999ebb4cwyllys		    opts_av[i].longnm, opts_av[i].longnm_len) == 0) {
45099ebb4cwyllys			/* matched */
45199ebb4cwyllys			if (!opts_av[i].has_arg) {
45299ebb4cwyllys				optind_av++;
45399ebb4cwyllys				return (opts_av[i].shortnm);
45499ebb4cwyllys			}
45599ebb4cwyllys
45699ebb4cwyllys			/* needs optarg */
45799ebb4cwyllys			if (argv[optind_av][len] == '=') {
45899ebb4cwyllys				optarg_av = &(argv[optind_av][len+1]);
45999ebb4cwyllys				optind_av++;
46099ebb4cwyllys				return (opts_av[i].shortnm);
46199ebb4cwyllys			}
46299ebb4cwyllys
46399ebb4cwyllys			optarg_av = NULL;
46499ebb4cwyllys			optind_av++;
46599ebb4cwyllys			return ((int)'?');
46699ebb4cwyllys		}
46799ebb4cwyllys	}
46899ebb4cwyllys
46999ebb4cwyllys	return (EOF);
47099ebb4cwyllys}
47199ebb4cwyllys
47299ebb4cwyllysvoid
47399ebb4cwyllysprint_sanity_error(KMF_RETURN ret)
47499ebb4cwyllys{
47599ebb4cwyllys	switch (ret) {
47699ebb4cwyllys	case KMF_ERR_POLICY_NAME:
47799ebb4cwyllys		(void) fprintf(stderr, gettext("Error in the policy name\n"));
47899ebb4cwyllys		break;
47999ebb4cwyllys	case KMF_ERR_TA_POLICY:
48099ebb4cwyllys		(void) fprintf(stderr,
48199ebb4cwyllys		    gettext("Error in trust anchor attributes\n"));
48299ebb4cwyllys		break;
48399ebb4cwyllys	case KMF_ERR_OCSP_POLICY:
48499ebb4cwyllys		(void) fprintf(stderr,
48599ebb4cwyllys		    gettext("Error in OCSP policy attributes\n"));
48699ebb4cwyllys		break;
48799ebb4cwyllys	default:
48899ebb4cwyllys		break;
48999ebb4cwyllys	}
49099ebb4cwyllys}
491431deaahylee
492431deaahylee
493431deaahyleeconf_entry_t *
494431deaahyleeget_keystore_entry(char *kstore_name)
495431deaahylee{
496431deaahylee	conf_entrylist_t *phead = NULL;
497431deaahylee	conf_entrylist_t *ptr;
498431deaahylee	conf_entry_t	*rtn_entry = NULL;
499431deaahylee
500431deaahylee	if (kstore_name == NULL)
501431deaahylee		return (NULL);
502431deaahylee
503431deaahylee	if (get_entrylist(&phead) != KMF_OK)
504431deaahylee		return (NULL);
505431deaahylee
506431deaahylee	ptr = phead;
507431deaahylee	while (ptr != NULL) {
508431deaahylee		if (strcmp(ptr->entry->keystore, kstore_name) == 0)
509431deaahylee			break;
510431deaahylee		ptr = ptr->next;
511431deaahylee	}
512431deaahylee
513431deaahylee	if (ptr != NULL) /* found the entry */
514431deaahylee		rtn_entry = dup_entry(ptr->entry);
515431deaahylee
516431deaahylee	free_entrylist(phead);
517431deaahylee	return (rtn_entry);
518431deaahylee}
519