static
DWORD
VmAfdSrvWriteRootToDisk(
PCSTR pszCertificate,
PCSTR pszCAPath,
PCSTR pszFilename
)
{
DWORD dwError = 0;
LONG maxIndex = -1;
PSTR pszPath = NULL;
PSTR pszAlias = NULL;
FILE* pFile = NULL;
size_t len = 0;
size_t bytesToWrite = 0;
BOOLEAN bCertOnDisk = FALSE;
PCSTR pszCursor = NULL;
dwError = VmAfdFindFileIndex(pszCAPath, pszFilename, &maxIndex);
if (dwError != ERROR_FILE_NOT_FOUND)
{
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VecsComputeCertAliasA((PSTR)pszCertificate, &pszAlias);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdCheckCertOnDisk(
pszAlias,
pszCAPath,
pszFilename,
maxIndex,
&bCertOnDisk);
BAIL_ON_VMAFD_ERROR(dwError);
if (bCertOnDisk)
{
goto cleanup;
}
}
dwError = VmAfdAllocateStringPrintf(
&pszPath,
"%s%s%s.%ld",
pszCAPath,
VMAFD_PATH_SEPARATOR_STR,
pszFilename,
maxIndex+1);
BAIL_ON_VMAFD_ERROR(dwError);
dwError = VmAfdOpenFilePath(pszPath, "w", &pFile);
BAIL_ON_VMAFD_ERROR(dwError);
len = strlen(pszCertificate);
bytesToWrite = len;
pszCursor = pszCertificate;
while (bytesToWrite > 0)
{
size_t bytesWritten = 0;
if ((bytesWritten = fwrite(pszCursor, 1, len, pFile)) == 0)
{
#ifndef _WIN32
dwError = LwErrnoToWin32Error(errno);
#else
dwError = GetLastError();
#endif
BAIL_ON_VMAFD_ERROR(dwError);
}
pszCursor += bytesWritten;
bytesToWrite -= bytesWritten;
}
cleanup:
if (pFile)
{
fclose(pFile);
}
VMAFD_SAFE_FREE_MEMORY(pszPath);
VMAFD_SAFE_FREE_MEMORY(pszAlias);
return dwError;
error:
goto cleanup;
}
DWORD
VecsCliAddEntryA(
PVMAFD_SERVER pServer,
PCSTR pszStoreName,
PCSTR pszPassword,
PCSTR pszAlias,
PCSTR pszCertFilePath,
PCSTR pszKeyFilePath,
PCSTR pszKeyPassword
)
{
DWORD dwError = 0;
PVECS_STORE pStore = NULL;
PSTR pszCertificate = NULL;
PSTR pszKey = NULL;
PSTR pszAliasUsed = NULL;
CERT_ENTRY_TYPE entryType = CERT_ENTRY_TYPE_UNKNOWN;
if (IsNullOrEmptyString(pszStoreName))
{
fprintf (
stderr,
"Error: The store name [%s] is invalid \n",
VMAFD_SAFE_STRING(pszStoreName)
);
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
if (pszCertFilePath)
{
dwError = VecsCliReadFromFile (
pszCertFilePath,
&pszCertificate
);
BAIL_ON_VMAFD_ERROR (dwError);
}
if (pszKeyFilePath)
{
dwError = VecsCliReadFromFile (
pszKeyFilePath,
&pszKey
);
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VecsCliGetEntryType(
pszCertificate,
pszKey,
&entryType
);
BAIL_ON_VMAFD_ERROR (dwError);
if (entryType == CERT_ENTRY_TYPE_SECRET_KEY &&
IsNullOrEmptyString (pszAlias)
)
{
fprintf(
stderr,
"Error: The alias [%s] is invalid \n",
VMAFD_SAFE_STRING(pszAlias)
);
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
else if (IsNullOrEmptyString (pszAlias))
{
dwError = VecsComputeCertAliasA(
pszCertificate,
&pszAliasUsed
);
BAIL_ON_VECS_CLI_ERROR (dwError, "Could not generate alias from certificate");
}
dwError = VecsOpenCertStoreHA(
pServer,
pszStoreName,
pszPassword,
&pStore
);
BAIL_ON_VECS_CLI_ERROR (dwError, "Failed to open the store.");
dwError = VecsAddEntryA (
pStore,
entryType,
IsNullOrEmptyString(pszAlias)?pszAliasUsed:pszAlias,
pszCertificate,
pszKey,
pszKeyPassword, //PASSWORD
0 //AUTO_REFRESH
);
BAIL_ON_VMAFD_ERROR (dwError);
fprintf (
stdout,
"Entry with alias [%s] in store [%s] was created successfully \n",
IsNullOrEmptyString(pszAlias)? pszAliasUsed : pszAlias,
pszStoreName
);
cleanup:
if (pStore)
{
VecsCloseCertStore (pStore);
}
VMAFD_SAFE_FREE_MEMORY (pszCertificate);
VMAFD_SAFE_FREE_MEMORY (pszKey);
VMAFD_SAFE_FREE_MEMORY (pszAliasUsed);
return dwError;
error:
goto cleanup;
}
