1 files changed, 49 insertions, 0 deletions

diff --git a/stap-authorize-cert b/stap-authorize-cert
new file mode 100755
index 00000000..21af2ce0
--- /dev/null
+++ b/stap-authorize-cert
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# Add an existing server certificate to a
+# database of trusted servers for the client.
+#
+# Copyright (C) 2008, 2009 Red Hat Inc.
+#
+# This file is part of systemtap, and is free software.  You can
+# redistribute it and/or modify it under the terms of the GNU General
+# Public License (GPL); either version 2, or (at your option) any
+# later version.
+
+certfile=$1
+certdb=$2
+
+# Obtain the filename of the certificate
+if  test "X$certfile" = "X"; then
+    echo "Certificate file must be specified" >&2
+    exit 1
+fi
+if ! test -f $certfile; then
+    echo "Cannot find certificate file $certfile" >&2
+    exit 1
+fi
+
+# Obtain the certificate database directory name.
+if  test "X$certdb" = "X"; then
+    echo "Certificate database directory must be specified" >&2
+    exit 1
+fi
+if ! test -d $certdb; then
+    if ! mkdir -p -m 755 $certdb; then
+	echo "Unable to find or create the client certificate database directory: $certdb" >&2
+	exit 1
+    fi
+fi
+
+# Add the certificate
+if ! certutil -A -n stap-server -d $certdb -i $certfile -t "P,P,P" > /dev/null; then
+    echo "Unable to add $certfile to the client certificate database $certdb" >&2
+    exit 1
+fi
+
+# Ensure that the database is readable by others
+if ! chmod +r $certdb/*.db; then
+    echo "Warning: unable to make the client certificate database $certdb readable by others" >&2
+fi
+
+exit 0