comparison cinst/mozilla.c @ 277:22408d797c92

Factor out functions for cert install/remove.
author Sascha Wilde <wilde@intevation.de>
date Wed, 02 Apr 2014 13:10:40 +0200
parents ea9c5bbc6496
children 539c856cb5da
comparison
equal deleted inserted replaced
276:ea9c5bbc6496 277:22408d797c92
378 return true; 378 return true;
379 } 379 }
380 else 380 else
381 DEBUGPRINTF("Base64 decode failed for: %s\n", b64); 381 DEBUGPRINTF("Base64 decode failed for: %s\n", b64);
382 return false; 382 return false;
383 }
384
385 /**
386 * @brief Store DER certificate in mozilla store.
387 * @param[in] pdir the mozilla profile directory with the certificate
388 * store to manipulate.
389 * @param[in] dercert pointer to a SECItem holding the DER certificate
390 * to install
391 * @returns true on success and false on failure
392 */
393 static bool
394 import_cert(char *pdir, SECItem *dercert)
395 {
396 PK11SlotInfo *pk11slot = NULL;
397 bool success = false;
398 char *cert_name = nss_cert_name(dercert);
399
400 DEBUGPRINTF("INSTALLING cert: '%s' to: %s\n", cert_name, pdir);
401 if (NSS_Initialize(pdir, "", "", "secmod.db", 0) == SECSuccess)
402 {
403 pk11slot = PK11_GetInternalKeySlot();
404 if (PK11_ImportDERCert(pk11slot, dercert, CK_INVALID_HANDLE,
405 cert_name, PR_FALSE)
406 == SECSuccess)
407 {
408 success = true;
409 }
410 else
411 {
412 DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir);
413 }
414 PK11_FreeSlot(pk11slot);
415 NSS_Shutdown();
416 }
417 else
418 {
419 DEBUGPRINTF("Could not open nss certificate store in %s!\n", pdir);
420 }
421
422 free(cert_name);
423 return success;
424 }
425
426 /**
427 * @brief Remove DER certificate from mozilla store.
428 * @param[in] pdir the mozilla profile directory with the certificate
429 * store to manipulate.
430 * @param[in] dercert pointer to a SECItem holding the DER certificate
431 * to remove
432 * @returns true on success and false on failure
433 */
434 static bool
435 remove_cert(char *pdir, SECItem *dercert)
436 {
437 PK11SlotInfo *pk11slot = NULL;
438 bool success = false;
439 char *cert_name = nss_cert_name(dercert);
440 CERTCertificate *cert = NULL;
441
442 DEBUGPRINTF("REMOVING cert: '%s' from: %s\n", cert_name, pdir);
443 if (NSS_Initialize(pdir, "", "", "secmod.db", 0) == SECSuccess)
444 {
445 pk11slot = PK11_GetInternalKeySlot();
446 cert = PK11_FindCertFromDERCertItem(pk11slot,
447 dercert, NULL);
448 if (cert != NULL)
449 {
450 if (SEC_DeletePermCertificate(cert) == SECSuccess)
451 {
452 success = true;
453 }
454 else
455 {
456 DEBUGPRINTF("Failed to remove certificate '%s' from '%s'!\n", cert_name, pdir);
457 }
458 CERT_DestroyCertificate(cert);
459 }
460 else
461 {
462 DEBUGPRINTF("Could not find Certificate '%s' in store '%s'.\n", cert_name, pdir);
463 }
464 PK11_FreeSlot(pk11slot);
465 NSS_Shutdown();
466 }
467 else
468 {
469 DEBUGPRINTF("Could not open nss certificate store in %s!\n", pdir);
470 }
471 free(cert_name);
472 return success;
383 } 473 }
384 474
385 /** 475 /**
386 * @brief Parse IPC commands from standard input. 476 * @brief Parse IPC commands from standard input.
387 * 477 *
450 { 540 {
451 char **pdirs; 541 char **pdirs;
452 seciteml_t *certs_to_remove = NULL; 542 seciteml_t *certs_to_remove = NULL;
453 seciteml_t *certs_to_add = NULL; 543 seciteml_t *certs_to_add = NULL;
454 SECItem *secitemp; 544 SECItem *secitemp;
455 SECStatus rv;
456 PK11SlotInfo *pk11slot = NULL;
457 char *cert_name;
458 CERTCertificate *cert = NULL;
459 545
460 pdirs = 546 pdirs =
461 get_all_profile_dirs(); 547 get_all_profile_dirs();
462 548
463 if (pdirs != NULL) 549 if (pdirs != NULL)
464 { 550 {
465 parse_commands(&certs_to_add, &certs_to_remove); 551 parse_commands(&certs_to_add, &certs_to_remove);
466 552
467 while ((secitemp = seciteml_pop(&certs_to_remove)) != NULL) 553 while ((secitemp = seciteml_pop(&certs_to_remove)) != NULL)
468 { 554 {
469 cert_name = nss_cert_name(secitemp);
470 for (int i=0; pdirs[i] != NULL; i++) 555 for (int i=0; pdirs[i] != NULL; i++)
471 { 556 {
472 puts(pdirs[i]); 557 puts(pdirs[i]);
558 if (! remove_cert(pdirs[i], secitemp))
559 return_code |= WARN_MOZ_COULD_NOT_ADD_OR_REMOVE_CERT;
560 puts("List of installed certs:");
473 nss_list_certs(pdirs[i]); 561 nss_list_certs(pdirs[i]);
474 562 }
475 printf("Will now DELETE cert: '%s' from %s\n", cert_name, pdirs[i]);
476 if (NSS_Initialize(pdirs[i], "", "", "secmod.db", 0)
477 == SECSuccess)
478 {
479 pk11slot = PK11_GetInternalKeySlot();
480 cert = PK11_FindCertFromDERCertItem(pk11slot,
481 secitemp, NULL);
482 if (cert != NULL)
483 {
484 rv = SEC_DeletePermCertificate(cert);
485 if (rv != SECSuccess)
486 {
487 DEBUGPRINTF("Failed to remove certificate '%s' from '%s'!\n", cert_name, pdirs[i]);
488 DEBUGPRINTF("Error was %d\n", rv);
489 }
490 }
491 else
492 {
493 DEBUGPRINTF("Could not find Certificate %s in store.\n", cert_name);
494 }
495 CERT_DestroyCertificate(cert);
496 PK11_FreeSlot(pk11slot);
497 NSS_Shutdown();
498 }
499 puts("List new:");
500 nss_list_certs(pdirs[i]);
501 }
502 free(cert_name);
503 free(secitemp->data); 563 free(secitemp->data);
504 free(secitemp); 564 free(secitemp);
505 } 565 }
506 566
507 while ((secitemp = seciteml_pop(&certs_to_add)) != NULL) 567 while ((secitemp = seciteml_pop(&certs_to_add)) != NULL)
508 { 568 {
509 cert_name = nss_cert_name(secitemp);
510 for (int i=0; pdirs[i] != NULL; i++) 569 for (int i=0; pdirs[i] != NULL; i++)
511 { 570 {
512 puts(pdirs[i]); 571 puts(pdirs[i]);
572 if (! import_cert(pdirs[i], secitemp))
573 return_code |= WARN_MOZ_COULD_NOT_ADD_OR_REMOVE_CERT;
513 nss_list_certs(pdirs[i]); 574 nss_list_certs(pdirs[i]);
514 575 }
515 printf("Will now ADD cert: '%s' to %s\n", cert_name, pdirs[i]);
516 if (NSS_Initialize(pdirs[i], "", "", "secmod.db", 0)
517 == SECSuccess)
518 {
519 pk11slot = PK11_GetInternalKeySlot();
520 rv = PK11_ImportDERCert(pk11slot, secitemp, CK_INVALID_HANDLE, cert_name, PR_FALSE);
521 if (rv != SECSuccess) {
522 DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdirs[i]);
523 DEBUGPRINTF("Error was %d\n", rv);
524 }
525 PK11_FreeSlot(pk11slot);
526 NSS_Shutdown();
527 }
528 puts("List new:");
529 nss_list_certs(pdirs[i]);
530 }
531 free(cert_name);
532 free(secitemp->data); 576 free(secitemp->data);
533 free(secitemp); 577 free(secitemp);
534 } 578 }
579
535 strv_free(pdirs); 580 strv_free(pdirs);
536 } 581 }
537 exit(return_code); 582 exit(return_code);
538 } 583 }

http://wald.intevation.org/projects/trustbridge/