Mercurial > trustbridge
comparison cinst/mozilla.c @ 277:22408d797c92
Factor out functions for cert install/remove.
| author | Sascha Wilde <wilde@intevation.de> |
|---|---|
| date | Wed, 02 Apr 2014 13:10:40 +0200 |
| parents | ea9c5bbc6496 |
| children | 539c856cb5da |
comparison
equal
deleted
inserted
replaced
| 276:ea9c5bbc6496 | 277:22408d797c92 |
|---|---|
| 378 return true; | 378 return true; |
| 379 } | 379 } |
| 380 else | 380 else |
| 381 DEBUGPRINTF("Base64 decode failed for: %s\n", b64); | 381 DEBUGPRINTF("Base64 decode failed for: %s\n", b64); |
| 382 return false; | 382 return false; |
| 383 } | |
| 384 | |
| 385 /** | |
| 386 * @brief Store DER certificate in mozilla store. | |
| 387 * @param[in] pdir the mozilla profile directory with the certificate | |
| 388 * store to manipulate. | |
| 389 * @param[in] dercert pointer to a SECItem holding the DER certificate | |
| 390 * to install | |
| 391 * @returns true on success and false on failure | |
| 392 */ | |
| 393 static bool | |
| 394 import_cert(char *pdir, SECItem *dercert) | |
| 395 { | |
| 396 PK11SlotInfo *pk11slot = NULL; | |
| 397 bool success = false; | |
| 398 char *cert_name = nss_cert_name(dercert); | |
| 399 | |
| 400 DEBUGPRINTF("INSTALLING cert: '%s' to: %s\n", cert_name, pdir); | |
| 401 if (NSS_Initialize(pdir, "", "", "secmod.db", 0) == SECSuccess) | |
| 402 { | |
| 403 pk11slot = PK11_GetInternalKeySlot(); | |
| 404 if (PK11_ImportDERCert(pk11slot, dercert, CK_INVALID_HANDLE, | |
| 405 cert_name, PR_FALSE) | |
| 406 == SECSuccess) | |
| 407 { | |
| 408 success = true; | |
| 409 } | |
| 410 else | |
| 411 { | |
| 412 DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir); | |
| 413 } | |
| 414 PK11_FreeSlot(pk11slot); | |
| 415 NSS_Shutdown(); | |
| 416 } | |
| 417 else | |
| 418 { | |
| 419 DEBUGPRINTF("Could not open nss certificate store in %s!\n", pdir); | |
| 420 } | |
| 421 | |
| 422 free(cert_name); | |
| 423 return success; | |
| 424 } | |
| 425 | |
| 426 /** | |
| 427 * @brief Remove DER certificate from mozilla store. | |
| 428 * @param[in] pdir the mozilla profile directory with the certificate | |
| 429 * store to manipulate. | |
| 430 * @param[in] dercert pointer to a SECItem holding the DER certificate | |
| 431 * to remove | |
| 432 * @returns true on success and false on failure | |
| 433 */ | |
| 434 static bool | |
| 435 remove_cert(char *pdir, SECItem *dercert) | |
| 436 { | |
| 437 PK11SlotInfo *pk11slot = NULL; | |
| 438 bool success = false; | |
| 439 char *cert_name = nss_cert_name(dercert); | |
| 440 CERTCertificate *cert = NULL; | |
| 441 | |
| 442 DEBUGPRINTF("REMOVING cert: '%s' from: %s\n", cert_name, pdir); | |
| 443 if (NSS_Initialize(pdir, "", "", "secmod.db", 0) == SECSuccess) | |
| 444 { | |
| 445 pk11slot = PK11_GetInternalKeySlot(); | |
| 446 cert = PK11_FindCertFromDERCertItem(pk11slot, | |
| 447 dercert, NULL); | |
| 448 if (cert != NULL) | |
| 449 { | |
| 450 if (SEC_DeletePermCertificate(cert) == SECSuccess) | |
| 451 { | |
| 452 success = true; | |
| 453 } | |
| 454 else | |
| 455 { | |
| 456 DEBUGPRINTF("Failed to remove certificate '%s' from '%s'!\n", cert_name, pdir); | |
| 457 } | |
| 458 CERT_DestroyCertificate(cert); | |
| 459 } | |
| 460 else | |
| 461 { | |
| 462 DEBUGPRINTF("Could not find Certificate '%s' in store '%s'.\n", cert_name, pdir); | |
| 463 } | |
| 464 PK11_FreeSlot(pk11slot); | |
| 465 NSS_Shutdown(); | |
| 466 } | |
| 467 else | |
| 468 { | |
| 469 DEBUGPRINTF("Could not open nss certificate store in %s!\n", pdir); | |
| 470 } | |
| 471 free(cert_name); | |
| 472 return success; | |
| 383 } | 473 } |
| 384 | 474 |
| 385 /** | 475 /** |
| 386 * @brief Parse IPC commands from standard input. | 476 * @brief Parse IPC commands from standard input. |
| 387 * | 477 * |
| 450 { | 540 { |
| 451 char **pdirs; | 541 char **pdirs; |
| 452 seciteml_t *certs_to_remove = NULL; | 542 seciteml_t *certs_to_remove = NULL; |
| 453 seciteml_t *certs_to_add = NULL; | 543 seciteml_t *certs_to_add = NULL; |
| 454 SECItem *secitemp; | 544 SECItem *secitemp; |
| 455 SECStatus rv; | |
| 456 PK11SlotInfo *pk11slot = NULL; | |
| 457 char *cert_name; | |
| 458 CERTCertificate *cert = NULL; | |
| 459 | 545 |
| 460 pdirs = | 546 pdirs = |
| 461 get_all_profile_dirs(); | 547 get_all_profile_dirs(); |
| 462 | 548 |
| 463 if (pdirs != NULL) | 549 if (pdirs != NULL) |
| 464 { | 550 { |
| 465 parse_commands(&certs_to_add, &certs_to_remove); | 551 parse_commands(&certs_to_add, &certs_to_remove); |
| 466 | 552 |
| 467 while ((secitemp = seciteml_pop(&certs_to_remove)) != NULL) | 553 while ((secitemp = seciteml_pop(&certs_to_remove)) != NULL) |
| 468 { | 554 { |
| 469 cert_name = nss_cert_name(secitemp); | |
| 470 for (int i=0; pdirs[i] != NULL; i++) | 555 for (int i=0; pdirs[i] != NULL; i++) |
| 471 { | 556 { |
| 472 puts(pdirs[i]); | 557 puts(pdirs[i]); |
| 558 if (! remove_cert(pdirs[i], secitemp)) | |
| 559 return_code |= WARN_MOZ_COULD_NOT_ADD_OR_REMOVE_CERT; | |
| 560 puts("List of installed certs:"); | |
| 473 nss_list_certs(pdirs[i]); | 561 nss_list_certs(pdirs[i]); |
| 474 | 562 } |
| 475 printf("Will now DELETE cert: '%s' from %s\n", cert_name, pdirs[i]); | |
| 476 if (NSS_Initialize(pdirs[i], "", "", "secmod.db", 0) | |
| 477 == SECSuccess) | |
| 478 { | |
| 479 pk11slot = PK11_GetInternalKeySlot(); | |
| 480 cert = PK11_FindCertFromDERCertItem(pk11slot, | |
| 481 secitemp, NULL); | |
| 482 if (cert != NULL) | |
| 483 { | |
| 484 rv = SEC_DeletePermCertificate(cert); | |
| 485 if (rv != SECSuccess) | |
| 486 { | |
| 487 DEBUGPRINTF("Failed to remove certificate '%s' from '%s'!\n", cert_name, pdirs[i]); | |
| 488 DEBUGPRINTF("Error was %d\n", rv); | |
| 489 } | |
| 490 } | |
| 491 else | |
| 492 { | |
| 493 DEBUGPRINTF("Could not find Certificate %s in store.\n", cert_name); | |
| 494 } | |
| 495 CERT_DestroyCertificate(cert); | |
| 496 PK11_FreeSlot(pk11slot); | |
| 497 NSS_Shutdown(); | |
| 498 } | |
| 499 puts("List new:"); | |
| 500 nss_list_certs(pdirs[i]); | |
| 501 } | |
| 502 free(cert_name); | |
| 503 free(secitemp->data); | 563 free(secitemp->data); |
| 504 free(secitemp); | 564 free(secitemp); |
| 505 } | 565 } |
| 506 | 566 |
| 507 while ((secitemp = seciteml_pop(&certs_to_add)) != NULL) | 567 while ((secitemp = seciteml_pop(&certs_to_add)) != NULL) |
| 508 { | 568 { |
| 509 cert_name = nss_cert_name(secitemp); | |
| 510 for (int i=0; pdirs[i] != NULL; i++) | 569 for (int i=0; pdirs[i] != NULL; i++) |
| 511 { | 570 { |
| 512 puts(pdirs[i]); | 571 puts(pdirs[i]); |
| 572 if (! import_cert(pdirs[i], secitemp)) | |
| 573 return_code |= WARN_MOZ_COULD_NOT_ADD_OR_REMOVE_CERT; | |
| 513 nss_list_certs(pdirs[i]); | 574 nss_list_certs(pdirs[i]); |
| 514 | 575 } |
| 515 printf("Will now ADD cert: '%s' to %s\n", cert_name, pdirs[i]); | |
| 516 if (NSS_Initialize(pdirs[i], "", "", "secmod.db", 0) | |
| 517 == SECSuccess) | |
| 518 { | |
| 519 pk11slot = PK11_GetInternalKeySlot(); | |
| 520 rv = PK11_ImportDERCert(pk11slot, secitemp, CK_INVALID_HANDLE, cert_name, PR_FALSE); | |
| 521 if (rv != SECSuccess) { | |
| 522 DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdirs[i]); | |
| 523 DEBUGPRINTF("Error was %d\n", rv); | |
| 524 } | |
| 525 PK11_FreeSlot(pk11slot); | |
| 526 NSS_Shutdown(); | |
| 527 } | |
| 528 puts("List new:"); | |
| 529 nss_list_certs(pdirs[i]); | |
| 530 } | |
| 531 free(cert_name); | |
| 532 free(secitemp->data); | 576 free(secitemp->data); |
| 533 free(secitemp); | 577 free(secitemp); |
| 534 } | 578 } |
| 579 | |
| 535 strv_free(pdirs); | 580 strv_free(pdirs); |
| 536 } | 581 } |
| 537 exit(return_code); | 582 exit(return_code); |
| 538 } | 583 } |