Mercurial > trustbridge
comparison cinst/mozilla.c @ 1012:a80abef948fa
(issue86) Initialize NSS db with empty pin in case it needs it.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Tue, 02 Sep 2014 15:20:24 +0200 |
| parents | 1cd1bfe82fc2 |
| children | 78798d3af8f0 |
comparison
equal
deleted
inserted
replaced
| 1011:9c4543128666 | 1012:a80abef948fa |
|---|---|
| 59 #include <certdb.h> | 59 #include <certdb.h> |
| 60 #include <certt.h> | 60 #include <certt.h> |
| 61 #include <dirent.h> | 61 #include <dirent.h> |
| 62 #include <nss.h> | 62 #include <nss.h> |
| 63 #include <pk11pub.h> | 63 #include <pk11pub.h> |
| 64 #include <secerr.h> | |
| 64 #include <stdbool.h> | 65 #include <stdbool.h> |
| 65 #include <stdio.h> | 66 #include <stdio.h> |
| 66 #include <stdlib.h> | 67 #include <stdlib.h> |
| 67 #include <string.h> | 68 #include <string.h> |
| 68 #include <sys/types.h> | 69 #include <sys/types.h> |
| 620 pk11slot = PK11_GetInternalKeySlot(); | 621 pk11slot = PK11_GetInternalKeySlot(); |
| 621 cert = CERT_DecodeCertFromPackage((char *)dercert->data, | 622 cert = CERT_DecodeCertFromPackage((char *)dercert->data, |
| 622 (int)dercert->len); | 623 (int)dercert->len); |
| 623 trust = (CERTCertTrust *)xmalloc(sizeof(CERTCertTrust)); | 624 trust = (CERTCertTrust *)xmalloc(sizeof(CERTCertTrust)); |
| 624 CERT_DecodeTrustString(trust, "C,C,C"); | 625 CERT_DecodeTrustString(trust, "C,C,C"); |
| 625 if ((PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE, | 626 if (PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE, |
| 626 cert_name, PR_FALSE) | 627 cert_name, PR_FALSE) == SECSuccess) |
| 627 == SECSuccess) && | 628 { |
| 628 (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust) | 629 if(CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust) == SECSuccess) |
| 629 == SECSuccess)) | 630 { |
| 630 { | 631 log_certificate_der (pdir, dercert->data, dercert->len, true); |
| 631 log_certificate_der (pdir, dercert->data, dercert->len, true); | 632 success = true; |
| 632 success = true; | 633 } |
| 633 } | 634 } |
| 634 else | 635 /* This could have happened on either the import cert or |
| 636 the cert change trust. If Import Cert fails with that | |
| 637 error the certificate has in fact been added but with | |
| 638 random trist bits. See NSS Bug 595861. | |
| 639 Reference code can be found in gnome evolution under | |
| 640 smime/lib/e-cert-db.c */ | |
| 641 if(PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN) | |
| 642 { | |
| 643 if (PK11_NeedUserInit (pk11slot)) | |
| 644 { | |
| 645 PK11_InitPin (pk11slot, "", ""); | |
| 646 } | |
| 647 if (PK11_Authenticate (pk11slot, PR_TRUE, NULL) != SECSuccess) | |
| 648 { | |
| 649 DEBUGPRINTF("Failed to authenticate.\n"); | |
| 650 } | |
| 651 else if(CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust) == SECSuccess) | |
| 652 { | |
| 653 log_certificate_der (pdir, dercert->data, dercert->len, true); | |
| 654 success = true; | |
| 655 } | |
| 656 } | |
| 657 | |
| 658 if (!success) | |
| 635 { | 659 { |
| 636 DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir); | 660 DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir); |
| 637 ERRORPRINTF("Error installing certificate err: %i\n", PORT_GetError()); | 661 ERRORPRINTF("Error installing certificate err: %i\n", PORT_GetError()); |
| 638 } | 662 } |
| 639 CERT_DestroyCertificate (cert); | 663 CERT_DestroyCertificate (cert); |