changeset 263:1fa607af6332

Next baby step: we can import certificates!
author Sascha Wilde <wilde@intevation.de>
date Tue, 01 Apr 2014 17:38:27 +0200 (2014-04-01)
parents 7707191ddb01
children daad3431b930
files cinst/mozilla.c
diffstat 1 files changed, 29 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/cinst/mozilla.c	Tue Apr 01 16:32:35 2014 +0200
+++ b/cinst/mozilla.c	Tue Apr 01 17:38:27 2014 +0200
@@ -330,7 +330,7 @@
       NSS_Shutdown();
     }
   else
-    DEBUGPRINTF("Could not open nss cer store in %s!", confdir);
+    DEBUGPRINTF("Could not open nss certificate store in %s!\n", confdir);
 }
 
 /**
@@ -443,6 +443,9 @@
   seciteml_t *certs_to_remove = NULL;
   seciteml_t *certs_to_add = NULL;
   SECItem *secitemp;
+  SECStatus rv;
+  PK11SlotInfo *pk11slot = NULL;
+  CERTCertificate *cert = NULL;
   char *cert_name;
 
   pdirs =
@@ -460,20 +463,38 @@
           free(secitemp->data);
           free(secitemp);
         }
+
       while ((secitemp = seciteml_pop(&certs_to_add)) != NULL)
         {
           cert_name = nss_cert_name(secitemp);
-          printf("Request to ADD cert: %s\n", cert_name);
+          for (int i=0; pdirs[i] != NULL; i++)
+            {
+              puts(pdirs[i]);
+              nss_list_certs(pdirs[i]);
+
+              printf("Will now ADD cert: '%s' to %s\n", cert_name, pdirs[i]);
+              if (NSS_Initialize(pdirs[i], "", "", "secmod.db", 0)
+                  == SECSuccess)
+                {
+                  pk11slot = PK11_GetInternalKeySlot();
+                  cert = CERT_DecodeCertFromPackage((char *)secitemp->data, (int)secitemp->len);
+                  rv = PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE, cert_name, PR_FALSE);
+                  if (rv != SECSuccess) {
+                    DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdirs[i]);
+                    DEBUGPRINTF("Error was %d\n", rv);
+                  }
+                  CERT_DestroyCertificate(cert);
+                  cert = NULL;
+                  PK11_FreeSlot(pk11slot);
+                  NSS_Shutdown();
+                }
+              puts("List new:");
+              nss_list_certs(pdirs[i]);
+            }
           free(cert_name);
           free(secitemp->data);
           free(secitemp);
         }
-
-      for (int i=0; pdirs[i] != NULL; i++)
-        {
-          puts(pdirs[i]);
-          nss_list_certs(pdirs[i]);
-        }
       strv_free(pdirs);
     }
   exit(return_code);

http://wald.intevation.org/projects/trustbridge/