Mercurial > trustbridge
changeset 263:1fa607af6332
Next baby step: we can import certificates!
author | Sascha Wilde <wilde@intevation.de> |
---|---|
date | Tue, 01 Apr 2014 17:38:27 +0200 |
parents | 7707191ddb01 |
children | daad3431b930 |
files | cinst/mozilla.c |
diffstat | 1 files changed, 29 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/cinst/mozilla.c Tue Apr 01 16:32:35 2014 +0200 +++ b/cinst/mozilla.c Tue Apr 01 17:38:27 2014 +0200 @@ -330,7 +330,7 @@ NSS_Shutdown(); } else - DEBUGPRINTF("Could not open nss cer store in %s!", confdir); + DEBUGPRINTF("Could not open nss certificate store in %s!\n", confdir); } /** @@ -443,6 +443,9 @@ seciteml_t *certs_to_remove = NULL; seciteml_t *certs_to_add = NULL; SECItem *secitemp; + SECStatus rv; + PK11SlotInfo *pk11slot = NULL; + CERTCertificate *cert = NULL; char *cert_name; pdirs = @@ -460,20 +463,38 @@ free(secitemp->data); free(secitemp); } + while ((secitemp = seciteml_pop(&certs_to_add)) != NULL) { cert_name = nss_cert_name(secitemp); - printf("Request to ADD cert: %s\n", cert_name); + for (int i=0; pdirs[i] != NULL; i++) + { + puts(pdirs[i]); + nss_list_certs(pdirs[i]); + + printf("Will now ADD cert: '%s' to %s\n", cert_name, pdirs[i]); + if (NSS_Initialize(pdirs[i], "", "", "secmod.db", 0) + == SECSuccess) + { + pk11slot = PK11_GetInternalKeySlot(); + cert = CERT_DecodeCertFromPackage((char *)secitemp->data, (int)secitemp->len); + rv = PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE, cert_name, PR_FALSE); + if (rv != SECSuccess) { + DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdirs[i]); + DEBUGPRINTF("Error was %d\n", rv); + } + CERT_DestroyCertificate(cert); + cert = NULL; + PK11_FreeSlot(pk11slot); + NSS_Shutdown(); + } + puts("List new:"); + nss_list_certs(pdirs[i]); + } free(cert_name); free(secitemp->data); free(secitemp); } - - for (int i=0; pdirs[i] != NULL; i++) - { - puts(pdirs[i]); - nss_list_certs(pdirs[i]); - } strv_free(pdirs); } exit(return_code);