Mercurial > trustbridge
changeset 277:22408d797c92
Factor out functions for cert install/remove.
author | Sascha Wilde <wilde@intevation.de> |
---|---|
date | Wed, 02 Apr 2014 13:10:40 +0200 |
parents | ea9c5bbc6496 |
children | 539c856cb5da |
files | cinst/mozilla.c common/errorcodes.h |
diffstat | 2 files changed, 98 insertions(+), 51 deletions(-) [+] |
line wrap: on
line diff
--- a/cinst/mozilla.c Wed Apr 02 11:48:08 2014 +0200 +++ b/cinst/mozilla.c Wed Apr 02 13:10:40 2014 +0200 @@ -383,6 +383,96 @@ } /** + * @brief Store DER certificate in mozilla store. + * @param[in] pdir the mozilla profile directory with the certificate + * store to manipulate. + * @param[in] dercert pointer to a SECItem holding the DER certificate + * to install + * @returns true on success and false on failure + */ +static bool +import_cert(char *pdir, SECItem *dercert) +{ + PK11SlotInfo *pk11slot = NULL; + bool success = false; + char *cert_name = nss_cert_name(dercert); + + DEBUGPRINTF("INSTALLING cert: '%s' to: %s\n", cert_name, pdir); + if (NSS_Initialize(pdir, "", "", "secmod.db", 0) == SECSuccess) + { + pk11slot = PK11_GetInternalKeySlot(); + if (PK11_ImportDERCert(pk11slot, dercert, CK_INVALID_HANDLE, + cert_name, PR_FALSE) + == SECSuccess) + { + success = true; + } + else + { + DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir); + } + PK11_FreeSlot(pk11slot); + NSS_Shutdown(); + } + else + { + DEBUGPRINTF("Could not open nss certificate store in %s!\n", pdir); + } + + free(cert_name); + return success; +} + +/** + * @brief Remove DER certificate from mozilla store. + * @param[in] pdir the mozilla profile directory with the certificate + * store to manipulate. + * @param[in] dercert pointer to a SECItem holding the DER certificate + * to remove + * @returns true on success and false on failure + */ +static bool +remove_cert(char *pdir, SECItem *dercert) +{ + PK11SlotInfo *pk11slot = NULL; + bool success = false; + char *cert_name = nss_cert_name(dercert); + CERTCertificate *cert = NULL; + + DEBUGPRINTF("REMOVING cert: '%s' from: %s\n", cert_name, pdir); + if (NSS_Initialize(pdir, "", "", "secmod.db", 0) == SECSuccess) + { + pk11slot = PK11_GetInternalKeySlot(); + cert = PK11_FindCertFromDERCertItem(pk11slot, + dercert, NULL); + if (cert != NULL) + { + if (SEC_DeletePermCertificate(cert) == SECSuccess) + { + success = true; + } + else + { + DEBUGPRINTF("Failed to remove certificate '%s' from '%s'!\n", cert_name, pdir); + } + CERT_DestroyCertificate(cert); + } + else + { + DEBUGPRINTF("Could not find Certificate '%s' in store '%s'.\n", cert_name, pdir); + } + PK11_FreeSlot(pk11slot); + NSS_Shutdown(); + } + else + { + DEBUGPRINTF("Could not open nss certificate store in %s!\n", pdir); + } + free(cert_name); + return success; +} + +/** * @brief Parse IPC commands from standard input. * * Reads command lines (R: and I:) from standard input and puts the @@ -452,10 +542,6 @@ seciteml_t *certs_to_remove = NULL; seciteml_t *certs_to_add = NULL; SECItem *secitemp; - SECStatus rv; - PK11SlotInfo *pk11slot = NULL; - char *cert_name; - CERTCertificate *cert = NULL; pdirs = get_all_profile_dirs(); @@ -466,72 +552,31 @@ while ((secitemp = seciteml_pop(&certs_to_remove)) != NULL) { - cert_name = nss_cert_name(secitemp); for (int i=0; pdirs[i] != NULL; i++) { puts(pdirs[i]); - nss_list_certs(pdirs[i]); - - printf("Will now DELETE cert: '%s' from %s\n", cert_name, pdirs[i]); - if (NSS_Initialize(pdirs[i], "", "", "secmod.db", 0) - == SECSuccess) - { - pk11slot = PK11_GetInternalKeySlot(); - cert = PK11_FindCertFromDERCertItem(pk11slot, - secitemp, NULL); - if (cert != NULL) - { - rv = SEC_DeletePermCertificate(cert); - if (rv != SECSuccess) - { - DEBUGPRINTF("Failed to remove certificate '%s' from '%s'!\n", cert_name, pdirs[i]); - DEBUGPRINTF("Error was %d\n", rv); - } - } - else - { - DEBUGPRINTF("Could not find Certificate %s in store.\n", cert_name); - } - CERT_DestroyCertificate(cert); - PK11_FreeSlot(pk11slot); - NSS_Shutdown(); - } - puts("List new:"); + if (! remove_cert(pdirs[i], secitemp)) + return_code |= WARN_MOZ_COULD_NOT_ADD_OR_REMOVE_CERT; + puts("List of installed certs:"); nss_list_certs(pdirs[i]); } - free(cert_name); free(secitemp->data); free(secitemp); } while ((secitemp = seciteml_pop(&certs_to_add)) != NULL) { - cert_name = nss_cert_name(secitemp); for (int i=0; pdirs[i] != NULL; i++) { puts(pdirs[i]); - nss_list_certs(pdirs[i]); - - printf("Will now ADD cert: '%s' to %s\n", cert_name, pdirs[i]); - if (NSS_Initialize(pdirs[i], "", "", "secmod.db", 0) - == SECSuccess) - { - pk11slot = PK11_GetInternalKeySlot(); - rv = PK11_ImportDERCert(pk11slot, secitemp, CK_INVALID_HANDLE, cert_name, PR_FALSE); - if (rv != SECSuccess) { - DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdirs[i]); - DEBUGPRINTF("Error was %d\n", rv); - } - PK11_FreeSlot(pk11slot); - NSS_Shutdown(); - } - puts("List new:"); + if (! import_cert(pdirs[i], secitemp)) + return_code |= WARN_MOZ_COULD_NOT_ADD_OR_REMOVE_CERT; nss_list_certs(pdirs[i]); } - free(cert_name); free(secitemp->data); free(secitemp); } + strv_free(pdirs); } exit(return_code);
--- a/common/errorcodes.h Wed Apr 02 11:48:08 2014 +0200 +++ b/common/errorcodes.h Wed Apr 02 13:10:40 2014 +0200 @@ -39,5 +39,7 @@ #define WARN_MOZ_PROFILE_DOES_NOT_EXIST 0x0092 /* Warning: no profiles found */ #define WARN_MOZ_NO_PROFILES 0x0094 +/* Warning: no profiles found */ +#define WARN_MOZ_COULD_NOT_ADD_OR_REMOVE_CERT 0x0098 #endif