changeset 277:22408d797c92

Factor out functions for cert install/remove.
author Sascha Wilde <wilde@intevation.de>
date Wed, 02 Apr 2014 13:10:40 +0200
parents ea9c5bbc6496
children 539c856cb5da
files cinst/mozilla.c common/errorcodes.h
diffstat 2 files changed, 98 insertions(+), 51 deletions(-) [+]
line wrap: on
line diff
--- a/cinst/mozilla.c	Wed Apr 02 11:48:08 2014 +0200
+++ b/cinst/mozilla.c	Wed Apr 02 13:10:40 2014 +0200
@@ -383,6 +383,96 @@
 }
 
 /**
+ * @brief Store DER certificate in mozilla store.
+ * @param[in] pdir the mozilla profile directory with the certificate
+ * store to manipulate.
+ * @param[in] dercert pointer to a SECItem holding the DER certificate
+ * to install
+ * @returns true on success and false on failure
+ */
+static bool
+import_cert(char *pdir, SECItem *dercert)
+{
+  PK11SlotInfo *pk11slot = NULL;
+  bool success = false;
+  char *cert_name = nss_cert_name(dercert);
+
+  DEBUGPRINTF("INSTALLING cert: '%s' to: %s\n", cert_name, pdir);
+  if (NSS_Initialize(pdir, "", "", "secmod.db", 0) == SECSuccess)
+    {
+      pk11slot = PK11_GetInternalKeySlot();
+      if (PK11_ImportDERCert(pk11slot, dercert, CK_INVALID_HANDLE,
+                             cert_name, PR_FALSE)
+          == SECSuccess)
+        {
+          success = true;
+        }
+      else
+        {
+          DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir);
+        }
+      PK11_FreeSlot(pk11slot);
+      NSS_Shutdown();
+    }
+  else
+    {
+      DEBUGPRINTF("Could not open nss certificate store in %s!\n", pdir);
+    }
+
+  free(cert_name);
+  return success;
+}
+
+/**
+ * @brief Remove DER certificate from mozilla store.
+ * @param[in] pdir the mozilla profile directory with the certificate
+ * store to manipulate.
+ * @param[in] dercert pointer to a SECItem holding the DER certificate
+ * to remove
+ * @returns true on success and false on failure
+ */
+static bool
+remove_cert(char *pdir, SECItem *dercert)
+{
+  PK11SlotInfo *pk11slot = NULL;
+  bool success = false;
+  char *cert_name = nss_cert_name(dercert);
+  CERTCertificate *cert = NULL;
+
+  DEBUGPRINTF("REMOVING cert: '%s' from: %s\n", cert_name, pdir);
+  if (NSS_Initialize(pdir, "", "", "secmod.db", 0) == SECSuccess)
+    {
+      pk11slot = PK11_GetInternalKeySlot();
+      cert = PK11_FindCertFromDERCertItem(pk11slot,
+                                          dercert, NULL);
+      if (cert != NULL)
+        {
+          if (SEC_DeletePermCertificate(cert) == SECSuccess)
+            {
+              success = true;
+            }
+          else
+            {
+              DEBUGPRINTF("Failed to remove certificate '%s' from '%s'!\n", cert_name, pdir);
+            }
+          CERT_DestroyCertificate(cert);
+        }
+      else
+        {
+          DEBUGPRINTF("Could not find Certificate '%s' in store '%s'.\n", cert_name, pdir);
+        }
+      PK11_FreeSlot(pk11slot);
+      NSS_Shutdown();
+    }
+  else
+    {
+      DEBUGPRINTF("Could not open nss certificate store in %s!\n", pdir);
+    }
+  free(cert_name);
+  return success;
+}
+
+/**
  * @brief Parse IPC commands from standard input.
  *
  * Reads command lines (R: and I:) from standard input and puts the
@@ -452,10 +542,6 @@
   seciteml_t *certs_to_remove = NULL;
   seciteml_t *certs_to_add = NULL;
   SECItem *secitemp;
-  SECStatus rv;
-  PK11SlotInfo *pk11slot = NULL;
-  char *cert_name;
-  CERTCertificate *cert = NULL;
 
   pdirs =
     get_all_profile_dirs();
@@ -466,72 +552,31 @@
 
       while ((secitemp = seciteml_pop(&certs_to_remove)) != NULL)
         {
-          cert_name = nss_cert_name(secitemp);
           for (int i=0; pdirs[i] != NULL; i++)
             {
               puts(pdirs[i]);
-              nss_list_certs(pdirs[i]);
-
-              printf("Will now DELETE cert: '%s' from %s\n", cert_name, pdirs[i]);
-              if (NSS_Initialize(pdirs[i], "", "", "secmod.db", 0)
-                  == SECSuccess)
-                {
-                  pk11slot = PK11_GetInternalKeySlot();
-                  cert = PK11_FindCertFromDERCertItem(pk11slot,
-                                                      secitemp, NULL);
-                  if (cert != NULL)
-                    {
-                      rv = SEC_DeletePermCertificate(cert);
-                      if (rv != SECSuccess)
-                        {
-                          DEBUGPRINTF("Failed to remove certificate '%s' from '%s'!\n", cert_name, pdirs[i]);
-                          DEBUGPRINTF("Error was %d\n", rv);
-                        }
-                    }
-                  else
-                    {
-                      DEBUGPRINTF("Could not find Certificate %s in store.\n", cert_name);
-                    }
-                  CERT_DestroyCertificate(cert);
-                  PK11_FreeSlot(pk11slot);
-                  NSS_Shutdown();
-                }
-              puts("List new:");
+              if (! remove_cert(pdirs[i], secitemp))
+                return_code |= WARN_MOZ_COULD_NOT_ADD_OR_REMOVE_CERT;
+              puts("List of installed certs:");
               nss_list_certs(pdirs[i]);
             }
-          free(cert_name);
           free(secitemp->data);
           free(secitemp);
         }
 
       while ((secitemp = seciteml_pop(&certs_to_add)) != NULL)
         {
-          cert_name = nss_cert_name(secitemp);
           for (int i=0; pdirs[i] != NULL; i++)
             {
               puts(pdirs[i]);
-              nss_list_certs(pdirs[i]);
-
-              printf("Will now ADD cert: '%s' to %s\n", cert_name, pdirs[i]);
-              if (NSS_Initialize(pdirs[i], "", "", "secmod.db", 0)
-                  == SECSuccess)
-                {
-                  pk11slot = PK11_GetInternalKeySlot();
-                  rv = PK11_ImportDERCert(pk11slot, secitemp, CK_INVALID_HANDLE, cert_name, PR_FALSE);
-                  if (rv != SECSuccess) {
-                    DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdirs[i]);
-                    DEBUGPRINTF("Error was %d\n", rv);
-                  }
-                  PK11_FreeSlot(pk11slot);
-                  NSS_Shutdown();
-                }
-              puts("List new:");
+              if (! import_cert(pdirs[i], secitemp))
+                return_code |= WARN_MOZ_COULD_NOT_ADD_OR_REMOVE_CERT;
               nss_list_certs(pdirs[i]);
             }
-          free(cert_name);
           free(secitemp->data);
           free(secitemp);
         }
+
       strv_free(pdirs);
     }
   exit(return_code);
--- a/common/errorcodes.h	Wed Apr 02 11:48:08 2014 +0200
+++ b/common/errorcodes.h	Wed Apr 02 13:10:40 2014 +0200
@@ -39,5 +39,7 @@
 #define WARN_MOZ_PROFILE_DOES_NOT_EXIST 0x0092
 /* Warning: no profiles found */
 #define WARN_MOZ_NO_PROFILES 0x0094
+/* Warning: no profiles found */
+#define WARN_MOZ_COULD_NOT_ADD_OR_REMOVE_CERT 0x0098
 
 #endif

http://wald.intevation.org/projects/trustbridge/