changeset 269:f7471604bb31

Deletion of certificates implemented. We are feature complete! Only some cleanup, refactoring and stabilisation to do...
author Sascha Wilde <wilde@intevation.de>
date Wed, 02 Apr 2014 10:30:49 +0200
parents a7c6a21aba38
children 9d2ac9b6a5b0
files cinst/mozilla.c
diffstat 1 files changed, 36 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/cinst/mozilla.c	Tue Apr 01 19:10:05 2014 +0200
+++ b/cinst/mozilla.c	Wed Apr 02 10:30:49 2014 +0200
@@ -43,9 +43,10 @@
 /* REMOVEME: */
 #include <unistd.h>
 
+#include <cert.h>
+#include <certdb.h>
+#include <certt.h>
 #include <dirent.h>
-#include <cert.h>
-#include <certt.h>
 #include <nss.h>
 #include <pk11pub.h>
 #include <stdbool.h>
@@ -446,6 +447,7 @@
   SECStatus rv;
   PK11SlotInfo *pk11slot = NULL;
   char *cert_name;
+  CERTCertificate *cert = NULL;
 
   pdirs =
     get_all_profile_dirs();
@@ -457,7 +459,38 @@
       while ((secitemp = seciteml_pop(&certs_to_remove)) != NULL)
         {
           cert_name = nss_cert_name(secitemp);
-          printf("Request to REMOVE cert: %s\n", cert_name);
+          for (int i=0; pdirs[i] != NULL; i++)
+            {
+              puts(pdirs[i]);
+              nss_list_certs(pdirs[i]);
+
+              printf("Will now DELETE cert: '%s' from %s\n", cert_name, pdirs[i]);
+              if (NSS_Initialize(pdirs[i], "", "", "secmod.db", 0)
+                  == SECSuccess)
+                {
+                  pk11slot = PK11_GetInternalKeySlot();
+                  cert = PK11_FindCertFromDERCertItem(pk11slot,
+                                                      secitemp, NULL);
+                  if (cert != NULL)
+                    {
+                      rv = SEC_DeletePermCertificate(cert);
+                      if (rv != SECSuccess)
+                        {
+                          DEBUGPRINTF("Failed to remove certificate '%s' from '%s'!\n", cert_name, pdirs[i]);
+                          DEBUGPRINTF("Error was %d\n", rv);
+                        }
+                    }
+                  else
+                    {
+                      DEBUGPRINTF("Could not find Certificate %s in store.\n", cert_name);
+                    }
+                  CERT_DestroyCertificate(cert);
+                  PK11_FreeSlot(pk11slot);
+                  NSS_Shutdown();
+                }
+              puts("List new:");
+              nss_list_certs(pdirs[i]);
+            }
           free(cert_name);
           free(secitemp->data);
           free(secitemp);

http://wald.intevation.org/projects/trustbridge/