# HG changeset patch # User Sascha Wilde # Date 1396366707 -7200 # Node ID 1fa607af6332a41a33781729c2cd4ba687347a39 # Parent 7707191ddb01e4f8fb3bef0cc668f3f65d54005e Next baby step: we can import certificates! diff -r 7707191ddb01 -r 1fa607af6332 cinst/mozilla.c --- a/cinst/mozilla.c Tue Apr 01 16:32:35 2014 +0200 +++ b/cinst/mozilla.c Tue Apr 01 17:38:27 2014 +0200 @@ -330,7 +330,7 @@ NSS_Shutdown(); } else - DEBUGPRINTF("Could not open nss cer store in %s!", confdir); + DEBUGPRINTF("Could not open nss certificate store in %s!\n", confdir); } /** @@ -443,6 +443,9 @@ seciteml_t *certs_to_remove = NULL; seciteml_t *certs_to_add = NULL; SECItem *secitemp; + SECStatus rv; + PK11SlotInfo *pk11slot = NULL; + CERTCertificate *cert = NULL; char *cert_name; pdirs = @@ -460,20 +463,38 @@ free(secitemp->data); free(secitemp); } + while ((secitemp = seciteml_pop(&certs_to_add)) != NULL) { cert_name = nss_cert_name(secitemp); - printf("Request to ADD cert: %s\n", cert_name); + for (int i=0; pdirs[i] != NULL; i++) + { + puts(pdirs[i]); + nss_list_certs(pdirs[i]); + + printf("Will now ADD cert: '%s' to %s\n", cert_name, pdirs[i]); + if (NSS_Initialize(pdirs[i], "", "", "secmod.db", 0) + == SECSuccess) + { + pk11slot = PK11_GetInternalKeySlot(); + cert = CERT_DecodeCertFromPackage((char *)secitemp->data, (int)secitemp->len); + rv = PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE, cert_name, PR_FALSE); + if (rv != SECSuccess) { + DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdirs[i]); + DEBUGPRINTF("Error was %d\n", rv); + } + CERT_DestroyCertificate(cert); + cert = NULL; + PK11_FreeSlot(pk11slot); + NSS_Shutdown(); + } + puts("List new:"); + nss_list_certs(pdirs[i]); + } free(cert_name); free(secitemp->data); free(secitemp); } - - for (int i=0; pdirs[i] != NULL; i++) - { - puts(pdirs[i]); - nss_list_certs(pdirs[i]); - } strv_free(pdirs); } exit(return_code);