Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Land BOB_WORK_BRANCH unto the tip.
remove lots of depricated files.
move some files to appropriate directories (pcertdb *_rand
associated headers to soft token, for instance)
rename several stan files which had the same name as other nss files.
remove depricated functions.
  • Loading branch information
relyea%netscape.com committed Nov 8, 2001
1 parent 7390fc3 commit dfa2034
Show file tree
Hide file tree
Showing 147 changed files with 14,593 additions and 19,513 deletions.
64 changes: 58 additions & 6 deletions security/nss/cmd/certutil/certutil.c
Expand Up @@ -272,7 +272,7 @@ GetYesNo(char *prompt)

static SECStatus
AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts,
PRFileDesc *inFile, PRBool ascii, PRBool emailcert)
PRFileDesc *inFile, PRBool ascii, PRBool emailcert, void *pwdata)
{
CERTCertTrust *trust = NULL;
CERTCertificate *cert = NULL, *tempCert = NULL;
Expand Down Expand Up @@ -308,6 +308,7 @@ AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts,
GEN_BREAK(SECFailure);
}

#ifdef notdef
/* CERT_ImportCert only collects certificates and returns the
* first certficate. It does not insert these certificates into
* the dbase. For now, just call CERT_NewTempCertificate.
Expand All @@ -320,6 +321,7 @@ AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts,

if (!PK11_IsInternal(slot)) {
tempCert->trust = trust;

rv = PK11_ImportCertForKeyToSlot(slot, tempCert, name,
PR_FALSE, NULL);
}
Expand All @@ -337,9 +339,36 @@ AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts,

if ( emailcert )
CERT_SaveSMimeProfile(tempCert, NULL, NULL);
#else
cert->trust = trust;
rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
if (rv != SECSuccess) {
SECU_PrintError(progName, "could authenticate to token or database");
GEN_BREAK(SECFailure);
}

rv = PK11_ImportCert(slot, cert, CK_INVALID_HANDLE, name, PR_FALSE);
if (rv != SECSuccess) {
SECU_PrintError(progName, "could not add certificate to token or database");
GEN_BREAK(SECFailure);
}

rv = CERT_ChangeCertTrust(handle, cert, trust);
if (rv != SECSuccess) {
SECU_PrintError(progName, "could not change trust on certificate");
GEN_BREAK(SECFailure);
}

if ( emailcert ) {
CERT_SaveSMimeProfile(cert, NULL, pwdata);
}

#endif
} while (0);

#ifdef notdef
CERT_DestroyCertificate (tempCert);
#endif
CERT_DestroyCertificate (cert);
PORT_Free(trust);
PORT_Free(certDER.data);
Expand Down Expand Up @@ -525,8 +554,8 @@ printCertCB(CERTCertificate *cert, void *arg)
if (trust) {
SECU_PrintTrustFlags(stdout, trust,
"Certificate Trust Flags", 1);
} else {
SECU_PrintTrustFlags(stdout, &cert->dbEntry->trust,
} else if (cert->trust) {
SECU_PrintTrustFlags(stdout, cert->trust,
"Certificate Trust Flags", 1);
}

Expand All @@ -544,6 +573,7 @@ listCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot,
PRInt32 numBytes;
SECStatus rv;

#ifdef nodef
/* For now, split handling of slot to internal vs. other. slot should
* probably be allowed to be NULL so that all slots can be listed.
* In that case, need to add a call to PK11_TraverseSlotCerts().
Expand Down Expand Up @@ -584,8 +614,9 @@ listCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot,
NULL);
}
} else {
#endif
/* List certs on a non-internal slot. */
if (PK11_NeedLogin(slot))
if ( !PK11_IsFriendly(slot) && PK11_NeedLogin(slot))
PK11_Authenticate(slot, PR_TRUE, pwarg);
if (name) {
CERTCertificate *the_cert;
Expand All @@ -594,15 +625,32 @@ listCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot,
SECU_PrintError(progName, "Could not find: %s\n", name);
return SECFailure;
}
rv = printCertCB(the_cert, the_cert->trust);
data.data = the_cert->derCert.data;
data.len = the_cert->derCert.len;
if (ascii) {
PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER,
BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER);
rv = SECSuccess;
} else if (raw) {
numBytes = PR_Write(outfile, data.data, data.len);
if (numBytes != data.len) {
SECU_PrintSystemError(progName, "error writing raw cert");
rv = SECFailure;
}
rv = SECSuccess;
} else {
rv = printCertCB(the_cert, the_cert->trust);
}
} else {
rv = PK11_TraverseCertsInSlot(slot, SECU_PrintCertNickname, stdout);
}
if (rv) {
SECU_PrintError(progName, "problem printing certificate nicknames");
return SECFailure;
}
#ifdef notdef
}
#endif

return SECSuccess; /* not rv ?? */
}
Expand Down Expand Up @@ -2690,7 +2738,7 @@ main(int argc, char **argv)
certutil.options[opt_Trust].arg,
inFile,
certutil.options[opt_ASCIIForIO].activated,
certutil.commands[cmd_AddEmailCert].activated);
certutil.commands[cmd_AddEmailCert].activated,&pwdata);
if (rv)
return 255;
}
Expand All @@ -2701,9 +2749,13 @@ main(int argc, char **argv)
PR_Delete(certreqfile);
}

#ifdef notdef
if ( certHandle ) {
CERT_ClosePermCertDB(certHandle);
}
#else
NSS_Shutdown();
#endif

return rv;
}
21 changes: 5 additions & 16 deletions security/nss/cmd/crlutil/crlutil.c
Expand Up @@ -64,7 +64,7 @@ static CERTSignedCrl *FindCRL
return ((CERTSignedCrl *)NULL);
}

crl = SEC_FindCrlByKey(certHandle, &cert->derSubject, type);
crl = SEC_FindCrlByName(certHandle, &cert->derSubject, type);
if (crl ==NULL)
SECU_PrintError
(progName, "could not find %s's CRL", name);
Expand All @@ -81,7 +81,7 @@ static void DisplayCRL (CERTCertDBHandle *certHandle, char *nickName, int crlTyp

if (crl) {
SECU_PrintCRLInfo (stdout, &crl->crl, "CRL Info:\n", 0);
CERT_DestroyCrl (crl);
SEC_DestroyCrl (crl);
}
}

Expand Down Expand Up @@ -124,18 +124,15 @@ static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType)
fprintf (stdout, "\n");
fprintf (stdout, "\n%-40s %-5s\n\n", "CRL names", "CRL Type");
while (crlNode) {
mark = PORT_ArenaMark (arena);
rv = SEC_ASN1DecodeItem
(arena, name, CERT_NameTemplate, &(crlNode->crl->crl.derName));
if (!name){
name = &crlNode->crl->crl.name;
if (!name){
fprintf(stderr, "%s: fail to get the CRL issuer name\n", progName,
SECU_Strerror(PORT_GetError()));
break;
}

fprintf (stdout, "\n%-40s %-5s\n", CERT_NameToAscii(name), "CRL");
crlNode = crlNode->next;
PORT_ArenaRelease (arena, mark);
}

} while (0);
Expand Down Expand Up @@ -172,14 +169,6 @@ static SECStatus DeleteCRL (CERTCertDBHandle *certHandle, char *name, int type)
name, SECU_Strerror(PORT_GetError()));
return SECFailure;
}

rv = SEC_DeleteTempCrl (crl);
if (rv != SECSuccess) {
SECU_PrintError
(progName, "fail to delete the issuer %s's CRL from the temp dbase (reason: %s)",
name, SECU_Strerror(PORT_GetError()));
return SECFailure;
}
return (rv);
}

Expand Down Expand Up @@ -214,7 +203,7 @@ SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type,
(progName, "unable to import CRL");
}
PORT_Free (crlDER.data);
CERT_DestroyCrl (crl);
SEC_DestroyCrl (crl);
return (rv);
}

Expand Down
2 changes: 1 addition & 1 deletion security/nss/cmd/crlutil/manifest.mn
Expand Up @@ -50,4 +50,4 @@ CSRCS = crlutil.c
# PROGRAM = ./$(OBJDIR)/crlutil.exe
PROGRAM = crlutil

USE_STATIC_LIBS = 1
#USE_STATIC_LIBS = 1
2 changes: 1 addition & 1 deletion security/nss/cmd/lib/seccnames.c
Expand Up @@ -82,7 +82,7 @@ sec_CollectCertNamesAndTrust(CERTCertificate *cert, SECItem *unknown, void *arg)
int i;

i = pCertNames->numCerts;
name = cert->dbEntry->nickname ? cert->dbEntry->nickname : cert->emailAddr;
name = cert->nickname ? cert->nickname : cert->emailAddr;

if (name)
pCertNames->nameAndTrustEntries[i].name = PORT_Strdup(name);
Expand Down
15 changes: 0 additions & 15 deletions security/nss/cmd/lib/secutil.c
Expand Up @@ -1518,20 +1518,6 @@ SECU_PrintCertNickname(CERTCertificate *cert, void *data)
PORT_Memset (trusts, 0, sizeof (trusts));
out = (FILE *)data;

if ( cert->dbEntry ) {
name = cert->dbEntry->nickname;
if ( name == NULL ) {
name = cert->emailAddr;
}

trust = &cert->dbEntry->trust;
printflags(trusts, trust->sslFlags);
PORT_Strcat(trusts, ",");
printflags(trusts, trust->emailFlags);
PORT_Strcat(trusts, ",");
printflags(trusts, trust->objectSigningFlags);
fprintf(out, "%-60s %-5s\n", name, trusts);
} else {
name = cert->nickname;
if ( name == NULL ) {
name = cert->emailAddr;
Expand All @@ -1548,7 +1534,6 @@ SECU_PrintCertNickname(CERTCertificate *cert, void *data)
PORT_Memcpy(trusts,",,",3);
}
fprintf(out, "%-60s %-5s\n", name, trusts);
}

return (SECSuccess);
}
Expand Down
5 changes: 3 additions & 2 deletions security/nss/cmd/modutil/manifest.mn
Expand Up @@ -54,6 +54,7 @@ REQUIRES = seccmd security dbm

DEFINES = -DNSPR20

INCLUDES =
# sigh
INCLUDES += -I$(CORE_DEPTH)/nss/lib/pk11wrap

USE_STATIC_LIBS = 1
USE_STATIC_LIBS = 1
38 changes: 33 additions & 5 deletions security/nss/cmd/modutil/modutil.c
Expand Up @@ -57,6 +57,7 @@ typedef enum {
JAR_COMMAND,
LIST_COMMAND,
RAW_LIST_COMMAND,
RAW_ADD_COMMAND,
UNDEFAULT_COMMAND
} Command;

Expand All @@ -74,13 +75,15 @@ static char *commandNames[] = {
"-jar",
"-list",
"-rawlist",
"-rawadd",
"-undefault"
};


/* this enum must be kept in sync with the optionStrings list */
typedef enum {
ADD_ARG=0,
RAW_ADD_ARG,
CHANGEPW_ARG,
CIPHERS_ARG,
CREATE_ARG,
Expand Down Expand Up @@ -112,6 +115,7 @@ typedef enum {
/* This list must be kept in sync with the Arg enum */
static char *optionStrings[] = {
"-add",
"-rawadd",
"-changepw",
"-ciphers",
"-create",
Expand Down Expand Up @@ -150,6 +154,7 @@ static Command command = NO_COMMAND;
static char* pwFile = NULL;
static char* newpwFile = NULL;
static char* moduleName = NULL;
static char* moduleSpec = NULL;
static char* slotName = NULL;
static char* secmodName = NULL;
static char* tokenName = NULL;
Expand Down Expand Up @@ -398,6 +403,18 @@ parse_args(int argc, char *argv[])
moduleName = argv[++i];
}
break;
case RAW_ADD_ARG:
if(command != NO_COMMAND) {
PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
return MULTIPLE_COMMAND_ERR;
}
command = RAW_ADD_COMMAND;
if(TRY_INC(i, argc)) {
PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
return OPTION_NEEDS_ARG_ERR;
}
moduleSpec = argv[i];
break;
case MECHANISMS_ARG:
if(mechanisms != NULL) {
PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
Expand Down Expand Up @@ -500,6 +517,8 @@ verify_params()
case LIST_COMMAND:
case RAW_LIST_COMMAND:
break;
case RAW_ADD_COMMAND:
break;
case UNDEFAULT_COMMAND:
case DEFAULT_COMMAND:
if(mechanisms == NULL) {
Expand Down Expand Up @@ -777,17 +796,26 @@ main(int argc, char *argv[])
goto loser;
}

if (command == RAW_LIST_COMMAND) {
if ((command == RAW_LIST_COMMAND) || (command == RAW_ADD_COMMAND)) {
if(!moduleName) {
char *readOnlyStr, *noCertDBStr, *sep;
if (!secmodName) secmodName="secmod.db";
if (!dbprefix) dbprefix = "";
sep = ((command == RAW_LIST_COMMAND) && nocertdb) ? "," : " ";
readOnlyStr = (command == RAW_LIST_COMMAND) ? "readOnly" : "" ;
noCertDBStr = nocertdb ? "noCertDB" : "";
SECU_ConfigDirectory(dbdir);

moduleName=PR_smprintf("name=\"NSS default Module DB\" parameters=\"configdir=%s certPrefix=%s keyPrefix=%s secmod=%s flags=readOnly%s\" NSS=\"flags=internal,moduleDB,moduleDBOnly,critical\"",
SECU_ConfigDirectory(NULL),dbprefix,
dbprefix,secmodName, nocertdb?",noCertDB":"");
moduleName=PR_smprintf("name=\"NSS default Module DB\" parameters=\"configdir=%s certPrefix=%s keyPrefix=%s secmod=%s flags=%s%s%s\" NSS=\"flags=internal,moduleDB,moduleDBOnly,critical\"",
SECU_ConfigDirectory(NULL),dbprefix, dbprefix,
secmodName, readOnlyStr,sep, noCertDBStr);
}
if (command == RAW_LIST_COMMAND) {
errcode = RawListModule(moduleName);
} else {
PORT_Assert(moduleSpec);
errcode = RawAddModule(moduleName,moduleSpec);
}
errcode = RawListModule(moduleName);
goto loser;
}

Expand Down
25 changes: 25 additions & 0 deletions security/nss/cmd/modutil/pk11.c
Expand Up @@ -303,6 +303,31 @@ RawListModule(char *modulespec)
return SUCCESS;
}

RawAddModule(char *dbmodulespec, char *modulespec)
{
SECMODModule *module;
SECMODModule *dbmodule;


dbmodule = SECMOD_LoadModule(dbmodulespec,NULL,PR_TRUE);
if (dbmodule == NULL) {
/* handle error */
return NO_SUCH_MODULE_ERR;
}

module = SECMOD_LoadModule(modulespec,dbmodule,PR_FALSE);
if (module == NULL) {
/* handle error */
return NO_SUCH_MODULE_ERR;
}

if( SECMOD_UpdateModule(module) != SECSuccess ) {
PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], modulespec);
return UPDATE_MOD_FAILED_ERR;
}
return SUCCESS;
}

/************************************************************************
*
* L i s t M o d u l e s
Expand Down

0 comments on commit dfa2034

Please sign in to comment.