зеркало из https://github.com/mozilla/pjs.git
267 строки
8.1 KiB
C
267 строки
8.1 KiB
C
/* ***** BEGIN LICENSE BLOCK *****
|
|
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
|
*
|
|
* The contents of this file are subject to the Mozilla Public License Version
|
|
* 1.1 (the "License"); you may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
* http://www.mozilla.org/MPL/
|
|
*
|
|
* Software distributed under the License is distributed on an "AS IS" basis,
|
|
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
* for the specific language governing rights and limitations under the
|
|
* License.
|
|
*
|
|
* The Original Code is the Netscape security libraries.
|
|
*
|
|
* The Initial Developer of the Original Code is
|
|
* Netscape Communications Corporation.
|
|
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
|
* the Initial Developer. All Rights Reserved.
|
|
*
|
|
* Contributor(s):
|
|
* Sonja Mirtitsch Sun Microsystems
|
|
*
|
|
* Alternatively, the contents of this file may be used under the terms of
|
|
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
|
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
|
* in which case the provisions of the GPL or the LGPL are applicable instead
|
|
* of those above. If you wish to allow use of your version of this file only
|
|
* under the terms of either the GPL or the LGPL, and not to allow others to
|
|
* use your version of this file under the terms of the MPL, indicate your
|
|
* decision by deleting the provisions above and replace them with the notice
|
|
* and other provisions required by the GPL or the LGPL. If you do not delete
|
|
* the provisions above, a recipient may use your version of this file under
|
|
* the terms of any one of the MPL, the GPL or the LGPL.
|
|
*
|
|
* ***** END LICENSE BLOCK ***** */
|
|
|
|
/*
|
|
** dbtest.c
|
|
**
|
|
** QA test for cert and key databases, especially to open
|
|
** database readonly (NSS_INIT_READONLY) and force initializations
|
|
** even if the databases cannot be opened (NSS_INIT_FORCEOPEN)
|
|
**
|
|
*/
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
|
|
#if defined(WIN32)
|
|
#include "fcntl.h"
|
|
#include "io.h"
|
|
#endif
|
|
|
|
#include "secutil.h"
|
|
#include "pk11pub.h"
|
|
|
|
#if defined(XP_UNIX)
|
|
#include <unistd.h>
|
|
#endif
|
|
|
|
#include "nspr.h"
|
|
#include "prtypes.h"
|
|
#include "certdb.h"
|
|
#include "nss.h"
|
|
#include "../modutil/modutil.h"
|
|
|
|
#include "plgetopt.h"
|
|
|
|
static char *progName;
|
|
|
|
char *dbDir = NULL;
|
|
|
|
static char *dbName[]={"secmod.db", "cert8.db", "key3.db"};
|
|
static char* dbprefix = "";
|
|
static char* secmodName = "secmod.db";
|
|
static char* userPassword = "";
|
|
PRBool verbose;
|
|
|
|
static char *
|
|
getPassword(PK11SlotInfo *slot, PRBool retry, void *arg)
|
|
{
|
|
int *success = (int *)arg;
|
|
|
|
if (retry) {
|
|
*success = 0;
|
|
return NULL;
|
|
}
|
|
|
|
*success = 1;
|
|
return PORT_Strdup(userPassword);
|
|
}
|
|
|
|
|
|
static void Usage(const char *progName)
|
|
{
|
|
printf("Usage: %s [-r] [-f] [-i] [-d dbdir ] \n",
|
|
progName);
|
|
printf("%-20s open database readonly (NSS_INIT_READONLY)\n", "-r");
|
|
printf("%-20s Continue to force initializations even if the\n", "-f");
|
|
printf("%-20s databases cannot be opened (NSS_INIT_FORCEOPEN)\n", " ");
|
|
printf("%-20s Try to initialize the database\n", "-i");
|
|
printf("%-20s Supply a password with which to initialize the db\n", "-p");
|
|
printf("%-20s Directory with cert database (default is .\n",
|
|
"-d certdir");
|
|
exit(1);
|
|
}
|
|
|
|
int main(int argc, char **argv)
|
|
{
|
|
PLOptState *optstate;
|
|
PLOptStatus optstatus;
|
|
|
|
PRUint32 flags = 0;
|
|
Error ret;
|
|
SECStatus rv;
|
|
char * dbString = NULL;
|
|
PRBool doInitTest = PR_FALSE;
|
|
int i;
|
|
|
|
progName = strrchr(argv[0], '/');
|
|
if (!progName)
|
|
progName = strrchr(argv[0], '\\');
|
|
progName = progName ? progName+1 : argv[0];
|
|
|
|
optstate = PL_CreateOptState(argc, argv, "rfip:d:h");
|
|
|
|
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
|
|
switch (optstate->option) {
|
|
case 'h':
|
|
default : Usage(progName); break;
|
|
|
|
case 'r': flags |= NSS_INIT_READONLY; break;
|
|
|
|
case 'f': flags |= NSS_INIT_FORCEOPEN; break;
|
|
|
|
case 'i': doInitTest = PR_TRUE; break;
|
|
|
|
case 'p':
|
|
userPassword = PORT_Strdup(optstate->value);
|
|
break;
|
|
|
|
case 'd':
|
|
dbDir = PORT_Strdup(optstate->value);
|
|
break;
|
|
|
|
}
|
|
}
|
|
if (optstatus == PL_OPT_BAD)
|
|
Usage(progName);
|
|
|
|
if (!dbDir) {
|
|
dbDir = SECU_DefaultSSLDir(); /* Look in $SSL_DIR */
|
|
}
|
|
dbDir = SECU_ConfigDirectory(dbDir);
|
|
PR_fprintf(PR_STDERR, "dbdir selected is %s\n\n", dbDir);
|
|
|
|
if( dbDir[0] == '\0') {
|
|
PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dbDir);
|
|
ret= DIR_DOESNT_EXIST_ERR;
|
|
goto loser;
|
|
}
|
|
|
|
|
|
PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
|
|
|
|
/* get the status of the directory and databases and output message */
|
|
if(PR_Access(dbDir, PR_ACCESS_EXISTS) != PR_SUCCESS) {
|
|
PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dbDir);
|
|
} else if(PR_Access(dbDir, PR_ACCESS_READ_OK) != PR_SUCCESS) {
|
|
PR_fprintf(PR_STDERR, errStrings[DIR_NOT_READABLE_ERR], dbDir);
|
|
} else {
|
|
if( !( flags & NSS_INIT_READONLY ) &&
|
|
PR_Access(dbDir, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
|
|
PR_fprintf(PR_STDERR, errStrings[DIR_NOT_WRITEABLE_ERR], dbDir);
|
|
}
|
|
if (!doInitTest) {
|
|
for (i=0;i<3;i++) {
|
|
dbString=PR_smprintf("%s/%s",dbDir,dbName[i]);
|
|
PR_fprintf(PR_STDOUT, "database checked is %s\n",dbString);
|
|
if(PR_Access(dbString, PR_ACCESS_EXISTS) != PR_SUCCESS) {
|
|
PR_fprintf(PR_STDERR, errStrings[FILE_DOESNT_EXIST_ERR],
|
|
dbString);
|
|
} else if(PR_Access(dbString, PR_ACCESS_READ_OK) != PR_SUCCESS) {
|
|
PR_fprintf(PR_STDERR, errStrings[FILE_NOT_READABLE_ERR],
|
|
dbString);
|
|
} else if( !( flags & NSS_INIT_READONLY ) &&
|
|
PR_Access(dbString, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
|
|
PR_fprintf(PR_STDERR, errStrings[FILE_NOT_WRITEABLE_ERR],
|
|
dbString);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
rv = NSS_Initialize(SECU_ConfigDirectory(dbDir), dbprefix, dbprefix,
|
|
secmodName, flags);
|
|
if (rv != SECSuccess) {
|
|
SECU_PrintPRandOSError(progName);
|
|
ret=NSS_INITIALIZE_FAILED_ERR;
|
|
} else {
|
|
ret=SUCCESS;
|
|
if (doInitTest) {
|
|
PK11SlotInfo * slot = PK11_GetInternalKeySlot();
|
|
SECStatus rv;
|
|
int passwordSuccess = 0;
|
|
int type = CKM_DES3_CBC;
|
|
SECItem keyid = { 0, NULL, 0 };
|
|
unsigned char keyIdData[] = { 0xff, 0xfe };
|
|
PK11SymKey *key = NULL;
|
|
|
|
keyid.data = keyIdData;
|
|
keyid.len = sizeof(keyIdData);
|
|
|
|
PK11_SetPasswordFunc(getPassword);
|
|
rv = PK11_InitPin(slot, (char *)NULL, userPassword);
|
|
if (rv != SECSuccess) {
|
|
PR_fprintf(PR_STDERR, "Failed to Init DB: %s\n",
|
|
SECU_Strerror(PORT_GetError()));
|
|
ret = CHANGEPW_FAILED_ERR;
|
|
}
|
|
if (*userPassword && !PK11_IsLoggedIn(slot, &passwordSuccess)) {
|
|
PR_fprintf(PR_STDERR, "New DB did not log in after init\n");
|
|
ret = AUTHENTICATION_FAILED_ERR;
|
|
}
|
|
/* generate a symetric key */
|
|
key = PK11_TokenKeyGen(slot, type, NULL, 0, &keyid,
|
|
PR_TRUE, &passwordSuccess);
|
|
|
|
if (!key) {
|
|
PR_fprintf(PR_STDERR, "Could not generated symetric key: %s\n",
|
|
SECU_Strerror(PORT_GetError()));
|
|
exit (UNSPECIFIED_ERR);
|
|
}
|
|
PK11_FreeSymKey(key);
|
|
PK11_Logout(slot);
|
|
|
|
PK11_Authenticate(slot, PR_TRUE, &passwordSuccess);
|
|
|
|
if (*userPassword && !passwordSuccess) {
|
|
PR_fprintf(PR_STDERR, "New DB Did not initalize\n");
|
|
ret = AUTHENTICATION_FAILED_ERR;
|
|
}
|
|
key = PK11_FindFixedKey(slot, type, &keyid, &passwordSuccess);
|
|
|
|
if (!key) {
|
|
PR_fprintf(PR_STDERR, "Could not find generated key: %s\n",
|
|
SECU_Strerror(PORT_GetError()));
|
|
ret = UNSPECIFIED_ERR;
|
|
} else {
|
|
PK11_FreeSymKey(key);
|
|
}
|
|
PK11_FreeSlot(slot);
|
|
}
|
|
|
|
if (NSS_Shutdown() != SECSuccess) {
|
|
PR_fprintf(PR_STDERR, "Could not find generated key: %s\n",
|
|
SECU_Strerror(PORT_GetError()));
|
|
exit(1);
|
|
}
|
|
}
|
|
|
|
loser:
|
|
return ret;
|
|
}
|
|
|