summaryrefslogtreecommitdiffstats
path: root/security/nss/cmd/modutil/instsec.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/cmd/modutil/instsec.c')
-rw-r--r--security/nss/cmd/modutil/instsec.c153
1 files changed, 153 insertions, 0 deletions
diff --git a/security/nss/cmd/modutil/instsec.c b/security/nss/cmd/modutil/instsec.c
new file mode 100644
index 000000000..95191e729
--- /dev/null
+++ b/security/nss/cmd/modutil/instsec.c
@@ -0,0 +1,153 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <plarena.h>
+#include <prerror.h>
+#include <prio.h>
+#include <prprf.h>
+#include <seccomon.h>
+#include <secmod.h>
+#include <jar.h>
+#include <secutil.h>
+
+/* These are installation functions that make calls to the security library.
+ * We don't want to include security include files in the C++ code too much.
+ */
+
+static char *PR_fgets(char *buf, int size, PRFileDesc *file);
+
+/***************************************************************************
+ *
+ * P k 1 1 I n s t a l l _ A d d N e w M o d u l e
+ */
+int
+Pk11Install_AddNewModule(char *moduleName, char *dllPath,
+ unsigned long defaultMechanismFlags,
+ unsigned long cipherEnableFlags)
+{
+ return (SECMOD_AddNewModule(moduleName, dllPath,
+ SECMOD_PubMechFlagstoInternal(defaultMechanismFlags),
+ SECMOD_PubCipherFlagstoInternal(cipherEnableFlags)) == SECSuccess)
+ ? 0
+ : -1;
+}
+
+/*************************************************************************
+ *
+ * P k 1 1 I n s t a l l _ U s e r V e r i f y J a r
+ *
+ * Gives the user feedback on the signatures of a JAR files, asks them
+ * whether they actually want to continue.
+ * Assumes the jar structure has already been created and is valid.
+ * Returns 0 if the user wants to continue the installation, nonzero
+ * if the user wishes to abort.
+ */
+short
+Pk11Install_UserVerifyJar(JAR *jar, PRFileDesc *out, PRBool query)
+{
+ JAR_Context *ctx;
+ JAR_Cert *fing;
+ JAR_Item *item;
+ char stdinbuf[80];
+ int count = 0;
+
+ CERTCertificate *cert, *prev = NULL;
+
+ PR_fprintf(out, "\nThis installation JAR file was signed by:\n");
+
+ ctx = JAR_find(jar, NULL, jarTypeSign);
+
+ while (JAR_find_next(ctx, &item) >= 0) {
+ fing = (JAR_Cert *)item->data;
+ cert = fing->cert;
+ if (cert == prev) {
+ continue;
+ }
+
+ count++;
+ PR_fprintf(out, "----------------------------------------------\n");
+ if (cert) {
+ if (cert->nickname) {
+ PR_fprintf(out, "**NICKNAME**\n%s\n", cert->nickname);
+ }
+ if (cert->subjectName) {
+ PR_fprintf(out, "**SUBJECT NAME**\n%s\n", cert->subjectName);
+ }
+ if (cert->issuerName) {
+ PR_fprintf(out, "**ISSUER NAME**\n%s\n", cert->issuerName);
+ }
+ } else {
+ PR_fprintf(out, "No matching certificate could be found.\n");
+ }
+ PR_fprintf(out, "----------------------------------------------\n\n");
+
+ prev = cert;
+ }
+
+ JAR_find_end(ctx);
+
+ if (count == 0) {
+ PR_fprintf(out, "No signatures found: JAR FILE IS UNSIGNED.\n");
+ }
+
+ if (query) {
+ PR_fprintf(out,
+ "Do you wish to continue this installation? (y/n) ");
+
+ if (PR_fgets(stdinbuf, 80, PR_STDIN) != NULL) {
+ char *response;
+
+ if ((response = strtok(stdinbuf, " \t\n\r"))) {
+ if (!PL_strcasecmp(response, "y") ||
+ !PL_strcasecmp(response, "yes")) {
+ return 0;
+ }
+ }
+ }
+ }
+
+ return 1;
+}
+
+/**************************************************************************
+ *
+ * P R _ f g e t s
+ *
+ * fgets implemented with NSPR.
+ */
+static char *
+PR_fgets(char *buf, int size, PRFileDesc *file)
+{
+ int i;
+ int status;
+ char c;
+
+ i = 0;
+ while (i < size - 1) {
+ status = PR_Read(file, (void *)&c, 1);
+ if (status == -1) {
+ return NULL;
+ } else if (status == 0) {
+ break;
+ }
+ buf[i++] = c;
+ if (c == '\n') {
+ break;
+ }
+ }
+ buf[i] = '\0';
+
+ return buf;
+}
+
+/**************************************************************************
+ *
+ * m y S E C U _ E r r o r S t r i n g
+ *
+ */
+const char *
+mySECU_ErrorString(PRErrorCode errnum)
+{
+ return SECU_Strerror(errnum);
+}