diff options
Diffstat (limited to 'security/nss/nss-tool/common/util.cc')
-rw-r--r-- | security/nss/nss-tool/common/util.cc | 216 |
1 files changed, 0 insertions, 216 deletions
diff --git a/security/nss/nss-tool/common/util.cc b/security/nss/nss-tool/common/util.cc deleted file mode 100644 index 77459155a..000000000 --- a/security/nss/nss-tool/common/util.cc +++ /dev/null @@ -1,216 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#include "util.h" - -#include <fstream> -#include <iomanip> -#include <iostream> -#include <sstream> -#include <string> - -#include <prerror.h> - -#if defined(__unix__) || defined(__APPLE__) -#include <termios.h> -#include <unistd.h> -#elif defined(WIN32) || defined(_WIN64) -#include <Windows.h> -#endif - -static std::string GetPassword(const std::string &prompt) { - std::cout << prompt << std::endl; - -#if defined(__unix__) || defined(__APPLE__) - termios oldt; - tcgetattr(STDIN_FILENO, &oldt); - termios newt = oldt; - newt.c_lflag &= ~ECHO; - tcsetattr(STDIN_FILENO, TCSANOW, &newt); -#elif defined(WIN32) || defined(_WIN64) - HANDLE hStdin = GetStdHandle(STD_INPUT_HANDLE); - DWORD mode = 0; - GetConsoleMode(hStdin, &mode); - SetConsoleMode(hStdin, mode & (~ENABLE_ECHO_INPUT)); -#endif - - std::string pw; - std::getline(std::cin, pw); - -#if defined(__unix__) || defined(__APPLE__) - tcsetattr(STDIN_FILENO, TCSANOW, &oldt); -#elif defined(WIN32) || defined(_WIN64) - SetConsoleMode(hStdin, mode); -#endif - - return pw; -} - -static char *GetModulePassword(PK11SlotInfo *slot, int retry, void *arg) { - if (arg == nullptr) { - return nullptr; - } - - PwData *pwData = reinterpret_cast<PwData *>(arg); - - if (retry > 0) { - std::cerr << "Incorrect password/PIN entered." << std::endl; - return nullptr; - } - - switch (pwData->source) { - case PW_NONE: - case PW_FROMFILE: - std::cerr << "Password input method not supported." << std::endl; - return nullptr; - case PW_PLAINTEXT: - return PL_strdup(pwData->data); - default: - break; - } - - std::cerr << "Password check failed: No password found." << std::endl; - return nullptr; -} - -static std::vector<uint8_t> ReadFromIstream(std::istream &is) { - std::vector<uint8_t> data; - while (is) { - char buf[1024]; - is.read(buf, sizeof(buf)); - data.insert(data.end(), buf, buf + is.gcount()); - } - - return data; -} - -static std::string GetNewPasswordFromUser(void) { - std::string pw; - - while (true) { - pw = GetPassword("Enter new password: "); - if (pw == GetPassword("Re-enter password: ")) { - break; - } - - std::cerr << "Passwords do not match. Try again." << std::endl; - } - - return pw; -} - -bool InitSlotPassword(void) { - ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot()); - if (slot.get() == nullptr) { - std::cerr << "Error: Init PK11SlotInfo failed!" << std::endl; - return false; - } - - std::cout << "Enter a password which will be used to encrypt your keys." - << std::endl - << std::endl; - std::string pw = GetNewPasswordFromUser(); - - SECStatus rv = PK11_InitPin(slot.get(), nullptr, pw.c_str()); - if (rv != SECSuccess) { - std::cerr << "Init db password failed." << std::endl; - return false; - } - - return true; -} - -bool ChangeSlotPassword(void) { - ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot()); - if (slot.get() == nullptr) { - std::cerr << "Error: Init PK11SlotInfo failed!" << std::endl; - return false; - } - - // get old password and authenticate to db - PK11_SetPasswordFunc(&GetModulePassword); - std::string oldPw = GetPassword("Enter your current password: "); - PwData pwData = {PW_PLAINTEXT, const_cast<char *>(oldPw.c_str())}; - SECStatus rv = PK11_Authenticate(slot.get(), false /*loadCerts*/, &pwData); - if (rv != SECSuccess) { - std::cerr << "Password incorrect." << std::endl; - return false; - } - - // get new password - std::string newPw = GetNewPasswordFromUser(); - - if (PK11_ChangePW(slot.get(), oldPw.c_str(), newPw.c_str()) != SECSuccess) { - std::cerr << "Failed to change password." << std::endl; - return false; - } - - std::cout << "Password changed successfully." << std::endl; - return true; -} - -bool DBLoginIfNeeded(const ScopedPK11SlotInfo &slot) { - if (!PK11_NeedLogin(slot.get())) { - return true; - } - - PK11_SetPasswordFunc(&GetModulePassword); - std::string pw = GetPassword("Enter your password: "); - PwData pwData = {PW_PLAINTEXT, const_cast<char *>(pw.c_str())}; - SECStatus rv = PK11_Authenticate(slot.get(), true /*loadCerts*/, &pwData); - if (rv != SECSuccess) { - std::cerr << "Could not authenticate to token " - << PK11_GetTokenName(slot.get()) << ". Failed with error " - << PR_ErrorToName(PR_GetError()) << std::endl; - return false; - } - std::cout << std::endl; - - return true; -} - -std::string StringToHex(const ScopedSECItem &input) { - std::stringstream ss; - ss << "0x"; - for (size_t i = 0; i < input->len; i++) { - ss << std::hex << std::setfill('0') << std::setw(2) - << static_cast<int>(input->data[i]); - } - - return ss.str(); -} - -std::vector<uint8_t> ReadInputData(std::string dataPath) { - std::vector<uint8_t> data; - if (dataPath.empty()) { - std::cout << "No input file path given, using stdin." << std::endl; - data = ReadFromIstream(std::cin); - } else { - std::ifstream is(dataPath, std::ifstream::binary); - if (is.good()) { - data = ReadFromIstream(is); - } else { - std::cerr << "IO Error when opening " << dataPath << std::endl; - std::cerr << "Input file does not exist or you don't have permissions." - << std::endl; - } - } - - return data; -} - -std::istream &GetStreamFromFileOrStdin(std::string &path, std::ifstream &ifs) { - if (path.empty()) { - return std::cin; - } - - ifs.open(path, std::ifstream::binary); - if (!ifs.good()) { - std::cerr << "IO Error when opening " << path << std::endl; - std::cerr << "Input file does not exist or you don't have permissions." - << std::endl; - } - - return ifs; -} |