/*************************************************************************
*
* P k 1 1 I n s t a l l _ U s e r V e r i f y J a r
*
* Gives the user feedback on the signatures of a JAR files, asks them
* whether they actually want to continue.
* Assumes the jar structure has already been created and is valid.
* Returns 0 if the user wants to continue the installation, nonzero
* if the user wishes to abort.
*/
short
Pk11Install_UserVerifyJar(JAR *jar, PRFileDesc *out, PRBool query)
{
JAR_Context *ctx;
JAR_Cert *fing;
JAR_Item *item;
char stdinbuf[80];
int count=0;
CERTCertificate *cert, *prev=NULL;
PR_fprintf(out, "\nThis installation JAR file was signed by:\n");
ctx = JAR_find(jar, NULL, jarTypeSign);
while(JAR_find_next(ctx, &item) >= 0 ) {
fing = (JAR_Cert*) item->data;
cert = fing->cert;
if(cert==prev) {
continue;
}
count++;
PR_fprintf(out, "----------------------------------------------\n");
if(cert) {
if(cert->nickname) {
PR_fprintf(out, "**NICKNAME**\n%s\n", cert->nickname);
}
if(cert->subjectName) {
PR_fprintf(out, "**SUBJECT NAME**\n%s\n", cert->subjectName); }
if(cert->issuerName) {
PR_fprintf(out, "**ISSUER NAME**\n%s\n", cert->issuerName);
}
} else {
PR_fprintf(out, "No matching certificate could be found.\n");
}
PR_fprintf(out, "----------------------------------------------\n\n");
prev=cert;
}
JAR_find_end(ctx);
if(count==0) {
PR_fprintf(out, "No signatures found: JAR FILE IS UNSIGNED.\n");
}
if(query) {
PR_fprintf(out,
"Do you wish to continue this installation? (y/n) ");
if(PR_fgets(stdinbuf, 80, PR_STDIN) != NULL) {
char *response;
if( (response=strtok(stdinbuf, " \t\n\r")) ) {
if( !PL_strcasecmp(response, "y") ||
!PL_strcasecmp(response, "yes") ) {
return 0;
}
}
}
}
return 1;
}
/*************************************************************************
*
* m a i n
*/
int
main(int argc, char* argv[])
{
int errcode = SUCCESS;
PRBool createdb, readOnly;
#define STDINBUF_SIZE 80
char stdinbuf[STDINBUF_SIZE];
progName = strrchr(argv[0], '/');
progName = progName ? progName + 1 : argv[0];
PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
if (parse_args(argc, argv) != SUCCESS) {
usage();
errcode = INVALID_USAGE_ERR;
goto loser;
}
if (verify_params() != SUCCESS) {
usage();
errcode = INVALID_USAGE_ERR;
goto loser;
}
if (command == NO_COMMAND) {
PR_fprintf(PR_STDERR, errStrings[NO_COMMAND_ERR]);
usage();
errcode = INVALID_USAGE_ERR;
goto loser;
}
/* Set up crypto stuff */
createdb = command == CREATE_COMMAND;
readOnly = ((command == LIST_COMMAND) ||
(command == CHKFIPS_COMMAND) ||
(command == RAW_LIST_COMMAND));
/* Make sure browser is not running if we're writing to a database */
/* Do this before initializing crypto */
if (!readOnly && !force) {
char* response;
PR_fprintf(PR_STDOUT, msgStrings[BROWSER_RUNNING_MSG]);
if (!PR_fgets(stdinbuf, STDINBUF_SIZE, PR_STDIN)) {
PR_fprintf(PR_STDERR, errStrings[STDIN_READ_ERR]);
errcode = STDIN_READ_ERR;
goto loser;
}
if ((response = strtok(stdinbuf, " \r\n\t"))) {
if (!PL_strcasecmp(response, "q")) {
PR_fprintf(PR_STDOUT, msgStrings[ABORTING_MSG]);
errcode = SUCCESS;
goto loser;
}
}
PR_fprintf(PR_STDOUT, "\n");
}
errcode = check_crypto(createdb, readOnly);
if (errcode != SUCCESS) {
goto loser;
}
if ((command == RAW_LIST_COMMAND) || (command == RAW_ADD_COMMAND)) {
if (!moduleName) {
char *readOnlyStr, *noCertDBStr, *sep;
if (!secmodName)
secmodName = "secmod.db";
if (!dbprefix)
dbprefix = "";
sep = ((command == RAW_LIST_COMMAND) && nocertdb) ? "," : " ";
readOnlyStr = (command == RAW_LIST_COMMAND) ? "readOnly" : "";
noCertDBStr = nocertdb ? "noCertDB" : "";
SECU_ConfigDirectory(dbdir);
moduleName = PR_smprintf(
"name=\"NSS default Module DB\" parameters=\"configdir=%s certPrefix=%s "
"keyPrefix=%s secmod=%s flags=%s%s%s\" NSS=\"flags=internal,moduleDB,"
"moduleDBOnly,critical\"",
SECU_ConfigDirectory(NULL), dbprefix, dbprefix,
secmodName, readOnlyStr, sep, noCertDBStr);
}
if (command == RAW_LIST_COMMAND) {
errcode = RawListModule(moduleName);
} else {
PORT_Assert(moduleSpec);
errcode = RawAddModule(moduleName, moduleSpec);
}
goto loser;
}
errcode = init_crypto(createdb, readOnly);
if (errcode != SUCCESS) {
goto loser;
}
errcode = LoadMechanismList();
if (errcode != SUCCESS) {
goto loser;
}
/* Execute the command */
switch (command) {
case ADD_COMMAND:
errcode = AddModule(moduleName, libFile, ciphers, mechanisms, secmodString);
break;
case CHANGEPW_COMMAND:
errcode = ChangePW(tokenName, pwFile, newpwFile);
break;
case CREATE_COMMAND:
/* The work was already done in init_crypto() */
break;
case DEFAULT_COMMAND:
errcode = SetDefaultModule(moduleName, slotName, mechanisms);
break;
case DELETE_COMMAND:
errcode = DeleteModule(moduleName);
break;
case DISABLE_COMMAND:
errcode = EnableModule(moduleName, slotName, PR_FALSE);
break;
case ENABLE_COMMAND:
errcode = EnableModule(moduleName, slotName, PR_TRUE);
break;
case FIPS_COMMAND:
errcode = FipsMode(fipsArg);
break;
case CHKFIPS_COMMAND:
errcode = ChkFipsMode(fipsArg);
break;
case JAR_COMMAND:
Pk11Install_SetErrorHandler(install_error);
errcode = Pk11Install_DoInstall(jarFile, installDir, tempDir,
PR_STDOUT, force, nocertdb);
break;
case LIST_COMMAND:
if (moduleName) {
errcode = ListModule(moduleName);
} else {
errcode = ListModules();
}
break;
case UNDEFAULT_COMMAND:
errcode = UnsetDefaultModule(moduleName, slotName, mechanisms);
break;
default:
PR_fprintf(PR_STDERR, "This command is not supported yet.\n");
errcode = INVALID_USAGE_ERR;
break;
}
if (NSS_Shutdown() != SECSuccess) {
exit(1);
}
loser:
PR_Cleanup();
return errcode;
}
