/************************************************************************* * * P k 1 1 I n s t a l l _ U s e r V e r i f y J a r * * Gives the user feedback on the signatures of a JAR files, asks them * whether they actually want to continue. * Assumes the jar structure has already been created and is valid. * Returns 0 if the user wants to continue the installation, nonzero * if the user wishes to abort. */ short Pk11Install_UserVerifyJar(JAR *jar, PRFileDesc *out, PRBool query) { JAR_Context *ctx; JAR_Cert *fing; JAR_Item *item; char stdinbuf[80]; int count=0; CERTCertificate *cert, *prev=NULL; PR_fprintf(out, "\nThis installation JAR file was signed by:\n"); ctx = JAR_find(jar, NULL, jarTypeSign); while(JAR_find_next(ctx, &item) >= 0 ) { fing = (JAR_Cert*) item->data; cert = fing->cert; if(cert==prev) { continue; } count++; PR_fprintf(out, "----------------------------------------------\n"); if(cert) { if(cert->nickname) { PR_fprintf(out, "**NICKNAME**\n%s\n", cert->nickname); } if(cert->subjectName) { PR_fprintf(out, "**SUBJECT NAME**\n%s\n", cert->subjectName); } if(cert->issuerName) { PR_fprintf(out, "**ISSUER NAME**\n%s\n", cert->issuerName); } } else { PR_fprintf(out, "No matching certificate could be found.\n"); } PR_fprintf(out, "----------------------------------------------\n\n"); prev=cert; } JAR_find_end(ctx); if(count==0) { PR_fprintf(out, "No signatures found: JAR FILE IS UNSIGNED.\n"); } if(query) { PR_fprintf(out, "Do you wish to continue this installation? (y/n) "); if(PR_fgets(stdinbuf, 80, PR_STDIN) != NULL) { char *response; if( (response=strtok(stdinbuf, " \t\n\r")) ) { if( !PL_strcasecmp(response, "y") || !PL_strcasecmp(response, "yes") ) { return 0; } } } } return 1; }
/************************************************************************* * * m a i n */ int main(int argc, char* argv[]) { int errcode = SUCCESS; PRBool createdb, readOnly; #define STDINBUF_SIZE 80 char stdinbuf[STDINBUF_SIZE]; progName = strrchr(argv[0], '/'); progName = progName ? progName + 1 : argv[0]; PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); if (parse_args(argc, argv) != SUCCESS) { usage(); errcode = INVALID_USAGE_ERR; goto loser; } if (verify_params() != SUCCESS) { usage(); errcode = INVALID_USAGE_ERR; goto loser; } if (command == NO_COMMAND) { PR_fprintf(PR_STDERR, errStrings[NO_COMMAND_ERR]); usage(); errcode = INVALID_USAGE_ERR; goto loser; } /* Set up crypto stuff */ createdb = command == CREATE_COMMAND; readOnly = ((command == LIST_COMMAND) || (command == CHKFIPS_COMMAND) || (command == RAW_LIST_COMMAND)); /* Make sure browser is not running if we're writing to a database */ /* Do this before initializing crypto */ if (!readOnly && !force) { char* response; PR_fprintf(PR_STDOUT, msgStrings[BROWSER_RUNNING_MSG]); if (!PR_fgets(stdinbuf, STDINBUF_SIZE, PR_STDIN)) { PR_fprintf(PR_STDERR, errStrings[STDIN_READ_ERR]); errcode = STDIN_READ_ERR; goto loser; } if ((response = strtok(stdinbuf, " \r\n\t"))) { if (!PL_strcasecmp(response, "q")) { PR_fprintf(PR_STDOUT, msgStrings[ABORTING_MSG]); errcode = SUCCESS; goto loser; } } PR_fprintf(PR_STDOUT, "\n"); } errcode = check_crypto(createdb, readOnly); if (errcode != SUCCESS) { goto loser; } if ((command == RAW_LIST_COMMAND) || (command == RAW_ADD_COMMAND)) { if (!moduleName) { char *readOnlyStr, *noCertDBStr, *sep; if (!secmodName) secmodName = "secmod.db"; if (!dbprefix) dbprefix = ""; sep = ((command == RAW_LIST_COMMAND) && nocertdb) ? "," : " "; readOnlyStr = (command == RAW_LIST_COMMAND) ? "readOnly" : ""; noCertDBStr = nocertdb ? "noCertDB" : ""; SECU_ConfigDirectory(dbdir); moduleName = PR_smprintf( "name=\"NSS default Module DB\" parameters=\"configdir=%s certPrefix=%s " "keyPrefix=%s secmod=%s flags=%s%s%s\" NSS=\"flags=internal,moduleDB," "moduleDBOnly,critical\"", SECU_ConfigDirectory(NULL), dbprefix, dbprefix, secmodName, readOnlyStr, sep, noCertDBStr); } if (command == RAW_LIST_COMMAND) { errcode = RawListModule(moduleName); } else { PORT_Assert(moduleSpec); errcode = RawAddModule(moduleName, moduleSpec); } goto loser; } errcode = init_crypto(createdb, readOnly); if (errcode != SUCCESS) { goto loser; } errcode = LoadMechanismList(); if (errcode != SUCCESS) { goto loser; } /* Execute the command */ switch (command) { case ADD_COMMAND: errcode = AddModule(moduleName, libFile, ciphers, mechanisms, secmodString); break; case CHANGEPW_COMMAND: errcode = ChangePW(tokenName, pwFile, newpwFile); break; case CREATE_COMMAND: /* The work was already done in init_crypto() */ break; case DEFAULT_COMMAND: errcode = SetDefaultModule(moduleName, slotName, mechanisms); break; case DELETE_COMMAND: errcode = DeleteModule(moduleName); break; case DISABLE_COMMAND: errcode = EnableModule(moduleName, slotName, PR_FALSE); break; case ENABLE_COMMAND: errcode = EnableModule(moduleName, slotName, PR_TRUE); break; case FIPS_COMMAND: errcode = FipsMode(fipsArg); break; case CHKFIPS_COMMAND: errcode = ChkFipsMode(fipsArg); break; case JAR_COMMAND: Pk11Install_SetErrorHandler(install_error); errcode = Pk11Install_DoInstall(jarFile, installDir, tempDir, PR_STDOUT, force, nocertdb); break; case LIST_COMMAND: if (moduleName) { errcode = ListModule(moduleName); } else { errcode = ListModules(); } break; case UNDEFAULT_COMMAND: errcode = UnsetDefaultModule(moduleName, slotName, mechanisms); break; default: PR_fprintf(PR_STDERR, "This command is not supported yet.\n"); errcode = INVALID_USAGE_ERR; break; } if (NSS_Shutdown() != SECSuccess) { exit(1); } loser: PR_Cleanup(); return errcode; }