diff options
author | julien.pierre.boogz%sun.com <devnull@localhost> | 2008-08-04 22:58:31 +0000 |
---|---|---|
committer | julien.pierre.boogz%sun.com <devnull@localhost> | 2008-08-04 22:58:31 +0000 |
commit | cc76330f24a07ba83957361a3f831fd2a273f645 (patch) | |
tree | 34336d223aae3f08b0114340d584fc98598b2ab7 | |
parent | ad1d867208d68089f305c0b74270a194dd2316ca (diff) | |
download | nss-hg-cc76330f24a07ba83957361a3f831fd2a273f645.tar.gz |
Fix for bug 423839 . Add multiple PKCS#11 token password command line options to crmftest, modutil, p7sign, p7content . r=nelson
-rw-r--r-- | security/nss/cmd/crmftest/testcrmf.c | 19 | ||||
-rw-r--r-- | security/nss/cmd/modutil/pk11.c | 2 | ||||
-rw-r--r-- | security/nss/cmd/p7content/p7content.c | 29 | ||||
-rw-r--r-- | security/nss/cmd/p7sign/p7sign.c | 33 |
4 files changed, 39 insertions, 44 deletions
diff --git a/security/nss/cmd/crmftest/testcrmf.c b/security/nss/cmd/crmftest/testcrmf.c index c687866fb..4d6b058ea 100644 --- a/security/nss/cmd/crmftest/testcrmf.c +++ b/security/nss/cmd/crmftest/testcrmf.c @@ -1497,6 +1497,7 @@ Usage (void) "\tcrmftest -d [Database Directory] -p [Personal Cert]\n" "\t -e [Encrypter] -s [CA Certificate] [-P password]\n\n" "\t [crmf] [dsa] [decode] [cmmf] [recover] [challenge]\n" + "\t [-f password_file]\n" "Database Directory\n" "\tThis is the directory where the key3.db, cert7.db, and\n" "\tsecmod.db files are located. This is also the directory\n" @@ -1558,6 +1559,7 @@ main(int argc, char **argv) PLOptState *optstate; PLOptStatus status; char *password = NULL; + char *pwfile = NULL; int irv = 0; PRUint32 flags = 0; SECStatus rv; @@ -1570,7 +1572,7 @@ main(int argc, char **argv) memset( &signPair, 0, sizeof signPair); memset( &cryptPair, 0, sizeof cryptPair); printf ("\ncrmftest v1.0\n"); - optstate = PL_CreateOptState(argc, argv, "d:p:e:s:P:"); + optstate = PL_CreateOptState(argc, argv, "d:p:e:s:P:f:"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case 'd': @@ -1612,8 +1614,19 @@ main(int argc, char **argv) printf ("-P failed\n"); return 606; } + pwdata.source = PW_PLAINTEXT; + pwdata.data = password; PArg = PR_TRUE; break; + case 'f': + pwfile = PORT_Strdup(optstate->value); + if (pwfile == NULL) { + printf ("-f failed\n"); + return 607; + } + pwdata.source = PW_FROMFILE; + pwdata.data = pwfile; + break; case 0: /* positional parameter */ rv = parsePositionalParam(optstate->value, &flags); if (rv) { @@ -1635,10 +1648,6 @@ main(int argc, char **argv) flags = ~ TEST_USE_DSA; db = CERT_GetDefaultCertDB(); InitPKCS11(); - if (password) { - pwdata.source = PW_PLAINTEXT; - pwdata.data = password; - } if (flags & TEST_MAKE_CRMF_REQ) { printf("Generating CRMF request\n"); diff --git a/security/nss/cmd/modutil/pk11.c b/security/nss/cmd/modutil/pk11.c index 6988931a8..03db017c4 100644 --- a/security/nss/cmd/modutil/pk11.c +++ b/security/nss/cmd/modutil/pk11.c @@ -683,8 +683,6 @@ ChangePW(char *tokenName, char *pwFile, char *newpwFile) return NO_SUCH_TOKEN_ERR; } - PK11_SetPasswordFunc(SECU_GetModulePassword); - /* Get old password */ if(! PK11_NeedUserInit(slot)) { if(pwFile) { diff --git a/security/nss/cmd/p7content/p7content.c b/security/nss/cmd/p7content/p7content.c index 27c8ca167..95c0eccf2 100644 --- a/security/nss/cmd/p7content/p7content.c +++ b/security/nss/cmd/p7content/p7content.c @@ -80,6 +80,7 @@ Usage(char *progName) } static PRBool saw_content; +static secuPWData pwdata = { PW_NONE, 0 }; static void PrintBytes(void *arg, const char *buf, unsigned long len) @@ -104,19 +105,6 @@ decryption_allowed(SECAlgorithmID *algid, PK11SymKey *key) return PR_TRUE; } -char* KeyDbPassword = 0; - - -char* MyPK11PasswordFunc (PK11SlotInfo *slot, PRBool retry, void* arg) -{ - char *ret=0; - - if (retry == PR_TRUE) - return NULL; - ret = PL_strdup (KeyDbPassword); - return ret; -} - int DecodeAndPrintFile(FILE *out, PRFileDesc *in, char *progName) { @@ -134,7 +122,7 @@ DecodeAndPrintFile(FILE *out, PRFileDesc *in, char *progName) fprintf(out, "\n---------------------------------------------\n"); saw_content = PR_FALSE; - dcx = SEC_PKCS7DecoderStart(PrintBytes, out, NULL, NULL, + dcx = SEC_PKCS7DecoderStart(PrintBytes, out, NULL, &pwdata, NULL, NULL, decryption_allowed); if (dcx != NULL) { #if 0 /* Test that decoder works when data is really streaming in. */ @@ -207,7 +195,6 @@ DecodeAndPrintFile(FILE *out, PRFileDesc *in, char *progName) return 0; } - /* * Print the contents of a PKCS7 message, indicating signatures, etc. */ @@ -231,7 +218,7 @@ main(int argc, char **argv) /* * Parse command line arguments */ - optstate = PL_CreateOptState(argc, argv, "d:i:o:p:"); + optstate = PL_CreateOptState(argc, argv, "d:i:o:p:f:"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case 'd': @@ -257,7 +244,13 @@ main(int argc, char **argv) break; case 'p': - KeyDbPassword = strdup (optstate->value); + pwdata.source = PW_PLAINTEXT; + pwdata.data = PORT_Strdup (optstate->value); + break; + + case 'f': + pwdata.source = PW_FROMFILE; + pwdata.data = PORT_Strdup (optstate->value); break; default: @@ -279,7 +272,7 @@ main(int argc, char **argv) return -1; } - PK11_SetPasswordFunc (MyPK11PasswordFunc); + PK11_SetPasswordFunc(SECU_GetModulePassword); if (DecodeAndPrintFile(outFile, inFile, progName)) { SECU_PrintError(progName, "problem decoding data"); diff --git a/security/nss/cmd/p7sign/p7sign.c b/security/nss/cmd/p7sign/p7sign.c index ac583f2f2..d489c4556 100644 --- a/security/nss/cmd/p7sign/p7sign.c +++ b/security/nss/cmd/p7sign/p7sign.c @@ -64,19 +64,7 @@ extern int fwrite(char *, size_t, size_t, FILE*); extern int fprintf(FILE *, char *, ...); #endif -char* KeyDbPassword = 0; - - -char* MyPK11PasswordFunc (PK11SlotInfo *slot, PRBool retry, void* arg) -{ - char *ret=0; - - if (retry == PR_TRUE) - return NULL; - ret = PL_strdup (KeyDbPassword); - return ret; -} - +static secuPWData pwdata = { PW_NONE, 0 }; static void Usage(char *progName) @@ -95,6 +83,7 @@ Usage(char *progName) fprintf(stderr, "%-20s Encapsulate content in signature message\n", "-e"); fprintf(stderr, "%-20s Password to the key databse\n", "-p"); + fprintf(stderr, "%-20s password file\n", "-f"); exit(-1); } @@ -174,7 +163,7 @@ SignFile(FILE *outFile, PRFileDesc *inFile, CERTCertificate *cert, } rv = SEC_PKCS7Encode (cinfo, SignOut, outFile, NULL, - NULL, NULL); + NULL, &pwdata); SEC_PKCS7DestroyContentInfo (cinfo); @@ -208,7 +197,7 @@ main(int argc, char **argv) /* * Parse command line arguments */ - optstate = PL_CreateOptState(argc, argv, "ed:k:i:o:p:"); + optstate = PL_CreateOptState(argc, argv, "ed:k:i:o:p:f:"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': @@ -246,8 +235,14 @@ main(int argc, char **argv) } break; case 'p': - KeyDbPassword = strdup (optstate->value); + pwdata.source = PW_PLAINTEXT; + pwdata.data = strdup (optstate->value); break; + + case 'f': + pwdata.source = PW_FROMFILE; + pwdata.data = PORT_Strdup (optstate->value); + break; } } @@ -264,7 +259,7 @@ main(int argc, char **argv) goto loser; } - PK11_SetPasswordFunc (MyPK11PasswordFunc); + PK11_SetPasswordFunc(SECU_GetModulePassword); /* open cert database */ certHandle = CERT_GetDefaultCertDB(); @@ -290,8 +285,8 @@ main(int argc, char **argv) } loser: - if (KeyDbPassword) { - PORT_Free(KeyDbPassword); + if (pwdata.data) { + PORT_Free(pwdata.data); } if (keyName) { PORT_Free(keyName); |