diff options
author | Stefan Gschiel <stefan.gschiel.sg@gmail.com> | 2017-03-15 17:08:34 +0100 |
---|---|---|
committer | Stefan Gschiel <stefan.gschiel.sg@gmail.com> | 2017-03-15 17:08:34 +0100 |
commit | 8d2fad3c4c6a71691ab8c602c5396db1ba0de0f6 (patch) | |
tree | 9fe4fb4fa987420d424eca7f6be298f725f61616 /nss-tool/common | |
parent | f934ffb318d05812fcdc8fcf8a434b00fe5363e2 (diff) | |
download | nss-hg-8d2fad3c4c6a71691ab8c602c5396db1ba0de0f6.tar.gz |
Bug 1347613 - nss-tool: allow removing certs and keys from a DB, changing a DB password r=ttaubert
Differential Revision: https://nss-review.dev.mozaws.net/D247
Diffstat (limited to 'nss-tool/common')
-rw-r--r-- | nss-tool/common/util.cc | 53 | ||||
-rw-r--r-- | nss-tool/common/util.h | 1 |
2 files changed, 45 insertions, 9 deletions
diff --git a/nss-tool/common/util.cc b/nss-tool/common/util.cc index 7cc4352c6..5b7ed0b9d 100644 --- a/nss-tool/common/util.cc +++ b/nss-tool/common/util.cc @@ -85,6 +85,21 @@ static std::vector<char> ReadFromIstream(std::istream &is) { return certData; } +static std::string GetNewPasswordFromUser(void) { + std::string pw; + + while (true) { + pw = GetPassword("Enter new password: "); + if (pw == GetPassword("Re-enter password: ")) { + break; + } + + std::cerr << "Passwords do not match. Try again." << std::endl; + } + + return pw; +} + bool InitSlotPassword(void) { ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot()); if (slot.get() == nullptr) { @@ -95,23 +110,43 @@ bool InitSlotPassword(void) { std::cout << "Enter a password which will be used to encrypt your keys." << std::endl << std::endl; - std::string pw; + std::string pw = GetNewPasswordFromUser(); - while (true) { - pw = GetPassword("Enter new password: "); - if (pw == GetPassword("Re-enter password: ")) { - break; - } + SECStatus rv = PK11_InitPin(slot.get(), nullptr, pw.c_str()); + if (rv != SECSuccess) { + std::cerr << "Init db password failed." << std::endl; + return false; + } - std::cerr << "Passwords do not match. Try again." << std::endl; + return true; +} + +bool ChangeSlotPassword(void) { + ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot()); + if (slot.get() == nullptr) { + std::cerr << "Error: Init PK11SlotInfo failed!" << std::endl; + return false; } - SECStatus rv = PK11_InitPin(slot.get(), nullptr, pw.c_str()); + // get old password and authenticate to db + PK11_SetPasswordFunc(&GetModulePassword); + std::string oldPw = GetPassword("Enter your current password: "); + PwData pwData = {PW_PLAINTEXT, const_cast<char *>(oldPw.c_str())}; + SECStatus rv = PK11_Authenticate(slot.get(), false /*loadCerts*/, &pwData); if (rv != SECSuccess) { - std::cerr << "Init db password failed." << std::endl; + std::cerr << "Password incorrect." << std::endl; + return false; + } + + // get new password + std::string newPw = GetNewPasswordFromUser(); + + if (PK11_ChangePW(slot.get(), oldPw.c_str(), newPw.c_str()) != SECSuccess) { + std::cerr << "Failed to change password." << std::endl; return false; } + std::cout << "Password changed successfully." << std::endl; return true; } diff --git a/nss-tool/common/util.h b/nss-tool/common/util.h index 8b3b0f11e..bfe6dbf70 100644 --- a/nss-tool/common/util.h +++ b/nss-tool/common/util.h @@ -18,6 +18,7 @@ typedef struct { } PwData; bool InitSlotPassword(void); +bool ChangeSlotPassword(void); bool DBLoginIfNeeded(const ScopedPK11SlotInfo &slot); std::string StringToHex(const ScopedSECItem &input); std::vector<char> ReadInputData(std::string &dataPath); |