Use NSS_initialization.

Remove Low level SECKEY calls (not the private key management is now broken until PK11 calls are added to replace them).
author: relyea%netscape.com <devnull@localhost> 2001-01-06 21:11:34 +0000
committer: relyea%netscape.com <devnull@localhost> 2001-01-06 21:11:34 +0000
commit: 98ccd3950bfd984c498a5e81f899c8ef00691216 (patch)
tree: d84936e9d0491a42e71e28b2dc82f2374b13af07 /security/nss/cmd/certutil
parent: 6c6f67506b6c4fc95bdc2a265a79492ccf473e19 (diff)
download: nss-hg-98ccd3950bfd984c498a5e81f899c8ef00691216.tar.gz
1 files changed, 13 insertions, 29 deletions
diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c
index acc0e20b1..b46a59785 100644
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -62,11 +62,6 @@
 #include "cryptohi.h"
 #include "secoid.h"
 #include "certdb.h"
-#include "cdbhdl.h"
-
-/* SEC_Init is now declared in secutil.h */
-/* We really should convert to using NSS, but it doesn't provide all
- * of the functionality we need (like opening the databases writeable). */
 
 #define MIN_KEY_BITS		512
 #define MAX_KEY_BITS		2048
@@ -742,19 +737,7 @@ ValidateCert(CERTCertDBHandle *handle, char *name, char *date,
     return (rv);
 }
 
-SECKEYLowPrivateKey*
-GetPrivKeyFromNickname(char *nickname)
-{
-    /* check if key actually exists */
-    if (SECU_CheckKeyNameExists(NULL, nickname) == PR_FALSE) {
-	SECU_PrintError(progName, "the key \"%s\" does not exist", nickname);
-	return NULL;
-    }
-
-    /* Read in key */
-    return SECU_GetPrivateKey(NULL, nickname);
-}
-
+#ifdef notdef
 static SECStatus
 DumpPublicKey(int dbindex, char *nickname, FILE *out)
 {
@@ -828,6 +811,7 @@ DumpPrivateKey(int dbindex, char *nickname, FILE *out)
     }
     return SECSuccess;
 }
+#endif
 
 static SECStatus
 printKeyCB(SECKEYPublicKey *key, SECItem *data, void *arg)
@@ -867,6 +851,7 @@ listKeys(PK11SlotInfo *slot, KeyType keyType, void *pwarg)
 {
     SECStatus rv = SECSuccess;
 
+#ifdef notdef
     if (PK11_IsInternal(slot)) {
 	/* Print all certs in internal slot db. */
 	rv = SECU_PrintKeyNames(SECKEY_GetDefaultKeyDB(), stdout);
@@ -875,6 +860,7 @@ listKeys(PK11SlotInfo *slot, KeyType keyType, void *pwarg)
 	    return SECFailure;
 	}
     } else {
+#endif
 	/* XXX need a function as below */
 	/* could iterate over certs on slot and print keys */
 	/* this would miss stranded keys */
@@ -886,9 +872,11 @@ listKeys(PK11SlotInfo *slot, KeyType keyType, void *pwarg)
 	    SECU_PrintError(progName, "problem listing keys");
 	    return SECFailure;
 	}
-	return SECFailure;
+	return SECSuccess;
+#ifdef notdef
     }
     return rv;
+#endif
 }
 
 static SECStatus
@@ -903,6 +891,7 @@ ListKeys(PK11SlotInfo *slot, char *keyname, int index,
         pwdata.data = passFile;
     }
 
+#ifdef notdef
     if (keyname) {
 	if (dopriv) {
 	    return DumpPrivateKey(index, keyname, stdout);
@@ -910,6 +899,7 @@ ListKeys(PK11SlotInfo *slot, char *keyname, int index,
 	    return DumpPublicKey(index, keyname, stdout);
 	}
     }
+#endif
     /* For now, split handling of slot to internal vs. other.  slot should
      * probably be allowed to be NULL so that all slots can be listed.
      * In that case, need to add a call to PK11_TraverseSlotCerts().
@@ -2112,7 +2102,6 @@ int
 main(int argc, char **argv)
 {
     CERTCertDBHandle *certHandle;
-    SECKEYKeyDBHandle *keyHandle;
     PK11SlotInfo *slot = NULL;
     CERTName *  subject         = 0;
     PRFileDesc *inFile          = 0;
@@ -2423,15 +2412,8 @@ main(int argc, char **argv)
 
     /*  Initialize NSPR and NSS.  */
     PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-    SEC_Init();
-    certHandle = SECU_OpenCertDB(PR_FALSE);
-    if (certHandle == NULL) {
-	SECU_PrintError(progName, "unable to open cert database");
-	return -1;
-    }
-    CERT_SetDefaultCertDB(certHandle);
-    keyHandle = SECKEY_GetDefaultKeyDB();
-    SECU_PKCS11Init(PR_FALSE);
+    NSS_InitReadWrite(SECU_ConfigDirectory(NULL));
+    certHandle = CERT_GetDefaultCertDB();
 
     if (certutil.commands[cmd_Version].activated) {
 	int version = CERT_GetDBContentVersion(certHandle);
@@ -2476,11 +2458,13 @@ main(int argc, char **argv)
 	rv = DeleteCert(certHandle, name);
 	return !rv - 1;
     }
+#ifdef notdef
     /*  Delete key (-F)  */
     if (certutil.commands[cmd_DeleteKey].activated) {
 	rv = DeleteKey(keyHandle, name);
 	return !rv - 1;
     }
+#endif
     /*  Modify trust attribute for cert (-M)  */
     if (certutil.commands[cmd_ModifyCertTrust].activated) {
 	rv = ChangeTrustAttributes(certHandle, name,
author	relyea%netscape.com <devnull@localhost>	2001-01-06 21:11:34 +0000
committer	relyea%netscape.com <devnull@localhost>	2001-01-06 21:11:34 +0000
commit	98ccd3950bfd984c498a5e81f899c8ef00691216 (patch)
tree	d84936e9d0491a42e71e28b2dc82f2374b13af07 /security/nss/cmd/certutil
parent	6c6f67506b6c4fc95bdc2a265a79492ccf473e19 (diff)
download	nss-hg-98ccd3950bfd984c498a5e81f899c8ef00691216.tar.gz