diff options
Diffstat (limited to 'nss-tool/common/util.cc')
-rw-r--r-- | nss-tool/common/util.cc | 53 |
1 files changed, 44 insertions, 9 deletions
diff --git a/nss-tool/common/util.cc b/nss-tool/common/util.cc index 7cc4352c6..5b7ed0b9d 100644 --- a/nss-tool/common/util.cc +++ b/nss-tool/common/util.cc @@ -85,6 +85,21 @@ static std::vector<char> ReadFromIstream(std::istream &is) { return certData; } +static std::string GetNewPasswordFromUser(void) { + std::string pw; + + while (true) { + pw = GetPassword("Enter new password: "); + if (pw == GetPassword("Re-enter password: ")) { + break; + } + + std::cerr << "Passwords do not match. Try again." << std::endl; + } + + return pw; +} + bool InitSlotPassword(void) { ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot()); if (slot.get() == nullptr) { @@ -95,23 +110,43 @@ bool InitSlotPassword(void) { std::cout << "Enter a password which will be used to encrypt your keys." << std::endl << std::endl; - std::string pw; + std::string pw = GetNewPasswordFromUser(); - while (true) { - pw = GetPassword("Enter new password: "); - if (pw == GetPassword("Re-enter password: ")) { - break; - } + SECStatus rv = PK11_InitPin(slot.get(), nullptr, pw.c_str()); + if (rv != SECSuccess) { + std::cerr << "Init db password failed." << std::endl; + return false; + } - std::cerr << "Passwords do not match. Try again." << std::endl; + return true; +} + +bool ChangeSlotPassword(void) { + ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot()); + if (slot.get() == nullptr) { + std::cerr << "Error: Init PK11SlotInfo failed!" << std::endl; + return false; } - SECStatus rv = PK11_InitPin(slot.get(), nullptr, pw.c_str()); + // get old password and authenticate to db + PK11_SetPasswordFunc(&GetModulePassword); + std::string oldPw = GetPassword("Enter your current password: "); + PwData pwData = {PW_PLAINTEXT, const_cast<char *>(oldPw.c_str())}; + SECStatus rv = PK11_Authenticate(slot.get(), false /*loadCerts*/, &pwData); if (rv != SECSuccess) { - std::cerr << "Init db password failed." << std::endl; + std::cerr << "Password incorrect." << std::endl; + return false; + } + + // get new password + std::string newPw = GetNewPasswordFromUser(); + + if (PK11_ChangePW(slot.get(), oldPw.c_str(), newPw.c_str()) != SECSuccess) { + std::cerr << "Failed to change password." << std::endl; return false; } + std::cout << "Password changed successfully." << std::endl; return true; } |