Adding upstream version 124.0.1.upstream/124.0.1

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

4 files changed, 351 insertions, 0 deletions

diff --git a/security/nss/cmd/validation/Makefile b/security/nss/cmd/validation/Makefile
new file mode 100644
index 0000000000..d7c879aec2
--- /dev/null
+++ b/security/nss/cmd/validation/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/security/nss/cmd/validation/manifest.mn b/security/nss/cmd/validation/manifest.mn
new file mode 100644
index 0000000000..98fbe341d2
--- /dev/null
+++ b/security/nss/cmd/validation/manifest.mn
@@ -0,0 +1,23 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+DEFINES += -DNSPR20
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = \
+	validation.c \
+	$(NULL)
+
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = dbm seccmd
+
+PROGRAM = validation
+
+# USE_STATIC_LIBS = 1
diff --git a/security/nss/cmd/validation/validation.c b/security/nss/cmd/validation/validation.c
new file mode 100644
index 0000000000..72db89a3f1
--- /dev/null
+++ b/security/nss/cmd/validation/validation.c
@@ -0,0 +1,250 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef _CRTDBG_MAP_ALLOC
+#include <stdlib.h>
+#include <crtdbg.h>
+#endif
+
+#include "nspr.h"
+#include "secutil.h"
+#include "pk11func.h"
+#include "nss.h"
+#include "secport.h"
+#include "secpkcs5.h"
+#include "sechash.h"
+#include "certdb.h"
+#include "secmod.h"
+
+static char *progName;
+PRBool debug = PR_FALSE;
+
+#define ERR_USAGE 2
+#define ERR_PK11GETSLOT 13
+
+static void
+Usage()
+{
+#define FPS PR_fprintf(PR_STDERR,
+    FPS "Usage:	 %s [-d certdir] [-P dbprefix] [-h tokenname]\n",
+				 progName);
+    FPS "\t\t [-k slotpwfile | -K slotpw] [-v]\n");
+
+    exit(ERR_USAGE);
+}
+
+typedef enum {
+    tagULong,
+    tagVersion,
+    tagUtf8
+} tagType;
+
+typedef struct {
+    const char *attributeName;
+    tagType attributeStorageType;
+} attributeTag;
+
+enum {
+    opt_CertDir = 0,
+    opt_TokenName,
+    opt_SlotPWFile,
+    opt_SlotPW,
+    opt_DBPrefix,
+    opt_Debug
+};
+
+static secuCommandFlag validation_options[] = {
+    { /* opt_CertDir        */ 'd', PR_TRUE, 0, PR_FALSE },
+    { /* opt_TokenName      */ 'h', PR_TRUE, 0, PR_FALSE },
+    { /* opt_SlotPWFile     */ 'k', PR_TRUE, 0, PR_FALSE },
+    { /* opt_SlotPW         */ 'K', PR_TRUE, 0, PR_FALSE },
+    { /* opt_DBPrefix       */ 'P', PR_TRUE, 0, PR_FALSE },
+    { /* opt_Debug          */ 'v', PR_FALSE, 0, PR_FALSE }
+};
+
+void
+dump_Raw(char *label, CK_ATTRIBUTE *attr)
+{
+    int i;
+    unsigned char *value = (unsigned char *)attr->pValue;
+    printf("0x");
+    for (i = 0; i < attr->ulValueLen; i++) {
+        printf("%02x", value[i]);
+    }
+    printf("<%s>\n", label);
+}
+
+SECStatus
+dump_validations(CK_OBJECT_CLASS objc, CK_ATTRIBUTE *template, int count,
+                 attributeTag *tags, PK11SlotInfo *slot)
+{
+    PK11GenericObject *objs, *obj;
+
+    objs = PK11_FindGenericObjects(slot, objc);
+
+    for (obj = objs; obj != NULL; obj = PK11_GetNextGenericObject(obj)) {
+        int i;
+        printf("Validation Object:\n");
+        PK11_ReadRawAttributes(NULL, PK11_TypeGeneric, obj, template, count);
+        for (i = 0; i < count; i++) {
+            CK_ULONG ulong;
+            CK_VERSION version;
+            int len = template[i].ulValueLen;
+            printf("    %s: ", tags[i].attributeName);
+            if (len < 0) {
+                printf("<failed>\n");
+            } else if (len == 0) {
+                printf("<empty>\n");
+            } else
+                switch (tags[i].attributeStorageType) {
+                    case tagULong:
+                        if (len != sizeof(CK_ULONG)) {
+                            dump_Raw("bad ulong", &template[i]);
+                            break;
+                        }
+                        ulong = *(CK_ULONG *)template[i].pValue;
+                        printf("%ld\n", ulong);
+                        break;
+                    case tagVersion:
+                        if (len != sizeof(CK_VERSION)) {
+                            dump_Raw("bad version", &template[i]);
+                            break;
+                        }
+                        version = *(CK_VERSION *)template[i].pValue;
+                        printf("%d.%d\n", version.major, version.minor);
+                        break;
+                    case tagUtf8:
+                        printf("%.*s\n", len, (char *)template[i].pValue);
+                        break;
+                    default:
+                        dump_Raw("unknown tag", &template[i]);
+                        break;
+                }
+            PORT_Free(template[i].pValue);
+            template[i].pValue = NULL;
+            template[i].ulValueLen = 0;
+        }
+    }
+    PK11_DestroyGenericObjects(objs);
+    return SECSuccess;
+}
+
+int
+main(int argc, char **argv)
+{
+    secuPWData slotPw = { PW_NONE, NULL };
+    secuPWData p12FilePw = { PW_NONE, NULL };
+    PK11SlotInfo *slot = NULL;
+    char *slotname = NULL;
+    char *dbprefix = "";
+    char *nssdir = NULL;
+    SECStatus rv;
+    secuCommand validation;
+    int local_errno = 0;
+
+    CK_ATTRIBUTE validation_template[] = {
+        { CKA_NSS_VALIDATION_TYPE, NULL, 0 },
+        { CKA_NSS_VALIDATION_VERSION, NULL, 0 },
+        { CKA_NSS_VALIDATION_LEVEL, NULL, 0 },
+        { CKA_NSS_VALIDATION_MODULE_ID, NULL, 0 }
+    };
+    attributeTag validation_tags[] = {
+        { "Validation Type", tagULong },
+        { "Validation Version", tagVersion },
+        { "Validation Level", tagULong },
+        { "Validation Module ID", tagUtf8 },
+    };
+
+#ifdef _CRTDBG_MAP_ALLOC
+    _CrtSetDbgFlag(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_LEAK_CHECK_DF);
+#endif
+
+    validation.numCommands = 0;
+    validation.commands = 0;
+    validation.numOptions = PR_ARRAY_SIZE(validation_options);
+    validation.options = validation_options;
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName + 1 : argv[0];
+
+    rv = SECU_ParseCommandLine(argc, argv, progName, &validation);
+
+    if (rv != SECSuccess)
+        Usage();
+
+    debug = validation.options[opt_Debug].activated;
+
+    slotname = SECU_GetOptionArg(&validation, opt_TokenName);
+
+    if (validation.options[opt_SlotPWFile].activated) {
+        slotPw.source = PW_FROMFILE;
+        slotPw.data = PORT_Strdup(validation.options[opt_SlotPWFile].arg);
+    }
+
+    if (validation.options[opt_SlotPW].activated) {
+        slotPw.source = PW_PLAINTEXT;
+        slotPw.data = PORT_Strdup(validation.options[opt_SlotPW].arg);
+    }
+
+    if (validation.options[opt_CertDir].activated) {
+        nssdir = validation.options[opt_CertDir].arg;
+    }
+    if (validation.options[opt_DBPrefix].activated) {
+        dbprefix = validation.options[opt_DBPrefix].arg;
+    }
+
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+    if (nssdir == NULL && NSS_NoDB_Init("") == SECSuccess) {
+        rv = SECSuccess;
+        /* if the system isn't already in FIPS mode, we need
+         * to switch to FIPS mode */
+        if (!PK11_IsFIPS()) {
+            /* flip to FIPS mode */
+            SECMODModule *module = SECMOD_GetInternalModule();
+            rv = SECMOD_DeleteInternalModule(module->commonName);
+        }
+    } else if (nssdir != NULL) {
+        rv = NSS_Initialize(nssdir, dbprefix, dbprefix, "secmod.db", 0);
+    }
+    if (rv != SECSuccess) {
+        SECU_PrintPRandOSError(progName);
+        local_errno = -1;
+        goto done;
+    }
+
+    if (!slotname || PL_strcmp(slotname, "internal") == 0)
+        slot = PK11_GetInternalKeySlot();
+    else
+        slot = PK11_FindSlotByName(slotname);
+
+    if (!slot) {
+        SECU_PrintError(progName, "Invalid slot \"%s\"",
+                        slotname ? "internal" : slotname);
+        local_errno = ERR_PK11GETSLOT;
+        goto done;
+    }
+
+    rv = dump_validations(CKO_NSS_VALIDATION,
+                          validation_template,
+                          PR_ARRAY_SIZE(validation_template),
+                          validation_tags,
+                          slot);
+
+done:
+    if (slotPw.data != NULL)
+        PORT_ZFree(slotPw.data, PL_strlen(slotPw.data));
+    if (p12FilePw.data != NULL)
+        PORT_ZFree(p12FilePw.data, PL_strlen(p12FilePw.data));
+    if (slotname) {
+        PORT_Free(slotname);
+    }
+    if (slot)
+        PK11_FreeSlot(slot);
+    if (NSS_Shutdown() != SECSuccess) {
+        local_errno = 1;
+    }
+    PL_ArenaFinish();
+    PR_Cleanup();
+    return local_errno;
+}
diff --git a/security/nss/cmd/validation/validation.gyp b/security/nss/cmd/validation/validation.gyp
new file mode 100644
index 0000000000..32edd30a4a
--- /dev/null
+++ b/security/nss/cmd/validation/validation.gyp
@@ -0,0 +1,30 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'validation',
+      'type': 'executable',
+      'sources': [
+        'validation.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSPR20'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}