diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /security/nss/cmd/validation/validation.c | |
parent | Initial commit. (diff) | |
download | firefox-esr-upstream.tar.xz firefox-esr-upstream.zip |
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/cmd/validation/validation.c')
-rw-r--r-- | security/nss/cmd/validation/validation.c | 250 |
1 files changed, 250 insertions, 0 deletions
diff --git a/security/nss/cmd/validation/validation.c b/security/nss/cmd/validation/validation.c new file mode 100644 index 0000000000..72db89a3f1 --- /dev/null +++ b/security/nss/cmd/validation/validation.c @@ -0,0 +1,250 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifdef _CRTDBG_MAP_ALLOC +#include <stdlib.h> +#include <crtdbg.h> +#endif + +#include "nspr.h" +#include "secutil.h" +#include "pk11func.h" +#include "nss.h" +#include "secport.h" +#include "secpkcs5.h" +#include "sechash.h" +#include "certdb.h" +#include "secmod.h" + +static char *progName; +PRBool debug = PR_FALSE; + +#define ERR_USAGE 2 +#define ERR_PK11GETSLOT 13 + +static void +Usage() +{ +#define FPS PR_fprintf(PR_STDERR, + FPS "Usage: %s [-d certdir] [-P dbprefix] [-h tokenname]\n", + progName); + FPS "\t\t [-k slotpwfile | -K slotpw] [-v]\n"); + + exit(ERR_USAGE); +} + +typedef enum { + tagULong, + tagVersion, + tagUtf8 +} tagType; + +typedef struct { + const char *attributeName; + tagType attributeStorageType; +} attributeTag; + +enum { + opt_CertDir = 0, + opt_TokenName, + opt_SlotPWFile, + opt_SlotPW, + opt_DBPrefix, + opt_Debug +}; + +static secuCommandFlag validation_options[] = { + { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE }, + { /* opt_TokenName */ 'h', PR_TRUE, 0, PR_FALSE }, + { /* opt_SlotPWFile */ 'k', PR_TRUE, 0, PR_FALSE }, + { /* opt_SlotPW */ 'K', PR_TRUE, 0, PR_FALSE }, + { /* opt_DBPrefix */ 'P', PR_TRUE, 0, PR_FALSE }, + { /* opt_Debug */ 'v', PR_FALSE, 0, PR_FALSE } +}; + +void +dump_Raw(char *label, CK_ATTRIBUTE *attr) +{ + int i; + unsigned char *value = (unsigned char *)attr->pValue; + printf("0x"); + for (i = 0; i < attr->ulValueLen; i++) { + printf("%02x", value[i]); + } + printf("<%s>\n", label); +} + +SECStatus +dump_validations(CK_OBJECT_CLASS objc, CK_ATTRIBUTE *template, int count, + attributeTag *tags, PK11SlotInfo *slot) +{ + PK11GenericObject *objs, *obj; + + objs = PK11_FindGenericObjects(slot, objc); + + for (obj = objs; obj != NULL; obj = PK11_GetNextGenericObject(obj)) { + int i; + printf("Validation Object:\n"); + PK11_ReadRawAttributes(NULL, PK11_TypeGeneric, obj, template, count); + for (i = 0; i < count; i++) { + CK_ULONG ulong; + CK_VERSION version; + int len = template[i].ulValueLen; + printf(" %s: ", tags[i].attributeName); + if (len < 0) { + printf("<failed>\n"); + } else if (len == 0) { + printf("<empty>\n"); + } else + switch (tags[i].attributeStorageType) { + case tagULong: + if (len != sizeof(CK_ULONG)) { + dump_Raw("bad ulong", &template[i]); + break; + } + ulong = *(CK_ULONG *)template[i].pValue; + printf("%ld\n", ulong); + break; + case tagVersion: + if (len != sizeof(CK_VERSION)) { + dump_Raw("bad version", &template[i]); + break; + } + version = *(CK_VERSION *)template[i].pValue; + printf("%d.%d\n", version.major, version.minor); + break; + case tagUtf8: + printf("%.*s\n", len, (char *)template[i].pValue); + break; + default: + dump_Raw("unknown tag", &template[i]); + break; + } + PORT_Free(template[i].pValue); + template[i].pValue = NULL; + template[i].ulValueLen = 0; + } + } + PK11_DestroyGenericObjects(objs); + return SECSuccess; +} + +int +main(int argc, char **argv) +{ + secuPWData slotPw = { PW_NONE, NULL }; + secuPWData p12FilePw = { PW_NONE, NULL }; + PK11SlotInfo *slot = NULL; + char *slotname = NULL; + char *dbprefix = ""; + char *nssdir = NULL; + SECStatus rv; + secuCommand validation; + int local_errno = 0; + + CK_ATTRIBUTE validation_template[] = { + { CKA_NSS_VALIDATION_TYPE, NULL, 0 }, + { CKA_NSS_VALIDATION_VERSION, NULL, 0 }, + { CKA_NSS_VALIDATION_LEVEL, NULL, 0 }, + { CKA_NSS_VALIDATION_MODULE_ID, NULL, 0 } + }; + attributeTag validation_tags[] = { + { "Validation Type", tagULong }, + { "Validation Version", tagVersion }, + { "Validation Level", tagULong }, + { "Validation Module ID", tagUtf8 }, + }; + +#ifdef _CRTDBG_MAP_ALLOC + _CrtSetDbgFlag(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_LEAK_CHECK_DF); +#endif + + validation.numCommands = 0; + validation.commands = 0; + validation.numOptions = PR_ARRAY_SIZE(validation_options); + validation.options = validation_options; + + progName = strrchr(argv[0], '/'); + progName = progName ? progName + 1 : argv[0]; + + rv = SECU_ParseCommandLine(argc, argv, progName, &validation); + + if (rv != SECSuccess) + Usage(); + + debug = validation.options[opt_Debug].activated; + + slotname = SECU_GetOptionArg(&validation, opt_TokenName); + + if (validation.options[opt_SlotPWFile].activated) { + slotPw.source = PW_FROMFILE; + slotPw.data = PORT_Strdup(validation.options[opt_SlotPWFile].arg); + } + + if (validation.options[opt_SlotPW].activated) { + slotPw.source = PW_PLAINTEXT; + slotPw.data = PORT_Strdup(validation.options[opt_SlotPW].arg); + } + + if (validation.options[opt_CertDir].activated) { + nssdir = validation.options[opt_CertDir].arg; + } + if (validation.options[opt_DBPrefix].activated) { + dbprefix = validation.options[opt_DBPrefix].arg; + } + + PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); + if (nssdir == NULL && NSS_NoDB_Init("") == SECSuccess) { + rv = SECSuccess; + /* if the system isn't already in FIPS mode, we need + * to switch to FIPS mode */ + if (!PK11_IsFIPS()) { + /* flip to FIPS mode */ + SECMODModule *module = SECMOD_GetInternalModule(); + rv = SECMOD_DeleteInternalModule(module->commonName); + } + } else if (nssdir != NULL) { + rv = NSS_Initialize(nssdir, dbprefix, dbprefix, "secmod.db", 0); + } + if (rv != SECSuccess) { + SECU_PrintPRandOSError(progName); + local_errno = -1; + goto done; + } + + if (!slotname || PL_strcmp(slotname, "internal") == 0) + slot = PK11_GetInternalKeySlot(); + else + slot = PK11_FindSlotByName(slotname); + + if (!slot) { + SECU_PrintError(progName, "Invalid slot \"%s\"", + slotname ? "internal" : slotname); + local_errno = ERR_PK11GETSLOT; + goto done; + } + + rv = dump_validations(CKO_NSS_VALIDATION, + validation_template, + PR_ARRAY_SIZE(validation_template), + validation_tags, + slot); + +done: + if (slotPw.data != NULL) + PORT_ZFree(slotPw.data, PL_strlen(slotPw.data)); + if (p12FilePw.data != NULL) + PORT_ZFree(p12FilePw.data, PL_strlen(p12FilePw.data)); + if (slotname) { + PORT_Free(slotname); + } + if (slot) + PK11_FreeSlot(slot); + if (NSS_Shutdown() != SECSuccess) { + local_errno = 1; + } + PL_ArenaFinish(); + PR_Cleanup(); + return local_errno; +} |