/* ***** BEGIN LICENSE BLOCK ***** * Version: MPL 1.1/GPL 2.0/LGPL 2.1 * * The contents of this file are subject to the Mozilla Public License Version * 1.1 (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS IS" basis, * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License * for the specific language governing rights and limitations under the * License. * * The Original Code is the Netscape security libraries. * * The Initial Developer of the Original Code is * Netscape Communications Corporation. * Portions created by the Initial Developer are Copyright (C) 1994-2000 * the Initial Developer. All Rights Reserved. * * Contributor(s): * Sonja Mirtitsch Sun Microsystems * * Alternatively, the contents of this file may be used under the terms of * either the GNU General Public License Version 2 or later (the "GPL"), or * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), * in which case the provisions of the GPL or the LGPL are applicable instead * of those above. If you wish to allow use of your version of this file only * under the terms of either the GPL or the LGPL, and not to allow others to * use your version of this file under the terms of the MPL, indicate your * decision by deleting the provisions above and replace them with the notice * and other provisions required by the GPL or the LGPL. If you do not delete * the provisions above, a recipient may use your version of this file under * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ /* ** dbtest.c ** ** QA test for cert and key databases, especially to open ** database readonly (NSS_INIT_READONLY) and force initializations ** even if the databases cannot be opened (NSS_INIT_FORCEOPEN) ** */ #include #include #if defined(WIN32) #include "fcntl.h" #include "io.h" #endif #include "secutil.h" #include "pk11pub.h" #if defined(XP_UNIX) #include #endif #include "nspr.h" #include "prtypes.h" #include "certdb.h" #include "nss.h" #include "../modutil/modutil.h" #include "plgetopt.h" static char *progName; char *dbDir = NULL; static char *dbName[]={"secmod.db", "cert8.db", "key3.db"}; static char* dbprefix = ""; static char* secmodName = "secmod.db"; static char* userPassword = ""; PRBool verbose; static char * getPassword(PK11SlotInfo *slot, PRBool retry, void *arg) { int *success = (int *)arg; if (retry) { *success = 0; return NULL; } *success = 1; return PORT_Strdup(userPassword); } static void Usage(const char *progName) { printf("Usage: %s [-r] [-f] [-i] [-d dbdir ] \n", progName); printf("%-20s open database readonly (NSS_INIT_READONLY)\n", "-r"); printf("%-20s Continue to force initializations even if the\n", "-f"); printf("%-20s databases cannot be opened (NSS_INIT_FORCEOPEN)\n", " "); printf("%-20s Try to initialize the database\n", "-i"); printf("%-20s Supply a password with which to initialize the db\n", "-p"); printf("%-20s Directory with cert database (default is .\n", "-d certdir"); exit(1); } int main(int argc, char **argv) { PLOptState *optstate; PLOptStatus optstatus; PRUint32 flags = 0; Error ret; SECStatus rv; char * dbString = NULL; PRBool doInitTest = PR_FALSE; int i; progName = strrchr(argv[0], '/'); if (!progName) progName = strrchr(argv[0], '\\'); progName = progName ? progName+1 : argv[0]; optstate = PL_CreateOptState(argc, argv, "rfip:d:h"); while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case 'h': default : Usage(progName); break; case 'r': flags |= NSS_INIT_READONLY; break; case 'f': flags |= NSS_INIT_FORCEOPEN; break; case 'i': doInitTest = PR_TRUE; break; case 'p': userPassword = PORT_Strdup(optstate->value); break; case 'd': dbDir = PORT_Strdup(optstate->value); break; } } if (optstatus == PL_OPT_BAD) Usage(progName); if (!dbDir) { dbDir = SECU_DefaultSSLDir(); /* Look in $SSL_DIR */ } dbDir = SECU_ConfigDirectory(dbDir); PR_fprintf(PR_STDERR, "dbdir selected is %s\n\n", dbDir); if( dbDir[0] == '\0') { PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dbDir); ret= DIR_DOESNT_EXIST_ERR; goto loser; } PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); /* get the status of the directory and databases and output message */ if(PR_Access(dbDir, PR_ACCESS_EXISTS) != PR_SUCCESS) { PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dbDir); } else if(PR_Access(dbDir, PR_ACCESS_READ_OK) != PR_SUCCESS) { PR_fprintf(PR_STDERR, errStrings[DIR_NOT_READABLE_ERR], dbDir); } else { if( !( flags & NSS_INIT_READONLY ) && PR_Access(dbDir, PR_ACCESS_WRITE_OK) != PR_SUCCESS) { PR_fprintf(PR_STDERR, errStrings[DIR_NOT_WRITEABLE_ERR], dbDir); } if (!doInitTest) { for (i=0;i<3;i++) { dbString=PR_smprintf("%s/%s",dbDir,dbName[i]); PR_fprintf(PR_STDOUT, "database checked is %s\n",dbString); if(PR_Access(dbString, PR_ACCESS_EXISTS) != PR_SUCCESS) { PR_fprintf(PR_STDERR, errStrings[FILE_DOESNT_EXIST_ERR], dbString); } else if(PR_Access(dbString, PR_ACCESS_READ_OK) != PR_SUCCESS) { PR_fprintf(PR_STDERR, errStrings[FILE_NOT_READABLE_ERR], dbString); } else if( !( flags & NSS_INIT_READONLY ) && PR_Access(dbString, PR_ACCESS_WRITE_OK) != PR_SUCCESS) { PR_fprintf(PR_STDERR, errStrings[FILE_NOT_WRITEABLE_ERR], dbString); } } } } rv = NSS_Initialize(SECU_ConfigDirectory(dbDir), dbprefix, dbprefix, secmodName, flags); if (rv != SECSuccess) { SECU_PrintPRandOSError(progName); ret=NSS_INITIALIZE_FAILED_ERR; } else { ret=SUCCESS; if (doInitTest) { PK11SlotInfo * slot = PK11_GetInternalKeySlot(); SECStatus rv; int passwordSuccess = 0; int type = CKM_DES3_CBC; SECItem keyid = { 0, NULL, 0 }; unsigned char keyIdData[] = { 0xff, 0xfe }; PK11SymKey *key = NULL; keyid.data = keyIdData; keyid.len = sizeof(keyIdData); PK11_SetPasswordFunc(getPassword); rv = PK11_InitPin(slot, (char *)NULL, userPassword); if (rv != SECSuccess) { PR_fprintf(PR_STDERR, "Failed to Init DB: %s\n", SECU_Strerror(PORT_GetError())); ret = CHANGEPW_FAILED_ERR; } if (*userPassword && !PK11_IsLoggedIn(slot, &passwordSuccess)) { PR_fprintf(PR_STDERR, "New DB did not log in after init\n"); ret = AUTHENTICATION_FAILED_ERR; } /* generate a symetric key */ key = PK11_TokenKeyGen(slot, type, NULL, 0, &keyid, PR_TRUE, &passwordSuccess); if (!key) { PR_fprintf(PR_STDERR, "Could not generated symetric key: %s\n", SECU_Strerror(PORT_GetError())); exit (UNSPECIFIED_ERR); } PK11_FreeSymKey(key); PK11_Logout(slot); PK11_Authenticate(slot, PR_TRUE, &passwordSuccess); if (*userPassword && !passwordSuccess) { PR_fprintf(PR_STDERR, "New DB Did not initalize\n"); ret = AUTHENTICATION_FAILED_ERR; } key = PK11_FindFixedKey(slot, type, &keyid, &passwordSuccess); if (!key) { PR_fprintf(PR_STDERR, "Could not find generated key: %s\n", SECU_Strerror(PORT_GetError())); ret = UNSPECIFIED_ERR; } else { PK11_FreeSymKey(key); } PK11_FreeSlot(slot); } if (NSS_Shutdown() != SECSuccess) { PR_fprintf(PR_STDERR, "Could not find generated key: %s\n", SECU_Strerror(PORT_GetError())); exit(1); } } loser: return ret; }