1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
10 static int is_dir (char *filename
);
12 /***********************************************************
13 * Nasty hackish function definitions
16 long *mozilla_event_queue
= 0;
19 char *XP_GetString (int i
)
21 return SECU_Strerror (i
);
25 void FE_SetPasswordEnabled()
30 void /*MWContext*/ *FE_GetInitContext (void)
36 void /*MWContext*/ *XP_FindSomeContext()
38 /* No windows context in command tools */
43 void ET_moz_CallFunction()
49 * R e m o v e A l l A r c
51 * Remove .arc directories that are lingering
52 * from a previous run of signtool.
56 RemoveAllArc(char *tree
)
63 dir
= PR_OpenDir (tree
);
67 for (entry
= PR_ReadDir (dir
, 0); entry
; entry
= PR_ReadDir (dir
,
70 if (entry
->name
[0] == '.') {
76 archive
= PR_smprintf("%s/%s", tree
, entry
->name
);
78 if (PL_strcaserstr (entry
->name
, ".arc")
79 == (entry
->name
+ strlen(entry
->name
) - 4) ) {
82 PR_fprintf(outputFD
, "removing: %s\n", archive
);
85 if (rm_dash_r(archive
)) {
86 PR_fprintf(errorFD
, "Error removing %s\n", archive
);
91 } else if (is_dir(archive
)) {
92 if (RemoveAllArc(archive
)) {
111 * Remove a file, or a directory recursively.
114 int rm_dash_r (char *path
)
119 char filename
[FNSIZE
];
121 if (PR_GetFileInfo(path
, &fileinfo
) != PR_SUCCESS
) {
122 /*fprintf(stderr, "Error: Unable to access %s\n", filename);*/
125 if (fileinfo
.type
== PR_FILE_DIRECTORY
) {
127 dir
= PR_OpenDir(path
);
129 PR_fprintf(errorFD
, "Error: Unable to open directory %s.\n", path
);
134 /* Recursively delete all entries in the directory */
135 while ((entry
= PR_ReadDir(dir
, PR_SKIP_BOTH
)) != NULL
) {
136 sprintf(filename
, "%s/%s", path
, entry
->name
);
137 if (rm_dash_r(filename
))
141 if (PR_CloseDir(dir
) != PR_SUCCESS
) {
142 PR_fprintf(errorFD
, "Error: Could not close %s.\n", path
);
147 /* Delete the directory itself */
148 if (PR_RmDir(path
) != PR_SUCCESS
) {
149 PR_fprintf(errorFD
, "Error: Unable to delete %s\n", path
);
154 if (PR_Delete(path
) != PR_SUCCESS
) {
155 PR_fprintf(errorFD
, "Error: Unable to delete %s\n", path
);
167 * Print some useful help information
175 #define FPS PR_fprintf(outputFD,
176 FPS
"%s %s -a signing tool for jar files\n", LONG_PROGRAM_NAME
,NSS_VERSION
);
177 FPS
"\n\nType %s -H for more detailed descriptions\n", PROGRAM_NAME
);
178 FPS
"\nUsage: %s -k keyName [-b basename] [-c Compression Level]\n"
179 "\t\t [-d cert-dir] [-i installer script] [-m metafile] [-x name]\n"
180 "\t\t [-e extension] [-o] [-z] [-X] [--outfile] [--verbose value]\n"
181 "\t\t [--norecurse] [--leavearc] [-j directory] [-Z jarfile] [-O]\n"
182 "\t\t [-p password] directory-tree\n", PROGRAM_NAME
);
183 FPS
"\t%s -J -k keyName [-b basename] [-c Compression Level]\n"
184 "\t\t [-d cert-dir][-i installer script] [-m metafile] [-x name]\n"
185 "\t\t [-e extension] [-o] [-z] [-X] [--outfile] [--verbose value]\n"
186 "\t\t [--norecurse] [--leavearc] [-j directory] [-p password] [-O] \n"
187 "\t\t directory-tree\n", PROGRAM_NAME
);
188 FPS
"\t%s -h \n", PROGRAM_NAME
);
189 FPS
"\t%s -H \n", PROGRAM_NAME
);
190 FPS
"\t%s -l [-k keyName] [-d cert-dir] [--outfile] [-O] \n", PROGRAM_NAME
);
191 FPS
"\t%s -L [-k keyName] [-d cert-dir] [--outfile] [-O] \n", PROGRAM_NAME
);
192 FPS
"\t%s -M [--outfile] [-O] \n", PROGRAM_NAME
);
193 FPS
"\t%s -v [-d cert-dir] [--outfile] [-O] archive\n", PROGRAM_NAME
);
194 FPS
"\t%s -w [--outfile] [-O] archive\n" , PROGRAM_NAME
);
195 FPS
"\t%s -G nickname [--keysize|-s size] [-t |--token tokenname]\n"
196 "\t\t [--outfile] [-O] \n", PROGRAM_NAME
);
197 FPS
"\t%s -f filename\n" , PROGRAM_NAME
);
204 FPS
"%s %s -a signing tool for jar files\n", LONG_PROGRAM_NAME
,NSS_VERSION
);
205 FPS
"\n%-20s Signs the directory-tree\n",
206 "signtool directory-tree");
207 FPS
"%-30s Nickname (key) of the certificate to sign with\n",
209 FPS
"%-30s Base filename for the .rsa and.sf files in the\n",
211 FPS
"%-30s META-INF directory\n"," ");
212 FPS
"%-30s Set the compression level. 0-9, 0=none\n",
213 " -c CompressionLevel");
214 FPS
"%-30s Certificate database directory containing cert*db\n",
215 " -d certificate directory");
216 FPS
"%-30s and key*db\n"," ");
217 FPS
"%-30s Name of the installer script for SmartUpdate\n",
218 " -i installer script");
219 FPS
"%-30s Name of a metadata control file\n",
221 FPS
"%-30s For optimizing the archive for size.\n",
223 FPS
"%-30s Omit Optional Headers\n"," ");
224 FPS
"%-30s Excludes the specified directory or file from\n",
225 " -x directory or file name");
226 FPS
"%-30s signing\n"," ");
227 FPS
"%-30s To not store the signing time in digital\n",
228 " -z directory or file name");
229 FPS
"%-30s signature\n"," ");
230 FPS
"%-30s Create XPI Compatible Archive. It requires -Z\n",
231 " -X directory or file name");
232 FPS
"%-30s option\n"," ");
233 FPS
"%-30s Sign only files with the given extension\n",
235 FPS
"%-30s Causes the specified directory to be signed and\n",
237 FPS
"%-30s tags its entries as inline JavaScript\n"," ");
238 FPS
"%-30s Creates a JAR file with the specified name.\n",
240 FPS
"%-30s -Z option cannot be used with -J option\n"," ");
241 FPS
"%-30s Specifies a password for the private-key database\n",
243 FPS
"%-30s (insecure)\n"," ");
244 FPS
"%-30s File to receive redirected output\n",
245 " --outfile filename");
246 FPS
"%-30s Sets the quantity of information generated in\n",
247 " --verbosity value");
248 FPS
"%-30s operation\n"," ");
249 FPS
"%-30s Blocks recursion into subdirectories\n",
251 FPS
"%-30s Retains the temporary .arc (archive) directories\n",
253 FPS
"%-30s -J option creates\n"," ");
255 FPS
"\n%-20s Signs a directory of HTML files containing JavaScript and\n",
257 FPS
"%-20s creates as many archive files as are in the HTML tags.\n"," ");
259 FPS
"%-20s The options are same as without any command option given\n"," ");
260 FPS
"%-20s above. -Z and -J options are not allowed together\n"," ");
262 FPS
"\n%-20s Generates a new private-public key pair and corresponding\n",
264 FPS
"%-20s object-signing certificates with the given nickname\n"," ");
265 FPS
"%-30s Specifies the size of the key for generated \n",
266 " --keysize|-s keysize");
267 FPS
"%-30s certificate\n"," ");
268 FPS
"%-30s Specifies which available token should generate\n",
269 " --token|-t token name ");
270 FPS
"%-30s the key and receive the certificate\n"," ");
271 FPS
"%-30s Specifies a file to receive redirected output\n",
272 " --outfile filename ");
274 FPS
"\n%-20s Display signtool help\n",
277 FPS
"\n%-20s Display signtool help(Detailed)\n",
280 FPS
"\n%-20s Lists signing certificates, including issuing CAs\n",
282 FPS
"%-30s Certificate database directory containing cert*db\n",
283 " -d certificate directory");
284 FPS
"%-30s and key*db\n"," ");
286 FPS
"%-30s Specifies a file to receive redirected output\n",
287 " --outfile filename ");
288 FPS
"%-30s Specifies the nickname (key) of the certificate\n",
292 FPS
"\n%-20s Lists the certificates in your database\n",
294 FPS
"%-30s Certificate database directory containing cert*db\n",
295 " -d certificate directory");
296 FPS
"%-30s and key*db\n"," ");
298 FPS
"%-30s Specifies a file to receive redirected output\n",
299 " --outfile filename ");
300 FPS
"%-30s Specifies the nickname (key) of the certificate\n",
303 FPS
"\n%-20s Lists the PKCS #11 modules available to signtool\n",
306 FPS
"\n%-20s Displays the contents of an archive and verifies\n",
308 FPS
"%-20s cryptographic integrity\n"," ");
309 FPS
"%-30s Certificate database directory containing cert*db\n",
310 " -d certificate directory");
311 FPS
"%-30s and key*db\n"," ");
312 FPS
"%-30s Specifies a file to receive redirected output\n",
313 " --outfile filename ");
315 FPS
"\n%-20s Displays the names of signers in the archive\n",
317 FPS
"%-30s Specifies a file to receive redirected output\n",
318 " --outfile filename ");
321 FPS
"\n%-30s Common option to all the above.\n",
323 FPS
"%-30s Enable OCSP checking\n"," ");
325 FPS
"\n%-20s Specifies a text file containing options and arguments in\n",
327 FPS
"%-20s keyword=value format. Commands are taken from this file\n"," ");
331 FPS
"%-10s -d \"certificate directory\" -k \"certnickname\" \\",
333 FPS
"\n%-10s -p \"password\" -X -Z \"file.xpi\" directory-tree\n"," " );
334 FPS
"Common syntax to create an XPInstall compatible"
335 " signed archive\n\n"," ");
336 FPS
"\nCommand File Keywords and Example:\n");
337 FPS
"\nKeyword\t\tValue\n");
338 FPS
"basename\tSame as -b option\n");
339 FPS
"compression\tSame as -c option\n");
340 FPS
"certdir\t\tSame as -d option\n");
341 FPS
"extension\tSame as -e option\n");
342 FPS
"generate\tSame as -G option\n");
343 FPS
"installscript\tSame as -i option\n");
344 FPS
"javascriptdir\tSame as -j option\n");
345 FPS
"htmldir\t\tSame as -J option\n");
346 FPS
"certname\tNickname of certificate, as with -k option\n");
347 FPS
"signdir\t\tThe directory to be signed, as with -k option\n");
348 FPS
"list\t\tSame as -l option. Value is ignored,\n"
349 " \t\tbut = sign must be present\n");
350 FPS
"listall\t\tSame as -L option. Value is ignored\n"
351 " \t\tbut = sign must be present\n");
352 FPS
"metafile\tSame as -m option\n");
353 FPS
"modules\t\tSame as -M option. Value is ignored,\n"
354 " \t\tbut = sign must be present\n");
355 FPS
"optimize\tSame as -o option. Value is ignored,\n"
356 " \tbut = sign must be present\n");
357 FPS
"ocsp\t\tSame as -O option\n");
358 FPS
"password\tSame as -p option\n");
359 FPS
"verify\t\tSame as -v option\n");
360 FPS
"who\t\tSame as -w option\n");
361 FPS
"exclude\t\tSame as -x option\n");
362 FPS
"notime\t\tSame as -z option. Value is ignored,\n"
363 " \t\tbut = sign must be present\n");
364 FPS
"jarfile\t\tSame as -Z option\n");
365 FPS
"outfile\t\tSame as --outfile option. The argument\n");
366 FPS
" \t\tis the name of a file to which output\n");
367 FPS
" \t\tof a file and error messages will be \n");
368 FPS
" \t\tredirected\n");
369 FPS
"leavearc\tSame as --leavearc option\n");
370 FPS
"verbosity\tSame as --verbosity option\n");
371 FPS
"keysize\t\tSame as -s option\n");
372 FPS
"token\t\tSame as -t option\n");
373 FPS
"xpi\t\tSame as -X option\n");
375 FPS
"Here's an example of the use of the command file. The command\n\n");
376 FPS
" signtool -d c:\\netscape\\users\\james -k mycert -Z myjar.jar \\\n"
377 " signdir > output.txt\n\n");
379 FPS
" signtool -f somefile\n\n");
380 FPS
"where somefile contains the following lines:\n\n");
381 FPS
" certdir=c:\\netscape\\users\\james\n"," ");
382 FPS
" certname=mycert\n"," ");
383 FPS
" jarfile=myjar.jar\n"," ");
384 FPS
" signdir=signdir\n"," ");
385 FPS
" outfile=output.txt\n"," ");
391 * p r i n t _ e r r o r
393 * For the undocumented -E function. If an older version
394 * of communicator gives you a numeric error, we can see what
395 * really happened without doing hex math.
400 print_error (int err
)
402 PR_fprintf(errorFD
, "Error %d: %s\n", err
, JAR_get_error (err
));
409 * o u t _ o f _ m e m o r y
411 * Out of memory, exit Signtool.
417 PR_fprintf(errorFD
, "%s: out of memory\n", PROGRAM_NAME
);
424 * V e r i f y C e r t D i r
426 * Validate that the specified directory
427 * contains a certificate database
431 VerifyCertDir(char *dir
, char *keyName
)
435 /* don't try verifying if we don't have a local directory */
436 if (strncmp(dir
, "multiaccess:", sizeof("multiaccess:") - 1) == 0) {
439 /* this function is truly evil. Tools and applications should not have
440 * any knowledge of actual cert databases! */
443 /* This code is really broken because it makes underlying assumptions about
444 * how the NSS profile directory is laid out, but these names can change
445 * from release to release. */
446 sprintf (fn
, "%s/cert8.db", dir
);
448 if (PR_Access (fn
, PR_ACCESS_EXISTS
)) {
449 PR_fprintf(errorFD
, "%s: No certificate database in \"%s\"\n",
451 PR_fprintf(errorFD
, "%s: Check the -d arguments that you gave\n",
457 if (verbosity
>= 0) {
458 PR_fprintf(outputFD
, "using certificate directory: %s\n", dir
);
464 /* if the user gave the -k key argument, verify that
465 a key database already exists */
467 sprintf (fn
, "%s/key3.db", dir
);
469 if (PR_Access (fn
, PR_ACCESS_EXISTS
)) {
470 PR_fprintf(errorFD
, "%s: No private key database in \"%s\"\n",
473 PR_fprintf(errorFD
, "%s: Check the -d arguments that you gave\n",
484 * A recursive function to loop through all names in
485 * the specified directory, as well as all subdirectories.
487 * FIX: Need to see if all platforms allow multiple
488 * opendir's to be called.
493 foreach(char *dirname
, char *prefix
,
494 int (*fn
)(char *relpath
, char *basedir
, char *reldir
, char *filename
,
496 PRBool recurse
, PRBool includeDirs
, void *arg
)
498 char newdir
[FNSIZE
];
504 strcpy (newdir
, dirname
);
506 strcat (newdir
, "/");
507 strcat (newdir
, prefix
);
510 dir
= PR_OpenDir (newdir
);
514 for (entry
= PR_ReadDir (dir
, 0); entry
; entry
= PR_ReadDir (dir
, 0)) {
515 if ( strcmp(entry
->name
, ".") == 0 ||
516 strcmp(entry
->name
, "..") == 0 ) {
517 /* no infinite recursion, please */
521 /* can't sign self */
522 if (!strcmp (entry
->name
, "META-INF"))
526 if (PL_HashTableLookup(excludeDirs
, entry
->name
))
529 strcpy (newdir
, dirname
);
531 strcat (newdir
, "/");
534 strcat (newdir
, prefix
);
535 strcat (newdir
, "/");
537 strcat (newdir
, entry
->name
);
539 if (!is_dir(newdir
) || includeDirs
) {
540 char newpath
[FNSIZE
];
542 strcpy (newpath
, prefix
);
544 strcat (newpath
, "/");
545 strcat (newpath
, entry
->name
);
547 if ( (*fn
) (newpath
, dirname
, prefix
, (char *) entry
->name
,
554 if (is_dir (newdir
)) {
556 char newprefix
[FNSIZE
];
558 strcpy (newprefix
, prefix
);
560 strcat (newprefix
, "/");
562 strcat (newprefix
, entry
->name
);
564 if (foreach (dirname
, newprefix
, fn
, recurse
,
583 * Return 1 if file is a directory.
584 * Wonder if this runs on a mac, trust not.
587 static int is_dir (char *filename
)
591 if ( PR_GetFileInfo(filename
, &finfo
) != PR_SUCCESS
) {
592 printf("Unable to get information about %s\n", filename
);
596 return ( finfo
.type
== PR_FILE_DIRECTORY
);
600 /***************************************************************
602 * s e c E r r o r S t r i n g
604 * Returns an error string corresponding to the given error code.
605 * Doesn't cover all errors; returns a default for many.
606 * Returned string is only valid until the next call of this function.
609 secErrorString(long code
)
611 static char errstring
[80]; /* dynamically constructed error string */
612 char *c
; /* the returned string */
618 case SEC_ERROR_LIBRARY_FAILURE
:
619 c
= "security library failure";
621 case SEC_ERROR_BAD_DATA
:
624 case SEC_ERROR_OUTPUT_LEN
:
627 case SEC_ERROR_INPUT_LEN
:
630 case SEC_ERROR_INVALID_ARGS
:
633 case SEC_ERROR_EXPIRED_CERTIFICATE
:
634 c
= "expired certificate";
636 case SEC_ERROR_REVOKED_CERTIFICATE
:
637 c
= "revoked certificate";
639 case SEC_ERROR_INADEQUATE_KEY_USAGE
:
640 c
= "inadequate key usage";
642 case SEC_ERROR_INADEQUATE_CERT_TYPE
:
643 c
= "inadequate certificate type";
645 case SEC_ERROR_UNTRUSTED_CERT
:
646 c
= "untrusted cert";
648 case SEC_ERROR_NO_KRL
:
649 c
= "no key revocation list";
651 case SEC_ERROR_KRL_BAD_SIGNATURE
:
652 c
= "key revocation list: bad signature";
654 case SEC_ERROR_KRL_EXPIRED
:
655 c
= "key revocation list expired";
657 case SEC_ERROR_REVOKED_KEY
:
660 case SEC_ERROR_CRL_BAD_SIGNATURE
:
661 c
= "certificate revocation list: bad signature";
663 case SEC_ERROR_CRL_EXPIRED
:
664 c
= "certificate revocation list expired";
666 case SEC_ERROR_CRL_NOT_YET_VALID
:
667 c
= "certificate revocation list not yet valid";
669 case SEC_ERROR_UNKNOWN_ISSUER
:
670 c
= "unknown issuer";
672 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE
:
673 c
= "expired issuer certificate";
675 case SEC_ERROR_BAD_SIGNATURE
:
678 case SEC_ERROR_BAD_KEY
:
681 case SEC_ERROR_NOT_FORTEZZA_ISSUER
:
682 c
= "not fortezza issuer";
684 case SEC_ERROR_CA_CERT_INVALID
:
685 c
= "Certificate Authority certificate invalid";
687 case SEC_ERROR_EXTENSION_NOT_FOUND
:
688 c
= "extension not found";
690 case SEC_ERROR_CERT_NOT_IN_NAME_SPACE
:
691 c
= "certificate not in name space";
693 case SEC_ERROR_UNTRUSTED_ISSUER
:
694 c
= "untrusted issuer";
697 sprintf(errstring
, "security error %ld", code
);
706 /***************************************************************
708 * d i s p l a y V e r i f y L o g
710 * Prints the log of a cert verification.
713 displayVerifyLog(CERTVerifyLog
*log
)
715 CERTVerifyLogNode
* node
;
716 CERTCertificate
* cert
;
719 if ( !log
|| (log
->count
<= 0) ) {
723 for (node
= log
->head
; node
!= NULL
; node
= node
->next
) {
725 if ( !(cert
= node
->cert
) ) {
729 /* Get a name for this cert */
730 if (cert
->nickname
!= NULL
) {
731 name
= cert
->nickname
;
732 } else if (cert
->emailAddr
&& cert
->emailAddr
[0]) {
733 name
= cert
->emailAddr
;
735 name
= cert
->subjectName
;
738 printf( "%s%s:\n", name
,
739 (node
->depth
> 0) ? " [Certificate Authority]" : "");
741 printf("\t%s\n", secErrorString(node
->error
));
748 * J a r L i s t M o d u l e s
750 * Print a list of the PKCS11 modules that are
751 * available. This is useful for smartcard people to
752 * make sure they have the drivers loaded.
761 SECMODModuleList
* modules
= NULL
;
762 static SECMODListLock
*moduleLock
= NULL
;
764 SECMODModuleList
* mlp
;
766 if ((moduleLock
= SECMOD_GetDefaultModuleListLock()) == NULL
) {
767 /* this is the wrong text */
768 PR_fprintf(errorFD
, "%s: unable to acquire lock on module list\n",
774 SECMOD_GetReadLock (moduleLock
);
776 modules
= SECMOD_GetDefaultModuleList();
778 if (modules
== NULL
) {
779 SECMOD_ReleaseReadLock (moduleLock
);
780 PR_fprintf(errorFD
, "%s: Can't get module list\n", PROGRAM_NAME
);
785 PR_fprintf(outputFD
, "\nListing of PKCS11 modules\n");
786 PR_fprintf(outputFD
, "-----------------------------------------------\n");
788 for (mlp
= modules
; mlp
!= NULL
; mlp
= mlp
->next
) {
790 PR_fprintf(outputFD
, "%3d. %s\n", count
, mlp
->module
->commonName
);
792 if (mlp
->module
->internal
)
793 PR_fprintf(outputFD
, " (this module is internally loaded)\n");
795 PR_fprintf(outputFD
, " (this is an external module)\n");
797 if (mlp
->module
->dllName
)
798 PR_fprintf(outputFD
, " DLL name: %s\n",
799 mlp
->module
->dllName
);
801 if (mlp
->module
->slotCount
== 0)
802 PR_fprintf(outputFD
, " slots: There are no slots attached to this module\n");
804 PR_fprintf(outputFD
, " slots: %d slots attached\n",
805 mlp
->module
->slotCount
);
807 if (mlp
->module
->loaded
== 0)
808 PR_fprintf(outputFD
, " status: Not loaded\n");
810 PR_fprintf(outputFD
, " status: loaded\n");
812 for (i
= 0; i
< mlp
->module
->slotCount
; i
++) {
813 PK11SlotInfo
* slot
= mlp
->module
->slots
[i
];
815 PR_fprintf(outputFD
, "\n");
816 PR_fprintf(outputFD
, " slot: %s\n", PK11_GetSlotName(slot
));
817 PR_fprintf(outputFD
, " token: %s\n", PK11_GetTokenName(slot
));
821 PR_fprintf(outputFD
, "-----------------------------------------------\n");
825 "Warning: no modules were found (should have at least one)\n");
827 SECMOD_ReleaseReadLock (moduleLock
);
831 /**********************************************************************
834 * Eliminates leading and trailing whitespace. Returns a pointer to the
835 * beginning of non-whitespace, or an empty string if it's all whitespace.
845 /* Nip leading whitespace */
846 while (isspace(*start
)) {
850 /* Nip trailing whitespace */
852 end
= start
+ strlen(start
) - 1;
853 while (isspace(*end
) && end
> start
) {
866 /***********************************************************************
868 * F a t a l E r r o r
870 * Outputs an error message and bails out of the program.
873 FatalError(char *msg
)
878 PR_fprintf(errorFD
, "FATAL ERROR: %s\n", msg
);
884 /*************************************************************************
886 * I n i t C r y p t o
889 InitCrypto(char *cert_dir
, PRBool readOnly
)
892 static int prior
= 0;
893 PK11SlotInfo
* slotinfo
;
896 /* some functions such as OpenKeyDB expect this path to be
897 * implicitly set prior to calling */
899 rv
= NSS_Init(cert_dir
);
901 rv
= NSS_InitReadWrite(cert_dir
);
903 if (rv
!= SECSuccess
) {
904 SECU_PrintPRandOSError(PROGRAM_NAME
);
908 SECU_ConfigDirectory (cert_dir
);
910 /* Been there done that */
913 PK11_SetPasswordFunc(SECU_GetModulePassword
);
915 /* Must login to FIPS before you do anything else */
917 slotinfo
= PK11_GetInternalSlot();
919 fprintf(stderr
, "%s: Unable to get PKCS #11 Internal Slot."
923 if (PK11_Authenticate(slotinfo
, PR_FALSE
/*loadCerts*/,
924 &pwdata
) != SECSuccess
) {
925 fprintf(stderr
, "%s: Unable to authenticate to %s.\n",
926 PROGRAM_NAME
, PK11_GetSlotName(slotinfo
));
927 PK11_FreeSlot(slotinfo
);
930 PK11_FreeSlot(slotinfo
);
933 /* Make sure there is a password set on the internal key slot */
934 slotinfo
= PK11_GetInternalKeySlot();
936 fprintf(stderr
, "%s: Unable to get PKCS #11 Internal Key Slot."
940 if (PK11_NeedUserInit(slotinfo
)) {
942 "\nWARNING: No password set on internal key database. Most operations will fail."
943 "\nYou must create a password.\n");
947 /* Make sure we can authenticate to the key slot in FIPS mode */
949 if (PK11_Authenticate(slotinfo
, PR_FALSE
/*loadCerts*/,
950 &pwdata
) != SECSuccess
) {
951 fprintf(stderr
, "%s: Unable to authenticate to %s.\n",
952 PROGRAM_NAME
, PK11_GetSlotName(slotinfo
));
953 PK11_FreeSlot(slotinfo
);
957 PK11_FreeSlot(slotinfo
);
964 /* Windows foolishness is now in the secutil lib */
966 /*****************************************************************
967 * g e t _ d e f a u l t _ c e r t _ d i r
969 * Attempt to locate a certificate directory.
970 * Failing that, complain that the user needs to
971 * use the -d(irectory) parameter.
974 char *get_default_cert_dir (void)
979 static char db
[FNSIZE
];
982 home
= getenv ("HOME");
985 sprintf (db
, "%s/.netscape", home
);
993 /* first check the environment override */
995 home
= getenv ("JAR_HOME");
998 sprintf (db
, "%s/cert7.db", home
);
1000 if ((fp
= fopen (db
, "r")) != NULL
) {
1006 /* try the old navigator directory */
1009 home
= "c:/Program Files/Netscape/Navigator";
1011 sprintf (db
, "%s/cert7.db", home
);
1013 if ((fp
= fopen (db
, "r")) != NULL
) {
1019 /* Try the current directory, I wonder if this
1020 is really a good idea. Remember, Windows only.. */
1025 sprintf (db
, "%s/cert7.db", home
);
1027 if ((fp
= fopen (db
, "r")) != NULL
) {
1037 "You must specify the location of your certificate directory\n");
1039 "with the -d option. Example: -d ~/.netscape in many cases with Unix.\n");
1048 /************************************************************************
1051 void give_help (int status
)
1053 if (status
== SEC_ERROR_UNKNOWN_ISSUER
) {
1055 "The Certificate Authority (CA) for this certificate\n");
1057 "does not appear to be in your database. You should contact\n");
1059 "the organization which issued this certificate to obtain\n");
1060 PR_fprintf(errorFD
, "a copy of its CA Certificate.\n");
1065 /**************************************************************************
1069 * fgets implemented with NSPR.
1072 pr_fgets(char *buf
, int size
, PRFileDesc
*file
)
1079 while (i
< size
- 1) {
1080 status
= PR_Read(file
, &c
, 1);
1083 } else if (status
== 0) {