search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
2010-05-25 Jb Evain <jbevain@novell.com>
[mcs.git] / tools / security / mozroots.cs
blobbe1633489fbad4584c48766a293e20853f133628
1 //
2 // mozroots.cs: Import the Mozilla's trusted root certificates into Mono
3 //
4 // Authors:
5 // Sebastien Pouliot <sebastien@ximian.com>
6 //
7 // Copyright (C) 2005 Novell, Inc (http://www.novell.com)
8 //
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
16 //
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
19 //
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
27 //
28
29 using System;
30 using System.Collections;
31 using System.IO;
32 using System.Net;
33 using System.Reflection;
34 using System.Security.Cryptography;
35 using System.Text;
36
37 using Mono.Security.Authenticode;
38 using Mono.Security.X509;
39
40 [assembly: AssemblyTitle ("Mozilla Roots Importer")]
41 [assembly: AssemblyDescription ("Download and import trusted root certificates from Mozilla's LXR.")]
42
43 namespace Mono.Tools {
44
45 class MozRoots {
46
47 private const string defaultUrl = "http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt";
48
49 static string url;
50 static string inputFile;
51 static string pkcs7filename;
52 static bool import;
53 static bool machine;
54 static bool confirmAddition;
55 static bool confirmRemoval;
56 static bool quiet;
57
58 static byte[] DecodeOctalString (string s)
59 {
60 string[] pieces = s.Split ('\\');
61 byte[] data = new byte[pieces.Length - 1];
62 for (int i = 1; i < pieces.Length; i++) {
63 data[i - 1] = (byte) ((pieces[i][0] - '0' << 6) + (pieces[i][1] - '0' << 3) + (pieces[i][2] - '0'));
64 }
65 return data;
66 }
67
68 static X509Certificate DecodeCertificate (string s)
69 {
70 byte[] rawdata = DecodeOctalString (s);
71 return new X509Certificate (rawdata);
72 }
73
74 static Stream GetFile ()
75 {
76 try {
77 if (inputFile != null) {
78 return File.OpenRead (inputFile);
79 } else {
80 WriteLine ("Downloading from '{0}'...", url);
81 HttpWebRequest req = (HttpWebRequest) WebRequest.Create (url);
82 return req.GetResponse ().GetResponseStream ();
83 }
84 }
85 catch {
86 return null;
87 }
88 }
89
90 static X509CertificateCollection DecodeCollection ()
91 {
92 X509CertificateCollection roots = new X509CertificateCollection ();
93 StringBuilder sb = new StringBuilder ();
94 bool processing = false;
95
96 Stream s = GetFile ();
97 if (s == null) {
98 WriteLine ("Couldn't retrieve the file using the supplied informations.");
99 return null;
100 }
101
102 StreamReader sr = new StreamReader (s);
103 while (true) {
104 string line = sr.ReadLine ();
105 if (line == null)
106 break;
107 int start = line.IndexOf ("</a> ");
108 if (start < 0)
109 continue;
110
111 if (processing) {
112 if (line.IndexOf ("END") > start) {
113 processing = false;
114 X509Certificate root = DecodeCertificate (sb.ToString ());
115 roots.Add (root);
116
117 sb = new StringBuilder ();
118 continue;
119 }
120 sb.Append (line.Substring (start + 5));
121 } else {
122 processing = (line.IndexOf ("CKA_VALUE MULTILINE_OCTAL") > start);
123 }
124 }
125 return roots;
126 }
127
128 static int Process ()
129 {
130 X509CertificateCollection roots = DecodeCollection ();
131 if (roots == null) {
132 return 1;
133 } else if (roots.Count == 0) {
134 WriteLine ("No certificates were found.");
135 return 0;
136 }
137
138 if (pkcs7filename != null) {
139 SoftwarePublisherCertificate pkcs7 = new SoftwarePublisherCertificate ();
140 pkcs7.Certificates.AddRange (roots);
141
142 WriteLine ("Saving root certificates into '{0}' file...", pkcs7filename);
143 using (FileStream fs = File.OpenWrite (pkcs7filename)) {
144 byte[] data = pkcs7.GetBytes ();
145 fs.Write (data, 0, data.Length);
146 fs.Close ();
147 }
148 }
149
150 if (import) {
151 WriteLine ("Importing certificates into {0} store...",
152 machine ? "machine" : "user");
153
154 X509Stores stores = (machine ? X509StoreManager.LocalMachine : X509StoreManager.CurrentUser);
155 X509CertificateCollection trusted = stores.TrustedRoot.Certificates;
156 int additions = 0;
157 foreach (X509Certificate root in roots) {
158 if (!trusted.Contains (root)) {
159 if (!confirmAddition || AskConfirmation ("add", root)) {
160 stores.TrustedRoot.Import (root);
161 if (confirmAddition)
162 WriteLine ("Certificate added.{0}", Environment.NewLine);
163 additions++;
164 }
165 }
166 }
167 if (additions > 0)
168 WriteLine ("{0} new root certificates were added to your trust store.", additions);
169
170 X509CertificateCollection removed = new X509CertificateCollection ();
171 foreach (X509Certificate trust in trusted) {
172 if (!roots.Contains (trust)) {
173 removed.Add (trust);
174 }
175 }
176 if (removed.Count > 0) {
177 if (confirmRemoval) {
178 WriteLine ("{0} previously trusted certificates were not part of the update.", removed.Count);
179 } else {
180 WriteLine ("{0} previously trusted certificates were removed.", removed.Count);
181 }
182
183 foreach (X509Certificate old in removed) {
184 if (!confirmRemoval || AskConfirmation ("remove", old)) {
185 stores.TrustedRoot.Remove (old);
186 if (confirmRemoval)
187 WriteLine ("Certificate removed.{0}", Environment.NewLine);
188 }
189 }
190 }
191 WriteLine ("Import process completed.{0}", Environment.NewLine);
192 }
193 return 0;
194 }
195
196 static string Thumbprint (string algorithm, X509Certificate certificate)
197 {
198 HashAlgorithm hash = HashAlgorithm.Create (algorithm);
199 byte[] digest = hash.ComputeHash (certificate.RawData);
200 return BitConverter.ToString (digest);
201 }
202
203 static bool AskConfirmation (string action, X509Certificate certificate)
204 {
205 // the quiet flag is ignored for confirmations
206 Console.WriteLine ();
207 Console.WriteLine ("Issuer: {0}", certificate.IssuerName);
208 Console.WriteLine ("Serial number: {0}", BitConverter.ToString (certificate.SerialNumber));
209 Console.WriteLine ("Valid from {0} to {1}", certificate.ValidFrom, certificate.ValidUntil);
210 Console.WriteLine ("Thumbprint SHA-1: {0}", Thumbprint ("SHA1", certificate));
211 Console.WriteLine ("Thumbprint MD5: {0}", Thumbprint ("MD5", certificate));
212 while (true) {
213 Console.Write ("Are you sure you want to {0} this certificate ? ", action);
214 string s = Console.ReadLine ().ToLower ();
215 if (s == "yes")
216 return true;
217 else if (s == "no")
218 return false;
219 }
220 }
221
222 static bool ParseOptions (string[] args)
223 {
224 if (args.Length < 1)
225 return false;
226
227 // set defaults
228 url = defaultUrl;
229 confirmAddition = true;
230 confirmRemoval = true;
231
232 for (int i = 0; i < args.Length; i++) {
233 switch (args[i]) {
234 case "--url":
235 if (i >= args.Length - 1)
236 return false;
237 url = args[++i];
238 break;
239 case "--file":
240 if (i >= args.Length - 1)
241 return false;
242 inputFile = args[++i];
243 break;
244 case "--pkcs7":
245 if (i >= args.Length - 1)
246 return false;
247 pkcs7filename = args[++i];
248 break;
249 case "--import":
250 import = true;
251 break;
252 case "--machine":
253 machine = true;
254 break;
255 case "--sync":
256 confirmAddition = false;
257 confirmRemoval = false;
258 break;
259 case "--ask":
260 confirmAddition = true;
261 confirmRemoval = true;
262 break;
263 case "--ask-add":
264 confirmAddition = true;
265 confirmRemoval = false;
266 break;
267 case "--ask-remove":
268 confirmAddition = false;
269 confirmRemoval = true;
270 break;
271 case "--quiet":
272 quiet = true;
273 break;
274 default:
275 WriteLine ("Unknown option '{0}'.");
276 return false;
277 }
278 }
279 return true;
280 }
281
282 static void Header ()
283 {
284 Console.WriteLine (new AssemblyInfo ().ToString ());
285 }
286
287 static void Help ()
288 {
289 Console.WriteLine ("Usage: mozroots [--import [--machine] [--sync | --ask | --ask-add | --ask-remove]]");
290 Console.WriteLine ("Where the basic options are:");
291 Console.WriteLine (" --import\tImport the certificates into the trust store.");
292 Console.WriteLine (" --sync\t\tSynchronize (add/remove) the trust store with the certificates.");
293 Console.WriteLine (" --ask\t\tAlways confirm before adding or removing trusted certificates.");
294 Console.WriteLine (" --ask-add\tAlways confirm before adding a new trusted certificate.");
295 Console.WriteLine (" --ask-remove\tAlways confirm before removing an existing trusted certificate.");
296 Console.WriteLine ("{0}and the advanced options are", Environment.NewLine);
297 Console.WriteLine (" --url url\tSpecify an alternative URL for downloading the trusted");
298 Console.WriteLine ("\t\tcertificates (LXR source format).");
299 Console.WriteLine (" --file name\tDo not download but use the specified file.");
300 Console.WriteLine (" --pkcs7 name\tExport the certificates into a PKCS#7 file.");
301 Console.WriteLine (" --machine\tImport the certificate in the machine trust store.");
302 Console.WriteLine ("\t\tThe default is to import into the user store.");
303 Console.WriteLine (" --quiet\tLimit console output to errors and confirmations messages.");
304 }
305
306 static void WriteLine (string format, params object[] args)
307 {
308 if (!quiet)
309 Console.WriteLine (format, args);
310 }
311
312 static int Main (string[] args)
313 {
314 try {
315 if (!ParseOptions (args)) {
316 Header ();
317 Help ();
318 return 1;
319 }
320 if (!quiet) {
321 Header ();
322 }
323 return Process ();
324 }
325 catch (Exception e) {
326 // ignore quiet on exception
327 Console.WriteLine ("Error: {0}", e);
328 return 1;
329 }
330 }
331 }
332 }
git-svn mirror of mcs