⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 secutil.c

📁 支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509v3证书等安全协议或标准的开发库编译用到NSPR
💻 C
📖 第 1 页 / 共 5 页
字号:
🔍
12345 
SECKEYLowPrivateKey *SECU_FindLowPrivateKeyFromNickname(char *name){    SECItem *keyID;    SECKEYLowPrivateKey *key;    keyID = SECU_GetKeyIDFromNickname(name);    if (keyID == NULL)	return NULL;    key = SECKEY_FindKeyByPublicKey(SECKEY_GetDefaultKeyDB(), keyID,				    SECU_GetPassword, NULL);    SECITEM_FreeItem(keyID, PR_TRUE);    return key;}SECStatusSECU_DeleteKeyByName(SECKEYKeyDBHandle *handle, char *nickname){    SECItem *keyID = NULL;    SECStatus rv;    keyID = SECU_GetKeyIDFromNickname(nickname);    if (keyID == NULL)	return SECFailure;    rv = SECKEY_DeleteKey(handle, keyID);    SECITEM_FreeItem(keyID, PR_TRUE);    return rv;}SECKEYLowPrivateKey *SECU_GetPrivateKey(SECKEYKeyDBHandle *handle, char *nickname){    return SECU_FindLowPrivateKeyFromNickname(nickname);}SECStatusSECU_ChangeKeyDBPassword(SECKEYKeyDBHandle *handle){    static SECItem *newpwitem, *oldpwitem;    char *p0 = 0;    char *p1 = 0;    int isTTY;    SECStatus rv;    int failed = 0;    FILE *input, *output;    PRBool newdb = PR_FALSE;    if (SECKEY_HasKeyDBPassword(handle) == SECFailure) {	fprintf(stderr, "Database not initialized.  Setting password.\n");	newdb = PR_TRUE;    }        /* check for password file */    /*    if (newdb && pwFile != NULL) {	p0 = SECU_FilePasswd(NULL, 0, NULL);	goto pwfinish;    }    */    /* check if old password is empty string */    oldpwitem = secu_GetZeroLengthPassword(handle);    /* open terminal */#ifdef _WINDOWS    input = stdin;#else    input = fopen(consoleName, "r");    if (input == NULL) {	fprintf(stderr, "Error opening input terminal\n");	return SECFailure;    }#endif    output = fopen(consoleName, "w");    if (output == NULL) {	fprintf(stderr, "Error opening output terminal\n");	return SECFailure;    }    /* if old password is not zero length, ask for new password */    if ((newdb == PR_FALSE) && (oldpwitem == NULL)) {	p0 = SEC_GetPassword(input, output, "Old Password: ",			   SEC_BlindCheckPassword);	oldpwitem = SECKEY_DeriveKeyDBPassword(handle, p0);	secu_ClearPassword(p0);	if (oldpwitem == NULL) {	    fprintf(stderr, "Error hashing password\n");	    fclose(input);	    fclose(output);	    return SECFailure;	}	rv = SECKEY_CheckKeyDBPassword(handle, oldpwitem);	if (rv) {	    fprintf(stderr, "Sorry\n");	    SECITEM_ZfreeItem(oldpwitem, PR_TRUE);	    fclose(input);	    fclose(output);	    return SECFailure;	}    }    isTTY = isatty(0);    for (;;) {	p0 = SEC_GetPassword(input, output, "Enter new password: ",				 SEC_BlindCheckPassword);	if (isTTY) {	    p1 = SEC_GetPassword(input, output, "Re-enter password: ",				 SEC_BlindCheckPassword);	}		if (!isTTY || ( PORT_Strcmp(p0, p1) == 0) ) {	    break;	}	fprintf(stderr, "Passwords do not match. Try again.\n");    }        newpwitem = SECKEY_DeriveKeyDBPassword(handle, p0);    /*    fclose(input);    fclose(output);    */      pwfinish:        secu_ClearPassword(p0);    secu_ClearPassword(p1);    if (newpwitem == NULL) {	fprintf(stderr, "Error hashing new password\n");	SECITEM_ZfreeItem(oldpwitem, PR_TRUE);	fclose(input);	fclose(output);	return SECFailure;    }    if (newdb == PR_TRUE) {	rv = SECKEY_SetKeyDBPassword(handle, newpwitem);	if (rv) {	    fprintf(stderr, "Error setting database password\n");	    failed = 1;	}    } else {	rv = SECKEY_ChangeKeyDBPassword(handle, oldpwitem, newpwitem);	if (rv) {	    fprintf(stderr, "Error changing database password\n");	    failed = 1;	}    }    SECITEM_ZfreeItem(newpwitem, PR_TRUE);    SECITEM_ZfreeItem(oldpwitem, PR_TRUE);    if (input != stdin) fclose(input);    fclose(output);    if (failed) {	return SECFailure;    }    return SECSuccess;}#ifdef notdefstatic SECItem *secu_GetDonglePassword(void *arg, SECKEYKeyDBHandle *handle){    SECItem *pwitem;    char *p = NULL;    char *pathname;    SECStatus rv;    int fd;        pathname = (char *)arg;        fd = open((char *)pathname, O_RDONLY);    if (!fd) {        fprintf(stderr, "Unable to open dongle file \"%s\".\n", (char *)arg);    }        p = SEC_ReadDongleFile(fd);    if (!p) {        fprintf(stderr, "Unable to obtain dongle password\n");    }        /* check if we need to update the key database */    if ( handle->version < PRIVATE_KEY_DB_FILE_VERSION ) {	SECKEY_UpdateKeyDB(handle, p);    }    /* hash the password */    pwitem = SECKEY_DeriveKeyDBPassword(handle, p);    /* clear out the password strings */    secu_ClearPassword(p);    if (pwitem == NULL) {	fprintf(stderr, "Error hashing password\n");	return NULL;    }    /* confirm the password */    rv = SECKEY_CheckKeyDBPassword(handle, pwitem);    if (rv) {	fprintf(stderr, "Sorry, dongle password is invalid\n");	SECITEM_ZfreeItem(pwitem, PR_TRUE);	return NULL;    }    return pwitem;}SECKEYPrivateKey *SECU_GetPrivateDongleKey(SECKEYKeyDBHandle *handle, char *nickname, 			 char *pathname){    SECKEYPrivateKey *key;    char *fullpath;    int rv;        fullpath = SECU_AppendFilenameToDir(pathname, "dongle");        /* If dongle file doesn't exist, prompt for password */    rv = access(fullpath, R_OK);    if (rv < 0) {	return SECU_GetPrivateKey(handle, nickname);    }        /* try dongle file */    key = SECKEY_FindKeyByName(handle, nickname, secu_GetDonglePassword,			    fullpath);    /* if no key, maybe dongle is broken, so prompt for password */    if (key == NULL) {	key = SECU_GetPrivateKey(handle, nickname);    }    return key;}#endifchar *SECU_DefaultSSLDir(void){    char *dir;    static char sslDir[1000];    dir = getenv("SSL_DIR");    if (!dir)	return NULL;    sprintf(sslDir, "%s", dir);    if (sslDir[strlen(sslDir)-1] == '/')	sslDir[strlen(sslDir)-1] = 0;    return sslDir;}char *SECU_AppendFilenameToDir(char *dir, char *filename){    static char path[1000];    if (dir[strlen(dir)-1] == '/')	sprintf(path, "%s%s", dir, filename);    else	sprintf(path, "%s/%s", dir, filename);    return path;}char *SECU_ConfigDirectory(const char* base){    static PRBool initted = PR_FALSE;    const char *dir = ".netscape";    char *home;    static char buf[1000];    if (initted) return buf;        if (base == NULL || *base == 0) {	home = getenv("HOME");	if (!home) home = "";	if (*home && home[strlen(home) - 1] == '/')	    sprintf (buf, "%.900s%s", home, dir);	else	    sprintf (buf, "%.900s/%s", home, dir);    } else {	sprintf(buf, "%.900s", base);	if (buf[strlen(buf) - 1] == '/')	    buf[strlen(buf) - 1] = 0;    }    initted = PR_TRUE;    return buf;}char *SECU_CertDBNameCallback(void *arg, int dbVersion){    char *fnarg;    char *dir;    char *filename;        dir = SECU_ConfigDirectory(NULL);        switch ( dbVersion ) {      case 7:	fnarg = "7";	break;      case 6:	fnarg = "6";	break;      case 5:	fnarg = "5";	break;      case 4:      default:	fnarg = "";	break;    }    filename = PR_smprintf("%s/cert%s.db", dir, fnarg);    return(filename);}char *SECU_KeyDBNameCallback(void *arg, int dbVersion){    char *fnarg;    char *dir;    char *filename;    struct stat fd;        dir = SECU_ConfigDirectory(NULL);    if (stat(dir, &fd) != 0) {	fprintf(stderr, "No directory \"%s\" exists.\n", dir);	return NULL;    }            switch ( dbVersion ) {      case 3:	fnarg = "3";	break;      case 2:      default:	fnarg = "";	break;    }    filename = PR_smprintf("%s/key%s.db", dir, fnarg);    return(filename);}char *SECU_SECModDBName(void){    char *dir;    char *filename;        dir = SECU_ConfigDirectory(NULL);        filename = PR_smprintf("%s/secmod.db", dir);    return(filename);}SECKEYKeyDBHandle *SECU_OpenKeyDB(PRBool readOnly){    SECKEYKeyDBHandle *handle;        handle = SECKEY_OpenKeyDB(readOnly, SECU_KeyDBNameCallback, NULL);    SECKEY_SetDefaultKeyDB(handle);        return(handle);}CERTCertDBHandle *SECU_OpenCertDB(PRBool readOnly)  /* NOTE: This routine has been modified to allow the libsec/pcertdb.c   * routines to automatically find and convert the old cert database   * into the new v3.0 format (cert db version 5).   */{    CERTCertDBHandle *certHandle;    SECStatus rv;    /* Allocate a handle to fill with CERT_OpenCertDB below */    certHandle = (CERTCertDBHandle *)PORT_ZAlloc(sizeof(CERTCertDBHandle));    if (!certHandle) {	return NULL;    }    rv = CERT_OpenCertDB(certHandle, readOnly, SECU_CertDBNameCallback, NULL);    if (rv) {	if (certHandle) 	    PORT_Free (certHandle);  	    /* we don't want to leave anything behind... */	return NULL;    } else {	CERT_SetDefaultCertDB(certHandle);    }    return certHandle;}/*Turn off SSL for now *//* This gets called by SSL when server wants our cert & key */intSECU_GetClientAuthData(void *arg, PRFileDesc *fd,		       struct CERTDistNamesStr *caNames,                      struct CERTCertificateStr **pRetCert,                      struct SECKEYPrivateKeyStr **pRetKey){    SECKEYPrivateKey *key;    CERTCertificate *cert;    int errsave;    if (arg == NULL) {        fprintf(stderr, "no key/cert name specified for client auth\n");        return -1;    }    cert = PK11_FindCertFromNickname(arg, NULL);    errsave = PORT_GetError();    if (!cert) {        if (errsave == SEC_ERROR_BAD_PASSWORD)            fprintf(stderr, "Bad password\n");        else if (errsave > 0)            fprintf(stderr, "Unable to read cert (error %d)\n", errsave);        else if (errsave == SEC_ERROR_BAD_DATABASE)            fprintf(stderr, "Unable to get cert from database (%d)\n", errsave);        else            fprintf(stderr, "SECKEY_FindKeyByName: internal error %d\n", errsave);        return -1;    }    key = PK11_FindKeyByAnyCert(arg,NULL);    if (!key) {        fprintf(stderr, "Unable to get key (%d)\n", PORT_GetError());        return -1;    }    *pRetCert = cert;    *pRetKey = key;    return 0;}SECStatussecu_StdinToItem(SECItem *dst){    unsigned char buf[1000];    PRInt32 numBytes;    PRBool notDone = PR_TRUE;    dst->len = 0;    dst->data = NULL;    while (notDone) {	numBytes = PR_Read(PR_STDIN, buf, sizeof(buf));	if (numBytes < 0) {	    PORT_SetError(PR_IO_ERROR);	    return SECFailure;	}	if (numBytes == 0)	    break;	if (buf[numBytes-1] == '\n') {	    buf[numBytes-1] = '\0';	    notDone = PR_FALSE;	}	if (dst->data) {	    dst->data = (unsigned char*)PORT_Realloc(dst->data, 	                                             dst->len+numBytes);	    PORT_Memcpy(dst->data+dst->len, buf, numBytes);	} else {	    dst->data = (unsigned char*)PORT_Alloc(numBytes);	    PORT_Memcpy(dst->data, buf, numBytes);	}	dst->len += numBytes;    }    return SECSuccess;}SECStatusSECU_FileToItem(SECItem *dst, PRFileDesc *src){    PRFileInfo info;    PRInt32 numBytes;    PRStatus prStatus;    if (src == PR_STDIN)	return secu_StdinToItem(dst);    prStatus = PR_GetOpenFileInfo(src, &info);    if (prStatus != PR_SUCCESS) {	PORT_SetError(SEC_ERROR_IO);	return SECFailure;    }    /* XXX workaround for 3.1, not all utils zero dst before sending */    dst->data = 0;    if (!SECITEM_AllocItem(NULL, dst, info.size))	goto loser;    numBytes = PR_Read(src, dst->data, info.size);    if (numBytes != info.size) {	PORT_SetError(SEC_ERROR_IO);
12345

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -