pk11.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 809 行 · 第 1/2 页

	} else {
		PR_fprintf(PR_STDOUT, "Library file: %s\n", module->dllName);
	}

	PR_fprintf(PR_STDOUT, "Manufacturer: %.32s\n", modinfo.manufacturerID);
	PR_fprintf(PR_STDOUT, "Description: %.32s\n", modinfo.libraryDescription);
	PR_fprintf(PR_STDOUT, "PKCS #11 Version %d.%d\n",
		modinfo.cryptokiVersion.major, modinfo.cryptokiVersion.minor);
	PR_fprintf(PR_STDOUT, "Library Version: %d.%d\n",
		modinfo.libraryVersion.major, modinfo.libraryVersion.minor);

	/* Get cipher and mechanism flags */
	ciphers = getStringFromFlags(module->ssl[0], cipherStrings,
	  numCipherStrings);
	if(ciphers[0] == '\0') {
		ciphers = "None";
	}
	PR_fprintf(PR_STDOUT, "Cipher Enable Flags: %s\n", ciphers);
	mechanisms = NULL;
	if(module->slotCount > 0) {
		mechanisms = getStringFromFlags(module->slots[0]->defaultFlags,
			mechanismStrings, numMechanismStrings);
	}
	if(mechanisms[0] =='\0') {
		mechanisms = "None";
	}
	PR_fprintf(PR_STDOUT, "Default Mechanism Flags: %s\n", mechanisms);

#define PAD "  "

	/* Loop over each slot */
	for(slotnum=0; slotnum < module->slotCount; slotnum++) {
		slot = module->slots[slotnum];
		if(PK11_GetSlotInfo(slot, &slotinfo) != SECSuccess) {
			PR_fprintf(PR_STDERR, errStrings[SLOT_INFO_ERR],
				PK11_GetSlotName(slot));
			return SLOT_INFO_ERR;
		}
		if(PK11_GetTokenInfo(slot, &tokeninfo) != SECSuccess) {
			PR_fprintf(PR_STDERR, errStrings[TOKEN_INFO_ERR],
			  slot->token_name);
			return TOKEN_INFO_ERR;
		}

		/* Slot Info */
		PR_fprintf(PR_STDOUT, "\n"PAD"Slot: %s\n", PK11_GetSlotName(slot));
		mechanisms = getStringFromFlags(slot->defaultFlags,
			mechanismStrings, numMechanismStrings);
		if(mechanisms[0] =='\0') {
		     mechanisms = "None";
		}
		PR_fprintf(PR_STDOUT, PAD"Slot Mechanism Flags: %s\n", mechanisms);
		PR_fprintf(PR_STDOUT, PAD"Manufacturer: %.32s\n",
			slotinfo.manufacturerID);
		if(slot->isHW) {
			PR_fprintf(PR_STDOUT, PAD"Type: Hardware\n");
		} else {
			PR_fprintf(PR_STDOUT, PAD"Type: Software\n");
		}
		PR_fprintf(PR_STDOUT, PAD"Version Number: %d.%d\n",
			slotinfo.hardwareVersion.major, slotinfo.hardwareVersion.minor);
		PR_fprintf(PR_STDOUT, PAD"Firmware Version: %d.%d\n",
			slotinfo.firmwareVersion.major, slotinfo.firmwareVersion.minor);
		if(slot->disabled) {
			reason  = PK11_GetDisabledReason(slot);
			if(reason < numDisableReasonStr) {
				PR_fprintf(PR_STDOUT, PAD"Status: DISABLED (%s)\n",
				  disableReasonStr[reason]);
			} else {
				PR_fprintf(PR_STDOUT, PAD"Status: DISABLED\n");
			}
		} else {
			PR_fprintf(PR_STDOUT, PAD"Status: Enabled\n");
		}

		/* Token Info */
		PR_fprintf(PR_STDOUT, PAD"Token Name: %.32s\n",
			tokeninfo.label);
		PR_fprintf(PR_STDOUT, PAD"Token Manufacturer: %.32s\n",
			tokeninfo.manufacturerID);
		PR_fprintf(PR_STDOUT, PAD"Token Model: %.16s\n", tokeninfo.model);
		PR_fprintf(PR_STDOUT, PAD"Token Serial Number: %.16s\n",
			tokeninfo.serialNumber);
		PR_fprintf(PR_STDOUT, PAD"Token Version: %d.%d\n",
			tokeninfo.hardwareVersion.major, tokeninfo.hardwareVersion.minor);
		PR_fprintf(PR_STDOUT, PAD"Token Firmware Version: %d.%d\n",
			tokeninfo.firmwareVersion.major, tokeninfo.firmwareVersion.minor);
		if(tokeninfo.flags & CKF_WRITE_PROTECTED) {
			PR_fprintf(PR_STDOUT, PAD"Access: Write Protected\n");
		} else {
			PR_fprintf(PR_STDOUT, PAD"Access: NOT Write Protected\n");
		}
		if(tokeninfo.flags & CKF_LOGIN_REQUIRED) {
			PR_fprintf(PR_STDOUT, PAD"Login Type: Login required\n");
		} else {
			PR_fprintf(PR_STDOUT, PAD
			  "Login Type: Public (no login required)\n");
		}
		if(tokeninfo.flags & CKF_USER_PIN_INITIALIZED) {
			PR_fprintf(PR_STDOUT, PAD"User Pin: Initialized\n");
		} else {
			PR_fprintf(PR_STDOUT, PAD"User Pin: NOT Initialized\n");
		}
	}
	PR_fprintf(PR_STDOUT, 
		"\n-----------------------------------------------------------\n");
	return SUCCESS;
}

/************************************************************************
 *
 * C h a n g e P W
 */
Error
ChangePW(char *tokenName, char *pwFile, char *newpwFile)
{
	char *oldpw=NULL, *newpw=NULL, *newpw2=NULL;
	PK11SlotInfo *slot;
	Error ret=UNSPECIFIED_ERR;
	PRBool matching;

	slot = PK11_FindSlotByName(tokenName);
	if(!slot) {
		PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], tokenName);
		return NO_SUCH_TOKEN_ERR;
	}

	PK11_SetPasswordFunc(SECU_GetModulePassword);

	/* Get old password */
	if(! PK11_NeedUserInit(slot)) {
		if(pwFile) {
			oldpw = SECU_GetPasswordString(pwFile, "");
			if(PK11_CheckUserPassword(slot, oldpw) != SECSuccess) {
				PR_fprintf(PR_STDERR, errStrings[BAD_PW_ERR]);
				ret=BAD_PW_ERR;
				goto loser;
			}
		} else {
			for(matching=PR_FALSE; !matching; ) {
				oldpw = SECU_GetPasswordString(NULL, "Enter old password: ");
				if(PK11_CheckUserPassword(slot, oldpw) == SECSuccess) {
					matching = PR_TRUE;
				} else {
					PR_fprintf(PR_STDOUT, msgStrings[BAD_PW_MSG]);
				}
			}
		}
	}

	/* Get new password */
	if(newpwFile) {
		newpw = SECU_GetPasswordString(newpwFile, "");
	} else {
		for(matching=PR_FALSE; !matching; ) {
			newpw = SECU_GetPasswordString(NULL, "Enter new password: ");
			newpw2 = SECU_GetPasswordString(NULL, "Re-enter new password: ");
			if(strcmp(newpw, newpw2)) {
				PR_fprintf(PR_STDOUT, msgStrings[PW_MATCH_MSG]);
			} else {
				matching = PR_TRUE;
			}
		}
	}

	/* Change the password */
	if(PK11_NeedUserInit(slot)) {
		if(PK11_InitPin(slot, NULL /*ssopw*/, newpw) != SECSuccess) {
			PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName);
			ret = CHANGEPW_FAILED_ERR;
			goto loser;
		}
	} else {
		if(PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) {
			PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName);
			ret = CHANGEPW_FAILED_ERR;
			goto loser;
		}
	}

	PR_fprintf(PR_STDOUT, msgStrings[CHANGEPW_SUCCESS_MSG], tokenName);
	ret = SUCCESS;

loser:
	if(oldpw) {
		memset(oldpw, 0, strlen(oldpw));
		PORT_Free(oldpw);
	}
	if(newpw) {
		memset(newpw, 0, strlen(newpw));
		PORT_Free(newpw);
	}
	if(newpw2) {
		memset(newpw2, 0, strlen(newpw));
		PORT_Free(newpw2);
	}
	return ret;
}

/***********************************************************************
 *
 * E n a b l e M o d u l e
 *
 * If enable==PR_TRUE, enables the module or slot.
 * If enable==PR_FALSE, disables the module or slot.
 * moduleName is the name of the module.
 * slotName is the name of the slot.  It is optional.
 */
Error
EnableModule(char *moduleName, char *slotName, PRBool enable)
{
	int i;
	SECMODModule *module;
	PK11SlotInfo *slot = NULL;
	PRBool found = PR_FALSE;

	module = SECMOD_FindModule(moduleName);
	if(!module) {
		PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
		return NO_SUCH_MODULE_ERR;
	}

	for(i=0; i < module->slotCount; i++) {
		slot = module->slots[i];
		if(slotName && strcmp(PK11_GetSlotName(slot), slotName)) {
				/* Not the right slot */
				continue;
		}
		if(enable) {
			if(! PK11_UserEnableSlot(slot)) {
				PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR],
					"enable", PK11_GetSlotName(slot));
				return ENABLE_FAILED_ERR;
			} else {
				found = PR_TRUE;
				PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG],
					PK11_GetSlotName(slot), "enabled");
			}
		} else {
			if(! PK11_UserDisableSlot(slot)) {
				PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR],
					"disable", PK11_GetSlotName(slot));
				return ENABLE_FAILED_ERR;
			} else {
				found = PR_TRUE;
				PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG],
					PK11_GetSlotName(slot), "disabled");
			}
		}
	}

	if(slotName && !found) {
		PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
		return NO_SUCH_SLOT_ERR;
	}

	/* Delete and re-add module to save changes */
	if( SECMOD_DeletePermDB(module) != SECSuccess ) {
		PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], moduleName);
		return UPDATE_MOD_FAILED_ERR;
	}
	if( SECMOD_AddPermDB(module) != SECSuccess ) {
		/* We're in big trouble here */
		PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], moduleName);
		return UPDATE_MOD_FAILED_ERR;
	}

	return SUCCESS;
}

/*************************************************************************
 *
 * S e t D e f a u l t M o d u l e
 *
 */
Error
SetDefaultModule(char *moduleName, char *slotName, char *mechanisms)
{
	SECMODModule *module;
	PK11SlotInfo *slot;
	int s, i;
	unsigned long mechFlags = getFlagsFromString(mechanisms, mechanismStrings,
		numMechanismStrings);
	PRBool found = PR_FALSE;
	Error errcode = UNSPECIFIED_ERR;

	mechFlags =  SECMOD_PubMechFlagstoInternal(mechFlags);

	module = SECMOD_FindModule(moduleName);
	if(!module) {
		PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
		errcode = NO_SUCH_MODULE_ERR;
		goto loser;
	}

	/* Go through each slot */
	for(s=0; s < module->slotCount; s++) {
		slot = module->slots[s];

		if ((slotName != NULL) &&
			!((strcmp(PK11_GetSlotName(slot),slotName) == 0) ||
			(strcmp(PK11_GetTokenName(slot),slotName) == 0)) ) {
		    /* we are only interested in changing the one slot */
		    continue;
		}

		found = PR_TRUE;

		/* Go through each mechanism */
		for(i=0; i < num_pk11_default_mechanisms; i++) {
			if(PK11_DefaultArray[i].flag & mechFlags) {
				/* Enable this default mechanism */
				PK11_UpdateSlotAttribute(slot, &(PK11_DefaultArray[i]),
					PR_TRUE);
			}
		}
	}
	if (slotName && !found) {
		PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
		errcode = NO_SUCH_SLOT_ERR;
		goto loser;
	}

	/* Delete and re-add module to save changes */
	if( SECMOD_DeletePermDB(module) != SECSuccess ) {
		PR_fprintf(PR_STDERR, errStrings[DEFAULT_FAILED_ERR],
		  moduleName);
		errcode = DEFAULT_FAILED_ERR;
		goto loser;
	}
	if( SECMOD_AddPermDB(module) != SECSuccess ) {
		/* We're in big trouble here */
		PR_fprintf(PR_STDERR, errStrings[DEFAULT_FAILED_ERR],
		  moduleName);
		errcode = DEFAULT_FAILED_ERR;
		goto loser;
	}

	PR_fprintf(PR_STDOUT, msgStrings[DEFAULT_SUCCESS_MSG]);

	errcode = SUCCESS;
loser:
	return errcode;
}

/************************************************************************
 *
 * U n s e t D e f a u l t M o d u l e
 */
Error
UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms)
{
	SECMODModule * module;
	PK11SlotInfo *slot;
	int s, i;
	unsigned long mechFlags = getFlagsFromString(mechanisms,
		mechanismStrings, numMechanismStrings);
	PRBool found = PR_FALSE;

	mechFlags =  SECMOD_PubMechFlagstoInternal(mechFlags);

	module = SECMOD_FindModule(moduleName);
	if(!module) {
		PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
		return NO_SUCH_MODULE_ERR;
	}

	for(s=0; s < module->slotCount; s++) {
		slot = module->slots[s];
		if ((slotName != NULL) &&
			!((strcmp(PK11_GetSlotName(slot),slotName) == 0) ||
			(strcmp(PK11_GetTokenName(slot),slotName) == 0)) ) {
		    /* we are only interested in changing the one slot */
		    continue;
		}
		for(i=0; i <num_pk11_default_mechanisms; i++) {
			if(PK11_DefaultArray[i].flag & mechFlags) {
				PK11_UpdateSlotAttribute(slot, &(PK11_DefaultArray[i]),
					PR_FALSE);
			}
		}
	}
	if (slotName && !found) {
		PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
		return NO_SUCH_SLOT_ERR;
	}

	/* Delete and re-add module to save changes */
	if( SECMOD_DeletePermDB(module) != SECSuccess ) {
		PR_fprintf(PR_STDERR, errStrings[UNDEFAULT_FAILED_ERR],
		  moduleName);
		return UNDEFAULT_FAILED_ERR;
	}
	if( SECMOD_AddPermDB(module) != SECSuccess ) {
		/* We're in big trouble here */
		PR_fprintf(PR_STDERR, errStrings[UNDEFAULT_FAILED_ERR],
		  moduleName);
		return UNDEFAULT_FAILED_ERR;
	}

	PR_fprintf(PR_STDOUT, msgStrings[UNDEFAULT_SUCCESS_MSG]);
	return SUCCESS;
}