security/nss/cmd/dbtest/dbtest.c
author Brian Smith <bsmith@mozilla.com>
Mon, 01 Oct 2012 11:02:15 -0700
changeset 108794 699db88b5ea01fd321fe8abfe5bb071e991b120d
parent 15273 437dcecc6377817753fd3bdce409c69f978ac2e4
child 320001 8bbd6c53b1abdcd63b9a090e3d74c09d115e1ab6
permissions -rw-r--r--
Bug 795972: Upgrade NSS to NSS_3_14_BETA1, r=me

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/*
** dbtest.c
**
** QA test for cert and key databases, especially to open
** database readonly (NSS_INIT_READONLY) and force initializations
** even if the databases cannot be opened (NSS_INIT_FORCEOPEN)
**
*/
#include <stdio.h>
#include <string.h>

#if defined(WIN32)
#include "fcntl.h"
#include "io.h"
#endif

#include "secutil.h"
#include "pk11pub.h"

#if defined(XP_UNIX)
#include <unistd.h>
#endif

#include "nspr.h"
#include "prtypes.h"
#include "certdb.h"
#include "nss.h"
#include "../modutil/modutil.h"

#include "plgetopt.h"

static char *progName;

char *dbDir  =  NULL;

static char *dbName[]={"secmod.db", "cert8.db", "key3.db"}; 
static char* dbprefix = "";
static char* secmodName = "secmod.db";
static char* userPassword = "";
PRBool verbose;

static char *
getPassword(PK11SlotInfo *slot, PRBool retry, void *arg)
{
    int *success = (int *)arg;

    if (retry) {
	*success = 0;
	return NULL;
    }

    *success = 1;
     return PORT_Strdup(userPassword);
}


static void Usage(const char *progName)
{
    printf("Usage:  %s [-r] [-f] [-i] [-d dbdir ] \n",
         progName);
    printf("%-20s open database readonly (NSS_INIT_READONLY)\n", "-r");
    printf("%-20s Continue to force initializations even if the\n", "-f");
    printf("%-20s databases cannot be opened (NSS_INIT_FORCEOPEN)\n", " ");
    printf("%-20s Try to initialize the database\n", "-i");
    printf("%-20s Supply a password with which to initialize the db\n", "-p");
    printf("%-20s Directory with cert database (default is .\n",
          "-d certdir");
    exit(1);
}

int main(int argc, char **argv)
{
    PLOptState *optstate;
    PLOptStatus optstatus;

    PRUint32 flags = 0;
    Error ret;
    SECStatus rv;
    char * dbString = NULL;
    PRBool doInitTest = PR_FALSE;
    int i;

    progName = strrchr(argv[0], '/');
    if (!progName)
        progName = strrchr(argv[0], '\\');
    progName = progName ? progName+1 : argv[0];

    optstate = PL_CreateOptState(argc, argv, "rfip:d:h");

    while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
        switch (optstate->option) {
          case 'h':
          default : Usage(progName);                    break;

          case 'r': flags |= NSS_INIT_READONLY;         break;

          case 'f': flags |= NSS_INIT_FORCEOPEN;        break;

	  case 'i': doInitTest = PR_TRUE;		break;

	  case 'p':
		userPassword = PORT_Strdup(optstate->value);
		break;

          case 'd':
                dbDir = PORT_Strdup(optstate->value);
                break;

        }
    }
    if (optstatus == PL_OPT_BAD)
        Usage(progName);

    if (!dbDir) {
        dbDir = SECU_DefaultSSLDir(); /* Look in $SSL_DIR */
    }
    dbDir = SECU_ConfigDirectory(dbDir);
    PR_fprintf(PR_STDERR, "dbdir selected is %s\n\n", dbDir);

    if( dbDir[0] == '\0') {
        PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dbDir);
        ret= DIR_DOESNT_EXIST_ERR;
        goto loser;
    }


    PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);

    /* get the status of the directory and databases and output message */
    if(PR_Access(dbDir, PR_ACCESS_EXISTS) != PR_SUCCESS) {
        PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dbDir);
    } else if(PR_Access(dbDir, PR_ACCESS_READ_OK) != PR_SUCCESS) {
        PR_fprintf(PR_STDERR, errStrings[DIR_NOT_READABLE_ERR], dbDir);
    } else {
        if( !( flags & NSS_INIT_READONLY ) &&
                PR_Access(dbDir, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
            PR_fprintf(PR_STDERR, errStrings[DIR_NOT_WRITEABLE_ERR], dbDir);
        }
	if (!doInitTest) {
            for (i=0;i<3;i++) {
        	dbString=PR_smprintf("%s/%s",dbDir,dbName[i]);
        	PR_fprintf(PR_STDOUT, "database checked is %s\n",dbString);
        	if(PR_Access(dbString, PR_ACCESS_EXISTS) != PR_SUCCESS) {
                    PR_fprintf(PR_STDERR, errStrings[FILE_DOESNT_EXIST_ERR], 
                                      dbString);
        	} else if(PR_Access(dbString, PR_ACCESS_READ_OK) != PR_SUCCESS) {
                    PR_fprintf(PR_STDERR, errStrings[FILE_NOT_READABLE_ERR], 
                                      dbString);
        	} else if( !( flags & NSS_INIT_READONLY ) &&
                       PR_Access(dbString, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
                    PR_fprintf(PR_STDERR, errStrings[FILE_NOT_WRITEABLE_ERR], 
                                      dbString);
        	}
	    }
        } 
    }


    rv = NSS_Initialize(SECU_ConfigDirectory(dbDir), dbprefix, dbprefix,
                   secmodName, flags);
    if (rv != SECSuccess) {
        SECU_PrintPRandOSError(progName);
        ret=NSS_INITIALIZE_FAILED_ERR;
    } else {
        ret=SUCCESS;
	if (doInitTest) {
	    PK11SlotInfo * slot = PK11_GetInternalKeySlot();
	    SECStatus rv;
	    int passwordSuccess = 0;
	    int type = CKM_DES3_CBC;
	    SECItem keyid = { 0, NULL, 0 };
	    unsigned char keyIdData[] = { 0xff, 0xfe };
	    PK11SymKey *key = NULL;

	    keyid.data = keyIdData;
	    keyid.len = sizeof(keyIdData);

	    PK11_SetPasswordFunc(getPassword);
	    rv = PK11_InitPin(slot, (char *)NULL, userPassword);
	    if (rv != SECSuccess) {
		PR_fprintf(PR_STDERR, "Failed to Init DB: %s\n", 
					SECU_Strerror(PORT_GetError()));
		ret = CHANGEPW_FAILED_ERR;
	    }
	    if (*userPassword && !PK11_IsLoggedIn(slot, &passwordSuccess)) {
                PR_fprintf(PR_STDERR, "New DB did not log in after init\n");
		ret = AUTHENTICATION_FAILED_ERR;
	    }
	    /* generate a symetric key */
	    key = PK11_TokenKeyGen(slot, type, NULL, 0, &keyid,
				    PR_TRUE, &passwordSuccess);

	    if (!key) {
		PR_fprintf(PR_STDERR, "Could not generated symetric key: %s\n",
				SECU_Strerror(PORT_GetError()));
		exit (UNSPECIFIED_ERR);
	    }
	    PK11_FreeSymKey(key);
	    PK11_Logout(slot);

	    PK11_Authenticate(slot, PR_TRUE, &passwordSuccess);

	    if (*userPassword && !passwordSuccess) {
		PR_fprintf(PR_STDERR, "New DB Did not initalize\n");
		ret = AUTHENTICATION_FAILED_ERR;
	    }
	    key = PK11_FindFixedKey(slot, type, &keyid, &passwordSuccess);

	    if (!key) {
		PR_fprintf(PR_STDERR, "Could not find generated key: %s\n",
				SECU_Strerror(PORT_GetError()));
		ret = UNSPECIFIED_ERR;
	    } else {
		PK11_FreeSymKey(key);
	    }
 	    PK11_FreeSlot(slot);
	}
	     
        if (NSS_Shutdown() != SECSuccess) {
	    PR_fprintf(PR_STDERR, "Could not find generated key: %s\n",
				SECU_Strerror(PORT_GetError()));
            exit(1);
        }
    }

loser:
    return ret;
}