Fix for bug 423839 . Add multiple PKCS#11 token password command line options to crmftest, modutil, p7sign, p7content . r=nelson

git-svn-id: svn://10.0.0.236/trunk@253377 18797224-902f-48f8-a5cc-f745e15eee43
2008-08-04 22:58:31 +00:00 · 2008-08-04 22:58:31 +00:00 · 8c15f988ed
commit 8c15f988ed
parent f44137d22e
4 changed files with 41 additions and 46 deletions
--- a/mozilla/security/nss/cmd/crmftest/testcrmf.c
+++ b/mozilla/security/nss/cmd/crmftest/testcrmf.c
@ -1497,6 +1497,7 @@ Usage (void)
 	    "\tcrmftest -d [Database Directory] -p [Personal Cert]\n"
 	    "\t         -e [Encrypter] -s [CA Certificate] [-P password]\n\n"
 	    "\t         [crmf] [dsa] [decode] [cmmf] [recover] [challenge]\n"
+	    "\t         [-f password_file]\n"
 	    "Database Directory\n"
 	    "\tThis is the directory where the key3.db, cert7.db, and\n"
 	    "\tsecmod.db files are located.  This is also the directory\n"
@ -1558,6 +1559,7 @@ main(int argc, char **argv)
    PLOptState       *optstate;
    PLOptStatus       status;
    char             *password = NULL;
+    char             *pwfile = NULL;
    int               irv     = 0;
    PRUint32          flags   = 0;
    SECStatus         rv;
@ -1570,7 +1572,7 @@ main(int argc, char **argv)
    memset( &signPair,  0, sizeof signPair);
    memset( &cryptPair, 0, sizeof cryptPair);
    printf ("\ncrmftest v1.0\n");
-    optstate = PL_CreateOptState(argc, argv, "d:p:e:s:P:");
+    optstate = PL_CreateOptState(argc, argv, "d:p:e:s:P:f:");
    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	switch (optstate->option) {
 	case 'd':
@ -1612,8 +1614,19 @@ main(int argc, char **argv)
 	        printf ("-P  failed\n");
 	        return 606;
 	    }
+            pwdata.source = PW_PLAINTEXT;
+            pwdata.data = password;
 	    PArg = PR_TRUE;
 	    break;
+        case 'f':
+	    pwfile = PORT_Strdup(optstate->value);
+	    if (pwfile == NULL) {
+	        printf ("-f  failed\n");
+	        return 607;
+	    }
+            pwdata.source = PW_FROMFILE;
+            pwdata.data = pwfile;
+            break;
 	case 0:  /* positional parameter */
 	    rv = parsePositionalParam(optstate->value, &flags);
 	    if (rv) {
@ -1635,10 +1648,6 @@ main(int argc, char **argv)
    	flags = ~ TEST_USE_DSA;
    db = CERT_GetDefaultCertDB();
    InitPKCS11();
-    if (password) {
-	pwdata.source = PW_PLAINTEXT;
-	pwdata.data = password;
-    }

    if (flags & TEST_MAKE_CRMF_REQ) {
 	printf("Generating CRMF request\n");
--- a/mozilla/security/nss/cmd/modutil/pk11.c
+++ b/mozilla/security/nss/cmd/modutil/pk11.c
@ -683,8 +683,6 @@ ChangePW(char *tokenName, char *pwFile, char *newpwFile)
 	return NO_SUCH_TOKEN_ERR;
    }

-    PK11_SetPasswordFunc(SECU_GetModulePassword);
-
    /* Get old password */
    if(! PK11_NeedUserInit(slot)) {
 	if(pwFile) {
--- a/mozilla/security/nss/cmd/p7content/p7content.c
+++ b/mozilla/security/nss/cmd/p7content/p7content.c
@ -37,7 +37,7 @@
 /*
 * p7content -- A command to display pkcs7 content.
 *
- * $Id: p7content.c,v 1.11 2007-01-25 00:52:25 alexei.volkov.bugs%sun.com Exp $
+ * $Id: p7content.c,v 1.12 2008-08-04 22:58:31 julien.pierre.boogz%sun.com Exp $
 */

 #include "nspr.h"
@ -80,6 +80,7 @@ Usage(char *progName)
 }

 static PRBool saw_content;
+static secuPWData  pwdata          = { PW_NONE, 0 };

 static void
 PrintBytes(void *arg, const char *buf, unsigned long len)
@ -104,19 +105,6 @@ decryption_allowed(SECAlgorithmID *algid, PK11SymKey *key)
    return PR_TRUE;
 }

-char* KeyDbPassword = 0;
-
-
-char* MyPK11PasswordFunc (PK11SlotInfo *slot, PRBool retry, void* arg)
-{
-    char *ret=0;
-
-    if (retry == PR_TRUE)
-        return NULL;
-    ret = PL_strdup (KeyDbPassword);
-    return ret;
-}
-
 int
 DecodeAndPrintFile(FILE *out, PRFileDesc *in, char *progName)
 {
@ -134,7 +122,7 @@ DecodeAndPrintFile(FILE *out, PRFileDesc *in, char *progName)
    fprintf(out, "\n---------------------------------------------\n");

    saw_content = PR_FALSE;
-    dcx = SEC_PKCS7DecoderStart(PrintBytes, out, NULL, NULL,
+    dcx = SEC_PKCS7DecoderStart(PrintBytes, out, NULL, &pwdata,
 				NULL, NULL, decryption_allowed);
    if (dcx != NULL) {
 #if 0	/* Test that decoder works when data is really streaming in. */
@ -207,7 +195,6 @@ DecodeAndPrintFile(FILE *out, PRFileDesc *in, char *progName)
    return 0;
 }

-
 /*
 * Print the contents of a PKCS7 message, indicating signatures, etc.
 */
@ -231,7 +218,7 @@ main(int argc, char **argv)
    /*
     * Parse command line arguments
     */
-    optstate = PL_CreateOptState(argc, argv, "d:i:o:p:");
+    optstate = PL_CreateOptState(argc, argv, "d:i:o:p:f:");
    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	switch (optstate->option) {
 	  case 'd':
@ -257,7 +244,13 @@ main(int argc, char **argv)
 	    break;

 	  case 'p':
-            KeyDbPassword = strdup (optstate->value);
+            pwdata.source = PW_PLAINTEXT;
+            pwdata.data = PORT_Strdup (optstate->value);
+            break;
+
+          case 'f':
+            pwdata.source = PW_FROMFILE;
+            pwdata.data = PORT_Strdup (optstate->value);
            break;

 	  default:
@ -279,7 +272,7 @@ main(int argc, char **argv)
 	return -1;
    }

-    PK11_SetPasswordFunc (MyPK11PasswordFunc);
+    PK11_SetPasswordFunc(SECU_GetModulePassword);

    if (DecodeAndPrintFile(outFile, inFile, progName)) {
 	SECU_PrintError(progName, "problem decoding data");
--- a/mozilla/security/nss/cmd/p7sign/p7sign.c
+++ b/mozilla/security/nss/cmd/p7sign/p7sign.c
@ -38,7 +38,7 @@
 * p7sign -- A command to create a *detached* pkcs7 signature (over a given
 * input file).
 *
- * $Id: p7sign.c,v 1.13 2007-01-26 01:15:43 nelson%bolyard.com Exp $
+ * $Id: p7sign.c,v 1.14 2008-08-04 22:58:28 julien.pierre.boogz%sun.com Exp $
 */

 #include "nspr.h"
@ -64,19 +64,7 @@ extern int fwrite(char *, size_t, size_t, FILE*);
 extern int fprintf(FILE *, char *, ...);
 #endif

-char* KeyDbPassword = 0;
-
-
-char* MyPK11PasswordFunc (PK11SlotInfo *slot, PRBool retry, void* arg)
-{
-    char *ret=0;
-
-    if (retry == PR_TRUE)
-        return NULL;
-    ret = PL_strdup (KeyDbPassword);
-    return ret;
-}
-
+static secuPWData  pwdata          = { PW_NONE, 0 };

 static void
 Usage(char *progName)
@ -95,6 +83,7 @@ Usage(char *progName)
    fprintf(stderr, "%-20s Encapsulate content in signature message\n",
 	    "-e");
    fprintf(stderr, "%-20s Password to the key databse\n", "-p");
+    fprintf(stderr, "%-20s password file\n", "-f");
    exit(-1);
 }

@ -174,7 +163,7 @@ SignFile(FILE *outFile, PRFileDesc *inFile, CERTCertificate *cert,
    }

    rv = SEC_PKCS7Encode (cinfo, SignOut, outFile, NULL,
-			  NULL, NULL);
+			  NULL, &pwdata);

    SEC_PKCS7DestroyContentInfo (cinfo);

@ -208,7 +197,7 @@ main(int argc, char **argv)
    /*
     * Parse command line arguments
     */
-    optstate = PL_CreateOptState(argc, argv, "ed:k:i:o:p:");
+    optstate = PL_CreateOptState(argc, argv, "ed:k:i:o:p:f:");
    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	switch (optstate->option) {
 	  case '?':
@ -246,8 +235,14 @@ main(int argc, char **argv)
 	    }
 	    break;
 	  case 'p':
-            KeyDbPassword = strdup (optstate->value);
+            pwdata.source = PW_PLAINTEXT;
+            pwdata.data = strdup (optstate->value);
            break;
+
+	  case 'f':
+              pwdata.source = PW_FROMFILE;
+              pwdata.data = PORT_Strdup (optstate->value);
+              break;
 	}
    }

@ -264,7 +259,7 @@ main(int argc, char **argv)
 	goto loser;
    }

-    PK11_SetPasswordFunc (MyPK11PasswordFunc);
+    PK11_SetPasswordFunc(SECU_GetModulePassword);

    /* open cert database */
    certHandle = CERT_GetDefaultCertDB();
@ -290,8 +285,8 @@ main(int argc, char **argv)
    }

 loser:
-    if (KeyDbPassword) {
-        PORT_Free(KeyDbPassword);
+    if (pwdata.data) {
+        PORT_Free(pwdata.data);
    }
    if (keyName) {
        PORT_Free(keyName);