mozilla-central/security/nss/cmd/dbck/dbrecover.c

Source code

Revision control

Copy as Markdown

Other Tools

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
enum {
dbInvalidCert = 0,
dbNoSMimeProfile,
dbOlderCert,
dbBadCertificate,
dbCertNotWrittenToDB
};
typedef struct dbRestoreInfoStr {
NSSLOWCERTCertDBHandle *handle;
PRBool verbose;
PRFileDesc *out;
int nCerts;
int nOldCerts;
int dbErrors[5];
PRBool removeType[3];
PRBool promptUser[3];
} dbRestoreInfo;
char *
IsEmailCert(CERTCertificate *cert)
{
char *email, *tmp1, *tmp2;
PRBool isCA;
int len;
if (!cert->subjectName) {
return NULL;
}
tmp1 = PORT_Strstr(cert->subjectName, "E=");
tmp2 = PORT_Strstr(cert->subjectName, "MAIL=");
/* XXX Nelson has cert for KTrilli which does not have either
* of above but is email cert (has cert->emailAddr).
*/
if (!tmp1 && !tmp2 && !(cert->emailAddr && cert->emailAddr[0])) {
return NULL;
}
/* Server or CA cert, not personal email. */
isCA = CERT_IsCACert(cert, NULL);
if (isCA)
return NULL;
/* XXX CERT_IsCACert advertises checking the key usage ext.,
but doesn't appear to. */
/* Check the key usage extension. */
if (cert->keyUsagePresent) {
/* Must at least be able to sign or encrypt (not neccesarily
* both if it is one of a dual cert).
*/
if (!((cert->rawKeyUsage & KU_DIGITAL_SIGNATURE) ||
(cert->rawKeyUsage & KU_KEY_ENCIPHERMENT)))
return NULL;
/* CA cert, not personal email. */
if (cert->rawKeyUsage & (KU_KEY_CERT_SIGN | KU_CRL_SIGN))
return NULL;
}
if (cert->emailAddr && cert->emailAddr[0]) {
email = PORT_Strdup(cert->emailAddr);
} else {
if (tmp1)
tmp1 += 2; /* "E=" */
else
tmp1 = tmp2 + 5; /* "MAIL=" */
len = strcspn(tmp1, ", ");
email = (char *)PORT_Alloc(len + 1);
PORT_Strncpy(email, tmp1, len);
email[len] = '\0';
}
return email;
}
SECStatus
deleteit(CERTCertificate *cert, void *arg)
{
return SEC_DeletePermCertificate(cert);
}
/* Different than DeleteCertificate - has the added bonus of removing
* all certs with the same DN.
*/
SECStatus
deleteAllEntriesForCert(NSSLOWCERTCertDBHandle *handle, CERTCertificate *cert,
PRFileDesc *outfile)
{
#if 0
certDBEntrySubject *subjectEntry;
certDBEntryNickname *nicknameEntry;
certDBEntrySMime *smimeEntry;
int i;
#endif
if (outfile) {
PR_fprintf(outfile, "$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n\n");
PR_fprintf(outfile, "Deleting redundant certificate:\n");
dumpCertificate(cert, -1, outfile);
}
CERT_TraverseCertsForSubject(handle, cert->subjectList, deleteit, NULL);
#if 0
CERT_LockDB(handle);
subjectEntry = ReadDBSubjectEntry(handle, &cert->derSubject);
/* It had better be there, or created a bad db. */
PORT_Assert(subjectEntry);
for (i=0; i<subjectEntry->ncerts; i++) {
DeleteDBCertEntry(handle, &subjectEntry->certKeys[i]);
}
DeleteDBSubjectEntry(handle, &cert->derSubject);
if (subjectEntry->emailAddr && subjectEntry->emailAddr[0]) {
smimeEntry = ReadDBSMimeEntry(handle, subjectEntry->emailAddr);
if (smimeEntry) {
if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject,
&smimeEntry->subjectName))
/* Only delete it if it's for this subject! */
DeleteDBSMimeEntry(handle, subjectEntry->emailAddr);
SEC_DestroyDBEntry((certDBEntry*)smimeEntry);
}
}
if (subjectEntry->nickname) {
nicknameEntry = ReadDBNicknameEntry(handle, subjectEntry->nickname);
if (nicknameEntry) {
if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject,
&nicknameEntry->subjectName))
/* Only delete it if it's for this subject! */
DeleteDBNicknameEntry(handle, subjectEntry->nickname);
SEC_DestroyDBEntry((certDBEntry*)nicknameEntry);
}
}
SEC_DestroyDBEntry((certDBEntry*)subjectEntry);
CERT_UnlockDB(handle);
#endif
return SECSuccess;
}
void
getCertsToDelete(char *numlist, int len, int *certNums, int nCerts)
{
int j, num;
char *numstr, *numend, *end;
numstr = numlist;
end = numstr + len - 1;
while (numstr != end) {
numend = strpbrk(numstr, ", \n");
*numend = '\0';
if (PORT_Strlen(numstr) == 0)
return;
num = PORT_Atoi(numstr);
if (numstr == numlist)
certNums[0] = num;
for (j = 1; j < nCerts + 1; j++) {
if (num == certNums[j]) {
certNums[j] = -1;
break;
}
}
if (numend == end)
break;
numstr = strpbrk(numend + 1, "0123456789");
}
}
PRBool
userSaysDeleteCert(CERTCertificate **certs, int nCerts,
int errtype, dbRestoreInfo *info, int *certNums)
{
char response[32];
PRInt32 nb;
int i;
/* User wants to remove cert without prompting. */
if (info->promptUser[errtype] == PR_FALSE)
return (info->removeType[errtype]);
switch (errtype) {
case dbInvalidCert:
PR_fprintf(PR_STDOUT, "******** Expired ********\n");
PR_fprintf(PR_STDOUT, "Cert has expired.\n\n");
dumpCertificate(certs[0], -1, PR_STDOUT);
PR_fprintf(PR_STDOUT,
"Keep it? (y/n - this one, Y/N - all expired certs) [n] ");
break;
case dbNoSMimeProfile:
PR_fprintf(PR_STDOUT, "******** No Profile ********\n");
PR_fprintf(PR_STDOUT, "S/MIME cert has no profile.\n\n");
dumpCertificate(certs[0], -1, PR_STDOUT);
PR_fprintf(PR_STDOUT,
"Keep it? (y/n - this one, Y/N - all S/MIME w/o profile) [n] ");
break;
case dbOlderCert:
PR_fprintf(PR_STDOUT, "******* Redundant nickname/email *******\n\n");
PR_fprintf(PR_STDOUT, "These certs have the same nickname/email:\n");
for (i = 0; i < nCerts; i++)
dumpCertificate(certs[i], i, PR_STDOUT);
PR_fprintf(PR_STDOUT,
"Enter the certs you would like to keep from those listed above.\n");
PR_fprintf(PR_STDOUT,
"Use a comma-separated list of the cert numbers (ex. 0, 8, 12).\n");
PR_fprintf(PR_STDOUT,
"The first cert in the list will be the primary cert\n");
PR_fprintf(PR_STDOUT,
" accessed by the nickname/email handle.\n");
PR_fprintf(PR_STDOUT,
"List cert numbers to keep here, or hit enter\n");
PR_fprintf(PR_STDOUT,
" to always keep only the newest cert: ");
break;
default:
}
nb = PR_Read(PR_STDIN, response, sizeof(response));
PR_fprintf(PR_STDOUT, "\n\n");
if (errtype == dbOlderCert) {
if (!isdigit(response[0])) {
info->promptUser[errtype] = PR_FALSE;
info->removeType[errtype] = PR_TRUE;
return PR_TRUE;
}
getCertsToDelete(response, nb, certNums, nCerts);
return PR_TRUE;
}
/* User doesn't want to be prompted for this type anymore. */
if (response[0] == 'Y') {
info->promptUser[errtype] = PR_FALSE;
info->removeType[errtype] = PR_FALSE;
return PR_FALSE;
} else if (response[0] == 'N') {
info->promptUser[errtype] = PR_FALSE;
info->removeType[errtype] = PR_TRUE;
return PR_TRUE;
}
return (response[0] != 'y') ? PR_TRUE : PR_FALSE;
}
SECStatus
addCertToDB(certDBEntryCert *certEntry, dbRestoreInfo *info,
NSSLOWCERTCertDBHandle *oldhandle)
{
SECStatus rv = SECSuccess;
PRBool allowOverride;
PRBool userCert;
SECCertTimeValidity validity;
CERTCertificate *oldCert = NULL;
CERTCertificate *dbCert = NULL;
CERTCertificate *newCert = NULL;
CERTCertTrust *trust;
certDBEntrySMime *smimeEntry = NULL;
char *email = NULL;
char *nickname = NULL;
int nCertsForSubject = 1;
oldCert = CERT_DecodeDERCertificate(&certEntry->derCert, PR_FALSE,
certEntry->nickname);
if (!oldCert) {
info->dbErrors[dbBadCertificate]++;
SEC_DestroyDBEntry((certDBEntry *)certEntry);
return SECSuccess;
}
oldCert->dbEntry = certEntry;
oldCert->trust = &certEntry->trust;
oldCert->dbhandle = oldhandle;
trust = oldCert->trust;
info->nOldCerts++;
if (info->verbose)
PR_fprintf(info->out, "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\n\n");
if (oldCert->nickname)
nickname = PORT_Strdup(oldCert->nickname);
/* Always keep user certs. Skip ahead. */
/* XXX if someone sends themselves a signed message, it is possible
for their cert to be imported as an "other" cert, not a user cert.
this mucks with smime entries... */
userCert = (SEC_GET_TRUST_FLAGS(trust, trustSSL) & CERTDB_USER) ||
(SEC_GET_TRUST_FLAGS(trust, trustEmail) & CERTDB_USER) ||
(SEC_GET_TRUST_FLAGS(trust, trustObjectSigning) & CERTDB_USER);
if (userCert)
goto createcert;
/* If user chooses so, ignore expired certificates. */
allowOverride = (PRBool)((oldCert->keyUsage == certUsageSSLServer) ||
(oldCert->keyUsage == certUsageSSLServerWithStepUp) ||
(oldCert->keyUsage == certUsageIPsec));
validity = CERT_CheckCertValidTimes(oldCert, PR_Now(), allowOverride);
/* If cert expired and user wants to delete it, ignore it. */
if ((validity != secCertTimeValid) &&
userSaysDeleteCert(&oldCert, 1, dbInvalidCert, info, 0)) {
info->dbErrors[dbInvalidCert]++;
if (info->verbose) {
PR_fprintf(info->out, "Deleting expired certificate:\n");
dumpCertificate(oldCert, -1, info->out);
}
goto cleanup;
}
/* New database will already have default certs, don't attempt
to overwrite them. */
dbCert = CERT_FindCertByDERCert(info->handle, &oldCert->derCert);
if (dbCert) {
info->nCerts++;
if (info->verbose) {
PR_fprintf(info->out, "Added certificate to database:\n");
dumpCertificate(oldCert, -1, info->out);
}
goto cleanup;
}
/* Determine if cert is S/MIME and get its email if so. */
email = IsEmailCert(oldCert);
/*
XXX Just create empty profiles?
if (email) {
SECItem *profile = CERT_FindSMimeProfile(oldCert);
if (!profile &&
userSaysDeleteCert(&oldCert, 1, dbNoSMimeProfile, info, 0)) {
info->dbErrors[dbNoSMimeProfile]++;
if (info->verbose) {
PR_fprintf(info->out,
"Deleted cert missing S/MIME profile.\n");
dumpCertificate(oldCert, -1, info->out);
}
goto cleanup;
} else {
SECITEM_FreeItem(profile);
}
}
*/
createcert:
/* Sometimes happens... */
if (!nickname && userCert)
nickname = PORT_Strdup(oldCert->subjectName);
/* Create a new certificate, copy of the old one. */
newCert = CERT_NewTempCertificate(info->handle, &oldCert->derCert,
nickname, PR_FALSE, PR_TRUE);
if (!newCert) {
PR_fprintf(PR_STDERR, "Unable to create new certificate.\n");
dumpCertificate(oldCert, -1, PR_STDERR);
info->dbErrors[dbBadCertificate]++;
goto cleanup;
}
/* Add the cert to the new database. */
rv = CERT_AddTempCertToPerm(newCert, nickname, oldCert->trust);
if (rv) {
PR_fprintf(PR_STDERR, "Failed to write temp cert to perm database.\n");
dumpCertificate(oldCert, -1, PR_STDERR);
info->dbErrors[dbCertNotWrittenToDB]++;
goto cleanup;
}
if (info->verbose) {
PR_fprintf(info->out, "Added certificate to database:\n");
dumpCertificate(oldCert, -1, info->out);
}
/* If the cert is an S/MIME cert, and the first with it's subject,
* modify the subject entry to include the email address,
* CERT_AddTempCertToPerm does not do email addresses and S/MIME entries.
*/
if (smimeEntry) { /*&& !userCert && nCertsForSubject == 1) { */
#if 0
UpdateSubjectWithEmailAddr(newCert, email);
#endif
SECItem emailProfile, profileTime;
rv = CERT_FindFullSMimeProfile(oldCert, &emailProfile, &profileTime);
/* calls UpdateSubjectWithEmailAddr */
if (rv == SECSuccess)
rv = CERT_SaveSMimeProfile(newCert, &emailProfile, &profileTime);
}
info->nCerts++;
cleanup:
if (nickname)
PORT_Free(nickname);
if (email)
PORT_Free(email);
if (oldCert)
CERT_DestroyCertificate(oldCert);
if (dbCert)
CERT_DestroyCertificate(dbCert);
if (newCert)
CERT_DestroyCertificate(newCert);
if (smimeEntry)
SEC_DestroyDBEntry((certDBEntry *)smimeEntry);
return SECSuccess;
}
#if 0
SECStatus
copyDBEntry(SECItem *data, SECItem *key, certDBEntryType type, void *pdata)
{
SECStatus rv;
NSSLOWCERTCertDBHandle *newdb = (NSSLOWCERTCertDBHandle *)pdata;
certDBEntryCommon common;
SECItem dbkey;
common.type = type;
common.version = CERT_DB_FILE_VERSION;
common.flags = data->data[2];
common.arena = NULL;
dbkey.len = key->len + SEC_DB_KEY_HEADER_LEN;
dbkey.data = (unsigned char *)PORT_Alloc(dbkey.len*sizeof(unsigned char));
PORT_Memcpy(&dbkey.data[SEC_DB_KEY_HEADER_LEN], key->data, key->len);
dbkey.data[0] = type;
rv = WriteDBEntry(newdb, &common, &dbkey, data);
PORT_Free(dbkey.data);
return rv;
}
#endif
int
certIsOlder(CERTCertificate **cert1, CERTCertificate **cert2)
{
return !CERT_IsNewer(*cert1, *cert2);
}
int
findNewestSubjectForEmail(NSSLOWCERTCertDBHandle *handle, int subjectNum,
certDBArray *dbArray, dbRestoreInfo *info,
int *subjectWithSMime, int *smimeForSubject)
{
int newestSubject;
int subjectsForEmail[50];
int i, j, ns, sNum;
certDBEntryListNode *subjects = &dbArray->subjects;
certDBEntryListNode *smime = &dbArray->smime;
certDBEntrySubject *subjectEntry1, *subjectEntry2;
certDBEntrySMime *smimeEntry;
CERTCertificate **certs;
CERTCertificate *cert;
CERTCertTrust *trust;
PRBool userCert;
int *certNums;
ns = 0;
subjectEntry1 = (certDBEntrySubject *)&subjects.entries[subjectNum];
subjectsForEmail[ns++] = subjectNum;
*subjectWithSMime = -1;
*smimeForSubject = -1;
newestSubject = subjectNum;
cert = CERT_FindCertByKey(handle, &subjectEntry1->certKeys[0]);
if (cert) {
trust = cert->trust;
userCert = (SEC_GET_TRUST_FLAGS(trust, trustSSL) & CERTDB_USER) ||
(SEC_GET_TRUST_FLAGS(trust, trustEmail) & CERTDB_USER) ||
(SEC_GET_TRUST_FLAGS(trust, trustObjectSigning) & CERTDB_USER);
CERT_DestroyCertificate(cert);
}
/*
* XXX Should we make sure that subjectEntry1->emailAddr is not
* a null pointer or an empty string before going into the next
* two for loops, which pass it to PORT_Strcmp?
*/
/* Loop over the remaining subjects. */
for (i = subjectNum + 1; i < subjects.numEntries; i++) {
subjectEntry2 = (certDBEntrySubject *)&subjects.entries[i];
if (!subjectEntry2)
continue;
if (subjectEntry2->emailAddr && subjectEntry2->emailAddr[0] &&
PORT_Strcmp(subjectEntry1->emailAddr,
subjectEntry2->emailAddr) == 0) {
/* Found a subject using the same email address. */
subjectsForEmail[ns++] = i;
}
}
/* Find the S/MIME entry for this email address. */
for (i = 0; i < smime.numEntries; i++) {
smimeEntry = (certDBEntrySMime *)&smime.entries[i];
if (smimeEntry->common.arena == NULL)
continue;
if (smimeEntry->emailAddr && smimeEntry->emailAddr[0] &&
PORT_Strcmp(subjectEntry1->emailAddr, smimeEntry->emailAddr) == 0) {
/* Find which of the subjects uses this S/MIME entry. */
for (j = 0; j < ns && *subjectWithSMime < 0; j++) {
sNum = subjectsForEmail[j];
subjectEntry2 = (certDBEntrySubject *)&subjects.entries[sNum];
if (SECITEM_ItemsAreEqual(&smimeEntry->subjectName,
&subjectEntry2->derSubject)) {
/* Found the subject corresponding to the S/MIME entry. */
*subjectWithSMime = sNum;
*smimeForSubject = i;
}
}
SEC_DestroyDBEntry((certDBEntry *)smimeEntry);
PORT_Memset(smimeEntry, 0, sizeof(certDBEntry));
break;
}
}
if (ns <= 1)
return subjectNum;
if (userCert)
return *subjectWithSMime;
/* Now find which of the subjects has the newest cert. */
certs = (CERTCertificate **)PORT_Alloc(ns * sizeof(CERTCertificate *));
certNums = (int *)PORT_Alloc((ns + 1) * sizeof(int));
certNums[0] = 0;
for (i = 0; i < ns; i++) {
sNum = subjectsForEmail[i];
subjectEntry1 = (certDBEntrySubject *)&subjects.entries[sNum];
certs[i] = CERT_FindCertByKey(handle, &subjectEntry1->certKeys[0]);
certNums[i + 1] = i;
}
/* Sort the array by validity. */
qsort(certs, ns, sizeof(CERTCertificate *),
(int (*)(const void *, const void *))certIsOlder);
newestSubject = -1;
for (i = 0; i < ns; i++) {
sNum = subjectsForEmail[i];
subjectEntry1 = (certDBEntrySubject *)&subjects.entries[sNum];
if (SECITEM_ItemsAreEqual(&subjectEntry1->derSubject,
&certs[0]->derSubject))
newestSubject = sNum;
else
SEC_DestroyDBEntry((certDBEntry *)subjectEntry1);
}
if (info && userSaysDeleteCert(certs, ns, dbOlderCert, info, certNums)) {
for (i = 1; i < ns + 1; i++) {
if (certNums[i] >= 0 && certNums[i] != certNums[0]) {
deleteAllEntriesForCert(handle, certs[certNums[i]], info->out);
info->dbErrors[dbOlderCert]++;
}
}
}
CERT_DestroyCertArray(certs, ns);
return newestSubject;
}
NSSLOWCERTCertDBHandle *
DBCK_ReconstructDBFromCerts(NSSLOWCERTCertDBHandle *oldhandle, char *newdbname,
PRFileDesc *outfile, PRBool removeExpired,
PRBool requireProfile, PRBool singleEntry,
PRBool promptUser)
{
SECStatus rv;
dbRestoreInfo info;
certDBEntryContentVersion *oldContentVersion;
certDBArray dbArray;
int i;
PORT_Memset(&dbArray, 0, sizeof(dbArray));
PORT_Memset(&info, 0, sizeof(info));
info.verbose = (outfile) ? PR_TRUE : PR_FALSE;
info.out = (outfile) ? outfile : PR_STDOUT;
info.removeType[dbInvalidCert] = removeExpired;
info.removeType[dbNoSMimeProfile] = requireProfile;
info.removeType[dbOlderCert] = singleEntry;
info.promptUser[dbInvalidCert] = promptUser;
info.promptUser[dbNoSMimeProfile] = promptUser;
info.promptUser[dbOlderCert] = promptUser;
/* Allocate a handle to fill with CERT_OpenCertDB below. */
info.handle = PORT_ZNew(NSSLOWCERTCertDBHandle);
if (!info.handle) {
fprintf(stderr, "unable to get database handle");
return NULL;
}
/* Create a certdb with the most recent set of roots. */
rv = CERT_OpenCertDBFilename(info.handle, newdbname, PR_FALSE);
if (rv) {
fprintf(stderr, "could not open certificate database");
goto loser;
}
/* Create certificate, subject, nickname, and email records.
* mcom_db seems to have a sequential access bug. Though reads and writes
* should be allowed during traversal, they seem to screw up the sequence.
* So, stuff all the cert entries into an array, and loop over the array
* doing read/writes in the db.
*/
fillDBEntryArray(oldhandle, certDBEntryTypeCert, &dbArray.certs);
for (elem = PR_LIST_HEAD(&dbArray->certs.link);
elem != &dbArray->certs.link; elem = PR_NEXT_LINK(elem)) {
node = LISTNODE_CAST(elem);
addCertToDB((certDBEntryCert *)&node->entry, &info, oldhandle);
/* entries get destroyed in addCertToDB */
}
#if 0
rv = nsslowcert_TraverseDBEntries(oldhandle, certDBEntryTypeSMimeProfile,
copyDBEntry, info.handle);
#endif
/* Fix up the pointers between (nickname|S/MIME) --> (subject).
* Create S/MIME entries for S/MIME certs.
* Have the S/MIME entry point to the last-expiring cert using
* an email address.
*/
#if 0
CERT_RedoHandlesForSubjects(info.handle, singleEntry, &info);
#endif
freeDBEntryList(&dbArray.certs.link);
/* Copy over the version record. */
/* XXX Already exists - and _must_ be correct... */
/*
versionEntry = ReadDBVersionEntry(oldhandle);
rv = WriteDBVersionEntry(info.handle, versionEntry);
*/
/* Copy over the content version record. */
/* XXX Can probably get useful info from old content version?
* Was this db created before/after this tool? etc.
*/
#if 0
oldContentVersion = ReadDBContentVersionEntry(oldhandle);
CERT_SetDBContentVersion(oldContentVersion->contentVersion, info.handle);
#endif
#if 0
/* Copy over the CRL & KRL records. */
rv = nsslowcert_TraverseDBEntries(oldhandle, certDBEntryTypeRevocation,
copyDBEntry, info.handle);
/* XXX Only one KRL, just do db->get? */
rv = nsslowcert_TraverseDBEntries(oldhandle, certDBEntryTypeKeyRevocation,
copyDBEntry, info.handle);
#endif
PR_fprintf(info.out, "Database had %d certificates.\n", info.nOldCerts);
PR_fprintf(info.out, "Reconstructed %d certificates.\n", info.nCerts);
PR_fprintf(info.out, "(ax) Rejected %d expired certificates.\n",
info.dbErrors[dbInvalidCert]);
PR_fprintf(info.out, "(as) Rejected %d S/MIME certificates missing a profile.\n",
info.dbErrors[dbNoSMimeProfile]);
PR_fprintf(info.out, "(ar) Rejected %d certificates for which a newer certificate was found.\n",
info.dbErrors[dbOlderCert]);
PR_fprintf(info.out, " Rejected %d corrupt certificates.\n",
info.dbErrors[dbBadCertificate]);
PR_fprintf(info.out, " Rejected %d certificates which did not write to the DB.\n",
info.dbErrors[dbCertNotWrittenToDB]);
if (rv)
goto loser;
return info.handle;
loser:
if (info.handle)
PORT_Free(info.handle);
return NULL;
}