Source code
Revision control
Copy as Markdown
Other Tools
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
/*
* The following code handles the storage of PKCS 11 modules used by the
* NSS. This file is written to abstract away how the modules are
* stored so we can decide that later.
*/
#include "secport.h"
#include "prprf.h"
#include "prenv.h"
#include "utilpars.h"
#include "utilmodt.h"
/*
* return the expected matching quote value for the one specified
*/
PRBool
NSSUTIL_ArgGetPair(char c)
{
switch (c) {
case '\'':
return c;
case '\"':
return c;
case '<':
return '>';
case '{':
return '}';
case '[':
return ']';
case '(':
return ')';
default:
break;
}
return ' ';
}
PRBool
NSSUTIL_ArgIsBlank(char c)
{
return isspace((unsigned char)c);
}
PRBool
NSSUTIL_ArgIsEscape(char c)
{
return c == '\\';
}
PRBool
NSSUTIL_ArgIsQuote(char c)
{
switch (c) {
case '\'':
case '\"':
case '<':
case '{': /* } end curly to keep vi bracket matching working */
case '(': /* ) */
case '[': /* ] */
return PR_TRUE;
default:
break;
}
return PR_FALSE;
}
const char *
NSSUTIL_ArgStrip(const char *c)
{
while (*c && NSSUTIL_ArgIsBlank(*c))
c++;
return c;
}
/*
* find the end of the current tag/value pair. string should be pointing just
* after the equal sign. Handles quoted characters.
*/
const char *
NSSUTIL_ArgFindEnd(const char *string)
{
char endChar = ' ';
PRBool lastEscape = PR_FALSE;
if (NSSUTIL_ArgIsQuote(*string)) {
endChar = NSSUTIL_ArgGetPair(*string);
string++;
}
for (; *string; string++) {
if (lastEscape) {
lastEscape = PR_FALSE;
continue;
}
if (NSSUTIL_ArgIsEscape(*string) && !lastEscape) {
lastEscape = PR_TRUE;
continue;
}
if ((endChar == ' ') && NSSUTIL_ArgIsBlank(*string))
break;
if (*string == endChar) {
break;
}
}
return string;
}
/*
* get the value pointed to by string. string should be pointing just beyond
* the equal sign.
*/
char *
NSSUTIL_ArgFetchValue(const char *string, int *pcount)
{
const char *end = NSSUTIL_ArgFindEnd(string);
char *retString, *copyString;
PRBool lastEscape = PR_FALSE;
int len;
len = end - string;
if (len == 0) {
*pcount = 0;
return NULL;
}
copyString = retString = (char *)PORT_Alloc(len + 1);
if (*end)
len++;
*pcount = len;
if (retString == NULL)
return NULL;
if (NSSUTIL_ArgIsQuote(*string))
string++;
for (; string < end; string++) {
if (NSSUTIL_ArgIsEscape(*string) && !lastEscape) {
lastEscape = PR_TRUE;
continue;
}
lastEscape = PR_FALSE;
*copyString++ = *string;
}
*copyString = 0;
return retString;
}
/*
* point to the next parameter in string
*/
const char *
NSSUTIL_ArgSkipParameter(const char *string)
{
const char *end;
/* look for the end of the <name>= */
for (; *string; string++) {
if (*string == '=') {
string++;
break;
}
if (NSSUTIL_ArgIsBlank(*string))
return (string);
}
end = NSSUTIL_ArgFindEnd(string);
if (*end)
end++;
return end;
}
/*
* get the value from that tag value pair.
*/
char *
NSSUTIL_ArgGetParamValue(const char *paramName, const char *parameters)
{
char searchValue[256];
size_t paramLen = strlen(paramName);
char *returnValue = NULL;
int next;
if ((parameters == NULL) || (*parameters == 0))
return NULL;
PORT_Assert(paramLen + 2 < sizeof(searchValue));
PORT_Strcpy(searchValue, paramName);
PORT_Strcat(searchValue, "=");
while (*parameters) {
if (PORT_Strncasecmp(parameters, searchValue, paramLen + 1) == 0) {
parameters += paramLen + 1;
returnValue = NSSUTIL_ArgFetchValue(parameters, &next);
break;
} else {
parameters = NSSUTIL_ArgSkipParameter(parameters);
}
parameters = NSSUTIL_ArgStrip(parameters);
}
return returnValue;
}
/*
* find the next flag in the parameter list
*/
const char *
NSSUTIL_ArgNextFlag(const char *flags)
{
for (; *flags; flags++) {
if (*flags == ',') {
flags++;
break;
}
}
return flags;
}
/*
* return true if the flag is set in the label parameter.
*/
PRBool
NSSUTIL_ArgHasFlag(const char *label, const char *flag, const char *parameters)
{
char *flags;
const char *index;
int len = strlen(flag);
PRBool found = PR_FALSE;
flags = NSSUTIL_ArgGetParamValue(label, parameters);
if (flags == NULL)
return PR_FALSE;
for (index = flags; *index; index = NSSUTIL_ArgNextFlag(index)) {
if (PORT_Strncasecmp(index, flag, len) == 0) {
found = PR_TRUE;
break;
}
}
PORT_Free(flags);
return found;
}
/*
* decode a number. handle octal (leading '0'), hex (leading '0x') or decimal
*/
long
NSSUTIL_ArgDecodeNumber(const char *num)
{
int radix = 10;
unsigned long value = 0;
long retValue = 0;
int sign = 1;
int digit;
if (num == NULL)
return retValue;
num = NSSUTIL_ArgStrip(num);
if (*num == '-') {
sign = -1;
num++;
}
if (*num == '0') {
radix = 8;
num++;
if ((*num == 'x') || (*num == 'X')) {
radix = 16;
num++;
}
}
for (; *num; num++) {
if (isdigit(*num)) {
digit = *num - '0';
} else if ((*num >= 'a') && (*num <= 'f')) {
digit = *num - 'a' + 10;
} else if ((*num >= 'A') && (*num <= 'F')) {
digit = *num - 'A' + 10;
} else {
break;
}
if (digit >= radix)
break;
value = value * radix + digit;
}
retValue = ((int)value) * sign;
return retValue;
}
/*
* parameters are tag value pairs. This function returns the tag or label (the
* value before the equal size.
*/
char *
NSSUTIL_ArgGetLabel(const char *inString, int *next)
{
char *name = NULL;
const char *string;
int len;
/* look for the end of the <label>= */
for (string = inString; *string; string++) {
if (*string == '=') {
break;
}
if (NSSUTIL_ArgIsBlank(*string))
break;
}
len = string - inString;
*next = len;
if (*string == '=')
(*next) += 1;
if (len > 0) {
name = PORT_Alloc(len + 1);
PORT_Strncpy(name, inString, len);
name[len] = 0;
}
return name;
}
/*
* read an argument at a Long integer
*/
long
NSSUTIL_ArgReadLong(const char *label, const char *params,
long defValue, PRBool *isdefault)
{
char *value;
long retValue;
if (isdefault)
*isdefault = PR_FALSE;
value = NSSUTIL_ArgGetParamValue(label, params);
if (value == NULL) {
if (isdefault)
*isdefault = PR_TRUE;
return defValue;
}
retValue = NSSUTIL_ArgDecodeNumber(value);
if (value)
PORT_Free(value);
return retValue;
}
/*
* prepare a string to be quoted with 'quote' marks. We do that by adding
* appropriate escapes.
*/
static int
nssutil_escapeQuotesSize(const char *string, char quote, PRBool addquotes)
{
int escapes = 0, size = 0;
const char *src;
size = addquotes ? 2 : 0;
for (src = string; *src; src++) {
if ((*src == quote) || (*src == '\\'))
escapes++;
size++;
}
return size + escapes + 1;
}
static char *
nssutil_escapeQuotes(const char *string, char quote, PRBool addquotes)
{
char *newString = 0;
int size = 0;
const char *src;
char *dest;
size = nssutil_escapeQuotesSize(string, quote, addquotes);
dest = newString = PORT_ZAlloc(size);
if (newString == NULL) {
return NULL;
}
if (addquotes)
*dest++ = quote;
for (src = string; *src; src++, dest++) {
if ((*src == '\\') || (*src == quote)) {
*dest++ = '\\';
}
*dest = *src;
}
if (addquotes)
*dest = quote;
return newString;
}
int
NSSUTIL_EscapeSize(const char *string, char quote)
{
return nssutil_escapeQuotesSize(string, quote, PR_FALSE);
}
char *
NSSUTIL_Escape(const char *string, char quote)
{
return nssutil_escapeQuotes(string, quote, PR_FALSE);
}
int
NSSUTIL_QuoteSize(const char *string, char quote)
{
return nssutil_escapeQuotesSize(string, quote, PR_TRUE);
}
char *
NSSUTIL_Quote(const char *string, char quote)
{
return nssutil_escapeQuotes(string, quote, PR_TRUE);
}
int
NSSUTIL_DoubleEscapeSize(const char *string, char quote1, char quote2)
{
int escapes = 0, size = 0;
const char *src;
for (src = string; *src; src++) {
if (*src == '\\')
escapes += 3; /* \\\\ */
if (*src == quote1)
escapes += 2; /* \\quote1 */
if (*src == quote2)
escapes++; /* \quote2 */
size++;
}
return escapes + size + 1;
}
char *
NSSUTIL_DoubleEscape(const char *string, char quote1, char quote2)
{
char *round1 = NULL;
char *retValue = NULL;
if (string == NULL) {
goto done;
}
round1 = nssutil_escapeQuotes(string, quote1, PR_FALSE);
if (round1) {
retValue = nssutil_escapeQuotes(round1, quote2, PR_FALSE);
PORT_Free(round1);
}
done:
if (retValue == NULL) {
retValue = PORT_Strdup("");
}
return retValue;
}
/************************************************************************
* These functions are used in contructing strings.
* NOTE: they will always return a string, but sometimes it will return
* a specific NULL string. These strings must be freed with util_freePair.
*/
/* string to return on error... */
static char *nssutil_nullString = "";
static char *
nssutil_formatValue(PLArenaPool *arena, char *value, char quote)
{
char *vp, *vp2, *retval;
int size = 0, escapes = 0;
for (vp = value; *vp; vp++) {
if ((*vp == quote) || (*vp == NSSUTIL_ARG_ESCAPE))
escapes++;
size++;
}
if (arena) {
retval = PORT_ArenaZAlloc(arena, size + escapes + 1);
} else {
retval = PORT_ZAlloc(size + escapes + 1);
}
if (retval == NULL)
return NULL;
vp2 = retval;
for (vp = value; *vp; vp++) {
if ((*vp == quote) || (*vp == NSSUTIL_ARG_ESCAPE))
*vp2++ = NSSUTIL_ARG_ESCAPE;
*vp2++ = *vp;
}
return retval;
}
static PRBool
nssutil_argHasChar(char *v, char c)
{
for (; *v; v++) {
if (*v == c)
return PR_TRUE;
}
return PR_FALSE;
}
static PRBool
nssutil_argHasBlanks(char *v)
{
for (; *v; v++) {
if (NSSUTIL_ArgIsBlank(*v))
return PR_TRUE;
}
return PR_FALSE;
}
static char *
nssutil_formatPair(char *name, char *value, char quote)
{
char openQuote = quote;
char closeQuote = NSSUTIL_ArgGetPair(quote);
char *newValue = NULL;
char *returnValue;
PRBool need_quote = PR_FALSE;
if (!value || (*value == 0))
return nssutil_nullString;
if (nssutil_argHasBlanks(value) || NSSUTIL_ArgIsQuote(value[0]))
need_quote = PR_TRUE;
if ((need_quote && nssutil_argHasChar(value, closeQuote)) || nssutil_argHasChar(value, NSSUTIL_ARG_ESCAPE)) {
value = newValue = nssutil_formatValue(NULL, value, quote);
if (newValue == NULL)
return nssutil_nullString;
}
if (need_quote) {
returnValue = PR_smprintf("%s=%c%s%c", name, openQuote, value, closeQuote);
} else {
returnValue = PR_smprintf("%s=%s", name, value);
}
if (returnValue == NULL)
returnValue = nssutil_nullString;
if (newValue)
PORT_Free(newValue);
return returnValue;
}
static char *
nssutil_formatIntPair(char *name, unsigned long value,
unsigned long def)
{
char *returnValue;
if (value == def)
return nssutil_nullString;
returnValue = PR_smprintf("%s=%d", name, value);
return returnValue;
}
static void
nssutil_freePair(char *pair)
{
if (pair && pair != nssutil_nullString) {
PR_smprintf_free(pair);
}
}
/************************************************************************
* Parse the Slot specific parameters in the NSS params.
*/
struct nssutilArgSlotFlagTable {
char *name;
int len;
unsigned long value;
};
#define NSSUTIL_ARG_ENTRY(arg, flag) \
{ \
#arg, sizeof(#arg) - 1, flag \
}
static struct nssutilArgSlotFlagTable nssutil_argSlotFlagTable[] = {
NSSUTIL_ARG_ENTRY(RSA, SECMOD_RSA_FLAG),
NSSUTIL_ARG_ENTRY(ECC, SECMOD_ECC_FLAG),
NSSUTIL_ARG_ENTRY(DSA, SECMOD_RSA_FLAG),
NSSUTIL_ARG_ENTRY(RC2, SECMOD_RC4_FLAG),
NSSUTIL_ARG_ENTRY(RC4, SECMOD_RC2_FLAG),
NSSUTIL_ARG_ENTRY(DES, SECMOD_DES_FLAG),
NSSUTIL_ARG_ENTRY(DH, SECMOD_DH_FLAG),
NSSUTIL_ARG_ENTRY(FORTEZZA, SECMOD_FORTEZZA_FLAG),
NSSUTIL_ARG_ENTRY(RC5, SECMOD_RC5_FLAG),
NSSUTIL_ARG_ENTRY(SHA1, SECMOD_SHA1_FLAG),
NSSUTIL_ARG_ENTRY(SHA256, SECMOD_SHA256_FLAG),
NSSUTIL_ARG_ENTRY(SHA512, SECMOD_SHA512_FLAG),
NSSUTIL_ARG_ENTRY(MD5, SECMOD_MD5_FLAG),
NSSUTIL_ARG_ENTRY(MD2, SECMOD_MD2_FLAG),
NSSUTIL_ARG_ENTRY(SSL, SECMOD_SSL_FLAG),
NSSUTIL_ARG_ENTRY(TLS, SECMOD_TLS_FLAG),
NSSUTIL_ARG_ENTRY(AES, SECMOD_AES_FLAG),
NSSUTIL_ARG_ENTRY(Camellia, SECMOD_CAMELLIA_FLAG),
NSSUTIL_ARG_ENTRY(SEED, SECMOD_SEED_FLAG),
NSSUTIL_ARG_ENTRY(PublicCerts, SECMOD_FRIENDLY_FLAG),
NSSUTIL_ARG_ENTRY(RANDOM, SECMOD_RANDOM_FLAG),
NSSUTIL_ARG_ENTRY(Disable, SECMOD_DISABLE_FLAG),
};
static int nssutil_argSlotFlagTableSize =
sizeof(nssutil_argSlotFlagTable) / sizeof(nssutil_argSlotFlagTable[0]);
/* turn the slot flags into a bit mask */
unsigned long
NSSUTIL_ArgParseSlotFlags(const char *label, const char *params)
{
char *flags;
const char *index;
unsigned long retValue = 0;
int i;
PRBool all = PR_FALSE;
flags = NSSUTIL_ArgGetParamValue(label, params);
if (flags == NULL)
return 0;
if (PORT_Strcasecmp(flags, "all") == 0)
all = PR_TRUE;
for (index = flags; *index; index = NSSUTIL_ArgNextFlag(index)) {
for (i = 0; i < nssutil_argSlotFlagTableSize; i++) {
if (all ||
(PORT_Strncasecmp(index, nssutil_argSlotFlagTable[i].name,
nssutil_argSlotFlagTable[i].len) == 0)) {
retValue |= nssutil_argSlotFlagTable[i].value;
}
}
}
PORT_Free(flags);
return retValue;
}
/* parse a single slot specific parameter */
static void
nssutil_argDecodeSingleSlotInfo(char *name, char *params,
struct NSSUTILPreSlotInfoStr *slotInfo)
{
char *askpw;
slotInfo->slotID = NSSUTIL_ArgDecodeNumber(name);
slotInfo->defaultFlags = NSSUTIL_ArgParseSlotFlags("slotFlags", params);
slotInfo->timeout = NSSUTIL_ArgReadLong("timeout", params, 0, NULL);
askpw = NSSUTIL_ArgGetParamValue("askpw", params);
slotInfo->askpw = 0;
if (askpw) {
if (PORT_Strcasecmp(askpw, "every") == 0) {
slotInfo->askpw = -1;
} else if (PORT_Strcasecmp(askpw, "timeout") == 0) {
slotInfo->askpw = 1;
}
PORT_Free(askpw);
slotInfo->defaultFlags |= PK11_OWN_PW_DEFAULTS;
}
slotInfo->hasRootCerts = NSSUTIL_ArgHasFlag("rootFlags", "hasRootCerts",
params);
slotInfo->hasRootTrust = NSSUTIL_ArgHasFlag("rootFlags", "hasRootTrust",
params);
}
/* parse all the slot specific parameters. */
struct NSSUTILPreSlotInfoStr *
NSSUTIL_ArgParseSlotInfo(PLArenaPool *arena, const char *slotParams,
int *retCount)
{
const char *slotIndex;
struct NSSUTILPreSlotInfoStr *slotInfo = NULL;
int i = 0, count = 0, next;
*retCount = 0;
if ((slotParams == NULL) || (*slotParams == 0))
return NULL;
/* first count the number of slots */
for (slotIndex = NSSUTIL_ArgStrip(slotParams); *slotIndex;
slotIndex = NSSUTIL_ArgStrip(NSSUTIL_ArgSkipParameter(slotIndex))) {
count++;
}
/* get the data structures */
if (arena) {
slotInfo = PORT_ArenaZNewArray(arena,
struct NSSUTILPreSlotInfoStr, count);
} else {
slotInfo = PORT_ZNewArray(struct NSSUTILPreSlotInfoStr, count);
}
if (slotInfo == NULL)
return NULL;
for (slotIndex = NSSUTIL_ArgStrip(slotParams), i = 0;
*slotIndex && i < count;) {
char *name;
name = NSSUTIL_ArgGetLabel(slotIndex, &next);
slotIndex += next;
if (!NSSUTIL_ArgIsBlank(*slotIndex)) {
char *args = NSSUTIL_ArgFetchValue(slotIndex, &next);
slotIndex += next;
if (args) {
nssutil_argDecodeSingleSlotInfo(name, args, &slotInfo[i]);
i++;
PORT_Free(args);
}
}
if (name)
PORT_Free(name);
slotIndex = NSSUTIL_ArgStrip(slotIndex);
}
*retCount = i;
return slotInfo;
}
/************************************************************************
* make a new slot specific parameter
*/
/* first make the slot flags */
static char *
nssutil_mkSlotFlags(unsigned long defaultFlags)
{
char *flags = NULL;
unsigned int i;
int j;
for (i = 0; i < sizeof(defaultFlags) * 8; i++) {
if (defaultFlags & (1UL << i)) {
char *string = NULL;
for (j = 0; j < nssutil_argSlotFlagTableSize; j++) {
if (nssutil_argSlotFlagTable[j].value == (1UL << i)) {
string = nssutil_argSlotFlagTable[j].name;
break;
}
}
if (string) {
if (flags) {
char *tmp;
tmp = PR_smprintf("%s,%s", flags, string);
PR_smprintf_free(flags);
flags = tmp;
} else {
flags = PR_smprintf("%s", string);
}
}
}
}
return flags;
}
/* now make the root flags */
#define NSSUTIL_MAX_ROOT_FLAG_SIZE sizeof("hasRootCerts") + sizeof("hasRootTrust")
static char *
nssutil_mkRootFlags(PRBool hasRootCerts, PRBool hasRootTrust)
{
char *flags = (char *)PORT_ZAlloc(NSSUTIL_MAX_ROOT_FLAG_SIZE);
PRBool first = PR_TRUE;
PORT_Memset(flags, 0, NSSUTIL_MAX_ROOT_FLAG_SIZE);
if (hasRootCerts) {
PORT_Strcat(flags, "hasRootCerts");
first = PR_FALSE;
}
if (hasRootTrust) {
if (!first)
PORT_Strcat(flags, ",");
PORT_Strcat(flags, "hasRootTrust");
}
return flags;
}
/* now make a full slot string */
char *
NSSUTIL_MkSlotString(unsigned long slotID, unsigned long defaultFlags,
unsigned long timeout, unsigned char askpw_in,
PRBool hasRootCerts, PRBool hasRootTrust)
{
char *askpw, *flags, *rootFlags, *slotString;
char *flagPair, *rootFlagsPair;
switch (askpw_in) {
case 0xff:
askpw = "every";
break;
case 1:
askpw = "timeout";
break;
default:
askpw = "any";
break;
}
flags = nssutil_mkSlotFlags(defaultFlags);
rootFlags = nssutil_mkRootFlags(hasRootCerts, hasRootTrust);
flagPair = nssutil_formatPair("slotFlags", flags, '\'');
rootFlagsPair = nssutil_formatPair("rootFlags", rootFlags, '\'');
if (flags)
PR_smprintf_free(flags);
if (rootFlags)
PORT_Free(rootFlags);
if (defaultFlags & PK11_OWN_PW_DEFAULTS) {
slotString = PR_smprintf("0x%08lx=[%s askpw=%s timeout=%d %s]",
(PRUint32)slotID, flagPair, askpw, timeout,
rootFlagsPair);
} else {
slotString = PR_smprintf("0x%08lx=[%s %s]",
(PRUint32)slotID, flagPair, rootFlagsPair);
}
nssutil_freePair(flagPair);
nssutil_freePair(rootFlagsPair);
return slotString;
}
/************************************************************************
* Parse Full module specs into: library, commonName, module parameters,
* and NSS specifi parameters.
*/
SECStatus
NSSUTIL_ArgParseModuleSpecEx(const char *modulespec, char **lib, char **mod,
char **parameters, char **nss,
char **config)
{
int next;
modulespec = NSSUTIL_ArgStrip(modulespec);
*lib = *mod = *parameters = *nss = *config = 0;
while (*modulespec) {
NSSUTIL_HANDLE_STRING_ARG(modulespec, *lib, "library=", ;)
NSSUTIL_HANDLE_STRING_ARG(modulespec, *mod, "name=", ;)
NSSUTIL_HANDLE_STRING_ARG(modulespec, *parameters, "parameters=", ;)
NSSUTIL_HANDLE_STRING_ARG(modulespec, *nss, "nss=", ;)
NSSUTIL_HANDLE_STRING_ARG(modulespec, *config, "config=", ;)
NSSUTIL_HANDLE_FINAL_ARG(modulespec)
}
return SECSuccess;
}
/************************************************************************
* Parse Full module specs into: library, commonName, module parameters,
* and NSS specifi parameters.
*/
SECStatus
NSSUTIL_ArgParseModuleSpec(const char *modulespec, char **lib, char **mod,
char **parameters, char **nss)
{
int next;
modulespec = NSSUTIL_ArgStrip(modulespec);
*lib = *mod = *parameters = *nss = 0;
while (*modulespec) {
NSSUTIL_HANDLE_STRING_ARG(modulespec, *lib, "library=", ;)
NSSUTIL_HANDLE_STRING_ARG(modulespec, *mod, "name=", ;)
NSSUTIL_HANDLE_STRING_ARG(modulespec, *parameters, "parameters=", ;)
NSSUTIL_HANDLE_STRING_ARG(modulespec, *nss, "nss=", ;)
NSSUTIL_HANDLE_FINAL_ARG(modulespec)
}
return SECSuccess;
}
/************************************************************************
* make a new module spec from it's components */
char *
NSSUTIL_MkModuleSpecEx(char *dllName, char *commonName, char *parameters,
char *NSS,
char *config)
{
char *moduleSpec;
char *lib, *name, *param, *nss, *conf;
/*
* now the final spec
*/
lib = nssutil_formatPair("library", dllName, '\"');
name = nssutil_formatPair("name", commonName, '\"');
param = nssutil_formatPair("parameters", parameters, '\"');
nss = nssutil_formatPair("NSS", NSS, '\"');
if (config) {
conf = nssutil_formatPair("config", config, '\"');
moduleSpec = PR_smprintf("%s %s %s %s %s", lib, name, param, nss, conf);
nssutil_freePair(conf);
} else {
moduleSpec = PR_smprintf("%s %s %s %s", lib, name, param, nss);
}
nssutil_freePair(lib);
nssutil_freePair(name);
nssutil_freePair(param);
nssutil_freePair(nss);
return (moduleSpec);
}
/************************************************************************
* make a new module spec from it's components */
char *
NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters,
char *NSS)
{
return NSSUTIL_MkModuleSpecEx(dllName, commonName, parameters, NSS, NULL);
}
/************************************************************************
* add a single flag to the Flags= section inside the spec's NSS= section */
char *
NSSUTIL_AddNSSFlagToModuleSpec(char *spec, char *addFlag)
{
const char *prefix = "flags=";
const size_t prefixLen = strlen(prefix);
char *lib = NULL, *name = NULL, *param = NULL, *nss = NULL, *conf = NULL;
char *nss2 = NULL, *result = NULL;
SECStatus rv;
rv = NSSUTIL_ArgParseModuleSpecEx(spec, &lib, &name, ¶m, &nss, &conf);
if (rv != SECSuccess) {
return NULL;
}
if (nss && NSSUTIL_ArgHasFlag("flags", addFlag, nss)) {
/* It's already there, nothing to do! */
PORT_Free(lib);
PORT_Free(name);
PORT_Free(param);
PORT_Free(nss);
PORT_Free(conf);
return PORT_Strdup(spec);
}
if (!nss || !strlen(nss)) {
nss2 = PORT_Alloc(prefixLen + strlen(addFlag) + 1);
PORT_Strcpy(nss2, prefix);
PORT_Strcat(nss2, addFlag);
} else {
const char *iNss = nss;
PRBool alreadyAdded = PR_FALSE;
size_t maxSize = strlen(nss) + strlen(addFlag) + prefixLen + 2; /* space and null terminator */
nss2 = PORT_Alloc(maxSize);
*nss2 = 0;
while (*iNss) {
iNss = NSSUTIL_ArgStrip(iNss);
if (PORT_Strncasecmp(iNss, prefix, prefixLen) == 0) {
/* We found an existing Flags= section. */
char *oldFlags;
const char *valPtr;
int valSize;
valPtr = iNss + prefixLen;
oldFlags = NSSUTIL_ArgFetchValue(valPtr, &valSize);
iNss = valPtr + valSize;
PORT_Strcat(nss2, prefix);
PORT_Strcat(nss2, oldFlags);
PORT_Strcat(nss2, ",");
PORT_Strcat(nss2, addFlag);
PORT_Strcat(nss2, " ");
PORT_Free(oldFlags);
alreadyAdded = PR_TRUE;
iNss = NSSUTIL_ArgStrip(iNss);
PORT_Strcat(nss2, iNss); /* remainder of input */
break;
} else {
/* Append this other name=value pair and continue. */
const char *startOfNext = NSSUTIL_ArgSkipParameter(iNss);
PORT_Strncat(nss2, iNss, (startOfNext - iNss));
if (nss2[strlen(nss2) - 1] != ' ') {
PORT_Strcat(nss2, " ");
}
iNss = startOfNext;
}
iNss = NSSUTIL_ArgStrip(iNss);
}
if (!alreadyAdded) {
/* nss wasn't empty, and it didn't contain a Flags section. We can
* assume that other content from nss has already been added to
* nss2, which means we already have a trailing space separator. */
PORT_Strcat(nss2, prefix);
PORT_Strcat(nss2, addFlag);
}
}
result = NSSUTIL_MkModuleSpecEx(lib, name, param, nss2, conf);
PORT_Free(lib);
PORT_Free(name);
PORT_Free(param);
PORT_Free(nss);
PORT_Free(nss2);
PORT_Free(conf);
return result;
}
#define NSSUTIL_ARG_FORTEZZA_FLAG "FORTEZZA"
/******************************************************************************
* Parse the cipher flags from the NSS parameter
*/
void
NSSUTIL_ArgParseCipherFlags(unsigned long *newCiphers, const char *cipherList)
{
newCiphers[0] = newCiphers[1] = 0;
if ((cipherList == NULL) || (*cipherList == 0))
return;
for (; *cipherList; cipherList = NSSUTIL_ArgNextFlag(cipherList)) {
if (PORT_Strncasecmp(cipherList, NSSUTIL_ARG_FORTEZZA_FLAG,
sizeof(NSSUTIL_ARG_FORTEZZA_FLAG) - 1) == 0) {
newCiphers[0] |= SECMOD_FORTEZZA_FLAG;
}
/* add additional flags here as necessary */
/* direct bit mapping escape */
if (*cipherList == 0) {
if (cipherList[1] == 'l') {
newCiphers[1] |= atoi(&cipherList[2]);
} else {
newCiphers[0] |= atoi(&cipherList[2]);
}
}
}
}
/*********************************************************************
* make NSS parameter...
*/
/* First make NSS specific flags */
#define MAX_FLAG_SIZE sizeof("internal") + sizeof("FIPS") + sizeof("moduleDB") + \
sizeof("moduleDBOnly") + sizeof("critical")
static char *
nssutil_mkNSSFlags(PRBool internal, PRBool isFIPS,
PRBool isModuleDB, PRBool isModuleDBOnly, PRBool isCritical)
{
char *flags = (char *)PORT_ZAlloc(MAX_FLAG_SIZE);
PRBool first = PR_TRUE;
PORT_Memset(flags, 0, MAX_FLAG_SIZE);
if (internal) {
PORT_Strcat(flags, "internal");
first = PR_FALSE;
}
if (isFIPS) {
if (!first)
PORT_Strcat(flags, ",");
PORT_Strcat(flags, "FIPS");
first = PR_FALSE;
}
if (isModuleDB) {
if (!first)
PORT_Strcat(flags, ",");
PORT_Strcat(flags, "moduleDB");
first = PR_FALSE;
}
if (isModuleDBOnly) {
if (!first)
PORT_Strcat(flags, ",");
PORT_Strcat(flags, "moduleDBOnly");
first = PR_FALSE;
}
if (isCritical) {
if (!first)
PORT_Strcat(flags, ",");
PORT_Strcat(flags, "critical");
}
return flags;
}
/* construct the NSS cipher flags */
static char *
nssutil_mkCipherFlags(unsigned long ssl0, unsigned long ssl1)
{
char *cipher = NULL;
unsigned int i;
for (i = 0; i < sizeof(ssl0) * 8; i++) {
if (ssl0 & (1UL << i)) {
char *string;
if ((1UL << i) == SECMOD_FORTEZZA_FLAG) {
string = PR_smprintf("%s", NSSUTIL_ARG_FORTEZZA_FLAG);
} else {
string = PR_smprintf("0h0x%08lx", 1UL << i);
}
if (cipher) {
char *tmp;
tmp = PR_smprintf("%s,%s", cipher, string);
PR_smprintf_free(cipher);
PR_smprintf_free(string);
cipher = tmp;
} else {
cipher = string;
}
}
}
for (i = 0; i < sizeof(ssl0) * 8; i++) {
if (ssl1 & (1UL << i)) {
if (cipher) {
char *tmp;
tmp = PR_smprintf("%s,0l0x%08lx", cipher, 1UL << i);
PR_smprintf_free(cipher);
cipher = tmp;
} else {
cipher = PR_smprintf("0l0x%08lx", 1UL << i);
}
}
}
return cipher;
}
/* Assemble a full NSS string. */
char *
NSSUTIL_MkNSSString(char **slotStrings, int slotCount, PRBool internal,
PRBool isFIPS, PRBool isModuleDB, PRBool isModuleDBOnly,
PRBool isCritical, unsigned long trustOrder,
unsigned long cipherOrder, unsigned long ssl0, unsigned long ssl1)
{
int slotLen, i;
char *slotParams, *ciphers, *nss, *nssFlags;
const char *tmp;
char *trustOrderPair, *cipherOrderPair, *slotPair, *cipherPair, *flagPair;
/* now let's build up the string
* first the slot infos
*/
slotLen = 0;
for (i = 0; i < (int)slotCount; i++) {
slotLen += PORT_Strlen(slotStrings[i]) + 1;
}
slotLen += 1; /* space for the final NULL */
slotParams = (char *)PORT_ZAlloc(slotLen);
PORT_Memset(slotParams, 0, slotLen);
for (i = 0; i < (int)slotCount; i++) {
PORT_Strcat(slotParams, slotStrings[i]);
PORT_Strcat(slotParams, " ");
PR_smprintf_free(slotStrings[i]);
slotStrings[i] = NULL;
}
/*
* now the NSS structure
*/
nssFlags = nssutil_mkNSSFlags(internal, isFIPS, isModuleDB, isModuleDBOnly,
isCritical);
/* for now only the internal module is critical */
ciphers = nssutil_mkCipherFlags(ssl0, ssl1);
trustOrderPair = nssutil_formatIntPair("trustOrder", trustOrder,
NSSUTIL_DEFAULT_TRUST_ORDER);
cipherOrderPair = nssutil_formatIntPair("cipherOrder", cipherOrder,
NSSUTIL_DEFAULT_CIPHER_ORDER);
slotPair = nssutil_formatPair("slotParams", slotParams, '{'); /* } */
if (slotParams)
PORT_Free(slotParams);
cipherPair = nssutil_formatPair("ciphers", ciphers, '\'');
if (ciphers)
PR_smprintf_free(ciphers);
flagPair = nssutil_formatPair("Flags", nssFlags, '\'');
if (nssFlags)
PORT_Free(nssFlags);
nss = PR_smprintf("%s %s %s %s %s", trustOrderPair,
cipherOrderPair, slotPair, cipherPair, flagPair);
nssutil_freePair(trustOrderPair);
nssutil_freePair(cipherOrderPair);
nssutil_freePair(slotPair);
nssutil_freePair(cipherPair);
nssutil_freePair(flagPair);
tmp = NSSUTIL_ArgStrip(nss);
if (*tmp == '\0') {
PR_smprintf_free(nss);
nss = NULL;
}
return nss;
}
/*****************************************************************************
*
* Private calls for use by softoken and utilmod.c
*/
#define SQLDB "sql:"
#define EXTERNDB "extern:"
#define LEGACY "dbm:"
#define MULTIACCESS "multiaccess:"
#define SECMOD_DB "secmod.db"
const char *
_NSSUTIL_EvaluateConfigDir(const char *configdir,
NSSDBType *pdbType, char **appName)
{
NSSDBType dbType;
PRBool checkEnvDefaultDB = PR_FALSE;
*appName = NULL;
/* force the default */
dbType = NSS_DB_TYPE_SQL;
if (configdir == NULL) {
checkEnvDefaultDB = PR_TRUE;
} else if (PORT_Strncmp(configdir, MULTIACCESS, sizeof(MULTIACCESS) - 1) == 0) {
char *cdir;
dbType = NSS_DB_TYPE_MULTIACCESS;
*appName = PORT_Strdup(configdir + sizeof(MULTIACCESS) - 1);
if (*appName == NULL) {
return configdir;
}
cdir = *appName;
while (*cdir && *cdir != ':') {
cdir++;
}
if (*cdir == ':') {
*cdir = 0;
cdir++;
}
configdir = cdir;
} else if (PORT_Strncmp(configdir, SQLDB, sizeof(SQLDB) - 1) == 0) {
dbType = NSS_DB_TYPE_SQL;
configdir = configdir + sizeof(SQLDB) - 1;
} else if (PORT_Strncmp(configdir, EXTERNDB, sizeof(EXTERNDB) - 1) == 0) {
dbType = NSS_DB_TYPE_EXTERN;
configdir = configdir + sizeof(EXTERNDB) - 1;
} else if (PORT_Strncmp(configdir, LEGACY, sizeof(LEGACY) - 1) == 0) {
dbType = NSS_DB_TYPE_LEGACY;
configdir = configdir + sizeof(LEGACY) - 1;
} else {
checkEnvDefaultDB = PR_TRUE;
}
/* look up the default from the environment */
if (checkEnvDefaultDB) {
char *defaultType = PR_GetEnvSecure("NSS_DEFAULT_DB_TYPE");
if (defaultType != NULL) {
if (PORT_Strncmp(defaultType, SQLDB, sizeof(SQLDB) - 2) == 0) {
dbType = NSS_DB_TYPE_SQL;
} else if (PORT_Strncmp(defaultType, EXTERNDB, sizeof(EXTERNDB) - 2) == 0) {
dbType = NSS_DB_TYPE_EXTERN;
} else if (PORT_Strncmp(defaultType, LEGACY, sizeof(LEGACY) - 2) == 0) {
dbType = NSS_DB_TYPE_LEGACY;
}
}
}
/* if the caller has already set a type, don't change it */
if (*pdbType == NSS_DB_TYPE_NONE) {
*pdbType = dbType;
}
return configdir;
}
char *
_NSSUTIL_GetSecmodName(const char *param, NSSDBType *dbType, char **appName,
char **filename, PRBool *rw)
{
int next;
char *configdir = NULL;
char *secmodName = NULL;
char *value = NULL;
const char *save_params = param;
const char *lconfigdir;
PRBool noModDB = PR_FALSE;
param = NSSUTIL_ArgStrip(param);
while (*param) {
NSSUTIL_HANDLE_STRING_ARG(param, configdir, "configDir=", ;)
NSSUTIL_HANDLE_STRING_ARG(param, secmodName, "secmod=", ;)
NSSUTIL_HANDLE_FINAL_ARG(param)
}
*rw = PR_TRUE;
if (NSSUTIL_ArgHasFlag("flags", "readOnly", save_params)) {
*rw = PR_FALSE;
}
if (!secmodName || *secmodName == '\0') {
if (secmodName)
PORT_Free(secmodName);
secmodName = PORT_Strdup(SECMOD_DB);
}
*filename = secmodName;
lconfigdir = _NSSUTIL_EvaluateConfigDir(configdir, dbType, appName);
if (NSSUTIL_ArgHasFlag("flags", "noModDB", save_params)) {
/* there isn't a module db, don't load the legacy support */
noModDB = PR_TRUE;
*dbType = NSS_DB_TYPE_SQL;
PORT_Free(*filename);
*filename = NULL;
*rw = PR_FALSE;
}
/* only use the renamed secmod for legacy databases */
if ((*dbType != NSS_DB_TYPE_LEGACY) &&
(*dbType != NSS_DB_TYPE_MULTIACCESS) &&
!NSSUTIL_ArgHasFlag("flags", "forceSecmodChoice", save_params)) {
secmodName = "pkcs11.txt";
}
if (noModDB) {
value = NULL;
} else if (lconfigdir && lconfigdir[0] != '\0') {
value = PR_smprintf("%s" NSSUTIL_PATH_SEPARATOR "%s",
lconfigdir, secmodName);
} else {
value = PR_smprintf("%s", secmodName);
}
if (configdir)
PORT_Free(configdir);
return value;
}