| Index: mozilla/security/nss/lib/util/utilpars.c
|
| ===================================================================
|
| --- mozilla/security/nss/lib/util/utilpars.c (revision 166571)
|
| +++ mozilla/security/nss/lib/util/utilpars.c (working copy)
|
| @@ -1,83 +1,21 @@
|
| /* This Source Code Form is subject to the terms of the Mozilla Public
|
| * License, v. 2.0. If a copy of the MPL was not distributed with this
|
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
| -/*
|
| - * The following handles the loading, unloading and management of
|
| - * various PCKS #11 modules
|
| +/*
|
| + * The following code handles the storage of PKCS 11 modules used by the
|
| + * NSS. This file is written to abstract away how the modules are
|
| + * stored so we can decide that later.
|
| */
|
| +#include "secport.h"
|
| +#include "prprf.h"
|
| +#include "prenv.h"
|
| +#include "utilpars.h"
|
| +#include "utilmodt.h"
|
|
|
| -
|
| /*
|
| - * this header file contains routines for parsing PKCS #11 module spec
|
| - * strings. It contains 'C' code and should only be included in one module.
|
| - * Currently it is included in both softoken and the wrapper.
|
| + * return the expected matching quote value for the one specified
|
| */
|
| -#include <ctype.h>
|
| -#include "pkcs11.h"
|
| -#include "seccomon.h"
|
| -#include "prprf.h"
|
| -#include "secmodt.h"
|
| -#include "pk11init.h"
|
| -
|
| -#define SECMOD_ARG_LIBRARY_PARAMETER "library="
|
| -#define SECMOD_ARG_NAME_PARAMETER "name="
|
| -#define SECMOD_ARG_MODULE_PARAMETER "parameters="
|
| -#define SECMOD_ARG_NSS_PARAMETER "NSS="
|
| -#define SECMOD_ARG_FORTEZZA_FLAG "FORTEZZA"
|
| -#define SECMOD_ARG_ESCAPE '\\'
|
| -
|
| -struct secmodargSlotFlagTable {
|
| - char *name;
|
| - int len;
|
| - unsigned long value;
|
| -};
|
| -
|
| -#define SECMOD_DEFAULT_CIPHER_ORDER 0
|
| -#define SECMOD_DEFAULT_TRUST_ORDER 50
|
| -
|
| -
|
| -#define SECMOD_ARG_ENTRY(arg,flag) \
|
| -{ #arg , sizeof(#arg)-1, flag }
|
| -static struct secmodargSlotFlagTable secmod_argSlotFlagTable[] = {
|
| - SECMOD_ARG_ENTRY(RSA,SECMOD_RSA_FLAG),
|
| - SECMOD_ARG_ENTRY(DSA,SECMOD_RSA_FLAG),
|
| - SECMOD_ARG_ENTRY(RC2,SECMOD_RC4_FLAG),
|
| - SECMOD_ARG_ENTRY(RC4,SECMOD_RC2_FLAG),
|
| - SECMOD_ARG_ENTRY(DES,SECMOD_DES_FLAG),
|
| - SECMOD_ARG_ENTRY(DH,SECMOD_DH_FLAG),
|
| - SECMOD_ARG_ENTRY(FORTEZZA,SECMOD_FORTEZZA_FLAG),
|
| - SECMOD_ARG_ENTRY(RC5,SECMOD_RC5_FLAG),
|
| - SECMOD_ARG_ENTRY(SHA1,SECMOD_SHA1_FLAG),
|
| - SECMOD_ARG_ENTRY(MD5,SECMOD_MD5_FLAG),
|
| - SECMOD_ARG_ENTRY(MD2,SECMOD_MD2_FLAG),
|
| - SECMOD_ARG_ENTRY(SSL,SECMOD_SSL_FLAG),
|
| - SECMOD_ARG_ENTRY(TLS,SECMOD_TLS_FLAG),
|
| - SECMOD_ARG_ENTRY(AES,SECMOD_AES_FLAG),
|
| - SECMOD_ARG_ENTRY(Camellia,SECMOD_CAMELLIA_FLAG),
|
| - SECMOD_ARG_ENTRY(SEED,SECMOD_SEED_FLAG),
|
| - SECMOD_ARG_ENTRY(PublicCerts,SECMOD_FRIENDLY_FLAG),
|
| - SECMOD_ARG_ENTRY(RANDOM,SECMOD_RANDOM_FLAG),
|
| - SECMOD_ARG_ENTRY(Disable, PK11_DISABLE_FLAG),
|
| -};
|
| -
|
| -#define SECMOD_HANDLE_STRING_ARG(param,target,value,command) \
|
| - if (PORT_Strncasecmp(param,value,sizeof(value)-1) == 0) { \
|
| - param += sizeof(value)-1; \
|
| - if (target) PORT_Free(target); \
|
| - target = secmod_argFetchValue(param,&next); \
|
| - param += next; \
|
| - command ;\
|
| - } else
|
| -
|
| -#define SECMOD_HANDLE_FINAL_ARG(param) \
|
| - { param = secmod_argSkipParameter(param); } param = secmod_argStrip(param);
|
| -
|
| -
|
| -static int secmod_argSlotFlagTableSize =
|
| - sizeof(secmod_argSlotFlagTable)/sizeof(secmod_argSlotFlagTable[0]);
|
| -
|
| -
|
| -static PRBool secmod_argGetPair(char c) {
|
| +PRBool NSSUTIL_ArgGetPair(char c) {
|
| switch (c) {
|
| case '\'': return c;
|
| case '\"': return c;
|
| @@ -90,15 +28,15 @@
|
| return ' ';
|
| }
|
|
|
| -static PRBool secmod_argIsBlank(char c) {
|
| +PRBool NSSUTIL_ArgIsBlank(char c) {
|
| return isspace((unsigned char )c);
|
| }
|
|
|
| -static PRBool secmod_argIsEscape(char c) {
|
| +PRBool NSSUTIL_ArgIsEscape(char c) {
|
| return c == '\\';
|
| }
|
|
|
| -static PRBool secmod_argIsQuote(char c) {
|
| +PRBool NSSUTIL_ArgIsQuote(char c) {
|
| switch (c) {
|
| case '\'':
|
| case '\"':
|
| @@ -111,34 +49,22 @@
|
| return PR_FALSE;
|
| }
|
|
|
| -static PRBool secmod_argHasChar(char *v, char c)
|
| -{
|
| - for ( ;*v; v++) {
|
| - if (*v == c) return PR_TRUE;
|
| - }
|
| - return PR_FALSE;
|
| -}
|
| -
|
| -static PRBool secmod_argHasBlanks(char *v)
|
| -{
|
| - for ( ;*v; v++) {
|
| - if (secmod_argIsBlank(*v)) return PR_TRUE;
|
| - }
|
| - return PR_FALSE;
|
| -}
|
| -
|
| -static char *secmod_argStrip(char *c) {
|
| - while (*c && secmod_argIsBlank(*c)) c++;
|
| +char *NSSUTIL_ArgStrip(char *c) {
|
| + while (*c && NSSUTIL_ArgIsBlank(*c)) c++;
|
| return c;
|
| }
|
|
|
| -static char *
|
| -secmod_argFindEnd(char *string) {
|
| +/*
|
| + * find the end of the current tag/value pair. string should be pointing just
|
| + * after the equal sign. Handles quoted characters.
|
| + */
|
| +char *
|
| +NSSUTIL_ArgFindEnd(char *string) {
|
| char endChar = ' ';
|
| PRBool lastEscape = PR_FALSE;
|
|
|
| - if (secmod_argIsQuote(*string)) {
|
| - endChar = secmod_argGetPair(*string);
|
| + if (NSSUTIL_ArgIsQuote(*string)) {
|
| + endChar = NSSUTIL_ArgGetPair(*string);
|
| string++;
|
| }
|
|
|
| @@ -147,11 +73,11 @@
|
| lastEscape = PR_FALSE;
|
| continue;
|
| }
|
| - if (secmod_argIsEscape(*string) && !lastEscape) {
|
| + if (NSSUTIL_ArgIsEscape(*string) && !lastEscape) {
|
| lastEscape = PR_TRUE;
|
| continue;
|
| }
|
| - if ((endChar == ' ') && secmod_argIsBlank(*string)) break;
|
| + if ((endChar == ' ') && NSSUTIL_ArgIsBlank(*string)) break;
|
| if (*string == endChar) {
|
| break;
|
| }
|
| @@ -160,10 +86,14 @@
|
| return string;
|
| }
|
|
|
| -static char *
|
| -secmod_argFetchValue(char *string, int *pcount)
|
| +/*
|
| + * get the value pointed to by string. string should be pointing just beyond
|
| + * the equal sign.
|
| + */
|
| +char *
|
| +NSSUTIL_ArgFetchValue(char *string, int *pcount)
|
| {
|
| - char *end = secmod_argFindEnd(string);
|
| + char *end = NSSUTIL_ArgFindEnd(string);
|
| char *retString, *copyString;
|
| PRBool lastEscape = PR_FALSE;
|
| int len;
|
| @@ -181,9 +111,9 @@
|
| if (retString == NULL) return NULL;
|
|
|
|
|
| - if (secmod_argIsQuote(*string)) string++;
|
| + if (NSSUTIL_ArgIsQuote(*string)) string++;
|
| for (; string < end; string++) {
|
| - if (secmod_argIsEscape(*string) && !lastEscape) {
|
| + if (NSSUTIL_ArgIsEscape(*string) && !lastEscape) {
|
| lastEscape = PR_TRUE;
|
| continue;
|
| }
|
| @@ -194,46 +124,30 @@
|
| return retString;
|
| }
|
|
|
| -static char *
|
| -secmod_argSkipParameter(char *string)
|
| +/*
|
| + * point to the next parameter in string
|
| + */
|
| +char *
|
| +NSSUTIL_ArgSkipParameter(char *string)
|
| {
|
| char *end;
|
| /* look for the end of the <name>= */
|
| for (;*string; string++) {
|
| if (*string == '=') { string++; break; }
|
| - if (secmod_argIsBlank(*string)) return(string);
|
| + if (NSSUTIL_ArgIsBlank(*string)) return(string);
|
| }
|
|
|
| - end = secmod_argFindEnd(string);
|
| + end = NSSUTIL_ArgFindEnd(string);
|
| if (*end) end++;
|
| return end;
|
| }
|
|
|
| -
|
| -static SECStatus
|
| -secmod_argParseModuleSpec(char *modulespec, char **lib, char **mod,
|
| - char **parameters, char **nss)
|
| +/*
|
| + * get the value from that tag value pair.
|
| + */
|
| +char *
|
| +NSSUTIL_ArgGetParamValue(char *paramName,char *parameters)
|
| {
|
| - int next;
|
| - modulespec = secmod_argStrip(modulespec);
|
| -
|
| - *lib = *mod = *parameters = *nss = 0;
|
| -
|
| - while (*modulespec) {
|
| - SECMOD_HANDLE_STRING_ARG(modulespec,*lib,SECMOD_ARG_LIBRARY_PARAMETER,;)
|
| - SECMOD_HANDLE_STRING_ARG(modulespec,*mod,SECMOD_ARG_NAME_PARAMETER,;)
|
| - SECMOD_HANDLE_STRING_ARG(modulespec,*parameters,
|
| - SECMOD_ARG_MODULE_PARAMETER,;)
|
| - SECMOD_HANDLE_STRING_ARG(modulespec,*nss,SECMOD_ARG_NSS_PARAMETER,;)
|
| - SECMOD_HANDLE_FINAL_ARG(modulespec)
|
| - }
|
| - return SECSuccess;
|
| -}
|
| -
|
| -
|
| -static char *
|
| -secmod_argGetParamValue(char *paramName,char *parameters)
|
| -{
|
| char searchValue[256];
|
| int paramLen = strlen(paramName);
|
| char *returnValue = NULL;
|
| @@ -248,19 +162,21 @@
|
| while (*parameters) {
|
| if (PORT_Strncasecmp(parameters,searchValue,paramLen+1) == 0) {
|
| parameters += paramLen+1;
|
| - returnValue = secmod_argFetchValue(parameters,&next);
|
| + returnValue = NSSUTIL_ArgFetchValue(parameters,&next);
|
| break;
|
| } else {
|
| - parameters = secmod_argSkipParameter(parameters);
|
| + parameters = NSSUTIL_ArgSkipParameter(parameters);
|
| }
|
| - parameters = secmod_argStrip(parameters);
|
| + parameters = NSSUTIL_ArgStrip(parameters);
|
| }
|
| return returnValue;
|
| }
|
| -
|
| -
|
| -static char *
|
| -secmod_argNextFlag(char *flags)
|
| +
|
| +/*
|
| + * find the next flag in the parameter list
|
| + */
|
| +char *
|
| +NSSUTIL_ArgNextFlag(char *flags)
|
| {
|
| for (; *flags ; flags++) {
|
| if (*flags == ',') {
|
| @@ -271,17 +187,20 @@
|
| return flags;
|
| }
|
|
|
| -static PRBool
|
| -secmod_argHasFlag(char *label, char *flag, char *parameters)
|
| +/*
|
| + * return true if the flag is set in the label parameter.
|
| + */
|
| +PRBool
|
| +NSSUTIL_ArgHasFlag(char *label, char *flag, char *parameters)
|
| {
|
| char *flags,*index;
|
| int len = strlen(flag);
|
| PRBool found = PR_FALSE;
|
|
|
| - flags = secmod_argGetParamValue(label,parameters);
|
| + flags = NSSUTIL_ArgGetParamValue(label,parameters);
|
| if (flags == NULL) return PR_FALSE;
|
|
|
| - for (index=flags; *index; index=secmod_argNextFlag(index)) {
|
| + for (index=flags; *index; index=NSSUTIL_ArgNextFlag(index)) {
|
| if (PORT_Strncasecmp(index,flag,len) == 0) {
|
| found=PR_TRUE;
|
| break;
|
| @@ -291,36 +210,11 @@
|
| return found;
|
| }
|
|
|
| -static void
|
| -secmod_argSetNewCipherFlags(unsigned long *newCiphers,char *cipherList)
|
| -{
|
| - newCiphers[0] = newCiphers[1] = 0;
|
| - if ((cipherList == NULL) || (*cipherList == 0)) return;
|
| -
|
| - for (;*cipherList; cipherList=secmod_argNextFlag(cipherList)) {
|
| - if (PORT_Strncasecmp(cipherList,SECMOD_ARG_FORTEZZA_FLAG,
|
| - sizeof(SECMOD_ARG_FORTEZZA_FLAG)-1) == 0) {
|
| - newCiphers[0] |= SECMOD_FORTEZZA_FLAG;
|
| - }
|
| -
|
| - /* add additional flags here as necessary */
|
| - /* direct bit mapping escape */
|
| - if (*cipherList == 0) {
|
| - if (cipherList[1] == 'l') {
|
| - newCiphers[1] |= atoi(&cipherList[2]);
|
| - } else {
|
| - newCiphers[0] |= atoi(&cipherList[2]);
|
| - }
|
| - }
|
| - }
|
| -}
|
| -
|
| -
|
| /*
|
| * decode a number. handle octal (leading '0'), hex (leading '0x') or decimal
|
| */
|
| -static long
|
| -secmod_argDecodeNumber(char *num)
|
| +long
|
| +NSSUTIL_ArgDecodeNumber(char *num)
|
| {
|
| int radix = 10;
|
| unsigned long value = 0;
|
| @@ -330,7 +224,7 @@
|
|
|
| if (num == NULL) return retValue;
|
|
|
| - num = secmod_argStrip(num);
|
| + num = NSSUTIL_ArgStrip(num);
|
|
|
| if (*num == '-') {
|
| sign = -1;
|
| @@ -365,163 +259,182 @@
|
| return retValue;
|
| }
|
|
|
| -static long
|
| -secmod_argReadLong(char *label,char *params, long defValue, PRBool *isdefault)
|
| +/*
|
| + * parameters are tag value pairs. This function returns the tag or label (the
|
| + * value before the equal size.
|
| + */
|
| +char *
|
| +NSSUTIL_ArgGetLabel(char *inString, int *next)
|
| {
|
| + char *name=NULL;
|
| + char *string;
|
| + int len;
|
| +
|
| + /* look for the end of the <label>= */
|
| + for (string = inString;*string; string++) {
|
| + if (*string == '=') { break; }
|
| + if (NSSUTIL_ArgIsBlank(*string)) break;
|
| + }
|
| +
|
| + len = string - inString;
|
| +
|
| + *next = len;
|
| + if (*string == '=') (*next) += 1;
|
| + if (len > 0) {
|
| + name = PORT_Alloc(len+1);
|
| + PORT_Strncpy(name,inString,len);
|
| + name[len] = 0;
|
| + }
|
| + return name;
|
| +}
|
| +
|
| +/*
|
| + * read an argument at a Long integer
|
| + */
|
| +long
|
| +NSSUTIL_ArgReadLong(char *label,char *params, long defValue, PRBool *isdefault)
|
| +{
|
| char *value;
|
| long retValue;
|
| if (isdefault) *isdefault = PR_FALSE;
|
|
|
| - value = secmod_argGetParamValue(label,params);
|
| + value = NSSUTIL_ArgGetParamValue(label,params);
|
| if (value == NULL) {
|
| if (isdefault) *isdefault = PR_TRUE;
|
| return defValue;
|
| }
|
| - retValue = secmod_argDecodeNumber(value);
|
| + retValue = NSSUTIL_ArgDecodeNumber(value);
|
| if (value) PORT_Free(value);
|
|
|
| return retValue;
|
| }
|
|
|
|
|
| -static unsigned long
|
| -secmod_argSlotFlags(char *label,char *params)
|
| +/*
|
| + * prepare a string to be quoted with 'quote' marks. We do that by adding
|
| + * appropriate escapes.
|
| + */
|
| +static int
|
| +nssutil_escapeQuotesSize(const char *string, char quote, PRBool addquotes)
|
| {
|
| - char *flags,*index;
|
| - unsigned long retValue = 0;
|
| - int i;
|
| - PRBool all = PR_FALSE;
|
| + int escapes = 0, size = 0;
|
| + const char *src;
|
|
|
| - flags = secmod_argGetParamValue(label,params);
|
| - if (flags == NULL) return 0;
|
| + size= addquotes ? 2 : 0;
|
| + for (src=string; *src ; src++) {
|
| + if ((*src == quote) || (*src == '\\')) escapes++;
|
| + size++;
|
| + }
|
| + return size+escapes+1;
|
|
|
| - if (PORT_Strcasecmp(flags,"all") == 0) all = PR_TRUE;
|
| -
|
| - for (index=flags; *index; index=secmod_argNextFlag(index)) {
|
| - for (i=0; i < secmod_argSlotFlagTableSize; i++) {
|
| - if (all || (PORT_Strncasecmp(index, secmod_argSlotFlagTable[i].name,
|
| - secmod_argSlotFlagTable[i].len) == 0)) {
|
| - retValue |= secmod_argSlotFlagTable[i].value;
|
| - }
|
| - }
|
| - }
|
| - PORT_Free(flags);
|
| - return retValue;
|
| }
|
|
|
| -
|
| -static void
|
| -secmod_argDecodeSingleSlotInfo(char *name, char *params,
|
| - PK11PreSlotInfo *slotInfo)
|
| +static char *
|
| +nssutil_escapeQuotes(const char *string, char quote, PRBool addquotes)
|
| {
|
| - char *askpw;
|
| + char *newString = 0;
|
| + int size = 0;
|
| + const char *src;
|
| + char *dest;
|
|
|
| - slotInfo->slotID=secmod_argDecodeNumber(name);
|
| - slotInfo->defaultFlags=secmod_argSlotFlags("slotFlags",params);
|
| - slotInfo->timeout=secmod_argReadLong("timeout",params, 0, NULL);
|
| + size = nssutil_escapeQuotesSize(string, quote, addquotes);
|
|
|
| - askpw = secmod_argGetParamValue("askpw",params);
|
| - slotInfo->askpw = 0;
|
| + dest = newString = PORT_ZAlloc(size+2);
|
| + if (newString == NULL) {
|
| + return NULL;
|
| + }
|
|
|
| - if (askpw) {
|
| - if (PORT_Strcasecmp(askpw,"every") == 0) {
|
| - slotInfo->askpw = -1;
|
| - } else if (PORT_Strcasecmp(askpw,"timeout") == 0) {
|
| - slotInfo->askpw = 1;
|
| - }
|
| - PORT_Free(askpw);
|
| - slotInfo->defaultFlags |= PK11_OWN_PW_DEFAULTS;
|
| + if (addquotes) *dest++=quote;
|
| + for (src=string; *src; src++,dest++) {
|
| + if ((*src == '\\') || (*src == quote)) {
|
| + *dest++ = '\\';
|
| + }
|
| + *dest = *src;
|
| }
|
| - slotInfo->hasRootCerts = secmod_argHasFlag("rootFlags", "hasRootCerts",
|
| - params);
|
| - slotInfo->hasRootTrust = secmod_argHasFlag("rootFlags", "hasRootTrust",
|
| - params);
|
| + if (addquotes) *dest=quote;
|
| +
|
| + return newString;
|
| }
|
|
|
| -static char *
|
| -secmod_argGetName(char *inString, int *next)
|
| +int
|
| +NSSUTIL_EscapeSize(const char *string, char quote)
|
| {
|
| - char *name=NULL;
|
| - char *string;
|
| - int len;
|
| + return nssutil_escapeQuotesSize(string, quote, PR_FALSE);
|
| +}
|
|
|
| - /* look for the end of the <name>= */
|
| - for (string = inString;*string; string++) {
|
| - if (*string == '=') { break; }
|
| - if (secmod_argIsBlank(*string)) break;
|
| - }
|
| +char *
|
| +NSSUTIL_Escape(const char *string, char quote)
|
| +{
|
| + return nssutil_escapeQuotes(string, quote, PR_FALSE);
|
| +}
|
|
|
| - len = string - inString;
|
|
|
| - *next = len;
|
| - if (*string == '=') (*next) += 1;
|
| - if (len > 0) {
|
| - name = PORT_Alloc(len+1);
|
| - PORT_Strncpy(name,inString,len);
|
| - name[len] = 0;
|
| - }
|
| - return name;
|
| +int
|
| +NSSUTIL_QuoteSize(const char *string, char quote)
|
| +{
|
| + return nssutil_escapeQuotesSize(string, quote, PR_TRUE);
|
| }
|
|
|
| -static PK11PreSlotInfo *
|
| -secmod_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount)
|
| +char *
|
| +NSSUTIL_Quote(const char *string, char quote)
|
| {
|
| - char *slotIndex;
|
| - PK11PreSlotInfo *slotInfo = NULL;
|
| - int i=0,count = 0,next;
|
| + return nssutil_escapeQuotes(string, quote, PR_TRUE);
|
| +}
|
|
|
| - *retCount = 0;
|
| - if ((slotParams == NULL) || (*slotParams == 0)) return NULL;
|
| -
|
| - /* first count the number of slots */
|
| - for (slotIndex = secmod_argStrip(slotParams); *slotIndex;
|
| - slotIndex = secmod_argStrip(secmod_argSkipParameter(slotIndex))) {
|
| - count++;
|
| +int
|
| +NSSUTIL_DoubleEscapeSize(const char *string, char quote1, char quote2)
|
| +{
|
| + int escapes = 0, size = 0;
|
| + const char *src;
|
| + for (src=string; *src ; src++) {
|
| + if (*src == '\\') escapes+=3; /* \\\\ */
|
| + if (*src == quote1) escapes+=2; /* \\quote1 */
|
| + if (*src == quote2) escapes++; /* \quote2 */
|
| + size++;
|
| }
|
|
|
| - /* get the data structures */
|
| - if (arena) {
|
| - slotInfo = (PK11PreSlotInfo *)
|
| - PORT_ArenaAlloc(arena,count*sizeof(PK11PreSlotInfo));
|
| - PORT_Memset(slotInfo,0,count*sizeof(PK11PreSlotInfo));
|
| - } else {
|
| - slotInfo = (PK11PreSlotInfo *)
|
| - PORT_ZAlloc(count*sizeof(PK11PreSlotInfo));
|
| + return escapes+size+1;
|
| +}
|
| +
|
| +char *
|
| +NSSUTIL_DoubleEscape(const char *string, char quote1, char quote2)
|
| +{
|
| + char *round1 = NULL;
|
| + char *retValue = NULL;
|
| + if (string == NULL) {
|
| + goto done;
|
| }
|
| - if (slotInfo == NULL) return NULL;
|
| + round1 = nssutil_escapeQuotes(string, quote1, PR_FALSE);
|
| + if (round1) {
|
| + retValue = nssutil_escapeQuotes(round1, quote2, PR_FALSE);
|
| + PORT_Free(round1);
|
| + }
|
|
|
| - for (slotIndex = secmod_argStrip(slotParams), i = 0;
|
| - *slotIndex && i < count ; ) {
|
| - char *name;
|
| - name = secmod_argGetName(slotIndex,&next);
|
| - slotIndex += next;
|
| -
|
| - if (!secmod_argIsBlank(*slotIndex)) {
|
| - char *args = secmod_argFetchValue(slotIndex,&next);
|
| - slotIndex += next;
|
| - if (args) {
|
| - secmod_argDecodeSingleSlotInfo(name,args,&slotInfo[i]);
|
| - i++;
|
| - PORT_Free(args);
|
| - }
|
| - }
|
| - if (name) PORT_Free(name);
|
| - slotIndex = secmod_argStrip(slotIndex);
|
| +done:
|
| + if (retValue == NULL) {
|
| + retValue = PORT_Strdup("");
|
| }
|
| - *retCount = i;
|
| - return slotInfo;
|
| + return retValue;
|
| }
|
|
|
| -static char *secmod_nullString = "";
|
|
|
| +/************************************************************************
|
| + * These functions are used in contructing strings.
|
| + * NOTE: they will always return a string, but sometimes it will return
|
| + * a specific NULL string. These strings must be freed with util_freePair.
|
| + */
|
| +
|
| +/* string to return on error... */
|
| +static char *nssutil_nullString = "";
|
| +
|
| static char *
|
| -secmod_formatValue(PRArenaPool *arena, char *value, char quote)
|
| +nssutil_formatValue(PRArenaPool *arena, char *value, char quote)
|
| {
|
| char *vp,*vp2,*retval;
|
| int size = 0, escapes = 0;
|
|
|
| for (vp=value; *vp ;vp++) {
|
| - if ((*vp == quote) || (*vp == SECMOD_ARG_ESCAPE)) escapes++;
|
| + if ((*vp == quote) || (*vp == NSSUTIL_ARG_ESCAPE)) escapes++;
|
| size++;
|
| }
|
| if (arena) {
|
| @@ -532,49 +445,67 @@
|
| if (retval == NULL) return NULL;
|
| vp2 = retval;
|
| for (vp=value; *vp; vp++) {
|
| - if ((*vp == quote) || (*vp == SECMOD_ARG_ESCAPE))
|
| - *vp2++ = SECMOD_ARG_ESCAPE;
|
| + if ((*vp == quote) || (*vp == NSSUTIL_ARG_ESCAPE))
|
| + *vp2++ = NSSUTIL_ARG_ESCAPE;
|
| *vp2++ = *vp;
|
| }
|
| return retval;
|
| }
|
| -
|
| -static char *secmod_formatPair(char *name,char *value, char quote)
|
| +
|
| +
|
| +static PRBool nssutil_argHasChar(char *v, char c)
|
| {
|
| + for ( ;*v; v++) {
|
| + if (*v == c) return PR_TRUE;
|
| + }
|
| + return PR_FALSE;
|
| +}
|
| +
|
| +static PRBool nssutil_argHasBlanks(char *v)
|
| +{
|
| + for ( ;*v; v++) {
|
| + if (NSSUTIL_ArgIsBlank(*v)) return PR_TRUE;
|
| + }
|
| + return PR_FALSE;
|
| +}
|
| +
|
| +static char *
|
| +nssutil_formatPair(char *name, char *value, char quote)
|
| +{
|
| char openQuote = quote;
|
| - char closeQuote = secmod_argGetPair(quote);
|
| + char closeQuote = NSSUTIL_ArgGetPair(quote);
|
| char *newValue = NULL;
|
| char *returnValue;
|
| PRBool need_quote = PR_FALSE;
|
|
|
| - if (!value || (*value == 0)) return secmod_nullString;
|
| + if (!value || (*value == 0)) return nssutil_nullString;
|
|
|
| - if (secmod_argHasBlanks(value) || secmod_argIsQuote(value[0]))
|
| + if (nssutil_argHasBlanks(value) || NSSUTIL_ArgIsQuote(value[0]))
|
| need_quote=PR_TRUE;
|
|
|
| - if ((need_quote && secmod_argHasChar(value,closeQuote))
|
| - || secmod_argHasChar(value,SECMOD_ARG_ESCAPE)) {
|
| - value = newValue = secmod_formatValue(NULL, value,quote);
|
| - if (newValue == NULL) return secmod_nullString;
|
| + if ((need_quote && nssutil_argHasChar(value,closeQuote))
|
| + || nssutil_argHasChar(value,NSSUTIL_ARG_ESCAPE)) {
|
| + value = newValue = nssutil_formatValue(NULL, value,quote);
|
| + if (newValue == NULL) return nssutil_nullString;
|
| }
|
| if (need_quote) {
|
| returnValue = PR_smprintf("%s=%c%s%c",name,openQuote,value,closeQuote);
|
| } else {
|
| returnValue = PR_smprintf("%s=%s",name,value);
|
| }
|
| - if (returnValue == NULL) returnValue = secmod_nullString;
|
| + if (returnValue == NULL) returnValue = nssutil_nullString;
|
|
|
| if (newValue) PORT_Free(newValue);
|
|
|
| return returnValue;
|
| }
|
|
|
| -static char *secmod_formatIntPair(char *name, unsigned long value,
|
| +static char *nssutil_formatIntPair(char *name, unsigned long value,
|
| unsigned long def)
|
| {
|
| char *returnValue;
|
|
|
| - if (value == def) return secmod_nullString;
|
| + if (value == def) return nssutil_nullString;
|
|
|
| returnValue = PR_smprintf("%s=%d",name,value);
|
|
|
| @@ -582,93 +513,163 @@
|
| }
|
|
|
| static void
|
| -secmod_freePair(char *pair)
|
| +nssutil_freePair(char *pair)
|
| {
|
| - if (pair && pair != secmod_nullString) {
|
| + if (pair && pair != nssutil_nullString) {
|
| PR_smprintf_free(pair);
|
| }
|
| }
|
|
|
| -#define MAX_FLAG_SIZE sizeof("internal")+sizeof("FIPS")+sizeof("moduleDB")+\
|
| - sizeof("moduleDBOnly")+sizeof("critical")
|
| -static char *
|
| -secmod_mkNSSFlags(PRBool internal, PRBool isFIPS,
|
| - PRBool isModuleDB, PRBool isModuleDBOnly, PRBool isCritical)
|
| +
|
| +/************************************************************************
|
| + * Parse the Slot specific parameters in the NSS params.
|
| + */
|
| +
|
| +struct nssutilArgSlotFlagTable {
|
| + char *name;
|
| + int len;
|
| + unsigned long value;
|
| +};
|
| +
|
| +#define NSSUTIL_ARG_ENTRY(arg,flag) \
|
| +{ #arg , sizeof(#arg)-1, flag }
|
| +static struct nssutilArgSlotFlagTable nssutil_argSlotFlagTable[] = {
|
| + NSSUTIL_ARG_ENTRY(RSA,SECMOD_RSA_FLAG),
|
| + NSSUTIL_ARG_ENTRY(DSA,SECMOD_RSA_FLAG),
|
| + NSSUTIL_ARG_ENTRY(RC2,SECMOD_RC4_FLAG),
|
| + NSSUTIL_ARG_ENTRY(RC4,SECMOD_RC2_FLAG),
|
| + NSSUTIL_ARG_ENTRY(DES,SECMOD_DES_FLAG),
|
| + NSSUTIL_ARG_ENTRY(DH,SECMOD_DH_FLAG),
|
| + NSSUTIL_ARG_ENTRY(FORTEZZA,SECMOD_FORTEZZA_FLAG),
|
| + NSSUTIL_ARG_ENTRY(RC5,SECMOD_RC5_FLAG),
|
| + NSSUTIL_ARG_ENTRY(SHA1,SECMOD_SHA1_FLAG),
|
| + NSSUTIL_ARG_ENTRY(MD5,SECMOD_MD5_FLAG),
|
| + NSSUTIL_ARG_ENTRY(MD2,SECMOD_MD2_FLAG),
|
| + NSSUTIL_ARG_ENTRY(SSL,SECMOD_SSL_FLAG),
|
| + NSSUTIL_ARG_ENTRY(TLS,SECMOD_TLS_FLAG),
|
| + NSSUTIL_ARG_ENTRY(AES,SECMOD_AES_FLAG),
|
| + NSSUTIL_ARG_ENTRY(Camellia,SECMOD_CAMELLIA_FLAG),
|
| + NSSUTIL_ARG_ENTRY(SEED,SECMOD_SEED_FLAG),
|
| + NSSUTIL_ARG_ENTRY(PublicCerts,SECMOD_FRIENDLY_FLAG),
|
| + NSSUTIL_ARG_ENTRY(RANDOM,SECMOD_RANDOM_FLAG),
|
| + NSSUTIL_ARG_ENTRY(Disable, SECMOD_DISABLE_FLAG),
|
| +};
|
| +
|
| +static int nssutil_argSlotFlagTableSize =
|
| + sizeof(nssutil_argSlotFlagTable)/sizeof(nssutil_argSlotFlagTable[0]);
|
| +
|
| +
|
| +/* turn the slot flags into a bit mask */
|
| +unsigned long
|
| +NSSUTIL_ArgParseSlotFlags(char *label,char *params)
|
| {
|
| - char *flags = (char *)PORT_ZAlloc(MAX_FLAG_SIZE);
|
| - PRBool first = PR_TRUE;
|
| + char *flags,*index;
|
| + unsigned long retValue = 0;
|
| + int i;
|
| + PRBool all = PR_FALSE;
|
|
|
| - PORT_Memset(flags,0,MAX_FLAG_SIZE);
|
| - if (internal) {
|
| - PORT_Strcat(flags,"internal");
|
| - first = PR_FALSE;
|
| + flags = NSSUTIL_ArgGetParamValue(label,params);
|
| + if (flags == NULL) return 0;
|
| +
|
| + if (PORT_Strcasecmp(flags,"all") == 0) all = PR_TRUE;
|
| +
|
| + for (index=flags; *index; index=NSSUTIL_ArgNextFlag(index)) {
|
| + for (i=0; i < nssutil_argSlotFlagTableSize; i++) {
|
| + if (all ||
|
| + (PORT_Strncasecmp(index, nssutil_argSlotFlagTable[i].name,
|
| + nssutil_argSlotFlagTable[i].len) == 0)) {
|
| + retValue |= nssutil_argSlotFlagTable[i].value;
|
| + }
|
| + }
|
| }
|
| - if (isFIPS) {
|
| - if (!first) PORT_Strcat(flags,",");
|
| - PORT_Strcat(flags,"FIPS");
|
| - first = PR_FALSE;
|
| + PORT_Free(flags);
|
| + return retValue;
|
| +}
|
| +
|
| +
|
| +/* parse a single slot specific parameter */
|
| +static void
|
| +nssutil_argDecodeSingleSlotInfo(char *name, char *params,
|
| + struct NSSUTILPreSlotInfoStr *slotInfo)
|
| +{
|
| + char *askpw;
|
| +
|
| + slotInfo->slotID=NSSUTIL_ArgDecodeNumber(name);
|
| + slotInfo->defaultFlags=NSSUTIL_ArgParseSlotFlags("slotFlags",params);
|
| + slotInfo->timeout=NSSUTIL_ArgReadLong("timeout",params, 0, NULL);
|
| +
|
| + askpw = NSSUTIL_ArgGetParamValue("askpw",params);
|
| + slotInfo->askpw = 0;
|
| +
|
| + if (askpw) {
|
| + if (PORT_Strcasecmp(askpw,"every") == 0) {
|
| + slotInfo->askpw = -1;
|
| + } else if (PORT_Strcasecmp(askpw,"timeout") == 0) {
|
| + slotInfo->askpw = 1;
|
| + }
|
| + PORT_Free(askpw);
|
| + slotInfo->defaultFlags |= PK11_OWN_PW_DEFAULTS;
|
| }
|
| - if (isModuleDB) {
|
| - if (!first) PORT_Strcat(flags,",");
|
| - PORT_Strcat(flags,"moduleDB");
|
| - first = PR_FALSE;
|
| - }
|
| - if (isModuleDBOnly) {
|
| - if (!first) PORT_Strcat(flags,",");
|
| - PORT_Strcat(flags,"moduleDBOnly");
|
| - first = PR_FALSE;
|
| - }
|
| - if (isCritical) {
|
| - if (!first) PORT_Strcat(flags,",");
|
| - PORT_Strcat(flags,"critical");
|
| - first = PR_FALSE;
|
| - }
|
| - return flags;
|
| + slotInfo->hasRootCerts = NSSUTIL_ArgHasFlag("rootFlags", "hasRootCerts",
|
| + params);
|
| + slotInfo->hasRootTrust = NSSUTIL_ArgHasFlag("rootFlags", "hasRootTrust",
|
| + params);
|
| }
|
|
|
| -static char *
|
| -secmod_mkCipherFlags(unsigned long ssl0, unsigned long ssl1)
|
| +/* parse all the slot specific parameters. */
|
| +struct NSSUTILPreSlotInfoStr *
|
| +NSSUTIL_ArgParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount)
|
| {
|
| - char *cipher = NULL;
|
| - int i;
|
| + char *slotIndex;
|
| + struct NSSUTILPreSlotInfoStr *slotInfo = NULL;
|
| + int i=0,count = 0,next;
|
|
|
| - for (i=0; i < sizeof(ssl0)*8; i++) {
|
| - if (ssl0 & (1<<i)) {
|
| - char *string;
|
| - if ((1<<i) == SECMOD_FORTEZZA_FLAG) {
|
| - string = PR_smprintf("%s","FORTEZZA");
|
| - } else {
|
| - string = PR_smprintf("0h0x%08x",1<<i);
|
| - }
|
| - if (cipher) {
|
| - char *tmp;
|
| - tmp = PR_smprintf("%s,%s",cipher,string);
|
| - PR_smprintf_free(cipher);
|
| - PR_smprintf_free(string);
|
| - cipher = tmp;
|
| - } else {
|
| - cipher = string;
|
| - }
|
| - }
|
| + *retCount = 0;
|
| + if ((slotParams == NULL) || (*slotParams == 0)) return NULL;
|
| +
|
| + /* first count the number of slots */
|
| + for (slotIndex = NSSUTIL_ArgStrip(slotParams); *slotIndex;
|
| + slotIndex = NSSUTIL_ArgStrip(NSSUTIL_ArgSkipParameter(slotIndex))) {
|
| + count++;
|
| }
|
| - for (i=0; i < sizeof(ssl0)*8; i++) {
|
| - if (ssl1 & (1<<i)) {
|
| - if (cipher) {
|
| - char *tmp;
|
| - tmp = PR_smprintf("%s,0l0x%08x",cipher,1<<i);
|
| - PR_smprintf_free(cipher);
|
| - cipher = tmp;
|
| - } else {
|
| - cipher = PR_smprintf("0l0x%08x",1<<i);
|
| +
|
| + /* get the data structures */
|
| + if (arena) {
|
| + slotInfo = PORT_ArenaZNewArray(arena,
|
| + struct NSSUTILPreSlotInfoStr, count);
|
| + } else {
|
| + slotInfo = PORT_ZNewArray(struct NSSUTILPreSlotInfoStr, count);
|
| + }
|
| + if (slotInfo == NULL) return NULL;
|
| +
|
| + for (slotIndex = NSSUTIL_ArgStrip(slotParams), i = 0;
|
| + *slotIndex && i < count ; ) {
|
| + char *name;
|
| + name = NSSUTIL_ArgGetLabel(slotIndex,&next);
|
| + slotIndex += next;
|
| +
|
| + if (!NSSUTIL_ArgIsBlank(*slotIndex)) {
|
| + char *args = NSSUTIL_ArgFetchValue(slotIndex,&next);
|
| + slotIndex += next;
|
| + if (args) {
|
| + nssutil_argDecodeSingleSlotInfo(name,args,&slotInfo[i]);
|
| + i++;
|
| + PORT_Free(args);
|
| }
|
| }
|
| + if (name) PORT_Free(name);
|
| + slotIndex = NSSUTIL_ArgStrip(slotIndex);
|
| }
|
| -
|
| - return cipher;
|
| + *retCount = i;
|
| + return slotInfo;
|
| }
|
|
|
| +/************************************************************************
|
| + * make a new slot specific parameter
|
| + */
|
| +/* first make the slot flags */
|
| static char *
|
| -secmod_mkSlotFlags(unsigned long defaultFlags)
|
| +nssutil_mkSlotFlags(unsigned long defaultFlags)
|
| {
|
| char *flags=NULL;
|
| int i,j;
|
| @@ -677,9 +678,9 @@
|
| if (defaultFlags & (1<<i)) {
|
| char *string = NULL;
|
|
|
| - for (j=0; j < secmod_argSlotFlagTableSize; j++) {
|
| - if (secmod_argSlotFlagTable[j].value == ( 1UL << i )) {
|
| - string = secmod_argSlotFlagTable[j].name;
|
| + for (j=0; j < nssutil_argSlotFlagTableSize; j++) {
|
| + if (nssutil_argSlotFlagTable[j].value == ( 1UL << i )) {
|
| + string = nssutil_argSlotFlagTable[j].name;
|
| break;
|
| }
|
| }
|
| @@ -699,15 +700,15 @@
|
| return flags;
|
| }
|
|
|
| -#define SECMOD_MAX_ROOT_FLAG_SIZE sizeof("hasRootCerts")+sizeof("hasRootTrust")
|
| -
|
| +/* now make the root flags */
|
| +#define NSSUTIL_MAX_ROOT_FLAG_SIZE sizeof("hasRootCerts")+sizeof("hasRootTrust")
|
| static char *
|
| -secmod_mkRootFlags(PRBool hasRootCerts, PRBool hasRootTrust)
|
| +nssutil_mkRootFlags(PRBool hasRootCerts, PRBool hasRootTrust)
|
| {
|
| - char *flags= (char *)PORT_ZAlloc(SECMOD_MAX_ROOT_FLAG_SIZE);
|
| + char *flags= (char *)PORT_ZAlloc(NSSUTIL_MAX_ROOT_FLAG_SIZE);
|
| PRBool first = PR_TRUE;
|
|
|
| - PORT_Memset(flags,0,SECMOD_MAX_ROOT_FLAG_SIZE);
|
| + PORT_Memset(flags,0,NSSUTIL_MAX_ROOT_FLAG_SIZE);
|
| if (hasRootCerts) {
|
| PORT_Strcat(flags,"hasRootCerts");
|
| first = PR_FALSE;
|
| @@ -720,8 +721,9 @@
|
| return flags;
|
| }
|
|
|
| -static char *
|
| -secmod_mkSlotString(unsigned long slotID, unsigned long defaultFlags,
|
| +/* now make a full slot string */
|
| +char *
|
| +NSSUTIL_MkSlotString(unsigned long slotID, unsigned long defaultFlags,
|
| unsigned long timeout, unsigned char askpw_in,
|
| PRBool hasRootCerts, PRBool hasRootTrust) {
|
| char *askpw,*flags,*rootFlags,*slotString;
|
| @@ -738,10 +740,10 @@
|
| askpw = "any";
|
| break;
|
| }
|
| - flags = secmod_mkSlotFlags(defaultFlags);
|
| - rootFlags = secmod_mkRootFlags(hasRootCerts,hasRootTrust);
|
| - flagPair=secmod_formatPair("slotFlags",flags,'\'');
|
| - rootFlagsPair=secmod_formatPair("rootFlags",rootFlags,'\'');
|
| + flags = nssutil_mkSlotFlags(defaultFlags);
|
| + rootFlags = nssutil_mkRootFlags(hasRootCerts,hasRootTrust);
|
| + flagPair = nssutil_formatPair("slotFlags",flags,'\'');
|
| + rootFlagsPair = nssutil_formatPair("rootFlags",rootFlags,'\'');
|
| if (flags) PR_smprintf_free(flags);
|
| if (rootFlags) PORT_Free(rootFlags);
|
| if (defaultFlags & PK11_OWN_PW_DEFAULTS) {
|
| @@ -752,16 +754,180 @@
|
| slotString = PR_smprintf("0x%08lx=[%s %s]",
|
| (PRUint32)slotID,flagPair,rootFlagsPair);
|
| }
|
| - secmod_freePair(flagPair);
|
| - secmod_freePair(rootFlagsPair);
|
| + nssutil_freePair(flagPair);
|
| + nssutil_freePair(rootFlagsPair);
|
| return slotString;
|
| }
|
|
|
| +
|
| +/************************************************************************
|
| + * Parse Full module specs into: library, commonName, module parameters,
|
| + * and NSS specifi parameters.
|
| + */
|
| +SECStatus
|
| +NSSUTIL_ArgParseModuleSpec(char *modulespec, char **lib, char **mod,
|
| + char **parameters, char **nss)
|
| +{
|
| + int next;
|
| + modulespec = NSSUTIL_ArgStrip(modulespec);
|
| +
|
| + *lib = *mod = *parameters = *nss = 0;
|
| +
|
| + while (*modulespec) {
|
| + NSSUTIL_HANDLE_STRING_ARG(modulespec,*lib,"library=",;)
|
| + NSSUTIL_HANDLE_STRING_ARG(modulespec,*mod,"name=",;)
|
| + NSSUTIL_HANDLE_STRING_ARG(modulespec,*parameters,"parameters=",;)
|
| + NSSUTIL_HANDLE_STRING_ARG(modulespec,*nss,"nss=",;)
|
| + NSSUTIL_HANDLE_FINAL_ARG(modulespec)
|
| + }
|
| + return SECSuccess;
|
| +}
|
| +
|
| +/************************************************************************
|
| + * make a new module spec from it's components */
|
| +char *
|
| +NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters,
|
| + char *NSS)
|
| +{
|
| + char *moduleSpec;
|
| + char *lib,*name,*param,*nss;
|
| +
|
| + /*
|
| + * now the final spec
|
| + */
|
| + lib = nssutil_formatPair("library",dllName,'\"');
|
| + name = nssutil_formatPair("name",commonName,'\"');
|
| + param = nssutil_formatPair("parameters",parameters,'\"');
|
| + nss = nssutil_formatPair("NSS",NSS,'\"');
|
| + moduleSpec = PR_smprintf("%s %s %s %s", lib,name,param,nss);
|
| + nssutil_freePair(lib);
|
| + nssutil_freePair(name);
|
| + nssutil_freePair(param);
|
| + nssutil_freePair(nss);
|
| + return (moduleSpec);
|
| +}
|
| +
|
| +
|
| +#define NSSUTIL_ARG_FORTEZZA_FLAG "FORTEZZA"
|
| +/******************************************************************************
|
| + * Parse the cipher flags from the NSS parameter
|
| + */
|
| +void
|
| +NSSUTIL_ArgParseCipherFlags(unsigned long *newCiphers,char *cipherList)
|
| +{
|
| + newCiphers[0] = newCiphers[1] = 0;
|
| + if ((cipherList == NULL) || (*cipherList == 0)) return;
|
| +
|
| + for (;*cipherList; cipherList=NSSUTIL_ArgNextFlag(cipherList)) {
|
| + if (PORT_Strncasecmp(cipherList,NSSUTIL_ARG_FORTEZZA_FLAG,
|
| + sizeof(NSSUTIL_ARG_FORTEZZA_FLAG)-1) == 0) {
|
| + newCiphers[0] |= SECMOD_FORTEZZA_FLAG;
|
| + }
|
| +
|
| + /* add additional flags here as necessary */
|
| + /* direct bit mapping escape */
|
| + if (*cipherList == 0) {
|
| + if (cipherList[1] == 'l') {
|
| + newCiphers[1] |= atoi(&cipherList[2]);
|
| + } else {
|
| + newCiphers[0] |= atoi(&cipherList[2]);
|
| + }
|
| + }
|
| + }
|
| +}
|
| +
|
| +
|
| +/*********************************************************************
|
| + * make NSS parameter...
|
| + */
|
| +/* First make NSS specific flags */
|
| +#define MAX_FLAG_SIZE sizeof("internal")+sizeof("FIPS")+sizeof("moduleDB")+\
|
| + sizeof("moduleDBOnly")+sizeof("critical")
|
| static char *
|
| -secmod_mkNSS(char **slotStrings, int slotCount, PRBool internal, PRBool isFIPS,
|
| - PRBool isModuleDB, PRBool isModuleDBOnly, PRBool isCritical,
|
| - unsigned long trustOrder, unsigned long cipherOrder,
|
| - unsigned long ssl0, unsigned long ssl1) {
|
| +nssutil_mkNSSFlags(PRBool internal, PRBool isFIPS,
|
| + PRBool isModuleDB, PRBool isModuleDBOnly, PRBool isCritical)
|
| +{
|
| + char *flags = (char *)PORT_ZAlloc(MAX_FLAG_SIZE);
|
| + PRBool first = PR_TRUE;
|
| +
|
| + PORT_Memset(flags,0,MAX_FLAG_SIZE);
|
| + if (internal) {
|
| + PORT_Strcat(flags,"internal");
|
| + first = PR_FALSE;
|
| + }
|
| + if (isFIPS) {
|
| + if (!first) PORT_Strcat(flags,",");
|
| + PORT_Strcat(flags,"FIPS");
|
| + first = PR_FALSE;
|
| + }
|
| + if (isModuleDB) {
|
| + if (!first) PORT_Strcat(flags,",");
|
| + PORT_Strcat(flags,"moduleDB");
|
| + first = PR_FALSE;
|
| + }
|
| + if (isModuleDBOnly) {
|
| + if (!first) PORT_Strcat(flags,",");
|
| + PORT_Strcat(flags,"moduleDBOnly");
|
| + first = PR_FALSE;
|
| + }
|
| + if (isCritical) {
|
| + if (!first) PORT_Strcat(flags,",");
|
| + PORT_Strcat(flags,"critical");
|
| + first = PR_FALSE;
|
| + }
|
| + return flags;
|
| +}
|
| +
|
| +
|
| +/* construct the NSS cipher flags */
|
| +static char *
|
| +nssutil_mkCipherFlags(unsigned long ssl0, unsigned long ssl1)
|
| +{
|
| + char *cipher = NULL;
|
| + int i;
|
| +
|
| + for (i=0; i < sizeof(ssl0)*8; i++) {
|
| + if (ssl0 & (1<<i)) {
|
| + char *string;
|
| + if ((1<<i) == SECMOD_FORTEZZA_FLAG) {
|
| + string = PR_smprintf("%s",NSSUTIL_ARG_FORTEZZA_FLAG);
|
| + } else {
|
| + string = PR_smprintf("0h0x%08x",1<<i);
|
| + }
|
| + if (cipher) {
|
| + char *tmp;
|
| + tmp = PR_smprintf("%s,%s",cipher,string);
|
| + PR_smprintf_free(cipher);
|
| + PR_smprintf_free(string);
|
| + cipher = tmp;
|
| + } else {
|
| + cipher = string;
|
| + }
|
| + }
|
| + }
|
| + for (i=0; i < sizeof(ssl0)*8; i++) {
|
| + if (ssl1 & (1<<i)) {
|
| + if (cipher) {
|
| + char *tmp;
|
| + tmp = PR_smprintf("%s,0l0x%08x",cipher,1<<i);
|
| + PR_smprintf_free(cipher);
|
| + cipher = tmp;
|
| + } else {
|
| + cipher = PR_smprintf("0l0x%08x",1<<i);
|
| + }
|
| + }
|
| + }
|
| +
|
| + return cipher;
|
| +}
|
| +
|
| +/* Assemble a full NSS string. */
|
| +char *
|
| +NSSUTIL_MkNSSString(char **slotStrings, int slotCount, PRBool internal,
|
| + PRBool isFIPS, PRBool isModuleDB, PRBool isModuleDBOnly,
|
| + PRBool isCritical, unsigned long trustOrder,
|
| + unsigned long cipherOrder, unsigned long ssl0, unsigned long ssl1)
|
| +{
|
| int slotLen, i;
|
| char *slotParams, *ciphers, *nss, *nssFlags, *tmp;
|
| char *trustOrderPair,*cipherOrderPair,*slotPair,*cipherPair,*flagPair;
|
| @@ -788,29 +954,29 @@
|
| /*
|
| * now the NSS structure
|
| */
|
| - nssFlags = secmod_mkNSSFlags(internal,isFIPS,isModuleDB,isModuleDBOnly,
|
| + nssFlags = nssutil_mkNSSFlags(internal,isFIPS,isModuleDB,isModuleDBOnly,
|
| isCritical);
|
| /* for now only the internal module is critical */
|
| - ciphers = secmod_mkCipherFlags(ssl0, ssl1);
|
| + ciphers = nssutil_mkCipherFlags(ssl0, ssl1);
|
|
|
| - trustOrderPair=secmod_formatIntPair("trustOrder",trustOrder,
|
| - SECMOD_DEFAULT_TRUST_ORDER);
|
| - cipherOrderPair=secmod_formatIntPair("cipherOrder",cipherOrder,
|
| - SECMOD_DEFAULT_CIPHER_ORDER);
|
| - slotPair=secmod_formatPair("slotParams",slotParams,'{'); /* } */
|
| + trustOrderPair = nssutil_formatIntPair("trustOrder",trustOrder,
|
| + NSSUTIL_DEFAULT_TRUST_ORDER);
|
| + cipherOrderPair = nssutil_formatIntPair("cipherOrder",cipherOrder,
|
| + NSSUTIL_DEFAULT_CIPHER_ORDER);
|
| + slotPair=nssutil_formatPair("slotParams",slotParams,'{'); /* } */
|
| if (slotParams) PORT_Free(slotParams);
|
| - cipherPair=secmod_formatPair("ciphers",ciphers,'\'');
|
| + cipherPair=nssutil_formatPair("ciphers",ciphers,'\'');
|
| if (ciphers) PR_smprintf_free(ciphers);
|
| - flagPair=secmod_formatPair("Flags",nssFlags,'\'');
|
| + flagPair=nssutil_formatPair("Flags",nssFlags,'\'');
|
| if (nssFlags) PORT_Free(nssFlags);
|
| nss = PR_smprintf("%s %s %s %s %s",trustOrderPair,
|
| cipherOrderPair,slotPair,cipherPair,flagPair);
|
| - secmod_freePair(trustOrderPair);
|
| - secmod_freePair(cipherOrderPair);
|
| - secmod_freePair(slotPair);
|
| - secmod_freePair(cipherPair);
|
| - secmod_freePair(flagPair);
|
| - tmp = secmod_argStrip(nss);
|
| + nssutil_freePair(trustOrderPair);
|
| + nssutil_freePair(cipherOrderPair);
|
| + nssutil_freePair(slotPair);
|
| + nssutil_freePair(cipherPair);
|
| + nssutil_freePair(flagPair);
|
| + tmp = NSSUTIL_ArgStrip(nss);
|
| if (*tmp == '\0') {
|
| PR_smprintf_free(nss);
|
| nss = NULL;
|
| @@ -818,24 +984,126 @@
|
| return nss;
|
| }
|
|
|
| -static char *
|
| -secmod_mkNewModuleSpec(char *dllName, char *commonName, char *parameters,
|
| - char *NSS) {
|
| - char *moduleSpec;
|
| - char *lib,*name,*param,*nss;
|
| +/*****************************************************************************
|
| + *
|
| + * Private calls for use by softoken and utilmod.c
|
| + */
|
|
|
| - /*
|
| - * now the final spec
|
| - */
|
| - lib = secmod_formatPair("library",dllName,'\"');
|
| - name = secmod_formatPair("name",commonName,'\"');
|
| - param = secmod_formatPair("parameters",parameters,'\"');
|
| - nss = secmod_formatPair("NSS",NSS,'\"');
|
| - moduleSpec = PR_smprintf("%s %s %s %s", lib,name,param,nss);
|
| - secmod_freePair(lib);
|
| - secmod_freePair(name);
|
| - secmod_freePair(param);
|
| - secmod_freePair(nss);
|
| - return (moduleSpec);
|
| +#define SQLDB "sql:"
|
| +#define EXTERNDB "extern:"
|
| +#define LEGACY "dbm:"
|
| +#define MULTIACCESS "multiaccess:"
|
| +#define SECMOD_DB "secmod.db"
|
| +const char *
|
| +_NSSUTIL_EvaluateConfigDir(const char *configdir,
|
| + NSSDBType *pdbType, char **appName)
|
| +{
|
| + NSSDBType dbType;
|
| + *appName = NULL;
|
| +/* force the default */
|
| +#ifdef NSS_DISABLE_DBM
|
| + dbType = NSS_DB_TYPE_SQL;
|
| +#else
|
| + dbType = NSS_DB_TYPE_LEGACY;
|
| +#endif
|
| + if (PORT_Strncmp(configdir, MULTIACCESS, sizeof(MULTIACCESS)-1) == 0) {
|
| + char *cdir;
|
| + dbType = NSS_DB_TYPE_MULTIACCESS;
|
| +
|
| + *appName = PORT_Strdup(configdir+sizeof(MULTIACCESS)-1);
|
| + if (*appName == NULL) {
|
| + return configdir;
|
| + }
|
| + cdir = *appName;
|
| + while (*cdir && *cdir != ':') {
|
| + cdir++;
|
| + }
|
| + if (*cdir == ':') {
|
| + *cdir = 0;
|
| + cdir++;
|
| + }
|
| + configdir = cdir;
|
| + } else if (PORT_Strncmp(configdir, SQLDB, sizeof(SQLDB)-1) == 0) {
|
| + dbType = NSS_DB_TYPE_SQL;
|
| + configdir = configdir + sizeof(SQLDB) -1;
|
| + } else if (PORT_Strncmp(configdir, EXTERNDB, sizeof(EXTERNDB)-1) == 0) {
|
| + dbType = NSS_DB_TYPE_EXTERN;
|
| + configdir = configdir + sizeof(EXTERNDB) -1;
|
| + } else if (PORT_Strncmp(configdir, LEGACY, sizeof(LEGACY)-1) == 0) {
|
| + dbType = NSS_DB_TYPE_LEGACY;
|
| + configdir = configdir + sizeof(LEGACY) -1;
|
| + } else {
|
| + /* look up the default from the environment */
|
| + char *defaultType = PR_GetEnv("NSS_DEFAULT_DB_TYPE");
|
| + if (defaultType != NULL) {
|
| + if (PORT_Strncmp(defaultType, SQLDB, sizeof(SQLDB)-2) == 0) {
|
| + dbType = NSS_DB_TYPE_SQL;
|
| + } else if (PORT_Strncmp(defaultType,EXTERNDB,sizeof(EXTERNDB)-2)==0) {
|
| + dbType = NSS_DB_TYPE_EXTERN;
|
| + } else if (PORT_Strncmp(defaultType, LEGACY, sizeof(LEGACY)-2) == 0) {
|
| + dbType = NSS_DB_TYPE_LEGACY;
|
| + }
|
| + }
|
| + }
|
| + /* if the caller has already set a type, don't change it */
|
| + if (*pdbType == NSS_DB_TYPE_NONE) {
|
| + *pdbType = dbType;
|
| + }
|
| + return configdir;
|
| }
|
|
|
| +char *
|
| +_NSSUTIL_GetSecmodName(char *param, NSSDBType *dbType, char **appName,
|
| + char **filename, PRBool *rw)
|
| +{
|
| + int next;
|
| + char *configdir = NULL;
|
| + char *secmodName = NULL;
|
| + char *value = NULL;
|
| + char *save_params = param;
|
| + const char *lconfigdir;
|
| + param = NSSUTIL_ArgStrip(param);
|
| +
|
| +
|
| + while (*param) {
|
| + NSSUTIL_HANDLE_STRING_ARG(param,configdir,"configDir=",;)
|
| + NSSUTIL_HANDLE_STRING_ARG(param,secmodName,"secmod=",;)
|
| + NSSUTIL_HANDLE_FINAL_ARG(param)
|
| + }
|
| +
|
| + *rw = PR_TRUE;
|
| + if (NSSUTIL_ArgHasFlag("flags","readOnly",save_params)) {
|
| + *rw = PR_FALSE;
|
| + }
|
| +
|
| + if (!secmodName || *secmodName == '\0') {
|
| + if (secmodName) PORT_Free(secmodName);
|
| + secmodName = PORT_Strdup(SECMOD_DB);
|
| + }
|
| +
|
| + *filename = secmodName;
|
| + lconfigdir = _NSSUTIL_EvaluateConfigDir(configdir, dbType, appName);
|
| +
|
| + if (NSSUTIL_ArgHasFlag("flags","noModDB",save_params)) {
|
| + /* there isn't a module db, don't load the legacy support */
|
| + *dbType = NSS_DB_TYPE_SQL;
|
| + *rw = PR_FALSE;
|
| + }
|
| +
|
| + /* only use the renamed secmod for legacy databases */
|
| + if ((*dbType != NSS_DB_TYPE_LEGACY) &&
|
| + (*dbType != NSS_DB_TYPE_MULTIACCESS)) {
|
| + secmodName="pkcs11.txt";
|
| + }
|
| +
|
| + if (lconfigdir) {
|
| + value = PR_smprintf("%s" NSSUTIL_PATH_SEPARATOR "%s",
|
| + lconfigdir,secmodName);
|
| + } else {
|
| + value = PR_smprintf("%s",secmodName);
|
| + }
|
| + if (configdir) PORT_Free(configdir);
|
| + return value;
|
| +}
|
| +
|
| +
|
|
|
Chromium Code Reviews
Issue 11362174:
Update NSS to NSS 3.14 pre-release snapshot 2012-06-28 01:00:00 PDT. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/