Darin Petkov | d9050bb | 2012-09-26 16:02:52 +0200 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include <cert.h> |
| 6 | #include <nspr.h> |
| 7 | #include <nss.h> |
| 8 | |
| 9 | #include <string> |
| 10 | |
| 11 | #include <base/command_line.h> |
| 12 | #include <base/file_path.h> |
| 13 | #include <base/logging.h> |
| 14 | #include <chromeos/syslog_logging.h> |
| 15 | |
| 16 | #include "shill/byte_string.h" |
| 17 | #include "shill/shims/certificates.h" |
| 18 | |
| 19 | using shill::ByteString; |
| 20 | using shill::shims::Certificates; |
| 21 | using std::string; |
| 22 | |
| 23 | namespace { |
| 24 | |
| 25 | const char kCertDBDir[] = "sql:/home/chronos/user/.pki/nssdb"; |
| 26 | |
| 27 | class ScopedNSS { |
| 28 | public: |
| 29 | ScopedNSS() : initialized_(false) {} |
| 30 | ~ScopedNSS(); |
| 31 | |
| 32 | bool Init(const string &config_dir); |
| 33 | |
| 34 | private: |
| 35 | bool initialized_; |
| 36 | }; |
| 37 | |
| 38 | ScopedNSS::~ScopedNSS() { |
| 39 | if (initialized_) { |
| 40 | NSS_Shutdown(); |
| 41 | initialized_ = false; |
| 42 | } |
| 43 | } |
| 44 | |
| 45 | bool ScopedNSS::Init(const string &config_dir) { |
| 46 | if (!initialized_ && (NSS_Init(config_dir.c_str()) != SECSuccess)) { |
| 47 | LOG(ERROR) << "Unable to initialize NSS in " << config_dir |
| 48 | << ". Error code: " << PR_GetError(); |
| 49 | return false; |
| 50 | } |
| 51 | initialized_ = true; |
| 52 | return true; |
| 53 | } |
| 54 | |
| 55 | bool GetDERCertificate(const string &nickname, ByteString *der_cert) { |
| 56 | CERTCertDBHandle *handle = CERT_GetDefaultCertDB(); |
| 57 | if (!handle) { |
| 58 | LOG(ERROR) << "Null certificate database handle."; |
| 59 | return false; |
| 60 | } |
| 61 | CERTCertificate *cert = CERT_FindCertByNickname(handle, nickname.c_str()); |
| 62 | if (!cert) { |
| 63 | LOG(ERROR) << "Couldn't find certificate: " << nickname; |
| 64 | return false; |
| 65 | } |
| 66 | *der_cert = ByteString(cert->derCert.data, cert->derCert.len); |
| 67 | CERT_DestroyCertificate(cert); |
| 68 | return true; |
| 69 | } |
| 70 | |
| 71 | } // namespace |
| 72 | |
| 73 | int main(int argc, char **argv) { |
| 74 | CommandLine::Init(argc, argv); |
| 75 | chromeos::InitLog(chromeos::kLogToSyslog | chromeos::kLogHeader); |
| 76 | if (argc != 4) { |
| 77 | LOG(ERROR) << "Usage: nss-get-cert <cert-nickname> <der|pem> <outfile>"; |
| 78 | return EXIT_FAILURE; |
| 79 | } |
| 80 | |
| 81 | const string nickname = argv[1]; |
| 82 | const string format_str = argv[2]; |
| 83 | const FilePath outfile(argv[3]); |
| 84 | |
| 85 | ScopedNSS nss; |
| 86 | ByteString cert; |
| 87 | if (!nss.Init(kCertDBDir) || !GetDERCertificate(nickname, &cert)) { |
| 88 | return EXIT_FAILURE; |
| 89 | } |
| 90 | if (format_str == "pem") { |
| 91 | cert = Certificates::ConvertDERToPEM(cert); |
| 92 | } else if (format_str != "der") { |
| 93 | LOG(ERROR) << "Invalid format parameter: " << format_str; |
| 94 | return EXIT_FAILURE; |
| 95 | } |
| 96 | return Certificates::Write(cert, outfile) ? EXIT_SUCCESS : EXIT_FAILURE; |
| 97 | } |