From b55ecad4b6ec280d7d17caa5e02c20a7391b8a05 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Thu, 7 Nov 2013 16:58:04 +0800 Subject: [PATCH] Allow some commands to proceed without a NSS db The NSS db is not necessary to calculate the hash, to show the signature or to export the signed attributes. Signed-off-by: Gary Ching-Pang Lin --- src/pesign.c | 91 +++++++++++++++++++++++++++++++++++------------------------- 1 file changed, 53 insertions(+), 38 deletions(-) diff --git a/src/pesign.c b/src/pesign.c index c7313a6..0cd47a8 100644 --- a/src/pesign.c +++ b/src/pesign.c @@ -405,6 +405,7 @@ main(int argc, char *argv[]) int daemon = 0; int fork = 1; int padding = 0; + int need_db = 0; char *digest_name = "sha256"; char *tokenname = "NSS Certificate DB"; @@ -526,8 +527,59 @@ main(int argc, char *argv[]) } } + int action = 0; + if (daemon) + action |= DAEMONIZE; + + if (ctxp->rawsig) { + action |= IMPORT_RAW_SIGNATURE; + need_db = 1; + } + + if (ctxp->insattrs) + action |= IMPORT_SATTRS; + + if (ctxp->outsattrs) + action |= EXPORT_SATTRS; + + if (ctxp->insig) + action |= IMPORT_SIGNATURE; + + if (ctxp->outkey) { + action |= EXPORT_PUBKEY; + need_db = 1; + } + + if (ctxp->outcert) { + action |= EXPORT_CERT; + need_db = 1; + } + + if (ctxp->outsig) + action |= EXPORT_SIGNATURE; + + if (remove != 0) + action |= REMOVE_SIGNATURE; + + if (list != 0) + action |= LIST_SIGNATURES; + + if (ctxp->sign) { + action |= GENERATE_SIGNATURE; + if (!(action & EXPORT_SIGNATURE)) + action |= IMPORT_SIGNATURE; + need_db = 1; + } + + if (ctxp->hash) + action |= GENERATE_DIGEST|PRINT_DIGEST; + if (!daemon) { - SECStatus status = NSS_Init(certdir); + SECStatus status; + if (need_db) + status = NSS_Init(certdir); + else + status = NSS_NoDB_Init(NULL); if (status != SECSuccess) { fprintf(stderr, "Could not initialize nss: %s\n", PORT_ErrorToString(PORT_GetError())); @@ -571,42 +623,8 @@ main(int argc, char *argv[]) if (certname) free(certname); - int action = 0; - if (daemon) - action |= DAEMONIZE; - - if (ctxp->rawsig) - action |= IMPORT_RAW_SIGNATURE; - - if (ctxp->insattrs) - action |= IMPORT_SATTRS; - - if (ctxp->outsattrs) - action |= EXPORT_SATTRS; - - if (ctxp->insig) - action |= IMPORT_SIGNATURE; - - if (ctxp->outkey) - action |= EXPORT_PUBKEY; - - if (ctxp->outcert) - action |= EXPORT_CERT; - - if (ctxp->outsig) - action |= EXPORT_SIGNATURE; - - if (remove != 0) - action |= REMOVE_SIGNATURE; - - if (list != 0) - action |= LIST_SIGNATURES; if (ctxp->sign) { - action |= GENERATE_SIGNATURE; - if (!(action & EXPORT_SIGNATURE)) - action |= IMPORT_SIGNATURE; - if (!ctxp->cms_ctx->certname) { fprintf(stderr, "pesign: signing requested but no " "certificate nickname provided\n"); @@ -614,9 +632,6 @@ main(int argc, char *argv[]) } } - if (ctxp->hash) - action |= GENERATE_DIGEST|PRINT_DIGEST; - ssize_t sigspace = 0; switch (action) { -- 1.8.1.4