Re: My shy certificate

Tue, 08 Aug 2006 23:09:30 -0700 

Not sure whether this will help, but I think you can write a function like the 
one given below.
Have a look at security/manager/ssl/src/nsPKCS12Blob.cpp.
nsresult nsPKCS12Blob::ImportSSLCertsFromFile(nsILocalFile *file) {

nsNSSShutDownPreventionLock locker;

nsresult rv;

SECStatus srv = SECSuccess;

SEC_PKCS12DecoderContext *dcx = NULL;

SECItem unicodePw;

PK11SlotInfo *slot=nsnull;

nsXPIDLString tokenName;

NS_NAMED_LITERAL_STRING(password, "passwd");

if (!mToken) {

if (!mTokenSet) {

rv = SetToken(NULL); // Ask the user to pick a slot

if (NS_FAILED(rv)) {

handleError(PIP_PKCS12_USER_CANCELED);

return rv;

}

}

}

if (!mToken) {

handleError(PIP_PKCS12_RESTORE_FAILED);

return NS_ERROR_NOT_AVAILABLE;

}

PRBool needsInit;

mToken->GetNeedsUserInit(&needsInit);

if(needsInit)

mToken->InitPassword(EmptyString().get());

unicodeToItem(password.get(), &unicodePw);

mToken->GetTokenName(getter_Copies(tokenName));

NS_ConvertUTF16toUTF8 tokenNameCString(tokenName);

slot = PK11_FindSlotByName(tokenNameCString.BeginWriting());

if (!slot) {

srv = SECFailure;

goto finish;

}

// initialize the decoder

dcx = SEC_PKCS12DecoderStart(&unicodePw, slot, NULL,

digest_open, digest_close,

digest_read, digest_write,

this);

if (!dcx) {

srv = SECFailure;

goto finish;

}

// read input file and feed it to the decoder

rv = inputToDecoder(dcx, file);

if (NS_FAILED(rv)) {

if (NS_ERROR_ABORT == rv) {

// inputToDecoder indicated an NSS error

srv = SECFailure;

}

goto finish;

}

// verify the blob

srv = SEC_PKCS12DecoderVerify(dcx);

if (srv) goto finish;

// validate bags

srv = SEC_PKCS12DecoderValidateBags(dcx, nickname_collision);

if (srv) goto finish;

// import cert and key

srv = SEC_PKCS12DecoderImportBags(dcx);

if (srv) goto finish;

finish:

if (srv != SECSuccess) {

handleError(PIP_PKCS12_NSS_ERROR);

} else if (NS_FAILED(rv)) {

handleError(PIP_PKCS12_RESTORE_FAILED);

}

if (slot)

PK11_FreeSlot(slot);

// finish the decoder

if (dcx)

SEC_PKCS12DecoderFinish(dcx);

return NS_OK;

}


-- 
Best Regards.
Umesh.
"Dave Pinn" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
> Is there a Mozilla utility with which I can attempt to import a 
> certificate *into* my PKCS#11 module?
> _______________________________________________
> dev-tech-crypto mailing list
> dev-tech-crypto@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-crypto
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to