[PATCH 5 of 5] Add logging function for der data and add logging to NSS installation

Fri Jun 20 12:53:25 CEST 2014

# HG changeset patch
# User Andre Heinecke <andre.heinecke at intevation.de>
# Date 1403261596 -7200
# Node ID 2303caf56dbb476092efec5ffacaaeb88c00daab
# Parent  736e95c63b861acbf2c9f0efa8a656a71dcc0679
Add logging function for der data and add logging to NSS installation

diff -r 736e95c63b86 -r 2303caf56dbb cinst/mozilla.c

--- a/cinst/mozilla.c	Fri Jun 20 12:17:47 2014 +0200
+++ b/cinst/mozilla.c	Fri Jun 20 12:53:16 2014 +0200
@@ -449,6 +449,7 @@
       (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust)
        == SECSuccess))
     {
+      log_certificate_der (pdir, dercert->data, dercert->len, true);
       success = true;
     }
   else
@@ -491,6 +492,7 @@
           if (SEC_DeletePermCertificate(cert) == SECSuccess)
             {
               success = true;
+              log_certificate_der (pdir, dercert->data, dercert->len, false);
             }
           else
             {
@@ -524,7 +526,7 @@
  * formatted certificate.  The function must return true on success
  * and false on failure.
  *
- * This function is intended wor use with the import_cert and
+ * This function is intended for use with the import_cert and
  * remove_cert functions.
  *
  * @param[in] fn the function to apply
diff -r 736e95c63b86 -r 2303caf56dbb common/logging.c
--- a/common/logging.c	Fri Jun 20 12:17:47 2014 +0200
+++ b/common/logging.c	Fri Jun 20 12:53:16 2014 +0200
@@ -162,14 +162,9 @@
 void
 log_certificate(const char* store, char *b64cert, bool install)
 {
-  char subject[MAX_LOG + 1],
-       *der_data = NULL;
+  char *der_data = NULL;
   size_t der_size = 0;
-  int ret = 0,
-      i = 0;
-  x509_crt chain;
-  unsigned char sha256sum[32];
-  char fingerprint[32 * 3 + 1];
+  int ret = 0;
 
   ret = str_base64_decode (&der_data, &der_size, b64cert, strlen(b64cert));
 
@@ -179,12 +174,26 @@
       return;
     }
 
+  log_certificate_der (store, (unsigned char *) der_data, der_size, install);
+
+  xfree (der_data);
+}
+
+void
+log_certificate_der(const char *store, unsigned char *der_data, size_t der_size, bool install)
+{
+  char subject[MAX_LOG + 1];
+  int ret = 0,
+      i = 0;
+  x509_crt chain;
+  unsigned char sha256sum[32];
+  char fingerprint[32 * 3 + 1];
+
   x509_crt_init(&chain);
   if (x509_crt_parse_der(&chain, (const unsigned char *)der_data,
                          der_size) != 0)
     {
       ERRORPRINTF("Failed to parse cert..");
-      xfree (der_data);
       return;
     }
 
@@ -193,7 +202,6 @@
   if (ret == -1)
     {
       ERRORPRINTF("Failed to parse subject..");
-      xfree (der_data);
       return;
     }
   subject[MAX_LOG] = '\0';
@@ -202,9 +210,9 @@
 
   for (i = 0; i < 31; i++)
     {
-      snprintf (fingerprint + i * 3, 3, "%02X:", sha256sum[i]);
+      snprintf (fingerprint + (i * 3), 4, "%02X:", sha256sum[i]);
     }
-  snprintf (fingerprint + 31 * 3, 2, "%02X", sha256sum[31]);
+  snprintf (fingerprint + (31 * 3), 3, "%02X", sha256sum[31]);
 
   fingerprint[32*3] = '\0';
 
@@ -227,12 +235,11 @@
     }
 #else
   /* Please keep the following line in line with message from events.mc */
-  linux_log ("%s of root certificate: %s\nSha256 thumbprint:<%s>.\nCertificate store \"%s\"",
-             install ? "Installation" : "Removal",
-             subject, fingerprint, store);
+  syslog_info_printf ("%s of root certificate: %s Sha256 thumbprint:<%s>. Certificate store \"%s\"",
+                      install ? "Installation" : "Removal",
+                      subject, fingerprint, store);
 #endif
   x509_crt_free (&chain);
-  xfree (der_data);
 }
 
 void
diff -r 736e95c63b86 -r 2303caf56dbb common/logging.h
--- a/common/logging.h	Fri Jun 20 12:17:47 2014 +0200
+++ b/common/logging.h	Fri Jun 20 12:53:16 2014 +0200
@@ -136,7 +136,7 @@
 void syslog_error_printf(const char *format, ...);
 
  /**
- * @brief log a certificate install / remove event.
+ * @brief log a certificate install / remove event from base64 data.
  *
  * Logs a message in the event / syslog to mark a certificate
  * installation or removal.
@@ -146,6 +146,19 @@
  * @param[in] install weather to log this as installation or removal
  */
 void log_certificate(const char *store, char *b64cert, bool install);
+ 
+/**
+ * @brief log a certificate install / remove event from der data.
+ *
+ * Logs a message in the event / syslog to mark a certificate
+ * installation or removal.
+ *
+ * @param[in] store name of the certificate store.
+ * @param[in] der_data pointer to der data of the certificate.
+ * @param[in] der_size size of the der_data
+ * @param[in] install weather to log this as installation or removal
+ */
+void log_certificate_der(const char *store, unsigned char *der_data, size_t der_size, bool install);
 
 #ifdef __cplusplus
 }
