From a3bc83d330c3ef6d9aaed9f118bd5afbcb32b93b Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Jul 19 2017 07:43:28 +0000 Subject: Add pkcs11-switch from RHEL --- diff --git a/opensc.spec b/opensc.spec index 1fcd92d..0712802 100644 --- a/opensc.spec +++ b/opensc.spec @@ -14,6 +14,7 @@ License: LGPLv2+ URL: https://github.com/OpenSC/OpenSC/wiki Source0: https://github.com/OpenSC/OpenSC/archive/%{commit0}.tar.gz#/%{name}-%{version}-git%{shortcommit0}.tar.gz Source1: opensc.module +Source2: pkcs11-switch.sh Patch0: opensc-prkey-fixup.patch BuildRequires: pcsc-lite-devel @@ -66,6 +67,7 @@ make install DESTDIR=$RPM_BUILD_ROOT rm -f $RPM_BUILD_ROOT%{_sysconfdir}/opensc.conf install -Dpm 644 etc/opensc.conf $RPM_BUILD_ROOT%{_sysconfdir}/opensc-%{_arch}.conf install -Dpm 644 %{SOURCE1} $RPM_BUILD_ROOT%{_datadir}/p11-kit/modules/opensc.module +install -Dpm 755 %{SOURCE2} $RPM_BUILD_ROOT%{_bindir}/pkcs11-switch # use NEWS file timestamp as reference for configuration file touch -r NEWS $RPM_BUILD_ROOT%{_sysconfdir}/opensc-%{_arch}.conf @@ -118,6 +120,7 @@ fi %{_bindir}/opensc-tool %{_bindir}/piv-tool %{_bindir}/pkcs11-tool +%{_bindir}/pkcs11-switch %{_bindir}/pkcs15-crypt %{_bindir}/pkcs15-init %{_bindir}/pkcs15-tool diff --git a/pkcs11-switch.sh b/pkcs11-switch.sh new file mode 100755 index 0000000..f29565c --- /dev/null +++ b/pkcs11-switch.sh @@ -0,0 +1,77 @@ +#!/bin/sh + +# Paths, names and functions definitions +NSSDB="/etc/pki/nssdb/" +COOLKEY_NAME="CoolKey PKCS #11 Module" +COOLKEY_LIBRARY="libcoolkeypk11.so" +OPENSC_NAME="OpenSC PKCS #11 Module" +OPENSC_LIBRARY="opensc-pkcs11.so" + +add_module() { + NAME="$1" + LIBRARY="$2" + modutil -add "$NAME" -dbdir "$NSSDB" -libfile "$LIBRARY" +} +remove_module() { + NAME="$1" + modutil -delete "$NAME" -dbdir "$NSSDB" -force +} + +# Parse arguments. If wrong, print usage +TARGET="$1" +if [ "$TARGET" = "" ]; then + # Print currently installed module + PRINT_CURRENT="1" +elif [ "$TARGET" = "opensc" ] || [ "$TARGET" = "coolkey" ]; then + : # Correct arguments +else + echo "Simple tool to switch between OpenSC and Coolkey PKCS#11 modules in main NSS DB." + echo "Usage: $0 [coolkey|opensc]" + echo " [coolkey|opensc] says which of the modules should be used." + echo " The other one will be removed from database." + echo + echo " If there is no argument specified, prints the current module in NSS DB" + exit 255 +fi + +if [ ! -x /usr/bin/modutil ]; then + echo "The modutil is not installed. Please install package nss-util" + exit 255 +fi + +# Find the current library in NSS DB +CURRENT="" # none +LIBS=$(modutil -rawlist -dbdir "$NSSDB" | grep "^library=") +if echo "$LIBS" | grep "$COOLKEY_NAME" > /dev/null; then + CURRENT="coolkey" +fi +if echo "$LIBS" | grep "$OPENSC_NAME" > /dev/null; then + if [ -n "$CURRENT" ]; then + CURRENT="opensc coolkey" + echo "There are both modules in NSS DB, which is not recommended." + echo "I will remove the other." + else + CURRENT="opensc" + fi +fi + +if [ "$PRINT_CURRENT" = "1" ]; then + echo "$CURRENT" + exit 0 +fi + +# Do we need to change something? +if [ "$CURRENT" = "$TARGET" ]; then + echo "The requested module is already in the NSS DB" + exit 0 +fi + +# Do the actual change +if [ "$TARGET" = "opensc" ]; then + add_module "$OPENSC_NAME" "$OPENSC_LIBRARY" + remove_module "$COOLKEY_NAME" +fi +if [ "$TARGET" = "coolkey" ]; then + add_module "$COOLKEY_NAME" "$COOLKEY_LIBRARY" + remove_module "$OPENSC_NAME" +fi