diff options
author | jpierre%netscape.com <devnull@localhost> | 2002-08-07 03:53:07 +0000 |
---|---|---|
committer | jpierre%netscape.com <devnull@localhost> | 2002-08-07 03:53:07 +0000 |
commit | 245a4875a2cf5644fe279f5d5ea82751af4bf227 (patch) | |
tree | 728e7122fa6ebbf6b30e3c717f7bc814cc8cbda3 | |
parent | f12aa3d9e3e470439fb8930ec99d2623d69d61df (diff) | |
download | nss-hg-245a4875a2cf5644fe279f5d5ea82751af4bf227.tar.gz |
Fix for 157649 - allow crlutil to do partial decoding so it can be used as a test program
-rw-r--r-- | security/nss/cmd/crlutil/crlutil.c | 45 |
1 files changed, 32 insertions, 13 deletions
diff --git a/security/nss/cmd/crlutil/crlutil.c b/security/nss/cmd/crlutil/crlutil.c index ef64fcd7a..b3b2698dd 100644 --- a/security/nss/cmd/crlutil/crlutil.c +++ b/security/nss/cmd/crlutil/crlutil.c @@ -173,13 +173,15 @@ static SECStatus DeleteCRL (CERTCertDBHandle *certHandle, char *name, int type) } SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type, - PRFileDesc *inFile, PRBool bypassChecks) + PRFileDesc *inFile, PRInt32 importOptions, PRInt32 decodeOptions) { CERTCertificate *cert = NULL; CERTSignedCrl *crl = NULL; SECItem crlDER; + PK11SlotInfo* slot = NULL; int rv; - PRInt32 importOptions; + PRIntervalTime starttime, endtime, elapsed; + PRUint32 mins, secs, msecs; crlDER.data = NULL; @@ -190,26 +192,35 @@ SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type, SECU_PrintError(progName, "unable to read input file"); return (SECFailure); } + + decodeOptions |= CRL_DECODE_DONT_COPY_DER; + + slot = PK11_GetInternalKeySlot(); - importOptions = CRL_IMPORT_DEFAULT_OPTIONS; - if (PR_TRUE == bypassChecks) { - importOptions |= CRL_IMPORT_BYPASS_CHECKS; - } - crl = PK11_ImportCRL(PK11_GetInternalKeySlot(), &crlDER, url, type, - NULL, importOptions, NULL, CRL_DECODE_DONT_COPY_DER); + starttime = PR_IntervalNow(); + crl = PK11_ImportCRL(slot, &crlDER, url, type, + NULL, importOptions, NULL, decodeOptions); + endtime = PR_IntervalNow(); + elapsed = endtime - starttime; + mins = PR_IntervalToSeconds(elapsed) / 60; + secs = PR_IntervalToSeconds(elapsed) % 60; + msecs = PR_IntervalToMilliseconds(elapsed) % 1000; + printf("Elapsed : %2d:%2d.%3d\n", mins, secs, msecs); if (!crl) { const char *errString; errString = SECU_Strerror(PORT_GetError()); if ( errString && PORT_Strlen (errString) == 0) SECU_PrintError - (progName, "CRL is not import (error: input CRL is not up to date.)"); + (progName, "CRL is not imported (error: input CRL is not up to date.)"); else SECU_PrintError (progName, "unable to import CRL"); } - PORT_Free (crlDER.data); SEC_DestroyCrl (crl); + if (slot) { + PK11_FreeSlot(slot); + } return (rv); } @@ -243,6 +254,7 @@ static void Usage(char *progName) fprintf(stderr, "%-20s \t 0 - SEC_KRL_TYPE\n", " "); fprintf(stderr, "%-20s \t 1 - SEC_CRL_TYPE\n", " "); fprintf(stderr, "\n%-20s Bypass CA certificate checks.\n", "-B"); + fprintf(stderr, "\n%-20s Partial decode for faster operation.\n", "-P"); exit(-1); } @@ -264,6 +276,8 @@ int main(int argc, char **argv) PLOptStatus status; SECStatus secstatus; PRBool bypassChecks = PR_FALSE; + PRInt32 decodeOptions = CRL_DECODE_DEFAULT_OPTIONS; + PRInt32 importOptions = CRL_IMPORT_DEFAULT_OPTIONS; progName = strrchr(argv[0], '/'); progName = progName ? progName+1 : argv[0]; @@ -279,15 +293,19 @@ int main(int argc, char **argv) /* * Parse command line arguments */ - optstate = PL_CreateOptState(argc, argv, "BIALd:i:Dn:Ct:u:"); + optstate = PL_CreateOptState(argc, argv, "PBIALd:i:Dn:Ct:u:"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': Usage(progName); break; + case 'P': + decodeOptions |= CRL_DECODE_SKIP_ENTRIES; + break; + case 'B': - bypassChecks = PR_TRUE; + importOptions |= CRL_IMPORT_BYPASS_CHECKS; break; case 'C': @@ -364,7 +382,8 @@ int main(int argc, char **argv) else if (listCRL) ListCRL (certHandle, nickName, crlType); else if (importCRL) - rv = ImportCRL (certHandle, url, crlType, inFile, bypassChecks); + rv = ImportCRL (certHandle, url, crlType, inFile, importOptions, + decodeOptions); return (rv); } |