Fix for 157649 - allow crlutil to do partial decoding so it can be used as a test program

1 files changed, 32 insertions, 13 deletions

diff --git a/security/nss/cmd/crlutil/crlutil.c b/security/nss/cmd/crlutil/crlutil.c
index ef64fcd7a..b3b2698dd 100644
--- a/security/nss/cmd/crlutil/crlutil.c
+++ b/security/nss/cmd/crlutil/crlutil.c
@@ -173,13 +173,15 @@ static SECStatus DeleteCRL (CERTCertDBHandle *certHandle, char *name, int type)
 }
 
 SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type, 
-                     PRFileDesc *inFile, PRBool bypassChecks)
+                     PRFileDesc *inFile, PRInt32 importOptions, PRInt32 decodeOptions)
 {
     CERTCertificate *cert = NULL;
     CERTSignedCrl *crl = NULL;
     SECItem crlDER;
+    PK11SlotInfo* slot = NULL;
     int rv;
-    PRInt32 importOptions;
+    PRIntervalTime starttime, endtime, elapsed;
+    PRUint32 mins, secs, msecs;
 
     crlDER.data = NULL;
 
@@ -190,26 +192,35 @@ SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type,
 	SECU_PrintError(progName, "unable to read input file");
 	return (SECFailure);
     }
+
+    decodeOptions |= CRL_DECODE_DONT_COPY_DER;
+
+    slot = PK11_GetInternalKeySlot();
  
-    importOptions = CRL_IMPORT_DEFAULT_OPTIONS;
-    if (PR_TRUE == bypassChecks) {
-        importOptions |= CRL_IMPORT_BYPASS_CHECKS;
-    }
-    crl = PK11_ImportCRL(PK11_GetInternalKeySlot(), &crlDER, url, type,
-          NULL, importOptions, NULL, CRL_DECODE_DONT_COPY_DER);
+    starttime = PR_IntervalNow();
+    crl = PK11_ImportCRL(slot, &crlDER, url, type,
+          NULL, importOptions, NULL, decodeOptions);
+    endtime = PR_IntervalNow();
+    elapsed = endtime - starttime;
+    mins = PR_IntervalToSeconds(elapsed) / 60;
+    secs = PR_IntervalToSeconds(elapsed) % 60;
+    msecs = PR_IntervalToMilliseconds(elapsed) % 1000;
+    printf("Elapsed : %2d:%2d.%3d\n", mins, secs, msecs);
     if (!crl) {
 	const char *errString;
 
 	errString = SECU_Strerror(PORT_GetError());
 	if ( errString && PORT_Strlen (errString) == 0)
 	    SECU_PrintError
-		    (progName, "CRL is not import (error: input CRL is not up to date.)");
+		    (progName, "CRL is not imported (error: input CRL is not up to date.)");
 	else    
 	    SECU_PrintError
 		    (progName, "unable to import CRL");
     }
-    PORT_Free (crlDER.data);
     SEC_DestroyCrl (crl);
+    if (slot) {
+        PK11_FreeSlot(slot);
+    }
     return (rv);
 }
 	    
@@ -243,6 +254,7 @@ static void Usage(char *progName)
     fprintf(stderr, "%-20s \t 0 - SEC_KRL_TYPE\n", " ");
     fprintf(stderr, "%-20s \t 1 - SEC_CRL_TYPE\n", " ");        
     fprintf(stderr, "\n%-20s Bypass CA certificate checks.\n", "-B");
+    fprintf(stderr, "\n%-20s Partial decode for faster operation.\n", "-P");
 
     exit(-1);
 }
@@ -264,6 +276,8 @@ int main(int argc, char **argv)
     PLOptStatus status;
     SECStatus secstatus;
     PRBool bypassChecks = PR_FALSE;
+    PRInt32 decodeOptions = CRL_DECODE_DEFAULT_OPTIONS;
+    PRInt32 importOptions = CRL_IMPORT_DEFAULT_OPTIONS;
 
     progName = strrchr(argv[0], '/');
     progName = progName ? progName+1 : argv[0];
@@ -279,15 +293,19 @@ int main(int argc, char **argv)
     /*
      * Parse command line arguments
      */
-    optstate = PL_CreateOptState(argc, argv, "BIALd:i:Dn:Ct:u:");
+    optstate = PL_CreateOptState(argc, argv, "PBIALd:i:Dn:Ct:u:");
     while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	switch (optstate->option) {
 	  case '?':
 	    Usage(progName);
 	    break;
 
+          case 'P':
+            decodeOptions |= CRL_DECODE_SKIP_ENTRIES;
+            break;
+
 	  case 'B':
-            bypassChecks = PR_TRUE;
+            importOptions |= CRL_IMPORT_BYPASS_CHECKS;
             break;
 
 	  case 'C':
@@ -364,7 +382,8 @@ int main(int argc, char **argv)
     else if (listCRL)
 	ListCRL (certHandle, nickName, crlType);
     else if (importCRL) 
-	rv = ImportCRL (certHandle, url, crlType, inFile, bypassChecks);
+	rv = ImportCRL (certHandle, url, crlType, inFile, importOptions,
+                        decodeOptions);
     
     return (rv);
 }