diff options
| author | cvs2hg <devnull@localhost> | 2000-05-21 13:32:05 +0000 |
|---|---|---|
| committer | cvs2hg <devnull@localhost> | 2000-05-21 13:32:05 +0000 |
| commit | 77ed19937bdf40bb4ed391bf418d028b2498f169 (patch) | |
| tree | bc9166bb9a479dbc4bb30ecd571842c9278eb72a /security/nss/cmd/certcgi | |
| parent | dcbfda8c9303c682e1fa4a21ecc4ed36d9ff811e (diff) | |
| download | nss-hg-77ed19937bdf40bb4ed391bf418d028b2498f169.tar.gz | |
fixup commit for tag 'EMBEDDING_06192000_BASE'EMBEDDING_06192000_BASE
Diffstat (limited to 'security/nss/cmd/certcgi')
| -rw-r--r-- | security/nss/cmd/certcgi/Makefile | 76 | ||||
| -rw-r--r-- | security/nss/cmd/certcgi/ca.html | 48 | ||||
| -rw-r--r-- | security/nss/cmd/certcgi/ca_form.html | 385 | ||||
| -rw-r--r-- | security/nss/cmd/certcgi/certcgi.c | 2460 | ||||
| -rw-r--r-- | security/nss/cmd/certcgi/index.html | 956 | ||||
| -rw-r--r-- | security/nss/cmd/certcgi/main.html | 105 | ||||
| -rw-r--r-- | security/nss/cmd/certcgi/manifest.mn | 48 | ||||
| -rw-r--r-- | security/nss/cmd/certcgi/nscp_ext_form.html | 113 | ||||
| -rw-r--r-- | security/nss/cmd/certcgi/stnd_ext_form.html | 247 |
9 files changed, 0 insertions, 4438 deletions
diff --git a/security/nss/cmd/certcgi/Makefile b/security/nss/cmd/certcgi/Makefile deleted file mode 100644 index 573c12cac..000000000 --- a/security/nss/cmd/certcgi/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - -include ../platrules.mk - diff --git a/security/nss/cmd/certcgi/ca.html b/security/nss/cmd/certcgi/ca.html deleted file mode 100644 index b9ffd8238..000000000 --- a/security/nss/cmd/certcgi/ca.html +++ /dev/null @@ -1,48 +0,0 @@ -<!-- - - The contents of this file are subject to the Mozilla Public - - License Version 1.1 (the "License"); you may not use this file - - except in compliance with the License. You may obtain a copy of - - the License at http://www.mozilla.org/MPL/ - - - - Software distributed under the License is distributed on an "AS - - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - - implied. See the License for the specific language governing - - rights and limitations under the License. - - - - The Original Code is the Netscape security libraries. - - - - The Initial Developer of the Original Code is Netscape - - Communications Corporation. Portions created by Netscape are - - Copyright (C) 1994-2000 Netscape Communications Corporation. All - - Rights Reserved. - - - - Contributor(s): - - - - Alternatively, the contents of this file may be used under the - - terms of the GNU General Public License Version 2 or later (the - - "GPL"), in which case the provisions of the GPL are applicable - - instead of those above. If you wish to allow use of your - - version of this file only under the terms of the GPL and not to - - allow others to use your version of this file under the MPL, - - indicate your decision by deleting the provisions above and - - replace them with the notice and other provisions required by - - the GPL. If you do not delete the provisions above, a recipient - - may use your version of this file under either the MPL or the - - GPL. - --> - -<form method="post" name="ca_form" action="mailto:jerdonek@netscape.com"> -<input type="radio" name="caChoiceradio" value="SignWithDefaultkey" - onClick="{parent.choice_change(this.form)}"> - Use the Cert-O-matic certificate to issue the cert</p> -<input type="radio" name="caChoiceradio" value="SignWithRandomChain" - onClick="{parent.choice_change(this.form)}"> Use a - <input type="text" size="2" maxsize="2" name="autoCAs"> CA long - automatically generated chain ending with the Cert-O-Matic Cert - (18 maximum)</p> -<input type="radio" name="caChoiceradio" value="SignWithSpecifiedChain" - onClick="{parent.choice_change(this.form)}"> Use a - <input type="text" size="1" maxlength="1" name="manCAs" - onChange="{parent.ca_num_change(this.value,this.form)}"> CA long - user input chain ending in the Cert-O-Matic Cert.</p> -</form> diff --git a/security/nss/cmd/certcgi/ca_form.html b/security/nss/cmd/certcgi/ca_form.html deleted file mode 100644 index 6858903a6..000000000 --- a/security/nss/cmd/certcgi/ca_form.html +++ /dev/null @@ -1,385 +0,0 @@ -<html> -<!-- - - The contents of this file are subject to the Mozilla Public - - License Version 1.1 (the "License"); you may not use this file - - except in compliance with the License. You may obtain a copy of - - the License at http://www.mozilla.org/MPL/ - - - - Software distributed under the License is distributed on an "AS - - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - - implied. See the License for the specific language governing - - rights and limitations under the License. - - - - The Original Code is the Netscape security libraries. - - - - The Initial Developer of the Original Code is Netscape - - Communications Corporation. Portions created by Netscape are - - Copyright (C) 1994-2000 Netscape Communications Corporation. All - - Rights Reserved. - - - - Contributor(s): - - - - Alternatively, the contents of this file may be used under the - - terms of the GNU General Public License Version 2 or later (the - - "GPL"), in which case the provisions of the GPL are applicable - - instead of those above. If you wish to allow use of your - - version of this file only under the terms of the GPL and not to - - allow others to use your version of this file under the MPL, - - indicate your decision by deleting the provisions above and - - replace them with the notice and other provisions required by - - the GPL. If you do not delete the provisions above, a recipient - - may use your version of this file under either the MPL or the - - GPL. - --> - <form method="post" name="primary_form" action="http://troll.mcom.com/jsw/cgi-bin/echoform.cgi"> - <table border=0 cellspacing=10 cellpadding=0> - <tr> - <td> - Common Name:</td><td> <input type="text" name="name" onChange="{window.top.reset_subject('CN=', value, form)}"></p> - </td> - <td></td><td></td><td> - Mail: </td><td><input type="text" name="email" onChange="var temp;{if (email_type[0].checked) {temp = 'MAIL='} else {temp = 'E='}} ;{window.top.reset_subject(temp, value, form)}"></p> - RFC 1274<input type="radio" name="email_type" value="1" onClick="window.top.switch_mail(form)"> - e-mail<input type="radio" name="email_type" value="2" checked onClick="window.top.switch_mail(form)"></td> - <tr> - <td> - Organization: </td><td> <input type="text" name="org" onChange="{window.top.reset_subject('O=', value, form)}"></p></td> - <td></td><td></td><td> - Organizational Unit: </td><td><input type="text" name="org_unit" onChange="{window.top.reset_subject('OU=', value, form)}"></p></td> - <tr> - <td> - RFC 1274 UID: </td><td><input type="text" name="uid" onChange="{window.top.reset_subject('UID=', value, form)}"></p></td> - <td></td><td></td><td> - Locality: </td><td><input type="text" name="loc" onChange="{window.top.reset_subject('L=', value, form)}"></p></td> - <tr> - <td> - State or Province: </td><td><input type="text" name="state" onChange="{window.top.reset_subject('ST=', value, form)}"></p></td> - <td></td><td></td><td> - Country: </td><td><input type="text" size="2" maxsize="2" name="country" onChange="{window.top.reset_subject('C=', value, form)}"></p></td> - </table> - <table border=0 cellspacing=10 cellpadding=0> - <tr> - <td> - Serial Number:</p> - <DD> - <input type="radio" name="serial" value="auto" checked> Auto Generate</P> - <DD> - <input type="radio" name="serial" value="input"> - Use this value: <input type="text" name="serial_value" size="8" maxlength="8"></p> - </td> - <td></td><td></td><td></td><td></td> - <td> - X.509 version:</p> - <DD> - <input type="radio" name="ver" value="1" checked> Version 1</p> - <DD> - <input type="radio" name="ver" value="3"> Version 3</P></td> - <td></td><td></td><td></td><td></td><td></td><td></td><td></td><td></td><td></td> - <td> - Key Type:</p> - <DD> - <input type="radio" name="keyType" value="rsa" checked> RSA</p> - <DD> - <input type="radio" name="keyType" value="dsa"> DSA</P></td> - </table> - DN: <input type="text" name="subject" size="70" onChange="{window.top.reset_subjectFields(form)}"></P> - <Select name="keysize"> - <option>1024 (High Grade) - <option>768 (Medium Grade) - <option>512 (Low Grade) - </select> - </p> - <hr> - </p> - <table border=1 cellspacing=5 cellpadding=5> - <tr> - <td> - <b>Netscape Certificate Type: </b></p> - Activate extension: <input type="checkbox" name="netscape-cert-type"></P> - Critical: <input type="checkbox" name="netscape-cert-type-crit"> - <td> - <input type="checkbox" name="netscape-cert-type-ssl-client"> SSL Client</P> - <input type="checkbox" name="netscape-cert-type-ssl-server"> SSL Server</P> - <input type="checkbox" name="netscape-cert-type-smime"> S/MIME</P> - <input type="checkbox" name="netscape-cert-type-object-signing"> Object Signing</P> - <input type="checkbox" name="netscape-cert-type-reserved"> Reserved for future use (bit 4)</P> - <input type="checkbox" name="netscape-cert-type-ssl-ca"> SSL CA</P> - <input type="checkbox" name="netscape-cert-type-smime-ca"> S/MIME CA</P> - <input type="checkbox" name="netscape-cert-type-object-signing-ca"> Object Signing CA</P> - </tr> - <tr> - <td> - <b>Netscape Base URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-base-url"></P> - Critical: <input type="checkbox" name="netscape-base-url-crit"> - <td> - <input type="text" name="netscape-base-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape Revocation URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-revocation-url"></P> - Critical: <input type="checkbox" name="netscape-revocation-url-crit"> - <td> - <input type="text" name="netscape-revocation-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape CA Revocation URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-ca-revocation-url"></P> - Critical: <input type="checkbox" name="netscape-ca-revocation-url-crit"> - <td> - <input type="text" name="netscape-ca-revocation-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape Certificate Renewal URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-cert-renewal-url"></P> - Critical: <input type="checkbox" name="netscape-cert-renewal-url-crit"> - <td> - <input type="text" name="netscape-cert-renewal-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape CA Policy URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-ca-policy-url"></P> - Critical: <input type="checkbox" name="netscape-ca-policy-url-crit"> - <td> - <input type="text" name="netscape-ca-policy-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape SSL Server Name:</b></p> - Activate extension: <input type="checkbox" name="netscape-ssl-server-name"></P> - Critical: <input type="checkbox" name="netscape-ssl-server-name-crit"> - <td> - <input type="text" name="netscape-ssl-server-name-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape Comment:</b></p> - Activate extension: <input type="checkbox" name="netscape-comment"></P> - Critical: <input type="checkbox" name="netscape-comment-crit"> - <td> - <textarea name="netscape-comment-text" rows="5" cols="50"></textarea> - </tr> - </table> - </p> - <hr> - </p> - <table border=1 cellspacing=5 cellpadding=5> - <form method="post" name="primary_form" action="http://troll.mcom.com/jsw/cgi-bin/echoform.cgi"> - <tr> - <td> - <b>Key Usage: </b></p> - Activate extension: <input type="checkbox" name="keyUsage"></P> - Critical: <input type="checkbox" name="keyUsage-crit"> - <td> - <input type="checkbox" name="keyUsage-digitalSignature"> Digital Signature</P> - <input type="checkbox" name="keyUsage-nonRepudiation"> Non Repudiation</P> - <input type="checkbox" name="keyUsage-keyEncipherment"> Key Encipherment</P> - <input type="checkbox" name="keyUsage-dataEncipherment"> Data Encipherment</P> - <input type="checkbox" name="keyUsage-keyAgreement"> Key Agreement</P> - <input type="checkbox" name="keyUsage-keyCertSign"> Key Certificate Signing</P> - <input type="checkbox" name="keyUsage-cRLSign"> CRL Signing</P> - </tr> - <tr> - <td> - <b>Extended Key Usage: </b></p> - Activate extension: <input type="checkbox" name="extKeyUsage"></P> - Critical: <input type="checkbox" name="extKeyUsage-crit"> - <td> - <input type="checkbox" name="extKeyUsage-serverAuth"> Server Auth</P> - <input type="checkbox" name="extKeyUsage-clientAuth"> Client Auth</P> - <input type="checkbox" name="extKeyUsage-codeSign"> Code Signing</P> - <input type="checkbox" name="extKeyUsage-emailProtect"> Email Protection</P> - <input type="checkbox" name="extKeyUsage-timeStamp"> Timestamp</P> - <input type="checkbox" name="extKeyUsage-ocspResponder"> OCSP Responder</P> - <input type="checkbox" name="extKeyUsage-NS-govtApproved"> Step-up</P> - </tr> - <tr> - <td> - <b>Basic Constraints:</b></p> - Activate extension: <input type="checkbox" name="basicConstraints"></P> - Critical: <input type="checkbox" name="basicConstraints-crit"> - <td> - CA:</p> - <dd><input type=radio name="basicConstraints-cA-radio" value="CA"> True</p> - <dd><input type=radio name="basicConstraints-cA-radio" value="NotCA"> False</p> - <input type="checkbox" name="basicConstraints-pathLengthConstraint"> - Include Path length: <input type="text" name="basicConstraints-pathLengthConstraint-text" size="2"></p> - </tr> - <tr> - <td> - <b>Authority Key Identifier:</b></p> - Activate extension: <input type="checkbox" name="authorityKeyIdentifier"> - <td> - <input type="radio" name="authorityKeyIdentifier-radio" value="keyIdentifier"> Key Identider</p> - <input type="radio" name="authorityKeyIdentifier-radio" value="authorityCertIssuer"> Issuer Name and Serial number</p> - </tr> - <tr> - <td> - <b>Subject Key Identifier:</b></p> - Activate extension: <input type="checkbox" name="subjectKeyIdentifier"> - <td> - Key Identifier: - <input type="text" name="subjectKeyIdentifier-text"></p> - This is an:<p> - <dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="ascii"> ascii text value<p> - <dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="hex"> hex value<p> - </tr> - <tr> - <td> - <b>Private Key Usage Period:</b></p> - Activate extension: <input type="checkbox" name="privKeyUsagePeriod"></p> - Critical: <input type="checkbox" name="privKeyUsagePeriod-crit"> - <td> - Use:</p> - <dd><input type="radio" name="privKeyUsagePeriod-radio" value="notBefore"> Not Before</p> - <dd><input type="radio" name="privKeyUsagePeriod-radio" value="notAfter"> Not After</p> - <dd><input type="radio" name="privKeyUsagePeriod-radio" value="both" > Both</p> - <b>Not to be used to sign before:</b></p> - <dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="auto"> Set to time of certificate issue</p> - <dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="manual"> Use This value</p> - <dd><dd>(YYYY/MM/DD HH:MM:SS): - <input type="text" name="privKeyUsagePeriod-notBefore-year" size="4" maxlength="4">/ - <input type="text" name="privKeyUsagePeriod-notBefore-month" size="2" maxlength="2">/ - <input type="text" name="privKeyUsagePeriod-notBefore-day" size="2" maxlength="2"> - <input type="text" name="privKeyUsagePeriod-notBefore-hour" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notBefore-minute" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notBefore-second" size="2" maxlength="2"></p> - <b>Not to be used to sign after:</b></p> - <dd>(YYYY/MM/DD HH:MM:SS): - <input type="text" name="privKeyUsagePeriod-notAfter-year" size="4" maxlength="4">/ - <input type="text" name="privKeyUsagePeriod-notAfter-month" size="2" maxlength="2">/ - <input type="text" name="privKeyUsagePeriod-notAfter-day" size="2" maxlength="2"> - <input type="text" name="privKeyUsagePeriod-notAfter-hour" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notAfter-minute" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notAfter-second" size="2" maxlength="2"></p> - </tr> - <tr> - <td> - <b>Subject Alternative Name:</b></p> - Activate extension: <input type="checkbox" name="SubAltName"></P> - Critical: <input type="checkbox" name="SubAltName-crit"> - <td> - <table> - <tr> - <td> - General Names:</p> - <select name="SubAltNameSelect" multiple size="10"> - </select></p></p> - <input type="button" name="SubAltName-add" value="Add" onClick="{parent.addSubAltName(this.form)}"> - <input type="button" name="SubAltName-delete" value="Delete" onClick="parent.deleteSubAltName(this.form)"> - </td><td> - <table><tr><td> - Name Type: </td></tr><tr><td> - <input type="radio" name="SubAltNameRadio" value="otherName" onClick="parent.setSubAltNameType(form)"> Other Name, - OID: <input type="text" name="SubAltNameOtherNameOID" size="6"> </td><td> - <input type="radio" name="SubAltNameRadio" value="rfc822Name" onClick="parent.setSubAltNameType(form)"> RFC 822 Name</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="dnsName" onClick="parent.setSubAltNameType(form)"> DNS Name </td><td> - <input type="radio" name="SubAltNameRadio" value="x400" onClick="parent.setSubAltNameType(form)"> X400 Address</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="directoryName" onClick="parent.setSubAltNameType(form)"> Directory Name</td><td> - <input type="radio" name="SubAltNameRadio" value="ediPartyName" onClick="parent.setSubAltNameType(form)"> EDI Party Name</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="URL" onClick="parent.setSubAltNameType(form)"> Uniform Resource Locator</td><td> - <input type="radio" name="SubAltNameRadio" value="ipAddress" onClick="parent.setSubAltNameType(form)"> IP Address</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="regID"onClick="parent.setSubAltNameType(form)"> Registered ID</td><td> - <input type="radio" name="SubAltNameRadio" value="nscpNickname" onClick="parent.setSubAltNameType(form)"> Netscape Certificate Nickname</td><td></tr> - </table> - Name: <input type="text" name="SubAltNameText"> - Binary Encoded: <input type="checkbox" name="SubAltNameDataType" value="binary" onClick="parent.setSubAltNameType(form)"></p> - </tr> - </table> - </tr> - - - <tr> - <td> - <b>Issuer Alternative Name:</b></p> - Activate extension: <input type="checkbox" name="IssuerAltName"></P> - Critical: <input type="checkbox" name="IssuerAltName-crit"> - <td> - <input type="radio" name="IssuerAltNameSourceRadio" value="auto"> Use the Subject Alternative Name from the Issuers Certificate</p> - <input type="radio" name="IssuerAltNameSourceRadio" value="man"> Use this Name: - <table> - <tr> - <td> - General Names:</p> - <select name="IssuerAltNameSelect" multiple size="10"> - </select></p></p> - <input type="button" name="IssuerAltName-add" value="Add" onClick="{parent.addIssuerAltName(this.form)}"> - <input type="button" name="IssuerAltName-delete" value="Delete" onClick="parent.deleteIssuerAltName(this.form)"> - </td><td> - <table><tr><td> - Name Type: </td></tr><tr><td> - <input type="radio" name="IssuerAltNameRadio" value="otherName" onClick="parent.setIssuerAltNameType(form)"> Other Name, - OID: <input type="text" name="IssuerAltNameOtherNameOID" size="6"> </td><td> - <input type="radio" name="IssuerAltNameRadio" value="rfc822Name" onClick="parent.setIssuerAltNameType(form)"> RFC 822 Name</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="dnsName" onClick="parent.setIssuerAltNameType(form)"> DNS Name </td><td> - <input type="radio" name="IssuerAltNameRadio" value="x400" onClick="parent.setIssuerAltNameType(form)"> X400 Address</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="directoryName" onClick="parent.setIssuerAltNameType(form)"> Directory Name</td><td> - <input type="radio" name="IssuerAltNameRadio" value="ediPartyName" onClick="parent.setIssuerAltNameType(form)"> EDI Party Name</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="URL" onClick="parent.setIssuerAltNameType(form)"> Uniform Resource Locator</td><td> - <input type="radio" name="IssuerAltNameRadio" value="ipAddress" onClick="parent.setIssuerAltNameType(form)"> IP Address</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="regID" onClick="parent.setIssuerAltNameType(form)"> Registered ID</td><td></tr> - </table> - Name: <input type="text" name="IssuerAltNameText"> - Binary Encoded: <input type="checkbox" name="IssuerAltNameDataType" value="binary" onClick="parent.setIssuerAltNameType(form)"></p> - </tr> - </table> - </tr> - - <tr> - <td> - <b>Name Constraints:</b></p> - Activate extension: <input type="checkbox" name="NameConstraints"></P> - <td> - <table> - <tr> - <td> - Name Constraints:</p> - - - <select name="NameConstraintSelect" multiple size="10"> - </select></p></p> - <input type="button" name="NameConstraint-add" value="Add" onClick="{parent.addNameConstraint(this.form)}"> - <input type="button" name="NameConstraint-delete" value="Delete" onClick="parent.deleteNameConstraint(this.form)"> - </td><td> - <table><tr><td> - Name Type: </td></tr><tr><td> - <input type="radio" name="NameConstraintRadio" value="otherName" onClick="parent.setNameConstraintNameType(form)"> Other Name, - OID: <input type="text" name="NameConstraintOtherNameOID" size="6"> </td><td> - <input type="radio" name="NameConstraintRadio" value="rfc822Name" onClick="parent.setNameConstraintNameType(form)"> RFC 822 Name</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="dnsName" onClick="parent.setNameConstraintNameType(form)"> DNS Name </td><td> - <input type="radio" name="NameConstraintRadio" value="x400" onClick="parent.setNameConstraintNameType(form)"> X400 Address</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="directoryName" onClick="parent.setNameConstraintNameType(form)"> Directory Name</td><td> - <input type="radio" name="NameConstraintRadio" value="ediPartyName" onClick="parent.setNameConstraintNameType(form)"> EDI Party Name</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="URL" onClick="parent.setNameConstraintNameType(form)"> Uniform Resource Locator</td><td> - <input type="radio" name="NameConstraintRadio" value="ipAddress" onClick="parent.setNameConstraintNameType(form)"> IP Address</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="regID" onClick="parent.setNameConstraintNameType(form)"> Registered ID</td><td></tr> - </table> - Name: <input type="text" name="NameConstraintText"> - Binary Encoded: <input type="checkbox" name="NameConstraintNameDataType" value="binary" onClick="parent.setNameConstraintNameType(form)"></p> - Constraint type:<p> - <dd><input type="radio" name="NameConstraintTypeRadio" value="permited"> permited<p> - <dd><input type="radio" name="NameConstraintTypeRadio" value="excluded"> excluded<p> - Minimum: <input type="text" name="NameConstraintMin" size="8" maxlength="8"></p> - Maximum: <input type="text" name="NameConstraintMax" size="8" maxlength="8"></p> - - - - </tr> - </table> - </tr> - </table> - </form> - - - - - - - - - - diff --git a/security/nss/cmd/certcgi/certcgi.c b/security/nss/cmd/certcgi/certcgi.c deleted file mode 100644 index 1762f5b30..000000000 --- a/security/nss/cmd/certcgi/certcgi.c +++ /dev/null @@ -1,2460 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* Cert-O-Matic CGI */ - - -#include "nspr.h" -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" - -#include "pk11func.h" -#include "cert.h" -#include "cdbhdl.h" -#include "cryptohi.h" -#include "secoid.h" -#include "secder.h" -#include "genname.h" -#include "xconst.h" -#include "secutil.h" -#include "pqgutil.h" -#include "certxutl.h" -#include "secrng.h" /* for RNG_ */ - - -/* #define TEST 1 */ -/* #define FILEOUT 1 */ -/* #define OFFLINE 1 */ -#define START_FIELDS 100 -#define PREFIX_LEN 6 -#define SERIAL_FILE "../serial" -#define DB_DIRECTORY ".." - - -typedef struct PairStr Pair; - -struct PairStr { - char *name; - char *data; -}; - - -char prefix[PREFIX_LEN]; - - -const SEC_ASN1Template CERTIA5TypeTemplate[] = { - { SEC_ASN1_IA5_STRING } -}; - - - -SECKEYPrivateKey *privkeys[9] = {NULL, NULL, NULL, NULL, NULL, NULL, NULL, - NULL, NULL}; - - -#ifdef notdef -const SEC_ASN1Template CERT_GeneralNameTemplate[] = { - { SEC_ASN1_SEQUENCE_OF, 0, SEC_AnyTemplate } -}; -#endif - - -static void -error_out(char *error_string) -{ - printf("Content-type: text/plain\n\n"); - printf(error_string); - fflush(stderr); - fflush(stdout); - exit(1); -} - -static void -error_allocate(void) -{ - error_out("ERROR: Unable to allocate memory"); -} - - -static char * -make_copy_string(char *read_pos, - int length, - char sentinal_value) - /* copys string from to a new string it creates and - returns a pointer to the new string */ -{ - int remaining = length; - char *write_pos; - char *new; - - new = write_pos = (char *) PORT_Alloc (length); - if (new == NULL) { - error_allocate(); - } - while (*read_pos != sentinal_value) { - if (remaining == 1) { - remaining += length; - length = length * 2; - new = PORT_Realloc(new,length); - if (new == NULL) { - error_allocate(); - } - write_pos = new + length - remaining; - } - *write_pos = *read_pos; - ++write_pos; - ++read_pos; - remaining = remaining - 1; - } - *write_pos = '\0'; - return new; -} - - -static char * -PasswordStub(PK11SlotInfo *slot, - void *cx) -{ - return NULL; -} - - -static SECStatus -clean_input(Pair *data) - /* converts the non-alphanumeric characters in a form post - from hex codes back to characters */ -{ - int length; - int hi_digit; - int low_digit; - char character; - char *begin_pos; - char *read_pos; - char *write_pos; - PRBool name = PR_TRUE; - - begin_pos = data->name; - while (begin_pos != NULL) { - length = strlen(begin_pos); - read_pos = write_pos = begin_pos; - while ((read_pos - begin_pos) < length) { - if (*read_pos == '+') { - *read_pos = ' '; - } - if (*read_pos == '%') { - hi_digit = *(read_pos + 1); - low_digit = *(read_pos +2); - read_pos += 3; - if (isdigit(hi_digit)){ - hi_digit = hi_digit - '0'; - } else { - hi_digit = toupper(hi_digit); - if (isxdigit(hi_digit)) { - hi_digit = (hi_digit - 'A') + 10; - } else { - error_out("ERROR: Form data incorrectly formated"); - } - } - if (isdigit(low_digit)){ - low_digit = low_digit - '0'; - } else { - low_digit = toupper(low_digit); - if ((low_digit >='A') && (low_digit <= 'F')) { - low_digit = (low_digit - 'A') + 10; - } else { - error_out("ERROR: Form data incorrectly formated"); - } - } - character = (hi_digit << 4) | low_digit; - if (character != 10) { - *write_pos = character; - ++write_pos; - } - } else { - *write_pos = *read_pos; - ++write_pos; - ++read_pos; - } - } - *write_pos = '\0'; - if (name == PR_TRUE) { - begin_pos = data->data; - name = PR_FALSE; - } else { - data++; - begin_pos = data->name; - name = PR_TRUE; - } - } - return SECSuccess; -} - -static char * -make_name(char *new_data) - /* gets the next field name in the input string and returns - a pointer to a string containing a copy of it */ -{ - int length = 20; - char *name; - - name = make_copy_string(new_data, length, '='); - return name; -} - -static char * -make_data(char *new_data) - /* gets the data for the next field in the input string - and returns a pointer to a string containing it */ -{ - int length = 100; - char *data; - char *read_pos; - - read_pos = new_data; - while (*(read_pos - 1) != '=') { - ++read_pos; - } - data = make_copy_string(read_pos, length, '&'); - return data; -} - - -static Pair -make_pair(char *new_data) - /* makes a pair name/data pair from the input string */ -{ - Pair temp; - - temp.name = make_name(new_data); - temp.data = make_data(new_data); - return temp; -} - - - -static Pair * -make_datastruct(char *data, int len) - /* parses the input from the form post into a data - structure of field name/data pairs */ -{ - Pair *datastruct; - Pair *current; - char *curr_pos; - int fields = START_FIELDS; - int remaining = START_FIELDS; - - curr_pos = data; - datastruct = current = (Pair *) PORT_Alloc(fields * sizeof(Pair)); - if (datastruct == NULL) { - error_allocate(); - } - while (curr_pos - data < len) { - if (remaining == 1) { - remaining += fields; - fields = fields * 2; - datastruct = (Pair *) PORT_Realloc - (datastruct, fields * sizeof(Pair)); - if (datastruct == NULL) { - error_allocate; - } - current = datastruct + (fields - remaining); - } - *current = make_pair(curr_pos); - while (*curr_pos != '&') { - ++curr_pos; - } - ++curr_pos; - ++current; - remaining = remaining - 1; - } - current->name = NULL; - return datastruct; -} - -static char * -return_name(Pair *data_struct, - int n) - /* returns a pointer to the name of the nth - (starting from 0) item in the data structure */ -{ - char *name; - - if ((data_struct + n)->name != NULL) { - name = (data_struct + n)->name; - return name; - } else { - return NULL; - } -} - -static char * -return_data(Pair *data_struct,int n) - /* returns a pointer to the data of the nth (starting from 0) - itme in the data structure */ -{ - char *data; - - data = (data_struct + n)->data; - return data; -} - - -static char * -add_prefix(char *field_name) -{ - extern char prefix[PREFIX_LEN]; - int i = 0; - char *rv; - char *write; - - rv = write = PORT_Alloc(PORT_Strlen(prefix) + PORT_Strlen(field_name) + 1); - for(i = 0; i < PORT_Strlen(prefix); i++) { - *write = prefix[i]; - write++; - } - *write = '\0'; - rv = PORT_Strcat(rv,field_name); - return rv; -} - - -static char * -find_field(Pair *data, - char *field_name, - PRBool add_pre) - /* returns a pointer to the data of the first pair - thats name matches the string it is passed */ -{ - int i = 0; - char *retrieved; - int found = 0; - - if (add_pre) { - field_name = add_prefix(field_name); - } - while(return_name(data, i) != NULL) { - if (PORT_Strcmp(return_name(data, i), field_name) == 0) { - retrieved = return_data(data, i); - found = 1; - break; - } - i++; - } - if (!found) { - retrieved = NULL; - } - return retrieved; -} - -static PRBool -find_field_bool(Pair *data, - char *fieldname, - PRBool add_pre) -{ - char *rv; - - rv = find_field(data, fieldname, add_pre); - - if ((rv != NULL) && (PORT_Strcmp(rv, "true")) == 0) { - return PR_TRUE; - } else { - return PR_FALSE; - } -} - -static char * -update_data_by_name(Pair *data, - char *field_name, - char *new_data) - /* replaces the data in the data structure associated with - a name with new data, returns null if not found */ -{ - int i = 0; - int found = 0; - int length = 100; - char *new; - - while (return_name(data, i) != NULL) { - if (PORT_Strcmp(return_name(data, i), field_name) == 0) { - new = make_copy_string( new_data, length, '\0'); - PORT_Free(return_data(data, i)); - found = 1; - (*(data + i)).data = new; - break; - } - i++; - } - if (!found) { - new = NULL; - } - return new; -} - -static char * -update_data_by_index(Pair *data, - int n, - char *new_data) - /* replaces the data of a particular index in the data structure */ -{ - int length = 100; - char *new; - - new = make_copy_string(new_data, length, '\0'); - PORT_Free(return_data(data, n)); - (*(data + n)).data = new; - return new; -} - - -static Pair * -add_field(Pair *data, - char* field_name, - char* field_data) - /* adds a new name/data pair to the data structure */ -{ - int i = 0; - int j; - int name_length = 100; - int data_length = 100; - - while(return_name(data, i) != NULL) { - i++; - } - j = START_FIELDS; - while ( j < (i + 1) ) { - j = j * 2; - } - if (j == (i + 1)) { - data = (Pair *) PORT_Realloc(data, (j * 2) * sizeof(Pair)); - if (data == NULL) { - error_allocate(); - } - } - (*(data + i)).name = make_copy_string(field_name, name_length, '\0'); - (*(data + i)).data = make_copy_string(field_data, data_length, '\0'); - (data + i + 1)->name = NULL; - return data; -} - - -static CERTCertificateRequest * -makeCertReq(Pair *form_data, - int which_priv_key) - /* makes and encodes a certrequest */ -{ - - PK11SlotInfo *slot; - CERTCertificateRequest *certReq = NULL; - CERTSubjectPublicKeyInfo *spki; - SECKEYPrivateKey *privkey = NULL; - SECKEYPublicKey *pubkey = NULL; - CERTName *name; - char *key; - extern SECKEYPrivateKey *privkeys[9]; - int keySizeInBits; - char *challenge = "foo"; - SECStatus rv = SECSuccess; - PQGParams *pqgParams = NULL; - PQGVerify *pqgVfy = NULL; - - name = CERT_AsciiToName(find_field(form_data, "subject", PR_TRUE)); - if (name == NULL) { - error_out("ERROR: Unable to create Subject Name"); - } - key = find_field(form_data, "key", PR_TRUE); - if (key == NULL) { - switch (*find_field(form_data, "keysize", PR_TRUE)) { - case '0': - keySizeInBits = 2048; - break; - case '1': - keySizeInBits = 1024; - break; - case '2': - keySizeInBits = 512; - break; - default: - error_out("ERROR: Unsupported Key length selected"); - } - if (find_field_bool(form_data, "keyType-dsa", PR_TRUE)) { - rv = PQG_ParamGen(keySizeInBits, &pqgParams, &pqgVfy); - if (rv != SECSuccess) { - error_out("ERROR: Unable to generate PQG parameters"); - } - slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); - privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, - pqgParams,&pubkey, PR_FALSE, - PR_TRUE, NULL); - } else { - privkey = SECKEY_CreateRSAPrivateKey(keySizeInBits, &pubkey, NULL); - } - privkeys[which_priv_key] = privkey; - spki = SECKEY_CreateSubjectPublicKeyInfo(pubkey); - } else { - spki = SECKEY_ConvertAndDecodePublicKeyAndChallenge(key, challenge, - NULL); - if (spki == NULL) { - error_out("ERROR: Unable to decode Public Key and Challenge String"); - } - } - certReq = CERT_CreateCertificateRequest(name, spki, NULL); - if (certReq == NULL) { - error_out("ERROR: Unable to create Certificate Request"); - } - if (pubkey != NULL) { - SECKEY_DestroyPublicKey(pubkey); - } - if (spki != NULL) { - SECKEY_DestroySubjectPublicKeyInfo(spki); - } - if (pqgParams != NULL) { - PQG_DestroyParams(pqgParams); - } - if (pqgVfy != NULL) { - PQG_DestroyVerify(pqgVfy); - } - return certReq; -} - - - -static CERTCertificate * -MakeV1Cert(CERTCertDBHandle *handle, - CERTCertificateRequest *req, - char *issuerNameStr, - PRBool selfsign, - int serialNumber, - int warpmonths, - Pair *data) -{ - CERTCertificate *issuerCert = NULL; - CERTValidity *validity; - CERTCertificate *cert = NULL; - PRExplodedTime printableTime; - PRTime now, - after; - SECStatus rv; - - - - if ( !selfsign ) { - issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); - if (!issuerCert) { - error_out("ERROR: Could not find issuer's certificate"); - return NULL; - } - } - if (find_field_bool(data, "manValidity", PR_TRUE)) { - rv = DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE)); - } else { - now = PR_Now(); - } - PR_ExplodeTime (now, PR_GMTParameters, &printableTime); - if ( warpmonths ) { - printableTime.tm_month += warpmonths; - now = PR_ImplodeTime (&printableTime); - PR_ExplodeTime (now, PR_GMTParameters, &printableTime); - } - if (find_field_bool(data, "manValidity", PR_TRUE)) { - rv = DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE)); - PR_ExplodeTime (after, PR_GMTParameters, &printableTime); - } else { - printableTime.tm_month += 3; - after = PR_ImplodeTime (&printableTime); - } - /* note that the time is now in micro-second unit */ - validity = CERT_CreateValidity (now, after); - - if ( selfsign ) { - cert = CERT_CreateCertificate - (serialNumber,&(req->subject), validity, req); - } else { - cert = CERT_CreateCertificate - (serialNumber,&(issuerCert->subject), validity, req); - } - - CERT_DestroyValidity(validity); - if ( issuerCert ) { - CERT_DestroyCertificate (issuerCert); - } - return(cert); -} - -static int -get_serial_number(Pair *data) -{ - int serial = 0; - int error; - char *filename = SERIAL_FILE; - char *SN; - FILE *serialFile; - - - if (find_field_bool(data, "serial-auto", PR_TRUE)) { - serialFile = fopen(filename, "r"); - if (serialFile != NULL) { - fread(&serial, sizeof(int), 1, serialFile); - if (ferror(serialFile) != 0) { - error_out("Error: Unable to read serial number file"); - } - if (serial == 4294967295) { - serial = 21; - } - fclose(serialFile); - ++serial; - serialFile = fopen(filename,"w"); - if (serialFile == NULL) { - error_out("ERROR: Unable to open serial number file for writing"); - } - fwrite(&serial, sizeof(int), 1, serialFile); - if (ferror(serialFile) != 0) { - error_out("Error: Unable to write to serial number file"); - } - } else { - fclose(serialFile); - serialFile = fopen(filename,"w"); - if (serialFile == NULL) { - error_out("ERROR: Unable to open serial number file"); - } - serial = 21; - fwrite(&serial, sizeof(int), 1, serialFile); - if (ferror(serialFile) != 0) { - error_out("Error: Unable to write to serial number file"); - } - error = ferror(serialFile); - if (error != 0) { - error_out("ERROR: Unable to write to serial file"); - } - } - fclose(serialFile); - } else { - SN = find_field(data, "serial_value", PR_TRUE); - while (*SN != '\0') { - serial = serial * 16; - if ((*SN >= 'A') && (*SN <='F')) { - serial += *SN - 'A' + 10; - } else { - if ((*SN >= 'a') && (*SN <='f')) { - serial += *SN - 'a' + 10; - } else { - serial += *SN - '0'; - } - } - ++SN; - } - } - return serial; -} - - - - - -static CERTCertDBHandle -*OpenCertDB(void) - /* NOTE: This routine has been modified to allow the libsec/pcertdb.c - * routines to automatically find and convert the old cert database - * into the new v3.0 format (cert db version 5). - */ -{ - CERTCertDBHandle *certHandle; - SECStatus rv; - - /* Allocate a handle to fill with CERT_OpenCertDB below */ - certHandle = (CERTCertDBHandle *)PORT_ZAlloc(sizeof(CERTCertDBHandle)); - if (!certHandle) { - error_out("ERROR: unable to get database handle"); - return NULL; - } - - rv = CERT_OpenCertDB(certHandle, PR_FALSE, SECU_CertDBNameCallback, NULL); - - if (rv) { - error_out("ERROR: Could not open certificate database"); - if (certHandle) free (certHandle); /* we don't want to leave - anything behind... */ - return NULL; - } else { - CERT_SetDefaultCertDB(certHandle); - } - - return certHandle; -} - -typedef SECStatus (* EXTEN_VALUE_ENCODER) - (PRArenaPool *extHandle, void *value, SECItem *encodedValue); - -static SECStatus -EncodeAndAddExtensionValue( - PRArenaPool *arena, - void *extHandle, - void *value, - PRBool criticality, - int extenType, - EXTEN_VALUE_ENCODER EncodeValueFn) -{ - SECItem encodedValue; - SECStatus rv; - - - encodedValue.data = NULL; - encodedValue.len = 0; - rv = (*EncodeValueFn)(arena, value, &encodedValue); - if (rv != SECSuccess) { - error_out("ERROR: Unable to encode extension value"); - } - rv = CERT_AddExtension - (extHandle, extenType, &encodedValue, criticality, PR_TRUE); - return (rv); -} - - - -static SECStatus -AddKeyUsage (void *extHandle, - Pair *data) -{ - SECItem bitStringValue; - unsigned char keyUsage = 0x0; - - if (find_field_bool(data,"keyUsage-digitalSignature", PR_TRUE)){ - keyUsage |= (0x80 >> 0); - } - if (find_field_bool(data,"keyUsage-nonRepudiation", PR_TRUE)){ - keyUsage |= (0x80 >> 1); - } - if (find_field_bool(data,"keyUsage-keyEncipherment", PR_TRUE)){ - keyUsage |= (0x80 >> 2); - } - if (find_field_bool(data,"keyUsage-dataEncipherment", PR_TRUE)){ - keyUsage |= (0x80 >> 3); - } - if (find_field_bool(data,"keyUsage-keyAgreement", PR_TRUE)){ - keyUsage |= (0x80 >> 4); - } - if (find_field_bool(data,"keyUsage-keyCertSign", PR_TRUE)) { - keyUsage |= (0x80 >> 5); - } - if (find_field_bool(data,"keyUsage-cRLSign", PR_TRUE)) { - keyUsage |= (0x80 >> 6); - } - - bitStringValue.data = &keyUsage; - bitStringValue.len = 1; - - return (CERT_EncodeAndAddBitStrExtension - (extHandle, SEC_OID_X509_KEY_USAGE, &bitStringValue, - (find_field_bool(data, "keyUsage-crit", PR_TRUE)))); - -} - -static CERTOidSequence * -CreateOidSequence(void) -{ - CERTOidSequence *rv = (CERTOidSequence *)NULL; - PRArenaPool *arena = (PRArenaPool *)NULL; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if( (PRArenaPool *)NULL == arena ) { - goto loser; - } - - rv = (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence)); - if( (CERTOidSequence *)NULL == rv ) { - goto loser; - } - - rv->oids = (SECItem **)PORT_ArenaZAlloc(arena, sizeof(SECItem *)); - if( (SECItem **)NULL == rv->oids ) { - goto loser; - } - - rv->arena = arena; - return rv; - - loser: - if( (PRArenaPool *)NULL != arena ) { - PORT_FreeArena(arena, PR_FALSE); - } - - return (CERTOidSequence *)NULL; -} - -static SECStatus -AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag) -{ - SECItem **oids; - PRUint32 count = 0; - SECOidData *od; - - od = SECOID_FindOIDByTag(oidTag); - if( (SECOidData *)NULL == od ) { - return SECFailure; - } - - for( oids = os->oids; (SECItem *)NULL != *oids; oids++ ) { - count++; - } - - /* ArenaZRealloc */ - - { - PRUint32 i; - - oids = (SECItem **)PORT_ArenaZAlloc(os->arena, sizeof(SECItem *) * (count+2)); - if( (SECItem **)NULL == oids ) { - return SECFailure; - } - - for( i = 0; i < count; i++ ) { - oids[i] = os->oids[i]; - } - - /* ArenaZFree(os->oids); */ - } - - os->oids = oids; - os->oids[count] = &od->oid; - - return SECSuccess; -} - -static SECItem * -EncodeOidSequence(CERTOidSequence *os) -{ - SECItem *rv; - extern const SEC_ASN1Template CERT_OidSeqTemplate[]; - - rv = (SECItem *)PORT_ArenaZAlloc(os->arena, sizeof(SECItem)); - if( (SECItem *)NULL == rv ) { - goto loser; - } - - if( !SEC_ASN1EncodeItem(os->arena, rv, os, CERT_OidSeqTemplate) ) { - goto loser; - } - - return rv; - - loser: - return (SECItem *)NULL; -} - -static SECStatus -AddExtKeyUsage(void *extHandle, Pair *data) -{ - SECStatus rv; - CERTOidSequence *os; - SECItem *value; - PRBool crit; - - os = CreateOidSequence(); - if( (CERTOidSequence *)NULL == os ) { - return SECFailure; - } - - if( find_field_bool(data, "extKeyUsage-serverAuth", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-clientAuth", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-codeSign", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CODE_SIGN); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-emailProtect", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-timeStamp", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_TIME_STAMP); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-ocspResponder", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-NS-govtApproved", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED); - if( SECSuccess != rv ) goto loser; - } - - value = EncodeOidSequence(os); - - crit = find_field_bool(data, "extKeyUsage-crit", PR_TRUE); - - rv = CERT_AddExtension(extHandle, SEC_OID_X509_EXT_KEY_USAGE, value, - crit, PR_TRUE); - /*FALLTHROUGH*/ - loser: - CERT_DestroyOidSequence(os); - return rv; -} - -static SECStatus -AddSubKeyID(void *extHandle, - Pair *data, - CERTCertificate *subjectCert) -{ - SECItem encodedValue; - SECStatus rv; - char *read; - char *write; - char *first; - char character; - int high_digit = 0, - low_digit = 0; - int len; - PRBool odd = PR_FALSE; - - - encodedValue.data = NULL; - encodedValue.len = 0; - first = read = write = find_field(data,"subjectKeyIdentifier-text", - PR_TRUE); - len = PORT_Strlen(first); - odd = ((len % 2) != 0 ) ? PR_TRUE : PR_FALSE; - if (find_field_bool(data, "subjectKeyIdentifier-radio-hex", PR_TRUE)) { - if (odd) { - error_out("ERROR: Improperly formated subject key identifier, hex values must be expressed as an octet string"); - } - while (*read != '\0') { - if (!isxdigit(*read)) { - error_out("ERROR: Improperly formated subject key identifier"); - } - *read = toupper(*read); - if ((*read >= 'A') && (*read <= 'F')) { - high_digit = *read - 'A' + 10; - } else { - high_digit = *read - '0'; - } - ++read; - if (!isxdigit(*read)) { - error_out("ERROR: Improperly formated subject key identifier"); - } - *read = toupper(*read); - if ((*read >= 'A') && (*read <= 'F')) { - low_digit = *(read) - 'A' + 10; - } else { - low_digit = *(read) - '0'; - } - character = (high_digit << 4) | low_digit; - *write = character; - ++write; - ++read; - } - *write = '\0'; - len = write - first; - } - subjectCert->subjectKeyID.data = (unsigned char *) find_field - (data,"subjectKeyIdentifier-text", PR_TRUE); - subjectCert->subjectKeyID.len = len; - rv = CERT_EncodeSubjectKeyID - (NULL, find_field(data,"subjectKeyIdentifier-text", PR_TRUE), - len, &encodedValue); - if (rv) { - return (rv); - } - return (CERT_AddExtension(extHandle, SEC_OID_X509_SUBJECT_KEY_ID, - &encodedValue, PR_FALSE, PR_TRUE)); -} - - -static SECStatus -AddAuthKeyID (void *extHandle, - Pair *data, - char *issuerNameStr, - CERTCertDBHandle *handle) -{ - CERTAuthKeyID *authKeyID = NULL; - PRArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - CERTCertificate *issuerCert = NULL; - CERTGeneralName *genNames; - CERTName *directoryName = NULL; - - - issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - error_allocate(); - } - - authKeyID = PORT_ArenaZAlloc (arena, sizeof (CERTAuthKeyID)); - if (authKeyID == NULL) { - error_allocate(); - } - if (find_field_bool(data, "authorityKeyIdentifier-radio-keyIdentifier", - PR_TRUE)) { - authKeyID->keyID.data = PORT_ArenaAlloc (arena, PORT_Strlen - ((char *)issuerCert->subjectKeyID.data)); - if (authKeyID->keyID.data == NULL) { - error_allocate(); - } - PORT_Memcpy (authKeyID->keyID.data, issuerCert->subjectKeyID.data, - authKeyID->keyID.len = - PORT_Strlen((char *)issuerCert->subjectKeyID.data)); - } else { - - PORT_Assert (arena); - genNames = (CERTGeneralName *) PORT_ArenaZAlloc (arena, (sizeof(CERTGeneralName))); - if (genNames == NULL){ - error_allocate(); - } - genNames->l.next = genNames->l.prev = &(genNames->l); - genNames->type = certDirectoryName; - - directoryName = CERT_AsciiToName(issuerCert->subjectName); - if (!directoryName) { - error_out("ERROR: Unable to create Directory Name"); - } - rv = CERT_CopyName (arena, &genNames->name.directoryName, - directoryName); - CERT_DestroyName (directoryName); - if (rv != SECSuccess) { - error_out("ERROR: Unable to copy Directory Name"); - } - authKeyID->authCertIssuer = genNames; - if (authKeyID->authCertIssuer == NULL && SECFailure == - PORT_GetError ()) { - error_out("ERROR: Unable to get Issuer General Name for Authority Key ID Extension"); - } - authKeyID->authCertSerialNumber = issuerCert->serialNumber; - } - rv = EncodeAndAddExtensionValue(arena, extHandle, authKeyID, PR_FALSE, - SEC_OID_X509_AUTH_KEY_ID, - (EXTEN_VALUE_ENCODER) - CERT_EncodeAuthKeyID); - if (arena) { - PORT_FreeArena (arena, PR_FALSE); - } - return (rv); -} - - -static SECStatus -AddPrivKeyUsagePeriod(void *extHandle, - Pair *data, - CERTCertificate *cert) -{ - char *notBeforeStr; - char *notAfterStr; - PRArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - PKUPEncodedContext *pkup; - - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - error_allocate(); - } - pkup = PORT_ArenaZAlloc (arena, sizeof (PKUPEncodedContext)); - if (pkup == NULL) { - error_allocate(); - } - notBeforeStr = (char *) PORT_Alloc(16 * sizeof(char)); - notAfterStr = (char *) PORT_Alloc(16 * sizeof(char)); - *notBeforeStr = '\0'; - *notAfterStr = '\0'; - pkup->arena = arena; - pkup->notBefore.len = 0; - pkup->notBefore.data = NULL; - pkup->notAfter.len = 0; - pkup->notAfter.data = NULL; - if (find_field_bool(data, "privKeyUsagePeriod-radio-notBefore", PR_TRUE) || - find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) { - pkup->notBefore.len = 15; - pkup->notBefore.data = (unsigned char *)notBeforeStr; - if (find_field_bool(data, "privKeyUsagePeriod-notBefore-radio-manual", - PR_TRUE)) { - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-year", - PR_TRUE)); - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-month", - PR_TRUE)); - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-day", - PR_TRUE)); - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-hour", - PR_TRUE)); - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-minute", - PR_TRUE)); - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-second", - PR_TRUE)); - if ((*(notBeforeStr + 14) != '\0') || - (!isdigit(*(notBeforeStr + 13))) || - (*(notBeforeStr + 12) >= '5' && *(notBeforeStr + 12) <= '0') || - (!isdigit(*(notBeforeStr + 11))) || - (*(notBeforeStr + 10) >= '5' && *(notBeforeStr + 10) <= '0') || - (!isdigit(*(notBeforeStr + 9))) || - (*(notBeforeStr + 8) >= '2' && *(notBeforeStr + 8) <= '0') || - (!isdigit(*(notBeforeStr + 7))) || - (*(notBeforeStr + 6) >= '3' && *(notBeforeStr + 6) <= '0') || - (!isdigit(*(notBeforeStr + 5))) || - (*(notBeforeStr + 4) >= '1' && *(notBeforeStr + 4) <= '0') || - (!isdigit(*(notBeforeStr + 3))) || - (!isdigit(*(notBeforeStr + 2))) || - (!isdigit(*(notBeforeStr + 1))) || - (!isdigit(*(notBeforeStr + 0))) || - (*(notBeforeStr + 8) == '2' && *(notBeforeStr + 9) >= '4') || - (*(notBeforeStr + 6) == '3' && *(notBeforeStr + 7) >= '1') || - (*(notBeforeStr + 4) == '1' && *(notBeforeStr + 5) >= '2')) { - error_out("ERROR: Improperly formated private key usage period"); - } - *(notBeforeStr + 14) = 'Z'; - *(notBeforeStr + 15) = '\0'; - } else { - if ((*(cert->validity.notBefore.data) > '5') || - ((*(cert->validity.notBefore.data) == '5') && - (*(cert->validity.notBefore.data + 1) != '0'))) { - PORT_Strcat(notBeforeStr, "19"); - } else { - PORT_Strcat(notBeforeStr, "20"); - } - PORT_Strcat(notBeforeStr, (char *)cert->validity.notBefore.data); - } - } - if (find_field_bool(data, "privKeyUsagePeriod-radio-notAfter", PR_TRUE) || - find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) { - pkup->notAfter.len = 15; - pkup->notAfter.data = (unsigned char *)notAfterStr; - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-year", - PR_TRUE)); - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-month", - PR_TRUE)); - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-day", - PR_TRUE)); - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-hour", - PR_TRUE)); - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-minute", - PR_TRUE)); - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-second", - PR_TRUE)); - if ((*(notAfterStr + 14) != '\0') || - (!isdigit(*(notAfterStr + 13))) || - (*(notAfterStr + 12) >= '5' && *(notAfterStr + 12) <= '0') || - (!isdigit(*(notAfterStr + 11))) || - (*(notAfterStr + 10) >= '5' && *(notAfterStr + 10) <= '0') || - (!isdigit(*(notAfterStr + 9))) || - (*(notAfterStr + 8) >= '2' && *(notAfterStr + 8) <= '0') || - (!isdigit(*(notAfterStr + 7))) || - (*(notAfterStr + 6) >= '3' && *(notAfterStr + 6) <= '0') || - (!isdigit(*(notAfterStr + 5))) || - (*(notAfterStr + 4) >= '1' && *(notAfterStr + 4) <= '0') || - (!isdigit(*(notAfterStr + 3))) || - (!isdigit(*(notAfterStr + 2))) || - (!isdigit(*(notAfterStr + 1))) || - (!isdigit(*(notAfterStr + 0))) || - (*(notAfterStr + 8) == '2' && *(notAfterStr + 9) >= '4') || - (*(notAfterStr + 6) == '3' && *(notAfterStr + 7) >= '1') || - (*(notAfterStr + 4) == '1' && *(notAfterStr + 5) >= '2')) { - error_out("ERROR: Improperly formated private key usage period"); - } - *(notAfterStr + 14) = 'Z'; - *(notAfterStr + 15) = '\0'; - } - - PORT_Assert (arena); - - rv = EncodeAndAddExtensionValue(arena, extHandle, pkup, - find_field_bool(data, - "privKeyUsagePeriod-crit", - PR_TRUE), - SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD, - (EXTEN_VALUE_ENCODER) - CERT_EncodePublicKeyUsagePeriod); - if (arena) { - PORT_FreeArena (arena, PR_FALSE); - } - if (notBeforeStr != NULL) { - PORT_Free(notBeforeStr); - } - if (notAfterStr != NULL) { - PORT_Free(notAfterStr); - } - return (rv); -} - -static SECStatus -AddBasicConstraint(void *extHandle, - Pair *data) -{ - CERTBasicConstraints basicConstraint; - SECItem encodedValue; - SECStatus rv; - - encodedValue.data = NULL; - encodedValue.len = 0; - basicConstraint.pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT; - basicConstraint.isCA = (find_field_bool(data,"basicConstraints-cA-radio-CA", - PR_TRUE)); - if (find_field_bool(data,"basicConstraints-pathLengthConstraint", PR_TRUE)){ - basicConstraint.pathLenConstraint = atoi - (find_field(data,"basicConstraints-pathLengthConstraint-text", - PR_TRUE)); - } - - rv = CERT_EncodeBasicConstraintValue (NULL, &basicConstraint, - &encodedValue); - if (rv) - return (rv); - rv = CERT_AddExtension(extHandle, SEC_OID_X509_BASIC_CONSTRAINTS, - &encodedValue, - (find_field_bool(data,"basicConstraints-crit", - PR_TRUE)), PR_TRUE); - - PORT_Free (encodedValue.data); - return (rv); -} - - - -static SECStatus -AddNscpCertType (void *extHandle, - Pair *data) -{ - SECItem bitStringValue; - unsigned char CertType = 0x0; - - if (find_field_bool(data,"netscape-cert-type-ssl-client", PR_TRUE)){ - CertType |= (0x80 >> 0); - } - if (find_field_bool(data,"netscape-cert-type-ssl-server", PR_TRUE)){ - CertType |= (0x80 >> 1); - } - if (find_field_bool(data,"netscape-cert-type-smime", PR_TRUE)){ - CertType |= (0x80 >> 2); - } - if (find_field_bool(data,"netscape-cert-type-object-signing", PR_TRUE)){ - CertType |= (0x80 >> 3); - } - if (find_field_bool(data,"netscape-cert-type-reserved", PR_TRUE)){ - CertType |= (0x80 >> 4); - } - if (find_field_bool(data,"netscape-cert-type-ssl-ca", PR_TRUE)) { - CertType |= (0x80 >> 5); - } - if (find_field_bool(data,"netscape-cert-type-smime-ca", PR_TRUE)) { - CertType |= (0x80 >> 6); - } - if (find_field_bool(data,"netscape-cert-type-object-signing-ca", PR_TRUE)) { - CertType |= (0x80 >> 7); - } - - bitStringValue.data = &CertType; - bitStringValue.len = 1; - - return (CERT_EncodeAndAddBitStrExtension - (extHandle, SEC_OID_NS_CERT_EXT_CERT_TYPE, &bitStringValue, - (find_field_bool(data, "netscape-cert-type-crit", PR_TRUE)))); -} - - -static SECStatus -add_IA5StringExtension(void *extHandle, - char *string, - PRBool crit, - int idtag) -{ - SECItem encodedValue; - SECStatus rv; - - encodedValue.data = NULL; - encodedValue.len = 0; - - rv = CERT_EncodeIA5TypeExtension(NULL, string, &encodedValue); - if (rv) { - return (rv); - } - return (CERT_AddExtension(extHandle, idtag, &encodedValue, crit, PR_TRUE)); -} - -static SECItem * -string_to_oid(char *string) -{ - int i; - int length = 20; - int remaining; - int first_value; - int second_value; - int value; - int oidLength; - unsigned char *oidString; - unsigned char *write; - unsigned char *read; - unsigned char *temp; - SECItem *oid; - - - remaining = length; - i = 0; - while (*string == ' ') { - string++; - } - while (isdigit(*(string + i))) { - i++; - } - if (*(string + i) == '.') { - *(string + i) = '\0'; - } else { - error_out("ERROR: Improperly formated OID"); - } - first_value = atoi(string); - if (first_value < 0 || first_value > 2) { - error_out("ERROR: Improperly formated OID"); - } - string += i + 1; - i = 0; - while (isdigit(*(string + i))) { - i++; - } - if (*(string + i) == '.') { - *(string + i) = '\0'; - } else { - error_out("ERROR: Improperly formated OID"); - } - second_value = atoi(string); - if (second_value < 0 || second_value > 39) { - error_out("ERROR: Improperly formated OID"); - } - oidString = PORT_ZAlloc(2); - *oidString = (first_value * 40) + second_value; - *(oidString + 1) = '\0'; - oidLength = 1; - string += i + 1; - i = 0; - temp = write = PORT_ZAlloc(length); - while (*string != '\0') { - value = 0; - while(isdigit(*(string + i))) { - i++; - } - if (*(string + i) == '\0') { - value = atoi(string); - string += i; - } else { - if (*(string + i) == '.') { - *(string + i) == '\0'; - value = atoi(string); - string += i + 1; - } else { - *(string + i) = '\0'; - i++; - value = atoi(string); - if (*(string + i) == ' ') { - while (*(string + i) == ' ') - i++; - } - if (*(string + i) != '\0') { - error_out("ERROR: Improperly formated OID"); - } - } - } - i = 0; - while (value != 0) { - if (remaining < 1) { - remaining += length; - length = length * 2; - temp = PORT_Realloc(temp, length); - write = temp + length - remaining; - } - *write = (value & 0x7f) | (0x80); - write++; - remaining--; - value = value >> 7; - } - *temp = *temp & (0x7f); - oidLength += write - temp; - oidString = PORT_Realloc(oidString, (oidLength + 1)); - read = write - 1; - write = oidLength + oidString - 1; - for (i = 0; i < (length - remaining); i++) { - *write = *read; - write--; - read++; - } - write = temp; - remaining = length; - } - *(oidString + oidLength) = '\0'; - oid = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); - oid->data = oidString; - oid->len = oidLength; - PORT_Free(temp); - return oid; -} - -static SECItem * -string_to_ipaddress(char *string) -{ - int i = 0; - int value; - int j = 0; - SECItem *ipaddress; - - - while (*string == ' ') { - string++; - } - ipaddress = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); - ipaddress->data = PORT_ZAlloc(9); - while (*string != '\0' && j < 8) { - while (isdigit(*(string + i))) { - i++; - } - if (*(string + i) == '.') { - *(string + i) = '\0'; - value = atoi(string); - string = string + i + 1; - i = 0; - } else { - if (*(string + i) == '\0') { - value = atoi(string); - string = string + i; - i = 0; - } else { - *(string + i) = '\0'; - while (*(string + i) == ' ') { - i++; - } - if (*(string + i) == '\0') { - value = atoi(string); - string = string + i; - i = 0; - } else { - error_out("ERROR: Improperly formated IP Address"); - } - } - } - if (value >= 0 || value < 256) { - *(ipaddress->data + j) = value; - } else { - error_out("ERROR: Improperly formated IP Address"); - } - j++; - } - *(ipaddress->data + j) = '\0'; - if (j != 4 && j != 8) { - error_out("ERROR: Improperly formated IP Address"); - } - ipaddress->len = j; - return ipaddress; -} - -static SECItem * -string_to_binary(char *string) -{ - SECItem *rv; - int high_digit; - int low_digit; - - rv = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); - if (rv == NULL) { - error_allocate(); - } - rv->data = (unsigned char *) PORT_ZAlloc((PORT_Strlen(string))/3 + 2); - while (!isxdigit(*string)) { - string++; - } - rv->len = 0; - while (*string != '\0') { - if (isxdigit(*string)) { - if (*string >= '0' && *string <= '9') { - high_digit = *string - '0'; - } else { - *string = toupper(*string); - high_digit = *string - 'A'; - } - string++; - if (*string >= '0' && *string <= '9') { - low_digit = *string - '0'; - } else { - *string = toupper(*string); - low_digit = *string = 'A'; - } - (rv->len)++; - } else { - if (*string == ':') { - string++; - } else { - if (*string == ' ') { - while (*string == ' ') { - string++; - } - } - if (*string != '\0') { - error_out("ERROR: Improperly formated binary encoding"); - } - } - } - } - - return rv; -} - -static SECStatus -MakeGeneralName(char *name, - CERTGeneralName *genName, - PRArenaPool *arena) -{ - SECItem *oid; - SECOidData *oidData; - SECItem *ipaddress; - SECItem *temp = NULL; - int i; - int nameType; - PRBool binary = PR_FALSE; - SECStatus rv = SECSuccess; - PRBool nickname; - - PORT_Assert(genName); - PORT_Assert(arena); - nameType = *(name + PORT_Strlen(name) - 1) - '0'; - if (nameType == 0 && *(name +PORT_Strlen(name) - 2) == '1') { - nickname = PR_TRUE; - nameType = certOtherName; - } - if (nameType < 1 || nameType > 9) { - error_out("ERROR: Unknown General Name Type"); - } - *(name + PORT_Strlen(name) - 4) = '\0'; - genName->type = nameType; - - switch (genName->type) { - case certURI: - case certRFC822Name: - case certDNSName: { - genName->name.other.data = (unsigned char *)name; - genName->name.other.len = PORT_Strlen(name); - break; - } - - case certIPAddress: { - ipaddress = string_to_ipaddress(name); - genName->name.other.data = ipaddress->data; - genName->name.other.len = ipaddress->len; - break; - } - - case certRegisterID: { - oid = string_to_oid(name); - genName->name.other.data = oid->data; - genName->name.other.len = oid->len; - break; - } - - case certEDIPartyName: - case certX400Address: { - - genName->name.other.data = PORT_ArenaAlloc (arena, - PORT_Strlen (name) + 2); - if (genName->name.other.data == NULL) { - error_allocate(); - } - - PORT_Memcpy (genName->name.other.data + 2, name, PORT_Strlen (name)); - /* This may not be accurate for all cases. - For now, use this tag type */ - genName->name.other.data[0] = (char)(((genName->type - 1) & - 0x1f)| 0x80); - genName->name.other.data[1] = (char)PORT_Strlen (name); - genName->name.other.len = PORT_Strlen (name) + 2; - break; - } - - case certOtherName: { - i = 0; - if (!nickname) { - while (!isdigit(*(name + PORT_Strlen(name) - i))) { - i++; - } - if (*(name + PORT_Strlen(name) - i) == '1') { - binary = PR_TRUE; - } else { - binary = PR_FALSE; - } - while (*(name + PORT_Strlen(name) - i) != '-') { - i++; - } - *(name + PORT_Strlen(name) - i - 1) = '\0'; - i = 0; - while (*(name + i) != '-') { - i++; - } - *(name + i - 1) = '\0'; - oid = string_to_oid(name + i + 2); - } else { - oidData = SECOID_FindOIDByTag(SEC_OID_NETSCAPE_NICKNAME); - oid = &oidData->oid; - while (*(name + PORT_Strlen(name) - i) != '-') { - i++; - } - *(name + PORT_Strlen(name) - i) = '\0'; - } - genName->name.OthName.oid.data = oid->data; - genName->name.OthName.oid.len = oid->len; - if (binary) { - temp = string_to_binary(name); - genName->name.OthName.name.data = temp->data; - genName->name.OthName.name.len = temp->len; - } else { - temp = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); - if (temp == NULL) { - error_allocate(); - } - temp->data = (unsigned char *)name; - temp->len = PORT_Strlen(name); - SEC_ASN1EncodeItem (arena, &(genName->name.OthName.name), temp, - CERTIA5TypeTemplate); - } - PORT_Free(temp); - break; - } - - case certDirectoryName: { - CERTName *directoryName = NULL; - - directoryName = CERT_AsciiToName (name); - if (!directoryName) { - error_out("ERROR: Improperly formated alternative name"); - break; - } - rv = CERT_CopyName (arena, &genName->name.directoryName, - directoryName); - CERT_DestroyName (directoryName); - - break; - } - } - genName->l.next = &(genName->l); - genName->l.prev = &(genName->l); - return rv; -} - - -static CERTGeneralName * -MakeAltName(Pair *data, - char *which, - PRArenaPool *arena) -{ - CERTGeneralName *SubAltName; - CERTGeneralName *current; - CERTGeneralName *newname; - char *name = NULL; - SECStatus rv = SECSuccess; - int len; - - - len = PORT_Strlen(which); - name = find_field(data, which, PR_TRUE); - SubAltName = current = (CERTGeneralName *) PORT_ZAlloc - (sizeof(CERTGeneralName)); - if (current == NULL) { - error_allocate(); - } - while (name != NULL) { - - rv = MakeGeneralName(name, current, arena); - - if (rv != SECSuccess) { - break; - } - if (*(which + len -1) < '9') { - *(which + len - 1) = *(which + len - 1) + 1; - } else { - if (isdigit(*(which + len - 2) )) { - *(which + len - 2) = *(which + len - 2) + 1; - *(which + len - 1) = '0'; - } else { - *(which + len - 1) = '1'; - *(which + len) = '0'; - *(which + len + 1) = '\0'; - len++; - } - } - len = PORT_Strlen(which); - name = find_field(data, which, PR_TRUE); - if (name != NULL) { - newname = (CERTGeneralName *) PORT_ZAlloc(sizeof(CERTGeneralName)); - if (newname == NULL) { - error_allocate(); - } - current->l.next = &(newname->l); - newname->l.prev = &(current->l); - current = newname; - newname = NULL; - } else { - current->l.next = &(SubAltName->l); - SubAltName->l.prev = &(current->l); - } - } - if (rv == SECFailure) { - return NULL; - } - return SubAltName; -} - -static CERTNameConstraints * -MakeNameConstraints(Pair *data, - PRArenaPool *arena) -{ - CERTNameConstraints *NameConstraints; - CERTNameConstraint *current = NULL; - CERTNameConstraint *last_permited = NULL; - CERTNameConstraint *last_excluded = NULL; - char *constraint = NULL; - char *which; - SECStatus rv = SECSuccess; - int len; - int i; - long max; - long min; - PRBool permited; - - - NameConstraints = (CERTNameConstraints *) PORT_ZAlloc - (sizeof(CERTNameConstraints)); - which = make_copy_string("NameConstraintSelect0", 25,'\0'); - len = PORT_Strlen(which); - constraint = find_field(data, which, PR_TRUE); - NameConstraints->permited = NameConstraints->excluded = NULL; - while (constraint != NULL) { - current = (CERTNameConstraint *) PORT_ZAlloc - (sizeof(CERTNameConstraint)); - if (current == NULL) { - error_allocate(); - } - i = 0; - while (*(constraint + PORT_Strlen(constraint) - i) != '-') { - i++; - } - *(constraint + PORT_Strlen(constraint) - i - 1) = '\0'; - max = (long) atoi(constraint + PORT_Strlen(constraint) + 3); - if (max > 0) { - (void) SEC_ASN1EncodeInteger(arena, ¤t->max, max); - } - i = 0; - while (*(constraint + PORT_Strlen(constraint) - i) != '-') { - i++; - } - *(constraint + PORT_Strlen(constraint) - i - 1) = '\0'; - min = (long) atoi(constraint + PORT_Strlen(constraint) + 3); - (void) SEC_ASN1EncodeInteger(arena, ¤t->min, min); - while (*(constraint + PORT_Strlen(constraint) - i) != '-') { - i++; - } - *(constraint + PORT_Strlen(constraint) - i - 1) = '\0'; - if (*(constraint + PORT_Strlen(constraint) + 3) == 'p') { - permited = PR_TRUE; - } else { - permited = PR_FALSE; - } - rv = MakeGeneralName(constraint, &(current->name), arena); - - if (rv != SECSuccess) { - break; - } - if (*(which + len - 1) < '9') { - *(which + len - 1) = *(which + len - 1) + 1; - } else { - if (isdigit(*(which + len - 2) )) { - *(which + len - 2) = *(which + len - 2) + 1; - *(which + len - 1) = '0'; - } else { - *(which + len - 1) = '1'; - *(which + len) = '0'; - *(which + len + 1) = '\0'; - len++; - } - } - len = PORT_Strlen(which); - if (permited) { - if (NameConstraints->permited == NULL) { - NameConstraints->permited = last_permited = current; - } - last_permited->l.next = &(current->l); - current->l.prev = &(last_permited->l); - last_permited = current; - } else { - if (NameConstraints->excluded == NULL) { - NameConstraints->excluded = last_excluded = current; - } - last_excluded->l.next = &(current->l); - current->l.prev = &(last_excluded->l); - last_excluded = current; - } - constraint = find_field(data, which, PR_TRUE); - if (constraint != NULL) { - current = (CERTNameConstraint *) PORT_ZAlloc(sizeof(CERTNameConstraint)); - if (current = NULL) { - error_allocate(); - } - } - } - if (NameConstraints->permited != NULL) { - last_permited->l.next = &(NameConstraints->permited->l); - NameConstraints->permited->l.prev = &(last_permited->l); - } - if (NameConstraints->excluded != NULL) { - last_excluded->l.next = &(NameConstraints->excluded->l); - NameConstraints->excluded->l.prev = &(last_excluded->l); - } - if (which != NULL) { - PORT_Free(which); - } - if (rv == SECFailure) { - return NULL; - } - return NameConstraints; -} - - - -static SECStatus -AddAltName(void *extHandle, - Pair *data, - char *issuerNameStr, - CERTCertDBHandle *handle, - int type) -{ - PRBool autoIssuer = PR_FALSE; - PRArenaPool *arena = NULL; - CERTGeneralName *genName = NULL; - CERTName *directoryName = NULL; - char *which = NULL; - char *name = NULL; - SECStatus rv = SECSuccess; - SECItem *issuersAltName = NULL; - CERTCertificate *issuerCert = NULL; - void *mark; - - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - error_allocate(); - } - if (type == 0) { - which = make_copy_string("SubAltNameSelect0", 20,'\0'); - genName = MakeAltName(data, which, arena); - } else { - if (autoIssuer) { - autoIssuer = find_field_bool(data,"IssuerAltNameSourceRadio-auto", - PR_TRUE); - issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); - rv = cert_FindExtension((*issuerCert).extensions, - SEC_OID_X509_SUBJECT_ALT_NAME, - issuersAltName); - if (issuersAltName == NULL) { - name = PORT_Alloc(PORT_Strlen((*issuerCert).subjectName) + 4); - PORT_Strcpy(name, (*issuerCert).subjectName); - PORT_Strcat(name, " - 5"); - } - } else { - which = make_copy_string("IssuerAltNameSelect0", 20,'\0'); - genName = MakeAltName(data, which, arena); - } - } - if (type == 0) { - EncodeAndAddExtensionValue(arena, extHandle, genName, - find_field_bool(data, "SubAltName-crit", - PR_TRUE), - SEC_OID_X509_SUBJECT_ALT_NAME, - (EXTEN_VALUE_ENCODER) - CERT_EncodeAltNameExtension); - - } else { - if (autoIssuer && (name == NULL)) { - rv = CERT_AddExtension - (extHandle, SEC_OID_X509_ISSUER_ALT_NAME, issuersAltName, - find_field_bool(data, "IssuerAltName-crit", PR_TRUE), PR_TRUE); - } else { - EncodeAndAddExtensionValue(arena, extHandle, genName, - find_field_bool(data, - "IssuerAltName-crit", - PR_TRUE), - SEC_OID_X509_ISSUER_ALT_NAME, - (EXTEN_VALUE_ENCODER) - CERT_EncodeAltNameExtension); - } - } - if (which != NULL) { - PORT_Free(which); - } - if (issuerCert != NULL) { - CERT_DestroyCertificate(issuerCert); - } - if (arena != NULL) { - PORT_ArenaRelease (arena, mark); - } - return rv; -} - - -static SECStatus -AddNameConstraints(void *extHandle, - Pair *data) -{ - PRBool autoIssuer = PR_FALSE; - PRArenaPool *arena = NULL; - CERTNameConstraints *constraints = NULL; - char *constraint = NULL; - SECStatus rv = SECSuccess; - - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - error_allocate(); - } - constraints = MakeNameConstraints(data, arena); - if (constraints != NULL) { - EncodeAndAddExtensionValue(arena, extHandle, constraints, PR_TRUE, - SEC_OID_X509_NAME_CONSTRAINTS, - (EXTEN_VALUE_ENCODER) - CERT_EncodeNameConstraintsExtension); - } - if (arena != NULL) { - PORT_ArenaRelease (arena, NULL); - } - return rv; -} - - -static SECStatus -add_extensions(CERTCertificate *subjectCert, - Pair *data, - char *issuerNameStr, - CERTCertDBHandle *handle) -{ - void *extHandle; - SECStatus rv = SECSuccess; - - - extHandle = CERT_StartCertExtensions (subjectCert); - if (extHandle == NULL) { - error_out("ERROR: Unable to get certificates extension handle"); - } - if (find_field_bool(data, "keyUsage", PR_TRUE)) { - rv = AddKeyUsage(extHandle, data); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Key Usage extension"); - } - } - - if( find_field_bool(data, "extKeyUsage", PR_TRUE) ) { - rv = AddExtKeyUsage(extHandle, data); - if( SECSuccess != rv ) { - error_out("ERROR: Unable to add Extended Key Usage extension"); - } - } - - if (find_field_bool(data, "basicConstraints", PR_TRUE)) { - rv = AddBasicConstraint(extHandle, data); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Basic Constraint extension"); - } - } - if (find_field_bool(data, "subjectKeyIdentifier", PR_TRUE)) { - rv = AddSubKeyID(extHandle, data, subjectCert); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Subject Key Identifier Extension"); - } - } - if (find_field_bool(data, "authorityKeyIdentifier", PR_TRUE)) { - rv = AddAuthKeyID (extHandle, data, issuerNameStr, handle); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Authority Key Identifier extension"); - } - } - if (find_field_bool(data, "privKeyUsagePeriod", PR_TRUE)) { - rv = AddPrivKeyUsagePeriod (extHandle, data, subjectCert); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Private Key Usage Period extension"); - } - } - if (find_field_bool(data, "SubAltName", PR_TRUE)) { - rv = AddAltName (extHandle, data, NULL, NULL, 0); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Subject Alternative Name extension"); - } - } - if (find_field_bool(data, "IssuerAltName", PR_TRUE)) { - rv = AddAltName (extHandle, data, issuerNameStr, handle, 1); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Issuer Alternative Name Extension"); - } - } - if (find_field_bool(data, "NameConstraints", PR_TRUE)) { - rv = AddNameConstraints(extHandle, data); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Name Constraints Extension"); - } - } - if (find_field_bool(data, "netscape-cert-type", PR_TRUE)) { - rv = AddNscpCertType(extHandle, data); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Certificate Type Extension"); - } - } - if (find_field_bool(data, "netscape-base-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, "netscape-base-url-text", - PR_TRUE), - find_field_bool(data, - "netscape-base-url-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_BASE_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Base URL Extension"); - } - } - if (find_field_bool(data, "netscape-revocation-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-revocation-url-text", - PR_TRUE), - find_field_bool - (data, "netscape-revocation-url-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_REVOCATION_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Revocation URL Extension"); - } - } - if (find_field_bool(data, "netscape-ca-revocation-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-ca-revocation-url-text", - PR_TRUE), - find_field_bool - (data, "netscape-ca-revocation-url-crit" - , PR_TRUE), - SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape CA Revocation URL Extension"); - } - } - if (find_field_bool(data, "netscape-cert-renewal-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-cert-renewal-url-text", - PR_TRUE), - find_field_bool - (data, "netscape-cert-renewal-url-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Certificate Renewal URL Extension"); - } - } - if (find_field_bool(data, "netscape-ca-policy-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-ca-policy-url-text", - PR_TRUE), - find_field_bool - (data, "netscape-ca-policy-url-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_CA_POLICY_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape CA Policy URL Extension"); - } - } - if (find_field_bool(data, "netscape-ssl-server-name", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-ssl-server-name-text", - PR_TRUE), - find_field_bool - (data, "netscape-ssl-server-name-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape SSL Server Name Extension"); - } - } - if (find_field_bool(data, "netscape-comment", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, "netscape-comment-text", - PR_TRUE), - find_field_bool(data, - "netscape-comment-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_COMMENT); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Comment Extension"); - } - } - CERT_FinishExtensions(extHandle); - return (rv); -} - - - -char * -return_dbpasswd(PK11SlotInfo *slot, PRBool retry, void *data) -{ - char *rv; - - /* don't clobber our poor smart card */ - if (retry == PR_TRUE) { - return NULL; - } - rv = PORT_Alloc(sizeof(char) * 4); - PORT_Strcpy(rv, "foo"); - return rv; -} - - -SECKEYPrivateKey * -FindPrivateKeyFromNameStr(char *name, - CERTCertDBHandle *certHandle) -{ - SECKEYPrivateKey *key; - CERTCertificate *cert; - SECStatus status = SECSuccess; - - - cert = CERT_FindCertByNameString(certHandle, name); - if (cert == NULL) { - error_out("ERROR: Unable to retrieve issuers certificate"); - } - key = PK11_FindKeyByAnyCert(cert, NULL); - return key; -} - -static SECItem * -SignCert(CERTCertificate *cert, - char *issuerNameStr, - Pair *data, - CERTCertDBHandle *handle, - int which_key) -{ - SECItem der; - SECItem *result = NULL; - SECKEYPrivateKey *caPrivateKey = NULL; - SECStatus rv; - PRArenaPool *arena; - SECOidTag algID; - - if (which_key == 0) { - caPrivateKey = FindPrivateKeyFromNameStr(issuerNameStr, handle); - } else { - caPrivateKey = privkeys[which_key - 1]; - } - if (caPrivateKey == NULL) { - error_out("ERROR: unable to retrieve issuers key"); - } - - arena = cert->arena; - - switch(caPrivateKey->keyType) { - case rsaKey: - algID = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; - break; - case dsaKey: - algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; - break; - default: - error_out("ERROR: Unknown key type for issuer."); - goto done; - break; - } - - rv = SECOID_SetAlgorithmID(arena, &cert->signature, algID, 0); - if (rv != SECSuccess) { - error_out("ERROR: Could not set signature algorithm id."); - } - - if (find_field_bool(data,"ver-1", PR_TRUE)) { - *(cert->version.data) = 0; - cert->version.len = 1; - } else { - *(cert->version.data) = 2; - cert->version.len = 1; - } - der.data = NULL; - der.len = 0; - (void) SEC_ASN1EncodeItem (arena, &der, cert, CERT_CertificateTemplate); - if (der.data == NULL) { - error_out("ERROR: Could not encode certificate.\n"); - } - rv = SEC_DerSignData (arena, &(cert->derCert), der.data, der.len, caPrivateKey, - algID); - if (rv != SECSuccess) { - error_out("ERROR: Could not sign encoded certificate data.\n"); - } -done: - SECKEY_DestroyPrivateKey(caPrivateKey); - return &(cert->derCert); -} - - -void -main() -{ - int length = 500; - int remaining = 500; - int n; - int fields = 3; - int i; - int serial; - int chainLen; - int which_key; - char *pos; -#ifdef OFFLINE - char *form_output = "key=MIIBPTCBpzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7SLqjWBL9Wl11Vlg%0AaMqZCvcQOL%2FnvSqYPPRP0XZy9SoAeyWzQnBOiCm2t8H5mK7r2jnKdAQOmfhjaJil%0A3hNVu3SekHOXF6Ze7bkWa6%2FSGVcY%2FojkydxFSgY43nd1iydzPQDp8WWLL%2BpVpt%2B%2B%0ATRhFtVXbF0fQI03j9h3BoTgP2lkCAwEAARYDZm9vMA0GCSqGSIb3DQEBBAUAA4GB%0AAJ8UfRKJ0GtG%2B%2BufCC6tAfTzKrq3CTBHnom55EyXcsAsv6WbDqI%2F0rLAPkn2Xo1r%0AnNhtMxIuj441blMt%2Fa3AGLOy5zmC7Qawt8IytvQikQ1XTpTBCXevytrmLjCmlURr%0ANJryTM48WaMQHiMiJpbXCqVJC1d%2FpEWBtqvALzZaOOIy&subject=CN%3D%22test%22%26serial-auto%3Dtrue%26serial_value%3D%26ver-1%3Dtrue%26ver-3%3Dfalse%26caChoiceradio-SignWithDefaultkey%3Dtrue%26caChoiceradio-SignWithRandomChain%3Dfalse%26autoCAs%3D%26caChoiceradio-SignWithSpecifiedChain%3Dfalse%26manCAs%3D%26%24"; -#else - char *form_output; -#endif - char *issuerNameStr; - char *certName; - char *DBdir = DB_DIRECTORY; - char *prefixs[10] = {"CA#1-", "CA#2-", "CA#3-", - "CA#4-", "CA#5-", "CA#6-", - "CA#7-", "CA#8-", "CA#9-", ""}; - Pair *form_data; - CERTCertificate *cert; - CERTCertDBHandle *handle; - CERTCertificateRequest *certReq = NULL; - int warpmonths = 0; - SECItem *certDER; -#ifdef FILEOUT - FILE *outfile; -#endif - SECStatus status = SECSuccess; - extern char prefix[PREFIX_LEN]; - SEC_PKCS7ContentInfo *certChain; - SECItem *encodedCertChain; - PRBool UChain = PR_FALSE; - - - -#ifdef TEST - sleep(20); -#endif - RNG_SystemInfoForRNG(); - SECU_ConfigDirectory(DBdir); - - PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - - SECU_PKCS11Init(PR_FALSE); - SEC_Init(); - PK11_SetPasswordFunc(return_dbpasswd); - handle = NULL; - handle = OpenCertDB(); - if (handle == NULL) { - error_out("Error: Unable to open certificate database"); - } - prefix[0]= '\0'; -#if !defined(OFFLINE) - form_output = (char*) PORT_Alloc(length); - if (form_output == NULL) { - error_allocate(); - } - pos = form_output; - while (feof(stdin) == 0 ) { - if (remaining <= 1) { - remaining += length; - length = length * 2; - form_output = PORT_Realloc(form_output, (length)); - if (form_output == NULL) { - error_allocate(); - } - pos = form_output + length - remaining; - } - n = fread(pos, sizeof(char), (size_t) (remaining - 1), stdin); - pos += n; - remaining -= n; - } - *pos = '&'; - pos++; - length = pos - form_output; -#else - length = PORT_Strlen(form_output); -#endif -#ifdef FILEOUT - printf("Content-type: text/plain\n\n"); - fwrite(form_output, sizeof(char), (size_t)length, stdout); - printf("\n"); -#endif -#ifdef FILEOUT - fwrite(form_output, sizeof(char), (size_t)length, stdout); - printf("\n"); - fflush(stdout); -#endif - form_data = make_datastruct(form_output, length); - status = clean_input(form_data); -#if !defined(OFFLINE) - PORT_Free(form_output); -#endif -#ifdef FILEOUT - i = 0; - while(return_name(form_data, i) != NULL) { - printf("%s",return_name(form_data,i)); - printf("=\n"); - printf("%s",return_data(form_data,i)); - printf("\n"); - i++; - } - printf("I got that done, woo hoo\n"); - fflush(stdout); -#endif - issuerNameStr = PORT_Alloc(35 * sizeof(char)); - if (find_field_bool(form_data, "caChoiceradio-SignWithSpecifiedChain", - PR_FALSE)) { - UChain = PR_TRUE; - chainLen = atoi(find_field(form_data, "manCAs", PR_FALSE)); - PORT_Strcpy(prefix, prefixs[0]); - issuerNameStr = PORT_Strcpy(issuerNameStr, - "CN=Cert-O-Matic II, O=Cert-O-Matic II"); - if (chainLen == 0) { - UChain = PR_FALSE; - } - } else { - if (find_field_bool(form_data, "caChoiceradio-SignWithRandomChain", - PR_FALSE)) { - PORT_Strcpy(prefix,prefixs[9]); - chainLen = atoi(find_field(form_data, "autoCAs", PR_FALSE)); - if (chainLen < 1 || chainLen > 18) { - issuerNameStr = PORT_Strcpy(issuerNameStr, - "CN=CA18, O=Cert-O-Matic II"); - } - issuerNameStr = PORT_Strcpy(issuerNameStr, "CN=CA"); - issuerNameStr = PORT_Strcat(issuerNameStr, - find_field(form_data,"autoCAs", PR_FALSE)); - issuerNameStr = PORT_Strcat(issuerNameStr,", O=Cert-O-Matic II"); - } else { - issuerNameStr = PORT_Strcpy(issuerNameStr, - "CN=Cert-O-Matic II, O=Cert-O-Matic II"); - } - chainLen = 0; - } - - i = -1; - which_key = 0; - do { - extern SECStatus cert_GetKeyID(CERTCertificate *cert); - i++; - if (i != 0 && UChain) { - PORT_Strcpy(prefix, prefixs[i]); - } - /* find_field(form_data,"subject", PR_TRUE); */ - certReq = makeCertReq(form_data, which_key); -#ifdef OFFLINE - serial = 900; -#else - serial = get_serial_number(form_data); -#endif - cert = MakeV1Cert(handle, certReq, issuerNameStr, PR_FALSE, - serial, warpmonths, form_data); - if (certReq != NULL) { - CERT_DestroyCertificateRequest(certReq); - } - if (find_field_bool(form_data,"ver-3", PR_TRUE)) { - status = add_extensions(cert, form_data, issuerNameStr, handle); - if (status != SECSuccess) { - error_out("ERROR: Unable to add extensions"); - } - } - status = cert_GetKeyID(cert); - if (status == SECFailure) { - error_out("ERROR: Unable to get Key ID."); - } - certDER = SignCert(cert, issuerNameStr, form_data, handle, which_key); - CERT_NewTempCertificate(handle, certDER, NULL, PR_FALSE, PR_TRUE); - issuerNameStr = find_field(form_data, "subject", PR_TRUE); - /* SECITEM_FreeItem(certDER, PR_TRUE); */ - CERT_DestroyCertificate(cert); - if (i == (chainLen - 1)) { - i = 8; - } - ++which_key; - } while (i < 9 && UChain); - - - -#ifdef FILEOUT - outfile = fopen("../certout", "wb"); -#endif - certName = find_field(form_data, "subject", PR_FALSE); - cert = CERT_FindCertByNameString(handle, certName); - certChain = SEC_PKCS7CreateCertsOnly (cert, PR_TRUE, handle); - if (certChain == NULL) { - error_out("ERROR: No certificates in cert chain"); - } - encodedCertChain = SEC_PKCS7EncodeItem (NULL, NULL, certChain, NULL, NULL, - NULL); - if (encodedCertChain) { -#if !defined(FILEOUT) - printf("Content-type: application/x-x509-user-cert\n\n"); - fwrite (encodedCertChain->data, 1, encodedCertChain->len, stdout); -#else - fwrite (encodedCertChain->data, 1, encodedCertChain->len, outfile); -#endif - - } else { - error_out("Error: Unable to DER encode certificate"); - } -#ifdef FILEOUT - printf("\nI got here!\n"); - fflush(outfile); - fclose(outfile); -#endif - fflush(stdout); - return; -} - - - - - - - - - - - diff --git a/security/nss/cmd/certcgi/index.html b/security/nss/cmd/certcgi/index.html deleted file mode 100644 index d7a80d7a2..000000000 --- a/security/nss/cmd/certcgi/index.html +++ /dev/null @@ -1,956 +0,0 @@ -<HTML> <!-- -*- Mode: Java; tab-width: 8 -*- --> -<!-- - - The contents of this file are subject to the Mozilla Public - - License Version 1.1 (the "License"); you may not use this file - - except in compliance with the License. You may obtain a copy of - - the License at http://www.mozilla.org/MPL/ - - - - Software distributed under the License is distributed on an "AS - - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - - implied. See the License for the specific language governing - - rights and limitations under the License. - - - - The Original Code is the Netscape security libraries. - - - - The Initial Developer of the Original Code is Netscape - - Communications Corporation. Portions created by Netscape are - - Copyright (C) 1994-2000 Netscape Communications Corporation. All - - Rights Reserved. - - - - Contributor(s): - - - - Alternatively, the contents of this file may be used under the - - terms of the GNU General Public License Version 2 or later (the - - "GPL"), in which case the provisions of the GPL are applicable - - instead of those above. If you wish to allow use of your - - version of this file only under the terms of the GPL and not to - - allow others to use your version of this file under the MPL, - - indicate your decision by deleting the provisions above and - - replace them with the notice and other provisions required by - - the GPL. If you do not delete the provisions above, a recipient - - may use your version of this file under either the MPL or the - - GPL. - --> -<HEAD> -<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> -<SCRIPT LANGUAGE="JavaScript1.2"> - -script_url = 'http://troll.mcom.com/certo/production/cgi-bin/certcgi.cgi' - -ext_page_ver1 = - make_page_intro('Version 1 extensions', "#FFFFFF") + - '<layer ID="ext1">' + - 'Version 1 X.509 certs do not support extensions' + - '</layer>' + - '</body></html>'; - -cur_page = 1; - -num_ca = 0; - -index_list = - '0, your_certificate_index_label,' + - '0, netscape_extensions_index_label,' + - '0, standard_extensions_index_label,' + - '0, certifying_authorities_index_label'; - -var main_page = - make_page_intro('Your Key', "#FFFFFF") + - '<layer ID="main" SRC="main.html">' + - '</layer>' + - '</body></html>' ; - -add_index_list = ''; - -max_pages = 13; - -ver = 3 - -ext_page_array = new Array(max_pages); - -index_label = 'Options'; - -your_certificate_index_label = 'Your Certificate'; - -netscape_extensions_index_label = 'Netscape X.509 Extensions'; - -standard_extensions_index_label = 'Standard X.509 Extensions'; - -certifying_authorities_index_label = 'Certifying Authorities'; - -add_sub_alt_name_index_label = 'Add Subject Alternative Name'; - -function setSubAltNameType(form) -{ - with(form) - { - if (SubAltNameRadio[0].checked) - { - return true; - } - if (SubAltNameRadio[3].checked || SubAltNameRadio[5].checked) - { - SubAltNameDataType.checked = true; - return true; - } - if (SubAltNameRadio[1].checked || SubAltNameRadio[2].checked || - SubAltNameRadio[4].checked || SubAltNameRadio[6].checked || - SubAltNameRadio[7].checked || SubAltNameRadio[8].checked) - { - SubAltNameDataType.checked = false; - return true; - } - } - return true; -} - -function setIssuerAltNameType(form) -{ - with(form) - { - if (IssuerAltNameRadio[0].checked) - { - return true; - } - if (IssuerAltNameRadio[3].checked || IssuerAltNameRadio[5].checked) - { - IssuerAltNameDataType.checked = true; - return true; - } - if (IssuerAltNameRadio[1].checked || IssuerAltNameRadio[2].checked || - IssuerAltNameRadio[4].checked || IssuerAltNameRadio[6].checked || - IssuerAltNameRadio[7].checked || IssuerAltNameRadio[8].checked) - { - IssuerAltNameDataType.checked = false; - return true; - } - } - return true; -} - - -function setNameConstraintNameType(form) -{ - with(form) - { - if (NameConstraintRadio[0].checked) - { - return true; - } - if (NameConstraintRadio[3].checked || NameConstraintRadio[5].checked) - { - NameConstraintNameDataType.checked = true; - return true; - } - if (NameConstraintRadio[1].checked || NameConstraintRadio[2].checked || - NameConstraintRadio[4].checked || NameConstraintRadio[6].checked || - NameConstraintRadio[7].checked || NameConstraintRadio[8].checked) - { - NameConstraintNameDataType.checked = false; - return true; - } - } - return true; -} - - -function addSubAltName(form) -{ - - with(form) - { - var len = SubAltNameSelect.length; - var value; - var i = 0; - while(!(i == (SubAltNameRadio.length - 1)) & !(SubAltNameRadio[i].checked == true)) - { - i++; - } - if (i != 0) - { - value = SubAltNameText.value + " - " + (i + 1); - } - else - { - value = SubAltNameText.value + " - " + SubAltNameOtherNameOID.value + " - "; - if (SubAltNameDataType.checked) - { - value += "1 - "; - } - else - { - value += "0 - "; - } - value += (i + 1); - if (SubAltNameOtherNameOID.value == "") - { - alert("Other names must include an OID"); - return false; - } - } - - if ((SubAltNameText.value == "") | (SubAltNameRadio[i].checked != true)) - { - alert("Alternative Names must include values for name and name type."); - } - else - { - SubAltNameSelect.options[len] = new Option(value, value); - } - } - return true; -} - -function deleteSubAltName(form) -{ - with(form) - { - while (SubAltNameSelect.selectedIndex >= 0) - { - SubAltNameSelect[SubAltNameSelect.selectedIndex] = null; - } - } -} - -function addIssuerAltName(form) -{ - with(form) - { - var len = IssuerAltNameSelect.length; - var value; - var i = 0; - - while(!(i == (IssuerAltNameRadio.length -1)) & !(IssuerAltNameRadio[i].checked == true)) - { - i++; - } - if (i != 0) - { - value = IssuerAltNameText.value + " - " + (i + 1); - } - else - { - value = IssuerAltNameText.value + " - " + IssuerAltNameOtherNameOID.value + " - "; - if (IssuerAltNameDataType.checked) - { - value += "1 - "; - } - else - { - value += "0 - "; - } - value += (i + 1); - if (IssuerAltNameOtherNameOID.value == "") - { - alert("Other names must include an OID"); - return false; - } - } - if ((IssuerAltNameText.value == "") | (IssuerAltNameRadio[i].checked != true)) - { - alert("Alternative Names must include values for name and name type.") - } - else - { - IssuerAltNameSelect.options[len] = new Option(value, value); - } - } - return true; -} - -function deleteIssuerAltName(form) -{ - with(form) - { - while (IssuerAltNameSelect.selectedIndex >= 0) - { - IssuerAltNameSelect[IssuerAltNameSelect.selectedIndex] = null; - } - } -} - - - -function addNameConstraint(form) -{ - with(form) - { - var len = NameConstraintSelect.length; - var value; - var i = 0; - var min = NameConstraintMin.value; - var max = NameConstraintMax.value; - - while(!(i == (NameConstraintRadio.length - 1) ) & !(NameConstraintRadio[i].checked == true)) - { - i++; - } - value = NameConstraintText.value + " - "; - if (i == 0) - { - value += NameConstraintOtherNameOID.value + " - "; - if (NameConstraintNameDataType.checked) - { - value += "1 - "; - } - else - { - value += "0 - "; - } - if (NameConstraintOtherNameOID.value == "") - { - alert("Other names must include an OID"); - return false; - } - } - value += (i + 1) + " - "; - if (NameConstraintTypeRadio[0].checked == true) - { - value += "p - "; - } - else - { - value += "e - "; - } - value += min + " - " + max; - if ((min == "") | (NameConstraintText.value == "") | (NameConstraintRadio[i].checked != true)) - { - alert("Name Constraints must include values for minimum, name, and name type.") - } - else - { - NameConstraintSelect.options[len] = new Option(value, value); - } - } - return true; -} - -function deleteNameConstraint(form) -{ - with(form) - { - while (NameConstraintSelect.selectedIndex >= 0) - { - NameConstraintSelect[NameConstraintSelect.selectedIndex] = null; - } - } -} - - -function submit_it() -{ - save_cur_page(cur_page); - - var array_string; - var subject = ext_page_array[0][22][0]; - var serial = ext_page_array[0][10][0]; - var ver1 = (ver == 1); - var ver3 = (ver == 3); - var serial_number = ext_page_array[0][12][0]; - var notBefore = ext_page_array[0][20][0]; - var notAfter = ext_page_array[0][21][0]; - var manValidity = ext_page_array[0][19][0]; - - if (subject == "") - { - alert("The DN field must contain some data"); - return false; - } - if (!serial & serial_number == "") - { - alert("No serial number specified"); - return false; - } - if (ext_page_array[0][15][0]) - { - var keygen = "<keygen name=\"key\" challenge=\"foo\">"; - } - else - { - switch (ext_page_array[0][17][0]) { - case 2: - var keygen = "<keygen keytype=\"dsa\" pqg=\"MIGdAkEAjfKklEkidqo9JXWbsGhpy+rA2Dr7jQz3y7gyTw14guXQdi/FtyEOr8Lprawyq3qsSWk9+/g3JMLsBzbuMcgCkQIVAMdzIYxzfsjumTtPLe0w9I7azpFfAkEAYm0CeDnqChNBMWOlW0y1ACmdVSKVbO/LO/8Q85nOLC5xy53l+iS6v1jlt5UhklycxC6fb0ZLCIzFcq9T5teIAg==\" name=\"key\" challenge=\"foo\">"; - break; - case 1: - var keygen = "<keygen keytype=\"dsa\" pqg=\"MIHaAmDCboVgX0+6pEeMlbwsasWDVBcJNHPKMzkq9kbCRK2U3k+tE15n+Dc2g3ZjDYr1um51e2iLC34/BwAAAAAAAAAAAAAAAAAAAAAAAAABbBhnlFN5Djmt0Mk8cdEBY5H8iPMCFMhUnFtbpjn3EyfH2DjVg3ALh7FtAmA2zWzhpeCwvOTjYnQorlXiv0WcnSiWmaC79CRYkFt5i+UEfRxwP1eNGJBVB1T+CPW6JGd4WhgsqtSf53pn5DEtv++O7lNfXyOhWhb3KaWHYIx8fuAXtioIWkWmpfEIVZA=\" name=\"key\" challenge=\"foo\">"; - break; - case 0: - var keygen = "<keygen keytype=\"dsa\" pqg=\"MIIBHAKBgId8SiiWrcdua5zbsBhPkKfFcnHBG7T/bQla7c6OixGjjmSSuq2fJLvMKa579CaxHxLZzZZXIHmAk9poRgWl2GUUkCJ68XSum8OQzDPXPsofcEdeANjw3mIAAAAAAAAAAAAAAAAAAAAAAAAIE+MkW5hguLIQqWvEVi9dMpbNu6OZAhTIA+y3TgyiwA0D8pt686ofaL1IOQKBgAiZQC6UCXztr2iXxJrAC+51gN5oX/R9Thilln9RGegsWnHrdxUOpcm5vAWp1LU8TOXtujE8kqkm3UxIRhUWQORe9IxLANAXmZJqkw9FEVHkxj6Cy9detwT2MyBzSwS6avsf7aLisgHmI/IHSeapJsQ3NQa3rikb6zRiqIV+TVa6\" name=\"key\" challenge=\"foo\">"; - break; - } - } - array_string = build_array_string(); - hiddens = "<input type=\"hidden\" name=\"subject\" value=\'" + subject + "\'> \n" + - "<input type=\"hidden\" name=\"serial-auto\" value=\"" + serial + "\"> \n" + - "<input type=\"hidden\" name=\"serial_value\" value=\"" + serial_number + "\"> \n" + - "<input type=\"hidden\" name=\"ver-1\" value=\"" + ver1 + "\"> \n" + - "<input type=\"hidden\" name=\"ver-3\" value=\"" + ver3 + "\"> \n" + - "<input type=\"hidden\" name=\"notBefore\" value=\"" + notBefore + "\"> \n" + - "<input type=\"hidden\" name=\"notAfter\" value=\"" + notAfter + "\"> \n" + - "<input type=\"hidden\" name=\"manValidity\" value=\"" + manValidity + "\"> \n" + - array_string; - - var good_submit_page = - '<html>' + - '<BODY TEXT="#000000" LINK="#000000" VLINK="#000000" ALINK="#FF0000" BGCOLOR="#FFFFFF">' + - '<form method="post" action="' + script_url + '">' + - 'Select size for your key:' + keygen + '</p>' + - '<input type="submit"></p>' + - hiddens + - '</form>\n' + - '</body>\n' + - '</html>\n'; - - window.frames.extensions.document.write(good_submit_page); - window.frames.extensions.document.close(); - cur_page = max_pages + 1; - make_index(window); - return false; -} - - - -function build_array_string() -{ - var j; - var array_string = ''; - var pages; - - if ((ext_page_array[3][4][0] > 0) && ext_page_array[3][3][0]) - { - pages = 4 + parseInt(ext_page_array[3][4][0]); - } - else - { - pages = 4; - } - for (j = 1; j < pages; j++) - { - if ((j > 1 || (ver == 3)) && - (ext_page_array[j].length > 1)) - { - if (j < 4) - { - for (i = 0; i < ext_page_array[j].length; i++) - { - if (ext_page_array[j][i][3].indexOf("radio") == -1) - { - if (ext_page_array[j][i][3].indexOf("multiple") == -1) - { - array_string += '<input type=\"hidden\" name=\"' + ext_page_array[j][i][1] + '\" value=\'' + ext_page_array[j][i][0] + '\'> \n'; - } - else - { - for (k = 0; k < ext_page_array[j][i][0].length; k++) - { - array_string += '<input type=\"hidden\" name=\"' + ext_page_array[j][i][1] + k + '\" value=\'' + ext_page_array[j][i][0][k] + '\'> \n'; - } - } - } - else - { - array_string += '<input type=\"hidden\" name=\"' + ext_page_array[j][i][1] + '-' + ext_page_array[j][i][2] + '\" value=\'' + ext_page_array[j][i][0] + '\'> \n'; - } - } - } - else - { - for (i = 0; i < ext_page_array[j].length; i++) - { - if (ext_page_array[j][i][3].indexOf("radio") == -1) - { - if (ext_page_array[j][i][3].indexOf("multiple") == -1) - { - array_string += '<input type=\"hidden\" name=\"' + 'CA#' + (j - 3) + '-' + ext_page_array[j][i][1] + '\" value=\'' + ext_page_array[j][i][0] +'\'> \n'; - } - else - { - for (k = 0; k < ext_page_array[j][i][0].length; k++) - { - array_string += '<input type=\"hidden\" name=\"' + 'CA#' + (j - 3) + '-' + ext_page_array[j][i][1] + k + '\" value=\'' + ext_page_array[j][i][0][k] + '\'> \n'; - } - } - } - else - { - array_string += '<input type=\"hidden\" name=\"' + 'CA#' + (j - 3) + '-' + ext_page_array[j][i][1] + '-' + ext_page_array[j][i][2] + '\" value=\'' + ext_page_array[j][i][0] + '\'> \n'; - } - } - } - } - } - return array_string; -} - - - -function init_ext_page_array() -{ - for (i = 0; i < max_pages; i++) - { - ext_page_array[i] = ''; - } -} - -function ca_num_change(n,ca_form) -{ - with(ca_form) - { - n = parseInt(n,10); - if (caChoiceradio[2].checked) - { - if (n) - { - update_index(n); - } - else - { - update_index(0); - } - } - } -} - -function choice_change(ca_form) -{ - with(ca_form) - { - if (caChoiceradio[2].checked) - { - ca_num_change(manCAs.value,ca_form); - } - else - { - update_index(0); - } - } -} - -function update_index(n) -{ - var add_string = ''; - for (var i = 0; i < n; i++) - { - var j = i + 1; - add_string = add_string + ',1, \'CA #' + j + '\''; - } - top.add_index_list = add_string; - num_ca = n; - make_index(window); -} - -function set_ver1() -// redraws the extensions page for version 1 certificates -{ - ver = 1 - if (cur_page == 2 || cur_page == 3) - { - sa_switch_pane(window, cur_page, cur_page); - } -} - - -function set_ver3() -// redraws the extensions page for version 3 certificates -{ - ver = 3 - if (cur_page == 2) - { - sa_switch_pane(window, 0, 2); - } - else if (cur_page == 3) - { - sa_switch_pane(window, 0, 3); - } -} - -function reset_subject(marker, value, form) -// Updates the subject field from a subordinate field -{ - with(form) - { - var field_sep = '", '; - var begin_index = subject.value.indexOf(marker); - if (begin_index != 0 && subject.value[begin_index - 1] != ' ') - { - begin_index = subject.value.indexOf(marker, begin_index +1); - } - var end_index = subject.value.indexOf(field_sep, begin_index); - if (begin_index > -1) // is it a delete/change? - { - if (end_index == -1) // is it the last one (includes only one)? - { - if (value.length > 0) // do I have to change it? - { - if (begin_index == 0) // is is the only one? - { - subject.value = marker + '"' + value + '"'; - } - else // it is the last of many - { - subject.value = subject.value.substring(0,begin_index) + marker + '"' + value + '"'; - } - } - else // must be a delete - { - if (begin_index == 0) // is it the only one? - { - begin_index += 2; - } - subject.value = subject.value.substring(0,(begin_index - 2)); - } - } - else // it is the first of many or a middle one - { - if (value.length >0) // do I have to change it? - { - subject.value = subject.value.substring(0,(begin_index + marker.length + 1)) + value + subject.value.substring(end_index,subject.length); - } - else // it is a delete - { - subject.value = subject.value.substring(0,begin_index) + subject.value.substring((end_index + 3),subject.length); - } - } - } - else // It is either an insert or a do nothing - { - if (value.length > 0) // is it an insert? - { - if (subject.value.length == 0) // is subject currently empty? - { - subject.value = marker + '"' + value + '"'; - } - else - { - subject.value = subject.value + ', ' + marker + '"' + value + '"'; - } - } - } - } -} - - - -function reset_subjectFields(form) -// updates all the subordinate fields from the subject field of a form -// ************ move the strings to global variables, to make maintentance easier **************** -{ - - update_subject_Field(form, 'CN=\"', form.name); - update_subject_Field(form, 'MAIL=\"', form.email); - update_subject_Field(form, 'O=\"', form.org); - update_subject_Field(form, 'C=\"', form.country); - update_subject_Field(form, ' L=\"', form.loc); - update_subject_Field(form, 'ST=\"', form.state); - update_subject_Field(form, 'E=\"', form.email); - update_subject_Field(form, 'OU=\"', form.org_unit); - update_subject_Field(form, 'UID=\"', form.uid); -} - -function update_subject_Field(form, marker, update_field) -//updates a single subordinate field from the subject field of a form -// *************** need to deal with the two types of e-mail addresses ************** -{ - with(form) - { - var field_sep = '", '; - var begin_index = subject.value.indexOf(marker) + marker.length; - var end_index = subject.value.indexOf(field_sep, begin_index); - if (end_index == -1) - { - end_index = subject.value.indexOf('"',begin_index); - } - if (begin_index != (-1 + marker.length) ) - { - update_field.value = subject.value.substring(begin_index, end_index); - } - else - { - update_field.value = ''; - } - } -} - - -function switch_mail(form) - // *************** I need to figure out if I want to delete the other type of e-mail address ************ -{ - if (form.email_type[0].checked) - { - var del = 'E='; - var ins = 'MAIL='; - } - else - { - var del = 'MAIL='; - var ins = 'E='; - } - reset_subject(del, '', form); - reset_subject(ins, form.email.value, form); -} - -function make_page_intro(title, bgcolor) -{ - var style = '<STYLE TYPE="text/css">BODY{' + - 'font-family: Geneva,MS Sans Serif,Arial,Lucida,Helvetica,sans-serif;' + - 'font-size: 10pt;' + - '}' + - 'TD{' + - 'font-family: Geneva,MS Sans Serif,Arial,Lucida,Helvetica,sans-serif;' + - 'font-size: 10pt;}' + - '</STYLE>'; - - if (bgcolor == null) { bgcolor = "#C0C0C0"; } - return '<HTML><HEAD>' + - '<TITLE>' + title + '</TITLE>' + - '</HEAD>' + - '<BODY TEXT="#000000" LINK="#000000" VLINK="#000000" ALINK="#FF0000" ' + - 'BGCOLOR="' + bgcolor + '">'; -} - - -function make_index(window) -{ - with (window.frames.index) - { - eval ('index_string = make_index_page(cur_page, ' + index_list + add_index_list + ' )'); - fool1 = make_page_intro(index_label, "#FFFFFF") + - index_string + '</BODY></HTML>'; - document.write(fool1); - document.close(); - } -} - - -function save_cur_page(page_number) -{ - var len; - var j = page_number - 1; - if (frames.extensions.document.layers.length != 0) - { - with (frames.extensions.document.layers[0].document) - { - if ((page_number != 2 && page_number != 3 && page_number <= max_pages) || - ver == 3) - { - ext_page_array[j] = new Array(forms[0].elements.length); - for (i = 0; i < forms[0].elements.length; i++) - { - ext_page_array[j][i] = new Array(4); - switch (forms[0].elements[i].type) - { - case 'radio': case 'checkbox': - ext_page_array[j][i][0] = forms[0].elements[i].checked; - break; - case 'select-one': - ext_page_array[j][i][0] = forms[0].elements[i].selectedIndex; - break; - case 'select-multiple': - len = forms[0].elements[i].options.length; - ext_page_array[j][i][0] = new Array(len); - for(k = 0; k < len; k++) - { - ext_page_array[j][i][0][k] = forms[0].elements[i].options[k].value; - } - break; - default: - ext_page_array[j][i][0] = forms[0].elements[i].value; - } - ext_page_array[j][i][1] = forms[0].elements[i].name; - ext_page_array[j][i][2] = forms[0].elements[i].value; - ext_page_array[j][i][3] = forms[0].elements[i].type; - } - } - } - } -} - -function reload_form(page_number) -{ - var j = page_number - 1; - with (frames.extensions.document.layers[0].document) - { - if (((page_number < 2 || page_number > 3) || ver == 3) - && page_number != 0 && (ext_page_array[j].length > 1)) - { - for (i = 0; i < ext_page_array[j].length; i++) - { - switch (forms[0].elements[i].type) - { - case 'radio': case 'checkbox': - forms[0].elements[i].checked = ext_page_array[j][i][0]; - break; - case 'select-one': - forms[0].elements[i].selectedIndex = ext_page_array[j][i][0]; - break; - case 'select-multiple': - for (k = 0; k < ext_page_array[j][i][0].length; k++) - { - forms[0].elements[i].options[k] = new Option(ext_page_array[j][i][0][k], - ext_page_array[j][i][0][k]); - } - break; - default: - forms[0].elements[i].value = ext_page_array[j][i][0]; - } - } - } - } -} - -function sa_switch_pane(top_window, old_pane, new_pane) -{ - var ext_page_stnd = - make_page_intro(standard_extensions_index_label, "#FFFFFF") + - '<layer ID="ext" SRC="stnd_ext_form.html">' + - '</layer>' + - '</body></html>'; - - var ext_page_nscp = - make_page_intro(netscape_extensions_index_label, "#FFFFFF") + - '<layer ID="ext" SRC="nscp_ext_form.html">' + - '</layer>' + - '</body></html>'; - - var ext_page_ca = - make_page_intro(certifying_authorities_index_label, "#FFFFFF") + - '<layer ID="ext" SRC="ca.html">' + - '</layer>' + - '</body</html>'; - - var ext_page_ca_exp = - make_page_intro('Certifying Authority Details', "#FFFFFF") + - '<layer ID="ext" SRC="ca_form.html">' + - '</layer>' + - '</body></html>'; - - - if (old_pane > 0 && cur_page <= max_pages) - { - save_cur_page(old_pane); - } - cur_page = new_pane; - make_index(top_window); - if (new_pane == 2 || new_pane == 3) - { - if (ver == 1) - { - frames.extensions.document.write(ext_page_ver1); - frames.extensions.document.close(); - } - else - { - if (new_pane == 2) - { - frames.extensions.document.write(ext_page_nscp); - frames.extensions.document.close(); - reload_form(new_pane); - } - else - { - frames.extensions.document.write(ext_page_stnd); - frames.extensions.document.close(); - reload_form(new_pane); - } - } - } - else - { - if (new_pane == 4) - { - frames.extensions.document.write(ext_page_ca); - frames.extensions.document.close(); - reload_form(new_pane); - } - else - { - if (new_pane == 1) - { - frames.extensions.document.write(main_page); - frames.extensions.document.close(); - reload_form(new_pane); - } - else - { - frames.extensions.document.write(ext_page_ca_exp); - frames.extensions.document.close(); - reload_form(new_pane); - } - } - } -} - -function make_index_page(selected) -{ - var n_strings = ( make_index_page.arguments.length - 1 ) / 2; - var table_background; - var command; - var indent; - var label; - var ret_string = ""; - - ret_string += '<TABLE CELLSPACING=4>'; - for ( var i = 1; i <= n_strings; i++ ) { - if ( i == selected ) { - table_background = 'BGCOLOR=#BBCCBB'; - } else { - table_background = ''; - } - - indent = make_index_page.arguments[(i*2) - 1]; - label = make_index_page.arguments[(i*2)]; - - if ( indent == 0 ) { - ret_string += ('<TR><TD COLSPAN=2 ' + table_background + '>'); - } else { - ret_string += ('<TR><TD> </TD><TD ' + table_background + '>'); - } - - command = "'parent.sa_switch_pane(parent," + selected + "," + i + ")'"; - ret_string += ('<A HREF="javascript:void setTimeout(' + command + ',0)">'); - if ( indent == 0 ) { ret_string += "<B>"; } - ret_string += label; - if ( indent == 0 ) { ret_string += "</B>"; } - ret_string += '</A></TD></TR>'; - } - if (selected == (max_pages + 1)) - { - table_background = 'BGCOLOR=#BBCCBB'; - } else { - table_background = ''; - } - ret_string += - '<TR><TD COLSPAN=2 ' + table_background + - '><b><A HREF="javascript:void setTimeout(\'top.submit_it()\', 0)">Finish</A></b>' + - '</TD></TR>' + - '<input type="submit"></form>' + - '</TABLE>'; - return(ret_string); -} - - -function make_page(window) -// Draws the initial page setup -{ - selected = cur_page - init_ext_page_array() - - with (window.frames.extensions) { - document.write(main_page); - document.close(); - } - - make_index(window); - -} -</script> - -</HEAD> -<title>Cert-O-Matic</title> - <FRAMESET cols="150,*" BORDER=3 ONLOAD="make_page(window)"> - <FRAME SRC="about:blank" NAME="index" - MARGINWIDTH=15 MARGINHEIGHT=10 BORDER=3> - <FRAME SRC="about:blank" NAME="extensions" - MARGINWIDTH=15 MARGINHEIGHT=10 BORDER=3> - </FRAMESET> -</HTML> diff --git a/security/nss/cmd/certcgi/main.html b/security/nss/cmd/certcgi/main.html deleted file mode 100644 index 2c47a8b76..000000000 --- a/security/nss/cmd/certcgi/main.html +++ /dev/null @@ -1,105 +0,0 @@ -<HTML> -<!-- - - The contents of this file are subject to the Mozilla Public - - License Version 1.1 (the "License"); you may not use this file - - except in compliance with the License. You may obtain a copy of - - the License at http://www.mozilla.org/MPL/ - - - - Software distributed under the License is distributed on an "AS - - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - - implied. See the License for the specific language governing - - rights and limitations under the License. - - - - The Original Code is the Netscape security libraries. - - - - The Initial Developer of the Original Code is Netscape - - Communications Corporation. Portions created by Netscape are - - Copyright (C) 1994-2000 Netscape Communications Corporation. All - - Rights Reserved. - - - - Contributor(s): - - - - Alternatively, the contents of this file may be used under the - - terms of the GNU General Public License Version 2 or later (the - - "GPL"), in which case the provisions of the GPL are applicable - - instead of those above. If you wish to allow use of your - - version of this file only under the terms of the GPL and not to - - allow others to use your version of this file under the MPL, - - indicate your decision by deleting the provisions above and - - replace them with the notice and other provisions required by - - the GPL. If you do not delete the provisions above, a recipient - - may use your version of this file under either the MPL or the - - GPL. - --> -<HEAD> - <TITLE>Main Layer for CertOMatic</TITLE> -</HEAD> - - <form method="post" name="primary_form" action="http://troll.mcom.com/jsw/cgi-bin/echoform.cgi"> - <table border=0 cellspacing=10 cellpadding=0> - <tr> - <td> - Common Name:</td><td> <input type="text" name="name" onChange="{window.top.reset_subject('CN=', value, form)}"></p> - </td> - <td></td><td></td> - <td> - Organization: </td><td> <input type="text" name="org" onChange="{window.top.reset_subject('O=', value, form)}"></p></td> - <tr> - <td> - <input type="radio" name="email_type" value="1" onClick="window.top.switch_mail(form)">MAIL= - - <input type="radio" name="email_type" value="2" checked onClick="window.top.switch_mail(form)">E= - </td> - <td> - <input type="text" name="email" onChange="var temp;{if (email_type[0].checked) {temp = 'MAIL='} else {temp = 'E='}} ;{window.top.reset_subject(temp, value, form)}"> - </td> - <td></td><td></td><td> - Organizational Unit: </td><td><input type="text" name="org_unit" onChange="{window.top.reset_subject('OU=', value, form)}"></p></td> - <tr> - <td> - UID= </td><td><input type="text" name="uid" onChange="{window.top.reset_subject('UID=', value, form)}"></p></td> - <td></td><td></td><td> - Locality: </td><td><input type="text" name="loc" onChange="{window.top.reset_subject('L=', value, form)}"></p></td> - <tr> - <td> - State or Province: </td><td><input type="text" name="state" onChange="{window.top.reset_subject('ST=', value, form)}"></p></td> - <td></td><td></td><td> - Country: </td><td><input type="text" size="2" name="country" onChange="{window.top.reset_subject('C=', value, form)}" maxlength="2"></p></td> - <tr> - <td COLSPAN=2> - Serial Number: - <DD><input type="radio" name="serial" value="auto" checked> Auto Generate - <DD><input type="radio" name="serial" value="input"> - Use this value: <input type="text" name="serial_value" size="8" maxlength="8"></p> - </td> - <td></td> <td></td> - <td COLSPAN=2> - X.509 version: - <DD><input type="radio" name="ver" value="1" onClick="if (this.checked) {window.top.set_ver1();}"> Version 1 - <DD><input type="radio" name="ver" value="3" checked onClick="if (this.checked) {window.top.set_ver3();}"> Version 3</P></td> - <tr> - <td COLSPAN=2> - Key Type: - <DD><input type="radio" name="keyType" value="rsa" checked> RSA - <DD><input type="radio" name="keyType" value="dsa"> DSA</p> - Intermediate CA Key Sizes: - <DD><select name="keysize"> - <option>2048 (Very High Grade) - <option>1024 (High Grade) - <option>512 (Low Grade) - </select> - </td> - <td></td> <td></td> - <td COLSPAN=2> - Validity: - <DD><input type="radio" name="validity" value="auto" checked> - Generate Automatically - <DD><input type="radio" name="validity" value="man"> Use these values: - <DD>Not Before: <input type="text" size="15" maxlength="17" name="notBefore"> - <DD>Not After: <input type="text" size="15" maxlength="17" name="notAfter"> - <DD> - <FONT SIZE=-1><TT>YYMMDDhhmm[ss]{Z|+hhmm|-hhmm} </TT></FONT> - </table> - DN: <input type="text" name="subject" size="70" onChange="{window.top.reset_subjectFields(form)}"></P> - </form> -</HTML> diff --git a/security/nss/cmd/certcgi/manifest.mn b/security/nss/cmd/certcgi/manifest.mn deleted file mode 100644 index e4c00ce13..000000000 --- a/security/nss/cmd/certcgi/manifest.mn +++ /dev/null @@ -1,48 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIREd. -MODULE = security - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = certcgi.c - -PROGRAM = certcgi - diff --git a/security/nss/cmd/certcgi/nscp_ext_form.html b/security/nss/cmd/certcgi/nscp_ext_form.html deleted file mode 100644 index b0d385534..000000000 --- a/security/nss/cmd/certcgi/nscp_ext_form.html +++ /dev/null @@ -1,113 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> -<html> -<!-- - - The contents of this file are subject to the Mozilla Public - - License Version 1.1 (the "License"); you may not use this file - - except in compliance with the License. You may obtain a copy of - - the License at http://www.mozilla.org/MPL/ - - - - Software distributed under the License is distributed on an "AS - - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - - implied. See the License for the specific language governing - - rights and limitations under the License. - - - - The Original Code is the Netscape security libraries. - - - - The Initial Developer of the Original Code is Netscape - - Communications Corporation. Portions created by Netscape are - - Copyright (C) 1994-2000 Netscape Communications Corporation. All - - Rights Reserved. - - - - Contributor(s): - - - - Alternatively, the contents of this file may be used under the - - terms of the GNU General Public License Version 2 or later (the - - "GPL"), in which case the provisions of the GPL are applicable - - instead of those above. If you wish to allow use of your - - version of this file only under the terms of the GPL and not to - - allow others to use your version of this file under the MPL, - - indicate your decision by deleting the provisions above and - - replace them with the notice and other provisions required by - - the GPL. If you do not delete the provisions above, a recipient - - may use your version of this file under either the MPL or the - - GPL. - --> - - <body> - <table border=1 cellspacing=5 cellpadding=5> - <form method="post" name="primary_form" action="http://troll.mcom.com/jsw/cgi-bin/echoform.cgi"> - <tr> - <td> - <b>Netscape Certificate Type: </b></p> - Activate extension: <input type="checkbox" name="netscape-cert-type"></P> - Critical: <input type="checkbox" name="netscape-cert-type-crit"> - <td> - <input type="checkbox" name="netscape-cert-type-ssl-client"> SSL Client</P> - <input type="checkbox" name="netscape-cert-type-ssl-server"> SSL Server</P> - <input type="checkbox" name="netscape-cert-type-smime"> S/MIME</P> - <input type="checkbox" name="netscape-cert-type-object-signing"> Object Signing</P> - <input type="checkbox" name="netscape-cert-type-reserved"> Reserved for future use (bit 4)</P> - <input type="checkbox" name="netscape-cert-type-ssl-ca"> SSL CA</P> - <input type="checkbox" name="netscape-cert-type-smime-ca"> S/MIME CA</P> - <input type="checkbox" name="netscape-cert-type-object-signing-ca"> Object Signing CA</P> - </tr> - <tr> - <td> - <b>Netscape Base URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-base-url"></P> - Critical: <input type="checkbox" name="netscape-base-url-crit"> - <td> - <input type="text" name="netscape-base-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape Revocation URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-revocation-url"></P> - Critical: <input type="checkbox" name="netscape-revocation-url-crit"> - <td> - <input type="text" name="netscape-revocation-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape CA Revocation URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-ca-revocation-url"></P> - Critical: <input type="checkbox" name="netscape-ca-revocation-url-crit"> - <td> - <input type="text" name="netscape-ca-revocation-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape Certificate Renewal URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-cert-renewal-url"></P> - Critical: <input type="checkbox" name="netscape-cert-renewal-url-crit"> - <td> - <input type="text" name="netscape-cert-renewal-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape CA Policy URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-ca-policy-url"></P> - Critical: <input type="checkbox" name="netscape-ca-policy-url-crit"> - <td> - <input type="text" name="netscape-ca-policy-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape SSL Server Name:</b></p> - Activate extension: <input type="checkbox" name="netscape-ssl-server-name"></P> - Critical: <input type="checkbox" name="netscape-ssl-server-name-crit"> - <td> - <input type="text" name="netscape-ssl-server-name-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape Comment:</b></p> - Activate extension: <input type="checkbox" name="netscape-comment"></P> - Critical: <input type="checkbox" name="netscape-comment-crit"> - <td> - <textarea name="netscape-comment-text" rows="5" cols="50"></textarea> - </tr> - - </table> - </body> -</html> diff --git a/security/nss/cmd/certcgi/stnd_ext_form.html b/security/nss/cmd/certcgi/stnd_ext_form.html deleted file mode 100644 index 26868c62c..000000000 --- a/security/nss/cmd/certcgi/stnd_ext_form.html +++ /dev/null @@ -1,247 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> -<html> -<!-- - - The contents of this file are subject to the Mozilla Public - - License Version 1.1 (the "License"); you may not use this file - - except in compliance with the License. You may obtain a copy of - - the License at http://www.mozilla.org/MPL/ - - - - Software distributed under the License is distributed on an "AS - - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - - implied. See the License for the specific language governing - - rights and limitations under the License. - - - - The Original Code is the Netscape security libraries. - - - - The Initial Developer of the Original Code is Netscape - - Communications Corporation. Portions created by Netscape are - - Copyright (C) 1994-2000 Netscape Communications Corporation. All - - Rights Reserved. - - - - Contributor(s): - - - - Alternatively, the contents of this file may be used under the - - terms of the GNU General Public License Version 2 or later (the - - "GPL"), in which case the provisions of the GPL are applicable - - instead of those above. If you wish to allow use of your - - version of this file only under the terms of the GPL and not to - - allow others to use your version of this file under the MPL, - - indicate your decision by deleting the provisions above and - - replace them with the notice and other provisions required by - - the GPL. If you do not delete the provisions above, a recipient - - may use your version of this file under either the MPL or the - - GPL. - --> - - <body> - <table border=1 cellspacing=5 cellpadding=5> - <form method="post" name="primary_form" action="http://troll.mcom.com/jsw/cgi-bin/echoform.cgi"> - <tr> - <td> - <b>Key Usage: </b></p> - Activate extension: <input type="checkbox" name="keyUsage"></P> - Critical: <input type="checkbox" name="keyUsage-crit"> - <td> - <input type="checkbox" name="keyUsage-digitalSignature"> Digital Signature</P> - <input type="checkbox" name="keyUsage-nonRepudiation"> Non Repudiation</P> - <input type="checkbox" name="keyUsage-keyEncipherment"> Key Encipherment</P> - <input type="checkbox" name="keyUsage-dataEncipherment"> Data Encipherment</P> - <input type="checkbox" name="keyUsage-keyAgreement"> Key Agreement</P> - <input type="checkbox" name="keyUsage-keyCertSign"> Key Certificate Signing</P> - <input type="checkbox" name="keyUsage-cRLSign"> CRL Signing</P> - </tr> - <tr> - <td> - <b>Extended Key Usage: </b></p> - Activate extension: <input type="checkbox" name="extKeyUsage"></P> - Critical: <input type="checkbox" name="extKeyUsage-crit"> - <td> - <input type="checkbox" name="extKeyUsage-serverAuth"> Server Auth</P> - <input type="checkbox" name="extKeyUsage-clientAuth"> Client Auth</P> - <input type="checkbox" name="extKeyUsage-codeSign"> Code Signing</P> - <input type="checkbox" name="extKeyUsage-emailProtect"> Email Protection</P> - <input type="checkbox" name="extKeyUsage-timeStamp"> Timestamp</P> - <input type="checkbox" name="extKeyUsage-ocspResponder"> OCSP Responder</P> - <input type="checkbox" name="extKeyUsage-NS-govtApproved"> Step-up</P> - </tr> - <tr> - <td> - <b>Basic Constraints:</b></p> - Activate extension: <input type="checkbox" name="basicConstraints"></P> - Critical: <input type="checkbox" name="basicConstraints-crit"> - <td> - CA:</p> - <dd><input type=radio name="basicConstraints-cA-radio" value="CA"> True</p> - <dd><input type=radio name="basicConstraints-cA-radio" value="NotCA"> False</p> - <input type="checkbox" name="basicConstraints-pathLengthConstraint"> - Include Path length: <input type="text" name="basicConstraints-pathLengthConstraint-text" size="2"></p> - </tr> - <tr> - <td> - <b>Authority Key Identifier:</b></p> - Activate extension: <input type="checkbox" name="authorityKeyIdentifier"> - <td> - <input type="radio" name="authorityKeyIdentifier-radio" value="keyIdentifier"> Key Identider</p> - <input type="radio" name="authorityKeyIdentifier-radio" value="authorityCertIssuer"> Issuer Name and Serial number</p> - </tr> - <tr> - <td> - <b>Subject Key Identifier:</b></p> - Activate extension: <input type="checkbox" name="subjectKeyIdentifier"> - <td> - Key Identifier: - <input type="text" name="subjectKeyIdentifier-text"></p> - This is an:<p> - <dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="ascii"> ascii text value<p> - <dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="hex"> hex value<p> - </tr> - <tr> - <td> - <b>Private Key Usage Period:</b></p> - Activate extension: <input type="checkbox" name="privKeyUsagePeriod"></p> - Critical: <input type="checkbox" name="privKeyUsagePeriod-crit"> - <td> - Use:</p> - <dd><input type="radio" name="privKeyUsagePeriod-radio" value="notBefore"> Not Before</p> - <dd><input type="radio" name="privKeyUsagePeriod-radio" value="notAfter"> Not After</p> - <dd><input type="radio" name="privKeyUsagePeriod-radio" value="both" > Both</p> - <b>Not to be used to sign before:</b></p> - <dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="auto"> Set to time of certificate issue</p> - <dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="manual"> Use This value</p> - <dd><dd>(YYYY/MM/DD HH:MM:SS): - <input type="text" name="privKeyUsagePeriod-notBefore-year" size="4" maxlength="4">/ - <input type="text" name="privKeyUsagePeriod-notBefore-month" size="2" maxlength="2">/ - <input type="text" name="privKeyUsagePeriod-notBefore-day" size="2" maxlength="2"> - <input type="text" name="privKeyUsagePeriod-notBefore-hour" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notBefore-minute" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notBefore-second" size="2" maxlength="2"></p> - <b>Not to be used to sign after:</b></p> - <dd>(YYYY/MM/DD HH:MM:SS): - <input type="text" name="privKeyUsagePeriod-notAfter-year" size="4" maxlength="4">/ - <input type="text" name="privKeyUsagePeriod-notAfter-month" size="2" maxlength="2">/ - <input type="text" name="privKeyUsagePeriod-notAfter-day" size="2" maxlength="2"> - <input type="text" name="privKeyUsagePeriod-notAfter-hour" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notAfter-minute" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notAfter-second" size="2" maxlength="2"></p> - </tr> - <tr> - <td> - <b>Subject Alternative Name:</b></p> - Activate extension: <input type="checkbox" name="SubAltName"></P> - Critical: <input type="checkbox" name="SubAltName-crit"> - <td> - <table> - <tr> - <td> - General Names:</p> - <select name="SubAltNameSelect" multiple size="10"> - </select></p></p> - <input type="button" name="SubAltName-add" value="Add" onClick="{parent.addSubAltName(this.form)}"> - <input type="button" name="SubAltName-delete" value="Delete" onClick="parent.deleteSubAltName(this.form)"> - </td><td> - <table><tr><td> - Name Type: </td></tr><tr><td> - <input type="radio" name="SubAltNameRadio" value="otherName" onClick="parent.setSubAltNameType(form)"> Other Name, - OID: <input type="text" name="SubAltNameOtherNameOID" size="6"> </td><td> - <input type="radio" name="SubAltNameRadio" value="rfc822Name" onClick="parent.setSubAltNameType(form)"> RFC 822 Name</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="dnsName" onClick="parent.setSubAltNameType(form)"> DNS Name </td><td> - <input type="radio" name="SubAltNameRadio" value="x400" onClick="parent.setSubAltNameType(form)"> X400 Address</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="directoryName" onClick="parent.setSubAltNameType(form)"> Directory Name</td><td> - <input type="radio" name="SubAltNameRadio" value="ediPartyName" onClick="parent.setSubAltNameType(form)"> EDI Party Name</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="URL" onClick="parent.setSubAltNameType(form)"> Uniform Resource Locator</td><td> - <input type="radio" name="SubAltNameRadio" value="ipAddress" onClick="parent.setSubAltNameType(form)"> IP Address</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="regID"onClick="parent.setSubAltNameType(form)"> Registered ID</td><td> - <input type="radio" name="SubAltNameRadio" value="nscpNickname" onClick="parent.setSubAltNameType(form)"> Netscape Certificate Nickname</td><td></tr> - </table> - Name: <input type="text" name="SubAltNameText"> - Binary Encoded: <input type="checkbox" name="SubAltNameDataType" value="binary" onClick="parent.setSubAltNameType(form)"></p> - </tr> - </table> - </tr> - - - <tr> - <td> - <b>Issuer Alternative Name:</b></p> - Activate extension: <input type="checkbox" name="IssuerAltName"></P> - Critical: <input type="checkbox" name="IssuerAltName-crit"> - <td> - <input type="radio" name="IssuerAltNameSourceRadio" value="auto"> Use the Subject Alternative Name from the Issuers Certificate</p> - <input type="radio" name="IssuerAltNameSourceRadio" value="man"> Use this Name: - <table> - <tr> - <td> - General Names:</p> - <select name="IssuerAltNameSelect" multiple size="10"> - </select></p></p> - <input type="button" name="IssuerAltName-add" value="Add" onClick="{parent.addIssuerAltName(this.form)}"> - <input type="button" name="IssuerAltName-delete" value="Delete" onClick="parent.deleteIssuerAltName(this.form)"> - </td><td> - <table><tr><td> - Name Type: </td></tr><tr><td> - <input type="radio" name="IssuerAltNameRadio" value="otherName" onClick="parent.setIssuerAltNameType(form)"> Other Name, - OID: <input type="text" name="IssuerAltNameOtherNameOID" size="6"> </td><td> - <input type="radio" name="IssuerAltNameRadio" value="rfc822Name" onClick="parent.setIssuerAltNameType(form)"> RFC 822 Name</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="dnsName" onClick="parent.setIssuerAltNameType(form)"> DNS Name </td><td> - <input type="radio" name="IssuerAltNameRadio" value="x400" onClick="parent.setIssuerAltNameType(form)"> X400 Address</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="directoryName" onClick="parent.setIssuerAltNameType(form)"> Directory Name</td><td> - <input type="radio" name="IssuerAltNameRadio" value="ediPartyName" onClick="parent.setIssuerAltNameType(form)"> EDI Party Name</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="URL" onClick="parent.setIssuerAltNameType(form)"> Uniform Resource Locator</td><td> - <input type="radio" name="IssuerAltNameRadio" value="ipAddress" onClick="parent.setIssuerAltNameType(form)"> IP Address</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="regID" onClick="parent.setIssuerAltNameType(form)"> Registered ID</td><td></tr> - </table> - Name: <input type="text" name="IssuerAltNameText"> - Binary Encoded: <input type="checkbox" name="IssuerAltNameDataType" value="binary" onClick="parent.setIssuerAltNameType(form)"></p> - </tr> - </table> - </tr> - - <tr> - <td> - <b>Name Constraints:</b></p> - Activate extension: <input type="checkbox" name="NameConstraints"></P> - <td> - <table> - <tr> - <td> - Name Constraints:</p> - <select name="NameConstraintSelect" multiple size="10"> - </select></p></p> - <input type="button" name="NameConstraint-add" value="Add" onClick="{parent.addNameConstraint(this.form)}"> - <input type="button" name="NameConstraint-delete" value="Delete" onClick="parent.deleteNameConstraint(this.form)"> - </td><td> - <table><tr><td> - Name Type: </td></tr><tr><td> - <input type="radio" name="NameConstraintRadio" value="otherName" onClick="parent.setNameConstraintNameType(form)"> Other Name, - OID: <input type="text" name="NameConstraintOtherNameOID" size="6"> </td><td> - <input type="radio" name="NameConstraintRadio" value="rfc822Name" onClick="parent.setNameConstraintNameType(form)"> RFC 822 Name</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="dnsName" onClick="parent.setNameConstraintNameType(form)"> DNS Name </td><td> - <input type="radio" name="NameConstraintRadio" value="x400" onClick="parent.setNameConstraintNameType(form)"> X400 Address</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="directoryName" onClick="parent.setNameConstraintNameType(form)"> Directory Name</td><td> - <input type="radio" name="NameConstraintRadio" value="ediPartyName" onClick="parent.setNameConstraintNameType(form)"> EDI Party Name</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="URL" onClick="parent.setNameConstraintNameType(form)"> Uniform Resource Locator</td><td> - <input type="radio" name="NameConstraintRadio" value="ipAddress" onClick="parent.setNameConstraintNameType(form)"> IP Address</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="regID" onClick="parent.setNameConstraintNameType(form)"> Registered ID</td><td></tr> - </table> - Name: <input type="text" name="NameConstraintText"> - Binary Encoded: <input type="checkbox" name="NameConstraintNameDataType" value="binary" onClick="parent.setNameConstraintNameType(form)"></p> - Constraint type:<p> - <dd><input type="radio" name="NameConstraintTypeRadio" value="permited"> permited<p> - <dd><input type="radio" name="NameConstraintTypeRadio" value="excluded"> excluded<p> - Minimum: <input type="text" name="NameConstraintMin" size="8" maxlength="8"></p> - Maximum: <input type="text" name="NameConstraintMax" size="8" maxlength="8"></p> - </tr> - </table> - </tr> - - </table> - </body> -</html> - - - - - - - - |