Initial NSS Open Source checkin

4 files changed, 651 insertions, 0 deletions

diff --git a/security/nss/cmd/crlutil/Makefile b/security/nss/cmd/crlutil/Makefile
new file mode 100644
index 000000000..63d4702cd
--- /dev/null
+++ b/security/nss/cmd/crlutil/Makefile
@@ -0,0 +1,76 @@
+#! gmake
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(CORE_DEPTH)/security/cmd/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+
+include $(CORE_DEPTH)/security/cmd/platrules.mk
+
diff --git a/security/nss/cmd/crlutil/crlutil.c b/security/nss/cmd/crlutil/crlutil.c
new file mode 100644
index 000000000..a075e25c2
--- /dev/null
+++ b/security/nss/cmd/crlutil/crlutil.c
@@ -0,0 +1,394 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+/*
+** certutil.c
+**
+** utility for managing certificates and the cert database
+**
+*/
+/* test only */
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "secutil.h"
+#include "cert.h"
+#include "certdb.h"
+#include "cdbhdl.h"
+
+#define SEC_CERT_DB_EXISTS 0
+#define SEC_CREATE_CERT_DB 1
+
+static char *progName;
+
+static CERTCertDBHandle
+*OpenCertDB(int createNew)
+  /* NOTE: This routine has been modified to allow the libsec/pcertdb.c  routines to automatically
+  ** find and convert the old cert database into the new v3.0 format (cert db version 5).
+  */
+{
+    CERTCertDBHandle *certHandle;
+    SECStatus         rv;
+
+    /* Allocate a handle to fill with CERT_OpenCertDB below */
+    certHandle = (CERTCertDBHandle *)PORT_ZAlloc(sizeof(CERTCertDBHandle));
+    if (!certHandle) {
+	SECU_PrintError(progName, "unable to get database handle");
+	return NULL;
+    }
+
+
+    rv = CERT_OpenCertDB(certHandle, PR_FALSE, SECU_CertDBNameCallback, NULL);
+
+    if (rv) {
+	SECU_PrintError(progName, "could not open certificate database");
+	if (certHandle) free (certHandle);  /* we don't want to leave anything behind... */
+	return NULL;
+    }
+
+    return certHandle;
+}
+static CERTSignedCrl *FindCRL
+   (CERTCertDBHandle *certHandle, char *name, int type)
+{
+    CERTSignedCrl *crl = NULL;    
+    CERTCertificate *cert = NULL;
+
+
+    cert = CERT_FindCertByNickname(certHandle, name);
+    if (!cert) {
+	SECU_PrintError(progName, "could not find certificate named %s", name);
+	return ((CERTSignedCrl *)NULL);
+    }
+	
+    crl = SEC_FindCrlByKey(certHandle, &cert->derSubject, type);
+    if (crl ==NULL) 
+	SECU_PrintError
+		(progName, "could not find %s's CRL", name);
+    CERT_DestroyCertificate (cert);
+    return (crl);
+}
+
+static void DisplayCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType)
+{
+    CERTCertificate *cert = NULL;
+    CERTSignedCrl *crl = NULL;
+
+    crl = FindCRL (certHandle, nickName, crlType);
+	
+    if (crl) {
+	SECU_PrintCRLInfo (stdout, &crl->crl, "CRL Info:\n", 0);
+	CERT_DestroyCrl (crl);
+    }
+}
+
+static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType)
+{
+    CERTCrlHeadNode *crlList = NULL;
+    CERTCrlNode *crlNode = NULL;
+    CERTName *name = NULL;
+    PRArenaPool *arena = NULL;
+    SECStatus rv;
+    void *mark;
+
+    do {
+	arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
+	if (arena == NULL) {
+	    fprintf(stderr, "%s: fail to allocate memory\n", progName);
+	    break;
+	}
+	
+	name = PORT_ArenaZAlloc (arena, sizeof(*name));
+	if (name == NULL) {
+	    fprintf(stderr, "%s: fail to allocate memory\n", progName);
+	    break;
+	}
+	name->arena = arena;
+	    
+	rv = SEC_LookupCrls (certHandle, &crlList, crlType);
+	if (rv != SECSuccess) {
+	    fprintf(stderr, "%s: fail to look up CRLs (%s)\n", progName,
+	    SECU_Strerror(PORT_GetError()));
+	    break;
+	}
+	
+	/* just in case */
+	if (!crlList)
+	    break;
+
+	crlNode  = crlList->first;
+
+        fprintf (stdout, "\n");
+	fprintf (stdout, "\n%-40s %-5s\n\n", "CRL names", "CRL Type");
+	while (crlNode) {
+	    mark = PORT_ArenaMark (arena); 	    
+	    rv = SEC_ASN1DecodeItem
+		   (arena, name, CERT_NameTemplate, &(crlNode->crl->crl.derName));
+	    if (!name){
+		fprintf(stderr, "%s: fail to get the CRL issuer name\n", progName,
+		SECU_Strerror(PORT_GetError()));
+		break;
+	    }
+		
+	    fprintf (stdout, "\n%-40s %-5s\n", CERT_NameToAscii(name), "CRL");
+	    crlNode = crlNode->next;
+	    PORT_ArenaRelease (arena, mark);
+	} 
+	
+    } while (0);
+    if (crlList)
+	PORT_FreeArena (crlList->arena, PR_FALSE);
+    PORT_FreeArena (arena, PR_FALSE);
+}
+
+static void ListCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType)
+{
+    if (nickName == NULL)
+	ListCRLNames (certHandle, crlType);
+    else
+	DisplayCRL (certHandle, nickName, crlType);
+}
+
+
+
+static SECStatus DeleteCRL (CERTCertDBHandle *certHandle, char *name, int type)
+{
+    CERTSignedCrl *crl = NULL;    
+    SECStatus rv = SECFailure;
+
+    crl = FindCRL (certHandle, name, type);
+    if (!crl) {
+	SECU_PrintError
+		(progName, "could not find the issuer %s's CRL", name);
+	return SECFailure;
+    }
+    rv = SEC_DeletePermCRL (crl);
+    if (rv != SECSuccess) {
+	SECU_PrintError
+		(progName, "fail to delete the issuer %s's CRL from the perm dbase (reason: %s)",
+		 name, SECU_Strerror(PORT_GetError()));
+	return SECFailure;
+    }
+
+    rv = SEC_DeleteTempCrl (crl);
+    if (rv != SECSuccess) {
+	SECU_PrintError
+		(progName, "fail to delete the issuer %s's CRL from the temp dbase (reason: %s)",
+		 name, SECU_Strerror(PORT_GetError()));
+	return SECFailure;
+    }
+    return (rv);
+}
+
+SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type, 
+                     PRFileDesc *inFile)
+{
+    CERTCertificate *cert = NULL;
+    CERTSignedCrl *crl = NULL;
+    SECItem crlDER;
+    int rv;
+
+    crlDER.data = NULL;
+
+
+    /* Read in the entire file specified with the -f argument */
+	rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE);
+    if (rv != SECSuccess) {
+	SECU_PrintError(progName, "unable to read input file");
+	return (SECFailure);
+    }
+    
+    crl = CERT_ImportCRL (certHandle, &crlDER, url, type, NULL);
+    if (!crl) {
+	const char *errString;
+
+	errString = SECU_Strerror(PORT_GetError());
+	if (PORT_Strlen (errString) == 0)
+	    SECU_PrintError
+		    (progName, "CRL is not import (error: input CRL is not up to date.)");
+	else    
+	    SECU_PrintError
+		    (progName, "unable to import CRL");
+    }
+    PORT_Free (crlDER.data);
+    CERT_DestroyCrl (crl);
+    return (rv);
+}
+	    
+
+static void Usage(char *progName)
+{
+    fprintf(stderr,
+	    "Usage:  %s -L [-n nickname[ [-d keydir] [-t crlType]\n"
+	    "        %s -D -n nickname [-d keydir]\n"
+	    "        %s -I -i crl -t crlType [-u url] [-d keydir]\n",
+	    progName, progName, progName);
+
+    fprintf (stderr, "%-15s List CRL\n", "-L");
+    fprintf(stderr, "%-20s Specify the nickname of the CA certificate\n",
+	    "-n nickname");
+    fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
+	    "-d keydir");
+   
+    fprintf (stderr, "%-15s Delete a CRL from the cert dbase\n", "-D");    
+    fprintf(stderr, "%-20s Specify the nickname for the CA certificate\n",
+	    "-n nickname");
+    fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType");
+
+    fprintf (stderr, "%-15s Import a CRL to the cert dbase\n", "-I");    
+    fprintf(stderr, "%-20s Specify the file which contains the CRL to import\n",
+	    "-i crl");
+    fprintf(stderr, "%-20s Specify the url.\n", "-u url");
+    fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType");
+
+    fprintf(stderr, "%-20s CRL Types (default is SEC_CRL_TYPE):\n", " ");
+    fprintf(stderr, "%-20s \t 0 - SEC_KRL_TYPE\n", " ");
+    fprintf(stderr, "%-20s \t 1 - SEC_CRL_TYPE\n", " ");        
+
+    exit(-1);
+}
+
+int main(int argc, char **argv)
+{
+    SECItem privKeyDER;
+    CERTCertDBHandle *certHandle;
+    FILE *certFile;
+    PRFileDesc *inFile;
+    int listCRL;
+    int importCRL;
+    int opt;
+    int deleteCRL;
+    int rv;
+    char *nickName;
+    char *progName;
+    char *url;
+    int crlType;
+    PLOptState *optstate;
+    PLOptStatus status;
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName+1 : argv[0];
+
+    rv = 0;
+    deleteCRL = importCRL = listCRL = 0;
+    certFile = NULL;
+    inFile = NULL;
+    nickName = url = NULL;
+    privKeyDER.data = NULL;
+    certHandle = NULL;
+    crlType = SEC_CRL_TYPE;
+    /*
+     * Parse command line arguments
+     */
+    optstate = PL_CreateOptState(argc, argv, "IALd:i:Dn:Ct:u:");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+	switch (optstate->option) {
+	  case '?':
+	    Usage(progName);
+	    break;
+
+	  case 'C':
+	      listCRL = 1;
+	      break;
+
+	  case 'D':
+	      deleteCRL = 1;
+	      break;
+
+	  case 'I':
+	      importCRL = 1;
+	      break;
+	           
+	  case 'L':
+	      listCRL = 1;
+	      break;
+	           
+	  case 'd':
+	    SECU_ConfigDirectory(optstate->value);
+	    break;
+
+	  case 'i':
+	    inFile = PR_Open(optstate->value, PR_RDONLY, 0);
+	    if (!inFile) {
+		fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+			progName, optstate->value);
+		return -1;
+	    }
+	    break;
+	    
+	  case 'n':
+	    nickName = strdup(optstate->value);
+	    break;
+	    
+	  case 'u':
+	    url = strdup(optstate->value);
+	    break;
+
+	  case 't': {
+	    char *type;
+	    
+	    type = strdup(optstate->value);
+	    crlType = atoi (type);
+	    if (crlType != SEC_CRL_TYPE && crlType != SEC_KRL_TYPE) {
+		fprintf(stderr, "%s: invalid crl type\n", progName);
+		return -1;
+	    }
+	    break;
+          }
+	}
+    }
+
+    if (deleteCRL && !nickName) Usage (progName);
+    if (!(listCRL || deleteCRL || importCRL)) Usage (progName);
+    if (importCRL && !inFile) Usage (progName);
+    
+    PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+    SECU_PKCS11Init(PR_FALSE);
+    SEC_Init();
+
+    certHandle = OpenCertDB(SEC_CREATE_CERT_DB);
+    if (certHandle == NULL) {
+	SECU_PrintError(progName, "unable to open the cert db");	    	
+	return (-1);
+    }
+
+    /* Read in the private key info */
+    if (deleteCRL) 
+	DeleteCRL (certHandle, nickName, crlType);
+    else if (listCRL)
+	ListCRL (certHandle, nickName, crlType);
+    else if (importCRL) 
+	rv = ImportCRL (certHandle, url, crlType, inFile);
+    
+    return (rv);
+}
diff --git a/security/nss/cmd/crlutil/makefile.win b/security/nss/cmd/crlutil/makefile.win
new file mode 100644
index 000000000..1f1b627ff
--- /dev/null
+++ b/security/nss/cmd/crlutil/makefile.win
@@ -0,0 +1,130 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+VERBOSE	= 1
+include <manifest.mn>
+
+#cannot define PROGRAM in manifest compatibly with NT and UNIX
+PROGRAM = crlutil
+PROGRAM	= ./$(OBJDIR)/$(PROGRAM).exe
+include <$(DEPTH)\config\config.mak>
+
+# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/
+# rules.mak will append C_OBJS onto OBJS.
+# OBJS	= $(CSRCS:.c=.obj)
+
+# include files are looked for in $LINCS and $INCS.
+# $LINCS is in manifest.mnw, computed from REQUIRES=
+INCS = $(INCS) \
+ -I$(DEPTH)/security/lib/cert \
+ -I../include \
+ $(NULL)
+
+IGNORE_ME = \
+ -I$(DEPTH)/security/lib/key \
+ -I$(DEPTH)/security/lib/util  \
+ $(NULL)
+
+
+WINFE	= $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg
+
+# these files are the content of libdbm
+DBM_LIB	= \
+ $(WINFE)/DB.obj \
+ $(WINFE)/HASH.obj \
+ $(WINFE)/H_BIGKEY.obj \
+ $(WINFE)/H_PAGE.obj \
+ $(WINFE)/H_LOG2.obj \
+ $(WINFE)/H_FUNC.obj \
+ $(WINFE)/HASH_BUF.obj \
+ $(NULL)
+
+MOZ_LIBS = \
+ $(WINFE)/ALLXPSTR.obj \
+ $(WINFE)/XP_ERROR.obj \
+ $(WINFE)/XPASSERT.obj \
+ $(WINFE)/XP_REG.obj \
+ $(WINFE)/XP_TRACE.obj \
+ $(DBM_LIB) \
+ $(WINFE)/XP_STR.obj \
+ $(WINFE)/MKTEMP.obj \
+ $(NULL)
+
+SEC_LIBS = \
+ $(DIST)/lib/cert$(MOZ_BITS).lib \
+ $(DIST)/lib/crypto$(MOZ_BITS).lib \
+ $(DIST)/lib/hash$(MOZ_BITS).lib \
+ $(DIST)/lib/key$(MOZ_BITS).lib \
+ $(DIST)/lib/pkcs7$(MOZ_BITS).lib \
+ $(DIST)/lib/secmod$(MOZ_BITS).lib \
+ $(DIST)/lib/secutl$(MOZ_BITS).lib \
+ $(DIST)/lib/ssl$(MOZ_BITS).lib \
+ $(NULL)
+
+LLFLAGS	= $(LLFLAGS) \
+ ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \
+ $(SEC_LIBS) \
+ $(MOZ_LIBS) \
+ $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \
+ $(LIBNSPR) \
+ $(NULL)
+
+
+include <$(DEPTH)\config\rules.mak>
+
+INSTALL	= $(MAKE_INSTALL)
+
+objs:	$(OBJS)
+
+$(PROGRAM)::
+	$(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR)
+
+programs: $(PROGRAM)
+
+install:: $(TARGETS)
+	$(INSTALL) $(TARGETS) $(DIST)/bin
+
+
+symbols:
+	@echo "CSRCS	= $(CSRCS)"
+	@echo "INCS	= $(INCS)"
+	@echo "OBJS	= $(OBJS)"
+	@echo "LIBRARY	= $(LIBRARY)"
+	@echo "PROGRAM	= $(PROGRAM)"
+	@echo "TARGETS	= $(TARGETS)"
+	@echo "DIST	= $(DIST)"
+	@echo "VERSION_NUMBER	= $(VERSION_NUMBER)"
+	@echo "WINFE	= $(WINFE)"
+	@echo "DBM_LIB	= $(DBM_LIB)"
+	@echo "INSTALL	= $(INSTALL)"
+
diff --git a/security/nss/cmd/crlutil/manifest.mn b/security/nss/cmd/crlutil/manifest.mn
new file mode 100644
index 000000000..854a0f5d1
--- /dev/null
+++ b/security/nss/cmd/crlutil/manifest.mn
@@ -0,0 +1,51 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+CORE_DEPTH	= ../../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = security 
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+DEFINES = -DNSPR20
+
+CSRCS = crlutil.c
+
+# this has to be different for NT and UNIX.
+# PROGRAM	= ./$(OBJDIR)/crlutil.exe
+PROGRAM	= crlutil