diff options
author | relyea%netscape.com <devnull@localhost> | 2000-03-31 20:13:40 +0000 |
---|---|---|
committer | relyea%netscape.com <devnull@localhost> | 2000-03-31 20:13:40 +0000 |
commit | 9502869e82d4f3ce26b292263e1c626dca3a34f3 (patch) | |
tree | 4d0f8ab157505b57c13a5e2bdf979560ab751527 /security/nss/cmd/crlutil | |
parent | 222a52dab759085f56dcb6588b69a6a937d82aa2 (diff) | |
download | nss-hg-9502869e82d4f3ce26b292263e1c626dca3a34f3.tar.gz |
Initial NSS Open Source checkin
Diffstat (limited to 'security/nss/cmd/crlutil')
-rw-r--r-- | security/nss/cmd/crlutil/Makefile | 76 | ||||
-rw-r--r-- | security/nss/cmd/crlutil/crlutil.c | 394 | ||||
-rw-r--r-- | security/nss/cmd/crlutil/makefile.win | 130 | ||||
-rw-r--r-- | security/nss/cmd/crlutil/manifest.mn | 51 |
4 files changed, 651 insertions, 0 deletions
diff --git a/security/nss/cmd/crlutil/Makefile b/security/nss/cmd/crlutil/Makefile new file mode 100644 index 000000000..63d4702cd --- /dev/null +++ b/security/nss/cmd/crlutil/Makefile @@ -0,0 +1,76 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include $(CORE_DEPTH)/security/cmd/platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + + + +include $(CORE_DEPTH)/security/cmd/platrules.mk + diff --git a/security/nss/cmd/crlutil/crlutil.c b/security/nss/cmd/crlutil/crlutil.c new file mode 100644 index 000000000..a075e25c2 --- /dev/null +++ b/security/nss/cmd/crlutil/crlutil.c @@ -0,0 +1,394 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +/* +** certutil.c +** +** utility for managing certificates and the cert database +** +*/ +/* test only */ + +#include "nspr.h" +#include "plgetopt.h" +#include "secutil.h" +#include "cert.h" +#include "certdb.h" +#include "cdbhdl.h" + +#define SEC_CERT_DB_EXISTS 0 +#define SEC_CREATE_CERT_DB 1 + +static char *progName; + +static CERTCertDBHandle +*OpenCertDB(int createNew) + /* NOTE: This routine has been modified to allow the libsec/pcertdb.c routines to automatically + ** find and convert the old cert database into the new v3.0 format (cert db version 5). + */ +{ + CERTCertDBHandle *certHandle; + SECStatus rv; + + /* Allocate a handle to fill with CERT_OpenCertDB below */ + certHandle = (CERTCertDBHandle *)PORT_ZAlloc(sizeof(CERTCertDBHandle)); + if (!certHandle) { + SECU_PrintError(progName, "unable to get database handle"); + return NULL; + } + + + rv = CERT_OpenCertDB(certHandle, PR_FALSE, SECU_CertDBNameCallback, NULL); + + if (rv) { + SECU_PrintError(progName, "could not open certificate database"); + if (certHandle) free (certHandle); /* we don't want to leave anything behind... */ + return NULL; + } + + return certHandle; +} +static CERTSignedCrl *FindCRL + (CERTCertDBHandle *certHandle, char *name, int type) +{ + CERTSignedCrl *crl = NULL; + CERTCertificate *cert = NULL; + + + cert = CERT_FindCertByNickname(certHandle, name); + if (!cert) { + SECU_PrintError(progName, "could not find certificate named %s", name); + return ((CERTSignedCrl *)NULL); + } + + crl = SEC_FindCrlByKey(certHandle, &cert->derSubject, type); + if (crl ==NULL) + SECU_PrintError + (progName, "could not find %s's CRL", name); + CERT_DestroyCertificate (cert); + return (crl); +} + +static void DisplayCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType) +{ + CERTCertificate *cert = NULL; + CERTSignedCrl *crl = NULL; + + crl = FindCRL (certHandle, nickName, crlType); + + if (crl) { + SECU_PrintCRLInfo (stdout, &crl->crl, "CRL Info:\n", 0); + CERT_DestroyCrl (crl); + } +} + +static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType) +{ + CERTCrlHeadNode *crlList = NULL; + CERTCrlNode *crlNode = NULL; + CERTName *name = NULL; + PRArenaPool *arena = NULL; + SECStatus rv; + void *mark; + + do { + arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE); + if (arena == NULL) { + fprintf(stderr, "%s: fail to allocate memory\n", progName); + break; + } + + name = PORT_ArenaZAlloc (arena, sizeof(*name)); + if (name == NULL) { + fprintf(stderr, "%s: fail to allocate memory\n", progName); + break; + } + name->arena = arena; + + rv = SEC_LookupCrls (certHandle, &crlList, crlType); + if (rv != SECSuccess) { + fprintf(stderr, "%s: fail to look up CRLs (%s)\n", progName, + SECU_Strerror(PORT_GetError())); + break; + } + + /* just in case */ + if (!crlList) + break; + + crlNode = crlList->first; + + fprintf (stdout, "\n"); + fprintf (stdout, "\n%-40s %-5s\n\n", "CRL names", "CRL Type"); + while (crlNode) { + mark = PORT_ArenaMark (arena); + rv = SEC_ASN1DecodeItem + (arena, name, CERT_NameTemplate, &(crlNode->crl->crl.derName)); + if (!name){ + fprintf(stderr, "%s: fail to get the CRL issuer name\n", progName, + SECU_Strerror(PORT_GetError())); + break; + } + + fprintf (stdout, "\n%-40s %-5s\n", CERT_NameToAscii(name), "CRL"); + crlNode = crlNode->next; + PORT_ArenaRelease (arena, mark); + } + + } while (0); + if (crlList) + PORT_FreeArena (crlList->arena, PR_FALSE); + PORT_FreeArena (arena, PR_FALSE); +} + +static void ListCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType) +{ + if (nickName == NULL) + ListCRLNames (certHandle, crlType); + else + DisplayCRL (certHandle, nickName, crlType); +} + + + +static SECStatus DeleteCRL (CERTCertDBHandle *certHandle, char *name, int type) +{ + CERTSignedCrl *crl = NULL; + SECStatus rv = SECFailure; + + crl = FindCRL (certHandle, name, type); + if (!crl) { + SECU_PrintError + (progName, "could not find the issuer %s's CRL", name); + return SECFailure; + } + rv = SEC_DeletePermCRL (crl); + if (rv != SECSuccess) { + SECU_PrintError + (progName, "fail to delete the issuer %s's CRL from the perm dbase (reason: %s)", + name, SECU_Strerror(PORT_GetError())); + return SECFailure; + } + + rv = SEC_DeleteTempCrl (crl); + if (rv != SECSuccess) { + SECU_PrintError + (progName, "fail to delete the issuer %s's CRL from the temp dbase (reason: %s)", + name, SECU_Strerror(PORT_GetError())); + return SECFailure; + } + return (rv); +} + +SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type, + PRFileDesc *inFile) +{ + CERTCertificate *cert = NULL; + CERTSignedCrl *crl = NULL; + SECItem crlDER; + int rv; + + crlDER.data = NULL; + + + /* Read in the entire file specified with the -f argument */ + rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE); + if (rv != SECSuccess) { + SECU_PrintError(progName, "unable to read input file"); + return (SECFailure); + } + + crl = CERT_ImportCRL (certHandle, &crlDER, url, type, NULL); + if (!crl) { + const char *errString; + + errString = SECU_Strerror(PORT_GetError()); + if (PORT_Strlen (errString) == 0) + SECU_PrintError + (progName, "CRL is not import (error: input CRL is not up to date.)"); + else + SECU_PrintError + (progName, "unable to import CRL"); + } + PORT_Free (crlDER.data); + CERT_DestroyCrl (crl); + return (rv); +} + + +static void Usage(char *progName) +{ + fprintf(stderr, + "Usage: %s -L [-n nickname[ [-d keydir] [-t crlType]\n" + " %s -D -n nickname [-d keydir]\n" + " %s -I -i crl -t crlType [-u url] [-d keydir]\n", + progName, progName, progName); + + fprintf (stderr, "%-15s List CRL\n", "-L"); + fprintf(stderr, "%-20s Specify the nickname of the CA certificate\n", + "-n nickname"); + fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n", + "-d keydir"); + + fprintf (stderr, "%-15s Delete a CRL from the cert dbase\n", "-D"); + fprintf(stderr, "%-20s Specify the nickname for the CA certificate\n", + "-n nickname"); + fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType"); + + fprintf (stderr, "%-15s Import a CRL to the cert dbase\n", "-I"); + fprintf(stderr, "%-20s Specify the file which contains the CRL to import\n", + "-i crl"); + fprintf(stderr, "%-20s Specify the url.\n", "-u url"); + fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType"); + + fprintf(stderr, "%-20s CRL Types (default is SEC_CRL_TYPE):\n", " "); + fprintf(stderr, "%-20s \t 0 - SEC_KRL_TYPE\n", " "); + fprintf(stderr, "%-20s \t 1 - SEC_CRL_TYPE\n", " "); + + exit(-1); +} + +int main(int argc, char **argv) +{ + SECItem privKeyDER; + CERTCertDBHandle *certHandle; + FILE *certFile; + PRFileDesc *inFile; + int listCRL; + int importCRL; + int opt; + int deleteCRL; + int rv; + char *nickName; + char *progName; + char *url; + int crlType; + PLOptState *optstate; + PLOptStatus status; + + progName = strrchr(argv[0], '/'); + progName = progName ? progName+1 : argv[0]; + + rv = 0; + deleteCRL = importCRL = listCRL = 0; + certFile = NULL; + inFile = NULL; + nickName = url = NULL; + privKeyDER.data = NULL; + certHandle = NULL; + crlType = SEC_CRL_TYPE; + /* + * Parse command line arguments + */ + optstate = PL_CreateOptState(argc, argv, "IALd:i:Dn:Ct:u:"); + while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { + switch (optstate->option) { + case '?': + Usage(progName); + break; + + case 'C': + listCRL = 1; + break; + + case 'D': + deleteCRL = 1; + break; + + case 'I': + importCRL = 1; + break; + + case 'L': + listCRL = 1; + break; + + case 'd': + SECU_ConfigDirectory(optstate->value); + break; + + case 'i': + inFile = PR_Open(optstate->value, PR_RDONLY, 0); + if (!inFile) { + fprintf(stderr, "%s: unable to open \"%s\" for reading\n", + progName, optstate->value); + return -1; + } + break; + + case 'n': + nickName = strdup(optstate->value); + break; + + case 'u': + url = strdup(optstate->value); + break; + + case 't': { + char *type; + + type = strdup(optstate->value); + crlType = atoi (type); + if (crlType != SEC_CRL_TYPE && crlType != SEC_KRL_TYPE) { + fprintf(stderr, "%s: invalid crl type\n", progName); + return -1; + } + break; + } + } + } + + if (deleteCRL && !nickName) Usage (progName); + if (!(listCRL || deleteCRL || importCRL)) Usage (progName); + if (importCRL && !inFile) Usage (progName); + + PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); + SECU_PKCS11Init(PR_FALSE); + SEC_Init(); + + certHandle = OpenCertDB(SEC_CREATE_CERT_DB); + if (certHandle == NULL) { + SECU_PrintError(progName, "unable to open the cert db"); + return (-1); + } + + /* Read in the private key info */ + if (deleteCRL) + DeleteCRL (certHandle, nickName, crlType); + else if (listCRL) + ListCRL (certHandle, nickName, crlType); + else if (importCRL) + rv = ImportCRL (certHandle, url, crlType, inFile); + + return (rv); +} diff --git a/security/nss/cmd/crlutil/makefile.win b/security/nss/cmd/crlutil/makefile.win new file mode 100644 index 000000000..1f1b627ff --- /dev/null +++ b/security/nss/cmd/crlutil/makefile.win @@ -0,0 +1,130 @@ +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +VERBOSE = 1 +include <manifest.mn> + +#cannot define PROGRAM in manifest compatibly with NT and UNIX +PROGRAM = crlutil +PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe +include <$(DEPTH)\config\config.mak> + +# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/ +# rules.mak will append C_OBJS onto OBJS. +# OBJS = $(CSRCS:.c=.obj) + +# include files are looked for in $LINCS and $INCS. +# $LINCS is in manifest.mnw, computed from REQUIRES= +INCS = $(INCS) \ + -I$(DEPTH)/security/lib/cert \ + -I../include \ + $(NULL) + +IGNORE_ME = \ + -I$(DEPTH)/security/lib/key \ + -I$(DEPTH)/security/lib/util \ + $(NULL) + + +WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg + +# these files are the content of libdbm +DBM_LIB = \ + $(WINFE)/DB.obj \ + $(WINFE)/HASH.obj \ + $(WINFE)/H_BIGKEY.obj \ + $(WINFE)/H_PAGE.obj \ + $(WINFE)/H_LOG2.obj \ + $(WINFE)/H_FUNC.obj \ + $(WINFE)/HASH_BUF.obj \ + $(NULL) + +MOZ_LIBS = \ + $(WINFE)/ALLXPSTR.obj \ + $(WINFE)/XP_ERROR.obj \ + $(WINFE)/XPASSERT.obj \ + $(WINFE)/XP_REG.obj \ + $(WINFE)/XP_TRACE.obj \ + $(DBM_LIB) \ + $(WINFE)/XP_STR.obj \ + $(WINFE)/MKTEMP.obj \ + $(NULL) + +SEC_LIBS = \ + $(DIST)/lib/cert$(MOZ_BITS).lib \ + $(DIST)/lib/crypto$(MOZ_BITS).lib \ + $(DIST)/lib/hash$(MOZ_BITS).lib \ + $(DIST)/lib/key$(MOZ_BITS).lib \ + $(DIST)/lib/pkcs7$(MOZ_BITS).lib \ + $(DIST)/lib/secmod$(MOZ_BITS).lib \ + $(DIST)/lib/secutl$(MOZ_BITS).lib \ + $(DIST)/lib/ssl$(MOZ_BITS).lib \ + $(NULL) + +LLFLAGS = $(LLFLAGS) \ + ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \ + $(SEC_LIBS) \ + $(MOZ_LIBS) \ + $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \ + $(LIBNSPR) \ + $(NULL) + + +include <$(DEPTH)\config\rules.mak> + +INSTALL = $(MAKE_INSTALL) + +objs: $(OBJS) + +$(PROGRAM):: + $(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR) + +programs: $(PROGRAM) + +install:: $(TARGETS) + $(INSTALL) $(TARGETS) $(DIST)/bin + + +symbols: + @echo "CSRCS = $(CSRCS)" + @echo "INCS = $(INCS)" + @echo "OBJS = $(OBJS)" + @echo "LIBRARY = $(LIBRARY)" + @echo "PROGRAM = $(PROGRAM)" + @echo "TARGETS = $(TARGETS)" + @echo "DIST = $(DIST)" + @echo "VERSION_NUMBER = $(VERSION_NUMBER)" + @echo "WINFE = $(WINFE)" + @echo "DBM_LIB = $(DBM_LIB)" + @echo "INSTALL = $(INSTALL)" + diff --git a/security/nss/cmd/crlutil/manifest.mn b/security/nss/cmd/crlutil/manifest.mn new file mode 100644 index 000000000..854a0f5d1 --- /dev/null +++ b/security/nss/cmd/crlutil/manifest.mn @@ -0,0 +1,51 @@ +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +CORE_DEPTH = ../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = security + +# This next line is used by .mk files +# and gets translated into $LINCS in manifest.mnw +# The MODULE is always implicitly required. +# Listing it here in REQUIRES makes it appear twice in the cc command line. +REQUIRES = seccmd dbm + +DEFINES = -DNSPR20 + +CSRCS = crlutil.c + +# this has to be different for NT and UNIX. +# PROGRAM = ./$(OBJDIR)/crlutil.exe +PROGRAM = crlutil |