Fix for bug 219539 - support GeneralizedTime in NSS tools

5 files changed, 42 insertions, 12 deletions

diff --git a/security/nss/cmd/dbck/dbck.c b/security/nss/cmd/dbck/dbck.c
index a3f1b9d54..66efd994f 100644
--- a/security/nss/cmd/dbck/dbck.c
+++ b/security/nss/cmd/dbck/dbck.c
@@ -265,6 +265,7 @@ dumpCertificate(CERTCertificate *cert, int num, PRFileDesc *outfile)
 	int64 timeBefore, timeAfter;
 	PRExplodedTime beforePrintable, afterPrintable;
 	char *beforestr, *afterstr;
+        /* needs to be able to handle GeneralizedTime too */
 	DER_UTCTimeToTime(&timeBefore, &cert->validity.notBefore);
 	DER_UTCTimeToTime(&timeAfter, &cert->validity.notAfter);
 	PR_ExplodeTime(timeBefore, PR_GMTParameters, &beforePrintable);
diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c
index 134efa4f5..d29b925c0 100644
--- a/security/nss/cmd/lib/secutil.c
+++ b/security/nss/cmd/lib/secutil.c
@@ -935,6 +935,29 @@ SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m, int level)
     secu_PrintTime(out, time, m, level);
 }
 
+/*
+ * Format and print the UTC or Generalized Time "t".  If the tag message
+ * "m" is not NULL, do indent formatting based on "level" and add a newline
+ * afterward; otherwise just print the formatted time string only.
+ */
+void
+SECU_PrintTimeChoice(FILE *out, SECItem *t, char *m, int level)
+{
+    switch (t->type) {
+        case siUTCTime:
+            SECU_PrintUTCTime(out, t, m, level);
+            break;
+
+        case siGeneralizedTime:
+            SECU_PrintGeneralizedTime(out, t, m, level);
+            break;
+
+        default:
+            PORT_Assert(0);
+            break;
+    }
+}
+
 static void secu_PrintAny(FILE *out, SECItem *i, char *m, int level);
 
 void
diff --git a/security/nss/cmd/lib/secutil.h b/security/nss/cmd/lib/secutil.h
index cff334ab7..1e5dc345d 100644
--- a/security/nss/cmd/lib/secutil.h
+++ b/security/nss/cmd/lib/secutil.h
@@ -203,6 +203,13 @@ extern void SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level);
 extern void SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m,
 				      int level);
 
+/*
+ * Format and print the UTC or Generalized Time "t".  If the tag message
+ * "m" is not NULL, do indent formatting based on "level" and add a newline
+ * afterward; otherwise just print the formatted time string only.
+ */
+extern void SECU_PrintTimeChoice(FILE *out, SECItem *t, char *m, int level);
+
 /* callback for listing certs through pkcs11 */
 extern SECStatus SECU_PrintCertNickname(CERTCertListNode* cert, void *data);
 
diff --git a/security/nss/cmd/p7content/p7content.c b/security/nss/cmd/p7content/p7content.c
index 8b5ad65ce..38466b337 100644
--- a/security/nss/cmd/p7content/p7content.c
+++ b/security/nss/cmd/p7content/p7content.c
@@ -175,7 +175,7 @@ DecodeAndPrintFile(FILE *out, PRFileDesc *in, char *progName)
 
 	signing_time = SEC_PKCS7GetSigningTime(cinfo);
 	if (signing_time != NULL) {
-	    SECU_PrintUTCTime(out, signing_time, "Signing time", 0);
+	    SECU_PrintTimeChoice(out, signing_time, "Signing time", 0);
 	} else {
 	    fprintf(out, "No signing time included.\n");
 	}
diff --git a/security/nss/cmd/signver/pk7print.c b/security/nss/cmd/signver/pk7print.c
index 94d8e8f36..046a62c29 100644
--- a/security/nss/cmd/signver/pk7print.c
+++ b/security/nss/cmd/signver/pk7print.c
@@ -103,18 +103,18 @@ sv_PrintInteger(FILE *out, SECItem *i, char *m)
 
 
 int
-sv_PrintUTCTime(FILE *out, SECItem *t, char *m)
+sv_PrintTime(FILE *out, SECItem *t, char *m)
 {
     PRExplodedTime printableTime; 
     int64 time;
     char *timeString;
     int rv;
 
-    rv = DER_UTCTimeToTime(&time, t);
+    rv = CERT_DecodeTimeChoice(&time, t);
     if (rv) return rv;
 
-    /* Converse to local time */
-    PR_ExplodeTime(time, PR_GMTParameters, &printableTime);
+    /* Convert to local time */
+    PR_ExplodeTime(time, PR_LocalTimeParameters, &printableTime);
 
     timeString = (char *)PORT_Alloc(100);
 
@@ -127,17 +127,16 @@ sv_PrintUTCTime(FILE *out, SECItem *t, char *m)
     return SECFailure;
 }
 
-
 int
 sv_PrintValidity(FILE *out, CERTValidity *v, char *m)
 {
     int rv;
 
     fprintf(out, m);
-    rv = sv_PrintUTCTime(out, &v->notBefore, "notBefore=");
+    rv = sv_PrintTime(out, &v->notBefore, "notBefore=");
     if (rv) return rv;
     fprintf(out, m);
-    sv_PrintUTCTime(out, &v->notAfter, "notAfter=");
+    sv_PrintTime(out, &v->notAfter, "notAfter=");
     return rv;
 }
 
@@ -200,7 +199,7 @@ sv_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m)
                         sv_PrintObjectID(out, value, om);
                         break;
                     case SEC_OID_PKCS9_SIGNING_TIME:
-                        sv_PrintUTCTime(out, value, om);
+                        sv_PrintTime(out, value, om);
                         break;
                 }
             }
@@ -456,9 +455,9 @@ sv_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m)
     fprintf(out, m);
     sv_PrintName(out, &(crl->name), "name=");
     fprintf(out, m);
-    sv_PrintUTCTime(out, &(crl->lastUpdate), "lastUpdate=");
+    sv_PrintTime(out, &(crl->lastUpdate), "lastUpdate=");
     fprintf(out, m);
-    sv_PrintUTCTime(out, &(crl->nextUpdate), "nextUpdate=");
+    sv_PrintTime(out, &(crl->nextUpdate), "nextUpdate=");
     
     if (crl->entries != NULL) {
         iv = 0;
@@ -466,7 +465,7 @@ sv_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m)
             fprintf(out, "%sentry[%d].", m, iv); 
             sv_PrintInteger(out, &(entry->serialNumber), "serialNumber=");
             fprintf(out, "%sentry[%d].", m, iv); 
-            sv_PrintUTCTime(out, &(entry->revocationDate), "revocationDate=");
+            sv_PrintTime(out, &(entry->revocationDate), "revocationDate=");
             sprintf(om, "%sentry[%d].signedCRLEntriesExtensions.", m, iv++); 
             sv_PrintExtensions(out, entry->extensions, om);
         }