diff options
Diffstat (limited to 'security/nss/cmd/certutil/certutil.c')
-rw-r--r-- | security/nss/cmd/certutil/certutil.c | 97 |
1 files changed, 72 insertions, 25 deletions
diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index 70d7a7488..a5bcb4591 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -940,8 +940,11 @@ Usage(char *progName) FPS "\t%s -B -i batch-file\n", progName); FPS "\t%s -C [-c issuer-name | -x] -i cert-request-file -o cert-file\n" "\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n" - "\t\t [-f pwfile] [-d certdir] [-P dbprefix] [-1] [-2] [-3] [-4] [-5]\n" - "\t\t [-6] [-7 emailAddrs] [-8 dns-names] [-a]\n", + "\t\t [-f pwfile] [-d certdir] [-P dbprefix]\n" + "\t\t [-1 | --keyUsage [keyUsageKeyword,..]] [-2] [-3] [-4]\n" + "\t\t [-5 | --nsCertType [nsCertTypeKeyword,...]]\n" + "\t\t [-6 | --extKeyUsage [extKeyUsageKeyword,...]] [-7 emailAddrs]\n" + "\t\t [-8 dns-names] [-a]\n", progName); FPS "\t%s -D -n cert-name [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s -E -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", @@ -1049,18 +1052,29 @@ static void LongUsage(char *progName) " -d certdir"); FPS "%-20s Cert & Key database prefix\n", " -P dbprefix"); - FPS "%-20s Create key usage extension\n", - " -1 "); + FPS "%-20s \n" + "%-20s Create key usage extension. Possible keywords:\n" + "%-20s \"digitalSignature\", \"nonRepudiation\", \"keyEncipherment\",\n" + "%-20s \"dataEncipherment\", \"keyAgreement\", \"certSigning\",\n" + "%-20s \"crlSigning\", \"critical\"\n", + " -1 | --keyUsage keyword,keyword,...", "", "", "", ""); FPS "%-20s Create basic constraint extension\n", " -2 "); FPS "%-20s Create authority key ID extension\n", " -3 "); FPS "%-20s Create crl distribution point extension\n", " -4 "); - FPS "%-20s Create netscape cert type extension\n", - " -5 "); - FPS "%-20s Create extended key usage extension\n", - " -6 "); + FPS "%-20s \n" + "%-20s Create netscape cert type extension. Possible keywords:\n" + "%-20s \"sslClient\", \"sslServer\", \"smime\", \"objectSigning\",\n" + "%-20s \"sslCA\", \"smimeCA\", \"objectSigningCA\", \"critical\".\n", + " -5 | -nsCertType keyword,keyword,... ", "", "", ""); + FPS "%-20s \n" + "%-20s Create extended key usage extension. Possible keywords:\n" + "%-20s \"serverAuth\", \"clientAuth\",\"codeSigning\",\n" + "%-20s \"emailProtection\", \"timeStamp\",\"ocspResponder\",\n" + "%-20s \"stepUp\", \"critical\"\n", + " -6 | --extKeyUsage keyword,keyword,...", "", "", "", ""); FPS "%-20s Create an email subject alt name extension\n", " -7 emailAddrs"); FPS "%-20s Create an dns subject alt name extension\n", @@ -1803,6 +1817,9 @@ enum certutilOpts { opt_AddPolicyConstrExt, opt_AddInhibAnyExt, opt_AddSubjectKeyIDExt, + opt_AddCmdKeyUsageExt, + opt_AddCmdNSCertTypeExt, + opt_AddCmdExtKeyUsageExt, opt_SourceDir, opt_SourcePrefix, opt_UpgradeID, @@ -1888,6 +1905,13 @@ secuCommandFlag options_init[] = { /* opt_AddInhibAnyExt */ 0, PR_FALSE, 0, PR_FALSE, "extIA" }, { /* opt_AddSubjectKeyIDExt */ 0, PR_FALSE, 0, PR_FALSE, "extSKID" }, + { /* opt_AddCmdKeyUsageExt */ 0, PR_TRUE, 0, PR_FALSE, + "keyUsage" }, + { /* opt_AddCmdNSCertTypeExt */ 0, PR_TRUE, 0, PR_FALSE, + "nsCertType" }, + { /* opt_AddCmdExtKeyUsageExt*/ 0, PR_TRUE, 0, PR_FALSE, + "extKeyUsage" }, + { /* opt_SourceDir */ 0, PR_TRUE, 0, PR_FALSE, "source-dir"}, { /* opt_SourcePrefix */ 0, PR_TRUE, 0, PR_FALSE, @@ -2676,31 +2700,54 @@ merge_fail: if (certutil.commands[cmd_CertReq].activated || certutil.commands[cmd_CreateAndAddCert].activated || certutil.commands[cmd_CreateNewCert].activated) { - certutil_extns[ext_keyUsage] = - certutil.options[opt_AddKeyUsageExt].activated; - certutil_extns[ext_basicConstraint] = + certutil_extns[ext_keyUsage].activated = + certutil.options[opt_AddCmdKeyUsageExt].activated; + if (!certutil_extns[ext_keyUsage].activated) { + certutil_extns[ext_keyUsage].activated = + certutil.options[opt_AddKeyUsageExt].activated; + } else { + certutil_extns[ext_keyUsage].arg = + certutil.options[opt_AddCmdKeyUsageExt].arg; + } + certutil_extns[ext_basicConstraint].activated = certutil.options[opt_AddBasicConstraintExt].activated; - certutil_extns[ext_authorityKeyID] = + certutil_extns[ext_authorityKeyID].activated = certutil.options[opt_AddAuthorityKeyIDExt].activated; - certutil_extns[ext_subjectKeyID] = + certutil_extns[ext_subjectKeyID].activated = certutil.options[opt_AddSubjectKeyIDExt].activated; - certutil_extns[ext_CRLDistPts] = + certutil_extns[ext_CRLDistPts].activated = certutil.options[opt_AddCRLDistPtsExt].activated; - certutil_extns[ext_NSCertType] = - certutil.options[opt_AddNSCertTypeExt].activated; - certutil_extns[ext_extKeyUsage] = - certutil.options[opt_AddExtKeyUsageExt].activated; - certutil_extns[ext_authInfoAcc] = + certutil_extns[ext_NSCertType].activated = + certutil.options[opt_AddCmdNSCertTypeExt].activated; + if (!certutil_extns[ext_NSCertType].activated) { + certutil_extns[ext_NSCertType].activated = + certutil.options[opt_AddNSCertTypeExt].activated; + } else { + certutil_extns[ext_NSCertType].arg = + certutil.options[opt_AddCmdNSCertTypeExt].arg; + } + + certutil_extns[ext_extKeyUsage].activated = + certutil.options[opt_AddCmdExtKeyUsageExt].activated; + if (!certutil_extns[ext_extKeyUsage].activated) { + certutil_extns[ext_extKeyUsage].activated = + certutil.options[opt_AddExtKeyUsageExt].activated; + } else { + certutil_extns[ext_extKeyUsage].arg = + certutil.options[opt_AddCmdExtKeyUsageExt].arg; + } + + certutil_extns[ext_authInfoAcc].activated = certutil.options[opt_AddAuthInfoAccExt].activated; - certutil_extns[ext_subjInfoAcc] = + certutil_extns[ext_subjInfoAcc].activated = certutil.options[opt_AddSubjInfoAccExt].activated; - certutil_extns[ext_certPolicies] = + certutil_extns[ext_certPolicies].activated = certutil.options[opt_AddCertPoliciesExt].activated; - certutil_extns[ext_policyMappings] = + certutil_extns[ext_policyMappings].activated = certutil.options[opt_AddPolicyMapExt].activated; - certutil_extns[ext_policyConstr] = + certutil_extns[ext_policyConstr].activated = certutil.options[opt_AddPolicyConstrExt].activated; - certutil_extns[ext_inhibitAnyPolicy] = + certutil_extns[ext_inhibitAnyPolicy].activated = certutil.options[opt_AddInhibAnyExt].activated; } /* @@ -2730,7 +2777,7 @@ merge_fail: * and output the cert to another file. */ if (certutil.commands[cmd_CreateAndAddCert].activated) { - static certutilExtnList nullextnlist = {PR_FALSE}; + static certutilExtnList nullextnlist = {{PR_FALSE, NULL}}; rv = CertReq(privkey, pubkey, keytype, hashAlgTag, subject, certutil.options[opt_PhoneNumber].arg, certutil.options[opt_ASCIIForIO].activated, |