1 files changed, 394 insertions, 0 deletions
diff --git a/security/nss/cmd/crlutil/crlutil.c b/security/nss/cmd/crlutil/crlutil.c
new file mode 100644
index 000000000..a075e25c2
--- /dev/null
+++ b/security/nss/cmd/crlutil/crlutil.c
@@ -0,0 +1,394 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+/*
+** certutil.c
+**
+** utility for managing certificates and the cert database
+**
+*/
+/* test only */
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "secutil.h"
+#include "cert.h"
+#include "certdb.h"
+#include "cdbhdl.h"
+
+#define SEC_CERT_DB_EXISTS 0
+#define SEC_CREATE_CERT_DB 1
+
+static char *progName;
+
+static CERTCertDBHandle
+*OpenCertDB(int createNew)
+  /* NOTE: This routine has been modified to allow the libsec/pcertdb.c  routines to automatically
+  ** find and convert the old cert database into the new v3.0 format (cert db version 5).
+  */
+{
+    CERTCertDBHandle *certHandle;
+    SECStatus         rv;
+
+    /* Allocate a handle to fill with CERT_OpenCertDB below */
+    certHandle = (CERTCertDBHandle *)PORT_ZAlloc(sizeof(CERTCertDBHandle));
+    if (!certHandle) {
+	SECU_PrintError(progName, "unable to get database handle");
+	return NULL;
+    }
+
+
+    rv = CERT_OpenCertDB(certHandle, PR_FALSE, SECU_CertDBNameCallback, NULL);
+
+    if (rv) {
+	SECU_PrintError(progName, "could not open certificate database");
+	if (certHandle) free (certHandle);  /* we don't want to leave anything behind... */
+	return NULL;
+    }
+
+    return certHandle;
+}
+static CERTSignedCrl *FindCRL
+   (CERTCertDBHandle *certHandle, char *name, int type)
+{
+    CERTSignedCrl *crl = NULL;    
+    CERTCertificate *cert = NULL;
+
+
+    cert = CERT_FindCertByNickname(certHandle, name);
+    if (!cert) {
+	SECU_PrintError(progName, "could not find certificate named %s", name);
+	return ((CERTSignedCrl *)NULL);
+    }
+	
+    crl = SEC_FindCrlByKey(certHandle, &cert->derSubject, type);
+    if (crl ==NULL) 
+	SECU_PrintError
+		(progName, "could not find %s's CRL", name);
+    CERT_DestroyCertificate (cert);
+    return (crl);
+}
+
+static void DisplayCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType)
+{
+    CERTCertificate *cert = NULL;
+    CERTSignedCrl *crl = NULL;
+
+    crl = FindCRL (certHandle, nickName, crlType);
+	
+    if (crl) {
+	SECU_PrintCRLInfo (stdout, &crl->crl, "CRL Info:\n", 0);
+	CERT_DestroyCrl (crl);
+    }
+}
+
+static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType)
+{
+    CERTCrlHeadNode *crlList = NULL;
+    CERTCrlNode *crlNode = NULL;
+    CERTName *name = NULL;
+    PRArenaPool *arena = NULL;
+    SECStatus rv;
+    void *mark;
+
+    do {
+	arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
+	if (arena == NULL) {
+	    fprintf(stderr, "%s: fail to allocate memory\n", progName);
+	    break;
+	}
+	
+	name = PORT_ArenaZAlloc (arena, sizeof(*name));
+	if (name == NULL) {
+	    fprintf(stderr, "%s: fail to allocate memory\n", progName);
+	    break;
+	}
+	name->arena = arena;
+	    
+	rv = SEC_LookupCrls (certHandle, &crlList, crlType);
+	if (rv != SECSuccess) {
+	    fprintf(stderr, "%s: fail to look up CRLs (%s)\n", progName,
+	    SECU_Strerror(PORT_GetError()));
+	    break;
+	}
+	
+	/* just in case */
+	if (!crlList)
+	    break;
+
+	crlNode  = crlList->first;
+
+        fprintf (stdout, "\n");
+	fprintf (stdout, "\n%-40s %-5s\n\n", "CRL names", "CRL Type");
+	while (crlNode) {
+	    mark = PORT_ArenaMark (arena); 	    
+	    rv = SEC_ASN1DecodeItem
+		   (arena, name, CERT_NameTemplate, &(crlNode->crl->crl.derName));
+	    if (!name){
+		fprintf(stderr, "%s: fail to get the CRL issuer name\n", progName,
+		SECU_Strerror(PORT_GetError()));
+		break;
+	    }
+		
+	    fprintf (stdout, "\n%-40s %-5s\n", CERT_NameToAscii(name), "CRL");
+	    crlNode = crlNode->next;
+	    PORT_ArenaRelease (arena, mark);
+	} 
+	
+    } while (0);
+    if (crlList)
+	PORT_FreeArena (crlList->arena, PR_FALSE);
+    PORT_FreeArena (arena, PR_FALSE);
+}
+
+static void ListCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType)
+{
+    if (nickName == NULL)
+	ListCRLNames (certHandle, crlType);
+    else
+	DisplayCRL (certHandle, nickName, crlType);
+}
+
+
+
+static SECStatus DeleteCRL (CERTCertDBHandle *certHandle, char *name, int type)
+{
+    CERTSignedCrl *crl = NULL;    
+    SECStatus rv = SECFailure;
+
+    crl = FindCRL (certHandle, name, type);
+    if (!crl) {
+	SECU_PrintError
+		(progName, "could not find the issuer %s's CRL", name);
+	return SECFailure;
+    }
+    rv = SEC_DeletePermCRL (crl);
+    if (rv != SECSuccess) {
+	SECU_PrintError
+		(progName, "fail to delete the issuer %s's CRL from the perm dbase (reason: %s)",
+		 name, SECU_Strerror(PORT_GetError()));
+	return SECFailure;
+    }
+
+    rv = SEC_DeleteTempCrl (crl);
+    if (rv != SECSuccess) {
+	SECU_PrintError
+		(progName, "fail to delete the issuer %s's CRL from the temp dbase (reason: %s)",
+		 name, SECU_Strerror(PORT_GetError()));
+	return SECFailure;
+    }
+    return (rv);
+}
+
+SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type, 
+                     PRFileDesc *inFile)
+{
+    CERTCertificate *cert = NULL;
+    CERTSignedCrl *crl = NULL;
+    SECItem crlDER;
+    int rv;
+
+    crlDER.data = NULL;
+
+
+    /* Read in the entire file specified with the -f argument */
+	rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE);
+    if (rv != SECSuccess) {
+	SECU_PrintError(progName, "unable to read input file");
+	return (SECFailure);
+    }
+    
+    crl = CERT_ImportCRL (certHandle, &crlDER, url, type, NULL);
+    if (!crl) {
+	const char *errString;
+
+	errString = SECU_Strerror(PORT_GetError());
+	if (PORT_Strlen (errString) == 0)
+	    SECU_PrintError
+		    (progName, "CRL is not import (error: input CRL is not up to date.)");
+	else    
+	    SECU_PrintError
+		    (progName, "unable to import CRL");
+    }
+    PORT_Free (crlDER.data);
+    CERT_DestroyCrl (crl);
+    return (rv);
+}
+	    
+
+static void Usage(char *progName)
+{
+    fprintf(stderr,
+	    "Usage:  %s -L [-n nickname[ [-d keydir] [-t crlType]\n"
+	    "        %s -D -n nickname [-d keydir]\n"
+	    "        %s -I -i crl -t crlType [-u url] [-d keydir]\n",
+	    progName, progName, progName);
+
+    fprintf (stderr, "%-15s List CRL\n", "-L");
+    fprintf(stderr, "%-20s Specify the nickname of the CA certificate\n",
+	    "-n nickname");
+    fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
+	    "-d keydir");
+   
+    fprintf (stderr, "%-15s Delete a CRL from the cert dbase\n", "-D");    
+    fprintf(stderr, "%-20s Specify the nickname for the CA certificate\n",
+	    "-n nickname");
+    fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType");
+
+    fprintf (stderr, "%-15s Import a CRL to the cert dbase\n", "-I");    
+    fprintf(stderr, "%-20s Specify the file which contains the CRL to import\n",
+	    "-i crl");
+    fprintf(stderr, "%-20s Specify the url.\n", "-u url");
+    fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType");
+
+    fprintf(stderr, "%-20s CRL Types (default is SEC_CRL_TYPE):\n", " ");
+    fprintf(stderr, "%-20s \t 0 - SEC_KRL_TYPE\n", " ");
+    fprintf(stderr, "%-20s \t 1 - SEC_CRL_TYPE\n", " ");        
+
+    exit(-1);
+}
+
+int main(int argc, char **argv)
+{
+    SECItem privKeyDER;
+    CERTCertDBHandle *certHandle;
+    FILE *certFile;
+    PRFileDesc *inFile;
+    int listCRL;
+    int importCRL;
+    int opt;
+    int deleteCRL;
+    int rv;
+    char *nickName;
+    char *progName;
+    char *url;
+    int crlType;
+    PLOptState *optstate;
+    PLOptStatus status;
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName+1 : argv[0];
+
+    rv = 0;
+    deleteCRL = importCRL = listCRL = 0;
+    certFile = NULL;
+    inFile = NULL;
+    nickName = url = NULL;
+    privKeyDER.data = NULL;
+    certHandle = NULL;
+    crlType = SEC_CRL_TYPE;
+    /*
+     * Parse command line arguments
+     */
+    optstate = PL_CreateOptState(argc, argv, "IALd:i:Dn:Ct:u:");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+	switch (optstate->option) {
+	  case '?':
+	    Usage(progName);
+	    break;
+
+	  case 'C':
+	      listCRL = 1;
+	      break;
+
+	  case 'D':
+	      deleteCRL = 1;
+	      break;
+
+	  case 'I':
+	      importCRL = 1;
+	      break;
+	           
+	  case 'L':
+	      listCRL = 1;
+	      break;
+	           
+	  case 'd':
+	    SECU_ConfigDirectory(optstate->value);
+	    break;
+
+	  case 'i':
+	    inFile = PR_Open(optstate->value, PR_RDONLY, 0);
+	    if (!inFile) {
+		fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+			progName, optstate->value);
+		return -1;
+	    }
+	    break;
+	    
+	  case 'n':
+	    nickName = strdup(optstate->value);
+	    break;
+	    
+	  case 'u':
+	    url = strdup(optstate->value);
+	    break;
+
+	  case 't': {
+	    char *type;
+	    
+	    type = strdup(optstate->value);
+	    crlType = atoi (type);
+	    if (crlType != SEC_CRL_TYPE && crlType != SEC_KRL_TYPE) {
+		fprintf(stderr, "%s: invalid crl type\n", progName);
+		return -1;
+	    }
+	    break;
+          }
+	}
+    }
+
+    if (deleteCRL && !nickName) Usage (progName);
+    if (!(listCRL || deleteCRL || importCRL)) Usage (progName);
+    if (importCRL && !inFile) Usage (progName);
+    
+    PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+    SECU_PKCS11Init(PR_FALSE);
+    SEC_Init();
+
+    certHandle = OpenCertDB(SEC_CREATE_CERT_DB);
+    if (certHandle == NULL) {
+	SECU_PrintError(progName, "unable to open the cert db");	    	
+	return (-1);
+    }
+
+    /* Read in the private key info */
+    if (deleteCRL) 
+	DeleteCRL (certHandle, nickName, crlType);
+    else if (listCRL)
+	ListCRL (certHandle, nickName, crlType);
+    else if (importCRL) 
+	rv = ImportCRL (certHandle, url, crlType, inFile);
+    
+    return (rv);
+}