diff options
Diffstat (limited to 'security/nss/cmd/keyutil')
| -rw-r--r-- | security/nss/cmd/keyutil/Makefile | 73 | ||||
| -rw-r--r-- | security/nss/cmd/keyutil/keyutil.c | 340 | ||||
| -rw-r--r-- | security/nss/cmd/keyutil/manifest.mn | 50 |
3 files changed, 463 insertions, 0 deletions
diff --git a/security/nss/cmd/keyutil/Makefile b/security/nss/cmd/keyutil/Makefile new file mode 100644 index 000000000..a2ed814be --- /dev/null +++ b/security/nss/cmd/keyutil/Makefile @@ -0,0 +1,73 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include ../platlibs.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +include ../platrules.mk diff --git a/security/nss/cmd/keyutil/keyutil.c b/security/nss/cmd/keyutil/keyutil.c new file mode 100644 index 000000000..65e6ad8b0 --- /dev/null +++ b/security/nss/cmd/keyutil/keyutil.c @@ -0,0 +1,340 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#include <stdio.h> +#include <string.h> +#include "secutil.h" + +#if defined(XP_UNIX) +#include <unistd.h> +#include <sys/time.h> +#include <termios.h> +#endif + +#include "secopt.h" + +#if defined(XP_WIN) +#include <time.h> +#include <conio.h> +#endif + +#if defined(__sun) && !defined(SVR4) +extern int fclose(FILE*); +extern int fprintf(FILE *, char *, ...); +extern int getopt(int, char**, char*); +extern int isatty(int); +extern char *optarg; +extern char *sys_errlist[]; +#define strerror(errno) sys_errlist[errno] +#endif + +#include "nspr.h" +#include "prtypes.h" +#include "prtime.h" +#include "prlong.h" + +static char *progName; + +static SECStatus +ListKeys(SECKEYKeyDBHandle *handle, FILE *out) +{ + int rt; + + rt = SECU_PrintKeyNames(handle, out); + if (rt) { + SECU_PrintError(progName, "unable to list nicknames"); + return SECFailure; + } + return SECSuccess; +} + +static SECStatus +DumpPublicKey(SECKEYKeyDBHandle *handle, char *nickname, FILE *out) +{ + SECKEYLowPrivateKey *privKey; + SECKEYLowPublicKey *publicKey; + + /* check if key actually exists */ + if (SECU_CheckKeyNameExists(handle, nickname) == PR_FALSE) { + SECU_PrintError(progName, "the key \"%s\" does not exist", nickname); + return SECFailure; + } + + /* Read in key */ + privKey = SECU_GetPrivateKey(handle, nickname); + if (!privKey) { + return SECFailure; + } + + publicKey = SECKEY_LowConvertToPublicKey(privKey); + + /* Output public key (in the clear) */ + switch(publicKey->keyType) { + case rsaKey: + fprintf(out, "RSA Public-Key:\n"); + SECU_PrintInteger(out, &publicKey->u.rsa.modulus, "modulus", 1); + SECU_PrintInteger(out, &publicKey->u.rsa.publicExponent, + "publicExponent", 1); + break; + case dsaKey: + fprintf(out, "DSA Public-Key:\n"); + SECU_PrintInteger(out, &publicKey->u.dsa.params.prime, "prime", 1); + SECU_PrintInteger(out, &publicKey->u.dsa.params.subPrime, + "subPrime", 1); + SECU_PrintInteger(out, &publicKey->u.dsa.params.base, "base", 1); + SECU_PrintInteger(out, &publicKey->u.dsa.publicValue, "publicValue", 1); + break; + default: + fprintf(out, "unknown key type\n"); + break; + } + return SECSuccess; +} + +static SECStatus +DumpPrivateKey(SECKEYKeyDBHandle *handle, char *nickname, FILE *out) +{ + SECKEYLowPrivateKey *key; + + /* check if key actually exists */ + if (SECU_CheckKeyNameExists(handle, nickname) == PR_FALSE) { + SECU_PrintError(progName, "the key \"%s\" does not exist", nickname); + return SECFailure; + } + + /* Read in key */ + key = SECU_GetPrivateKey(handle, nickname); + if (!key) { + SECU_PrintError(progName, "error retrieving key"); + return SECFailure; + } + + switch(key->keyType) { + case rsaKey: + fprintf(out, "RSA Private-Key:\n"); + SECU_PrintInteger(out, &key->u.rsa.modulus, "modulus", 1); + SECU_PrintInteger(out, &key->u.rsa.publicExponent, "publicExponent", 1); + SECU_PrintInteger(out, &key->u.rsa.privateExponent, + "privateExponent", 1); + SECU_PrintInteger(out, &key->u.rsa.prime1, "prime1", 1); + SECU_PrintInteger(out, &key->u.rsa.prime2, "prime2", 1); + SECU_PrintInteger(out, &key->u.rsa.exponent1, "exponent1", 1); + SECU_PrintInteger(out, &key->u.rsa.exponent2, "exponent2", 1); + SECU_PrintInteger(out, &key->u.rsa.coefficient, "coefficient", 1); + break; + case dsaKey: + fprintf(out, "DSA Private-Key:\n"); + SECU_PrintInteger(out, &key->u.dsa.params.prime, "prime", 1); + SECU_PrintInteger(out, &key->u.dsa.params.subPrime, "subPrime", 1); + SECU_PrintInteger(out, &key->u.dsa.params.base, "base", 1); + SECU_PrintInteger(out, &key->u.dsa.publicValue, "publicValue", 1); + SECU_PrintInteger(out, &key->u.dsa.privateValue, "privateValue", 1); + break; + default: + fprintf(out, "unknown key type\n"); + break; + } + return SECSuccess; +} + +static SECStatus +ChangePassword(SECKEYKeyDBHandle *handle) +{ + SECStatus rv; + + /* Write out database with a new password */ + rv = SECU_ChangeKeyDBPassword(handle, NULL); + if (rv) { + SECU_PrintError(progName, "unable to change key password"); + } + return rv; +} + +static SECStatus +DeletePrivateKey (SECKEYKeyDBHandle *keyHandle, char *nickName) +{ + SECStatus rv; + + rv = SECU_DeleteKeyByName (keyHandle, nickName); + if (rv != SECSuccess) + fprintf(stderr, "%s: problem deleting private key (%s)\n", + progName, SECU_Strerror(PR_GetError())); + return (rv); + +} + + +static void +Usage(const char *progName) +{ + fprintf(stderr, + "Usage: %s -p name [-d keydir]\n", progName); + fprintf(stderr, + " %s -P name [-d keydir]\n", progName); + fprintf(stderr, + " %s -D name [-d keydir]\n", progName); + fprintf(stderr, + " %s -l [-d keydir]\n", progName); + fprintf(stderr, + " %s -c [-d keydir]\n", progName); + + fprintf(stderr, "%-20s Pretty print public key info for named key\n", + "-p nickname"); + fprintf(stderr, "%-20s Pretty print private key info for named key\n", + "-P nickname"); + fprintf(stderr, "%-20s Delete named private key from the key database\n", + "-D nickname"); + fprintf(stderr, "%-20s List the nicknames for the keys in a database\n", + "-l"); + fprintf(stderr, "%-20s Change the key database password\n", + "-c"); + fprintf(stderr, "\n"); + fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n", + "-d keydir"); + + exit(-1); +} + +int main(int argc, char **argv) +{ + int o, changePassword, deleteKey, dumpPublicKey, dumpPrivateKey, list; + char *nickname; + SECStatus rv; + SECKEYKeyDBHandle *keyHandle; + + progName = strrchr(argv[0], '/'); + progName = progName ? progName+1 : argv[0]; + + /* Parse command line arguments */ + changePassword = deleteKey = dumpPublicKey = dumpPrivateKey = list = 0; + nickname = NULL; + + while ((o = getopt(argc, argv, "ADP:cd:glp:")) != -1) { + switch (o) { + case '?': + Usage(progName); + break; + + case 'A': + fprintf(stderr, "%s: Can no longer add a key.", progName); + fprintf(stderr, " Use pkcs12 to import a key.\n\n"); + Usage(progName); + break; + + case 'D': + deleteKey = 1; + nickname = optarg; + break; + + case 'P': + dumpPrivateKey = 1; + nickname = optarg; + break; + + case 'c': + changePassword = 1; + break; + + case 'd': + SECU_ConfigDirectory(optarg); + break; + + case 'g': + fprintf(stderr, "%s: Can no longer generate a key.", progName); + fprintf(stderr, " Use certutil to generate a cert request.\n\n"); + Usage(progName); + break; + + case 'l': + list = 1; + break; + + case 'p': + dumpPublicKey = 1; + nickname = optarg; + break; + } + } + + if (dumpPublicKey+changePassword+dumpPrivateKey+list+deleteKey != 1) + Usage(progName); + + if ((list || changePassword) && nickname) + Usage(progName); + + if ((dumpPublicKey || dumpPrivateKey || deleteKey) && !nickname) + Usage(progName); + + + /* Call the libsec initialization routines */ + PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); + SEC_Init(); + + /* + * XXX Note that the following opens the key database writable. + * If dumpPublicKey or dumpPrivateKey or list, though, we only want + * to open it read-only. There needs to be a better interface + * to the initialization routines so that we can specify which way + * to open it. + */ + rv = SECU_PKCS11Init(); + if (rv != SECSuccess) { + SECU_PrintError(progName, "SECU_PKCS11Init failed"); + return -1; + } + + keyHandle = SECKEY_GetDefaultKeyDB(); + if (keyHandle == NULL) { + SECU_PrintError(progName, "could not open key database"); + return -1; + } + + if (dumpPublicKey) { + rv = DumpPublicKey(keyHandle, nickname, stdout); + } else + if (changePassword) { + rv = ChangePassword(keyHandle); + } else + if (dumpPrivateKey) { + rv = DumpPrivateKey(keyHandle, nickname, stdout); + } else + if (list) { + rv = ListKeys(keyHandle, stdout); + } else + if (deleteKey) { + rv = DeletePrivateKey(keyHandle, nickname); + } + + + return rv ? -1 : 0; +} diff --git a/security/nss/cmd/keyutil/manifest.mn b/security/nss/cmd/keyutil/manifest.mn new file mode 100644 index 000000000..e20a3d330 --- /dev/null +++ b/security/nss/cmd/keyutil/manifest.mn @@ -0,0 +1,50 @@ +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +CORE_DEPTH = ../../.. + +DEFINES += -DNSPR20 + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +CSRCS = \ + keyutil.c \ + $(NULL) + +# The MODULE is always implicitly required. +# Listing it here in REQUIRES makes it appear twice in the cc command line. +REQUIRES = seccmd dbm + + +PROGRAM = keyutil |