1 files changed, 273 insertions, 0 deletions
diff --git a/security/nss/cmd/p7env/p7env.c b/security/nss/cmd/p7env/p7env.c
new file mode 100644
index 000000000..54d79fbfc
--- /dev/null
+++ b/security/nss/cmd/p7env/p7env.c
@@ -0,0 +1,273 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+/*
+ * p7env -- A command to create a pkcs7 enveloped data.
+ *
+ * $Id$
+ */
+
+#include "nspr.h"
+#include "secutil.h"
+#include "plgetopt.h"
+#include "secpkcs7.h"
+#include "cert.h"
+#include "certdb.h"
+#include "nss.h"
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+
+#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4))
+extern int fread(char *, size_t, size_t, FILE*);
+extern int fwrite(char *, size_t, size_t, FILE*);
+extern int fprintf(FILE *, char *, ...);
+#endif
+
+extern void SEC_Init(void);		/* XXX */
+
+
+static void
+Usage(char *progName)
+{
+    fprintf(stderr,
+	    "Usage:  %s -r recipient [-d dbdir] [-i input] [-o output]\n",
+	    progName);
+    fprintf(stderr, "%-20s Nickname of cert to use for encryption\n",
+	    "-r recipient");
+    fprintf(stderr, "%-20s Cert database directory (default is ~/.netscape)\n",
+	    "-d dbdir");
+    fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
+	    "-i input");
+    fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
+	    "-o output");
+    exit(-1);
+}
+
+struct recipient {
+    struct recipient *next;
+    char *nickname;
+    CERTCertificate *cert;
+};
+
+static void
+EncryptOut(void *arg, const char *buf, unsigned long len)
+{
+   FILE *out;
+
+   out = arg; 
+   fwrite (buf, len, 1, out);
+}
+
+static int
+EncryptFile(FILE *outFile, FILE *inFile, struct recipient *recipients,
+	    char *progName)
+{
+    SEC_PKCS7ContentInfo *cinfo;
+    SEC_PKCS7EncoderContext *ecx;
+    struct recipient *rcpt;
+    SECStatus rv;
+
+    if (outFile == NULL || inFile == NULL || recipients == NULL)
+	return -1;
+
+    /* XXX Need a better way to handle that certUsage stuff! */
+    /* XXX keysize? */
+    cinfo = SEC_PKCS7CreateEnvelopedData (recipients->cert,
+					  certUsageEmailRecipient,
+					  NULL, SEC_OID_DES_EDE3_CBC, 0, 
+					  NULL, NULL);
+    if (cinfo == NULL)
+	return -1;
+
+    for (rcpt = recipients->next; rcpt != NULL; rcpt = rcpt->next) {
+	rv = SEC_PKCS7AddRecipient (cinfo, rcpt->cert, certUsageEmailRecipient,
+				    NULL);
+	if (rv != SECSuccess) {
+	    SECU_PrintError(progName, "error adding recipient \"%s\"",
+			    rcpt->nickname);
+	    return -1;
+	}
+    }
+
+    ecx = SEC_PKCS7EncoderStart (cinfo, EncryptOut, outFile, NULL);
+    if (ecx == NULL)
+	return -1;
+
+    for (;;) {
+	char ibuf[1024];
+	int nb;
+ 
+	if (feof(inFile))
+	    break;
+	nb = fread(ibuf, 1, sizeof(ibuf), inFile);
+	if (nb == 0) {
+	    if (ferror(inFile)) {
+		PORT_SetError(SEC_ERROR_IO);
+		rv = SECFailure;
+	    }
+	    break;
+	}
+	rv = SEC_PKCS7EncoderUpdate(ecx, ibuf, nb);
+	if (rv != SECSuccess)
+	    break;
+    }
+
+    if (SEC_PKCS7EncoderFinish(ecx, NULL, NULL) != SECSuccess)
+	rv = SECFailure;
+
+    SEC_PKCS7DestroyContentInfo (cinfo);
+
+    if (rv != SECSuccess)
+	return -1;
+
+    return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+    char *progName;
+    FILE *inFile, *outFile;
+    char *certName;
+    CERTCertDBHandle *certHandle;
+    CERTCertificate *cert;
+    struct recipient *recipients, *rcpt;
+    PLOptState *optstate;
+    PLOptStatus status;
+    SECStatus rv;
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName+1 : argv[0];
+
+    inFile = NULL;
+    outFile = NULL;
+    certName = NULL;
+    recipients = NULL;
+    rcpt = NULL;
+
+    /*
+     * Parse command line arguments
+     * XXX This needs to be enhanced to allow selection of algorithms
+     * and key sizes (or to look up algorithms and key sizes for each
+     * recipient in the magic database).
+     */
+    optstate = PL_CreateOptState(argc, argv, "d:i:o:r:");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+	switch (optstate->option) {
+	  case '?':
+	    Usage(progName);
+	    break;
+
+	  case 'd':
+	    SECU_ConfigDirectory(optstate->value);
+	    break;
+
+	  case 'i':
+	    inFile = fopen(optstate->value, "r");
+	    if (!inFile) {
+		fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+			progName, optstate->value);
+		return -1;
+	    }
+	    break;
+
+	  case 'o':
+	    outFile = fopen(optstate->value, "w");
+	    if (!outFile) {
+		fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+			progName, optstate->value);
+		return -1;
+	    }
+	    break;
+
+	  case 'r':
+	    if (rcpt == NULL) {
+		recipients = rcpt = PORT_Alloc (sizeof(struct recipient));
+	    } else {
+		rcpt->next = PORT_Alloc (sizeof(struct recipient));
+		rcpt = rcpt->next;
+	    }
+	    if (rcpt == NULL) {
+		fprintf(stderr, "%s: unable to allocate recipient struct\n",
+			progName);
+		return -1;
+	    }
+	    rcpt->nickname = strdup(optstate->value);
+	    rcpt->cert = NULL;
+	    rcpt->next = NULL;
+	    break;
+	}
+    }
+
+    if (!recipients) Usage(progName);
+
+    if (!inFile) inFile = stdin;
+    if (!outFile) outFile = stdout;
+
+    /* Call the libsec initialization routines */
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+    rv = NSS_Init(SECU_ConfigDirectory(NULL));
+    if (rv != SECSuccess) {
+    	SECU_PrintPRandOSError(progName);
+	return -1;
+    }
+
+    /* open cert database */
+    certHandle = CERT_GetDefaultCertDB();
+    if (certHandle == NULL) {
+	return -1;
+    }
+
+    /* find certs */
+    for (rcpt = recipients; rcpt != NULL; rcpt = rcpt->next) {
+	rcpt->cert = CERT_FindCertByNickname(certHandle, rcpt->nickname);
+	if (rcpt->cert == NULL) {
+	    SECU_PrintError(progName,
+			    "the cert for name \"%s\" not found in database",
+			    rcpt->nickname);
+	    return -1;
+	}
+    }
+
+    if (EncryptFile(outFile, inFile, recipients, progName)) {
+	SECU_PrintError(progName, "problem encrypting data");
+	return -1;
+    }
+
+    return 0;
+}