mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-15 14:25:52 +00:00
Link certutil dynamically.
This commit is contained in:
parent
9edd53c39f
commit
24ff51d1d9
@ -233,13 +233,13 @@ GetCertRequest(PRFileDesc *inFile, PRBool ascii)
|
||||
data
|
||||
*/
|
||||
PORT_Memset(&signedData, 0, sizeof(signedData));
|
||||
rv = SEC_ASN1DecodeItem(arena, &signedData, CERT_SignedDataTemplate,
|
||||
&reqDER);
|
||||
rv = SEC_ASN1DecodeItem(arena, &signedData,
|
||||
SEC_ASN1_GET(CERT_SignedDataTemplate), &reqDER);
|
||||
if (rv)
|
||||
break;
|
||||
|
||||
rv = SEC_ASN1DecodeItem(arena, certReq, CERT_CertificateRequestTemplate,
|
||||
&signedData.data);
|
||||
rv = SEC_ASN1DecodeItem(arena, certReq,
|
||||
SEC_ASN1_GET(CERT_CertificateRequestTemplate), &signedData.data);
|
||||
} while (0);
|
||||
|
||||
if (rv) {
|
||||
@ -409,7 +409,7 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
|
||||
|
||||
/* Der encode the request */
|
||||
encoding = SEC_ASN1EncodeItem(arena, NULL, cr,
|
||||
CERT_CertificateRequestTemplate);
|
||||
SEC_ASN1_GET(CERT_CertificateRequestTemplate));
|
||||
if (encoding == NULL) {
|
||||
SECU_PrintError(progName, "der encoding of request failed");
|
||||
return SECFailure;
|
||||
@ -599,84 +599,49 @@ listCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot,
|
||||
PRInt32 numBytes;
|
||||
SECStatus rv;
|
||||
|
||||
#ifdef nodef
|
||||
/* For now, split handling of slot to internal vs. other. slot should
|
||||
* probably be allowed to be NULL so that all slots can be listed.
|
||||
* In that case, need to add a call to PK11_TraverseSlotCerts().
|
||||
*/
|
||||
if (PK11_IsInternal(slot)) {
|
||||
if (name == NULL) {
|
||||
/* Print all certs in internal slot db. */
|
||||
rv = SECU_PrintCertificateNames(handle, PR_STDOUT,
|
||||
PR_FALSE, PR_TRUE);
|
||||
if (rv) {
|
||||
SECU_PrintError(progName,
|
||||
"problem printing certificate nicknames");
|
||||
return SECFailure;
|
||||
}
|
||||
} else if (raw || ascii) {
|
||||
/* Dump binary or ascii DER for the cert to stdout. */
|
||||
cert = CERT_FindCertByNicknameOrEmailAddr(handle, name);
|
||||
if (!cert) {
|
||||
SECU_PrintError(progName,
|
||||
"could not find certificate named \"%s\"", name);
|
||||
return SECFailure;
|
||||
}
|
||||
data.data = cert->derCert.data;
|
||||
data.len = cert->derCert.len;
|
||||
if (ascii) {
|
||||
PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER,
|
||||
BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER);
|
||||
} else if (raw) {
|
||||
numBytes = PR_Write(outfile, data.data, data.len);
|
||||
if (numBytes != data.len) {
|
||||
SECU_PrintSystemError(progName, "error writing raw cert");
|
||||
return SECFailure;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
/* Pretty-print cert. */
|
||||
rv = CERT_TraversePermCertsForNickname(handle, name, printCertCB,
|
||||
NULL);
|
||||
}
|
||||
} else {
|
||||
#endif
|
||||
/* List certs on a non-internal slot. */
|
||||
if (!PK11_IsFriendly(slot) && PK11_NeedLogin(slot))
|
||||
/* List certs on a non-internal slot. */
|
||||
if (!PK11_IsFriendly(slot) && PK11_NeedLogin(slot))
|
||||
PK11_Authenticate(slot, PR_TRUE, pwarg);
|
||||
if (name) {
|
||||
CERTCertificate *the_cert;
|
||||
the_cert = PK11_FindCertFromNickname(name, NULL);
|
||||
if (!the_cert) {
|
||||
SECU_PrintError(progName, "Could not find: %s\n", name);
|
||||
return SECFailure;
|
||||
}
|
||||
data.data = the_cert->derCert.data;
|
||||
data.len = the_cert->derCert.len;
|
||||
if (ascii) {
|
||||
PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER,
|
||||
BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER);
|
||||
rv = SECSuccess;
|
||||
} else if (raw) {
|
||||
numBytes = PR_Write(outfile, data.data, data.len);
|
||||
if (numBytes != data.len) {
|
||||
SECU_PrintSystemError(progName, "error writing raw cert");
|
||||
rv = SECFailure;
|
||||
}
|
||||
rv = SECSuccess;
|
||||
} else {
|
||||
rv = printCertCB(the_cert, the_cert->trust);
|
||||
}
|
||||
} else {
|
||||
rv = PK11_TraverseCertsInSlot(slot, SECU_PrintCertNickname, stdout);
|
||||
}
|
||||
if (rv) {
|
||||
SECU_PrintError(progName, "problem printing certificate nicknames");
|
||||
if (name) {
|
||||
CERTCertificate *the_cert;
|
||||
the_cert = PK11_FindCertFromNickname(name, NULL);
|
||||
if (!the_cert) {
|
||||
SECU_PrintError(progName, "Could not find: %s\n", name);
|
||||
return SECFailure;
|
||||
}
|
||||
#ifdef notdef
|
||||
data.data = the_cert->derCert.data;
|
||||
data.len = the_cert->derCert.len;
|
||||
if (ascii) {
|
||||
PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER,
|
||||
BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER);
|
||||
rv = SECSuccess;
|
||||
} else if (raw) {
|
||||
numBytes = PR_Write(outfile, data.data, data.len);
|
||||
if (numBytes != data.len) {
|
||||
SECU_PrintSystemError(progName, "error writing raw cert");
|
||||
rv = SECFailure;
|
||||
}
|
||||
rv = SECSuccess;
|
||||
} else {
|
||||
rv = printCertCB(the_cert, the_cert->trust);
|
||||
}
|
||||
} else {
|
||||
CERTCertList *certs;
|
||||
CERTCertListNode *node;
|
||||
|
||||
certs = PK11_ListCertsInSlot(slot);
|
||||
if (certs) {
|
||||
for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs);
|
||||
node = CERT_LIST_NEXT(node)) {
|
||||
SECU_PrintCertNickname(node->cert,stdout);
|
||||
}
|
||||
CERT_DestroyCertList(certs);
|
||||
}
|
||||
}
|
||||
if (rv) {
|
||||
SECU_PrintError(progName, "problem printing certificate nicknames");
|
||||
return SECFailure;
|
||||
}
|
||||
#endif
|
||||
|
||||
return SECSuccess; /* not rv ?? */
|
||||
}
|
||||
@ -936,31 +901,19 @@ printKeyCB(SECKEYPublicKey *key, SECItem *data, void *arg)
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
struct secuCBData {
|
||||
FILE *file;
|
||||
int keycount;
|
||||
void *wincx;
|
||||
};
|
||||
|
||||
/* callback for listing certs through pkcs11 */
|
||||
static SECStatus
|
||||
secu_PrintKeyFromCert(CERTCertificate *cert, void *data)
|
||||
secu_PrintKey(FILE *out, int count, SECKEYPrivateKey *key)
|
||||
{
|
||||
FILE *out;
|
||||
struct secuCBData *cbdata;
|
||||
SECKEYPrivateKey *key;
|
||||
char *name;
|
||||
|
||||
cbdata = (struct secuCBData *)data;
|
||||
out = cbdata->file;
|
||||
key = PK11_FindPrivateKeyFromCert(cert->slot, cert, cbdata->wincx);
|
||||
if (!key) {
|
||||
fprintf(out, "XXX could not extract key for %s.\n", cert->nickname);
|
||||
return SECFailure;
|
||||
name = PK11_GetPrivateKeyNickname(key);
|
||||
if (name == NULL) {
|
||||
/* should look up associated cert */
|
||||
name = PORT_Strdup("< orphaned >");
|
||||
}
|
||||
/* XXX should have a type field also */
|
||||
fprintf(out, "<%d> %s\n", 0, cert->nickname);
|
||||
|
||||
cbdata->keycount++;
|
||||
fprintf(out, "<%d> %s\n", count, name);
|
||||
PORT_Free(name);
|
||||
|
||||
return SECSuccess;
|
||||
}
|
||||
@ -968,43 +921,24 @@ secu_PrintKeyFromCert(CERTCertificate *cert, void *data)
|
||||
static SECStatus
|
||||
listKeys(PK11SlotInfo *slot, KeyType keyType, void *pwarg)
|
||||
{
|
||||
SECStatus rv = SECSuccess;
|
||||
struct secuCBData cbdata;
|
||||
SECKEYPrivateKeyList *list;
|
||||
SECKEYPrivateKeyListNode *node;
|
||||
int count;
|
||||
|
||||
cbdata.keycount = 0;
|
||||
cbdata.file = stdout;
|
||||
cbdata.wincx = pwarg;
|
||||
|
||||
#ifdef notdef
|
||||
if (PK11_IsInternal(slot)) {
|
||||
/* Print all certs in internal slot db. */
|
||||
rv = SECU_PrintKeyNames(SECKEY_GetDefaultKeyDB(), stdout);
|
||||
if (rv) {
|
||||
SECU_PrintError(progName, "problem listing keys");
|
||||
return SECFailure;
|
||||
}
|
||||
} else {
|
||||
#endif
|
||||
/* XXX need a function as below */
|
||||
/* could iterate over certs on slot and print keys */
|
||||
/* this would miss stranded keys */
|
||||
/*rv = PK11_TraverseSlotKeys(slotname, keyType, printKeyCB, NULL, NULL);*/
|
||||
if (PK11_NeedLogin(slot))
|
||||
if (PK11_NeedLogin(slot))
|
||||
PK11_Authenticate(slot, PR_TRUE, pwarg);
|
||||
rv = PK11_TraverseCertsInSlot(slot, secu_PrintKeyFromCert, &cbdata);
|
||||
if (rv) {
|
||||
|
||||
list = PK11_ListPrivateKeysInSlot(slot);
|
||||
if (list == NULL) {
|
||||
SECU_PrintError(progName, "problem listing keys");
|
||||
return SECFailure;
|
||||
}
|
||||
if (cbdata.keycount == 0) {
|
||||
SECU_PrintError(progName, "no keys found");
|
||||
return SECFailure;
|
||||
}
|
||||
return SECSuccess;
|
||||
#ifdef notdef
|
||||
}
|
||||
return rv;
|
||||
#endif
|
||||
for (count=0, node=PRIVKEY_LIST_HEAD(list) ; !PRIVKEY_LIST_END(node,list);
|
||||
node= PRIVKEY_LIST_NEXT(node),count++) {
|
||||
secu_PrintKey(stdout, count, node->key);
|
||||
}
|
||||
SECKEY_DestroyPrivateKeyList(list);
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
static SECStatus
|
||||
@ -1013,19 +947,6 @@ ListKeys(PK11SlotInfo *slot, char *keyname, int index,
|
||||
{
|
||||
SECStatus rv = SECSuccess;
|
||||
|
||||
#ifdef notdef
|
||||
if (keyname) {
|
||||
if (dopriv) {
|
||||
return DumpPrivateKey(index, keyname, stdout);
|
||||
} else {
|
||||
return DumpPublicKey(index, keyname, stdout);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
/* For now, split handling of slot to internal vs. other. slot should
|
||||
* probably be allowed to be NULL so that all slots can be listed.
|
||||
* In that case, need to add a call to PK11_TraverseSlotCerts().
|
||||
*/
|
||||
if (slot == NULL) {
|
||||
PK11SlotList *list;
|
||||
PK11SlotListElement *le;
|
||||
@ -1565,6 +1486,14 @@ CreateOidSequence(void)
|
||||
return (CERTOidSequence *)NULL;
|
||||
}
|
||||
|
||||
static void
|
||||
DestroyOidSequence(CERTOidSequence *os)
|
||||
{
|
||||
if (os->arena) {
|
||||
PORT_FreeArena(os->arena, PR_FALSE);
|
||||
}
|
||||
}
|
||||
|
||||
static SECStatus
|
||||
AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag)
|
||||
{
|
||||
@ -1604,11 +1533,19 @@ AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag)
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
SEC_ASN1_MKSUB(SEC_ObjectIDTemplate);
|
||||
|
||||
const SEC_ASN1Template CERT_OidSeqTemplate[] = {
|
||||
{ SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN,
|
||||
offsetof(CERTOidSequence, oids),
|
||||
SEC_ASN1_SUB(SEC_ObjectIDTemplate) }
|
||||
};
|
||||
|
||||
|
||||
static SECItem *
|
||||
EncodeOidSequence(CERTOidSequence *os)
|
||||
{
|
||||
SECItem *rv;
|
||||
extern const SEC_ASN1Template CERT_OidSeqTemplate[];
|
||||
|
||||
rv = (SECItem *)PORT_ArenaZAlloc(os->arena, sizeof(SECItem));
|
||||
if( (SECItem *)NULL == rv ) {
|
||||
@ -1697,7 +1634,7 @@ AddExtKeyUsage (void *extHandle)
|
||||
? PR_TRUE : PR_FALSE), PR_TRUE);
|
||||
/*FALLTHROUGH*/
|
||||
loser:
|
||||
CERT_DestroyOidSequence(os);
|
||||
DestroyOidSequence(os);
|
||||
return rv;
|
||||
}
|
||||
|
||||
@ -1864,7 +1801,8 @@ SECKEYPrivateKey *selfsignprivkey, char *issuerNickName, void *pwarg)
|
||||
|
||||
der.len = 0;
|
||||
der.data = NULL;
|
||||
dummy = SEC_ASN1EncodeItem (arena, &der, cert, CERT_CertificateTemplate);
|
||||
dummy = SEC_ASN1EncodeItem (arena, &der, cert,
|
||||
SEC_ASN1_GET(CERT_CertificateTemplate));
|
||||
if (!dummy) {
|
||||
fprintf (stderr, "Could not encode certificate.\n");
|
||||
goto done;
|
||||
|
@ -68,6 +68,14 @@ extern char *sys_errlist[];
|
||||
|
||||
#define ERROR_BREAK rv = SECFailure;break;
|
||||
|
||||
const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = {
|
||||
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) },
|
||||
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) },
|
||||
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) },
|
||||
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,base) },
|
||||
{ 0, }
|
||||
};
|
||||
|
||||
/* returns 0 for success, -1 for failure (EOF encountered) */
|
||||
static int
|
||||
UpdateRNG(void)
|
||||
@ -126,8 +134,7 @@ UpdateRNG(void)
|
||||
rv = -1;
|
||||
break;
|
||||
}
|
||||
RNG_GetNoise(&randbuf[1], sizeof(randbuf)-1);
|
||||
RNG_RandomUpdate(randbuf, sizeof(randbuf));
|
||||
PK11_RandomUpdate(randbuf, sizeof(randbuf));
|
||||
if (c != randbuf[0]) {
|
||||
randbuf[0] = c;
|
||||
FPS "\r|");
|
||||
@ -189,27 +196,27 @@ static unsigned char G[] = { 0x00, 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a,
|
||||
0x8c, 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88,
|
||||
0x02 };
|
||||
|
||||
static PQGParams default_pqg_params = {
|
||||
static SECKEYPQGParams default_pqg_params = {
|
||||
NULL,
|
||||
{ 0, P, sizeof(P) },
|
||||
{ 0, Q, sizeof(Q) },
|
||||
{ 0, G, sizeof(G) }
|
||||
};
|
||||
|
||||
static PQGParams *
|
||||
static SECKEYPQGParams *
|
||||
decode_pqg_params(char *str)
|
||||
{
|
||||
char *buf;
|
||||
unsigned int len;
|
||||
PRArenaPool *arena;
|
||||
PQGParams *params;
|
||||
SECKEYPQGParams *params;
|
||||
SECStatus status;
|
||||
|
||||
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
||||
if (arena == NULL)
|
||||
return NULL;
|
||||
|
||||
params = PORT_ArenaZAlloc(arena, sizeof(PQGParams));
|
||||
params = PORT_ArenaZAlloc(arena, sizeof(SECKEYPQGParams));
|
||||
if (params == NULL)
|
||||
goto loser;
|
||||
params->arena = arena;
|
||||
@ -229,11 +236,19 @@ loser:
|
||||
PORT_FreeArena(arena, PR_FALSE);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
CERTUTIL_DestroyParamsPQG(SECKEYPQGParams *params)
|
||||
{
|
||||
if (params->arena) {
|
||||
PORT_FreeArena(params->arena, PR_FALSE);
|
||||
}
|
||||
}
|
||||
|
||||
static int
|
||||
pqg_prime_bits(char *str)
|
||||
{
|
||||
PQGParams *params = NULL;
|
||||
SECKEYPQGParams *params = NULL;
|
||||
int primeBits = 0, i;
|
||||
|
||||
params = decode_pqg_params(str);
|
||||
@ -246,7 +261,7 @@ pqg_prime_bits(char *str)
|
||||
|
||||
done:
|
||||
if (params != NULL)
|
||||
PQG_DestroyParams(params);
|
||||
CERTUTIL_DestroyParamsPQG(params);
|
||||
return primeBits;
|
||||
}
|
||||
|
||||
@ -270,7 +285,7 @@ SECU_GetpqgString(char *filename)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
PQGParams*
|
||||
SECKEYPQGParams*
|
||||
getpqgfromfile(int keyBits, char *pqgFile)
|
||||
{
|
||||
char *end, *str, *pqgString;
|
||||
@ -302,6 +317,26 @@ found_match:
|
||||
return decode_pqg_params(str);
|
||||
}
|
||||
|
||||
void CERTUTIL_FileForRNG(char *noise)
|
||||
{
|
||||
char buf[2048];
|
||||
PRFileDesc *fd;
|
||||
PRInt32 count;
|
||||
|
||||
fd = PR_OpenFile(noise,PR_RDONLY,0666);
|
||||
if (!fd) return;
|
||||
|
||||
do {
|
||||
count = PR_Read(fd,buf,sizeof(buf));
|
||||
if (count > 0) {
|
||||
PK11_RandomUpdate(buf,count);
|
||||
}
|
||||
} while (count > 0);
|
||||
|
||||
PR_Close(fd);
|
||||
|
||||
}
|
||||
|
||||
SECKEYPrivateKey *
|
||||
CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
|
||||
int publicExponent, char *noise,
|
||||
@ -311,17 +346,16 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
|
||||
CK_MECHANISM_TYPE mechanism;
|
||||
SECOidTag algtag;
|
||||
PK11RSAGenParams rsaparams;
|
||||
PQGParams *dsaparams = NULL;
|
||||
SECKEYPQGParams *dsaparams = NULL;
|
||||
void *params;
|
||||
PRArenaPool *dsaparena;
|
||||
|
||||
/*
|
||||
* Do some random-number initialization.
|
||||
*/
|
||||
RNG_SystemInfoForRNG();
|
||||
|
||||
if (noise) {
|
||||
RNG_FileForRNG(noise);
|
||||
CERTUTIL_FileForRNG(noise);
|
||||
} else {
|
||||
int rv = UpdateRNG();
|
||||
if (rv) {
|
||||
@ -346,7 +380,7 @@ CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
|
||||
} else {
|
||||
dsaparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
||||
if (dsaparena == NULL) return NULL;
|
||||
dsaparams = PORT_ArenaZAlloc(dsaparena, sizeof(PQGParams));
|
||||
dsaparams = PORT_ArenaZAlloc(dsaparena, sizeof(SECKEYPQGParams));
|
||||
if (dsaparams == NULL) return NULL;
|
||||
dsaparams->arena = dsaparena;
|
||||
SECITEM_AllocItem(dsaparena, &dsaparams->prime, sizeof P);
|
||||
|
@ -49,4 +49,4 @@ REQUIRES = dbm seccmd
|
||||
|
||||
PROGRAM = certutil
|
||||
|
||||
USE_STATIC_LIBS = 1
|
||||
#USE_STATIC_LIBS = 1
|
||||
|
Loading…
Reference in New Issue
Block a user