Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-04-06 14:42:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 184557: Allow usage specified on command line (-u) to be used to validate

Browse Source 
certificates used for signing (-S option).  Also add special handling for
nickname "NONE" in the -Y option.  This specifies that no certificate and
encryption key preference should be included in the signature object.
This commit is contained in:
thayes%netscape.com 2002-12-11 01:44:37 +00:00
parent e8e8609d78
commit 8d4be901b5
1 changed files with 35 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
security/nss/cmd/smimetools/cmsutil.c
View File

@ -34,7 +34,7 @@
/* /*
* cmsutil -- A command to work with CMS data * cmsutil -- A command to work with CMS data
* *
* $Id: cmsutil.c,v 1.35 2002/12/05 22:16:22 nelsonb%netscape.com Exp $ * $Id: cmsutil.c,v 1.36 2002/12/11 01:44:37 thayes%netscape.com Exp $
*/ */
#include "nspr.h" #include "nspr.h"
@ -115,6 +115,7 @@ Usage(char *progName)
fprintf(stderr, " -G include a signing time attribute\n"); fprintf(stderr, " -G include a signing time attribute\n");
fprintf(stderr, " -P include a SMIMECapabilities attribute\n"); fprintf(stderr, " -P include a SMIMECapabilities attribute\n");
fprintf(stderr, " -Y nick include a EncryptionKeyPreference attribute with cert\n"); fprintf(stderr, " -Y nick include a EncryptionKeyPreference attribute with cert\n");
fprintf(stderr, " (use \"NONE\" to omit)\n");
fprintf(stderr, " -E create a CMS enveloped message (NYI)\n"); fprintf(stderr, " -E create a CMS enveloped message (NYI)\n");
fprintf(stderr, " -r id,... create envelope for these recipients,\n"); fprintf(stderr, " -r id,... create envelope for these recipients,\n");
fprintf(stderr, " where id can be a certificate nickname or email address\n"); fprintf(stderr, " where id can be a certificate nickname or email address\n");
@ -416,7 +417,7 @@ signed_data(struct signOptionsStr *signOptions)
} }
if ((cert = CERT_FindUserCertByUsage(signOptions->options->certHandle, if ((cert = CERT_FindUserCertByUsage(signOptions->options->certHandle,
signOptions->nickname, signOptions->nickname,
certUsageEmailSigner, signOptions->options->certUsage,
PR_FALSE, PR_FALSE,
NULL)) == NULL) { NULL)) == NULL) {
SECU_PrintError(progName, SECU_PrintError(progName,
@ -492,35 +493,7 @@ signed_data(struct signOptionsStr *signOptions)
} }
} }
if (signOptions->encryptionKeyPreferenceNick) { if (!signOptions->encryptionKeyPreferenceNick) {
/* get the cert, add it to the message */
if ((ekpcert = CERT_FindUserCertByUsage(
signOptions->options->certHandle,
signOptions->encryptionKeyPreferenceNick,
certUsageEmailRecipient, PR_FALSE, NULL))
== NULL) {
SECU_PrintError(progName,
"the corresponding cert for key \"%s\" does not exist",
signOptions->encryptionKeyPreferenceNick);
goto loser;
}
if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ekpcert,
signOptions->options->certHandle)
!= SECSuccess) {
fprintf(stderr, "ERROR: cannot add SMIMEEncKeyPrefs attribute.\n");
goto loser;
}
if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, ekpcert,
signOptions->options->certHandle)
!= SECSuccess) {
fprintf(stderr, "ERROR: cannot add MS SMIMEEncKeyPrefs attribute.\n");
goto loser;
}
if (NSS_CMSSignedData_AddCertificate(sigd, ekpcert) != SECSuccess) {
fprintf(stderr, "ERROR: cannot add encryption certificate.\n");
goto loser;
}
} else {
/* check signing cert for fitness as encryption cert */ /* check signing cert for fitness as encryption cert */
SECStatus FitForEncrypt = CERT_CheckCertUsage(cert, SECStatus FitForEncrypt = CERT_CheckCertUsage(cert,
certUsageEmailRecipient); certUsageEmailRecipient);
@ -575,6 +548,36 @@ signed_data(struct signOptionsStr *signOptions)
goto loser; goto loser;
} }
} }
} else if (PL_strcmp(signOptions->encryptionKeyPreferenceNick, "NONE") == 0) {
/* No action */
} else {
/* get the cert, add it to the message */
if ((ekpcert = CERT_FindUserCertByUsage(
signOptions->options->certHandle,
signOptions->encryptionKeyPreferenceNick,
certUsageEmailRecipient, PR_FALSE, NULL))
== NULL) {
SECU_PrintError(progName,
"the corresponding cert for key \"%s\" does not exist",
signOptions->encryptionKeyPreferenceNick);
goto loser;
}
if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ekpcert,
signOptions->options->certHandle)
!= SECSuccess) {
fprintf(stderr, "ERROR: cannot add SMIMEEncKeyPrefs attribute.\n");
goto loser;
}
if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, ekpcert,
signOptions->options->certHandle)
!= SECSuccess) {
fprintf(stderr, "ERROR: cannot add MS SMIMEEncKeyPrefs attribute.\n");
goto loser;
}
if (NSS_CMSSignedData_AddCertificate(sigd, ekpcert) != SECSuccess) {
fprintf(stderr, "ERROR: cannot add encryption certificate.\n");
goto loser;
}
} }
if (NSS_CMSSignedData_AddSignerInfo(sigd, signerinfo) != SECSuccess) { if (NSS_CMSSignedData_AddSignerInfo(sigd, signerinfo) != SECSuccess) {
@ -1016,7 +1019,7 @@ main(int argc, char **argv)
* Parse command line arguments * Parse command line arguments
*/ */
optstate = PL_CreateOptState(argc, argv, optstate = PL_CreateOptState(argc, argv,
"CDSEOnN:TGPYv:h:p:i:c:d:e:o:s:u:r:"); "CDSEOnN:TGPY:vh:p:i:c:d:e:o:s:u:r:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) { switch (optstate->option) {
case '?': case '?':