From dcb55c39808f3081d671a6452a8db92e20538603 Mon Sep 17 00:00:00 2001
From: "relyea%netscape.com" <relyea%netscape.com>
Date: Sat, 6 Jan 2001 21:09:28 +0000
Subject: [PATCH] Move the cert searching and printing utility function out of
 secutil.c so that most functions which call secutil can still be used in the
 shared libraries.

---
 security/nss/cmd/lib/seccnames.c | 203 +++++++++++++++++++++++++++++++
 1 file changed, 203 insertions(+)
 create mode 100644 security/nss/cmd/lib/seccnames.c

diff --git a/security/nss/cmd/lib/seccnames.c b/security/nss/cmd/lib/seccnames.c
new file mode 100644
index 000000000000..19fef619bceb
--- /dev/null
+++ b/security/nss/cmd/lib/seccnames.c
@@ -0,0 +1,203 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*
+** secutil.c - various functions used by security stuff
+**
+*/
+
+#include "prtypes.h"
+#include "prtime.h"
+#include "prlong.h"
+#include "prerror.h"
+#include "prprf.h"
+#include "plgetopt.h"
+
+#include "secutil.h"
+#include "secpkcs7.h"
+#include "secrng.h"
+#include <sys/stat.h>
+#include <stdarg.h>
+
+#ifdef XP_UNIX
+#include <unistd.h>
+#endif
+
+/* for SEC_TraverseNames */
+#include "cert.h"
+#include "certt.h"
+#include "certdb.h"
+#include "cdbhdl.h"
+
+typedef struct {
+    char *		name;
+    CERTCertTrust	trust;
+} certNameAndTrustEntry;
+
+typedef struct {
+    int numCerts;
+    certNameAndTrustEntry *nameAndTrustEntries;
+} certNameAndTrustList;
+
+SECStatus
+sec_CountCerts(CERTCertificate *cert, SECItem *unknown, void *arg)
+{
+    (*(int*)arg)++;
+    return SECSuccess;
+}
+
+SECStatus
+sec_CollectCertNamesAndTrust(CERTCertificate *cert, SECItem *unknown, void *arg)
+{
+    certNameAndTrustList *pCertNames = (certNameAndTrustList*)arg;
+    char *name;
+    int i;
+
+    i = pCertNames->numCerts;
+    name = cert->dbEntry->nickname ? cert->dbEntry->nickname : cert->emailAddr;
+
+    if (name)
+	pCertNames->nameAndTrustEntries[i].name = PORT_Strdup(name);
+    else
+	pCertNames->nameAndTrustEntries[i].name = PORT_Strdup("<unknown>");
+
+    PORT_Memcpy(&pCertNames->nameAndTrustEntries[i].trust, cert->trust, sizeof(*cert->trust));
+
+    pCertNames->numCerts++;
+
+    return SECSuccess;
+}
+
+
+static int
+sec_name_and_trust_compare_by_name(const void *p1, const void *p2)
+{
+    certNameAndTrustEntry *e1 = (certNameAndTrustEntry *)p1;
+    certNameAndTrustEntry *e2 = (certNameAndTrustEntry *)p2;
+    return PORT_Strcmp(e1->name, e2->name);
+}
+
+static int
+sec_combine_trust_flags(CERTCertTrust *trust)
+{
+    if (trust == NULL)
+	return NULL;
+    return trust->sslFlags | trust->emailFlags | trust->objectSigningFlags;
+}
+
+static int
+sec_name_and_trust_compare_by_trust(const void *p1, const void *p2)
+{
+    certNameAndTrustEntry *e1 = (certNameAndTrustEntry *)p1;
+    certNameAndTrustEntry *e2 = (certNameAndTrustEntry *)p2;
+    int e1_is_ca, e2_is_ca;
+    int e1_is_user, e2_is_user;
+    int rv;
+
+    e1_is_ca = (sec_combine_trust_flags(&e1->trust) & CERTDB_VALID_CA) != 0;
+    e2_is_ca = (sec_combine_trust_flags(&e2->trust) & CERTDB_VALID_CA) != 0;
+    e1_is_user = (sec_combine_trust_flags(&e1->trust) & CERTDB_USER) != 0;
+    e2_is_user = (sec_combine_trust_flags(&e2->trust) & CERTDB_USER) != 0;
+
+    /* first, sort by user status, then CA status, */
+    /*  then by actual comparison of CA flags, then by name */
+    if ((rv = (e2_is_user - e1_is_user)) == 0 && (rv = (e1_is_ca - e2_is_ca)) == 0)
+	if (e1_is_ca || (rv = memcmp(&e1->trust, &e2->trust, sizeof(CERTCertTrust))) == 0)
+	    return PORT_Strcmp(e1->name, e2->name);
+	else
+	    return rv;
+    else
+	return rv;
+}
+
+SECStatus
+SECU_PrintCertificateNames(CERTCertDBHandle *handle, PRFileDesc *out, 
+                           PRBool sortByName, PRBool sortByTrust)
+{
+    certNameAndTrustList certNames = { 0, NULL };
+    int numCerts, i;
+    SECStatus rv;
+    int (*comparefn)(const void *, const void *);
+    char trusts[30];
+
+    numCerts = 0;
+
+    rv = SEC_TraversePermCerts(handle, sec_CountCerts, &numCerts);
+    if (rv != SECSuccess)
+	return SECFailure;
+
+    certNames.nameAndTrustEntries = 
+		(certNameAndTrustEntry *)PORT_Alloc(numCerts * sizeof(certNameAndTrustEntry));
+    if (certNames.nameAndTrustEntries == NULL)
+	return SECFailure;
+
+    rv = SEC_TraversePermCerts(handle, sec_CollectCertNamesAndTrust, &certNames);
+    if (rv != SECSuccess)
+	return SECFailure;
+
+    if (sortByName)
+	comparefn = sec_name_and_trust_compare_by_name;
+    else if (sortByTrust)
+	comparefn = sec_name_and_trust_compare_by_trust;
+    else
+	comparefn = NULL;
+
+    if (comparefn)
+	qsort(certNames.nameAndTrustEntries, certNames.numCerts, 
+			    sizeof(certNameAndTrustEntry), comparefn);
+
+    PR_fprintf(out, "\n%-60s %-5s\n\n", "Certificate Name", "Trust Attributes");
+    for (i = 0; i < certNames.numCerts; i++) {
+	PORT_Memset (trusts, 0, sizeof(trusts));
+	printflags(trusts, certNames.nameAndTrustEntries[i].trust.sslFlags);
+	PORT_Strcat(trusts, ",");
+	printflags(trusts, certNames.nameAndTrustEntries[i].trust.emailFlags);
+	PORT_Strcat(trusts, ",");
+	printflags(trusts, certNames.nameAndTrustEntries[i].trust.objectSigningFlags);
+	PR_fprintf(out, "%-60s %-5s\n", 
+	           certNames.nameAndTrustEntries[i].name, trusts);
+    }
+    PR_fprintf(out, "\n");
+    PR_fprintf(out, "p    Valid peer\n");
+    PR_fprintf(out, "P    Trusted peer (implies p)\n");
+    PR_fprintf(out, "c    Valid CA\n");
+    PR_fprintf(out, "T    Trusted CA to issue client certs (implies c)\n");
+    PR_fprintf(out, "C    Trusted CA to certs(only server certs for ssl) (implies c)\n");
+    PR_fprintf(out, "u    User cert\n");
+    PR_fprintf(out, "w    Send warning\n");
+
+    for (i = 0; i < certNames.numCerts; i++)
+	PORT_Free(certNames.nameAndTrustEntries[i].name);
+    PORT_Free(certNames.nameAndTrustEntries);
+
+    return rv;
+}