📄 secutil.c

📁 支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509v3证书等安全协议或标准的开发库编译用到NSPR
💻 C
📖 第 1 页 / 共 5 页
字号:
上一页 1 2 3 45
    char *		name;    CERTCertTrust	trust;} certNameAndTrustEntry;typedef struct {    int numCerts;    certNameAndTrustEntry *nameAndTrustEntries;} certNameAndTrustList;SECStatussec_CountCerts(CERTCertificate *cert, SECItem *unknown, void *arg){    (*(int*)arg)++;    return SECSuccess;}SECStatussec_CollectCertNamesAndTrust(CERTCertificate *cert, SECItem *unknown, void *arg){    certNameAndTrustList *pCertNames = (certNameAndTrustList*)arg;    char *name;    int i;    i = pCertNames->numCerts;    name = cert->dbEntry->nickname ? cert->dbEntry->nickname : cert->emailAddr;    if (name)	pCertNames->nameAndTrustEntries[i].name = PORT_Strdup(name);    else	pCertNames->nameAndTrustEntries[i].name = PORT_Strdup("<unknown>");    PORT_Memcpy(&pCertNames->nameAndTrustEntries[i].trust, cert->trust, sizeof(*cert->trust));    pCertNames->numCerts++;    return SECSuccess;}static intsec_name_and_trust_compare_by_name(const void *p1, const void *p2){    certNameAndTrustEntry *e1 = (certNameAndTrustEntry *)p1;    certNameAndTrustEntry *e2 = (certNameAndTrustEntry *)p2;    return PORT_Strcmp(e1->name, e2->name);}static intsec_combine_trust_flags(CERTCertTrust *trust){    if (trust == NULL)	return NULL;    return trust->sslFlags | trust->emailFlags | trust->objectSigningFlags;}static intsec_name_and_trust_compare_by_trust(const void *p1, const void *p2){    certNameAndTrustEntry *e1 = (certNameAndTrustEntry *)p1;    certNameAndTrustEntry *e2 = (certNameAndTrustEntry *)p2;    int e1_is_ca, e2_is_ca;    int e1_is_user, e2_is_user;    int rv;    e1_is_ca = (sec_combine_trust_flags(&e1->trust) & CERTDB_VALID_CA) != 0;    e2_is_ca = (sec_combine_trust_flags(&e2->trust) & CERTDB_VALID_CA) != 0;    e1_is_user = (sec_combine_trust_flags(&e1->trust) & CERTDB_USER) != 0;    e2_is_user = (sec_combine_trust_flags(&e2->trust) & CERTDB_USER) != 0;    /* first, sort by user status, then CA status, */    /*  then by actual comparison of CA flags, then by name */    if ((rv = (e2_is_user - e1_is_user)) == 0 && (rv = (e1_is_ca - e2_is_ca)) == 0)	if (e1_is_ca || (rv = memcmp(&e1->trust, &e2->trust, sizeof(CERTCertTrust))) == 0)	    return PORT_Strcmp(e1->name, e2->name);	else	    return rv;    else	return rv;}SECStatusSECU_PrintCertificateNames(CERTCertDBHandle *handle, PRFileDesc *out,                            PRBool sortByName, PRBool sortByTrust){    certNameAndTrustList certNames = { 0, NULL };    int numCerts, i;    SECStatus rv;    int (*comparefn)(const void *, const void *);    char trusts[30];    numCerts = 0;    rv = SEC_TraversePermCerts(handle, sec_CountCerts, &numCerts);    if (rv != SECSuccess)	return SECFailure;    certNames.nameAndTrustEntries = 		(certNameAndTrustEntry *)PORT_Alloc(numCerts * sizeof(certNameAndTrustEntry));    if (certNames.nameAndTrustEntries == NULL)	return SECFailure;    rv = SEC_TraversePermCerts(handle, sec_CollectCertNamesAndTrust, &certNames);    if (rv != SECSuccess)	return SECFailure;    if (sortByName)	comparefn = sec_name_and_trust_compare_by_name;    else if (sortByTrust)	comparefn = sec_name_and_trust_compare_by_trust;    else	comparefn = NULL;    if (comparefn)	qsort(certNames.nameAndTrustEntries, certNames.numCerts, 			    sizeof(certNameAndTrustEntry), comparefn);    PR_fprintf(out, "\n%-60s %-5s\n\n", "Certificate Name", "Trust Attributes");    for (i = 0; i < certNames.numCerts; i++) {	PORT_Memset (trusts, 0, sizeof(trusts));	printflags(trusts, certNames.nameAndTrustEntries[i].trust.sslFlags);	PORT_Strcat(trusts, ",");	printflags(trusts, certNames.nameAndTrustEntries[i].trust.emailFlags);	PORT_Strcat(trusts, ",");	printflags(trusts, certNames.nameAndTrustEntries[i].trust.objectSigningFlags);	PR_fprintf(out, "%-60s %-5s\n", 	           certNames.nameAndTrustEntries[i].name, trusts);    }    PR_fprintf(out, "\n");    PR_fprintf(out, "p    Valid peer\n");    PR_fprintf(out, "P    Trusted peer (implies p)\n");    PR_fprintf(out, "c    Valid CA\n");    PR_fprintf(out, "T    Trusted CA to issue client certs (implies c)\n");    PR_fprintf(out, "C    Trusted CA to certs(only server certs for ssl) (implies c)\n");    PR_fprintf(out, "u    User cert\n");    PR_fprintf(out, "w    Send warning\n");    for (i = 0; i < certNames.numCerts; i++)	PORT_Free(certNames.nameAndTrustEntries[i].name);    PORT_Free(certNames.nameAndTrustEntries);    return rv;}intSECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, int level){    PRArenaPool *arena = NULL;    CERTCertificateRequest *cr;    int rv;    /* Decode certificate request */    cr = (CERTCertificateRequest*) PORT_ZAlloc(sizeof(CERTCertificateRequest));    if (!cr)	return PORT_GetError();    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);    if (!arena)	return SEC_ERROR_NO_MEMORY;    rv = SEC_ASN1DecodeItem(arena, cr, CERT_CertificateRequestTemplate, der);    if (rv) {	PORT_FreeArena(arena, PR_FALSE);	return rv;    }    /* Pretty print it out */    SECU_Indent(out, level); fprintf(out, "%s:\n", m);    SECU_PrintInteger(out, &cr->version, "Version", level+1);    SECU_PrintName(out, &cr->subject, "Subject", level+1);    rv = secu_PrintSubjectPublicKeyInfo(out, arena, &cr->subjectPublicKeyInfo,			      "Subject Public Key Info", level+1);    if (rv) {	PORT_FreeArena(arena, PR_FALSE);	return rv;    }    secu_PrintAny(out, cr->attributes[0], "Attributes", level+1);    PORT_FreeArena(arena, PR_FALSE);    return 0;}intSECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level){    PRArenaPool *arena = NULL;    CERTCertificate *c;    int rv;    int iv;        /* Decode certificate */    c = (CERTCertificate*) PORT_ZAlloc(sizeof(CERTCertificate));    if (!c)	return PORT_GetError();    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);    if (!arena)	return SEC_ERROR_NO_MEMORY;    rv = SEC_ASN1DecodeItem(arena, c, CERT_CertificateTemplate, der);    if (rv) {	PORT_FreeArena(arena, PR_FALSE);	return rv;    }    /* Pretty print it out */    SECU_Indent(out, level); fprintf(out, "%s:\n", m);    iv = DER_GetInteger(&c->version);    SECU_Indent(out, level+1); fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv);    SECU_PrintInteger(out, &c->serialNumber, "Serial Number", level+1);    SECU_PrintAlgorithmID(out, &c->signature, "Signature Algorithm", level+1);    SECU_PrintName(out, &c->issuer, "Issuer", level+1);    secu_PrintValidity(out, &c->validity, "Validity", level+1);    SECU_PrintName(out, &c->subject, "Subject", level+1);    rv = secu_PrintSubjectPublicKeyInfo(out, arena, &c->subjectPublicKeyInfo,			      "Subject Public Key Info", level+1);    if (rv) {	PORT_FreeArena(arena, PR_FALSE);	return rv;    }    SECU_PrintExtensions(out, c->extensions, "Signed Extensions", level+1);    SECU_PrintFingerprints(out, &c->derCert, "Fingerprint", level);        PORT_FreeArena(arena, PR_FALSE);    return 0;}intSECU_PrintPublicKey(FILE *out, SECItem *der, char *m, int level){    PRArenaPool *arena = NULL;    SECKEYPublicKey key;    int rv;    PORT_Memset(&key, 0, sizeof(key));    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);    if (!arena)	return SEC_ERROR_NO_MEMORY;    rv = SEC_ASN1DecodeItem(arena, &key, SECKEY_RSAPublicKeyTemplate, der);    if (rv) {	PORT_FreeArena(arena, PR_FALSE);	return rv;    }    /* Pretty print it out */    secu_PrintRSAPublicKey(out, &key, m, level);    PORT_FreeArena(arena, PR_FALSE);    return 0;}intSECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level){    PRArenaPool *arena = NULL;    SECKEYEncryptedPrivateKeyInfo key;    int rv;    PORT_Memset(&key, 0, sizeof(key));    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);    if (!arena)	return SEC_ERROR_NO_MEMORY;    rv = SEC_ASN1DecodeItem(arena, &key, SECKEY_EncryptedPrivateKeyInfoTemplate,			    der);    if (rv) {	PORT_FreeArena(arena, PR_TRUE);	return rv;    }    /* Pretty print it out */    SECU_Indent(out, level); fprintf(out, "%s:\n", m);    SECU_PrintAlgorithmID(out, &key.algorithm, "Encryption Algorithm", 			  level+1);    SECU_PrintAsHex(out, &key.encryptedData, "Encrypted Data", level+1);    PORT_FreeArena(arena, PR_TRUE);    return 0;}intSECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m, int level){    char fingerprint[20];    char *fpStr = NULL;    SECItem fpItem;    /* print MD5 fingerprint */    memset(fingerprint, 0, sizeof fingerprint);    MD5_HashBuf(fingerprint, derCert->data, derCert->len);    fpItem.data = fingerprint;    fpItem.len = MD5_LENGTH;    fpStr = CERT_Hexify(&fpItem, 1);    SECU_Indent(out, level);  fprintf(out, "%s (MD5):\n", m);    SECU_Indent(out, level+1); fprintf(out, "%s\n", fpStr);    PORT_Free(fpStr);    fpStr = NULL;    /* print SHA1 fingerprint */    memset(fingerprint, 0, sizeof fingerprint);    SHA1_HashBuf(fingerprint, derCert->data, derCert->len);    fpItem.data = fingerprint;    fpItem.len = SHA1_LENGTH;    fpStr = CERT_Hexify(&fpItem, 1);    SECU_Indent(out, level);  fprintf(out, "%s (SHA1):\n", m);    SECU_Indent(out, level+1); fprintf(out, "%s\n", fpStr);    PORT_Free(fpStr);	fprintf(out, "\n");    return 0;}/*** PKCS7 Support*//* forward declaration */static intsecu_PrintPKCS7ContentInfo(FILE *, SEC_PKCS7ContentInfo *, char *, int);/*** secu_PrintPKCS7EncContent**   Prints a SEC_PKCS7EncryptedContentInfo (without decrypting it)*/static voidsecu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src, 			  char *m, int level){    if (src->contentTypeTag == NULL)	src->contentTypeTag = SECOID_FindOID(&(src->contentType));    SECU_Indent(out, level);    fprintf(out, "%s:\n", m);    SECU_Indent(out, level + 1);     fprintf(out, "Content Type: %s\n",	    (src->contentTypeTag != NULL) ? src->contentTypeTag->desc					  : "Unknown");    SECU_PrintAlgorithmID(out, &(src->contentEncAlg),			  "Content Encryption Algorithm", level+1);    SECU_PrintAsHex(out, &(src->encContent), 		    "Encrypted Content", level+1);}/*** secu_PrintRecipientInfo**   Prints a PKCS7RecipientInfo type*/static voidsecu_PrintRecipientInfo(FILE *out, SEC_PKCS7RecipientInfo *info, char *m, 			int level){    SECU_Indent(out, level); fprintf(out, "%s:\n", m);    SECU_PrintInteger(out, &(info->version), "Version", level + 1);	    SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer", 		 level + 1);    SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber), 		      "Serial Number", level + 1);    /* Parse and display encrypted key */    SECU_PrintAlgorithmID(out, &(info->keyEncAlg), 			"Key Encryption Algorithm", level + 1);    SECU_PrintAsHex(out, &(info->encKey), "Encrypted Key", level + 1);}/* ** secu_PrintSignerInfo**   Prints a PKCS7SingerInfo type*/static voidsecu_PrintSignerInfo(FILE *out, SEC_PKCS7SignerInfo *info, char *m, int level){    SEC_PKCS7Attribute *attr;    int iv;    char om[100];        SECU_Indent(out, level); fprintf(out, "%s:\n", m);    SECU_PrintInteger(out, &(info->version), "Version", level + 1);	    SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer", 		 level + 1);    SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber), 		      "Serial Number", level + 1);      SECU_PrintAlgorithmID(out, &(info->digestAlg), "Digest Algorithm",			  level + 1);        if (info->authAttr != NULL) {	SECU_Indent(out, level + 1); 	fprintf(out, "Authenticated Attributes:\n");	iv = 0;	while ((attr = info->authAttr[iv++]) != NULL) {	    sprintf(om, "Attribute (%d)", iv); 	    secu_PrintAttribute(out, attr, om, level + 2);	}    }        /* Parse and display signature */    SECU_PrintAlgorithmID(out, &(info->digestEncAlg), 			"Digest Encryption Algorithm", level + 1);    SECU_PrintAsHex(out, &(info->encDigest), "Encrypted Digest", level + 1);        if (info->unAuthAttr != NULL) {	SECU_Indent(out, level + 1); 	fprintf(out, "Unauthenticated Attributes:\n");	iv = 0;	while ((attr = info->unAuthAttr[iv++]) != NULL) {	    sprintf(om, "Attribute (%x)", iv); 	    secu_PrintAttribute(out, attr, om, level + 2);	}    }}voidSECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level){    CERTCrlEntry *entry;    int iv;    char om[100];        SECU_Indent(out, level); fprintf(out, "%s:\n", m);    SECU_PrintAlgorithmID(out, &(crl->signatureAlg), "Signature Algorithm",			  level + 1);    SECU_PrintName(out, &(crl->name), "Name", level + 1);    SECU_PrintUTCTime(out, &(crl->lastUpdate), "Last Update", level + 1);    SECU_PrintUTCTime(out, &(crl->nextUpdate), "Next Update", level + 1);        if (crl->entries != NULL) {	iv = 0;	while ((entry = crl->entries[iv++]) != NULL) {	    sprintf(om, "Entry (%x):\n", iv); 	    SECU_Indent(out, level + 1); fprintf(out, om);	    SECU_PrintInteger(out, &(entry->serialNumber), "Serial Number",			      level + 2);	    SECU_PrintUTCTime(out, &(entry->revocationDate), "Revocation Date",			      level + 2);	    SECU_PrintExtensions		   (out, entry->extensions, "Signed CRL Entries Extensions", level + 1);	}    }    SECU_PrintExtensions	   (out, crl->extensions, "Signed CRL Extension", level + 1);}/*** secu_PrintPKCS7Signed**   Pretty print a PKCS7 signed data type (up to version 1).*/static intsecu_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src, char *m, int level){    SECAlgorithmID *digAlg;		/* digest algorithms */    SECItem *aCert;			/* certificate */    CERTSignedCrl *aCrl;		/* certificate revocation list */    SEC_PKCS7SignerInfo *sigInfo;	/* signer information */    int rv, iv;    char om[100];    SECU_Indent(out, level); fprintf(out, "%s:\n", m);    SECU_PrintInteger(out, &(src->version), "Version", level + 1);    /* Parse and list digest algorithms (if any) */    if (src->digestAlgorithms != NULL) {	SECU_Indent(out, level + 1);  fprintf(out, "Digest Algorithm List:\n");	iv = 0;	while ((digAlg = src->digestAlgorithms[iv++]) != NULL) {	    sprintf(om, "Digest Algorithm (%x)", iv);	    SECU_PrintAlgorithmID(out, digAlg, om, level + 2);	}    }    /* Now for the content */    rv = secu_PrintPKCS7ContentInfo(out, &(src->contentInfo), 				    "Content Information", level + 1);    if (rv != 0)	return rv;    /* Parse and list certificates (if any) */    if (src->rawCerts != NULL) {	SECU_Indent(out, level + 1);  fprintf(out, "Certificate List:\n");	iv = 0;	while ((aCert = src->rawCerts[iv++]) != NULL) {	    sprintf(om, "Certificate (%x)", iv);	    rv = SECU_PrintSignedData(out, aCert, om, level + 2, 				      SECU_PrintCertificate);	    if (rv)		return rv;	}    }    /* Parse and list CRL's (if any) */    if (src->crls != NULL) {	SECU_Indent(out, level + 1);  	fprintf(out, "Signed Revocation Lists:\n");	iv = 0;	while ((aCrl = src->crls[iv++]) != NULL) {	    sprintf(om, "Signed Revocation List (%x)", iv);	    SECU_Indent(out, level + 2);  fprintf(out, "%s:\n", om);	    SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm, 				  "Signature Algorithm", level+3);	    DER_ConvertBitString(&aCrl->signatureWrap.signature);	    SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature",			    level+3);	    SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List", 			  level + 3); 	}    }    /* Parse and list signatures (if any) */    if (src->signerInfos != NULL) {	SECU_Indent(out, level + 1);	fprintf(out, "Signer Information List:\n");	iv = 0;	while ((sigInfo = src->signerInfos[iv++]) != NULL) {	    sprintf(om, "Signer Information (%x)", iv);	    secu_PrintSignerInfo(out, sigInfo, om, level + 2);	}    }      return 0;}/*** secu_PrintPKCS7Enveloped**  Pretty print a PKCS7 enveloped data type (up to version 1).*/static voi
上一页 1 2 3 45
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -