📄 certutil.c

📁 支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509v3证书等安全协议或标准的开发库编译用到NSPR
💻 C
📖 第 1 页 / 共 5 页
字号:
	PR_fprintf(outFile, "State: %s\n", state);	PR_fprintf(outFile, "Country: %s\n\n", country);	PR_fprintf(outFile, "%s\n", NS_CERTREQ_HEADER);	numBytes = PR_Write(outFile, obuf, total);	if (numBytes != total) {	    SECU_PrintSystemError(progName, "write error");	    return SECFailure;	}	PR_fprintf(outFile, "%s\n", NS_CERTREQ_TRAILER);    } else {	numBytes = PR_Write(outFile, result.data, result.len);	if (numBytes != (int)result.len) {	    SECU_PrintSystemError(progName, "write error");	    return SECFailure;	}    }    return SECSuccess;}static SECStatus ChangeTrustAttributes(CERTCertDBHandle *handle, char *name, char *trusts){    SECStatus rv;    CERTCertificate *cert;    CERTCertTrust *trust;        cert = CERT_FindCertByNicknameOrEmailAddr(handle, name);    if (!cert) {	SECU_PrintError(progName, "could not find certificate named \"%s\"",			name);	return SECFailure;    }    trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust));    if (!trust) {	SECU_PrintError(progName, "unable to allocate cert trust");	return SECFailure;    }    /* This function only decodes these characters: pPwcTCu, */    rv = CERT_DecodeTrustString(trust, trusts);    if (rv) {	SECU_PrintError(progName, "unable to decode trust string");	return SECFailure;    }    rv = CERT_ChangeCertTrust(handle, cert, trust);    if (rv) {	SECU_PrintError(progName, "unable to modify trust attributes");	return SECFailure;    }    return SECSuccess;}static SECStatusprintCertCB(CERTCertificate *cert, void *arg){    SECStatus rv;    SECItem data;        data.data = cert->derCert.data;    data.len = cert->derCert.len;    rv = SECU_PrintSignedData(stdout, &data, "Certificate", 0,			      SECU_PrintCertificate);    if (rv) {	SECU_PrintError(progName, "problem printing certificate");	return(SECFailure);    }    SECU_PrintTrustFlags(stdout, &cert->dbEntry->trust,			 "Certificate Trust Flags", 1);    printf("\n");    return(SECSuccess);}static SECStatuslistCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot,          PRBool raw, PRBool ascii, PRFileDesc *outfile, void *pwarg){    CERTCertificate *cert;    SECItem data;    PRInt32 numBytes;    SECStatus rv;    /* For now, split handling of slot to internal vs. other.  slot should     * probably be allowed to be NULL so that all slots can be listed.     * In that case, need to add a call to PK11_TraverseSlotCerts().     */    if (PK11_IsInternal(slot)) {	if (name == NULL) {	    /* Print all certs in internal slot db. */	    rv = SECU_PrintCertificateNames(handle, PR_STDOUT, 	                                    PR_FALSE, PR_TRUE);	    if (rv) {		SECU_PrintError(progName, 		                "problem printing certificate nicknames");		return SECFailure;	    }	} else if (raw || ascii) {	    /* Dump binary or ascii DER for the cert to stdout. */	    cert = CERT_FindCertByNicknameOrEmailAddr(handle, name);	    if (!cert) {		SECU_PrintError(progName,		               "could not find certificate named \"%s\"", name);		return SECFailure;	    }	    data.data = cert->derCert.data;	    data.len = cert->derCert.len;	    if (ascii) {		PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER, 		        BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER);	    } else if (raw) {	        numBytes = PR_Write(outfile, data.data, data.len);	        if (numBytes != data.len) {		    SECU_PrintSystemError(progName, "error writing raw cert");		    return SECFailure;		}	    }	} else {	    /* Pretty-print cert. */	    rv = CERT_TraversePermCertsForNickname(handle, name, printCertCB,	                                           NULL);	}    } else {	/* List certs on a non-internal slot. */	if (PK11_NeedLogin(slot))	    PK11_Authenticate(slot, PR_TRUE, pwarg);	rv = PK11_TraverseCertsInSlot(slot, SECU_PrintCertNickname, stdout);	if (rv) {	    SECU_PrintError(progName, "problem printing certificate nicknames");	    return SECFailure;	}    }    return SECSuccess;	/* not rv ?? */}static SECStatusListCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot,          PRBool raw, PRBool ascii, PRFileDesc *outfile, char *passFile){    SECStatus rv;    secuPWData pwdata = { PW_NONE, 0 };    if (passFile) {        pwdata.source = PW_FROMFILE;        pwdata.data = passFile;    }    if (slot == NULL) {	PK11SlotList *list;	PK11SlotListElement *le;	list= PK11_GetAllTokens(CKM_INVALID_MECHANISM,						PR_FALSE,PR_FALSE,&pwdata);	if (list) for (le = list->head; le; le = le->next) {	    rv = listCerts(handle,name,le->slot,raw,ascii,outfile,&pwdata);	}    } else {	rv = listCerts(handle,name,slot,raw,ascii,outfile,&pwdata);    }    return rv;}static SECStatus DeleteCert(CERTCertDBHandle *handle, char *name){    SECStatus rv;    CERTCertificate *cert;    cert = CERT_FindCertByNicknameOrEmailAddr(handle, name);    if (!cert) {	SECU_PrintError(progName, "could not find certificate named \"%s\"",			name);	return SECFailure;    }    rv = SEC_DeletePermCertificate(cert);    if (rv) {	SECU_PrintError(progName, "unable to delete certificate");	return SECFailure;    }    return SECSuccess;}static SECStatusValidateCert(CERTCertDBHandle *handle, char *name, char *date,	     char *certUsage, PRBool checkSig, PRBool logit){    SECStatus rv;    CERTCertificate *cert;    int64 timeBoundary;    SECCertUsage usage;    CERTVerifyLog reallog;    CERTVerifyLog *log = NULL;        switch (*certUsage) {	case 'C':	    usage = certUsageSSLClient;	    break;	case 'V':	    usage = certUsageSSLServer;	    break;	case 'S':	    usage = certUsageEmailSigner;	    break;	case 'R':	    usage = certUsageEmailRecipient;	    break;	default:	    PORT_SetError (SEC_ERROR_INVALID_ARGS);	    return (SECFailure);    }    do {	cert = CERT_FindCertByNicknameOrEmailAddr(handle, name);	if (!cert) {	    SECU_PrintError(progName, "could not find certificate named \"%s\"",			    name);	    GEN_BREAK (SECFailure)	}	if (date != NULL) {	    rv = DER_AsciiToTime(&timeBoundary, date);	    if (rv) {		SECU_PrintError(progName, "invalid input date");		GEN_BREAK (SECFailure)	    }	} else {	    timeBoundary = PR_Now();	}	if ( logit ) {	    log = &reallog;	    	    log->count = 0;	    log->head = NULL;	    log->tail = NULL;	    log->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);	    if ( log->arena == NULL ) {		SECU_PrintError(progName, "out of memory");		GEN_BREAK (SECFailure)	    }	} 	rv = CERT_VerifyCert(handle, cert, checkSig, usage,			     timeBoundary, NULL, log);	if ( log ) {	    if ( log->head == NULL ) {		fprintf(stdout, "%s: certificate is valid\n", progName);		GEN_BREAK (SECSuccess)	    } else {		char *name;		CERTVerifyLogNode *node;				node = log->head;		while ( node ) {		    if ( node->cert->nickname != NULL ) {			name = node->cert->nickname;		    } else {			name = node->cert->subjectName;		    }		    fprintf(stderr, "%s : %s\n", name, 		    	SECU_Strerror(node->error));		    CERT_DestroyCertificate(node->cert);		    node = node->next;		}	    }	} else {	    if (rv != SECSuccess) {		PRErrorCode perr = PORT_GetError();		fprintf(stdout, "%s: certificate is invalid: %s\n",			progName, SECU_Strerror(perr));		GEN_BREAK (SECFailure)	    }	    fprintf(stdout, "%s: certificate is valid\n", progName);	    GEN_BREAK (SECSuccess)	}    } while (0);    return (rv);}SECKEYLowPrivateKey*GetPrivKeyFromNickname(char *nickname){    /* check if key actually exists */    if (SECU_CheckKeyNameExists(NULL, nickname) == PR_FALSE) {	SECU_PrintError(progName, "the key \"%s\" does not exist", nickname);	return NULL;    }    /* Read in key */    return SECU_GetPrivateKey(NULL, nickname);}static SECStatusDumpPublicKey(int dbindex, char *nickname, FILE *out){    SECKEYLowPrivateKey *privKey;    SECKEYLowPublicKey *publicKey;    if (dbindex) {	/*privKey = secu_GetPrivKeyFromIndex(dbindex);*/    } else {	privKey = GetPrivKeyFromNickname(nickname);    }    publicKey = SECKEY_LowConvertToPublicKey(privKey);    /* Output public key (in the clear) */    switch(publicKey->keyType) {      case rsaKey:	fprintf(out, "RSA Public-Key:\n");	SECU_PrintInteger(out, &publicKey->u.rsa.modulus, "modulus", 1);	SECU_PrintInteger(out, &publicKey->u.rsa.publicExponent,			  "publicExponent", 1);	break;      case dsaKey:	fprintf(out, "DSA Public-Key:\n");	SECU_PrintInteger(out, &publicKey->u.dsa.params.prime, "prime", 1);	SECU_PrintInteger(out, &publicKey->u.dsa.params.subPrime,			  "subPrime", 1);	SECU_PrintInteger(out, &publicKey->u.dsa.params.base, "base", 1);	SECU_PrintInteger(out, &publicKey->u.dsa.publicValue, "publicValue", 1);	break;      default:	fprintf(out, "unknown key type\n");	break;    }    return SECSuccess;}static SECStatusDumpPrivateKey(int dbindex, char *nickname, FILE *out){    SECKEYLowPrivateKey *key;    if (dbindex) {	/*key = secu_GetPrivKeyFromIndex(dbindex);*/    } else {	key = GetPrivKeyFromNickname(nickname);    }    switch(key->keyType) {      case rsaKey:	fprintf(out, "RSA Private-Key:\n");	SECU_PrintInteger(out, &key->u.rsa.modulus, "modulus", 1);	SECU_PrintInteger(out, &key->u.rsa.publicExponent, "publicExponent", 1);	SECU_PrintInteger(out, &key->u.rsa.privateExponent,			  "privateExponent", 1);	SECU_PrintInteger(out, &key->u.rsa.prime1, "prime1", 1);	SECU_PrintInteger(out, &key->u.rsa.prime2, "prime2", 1);	SECU_PrintInteger(out, &key->u.rsa.exponent1, "exponent2", 1);	SECU_PrintInteger(out, &key->u.rsa.exponent2, "exponent2", 1);	SECU_PrintInteger(out, &key->u.rsa.coefficient, "coefficient", 1);	break;      case dsaKey:	fprintf(out, "DSA Private-Key:\n");	SECU_PrintInteger(out, &key->u.dsa.params.prime, "prime", 1);	SECU_PrintInteger(out, &key->u.dsa.params.subPrime, "subPrime", 1);	SECU_PrintInteger(out, &key->u.dsa.params.base, "base", 1);	SECU_PrintInteger(out, &key->u.dsa.publicValue, "publicValue", 1);	SECU_PrintInteger(out, &key->u.dsa.privateValue, "privateValue", 1);	break;      default:	fprintf(out, "unknown key type\n");	break;    }    return SECSuccess;}static SECStatusprintKeyCB(SECKEYPublicKey *key, SECItem *data, void *arg){    if (key->keyType == rsaKey) {	fprintf(stdout, "RSA Public-Key:\n");	SECU_PrintInteger(stdout, &key->u.rsa.modulus, "modulus", 1);    } else {	fprintf(stdout, "DSA Public-Key:\n");	SECU_PrintInteger(stdout, &key->u.dsa.publicValue, "publicValue", 1);    }    return SECSuccess;}/* callback for listing certs through pkcs11 */SECStatussecu_PrintKeyFromCert(CERTCertificate *cert, void *data){    FILE *out;    char *name;    SECKEYPublicKey *key;    out = (FILE *)data;    key = CERT_ExtractPublicKey(cert);    if (!key) {	fprintf(out, "XXX could not extract key for %s.\n", cert->nickname);	return SECFailure;    }    /* XXX should have a type field also */    fprintf(out, "<%d> %s\n", 0, cert->nickname);    return SECSuccess;}static SECStatuslistKeys(PK11SlotInfo *slot, KeyType keyType, void *pwarg){    SECStatus rv = SECSuccess;    if (PK11_IsInternal(slot)) {	/* Print all certs in internal slot db. */	rv = SECU_PrintKeyNames(SECKEY_GetDefaultKeyDB(), stdout);	if (rv) {	    SECU_PrintError(progName, "problem listing keys");	    return SECFailure;	}    } else {	/* XXX need a function as below */	/* could iterate over certs on slot and print keys */	/* this would miss stranded keys */    /*rv = PK11_TraverseSlotKeys(slotname, keyType, printKeyCB, NULL, NULL);*/	if (PK11_NeedLogin(slot))	    PK11_Authenticate(slot, PR_TRUE, pwarg);	rv = PK11_TraverseCertsInSlot(slot, secu_PrintKeyFromCert, stdout);	if (rv) {	    SECU_PrintError(progName, "problem listing keys");	    return SECFailure;	}	return SECFailure;    }    return rv;}static SECStatusListKeys(PK11SlotInfo *slot, char *keyname, int index,          KeyType keyType, PRBool dopriv, char *passFile){    SECStatus rv = SECSuccess;    secuPWData pwdata = { PW_NONE, 0 };    if (passFile) {        pwdata.source = PW_FROMFILE;        pwdata.data = passFile;    }    if (keyname) {	if (dopriv) {	    return DumpPrivateKey(index, keyname, stdout);	} else {	    return DumpPublicKey(index, keyname, stdout);	}    }
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -