📄 certutil.c
字号:
/****************************************************************************
* *
* cryptlib Certificate Utility Routines *
* Copyright Peter Gutmann 1997-2002 *
* *
****************************************************************************/
#ifdef _MSC_VER
#include "../cryptlib.h"
#include "test.h"
#else
#include "cryptlib.h"
#include "test/test.h"
#endif /* Braindamaged MSC include handling */
/* Define the following to build a standalone cert utility program. Note
that the code for the standalone version exists only as a debugging tool
which is intended for use during cryptlib development. It isn't kept in
sync with every new code release, and its use is not supported */
/* #define STANDALONE_PROGRAM /**/
/* Define the following to wrap the main() function in the standalone program
with a simple wrapper which tests various options */
/* #define WRAP_STANDALONE /**/
/* Generic I/O buffer size. This has to be of a reasonable size so we can
handle cert chains */
#if defined( __MSDOS__ ) && defined( __TURBOC__ )
#define BUFFER_SIZE 3072
#else
#define BUFFER_SIZE 8192
#endif /* __MSDOS__ && __TURBOC__ */
/* Various useful types */
#define BOOLEAN int
#define BYTE unsigned char
#ifndef TRUE
#define FALSE 0
#define TRUE !FALSE
#endif /* TRUE */
/* There are a few OS's broken enough not to define the standard exit codes
(SunOS springs to mind) so we define some sort of equivalent here just
in case */
#ifndef EXIT_SUCCESS
#define EXIT_SUCCESS 0
#define EXIT_FAILURE !EXIT_SUCCESS
#endif /* EXIT_SUCCESS */
/****************************************************************************
* *
* Utility Routines *
* *
****************************************************************************/
/* Import a certificate object */
int importCertFile( CRYPT_CERTIFICATE *cryptCert, const char *fileName )
{
FILE *filePtr;
BYTE buffer[ BUFFER_SIZE ];
int count;
if( ( filePtr = fopen( fileName, "rb" ) ) == NULL )
return( CRYPT_ERROR_OPEN );
count = fread( buffer, 1, BUFFER_SIZE, filePtr );
fclose( filePtr );
if( count == BUFFER_SIZE ) /* Item too large for buffer */
return( CRYPT_ERROR_OVERFLOW );
/* Import the certificate */
return( cryptImportCert( buffer, count, CRYPT_UNUSED, cryptCert ) );
}
int importCertFromTemplate( CRYPT_CERTIFICATE *cryptCert,
const char *template, const int number )
{
BYTE buffer[ BUFFER_SIZE ];
filenameFromTemplate( buffer, template, number );
return( importCertFile( cryptCert, buffer ) );
}
/* Get a line of text from the user */
static void getText( char *input, const char *prompt )
{
printf( "Enter %s: ", prompt );
fflush( stdout );
fgets( input, CRYPT_MAX_TEXTSIZE - 1, stdin );
putchar( '\n' );
}
/* Read a key from a key file */
int getPublicKey( CRYPT_CONTEXT *cryptContext, const char *keysetName,
const char *keyName )
{
CRYPT_KEYSET cryptKeyset;
int status;
/* Read the key from the keyset */
status = cryptKeysetOpen( &cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE,
keysetName, CRYPT_KEYOPT_READONLY );
if( cryptStatusError( status ) )
return( status );
status = cryptGetPublicKey( cryptKeyset, cryptContext, CRYPT_KEYID_NAME,
keyName );
cryptKeysetClose( cryptKeyset );
return( status );
}
int getPrivateKey( CRYPT_CONTEXT *cryptContext, const char *keysetName,
const char *keyName, const char *password )
{
CRYPT_KEYSET cryptKeyset;
int status;
/* Read the key from the keyset */
status = cryptKeysetOpen( &cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE,
keysetName, CRYPT_KEYOPT_READONLY );
if( cryptStatusError( status ) )
return( status );
status = cryptGetPrivateKey( cryptKeyset, cryptContext, CRYPT_KEYID_NAME,
keyName, password );
if( status == CRYPT_ERROR_WRONGKEY )
{
char passwordBuffer[ CRYPT_MAX_TEXTSIZE ];
/* We need a password for this private key, get it from the user and
get the key again */
getText( passwordBuffer, "private key password" );
status = cryptGetPrivateKey( cryptKeyset, cryptContext,
CRYPT_KEYID_NAME, keyName,
passwordBuffer );
}
cryptKeysetClose( cryptKeyset );
return( status );
}
/* Print extended certificate error information */
void printCertErrorInfo( const CRYPT_CERTIFICATE certificate )
{
int errorType, errorLocus;
int status;
status = cryptGetAttribute( certificate, CRYPT_ATTRIBUTE_ERRORTYPE,
&errorType );
cryptGetAttribute( certificate, CRYPT_ATTRIBUTE_ERRORLOCUS, &errorLocus );
if( cryptStatusOK( status ) && errorType != CRYPT_ERRTYPE_NONE )
printf( "Error info attributes report locus %d, type %d.\n",
errorLocus, errorType );
}
/* Print extended object error information */
void printExtError( const CRYPT_HANDLE cryptHandle,
const char *functionName, const int functionStatus,
const int lineNo )
{
char errorMessage[ 512 ];
int errorCode, errorMessageLength, status, msgStatus;
printf( "%s failed with error code %d, line %d.\n", functionName,
functionStatus, lineNo );
status = cryptGetAttribute( cryptHandle, CRYPT_ATTRIBUTE_INT_ERRORCODE,
&errorCode );
msgStatus = cryptGetAttributeString( cryptHandle,
CRYPT_ATTRIBUTE_INT_ERRORMESSAGE,
errorMessage, &errorMessageLength );
if( cryptStatusError( status ) )
{
printf( "Read of error attributes failed with error code %d, "
"line %d.\n", status, __LINE__ );
return;
}
if( !errorCode && cryptStatusError( msgStatus ) )
{
puts( " No extended error information available." );
return;
}
printf( " Extended error code = %d (0x%X)", errorCode, errorCode );
if( cryptStatusOK( msgStatus ) )
{
errorMessage[ errorMessageLength ] = '\0';
printf( ", error message = %s'%s'.\n",
( errorMessageLength > 40 ) ? "\n " : "", errorMessage );
}
else
puts( "." );
}
/* Exit with an error message. attrErrorExit() prints the locus and type,
extErrorExit() prints the extended error code and message */
BOOLEAN attrErrorExit( const CRYPT_HANDLE cryptHandle,
const char *functionName, const int errorCode,
const int lineNumber )
{
printf( "%s failed with error code %d, line %d.\n", functionName,
errorCode, lineNumber );
printCertErrorInfo( cryptHandle );
return( FALSE );
}
BOOLEAN extErrorExit( const CRYPT_HANDLE cryptHandle,
const char *functionName, const int errorCode,
const int lineNumber )
{
printExtError( cryptHandle, functionName, errorCode, lineNumber );
return( FALSE );
}
/* Add a collection of fields to a certificate */
int addCertFields( const CRYPT_CERTIFICATE certificate,
const CERT_DATA *certData )
{
int i;
for( i = 0; certData[ i ].type != CRYPT_ATTRIBUTE_NONE; i++ )
{
int status;
if( certData[ i ].componentType == IS_NUMERIC )
{
status = cryptSetAttribute( certificate,
certData[ i ].type, certData[ i ].numericValue );
if( cryptStatusError( status ) )
printf( "cryptSetAttribute() for field ID %d, value %d, "
"failed with error code %d, line %d.\n",
certData[ i ].type, certData[ i ].numericValue,
status, __LINE__ );
}
else
if( certData[ i ].componentType == IS_STRING )
{
status = cryptSetAttributeString( certificate,
certData[ i ].type, certData[ i ].stringValue,
strlen( certData[ i ].stringValue ) );
if( cryptStatusError( status ) )
printf( "cryptSetAttributeString() for field ID %d,\n"
"value '%s', failed with error code %d, line %d.\n",
certData[ i ].type, certData[ i ].stringValue,
status, __LINE__ );
}
else
{
status = cryptSetAttributeString( certificate,
certData[ i ].type, &certData[ i ].timeValue,
sizeof( time_t ) );
if( cryptStatusError( status ) )
printf( "cryptSetAttributeString() for field ID %d,\n"
"value '%ld', failed with error code %d, line %d.\n",
certData[ i ].type, certData[ i ].timeValue,
status, __LINE__ );
}
if( cryptStatusError( status ) )
{
printCertErrorInfo( certificate );
return( FALSE );
}
}
return( TRUE );
}
/* Populate a key database with the contents of a directory. This is a
rather OS-specific utility function for setting up test databases which
only works under Win32 */
#if defined( _MSC_VER ) && defined( _WIN32 )
void loadCertificates( void )
{
WIN32_FIND_DATA findData;
HANDLE searchHandle;
searchHandle = FindFirstFile( "d:/tmp/certs/*.der", &findData );
if( searchHandle == INVALID_HANDLE_VALUE )
return;
do
{
CRYPT_CERTIFICATE cryptCert;
int status;
printf( "Adding cert %s.\n", findData.cFileName );
status = importCertFile( &cryptCert, findData.cFileName );
if( cryptStatusOK( status ) )
{
cryptDestroyCert( cryptCert );
}
}
while( FindNextFile( searchHandle, &findData ) );
FindClose( searchHandle );
}
#endif /* Win32 */
/* Write an object to a file for debugging purposes */
#ifdef _MSC_VER
#include <direct.h>
#include <io.h>
#endif /* VC++ */
void debugDump( const char *fileName, const void *data, const int dataLength )
{
FILE *filePtr;
char fileNameBuffer[ 128 ];
const int length = strlen( fileName );
#if defined( _MSC_VER )
if( access( "d:/tmp/", 6 ) == -1 )
mkdir( "d:/tmp" );
strcpy( fileNameBuffer, "d:/tmp/" );
#elif defined( __UNIX__ )
strcpy( fileNameBuffer, "/tmp/" );
#else
fileNameBuffer[ 0 ] = '\0';
#endif /* OS-specific paths */
strcat( fileNameBuffer, fileName );
if( length <= 3 || fileName[ length - 4 ] != '.' )
strcat( fileNameBuffer, ".der" );
#if defined( __VMCMS__ )
{
char formatBuffer[ 32 ];
sprintf( formatBuffer, "wb, recfm=F, lrecl=%d, noseek", dataLength );
filePtr = fopen( fileNameBuffer, formatBuffer );
}
if( filePtr == NULL )
#else
if( ( filePtr = fopen( fileNameBuffer, "wb" ) ) == NULL )
#endif /* __VMCMS__ */
return;
fwrite( data, dataLength, 1, filePtr );
fclose( filePtr );
}
/****************************************************************************
* *
* Certificate Dump Routines *
* *
****************************************************************************/
/* Print a hex string */
static void printHex( const BYTE *value, const int length )
{
int i;
for( i = 0; i < length; i++ )
{
if( i )
putchar( ' ' );
printf( "%02X", value[ i ] );
}
puts( "." );
}
/* Print a DN */
static void printDN( const CRYPT_CERTIFICATE certificate )
{
char buffer[ 1024 + 1 ];
int length, status;
status = cryptGetAttributeString( certificate,
CRYPT_CERTINFO_DN, buffer, &length );
if( cryptStatusOK( status ) )
{ buffer[ length ] = '\0'; printf( " DN string = %s.\n", buffer ); }
status = cryptGetAttributeString( certificate,
CRYPT_CERTINFO_COUNTRYNAME, buffer, &length );
if( cryptStatusOK( status ) )
{ buffer[ length ] = '\0'; printf( " C = %s.\n", buffer ); }
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -