OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | 4 |
5 #include "seccomon.h" | 5 #include "seccomon.h" |
6 #include "nss.h" | 6 #include "nss.h" |
7 #include "key.h" | 7 #include "key.h" |
8 #include "cert.h" | 8 #include "cert.h" |
9 #include "pk11func.h" | 9 #include "pk11func.h" |
10 #include "secmod.h" | 10 #include "secmod.h" |
11 #include "cmmf.h" | 11 #include "cmmf.h" |
12 #include "crmf.h" | 12 #include "crmf.h" |
13 #include "base64.h" | 13 #include "base64.h" |
14 #include "secasn1.h" | 14 #include "secasn1.h" |
15 #include "cryptohi.h" | 15 #include "cryptohi.h" |
16 #include <string.h> | 16 #include <string.h> |
17 #include <stdlib.h> | 17 #include <stdlib.h> |
18 #include <stdio.h> | 18 #include <stdio.h> |
19 | 19 |
20 #define DEFAULT_ALLOC_SIZE 200 | 20 #define DEFAULT_ALLOC_SIZE 200 |
21 #define DEFAULT_CGI_VARS 20 | 21 #define DEFAULT_CGI_VARS 20 |
22 | 22 |
23 typedef struct CGIVariableStr { | 23 typedef struct CGIVariableStr { |
24 char *name; | 24 char *name; |
25 char *value; | 25 char *value; |
26 } CGIVariable; | 26 } CGIVariable; |
27 | 27 |
28 typedef struct CGIVarTableStr { | 28 typedef struct CGIVarTableStr { |
29 CGIVariable **variables; | 29 CGIVariable **variables; |
30 int numVars; | 30 int numVars; |
31 int numAlloc;· | 31 int numAlloc; |
32 } CGIVarTable; | 32 } CGIVarTable; |
33 | 33 |
34 typedef struct CertResponseInfoStr { | 34 typedef struct CertResponseInfoStr { |
35 CERTCertificate *cert; | 35 CERTCertificate *cert; |
36 long certReqID; | 36 long certReqID; |
37 } CertResponseInfo; | 37 } CertResponseInfo; |
38 | 38 |
39 typedef struct ChallengeCreationInfoStr { | 39 typedef struct ChallengeCreationInfoStr { |
40 long random; | 40 long random; |
41 SECKEYPublicKey *pubKey; | 41 SECKEYPublicKey *pubKey; |
42 } ChallengeCreationInfo; | 42 } ChallengeCreationInfo; |
43 | 43 |
44 char *missingVar = NULL; | 44 char *missingVar = NULL; |
45 | 45 |
46 /* | 46 /* |
47 * Error values. | 47 * Error values. |
48 */ | 48 */ |
49 typedef enum { | 49 typedef enum { |
50 NO_ERROR = 0, | 50 NO_ERROR = 0, |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
94 ERROR_CONVERTING_CHALL_TO_BASE64, | 94 ERROR_CONVERTING_CHALL_TO_BASE64, |
95 ERROR_CONVERTING_RESP_FROM_CHALL_TO_BIN, | 95 ERROR_CONVERTING_RESP_FROM_CHALL_TO_BIN, |
96 ERROR_CREATING_KEY_RESP_FROM_DER, | 96 ERROR_CREATING_KEY_RESP_FROM_DER, |
97 ERROR_RETRIEVING_CLIENT_RESPONSE_TO_CHALLENGE, | 97 ERROR_RETRIEVING_CLIENT_RESPONSE_TO_CHALLENGE, |
98 ERROR_RETURNED_CHALL_NOT_VALUE_EXPECTED, | 98 ERROR_RETURNED_CHALL_NOT_VALUE_EXPECTED, |
99 ERROR_GETTING_KEY_ENCIPHERMENT, | 99 ERROR_GETTING_KEY_ENCIPHERMENT, |
100 ERROR_NO_POP_FOR_PRIVKEY, | 100 ERROR_NO_POP_FOR_PRIVKEY, |
101 ERROR_UNSUPPORTED_POPOPRIVKEY_TYPE | 101 ERROR_UNSUPPORTED_POPOPRIVKEY_TYPE |
102 } ErrorCode; | 102 } ErrorCode; |
103 | 103 |
104 const char * | 104 const char *CGITableFindValue(CGIVarTable *varTable, const char *key); |
105 CGITableFindValue(CGIVarTable *varTable, const char *key); | |
106 | 105 |
107 void | 106 void spitOutHeaders(void) { printf("Content-type: text/html\n\n"); } |
108 spitOutHeaders(void) | |
109 { | |
110 printf("Content-type: text/html\n\n"); | |
111 } | |
112 | 107 |
113 void | 108 void dumpRequest(CGIVarTable *varTable) { |
114 dumpRequest(CGIVarTable *varTable) | |
115 { | |
116 int i; | 109 int i; |
117 CGIVariable *var; | 110 CGIVariable *var; |
118 | 111 |
119 printf ("<table border=1 cellpadding=1 cellspacing=1 width=\"100%%\">\n"); | 112 printf("<table border=1 cellpadding=1 cellspacing=1 width=\"100%%\">\n"); |
120 printf ("<tr><td><b><center>Variable Name<center></b></td>" | 113 printf( |
121 "<td><b><center>Value</center></b></td></tr>\n"); | 114 "<tr><td><b><center>Variable Name<center></b></td>" |
122 for (i=0; i<varTable->numVars; i++) { | 115 "<td><b><center>Value</center></b></td></tr>\n"); |
| 116 for (i = 0; i < varTable->numVars; i++) { |
123 var = varTable->variables[i]; | 117 var = varTable->variables[i]; |
124 printf ("<tr><td><pre>%s</pre></td><td><pre>%s</pre></td></tr>\n",· | 118 printf("<tr><td><pre>%s</pre></td><td><pre>%s</pre></td></tr>\n", var->name, |
125 var->name, var->value); | 119 var->value); |
126 } | 120 } |
127 printf("</table>\n"); | 121 printf("</table>\n"); |
128 } | 122 } |
129 | 123 |
130 void | 124 void echo_request(CGIVarTable *varTable) { |
131 echo_request(CGIVarTable *varTable) | |
132 { | |
133 spitOutHeaders(); | 125 spitOutHeaders(); |
134 printf("<html><head><title>CGI Echo Page</title></head>\n" | 126 printf( |
135 » "<body><h1>Got the following request</h1>\n"); | 127 "<html><head><title>CGI Echo Page</title></head>\n" |
| 128 "<body><h1>Got the following request</h1>\n"); |
136 dumpRequest(varTable); | 129 dumpRequest(varTable); |
137 printf("</body></html>"); | 130 printf("</body></html>"); |
138 } | 131 } |
139 | 132 |
140 void | 133 void processVariable(CGIVariable *var) { |
141 processVariable(CGIVariable *var) | |
142 { | |
143 char *plusSign, *percentSign; | 134 char *plusSign, *percentSign; |
144 | 135 |
145 /*First look for all of the '+' and convert them to spaces */ | 136 /*First look for all of the '+' and convert them to spaces */ |
146 plusSign = var->value; | 137 plusSign = var->value; |
147 while ((plusSign=strchr(plusSign, '+')) != NULL) { | 138 while ((plusSign = strchr(plusSign, '+')) != NULL) { |
148 *plusSign = ' '; | 139 *plusSign = ' '; |
149 } | 140 } |
150 percentSign = var->value; | 141 percentSign = var->value; |
151 while ((percentSign=strchr(percentSign, '%')) != NULL) { | 142 while ((percentSign = strchr(percentSign, '%')) != NULL) { |
152 char string[3]; | 143 char string[3]; |
153 int value; | 144 int value; |
154 | 145 |
155 string[0] = percentSign[1]; | 146 string[0] = percentSign[1]; |
156 string[1] = percentSign[2]; | 147 string[1] = percentSign[2]; |
157 string[2] = '\0'; | 148 string[2] = '\0'; |
158 | 149 |
159 sscanf(string,"%x", &value); | 150 sscanf(string, "%x", &value); |
160 *percentSign = (char)value; | 151 *percentSign = (char)value; |
161 memmove(&percentSign[1], &percentSign[3], 1+strlen(&percentSign[3])); | 152 memmove(&percentSign[1], &percentSign[3], 1 + strlen(&percentSign[3])); |
162 } | 153 } |
163 } | 154 } |
164 | 155 |
165 char * | 156 char *parseNextVariable(CGIVarTable *varTable, char *form_output) { |
166 parseNextVariable(CGIVarTable *varTable, char *form_output) | |
167 { | |
168 char *ampersand, *equal; | 157 char *ampersand, *equal; |
169 CGIVariable *var; | 158 CGIVariable *var; |
170 | 159 |
171 if (varTable->numVars == varTable->numAlloc) { | 160 if (varTable->numVars == varTable->numAlloc) { |
172 CGIVariable **newArr = realloc(varTable->variables,· | 161 CGIVariable **newArr = |
173 (varTable->numAlloc + DEFAULT_CGI_VARS)*sizeo
f(CGIVariable*)); | 162 realloc(varTable->variables, (varTable->numAlloc + DEFAULT_CGI_VARS) * |
| 163 sizeof(CGIVariable *)); |
174 if (newArr == NULL) { | 164 if (newArr == NULL) { |
175 return NULL; | 165 return NULL; |
176 } | 166 } |
177 varTable->variables = newArr; | 167 varTable->variables = newArr; |
178 varTable->numAlloc += DEFAULT_CGI_VARS; | 168 varTable->numAlloc += DEFAULT_CGI_VARS; |
179 } | 169 } |
180 equal = strchr(form_output, '='); | 170 equal = strchr(form_output, '='); |
181 if (equal == NULL) { | 171 if (equal == NULL) { |
182 return NULL; | 172 return NULL; |
183 } | 173 } |
184 ampersand = strchr(equal, '&'); | 174 ampersand = strchr(equal, '&'); |
185 if (ampersand == NULL) { | 175 if (ampersand == NULL) { |
186 return NULL; | 176 return NULL; |
187 } | 177 } |
188 equal[0] = '\0'; | 178 equal[0] = '\0'; |
189 if (ampersand != NULL) { | 179 if (ampersand != NULL) { |
190 ampersand[0] = '\0'; | 180 ampersand[0] = '\0'; |
191 } | 181 } |
192 var = malloc(sizeof(CGIVariable)); | 182 var = malloc(sizeof(CGIVariable)); |
193 var->name = form_output; | 183 var->name = form_output; |
194 var->value = &equal[1]; | 184 var->value = &equal[1]; |
195 varTable->variables[varTable->numVars] = var; | 185 varTable->variables[varTable->numVars] = var; |
196 varTable->numVars++; | 186 varTable->numVars++; |
197 processVariable(var); | 187 processVariable(var); |
198 return (ampersand != NULL) ? &ersand[1] : NULL; | 188 return (ampersand != NULL) ? &ersand[1] : NULL; |
199 } | 189 } |
200 | 190 |
201 void | 191 void ParseInputVariables(CGIVarTable *varTable, char *form_output) { |
202 ParseInputVariables(CGIVarTable *varTable, char *form_output) | 192 varTable->variables = malloc(sizeof(CGIVariable *) * DEFAULT_CGI_VARS); |
203 { | |
204 varTable->variables = malloc(sizeof(CGIVariable*)*DEFAULT_CGI_VARS); | |
205 varTable->numVars = 0; | 193 varTable->numVars = 0; |
206 varTable->numAlloc = DEFAULT_CGI_VARS; | 194 varTable->numAlloc = DEFAULT_CGI_VARS; |
207 while (form_output && form_output[0] != '\0') { | 195 while (form_output && form_output[0] != '\0') { |
208 form_output = parseNextVariable(varTable, form_output); | 196 form_output = parseNextVariable(varTable, form_output); |
209 } | 197 } |
210 } | 198 } |
211 | 199 |
212 const char * | 200 const char *CGITableFindValue(CGIVarTable *varTable, const char *key) { |
213 CGITableFindValue(CGIVarTable *varTable, const char *key) | |
214 { | |
215 const char *retVal = NULL; | 201 const char *retVal = NULL; |
216 int i; | 202 int i; |
217 | 203 |
218 for (i=0; i<varTable->numVars; i++) { | 204 for (i = 0; i < varTable->numVars; i++) { |
219 if (strcmp(varTable->variables[i]->name, key) == 0) { | 205 if (strcmp(varTable->variables[i]->name, key) == 0) { |
220 retVal = varTable->variables[i]->value; | 206 retVal = varTable->variables[i]->value; |
221 break; | 207 break; |
222 } | 208 } |
223 } | 209 } |
224 return retVal; | 210 return retVal; |
225 } | 211 } |
226 | 212 |
227 char* | 213 char *passwordCallback(PK11SlotInfo *slot, PRBool retry, void *arg) { |
228 passwordCallback(PK11SlotInfo *slot, PRBool retry, void *arg) | |
229 { | |
230 const char *passwd; | 214 const char *passwd; |
231 if (retry) { | 215 if (retry) { |
232 return NULL; | 216 return NULL; |
233 } | 217 } |
234 passwd = CGITableFindValue((CGIVarTable*)arg, "dbPassword"); | 218 passwd = CGITableFindValue((CGIVarTable *)arg, "dbPassword"); |
235 if (passwd == NULL) { | 219 if (passwd == NULL) { |
236 return NULL; | 220 return NULL; |
237 } | 221 } |
238 return PORT_Strdup(passwd); | 222 return PORT_Strdup(passwd); |
239 } | 223 } |
240 | 224 |
241 ErrorCode | 225 ErrorCode initNSS(CGIVarTable *varTable) { |
242 initNSS(CGIVarTable *varTable) | |
243 { | |
244 const char *nssDir; | 226 const char *nssDir; |
245 PK11SlotInfo *keySlot; | 227 PK11SlotInfo *keySlot; |
246 SECStatus rv; | 228 SECStatus rv; |
247 | 229 |
248 nssDir = CGITableFindValue(varTable,"NSSDirectory"); | 230 nssDir = CGITableFindValue(varTable, "NSSDirectory"); |
249 if (nssDir == NULL) { | 231 if (nssDir == NULL) { |
250 missingVar = "NSSDirectory"; | 232 missingVar = "NSSDirectory"; |
251 return REQ_CGI_VAR_NOT_PRESENT; | 233 return REQ_CGI_VAR_NOT_PRESENT; |
252 } | 234 } |
253 rv = NSS_Init(nssDir); | 235 rv = NSS_Init(nssDir); |
254 if (rv != SECSuccess) { | 236 if (rv != SECSuccess) { |
255 return NSS_INIT_FAILED; | 237 return NSS_INIT_FAILED; |
256 } | 238 } |
257 PK11_SetPasswordFunc(passwordCallback); | 239 PK11_SetPasswordFunc(passwordCallback); |
258 keySlot = PK11_GetInternalKeySlot(); | 240 keySlot = PK11_GetInternalKeySlot(); |
259 rv = PK11_Authenticate(keySlot, PR_FALSE, varTable); | 241 rv = PK11_Authenticate(keySlot, PR_FALSE, varTable); |
260 PK11_FreeSlot(keySlot); | 242 PK11_FreeSlot(keySlot); |
261 if (rv != SECSuccess) { | 243 if (rv != SECSuccess) { |
262 return AUTH_FAILED; | 244 return AUTH_FAILED; |
263 } | 245 } |
264 return NO_ERROR; | 246 return NO_ERROR; |
265 } | 247 } |
266 | 248 |
267 void | 249 void dumpErrorMessage(ErrorCode errNum) { |
268 dumpErrorMessage(ErrorCode errNum) | |
269 { | |
270 spitOutHeaders(); | 250 spitOutHeaders(); |
271 printf("<html><head><title>Error</title></head><body><h1>Error processing " | 251 printf( |
272 » "data</h1> Received the error %d<p>", errNum); | 252 "<html><head><title>Error</title></head><body><h1>Error processing " |
273 if (errNum == REQ_CGI_VAR_NOT_PRESENT) { | 253 "data</h1> Received the error %d<p>", |
274 printf ("The missing variable is %s.", missingVar); | 254 errNum); |
275 } | 255 if (errNum == REQ_CGI_VAR_NOT_PRESENT) { |
276 printf ("<i>More useful information here in the future.</i></body></html>"); | 256 printf("The missing variable is %s.", missingVar); |
277 } | 257 } |
278 | 258 printf("<i>More useful information here in the future.</i></body></html>"); |
279 ErrorCode | 259 } |
280 initOldCertReq(CERTCertificateRequest *oldCertReq, | 260 |
281 » CERTName *subject, CERTSubjectPublicKeyInfo *spki) | 261 ErrorCode initOldCertReq(CERTCertificateRequest *oldCertReq, CERTName *subject, |
282 { | 262 CERTSubjectPublicKeyInfo *spki) { |
283 PLArenaPool *poolp; | 263 PLArenaPool *poolp; |
284 | 264 |
285 poolp = oldCertReq->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 265 poolp = oldCertReq->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
286 SEC_ASN1EncodeInteger(poolp, &oldCertReq->version, | 266 SEC_ASN1EncodeInteger(poolp, &oldCertReq->version, SEC_CERTIFICATE_VERSION_3); |
287 » » » SEC_CERTIFICATE_VERSION_3); | |
288 CERT_CopyName(poolp, &oldCertReq->subject, subject); | 267 CERT_CopyName(poolp, &oldCertReq->subject, subject); |
289 SECKEY_CopySubjectPublicKeyInfo(poolp, &oldCertReq->subjectPublicKeyInfo, | 268 SECKEY_CopySubjectPublicKeyInfo(poolp, &oldCertReq->subjectPublicKeyInfo, |
290 » » » » spki); | 269 spki); |
291 oldCertReq->attributes = NULL; | 270 oldCertReq->attributes = NULL; |
292 return NO_ERROR; | 271 return NO_ERROR; |
293 } | 272 } |
294 | 273 |
295 ErrorCode | 274 ErrorCode addExtensions(CERTCertificate *newCert, CRMFCertRequest *certReq) { |
296 addExtensions(CERTCertificate *newCert, CRMFCertRequest *certReq) | |
297 { | |
298 int numExtensions, i; | 275 int numExtensions, i; |
299 void *extHandle; | 276 void *extHandle; |
300 ErrorCode rv = NO_ERROR; | 277 ErrorCode rv = NO_ERROR; |
301 CRMFCertExtension *ext; | 278 CRMFCertExtension *ext; |
302 SECStatus srv; | 279 SECStatus srv; |
303 | 280 |
304 numExtensions = CRMF_CertRequestGetNumberOfExtensions(certReq); | 281 numExtensions = CRMF_CertRequestGetNumberOfExtensions(certReq); |
305 if (numExtensions == 0) { | 282 if (numExtensions == 0) { |
306 /* No extensions to add */ | 283 /* No extensions to add */ |
307 return NO_ERROR; | 284 return NO_ERROR; |
308 } | 285 } |
309 extHandle = CERT_StartCertExtensions(newCert); | 286 extHandle = CERT_StartCertExtensions(newCert); |
310 if (extHandle == NULL) { | 287 if (extHandle == NULL) { |
311 rv = COULD_NOT_START_EXTENSIONS; | 288 rv = COULD_NOT_START_EXTENSIONS; |
312 goto loser; | 289 goto loser; |
313 } | 290 } |
314 for (i=0; i<numExtensions; i++) { | 291 for (i = 0; i < numExtensions; i++) { |
315 ext = CRMF_CertRequestGetExtensionAtIndex(certReq, i); | 292 ext = CRMF_CertRequestGetExtensionAtIndex(certReq, i); |
316 if (ext == NULL) { | 293 if (ext == NULL) { |
317 rv = ERROR_RETRIEVING_EXT_FROM_REQ; | 294 rv = ERROR_RETRIEVING_EXT_FROM_REQ; |
318 } | 295 } |
319 srv = CERT_AddExtension(extHandle, CRMF_CertExtensionGetOidTag(ext), | 296 srv = CERT_AddExtension(extHandle, CRMF_CertExtensionGetOidTag(ext), |
320 » » » CRMF_CertExtensionGetValue(ext), | 297 CRMF_CertExtensionGetValue(ext), |
321 » » » CRMF_CertExtensionGetIsCritical(ext), PR_FALSE); | 298 CRMF_CertExtensionGetIsCritical(ext), PR_FALSE); |
322 if (srv != SECSuccess) { | 299 if (srv != SECSuccess) { |
323 rv = ERROR_ADDING_EXT_TO_CERT; | 300 rv = ERROR_ADDING_EXT_TO_CERT; |
324 } | 301 } |
325 } | 302 } |
326 srv = CERT_FinishExtensions(extHandle); | 303 srv = CERT_FinishExtensions(extHandle); |
327 if (srv != SECSuccess) { | 304 if (srv != SECSuccess) { |
328 rv = ERROR_ENDING_EXTENSIONS; | 305 rv = ERROR_ENDING_EXTENSIONS; |
329 goto loser; | 306 goto loser; |
330 } | 307 } |
331 return NO_ERROR; | 308 return NO_ERROR; |
332 loser: | 309 loser: |
333 return rv; | 310 return rv; |
334 } | 311 } |
335 | 312 |
336 void | 313 void writeOutItem(const char *filePath, SECItem *der) { |
337 writeOutItem(const char *filePath, SECItem *der) | |
338 { | |
339 PRFileDesc *outfile; | 314 PRFileDesc *outfile; |
340 | 315 |
341 outfile = PR_Open (filePath, | 316 outfile = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 0666); |
342 » » PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, | |
343 » » 0666); | |
344 PR_Write(outfile, der->data, der->len); | 317 PR_Write(outfile, der->data, der->len); |
345 PR_Close(outfile); | 318 PR_Close(outfile); |
346 | 319 } |
347 } | 320 |
348 | 321 ErrorCode createNewCert(CERTCertificate **issuedCert, |
349 ErrorCode | 322 CERTCertificateRequest *oldCertReq, |
350 createNewCert(CERTCertificate**issuedCert,CERTCertificateRequest *oldCertReq, | 323 CRMFCertReqMsg *currReq, CRMFCertRequest *certReq, |
351 » CRMFCertReqMsg *currReq, CRMFCertRequest *certReq,· | 324 CERTCertificate *issuerCert, CGIVarTable *varTable) { |
352 » CERTCertificate *issuerCert, CGIVarTable *varTable) | |
353 { | |
354 CERTCertificate *newCert = NULL; | 325 CERTCertificate *newCert = NULL; |
355 CERTValidity *validity; | 326 CERTValidity *validity; |
356 PRExplodedTime printableTime; | 327 PRExplodedTime printableTime; |
357 PRTime now, after; | 328 PRTime now, after; |
358 ErrorCode rv=NO_ERROR; | 329 ErrorCode rv = NO_ERROR; |
359 SECKEYPrivateKey *issuerPrivKey; | 330 SECKEYPrivateKey *issuerPrivKey; |
360 SECItem derCert = { 0 }; | 331 SECItem derCert = {0}; |
361 SECOidTag signTag; | 332 SECOidTag signTag; |
362 SECStatus srv; | 333 SECStatus srv; |
363 long version; | 334 long version; |
364 | 335 |
365 now = PR_Now(); | 336 now = PR_Now(); |
366 PR_ExplodeTime(now, PR_GMTParameters, &printableTime); | 337 PR_ExplodeTime(now, PR_GMTParameters, &printableTime); |
367 printableTime.tm_month += 9; | 338 printableTime.tm_month += 9; |
368 after = PR_ImplodeTime(&printableTime); | 339 after = PR_ImplodeTime(&printableTime); |
369 validity = CERT_CreateValidity(now, after); | 340 validity = CERT_CreateValidity(now, after); |
370 newCert = *issuedCert =· | 341 newCert = *issuedCert = CERT_CreateCertificate(rand(), &(issuerCert->subject), |
371 CERT_CreateCertificate(rand(), &(issuerCert->subject), validity,· | 342 validity, oldCertReq); |
372 » » » oldCertReq); | |
373 if (newCert == NULL) { | 343 if (newCert == NULL) { |
374 rv = ERROR_CREATING_NEW_CERTIFICATE; | 344 rv = ERROR_CREATING_NEW_CERTIFICATE; |
375 goto loser; | 345 goto loser; |
376 } | 346 } |
377 rv = addExtensions(newCert, certReq); | 347 rv = addExtensions(newCert, certReq); |
378 if (rv != NO_ERROR) { | 348 if (rv != NO_ERROR) { |
379 goto loser; | 349 goto loser; |
380 } | 350 } |
381 issuerPrivKey = PK11_FindKeyByAnyCert(issuerCert, varTable); | 351 issuerPrivKey = PK11_FindKeyByAnyCert(issuerCert, varTable); |
382 if (issuerPrivKey == NULL) { | 352 if (issuerPrivKey == NULL) { |
383 rv = COULD_NOT_FIND_ISSUER_PRIVATE_KEY; | 353 rv = COULD_NOT_FIND_ISSUER_PRIVATE_KEY; |
384 } | 354 } |
385 signTag = SEC_GetSignatureAlgorithmOidTag(issuerPrivatekey->keytype,· | 355 signTag = SEC_GetSignatureAlgorithmOidTag(issuerPrivatekey->keytype, |
386 » » » » » SEC_OID_UNKNOWN); | 356 SEC_OID_UNKNOWN); |
387 if (signTag == SEC_OID_UNKNOWN) { | 357 if (signTag == SEC_OID_UNKNOWN) { |
388 rv = UNSUPPORTED_SIGN_OPERATION_FOR_ISSUER; | 358 rv = UNSUPPORTED_SIGN_OPERATION_FOR_ISSUER; |
389 goto loser; | 359 goto loser; |
390 } | 360 } |
391 srv = SECOID_SetAlgorithmID(newCert->arena, &newCert->signature, | 361 srv = SECOID_SetAlgorithmID(newCert->arena, &newCert->signature, signTag, 0); |
392 » » » signTag, 0); | |
393 if (srv != SECSuccess) { | 362 if (srv != SECSuccess) { |
394 rv = ERROR_SETTING_SIGN_ALG; | 363 rv = ERROR_SETTING_SIGN_ALG; |
395 goto loser; | 364 goto loser; |
396 } | 365 } |
397 srv = CRMF_CertRequestGetCertTemplateVersion(certReq, &version); | 366 srv = CRMF_CertRequestGetCertTemplateVersion(certReq, &version); |
398 if (srv != SECSuccess) { | 367 if (srv != SECSuccess) { |
399 /* No version included in the request */ | 368 /* No version included in the request */ |
400 *(newCert->version.data) = SEC_CERTIFICATE_VERSION_3; | 369 *(newCert->version.data) = SEC_CERTIFICATE_VERSION_3; |
401 } else { | 370 } else { |
402 SECITEM_FreeItem(&newCert->version, PR_FALSE); | 371 SECITEM_FreeItem(&newCert->version, PR_FALSE); |
403 SEC_ASN1EncodeInteger(newCert->arena, &newCert->version, version); | 372 SEC_ASN1EncodeInteger(newCert->arena, &newCert->version, version); |
404 } | 373 } |
405 SEC_ASN1EncodeItem(newCert->arena, &derCert, newCert,· | 374 SEC_ASN1EncodeItem(newCert->arena, &derCert, newCert, |
406 » » CERT_CertificateTemplate); | 375 CERT_CertificateTemplate); |
407 if (derCert.data == NULL) { | 376 if (derCert.data == NULL) { |
408 rv = ERROR_ENCODING_NEW_CERT; | 377 rv = ERROR_ENCODING_NEW_CERT; |
409 goto loser; | 378 goto loser; |
410 } | 379 } |
411 srv = SEC_DerSignData(newCert->arena, &(newCert->derCert), derCert.data, | 380 srv = SEC_DerSignData(newCert->arena, &(newCert->derCert), derCert.data, |
412 » » » derCert.len, issuerPrivKey, signTag); | 381 derCert.len, issuerPrivKey, signTag); |
413 if (srv != SECSuccess) { | 382 if (srv != SECSuccess) { |
414 rv = ERROR_SIGNING_NEW_CERT; | 383 rv = ERROR_SIGNING_NEW_CERT; |
415 goto loser; | 384 goto loser; |
416 } | 385 } |
417 #ifdef WRITE_OUT_RESPONSE | 386 #ifdef WRITE_OUT_RESPONSE |
418 writeOutItem("newcert.der", &newCert->derCert); | 387 writeOutItem("newcert.der", &newCert->derCert); |
419 #endif | 388 #endif |
420 return NO_ERROR; | 389 return NO_ERROR; |
421 loser: | 390 loser: |
422 *issuedCert = NULL; | 391 *issuedCert = NULL; |
423 if (newCert) { | 392 if (newCert) { |
424 CERT_DestroyCertificate(newCert); | 393 CERT_DestroyCertificate(newCert); |
425 } | 394 } |
426 return rv; | 395 return rv; |
427 » »············ | 396 } |
428 } | 397 |
429 | 398 void formatCMMFResponse(char *nickname, char *base64Response) { |
430 void | |
431 formatCMMFResponse(char *nickname, char *base64Response) | |
432 { | |
433 char *currLine, *nextLine; | 399 char *currLine, *nextLine; |
434 | 400 |
435 printf("var retVal = crypto.importUserCertificates(\"%s\",\n", nickname); | 401 printf("var retVal = crypto.importUserCertificates(\"%s\",\n", nickname); |
436 currLine = base64Response; | 402 currLine = base64Response; |
437 while (1) { | 403 while (1) { |
438 nextLine = strchr(currLine, '\n'); | 404 nextLine = strchr(currLine, '\n'); |
439 if (nextLine == NULL) { | 405 if (nextLine == NULL) { |
440 /* print out the last line here. */ | 406 /* print out the last line here. */ |
441 printf ("\"%s\",\n", currLine); | 407 printf("\"%s\",\n", currLine); |
442 break; | 408 break; |
443 } | 409 } |
444 nextLine[0] = '\0'; | 410 nextLine[0] = '\0'; |
445 printf("\"%s\\n\"+\n", currLine); | 411 printf("\"%s\\n\"+\n", currLine); |
446 currLine = nextLine+1; | 412 currLine = nextLine + 1; |
447 } | 413 } |
448 printf("true);\n" | 414 printf( |
449 » "if(retVal == '') {\n" | 415 "true);\n" |
450 » "\tdocument.write(\"<h1>New Certificate Successfully Imported.</h1>\");
\n" | 416 "if(retVal == '') {\n" |
451 » "} else {\n" | 417 "\tdocument.write(\"<h1>New Certificate Successfully Imported.</h1>\");\n" |
452 » "\tdocument.write(\"<h2>Unable to import New Certificate</h2>\");\n" | 418 "} else {\n" |
453 » "\tdocument.write(\"crypto.importUserCertificates returned <b>\");\n" | 419 "\tdocument.write(\"<h2>Unable to import New Certificate</h2>\");\n" |
454 » "\tdocument.write(retVal);\n" | 420 "\tdocument.write(\"crypto.importUserCertificates returned <b>\");\n" |
455 » "\tdocument.write(\"</b>\");\n" | 421 "\tdocument.write(retVal);\n" |
456 » "}\n"); | 422 "\tdocument.write(\"</b>\");\n" |
457 } | 423 "}\n"); |
458 | 424 } |
459 void | 425 |
460 spitOutCMMFResponse(char *nickname, char *base64Response) | 426 void spitOutCMMFResponse(char *nickname, char *base64Response) { |
461 { | |
462 spitOutHeaders(); | 427 spitOutHeaders(); |
463 printf("<html>\n<head>\n<title>CMMF Resonse Page</title>\n</head>\n\n" | 428 printf( |
464 » "<body><h1>CMMF Response Page</h1>\n" | 429 "<html>\n<head>\n<title>CMMF Resonse Page</title>\n</head>\n\n" |
465 » "<script language=\"JavaScript\">\n" | 430 "<body><h1>CMMF Response Page</h1>\n" |
466 » "<!--\n"); | 431 "<script language=\"JavaScript\">\n" |
| 432 "<!--\n"); |
467 formatCMMFResponse(nickname, base64Response); | 433 formatCMMFResponse(nickname, base64Response); |
468 printf("// -->\n" | 434 printf( |
469 » "</script>\n</body>\n</html>"); | 435 "// -->\n" |
470 } | 436 "</script>\n</body>\n</html>"); |
471 | 437 } |
472 char* | 438 |
473 getNickname(CERTCertificate *cert) | 439 char *getNickname(CERTCertificate *cert) { |
474 { | |
475 char *nickname; | 440 char *nickname; |
476 | 441 |
477 if (cert->nickname != NULL) { | 442 if (cert->nickname != NULL) { |
478 return cert->nickname; | 443 return cert->nickname; |
479 } | 444 } |
480 nickname = CERT_GetCommonName(&cert->subject); | 445 nickname = CERT_GetCommonName(&cert->subject); |
481 if (nickname != NULL) { | 446 if (nickname != NULL) { |
482 return nickname; | 447 return nickname; |
483 } | 448 } |
484 return CERT_NameToAscii(&cert->subject); | 449 return CERT_NameToAscii(&cert->subject); |
485 } | 450 } |
486 | 451 |
487 ErrorCode | 452 ErrorCode createCMMFResponse(CertResponseInfo *issuedCerts, int numCerts, |
488 createCMMFResponse(CertResponseInfo *issuedCerts, int numCerts,· | 453 CERTCertificate *issuerCert, char **base64der) { |
489 » » CERTCertificate *issuerCert, char **base64der) | 454 CMMFCertRepContent *certRepContent = NULL; |
490 { | |
491 CMMFCertRepContent *certRepContent=NULL; | |
492 ErrorCode rv = NO_ERROR; | 455 ErrorCode rv = NO_ERROR; |
493 CMMFCertResponse **responses, *currResponse; | 456 CMMFCertResponse **responses, *currResponse; |
494 CERTCertList *caList; | 457 CERTCertList *caList; |
495 int i; | 458 int i; |
496 SECStatus srv; | 459 SECStatus srv; |
497 PLArenaPool *poolp; | 460 PLArenaPool *poolp; |
498 SECItem *der; | 461 SECItem *der; |
499 | 462 |
500 certRepContent = CMMF_CreateCertRepContent(); | 463 certRepContent = CMMF_CreateCertRepContent(); |
501 if (certRepContent == NULL) { | 464 if (certRepContent == NULL) { |
502 rv = ERROR_CREATING_CERT_REP_CONTENT; | 465 rv = ERROR_CREATING_CERT_REP_CONTENT; |
503 goto loser; | 466 goto loser; |
504 } | 467 } |
505 responses = PORT_NewArray(CMMFCertResponse*, numCerts); | 468 responses = PORT_NewArray(CMMFCertResponse *, numCerts); |
506 if (responses == NULL) { | 469 if (responses == NULL) { |
507 rv = OUT_OF_MEMORY; | 470 rv = OUT_OF_MEMORY; |
508 goto loser; | 471 goto loser; |
509 } | 472 } |
510 for (i=0; i<numCerts;i++) { | 473 for (i = 0; i < numCerts; i++) { |
511 responses[i] = currResponse =· | 474 responses[i] = currResponse = |
512 CMMF_CreateCertResponse(issuedCerts[i].certReqID); | 475 CMMF_CreateCertResponse(issuedCerts[i].certReqID); |
513 if (currResponse == NULL) { | 476 if (currResponse == NULL) { |
514 rv = ERROR_CREATING_SINGLE_CERT_RESPONSE; | 477 rv = ERROR_CREATING_SINGLE_CERT_RESPONSE; |
515 goto loser; | 478 goto loser; |
516 } | 479 } |
517 CMMF_CertResponseSetPKIStatusInfoStatus(currResponse, cmmfGranted); | 480 CMMF_CertResponseSetPKIStatusInfoStatus(currResponse, cmmfGranted); |
518 CMMF_CertResponseSetCertificate(currResponse, issuedCerts[i].cert); | 481 CMMF_CertResponseSetCertificate(currResponse, issuedCerts[i].cert); |
519 } | 482 } |
520 srv = CMMF_CertRepContentSetCertResponses(certRepContent, responses, | 483 srv = |
521 » » » » » numCerts); | 484 CMMF_CertRepContentSetCertResponses(certRepContent, responses, numCerts); |
522 if (srv != SECSuccess) { | 485 if (srv != SECSuccess) { |
523 rv = ERROR_SETTING_CERT_RESPONSES; | 486 rv = ERROR_SETTING_CERT_RESPONSES; |
524 goto loser; | 487 goto loser; |
525 } | 488 } |
526 caList = CERT_NewCertList(); | 489 caList = CERT_NewCertList(); |
527 if (caList == NULL) { | 490 if (caList == NULL) { |
528 rv = ERROR_CREATING_CA_LIST; | 491 rv = ERROR_CREATING_CA_LIST; |
529 goto loser; | 492 goto loser; |
530 } | 493 } |
531 srv = CERT_AddCertToListTail(caList, issuerCert); | 494 srv = CERT_AddCertToListTail(caList, issuerCert); |
532 if (srv != SECSuccess) { | 495 if (srv != SECSuccess) { |
533 rv = ERROR_ADDING_ISSUER_TO_CA_LIST; | 496 rv = ERROR_ADDING_ISSUER_TO_CA_LIST; |
534 goto loser; | 497 goto loser; |
535 } | 498 } |
536 srv = CMMF_CertRepContentSetCAPubs(certRepContent, caList); | 499 srv = CMMF_CertRepContentSetCAPubs(certRepContent, caList); |
537 CERT_DestroyCertList(caList); | 500 CERT_DestroyCertList(caList); |
538 poolp = PORT_NewArena(1024); | 501 poolp = PORT_NewArena(1024); |
539 der = SEC_ASN1EncodeItem(poolp, NULL, certRepContent,· | 502 der = SEC_ASN1EncodeItem(poolp, NULL, certRepContent, |
540 » » » CMMFCertRepContentTemplate); | 503 CMMFCertRepContentTemplate); |
541 if (der == NULL) { | 504 if (der == NULL) { |
542 rv = ERROR_ENCODING_CERT_REP_CONTENT; | 505 rv = ERROR_ENCODING_CERT_REP_CONTENT; |
543 goto loser; | 506 goto loser; |
544 } | 507 } |
545 #ifdef WRITE_OUT_RESPONSE | 508 #ifdef WRITE_OUT_RESPONSE |
546 writeOutItem("CertRepContent.der", der); | 509 writeOutItem("CertRepContent.der", der); |
547 #endif | 510 #endif |
548 *base64der = BTOA_DataToAscii(der->data, der->len); | 511 *base64der = BTOA_DataToAscii(der->data, der->len); |
549 return NO_ERROR; | 512 return NO_ERROR; |
550 loser: | 513 loser: |
551 return rv; | 514 return rv; |
552 } | 515 } |
553 | 516 |
554 ErrorCode | 517 ErrorCode issueCerts(CertResponseInfo *issuedCerts, int numCerts, |
555 issueCerts(CertResponseInfo *issuedCerts, int numCerts,· | 518 CERTCertificate *issuerCert) { |
556 » CERTCertificate *issuerCert) | |
557 { | |
558 ErrorCode rv; | 519 ErrorCode rv; |
559 char *base64Response; | 520 char *base64Response; |
560 | 521 |
561 rv = createCMMFResponse(issuedCerts, numCerts, issuerCert, &base64Response); | 522 rv = createCMMFResponse(issuedCerts, numCerts, issuerCert, &base64Response); |
562 if (rv != NO_ERROR) { | 523 if (rv != NO_ERROR) { |
563 goto loser; | 524 goto loser; |
564 } | 525 } |
565 spitOutCMMFResponse(getNickname(issuedCerts[0].cert),base64Response); | 526 spitOutCMMFResponse(getNickname(issuedCerts[0].cert), base64Response); |
566 return NO_ERROR; | 527 return NO_ERROR; |
567 loser: | 528 loser: |
568 return rv; | 529 return rv; |
569 } | 530 } |
570 | 531 |
571 ErrorCode | 532 ErrorCode verifySignature(CGIVarTable *varTable, CRMFCertReqMsg *currReq, |
572 verifySignature(CGIVarTable *varTable, CRMFCertReqMsg *currReq,· | 533 CRMFCertRequest *certReq, CERTCertificate *newCert) { |
573 » » CRMFCertRequest *certReq, CERTCertificate *newCert) | |
574 { | |
575 SECStatus srv; | 534 SECStatus srv; |
576 ErrorCode rv = NO_ERROR; | 535 ErrorCode rv = NO_ERROR; |
577 CRMFPOPOSigningKey *signKey = NULL; | 536 CRMFPOPOSigningKey *signKey = NULL; |
578 SECAlgorithmID *algID = NULL; | 537 SECAlgorithmID *algID = NULL; |
579 SECItem *signature = NULL; | 538 SECItem *signature = NULL; |
580 SECKEYPublicKey *pubKey = NULL; | 539 SECKEYPublicKey *pubKey = NULL; |
581 SECItem *reqDER = NULL; | 540 SECItem *reqDER = NULL; |
582 | 541 |
583 srv = CRMF_CertReqMsgGetPOPOSigningKey(currReq, &signKey); | 542 srv = CRMF_CertReqMsgGetPOPOSigningKey(currReq, &signKey); |
584 if (srv != SECSuccess || signKey == NULL) { | 543 if (srv != SECSuccess || signKey == NULL) { |
585 rv = ERROR_RETRIEVING_POP_SIGN_KEY; | 544 rv = ERROR_RETRIEVING_POP_SIGN_KEY; |
586 goto loser; | 545 goto loser; |
587 } | 546 } |
588 algID = CRMF_POPOSigningKeyGetAlgID(signKey); | 547 algID = CRMF_POPOSigningKeyGetAlgID(signKey); |
589 if (algID == NULL) { | 548 if (algID == NULL) { |
590 rv = ERROR_RETRIEVING_ALG_ID_FROM_SIGN_KEY; | 549 rv = ERROR_RETRIEVING_ALG_ID_FROM_SIGN_KEY; |
591 goto loser; | 550 goto loser; |
592 } | 551 } |
593 signature = CRMF_POPOSigningKeyGetSignature(signKey); | 552 signature = CRMF_POPOSigningKeyGetSignature(signKey); |
594 if (signature == NULL) { | 553 if (signature == NULL) { |
595 rv = ERROR_RETRIEVING_SIGNATURE_FROM_POP_SIGN_KEY; | 554 rv = ERROR_RETRIEVING_SIGNATURE_FROM_POP_SIGN_KEY; |
596 goto loser; | 555 goto loser; |
597 } | 556 } |
598 /* Make the length the number of bytes instead of bits */ | 557 /* Make the length the number of bytes instead of bits */ |
599 signature->len = (signature->len+7)/8; | 558 signature->len = (signature->len + 7) / 8; |
600 pubKey = CERT_ExtractPublicKey(newCert); | 559 pubKey = CERT_ExtractPublicKey(newCert); |
601 if (pubKey == NULL) { | 560 if (pubKey == NULL) { |
602 rv = ERROR_RETRIEVING_PUB_KEY_FROM_NEW_CERT; | 561 rv = ERROR_RETRIEVING_PUB_KEY_FROM_NEW_CERT; |
603 goto loser; | 562 goto loser; |
604 } | 563 } |
605 reqDER = SEC_ASN1EncodeItem(NULL, NULL, certReq, CRMFCertRequestTemplate); | 564 reqDER = SEC_ASN1EncodeItem(NULL, NULL, certReq, CRMFCertRequestTemplate); |
606 if (reqDER == NULL) { | 565 if (reqDER == NULL) { |
607 rv = ERROR_ENCODING_CERT_REQ_FOR_POP; | 566 rv = ERROR_ENCODING_CERT_REQ_FOR_POP; |
608 goto loser; | 567 goto loser; |
609 } | 568 } |
610 srv = VFY_VerifyDataWithAlgorithmID(reqDER->data, reqDER->len, pubKey,· | 569 srv = VFY_VerifyDataWithAlgorithmID(reqDER->data, reqDER->len, pubKey, |
611 » » » signature, &algID->algorithm, NULL, varTable); | 570 signature, &algID->algorithm, NULL, |
| 571 varTable); |
612 if (srv != SECSuccess) { | 572 if (srv != SECSuccess) { |
613 rv = ERROR_VERIFYING_SIGNATURE_POP; | 573 rv = ERROR_VERIFYING_SIGNATURE_POP; |
614 goto loser; | 574 goto loser; |
615 } | 575 } |
616 /* Fall thru in successfull case. */ | 576 /* Fall thru in successfull case. */ |
617 loser: | 577 loser: |
618 if (pubKey != NULL) { | 578 if (pubKey != NULL) { |
619 SECKEY_DestroyPublicKey(pubKey); | 579 SECKEY_DestroyPublicKey(pubKey); |
620 } | 580 } |
621 if (reqDER != NULL) { | 581 if (reqDER != NULL) { |
622 SECITEM_FreeItem(reqDER, PR_TRUE); | 582 SECITEM_FreeItem(reqDER, PR_TRUE); |
623 } | 583 } |
624 if (signature != NULL) { | 584 if (signature != NULL) { |
625 SECITEM_FreeItem(signature, PR_TRUE); | 585 SECITEM_FreeItem(signature, PR_TRUE); |
626 } | 586 } |
627 if (algID != NULL) { | 587 if (algID != NULL) { |
628 SECOID_DestroyAlgorithmID(algID, PR_TRUE); | 588 SECOID_DestroyAlgorithmID(algID, PR_TRUE); |
629 } | 589 } |
630 if (signKey != NULL) { | 590 if (signKey != NULL) { |
631 CRMF_DestroyPOPOSigningKey(signKey); | 591 CRMF_DestroyPOPOSigningKey(signKey); |
632 } | 592 } |
633 return rv; | 593 return rv; |
634 } | 594 } |
635 | 595 |
636 ErrorCode | 596 ErrorCode doChallengeResponse(CGIVarTable *varTable, CRMFCertReqMsg *currReq, |
637 doChallengeResponse(CGIVarTable *varTable, CRMFCertReqMsg *currReq,· | 597 CRMFCertRequest *certReq, |
638 » » CRMFCertRequest *certReq, CERTCertificate *newCert, | 598 CERTCertificate *newCert, |
639 » » ChallengeCreationInfo *challs, int *numChall) | 599 ChallengeCreationInfo *challs, int *numChall) { |
640 { | |
641 CRMFPOPOPrivKey *privKey = NULL; | 600 CRMFPOPOPrivKey *privKey = NULL; |
642 CRMFPOPOPrivKeyChoice privKeyChoice; | 601 CRMFPOPOPrivKeyChoice privKeyChoice; |
643 SECStatus srv; | 602 SECStatus srv; |
644 ErrorCode rv = NO_ERROR; | 603 ErrorCode rv = NO_ERROR; |
645 | 604 |
646 srv = CRMF_CertReqMsgGetPOPKeyEncipherment(currReq, &privKey); | 605 srv = CRMF_CertReqMsgGetPOPKeyEncipherment(currReq, &privKey); |
647 if (srv != SECSuccess || privKey == NULL) { | 606 if (srv != SECSuccess || privKey == NULL) { |
648 rv = ERROR_GETTING_KEY_ENCIPHERMENT; | 607 rv = ERROR_GETTING_KEY_ENCIPHERMENT; |
649 goto loser; | 608 goto loser; |
650 } | 609 } |
651 privKeyChoice = CRMF_POPOPrivKeyGetChoice(privKey); | 610 privKeyChoice = CRMF_POPOPrivKeyGetChoice(privKey); |
652 CRMF_DestroyPOPOPrivKey(privKey); | 611 CRMF_DestroyPOPOPrivKey(privKey); |
653 switch (privKeyChoice) { | 612 switch (privKeyChoice) { |
654 case crmfSubsequentMessage: | 613 case crmfSubsequentMessage: |
655 challs = &challs[*numChall]; | 614 challs = &challs[*numChall]; |
656 challs->random = rand(); | 615 challs->random = rand(); |
657 challs->pubKey = CERT_ExtractPublicKey(newCert); | 616 challs->pubKey = CERT_ExtractPublicKey(newCert); |
658 if (challs->pubKey == NULL) { | 617 if (challs->pubKey == NULL) { |
659 rv = ERROR_RETRIEVING_PUB_KEY_FOR_CHALL; | 618 rv = ERROR_RETRIEVING_PUB_KEY_FOR_CHALL; |
| 619 goto loser; |
| 620 } |
| 621 (*numChall)++; |
| 622 rv = DO_CHALLENGE_RESPONSE; |
| 623 break; |
| 624 case crmfThisMessage: |
| 625 /* There'd better be a PKIArchiveControl in this message */ |
| 626 if (!CRMF_CertRequestIsControlPresent(certReq, |
| 627 crmfPKIArchiveOptionsControl)) { |
| 628 rv = ERROR_NO_POP_FOR_PRIVKEY; |
| 629 goto loser; |
| 630 } |
| 631 break; |
| 632 default: |
| 633 rv = ERROR_UNSUPPORTED_POPOPRIVKEY_TYPE; |
660 goto loser; | 634 goto loser; |
661 } | |
662 (*numChall)++; | |
663 rv = DO_CHALLENGE_RESPONSE; | |
664 break; | |
665 case crmfThisMessage: | |
666 /* There'd better be a PKIArchiveControl in this message */ | |
667 if (!CRMF_CertRequestIsControlPresent(certReq,· | |
668 crmfPKIArchiveOptionsControl)) { | |
669 rv = ERROR_NO_POP_FOR_PRIVKEY; | |
670 goto loser; | |
671 } | |
672 break; | |
673 default: | |
674 rv = ERROR_UNSUPPORTED_POPOPRIVKEY_TYPE; | |
675 goto loser; | |
676 } | 635 } |
677 loser: | 636 loser: |
678 return rv; | 637 return rv; |
679 } | 638 } |
680 | 639 |
681 ErrorCode | 640 ErrorCode doProofOfPossession(CGIVarTable *varTable, CRMFCertReqMsg *currReq, |
682 doProofOfPossession(CGIVarTable *varTable, CRMFCertReqMsg *currReq,· | 641 CRMFCertRequest *certReq, |
683 » » CRMFCertRequest *certReq, CERTCertificate *newCert, | 642 CERTCertificate *newCert, |
684 » » ChallengeCreationInfo *challs, int *numChall) | 643 ChallengeCreationInfo *challs, int *numChall) { |
685 { | |
686 CRMFPOPChoice popChoice; | 644 CRMFPOPChoice popChoice; |
687 ErrorCode rv = NO_ERROR; | 645 ErrorCode rv = NO_ERROR; |
688 | 646 |
689 popChoice = CRMF_CertReqMsgGetPOPType(currReq); | 647 popChoice = CRMF_CertReqMsgGetPOPType(currReq); |
690 if (popChoice == crmfNoPOPChoice) { | 648 if (popChoice == crmfNoPOPChoice) { |
691 rv = NO_POP_FOR_REQUEST; | 649 rv = NO_POP_FOR_REQUEST; |
692 goto loser; | 650 goto loser; |
693 } | 651 } |
694 switch (popChoice) { | 652 switch (popChoice) { |
695 case crmfSignature: | 653 case crmfSignature: |
696 rv = verifySignature(varTable, currReq, certReq, newCert); | 654 rv = verifySignature(varTable, currReq, certReq, newCert); |
697 break; | 655 break; |
698 case crmfKeyEncipherment: | 656 case crmfKeyEncipherment: |
699 rv = doChallengeResponse(varTable, currReq, certReq, newCert, | 657 rv = doChallengeResponse(varTable, currReq, certReq, newCert, challs, |
700 » » » challs, numChall); | 658 numChall); |
701 break; | 659 break; |
702 case crmfRAVerified: | 660 case crmfRAVerified: |
703 case crmfKeyAgreement: | 661 case crmfKeyAgreement: |
704 default: | 662 default: |
705 rv = UNSUPPORTED_POP; | 663 rv = UNSUPPORTED_POP; |
706 goto loser; | 664 goto loser; |
707 } | 665 } |
708 loser: | 666 loser: |
709 return rv; | 667 return rv; |
710 } | 668 } |
711 | 669 |
712 void | 670 void convertB64ToJS(char *base64) { |
713 convertB64ToJS(char *base64) | |
714 { | |
715 int i; | 671 int i; |
716 | 672 |
717 for (i=0; base64[i] != '\0'; i++) { | 673 for (i = 0; base64[i] != '\0'; i++) { |
718 if (base64[i] == '\n') { | 674 if (base64[i] == '\n') { |
719 printf ("\\n"); | 675 printf("\\n"); |
720 }else { | 676 } else { |
721 printf ("%c", base64[i]); | 677 printf("%c", base64[i]); |
722 } | 678 } |
723 } | 679 } |
724 } | 680 } |
725 | 681 |
726 void | 682 void formatChallenge(char *chall64, char *certRepContentDER, |
727 formatChallenge(char *chall64, char *certRepContentDER, | 683 ChallengeCreationInfo *challInfo, int numChalls) { |
728 » » ChallengeCreationInfo *challInfo, int numChalls) | 684 printf( |
729 { | 685 "function respondToChallenge() {\n" |
730 printf ("function respondToChallenge() {\n" | 686 " var chalForm = document.chalForm;\n\n" |
731 » " var chalForm = document.chalForm;\n\n" | 687 " chalForm.CertRepContent.value = '"); |
732 » " chalForm.CertRepContent.value = '"); | |
733 convertB64ToJS(certRepContentDER); | 688 convertB64ToJS(certRepContentDER); |
734 printf ("';\n" | 689 printf( |
735 » " chalForm.ChallResponse.value = crypto.popChallengeResponse('"); | 690 "';\n" |
| 691 " chalForm.ChallResponse.value = crypto.popChallengeResponse('"); |
736 convertB64ToJS(chall64); | 692 convertB64ToJS(chall64); |
737 printf("');\n" | 693 printf( |
738 » " chalForm.submit();\n" | 694 "');\n" |
739 » "}\n"); | 695 " chalForm.submit();\n" |
740 | 696 "}\n"); |
741 } | 697 } |
742 | 698 |
743 void | 699 void spitOutChallenge(char *chall64, char *certRepContentDER, |
744 spitOutChallenge(char *chall64, char *certRepContentDER, | 700 ChallengeCreationInfo *challInfo, int numChalls, |
745 » » ChallengeCreationInfo *challInfo, int numChalls, | 701 char *nickname) { |
746 » » char *nickname) | |
747 { | |
748 int i; | 702 int i; |
749 | 703 |
750 spitOutHeaders(); | 704 spitOutHeaders(); |
751 printf("<html>\n" | 705 printf( |
752 » "<head>\n" | 706 "<html>\n" |
753 » "<title>Challenge Page</title>\n" | 707 "<head>\n" |
754 » "<script language=\"JavaScript\">\n" | 708 "<title>Challenge Page</title>\n" |
755 » "<!--\n"); | 709 "<script language=\"JavaScript\">\n" |
| 710 "<!--\n"); |
756 /* The JavaScript function actually gets defined within | 711 /* The JavaScript function actually gets defined within |
757 * this function call | 712 * this function call |
758 */ | 713 */ |
759 formatChallenge(chall64, certRepContentDER, challInfo, numChalls); | 714 formatChallenge(chall64, certRepContentDER, challInfo, numChalls); |
760 printf("// -->\n" | 715 printf( |
761 » "</script>\n" | 716 "// -->\n" |
762 » "</head>\n" | 717 "</script>\n" |
763 » "<body onLoad='respondToChallenge()'>\n" | 718 "</head>\n" |
764 » "<h1>Cartman is now responding to the Challenge " | 719 "<body onLoad='respondToChallenge()'>\n" |
765 » "presented by the CGI</h1>\n" | 720 "<h1>Cartman is now responding to the Challenge " |
766 » "<form action='crmfcgi' method='post' name='chalForm'>\n" | 721 "presented by the CGI</h1>\n" |
767 » "<input type='hidden' name=CertRepContent value=''>\n" | 722 "<form action='crmfcgi' method='post' name='chalForm'>\n" |
768 » "<input type='hidden' name=ChallResponse value=''>\n"); | 723 "<input type='hidden' name=CertRepContent value=''>\n" |
769 for (i=0;i<numChalls; i++) { | 724 "<input type='hidden' name=ChallResponse value=''>\n"); |
770 printf("<input type='hidden' name='chal%d' value='%d'>\n", | 725 for (i = 0; i < numChalls; i++) { |
771 » i+1, challInfo[i].random); | 726 printf("<input type='hidden' name='chal%d' value='%d'>\n", i + 1, |
| 727 challInfo[i].random); |
772 } | 728 } |
773 printf("<input type='hidden' name='nickname' value='%s'>\n", nickname); | 729 printf("<input type='hidden' name='nickname' value='%s'>\n", nickname); |
774 printf("</form>\n</body>\n</html>"); | 730 printf("</form>\n</body>\n</html>"); |
775 } | 731 } |
776 | 732 |
777 ErrorCode | 733 ErrorCode issueChallenge(CertResponseInfo *issuedCerts, int numCerts, |
778 issueChallenge(CertResponseInfo *issuedCerts, int numCerts,· | 734 ChallengeCreationInfo *challInfo, int numChalls, |
779 » ChallengeCreationInfo *challInfo, int numChalls, | 735 CERTCertificate *issuer, CGIVarTable *varTable) { |
780 » CERTCertificate *issuer, CGIVarTable *varTable) | |
781 { | |
782 ErrorCode rv = NO_ERROR; | 736 ErrorCode rv = NO_ERROR; |
783 CMMFPOPODecKeyChallContent *chalContent = NULL; | 737 CMMFPOPODecKeyChallContent *chalContent = NULL; |
784 int i; | 738 int i; |
785 SECStatus srv; | 739 SECStatus srv; |
786 PLArenaPool *poolp; | 740 PLArenaPool *poolp; |
787 CERTGeneralName *genName; | 741 CERTGeneralName *genName; |
788 SECItem *challDER = NULL; | 742 SECItem *challDER = NULL; |
789 char *chall64, *certRepContentDER; | 743 char *chall64, *certRepContentDER; |
790 | 744 |
791 rv = createCMMFResponse(issuedCerts, numCerts, issuer, | 745 rv = createCMMFResponse(issuedCerts, numCerts, issuer, &certRepContentDER); |
792 » » » &certRepContentDER); | |
793 if (rv != NO_ERROR) { | 746 if (rv != NO_ERROR) { |
794 goto loser; | 747 goto loser; |
795 } | 748 } |
796 chalContent = CMMF_CreatePOPODecKeyChallContent(); | 749 chalContent = CMMF_CreatePOPODecKeyChallContent(); |
797 if (chalContent == NULL) { | 750 if (chalContent == NULL) { |
798 rv = ERROR_CREATING_EMPTY_CHAL_CONTENT; | 751 rv = ERROR_CREATING_EMPTY_CHAL_CONTENT; |
799 goto loser; | 752 goto loser; |
800 } | 753 } |
801 poolp = PORT_NewArena(1024); | 754 poolp = PORT_NewArena(1024); |
802 if (poolp == NULL) { | 755 if (poolp == NULL) { |
803 rv = OUT_OF_MEMORY; | 756 rv = OUT_OF_MEMORY; |
804 goto loser; | 757 goto loser; |
805 } | 758 } |
806 genName = CERT_GetCertificateNames(issuer, poolp); | 759 genName = CERT_GetCertificateNames(issuer, poolp); |
807 if (genName == NULL) { | 760 if (genName == NULL) { |
808 rv = ERROR_EXTRACTING_GEN_NAME_FROM_ISSUER; | 761 rv = ERROR_EXTRACTING_GEN_NAME_FROM_ISSUER; |
809 goto loser; | 762 goto loser; |
810 } | 763 } |
811 for (i=0;i<numChalls;i++) { | 764 for (i = 0; i < numChalls; i++) { |
812 srv = CMMF_POPODecKeyChallContentSetNextChallenge(chalContent, | 765 srv = CMMF_POPODecKeyChallContentSetNextChallenge( |
813 » » » » » » challInfo[i].random, | 766 chalContent, challInfo[i].random, genName, challInfo[i].pubKey, |
814 » » » » » » genName, | 767 varTable); |
815 » » » » » » challInfo[i].pubKey, | |
816 » » » » » » varTable); | |
817 SECKEY_DestroyPublicKey(challInfo[i].pubKey); | 768 SECKEY_DestroyPublicKey(challInfo[i].pubKey); |
818 if (srv != SECSuccess) { | 769 if (srv != SECSuccess) { |
819 rv = ERROR_SETTING_CHALLENGE; | 770 rv = ERROR_SETTING_CHALLENGE; |
820 goto loser; | 771 goto loser; |
821 } | 772 } |
822 } | 773 } |
823 challDER = SEC_ASN1EncodeItem(NULL, NULL, chalContent,· | 774 challDER = SEC_ASN1EncodeItem(NULL, NULL, chalContent, |
824 » » » » CMMFPOPODecKeyChallContentTemplate); | 775 CMMFPOPODecKeyChallContentTemplate); |
825 if (challDER == NULL) { | 776 if (challDER == NULL) { |
826 rv = ERROR_ENCODING_CHALL; | 777 rv = ERROR_ENCODING_CHALL; |
827 goto loser; | 778 goto loser; |
828 } | 779 } |
829 chall64 = BTOA_DataToAscii(challDER->data, challDER->len); | 780 chall64 = BTOA_DataToAscii(challDER->data, challDER->len); |
830 SECITEM_FreeItem(challDER, PR_TRUE); | 781 SECITEM_FreeItem(challDER, PR_TRUE); |
831 if (chall64 == NULL) { | 782 if (chall64 == NULL) { |
832 rv = ERROR_CONVERTING_CHALL_TO_BASE64; | 783 rv = ERROR_CONVERTING_CHALL_TO_BASE64; |
833 goto loser; | 784 goto loser; |
834 } | 785 } |
835 spitOutChallenge(chall64, certRepContentDER, challInfo, numChalls, | 786 spitOutChallenge(chall64, certRepContentDER, challInfo, numChalls, |
836 » » getNickname(issuedCerts[0].cert)); | 787 getNickname(issuedCerts[0].cert)); |
837 loser: | 788 loser: |
838 return rv; | 789 return rv; |
839 } | 790 } |
840 | 791 |
841 | 792 ErrorCode processRequest(CGIVarTable *varTable) { |
842 ErrorCode | |
843 processRequest(CGIVarTable *varTable) | |
844 { | |
845 CERTCertDBHandle *certdb; | 793 CERTCertDBHandle *certdb; |
846 SECKEYKeyDBHandle *keydb; | 794 SECKEYKeyDBHandle *keydb; |
847 CRMFCertReqMessages *certReqs = NULL; | 795 CRMFCertReqMessages *certReqs = NULL; |
848 const char *crmfReq; | 796 const char *crmfReq; |
849 const char *caNickname; | 797 const char *caNickname; |
850 CERTCertificate *caCert = NULL; | 798 CERTCertificate *caCert = NULL; |
851 CertResponseInfo *issuedCerts = NULL; | 799 CertResponseInfo *issuedCerts = NULL; |
852 CERTSubjectPublicKeyInfo spki = { 0 }; | 800 CERTSubjectPublicKeyInfo spki = {0}; |
853 ErrorCode rv=NO_ERROR; | 801 ErrorCode rv = NO_ERROR; |
854 PRBool doChallengeResponse = PR_FALSE; | 802 PRBool doChallengeResponse = PR_FALSE; |
855 SECItem der = { 0 }; | 803 SECItem der = {0}; |
856 SECStatus srv; | 804 SECStatus srv; |
857 CERTCertificateRequest oldCertReq = { 0 }; | 805 CERTCertificateRequest oldCertReq = {0}; |
858 CRMFCertReqMsg **reqMsgs = NULL,*currReq = NULL; | 806 CRMFCertReqMsg **reqMsgs = NULL, *currReq = NULL; |
859 CRMFCertRequest **reqs = NULL, *certReq = NULL; | 807 CRMFCertRequest **reqs = NULL, *certReq = NULL; |
860 CERTName subject = { 0 }; | 808 CERTName subject = {0}; |
861 int numReqs,i; | 809 int numReqs, i; |
862 ChallengeCreationInfo *challInfo=NULL; | 810 ChallengeCreationInfo *challInfo = NULL; |
863 int numChalls = 0; | 811 int numChalls = 0; |
864 | 812 |
865 certdb = CERT_GetDefaultCertDB(); | 813 certdb = CERT_GetDefaultCertDB(); |
866 keydb = SECKEY_GetDefaultKeyDB(); | 814 keydb = SECKEY_GetDefaultKeyDB(); |
867 crmfReq = CGITableFindValue(varTable, "CRMFRequest"); | 815 crmfReq = CGITableFindValue(varTable, "CRMFRequest"); |
868 if (crmfReq == NULL) { | 816 if (crmfReq == NULL) { |
869 rv = CGI_VAR_MISSING; | 817 rv = CGI_VAR_MISSING; |
870 missingVar = "CRMFRequest"; | 818 missingVar = "CRMFRequest"; |
871 goto loser; | 819 goto loser; |
872 } | 820 } |
(...skipping 14 matching lines...) Expand all Loading... |
887 goto loser; | 835 goto loser; |
888 } | 836 } |
889 certReqs = CRMF_CreateCertReqMessagesFromDER(der.data, der.len); | 837 certReqs = CRMF_CreateCertReqMessagesFromDER(der.data, der.len); |
890 SECITEM_FreeItem(&der, PR_FALSE); | 838 SECITEM_FreeItem(&der, PR_FALSE); |
891 if (certReqs == NULL) { | 839 if (certReqs == NULL) { |
892 rv = COULD_NOT_DECODE_REQS; | 840 rv = COULD_NOT_DECODE_REQS; |
893 goto loser; | 841 goto loser; |
894 } | 842 } |
895 numReqs = CRMF_CertReqMessagesGetNumMessages(certReqs); | 843 numReqs = CRMF_CertReqMessagesGetNumMessages(certReqs); |
896 issuedCerts = PORT_ZNewArray(CertResponseInfo, numReqs); | 844 issuedCerts = PORT_ZNewArray(CertResponseInfo, numReqs); |
897 challInfo = PORT_ZNewArray(ChallengeCreationInfo, numReqs); | 845 challInfo = PORT_ZNewArray(ChallengeCreationInfo, numReqs); |
898 if (issuedCerts == NULL || challInfo == NULL) { | 846 if (issuedCerts == NULL || challInfo == NULL) { |
899 rv = OUT_OF_MEMORY; | 847 rv = OUT_OF_MEMORY; |
900 goto loser; | 848 goto loser; |
901 } | 849 } |
902 reqMsgs = PORT_ZNewArray(CRMFCertReqMsg*, numReqs); | 850 reqMsgs = PORT_ZNewArray(CRMFCertReqMsg *, numReqs); |
903 reqs = PORT_ZNewArray(CRMFCertRequest*, numReqs); | 851 reqs = PORT_ZNewArray(CRMFCertRequest *, numReqs); |
904 if (reqMsgs == NULL || reqs == NULL) { | 852 if (reqMsgs == NULL || reqs == NULL) { |
905 rv = OUT_OF_MEMORY; | 853 rv = OUT_OF_MEMORY; |
906 goto loser; | 854 goto loser; |
907 } | 855 } |
908 for (i=0; i<numReqs; i++) { | 856 for (i = 0; i < numReqs; i++) { |
909 currReq = reqMsgs[i] =· | 857 currReq = reqMsgs[i] = |
910 CRMF_CertReqMessagesGetCertReqMsgAtIndex(certReqs, i); | 858 CRMF_CertReqMessagesGetCertReqMsgAtIndex(certReqs, i); |
911 if (currReq == NULL) { | 859 if (currReq == NULL) { |
912 rv = ERROR_RETRIEVING_REQUEST_MSG; | 860 rv = ERROR_RETRIEVING_REQUEST_MSG; |
913 goto loser; | 861 goto loser; |
914 } | 862 } |
915 certReq = reqs[i] = CRMF_CertReqMsgGetCertRequest(currReq); | 863 certReq = reqs[i] = CRMF_CertReqMsgGetCertRequest(currReq); |
916 if (certReq == NULL) { | 864 if (certReq == NULL) { |
917 rv = ERROR_RETRIEVING_CERT_REQUEST; | 865 rv = ERROR_RETRIEVING_CERT_REQUEST; |
918 goto loser; | 866 goto loser; |
919 } | 867 } |
920 srv = CRMF_CertRequestGetCertTemplateSubject(certReq, &subject); | 868 srv = CRMF_CertRequestGetCertTemplateSubject(certReq, &subject); |
921 if (srv != SECSuccess) { | 869 if (srv != SECSuccess) { |
922 rv = ERROR_RETRIEVING_SUBJECT_FROM_REQ; | 870 rv = ERROR_RETRIEVING_SUBJECT_FROM_REQ; |
923 goto loser; | 871 goto loser; |
924 } | 872 } |
925 srv = CRMF_CertRequestGetCertTemplatePublicKey(certReq, &spki); | 873 srv = CRMF_CertRequestGetCertTemplatePublicKey(certReq, &spki); |
926 if (srv != SECSuccess) { | 874 if (srv != SECSuccess) { |
927 rv = ERROR_RETRIEVING_PUBLIC_KEY_FROM_REQ; | 875 rv = ERROR_RETRIEVING_PUBLIC_KEY_FROM_REQ; |
928 goto loser; | 876 goto loser; |
929 } | 877 } |
930 rv = initOldCertReq(&oldCertReq, &subject, &spki); | 878 rv = initOldCertReq(&oldCertReq, &subject, &spki); |
931 if (rv != NO_ERROR) { | 879 if (rv != NO_ERROR) { |
932 goto loser; | 880 goto loser; |
933 } | 881 } |
934 rv = createNewCert(&issuedCerts[i].cert, &oldCertReq, currReq, certReq,· | 882 rv = createNewCert(&issuedCerts[i].cert, &oldCertReq, currReq, certReq, |
935 » » caCert, varTable); | 883 caCert, varTable); |
936 if (rv != NO_ERROR) { | 884 if (rv != NO_ERROR) { |
937 goto loser; | 885 goto loser; |
938 } | 886 } |
939 rv = doProofOfPossession(varTable, currReq, certReq, issuedCerts[i].cert, | 887 rv = doProofOfPossession(varTable, currReq, certReq, issuedCerts[i].cert, |
940 » » » challInfo, &numChalls); | 888 challInfo, &numChalls); |
941 if (rv != NO_ERROR) { | 889 if (rv != NO_ERROR) { |
942 if (rv == DO_CHALLENGE_RESPONSE) { | 890 if (rv == DO_CHALLENGE_RESPONSE) { |
943 » doChallengeResponse = PR_TRUE; | 891 doChallengeResponse = PR_TRUE; |
944 } else { | 892 } else { |
945 » goto loser; | 893 goto loser; |
946 } | 894 } |
947 } | 895 } |
948 CRMF_CertReqMsgGetID(currReq, &issuedCerts[i].certReqID); | 896 CRMF_CertReqMsgGetID(currReq, &issuedCerts[i].certReqID); |
949 CRMF_DestroyCertReqMsg(currReq); | 897 CRMF_DestroyCertReqMsg(currReq); |
950 CRMF_DestroyCertRequest(certReq); | 898 CRMF_DestroyCertRequest(certReq); |
951 } | 899 } |
952 if (doChallengeResponse) { | 900 if (doChallengeResponse) { |
953 rv = issueChallenge(issuedCerts, numReqs, challInfo, numChalls, caCert, | 901 rv = issueChallenge(issuedCerts, numReqs, challInfo, numChalls, caCert, |
954 » » » varTable); | 902 varTable); |
955 } else { | 903 } else { |
956 rv = issueCerts(issuedCerts, numReqs, caCert); | 904 rv = issueCerts(issuedCerts, numReqs, caCert); |
957 } | 905 } |
958 loser: | 906 loser: |
959 if (certReqs != NULL) { | 907 if (certReqs != NULL) { |
960 CRMF_DestroyCertReqMessages(certReqs); | 908 CRMF_DestroyCertReqMessages(certReqs); |
961 } | 909 } |
962 return rv; | 910 return rv; |
963 } | 911 } |
964 | 912 |
965 ErrorCode | 913 ErrorCode processChallengeResponse(CGIVarTable *varTable, |
966 processChallengeResponse(CGIVarTable *varTable, const char *certRepContent) | 914 const char *certRepContent) { |
967 { | 915 SECItem binDER = {0}; |
968 SECItem binDER = { 0 }; | |
969 SECStatus srv; | 916 SECStatus srv; |
970 ErrorCode rv = NO_ERROR; | 917 ErrorCode rv = NO_ERROR; |
971 const char *clientResponse; | 918 const char *clientResponse; |
972 const char *formChalValue; | 919 const char *formChalValue; |
973 const char *nickname; | 920 const char *nickname; |
974 CMMFPOPODecKeyRespContent *respContent = NULL; | 921 CMMFPOPODecKeyRespContent *respContent = NULL; |
975 int numResponses,i; | 922 int numResponses, i; |
976 long curResponse, expectedResponse; | 923 long curResponse, expectedResponse; |
977 char cgiChalVar[10]; | 924 char cgiChalVar[10]; |
978 #ifdef WRITE_OUT_RESPONSE | 925 #ifdef WRITE_OUT_RESPONSE |
979 SECItem certRepBinDER = { 0 }; | 926 SECItem certRepBinDER = {0}; |
980 | 927 |
981 ATOB_ConvertAsciiToItem(&certRepBinDER, certRepContent); | 928 ATOB_ConvertAsciiToItem(&certRepBinDER, certRepContent); |
982 writeOutItem("challCertRepContent.der", &certRepBinDER); | 929 writeOutItem("challCertRepContent.der", &certRepBinDER); |
983 PORT_Free(certRepBinDER.data); | 930 PORT_Free(certRepBinDER.data); |
984 #endif | 931 #endif |
985 clientResponse = CGITableFindValue(varTable, "ChallResponse"); | 932 clientResponse = CGITableFindValue(varTable, "ChallResponse"); |
986 if (clientResponse == NULL) { | 933 if (clientResponse == NULL) { |
987 rv = REQ_CGI_VAR_NOT_PRESENT; | 934 rv = REQ_CGI_VAR_NOT_PRESENT; |
988 missingVar = "ChallResponse"; | 935 missingVar = "ChallResponse"; |
989 goto loser; | 936 goto loser; |
990 } | 937 } |
991 srv = ATOB_ConvertAsciiToItem(&binDER, clientResponse); | 938 srv = ATOB_ConvertAsciiToItem(&binDER, clientResponse); |
992 if (srv != SECSuccess) { | 939 if (srv != SECSuccess) { |
993 rv = ERROR_CONVERTING_RESP_FROM_CHALL_TO_BIN; | 940 rv = ERROR_CONVERTING_RESP_FROM_CHALL_TO_BIN; |
994 goto loser; | 941 goto loser; |
995 } | 942 } |
996 respContent = CMMF_CreatePOPODecKeyRespContentFromDER(binDER.data, | 943 respContent = |
997 » » » » » » » binDER.len); | 944 CMMF_CreatePOPODecKeyRespContentFromDER(binDER.data, binDER.len); |
998 SECITEM_FreeItem(&binDER, PR_FALSE); | 945 SECITEM_FreeItem(&binDER, PR_FALSE); |
999 binDER.data = NULL; | 946 binDER.data = NULL; |
1000 if (respContent == NULL) { | 947 if (respContent == NULL) { |
1001 rv = ERROR_CREATING_KEY_RESP_FROM_DER; | 948 rv = ERROR_CREATING_KEY_RESP_FROM_DER; |
1002 goto loser; | 949 goto loser; |
1003 } | 950 } |
1004 numResponses = CMMF_POPODecKeyRespContentGetNumResponses(respContent); | 951 numResponses = CMMF_POPODecKeyRespContentGetNumResponses(respContent); |
1005 for (i=0;i<numResponses;i++){ | 952 for (i = 0; i < numResponses; i++) { |
1006 srv = CMMF_POPODecKeyRespContentGetResponse(respContent,i,&curResponse); | 953 srv = CMMF_POPODecKeyRespContentGetResponse(respContent, i, &curResponse); |
1007 if (srv != SECSuccess) { | 954 if (srv != SECSuccess) { |
1008 rv = ERROR_RETRIEVING_CLIENT_RESPONSE_TO_CHALLENGE; | 955 rv = ERROR_RETRIEVING_CLIENT_RESPONSE_TO_CHALLENGE; |
1009 goto loser; | 956 goto loser; |
1010 } | 957 } |
1011 sprintf(cgiChalVar, "chal%d", i+1); | 958 sprintf(cgiChalVar, "chal%d", i + 1); |
1012 formChalValue = CGITableFindValue(varTable, cgiChalVar); | 959 formChalValue = CGITableFindValue(varTable, cgiChalVar); |
1013 if (formChalValue == NULL) { | 960 if (formChalValue == NULL) { |
1014 rv = REQ_CGI_VAR_NOT_PRESENT; | 961 rv = REQ_CGI_VAR_NOT_PRESENT; |
1015 missingVar = strdup(cgiChalVar); | 962 missingVar = strdup(cgiChalVar); |
1016 goto loser; | 963 goto loser; |
1017 } | 964 } |
1018 sscanf(formChalValue, "%ld", &expectedResponse); | 965 sscanf(formChalValue, "%ld", &expectedResponse); |
1019 if (expectedResponse != curResponse) { | 966 if (expectedResponse != curResponse) { |
1020 rv = ERROR_RETURNED_CHALL_NOT_VALUE_EXPECTED; | 967 rv = ERROR_RETURNED_CHALL_NOT_VALUE_EXPECTED; |
1021 goto loser; | 968 goto loser; |
1022 } | 969 } |
1023 } | 970 } |
1024 nickname = CGITableFindValue(varTable, "nickname"); | 971 nickname = CGITableFindValue(varTable, "nickname"); |
1025 if (nickname == NULL) { | 972 if (nickname == NULL) { |
1026 rv = REQ_CGI_VAR_NOT_PRESENT; | 973 rv = REQ_CGI_VAR_NOT_PRESENT; |
1027 missingVar = "nickname"; | 974 missingVar = "nickname"; |
1028 goto loser; | 975 goto loser; |
1029 } | 976 } |
1030 spitOutCMMFResponse(nickname, certRepContent); | 977 spitOutCMMFResponse(nickname, certRepContent); |
1031 loser: | 978 loser: |
1032 if (respContent != NULL) { | 979 if (respContent != NULL) { |
1033 CMMF_DestroyPOPODecKeyRespContent(respContent); | 980 CMMF_DestroyPOPODecKeyRespContent(respContent); |
1034 } | 981 } |
1035 return rv; | 982 return rv; |
1036 } | 983 } |
1037 | 984 |
1038 int | 985 int main() { |
1039 main() | |
1040 { | |
1041 char *form_output = NULL; | 986 char *form_output = NULL; |
1042 int form_output_len, form_output_used; | 987 int form_output_len, form_output_used; |
1043 CGIVarTable varTable = { 0 }; | 988 CGIVarTable varTable = {0}; |
1044 ErrorCode errNum = 0; | 989 ErrorCode errNum = 0; |
1045 char *certRepContent; | 990 char *certRepContent; |
1046 | 991 |
1047 #ifdef ATTACH_CGI | 992 #ifdef ATTACH_CGI |
1048 /* Put an ifinite loop in here so I can attach to | 993 /* Put an ifinite loop in here so I can attach to |
1049 * the process after the process is spun off | 994 * the process after the process is spun off |
1050 */ | 995 */ |
1051 { int stupid = 1; | 996 { |
1052 while (stupid); | 997 int stupid = 1; |
| 998 while (stupid) |
| 999 ; |
1053 } | 1000 } |
1054 #endif | 1001 #endif |
1055 | 1002 |
1056 form_output_used = 0; | 1003 form_output_used = 0; |
1057 srand(time(NULL)); | 1004 srand(time(NULL)); |
1058 while (feof(stdin) == 0) { | 1005 while (feof(stdin) == 0) { |
1059 if (form_output == NULL) { | 1006 if (form_output == NULL) { |
1060 form_output = PORT_NewArray(char, DEFAULT_ALLOC_SIZE+1); | 1007 form_output = PORT_NewArray(char, DEFAULT_ALLOC_SIZE + 1); |
1061 form_output_len = DEFAULT_ALLOC_SIZE; | 1008 form_output_len = DEFAULT_ALLOC_SIZE; |
1062 } else if ((form_output_used + DEFAULT_ALLOC_SIZE) >= form_output_len) { | 1009 } else if ((form_output_used + DEFAULT_ALLOC_SIZE) >= form_output_len) { |
1063 form_output_len += DEFAULT_ALLOC_SIZE; | 1010 form_output_len += DEFAULT_ALLOC_SIZE; |
1064 form_output = PORT_Realloc(form_output, form_output_len+1); | 1011 form_output = PORT_Realloc(form_output, form_output_len + 1); |
1065 } | 1012 } |
1066 form_output_used += fread(&form_output[form_output_used], sizeof(char),· | 1013 form_output_used += fread(&form_output[form_output_used], sizeof(char), |
1067 » » » DEFAULT_ALLOC_SIZE, stdin); | 1014 DEFAULT_ALLOC_SIZE, stdin); |
1068 } | 1015 } |
1069 ParseInputVariables(&varTable, form_output); | 1016 ParseInputVariables(&varTable, form_output); |
1070 certRepContent = CGITableFindValue(&varTable, "CertRepContent"); | 1017 certRepContent = CGITableFindValue(&varTable, "CertRepContent"); |
1071 if (certRepContent == NULL) { | 1018 if (certRepContent == NULL) { |
1072 errNum = initNSS(&varTable); | 1019 errNum = initNSS(&varTable); |
1073 if (errNum != 0) { | 1020 if (errNum != 0) { |
1074 goto loser; | 1021 goto loser; |
1075 } | 1022 } |
1076 errNum = processRequest(&varTable); | 1023 errNum = processRequest(&varTable); |
1077 } else { | 1024 } else { |
1078 errNum = processChallengeResponse(&varTable, certRepContent); | 1025 errNum = processChallengeResponse(&varTable, certRepContent); |
1079 } | 1026 } |
1080 if (errNum != NO_ERROR) { | 1027 if (errNum != NO_ERROR) { |
1081 goto loser; | 1028 goto loser; |
1082 } | 1029 } |
1083 goto done; | 1030 goto done; |
1084 loser: | 1031 loser: |
1085 dumpErrorMessage(errNum); | 1032 dumpErrorMessage(errNum); |
1086 done: | 1033 done: |
1087 free (form_output); | 1034 free(form_output); |
1088 return 0; | 1035 return 0; |
1089 } | 1036 } |
1090 | |
OLD | NEW |