Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(630)

Unified Diff: cmd/ocspresp/ocspresp.c

Issue 201830043: Bug 1118245 - Apply uniform style across NSS
Patch Set: Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « cmd/ocspclnt/ocspclnt.c ('k') | cmd/oidcalc/oidcalc.c » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: cmd/ocspresp/ocspresp.c
===================================================================
--- a/cmd/ocspresp/ocspresp.c
+++ b/cmd/ocspresp/ocspresp.c
@@ -18,231 +18,209 @@
#if defined(XP_UNIX)
#include <unistd.h>
#endif
#include <stdio.h>
#include <string.h>
-secuPWData pwdata = { PW_NONE, 0 };
+secuPWData pwdata = {PW_NONE, 0};
-static PRBool
-getCaAndSubjectCert(CERTCertDBHandle *certHandle,
- const char *caNick, const char *eeNick,
- CERTCertificate **outCA, CERTCertificate **outCert)
-{
- *outCA = CERT_FindCertByNickname(certHandle, caNick);
- *outCert = CERT_FindCertByNickname(certHandle, eeNick);
- return *outCA && *outCert;
+static PRBool getCaAndSubjectCert(CERTCertDBHandle *certHandle,
+ const char *caNick, const char *eeNick,
+ CERTCertificate **outCA,
+ CERTCertificate **outCert) {
+ *outCA = CERT_FindCertByNickname(certHandle, caNick);
+ *outCert = CERT_FindCertByNickname(certHandle, eeNick);
+ return *outCA && *outCert;
}
-static SECItem *
-encode(PLArenaPool *arena, CERTOCSPCertID *cid, CERTCertificate *ca)
-{
- SECItem *response;
- PRTime now = PR_Now();
- PRTime nextUpdate;
- CERTOCSPSingleResponse **responses;
- CERTOCSPSingleResponse *sr;
+static SECItem *encode(PLArenaPool *arena, CERTOCSPCertID *cid,
+ CERTCertificate *ca) {
+ SECItem *response;
+ PRTime now = PR_Now();
+ PRTime nextUpdate;
+ CERTOCSPSingleResponse **responses;
+ CERTOCSPSingleResponse *sr;
- if (!arena)
- return NULL;
+ if (!arena) return NULL;
- nextUpdate = now + 10 * PR_USEC_PER_SEC; /* in the future */
-
- sr = CERT_CreateOCSPSingleResponseGood(arena, cid, now, &nextUpdate);
+ nextUpdate = now + 10 * PR_USEC_PER_SEC; /* in the future */
- /* meaning of value 2: one entry + one end marker */
- responses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse*, 2);
- if (responses == NULL)
- return NULL;
-
- responses[0] = sr;
- responses[1] = NULL;
-
- response = CERT_CreateEncodedOCSPSuccessResponse(
- arena, ca, ocspResponderID_byName, now, responses, &pwdata);
+ sr = CERT_CreateOCSPSingleResponseGood(arena, cid, now, &nextUpdate);
- return response;
+ /* meaning of value 2: one entry + one end marker */
+ responses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse *, 2);
+ if (responses == NULL) return NULL;
+
+ responses[0] = sr;
+ responses[1] = NULL;
+
+ response = CERT_CreateEncodedOCSPSuccessResponse(
+ arena, ca, ocspResponderID_byName, now, responses, &pwdata);
+
+ return response;
}
-static SECItem *
-encodeRevoked(PLArenaPool *arena, CERTOCSPCertID *cid, CERTCertificate *ca)
-{
- SECItem *response;
- PRTime now = PR_Now();
- PRTime revocationTime;
- CERTOCSPSingleResponse **responses;
- CERTOCSPSingleResponse *sr;
+static SECItem *encodeRevoked(PLArenaPool *arena, CERTOCSPCertID *cid,
+ CERTCertificate *ca) {
+ SECItem *response;
+ PRTime now = PR_Now();
+ PRTime revocationTime;
+ CERTOCSPSingleResponse **responses;
+ CERTOCSPSingleResponse *sr;
- if (!arena)
- return NULL;
+ if (!arena) return NULL;
- revocationTime = now - 10 * PR_USEC_PER_SEC; /* in the past */
+ revocationTime = now - 10 * PR_USEC_PER_SEC; /* in the past */
- sr = CERT_CreateOCSPSingleResponseRevoked(arena, cid, now, NULL,
- revocationTime, NULL);
+ sr = CERT_CreateOCSPSingleResponseRevoked(arena, cid, now, NULL,
+ revocationTime, NULL);
- /* meaning of value 2: one entry + one end marker */
- responses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse*, 2);
- if (responses == NULL)
- return NULL;
+ /* meaning of value 2: one entry + one end marker */
+ responses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse *, 2);
+ if (responses == NULL) return NULL;
- responses[0] = sr;
- responses[1] = NULL;
+ responses[0] = sr;
+ responses[1] = NULL;
- response = CERT_CreateEncodedOCSPSuccessResponse(
- arena, ca, ocspResponderID_byName, now, responses, &pwdata);
+ response = CERT_CreateEncodedOCSPSuccessResponse(
+ arena, ca, ocspResponderID_byName, now, responses, &pwdata);
- return response;
+ return response;
}
-int Usage(void)
-{
- PRFileDesc *pr_stderr = PR_STDERR;
- PR_fprintf (pr_stderr, "ocspresp runs an internal selftest for OCSP response creation");
- PR_fprintf (pr_stderr, "Usage:");
- PR_fprintf (pr_stderr,
- "\tocspresp <dbdir> <CA-nick> <EE-nick> [-p <pass>] [-f <file>]\n");
- PR_fprintf (pr_stderr,
- "\tdbdir: Find security databases in \"dbdir\"\n");
- PR_fprintf (pr_stderr,
- "\tCA-nick: nickname of a trusted CA certificate with private key\n");
- PR_fprintf (pr_stderr,
- "\tEE-nick: nickname of a entity cert issued by CA\n");
- PR_fprintf (pr_stderr,
- "\t-p: a password for db\n");
- PR_fprintf (pr_stderr,
- "\t-f: a filename containing the password for db\n");
- return -1;
+int Usage(void) {
+ PRFileDesc *pr_stderr = PR_STDERR;
+ PR_fprintf(pr_stderr,
+ "ocspresp runs an internal selftest for OCSP response creation");
+ PR_fprintf(pr_stderr, "Usage:");
+ PR_fprintf(
+ pr_stderr,
+ "\tocspresp <dbdir> <CA-nick> <EE-nick> [-p <pass>] [-f <file>]\n");
+ PR_fprintf(pr_stderr, "\tdbdir: Find security databases in \"dbdir\"\n");
+ PR_fprintf(
+ pr_stderr,
+ "\tCA-nick: nickname of a trusted CA certificate with private key\n");
+ PR_fprintf(pr_stderr, "\tEE-nick: nickname of a entity cert issued by CA\n");
+ PR_fprintf(pr_stderr, "\t-p: a password for db\n");
+ PR_fprintf(pr_stderr,
+ "\t-f: a filename containing the password for db\n");
+ return -1;
}
-int
-main(int argc, char **argv)
-{
- SECStatus rv;
- int retval = -1;
- CERTCertDBHandle *certHandle = NULL;
- CERTCertificate *caCert = NULL, *cert = NULL;
- CERTOCSPCertID *cid = NULL;
- PLArenaPool *arena = NULL;
- PRTime now = PR_Now();
-
- SECItem *encoded = NULL;
- CERTOCSPResponse *decoded = NULL;
- SECStatus statusDecoded;
+int main(int argc, char **argv) {
+ SECStatus rv;
+ int retval = -1;
+ CERTCertDBHandle *certHandle = NULL;
+ CERTCertificate *caCert = NULL, *cert = NULL;
+ CERTOCSPCertID *cid = NULL;
+ PLArenaPool *arena = NULL;
+ PRTime now = PR_Now();
- SECItem *encodedRev = NULL;
- CERTOCSPResponse *decodedRev = NULL;
- SECStatus statusDecodedRev;
-
- SECItem *encodedFail = NULL;
- CERTOCSPResponse *decodedFail = NULL;
- SECStatus statusDecodedFail;
+ SECItem *encoded = NULL;
+ CERTOCSPResponse *decoded = NULL;
+ SECStatus statusDecoded;
- CERTCertificate *obtainedSignerCert = NULL;
+ SECItem *encodedRev = NULL;
+ CERTOCSPResponse *decodedRev = NULL;
+ SECStatus statusDecodedRev;
- if (argc != 4 && argc != 6) {
- return Usage();
- }
+ SECItem *encodedFail = NULL;
+ CERTOCSPResponse *decodedFail = NULL;
+ SECStatus statusDecodedFail;
- if (argc == 6) {
- if (!strcmp(argv[4], "-p")) {
- pwdata.source = PW_PLAINTEXT;
- pwdata.data = PORT_Strdup(argv[5]);
- }
- else if (!strcmp(argv[4], "-f")) {
- pwdata.source = PW_FROMFILE;
- pwdata.data = PORT_Strdup(argv[5]);
- }
- else
- return Usage();
- }
+ CERTCertificate *obtainedSignerCert = NULL;
- PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
- /*rv = NSS_Init(SECU_ConfigDirectory(NULL));*/
- rv = NSS_Init(argv[1]);
- if (rv != SECSuccess) {
- SECU_PrintPRandOSError(argv[0]);
- goto loser;
- }
+ if (argc != 4 && argc != 6) {
+ return Usage();
+ }
- PK11_SetPasswordFunc(SECU_GetModulePassword);
+ if (argc == 6) {
+ if (!strcmp(argv[4], "-p")) {
+ pwdata.source = PW_PLAINTEXT;
+ pwdata.data = PORT_Strdup(argv[5]);
+ } else if (!strcmp(argv[4], "-f")) {
+ pwdata.source = PW_FROMFILE;
+ pwdata.data = PORT_Strdup(argv[5]);
+ } else
+ return Usage();
+ }
- certHandle = CERT_GetDefaultCertDB();
- if (!certHandle)
- goto loser;
+ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+ /*rv = NSS_Init(SECU_ConfigDirectory(NULL));*/
+ rv = NSS_Init(argv[1]);
+ if (rv != SECSuccess) {
+ SECU_PrintPRandOSError(argv[0]);
+ goto loser;
+ }
- if (!getCaAndSubjectCert(certHandle, argv[2], argv[3], &caCert, &cert))
- goto loser;
+ PK11_SetPasswordFunc(SECU_GetModulePassword);
- cid = CERT_CreateOCSPCertID(cert, now);
+ certHandle = CERT_GetDefaultCertDB();
+ if (!certHandle) goto loser;
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- encoded = encode(arena, cid, caCert);
- PORT_Assert(encoded);
- decoded = CERT_DecodeOCSPResponse(encoded);
- statusDecoded = CERT_GetOCSPResponseStatus(decoded);
- PORT_Assert(statusDecoded == SECSuccess);
+ if (!getCaAndSubjectCert(certHandle, argv[2], argv[3], &caCert, &cert))
+ goto loser;
- statusDecoded = CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata,
- &obtainedSignerCert, caCert);
- PORT_Assert(statusDecoded == SECSuccess);
- statusDecoded = CERT_GetOCSPStatusForCertID(certHandle, decoded, cid,
- obtainedSignerCert, now);
- PORT_Assert(statusDecoded == SECSuccess);
- CERT_DestroyCertificate(obtainedSignerCert);
+ cid = CERT_CreateOCSPCertID(cert, now);
- encodedRev = encodeRevoked(arena, cid, caCert);
- PORT_Assert(encodedRev);
- decodedRev = CERT_DecodeOCSPResponse(encodedRev);
- statusDecodedRev = CERT_GetOCSPResponseStatus(decodedRev);
- PORT_Assert(statusDecodedRev == SECSuccess);
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ encoded = encode(arena, cid, caCert);
+ PORT_Assert(encoded);
+ decoded = CERT_DecodeOCSPResponse(encoded);
+ statusDecoded = CERT_GetOCSPResponseStatus(decoded);
+ PORT_Assert(statusDecoded == SECSuccess);
- statusDecodedRev = CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata,
- &obtainedSignerCert, caCert);
- PORT_Assert(statusDecodedRev == SECSuccess);
- statusDecodedRev = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid,
- obtainedSignerCert, now);
- PORT_Assert(statusDecodedRev == SECFailure);
- PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE);
- CERT_DestroyCertificate(obtainedSignerCert);
-
- encodedFail = CERT_CreateEncodedOCSPErrorResponse(
- arena, SEC_ERROR_OCSP_TRY_SERVER_LATER);
- PORT_Assert(encodedFail);
- decodedFail = CERT_DecodeOCSPResponse(encodedFail);
- statusDecodedFail = CERT_GetOCSPResponseStatus(decodedFail);
- PORT_Assert(statusDecodedFail == SECFailure);
- PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER);
+ statusDecoded = CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata,
+ &obtainedSignerCert, caCert);
+ PORT_Assert(statusDecoded == SECSuccess);
+ statusDecoded = CERT_GetOCSPStatusForCertID(certHandle, decoded, cid,
+ obtainedSignerCert, now);
+ PORT_Assert(statusDecoded == SECSuccess);
+ CERT_DestroyCertificate(obtainedSignerCert);
- retval = 0;
+ encodedRev = encodeRevoked(arena, cid, caCert);
+ PORT_Assert(encodedRev);
+ decodedRev = CERT_DecodeOCSPResponse(encodedRev);
+ statusDecodedRev = CERT_GetOCSPResponseStatus(decodedRev);
+ PORT_Assert(statusDecodedRev == SECSuccess);
+
+ statusDecodedRev = CERT_VerifyOCSPResponseSignature(
+ decodedRev, certHandle, &pwdata, &obtainedSignerCert, caCert);
+ PORT_Assert(statusDecodedRev == SECSuccess);
+ statusDecodedRev = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid,
+ obtainedSignerCert, now);
+ PORT_Assert(statusDecodedRev == SECFailure);
+ PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE);
+ CERT_DestroyCertificate(obtainedSignerCert);
+
+ encodedFail = CERT_CreateEncodedOCSPErrorResponse(
+ arena, SEC_ERROR_OCSP_TRY_SERVER_LATER);
+ PORT_Assert(encodedFail);
+ decodedFail = CERT_DecodeOCSPResponse(encodedFail);
+ statusDecodedFail = CERT_GetOCSPResponseStatus(decodedFail);
+ PORT_Assert(statusDecodedFail == SECFailure);
+ PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER);
+
+ retval = 0;
loser:
- if (retval != 0)
- SECU_PrintError(argv[0], "tests failed");
-
- if (cid)
- CERT_DestroyOCSPCertID(cid);
- if (cert)
- CERT_DestroyCertificate(cert);
- if (caCert)
- CERT_DestroyCertificate(caCert);
- if (arena)
- PORT_FreeArena(arena, PR_FALSE);
- if (decoded)
- CERT_DestroyOCSPResponse(decoded);
- if (decodedRev)
- CERT_DestroyOCSPResponse(decodedRev);
- if (decodedFail)
- CERT_DestroyOCSPResponse(decodedFail);
- if (pwdata.data) {
- PORT_Free(pwdata.data);
- }
-
- if (NSS_Shutdown() != SECSuccess) {
- SECU_PrintError(argv[0], "NSS shutdown:");
- if (retval == 0)
- retval = -2;
- }
+ if (retval != 0) SECU_PrintError(argv[0], "tests failed");
- return retval;
+ if (cid) CERT_DestroyOCSPCertID(cid);
+ if (cert) CERT_DestroyCertificate(cert);
+ if (caCert) CERT_DestroyCertificate(caCert);
+ if (arena) PORT_FreeArena(arena, PR_FALSE);
+ if (decoded) CERT_DestroyOCSPResponse(decoded);
+ if (decodedRev) CERT_DestroyOCSPResponse(decodedRev);
+ if (decodedFail) CERT_DestroyOCSPResponse(decodedFail);
+ if (pwdata.data) {
+ PORT_Free(pwdata.data);
+ }
+
+ if (NSS_Shutdown() != SECSuccess) {
+ SECU_PrintError(argv[0], "NSS shutdown:");
+ if (retval == 0) retval = -2;
+ }
+
+ return retval;
}
« no previous file with comments | « cmd/ocspclnt/ocspclnt.c ('k') | cmd/oidcalc/oidcalc.c » ('j') | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b