Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(411)

Unified Diff: cmd/signtool/certgen.c

Issue 201830043: Bug 1118245 - Apply uniform style across NSS
Patch Set: Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « cmd/shlibsign/shlibsign.c ('k') | cmd/signtool/javascript.c » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: cmd/signtool/certgen.c
===================================================================
--- a/cmd/signtool/certgen.c
+++ b/cmd/signtool/certgen.c
@@ -3,707 +3,675 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "signtool.h"
#include "secoid.h"
#include "cryptohi.h"
#include "certdb.h"
-static char *GetSubjectFromUser(unsigned long serial);
-static CERTCertificate*GenerateSelfSignedObjectSigningCert(char *nickname,
- CERTCertDBHandle *db, char *subject, unsigned long serial, int keysize,
- char *token);
+static char *GetSubjectFromUser(unsigned long serial);
+static CERTCertificate *GenerateSelfSignedObjectSigningCert(
+ char *nickname, CERTCertDBHandle *db, char *subject, unsigned long serial,
+ int keysize, char *token);
static SECStatus ChangeTrustAttributes(CERTCertDBHandle *db,
- CERTCertificate *cert, char *trusts);
+ CERTCertificate *cert, char *trusts);
static SECStatus set_cert_type(CERTCertificate *cert, unsigned int type);
static SECItem *sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk);
-static CERTCertificate*install_cert(CERTCertDBHandle *db, SECItem *derCert,
- char *nickname);
+static CERTCertificate *install_cert(CERTCertDBHandle *db, SECItem *derCert,
+ char *nickname);
static SECStatus GenerateKeyPair(PK11SlotInfo *slot, SECKEYPublicKey **pubk,
- SECKEYPrivateKey **privk, int keysize);
-static CERTCertificateRequest*make_cert_request(char *subject,
- SECKEYPublicKey *pubk);
+ SECKEYPrivateKey **privk, int keysize);
+static CERTCertificateRequest *make_cert_request(char *subject,
+ SECKEYPublicKey *pubk);
static CERTCertificate *make_cert(CERTCertificateRequest *req,
- unsigned long serial, CERTName *ca_subject);
-static void output_ca_cert (CERTCertificate *cert, CERTCertDBHandle *db);
-
+ unsigned long serial, CERTName *ca_subject);
+static void output_ca_cert(CERTCertificate *cert, CERTCertDBHandle *db);
/***********************************************************************
*
* G e n e r a t e C e r t
*
* Runs the whole process of creating a new cert, getting info from the
* user, etc.
*/
-int
-GenerateCert(char *nickname, int keysize, char *token)
-{
- CERTCertDBHandle * db;
- CERTCertificate * cert;
- char *subject;
- unsigned long serial;
- char stdinbuf[160];
+int GenerateCert(char *nickname, int keysize, char *token) {
+ CERTCertDBHandle *db;
+ CERTCertificate *cert;
+ char *subject;
+ unsigned long serial;
+ char stdinbuf[160];
- /* Print warning about having the browser open */
- PR_fprintf(PR_STDOUT /*always go to console*/,
- "\nWARNING: Performing this operation while the browser is running could cause"
- "\ncorruption of your security databases. If the browser is currently running,"
- "\nyou should exit the browser before continuing this operation. Enter "
- "\n\"y\" to continue, or anything else to abort: ");
- pr_fgets(stdinbuf, 160, PR_STDIN);
- PR_fprintf(PR_STDOUT, "\n");
- if (tolower(stdinbuf[0]) != 'y') {
- PR_fprintf(errorFD, "Operation aborted at user's request.\n");
- errorCount++;
- return - 1;
- }
+ /* Print warning about having the browser open */
+ PR_fprintf(
+ PR_STDOUT /*always go to console*/,
+ "\nWARNING: Performing this operation while the browser is running could "
+ "cause"
+ "\ncorruption of your security databases. If the browser is currently "
+ "running,"
+ "\nyou should exit the browser before continuing this operation. Enter "
+ "\n\"y\" to continue, or anything else to abort: ");
+ pr_fgets(stdinbuf, 160, PR_STDIN);
+ PR_fprintf(PR_STDOUT, "\n");
+ if (tolower(stdinbuf[0]) != 'y') {
+ PR_fprintf(errorFD, "Operation aborted at user's request.\n");
+ errorCount++;
+ return -1;
+ }
- db = CERT_GetDefaultCertDB();
- if (!db) {
- FatalError("Unable to open certificate database");
- }
+ db = CERT_GetDefaultCertDB();
+ if (!db) {
+ FatalError("Unable to open certificate database");
+ }
- if (PK11_FindCertFromNickname(nickname, &pwdata)) {
- PR_fprintf(errorFD,
- "ERROR: Certificate with nickname \"%s\" already exists in database. You\n"
- "must choose a different nickname.\n", nickname);
- errorCount++;
- exit(ERRX);
- }
+ if (PK11_FindCertFromNickname(nickname, &pwdata)) {
+ PR_fprintf(errorFD,
+ "ERROR: Certificate with nickname \"%s\" already "
+ "exists in database. You\n"
+ "must choose a different nickname.\n",
+ nickname);
+ errorCount++;
+ exit(ERRX);
+ }
- LL_L2UI(serial, PR_Now());
+ LL_L2UI(serial, PR_Now());
- subject = GetSubjectFromUser(serial);
+ subject = GetSubjectFromUser(serial);
- cert = GenerateSelfSignedObjectSigningCert(nickname, db, subject,
- serial, keysize, token);
+ cert = GenerateSelfSignedObjectSigningCert(nickname, db, subject, serial,
+ keysize, token);
- if (cert) {
- output_ca_cert(cert, db);
- CERT_DestroyCertificate(cert);
- }
+ if (cert) {
+ output_ca_cert(cert, db);
+ CERT_DestroyCertificate(cert);
+ }
- PORT_Free(subject);
- return 0;
+ PORT_Free(subject);
+ return 0;
}
-
#undef VERBOSE_PROMPTS
/*********************************************************************8
* G e t S u b j e c t F r o m U s e r
*
* Construct the subject information line for a certificate by querying
* the user on stdin.
*/
-static char *
-GetSubjectFromUser(unsigned long serial)
-{
- char buf[STDIN_BUF_SIZE];
- char common_name_buf[STDIN_BUF_SIZE];
- char *common_name, *state, *orgunit, *country, *org, *locality;
- char *email, *uid;
- char *subject;
- char *cp;
- int subjectlen = 0;
+static char *GetSubjectFromUser(unsigned long serial) {
+ char buf[STDIN_BUF_SIZE];
+ char common_name_buf[STDIN_BUF_SIZE];
+ char *common_name, *state, *orgunit, *country, *org, *locality;
+ char *email, *uid;
+ char *subject;
+ char *cp;
+ int subjectlen = 0;
- common_name = state = orgunit = country = org = locality = email =
- uid = subject = NULL;
+ common_name = state = orgunit = country = org = locality = email = uid =
+ subject = NULL;
- /* Get subject information */
- PR_fprintf(PR_STDOUT,
- "\nEnter certificate information. All fields are optional. Acceptable\n"
- "characters are numbers, letters, spaces, and apostrophes.\n");
+ /* Get subject information */
+ PR_fprintf(
+ PR_STDOUT,
+ "\nEnter certificate information. All fields are optional. Acceptable\n"
+ "characters are numbers, letters, spaces, and apostrophes.\n");
#ifdef VERBOSE_PROMPTS
- PR_fprintf(PR_STDOUT, "\nCOMMON NAME\n"
- "Enter the full name you want to give your certificate. (Example: Test-Only\n"
- "Object Signing Certificate)\n"
- "-->");
+ PR_fprintf(PR_STDOUT,
+ "\nCOMMON NAME\n"
+ "Enter the full name you want to give your "
+ "certificate. (Example: Test-Only\n"
+ "Object Signing Certificate)\n"
+ "-->");
#else
- PR_fprintf(PR_STDOUT, "certificate common name: ");
+ PR_fprintf(PR_STDOUT, "certificate common name: ");
#endif
- fgets(buf, STDIN_BUF_SIZE, stdin);
- cp = chop(buf);
- if (*cp == '\0') {
- sprintf(common_name_buf, "%s (%lu)", DEFAULT_COMMON_NAME,
- serial);
- cp = common_name_buf;
- }
- common_name = PORT_ZAlloc(strlen(cp) + 6);
- if (!common_name) {
- out_of_memory();
- }
- sprintf(common_name, "CN=%s, ", cp);
- subjectlen += strlen(common_name);
+ fgets(buf, STDIN_BUF_SIZE, stdin);
+ cp = chop(buf);
+ if (*cp == '\0') {
+ sprintf(common_name_buf, "%s (%lu)", DEFAULT_COMMON_NAME, serial);
+ cp = common_name_buf;
+ }
+ common_name = PORT_ZAlloc(strlen(cp) + 6);
+ if (!common_name) {
+ out_of_memory();
+ }
+ sprintf(common_name, "CN=%s, ", cp);
+ subjectlen += strlen(common_name);
#ifdef VERBOSE_PROMPTS
- PR_fprintf(PR_STDOUT, "\nORGANIZATION NAME\n"
- "Enter the name of your organization. For example, this could be the name\n"
- "of your company.\n"
- "-->");
+ PR_fprintf(PR_STDOUT,
+ "\nORGANIZATION NAME\n"
+ "Enter the name of your organization. For example, "
+ "this could be the name\n"
+ "of your company.\n"
+ "-->");
#else
- PR_fprintf(PR_STDOUT, "organization: ");
+ PR_fprintf(PR_STDOUT, "organization: ");
#endif
- fgets(buf, STDIN_BUF_SIZE, stdin);
- cp = chop(buf);
- if (*cp != '\0') {
- org = PORT_ZAlloc(strlen(cp) + 5);
- if (!org) {
- out_of_memory();
- }
- sprintf(org, "O=%s, ", cp);
- subjectlen += strlen(org);
+ fgets(buf, STDIN_BUF_SIZE, stdin);
+ cp = chop(buf);
+ if (*cp != '\0') {
+ org = PORT_ZAlloc(strlen(cp) + 5);
+ if (!org) {
+ out_of_memory();
}
+ sprintf(org, "O=%s, ", cp);
+ subjectlen += strlen(org);
+ }
#ifdef VERBOSE_PROMPTS
- PR_fprintf(PR_STDOUT, "\nORGANIZATION UNIT\n"
- "Enter the name of your organization unit. For example, this could be the\n"
- "name of your department.\n"
- "-->");
+ PR_fprintf(PR_STDOUT,
+ "\nORGANIZATION UNIT\n"
+ "Enter the name of your organization unit. For "
+ "example, this could be the\n"
+ "name of your department.\n"
+ "-->");
#else
- PR_fprintf(PR_STDOUT, "organization unit: ");
+ PR_fprintf(PR_STDOUT, "organization unit: ");
#endif
- fgets(buf, STDIN_BUF_SIZE, stdin);
- cp = chop(buf);
- if (*cp != '\0') {
- orgunit = PORT_ZAlloc(strlen(cp) + 6);
- if (!orgunit) {
- out_of_memory();
- }
- sprintf(orgunit, "OU=%s, ", cp);
- subjectlen += strlen(orgunit);
+ fgets(buf, STDIN_BUF_SIZE, stdin);
+ cp = chop(buf);
+ if (*cp != '\0') {
+ orgunit = PORT_ZAlloc(strlen(cp) + 6);
+ if (!orgunit) {
+ out_of_memory();
}
+ sprintf(orgunit, "OU=%s, ", cp);
+ subjectlen += strlen(orgunit);
+ }
#ifdef VERBOSE_PROMPTS
- PR_fprintf(PR_STDOUT, "\nSTATE\n"
- "Enter the name of your state or province.\n"
- "-->");
+ PR_fprintf(PR_STDOUT,
+ "\nSTATE\n"
+ "Enter the name of your state or province.\n"
+ "-->");
#else
- PR_fprintf(PR_STDOUT, "state or province: ");
+ PR_fprintf(PR_STDOUT, "state or province: ");
#endif
- fgets(buf, STDIN_BUF_SIZE, stdin);
- cp = chop(buf);
- if (*cp != '\0') {
- state = PORT_ZAlloc(strlen(cp) + 6);
- if (!state) {
- out_of_memory();
- }
- sprintf(state, "ST=%s, ", cp);
- subjectlen += strlen(state);
+ fgets(buf, STDIN_BUF_SIZE, stdin);
+ cp = chop(buf);
+ if (*cp != '\0') {
+ state = PORT_ZAlloc(strlen(cp) + 6);
+ if (!state) {
+ out_of_memory();
}
+ sprintf(state, "ST=%s, ", cp);
+ subjectlen += strlen(state);
+ }
#ifdef VERBOSE_PROMPTS
- PR_fprintf(PR_STDOUT, "\nCOUNTRY\n"
- "Enter the 2-character abbreviation for the name of your country.\n"
- "-->");
+ PR_fprintf(
+ PR_STDOUT,
+ "\nCOUNTRY\n"
+ "Enter the 2-character abbreviation for the name of your country.\n"
+ "-->");
#else
- PR_fprintf(PR_STDOUT, "country (must be exactly 2 characters): ");
+ PR_fprintf(PR_STDOUT, "country (must be exactly 2 characters): ");
#endif
- fgets(buf, STDIN_BUF_SIZE, stdin);
- cp = chop(cp);
- if (strlen(cp) != 2) {
- *cp = '\0'; /* country code must be 2 chars */
+ fgets(buf, STDIN_BUF_SIZE, stdin);
+ cp = chop(cp);
+ if (strlen(cp) != 2) {
+ *cp = '\0'; /* country code must be 2 chars */
+ }
+ if (*cp != '\0') {
+ country = PORT_ZAlloc(strlen(cp) + 5);
+ if (!country) {
+ out_of_memory();
}
- if (*cp != '\0') {
- country = PORT_ZAlloc(strlen(cp) + 5);
- if (!country) {
- out_of_memory();
- }
- sprintf(country, "C=%s, ", cp);
- subjectlen += strlen(country);
- }
+ sprintf(country, "C=%s, ", cp);
+ subjectlen += strlen(country);
+ }
#ifdef VERBOSE_PROMPTS
- PR_fprintf(PR_STDOUT, "\nUSERNAME\n"
- "Enter your system username or UID\n"
- "-->");
+ PR_fprintf(PR_STDOUT,
+ "\nUSERNAME\n"
+ "Enter your system username or UID\n"
+ "-->");
#else
- PR_fprintf(PR_STDOUT, "username: ");
+ PR_fprintf(PR_STDOUT, "username: ");
#endif
- fgets(buf, STDIN_BUF_SIZE, stdin);
- cp = chop(buf);
- if (*cp != '\0') {
- uid = PORT_ZAlloc(strlen(cp) + 7);
- if (!uid) {
- out_of_memory();
- }
- sprintf(uid, "UID=%s, ", cp);
- subjectlen += strlen(uid);
+ fgets(buf, STDIN_BUF_SIZE, stdin);
+ cp = chop(buf);
+ if (*cp != '\0') {
+ uid = PORT_ZAlloc(strlen(cp) + 7);
+ if (!uid) {
+ out_of_memory();
}
+ sprintf(uid, "UID=%s, ", cp);
+ subjectlen += strlen(uid);
+ }
#ifdef VERBOSE_PROMPTS
- PR_fprintf(PR_STDOUT, "\nEMAIL ADDRESS\n"
- "Enter your email address.\n"
- "-->");
+ PR_fprintf(PR_STDOUT,
+ "\nEMAIL ADDRESS\n"
+ "Enter your email address.\n"
+ "-->");
#else
- PR_fprintf(PR_STDOUT, "email address: ");
+ PR_fprintf(PR_STDOUT, "email address: ");
#endif
- fgets(buf, STDIN_BUF_SIZE, stdin);
- cp = chop(buf);
- if (*cp != '\0') {
- email = PORT_ZAlloc(strlen(cp) + 5);
- if (!email) {
- out_of_memory();
- }
- sprintf(email, "E=%s,", cp);
- subjectlen += strlen(email);
+ fgets(buf, STDIN_BUF_SIZE, stdin);
+ cp = chop(buf);
+ if (*cp != '\0') {
+ email = PORT_ZAlloc(strlen(cp) + 5);
+ if (!email) {
+ out_of_memory();
}
+ sprintf(email, "E=%s,", cp);
+ subjectlen += strlen(email);
+ }
- subjectlen++;
+ subjectlen++;
- subject = PORT_ZAlloc(subjectlen);
- if (!subject) {
- out_of_memory();
- }
+ subject = PORT_ZAlloc(subjectlen);
+ if (!subject) {
+ out_of_memory();
+ }
- sprintf(subject, "%s%s%s%s%s%s%s",
- common_name ? common_name : "",
- org ? org : "",
- orgunit ? orgunit : "",
- state ? state : "",
- country ? country : "",
- uid ? uid : "",
- email ? email : ""
- );
- if ( (strlen(subject) > 1) && (subject[strlen(subject)-1] == ' ') ) {
- subject[strlen(subject)-2] = '\0';
- }
+ sprintf(subject, "%s%s%s%s%s%s%s", common_name ? common_name : "",
+ org ? org : "", orgunit ? orgunit : "", state ? state : "",
+ country ? country : "", uid ? uid : "", email ? email : "");
+ if ((strlen(subject) > 1) && (subject[strlen(subject) - 1] == ' ')) {
+ subject[strlen(subject) - 2] = '\0';
+ }
- PORT_Free(common_name);
- PORT_Free(org);
- PORT_Free(orgunit);
- PORT_Free(state);
- PORT_Free(country);
- PORT_Free(uid);
- PORT_Free(email);
+ PORT_Free(common_name);
+ PORT_Free(org);
+ PORT_Free(orgunit);
+ PORT_Free(state);
+ PORT_Free(country);
+ PORT_Free(uid);
+ PORT_Free(email);
- return subject;
+ return subject;
}
-
/**************************************************************************
*
* G e n e r a t e S e l f S i g n e d O b j e c t S i g n i n g C e r t
* *phew*^
*
*/
-static CERTCertificate*
-GenerateSelfSignedObjectSigningCert(char *nickname, CERTCertDBHandle *db,
- char *subject, unsigned long serial, int keysize, char *token)
-{
- CERTCertificate * cert, *temp_cert;
- SECItem * derCert;
- CERTCertificateRequest * req;
+static CERTCertificate *GenerateSelfSignedObjectSigningCert(
+ char *nickname, CERTCertDBHandle *db, char *subject, unsigned long serial,
+ int keysize, char *token) {
+ CERTCertificate *cert, *temp_cert;
+ SECItem *derCert;
+ CERTCertificateRequest *req;
- PK11SlotInfo * slot = NULL;
- SECKEYPrivateKey * privk = NULL;
- SECKEYPublicKey * pubk = NULL;
+ PK11SlotInfo *slot = NULL;
+ SECKEYPrivateKey *privk = NULL;
+ SECKEYPublicKey *pubk = NULL;
- if ( token ) {
- slot = PK11_FindSlotByName(token);
- } else {
- slot = PK11_GetInternalKeySlot();
- }
+ if (token) {
+ slot = PK11_FindSlotByName(token);
+ } else {
+ slot = PK11_GetInternalKeySlot();
+ }
- if (slot == NULL) {
- PR_fprintf(errorFD, "Can't find PKCS11 slot %s\n",
- token ? token : "");
- errorCount++;
- exit (ERRX);
- }
+ if (slot == NULL) {
+ PR_fprintf(errorFD, "Can't find PKCS11 slot %s\n", token ? token : "");
+ errorCount++;
+ exit(ERRX);
+ }
- if ( GenerateKeyPair(slot, &pubk, &privk, keysize) != SECSuccess) {
- FatalError("Error generating keypair.");
- }
- req = make_cert_request (subject, pubk);
- temp_cert = make_cert (req, serial, &req->subject);
- if (set_cert_type(temp_cert,
- NS_CERT_TYPE_OBJECT_SIGNING | NS_CERT_TYPE_OBJECT_SIGNING_CA)
- != SECSuccess) {
- FatalError("Unable to set cert type");
- }
+ if (GenerateKeyPair(slot, &pubk, &privk, keysize) != SECSuccess) {
+ FatalError("Error generating keypair.");
+ }
+ req = make_cert_request(subject, pubk);
+ temp_cert = make_cert(req, serial, &req->subject);
+ if (set_cert_type(temp_cert, NS_CERT_TYPE_OBJECT_SIGNING |
+ NS_CERT_TYPE_OBJECT_SIGNING_CA) !=
+ SECSuccess) {
+ FatalError("Unable to set cert type");
+ }
- derCert = sign_cert (temp_cert, privk);
- cert = install_cert(db, derCert, nickname);
- if (ChangeTrustAttributes(db, cert, ",,uC") != SECSuccess) {
- FatalError("Unable to change trust on generated certificate");
- }
+ derCert = sign_cert(temp_cert, privk);
+ cert = install_cert(db, derCert, nickname);
+ if (ChangeTrustAttributes(db, cert, ",,uC") != SECSuccess) {
+ FatalError("Unable to change trust on generated certificate");
+ }
- /* !!! Free memory ? !!! */
- PK11_FreeSlot(slot);
- SECKEY_DestroyPrivateKey(privk);
- SECKEY_DestroyPublicKey(pubk);
+ /* !!! Free memory ? !!! */
+ PK11_FreeSlot(slot);
+ SECKEY_DestroyPrivateKey(privk);
+ SECKEY_DestroyPublicKey(pubk);
- return cert;
+ return cert;
}
-
/**************************************************************************
*
* C h a n g e T r u s t A t t r i b u t e s
*/
-static SECStatus
-ChangeTrustAttributes(CERTCertDBHandle *db, CERTCertificate *cert, char *trusts)
-{
+static SECStatus ChangeTrustAttributes(CERTCertDBHandle *db,
+ CERTCertificate *cert, char *trusts) {
- CERTCertTrust * trust;
+ CERTCertTrust *trust;
- if (!db || !cert || !trusts) {
- PR_fprintf(errorFD, "ChangeTrustAttributes got incomplete arguments.\n");
- errorCount++;
- return SECFailure;
- }
+ if (!db || !cert || !trusts) {
+ PR_fprintf(errorFD, "ChangeTrustAttributes got incomplete arguments.\n");
+ errorCount++;
+ return SECFailure;
+ }
- trust = (CERTCertTrust * ) PORT_ZAlloc(sizeof(CERTCertTrust));
- if (!trust) {
- PR_fprintf(errorFD, "ChangeTrustAttributes unable to allocate "
- "CERTCertTrust\n");
- errorCount++;
- return SECFailure;
- }
+ trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust));
+ if (!trust) {
+ PR_fprintf(errorFD,
+ "ChangeTrustAttributes unable to allocate "
+ "CERTCertTrust\n");
+ errorCount++;
+ return SECFailure;
+ }
- if ( CERT_DecodeTrustString(trust, trusts) ) {
- return SECFailure;
- }
+ if (CERT_DecodeTrustString(trust, trusts)) {
+ return SECFailure;
+ }
- if ( CERT_ChangeCertTrust(db, cert, trust) ) {
- PR_fprintf(errorFD, "unable to modify trust attributes for cert %s\n",
- cert->nickname ? cert->nickname : "");
- errorCount++;
- return SECFailure;
- }
+ if (CERT_ChangeCertTrust(db, cert, trust)) {
+ PR_fprintf(errorFD, "unable to modify trust attributes for cert %s\n",
+ cert->nickname ? cert->nickname : "");
+ errorCount++;
+ return SECFailure;
+ }
- return SECSuccess;
+ return SECSuccess;
}
-
/*************************************************************************
*
* s e t _ c e r t _ t y p e
*/
-static SECStatus
-set_cert_type(CERTCertificate *cert, unsigned int type)
-{
- void *context;
- SECStatus status = SECSuccess;
- SECItem certType;
- char ctype;
+static SECStatus set_cert_type(CERTCertificate *cert, unsigned int type) {
+ void *context;
+ SECStatus status = SECSuccess;
+ SECItem certType;
+ char ctype;
- context = CERT_StartCertExtensions(cert);
+ context = CERT_StartCertExtensions(cert);
- certType.type = siBuffer;
- certType.data = (unsigned char * ) &ctype;
- certType.len = 1;
- ctype = (unsigned char)type;
- if (CERT_EncodeAndAddBitStrExtension(context, SEC_OID_NS_CERT_EXT_CERT_TYPE,
- &certType, PR_TRUE /*critical*/) != SECSuccess) {
- status = SECFailure;
- }
+ certType.type = siBuffer;
+ certType.data = (unsigned char *)&ctype;
+ certType.len = 1;
+ ctype = (unsigned char)type;
+ if (CERT_EncodeAndAddBitStrExtension(context, SEC_OID_NS_CERT_EXT_CERT_TYPE,
+ &certType,
+ PR_TRUE /*critical*/) != SECSuccess) {
+ status = SECFailure;
+ }
- if (CERT_FinishExtensions(context) != SECSuccess) {
- status = SECFailure;
- }
+ if (CERT_FinishExtensions(context) != SECSuccess) {
+ status = SECFailure;
+ }
- return status;
+ return status;
}
-
/********************************************************************
*
* s i g n _ c e r t
*/
-static SECItem *
-sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk)
-{
- SECStatus rv;
+static SECItem *sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk) {
+ SECStatus rv;
- SECItem der2;
- SECItem * result2;
+ SECItem der2;
+ SECItem *result2;
- void *dummy;
- SECOidTag alg = SEC_OID_UNKNOWN;
+ void *dummy;
+ SECOidTag alg = SEC_OID_UNKNOWN;
- alg = SEC_GetSignatureAlgorithmOidTag(privk->keyType, SEC_OID_UNKNOWN);
- if (alg == SEC_OID_UNKNOWN) {
- FatalError("Unknown key type");
- }
+ alg = SEC_GetSignatureAlgorithmOidTag(privk->keyType, SEC_OID_UNKNOWN);
+ if (alg == SEC_OID_UNKNOWN) {
+ FatalError("Unknown key type");
+ }
- rv = SECOID_SetAlgorithmID (cert->arena, &cert->signature, alg, 0);
+ rv = SECOID_SetAlgorithmID(cert->arena, &cert->signature, alg, 0);
- if (rv != SECSuccess) {
- PR_fprintf(errorFD, "%s: unable to set signature alg id\n",
- PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
- }
+ if (rv != SECSuccess) {
+ PR_fprintf(errorFD, "%s: unable to set signature alg id\n", PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
+ }
- der2.len = 0;
- der2.data = NULL;
+ der2.len = 0;
+ der2.data = NULL;
- dummy = SEC_ASN1EncodeItem
- (cert->arena, &der2, cert, SEC_ASN1_GET(CERT_CertificateTemplate));
+ dummy = SEC_ASN1EncodeItem(cert->arena, &der2, cert,
+ SEC_ASN1_GET(CERT_CertificateTemplate));
- if (rv != SECSuccess) {
- PR_fprintf(errorFD, "%s: error encoding cert\n", PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
- }
+ if (rv != SECSuccess) {
+ PR_fprintf(errorFD, "%s: error encoding cert\n", PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
+ }
- result2 = (SECItem * ) PORT_ArenaZAlloc (cert->arena, sizeof (SECItem));
- if (result2 == NULL)
- out_of_memory();
+ result2 = (SECItem *)PORT_ArenaZAlloc(cert->arena, sizeof(SECItem));
+ if (result2 == NULL) out_of_memory();
- rv = SEC_DerSignData
- (cert->arena, result2, der2.data, der2.len, privk, alg);
+ rv = SEC_DerSignData(cert->arena, result2, der2.data, der2.len, privk, alg);
- if (rv != SECSuccess) {
- PR_fprintf(errorFD, "can't sign encoded certificate data\n");
- errorCount++;
- exit (ERRX);
- } else if (verbosity >= 0) {
- PR_fprintf(outputFD, "certificate has been signed\n");
- }
+ if (rv != SECSuccess) {
+ PR_fprintf(errorFD, "can't sign encoded certificate data\n");
+ errorCount++;
+ exit(ERRX);
+ } else if (verbosity >= 0) {
+ PR_fprintf(outputFD, "certificate has been signed\n");
+ }
- cert->derCert = *result2;
+ cert->derCert = *result2;
- return result2;
+ return result2;
}
-
/*********************************************************************
*
* i n s t a l l _ c e r t
*
* Installs the cert in the permanent database.
*/
-static CERTCertificate*
-install_cert(CERTCertDBHandle *db, SECItem *derCert, char *nickname)
-{
- CERTCertificate * newcert;
- PK11SlotInfo * newSlot;
+static CERTCertificate *install_cert(CERTCertDBHandle *db, SECItem *derCert,
+ char *nickname) {
+ CERTCertificate *newcert;
+ PK11SlotInfo *newSlot;
+ newSlot = PK11_ImportDERCertForKey(derCert, nickname, &pwdata);
+ if (newSlot == NULL) {
+ PR_fprintf(errorFD, "Unable to install certificate\n");
+ errorCount++;
+ exit(ERRX);
+ }
- newSlot = PK11_ImportDERCertForKey(derCert, nickname, &pwdata);
- if ( newSlot == NULL ) {
- PR_fprintf(errorFD, "Unable to install certificate\n");
- errorCount++;
- exit(ERRX);
- }
+ newcert = PK11_FindCertFromDERCertItem(newSlot, derCert, &pwdata);
+ PK11_FreeSlot(newSlot);
+ if (newcert == NULL) {
+ PR_fprintf(errorFD, "%s: can't find new certificate\n", PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
+ }
- newcert = PK11_FindCertFromDERCertItem(newSlot, derCert, &pwdata);
- PK11_FreeSlot(newSlot);
- if (newcert == NULL) {
- PR_fprintf(errorFD, "%s: can't find new certificate\n",
- PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
- }
+ if (verbosity >= 0) {
+ PR_fprintf(outputFD, "certificate \"%s\" added to database\n", nickname);
+ }
- if (verbosity >= 0) {
- PR_fprintf(outputFD, "certificate \"%s\" added to database\n",
- nickname);
- }
-
- return newcert;
+ return newcert;
}
-
/******************************************************************
*
* G e n e r a t e K e y P a i r
*/
-static SECStatus
-GenerateKeyPair(PK11SlotInfo *slot, SECKEYPublicKey **pubk,
-SECKEYPrivateKey **privk, int keysize)
-{
+static SECStatus GenerateKeyPair(PK11SlotInfo *slot, SECKEYPublicKey **pubk,
+ SECKEYPrivateKey **privk, int keysize) {
- PK11RSAGenParams rsaParams;
+ PK11RSAGenParams rsaParams;
- if ( keysize == -1 ) {
- rsaParams.keySizeInBits = DEFAULT_RSA_KEY_SIZE;
- } else {
- rsaParams.keySizeInBits = keysize;
+ if (keysize == -1) {
+ rsaParams.keySizeInBits = DEFAULT_RSA_KEY_SIZE;
+ } else {
+ rsaParams.keySizeInBits = keysize;
+ }
+ rsaParams.pe = 0x10001;
+
+ if (PK11_Authenticate(slot, PR_FALSE /*loadCerts*/, &pwdata) != SECSuccess) {
+ SECU_PrintError(progName, "failure authenticating to key database.\n");
+ exit(ERRX);
+ }
+
+ *privk = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams,
+ pubk, PR_TRUE /*isPerm*/,
+ PR_TRUE /*isSensitive*/, &pwdata);
+
+ if (*privk != NULL && *pubk != NULL) {
+ if (verbosity >= 0) {
+ PR_fprintf(outputFD, "generated public/private key pair\n");
}
- rsaParams.pe = 0x10001;
+ } else {
+ SECU_PrintError(progName, "failure generating key pair\n");
+ exit(ERRX);
+ }
- if (PK11_Authenticate( slot, PR_FALSE /*loadCerts*/, &pwdata)
- != SECSuccess) {
- SECU_PrintError(progName, "failure authenticating to key database.\n");
- exit(ERRX);
- }
-
- *privk = PK11_GenerateKeyPair (slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams,
-
- pubk, PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/, &pwdata);
-
- if (*privk != NULL && *pubk != NULL) {
- if (verbosity >= 0) {
- PR_fprintf(outputFD, "generated public/private key pair\n");
- }
- } else {
- SECU_PrintError(progName, "failure generating key pair\n");
- exit (ERRX);
- }
-
- return SECSuccess;
+ return SECSuccess;
}
-
-
/******************************************************************
*
* m a k e _ c e r t _ r e q u e s t
*/
-static CERTCertificateRequest*
-make_cert_request(char *subject, SECKEYPublicKey *pubk)
-{
- CERTName * subj;
- CERTSubjectPublicKeyInfo * spki;
+static CERTCertificateRequest *make_cert_request(char *subject,
+ SECKEYPublicKey *pubk) {
+ CERTName *subj;
+ CERTSubjectPublicKeyInfo *spki;
- CERTCertificateRequest * req;
+ CERTCertificateRequest *req;
- /* Create info about public key */
- spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);
- if (!spki) {
- SECU_PrintError(progName, "unable to create subject public key");
- exit (ERRX);
- }
+ /* Create info about public key */
+ spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);
+ if (!spki) {
+ SECU_PrintError(progName, "unable to create subject public key");
+ exit(ERRX);
+ }
- subj = CERT_AsciiToName (subject);
- if (subj == NULL) {
- FatalError("Invalid data in certificate description");
- }
+ subj = CERT_AsciiToName(subject);
+ if (subj == NULL) {
+ FatalError("Invalid data in certificate description");
+ }
- /* Generate certificate request */
- req = CERT_CreateCertificateRequest(subj, spki, 0);
- if (!req) {
- SECU_PrintError(progName, "unable to make certificate request");
- exit (ERRX);
- }
+ /* Generate certificate request */
+ req = CERT_CreateCertificateRequest(subj, spki, 0);
+ if (!req) {
+ SECU_PrintError(progName, "unable to make certificate request");
+ exit(ERRX);
+ }
- SECKEY_DestroySubjectPublicKeyInfo(spki);
- CERT_DestroyName(subj);
+ SECKEY_DestroySubjectPublicKeyInfo(spki);
+ CERT_DestroyName(subj);
- if (verbosity >= 0) {
- PR_fprintf(outputFD, "certificate request generated\n");
- }
+ if (verbosity >= 0) {
+ PR_fprintf(outputFD, "certificate request generated\n");
+ }
- return req;
+ return req;
}
-
/******************************************************************
*
* m a k e _ c e r t
*/
-static CERTCertificate *
-make_cert(CERTCertificateRequest *req, unsigned long serial,
-CERTName *ca_subject)
-{
- CERTCertificate * cert;
+static CERTCertificate *make_cert(CERTCertificateRequest *req,
+ unsigned long serial, CERTName *ca_subject) {
+ CERTCertificate *cert;
- CERTValidity * validity = NULL;
+ CERTValidity *validity = NULL;
- PRTime now, after;
- PRExplodedTime printableTime;
+ PRTime now, after;
+ PRExplodedTime printableTime;
- now = PR_Now();
- PR_ExplodeTime (now, PR_GMTParameters, &printableTime);
+ now = PR_Now();
+ PR_ExplodeTime(now, PR_GMTParameters, &printableTime);
- printableTime.tm_month += 3;
- after = PR_ImplodeTime (&printableTime);
+ printableTime.tm_month += 3;
+ after = PR_ImplodeTime(&printableTime);
- validity = CERT_CreateValidity (now, after);
+ validity = CERT_CreateValidity(now, after);
- if (validity == NULL) {
- PR_fprintf(errorFD, "%s: error creating certificate validity\n",
- PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
- }
+ if (validity == NULL) {
+ PR_fprintf(errorFD, "%s: error creating certificate validity\n",
+ PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
+ }
- cert = CERT_CreateCertificate
- (serial, ca_subject, validity, req);
+ cert = CERT_CreateCertificate(serial, ca_subject, validity, req);
- if (cert == NULL) {
- /* should probably be more precise here */
- PR_fprintf(errorFD, "%s: error while generating certificate\n",
- PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
- }
+ if (cert == NULL) {
+ /* should probably be more precise here */
+ PR_fprintf(errorFD, "%s: error while generating certificate\n",
+ PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
+ }
- return cert;
+ return cert;
}
-
/*************************************************************************
*
* o u t p u t _ c a _ c e r t
*/
-static void
-output_ca_cert (CERTCertificate *cert, CERTCertDBHandle *db)
-{
- FILE * out;
+static void output_ca_cert(CERTCertificate *cert, CERTCertDBHandle *db) {
+ FILE *out;
- SECItem * encodedCertChain;
- SEC_PKCS7ContentInfo * certChain;
- char *filename;
+ SECItem *encodedCertChain;
+ SEC_PKCS7ContentInfo *certChain;
+ char *filename;
- /* the raw */
+ /* the raw */
- filename = PORT_ZAlloc(strlen(DEFAULT_X509_BASENAME) + 8);
- if (!filename)
- out_of_memory();
+ filename = PORT_ZAlloc(strlen(DEFAULT_X509_BASENAME) + 8);
+ if (!filename) out_of_memory();
- sprintf(filename, "%s.raw", DEFAULT_X509_BASENAME);
- if ((out = fopen (filename, "wb")) == NULL) {
- PR_fprintf(errorFD, "%s: Can't open %s output file\n", PROGRAM_NAME,
- filename);
- errorCount++;
- exit(ERRX);
- }
+ sprintf(filename, "%s.raw", DEFAULT_X509_BASENAME);
+ if ((out = fopen(filename, "wb")) == NULL) {
+ PR_fprintf(errorFD, "%s: Can't open %s output file\n", PROGRAM_NAME,
+ filename);
+ errorCount++;
+ exit(ERRX);
+ }
- certChain = SEC_PKCS7CreateCertsOnly (cert, PR_TRUE, db);
- encodedCertChain
- = SEC_PKCS7EncodeItem (NULL, NULL, certChain, NULL, NULL, NULL);
- SEC_PKCS7DestroyContentInfo (certChain);
+ certChain = SEC_PKCS7CreateCertsOnly(cert, PR_TRUE, db);
+ encodedCertChain =
+ SEC_PKCS7EncodeItem(NULL, NULL, certChain, NULL, NULL, NULL);
+ SEC_PKCS7DestroyContentInfo(certChain);
- if (encodedCertChain) {
- fprintf(out, "Content-type: application/x-x509-ca-cert\n\n");
- fwrite (encodedCertChain->data, 1, encodedCertChain->len,
- out);
- SECITEM_FreeItem(encodedCertChain, PR_TRUE);
- } else {
- PR_fprintf(errorFD, "%s: Can't DER encode this certificate\n",
- PROGRAM_NAME);
- errorCount++;
- exit(ERRX);
- }
+ if (encodedCertChain) {
+ fprintf(out, "Content-type: application/x-x509-ca-cert\n\n");
+ fwrite(encodedCertChain->data, 1, encodedCertChain->len, out);
+ SECITEM_FreeItem(encodedCertChain, PR_TRUE);
+ } else {
+ PR_fprintf(errorFD, "%s: Can't DER encode this certificate\n",
+ PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
+ }
- fclose (out);
+ fclose(out);
- /* and the cooked */
+ /* and the cooked */
- sprintf(filename, "%s.cacert", DEFAULT_X509_BASENAME);
- if ((out = fopen (filename, "wb")) == NULL) {
- PR_fprintf(errorFD, "%s: Can't open %s output file\n", PROGRAM_NAME,
- filename);
- errorCount++;
- return;
- }
+ sprintf(filename, "%s.cacert", DEFAULT_X509_BASENAME);
+ if ((out = fopen(filename, "wb")) == NULL) {
+ PR_fprintf(errorFD, "%s: Can't open %s output file\n", PROGRAM_NAME,
+ filename);
+ errorCount++;
+ return;
+ }
- fprintf (out, "%s\n%s\n%s\n",
- NS_CERT_HEADER,
- BTOA_DataToAscii (cert->derCert.data, cert->derCert.len),
- NS_CERT_TRAILER);
+ fprintf(out, "%s\n%s\n%s\n", NS_CERT_HEADER,
+ BTOA_DataToAscii(cert->derCert.data, cert->derCert.len),
+ NS_CERT_TRAILER);
- fclose (out);
+ fclose(out);
- if (verbosity >= 0) {
- PR_fprintf(outputFD, "Exported certificate to %s.raw and %s.cacert.\n",
- DEFAULT_X509_BASENAME, DEFAULT_X509_BASENAME);
- }
+ if (verbosity >= 0) {
+ PR_fprintf(outputFD, "Exported certificate to %s.raw and %s.cacert.\n",
+ DEFAULT_X509_BASENAME, DEFAULT_X509_BASENAME);
+ }
}
-
-
« no previous file with comments | « cmd/shlibsign/shlibsign.c ('k') | cmd/signtool/javascript.c » ('j') | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b