diff options
Diffstat (limited to 'security/nss/cmd/pkiutil/pkiutil.c')
-rw-r--r-- | security/nss/cmd/pkiutil/pkiutil.c | 371 |
1 files changed, 0 insertions, 371 deletions
diff --git a/security/nss/cmd/pkiutil/pkiutil.c b/security/nss/cmd/pkiutil/pkiutil.c deleted file mode 100644 index 7d45c3191..000000000 --- a/security/nss/cmd/pkiutil/pkiutil.c +++ /dev/null @@ -1,371 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "nspr.h" -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" -#include "nss.h" -#include "cmdutil.h" -#include "nsspki.h" -/* hmmm...*/ -#include "pki.h" - -#define PKIUTIL_VERSION_STRING "pkiutil version 0.1" - -char *progName = NULL; - -typedef struct { - PRBool raw; - PRBool ascii; - char *name; - PRFileDesc *file; -} objOutputMode; - -typedef enum { - PKIUnknown = -1, - PKICertificate, - PKIPublicKey, - PKIPrivateKey, - PKIAny -} PKIObjectType; - -static PKIObjectType -get_object_class(char *type) -{ - if (strcmp(type, "certificate") == 0 || strcmp(type, "cert") == 0 || - strcmp(type, "Certificate") == 0 || strcmp(type, "Cert") == 0) { - return PKICertificate; - } else if (strcmp(type, "public_key") == 0 || - strcmp(type, "PublicKey") == 0) { - return PKIPublicKey; - } else if (strcmp(type, "private_key") == 0 || - strcmp(type, "PrivateKey") == 0) { - return PKIPrivateKey; - } else if (strcmp(type, "all") == 0 || strcmp(type, "any") == 0) { - return PKIAny; - } - fprintf(stderr, "%s: \"%s\" is not a valid PKCS#11 object type.\n", - progName, type); - return PKIUnknown; -} - -static PRStatus -print_cert_callback(NSSCertificate *c, void *arg) -{ - int i; - NSSUTF8 *label; - NSSItem *id; - label = NSSCertificate_GetLabel(c); - printf("%s\n", label); - nss_ZFreeIf((void*)label); -#if 0 - id = NSSCertificate_GetID(c); - for (i=0; i<id->size; i++) { - printf("%c", ((char *)id->data)[i]); - } - printf("\n"); -#endif - return PR_SUCCESS; -} - -/* pkiutil commands */ -enum { - cmd_Add = 0, - cmd_Dump, - cmd_List, - cmd_Version, - pkiutil_num_commands -}; - -/* pkiutil options */ -enum { - opt_Help = 0, - opt_Ascii, - opt_ProfileDir, - opt_TokenName, - opt_InputFile, - opt_Nickname, - opt_OutputFile, - opt_Binary, - opt_Trust, - opt_Type, - pkiutil_num_options -}; - -static cmdCommandLineArg pkiutil_commands[] = -{ - { /* cmd_Add */ 'A', "add", CMDNoArg, 0, PR_FALSE, - CMDBIT(opt_Nickname) | CMDBIT(opt_Trust), - CMDBIT(opt_Ascii) | CMDBIT(opt_ProfileDir) - | CMDBIT(opt_TokenName) | CMDBIT(opt_InputFile) - | CMDBIT(opt_Binary) | CMDBIT(opt_Type) }, - { /* cmd_Dump */ 0 , "dump", CMDNoArg, 0, PR_FALSE, - CMDBIT(opt_Nickname), - CMDBIT(opt_Ascii) | CMDBIT(opt_ProfileDir) - | CMDBIT(opt_TokenName) | CMDBIT(opt_Binary) - | CMDBIT(opt_Type) }, - { /* cmd_List */ 'L', "list", CMDNoArg, 0, PR_FALSE, 0, - CMDBIT(opt_Ascii) | CMDBIT(opt_ProfileDir) - | CMDBIT(opt_TokenName) | CMDBIT(opt_Binary) - | CMDBIT(opt_Nickname) | CMDBIT(opt_Type) }, - { /* cmd_Version */ 'Y', "version", CMDNoArg, 0, PR_FALSE, 0, 0 } -}; - -static cmdCommandLineOpt pkiutil_options[] = -{ - { /* opt_Help */ '?', "help", CMDNoArg, 0, PR_FALSE }, - { /* opt_Ascii */ 'a', "ascii", CMDNoArg, 0, PR_FALSE }, - { /* opt_ProfileDir */ 'd', "dbdir", CMDArgReq, 0, PR_FALSE }, - { /* opt_TokenName */ 'h', "token", CMDArgReq, 0, PR_FALSE }, - { /* opt_InputFile */ 'i', "infile", CMDArgReq, 0, PR_FALSE }, - { /* opt_Nickname */ 'n', "nickname", CMDArgReq, 0, PR_FALSE }, - { /* opt_OutputFile */ 'o', "outfile", CMDArgReq, 0, PR_FALSE }, - { /* opt_Binary */ 'r', "raw", CMDNoArg, 0, PR_FALSE }, - { /* opt_Trust */ 't', "trust", CMDArgReq, 0, PR_FALSE }, - { /* opt_Type */ 0 , "type", CMDArgReq, 0, PR_FALSE } -}; - -void pkiutil_usage(cmdPrintState *ps, - int num, PRBool cmd, PRBool header, PRBool footer) -{ -#define pusg CMD_PrintUsageString - if (header) { - pusg(ps, "utility for managing PKCS#11 objects (certs and keys)\n"); - } else if (footer) { - /* - printf("certificate trust can be:\n"); - printf(" p - valid peer, P - trusted peer (implies p)\n"); - printf(" c - valid CA\n"); - printf(" T - trusted CA to issue client certs (implies c)\n"); - printf(" C - trusted CA to issue server certs (implies c)\n"); - printf(" u - user cert\n"); - printf(" w - send warning\n"); - */ - } else if (cmd) { - switch(num) { - case cmd_Add: - pusg(ps, "Add an object to the token"); break; - case cmd_Dump: - pusg(ps, "Dump a single object"); break; - case cmd_List: - pusg(ps, "List objects on the token (-n for single object)"); break; - case cmd_Version: - pusg(ps, "Report version"); break; - default: - pusg(ps, "Unrecognized command"); break; - } - } else { - switch(num) { - case opt_Ascii: - pusg(ps, "Use ascii (base-64 encoded) mode for I/O"); break; - case opt_ProfileDir: - pusg(ps, "Directory containing security databases (def: \".\")"); - break; - case opt_TokenName: - pusg(ps, "Name of PKCS#11 token to use (def: internal)"); break; - case opt_InputFile: - pusg(ps, "File for input (def: stdin)"); break; - case opt_Nickname: - pusg(ps, "Nickname of object"); break; - case opt_OutputFile: - pusg(ps, "File for output (def: stdout)"); break; - case opt_Binary: - pusg(ps, "Use raw (binary der-encoded) mode for I/O"); break; - case opt_Trust: - pusg(ps, "Trust level for certificate"); break; - case opt_Help: break; - default: - pusg(ps, "Unrecognized option"); - } - } -} - -int -main(int argc, char **argv) -{ - PRFileDesc *infile = NULL; - PRFileDesc *outfile = NULL; - char *profiledir = "./"; -#if 0 - secuPWData pwdata = { PW_NONE, 0 }; -#endif - int objclass = 3; /* ANY */ - NSSTrustDomain *root_cert_td = NULL; - char *rootpath = NULL; - char builtin_name[]= "libnssckbi.so"; /* temporary hardcode */ - PRStatus rv = PR_SUCCESS; - - int cmdToRun; - cmdCommand pkiutil; - pkiutil.ncmd = pkiutil_num_commands; - pkiutil.nopt = pkiutil_num_options; - pkiutil.cmd = pkiutil_commands; - pkiutil.opt = pkiutil_options; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - cmdToRun = CMD_ParseCommandLine(argc, argv, progName, &pkiutil); - -#if 0 - { int i, nc; - for (i=0; i<pkiutil.ncmd; i++) - printf("%s: %s <%s>\n", pkiutil.cmd[i].s, - (pkiutil.cmd[i].on) ? "on" : "off", - pkiutil.cmd[i].arg); - for (i=0; i<pkiutil.nopt; i++) - printf("%s: %s <%s>\n", pkiutil.opt[i].s, - (pkiutil.opt[i].on) ? "on" : "off", - pkiutil.opt[i].arg); - } -#endif - - if (pkiutil.opt[opt_Help].on) - CMD_LongUsage(progName, &pkiutil, pkiutil_usage); - - if (cmdToRun < 0) - CMD_Usage(progName, &pkiutil); - - /* -d */ - if (pkiutil.opt[opt_ProfileDir].on) { - profiledir = strdup(pkiutil.opt[opt_ProfileDir].arg); - } - - /* -i */ - if (pkiutil.opt[opt_InputFile].on) { - char *fn = pkiutil.opt[opt_InputFile].arg; - infile = PR_Open(fn, PR_RDONLY, 0660); - } else { - infile = PR_STDIN; - } - - /* -o */ - if (pkiutil.opt[opt_OutputFile].on) { - char *fn = pkiutil.opt[opt_OutputFile].arg; - outfile = PR_Open(fn, PR_WRONLY | PR_CREATE_FILE, 0660); - } else { - outfile = PR_STDOUT; - } - - /* --type can be found on many options */ - if (pkiutil.opt[opt_Type].on) - objclass = get_object_class(pkiutil.opt[opt_Type].arg); - else if (cmdToRun == cmd_Dump && pkiutil.cmd[cmd_Dump].arg) - objclass = get_object_class(pkiutil.cmd[cmd_Dump].arg); - else if (cmdToRun == cmd_List && pkiutil.cmd[cmd_List].arg) - objclass = get_object_class(pkiutil.cmd[cmd_List].arg); - else if (cmdToRun == cmd_Add && pkiutil.cmd[cmd_Add].arg) - objclass = get_object_class(pkiutil.cmd[cmd_Add].arg); - if (objclass < 0) - goto done; - - /* --print is an alias for --list --nickname */ - if (cmdToRun == cmd_Dump) cmdToRun = cmd_List; - - /* if list has raw | ascii must have -n. can't have both raw and ascii */ - if (pkiutil.opt[opt_Binary].on || pkiutil.opt[opt_Ascii].on) { - if (cmdToRun == cmd_List && !pkiutil.opt[opt_Nickname].on) { - fprintf(stderr, "%s: specify a object to output with -n\n", - progName); - CMD_LongUsage(progName, &pkiutil, pkiutil_usage); - } - } - - /* initialize */ - PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - /* NSS_InitReadWrite(profiledir); */ - NSS_NoDB_Init(NULL); - - /* Display version info and exit */ - if (cmdToRun == cmd_Version) { - printf("%s\nNSS Version %s\n", PKIUTIL_VERSION_STRING, NSS_VERSION); - goto done; - } - - /* XXX okay - bootstrap stan by loading the root cert module for testing */ - root_cert_td = NSSTrustDomain_Create(NULL, NULL, NULL, NULL); - { - int rootpathlen = strlen(profiledir) + strlen(builtin_name) + 1; - rootpath = (char *)malloc(rootpathlen); - memcpy(rootpath, profiledir, strlen(profiledir)); - memcpy(rootpath + strlen(profiledir), - builtin_name, strlen(builtin_name)); - rootpath[rootpathlen - 1] = '\0'; - } - NSSTrustDomain_LoadModule(root_cert_td, "Builtin Root Module", rootpath, - NULL, NULL); - - printf("\n"); - if (pkiutil.opt[opt_Nickname].on) { - int i; - NSSCertificate **certs; - NSSCertificate *cert; - certs = NSSTrustDomain_FindCertificatesByNickname(root_cert_td, - pkiutil.opt[opt_Nickname].arg, NULL, 0, NULL); - i = 0; - while ((cert = certs[i++]) != NULL) { - printf("Found cert:\n"); - print_cert_callback(cert, NULL); - } - } else { - NSSTrustDomain_TraverseCertificates(root_cert_td, print_cert_callback, 0); - } - - NSSTrustDomain_Destroy(root_cert_td); - - /* List token objects */ - if (cmdToRun == cmd_List) { -#if 0 - rv = list_token_objects(slot, objclass, - pkiutil.opt[opt_Nickname].arg, - pkiutil.opt[opt_Binary].on, - pkiutil.opt[opt_Ascii].on, - outfile, &pwdata); -#endif - goto done; - } - -#if 0 - /* Import an object into the token. */ - if (cmdToRun == cmd_Add) { - rv = add_object_to_token(slot, object); - goto done; - } -#endif - -done: - NSS_Shutdown(); - - return rv; -} |