diff options
Diffstat (limited to 'nss/cmd/ocspresp/ocspresp.c')
-rw-r--r-- | nss/cmd/ocspresp/ocspresp.c | 71 |
1 files changed, 35 insertions, 36 deletions
diff --git a/nss/cmd/ocspresp/ocspresp.c b/nss/cmd/ocspresp/ocspresp.c index cbc8269..632623c 100644 --- a/nss/cmd/ocspresp/ocspresp.c +++ b/nss/cmd/ocspresp/ocspresp.c @@ -23,7 +23,7 @@ #include <stdio.h> #include <string.h> -secuPWData pwdata = { PW_NONE, 0 }; +secuPWData pwdata = { PW_NONE, 0 }; static PRBool getCaAndSubjectCert(CERTCertDBHandle *certHandle, @@ -48,17 +48,17 @@ encode(PLArenaPool *arena, CERTOCSPCertID *cid, CERTCertificate *ca) return NULL; nextUpdate = now + 10 * PR_USEC_PER_SEC; /* in the future */ - + sr = CERT_CreateOCSPSingleResponseGood(arena, cid, now, &nextUpdate); /* meaning of value 2: one entry + one end marker */ - responses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse*, 2); + responses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse *, 2); if (responses == NULL) return NULL; - + responses[0] = sr; responses[1] = NULL; - + response = CERT_CreateEncodedOCSPSuccessResponse( arena, ca, ocspResponderID_byName, now, responses, &pwdata); @@ -83,7 +83,7 @@ encodeRevoked(PLArenaPool *arena, CERTOCSPCertID *cid, CERTCertificate *ca) revocationTime, NULL); /* meaning of value 2: one entry + one end marker */ - responses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse*, 2); + responses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse *, 2); if (responses == NULL) return NULL; @@ -96,23 +96,24 @@ encodeRevoked(PLArenaPool *arena, CERTOCSPCertID *cid, CERTCertificate *ca) return response; } -int Usage(void) +int +Usage(void) { PRFileDesc *pr_stderr = PR_STDERR; - PR_fprintf (pr_stderr, "ocspresp runs an internal selftest for OCSP response creation"); - PR_fprintf (pr_stderr, "Usage:"); - PR_fprintf (pr_stderr, - "\tocspresp <dbdir> <CA-nick> <EE-nick> [-p <pass>] [-f <file>]\n"); - PR_fprintf (pr_stderr, - "\tdbdir: Find security databases in \"dbdir\"\n"); - PR_fprintf (pr_stderr, - "\tCA-nick: nickname of a trusted CA certificate with private key\n"); - PR_fprintf (pr_stderr, - "\tEE-nick: nickname of a entity cert issued by CA\n"); - PR_fprintf (pr_stderr, - "\t-p: a password for db\n"); - PR_fprintf (pr_stderr, - "\t-f: a filename containing the password for db\n"); + PR_fprintf(pr_stderr, "ocspresp runs an internal selftest for OCSP response creation"); + PR_fprintf(pr_stderr, "Usage:"); + PR_fprintf(pr_stderr, + "\tocspresp <dbdir> <CA-nick> <EE-nick> [-p <pass>] [-f <file>]\n"); + PR_fprintf(pr_stderr, + "\tdbdir: Find security databases in \"dbdir\"\n"); + PR_fprintf(pr_stderr, + "\tCA-nick: nickname of a trusted CA certificate with private key\n"); + PR_fprintf(pr_stderr, + "\tEE-nick: nickname of a entity cert issued by CA\n"); + PR_fprintf(pr_stderr, + "\t-p: a password for db\n"); + PR_fprintf(pr_stderr, + "\t-f: a filename containing the password for db\n"); return -1; } @@ -126,13 +127,13 @@ main(int argc, char **argv) CERTOCSPCertID *cid = NULL; PLArenaPool *arena = NULL; PRTime now = PR_Now(); - + SECItem *encoded = NULL; CERTOCSPResponse *decoded = NULL; SECItem *encodedRev = NULL; CERTOCSPResponse *decodedRev = NULL; - + SECItem *encodedFail = NULL; CERTOCSPResponse *decodedFail = NULL; @@ -146,12 +147,10 @@ main(int argc, char **argv) if (!strcmp(argv[4], "-p")) { pwdata.source = PW_PLAINTEXT; pwdata.data = PORT_Strdup(argv[5]); - } - else if (!strcmp(argv[4], "-f")) { + } else if (!strcmp(argv[4], "-f")) { pwdata.source = PW_FROMFILE; pwdata.data = PORT_Strdup(argv[5]); - } - else + } else return Usage(); } @@ -159,15 +158,15 @@ main(int argc, char **argv) /*rv = NSS_Init(SECU_ConfigDirectory(NULL));*/ rv = NSS_Init(argv[1]); if (rv != SECSuccess) { - SECU_PrintPRandOSError(argv[0]); - goto loser; + SECU_PrintPRandOSError(argv[0]); + goto loser; } PK11_SetPasswordFunc(SECU_GetModulePassword); certHandle = CERT_GetDefaultCertDB(); if (!certHandle) - goto loser; + goto loser; if (!getCaAndSubjectCert(certHandle, argv[2], argv[3], &caCert, &cert)) goto loser; @@ -181,9 +180,9 @@ main(int argc, char **argv) PORT_CheckSuccess(CERT_GetOCSPResponseStatus(decoded)); PORT_CheckSuccess(CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata, - &obtainedSignerCert, caCert)); + &obtainedSignerCert, caCert)); PORT_CheckSuccess(CERT_GetOCSPStatusForCertID(certHandle, decoded, cid, - obtainedSignerCert, now)); + obtainedSignerCert, now)); CERT_DestroyCertificate(obtainedSignerCert); encodedRev = encodeRevoked(arena, cid, caCert); @@ -192,7 +191,7 @@ main(int argc, char **argv) PORT_CheckSuccess(CERT_GetOCSPResponseStatus(decodedRev)); PORT_CheckSuccess(CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata, - &obtainedSignerCert, caCert)); + &obtainedSignerCert, caCert)); #ifdef DEBUG { SECStatus rv = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid, @@ -205,7 +204,7 @@ main(int argc, char **argv) obtainedSignerCert, now); #endif CERT_DestroyCertificate(obtainedSignerCert); - + encodedFail = CERT_CreateEncodedOCSPErrorResponse( arena, SEC_ERROR_OCSP_TRY_SERVER_LATER); PORT_Assert(encodedFail); @@ -223,7 +222,7 @@ main(int argc, char **argv) loser: if (retval != 0) SECU_PrintError(argv[0], "tests failed"); - + if (cid) CERT_DestroyOCSPCertID(cid); if (cert) @@ -241,7 +240,7 @@ loser: if (pwdata.data) { PORT_Free(pwdata.data); } - + if (NSS_Shutdown() != SECSuccess) { SECU_PrintError(argv[0], "NSS shutdown:"); if (retval == 0) |