diff options
Diffstat (limited to 'nss/cmd/signver')
-rw-r--r-- | nss/cmd/signver/pk7print.c | 350 | ||||
-rw-r--r-- | nss/cmd/signver/signver.c | 350 | ||||
-rw-r--r-- | nss/cmd/signver/signver.gyp | 26 |
3 files changed, 378 insertions, 348 deletions
diff --git a/nss/cmd/signver/pk7print.c b/nss/cmd/signver/pk7print.c index ba83897..deaaaf9 100644 --- a/nss/cmd/signver/pk7print.c +++ b/nss/cmd/signver/pk7print.c @@ -6,32 +6,28 @@ ** secutil.c - various functions used by security stuff ** */ - + /* pkcs #7 -related functions */ - - + #include "secutil.h" #include "secpkcs7.h" #include "secoid.h" #include <sys/stat.h> #include <stdarg.h> - + #ifdef XP_UNIX #include <unistd.h> #endif - + /* for SEC_TraverseNames */ #include "cert.h" #include "prtypes.h" #include "prtime.h" - + #include "prlong.h" #include "secmod.h" #include "pk11func.h" #include "prerror.h" - - - /* ** PKCS7 Support @@ -41,14 +37,14 @@ int sv_PrintPKCS7ContentInfo(FILE *, SEC_PKCS7ContentInfo *, char *); - void sv_PrintAsHex(FILE *out, SECItem *data, char *m) { unsigned i; - if (m) fprintf(out, "%s", m); - + if (m) + fprintf(out, "%s", m); + for (i = 0; i < data->len; i++) { if (i < data->len - 1) { fprintf(out, "%02x:", data->data[i]); @@ -72,25 +68,25 @@ sv_PrintInteger(FILE *out, SECItem *i, char *m) } } - int sv_PrintTime(FILE *out, SECItem *t, char *m) { - PRExplodedTime printableTime; + PRExplodedTime printableTime; PRTime time; char *timeString; int rv; rv = DER_DecodeTimeChoice(&time, t); - if (rv) return rv; + if (rv) + return rv; /* Convert to local time */ PR_ExplodeTime(time, PR_LocalTimeParameters, &printableTime); timeString = (char *)PORT_Alloc(256); - if ( timeString ) { - if (PR_FormatTime( timeString, 256, "%a %b %d %H:%M:%S %Y", &printableTime )) { + if (timeString) { + if (PR_FormatTime(timeString, 256, "%a %b %d %H:%M:%S %Y", &printableTime)) { fprintf(out, "%s%s\n", m, timeString); } PORT_Free(timeString); @@ -106,7 +102,8 @@ sv_PrintValidity(FILE *out, CERTValidity *v, char *m) fprintf(out, "%s", m); rv = sv_PrintTime(out, &v->notBefore, "notBefore="); - if (rv) return rv; + if (rv) + return rv; fprintf(out, "%s", m); sv_PrintTime(out, &v->notAfter, "notAfter="); return rv; @@ -117,7 +114,7 @@ sv_PrintObjectID(FILE *out, SECItem *oid, char *m) { const char *name; SECOidData *oiddata; - + oiddata = SECOID_FindOID(oid); if (oiddata == NULL) { sv_PrintAsHex(out, oid, m); @@ -159,7 +156,7 @@ sv_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m) if (attr->values != NULL) { i = 0; while ((value = attr->values[i]) != NULL) { - sprintf(om, "%svalue[%d]=%s", m, i++, attr->encoded ? "(encoded)" : ""); + sprintf(om, "%svalue[%d]=%s", m, i++, attr->encoded ? "(encoded)" : ""); if (attr->encoded || attr->typeTag == NULL) { sv_PrintAsHex(out, value, om); } else { @@ -189,29 +186,28 @@ sv_PrintName(FILE *out, CERTName *name, char *msg) PORT_Free(str); } - #if 0 /* ** secu_PrintPKCS7EncContent ** Prints a SEC_PKCS7EncryptedContentInfo (without decrypting it) */ void -secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src, - char *m, int level) +secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src, + char *m, int level) { if (src->contentTypeTag == NULL) - src->contentTypeTag = SECOID_FindOID(&(src->contentType)); + src->contentTypeTag = SECOID_FindOID(&(src->contentType)); secu_Indent(out, level); fprintf(out, "%s:\n", m); - secu_Indent(out, level + 1); + secu_Indent(out, level + 1); fprintf(out, "Content Type: %s\n", - (src->contentTypeTag != NULL) ? src->contentTypeTag->desc - : "Unknown"); + (src->contentTypeTag != NULL) ? src->contentTypeTag->desc + : "Unknown"); sv_PrintAlgorithmID(out, &(src->contentEncAlg), - "Content Encryption Algorithm"); - sv_PrintAsHex(out, &(src->encContent), - "Encrypted Content", level+1); + "Content Encryption Algorithm"); + sv_PrintAsHex(out, &(src->encContent), + "Encrypted Content", level+1); } /* @@ -219,24 +215,24 @@ secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src, ** Prints a PKCS7RecipientInfo type */ void -secu_PrintRecipientInfo(FILE *out, SEC_PKCS7RecipientInfo *info, char *m, - int level) +secu_PrintRecipientInfo(FILE *out, SEC_PKCS7RecipientInfo *info, char *m, + int level) { secu_Indent(out, level); fprintf(out, "%s:\n", m); - sv_PrintInteger(out, &(info->version), "Version"); + sv_PrintInteger(out, &(info->version), "Version"); sv_PrintName(out, &(info->issuerAndSN->issuer), "Issuer"); - sv_PrintInteger(out, &(info->issuerAndSN->serialNumber), - "Serial Number"); + sv_PrintInteger(out, &(info->issuerAndSN->serialNumber), + "Serial Number"); /* Parse and display encrypted key */ - sv_PrintAlgorithmID(out, &(info->keyEncAlg), - "Key Encryption Algorithm"); + sv_PrintAlgorithmID(out, &(info->keyEncAlg), + "Key Encryption Algorithm"); sv_PrintAsHex(out, &(info->encKey), "Encrypted Key", level + 1); } #endif -/* +/* ** secu_PrintSignerInfo ** Prints a PKCS7SingerInfo type */ @@ -245,47 +241,49 @@ sv_PrintSignerInfo(FILE *out, SEC_PKCS7SignerInfo *info, char *m) { SEC_PKCS7Attribute *attr; int iv; - + fprintf(out, "%s", m); sv_PrintInteger(out, &(info->version), "version="); fprintf(out, "%s", m); sv_PrintName(out, &(info->issuerAndSN->issuer), "issuerName="); fprintf(out, "%s", m); - sv_PrintInteger(out, &(info->issuerAndSN->serialNumber), - "serialNumber="); - + sv_PrintInteger(out, &(info->issuerAndSN->serialNumber), + "serialNumber="); + fprintf(out, "%s", m); sv_PrintAlgorithmID(out, &(info->digestAlg), "digestAlgorithm="); - + if (info->authAttr != NULL) { char mm[120]; iv = 0; - while (info->authAttr[iv] != NULL) iv++; + while (info->authAttr[iv] != NULL) + iv++; fprintf(out, "%sauthenticatedAttributes=%d\n", m, iv); iv = 0; while ((attr = info->authAttr[iv]) != NULL) { - sprintf(mm, "%sattribute[%d].", m, iv++); + sprintf(mm, "%sattribute[%d].", m, iv++); sv_PrintAttribute(out, attr, mm); } } - + /* Parse and display signature */ fprintf(out, "%s", m); sv_PrintAlgorithmID(out, &(info->digestEncAlg), "digestEncryptionAlgorithm="); fprintf(out, "%s", m); sv_PrintAsHex(out, &(info->encDigest), "encryptedDigest="); - + if (info->unAuthAttr != NULL) { char mm[120]; iv = 0; - while (info->unAuthAttr[iv] != NULL) iv++; + while (info->unAuthAttr[iv] != NULL) + iv++; fprintf(out, "%sunauthenticatedAttributes=%d\n", m, iv); iv = 0; while ((attr = info->unAuthAttr[iv]) != NULL) { - sprintf(mm, "%sattribute[%d].", m, iv++); + sprintf(mm, "%sattribute[%d].", m, iv++); sv_PrintAttribute(out, attr, mm); } } @@ -315,7 +313,7 @@ sv_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m) int sv_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena, - CERTSubjectPublicKeyInfo *i, char *msg) + CERTSubjectPublicKeyInfo *i, char *msg) { SECKEYPublicKey *pk; int rv; @@ -324,16 +322,18 @@ sv_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena, sprintf(mm, "%s.publicKeyAlgorithm=", msg); sv_PrintAlgorithmID(out, &i->algorithm, mm); - pk = (SECKEYPublicKey*) PORT_ZAlloc(sizeof(SECKEYPublicKey)); - if (!pk) return PORT_GetError(); + pk = (SECKEYPublicKey *)PORT_ZAlloc(sizeof(SECKEYPublicKey)); + if (!pk) + return PORT_GetError(); DER_ConvertBitString(&i->subjectPublicKey); - switch(SECOID_FindOIDTag(&i->algorithm.algorithm)) { + switch (SECOID_FindOIDTag(&i->algorithm.algorithm)) { case SEC_OID_PKCS1_RSA_ENCRYPTION: rv = SEC_ASN1DecodeItem(arena, pk, SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), &i->subjectPublicKey); - if (rv) return rv; + if (rv) + return rv; sprintf(mm, "%s.rsaPublicKey.", msg); sv_PrintRSAPublicKey(out, pk, mm); break; @@ -341,7 +341,8 @@ sv_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena, rv = SEC_ASN1DecodeItem(arena, pk, SEC_ASN1_GET(SECKEY_DSAPublicKeyTemplate), &i->subjectPublicKey); - if (rv) return rv; + if (rv) + return rv; sprintf(mm, "%s.dsaPublicKey.", msg); sv_PrintDSAPublicKey(out, pk, mm); break; @@ -354,7 +355,7 @@ sv_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena, } SECStatus -sv_PrintInvalidDateExten (FILE *out, SECItem *value, char *msg) +sv_PrintInvalidDateExten(FILE *out, SECItem *value, char *msg) { SECItem decodedValue; SECStatus rv; @@ -362,18 +363,18 @@ sv_PrintInvalidDateExten (FILE *out, SECItem *value, char *msg) char *formattedTime = NULL; decodedValue.data = NULL; - rv = SEC_ASN1DecodeItem (NULL, &decodedValue, - SEC_ASN1_GET(SEC_GeneralizedTimeTemplate), - value); + rv = SEC_ASN1DecodeItem(NULL, &decodedValue, + SEC_ASN1_GET(SEC_GeneralizedTimeTemplate), + value); if (rv == SECSuccess) { rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue); if (rv == SECSuccess) { formattedTime = CERT_GenTime2FormattedAscii(invalidTime, "%a %b %d %H:%M:%S %Y"); - fprintf (out, "%s: %s\n", msg, formattedTime); - PORT_Free (formattedTime); + fprintf(out, "%s: %s\n", msg, formattedTime); + PORT_Free(formattedTime); } } - PORT_Free (decodedValue.data); + PORT_Free(decodedValue.data); return (rv); } @@ -385,7 +386,7 @@ sv_PrintExtensions(FILE *out, CERTCertExtension **extensions, char *msg) if (extensions) { - while ( *extensions ) { + while (*extensions) { SECItem *tmpitem; fprintf(out, "%sname=", msg); @@ -394,18 +395,18 @@ sv_PrintExtensions(FILE *out, CERTCertExtension **extensions, char *msg) sv_PrintObjectID(out, tmpitem, NULL); tmpitem = &(*extensions)->critical; - if ( tmpitem->len ) + if (tmpitem->len) fprintf(out, "%scritical=%s\n", msg, - (tmpitem->data && tmpitem->data[0])? "True": "False"); + (tmpitem->data && tmpitem->data[0]) ? "True" : "False"); - oidTag = SECOID_FindOIDTag (&((*extensions)->id)); + oidTag = SECOID_FindOIDTag(&((*extensions)->id)); fprintf(out, "%s", msg); tmpitem = &((*extensions)->value); - if (oidTag == SEC_OID_X509_INVALID_DATE) - sv_PrintInvalidDateExten (out, tmpitem,"invalidExt"); - else - sv_PrintAsHex(out,tmpitem, "data="); + if (oidTag == SEC_OID_X509_INVALID_DATE) + sv_PrintInvalidDateExten(out, tmpitem, "invalidExt"); + else + sv_PrintAsHex(out, tmpitem, "data="); /*fprintf(out, "\n");*/ extensions++; @@ -425,7 +426,7 @@ sv_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m) CERTCrlEntry *entry; int iv; char om[100]; - + fprintf(out, "%s", m); sv_PrintAlgorithmID(out, &(crl->signatureAlg), "signatureAlgorithm="); fprintf(out, "%s", m); @@ -434,23 +435,22 @@ sv_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m) sv_PrintTime(out, &(crl->lastUpdate), "lastUpdate="); fprintf(out, "%s", m); sv_PrintTime(out, &(crl->nextUpdate), "nextUpdate="); - + if (crl->entries != NULL) { iv = 0; while ((entry = crl->entries[iv]) != NULL) { - fprintf(out, "%sentry[%d].", m, iv); + fprintf(out, "%sentry[%d].", m, iv); sv_PrintInteger(out, &(entry->serialNumber), "serialNumber="); - fprintf(out, "%sentry[%d].", m, iv); + fprintf(out, "%sentry[%d].", m, iv); sv_PrintTime(out, &(entry->revocationDate), "revocationDate="); - sprintf(om, "%sentry[%d].signedCRLEntriesExtensions.", m, iv++); + sprintf(om, "%sentry[%d].signedCRLEntriesExtensions.", m, iv++); sv_PrintExtensions(out, entry->extensions, om); } } - sprintf(om, "%ssignedCRLEntriesExtensions.", m); + sprintf(om, "%ssignedCRLEntriesExtensions.", m); sv_PrintExtensions(out, crl->extensions, om); } - int sv_PrintCertificate(FILE *out, SECItem *der, char *m, int level) { @@ -459,13 +459,15 @@ sv_PrintCertificate(FILE *out, SECItem *der, char *m, int level) int rv; int iv; char mm[200]; - + /* Decode certificate */ - c = (CERTCertificate*) PORT_ZAlloc(sizeof(CERTCertificate)); - if (!c) return PORT_GetError(); + c = (CERTCertificate *)PORT_ZAlloc(sizeof(CERTCertificate)); + if (!c) + return PORT_GetError(); arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (!arena) return SEC_ERROR_NO_MEMORY; + if (!arena) + return SEC_ERROR_NO_MEMORY; rv = SEC_ASN1DecodeItem(arena, c, SEC_ASN1_GET(CERT_CertificateTemplate), der); @@ -495,7 +497,7 @@ sv_PrintCertificate(FILE *out, SECItem *der, char *m, int level) } sprintf(mm, "%ssignedExtensions.", m); sv_PrintExtensions(out, c->extensions, mm); - + PORT_FreeArena(arena, PR_FALSE); return 0; } @@ -508,11 +510,13 @@ sv_PrintSignedData(FILE *out, SECItem *der, char *m, SECU_PPFunc inner) int rv; /* Strip off the signature */ - sd = (CERTSignedData*) PORT_ZAlloc(sizeof(CERTSignedData)); - if (!sd) return PORT_GetError(); + sd = (CERTSignedData *)PORT_ZAlloc(sizeof(CERTSignedData)); + if (!sd) + return PORT_GetError(); arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (!arena) return SEC_ERROR_NO_MEMORY; + if (!arena) + return SEC_ERROR_NO_MEMORY; rv = SEC_ASN1DecodeItem(arena, sd, SEC_ASN1_GET(CERT_SignedDataTemplate), der); @@ -521,7 +525,7 @@ sv_PrintSignedData(FILE *out, SECItem *der, char *m, SECU_PPFunc inner) return rv; } -/* fprintf(out, "%s:\n", m); */ + /* fprintf(out, "%s:\n", m); */ PORT_Strcat(m, "data."); rv = (*inner)(out, &sd->data, m, 0); @@ -539,10 +543,8 @@ sv_PrintSignedData(FILE *out, SECItem *der, char *m, SECU_PPFunc inner) PORT_FreeArena(arena, PR_FALSE); return 0; - } - /* ** secu_PrintPKCS7Signed ** Pretty print a PKCS7 signed data type (up to version 1). @@ -550,10 +552,10 @@ sv_PrintSignedData(FILE *out, SECItem *der, char *m, SECU_PPFunc inner) int sv_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src) { - SECAlgorithmID *digAlg; /* digest algorithms */ - SECItem *aCert; /* certificate */ - CERTSignedCrl *aCrl; /* certificate revocation list */ - SEC_PKCS7SignerInfo *sigInfo; /* signer information */ + SECAlgorithmID *digAlg; /* digest algorithms */ + SECItem *aCert; /* certificate */ + CERTSignedCrl *aCrl; /* certificate revocation list */ + SEC_PKCS7SignerInfo *sigInfo; /* signer information */ int rv, iv; char om[120]; @@ -573,9 +575,10 @@ sv_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src) } /* Now for the content */ - rv = sv_PrintPKCS7ContentInfo(out, &(src->contentInfo), - "pkcs7.contentInformation="); - if (rv != 0) return rv; + rv = sv_PrintPKCS7ContentInfo(out, &(src->contentInfo), + "pkcs7.contentInformation="); + if (rv != 0) + return rv; /* Parse and list certificates (if any) */ if (src->rawCerts != NULL) { @@ -588,20 +591,22 @@ sv_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src) while ((aCert = src->rawCerts[iv]) != NULL) { sprintf(om, "certificate[%d].", iv++); rv = sv_PrintSignedData(out, aCert, om, sv_PrintCertificate); - if (rv) return rv; + if (rv) + return rv; } } /* Parse and list CRL's (if any) */ if (src->crls != NULL) { iv = 0; - while (src->crls[iv] != NULL) iv++; + while (src->crls[iv] != NULL) + iv++; fprintf(out, "pkcs7.signedRevocationLists=%d\n", iv); iv = 0; while ((aCrl = src->crls[iv]) != NULL) { sprintf(om, "signedRevocationList[%d].", iv); fprintf(out, "%s", om); - sv_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm, + sv_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm, "signatureAlgorithm="); DER_ConvertBitString(&aCrl->signatureWrap.signature); fprintf(out, "%s", om); @@ -623,7 +628,7 @@ sv_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src) sprintf(om, "signerInformation[%d].", iv++); sv_PrintSignerInfo(out, sigInfo, om); } - } + } return 0; } @@ -635,7 +640,7 @@ sv_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src) */ void secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src, - char *m, int level) + char *m, int level) { SEC_PKCS7RecipientInfo *recInfo; /* pointer for signer information */ int iv; @@ -646,17 +651,17 @@ secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src, /* Parse and list recipients (this is not optional) */ if (src->recipientInfos != NULL) { - secu_Indent(out, level + 1); - fprintf(out, "Recipient Information List:\n"); - iv = 0; - while ((recInfo = src->recipientInfos[iv++]) != NULL) { - sprintf(om, "Recipient Information (%x)", iv); - secu_PrintRecipientInfo(out, recInfo, om, level + 2); - } - } - - secu_PrintPKCS7EncContent(out, &src->encContentInfo, - "Encrypted Content Information", level + 1); + secu_Indent(out, level + 1); + fprintf(out, "Recipient Information List:\n"); + iv = 0; + while ((recInfo = src->recipientInfos[iv++]) != NULL) { + sprintf(om, "Recipient Information (%x)", iv); + secu_PrintRecipientInfo(out, recInfo, om, level + 2); + } + } + + secu_PrintPKCS7EncContent(out, &src->encContentInfo, + "Encrypted Content Information", level + 1); } /* @@ -665,8 +670,8 @@ secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src, */ int secu_PrintPKCS7SignedAndEnveloped(FILE *out, - SEC_PKCS7SignedAndEnvelopedData *src, - char *m, int level) + SEC_PKCS7SignedAndEnvelopedData *src, + char *m, int level) { SECAlgorithmID *digAlg; /* pointer for digest algorithms */ SECItem *aCert; /* pointer for certificate */ @@ -681,69 +686,69 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *out, /* Parse and list recipients (this is not optional) */ if (src->recipientInfos != NULL) { - secu_Indent(out, level + 1); - fprintf(out, "Recipient Information List:\n"); - iv = 0; - while ((recInfo = src->recipientInfos[iv++]) != NULL) { - sprintf(om, "Recipient Information (%x)", iv); - secu_PrintRecipientInfo(out, recInfo, om, level + 2); - } - } + secu_Indent(out, level + 1); + fprintf(out, "Recipient Information List:\n"); + iv = 0; + while ((recInfo = src->recipientInfos[iv++]) != NULL) { + sprintf(om, "Recipient Information (%x)", iv); + secu_PrintRecipientInfo(out, recInfo, om, level + 2); + } + } /* Parse and list digest algorithms (if any) */ if (src->digestAlgorithms != NULL) { - secu_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n"); - iv = 0; - while ((digAlg = src->digestAlgorithms[iv++]) != NULL) { - sprintf(om, "Digest Algorithm (%x)", iv); - sv_PrintAlgorithmID(out, digAlg, om); - } + secu_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n"); + iv = 0; + while ((digAlg = src->digestAlgorithms[iv++]) != NULL) { + sprintf(om, "Digest Algorithm (%x)", iv); + sv_PrintAlgorithmID(out, digAlg, om); + } } - secu_PrintPKCS7EncContent(out, &src->encContentInfo, - "Encrypted Content Information", level + 1); + secu_PrintPKCS7EncContent(out, &src->encContentInfo, + "Encrypted Content Information", level + 1); /* Parse and list certificates (if any) */ if (src->rawCerts != NULL) { - secu_Indent(out, level + 1); fprintf(out, "Certificate List:\n"); - iv = 0; - while ((aCert = src->rawCerts[iv++]) != NULL) { - sprintf(om, "Certificate (%x)", iv); - rv = SECU_PrintSignedData(out, aCert, om, level + 2, - SECU_PrintCertificate); - if (rv) - return rv; - } + secu_Indent(out, level + 1); fprintf(out, "Certificate List:\n"); + iv = 0; + while ((aCert = src->rawCerts[iv++]) != NULL) { + sprintf(om, "Certificate (%x)", iv); + rv = SECU_PrintSignedData(out, aCert, om, level + 2, + SECU_PrintCertificate); + if (rv) + return rv; + } } /* Parse and list CRL's (if any) */ if (src->crls != NULL) { - secu_Indent(out, level + 1); - fprintf(out, "Signed Revocation Lists:\n"); - iv = 0; - while ((aCrl = src->crls[iv++]) != NULL) { - sprintf(om, "Signed Revocation List (%x)", iv); - secu_Indent(out, level + 2); fprintf(out, "%s:\n", om); - sv_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm, - "Signature Algorithm"); - DER_ConvertBitString(&aCrl->signatureWrap.signature); - sv_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature", - level+3); - SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List", - level + 3); - } + secu_Indent(out, level + 1); + fprintf(out, "Signed Revocation Lists:\n"); + iv = 0; + while ((aCrl = src->crls[iv++]) != NULL) { + sprintf(om, "Signed Revocation List (%x)", iv); + secu_Indent(out, level + 2); fprintf(out, "%s:\n", om); + sv_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm, + "Signature Algorithm"); + DER_ConvertBitString(&aCrl->signatureWrap.signature); + sv_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature", + level+3); + SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List", + level + 3); + } } /* Parse and list signatures (if any) */ if (src->signerInfos != NULL) { - secu_Indent(out, level + 1); - fprintf(out, "Signer Information List:\n"); - iv = 0; - while ((sigInfo = src->signerInfos[iv++]) != NULL) { - sprintf(om, "Signer Information (%x)", iv); - secu_PrintSignerInfo(out, sigInfo, om, level + 2); - } - } + secu_Indent(out, level + 1); + fprintf(out, "Signer Information List:\n"); + iv = 0; + while ((sigInfo = src->signerInfos[iv++]) != NULL) { + sprintf(om, "Signer Information (%x)", iv); + secu_PrintSignerInfo(out, sigInfo, om, level + 2); + } + } return 0; } @@ -754,13 +759,13 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *out, */ void secu_PrintPKCS7Encrypted(FILE *out, SEC_PKCS7EncryptedData *src, - char *m, int level) + char *m, int level) { secu_Indent(out, level); fprintf(out, "%s:\n", m); sv_PrintInteger(out, &(src->version), "Version", level + 1); - secu_PrintPKCS7EncContent(out, &src->encContentInfo, - "Encrypted Content Information", level + 1); + secu_PrintPKCS7EncContent(out, &src->encContentInfo, + "Encrypted Content Information", level + 1); } /* @@ -772,18 +777,18 @@ sv_PrintPKCS7Digested(FILE *out, SEC_PKCS7DigestedData *src) { secu_Indent(out, level); fprintf(out, "%s:\n", m); sv_PrintInteger(out, &(src->version), "Version", level + 1); - + sv_PrintAlgorithmID(out, &src->digestAlg, "Digest Algorithm"); sv_PrintPKCS7ContentInfo(out, &src->contentInfo, "Content Information", - level + 1); - sv_PrintAsHex(out, &src->digest, "Digest", level + 1); + level + 1); + sv_PrintAsHex(out, &src->digest, "Digest", level + 1); } #endif /* ** secu_PrintPKCS7ContentInfo -** Takes a SEC_PKCS7ContentInfo type and sends the contents to the +** Takes a SEC_PKCS7ContentInfo type and sends the contents to the ** appropriate function */ int @@ -813,27 +818,27 @@ sv_PrintPKCS7ContentInfo(FILE *out, SEC_PKCS7ContentInfo *src, char *m) rv = 0; switch (kind) { - case SEC_OID_PKCS7_SIGNED_DATA: /* Signed Data */ + case SEC_OID_PKCS7_SIGNED_DATA: /* Signed Data */ rv = sv_PrintPKCS7Signed(out, src->content.signedData); break; - case SEC_OID_PKCS7_ENVELOPED_DATA: /* Enveloped Data */ + case SEC_OID_PKCS7_ENVELOPED_DATA: /* Enveloped Data */ fprintf(out, "pkcs7EnvelopedData=<unsupported>\n"); /*sv_PrintPKCS7Enveloped(out, src->content.envelopedData);*/ break; - case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: /* Signed and Enveloped */ + case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: /* Signed and Enveloped */ fprintf(out, "pkcs7SignedEnvelopedData=<unsupported>\n"); /*rv = sv_PrintPKCS7SignedAndEnveloped(out, src->content.signedAndEnvelopedData);*/ break; - case SEC_OID_PKCS7_DIGESTED_DATA: /* Digested Data */ + case SEC_OID_PKCS7_DIGESTED_DATA: /* Digested Data */ fprintf(out, "pkcs7DigestedData=<unsupported>\n"); /*sv_PrintPKCS7Digested(out, src->content.digestedData);*/ break; - case SEC_OID_PKCS7_ENCRYPTED_DATA: /* Encrypted Data */ + case SEC_OID_PKCS7_ENCRYPTED_DATA: /* Encrypted Data */ fprintf(out, "pkcs7EncryptedData=<unsupported>\n"); /*sv_PrintPKCS7Encrypted(out, src->content.encryptedData);*/ break; @@ -847,7 +852,6 @@ sv_PrintPKCS7ContentInfo(FILE *out, SEC_PKCS7ContentInfo *src, char *m) return rv; } - int SV_PrintPKCS7ContentInfo(FILE *out, SECItem *der) { diff --git a/nss/cmd/signver/signver.c b/nss/cmd/signver/signver.c index cd63a3c..4e89e9d 100644 --- a/nss/cmd/signver/signver.c +++ b/nss/cmd/signver/signver.c @@ -15,63 +15,63 @@ #include "prmem.h" /* Portable layer header files */ #include "plstr.h" -#include "sechash.h" /* for HASH_GetHashObject() */ +#include "sechash.h" /* for HASH_GetHashObject() */ static PRBool debugInfo; static PRBool verbose; static PRBool doVerify; static PRBool displayAll; -static const char * const usageInfo[] = { +static const char *const usageInfo[] = { "signver - verify a detached PKCS7 signature - Version " NSS_VERSION, "Commands:", - " -A display all information from pkcs #7", - " -V verify the signed object and display result", + " -A display all information from pkcs #7", + " -V verify the signed object and display result", "Options:", - " -a signature file is ASCII", - " -d certdir directory containing cert database", - " -i dataFileName input file containing signed data (default stdin)", + " -a signature file is ASCII", + " -d certdir directory containing cert database", + " -i dataFileName input file containing signed data (default stdin)", " -o outputFileName output file name, default stdout", " -s signatureFileName input file for signature (default stdin)", - " -v display verbose reason for failure" + " -v display verbose reason for failure" }; -static int nUsageInfo = sizeof(usageInfo)/sizeof(char *); +static int nUsageInfo = sizeof(usageInfo) / sizeof(char *); extern int SV_PrintPKCS7ContentInfo(FILE *, SECItem *); -static void Usage(char *progName, FILE *outFile) +static void +Usage(char *progName, FILE *outFile) { int i; fprintf(outFile, "Usage: %s [ commands ] options\n", progName); for (i = 0; i < nUsageInfo; i++) - fprintf(outFile, "%s\n", usageInfo[i]); + fprintf(outFile, "%s\n", usageInfo[i]); exit(-1); } static HASH_HashType AlgorithmToHashType(SECAlgorithmID *digestAlgorithms) { - SECOidTag tag = SECOID_GetAlgorithmTag(digestAlgorithms); + SECOidTag tag = SECOID_GetAlgorithmTag(digestAlgorithms); HASH_HashType hash = HASH_GetHashTypeByOidTag(tag); return hash; } - static SECStatus -DigestContent (SECItem * digest, SECItem * content, HASH_HashType hashType) +DigestContent(SECItem *digest, SECItem *content, HASH_HashType hashType) { unsigned int maxLen = digest->len; - unsigned int len = HASH_ResultLen(hashType); - SECStatus rv; + unsigned int len = HASH_ResultLen(hashType); + SECStatus rv; if (len > maxLen) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; } rv = HASH_HashBuf(hashType, digest->data, content->data, content->len); if (rv == SECSuccess) - digest->len = len; + digest->len = len; return rv; } @@ -84,7 +84,6 @@ enum { opt_ASCII, opt_CertDir, opt_InputDataFile, - opt_ItemNumber, opt_OutputFile, opt_InputSigFile, opt_PrintWhyFailure, @@ -92,37 +91,38 @@ enum { }; static secuCommandFlag signver_commands[] = -{ - { /* cmd_DisplayAllPCKS7Info*/ 'A', PR_FALSE, 0, PR_FALSE }, - { /* cmd_VerifySignedObj */ 'V', PR_FALSE, 0, PR_FALSE } -}; + { + { /* cmd_DisplayAllPCKS7Info*/ 'A', PR_FALSE, 0, PR_FALSE }, + { /* cmd_VerifySignedObj */ 'V', PR_FALSE, 0, PR_FALSE } + }; static secuCommandFlag signver_options[] = -{ - { /* opt_ASCII */ 'a', PR_FALSE, 0, PR_FALSE }, - { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE }, - { /* opt_InputDataFile */ 'i', PR_TRUE, 0, PR_FALSE }, - { /* opt_OutputFile */ 'o', PR_TRUE, 0, PR_FALSE }, - { /* opt_InputSigFile */ 's', PR_TRUE, 0, PR_FALSE }, - { /* opt_PrintWhyFailure */ 'v', PR_FALSE, 0, PR_FALSE }, - { /* opt_DebugInfo */ 0, PR_FALSE, 0, PR_FALSE, "debug" } -}; - -int main(int argc, char **argv) + { + { /* opt_ASCII */ 'a', PR_FALSE, 0, PR_FALSE }, + { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE }, + { /* opt_InputDataFile */ 'i', PR_TRUE, 0, PR_FALSE }, + { /* opt_OutputFile */ 'o', PR_TRUE, 0, PR_FALSE }, + { /* opt_InputSigFile */ 's', PR_TRUE, 0, PR_FALSE }, + { /* opt_PrintWhyFailure */ 'v', PR_FALSE, 0, PR_FALSE }, + { /* opt_DebugInfo */ 0, PR_FALSE, 0, PR_FALSE, "debug" } + }; + +int +main(int argc, char **argv) { PRFileDesc *contentFile = NULL; PRFileDesc *signFile = PR_STDIN; - FILE * outFile = stdout; - char * progName; - SECStatus rv; - int result = 1; - SECItem pkcs7der, content; + FILE *outFile = stdout; + char *progName; + SECStatus rv; + int result = 1; + SECItem pkcs7der, content; secuCommand signver; - pkcs7der.data = NULL; + pkcs7der.data = NULL; content.data = NULL; - signver.numCommands = sizeof(signver_commands) /sizeof(secuCommandFlag); + signver.numCommands = sizeof(signver_commands) / sizeof(secuCommandFlag); signver.numOptions = sizeof(signver_options) / sizeof(secuCommandFlag); signver.commands = signver_commands; signver.options = signver_options; @@ -132,175 +132,175 @@ int main(int argc, char **argv) #else progName = strrchr(argv[0], '/'); #endif - progName = progName ? progName+1 : argv[0]; + progName = progName ? progName + 1 : argv[0]; rv = SECU_ParseCommandLine(argc, argv, progName, &signver); if (SECSuccess != rv) { - Usage(progName, outFile); + Usage(progName, outFile); } - debugInfo = signver.options[opt_DebugInfo ].activated; - verbose = signver.options[opt_PrintWhyFailure ].activated; - doVerify = signver.commands[cmd_VerifySignedObj].activated; - displayAll= signver.commands[cmd_DisplayAllPCKS7Info].activated; + debugInfo = signver.options[opt_DebugInfo].activated; + verbose = signver.options[opt_PrintWhyFailure].activated; + doVerify = signver.commands[cmd_VerifySignedObj].activated; + displayAll = signver.commands[cmd_DisplayAllPCKS7Info].activated; if (!doVerify && !displayAll) - doVerify = PR_TRUE; + doVerify = PR_TRUE; - /* Set the certdb directory (default is ~/.netscape) */ + /* Set the certdb directory (default is ~/.netscape) */ rv = NSS_Init(SECU_ConfigDirectory(signver.options[opt_CertDir].arg)); if (rv != SECSuccess) { - SECU_PrintPRandOSError(progName); - return result; + SECU_PrintPRandOSError(progName); + return result; } /* below here, goto cleanup */ SECU_RegisterDynamicOids(); - /* Open the input content file. */ + /* Open the input content file. */ if (signver.options[opt_InputDataFile].activated && - signver.options[opt_InputDataFile].arg) { - if (PL_strcmp("-", signver.options[opt_InputDataFile].arg)) { - contentFile = PR_Open(signver.options[opt_InputDataFile].arg, - PR_RDONLY, 0); - if (!contentFile) { - PR_fprintf(PR_STDERR, - "%s: unable to open \"%s\" for reading.\n", - progName, signver.options[opt_InputDataFile].arg); - goto cleanup; - } - } else - contentFile = PR_STDIN; + signver.options[opt_InputDataFile].arg) { + if (PL_strcmp("-", signver.options[opt_InputDataFile].arg)) { + contentFile = PR_Open(signver.options[opt_InputDataFile].arg, + PR_RDONLY, 0); + if (!contentFile) { + PR_fprintf(PR_STDERR, + "%s: unable to open \"%s\" for reading.\n", + progName, signver.options[opt_InputDataFile].arg); + goto cleanup; + } + } else + contentFile = PR_STDIN; } - /* Open the input signature file. */ + /* Open the input signature file. */ if (signver.options[opt_InputSigFile].activated && - signver.options[opt_InputSigFile].arg) { - if (PL_strcmp("-", signver.options[opt_InputSigFile].arg)) { - signFile = PR_Open(signver.options[opt_InputSigFile].arg, - PR_RDONLY, 0); - if (!signFile) { - PR_fprintf(PR_STDERR, - "%s: unable to open \"%s\" for reading.\n", - progName, signver.options[opt_InputSigFile].arg); - goto cleanup; - } - } + signver.options[opt_InputSigFile].arg) { + if (PL_strcmp("-", signver.options[opt_InputSigFile].arg)) { + signFile = PR_Open(signver.options[opt_InputSigFile].arg, + PR_RDONLY, 0); + if (!signFile) { + PR_fprintf(PR_STDERR, + "%s: unable to open \"%s\" for reading.\n", + progName, signver.options[opt_InputSigFile].arg); + goto cleanup; + } + } } if (contentFile == PR_STDIN && signFile == PR_STDIN && doVerify) { - PR_fprintf(PR_STDERR, - "%s: cannot read both content and signature from standard input\n", - progName); - goto cleanup; + PR_fprintf(PR_STDERR, + "%s: cannot read both content and signature from standard input\n", + progName); + goto cleanup; } - /* Open|Create the output file. */ + /* Open|Create the output file. */ if (signver.options[opt_OutputFile].activated) { - outFile = fopen(signver.options[opt_OutputFile].arg, "w"); - if (!outFile) { - PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for writing.\n", - progName, signver.options[opt_OutputFile].arg); - goto cleanup; - } + outFile = fopen(signver.options[opt_OutputFile].arg, "w"); + if (!outFile) { + PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for writing.\n", + progName, signver.options[opt_OutputFile].arg); + goto cleanup; + } } /* read in the input files' contents */ rv = SECU_ReadDERFromFile(&pkcs7der, signFile, - signver.options[opt_ASCII].activated, PR_FALSE); + signver.options[opt_ASCII].activated, PR_FALSE); if (signFile != PR_STDIN) - PR_Close(signFile); + PR_Close(signFile); if (rv != SECSuccess) { - SECU_PrintError(progName, "problem reading PKCS7 input"); - goto cleanup; + SECU_PrintError(progName, "problem reading PKCS7 input"); + goto cleanup; } if (contentFile) { - rv = SECU_FileToItem(&content, contentFile); - if (contentFile != PR_STDIN) - PR_Close(contentFile); - if (rv != SECSuccess) - content.data = NULL; + rv = SECU_FileToItem(&content, contentFile); + if (contentFile != PR_STDIN) + PR_Close(contentFile); + if (rv != SECSuccess) + content.data = NULL; } /* Signature Verification */ if (doVerify) { - SEC_PKCS7ContentInfo *cinfo; - SEC_PKCS7SignedData *signedData; - HASH_HashType digestType; - PRBool contentIsSigned; - - cinfo = SEC_PKCS7DecodeItem(&pkcs7der, NULL, NULL, NULL, NULL, - NULL, NULL, NULL); - if (cinfo == NULL) { - PR_fprintf(PR_STDERR, "Unable to decode PKCS7 data\n"); - goto cleanup; - } - /* below here, goto done */ - - contentIsSigned = SEC_PKCS7ContentIsSigned(cinfo); - if (debugInfo) { - PR_fprintf(PR_STDERR, "Content is%s encrypted.\n", - SEC_PKCS7ContentIsEncrypted(cinfo) ? "" : " not"); - } - if (debugInfo || !contentIsSigned) { - PR_fprintf(PR_STDERR, "Content is%s signed.\n", - contentIsSigned ? "" : " not"); - } - - if (!contentIsSigned) - goto done; - - signedData = cinfo->content.signedData; - - /* assume that there is only one digest algorithm for now */ - digestType = AlgorithmToHashType(signedData->digestAlgorithms[0]); - if (digestType == HASH_AlgNULL) { - PR_fprintf(PR_STDERR, "Invalid hash algorithmID\n"); - goto done; - } - if (content.data) { - SECCertUsage usage = certUsageEmailSigner; - SECItem digest; - unsigned char digestBuffer[HASH_LENGTH_MAX]; - - if (debugInfo) - PR_fprintf(PR_STDERR, "contentToVerify=%s\n", content.data); - - digest.data = digestBuffer; - digest.len = sizeof digestBuffer; - - if (DigestContent(&digest, &content, digestType)) { - SECU_PrintError(progName, "Message digest computation failure"); - goto done; - } - - if (debugInfo) { - unsigned int i; - PR_fprintf(PR_STDERR, "Data Digest=:"); - for (i = 0; i < digest.len; i++) - PR_fprintf(PR_STDERR, "%02x:", digest.data[i]); - PR_fprintf(PR_STDERR, "\n"); - } - - fprintf(outFile, "signatureValid="); - PORT_SetError(0); - if (SEC_PKCS7VerifyDetachedSignature (cinfo, usage, - &digest, digestType, PR_FALSE)) { - fprintf(outFile, "yes"); - } else { - fprintf(outFile, "no"); - if (verbose) { - fprintf(outFile, ":%s", - SECU_Strerror(PORT_GetError())); - } - } - fprintf(outFile, "\n"); - result = 0; - } -done: - SEC_PKCS7DestroyContentInfo(cinfo); + SEC_PKCS7ContentInfo *cinfo; + SEC_PKCS7SignedData *signedData; + HASH_HashType digestType; + PRBool contentIsSigned; + + cinfo = SEC_PKCS7DecodeItem(&pkcs7der, NULL, NULL, NULL, NULL, + NULL, NULL, NULL); + if (cinfo == NULL) { + PR_fprintf(PR_STDERR, "Unable to decode PKCS7 data\n"); + goto cleanup; + } + /* below here, goto done */ + + contentIsSigned = SEC_PKCS7ContentIsSigned(cinfo); + if (debugInfo) { + PR_fprintf(PR_STDERR, "Content is%s encrypted.\n", + SEC_PKCS7ContentIsEncrypted(cinfo) ? "" : " not"); + } + if (debugInfo || !contentIsSigned) { + PR_fprintf(PR_STDERR, "Content is%s signed.\n", + contentIsSigned ? "" : " not"); + } + + if (!contentIsSigned) + goto done; + + signedData = cinfo->content.signedData; + + /* assume that there is only one digest algorithm for now */ + digestType = AlgorithmToHashType(signedData->digestAlgorithms[0]); + if (digestType == HASH_AlgNULL) { + PR_fprintf(PR_STDERR, "Invalid hash algorithmID\n"); + goto done; + } + if (content.data) { + SECCertUsage usage = certUsageEmailSigner; + SECItem digest; + unsigned char digestBuffer[HASH_LENGTH_MAX]; + + if (debugInfo) + PR_fprintf(PR_STDERR, "contentToVerify=%s\n", content.data); + + digest.data = digestBuffer; + digest.len = sizeof digestBuffer; + + if (DigestContent(&digest, &content, digestType)) { + SECU_PrintError(progName, "Message digest computation failure"); + goto done; + } + + if (debugInfo) { + unsigned int i; + PR_fprintf(PR_STDERR, "Data Digest=:"); + for (i = 0; i < digest.len; i++) + PR_fprintf(PR_STDERR, "%02x:", digest.data[i]); + PR_fprintf(PR_STDERR, "\n"); + } + + fprintf(outFile, "signatureValid="); + PORT_SetError(0); + if (SEC_PKCS7VerifyDetachedSignature(cinfo, usage, + &digest, digestType, PR_FALSE)) { + fprintf(outFile, "yes"); + } else { + fprintf(outFile, "no"); + if (verbose) { + fprintf(outFile, ":%s", + SECU_Strerror(PORT_GetError())); + } + } + fprintf(outFile, "\n"); + result = 0; + } + done: + SEC_PKCS7DestroyContentInfo(cinfo); } if (displayAll) { - if (SV_PrintPKCS7ContentInfo(outFile, &pkcs7der)) - result = 1; + if (SV_PrintPKCS7ContentInfo(outFile, &pkcs7der)) + result = 1; } cleanup: @@ -308,7 +308,7 @@ cleanup: SECITEM_FreeItem(&content, PR_FALSE); if (NSS_Shutdown() != SECSuccess) { - result = 1; + result = 1; } return result; diff --git a/nss/cmd/signver/signver.gyp b/nss/cmd/signver/signver.gyp new file mode 100644 index 0000000..9aeb504 --- /dev/null +++ b/nss/cmd/signver/signver.gyp @@ -0,0 +1,26 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'includes': [ + '../../coreconf/config.gypi', + '../../cmd/platlibs.gypi' + ], + 'targets': [ + { + 'target_name': 'signver', + 'type': 'executable', + 'sources': [ + 'pk7print.c', + 'signver.c' + ], + 'dependencies': [ + '<(DEPTH)/exports.gyp:dbm_exports', + '<(DEPTH)/exports.gyp:nss_exports' + ] + } + ], + 'variables': { + 'module': 'nss' + } +}
\ No newline at end of file |