Back to index

lightning-sunbird  0.9+nobinonly
Classes | Defines | Typedefs | Functions | Variables
vfychain.c File Reference
#include <stdio.h>
#include <string.h>
#include "prerror.h"
#include "nssrenam.h"
#include "pk11func.h"
#include "seccomon.h"
#include "secutil.h"
#include "secmod.h"
#include "secitem.h"
#include "cert.h"
#include "nspr.h"
#include "plgetopt.h"
#include "prio.h"
#include "nss.h"

Go to the source code of this file.

Classes

struct  certMemStr

Defines

#define RD_BUF_SIZE   (60 * 1024)

Typedefs

typedef struct certMemStr certMem

Functions

char * myPasswd (PK11SlotInfo *info, PRBool retry, void *arg)
static void Usage (const char *progName)
void errWarn (char *function)
void exitErr (char *function)
void rememberCert (CERTCertificate *cert)
void forgetCerts (void)
CERTCertificate * readCertFile (const char *fileName, PRBool isAscii)
int main (int argc, char *argv[], char *envp[])

Variables

int verbose
char * password = NULL
certMemtheCerts

Class Documentation

struct certMemStr

Definition at line 134 of file vfychain.c.

Collaboration diagram for certMemStr:
Class Members
CERTCertificate * cert
struct certMemStr * next

Define Documentation

#define RD_BUF_SIZE   (60 * 1024)

Definition at line 74 of file vfychain.c.


Typedef Documentation

typedef struct certMemStr certMem

Function Documentation

void errWarn ( char *  function)

Definition at line 114 of file vfychain.c.

{
    PRErrorCode  errorNumber = PR_GetError();
    const char * errorString = SECU_Strerror(errorNumber);

    fprintf(stderr, "Error in function %s: %d\n - %s\n",
                  function, errorNumber, errorString);
}

Here is the call graph for this function:

void exitErr ( char *  function)

Definition at line 124 of file vfychain.c.

{
    errWarn(function);
    /* Exit gracefully. */
    /* ignoring return value of NSS_Shutdown as code exits with 1 anyway*/
    (void) NSS_Shutdown();
    PR_Cleanup();
    exit(1);
}

Here is the call graph for this function:

Definition at line 153 of file vfychain.c.

{
    certMem * oldCertMem;
    while (oldCertMem = theCerts) {
       theCerts = oldCertMem->next;
       CERT_DestroyCertificate(oldCertMem->cert);
       PORT_Free(oldCertMem);
    }
    theCerts = NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int main ( int  argc,
char *  argv[],
char *  envp[] 
)

Definition at line 232 of file vfychain.c.

{
    char *               certDir      = NULL;
    char *               progName     = NULL;
    CERTCertificate *    cert;
    CERTCertificate *    firstCert    = NULL;
    CERTCertDBHandle *   defaultDB    = NULL;
    PRBool               isAscii      = PR_FALSE;
    SECStatus            secStatus;
    SECCertificateUsage  certUsage    = certificateUsageSSLServer;
    PLOptState *         optstate;
    PLOptStatus          status;
    int                  rv = 1;

    PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);

    progName = PL_strdup(argv[0]);

    optstate = PL_CreateOptState(argc, argv, "ad:ru:w:v");
    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
       switch(optstate->option) {
       case  0  : /* positional parameter */  goto breakout;
       case 'a' : isAscii  = PR_TRUE;                        break;
       case 'd' : certDir  = PL_strdup(optstate->value);     break;
       case 'r' : isAscii  = PR_FALSE;                       break;
       case 'u' : certUsage = ((SECCertificateUsage) 1) << PORT_Atoi(optstate->value); break;
       case 'w' : password = PL_strdup(optstate->value);     break;
       case 'v' : verbose++;                                 break;
       default  : Usage(progName);                           break;
       }
    }
breakout:
    if (status != PL_OPT_OK)
       Usage(progName);

    /* Set our password function callback. */
    PK11_SetPasswordFunc(myPasswd);

    /* Initialize the NSS libraries. */
    if (certDir) {
       secStatus = NSS_Init(certDir);
    } else {
       secStatus = NSS_NoDB_Init(NULL);

       /* load the builtins */
       SECMOD_AddNewModule("Builtins", DLL_PREFIX"nssckbi."DLL_SUFFIX, 0, 0);
    }
    if (secStatus != SECSuccess) {
       exitErr("NSS_Init");
    }
    SECU_RegisterDynamicOids();

    while (status == PL_OPT_OK) {
       switch(optstate->option) {
       default  : Usage(progName);                           break;
       case 'a' : isAscii  = PR_TRUE;                        break;
       case 'r' : isAscii  = PR_FALSE;                       break;
       case  0  : /* positional parameter */
           cert = readCertFile(optstate->value, isAscii);
           if (!cert) 
               goto punt;
           rememberCert(cert);
           if (!firstCert)
               firstCert = cert;
           break;
       }
        status = PL_GetNextOpt(optstate);
    }
    if (status == PL_OPT_BAD || !firstCert)
       Usage(progName);

    /* NOW, verify the cert chain. */
    defaultDB = CERT_GetDefaultCertDB();
    secStatus = CERT_VerifyCertificate(defaultDB, firstCert, 
                                PR_TRUE /* check sig */,
                            certUsage, 
                            PR_Now(), 
                            NULL,         /* wincx  */
                            NULL,         /* error log */
                                NULL);          /* returned usages */

    if (secStatus != SECSuccess) {
       PRIntn err = PR_GetError();
       fprintf(stderr, "Chain is bad, %d = %s\n", err, SECU_Strerror(err));
       SECU_printCertProblems(stderr, defaultDB, firstCert, 
                       PR_TRUE, certUsage, NULL, verbose);
       rv = 1;
    } else {
       fprintf(stderr, "Chain is good!\n");
       rv = 0;
    }

punt:
    forgetCerts();
    if (NSS_Shutdown() != SECSuccess) {
       SECU_PrintError(progName, "NSS_Shutdown");
       rv = 1;
    }
    PR_Cleanup();
    return rv;
}

Here is the call graph for this function:

char* myPasswd ( PK11SlotInfo *  info,
PRBool  retry,
void arg 
)

Definition at line 88 of file vfychain.c.

{
    char * passwd = NULL;

    if ( (!retry) && arg ) {
       passwd = PORT_Strdup((char *)arg);
    }
    return passwd;
}

Here is the call graph for this function:

CERTCertificate* readCertFile ( const char *  fileName,
PRBool  isAscii 
)

Definition at line 166 of file vfychain.c.

{
    unsigned char * pb;
    CERTCertificate * cert  = NULL;
    CERTCertDBHandle *defaultDB = NULL;
    PRFileDesc*     fd;
    PRInt32         cc      = -1;
    PRInt32         total;
    PRInt32         remaining;
    SECItem         item;
    static unsigned char certBuf[RD_BUF_SIZE];

    fd = PR_Open(fileName, PR_RDONLY, 0777); 
    if (!fd) {
       PRIntn err = PR_GetError();
       fprintf(stderr, "open of %s failed, %d = %s\n", 
               fileName, err, SECU_Strerror(err));
       return cert;
    }
    /* read until EOF or buffer is full */
    pb = certBuf;
    while (0 < (remaining = (sizeof certBuf) - (pb - certBuf))) {
       cc = PR_Read(fd, pb, remaining);
       if (cc == 0) 
           break;
       if (cc < 0) {
           PRIntn err = PR_GetError();
           fprintf(stderr, "read of %s failed, %d = %s\n", 
               fileName, err, SECU_Strerror(err));
           break;
       }
       /* cc > 0 */
       pb += cc;
    }
    PR_Close(fd);
    if (cc < 0)
       return cert;
    if (!remaining || cc > 0) { /* file was too big. */
       fprintf(stderr, "cert file %s was too big.\n", fileName);
       return cert;
    }
    total = pb - certBuf;
    if (!total) { /* file was empty */
       fprintf(stderr, "cert file %s was empty.\n", fileName);
       return cert;
    }
    if (isAscii) {
       /* convert from Base64 to binary here ... someday */
    }
    item.type = siBuffer;
    item.data = certBuf;
    item.len  = total;
    defaultDB = CERT_GetDefaultCertDB();
    cert = CERT_NewTempCertificate(defaultDB, &item, 
                                   NULL     /* nickname */, 
                                   PR_FALSE /* isPerm */, 
                               PR_TRUE  /* copyDER */);
    if (!cert) {
       PRIntn err = PR_GetError();
       fprintf(stderr, "couldn't import %s, %d = %s\n",
               fileName, err, SECU_Strerror(err));
    }
    return cert;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void rememberCert ( CERTCertificate *  cert)

Definition at line 142 of file vfychain.c.

{
    certMem * newCertMem = PORT_ZNew(certMem);
    if (newCertMem) {
       newCertMem->next = theCerts;
       newCertMem->cert = cert;
       theCerts = newCertMem;
    }
}

Here is the caller graph for this function:

static void Usage ( const char *  progName) [static]

Definition at line 99 of file vfychain.c.

{
    fprintf(stderr, 
           "Usage: %s [-d dbdir] certfile [certfile ...]\n",
            progName);
    exit(1);
}

Here is the call graph for this function:


Variable Documentation

char* password = NULL

Definition at line 78 of file vfychain.c.

Definition at line 139 of file vfychain.c.

Definition at line 76 of file vfychain.c.