Back to index

lightning-sunbird  0.9+nobinonly
Classes | Defines | Typedefs | Enumerations | Functions
secutil.h File Reference
#include "seccomon.h"
#include "secitem.h"
#include "prerror.h"
#include "base64.h"
#include "key.h"
#include "secpkcs7.h"
#include "secasn1.h"
#include "secder.h"
#include <stdio.h>
#include "secerr.h"
#include "sslerr.h"

Go to the source code of this file.

Classes

struct  secuPWData
struct  secuCommandFlag
struct  secuCommand

Defines

#define SEC_CT_PRIVATE_KEY   "private-key"
#define SEC_CT_PUBLIC_KEY   "public-key"
#define SEC_CT_CERTIFICATE   "certificate"
#define SEC_CT_CERTIFICATE_REQUEST   "certificate-request"
#define SEC_CT_PKCS7   "pkcs7"
#define SEC_CT_CRL   "crl"
#define NS_CERTREQ_HEADER   "-----BEGIN NEW CERTIFICATE REQUEST-----"
#define NS_CERTREQ_TRAILER   "-----END NEW CERTIFICATE REQUEST-----"
#define NS_CERT_HEADER   "-----BEGIN CERTIFICATE-----"
#define NS_CERT_TRAILER   "-----END CERTIFICATE-----"
#define NS_CRL_HEADER   "-----BEGIN CRL-----"
#define NS_CRL_TRAILER   "-----END CRL-----"

Typedefs

typedef int(* SECU_PPFunc )(FILE *out, SECItem *item, char *msg, int level)
typedef SECStatus(* EXTEN_EXT_VALUE_ENCODER )(PRArenaPool *extHandleArena, void *value, SECItem *encodedValue)

Enumerations

enum  SignAndEncodeFuncExitStat {
  noKeyFound = 1, noSignatureMatch = 2, failToEncode = 3, failToSign = 4,
  noMem = 5, noKeyFound = 1, noSignatureMatch = 2, failToEncode = 3,
  failToSign = 4, noMem = 5
}

Functions

SECStatus SEC_AddPermCertificate (CERTCertDBHandle *handle, SECItem *derCert, char *nickname, CERTCertTrust *trust)
SECStatus SECU_ChangePW (PK11SlotInfo *slot, char *passwd, char *pwFile)
PRBool SEC_CheckPassword (char *password)
PRBool SEC_BlindCheckPassword (char *password)
char * SEC_GetPassword (FILE *in, FILE *out, char *msg, PRBool(*chkpw)(char *))
char * SECU_FilePasswd (PK11SlotInfo *slot, PRBool retry, void *arg)
char * SECU_GetPasswordString (void *arg, char *prompt)
SECStatus SEC_WriteDongleFile (int fd, char *pw)
char * SEC_ReadDongleFile (int fd)
char * SECU_AppendFilenameToDir (char *dir, char *filename)
char * SECU_DefaultSSLDir (void)
char * SECU_ConfigDirectory (const char *base)
int SECU_GetClientAuthData (void *arg, PRFileDesc *fd, struct CERTDistNamesStr *caNames, struct CERTCertificateStr **pRetCert, struct SECKEYPrivateKeyStr **pRetKey)
void SECU_PrintError (char *progName, char *msg,...)
void SECU_PrintSystemError (char *progName, char *msg,...)
const char * SECU_Strerror (PRErrorCode errNum)
void SECU_printCertProblems (FILE *outfile, CERTCertDBHandle *handle, CERTCertificate *cert, PRBool checksig, SECCertificateUsage certUsage, void *pinArg, PRBool verbose)
SECStatus SECU_FileToItem (SECItem *dst, PRFileDesc *src)
SECStatus SECU_TextFileToItem (SECItem *dst, PRFileDesc *src)
SECStatus SECU_ReadDERFromFile (SECItem *der, PRFileDesc *inFile, PRBool ascii)
void SECU_Indent (FILE *out, int level)
void SECU_PrintInteger (FILE *out, SECItem *i, char *m, int level)
SECOidTag SECU_PrintObjectID (FILE *out, SECItem *oid, char *m, int level)
void SECU_PrintAlgorithmID (FILE *out, SECAlgorithmID *a, char *m, int level)
void SECU_PrintAsHex (FILE *out, SECItem *i, const char *m, int level)
void SECU_PrintBuf (FILE *out, const char *msg, const void *vp, int len)
void SECU_PrintUTCTime (FILE *out, SECItem *t, char *m, int level)
void SECU_PrintGeneralizedTime (FILE *out, SECItem *t, char *m, int level)
void SECU_PrintTimeChoice (FILE *out, SECItem *t, char *m, int level)
SECStatus SECU_PrintCertNickname (CERTCertListNode *cert, void *data)
SECStatus SECU_PrintCertificateNames (CERTCertDBHandle *handle, PRFileDesc *out, PRBool sortByName, PRBool sortByTrust)
int SECU_CheckCertNameExists (CERTCertDBHandle *handle, char *nickname)
int SECU_PrintCertificateRequest (FILE *out, SECItem *der, char *m, int level)
int SECU_PrintCertificate (FILE *out, SECItem *der, char *m, int level)
void SECU_PrintTrustFlags (FILE *out, CERTCertTrust *trust, char *m, int level)
int SECU_PrintPublicKey (FILE *out, SECItem *der, char *m, int level)
int SECU_PrintFingerprints (FILE *out, SECItem *derCert, char *m, int level)
int SECU_PrintPKCS7ContentInfo (FILE *out, SECItem *der, char *m, int level)
SECStatus SECU_PKCS11Init (PRBool readOnly)
int SECU_PrintSignedData (FILE *out, SECItem *der, char *m, int level, SECU_PPFunc inner)
int SECU_PrintCrl (FILE *out, SECItem *der, char *m, int level)
void SECU_PrintCRLInfo (FILE *out, CERTCrl *crl, char *m, int level)
void SECU_PrintString (FILE *out, SECItem *si, char *m, int level)
void SECU_PrintAny (FILE *out, SECItem *i, char *m, int level)
void SECU_PrintPolicy (FILE *out, SECItem *value, char *msg, int level)
void SECU_PrintPrivKeyUsagePeriodExtension (FILE *out, SECItem *value, char *msg, int level)
void SECU_PrintExtensions (FILE *out, CERTCertExtension **extensions, char *msg, int level)
void SECU_PrintName (FILE *out, CERTName *name, char *msg, int level)
char * SECU_GetModulePassword (PK11SlotInfo *slot, PRBool retry, void *arg)
SECStatus DER_PrettyPrint (FILE *out, SECItem *it, PRBool raw)
void SEC_Init (void)
char * SECU_SECModDBName (void)
void SECU_PrintPRandOSError (char *progName)
SECStatus SECU_RegisterDynamicOids (void)
SECOidTag SECU_StringToSignatureAlgTag (const char *alg)
SECStatus SECU_StoreCRL (PK11SlotInfo *slot, SECItem *derCrl, PRFileDesc *outFile, int ascii, char *url)
SECStatus SECU_DerSignDataCRL (PRArenaPool *arena, CERTSignedData *sd, unsigned char *buf, int len, SECKEYPrivateKey *pk, SECOidTag algID)
SECStatus SECU_SignAndEncodeCRL (CERTCertificate *issuer, CERTSignedCrl *signCrl, SECOidTag hashAlgTag, SignAndEncodeFuncExitStat *resCode)
SECStatus SECU_CopyCRL (PRArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl)
CERTAuthKeyID * SECU_FindCRLAuthKeyIDExten (PRArenaPool *arena, CERTSignedCrl *crl)
CERTCertificate * SECU_FindCrlIssuer (CERTCertDBHandle *dbHandle, SECItem *subject, CERTAuthKeyID *id, PRTime validTime)
SECStatus SECU_EncodeAndAddExtensionValue (PRArenaPool *arena, void *extHandle, void *value, PRBool criticality, int extenType, EXTEN_EXT_VALUE_ENCODER EncodeValueFn)
SECStatus SECU_ParseCommandLine (int argc, char **argv, char *progName, secuCommand *cmd)
char * SECU_GetOptionArg (secuCommand *cmd, int optionNum)
char * SECU_ErrorString (int16 err)
char * SECU_ErrorStringRaw (int16 err)
void printflags (char *trusts, unsigned int flags)
int ffs (unsigned int i)

Class Documentation

struct secuCommandFlag

Definition at line 378 of file secutil.h.

Class Members
PRBool activated
char * arg
char flag
PRBool needsArg
struct secuCommand

Definition at line 386 of file secutil.h.

Collaboration diagram for secuCommand:
Class Members
secuCommandFlag * commands
int numCommands
int numOptions
secuCommandFlag * options

Define Documentation

#define NS_CERT_HEADER   "-----BEGIN CERTIFICATE-----"

Definition at line 59 of file secutil.h.

#define NS_CERT_TRAILER   "-----END CERTIFICATE-----"

Definition at line 60 of file secutil.h.

#define NS_CERTREQ_HEADER   "-----BEGIN NEW CERTIFICATE REQUEST-----"

Definition at line 56 of file secutil.h.

#define NS_CERTREQ_TRAILER   "-----END NEW CERTIFICATE REQUEST-----"

Definition at line 57 of file secutil.h.

#define NS_CRL_HEADER   "-----BEGIN CRL-----"

Definition at line 62 of file secutil.h.

#define NS_CRL_TRAILER   "-----END CRL-----"

Definition at line 63 of file secutil.h.

#define SEC_CT_CERTIFICATE   "certificate"

Definition at line 51 of file secutil.h.

Definition at line 52 of file secutil.h.

#define SEC_CT_CRL   "crl"

Definition at line 54 of file secutil.h.

#define SEC_CT_PKCS7   "pkcs7"

Definition at line 53 of file secutil.h.

#define SEC_CT_PRIVATE_KEY   "private-key"

Definition at line 49 of file secutil.h.

#define SEC_CT_PUBLIC_KEY   "public-key"

Definition at line 50 of file secutil.h.


Typedef Documentation

typedef SECStatus(* EXTEN_EXT_VALUE_ENCODER)(PRArenaPool *extHandleArena, void *value, SECItem *encodedValue)

Definition at line 361 of file secutil.h.

typedef int(* SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level)

Definition at line 74 of file secutil.h.


Enumeration Type Documentation

Enumerator:
noKeyFound 
noSignatureMatch 
failToEncode 
failToSign 
noMem 
noKeyFound 
noSignatureMatch 
failToEncode 
failToSign 
noMem 

Definition at line 329 of file secutil.h.


Function Documentation

SECStatus DER_PrettyPrint ( FILE out,
SECItem *  it,
PRBool  raw 
)

Definition at line 612 of file derprint.c.

{
    int rv;

    prettyColumn = -1;

    rv = prettyPrintItem(out, it->data, it->data + it->len, 0, raw);
    if (rv < 0)
       return SECFailure;
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int ffs ( unsigned int  i)
void printflags ( char *  trusts,
unsigned int  flags 
)

Definition at line 2135 of file secutil.c.

{
    if (flags & CERTDB_VALID_CA)
       if (!(flags & CERTDB_TRUSTED_CA) &&
           !(flags & CERTDB_TRUSTED_CLIENT_CA))
           PORT_Strcat(trusts, "c");
    if (flags & CERTDB_VALID_PEER)
       if (!(flags & CERTDB_TRUSTED))
           PORT_Strcat(trusts, "p");
    if (flags & CERTDB_TRUSTED_CA)
       PORT_Strcat(trusts, "C");
    if (flags & CERTDB_TRUSTED_CLIENT_CA)
       PORT_Strcat(trusts, "T");
    if (flags & CERTDB_TRUSTED)
       PORT_Strcat(trusts, "P");
    if (flags & CERTDB_USER)
       PORT_Strcat(trusts, "u");
    if (flags & CERTDB_SEND_WARN)
       PORT_Strcat(trusts, "w");
    if (flags & CERTDB_INVISIBLE_CA)
       PORT_Strcat(trusts, "I");
    if (flags & CERTDB_GOVT_APPROVED_CA)
       PORT_Strcat(trusts, "G");
    return;
}

Here is the caller graph for this function:

SECStatus SEC_AddPermCertificate ( CERTCertDBHandle *  handle,
SECItem *  derCert,
char *  nickname,
CERTCertTrust *  trust 
)
PRBool SEC_BlindCheckPassword ( char *  password)

Definition at line 154 of file secpwd.c.

{
    if (cp != NULL) {
       return PR_TRUE;
    }
    return PR_FALSE;
}

Here is the caller graph for this function:

PRBool SEC_CheckPassword ( char *  password)

Definition at line 133 of file secpwd.c.

{
    int len;
    char *end;

    len = PORT_Strlen(cp);
    if (len < 8) {
       return PR_FALSE;
    }
    end = cp + len;
    while (cp < end) {
       unsigned char ch = *cp++;
       if (!((ch >= 'A') && (ch <= 'Z')) &&
           !((ch >= 'a') && (ch <= 'z'))) {
           /* pass phrase has at least one non alphabetic in it */
           return PR_TRUE;
       }
    }
    return PR_FALSE;
}
char* SEC_GetPassword ( FILE in,
FILE out,
char *  msg,
PRBool(*)(char *)  chkpw 
)

Definition at line 88 of file secpwd.c.

{
#if defined(_WINDOWS)
    int isTTY = (input == stdin);
#define echoOn(x)
#define echoOff(x)
#else
    int infd  = fileno(input);
    int isTTY = isatty(infd);
#endif
    char phrase[200] = {'\0'};      /* ensure EOF doesn't return junk */

    for (;;) {
       /* Prompt for password */
       if (isTTY) {
           fprintf(output, "%s", prompt);
            fflush (output);
           echoOff(infd);
       }

       QUIET_FGETS ( phrase, sizeof(phrase), input);

       if (isTTY) {
           fprintf(output, "\n");
           echoOn(infd);
       }

       /* stomp on newline */
       phrase[PORT_Strlen(phrase)-1] = 0;

       /* Validate password */
       if (!(*ok)(phrase)) {
           /* Not weird enough */
           if (!isTTY) return 0;
           fprintf(output, "Password must be at least 8 characters long with one or more\n");
           fprintf(output, "non-alphabetic characters\n");
           continue;
       }
       return (char*) PORT_Strdup(phrase);
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 43 of file secinit.c.

{
    /* PR_Init() must be called before SEC_Init() */
#if !defined(SERVER_BUILD)
    PORT_Assert(PR_Initialized() == PR_TRUE);
#endif
    if (sec_inited)
       return;

    sec_inited = 1;
}
char* SEC_ReadDongleFile ( int  fd)
SECStatus SEC_WriteDongleFile ( int  fd,
char *  pw 
)
char* SECU_AppendFilenameToDir ( char *  dir,
char *  filename 
)

Definition at line 451 of file secutil.c.

{
    static char path[1000];

    if (dir[strlen(dir)-1] == '/')
       sprintf(path, "%s%s", dir, filename);
    else
       sprintf(path, "%s/%s", dir, filename);
    return path;
}
SECStatus SECU_ChangePW ( PK11SlotInfo *  slot,
char *  passwd,
char *  pwFile 
)

Definition at line 364 of file secutil.c.

{
    SECStatus rv;
    secuPWData pwdata, newpwdata;
    char *oldpw = NULL, *newpw = NULL;

    if (passwd) {
       pwdata.source = PW_PLAINTEXT;
       pwdata.data = passwd;
    } else if (pwFile) {
       pwdata.source = PW_FROMFILE;
       pwdata.data = pwFile;
    } else {
       pwdata.source = PW_NONE;
       pwdata.data = NULL;
    }

    if (PK11_NeedUserInit(slot)) {
       newpw = secu_InitSlotPassword(slot, PR_FALSE, &pwdata);
       rv = PK11_InitPin(slot, (char*)NULL, newpw);
       goto done;
    }

    for (;;) {
       oldpw = SECU_GetModulePassword(slot, PR_FALSE, &pwdata);

       if (PK11_CheckUserPassword(slot, oldpw) != SECSuccess) {
           if (pwdata.source == PW_NONE) {
              PR_fprintf(PR_STDERR, "Invalid password.  Try again.\n");
           } else {
              PR_fprintf(PR_STDERR, "Invalid password.\n");
              PORT_Memset(oldpw, 0, PL_strlen(oldpw));
              PORT_Free(oldpw);
              return SECFailure;
           }
       } else
           break;

       PORT_Free(oldpw);
    }

    newpwdata.source = PW_NONE;
    newpwdata.data = NULL;

    newpw = secu_InitSlotPassword(slot, PR_FALSE, &newpwdata);

    if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) {
       PR_fprintf(PR_STDERR, "Failed to change password.\n");
       return SECFailure;
    }

    PORT_Memset(oldpw, 0, PL_strlen(oldpw));
    PORT_Free(oldpw);

    PR_fprintf(PR_STDOUT, "Password changed successfully.\n");

done:
    PORT_Memset(newpw, 0, PL_strlen(newpw));
    PORT_Free(newpw);
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int SECU_CheckCertNameExists ( CERTCertDBHandle *  handle,
char *  nickname 
)
char* SECU_ConfigDirectory ( const char *  base)

Definition at line 463 of file secutil.c.

{
    static PRBool initted = PR_FALSE;
    const char *dir = ".netscape";
    char *home;
    static char buf[1000];

    if (initted) return buf;
    

    if (base == NULL || *base == 0) {
       home = PR_GetEnv("HOME");
       if (!home) home = "";

       if (*home && home[strlen(home) - 1] == '/')
           sprintf (buf, "%.900s%s", home, dir);
       else
           sprintf (buf, "%.900s/%s", home, dir);
    } else {
       sprintf(buf, "%.900s", base);
       if (buf[strlen(buf) - 1] == '/')
           buf[strlen(buf) - 1] = 0;
    }


    initted = PR_TRUE;
    return buf;
}

Here is the caller graph for this function:

SECStatus SECU_CopyCRL ( PRArenaPool destArena,
CERTCrl *  destCrl,
CERTCrl *  srcCrl 
)

Definition at line 3486 of file secutil.c.

{
    void *dummy;
    SECStatus rv = SECSuccess;
    SECItem der;

    PORT_Assert(destArena && srcCrl && destCrl);
    if (!destArena || !srcCrl || !destCrl) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    der.len = 0;
    der.data = NULL;
    dummy = SEC_ASN1EncodeItem (destArena, &der, srcCrl,
                                SEC_ASN1_GET(CERT_CrlTemplate));
    if (!dummy) {
        return SECFailure;
    }

    rv = SEC_QuickDERDecodeItem(destArena, destCrl,
                                SEC_ASN1_GET(CERT_CrlTemplate), &der);
    if (rv != SECSuccess) {
        return SECFailure;
    }
    
    destCrl->arena = destArena;

    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

char* SECU_DefaultSSLDir ( void  )

Definition at line 433 of file secutil.c.

{
    char *dir;
    static char sslDir[1000];

    dir = PR_GetEnv("SSL_DIR");
    if (!dir)
       return NULL;

    sprintf(sslDir, "%s", dir);

    if (sslDir[strlen(sslDir)-1] == '/')
       sslDir[strlen(sslDir)-1] = 0;

    return sslDir;
}

Here is the caller graph for this function:

SECStatus SECU_DerSignDataCRL ( PRArenaPool arena,
CERTSignedData *  sd,
unsigned char *  buf,
int  len,
SECKEYPrivateKey *  pk,
SECOidTag  algID 
)

Definition at line 3518 of file secutil.c.

{
    SECItem it;
    SECStatus rv;

    it.data = 0;

    /* XXX We should probably have some asserts here to make sure the key type
     * and algID match
     */

    /* Sign input buffer */
    rv = SEC_SignData(&it, buf, len, pk, algID);
    if (rv) goto loser;

    /* Fill out SignedData object */
    PORT_Memset(sd, 0, sizeof(sd));
    sd->data.data = buf;
    sd->data.len = len;
    sd->signature.data = it.data;
    sd->signature.len = it.len << 3;             /* convert to bit string */
    if (!sd->signatureAlgorithm.parameters.data) {
        rv = SECOID_SetAlgorithmID(arena, &sd->signatureAlgorithm, algID, 0);
        if (rv) goto loser;
    }

    return rv;

  loser:
    PORT_Free(it.data);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SECU_EncodeAndAddExtensionValue ( PRArenaPool arena,
void extHandle,
void value,
PRBool  criticality,
int  extenType,
EXTEN_EXT_VALUE_ENCODER  EncodeValueFn 
)

Definition at line 3635 of file secutil.c.

{
    SECItem encodedValue;
    SECStatus rv;

    encodedValue.data = NULL;
    encodedValue.len = 0;
    do {
        rv = (*EncodeValueFn)(arena, value, &encodedValue);
        if (rv != SECSuccess)
            break;

        rv = CERT_AddExtension(extHandle, extenType, &encodedValue,
                               criticality, PR_TRUE);
        if (rv != SECSuccess)
            break;
    } while (0);

    return (rv);
}

Here is the call graph for this function:

Here is the caller graph for this function:

char* SECU_ErrorString ( int16  err)

Definition at line 3192 of file secutil.c.

{
    char *error_string;

    *SECUErrorBuf = 0;
    SECU_ErrorStringRaw (err);

    if (*SECUErrorBuf == 0) { 
       error_string = SECU_GetString(err);
       if (error_string == NULL || *error_string == '\0') 
           sprintf(SECUErrorBuf, "No error string found for %d.",  err);
       else
           return error_string;
    }

    return SECUErrorBuf;
}

Here is the call graph for this function:

Here is the caller graph for this function:

char* SECU_ErrorStringRaw ( int16  err)

Definition at line 3096 of file secutil.c.

{
    if (err == 0)
       SECUErrorBuf[0] = '\0';
    else if (err == SEC_ERROR_BAD_DATA)
       sprintf(SECUErrorBuf, "Bad data");
    else if (err == SEC_ERROR_BAD_DATABASE)
       sprintf(SECUErrorBuf, "Problem with database");
    else if (err == SEC_ERROR_BAD_DER)
       sprintf(SECUErrorBuf, "Problem with DER");
    else if (err == SEC_ERROR_BAD_KEY)
       sprintf(SECUErrorBuf, "Problem with key");
    else if (err == SEC_ERROR_BAD_PASSWORD)
       sprintf(SECUErrorBuf, "Incorrect password");
    else if (err == SEC_ERROR_BAD_SIGNATURE)
       sprintf(SECUErrorBuf, "Bad signature");
    else if (err == SEC_ERROR_EXPIRED_CERTIFICATE)
       sprintf(SECUErrorBuf, "Expired certificate");
    else if (err == SEC_ERROR_EXTENSION_VALUE_INVALID)
       sprintf(SECUErrorBuf, "Invalid extension value");
    else if (err == SEC_ERROR_INPUT_LEN)
       sprintf(SECUErrorBuf, "Problem with input length");
    else if (err == SEC_ERROR_INVALID_ALGORITHM)
       sprintf(SECUErrorBuf, "Invalid algorithm");
    else if (err == SEC_ERROR_INVALID_ARGS)
       sprintf(SECUErrorBuf, "Invalid arguments");
    else if (err == SEC_ERROR_INVALID_AVA)
       sprintf(SECUErrorBuf, "Invalid AVA");
    else if (err == SEC_ERROR_INVALID_TIME)
       sprintf(SECUErrorBuf, "Invalid time");
    else if (err == SEC_ERROR_IO)
       sprintf(SECUErrorBuf, "Security I/O error");
    else if (err == SEC_ERROR_LIBRARY_FAILURE)
       sprintf(SECUErrorBuf, "Library failure");
    else if (err == SEC_ERROR_NO_MEMORY)
       sprintf(SECUErrorBuf, "Out of memory");
    else if (err == SEC_ERROR_OLD_CRL)
       sprintf(SECUErrorBuf, "CRL is older than the current one");
    else if (err == SEC_ERROR_OUTPUT_LEN)
       sprintf(SECUErrorBuf, "Problem with output length");
    else if (err == SEC_ERROR_UNKNOWN_ISSUER)
       sprintf(SECUErrorBuf, "Unknown issuer");
    else if (err == SEC_ERROR_UNTRUSTED_CERT)
       sprintf(SECUErrorBuf, "Untrusted certificate");
    else if (err == SEC_ERROR_UNTRUSTED_ISSUER)
       sprintf(SECUErrorBuf, "Untrusted issuer");
    else if (err == SSL_ERROR_BAD_CERTIFICATE)
       sprintf(SECUErrorBuf, "Bad certificate");
    else if (err == SSL_ERROR_BAD_CLIENT)
       sprintf(SECUErrorBuf, "Bad client");
    else if (err == SSL_ERROR_BAD_SERVER)
       sprintf(SECUErrorBuf, "Bad server");
    else if (err == SSL_ERROR_EXPORT_ONLY_SERVER)
       sprintf(SECUErrorBuf, "Export only server");
    else if (err == SSL_ERROR_NO_CERTIFICATE)
       sprintf(SECUErrorBuf, "No certificate");
    else if (err == SSL_ERROR_NO_CYPHER_OVERLAP)
       sprintf(SECUErrorBuf, "No cypher overlap");
    else if (err == SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE)
       sprintf(SECUErrorBuf, "Unsupported certificate type");
    else if (err == SSL_ERROR_UNSUPPORTED_VERSION)
       sprintf(SECUErrorBuf, "Unsupported version");
    else if (err == SSL_ERROR_US_ONLY_SERVER)
       sprintf(SECUErrorBuf, "U.S. only server");
    else if (err == PR_IO_ERROR)
       sprintf(SECUErrorBuf, "I/O error");

    else if (err == SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE)
        sprintf (SECUErrorBuf, "Expired Issuer Certificate");
    else if (err == SEC_ERROR_REVOKED_CERTIFICATE)
        sprintf (SECUErrorBuf, "Revoked certificate");
    else if (err == SEC_ERROR_NO_KEY)
        sprintf (SECUErrorBuf, "No private key in database for this cert");
    else if (err == SEC_ERROR_CERT_NOT_VALID)
        sprintf (SECUErrorBuf, "Certificate is not valid");
    else if (err == SEC_ERROR_EXTENSION_NOT_FOUND)
        sprintf (SECUErrorBuf, "Certificate extension was not found");
    else if (err == SEC_ERROR_EXTENSION_VALUE_INVALID)
        sprintf (SECUErrorBuf, "Certificate extension value invalid");
    else if (err == SEC_ERROR_CA_CERT_INVALID)
        sprintf (SECUErrorBuf, "Issuer certificate is invalid");
    else if (err == SEC_ERROR_CERT_USAGES_INVALID)
        sprintf (SECUErrorBuf, "Certificate usages is invalid");
    else if (err == SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION)
        sprintf (SECUErrorBuf, "Certificate has unknown critical extension");
    else if (err == SEC_ERROR_PKCS7_BAD_SIGNATURE)
        sprintf (SECUErrorBuf, "Bad PKCS7 signature");
    else if (err == SEC_ERROR_INADEQUATE_KEY_USAGE)
        sprintf (SECUErrorBuf, "Certificate not approved for this operation");
    else if (err == SEC_ERROR_INADEQUATE_CERT_TYPE)
        sprintf (SECUErrorBuf, "Certificate not approved for this operation");

    return SECUErrorBuf;
}

Here is the caller graph for this function:

char* SECU_FilePasswd ( PK11SlotInfo *  slot,
PRBool  retry,
void arg 
)

Definition at line 213 of file secutil.c.

{
    unsigned char phrase[200];
    PRFileDesc *fd;
    PRInt32 nb;
    char *pwFile = arg;
    int i;

    if (!pwFile)
       return 0;

    if (retry) {
       return 0;  /* no good retrying - the files contents will be the same */
    } 
 
    fd = PR_Open(pwFile, PR_RDONLY, 0);
    if (!fd) {
       fprintf(stderr, "No password file \"%s\" exists.\n", pwFile);
       return NULL;
    }

    nb = PR_Read(fd, phrase, sizeof(phrase));
  
    PR_Close(fd);
    /* handle the Windows EOL case */
    i = 0;
    while (phrase[i] != '\r' && phrase[i] != '\n' && i < nb) i++;
    phrase[i] = '\0';
    if (nb == 0) {
       fprintf(stderr,"password file contains no data\n");
       return NULL;
    }
    return (char*) PORT_Strdup((char*)phrase);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SECU_FileToItem ( SECItem *  dst,
PRFileDesc src 
)

Definition at line 575 of file secutil.c.

{
    PRFileInfo info;
    PRInt32 numBytes;
    PRStatus prStatus;

    if (src == PR_STDIN)
       return secu_StdinToItem(dst);

    prStatus = PR_GetOpenFileInfo(src, &info);

    if (prStatus != PR_SUCCESS) {
       PORT_SetError(SEC_ERROR_IO);
       return SECFailure;
    }

    /* XXX workaround for 3.1, not all utils zero dst before sending */
    dst->data = 0;
    if (!SECITEM_AllocItem(NULL, dst, info.size))
       goto loser;

    numBytes = PR_Read(src, dst->data, info.size);
    if (numBytes != info.size) {
       PORT_SetError(SEC_ERROR_IO);
       goto loser;
    }

    return SECSuccess;
loser:
    SECITEM_FreeItem(dst, PR_FALSE);
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

CERTAuthKeyID* SECU_FindCRLAuthKeyIDExten ( PRArenaPool arena,
CERTSignedCrl *  crl 
)
CERTCertificate* SECU_FindCrlIssuer ( CERTCertDBHandle *  dbHandle,
SECItem *  subject,
CERTAuthKeyID *  id,
PRTime  validTime 
)

Definition at line 3595 of file secutil.c.

{
    CERTCertificate *issuerCert = NULL;
    CERTCertList *certList = NULL;

    if (!subject) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return NULL;
    }

    certList =
        CERT_CreateSubjectCertList(NULL, dbhandle, subject,
                                   validTime, PR_TRUE);
    if (certList) {
        CERTCertListNode *node = CERT_LIST_HEAD(certList);
    
        /* XXX and authoritykeyid in the future */
        while ( ! CERT_LIST_END(node, certList) ) {
            CERTCertificate *cert = node->cert;
            /* check cert CERTCertTrust data is allocated, check cert
               usage extension, check that cert has pkey in db. Select
               the first (newest) user cert */
            if (cert->trust &&
                CERT_CheckCertUsage(cert, KU_CRL_SIGN) == SECSuccess &&
                CERT_IsUserCert(cert)) {
                
                issuerCert = CERT_DupCertificate(cert);
                break;
            }
            node = CERT_LIST_NEXT(node);   
        }
        CERT_DestroyCertList(certList);
    }
    return(issuerCert);
}

Here is the call graph for this function:

Here is the caller graph for this function:

int SECU_GetClientAuthData ( void arg,
PRFileDesc fd,
struct CERTDistNamesStr caNames,
struct CERTCertificateStr **  pRetCert,
struct SECKEYPrivateKeyStr **  pRetKey 
)

Definition at line 495 of file secutil.c.

{
    SECKEYPrivateKey *key;
    CERTCertificate *cert;
    int errsave;

    if (arg == NULL) {
        fprintf(stderr, "no key/cert name specified for client auth\n");
        return -1;
    }
    cert = PK11_FindCertFromNickname(arg, NULL);
    errsave = PORT_GetError();
    if (!cert) {
        if (errsave == SEC_ERROR_BAD_PASSWORD)
            fprintf(stderr, "Bad password\n");
        else if (errsave > 0)
            fprintf(stderr, "Unable to read cert (error %d)\n", errsave);
        else if (errsave == SEC_ERROR_BAD_DATABASE)
            fprintf(stderr, "Unable to get cert from database (%d)\n", errsave);
        else
            fprintf(stderr, "SECKEY_FindKeyByName: internal error %d\n", errsave);
        return -1;
    }

    key = PK11_FindKeyByAnyCert(arg,NULL);
    if (!key) {
        fprintf(stderr, "Unable to get key (%d)\n", PORT_GetError());
        return -1;
    }


    *pRetCert = cert;
    *pRetKey = key;

    return 0;
}

Here is the call graph for this function:

char* SECU_GetModulePassword ( PK11SlotInfo *  slot,
PRBool  retry,
void arg 
)

Definition at line 249 of file secutil.c.

{
    char prompt[255];
    secuPWData *pwdata = (secuPWData *)arg;
    secuPWData pwnull = { PW_NONE, 0 };
    secuPWData pwxtrn = { PW_EXTERNAL, "external" };
    char *pw;

    if (pwdata == NULL)
       pwdata = &pwnull;

    if (PK11_ProtectedAuthenticationPath(slot)) {
       pwdata = &pwxtrn;
    }
    if (retry && pwdata->source != PW_NONE) {
       PR_fprintf(PR_STDERR, "Incorrect password/PIN entered.\n");
       return NULL;
    }

    switch (pwdata->source) {
    case PW_NONE:
       sprintf(prompt, "Enter Password or Pin for \"%s\":",
                        PK11_GetTokenName(slot));
       return SECU_GetPasswordString(NULL, prompt);
    case PW_FROMFILE:
       /* Instead of opening and closing the file every time, get the pw
        * once, then keep it in memory (duh).
        */
       pw = SECU_FilePasswd(slot, retry, pwdata->data);
       pwdata->source = PW_PLAINTEXT;
       pwdata->data = PL_strdup(pw);
       /* it's already been dup'ed */
       return pw;
    case PW_EXTERNAL:
       sprintf(prompt, 
               "Press Enter, then enter PIN for \"%s\" on external device.\n",
              PK11_GetTokenName(slot));
       (void) SECU_GetPasswordString(NULL, prompt);
       /* Fall Through */
    case PW_PLAINTEXT:
       return PL_strdup(pwdata->data);
    default:
       break;
    }

    PR_fprintf(PR_STDERR, "Password check failed:  No password found.\n");
    return NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

char* SECU_GetOptionArg ( secuCommand cmd,
int  optionNum 
)

Definition at line 3083 of file secutil.c.

{
       if (optionNum < 0 || optionNum >= cmd->numOptions)
              return NULL;
       if (cmd->options[optionNum].activated)
              return PL_strdup(cmd->options[optionNum].arg);
       else
              return NULL;
}

Here is the caller graph for this function:

char* SECU_GetPasswordString ( void arg,
char *  prompt 
)

Definition at line 164 of file secutil.c.

{
#ifndef _WINDOWS
    char *p = NULL;
    FILE *input, *output;

    /* open terminal */
    input = fopen(consoleName, "r");
    if (input == NULL) {
       fprintf(stderr, "Error opening input terminal for read\n");
       return NULL;
    }

    output = fopen(consoleName, "w");
    if (output == NULL) {
       fprintf(stderr, "Error opening output terminal for write\n");
       return NULL;
    }

    p = SEC_GetPassword (input, output, prompt, SEC_BlindCheckPassword);
        

    fclose(input);
    fclose(output);

    return p;

#else
    /* Win32 version of above. opening the console may fail
       on windows95, and certainly isn't necessary.. */

    char *p = NULL;

    p = SEC_GetPassword (stdin, stdout, prompt, SEC_BlindCheckPassword);
    return p;

#endif
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SECU_Indent ( FILE out,
int  level 
)

Definition at line 716 of file secutil.c.

{
    int i;

    for (i = 0; i < level; i++) {
       fprintf(out, "    ");
    }
}

Here is the call graph for this function:

SECStatus SECU_ParseCommandLine ( int  argc,
char **  argv,
char *  progName,
secuCommand cmd 
)

Definition at line 3016 of file secutil.c.

{
    PRBool found;
    PLOptState *optstate;
    PLOptStatus status;
    char *optstring;
    int i, j;

    optstring = (char *)malloc(cmd->numCommands + 2*cmd->numOptions);
    j = 0;

    for (i=0; i<cmd->numCommands; i++) {
       optstring[j++] = cmd->commands[i].flag;
    }
    for (i=0; i<cmd->numOptions; i++) {
       optstring[j++] = cmd->options[i].flag;
       if (cmd->options[i].needsArg)
           optstring[j++] = ':';
    }
    optstring[j] = '\0';
    optstate = PL_CreateOptState(argc, argv, optstring);

    /* Parse command line arguments */
    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {

       /*  Wasn't really an option, just standalone arg.  */
       if (optstate->option == '\0')
           continue;

       found = PR_FALSE;

       for (i=0; i<cmd->numCommands; i++) {
           if (cmd->commands[i].flag == optstate->option) {
              cmd->commands[i].activated = PR_TRUE;
              if (optstate->value) {
                  cmd->commands[i].arg = (char *)optstate->value;
              }
              found = PR_TRUE;
              break;
           }
       }

       if (found)
           continue;

       for (i=0; i<cmd->numOptions; i++) {
           if (cmd->options[i].flag == optstate->option) {
              cmd->options[i].activated = PR_TRUE;
              if (optstate->value) {
                  cmd->options[i].arg = (char *)optstate->value;
              } else if (cmd->options[i].needsArg) {
                    return SECFailure;
                }
              found = PR_TRUE;
              break;
           }
       }

       if (!found)
           return SECFailure;
    }
    if (status == PL_OPT_BAD)
       return SECFailure;
    return SECSuccess;
}

Here is the caller graph for this function:

void SECU_PrintAlgorithmID ( FILE out,
SECAlgorithmID *  a,
char *  m,
int  level 
)

Definition at line 1408 of file secutil.c.

{
    SECU_PrintObjectID(out, &a->algorithm, m, level);

    if (a->parameters.len == 0
       || (a->parameters.len == 2
           && PORT_Memcmp(a->parameters.data, "\005\000", 2) == 0)) {
       /* No arguments or NULL argument */
    } else {
       /* Print args to algorithm */
       SECU_PrintAsHex(out, &a->parameters, "Args", level+1);
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SECU_PrintAny ( FILE out,
SECItem *  i,
char *  m,
int  level 
)

Definition at line 1350 of file secutil.c.

{
    if ( i && i->len && i->data ) {
       switch (i->data[0] & SEC_ASN1_CLASS_MASK) {
       case SEC_ASN1_CONTEXT_SPECIFIC:
           secu_PrintContextSpecific(out, i, m, level);
           break;
       case SEC_ASN1_UNIVERSAL:
           secu_PrintUniversal(out, i, m, level);
           break;
       default:
           SECU_PrintAsHex(out, i, m, level);
           break;
       }
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SECU_PrintAsHex ( FILE out,
SECItem *  i,
const char *  m,
int  level 
)

Definition at line 731 of file secutil.c.

{
    unsigned i;
    int column;
    PRBool isString     = PR_TRUE;
    PRBool isWhiteSpace = PR_TRUE;
    PRBool printedHex   = PR_FALSE;
    unsigned int limit = 15;

    if ( m ) {
       SECU_Indent(out, level); fprintf(out, "%s:\n", m);
       level++;
    }
    
    SECU_Indent(out, level); column = level*INDENT_MULT;
    if (!data->len) {
       fprintf(out, "(empty)\n");
       return;
    }
    /* take a pass to see if it's all printable. */
    for (i = 0; i < data->len; i++) {
       unsigned char val = data->data[i];
        if (!val || !isprint(val)) {
           isString = PR_FALSE;
           break;
       }
       if (isWhiteSpace && !isspace(val)) {
           isWhiteSpace = PR_FALSE;
       }
    }

    /* Short values, such as bit strings (which are printed with this
    ** function) often look like strings, but we want to see the bits.
    ** so this test assures that short values will be printed in hex,
    ** perhaps in addition to being printed as strings.
    ** The threshold size (4 bytes) is arbitrary.
    */
    if (!isString || data->len <= 4) {
      for (i = 0; i < data->len; i++) {
       if (i != data->len - 1) {
           fprintf(out, "%02x:", data->data[i]);
           column += 3;
       } else {
           fprintf(out, "%02x", data->data[i]);
           column += 2;
           break;
       }
       if (column > 76 || (i % 16 == limit)) {
           secu_Newline(out);
           SECU_Indent(out, level); 
           column = level*INDENT_MULT;
           limit = i % 16;
       }
      }
      printedHex = PR_TRUE;
    }
    if (isString && !isWhiteSpace) {
       if (printedHex != PR_FALSE) {
           secu_Newline(out);
           SECU_Indent(out, level); column = level*INDENT_MULT;
       }
       for (i = 0; i < data->len; i++) {
           unsigned char val = data->data[i];

           if (val) {
              fprintf(out,"%c",val);
              column++;
           } else {
              column = 77;
           }
           if (column > 76) {
              secu_Newline(out);
              SECU_Indent(out, level); column = level*INDENT_MULT;
           }
       }
    }
           
    if (column != level*INDENT_MULT) {
       secu_Newline(out);
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SECU_PrintBuf ( FILE out,
const char *  msg,
const void vp,
int  len 
)

Definition at line 835 of file secutil.c.

{
    const unsigned char *cp = (const unsigned char *)vp;
    char buf[80];
    char *bp;
    char *ap;

    fprintf(out, "%s [Len: %d]\n", msg, len);
    memset(buf, ' ', sizeof buf);
    bp = buf;
    ap = buf + 50;
    while (--len >= 0) {
       unsigned char ch = *cp++;
       *bp++ = hex[(ch >> 4) & 0xf];
       *bp++ = hex[ch & 0xf];
       *bp++ = ' ';
       *ap++ = printable[ch];
       if (ap - buf >= 66) {
           *ap = 0;
           fprintf(out, "   %s\n", buf);
           memset(buf, ' ', sizeof buf);
           bp = buf;
           ap = buf + 50;
       }
    }
    if (bp > buf) {
       *ap = 0;
       fprintf(out, "   %s\n", buf);
    }
}

Here is the call graph for this function:

int SECU_PrintCertificate ( FILE out,
SECItem *  der,
char *  m,
int  level 
)

Definition at line 2312 of file secutil.c.

{
    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    CERTCertificate *c;
    int rv = SEC_ERROR_NO_MEMORY;
    int iv;
    
    if (!arena)
       return rv;

    /* Decode certificate */
    c = PORT_ArenaZNew(arena, CERTCertificate);
    if (!c)
       goto loser;
    c->arena = arena;
    rv = SEC_ASN1DecodeItem(arena, c, 
                            SEC_ASN1_GET(CERT_CertificateTemplate), der);
    if (rv) {
        SECU_Indent(out, level); 
       SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
       SECU_PrintAny(out, der, "Raw", level);
       goto loser;
    }
    /* Pretty print it out */
    SECU_Indent(out, level); fprintf(out, "%s:\n", m);
    iv = c->version.len ? DER_GetInteger(&c->version) : 0;  /* version is optional */
    SECU_Indent(out, level+1); fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv);

    SECU_PrintInteger(out, &c->serialNumber, "Serial Number", level+1);
    SECU_PrintAlgorithmID(out, &c->signature, "Signature Algorithm", level+1);
    SECU_PrintName(out, &c->issuer, "Issuer", level+1);
    secu_PrintValidity(out, &c->validity, "Validity", level+1);
    SECU_PrintName(out, &c->subject, "Subject", level+1);
    secu_PrintSubjectPublicKeyInfo(out, arena, &c->subjectPublicKeyInfo,
                           "Subject Public Key Info", level+1);
    if (c->issuerID.data) 
       secu_PrintDecodedBitString(out, &c->issuerID, "Issuer Unique ID", level+1);
    if (c->subjectID.data) 
       secu_PrintDecodedBitString(out, &c->subjectID, "Subject Unique ID", level+1);
    SECU_PrintExtensions(out, c->extensions, "Signed Extensions", level+1);
loser:
    PORT_FreeArena(arena, PR_FALSE);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SECU_PrintCertificateNames ( CERTCertDBHandle *  handle,
PRFileDesc out,
PRBool  sortByName,
PRBool  sortByTrust 
)
int SECU_PrintCertificateRequest ( FILE out,
SECItem *  der,
char *  m,
int  level 
)

Definition at line 2278 of file secutil.c.

{
    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    CERTCertificateRequest *cr;
    int rv = SEC_ERROR_NO_MEMORY;

    if (!arena) 
       return rv;

    /* Decode certificate request */
    cr = PORT_ArenaZNew(arena, CERTCertificateRequest);
    if (!cr)
       goto loser;
    cr->arena = arena;
    rv = SEC_QuickDERDecodeItem(arena, cr, 
                           SEC_ASN1_GET(CERT_CertificateRequestTemplate), der);
    if (rv) 
       goto loser;

    /* Pretty print it out */
    SECU_Indent(out, level); fprintf(out, "%s:\n", m);
    SECU_PrintInteger(out, &cr->version, "Version", level+1);
    SECU_PrintName(out, &cr->subject, "Subject", level+1);
    secu_PrintSubjectPublicKeyInfo(out, arena, &cr->subjectPublicKeyInfo,
                           "Subject Public Key Info", level+1);
    if (cr->attributes)
       SECU_PrintCertAttributes(out, cr->attributes, "Attributes", level+1);
    rv = 0;
loser:
    PORT_FreeArena(arena, PR_FALSE);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SECU_PrintCertNickname ( CERTCertListNode *  cert,
void data 
)

Definition at line 2163 of file secutil.c.

{
    CERTCertTrust *trust;
    CERTCertificate* cert;
    FILE *out;
    char trusts[30];
    char *name;

    cert = node->cert;

    PORT_Memset (trusts, 0, sizeof (trusts));
    out = (FILE *)data;
    
    name = node->appData;
    if (!name || !name[0]) {
        name = cert->nickname;
    }
    if (!name || !name[0]) {
        name = cert->emailAddr;
    }
    if (!name || !name[0]) {
        name = "(NULL)";
    }

    trust = cert->trust;
    if (trust) {
        printflags(trusts, trust->sslFlags);
        PORT_Strcat(trusts, ",");
        printflags(trusts, trust->emailFlags);
        PORT_Strcat(trusts, ",");
        printflags(trusts, trust->objectSigningFlags);
    } else {
        PORT_Memcpy(trusts,",,",3);
    }
    fprintf(out, "%-60s %-5s\n", name, trusts);

    return (SECSuccess);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SECU_printCertProblems ( FILE outfile,
CERTCertDBHandle *  handle,
CERTCertificate *  cert,
PRBool  checksig,
SECCertificateUsage  certUsage,
void pinArg,
PRBool  verbose 
)

Definition at line 3238 of file secutil.c.

{
    CERTVerifyLog      log;
    CERTVerifyLogNode *node   = NULL;
    unsigned int       depth  = (unsigned int)-1;
    unsigned int       flags  = 0;
    char *             errstr = NULL;
    PRErrorCode             err    = PORT_GetError();

    log.arena = PORT_NewArena(512);
    log.head = log.tail = NULL;
    log.count = 0;
    CERT_VerifyCertificate(handle, cert, checksig, certUsage, PR_Now(), pinArg, &log, NULL);

    if (log.count > 0) {
       fprintf(outfile,"PROBLEM WITH THE CERT CHAIN:\n");
       for (node = log.head; node; node = node->next) {
           if (depth != node->depth) {
              depth = node->depth;
              fprintf(outfile,"CERT %d. %s %s:\n", depth,
                             bestCertName(node->cert), 
                             depth ? "[Certificate Authority]": "");
              if (verbose) {
                  const char * emailAddr;
                  emailAddr = CERT_GetFirstEmailAddress(node->cert);
                  if (emailAddr) {
                     fprintf(outfile,"Email Address(es): ");
                     do {
                         fprintf(outfile, "%s\n", emailAddr);
                         emailAddr = CERT_GetNextEmailAddress(node->cert,
                                                              emailAddr);
                     } while (emailAddr);
                  }
              }
           }
           fprintf(outfile,"  ERROR %ld: %s\n", node->error,
                                          SECU_Strerror(node->error));
           errstr = NULL;
           switch (node->error) {
           case SEC_ERROR_INADEQUATE_KEY_USAGE:
              flags = (unsigned int)node->arg;
              switch (flags) {
              case KU_DIGITAL_SIGNATURE:
                  errstr = "Cert cannot sign.";
                  break;
              case KU_KEY_ENCIPHERMENT:
                  errstr = "Cert cannot encrypt.";
                  break;
              case KU_KEY_CERT_SIGN:
                  errstr = "Cert cannot sign other certs.";
                  break;
              default:
                  errstr = "[unknown usage].";
                  break;
              }
           case SEC_ERROR_INADEQUATE_CERT_TYPE:
              flags = (unsigned int)node->arg;
              switch (flags) {
              case NS_CERT_TYPE_SSL_CLIENT:
              case NS_CERT_TYPE_SSL_SERVER:
                  errstr = "Cert cannot be used for SSL.";
                  break;
              case NS_CERT_TYPE_SSL_CA:
                  errstr = "Cert cannot be used as an SSL CA.";
                  break;
              case NS_CERT_TYPE_EMAIL:
                  errstr = "Cert cannot be used for SMIME.";
                  break;
              case NS_CERT_TYPE_EMAIL_CA:
                  errstr = "Cert cannot be used as an SMIME CA.";
                  break;
              case NS_CERT_TYPE_OBJECT_SIGNING:
                  errstr = "Cert cannot be used for object signing.";
                  break;
              case NS_CERT_TYPE_OBJECT_SIGNING_CA:
                  errstr = "Cert cannot be used as an object signing CA.";
                  break;
              default:
                  errstr = "[unknown usage].";
                  break;
              }
           case SEC_ERROR_UNKNOWN_ISSUER:
           case SEC_ERROR_UNTRUSTED_ISSUER:
           case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
              errstr = node->cert->issuerName;
              break;
           default:
              break;
           }
           if (errstr) {
              fprintf(stderr,"    %s\n",errstr);
           }
           CERT_DestroyCertificate(node->cert);
       }    
    }
    PORT_SetError(err); /* restore original error code */
}

Here is the call graph for this function:

Here is the caller graph for this function:

int SECU_PrintCrl ( FILE out,
SECItem *  der,
char *  m,
int  level 
)

Definition at line 2788 of file secutil.c.

{
    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    CERTCrl *c = NULL;
    int rv = SEC_ERROR_NO_MEMORY;

    if (!arena)
       return rv;
    do {
       /* Decode CRL */
       c = PORT_ArenaZNew(arena, CERTCrl);
       if (!c)
           break;

       rv = SEC_QuickDERDecodeItem(arena, c, SEC_ASN1_GET(CERT_CrlTemplate), der);
       if (rv != SECSuccess)
           break;
       SECU_PrintCRLInfo (out, c, m, level);
    } while (0);
    PORT_FreeArena (arena, PR_FALSE);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SECU_PrintCRLInfo ( FILE out,
CERTCrl *  crl,
char *  m,
int  level 
)

Definition at line 2555 of file secutil.c.

{
    CERTCrlEntry *entry;
    int iv;
    char om[100];
    
    SECU_Indent(out, level); fprintf(out, "%s:\n", m);
    /* version is optional */
    iv = crl->version.len ? DER_GetInteger(&crl->version) : 0;  
    SECU_Indent(out, level+1); 
       fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv);
    SECU_PrintAlgorithmID(out, &(crl->signatureAlg), "Signature Algorithm",
                       level + 1);
    SECU_PrintName(out, &(crl->name), "Issuer", level + 1);
    SECU_PrintTimeChoice(out, &(crl->lastUpdate), "This Update", level + 1);
    if (crl->nextUpdate.data && crl->nextUpdate.len) /* is optional */
       SECU_PrintTimeChoice(out, &(crl->nextUpdate), "Next Update", level + 1);
    
    if (crl->entries != NULL) {
       iv = 0;
       while ((entry = crl->entries[iv++]) != NULL) {
           sprintf(om, "Entry (%x):\n", iv); 
           SECU_Indent(out, level + 1); fprintf(out, om);
           SECU_PrintInteger(out, &(entry->serialNumber), "Serial Number",
                           level + 2);
           SECU_PrintTimeChoice(out, &(entry->revocationDate), 
                                "Revocation Date", level + 2);
           SECU_PrintExtensions(out, entry->extensions, 
                                "Entry Extensions", level + 2);
       }
    }
    SECU_PrintExtensions(out, crl->extensions, "CRL Extensions", level + 1);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SECU_PrintError ( char *  progName,
char *  msg,
  ... 
)

Definition at line 120 of file secutil.c.

{
    va_list args;
    PRErrorCode err = PORT_GetError();
    const char * errString = SECU_Strerror(err);

    va_start(args, msg);

    fprintf(stderr, "%s: ", progName);
    vfprintf(stderr, msg, args);
    if (errString != NULL && PORT_Strlen(errString) > 0)
       fprintf(stderr, ": %s\n", errString);
    else
       fprintf(stderr, ": error %d\n", (int)err);

    va_end(args);
}

Here is the call graph for this function:

void SECU_PrintExtensions ( FILE out,
CERTCertExtension **  extensions,
char *  msg,
int  level 
)

Definition at line 1981 of file secutil.c.

{
    SECOidTag oidTag;
    
    if ( extensions ) {
       if (msg && *msg) {
           SECU_Indent(out, level++); fprintf(out, "%s:\n", msg);
       }
       
       while ( *extensions ) {
           SECItem *tmpitem;

           tmpitem = &(*extensions)->id;
           SECU_PrintObjectID(out, tmpitem, "Name", level);

           tmpitem = &(*extensions)->critical;
           if ( tmpitem->len ) {
              secu_PrintBoolean(out, tmpitem, "Critical", level);
           }

           oidTag = SECOID_FindOIDTag (&((*extensions)->id));
           tmpitem = &((*extensions)->value);

           switch (oidTag) {
              case SEC_OID_X509_INVALID_DATE:
              case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME:
                 secu_PrintX509InvalidDate(out, tmpitem, "Date", level );
                 break;
              case SEC_OID_X509_CERTIFICATE_POLICIES:
                 SECU_PrintPolicy(out, tmpitem, "Data", level );
                 break;
              case SEC_OID_NS_CERT_EXT_BASE_URL:
              case SEC_OID_NS_CERT_EXT_REVOCATION_URL:
              case SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL:
              case SEC_OID_NS_CERT_EXT_CA_CRL_URL:
              case SEC_OID_NS_CERT_EXT_CA_CERT_URL:
              case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL:
              case SEC_OID_NS_CERT_EXT_CA_POLICY_URL:
              case SEC_OID_NS_CERT_EXT_HOMEPAGE_URL:
              case SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL:
              case SEC_OID_OCSP_RESPONDER:
                  SECU_PrintString(out,tmpitem, "URL", level);
                  break;
              case SEC_OID_NS_CERT_EXT_COMMENT:
                  SECU_PrintString(out,tmpitem, "Comment", level);
                  break;
              case SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME:
                  SECU_PrintString(out,tmpitem, "ServerName", level);
                  break;
              case SEC_OID_NS_CERT_EXT_CERT_TYPE:
                  secu_PrintNSCertType(out,tmpitem,"Data",level);
                  break;
              case SEC_OID_X509_BASIC_CONSTRAINTS:
                  secu_PrintBasicConstraints(out,tmpitem,"Data",level);
                  break;
              case SEC_OID_X509_EXT_KEY_USAGE:
                  PrintExtKeyUsageExtension(out, tmpitem, NULL, level);
                  break;
              case SEC_OID_X509_KEY_USAGE:
                  secu_PrintX509KeyUsage(out, tmpitem, NULL, level );
                  break;
              case SEC_OID_X509_AUTH_KEY_ID:
                  secu_PrintAuthKeyIDExtension(out, tmpitem, NULL, level );
                  break;
              case SEC_OID_X509_SUBJECT_ALT_NAME:
              case SEC_OID_X509_ISSUER_ALT_NAME:
                  secu_PrintAltNameExtension(out, tmpitem, NULL, level );
                  break;
              case SEC_OID_X509_CRL_DIST_POINTS:
                  secu_PrintCRLDistPtsExtension(out, tmpitem, NULL, level );
                  break;
              case SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD:
                  SECU_PrintPrivKeyUsagePeriodExtension(out, tmpitem, NULL, 
                                                 level );
                  break;
              case SEC_OID_X509_NAME_CONSTRAINTS:
                  secu_PrintNameConstraintsExtension(out, tmpitem, NULL, level);
                  break;
              case SEC_OID_X509_AUTH_INFO_ACCESS:
                  secu_PrintAuthorityInfoAcess(out, tmpitem, NULL, level);
                  break;

              case SEC_OID_X509_CRL_NUMBER:
              case SEC_OID_X509_REASON_CODE:

              /* PKIX OIDs */
              case SEC_OID_PKIX_OCSP:
              case SEC_OID_PKIX_OCSP_BASIC_RESPONSE:
              case SEC_OID_PKIX_OCSP_NONCE:
              case SEC_OID_PKIX_OCSP_CRL:
              case SEC_OID_PKIX_OCSP_RESPONSE:
              case SEC_OID_PKIX_OCSP_NO_CHECK:
              case SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF:
              case SEC_OID_PKIX_OCSP_SERVICE_LOCATOR:
              case SEC_OID_PKIX_REGCTRL_REGTOKEN:
              case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
              case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
              case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
              case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
              case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
              case SEC_OID_PKIX_REGINFO_UTF8_PAIRS:
              case SEC_OID_PKIX_REGINFO_CERT_REQUEST:

               /* Netscape extension OIDs. */
              case SEC_OID_NS_CERT_EXT_NETSCAPE_OK:
              case SEC_OID_NS_CERT_EXT_ISSUER_LOGO:
              case SEC_OID_NS_CERT_EXT_SUBJECT_LOGO:
              case SEC_OID_NS_CERT_EXT_ENTITY_LOGO:
              case SEC_OID_NS_CERT_EXT_USER_PICTURE:

              /* x.509 v3 Extensions */
              case SEC_OID_X509_SUBJECT_DIRECTORY_ATTR:
              case SEC_OID_X509_SUBJECT_KEY_ID:
              case SEC_OID_X509_POLICY_MAPPINGS:
              case SEC_OID_X509_POLICY_CONSTRAINTS:


               default:
                  SECU_PrintAny(out, tmpitem, "Data", level);
              break;
           }

           secu_Newline(out);
           extensions++;
       }
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

int SECU_PrintFingerprints ( FILE out,
SECItem *  derCert,
char *  m,
int  level 
)

Definition at line 2408 of file secutil.c.

{
    unsigned char fingerprint[20];
    char *fpStr = NULL;
    int err     = PORT_GetError();
    SECStatus rv;
    SECItem fpItem;

    /* print MD5 fingerprint */
    memset(fingerprint, 0, sizeof fingerprint);
    rv = PK11_HashBuf(SEC_OID_MD5,fingerprint, derCert->data, derCert->len);
    fpItem.data = fingerprint;
    fpItem.len = MD5_LENGTH;
    fpStr = CERT_Hexify(&fpItem, 1);
    SECU_Indent(out, level);  fprintf(out, "%s (MD5):\n", m);
    SECU_Indent(out, level+1); fprintf(out, "%s\n", fpStr);
    PORT_Free(fpStr);
    fpStr = NULL;
    if (rv != SECSuccess && !err)
       err = PORT_GetError();

    /* print SHA1 fingerprint */
    memset(fingerprint, 0, sizeof fingerprint);
    rv = PK11_HashBuf(SEC_OID_SHA1,fingerprint, derCert->data, derCert->len);
    fpItem.data = fingerprint;
    fpItem.len = SHA1_LENGTH;
    fpStr = CERT_Hexify(&fpItem, 1);
    SECU_Indent(out, level);  fprintf(out, "%s (SHA1):\n", m);
    SECU_Indent(out, level+1); fprintf(out, "%s\n", fpStr);
    PORT_Free(fpStr);
    fprintf(out, "\n");

    if (err) 
       PORT_SetError(err);
    if (err || rv != SECSuccess)
       return SECFailure;

    return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SECU_PrintGeneralizedTime ( FILE out,
SECItem *  t,
char *  m,
int  level 
)

Definition at line 1028 of file secutil.c.

{
    int64 time;
    SECStatus rv;


    rv = DER_GeneralizedTimeToTime(&time, t);
    if (rv != SECSuccess)
       return;

    secu_PrintTime(out, time, m, level);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SECU_PrintInteger ( FILE out,
SECItem *  i,
char *  m,
int  level 
)

Definition at line 889 of file secutil.c.

{
    int iv;

    if (!i || !i->len || !i->data) {
       SECU_Indent(out, level); 
       if (m) {
           fprintf(out, "%s: (null)\n", m);
       } else {
           fprintf(out, "(null)\n");
       }
    } else if (i->len > 4) {
       SECU_PrintAsHex(out, i, m, level);
    } else {
       iv = DER_GetInteger(i);
       SECU_Indent(out, level); 
       if (m) {
           fprintf(out, "%s: %d (0x%x)\n", m, iv, iv);
       } else {
           fprintf(out, "%d (0x%x)\n", iv, iv);
       }
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SECU_PrintName ( FILE out,
CERTName *  name,
char *  msg,
int  level 
)

Definition at line 2112 of file secutil.c.

{
    char *nameStr;
    char *str;
    SECItem my;

    str = nameStr = CERT_NameToAscii(name);
    if (!str) {
       str = "!Invalid AVA!";
    }
    my.data = (unsigned char *)str;
    my.len  = PORT_Strlen(str);
#if 1
    secu_PrintRawString(out, &my, msg, level);
#else
    SECU_Indent(out, level); fprintf(out, "%s: ", msg);
    fprintf(out, str);
    secu_Newline(out);
#endif
    PORT_Free(nameStr);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECOidTag SECU_PrintObjectID ( FILE out,
SECItem *  oid,
char *  m,
int  level 
)

Definition at line 1378 of file secutil.c.

{
    SECOidData *oiddata;
    char *      oidString = NULL;
    
    oiddata = SECOID_FindOID(oid);
    if (oiddata != NULL) {
       const char *name = oiddata->desc;
       SECU_Indent(out, level);
       if (m != NULL)
           fprintf(out, "%s: ", m);
       fprintf(out, "%s\n", name);
       return oiddata->offset;
    } 
    oidString = CERT_GetOidString(oid);
    if (oidString) {
       SECU_Indent(out, level);
       if (m != NULL)
           fprintf(out, "%s: ", m);
       fprintf(out, "%s\n", oidString);
       PR_smprintf_free(oidString);
       return SEC_OID_UNKNOWN;
    }
    SECU_PrintAsHex(out, oid, m, level);
    return SEC_OID_UNKNOWN;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int SECU_PrintPKCS7ContentInfo ( FILE out,
SECItem *  der,
char *  m,
int  level 
)

Definition at line 2916 of file secutil.c.

{
    SEC_PKCS7ContentInfo *cinfo;
    int rv;

    cinfo = SEC_PKCS7DecodeItem(der, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
    if (cinfo != NULL) {
       /* Send it to recursive parsing and printing module */
       rv = secu_PrintPKCS7ContentInfo(out, cinfo, m, level);
       SEC_PKCS7DestroyContentInfo(cinfo);
    } else {
       rv = -1;
    }

    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SECU_PrintPolicy ( FILE out,
SECItem *  value,
char *  msg,
int  level 
)

Definition at line 244 of file pppolicy.c.

{
   CERTCertificatePolicies *policies = NULL;
   CERTPolicyInfo **policyInfos;

   if (msg) {
       SECU_Indent(out, level);
       fprintf(out,"%s: \n",msg);
       level++;
   }
   policies = secu_DecodeCertificatePoliciesExtension(value);
   if (policies == NULL) {
       SECU_PrintAny(out, value, "Invalid Policy Data", level);
       return;
   }

   policyInfos = policies->policyInfos;
   while (policyInfos && *policyInfos != NULL) {
       secu_PrintPolicyInfo(out,*policyInfos,"",level);
       policyInfos++;
   }

   CERT_DestroyCertificatePoliciesExtension(policies);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SECU_PrintPRandOSError ( char *  progName)

Definition at line 3212 of file secutil.c.

{
    char buffer[513];
    PRInt32     errLen = PR_GetErrorTextLength();
    if (errLen > 0 && errLen < sizeof buffer) {
        PR_GetErrorText(buffer);
    }
    SECU_PrintError(progName, "function failed");
    if (errLen > 0 && errLen < sizeof buffer) {
        PR_fprintf(PR_STDERR, "\t%s\n", buffer);
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SECU_PrintPrivKeyUsagePeriodExtension ( FILE out,
SECItem *  value,
char *  msg,
int  level 
)

Definition at line 271 of file pppolicy.c.

{
    CERTPrivKeyUsagePeriod * prd;
    PLArenaPool * arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);

    if ( !arena ) {
       goto loser;
    }
    prd = CERT_DecodePrivKeyUsagePeriodExtension(arena, value);
    if (!prd) {
       goto loser;
    }
    if (prd->notBefore.data) {
       SECU_PrintGeneralizedTime(out, &prd->notBefore, "Not Before", level);
    }
    if (prd->notAfter.data) {
       SECU_PrintGeneralizedTime(out, &prd->notAfter,  "Not After ", level);
    }
    if (!prd->notBefore.data && !prd->notAfter.data) {
       SECU_Indent(out, level);
       fprintf(out, "Error: notBefore or notAfter MUST be present.\n");
loser:
       SECU_PrintAny(out, value, msg, level);
    }
    if (arena) {
       PORT_FreeArena(arena, PR_FALSE);
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

int SECU_PrintPublicKey ( FILE out,
SECItem *  der,
char *  m,
int  level 
)

Definition at line 2358 of file secutil.c.

{
    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    SECKEYPublicKey key;
    int rv = SEC_ERROR_NO_MEMORY;

    if (!arena)
       return rv;

    PORT_Memset(&key, 0, sizeof(key));
    rv = SEC_ASN1DecodeItem(arena, &key, 
                            SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), der);
    if (!rv) {
       /* Pretty print it out */
       secu_PrintRSAPublicKey(out, &key, m, level);
    }

    PORT_FreeArena(arena, PR_FALSE);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int SECU_PrintSignedData ( FILE out,
SECItem *  der,
char *  m,
int  level,
SECU_PPFunc  inner 
)

Definition at line 2981 of file secutil.c.

{
    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    CERTSignedData *sd;
    int rv = SEC_ERROR_NO_MEMORY;

    if (!arena)
       return rv;

    /* Strip off the signature */
    sd = PORT_ArenaZNew(arena, CERTSignedData);
    if (!sd)
       goto loser;

    rv = SEC_ASN1DecodeItem(arena, sd, SEC_ASN1_GET(CERT_SignedDataTemplate), 
                            der);
    if (rv)
       goto loser;

    SECU_Indent(out, level); fprintf(out, "%s:\n", m);
    rv = (*inner)(out, &sd->data, "Data", level+1);

    SECU_PrintAlgorithmID(out, &sd->signatureAlgorithm, "Signature Algorithm",
                       level+1);
    DER_ConvertBitString(&sd->signature);
    SECU_PrintAsHex(out, &sd->signature, "Signature", level+1);
    SECU_PrintFingerprints(out, der, "Fingerprint", level+1);
loser:
    PORT_FreeArena(arena, PR_FALSE);
    return rv;

}

Here is the call graph for this function:

Here is the caller graph for this function:

void SECU_PrintString ( FILE out,
SECItem *  si,
char *  m,
int  level 
)

Definition at line 946 of file secutil.c.

{
    SECItem my = *si;

    if (SECSuccess != SECU_StripTagAndLength(&my) || !my.len)
       return;
    secu_PrintRawString(out, &my, m, level);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SECU_PrintSystemError ( char *  progName,
char *  msg,
  ... 
)

Definition at line 139 of file secutil.c.

{
    va_list args;

    va_start(args, msg);
    fprintf(stderr, "%s: ", progName);
    vfprintf(stderr, msg, args);
#if defined(_WIN32_WCE)
    fprintf(stderr, ": %d\n", PR_GetOSError());
#else
    fprintf(stderr, ": %s\n", strerror(errno));
#endif
    va_end(args);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SECU_PrintTimeChoice ( FILE out,
SECItem *  t,
char *  m,
int  level 
)

Definition at line 1047 of file secutil.c.

{
    switch (t->type) {
        case siUTCTime:
            SECU_PrintUTCTime(out, t, m, level);
            break;

        case siGeneralizedTime:
            SECU_PrintGeneralizedTime(out, t, m, level);
            break;

        default:
            PORT_Assert(0);
            break;
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SECU_PrintTrustFlags ( FILE out,
CERTCertTrust *  trust,
char *  m,
int  level 
)

Definition at line 2970 of file secutil.c.

{
    SECU_Indent(out, level); fprintf(out, "%s:\n", m);
    SECU_Indent(out, level+1); fprintf(out, "SSL Flags:\n");
    printFlags(out, trust->sslFlags, level+2);
    SECU_Indent(out, level+1); fprintf(out, "Email Flags:\n");
    printFlags(out, trust->emailFlags, level+2);
    SECU_Indent(out, level+1); fprintf(out, "Object Signing Flags:\n");
    printFlags(out, trust->objectSigningFlags, level+2);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SECU_PrintUTCTime ( FILE out,
SECItem *  t,
char *  m,
int  level 
)

Definition at line 1010 of file secutil.c.

{
    int64 time;
    SECStatus rv;

    rv = DER_UTCTimeToTime(&time, t);
    if (rv != SECSuccess)
       return;

    secu_PrintTime(out, time, m, level);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SECU_ReadDERFromFile ( SECItem *  der,
PRFileDesc inFile,
PRBool  ascii 
)

Definition at line 656 of file secutil.c.

{
    SECStatus rv;
    if (ascii) {
       /* First convert ascii to binary */
       SECItem filedata;
       char *asc, *body;

       /* Read in ascii data */
       rv = SECU_FileToItem(&filedata, inFile);
       asc = (char *)filedata.data;
       if (!asc) {
           fprintf(stderr, "unable to read data from input file\n");
           return SECFailure;
       }

       /* check for headers and trailers and remove them */
       if ((body = strstr(asc, "-----BEGIN")) != NULL) {
           char *trailer = NULL;
           asc = body;
           body = PORT_Strchr(body, '\n');
           if (!body)
              body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */
           if (body)
              trailer = strstr(++body, "-----END");
           if (trailer != NULL) {
              *trailer = '\0';
           } else {
              fprintf(stderr, "input has header but no trailer\n");
              PORT_Free(filedata.data);
              return SECFailure;
           }
       } else {
           body = asc;
       }
     
       /* Convert to binary */
       rv = ATOB_ConvertAsciiToItem(der, body);
       if (rv) {
           fprintf(stderr, "error converting ascii to binary (%s)\n",
                  SECU_Strerror(PORT_GetError()));
           PORT_Free(filedata.data);
           return SECFailure;
       }

       PORT_Free(filedata.data);
    } else {
       /* Read in binary der */
       rv = SECU_FileToItem(der, inFile);
       if (rv) {
           fprintf(stderr, "error converting der (%s)\n", 
                  SECU_Strerror(PORT_GetError()));
           return SECFailure;
       }
    }
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 163 of file moreoids.c.

{
    unsigned int i;
    SECStatus rv = SECSuccess;

    for (i = 0; i < numOids; ++i) {
       SECOidTag tag = SECOID_AddEntry(&oids[i]);
       if (tag == SEC_OID_UNKNOWN) {
           rv = SECFailure;
#ifdef DEBUG_DYN_OIDS
           fprintf(stderr, "Add OID[%d] failed\n", i);
       } else {
           fprintf(stderr, "Add OID[%d] returned tag %d\n", i, tag);
#endif
       }
    }
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

char* SECU_SECModDBName ( void  )
SECStatus SECU_SignAndEncodeCRL ( CERTCertificate *  issuer,
CERTSignedCrl *  signCrl,
SECOidTag  hashAlgTag,
SignAndEncodeFuncExitStat resCode 
)

Definition at line 3402 of file secutil.c.

{
    SECItem der;
    SECKEYPrivateKey *caPrivateKey = NULL;    
    SECStatus rv;
    PRArenaPool *arena;
    SECOidTag algID;
    void *dummy;

    PORT_Assert(issuer != NULL && signCrl != NULL);
    if (!issuer || !signCrl) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    arena = signCrl->arena;

    caPrivateKey = PK11_FindKeyByAnyCert(issuer, NULL);
    if (caPrivateKey == NULL) {
        *resCode = noKeyFound;
        return SECFailure;
    }

    algID = SEC_GetSignatureAlgorithmOidTag(caPrivateKey->keyType, hashAlgTag);
    if (algID == SEC_OID_UNKNOWN) {
        *resCode = noSignatureMatch;
        rv = SECFailure;
        goto done;
    }

    if (!signCrl->crl.signatureAlg.parameters.data) {
        rv = SECOID_SetAlgorithmID(arena, &signCrl->crl.signatureAlg, algID, 0);
        if (rv != SECSuccess) {
            *resCode = failToEncode;
            goto done;
        }
    }

    der.len = 0;
    der.data = NULL;
    dummy = SEC_ASN1EncodeItem(arena, &der, &signCrl->crl,
                               SEC_ASN1_GET(CERT_CrlTemplate));
    if (!dummy) {
        *resCode = failToEncode;
        rv = SECFailure;
        goto done;
    }

    rv = SECU_DerSignDataCRL(arena, &signCrl->signatureWrap,
                             der.data, der.len, caPrivateKey, algID);
    if (rv != SECSuccess) {
        *resCode = failToSign;
        goto done;
    }

    signCrl->derCrl = PORT_ArenaZNew(arena, SECItem);
    if (signCrl->derCrl == NULL) {
        *resCode = noMem;
        PORT_SetError(SEC_ERROR_NO_MEMORY);
        rv = SECFailure;
        goto done;
    }

    signCrl->derCrl->len = 0;
    signCrl->derCrl->data = NULL;
    dummy = SEC_ASN1EncodeItem (arena, signCrl->derCrl, signCrl,
                                SEC_ASN1_GET(CERT_SignedCrlTemplate));
    if (!dummy) {
        *resCode = failToEncode;
        rv = SECFailure;
        goto done;
    }

done:
    if (caPrivateKey) {
        SECKEY_DestroyPrivateKey(caPrivateKey);
    }
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SECU_StoreCRL ( PK11SlotInfo *  slot,
SECItem *  derCrl,
PRFileDesc outFile,
int  ascii,
char *  url 
)
const char* SECU_Strerror ( PRErrorCode  errNum)

Definition at line 66 of file secerror.c.

                                  {
    PRInt32 low  = 0;
    PRInt32 high = numStrings - 1;
    PRInt32 i;
    PRErrorCode num;
    static int initDone;

    /* make sure table is in ascending order.
     * binary search depends on it.
     */
    if (!initDone) {
       PRErrorCode lastNum = ((PRInt32)0x80000000);
       for (i = low; i <= high; ++i) {
           num = errStrings[i].errNum;
           if (num <= lastNum) {
              fprintf(stderr, 
"sequence error in error strings at item %d\n"
"error %d (%s)\n"
"should come after \n"
"error %d (%s)\n",
                      i, lastNum, errStrings[i-1].errString, 
                     num, errStrings[i].errString);
           }
           lastNum = num;
       }
       initDone = 1;
    }

    /* Do binary search of table. */
    while (low + 1 < high) {
       i = (low + high) / 2;
       num = errStrings[i].errNum;
       if (errNum == num) 
           return errStrings[i].errString;
        if (errNum < num)
           high = i;
       else 
           low = i;
    }
    if (errNum == errStrings[low].errNum)
       return errStrings[low].errString;
    if (errNum == errStrings[high].errNum)
       return errStrings[high].errString;
    return NULL;
}

Here is the call graph for this function:

Definition at line 3339 of file secutil.c.

{
    SECOidTag hashAlgTag = SEC_OID_UNKNOWN;

    if (alg) {
       if (!PL_strcmp(alg, "MD2")) {
           hashAlgTag = SEC_OID_MD2;
       } else if (!PL_strcmp(alg, "MD4")) {
           hashAlgTag = SEC_OID_MD4;
       } else if (!PL_strcmp(alg, "MD5")) {
           hashAlgTag = SEC_OID_MD5;
       } else if (!PL_strcmp(alg, "SHA1")) {
           hashAlgTag = SEC_OID_SHA1;
       } else if (!PL_strcmp(alg, "SHA256")) {
           hashAlgTag = SEC_OID_SHA256;
       } else if (!PL_strcmp(alg, "SHA384")) {
           hashAlgTag = SEC_OID_SHA384;
       } else if (!PL_strcmp(alg, "SHA512")) {
           hashAlgTag = SEC_OID_SHA512;
       }
    }
    return hashAlgTag;
}

Here is the caller graph for this function:

SECStatus SECU_TextFileToItem ( SECItem *  dst,
PRFileDesc src 
)

Definition at line 609 of file secutil.c.

{
    PRFileInfo info;
    PRInt32 numBytes;
    PRStatus prStatus;
    unsigned char *buf;

    if (src == PR_STDIN)
       return secu_StdinToItem(dst);

    prStatus = PR_GetOpenFileInfo(src, &info);

    if (prStatus != PR_SUCCESS) {
       PORT_SetError(SEC_ERROR_IO);
       return SECFailure;
    }

    buf = (unsigned char*)PORT_Alloc(info.size);
    if (!buf)
       return SECFailure;

    numBytes = PR_Read(src, buf, info.size);
    if (numBytes != info.size) {
       PORT_SetError(SEC_ERROR_IO);
       goto loser;
    }

    if (buf[numBytes-1] == '\n') numBytes--;
#ifdef _WINDOWS
    if (buf[numBytes-1] == '\r') numBytes--;
#endif

    /* XXX workaround for 3.1, not all utils zero dst before sending */
    dst->data = 0;
    if (!SECITEM_AllocItem(NULL, dst, numBytes))
       goto loser;

    memcpy(dst->data, buf, numBytes);

    PORT_Free(buf);
    return SECSuccess;
loser:
    PORT_Free(buf);
    return SECFailure;
}

Here is the call graph for this function: