Back to index

lightning-sunbird  0.9+nobinonly
Enumerations | Functions | Variables
signver.c File Reference
#include "secutil.h"
#include "secmod.h"
#include "cert.h"
#include "secoid.h"
#include "nss.h"
#include "prinit.h"
#include "prprf.h"
#include "prsystem.h"
#include "prmem.h"
#include "plstr.h"
#include "sechash.h"

Go to the source code of this file.

Enumerations

enum  { cmd_DisplayAllPCKS7Info = 0, cmd_DisplayCertInfo, cmd_DisplaySignerInfo, cmd_VerifySignedObj }
enum  {
  opt_ASCII, opt_CertDir, opt_InputDataFile, opt_ItemNumber,
  opt_OutputFile, opt_InputSigFile, opt_TypeTag, opt_PrintWhyFailure
}

Functions

int SV_PrintPKCS7ContentInfo (FILE *, SECItem *)
static void Usage (char *progName, FILE *outFile)
static HASH_HashType AlgorithmToHashType (SECAlgorithmID *digestAlgorithms)
static int DigestData (unsigned char *digest, unsigned char *data, unsigned int *len, unsigned int maxLen, HASH_HashType hashType)
int main (int argc, char **argv)
 The Xalan testcases app.

Variables

static int debugInfo = 0
static char * usageInfo []
static int nUsageInfo = sizeof(usageInfo)/sizeof(char *)
static secuCommandFlag signver_commands []
static secuCommandFlag signver_options []

Enumeration Type Documentation

anonymous enum
Enumerator:
cmd_DisplayAllPCKS7Info 
cmd_DisplayCertInfo 
cmd_DisplaySignerInfo 
cmd_VerifySignedObj 

Definition at line 127 of file signver.c.

anonymous enum
Enumerator:
opt_ASCII 
opt_CertDir 
opt_InputDataFile 
opt_ItemNumber 
opt_OutputFile 
opt_InputSigFile 
opt_TypeTag 
opt_PrintWhyFailure 

Definition at line 134 of file signver.c.


Function Documentation

static HASH_HashType AlgorithmToHashType ( SECAlgorithmID *  digestAlgorithms) [static]

Definition at line 83 of file signver.c.

{
       SECOidTag tag;

       tag = SECOID_GetAlgorithmTag(digestAlgorithms);

       switch (tag) {
              case SEC_OID_MD2:
                     if (debugInfo) PR_fprintf(PR_STDERR, "Hash algorithm: HASH_AlgMD2 SEC_OID_MD2\n");
                     return HASH_AlgMD2;
              case SEC_OID_MD5:
                     if (debugInfo) PR_fprintf(PR_STDERR, "Hash algorithm: HASH_AlgMD5 SEC_OID_MD5\n");
                     return HASH_AlgMD5;
              case SEC_OID_SHA1:
                     if (debugInfo) PR_fprintf(PR_STDERR, "Hash algorithm: HASH_AlgSHA1 SEC_OID_SHA1\n");
                     return HASH_AlgSHA1;
              default:
                     if (debugInfo) PR_fprintf(PR_STDERR, "should never get here\n");
                     return HASH_AlgNULL;
       }
}

Here is the call graph for this function:

Here is the caller graph for this function:

static int DigestData ( unsigned char *  digest,
unsigned char *  data,
unsigned int len,
unsigned int  maxLen,
HASH_HashType  hashType 
) [static]

Definition at line 107 of file signver.c.

{
       const SECHashObject *hashObj;
       void *hashcx;

       hashObj = HASH_GetHashObject(hashType);
       hashcx = (* hashObj->create)();
       if (hashcx == NULL)
       return -1;

       (* hashObj->begin)(hashcx);
       (* hashObj->update)(hashcx, data, PORT_Strlen((char *)data));
       (* hashObj->end)(hashcx, digest, len, maxLen);
       (* hashObj->destroy)(hashcx, PR_TRUE);

       return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int main ( int  argc,
char **  argv 
)

The Xalan testcases app.

Definition at line 162 of file signver.c.

{
       PRExplodedTime explodedCurrent;
       SECItem der, data;
       char *progName;
       int rv;
       PRFileDesc *dataFile = 0;
       PRFileDesc *signFile = 0;
       FILE *outFile = stdout;
       char *typeTag = 0;
       SECStatus secstatus;

       secuCommand signver;
       signver.numCommands = sizeof(signver_commands) /sizeof(secuCommandFlag);
       signver.numOptions = sizeof(signver_options) / sizeof(secuCommandFlag);
       signver.commands = signver_commands;
       signver.options = signver_options;

#ifdef XP_PC
       progName = strrchr(argv[0], '\\');
#else
       progName = strrchr(argv[0], '/');
#endif
       progName = progName ? progName+1 : argv[0];

       /*_asm int 3*/

       PR_ExplodeTime(PR_Now(), PR_LocalTimeParameters, &explodedCurrent);
#if 0
       if (explodedCurrent.tm_year >= 1998
              && explodedCurrent.tm_month >= 5 /* months past tm_year (0-11, Jan = 0) */
              && explodedCurrent.tm_mday >= 1) {
              PR_fprintf(PR_STDERR, "%s: expired\n", progName);
              return -1;
       }
#endif

       rv = SECU_ParseCommandLine(argc, argv, progName, &signver);

        if (SECSuccess != rv) {
            Usage(progName, outFile);
        }

       /*  Set the certdb directory (default is ~/.{browser}) */
       SECU_ConfigDirectory(signver.options[opt_CertDir].arg);

       /*  Set the certificate type.  */
       typeTag = SECU_GetOptionArg(&signver, opt_TypeTag);

       /*  -i and -s without filenames  */
       if (signver.options[opt_InputDataFile].activated &&
           signver.options[opt_InputSigFile].activated &&
           !PL_strcmp("-", signver.options[opt_InputDataFile].arg) &&
           !PL_strcmp("-", signver.options[opt_InputSigFile].arg))
              PR_fprintf(PR_STDERR, 
                     "%s: Only data or signature file can use stdin (not both).\n",
                     progName);

       /*  Open the input data file (no arg == use stdin). */
       if (signver.options[opt_InputDataFile].activated) {
              if (PL_strcmp("-", signver.options[opt_InputDataFile].arg))
                     dataFile = PR_Open(signver.options[opt_InputDataFile].arg, 
                                        PR_RDONLY, 0);
              else
                     dataFile = PR_STDIN;
              if (!dataFile) {
                     PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading.\n",
                                progName, signver.options[opt_InputDataFile].arg);
                     return -1;
              }
       }

       /*  Open the input signature file (no arg == use stdin).  */
       if (signver.options[opt_InputSigFile].activated) {
              if (PL_strcmp("-", signver.options[opt_InputSigFile].arg))
                     signFile = PR_Open(signver.options[opt_InputSigFile].arg, 
                                        PR_RDONLY, 0);
              else
                     signFile = PR_STDIN;
              if (!signFile) {
                     PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading.\n",
                                progName, signver.options[opt_InputSigFile].arg);
                     return -1;
              }
       }

#if 0
                            if (!typeTag) ascii = 1;
#endif

       /*  Open|Create the output file.  */
       if (signver.options[opt_OutputFile].activated) {
              outFile = fopen(signver.options[opt_OutputFile].arg, "w");
                     /*
              outFile = PR_Open(signver.options[opt_OutputFile].arg,
                                PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE, 00660);
                                            */
              if (!outFile) {
                     PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for writing.\n",
                                progName, signver.options[opt_OutputFile].arg);
                     return -1;
              }
       }

       if (!signFile && !dataFile && !typeTag) 
              Usage(progName, outFile);

       if (!signFile && !dataFile && 
            signver.commands[cmd_VerifySignedObj].activated) {
              PR_fprintf(PR_STDERR, 
                         "%s: unable to read all data from standard input\n", 
                         progName);
              return -1;
       } 

       PR_SetError(0, 0); /* PR_Init("pp", 1, 1, 0);*/
       secstatus = NSS_Init(SECU_ConfigDirectory(NULL));
       if (secstatus != SECSuccess) {
           SECU_PrintPRandOSError(progName);
           return -1;
       }
       SECU_RegisterDynamicOids();

       rv = SECU_ReadDERFromFile(&der, signFile, 
                                 signver.options[opt_ASCII].activated);

       /* Data is untyped, using the specified type */
       data.data = der.data;
       data.len = der.len;


       /* Signature Verification */
       if (!signver.options[opt_TypeTag].activated) {
              if (signver.commands[cmd_VerifySignedObj].activated) {
                     SEC_PKCS7ContentInfo *cinfo;

                     cinfo = SEC_PKCS7DecodeItem(&data, NULL, NULL, NULL, NULL,
                                                 NULL, NULL, NULL);
                     if (cinfo != NULL) {
#if 0
                            if (debugInfo) {
                                   PR_fprintf(PR_STDERR, "Content %s encrypted.\n",
                                                    SEC_PKCS7ContentIsEncrypted(cinfo) ? "was" : "was not");

                                   PR_fprintf(PR_STDERR, "Content %s signed.\n",
                                                    SEC_PKCS7ContentIsSigned(cinfo) ? "was" : "was not");
                            }
#endif

                            if (SEC_PKCS7ContentIsSigned(cinfo)) {
                                   SEC_PKCS7SignedData *signedData;
                                   HASH_HashType digestType;
                                   SECItem digest, data;
                                   unsigned char *dataToVerify, digestBuffer[32];

                                   signedData = cinfo->content.signedData;

                                   /* assume that there is only one digest algorithm for now */
                                   digestType = 
                                     AlgorithmToHashType(signedData->digestAlgorithms[0]);
                                   if (digestType == HASH_AlgNULL) {
                                          PR_fprintf(PR_STDERR, "Invalid hash algorithmID\n");
                                          return (-1);
                                   }
                                   rv = SECU_FileToItem(&data, dataFile);
                                   dataToVerify = data.data;
                                   if (dataToVerify) {
                                                             /*certUsageObjectSigner;*/
                                          SECCertUsage usage = certUsageEmailSigner; 
                                          

#if 0
                                          if (debugInfo) 
                                                 PR_fprintf(PR_STDERR, "dataToVerify=%s\n", 
                                                            dataToVerify);
#endif
                                          digest.data = digestBuffer;
                                          if (DigestData (digest.data, dataToVerify, 
                                                          &digest.len, 32, digestType)) {
                                                 PR_fprintf(PR_STDERR, "Fail to compute message digest for verification. Reason: %s\n",
                                                                 SECU_ErrorString((int16)PORT_GetError()));
                                                 return (-1);
                                          }
#if 0
                                          if (debugInfo) {
                                                 PR_fprintf(PR_STDERR, "Data Digest=:");
                                                 for (i = 0; i < digest.len; i++)
                                                        PR_fprintf(PR_STDERR, "%02x:", digest.data[i]);
                                                 PR_fprintf(PR_STDERR, "\n");
                                          }
#endif


                                          if (signver.commands[cmd_VerifySignedObj].activated)
                                                 fprintf(outFile, "signatureValid=");
                                          PORT_SetError(0);
                                          if (SEC_PKCS7VerifyDetachedSignature (cinfo, usage, 
                                                                 &digest, digestType, PR_FALSE)) {
                                                 if (signver.commands[cmd_VerifySignedObj].activated)
                                                        fprintf(outFile, "yes");
                                          } else {
                                                 if (signver.commands[cmd_VerifySignedObj].activated){
                                                        fprintf(outFile, "no");
                                                 if (signver.options[opt_PrintWhyFailure].activated)
                                                 fprintf(outFile, ":%s", SECU_ErrorString((int16)PORT_GetError()));
                                                 }
                                          }
                                          if (signver.commands[cmd_VerifySignedObj].activated)
                                                 fprintf(outFile, "\n");

                                          SECITEM_FreeItem(&data, PR_FALSE);
                                   } else {
                                          PR_fprintf(PR_STDERR, "Cannot read data\n");
                                          return (-1);
                                   }
                            }

                            SEC_PKCS7DestroyContentInfo(cinfo);
                     } else
                            PR_fprintf(PR_STDERR, "Unable to decode PKCS7 data\n");
              }

              if (signver.commands[cmd_DisplayAllPCKS7Info].activated)
                     SV_PrintPKCS7ContentInfo(outFile, &data);

       /* Pretty print it */
       } else if (PL_strcmp(typeTag, SEC_CT_CERTIFICATE) == 0) {
              rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0,
                                                          SECU_PrintCertificate);
       } else if (PL_strcmp(typeTag, SEC_CT_CERTIFICATE_REQUEST) == 0) {
              rv = SECU_PrintSignedData(outFile, &data, "Certificate Request", 0,
                                                          SECU_PrintCertificateRequest);
       } else if (PL_strcmp (typeTag, SEC_CT_CRL) == 0) {
              rv = SECU_PrintSignedData (outFile, &data, "CRL", 0, SECU_PrintCrl);
#ifdef HAVE_EPK_TEMPLATE
       } else if (PL_strcmp(typeTag, SEC_CT_PRIVATE_KEY) == 0) {
              rv = SECU_PrintPrivateKey(outFile, &data, "Private Key", 0);
#endif
       } else if (PL_strcmp(typeTag, SEC_CT_PUBLIC_KEY) == 0) {
              rv = SECU_PrintPublicKey(outFile, &data, "Public Key", 0);
       } else if (PL_strcmp(typeTag, SEC_CT_PKCS7) == 0) {
              rv = SECU_PrintPKCS7ContentInfo(outFile, &data,
                                                                      "PKCS #7 Content Info", 0);
       } else {
              PR_fprintf(PR_STDERR, "%s: don't know how to print out '%s' files\n",
                               progName, typeTag);
              return -1;
       }

       if (rv) {
              PR_fprintf(PR_STDERR, "%s: problem converting data (%s)\n",
                               progName, SECU_ErrorString((int16)PORT_GetError()));
              return -1;
       }

       if (NSS_Shutdown() != SECSuccess) {
           exit(1);
       }

       return 0;
}

Here is the call graph for this function:

int SV_PrintPKCS7ContentInfo ( FILE ,
SECItem *   
)

Definition at line 878 of file pk7print.c.

{
    SEC_PKCS7ContentInfo *cinfo;
    int rv = -1;

    cinfo = SEC_PKCS7DecodeItem(der, NULL, NULL, NULL, NULL, NULL, NULL, NULL);

    if (cinfo != NULL) {
        rv = sv_PrintPKCS7ContentInfo(out, cinfo, "pkcs7.contentInfo=");
        SEC_PKCS7DestroyContentInfo(cinfo);
    }

    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void Usage ( char *  progName,
FILE outFile 
) [static]

Definition at line 73 of file signver.c.

{
       int i;
       fprintf(outFile, "Usage:  %s  options\n", progName);
       for (i = 0; i < nUsageInfo; i++)
              fprintf(outFile, "%s\n", usageInfo[i]);
       exit(-1);
}

Here is the call graph for this function:


Variable Documentation

int debugInfo = 0 [static]

Definition at line 52 of file signver.c.

int nUsageInfo = sizeof(usageInfo)/sizeof(char *) [static]

Definition at line 69 of file signver.c.

Initial value:
{
       {   'A', PR_FALSE, 0, PR_FALSE },
       {   'V', PR_FALSE, 0, PR_FALSE }
}

Definition at line 145 of file signver.c.

Initial value:
{
       {   'a', PR_FALSE, 0, PR_FALSE },
       {   'd', PR_TRUE,  0, PR_FALSE },
       {   'i', PR_TRUE,  0, PR_FALSE },
       {   'o', PR_TRUE,  0, PR_FALSE },
       {   's', PR_TRUE,  0, PR_FALSE },
       {   't', PR_TRUE,  0, PR_FALSE },
       {   'v', PR_FALSE, 0, PR_FALSE }
}

Definition at line 151 of file signver.c.

char* usageInfo[] [static]
Initial value:
 {
       "Options:",
       " -a                           signature file is ASCII",
       " -d certdir                   directory containing cert database",
       " -i dataFileName              input file name containing data,",
       "                              use - for stdin",
       " -s signatureFileName         input file name containing signature,",
       "                              use - for stdin",
       " -o outputFileName            output file name, default stdout",
       " -A                           display all information from pkcs #7",
       " -V                           verify the signed object and display result",
       " -V -v                        verify the signed object and display",
       "                              result and reason for failure",
       "Version 2.0"
}

Definition at line 54 of file signver.c.