mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Initial NSS Open Source checkin

This commit is contained in:
relyea%netscape.com 2000-03-31 20:13:40 +00:00
Родитель 393e009c85
Коммит 5dea64f5a5
570 изменённых файлов: 219090 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

116
security/nss/Makefile Normal file
Просмотреть файл

@ -0,0 +1,116 @@
#! gmake
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
nsm:: all
cd ssm/lib/protocol; gmake
cd ssm/server; gmake import; gmake
nsm_rebuild::
cd ssm/lib/protocol; gmake
cd ssm/ui; gmake
cd ssm/server; gmake import; gmake
nsm_protocol: all
cd ssm/lib/protocol; gmake
nsm_ui: all
cd ssm/ui; gmake
nsm_gromit: nsm_protocol
cd ssm/lib/client; gmake
cd ssm/nav/gromit; gmake
nsm_server: nsm_protocol nsm_ui
cd ssm/server; gmake import; gmake
coreconf_hack:
ifeq ($(OS_ARCH), SunOS)
ifeq ($(OS_RELEASE), 5.5.1)
gmake import IMPORTS=nspr20/v3.5.1-sol251 RELEASE_TREE=/h/tortoise/export/share/builds/components
endif
endif
cd ../coreconf; gmake
gmake import
nss_RelEng_bld: coreconf_hack
# gmake import; gmake
# cd ns/svrcore; gmake
gmake
nsm_RelEng_srvr_coreconf_import:
gmake import
nsm_RelEng_srvr_bld_Win: nsm_RelEng_srvr_coreconf_import nsm_server
nsm_RelEng_srvr_bld: coreconf_hack nsm_server

1
security/nss/cmd/.cvsignore Normal file
Просмотреть файл

@ -0,0 +1 @@
.gdbinit

182
security/nss/cmd/Makefile Normal file
Просмотреть файл

@ -0,0 +1,182 @@
#! gmake
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
CORE_DEPTH = ../..
DEPTH = ../..
include manifest.mn
include $(CORE_DEPTH)/coreconf/config.mk
# These sources were once in this directory, but now are gone.
MISSING_SOURCES = \
addcert.c \
berparse.c \
cert.c \
key.c \
key_rand.c \
keygen.c \
sec_fe.c \
sec_read.c \
secarb.c \
secutil.c \
$(NULL)
# we don't build these any more, but the sources are still here
OBSOLETE = \
berdec.c \
berdump.c \
cypher.c \
dumpcert.c \
listcerts.c \
mkdongle.c \
p12exprt.c \
p12imprt.c \
rc4.c \
sign.c \
unwrap.c \
vector.c \
verify.c \
wrap.c \
$(NULL)
# the base files for the executables
# hey -- keep these alphabetical, please
EXEC_SRCS = \
$(NULL)
# files that generate two separate objects and executables
# BI_SRCS = \
# keyutil.c \
# p7env.c \
# tstclnt.c \
# $(NULL)
# -I$(CORE_DEPTH)/security/lib/cert \
# -I$(CORE_DEPTH)/security/lib/key \
# -I$(CORE_DEPTH)/security/lib/util \
INCLUDES += \
-I$(DIST)/../public/security \
-I./include \
$(NULL)
TBD_DIRS = rsh rshd rdist ssld
# For the time being, sec stuff is export only
# US_FLAGS = -DEXPORT_VERSION -DUS_VERSION
US_FLAGS = -DEXPORT_VERSION
EXPORT_FLAGS = -DEXPORT_VERSION
BASE_LIBS = \
$(DIST)/lib/libdbm.a \
$(DIST)/lib/libxp.a \
$(DIST)/lib/libnspr.a \
$(NULL)
# $(DIST)/lib/libpurenspr.a \
#There is a circular dependancy in security/lib, and here is a gross fix
SEC_LIBS = \
$(DIST)/lib/libsecnav.a \
$(DIST)/lib/libssl.a \
$(DIST)/lib/libpkcs7.a \
$(DIST)/lib/libcert.a \
$(DIST)/lib/libkey.a \
$(DIST)/lib/libsecmod.a \
$(DIST)/lib/libcrypto.a \
$(DIST)/lib/libsecutil.a \
$(DIST)/lib/libssl.a \
$(DIST)/lib/libpkcs7.a \
$(DIST)/lib/libcert.a \
$(DIST)/lib/libkey.a \
$(DIST)/lib/libsecmod.a \
$(DIST)/lib/libcrypto.a \
$(DIST)/lib/libsecutil.a \
$(DIST)/lib/libhash.a \
$(NULL)
MYLIB = lib/$(OBJDIR)/libsectool.a
US_LIBS = $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS)
EX_LIBS = $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS)
REQUIRES = libxp nspr security
CSRCS = $(EXEC_SRCS) $(BI_SRCS)
OBJS = $(CSRCS:.c=.o) $(BI_SRCS:.c=-us.o) $(BI_SRCS:.c=-ex.o)
PROGS = $(addprefix $(OBJDIR)/, $(EXEC_SRCS:.c=$(BIN_SUFFIX)))
US_PROGS = $(addprefix $(OBJDIR)/, $(BI_SRCS:.c=-us$(BIN_SUFFIX)))
EX_PROGS = $(addprefix $(OBJDIR)/, $(BI_SRCS:.c=-ex$(BIN_SUFFIX)))
NON_DIRS = $(PROGS) $(US_PROGS) $(EX_PROGS)
TARGETS = $(NON_DIRS)
include $(CORE_DEPTH)/coreconf/rules.mk
ifneq ($(OS_ARCH),OS2)
$(OBJDIR)/%-us.o: %.c
@$(MAKE_OBJDIR)
$(CCF) -o $@ $(US_FLAGS) -c $*.c
$(OBJDIR)/%-ex.o: %.c
@$(MAKE_OBJDIR)
$(CCF) -o $@ $(EXPORT_FLAGS) -c $*.c
$(OBJDIR)/%.o: %.c
@$(MAKE_OBJDIR)
$(CCF) -o $@ $(EXPORT_FLAGS) -c $*.c
$(US_PROGS):$(OBJDIR)/%-us: $(OBJDIR)/%-us.o $(US_LIBS)
@$(MAKE_OBJDIR)
$(CCF) -o $@ $(OBJDIR)/$*-us.o $(LDFLAGS) $(US_LIBS) $(OS_LIBS)
$(EX_PROGS):$(OBJDIR)/%-ex: $(OBJDIR)/%-ex.o $(EX_LIBS)
@$(MAKE_OBJDIR)
$(CCF) -o $@ $(OBJDIR)/$*-ex.o $(LDFLAGS) $(EX_LIBS) $(OS_LIBS)
$(PROGS):$(OBJDIR)/%: $(OBJDIR)/%.o $(EX_LIBS)
@$(MAKE_OBJDIR)
$(CCF) -o $@ $@.o $(LDFLAGS) $(EX_LIBS) $(OS_LIBS)
#install:: $(TARGETS)
# $(INSTALL) $(TARGETS) $(DIST)/bin
endif
symbols::
@echo "TARGETS = $(TARGETS)"

44
security/nss/cmd/SSLsample/Makefile Normal file
Просмотреть файл

@ -0,0 +1,44 @@
#! gmake
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
# do these once for each target program
all default export libs program install release_export::
$(MAKE) -f make.client $@
$(MAKE) -f make.server $@
# only do these things once for the whole directory
depend dependclean clean clobber release_classes release_clean release_cpdistdir release_export release_jars release_md release_policy show::
$(MAKE) -f make.client $@

58
security/nss/cmd/SSLsample/Makefile.NSS Normal file
Просмотреть файл

@ -0,0 +1,58 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
ARCH := $(shell uname)
ifeq ($(ARCH), SunOS)
DEFINES = -KPIC -DSVR4 -DSOLARIS -DSYSV -D__svr4 -D__svr4__ \
-D_REENTRANT -DSOLARIS2_5 -D_SVID_GETTOD -DXP_UNIX -UDEBUG -DNDEBUG \
-D_PR_GLOBAL_THREADS_ONLY -DXP_UNIX
INCPATH = -I. -I../include/dbm -I../include/nspr -I../include/security
LIBPATH = -L../lib
LIBS = -lnss -lssl -lpkcs7 -lpkcs12 -lsecmod -lcert -lkey \
-lcrypto -lsecutil -lhash -ldbm -lplc4 -lplds4 -lnspr4 -lsocket -lnsl
CFLAGS = -g
CC = cc
endif # SunOS
# The rules to build the sample apps appear below.
server:
$(CC) $(CFLAGS) $@.c -o $@ $(DEFINES) $(INCPATH) $(LIBPATH) $(LIBS)
client:
$(CC) $(CFLAGS) $@.c -o $@ $(DEFINES) $(INCPATH) $(LIBPATH) $(LIBS)
clean:
rm -fr server client server.o client.o

133
security/nss/cmd/SSLsample/NSPRerrs.h Normal file
Просмотреть файл

@ -0,0 +1,133 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
/* General NSPR 2.0 errors */
/* Caller must #include "prerror.h" */
ER2( PR_OUT_OF_MEMORY_ERROR, "Memory allocation attempt failed." )
ER2( PR_BAD_DESCRIPTOR_ERROR, "Invalid file descriptor." )
ER2( PR_WOULD_BLOCK_ERROR, "The operation would have blocked." )
ER2( PR_ACCESS_FAULT_ERROR, "Invalid memory address argument." )
ER2( PR_INVALID_METHOD_ERROR, "Invalid function for file type." )
ER2( PR_ILLEGAL_ACCESS_ERROR, "Invalid memory address argument." )
ER2( PR_UNKNOWN_ERROR, "Some unknown error has occurred." )
ER2( PR_PENDING_INTERRUPT_ERROR,"Operation interrupted by another thread." )
ER2( PR_NOT_IMPLEMENTED_ERROR, "function not implemented." )
ER2( PR_IO_ERROR, "I/O function error." )
ER2( PR_IO_TIMEOUT_ERROR, "I/O operation timed out." )
ER2( PR_IO_PENDING_ERROR, "I/O operation on busy file descriptor." )
ER2( PR_DIRECTORY_OPEN_ERROR, "The directory could not be opened." )
ER2( PR_INVALID_ARGUMENT_ERROR, "Invalid function argument." )
ER2( PR_ADDRESS_NOT_AVAILABLE_ERROR, "Network address not available (in use?)." )
ER2( PR_ADDRESS_NOT_SUPPORTED_ERROR, "Network address type not supported." )
ER2( PR_IS_CONNECTED_ERROR, "Already connected." )
ER2( PR_BAD_ADDRESS_ERROR, "Network address is invalid." )
ER2( PR_ADDRESS_IN_USE_ERROR, "Local Network address is in use." )
ER2( PR_CONNECT_REFUSED_ERROR, "Connection refused by peer." )
ER2( PR_NETWORK_UNREACHABLE_ERROR, "Network address is presently unreachable." )
ER2( PR_CONNECT_TIMEOUT_ERROR, "Connection attempt timed out." )
ER2( PR_NOT_CONNECTED_ERROR, "Network file descriptor is not connected." )
ER2( PR_LOAD_LIBRARY_ERROR, "Failure to load dynamic library." )
ER2( PR_UNLOAD_LIBRARY_ERROR, "Failure to unload dynamic library." )
ER2( PR_FIND_SYMBOL_ERROR,
"Symbol not found in any of the loaded dynamic libraries." )
ER2( PR_INSUFFICIENT_RESOURCES_ERROR, "Insufficient system resources." )
ER2( PR_DIRECTORY_LOOKUP_ERROR,
"A directory lookup on a network address has failed." )
ER2( PR_TPD_RANGE_ERROR,
"Attempt to access a TPD key that is out of range." )
ER2( PR_PROC_DESC_TABLE_FULL_ERROR, "Process open FD table is full." )
ER2( PR_SYS_DESC_TABLE_FULL_ERROR, "System open FD table is full." )
ER2( PR_NOT_SOCKET_ERROR,
"Network operation attempted on non-network file descriptor." )
ER2( PR_NOT_TCP_SOCKET_ERROR,
"TCP-specific function attempted on a non-TCP file descriptor." )
ER2( PR_SOCKET_ADDRESS_IS_BOUND_ERROR, "TCP file descriptor is already bound." )
ER2( PR_NO_ACCESS_RIGHTS_ERROR, "Access Denied." )
ER2( PR_OPERATION_NOT_SUPPORTED_ERROR,
"The requested operation is not supported by the platform." )
ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR,
"The host operating system does not support the protocol requested." )
ER2( PR_REMOTE_FILE_ERROR, "Access to the remote file has been severed." )
ER2( PR_BUFFER_OVERFLOW_ERROR,
"The value requested is too large to be stored in the data buffer provided." )
ER2( PR_CONNECT_RESET_ERROR, "TCP connection reset by peer." )
ER2( PR_RANGE_ERROR, "Unused." )
ER2( PR_DEADLOCK_ERROR, "The operation would have deadlocked." )
ER2( PR_FILE_IS_LOCKED_ERROR, "The file is already locked." )
ER2( PR_FILE_TOO_BIG_ERROR,
"Write would result in file larger than the system allows." )
ER2( PR_NO_DEVICE_SPACE_ERROR, "The device for storing the file is full." )
ER2( PR_PIPE_ERROR, "Unused." )
ER2( PR_NO_SEEK_DEVICE_ERROR, "Unused." )
ER2( PR_IS_DIRECTORY_ERROR,
"Cannot perform a normal file operation on a directory." )
ER2( PR_LOOP_ERROR, "Symbolic link loop." )
ER2( PR_NAME_TOO_LONG_ERROR, "File name is too long." )
ER2( PR_FILE_NOT_FOUND_ERROR, "File not found." )
ER2( PR_NOT_DIRECTORY_ERROR,
"Cannot perform directory operation on a normal file." )
ER2( PR_READ_ONLY_FILESYSTEM_ERROR,
"Cannot write to a read-only file system." )
ER2( PR_DIRECTORY_NOT_EMPTY_ERROR,
"Cannot delete a directory that is not empty." )
ER2( PR_FILESYSTEM_MOUNTED_ERROR,
"Cannot delete or rename a file object while the file system is busy." )
ER2( PR_NOT_SAME_DEVICE_ERROR,
"Cannot rename a file to a file system on another device." )
ER2( PR_DIRECTORY_CORRUPTED_ERROR,
"The directory object in the file system is corrupted." )
ER2( PR_FILE_EXISTS_ERROR,
"Cannot create or rename a filename that already exists." )
ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR,
"Directory is full. No additional filenames may be added." )
ER2( PR_INVALID_DEVICE_STATE_ERROR,
"The required device was in an invalid state." )
ER2( PR_DEVICE_IS_LOCKED_ERROR, "The device is locked." )
ER2( PR_NO_MORE_FILES_ERROR, "No more entries in the directory." )
ER2( PR_END_OF_FILE_ERROR, "Encountered end of file." )
ER2( PR_FILE_SEEK_ERROR, "Seek error." )
ER2( PR_FILE_IS_BUSY_ERROR, "The file is busy." )
ER2( PR_IN_PROGRESS_ERROR,
"Operation is still in progress (probably a non-blocking connect)." )
ER2( PR_ALREADY_INITIATED_ERROR,
"Operation has already been initiated (probably a non-blocking connect)." )
#ifdef PR_GROUP_EMPTY_ERROR
ER2( PR_GROUP_EMPTY_ERROR, "The wait group is empty." )
#endif
#ifdef PR_INVALID_STATE_ERROR
ER2( PR_INVALID_STATE_ERROR, "Object state improper for request." )
#endif
ER2( PR_MAX_ERROR, "Placeholder for the end of the list" )

43
security/nss/cmd/SSLsample/README Normal file
Просмотреть файл

@ -0,0 +1,43 @@
These sample programs can be built in either of two ways:
1) is the NSS source tree, using the coreconf build system, and
2) stand alone (as part of the NSS distribution).
The following makefiles are used only when building in the NSS source tree
using coreconf. These are NOT part of the distribution.
Makefile
client.mn
server.mn
config.mk
make.client
make.server
The following makefiles are used only when building in the NSS distribution.
These files are part of the distribution.
Makefile.NSS
nmakefile95.nss
nmakefilent.nss
The following source files are common to both build environments and are
part of the distribution.
NSPRerrs.h
SECerrs.h
SSLerrs.h
client.c
getopt.c
server.c
sslerror.h
In the NSS 2.0 distribution, the sample code and makefiles are in a
directory named "samples". The directories relevant to building
in the distributed tree are:
./samples
./include/dbm
./include/nspr
./include/security
./lib

441
security/nss/cmd/SSLsample/SECerrs.h Normal file
Просмотреть файл

@ -0,0 +1,441 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
/* General security error codes */
/* Caller must #include "secerr.h" */
ER3(SEC_ERROR_IO, SEC_ERROR_BASE + 0,
"An I/O error occurred during security authorization.")
ER3(SEC_ERROR_LIBRARY_FAILURE, SEC_ERROR_BASE + 1,
"security library failure.")
ER3(SEC_ERROR_BAD_DATA, SEC_ERROR_BASE + 2,
"security library: received bad data.")
ER3(SEC_ERROR_OUTPUT_LEN, SEC_ERROR_BASE + 3,
"security library: output length error.")
ER3(SEC_ERROR_INPUT_LEN, SEC_ERROR_BASE + 4,
"security library has experienced an input length error.")
ER3(SEC_ERROR_INVALID_ARGS, SEC_ERROR_BASE + 5,
"security library: invalid arguments.")
ER3(SEC_ERROR_INVALID_ALGORITHM, SEC_ERROR_BASE + 6,
"security library: invalid algorithm.")
ER3(SEC_ERROR_INVALID_AVA, SEC_ERROR_BASE + 7,
"security library: invalid AVA.")
ER3(SEC_ERROR_INVALID_TIME, SEC_ERROR_BASE + 8,
"Improperly formatted time string.")
ER3(SEC_ERROR_BAD_DER, SEC_ERROR_BASE + 9,
"security library: improperly formatted DER-encoded message.")
ER3(SEC_ERROR_BAD_SIGNATURE, SEC_ERROR_BASE + 10,
"Peer's certificate has an invalid signature.")
ER3(SEC_ERROR_EXPIRED_CERTIFICATE, SEC_ERROR_BASE + 11,
"Peer's Certificate has expired.")
ER3(SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_BASE + 12,
"Peer's Certificate has been revoked.")
ER3(SEC_ERROR_UNKNOWN_ISSUER, SEC_ERROR_BASE + 13,
"Peer's Certificate issuer is not recognized.")
ER3(SEC_ERROR_BAD_KEY, SEC_ERROR_BASE + 14,
"Peer's public key is invalid.")
ER3(SEC_ERROR_BAD_PASSWORD, SEC_ERROR_BASE + 15,
"The security password entered is incorrect.")
ER3(SEC_ERROR_RETRY_PASSWORD, SEC_ERROR_BASE + 16,
"New password entered incorrectly. Please try again.")
ER3(SEC_ERROR_NO_NODELOCK, SEC_ERROR_BASE + 17,
"security library: no nodelock.")
ER3(SEC_ERROR_BAD_DATABASE, SEC_ERROR_BASE + 18,
"security library: bad database.")
ER3(SEC_ERROR_NO_MEMORY, SEC_ERROR_BASE + 19,
"security library: memory allocation failure.")
ER3(SEC_ERROR_UNTRUSTED_ISSUER, SEC_ERROR_BASE + 20,
"Peer's certificate issuer has been marked as not trusted by the user.")
ER3(SEC_ERROR_UNTRUSTED_CERT, SEC_ERROR_BASE + 21,
"Peer's certificate has been marked as not trusted by the user.")
ER3(SEC_ERROR_DUPLICATE_CERT, (SEC_ERROR_BASE + 22),
"Certificate already exists in your database.")
ER3(SEC_ERROR_DUPLICATE_CERT_NAME, (SEC_ERROR_BASE + 23),
"Downloaded certificate's name duplicates one already in your database.")
ER3(SEC_ERROR_ADDING_CERT, (SEC_ERROR_BASE + 24),
"Error adding certificate to database.")
ER3(SEC_ERROR_FILING_KEY, (SEC_ERROR_BASE + 25),
"Error refiling the key for this certificate.")
ER3(SEC_ERROR_NO_KEY, (SEC_ERROR_BASE + 26),
"The private key for this certificate cannot be found in key database")
ER3(SEC_ERROR_CERT_VALID, (SEC_ERROR_BASE + 27),
"This certificate is valid.")
ER3(SEC_ERROR_CERT_NOT_VALID, (SEC_ERROR_BASE + 28),
"This certificate is not valid.")
ER3(SEC_ERROR_CERT_NO_RESPONSE, (SEC_ERROR_BASE + 29),
"Cert Library: No Response")
ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, (SEC_ERROR_BASE + 30),
"The certificate issuer's certificate has expired. Check your system date and time.")
ER3(SEC_ERROR_CRL_EXPIRED, (SEC_ERROR_BASE + 31),
"The CRL for the certificate's issuer has expired. Update it or check your system data and time.")
ER3(SEC_ERROR_CRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 32),
"The CRL for the certificate's issuer has an invalid signature.")
ER3(SEC_ERROR_CRL_INVALID, (SEC_ERROR_BASE + 33),
"New CRL has an invalid format.")
ER3(SEC_ERROR_EXTENSION_VALUE_INVALID, (SEC_ERROR_BASE + 34),
"Certificate extension value is invalid.")
ER3(SEC_ERROR_EXTENSION_NOT_FOUND, (SEC_ERROR_BASE + 35),
"Certificate extension not found.")
ER3(SEC_ERROR_CA_CERT_INVALID, (SEC_ERROR_BASE + 36),
"Issuer certificate is invalid.")
ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID, (SEC_ERROR_BASE + 37),
"Certificate path length constraint is invalid.")
ER3(SEC_ERROR_CERT_USAGES_INVALID, (SEC_ERROR_BASE + 38),
"Certificate usages field is invalid.")
ER3(SEC_INTERNAL_ONLY, (SEC_ERROR_BASE + 39),
"**Internal ONLY module**")
ER3(SEC_ERROR_INVALID_KEY, (SEC_ERROR_BASE + 40),
"The key does not support the requested operation.")
ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 41),
"Certificate contains unknown critical extension.")
ER3(SEC_ERROR_OLD_CRL, (SEC_ERROR_BASE + 42),
"New CRL is not later than the current one.")
ER3(SEC_ERROR_NO_EMAIL_CERT, (SEC_ERROR_BASE + 43),
"Not encrypted or signed: you do not yet have an email certificate.")
ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY, (SEC_ERROR_BASE + 44),
"Not encrypted: you do not have certificates for each of the recipients.")
ER3(SEC_ERROR_NOT_A_RECIPIENT, (SEC_ERROR_BASE + 45),
"Cannot decrypt: you are not a recipient, or matching certificate and \
private key not found.")
ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH, (SEC_ERROR_BASE + 46),
"Cannot decrypt: key encryption algorithm does not match your certificate.")
ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE, (SEC_ERROR_BASE + 47),
"Signature verification failed: no signer found, too many signers found, \
or improper or corrupted data.")
ER3(SEC_ERROR_UNSUPPORTED_KEYALG, (SEC_ERROR_BASE + 48),
"Unsupported or unknown key algorithm.")
ER3(SEC_ERROR_DECRYPTION_DISALLOWED, (SEC_ERROR_BASE + 49),
"Cannot decrypt: encrypted using a disallowed algorithm or key size.")
/* Fortezza Alerts */
ER3(XP_SEC_FORTEZZA_BAD_CARD, (SEC_ERROR_BASE + 50),
"Fortezza card has not been properly initialized. \
Please remove it and return it to your issuer.")
ER3(XP_SEC_FORTEZZA_NO_CARD, (SEC_ERROR_BASE + 51),
"No Fortezza cards Found")
ER3(XP_SEC_FORTEZZA_NONE_SELECTED, (SEC_ERROR_BASE + 52),
"No Fortezza card selected")
ER3(XP_SEC_FORTEZZA_MORE_INFO, (SEC_ERROR_BASE + 53),
"Please select a personality to get more info on")
ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND, (SEC_ERROR_BASE + 54),
"Personality not found")
ER3(XP_SEC_FORTEZZA_NO_MORE_INFO, (SEC_ERROR_BASE + 55),
"No more information on that Personality")
ER3(XP_SEC_FORTEZZA_BAD_PIN, (SEC_ERROR_BASE + 56),
"Invalid Pin")
ER3(XP_SEC_FORTEZZA_PERSON_ERROR, (SEC_ERROR_BASE + 57),
"Couldn't initialize Fortezza personalities.")
/* end fortezza alerts. */
ER3(SEC_ERROR_NO_KRL, (SEC_ERROR_BASE + 58),
"No KRL for this site's certificate has been found.")
ER3(SEC_ERROR_KRL_EXPIRED, (SEC_ERROR_BASE + 59),
"The KRL for this site's certificate has expired.")
ER3(SEC_ERROR_KRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 60),
"The KRL for this site's certificate has an invalid signature.")
ER3(SEC_ERROR_REVOKED_KEY, (SEC_ERROR_BASE + 61),
"The key for this site's certificate has been revoked.")
ER3(SEC_ERROR_KRL_INVALID, (SEC_ERROR_BASE + 62),
"New KRL has an invalid format.")
ER3(SEC_ERROR_NEED_RANDOM, (SEC_ERROR_BASE + 63),
"security library: need random data.")
ER3(SEC_ERROR_NO_MODULE, (SEC_ERROR_BASE + 64),
"security library: no security module can perform the requested operation.")
ER3(SEC_ERROR_NO_TOKEN, (SEC_ERROR_BASE + 65),
"The security card or token does not exist, needs to be initialized, or has been removed.")
ER3(SEC_ERROR_READ_ONLY, (SEC_ERROR_BASE + 66),
"security library: read-only database.")
ER3(SEC_ERROR_NO_SLOT_SELECTED, (SEC_ERROR_BASE + 67),
"No slot or token was selected.")
ER3(SEC_ERROR_CERT_NICKNAME_COLLISION, (SEC_ERROR_BASE + 68),
"A certificate with the same nickname already exists.")
ER3(SEC_ERROR_KEY_NICKNAME_COLLISION, (SEC_ERROR_BASE + 69),
"A key with the same nickname already exists.")
ER3(SEC_ERROR_SAFE_NOT_CREATED, (SEC_ERROR_BASE + 70),
"error while creating safe object")
ER3(SEC_ERROR_BAGGAGE_NOT_CREATED, (SEC_ERROR_BASE + 71),
"error while creating baggage object")
ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR, (SEC_ERROR_BASE + 72),
"Couldn't remove the principal")
ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR, (SEC_ERROR_BASE + 73),
"Couldn't delete the privilege")
ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR, (SEC_ERROR_BASE + 74),
"This principal doesn't have a certificate")
ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM, (SEC_ERROR_BASE + 75),
"Required algorithm is not allowed.")
ER3(SEC_ERROR_EXPORTING_CERTIFICATES, (SEC_ERROR_BASE + 76),
"Error attempting to export certificates.")
ER3(SEC_ERROR_IMPORTING_CERTIFICATES, (SEC_ERROR_BASE + 77),
"Error attempting to import certificates.")
ER3(SEC_ERROR_PKCS12_DECODING_PFX, (SEC_ERROR_BASE + 78),
"Unable to import. Decoding error. File not valid.")
ER3(SEC_ERROR_PKCS12_INVALID_MAC, (SEC_ERROR_BASE + 79),
"Unable to import. Invalid MAC. Incorrect password or corrupt file.")
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM, (SEC_ERROR_BASE + 80),
"Unable to import. MAC algorithm not supported.")
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE,(SEC_ERROR_BASE + 81),
"Unable to import. Only password integrity and privacy modes supported.")
ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE, (SEC_ERROR_BASE + 82),
"Unable to import. File structure is corrupt.")
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM, (SEC_ERROR_BASE + 83),
"Unable to import. Encryption algorithm not supported.")
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION, (SEC_ERROR_BASE + 84),
"Unable to import. File version not supported.")
ER3(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT,(SEC_ERROR_BASE + 85),
"Unable to import. Incorrect privacy password.")
ER3(SEC_ERROR_PKCS12_CERT_COLLISION, (SEC_ERROR_BASE + 86),
"Unable to import. Same nickname already exists in database.")
ER3(SEC_ERROR_USER_CANCELLED, (SEC_ERROR_BASE + 87),
"The user pressed cancel.")
ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA, (SEC_ERROR_BASE + 88),
"Not imported, already in database.")
ER3(SEC_ERROR_MESSAGE_SEND_ABORTED, (SEC_ERROR_BASE + 89),
"Message not sent.")
ER3(SEC_ERROR_INADEQUATE_KEY_USAGE, (SEC_ERROR_BASE + 90),
"Certificate key usage inadequate for attempted operation.")
ER3(SEC_ERROR_INADEQUATE_CERT_TYPE, (SEC_ERROR_BASE + 91),
"Certificate type not approved for application.")
ER3(SEC_ERROR_CERT_ADDR_MISMATCH, (SEC_ERROR_BASE + 92),
"Address in signing certificate does not match address in message headers.")
ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY, (SEC_ERROR_BASE + 93),
"Unable to import. Error attempting to import private key.")
ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN, (SEC_ERROR_BASE + 94),
"Unable to import. Error attempting to import certificate chain.")
ER3(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME, (SEC_ERROR_BASE + 95),
"Unable to export. Unable to locate certificate or key by nickname.")
ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY, (SEC_ERROR_BASE + 96),
"Unable to export. Private Key could not be located and exported.")
ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, (SEC_ERROR_BASE + 97),
"Unable to export. Unable to write the export file.")
ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ, (SEC_ERROR_BASE + 98),
"Unable to import. Unable to read the import file.")
ER3(SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED, (SEC_ERROR_BASE + 99),
"Unable to export. Key database corrupt or deleted.")
ER3(SEC_ERROR_KEYGEN_FAIL, (SEC_ERROR_BASE + 100),
"Unable to generate public/private key pair.")
ER3(SEC_ERROR_INVALID_PASSWORD, (SEC_ERROR_BASE + 101),
"Password entered is invalid. Please pick a different one.")
ER3(SEC_ERROR_RETRY_OLD_PASSWORD, (SEC_ERROR_BASE + 102),
"Old password entered incorrectly. Please try again.")
ER3(SEC_ERROR_BAD_NICKNAME, (SEC_ERROR_BASE + 103),
"Certificate nickname already in use.")
ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER, (SEC_ERROR_BASE + 104),
"Peer FORTEZZA chain has a non-FORTEZZA Certificate.")
/* ER3(SEC_ERROR_UNKNOWN, (SEC_ERROR_BASE + 105), */
ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, (SEC_ERROR_BASE + 106),
"Invalid module name.")
ER3(SEC_ERROR_JS_INVALID_DLL, (SEC_ERROR_BASE + 107),
"Invalid module path/filename")
ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, (SEC_ERROR_BASE + 108),
"Unable to add module")
ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, (SEC_ERROR_BASE + 109),
"Unable to delete module")
ER3(SEC_ERROR_OLD_KRL, (SEC_ERROR_BASE + 110),
"New KRL is not later than the current one.")
ER3(SEC_ERROR_CKL_CONFLICT, (SEC_ERROR_BASE + 111),
"New CKL has different issuer than current CKL. Delete current CKL.")
ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, (SEC_ERROR_BASE + 112),
"The Certifying Authority for this certificate is not permitted to issue a \
certificate with this name.")
ER3(SEC_ERROR_KRL_NOT_YET_VALID, (SEC_ERROR_BASE + 113),
"The key revocation list for this certificate is not yet valid.")
ER3(SEC_ERROR_CRL_NOT_YET_VALID, (SEC_ERROR_BASE + 114),
"The certificate revocation list for this certificate is not yet valid.")
ER3(SEC_ERROR_UNKNOWN_CERT, (SEC_ERROR_BASE + 115),
"The requested certificate could not be found.")
ER3(SEC_ERROR_UNKNOWN_SIGNER, (SEC_ERROR_BASE + 116),
"The signer's certificate could not be found.")
ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, (SEC_ERROR_BASE + 117),
"The location for the certificate status server has invalid format.")
ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE, (SEC_ERROR_BASE + 118),
"The OCSP response cannot be fully decoded; it is of an unknown type.")
ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 119),
"The OCSP server returned unexpected/invalid HTTP data.")
ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST, (SEC_ERROR_BASE + 120),
"The OCSP server found the request to be corrupted or improperly formed.")
ER3(SEC_ERROR_OCSP_SERVER_ERROR, (SEC_ERROR_BASE + 121),
"The OCSP server experienced an internal error.")
ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER, (SEC_ERROR_BASE + 122),
"The OCSP server suggests trying again later.")
ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, (SEC_ERROR_BASE + 123),
"The OCSP server requires a signature on this request.")
ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, (SEC_ERROR_BASE + 124),
"The OCSP server has refused this request as unauthorized.")
ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, (SEC_ERROR_BASE + 125),
"The OCSP server returned an unrecognizable status.")
ER3(SEC_ERROR_OCSP_UNKNOWN_CERT, (SEC_ERROR_BASE + 126),
"The OCSP server has no status for the certificate.")
ER3(SEC_ERROR_OCSP_NOT_ENABLED, (SEC_ERROR_BASE + 127),
"You must enable OCSP before performing this operation.")
ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER, (SEC_ERROR_BASE + 128),
"You must set the OCSP default responder before performing this operation.")
ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE, (SEC_ERROR_BASE + 129),
"The response from the OCSP server was corrupted or improperly formed.")
ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE, (SEC_ERROR_BASE + 130),
"The signer of the OCSP response is not authorized to give status for \
this certificate.")
ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE, (SEC_ERROR_BASE + 131),
"The OCSP response is not yet valid (contains a date in the future).")
ER3(SEC_ERROR_OCSP_OLD_RESPONSE, (SEC_ERROR_BASE + 132),
"The OCSP response contains out-of-date information.")

366
security/nss/cmd/SSLsample/SSLerrs.h Normal file
Просмотреть файл

@ -0,0 +1,366 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
/* SSL-specific security error codes */
/* caller must include "sslerr.h" */
ER3(SSL_ERROR_EXPORT_ONLY_SERVER, SSL_ERROR_BASE + 0,
"Unable to communicate securely. Peer does not support high-grade encryption.")
ER3(SSL_ERROR_US_ONLY_SERVER, SSL_ERROR_BASE + 1,
"Unable to communicate securely. Peer requires high-grade encryption which is not supported.")
ER3(SSL_ERROR_NO_CYPHER_OVERLAP, SSL_ERROR_BASE + 2,
"Cannot communicate securely with peer: no common encryption algorithm(s).")
ER3(SSL_ERROR_NO_CERTIFICATE, SSL_ERROR_BASE + 3,
"Unable to find the certificate or key necessary for authentication.")
ER3(SSL_ERROR_BAD_CERTIFICATE, SSL_ERROR_BASE + 4,
"Unable to communicate securely with peer: peers's certificate was rejected.")
/* unused (SSL_ERROR_BASE + 5),*/
ER3(SSL_ERROR_BAD_CLIENT, SSL_ERROR_BASE + 6,
"The server has encountered bad data from the client.")
ER3(SSL_ERROR_BAD_SERVER, SSL_ERROR_BASE + 7,
"The client has encountered bad data from the server.")
ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE, SSL_ERROR_BASE + 8,
"Unsupported certificate type.")
ER3(SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_BASE + 9,
"Peer using unsupported version of security protocol.")
/* unused (SSL_ERROR_BASE + 10),*/
ER3(SSL_ERROR_WRONG_CERTIFICATE, SSL_ERROR_BASE + 11,
"Client authentication failed: private key in key database does not match public key in certificate database.")
ER3(SSL_ERROR_BAD_CERT_DOMAIN, SSL_ERROR_BASE + 12,
"Unable to communicate securely with peer: requested domain name does not match the server's certificate.")
/* SSL_ERROR_POST_WARNING (SSL_ERROR_BASE + 13),
defined in sslerr.h
*/
ER3(SSL_ERROR_SSL2_DISABLED, (SSL_ERROR_BASE + 14),
"Peer only supports SSL version 2, which is locally disabled.")
ER3(SSL_ERROR_BAD_MAC_READ, (SSL_ERROR_BASE + 15),
"SSL received a record with an incorrect Message Authentication Code.")
ER3(SSL_ERROR_BAD_MAC_ALERT, (SSL_ERROR_BASE + 16),
"SSL peer reports incorrect Message Authentication Code.")
ER3(SSL_ERROR_BAD_CERT_ALERT, (SSL_ERROR_BASE + 17),
"SSL peer cannot verify your certificate.")
ER3(SSL_ERROR_REVOKED_CERT_ALERT, (SSL_ERROR_BASE + 18),
"SSL peer rejected your certificate as revoked.")
ER3(SSL_ERROR_EXPIRED_CERT_ALERT, (SSL_ERROR_BASE + 19),
"SSL peer rejected your certificate as expired.")
ER3(SSL_ERROR_SSL_DISABLED, (SSL_ERROR_BASE + 20),
"Cannot connect: SSL is disabled.")
ER3(SSL_ERROR_FORTEZZA_PQG, (SSL_ERROR_BASE + 21),
"Cannot connect: SSL peer is in another FORTEZZA domain.")
ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE , (SSL_ERROR_BASE + 22),
"An unknown SSL cipher suite has been requested.")
ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED , (SSL_ERROR_BASE + 23),
"No cipher suites are present and enabled in this program.")
ER3(SSL_ERROR_BAD_BLOCK_PADDING , (SSL_ERROR_BASE + 24),
"SSL received a record with bad block padding.")
ER3(SSL_ERROR_RX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 25),
"SSL received a record that exceeded the maximum permissible length.")
ER3(SSL_ERROR_TX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 26),
"SSL attempted to send a record that exceeded the maximum permissible length.")
/*
* Received a malformed (too long or short or invalid content) SSL handshake.
*/
ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST , (SSL_ERROR_BASE + 27),
"SSL received a malformed Hello Request handshake message.")
ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO , (SSL_ERROR_BASE + 28),
"SSL received a malformed Client Hello handshake message.")
ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO , (SSL_ERROR_BASE + 29),
"SSL received a malformed Server Hello handshake message.")
ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE , (SSL_ERROR_BASE + 30),
"SSL received a malformed Certificate handshake message.")
ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 31),
"SSL received a malformed Server Key Exchange handshake message.")
ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST , (SSL_ERROR_BASE + 32),
"SSL received a malformed Certificate Request handshake message.")
ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE , (SSL_ERROR_BASE + 33),
"SSL received a malformed Server Hello Done handshake message.")
ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY , (SSL_ERROR_BASE + 34),
"SSL received a malformed Certificate Verify handshake message.")
ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 35),
"SSL received a malformed Client Key Exchange handshake message.")
ER3(SSL_ERROR_RX_MALFORMED_FINISHED , (SSL_ERROR_BASE + 36),
"SSL received a malformed Finished handshake message.")
/*
* Received a malformed (too long or short) SSL record.
*/
ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER , (SSL_ERROR_BASE + 37),
"SSL received a malformed Change Cipher Spec record.")
ER3(SSL_ERROR_RX_MALFORMED_ALERT , (SSL_ERROR_BASE + 38),
"SSL received a malformed Alert record.")
ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE , (SSL_ERROR_BASE + 39),
"SSL received a malformed Handshake record.")
ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA , (SSL_ERROR_BASE + 40),
"SSL received a malformed Application Data record.")
/*
* Received an SSL handshake that was inappropriate for the state we're in.
* E.g. Server received message from server, or wrong state in state machine.
*/
ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST , (SSL_ERROR_BASE + 41),
"SSL received an unexpected Hello Request handshake message.")
ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO , (SSL_ERROR_BASE + 42),
"SSL received an unexpected Client Hello handshake message.")
ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO , (SSL_ERROR_BASE + 43),
"SSL received an unexpected Server Hello handshake message.")
ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE , (SSL_ERROR_BASE + 44),
"SSL received an unexpected Certificate handshake message.")
ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 45),
"SSL received an unexpected Server Key Exchange handshake message.")
ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST , (SSL_ERROR_BASE + 46),
"SSL received an unexpected Certificate Request handshake message.")
ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE , (SSL_ERROR_BASE + 47),
"SSL received an unexpected Server Hello Done handshake message.")
ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY , (SSL_ERROR_BASE + 48),
"SSL received an unexpected Certificate Verify handshake message.")
ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 49),
"SSL received an unexpected Cllient Key Exchange handshake message.")
ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED , (SSL_ERROR_BASE + 50),
"SSL received an unexpected Finished handshake message.")
/*
* Received an SSL record that was inappropriate for the state we're in.
*/
ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER , (SSL_ERROR_BASE + 51),
"SSL received an unexpected Change Cipher Spec record.")
ER3(SSL_ERROR_RX_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 52),
"SSL received an unexpected Alert record.")
ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE , (SSL_ERROR_BASE + 53),
"SSL received an unexpected Handshake record.")
ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54),
"SSL received an unexpected Application Data record.")
/*
* Received record/message with unknown discriminant.
*/
ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE , (SSL_ERROR_BASE + 55),
"SSL received a record with an unknown content type.")
ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE , (SSL_ERROR_BASE + 56),
"SSL received a handshake message with an unknown message type.")
ER3(SSL_ERROR_RX_UNKNOWN_ALERT , (SSL_ERROR_BASE + 57),
"SSL received an alert record with an unknown alert description.")
/*
* Received an alert reporting what we did wrong. (more alerts above)
*/
ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT , (SSL_ERROR_BASE + 58),
"SSL peer has closed this connection.")
ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 59),
"SSL peer was not expecting a handshake message it received.")
ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT , (SSL_ERROR_BASE + 60),
"SSL peer was unable to succesfully decompress an SSL record it received.")
ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT , (SSL_ERROR_BASE + 61),
"SSL peer was unable to negotiate an acceptable set of security parameters.")
ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT , (SSL_ERROR_BASE + 62),
"SSL peer rejected a handshake message for unacceptable content.")
ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT , (SSL_ERROR_BASE + 63),
"SSL peer does not support certificates of the type it received.")
ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT , (SSL_ERROR_BASE + 64),
"SSL peer had some unspecified issue with the certificate it received.")
ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE , (SSL_ERROR_BASE + 65),
"SSL experienced a failure of its random number generator.")
ER3(SSL_ERROR_SIGN_HASHES_FAILURE , (SSL_ERROR_BASE + 66),
"Unable to digitally sign data required to verify your certificate.")
ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE , (SSL_ERROR_BASE + 67),
"SSL was unable to extract the public key from the peer's certificate.")
ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 68),
"Unspecified failure while processing SSL Server Key Exchange handshake.")
ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 69),
"Unspecified failure while processing SSL Client Key Exchange handshake.")
ER3(SSL_ERROR_ENCRYPTION_FAILURE , (SSL_ERROR_BASE + 70),
"Bulk data encryption algorithm failed in selected cipher suite.")
ER3(SSL_ERROR_DECRYPTION_FAILURE , (SSL_ERROR_BASE + 71),
"Bulk data decryption algorithm failed in selected cipher suite.")
ER3(SSL_ERROR_SOCKET_WRITE_FAILURE , (SSL_ERROR_BASE + 72),
"Attempt to write encrypted data to underlying socket failed.")
ER3(SSL_ERROR_MD5_DIGEST_FAILURE , (SSL_ERROR_BASE + 73),
"MD5 digest function failed.")
ER3(SSL_ERROR_SHA_DIGEST_FAILURE , (SSL_ERROR_BASE + 74),
"SHA-1 digest function failed.")
ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE , (SSL_ERROR_BASE + 75),
"MAC computation failed.")
ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE , (SSL_ERROR_BASE + 76),
"Failure to create Symmetric Key context.")
ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE , (SSL_ERROR_BASE + 77),
"Failure to unwrap the Symmetric key in Client Key Exchange message.")
ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED , (SSL_ERROR_BASE + 78),
"SSL Server attempted to use domestic-grade public key with export cipher suite.")
ER3(SSL_ERROR_IV_PARAM_FAILURE , (SSL_ERROR_BASE + 79),
"PKCS11 code failed to translate an IV into a param.")
ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE , (SSL_ERROR_BASE + 80),
"Failed to initialize the selected cipher suite.")
ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE , (SSL_ERROR_BASE + 81),
"Client failed to generate session keys for SSL session.")
ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG , (SSL_ERROR_BASE + 82),
"Server has no key for the attempted key exchange algorithm.")
ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL , (SSL_ERROR_BASE + 83),
"PKCS#11 token was inserted or removed while operation was in progress.")
ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND , (SSL_ERROR_BASE + 84),
"No PKCS#11 token could be found to do a required operation.")
ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP , (SSL_ERROR_BASE + 85),
"Cannot communicate securely with peer: no common compression algorithm(s).")
ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED , (SSL_ERROR_BASE + 86),
"Cannot initiate another SSL handshake until current handshake is complete.")
ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE , (SSL_ERROR_BASE + 87),
"Received incorrect handshakes hash values from peer.")
ER3(SSL_ERROR_CERT_KEA_MISMATCH , (SSL_ERROR_BASE + 88),
"The certificate provided cannot be used with the selected key exchange algorithm.")
ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA , (SSL_ERROR_BASE + 89),
"No certificate authority is trusted for SSL client authentication.")
ER3(SSL_ERROR_SESSION_NOT_FOUND , (SSL_ERROR_BASE + 90),
"Client's SSL session ID not found in server's session cache.")
ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT , (SSL_ERROR_BASE + 91),
"Peer was unable to decrypt an SSL record it received.")
ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT , (SSL_ERROR_BASE + 92),
"Peer received an SSL record that was longer than is permitted.")
ER3(SSL_ERROR_UNKNOWN_CA_ALERT , (SSL_ERROR_BASE + 93),
"Peer does not recognize and trust the CA that issued your certificate.")
ER3(SSL_ERROR_ACCESS_DENIED_ALERT , (SSL_ERROR_BASE + 94),
"Peer received a valid certificate, but access was denied.")
ER3(SSL_ERROR_DECODE_ERROR_ALERT , (SSL_ERROR_BASE + 95),
"Peer could not decode an SSL handshake message.")
ER3(SSL_ERROR_DECRYPT_ERROR_ALERT , (SSL_ERROR_BASE + 96),
"Peer reports failure of signature verification or key exchange.")
ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT , (SSL_ERROR_BASE + 97),
"Peer reports negotiation not in compliance with export regulations.")
ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT , (SSL_ERROR_BASE + 98),
"Peer reports incompatible or unsupported protocol version.")
ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT , (SSL_ERROR_BASE + 99),
"Server requires ciphers more secure than those supported by client.")
ER3(SSL_ERROR_INTERNAL_ERROR_ALERT , (SSL_ERROR_BASE + 100),
"Peer reports it experienced an internal error.")
ER3(SSL_ERROR_USER_CANCELED_ALERT , (SSL_ERROR_BASE + 101),
"Peer user canceled handshake.")
ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT , (SSL_ERROR_BASE + 102),
"Peer does not permit renegotiation of SSL security parameters.")

451
security/nss/cmd/SSLsample/client.c Normal file
Просмотреть файл

@ -0,0 +1,451 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
/****************************************************************************
* SSL client program that sets up a connection to SSL server, transmits *
* some data and then reads the reply *
****************************************************************************/
#include <stdio.h>
#include <string.h>
#if defined(XP_UNIX)
#include <unistd.h>
#endif
#include "prerror.h"
#include "pk11func.h"
#include "secitem.h"
#include <stdlib.h>
#include <errno.h>
#include <fcntl.h>
#include <stdarg.h>
#include "nspr.h"
#include "plgetopt.h"
#include "prio.h"
#include "prnetdb.h"
#include "nss.h"
#include "sslsample.h"
#define RD_BUF_SIZE (60 * 1024)
extern int cipherSuites[];
extern int ssl2CipherSuites[];
extern int ssl3CipherSuites[];
GlobalThreadMgr threadMGR;
char *certNickname = NULL;
char *hostName = NULL;
char *password = NULL;
unsigned short port = 0;
static void
Usage(const char *progName)
{
fprintf(stderr,
"Usage: %s [-n rsa_nickname] [-p port] [-d dbdir] [-c connections]\n"
" [-w dbpasswd] [-C cipher(s)] hostname\n",
progName);
exit(1);
}
PRFileDesc *
setupSSLSocket(PRNetAddr *addr)
{
PRFileDesc *tcpSocket;
PRFileDesc *sslSocket;
PRSocketOptionData socketOption;
PRStatus prStatus;
SECStatus secStatus;
retry:
tcpSocket = PR_NewTCPSocket();
if (tcpSocket == NULL) {
errWarn("PR_NewTCPSocket");
}
/* Make the socket blocking. */
socketOption.option = PR_SockOpt_Nonblocking;
socketOption.value.non_blocking = PR_FALSE;
prStatus = PR_SetSocketOption(tcpSocket, &socketOption);
if (prStatus != PR_SUCCESS) {
errWarn("PR_SetSocketOption");
goto loser;
}
#if 0
/* Verify that a connection can be made to the socket. */
prStatus = PR_Connect(tcpSocket, addr, PR_INTERVAL_NO_TIMEOUT);
if (prStatus != PR_SUCCESS) {
PRErrorCode err = PR_GetError();
if (err == PR_CONNECT_REFUSED_ERROR) {
PR_Close(tcpSocket);
PR_Sleep(PR_MillisecondsToInterval(10));
fprintf(stderr, "Connection to port refused, retrying.\n");
goto retry;
}
errWarn("PR_Connect");
goto loser;
}
#endif
/* Import the socket into the SSL layer. */
sslSocket = SSL_ImportFD(NULL, tcpSocket);
if (!sslSocket) {
errWarn("SSL_ImportFD");
goto loser;
}
/* Set configuration options. */
secStatus = SSL_Enable(sslSocket, SSL_SECURITY, PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_Enable:SSL_SECURITY");
goto loser;
}
secStatus = SSL_Enable(sslSocket, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_Enable:SSL_HANDSHAKE_AS_CLIENT");
goto loser;
}
/* Set SSL callback routines. */
secStatus = SSL_GetClientAuthDataHook(sslSocket,
(SSLGetClientAuthData)myGetClientAuthData,
(void *)certNickname);
if (secStatus != SECSuccess) {
errWarn("SSL_GetClientAuthDataHook");
goto loser;
}
secStatus = SSL_AuthCertificateHook(sslSocket,
(SSLAuthCertificate)myAuthCertificate,
(void *)CERT_GetDefaultCertDB());
if (secStatus != SECSuccess) {
errWarn("SSL_AuthCertificateHook");
goto loser;
}
secStatus = SSL_BadCertHook(sslSocket,
(SSLBadCertHandler)myBadCertHandler, NULL);
if (secStatus != SECSuccess) {
errWarn("SSL_BadCertHook");
goto loser;
}
secStatus = SSL_HandshakeCallback(sslSocket,
(SSLHandshakeCallback)myHandshakeCallback,
NULL);
if (secStatus != SECSuccess) {
errWarn("SSL_HandshakeCallback");
goto loser;
}
return sslSocket;
loser:
PR_Close(tcpSocket);
return NULL;
}
const char requestString[] = {"GET /testfile HTTP/1.0\r\n\r\n" };
SECStatus
handle_connection(PRFileDesc *sslSocket, int connection)
{
int countRead = 0;
PRInt32 numBytes;
char *readBuffer;
readBuffer = PORT_Alloc(RD_BUF_SIZE);
if (!readBuffer) {
exitErr("PORT_Alloc");
}
/* compose the http request here. */
numBytes = PR_Write(sslSocket, requestString, strlen(requestString));
if (numBytes <= 0) {
errWarn("PR_Write");
PR_Free(readBuffer);
readBuffer = NULL;
return SECFailure;
}
/* read until EOF */
while (PR_TRUE) {
numBytes = PR_Read(sslSocket, readBuffer, RD_BUF_SIZE);
if (numBytes == 0) {
break; /* EOF */
}
if (numBytes < 0) {
errWarn("PR_Read");
break;
}
countRead += numBytes;
fprintf(stderr, "***** Connection %d read %d bytes (%d total).\n",
connection, numBytes, countRead );
readBuffer[numBytes] = '\0';
fprintf(stderr, "************\n%s\n************\n", readBuffer);
}
printSecurityInfo(sslSocket);
PR_Free(readBuffer);
readBuffer = NULL;
/* Caller closes the socket. */
fprintf(stderr,
"***** Connection %d read %d bytes total.\n",
connection, countRead);
return SECSuccess; /* success */
}
/* one copy of this function is launched in a separate thread for each
** connection to be made.
*/
SECStatus
do_connects(void *a, int connection)
{
PRNetAddr *addr = (PRNetAddr *)a;
PRFileDesc *sslSocket;
PRHostEnt hostEntry;
char buffer[PR_NETDB_BUF_SIZE];
PRStatus prStatus;
PRIntn hostenum;
SECStatus secStatus;
/* Set up SSL secure socket. */
sslSocket = setupSSLSocket(addr);
if (sslSocket == NULL) {
errWarn("setupSSLSocket");
return SECFailure;
}
secStatus = SSL_SetPKCS11PinArg(sslSocket, password);
if (secStatus != SECSuccess) {
errWarn("SSL_SetPKCS11PinArg");
return secStatus;
}
secStatus = SSL_SetURL(sslSocket, hostName);
if (secStatus != SECSuccess) {
errWarn("SSL_SetURL");
return secStatus;
}
/* Prepare and setup network connection. */
prStatus = PR_GetHostByName(hostName, buffer, sizeof(buffer), &hostEntry);
if (prStatus != PR_SUCCESS) {
errWarn("PR_GetHostByName");
return SECFailure;
}
hostenum = PR_EnumerateHostEnt(0, &hostEntry, port, addr);
if (hostenum == -1) {
errWarn("PR_EnumerateHostEnt");
return SECFailure;
}
prStatus = PR_Connect(sslSocket, addr, PR_INTERVAL_NO_TIMEOUT);
if (prStatus != PR_SUCCESS) {
errWarn("PR_Connect");
return SECFailure;
}
/* Established SSL connection, ready to send data. */
#if 0
secStatus = SSL_ForceHandshake(sslSocket);
if (secStatus != SECSuccess) {
errWarn("SSL_ForceHandshake");
return secStatus;
}
#endif
secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_FALSE);
if (secStatus != SECSuccess) {
errWarn("SSL_ResetHandshake");
prStatus = PR_Close(sslSocket);
if (prStatus != PR_SUCCESS) {
errWarn("PR_Close");
}
return secStatus;
}
secStatus = handle_connection(sslSocket, connection);
if (secStatus != SECSuccess) {
errWarn("handle_connection");
return secStatus;
}
PR_Close(sslSocket);
return SECSuccess;
}
void
client_main(unsigned short port,
int connections,
const char * hostName)
{
int i;
SECStatus secStatus;
PRStatus prStatus;
PRInt32 rv;
PRNetAddr addr;
PRHostEnt hostEntry;
char buffer[256];
/* Setup network connection. */
prStatus = PR_GetHostByName(hostName, buffer, 256, &hostEntry);
if (prStatus != PR_SUCCESS) {
exitErr("PR_GetHostByName");
}
rv = PR_EnumerateHostEnt(0, &hostEntry, port, &addr);
if (rv < 0) {
exitErr("PR_EnumerateHostEnt");
}
secStatus = launch_thread(&threadMGR, do_connects, &addr, 1);
if (secStatus != SECSuccess) {
exitErr("launch_thread");
}
if (connections > 1) {
/* wait for the first connection to terminate, then launch the rest. */
reap_threads(&threadMGR);
/* Start up the connections */
for (i = 2; i <= connections; ++i) {
secStatus = launch_thread(&threadMGR, do_connects, &addr, i);
if (secStatus != SECSuccess) {
errWarn("launch_thread");
}
}
}
reap_threads(&threadMGR);
destroy_thread_data(&threadMGR);
}
int
main(int argc, char **argv)
{
char * certDir = ".";
char * progName = NULL;
int connections = 1;
char * cipherString = NULL;
SECStatus secStatus;
PLOptState * optstate;
PLOptStatus status;
/* Call the NSPR initialization routines */
PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
progName = PL_strdup(argv[0]);
hostName = NULL;
optstate = PL_CreateOptState(argc, argv, "C:c:d:n:p:w:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch(optstate->option) {
case 'C' : cipherString = PL_strdup(optstate->value); break;
case 'c' : connections = PORT_Atoi(optstate->value); break;
case 'd' : certDir = PL_strdup(optstate->value); break;
case 'n' : certNickname = PL_strdup(optstate->value); break;
case 'p' : port = PORT_Atoi(optstate->value); break;
case 'w' : password = PL_strdup(optstate->value); break;
case '\0': hostName = PL_strdup(optstate->value); break;
default : Usage(progName);
}
}
if (port == 0 || hostName == NULL)
Usage(progName);
if (certDir == NULL) {
certDir = PR_smprintf("%s/.netscape", getenv("HOME"));
}
/* Set our password function callback. */
PK11_SetPasswordFunc(myPasswd);
/* Initialize the NSS libraries. */
secStatus = NSS_Init(certDir);
if (secStatus != SECSuccess) {
exitErr("NSS_Init");
}
/* All cipher suites except RSA_NULL_MD5 are enabled by Domestic Policy. */
NSS_SetDomesticPolicy();
SSL_EnableCipher(SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED);
/* all the SSL2 and SSL3 cipher suites are enabled by default. */
if (cipherString) {
int ndx;
/* disable all the ciphers, then enable the ones we want. */
disableSSL2Ciphers();
disableSSL3Ciphers();
while (0 != (ndx = *cipherString++)) {
int *cptr;
int cipher;
if (! isalpha(ndx))
Usage(progName);
cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
/* do nothing */;
if (cipher) {
SSL_EnableCipher(cipher, SSL_ALLOWED);
}
}
}
client_main(port, connections, hostName);
NSS_Shutdown();
PR_Cleanup();
return 0;
}

50
security/nss/cmd/SSLsample/client.mn Normal file
Просмотреть файл

@ -0,0 +1,50 @@
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
CORE_DEPTH = ../../..
MODULE = security
EXPORTS =
CSRCS = client.c \
sslsample.c \
$(NULL)
PROGRAM = client
REQUIRES = dbm
IMPORTS = security/lib/nss
DEFINES = -DNSPR20

79
security/nss/cmd/SSLsample/gencerts Executable file
Просмотреть файл

@ -0,0 +1,79 @@
#!/bin/sh
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#
# Script to generate sample db files neccessary for SSL.
# Directory for db's, use in all subsequent -d flags.
rm -rf SampleCertDBs
mkdir SampleCertDBs
# Password to use.
echo sample > passfile
# Generate the db files, using the above password.
certutil -N -d SampleCertDBs -f passfile
# Generate the CA cert. This cert is self-signed and only useful for
# test purposes. Set the trust bits to allow it to sign SSL client/server
# certs.
certutil -S -n SampleRootCA -x -t "CTu,CTu,CTu" \
-s "CN=My Sample Root CA, O=My Organization" \
-m 25000 -o ./SampleCertDBs/SampleRootCA.crt \
-d SampleCertDBs -f passfile
# Generate the server cert. This cert is signed by the CA cert generated
# above. The CN must be hostname.domain.[com|org|net|...].
certutil -S -n SampleSSLServerCert -c SampleRootCA -t "u,u,u" \
-s "CN=$HOSTNAME.mcom.com, O=$HOSTNAME Corp." \
-m 25001 -o ./SampleCertDBs/SampleSSLServer.crt \
-d SampleCertDBs -f passfile
# Generate the client cert. This cert is signed by the CA cert generated
# above.
certutil -S -n SampleSSLClientCert -c SampleRootCA -t "u,u,u" \
-s "CN=My Client Cert, O=Client Organization" \
-m 25002 -o ./SampleCertDBs/SampleSSLClient.crt \
-d SampleCertDBs -f passfile
# Verify the certificates.
certutil -V -u V -n SampleSSLServerCert -d SampleCertDBs
certutil -V -u C -n SampleSSLClientCert -d SampleCertDBs
# Remove unneccessary files.
rm -f passfile
rm -f tempcert*
# You are now ready to run your client/server! Example command lines:
# server -n SampleSSLServerCert -p 8080 -d SampleCertDBs -w sample -c e -R
# client -n SampleSSLClientCert -p 8080 -d SampleCertDBs -w sample -c 2 trane.mcom.com

78
security/nss/cmd/SSLsample/make.client Normal file
Просмотреть файл

@ -0,0 +1,78 @@
#! gmake
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include client.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#include $(CORE_DEPTH)/$(MODULE)/config/config.mk
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platlibs.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
#CC = cc

77
security/nss/cmd/SSLsample/make.server Normal file
Просмотреть файл

@ -0,0 +1,77 @@
#! gmake
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include server.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#include $(CORE_DEPTH)/$(MODULE)/config/config.mk
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platlibs.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################

60
security/nss/cmd/SSLsample/nmakefile95.nss Executable file
Просмотреть файл

@ -0,0 +1,60 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
# NSS 2.6.2 Sample Win95 Makefile
#
#
# This nmake file will build server.c and client.c on Windows 95.
#
DEFINES=-D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG -DWIN32 -D_WINDOWS
INCPATH=/I. /I..\include\dbm /I..\include\nspr /I..\include\security
LIBS=nss.lib ssl.lib pkcs7.lib pkcs12.lib secmod.lib cert.lib key.lib crypto.lib secutil.lib hash.lib dbm.lib libplc3.lib libplds3.lib libnspr3.lib wsock32.lib
CFLAGS=-O2 -MD -W3 -nologo
CC=cl
LDOPTIONS=/link /LIBPATH:..\lib /nodefaultlib:libcd.lib /subsystem:console
server:
$(CC) $(CFLAGS) $(INCPATH) /Feserver server.c getopt.c $(LIBS) $(DEFINES) $(LDOPTIONS)
client:
$(CC) $(CFLAGS) $(INCPATH) /Feclient client.c getopt.c $(LIBS) $(DEFINES) $(LDOPTIONS)
clean:
del /S server.exe client.exe server.lib server.exp client.lib client.exp server.obj client.obj getopt.obj

59
security/nss/cmd/SSLsample/nmakefilent.nss Executable file
Просмотреть файл

@ -0,0 +1,59 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
# NSS 2.6.2 Sample NT Makefile
#
#
# This nmake file will build server.c and client.c on Windows NT 4 SP3.
#
DEFINES=-D_X86_ -GT -DWINNT -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG -DWIN32 -D_WINDOWS
INCPATH=-I. -I..\include\dbm -I..\include\nspr -I..\include\security
LIBS=nss.lib ssl.lib pkcs7.lib pkcs12.lib secmod.lib cert.lib key.lib crypto.lib secutil.lib hash.lib dbm.lib libplc3.lib libplds3.lib libnspr3.lib wsock32.lib
CFLAGS=-O2 -MD -W3 -nologo
CC=cl
LDOPTIONS=/link /LIBPATH:..\lib /nodefaultlib:libcd.lib /subsystem:console
server:
$(CC) $(CFLAGS) /Feserver server.c getopt.c $(LIBS) $(DEFINES) $(INCPATH) $(LDOPTIONS)
client:
$(CC) $(CFLAGS) /Feclient client.c getopt.c $(LIBS) $(DEFINES) $(INCPATH) $(LDOPTIONS)
clean:
del /S server.exe client.exe server.lib server.exp client.lib client.exp server.obj client.obj getopt.obj

822
security/nss/cmd/SSLsample/server.c Normal file
Просмотреть файл

@ -0,0 +1,822 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
/****************************************************************************
* SSL server program listens on a port, accepts client connection, reads *
* request and responds to it *
****************************************************************************/
/* Generic header files */
#include <stdio.h>
#include <string.h>
/* NSPR header files */
#include "nspr.h"
#include "plgetopt.h"
#include "prerror.h"
#include "prnetdb.h"
/* NSS header files */
#include "pk11func.h"
#include "secitem.h"
#include "ssl.h"
#include "certt.h"
#include "nss.h"
#include "secrng.h"
#include "secder.h"
#include "key.h"
#include "sslproto.h"
/* Custom header files */
#include "sslsample.h"
#ifndef PORT_Sprintf
#define PORT_Sprintf sprintf
#endif
#define REQUEST_CERT_ONCE 1
#define REQUIRE_CERT_ONCE 2
#define REQUEST_CERT_ALL 3
#define REQUIRE_CERT_ALL 4
/* Global variables */
GlobalThreadMgr threadMGR;
char *password = NULL;
CERTCertificate *cert = NULL;
SECKEYPrivateKey *privKey = NULL;
int stopping;
static void
Usage(const char *progName)
{
fprintf(stderr,
"Usage: %s -n rsa_nickname -p port [-3RFrf] [-w password]\n"
" [-c ciphers] [-d dbdir] \n"
"-3 means disable SSL v3\n"
"-r means request certificate on first handshake.\n"
"-f means require certificate on first handshake.\n"
"-R means request certificate on all handshakes.\n"
"-F means require certificate on all handshakes.\n"
"-c ciphers Letter(s) chosen from the following list\n"
"A SSL2 RC4 128 WITH MD5\n"
"B SSL2 RC4 128 EXPORT40 WITH MD5\n"
"C SSL2 RC2 128 CBC WITH MD5\n"
"D SSL2 RC2 128 CBC EXPORT40 WITH MD5\n"
"E SSL2 DES 64 CBC WITH MD5\n"
"F SSL2 DES 192 EDE3 CBC WITH MD5\n"
"\n"
"a SSL3 FORTEZZA DMS WITH FORTEZZA CBC SHA\n"
"b SSL3 FORTEZZA DMS WITH RC4 128 SHA\n"
"c SSL3 RSA WITH RC4 128 MD5\n"
"d SSL3 RSA WITH 3DES EDE CBC SHA\n"
"e SSL3 RSA WITH DES CBC SHA\n"
"f SSL3 RSA EXPORT WITH RC4 40 MD5\n"
"g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
"h SSL3 FORTEZZA DMS WITH NULL SHA\n"
"i SSL3 RSA WITH NULL MD5\n"
"j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
"k SSL3 RSA FIPS WITH DES CBC SHA\n"
"l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n"
"m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n",
progName);
exit(1);
}
/* Function: readDataFromSocket()
*
* Purpose: Parse an HTTP request by reading data from a GET or POST.
*
*/
SECStatus
readDataFromSocket(PRFileDesc *sslSocket, DataBuffer *buffer, char **fileName)
{
char *post;
int numBytes = 0;
int newln = 0; /* # of consecutive newlns */
/* Read data while it comes in from the socket. */
while (PR_TRUE) {
buffer->index = 0;
newln = 0;
/* Read the buffer. */
numBytes = PR_Read(sslSocket, &buffer->data[buffer->index],
buffer->remaining);
if (numBytes <= 0) {
errWarn("PR_Read");
return SECFailure;
}
buffer->dataEnd = buffer->dataStart + numBytes;
/* Parse the input, starting at the beginning of the buffer.
* Stop when we detect two consecutive \n's (or \r\n's)
* as this signifies the end of the GET or POST portion.
* The posted data follows.
*/
while (buffer->index < buffer->dataEnd && newln < 2) {
int octet = buffer->data[buffer->index++];
if (octet == '\n') {
newln++;
} else if (octet != '\r') {
newln = 0;
}
}
/* Came to the end of the buffer, or second newline.
* If we didn't get an empty line ("\r\n\r\n"), then keep on reading.
*/
if (newln < 2)
continue;
/* we're at the end of the HTTP request.
* If the request is a POST, then there will be one more
* line of data.
* This parsing is a hack, but ok for SSL test purposes.
*/
post = PORT_Strstr(buffer->data, "POST ");
if (!post || *post != 'P')
break;
/* It's a post, so look for the next and final CR/LF. */
/* We should parse content length here, but ... */
while (buffer->index < buffer->dataEnd && newln < 3) {
int octet = buffer->data[buffer->index++];
if (octet == '\n') {
newln++;
}
}
if (newln == 3)
break;
}
/* Have either (a) a complete get, (b) a complete post, (c) EOF */
/* Execute a "GET " operation. */
if (buffer->index > 0 && PORT_Strncmp(buffer->data, "GET ", 4) == 0) {
int fnLength;
/* File name is the part after "GET ". */
fnLength = strcspn(buffer->data + 5, " \r\n");
*fileName = (char *)PORT_Alloc(fnLength + 1);
PORT_Strncpy(*fileName, buffer->data + 5, fnLength);
(*fileName)[fnLength] = '\0';
}
return SECSuccess;
}
/* Function: authenticateSocket()
*
* Purpose: Configure a socket for SSL.
*
*
*/
PRFileDesc *
setupSSLSocket(PRFileDesc *tcpSocket, int requestCert)
{
PRFileDesc *sslSocket;
SSLKEAType certKEA;
int certErr = 0;
SECStatus secStatus;
/* Set the appropriate flags. */
sslSocket = SSL_ImportFD(NULL, tcpSocket);
if (sslSocket == NULL) {
errWarn("SSL_ImportFD");
goto loser;
}
secStatus = SSL_Enable(sslSocket, SSL_SECURITY, PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_Enable SSL_SECURITY");
goto loser;
}
secStatus = SSL_Enable(sslSocket, SSL_HANDSHAKE_AS_SERVER, PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_Enable:SSL_HANDSHAKE_AS_SERVER");
goto loser;
}
secStatus = SSL_Enable(sslSocket, SSL_REQUEST_CERTIFICATE,
(requestCert >= REQUEST_CERT_ONCE));
if (secStatus != SECSuccess) {
errWarn("SSL_Enable:SSL_REQUEST_CERTIFICATE");
goto loser;
}
secStatus = SSL_Enable(sslSocket, SSL_REQUIRE_CERTIFICATE,
(requestCert == REQUIRE_CERT_ONCE));
if (secStatus != SECSuccess) {
errWarn("SSL_Enable:SSL_REQUIRE_CERTIFICATE");
goto loser;
}
/* Set the appropriate callback routines. */
secStatus = SSL_AuthCertificateHook(sslSocket, myAuthCertificate,
CERT_GetDefaultCertDB());
if (secStatus != SECSuccess) {
errWarn("SSL_AuthCertificateHook");
goto loser;
}
secStatus = SSL_BadCertHook(sslSocket,
(SSLBadCertHandler)myBadCertHandler, &certErr);
if (secStatus != SECSuccess) {
errWarn("SSL_BadCertHook");
goto loser;
}
secStatus = SSL_HandshakeCallback(sslSocket,
(SSLHandshakeCallback)myHandshakeCallback,
NULL);
if (secStatus != SECSuccess) {
errWarn("SSL_HandshakeCallback");
goto loser;
}
secStatus = SSL_SetPKCS11PinArg(sslSocket, password);
if (secStatus != SECSuccess) {
errWarn("SSL_HandshakeCallback");
goto loser;
}
certKEA = NSS_FindCertKEAType(cert);
secStatus = SSL_ConfigSecureServer(sslSocket, cert, privKey, certKEA);
if (secStatus != SECSuccess) {
errWarn("SSL_ConfigSecureServer");
goto loser;
}
return sslSocket;
loser:
PR_Close(tcpSocket);
return NULL;
}
/* Function: authenticateSocket()
*
* Purpose: Perform client authentication on the socket.
*
*/
SECStatus
authenticateSocket(PRFileDesc *sslSocket, PRBool requireCert)
{
CERTCertificate *cert;
SECStatus secStatus;
/* Returns NULL if client authentication is not enabled or if the
* client had no certificate. */
cert = SSL_PeerCertificate(sslSocket);
if (cert) {
/* Client had a certificate, so authentication is through. */
CERT_DestroyCertificate(cert);
return SECSuccess;
}
/* Request client to authenticate itself. */
secStatus = SSL_Enable(sslSocket, SSL_REQUEST_CERTIFICATE, PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_Enable:SSL_REQUEST_CERTIFICATE");
return SECFailure;
}
/* If desired, require client to authenticate itself. Note
* SSL_REQUEST_CERTIFICATE must also be on, as above. */
secStatus = SSL_Enable(sslSocket, SSL_REQUIRE_CERTIFICATE, requireCert);
if (secStatus != SECSuccess) {
errWarn("SSL_Enable:SSL_REQUIRE_CERTIFICATE");
return SECFailure;
}
/* Having changed socket configuration parameters, redo handshake. */
secStatus = SSL_RedoHandshake(sslSocket);
if (secStatus != SECSuccess) {
errWarn("SSL_RedoHandshake");
return SECFailure;
}
/* Force the handshake to complete before moving on. */
secStatus = SSL_ForceHandshake(sslSocket);
if (secStatus != SECSuccess) {
errWarn("SSL_ForceHandshake");
return SECFailure;
}
return SECSuccess;
}
/* Function: writeDataToSocket
*
* Purpose: Write the client's request back to the socket. If the client
* requested a file, dump it to the socket.
*
*/
SECStatus
writeDataToSocket(PRFileDesc *sslSocket, DataBuffer *buffer, char *fileName)
{
int headerLength;
int numBytes;
char messageBuffer[120];
PRFileDesc *local_file_fd = NULL;
char header[] = "<html><body><h1>Sample SSL server</h1><br><br>";
char filehd[] = "<h2>The file you requested:</h2><br>";
char reqhd[] = "<h2>This is your request:</h2><br>";
char link[] = "Try getting a <a HREF=\"../testfile\">file</a><br>";
char footer[] = "<br><h2>End of request.</h2><br></body></html>";
headerLength = PORT_Strlen(defaultHeader);
/* Write a header to the socket. */
numBytes = PR_Write(sslSocket, header, PORT_Strlen(header));
if (numBytes < 0) {
errWarn("PR_Write");
goto loser;
}
if (fileName) {
PRFileInfo info;
PRStatus prStatus;
/* Try to open the local file named.
* If successful, then write it to the client.
*/
prStatus = PR_GetFileInfo(fileName, &info);
if (prStatus != PR_SUCCESS ||
info.type != PR_FILE_FILE ||
info.size < 0) {
PORT_Free(fileName);
/* Maybe a GET not sent from client.c? */
goto writerequest;
return SECSuccess;
}
local_file_fd = PR_Open(fileName, PR_RDONLY, 0);
if (local_file_fd == NULL) {
PORT_Free(fileName);
goto writerequest;
}
/* Write a header to the socket. */
numBytes = PR_Write(sslSocket, filehd, PORT_Strlen(filehd));
if (numBytes < 0) {
errWarn("PR_Write");
goto loser;
}
/* Transmit the local file prepended by the default header
* across the socket.
*/
numBytes = PR_TransmitFile(sslSocket, local_file_fd,
defaultHeader, headerLength,
PR_TRANSMITFILE_KEEP_OPEN,
PR_INTERVAL_NO_TIMEOUT);
/* Error in transmission. */
if (numBytes < 0) {
errWarn("PR_TransmitFile");
/*
i = PORT_Strlen(errString);
PORT_Memcpy(buf, errString, i);
*/
/* Transmitted bytes successfully. */
} else {
numBytes -= headerLength;
fprintf(stderr, "PR_TransmitFile wrote %d bytes from %s\n",
numBytes, fileName);
}
PORT_Free(fileName);
PR_Close(local_file_fd);
}
writerequest:
/* Write a header to the socket. */
numBytes = PR_Write(sslSocket, reqhd, PORT_Strlen(reqhd));
if (numBytes < 0) {
errWarn("PR_Write");
goto loser;
}
/* Write the buffer data to the socket. */
if (buffer->index <= 0) {
/* Reached the EOF. Report incomplete transaction to socket. */
PORT_Sprintf(messageBuffer,
"GET or POST incomplete after %d bytes.\r\n",
buffer->dataEnd);
numBytes = PR_Write(sslSocket, messageBuffer,
PORT_Strlen(messageBuffer));
if (numBytes < 0) {
errWarn("PR_Write");
goto loser;
}
} else {
/* Display the buffer data. */
fwrite(buffer->data, 1, buffer->index, stdout);
/* Write the buffer data to the socket. */
numBytes = PR_Write(sslSocket, buffer->data, buffer->index);
if (numBytes < 0) {
errWarn("PR_Write");
goto loser;
}
/* Display security information for the socket. */
printSecurityInfo(sslSocket);
/* Write any discarded data out to the socket. */
if (buffer->index < buffer->dataEnd) {
PORT_Sprintf(buffer->data, "Discarded %d characters.\r\n",
buffer->dataEnd - buffer->index);
numBytes = PR_Write(sslSocket, buffer->data,
PORT_Strlen(buffer->data));
if (numBytes < 0) {
errWarn("PR_Write");
goto loser;
}
}
}
/* Write a footer to the socket. */
numBytes = PR_Write(sslSocket, footer, PORT_Strlen(footer));
if (numBytes < 0) {
errWarn("PR_Write");
goto loser;
}
/* Write a link to the socket. */
numBytes = PR_Write(sslSocket, link, PORT_Strlen(link));
if (numBytes < 0) {
errWarn("PR_Write");
goto loser;
}
/* Complete the HTTP transaction. */
numBytes = PR_Write(sslSocket, "EOF\r\n\r\n\r\n", 9);
if (numBytes < 0) {
errWarn("PR_Write");
goto loser;
}
/* Do a nice shutdown if asked. */
if (!strncmp(buffer->data, stopCmd, strlen(stopCmd))) {
stopping = 1;
}
return SECSuccess;
loser:
/* Do a nice shutdown if asked. */
if (!strncmp(buffer->data, stopCmd, strlen(stopCmd))) {
stopping = 1;
}
return SECFailure;
}
/* Function: int handle_connection()
*
* Purpose: Thread to handle a connection to a socket.
*
*/
SECStatus
handle_connection(void *tcp_sock, int requestCert)
{
PRFileDesc * tcpSocket = (PRFileDesc *)tcp_sock;
PRFileDesc * sslSocket = NULL;
SECStatus secStatus = SECFailure;
PRStatus prStatus;
PRSocketOptionData socketOption;
DataBuffer buffer;
char * fileName = NULL;
/* Initialize the data buffer. */
memset(buffer.data, 0, BUFFER_SIZE);
buffer.remaining = BUFFER_SIZE;
buffer.index = 0;
buffer.dataStart = 0;
buffer.dataEnd = 0;
/* Make sure the socket is blocking. */
socketOption.option = PR_SockOpt_Nonblocking;
socketOption.value.non_blocking = PR_FALSE;
PR_SetSocketOption(tcpSocket, &socketOption);
sslSocket = setupSSLSocket(tcpSocket, requestCert);
if (sslSocket == NULL) {
errWarn("setupSSLSocket");
goto cleanup;
}
secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_ResetHandshake");
goto cleanup;
}
/* Read data from the socket, parse it for HTTP content.
* If the user is requesting/requiring authentication, authenticate
* the socket. Then write the result back to the socket. */
fprintf(stdout, "\nReading data from socket...\n\n");
secStatus = readDataFromSocket(sslSocket, &buffer, &fileName);
if (secStatus != SECSuccess) {
goto cleanup;
}
if (requestCert >= REQUEST_CERT_ALL) {
fprintf(stdout, "\nAuthentication requested.\n\n");
secStatus = authenticateSocket(sslSocket,
(requestCert == REQUIRE_CERT_ALL));
if (secStatus != SECSuccess) {
goto cleanup;
}
}
fprintf(stdout, "\nWriting data to socket...\n\n");
secStatus = writeDataToSocket(sslSocket, &buffer, fileName);
cleanup:
/* Close down the socket. */
prStatus = PR_Close(tcpSocket);
if (prStatus != PR_SUCCESS) {
errWarn("PR_Close");
}
return secStatus;
}
/* Function: int accept_connection()
*
* Purpose: Thread to accept a connection to the socket.
*
*/
SECStatus
accept_connection(void *listener, int requestCert)
{
PRFileDesc *listenSocket = (PRFileDesc*)listener;
PRNetAddr addr;
PRStatus prStatus;
/* XXX need an SSL socket here? */
while (!stopping) {
PRFileDesc *tcpSocket;
SECStatus result;
fprintf(stderr, "\n\n\nAbout to call accept.\n");
/* Accept a connection to the socket. */
tcpSocket = PR_Accept(listenSocket, &addr, PR_INTERVAL_NO_TIMEOUT);
if (tcpSocket == NULL) {
errWarn("PR_Accept");
break;
}
/* Accepted the connection, now handle it. */
result = launch_thread(&threadMGR, handle_connection,
tcpSocket, requestCert);
if (result != SECSuccess) {
prStatus = PR_Close(tcpSocket);
if (prStatus != PR_SUCCESS) {
exitErr("PR_Close");
}
break;
}
}
fprintf(stderr, "Closing listen socket.\n");
prStatus = PR_Close(listenSocket);
if (prStatus != PR_SUCCESS) {
exitErr("PR_Close");
}
return SECSuccess;
}
/* Function: void server_main()
*
* Purpose: This is the server's main function. It configures a socket
* and listens to it.
*
*/
void
server_main(
unsigned short port,
int requestCert,
SECKEYPrivateKey * privKey,
CERTCertificate * cert,
PRBool disableSSL3)
{
SECStatus secStatus;
PRStatus prStatus;
PRFileDesc * listenSocket;
PRNetAddr addr;
PRSocketOptionData socketOption;
/* Create a new socket. */
listenSocket = PR_NewTCPSocket();
if (listenSocket == NULL) {
exitErr("PR_NewTCPSocket");
}
/* Set socket to be blocking -
* on some platforms the default is nonblocking.
*/
socketOption.option = PR_SockOpt_Nonblocking;
socketOption.value.non_blocking = PR_FALSE;
prStatus = PR_SetSocketOption(listenSocket, &socketOption);
if (prStatus != PR_SUCCESS) {
exitErr("PR_SetSocketOption");
}
/* This cipher is not on by default. The Acceptance test
* would like it to be. Turn this cipher on.
*/
secStatus = SSL_EnableCipher(SSL_RSA_WITH_NULL_MD5, PR_TRUE);
if (secStatus != SECSuccess) {
exitErr("SSL_EnableCipher:SSL_RSA_WITH_NULL_MD5");
}
/* Configure the network connection. */
addr.inet.family = PR_AF_INET;
addr.inet.ip = PR_INADDR_ANY;
addr.inet.port = PR_htons(port);
/* Bind the address to the listener socket. */
prStatus = PR_Bind(listenSocket, &addr);
if (prStatus != PR_SUCCESS) {
exitErr("PR_Bind");
}
/* Listen for connection on the socket. The second argument is
* the maximum size of the queue for pending connections.
*/
prStatus = PR_Listen(listenSocket, 5);
if (prStatus != PR_SUCCESS) {
exitErr("PR_Listen");
}
/* Launch thread to handle connections to the socket. */
secStatus = launch_thread(&threadMGR, accept_connection,
listenSocket, requestCert);
if (secStatus != SECSuccess) {
PR_Close(listenSocket);
} else {
reap_threads(&threadMGR);
destroy_thread_data(&threadMGR);
}
}
/* Function: int main()
*
* Purpose: Parses command arguments and configures SSL server.
*
*/
int
main(int argc, char **argv)
{
char * progName = NULL;
char * nickName = NULL;
char * cipherString = NULL;
char * dir = ".";
int requestCert = 0;
unsigned short port = 0;
SECStatus secStatus;
PRBool disableSSL3 = PR_FALSE;
PLOptState * optstate;
PLOptStatus status;
/* Zero out the thread manager. */
PORT_Memset(&threadMGR, 0, sizeof(threadMGR));
progName = PL_strdup(argv[0]);
optstate = PL_CreateOptState(argc, argv, "3FRc:d:fp:n:rw:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch(optstate->option) {
case '3': disableSSL3 = PR_TRUE; break;
case 'F': requestCert = REQUIRE_CERT_ALL; break;
case 'R': requestCert = REQUEST_CERT_ALL; break;
case 'c': cipherString = PL_strdup(optstate->value); break;
case 'd': dir = PL_strdup(optstate->value); break;
case 'f': requestCert = REQUIRE_CERT_ONCE; break;
case 'n': nickName = PL_strdup(optstate->value); break;
case 'p': port = PORT_Atoi(optstate->value); break;
case 'r': requestCert = REQUEST_CERT_ONCE; break;
case 'w': password = PL_strdup(optstate->value); break;
default:
case '?': Usage(progName);
}
}
if (nickName == NULL || port == 0)
Usage(progName);
/* Call the NSPR initialization routines. */
PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
/* Set the cert database password callback. */
PK11_SetPasswordFunc(myPasswd);
/* Initialize NSS. */
secStatus = NSS_Init(dir);
if (secStatus != SECSuccess) {
exitErr("NSS_Init");
}
/* Set the policy for this server (REQUIRED - no default). */
secStatus = NSS_SetDomesticPolicy();
if (secStatus != SECSuccess) {
exitErr("NSS_SetDomesticPolicy");
}
/* XXX keep this? */
/* all the SSL2 and SSL3 cipher suites are enabled by default. */
if (cipherString) {
int ndx;
/* disable all the ciphers, then enable the ones we want. */
disableSSL2Ciphers();
disableSSL3Ciphers();
while (0 != (ndx = *cipherString++)) {
int *cptr;
int cipher;
if (! isalpha(ndx))
Usage(progName);
cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
/* do nothing */;
if (cipher) {
SECStatus status;
status = SSL_CipherPrefSetDefault(cipher, SSL_ALLOWED);
if (status != SECSuccess)
errWarn("SSL_CipherPrefSetDefault()");
}
}
}
/* Get own certificate and private key. */
cert = PK11_FindCertFromNickname(nickName, password);
if (cert == NULL) {
exitErr("PK11_FindCertFromNickname");
}
privKey = PK11_FindKeyByAnyCert(cert, password);
if (privKey == NULL) {
exitErr("PK11_FindKeyByAnyCert");
}
/* Configure the server's cache for a multi-process application
* using default timeout values (24 hrs) and directory location (/tmp).
*/
SSL_ConfigMPServerSIDCache(256, 0, 0, NULL);
/* Launch server. */
server_main(port, requestCert, privKey, cert, disableSSL3);
/* Shutdown NSS and exit NSPR gracefully. */
NSS_Shutdown();
PR_Cleanup();
return 0;
}

48
security/nss/cmd/SSLsample/server.mn Normal file
Просмотреть файл

@ -0,0 +1,48 @@
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
CORE_DEPTH = ../../..
MODULE = security
EXPORTS =
CSRCS = server.c \
sslsample.c \
$(NULL)
PROGRAM = server
REQUIRES = dbm
DEFINES = -DNSPR20

110
security/nss/cmd/SSLsample/sslerror.h Normal file
Просмотреть файл

@ -0,0 +1,110 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include <stdio.h>
#include <string.h>
#include "nspr.h"
struct tuple_str {
PRErrorCode errNum;
const char * errString;
};
typedef struct tuple_str tuple_str;
#define ER2(a,b) {a, b},
#define ER3(a,b,c) {a, c},
#include "secerr.h"
#include "sslerr.h"
const tuple_str errStrings[] = {
/* keep this list in asceding order of error numbers */
#include "SSLerrs.h"
#include "SECerrs.h"
#include "NSPRerrs.h"
};
const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str);
/* Returns a UTF-8 encoded constant error string for "errNum".
* Returns NULL of errNum is unknown.
*/
const char *
SSL_Strerror(PRErrorCode errNum) {
PRInt32 low = 0;
PRInt32 high = numStrings - 1;
PRInt32 i;
PRErrorCode num;
static int initDone;
/* make sure table is in ascending order.
* binary search depends on it.
*/
if (!initDone) {
PRErrorCode lastNum = 0x80000000;
for (i = low; i <= high; ++i) {
num = errStrings[i].errNum;
if (num <= lastNum) {
fprintf(stderr,
"sequence error in error strings at item %d\n"
"error %d (%s)\n"
"should come after \n"
"error %d (%s)\n",
i, lastNum, errStrings[i-1].errString,
num, errStrings[i].errString);
}
lastNum = num;
}
initDone = 1;
}
/* Do binary search of table. */
while (low + 1 < high) {
i = (low + high) / 2;
num = errStrings[i].errNum;
if (errNum == num)
return errStrings[i].errString;
if (errNum < num)
high = i;
else
low = i;
}
if (errNum == errStrings[low].errNum)
return errStrings[low].errString;
if (errNum == errStrings[high].errNum)
return errStrings[high].errString;
return NULL;
}

619
security/nss/cmd/SSLsample/sslsample.c Normal file
Просмотреть файл

@ -0,0 +1,619 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "sslsample.h"
#include "sslerror.h"
/* Declare SSL cipher suites. */
int cipherSuites[] = {
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,
SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,
SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA,
SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
SSL_FORTEZZA_DMS_WITH_NULL_SHA,
SSL_RSA_WITH_NULL_MD5,
0
};
int ssl2CipherSuites[] = {
SSL_EN_RC4_128_WITH_MD5, /* A */
SSL_EN_RC4_128_EXPORT40_WITH_MD5, /* B */
SSL_EN_RC2_128_CBC_WITH_MD5, /* C */
SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */
SSL_EN_DES_64_CBC_WITH_MD5, /* E */
SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* F */
0
};
int ssl3CipherSuites[] = {
SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, /* b */
SSL_RSA_WITH_RC4_128_MD5, /* c */
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
SSL_RSA_WITH_DES_CBC_SHA, /* e */
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* h */
SSL_RSA_WITH_NULL_MD5, /* i */
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
0
};
/**************************************************************************
**
** SSL callback routines.
**
**************************************************************************/
/* Function: char * myPasswd()
*
* Purpose: This function is our custom password handler that is called by
* SSL when retreiving private certs and keys from the database. Returns a
* pointer to a string that with a password for the database. Password pointer
* should point to dynamically allocated memory that will be freed later.
*/
char *
myPasswd(PK11SlotInfo *info, PRBool retry, void *arg)
{
char * passwd = NULL;
if ( (!retry) && arg ) {
passwd = PORT_Strdup((char *)arg);
}
return passwd;
}
/* Function: SECStatus myAuthCertificate()
*
* Purpose: This function is our custom certificate authentication handler.
*
* Note: This implementation is essentially the same as the default
* SSL_AuthCertificate().
*/
SECStatus
myAuthCertificate(void *arg, PRFileDesc *socket,
PRBool checksig, PRBool isServer)
{
SECCertUsage certUsage;
CERTCertificate * cert;
void * pinArg;
char * hostName;
SECStatus secStatus;
if (!arg || !socket) {
errWarn("myAuthCertificate");
return SECFailure;
}
/* Define how the cert is being used based upon the isServer flag. */
certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
cert = SSL_PeerCertificate(socket);
pinArg = SSL_RevealPinArg(socket);
secStatus = CERT_VerifyCertNow((CERTCertDBHandle *)arg,
cert,
checksig,
certUsage,
pinArg);
/* If this is a server, we're finished. */
if (isServer || secStatus != SECSuccess) {
return secStatus;
}
/* Certificate is OK. Since this is the client side of an SSL
* connection, we need to verify that the name field in the cert
* matches the desired hostname. This is our defense against
* man-in-the-middle attacks.
*/
/* SSL_RevealURL returns a hostName, not an URL. */
hostName = SSL_RevealURL(socket);
if (hostName && hostName[0]) {
secStatus = CERT_VerifyCertName(cert, hostName);
} else {
PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0);
secStatus = SECFailure;
}
if (hostName)
PR_Free(hostName);
return secStatus;
}
/* Function: SECStatus myBadCertHandler()
*
* Purpose: This callback is called when the incoming certificate is not
* valid. We define a certain set of parameters that still cause the
* certificate to be "valid" for this session, and return SECSuccess to cause
* the server to continue processing the request when any of these conditions
* are met. Otherwise, SECFailure is return and the server rejects the
* request.
*/
SECStatus
myBadCertHandler(void *arg, PRFileDesc *socket)
{
SECStatus secStatus = SECFailure;
PRErrorCode err;
/* log invalid cert here */
if (!arg) {
return secStatus;
}
*(PRErrorCode *)arg = err = PORT_GetError();
/* If any of the cases in the switch are met, then we will proceed */
/* with the processing of the request anyway. Otherwise, the default */
/* case will be reached and we will reject the request. */
switch (err) {
case SEC_ERROR_INVALID_AVA:
case SEC_ERROR_INVALID_TIME:
case SEC_ERROR_BAD_SIGNATURE:
case SEC_ERROR_EXPIRED_CERTIFICATE:
case SEC_ERROR_UNKNOWN_ISSUER:
case SEC_ERROR_UNTRUSTED_CERT:
case SEC_ERROR_CERT_VALID:
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
case SEC_ERROR_CRL_EXPIRED:
case SEC_ERROR_CRL_BAD_SIGNATURE:
case SEC_ERROR_EXTENSION_VALUE_INVALID:
case SEC_ERROR_CA_CERT_INVALID:
case SEC_ERROR_CERT_USAGES_INVALID:
case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
secStatus = SECSuccess;
break;
default:
secStatus = SECFailure;
break;
}
printf("Bad certificate: %d, %s\n", err, SSL_Strerror(err));
return secStatus;
}
/* Function: SECStatus ownGetClientAuthData()
*
* Purpose: This callback is used by SSL to pull client certificate
* information upon server request.
*/
SECStatus
myGetClientAuthData(void *arg,
PRFileDesc *socket,
struct CERTDistNamesStr *caNames,
struct CERTCertificateStr **pRetCert,
struct SECKEYPrivateKeyStr **pRetKey)
{
CERTCertificate * cert;
SECKEYPrivateKey * privKey;
char * chosenNickName = (char *)arg;
void * proto_win = NULL;
SECStatus secStatus = SECFailure;
proto_win = SSL_RevealPinArg(socket);
if (chosenNickName) {
cert = PK11_FindCertFromNickname(chosenNickName, proto_win);
if (cert) {
privKey = PK11_FindKeyByAnyCert(cert, proto_win);
if (privKey) {
secStatus = SECSuccess;
} else {
CERT_DestroyCertificate(cert);
}
}
} else { /* no nickname given, automatically find the right cert */
CERTCertNicknames *names;
int i;
names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
SEC_CERT_NICKNAMES_USER, proto_win);
if (names != NULL) {
for(i = 0; i < names->numnicknames; i++ ) {
cert = PK11_FindCertFromNickname(names->nicknames[i],
proto_win);
if (!cert) {
continue;
}
/* Only check unexpired certs */
if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE)
!= secCertTimeValid ) {
CERT_DestroyCertificate(cert);
continue;
}
secStatus = NSS_CmpCertChainWCANames(cert, caNames);
if (secStatus == SECSuccess) {
privKey = PK11_FindKeyByAnyCert(cert, proto_win);
if (privKey) {
break;
}
secStatus = SECFailure;
break;
}
CERT_FreeNicknames(names);
} /* for loop */
}
}
if (secStatus == SECSuccess) {
*pRetCert = cert;
*pRetKey = privKey;
}
return secStatus;
}
/* Function: SECStatus myHandshakeCallback()
*
* Purpose: Called by SSL to inform application that the handshake is
* complete. This function is mostly used on the server side of an SSL
* connection, although it is provided for a client as well.
* Useful when a non-blocking SSL_RedoHandshake or SSL_ResetHandshake
* is used to initiate a handshake.
*
* A typical scenario would be:
*
* 1. Server accepts an SSL connection from the client without client auth.
* 2. Client sends a request.
* 3. Server determines that to service request it needs to authenticate the
* client and initiates another handshake requesting client auth.
* 4. While handshake is in progress, server can do other work or spin waiting
* for the handshake to complete.
* 5. Server is notified that handshake has been successfully completed by
* the custom handshake callback function and it can service the client's
* request.
*
* Note: This function is not implemented in this sample, as we are using
* blocking sockets.
*/
SECStatus
myHandshakeCallback(PRFileDesc *socket, void *arg)
{
printf("Handshake has completed, ready to send data securely.\n");
return SECSuccess;
}
/**************************************************************************
**
** Routines for disabling SSL ciphers.
**
**************************************************************************/
void
disableSSL2Ciphers(void)
{
int i;
/* disable all the SSL2 cipher suites */
for (i = 0; ssl2CipherSuites[i] != 0; ++i) {
SSL_EnableCipher(ssl2CipherSuites[i], SSL_NOT_ALLOWED);
}
}
void
disableSSL3Ciphers(void)
{
int i;
/* disable all the SSL3 cipher suites */
for (i = 0; ssl3CipherSuites[i] != 0; ++i) {
SSL_EnableCipher(ssl3CipherSuites[i], SSL_NOT_ALLOWED);
}
}
/**************************************************************************
**
** Error and information routines.
**
**************************************************************************/
void
errWarn(char *function)
{
PRErrorCode errorNumber = PR_GetError();
const char * errorString = SSL_Strerror(errorNumber);
printf("Error in function %s: %d\n - %s\n",
function, errorNumber, errorString);
}
void
exitErr(char *function)
{
errWarn(function);
/* Exit gracefully. */
NSS_Shutdown();
PR_Cleanup();
exit(1);
}
void
printSecurityInfo(PRFileDesc *fd)
{
char * cp; /* bulk cipher name */
char * ip; /* cert issuer DN */
char * sp; /* cert subject DN */
int op; /* High, Low, Off */
int kp0; /* total key bits */
int kp1; /* secret key bits */
int result;
#if 0
/* statistics from ssl3_SendClientHello (sch) */
extern long ssl3_sch_sid_cache_hits;
extern long ssl3_sch_sid_cache_misses;
extern long ssl3_sch_sid_cache_not_ok;
/* statistics from ssl3_HandleServerHello (hsh) */
extern long ssl3_hsh_sid_cache_hits;
extern long ssl3_hsh_sid_cache_misses;
extern long ssl3_hsh_sid_cache_not_ok;
#endif
/* statistics from ssl3_HandleClientHello (hch) */
extern long ssl3_hch_sid_cache_hits;
extern long ssl3_hch_sid_cache_misses;
extern long ssl3_hch_sid_cache_not_ok;
result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp);
if (result != SECSuccess)
return;
printf("bulk cipher %s, %d secret key bits, %d key bits, status: %d\n"
"subject DN: %s\n"
"issuer DN: %s\n", cp, kp1, kp0, op, sp, ip);
PR_Free(cp);
PR_Free(ip);
PR_Free(sp);
printf("%ld cache hits; %ld cache misses, %ld cache not reusable\n",
ssl3_hch_sid_cache_hits, ssl3_hch_sid_cache_misses,
ssl3_hch_sid_cache_not_ok);
}
/**************************************************************************
** Begin thread management routines and data.
**************************************************************************/
void
thread_wrapper(void * arg)
{
GlobalThreadMgr *threadMGR = (GlobalThreadMgr *)arg;
perThread *slot = &threadMGR->threads[threadMGR->index];
/* wait for parent to finish launching us before proceeding. */
PR_Lock(threadMGR->threadLock);
PR_Unlock(threadMGR->threadLock);
slot->rv = (* slot->startFunc)(slot->a, slot->b);
PR_Lock(threadMGR->threadLock);
slot->running = rs_zombie;
/* notify the thread exit handler. */
PR_NotifyCondVar(threadMGR->threadEndQ);
PR_Unlock(threadMGR->threadLock);
}
SECStatus
launch_thread(GlobalThreadMgr *threadMGR,
startFn *startFunc,
void *a,
int b)
{
perThread *slot;
int i;
if (!threadMGR->threadStartQ) {
threadMGR->threadLock = PR_NewLock();
threadMGR->threadStartQ = PR_NewCondVar(threadMGR->threadLock);
threadMGR->threadEndQ = PR_NewCondVar(threadMGR->threadLock);
}
PR_Lock(threadMGR->threadLock);
while (threadMGR->numRunning >= MAX_THREADS) {
PR_WaitCondVar(threadMGR->threadStartQ, PR_INTERVAL_NO_TIMEOUT);
}
for (i = 0; i < threadMGR->numUsed; ++i) {
slot = &threadMGR->threads[i];
if (slot->running == rs_idle)
break;
}
if (i >= threadMGR->numUsed) {
if (i >= MAX_THREADS) {
/* something's really wrong here. */
PORT_Assert(i < MAX_THREADS);
PR_Unlock(threadMGR->threadLock);
return SECFailure;
}
++(threadMGR->numUsed);
PORT_Assert(threadMGR->numUsed == i + 1);
slot = &threadMGR->threads[i];
}
slot->a = a;
slot->b = b;
slot->startFunc = startFunc;
threadMGR->index = i;
slot->prThread = PR_CreateThread(PR_USER_THREAD,
thread_wrapper, threadMGR,
PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
PR_JOINABLE_THREAD, 0);
if (slot->prThread == NULL) {
PR_Unlock(threadMGR->threadLock);
printf("Failed to launch thread!\n");
return SECFailure;
}
slot->inUse = 1;
slot->running = 1;
++(threadMGR->numRunning);
PR_Unlock(threadMGR->threadLock);
printf("Launched thread in slot %d \n", threadMGR->index);
return SECSuccess;
}
SECStatus
reap_threads(GlobalThreadMgr *threadMGR)
{
perThread * slot;
int i;
if (!threadMGR->threadLock)
return 0;
PR_Lock(threadMGR->threadLock);
while (threadMGR->numRunning > 0) {
PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT);
for (i = 0; i < threadMGR->numUsed; ++i) {
slot = &threadMGR->threads[i];
if (slot->running == rs_zombie) {
/* Handle cleanup of thread here. */
printf("Thread in slot %d returned %d\n", i, slot->rv);
/* Now make sure the thread has ended OK. */
PR_JoinThread(slot->prThread);
slot->running = rs_idle;
--threadMGR->numRunning;
/* notify the thread launcher. */
PR_NotifyCondVar(threadMGR->threadStartQ);
}
}
}
/* Safety Sam sez: make sure count is right. */
for (i = 0; i < threadMGR->numUsed; ++i) {
slot = &threadMGR->threads[i];
if (slot->running != rs_idle) {
fprintf(stderr, "Thread in slot %d is in state %d!\n",
i, slot->running);
}
}
PR_Unlock(threadMGR->threadLock);
return 0;
}
void
destroy_thread_data(GlobalThreadMgr *threadMGR)
{
PORT_Memset(threadMGR->threads, 0, sizeof(threadMGR->threads));
if (threadMGR->threadEndQ) {
PR_DestroyCondVar(threadMGR->threadEndQ);
threadMGR->threadEndQ = NULL;
}
if (threadMGR->threadStartQ) {
PR_DestroyCondVar(threadMGR->threadStartQ);
threadMGR->threadStartQ = NULL;
}
if (threadMGR->threadLock) {
PR_DestroyLock(threadMGR->threadLock);
threadMGR->threadLock = NULL;
}
}
/**************************************************************************
** End thread management routines.
**************************************************************************/
void
lockedVars_Init( lockedVars * lv)
{
lv->count = 0;
lv->waiters = 0;
lv->lock = PR_NewLock();
lv->condVar = PR_NewCondVar(lv->lock);
}
void
lockedVars_Destroy( lockedVars * lv)
{
PR_DestroyCondVar(lv->condVar);
lv->condVar = NULL;
PR_DestroyLock(lv->lock);
lv->lock = NULL;
}
void
lockedVars_WaitForDone(lockedVars * lv)
{
PR_Lock(lv->lock);
while (lv->count > 0) {
PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
}
PR_Unlock(lv->lock);
}
int /* returns count */
lockedVars_AddToCount(lockedVars * lv, int addend)
{
int rv;
PR_Lock(lv->lock);
rv = lv->count += addend;
if (rv <= 0) {
PR_NotifyCondVar(lv->condVar);
}
PR_Unlock(lv->lock);
return rv;
}

179
security/nss/cmd/SSLsample/sslsample.h Normal file
Просмотреть файл

@ -0,0 +1,179 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#ifndef SSLSAMPLE_H
#define SSLSAMPLE_H
/* Generic header files */
#include <stdio.h>
#include <string.h>
/* NSPR header files */
#include "nspr.h"
#include "prerror.h"
#include "prnetdb.h"
/* NSS header files */
#include "pk11func.h"
#include "secitem.h"
#include "ssl.h"
#include "certt.h"
#include "nss.h"
#include "secrng.h"
#include "secder.h"
#include "key.h"
#include "sslproto.h"
/* Custom header files */
/*
#include "sslerror.h"
*/
#define BUFFER_SIZE 10240
/* Declare SSL cipher suites. */
extern int cipherSuites[];
extern int ssl2CipherSuites[];
extern int ssl3CipherSuites[];
/* Data buffer read from a socket. */
typedef struct DataBufferStr {
char data[BUFFER_SIZE];
int index;
int remaining;
int dataStart;
int dataEnd;
} DataBuffer;
/* SSL callback routines. */
char * myPasswd(PK11SlotInfo *info, PRBool retry, void *arg);
SECStatus myAuthCertificate(void *arg, PRFileDesc *socket,
PRBool checksig, PRBool isServer);
SECStatus myBadCertHandler(void *arg, PRFileDesc *socket);
SECStatus myHandshakeCallback(PRFileDesc *socket, void *arg);
SECStatus myGetClientAuthData(void *arg, PRFileDesc *socket,
struct CERTDistNamesStr *caNames,
struct CERTCertificateStr **pRetCert,
struct SECKEYPrivateKeyStr **pRetKey);
/* Disable all v2/v3 SSL ciphers. */
void disableSSL2Ciphers(void);
void disableSSL3Ciphers(void);
/* Error and information utilities. */
void errWarn(char *function);
void exitErr(char *function);
void printSecurityInfo(PRFileDesc *fd);
/* Some simple thread management routines. */
#define MAX_THREADS 32
typedef SECStatus startFn(void *a, int b);
typedef enum { rs_idle = 0, rs_running = 1, rs_zombie = 2 } runState;
typedef struct perThreadStr {
PRFileDesc *a;
int b;
int rv;
startFn *startFunc;
PRThread *prThread;
PRBool inUse;
runState running;
} perThread;
typedef struct GlobalThreadMgrStr {
PRLock *threadLock;
PRCondVar *threadStartQ;
PRCondVar *threadEndQ;
perThread threads[MAX_THREADS];
int index;
int numUsed;
int numRunning;
} GlobalThreadMgr;
void thread_wrapper(void * arg);
SECStatus launch_thread(GlobalThreadMgr *threadMGR,
startFn *startFunc, void *a, int b);
SECStatus reap_threads(GlobalThreadMgr *threadMGR);
void destroy_thread_data(GlobalThreadMgr *threadMGR);
/* Management of locked variables. */
struct lockedVarsStr {
PRLock * lock;
int count;
int waiters;
PRCondVar * condVar;
};
typedef struct lockedVarsStr lockedVars;
void lockedVars_Init(lockedVars *lv);
void lockedVars_Destroy(lockedVars *lv);
void lockedVars_WaitForDone(lockedVars *lv);
int lockedVars_AddToCount(lockedVars *lv, int addend);
/* Buffer stuff. */
static const char stopCmd[] = { "GET /stop " };
static const char defaultHeader[] = {
"HTTP/1.0 200 OK\r\n"
"Server: SSL sample server\r\n"
"Content-type: text/plain\r\n"
"\r\n"
};
#endif

76
security/nss/cmd/atob/Makefile Normal file
Просмотреть файл

@ -0,0 +1,76 @@
#! gmake
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platlibs.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platrules.mk

176
security/nss/cmd/atob/atob.c Normal file
Просмотреть файл

@ -0,0 +1,176 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "plgetopt.h"
#include "secutil.h"
#include "nssb64.h"
#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
#if !defined(WIN32)
extern int fread(char *, size_t, size_t, FILE*);
extern int fwrite(char *, size_t, size_t, FILE*);
extern int fprintf(FILE *, char *, ...);
#endif
#endif
#if defined(WIN32)
#include "fcntl.h"
#include "io.h"
#endif
static PRInt32
output_binary (void *arg, const unsigned char *obuf, PRInt32 size)
{
FILE *outFile = arg;
int nb;
nb = fwrite(obuf, 1, size, outFile);
if (nb != size) {
PORT_SetError(SEC_ERROR_IO);
return -1;
}
return nb;
}
static SECStatus
decode_file(FILE *outFile, FILE *inFile)
{
NSSBase64Decoder *cx;
int nb;
SECStatus status = SECFailure;
char ibuf[4096];
cx = NSSBase64Decoder_Create(output_binary, outFile);
if (!cx) {
return -1;
}
for (;;) {
if (feof(inFile)) break;
nb = fread(ibuf, 1, sizeof(ibuf), inFile);
if (nb != sizeof(ibuf)) {
if (nb == 0) {
if (ferror(inFile)) {
PORT_SetError(SEC_ERROR_IO);
goto loser;
}
/* eof */
break;
}
}
status = NSSBase64Decoder_Update(cx, ibuf, nb);
if (status != SECSuccess) goto loser;
}
return NSSBase64Decoder_Destroy(cx, PR_FALSE);
loser:
(void) NSSBase64Decoder_Destroy(cx, PR_TRUE);
return status;
}
static void Usage(char *progName)
{
fprintf(stderr,
"Usage: %s [-i input] [-o output]\n",
progName);
fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
"-i input");
fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
"-o output");
exit(-1);
}
int main(int argc, char **argv)
{
char *progName;
SECStatus rv;
FILE *inFile, *outFile;
PLOptState *optstate;
PLOptStatus status;
inFile = 0;
outFile = 0;
progName = strrchr(argv[0], '/');
progName = progName ? progName+1 : argv[0];
/* Parse command line arguments */
optstate = PL_CreateOptState(argc, argv, "i:o:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case '?':
Usage(progName);
break;
case 'i':
inFile = fopen(optstate->value, "r");
if (!inFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
progName, optstate->value);
return -1;
}
break;
case 'o':
outFile = fopen(optstate->value, "wb");
if (!outFile) {
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
progName, optstate->value);
return -1;
}
break;
}
}
if (!inFile) inFile = stdin;
if (!outFile) {
#if defined(WIN32)
int smrv = _setmode(_fileno(stdout), _O_BINARY);
if (smrv == -1) {
fprintf(stderr,
"%s: Cannot change stdout to binary mode. Use -o option instead.\n",
progName);
return smrv;
}
#endif
outFile = stdout;
}
rv = decode_file(outFile, inFile);
if (rv != SECSuccess) {
fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
progName, PORT_GetError(), errno);
return -1;
}
return 0;
}

155
security/nss/cmd/atob/makefile.win Normal file
Просмотреть файл

@ -0,0 +1,155 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
VERBOSE = 1
include <manifest.mn>
#cannot define PROGRAM in manifest compatibly with NT and UNIX
PROGRAM = atob
PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe
include <$(DEPTH)\config\config.mak>
# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/
# rules.mak will append C_OBJS onto OBJS.
# OBJS = $(CSRCS:.c=.obj)
# include files are looked for in $LINCS and $INCS.
# $LINCS is in manifest.mnw, computed from REQUIRES=
INCS = $(INCS) \
-I$(DEPTH)/security/lib/cert \
-I../include \
$(NULL)
IGNORE_ME = \
-I$(DEPTH)/security/lib/key \
-I$(DEPTH)/security/lib/util \
$(NULL)
WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg
# these files are the content of libdbm
DBM_LIB = \
$(WINFE)/DB.obj \
$(WINFE)/HASH.obj \
$(WINFE)/H_BIGKEY.obj \
$(WINFE)/H_PAGE.obj \
$(WINFE)/H_LOG2.obj \
$(WINFE)/H_FUNC.obj \
$(WINFE)/HASH_BUF.obj \
$(NULL)
MOZ_LIBS = \
$(WINFE)/ALLXPSTR.obj \
$(WINFE)/XP_ERROR.obj \
$(WINFE)/XPASSERT.obj \
$(WINFE)/XP_REG.obj \
$(WINFE)/XP_TRACE.obj \
$(DBM_LIB) \
$(WINFE)/XP_STR.obj \
$(WINFE)/MKTEMP.obj \
$(NULL)
SEC_LIBS = \
$(DIST)/lib/cert$(MOZ_BITS).lib \
$(DIST)/lib/crypto$(MOZ_BITS).lib \
$(DIST)/lib/hash$(MOZ_BITS).lib \
$(DIST)/lib/key$(MOZ_BITS).lib \
$(DIST)/lib/pkcs7$(MOZ_BITS).lib \
$(DIST)/lib/secmod$(MOZ_BITS).lib \
$(DIST)/lib/secutl$(MOZ_BITS).lib \
$(DIST)/lib/ssl$(MOZ_BITS).lib \
$(NULL)
LLFLAGS = $(LLFLAGS) \
../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \
$(SEC_LIBS) \
$(MOZ_LIBS) \
$(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \
$(LIBNSPR) \
$(NULL)
# awt3240.lib # brpref32.lib # cert32.lib
# crypto32.lib # dllcom.lib # editor32.lib
# edpref32.lib # edtplug.lib # font.lib
# hash32.lib # htmldg32.lib # img32.lib
# javart32.lib # jbn3240.lib # jdb3240.lib
# jmc.lib # jpeg3240.lib # jpw3240.lib
# jrt3240.lib # js3240.lib # jsd3240.lib
# key32.lib # libapplet32.lib # libnjs32.lib
# libnsc32.lib # libreg32.lib # mm3240.lib
# mnpref32.lib # netcst32.lib # nsdlg32.lib
# nsldap32.lib # nsldaps32.lib # nsn32.lib
# pkcs1232.lib # pkcs732.lib # pr3240.lib
# prefui32.lib # prefuuid.lib # secmod32.lib
# secnav32.lib # secutl32.lib # softup32.lib
# sp3240.lib # ssl32.lib # uni3200.lib
# unicvt32.lib # win32md.lib # winfont.lib
# xppref32.lib # zlib32.lib
include <$(DEPTH)\config\rules.mak>
INSTALL = $(MAKE_INSTALL)
objs: $(OBJS)
$(PROGRAM)::
$(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR)
programs: $(PROGRAM)
install:: $(TARGETS)
$(INSTALL) $(TARGETS) $(DIST)/bin
# ALLXPSTR.obj XP_ALLOC.obj XP_HASH.obj XP_RGB.obj XP_WRAP.obj
# CXPRINT.obj XP_C.cl XP_LIST.obj XP_SEC.obj netscape.exp
# CXPRNDLG.obj XP_CNTXT.obj XP_MD5.obj XP_STR.obj xp.pch
# EXPORT.obj XP_CORE.obj XP_MESG.obj XP_THRMO.obj xppref32.dll
# XPASSERT.obj XP_ERROR.obj XP_RECT.obj XP_TIME.obj
# XPLOCALE.obj XP_FILE.obj XP_REG.obj XP_TRACE.obj
symbols:
@echo "CSRCS = $(CSRCS)"
@echo "INCS = $(INCS)"
@echo "OBJS = $(OBJS)"
@echo "LIBRARY = $(LIBRARY)"
@echo "PROGRAM = $(PROGRAM)"
@echo "TARGETS = $(TARGETS)"
@echo "DIST = $(DIST)"
@echo "VERSION_NUMBER = $(VERSION_NUMBER)"
@echo "WINFE = $(WINFE)"
@echo "DBM_LIB = $(DBM_LIB)"
@echo "INSTALL = $(INSTALL)"

50
security/nss/cmd/atob/manifest.mn Normal file
Просмотреть файл

@ -0,0 +1,50 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
CORE_DEPTH = ../../..
# MODULE public and private header directories are implicitly REQUIRED.
MODULE = security
# This next line is used by .mk files
# and gets translated into $LINCS in manifest.mnw
# The MODULE is always implicitly required.
# Listing it here in REQUIRES makes it appear twice in the cc command line.
REQUIRES = seccmd dbm
DEFINES = -DNSPR20
CSRCS = atob.c
PROGRAM = atob

75
security/nss/cmd/btoa/Makefile Normal file
Просмотреть файл

@ -0,0 +1,75 @@
#! gmake
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platlibs.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platrules.mk

181
security/nss/cmd/btoa/btoa.c Normal file
Просмотреть файл

@ -0,0 +1,181 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "plgetopt.h"
#include "secutil.h"
#include "nssb64.h"
#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
#if !defined(WIN32)
extern int fread(char *, size_t, size_t, FILE*);
extern int fwrite(char *, size_t, size_t, FILE*);
extern int fprintf(FILE *, char *, ...);
#endif
#endif
#if defined(WIN32)
#include "fcntl.h"
#include "io.h"
#endif
static PRInt32
output_ascii (void *arg, const char *obuf, PRInt32 size)
{
FILE *outFile = arg;
int nb;
nb = fwrite(obuf, 1, size, outFile);
if (nb != size) {
PORT_SetError(SEC_ERROR_IO);
return -1;
}
return nb;
}
static SECStatus
encode_file(FILE *outFile, FILE *inFile)
{
NSSBase64Encoder *cx;
int nb;
SECStatus status = SECFailure;
unsigned char ibuf[4096];
cx = NSSBase64Encoder_Create(output_ascii, outFile);
if (!cx) {
return -1;
}
for (;;) {
if (feof(inFile)) break;
nb = fread(ibuf, 1, sizeof(ibuf), inFile);
if (nb != sizeof(ibuf)) {
if (nb == 0) {
if (ferror(inFile)) {
PORT_SetError(SEC_ERROR_IO);
goto loser;
}
/* eof */
break;
}
}
status = NSSBase64Encoder_Update(cx, ibuf, nb);
if (status != SECSuccess) goto loser;
}
return NSSBase64Encoder_Destroy(cx, PR_FALSE);
loser:
(void) NSSBase64Encoder_Destroy(cx, PR_TRUE);
return status;
}
static void Usage(char *progName)
{
fprintf(stderr,
"Usage: %s [-i input] [-o output]\n",
progName);
fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
"-i input");
fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
"-o output");
exit(-1);
}
int main(int argc, char **argv)
{
char *progName;
SECStatus rv;
FILE *inFile, *outFile;
PLOptState *optstate;
PLOptStatus status;
inFile = 0;
outFile = 0;
progName = strrchr(argv[0], '/');
progName = progName ? progName+1 : argv[0];
/* Parse command line arguments */
optstate = PL_CreateOptState(argc, argv, "i:o:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case '?':
Usage(progName);
break;
case 'i':
inFile = fopen(optstate->value, "rb");
if (!inFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
progName, optstate->value);
return -1;
}
break;
case 'o':
outFile = fopen(optstate->value, "w");
if (!outFile) {
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
progName, optstate->value);
return -1;
}
break;
}
}
if (!inFile) {
#if defined(WIN32)
/* If we're going to read binary data from stdin, we must put stdin
** into O_BINARY mode or else incoming \r\n's will become \n's.
*/
int smrv = _setmode(_fileno(stdin), _O_BINARY);
if (int smrv == -1) {
fprintf(stderr,
"%s: Cannot change stdin to binary mode. Use -i option instead.\n",
progName);
return smrv;
}
#endif
inFile = stdin;
}
if (!outFile)
outFile = stdout;
rv = encode_file(outFile, inFile);
if (rv != SECSuccess) {
fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
progName, PORT_GetError(), errno);
return -1;
}
return 0;
}

130
security/nss/cmd/btoa/makefile.win Normal file
Просмотреть файл

@ -0,0 +1,130 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
VERBOSE = 1
include <manifest.mn>
#cannot define PROGRAM in manifest compatibly with NT and UNIX
PROGRAM = btoa
PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe
include <$(DEPTH)\config\config.mak>
# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/
# rules.mak will append C_OBJS onto OBJS.
# OBJS = $(CSRCS:.c=.obj)
# include files are looked for in $LINCS and $INCS.
# $LINCS is in manifest.mnw, computed from REQUIRES=
INCS = $(INCS) \
-I$(DEPTH)/security/lib/cert \
-I../include \
$(NULL)
IGNORE_ME = \
-I$(DEPTH)/security/lib/key \
-I$(DEPTH)/security/lib/util \
$(NULL)
WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg
# these files are the content of libdbm
DBM_LIB = \
$(WINFE)/DB.obj \
$(WINFE)/HASH.obj \
$(WINFE)/H_BIGKEY.obj \
$(WINFE)/H_PAGE.obj \
$(WINFE)/H_LOG2.obj \
$(WINFE)/H_FUNC.obj \
$(WINFE)/HASH_BUF.obj \
$(NULL)
MOZ_LIBS = \
$(WINFE)/ALLXPSTR.obj \
$(WINFE)/XP_ERROR.obj \
$(WINFE)/XPASSERT.obj \
$(WINFE)/XP_REG.obj \
$(WINFE)/XP_TRACE.obj \
$(DBM_LIB) \
$(WINFE)/XP_STR.obj \
$(WINFE)/MKTEMP.obj \
$(NULL)
SEC_LIBS = \
$(DIST)/lib/cert$(MOZ_BITS).lib \
$(DIST)/lib/crypto$(MOZ_BITS).lib \
$(DIST)/lib/hash$(MOZ_BITS).lib \
$(DIST)/lib/key$(MOZ_BITS).lib \
$(DIST)/lib/pkcs7$(MOZ_BITS).lib \
$(DIST)/lib/secmod$(MOZ_BITS).lib \
$(DIST)/lib/secutl$(MOZ_BITS).lib \
$(DIST)/lib/ssl$(MOZ_BITS).lib \
$(NULL)
LLFLAGS = $(LLFLAGS) \
../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \
$(SEC_LIBS) \
$(MOZ_LIBS) \
$(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \
$(LIBNSPR) \
$(NULL)
include <$(DEPTH)\config\rules.mak>
INSTALL = $(MAKE_INSTALL)
objs: $(OBJS)
$(PROGRAM)::
$(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR)
programs: $(PROGRAM)
install:: $(TARGETS)
$(INSTALL) $(TARGETS) $(DIST)/bin
symbols:
@echo "CSRCS = $(CSRCS)"
@echo "INCS = $(INCS)"
@echo "OBJS = $(OBJS)"
@echo "LIBRARY = $(LIBRARY)"
@echo "PROGRAM = $(PROGRAM)"
@echo "TARGETS = $(TARGETS)"
@echo "DIST = $(DIST)"
@echo "VERSION_NUMBER = $(VERSION_NUMBER)"
@echo "WINFE = $(WINFE)"
@echo "DBM_LIB = $(DBM_LIB)"
@echo "INSTALL = $(INSTALL)"

49
security/nss/cmd/btoa/manifest.mn Normal file
Просмотреть файл

@ -0,0 +1,49 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
CORE_DEPTH = ../../..
# MODULE public and private header directories are implicitly REQUIRED.
MODULE = security
# This next line is used by .mk files
# and gets translated into $LINCS in manifest.mnw
# MODULE is implicitly REQUIRED, doesn't need to be listed below.
REQUIRES = seccmd dbm
DEFINES = -DNSPR20
CSRCS = btoa.c
PROGRAM = btoa

76
security/nss/cmd/certcgi/Makefile Normal file
Просмотреть файл

@ -0,0 +1,76 @@
#! gmake
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platlibs.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platrules.mk

48
security/nss/cmd/certcgi/ca.html Normal file
Просмотреть файл

@ -0,0 +1,48 @@
<!--
- The contents of this file are subject to the Mozilla Public
- License Version 1.1 (the "License"); you may not use this file
- except in compliance with the License. You may obtain a copy of
- the License at http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS
- IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- implied. See the License for the specific language governing
- rights and limitations under the License.
-
- The Original Code is the Netscape security libraries.
-
- The Initial Developer of the Original Code is Netscape
- Communications Corporation. Portions created by Netscape are
- Copyright (C) 1994-2000 Netscape Communications Corporation. All
- Rights Reserved.
-
- Contributor(s):
-
- Alternatively, the contents of this file may be used under the
- terms of the GNU General Public License Version 2 or later (the
- "GPL"), in which case the provisions of the GPL are applicable
- instead of those above. If you wish to allow use of your
- version of this file only under the terms of the GPL and not to
- allow others to use your version of this file under the MPL,
- indicate your decision by deleting the provisions above and
- replace them with the notice and other provisions required by
- the GPL. If you do not delete the provisions above, a recipient
- may use your version of this file under either the MPL or the
- GPL.
-->
<form method="post" name="ca_form" action="mailto:jerdonek@netscape.com">
<input type="radio" name="caChoiceradio" value="SignWithDefaultkey"
onClick="{parent.choice_change(this.form)}">
Use the Cert-O-matic certificate to issue the cert</p>
<input type="radio" name="caChoiceradio" value="SignWithRandomChain"
onClick="{parent.choice_change(this.form)}"> Use a
<input type="text" size="2" maxsize="2" name="autoCAs"> CA long
automatically generated chain ending with the Cert-O-Matic Cert
(18 maximum)</p>
<input type="radio" name="caChoiceradio" value="SignWithSpecifiedChain"
onClick="{parent.choice_change(this.form)}"> Use a
<input type="text" size="1" maxlength="1" name="manCAs"
onChange="{parent.ca_num_change(this.value,this.form)}"> CA long
user input chain ending in the Cert-O-Matic Cert.</p>
</form>

385
security/nss/cmd/certcgi/ca_form.html Normal file
Просмотреть файл

@ -0,0 +1,385 @@
<html>
<!--
- The contents of this file are subject to the Mozilla Public
- License Version 1.1 (the "License"); you may not use this file
- except in compliance with the License. You may obtain a copy of
- the License at http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS
- IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- implied. See the License for the specific language governing
- rights and limitations under the License.
-
- The Original Code is the Netscape security libraries.
-
- The Initial Developer of the Original Code is Netscape
- Communications Corporation. Portions created by Netscape are
- Copyright (C) 1994-2000 Netscape Communications Corporation. All
- Rights Reserved.
-
- Contributor(s):
-
- Alternatively, the contents of this file may be used under the
- terms of the GNU General Public License Version 2 or later (the
- "GPL"), in which case the provisions of the GPL are applicable
- instead of those above. If you wish to allow use of your
- version of this file only under the terms of the GPL and not to
- allow others to use your version of this file under the MPL,
- indicate your decision by deleting the provisions above and
- replace them with the notice and other provisions required by
- the GPL. If you do not delete the provisions above, a recipient
- may use your version of this file under either the MPL or the
- GPL.
-->
<form method="post" name="primary_form" action="http://troll.mcom.com/jsw/cgi-bin/echoform.cgi">
<table border=0 cellspacing=10 cellpadding=0>
<tr>
<td>
Common Name:</td><td> <input type="text" name="name" onChange="{window.top.reset_subject('CN=', value, form)}"></p>
</td>
<td></td><td></td><td>
Mail: </td><td><input type="text" name="email" onChange="var temp;{if (email_type[0].checked) {temp = 'MAIL='} else {temp = 'E='}} ;{window.top.reset_subject(temp, value, form)}"></p>
RFC 1274<input type="radio" name="email_type" value="1" onClick="window.top.switch_mail(form)">
e-mail<input type="radio" name="email_type" value="2" checked onClick="window.top.switch_mail(form)"></td>
<tr>
<td>
Organization: </td><td> <input type="text" name="org" onChange="{window.top.reset_subject('O=', value, form)}"></p></td>
<td></td><td></td><td>
Organizational Unit: </td><td><input type="text" name="org_unit" onChange="{window.top.reset_subject('OU=', value, form)}"></p></td>
<tr>
<td>
RFC 1274 UID: </td><td><input type="text" name="uid" onChange="{window.top.reset_subject('UID=', value, form)}"></p></td>
<td></td><td></td><td>
Locality: </td><td><input type="text" name="loc" onChange="{window.top.reset_subject('L=', value, form)}"></p></td>
<tr>
<td>
State or Province: </td><td><input type="text" name="state" onChange="{window.top.reset_subject('ST=', value, form)}"></p></td>
<td></td><td></td><td>
Country: </td><td><input type="text" size="2" maxsize="2" name="country" onChange="{window.top.reset_subject('C=', value, form)}"></p></td>
</table>
<table border=0 cellspacing=10 cellpadding=0>
<tr>
<td>
Serial Number:</p>
<DD>
<input type="radio" name="serial" value="auto" checked> Auto Generate</P>
<DD>
<input type="radio" name="serial" value="input">
Use this value: <input type="text" name="serial_value" size="8" maxlength="8"></p>
</td>
<td></td><td></td><td></td><td></td>
<td>
X.509 version:</p>
<DD>
<input type="radio" name="ver" value="1" checked> Version 1</p>
<DD>
<input type="radio" name="ver" value="3"> Version 3</P></td>
<td></td><td></td><td></td><td></td><td></td><td></td><td></td><td></td><td></td>
<td>
Key Type:</p>
<DD>
<input type="radio" name="keyType" value="rsa" checked> RSA</p>
<DD>
<input type="radio" name="keyType" value="dsa"> DSA</P></td>
</table>
DN: <input type="text" name="subject" size="70" onChange="{window.top.reset_subjectFields(form)}"></P>
<Select name="keysize">
<option>1024 (High Grade)
<option>768 (Medium Grade)
<option>512 (Low Grade)
</select>
</p>
<hr>
</p>
<table border=1 cellspacing=5 cellpadding=5>
<tr>
<td>
<b>Netscape Certificate Type: </b></p>
Activate extension: <input type="checkbox" name="netscape-cert-type"></P>
Critical: <input type="checkbox" name="netscape-cert-type-crit">
<td>
<input type="checkbox" name="netscape-cert-type-ssl-client"> SSL Client</P>
<input type="checkbox" name="netscape-cert-type-ssl-server"> SSL Server</P>
<input type="checkbox" name="netscape-cert-type-smime"> S/MIME</P>
<input type="checkbox" name="netscape-cert-type-object-signing"> Object Signing</P>
<input type="checkbox" name="netscape-cert-type-reserved"> Reserved for future use (bit 4)</P>
<input type="checkbox" name="netscape-cert-type-ssl-ca"> SSL CA</P>
<input type="checkbox" name="netscape-cert-type-smime-ca"> S/MIME CA</P>
<input type="checkbox" name="netscape-cert-type-object-signing-ca"> Object Signing CA</P>
</tr>
<tr>
<td>
<b>Netscape Base URL:</b></p>
Activate extension: <input type="checkbox" name="netscape-base-url"></P>
Critical: <input type="checkbox" name="netscape-base-url-crit">
<td>
<input type="text" name="netscape-base-url-text" size="50">
</tr>
<tr>
<td>
<b>Netscape Revocation URL:</b></p>
Activate extension: <input type="checkbox" name="netscape-revocation-url"></P>
Critical: <input type="checkbox" name="netscape-revocation-url-crit">
<td>
<input type="text" name="netscape-revocation-url-text" size="50">
</tr>
<tr>
<td>
<b>Netscape CA Revocation URL:</b></p>
Activate extension: <input type="checkbox" name="netscape-ca-revocation-url"></P>
Critical: <input type="checkbox" name="netscape-ca-revocation-url-crit">
<td>
<input type="text" name="netscape-ca-revocation-url-text" size="50">
</tr>
<tr>
<td>
<b>Netscape Certificate Renewal URL:</b></p>
Activate extension: <input type="checkbox" name="netscape-cert-renewal-url"></P>
Critical: <input type="checkbox" name="netscape-cert-renewal-url-crit">
<td>
<input type="text" name="netscape-cert-renewal-url-text" size="50">
</tr>
<tr>
<td>
<b>Netscape CA Policy URL:</b></p>
Activate extension: <input type="checkbox" name="netscape-ca-policy-url"></P>
Critical: <input type="checkbox" name="netscape-ca-policy-url-crit">
<td>
<input type="text" name="netscape-ca-policy-url-text" size="50">
</tr>
<tr>
<td>
<b>Netscape SSL Server Name:</b></p>
Activate extension: <input type="checkbox" name="netscape-ssl-server-name"></P>
Critical: <input type="checkbox" name="netscape-ssl-server-name-crit">
<td>
<input type="text" name="netscape-ssl-server-name-text" size="50">
</tr>
<tr>
<td>
<b>Netscape Comment:</b></p>
Activate extension: <input type="checkbox" name="netscape-comment"></P>
Critical: <input type="checkbox" name="netscape-comment-crit">
<td>
<textarea name="netscape-comment-text" rows="5" cols="50"></textarea>
</tr>
</table>
</p>
<hr>
</p>
<table border=1 cellspacing=5 cellpadding=5>
<form method="post" name="primary_form" action="http://troll.mcom.com/jsw/cgi-bin/echoform.cgi">
<tr>
<td>
<b>Key Usage: </b></p>
Activate extension: <input type="checkbox" name="keyUsage"></P>
Critical: <input type="checkbox" name="keyUsage-crit">
<td>
<input type="checkbox" name="keyUsage-digitalSignature"> Digital Signature</P>
<input type="checkbox" name="keyUsage-nonRepudiation"> Non Repudiation</P>
<input type="checkbox" name="keyUsage-keyEncipherment"> Key Encipherment</P>
<input type="checkbox" name="keyUsage-dataEncipherment"> Data Encipherment</P>
<input type="checkbox" name="keyUsage-keyAgreement"> Key Agreement</P>
<input type="checkbox" name="keyUsage-keyCertSign"> Key Certificate Signing</P>
<input type="checkbox" name="keyUsage-cRLSign"> CRL Signing</P>
</tr>
<tr>
<td>
<b>Extended Key Usage: </b></p>
Activate extension: <input type="checkbox" name="extKeyUsage"></P>
Critical: <input type="checkbox" name="extKeyUsage-crit">
<td>
<input type="checkbox" name="extKeyUsage-serverAuth"> Server Auth</P>
<input type="checkbox" name="extKeyUsage-clientAuth"> Client Auth</P>
<input type="checkbox" name="extKeyUsage-codeSign"> Code Signing</P>
<input type="checkbox" name="extKeyUsage-emailProtect"> Email Protection</P>
<input type="checkbox" name="extKeyUsage-timeStamp"> Timestamp</P>
<input type="checkbox" name="extKeyUsage-ocspResponder"> OCSP Responder</P>
<input type="checkbox" name="extKeyUsage-NS-govtApproved"> Step-up</P>
</tr>
<tr>
<td>
<b>Basic Constraints:</b></p>
Activate extension: <input type="checkbox" name="basicConstraints"></P>
Critical: <input type="checkbox" name="basicConstraints-crit">
<td>
CA:</p>
<dd><input type=radio name="basicConstraints-cA-radio" value="CA"> True</p>
<dd><input type=radio name="basicConstraints-cA-radio" value="NotCA"> False</p>
<input type="checkbox" name="basicConstraints-pathLengthConstraint">
Include Path length: <input type="text" name="basicConstraints-pathLengthConstraint-text" size="2"></p>
</tr>
<tr>
<td>
<b>Authority Key Identifier:</b></p>
Activate extension: <input type="checkbox" name="authorityKeyIdentifier">
<td>
<input type="radio" name="authorityKeyIdentifier-radio" value="keyIdentifier"> Key Identider</p>
<input type="radio" name="authorityKeyIdentifier-radio" value="authorityCertIssuer"> Issuer Name and Serial number</p>
</tr>
<tr>
<td>
<b>Subject Key Identifier:</b></p>
Activate extension: <input type="checkbox" name="subjectKeyIdentifier">
<td>
Key Identifier:
<input type="text" name="subjectKeyIdentifier-text"></p>
This is an:<p>
<dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="ascii"> ascii text value<p>
<dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="hex"> hex value<p>
</tr>
<tr>
<td>
<b>Private Key Usage Period:</b></p>
Activate extension: <input type="checkbox" name="privKeyUsagePeriod"></p>
Critical: <input type="checkbox" name="privKeyUsagePeriod-crit">
<td>
Use:</p>
<dd><input type="radio" name="privKeyUsagePeriod-radio" value="notBefore"> Not Before</p>
<dd><input type="radio" name="privKeyUsagePeriod-radio" value="notAfter"> Not After</p>
<dd><input type="radio" name="privKeyUsagePeriod-radio" value="both" > Both</p>
<b>Not to be used to sign before:</b></p>
<dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="auto"> Set to time of certificate issue</p>
<dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="manual"> Use This value</p>
<dd><dd>(YYYY/MM/DD HH:MM:SS):
<input type="text" name="privKeyUsagePeriod-notBefore-year" size="4" maxlength="4">/
<input type="text" name="privKeyUsagePeriod-notBefore-month" size="2" maxlength="2">/
<input type="text" name="privKeyUsagePeriod-notBefore-day" size="2" maxlength="2">
<input type="text" name="privKeyUsagePeriod-notBefore-hour" size="2" maxlength="2">:
<input type="text" name="privKeyUsagePeriod-notBefore-minute" size="2" maxlength="2">:
<input type="text" name="privKeyUsagePeriod-notBefore-second" size="2" maxlength="2"></p>
<b>Not to be used to sign after:</b></p>
<dd>(YYYY/MM/DD HH:MM:SS):
<input type="text" name="privKeyUsagePeriod-notAfter-year" size="4" maxlength="4">/
<input type="text" name="privKeyUsagePeriod-notAfter-month" size="2" maxlength="2">/
<input type="text" name="privKeyUsagePeriod-notAfter-day" size="2" maxlength="2">
<input type="text" name="privKeyUsagePeriod-notAfter-hour" size="2" maxlength="2">:
<input type="text" name="privKeyUsagePeriod-notAfter-minute" size="2" maxlength="2">:
<input type="text" name="privKeyUsagePeriod-notAfter-second" size="2" maxlength="2"></p>
</tr>
<tr>
<td>
<b>Subject Alternative Name:</b></p>
Activate extension: <input type="checkbox" name="SubAltName"></P>
Critical: <input type="checkbox" name="SubAltName-crit">
<td>
<table>
<tr>
<td>
General Names:</p>
<select name="SubAltNameSelect" multiple size="10">
</select></p></p>
<input type="button" name="SubAltName-add" value="Add" onClick="{parent.addSubAltName(this.form)}">
<input type="button" name="SubAltName-delete" value="Delete" onClick="parent.deleteSubAltName(this.form)">
</td><td>
<table><tr><td>
Name Type: </td></tr><tr><td>
<input type="radio" name="SubAltNameRadio" value="otherName" onClick="parent.setSubAltNameType(form)"> Other Name,
OID: <input type="text" name="SubAltNameOtherNameOID" size="6"> </td><td>
<input type="radio" name="SubAltNameRadio" value="rfc822Name" onClick="parent.setSubAltNameType(form)"> RFC 822 Name</td></tr><td>
<input type="radio" name="SubAltNameRadio" value="dnsName" onClick="parent.setSubAltNameType(form)"> DNS Name </td><td>
<input type="radio" name="SubAltNameRadio" value="x400" onClick="parent.setSubAltNameType(form)"> X400 Address</td></tr><td>
<input type="radio" name="SubAltNameRadio" value="directoryName" onClick="parent.setSubAltNameType(form)"> Directory Name</td><td>
<input type="radio" name="SubAltNameRadio" value="ediPartyName" onClick="parent.setSubAltNameType(form)"> EDI Party Name</td></tr><td>
<input type="radio" name="SubAltNameRadio" value="URL" onClick="parent.setSubAltNameType(form)"> Uniform Resource Locator</td><td>
<input type="radio" name="SubAltNameRadio" value="ipAddress" onClick="parent.setSubAltNameType(form)"> IP Address</td></tr><td>
<input type="radio" name="SubAltNameRadio" value="regID"onClick="parent.setSubAltNameType(form)"> Registered ID</td><td>
<input type="radio" name="SubAltNameRadio" value="nscpNickname" onClick="parent.setSubAltNameType(form)"> Netscape Certificate Nickname</td><td></tr>
</table>
Name: <input type="text" name="SubAltNameText">
Binary Encoded: <input type="checkbox" name="SubAltNameDataType" value="binary" onClick="parent.setSubAltNameType(form)"></p>
</tr>
</table>
</tr>
<tr>
<td>
<b>Issuer Alternative Name:</b></p>
Activate extension: <input type="checkbox" name="IssuerAltName"></P>
Critical: <input type="checkbox" name="IssuerAltName-crit">
<td>
<input type="radio" name="IssuerAltNameSourceRadio" value="auto"> Use the Subject Alternative Name from the Issuers Certificate</p>
<input type="radio" name="IssuerAltNameSourceRadio" value="man"> Use this Name:
<table>
<tr>
<td>
General Names:</p>
<select name="IssuerAltNameSelect" multiple size="10">
</select></p></p>
<input type="button" name="IssuerAltName-add" value="Add" onClick="{parent.addIssuerAltName(this.form)}">
<input type="button" name="IssuerAltName-delete" value="Delete" onClick="parent.deleteIssuerAltName(this.form)">
</td><td>
<table><tr><td>
Name Type: </td></tr><tr><td>
<input type="radio" name="IssuerAltNameRadio" value="otherName" onClick="parent.setIssuerAltNameType(form)"> Other Name,
OID: <input type="text" name="IssuerAltNameOtherNameOID" size="6"> </td><td>
<input type="radio" name="IssuerAltNameRadio" value="rfc822Name" onClick="parent.setIssuerAltNameType(form)"> RFC 822 Name</td></tr><td>
<input type="radio" name="IssuerAltNameRadio" value="dnsName" onClick="parent.setIssuerAltNameType(form)"> DNS Name </td><td>
<input type="radio" name="IssuerAltNameRadio" value="x400" onClick="parent.setIssuerAltNameType(form)"> X400 Address</td></tr><td>
<input type="radio" name="IssuerAltNameRadio" value="directoryName" onClick="parent.setIssuerAltNameType(form)"> Directory Name</td><td>
<input type="radio" name="IssuerAltNameRadio" value="ediPartyName" onClick="parent.setIssuerAltNameType(form)"> EDI Party Name</td></tr><td>
<input type="radio" name="IssuerAltNameRadio" value="URL" onClick="parent.setIssuerAltNameType(form)"> Uniform Resource Locator</td><td>
<input type="radio" name="IssuerAltNameRadio" value="ipAddress" onClick="parent.setIssuerAltNameType(form)"> IP Address</td></tr><td>
<input type="radio" name="IssuerAltNameRadio" value="regID" onClick="parent.setIssuerAltNameType(form)"> Registered ID</td><td></tr>
</table>
Name: <input type="text" name="IssuerAltNameText">
Binary Encoded: <input type="checkbox" name="IssuerAltNameDataType" value="binary" onClick="parent.setIssuerAltNameType(form)"></p>
</tr>
</table>
</tr>
<tr>
<td>
<b>Name Constraints:</b></p>
Activate extension: <input type="checkbox" name="NameConstraints"></P>
<td>
<table>
<tr>
<td>
Name Constraints:</p>
<select name="NameConstraintSelect" multiple size="10">
</select></p></p>
<input type="button" name="NameConstraint-add" value="Add" onClick="{parent.addNameConstraint(this.form)}">
<input type="button" name="NameConstraint-delete" value="Delete" onClick="parent.deleteNameConstraint(this.form)">
</td><td>
<table><tr><td>
Name Type: </td></tr><tr><td>
<input type="radio" name="NameConstraintRadio" value="otherName" onClick="parent.setNameConstraintNameType(form)"> Other Name,
OID: <input type="text" name="NameConstraintOtherNameOID" size="6"> </td><td>
<input type="radio" name="NameConstraintRadio" value="rfc822Name" onClick="parent.setNameConstraintNameType(form)"> RFC 822 Name</td></tr><td>
<input type="radio" name="NameConstraintRadio" value="dnsName" onClick="parent.setNameConstraintNameType(form)"> DNS Name </td><td>
<input type="radio" name="NameConstraintRadio" value="x400" onClick="parent.setNameConstraintNameType(form)"> X400 Address</td></tr><td>
<input type="radio" name="NameConstraintRadio" value="directoryName" onClick="parent.setNameConstraintNameType(form)"> Directory Name</td><td>
<input type="radio" name="NameConstraintRadio" value="ediPartyName" onClick="parent.setNameConstraintNameType(form)"> EDI Party Name</td></tr><td>
<input type="radio" name="NameConstraintRadio" value="URL" onClick="parent.setNameConstraintNameType(form)"> Uniform Resource Locator</td><td>
<input type="radio" name="NameConstraintRadio" value="ipAddress" onClick="parent.setNameConstraintNameType(form)"> IP Address</td></tr><td>
<input type="radio" name="NameConstraintRadio" value="regID" onClick="parent.setNameConstraintNameType(form)"> Registered ID</td><td></tr>
</table>
Name: <input type="text" name="NameConstraintText">
Binary Encoded: <input type="checkbox" name="NameConstraintNameDataType" value="binary" onClick="parent.setNameConstraintNameType(form)"></p>
Constraint type:<p>
<dd><input type="radio" name="NameConstraintTypeRadio" value="permited"> permited<p>
<dd><input type="radio" name="NameConstraintTypeRadio" value="excluded"> excluded<p>
Minimum: <input type="text" name="NameConstraintMin" size="8" maxlength="8"></p>
Maximum: <input type="text" name="NameConstraintMax" size="8" maxlength="8"></p>
</tr>
</table>
</tr>
</table>
</form>

2460
security/nss/cmd/certcgi/certcgi.c Normal file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

956
security/nss/cmd/certcgi/index.html Normal file
Просмотреть файл

@ -0,0 +1,956 @@
<HTML> <!-- -*- Mode: Java; tab-width: 8 -*- -->
<!--
- The contents of this file are subject to the Mozilla Public
- License Version 1.1 (the "License"); you may not use this file
- except in compliance with the License. You may obtain a copy of
- the License at http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS
- IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- implied. See the License for the specific language governing
- rights and limitations under the License.
-
- The Original Code is the Netscape security libraries.
-
- The Initial Developer of the Original Code is Netscape
- Communications Corporation. Portions created by Netscape are
- Copyright (C) 1994-2000 Netscape Communications Corporation. All
- Rights Reserved.
-
- Contributor(s):
-
- Alternatively, the contents of this file may be used under the
- terms of the GNU General Public License Version 2 or later (the
- "GPL"), in which case the provisions of the GPL are applicable
- instead of those above. If you wish to allow use of your
- version of this file only under the terms of the GPL and not to
- allow others to use your version of this file under the MPL,
- indicate your decision by deleting the provisions above and
- replace them with the notice and other provisions required by
- the GPL. If you do not delete the provisions above, a recipient
- may use your version of this file under either the MPL or the
- GPL.
-->
<HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<SCRIPT LANGUAGE="JavaScript1.2">
script_url = 'http://troll.mcom.com/certo/production/cgi-bin/certcgi.cgi'
ext_page_ver1 =
make_page_intro('Version 1 extensions', "#FFFFFF") +
'<layer ID="ext1">' +
'Version 1 X.509 certs do not support extensions' +
'</layer>' +
'</body></html>';
cur_page = 1;
num_ca = 0;
index_list =
'0, your_certificate_index_label,' +
'0, netscape_extensions_index_label,' +
'0, standard_extensions_index_label,' +
'0, certifying_authorities_index_label';
var main_page =
make_page_intro('Your Key', "#FFFFFF") +
'<layer ID="main" SRC="main.html">' +
'</layer>' +
'</body></html>' ;
add_index_list = '';
max_pages = 13;
ver = 3
ext_page_array = new Array(max_pages);
index_label = 'Options';
your_certificate_index_label = 'Your Certificate';
netscape_extensions_index_label = 'Netscape X.509 Extensions';
standard_extensions_index_label = 'Standard X.509 Extensions';
certifying_authorities_index_label = 'Certifying Authorities';
add_sub_alt_name_index_label = 'Add Subject Alternative Name';
function setSubAltNameType(form)
{
with(form)
{
if (SubAltNameRadio[0].checked)
{
return true;
}
if (SubAltNameRadio[3].checked || SubAltNameRadio[5].checked)
{
SubAltNameDataType.checked = true;
return true;
}
if (SubAltNameRadio[1].checked || SubAltNameRadio[2].checked ||
SubAltNameRadio[4].checked || SubAltNameRadio[6].checked ||
SubAltNameRadio[7].checked || SubAltNameRadio[8].checked)
{
SubAltNameDataType.checked = false;
return true;
}
}
return true;
}
function setIssuerAltNameType(form)
{
with(form)
{
if (IssuerAltNameRadio[0].checked)
{
return true;
}
if (IssuerAltNameRadio[3].checked || IssuerAltNameRadio[5].checked)
{
IssuerAltNameDataType.checked = true;
return true;
}
if (IssuerAltNameRadio[1].checked || IssuerAltNameRadio[2].checked ||
IssuerAltNameRadio[4].checked || IssuerAltNameRadio[6].checked ||
IssuerAltNameRadio[7].checked || IssuerAltNameRadio[8].checked)
{
IssuerAltNameDataType.checked = false;
return true;
}
}
return true;
}
function setNameConstraintNameType(form)
{
with(form)
{
if (NameConstraintRadio[0].checked)
{
return true;
}
if (NameConstraintRadio[3].checked || NameConstraintRadio[5].checked)
{
NameConstraintNameDataType.checked = true;
return true;
}
if (NameConstraintRadio[1].checked || NameConstraintRadio[2].checked ||
NameConstraintRadio[4].checked || NameConstraintRadio[6].checked ||
NameConstraintRadio[7].checked || NameConstraintRadio[8].checked)
{
NameConstraintNameDataType.checked = false;
return true;
}
}
return true;
}
function addSubAltName(form)
{
with(form)
{
var len = SubAltNameSelect.length;
var value;
var i = 0;
while(!(i == (SubAltNameRadio.length - 1)) & !(SubAltNameRadio[i].checked == true))
{
i++;
}
if (i != 0)
{
value = SubAltNameText.value + " - " + (i + 1);
}
else
{
value = SubAltNameText.value + " - " + SubAltNameOtherNameOID.value + " - ";
if (SubAltNameDataType.checked)
{
value += "1 - ";
}
else
{
value += "0 - ";
}
value += (i + 1);
if (SubAltNameOtherNameOID.value == "")
{
alert("Other names must include an OID");
return false;
}
}
if ((SubAltNameText.value == "") | (SubAltNameRadio[i].checked != true))
{
alert("Alternative Names must include values for name and name type.");
}
else
{
SubAltNameSelect.options[len] = new Option(value, value);
}
}
return true;
}
function deleteSubAltName(form)
{
with(form)
{
while (SubAltNameSelect.selectedIndex >= 0)
{
SubAltNameSelect[SubAltNameSelect.selectedIndex] = null;
}
}
}
function addIssuerAltName(form)
{
with(form)
{
var len = IssuerAltNameSelect.length;
var value;
var i = 0;
while(!(i == (IssuerAltNameRadio.length -1)) & !(IssuerAltNameRadio[i].checked == true))
{
i++;
}
if (i != 0)
{
value = IssuerAltNameText.value + " - " + (i + 1);
}
else
{
value = IssuerAltNameText.value + " - " + IssuerAltNameOtherNameOID.value + " - ";
if (IssuerAltNameDataType.checked)
{
value += "1 - ";
}
else
{
value += "0 - ";
}
value += (i + 1);
if (IssuerAltNameOtherNameOID.value == "")
{
alert("Other names must include an OID");
return false;
}
}
if ((IssuerAltNameText.value == "") | (IssuerAltNameRadio[i].checked != true))
{
alert("Alternative Names must include values for name and name type.")
}
else
{
IssuerAltNameSelect.options[len] = new Option(value, value);
}
}
return true;
}
function deleteIssuerAltName(form)
{
with(form)
{
while (IssuerAltNameSelect.selectedIndex >= 0)
{
IssuerAltNameSelect[IssuerAltNameSelect.selectedIndex] = null;
}
}
}
function addNameConstraint(form)
{
with(form)
{
var len = NameConstraintSelect.length;
var value;
var i = 0;
var min = NameConstraintMin.value;
var max = NameConstraintMax.value;
while(!(i == (NameConstraintRadio.length - 1) ) & !(NameConstraintRadio[i].checked == true))
{
i++;
}
value = NameConstraintText.value + " - ";
if (i == 0)
{
value += NameConstraintOtherNameOID.value + " - ";
if (NameConstraintNameDataType.checked)
{
value += "1 - ";
}
else
{
value += "0 - ";
}
if (NameConstraintOtherNameOID.value == "")
{
alert("Other names must include an OID");
return false;
}
}
value += (i + 1) + " - ";
if (NameConstraintTypeRadio[0].checked == true)
{
value += "p - ";
}
else
{
value += "e - ";
}
value += min + " - " + max;
if ((min == "") | (NameConstraintText.value == "") | (NameConstraintRadio[i].checked != true))
{
alert("Name Constraints must include values for minimum, name, and name type.")
}
else
{
NameConstraintSelect.options[len] = new Option(value, value);
}
}
return true;
}
function deleteNameConstraint(form)
{
with(form)
{
while (NameConstraintSelect.selectedIndex >= 0)
{
NameConstraintSelect[NameConstraintSelect.selectedIndex] = null;
}
}
}
function submit_it()
{
save_cur_page(cur_page);
var array_string;
var subject = ext_page_array[0][22][0];
var serial = ext_page_array[0][10][0];
var ver1 = (ver == 1);
var ver3 = (ver == 3);
var serial_number = ext_page_array[0][12][0];
var notBefore = ext_page_array[0][20][0];
var notAfter = ext_page_array[0][21][0];
var manValidity = ext_page_array[0][19][0];
if (subject == "")
{
alert("The DN field must contain some data");
return false;
}
if (!serial & serial_number == "")
{
alert("No serial number specified");
return false;
}
if (ext_page_array[0][15][0])
{
var keygen = "<keygen name=\"key\" challenge=\"foo\">";
}
else
{
switch (ext_page_array[0][17][0]) {
case 2:
var keygen = "<keygen keytype=\"dsa\" pqg=\"MIGdAkEAjfKklEkidqo9JXWbsGhpy+rA2Dr7jQz3y7gyTw14guXQdi/FtyEOr8Lprawyq3qsSWk9+/g3JMLsBzbuMcgCkQIVAMdzIYxzfsjumTtPLe0w9I7azpFfAkEAYm0CeDnqChNBMWOlW0y1ACmdVSKVbO/LO/8Q85nOLC5xy53l+iS6v1jlt5UhklycxC6fb0ZLCIzFcq9T5teIAg==\" name=\"key\" challenge=\"foo\">";
break;
case 1:
var keygen = "<keygen keytype=\"dsa\" pqg=\"MIHaAmDCboVgX0+6pEeMlbwsasWDVBcJNHPKMzkq9kbCRK2U3k+tE15n+Dc2g3ZjDYr1um51e2iLC34/BwAAAAAAAAAAAAAAAAAAAAAAAAABbBhnlFN5Djmt0Mk8cdEBY5H8iPMCFMhUnFtbpjn3EyfH2DjVg3ALh7FtAmA2zWzhpeCwvOTjYnQorlXiv0WcnSiWmaC79CRYkFt5i+UEfRxwP1eNGJBVB1T+CPW6JGd4WhgsqtSf53pn5DEtv++O7lNfXyOhWhb3KaWHYIx8fuAXtioIWkWmpfEIVZA=\" name=\"key\" challenge=\"foo\">";
break;
case 0:
var keygen = "<keygen keytype=\"dsa\" pqg=\"MIIBHAKBgId8SiiWrcdua5zbsBhPkKfFcnHBG7T/bQla7c6OixGjjmSSuq2fJLvMKa579CaxHxLZzZZXIHmAk9poRgWl2GUUkCJ68XSum8OQzDPXPsofcEdeANjw3mIAAAAAAAAAAAAAAAAAAAAAAAAIE+MkW5hguLIQqWvEVi9dMpbNu6OZAhTIA+y3TgyiwA0D8pt686ofaL1IOQKBgAiZQC6UCXztr2iXxJrAC+51gN5oX/R9Thilln9RGegsWnHrdxUOpcm5vAWp1LU8TOXtujE8kqkm3UxIRhUWQORe9IxLANAXmZJqkw9FEVHkxj6Cy9detwT2MyBzSwS6avsf7aLisgHmI/IHSeapJsQ3NQa3rikb6zRiqIV+TVa6\" name=\"key\" challenge=\"foo\">";
break;
}
}
array_string = build_array_string();
hiddens = "<input type=\"hidden\" name=\"subject\" value=\'" + subject + "\'> \n" +
"<input type=\"hidden\" name=\"serial-auto\" value=\"" + serial + "\"> \n" +
"<input type=\"hidden\" name=\"serial_value\" value=\"" + serial_number + "\"> \n" +
"<input type=\"hidden\" name=\"ver-1\" value=\"" + ver1 + "\"> \n" +
"<input type=\"hidden\" name=\"ver-3\" value=\"" + ver3 + "\"> \n" +
"<input type=\"hidden\" name=\"notBefore\" value=\"" + notBefore + "\"> \n" +
"<input type=\"hidden\" name=\"notAfter\" value=\"" + notAfter + "\"> \n" +
"<input type=\"hidden\" name=\"manValidity\" value=\"" + manValidity + "\"> \n" +
array_string;
var good_submit_page =
'<html>' +
'<BODY TEXT="#000000" LINK="#000000" VLINK="#000000" ALINK="#FF0000" BGCOLOR="#FFFFFF">' +
'<form method="post" action="' + script_url + '">' +
'Select size for your key:' + keygen + '</p>' +
'<input type="submit"></p>' +
hiddens +
'</form>\n' +
'</body>\n' +
'</html>\n';
window.frames.extensions.document.write(good_submit_page);
window.frames.extensions.document.close();
cur_page = max_pages + 1;
make_index(window);
return false;
}
function build_array_string()
{
var j;
var array_string = '';
var pages;
if ((ext_page_array[3][4][0] > 0) && ext_page_array[3][3][0])
{
pages = 4 + parseInt(ext_page_array[3][4][0]);
}
else
{
pages = 4;
}
for (j = 1; j < pages; j++)
{
if ((j > 1 || (ver == 3)) &&
(ext_page_array[j].length > 1))
{
if (j < 4)
{
for (i = 0; i < ext_page_array[j].length; i++)
{
if (ext_page_array[j][i][3].indexOf("radio") == -1)
{
if (ext_page_array[j][i][3].indexOf("multiple") == -1)
{
array_string += '<input type=\"hidden\" name=\"' + ext_page_array[j][i][1] + '\" value=\'' + ext_page_array[j][i][0] + '\'> \n';
}
else
{
for (k = 0; k < ext_page_array[j][i][0].length; k++)
{
array_string += '<input type=\"hidden\" name=\"' + ext_page_array[j][i][1] + k + '\" value=\'' + ext_page_array[j][i][0][k] + '\'> \n';
}
}
}
else
{
array_string += '<input type=\"hidden\" name=\"' + ext_page_array[j][i][1] + '-' + ext_page_array[j][i][2] + '\" value=\'' + ext_page_array[j][i][0] + '\'> \n';
}
}
}
else
{
for (i = 0; i < ext_page_array[j].length; i++)
{
if (ext_page_array[j][i][3].indexOf("radio") == -1)
{
if (ext_page_array[j][i][3].indexOf("multiple") == -1)
{
array_string += '<input type=\"hidden\" name=\"' + 'CA#' + (j - 3) + '-' + ext_page_array[j][i][1] + '\" value=\'' + ext_page_array[j][i][0] +'\'> \n';
}
else
{
for (k = 0; k < ext_page_array[j][i][0].length; k++)
{
array_string += '<input type=\"hidden\" name=\"' + 'CA#' + (j - 3) + '-' + ext_page_array[j][i][1] + k + '\" value=\'' + ext_page_array[j][i][0][k] + '\'> \n';
}
}
}
else
{
array_string += '<input type=\"hidden\" name=\"' + 'CA#' + (j - 3) + '-' + ext_page_array[j][i][1] + '-' + ext_page_array[j][i][2] + '\" value=\'' + ext_page_array[j][i][0] + '\'> \n';
}
}
}
}
}
return array_string;
}
function init_ext_page_array()
{
for (i = 0; i < max_pages; i++)
{
ext_page_array[i] = '';
}
}
function ca_num_change(n,ca_form)
{
with(ca_form)
{
n = parseInt(n,10);
if (caChoiceradio[2].checked)
{
if (n)
{
update_index(n);
}
else
{
update_index(0);
}
}
}
}
function choice_change(ca_form)
{
with(ca_form)
{
if (caChoiceradio[2].checked)
{
ca_num_change(manCAs.value,ca_form);
}
else
{
update_index(0);
}
}
}
function update_index(n)
{
var add_string = '';
for (var i = 0; i < n; i++)
{
var j = i + 1;
add_string = add_string + ',1, \'CA #' + j + '\'';
}
top.add_index_list = add_string;
num_ca = n;
make_index(window);
}
function set_ver1()
// redraws the extensions page for version 1 certificates
{
ver = 1
if (cur_page == 2 || cur_page == 3)
{
sa_switch_pane(window, cur_page, cur_page);
}
}
function set_ver3()
// redraws the extensions page for version 3 certificates
{
ver = 3
if (cur_page == 2)
{
sa_switch_pane(window, 0, 2);
}
else if (cur_page == 3)
{
sa_switch_pane(window, 0, 3);
}
}
function reset_subject(marker, value, form)
// Updates the subject field from a subordinate field
{
with(form)
{
var field_sep = '", ';
var begin_index = subject.value.indexOf(marker);
if (begin_index != 0 && subject.value[begin_index - 1] != ' ')
{
begin_index = subject.value.indexOf(marker, begin_index +1);
}
var end_index = subject.value.indexOf(field_sep, begin_index);
if (begin_index > -1) // is it a delete/change?
{
if (end_index == -1) // is it the last one (includes only one)?
{
if (value.length > 0) // do I have to change it?
{
if (begin_index == 0) // is is the only one?
{
subject.value = marker + '"' + value + '"';
}
else // it is the last of many
{
subject.value = subject.value.substring(0,begin_index) + marker + '"' + value + '"';
}
}
else // must be a delete
{
if (begin_index == 0) // is it the only one?
{
begin_index += 2;
}
subject.value = subject.value.substring(0,(begin_index - 2));
}
}
else // it is the first of many or a middle one
{
if (value.length >0) // do I have to change it?
{
subject.value = subject.value.substring(0,(begin_index + marker.length + 1)) + value + subject.value.substring(end_index,subject.length);
}
else // it is a delete
{
subject.value = subject.value.substring(0,begin_index) + subject.value.substring((end_index + 3),subject.length);
}
}
}
else // It is either an insert or a do nothing
{
if (value.length > 0) // is it an insert?
{
if (subject.value.length == 0) // is subject currently empty?
{
subject.value = marker + '"' + value + '"';
}
else
{
subject.value = subject.value + ', ' + marker + '"' + value + '"';
}
}
}
}
}
function reset_subjectFields(form)
// updates all the subordinate fields from the subject field of a form
// ************ move the strings to global variables, to make maintentance easier ****************
{
update_subject_Field(form, 'CN=\"', form.name);
update_subject_Field(form, 'MAIL=\"', form.email);
update_subject_Field(form, 'O=\"', form.org);
update_subject_Field(form, 'C=\"', form.country);
update_subject_Field(form, ' L=\"', form.loc);
update_subject_Field(form, 'ST=\"', form.state);
update_subject_Field(form, 'E=\"', form.email);
update_subject_Field(form, 'OU=\"', form.org_unit);
update_subject_Field(form, 'UID=\"', form.uid);
}
function update_subject_Field(form, marker, update_field)
//updates a single subordinate field from the subject field of a form
// *************** need to deal with the two types of e-mail addresses **************
{
with(form)
{
var field_sep = '", ';
var begin_index = subject.value.indexOf(marker) + marker.length;
var end_index = subject.value.indexOf(field_sep, begin_index);
if (end_index == -1)
{
end_index = subject.value.indexOf('"',begin_index);
}
if (begin_index != (-1 + marker.length) )
{
update_field.value = subject.value.substring(begin_index, end_index);
}
else
{
update_field.value = '';
}
}
}
function switch_mail(form)
// *************** I need to figure out if I want to delete the other type of e-mail address ************
{
if (form.email_type[0].checked)
{
var del = 'E=';
var ins = 'MAIL=';
}
else
{
var del = 'MAIL=';
var ins = 'E=';
}
reset_subject(del, '', form);
reset_subject(ins, form.email.value, form);
}
function make_page_intro(title, bgcolor)
{
var style = '<STYLE TYPE="text/css">BODY{' +
'font-family: Geneva,MS Sans Serif,Arial,Lucida,Helvetica,sans-serif;' +
'font-size: 10pt;' +
'}' +
'TD{' +
'font-family: Geneva,MS Sans Serif,Arial,Lucida,Helvetica,sans-serif;' +
'font-size: 10pt;}' +
'</STYLE>';
if (bgcolor == null) { bgcolor = "#C0C0C0"; }
return '<HTML><HEAD>' +
'<TITLE>' + title + '</TITLE>' +
'</HEAD>' +
'<BODY TEXT="#000000" LINK="#000000" VLINK="#000000" ALINK="#FF0000" ' +
'BGCOLOR="' + bgcolor + '">';
}
function make_index(window)
{
with (window.frames.index)
{
eval ('index_string = make_index_page(cur_page, ' + index_list + add_index_list + ' )');
fool1 = make_page_intro(index_label, "#FFFFFF") +
index_string + '</BODY></HTML>';
document.write(fool1);
document.close();
}
}
function save_cur_page(page_number)
{
var len;
var j = page_number - 1;
if (frames.extensions.document.layers.length != 0)
{
with (frames.extensions.document.layers[0].document)
{
if ((page_number != 2 && page_number != 3 && page_number <= max_pages) ||
ver == 3)
{
ext_page_array[j] = new Array(forms[0].elements.length);
for (i = 0; i < forms[0].elements.length; i++)
{
ext_page_array[j][i] = new Array(4);
switch (forms[0].elements[i].type)
{
case 'radio': case 'checkbox':
ext_page_array[j][i][0] = forms[0].elements[i].checked;
break;
case 'select-one':
ext_page_array[j][i][0] = forms[0].elements[i].selectedIndex;
break;
case 'select-multiple':
len = forms[0].elements[i].options.length;
ext_page_array[j][i][0] = new Array(len);
for(k = 0; k < len; k++)
{
ext_page_array[j][i][0][k] = forms[0].elements[i].options[k].value;
}
break;
default:
ext_page_array[j][i][0] = forms[0].elements[i].value;
}
ext_page_array[j][i][1] = forms[0].elements[i].name;
ext_page_array[j][i][2] = forms[0].elements[i].value;
ext_page_array[j][i][3] = forms[0].elements[i].type;
}
}
}
}
}
function reload_form(page_number)
{
var j = page_number - 1;
with (frames.extensions.document.layers[0].document)
{
if (((page_number < 2 || page_number > 3) || ver == 3)
&& page_number != 0 && (ext_page_array[j].length > 1))
{
for (i = 0; i < ext_page_array[j].length; i++)
{
switch (forms[0].elements[i].type)
{
case 'radio': case 'checkbox':
forms[0].elements[i].checked = ext_page_array[j][i][0];
break;
case 'select-one':
forms[0].elements[i].selectedIndex = ext_page_array[j][i][0];
break;
case 'select-multiple':
for (k = 0; k < ext_page_array[j][i][0].length; k++)
{
forms[0].elements[i].options[k] = new Option(ext_page_array[j][i][0][k],
ext_page_array[j][i][0][k]);
}
break;
default:
forms[0].elements[i].value = ext_page_array[j][i][0];
}
}
}
}
}
function sa_switch_pane(top_window, old_pane, new_pane)
{
var ext_page_stnd =
make_page_intro(standard_extensions_index_label, "#FFFFFF") +
'<layer ID="ext" SRC="stnd_ext_form.html">' +
'</layer>' +
'</body></html>';
var ext_page_nscp =
make_page_intro(netscape_extensions_index_label, "#FFFFFF") +
'<layer ID="ext" SRC="nscp_ext_form.html">' +
'</layer>' +
'</body></html>';
var ext_page_ca =
make_page_intro(certifying_authorities_index_label, "#FFFFFF") +
'<layer ID="ext" SRC="ca.html">' +
'</layer>' +
'</body</html>';
var ext_page_ca_exp =
make_page_intro('Certifying Authority Details', "#FFFFFF") +
'<layer ID="ext" SRC="ca_form.html">' +
'</layer>' +
'</body></html>';
if (old_pane > 0 && cur_page <= max_pages)
{
save_cur_page(old_pane);
}
cur_page = new_pane;
make_index(top_window);
if (new_pane == 2 || new_pane == 3)
{
if (ver == 1)
{
frames.extensions.document.write(ext_page_ver1);
frames.extensions.document.close();
}
else
{
if (new_pane == 2)
{
frames.extensions.document.write(ext_page_nscp);
frames.extensions.document.close();
reload_form(new_pane);
}
else
{
frames.extensions.document.write(ext_page_stnd);
frames.extensions.document.close();
reload_form(new_pane);
}
}
}
else
{
if (new_pane == 4)
{
frames.extensions.document.write(ext_page_ca);
frames.extensions.document.close();
reload_form(new_pane);
}
else
{
if (new_pane == 1)
{
frames.extensions.document.write(main_page);
frames.extensions.document.close();
reload_form(new_pane);
}
else
{
frames.extensions.document.write(ext_page_ca_exp);
frames.extensions.document.close();
reload_form(new_pane);
}
}
}
}
function make_index_page(selected)
{
var n_strings = ( make_index_page.arguments.length - 1 ) / 2;
var table_background;
var command;
var indent;
var label;
var ret_string = "";
ret_string += '<TABLE CELLSPACING=4>';
for ( var i = 1; i <= n_strings; i++ ) {
if ( i == selected ) {
table_background = 'BGCOLOR=#BBCCBB';
} else {
table_background = '';
}
indent = make_index_page.arguments[(i*2) - 1];
label = make_index_page.arguments[(i*2)];
if ( indent == 0 ) {
ret_string += ('<TR><TD COLSPAN=2 ' + table_background + '>');
} else {
ret_string += ('<TR><TD>&nbsp;&nbsp;</TD><TD ' + table_background + '>');
}
command = "'parent.sa_switch_pane(parent," + selected + "," + i + ")'";
ret_string += ('<A HREF="javascript:void setTimeout(' + command + ',0)">');
if ( indent == 0 ) { ret_string += "<B>"; }
ret_string += label;
if ( indent == 0 ) { ret_string += "</B>"; }
ret_string += '</A></TD></TR>';
}
if (selected == (max_pages + 1))
{
table_background = 'BGCOLOR=#BBCCBB';
} else {
table_background = '';
}
ret_string +=
'<TR><TD COLSPAN=2 ' + table_background +
'><b><A HREF="javascript:void setTimeout(\'top.submit_it()\', 0)">Finish</A></b>' +
'</TD></TR>' +
'<input type="submit"></form>' +
'</TABLE>';
return(ret_string);
}
function make_page(window)
// Draws the initial page setup
{
selected = cur_page
init_ext_page_array()
with (window.frames.extensions) {
document.write(main_page);
document.close();
}
make_index(window);
}
</script>
</HEAD>
<title>Cert-O-Matic</title>
<FRAMESET cols="150,*" BORDER=3 ONLOAD="make_page(window)">
<FRAME SRC="about:blank" NAME="index"
MARGINWIDTH=15 MARGINHEIGHT=10 BORDER=3>
<FRAME SRC="about:blank" NAME="extensions"
MARGINWIDTH=15 MARGINHEIGHT=10 BORDER=3>
</FRAMESET>
</HTML>

105
security/nss/cmd/certcgi/main.html Normal file
Просмотреть файл

@ -0,0 +1,105 @@
<HTML>
<!--
- The contents of this file are subject to the Mozilla Public
- License Version 1.1 (the "License"); you may not use this file
- except in compliance with the License. You may obtain a copy of
- the License at http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS
- IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- implied. See the License for the specific language governing
- rights and limitations under the License.
-
- The Original Code is the Netscape security libraries.
-
- The Initial Developer of the Original Code is Netscape
- Communications Corporation. Portions created by Netscape are
- Copyright (C) 1994-2000 Netscape Communications Corporation. All
- Rights Reserved.
-
- Contributor(s):
-
- Alternatively, the contents of this file may be used under the
- terms of the GNU General Public License Version 2 or later (the
- "GPL"), in which case the provisions of the GPL are applicable
- instead of those above. If you wish to allow use of your
- version of this file only under the terms of the GPL and not to
- allow others to use your version of this file under the MPL,
- indicate your decision by deleting the provisions above and
- replace them with the notice and other provisions required by
- the GPL. If you do not delete the provisions above, a recipient
- may use your version of this file under either the MPL or the
- GPL.
-->
<HEAD>
<TITLE>Main Layer for CertOMatic</TITLE>
</HEAD>
<form method="post" name="primary_form" action="http://troll.mcom.com/jsw/cgi-bin/echoform.cgi">
<table border=0 cellspacing=10 cellpadding=0>
<tr>
<td>
Common Name:</td><td> <input type="text" name="name" onChange="{window.top.reset_subject('CN=', value, form)}"></p>
</td>
<td></td><td></td>
<td>
Organization: </td><td> <input type="text" name="org" onChange="{window.top.reset_subject('O=', value, form)}"></p></td>
<tr>
<td>
<input type="radio" name="email_type" value="1" onClick="window.top.switch_mail(form)">MAIL=
<input type="radio" name="email_type" value="2" checked onClick="window.top.switch_mail(form)">E=
</td>
<td>
<input type="text" name="email" onChange="var temp;{if (email_type[0].checked) {temp = 'MAIL='} else {temp = 'E='}} ;{window.top.reset_subject(temp, value, form)}">
</td>
<td></td><td></td><td>
Organizational Unit: </td><td><input type="text" name="org_unit" onChange="{window.top.reset_subject('OU=', value, form)}"></p></td>
<tr>
<td>
UID= </td><td><input type="text" name="uid" onChange="{window.top.reset_subject('UID=', value, form)}"></p></td>
<td></td><td></td><td>
Locality: </td><td><input type="text" name="loc" onChange="{window.top.reset_subject('L=', value, form)}"></p></td>
<tr>
<td>
State or Province: </td><td><input type="text" name="state" onChange="{window.top.reset_subject('ST=', value, form)}"></p></td>
<td></td><td></td><td>
Country: </td><td><input type="text" size="2" name="country" onChange="{window.top.reset_subject('C=', value, form)}" maxlength="2"></p></td>
<tr>
<td COLSPAN=2>
Serial Number:
<DD><input type="radio" name="serial" value="auto" checked> Auto Generate
<DD><input type="radio" name="serial" value="input">
Use this value:&nbsp; <input type="text" name="serial_value" size="8" maxlength="8"></p>
</td>
<td></td> <td></td>
<td COLSPAN=2>
X.509 version:
<DD><input type="radio" name="ver" value="1" onClick="if (this.checked) {window.top.set_ver1();}"> Version 1
<DD><input type="radio" name="ver" value="3" checked onClick="if (this.checked) {window.top.set_ver3();}"> Version 3</P></td>
<tr>
<td COLSPAN=2>
Key Type:
<DD><input type="radio" name="keyType" value="rsa" checked> RSA
<DD><input type="radio" name="keyType" value="dsa"> DSA</p>
Intermediate CA Key Sizes:
<DD><select name="keysize">
<option>2048 (Very High Grade)
<option>1024 (High Grade)
<option>512 (Low Grade)
</select>
</td>
<td></td> <td></td>
<td COLSPAN=2>
Validity:
<DD><input type="radio" name="validity" value="auto" checked>
Generate Automatically
<DD><input type="radio" name="validity" value="man"> Use these values:
<DD>Not Before:&nbsp; <input type="text" size="15" maxlength="17" name="notBefore">
<DD>Not After:&nbsp;&nbsp;&nbsp; <input type="text" size="15" maxlength="17" name="notAfter">
<DD>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<FONT SIZE=-1><TT>YYMMDDhhmm[ss]{Z|+hhmm|-hhmm} </TT></FONT>
</table>
DN: <input type="text" name="subject" size="70" onChange="{window.top.reset_subjectFields(form)}"></P>
</form>
</HTML>

48
security/nss/cmd/certcgi/manifest.mn Normal file
Просмотреть файл

@ -0,0 +1,48 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
CORE_DEPTH = ../../..
# MODULE public and private header directories are implicitly REQUIREd.
MODULE = security
# This next line is used by .mk files
# and gets translated into $LINCS in manifest.mnw
REQUIRES = seccmd dbm
DEFINES = -DNSPR20
CSRCS = certcgi.c
PROGRAM = certcgi

113
security/nss/cmd/certcgi/nscp_ext_form.html Normal file
Просмотреть файл

@ -0,0 +1,113 @@
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
<!--
- The contents of this file are subject to the Mozilla Public
- License Version 1.1 (the "License"); you may not use this file
- except in compliance with the License. You may obtain a copy of
- the License at http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS
- IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- implied. See the License for the specific language governing
- rights and limitations under the License.
-
- The Original Code is the Netscape security libraries.
-
- The Initial Developer of the Original Code is Netscape
- Communications Corporation. Portions created by Netscape are
- Copyright (C) 1994-2000 Netscape Communications Corporation. All
- Rights Reserved.
-
- Contributor(s):
-
- Alternatively, the contents of this file may be used under the
- terms of the GNU General Public License Version 2 or later (the
- "GPL"), in which case the provisions of the GPL are applicable
- instead of those above. If you wish to allow use of your
- version of this file only under the terms of the GPL and not to
- allow others to use your version of this file under the MPL,
- indicate your decision by deleting the provisions above and
- replace them with the notice and other provisions required by
- the GPL. If you do not delete the provisions above, a recipient
- may use your version of this file under either the MPL or the
- GPL.
-->
<body>
<table border=1 cellspacing=5 cellpadding=5>
<form method="post" name="primary_form" action="http://troll.mcom.com/jsw/cgi-bin/echoform.cgi">
<tr>
<td>
<b>Netscape Certificate Type: </b></p>
Activate extension: <input type="checkbox" name="netscape-cert-type"></P>
Critical: <input type="checkbox" name="netscape-cert-type-crit">
<td>
<input type="checkbox" name="netscape-cert-type-ssl-client"> SSL Client</P>
<input type="checkbox" name="netscape-cert-type-ssl-server"> SSL Server</P>
<input type="checkbox" name="netscape-cert-type-smime"> S/MIME</P>
<input type="checkbox" name="netscape-cert-type-object-signing"> Object Signing</P>
<input type="checkbox" name="netscape-cert-type-reserved"> Reserved for future use (bit 4)</P>
<input type="checkbox" name="netscape-cert-type-ssl-ca"> SSL CA</P>
<input type="checkbox" name="netscape-cert-type-smime-ca"> S/MIME CA</P>
<input type="checkbox" name="netscape-cert-type-object-signing-ca"> Object Signing CA</P>
</tr>
<tr>
<td>
<b>Netscape Base URL:</b></p>
Activate extension: <input type="checkbox" name="netscape-base-url"></P>
Critical: <input type="checkbox" name="netscape-base-url-crit">
<td>
<input type="text" name="netscape-base-url-text" size="50">
</tr>
<tr>
<td>
<b>Netscape Revocation URL:</b></p>
Activate extension: <input type="checkbox" name="netscape-revocation-url"></P>
Critical: <input type="checkbox" name="netscape-revocation-url-crit">
<td>
<input type="text" name="netscape-revocation-url-text" size="50">
</tr>
<tr>
<td>
<b>Netscape CA Revocation URL:</b></p>
Activate extension: <input type="checkbox" name="netscape-ca-revocation-url"></P>
Critical: <input type="checkbox" name="netscape-ca-revocation-url-crit">
<td>
<input type="text" name="netscape-ca-revocation-url-text" size="50">
</tr>
<tr>
<td>
<b>Netscape Certificate Renewal URL:</b></p>
Activate extension: <input type="checkbox" name="netscape-cert-renewal-url"></P>
Critical: <input type="checkbox" name="netscape-cert-renewal-url-crit">
<td>
<input type="text" name="netscape-cert-renewal-url-text" size="50">
</tr>
<tr>
<td>
<b>Netscape CA Policy URL:</b></p>
Activate extension: <input type="checkbox" name="netscape-ca-policy-url"></P>
Critical: <input type="checkbox" name="netscape-ca-policy-url-crit">
<td>
<input type="text" name="netscape-ca-policy-url-text" size="50">
</tr>
<tr>
<td>
<b>Netscape SSL Server Name:</b></p>
Activate extension: <input type="checkbox" name="netscape-ssl-server-name"></P>
Critical: <input type="checkbox" name="netscape-ssl-server-name-crit">
<td>
<input type="text" name="netscape-ssl-server-name-text" size="50">
</tr>
<tr>
<td>
<b>Netscape Comment:</b></p>
Activate extension: <input type="checkbox" name="netscape-comment"></P>
Critical: <input type="checkbox" name="netscape-comment-crit">
<td>
<textarea name="netscape-comment-text" rows="5" cols="50"></textarea>
</tr>
</table>
</body>
</html>

247
security/nss/cmd/certcgi/stnd_ext_form.html Normal file
Просмотреть файл

@ -0,0 +1,247 @@
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
<!--
- The contents of this file are subject to the Mozilla Public
- License Version 1.1 (the "License"); you may not use this file
- except in compliance with the License. You may obtain a copy of
- the License at http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS
- IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- implied. See the License for the specific language governing
- rights and limitations under the License.
-
- The Original Code is the Netscape security libraries.
-
- The Initial Developer of the Original Code is Netscape
- Communications Corporation. Portions created by Netscape are
- Copyright (C) 1994-2000 Netscape Communications Corporation. All
- Rights Reserved.
-
- Contributor(s):
-
- Alternatively, the contents of this file may be used under the
- terms of the GNU General Public License Version 2 or later (the
- "GPL"), in which case the provisions of the GPL are applicable
- instead of those above. If you wish to allow use of your
- version of this file only under the terms of the GPL and not to
- allow others to use your version of this file under the MPL,
- indicate your decision by deleting the provisions above and
- replace them with the notice and other provisions required by
- the GPL. If you do not delete the provisions above, a recipient
- may use your version of this file under either the MPL or the
- GPL.
-->
<body>
<table border=1 cellspacing=5 cellpadding=5>
<form method="post" name="primary_form" action="http://troll.mcom.com/jsw/cgi-bin/echoform.cgi">
<tr>
<td>
<b>Key Usage: </b></p>
Activate extension: <input type="checkbox" name="keyUsage"></P>
Critical: <input type="checkbox" name="keyUsage-crit">
<td>
<input type="checkbox" name="keyUsage-digitalSignature"> Digital Signature</P>
<input type="checkbox" name="keyUsage-nonRepudiation"> Non Repudiation</P>
<input type="checkbox" name="keyUsage-keyEncipherment"> Key Encipherment</P>
<input type="checkbox" name="keyUsage-dataEncipherment"> Data Encipherment</P>
<input type="checkbox" name="keyUsage-keyAgreement"> Key Agreement</P>
<input type="checkbox" name="keyUsage-keyCertSign"> Key Certificate Signing</P>
<input type="checkbox" name="keyUsage-cRLSign"> CRL Signing</P>
</tr>
<tr>
<td>
<b>Extended Key Usage: </b></p>
Activate extension: <input type="checkbox" name="extKeyUsage"></P>
Critical: <input type="checkbox" name="extKeyUsage-crit">
<td>
<input type="checkbox" name="extKeyUsage-serverAuth"> Server Auth</P>
<input type="checkbox" name="extKeyUsage-clientAuth"> Client Auth</P>
<input type="checkbox" name="extKeyUsage-codeSign"> Code Signing</P>
<input type="checkbox" name="extKeyUsage-emailProtect"> Email Protection</P>
<input type="checkbox" name="extKeyUsage-timeStamp"> Timestamp</P>
<input type="checkbox" name="extKeyUsage-ocspResponder"> OCSP Responder</P>
<input type="checkbox" name="extKeyUsage-NS-govtApproved"> Step-up</P>
</tr>
<tr>
<td>
<b>Basic Constraints:</b></p>
Activate extension: <input type="checkbox" name="basicConstraints"></P>
Critical: <input type="checkbox" name="basicConstraints-crit">
<td>
CA:</p>
<dd><input type=radio name="basicConstraints-cA-radio" value="CA"> True</p>
<dd><input type=radio name="basicConstraints-cA-radio" value="NotCA"> False</p>
<input type="checkbox" name="basicConstraints-pathLengthConstraint">
Include Path length: <input type="text" name="basicConstraints-pathLengthConstraint-text" size="2"></p>
</tr>
<tr>
<td>
<b>Authority Key Identifier:</b></p>
Activate extension: <input type="checkbox" name="authorityKeyIdentifier">
<td>
<input type="radio" name="authorityKeyIdentifier-radio" value="keyIdentifier"> Key Identider</p>
<input type="radio" name="authorityKeyIdentifier-radio" value="authorityCertIssuer"> Issuer Name and Serial number</p>
</tr>
<tr>
<td>
<b>Subject Key Identifier:</b></p>
Activate extension: <input type="checkbox" name="subjectKeyIdentifier">
<td>
Key Identifier:
<input type="text" name="subjectKeyIdentifier-text"></p>
This is an:<p>
<dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="ascii"> ascii text value<p>
<dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="hex"> hex value<p>
</tr>
<tr>
<td>
<b>Private Key Usage Period:</b></p>
Activate extension: <input type="checkbox" name="privKeyUsagePeriod"></p>
Critical: <input type="checkbox" name="privKeyUsagePeriod-crit">
<td>
Use:</p>
<dd><input type="radio" name="privKeyUsagePeriod-radio" value="notBefore"> Not Before</p>
<dd><input type="radio" name="privKeyUsagePeriod-radio" value="notAfter"> Not After</p>
<dd><input type="radio" name="privKeyUsagePeriod-radio" value="both" > Both</p>
<b>Not to be used to sign before:</b></p>
<dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="auto"> Set to time of certificate issue</p>
<dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="manual"> Use This value</p>
<dd><dd>(YYYY/MM/DD HH:MM:SS):
<input type="text" name="privKeyUsagePeriod-notBefore-year" size="4" maxlength="4">/
<input type="text" name="privKeyUsagePeriod-notBefore-month" size="2" maxlength="2">/
<input type="text" name="privKeyUsagePeriod-notBefore-day" size="2" maxlength="2">
<input type="text" name="privKeyUsagePeriod-notBefore-hour" size="2" maxlength="2">:
<input type="text" name="privKeyUsagePeriod-notBefore-minute" size="2" maxlength="2">:
<input type="text" name="privKeyUsagePeriod-notBefore-second" size="2" maxlength="2"></p>
<b>Not to be used to sign after:</b></p>
<dd>(YYYY/MM/DD HH:MM:SS):
<input type="text" name="privKeyUsagePeriod-notAfter-year" size="4" maxlength="4">/
<input type="text" name="privKeyUsagePeriod-notAfter-month" size="2" maxlength="2">/
<input type="text" name="privKeyUsagePeriod-notAfter-day" size="2" maxlength="2">
<input type="text" name="privKeyUsagePeriod-notAfter-hour" size="2" maxlength="2">:
<input type="text" name="privKeyUsagePeriod-notAfter-minute" size="2" maxlength="2">:
<input type="text" name="privKeyUsagePeriod-notAfter-second" size="2" maxlength="2"></p>
</tr>
<tr>
<td>
<b>Subject Alternative Name:</b></p>
Activate extension: <input type="checkbox" name="SubAltName"></P>
Critical: <input type="checkbox" name="SubAltName-crit">
<td>
<table>
<tr>
<td>
General Names:</p>
<select name="SubAltNameSelect" multiple size="10">
</select></p></p>
<input type="button" name="SubAltName-add" value="Add" onClick="{parent.addSubAltName(this.form)}">
<input type="button" name="SubAltName-delete" value="Delete" onClick="parent.deleteSubAltName(this.form)">
</td><td>
<table><tr><td>
Name Type: </td></tr><tr><td>
<input type="radio" name="SubAltNameRadio" value="otherName" onClick="parent.setSubAltNameType(form)"> Other Name,
OID: <input type="text" name="SubAltNameOtherNameOID" size="6"> </td><td>
<input type="radio" name="SubAltNameRadio" value="rfc822Name" onClick="parent.setSubAltNameType(form)"> RFC 822 Name</td></tr><td>
<input type="radio" name="SubAltNameRadio" value="dnsName" onClick="parent.setSubAltNameType(form)"> DNS Name </td><td>
<input type="radio" name="SubAltNameRadio" value="x400" onClick="parent.setSubAltNameType(form)"> X400 Address</td></tr><td>
<input type="radio" name="SubAltNameRadio" value="directoryName" onClick="parent.setSubAltNameType(form)"> Directory Name</td><td>
<input type="radio" name="SubAltNameRadio" value="ediPartyName" onClick="parent.setSubAltNameType(form)"> EDI Party Name</td></tr><td>
<input type="radio" name="SubAltNameRadio" value="URL" onClick="parent.setSubAltNameType(form)"> Uniform Resource Locator</td><td>
<input type="radio" name="SubAltNameRadio" value="ipAddress" onClick="parent.setSubAltNameType(form)"> IP Address</td></tr><td>
<input type="radio" name="SubAltNameRadio" value="regID"onClick="parent.setSubAltNameType(form)"> Registered ID</td><td>
<input type="radio" name="SubAltNameRadio" value="nscpNickname" onClick="parent.setSubAltNameType(form)"> Netscape Certificate Nickname</td><td></tr>
</table>
Name: <input type="text" name="SubAltNameText">
Binary Encoded: <input type="checkbox" name="SubAltNameDataType" value="binary" onClick="parent.setSubAltNameType(form)"></p>
</tr>
</table>
</tr>
<tr>
<td>
<b>Issuer Alternative Name:</b></p>
Activate extension: <input type="checkbox" name="IssuerAltName"></P>
Critical: <input type="checkbox" name="IssuerAltName-crit">
<td>
<input type="radio" name="IssuerAltNameSourceRadio" value="auto"> Use the Subject Alternative Name from the Issuers Certificate</p>
<input type="radio" name="IssuerAltNameSourceRadio" value="man"> Use this Name:
<table>
<tr>
<td>
General Names:</p>
<select name="IssuerAltNameSelect" multiple size="10">
</select></p></p>
<input type="button" name="IssuerAltName-add" value="Add" onClick="{parent.addIssuerAltName(this.form)}">
<input type="button" name="IssuerAltName-delete" value="Delete" onClick="parent.deleteIssuerAltName(this.form)">
</td><td>
<table><tr><td>
Name Type: </td></tr><tr><td>
<input type="radio" name="IssuerAltNameRadio" value="otherName" onClick="parent.setIssuerAltNameType(form)"> Other Name,
OID: <input type="text" name="IssuerAltNameOtherNameOID" size="6"> </td><td>
<input type="radio" name="IssuerAltNameRadio" value="rfc822Name" onClick="parent.setIssuerAltNameType(form)"> RFC 822 Name</td></tr><td>
<input type="radio" name="IssuerAltNameRadio" value="dnsName" onClick="parent.setIssuerAltNameType(form)"> DNS Name </td><td>
<input type="radio" name="IssuerAltNameRadio" value="x400" onClick="parent.setIssuerAltNameType(form)"> X400 Address</td></tr><td>
<input type="radio" name="IssuerAltNameRadio" value="directoryName" onClick="parent.setIssuerAltNameType(form)"> Directory Name</td><td>
<input type="radio" name="IssuerAltNameRadio" value="ediPartyName" onClick="parent.setIssuerAltNameType(form)"> EDI Party Name</td></tr><td>
<input type="radio" name="IssuerAltNameRadio" value="URL" onClick="parent.setIssuerAltNameType(form)"> Uniform Resource Locator</td><td>
<input type="radio" name="IssuerAltNameRadio" value="ipAddress" onClick="parent.setIssuerAltNameType(form)"> IP Address</td></tr><td>
<input type="radio" name="IssuerAltNameRadio" value="regID" onClick="parent.setIssuerAltNameType(form)"> Registered ID</td><td></tr>
</table>
Name: <input type="text" name="IssuerAltNameText">
Binary Encoded: <input type="checkbox" name="IssuerAltNameDataType" value="binary" onClick="parent.setIssuerAltNameType(form)"></p>
</tr>
</table>
</tr>
<tr>
<td>
<b>Name Constraints:</b></p>
Activate extension: <input type="checkbox" name="NameConstraints"></P>
<td>
<table>
<tr>
<td>
Name Constraints:</p>
<select name="NameConstraintSelect" multiple size="10">
</select></p></p>
<input type="button" name="NameConstraint-add" value="Add" onClick="{parent.addNameConstraint(this.form)}">
<input type="button" name="NameConstraint-delete" value="Delete" onClick="parent.deleteNameConstraint(this.form)">
</td><td>
<table><tr><td>
Name Type: </td></tr><tr><td>
<input type="radio" name="NameConstraintRadio" value="otherName" onClick="parent.setNameConstraintNameType(form)"> Other Name,
OID: <input type="text" name="NameConstraintOtherNameOID" size="6"> </td><td>
<input type="radio" name="NameConstraintRadio" value="rfc822Name" onClick="parent.setNameConstraintNameType(form)"> RFC 822 Name</td></tr><td>
<input type="radio" name="NameConstraintRadio" value="dnsName" onClick="parent.setNameConstraintNameType(form)"> DNS Name </td><td>
<input type="radio" name="NameConstraintRadio" value="x400" onClick="parent.setNameConstraintNameType(form)"> X400 Address</td></tr><td>
<input type="radio" name="NameConstraintRadio" value="directoryName" onClick="parent.setNameConstraintNameType(form)"> Directory Name</td><td>
<input type="radio" name="NameConstraintRadio" value="ediPartyName" onClick="parent.setNameConstraintNameType(form)"> EDI Party Name</td></tr><td>
<input type="radio" name="NameConstraintRadio" value="URL" onClick="parent.setNameConstraintNameType(form)"> Uniform Resource Locator</td><td>
<input type="radio" name="NameConstraintRadio" value="ipAddress" onClick="parent.setNameConstraintNameType(form)"> IP Address</td></tr><td>
<input type="radio" name="NameConstraintRadio" value="regID" onClick="parent.setNameConstraintNameType(form)"> Registered ID</td><td></tr>
</table>
Name: <input type="text" name="NameConstraintText">
Binary Encoded: <input type="checkbox" name="NameConstraintNameDataType" value="binary" onClick="parent.setNameConstraintNameType(form)"></p>
Constraint type:<p>
<dd><input type="radio" name="NameConstraintTypeRadio" value="permited"> permited<p>
<dd><input type="radio" name="NameConstraintTypeRadio" value="excluded"> excluded<p>
Minimum: <input type="text" name="NameConstraintMin" size="8" maxlength="8"></p>
Maximum: <input type="text" name="NameConstraintMax" size="8" maxlength="8"></p>
</tr>
</table>
</tr>
</table>
</body>
</html>

76
security/nss/cmd/certutil/Makefile Normal file
Просмотреть файл

@ -0,0 +1,76 @@
#! gmake
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platlibs.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platrules.mk

2532
security/nss/cmd/certutil/certutil.c Normal file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

491
security/nss/cmd/certutil/keystuff.c Normal file
Просмотреть файл

@ -0,0 +1,491 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include <stdio.h>
#include <string.h>
#include "secutil.h"
#if defined(XP_UNIX)
#include <unistd.h>
#include <sys/time.h>
#include <termios.h>
#endif
#if defined(XP_WIN)
#include <time.h>
#include <conio.h>
#endif
#if defined(__sun) && !defined(SVR4)
extern int fclose(FILE*);
extern int fprintf(FILE *, char *, ...);
extern int isatty(int);
extern char *sys_errlist[];
#define strerror(errno) sys_errlist[errno]
#endif
#include "nspr.h"
#include "prtypes.h"
#include "prtime.h"
#include "prlong.h"
#include "pk11func.h"
#include "secrng.h"
#include "pqgutil.h"
#define NUM_KEYSTROKES 120
#define RAND_BUF_SIZE 60
#define ERROR_BREAK rv = SECFailure;break;
static void
UpdateRNG(void)
{
char * randbuf;
int fd, i, count;
char c;
#ifdef XP_UNIX
cc_t orig_cc_min;
cc_t orig_cc_time;
tcflag_t orig_lflag;
struct termios tio;
#endif
#define FPS fprintf(stderr,
FPS "\n");
FPS "A random seed must be generated that will be used in the\n");
FPS "creation of your key. One of the easiest ways to create a\n");
FPS "random seed is to use the timing of keystrokes on a keyboard.\n");
FPS "\n");
FPS "To begin, type keys on the keyboard until this progress meter\n");
FPS "is full. DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!\n");
FPS "\n");
FPS "\n");
FPS "Continue typing until the progress meter is full:\n\n");
FPS "| |\r");
/* turn off echo on stdin & return on 1 char instead of NL */
fd = fileno(stdin);
#ifdef XP_UNIX
tcgetattr(fd, &tio);
orig_lflag = tio.c_lflag;
orig_cc_min = tio.c_cc[VMIN];
orig_cc_time = tio.c_cc[VTIME];
tio.c_lflag &= ~ECHO;
tio.c_lflag &= ~ICANON;
tio.c_cc[VMIN] = 1;
tio.c_cc[VTIME] = 0;
tcsetattr(fd, TCSAFLUSH, &tio);
#endif
/* Get random noise from keyboard strokes */
randbuf = (char *) PORT_Alloc(RAND_BUF_SIZE);
count = 0;
while (count < NUM_KEYSTROKES+1) {
#ifdef XP_UNIX
c = getc(stdin);
#else
c = getch();
#endif
RNG_GetNoise(&randbuf[1], sizeof(randbuf)-1);
RNG_RandomUpdate(randbuf, sizeof(randbuf));
if (c != randbuf[0]) {
randbuf[0] = c;
FPS "\r|");
for (i=0; i<count/(NUM_KEYSTROKES/RAND_BUF_SIZE); i++) {
FPS "*");
}
if (count%(NUM_KEYSTROKES/RAND_BUF_SIZE) == 1)
FPS "/");
count++;
}
}
free(randbuf);
FPS "\n\n");
FPS "Finished. Press enter to continue: ");
while (getc(stdin) != '\n')
;
FPS "\n");
#undef FPS
#ifdef XP_UNIX
/* set back termio the way it was */
tio.c_lflag = orig_lflag;
tio.c_cc[VMIN] = orig_cc_min;
tio.c_cc[VTIME] = orig_cc_time;
tcsetattr(fd, TCSAFLUSH, &tio);
#endif
}
static unsigned char P[] = { 0x00, 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76,
0xaa, 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69,
0xcb, 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c,
0xf7, 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82,
0xe5, 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e,
0xaf, 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a,
0xac, 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24,
0xc2, 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02,
0x91 };
static unsigned char Q[] = { 0x00, 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8,
0xee, 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4,
0x8e, 0xda, 0xce, 0x91, 0x5f };
static unsigned char G[] = { 0x00, 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a,
0x13, 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5,
0x00, 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef,
0xcb, 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c,
0x2e, 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba,
0xbf, 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c,
0x9c, 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08,
0x8c, 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88,
0x02 };
static PQGParams default_pqg_params = {
NULL,
{ 0, P, sizeof(P) },
{ 0, Q, sizeof(Q) },
{ 0, G, sizeof(G) }
};
static PQGParams *
decode_pqg_params(char *str)
{
char *buf;
unsigned int len;
PRArenaPool *arena;
PQGParams *params;
SECStatus status;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL)
return NULL;
params = PORT_ArenaZAlloc(arena, sizeof(PQGParams));
if (params == NULL)
goto loser;
params->arena = arena;
buf = (char *)ATOB_AsciiToData(str, &len);
if ((buf == NULL) || (len == 0))
goto loser;
status = SEC_ASN1Decode(arena, params, SECKEY_PQGParamsTemplate, buf, len);
if (status != SECSuccess)
goto loser;
return params;
loser:
if (arena != NULL)
PORT_FreeArena(arena, PR_FALSE);
return NULL;
}
static int
pqg_prime_bits(char *str)
{
PQGParams *params = NULL;
int primeBits = 0, i;
params = decode_pqg_params(str);
if (params == NULL)
goto done; /* lose */
for (i = 0; params->prime.data[i] == 0; i++)
/* empty */;
primeBits = (params->prime.len - i) * 8;
done:
if (params != NULL)
PQG_DestroyParams(params);
return primeBits;
}
static char *
SECU_GetpqgString(char *filename)
{
unsigned char phrase[400];
FILE *fh;
char *rv;
fh = fopen(filename,"r");
rv = fgets ((char*) phrase, sizeof(phrase), fh);
fclose(fh);
if (phrase[strlen(phrase)-1] == '\n')
phrase[strlen(phrase)-1] = '\0';
if (rv) {
return (char*) PORT_Strdup((char*)phrase);
}
fprintf(stderr,"pqg file contain no data\n");
return NULL;
}
PQGParams*
getpqgfromfile(int keyBits, char *pqgFile)
{
char *end, *str, *pqgString;
int primeBits;
pqgString = SECU_GetpqgString(pqgFile);
if (pqgString)
str = PORT_Strdup(pqgString);
else
return NULL;
do {
end = PORT_Strchr(str, ',');
if (end)
*end = '\0';
primeBits = pqg_prime_bits(str);
if (keyBits == primeBits)
goto found_match;
str = end + 1;
} while (end);
PORT_Free(pqgString);
PORT_Free(str);
return NULL;
found_match:
PORT_Free(pqgString);
PORT_Free(str);
return decode_pqg_params(str);
}
SECKEYPrivateKey *
CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
int publicExponent, char *noise,
SECKEYPublicKey **pubkeyp, char *pqgFile,
char *passFile)
{
CK_MECHANISM_TYPE mechanism;
SECOidTag algtag;
PK11RSAGenParams rsaparams;
PQGParams *dsaparams = NULL;
void *params;
secuPWData pwdata = { PW_NONE, 0 };
/*
* Do some random-number initialization.
*/
RNG_SystemInfoForRNG();
if (noise) {
RNG_FileForRNG(noise);
} else {
UpdateRNG();
}
switch (keytype) {
case rsaKey:
rsaparams.keySizeInBits = size;
rsaparams.pe = publicExponent;
mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
algtag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
params = &rsaparams;
break;
case dsaKey:
mechanism = CKM_DSA_KEY_PAIR_GEN;
algtag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
if (pqgFile) {
dsaparams = getpqgfromfile(size, pqgFile);
} else {
dsaparams = &default_pqg_params;
}
params = dsaparams;
default:
return NULL;
}
if (slot == NULL)
return NULL;
if (passFile) {
pwdata.source = PW_FROMFILE;
pwdata.data = passFile;
}
if (PK11_Authenticate(slot, PR_TRUE, &pwdata) != SECSuccess)
return NULL;
fprintf(stderr, "\n\n");
fprintf(stderr, "Generating key. This may take a few moments...\n\n");
return PK11_GenerateKeyPair(slot, mechanism, params, pubkeyp,
PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/,
NULL /*wincx*/);
}
/*
* The following is all functionality moved over from keyutil, which may
* or may not become completely obsolete. So, some of this stuff may
* end up being turned on from within certutil. Some is probably not
* even feasible anymore (Add/Delete?).
*/
#ifdef LATER
static SECStatus
ListKeys(FILE *out)
{
int rt;
rt = SECU_PrintKeyNames(handle, out);
if (rt) {
SECU_PrintError(progName, "unable to list nicknames");
return SECFailure;
}
return SECSuccess;
}
static SECStatus
DumpPublicKey(char *nickname, FILE *out)
{
SECKEYLowPrivateKey *privKey;
SECKEYLowPublicKey *publicKey;
/* check if key actually exists */
if (SECU_CheckKeyNameExists(handle, nickname) == PR_FALSE) {
SECU_PrintError(progName, "the key \"%s\" does not exist", nickname);
return SECFailure;
}
/* Read in key */
privKey = SECU_GetPrivateKey(handle, nickname);
if (!privKey) {
return SECFailure;
}
publicKey = SECKEY_LowConvertToPublicKey(privKey);
/* Output public key (in the clear) */
switch(publicKey->keyType) {
case rsaKey:
fprintf(out, "RSA Public-Key:\n");
SECU_PrintInteger(out, &publicKey->u.rsa.modulus, "modulus", 1);
SECU_PrintInteger(out, &publicKey->u.rsa.publicExponent,
"publicExponent", 1);
break;
case dsaKey:
fprintf(out, "DSA Public-Key:\n");
SECU_PrintInteger(out, &publicKey->u.dsa.params.prime, "prime", 1);
SECU_PrintInteger(out, &publicKey->u.dsa.params.subPrime,
"subPrime", 1);
SECU_PrintInteger(out, &publicKey->u.dsa.params.base, "base", 1);
SECU_PrintInteger(out, &publicKey->u.dsa.publicValue, "publicValue", 1);
break;
default:
fprintf(out, "unknown key type\n");
break;
}
return SECSuccess;
}
static SECStatus
DumpPrivateKey(char *nickname, FILE *out)
{
SECKEYLowPrivateKey *key;
/* check if key actually exists */
if (SECU_CheckKeyNameExists(handle, nickname) == PR_FALSE) {
SECU_PrintError(progName, "the key \"%s\" does not exist", nickname);
return SECFailure;
}
/* Read in key */
key = SECU_GetPrivateKey(handle, nickname);
if (!key) {
SECU_PrintError(progName, "error retrieving key");
return SECFailure;
}
switch(key->keyType) {
case rsaKey:
fprintf(out, "RSA Private-Key:\n");
SECU_PrintInteger(out, &key->u.rsa.modulus, "modulus", 1);
SECU_PrintInteger(out, &key->u.rsa.publicExponent, "publicExponent", 1);
SECU_PrintInteger(out, &key->u.rsa.privateExponent,
"privateExponent", 1);
SECU_PrintInteger(out, &key->u.rsa.prime[0], "prime[0]", 1);
SECU_PrintInteger(out, &key->u.rsa.prime[1], "prime[1]", 1);
SECU_PrintInteger(out, &key->u.rsa.primeExponent[0],
"primeExponent[0]", 1);
SECU_PrintInteger(out, &key->u.rsa.primeExponent[1],
"primeExponent[1]", 1);
SECU_PrintInteger(out, &key->u.rsa.coefficient, "coefficient", 1);
break;
case dsaKey:
fprintf(out, "DSA Private-Key:\n");
SECU_PrintInteger(out, &key->u.dsa.params.prime, "prime", 1);
SECU_PrintInteger(out, &key->u.dsa.params.subPrime, "subPrime", 1);
SECU_PrintInteger(out, &key->u.dsa.params.base, "base", 1);
SECU_PrintInteger(out, &key->u.dsa.publicValue, "publicValue", 1);
SECU_PrintInteger(out, &key->u.dsa.privateValue, "privateValue", 1);
break;
default:
fprintf(out, "unknown key type\n");
break;
}
return SECSuccess;
}
static SECStatus
ChangePassword(void)
{
SECStatus rv;
/* Write out database with a new password */
rv = SECU_ChangeKeyDBPassword(handle);
if (rv) {
SECU_PrintError(progName, "unable to change key password");
}
return rv;
}
static SECStatus DeletePrivateKey (char *nickName)
{
int rv;
rv = SECU_DeleteKeyByName (keyHandle, nickName);
if (rv != SECSuccess)
fprintf(stderr, "%s: problem deleting private key (%s)\n",
progName, SECU_Strerror(PR_GetError()));
return (rv);
}
#endif /* LATER */

155
security/nss/cmd/certutil/makefile.win Normal file
Просмотреть файл

@ -0,0 +1,155 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
VERBOSE = 1
include <manifest.mn>
PROGRAM = certutil
PROGRAM = $(OBJDIR)\$(PROGRAM).exe
include <$(DEPTH)\config\config.mak>
# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/
# rules.mak will append C_OBJS onto OBJS.
# OBJS = $(CSRCS:.c=.obj)
# include files are looked for in $LINCS and $INCS.
# $LINCS is in manifest.mnw, computed from REQUIRES=
INCS = $(INCS) \
-I$(DEPTH)/security/lib/cert \
-I../include \
$(NULL)
IGNORE_ME = \
-I$(DEPTH)/security/lib/key \
-I$(DEPTH)/security/lib/util \
WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg
# these files are the content of libdbm
DBM_LIB = \
$(WINFE)/DB.obj \
$(WINFE)/HASH.obj \
$(WINFE)/H_BIGKEY.obj \
$(WINFE)/H_PAGE.obj \
$(WINFE)/H_LOG2.obj \
$(WINFE)/H_FUNC.obj \
$(WINFE)/HASH_BUF.obj \
$(NULL)
MOZ_LIBS = \
$(WINFE)/ALLXPSTR.obj \
$(WINFE)/XP_ERROR.obj \
$(WINFE)/XPASSERT.obj \
$(WINFE)/XP_REG.obj \
$(WINFE)/XP_TRACE.obj \
$(DBM_LIB) \
$(WINFE)/XP_STR.obj \
$(WINFE)/MKTEMP.obj \
$(NULL)
SEC_LIBS = \
$(DIST)/lib/cert$(MOZ_BITS).lib \
$(DIST)/lib/crypto$(MOZ_BITS).lib \
$(DIST)/lib/hash$(MOZ_BITS).lib \
$(DIST)/lib/key$(MOZ_BITS).lib \
$(DIST)/lib/pkcs7$(MOZ_BITS).lib \
$(DIST)/lib/secmod$(MOZ_BITS).lib \
$(DIST)/lib/secutl$(MOZ_BITS).lib \
$(DIST)/lib/ssl$(MOZ_BITS).lib \
$(NULL)
LLFLAGS = $(LLFLAGS) \
../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \
$(SEC_LIBS) \
$(MOZ_LIBS) \
$(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \
$(LIBNSPR) \
$(NULL)
# awt3240.lib # brpref32.lib # cert32.lib
# crypto32.lib # dllcom.lib # editor32.lib
# edpref32.lib # edtplug.lib # font.lib
# hash32.lib # htmldg32.lib # img32.lib
# javart32.lib # jbn3240.lib # jdb3240.lib
# jmc.lib # jpeg3240.lib # jpw3240.lib
# jrt3240.lib # js3240.lib # jsd3240.lib
# key32.lib # libapplet32.lib # libnjs32.lib
# libnsc32.lib # libreg32.lib # mm3240.lib
# mnpref32.lib # netcst32.lib # nsdlg32.lib
# nsldap32.lib # nsldaps32.lib # nsn32.lib
# pkcs1232.lib # pkcs732.lib # pr3240.lib
# prefui32.lib # prefuuid.lib # secmod32.lib
# secnav32.lib # secutl32.lib # softup32.lib
# sp3240.lib # ssl32.lib # uni3200.lib
# unicvt32.lib # win32md.lib # winfont.lib
# xppref32.lib # zlib32.lib
include <$(DEPTH)\config\rules.mak>
INSTALL = $(MAKE_INSTALL)
objs: $(OBJS)
$(PROGRAM)::
$(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR)
programs: $(PROGRAM)
install:: $(TARGETS)
$(INSTALL) $(TARGETS) $(DIST)/bin
# ALLXPSTR.obj XP_ALLOC.obj XP_HASH.obj XP_RGB.obj XP_WRAP.obj
# CXPRINT.obj XP_C.cl XP_LIST.obj XP_SEC.obj netscape.exp
# CXPRNDLG.obj XP_CNTXT.obj XP_MD5.obj XP_STR.obj xp.pch
# EXPORT.obj XP_CORE.obj XP_MESG.obj XP_THRMO.obj xppref32.dll
# XPASSERT.obj XP_ERROR.obj XP_RECT.obj XP_TIME.obj
# XPLOCALE.obj XP_FILE.obj XP_REG.obj XP_TRACE.obj
symbols:
@echo "CSRCS = $(CSRCS)"
@echo "INCS = $(INCS)"
@echo "OBJS = $(OBJS)"
@echo "LIBRARY = $(LIBRARY)"
@echo "PROGRAM = $(PROGRAM)"
@echo "TARGETS = $(TARGETS)"
@echo "DIST = $(DIST)"
@echo "VERSION_NUMBER = $(VERSION_NUMBER)"
@echo "WINFE = $(WINFE)"
@echo "DBM_LIB = $(DBM_LIB)"
@echo "INSTALL = $(INSTALL)"

50
security/nss/cmd/certutil/manifest.mn Normal file
Просмотреть файл

@ -0,0 +1,50 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
CORE_DEPTH = ../../..
DEFINES += -DNSPR20 -DSECUTIL_NEW
# MODULE public and private header directories are implicitly REQUIRED.
MODULE = security
CSRCS = \
certutil.c \
keystuff.c \
$(NULL)
# The MODULE is always implicitly required.
# Listing it here in REQUIRES makes it appear twice in the cc command line.
REQUIRES = dbm seccmd
PROGRAM = certutil

76
security/nss/cmd/checkcert/Makefile Normal file
Просмотреть файл

@ -0,0 +1,76 @@
#! gmake
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platlibs.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platrules.mk

636
security/nss/cmd/checkcert/checkcert.c Normal file
Просмотреть файл

@ -0,0 +1,636 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "secutil.h"
#include "plgetopt.h"
#include "cert.h"
#include "secoid.h"
#include "cryptohi.h"
/* maximum supported modulus length in bits (indicate problem if over this) */
#define MAX_MODULUS (1024)
static void Usage(char *progName)
{
fprintf(stderr, "Usage: %s [aAvf] [certtocheck] [issuingcert]\n",
progName);
fprintf(stderr, "%-20s Cert to check is base64 encoded\n",
"-a");
fprintf(stderr, "%-20s Issuer's cert is base64 encoded\n",
"-A");
fprintf(stderr, "%-20s Verbose (indicate decoding progress etc.)\n",
"-v");
fprintf(stderr, "%-20s Force sanity checks even if pretty print fails.\n",
"-f");
fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
"-o output");
fprintf(stderr, "%-20s Specify the input type (no default)\n",
"-t type");
exit(-1);
}
/*
* Check integer field named fieldName, printing out results and
* returning the length of the integer in bits
*/
static
int checkInteger(SECItem *intItem, char *fieldName, int verbose)
{
int len, bitlen;
if (verbose) {
printf("Checking %s\n", fieldName);
}
len = intItem->len;
if (len && (intItem->data[0] & 0x80)) {
printf("PROBLEM: %s is NEGATIVE 2's-complement integer.\n",
fieldName);
}
/* calculate bit length and check for unnecessary leading zeros */
bitlen = len << 3;
if (len > 1 && intItem->data[0] == 0) {
/* leading zero byte(s) */
if (!(intItem->data[1] & 0x80)) {
printf("PROBLEM: %s has unneeded leading zeros. Violates DER.\n",
fieldName);
}
/* strip leading zeros in length calculation */
{
int i=0;
while (bitlen > 8 && intItem->data[i] == 0) {
bitlen -= 8;
i++;
}
}
}
return bitlen;
}
static
void checkName(CERTName *n, char *fieldName, int verbose)
{
char *v=0;
if (verbose) {
printf("Checking %s\n", fieldName);
}
v = CERT_GetCountryName(n);
if (!v) {
printf("PROBLEM: %s lacks Country Name (C)\n",
fieldName);
}
PORT_Free(v);
v = CERT_GetOrgName(n);
if (!v) {
printf("PROBLEM: %s lacks Organization Name (O)\n",
fieldName);
}
PORT_Free(v);
v = CERT_GetOrgUnitName(n);
if (!v) {
printf("WARNING: %s lacks Organization Unit Name (OU)\n",
fieldName);
}
PORT_Free(v);
v = CERT_GetCommonName(n);
if (!v) {
printf("PROBLEM: %s lacks Common Name (CN)\n",
fieldName);
}
PORT_Free(v);
}
/*
* Private version of verification that checks for agreement between
* signature algorithm oid (at the SignedData level) and oid in DigestInfo.
*
*/
/* Returns the tag for the hash algorithm in the given signature algorithm */
static
int hashAlg(int sigAlgTag) {
int rv;
switch(sigAlgTag) {
case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
rv = SEC_OID_MD2;
break;
case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
rv = SEC_OID_MD5;
break;
case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
rv = SEC_OID_SHA1;
break;
default:
rv = -1;
}
return rv;
}
struct VFYContextStr {
int alg;
unsigned char digest[32];
void *hasher;
void (*begin)(void *);
void (*update)(void *, unsigned char*, unsigned);
SECStatus (*end)(void *, unsigned char*, unsigned int*, unsigned);
void (*destroy)(void *, PRBool);
};
static
SECStatus
OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key,
SECItem *sig, SECAlgorithmID *sigAlgorithm)
{
SECStatus rv;
VFYContext *cx;
SECOidData *sigAlgOid, *oiddata;
int sigAlgTag;
int hashAlgTag;
int showDigestOid=0;
cx = VFY_CreateContext(key, sig, SECOID_GetAlgorithmTag(sigAlgorithm),
NULL);
if (cx == NULL)
return SECFailure;
sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm);
if (sigAlgOid == 0)
return SECFailure;
sigAlgTag = sigAlgOid->offset;
hashAlgTag = hashAlg(sigAlgTag);
if (hashAlgTag == -1) {
printf("PROBLEM: Unsupported Digest Algorithm in DigestInfo");
showDigestOid = 1;
} else if (hashAlgTag != cx->alg) {
printf("PROBLEM: Digest OID in DigestInfo is incompatible "
"with Signature Algorithm\n");
showDigestOid = 1;
}
if (showDigestOid) {
oiddata = SECOID_FindOIDByTag(cx->alg);
if ( oiddata ) {
printf("PROBLEM: (cont) Digest OID is %s\n", oiddata->desc);
} else {
SECU_PrintAsHex(stdout,
&oiddata->oid, "PROBLEM: UNKNOWN OID", 0);
}
}
rv = VFY_Begin(cx);
if (rv == SECSuccess) {
rv = VFY_Update(cx, buf, len);
if (rv == SECSuccess)
rv = VFY_End(cx);
}
VFY_DestroyContext(cx, PR_TRUE);
return rv;
}
static
SECStatus
OurVerifySignedData(CERTSignedData *sd, CERTCertificate *cert)
{
SECItem sig;
SECKEYPublicKey *pubKey = 0;
SECStatus rv;
/* check the certificate's validity */
rv = CERT_CertTimesValid(cert);
if ( rv ) {
return(SECFailure);
}
/* get cert's public key */
pubKey = CERT_ExtractPublicKey(cert);
if ( !pubKey ) {
return(SECFailure);
}
/* check the signature */
sig = sd->signature;
DER_ConvertBitString(&sig);
rv = OurVerifyData(sd->data.data, sd->data.len, pubKey, &sig,
&sd->signatureAlgorithm);
SECKEY_DestroyPublicKey(pubKey);
if ( rv ) {
return(SECFailure);
}
return(SECSuccess);
}
static
CERTCertificate *createEmptyCertificate(void)
{
PRArenaPool *arena = 0;
CERTCertificate *c = 0;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( !arena ) {
return 0;
}
c = (CERTCertificate *) PORT_ArenaZAlloc(arena, sizeof(CERTCertificate));
if (c) {
c->referenceCount = 1;
c->arena = arena;
} else {
PORT_FreeArena(arena,PR_TRUE);
}
return c;
}
int main(int argc, char **argv)
{
int rv, verbose=0, force=0;
int ascii=0, issuerAscii=0;
char *progName=0;
PRFileDesc *inFile=0, *issuerCertFile=0;
SECItem derCert, derIssuerCert;
PRArenaPool *arena=0;
CERTSignedData *signedData=0;
CERTCertificate *cert=0, *issuerCert=0;
SECKEYPublicKey *rsapubkey=0;
SECAlgorithmID md5WithRSAEncryption, md2WithRSAEncryption;
SECAlgorithmID sha1WithRSAEncryption, rsaEncryption;
SECItem spk;
int selfSigned=0;
int invalid=0;
char *inFileName = NULL, *issuerCertFileName = NULL;
PLOptState *optstate;
PLOptStatus status;
PORT_Memset(&md5WithRSAEncryption, 0, sizeof(md5WithRSAEncryption));
PORT_Memset(&md2WithRSAEncryption, 0, sizeof(md2WithRSAEncryption));
PORT_Memset(&sha1WithRSAEncryption, 0, sizeof(sha1WithRSAEncryption));
PORT_Memset(&rsaEncryption, 0, sizeof(rsaEncryption));
progName = strrchr(argv[0], '/');
progName = progName ? progName+1 : argv[0];
optstate = PL_CreateOptState(argc, argv, "aAvf");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case 'v':
verbose = 1;
break;
case 'f':
force = 1;
break;
case 'a':
ascii = 1;
break;
case 'A':
issuerAscii = 1;
break;
case '\0':
if (!inFileName)
inFileName = PL_strdup(optstate->value);
else if (!issuerCertFileName)
issuerCertFileName = PL_strdup(optstate->value);
else
Usage(progName);
break;
}
}
if (!inFileName || !issuerCertFileName || status == PL_OPT_BAD) {
/* insufficient or excess args */
Usage(progName);
}
inFile = PR_Open(inFileName, PR_RDONLY, 0);
if (!inFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
progName, inFileName);
exit(1);
}
issuerCertFile = PR_Open(issuerCertFileName, PR_RDONLY, 0);
if (!issuerCertFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
progName, issuerCertFileName);
exit(1);
}
if (SECU_ReadDERFromFile(&derCert, inFile, ascii) != SECSuccess) {
printf("Couldn't read input certificate as DER binary or base64\n");
exit(1);
}
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == 0) {
fprintf(stderr,"%s: can't allocate scratch arena!", progName);
exit(1);
}
if (issuerCertFile) {
CERTSignedData *issuerCertSD=0;
if (SECU_ReadDERFromFile(&derIssuerCert, issuerCertFile, issuerAscii)
!= SECSuccess) {
printf("Couldn't read issuer certificate as DER binary or base64.\n");
exit(1);
}
issuerCertSD = (CERTSignedData *) PORT_ArenaZAlloc(arena,
sizeof(CERTSignedData));
if (!issuerCertSD) {
fprintf(stderr,"%s: can't allocate issuer signed data!", progName);
exit(1);
}
rv = SEC_ASN1DecodeItem(arena, issuerCertSD, CERT_SignedDataTemplate,
&derIssuerCert);
if (rv) {
fprintf(stderr, "%s: Issuer cert isn't X509 SIGNED Data?\n",
progName);
exit(1);
}
issuerCert = createEmptyCertificate();
if (!issuerCert) {
printf("%s: can't allocate space for issuer cert.", progName);
exit(1);
}
rv = SEC_ASN1DecodeItem(arena, issuerCert, CERT_CertificateTemplate,
&issuerCertSD->data);
if (rv) {
printf("%s: Does not appear to be an X509 Certificate.\n",
progName);
exit(1);
}
}
signedData = (CERTSignedData *) PORT_ArenaZAlloc(arena,sizeof(CERTSignedData));
if (!signedData) {
fprintf(stderr,"%s: can't allocate signedData!", progName);
exit(1);
}
rv = SEC_ASN1DecodeItem(arena, signedData, CERT_SignedDataTemplate,
&derCert);
if (rv) {
fprintf(stderr, "%s: Does not appear to be X509 SIGNED Data.\n",
progName);
exit(1);
}
if (verbose) {
printf("Decoded ok as X509 SIGNED data.\n");
}
cert = createEmptyCertificate();
if (!cert) {
fprintf(stderr, "%s: can't allocate cert", progName);
exit(1);
}
rv = SEC_ASN1DecodeItem(arena, cert, CERT_CertificateTemplate,
&signedData->data);
if (rv) {
fprintf(stderr, "%s: Does not appear to be an X509 Certificate.\n",
progName);
exit(1);
}
if (verbose) {
printf("Decoded ok as an X509 certificate.\n");
}
rv = SECU_PrintSignedData(stdout, &derCert, "Certificate", 0,
SECU_PrintCertificate);
if (rv) {
fprintf(stderr, "%s: Unable to pretty print cert. Error: %d\n",
progName, PORT_GetError());
if (!force) {
exit(1);
}
}
/* Do various checks on the cert */
printf("\n");
/* Check algorithms */
SECOID_SetAlgorithmID(arena, &md5WithRSAEncryption,
SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, NULL);
SECOID_SetAlgorithmID(arena, &md2WithRSAEncryption,
SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NULL);
SECOID_SetAlgorithmID(arena, &sha1WithRSAEncryption,
SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION, NULL);
SECOID_SetAlgorithmID(arena, &rsaEncryption,
SEC_OID_PKCS1_RSA_ENCRYPTION, NULL);
{
int isMD5RSA = (SECOID_CompareAlgorithmID(&cert->signature,
&md5WithRSAEncryption) == 0);
int isMD2RSA = (SECOID_CompareAlgorithmID(&cert->signature,
&md2WithRSAEncryption) == 0);
int isSHA1RSA = (SECOID_CompareAlgorithmID(&cert->signature,
&sha1WithRSAEncryption) == 0);
if (verbose) {
printf("\nDoing algorithm checks.\n");
}
if (!(isMD5RSA || isMD2RSA || isSHA1RSA)) {
printf("PROBLEM: Signature not PKCS1 MD5, MD2, or SHA1 + RSA.\n");
} else if (!isMD5RSA) {
printf("WARNING: Signature not PKCS1 MD5 with RSA Encryption\n");
}
if (SECOID_CompareAlgorithmID(&cert->signature,
&signedData->signatureAlgorithm)) {
printf("PROBLEM: Algorithm in sig and certInfo don't match.\n");
}
}
if (SECOID_CompareAlgorithmID(&cert->subjectPublicKeyInfo.algorithm,
&rsaEncryption)) {
printf("PROBLEM: Public key algorithm is not PKCS1 RSA Encryption.\n");
}
/* Check further public key properties */
spk = cert->subjectPublicKeyInfo.subjectPublicKey;
DER_ConvertBitString(&spk);
if (verbose) {
printf("\nsubjectPublicKey DER\n");
rv = DER_PrettyPrint(stdout, &spk, PR_FALSE);
printf("\n");
}
rsapubkey = (SECKEYPublicKey *)
PORT_ArenaZAlloc(arena,sizeof(SECKEYPublicKey));
if (!rsapubkey) {
fprintf(stderr, "%s: rsapubkey allocation failed.\n", progName);
exit(1);
}
rv = SEC_ASN1DecodeItem(arena, rsapubkey, SECKEY_RSAPublicKeyTemplate,
&spk);
if (rv) {
printf("PROBLEM: subjectPublicKey is not a DER PKCS1 RSAPublicKey.\n");
} else {
int mlen;
int pubexp;
if (verbose) {
printf("Decoded RSA Public Key ok. Doing key checks.\n");
}
PORT_Assert(rsapubkey->keyType == rsaKey); /* XXX RSA */
mlen = checkInteger(&rsapubkey->u.rsa.modulus, "Modulus", verbose);
printf("INFO: Public Key modulus length in bits: %d\n", mlen);
if (mlen > MAX_MODULUS) {
printf("PROBLEM: Modulus length exceeds %d bits.\n",
MAX_MODULUS);
}
if (mlen < 512) {
printf("WARNING: Short modulus.\n");
}
if (mlen != (1 << (ffs(mlen)-1))) {
printf("WARNING: Unusual modulus length (not a power of two).\n");
}
checkInteger(&rsapubkey->u.rsa.publicExponent, "Public Exponent",
verbose);
pubexp = DER_GetInteger(&rsapubkey->u.rsa.publicExponent);
if (pubexp != 17 && pubexp != 3 && pubexp != 65537) {
printf("WARNING: Public exponent not any of: 3, 17, 65537\n");
}
}
/* Name checks */
checkName(&cert->issuer, "Issuer Name", verbose);
checkName(&cert->subject, "Subject Name", verbose);
if (issuerCert) {
SECComparison c =
CERT_CompareName(&cert->issuer, &issuerCert->subject);
if (c) {
printf("PROBLEM: Issuer Name and Subject in Issuing Cert differ\n");
}
}
/* Check if self-signed */
selfSigned = (CERT_CompareName(&cert->issuer, &cert->subject) == 0);
if (selfSigned) {
printf("INFO: Certificate is self signed.\n");
} else {
printf("INFO: Certificate is NOT self-signed.\n");
}
/* Validity time check */
if (CERT_CertTimesValid(cert) == SECSuccess) {
printf("INFO: Inside validity period of certificate.\n");
} else {
printf("PROBLEM: Not in validity period of certificate.\n");
invalid = 1;
}
/* Signature check if self-signed */
if (selfSigned && !invalid) {
if (rsapubkey->u.rsa.modulus.len) {
SECStatus ver;
if (verbose) {
printf("Checking self signature.\n");
}
ver = OurVerifySignedData(signedData, cert);
if (ver != SECSuccess) {
printf("PROBLEM: Verification of self-signature failed!\n");
} else {
printf("INFO: Self-signature verifies ok.\n");
}
} else {
printf("INFO: Not checking signature due to key problems.\n");
}
} else if (!selfSigned && !invalid && issuerCert) {
SECStatus ver;
ver = OurVerifySignedData(signedData, issuerCert);
if (ver != SECSuccess) {
printf("PROBLEM: Verification of issuer's signature failed!\n");
} else {
printf("INFO: Issuer's signature verifies ok.\n");
}
} else {
printf("INFO: Not checking signature.\n");
}
return 0;
}

130
security/nss/cmd/checkcert/makefile.win Normal file
Просмотреть файл

@ -0,0 +1,130 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
VERBOSE = 1
include <manifest.mn>
#cannot define PROGRAM in manifest compatibly with NT and UNIX
PROGRAM = checkcert
PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe
include <$(DEPTH)\config\config.mak>
# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/
# rules.mak will append C_OBJS onto OBJS.
# OBJS = $(CSRCS:.c=.obj)
# include files are looked for in $LINCS and $INCS.
# $LINCS is in manifest.mnw, computed from REQUIRES=
INCS = $(INCS) \
-I$(DEPTH)/security/lib/cert \
-I../include \
$(NULL)
IGNORE_ME = \
-I$(DEPTH)/security/lib/key \
-I$(DEPTH)/security/lib/util \
$(NULL)
WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg
# these files are the content of libdbm
DBM_LIB = \
$(WINFE)/DB.obj \
$(WINFE)/HASH.obj \
$(WINFE)/H_BIGKEY.obj \
$(WINFE)/H_PAGE.obj \
$(WINFE)/H_LOG2.obj \
$(WINFE)/H_FUNC.obj \
$(WINFE)/HASH_BUF.obj \
$(NULL)
MOZ_LIBS = \
$(WINFE)/ALLXPSTR.obj \
$(WINFE)/XP_ERROR.obj \
$(WINFE)/XPASSERT.obj \
$(WINFE)/XP_REG.obj \
$(WINFE)/XP_TRACE.obj \
$(DBM_LIB) \
$(WINFE)/XP_STR.obj \
$(WINFE)/MKTEMP.obj \
$(NULL)
SEC_LIBS = \
$(DIST)/lib/cert$(MOZ_BITS).lib \
$(DIST)/lib/crypto$(MOZ_BITS).lib \
$(DIST)/lib/hash$(MOZ_BITS).lib \
$(DIST)/lib/key$(MOZ_BITS).lib \
$(DIST)/lib/pkcs7$(MOZ_BITS).lib \
$(DIST)/lib/secmod$(MOZ_BITS).lib \
$(DIST)/lib/secutl$(MOZ_BITS).lib \
$(DIST)/lib/ssl$(MOZ_BITS).lib \
$(NULL)
LLFLAGS = $(LLFLAGS) \
../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \
$(SEC_LIBS) \
$(MOZ_LIBS) \
$(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \
$(LIBNSPR) \
$(NULL)
include <$(DEPTH)\config\rules.mak>
INSTALL = $(MAKE_INSTALL)
objs: $(OBJS)
$(PROGRAM)::
$(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR)
programs: $(PROGRAM)
install:: $(TARGETS)
$(INSTALL) $(TARGETS) $(DIST)/bin
symbols:
@echo "CSRCS = $(CSRCS)"
@echo "INCS = $(INCS)"
@echo "OBJS = $(OBJS)"
@echo "LIBRARY = $(LIBRARY)"
@echo "PROGRAM = $(PROGRAM)"
@echo "TARGETS = $(TARGETS)"
@echo "DIST = $(DIST)"
@echo "VERSION_NUMBER = $(VERSION_NUMBER)"
@echo "WINFE = $(WINFE)"
@echo "DBM_LIB = $(DBM_LIB)"
@echo "INSTALL = $(INSTALL)"

47
security/nss/cmd/checkcert/manifest.mn Normal file
Просмотреть файл

@ -0,0 +1,47 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
CORE_DEPTH = ../../..
# MODULE public and private header directories are implicitly REQUIRED.
MODULE = security
# This next line is used by .mk files
# and gets translated into $LINCS in manifest.mnw
REQUIRES = seccmd dbm
DEFINES = -DNSPR20
CSRCS = checkcert.c
PROGRAM = checkcert

76
security/nss/cmd/crlutil/Makefile Normal file
Просмотреть файл

@ -0,0 +1,76 @@
#! gmake
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platlibs.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platrules.mk

394
security/nss/cmd/crlutil/crlutil.c Normal file
Просмотреть файл

@ -0,0 +1,394 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
/*
** certutil.c
**
** utility for managing certificates and the cert database
**
*/
/* test only */
#include "nspr.h"
#include "plgetopt.h"
#include "secutil.h"
#include "cert.h"
#include "certdb.h"
#include "cdbhdl.h"
#define SEC_CERT_DB_EXISTS 0
#define SEC_CREATE_CERT_DB 1
static char *progName;
static CERTCertDBHandle
*OpenCertDB(int createNew)
/* NOTE: This routine has been modified to allow the libsec/pcertdb.c routines to automatically
** find and convert the old cert database into the new v3.0 format (cert db version 5).
*/
{
CERTCertDBHandle *certHandle;
SECStatus rv;
/* Allocate a handle to fill with CERT_OpenCertDB below */
certHandle = (CERTCertDBHandle *)PORT_ZAlloc(sizeof(CERTCertDBHandle));
if (!certHandle) {
SECU_PrintError(progName, "unable to get database handle");
return NULL;
}
rv = CERT_OpenCertDB(certHandle, PR_FALSE, SECU_CertDBNameCallback, NULL);
if (rv) {
SECU_PrintError(progName, "could not open certificate database");
if (certHandle) free (certHandle); /* we don't want to leave anything behind... */
return NULL;
}
return certHandle;
}
static CERTSignedCrl *FindCRL
(CERTCertDBHandle *certHandle, char *name, int type)
{
CERTSignedCrl *crl = NULL;
CERTCertificate *cert = NULL;
cert = CERT_FindCertByNickname(certHandle, name);
if (!cert) {
SECU_PrintError(progName, "could not find certificate named %s", name);
return ((CERTSignedCrl *)NULL);
}
crl = SEC_FindCrlByKey(certHandle, &cert->derSubject, type);
if (crl ==NULL)
SECU_PrintError
(progName, "could not find %s's CRL", name);
CERT_DestroyCertificate (cert);
return (crl);
}
static void DisplayCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType)
{
CERTCertificate *cert = NULL;
CERTSignedCrl *crl = NULL;
crl = FindCRL (certHandle, nickName, crlType);
if (crl) {
SECU_PrintCRLInfo (stdout, &crl->crl, "CRL Info:\n", 0);
CERT_DestroyCrl (crl);
}
}
static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType)
{
CERTCrlHeadNode *crlList = NULL;
CERTCrlNode *crlNode = NULL;
CERTName *name = NULL;
PRArenaPool *arena = NULL;
SECStatus rv;
void *mark;
do {
arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
if (arena == NULL) {
fprintf(stderr, "%s: fail to allocate memory\n", progName);
break;
}
name = PORT_ArenaZAlloc (arena, sizeof(*name));
if (name == NULL) {
fprintf(stderr, "%s: fail to allocate memory\n", progName);
break;
}
name->arena = arena;
rv = SEC_LookupCrls (certHandle, &crlList, crlType);
if (rv != SECSuccess) {
fprintf(stderr, "%s: fail to look up CRLs (%s)\n", progName,
SECU_Strerror(PORT_GetError()));
break;
}
/* just in case */
if (!crlList)
break;
crlNode = crlList->first;
fprintf (stdout, "\n");
fprintf (stdout, "\n%-40s %-5s\n\n", "CRL names", "CRL Type");
while (crlNode) {
mark = PORT_ArenaMark (arena);
rv = SEC_ASN1DecodeItem
(arena, name, CERT_NameTemplate, &(crlNode->crl->crl.derName));
if (!name){
fprintf(stderr, "%s: fail to get the CRL issuer name\n", progName,
SECU_Strerror(PORT_GetError()));
break;
}
fprintf (stdout, "\n%-40s %-5s\n", CERT_NameToAscii(name), "CRL");
crlNode = crlNode->next;
PORT_ArenaRelease (arena, mark);
}
} while (0);
if (crlList)
PORT_FreeArena (crlList->arena, PR_FALSE);
PORT_FreeArena (arena, PR_FALSE);
}
static void ListCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType)
{
if (nickName == NULL)
ListCRLNames (certHandle, crlType);
else
DisplayCRL (certHandle, nickName, crlType);
}
static SECStatus DeleteCRL (CERTCertDBHandle *certHandle, char *name, int type)
{
CERTSignedCrl *crl = NULL;
SECStatus rv = SECFailure;
crl = FindCRL (certHandle, name, type);
if (!crl) {
SECU_PrintError
(progName, "could not find the issuer %s's CRL", name);
return SECFailure;
}
rv = SEC_DeletePermCRL (crl);
if (rv != SECSuccess) {
SECU_PrintError
(progName, "fail to delete the issuer %s's CRL from the perm dbase (reason: %s)",
name, SECU_Strerror(PORT_GetError()));
return SECFailure;
}
rv = SEC_DeleteTempCrl (crl);
if (rv != SECSuccess) {
SECU_PrintError
(progName, "fail to delete the issuer %s's CRL from the temp dbase (reason: %s)",
name, SECU_Strerror(PORT_GetError()));
return SECFailure;
}
return (rv);
}
SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type,
PRFileDesc *inFile)
{
CERTCertificate *cert = NULL;
CERTSignedCrl *crl = NULL;
SECItem crlDER;
int rv;
crlDER.data = NULL;
/* Read in the entire file specified with the -f argument */
rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE);
if (rv != SECSuccess) {
SECU_PrintError(progName, "unable to read input file");
return (SECFailure);
}
crl = CERT_ImportCRL (certHandle, &crlDER, url, type, NULL);
if (!crl) {
const char *errString;
errString = SECU_Strerror(PORT_GetError());
if (PORT_Strlen (errString) == 0)
SECU_PrintError
(progName, "CRL is not import (error: input CRL is not up to date.)");
else
SECU_PrintError
(progName, "unable to import CRL");
}
PORT_Free (crlDER.data);
CERT_DestroyCrl (crl);
return (rv);
}
static void Usage(char *progName)
{
fprintf(stderr,
"Usage: %s -L [-n nickname[ [-d keydir] [-t crlType]\n"
" %s -D -n nickname [-d keydir]\n"
" %s -I -i crl -t crlType [-u url] [-d keydir]\n",
progName, progName, progName);
fprintf (stderr, "%-15s List CRL\n", "-L");
fprintf(stderr, "%-20s Specify the nickname of the CA certificate\n",
"-n nickname");
fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
"-d keydir");
fprintf (stderr, "%-15s Delete a CRL from the cert dbase\n", "-D");
fprintf(stderr, "%-20s Specify the nickname for the CA certificate\n",
"-n nickname");
fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType");
fprintf (stderr, "%-15s Import a CRL to the cert dbase\n", "-I");
fprintf(stderr, "%-20s Specify the file which contains the CRL to import\n",
"-i crl");
fprintf(stderr, "%-20s Specify the url.\n", "-u url");
fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType");
fprintf(stderr, "%-20s CRL Types (default is SEC_CRL_TYPE):\n", " ");
fprintf(stderr, "%-20s \t 0 - SEC_KRL_TYPE\n", " ");
fprintf(stderr, "%-20s \t 1 - SEC_CRL_TYPE\n", " ");
exit(-1);
}
int main(int argc, char **argv)
{
SECItem privKeyDER;
CERTCertDBHandle *certHandle;
FILE *certFile;
PRFileDesc *inFile;
int listCRL;
int importCRL;
int opt;
int deleteCRL;
int rv;
char *nickName;
char *progName;
char *url;
int crlType;
PLOptState *optstate;
PLOptStatus status;
progName = strrchr(argv[0], '/');
progName = progName ? progName+1 : argv[0];
rv = 0;
deleteCRL = importCRL = listCRL = 0;
certFile = NULL;
inFile = NULL;
nickName = url = NULL;
privKeyDER.data = NULL;
certHandle = NULL;
crlType = SEC_CRL_TYPE;
/*
* Parse command line arguments
*/
optstate = PL_CreateOptState(argc, argv, "IALd:i:Dn:Ct:u:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case '?':
Usage(progName);
break;
case 'C':
listCRL = 1;
break;
case 'D':
deleteCRL = 1;
break;
case 'I':
importCRL = 1;
break;
case 'L':
listCRL = 1;
break;
case 'd':
SECU_ConfigDirectory(optstate->value);
break;
case 'i':
inFile = PR_Open(optstate->value, PR_RDONLY, 0);
if (!inFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
progName, optstate->value);
return -1;
}
break;
case 'n':
nickName = strdup(optstate->value);
break;
case 'u':
url = strdup(optstate->value);
break;
case 't': {
char *type;
type = strdup(optstate->value);
crlType = atoi (type);
if (crlType != SEC_CRL_TYPE && crlType != SEC_KRL_TYPE) {
fprintf(stderr, "%s: invalid crl type\n", progName);
return -1;
}
break;
}
}
}
if (deleteCRL && !nickName) Usage (progName);
if (!(listCRL || deleteCRL || importCRL)) Usage (progName);
if (importCRL && !inFile) Usage (progName);
PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
SECU_PKCS11Init(PR_FALSE);
SEC_Init();
certHandle = OpenCertDB(SEC_CREATE_CERT_DB);
if (certHandle == NULL) {
SECU_PrintError(progName, "unable to open the cert db");
return (-1);
}
/* Read in the private key info */
if (deleteCRL)
DeleteCRL (certHandle, nickName, crlType);
else if (listCRL)
ListCRL (certHandle, nickName, crlType);
else if (importCRL)
rv = ImportCRL (certHandle, url, crlType, inFile);
return (rv);
}

130
security/nss/cmd/crlutil/makefile.win Normal file
Просмотреть файл

@ -0,0 +1,130 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
VERBOSE = 1
include <manifest.mn>
#cannot define PROGRAM in manifest compatibly with NT and UNIX
PROGRAM = crlutil
PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe
include <$(DEPTH)\config\config.mak>
# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/
# rules.mak will append C_OBJS onto OBJS.
# OBJS = $(CSRCS:.c=.obj)
# include files are looked for in $LINCS and $INCS.
# $LINCS is in manifest.mnw, computed from REQUIRES=
INCS = $(INCS) \
-I$(DEPTH)/security/lib/cert \
-I../include \
$(NULL)
IGNORE_ME = \
-I$(DEPTH)/security/lib/key \
-I$(DEPTH)/security/lib/util \
$(NULL)
WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg
# these files are the content of libdbm
DBM_LIB = \
$(WINFE)/DB.obj \
$(WINFE)/HASH.obj \
$(WINFE)/H_BIGKEY.obj \
$(WINFE)/H_PAGE.obj \
$(WINFE)/H_LOG2.obj \
$(WINFE)/H_FUNC.obj \
$(WINFE)/HASH_BUF.obj \
$(NULL)
MOZ_LIBS = \
$(WINFE)/ALLXPSTR.obj \
$(WINFE)/XP_ERROR.obj \
$(WINFE)/XPASSERT.obj \
$(WINFE)/XP_REG.obj \
$(WINFE)/XP_TRACE.obj \
$(DBM_LIB) \
$(WINFE)/XP_STR.obj \
$(WINFE)/MKTEMP.obj \
$(NULL)
SEC_LIBS = \
$(DIST)/lib/cert$(MOZ_BITS).lib \
$(DIST)/lib/crypto$(MOZ_BITS).lib \
$(DIST)/lib/hash$(MOZ_BITS).lib \
$(DIST)/lib/key$(MOZ_BITS).lib \
$(DIST)/lib/pkcs7$(MOZ_BITS).lib \
$(DIST)/lib/secmod$(MOZ_BITS).lib \
$(DIST)/lib/secutl$(MOZ_BITS).lib \
$(DIST)/lib/ssl$(MOZ_BITS).lib \
$(NULL)
LLFLAGS = $(LLFLAGS) \
../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \
$(SEC_LIBS) \
$(MOZ_LIBS) \
$(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \
$(LIBNSPR) \
$(NULL)
include <$(DEPTH)\config\rules.mak>
INSTALL = $(MAKE_INSTALL)
objs: $(OBJS)
$(PROGRAM)::
$(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR)
programs: $(PROGRAM)
install:: $(TARGETS)
$(INSTALL) $(TARGETS) $(DIST)/bin
symbols:
@echo "CSRCS = $(CSRCS)"
@echo "INCS = $(INCS)"
@echo "OBJS = $(OBJS)"
@echo "LIBRARY = $(LIBRARY)"
@echo "PROGRAM = $(PROGRAM)"
@echo "TARGETS = $(TARGETS)"
@echo "DIST = $(DIST)"
@echo "VERSION_NUMBER = $(VERSION_NUMBER)"
@echo "WINFE = $(WINFE)"
@echo "DBM_LIB = $(DBM_LIB)"
@echo "INSTALL = $(INSTALL)"

51
security/nss/cmd/crlutil/manifest.mn Normal file
Просмотреть файл

@ -0,0 +1,51 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
CORE_DEPTH = ../../..
# MODULE public and private header directories are implicitly REQUIRED.
MODULE = security
# This next line is used by .mk files
# and gets translated into $LINCS in manifest.mnw
# The MODULE is always implicitly required.
# Listing it here in REQUIRES makes it appear twice in the cc command line.
REQUIRES = seccmd dbm
DEFINES = -DNSPR20
CSRCS = crlutil.c
# this has to be different for NT and UNIX.
# PROGRAM = ./$(OBJDIR)/crlutil.exe
PROGRAM = crlutil

96
security/nss/cmd/crmf-cgi/Makefile Normal file
Просмотреть файл

@ -0,0 +1,96 @@
#! gmake
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include config.mk
ifeq ($(OS_ARCH)$(OS_RELEASE), AIX4.2)
OS_LIBS += -lsvld
endif
ifeq ($(OS_ARCH)$(OS_RELEASE), SunOS5.6)
OS_LIBS += -ldl -lxnet -lposix4 -lsocket -lnsl
endif
ifeq ($(OS_ARCH), WINNT)
EXTRA_LIBS += $(DIST)/lib/crmf.lib
else
EXTRA_LIBS += $(DIST)/lib/libcrmf.a
endif
include $(CORE_DEPTH)/security/cmd/platlibs.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
lame:
echo $(CPU_ARCH)
include $(CORE_DEPTH)/security/cmd/platrules.mk

45
security/nss/cmd/crmf-cgi/config.mk Normal file
Просмотреть файл

@ -0,0 +1,45 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#
# Override TARGETS variable so that only static libraries
# are specifed as dependencies within rules.mk.
#
TARGETS = $(PROGRAM)
SHARED_LIBRARY =
IMPORT_LIBRARY =
PURE_LIBRARY =
LIBRARY =

1123
security/nss/cmd/crmf-cgi/crmfcgi.c Normal file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

165
security/nss/cmd/crmf-cgi/crmfcgi.html Normal file
Просмотреть файл

@ -0,0 +1,165 @@
<!--
- The contents of this file are subject to the Mozilla Public
- License Version 1.1 (the "License"); you may not use this file
- except in compliance with the License. You may obtain a copy of
- the License at http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS
- IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- implied. See the License for the specific language governing
- rights and limitations under the License.
-
- The Original Code is the Netscape security libraries.
-
- The Initial Developer of the Original Code is Netscape
- Communications Corporation. Portions created by Netscape are
- Copyright (C) 1994-2000 Netscape Communications Corporation. All
- Rights Reserved.
-
- Contributor(s):
-
- Alternatively, the contents of this file may be used under the
- terms of the GNU General Public License Version 2 or later (the
- "GPL"), in which case the provisions of the GPL are applicable
- instead of those above. If you wish to allow use of your
- version of this file only under the terms of the GPL and not to
- allow others to use your version of this file under the MPL,
- indicate your decision by deleting the provisions above and
- replace them with the notice and other provisions required by
- the GPL. If you do not delete the provisions above, a recipient
- may use your version of this file under either the MPL or the
- GPL.
-->
<html>
<head>
<title>CRMF Test Page for PSM</title>
<script language=javascript>
var request;
//This variable must be set to the first value
//in the select field "testType" in the form.
var keyGenType="SigningOnlyRSA";
var requestedDN = "CN=Javi CA Shack ID, O=NSS";
function setTestType() {
var testType = document.crmfForm.testType;
keyGenType = testType.options[testType.selectedIndex].value;
}
function setRequest() {
with (document.crmfForm) {
CRMFRequest.value = request.request;
submit();
}
}
function generateSignAndEncryptRSARequest() {
request = crypto.generateCRMFRequest(requestedDN,
null, null, null, "setRequest()",
crypto.algorithms.rsa.keyEx.keySizes[0],
null, "rsa-dual-use");
}
function generateSigningOnlyRSARequest() {
request = crypto.generateCRMFRequest(requestedDN,null,null,null,"setRequest()",
crypto.algorithms.rsa.signing.keySizes[0],
null, "rsa-sign");
}
function generateEncryptionOnlyRSARequest() {
request = crypto.generateCRMFRequest(requestedDN, null, null, null, "setRequest()",
crypto.algorithms.rsa.keyEx.keySizes[0],
null, "rsa-ex");
}
function generateDualRSAKeys() {
request = crypto.generateCRMFRequest(requestedDN, null, null, null, "setRequest()",
crypto.algorithms.rsa.keyEx.keySizes[0],
null, "rsa-ex",
crypto.algorithms.rsa.signing.keySizes[0],
null, "rsa-sign");
}
function generateDSAKey() {
request = crypto.generateCRMFRequest(requestedDN, null, null, null, "setRequest()",
crypto.algorithms.dsa.keySizes[0],
null, "dsa-sign-nonrepudiation");
}
function processForm(form) {
with (form) {
if (typeof(crypto.version) == "undefined") {
alert('You must be running PSM in order to use this page.');
return false;
}
if (NSSDirectory.value == "") {
alert('You must provide a path for NSS to use.');
return false;
}
if (dbPassword.value == "") {
alert('You must provide a password for the certificate database.');
return false;
}
if (CANickname.value == "") {
alert('You must provide a CA Nickname to use.');
return false;
}
//Now do the correct key generation.
if (keyGenType == "SignAndEncryptRSA") {
generateSignAndEncryptRSARequest();
} else if (keyGenType == "SigningOnlyRSA") {
generateSigningOnlyRSARequest();
} else if (keyGenType == "EncryptionOnlyRSA") {
generateEncryptionOnlyRSARequest();
} else if (keyGenType == "DualRSAKeys") {
generateDualRSAKeys();
} else if (keyGenType == "DSAKeyGen") {
generateDSAKey();
}
}
return true;
}
</script>
</head>
<body>
<h1><center>CRMF Test page for PSM</center></h1>
This page is designed to be used in combination with the executable
produced by ns/security/cmd/crmf-cgi in a CGI environment. In order
to successfully use this page, modify its action to post to a a server
where you have installed the crmfcgi executable and you'll be able to
test the functionality.
<hr>
<form name="crmfForm" method=post action="http://www.cgi-site.com/cgi-bin/crmfcgi">
<h2>Certificate Database information</h2>
First, enter all the information for the CGI to use for initializing
NSS. The CGI will use the directory entered below as the directory
where to look for the certificate and key databases.
<pre>
Path for NSS Config: <input size=40 type="text" name="NSSDirectory">
</pre>
Enter the password for the certificate database found in the direcotry
above.
<pre>
Database Password: <input type="password" name="dbPassword" size=40>
</pre>
Now enter the nickname of the certificate to use for signing the
certificate issued during this test.
<pre>
CA Nickname: <input size=40 type="text" name="CANickname">
</pre>
<h2>Now, figure out which type of key generation you want to test:</h2>
<select name="testType" onChange="setTestType()">`
<option value="SigningOnlyRSA">Signing Only-RSA
<option value="EncryptionOnlyRSA">Encryption Only-RSA
<option value="SignAndEncryptRSA">Sign and Encrypt Single Key -RSA
<option value="DualRSAKeys">Dual Keys-RSA
<option value="DSAKeyGen">DSA Key Gen
</select>
<input type="hidden" name=CRMFRequest value="">
<hr>
<input type="button" value="OK" onclick="processForm(document.crmfForm)">
</form>
</body>
</html>

57
security/nss/cmd/crmf-cgi/manifest.mn Normal file
Просмотреть файл

@ -0,0 +1,57 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
CORE_DEPTH = ../../..
DEPTH = .
MODULE = security
EXPORTS = \
$(NULL)
CSRCS = \
crmfcgi.c \
$(NULL)
REQUIRES = security dbm
ifdef ATTACH_CGI
DEFINES += -DATTACH_CGI
endif
ifdef WRITE_OUT_RESPONSE
DEFINES += -DWRITE_OUT_RESPONSE
endif
PROGRAM = crmfcgi

99
security/nss/cmd/crmftest/Makefile Normal file
Просмотреть файл

@ -0,0 +1,99 @@
#! gmake
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include config.mk
ifeq ($(OS_ARCH)$(OS_RELEASE), AIX4.2)
OS_LIBS += -lsvld
endif
ifeq ($(OS_ARCH)$(OS_RELEASE), SunOS5.6)
OS_LIBS += -ldl -lxnet -lposix4 -lsocket -lnsl
endif
ifeq ($(OS_ARCH), WINNT)
EXTRA_LIBS += $(DIST)/lib/crmf.lib
else
EXTRA_LIBS += $(DIST)/lib/libcrmf.a
endif
include $(CORE_DEPTH)/security/cmd/platlibs.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
LDDIST = $(DIST)/lib
ifeq ($(OS_ARCH), WINNT)
EXTRA_LIBS += $(LDDIST)/sectool.lib
endif
lame:
echo $(CPU_ARCH)
include $(CORE_DEPTH)/security/cmd/platrules.mk

44
security/nss/cmd/crmftest/config.mk Normal file
Просмотреть файл

@ -0,0 +1,44 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#
# Override TARGETS variable so that only static libraries
# are specifed as dependencies within rules.mk.
#
TARGETS = $(PROGRAM)
SHARED_LIBRARY =
IMPORT_LIBRARY =
PURE_LIBRARY =
LIBRARY =

53
security/nss/cmd/crmftest/manifest.mn Normal file
Просмотреть файл

@ -0,0 +1,53 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
CORE_DEPTH = ../../..
DEPTH = .
# MODULE public and private header directories are implicitly REQUIRED.
MODULE = security
EXPORTS = \
$(NULL)
CSRCS = \
testcrmf.c \
$(NULL)
# The MODULE is always implicitly required.
# Listing it here in REQUIRES makes it appear twice in the cc command line.
REQUIRES = dbm
PROGRAM = crmftest

1527
security/nss/cmd/crmftest/testcrmf.c Normal file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

76
security/nss/cmd/derdump/Makefile Normal file
Просмотреть файл

@ -0,0 +1,76 @@
#! gmake
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platlibs.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platrules.mk

127
security/nss/cmd/derdump/derdump.c Normal file
Просмотреть файл

@ -0,0 +1,127 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "secutil.h"
#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
#if !defined(WIN32)
extern int fprintf(FILE *, char *, ...);
#endif
#endif
#include "plgetopt.h"
static void Usage(char *progName)
{
fprintf(stderr,
"Usage: %s [-r] [-i input] [-o output]\n",
progName);
fprintf(stderr, "%-20s For formatted items, dump raw bytes as well\n",
"-r");
fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
"-i input");
fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
"-o output");
exit(-1);
}
int main(int argc, char **argv)
{
char *progName;
int option;
FILE *outFile;
PRFileDesc *inFile;
SECItem der;
SECStatus rv;
int16 xp_error;
PRBool raw = PR_FALSE;
PLOptState *optstate;
PLOptStatus status;
progName = strrchr(argv[0], '/');
progName = progName ? progName+1 : argv[0];
/* Parse command line arguments */
inFile = 0;
outFile = 0;
optstate = PL_CreateOptState(argc, argv, "i:o:r");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case 'i':
inFile = PR_Open(optstate->value, PR_RDONLY, 0);
if (!inFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
progName, optstate->value);
return -1;
}
break;
case 'o':
outFile = fopen(optstate->value, "w");
if (!outFile) {
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
progName, optstate->value);
return -1;
}
break;
case 'r':
raw = PR_TRUE;
break;
default:
Usage(progName);
break;
}
}
if (status == PL_OPT_BAD)
Usage(progName);
if (!inFile) inFile = PR_STDIN;
if (!outFile) outFile = stdout;
rv = SECU_ReadDERFromFile(&der, inFile, PR_FALSE);
if (rv == SECSuccess) {
rv = DER_PrettyPrint(outFile, &der, raw);
if (rv == SECSuccess)
return 0;
}
xp_error = PORT_GetError();
if (xp_error) {
SECU_PrintError(progName, "error %d", xp_error);
}
if (errno) {
SECU_PrintSystemError(progName, "errno=%d", errno);
}
return 1;
}

130
security/nss/cmd/derdump/makefile.win Normal file
Просмотреть файл

@ -0,0 +1,130 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
VERBOSE = 1
include <manifest.mn>
#cannot define PROGRAM in manifest compatibly with NT and UNIX
PROGRAM = derdump
PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe
include <$(DEPTH)\config\config.mak>
# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/
# rules.mak will append C_OBJS onto OBJS.
# OBJS = $(CSRCS:.c=.obj)
# include files are looked for in $LINCS and $INCS.
# $LINCS is in manifest.mnw, computed from REQUIRES=
INCS = $(INCS) \
-I$(DEPTH)/security/lib/cert \
-I../include \
$(NULL)
IGNORE_ME = \
-I$(DEPTH)/security/lib/key \
-I$(DEPTH)/security/lib/util \
$(NULL)
WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg
# these files are the content of libdbm
DBM_LIB = \
$(WINFE)/DB.obj \
$(WINFE)/HASH.obj \
$(WINFE)/H_BIGKEY.obj \
$(WINFE)/H_PAGE.obj \
$(WINFE)/H_LOG2.obj \
$(WINFE)/H_FUNC.obj \
$(WINFE)/HASH_BUF.obj \
$(NULL)
MOZ_LIBS = \
$(WINFE)/ALLXPSTR.obj \
$(WINFE)/XP_ERROR.obj \
$(WINFE)/XPASSERT.obj \
$(WINFE)/XP_REG.obj \
$(WINFE)/XP_TRACE.obj \
$(DBM_LIB) \
$(WINFE)/XP_STR.obj \
$(WINFE)/MKTEMP.obj \
$(NULL)
SEC_LIBS = \
$(DIST)/lib/cert$(MOZ_BITS).lib \
$(DIST)/lib/crypto$(MOZ_BITS).lib \
$(DIST)/lib/hash$(MOZ_BITS).lib \
$(DIST)/lib/key$(MOZ_BITS).lib \
$(DIST)/lib/pkcs7$(MOZ_BITS).lib \
$(DIST)/lib/secmod$(MOZ_BITS).lib \
$(DIST)/lib/secutl$(MOZ_BITS).lib \
$(DIST)/lib/ssl$(MOZ_BITS).lib \
$(NULL)
LLFLAGS = $(LLFLAGS) \
../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \
$(SEC_LIBS) \
$(MOZ_LIBS) \
$(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \
$(LIBNSPR) \
$(NULL)
include <$(DEPTH)\config\rules.mak>
INSTALL = $(MAKE_INSTALL)
objs: $(OBJS)
$(PROGRAM)::
$(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR)
programs: $(PROGRAM)
install:: $(TARGETS)
$(INSTALL) $(TARGETS) $(DIST)/bin
symbols:
@echo "CSRCS = $(CSRCS)"
@echo "INCS = $(INCS)"
@echo "OBJS = $(OBJS)"
@echo "LIBRARY = $(LIBRARY)"
@echo "PROGRAM = $(PROGRAM)"
@echo "TARGETS = $(TARGETS)"
@echo "DIST = $(DIST)"
@echo "VERSION_NUMBER = $(VERSION_NUMBER)"
@echo "WINFE = $(WINFE)"
@echo "DBM_LIB = $(DBM_LIB)"
@echo "INSTALL = $(INSTALL)"

49
security/nss/cmd/derdump/manifest.mn Normal file
Просмотреть файл

@ -0,0 +1,49 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
CORE_DEPTH = ../../..
# MODULE public and private header directories are implicitly REQUIRED.
MODULE = security
# This next line is used by .mk files
# and gets translated into $LINCS in manifest.mnw
# The MODULE is always implicitly required.
# Listing it here in REQUIRES makes it appear twice in the cc command line.
REQUIRES = seccmd dbm
DEFINES = -DNSPR20
CSRCS = derdump.c
PROGRAM = derdump

76
security/nss/cmd/digest/Makefile Normal file
Просмотреть файл

@ -0,0 +1,76 @@
#! gmake
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platlibs.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platrules.mk

244
security/nss/cmd/digest/digest.c Normal file
Просмотреть файл

@ -0,0 +1,244 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "secutil.h"
#include "pk11func.h"
#include "secoid.h"
#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
#if !defined(WIN32)
extern int fread(char *, size_t, size_t, FILE*);
extern int fwrite(char *, size_t, size_t, FILE*);
extern int fprintf(FILE *, char *, ...);
#endif
#endif
#include "plgetopt.h"
static SECOidData *
HashTypeToOID(HASH_HashType hashtype)
{
SECOidTag hashtag;
if (hashtype <= HASH_AlgNULL || hashtype >= HASH_AlgTOTAL)
return NULL;
switch (hashtype) {
case HASH_AlgMD2:
hashtag = SEC_OID_MD2;
break;
case HASH_AlgMD5:
hashtag = SEC_OID_MD5;
break;
case HASH_AlgSHA1:
hashtag = SEC_OID_SHA1;
break;
default:
fprintf(stderr, "A new hash type has been added to HASH_HashType.\n");
fprintf(stderr, "This program needs to be updated!\n");
return NULL;
}
return SECOID_FindOIDByTag(hashtag);
}
static SECOidData *
HashNameToOID(const char *hashName)
{
HASH_HashType htype;
SECOidData *hashOID;
for (htype = HASH_AlgNULL + 1; htype < HASH_AlgTOTAL; htype++) {
hashOID = HashTypeToOID(htype);
if (PORT_Strcasecmp(hashName, hashOID->desc) == 0)
break;
}
if (htype == HASH_AlgTOTAL)
return NULL;
return hashOID;
}
static void
Usage(char *progName)
{
HASH_HashType htype;
fprintf(stderr,
"Usage: %s -t type [-i input] [-o output]\n",
progName);
fprintf(stderr, "%-20s Specify the digest method (must be one of\n",
"-t type");
fprintf(stderr, "%-20s ", "");
for (htype = HASH_AlgNULL + 1; htype < HASH_AlgTOTAL; htype++) {
fprintf(stderr, HashTypeToOID(htype)->desc);
if (htype == (HASH_AlgTOTAL - 2))
fprintf(stderr, " or ");
else if (htype != (HASH_AlgTOTAL - 1))
fprintf(stderr, ", ");
}
fprintf(stderr, " (case ignored))\n");
fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
"-i input");
fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
"-o output");
exit(-1);
}
static int
DigestFile(FILE *outFile, FILE *inFile, SECOidData *hashOID)
{
int nb;
unsigned char ibuf[4096], digest[32];
PK11Context *hashcx;
unsigned int len;
SECStatus rv;
hashcx = PK11_CreateDigestContext(hashOID->offset);
if (hashcx == NULL) {
return -1;
}
PK11_DigestBegin(hashcx);
for (;;) {
if (feof(inFile)) break;
nb = fread(ibuf, 1, sizeof(ibuf), inFile);
if (nb != sizeof(ibuf)) {
if (nb == 0) {
if (ferror(inFile)) {
PORT_SetError(SEC_ERROR_IO);
PK11_DestroyContext(hashcx,PR_TRUE);
return -1;
}
/* eof */
break;
}
}
rv = PK11_DigestOp(hashcx, ibuf, nb);
if (rv != SECSuccess) {
PK11_DestroyContext(hashcx, PR_TRUE);
return -1;
}
}
rv = PK11_DigestFinal(hashcx, digest, &len, 32);
PK11_DestroyContext(hashcx, PR_TRUE);
if (rv != SECSuccess) return -1;
nb = fwrite(digest, 1, len, outFile);
if (nb != len) {
PORT_SetError(SEC_ERROR_IO);
return -1;
}
return 0;
}
#include "nss.h"
int
main(int argc, char **argv)
{
char *progName;
int opt;
FILE *inFile, *outFile;
char *hashName;
SECOidData *hashOID;
PLOptState *optstate;
PLOptStatus status;
progName = strrchr(argv[0], '/');
progName = progName ? progName+1 : argv[0];
inFile = NULL;
outFile = NULL;
hashName = NULL;
NSS_Init("/tmp");
/*
* Parse command line arguments
*/
optstate = PL_CreateOptState(argc, argv, "t:i:o:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case '?':
Usage(progName);
break;
case 'i':
inFile = fopen(optstate->value, "r");
if (!inFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
progName, optstate->value);
return -1;
}
break;
case 'o':
outFile = fopen(optstate->value, "w");
if (!outFile) {
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
progName, optstate->value);
return -1;
}
break;
case 't':
hashName = strdup(optstate->value);
break;
}
}
if (!hashName) Usage(progName);
if (!inFile) inFile = stdin;
if (!outFile) outFile = stdout;
hashOID = HashNameToOID(hashName);
if (hashOID == NULL) {
fprintf(stderr, "%s: invalid digest type\n", progName);
Usage(progName);
}
if (DigestFile(outFile, inFile, hashOID)) {
fprintf(stderr, "%s: problem digesting data (%s)\n",
progName, SECU_Strerror(PORT_GetError()));
return -1;
}
return 0;
}

130
security/nss/cmd/digest/makefile.win Normal file
Просмотреть файл

@ -0,0 +1,130 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
VERBOSE = 1
include <manifest.mn>
#cannot define PROGRAM in manifest compatibly with NT and UNIX
PROGRAM = digest
PROGRAM = ./$(OBJDIR)/$(PROGRAM).exe
include <$(DEPTH)\config\config.mak>
# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/
# rules.mak will append C_OBJS onto OBJS.
# OBJS = $(CSRCS:.c=.obj)
# include files are looked for in $LINCS and $INCS.
# $LINCS is in manifest.mnw, computed from REQUIRES=
INCS = $(INCS) \
-I$(DEPTH)/security/lib/cert \
-I../include \
$(NULL)
IGNORE_ME = \
-I$(DEPTH)/security/lib/key \
-I$(DEPTH)/security/lib/util \
$(NULL)
WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg
# these files are the content of libdbm
DBM_LIB = \
$(WINFE)/DB.obj \
$(WINFE)/HASH.obj \
$(WINFE)/H_BIGKEY.obj \
$(WINFE)/H_PAGE.obj \
$(WINFE)/H_LOG2.obj \
$(WINFE)/H_FUNC.obj \
$(WINFE)/HASH_BUF.obj \
$(NULL)
MOZ_LIBS = \
$(WINFE)/ALLXPSTR.obj \
$(WINFE)/XP_ERROR.obj \
$(WINFE)/XPASSERT.obj \
$(WINFE)/XP_REG.obj \
$(WINFE)/XP_TRACE.obj \
$(DBM_LIB) \
$(WINFE)/XP_STR.obj \
$(WINFE)/MKTEMP.obj \
$(NULL)
SEC_LIBS = \
$(DIST)/lib/cert$(MOZ_BITS).lib \
$(DIST)/lib/crypto$(MOZ_BITS).lib \
$(DIST)/lib/hash$(MOZ_BITS).lib \
$(DIST)/lib/key$(MOZ_BITS).lib \
$(DIST)/lib/pkcs7$(MOZ_BITS).lib \
$(DIST)/lib/secmod$(MOZ_BITS).lib \
$(DIST)/lib/secutl$(MOZ_BITS).lib \
$(DIST)/lib/ssl$(MOZ_BITS).lib \
$(NULL)
LLFLAGS = $(LLFLAGS) \
../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \
$(SEC_LIBS) \
$(MOZ_LIBS) \
$(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \
$(LIBNSPR) \
$(NULL)
include <$(DEPTH)\config\rules.mak>
INSTALL = $(MAKE_INSTALL)
objs: $(OBJS)
$(PROGRAM)::
$(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR)
programs: $(PROGRAM)
install:: $(TARGETS)
$(INSTALL) $(TARGETS) $(DIST)/bin
symbols:
@echo "CSRCS = $(CSRCS)"
@echo "INCS = $(INCS)"
@echo "OBJS = $(OBJS)"
@echo "LIBRARY = $(LIBRARY)"
@echo "PROGRAM = $(PROGRAM)"
@echo "TARGETS = $(TARGETS)"
@echo "DIST = $(DIST)"
@echo "VERSION_NUMBER = $(VERSION_NUMBER)"
@echo "WINFE = $(WINFE)"
@echo "DBM_LIB = $(DBM_LIB)"
@echo "INSTALL = $(INSTALL)"

50
security/nss/cmd/digest/manifest.mn Normal file
Просмотреть файл

@ -0,0 +1,50 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
CORE_DEPTH = ../../..
# MODULE public and private header directories are implicitly REQUIRED.
MODULE = security
# This next line is used by .mk files
# and gets translated into $LINCS in manifest.mnw
# The MODULE is always implicitly required.
# Listing it here in REQUIRES makes it appear twice in the cc command line.
REQUIRES = seccmd dbm
DEFINES = -DNSPR20
CSRCS = digest.c
PROGRAM = digest

163
security/nss/cmd/include/secnew.h Normal file
Просмотреть файл

@ -0,0 +1,163 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#ifndef __secnew_h_
#define __secnew_h_
#include <stdio.h>
typedef struct BERTemplateStr BERTemplate;
typedef struct BERParseStr BERParse;
typedef struct SECArbStr SECArb;
/*
* An array of these structures define an encoding for an object using
* DER. The array is terminated with an entry where kind == 0.
*/
struct BERTemplateStr {
/* Kind of item to decode/encode */
unsigned long kind;
/*
* Offset from base of structure to SECItem that will hold
* decoded/encoded value.
*/
unsigned short offset;
/*
* Used with DER_SET or DER_SEQUENCE. If not zero then points to a
* sub-template. The sub-template is filled in and completed before
* continuing on.
*/
BERTemplate *sub;
/*
* Argument value, dependent on kind. Size of structure to allocate
* when kind==DER_POINTER For Context-Specific Implicit types its the
* underlying type to use.
*/
unsigned long arg;
};
/*
* an arbitrary object
*/
struct SECArbStr {
unsigned long tag; /* NOTE: does not support high tag form */
unsigned long length; /* as reported in stream */
union {
SECItem item;
struct {
int numSubs;
SECArb **subs;
} cons;
} body;
};
/*
* Decode a piece of der encoded data.
* "dest" points to a structure that will be filled in with the
* decoding results.
* "t" is a template structure which defines the shape of the
* expected data.
* "src" is the ber encoded data.
*/
extern SECStatus BER_Decode(PRArenaPool * arena, void *dest, BERTemplate *t,
SECArb *arb);
/*
* Encode a data structure into DER.
* "dest" will be filled in (and memory allocated) to hold the der
* encoded structure in "src"
* "t" is a template structure which defines the shape of the
* stored data
* "src" is a pointer to the structure that will be encoded
*/
extern SECStatus BER_Encode(PRArenaPool *arena, SECItem *dest, BERTemplate *t,
void *src);
/*
* Client provided function that will get called with all the bytes
* passing through the parser
*/
typedef void (*BERFilterProc)(void *instance, unsigned char *buf, int length);
/*
* Client provided function that can will be called after the tag and
* length information has been collected. It can be set up to be called
* either before or after the data has been colleced.
*/
typedef void (*BERNotifyProc)(
void *instance, SECArb *arb, int depth, PRBool before);
extern BERParse *BER_ParseInit(PRArenaPool *arena, PRBool forceDER);
extern SECArb *BER_ParseFini(BERParse *h);
extern SECStatus BER_ParseSome(BERParse *h, unsigned char *buf, int len);
extern void BER_SetFilter(BERParse *h, BERFilterProc proc, void *instance);
extern void BER_SetLeafStorage(BERParse *h, PRBool keep);
extern void BER_SetNotifyProc(BERParse *h, BERNotifyProc proc, void *instance,
PRBool beforeData);
/*
* A BERUnparseProc is used as a callback to put the encoded SECArb tree
* tree to some stream. It returns PR_TRUE if the unparsing is to be
* aborted.
*/
typedef SECStatus (*BERUnparseProc)(
void *instance, unsigned char *data, int length, SECArb* arb);
/*
* BER_Unparse walks the SECArb tree calling the BERUnparseProc with
* various pieces. It returns SECFailure if there was an error during that
* tree walk.
*/
extern SECStatus BER_Unparse(SECArb *arb, BERUnparseProc proc, void *instance);
/*
* BER_ResolveLengths does a recursive walk through the tree generating
* non-zero entries for the length field of each node. It will fail if it
* discoveres a non-constructed node with a unknown length data field.
* Leaves are supposed to be of known length.
*/
extern SECStatus BER_ResolveLengths(SECArb *arb);
/*
* BER_PRettyPrintArb will write an ASCII version of the tree to the FILE
* out.
*/
extern SECStatus BER_PrettyPrintArb(FILE *out, SECArb* a);
#endif /* __secnew_h_ */

73
security/nss/cmd/keyutil/Makefile Normal file
Просмотреть файл

@ -0,0 +1,73 @@
#! gmake
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platlibs.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platrules.mk

340
security/nss/cmd/keyutil/keyutil.c Normal file
Просмотреть файл

@ -0,0 +1,340 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include <stdio.h>
#include <string.h>
#include "secutil.h"
#if defined(XP_UNIX)
#include <unistd.h>
#include <sys/time.h>
#include <termios.h>
#endif
#include "secopt.h"
#if defined(XP_WIN)
#include <time.h>
#include <conio.h>
#endif
#if defined(__sun) && !defined(SVR4)
extern int fclose(FILE*);
extern int fprintf(FILE *, char *, ...);
extern int getopt(int, char**, char*);
extern int isatty(int);
extern char *optarg;
extern char *sys_errlist[];
#define strerror(errno) sys_errlist[errno]
#endif
#include "nspr.h"
#include "prtypes.h"
#include "prtime.h"
#include "prlong.h"
static char *progName;
static SECStatus
ListKeys(SECKEYKeyDBHandle *handle, FILE *out)
{
int rt;
rt = SECU_PrintKeyNames(handle, out);
if (rt) {
SECU_PrintError(progName, "unable to list nicknames");
return SECFailure;
}
return SECSuccess;
}
static SECStatus
DumpPublicKey(SECKEYKeyDBHandle *handle, char *nickname, FILE *out)
{
SECKEYLowPrivateKey *privKey;
SECKEYLowPublicKey *publicKey;
/* check if key actually exists */
if (SECU_CheckKeyNameExists(handle, nickname) == PR_FALSE) {
SECU_PrintError(progName, "the key \"%s\" does not exist", nickname);
return SECFailure;
}
/* Read in key */
privKey = SECU_GetPrivateKey(handle, nickname);
if (!privKey) {
return SECFailure;
}
publicKey = SECKEY_LowConvertToPublicKey(privKey);
/* Output public key (in the clear) */
switch(publicKey->keyType) {
case rsaKey:
fprintf(out, "RSA Public-Key:\n");
SECU_PrintInteger(out, &publicKey->u.rsa.modulus, "modulus", 1);
SECU_PrintInteger(out, &publicKey->u.rsa.publicExponent,
"publicExponent", 1);
break;
case dsaKey:
fprintf(out, "DSA Public-Key:\n");
SECU_PrintInteger(out, &publicKey->u.dsa.params.prime, "prime", 1);
SECU_PrintInteger(out, &publicKey->u.dsa.params.subPrime,
"subPrime", 1);
SECU_PrintInteger(out, &publicKey->u.dsa.params.base, "base", 1);
SECU_PrintInteger(out, &publicKey->u.dsa.publicValue, "publicValue", 1);
break;
default:
fprintf(out, "unknown key type\n");
break;
}
return SECSuccess;
}
static SECStatus
DumpPrivateKey(SECKEYKeyDBHandle *handle, char *nickname, FILE *out)
{
SECKEYLowPrivateKey *key;
/* check if key actually exists */
if (SECU_CheckKeyNameExists(handle, nickname) == PR_FALSE) {
SECU_PrintError(progName, "the key \"%s\" does not exist", nickname);
return SECFailure;
}
/* Read in key */
key = SECU_GetPrivateKey(handle, nickname);
if (!key) {
SECU_PrintError(progName, "error retrieving key");
return SECFailure;
}
switch(key->keyType) {
case rsaKey:
fprintf(out, "RSA Private-Key:\n");
SECU_PrintInteger(out, &key->u.rsa.modulus, "modulus", 1);
SECU_PrintInteger(out, &key->u.rsa.publicExponent, "publicExponent", 1);
SECU_PrintInteger(out, &key->u.rsa.privateExponent,
"privateExponent", 1);
SECU_PrintInteger(out, &key->u.rsa.prime1, "prime1", 1);
SECU_PrintInteger(out, &key->u.rsa.prime2, "prime2", 1);
SECU_PrintInteger(out, &key->u.rsa.exponent1, "exponent1", 1);
SECU_PrintInteger(out, &key->u.rsa.exponent2, "exponent2", 1);
SECU_PrintInteger(out, &key->u.rsa.coefficient, "coefficient", 1);
break;
case dsaKey:
fprintf(out, "DSA Private-Key:\n");
SECU_PrintInteger(out, &key->u.dsa.params.prime, "prime", 1);
SECU_PrintInteger(out, &key->u.dsa.params.subPrime, "subPrime", 1);
SECU_PrintInteger(out, &key->u.dsa.params.base, "base", 1);
SECU_PrintInteger(out, &key->u.dsa.publicValue, "publicValue", 1);
SECU_PrintInteger(out, &key->u.dsa.privateValue, "privateValue", 1);
break;
default:
fprintf(out, "unknown key type\n");
break;
}
return SECSuccess;
}
static SECStatus
ChangePassword(SECKEYKeyDBHandle *handle)
{
SECStatus rv;
/* Write out database with a new password */
rv = SECU_ChangeKeyDBPassword(handle, NULL);
if (rv) {
SECU_PrintError(progName, "unable to change key password");
}
return rv;
}
static SECStatus
DeletePrivateKey (SECKEYKeyDBHandle *keyHandle, char *nickName)
{
SECStatus rv;
rv = SECU_DeleteKeyByName (keyHandle, nickName);
if (rv != SECSuccess)
fprintf(stderr, "%s: problem deleting private key (%s)\n",
progName, SECU_Strerror(PR_GetError()));
return (rv);
}
static void
Usage(const char *progName)
{
fprintf(stderr,
"Usage: %s -p name [-d keydir]\n", progName);
fprintf(stderr,
" %s -P name [-d keydir]\n", progName);
fprintf(stderr,
" %s -D name [-d keydir]\n", progName);
fprintf(stderr,
" %s -l [-d keydir]\n", progName);
fprintf(stderr,
" %s -c [-d keydir]\n", progName);
fprintf(stderr, "%-20s Pretty print public key info for named key\n",
"-p nickname");
fprintf(stderr, "%-20s Pretty print private key info for named key\n",
"-P nickname");
fprintf(stderr, "%-20s Delete named private key from the key database\n",
"-D nickname");
fprintf(stderr, "%-20s List the nicknames for the keys in a database\n",
"-l");
fprintf(stderr, "%-20s Change the key database password\n",
"-c");
fprintf(stderr, "\n");
fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
"-d keydir");
exit(-1);
}
int main(int argc, char **argv)
{
int o, changePassword, deleteKey, dumpPublicKey, dumpPrivateKey, list;
char *nickname;
SECStatus rv;
SECKEYKeyDBHandle *keyHandle;
progName = strrchr(argv[0], '/');
progName = progName ? progName+1 : argv[0];
/* Parse command line arguments */
changePassword = deleteKey = dumpPublicKey = dumpPrivateKey = list = 0;
nickname = NULL;
while ((o = getopt(argc, argv, "ADP:cd:glp:")) != -1) {
switch (o) {
case '?':
Usage(progName);
break;
case 'A':
fprintf(stderr, "%s: Can no longer add a key.", progName);
fprintf(stderr, " Use pkcs12 to import a key.\n\n");
Usage(progName);
break;
case 'D':
deleteKey = 1;
nickname = optarg;
break;
case 'P':
dumpPrivateKey = 1;
nickname = optarg;
break;
case 'c':
changePassword = 1;
break;
case 'd':
SECU_ConfigDirectory(optarg);
break;
case 'g':
fprintf(stderr, "%s: Can no longer generate a key.", progName);
fprintf(stderr, " Use certutil to generate a cert request.\n\n");
Usage(progName);
break;
case 'l':
list = 1;
break;
case 'p':
dumpPublicKey = 1;
nickname = optarg;
break;
}
}
if (dumpPublicKey+changePassword+dumpPrivateKey+list+deleteKey != 1)
Usage(progName);
if ((list || changePassword) && nickname)
Usage(progName);
if ((dumpPublicKey || dumpPrivateKey || deleteKey) && !nickname)
Usage(progName);
/* Call the libsec initialization routines */
PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
SEC_Init();
/*
* XXX Note that the following opens the key database writable.
* If dumpPublicKey or dumpPrivateKey or list, though, we only want
* to open it read-only. There needs to be a better interface
* to the initialization routines so that we can specify which way
* to open it.
*/
rv = SECU_PKCS11Init();
if (rv != SECSuccess) {
SECU_PrintError(progName, "SECU_PKCS11Init failed");
return -1;
}
keyHandle = SECKEY_GetDefaultKeyDB();
if (keyHandle == NULL) {
SECU_PrintError(progName, "could not open key database");
return -1;
}
if (dumpPublicKey) {
rv = DumpPublicKey(keyHandle, nickname, stdout);
} else
if (changePassword) {
rv = ChangePassword(keyHandle);
} else
if (dumpPrivateKey) {
rv = DumpPrivateKey(keyHandle, nickname, stdout);
} else
if (list) {
rv = ListKeys(keyHandle, stdout);
} else
if (deleteKey) {
rv = DeletePrivateKey(keyHandle, nickname);
}
return rv ? -1 : 0;
}

50
security/nss/cmd/keyutil/manifest.mn Normal file
Просмотреть файл

@ -0,0 +1,50 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
CORE_DEPTH = ../../..
DEFINES += -DNSPR20
# MODULE public and private header directories are implicitly REQUIRED.
MODULE = security
CSRCS = \
keyutil.c \
$(NULL)
# The MODULE is always implicitly required.
# Listing it here in REQUIRES makes it appear twice in the cc command line.
REQUIRES = seccmd dbm
PROGRAM = keyutil

75
security/nss/cmd/lib/Makefile Normal file
Просмотреть файл

@ -0,0 +1,75 @@
#! gmake
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include config.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################

133
security/nss/cmd/lib/NSPRerrs.h Normal file
Просмотреть файл

@ -0,0 +1,133 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
/* General NSPR 2.0 errors */
/* Caller must #include "prerror.h" */
ER2( PR_OUT_OF_MEMORY_ERROR, "Memory allocation attempt failed." )
ER2( PR_BAD_DESCRIPTOR_ERROR, "Invalid file descriptor." )
ER2( PR_WOULD_BLOCK_ERROR, "The operation would have blocked." )
ER2( PR_ACCESS_FAULT_ERROR, "Invalid memory address argument." )
ER2( PR_INVALID_METHOD_ERROR, "Invalid function for file type." )
ER2( PR_ILLEGAL_ACCESS_ERROR, "Invalid memory address argument." )
ER2( PR_UNKNOWN_ERROR, "Some unknown error has occurred." )
ER2( PR_PENDING_INTERRUPT_ERROR,"Operation interrupted by another thread." )
ER2( PR_NOT_IMPLEMENTED_ERROR, "function not implemented." )
ER2( PR_IO_ERROR, "I/O function error." )
ER2( PR_IO_TIMEOUT_ERROR, "I/O operation timed out." )
ER2( PR_IO_PENDING_ERROR, "I/O operation on busy file descriptor." )
ER2( PR_DIRECTORY_OPEN_ERROR, "The directory could not be opened." )
ER2( PR_INVALID_ARGUMENT_ERROR, "Invalid function argument." )
ER2( PR_ADDRESS_NOT_AVAILABLE_ERROR, "Network address not available (in use?)." )
ER2( PR_ADDRESS_NOT_SUPPORTED_ERROR, "Network address type not supported." )
ER2( PR_IS_CONNECTED_ERROR, "Already connected." )
ER2( PR_BAD_ADDRESS_ERROR, "Network address is invalid." )
ER2( PR_ADDRESS_IN_USE_ERROR, "Local Network address is in use." )
ER2( PR_CONNECT_REFUSED_ERROR, "Connection refused by peer." )
ER2( PR_NETWORK_UNREACHABLE_ERROR, "Network address is presently unreachable." )
ER2( PR_CONNECT_TIMEOUT_ERROR, "Connection attempt timed out." )
ER2( PR_NOT_CONNECTED_ERROR, "Network file descriptor is not connected." )
ER2( PR_LOAD_LIBRARY_ERROR, "Failure to load dynamic library." )
ER2( PR_UNLOAD_LIBRARY_ERROR, "Failure to unload dynamic library." )
ER2( PR_FIND_SYMBOL_ERROR,
"Symbol not found in any of the loaded dynamic libraries." )
ER2( PR_INSUFFICIENT_RESOURCES_ERROR, "Insufficient system resources." )
ER2( PR_DIRECTORY_LOOKUP_ERROR,
"A directory lookup on a network address has failed." )
ER2( PR_TPD_RANGE_ERROR,
"Attempt to access a TPD key that is out of range." )
ER2( PR_PROC_DESC_TABLE_FULL_ERROR, "Process open FD table is full." )
ER2( PR_SYS_DESC_TABLE_FULL_ERROR, "System open FD table is full." )
ER2( PR_NOT_SOCKET_ERROR,
"Network operation attempted on non-network file descriptor." )
ER2( PR_NOT_TCP_SOCKET_ERROR,
"TCP-specific function attempted on a non-TCP file descriptor." )
ER2( PR_SOCKET_ADDRESS_IS_BOUND_ERROR, "TCP file descriptor is already bound." )
ER2( PR_NO_ACCESS_RIGHTS_ERROR, "Access Denied." )
ER2( PR_OPERATION_NOT_SUPPORTED_ERROR,
"The requested operation is not supported by the platform." )
ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR,
"The host operating system does not support the protocol requested." )
ER2( PR_REMOTE_FILE_ERROR, "Access to the remote file has been severed." )
ER2( PR_BUFFER_OVERFLOW_ERROR,
"The value requested is too large to be stored in the data buffer provided." )
ER2( PR_CONNECT_RESET_ERROR, "TCP connection reset by peer." )
ER2( PR_RANGE_ERROR, "Unused." )
ER2( PR_DEADLOCK_ERROR, "The operation would have deadlocked." )
ER2( PR_FILE_IS_LOCKED_ERROR, "The file is already locked." )
ER2( PR_FILE_TOO_BIG_ERROR,
"Write would result in file larger than the system allows." )
ER2( PR_NO_DEVICE_SPACE_ERROR, "The device for storing the file is full." )
ER2( PR_PIPE_ERROR, "Unused." )
ER2( PR_NO_SEEK_DEVICE_ERROR, "Unused." )
ER2( PR_IS_DIRECTORY_ERROR,
"Cannot perform a normal file operation on a directory." )
ER2( PR_LOOP_ERROR, "Symbolic link loop." )
ER2( PR_NAME_TOO_LONG_ERROR, "File name is too long." )
ER2( PR_FILE_NOT_FOUND_ERROR, "File not found." )
ER2( PR_NOT_DIRECTORY_ERROR,
"Cannot perform directory operation on a normal file." )
ER2( PR_READ_ONLY_FILESYSTEM_ERROR,
"Cannot write to a read-only file system." )
ER2( PR_DIRECTORY_NOT_EMPTY_ERROR,
"Cannot delete a directory that is not empty." )
ER2( PR_FILESYSTEM_MOUNTED_ERROR,
"Cannot delete or rename a file object while the file system is busy." )
ER2( PR_NOT_SAME_DEVICE_ERROR,
"Cannot rename a file to a file system on another device." )
ER2( PR_DIRECTORY_CORRUPTED_ERROR,
"The directory object in the file system is corrupted." )
ER2( PR_FILE_EXISTS_ERROR,
"Cannot create or rename a filename that already exists." )
ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR,
"Directory is full. No additional filenames may be added." )
ER2( PR_INVALID_DEVICE_STATE_ERROR,
"The required device was in an invalid state." )
ER2( PR_DEVICE_IS_LOCKED_ERROR, "The device is locked." )
ER2( PR_NO_MORE_FILES_ERROR, "No more entries in the directory." )
ER2( PR_END_OF_FILE_ERROR, "Encountered end of file." )
ER2( PR_FILE_SEEK_ERROR, "Seek error." )
ER2( PR_FILE_IS_BUSY_ERROR, "The file is busy." )
ER2( PR_IN_PROGRESS_ERROR,
"Operation is still in progress (probably a non-blocking connect)." )
ER2( PR_ALREADY_INITIATED_ERROR,
"Operation has already been initiated (probably a non-blocking connect)." )
#ifdef PR_GROUP_EMPTY_ERROR
ER2( PR_GROUP_EMPTY_ERROR, "The wait group is empty." )
#endif
#ifdef PR_INVALID_STATE_ERROR
ER2( PR_INVALID_STATE_ERROR, "Object state improper for request." )
#endif
ER2( PR_MAX_ERROR, "Placeholder for the end of the list" )

441
security/nss/cmd/lib/SECerrs.h Normal file
Просмотреть файл

@ -0,0 +1,441 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
/* General security error codes */
/* Caller must #include "secerr.h" */
ER3(SEC_ERROR_IO, SEC_ERROR_BASE + 0,
"An I/O error occurred during security authorization.")
ER3(SEC_ERROR_LIBRARY_FAILURE, SEC_ERROR_BASE + 1,
"security library failure.")
ER3(SEC_ERROR_BAD_DATA, SEC_ERROR_BASE + 2,
"security library: received bad data.")
ER3(SEC_ERROR_OUTPUT_LEN, SEC_ERROR_BASE + 3,
"security library: output length error.")
ER3(SEC_ERROR_INPUT_LEN, SEC_ERROR_BASE + 4,
"security library has experienced an input length error.")
ER3(SEC_ERROR_INVALID_ARGS, SEC_ERROR_BASE + 5,
"security library: invalid arguments.")
ER3(SEC_ERROR_INVALID_ALGORITHM, SEC_ERROR_BASE + 6,
"security library: invalid algorithm.")
ER3(SEC_ERROR_INVALID_AVA, SEC_ERROR_BASE + 7,
"security library: invalid AVA.")
ER3(SEC_ERROR_INVALID_TIME, SEC_ERROR_BASE + 8,
"Improperly formatted time string.")
ER3(SEC_ERROR_BAD_DER, SEC_ERROR_BASE + 9,
"security library: improperly formatted DER-encoded message.")
ER3(SEC_ERROR_BAD_SIGNATURE, SEC_ERROR_BASE + 10,
"Peer's certificate has an invalid signature.")
ER3(SEC_ERROR_EXPIRED_CERTIFICATE, SEC_ERROR_BASE + 11,
"Peer's Certificate has expired.")
ER3(SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_BASE + 12,
"Peer's Certificate has been revoked.")
ER3(SEC_ERROR_UNKNOWN_ISSUER, SEC_ERROR_BASE + 13,
"Peer's Certificate issuer is not recognized.")
ER3(SEC_ERROR_BAD_KEY, SEC_ERROR_BASE + 14,
"Peer's public key is invalid.")
ER3(SEC_ERROR_BAD_PASSWORD, SEC_ERROR_BASE + 15,
"The security password entered is incorrect.")
ER3(SEC_ERROR_RETRY_PASSWORD, SEC_ERROR_BASE + 16,
"New password entered incorrectly. Please try again.")
ER3(SEC_ERROR_NO_NODELOCK, SEC_ERROR_BASE + 17,
"security library: no nodelock.")
ER3(SEC_ERROR_BAD_DATABASE, SEC_ERROR_BASE + 18,
"security library: bad database.")
ER3(SEC_ERROR_NO_MEMORY, SEC_ERROR_BASE + 19,
"security library: memory allocation failure.")
ER3(SEC_ERROR_UNTRUSTED_ISSUER, SEC_ERROR_BASE + 20,
"Peer's certificate issuer has been marked as not trusted by the user.")
ER3(SEC_ERROR_UNTRUSTED_CERT, SEC_ERROR_BASE + 21,
"Peer's certificate has been marked as not trusted by the user.")
ER3(SEC_ERROR_DUPLICATE_CERT, (SEC_ERROR_BASE + 22),
"Certificate already exists in your database.")
ER3(SEC_ERROR_DUPLICATE_CERT_NAME, (SEC_ERROR_BASE + 23),
"Downloaded certificate's name duplicates one already in your database.")
ER3(SEC_ERROR_ADDING_CERT, (SEC_ERROR_BASE + 24),
"Error adding certificate to database.")
ER3(SEC_ERROR_FILING_KEY, (SEC_ERROR_BASE + 25),
"Error refiling the key for this certificate.")
ER3(SEC_ERROR_NO_KEY, (SEC_ERROR_BASE + 26),
"The private key for this certificate cannot be found in key database")
ER3(SEC_ERROR_CERT_VALID, (SEC_ERROR_BASE + 27),
"This certificate is valid.")
ER3(SEC_ERROR_CERT_NOT_VALID, (SEC_ERROR_BASE + 28),
"This certificate is not valid.")
ER3(SEC_ERROR_CERT_NO_RESPONSE, (SEC_ERROR_BASE + 29),
"Cert Library: No Response")
ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, (SEC_ERROR_BASE + 30),
"The certificate issuer's certificate has expired. Check your system date and time.")
ER3(SEC_ERROR_CRL_EXPIRED, (SEC_ERROR_BASE + 31),
"The CRL for the certificate's issuer has expired. Update it or check your system data and time.")
ER3(SEC_ERROR_CRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 32),
"The CRL for the certificate's issuer has an invalid signature.")
ER3(SEC_ERROR_CRL_INVALID, (SEC_ERROR_BASE + 33),
"New CRL has an invalid format.")
ER3(SEC_ERROR_EXTENSION_VALUE_INVALID, (SEC_ERROR_BASE + 34),
"Certificate extension value is invalid.")
ER3(SEC_ERROR_EXTENSION_NOT_FOUND, (SEC_ERROR_BASE + 35),
"Certificate extension not found.")
ER3(SEC_ERROR_CA_CERT_INVALID, (SEC_ERROR_BASE + 36),
"Issuer certificate is invalid.")
ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID, (SEC_ERROR_BASE + 37),
"Certificate path length constraint is invalid.")
ER3(SEC_ERROR_CERT_USAGES_INVALID, (SEC_ERROR_BASE + 38),
"Certificate usages field is invalid.")
ER3(SEC_INTERNAL_ONLY, (SEC_ERROR_BASE + 39),
"**Internal ONLY module**")
ER3(SEC_ERROR_INVALID_KEY, (SEC_ERROR_BASE + 40),
"The key does not support the requested operation.")
ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 41),
"Certificate contains unknown critical extension.")
ER3(SEC_ERROR_OLD_CRL, (SEC_ERROR_BASE + 42),
"New CRL is not later than the current one.")
ER3(SEC_ERROR_NO_EMAIL_CERT, (SEC_ERROR_BASE + 43),
"Not encrypted or signed: you do not yet have an email certificate.")
ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY, (SEC_ERROR_BASE + 44),
"Not encrypted: you do not have certificates for each of the recipients.")
ER3(SEC_ERROR_NOT_A_RECIPIENT, (SEC_ERROR_BASE + 45),
"Cannot decrypt: you are not a recipient, or matching certificate and \
private key not found.")
ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH, (SEC_ERROR_BASE + 46),
"Cannot decrypt: key encryption algorithm does not match your certificate.")
ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE, (SEC_ERROR_BASE + 47),
"Signature verification failed: no signer found, too many signers found, \
or improper or corrupted data.")
ER3(SEC_ERROR_UNSUPPORTED_KEYALG, (SEC_ERROR_BASE + 48),
"Unsupported or unknown key algorithm.")
ER3(SEC_ERROR_DECRYPTION_DISALLOWED, (SEC_ERROR_BASE + 49),
"Cannot decrypt: encrypted using a disallowed algorithm or key size.")
/* Fortezza Alerts */
ER3(XP_SEC_FORTEZZA_BAD_CARD, (SEC_ERROR_BASE + 50),
"Fortezza card has not been properly initialized. \
Please remove it and return it to your issuer.")
ER3(XP_SEC_FORTEZZA_NO_CARD, (SEC_ERROR_BASE + 51),
"No Fortezza cards Found")
ER3(XP_SEC_FORTEZZA_NONE_SELECTED, (SEC_ERROR_BASE + 52),
"No Fortezza card selected")
ER3(XP_SEC_FORTEZZA_MORE_INFO, (SEC_ERROR_BASE + 53),
"Please select a personality to get more info on")
ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND, (SEC_ERROR_BASE + 54),
"Personality not found")
ER3(XP_SEC_FORTEZZA_NO_MORE_INFO, (SEC_ERROR_BASE + 55),
"No more information on that Personality")
ER3(XP_SEC_FORTEZZA_BAD_PIN, (SEC_ERROR_BASE + 56),
"Invalid Pin")
ER3(XP_SEC_FORTEZZA_PERSON_ERROR, (SEC_ERROR_BASE + 57),
"Couldn't initialize Fortezza personalities.")
/* end fortezza alerts. */
ER3(SEC_ERROR_NO_KRL, (SEC_ERROR_BASE + 58),
"No KRL for this site's certificate has been found.")
ER3(SEC_ERROR_KRL_EXPIRED, (SEC_ERROR_BASE + 59),
"The KRL for this site's certificate has expired.")
ER3(SEC_ERROR_KRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 60),
"The KRL for this site's certificate has an invalid signature.")
ER3(SEC_ERROR_REVOKED_KEY, (SEC_ERROR_BASE + 61),
"The key for this site's certificate has been revoked.")
ER3(SEC_ERROR_KRL_INVALID, (SEC_ERROR_BASE + 62),
"New KRL has an invalid format.")
ER3(SEC_ERROR_NEED_RANDOM, (SEC_ERROR_BASE + 63),
"security library: need random data.")
ER3(SEC_ERROR_NO_MODULE, (SEC_ERROR_BASE + 64),
"security library: no security module can perform the requested operation.")
ER3(SEC_ERROR_NO_TOKEN, (SEC_ERROR_BASE + 65),
"The security card or token does not exist, needs to be initialized, or has been removed.")
ER3(SEC_ERROR_READ_ONLY, (SEC_ERROR_BASE + 66),
"security library: read-only database.")
ER3(SEC_ERROR_NO_SLOT_SELECTED, (SEC_ERROR_BASE + 67),
"No slot or token was selected.")
ER3(SEC_ERROR_CERT_NICKNAME_COLLISION, (SEC_ERROR_BASE + 68),
"A certificate with the same nickname already exists.")
ER3(SEC_ERROR_KEY_NICKNAME_COLLISION, (SEC_ERROR_BASE + 69),
"A key with the same nickname already exists.")
ER3(SEC_ERROR_SAFE_NOT_CREATED, (SEC_ERROR_BASE + 70),
"error while creating safe object")
ER3(SEC_ERROR_BAGGAGE_NOT_CREATED, (SEC_ERROR_BASE + 71),
"error while creating baggage object")
ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR, (SEC_ERROR_BASE + 72),
"Couldn't remove the principal")
ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR, (SEC_ERROR_BASE + 73),
"Couldn't delete the privilege")
ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR, (SEC_ERROR_BASE + 74),
"This principal doesn't have a certificate")
ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM, (SEC_ERROR_BASE + 75),
"Required algorithm is not allowed.")
ER3(SEC_ERROR_EXPORTING_CERTIFICATES, (SEC_ERROR_BASE + 76),
"Error attempting to export certificates.")
ER3(SEC_ERROR_IMPORTING_CERTIFICATES, (SEC_ERROR_BASE + 77),
"Error attempting to import certificates.")
ER3(SEC_ERROR_PKCS12_DECODING_PFX, (SEC_ERROR_BASE + 78),
"Unable to import. Decoding error. File not valid.")
ER3(SEC_ERROR_PKCS12_INVALID_MAC, (SEC_ERROR_BASE + 79),
"Unable to import. Invalid MAC. Incorrect password or corrupt file.")
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM, (SEC_ERROR_BASE + 80),
"Unable to import. MAC algorithm not supported.")
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE,(SEC_ERROR_BASE + 81),
"Unable to import. Only password integrity and privacy modes supported.")
ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE, (SEC_ERROR_BASE + 82),
"Unable to import. File structure is corrupt.")
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM, (SEC_ERROR_BASE + 83),
"Unable to import. Encryption algorithm not supported.")
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION, (SEC_ERROR_BASE + 84),
"Unable to import. File version not supported.")
ER3(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT,(SEC_ERROR_BASE + 85),
"Unable to import. Incorrect privacy password.")
ER3(SEC_ERROR_PKCS12_CERT_COLLISION, (SEC_ERROR_BASE + 86),
"Unable to import. Same nickname already exists in database.")
ER3(SEC_ERROR_USER_CANCELLED, (SEC_ERROR_BASE + 87),
"The user pressed cancel.")
ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA, (SEC_ERROR_BASE + 88),
"Not imported, already in database.")
ER3(SEC_ERROR_MESSAGE_SEND_ABORTED, (SEC_ERROR_BASE + 89),
"Message not sent.")
ER3(SEC_ERROR_INADEQUATE_KEY_USAGE, (SEC_ERROR_BASE + 90),
"Certificate key usage inadequate for attempted operation.")
ER3(SEC_ERROR_INADEQUATE_CERT_TYPE, (SEC_ERROR_BASE + 91),
"Certificate type not approved for application.")
ER3(SEC_ERROR_CERT_ADDR_MISMATCH, (SEC_ERROR_BASE + 92),
"Address in signing certificate does not match address in message headers.")
ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY, (SEC_ERROR_BASE + 93),
"Unable to import. Error attempting to import private key.")
ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN, (SEC_ERROR_BASE + 94),
"Unable to import. Error attempting to import certificate chain.")
ER3(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME, (SEC_ERROR_BASE + 95),
"Unable to export. Unable to locate certificate or key by nickname.")
ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY, (SEC_ERROR_BASE + 96),
"Unable to export. Private Key could not be located and exported.")
ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, (SEC_ERROR_BASE + 97),
"Unable to export. Unable to write the export file.")
ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ, (SEC_ERROR_BASE + 98),
"Unable to import. Unable to read the import file.")
ER3(SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED, (SEC_ERROR_BASE + 99),
"Unable to export. Key database corrupt or deleted.")
ER3(SEC_ERROR_KEYGEN_FAIL, (SEC_ERROR_BASE + 100),
"Unable to generate public/private key pair.")
ER3(SEC_ERROR_INVALID_PASSWORD, (SEC_ERROR_BASE + 101),
"Password entered is invalid. Please pick a different one.")
ER3(SEC_ERROR_RETRY_OLD_PASSWORD, (SEC_ERROR_BASE + 102),
"Old password entered incorrectly. Please try again.")
ER3(SEC_ERROR_BAD_NICKNAME, (SEC_ERROR_BASE + 103),
"Certificate nickname already in use.")
ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER, (SEC_ERROR_BASE + 104),
"Peer FORTEZZA chain has a non-FORTEZZA Certificate.")
/* ER3(SEC_ERROR_UNKNOWN, (SEC_ERROR_BASE + 105), */
ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, (SEC_ERROR_BASE + 106),
"Invalid module name.")
ER3(SEC_ERROR_JS_INVALID_DLL, (SEC_ERROR_BASE + 107),
"Invalid module path/filename")
ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, (SEC_ERROR_BASE + 108),
"Unable to add module")
ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, (SEC_ERROR_BASE + 109),
"Unable to delete module")
ER3(SEC_ERROR_OLD_KRL, (SEC_ERROR_BASE + 110),
"New KRL is not later than the current one.")
ER3(SEC_ERROR_CKL_CONFLICT, (SEC_ERROR_BASE + 111),
"New CKL has different issuer than current CKL. Delete current CKL.")
ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, (SEC_ERROR_BASE + 112),
"The Certifying Authority for this certificate is not permitted to issue a \
certificate with this name.")
ER3(SEC_ERROR_KRL_NOT_YET_VALID, (SEC_ERROR_BASE + 113),
"The key revocation list for this certificate is not yet valid.")
ER3(SEC_ERROR_CRL_NOT_YET_VALID, (SEC_ERROR_BASE + 114),
"The certificate revocation list for this certificate is not yet valid.")
ER3(SEC_ERROR_UNKNOWN_CERT, (SEC_ERROR_BASE + 115),
"The requested certificate could not be found.")
ER3(SEC_ERROR_UNKNOWN_SIGNER, (SEC_ERROR_BASE + 116),
"The signer's certificate could not be found.")
ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, (SEC_ERROR_BASE + 117),
"The location for the certificate status server has invalid format.")
ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE, (SEC_ERROR_BASE + 118),
"The OCSP response cannot be fully decoded; it is of an unknown type.")
ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 119),
"The OCSP server returned unexpected/invalid HTTP data.")
ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST, (SEC_ERROR_BASE + 120),
"The OCSP server found the request to be corrupted or improperly formed.")
ER3(SEC_ERROR_OCSP_SERVER_ERROR, (SEC_ERROR_BASE + 121),
"The OCSP server experienced an internal error.")
ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER, (SEC_ERROR_BASE + 122),
"The OCSP server suggests trying again later.")
ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, (SEC_ERROR_BASE + 123),
"The OCSP server requires a signature on this request.")
ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, (SEC_ERROR_BASE + 124),
"The OCSP server has refused this request as unauthorized.")
ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, (SEC_ERROR_BASE + 125),
"The OCSP server returned an unrecognizable status.")
ER3(SEC_ERROR_OCSP_UNKNOWN_CERT, (SEC_ERROR_BASE + 126),
"The OCSP server has no status for the certificate.")
ER3(SEC_ERROR_OCSP_NOT_ENABLED, (SEC_ERROR_BASE + 127),
"You must enable OCSP before performing this operation.")
ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER, (SEC_ERROR_BASE + 128),
"You must set the OCSP default responder before performing this operation.")
ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE, (SEC_ERROR_BASE + 129),
"The response from the OCSP server was corrupted or improperly formed.")
ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE, (SEC_ERROR_BASE + 130),
"The signer of the OCSP response is not authorized to give status for \
this certificate.")
ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE, (SEC_ERROR_BASE + 131),
"The OCSP response is not yet valid (contains a date in the future).")
ER3(SEC_ERROR_OCSP_OLD_RESPONSE, (SEC_ERROR_BASE + 132),
"The OCSP response contains out-of-date information.")

366
security/nss/cmd/lib/SSLerrs.h Normal file
Просмотреть файл

@ -0,0 +1,366 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
/* SSL-specific security error codes */
/* caller must include "sslerr.h" */
ER3(SSL_ERROR_EXPORT_ONLY_SERVER, SSL_ERROR_BASE + 0,
"Unable to communicate securely. Peer does not support high-grade encryption.")
ER3(SSL_ERROR_US_ONLY_SERVER, SSL_ERROR_BASE + 1,
"Unable to communicate securely. Peer requires high-grade encryption which is not supported.")
ER3(SSL_ERROR_NO_CYPHER_OVERLAP, SSL_ERROR_BASE + 2,
"Cannot communicate securely with peer: no common encryption algorithm(s).")
ER3(SSL_ERROR_NO_CERTIFICATE, SSL_ERROR_BASE + 3,
"Unable to find the certificate or key necessary for authentication.")
ER3(SSL_ERROR_BAD_CERTIFICATE, SSL_ERROR_BASE + 4,
"Unable to communicate securely with peer: peers's certificate was rejected.")
/* unused (SSL_ERROR_BASE + 5),*/
ER3(SSL_ERROR_BAD_CLIENT, SSL_ERROR_BASE + 6,
"The server has encountered bad data from the client.")
ER3(SSL_ERROR_BAD_SERVER, SSL_ERROR_BASE + 7,
"The client has encountered bad data from the server.")
ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE, SSL_ERROR_BASE + 8,
"Unsupported certificate type.")
ER3(SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_BASE + 9,
"Peer using unsupported version of security protocol.")
/* unused (SSL_ERROR_BASE + 10),*/
ER3(SSL_ERROR_WRONG_CERTIFICATE, SSL_ERROR_BASE + 11,
"Client authentication failed: private key in key database does not match public key in certificate database.")
ER3(SSL_ERROR_BAD_CERT_DOMAIN, SSL_ERROR_BASE + 12,
"Unable to communicate securely with peer: requested domain name does not match the server's certificate.")
/* SSL_ERROR_POST_WARNING (SSL_ERROR_BASE + 13),
defined in sslerr.h
*/
ER3(SSL_ERROR_SSL2_DISABLED, (SSL_ERROR_BASE + 14),
"Peer only supports SSL version 2, which is locally disabled.")
ER3(SSL_ERROR_BAD_MAC_READ, (SSL_ERROR_BASE + 15),
"SSL received a record with an incorrect Message Authentication Code.")
ER3(SSL_ERROR_BAD_MAC_ALERT, (SSL_ERROR_BASE + 16),
"SSL peer reports incorrect Message Authentication Code.")
ER3(SSL_ERROR_BAD_CERT_ALERT, (SSL_ERROR_BASE + 17),
"SSL peer cannot verify your certificate.")
ER3(SSL_ERROR_REVOKED_CERT_ALERT, (SSL_ERROR_BASE + 18),
"SSL peer rejected your certificate as revoked.")
ER3(SSL_ERROR_EXPIRED_CERT_ALERT, (SSL_ERROR_BASE + 19),
"SSL peer rejected your certificate as expired.")
ER3(SSL_ERROR_SSL_DISABLED, (SSL_ERROR_BASE + 20),
"Cannot connect: SSL is disabled.")
ER3(SSL_ERROR_FORTEZZA_PQG, (SSL_ERROR_BASE + 21),
"Cannot connect: SSL peer is in another FORTEZZA domain.")
ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE , (SSL_ERROR_BASE + 22),
"An unknown SSL cipher suite has been requested.")
ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED , (SSL_ERROR_BASE + 23),
"No cipher suites are present and enabled in this program.")
ER3(SSL_ERROR_BAD_BLOCK_PADDING , (SSL_ERROR_BASE + 24),
"SSL received a record with bad block padding.")
ER3(SSL_ERROR_RX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 25),
"SSL received a record that exceeded the maximum permissible length.")
ER3(SSL_ERROR_TX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 26),
"SSL attempted to send a record that exceeded the maximum permissible length.")
/*
* Received a malformed (too long or short or invalid content) SSL handshake.
*/
ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST , (SSL_ERROR_BASE + 27),
"SSL received a malformed Hello Request handshake message.")
ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO , (SSL_ERROR_BASE + 28),
"SSL received a malformed Client Hello handshake message.")
ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO , (SSL_ERROR_BASE + 29),
"SSL received a malformed Server Hello handshake message.")
ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE , (SSL_ERROR_BASE + 30),
"SSL received a malformed Certificate handshake message.")
ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 31),
"SSL received a malformed Server Key Exchange handshake message.")
ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST , (SSL_ERROR_BASE + 32),
"SSL received a malformed Certificate Request handshake message.")
ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE , (SSL_ERROR_BASE + 33),
"SSL received a malformed Server Hello Done handshake message.")
ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY , (SSL_ERROR_BASE + 34),
"SSL received a malformed Certificate Verify handshake message.")
ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 35),
"SSL received a malformed Client Key Exchange handshake message.")
ER3(SSL_ERROR_RX_MALFORMED_FINISHED , (SSL_ERROR_BASE + 36),
"SSL received a malformed Finished handshake message.")
/*
* Received a malformed (too long or short) SSL record.
*/
ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER , (SSL_ERROR_BASE + 37),
"SSL received a malformed Change Cipher Spec record.")
ER3(SSL_ERROR_RX_MALFORMED_ALERT , (SSL_ERROR_BASE + 38),
"SSL received a malformed Alert record.")
ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE , (SSL_ERROR_BASE + 39),
"SSL received a malformed Handshake record.")
ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA , (SSL_ERROR_BASE + 40),
"SSL received a malformed Application Data record.")
/*
* Received an SSL handshake that was inappropriate for the state we're in.
* E.g. Server received message from server, or wrong state in state machine.
*/
ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST , (SSL_ERROR_BASE + 41),
"SSL received an unexpected Hello Request handshake message.")
ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO , (SSL_ERROR_BASE + 42),
"SSL received an unexpected Client Hello handshake message.")
ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO , (SSL_ERROR_BASE + 43),
"SSL received an unexpected Server Hello handshake message.")
ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE , (SSL_ERROR_BASE + 44),
"SSL received an unexpected Certificate handshake message.")
ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 45),
"SSL received an unexpected Server Key Exchange handshake message.")
ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST , (SSL_ERROR_BASE + 46),
"SSL received an unexpected Certificate Request handshake message.")
ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE , (SSL_ERROR_BASE + 47),
"SSL received an unexpected Server Hello Done handshake message.")
ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY , (SSL_ERROR_BASE + 48),
"SSL received an unexpected Certificate Verify handshake message.")
ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 49),
"SSL received an unexpected Cllient Key Exchange handshake message.")
ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED , (SSL_ERROR_BASE + 50),
"SSL received an unexpected Finished handshake message.")
/*
* Received an SSL record that was inappropriate for the state we're in.
*/
ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER , (SSL_ERROR_BASE + 51),
"SSL received an unexpected Change Cipher Spec record.")
ER3(SSL_ERROR_RX_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 52),
"SSL received an unexpected Alert record.")
ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE , (SSL_ERROR_BASE + 53),
"SSL received an unexpected Handshake record.")
ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54),
"SSL received an unexpected Application Data record.")
/*
* Received record/message with unknown discriminant.
*/
ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE , (SSL_ERROR_BASE + 55),
"SSL received a record with an unknown content type.")
ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE , (SSL_ERROR_BASE + 56),
"SSL received a handshake message with an unknown message type.")
ER3(SSL_ERROR_RX_UNKNOWN_ALERT , (SSL_ERROR_BASE + 57),
"SSL received an alert record with an unknown alert description.")
/*
* Received an alert reporting what we did wrong. (more alerts above)
*/
ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT , (SSL_ERROR_BASE + 58),
"SSL peer has closed this connection.")
ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 59),
"SSL peer was not expecting a handshake message it received.")
ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT , (SSL_ERROR_BASE + 60),
"SSL peer was unable to succesfully decompress an SSL record it received.")
ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT , (SSL_ERROR_BASE + 61),
"SSL peer was unable to negotiate an acceptable set of security parameters.")
ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT , (SSL_ERROR_BASE + 62),
"SSL peer rejected a handshake message for unacceptable content.")
ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT , (SSL_ERROR_BASE + 63),
"SSL peer does not support certificates of the type it received.")
ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT , (SSL_ERROR_BASE + 64),
"SSL peer had some unspecified issue with the certificate it received.")
ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE , (SSL_ERROR_BASE + 65),
"SSL experienced a failure of its random number generator.")
ER3(SSL_ERROR_SIGN_HASHES_FAILURE , (SSL_ERROR_BASE + 66),
"Unable to digitally sign data required to verify your certificate.")
ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE , (SSL_ERROR_BASE + 67),
"SSL was unable to extract the public key from the peer's certificate.")
ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 68),
"Unspecified failure while processing SSL Server Key Exchange handshake.")
ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 69),
"Unspecified failure while processing SSL Client Key Exchange handshake.")
ER3(SSL_ERROR_ENCRYPTION_FAILURE , (SSL_ERROR_BASE + 70),
"Bulk data encryption algorithm failed in selected cipher suite.")
ER3(SSL_ERROR_DECRYPTION_FAILURE , (SSL_ERROR_BASE + 71),
"Bulk data decryption algorithm failed in selected cipher suite.")
ER3(SSL_ERROR_SOCKET_WRITE_FAILURE , (SSL_ERROR_BASE + 72),
"Attempt to write encrypted data to underlying socket failed.")
ER3(SSL_ERROR_MD5_DIGEST_FAILURE , (SSL_ERROR_BASE + 73),
"MD5 digest function failed.")
ER3(SSL_ERROR_SHA_DIGEST_FAILURE , (SSL_ERROR_BASE + 74),
"SHA-1 digest function failed.")
ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE , (SSL_ERROR_BASE + 75),
"MAC computation failed.")
ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE , (SSL_ERROR_BASE + 76),
"Failure to create Symmetric Key context.")
ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE , (SSL_ERROR_BASE + 77),
"Failure to unwrap the Symmetric key in Client Key Exchange message.")
ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED , (SSL_ERROR_BASE + 78),
"SSL Server attempted to use domestic-grade public key with export cipher suite.")
ER3(SSL_ERROR_IV_PARAM_FAILURE , (SSL_ERROR_BASE + 79),
"PKCS11 code failed to translate an IV into a param.")
ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE , (SSL_ERROR_BASE + 80),
"Failed to initialize the selected cipher suite.")
ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE , (SSL_ERROR_BASE + 81),
"Client failed to generate session keys for SSL session.")
ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG , (SSL_ERROR_BASE + 82),
"Server has no key for the attempted key exchange algorithm.")
ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL , (SSL_ERROR_BASE + 83),
"PKCS#11 token was inserted or removed while operation was in progress.")
ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND , (SSL_ERROR_BASE + 84),
"No PKCS#11 token could be found to do a required operation.")
ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP , (SSL_ERROR_BASE + 85),
"Cannot communicate securely with peer: no common compression algorithm(s).")
ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED , (SSL_ERROR_BASE + 86),
"Cannot initiate another SSL handshake until current handshake is complete.")
ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE , (SSL_ERROR_BASE + 87),
"Received incorrect handshakes hash values from peer.")
ER3(SSL_ERROR_CERT_KEA_MISMATCH , (SSL_ERROR_BASE + 88),
"The certificate provided cannot be used with the selected key exchange algorithm.")
ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA , (SSL_ERROR_BASE + 89),
"No certificate authority is trusted for SSL client authentication.")
ER3(SSL_ERROR_SESSION_NOT_FOUND , (SSL_ERROR_BASE + 90),
"Client's SSL session ID not found in server's session cache.")
ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT , (SSL_ERROR_BASE + 91),
"Peer was unable to decrypt an SSL record it received.")
ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT , (SSL_ERROR_BASE + 92),
"Peer received an SSL record that was longer than is permitted.")
ER3(SSL_ERROR_UNKNOWN_CA_ALERT , (SSL_ERROR_BASE + 93),
"Peer does not recognize and trust the CA that issued your certificate.")
ER3(SSL_ERROR_ACCESS_DENIED_ALERT , (SSL_ERROR_BASE + 94),
"Peer received a valid certificate, but access was denied.")
ER3(SSL_ERROR_DECODE_ERROR_ALERT , (SSL_ERROR_BASE + 95),
"Peer could not decode an SSL handshake message.")
ER3(SSL_ERROR_DECRYPT_ERROR_ALERT , (SSL_ERROR_BASE + 96),
"Peer reports failure of signature verification or key exchange.")
ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT , (SSL_ERROR_BASE + 97),
"Peer reports negotiation not in compliance with export regulations.")
ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT , (SSL_ERROR_BASE + 98),
"Peer reports incompatible or unsupported protocol version.")
ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT , (SSL_ERROR_BASE + 99),
"Server requires ciphers more secure than those supported by client.")
ER3(SSL_ERROR_INTERNAL_ERROR_ALERT , (SSL_ERROR_BASE + 100),
"Peer reports it experienced an internal error.")
ER3(SSL_ERROR_USER_CANCELED_ALERT , (SSL_ERROR_BASE + 101),
"Peer user canceled handshake.")
ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT , (SSL_ERROR_BASE + 102),
"Peer does not permit renegotiation of SSL security parameters.")

404
security/nss/cmd/lib/berparse.c Normal file
Просмотреть файл

@ -0,0 +1,404 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "secutil.h"
typedef enum {
tagDone, lengthDone, leafDone, compositeDone,
notDone,
parseError, parseComplete
} ParseState;
typedef unsigned char Byte;
typedef void (*ParseProc)(BERParse *h, unsigned char **buf, int *len);
typedef struct {
SECArb arb;
int pos; /* length from global start to item start */
SECArb *parent;
} ParseStackElem;
struct BERParseStr {
PRArenaPool *his;
PRArenaPool *mine;
ParseProc proc;
int stackDepth;
ParseStackElem *stackPtr;
ParseStackElem *stack;
int pending; /* bytes remaining to complete this part */
int pos; /* running length of consumed characters */
ParseState state;
PRBool keepLeaves;
PRBool derOnly;
BERFilterProc filter;
void *filterArg;
BERNotifyProc before;
void *beforeArg;
BERNotifyProc after;
void *afterArg;
};
#define UNKNOWN -1
static unsigned char NextChar(BERParse *h, unsigned char **buf, int *len)
{
unsigned char c = *(*buf)++;
(*len)--;
h->pos++;
if (h->filter)
(*h->filter)(h->filterArg, &c, 1);
return c;
}
static void ParseTag(BERParse *h, unsigned char **buf, int *len)
{
SECArb* arb = &(h->stackPtr->arb);
arb->tag = NextChar(h, buf, len);
PORT_Assert(h->state == notDone);
/*
* NOTE: This does not handle the high-tag-number form
*/
if ((arb->tag & DER_HIGH_TAG_NUMBER) == DER_HIGH_TAG_NUMBER) {
PORT_SetError(SEC_ERROR_BAD_DER);
h->state = parseError;
return;
}
h->pending = UNKNOWN;
arb->length = UNKNOWN;
if (arb->tag & DER_CONSTRUCTED) {
arb->body.cons.numSubs = 0;
arb->body.cons.subs = NULL;
} else {
arb->body.item.len = UNKNOWN;
arb->body.item.data = NULL;
}
h->state = tagDone;
}
static void ParseLength(BERParse *h, unsigned char **buf, int *len)
{
Byte b;
SECArb *arb = &(h->stackPtr->arb);
PORT_Assert(h->state == notDone);
if (h->pending == UNKNOWN) {
b = NextChar(h, buf, len);
if ((b & 0x80) == 0) { /* short form */
arb->length = b;
/*
* if the tag and the length are both zero bytes, then this
* should be the marker showing end of list for the
* indefinite length composite
*/
if (arb->length == 0 && arb->tag == 0)
h->state = compositeDone;
else
h->state = lengthDone;
return;
}
h->pending = b & 0x7f;
/* 0 implies this is an indefinite length */
if (h->pending > 4) {
PORT_SetError(SEC_ERROR_BAD_DER);
h->state = parseError;
return;
}
arb->length = 0;
}
while ((*len > 0) && (h->pending > 0)) {
b = NextChar(h, buf, len);
arb->length = (arb->length << 8) + b;
h->pending--;
}
if (h->pending == 0) {
if (h->derOnly && (arb->length == 0))
h->state = parseError;
else
h->state = lengthDone;
}
return;
}
static void ParseLeaf(BERParse *h, unsigned char **buf, int *len)
{
int count;
SECArb *arb = &(h->stackPtr->arb);
PORT_Assert(h->state == notDone);
PORT_Assert(h->pending >= 0);
if (*len < h->pending)
count = *len;
else
count = h->pending;
if (h->keepLeaves)
memcpy(arb->body.item.data + arb->body.item.len, *buf, count);
if (h->filter)
(*h->filter)(h->filterArg, *buf, count);
*buf += count;
*len -= count;
arb->body.item.len += count;
h->pending -= count;
h->pos += count;
if (h->pending == 0) {
h->state = leafDone;
}
return;
}
static void CreateArbNode(BERParse *h)
{
SECArb *arb = PORT_ArenaAlloc(h->his, sizeof(SECArb));
*arb = h->stackPtr->arb;
/*
* Special case closing the root
*/
if (h->stackPtr == h->stack) {
PORT_Assert(arb->tag & DER_CONSTRUCTED);
h->state = parseComplete;
} else {
SECArb *parent = h->stackPtr->parent;
parent->body.cons.subs = DS_ArenaGrow(
h->his, parent->body.cons.subs,
(parent->body.cons.numSubs) * sizeof(SECArb*),
(parent->body.cons.numSubs + 1) * sizeof(SECArb*));
parent->body.cons.subs[parent->body.cons.numSubs] = arb;
parent->body.cons.numSubs++;
h->proc = ParseTag;
h->state = notDone;
h->pending = UNKNOWN;
}
if (h->after)
(*h->after)(h->afterArg, arb, h->stackPtr - h->stack, PR_FALSE);
}
SECStatus BER_ParseSome(BERParse *h, unsigned char *buf, int len)
{
if (h->state == parseError) return PR_TRUE;
while (len) {
(*h->proc)(h, &buf, &len);
if (h->state == parseComplete) {
PORT_SetError(SEC_ERROR_BAD_DER);
h->state = parseError;
return PR_TRUE;
}
if (h->state == parseError) return PR_TRUE;
PORT_Assert(h->state != parseComplete);
if (h->state <= compositeDone) {
if (h->proc == ParseTag) {
PORT_Assert(h->state == tagDone);
h->proc = ParseLength;
h->state = notDone;
} else if (h->proc == ParseLength) {
SECArb *arb = &(h->stackPtr->arb);
PORT_Assert(h->state == lengthDone || h->state == compositeDone);
if (h->before)
(*h->before)(h->beforeArg, arb,
h->stackPtr - h->stack, PR_TRUE);
/*
* Check to see if this is the end of an indefinite
* length composite
*/
if (h->state == compositeDone) {
SECArb *parent = h->stackPtr->parent;
PORT_Assert(parent);
PORT_Assert(parent->tag & DER_CONSTRUCTED);
if (parent->length != 0) {
PORT_SetError(SEC_ERROR_BAD_DER);
h->state = parseError;
return PR_TRUE;
}
/*
* NOTE: This does not check for an indefinite length
* composite being contained inside a definite length
* composite. It is not clear that is legal.
*/
h->stackPtr--;
CreateArbNode(h);
} else {
h->stackPtr->pos = h->pos;
if (arb->tag & DER_CONSTRUCTED) {
SECArb *parent;
/*
* Make sure there is room on the stack before we
* stick anything else there.
*/
PORT_Assert(h->stackPtr - h->stack < h->stackDepth);
if (h->stackPtr - h->stack == h->stackDepth - 1) {
int newDepth = h->stackDepth * 2;
h->stack = DS_ArenaGrow(h->mine, h->stack,
sizeof(ParseStackElem) * h->stackDepth,
sizeof(ParseStackElem) * newDepth);
h->stackPtr = h->stack + h->stackDepth + 1;
h->stackDepth = newDepth;
}
parent = &(h->stackPtr->arb);
h->stackPtr++;
h->stackPtr->parent = parent;
h->proc = ParseTag;
h->state = notDone;
h->pending = UNKNOWN;
} else {
if (arb->length < 0) {
PORT_SetError(SEC_ERROR_BAD_DER);
h->state = parseError;
return PR_TRUE;
}
arb->body.item.len = 0;
if (arb->length > 0 && h->keepLeaves) {
arb->body.item.data =
PORT_ArenaAlloc(h->his, arb->length);
} else {
arb->body.item.data = NULL;
}
h->proc = ParseLeaf;
h->state = notDone;
h->pending = arb->length;
}
}
} else {
ParseStackElem *parent;
PORT_Assert(h->state = leafDone);
PORT_Assert(h->proc == ParseLeaf);
for (;;) {
CreateArbNode(h);
if (h->stackPtr == h->stack)
break;
parent = (h->stackPtr - 1);
PORT_Assert(parent->arb.tag & DER_CONSTRUCTED);
if (parent->arb.length == 0) /* need explicit end */
break;
if (parent->pos + parent->arb.length > h->pos)
break;
if (parent->pos + parent->arb.length < h->pos) {
PORT_SetError(SEC_ERROR_BAD_DER);
h->state = parseError;
return PR_TRUE;
}
h->stackPtr = parent;
}
}
}
}
return PR_FALSE;
}
BERParse *BER_ParseInit(PRArenaPool *arena, PRBool derOnly)
{
BERParse *h;
PRArenaPool *temp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (temp == NULL) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
return NULL;
}
h = PORT_ArenaAlloc(temp, sizeof(BERParse));
if (h == NULL) {
PORT_FreeArena(temp, PR_FALSE);
PORT_SetError(SEC_ERROR_NO_MEMORY);
return NULL;
}
h->his = arena;
h->mine = temp;
h->proc = ParseTag;
h->stackDepth = 20;
h->stack = PORT_ArenaZAlloc(h->mine,
sizeof(ParseStackElem) * h->stackDepth);
h->stackPtr = h->stack;
h->state = notDone;
h->pos = 0;
h->keepLeaves = PR_TRUE;
h->before = NULL;
h->after = NULL;
h->filter = NULL;
h->derOnly = derOnly;
return h;
}
SECArb *BER_ParseFini(BERParse *h)
{
PRArenaPool *myArena = h->mine;
SECArb *arb;
if (h->state != parseComplete) {
arb = NULL;
} else {
arb = PORT_ArenaAlloc(h->his, sizeof(SECArb));
*arb = h->stackPtr->arb;
}
PORT_FreeArena(myArena, PR_FALSE);
return arb;
}
void BER_SetFilter(BERParse *h, BERFilterProc proc, void *instance)
{
h->filter = proc;
h->filterArg = instance;
}
void BER_SetLeafStorage(BERParse *h, PRBool keep)
{
h->keepLeaves = keep;
}
void BER_SetNotifyProc(BERParse *h, BERNotifyProc proc, void *instance,
PRBool beforeData)
{
if (beforeData) {
h->before = proc;
h->beforeArg = instance;
} else {
h->after = proc;
h->afterArg = instance;
}
}

44
security/nss/cmd/lib/config.mk Normal file
Просмотреть файл

@ -0,0 +1,44 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#
# Override TARGETS variable so that only static libraries
# are specifed as dependencies within rules.mk.
#
TARGETS = $(LIBRARY)
SHARED_LIBRARY =
IMPORT_LIBRARY =
PURE_LIBRARY =
PROGRAM =

619
security/nss/cmd/lib/derprint.c Normal file
Просмотреть файл

@ -0,0 +1,619 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "secutil.h"
#include "secoid.h"
#ifdef __sun
extern int fprintf(FILE *strm, const char *format, .../* args */);
extern int fflush(FILE *stream);
#endif
#define RIGHT_MARGIN 24
/*#define RAW_BYTES 1 */
static int prettyColumn = 0;
static int
getInteger256(unsigned char *data, unsigned int nb)
{
int val;
switch (nb) {
case 1:
val = data[0];
break;
case 2:
val = (data[0] << 8) | data[1];
break;
case 3:
val = (data[0] << 16) | (data[1] << 8) | data[2];
break;
case 4:
val = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3];
break;
default:
PORT_SetError(SEC_ERROR_BAD_DER);
return -1;
}
return val;
}
static int
prettyNewline(FILE *out)
{
int rv;
if (prettyColumn != -1) {
rv = fprintf(out, "\n");
prettyColumn = -1;
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
return rv;
}
}
return 0;
}
static int
prettyIndent(FILE *out, unsigned level)
{
unsigned int i;
int rv;
if (prettyColumn == -1) {
prettyColumn = level;
for (i = 0; i < level; i++) {
rv = fprintf(out, " ");
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
return rv;
}
}
}
return 0;
}
static int
prettyPrintByte(FILE *out, unsigned char item, unsigned int level)
{
int rv;
rv = prettyIndent(out, level);
if (rv < 0)
return rv;
rv = fprintf(out, "%02x ", item);
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
return rv;
}
prettyColumn++;
if (prettyColumn >= RIGHT_MARGIN) {
return prettyNewline(out);
}
return 0;
}
static int
prettyPrintLeaf(FILE *out, unsigned char *data,
unsigned int len, unsigned int lv)
{
unsigned int i;
int rv;
for (i = 0; i < len; i++) {
rv = prettyPrintByte(out, *data++, lv);
if (rv < 0)
return rv;
}
return prettyNewline(out);
}
static int
prettyPrintStringStart(FILE *out, unsigned char *str,
unsigned int len, unsigned int level)
{
#define BUF_SIZE 100
unsigned char buf[BUF_SIZE];
int rv;
if (len >= BUF_SIZE)
len = BUF_SIZE - 1;
rv = prettyNewline(out);
if (rv < 0)
return rv;
rv = prettyIndent(out, level);
if (rv < 0)
return rv;
memcpy(buf, str, len);
buf[len] = '\000';
rv = fprintf(out, "\"%s\"", buf);
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
return rv;
}
return 0;
#undef BUF_SIZE
}
static int
prettyPrintString(FILE *out, unsigned char *str,
unsigned int len, unsigned int level, PRBool raw)
{
int rv;
rv = prettyPrintStringStart(out, str, len, level);
if (rv < 0)
return rv;
rv = prettyNewline(out);
if (rv < 0)
return rv;
if (raw) {
rv = prettyPrintLeaf(out, str, len, level);
if (rv < 0)
return rv;
}
return 0;
}
static int
prettyPrintTime(FILE *out, unsigned char *str,
unsigned int len, unsigned int level, PRBool raw, PRBool utc)
{
SECItem time_item;
int rv;
rv = prettyPrintStringStart(out, str, len, level);
if (rv < 0)
return rv;
time_item.data = str;
time_item.len = len;
rv = fprintf(out, " (");
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
return rv;
}
if (utc)
SECU_PrintUTCTime(out, &time_item, NULL, 0);
else
SECU_PrintGeneralizedTime(out, &time_item, NULL, 0);
rv = fprintf(out, ")");
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
return rv;
}
rv = prettyNewline(out);
if (rv < 0)
return rv;
if (raw) {
rv = prettyPrintLeaf(out, str, len, level);
if (rv < 0)
return rv;
}
return 0;
}
static int
prettyPrintObjectID(FILE *out, unsigned char *data,
unsigned int len, unsigned int level, PRBool raw)
{
SECOidData *oiddata;
SECItem oiditem;
unsigned int i;
unsigned long val;
int rv;
/*
* First print the Object Id in numeric format
*/
rv = prettyIndent(out, level);
if (rv < 0)
return rv;
val = data[0];
i = val % 40;
val = val / 40;
rv = fprintf(out, "%lu %u ", val, i);
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
return rv;
}
val = 0;
for (i = 1; i < len; ++i) {
unsigned long j;
j = data[i];
val = (val << 7) | (j & 0x7f);
if (j & 0x80)
continue;
rv = fprintf(out, "%lu ", val);
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
return rv;
}
val = 0;
}
/*
* Now try to look it up and print a symbolic version.
*/
oiditem.data = data;
oiditem.len = len;
oiddata = SECOID_FindOID(&oiditem);
if (oiddata != NULL) {
i = PORT_Strlen(oiddata->desc);
if ((prettyColumn + 1 + (i / 3)) > RIGHT_MARGIN) {
rv = prettyNewline(out);
if (rv < 0)
return rv;
}
rv = prettyIndent(out, level);
if (rv < 0)
return rv;
rv = fprintf(out, "(%s)", oiddata->desc);
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
return rv;
}
}
/*
* Finally, on a new line, print the raw bytes (if requested).
*/
if (raw) {
rv = prettyNewline(out);
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
return rv;
}
for (i = 0; i < len; i++) {
rv = prettyPrintByte(out, *data++, level);
if (rv < 0)
return rv;
}
}
return prettyNewline(out);
}
static char *prettyTagType [32] = {
"End of Contents",
"Boolean",
"Integer",
"Bit String",
"Octet String",
"NULL",
"Object Identifier",
"0x07",
"0x08",
"0x09",
"Enumerated",
"0x0B",
"UTF8 String",
"0x0D",
"0x0E",
"0x0F",
"Sequence",
"Set",
"0x12",
"Printable String",
"T61 String",
"0x15",
"IA5 String",
"UTC Time",
"Generalized Time",
"0x19",
"Visible String",
"0x1B",
"Universal String",
"0x1D",
"BMP String",
"High-Tag-Number"
};
static int
prettyPrintTag(FILE *out, unsigned char *src, unsigned char *end,
unsigned char *codep, unsigned int level, PRBool raw)
{
int rv;
unsigned char code, tagnum;
if (src >= end) {
PORT_SetError(SEC_ERROR_BAD_DER);
return -1;
}
code = *src;
tagnum = code & SEC_ASN1_TAGNUM_MASK;
/*
* NOTE: This code does not (yet) handle the high-tag-number form!
*/
if (tagnum == SEC_ASN1_HIGH_TAG_NUMBER) {
PORT_SetError(SEC_ERROR_BAD_DER);
return -1;
}
if (raw)
rv = prettyPrintByte(out, code, level);
else
rv = prettyIndent(out, level);
if (rv < 0)
return rv;
if (code & SEC_ASN1_CONSTRUCTED) {
rv = fprintf(out, "C-");
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
return rv;
}
}
switch (code & SEC_ASN1_CLASS_MASK) {
case SEC_ASN1_UNIVERSAL:
rv = fprintf(out, "%s ", prettyTagType[tagnum]);
break;
case SEC_ASN1_APPLICATION:
rv = fprintf(out, "Application: %d ", tagnum);
break;
case SEC_ASN1_CONTEXT_SPECIFIC:
rv = fprintf(out, "[%d] ", tagnum);
break;
case SEC_ASN1_PRIVATE:
rv = fprintf(out, "Private: %d ", tagnum);
break;
}
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
return rv;
}
*codep = code;
return 1;
}
static int
prettyPrintLength(FILE *out, unsigned char *data, unsigned char *end,
int *lenp, PRBool *indefinitep, unsigned int lv, PRBool raw)
{
unsigned char lbyte;
int lenLen;
int rv;
if (data >= end) {
PORT_SetError(SEC_ERROR_BAD_DER);
return -1;
}
rv = fprintf(out, " ");
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
return rv;
}
*indefinitep = PR_FALSE;
lbyte = *data++;
if (lbyte >= 0x80) {
/* Multibyte length */
unsigned nb = (unsigned) (lbyte & 0x7f);
if (nb > 4) {
PORT_SetError(SEC_ERROR_BAD_DER);
return -1;
}
if (nb > 0) {
int il;
if ((data + nb) > end) {
PORT_SetError(SEC_ERROR_BAD_DER);
return -1;
}
il = getInteger256(data, nb);
if (il < 0) return -1;
*lenp = (unsigned) il;
} else {
*lenp = 0;
*indefinitep = PR_TRUE;
}
lenLen = nb + 1;
if (raw) {
int i;
rv = prettyPrintByte(out, lbyte, lv);
if (rv < 0)
return rv;
for (i = 0; i < nb; i++) {
rv = prettyPrintByte(out, data[i], lv);
if (rv < 0)
return rv;
}
}
} else {
*lenp = lbyte;
lenLen = 1;
if (raw) {
rv = prettyPrintByte(out, lbyte, lv);
if (rv < 0)
return rv;
}
}
if (*indefinitep)
rv = fprintf(out, "(indefinite)\n");
else
rv = fprintf(out, "(%d)\n", *lenp);
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
return rv;
}
prettyColumn = -1;
return lenLen;
}
static int
prettyPrintItem(FILE *out, unsigned char *data, unsigned char *end,
unsigned int lv, PRBool raw)
{
int slen;
int lenLen;
unsigned char *orig = data;
int rv;
while (data < end) {
unsigned char code;
PRBool indefinite;
slen = prettyPrintTag(out, data, end, &code, lv, raw);
if (slen < 0)
return slen;
data += slen;
lenLen = prettyPrintLength(out, data, end, &slen, &indefinite, lv, raw);
if (lenLen < 0)
return lenLen;
data += lenLen;
/*
* Just quit now if slen more bytes puts us off the end.
*/
if ((data + slen) > end) {
PORT_SetError(SEC_ERROR_BAD_DER);
return -1;
}
if (code & SEC_ASN1_CONSTRUCTED) {
if (slen > 0 || indefinite) {
slen = prettyPrintItem(out, data,
slen == 0 ? end : data + slen,
lv+1, raw);
if (slen < 0)
return slen;
data += slen;
}
} else if (code == 0) {
if (slen != 0 || lenLen != 1) {
PORT_SetError(SEC_ERROR_BAD_DER);
return -1;
}
break;
} else {
switch (code) {
case SEC_ASN1_PRINTABLE_STRING:
case SEC_ASN1_IA5_STRING:
case SEC_ASN1_VISIBLE_STRING:
rv = prettyPrintString(out, data, slen, lv+1, raw);
if (rv < 0)
return rv;
break;
case SEC_ASN1_UTC_TIME:
rv = prettyPrintTime(out, data, slen, lv+1, raw, PR_TRUE);
if (rv < 0)
return rv;
break;
case SEC_ASN1_GENERALIZED_TIME:
rv = prettyPrintTime(out, data, slen, lv+1, raw, PR_FALSE);
if (rv < 0)
return rv;
break;
case SEC_ASN1_OBJECT_ID:
rv = prettyPrintObjectID(out, data, slen, lv+1, raw);
if (rv < 0)
return rv;
break;
case SEC_ASN1_BOOLEAN: /* could do nicer job */
case SEC_ASN1_INTEGER: /* could do nicer job */
case SEC_ASN1_BIT_STRING: /* could do nicer job */
case SEC_ASN1_OCTET_STRING:
case SEC_ASN1_NULL:
case SEC_ASN1_ENUMERATED: /* could do nicer job, as INTEGER */
case SEC_ASN1_UTF8_STRING:
case SEC_ASN1_T61_STRING: /* print as printable string? */
case SEC_ASN1_UNIVERSAL_STRING:
case SEC_ASN1_BMP_STRING:
default:
rv = prettyPrintLeaf(out, data, slen, lv+1);
if (rv < 0)
return rv;
break;
}
data += slen;
}
}
rv = prettyNewline(out);
if (rv < 0)
return rv;
return data - orig;
}
SECStatus
DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw)
{
int rv;
prettyColumn = -1;
rv = prettyPrintItem(out, it->data, it->data + it->len, 0, raw);
if (rv < 0)
return SECFailure;
return SECSuccess;
}

0
security/nss/cmd/lib/dongle.c Normal file
Просмотреть файл

0
security/nss/cmd/lib/fe_util.c Normal file
Просмотреть файл

48
security/nss/cmd/lib/ffs.c Normal file
Просмотреть файл

@ -0,0 +1,48 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#ifdef XP_PC
int ffs( unsigned int i)
{
int rv = 1;
if (!i) return 0;
while (!(i & 1)) {
i >>= 1;
++rv;
}
return rv;
}
#endif

0
security/nss/cmd/lib/filestub.c Normal file
Просмотреть файл

66
security/nss/cmd/lib/makefile.win Normal file
Просмотреть файл

@ -0,0 +1,66 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
include <manifest.mn>
include <$(DEPTH)\config\config.mak>
# include files are aought in LINCS and INCS.
# LINCS are generated from REQUIRES in manigest.mn
INCS = $(INCS) \
-I..\include \
-I..\..\lib\cert \
$(NULL)
IGNORE_ME = \
-I$(DEPTH)\dist\public\security \
-I$(DEPTH)\dist\public\nspr \
-I$(DEPTH)\cmd\winfe \
$(NULL)
LCFLAGS = -DUSE_SSL -DEXPORT_VERSION
PDBFILE = $(LIBNAME).pdb
# work around a bug in rules.mak
LIBRARY_SUFFIX = $(MOZ_BITS)
include <$(DEPTH)\config\rules.mak>
install:: $(LIBRARY)
# $(MAKE_INSTALL) $(LIBRARY) $(DIST)\lib
symbols::
@echo "LIBRARY_NAME is $(LIBRARY_NAME)"
@echo "LIBRARY is $(LIBRARY)"

67
security/nss/cmd/lib/manifest.mn Normal file
Просмотреть файл

@ -0,0 +1,67 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
CORE_DEPTH = ../../..
LIBRARY_NAME = sectool
# MODULE public and private header directories are implicitly REQUIRED.
MODULE = seccmd
DEFINES = -DNSPR20
EXPORTS = secutil.h \
$(NULL)
CSRCS = secutil.c \
secpwd.c \
derprint.c \
secerror.c \
ffs.c \
$(NULL)
OLD_CSRCS = dongle.c \
derprint.c \
err.c \
fe_util.c \
ffs.c \
filestub.c \
secarb.c \
secpwd.c \
secutil.c \
sslstubs.c \
strerror.c \
stubs.c \
$(NULL)
REQUIRES = security nspr dbm

0
security/nss/cmd/lib/secarb.c Normal file
Просмотреть файл

107
security/nss/cmd/lib/secerror.c Normal file
Просмотреть файл

@ -0,0 +1,107 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "nspr.h"
struct tuple_str {
PRErrorCode errNum;
const char * errString;
};
typedef struct tuple_str tuple_str;
#define ER2(a,b) {a, b},
#define ER3(a,b,c) {a, c},
#include "secerr.h"
#include "sslerr.h"
const tuple_str errStrings[] = {
/* keep this list in asceding order of error numbers */
#include "SSLerrs.h"
#include "SECerrs.h"
#include "NSPRerrs.h"
};
const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str);
/* Returns a UTF-8 encoded constant error string for "errNum".
* Returns NULL of errNum is unknown.
*/
const char *
SECU_Strerror(PRErrorCode errNum) {
PRInt32 low = 0;
PRInt32 high = numStrings - 1;
PRInt32 i;
PRErrorCode num;
static int initDone;
/* make sure table is in ascending order.
* binary search depends on it.
*/
if (!initDone) {
PRErrorCode lastNum = 0x80000000;
for (i = low; i <= high; ++i) {
num = errStrings[i].errNum;
if (num <= lastNum) {
fprintf(stderr,
"sequence error in error strings at item %d\n"
"error %d (%s)\n"
"should come after \n"
"error %d (%s)\n",
i, lastNum, errStrings[i-1].errString,
num, errStrings[i].errString);
}
lastNum = num;
}
initDone = 1;
}
/* Do binary search of table. */
while (low + 1 < high) {
i = (low + high) / 2;
num = errStrings[i].errNum;
if (errNum == num)
return errStrings[i].errString;
if (errNum < num)
high = i;
else
low = i;
}
if (errNum == errStrings[low].errNum)
return errStrings[low].errString;
if (errNum == errStrings[high].errNum)
return errStrings[high].errString;
return NULL;
}

177
security/nss/cmd/lib/secpwd.c Normal file
Просмотреть файл

@ -0,0 +1,177 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "secutil.h"
/*
* NOTE: The contents of this file are NOT used by the client.
* (They are part of the security library as a whole, but they are
* NOT USED BY THE CLIENT.) Do not change things on behalf of the
* client (like localizing strings), or add things that are only
* for the client (put them elsewhere).
*/
#ifdef XP_UNIX
#include <termios.h>
#endif
#ifdef _WINDOWS
#include <conio.h>
#define QUIET_FGETS quiet_fgets
static int quiet_fgets (char *buf, int length, FILE *input);
#else
#define QUIET_FGETS fgets
#endif
static void echoOff(int fd)
{
#ifdef XP_UNIX
if (isatty(fd)) {
struct termios tio;
tcgetattr(fd, &tio);
tio.c_lflag &= ~ECHO;
tcsetattr(fd, TCSAFLUSH, &tio);
}
#endif
}
static void echoOn(int fd)
{
#ifdef XP_UNIX
if (isatty(fd)) {
struct termios tio;
tcgetattr(fd, &tio);
tio.c_lflag |= ECHO;
tcsetattr(fd, TCSAFLUSH, &tio);
}
#endif
}
char *SEC_GetPassword(FILE *input, FILE *output, char *prompt,
PRBool (*ok)(char *))
{
char phrase[200];
int infd = fileno(input);
int isTTY = isatty(infd);
for (;;) {
/* Prompt for password */
if (isTTY) {
fprintf(output, "%s", prompt);
fflush (output);
echoOff(infd);
}
QUIET_FGETS ( phrase, sizeof(phrase), input);
if (isTTY) {
fprintf(output, "\n");
echoOn(infd);
}
/* stomp on newline */
phrase[PORT_Strlen(phrase)-1] = 0;
/* Validate password */
if (!(*ok)(phrase)) {
/* Not weird enough */
if (!isTTY) return 0;
fprintf(output, "Password must be at least 8 characters long with one or more\n");
fprintf(output, "non-alphabetic characters\n");
continue;
}
return (char*) PORT_Strdup(phrase);
}
}
PRBool SEC_CheckPassword(char *cp)
{
int len;
char *end;
len = PORT_Strlen(cp);
if (len < 8) {
return PR_FALSE;
}
end = cp + len;
while (cp < end) {
unsigned char ch = *cp++;
if (!((ch >= 'A') && (ch <= 'Z')) &&
!((ch >= 'a') && (ch <= 'z'))) {
/* pass phrase has at least one non alphabetic in it */
return PR_TRUE;
}
}
return PR_FALSE;
}
PRBool SEC_BlindCheckPassword(char *cp)
{
if (cp != NULL) {
return PR_TRUE;
}
return PR_FALSE;
}
/* Get a password from the input terminal, without echoing */
#ifdef _WINDOWS
static int quiet_fgets (char *buf, int length, FILE *input)
{
int c;
char *end = buf;
/* fflush (input); */
memset (buf, 0, length);
while (1)
{
c = getch();
if (c == '\b')
{
if (end > buf)
end--;
}
else if (--length > 0)
*end++ = c;
if (!c || c == '\n' || c == '\r')
break;
}
return 0;
}
#endif

3082
security/nss/cmd/lib/secutil.c Normal file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

343
security/nss/cmd/lib/secutil.h Normal file
Просмотреть файл

@ -0,0 +1,343 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#ifndef _SEC_UTIL_H_
#define _SEC_UTIL_H_
#include "seccomon.h"
#include "secitem.h"
#include "prerror.h"
#include "base64.h"
#include "key.h"
#include "secpkcs7.h"
#include "secasn1.h"
#include "secder.h"
#include <stdio.h>
#define SEC_CT_PRIVATE_KEY "private-key"
#define SEC_CT_PUBLIC_KEY "public-key"
#define SEC_CT_CERTIFICATE "certificate"
#define SEC_CT_CERTIFICATE_REQUEST "certificate-request"
#define SEC_CT_PKCS7 "pkcs7"
#define SEC_CT_CRL "crl"
#define NS_CERTREQ_HEADER "-----BEGIN NEW CERTIFICATE REQUEST-----"
#define NS_CERTREQ_TRAILER "-----END NEW CERTIFICATE REQUEST-----"
#define NS_CERT_HEADER "-----BEGIN CERTIFICATE-----"
#define NS_CERT_TRAILER "-----END CERTIFICATE-----"
/* From libsec/pcertdb.c --- it's not declared in sec.h */
extern SECStatus SEC_AddPermCertificate(CERTCertDBHandle *handle,
SECItem *derCert, char *nickname, CERTCertTrust *trust);
#ifdef SECUTIL_NEW
typedef int (*SECU_PPFunc)(PRFileDesc *out, SECItem *item,
char *msg, int level);
#else
typedef int (*SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level);
#endif
typedef struct {
enum {
PW_NONE,
PW_FROMFILE,
PW_PLAINTEXT
} source;
char *data;
} secuPWData;
/*
** Change a password on a token, or initialize a token with a password
** if it does not already have one.
** Use passwd to send the password in plaintext, pwFile to specify a
** file containing the password, or NULL for both to prompt the user.
*/
SECStatus SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile);
/* These were stolen from the old sec.h... */
/*
** Check a password for legitimacy. Passwords must be at least 8
** characters long and contain one non-alphabetic. Return DSTrue if the
** password is ok, DSFalse otherwise.
*/
extern PRBool SEC_CheckPassword(char *password);
/*
** Blind check of a password. Complement to SEC_CheckPassword which
** ignores length and content type, just retuning DSTrue is the password
** exists, DSFalse if NULL
*/
extern PRBool SEC_BlindCheckPassword(char *password);
/*
** Get a password.
** First prompt with "msg" on "out", then read the password from "in".
** The password is then checked using "chkpw".
*/
extern char *SEC_GetPassword(FILE *in, FILE *out, char *msg,
PRBool (*chkpw)(char *));
char *SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg);
char *SECU_GetPasswordString(void *arg, char *prompt);
/*
** Write a dongle password.
** Uses MD5 to hash constant system data (hostname, etc.), and then
** creates RC4 key to encrypt a password "pw" into a file "fd".
*/
extern SECStatus SEC_WriteDongleFile(int fd, char *pw);
/*
** Get a dongle password.
** Uses MD5 to hash constant system data (hostname, etc.), and then
** creates RC4 key to decrypt and return a password from file "fd".
*/
extern char *SEC_ReadDongleFile(int fd);
/* End stolen headers */
/* Get the Key ID (modulus) from the cert with the given nickname. */
extern SECItem * SECU_GetKeyIDFromNickname(char *name);
/* Change the key db password in the database */
extern SECStatus SECU_ChangeKeyDBPassword(SECKEYKeyDBHandle *kdbh);
/* Check if a key name exists. Return PR_TRUE if true, PR_FALSE if not */
extern PRBool SECU_CheckKeyNameExists(SECKEYKeyDBHandle *handle, char *nickname);
/* Find a key by a nickname. Calls SECKEY_FindKeyByName */
extern SECKEYLowPrivateKey *SECU_GetPrivateKey(SECKEYKeyDBHandle *kdbh, char *nickname);
/* Get key encrypted with dongle file in "pathname" */
extern SECKEYLowPrivateKey *SECU_GetPrivateDongleKey(SECKEYKeyDBHandle *handle,
char *nickname, char *pathname);
extern SECItem *SECU_GetPassword(void *arg, SECKEYKeyDBHandle *handle);
/* Just sticks the two strings together with a / if needed */
char *SECU_AppendFilenameToDir(char *dir, char *filename);
/* Returns result of getenv("SSL_DIR") or NULL */
extern char *SECU_DefaultSSLDir(void);
/*
** Should be called once during initialization to set the default
** directory for looking for cert.db, key.db, and cert-nameidx.db files
** Removes trailing '/' in 'base'
** If 'base' is NULL, defaults to set to .netscape in home directory.
*/
extern char *SECU_ConfigDirectory(const char* base);
extern char *SECU_CertDBNameCallback(void *arg, int dbVersion);
extern char *SECU_KeyDBNameCallback(void *arg, int dbVersion);
extern SECKEYPrivateKey *SECU_FindPrivateKeyFromNickname(char *name);
extern SECKEYLowPrivateKey *SECU_FindLowPrivateKeyFromNickname(char *name);
extern SECStatus SECU_DeleteKeyByName(SECKEYKeyDBHandle *handle, char *nickname);
extern SECKEYKeyDBHandle *SECU_OpenKeyDB(PRBool readOnly);
extern CERTCertDBHandle *SECU_OpenCertDB(PRBool readOnly);
/*
** Basic callback function for SSL_GetClientAuthDataHook
*/
extern int
SECU_GetClientAuthData(void *arg, PRFileDesc *fd,
struct CERTDistNamesStr *caNames,
struct CERTCertificateStr **pRetCert,
struct SECKEYPrivateKeyStr **pRetKey);
/* print out an error message */
extern void SECU_PrintError(char *progName, char *msg, ...);
/* print out a system error message */
extern void SECU_PrintSystemError(char *progName, char *msg, ...);
/* Return informative error string */
extern const char * SECU_Strerror(PRErrorCode errNum);
/* Read the contents of a file into a SECItem */
extern SECStatus SECU_FileToItem(SECItem *dst, PRFileDesc *src);
/* Read in a DER from a file, may be ascii */
extern SECStatus
SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii);
/* Indent based on "level" */
extern void SECU_Indent(FILE *out, int level);
/* Print integer value and hex */
extern void SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level);
/* Print ObjectIdentifier symbolically */
extern void SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level);
/* Print AlgorithmIdentifier symbolically */
extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m,
int level);
/* Print SECItem as hex */
extern void SECU_PrintAsHex(FILE *out, SECItem *i, char *m, int level);
/*
* Format and print the UTC Time "t". If the tag message "m" is not NULL,
* do indent formatting based on "level" and add a newline afterward;
* otherwise just print the formatted time string only.
*/
extern void SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level);
/*
* Format and print the Generalized Time "t". If the tag message "m"
* is not NULL, * do indent formatting based on "level" and add a newline
* afterward; otherwise just print the formatted time string only.
*/
extern void SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m,
int level);
/* Dump all key nicknames */
extern int SECU_PrintKeyNames(SECKEYKeyDBHandle *handle, FILE *out);
/* Dump all certificate nicknames in a database */
extern int SECU_PrintCertificateNames(CERTCertDBHandle *handle, FILE *out);
#if 0
SECU_PrintCertificateNames_(PRFileDesc* out, PRBool sortByName,
PRBool sortByTrust);
#endif
/* See if nickname already in database. Return 1 true, 0 false, -1 error */
int SECU_CheckCertNameExists(CERTCertDBHandle *handle, char *nickname);
/* Dump contents of cert req */
extern int SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m,
int level);
/* Dump contents of certificate */
extern int SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level);
/* print trust flags on a cert */
extern void SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m, int level);
/* Dump contents of public key */
extern int SECU_PrintPublicKey(FILE *out, SECItem *der, char *m, int level);
/* Dump contents of private key */
extern int SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level);
/* Pretty-print any PKCS7 thing */
extern int SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m,
int level);
/* Init PKCS11 stuff */
extern SECStatus SECU_PKCS11Init(PRBool readOnly);
/* Dump contents of signed data */
extern int SECU_PrintSignedData(FILE *out, SECItem *der, char *m, int level,
SECU_PPFunc inner);
extern int SECU_PrintCrl(FILE *out, SECItem *der, char *m, int level);
extern void
SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level);
extern void SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
char *msg, int level);
extern void SECU_PrintName(FILE *out, CERTName *name, char *msg, int level);
/* Convert a High public Key to a Low public Key */
extern SECKEYLowPublicKey *SECU_ConvHighToLow(SECKEYPublicKey *pubHighKey);
extern SECItem *SECU_GetPBEPassword(void *arg);
extern char *SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg);
extern SECStatus DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw);
extern void SEC_Init(void);
extern char *SECU_SECModDBName(void);
/*
*
* Utilities for parsing security tools command lines
*
*/
/* A single command flag */
typedef struct {
char flag;
PRBool needsArg;
char *arg;
PRBool activated;
} secuCommandFlag;
/* A full array of command/option flags */
typedef struct
{
int numCommands;
int numOptions;
secuCommandFlag *commands;
secuCommandFlag *options;
} secuCommand;
/* fill the "arg" and "activated" fields for each flag */
SECStatus
SECU_ParseCommandLine(int argc, char **argv, char *progName, secuCommand *cmd);
char *
SECU_GetOptionArg(secuCommand *cmd, int optionNum);
/*
*
* Error messaging
*
*/
/* Return informative error string */
char *SECU_ErrorString(int16 err);
/* Return informative error string. Does not call XP_GetString */
char *SECU_ErrorStringRaw(int16 err);
#ifndef XP_UNIX
extern int ffs(unsigned int i);
#endif
#include "secerr.h"
#include "sslerr.h"
#endif /* _SEC_UTIL_H_ */

0
security/nss/cmd/lib/sslstubs.c Normal file
Просмотреть файл

0
security/nss/cmd/lib/strerror.c Normal file
Просмотреть файл

0
security/nss/cmd/lib/stubs.c Normal file
Просмотреть файл

84
security/nss/cmd/makefile.inc Normal file
Просмотреть файл

@ -0,0 +1,84 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
INCLUDES += \
-I$(DEPTH)/security/lib/cert \
-I$(DEPTH)/security/lib/key \
-I$(DEPTH)/security/lib/util \
-I../include \
$(NULL)
# For the time being, sec stuff is export only
# US_FLAGS = -DEXPORT_VERSION -DUS_VERSION
US_FLAGS = -DEXPORT_VERSION
EXPORT_FLAGS = -DEXPORT_VERSION
BASE_LIBS = \
$(DIST)/lib/libdbm.a \
$(DIST)/lib/libxp.a \
$(DIST)/lib/libnspr21.a \
$(NULL)
#There is a circular dependancy in security/lib, and here is a gross fix
SEC_LIBS = \
$(DIST)/lib/libsecnav.a \
$(DIST)/lib/libssl.a \
$(DIST)/lib/libpkcs7.a \
$(DIST)/lib/libcert.a \
$(DIST)/lib/libkey.a \
$(DIST)/lib/libsecmod.a \
$(DIST)/lib/libcrypto.a \
$(DIST)/lib/libsecutil.a \
$(DIST)/lib/libssl.a \
$(DIST)/lib/libpkcs7.a \
$(DIST)/lib/libcert.a \
$(DIST)/lib/libkey.a \
$(DIST)/lib/libsecmod.a \
$(DIST)/lib/libcrypto.a \
$(DIST)/lib/libsecutil.a \
$(DIST)/lib/libhash.a \
$(NULL)
MYLIBDIR= ../lib/$(OBJDIR)
MYLIB = $(MYLIBDIR)/libsectool.a
US_LIBS = $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS)
EX_LIBS = $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS)
# this hack is necessary because rules.mk doesn't put anything like $(LIBS)
# on the link command line (!?!?!?!)
LDFLAGS += $(EX_LIBS)

48
security/nss/cmd/makefile.win Normal file
Просмотреть файл

@ -0,0 +1,48 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
VERBOSE = 1
include <manifest.mn>
include <$(DEPTH)\config\config.mak>
include <$(DEPTH)\config\rules.mak>
objs: $(OBJS)
programs: $(PROGRAM)
syms:
@echo "OBJS is $(OBJS)"
@echo "INCS is $(INCS)"

77
security/nss/cmd/makepqg/Makefile Normal file
Просмотреть файл

@ -0,0 +1,77 @@
#! gmake
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platlibs.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
include $(CORE_DEPTH)/security/cmd/platrules.mk

156
security/nss/cmd/makepqg/makefile.win Normal file
Просмотреть файл

@ -0,0 +1,156 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
VERBOSE = 1
include <manifest.mn>
PROGRAM = makepqg
PROGRAM = $(OBJDIR)\$(PROGRAM).exe
include <$(DEPTH)\config\config.mak>
# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/
# rules.mak will append C_OBJS onto OBJS.
# OBJS = $(CSRCS:.c=.obj)
# include files are looked for in $LINCS and $INCS.
# $LINCS is in manifest.mnw, computed from REQUIRES=
INCS = $(INCS) \
-I$(DEPTH)/security/lib/cert \
-I$(DEPTH)/security/lib/crypto \
-I../include \
$(NULL)
IGNORE_ME = \
-I$(DEPTH)/security/lib/key \
-I$(DEPTH)/security/lib/util \
WINFE = $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg
# these files are the content of libdbm
DBM_LIB = \
$(WINFE)/DB.obj \
$(WINFE)/HASH.obj \
$(WINFE)/H_BIGKEY.obj \
$(WINFE)/H_PAGE.obj \
$(WINFE)/H_LOG2.obj \
$(WINFE)/H_FUNC.obj \
$(WINFE)/HASH_BUF.obj \
$(NULL)
MOZ_LIBS = \
$(WINFE)/ALLXPSTR.obj \
$(WINFE)/XP_ERROR.obj \
$(WINFE)/XPASSERT.obj \
$(WINFE)/XP_REG.obj \
$(WINFE)/XP_TRACE.obj \
$(DBM_LIB) \
$(WINFE)/XP_STR.obj \
$(WINFE)/MKTEMP.obj \
$(NULL)
SEC_LIBS = \
$(DIST)/lib/cert$(MOZ_BITS).lib \
$(DIST)/lib/crypto$(MOZ_BITS).lib \
$(DIST)/lib/hash$(MOZ_BITS).lib \
$(DIST)/lib/key$(MOZ_BITS).lib \
$(DIST)/lib/pkcs7$(MOZ_BITS).lib \
$(DIST)/lib/secmod$(MOZ_BITS).lib \
$(DIST)/lib/secutl$(MOZ_BITS).lib \
$(DIST)/lib/ssl$(MOZ_BITS).lib \
$(NULL)
LLFLAGS = $(LLFLAGS) \
../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \
$(SEC_LIBS) \
$(MOZ_LIBS) \
$(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \
$(LIBNSPR) \
$(NULL)
# awt3240.lib # brpref32.lib # cert32.lib
# crypto32.lib # dllcom.lib # editor32.lib
# edpref32.lib # edtplug.lib # font.lib
# hash32.lib # htmldg32.lib # img32.lib
# javart32.lib # jbn3240.lib # jdb3240.lib
# jmc.lib # jpeg3240.lib # jpw3240.lib
# jrt3240.lib # js3240.lib # jsd3240.lib
# key32.lib # libapplet32.lib # libnjs32.lib
# libnsc32.lib # libreg32.lib # mm3240.lib
# mnpref32.lib # netcst32.lib # nsdlg32.lib
# nsldap32.lib # nsldaps32.lib # nsn32.lib
# pkcs1232.lib # pkcs732.lib # pr3240.lib
# prefui32.lib # prefuuid.lib # secmod32.lib
# secnav32.lib # secutl32.lib # softup32.lib
# sp3240.lib # ssl32.lib # uni3200.lib
# unicvt32.lib # win32md.lib # winfont.lib
# xppref32.lib # zlib32.lib
include <$(DEPTH)\config\rules.mak>
INSTALL = $(MAKE_INSTALL)
objs: $(OBJS)
$(PROGRAM)::
$(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR)
programs: $(PROGRAM)
install:: $(TARGETS)
$(INSTALL) $(TARGETS) $(DIST)/bin
# ALLXPSTR.obj XP_ALLOC.obj XP_HASH.obj XP_RGB.obj XP_WRAP.obj
# CXPRINT.obj XP_C.cl XP_LIST.obj XP_SEC.obj netscape.exp
# CXPRNDLG.obj XP_CNTXT.obj XP_MD5.obj XP_STR.obj xp.pch
# EXPORT.obj XP_CORE.obj XP_MESG.obj XP_THRMO.obj xppref32.dll
# XPASSERT.obj XP_ERROR.obj XP_RECT.obj XP_TIME.obj
# XPLOCALE.obj XP_FILE.obj XP_REG.obj XP_TRACE.obj
symbols:
@echo "CSRCS = $(CSRCS)"
@echo "INCS = $(INCS)"
@echo "OBJS = $(OBJS)"
@echo "LIBRARY = $(LIBRARY)"
@echo "PROGRAM = $(PROGRAM)"
@echo "TARGETS = $(TARGETS)"
@echo "DIST = $(DIST)"
@echo "VERSION_NUMBER = $(VERSION_NUMBER)"
@echo "WINFE = $(WINFE)"
@echo "DBM_LIB = $(DBM_LIB)"
@echo "INSTALL = $(INSTALL)"

277
security/nss/cmd/makepqg/makepqg.c Normal file
Просмотреть файл

@ -0,0 +1,277 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "prtypes.h"
#include "prtime.h"
#include "prlong.h"
#include "secutil.h"
#include "secitem.h"
#include "pk11func.h"
#include "pqgutil.h"
#include "secrng.h"
#if defined(XP_UNIX)
#include <unistd.h>
#endif
#include "plgetopt.h"
#define BPB 8 /* bits per byte. */
char *progName;
void
Usage(void)
{
fprintf(stderr, "Usage: %s\n", progName);
fprintf(stderr,
"-a Output DER-encoded PQG params, BTOA encoded.\n"
" -l prime-length Length of prime in bits (1024 is default)\n"
" -o file Output to this file (default is stdout)\n"
"-b Output DER-encoded PQG params in binary\n"
" -l prime-length Length of prime in bits (1024 is default)\n"
" -o file Output to this file (default is stdout)\n"
"-r Output P, Q and G in ASCII hexadecimal. \n"
" -l prime-length Length of prime in bits (1024 is default)\n"
" -o file Output to this file (default is stdout)\n"
"-g bits Generate SEED this many bits long.\n"
);
exit(-1);
}
int
outputPQGParams(PQGParams * pqgParams, PRBool output_binary, PRBool output_raw,
FILE * outFile)
{
PRArenaPool * arena = NULL;
char * PQG;
SECItem encodedParams;
if (output_raw) {
SECItem item;
PQG_GetPrimeFromParams(pqgParams, &item);
SECU_PrintInteger(outFile, &item, "Prime", 1);
SECITEM_FreeItem(&item, PR_FALSE);
PQG_GetSubPrimeFromParams(pqgParams, &item);
SECU_PrintInteger(outFile, &item, "Subprime", 1);
SECITEM_FreeItem(&item, PR_FALSE);
PQG_GetBaseFromParams(pqgParams, &item);
SECU_PrintInteger(outFile, &item, "Base", 1);
SECITEM_FreeItem(&item, PR_FALSE);
fprintf(outFile, "\n");
return 0;
}
encodedParams.data = NULL;
encodedParams.len = 0;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
SEC_ASN1EncodeItem(arena, &encodedParams, pqgParams,
SECKEY_PQGParamsTemplate);
if (output_binary) {
fwrite(encodedParams.data, encodedParams.len, sizeof(char), outFile);
printf("\n");
return 0;
}
/* must be output ASCII */
PQG = BTOA_DataToAscii(encodedParams.data, encodedParams.len);
fprintf(outFile,"%s",PQG);
printf("\n");
return 0;
}
int
outputPQGVerify(PQGVerify * pqgVerify, PRBool output_binary, PRBool output_raw,
FILE * outFile)
{
if (output_raw) {
SECItem item;
unsigned int counter;
PQG_GetHFromVerify(pqgVerify, &item);
SECU_PrintInteger(outFile, &item, "h", 1);
SECITEM_FreeItem(&item, PR_FALSE);
PQG_GetSeedFromVerify(pqgVerify, &item);
SECU_PrintInteger(outFile, &item, "SEED", 1);
fprintf(outFile, " g: %d\n", item.len * BPB);
SECITEM_FreeItem(&item, PR_FALSE);
counter = PQG_GetCounterFromVerify(pqgVerify);
fprintf(outFile, " counter: %d\n", counter);
fprintf(outFile, "\n");
return 0;
}
return 0;
}
int
main(int argc, char **argv)
{
FILE * outFile = NULL;
PQGParams * pqgParams = NULL;
PQGVerify * pqgVerify = NULL;
int keySizeInBits = 1024;
int j;
int o;
int g = 0;
SECStatus rv = 0;
SECStatus passed = 0;
PRBool output_ascii = PR_FALSE;
PRBool output_binary = PR_FALSE;
PRBool output_raw = PR_FALSE;
PLOptState *optstate;
PLOptStatus status;
progName = strrchr(argv[0], '/');
if (!progName)
progName = strrchr(argv[0], '\\');
progName = progName ? progName+1 : argv[0];
/* Parse command line arguments */
optstate = PL_CreateOptState(argc, argv, "l:abro:g:" );
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case 'l':
keySizeInBits = atoi(optstate->value);
break;
case 'a':
output_ascii = PR_TRUE;
break;
case 'b':
output_binary = PR_TRUE;
break;
case 'r':
output_raw = PR_TRUE;
break;
case 'o':
outFile = fopen(optstate->value, "wb");
if (!outFile) {
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
progName, optstate->value);
rv = -1;
}
break;
case 'g':
g = atoi(optstate->value);
break;
default:
case '?':
Usage();
break;
}
}
if (rv != 0) {
return rv;
}
/* exactly 1 of these options must be set. */
if (1 != ((output_ascii != PR_FALSE) +
(output_binary != PR_FALSE) +
(output_raw != PR_FALSE))) {
Usage();
}
j = PQG_PBITS_TO_INDEX(keySizeInBits);
if (j < 0) {
fprintf(stderr, "%s: Illegal prime length, \n"
"\tacceptable values are between 512 and 1024,\n"
"\tand divisible by 64\n", progName);
return -1;
}
if (g != 0 && (g < 160 || g >= 2048 || g % 8 != 0)) {
fprintf(stderr, "%s: Illegal g bits, \n"
"\tacceptable values are between 160 and 2040,\n"
"\tand divisible by 8\n", progName);
return -1;
}
if (outFile == NULL) {
outFile = stdout;
}
RNG_RNGInit();
RNG_SystemInfoForRNG();
if (g)
rv = PQG_ParamGenSeedLen((unsigned)j, (unsigned)(g/8),
&pqgParams, &pqgVerify);
else
rv = PQG_ParamGen((unsigned)j, &pqgParams, &pqgVerify);
if (rv != SECSuccess || pqgParams == NULL) {
fprintf(stderr, "%s: PQG parameter generation failed.\n", progName);
goto loser;
}
fprintf(stderr, "%s: PQG parameter generation completed.\n", progName);
o = outputPQGParams(pqgParams, output_binary, output_raw, outFile);
o = outputPQGVerify(pqgVerify, output_binary, output_raw, outFile);
rv = PQG_VerifyParams(pqgParams, pqgVerify, &passed);
if (rv != SECSuccess) {
fprintf(stderr, "%s: PQG parameter verification aborted.\n", progName);
goto loser;
}
if (passed != SECSuccess) {
fprintf(stderr, "%s: PQG parameters failed verification.\n", progName);
goto loser;
}
fprintf(stderr, "%s: PQG parameters passed verification.\n", progName);
PQG_DestroyParams(pqgParams);
PQG_DestroyVerify(pqgVerify);
return 0;
loser:
PQG_DestroyParams(pqgParams);
PQG_DestroyVerify(pqgVerify);
return 1;
}

45
security/nss/cmd/makepqg/manifest.mn Normal file
Просмотреть файл

@ -0,0 +1,45 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
CORE_DEPTH = ../../..
# This next line is used by .mk files
# and gets translated into $LINCS in manifest.mnw
REQUIRES = security seccmd dbm
# DIRS =
CSRCS = makepqg.c
PROGRAM = makepqg

41
security/nss/cmd/makepqg/testit.ksh Normal file
Просмотреть файл

@ -0,0 +1,41 @@
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
COUNTER=75
while [ $COUNTER -ge "1" ]
do
COUNTER=$(eval expr $COUNTER - 1)
echo $COUNTER
*/makepqg.exe -r -l 640 -g 160 || exit 1
done

Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше