Fix for 157649 - allow crlutil to do partial decoding so it can be used as a test program

2002-08-07 03:53:07 +00:00 · 2002-08-07 03:53:07 +00:00 · 70bf3a89c1
--- a/security/nss/cmd/crlutil/crlutil.c
+++ b/security/nss/cmd/crlutil/crlutil.c
@ -173,13 +173,15 @@ static SECStatus DeleteCRL (CERTCertDBHandle *certHandle, char *name, int type)
 }

 SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type, 
-                     PRFileDesc *inFile, PRBool bypassChecks)
+                     PRFileDesc *inFile, PRInt32 importOptions, PRInt32 decodeOptions)
 {
    CERTCertificate *cert = NULL;
    CERTSignedCrl *crl = NULL;
    SECItem crlDER;
+    PK11SlotInfo* slot = NULL;
    int rv;
-    PRInt32 importOptions;
+    PRIntervalTime starttime, endtime, elapsed;
+    PRUint32 mins, secs, msecs;

    crlDER.data = NULL;

@ -190,26 +192,35 @@ SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type,
 	SECU_PrintError(progName, "unable to read input file");
 	return (SECFailure);
    }
+
+    decodeOptions |= CRL_DECODE_DONT_COPY_DER;
+
+    slot = PK11_GetInternalKeySlot();
 
-    importOptions = CRL_IMPORT_DEFAULT_OPTIONS;
-    if (PR_TRUE == bypassChecks) {
-        importOptions |= CRL_IMPORT_BYPASS_CHECKS;
-    }
-    crl = PK11_ImportCRL(PK11_GetInternalKeySlot(), &crlDER, url, type,
-          NULL, importOptions, NULL, CRL_DECODE_DONT_COPY_DER);
+    starttime = PR_IntervalNow();
+    crl = PK11_ImportCRL(slot, &crlDER, url, type,
+          NULL, importOptions, NULL, decodeOptions);
+    endtime = PR_IntervalNow();
+    elapsed = endtime - starttime;
+    mins = PR_IntervalToSeconds(elapsed) / 60;
+    secs = PR_IntervalToSeconds(elapsed) % 60;
+    msecs = PR_IntervalToMilliseconds(elapsed) % 1000;
+    printf("Elapsed : %2d:%2d.%3d\n", mins, secs, msecs);
    if (!crl) {
 	const char *errString;

 	errString = SECU_Strerror(PORT_GetError());
 	if ( errString && PORT_Strlen (errString) == 0)
 	    SECU_PrintError
-		    (progName, "CRL is not import (error: input CRL is not up to date.)");
+		    (progName, "CRL is not imported (error: input CRL is not up to date.)");
 	else    
 	    SECU_PrintError
 		    (progName, "unable to import CRL");
    }
-    PORT_Free (crlDER.data);
    SEC_DestroyCrl (crl);
+    if (slot) {
+        PK11_FreeSlot(slot);
+    }
    return (rv);
 }
 	    
@ -243,6 +254,7 @@ static void Usage(char *progName)
    fprintf(stderr, "%-20s \t 0 - SEC_KRL_TYPE\n", " ");
    fprintf(stderr, "%-20s \t 1 - SEC_CRL_TYPE\n", " ");        
    fprintf(stderr, "\n%-20s Bypass CA certificate checks.\n", "-B");
+    fprintf(stderr, "\n%-20s Partial decode for faster operation.\n", "-P");

    exit(-1);
 }
@ -264,6 +276,8 @@ int main(int argc, char **argv)
    PLOptStatus status;
    SECStatus secstatus;
    PRBool bypassChecks = PR_FALSE;
+    PRInt32 decodeOptions = CRL_DECODE_DEFAULT_OPTIONS;
+    PRInt32 importOptions = CRL_IMPORT_DEFAULT_OPTIONS;

    progName = strrchr(argv[0], '/');
    progName = progName ? progName+1 : argv[0];
@ -279,15 +293,19 @@ int main(int argc, char **argv)
    /*
     * Parse command line arguments
     */
-    optstate = PL_CreateOptState(argc, argv, "BIALd:i:Dn:Ct:u:");
+    optstate = PL_CreateOptState(argc, argv, "PBIALd:i:Dn:Ct:u:");
    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	switch (optstate->option) {
 	  case '?':
 	    Usage(progName);
 	    break;

+          case 'P':
+            decodeOptions |= CRL_DECODE_SKIP_ENTRIES;
+            break;
+
 	  case 'B':
-            bypassChecks = PR_TRUE;
+            importOptions |= CRL_IMPORT_BYPASS_CHECKS;
            break;

 	  case 'C':
@ -364,7 +382,8 @@ int main(int argc, char **argv)
    else if (listCRL)
 	ListCRL (certHandle, nickName, crlType);
    else if (importCRL) 
-	rv = ImportCRL (certHandle, url, crlType, inFile, bypassChecks);
+	rv = ImportCRL (certHandle, url, crlType, inFile, importOptions,
+                        decodeOptions);
    
    return (rv);
 }