rpms
/
crypto-utils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix comments and indentation

This commit is contained in:
Elio Maldonado 2008-10-20 20:45:04 +00:00
parent 0b93163551
commit 5d565bb378
1 changed files with 75 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

149
keyutil.c
View File

@ -67,10 +67,13 @@
/* /*
* keyutil.c * keyutil.c
* *
* Utility for managing certificates and the cert database * Command line utility for generating certificates and certificate signing requests.
* It is invoked by crypto-utils' genkey when used in OpenSSL compatibility mode.
* *
* Key generation, encryption, and certificate utility code, based on * Key generation, encryption, and certificate utility code based on
* code from NSS's security utilities and the certutil application. * on code from NSS's security utilities and the certutil application.
* Pem file key and certificate loading code based on code from the
* NSS-enabled libcurl.
* Elio Maldonado <emaldona@redhat.com> * Elio Maldonado <emaldona@redhat.com>
* *
*/ */
@ -241,7 +244,7 @@ static SECStatus loadCert(
const char *certfile, const char *certfile,
const char *nickname) const char *nickname)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
PK11GenericObject *genericObjCert; PK11GenericObject *genericObjCert;
CK_ATTRIBUTE theCertTemplate[20]; CK_ATTRIBUTE theCertTemplate[20];
CK_ATTRIBUTE *attrs = NULL; CK_ATTRIBUTE *attrs = NULL;
@ -254,7 +257,7 @@ static SECStatus loadCert(
/* /*
* Load the certificate * Load the certificate
*/ */
attrs = theCertTemplate; attrs = theCertTemplate;
PK11_SETATTRS(attrs, CKA_CLASS, &certObjClass, sizeof(certObjClass)); attrs++; PK11_SETATTRS(attrs, CKA_CLASS, &certObjClass, sizeof(certObjClass)); attrs++;
PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL)); attrs++; PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL)); attrs++;
PK11_SETATTRS(attrs, CKA_LABEL, (unsigned char *)certfile, strlen(certfile)+1); attrs++; PK11_SETATTRS(attrs, CKA_LABEL, (unsigned char *)certfile, strlen(certfile)+1); attrs++;
@ -267,9 +270,10 @@ static SECStatus loadCert(
/* Load the certificate in our PEM module into the appropriate slot. */ /* Load the certificate in our PEM module into the appropriate slot. */
genericObjCert = PK11_CreateGenericObject(slot, theCertTemplate, 4, PR_FALSE /* isPerm */); genericObjCert = PK11_CreateGenericObject(slot, theCertTemplate, 4, PR_FALSE /* isPerm */);
if (!genericObjCert) { if (!genericObjCert) {
rv = PR_GetError(); rv = PR_GetError();
PR_fprintf(PR_STDERR, "%s: unable to Create object for cert, (%s)\n", PR_fprintf(PR_STDERR,
progName, SECU_Strerror(rv)); "%s: unable to Create object for cert, (%s)\n",
progName, SECU_Strerror(rv));
break; break;
} }
if (!cacert) { if (!cacert) {
@ -277,11 +281,12 @@ static SECStatus loadCert(
* either the token or the NSS certificate database. * either the token or the NSS certificate database.
*/ */
cert = PK11_FindCertFromNickname((char *)nickname, NULL); cert = PK11_FindCertFromNickname((char *)nickname, NULL);
if (!cert) { if (!cert) {
PR_fprintf(PR_STDERR, "%s: Can't find cert named (%s), bailing out\n", PR_fprintf(PR_STDERR,
progName, nickname); "%s: Can't find cert named (%s), bailing out\n",
rv = 255; progName, nickname);
break; rv = 255;
break;
} else { } else {
rv = SECSuccess; rv = SECSuccess;
} }
@ -292,7 +297,7 @@ static SECStatus loadCert(
} while (0); } while (0);
if (cert) if (cert)
CERT_DestroyCertificate(cert); CERT_DestroyCertificate(cert);
return rv; return rv;
} }
@ -307,10 +312,10 @@ static SECStatus loadCert(
* @param nickname the nickname of the matching certificate * @param nickname the nickname of the matching certificate
*/ */
static SECStatus loadKey( static SECStatus loadKey(
PK11SlotInfo *slot, PK11SlotInfo *slot,
const char *keyfile, const char *keyfile,
const char *nickname, const char *nickname,
secuPWData *pwdata) secuPWData *pwdata)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
CK_ATTRIBUTE *attrs = NULL; CK_ATTRIBUTE *attrs = NULL;
@ -322,8 +327,7 @@ static SECStatus loadKey(
CERTCertificate *cert = NULL; CERTCertificate *cert = NULL;
SECKEYPrivateKey *privkey = NULL; SECKEYPrivateKey *privkey = NULL;
do { do {
attrs = theTemplate; attrs = theTemplate;
PK11_SETATTRS(attrs, CKA_CLASS, &objClass, sizeof(objClass) ); attrs++; PK11_SETATTRS(attrs, CKA_CLASS, &objClass, sizeof(objClass) ); attrs++;
PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL) ); attrs++; PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL) ); attrs++;
@ -332,12 +336,12 @@ static SECStatus loadKey(
/* When adding an encrypted key the PKCS#11 will be set as removed */ /* When adding an encrypted key the PKCS#11 will be set as removed */
object = PK11_CreateGenericObject(slot, theTemplate, 3, PR_FALSE /* isPerm */); object = PK11_CreateGenericObject(slot, theTemplate, 3, PR_FALSE /* isPerm */);
if (!object) { if (!object) {
rv = SEC_ERROR_BAD_KEY; rv = SEC_ERROR_BAD_KEY;
PR_SetError(rv, 0); PR_SetError(rv, 0);
PR_fprintf(PR_STDERR, PR_fprintf(PR_STDERR,
"%s: unable to create key object (%s)\n", "%s: unable to create key object (%s)\n",
progName, SECU_Strerror(rv)); progName, SECU_Strerror(rv));
break; break;
} }
/* This will force the token to be seen as re-inserted */ /* This will force the token to be seen as re-inserted */
@ -347,7 +351,7 @@ static SECStatus loadKey(
rv = PK11_Authenticate(slot, PR_TRUE, pwdata->data); rv = PK11_Authenticate(slot, PR_TRUE, pwdata->data);
if (rv != SECSuccess) { if (rv != SECSuccess) {
PR_fprintf(PR_STDERR, "Can't authenticate\n"); PR_fprintf(PR_STDERR, "Can't authenticate\n");
break; break;
} }
@ -359,9 +363,10 @@ static SECStatus loadKey(
privkey = PK11_FindPrivateKeyFromCert(slot, cert, pwdata->data); privkey = PK11_FindPrivateKeyFromCert(slot, cert, pwdata->data);
if (!privkey) { if (!privkey) {
rv = PR_GetError(); rv = PR_GetError();
PR_fprintf(PR_STDERR, "%s: unable to find the key for cert, (%s)\n", PR_fprintf(PR_STDERR,
progName, SECU_Strerror(rv)); "%s: unable to find the key for cert, (%s)\n",
progName, SECU_Strerror(rv));
GEN_BREAK(SECFailure); GEN_BREAK(SECFailure);
} }
rv = SECSuccess; rv = SECSuccess;
@ -369,7 +374,7 @@ static SECStatus loadKey(
} while (0); } while (0);
if (cert) if (cert)
CERT_DestroyCertificate(cert); CERT_DestroyCertificate(cert);
return rv; return rv;
} }
@ -384,19 +389,20 @@ static SECStatus loadKey(
* @param keyfile the key file * @param keyfile the key file
* @param pwdata access password * @param pwdata access password
*/ */
static SECStatus loadCertAndKey( static SECStatus
PK11SlotInfo *slot, loadCertAndKey(
PRBool cacert, PK11SlotInfo *slot,
const char *certfile, PRBool cacert,
const char *nickname, const char *certfile,
const char *keyfile, const char *nickname,
secuPWData *pwdata) const char *keyfile,
secuPWData *pwdata)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
/* /*
* Load the certificate first * Load the certificate first
*/ */
rv = loadCert(slot, cacert, certfile, nickname); rv = loadCert(slot, cacert, certfile, nickname);
if (rv != SECSuccess) return rv; if (rv != SECSuccess) return rv;
@ -428,45 +434,47 @@ static SECStatus extractRSAKeysAndSubject(
SECKEYPublicKey **pubkey, SECKEYPublicKey **pubkey,
CERTName **subject) CERTName **subject)
{ {
SECStatus rv = SECSuccess; SECStatus rv = SECSuccess;
CERTCertificate *cert = NULL; CERTCertificate *cert = NULL;
do { do {
cert = PK11_FindCertFromNickname((char *)nickname, NULL);
cert = PK11_FindCertFromNickname((char *)nickname, NULL); if (!cert) {
if (!cert) { GEN_BREAK(SECFailure);
GEN_BREAK(SECFailure); }
}
*pubkey = CERT_ExtractPublicKey(cert); *pubkey = CERT_ExtractPublicKey(cert);
if (!*pubkey) { if (!*pubkey) {
PR_fprintf(PR_STDERR, "%s: Could not get public key from cert, (%s)\n", PR_fprintf(PR_STDERR,
"%s: Could not get public key from cert, (%s)\n",
progName, SECU_Strerror(PR_GetError())); progName, SECU_Strerror(PR_GetError()));
GEN_BREAK(SECFailure); GEN_BREAK(SECFailure);
} }
*privkey = PK11_FindKeyByDERCert(slot, cert, &pwdata); *privkey = PK11_FindKeyByDERCert(slot, cert, &pwdata);
if (!*privkey) { if (!*privkey) {
rv = PR_GetError(); rv = PR_GetError();
PR_fprintf(PR_STDERR, "%s: unable to find the key with PK11_FindKeyByDERCert, (%s)\n", PR_fprintf(PR_STDERR,
"%s: unable to find the key with PK11_FindKeyByDERCert, (%s)\n",
progName, SECU_Strerror(rv)); progName, SECU_Strerror(rv));
*privkey= PK11_FindKeyByAnyCert(cert, &pwdata); *privkey= PK11_FindKeyByAnyCert(cert, &pwdata);
rv = PR_GetError(); rv = PR_GetError();
PR_fprintf(PR_STDERR, "%s: unable to find the key with PK11_FindKeyByAnyCert, (%s)\n", PR_fprintf(PR_STDERR,
"%s: unable to find the key with PK11_FindKeyByAnyCert, (%s)\n",
progName, SECU_Strerror(rv)); progName, SECU_Strerror(rv));
GEN_BREAK(SECFailure); GEN_BREAK(SECFailure);
} }
assert(((*privkey)->keyType) == rsaKey); assert(((*privkey)->keyType) == rsaKey);
*subject = CERT_AsciiToName(cert->subjectName); *subject = CERT_AsciiToName(cert->subjectName);
if (!*subject) { if (!*subject) {
PR_fprintf(PR_STDERR, "%s -s: improperly formatted name: \"%s\"\n", PR_fprintf(PR_STDERR,
progName, cert->subjectName); "%s -s: improperly formatted name: \"%s\"\n",
GEN_BREAK(SECFailure); progName, cert->subjectName);
} GEN_BREAK(SECFailure);
rv = SECSuccess; }
rv = SECSuccess;
} while (0); } while (0);
if (cert) if (cert)
@ -475,8 +483,10 @@ static SECStatus extractRSAKeysAndSubject(
} }
/* /*
* Modeled after the one in certutil * GetCertRequest, CertReq, MakeV1Cert, SignCert, and CreateCert
* are modeled after the corresponding ones in certutil.
*/ */
static CERTCertificateRequest * static CERTCertificateRequest *
GetCertRequest(PRFileDesc *inFile, PRBool ascii) GetCertRequest(PRFileDesc *inFile, PRBool ascii)
{ {
@ -537,9 +547,6 @@ GetCertRequest(PRFileDesc *inFile, PRBool ascii)
return certReq; return certReq;
} }
/*
* Modeled after the one in certutil
*/
static SECStatus static SECStatus
CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
SECOidTag hashAlgTag, CERTName *subject, char *phone, int ascii, SECOidTag hashAlgTag, CERTName *subject, char *phone, int ascii,
@ -664,9 +671,6 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
return SECSuccess; return SECSuccess;
} }
/*
* Modeled after the one in certutil
*/
static CERTCertificate * static CERTCertificate *
MakeV1Cert(CERTCertDBHandle * handle, MakeV1Cert(CERTCertDBHandle * handle,
CERTCertificateRequest *req, CERTCertificateRequest *req,
@ -718,9 +722,6 @@ MakeV1Cert(CERTCertDBHandle * handle,
return(cert); return(cert);
} }
/*
* Modelled after the one in certutil
*/
static SECItem * static SECItem *
SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign, SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign,
SECOidTag hashAlgTag, SECOidTag hashAlgTag,
@ -1616,7 +1617,7 @@ shutdown:
return rv == SECSuccess ? 0 : 255; return rv == SECSuccess ? 0 : 255;
} }
/* $Id: keyutil.c,v 1.7 2008/10/19 05:08:53 emaldonado Exp $ */ /* $Id: keyutil.c,v 1.8 2008/10/19 17:50:08 emaldonado Exp $ */
/* Key generation, encryption, and certificate utility code, based on /* Key generation, encryption, and certificate utility code, based on
* code from NSS's security utilities and the certutil application. * code from NSS's security utilities and the certutil application.
@ -1744,7 +1745,7 @@ int main(int argc, char **argv)
printf("%s: Failed to load %s\n", progName, pem_library); printf("%s: Failed to load %s\n", progName, pem_library);
} }
free(configstring); free(configstring);
if (!mod) { if (!mod) {
NSS_Shutdown(); NSS_Shutdown();
PR_Cleanup(); PR_Cleanup();
return EXIT_FAILURE; return EXIT_FAILURE;