Fix so the encoded cert and key can be written out on cert generation
This commit is contained in:
parent
02c6f8a15d
commit
d5546fea8f
52
keyutil.c
52
keyutil.c
@ -1221,8 +1221,8 @@ KeyOut(const char *keyoutfile,
|
||||
PRFileDesc *keyOutFile = NULL;
|
||||
PRUint32 total = 0;
|
||||
PRUint32 numBytes = 0;
|
||||
SECItem *derEPKI = NULL;
|
||||
SECItem derPKI = { 0, NULL, 0 };
|
||||
SECItem *encryptedKeyDER = NULL;
|
||||
SECItem clearKeyDER = { 0, NULL, 0 };
|
||||
SECItem pwitem = { 0, NULL, 0 };
|
||||
PRArenaPool *arenaForEPKI = NULL;
|
||||
PLArenaPool *arenaForPKI = NULL;
|
||||
@ -1268,9 +1268,9 @@ KeyOut(const char *keyoutfile,
|
||||
|
||||
if (keyEncPwd) {
|
||||
/* NULL dest to let it allocate memory for us */
|
||||
derEPKI = SEC_ASN1EncodeItem(arenaForEPKI, NULL, epki,
|
||||
encryptedKeyDER = SEC_ASN1EncodeItem(arenaForEPKI, NULL, epki,
|
||||
SECKEY_EncryptedPrivateKeyInfoTemplate);
|
||||
if (!derEPKI) {
|
||||
if (!encryptedKeyDER) {
|
||||
rv = PR_GetError();
|
||||
SECU_PrintError(progName, "ASN1 Encode failed (%s)\n",
|
||||
SECU_Strerror(rv));
|
||||
@ -1285,27 +1285,29 @@ KeyOut(const char *keyoutfile,
|
||||
GEN_BREAK(PR_OUT_OF_MEMORY_ERROR);
|
||||
}
|
||||
|
||||
derPKI.data = PORT_ArenaAlloc(arenaForPKI, epki->encryptedData.len);
|
||||
derPKI.len = epki->encryptedData.len;
|
||||
derPKI.type = siBuffer;
|
||||
clearKeyDER.data = PORT_ArenaAlloc(arenaForPKI, epki->encryptedData.len);
|
||||
clearKeyDER.len = epki->encryptedData.len;
|
||||
clearKeyDER.type = siBuffer;
|
||||
|
||||
rv = DecryptKey(epki, algTag, &pwitem, pwdata, &derPKI);
|
||||
if (rv) {
|
||||
rv = DecryptKey(epki, algTag, &pwitem, pwdata, &clearKeyDER);
|
||||
if (rv != SECSuccess) {
|
||||
GEN_BREAK(rv);
|
||||
}
|
||||
}
|
||||
|
||||
if (ascii) {
|
||||
/* we could be exporting a clear or encrypted key */
|
||||
SECItem *src = keyEncPwd ? derEPKI : &derPKI;
|
||||
SECItem *src = keyEncPwd ? encryptedKeyDER : &clearKeyDER;
|
||||
char *header = keyEncPwd ? ENCRYPTED_KEY_HEADER : KEY_HEADER;
|
||||
char *trailer = keyEncPwd ? ENCRYPTED_KEY_TRAILER : KEY_TRAILER;
|
||||
char *b64 = NULL;
|
||||
do {
|
||||
|
||||
b64 = BTOA_ConvertItemToAscii(src);
|
||||
if (b64)
|
||||
break;
|
||||
if (!b64) {
|
||||
rv = 255;
|
||||
GEN_BREAK(rv);
|
||||
}
|
||||
|
||||
total = PL_strlen(b64);
|
||||
|
||||
@ -1329,18 +1331,18 @@ KeyOut(const char *keyoutfile,
|
||||
} else {
|
||||
if (keyEncPwd) {
|
||||
/* Write out the encrypted key */
|
||||
numBytes = PR_Write(keyOutFile, derEPKI, derEPKI->len);
|
||||
numBytes = PR_Write(keyOutFile, encryptedKeyDER, encryptedKeyDER->len);
|
||||
} else {
|
||||
/* Write out the unencrypted key */
|
||||
numBytes = PR_Write(keyOutFile, &derPKI, derPKI.len);
|
||||
if (numBytes != derEPKI->len) {
|
||||
printf("Wrote %d bytes, instead of %d\n", numBytes, derPKI.len);
|
||||
numBytes = PR_Write(keyOutFile, &clearKeyDER, clearKeyDER.len);
|
||||
if (numBytes != clearKeyDER.len) {
|
||||
printf("Wrote %d bytes, instead of %d\n", numBytes, clearKeyDER.len);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
printf("Wrote %d bytes of encoded data to %s \n", numBytes, keyoutfile);
|
||||
/* can we read it and reverse operations */
|
||||
if (rv == SECSuccess)
|
||||
printf("Wrote %d bytes of encoded data to %s \n", numBytes, keyoutfile);
|
||||
|
||||
} while (0);
|
||||
|
||||
@ -1468,6 +1470,12 @@ static int keyutil_main(
|
||||
* This is a certificate signing request for a new cert,
|
||||
* will generate a key pair
|
||||
*/
|
||||
|
||||
if (!subjectstr) {
|
||||
SECU_PrintError(progName, "subject string was NULL\n");
|
||||
rv = 255;
|
||||
goto shutdown;
|
||||
}
|
||||
slot = PK11_GetInternalKeySlot(); /* PK11_GetInternalSlot() ? */
|
||||
|
||||
privkey = GenerateRSAPrivateKey(keytype, slot,
|
||||
@ -1480,11 +1488,6 @@ static int keyutil_main(
|
||||
goto shutdown;
|
||||
}
|
||||
|
||||
if (!subjectstr) {
|
||||
SECU_PrintError(progName, "subject string was NULL\n");
|
||||
rv = 255;
|
||||
goto shutdown;
|
||||
}
|
||||
subject = CERT_AsciiToName((char *)subjectstr);
|
||||
if (!subject) {
|
||||
SECU_PrintError(progName,
|
||||
@ -1557,7 +1560,6 @@ static int keyutil_main(
|
||||
LL_L2UI(serialNumber, now);
|
||||
|
||||
privkey->wincx = &pwdata;
|
||||
PR_Close(outFile);
|
||||
|
||||
inFile = PR_Open(certreqfile, PR_RDONLY, 0);
|
||||
assert(inFile);
|
||||
@ -1652,7 +1654,7 @@ shutdown:
|
||||
return rv == SECSuccess ? 0 : 255;
|
||||
}
|
||||
|
||||
/* $Id: keyutil.c,v 1.12 2008/11/04 04:28:22 emaldonado Exp $ */
|
||||
/* $Id: keyutil.c,v 1.13 2009/01/29 22:22:17 emaldonado Exp $ */
|
||||
|
||||
/* Key generation, encryption, and certificate utility code, based on
|
||||
* code from NSS's security utilities and the certutil application.
|
||||
|
Loading…
Reference in New Issue
Block a user