rpms
/
crypto-utils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Coverted tabs to spaces

This commit is contained in:
Elio Maldonado 2008-05-03 22:54:55 +00:00
parent deb8b0e9e2
commit eff035f7f8
10 changed files with 1427 additions and 1434 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
NSPRerrs.h
View File

@ -36,43 +36,43 @@
/* General NSPR 2.0 errors */
/* Caller must #include "<rerror.h> */
ER2( PR_OUT_OF_MEMORY_ERROR, "Memory allocation attempt failed." )
ER2( PR_BAD_DESCRIPTOR_ERROR, "Invalid file descriptor." )
ER2( PR_WOULD_BLOCK_ERROR, "The operation would have blocked." )
ER2( PR_ACCESS_FAULT_ERROR, "Invalid memory address argument." )
ER2( PR_INVALID_METHOD_ERROR, "Invalid function for file type." )
ER2( PR_ILLEGAL_ACCESS_ERROR, "Invalid memory address argument." )
ER2( PR_UNKNOWN_ERROR, "Some unknown error has occurred." )
ER2( PR_OUT_OF_MEMORY_ERROR, "Memory allocation attempt failed." )
ER2( PR_BAD_DESCRIPTOR_ERROR, "Invalid file descriptor." )
ER2( PR_WOULD_BLOCK_ERROR, "The operation would have blocked." )
ER2( PR_ACCESS_FAULT_ERROR, "Invalid memory address argument." )
ER2( PR_INVALID_METHOD_ERROR, "Invalid function for file type." )
ER2( PR_ILLEGAL_ACCESS_ERROR, "Invalid memory address argument." )
ER2( PR_UNKNOWN_ERROR, "Some unknown error has occurred." )
ER2( PR_PENDING_INTERRUPT_ERROR,"Operation interrupted by another thread." )
ER2( PR_NOT_IMPLEMENTED_ERROR, "function not implemented." )
ER2( PR_IO_ERROR, "I/O function error." )
ER2( PR_IO_TIMEOUT_ERROR, "I/O operation timed out." )
ER2( PR_IO_PENDING_ERROR, "I/O operation on busy file descriptor." )
ER2( PR_DIRECTORY_OPEN_ERROR, "The directory could not be opened." )
ER2( PR_NOT_IMPLEMENTED_ERROR, "function not implemented." )
ER2( PR_IO_ERROR, "I/O function error." )
ER2( PR_IO_TIMEOUT_ERROR, "I/O operation timed out." )
ER2( PR_IO_PENDING_ERROR, "I/O operation on busy file descriptor." )
ER2( PR_DIRECTORY_OPEN_ERROR, "The directory could not be opened." )
ER2( PR_INVALID_ARGUMENT_ERROR, "Invalid function argument." )
ER2( PR_ADDRESS_NOT_AVAILABLE_ERROR, "Network address not available (in use?)." )
ER2( PR_ADDRESS_NOT_SUPPORTED_ERROR, "Network address type not supported." )
ER2( PR_IS_CONNECTED_ERROR, "Already connected." )
ER2( PR_BAD_ADDRESS_ERROR, "Network address is invalid." )
ER2( PR_ADDRESS_IN_USE_ERROR, "Local Network address is in use." )
ER2( PR_CONNECT_REFUSED_ERROR, "Connection refused by peer." )
ER2( PR_IS_CONNECTED_ERROR, "Already connected." )
ER2( PR_BAD_ADDRESS_ERROR, "Network address is invalid." )
ER2( PR_ADDRESS_IN_USE_ERROR, "Local Network address is in use." )
ER2( PR_CONNECT_REFUSED_ERROR, "Connection refused by peer." )
ER2( PR_NETWORK_UNREACHABLE_ERROR, "Network address is presently unreachable." )
ER2( PR_CONNECT_TIMEOUT_ERROR, "Connection attempt timed out." )
ER2( PR_NOT_CONNECTED_ERROR, "Network file descriptor is not connected." )
ER2( PR_LOAD_LIBRARY_ERROR, "Failure to load dynamic library." )
ER2( PR_UNLOAD_LIBRARY_ERROR, "Failure to unload dynamic library." )
ER2( PR_FIND_SYMBOL_ERROR,
ER2( PR_CONNECT_TIMEOUT_ERROR, "Connection attempt timed out." )
ER2( PR_NOT_CONNECTED_ERROR, "Network file descriptor is not connected." )
ER2( PR_LOAD_LIBRARY_ERROR, "Failure to load dynamic library." )
ER2( PR_UNLOAD_LIBRARY_ERROR, "Failure to unload dynamic library." )
ER2( PR_FIND_SYMBOL_ERROR,
"Symbol not found in any of the loaded dynamic libraries." )
ER2( PR_INSUFFICIENT_RESOURCES_ERROR, "Insufficient system resources." )
ER2( PR_DIRECTORY_LOOKUP_ERROR,
ER2( PR_DIRECTORY_LOOKUP_ERROR,
"A directory lookup on a network address has failed." )
ER2( PR_TPD_RANGE_ERROR,
ER2( PR_TPD_RANGE_ERROR,
"Attempt to access a TPD key that is out of range." )
ER2( PR_PROC_DESC_TABLE_FULL_ERROR, "Process open FD table is full." )
ER2( PR_SYS_DESC_TABLE_FULL_ERROR, "System open FD table is full." )
ER2( PR_NOT_SOCKET_ERROR,
ER2( PR_NOT_SOCKET_ERROR,
"Network operation attempted on non-network file descriptor." )
ER2( PR_NOT_TCP_SOCKET_ERROR,
ER2( PR_NOT_TCP_SOCKET_ERROR,
"TCP-specific function attempted on a non-TCP file descriptor." )
ER2( PR_SOCKET_ADDRESS_IS_BOUND_ERROR, "TCP file descriptor is already bound." )
ER2( PR_NO_ACCESS_RIGHTS_ERROR, "Access Denied." )
@ -80,24 +80,24 @@ ER2( PR_OPERATION_NOT_SUPPORTED_ERROR,
"The requested operation is not supported by the platform." )
ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR,
"The host operating system does not support the protocol requested." )
ER2( PR_REMOTE_FILE_ERROR, "Access to the remote file has been severed." )
ER2( PR_BUFFER_OVERFLOW_ERROR,
ER2( PR_REMOTE_FILE_ERROR, "Access to the remote file has been severed." )
ER2( PR_BUFFER_OVERFLOW_ERROR,
"The value requested is too large to be stored in the data buffer provided." )
ER2( PR_CONNECT_RESET_ERROR, "TCP connection reset by peer." )
ER2( PR_RANGE_ERROR, "Unused." )
ER2( PR_DEADLOCK_ERROR, "The operation would have deadlocked." )
ER2( PR_FILE_IS_LOCKED_ERROR, "The file is already locked." )
ER2( PR_FILE_TOO_BIG_ERROR,
ER2( PR_CONNECT_RESET_ERROR, "TCP connection reset by peer." )
ER2( PR_RANGE_ERROR, "Unused." )
ER2( PR_DEADLOCK_ERROR, "The operation would have deadlocked." )
ER2( PR_FILE_IS_LOCKED_ERROR, "The file is already locked." )
ER2( PR_FILE_TOO_BIG_ERROR,
"Write would result in file larger than the system allows." )
ER2( PR_NO_DEVICE_SPACE_ERROR, "The device for storing the file is full." )
ER2( PR_PIPE_ERROR, "Unused." )
ER2( PR_NO_SEEK_DEVICE_ERROR, "Unused." )
ER2( PR_IS_DIRECTORY_ERROR,
ER2( PR_NO_DEVICE_SPACE_ERROR, "The device for storing the file is full." )
ER2( PR_PIPE_ERROR, "Unused." )
ER2( PR_NO_SEEK_DEVICE_ERROR, "Unused." )
ER2( PR_IS_DIRECTORY_ERROR,
"Cannot perform a normal file operation on a directory." )
ER2( PR_LOOP_ERROR, "Symbolic link loop." )
ER2( PR_NAME_TOO_LONG_ERROR, "File name is too long." )
ER2( PR_FILE_NOT_FOUND_ERROR, "File not found." )
ER2( PR_NOT_DIRECTORY_ERROR,
ER2( PR_LOOP_ERROR, "Symbolic link loop." )
ER2( PR_NAME_TOO_LONG_ERROR, "File name is too long." )
ER2( PR_FILE_NOT_FOUND_ERROR, "File not found." )
ER2( PR_NOT_DIRECTORY_ERROR,
"Cannot perform directory operation on a normal file." )
ER2( PR_READ_ONLY_FILESYSTEM_ERROR,
"Cannot write to a read-only file system." )
@ -105,49 +105,49 @@ ER2( PR_DIRECTORY_NOT_EMPTY_ERROR,
"Cannot delete a directory that is not empty." )
ER2( PR_FILESYSTEM_MOUNTED_ERROR,
"Cannot delete or rename a file object while the file system is busy." )
ER2( PR_NOT_SAME_DEVICE_ERROR,
ER2( PR_NOT_SAME_DEVICE_ERROR,
"Cannot rename a file to a file system on another device." )
ER2( PR_DIRECTORY_CORRUPTED_ERROR,
"The directory object in the file system is corrupted." )
ER2( PR_FILE_EXISTS_ERROR,
ER2( PR_FILE_EXISTS_ERROR,
"Cannot create or rename a filename that already exists." )
ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR,
"Directory is full. No additional filenames may be added." )
ER2( PR_INVALID_DEVICE_STATE_ERROR,
"The required device was in an invalid state." )
ER2( PR_DEVICE_IS_LOCKED_ERROR, "The device is locked." )
ER2( PR_NO_MORE_FILES_ERROR, "No more entries in the directory." )
ER2( PR_END_OF_FILE_ERROR, "Encountered end of file." )
ER2( PR_FILE_SEEK_ERROR, "Seek error." )
ER2( PR_FILE_IS_BUSY_ERROR, "The file is busy." )
ER2( PR_NO_MORE_FILES_ERROR, "No more entries in the directory." )
ER2( PR_END_OF_FILE_ERROR, "Encountered end of file." )
ER2( PR_FILE_SEEK_ERROR, "Seek error." )
ER2( PR_FILE_IS_BUSY_ERROR, "The file is busy." )
ER2( PR_IN_PROGRESS_ERROR,
"Operation is still in progress (probably a non-blocking connect)." )
ER2( PR_ALREADY_INITIATED_ERROR,
"Operation has already been initiated (probably a non-blocking connect)." )
#ifdef PR_GROUP_EMPTY_ERROR
ER2( PR_GROUP_EMPTY_ERROR, "The wait group is empty." )
ER2( PR_GROUP_EMPTY_ERROR, "The wait group is empty." )
#endif
#ifdef PR_INVALID_STATE_ERROR
ER2( PR_INVALID_STATE_ERROR, "Object state improper for request." )
ER2( PR_INVALID_STATE_ERROR, "Object state improper for request." )
#endif
#ifdef PR_NETWORK_DOWN_ERROR
ER2( PR_NETWORK_DOWN_ERROR, "Network is down." )
ER2( PR_NETWORK_DOWN_ERROR, "Network is down." )
#endif
#ifdef PR_SOCKET_SHUTDOWN_ERROR
ER2( PR_SOCKET_SHUTDOWN_ERROR, "The socket was previously shut down." )
ER2( PR_SOCKET_SHUTDOWN_ERROR, "The socket was previously shut down." )
#endif
#ifdef PR_CONNECT_ABORTED_ERROR
ER2( PR_CONNECT_ABORTED_ERROR, "TCP Connection aborted." )
ER2( PR_CONNECT_ABORTED_ERROR, "TCP Connection aborted." )
#endif
#ifdef PR_HOST_UNREACHABLE_ERROR
ER2( PR_HOST_UNREACHABLE_ERROR, "Host is unreachable." )
ER2( PR_HOST_UNREACHABLE_ERROR, "Host is unreachable." )
#endif
/* always last */
ER2( PR_MAX_ERROR, "Placeholder for the end of the list" )
ER2( PR_MAX_ERROR, "Placeholder for the end of the list" )

312
SECerrs.h
View File

@ -37,448 +37,448 @@
/* General security error codes */
/* Caller must #include <secerr.h> */
ER3(SEC_ERROR_IO, SEC_ERROR_BASE + 0,
ER3(SEC_ERROR_IO, SEC_ERROR_BASE + 0,
"An I/O error occurred during security authorization.")
ER3(SEC_ERROR_LIBRARY_FAILURE, SEC_ERROR_BASE + 1,
ER3(SEC_ERROR_LIBRARY_FAILURE, SEC_ERROR_BASE + 1,
"security library failure.")
ER3(SEC_ERROR_BAD_DATA, SEC_ERROR_BASE + 2,
ER3(SEC_ERROR_BAD_DATA, SEC_ERROR_BASE + 2,
"security library: received bad data.")
ER3(SEC_ERROR_OUTPUT_LEN, SEC_ERROR_BASE + 3,
ER3(SEC_ERROR_OUTPUT_LEN, SEC_ERROR_BASE + 3,
"security library: output length error.")
ER3(SEC_ERROR_INPUT_LEN, SEC_ERROR_BASE + 4,
ER3(SEC_ERROR_INPUT_LEN, SEC_ERROR_BASE + 4,
"security library has experienced an input length error.")
ER3(SEC_ERROR_INVALID_ARGS, SEC_ERROR_BASE + 5,
ER3(SEC_ERROR_INVALID_ARGS, SEC_ERROR_BASE + 5,
"security library: invalid arguments.")
ER3(SEC_ERROR_INVALID_ALGORITHM, SEC_ERROR_BASE + 6,
ER3(SEC_ERROR_INVALID_ALGORITHM, SEC_ERROR_BASE + 6,
"security library: invalid algorithm.")
ER3(SEC_ERROR_INVALID_AVA, SEC_ERROR_BASE + 7,
ER3(SEC_ERROR_INVALID_AVA, SEC_ERROR_BASE + 7,
"security library: invalid AVA.")
ER3(SEC_ERROR_INVALID_TIME, SEC_ERROR_BASE + 8,
ER3(SEC_ERROR_INVALID_TIME, SEC_ERROR_BASE + 8,
"Improperly formatted time string.")
ER3(SEC_ERROR_BAD_DER, SEC_ERROR_BASE + 9,
ER3(SEC_ERROR_BAD_DER, SEC_ERROR_BASE + 9,
"security library: improperly formatted DER-encoded message.")
ER3(SEC_ERROR_BAD_SIGNATURE, SEC_ERROR_BASE + 10,
ER3(SEC_ERROR_BAD_SIGNATURE, SEC_ERROR_BASE + 10,
"Peer's certificate has an invalid signature.")
ER3(SEC_ERROR_EXPIRED_CERTIFICATE, SEC_ERROR_BASE + 11,
ER3(SEC_ERROR_EXPIRED_CERTIFICATE, SEC_ERROR_BASE + 11,
"Peer's Certificate has expired.")
ER3(SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_BASE + 12,
ER3(SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_BASE + 12,
"Peer's Certificate has been revoked.")
ER3(SEC_ERROR_UNKNOWN_ISSUER, SEC_ERROR_BASE + 13,
ER3(SEC_ERROR_UNKNOWN_ISSUER, SEC_ERROR_BASE + 13,
"Peer's Certificate issuer is not recognized.")
ER3(SEC_ERROR_BAD_KEY, SEC_ERROR_BASE + 14,
ER3(SEC_ERROR_BAD_KEY, SEC_ERROR_BASE + 14,
"Peer's public key is invalid.")
ER3(SEC_ERROR_BAD_PASSWORD, SEC_ERROR_BASE + 15,
ER3(SEC_ERROR_BAD_PASSWORD, SEC_ERROR_BASE + 15,
"The security password entered is incorrect.")
ER3(SEC_ERROR_RETRY_PASSWORD, SEC_ERROR_BASE + 16,
ER3(SEC_ERROR_RETRY_PASSWORD, SEC_ERROR_BASE + 16,
"New password entered incorrectly. Please try again.")
ER3(SEC_ERROR_NO_NODELOCK, SEC_ERROR_BASE + 17,
ER3(SEC_ERROR_NO_NODELOCK, SEC_ERROR_BASE + 17,
"security library: no nodelock.")
ER3(SEC_ERROR_BAD_DATABASE, SEC_ERROR_BASE + 18,
ER3(SEC_ERROR_BAD_DATABASE, SEC_ERROR_BASE + 18,
"security library: bad database.")
ER3(SEC_ERROR_NO_MEMORY, SEC_ERROR_BASE + 19,
ER3(SEC_ERROR_NO_MEMORY, SEC_ERROR_BASE + 19,
"security library: memory allocation failure.")
ER3(SEC_ERROR_UNTRUSTED_ISSUER, SEC_ERROR_BASE + 20,
ER3(SEC_ERROR_UNTRUSTED_ISSUER, SEC_ERROR_BASE + 20,
"Peer's certificate issuer has been marked as not trusted by the user.")
ER3(SEC_ERROR_UNTRUSTED_CERT, SEC_ERROR_BASE + 21,
ER3(SEC_ERROR_UNTRUSTED_CERT, SEC_ERROR_BASE + 21,
"Peer's certificate has been marked as not trusted by the user.")
ER3(SEC_ERROR_DUPLICATE_CERT, (SEC_ERROR_BASE + 22),
ER3(SEC_ERROR_DUPLICATE_CERT, (SEC_ERROR_BASE + 22),
"Certificate already exists in your database.")
ER3(SEC_ERROR_DUPLICATE_CERT_NAME, (SEC_ERROR_BASE + 23),
ER3(SEC_ERROR_DUPLICATE_CERT_NAME, (SEC_ERROR_BASE + 23),
"Downloaded certificate's name duplicates one already in your database.")
ER3(SEC_ERROR_ADDING_CERT, (SEC_ERROR_BASE + 24),
ER3(SEC_ERROR_ADDING_CERT, (SEC_ERROR_BASE + 24),
"Error adding certificate to database.")
ER3(SEC_ERROR_FILING_KEY, (SEC_ERROR_BASE + 25),
ER3(SEC_ERROR_FILING_KEY, (SEC_ERROR_BASE + 25),
"Error refiling the key for this certificate.")
ER3(SEC_ERROR_NO_KEY, (SEC_ERROR_BASE + 26),
ER3(SEC_ERROR_NO_KEY, (SEC_ERROR_BASE + 26),
"The private key for this certificate cannot be found in key database")
ER3(SEC_ERROR_CERT_VALID, (SEC_ERROR_BASE + 27),
ER3(SEC_ERROR_CERT_VALID, (SEC_ERROR_BASE + 27),
"This certificate is valid.")
ER3(SEC_ERROR_CERT_NOT_VALID, (SEC_ERROR_BASE + 28),
ER3(SEC_ERROR_CERT_NOT_VALID, (SEC_ERROR_BASE + 28),
"This certificate is not valid.")
ER3(SEC_ERROR_CERT_NO_RESPONSE, (SEC_ERROR_BASE + 29),
ER3(SEC_ERROR_CERT_NO_RESPONSE, (SEC_ERROR_BASE + 29),
"Cert Library: No Response")
ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, (SEC_ERROR_BASE + 30),
ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, (SEC_ERROR_BASE + 30),
"The certificate issuer's certificate has expired. Check your system date and time.")
ER3(SEC_ERROR_CRL_EXPIRED, (SEC_ERROR_BASE + 31),
ER3(SEC_ERROR_CRL_EXPIRED, (SEC_ERROR_BASE + 31),
"The CRL for the certificate's issuer has expired. Update it or check your system date and time.")
ER3(SEC_ERROR_CRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 32),
ER3(SEC_ERROR_CRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 32),
"The CRL for the certificate's issuer has an invalid signature.")
ER3(SEC_ERROR_CRL_INVALID, (SEC_ERROR_BASE + 33),
ER3(SEC_ERROR_CRL_INVALID, (SEC_ERROR_BASE + 33),
"New CRL has an invalid format.")
ER3(SEC_ERROR_EXTENSION_VALUE_INVALID, (SEC_ERROR_BASE + 34),
ER3(SEC_ERROR_EXTENSION_VALUE_INVALID, (SEC_ERROR_BASE + 34),
"Certificate extension value is invalid.")
ER3(SEC_ERROR_EXTENSION_NOT_FOUND, (SEC_ERROR_BASE + 35),
ER3(SEC_ERROR_EXTENSION_NOT_FOUND, (SEC_ERROR_BASE + 35),
"Certificate extension not found.")
ER3(SEC_ERROR_CA_CERT_INVALID, (SEC_ERROR_BASE + 36),
ER3(SEC_ERROR_CA_CERT_INVALID, (SEC_ERROR_BASE + 36),
"Issuer certificate is invalid.")
ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID, (SEC_ERROR_BASE + 37),
ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID, (SEC_ERROR_BASE + 37),
"Certificate path length constraint is invalid.")
ER3(SEC_ERROR_CERT_USAGES_INVALID, (SEC_ERROR_BASE + 38),
ER3(SEC_ERROR_CERT_USAGES_INVALID, (SEC_ERROR_BASE + 38),
"Certificate usages field is invalid.")
ER3(SEC_INTERNAL_ONLY, (SEC_ERROR_BASE + 39),
ER3(SEC_INTERNAL_ONLY, (SEC_ERROR_BASE + 39),
"**Internal ONLY module**")
ER3(SEC_ERROR_INVALID_KEY, (SEC_ERROR_BASE + 40),
ER3(SEC_ERROR_INVALID_KEY, (SEC_ERROR_BASE + 40),
"The key does not support the requested operation.")
ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 41),
ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 41),
"Certificate contains unknown critical extension.")
ER3(SEC_ERROR_OLD_CRL, (SEC_ERROR_BASE + 42),
ER3(SEC_ERROR_OLD_CRL, (SEC_ERROR_BASE + 42),
"New CRL is not later than the current one.")
ER3(SEC_ERROR_NO_EMAIL_CERT, (SEC_ERROR_BASE + 43),
ER3(SEC_ERROR_NO_EMAIL_CERT, (SEC_ERROR_BASE + 43),
"Not encrypted or signed: you do not yet have an email certificate.")
ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY, (SEC_ERROR_BASE + 44),
ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY, (SEC_ERROR_BASE + 44),
"Not encrypted: you do not have certificates for each of the recipients.")
ER3(SEC_ERROR_NOT_A_RECIPIENT, (SEC_ERROR_BASE + 45),
ER3(SEC_ERROR_NOT_A_RECIPIENT, (SEC_ERROR_BASE + 45),
"Cannot decrypt: you are not a recipient, or matching certificate and \
private key not found.")
ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH, (SEC_ERROR_BASE + 46),
ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH, (SEC_ERROR_BASE + 46),
"Cannot decrypt: key encryption algorithm does not match your certificate.")
ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE, (SEC_ERROR_BASE + 47),
ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE, (SEC_ERROR_BASE + 47),
"Signature verification failed: no signer found, too many signers found, \
or improper or corrupted data.")
ER3(SEC_ERROR_UNSUPPORTED_KEYALG, (SEC_ERROR_BASE + 48),
ER3(SEC_ERROR_UNSUPPORTED_KEYALG, (SEC_ERROR_BASE + 48),
"Unsupported or unknown key algorithm.")
ER3(SEC_ERROR_DECRYPTION_DISALLOWED, (SEC_ERROR_BASE + 49),
ER3(SEC_ERROR_DECRYPTION_DISALLOWED, (SEC_ERROR_BASE + 49),
"Cannot decrypt: encrypted using a disallowed algorithm or key size.")
/* Fortezza Alerts */
ER3(XP_SEC_FORTEZZA_BAD_CARD, (SEC_ERROR_BASE + 50),
ER3(XP_SEC_FORTEZZA_BAD_CARD, (SEC_ERROR_BASE + 50),
"Fortezza card has not been properly initialized. \
Please remove it and return it to your issuer.")
ER3(XP_SEC_FORTEZZA_NO_CARD, (SEC_ERROR_BASE + 51),
ER3(XP_SEC_FORTEZZA_NO_CARD, (SEC_ERROR_BASE + 51),
"No Fortezza cards Found")
ER3(XP_SEC_FORTEZZA_NONE_SELECTED, (SEC_ERROR_BASE + 52),
ER3(XP_SEC_FORTEZZA_NONE_SELECTED, (SEC_ERROR_BASE + 52),
"No Fortezza card selected")
ER3(XP_SEC_FORTEZZA_MORE_INFO, (SEC_ERROR_BASE + 53),
ER3(XP_SEC_FORTEZZA_MORE_INFO, (SEC_ERROR_BASE + 53),
"Please select a personality to get more info on")
ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND, (SEC_ERROR_BASE + 54),
ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND, (SEC_ERROR_BASE + 54),
"Personality not found")
ER3(XP_SEC_FORTEZZA_NO_MORE_INFO, (SEC_ERROR_BASE + 55),
ER3(XP_SEC_FORTEZZA_NO_MORE_INFO, (SEC_ERROR_BASE + 55),
"No more information on that Personality")
ER3(XP_SEC_FORTEZZA_BAD_PIN, (SEC_ERROR_BASE + 56),
ER3(XP_SEC_FORTEZZA_BAD_PIN, (SEC_ERROR_BASE + 56),
"Invalid Pin")
ER3(XP_SEC_FORTEZZA_PERSON_ERROR, (SEC_ERROR_BASE + 57),
ER3(XP_SEC_FORTEZZA_PERSON_ERROR, (SEC_ERROR_BASE + 57),
"Couldn't initialize Fortezza personalities.")
/* end fortezza alerts. */
ER3(SEC_ERROR_NO_KRL, (SEC_ERROR_BASE + 58),
ER3(SEC_ERROR_NO_KRL, (SEC_ERROR_BASE + 58),
"No KRL for this site's certificate has been found.")
ER3(SEC_ERROR_KRL_EXPIRED, (SEC_ERROR_BASE + 59),
ER3(SEC_ERROR_KRL_EXPIRED, (SEC_ERROR_BASE + 59),
"The KRL for this site's certificate has expired.")
ER3(SEC_ERROR_KRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 60),
ER3(SEC_ERROR_KRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 60),
"The KRL for this site's certificate has an invalid signature.")
ER3(SEC_ERROR_REVOKED_KEY, (SEC_ERROR_BASE + 61),
ER3(SEC_ERROR_REVOKED_KEY, (SEC_ERROR_BASE + 61),
"The key for this site's certificate has been revoked.")
ER3(SEC_ERROR_KRL_INVALID, (SEC_ERROR_BASE + 62),
ER3(SEC_ERROR_KRL_INVALID, (SEC_ERROR_BASE + 62),
"New KRL has an invalid format.")
ER3(SEC_ERROR_NEED_RANDOM, (SEC_ERROR_BASE + 63),
ER3(SEC_ERROR_NEED_RANDOM, (SEC_ERROR_BASE + 63),
"security library: need random data.")
ER3(SEC_ERROR_NO_MODULE, (SEC_ERROR_BASE + 64),
ER3(SEC_ERROR_NO_MODULE, (SEC_ERROR_BASE + 64),
"security library: no security module can perform the requested operation.")
ER3(SEC_ERROR_NO_TOKEN, (SEC_ERROR_BASE + 65),
ER3(SEC_ERROR_NO_TOKEN, (SEC_ERROR_BASE + 65),
"The security card or token does not exist, needs to be initialized, or has been removed.")
ER3(SEC_ERROR_READ_ONLY, (SEC_ERROR_BASE + 66),
ER3(SEC_ERROR_READ_ONLY, (SEC_ERROR_BASE + 66),
"security library: read-only database.")
ER3(SEC_ERROR_NO_SLOT_SELECTED, (SEC_ERROR_BASE + 67),
ER3(SEC_ERROR_NO_SLOT_SELECTED, (SEC_ERROR_BASE + 67),
"No slot or token was selected.")
ER3(SEC_ERROR_CERT_NICKNAME_COLLISION, (SEC_ERROR_BASE + 68),
ER3(SEC_ERROR_CERT_NICKNAME_COLLISION, (SEC_ERROR_BASE + 68),
"A certificate with the same nickname already exists.")
ER3(SEC_ERROR_KEY_NICKNAME_COLLISION, (SEC_ERROR_BASE + 69),
ER3(SEC_ERROR_KEY_NICKNAME_COLLISION, (SEC_ERROR_BASE + 69),
"A key with the same nickname already exists.")
ER3(SEC_ERROR_SAFE_NOT_CREATED, (SEC_ERROR_BASE + 70),
ER3(SEC_ERROR_SAFE_NOT_CREATED, (SEC_ERROR_BASE + 70),
"error while creating safe object")
ER3(SEC_ERROR_BAGGAGE_NOT_CREATED, (SEC_ERROR_BASE + 71),
ER3(SEC_ERROR_BAGGAGE_NOT_CREATED, (SEC_ERROR_BASE + 71),
"error while creating baggage object")
ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR, (SEC_ERROR_BASE + 72),
ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR, (SEC_ERROR_BASE + 72),
"Couldn't remove the principal")
ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR, (SEC_ERROR_BASE + 73),
ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR, (SEC_ERROR_BASE + 73),
"Couldn't delete the privilege")
ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR, (SEC_ERROR_BASE + 74),
ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR, (SEC_ERROR_BASE + 74),
"This principal doesn't have a certificate")
ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM, (SEC_ERROR_BASE + 75),
ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM, (SEC_ERROR_BASE + 75),
"Required algorithm is not allowed.")
ER3(SEC_ERROR_EXPORTING_CERTIFICATES, (SEC_ERROR_BASE + 76),
ER3(SEC_ERROR_EXPORTING_CERTIFICATES, (SEC_ERROR_BASE + 76),
"Error attempting to export certificates.")
ER3(SEC_ERROR_IMPORTING_CERTIFICATES, (SEC_ERROR_BASE + 77),
ER3(SEC_ERROR_IMPORTING_CERTIFICATES, (SEC_ERROR_BASE + 77),
"Error attempting to import certificates.")
ER3(SEC_ERROR_PKCS12_DECODING_PFX, (SEC_ERROR_BASE + 78),
ER3(SEC_ERROR_PKCS12_DECODING_PFX, (SEC_ERROR_BASE + 78),
"Unable to import. Decoding error. File not valid.")
ER3(SEC_ERROR_PKCS12_INVALID_MAC, (SEC_ERROR_BASE + 79),
ER3(SEC_ERROR_PKCS12_INVALID_MAC, (SEC_ERROR_BASE + 79),
"Unable to import. Invalid MAC. Incorrect password or corrupt file.")
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM, (SEC_ERROR_BASE + 80),
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM, (SEC_ERROR_BASE + 80),
"Unable to import. MAC algorithm not supported.")
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE,(SEC_ERROR_BASE + 81),
"Unable to import. Only password integrity and privacy modes supported.")
ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE, (SEC_ERROR_BASE + 82),
ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE, (SEC_ERROR_BASE + 82),
"Unable to import. File structure is corrupt.")
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM, (SEC_ERROR_BASE + 83),
"Unable to import. Encryption algorithm not supported.")
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION, (SEC_ERROR_BASE + 84),
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION, (SEC_ERROR_BASE + 84),
"Unable to import. File version not supported.")
ER3(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT,(SEC_ERROR_BASE + 85),
"Unable to import. Incorrect privacy password.")
ER3(SEC_ERROR_PKCS12_CERT_COLLISION, (SEC_ERROR_BASE + 86),
ER3(SEC_ERROR_PKCS12_CERT_COLLISION, (SEC_ERROR_BASE + 86),
"Unable to import. Same nickname already exists in database.")
ER3(SEC_ERROR_USER_CANCELLED, (SEC_ERROR_BASE + 87),
ER3(SEC_ERROR_USER_CANCELLED, (SEC_ERROR_BASE + 87),
"The user pressed cancel.")
ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA, (SEC_ERROR_BASE + 88),
ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA, (SEC_ERROR_BASE + 88),
"Not imported, already in database.")
ER3(SEC_ERROR_MESSAGE_SEND_ABORTED, (SEC_ERROR_BASE + 89),
ER3(SEC_ERROR_MESSAGE_SEND_ABORTED, (SEC_ERROR_BASE + 89),
"Message not sent.")
ER3(SEC_ERROR_INADEQUATE_KEY_USAGE, (SEC_ERROR_BASE + 90),
ER3(SEC_ERROR_INADEQUATE_KEY_USAGE, (SEC_ERROR_BASE + 90),
"Certificate key usage inadequate for attempted operation.")
ER3(SEC_ERROR_INADEQUATE_CERT_TYPE, (SEC_ERROR_BASE + 91),
ER3(SEC_ERROR_INADEQUATE_CERT_TYPE, (SEC_ERROR_BASE + 91),
"Certificate type not approved for application.")
ER3(SEC_ERROR_CERT_ADDR_MISMATCH, (SEC_ERROR_BASE + 92),
ER3(SEC_ERROR_CERT_ADDR_MISMATCH, (SEC_ERROR_BASE + 92),
"Address in signing certificate does not match address in message headers.")
ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY, (SEC_ERROR_BASE + 93),
ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY, (SEC_ERROR_BASE + 93),
"Unable to import. Error attempting to import private key.")
ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN, (SEC_ERROR_BASE + 94),
ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN, (SEC_ERROR_BASE + 94),
"Unable to import. Error attempting to import certificate chain.")
ER3(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME, (SEC_ERROR_BASE + 95),
"Unable to export. Unable to locate certificate or key by nickname.")
ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY, (SEC_ERROR_BASE + 96),
ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY, (SEC_ERROR_BASE + 96),
"Unable to export. Private Key could not be located and exported.")
ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, (SEC_ERROR_BASE + 97),
ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, (SEC_ERROR_BASE + 97),
"Unable to export. Unable to write the export file.")
ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ, (SEC_ERROR_BASE + 98),
ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ, (SEC_ERROR_BASE + 98),
"Unable to import. Unable to read the import file.")
ER3(SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED, (SEC_ERROR_BASE + 99),
"Unable to export. Key database corrupt or deleted.")
ER3(SEC_ERROR_KEYGEN_FAIL, (SEC_ERROR_BASE + 100),
ER3(SEC_ERROR_KEYGEN_FAIL, (SEC_ERROR_BASE + 100),
"Unable to generate public/private key pair.")
ER3(SEC_ERROR_INVALID_PASSWORD, (SEC_ERROR_BASE + 101),
ER3(SEC_ERROR_INVALID_PASSWORD, (SEC_ERROR_BASE + 101),
"Password entered is invalid. Please pick a different one.")
ER3(SEC_ERROR_RETRY_OLD_PASSWORD, (SEC_ERROR_BASE + 102),
ER3(SEC_ERROR_RETRY_OLD_PASSWORD, (SEC_ERROR_BASE + 102),
"Old password entered incorrectly. Please try again.")
ER3(SEC_ERROR_BAD_NICKNAME, (SEC_ERROR_BASE + 103),
ER3(SEC_ERROR_BAD_NICKNAME, (SEC_ERROR_BASE + 103),
"Certificate nickname already in use.")
ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER, (SEC_ERROR_BASE + 104),
ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER, (SEC_ERROR_BASE + 104),
"Peer FORTEZZA chain has a non-FORTEZZA Certificate.")
ER3(SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY, (SEC_ERROR_BASE + 105),
ER3(SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY, (SEC_ERROR_BASE + 105),
"A sensitive key cannot be moved to the slot where it is needed.")
ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, (SEC_ERROR_BASE + 106),
ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, (SEC_ERROR_BASE + 106),
"Invalid module name.")
ER3(SEC_ERROR_JS_INVALID_DLL, (SEC_ERROR_BASE + 107),
ER3(SEC_ERROR_JS_INVALID_DLL, (SEC_ERROR_BASE + 107),
"Invalid module path/filename")
ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, (SEC_ERROR_BASE + 108),
ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, (SEC_ERROR_BASE + 108),
"Unable to add module")
ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, (SEC_ERROR_BASE + 109),
ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, (SEC_ERROR_BASE + 109),
"Unable to delete module")
ER3(SEC_ERROR_OLD_KRL, (SEC_ERROR_BASE + 110),
ER3(SEC_ERROR_OLD_KRL, (SEC_ERROR_BASE + 110),
"New KRL is not later than the current one.")
ER3(SEC_ERROR_CKL_CONFLICT, (SEC_ERROR_BASE + 111),
ER3(SEC_ERROR_CKL_CONFLICT, (SEC_ERROR_BASE + 111),
"New CKL has different issuer than current CKL. Delete current CKL.")
ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, (SEC_ERROR_BASE + 112),
ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, (SEC_ERROR_BASE + 112),
"The Certifying Authority for this certificate is not permitted to issue a \
certificate with this name.")
ER3(SEC_ERROR_KRL_NOT_YET_VALID, (SEC_ERROR_BASE + 113),
ER3(SEC_ERROR_KRL_NOT_YET_VALID, (SEC_ERROR_BASE + 113),
"The key revocation list for this certificate is not yet valid.")
ER3(SEC_ERROR_CRL_NOT_YET_VALID, (SEC_ERROR_BASE + 114),
ER3(SEC_ERROR_CRL_NOT_YET_VALID, (SEC_ERROR_BASE + 114),
"The certificate revocation list for this certificate is not yet valid.")
ER3(SEC_ERROR_UNKNOWN_CERT, (SEC_ERROR_BASE + 115),
ER3(SEC_ERROR_UNKNOWN_CERT, (SEC_ERROR_BASE + 115),
"The requested certificate could not be found.")
ER3(SEC_ERROR_UNKNOWN_SIGNER, (SEC_ERROR_BASE + 116),
ER3(SEC_ERROR_UNKNOWN_SIGNER, (SEC_ERROR_BASE + 116),
"The signer's certificate could not be found.")
ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, (SEC_ERROR_BASE + 117),
ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, (SEC_ERROR_BASE + 117),
"The location for the certificate status server has invalid format.")
ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE, (SEC_ERROR_BASE + 118),
ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE, (SEC_ERROR_BASE + 118),
"The OCSP response cannot be fully decoded; it is of an unknown type.")
ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 119),
ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 119),
"The OCSP server returned unexpected/invalid HTTP data.")
ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST, (SEC_ERROR_BASE + 120),
ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST, (SEC_ERROR_BASE + 120),
"The OCSP server found the request to be corrupted or improperly formed.")
ER3(SEC_ERROR_OCSP_SERVER_ERROR, (SEC_ERROR_BASE + 121),
ER3(SEC_ERROR_OCSP_SERVER_ERROR, (SEC_ERROR_BASE + 121),
"The OCSP server experienced an internal error.")
ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER, (SEC_ERROR_BASE + 122),
ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER, (SEC_ERROR_BASE + 122),
"The OCSP server suggests trying again later.")
ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, (SEC_ERROR_BASE + 123),
ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, (SEC_ERROR_BASE + 123),
"The OCSP server requires a signature on this request.")
ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, (SEC_ERROR_BASE + 124),
ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, (SEC_ERROR_BASE + 124),
"The OCSP server has refused this request as unauthorized.")
ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, (SEC_ERROR_BASE + 125),
ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, (SEC_ERROR_BASE + 125),
"The OCSP server returned an unrecognizable status.")
ER3(SEC_ERROR_OCSP_UNKNOWN_CERT, (SEC_ERROR_BASE + 126),
ER3(SEC_ERROR_OCSP_UNKNOWN_CERT, (SEC_ERROR_BASE + 126),
"The OCSP server has no status for the certificate.")
ER3(SEC_ERROR_OCSP_NOT_ENABLED, (SEC_ERROR_BASE + 127),
ER3(SEC_ERROR_OCSP_NOT_ENABLED, (SEC_ERROR_BASE + 127),
"You must enable OCSP before performing this operation.")
ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER, (SEC_ERROR_BASE + 128),
ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER, (SEC_ERROR_BASE + 128),
"You must set the OCSP default responder before performing this operation.")
ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE, (SEC_ERROR_BASE + 129),
ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE, (SEC_ERROR_BASE + 129),
"The response from the OCSP server was corrupted or improperly formed.")
ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE, (SEC_ERROR_BASE + 130),
ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE, (SEC_ERROR_BASE + 130),
"The signer of the OCSP response is not authorized to give status for \
this certificate.")
ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE, (SEC_ERROR_BASE + 131),
ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE, (SEC_ERROR_BASE + 131),
"The OCSP response is not yet valid (contains a date in the future).")
ER3(SEC_ERROR_OCSP_OLD_RESPONSE, (SEC_ERROR_BASE + 132),
ER3(SEC_ERROR_OCSP_OLD_RESPONSE, (SEC_ERROR_BASE + 132),
"The OCSP response contains out-of-date information.")
ER3(SEC_ERROR_DIGEST_NOT_FOUND, (SEC_ERROR_BASE + 133),
ER3(SEC_ERROR_DIGEST_NOT_FOUND, (SEC_ERROR_BASE + 133),
"The CMS or PKCS #7 Digest was not found in signed message.")
ER3(SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE, (SEC_ERROR_BASE + 134),
ER3(SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE, (SEC_ERROR_BASE + 134),
"The CMS or PKCS #7 Message type is unsupported.")
ER3(SEC_ERROR_MODULE_STUCK, (SEC_ERROR_BASE + 135),
ER3(SEC_ERROR_MODULE_STUCK, (SEC_ERROR_BASE + 135),
"PKCS #11 module could not be removed because it is still in use.")
ER3(SEC_ERROR_BAD_TEMPLATE, (SEC_ERROR_BASE + 136),
ER3(SEC_ERROR_BAD_TEMPLATE, (SEC_ERROR_BASE + 136),
"Could not decode ASN.1 data. Specified template was invalid.")
ER3(SEC_ERROR_CRL_NOT_FOUND, (SEC_ERROR_BASE + 137),
ER3(SEC_ERROR_CRL_NOT_FOUND, (SEC_ERROR_BASE + 137),
"No matching CRL was found.")
ER3(SEC_ERROR_REUSED_ISSUER_AND_SERIAL, (SEC_ERROR_BASE + 138),
"You are attempting to import a cert with the same issuer/serial as \
an existing cert, but that is not the same cert.")
ER3(SEC_ERROR_BUSY, (SEC_ERROR_BASE + 139),
ER3(SEC_ERROR_BUSY, (SEC_ERROR_BASE + 139),
"NSS could not shutdown. Objects are still in use.")
ER3(SEC_ERROR_EXTRA_INPUT, (SEC_ERROR_BASE + 140),
ER3(SEC_ERROR_EXTRA_INPUT, (SEC_ERROR_BASE + 140),
"DER-encoded message contained extra unused data.")
ER3(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE, (SEC_ERROR_BASE + 141),
ER3(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE, (SEC_ERROR_BASE + 141),
"Unsupported elliptic curve.")
ER3(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM, (SEC_ERROR_BASE + 142),
ER3(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM, (SEC_ERROR_BASE + 142),
"Unsupported elliptic curve point form.")
ER3(SEC_ERROR_UNRECOGNIZED_OID, (SEC_ERROR_BASE + 143),
ER3(SEC_ERROR_UNRECOGNIZED_OID, (SEC_ERROR_BASE + 143),
"Unrecognized Object Identifier.")
ER3(SEC_ERROR_OCSP_INVALID_SIGNING_CERT, (SEC_ERROR_BASE + 144),
ER3(SEC_ERROR_OCSP_INVALID_SIGNING_CERT, (SEC_ERROR_BASE + 144),
"Invalid OCSP signing certificate in OCSP response.")
ER3(SEC_ERROR_REVOKED_CERTIFICATE_CRL, (SEC_ERROR_BASE + 145),
@ -496,53 +496,53 @@ ER3(SEC_ERROR_CRL_V1_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 148),
ER3(SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 149),
"Issuer's V2 Certificate Revocation List has an unknown critical extension.")
ER3(SEC_ERROR_UNKNOWN_OBJECT_TYPE, (SEC_ERROR_BASE + 150),
ER3(SEC_ERROR_UNKNOWN_OBJECT_TYPE, (SEC_ERROR_BASE + 150),
"Unknown object type specified.")
ER3(SEC_ERROR_INCOMPATIBLE_PKCS11, (SEC_ERROR_BASE + 151),
ER3(SEC_ERROR_INCOMPATIBLE_PKCS11, (SEC_ERROR_BASE + 151),
"PKCS #11 driver violates the spec in an incompatible way.")
ER3(SEC_ERROR_NO_EVENT, (SEC_ERROR_BASE + 152),
ER3(SEC_ERROR_NO_EVENT, (SEC_ERROR_BASE + 152),
"No new slot event is available at this time.")
ER3(SEC_ERROR_CRL_ALREADY_EXISTS, (SEC_ERROR_BASE + 153),
ER3(SEC_ERROR_CRL_ALREADY_EXISTS, (SEC_ERROR_BASE + 153),
"CRL already exists.")
ER3(SEC_ERROR_NOT_INITIALIZED, (SEC_ERROR_BASE + 154),
ER3(SEC_ERROR_NOT_INITIALIZED, (SEC_ERROR_BASE + 154),
"NSS is not initialized.")
ER3(SEC_ERROR_TOKEN_NOT_LOGGED_IN, (SEC_ERROR_BASE + 155),
ER3(SEC_ERROR_TOKEN_NOT_LOGGED_IN, (SEC_ERROR_BASE + 155),
"The operation failed because the PKCS#11 token is not logged in.")
ER3(SEC_ERROR_OCSP_RESPONDER_CERT_INVALID, (SEC_ERROR_BASE + 156),
ER3(SEC_ERROR_OCSP_RESPONDER_CERT_INVALID, (SEC_ERROR_BASE + 156),
"Configured OCSP responder's certificate is invalid.")
ER3(SEC_ERROR_OCSP_BAD_SIGNATURE, (SEC_ERROR_BASE + 157),
ER3(SEC_ERROR_OCSP_BAD_SIGNATURE, (SEC_ERROR_BASE + 157),
"OCSP response has an invalid signature.")
ER3(SEC_ERROR_OUT_OF_SEARCH_LIMITS, (SEC_ERROR_BASE + 158),
ER3(SEC_ERROR_OUT_OF_SEARCH_LIMITS, (SEC_ERROR_BASE + 158),
"Cert validation search is out of search limits")
ER3(SEC_ERROR_INVALID_POLICY_MAPPING, (SEC_ERROR_BASE + 159),
ER3(SEC_ERROR_INVALID_POLICY_MAPPING, (SEC_ERROR_BASE + 159),
"Policy mapping contains anypolicy")
ER3(SEC_ERROR_POLICY_VALIDATION_FAILED, (SEC_ERROR_BASE + 160),
ER3(SEC_ERROR_POLICY_VALIDATION_FAILED, (SEC_ERROR_BASE + 160),
"Cert chain fails policy validation")
ER3(SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE, (SEC_ERROR_BASE + 161),
ER3(SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE, (SEC_ERROR_BASE + 161),
"Unknown location type in cert AIA extension")
ER3(SEC_ERROR_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 162),
ER3(SEC_ERROR_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 162),
"Server returned bad HTTP response")
ER3(SEC_ERROR_BAD_LDAP_RESPONSE, (SEC_ERROR_BASE + 163),
ER3(SEC_ERROR_BAD_LDAP_RESPONSE, (SEC_ERROR_BASE + 163),
"Server returned bad LDAP response")
ER3(SEC_ERROR_FAILED_TO_ENCODE_DATA, (SEC_ERROR_BASE + 164),
ER3(SEC_ERROR_FAILED_TO_ENCODE_DATA, (SEC_ERROR_BASE + 164),
"Failed to encode data with ASN1 encoder")
ER3(SEC_ERROR_BAD_INFO_ACCESS_LOCATION, (SEC_ERROR_BASE + 165),
ER3(SEC_ERROR_BAD_INFO_ACCESS_LOCATION, (SEC_ERROR_BASE + 165),
"Bad information access location in cert extension")
ER3(SEC_ERROR_LIBPKIX_INTERNAL, (SEC_ERROR_BASE + 166),
ER3(SEC_ERROR_LIBPKIX_INTERNAL, (SEC_ERROR_BASE + 166),
"Libpkix internal error occured during cert validation.")

400
certext.c
View File

@ -104,8 +104,8 @@ CERT_EncodeSubjectKeyID(PRArenaPool *arena, const SECItem* srcString,
return SECFailure;
}
if (SEC_ASN1EncodeItem (arena, encodedValue, srcString,
CERTSubjectKeyIDTemplate) == NULL) {
rv = SECFailure;
CERTSubjectKeyIDTemplate) == NULL) {
rv = SECFailure;
}
return(rv);
@ -141,82 +141,82 @@ SEC_StringToOID(PLArenaPool *pool, SECItem *to, const char *from, PRUint32 len)
static const char OIDstring[] = {"OID."};
if (!from || !to) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
if (!len) {
len = PL_strlen(from);
len = PL_strlen(from);
}
if (len >= 4 && !PL_strncasecmp(from, OIDstring, 4)) {
from += 4; /* skip leading "OID." if present */
len -= 4;
from += 4; /* skip leading "OID." if present */
len -= 4;
}
if (!len) {
bad_data:
PORT_SetError(SEC_ERROR_BAD_DATA);
return SECFailure;
PORT_SetError(SEC_ERROR_BAD_DATA);
return SECFailure;
}
do {
PRUint32 decimal = 0;
while (len > 0 && isdigit(*from)) {
PRUint32 addend = (*from++ - '0');
--len;
if (decimal > max_decimal) /* overflow */
goto bad_data;
decimal = (decimal * 10) + addend;
if (decimal < addend) /* overflow */
goto bad_data;
}
if (len != 0 && *from != '.') {
goto bad_data;
}
if (decimal_numbers == 0) {
if (decimal > 2)
goto bad_data;
result[0] = decimal * 40;
result_bytes = 1;
} else if (decimal_numbers == 1) {
if (decimal > 40)
goto bad_data;
result[0] += decimal;
} else {
/* encode the decimal number, */
PRUint8 * rp;
PRUint32 num_bytes = 0;
PRUint32 tmp = decimal;
while (tmp) {
num_bytes++;
tmp >>= 7;
}
if (!num_bytes )
++num_bytes; /* use one byte for a zero value */
if (num_bytes + result_bytes > sizeof result)
goto bad_data;
tmp = num_bytes;
rp = result + result_bytes - 1;
rp[tmp] = (PRUint8)(decimal & 0x7f);
decimal >>= 7;
while (--tmp > 0) {
rp[tmp] = (PRUint8)(decimal | 0x80);
decimal >>= 7;
}
result_bytes += num_bytes;
}
++decimal_numbers;
if (len > 0) { /* skip trailing '.' */
++from;
--len;
}
} while (len > 0);
do {
PRUint32 decimal = 0;
while (len > 0 && isdigit(*from)) {
PRUint32 addend = (*from++ - '0');
--len;
if (decimal > max_decimal) /* overflow */
goto bad_data;
decimal = (decimal * 10) + addend;
if (decimal < addend) /* overflow */
goto bad_data;
}
if (len != 0 && *from != '.') {
goto bad_data;
}
if (decimal_numbers == 0) {
if (decimal > 2)
goto bad_data;
result[0] = decimal * 40;
result_bytes = 1;
} else if (decimal_numbers == 1) {
if (decimal > 40)
goto bad_data;
result[0] += decimal;
} else {
/* encode the decimal number, */
PRUint8 * rp;
PRUint32 num_bytes = 0;
PRUint32 tmp = decimal;
while (tmp) {
num_bytes++;
tmp >>= 7;
}
if (!num_bytes )
++num_bytes; /* use one byte for a zero value */
if (num_bytes + result_bytes > sizeof result)
goto bad_data;
tmp = num_bytes;
rp = result + result_bytes - 1;
rp[tmp] = (PRUint8)(decimal & 0x7f);
decimal >>= 7;
while (--tmp > 0) {
rp[tmp] = (PRUint8)(decimal | 0x80);
decimal >>= 7;
}
result_bytes += num_bytes;
}
++decimal_numbers;
if (len > 0) { /* skip trailing '.' */
++from;
--len;
}
} while (len > 0);
/* now result contains result_bytes of data */
if (to->data && to->len >= result_bytes) {
PORT_Memcpy(to->data, result, to->len = result_bytes);
rv = SECSuccess;
PORT_Memcpy(to->data, result, to->len = result_bytes);
rv = SECSuccess;
} else {
SECItem result_item = {siBuffer, NULL, 0 };
result_item.data = result;
result_item.len = result_bytes;
rv = SECITEM_CopyItem(pool, to, &result_item);
SECItem result_item = {siBuffer, NULL, 0 };
result_item.data = result;
result_item.len = result_bytes;
rv = SECITEM_CopyItem(pool, to, &result_item);
}
return rv;
}
@ -283,15 +283,15 @@ GetGeneralName (PRArenaPool *arena)
mark = PORT_ArenaMark (arena);
do {
if (PrintChoicesAndGetAnswer(
"\nSelect one of the following general name type: \n"
"\t2 - rfc822Name\n"
"\t3 - dnsName\n"
"\t5 - directoryName\n"
"\t7 - uniformResourceidentifier\n"
"\t8 - ipAddress\n"
"\t9 - registerID\n"
"\tAny other number to finish\n"
"\t\tChoice:", buffer, sizeof(buffer)) == SECFailure) {
"\nSelect one of the following general name type: \n"
"\t2 - rfc822Name\n"
"\t3 - dnsName\n"
"\t5 - directoryName\n"
"\t7 - uniformResourceidentifier\n"
"\t8 - ipAddress\n"
"\t9 - registerID\n"
"\tAny other number to finish\n"
"\t\tChoice:", buffer, sizeof(buffer)) == SECFailure) {
GEN_BREAK (SECFailure);
}
intValue = PORT_Atoi (buffer);
@ -306,23 +306,23 @@ GetGeneralName (PRArenaPool *arena)
case certURI:
case certIPAddress:
case certRegisterID:
break;
break;
default:
intValue = 0; /* force a break for anything else */
intValue = 0; /* force a break for anything else */
}
if (intValue == 0)
break;
if (namesList == NULL) {
namesList = current = tail =
PORT_ArenaZNew(arena, CERTGeneralName);
} else {
current = PORT_ArenaZNew(arena, CERTGeneralName);
}
if (current == NULL) {
GEN_BREAK (SECFailure);
}
break;
if (namesList == NULL) {
namesList = current = tail =
PORT_ArenaZNew(arena, CERTGeneralName);
} else {
current = PORT_ArenaZNew(arena, CERTGeneralName);
}
if (current == NULL) {
GEN_BREAK (SECFailure);
}
current->type = intValue;
puts ("\nEnter data:");
@ -368,22 +368,22 @@ GetGeneralName (PRArenaPool *arena)
}
case certDirectoryName:
{
CERTName *directoryName = NULL;
directoryName = CERT_AsciiToName (buffer);
if (!directoryName) {
fprintf(stderr, "certutil: improperly formatted name: "
"\"%s\"\n", buffer);
break;
}
rv = CERT_CopyName (arena, &current->name.directoryName,
directoryName);
CERT_DestroyName (directoryName);
break;
}
{
CERTName *directoryName = NULL;
directoryName = CERT_AsciiToName (buffer);
if (!directoryName) {
fprintf(stderr, "certutil: improperly formatted name: "
"\"%s\"\n", buffer);
break;
}
rv = CERT_CopyName (arena, &current->name.directoryName,
directoryName);
CERT_DestroyName (directoryName);
break;
}
}
if (rv != SECSuccess)
break;
@ -447,7 +447,7 @@ AddKeyUsage (void *extHandle)
PRBool yesNoAns;
while (1) {
if (PrintChoicesAndGetAnswer(
if (PrintChoicesAndGetAnswer(
"\t\t0 - Digital Signature\n"
"\t\t1 - Non-repudiation\n"
"\t\t2 - Key encipherment\n"
@ -829,8 +829,8 @@ AddBasicConstraint(void *extHandle)
yesNoAns = GetYesNo ("Is this a critical extension [y/N]?");
rv = SECU_EncodeAndAddExtensionValue(NULL, extHandle,
&basicConstraint, yesNoAns, SEC_OID_X509_BASIC_CONSTRAINTS,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeBasicConstraintValue);
&basicConstraint, yesNoAns, SEC_OID_X509_BASIC_CONSTRAINTS,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeBasicConstraintValue);
} while (0);
return (rv);
@ -878,8 +878,8 @@ AddAuthKeyID (void *extHandle)
yesNoAns = GetYesNo ("Is this a critical extension [y/N]?");
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle,
authKeyID, yesNoAns, SEC_OID_X509_AUTH_KEY_ID,
(EXTEN_EXT_VALUE_ENCODER) CERT_EncodeAuthKeyID);
authKeyID, yesNoAns, SEC_OID_X509_AUTH_KEY_ID,
(EXTEN_EXT_VALUE_ENCODER) CERT_EncodeAuthKeyID);
if (rv)
break;
@ -915,8 +915,8 @@ AddSubjKeyID (void *extHandle)
yesNoAns = GetYesNo ("Is this a critical extension [y/N]?");
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle,
&keyID, yesNoAns, SEC_OID_X509_SUBJECT_KEY_ID,
(EXTEN_EXT_VALUE_ENCODER) CERT_EncodeSubjectKeyID);
&keyID, yesNoAns, SEC_OID_X509_SUBJECT_KEY_ID,
(EXTEN_EXT_VALUE_ENCODER) CERT_EncodeSubjectKeyID);
if (rv)
break;
@ -954,8 +954,8 @@ AddCrlDistPoint(void *extHandle)
"\t1 - Full Name\n\t2 - Relative Name\n\tAny other "
"number to finish\n\t\tChoice: ",
buffer, sizeof(buffer)) == SECFailure) {
GEN_BREAK (SECFailure);
}
GEN_BREAK (SECFailure);
}
intValue = PORT_Atoi (buffer);
switch (intValue) {
case generalName:
@ -1043,8 +1043,8 @@ AddCrlDistPoint(void *extHandle)
/* Add null to the end to mark end of data */
crlDistPoints->distPoints =
PORT_ArenaGrow(arena, crlDistPoints->distPoints,
sizeof (*crlDistPoints->distPoints) * count,
sizeof (*crlDistPoints->distPoints) *(count + 1));
sizeof (*crlDistPoints->distPoints) * count,
sizeof (*crlDistPoints->distPoints) *(count + 1));
crlDistPoints->distPoints[count] = NULL;
break;
}
@ -1056,8 +1056,8 @@ AddCrlDistPoint(void *extHandle)
PRBool yesNoAns = GetYesNo ("Is this a critical extension [y/N]?");
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle,
crlDistPoints, yesNoAns, SEC_OID_X509_CRL_DIST_POINTS,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCRLDistributionPoints);
crlDistPoints, yesNoAns, SEC_OID_X509_CRL_DIST_POINTS,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCRLDistributionPoints);
}
if (arena)
PORT_FreeArena (arena, PR_FALSE);
@ -1098,7 +1098,7 @@ AddPolicyConstraints(void *extHandle)
if (PORT_Strlen(buffer)) {
value = PORT_Atoi(buffer);
if (value < 0) {
if (value < 0) {
goto loser;
}
item = &policyConstr->explicitPolicySkipCerts;
@ -1111,14 +1111,14 @@ AddPolicyConstraints(void *extHandle)
if (PrintChoicesAndGetAnswer("for inihibitPolicyMapping enter "
"the number of certs in path\n"
"after which policy mapping is not allowed\n"
"after which policy mapping is not allowed\n"
"(press Enter to omit)", buffer, sizeof(buffer)) == SECFailure) {
goto loser;
}
if (PORT_Strlen(buffer)) {
value = PORT_Atoi(buffer);
if (value < 0) {
if (value < 0) {
goto loser;
}
item = &policyConstr->inhibitMappingSkipCerts;
@ -1134,12 +1134,12 @@ AddPolicyConstraints(void *extHandle)
yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, policyConstr,
yesNoAns, SEC_OID_X509_POLICY_CONSTRAINTS,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyConstraintsExtension);
yesNoAns, SEC_OID_X509_POLICY_CONSTRAINTS,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyConstraintsExtension);
} else {
fprintf(stdout, "Policy Constraint extensions must contain "
fprintf(stdout, "Policy Constraint extensions must contain "
"at least one policy field\n");
rv = SECFailure;
rv = SECFailure;
}
loser:
@ -1188,8 +1188,8 @@ AddInhibitAnyPolicy(void *extHandle)
yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &certInhibitAny,
yesNoAns, SEC_OID_X509_INHIBIT_ANY_POLICY,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInhibitAnyExtension);
yesNoAns, SEC_OID_X509_INHIBIT_ANY_POLICY,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInhibitAnyExtension);
loser:
if (arena) {
PORT_FreeArena (arena, PR_FALSE);
@ -1280,8 +1280,8 @@ AddPolicyMappings(void *extHandle)
mappings.arena = arena;
mappings.policyMaps = policyMapArr;
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &mappings,
yesNoAns, SEC_OID_X509_POLICY_MAPPINGS,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyMappingExtension);
yesNoAns, SEC_OID_X509_POLICY_MAPPINGS,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyMappingExtension);
}
if (arena)
PORT_FreeArena (arena, PR_FALSE);
@ -1332,16 +1332,16 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID)
oid = SECOID_FindOIDByTag(SEC_OID_PKIX_CPS_POINTER_QUALIFIER);
if (PrintChoicesAndGetAnswer("Enter CPS pointer URI: ",
buffer, sizeof(buffer)) == SECFailure) {
buffer, sizeof(buffer)) == SECFailure) {
GEN_BREAK (SECFailure);
}
input.len = PORT_Strlen(buffer);
input.data = (void*)PORT_ArenaStrdup(arena, buffer);
if (input.data == NULL ||
SEC_ASN1EncodeItem(arena, &current->qualifierValue, &input,
SEC_ASN1_GET(SEC_IA5StringTemplate)) == NULL) {
SEC_ASN1EncodeItem(arena, &current->qualifierValue, &input,
SEC_ASN1_GET(SEC_IA5StringTemplate)) == NULL) {
GEN_BREAK (SECFailure);
}
}
break;
}
case userNotice: {
@ -1356,7 +1356,7 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID)
if (GetYesNo("\t add a User Notice reference? [y/N]")) {
if (PrintChoicesAndGetAnswer("Enter user organization string: ",
buffer, sizeof(buffer)) == SECFailure) {
buffer, sizeof(buffer)) == SECFailure) {
GEN_BREAK (SECFailure);
}
@ -1368,9 +1368,9 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID)
noticeNumArr = PORT_ArenaZNewArray(arena, SECItem *, 2);
if (!noticeNumArr) {
if (!noticeNumArr) {
GEN_BREAK (SECFailure);
}
}
do {
SECItem *noticeNum;
@ -1378,34 +1378,34 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID)
noticeNum = PORT_ArenaZNew(arena, SECItem);
if (PrintChoicesAndGetAnswer(
"Enter User Notice reference number "
"(or -1 to quit): ",
"Enter User Notice reference number "
"(or -1 to quit): ",
buffer, sizeof(buffer)) == SECFailure) {
GEN_BREAK (SECFailure);
}
intValue = PORT_Atoi(buffer);
if (noticeNum == NULL) {
if (intValue < 0) {
fprintf(stdout, "a noticeReference must have at "
if (noticeNum == NULL) {
if (intValue < 0) {
fprintf(stdout, "a noticeReference must have at "
"least one reference number\n");
GEN_BREAK (SECFailure);
}
} else {
if (intValue >= 0) {
}
} else {
if (intValue >= 0) {
noticeNumArr = PORT_ArenaGrow(arena, noticeNumArr,
sizeof (current) * inCount,
sizeof (current) *(inCount + 1));
sizeof (current) * inCount,
sizeof (current) *(inCount + 1));
if (noticeNumArr == NULL) {
GEN_BREAK (SECFailure);
}
} else {
break;
}
} else {
break;
}
}
if (!SEC_ASN1EncodeInteger(arena, noticeNum, intValue)) {
GEN_BREAK (SECFailure);
}
}
noticeNumArr[inCount++] = noticeNum;
noticeNumArr[inCount] = NULL;
@ -1429,10 +1429,10 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID)
notice->displayText.type = siAsciiString;
notice->displayText.len = PORT_Strlen(buffer);
notice->displayText.data =
(void*)PORT_ArenaStrdup(arena, buffer);
if (notice->displayText.data == NULL) {
GEN_BREAK(SECFailure);
}
(void*)PORT_ArenaStrdup(arena, buffer);
if (notice->displayText.data == NULL) {
GEN_BREAK(SECFailure);
}
}
rv = CERT_EncodeUserNotice(arena, notice, &current->qualifierValue);
@ -1445,17 +1445,17 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID)
}
if (rv == SECFailure || oid == NULL ||
SECITEM_CopyItem(arena, &current->qualifierID, &oid->oid)
== SECFailure) {
== SECFailure) {
GEN_BREAK (SECFailure);
}
if (!policyQualifArr) {
policyQualifArr = PORT_ArenaZNew(arena, CERTPolicyQualifier *);
} else {
policyQualifArr = PORT_ArenaGrow (arena, policyQualifArr,
policyQualifArr = PORT_ArenaGrow (arena, policyQualifArr,
sizeof (current) * count,
sizeof (current) *(count + 1));
}
}
if (policyQualifArr == NULL) {
GEN_BREAK (SECFailure);
}
@ -1508,15 +1508,15 @@ AddCertPolicies(void *extHandle)
if (PrintChoicesAndGetAnswer("Enter a CertPolicy Object Identifier "
"(dotted decimal format)\n"
"or \"any\" for AnyPolicy:",
"or \"any\" for AnyPolicy:",
buffer, sizeof(buffer)) == SECFailure) {
GEN_BREAK (SECFailure);
}
if (strncmp(buffer, "any", 3) == 0) {
/* use string version of X509_CERTIFICATE_POLICIES.anyPolicy */
strcpy(buffer, "OID.2.5.29.32.0");
}
if (strncmp(buffer, "any", 3) == 0) {
/* use string version of X509_CERTIFICATE_POLICIES.anyPolicy */
strcpy(buffer, "OID.2.5.29.32.0");
}
rv = SEC_StringToOID(arena, &current->policyID, buffer, 0);
if (rv == SECFailure) {
@ -1529,10 +1529,10 @@ AddCertPolicies(void *extHandle)
if (!certPoliciesArr) {
certPoliciesArr = PORT_ArenaZNew(arena, CERTPolicyInfo *);
} else {
certPoliciesArr = PORT_ArenaGrow(arena, certPoliciesArr,
certPoliciesArr = PORT_ArenaGrow(arena, certPoliciesArr,
sizeof (current) * count,
sizeof (current) *(count + 1));
}
}
if (certPoliciesArr == NULL) {
GEN_BREAK (SECFailure);
}
@ -1562,11 +1562,11 @@ AddCertPolicies(void *extHandle)
policies.policyInfos = certPoliciesArr;
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &policies,
yesNoAns, SEC_OID_X509_CERTIFICATE_POLICIES,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCertPoliciesExtension);
yesNoAns, SEC_OID_X509_CERTIFICATE_POLICIES,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCertPoliciesExtension);
}
if (arena)
PORT_FreeArena(arena, PR_FALSE);
PORT_FreeArena(arena, PR_FALSE);
return (rv);
}
@ -1648,7 +1648,7 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert)
}
if (oid == NULL ||
SECITEM_CopyItem(arena, &current->method, &oid->oid)
== SECFailure) {
== SECFailure) {
GEN_BREAK (SECFailure);
}
@ -1660,10 +1660,10 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert)
if (infoAccArr == NULL) {
infoAccArr = PORT_ArenaZNew(arena, CERTAuthInfoAccess *);
} else {
infoAccArr = PORT_ArenaGrow(arena, infoAccArr,
infoAccArr = PORT_ArenaGrow(arena, infoAccArr,
sizeof (current) * count,
sizeof (current) *(count + 1));
}
}
if (infoAccArr == NULL) {
GEN_BREAK (SECFailure);
}
@ -1698,8 +1698,8 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert)
oidIdent = SEC_OID_X509_SUBJECT_INFO_ACCESS;
}
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, infoAccArr,
yesNoAns, oidIdent,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInfoAccessExtension);
yesNoAns, oidIdent,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInfoAccessExtension);
}
if (arena)
PORT_FreeArena(arena, PR_FALSE);
@ -1718,18 +1718,18 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
if (extList[ext_keyUsage]) {
rv = AddKeyUsage(extHandle);
if (rv) {
errstring = "KeyUsage";
errstring = "KeyUsage";
break;
}
}
}
/* Add extended key usage extension */
if (extList[ext_extKeyUsage]) {
rv = AddExtKeyUsage(extHandle);
if (rv) {
errstring = "ExtendedKeyUsage";
errstring = "ExtendedKeyUsage";
break;
}
}
}
/* Add basic constraint extension */
@ -1738,46 +1738,46 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
if (rv) {
errstring = "BasicConstraint";
break;
}
}
}
if (extList[ext_authorityKeyID]) {
rv = AddAuthKeyID(extHandle);
if (rv) {
errstring = "AuthorityKeyID";
errstring = "AuthorityKeyID";
break;
}
}
}
if (extList[ext_subjectKeyID]) {
rv = AddSubjKeyID(extHandle);
if (rv) {
errstring = "SubjectKeyID";
errstring = "SubjectKeyID";
break;
}
}
}
if (extList[ext_CRLDistPts]) {
rv = AddCrlDistPoint(extHandle);
if (rv) {
errstring = "CRLDistPoints";
errstring = "CRLDistPoints";
break;
}
}
}
if (extList[ext_NSCertType]) {
rv = AddNscpCertType(extHandle);
if (rv) {
errstring = "NSCertType";
errstring = "NSCertType";
break;
}
}
}
if (extList[ext_authInfoAcc] || extList[ext_subjInfoAcc]) {
rv = AddInfoAccess(extHandle, extList[ext_subjInfoAcc],
extList[ext_basicConstraint]);
extList[ext_basicConstraint]);
if (rv) {
errstring = "InformationAccess";
errstring = "InformationAccess";
break;
}
}
@ -1785,7 +1785,7 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
if (extList[ext_certPolicies]) {
rv = AddCertPolicies(extHandle);
if (rv) {
errstring = "Policies";
errstring = "Policies";
break;
}
}
@ -1793,7 +1793,7 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
if (extList[ext_policyMappings]) {
rv = AddPolicyMappings(extHandle);
if (rv) {
errstring = "PolicyMappings";
errstring = "PolicyMappings";
break;
}
}
@ -1801,17 +1801,17 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
if (extList[ext_policyConstr]) {
rv = AddPolicyConstraints(extHandle);
if (rv) {
errstring = "PolicyConstraints";
errstring = "PolicyConstraints";
break;
}
}
}
if (extList[ext_inhibitAnyPolicy]) {
rv = AddInhibitAnyPolicy(extHandle);
if (rv) {
errstring = "InhibitAnyPolicy";
errstring = "InhibitAnyPolicy";
break;
}
}
}
if (emailAddrs || dnsNames) {
@ -1830,18 +1830,18 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
rv |= AddDNSSubjectAlt(arena, &namelist, dnsNames);
if (rv == SECSuccess) {
rv = CERT_EncodeAltNameExtension(arena, namelist, &item);
if (rv == SECSuccess) {
rv = CERT_EncodeAltNameExtension(arena, namelist, &item);
if (rv == SECSuccess) {
rv = CERT_AddExtension(extHandle,
SEC_OID_X509_SUBJECT_ALT_NAME,
&item, PR_FALSE, PR_TRUE);
}
}
}
PORT_FreeArena(arena, PR_FALSE);
if (rv) {
PORT_FreeArena(arena, PR_FALSE);
if (rv) {
errstring = "SubjectAltName";
break;
}
}
}
} while (0);

44
certwatch.c
View File

@ -111,15 +111,15 @@ static char *warn_address = "root";
* Semantics are similar to asctime.
*/
char * AsciiTime(PRTime time)
{
PRExplodedTime printable;
char *timebuf;
PR_ExplodeTime(time, PR_GMTParameters, &printable);
timebuf = PORT_Alloc(TIME_BUF_SIZE);
(void) PR_FormatTime(timebuf, TIME_BUF_SIZE, "%a %b %d %H:%M:%S %Y", &printable);
if (strlen(timebuf) < TIME_BUF_SIZE) timebuf[strlen(timebuf)] = '\0';
return (timebuf);
{
PRExplodedTime printable;
char *timebuf;
PR_ExplodeTime(time, PR_GMTParameters, &printable);
timebuf = PORT_Alloc(TIME_BUF_SIZE);
(void) PR_FormatTime(timebuf, TIME_BUF_SIZE, "%a %b %d %H:%M:%S %Y", &printable);
if (strlen(timebuf) < TIME_BUF_SIZE) timebuf[strlen(timebuf)] = '\0';
return (timebuf);
}
/* Uses the password passed in the -f(pwfile) argument of the command line.
@ -173,19 +173,19 @@ static int warning(FILE *out, const char *filename, const char *hostname,
/* Note that filename can be the cert nickname. */
int renew = 1;
char subj[50];
PRTime prtimeDiff;
LL_SUB(prtimeDiff, end, start);
PRTime prtimeDiff;
LL_SUB(prtimeDiff, end, start);
if ( LL_CMP(start, >, now) ) {
strcpy(subj, "is not yet valid");
renew = 0;
} else if (LL_EQ(now, end)) {
strcpy(subj, "will expire today");
strcpy(subj, "will expire today");
} else if (LL_EQ(prtimeDiff, 1)) {
sprintf(subj, "will expire tomorrow");
sprintf(subj, "will expire tomorrow");
} else if (LL_CMP(prtimeDiff, <, warn_period)) {
sprintf(subj, "will expire on %s", AsciiTime(end));
sprintf(subj, "will expire on %s", AsciiTime(end));
{
int days; /* days till expiry */
LL_L2I(days, prtimeDiff);
@ -276,8 +276,8 @@ static int check_cert(const char *name, int byNickname, int quiet)
/* parse the cert */
cert = byNickname
? CERT_FindCertByNickname(CERT_GetDefaultCertDB(), (char *)name)
: PEMUTIL_PEM_read_X509(name);
? CERT_FindCertByNickname(CERT_GetDefaultCertDB(), (char *)name)
: PEMUTIL_PEM_read_X509(name);
if (cert == NULL) return -1;
/* determine the validity period of the cert. */
@ -304,7 +304,7 @@ cleanup:
if (!doWarning) return -1;
return warning(stdout, name, cname, validity,
notBefore, notAfter, PR_Now(), quiet);
notBefore, notAfter, PR_Now(), quiet);
}
int main(int argc, char **argv)
@ -375,16 +375,16 @@ int main(int argc, char **argv)
PK11_SetPasswordFunc(GetModulePassword);
}
} else {
/* cert in a pem file */
/* cert in a pem file */
char *certDir = getenv("SSL_DIR"); /* Look in $SSL_DIR */
if (!certDir) {
certDir = "/etc/pki/nssdb";
}
if (NSS_Initialize(certDir, certDBPrefix, keyDBPrefix,
if (NSS_Initialize(certDir, certDBPrefix, keyDBPrefix,
SECMOD_DB, NSS_INIT_READONLY) != SECSuccess) {
printf("NSS_Init(\"%s\") failed\n", certDir);
printf("NSS_Init(\"%s\") failed\n", certDir);
return EXIT_FAILURE;
}
}
}
/* When byNickname is 1 argv[optind] is a nickname otherwise a filename. */

1545
keyutil.c
View File

File diff suppressed because it is too large Load Diff

4
keyutil.h
View File

@ -65,7 +65,7 @@
* ***** END LICENSE BLOCK ***** */
#ifndef _KEYUTIL_H
#define _KEYUTIL_H
#define _KEYUTIL_H
#include "secutil.h"
@ -94,5 +94,5 @@ extern SECStatus
AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
certutilExtnList extList);
#endif /* _KEYUTIL_H */
#endif /* _KEYUTIL_H */

100
pemutil.c
View File

@ -85,7 +85,7 @@
*/
extern CERTCertificate *
__CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
char *nickname, PRBool isperm, PRBool copyDER);
char *nickname, PRBool isperm, PRBool copyDER);
#define CERT_NewTempCertificate __CERT_NewTempCertificate
@ -109,13 +109,13 @@ static SECStatus FileToItem(SECItem *dst, PRFileDesc *src)
prStatus = PR_GetOpenFileInfo(src, &info);
if (prStatus != PR_SUCCESS) {
return SECFailure;
return SECFailure;
}
/* XXX workaround for 3.1, not all utils zero dst before sending */
dst->data = 0;
if (!SECITEM_AllocItem(NULL, dst, info.size))
goto loser;
goto loser;
numBytes = PR_Read(src, dst->data, info.size);
if (numBytes != info.size)
@ -135,52 +135,52 @@ static SECStatus ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii)
{
SECStatus rv;
if (ascii) {
/* First convert ascii to binary */
SECItem filedata;
char *asc, *body;
/* Read in ascii data */
rv = FileToItem(&filedata, inFile);
asc = (char *)filedata.data;
if (!asc) {
return SECFailure;
}
/* check for headers and trailers and remove them */
if ((body = strstr(asc, "-----BEGIN")) != NULL) {
char *trailer = NULL;
asc = body;
body = PORT_Strchr(body, '\n');
if (!body)
body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */
if (body)
trailer = strstr(++body, "-----END");
if (trailer != NULL) {
*trailer = '\0';
} else {
/*printf("input has header but no trailer\n");*/
PORT_Free(filedata.data);
return SECFailure;
}
} else {
body = asc;
}
/* Convert to binary */
rv = ATOB_ConvertAsciiToItem(der, body);
if (rv) {
/* printf("ATOB_ConvertAsciiToItem failed\n");*/
PORT_Free(filedata.data);
return SECFailure;
}
PORT_Free(filedata.data);
/* First convert ascii to binary */
SECItem filedata;
char *asc, *body;
/* Read in ascii data */
rv = FileToItem(&filedata, inFile);
asc = (char *)filedata.data;
if (!asc) {
return SECFailure;
}
/* check for headers and trailers and remove them */
if ((body = strstr(asc, "-----BEGIN")) != NULL) {
char *trailer = NULL;
asc = body;
body = PORT_Strchr(body, '\n');
if (!body)
body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */
if (body)
trailer = strstr(++body, "-----END");
if (trailer != NULL) {
*trailer = '\0';
} else {
/*printf("input has header but no trailer\n");*/
PORT_Free(filedata.data);
return SECFailure;
}
} else {
body = asc;
}
/* Convert to binary */
rv = ATOB_ConvertAsciiToItem(der, body);
if (rv) {
/* printf("ATOB_ConvertAsciiToItem failed\n");*/
PORT_Free(filedata.data);
return SECFailure;
}
PORT_Free(filedata.data);
} else {
/* Read in binary der */
rv = FileToItem(der, inFile);
if (rv) {
return SECFailure;
}
/* Read in binary der */
rv = FileToItem(der, inFile);
if (rv) {
return SECFailure;
}
}
return SECSuccess;
}
@ -202,11 +202,11 @@ PEMUTIL_PEM_read_X509(const char *filename)
/* Read in a DER from a file, it is ascii */
if (SECSuccess != ReadDERFromFile(&derCert, fd, PR_TRUE))
goto cleanup;
goto cleanup;
/* create a temporary cert in the database */
cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
&derCert, NULL, PR_FALSE, PR_FALSE);
&derCert, NULL, PR_FALSE, PR_FALSE);
/* noNickname, notPerm, noCopy */
cleanup:
if (fd) PR_Close(fd);

6
secerror.c
View File

@ -36,7 +36,7 @@
#include <nspr.h>
struct tuple_str {
PRErrorCode errNum;
PRErrorCode errNum;
const char * errString;
};
@ -89,12 +89,12 @@ SECU_Strerror(PRErrorCode errNum) {
}
lastNum = num;
}
initDone = 1;
initDone = 1;
}
/* Do binary search of table. */
while (low + 1 < high) {
i = (low + high) / 2;
i = (low + high) / 2;
num = errStrings[i].errNum;
if (errNum == num)
return errStrings[i].errString;

282
secutil.c
View File

@ -123,26 +123,26 @@ SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...)
fprintf(out, "%s: ", progName);
vfprintf(out, msg, args);
if (errString != NULL && PORT_Strlen(errString) > 0)
fprintf(out, ": %s\n", errString);
fprintf(out, ": %s\n", errString);
else
fprintf(out, ": error %d\n", (int)err);
fprintf(out, ": error %d\n", (int)err);
va_end(args);
}
void SECU_PrintError(char *progName, char *msg, ...)
{
SECU_PrintErrMsg(stderr, 0, progName, msg);
SECU_PrintErrMsg(stderr, 0, progName, msg);
}
#define INDENT_MULT 4
#define INDENT_MULT 4
void
SECU_Indent(FILE *out, int level)
{
int i;
for (i = 0; i < level; i++) {
fprintf(out, " ");
fprintf(out, " ");
}
}
@ -162,25 +162,25 @@ SECU_PrintAsHex(FILE *out, SECItem *data, const char *m, int level)
unsigned int limit = 15;
if ( m ) {
SECU_Indent(out, level); fprintf(out, "%s:\n", m);
level++;
SECU_Indent(out, level); fprintf(out, "%s:\n", m);
level++;
}
SECU_Indent(out, level); column = level*INDENT_MULT;
if (!data->len) {
fprintf(out, "(empty)\n");
return;
fprintf(out, "(empty)\n");
return;
}
/* take a pass to see if it's all printable. */
for (i = 0; i < data->len; i++) {
unsigned char val = data->data[i];
unsigned char val = data->data[i];
if (!val || !isprint(val)) {
isString = PR_FALSE;
break;
}
if (isWhiteSpace && !isspace(val)) {
isWhiteSpace = PR_FALSE;
}
isString = PR_FALSE;
break;
}
if (isWhiteSpace && !isspace(val)) {
isWhiteSpace = PR_FALSE;
}
}
/* Short values, such as bit strings (which are printed with this
@ -191,46 +191,46 @@ SECU_PrintAsHex(FILE *out, SECItem *data, const char *m, int level)
*/
if (!isString || data->len <= 4) {
for (i = 0; i < data->len; i++) {
if (i != data->len - 1) {
fprintf(out, "%02x:", data->data[i]);
column += 3;
} else {
fprintf(out, "%02x", data->data[i]);
column += 2;
break;
}
if (column > 76 || (i % 16 == limit)) {
secu_Newline(out);
SECU_Indent(out, level);
column = level*INDENT_MULT;
limit = i % 16;
}
if (i != data->len - 1) {
fprintf(out, "%02x:", data->data[i]);
column += 3;
} else {
fprintf(out, "%02x", data->data[i]);
column += 2;
break;
}
if (column > 76 || (i % 16 == limit)) {
secu_Newline(out);
SECU_Indent(out, level);
column = level*INDENT_MULT;
limit = i % 16;
}
}
printedHex = PR_TRUE;
}
if (isString && !isWhiteSpace) {
if (printedHex != PR_FALSE) {
secu_Newline(out);
SECU_Indent(out, level); column = level*INDENT_MULT;
}
for (i = 0; i < data->len; i++) {
unsigned char val = data->data[i];
if (val) {
fprintf(out,"%c",val);
column++;
} else {
column = 77;
}
if (column > 76) {
secu_Newline(out);
SECU_Indent(out, level); column = level*INDENT_MULT;
}
}
if (printedHex != PR_FALSE) {
secu_Newline(out);
SECU_Indent(out, level); column = level*INDENT_MULT;
}
for (i = 0; i < data->len; i++) {
unsigned char val = data->data[i];
if (val) {
fprintf(out,"%c",val);
column++;
} else {
column = 77;
}
if (column > 76) {
secu_Newline(out);
SECU_Indent(out, level); column = level*INDENT_MULT;
}
}
}
if (column != level*INDENT_MULT) {
secu_Newline(out);
secu_Newline(out);
}
}
@ -243,21 +243,21 @@ SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level)
oiddata = SECOID_FindOID(oid);
if (oiddata != NULL) {
const char *name = oiddata->desc;
SECU_Indent(out, level);
if (m != NULL)
fprintf(out, "%s: ", m);
fprintf(out, "%s\n", name);
return oiddata->offset;
const char *name = oiddata->desc;
SECU_Indent(out, level);
if (m != NULL)
fprintf(out, "%s: ", m);
fprintf(out, "%s\n", name);
return oiddata->offset;
}
oidString = CERT_GetOidString(oid);
if (oidString) {
SECU_Indent(out, level);
if (m != NULL)
fprintf(out, "%s: ", m);
fprintf(out, "%s\n", oidString);
PR_smprintf_free(oidString);
return SEC_OID_UNKNOWN;
SECU_Indent(out, level);
if (m != NULL)
fprintf(out, "%s: ", m);
fprintf(out, "%s\n", oidString);
PR_smprintf_free(oidString);
return SEC_OID_UNKNOWN;
}
SECU_PrintAsHex(out, oid, m, level);
return SEC_OID_UNKNOWN;
@ -287,29 +287,29 @@ secu_StdinToItem(SECItem *dst)
dst->data = NULL;
while (notDone) {
numBytes = PR_Read(PR_STDIN, buf, sizeof(buf));
numBytes = PR_Read(PR_STDIN, buf, sizeof(buf));
if (numBytes < 0) {
return SECFailure;
}
if (numBytes < 0) {
return SECFailure;
}
if (numBytes == 0)
break;
if (numBytes == 0)
break;
if (dst->data) {
unsigned char * p = dst->data;
dst->data = (unsigned char*)PORT_Realloc(p, dst->len + numBytes);
if (!dst->data) {
PORT_Free(p);
}
} else {
dst->data = (unsigned char*)PORT_Alloc(numBytes);
}
if (!dst->data) {
return SECFailure;
}
PORT_Memcpy(dst->data + dst->len, buf, numBytes);
dst->len += numBytes;
if (dst->data) {
unsigned char * p = dst->data;
dst->data = (unsigned char*)PORT_Realloc(p, dst->len + numBytes);
if (!dst->data) {
PORT_Free(p);
}
} else {
dst->data = (unsigned char*)PORT_Alloc(numBytes);
}
if (!dst->data) {
return SECFailure;
}
PORT_Memcpy(dst->data + dst->len, buf, numBytes);
dst->len += numBytes;
}
return SECSuccess;
@ -323,24 +323,24 @@ SECU_FileToItem(SECItem *dst, PRFileDesc *src)
PRStatus prStatus;
if (src == PR_STDIN)
return secu_StdinToItem(dst);
return secu_StdinToItem(dst);
prStatus = PR_GetOpenFileInfo(src, &info);
if (prStatus != PR_SUCCESS) {
PORT_SetError(SEC_ERROR_IO);
return SECFailure;
PORT_SetError(SEC_ERROR_IO);
return SECFailure;
}
/* XXX workaround for 3.1, not all utils zero dst before sending */
dst->data = 0;
if (!SECITEM_AllocItem(NULL, dst, info.size))
goto loser;
goto loser;
numBytes = PR_Read(src, dst->data, info.size);
if (numBytes != info.size) {
PORT_SetError(SEC_ERROR_IO);
goto loser;
PORT_SetError(SEC_ERROR_IO);
goto loser;
}
return SECSuccess;
@ -355,56 +355,56 @@ SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii)
{
SECStatus rv;
if (ascii) {
/* First convert ascii to binary */
SECItem filedata;
char *asc, *body;
/* First convert ascii to binary */
SECItem filedata;
char *asc, *body;
/* Read in ascii data */
rv = SECU_FileToItem(&filedata, inFile);
asc = (char *)filedata.data;
if (!asc) {
fprintf(stderr, "unable to read data from input file\n");
return SECFailure;
}
/* Read in ascii data */
rv = SECU_FileToItem(&filedata, inFile);
asc = (char *)filedata.data;
if (!asc) {
fprintf(stderr, "unable to read data from input file\n");
return SECFailure;
}
/* check for headers and trailers and remove them */
if ((body = strstr(asc, "-----BEGIN")) != NULL) {
char *trailer = NULL;
asc = body;
body = PORT_Strchr(body, '\n');
if (!body)
body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */
if (body)
trailer = strstr(++body, "-----END");
if (trailer != NULL) {
*trailer = '\0';
} else {
fprintf(stderr, "input has header but no trailer\n");
PORT_Free(filedata.data);
return SECFailure;
}
} else {
body = asc;
}
/* Convert to binary */
rv = ATOB_ConvertAsciiToItem(der, body);
if (rv) {
fprintf(stderr, "error converting ascii to binary (%d)\n",
PORT_GetError());
PORT_Free(filedata.data);
return SECFailure;
}
PORT_Free(filedata.data);
/* check for headers and trailers and remove them */
if ((body = strstr(asc, "-----BEGIN")) != NULL) {
char *trailer = NULL;
asc = body;
body = PORT_Strchr(body, '\n');
if (!body)
body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */
if (body)
trailer = strstr(++body, "-----END");
if (trailer != NULL) {
*trailer = '\0';
} else {
fprintf(stderr, "input has header but no trailer\n");
PORT_Free(filedata.data);
return SECFailure;
}
} else {
/* Read in binary der */
rv = SECU_FileToItem(der, inFile);
if (rv) {
fprintf(stderr, "error converting der (%d)\n",
PORT_GetError());
return SECFailure;
}
body = asc;
}
/* Convert to binary */
rv = ATOB_ConvertAsciiToItem(der, body);
if (rv) {
fprintf(stderr, "error converting ascii to binary (%d)\n",
PORT_GetError());
PORT_Free(filedata.data);
return SECFailure;
}
PORT_Free(filedata.data);
} else {
/* Read in binary der */
rv = SECU_FileToItem(der, inFile);
if (rv) {
fprintf(stderr, "error converting der (%d)\n",
PORT_GetError());
return SECFailure;
}
}
return SECSuccess;
}
@ -440,12 +440,12 @@ void
SECU_SECItemToHex(const SECItem * item, char * dst)
{
if (dst && item && item->data) {
unsigned char * src = item->data;
unsigned int len = item->len;
for (; len > 0; --len, dst += 2) {
sprintf(dst, "%02x", *src++);
}
*dst = '\0';
unsigned char * src = item->data;
unsigned int len = item->len;
for (; len > 0; --len, dst += 2) {
sprintf(dst, "%02x", *src++);
}
*dst = '\0';
}
}

62
secutil.h
View File

@ -46,12 +46,12 @@
#include <secder.h>
#include <stdio.h>
#define SEC_CT_PRIVATE_KEY "private-key"
#define SEC_CT_PUBLIC_KEY "public-key"
#define SEC_CT_CERTIFICATE "certificate"
#define SEC_CT_CERTIFICATE_REQUEST "certificate-request"
#define SEC_CT_PKCS7 "pkcs7"
#define SEC_CT_CRL "crl"
#define SEC_CT_PRIVATE_KEY "private-key"
#define SEC_CT_PUBLIC_KEY "public-key"
#define SEC_CT_CERTIFICATE "certificate"
#define SEC_CT_CERTIFICATE_REQUEST "certificate-request"
#define SEC_CT_PKCS7 "pkcs7"
#define SEC_CT_CRL "crl"
#define NS_CERTREQ_HEADER "-----BEGIN NEW CERTIFICATE REQUEST-----"
#define NS_CERTREQ_TRAILER "-----END NEW CERTIFICATE REQUEST-----"
@ -64,7 +64,7 @@
/* From libsec/pcertdb.c --- it's not declared in sec.h */
extern SECStatus SEC_AddPermCertificate(CERTCertDBHandle *handle,
SECItem *derCert, char *nickname, CERTCertTrust *trust);
SECItem *derCert, char *nickname, CERTCertTrust *trust);
#ifdef SECUTIL_NEW
@ -76,10 +76,10 @@ typedef int (*SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level);
typedef struct {
enum {
PW_NONE = 0,
PW_FROMFILE = 1,
PW_PLAINTEXT = 2,
PW_EXTERNAL = 3
PW_NONE = 0,
PW_FROMFILE = 1,
PW_PLAINTEXT = 2,
PW_EXTERNAL = 3
} source;
char *data;
} secuPWData;
@ -123,7 +123,7 @@ extern PRBool SEC_BlindCheckPassword(char *password);
** The password is then checked using "chkpw".
*/
extern char *SEC_GetPassword(FILE *in, FILE *out, char *msg,
PRBool (*chkpw)(char *));
PRBool (*chkpw)(char *));
char *SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg);
@ -165,9 +165,9 @@ extern char *SECU_ConfigDirectory(const char* base);
*/
extern int
SECU_GetClientAuthData(void *arg, PRFileDesc *fd,
struct CERTDistNamesStr *caNames,
struct CERTCertificateStr **pRetCert,
struct SECKEYPrivateKeyStr **pRetKey);
struct CERTDistNamesStr *caNames,
struct CERTCertificateStr **pRetCert,
struct SECKEYPrivateKeyStr **pRetKey);
/* print out an error message */
extern void SECU_PrintError(char *progName, char *msg, ...);
@ -182,15 +182,15 @@ extern const char * SECU_Strerror(PRErrorCode errNum);
* failure at time == now */
extern void
SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle,
CERTCertificate *cert, PRBool checksig,
SECCertificateUsage certUsage, void *pinArg, PRBool verbose);
CERTCertificate *cert, PRBool checksig,
SECCertificateUsage certUsage, void *pinArg, PRBool verbose);
/* revalidate the cert and print information about cert verification
* failure at specified time */
extern void
SECU_printCertProblemsOnDate(FILE *outfile, CERTCertDBHandle *handle,
CERTCertificate *cert, PRBool checksig, SECCertificateUsage certUsage,
void *pinArg, PRBool verbose, PRTime datetime);
CERTCertificate *cert, PRBool checksig, SECCertificateUsage certUsage,
void *pinArg, PRBool verbose, PRTime datetime);
/* print out CERTVerifyLog info. */
extern void
@ -216,7 +216,7 @@ extern SECOidTag SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level)
/* Print AlgorithmIdentifier symbolically */
extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m,
int level);
int level);
/* Print SECItem as hex */
extern void SECU_PrintAsHex(FILE *out, SECItem *i, const char *m, int level);
@ -237,7 +237,7 @@ extern void SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level);
* afterward; otherwise just print the formatted time string only.
*/
extern void SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m,
int level);
int level);
/*
* Format and print the UTC or Generalized Time "t". If the tag message
@ -259,7 +259,7 @@ int SECU_CheckCertNameExists(CERTCertDBHandle *handle, char *nickname);
/* Dump contents of cert req */
extern int SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m,
int level);
int level);
/* Dump contents of certificate */
extern int SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level);
@ -285,14 +285,14 @@ extern int SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m,
/* Pretty-print any PKCS7 thing */
extern int SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m,
int level);
int level);
/* Init PKCS11 stuff */
extern SECStatus SECU_PKCS11Init(PRBool readOnly);
/* Dump contents of signed data */
extern int SECU_PrintSignedData(FILE *out, SECItem *der, char *m, int level,
SECU_PPFunc inner);
SECU_PPFunc inner);
/* Print cert data and its trust flags */
extern SECStatus SEC_PrintCertificateAndTrust(CERTCertificate *cert,
@ -312,7 +312,7 @@ extern void SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value,
char *msg, int level);
extern void SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
char *msg, int level);
char *msg, int level);
extern void SECU_PrintName(FILE *out, CERTName *name, char *msg, int level);
@ -347,12 +347,12 @@ extern SECStatus SECU_StoreCRL(PK11SlotInfo *slot, SECItem *derCrl,
** MD5 hashing algorithm. This routine first computes a digital signature
** using SEC_SignData, then wraps it with an CERTSignedData and then der
** encodes the result.
** "arena" is the memory arena to use to allocate data from
** "arena" is the memory arena to use to allocate data from
** "sd" returned CERTSignedData
** "result" the final der encoded data (memory is allocated)
** "buf" the input data to sign
** "len" the amount of data to sign
** "pk" the private key to encrypt with
** "result" the final der encoded data (memory is allocated)
** "buf" the input data to sign
** "len" the amount of data to sign
** "pk" the private key to encrypt with
*/
extern SECStatus SECU_DerSignDataCRL(PRArenaPool *arena, CERTSignedData *sd,
unsigned char *buf, int len,
@ -436,7 +436,7 @@ typedef struct
/* fill the "arg" and "activated" fields for each flag */
SECStatus
SECU_ParseCommandLine(int argc, char **argv, char *progName,
const secuCommand *cmd);
const secuCommand *cmd);
char *
SECU_GetOptionArg(const secuCommand *cmd, int optionNum);