rpms
/
crypto-utils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Coverted tabs to spaces

This commit is contained in:
Elio Maldonado 2008-05-03 22:54:55 +00:00
parent deb8b0e9e2
commit eff035f7f8
10 changed files with 1427 additions and 1434 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
NSPRerrs.h
View File

@ -36,43 +36,43 @@
/* General NSPR 2.0 errors */ /* General NSPR 2.0 errors */
/* Caller must #include "<rerror.h> */ /* Caller must #include "<rerror.h> */
ER2( PR_OUT_OF_MEMORY_ERROR, "Memory allocation attempt failed." ) ER2( PR_OUT_OF_MEMORY_ERROR, "Memory allocation attempt failed." )
ER2( PR_BAD_DESCRIPTOR_ERROR, "Invalid file descriptor." ) ER2( PR_BAD_DESCRIPTOR_ERROR, "Invalid file descriptor." )
ER2( PR_WOULD_BLOCK_ERROR, "The operation would have blocked." ) ER2( PR_WOULD_BLOCK_ERROR, "The operation would have blocked." )
ER2( PR_ACCESS_FAULT_ERROR, "Invalid memory address argument." ) ER2( PR_ACCESS_FAULT_ERROR, "Invalid memory address argument." )
ER2( PR_INVALID_METHOD_ERROR, "Invalid function for file type." ) ER2( PR_INVALID_METHOD_ERROR, "Invalid function for file type." )
ER2( PR_ILLEGAL_ACCESS_ERROR, "Invalid memory address argument." ) ER2( PR_ILLEGAL_ACCESS_ERROR, "Invalid memory address argument." )
ER2( PR_UNKNOWN_ERROR, "Some unknown error has occurred." ) ER2( PR_UNKNOWN_ERROR, "Some unknown error has occurred." )
ER2( PR_PENDING_INTERRUPT_ERROR,"Operation interrupted by another thread." ) ER2( PR_PENDING_INTERRUPT_ERROR,"Operation interrupted by another thread." )
ER2( PR_NOT_IMPLEMENTED_ERROR, "function not implemented." ) ER2( PR_NOT_IMPLEMENTED_ERROR, "function not implemented." )
ER2( PR_IO_ERROR, "I/O function error." ) ER2( PR_IO_ERROR, "I/O function error." )
ER2( PR_IO_TIMEOUT_ERROR, "I/O operation timed out." ) ER2( PR_IO_TIMEOUT_ERROR, "I/O operation timed out." )
ER2( PR_IO_PENDING_ERROR, "I/O operation on busy file descriptor." ) ER2( PR_IO_PENDING_ERROR, "I/O operation on busy file descriptor." )
ER2( PR_DIRECTORY_OPEN_ERROR, "The directory could not be opened." ) ER2( PR_DIRECTORY_OPEN_ERROR, "The directory could not be opened." )
ER2( PR_INVALID_ARGUMENT_ERROR, "Invalid function argument." ) ER2( PR_INVALID_ARGUMENT_ERROR, "Invalid function argument." )
ER2( PR_ADDRESS_NOT_AVAILABLE_ERROR, "Network address not available (in use?)." ) ER2( PR_ADDRESS_NOT_AVAILABLE_ERROR, "Network address not available (in use?)." )
ER2( PR_ADDRESS_NOT_SUPPORTED_ERROR, "Network address type not supported." ) ER2( PR_ADDRESS_NOT_SUPPORTED_ERROR, "Network address type not supported." )
ER2( PR_IS_CONNECTED_ERROR, "Already connected." ) ER2( PR_IS_CONNECTED_ERROR, "Already connected." )
ER2( PR_BAD_ADDRESS_ERROR, "Network address is invalid." ) ER2( PR_BAD_ADDRESS_ERROR, "Network address is invalid." )
ER2( PR_ADDRESS_IN_USE_ERROR, "Local Network address is in use." ) ER2( PR_ADDRESS_IN_USE_ERROR, "Local Network address is in use." )
ER2( PR_CONNECT_REFUSED_ERROR, "Connection refused by peer." ) ER2( PR_CONNECT_REFUSED_ERROR, "Connection refused by peer." )
ER2( PR_NETWORK_UNREACHABLE_ERROR, "Network address is presently unreachable." ) ER2( PR_NETWORK_UNREACHABLE_ERROR, "Network address is presently unreachable." )
ER2( PR_CONNECT_TIMEOUT_ERROR, "Connection attempt timed out." ) ER2( PR_CONNECT_TIMEOUT_ERROR, "Connection attempt timed out." )
ER2( PR_NOT_CONNECTED_ERROR, "Network file descriptor is not connected." ) ER2( PR_NOT_CONNECTED_ERROR, "Network file descriptor is not connected." )
ER2( PR_LOAD_LIBRARY_ERROR, "Failure to load dynamic library." ) ER2( PR_LOAD_LIBRARY_ERROR, "Failure to load dynamic library." )
ER2( PR_UNLOAD_LIBRARY_ERROR, "Failure to unload dynamic library." ) ER2( PR_UNLOAD_LIBRARY_ERROR, "Failure to unload dynamic library." )
ER2( PR_FIND_SYMBOL_ERROR, ER2( PR_FIND_SYMBOL_ERROR,
"Symbol not found in any of the loaded dynamic libraries." ) "Symbol not found in any of the loaded dynamic libraries." )
ER2( PR_INSUFFICIENT_RESOURCES_ERROR, "Insufficient system resources." ) ER2( PR_INSUFFICIENT_RESOURCES_ERROR, "Insufficient system resources." )
ER2( PR_DIRECTORY_LOOKUP_ERROR, ER2( PR_DIRECTORY_LOOKUP_ERROR,
"A directory lookup on a network address has failed." ) "A directory lookup on a network address has failed." )
ER2( PR_TPD_RANGE_ERROR, ER2( PR_TPD_RANGE_ERROR,
"Attempt to access a TPD key that is out of range." ) "Attempt to access a TPD key that is out of range." )
ER2( PR_PROC_DESC_TABLE_FULL_ERROR, "Process open FD table is full." ) ER2( PR_PROC_DESC_TABLE_FULL_ERROR, "Process open FD table is full." )
ER2( PR_SYS_DESC_TABLE_FULL_ERROR, "System open FD table is full." ) ER2( PR_SYS_DESC_TABLE_FULL_ERROR, "System open FD table is full." )
ER2( PR_NOT_SOCKET_ERROR, ER2( PR_NOT_SOCKET_ERROR,
"Network operation attempted on non-network file descriptor." ) "Network operation attempted on non-network file descriptor." )
ER2( PR_NOT_TCP_SOCKET_ERROR, ER2( PR_NOT_TCP_SOCKET_ERROR,
"TCP-specific function attempted on a non-TCP file descriptor." ) "TCP-specific function attempted on a non-TCP file descriptor." )
ER2( PR_SOCKET_ADDRESS_IS_BOUND_ERROR, "TCP file descriptor is already bound." ) ER2( PR_SOCKET_ADDRESS_IS_BOUND_ERROR, "TCP file descriptor is already bound." )
ER2( PR_NO_ACCESS_RIGHTS_ERROR, "Access Denied." ) ER2( PR_NO_ACCESS_RIGHTS_ERROR, "Access Denied." )
@ -80,24 +80,24 @@ ER2( PR_OPERATION_NOT_SUPPORTED_ERROR,
"The requested operation is not supported by the platform." ) "The requested operation is not supported by the platform." )
ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR, ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR,
"The host operating system does not support the protocol requested." ) "The host operating system does not support the protocol requested." )
ER2( PR_REMOTE_FILE_ERROR, "Access to the remote file has been severed." ) ER2( PR_REMOTE_FILE_ERROR, "Access to the remote file has been severed." )
ER2( PR_BUFFER_OVERFLOW_ERROR, ER2( PR_BUFFER_OVERFLOW_ERROR,
"The value requested is too large to be stored in the data buffer provided." ) "The value requested is too large to be stored in the data buffer provided." )
ER2( PR_CONNECT_RESET_ERROR, "TCP connection reset by peer." ) ER2( PR_CONNECT_RESET_ERROR, "TCP connection reset by peer." )
ER2( PR_RANGE_ERROR, "Unused." ) ER2( PR_RANGE_ERROR, "Unused." )
ER2( PR_DEADLOCK_ERROR, "The operation would have deadlocked." ) ER2( PR_DEADLOCK_ERROR, "The operation would have deadlocked." )
ER2( PR_FILE_IS_LOCKED_ERROR, "The file is already locked." ) ER2( PR_FILE_IS_LOCKED_ERROR, "The file is already locked." )
ER2( PR_FILE_TOO_BIG_ERROR, ER2( PR_FILE_TOO_BIG_ERROR,
"Write would result in file larger than the system allows." ) "Write would result in file larger than the system allows." )
ER2( PR_NO_DEVICE_SPACE_ERROR, "The device for storing the file is full." ) ER2( PR_NO_DEVICE_SPACE_ERROR, "The device for storing the file is full." )
ER2( PR_PIPE_ERROR, "Unused." ) ER2( PR_PIPE_ERROR, "Unused." )
ER2( PR_NO_SEEK_DEVICE_ERROR, "Unused." ) ER2( PR_NO_SEEK_DEVICE_ERROR, "Unused." )
ER2( PR_IS_DIRECTORY_ERROR, ER2( PR_IS_DIRECTORY_ERROR,
"Cannot perform a normal file operation on a directory." ) "Cannot perform a normal file operation on a directory." )
ER2( PR_LOOP_ERROR, "Symbolic link loop." ) ER2( PR_LOOP_ERROR, "Symbolic link loop." )
ER2( PR_NAME_TOO_LONG_ERROR, "File name is too long." ) ER2( PR_NAME_TOO_LONG_ERROR, "File name is too long." )
ER2( PR_FILE_NOT_FOUND_ERROR, "File not found." ) ER2( PR_FILE_NOT_FOUND_ERROR, "File not found." )
ER2( PR_NOT_DIRECTORY_ERROR, ER2( PR_NOT_DIRECTORY_ERROR,
"Cannot perform directory operation on a normal file." ) "Cannot perform directory operation on a normal file." )
ER2( PR_READ_ONLY_FILESYSTEM_ERROR, ER2( PR_READ_ONLY_FILESYSTEM_ERROR,
"Cannot write to a read-only file system." ) "Cannot write to a read-only file system." )
@ -105,49 +105,49 @@ ER2( PR_DIRECTORY_NOT_EMPTY_ERROR,
"Cannot delete a directory that is not empty." ) "Cannot delete a directory that is not empty." )
ER2( PR_FILESYSTEM_MOUNTED_ERROR, ER2( PR_FILESYSTEM_MOUNTED_ERROR,
"Cannot delete or rename a file object while the file system is busy." ) "Cannot delete or rename a file object while the file system is busy." )
ER2( PR_NOT_SAME_DEVICE_ERROR, ER2( PR_NOT_SAME_DEVICE_ERROR,
"Cannot rename a file to a file system on another device." ) "Cannot rename a file to a file system on another device." )
ER2( PR_DIRECTORY_CORRUPTED_ERROR, ER2( PR_DIRECTORY_CORRUPTED_ERROR,
"The directory object in the file system is corrupted." ) "The directory object in the file system is corrupted." )
ER2( PR_FILE_EXISTS_ERROR, ER2( PR_FILE_EXISTS_ERROR,
"Cannot create or rename a filename that already exists." ) "Cannot create or rename a filename that already exists." )
ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR, ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR,
"Directory is full. No additional filenames may be added." ) "Directory is full. No additional filenames may be added." )
ER2( PR_INVALID_DEVICE_STATE_ERROR, ER2( PR_INVALID_DEVICE_STATE_ERROR,
"The required device was in an invalid state." ) "The required device was in an invalid state." )
ER2( PR_DEVICE_IS_LOCKED_ERROR, "The device is locked." ) ER2( PR_DEVICE_IS_LOCKED_ERROR, "The device is locked." )
ER2( PR_NO_MORE_FILES_ERROR, "No more entries in the directory." ) ER2( PR_NO_MORE_FILES_ERROR, "No more entries in the directory." )
ER2( PR_END_OF_FILE_ERROR, "Encountered end of file." ) ER2( PR_END_OF_FILE_ERROR, "Encountered end of file." )
ER2( PR_FILE_SEEK_ERROR, "Seek error." ) ER2( PR_FILE_SEEK_ERROR, "Seek error." )
ER2( PR_FILE_IS_BUSY_ERROR, "The file is busy." ) ER2( PR_FILE_IS_BUSY_ERROR, "The file is busy." )
ER2( PR_IN_PROGRESS_ERROR, ER2( PR_IN_PROGRESS_ERROR,
"Operation is still in progress (probably a non-blocking connect)." ) "Operation is still in progress (probably a non-blocking connect)." )
ER2( PR_ALREADY_INITIATED_ERROR, ER2( PR_ALREADY_INITIATED_ERROR,
"Operation has already been initiated (probably a non-blocking connect)." ) "Operation has already been initiated (probably a non-blocking connect)." )
#ifdef PR_GROUP_EMPTY_ERROR #ifdef PR_GROUP_EMPTY_ERROR
ER2( PR_GROUP_EMPTY_ERROR, "The wait group is empty." ) ER2( PR_GROUP_EMPTY_ERROR, "The wait group is empty." )
#endif #endif
#ifdef PR_INVALID_STATE_ERROR #ifdef PR_INVALID_STATE_ERROR
ER2( PR_INVALID_STATE_ERROR, "Object state improper for request." ) ER2( PR_INVALID_STATE_ERROR, "Object state improper for request." )
#endif #endif
#ifdef PR_NETWORK_DOWN_ERROR #ifdef PR_NETWORK_DOWN_ERROR
ER2( PR_NETWORK_DOWN_ERROR, "Network is down." ) ER2( PR_NETWORK_DOWN_ERROR, "Network is down." )
#endif #endif
#ifdef PR_SOCKET_SHUTDOWN_ERROR #ifdef PR_SOCKET_SHUTDOWN_ERROR
ER2( PR_SOCKET_SHUTDOWN_ERROR, "The socket was previously shut down." ) ER2( PR_SOCKET_SHUTDOWN_ERROR, "The socket was previously shut down." )
#endif #endif
#ifdef PR_CONNECT_ABORTED_ERROR #ifdef PR_CONNECT_ABORTED_ERROR
ER2( PR_CONNECT_ABORTED_ERROR, "TCP Connection aborted." ) ER2( PR_CONNECT_ABORTED_ERROR, "TCP Connection aborted." )
#endif #endif
#ifdef PR_HOST_UNREACHABLE_ERROR #ifdef PR_HOST_UNREACHABLE_ERROR
ER2( PR_HOST_UNREACHABLE_ERROR, "Host is unreachable." ) ER2( PR_HOST_UNREACHABLE_ERROR, "Host is unreachable." )
#endif #endif
/* always last */ /* always last */
ER2( PR_MAX_ERROR, "Placeholder for the end of the list" ) ER2( PR_MAX_ERROR, "Placeholder for the end of the list" )

312
SECerrs.h
View File

@ -37,448 +37,448 @@
/* General security error codes */ /* General security error codes */
/* Caller must #include <secerr.h> */ /* Caller must #include <secerr.h> */
ER3(SEC_ERROR_IO, SEC_ERROR_BASE + 0, ER3(SEC_ERROR_IO, SEC_ERROR_BASE + 0,
"An I/O error occurred during security authorization.") "An I/O error occurred during security authorization.")
ER3(SEC_ERROR_LIBRARY_FAILURE, SEC_ERROR_BASE + 1, ER3(SEC_ERROR_LIBRARY_FAILURE, SEC_ERROR_BASE + 1,
"security library failure.") "security library failure.")
ER3(SEC_ERROR_BAD_DATA, SEC_ERROR_BASE + 2, ER3(SEC_ERROR_BAD_DATA, SEC_ERROR_BASE + 2,
"security library: received bad data.") "security library: received bad data.")
ER3(SEC_ERROR_OUTPUT_LEN, SEC_ERROR_BASE + 3, ER3(SEC_ERROR_OUTPUT_LEN, SEC_ERROR_BASE + 3,
"security library: output length error.") "security library: output length error.")
ER3(SEC_ERROR_INPUT_LEN, SEC_ERROR_BASE + 4, ER3(SEC_ERROR_INPUT_LEN, SEC_ERROR_BASE + 4,
"security library has experienced an input length error.") "security library has experienced an input length error.")
ER3(SEC_ERROR_INVALID_ARGS, SEC_ERROR_BASE + 5, ER3(SEC_ERROR_INVALID_ARGS, SEC_ERROR_BASE + 5,
"security library: invalid arguments.") "security library: invalid arguments.")
ER3(SEC_ERROR_INVALID_ALGORITHM, SEC_ERROR_BASE + 6, ER3(SEC_ERROR_INVALID_ALGORITHM, SEC_ERROR_BASE + 6,
"security library: invalid algorithm.") "security library: invalid algorithm.")
ER3(SEC_ERROR_INVALID_AVA, SEC_ERROR_BASE + 7, ER3(SEC_ERROR_INVALID_AVA, SEC_ERROR_BASE + 7,
"security library: invalid AVA.") "security library: invalid AVA.")
ER3(SEC_ERROR_INVALID_TIME, SEC_ERROR_BASE + 8, ER3(SEC_ERROR_INVALID_TIME, SEC_ERROR_BASE + 8,
"Improperly formatted time string.") "Improperly formatted time string.")
ER3(SEC_ERROR_BAD_DER, SEC_ERROR_BASE + 9, ER3(SEC_ERROR_BAD_DER, SEC_ERROR_BASE + 9,
"security library: improperly formatted DER-encoded message.") "security library: improperly formatted DER-encoded message.")
ER3(SEC_ERROR_BAD_SIGNATURE, SEC_ERROR_BASE + 10, ER3(SEC_ERROR_BAD_SIGNATURE, SEC_ERROR_BASE + 10,
"Peer's certificate has an invalid signature.") "Peer's certificate has an invalid signature.")
ER3(SEC_ERROR_EXPIRED_CERTIFICATE, SEC_ERROR_BASE + 11, ER3(SEC_ERROR_EXPIRED_CERTIFICATE, SEC_ERROR_BASE + 11,
"Peer's Certificate has expired.") "Peer's Certificate has expired.")
ER3(SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_BASE + 12, ER3(SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_BASE + 12,
"Peer's Certificate has been revoked.") "Peer's Certificate has been revoked.")
ER3(SEC_ERROR_UNKNOWN_ISSUER, SEC_ERROR_BASE + 13, ER3(SEC_ERROR_UNKNOWN_ISSUER, SEC_ERROR_BASE + 13,
"Peer's Certificate issuer is not recognized.") "Peer's Certificate issuer is not recognized.")
ER3(SEC_ERROR_BAD_KEY, SEC_ERROR_BASE + 14, ER3(SEC_ERROR_BAD_KEY, SEC_ERROR_BASE + 14,
"Peer's public key is invalid.") "Peer's public key is invalid.")
ER3(SEC_ERROR_BAD_PASSWORD, SEC_ERROR_BASE + 15, ER3(SEC_ERROR_BAD_PASSWORD, SEC_ERROR_BASE + 15,
"The security password entered is incorrect.") "The security password entered is incorrect.")
ER3(SEC_ERROR_RETRY_PASSWORD, SEC_ERROR_BASE + 16, ER3(SEC_ERROR_RETRY_PASSWORD, SEC_ERROR_BASE + 16,
"New password entered incorrectly. Please try again.") "New password entered incorrectly. Please try again.")
ER3(SEC_ERROR_NO_NODELOCK, SEC_ERROR_BASE + 17, ER3(SEC_ERROR_NO_NODELOCK, SEC_ERROR_BASE + 17,
"security library: no nodelock.") "security library: no nodelock.")
ER3(SEC_ERROR_BAD_DATABASE, SEC_ERROR_BASE + 18, ER3(SEC_ERROR_BAD_DATABASE, SEC_ERROR_BASE + 18,
"security library: bad database.") "security library: bad database.")
ER3(SEC_ERROR_NO_MEMORY, SEC_ERROR_BASE + 19, ER3(SEC_ERROR_NO_MEMORY, SEC_ERROR_BASE + 19,
"security library: memory allocation failure.") "security library: memory allocation failure.")
ER3(SEC_ERROR_UNTRUSTED_ISSUER, SEC_ERROR_BASE + 20, ER3(SEC_ERROR_UNTRUSTED_ISSUER, SEC_ERROR_BASE + 20,
"Peer's certificate issuer has been marked as not trusted by the user.") "Peer's certificate issuer has been marked as not trusted by the user.")
ER3(SEC_ERROR_UNTRUSTED_CERT, SEC_ERROR_BASE + 21, ER3(SEC_ERROR_UNTRUSTED_CERT, SEC_ERROR_BASE + 21,
"Peer's certificate has been marked as not trusted by the user.") "Peer's certificate has been marked as not trusted by the user.")
ER3(SEC_ERROR_DUPLICATE_CERT, (SEC_ERROR_BASE + 22), ER3(SEC_ERROR_DUPLICATE_CERT, (SEC_ERROR_BASE + 22),
"Certificate already exists in your database.") "Certificate already exists in your database.")
ER3(SEC_ERROR_DUPLICATE_CERT_NAME, (SEC_ERROR_BASE + 23), ER3(SEC_ERROR_DUPLICATE_CERT_NAME, (SEC_ERROR_BASE + 23),
"Downloaded certificate's name duplicates one already in your database.") "Downloaded certificate's name duplicates one already in your database.")
ER3(SEC_ERROR_ADDING_CERT, (SEC_ERROR_BASE + 24), ER3(SEC_ERROR_ADDING_CERT, (SEC_ERROR_BASE + 24),
"Error adding certificate to database.") "Error adding certificate to database.")
ER3(SEC_ERROR_FILING_KEY, (SEC_ERROR_BASE + 25), ER3(SEC_ERROR_FILING_KEY, (SEC_ERROR_BASE + 25),
"Error refiling the key for this certificate.") "Error refiling the key for this certificate.")
ER3(SEC_ERROR_NO_KEY, (SEC_ERROR_BASE + 26), ER3(SEC_ERROR_NO_KEY, (SEC_ERROR_BASE + 26),
"The private key for this certificate cannot be found in key database") "The private key for this certificate cannot be found in key database")
ER3(SEC_ERROR_CERT_VALID, (SEC_ERROR_BASE + 27), ER3(SEC_ERROR_CERT_VALID, (SEC_ERROR_BASE + 27),
"This certificate is valid.") "This certificate is valid.")
ER3(SEC_ERROR_CERT_NOT_VALID, (SEC_ERROR_BASE + 28), ER3(SEC_ERROR_CERT_NOT_VALID, (SEC_ERROR_BASE + 28),
"This certificate is not valid.") "This certificate is not valid.")
ER3(SEC_ERROR_CERT_NO_RESPONSE, (SEC_ERROR_BASE + 29), ER3(SEC_ERROR_CERT_NO_RESPONSE, (SEC_ERROR_BASE + 29),
"Cert Library: No Response") "Cert Library: No Response")
ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, (SEC_ERROR_BASE + 30), ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, (SEC_ERROR_BASE + 30),
"The certificate issuer's certificate has expired. Check your system date and time.") "The certificate issuer's certificate has expired. Check your system date and time.")
ER3(SEC_ERROR_CRL_EXPIRED, (SEC_ERROR_BASE + 31), ER3(SEC_ERROR_CRL_EXPIRED, (SEC_ERROR_BASE + 31),
"The CRL for the certificate's issuer has expired. Update it or check your system date and time.") "The CRL for the certificate's issuer has expired. Update it or check your system date and time.")
ER3(SEC_ERROR_CRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 32), ER3(SEC_ERROR_CRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 32),
"The CRL for the certificate's issuer has an invalid signature.") "The CRL for the certificate's issuer has an invalid signature.")
ER3(SEC_ERROR_CRL_INVALID, (SEC_ERROR_BASE + 33), ER3(SEC_ERROR_CRL_INVALID, (SEC_ERROR_BASE + 33),
"New CRL has an invalid format.") "New CRL has an invalid format.")
ER3(SEC_ERROR_EXTENSION_VALUE_INVALID, (SEC_ERROR_BASE + 34), ER3(SEC_ERROR_EXTENSION_VALUE_INVALID, (SEC_ERROR_BASE + 34),
"Certificate extension value is invalid.") "Certificate extension value is invalid.")
ER3(SEC_ERROR_EXTENSION_NOT_FOUND, (SEC_ERROR_BASE + 35), ER3(SEC_ERROR_EXTENSION_NOT_FOUND, (SEC_ERROR_BASE + 35),
"Certificate extension not found.") "Certificate extension not found.")
ER3(SEC_ERROR_CA_CERT_INVALID, (SEC_ERROR_BASE + 36), ER3(SEC_ERROR_CA_CERT_INVALID, (SEC_ERROR_BASE + 36),
"Issuer certificate is invalid.") "Issuer certificate is invalid.")
ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID, (SEC_ERROR_BASE + 37), ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID, (SEC_ERROR_BASE + 37),
"Certificate path length constraint is invalid.") "Certificate path length constraint is invalid.")
ER3(SEC_ERROR_CERT_USAGES_INVALID, (SEC_ERROR_BASE + 38), ER3(SEC_ERROR_CERT_USAGES_INVALID, (SEC_ERROR_BASE + 38),
"Certificate usages field is invalid.") "Certificate usages field is invalid.")
ER3(SEC_INTERNAL_ONLY, (SEC_ERROR_BASE + 39), ER3(SEC_INTERNAL_ONLY, (SEC_ERROR_BASE + 39),
"**Internal ONLY module**") "**Internal ONLY module**")
ER3(SEC_ERROR_INVALID_KEY, (SEC_ERROR_BASE + 40), ER3(SEC_ERROR_INVALID_KEY, (SEC_ERROR_BASE + 40),
"The key does not support the requested operation.") "The key does not support the requested operation.")
ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 41), ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 41),
"Certificate contains unknown critical extension.") "Certificate contains unknown critical extension.")
ER3(SEC_ERROR_OLD_CRL, (SEC_ERROR_BASE + 42), ER3(SEC_ERROR_OLD_CRL, (SEC_ERROR_BASE + 42),
"New CRL is not later than the current one.") "New CRL is not later than the current one.")
ER3(SEC_ERROR_NO_EMAIL_CERT, (SEC_ERROR_BASE + 43), ER3(SEC_ERROR_NO_EMAIL_CERT, (SEC_ERROR_BASE + 43),
"Not encrypted or signed: you do not yet have an email certificate.") "Not encrypted or signed: you do not yet have an email certificate.")
ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY, (SEC_ERROR_BASE + 44), ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY, (SEC_ERROR_BASE + 44),
"Not encrypted: you do not have certificates for each of the recipients.") "Not encrypted: you do not have certificates for each of the recipients.")
ER3(SEC_ERROR_NOT_A_RECIPIENT, (SEC_ERROR_BASE + 45), ER3(SEC_ERROR_NOT_A_RECIPIENT, (SEC_ERROR_BASE + 45),
"Cannot decrypt: you are not a recipient, or matching certificate and \ "Cannot decrypt: you are not a recipient, or matching certificate and \
private key not found.") private key not found.")
ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH, (SEC_ERROR_BASE + 46), ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH, (SEC_ERROR_BASE + 46),
"Cannot decrypt: key encryption algorithm does not match your certificate.") "Cannot decrypt: key encryption algorithm does not match your certificate.")
ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE, (SEC_ERROR_BASE + 47), ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE, (SEC_ERROR_BASE + 47),
"Signature verification failed: no signer found, too many signers found, \ "Signature verification failed: no signer found, too many signers found, \
or improper or corrupted data.") or improper or corrupted data.")
ER3(SEC_ERROR_UNSUPPORTED_KEYALG, (SEC_ERROR_BASE + 48), ER3(SEC_ERROR_UNSUPPORTED_KEYALG, (SEC_ERROR_BASE + 48),
"Unsupported or unknown key algorithm.") "Unsupported or unknown key algorithm.")
ER3(SEC_ERROR_DECRYPTION_DISALLOWED, (SEC_ERROR_BASE + 49), ER3(SEC_ERROR_DECRYPTION_DISALLOWED, (SEC_ERROR_BASE + 49),
"Cannot decrypt: encrypted using a disallowed algorithm or key size.") "Cannot decrypt: encrypted using a disallowed algorithm or key size.")
/* Fortezza Alerts */ /* Fortezza Alerts */
ER3(XP_SEC_FORTEZZA_BAD_CARD, (SEC_ERROR_BASE + 50), ER3(XP_SEC_FORTEZZA_BAD_CARD, (SEC_ERROR_BASE + 50),
"Fortezza card has not been properly initialized. \ "Fortezza card has not been properly initialized. \
Please remove it and return it to your issuer.") Please remove it and return it to your issuer.")
ER3(XP_SEC_FORTEZZA_NO_CARD, (SEC_ERROR_BASE + 51), ER3(XP_SEC_FORTEZZA_NO_CARD, (SEC_ERROR_BASE + 51),
"No Fortezza cards Found") "No Fortezza cards Found")
ER3(XP_SEC_FORTEZZA_NONE_SELECTED, (SEC_ERROR_BASE + 52), ER3(XP_SEC_FORTEZZA_NONE_SELECTED, (SEC_ERROR_BASE + 52),
"No Fortezza card selected") "No Fortezza card selected")
ER3(XP_SEC_FORTEZZA_MORE_INFO, (SEC_ERROR_BASE + 53), ER3(XP_SEC_FORTEZZA_MORE_INFO, (SEC_ERROR_BASE + 53),
"Please select a personality to get more info on") "Please select a personality to get more info on")
ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND, (SEC_ERROR_BASE + 54), ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND, (SEC_ERROR_BASE + 54),
"Personality not found") "Personality not found")
ER3(XP_SEC_FORTEZZA_NO_MORE_INFO, (SEC_ERROR_BASE + 55), ER3(XP_SEC_FORTEZZA_NO_MORE_INFO, (SEC_ERROR_BASE + 55),
"No more information on that Personality") "No more information on that Personality")
ER3(XP_SEC_FORTEZZA_BAD_PIN, (SEC_ERROR_BASE + 56), ER3(XP_SEC_FORTEZZA_BAD_PIN, (SEC_ERROR_BASE + 56),
"Invalid Pin") "Invalid Pin")
ER3(XP_SEC_FORTEZZA_PERSON_ERROR, (SEC_ERROR_BASE + 57), ER3(XP_SEC_FORTEZZA_PERSON_ERROR, (SEC_ERROR_BASE + 57),
"Couldn't initialize Fortezza personalities.") "Couldn't initialize Fortezza personalities.")
/* end fortezza alerts. */ /* end fortezza alerts. */
ER3(SEC_ERROR_NO_KRL, (SEC_ERROR_BASE + 58), ER3(SEC_ERROR_NO_KRL, (SEC_ERROR_BASE + 58),
"No KRL for this site's certificate has been found.") "No KRL for this site's certificate has been found.")
ER3(SEC_ERROR_KRL_EXPIRED, (SEC_ERROR_BASE + 59), ER3(SEC_ERROR_KRL_EXPIRED, (SEC_ERROR_BASE + 59),
"The KRL for this site's certificate has expired.") "The KRL for this site's certificate has expired.")
ER3(SEC_ERROR_KRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 60), ER3(SEC_ERROR_KRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 60),
"The KRL for this site's certificate has an invalid signature.") "The KRL for this site's certificate has an invalid signature.")
ER3(SEC_ERROR_REVOKED_KEY, (SEC_ERROR_BASE + 61), ER3(SEC_ERROR_REVOKED_KEY, (SEC_ERROR_BASE + 61),
"The key for this site's certificate has been revoked.") "The key for this site's certificate has been revoked.")
ER3(SEC_ERROR_KRL_INVALID, (SEC_ERROR_BASE + 62), ER3(SEC_ERROR_KRL_INVALID, (SEC_ERROR_BASE + 62),
"New KRL has an invalid format.") "New KRL has an invalid format.")
ER3(SEC_ERROR_NEED_RANDOM, (SEC_ERROR_BASE + 63), ER3(SEC_ERROR_NEED_RANDOM, (SEC_ERROR_BASE + 63),
"security library: need random data.") "security library: need random data.")
ER3(SEC_ERROR_NO_MODULE, (SEC_ERROR_BASE + 64), ER3(SEC_ERROR_NO_MODULE, (SEC_ERROR_BASE + 64),
"security library: no security module can perform the requested operation.") "security library: no security module can perform the requested operation.")
ER3(SEC_ERROR_NO_TOKEN, (SEC_ERROR_BASE + 65), ER3(SEC_ERROR_NO_TOKEN, (SEC_ERROR_BASE + 65),
"The security card or token does not exist, needs to be initialized, or has been removed.") "The security card or token does not exist, needs to be initialized, or has been removed.")
ER3(SEC_ERROR_READ_ONLY, (SEC_ERROR_BASE + 66), ER3(SEC_ERROR_READ_ONLY, (SEC_ERROR_BASE + 66),
"security library: read-only database.") "security library: read-only database.")
ER3(SEC_ERROR_NO_SLOT_SELECTED, (SEC_ERROR_BASE + 67), ER3(SEC_ERROR_NO_SLOT_SELECTED, (SEC_ERROR_BASE + 67),
"No slot or token was selected.") "No slot or token was selected.")
ER3(SEC_ERROR_CERT_NICKNAME_COLLISION, (SEC_ERROR_BASE + 68), ER3(SEC_ERROR_CERT_NICKNAME_COLLISION, (SEC_ERROR_BASE + 68),
"A certificate with the same nickname already exists.") "A certificate with the same nickname already exists.")
ER3(SEC_ERROR_KEY_NICKNAME_COLLISION, (SEC_ERROR_BASE + 69), ER3(SEC_ERROR_KEY_NICKNAME_COLLISION, (SEC_ERROR_BASE + 69),
"A key with the same nickname already exists.") "A key with the same nickname already exists.")
ER3(SEC_ERROR_SAFE_NOT_CREATED, (SEC_ERROR_BASE + 70), ER3(SEC_ERROR_SAFE_NOT_CREATED, (SEC_ERROR_BASE + 70),
"error while creating safe object") "error while creating safe object")
ER3(SEC_ERROR_BAGGAGE_NOT_CREATED, (SEC_ERROR_BASE + 71), ER3(SEC_ERROR_BAGGAGE_NOT_CREATED, (SEC_ERROR_BASE + 71),
"error while creating baggage object") "error while creating baggage object")
ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR, (SEC_ERROR_BASE + 72), ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR, (SEC_ERROR_BASE + 72),
"Couldn't remove the principal") "Couldn't remove the principal")
ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR, (SEC_ERROR_BASE + 73), ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR, (SEC_ERROR_BASE + 73),
"Couldn't delete the privilege") "Couldn't delete the privilege")
ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR, (SEC_ERROR_BASE + 74), ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR, (SEC_ERROR_BASE + 74),
"This principal doesn't have a certificate") "This principal doesn't have a certificate")
ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM, (SEC_ERROR_BASE + 75), ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM, (SEC_ERROR_BASE + 75),
"Required algorithm is not allowed.") "Required algorithm is not allowed.")
ER3(SEC_ERROR_EXPORTING_CERTIFICATES, (SEC_ERROR_BASE + 76), ER3(SEC_ERROR_EXPORTING_CERTIFICATES, (SEC_ERROR_BASE + 76),
"Error attempting to export certificates.") "Error attempting to export certificates.")
ER3(SEC_ERROR_IMPORTING_CERTIFICATES, (SEC_ERROR_BASE + 77), ER3(SEC_ERROR_IMPORTING_CERTIFICATES, (SEC_ERROR_BASE + 77),
"Error attempting to import certificates.") "Error attempting to import certificates.")
ER3(SEC_ERROR_PKCS12_DECODING_PFX, (SEC_ERROR_BASE + 78), ER3(SEC_ERROR_PKCS12_DECODING_PFX, (SEC_ERROR_BASE + 78),
"Unable to import. Decoding error. File not valid.") "Unable to import. Decoding error. File not valid.")
ER3(SEC_ERROR_PKCS12_INVALID_MAC, (SEC_ERROR_BASE + 79), ER3(SEC_ERROR_PKCS12_INVALID_MAC, (SEC_ERROR_BASE + 79),
"Unable to import. Invalid MAC. Incorrect password or corrupt file.") "Unable to import. Invalid MAC. Incorrect password or corrupt file.")
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM, (SEC_ERROR_BASE + 80), ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM, (SEC_ERROR_BASE + 80),
"Unable to import. MAC algorithm not supported.") "Unable to import. MAC algorithm not supported.")
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE,(SEC_ERROR_BASE + 81), ER3(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE,(SEC_ERROR_BASE + 81),
"Unable to import. Only password integrity and privacy modes supported.") "Unable to import. Only password integrity and privacy modes supported.")
ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE, (SEC_ERROR_BASE + 82), ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE, (SEC_ERROR_BASE + 82),
"Unable to import. File structure is corrupt.") "Unable to import. File structure is corrupt.")
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM, (SEC_ERROR_BASE + 83), ER3(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM, (SEC_ERROR_BASE + 83),
"Unable to import. Encryption algorithm not supported.") "Unable to import. Encryption algorithm not supported.")
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION, (SEC_ERROR_BASE + 84), ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION, (SEC_ERROR_BASE + 84),
"Unable to import. File version not supported.") "Unable to import. File version not supported.")
ER3(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT,(SEC_ERROR_BASE + 85), ER3(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT,(SEC_ERROR_BASE + 85),
"Unable to import. Incorrect privacy password.") "Unable to import. Incorrect privacy password.")
ER3(SEC_ERROR_PKCS12_CERT_COLLISION, (SEC_ERROR_BASE + 86), ER3(SEC_ERROR_PKCS12_CERT_COLLISION, (SEC_ERROR_BASE + 86),
"Unable to import. Same nickname already exists in database.") "Unable to import. Same nickname already exists in database.")
ER3(SEC_ERROR_USER_CANCELLED, (SEC_ERROR_BASE + 87), ER3(SEC_ERROR_USER_CANCELLED, (SEC_ERROR_BASE + 87),
"The user pressed cancel.") "The user pressed cancel.")
ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA, (SEC_ERROR_BASE + 88), ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA, (SEC_ERROR_BASE + 88),
"Not imported, already in database.") "Not imported, already in database.")
ER3(SEC_ERROR_MESSAGE_SEND_ABORTED, (SEC_ERROR_BASE + 89), ER3(SEC_ERROR_MESSAGE_SEND_ABORTED, (SEC_ERROR_BASE + 89),
"Message not sent.") "Message not sent.")
ER3(SEC_ERROR_INADEQUATE_KEY_USAGE, (SEC_ERROR_BASE + 90), ER3(SEC_ERROR_INADEQUATE_KEY_USAGE, (SEC_ERROR_BASE + 90),
"Certificate key usage inadequate for attempted operation.") "Certificate key usage inadequate for attempted operation.")
ER3(SEC_ERROR_INADEQUATE_CERT_TYPE, (SEC_ERROR_BASE + 91), ER3(SEC_ERROR_INADEQUATE_CERT_TYPE, (SEC_ERROR_BASE + 91),
"Certificate type not approved for application.") "Certificate type not approved for application.")
ER3(SEC_ERROR_CERT_ADDR_MISMATCH, (SEC_ERROR_BASE + 92), ER3(SEC_ERROR_CERT_ADDR_MISMATCH, (SEC_ERROR_BASE + 92),
"Address in signing certificate does not match address in message headers.") "Address in signing certificate does not match address in message headers.")
ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY, (SEC_ERROR_BASE + 93), ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY, (SEC_ERROR_BASE + 93),
"Unable to import. Error attempting to import private key.") "Unable to import. Error attempting to import private key.")
ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN, (SEC_ERROR_BASE + 94), ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN, (SEC_ERROR_BASE + 94),
"Unable to import. Error attempting to import certificate chain.") "Unable to import. Error attempting to import certificate chain.")
ER3(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME, (SEC_ERROR_BASE + 95), ER3(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME, (SEC_ERROR_BASE + 95),
"Unable to export. Unable to locate certificate or key by nickname.") "Unable to export. Unable to locate certificate or key by nickname.")
ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY, (SEC_ERROR_BASE + 96), ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY, (SEC_ERROR_BASE + 96),
"Unable to export. Private Key could not be located and exported.") "Unable to export. Private Key could not be located and exported.")
ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, (SEC_ERROR_BASE + 97), ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, (SEC_ERROR_BASE + 97),
"Unable to export. Unable to write the export file.") "Unable to export. Unable to write the export file.")
ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ, (SEC_ERROR_BASE + 98), ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ, (SEC_ERROR_BASE + 98),
"Unable to import. Unable to read the import file.") "Unable to import. Unable to read the import file.")
ER3(SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED, (SEC_ERROR_BASE + 99), ER3(SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED, (SEC_ERROR_BASE + 99),
"Unable to export. Key database corrupt or deleted.") "Unable to export. Key database corrupt or deleted.")
ER3(SEC_ERROR_KEYGEN_FAIL, (SEC_ERROR_BASE + 100), ER3(SEC_ERROR_KEYGEN_FAIL, (SEC_ERROR_BASE + 100),
"Unable to generate public/private key pair.") "Unable to generate public/private key pair.")
ER3(SEC_ERROR_INVALID_PASSWORD, (SEC_ERROR_BASE + 101), ER3(SEC_ERROR_INVALID_PASSWORD, (SEC_ERROR_BASE + 101),
"Password entered is invalid. Please pick a different one.") "Password entered is invalid. Please pick a different one.")
ER3(SEC_ERROR_RETRY_OLD_PASSWORD, (SEC_ERROR_BASE + 102), ER3(SEC_ERROR_RETRY_OLD_PASSWORD, (SEC_ERROR_BASE + 102),
"Old password entered incorrectly. Please try again.") "Old password entered incorrectly. Please try again.")
ER3(SEC_ERROR_BAD_NICKNAME, (SEC_ERROR_BASE + 103), ER3(SEC_ERROR_BAD_NICKNAME, (SEC_ERROR_BASE + 103),
"Certificate nickname already in use.") "Certificate nickname already in use.")
ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER, (SEC_ERROR_BASE + 104), ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER, (SEC_ERROR_BASE + 104),
"Peer FORTEZZA chain has a non-FORTEZZA Certificate.") "Peer FORTEZZA chain has a non-FORTEZZA Certificate.")
ER3(SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY, (SEC_ERROR_BASE + 105), ER3(SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY, (SEC_ERROR_BASE + 105),
"A sensitive key cannot be moved to the slot where it is needed.") "A sensitive key cannot be moved to the slot where it is needed.")
ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, (SEC_ERROR_BASE + 106), ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, (SEC_ERROR_BASE + 106),
"Invalid module name.") "Invalid module name.")
ER3(SEC_ERROR_JS_INVALID_DLL, (SEC_ERROR_BASE + 107), ER3(SEC_ERROR_JS_INVALID_DLL, (SEC_ERROR_BASE + 107),
"Invalid module path/filename") "Invalid module path/filename")
ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, (SEC_ERROR_BASE + 108), ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, (SEC_ERROR_BASE + 108),
"Unable to add module") "Unable to add module")
ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, (SEC_ERROR_BASE + 109), ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, (SEC_ERROR_BASE + 109),
"Unable to delete module") "Unable to delete module")
ER3(SEC_ERROR_OLD_KRL, (SEC_ERROR_BASE + 110), ER3(SEC_ERROR_OLD_KRL, (SEC_ERROR_BASE + 110),
"New KRL is not later than the current one.") "New KRL is not later than the current one.")
ER3(SEC_ERROR_CKL_CONFLICT, (SEC_ERROR_BASE + 111), ER3(SEC_ERROR_CKL_CONFLICT, (SEC_ERROR_BASE + 111),
"New CKL has different issuer than current CKL. Delete current CKL.") "New CKL has different issuer than current CKL. Delete current CKL.")
ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, (SEC_ERROR_BASE + 112), ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, (SEC_ERROR_BASE + 112),
"The Certifying Authority for this certificate is not permitted to issue a \ "The Certifying Authority for this certificate is not permitted to issue a \
certificate with this name.") certificate with this name.")
ER3(SEC_ERROR_KRL_NOT_YET_VALID, (SEC_ERROR_BASE + 113), ER3(SEC_ERROR_KRL_NOT_YET_VALID, (SEC_ERROR_BASE + 113),
"The key revocation list for this certificate is not yet valid.") "The key revocation list for this certificate is not yet valid.")
ER3(SEC_ERROR_CRL_NOT_YET_VALID, (SEC_ERROR_BASE + 114), ER3(SEC_ERROR_CRL_NOT_YET_VALID, (SEC_ERROR_BASE + 114),
"The certificate revocation list for this certificate is not yet valid.") "The certificate revocation list for this certificate is not yet valid.")
ER3(SEC_ERROR_UNKNOWN_CERT, (SEC_ERROR_BASE + 115), ER3(SEC_ERROR_UNKNOWN_CERT, (SEC_ERROR_BASE + 115),
"The requested certificate could not be found.") "The requested certificate could not be found.")
ER3(SEC_ERROR_UNKNOWN_SIGNER, (SEC_ERROR_BASE + 116), ER3(SEC_ERROR_UNKNOWN_SIGNER, (SEC_ERROR_BASE + 116),
"The signer's certificate could not be found.") "The signer's certificate could not be found.")
ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, (SEC_ERROR_BASE + 117), ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, (SEC_ERROR_BASE + 117),
"The location for the certificate status server has invalid format.") "The location for the certificate status server has invalid format.")
ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE, (SEC_ERROR_BASE + 118), ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE, (SEC_ERROR_BASE + 118),
"The OCSP response cannot be fully decoded; it is of an unknown type.") "The OCSP response cannot be fully decoded; it is of an unknown type.")
ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 119), ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 119),
"The OCSP server returned unexpected/invalid HTTP data.") "The OCSP server returned unexpected/invalid HTTP data.")
ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST, (SEC_ERROR_BASE + 120), ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST, (SEC_ERROR_BASE + 120),
"The OCSP server found the request to be corrupted or improperly formed.") "The OCSP server found the request to be corrupted or improperly formed.")
ER3(SEC_ERROR_OCSP_SERVER_ERROR, (SEC_ERROR_BASE + 121), ER3(SEC_ERROR_OCSP_SERVER_ERROR, (SEC_ERROR_BASE + 121),
"The OCSP server experienced an internal error.") "The OCSP server experienced an internal error.")
ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER, (SEC_ERROR_BASE + 122), ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER, (SEC_ERROR_BASE + 122),
"The OCSP server suggests trying again later.") "The OCSP server suggests trying again later.")
ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, (SEC_ERROR_BASE + 123), ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, (SEC_ERROR_BASE + 123),
"The OCSP server requires a signature on this request.") "The OCSP server requires a signature on this request.")
ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, (SEC_ERROR_BASE + 124), ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, (SEC_ERROR_BASE + 124),
"The OCSP server has refused this request as unauthorized.") "The OCSP server has refused this request as unauthorized.")
ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, (SEC_ERROR_BASE + 125), ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, (SEC_ERROR_BASE + 125),
"The OCSP server returned an unrecognizable status.") "The OCSP server returned an unrecognizable status.")
ER3(SEC_ERROR_OCSP_UNKNOWN_CERT, (SEC_ERROR_BASE + 126), ER3(SEC_ERROR_OCSP_UNKNOWN_CERT, (SEC_ERROR_BASE + 126),
"The OCSP server has no status for the certificate.") "The OCSP server has no status for the certificate.")
ER3(SEC_ERROR_OCSP_NOT_ENABLED, (SEC_ERROR_BASE + 127), ER3(SEC_ERROR_OCSP_NOT_ENABLED, (SEC_ERROR_BASE + 127),
"You must enable OCSP before performing this operation.") "You must enable OCSP before performing this operation.")
ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER, (SEC_ERROR_BASE + 128), ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER, (SEC_ERROR_BASE + 128),
"You must set the OCSP default responder before performing this operation.") "You must set the OCSP default responder before performing this operation.")
ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE, (SEC_ERROR_BASE + 129), ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE, (SEC_ERROR_BASE + 129),
"The response from the OCSP server was corrupted or improperly formed.") "The response from the OCSP server was corrupted or improperly formed.")
ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE, (SEC_ERROR_BASE + 130), ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE, (SEC_ERROR_BASE + 130),
"The signer of the OCSP response is not authorized to give status for \ "The signer of the OCSP response is not authorized to give status for \
this certificate.") this certificate.")
ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE, (SEC_ERROR_BASE + 131), ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE, (SEC_ERROR_BASE + 131),
"The OCSP response is not yet valid (contains a date in the future).") "The OCSP response is not yet valid (contains a date in the future).")
ER3(SEC_ERROR_OCSP_OLD_RESPONSE, (SEC_ERROR_BASE + 132), ER3(SEC_ERROR_OCSP_OLD_RESPONSE, (SEC_ERROR_BASE + 132),
"The OCSP response contains out-of-date information.") "The OCSP response contains out-of-date information.")
ER3(SEC_ERROR_DIGEST_NOT_FOUND, (SEC_ERROR_BASE + 133), ER3(SEC_ERROR_DIGEST_NOT_FOUND, (SEC_ERROR_BASE + 133),
"The CMS or PKCS #7 Digest was not found in signed message.") "The CMS or PKCS #7 Digest was not found in signed message.")
ER3(SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE, (SEC_ERROR_BASE + 134), ER3(SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE, (SEC_ERROR_BASE + 134),
"The CMS or PKCS #7 Message type is unsupported.") "The CMS or PKCS #7 Message type is unsupported.")
ER3(SEC_ERROR_MODULE_STUCK, (SEC_ERROR_BASE + 135), ER3(SEC_ERROR_MODULE_STUCK, (SEC_ERROR_BASE + 135),
"PKCS #11 module could not be removed because it is still in use.") "PKCS #11 module could not be removed because it is still in use.")
ER3(SEC_ERROR_BAD_TEMPLATE, (SEC_ERROR_BASE + 136), ER3(SEC_ERROR_BAD_TEMPLATE, (SEC_ERROR_BASE + 136),
"Could not decode ASN.1 data. Specified template was invalid.") "Could not decode ASN.1 data. Specified template was invalid.")
ER3(SEC_ERROR_CRL_NOT_FOUND, (SEC_ERROR_BASE + 137), ER3(SEC_ERROR_CRL_NOT_FOUND, (SEC_ERROR_BASE + 137),
"No matching CRL was found.") "No matching CRL was found.")
ER3(SEC_ERROR_REUSED_ISSUER_AND_SERIAL, (SEC_ERROR_BASE + 138), ER3(SEC_ERROR_REUSED_ISSUER_AND_SERIAL, (SEC_ERROR_BASE + 138),
"You are attempting to import a cert with the same issuer/serial as \ "You are attempting to import a cert with the same issuer/serial as \
an existing cert, but that is not the same cert.") an existing cert, but that is not the same cert.")
ER3(SEC_ERROR_BUSY, (SEC_ERROR_BASE + 139), ER3(SEC_ERROR_BUSY, (SEC_ERROR_BASE + 139),
"NSS could not shutdown. Objects are still in use.") "NSS could not shutdown. Objects are still in use.")
ER3(SEC_ERROR_EXTRA_INPUT, (SEC_ERROR_BASE + 140), ER3(SEC_ERROR_EXTRA_INPUT, (SEC_ERROR_BASE + 140),
"DER-encoded message contained extra unused data.") "DER-encoded message contained extra unused data.")
ER3(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE, (SEC_ERROR_BASE + 141), ER3(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE, (SEC_ERROR_BASE + 141),
"Unsupported elliptic curve.") "Unsupported elliptic curve.")
ER3(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM, (SEC_ERROR_BASE + 142), ER3(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM, (SEC_ERROR_BASE + 142),
"Unsupported elliptic curve point form.") "Unsupported elliptic curve point form.")
ER3(SEC_ERROR_UNRECOGNIZED_OID, (SEC_ERROR_BASE + 143), ER3(SEC_ERROR_UNRECOGNIZED_OID, (SEC_ERROR_BASE + 143),
"Unrecognized Object Identifier.") "Unrecognized Object Identifier.")
ER3(SEC_ERROR_OCSP_INVALID_SIGNING_CERT, (SEC_ERROR_BASE + 144), ER3(SEC_ERROR_OCSP_INVALID_SIGNING_CERT, (SEC_ERROR_BASE + 144),
"Invalid OCSP signing certificate in OCSP response.") "Invalid OCSP signing certificate in OCSP response.")
ER3(SEC_ERROR_REVOKED_CERTIFICATE_CRL, (SEC_ERROR_BASE + 145), ER3(SEC_ERROR_REVOKED_CERTIFICATE_CRL, (SEC_ERROR_BASE + 145),
@ -496,53 +496,53 @@ ER3(SEC_ERROR_CRL_V1_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 148),
ER3(SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 149), ER3(SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 149),
"Issuer's V2 Certificate Revocation List has an unknown critical extension.") "Issuer's V2 Certificate Revocation List has an unknown critical extension.")
ER3(SEC_ERROR_UNKNOWN_OBJECT_TYPE, (SEC_ERROR_BASE + 150), ER3(SEC_ERROR_UNKNOWN_OBJECT_TYPE, (SEC_ERROR_BASE + 150),
"Unknown object type specified.") "Unknown object type specified.")
ER3(SEC_ERROR_INCOMPATIBLE_PKCS11, (SEC_ERROR_BASE + 151), ER3(SEC_ERROR_INCOMPATIBLE_PKCS11, (SEC_ERROR_BASE + 151),
"PKCS #11 driver violates the spec in an incompatible way.") "PKCS #11 driver violates the spec in an incompatible way.")
ER3(SEC_ERROR_NO_EVENT, (SEC_ERROR_BASE + 152), ER3(SEC_ERROR_NO_EVENT, (SEC_ERROR_BASE + 152),
"No new slot event is available at this time.") "No new slot event is available at this time.")
ER3(SEC_ERROR_CRL_ALREADY_EXISTS, (SEC_ERROR_BASE + 153), ER3(SEC_ERROR_CRL_ALREADY_EXISTS, (SEC_ERROR_BASE + 153),
"CRL already exists.") "CRL already exists.")
ER3(SEC_ERROR_NOT_INITIALIZED, (SEC_ERROR_BASE + 154), ER3(SEC_ERROR_NOT_INITIALIZED, (SEC_ERROR_BASE + 154),
"NSS is not initialized.") "NSS is not initialized.")
ER3(SEC_ERROR_TOKEN_NOT_LOGGED_IN, (SEC_ERROR_BASE + 155), ER3(SEC_ERROR_TOKEN_NOT_LOGGED_IN, (SEC_ERROR_BASE + 155),
"The operation failed because the PKCS#11 token is not logged in.") "The operation failed because the PKCS#11 token is not logged in.")
ER3(SEC_ERROR_OCSP_RESPONDER_CERT_INVALID, (SEC_ERROR_BASE + 156), ER3(SEC_ERROR_OCSP_RESPONDER_CERT_INVALID, (SEC_ERROR_BASE + 156),
"Configured OCSP responder's certificate is invalid.") "Configured OCSP responder's certificate is invalid.")
ER3(SEC_ERROR_OCSP_BAD_SIGNATURE, (SEC_ERROR_BASE + 157), ER3(SEC_ERROR_OCSP_BAD_SIGNATURE, (SEC_ERROR_BASE + 157),
"OCSP response has an invalid signature.") "OCSP response has an invalid signature.")
ER3(SEC_ERROR_OUT_OF_SEARCH_LIMITS, (SEC_ERROR_BASE + 158), ER3(SEC_ERROR_OUT_OF_SEARCH_LIMITS, (SEC_ERROR_BASE + 158),
"Cert validation search is out of search limits") "Cert validation search is out of search limits")
ER3(SEC_ERROR_INVALID_POLICY_MAPPING, (SEC_ERROR_BASE + 159), ER3(SEC_ERROR_INVALID_POLICY_MAPPING, (SEC_ERROR_BASE + 159),
"Policy mapping contains anypolicy") "Policy mapping contains anypolicy")
ER3(SEC_ERROR_POLICY_VALIDATION_FAILED, (SEC_ERROR_BASE + 160), ER3(SEC_ERROR_POLICY_VALIDATION_FAILED, (SEC_ERROR_BASE + 160),
"Cert chain fails policy validation") "Cert chain fails policy validation")
ER3(SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE, (SEC_ERROR_BASE + 161), ER3(SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE, (SEC_ERROR_BASE + 161),
"Unknown location type in cert AIA extension") "Unknown location type in cert AIA extension")
ER3(SEC_ERROR_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 162), ER3(SEC_ERROR_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 162),
"Server returned bad HTTP response") "Server returned bad HTTP response")
ER3(SEC_ERROR_BAD_LDAP_RESPONSE, (SEC_ERROR_BASE + 163), ER3(SEC_ERROR_BAD_LDAP_RESPONSE, (SEC_ERROR_BASE + 163),
"Server returned bad LDAP response") "Server returned bad LDAP response")
ER3(SEC_ERROR_FAILED_TO_ENCODE_DATA, (SEC_ERROR_BASE + 164), ER3(SEC_ERROR_FAILED_TO_ENCODE_DATA, (SEC_ERROR_BASE + 164),
"Failed to encode data with ASN1 encoder") "Failed to encode data with ASN1 encoder")
ER3(SEC_ERROR_BAD_INFO_ACCESS_LOCATION, (SEC_ERROR_BASE + 165), ER3(SEC_ERROR_BAD_INFO_ACCESS_LOCATION, (SEC_ERROR_BASE + 165),
"Bad information access location in cert extension") "Bad information access location in cert extension")
ER3(SEC_ERROR_LIBPKIX_INTERNAL, (SEC_ERROR_BASE + 166), ER3(SEC_ERROR_LIBPKIX_INTERNAL, (SEC_ERROR_BASE + 166),
"Libpkix internal error occured during cert validation.") "Libpkix internal error occured during cert validation.")

400
certext.c
View File

@ -104,8 +104,8 @@ CERT_EncodeSubjectKeyID(PRArenaPool *arena, const SECItem* srcString,
return SECFailure; return SECFailure;
} }
if (SEC_ASN1EncodeItem (arena, encodedValue, srcString, if (SEC_ASN1EncodeItem (arena, encodedValue, srcString,
CERTSubjectKeyIDTemplate) == NULL) { CERTSubjectKeyIDTemplate) == NULL) {
rv = SECFailure; rv = SECFailure;
} }
return(rv); return(rv);
@ -141,82 +141,82 @@ SEC_StringToOID(PLArenaPool *pool, SECItem *to, const char *from, PRUint32 len)
static const char OIDstring[] = {"OID."}; static const char OIDstring[] = {"OID."};
if (!from || !to) { if (!from || !to) {
PORT_SetError(SEC_ERROR_INVALID_ARGS); PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure; return SECFailure;
} }
if (!len) { if (!len) {
len = PL_strlen(from); len = PL_strlen(from);
} }
if (len >= 4 && !PL_strncasecmp(from, OIDstring, 4)) { if (len >= 4 && !PL_strncasecmp(from, OIDstring, 4)) {
from += 4; /* skip leading "OID." if present */ from += 4; /* skip leading "OID." if present */
len -= 4; len -= 4;
} }
if (!len) { if (!len) {
bad_data: bad_data:
PORT_SetError(SEC_ERROR_BAD_DATA); PORT_SetError(SEC_ERROR_BAD_DATA);
return SECFailure; return SECFailure;
} }
do { do {
PRUint32 decimal = 0; PRUint32 decimal = 0;
while (len > 0 && isdigit(*from)) { while (len > 0 && isdigit(*from)) {
PRUint32 addend = (*from++ - '0'); PRUint32 addend = (*from++ - '0');
--len; --len;
if (decimal > max_decimal) /* overflow */ if (decimal > max_decimal) /* overflow */
goto bad_data; goto bad_data;
decimal = (decimal * 10) + addend; decimal = (decimal * 10) + addend;
if (decimal < addend) /* overflow */ if (decimal < addend) /* overflow */
goto bad_data; goto bad_data;
} }
if (len != 0 && *from != '.') { if (len != 0 && *from != '.') {
goto bad_data; goto bad_data;
} }
if (decimal_numbers == 0) { if (decimal_numbers == 0) {
if (decimal > 2) if (decimal > 2)
goto bad_data; goto bad_data;
result[0] = decimal * 40; result[0] = decimal * 40;
result_bytes = 1; result_bytes = 1;
} else if (decimal_numbers == 1) { } else if (decimal_numbers == 1) {
if (decimal > 40) if (decimal > 40)
goto bad_data; goto bad_data;
result[0] += decimal; result[0] += decimal;
} else { } else {
/* encode the decimal number, */ /* encode the decimal number, */
PRUint8 * rp; PRUint8 * rp;
PRUint32 num_bytes = 0; PRUint32 num_bytes = 0;
PRUint32 tmp = decimal; PRUint32 tmp = decimal;
while (tmp) { while (tmp) {
num_bytes++; num_bytes++;
tmp >>= 7; tmp >>= 7;
} }
if (!num_bytes ) if (!num_bytes )
++num_bytes; /* use one byte for a zero value */ ++num_bytes; /* use one byte for a zero value */
if (num_bytes + result_bytes > sizeof result) if (num_bytes + result_bytes > sizeof result)
goto bad_data; goto bad_data;
tmp = num_bytes; tmp = num_bytes;
rp = result + result_bytes - 1; rp = result + result_bytes - 1;
rp[tmp] = (PRUint8)(decimal & 0x7f); rp[tmp] = (PRUint8)(decimal & 0x7f);
decimal >>= 7; decimal >>= 7;
while (--tmp > 0) { while (--tmp > 0) {
rp[tmp] = (PRUint8)(decimal | 0x80); rp[tmp] = (PRUint8)(decimal | 0x80);
decimal >>= 7; decimal >>= 7;
} }
result_bytes += num_bytes; result_bytes += num_bytes;
} }
++decimal_numbers; ++decimal_numbers;
if (len > 0) { /* skip trailing '.' */ if (len > 0) { /* skip trailing '.' */
++from; ++from;
--len; --len;
} }
} while (len > 0); } while (len > 0);
/* now result contains result_bytes of data */ /* now result contains result_bytes of data */
if (to->data && to->len >= result_bytes) { if (to->data && to->len >= result_bytes) {
PORT_Memcpy(to->data, result, to->len = result_bytes); PORT_Memcpy(to->data, result, to->len = result_bytes);
rv = SECSuccess; rv = SECSuccess;
} else { } else {
SECItem result_item = {siBuffer, NULL, 0 }; SECItem result_item = {siBuffer, NULL, 0 };
result_item.data = result; result_item.data = result;
result_item.len = result_bytes; result_item.len = result_bytes;
rv = SECITEM_CopyItem(pool, to, &result_item); rv = SECITEM_CopyItem(pool, to, &result_item);
} }
return rv; return rv;
} }
@ -283,15 +283,15 @@ GetGeneralName (PRArenaPool *arena)
mark = PORT_ArenaMark (arena); mark = PORT_ArenaMark (arena);
do { do {
if (PrintChoicesAndGetAnswer( if (PrintChoicesAndGetAnswer(
"\nSelect one of the following general name type: \n" "\nSelect one of the following general name type: \n"
"\t2 - rfc822Name\n" "\t2 - rfc822Name\n"
"\t3 - dnsName\n" "\t3 - dnsName\n"
"\t5 - directoryName\n" "\t5 - directoryName\n"
"\t7 - uniformResourceidentifier\n" "\t7 - uniformResourceidentifier\n"
"\t8 - ipAddress\n" "\t8 - ipAddress\n"
"\t9 - registerID\n" "\t9 - registerID\n"
"\tAny other number to finish\n" "\tAny other number to finish\n"
"\t\tChoice:", buffer, sizeof(buffer)) == SECFailure) { "\t\tChoice:", buffer, sizeof(buffer)) == SECFailure) {
GEN_BREAK (SECFailure); GEN_BREAK (SECFailure);
} }
intValue = PORT_Atoi (buffer); intValue = PORT_Atoi (buffer);
@ -306,23 +306,23 @@ GetGeneralName (PRArenaPool *arena)
case certURI: case certURI:
case certIPAddress: case certIPAddress:
case certRegisterID: case certRegisterID:
break; break;
default: default:
intValue = 0; /* force a break for anything else */ intValue = 0; /* force a break for anything else */
} }
if (intValue == 0) if (intValue == 0)
break; break;
if (namesList == NULL) { if (namesList == NULL) {
namesList = current = tail = namesList = current = tail =
PORT_ArenaZNew(arena, CERTGeneralName); PORT_ArenaZNew(arena, CERTGeneralName);
} else { } else {
current = PORT_ArenaZNew(arena, CERTGeneralName); current = PORT_ArenaZNew(arena, CERTGeneralName);
} }
if (current == NULL) { if (current == NULL) {
GEN_BREAK (SECFailure); GEN_BREAK (SECFailure);
} }
current->type = intValue; current->type = intValue;
puts ("\nEnter data:"); puts ("\nEnter data:");
@ -368,22 +368,22 @@ GetGeneralName (PRArenaPool *arena)
} }
case certDirectoryName: case certDirectoryName:
{ {
CERTName *directoryName = NULL; CERTName *directoryName = NULL;
directoryName = CERT_AsciiToName (buffer); directoryName = CERT_AsciiToName (buffer);
if (!directoryName) { if (!directoryName) {
fprintf(stderr, "certutil: improperly formatted name: " fprintf(stderr, "certutil: improperly formatted name: "
"\"%s\"\n", buffer); "\"%s\"\n", buffer);
break; break;
} }
rv = CERT_CopyName (arena, &current->name.directoryName, rv = CERT_CopyName (arena, &current->name.directoryName,
directoryName); directoryName);
CERT_DestroyName (directoryName); CERT_DestroyName (directoryName);
break; break;
} }
} }
if (rv != SECSuccess) if (rv != SECSuccess)
break; break;
@ -447,7 +447,7 @@ AddKeyUsage (void *extHandle)
PRBool yesNoAns; PRBool yesNoAns;
while (1) { while (1) {
if (PrintChoicesAndGetAnswer( if (PrintChoicesAndGetAnswer(
"\t\t0 - Digital Signature\n" "\t\t0 - Digital Signature\n"
"\t\t1 - Non-repudiation\n" "\t\t1 - Non-repudiation\n"
"\t\t2 - Key encipherment\n" "\t\t2 - Key encipherment\n"
@ -829,8 +829,8 @@ AddBasicConstraint(void *extHandle)
yesNoAns = GetYesNo ("Is this a critical extension [y/N]?"); yesNoAns = GetYesNo ("Is this a critical extension [y/N]?");
rv = SECU_EncodeAndAddExtensionValue(NULL, extHandle, rv = SECU_EncodeAndAddExtensionValue(NULL, extHandle,
&basicConstraint, yesNoAns, SEC_OID_X509_BASIC_CONSTRAINTS, &basicConstraint, yesNoAns, SEC_OID_X509_BASIC_CONSTRAINTS,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeBasicConstraintValue); (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeBasicConstraintValue);
} while (0); } while (0);
return (rv); return (rv);
@ -878,8 +878,8 @@ AddAuthKeyID (void *extHandle)
yesNoAns = GetYesNo ("Is this a critical extension [y/N]?"); yesNoAns = GetYesNo ("Is this a critical extension [y/N]?");
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, rv = SECU_EncodeAndAddExtensionValue(arena, extHandle,
authKeyID, yesNoAns, SEC_OID_X509_AUTH_KEY_ID, authKeyID, yesNoAns, SEC_OID_X509_AUTH_KEY_ID,
(EXTEN_EXT_VALUE_ENCODER) CERT_EncodeAuthKeyID); (EXTEN_EXT_VALUE_ENCODER) CERT_EncodeAuthKeyID);
if (rv) if (rv)
break; break;
@ -915,8 +915,8 @@ AddSubjKeyID (void *extHandle)
yesNoAns = GetYesNo ("Is this a critical extension [y/N]?"); yesNoAns = GetYesNo ("Is this a critical extension [y/N]?");
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, rv = SECU_EncodeAndAddExtensionValue(arena, extHandle,
&keyID, yesNoAns, SEC_OID_X509_SUBJECT_KEY_ID, &keyID, yesNoAns, SEC_OID_X509_SUBJECT_KEY_ID,
(EXTEN_EXT_VALUE_ENCODER) CERT_EncodeSubjectKeyID); (EXTEN_EXT_VALUE_ENCODER) CERT_EncodeSubjectKeyID);
if (rv) if (rv)
break; break;
@ -954,8 +954,8 @@ AddCrlDistPoint(void *extHandle)
"\t1 - Full Name\n\t2 - Relative Name\n\tAny other " "\t1 - Full Name\n\t2 - Relative Name\n\tAny other "
"number to finish\n\t\tChoice: ", "number to finish\n\t\tChoice: ",
buffer, sizeof(buffer)) == SECFailure) { buffer, sizeof(buffer)) == SECFailure) {
GEN_BREAK (SECFailure); GEN_BREAK (SECFailure);
} }
intValue = PORT_Atoi (buffer); intValue = PORT_Atoi (buffer);
switch (intValue) { switch (intValue) {
case generalName: case generalName:
@ -1043,8 +1043,8 @@ AddCrlDistPoint(void *extHandle)
/* Add null to the end to mark end of data */ /* Add null to the end to mark end of data */
crlDistPoints->distPoints = crlDistPoints->distPoints =
PORT_ArenaGrow(arena, crlDistPoints->distPoints, PORT_ArenaGrow(arena, crlDistPoints->distPoints,
sizeof (*crlDistPoints->distPoints) * count, sizeof (*crlDistPoints->distPoints) * count,
sizeof (*crlDistPoints->distPoints) *(count + 1)); sizeof (*crlDistPoints->distPoints) *(count + 1));
crlDistPoints->distPoints[count] = NULL; crlDistPoints->distPoints[count] = NULL;
break; break;
} }
@ -1056,8 +1056,8 @@ AddCrlDistPoint(void *extHandle)
PRBool yesNoAns = GetYesNo ("Is this a critical extension [y/N]?"); PRBool yesNoAns = GetYesNo ("Is this a critical extension [y/N]?");
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, rv = SECU_EncodeAndAddExtensionValue(arena, extHandle,
crlDistPoints, yesNoAns, SEC_OID_X509_CRL_DIST_POINTS, crlDistPoints, yesNoAns, SEC_OID_X509_CRL_DIST_POINTS,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCRLDistributionPoints); (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCRLDistributionPoints);
} }
if (arena) if (arena)
PORT_FreeArena (arena, PR_FALSE); PORT_FreeArena (arena, PR_FALSE);
@ -1098,7 +1098,7 @@ AddPolicyConstraints(void *extHandle)
if (PORT_Strlen(buffer)) { if (PORT_Strlen(buffer)) {
value = PORT_Atoi(buffer); value = PORT_Atoi(buffer);
if (value < 0) { if (value < 0) {
goto loser; goto loser;
} }
item = &policyConstr->explicitPolicySkipCerts; item = &policyConstr->explicitPolicySkipCerts;
@ -1111,14 +1111,14 @@ AddPolicyConstraints(void *extHandle)
if (PrintChoicesAndGetAnswer("for inihibitPolicyMapping enter " if (PrintChoicesAndGetAnswer("for inihibitPolicyMapping enter "
"the number of certs in path\n" "the number of certs in path\n"
"after which policy mapping is not allowed\n" "after which policy mapping is not allowed\n"
"(press Enter to omit)", buffer, sizeof(buffer)) == SECFailure) { "(press Enter to omit)", buffer, sizeof(buffer)) == SECFailure) {
goto loser; goto loser;
} }
if (PORT_Strlen(buffer)) { if (PORT_Strlen(buffer)) {
value = PORT_Atoi(buffer); value = PORT_Atoi(buffer);
if (value < 0) { if (value < 0) {
goto loser; goto loser;
} }
item = &policyConstr->inhibitMappingSkipCerts; item = &policyConstr->inhibitMappingSkipCerts;
@ -1134,12 +1134,12 @@ AddPolicyConstraints(void *extHandle)
yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, policyConstr, rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, policyConstr,
yesNoAns, SEC_OID_X509_POLICY_CONSTRAINTS, yesNoAns, SEC_OID_X509_POLICY_CONSTRAINTS,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyConstraintsExtension); (EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyConstraintsExtension);
} else { } else {
fprintf(stdout, "Policy Constraint extensions must contain " fprintf(stdout, "Policy Constraint extensions must contain "
"at least one policy field\n"); "at least one policy field\n");
rv = SECFailure; rv = SECFailure;
} }
loser: loser:
@ -1188,8 +1188,8 @@ AddInhibitAnyPolicy(void *extHandle)
yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &certInhibitAny, rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &certInhibitAny,
yesNoAns, SEC_OID_X509_INHIBIT_ANY_POLICY, yesNoAns, SEC_OID_X509_INHIBIT_ANY_POLICY,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInhibitAnyExtension); (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInhibitAnyExtension);
loser: loser:
if (arena) { if (arena) {
PORT_FreeArena (arena, PR_FALSE); PORT_FreeArena (arena, PR_FALSE);
@ -1280,8 +1280,8 @@ AddPolicyMappings(void *extHandle)
mappings.arena = arena; mappings.arena = arena;
mappings.policyMaps = policyMapArr; mappings.policyMaps = policyMapArr;
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &mappings, rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &mappings,
yesNoAns, SEC_OID_X509_POLICY_MAPPINGS, yesNoAns, SEC_OID_X509_POLICY_MAPPINGS,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyMappingExtension); (EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyMappingExtension);
} }
if (arena) if (arena)
PORT_FreeArena (arena, PR_FALSE); PORT_FreeArena (arena, PR_FALSE);
@ -1332,16 +1332,16 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID)
oid = SECOID_FindOIDByTag(SEC_OID_PKIX_CPS_POINTER_QUALIFIER); oid = SECOID_FindOIDByTag(SEC_OID_PKIX_CPS_POINTER_QUALIFIER);
if (PrintChoicesAndGetAnswer("Enter CPS pointer URI: ", if (PrintChoicesAndGetAnswer("Enter CPS pointer URI: ",
buffer, sizeof(buffer)) == SECFailure) { buffer, sizeof(buffer)) == SECFailure) {
GEN_BREAK (SECFailure); GEN_BREAK (SECFailure);
} }
input.len = PORT_Strlen(buffer); input.len = PORT_Strlen(buffer);
input.data = (void*)PORT_ArenaStrdup(arena, buffer); input.data = (void*)PORT_ArenaStrdup(arena, buffer);
if (input.data == NULL || if (input.data == NULL ||
SEC_ASN1EncodeItem(arena, &current->qualifierValue, &input, SEC_ASN1EncodeItem(arena, &current->qualifierValue, &input,
SEC_ASN1_GET(SEC_IA5StringTemplate)) == NULL) { SEC_ASN1_GET(SEC_IA5StringTemplate)) == NULL) {
GEN_BREAK (SECFailure); GEN_BREAK (SECFailure);
} }
break; break;
} }
case userNotice: { case userNotice: {
@ -1356,7 +1356,7 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID)
if (GetYesNo("\t add a User Notice reference? [y/N]")) { if (GetYesNo("\t add a User Notice reference? [y/N]")) {
if (PrintChoicesAndGetAnswer("Enter user organization string: ", if (PrintChoicesAndGetAnswer("Enter user organization string: ",
buffer, sizeof(buffer)) == SECFailure) { buffer, sizeof(buffer)) == SECFailure) {
GEN_BREAK (SECFailure); GEN_BREAK (SECFailure);
} }
@ -1368,9 +1368,9 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID)
noticeNumArr = PORT_ArenaZNewArray(arena, SECItem *, 2); noticeNumArr = PORT_ArenaZNewArray(arena, SECItem *, 2);
if (!noticeNumArr) { if (!noticeNumArr) {
GEN_BREAK (SECFailure); GEN_BREAK (SECFailure);
} }
do { do {
SECItem *noticeNum; SECItem *noticeNum;
@ -1378,34 +1378,34 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID)
noticeNum = PORT_ArenaZNew(arena, SECItem); noticeNum = PORT_ArenaZNew(arena, SECItem);
if (PrintChoicesAndGetAnswer( if (PrintChoicesAndGetAnswer(
"Enter User Notice reference number " "Enter User Notice reference number "
"(or -1 to quit): ", "(or -1 to quit): ",
buffer, sizeof(buffer)) == SECFailure) { buffer, sizeof(buffer)) == SECFailure) {
GEN_BREAK (SECFailure); GEN_BREAK (SECFailure);
} }
intValue = PORT_Atoi(buffer); intValue = PORT_Atoi(buffer);
if (noticeNum == NULL) { if (noticeNum == NULL) {
if (intValue < 0) { if (intValue < 0) {
fprintf(stdout, "a noticeReference must have at " fprintf(stdout, "a noticeReference must have at "
"least one reference number\n"); "least one reference number\n");
GEN_BREAK (SECFailure); GEN_BREAK (SECFailure);
} }
} else { } else {
if (intValue >= 0) { if (intValue >= 0) {
noticeNumArr = PORT_ArenaGrow(arena, noticeNumArr, noticeNumArr = PORT_ArenaGrow(arena, noticeNumArr,
sizeof (current) * inCount, sizeof (current) * inCount,
sizeof (current) *(inCount + 1)); sizeof (current) *(inCount + 1));
if (noticeNumArr == NULL) { if (noticeNumArr == NULL) {
GEN_BREAK (SECFailure); GEN_BREAK (SECFailure);
} }
} else { } else {
break; break;
} }
} }
if (!SEC_ASN1EncodeInteger(arena, noticeNum, intValue)) { if (!SEC_ASN1EncodeInteger(arena, noticeNum, intValue)) {
GEN_BREAK (SECFailure); GEN_BREAK (SECFailure);
} }
noticeNumArr[inCount++] = noticeNum; noticeNumArr[inCount++] = noticeNum;
noticeNumArr[inCount] = NULL; noticeNumArr[inCount] = NULL;
@ -1429,10 +1429,10 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID)
notice->displayText.type = siAsciiString; notice->displayText.type = siAsciiString;
notice->displayText.len = PORT_Strlen(buffer); notice->displayText.len = PORT_Strlen(buffer);
notice->displayText.data = notice->displayText.data =
(void*)PORT_ArenaStrdup(arena, buffer); (void*)PORT_ArenaStrdup(arena, buffer);
if (notice->displayText.data == NULL) { if (notice->displayText.data == NULL) {
GEN_BREAK(SECFailure); GEN_BREAK(SECFailure);
} }
} }
rv = CERT_EncodeUserNotice(arena, notice, &current->qualifierValue); rv = CERT_EncodeUserNotice(arena, notice, &current->qualifierValue);
@ -1445,17 +1445,17 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID)
} }
if (rv == SECFailure || oid == NULL || if (rv == SECFailure || oid == NULL ||
SECITEM_CopyItem(arena, &current->qualifierID, &oid->oid) SECITEM_CopyItem(arena, &current->qualifierID, &oid->oid)
== SECFailure) { == SECFailure) {
GEN_BREAK (SECFailure); GEN_BREAK (SECFailure);
} }
if (!policyQualifArr) { if (!policyQualifArr) {
policyQualifArr = PORT_ArenaZNew(arena, CERTPolicyQualifier *); policyQualifArr = PORT_ArenaZNew(arena, CERTPolicyQualifier *);
} else { } else {
policyQualifArr = PORT_ArenaGrow (arena, policyQualifArr, policyQualifArr = PORT_ArenaGrow (arena, policyQualifArr,
sizeof (current) * count, sizeof (current) * count,
sizeof (current) *(count + 1)); sizeof (current) *(count + 1));
} }
if (policyQualifArr == NULL) { if (policyQualifArr == NULL) {
GEN_BREAK (SECFailure); GEN_BREAK (SECFailure);
} }
@ -1508,15 +1508,15 @@ AddCertPolicies(void *extHandle)
if (PrintChoicesAndGetAnswer("Enter a CertPolicy Object Identifier " if (PrintChoicesAndGetAnswer("Enter a CertPolicy Object Identifier "
"(dotted decimal format)\n" "(dotted decimal format)\n"
"or \"any\" for AnyPolicy:", "or \"any\" for AnyPolicy:",
buffer, sizeof(buffer)) == SECFailure) { buffer, sizeof(buffer)) == SECFailure) {
GEN_BREAK (SECFailure); GEN_BREAK (SECFailure);
} }
if (strncmp(buffer, "any", 3) == 0) { if (strncmp(buffer, "any", 3) == 0) {
/* use string version of X509_CERTIFICATE_POLICIES.anyPolicy */ /* use string version of X509_CERTIFICATE_POLICIES.anyPolicy */
strcpy(buffer, "OID.2.5.29.32.0"); strcpy(buffer, "OID.2.5.29.32.0");
} }
rv = SEC_StringToOID(arena, &current->policyID, buffer, 0); rv = SEC_StringToOID(arena, &current->policyID, buffer, 0);
if (rv == SECFailure) { if (rv == SECFailure) {
@ -1529,10 +1529,10 @@ AddCertPolicies(void *extHandle)
if (!certPoliciesArr) { if (!certPoliciesArr) {
certPoliciesArr = PORT_ArenaZNew(arena, CERTPolicyInfo *); certPoliciesArr = PORT_ArenaZNew(arena, CERTPolicyInfo *);
} else { } else {
certPoliciesArr = PORT_ArenaGrow(arena, certPoliciesArr, certPoliciesArr = PORT_ArenaGrow(arena, certPoliciesArr,
sizeof (current) * count, sizeof (current) * count,
sizeof (current) *(count + 1)); sizeof (current) *(count + 1));
} }
if (certPoliciesArr == NULL) { if (certPoliciesArr == NULL) {
GEN_BREAK (SECFailure); GEN_BREAK (SECFailure);
} }
@ -1562,11 +1562,11 @@ AddCertPolicies(void *extHandle)
policies.policyInfos = certPoliciesArr; policies.policyInfos = certPoliciesArr;
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &policies, rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &policies,
yesNoAns, SEC_OID_X509_CERTIFICATE_POLICIES, yesNoAns, SEC_OID_X509_CERTIFICATE_POLICIES,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCertPoliciesExtension); (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCertPoliciesExtension);
} }
if (arena) if (arena)
PORT_FreeArena(arena, PR_FALSE); PORT_FreeArena(arena, PR_FALSE);
return (rv); return (rv);
} }
@ -1648,7 +1648,7 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert)
} }
if (oid == NULL || if (oid == NULL ||
SECITEM_CopyItem(arena, &current->method, &oid->oid) SECITEM_CopyItem(arena, &current->method, &oid->oid)
== SECFailure) { == SECFailure) {
GEN_BREAK (SECFailure); GEN_BREAK (SECFailure);
} }
@ -1660,10 +1660,10 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert)
if (infoAccArr == NULL) { if (infoAccArr == NULL) {
infoAccArr = PORT_ArenaZNew(arena, CERTAuthInfoAccess *); infoAccArr = PORT_ArenaZNew(arena, CERTAuthInfoAccess *);
} else { } else {
infoAccArr = PORT_ArenaGrow(arena, infoAccArr, infoAccArr = PORT_ArenaGrow(arena, infoAccArr,
sizeof (current) * count, sizeof (current) * count,
sizeof (current) *(count + 1)); sizeof (current) *(count + 1));
} }
if (infoAccArr == NULL) { if (infoAccArr == NULL) {
GEN_BREAK (SECFailure); GEN_BREAK (SECFailure);
} }
@ -1698,8 +1698,8 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert)
oidIdent = SEC_OID_X509_SUBJECT_INFO_ACCESS; oidIdent = SEC_OID_X509_SUBJECT_INFO_ACCESS;
} }
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, infoAccArr, rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, infoAccArr,
yesNoAns, oidIdent, yesNoAns, oidIdent,
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInfoAccessExtension); (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInfoAccessExtension);
} }
if (arena) if (arena)
PORT_FreeArena(arena, PR_FALSE); PORT_FreeArena(arena, PR_FALSE);
@ -1718,18 +1718,18 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
if (extList[ext_keyUsage]) { if (extList[ext_keyUsage]) {
rv = AddKeyUsage(extHandle); rv = AddKeyUsage(extHandle);
if (rv) { if (rv) {
errstring = "KeyUsage"; errstring = "KeyUsage";
break; break;
} }
} }
/* Add extended key usage extension */ /* Add extended key usage extension */
if (extList[ext_extKeyUsage]) { if (extList[ext_extKeyUsage]) {
rv = AddExtKeyUsage(extHandle); rv = AddExtKeyUsage(extHandle);
if (rv) { if (rv) {
errstring = "ExtendedKeyUsage"; errstring = "ExtendedKeyUsage";
break; break;
} }
} }
/* Add basic constraint extension */ /* Add basic constraint extension */
@ -1738,46 +1738,46 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
if (rv) { if (rv) {
errstring = "BasicConstraint"; errstring = "BasicConstraint";
break; break;
} }
} }
if (extList[ext_authorityKeyID]) { if (extList[ext_authorityKeyID]) {
rv = AddAuthKeyID(extHandle); rv = AddAuthKeyID(extHandle);
if (rv) { if (rv) {
errstring = "AuthorityKeyID"; errstring = "AuthorityKeyID";
break; break;
} }
} }
if (extList[ext_subjectKeyID]) { if (extList[ext_subjectKeyID]) {
rv = AddSubjKeyID(extHandle); rv = AddSubjKeyID(extHandle);
if (rv) { if (rv) {
errstring = "SubjectKeyID"; errstring = "SubjectKeyID";
break; break;
} }
} }
if (extList[ext_CRLDistPts]) { if (extList[ext_CRLDistPts]) {
rv = AddCrlDistPoint(extHandle); rv = AddCrlDistPoint(extHandle);
if (rv) { if (rv) {
errstring = "CRLDistPoints"; errstring = "CRLDistPoints";
break; break;
} }
} }
if (extList[ext_NSCertType]) { if (extList[ext_NSCertType]) {
rv = AddNscpCertType(extHandle); rv = AddNscpCertType(extHandle);
if (rv) { if (rv) {
errstring = "NSCertType"; errstring = "NSCertType";
break; break;
} }
} }
if (extList[ext_authInfoAcc] || extList[ext_subjInfoAcc]) { if (extList[ext_authInfoAcc] || extList[ext_subjInfoAcc]) {
rv = AddInfoAccess(extHandle, extList[ext_subjInfoAcc], rv = AddInfoAccess(extHandle, extList[ext_subjInfoAcc],
extList[ext_basicConstraint]); extList[ext_basicConstraint]);
if (rv) { if (rv) {
errstring = "InformationAccess"; errstring = "InformationAccess";
break; break;
} }
} }
@ -1785,7 +1785,7 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
if (extList[ext_certPolicies]) { if (extList[ext_certPolicies]) {
rv = AddCertPolicies(extHandle); rv = AddCertPolicies(extHandle);
if (rv) { if (rv) {
errstring = "Policies"; errstring = "Policies";
break; break;
} }
} }
@ -1793,7 +1793,7 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
if (extList[ext_policyMappings]) { if (extList[ext_policyMappings]) {
rv = AddPolicyMappings(extHandle); rv = AddPolicyMappings(extHandle);
if (rv) { if (rv) {
errstring = "PolicyMappings"; errstring = "PolicyMappings";
break; break;
} }
} }
@ -1801,17 +1801,17 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
if (extList[ext_policyConstr]) { if (extList[ext_policyConstr]) {
rv = AddPolicyConstraints(extHandle); rv = AddPolicyConstraints(extHandle);
if (rv) { if (rv) {
errstring = "PolicyConstraints"; errstring = "PolicyConstraints";
break; break;
} }
} }
if (extList[ext_inhibitAnyPolicy]) { if (extList[ext_inhibitAnyPolicy]) {
rv = AddInhibitAnyPolicy(extHandle); rv = AddInhibitAnyPolicy(extHandle);
if (rv) { if (rv) {
errstring = "InhibitAnyPolicy"; errstring = "InhibitAnyPolicy";
break; break;
} }
} }
if (emailAddrs || dnsNames) { if (emailAddrs || dnsNames) {
@ -1830,18 +1830,18 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
rv |= AddDNSSubjectAlt(arena, &namelist, dnsNames); rv |= AddDNSSubjectAlt(arena, &namelist, dnsNames);
if (rv == SECSuccess) { if (rv == SECSuccess) {
rv = CERT_EncodeAltNameExtension(arena, namelist, &item); rv = CERT_EncodeAltNameExtension(arena, namelist, &item);
if (rv == SECSuccess) { if (rv == SECSuccess) {
rv = CERT_AddExtension(extHandle, rv = CERT_AddExtension(extHandle,
SEC_OID_X509_SUBJECT_ALT_NAME, SEC_OID_X509_SUBJECT_ALT_NAME,
&item, PR_FALSE, PR_TRUE); &item, PR_FALSE, PR_TRUE);
} }
} }
PORT_FreeArena(arena, PR_FALSE); PORT_FreeArena(arena, PR_FALSE);
if (rv) { if (rv) {
errstring = "SubjectAltName"; errstring = "SubjectAltName";
break; break;
} }
} }
} while (0); } while (0);

44
certwatch.c
View File

@ -111,15 +111,15 @@ static char *warn_address = "root";
* Semantics are similar to asctime. * Semantics are similar to asctime.
*/ */
char * AsciiTime(PRTime time) char * AsciiTime(PRTime time)
{ {
PRExplodedTime printable; PRExplodedTime printable;
char *timebuf; char *timebuf;
PR_ExplodeTime(time, PR_GMTParameters, &printable); PR_ExplodeTime(time, PR_GMTParameters, &printable);
timebuf = PORT_Alloc(TIME_BUF_SIZE); timebuf = PORT_Alloc(TIME_BUF_SIZE);
(void) PR_FormatTime(timebuf, TIME_BUF_SIZE, "%a %b %d %H:%M:%S %Y", &printable); (void) PR_FormatTime(timebuf, TIME_BUF_SIZE, "%a %b %d %H:%M:%S %Y", &printable);
if (strlen(timebuf) < TIME_BUF_SIZE) timebuf[strlen(timebuf)] = '\0'; if (strlen(timebuf) < TIME_BUF_SIZE) timebuf[strlen(timebuf)] = '\0';
return (timebuf); return (timebuf);
} }
/* Uses the password passed in the -f(pwfile) argument of the command line. /* Uses the password passed in the -f(pwfile) argument of the command line.
@ -173,19 +173,19 @@ static int warning(FILE *out, const char *filename, const char *hostname,
/* Note that filename can be the cert nickname. */ /* Note that filename can be the cert nickname. */
int renew = 1; int renew = 1;
char subj[50]; char subj[50];
PRTime prtimeDiff; PRTime prtimeDiff;
LL_SUB(prtimeDiff, end, start); LL_SUB(prtimeDiff, end, start);
if ( LL_CMP(start, >, now) ) { if ( LL_CMP(start, >, now) ) {
strcpy(subj, "is not yet valid"); strcpy(subj, "is not yet valid");
renew = 0; renew = 0;
} else if (LL_EQ(now, end)) { } else if (LL_EQ(now, end)) {
strcpy(subj, "will expire today"); strcpy(subj, "will expire today");
} else if (LL_EQ(prtimeDiff, 1)) { } else if (LL_EQ(prtimeDiff, 1)) {
sprintf(subj, "will expire tomorrow"); sprintf(subj, "will expire tomorrow");
} else if (LL_CMP(prtimeDiff, <, warn_period)) { } else if (LL_CMP(prtimeDiff, <, warn_period)) {
sprintf(subj, "will expire on %s", AsciiTime(end)); sprintf(subj, "will expire on %s", AsciiTime(end));
{ {
int days; /* days till expiry */ int days; /* days till expiry */
LL_L2I(days, prtimeDiff); LL_L2I(days, prtimeDiff);
@ -276,8 +276,8 @@ static int check_cert(const char *name, int byNickname, int quiet)
/* parse the cert */ /* parse the cert */
cert = byNickname cert = byNickname
? CERT_FindCertByNickname(CERT_GetDefaultCertDB(), (char *)name) ? CERT_FindCertByNickname(CERT_GetDefaultCertDB(), (char *)name)
: PEMUTIL_PEM_read_X509(name); : PEMUTIL_PEM_read_X509(name);
if (cert == NULL) return -1; if (cert == NULL) return -1;
/* determine the validity period of the cert. */ /* determine the validity period of the cert. */
@ -304,7 +304,7 @@ cleanup:
if (!doWarning) return -1; if (!doWarning) return -1;
return warning(stdout, name, cname, validity, return warning(stdout, name, cname, validity,
notBefore, notAfter, PR_Now(), quiet); notBefore, notAfter, PR_Now(), quiet);
} }
int main(int argc, char **argv) int main(int argc, char **argv)
@ -375,16 +375,16 @@ int main(int argc, char **argv)
PK11_SetPasswordFunc(GetModulePassword); PK11_SetPasswordFunc(GetModulePassword);
} }
} else { } else {
/* cert in a pem file */ /* cert in a pem file */
char *certDir = getenv("SSL_DIR"); /* Look in $SSL_DIR */ char *certDir = getenv("SSL_DIR"); /* Look in $SSL_DIR */
if (!certDir) { if (!certDir) {
certDir = "/etc/pki/nssdb"; certDir = "/etc/pki/nssdb";
} }
if (NSS_Initialize(certDir, certDBPrefix, keyDBPrefix, if (NSS_Initialize(certDir, certDBPrefix, keyDBPrefix,
SECMOD_DB, NSS_INIT_READONLY) != SECSuccess) { SECMOD_DB, NSS_INIT_READONLY) != SECSuccess) {
printf("NSS_Init(\"%s\") failed\n", certDir); printf("NSS_Init(\"%s\") failed\n", certDir);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
} }
/* When byNickname is 1 argv[optind] is a nickname otherwise a filename. */ /* When byNickname is 1 argv[optind] is a nickname otherwise a filename. */

1545
keyutil.c
View File

File diff suppressed because it is too large Load Diff

4
keyutil.h
View File

@ -65,7 +65,7 @@
* ***** END LICENSE BLOCK ***** */ * ***** END LICENSE BLOCK ***** */
#ifndef _KEYUTIL_H #ifndef _KEYUTIL_H
#define _KEYUTIL_H #define _KEYUTIL_H
#include "secutil.h" #include "secutil.h"
@ -94,5 +94,5 @@ extern SECStatus
AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
certutilExtnList extList); certutilExtnList extList);
#endif /* _KEYUTIL_H */ #endif /* _KEYUTIL_H */

100
pemutil.c
View File

@ -85,7 +85,7 @@
*/ */
extern CERTCertificate * extern CERTCertificate *
__CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert, __CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
char *nickname, PRBool isperm, PRBool copyDER); char *nickname, PRBool isperm, PRBool copyDER);
#define CERT_NewTempCertificate __CERT_NewTempCertificate #define CERT_NewTempCertificate __CERT_NewTempCertificate
@ -109,13 +109,13 @@ static SECStatus FileToItem(SECItem *dst, PRFileDesc *src)
prStatus = PR_GetOpenFileInfo(src, &info); prStatus = PR_GetOpenFileInfo(src, &info);
if (prStatus != PR_SUCCESS) { if (prStatus != PR_SUCCESS) {
return SECFailure; return SECFailure;
} }
/* XXX workaround for 3.1, not all utils zero dst before sending */ /* XXX workaround for 3.1, not all utils zero dst before sending */
dst->data = 0; dst->data = 0;
if (!SECITEM_AllocItem(NULL, dst, info.size)) if (!SECITEM_AllocItem(NULL, dst, info.size))
goto loser; goto loser;
numBytes = PR_Read(src, dst->data, info.size); numBytes = PR_Read(src, dst->data, info.size);
if (numBytes != info.size) if (numBytes != info.size)
@ -135,52 +135,52 @@ static SECStatus ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii)
{ {
SECStatus rv; SECStatus rv;
if (ascii) { if (ascii) {
/* First convert ascii to binary */ /* First convert ascii to binary */
SECItem filedata; SECItem filedata;
char *asc, *body; char *asc, *body;
/* Read in ascii data */ /* Read in ascii data */
rv = FileToItem(&filedata, inFile); rv = FileToItem(&filedata, inFile);
asc = (char *)filedata.data; asc = (char *)filedata.data;
if (!asc) { if (!asc) {
return SECFailure; return SECFailure;
} }
/* check for headers and trailers and remove them */ /* check for headers and trailers and remove them */
if ((body = strstr(asc, "-----BEGIN")) != NULL) { if ((body = strstr(asc, "-----BEGIN")) != NULL) {
char *trailer = NULL; char *trailer = NULL;
asc = body; asc = body;
body = PORT_Strchr(body, '\n'); body = PORT_Strchr(body, '\n');
if (!body) if (!body)
body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */ body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */
if (body) if (body)
trailer = strstr(++body, "-----END"); trailer = strstr(++body, "-----END");
if (trailer != NULL) { if (trailer != NULL) {
*trailer = '\0'; *trailer = '\0';
} else { } else {
/*printf("input has header but no trailer\n");*/ /*printf("input has header but no trailer\n");*/
PORT_Free(filedata.data); PORT_Free(filedata.data);
return SECFailure; return SECFailure;
} }
} else { } else {
body = asc; body = asc;
} }
/* Convert to binary */ /* Convert to binary */
rv = ATOB_ConvertAsciiToItem(der, body); rv = ATOB_ConvertAsciiToItem(der, body);
if (rv) { if (rv) {
/* printf("ATOB_ConvertAsciiToItem failed\n");*/ /* printf("ATOB_ConvertAsciiToItem failed\n");*/
PORT_Free(filedata.data); PORT_Free(filedata.data);
return SECFailure; return SECFailure;
} }
PORT_Free(filedata.data); PORT_Free(filedata.data);
} else { } else {
/* Read in binary der */ /* Read in binary der */
rv = FileToItem(der, inFile); rv = FileToItem(der, inFile);
if (rv) { if (rv) {
return SECFailure; return SECFailure;
} }
} }
return SECSuccess; return SECSuccess;
} }
@ -202,11 +202,11 @@ PEMUTIL_PEM_read_X509(const char *filename)
/* Read in a DER from a file, it is ascii */ /* Read in a DER from a file, it is ascii */
if (SECSuccess != ReadDERFromFile(&derCert, fd, PR_TRUE)) if (SECSuccess != ReadDERFromFile(&derCert, fd, PR_TRUE))
goto cleanup; goto cleanup;
/* create a temporary cert in the database */ /* create a temporary cert in the database */
cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
&derCert, NULL, PR_FALSE, PR_FALSE); &derCert, NULL, PR_FALSE, PR_FALSE);
/* noNickname, notPerm, noCopy */ /* noNickname, notPerm, noCopy */
cleanup: cleanup:
if (fd) PR_Close(fd); if (fd) PR_Close(fd);

6
secerror.c
View File

@ -36,7 +36,7 @@
#include <nspr.h> #include <nspr.h>
struct tuple_str { struct tuple_str {
PRErrorCode errNum; PRErrorCode errNum;
const char * errString; const char * errString;
}; };
@ -89,12 +89,12 @@ SECU_Strerror(PRErrorCode errNum) {
} }
lastNum = num; lastNum = num;
} }
initDone = 1; initDone = 1;
} }
/* Do binary search of table. */ /* Do binary search of table. */
while (low + 1 < high) { while (low + 1 < high) {
i = (low + high) / 2; i = (low + high) / 2;
num = errStrings[i].errNum; num = errStrings[i].errNum;
if (errNum == num) if (errNum == num)
return errStrings[i].errString; return errStrings[i].errString;

282
secutil.c
View File

@ -123,26 +123,26 @@ SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...)
fprintf(out, "%s: ", progName); fprintf(out, "%s: ", progName);
vfprintf(out, msg, args); vfprintf(out, msg, args);
if (errString != NULL && PORT_Strlen(errString) > 0) if (errString != NULL && PORT_Strlen(errString) > 0)
fprintf(out, ": %s\n", errString); fprintf(out, ": %s\n", errString);
else else
fprintf(out, ": error %d\n", (int)err); fprintf(out, ": error %d\n", (int)err);
va_end(args); va_end(args);
} }
void SECU_PrintError(char *progName, char *msg, ...) void SECU_PrintError(char *progName, char *msg, ...)
{ {
SECU_PrintErrMsg(stderr, 0, progName, msg); SECU_PrintErrMsg(stderr, 0, progName, msg);
} }
#define INDENT_MULT 4 #define INDENT_MULT 4
void void
SECU_Indent(FILE *out, int level) SECU_Indent(FILE *out, int level)
{ {
int i; int i;
for (i = 0; i < level; i++) { for (i = 0; i < level; i++) {
fprintf(out, " "); fprintf(out, " ");
} }
} }
@ -162,25 +162,25 @@ SECU_PrintAsHex(FILE *out, SECItem *data, const char *m, int level)
unsigned int limit = 15; unsigned int limit = 15;
if ( m ) { if ( m ) {
SECU_Indent(out, level); fprintf(out, "%s:\n", m); SECU_Indent(out, level); fprintf(out, "%s:\n", m);
level++; level++;
} }
SECU_Indent(out, level); column = level*INDENT_MULT; SECU_Indent(out, level); column = level*INDENT_MULT;
if (!data->len) { if (!data->len) {
fprintf(out, "(empty)\n"); fprintf(out, "(empty)\n");
return; return;
} }
/* take a pass to see if it's all printable. */ /* take a pass to see if it's all printable. */
for (i = 0; i < data->len; i++) { for (i = 0; i < data->len; i++) {
unsigned char val = data->data[i]; unsigned char val = data->data[i];
if (!val || !isprint(val)) { if (!val || !isprint(val)) {
isString = PR_FALSE; isString = PR_FALSE;
break; break;
} }
if (isWhiteSpace && !isspace(val)) { if (isWhiteSpace && !isspace(val)) {
isWhiteSpace = PR_FALSE; isWhiteSpace = PR_FALSE;
} }
} }
/* Short values, such as bit strings (which are printed with this /* Short values, such as bit strings (which are printed with this
@ -191,46 +191,46 @@ SECU_PrintAsHex(FILE *out, SECItem *data, const char *m, int level)
*/ */
if (!isString || data->len <= 4) { if (!isString || data->len <= 4) {
for (i = 0; i < data->len; i++) { for (i = 0; i < data->len; i++) {
if (i != data->len - 1) { if (i != data->len - 1) {
fprintf(out, "%02x:", data->data[i]); fprintf(out, "%02x:", data->data[i]);
column += 3; column += 3;
} else { } else {
fprintf(out, "%02x", data->data[i]); fprintf(out, "%02x", data->data[i]);
column += 2; column += 2;
break; break;
} }
if (column > 76 || (i % 16 == limit)) { if (column > 76 || (i % 16 == limit)) {
secu_Newline(out); secu_Newline(out);
SECU_Indent(out, level); SECU_Indent(out, level);
column = level*INDENT_MULT; column = level*INDENT_MULT;
limit = i % 16; limit = i % 16;
} }
} }
printedHex = PR_TRUE; printedHex = PR_TRUE;
} }
if (isString && !isWhiteSpace) { if (isString && !isWhiteSpace) {
if (printedHex != PR_FALSE) { if (printedHex != PR_FALSE) {
secu_Newline(out); secu_Newline(out);
SECU_Indent(out, level); column = level*INDENT_MULT; SECU_Indent(out, level); column = level*INDENT_MULT;
}
for (i = 0; i < data->len; i++) {
unsigned char val = data->data[i];
if (val) {
fprintf(out,"%c",val);
column++;
} else {
column = 77;
}
if (column > 76) {
secu_Newline(out);
SECU_Indent(out, level); column = level*INDENT_MULT;
}
}
} }
for (i = 0; i < data->len; i++) {
unsigned char val = data->data[i];
if (val) {
fprintf(out,"%c",val);
column++;
} else {
column = 77;
}
if (column > 76) {
secu_Newline(out);
SECU_Indent(out, level); column = level*INDENT_MULT;
}
}
}
if (column != level*INDENT_MULT) { if (column != level*INDENT_MULT) {
secu_Newline(out); secu_Newline(out);
} }
} }
@ -243,21 +243,21 @@ SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level)
oiddata = SECOID_FindOID(oid); oiddata = SECOID_FindOID(oid);
if (oiddata != NULL) { if (oiddata != NULL) {
const char *name = oiddata->desc; const char *name = oiddata->desc;
SECU_Indent(out, level); SECU_Indent(out, level);
if (m != NULL) if (m != NULL)
fprintf(out, "%s: ", m); fprintf(out, "%s: ", m);
fprintf(out, "%s\n", name); fprintf(out, "%s\n", name);
return oiddata->offset; return oiddata->offset;
} }
oidString = CERT_GetOidString(oid); oidString = CERT_GetOidString(oid);
if (oidString) { if (oidString) {
SECU_Indent(out, level); SECU_Indent(out, level);
if (m != NULL) if (m != NULL)
fprintf(out, "%s: ", m); fprintf(out, "%s: ", m);
fprintf(out, "%s\n", oidString); fprintf(out, "%s\n", oidString);
PR_smprintf_free(oidString); PR_smprintf_free(oidString);
return SEC_OID_UNKNOWN; return SEC_OID_UNKNOWN;
} }
SECU_PrintAsHex(out, oid, m, level); SECU_PrintAsHex(out, oid, m, level);
return SEC_OID_UNKNOWN; return SEC_OID_UNKNOWN;
@ -287,29 +287,29 @@ secu_StdinToItem(SECItem *dst)
dst->data = NULL; dst->data = NULL;
while (notDone) { while (notDone) {
numBytes = PR_Read(PR_STDIN, buf, sizeof(buf)); numBytes = PR_Read(PR_STDIN, buf, sizeof(buf));
if (numBytes < 0) { if (numBytes < 0) {
return SECFailure; return SECFailure;
} }
if (numBytes == 0) if (numBytes == 0)
break; break;
if (dst->data) { if (dst->data) {
unsigned char * p = dst->data; unsigned char * p = dst->data;
dst->data = (unsigned char*)PORT_Realloc(p, dst->len + numBytes); dst->data = (unsigned char*)PORT_Realloc(p, dst->len + numBytes);
if (!dst->data) { if (!dst->data) {
PORT_Free(p); PORT_Free(p);
} }
} else { } else {
dst->data = (unsigned char*)PORT_Alloc(numBytes); dst->data = (unsigned char*)PORT_Alloc(numBytes);
} }
if (!dst->data) { if (!dst->data) {
return SECFailure; return SECFailure;
} }
PORT_Memcpy(dst->data + dst->len, buf, numBytes); PORT_Memcpy(dst->data + dst->len, buf, numBytes);
dst->len += numBytes; dst->len += numBytes;
} }
return SECSuccess; return SECSuccess;
@ -323,24 +323,24 @@ SECU_FileToItem(SECItem *dst, PRFileDesc *src)
PRStatus prStatus; PRStatus prStatus;
if (src == PR_STDIN) if (src == PR_STDIN)
return secu_StdinToItem(dst); return secu_StdinToItem(dst);
prStatus = PR_GetOpenFileInfo(src, &info); prStatus = PR_GetOpenFileInfo(src, &info);
if (prStatus != PR_SUCCESS) { if (prStatus != PR_SUCCESS) {
PORT_SetError(SEC_ERROR_IO); PORT_SetError(SEC_ERROR_IO);
return SECFailure; return SECFailure;
} }
/* XXX workaround for 3.1, not all utils zero dst before sending */ /* XXX workaround for 3.1, not all utils zero dst before sending */
dst->data = 0; dst->data = 0;
if (!SECITEM_AllocItem(NULL, dst, info.size)) if (!SECITEM_AllocItem(NULL, dst, info.size))
goto loser; goto loser;
numBytes = PR_Read(src, dst->data, info.size); numBytes = PR_Read(src, dst->data, info.size);
if (numBytes != info.size) { if (numBytes != info.size) {
PORT_SetError(SEC_ERROR_IO); PORT_SetError(SEC_ERROR_IO);
goto loser; goto loser;
} }
return SECSuccess; return SECSuccess;
@ -355,56 +355,56 @@ SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii)
{ {
SECStatus rv; SECStatus rv;
if (ascii) { if (ascii) {
/* First convert ascii to binary */ /* First convert ascii to binary */
SECItem filedata; SECItem filedata;
char *asc, *body; char *asc, *body;
/* Read in ascii data */ /* Read in ascii data */
rv = SECU_FileToItem(&filedata, inFile); rv = SECU_FileToItem(&filedata, inFile);
asc = (char *)filedata.data; asc = (char *)filedata.data;
if (!asc) { if (!asc) {
fprintf(stderr, "unable to read data from input file\n"); fprintf(stderr, "unable to read data from input file\n");
return SECFailure; return SECFailure;
} }
/* check for headers and trailers and remove them */ /* check for headers and trailers and remove them */
if ((body = strstr(asc, "-----BEGIN")) != NULL) { if ((body = strstr(asc, "-----BEGIN")) != NULL) {
char *trailer = NULL; char *trailer = NULL;
asc = body; asc = body;
body = PORT_Strchr(body, '\n'); body = PORT_Strchr(body, '\n');
if (!body) if (!body)
body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */ body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */
if (body) if (body)
trailer = strstr(++body, "-----END"); trailer = strstr(++body, "-----END");
if (trailer != NULL) { if (trailer != NULL) {
*trailer = '\0'; *trailer = '\0';
} else { } else {
fprintf(stderr, "input has header but no trailer\n"); fprintf(stderr, "input has header but no trailer\n");
PORT_Free(filedata.data); PORT_Free(filedata.data);
return SECFailure; return SECFailure;
} }
} else {
body = asc;
}
/* Convert to binary */
rv = ATOB_ConvertAsciiToItem(der, body);
if (rv) {
fprintf(stderr, "error converting ascii to binary (%d)\n",
PORT_GetError());
PORT_Free(filedata.data);
return SECFailure;
}
PORT_Free(filedata.data);
} else { } else {
/* Read in binary der */ body = asc;
rv = SECU_FileToItem(der, inFile); }
if (rv) {
fprintf(stderr, "error converting der (%d)\n", /* Convert to binary */
PORT_GetError()); rv = ATOB_ConvertAsciiToItem(der, body);
return SECFailure; if (rv) {
} fprintf(stderr, "error converting ascii to binary (%d)\n",
PORT_GetError());
PORT_Free(filedata.data);
return SECFailure;
}
PORT_Free(filedata.data);
} else {
/* Read in binary der */
rv = SECU_FileToItem(der, inFile);
if (rv) {
fprintf(stderr, "error converting der (%d)\n",
PORT_GetError());
return SECFailure;
}
} }
return SECSuccess; return SECSuccess;
} }
@ -440,12 +440,12 @@ void
SECU_SECItemToHex(const SECItem * item, char * dst) SECU_SECItemToHex(const SECItem * item, char * dst)
{ {
if (dst && item && item->data) { if (dst && item && item->data) {
unsigned char * src = item->data; unsigned char * src = item->data;
unsigned int len = item->len; unsigned int len = item->len;
for (; len > 0; --len, dst += 2) { for (; len > 0; --len, dst += 2) {
sprintf(dst, "%02x", *src++); sprintf(dst, "%02x", *src++);
} }
*dst = '\0'; *dst = '\0';
} }
} }

62
secutil.h
View File

@ -46,12 +46,12 @@
#include <secder.h> #include <secder.h>
#include <stdio.h> #include <stdio.h>
#define SEC_CT_PRIVATE_KEY "private-key" #define SEC_CT_PRIVATE_KEY "private-key"
#define SEC_CT_PUBLIC_KEY "public-key" #define SEC_CT_PUBLIC_KEY "public-key"
#define SEC_CT_CERTIFICATE "certificate" #define SEC_CT_CERTIFICATE "certificate"
#define SEC_CT_CERTIFICATE_REQUEST "certificate-request" #define SEC_CT_CERTIFICATE_REQUEST "certificate-request"
#define SEC_CT_PKCS7 "pkcs7" #define SEC_CT_PKCS7 "pkcs7"
#define SEC_CT_CRL "crl" #define SEC_CT_CRL "crl"
#define NS_CERTREQ_HEADER "-----BEGIN NEW CERTIFICATE REQUEST-----" #define NS_CERTREQ_HEADER "-----BEGIN NEW CERTIFICATE REQUEST-----"
#define NS_CERTREQ_TRAILER "-----END NEW CERTIFICATE REQUEST-----" #define NS_CERTREQ_TRAILER "-----END NEW CERTIFICATE REQUEST-----"
@ -64,7 +64,7 @@
/* From libsec/pcertdb.c --- it's not declared in sec.h */ /* From libsec/pcertdb.c --- it's not declared in sec.h */
extern SECStatus SEC_AddPermCertificate(CERTCertDBHandle *handle, extern SECStatus SEC_AddPermCertificate(CERTCertDBHandle *handle,
SECItem *derCert, char *nickname, CERTCertTrust *trust); SECItem *derCert, char *nickname, CERTCertTrust *trust);
#ifdef SECUTIL_NEW #ifdef SECUTIL_NEW
@ -76,10 +76,10 @@ typedef int (*SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level);
typedef struct { typedef struct {
enum { enum {
PW_NONE = 0, PW_NONE = 0,
PW_FROMFILE = 1, PW_FROMFILE = 1,
PW_PLAINTEXT = 2, PW_PLAINTEXT = 2,
PW_EXTERNAL = 3 PW_EXTERNAL = 3
} source; } source;
char *data; char *data;
} secuPWData; } secuPWData;
@ -123,7 +123,7 @@ extern PRBool SEC_BlindCheckPassword(char *password);
** The password is then checked using "chkpw". ** The password is then checked using "chkpw".
*/ */
extern char *SEC_GetPassword(FILE *in, FILE *out, char *msg, extern char *SEC_GetPassword(FILE *in, FILE *out, char *msg,
PRBool (*chkpw)(char *)); PRBool (*chkpw)(char *));
char *SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg); char *SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg);
@ -165,9 +165,9 @@ extern char *SECU_ConfigDirectory(const char* base);
*/ */
extern int extern int
SECU_GetClientAuthData(void *arg, PRFileDesc *fd, SECU_GetClientAuthData(void *arg, PRFileDesc *fd,
struct CERTDistNamesStr *caNames, struct CERTDistNamesStr *caNames,
struct CERTCertificateStr **pRetCert, struct CERTCertificateStr **pRetCert,
struct SECKEYPrivateKeyStr **pRetKey); struct SECKEYPrivateKeyStr **pRetKey);
/* print out an error message */ /* print out an error message */
extern void SECU_PrintError(char *progName, char *msg, ...); extern void SECU_PrintError(char *progName, char *msg, ...);
@ -182,15 +182,15 @@ extern const char * SECU_Strerror(PRErrorCode errNum);
* failure at time == now */ * failure at time == now */
extern void extern void
SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle, SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle,
CERTCertificate *cert, PRBool checksig, CERTCertificate *cert, PRBool checksig,
SECCertificateUsage certUsage, void *pinArg, PRBool verbose); SECCertificateUsage certUsage, void *pinArg, PRBool verbose);
/* revalidate the cert and print information about cert verification /* revalidate the cert and print information about cert verification
* failure at specified time */ * failure at specified time */
extern void extern void
SECU_printCertProblemsOnDate(FILE *outfile, CERTCertDBHandle *handle, SECU_printCertProblemsOnDate(FILE *outfile, CERTCertDBHandle *handle,
CERTCertificate *cert, PRBool checksig, SECCertificateUsage certUsage, CERTCertificate *cert, PRBool checksig, SECCertificateUsage certUsage,
void *pinArg, PRBool verbose, PRTime datetime); void *pinArg, PRBool verbose, PRTime datetime);
/* print out CERTVerifyLog info. */ /* print out CERTVerifyLog info. */
extern void extern void
@ -216,7 +216,7 @@ extern SECOidTag SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level)
/* Print AlgorithmIdentifier symbolically */ /* Print AlgorithmIdentifier symbolically */
extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m, extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m,
int level); int level);
/* Print SECItem as hex */ /* Print SECItem as hex */
extern void SECU_PrintAsHex(FILE *out, SECItem *i, const char *m, int level); extern void SECU_PrintAsHex(FILE *out, SECItem *i, const char *m, int level);
@ -237,7 +237,7 @@ extern void SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level);
* afterward; otherwise just print the formatted time string only. * afterward; otherwise just print the formatted time string only.
*/ */
extern void SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m, extern void SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m,
int level); int level);
/* /*
* Format and print the UTC or Generalized Time "t". If the tag message * Format and print the UTC or Generalized Time "t". If the tag message
@ -259,7 +259,7 @@ int SECU_CheckCertNameExists(CERTCertDBHandle *handle, char *nickname);
/* Dump contents of cert req */ /* Dump contents of cert req */
extern int SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, extern int SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m,
int level); int level);
/* Dump contents of certificate */ /* Dump contents of certificate */
extern int SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level); extern int SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level);
@ -285,14 +285,14 @@ extern int SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m,
/* Pretty-print any PKCS7 thing */ /* Pretty-print any PKCS7 thing */
extern int SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m, extern int SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m,
int level); int level);
/* Init PKCS11 stuff */ /* Init PKCS11 stuff */
extern SECStatus SECU_PKCS11Init(PRBool readOnly); extern SECStatus SECU_PKCS11Init(PRBool readOnly);
/* Dump contents of signed data */ /* Dump contents of signed data */
extern int SECU_PrintSignedData(FILE *out, SECItem *der, char *m, int level, extern int SECU_PrintSignedData(FILE *out, SECItem *der, char *m, int level,
SECU_PPFunc inner); SECU_PPFunc inner);
/* Print cert data and its trust flags */ /* Print cert data and its trust flags */
extern SECStatus SEC_PrintCertificateAndTrust(CERTCertificate *cert, extern SECStatus SEC_PrintCertificateAndTrust(CERTCertificate *cert,
@ -312,7 +312,7 @@ extern void SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value,
char *msg, int level); char *msg, int level);
extern void SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions, extern void SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
char *msg, int level); char *msg, int level);
extern void SECU_PrintName(FILE *out, CERTName *name, char *msg, int level); extern void SECU_PrintName(FILE *out, CERTName *name, char *msg, int level);
@ -347,12 +347,12 @@ extern SECStatus SECU_StoreCRL(PK11SlotInfo *slot, SECItem *derCrl,
** MD5 hashing algorithm. This routine first computes a digital signature ** MD5 hashing algorithm. This routine first computes a digital signature
** using SEC_SignData, then wraps it with an CERTSignedData and then der ** using SEC_SignData, then wraps it with an CERTSignedData and then der
** encodes the result. ** encodes the result.
** "arena" is the memory arena to use to allocate data from ** "arena" is the memory arena to use to allocate data from
** "sd" returned CERTSignedData ** "sd" returned CERTSignedData
** "result" the final der encoded data (memory is allocated) ** "result" the final der encoded data (memory is allocated)
** "buf" the input data to sign ** "buf" the input data to sign
** "len" the amount of data to sign ** "len" the amount of data to sign
** "pk" the private key to encrypt with ** "pk" the private key to encrypt with
*/ */
extern SECStatus SECU_DerSignDataCRL(PRArenaPool *arena, CERTSignedData *sd, extern SECStatus SECU_DerSignDataCRL(PRArenaPool *arena, CERTSignedData *sd,
unsigned char *buf, int len, unsigned char *buf, int len,
@ -436,7 +436,7 @@ typedef struct
/* fill the "arg" and "activated" fields for each flag */ /* fill the "arg" and "activated" fields for each flag */
SECStatus SECStatus
SECU_ParseCommandLine(int argc, char **argv, char *progName, SECU_ParseCommandLine(int argc, char **argv, char *progName,
const secuCommand *cmd); const secuCommand *cmd);
char * char *
SECU_GetOptionArg(const secuCommand *cmd, int optionNum); SECU_GetOptionArg(const secuCommand *cmd, int optionNum);