Coverted tabs to spaces
This commit is contained in:
parent
deb8b0e9e2
commit
eff035f7f8
106
NSPRerrs.h
106
NSPRerrs.h
|
@ -36,43 +36,43 @@
|
|||
/* General NSPR 2.0 errors */
|
||||
/* Caller must #include "<rerror.h> */
|
||||
|
||||
ER2( PR_OUT_OF_MEMORY_ERROR, "Memory allocation attempt failed." )
|
||||
ER2( PR_BAD_DESCRIPTOR_ERROR, "Invalid file descriptor." )
|
||||
ER2( PR_WOULD_BLOCK_ERROR, "The operation would have blocked." )
|
||||
ER2( PR_ACCESS_FAULT_ERROR, "Invalid memory address argument." )
|
||||
ER2( PR_INVALID_METHOD_ERROR, "Invalid function for file type." )
|
||||
ER2( PR_ILLEGAL_ACCESS_ERROR, "Invalid memory address argument." )
|
||||
ER2( PR_UNKNOWN_ERROR, "Some unknown error has occurred." )
|
||||
ER2( PR_OUT_OF_MEMORY_ERROR, "Memory allocation attempt failed." )
|
||||
ER2( PR_BAD_DESCRIPTOR_ERROR, "Invalid file descriptor." )
|
||||
ER2( PR_WOULD_BLOCK_ERROR, "The operation would have blocked." )
|
||||
ER2( PR_ACCESS_FAULT_ERROR, "Invalid memory address argument." )
|
||||
ER2( PR_INVALID_METHOD_ERROR, "Invalid function for file type." )
|
||||
ER2( PR_ILLEGAL_ACCESS_ERROR, "Invalid memory address argument." )
|
||||
ER2( PR_UNKNOWN_ERROR, "Some unknown error has occurred." )
|
||||
ER2( PR_PENDING_INTERRUPT_ERROR,"Operation interrupted by another thread." )
|
||||
ER2( PR_NOT_IMPLEMENTED_ERROR, "function not implemented." )
|
||||
ER2( PR_IO_ERROR, "I/O function error." )
|
||||
ER2( PR_IO_TIMEOUT_ERROR, "I/O operation timed out." )
|
||||
ER2( PR_IO_PENDING_ERROR, "I/O operation on busy file descriptor." )
|
||||
ER2( PR_DIRECTORY_OPEN_ERROR, "The directory could not be opened." )
|
||||
ER2( PR_NOT_IMPLEMENTED_ERROR, "function not implemented." )
|
||||
ER2( PR_IO_ERROR, "I/O function error." )
|
||||
ER2( PR_IO_TIMEOUT_ERROR, "I/O operation timed out." )
|
||||
ER2( PR_IO_PENDING_ERROR, "I/O operation on busy file descriptor." )
|
||||
ER2( PR_DIRECTORY_OPEN_ERROR, "The directory could not be opened." )
|
||||
ER2( PR_INVALID_ARGUMENT_ERROR, "Invalid function argument." )
|
||||
ER2( PR_ADDRESS_NOT_AVAILABLE_ERROR, "Network address not available (in use?)." )
|
||||
ER2( PR_ADDRESS_NOT_SUPPORTED_ERROR, "Network address type not supported." )
|
||||
ER2( PR_IS_CONNECTED_ERROR, "Already connected." )
|
||||
ER2( PR_BAD_ADDRESS_ERROR, "Network address is invalid." )
|
||||
ER2( PR_ADDRESS_IN_USE_ERROR, "Local Network address is in use." )
|
||||
ER2( PR_CONNECT_REFUSED_ERROR, "Connection refused by peer." )
|
||||
ER2( PR_IS_CONNECTED_ERROR, "Already connected." )
|
||||
ER2( PR_BAD_ADDRESS_ERROR, "Network address is invalid." )
|
||||
ER2( PR_ADDRESS_IN_USE_ERROR, "Local Network address is in use." )
|
||||
ER2( PR_CONNECT_REFUSED_ERROR, "Connection refused by peer." )
|
||||
ER2( PR_NETWORK_UNREACHABLE_ERROR, "Network address is presently unreachable." )
|
||||
ER2( PR_CONNECT_TIMEOUT_ERROR, "Connection attempt timed out." )
|
||||
ER2( PR_NOT_CONNECTED_ERROR, "Network file descriptor is not connected." )
|
||||
ER2( PR_LOAD_LIBRARY_ERROR, "Failure to load dynamic library." )
|
||||
ER2( PR_UNLOAD_LIBRARY_ERROR, "Failure to unload dynamic library." )
|
||||
ER2( PR_FIND_SYMBOL_ERROR,
|
||||
ER2( PR_CONNECT_TIMEOUT_ERROR, "Connection attempt timed out." )
|
||||
ER2( PR_NOT_CONNECTED_ERROR, "Network file descriptor is not connected." )
|
||||
ER2( PR_LOAD_LIBRARY_ERROR, "Failure to load dynamic library." )
|
||||
ER2( PR_UNLOAD_LIBRARY_ERROR, "Failure to unload dynamic library." )
|
||||
ER2( PR_FIND_SYMBOL_ERROR,
|
||||
"Symbol not found in any of the loaded dynamic libraries." )
|
||||
ER2( PR_INSUFFICIENT_RESOURCES_ERROR, "Insufficient system resources." )
|
||||
ER2( PR_DIRECTORY_LOOKUP_ERROR,
|
||||
ER2( PR_DIRECTORY_LOOKUP_ERROR,
|
||||
"A directory lookup on a network address has failed." )
|
||||
ER2( PR_TPD_RANGE_ERROR,
|
||||
ER2( PR_TPD_RANGE_ERROR,
|
||||
"Attempt to access a TPD key that is out of range." )
|
||||
ER2( PR_PROC_DESC_TABLE_FULL_ERROR, "Process open FD table is full." )
|
||||
ER2( PR_SYS_DESC_TABLE_FULL_ERROR, "System open FD table is full." )
|
||||
ER2( PR_NOT_SOCKET_ERROR,
|
||||
ER2( PR_NOT_SOCKET_ERROR,
|
||||
"Network operation attempted on non-network file descriptor." )
|
||||
ER2( PR_NOT_TCP_SOCKET_ERROR,
|
||||
ER2( PR_NOT_TCP_SOCKET_ERROR,
|
||||
"TCP-specific function attempted on a non-TCP file descriptor." )
|
||||
ER2( PR_SOCKET_ADDRESS_IS_BOUND_ERROR, "TCP file descriptor is already bound." )
|
||||
ER2( PR_NO_ACCESS_RIGHTS_ERROR, "Access Denied." )
|
||||
|
@ -80,24 +80,24 @@ ER2( PR_OPERATION_NOT_SUPPORTED_ERROR,
|
|||
"The requested operation is not supported by the platform." )
|
||||
ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR,
|
||||
"The host operating system does not support the protocol requested." )
|
||||
ER2( PR_REMOTE_FILE_ERROR, "Access to the remote file has been severed." )
|
||||
ER2( PR_BUFFER_OVERFLOW_ERROR,
|
||||
ER2( PR_REMOTE_FILE_ERROR, "Access to the remote file has been severed." )
|
||||
ER2( PR_BUFFER_OVERFLOW_ERROR,
|
||||
"The value requested is too large to be stored in the data buffer provided." )
|
||||
ER2( PR_CONNECT_RESET_ERROR, "TCP connection reset by peer." )
|
||||
ER2( PR_RANGE_ERROR, "Unused." )
|
||||
ER2( PR_DEADLOCK_ERROR, "The operation would have deadlocked." )
|
||||
ER2( PR_FILE_IS_LOCKED_ERROR, "The file is already locked." )
|
||||
ER2( PR_FILE_TOO_BIG_ERROR,
|
||||
ER2( PR_CONNECT_RESET_ERROR, "TCP connection reset by peer." )
|
||||
ER2( PR_RANGE_ERROR, "Unused." )
|
||||
ER2( PR_DEADLOCK_ERROR, "The operation would have deadlocked." )
|
||||
ER2( PR_FILE_IS_LOCKED_ERROR, "The file is already locked." )
|
||||
ER2( PR_FILE_TOO_BIG_ERROR,
|
||||
"Write would result in file larger than the system allows." )
|
||||
ER2( PR_NO_DEVICE_SPACE_ERROR, "The device for storing the file is full." )
|
||||
ER2( PR_PIPE_ERROR, "Unused." )
|
||||
ER2( PR_NO_SEEK_DEVICE_ERROR, "Unused." )
|
||||
ER2( PR_IS_DIRECTORY_ERROR,
|
||||
ER2( PR_NO_DEVICE_SPACE_ERROR, "The device for storing the file is full." )
|
||||
ER2( PR_PIPE_ERROR, "Unused." )
|
||||
ER2( PR_NO_SEEK_DEVICE_ERROR, "Unused." )
|
||||
ER2( PR_IS_DIRECTORY_ERROR,
|
||||
"Cannot perform a normal file operation on a directory." )
|
||||
ER2( PR_LOOP_ERROR, "Symbolic link loop." )
|
||||
ER2( PR_NAME_TOO_LONG_ERROR, "File name is too long." )
|
||||
ER2( PR_FILE_NOT_FOUND_ERROR, "File not found." )
|
||||
ER2( PR_NOT_DIRECTORY_ERROR,
|
||||
ER2( PR_LOOP_ERROR, "Symbolic link loop." )
|
||||
ER2( PR_NAME_TOO_LONG_ERROR, "File name is too long." )
|
||||
ER2( PR_FILE_NOT_FOUND_ERROR, "File not found." )
|
||||
ER2( PR_NOT_DIRECTORY_ERROR,
|
||||
"Cannot perform directory operation on a normal file." )
|
||||
ER2( PR_READ_ONLY_FILESYSTEM_ERROR,
|
||||
"Cannot write to a read-only file system." )
|
||||
|
@ -105,49 +105,49 @@ ER2( PR_DIRECTORY_NOT_EMPTY_ERROR,
|
|||
"Cannot delete a directory that is not empty." )
|
||||
ER2( PR_FILESYSTEM_MOUNTED_ERROR,
|
||||
"Cannot delete or rename a file object while the file system is busy." )
|
||||
ER2( PR_NOT_SAME_DEVICE_ERROR,
|
||||
ER2( PR_NOT_SAME_DEVICE_ERROR,
|
||||
"Cannot rename a file to a file system on another device." )
|
||||
ER2( PR_DIRECTORY_CORRUPTED_ERROR,
|
||||
"The directory object in the file system is corrupted." )
|
||||
ER2( PR_FILE_EXISTS_ERROR,
|
||||
ER2( PR_FILE_EXISTS_ERROR,
|
||||
"Cannot create or rename a filename that already exists." )
|
||||
ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR,
|
||||
"Directory is full. No additional filenames may be added." )
|
||||
ER2( PR_INVALID_DEVICE_STATE_ERROR,
|
||||
"The required device was in an invalid state." )
|
||||
ER2( PR_DEVICE_IS_LOCKED_ERROR, "The device is locked." )
|
||||
ER2( PR_NO_MORE_FILES_ERROR, "No more entries in the directory." )
|
||||
ER2( PR_END_OF_FILE_ERROR, "Encountered end of file." )
|
||||
ER2( PR_FILE_SEEK_ERROR, "Seek error." )
|
||||
ER2( PR_FILE_IS_BUSY_ERROR, "The file is busy." )
|
||||
ER2( PR_NO_MORE_FILES_ERROR, "No more entries in the directory." )
|
||||
ER2( PR_END_OF_FILE_ERROR, "Encountered end of file." )
|
||||
ER2( PR_FILE_SEEK_ERROR, "Seek error." )
|
||||
ER2( PR_FILE_IS_BUSY_ERROR, "The file is busy." )
|
||||
ER2( PR_IN_PROGRESS_ERROR,
|
||||
"Operation is still in progress (probably a non-blocking connect)." )
|
||||
ER2( PR_ALREADY_INITIATED_ERROR,
|
||||
"Operation has already been initiated (probably a non-blocking connect)." )
|
||||
|
||||
#ifdef PR_GROUP_EMPTY_ERROR
|
||||
ER2( PR_GROUP_EMPTY_ERROR, "The wait group is empty." )
|
||||
ER2( PR_GROUP_EMPTY_ERROR, "The wait group is empty." )
|
||||
#endif
|
||||
|
||||
#ifdef PR_INVALID_STATE_ERROR
|
||||
ER2( PR_INVALID_STATE_ERROR, "Object state improper for request." )
|
||||
ER2( PR_INVALID_STATE_ERROR, "Object state improper for request." )
|
||||
#endif
|
||||
|
||||
#ifdef PR_NETWORK_DOWN_ERROR
|
||||
ER2( PR_NETWORK_DOWN_ERROR, "Network is down." )
|
||||
ER2( PR_NETWORK_DOWN_ERROR, "Network is down." )
|
||||
#endif
|
||||
|
||||
#ifdef PR_SOCKET_SHUTDOWN_ERROR
|
||||
ER2( PR_SOCKET_SHUTDOWN_ERROR, "The socket was previously shut down." )
|
||||
ER2( PR_SOCKET_SHUTDOWN_ERROR, "The socket was previously shut down." )
|
||||
#endif
|
||||
|
||||
#ifdef PR_CONNECT_ABORTED_ERROR
|
||||
ER2( PR_CONNECT_ABORTED_ERROR, "TCP Connection aborted." )
|
||||
ER2( PR_CONNECT_ABORTED_ERROR, "TCP Connection aborted." )
|
||||
#endif
|
||||
|
||||
#ifdef PR_HOST_UNREACHABLE_ERROR
|
||||
ER2( PR_HOST_UNREACHABLE_ERROR, "Host is unreachable." )
|
||||
ER2( PR_HOST_UNREACHABLE_ERROR, "Host is unreachable." )
|
||||
#endif
|
||||
|
||||
/* always last */
|
||||
ER2( PR_MAX_ERROR, "Placeholder for the end of the list" )
|
||||
ER2( PR_MAX_ERROR, "Placeholder for the end of the list" )
|
||||
|
|
312
SECerrs.h
312
SECerrs.h
|
@ -37,448 +37,448 @@
|
|||
/* General security error codes */
|
||||
/* Caller must #include <secerr.h> */
|
||||
|
||||
ER3(SEC_ERROR_IO, SEC_ERROR_BASE + 0,
|
||||
ER3(SEC_ERROR_IO, SEC_ERROR_BASE + 0,
|
||||
"An I/O error occurred during security authorization.")
|
||||
|
||||
ER3(SEC_ERROR_LIBRARY_FAILURE, SEC_ERROR_BASE + 1,
|
||||
ER3(SEC_ERROR_LIBRARY_FAILURE, SEC_ERROR_BASE + 1,
|
||||
"security library failure.")
|
||||
|
||||
ER3(SEC_ERROR_BAD_DATA, SEC_ERROR_BASE + 2,
|
||||
ER3(SEC_ERROR_BAD_DATA, SEC_ERROR_BASE + 2,
|
||||
"security library: received bad data.")
|
||||
|
||||
ER3(SEC_ERROR_OUTPUT_LEN, SEC_ERROR_BASE + 3,
|
||||
ER3(SEC_ERROR_OUTPUT_LEN, SEC_ERROR_BASE + 3,
|
||||
"security library: output length error.")
|
||||
|
||||
ER3(SEC_ERROR_INPUT_LEN, SEC_ERROR_BASE + 4,
|
||||
ER3(SEC_ERROR_INPUT_LEN, SEC_ERROR_BASE + 4,
|
||||
"security library has experienced an input length error.")
|
||||
|
||||
ER3(SEC_ERROR_INVALID_ARGS, SEC_ERROR_BASE + 5,
|
||||
ER3(SEC_ERROR_INVALID_ARGS, SEC_ERROR_BASE + 5,
|
||||
"security library: invalid arguments.")
|
||||
|
||||
ER3(SEC_ERROR_INVALID_ALGORITHM, SEC_ERROR_BASE + 6,
|
||||
ER3(SEC_ERROR_INVALID_ALGORITHM, SEC_ERROR_BASE + 6,
|
||||
"security library: invalid algorithm.")
|
||||
|
||||
ER3(SEC_ERROR_INVALID_AVA, SEC_ERROR_BASE + 7,
|
||||
ER3(SEC_ERROR_INVALID_AVA, SEC_ERROR_BASE + 7,
|
||||
"security library: invalid AVA.")
|
||||
|
||||
ER3(SEC_ERROR_INVALID_TIME, SEC_ERROR_BASE + 8,
|
||||
ER3(SEC_ERROR_INVALID_TIME, SEC_ERROR_BASE + 8,
|
||||
"Improperly formatted time string.")
|
||||
|
||||
ER3(SEC_ERROR_BAD_DER, SEC_ERROR_BASE + 9,
|
||||
ER3(SEC_ERROR_BAD_DER, SEC_ERROR_BASE + 9,
|
||||
"security library: improperly formatted DER-encoded message.")
|
||||
|
||||
ER3(SEC_ERROR_BAD_SIGNATURE, SEC_ERROR_BASE + 10,
|
||||
ER3(SEC_ERROR_BAD_SIGNATURE, SEC_ERROR_BASE + 10,
|
||||
"Peer's certificate has an invalid signature.")
|
||||
|
||||
ER3(SEC_ERROR_EXPIRED_CERTIFICATE, SEC_ERROR_BASE + 11,
|
||||
ER3(SEC_ERROR_EXPIRED_CERTIFICATE, SEC_ERROR_BASE + 11,
|
||||
"Peer's Certificate has expired.")
|
||||
|
||||
ER3(SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_BASE + 12,
|
||||
ER3(SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_BASE + 12,
|
||||
"Peer's Certificate has been revoked.")
|
||||
|
||||
ER3(SEC_ERROR_UNKNOWN_ISSUER, SEC_ERROR_BASE + 13,
|
||||
ER3(SEC_ERROR_UNKNOWN_ISSUER, SEC_ERROR_BASE + 13,
|
||||
"Peer's Certificate issuer is not recognized.")
|
||||
|
||||
ER3(SEC_ERROR_BAD_KEY, SEC_ERROR_BASE + 14,
|
||||
ER3(SEC_ERROR_BAD_KEY, SEC_ERROR_BASE + 14,
|
||||
"Peer's public key is invalid.")
|
||||
|
||||
ER3(SEC_ERROR_BAD_PASSWORD, SEC_ERROR_BASE + 15,
|
||||
ER3(SEC_ERROR_BAD_PASSWORD, SEC_ERROR_BASE + 15,
|
||||
"The security password entered is incorrect.")
|
||||
|
||||
ER3(SEC_ERROR_RETRY_PASSWORD, SEC_ERROR_BASE + 16,
|
||||
ER3(SEC_ERROR_RETRY_PASSWORD, SEC_ERROR_BASE + 16,
|
||||
"New password entered incorrectly. Please try again.")
|
||||
|
||||
ER3(SEC_ERROR_NO_NODELOCK, SEC_ERROR_BASE + 17,
|
||||
ER3(SEC_ERROR_NO_NODELOCK, SEC_ERROR_BASE + 17,
|
||||
"security library: no nodelock.")
|
||||
|
||||
ER3(SEC_ERROR_BAD_DATABASE, SEC_ERROR_BASE + 18,
|
||||
ER3(SEC_ERROR_BAD_DATABASE, SEC_ERROR_BASE + 18,
|
||||
"security library: bad database.")
|
||||
|
||||
ER3(SEC_ERROR_NO_MEMORY, SEC_ERROR_BASE + 19,
|
||||
ER3(SEC_ERROR_NO_MEMORY, SEC_ERROR_BASE + 19,
|
||||
"security library: memory allocation failure.")
|
||||
|
||||
ER3(SEC_ERROR_UNTRUSTED_ISSUER, SEC_ERROR_BASE + 20,
|
||||
ER3(SEC_ERROR_UNTRUSTED_ISSUER, SEC_ERROR_BASE + 20,
|
||||
"Peer's certificate issuer has been marked as not trusted by the user.")
|
||||
|
||||
ER3(SEC_ERROR_UNTRUSTED_CERT, SEC_ERROR_BASE + 21,
|
||||
ER3(SEC_ERROR_UNTRUSTED_CERT, SEC_ERROR_BASE + 21,
|
||||
"Peer's certificate has been marked as not trusted by the user.")
|
||||
|
||||
ER3(SEC_ERROR_DUPLICATE_CERT, (SEC_ERROR_BASE + 22),
|
||||
ER3(SEC_ERROR_DUPLICATE_CERT, (SEC_ERROR_BASE + 22),
|
||||
"Certificate already exists in your database.")
|
||||
|
||||
ER3(SEC_ERROR_DUPLICATE_CERT_NAME, (SEC_ERROR_BASE + 23),
|
||||
ER3(SEC_ERROR_DUPLICATE_CERT_NAME, (SEC_ERROR_BASE + 23),
|
||||
"Downloaded certificate's name duplicates one already in your database.")
|
||||
|
||||
ER3(SEC_ERROR_ADDING_CERT, (SEC_ERROR_BASE + 24),
|
||||
ER3(SEC_ERROR_ADDING_CERT, (SEC_ERROR_BASE + 24),
|
||||
"Error adding certificate to database.")
|
||||
|
||||
ER3(SEC_ERROR_FILING_KEY, (SEC_ERROR_BASE + 25),
|
||||
ER3(SEC_ERROR_FILING_KEY, (SEC_ERROR_BASE + 25),
|
||||
"Error refiling the key for this certificate.")
|
||||
|
||||
ER3(SEC_ERROR_NO_KEY, (SEC_ERROR_BASE + 26),
|
||||
ER3(SEC_ERROR_NO_KEY, (SEC_ERROR_BASE + 26),
|
||||
"The private key for this certificate cannot be found in key database")
|
||||
|
||||
ER3(SEC_ERROR_CERT_VALID, (SEC_ERROR_BASE + 27),
|
||||
ER3(SEC_ERROR_CERT_VALID, (SEC_ERROR_BASE + 27),
|
||||
"This certificate is valid.")
|
||||
|
||||
ER3(SEC_ERROR_CERT_NOT_VALID, (SEC_ERROR_BASE + 28),
|
||||
ER3(SEC_ERROR_CERT_NOT_VALID, (SEC_ERROR_BASE + 28),
|
||||
"This certificate is not valid.")
|
||||
|
||||
ER3(SEC_ERROR_CERT_NO_RESPONSE, (SEC_ERROR_BASE + 29),
|
||||
ER3(SEC_ERROR_CERT_NO_RESPONSE, (SEC_ERROR_BASE + 29),
|
||||
"Cert Library: No Response")
|
||||
|
||||
ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, (SEC_ERROR_BASE + 30),
|
||||
ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, (SEC_ERROR_BASE + 30),
|
||||
"The certificate issuer's certificate has expired. Check your system date and time.")
|
||||
|
||||
ER3(SEC_ERROR_CRL_EXPIRED, (SEC_ERROR_BASE + 31),
|
||||
ER3(SEC_ERROR_CRL_EXPIRED, (SEC_ERROR_BASE + 31),
|
||||
"The CRL for the certificate's issuer has expired. Update it or check your system date and time.")
|
||||
|
||||
ER3(SEC_ERROR_CRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 32),
|
||||
ER3(SEC_ERROR_CRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 32),
|
||||
"The CRL for the certificate's issuer has an invalid signature.")
|
||||
|
||||
ER3(SEC_ERROR_CRL_INVALID, (SEC_ERROR_BASE + 33),
|
||||
ER3(SEC_ERROR_CRL_INVALID, (SEC_ERROR_BASE + 33),
|
||||
"New CRL has an invalid format.")
|
||||
|
||||
ER3(SEC_ERROR_EXTENSION_VALUE_INVALID, (SEC_ERROR_BASE + 34),
|
||||
ER3(SEC_ERROR_EXTENSION_VALUE_INVALID, (SEC_ERROR_BASE + 34),
|
||||
"Certificate extension value is invalid.")
|
||||
|
||||
ER3(SEC_ERROR_EXTENSION_NOT_FOUND, (SEC_ERROR_BASE + 35),
|
||||
ER3(SEC_ERROR_EXTENSION_NOT_FOUND, (SEC_ERROR_BASE + 35),
|
||||
"Certificate extension not found.")
|
||||
|
||||
ER3(SEC_ERROR_CA_CERT_INVALID, (SEC_ERROR_BASE + 36),
|
||||
ER3(SEC_ERROR_CA_CERT_INVALID, (SEC_ERROR_BASE + 36),
|
||||
"Issuer certificate is invalid.")
|
||||
|
||||
ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID, (SEC_ERROR_BASE + 37),
|
||||
ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID, (SEC_ERROR_BASE + 37),
|
||||
"Certificate path length constraint is invalid.")
|
||||
|
||||
ER3(SEC_ERROR_CERT_USAGES_INVALID, (SEC_ERROR_BASE + 38),
|
||||
ER3(SEC_ERROR_CERT_USAGES_INVALID, (SEC_ERROR_BASE + 38),
|
||||
"Certificate usages field is invalid.")
|
||||
|
||||
ER3(SEC_INTERNAL_ONLY, (SEC_ERROR_BASE + 39),
|
||||
ER3(SEC_INTERNAL_ONLY, (SEC_ERROR_BASE + 39),
|
||||
"**Internal ONLY module**")
|
||||
|
||||
ER3(SEC_ERROR_INVALID_KEY, (SEC_ERROR_BASE + 40),
|
||||
ER3(SEC_ERROR_INVALID_KEY, (SEC_ERROR_BASE + 40),
|
||||
"The key does not support the requested operation.")
|
||||
|
||||
ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 41),
|
||||
ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 41),
|
||||
"Certificate contains unknown critical extension.")
|
||||
|
||||
ER3(SEC_ERROR_OLD_CRL, (SEC_ERROR_BASE + 42),
|
||||
ER3(SEC_ERROR_OLD_CRL, (SEC_ERROR_BASE + 42),
|
||||
"New CRL is not later than the current one.")
|
||||
|
||||
ER3(SEC_ERROR_NO_EMAIL_CERT, (SEC_ERROR_BASE + 43),
|
||||
ER3(SEC_ERROR_NO_EMAIL_CERT, (SEC_ERROR_BASE + 43),
|
||||
"Not encrypted or signed: you do not yet have an email certificate.")
|
||||
|
||||
ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY, (SEC_ERROR_BASE + 44),
|
||||
ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY, (SEC_ERROR_BASE + 44),
|
||||
"Not encrypted: you do not have certificates for each of the recipients.")
|
||||
|
||||
ER3(SEC_ERROR_NOT_A_RECIPIENT, (SEC_ERROR_BASE + 45),
|
||||
ER3(SEC_ERROR_NOT_A_RECIPIENT, (SEC_ERROR_BASE + 45),
|
||||
"Cannot decrypt: you are not a recipient, or matching certificate and \
|
||||
private key not found.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH, (SEC_ERROR_BASE + 46),
|
||||
ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH, (SEC_ERROR_BASE + 46),
|
||||
"Cannot decrypt: key encryption algorithm does not match your certificate.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE, (SEC_ERROR_BASE + 47),
|
||||
ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE, (SEC_ERROR_BASE + 47),
|
||||
"Signature verification failed: no signer found, too many signers found, \
|
||||
or improper or corrupted data.")
|
||||
|
||||
ER3(SEC_ERROR_UNSUPPORTED_KEYALG, (SEC_ERROR_BASE + 48),
|
||||
ER3(SEC_ERROR_UNSUPPORTED_KEYALG, (SEC_ERROR_BASE + 48),
|
||||
"Unsupported or unknown key algorithm.")
|
||||
|
||||
ER3(SEC_ERROR_DECRYPTION_DISALLOWED, (SEC_ERROR_BASE + 49),
|
||||
ER3(SEC_ERROR_DECRYPTION_DISALLOWED, (SEC_ERROR_BASE + 49),
|
||||
"Cannot decrypt: encrypted using a disallowed algorithm or key size.")
|
||||
|
||||
|
||||
/* Fortezza Alerts */
|
||||
ER3(XP_SEC_FORTEZZA_BAD_CARD, (SEC_ERROR_BASE + 50),
|
||||
ER3(XP_SEC_FORTEZZA_BAD_CARD, (SEC_ERROR_BASE + 50),
|
||||
"Fortezza card has not been properly initialized. \
|
||||
Please remove it and return it to your issuer.")
|
||||
|
||||
ER3(XP_SEC_FORTEZZA_NO_CARD, (SEC_ERROR_BASE + 51),
|
||||
ER3(XP_SEC_FORTEZZA_NO_CARD, (SEC_ERROR_BASE + 51),
|
||||
"No Fortezza cards Found")
|
||||
|
||||
ER3(XP_SEC_FORTEZZA_NONE_SELECTED, (SEC_ERROR_BASE + 52),
|
||||
ER3(XP_SEC_FORTEZZA_NONE_SELECTED, (SEC_ERROR_BASE + 52),
|
||||
"No Fortezza card selected")
|
||||
|
||||
ER3(XP_SEC_FORTEZZA_MORE_INFO, (SEC_ERROR_BASE + 53),
|
||||
ER3(XP_SEC_FORTEZZA_MORE_INFO, (SEC_ERROR_BASE + 53),
|
||||
"Please select a personality to get more info on")
|
||||
|
||||
ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND, (SEC_ERROR_BASE + 54),
|
||||
ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND, (SEC_ERROR_BASE + 54),
|
||||
"Personality not found")
|
||||
|
||||
ER3(XP_SEC_FORTEZZA_NO_MORE_INFO, (SEC_ERROR_BASE + 55),
|
||||
ER3(XP_SEC_FORTEZZA_NO_MORE_INFO, (SEC_ERROR_BASE + 55),
|
||||
"No more information on that Personality")
|
||||
|
||||
ER3(XP_SEC_FORTEZZA_BAD_PIN, (SEC_ERROR_BASE + 56),
|
||||
ER3(XP_SEC_FORTEZZA_BAD_PIN, (SEC_ERROR_BASE + 56),
|
||||
"Invalid Pin")
|
||||
|
||||
ER3(XP_SEC_FORTEZZA_PERSON_ERROR, (SEC_ERROR_BASE + 57),
|
||||
ER3(XP_SEC_FORTEZZA_PERSON_ERROR, (SEC_ERROR_BASE + 57),
|
||||
"Couldn't initialize Fortezza personalities.")
|
||||
/* end fortezza alerts. */
|
||||
|
||||
ER3(SEC_ERROR_NO_KRL, (SEC_ERROR_BASE + 58),
|
||||
ER3(SEC_ERROR_NO_KRL, (SEC_ERROR_BASE + 58),
|
||||
"No KRL for this site's certificate has been found.")
|
||||
|
||||
ER3(SEC_ERROR_KRL_EXPIRED, (SEC_ERROR_BASE + 59),
|
||||
ER3(SEC_ERROR_KRL_EXPIRED, (SEC_ERROR_BASE + 59),
|
||||
"The KRL for this site's certificate has expired.")
|
||||
|
||||
ER3(SEC_ERROR_KRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 60),
|
||||
ER3(SEC_ERROR_KRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 60),
|
||||
"The KRL for this site's certificate has an invalid signature.")
|
||||
|
||||
ER3(SEC_ERROR_REVOKED_KEY, (SEC_ERROR_BASE + 61),
|
||||
ER3(SEC_ERROR_REVOKED_KEY, (SEC_ERROR_BASE + 61),
|
||||
"The key for this site's certificate has been revoked.")
|
||||
|
||||
ER3(SEC_ERROR_KRL_INVALID, (SEC_ERROR_BASE + 62),
|
||||
ER3(SEC_ERROR_KRL_INVALID, (SEC_ERROR_BASE + 62),
|
||||
"New KRL has an invalid format.")
|
||||
|
||||
ER3(SEC_ERROR_NEED_RANDOM, (SEC_ERROR_BASE + 63),
|
||||
ER3(SEC_ERROR_NEED_RANDOM, (SEC_ERROR_BASE + 63),
|
||||
"security library: need random data.")
|
||||
|
||||
ER3(SEC_ERROR_NO_MODULE, (SEC_ERROR_BASE + 64),
|
||||
ER3(SEC_ERROR_NO_MODULE, (SEC_ERROR_BASE + 64),
|
||||
"security library: no security module can perform the requested operation.")
|
||||
|
||||
ER3(SEC_ERROR_NO_TOKEN, (SEC_ERROR_BASE + 65),
|
||||
ER3(SEC_ERROR_NO_TOKEN, (SEC_ERROR_BASE + 65),
|
||||
"The security card or token does not exist, needs to be initialized, or has been removed.")
|
||||
|
||||
ER3(SEC_ERROR_READ_ONLY, (SEC_ERROR_BASE + 66),
|
||||
ER3(SEC_ERROR_READ_ONLY, (SEC_ERROR_BASE + 66),
|
||||
"security library: read-only database.")
|
||||
|
||||
ER3(SEC_ERROR_NO_SLOT_SELECTED, (SEC_ERROR_BASE + 67),
|
||||
ER3(SEC_ERROR_NO_SLOT_SELECTED, (SEC_ERROR_BASE + 67),
|
||||
"No slot or token was selected.")
|
||||
|
||||
ER3(SEC_ERROR_CERT_NICKNAME_COLLISION, (SEC_ERROR_BASE + 68),
|
||||
ER3(SEC_ERROR_CERT_NICKNAME_COLLISION, (SEC_ERROR_BASE + 68),
|
||||
"A certificate with the same nickname already exists.")
|
||||
|
||||
ER3(SEC_ERROR_KEY_NICKNAME_COLLISION, (SEC_ERROR_BASE + 69),
|
||||
ER3(SEC_ERROR_KEY_NICKNAME_COLLISION, (SEC_ERROR_BASE + 69),
|
||||
"A key with the same nickname already exists.")
|
||||
|
||||
ER3(SEC_ERROR_SAFE_NOT_CREATED, (SEC_ERROR_BASE + 70),
|
||||
ER3(SEC_ERROR_SAFE_NOT_CREATED, (SEC_ERROR_BASE + 70),
|
||||
"error while creating safe object")
|
||||
|
||||
ER3(SEC_ERROR_BAGGAGE_NOT_CREATED, (SEC_ERROR_BASE + 71),
|
||||
ER3(SEC_ERROR_BAGGAGE_NOT_CREATED, (SEC_ERROR_BASE + 71),
|
||||
"error while creating baggage object")
|
||||
|
||||
ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR, (SEC_ERROR_BASE + 72),
|
||||
ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR, (SEC_ERROR_BASE + 72),
|
||||
"Couldn't remove the principal")
|
||||
|
||||
ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR, (SEC_ERROR_BASE + 73),
|
||||
ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR, (SEC_ERROR_BASE + 73),
|
||||
"Couldn't delete the privilege")
|
||||
|
||||
ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR, (SEC_ERROR_BASE + 74),
|
||||
ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR, (SEC_ERROR_BASE + 74),
|
||||
"This principal doesn't have a certificate")
|
||||
|
||||
ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM, (SEC_ERROR_BASE + 75),
|
||||
ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM, (SEC_ERROR_BASE + 75),
|
||||
"Required algorithm is not allowed.")
|
||||
|
||||
ER3(SEC_ERROR_EXPORTING_CERTIFICATES, (SEC_ERROR_BASE + 76),
|
||||
ER3(SEC_ERROR_EXPORTING_CERTIFICATES, (SEC_ERROR_BASE + 76),
|
||||
"Error attempting to export certificates.")
|
||||
|
||||
ER3(SEC_ERROR_IMPORTING_CERTIFICATES, (SEC_ERROR_BASE + 77),
|
||||
ER3(SEC_ERROR_IMPORTING_CERTIFICATES, (SEC_ERROR_BASE + 77),
|
||||
"Error attempting to import certificates.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS12_DECODING_PFX, (SEC_ERROR_BASE + 78),
|
||||
ER3(SEC_ERROR_PKCS12_DECODING_PFX, (SEC_ERROR_BASE + 78),
|
||||
"Unable to import. Decoding error. File not valid.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS12_INVALID_MAC, (SEC_ERROR_BASE + 79),
|
||||
ER3(SEC_ERROR_PKCS12_INVALID_MAC, (SEC_ERROR_BASE + 79),
|
||||
"Unable to import. Invalid MAC. Incorrect password or corrupt file.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM, (SEC_ERROR_BASE + 80),
|
||||
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM, (SEC_ERROR_BASE + 80),
|
||||
"Unable to import. MAC algorithm not supported.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE,(SEC_ERROR_BASE + 81),
|
||||
"Unable to import. Only password integrity and privacy modes supported.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE, (SEC_ERROR_BASE + 82),
|
||||
ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE, (SEC_ERROR_BASE + 82),
|
||||
"Unable to import. File structure is corrupt.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM, (SEC_ERROR_BASE + 83),
|
||||
"Unable to import. Encryption algorithm not supported.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION, (SEC_ERROR_BASE + 84),
|
||||
ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION, (SEC_ERROR_BASE + 84),
|
||||
"Unable to import. File version not supported.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT,(SEC_ERROR_BASE + 85),
|
||||
"Unable to import. Incorrect privacy password.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS12_CERT_COLLISION, (SEC_ERROR_BASE + 86),
|
||||
ER3(SEC_ERROR_PKCS12_CERT_COLLISION, (SEC_ERROR_BASE + 86),
|
||||
"Unable to import. Same nickname already exists in database.")
|
||||
|
||||
ER3(SEC_ERROR_USER_CANCELLED, (SEC_ERROR_BASE + 87),
|
||||
ER3(SEC_ERROR_USER_CANCELLED, (SEC_ERROR_BASE + 87),
|
||||
"The user pressed cancel.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA, (SEC_ERROR_BASE + 88),
|
||||
ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA, (SEC_ERROR_BASE + 88),
|
||||
"Not imported, already in database.")
|
||||
|
||||
ER3(SEC_ERROR_MESSAGE_SEND_ABORTED, (SEC_ERROR_BASE + 89),
|
||||
ER3(SEC_ERROR_MESSAGE_SEND_ABORTED, (SEC_ERROR_BASE + 89),
|
||||
"Message not sent.")
|
||||
|
||||
ER3(SEC_ERROR_INADEQUATE_KEY_USAGE, (SEC_ERROR_BASE + 90),
|
||||
ER3(SEC_ERROR_INADEQUATE_KEY_USAGE, (SEC_ERROR_BASE + 90),
|
||||
"Certificate key usage inadequate for attempted operation.")
|
||||
|
||||
ER3(SEC_ERROR_INADEQUATE_CERT_TYPE, (SEC_ERROR_BASE + 91),
|
||||
ER3(SEC_ERROR_INADEQUATE_CERT_TYPE, (SEC_ERROR_BASE + 91),
|
||||
"Certificate type not approved for application.")
|
||||
|
||||
ER3(SEC_ERROR_CERT_ADDR_MISMATCH, (SEC_ERROR_BASE + 92),
|
||||
ER3(SEC_ERROR_CERT_ADDR_MISMATCH, (SEC_ERROR_BASE + 92),
|
||||
"Address in signing certificate does not match address in message headers.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY, (SEC_ERROR_BASE + 93),
|
||||
ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY, (SEC_ERROR_BASE + 93),
|
||||
"Unable to import. Error attempting to import private key.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN, (SEC_ERROR_BASE + 94),
|
||||
ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN, (SEC_ERROR_BASE + 94),
|
||||
"Unable to import. Error attempting to import certificate chain.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME, (SEC_ERROR_BASE + 95),
|
||||
"Unable to export. Unable to locate certificate or key by nickname.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY, (SEC_ERROR_BASE + 96),
|
||||
ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY, (SEC_ERROR_BASE + 96),
|
||||
"Unable to export. Private Key could not be located and exported.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, (SEC_ERROR_BASE + 97),
|
||||
ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, (SEC_ERROR_BASE + 97),
|
||||
"Unable to export. Unable to write the export file.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ, (SEC_ERROR_BASE + 98),
|
||||
ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ, (SEC_ERROR_BASE + 98),
|
||||
"Unable to import. Unable to read the import file.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED, (SEC_ERROR_BASE + 99),
|
||||
"Unable to export. Key database corrupt or deleted.")
|
||||
|
||||
ER3(SEC_ERROR_KEYGEN_FAIL, (SEC_ERROR_BASE + 100),
|
||||
ER3(SEC_ERROR_KEYGEN_FAIL, (SEC_ERROR_BASE + 100),
|
||||
"Unable to generate public/private key pair.")
|
||||
|
||||
ER3(SEC_ERROR_INVALID_PASSWORD, (SEC_ERROR_BASE + 101),
|
||||
ER3(SEC_ERROR_INVALID_PASSWORD, (SEC_ERROR_BASE + 101),
|
||||
"Password entered is invalid. Please pick a different one.")
|
||||
|
||||
ER3(SEC_ERROR_RETRY_OLD_PASSWORD, (SEC_ERROR_BASE + 102),
|
||||
ER3(SEC_ERROR_RETRY_OLD_PASSWORD, (SEC_ERROR_BASE + 102),
|
||||
"Old password entered incorrectly. Please try again.")
|
||||
|
||||
ER3(SEC_ERROR_BAD_NICKNAME, (SEC_ERROR_BASE + 103),
|
||||
ER3(SEC_ERROR_BAD_NICKNAME, (SEC_ERROR_BASE + 103),
|
||||
"Certificate nickname already in use.")
|
||||
|
||||
ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER, (SEC_ERROR_BASE + 104),
|
||||
ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER, (SEC_ERROR_BASE + 104),
|
||||
"Peer FORTEZZA chain has a non-FORTEZZA Certificate.")
|
||||
|
||||
ER3(SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY, (SEC_ERROR_BASE + 105),
|
||||
ER3(SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY, (SEC_ERROR_BASE + 105),
|
||||
"A sensitive key cannot be moved to the slot where it is needed.")
|
||||
|
||||
ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, (SEC_ERROR_BASE + 106),
|
||||
ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, (SEC_ERROR_BASE + 106),
|
||||
"Invalid module name.")
|
||||
|
||||
ER3(SEC_ERROR_JS_INVALID_DLL, (SEC_ERROR_BASE + 107),
|
||||
ER3(SEC_ERROR_JS_INVALID_DLL, (SEC_ERROR_BASE + 107),
|
||||
"Invalid module path/filename")
|
||||
|
||||
ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, (SEC_ERROR_BASE + 108),
|
||||
ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, (SEC_ERROR_BASE + 108),
|
||||
"Unable to add module")
|
||||
|
||||
ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, (SEC_ERROR_BASE + 109),
|
||||
ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, (SEC_ERROR_BASE + 109),
|
||||
"Unable to delete module")
|
||||
|
||||
ER3(SEC_ERROR_OLD_KRL, (SEC_ERROR_BASE + 110),
|
||||
ER3(SEC_ERROR_OLD_KRL, (SEC_ERROR_BASE + 110),
|
||||
"New KRL is not later than the current one.")
|
||||
|
||||
ER3(SEC_ERROR_CKL_CONFLICT, (SEC_ERROR_BASE + 111),
|
||||
ER3(SEC_ERROR_CKL_CONFLICT, (SEC_ERROR_BASE + 111),
|
||||
"New CKL has different issuer than current CKL. Delete current CKL.")
|
||||
|
||||
ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, (SEC_ERROR_BASE + 112),
|
||||
ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, (SEC_ERROR_BASE + 112),
|
||||
"The Certifying Authority for this certificate is not permitted to issue a \
|
||||
certificate with this name.")
|
||||
|
||||
ER3(SEC_ERROR_KRL_NOT_YET_VALID, (SEC_ERROR_BASE + 113),
|
||||
ER3(SEC_ERROR_KRL_NOT_YET_VALID, (SEC_ERROR_BASE + 113),
|
||||
"The key revocation list for this certificate is not yet valid.")
|
||||
|
||||
ER3(SEC_ERROR_CRL_NOT_YET_VALID, (SEC_ERROR_BASE + 114),
|
||||
ER3(SEC_ERROR_CRL_NOT_YET_VALID, (SEC_ERROR_BASE + 114),
|
||||
"The certificate revocation list for this certificate is not yet valid.")
|
||||
|
||||
ER3(SEC_ERROR_UNKNOWN_CERT, (SEC_ERROR_BASE + 115),
|
||||
ER3(SEC_ERROR_UNKNOWN_CERT, (SEC_ERROR_BASE + 115),
|
||||
"The requested certificate could not be found.")
|
||||
|
||||
ER3(SEC_ERROR_UNKNOWN_SIGNER, (SEC_ERROR_BASE + 116),
|
||||
ER3(SEC_ERROR_UNKNOWN_SIGNER, (SEC_ERROR_BASE + 116),
|
||||
"The signer's certificate could not be found.")
|
||||
|
||||
ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, (SEC_ERROR_BASE + 117),
|
||||
ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, (SEC_ERROR_BASE + 117),
|
||||
"The location for the certificate status server has invalid format.")
|
||||
|
||||
ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE, (SEC_ERROR_BASE + 118),
|
||||
ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE, (SEC_ERROR_BASE + 118),
|
||||
"The OCSP response cannot be fully decoded; it is of an unknown type.")
|
||||
|
||||
ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 119),
|
||||
ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 119),
|
||||
"The OCSP server returned unexpected/invalid HTTP data.")
|
||||
|
||||
ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST, (SEC_ERROR_BASE + 120),
|
||||
ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST, (SEC_ERROR_BASE + 120),
|
||||
"The OCSP server found the request to be corrupted or improperly formed.")
|
||||
|
||||
ER3(SEC_ERROR_OCSP_SERVER_ERROR, (SEC_ERROR_BASE + 121),
|
||||
ER3(SEC_ERROR_OCSP_SERVER_ERROR, (SEC_ERROR_BASE + 121),
|
||||
"The OCSP server experienced an internal error.")
|
||||
|
||||
ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER, (SEC_ERROR_BASE + 122),
|
||||
ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER, (SEC_ERROR_BASE + 122),
|
||||
"The OCSP server suggests trying again later.")
|
||||
|
||||
ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, (SEC_ERROR_BASE + 123),
|
||||
ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, (SEC_ERROR_BASE + 123),
|
||||
"The OCSP server requires a signature on this request.")
|
||||
|
||||
ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, (SEC_ERROR_BASE + 124),
|
||||
ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, (SEC_ERROR_BASE + 124),
|
||||
"The OCSP server has refused this request as unauthorized.")
|
||||
|
||||
ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, (SEC_ERROR_BASE + 125),
|
||||
ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, (SEC_ERROR_BASE + 125),
|
||||
"The OCSP server returned an unrecognizable status.")
|
||||
|
||||
ER3(SEC_ERROR_OCSP_UNKNOWN_CERT, (SEC_ERROR_BASE + 126),
|
||||
ER3(SEC_ERROR_OCSP_UNKNOWN_CERT, (SEC_ERROR_BASE + 126),
|
||||
"The OCSP server has no status for the certificate.")
|
||||
|
||||
ER3(SEC_ERROR_OCSP_NOT_ENABLED, (SEC_ERROR_BASE + 127),
|
||||
ER3(SEC_ERROR_OCSP_NOT_ENABLED, (SEC_ERROR_BASE + 127),
|
||||
"You must enable OCSP before performing this operation.")
|
||||
|
||||
ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER, (SEC_ERROR_BASE + 128),
|
||||
ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER, (SEC_ERROR_BASE + 128),
|
||||
"You must set the OCSP default responder before performing this operation.")
|
||||
|
||||
ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE, (SEC_ERROR_BASE + 129),
|
||||
ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE, (SEC_ERROR_BASE + 129),
|
||||
"The response from the OCSP server was corrupted or improperly formed.")
|
||||
|
||||
ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE, (SEC_ERROR_BASE + 130),
|
||||
ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE, (SEC_ERROR_BASE + 130),
|
||||
"The signer of the OCSP response is not authorized to give status for \
|
||||
this certificate.")
|
||||
|
||||
ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE, (SEC_ERROR_BASE + 131),
|
||||
ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE, (SEC_ERROR_BASE + 131),
|
||||
"The OCSP response is not yet valid (contains a date in the future).")
|
||||
|
||||
ER3(SEC_ERROR_OCSP_OLD_RESPONSE, (SEC_ERROR_BASE + 132),
|
||||
ER3(SEC_ERROR_OCSP_OLD_RESPONSE, (SEC_ERROR_BASE + 132),
|
||||
"The OCSP response contains out-of-date information.")
|
||||
|
||||
ER3(SEC_ERROR_DIGEST_NOT_FOUND, (SEC_ERROR_BASE + 133),
|
||||
ER3(SEC_ERROR_DIGEST_NOT_FOUND, (SEC_ERROR_BASE + 133),
|
||||
"The CMS or PKCS #7 Digest was not found in signed message.")
|
||||
|
||||
ER3(SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE, (SEC_ERROR_BASE + 134),
|
||||
ER3(SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE, (SEC_ERROR_BASE + 134),
|
||||
"The CMS or PKCS #7 Message type is unsupported.")
|
||||
|
||||
ER3(SEC_ERROR_MODULE_STUCK, (SEC_ERROR_BASE + 135),
|
||||
ER3(SEC_ERROR_MODULE_STUCK, (SEC_ERROR_BASE + 135),
|
||||
"PKCS #11 module could not be removed because it is still in use.")
|
||||
|
||||
ER3(SEC_ERROR_BAD_TEMPLATE, (SEC_ERROR_BASE + 136),
|
||||
ER3(SEC_ERROR_BAD_TEMPLATE, (SEC_ERROR_BASE + 136),
|
||||
"Could not decode ASN.1 data. Specified template was invalid.")
|
||||
|
||||
ER3(SEC_ERROR_CRL_NOT_FOUND, (SEC_ERROR_BASE + 137),
|
||||
ER3(SEC_ERROR_CRL_NOT_FOUND, (SEC_ERROR_BASE + 137),
|
||||
"No matching CRL was found.")
|
||||
|
||||
ER3(SEC_ERROR_REUSED_ISSUER_AND_SERIAL, (SEC_ERROR_BASE + 138),
|
||||
"You are attempting to import a cert with the same issuer/serial as \
|
||||
an existing cert, but that is not the same cert.")
|
||||
|
||||
ER3(SEC_ERROR_BUSY, (SEC_ERROR_BASE + 139),
|
||||
ER3(SEC_ERROR_BUSY, (SEC_ERROR_BASE + 139),
|
||||
"NSS could not shutdown. Objects are still in use.")
|
||||
|
||||
ER3(SEC_ERROR_EXTRA_INPUT, (SEC_ERROR_BASE + 140),
|
||||
ER3(SEC_ERROR_EXTRA_INPUT, (SEC_ERROR_BASE + 140),
|
||||
"DER-encoded message contained extra unused data.")
|
||||
|
||||
ER3(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE, (SEC_ERROR_BASE + 141),
|
||||
ER3(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE, (SEC_ERROR_BASE + 141),
|
||||
"Unsupported elliptic curve.")
|
||||
|
||||
ER3(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM, (SEC_ERROR_BASE + 142),
|
||||
ER3(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM, (SEC_ERROR_BASE + 142),
|
||||
"Unsupported elliptic curve point form.")
|
||||
|
||||
ER3(SEC_ERROR_UNRECOGNIZED_OID, (SEC_ERROR_BASE + 143),
|
||||
ER3(SEC_ERROR_UNRECOGNIZED_OID, (SEC_ERROR_BASE + 143),
|
||||
"Unrecognized Object Identifier.")
|
||||
|
||||
ER3(SEC_ERROR_OCSP_INVALID_SIGNING_CERT, (SEC_ERROR_BASE + 144),
|
||||
ER3(SEC_ERROR_OCSP_INVALID_SIGNING_CERT, (SEC_ERROR_BASE + 144),
|
||||
"Invalid OCSP signing certificate in OCSP response.")
|
||||
|
||||
ER3(SEC_ERROR_REVOKED_CERTIFICATE_CRL, (SEC_ERROR_BASE + 145),
|
||||
|
@ -496,53 +496,53 @@ ER3(SEC_ERROR_CRL_V1_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 148),
|
|||
ER3(SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 149),
|
||||
"Issuer's V2 Certificate Revocation List has an unknown critical extension.")
|
||||
|
||||
ER3(SEC_ERROR_UNKNOWN_OBJECT_TYPE, (SEC_ERROR_BASE + 150),
|
||||
ER3(SEC_ERROR_UNKNOWN_OBJECT_TYPE, (SEC_ERROR_BASE + 150),
|
||||
"Unknown object type specified.")
|
||||
|
||||
ER3(SEC_ERROR_INCOMPATIBLE_PKCS11, (SEC_ERROR_BASE + 151),
|
||||
ER3(SEC_ERROR_INCOMPATIBLE_PKCS11, (SEC_ERROR_BASE + 151),
|
||||
"PKCS #11 driver violates the spec in an incompatible way.")
|
||||
|
||||
ER3(SEC_ERROR_NO_EVENT, (SEC_ERROR_BASE + 152),
|
||||
ER3(SEC_ERROR_NO_EVENT, (SEC_ERROR_BASE + 152),
|
||||
"No new slot event is available at this time.")
|
||||
|
||||
ER3(SEC_ERROR_CRL_ALREADY_EXISTS, (SEC_ERROR_BASE + 153),
|
||||
ER3(SEC_ERROR_CRL_ALREADY_EXISTS, (SEC_ERROR_BASE + 153),
|
||||
"CRL already exists.")
|
||||
|
||||
ER3(SEC_ERROR_NOT_INITIALIZED, (SEC_ERROR_BASE + 154),
|
||||
ER3(SEC_ERROR_NOT_INITIALIZED, (SEC_ERROR_BASE + 154),
|
||||
"NSS is not initialized.")
|
||||
|
||||
ER3(SEC_ERROR_TOKEN_NOT_LOGGED_IN, (SEC_ERROR_BASE + 155),
|
||||
ER3(SEC_ERROR_TOKEN_NOT_LOGGED_IN, (SEC_ERROR_BASE + 155),
|
||||
"The operation failed because the PKCS#11 token is not logged in.")
|
||||
|
||||
ER3(SEC_ERROR_OCSP_RESPONDER_CERT_INVALID, (SEC_ERROR_BASE + 156),
|
||||
ER3(SEC_ERROR_OCSP_RESPONDER_CERT_INVALID, (SEC_ERROR_BASE + 156),
|
||||
"Configured OCSP responder's certificate is invalid.")
|
||||
|
||||
ER3(SEC_ERROR_OCSP_BAD_SIGNATURE, (SEC_ERROR_BASE + 157),
|
||||
ER3(SEC_ERROR_OCSP_BAD_SIGNATURE, (SEC_ERROR_BASE + 157),
|
||||
"OCSP response has an invalid signature.")
|
||||
|
||||
ER3(SEC_ERROR_OUT_OF_SEARCH_LIMITS, (SEC_ERROR_BASE + 158),
|
||||
ER3(SEC_ERROR_OUT_OF_SEARCH_LIMITS, (SEC_ERROR_BASE + 158),
|
||||
"Cert validation search is out of search limits")
|
||||
|
||||
ER3(SEC_ERROR_INVALID_POLICY_MAPPING, (SEC_ERROR_BASE + 159),
|
||||
ER3(SEC_ERROR_INVALID_POLICY_MAPPING, (SEC_ERROR_BASE + 159),
|
||||
"Policy mapping contains anypolicy")
|
||||
|
||||
ER3(SEC_ERROR_POLICY_VALIDATION_FAILED, (SEC_ERROR_BASE + 160),
|
||||
ER3(SEC_ERROR_POLICY_VALIDATION_FAILED, (SEC_ERROR_BASE + 160),
|
||||
"Cert chain fails policy validation")
|
||||
|
||||
ER3(SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE, (SEC_ERROR_BASE + 161),
|
||||
ER3(SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE, (SEC_ERROR_BASE + 161),
|
||||
"Unknown location type in cert AIA extension")
|
||||
|
||||
ER3(SEC_ERROR_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 162),
|
||||
ER3(SEC_ERROR_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 162),
|
||||
"Server returned bad HTTP response")
|
||||
|
||||
ER3(SEC_ERROR_BAD_LDAP_RESPONSE, (SEC_ERROR_BASE + 163),
|
||||
ER3(SEC_ERROR_BAD_LDAP_RESPONSE, (SEC_ERROR_BASE + 163),
|
||||
"Server returned bad LDAP response")
|
||||
|
||||
ER3(SEC_ERROR_FAILED_TO_ENCODE_DATA, (SEC_ERROR_BASE + 164),
|
||||
ER3(SEC_ERROR_FAILED_TO_ENCODE_DATA, (SEC_ERROR_BASE + 164),
|
||||
"Failed to encode data with ASN1 encoder")
|
||||
|
||||
ER3(SEC_ERROR_BAD_INFO_ACCESS_LOCATION, (SEC_ERROR_BASE + 165),
|
||||
ER3(SEC_ERROR_BAD_INFO_ACCESS_LOCATION, (SEC_ERROR_BASE + 165),
|
||||
"Bad information access location in cert extension")
|
||||
|
||||
ER3(SEC_ERROR_LIBPKIX_INTERNAL, (SEC_ERROR_BASE + 166),
|
||||
ER3(SEC_ERROR_LIBPKIX_INTERNAL, (SEC_ERROR_BASE + 166),
|
||||
"Libpkix internal error occured during cert validation.")
|
||||
|
|
400
certext.c
400
certext.c
|
@ -104,8 +104,8 @@ CERT_EncodeSubjectKeyID(PRArenaPool *arena, const SECItem* srcString,
|
|||
return SECFailure;
|
||||
}
|
||||
if (SEC_ASN1EncodeItem (arena, encodedValue, srcString,
|
||||
CERTSubjectKeyIDTemplate) == NULL) {
|
||||
rv = SECFailure;
|
||||
CERTSubjectKeyIDTemplate) == NULL) {
|
||||
rv = SECFailure;
|
||||
}
|
||||
|
||||
return(rv);
|
||||
|
@ -141,82 +141,82 @@ SEC_StringToOID(PLArenaPool *pool, SECItem *to, const char *from, PRUint32 len)
|
|||
static const char OIDstring[] = {"OID."};
|
||||
|
||||
if (!from || !to) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
}
|
||||
if (!len) {
|
||||
len = PL_strlen(from);
|
||||
len = PL_strlen(from);
|
||||
}
|
||||
if (len >= 4 && !PL_strncasecmp(from, OIDstring, 4)) {
|
||||
from += 4; /* skip leading "OID." if present */
|
||||
len -= 4;
|
||||
from += 4; /* skip leading "OID." if present */
|
||||
len -= 4;
|
||||
}
|
||||
if (!len) {
|
||||
bad_data:
|
||||
PORT_SetError(SEC_ERROR_BAD_DATA);
|
||||
return SECFailure;
|
||||
PORT_SetError(SEC_ERROR_BAD_DATA);
|
||||
return SECFailure;
|
||||
}
|
||||
do {
|
||||
PRUint32 decimal = 0;
|
||||
while (len > 0 && isdigit(*from)) {
|
||||
PRUint32 addend = (*from++ - '0');
|
||||
--len;
|
||||
if (decimal > max_decimal) /* overflow */
|
||||
goto bad_data;
|
||||
decimal = (decimal * 10) + addend;
|
||||
if (decimal < addend) /* overflow */
|
||||
goto bad_data;
|
||||
}
|
||||
if (len != 0 && *from != '.') {
|
||||
goto bad_data;
|
||||
}
|
||||
if (decimal_numbers == 0) {
|
||||
if (decimal > 2)
|
||||
goto bad_data;
|
||||
result[0] = decimal * 40;
|
||||
result_bytes = 1;
|
||||
} else if (decimal_numbers == 1) {
|
||||
if (decimal > 40)
|
||||
goto bad_data;
|
||||
result[0] += decimal;
|
||||
} else {
|
||||
/* encode the decimal number, */
|
||||
PRUint8 * rp;
|
||||
PRUint32 num_bytes = 0;
|
||||
PRUint32 tmp = decimal;
|
||||
while (tmp) {
|
||||
num_bytes++;
|
||||
tmp >>= 7;
|
||||
}
|
||||
if (!num_bytes )
|
||||
++num_bytes; /* use one byte for a zero value */
|
||||
if (num_bytes + result_bytes > sizeof result)
|
||||
goto bad_data;
|
||||
tmp = num_bytes;
|
||||
rp = result + result_bytes - 1;
|
||||
rp[tmp] = (PRUint8)(decimal & 0x7f);
|
||||
decimal >>= 7;
|
||||
while (--tmp > 0) {
|
||||
rp[tmp] = (PRUint8)(decimal | 0x80);
|
||||
decimal >>= 7;
|
||||
}
|
||||
result_bytes += num_bytes;
|
||||
}
|
||||
++decimal_numbers;
|
||||
if (len > 0) { /* skip trailing '.' */
|
||||
++from;
|
||||
--len;
|
||||
}
|
||||
} while (len > 0);
|
||||
do {
|
||||
PRUint32 decimal = 0;
|
||||
while (len > 0 && isdigit(*from)) {
|
||||
PRUint32 addend = (*from++ - '0');
|
||||
--len;
|
||||
if (decimal > max_decimal) /* overflow */
|
||||
goto bad_data;
|
||||
decimal = (decimal * 10) + addend;
|
||||
if (decimal < addend) /* overflow */
|
||||
goto bad_data;
|
||||
}
|
||||
if (len != 0 && *from != '.') {
|
||||
goto bad_data;
|
||||
}
|
||||
if (decimal_numbers == 0) {
|
||||
if (decimal > 2)
|
||||
goto bad_data;
|
||||
result[0] = decimal * 40;
|
||||
result_bytes = 1;
|
||||
} else if (decimal_numbers == 1) {
|
||||
if (decimal > 40)
|
||||
goto bad_data;
|
||||
result[0] += decimal;
|
||||
} else {
|
||||
/* encode the decimal number, */
|
||||
PRUint8 * rp;
|
||||
PRUint32 num_bytes = 0;
|
||||
PRUint32 tmp = decimal;
|
||||
while (tmp) {
|
||||
num_bytes++;
|
||||
tmp >>= 7;
|
||||
}
|
||||
if (!num_bytes )
|
||||
++num_bytes; /* use one byte for a zero value */
|
||||
if (num_bytes + result_bytes > sizeof result)
|
||||
goto bad_data;
|
||||
tmp = num_bytes;
|
||||
rp = result + result_bytes - 1;
|
||||
rp[tmp] = (PRUint8)(decimal & 0x7f);
|
||||
decimal >>= 7;
|
||||
while (--tmp > 0) {
|
||||
rp[tmp] = (PRUint8)(decimal | 0x80);
|
||||
decimal >>= 7;
|
||||
}
|
||||
result_bytes += num_bytes;
|
||||
}
|
||||
++decimal_numbers;
|
||||
if (len > 0) { /* skip trailing '.' */
|
||||
++from;
|
||||
--len;
|
||||
}
|
||||
} while (len > 0);
|
||||
/* now result contains result_bytes of data */
|
||||
if (to->data && to->len >= result_bytes) {
|
||||
PORT_Memcpy(to->data, result, to->len = result_bytes);
|
||||
rv = SECSuccess;
|
||||
PORT_Memcpy(to->data, result, to->len = result_bytes);
|
||||
rv = SECSuccess;
|
||||
} else {
|
||||
SECItem result_item = {siBuffer, NULL, 0 };
|
||||
result_item.data = result;
|
||||
result_item.len = result_bytes;
|
||||
rv = SECITEM_CopyItem(pool, to, &result_item);
|
||||
SECItem result_item = {siBuffer, NULL, 0 };
|
||||
result_item.data = result;
|
||||
result_item.len = result_bytes;
|
||||
rv = SECITEM_CopyItem(pool, to, &result_item);
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
|
@ -283,15 +283,15 @@ GetGeneralName (PRArenaPool *arena)
|
|||
mark = PORT_ArenaMark (arena);
|
||||
do {
|
||||
if (PrintChoicesAndGetAnswer(
|
||||
"\nSelect one of the following general name type: \n"
|
||||
"\t2 - rfc822Name\n"
|
||||
"\t3 - dnsName\n"
|
||||
"\t5 - directoryName\n"
|
||||
"\t7 - uniformResourceidentifier\n"
|
||||
"\t8 - ipAddress\n"
|
||||
"\t9 - registerID\n"
|
||||
"\tAny other number to finish\n"
|
||||
"\t\tChoice:", buffer, sizeof(buffer)) == SECFailure) {
|
||||
"\nSelect one of the following general name type: \n"
|
||||
"\t2 - rfc822Name\n"
|
||||
"\t3 - dnsName\n"
|
||||
"\t5 - directoryName\n"
|
||||
"\t7 - uniformResourceidentifier\n"
|
||||
"\t8 - ipAddress\n"
|
||||
"\t9 - registerID\n"
|
||||
"\tAny other number to finish\n"
|
||||
"\t\tChoice:", buffer, sizeof(buffer)) == SECFailure) {
|
||||
GEN_BREAK (SECFailure);
|
||||
}
|
||||
intValue = PORT_Atoi (buffer);
|
||||
|
@ -306,23 +306,23 @@ GetGeneralName (PRArenaPool *arena)
|
|||
case certURI:
|
||||
case certIPAddress:
|
||||
case certRegisterID:
|
||||
break;
|
||||
break;
|
||||
default:
|
||||
intValue = 0; /* force a break for anything else */
|
||||
intValue = 0; /* force a break for anything else */
|
||||
}
|
||||
|
||||
if (intValue == 0)
|
||||
break;
|
||||
|
||||
if (namesList == NULL) {
|
||||
namesList = current = tail =
|
||||
PORT_ArenaZNew(arena, CERTGeneralName);
|
||||
} else {
|
||||
current = PORT_ArenaZNew(arena, CERTGeneralName);
|
||||
}
|
||||
if (current == NULL) {
|
||||
GEN_BREAK (SECFailure);
|
||||
}
|
||||
break;
|
||||
|
||||
if (namesList == NULL) {
|
||||
namesList = current = tail =
|
||||
PORT_ArenaZNew(arena, CERTGeneralName);
|
||||
} else {
|
||||
current = PORT_ArenaZNew(arena, CERTGeneralName);
|
||||
}
|
||||
if (current == NULL) {
|
||||
GEN_BREAK (SECFailure);
|
||||
}
|
||||
|
||||
current->type = intValue;
|
||||
puts ("\nEnter data:");
|
||||
|
@ -368,22 +368,22 @@ GetGeneralName (PRArenaPool *arena)
|
|||
}
|
||||
|
||||
case certDirectoryName:
|
||||
{
|
||||
CERTName *directoryName = NULL;
|
||||
|
||||
directoryName = CERT_AsciiToName (buffer);
|
||||
if (!directoryName) {
|
||||
fprintf(stderr, "certutil: improperly formatted name: "
|
||||
"\"%s\"\n", buffer);
|
||||
break;
|
||||
}
|
||||
|
||||
rv = CERT_CopyName (arena, ¤t->name.directoryName,
|
||||
directoryName);
|
||||
CERT_DestroyName (directoryName);
|
||||
|
||||
break;
|
||||
}
|
||||
{
|
||||
CERTName *directoryName = NULL;
|
||||
|
||||
directoryName = CERT_AsciiToName (buffer);
|
||||
if (!directoryName) {
|
||||
fprintf(stderr, "certutil: improperly formatted name: "
|
||||
"\"%s\"\n", buffer);
|
||||
break;
|
||||
}
|
||||
|
||||
rv = CERT_CopyName (arena, ¤t->name.directoryName,
|
||||
directoryName);
|
||||
CERT_DestroyName (directoryName);
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (rv != SECSuccess)
|
||||
break;
|
||||
|
@ -447,7 +447,7 @@ AddKeyUsage (void *extHandle)
|
|||
PRBool yesNoAns;
|
||||
|
||||
while (1) {
|
||||
if (PrintChoicesAndGetAnswer(
|
||||
if (PrintChoicesAndGetAnswer(
|
||||
"\t\t0 - Digital Signature\n"
|
||||
"\t\t1 - Non-repudiation\n"
|
||||
"\t\t2 - Key encipherment\n"
|
||||
|
@ -829,8 +829,8 @@ AddBasicConstraint(void *extHandle)
|
|||
yesNoAns = GetYesNo ("Is this a critical extension [y/N]?");
|
||||
|
||||
rv = SECU_EncodeAndAddExtensionValue(NULL, extHandle,
|
||||
&basicConstraint, yesNoAns, SEC_OID_X509_BASIC_CONSTRAINTS,
|
||||
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeBasicConstraintValue);
|
||||
&basicConstraint, yesNoAns, SEC_OID_X509_BASIC_CONSTRAINTS,
|
||||
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeBasicConstraintValue);
|
||||
} while (0);
|
||||
|
||||
return (rv);
|
||||
|
@ -878,8 +878,8 @@ AddAuthKeyID (void *extHandle)
|
|||
yesNoAns = GetYesNo ("Is this a critical extension [y/N]?");
|
||||
|
||||
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle,
|
||||
authKeyID, yesNoAns, SEC_OID_X509_AUTH_KEY_ID,
|
||||
(EXTEN_EXT_VALUE_ENCODER) CERT_EncodeAuthKeyID);
|
||||
authKeyID, yesNoAns, SEC_OID_X509_AUTH_KEY_ID,
|
||||
(EXTEN_EXT_VALUE_ENCODER) CERT_EncodeAuthKeyID);
|
||||
if (rv)
|
||||
break;
|
||||
|
||||
|
@ -915,8 +915,8 @@ AddSubjKeyID (void *extHandle)
|
|||
yesNoAns = GetYesNo ("Is this a critical extension [y/N]?");
|
||||
|
||||
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle,
|
||||
&keyID, yesNoAns, SEC_OID_X509_SUBJECT_KEY_ID,
|
||||
(EXTEN_EXT_VALUE_ENCODER) CERT_EncodeSubjectKeyID);
|
||||
&keyID, yesNoAns, SEC_OID_X509_SUBJECT_KEY_ID,
|
||||
(EXTEN_EXT_VALUE_ENCODER) CERT_EncodeSubjectKeyID);
|
||||
if (rv)
|
||||
break;
|
||||
|
||||
|
@ -954,8 +954,8 @@ AddCrlDistPoint(void *extHandle)
|
|||
"\t1 - Full Name\n\t2 - Relative Name\n\tAny other "
|
||||
"number to finish\n\t\tChoice: ",
|
||||
buffer, sizeof(buffer)) == SECFailure) {
|
||||
GEN_BREAK (SECFailure);
|
||||
}
|
||||
GEN_BREAK (SECFailure);
|
||||
}
|
||||
intValue = PORT_Atoi (buffer);
|
||||
switch (intValue) {
|
||||
case generalName:
|
||||
|
@ -1043,8 +1043,8 @@ AddCrlDistPoint(void *extHandle)
|
|||
/* Add null to the end to mark end of data */
|
||||
crlDistPoints->distPoints =
|
||||
PORT_ArenaGrow(arena, crlDistPoints->distPoints,
|
||||
sizeof (*crlDistPoints->distPoints) * count,
|
||||
sizeof (*crlDistPoints->distPoints) *(count + 1));
|
||||
sizeof (*crlDistPoints->distPoints) * count,
|
||||
sizeof (*crlDistPoints->distPoints) *(count + 1));
|
||||
crlDistPoints->distPoints[count] = NULL;
|
||||
break;
|
||||
}
|
||||
|
@ -1056,8 +1056,8 @@ AddCrlDistPoint(void *extHandle)
|
|||
PRBool yesNoAns = GetYesNo ("Is this a critical extension [y/N]?");
|
||||
|
||||
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle,
|
||||
crlDistPoints, yesNoAns, SEC_OID_X509_CRL_DIST_POINTS,
|
||||
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCRLDistributionPoints);
|
||||
crlDistPoints, yesNoAns, SEC_OID_X509_CRL_DIST_POINTS,
|
||||
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCRLDistributionPoints);
|
||||
}
|
||||
if (arena)
|
||||
PORT_FreeArena (arena, PR_FALSE);
|
||||
|
@ -1098,7 +1098,7 @@ AddPolicyConstraints(void *extHandle)
|
|||
|
||||
if (PORT_Strlen(buffer)) {
|
||||
value = PORT_Atoi(buffer);
|
||||
if (value < 0) {
|
||||
if (value < 0) {
|
||||
goto loser;
|
||||
}
|
||||
item = &policyConstr->explicitPolicySkipCerts;
|
||||
|
@ -1111,14 +1111,14 @@ AddPolicyConstraints(void *extHandle)
|
|||
|
||||
if (PrintChoicesAndGetAnswer("for inihibitPolicyMapping enter "
|
||||
"the number of certs in path\n"
|
||||
"after which policy mapping is not allowed\n"
|
||||
"after which policy mapping is not allowed\n"
|
||||
"(press Enter to omit)", buffer, sizeof(buffer)) == SECFailure) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
if (PORT_Strlen(buffer)) {
|
||||
value = PORT_Atoi(buffer);
|
||||
if (value < 0) {
|
||||
if (value < 0) {
|
||||
goto loser;
|
||||
}
|
||||
item = &policyConstr->inhibitMappingSkipCerts;
|
||||
|
@ -1134,12 +1134,12 @@ AddPolicyConstraints(void *extHandle)
|
|||
yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
|
||||
|
||||
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, policyConstr,
|
||||
yesNoAns, SEC_OID_X509_POLICY_CONSTRAINTS,
|
||||
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyConstraintsExtension);
|
||||
yesNoAns, SEC_OID_X509_POLICY_CONSTRAINTS,
|
||||
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyConstraintsExtension);
|
||||
} else {
|
||||
fprintf(stdout, "Policy Constraint extensions must contain "
|
||||
fprintf(stdout, "Policy Constraint extensions must contain "
|
||||
"at least one policy field\n");
|
||||
rv = SECFailure;
|
||||
rv = SECFailure;
|
||||
}
|
||||
|
||||
loser:
|
||||
|
@ -1188,8 +1188,8 @@ AddInhibitAnyPolicy(void *extHandle)
|
|||
yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
|
||||
|
||||
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &certInhibitAny,
|
||||
yesNoAns, SEC_OID_X509_INHIBIT_ANY_POLICY,
|
||||
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInhibitAnyExtension);
|
||||
yesNoAns, SEC_OID_X509_INHIBIT_ANY_POLICY,
|
||||
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInhibitAnyExtension);
|
||||
loser:
|
||||
if (arena) {
|
||||
PORT_FreeArena (arena, PR_FALSE);
|
||||
|
@ -1280,8 +1280,8 @@ AddPolicyMappings(void *extHandle)
|
|||
mappings.arena = arena;
|
||||
mappings.policyMaps = policyMapArr;
|
||||
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &mappings,
|
||||
yesNoAns, SEC_OID_X509_POLICY_MAPPINGS,
|
||||
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyMappingExtension);
|
||||
yesNoAns, SEC_OID_X509_POLICY_MAPPINGS,
|
||||
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyMappingExtension);
|
||||
}
|
||||
if (arena)
|
||||
PORT_FreeArena (arena, PR_FALSE);
|
||||
|
@ -1332,16 +1332,16 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID)
|
|||
|
||||
oid = SECOID_FindOIDByTag(SEC_OID_PKIX_CPS_POINTER_QUALIFIER);
|
||||
if (PrintChoicesAndGetAnswer("Enter CPS pointer URI: ",
|
||||
buffer, sizeof(buffer)) == SECFailure) {
|
||||
buffer, sizeof(buffer)) == SECFailure) {
|
||||
GEN_BREAK (SECFailure);
|
||||
}
|
||||
input.len = PORT_Strlen(buffer);
|
||||
input.data = (void*)PORT_ArenaStrdup(arena, buffer);
|
||||
if (input.data == NULL ||
|
||||
SEC_ASN1EncodeItem(arena, ¤t->qualifierValue, &input,
|
||||
SEC_ASN1_GET(SEC_IA5StringTemplate)) == NULL) {
|
||||
SEC_ASN1EncodeItem(arena, ¤t->qualifierValue, &input,
|
||||
SEC_ASN1_GET(SEC_IA5StringTemplate)) == NULL) {
|
||||
GEN_BREAK (SECFailure);
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
case userNotice: {
|
||||
|
@ -1356,7 +1356,7 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID)
|
|||
if (GetYesNo("\t add a User Notice reference? [y/N]")) {
|
||||
|
||||
if (PrintChoicesAndGetAnswer("Enter user organization string: ",
|
||||
buffer, sizeof(buffer)) == SECFailure) {
|
||||
buffer, sizeof(buffer)) == SECFailure) {
|
||||
GEN_BREAK (SECFailure);
|
||||
}
|
||||
|
||||
|
@ -1368,9 +1368,9 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID)
|
|||
|
||||
|
||||
noticeNumArr = PORT_ArenaZNewArray(arena, SECItem *, 2);
|
||||
if (!noticeNumArr) {
|
||||
if (!noticeNumArr) {
|
||||
GEN_BREAK (SECFailure);
|
||||
}
|
||||
}
|
||||
|
||||
do {
|
||||
SECItem *noticeNum;
|
||||
|
@ -1378,34 +1378,34 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID)
|
|||
noticeNum = PORT_ArenaZNew(arena, SECItem);
|
||||
|
||||
if (PrintChoicesAndGetAnswer(
|
||||
"Enter User Notice reference number "
|
||||
"(or -1 to quit): ",
|
||||
"Enter User Notice reference number "
|
||||
"(or -1 to quit): ",
|
||||
buffer, sizeof(buffer)) == SECFailure) {
|
||||
GEN_BREAK (SECFailure);
|
||||
}
|
||||
|
||||
intValue = PORT_Atoi(buffer);
|
||||
if (noticeNum == NULL) {
|
||||
if (intValue < 0) {
|
||||
fprintf(stdout, "a noticeReference must have at "
|
||||
if (noticeNum == NULL) {
|
||||
if (intValue < 0) {
|
||||
fprintf(stdout, "a noticeReference must have at "
|
||||
"least one reference number\n");
|
||||
GEN_BREAK (SECFailure);
|
||||
}
|
||||
} else {
|
||||
if (intValue >= 0) {
|
||||
}
|
||||
} else {
|
||||
if (intValue >= 0) {
|
||||
noticeNumArr = PORT_ArenaGrow(arena, noticeNumArr,
|
||||
sizeof (current) * inCount,
|
||||
sizeof (current) *(inCount + 1));
|
||||
sizeof (current) * inCount,
|
||||
sizeof (current) *(inCount + 1));
|
||||
if (noticeNumArr == NULL) {
|
||||
GEN_BREAK (SECFailure);
|
||||
}
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!SEC_ASN1EncodeInteger(arena, noticeNum, intValue)) {
|
||||
GEN_BREAK (SECFailure);
|
||||
}
|
||||
}
|
||||
noticeNumArr[inCount++] = noticeNum;
|
||||
noticeNumArr[inCount] = NULL;
|
||||
|
||||
|
@ -1429,10 +1429,10 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID)
|
|||
notice->displayText.type = siAsciiString;
|
||||
notice->displayText.len = PORT_Strlen(buffer);
|
||||
notice->displayText.data =
|
||||
(void*)PORT_ArenaStrdup(arena, buffer);
|
||||
if (notice->displayText.data == NULL) {
|
||||
GEN_BREAK(SECFailure);
|
||||
}
|
||||
(void*)PORT_ArenaStrdup(arena, buffer);
|
||||
if (notice->displayText.data == NULL) {
|
||||
GEN_BREAK(SECFailure);
|
||||
}
|
||||
}
|
||||
|
||||
rv = CERT_EncodeUserNotice(arena, notice, ¤t->qualifierValue);
|
||||
|
@ -1445,17 +1445,17 @@ RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID)
|
|||
}
|
||||
if (rv == SECFailure || oid == NULL ||
|
||||
SECITEM_CopyItem(arena, ¤t->qualifierID, &oid->oid)
|
||||
== SECFailure) {
|
||||
== SECFailure) {
|
||||
GEN_BREAK (SECFailure);
|
||||
}
|
||||
|
||||
if (!policyQualifArr) {
|
||||
policyQualifArr = PORT_ArenaZNew(arena, CERTPolicyQualifier *);
|
||||
} else {
|
||||
policyQualifArr = PORT_ArenaGrow (arena, policyQualifArr,
|
||||
policyQualifArr = PORT_ArenaGrow (arena, policyQualifArr,
|
||||
sizeof (current) * count,
|
||||
sizeof (current) *(count + 1));
|
||||
}
|
||||
}
|
||||
if (policyQualifArr == NULL) {
|
||||
GEN_BREAK (SECFailure);
|
||||
}
|
||||
|
@ -1508,15 +1508,15 @@ AddCertPolicies(void *extHandle)
|
|||
|
||||
if (PrintChoicesAndGetAnswer("Enter a CertPolicy Object Identifier "
|
||||
"(dotted decimal format)\n"
|
||||
"or \"any\" for AnyPolicy:",
|
||||
"or \"any\" for AnyPolicy:",
|
||||
buffer, sizeof(buffer)) == SECFailure) {
|
||||
GEN_BREAK (SECFailure);
|
||||
}
|
||||
|
||||
if (strncmp(buffer, "any", 3) == 0) {
|
||||
/* use string version of X509_CERTIFICATE_POLICIES.anyPolicy */
|
||||
strcpy(buffer, "OID.2.5.29.32.0");
|
||||
}
|
||||
|
||||
if (strncmp(buffer, "any", 3) == 0) {
|
||||
/* use string version of X509_CERTIFICATE_POLICIES.anyPolicy */
|
||||
strcpy(buffer, "OID.2.5.29.32.0");
|
||||
}
|
||||
rv = SEC_StringToOID(arena, ¤t->policyID, buffer, 0);
|
||||
|
||||
if (rv == SECFailure) {
|
||||
|
@ -1529,10 +1529,10 @@ AddCertPolicies(void *extHandle)
|
|||
if (!certPoliciesArr) {
|
||||
certPoliciesArr = PORT_ArenaZNew(arena, CERTPolicyInfo *);
|
||||
} else {
|
||||
certPoliciesArr = PORT_ArenaGrow(arena, certPoliciesArr,
|
||||
certPoliciesArr = PORT_ArenaGrow(arena, certPoliciesArr,
|
||||
sizeof (current) * count,
|
||||
sizeof (current) *(count + 1));
|
||||
}
|
||||
}
|
||||
if (certPoliciesArr == NULL) {
|
||||
GEN_BREAK (SECFailure);
|
||||
}
|
||||
|
@ -1562,11 +1562,11 @@ AddCertPolicies(void *extHandle)
|
|||
policies.policyInfos = certPoliciesArr;
|
||||
|
||||
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &policies,
|
||||
yesNoAns, SEC_OID_X509_CERTIFICATE_POLICIES,
|
||||
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCertPoliciesExtension);
|
||||
yesNoAns, SEC_OID_X509_CERTIFICATE_POLICIES,
|
||||
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCertPoliciesExtension);
|
||||
}
|
||||
if (arena)
|
||||
PORT_FreeArena(arena, PR_FALSE);
|
||||
PORT_FreeArena(arena, PR_FALSE);
|
||||
return (rv);
|
||||
}
|
||||
|
||||
|
@ -1648,7 +1648,7 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert)
|
|||
}
|
||||
if (oid == NULL ||
|
||||
SECITEM_CopyItem(arena, ¤t->method, &oid->oid)
|
||||
== SECFailure) {
|
||||
== SECFailure) {
|
||||
GEN_BREAK (SECFailure);
|
||||
}
|
||||
|
||||
|
@ -1660,10 +1660,10 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert)
|
|||
if (infoAccArr == NULL) {
|
||||
infoAccArr = PORT_ArenaZNew(arena, CERTAuthInfoAccess *);
|
||||
} else {
|
||||
infoAccArr = PORT_ArenaGrow(arena, infoAccArr,
|
||||
infoAccArr = PORT_ArenaGrow(arena, infoAccArr,
|
||||
sizeof (current) * count,
|
||||
sizeof (current) *(count + 1));
|
||||
}
|
||||
}
|
||||
if (infoAccArr == NULL) {
|
||||
GEN_BREAK (SECFailure);
|
||||
}
|
||||
|
@ -1698,8 +1698,8 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert)
|
|||
oidIdent = SEC_OID_X509_SUBJECT_INFO_ACCESS;
|
||||
}
|
||||
rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, infoAccArr,
|
||||
yesNoAns, oidIdent,
|
||||
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInfoAccessExtension);
|
||||
yesNoAns, oidIdent,
|
||||
(EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInfoAccessExtension);
|
||||
}
|
||||
if (arena)
|
||||
PORT_FreeArena(arena, PR_FALSE);
|
||||
|
@ -1718,18 +1718,18 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
|
|||
if (extList[ext_keyUsage]) {
|
||||
rv = AddKeyUsage(extHandle);
|
||||
if (rv) {
|
||||
errstring = "KeyUsage";
|
||||
errstring = "KeyUsage";
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Add extended key usage extension */
|
||||
if (extList[ext_extKeyUsage]) {
|
||||
rv = AddExtKeyUsage(extHandle);
|
||||
if (rv) {
|
||||
errstring = "ExtendedKeyUsage";
|
||||
errstring = "ExtendedKeyUsage";
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Add basic constraint extension */
|
||||
|
@ -1738,46 +1738,46 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
|
|||
if (rv) {
|
||||
errstring = "BasicConstraint";
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (extList[ext_authorityKeyID]) {
|
||||
rv = AddAuthKeyID(extHandle);
|
||||
if (rv) {
|
||||
errstring = "AuthorityKeyID";
|
||||
errstring = "AuthorityKeyID";
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (extList[ext_subjectKeyID]) {
|
||||
rv = AddSubjKeyID(extHandle);
|
||||
if (rv) {
|
||||
errstring = "SubjectKeyID";
|
||||
errstring = "SubjectKeyID";
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (extList[ext_CRLDistPts]) {
|
||||
rv = AddCrlDistPoint(extHandle);
|
||||
if (rv) {
|
||||
errstring = "CRLDistPoints";
|
||||
errstring = "CRLDistPoints";
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (extList[ext_NSCertType]) {
|
||||
rv = AddNscpCertType(extHandle);
|
||||
if (rv) {
|
||||
errstring = "NSCertType";
|
||||
errstring = "NSCertType";
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (extList[ext_authInfoAcc] || extList[ext_subjInfoAcc]) {
|
||||
rv = AddInfoAccess(extHandle, extList[ext_subjInfoAcc],
|
||||
extList[ext_basicConstraint]);
|
||||
extList[ext_basicConstraint]);
|
||||
if (rv) {
|
||||
errstring = "InformationAccess";
|
||||
errstring = "InformationAccess";
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -1785,7 +1785,7 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
|
|||
if (extList[ext_certPolicies]) {
|
||||
rv = AddCertPolicies(extHandle);
|
||||
if (rv) {
|
||||
errstring = "Policies";
|
||||
errstring = "Policies";
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -1793,7 +1793,7 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
|
|||
if (extList[ext_policyMappings]) {
|
||||
rv = AddPolicyMappings(extHandle);
|
||||
if (rv) {
|
||||
errstring = "PolicyMappings";
|
||||
errstring = "PolicyMappings";
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -1801,17 +1801,17 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
|
|||
if (extList[ext_policyConstr]) {
|
||||
rv = AddPolicyConstraints(extHandle);
|
||||
if (rv) {
|
||||
errstring = "PolicyConstraints";
|
||||
errstring = "PolicyConstraints";
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (extList[ext_inhibitAnyPolicy]) {
|
||||
rv = AddInhibitAnyPolicy(extHandle);
|
||||
if (rv) {
|
||||
errstring = "InhibitAnyPolicy";
|
||||
errstring = "InhibitAnyPolicy";
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (emailAddrs || dnsNames) {
|
||||
|
@ -1830,18 +1830,18 @@ AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
|
|||
rv |= AddDNSSubjectAlt(arena, &namelist, dnsNames);
|
||||
|
||||
if (rv == SECSuccess) {
|
||||
rv = CERT_EncodeAltNameExtension(arena, namelist, &item);
|
||||
if (rv == SECSuccess) {
|
||||
rv = CERT_EncodeAltNameExtension(arena, namelist, &item);
|
||||
if (rv == SECSuccess) {
|
||||
rv = CERT_AddExtension(extHandle,
|
||||
SEC_OID_X509_SUBJECT_ALT_NAME,
|
||||
&item, PR_FALSE, PR_TRUE);
|
||||
}
|
||||
}
|
||||
}
|
||||
PORT_FreeArena(arena, PR_FALSE);
|
||||
if (rv) {
|
||||
PORT_FreeArena(arena, PR_FALSE);
|
||||
if (rv) {
|
||||
errstring = "SubjectAltName";
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
} while (0);
|
||||
|
||||
|
|
44
certwatch.c
44
certwatch.c
|
@ -111,15 +111,15 @@ static char *warn_address = "root";
|
|||
* Semantics are similar to asctime.
|
||||
*/
|
||||
char * AsciiTime(PRTime time)
|
||||
{
|
||||
PRExplodedTime printable;
|
||||
char *timebuf;
|
||||
|
||||
PR_ExplodeTime(time, PR_GMTParameters, &printable);
|
||||
timebuf = PORT_Alloc(TIME_BUF_SIZE);
|
||||
(void) PR_FormatTime(timebuf, TIME_BUF_SIZE, "%a %b %d %H:%M:%S %Y", &printable);
|
||||
if (strlen(timebuf) < TIME_BUF_SIZE) timebuf[strlen(timebuf)] = '\0';
|
||||
return (timebuf);
|
||||
{
|
||||
PRExplodedTime printable;
|
||||
char *timebuf;
|
||||
|
||||
PR_ExplodeTime(time, PR_GMTParameters, &printable);
|
||||
timebuf = PORT_Alloc(TIME_BUF_SIZE);
|
||||
(void) PR_FormatTime(timebuf, TIME_BUF_SIZE, "%a %b %d %H:%M:%S %Y", &printable);
|
||||
if (strlen(timebuf) < TIME_BUF_SIZE) timebuf[strlen(timebuf)] = '\0';
|
||||
return (timebuf);
|
||||
}
|
||||
|
||||
/* Uses the password passed in the -f(pwfile) argument of the command line.
|
||||
|
@ -173,19 +173,19 @@ static int warning(FILE *out, const char *filename, const char *hostname,
|
|||
/* Note that filename can be the cert nickname. */
|
||||
int renew = 1;
|
||||
char subj[50];
|
||||
PRTime prtimeDiff;
|
||||
|
||||
LL_SUB(prtimeDiff, end, start);
|
||||
PRTime prtimeDiff;
|
||||
|
||||
LL_SUB(prtimeDiff, end, start);
|
||||
|
||||
if ( LL_CMP(start, >, now) ) {
|
||||
strcpy(subj, "is not yet valid");
|
||||
renew = 0;
|
||||
} else if (LL_EQ(now, end)) {
|
||||
strcpy(subj, "will expire today");
|
||||
strcpy(subj, "will expire today");
|
||||
} else if (LL_EQ(prtimeDiff, 1)) {
|
||||
sprintf(subj, "will expire tomorrow");
|
||||
sprintf(subj, "will expire tomorrow");
|
||||
} else if (LL_CMP(prtimeDiff, <, warn_period)) {
|
||||
sprintf(subj, "will expire on %s", AsciiTime(end));
|
||||
sprintf(subj, "will expire on %s", AsciiTime(end));
|
||||
{
|
||||
int days; /* days till expiry */
|
||||
LL_L2I(days, prtimeDiff);
|
||||
|
@ -276,8 +276,8 @@ static int check_cert(const char *name, int byNickname, int quiet)
|
|||
|
||||
/* parse the cert */
|
||||
cert = byNickname
|
||||
? CERT_FindCertByNickname(CERT_GetDefaultCertDB(), (char *)name)
|
||||
: PEMUTIL_PEM_read_X509(name);
|
||||
? CERT_FindCertByNickname(CERT_GetDefaultCertDB(), (char *)name)
|
||||
: PEMUTIL_PEM_read_X509(name);
|
||||
if (cert == NULL) return -1;
|
||||
|
||||
/* determine the validity period of the cert. */
|
||||
|
@ -304,7 +304,7 @@ cleanup:
|
|||
if (!doWarning) return -1;
|
||||
|
||||
return warning(stdout, name, cname, validity,
|
||||
notBefore, notAfter, PR_Now(), quiet);
|
||||
notBefore, notAfter, PR_Now(), quiet);
|
||||
}
|
||||
|
||||
int main(int argc, char **argv)
|
||||
|
@ -375,16 +375,16 @@ int main(int argc, char **argv)
|
|||
PK11_SetPasswordFunc(GetModulePassword);
|
||||
}
|
||||
} else {
|
||||
/* cert in a pem file */
|
||||
/* cert in a pem file */
|
||||
char *certDir = getenv("SSL_DIR"); /* Look in $SSL_DIR */
|
||||
if (!certDir) {
|
||||
certDir = "/etc/pki/nssdb";
|
||||
}
|
||||
if (NSS_Initialize(certDir, certDBPrefix, keyDBPrefix,
|
||||
if (NSS_Initialize(certDir, certDBPrefix, keyDBPrefix,
|
||||
SECMOD_DB, NSS_INIT_READONLY) != SECSuccess) {
|
||||
printf("NSS_Init(\"%s\") failed\n", certDir);
|
||||
printf("NSS_Init(\"%s\") failed\n", certDir);
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* When byNickname is 1 argv[optind] is a nickname otherwise a filename. */
|
||||
|
|
|
@ -65,7 +65,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifndef _KEYUTIL_H
|
||||
#define _KEYUTIL_H
|
||||
#define _KEYUTIL_H
|
||||
|
||||
#include "secutil.h"
|
||||
|
||||
|
@ -94,5 +94,5 @@ extern SECStatus
|
|||
AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
|
||||
certutilExtnList extList);
|
||||
|
||||
#endif /* _KEYUTIL_H */
|
||||
#endif /* _KEYUTIL_H */
|
||||
|
||||
|
|
100
pemutil.c
100
pemutil.c
|
@ -85,7 +85,7 @@
|
|||
*/
|
||||
extern CERTCertificate *
|
||||
__CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
|
||||
char *nickname, PRBool isperm, PRBool copyDER);
|
||||
char *nickname, PRBool isperm, PRBool copyDER);
|
||||
|
||||
#define CERT_NewTempCertificate __CERT_NewTempCertificate
|
||||
|
||||
|
@ -109,13 +109,13 @@ static SECStatus FileToItem(SECItem *dst, PRFileDesc *src)
|
|||
prStatus = PR_GetOpenFileInfo(src, &info);
|
||||
|
||||
if (prStatus != PR_SUCCESS) {
|
||||
return SECFailure;
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/* XXX workaround for 3.1, not all utils zero dst before sending */
|
||||
dst->data = 0;
|
||||
if (!SECITEM_AllocItem(NULL, dst, info.size))
|
||||
goto loser;
|
||||
goto loser;
|
||||
|
||||
numBytes = PR_Read(src, dst->data, info.size);
|
||||
if (numBytes != info.size)
|
||||
|
@ -135,52 +135,52 @@ static SECStatus ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii)
|
|||
{
|
||||
SECStatus rv;
|
||||
if (ascii) {
|
||||
/* First convert ascii to binary */
|
||||
SECItem filedata;
|
||||
char *asc, *body;
|
||||
|
||||
/* Read in ascii data */
|
||||
rv = FileToItem(&filedata, inFile);
|
||||
asc = (char *)filedata.data;
|
||||
if (!asc) {
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/* check for headers and trailers and remove them */
|
||||
if ((body = strstr(asc, "-----BEGIN")) != NULL) {
|
||||
char *trailer = NULL;
|
||||
asc = body;
|
||||
body = PORT_Strchr(body, '\n');
|
||||
if (!body)
|
||||
body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */
|
||||
if (body)
|
||||
trailer = strstr(++body, "-----END");
|
||||
if (trailer != NULL) {
|
||||
*trailer = '\0';
|
||||
} else {
|
||||
/*printf("input has header but no trailer\n");*/
|
||||
PORT_Free(filedata.data);
|
||||
return SECFailure;
|
||||
}
|
||||
} else {
|
||||
body = asc;
|
||||
}
|
||||
|
||||
/* Convert to binary */
|
||||
rv = ATOB_ConvertAsciiToItem(der, body);
|
||||
if (rv) {
|
||||
/* printf("ATOB_ConvertAsciiToItem failed\n");*/
|
||||
PORT_Free(filedata.data);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
PORT_Free(filedata.data);
|
||||
/* First convert ascii to binary */
|
||||
SECItem filedata;
|
||||
char *asc, *body;
|
||||
|
||||
/* Read in ascii data */
|
||||
rv = FileToItem(&filedata, inFile);
|
||||
asc = (char *)filedata.data;
|
||||
if (!asc) {
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/* check for headers and trailers and remove them */
|
||||
if ((body = strstr(asc, "-----BEGIN")) != NULL) {
|
||||
char *trailer = NULL;
|
||||
asc = body;
|
||||
body = PORT_Strchr(body, '\n');
|
||||
if (!body)
|
||||
body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */
|
||||
if (body)
|
||||
trailer = strstr(++body, "-----END");
|
||||
if (trailer != NULL) {
|
||||
*trailer = '\0';
|
||||
} else {
|
||||
/*printf("input has header but no trailer\n");*/
|
||||
PORT_Free(filedata.data);
|
||||
return SECFailure;
|
||||
}
|
||||
} else {
|
||||
body = asc;
|
||||
}
|
||||
|
||||
/* Convert to binary */
|
||||
rv = ATOB_ConvertAsciiToItem(der, body);
|
||||
if (rv) {
|
||||
/* printf("ATOB_ConvertAsciiToItem failed\n");*/
|
||||
PORT_Free(filedata.data);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
PORT_Free(filedata.data);
|
||||
} else {
|
||||
/* Read in binary der */
|
||||
rv = FileToItem(der, inFile);
|
||||
if (rv) {
|
||||
return SECFailure;
|
||||
}
|
||||
/* Read in binary der */
|
||||
rv = FileToItem(der, inFile);
|
||||
if (rv) {
|
||||
return SECFailure;
|
||||
}
|
||||
}
|
||||
return SECSuccess;
|
||||
}
|
||||
|
@ -202,11 +202,11 @@ PEMUTIL_PEM_read_X509(const char *filename)
|
|||
|
||||
/* Read in a DER from a file, it is ascii */
|
||||
if (SECSuccess != ReadDERFromFile(&derCert, fd, PR_TRUE))
|
||||
goto cleanup;
|
||||
goto cleanup;
|
||||
|
||||
/* create a temporary cert in the database */
|
||||
cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
|
||||
&derCert, NULL, PR_FALSE, PR_FALSE);
|
||||
&derCert, NULL, PR_FALSE, PR_FALSE);
|
||||
/* noNickname, notPerm, noCopy */
|
||||
cleanup:
|
||||
if (fd) PR_Close(fd);
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
#include <nspr.h>
|
||||
|
||||
struct tuple_str {
|
||||
PRErrorCode errNum;
|
||||
PRErrorCode errNum;
|
||||
const char * errString;
|
||||
};
|
||||
|
||||
|
@ -89,12 +89,12 @@ SECU_Strerror(PRErrorCode errNum) {
|
|||
}
|
||||
lastNum = num;
|
||||
}
|
||||
initDone = 1;
|
||||
initDone = 1;
|
||||
}
|
||||
|
||||
/* Do binary search of table. */
|
||||
while (low + 1 < high) {
|
||||
i = (low + high) / 2;
|
||||
i = (low + high) / 2;
|
||||
num = errStrings[i].errNum;
|
||||
if (errNum == num)
|
||||
return errStrings[i].errString;
|
||||
|
|
282
secutil.c
282
secutil.c
|
@ -123,26 +123,26 @@ SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...)
|
|||
fprintf(out, "%s: ", progName);
|
||||
vfprintf(out, msg, args);
|
||||
if (errString != NULL && PORT_Strlen(errString) > 0)
|
||||
fprintf(out, ": %s\n", errString);
|
||||
fprintf(out, ": %s\n", errString);
|
||||
else
|
||||
fprintf(out, ": error %d\n", (int)err);
|
||||
fprintf(out, ": error %d\n", (int)err);
|
||||
|
||||
va_end(args);
|
||||
}
|
||||
|
||||
void SECU_PrintError(char *progName, char *msg, ...)
|
||||
{
|
||||
SECU_PrintErrMsg(stderr, 0, progName, msg);
|
||||
SECU_PrintErrMsg(stderr, 0, progName, msg);
|
||||
}
|
||||
|
||||
#define INDENT_MULT 4
|
||||
#define INDENT_MULT 4
|
||||
void
|
||||
SECU_Indent(FILE *out, int level)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < level; i++) {
|
||||
fprintf(out, " ");
|
||||
fprintf(out, " ");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -162,25 +162,25 @@ SECU_PrintAsHex(FILE *out, SECItem *data, const char *m, int level)
|
|||
unsigned int limit = 15;
|
||||
|
||||
if ( m ) {
|
||||
SECU_Indent(out, level); fprintf(out, "%s:\n", m);
|
||||
level++;
|
||||
SECU_Indent(out, level); fprintf(out, "%s:\n", m);
|
||||
level++;
|
||||
}
|
||||
|
||||
SECU_Indent(out, level); column = level*INDENT_MULT;
|
||||
if (!data->len) {
|
||||
fprintf(out, "(empty)\n");
|
||||
return;
|
||||
fprintf(out, "(empty)\n");
|
||||
return;
|
||||
}
|
||||
/* take a pass to see if it's all printable. */
|
||||
for (i = 0; i < data->len; i++) {
|
||||
unsigned char val = data->data[i];
|
||||
unsigned char val = data->data[i];
|
||||
if (!val || !isprint(val)) {
|
||||
isString = PR_FALSE;
|
||||
break;
|
||||
}
|
||||
if (isWhiteSpace && !isspace(val)) {
|
||||
isWhiteSpace = PR_FALSE;
|
||||
}
|
||||
isString = PR_FALSE;
|
||||
break;
|
||||
}
|
||||
if (isWhiteSpace && !isspace(val)) {
|
||||
isWhiteSpace = PR_FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
/* Short values, such as bit strings (which are printed with this
|
||||
|
@ -191,46 +191,46 @@ SECU_PrintAsHex(FILE *out, SECItem *data, const char *m, int level)
|
|||
*/
|
||||
if (!isString || data->len <= 4) {
|
||||
for (i = 0; i < data->len; i++) {
|
||||
if (i != data->len - 1) {
|
||||
fprintf(out, "%02x:", data->data[i]);
|
||||
column += 3;
|
||||
} else {
|
||||
fprintf(out, "%02x", data->data[i]);
|
||||
column += 2;
|
||||
break;
|
||||
}
|
||||
if (column > 76 || (i % 16 == limit)) {
|
||||
secu_Newline(out);
|
||||
SECU_Indent(out, level);
|
||||
column = level*INDENT_MULT;
|
||||
limit = i % 16;
|
||||
}
|
||||
if (i != data->len - 1) {
|
||||
fprintf(out, "%02x:", data->data[i]);
|
||||
column += 3;
|
||||
} else {
|
||||
fprintf(out, "%02x", data->data[i]);
|
||||
column += 2;
|
||||
break;
|
||||
}
|
||||
if (column > 76 || (i % 16 == limit)) {
|
||||
secu_Newline(out);
|
||||
SECU_Indent(out, level);
|
||||
column = level*INDENT_MULT;
|
||||
limit = i % 16;
|
||||
}
|
||||
}
|
||||
printedHex = PR_TRUE;
|
||||
}
|
||||
if (isString && !isWhiteSpace) {
|
||||
if (printedHex != PR_FALSE) {
|
||||
secu_Newline(out);
|
||||
SECU_Indent(out, level); column = level*INDENT_MULT;
|
||||
}
|
||||
for (i = 0; i < data->len; i++) {
|
||||
unsigned char val = data->data[i];
|
||||
|
||||
if (val) {
|
||||
fprintf(out,"%c",val);
|
||||
column++;
|
||||
} else {
|
||||
column = 77;
|
||||
}
|
||||
if (column > 76) {
|
||||
secu_Newline(out);
|
||||
SECU_Indent(out, level); column = level*INDENT_MULT;
|
||||
}
|
||||
}
|
||||
if (printedHex != PR_FALSE) {
|
||||
secu_Newline(out);
|
||||
SECU_Indent(out, level); column = level*INDENT_MULT;
|
||||
}
|
||||
|
||||
for (i = 0; i < data->len; i++) {
|
||||
unsigned char val = data->data[i];
|
||||
|
||||
if (val) {
|
||||
fprintf(out,"%c",val);
|
||||
column++;
|
||||
} else {
|
||||
column = 77;
|
||||
}
|
||||
if (column > 76) {
|
||||
secu_Newline(out);
|
||||
SECU_Indent(out, level); column = level*INDENT_MULT;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (column != level*INDENT_MULT) {
|
||||
secu_Newline(out);
|
||||
secu_Newline(out);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -243,21 +243,21 @@ SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level)
|
|||
|
||||
oiddata = SECOID_FindOID(oid);
|
||||
if (oiddata != NULL) {
|
||||
const char *name = oiddata->desc;
|
||||
SECU_Indent(out, level);
|
||||
if (m != NULL)
|
||||
fprintf(out, "%s: ", m);
|
||||
fprintf(out, "%s\n", name);
|
||||
return oiddata->offset;
|
||||
const char *name = oiddata->desc;
|
||||
SECU_Indent(out, level);
|
||||
if (m != NULL)
|
||||
fprintf(out, "%s: ", m);
|
||||
fprintf(out, "%s\n", name);
|
||||
return oiddata->offset;
|
||||
}
|
||||
oidString = CERT_GetOidString(oid);
|
||||
if (oidString) {
|
||||
SECU_Indent(out, level);
|
||||
if (m != NULL)
|
||||
fprintf(out, "%s: ", m);
|
||||
fprintf(out, "%s\n", oidString);
|
||||
PR_smprintf_free(oidString);
|
||||
return SEC_OID_UNKNOWN;
|
||||
SECU_Indent(out, level);
|
||||
if (m != NULL)
|
||||
fprintf(out, "%s: ", m);
|
||||
fprintf(out, "%s\n", oidString);
|
||||
PR_smprintf_free(oidString);
|
||||
return SEC_OID_UNKNOWN;
|
||||
}
|
||||
SECU_PrintAsHex(out, oid, m, level);
|
||||
return SEC_OID_UNKNOWN;
|
||||
|
@ -287,29 +287,29 @@ secu_StdinToItem(SECItem *dst)
|
|||
dst->data = NULL;
|
||||
|
||||
while (notDone) {
|
||||
numBytes = PR_Read(PR_STDIN, buf, sizeof(buf));
|
||||
numBytes = PR_Read(PR_STDIN, buf, sizeof(buf));
|
||||
|
||||
if (numBytes < 0) {
|
||||
return SECFailure;
|
||||
}
|
||||
if (numBytes < 0) {
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
if (numBytes == 0)
|
||||
break;
|
||||
if (numBytes == 0)
|
||||
break;
|
||||
|
||||
if (dst->data) {
|
||||
unsigned char * p = dst->data;
|
||||
dst->data = (unsigned char*)PORT_Realloc(p, dst->len + numBytes);
|
||||
if (!dst->data) {
|
||||
PORT_Free(p);
|
||||
}
|
||||
} else {
|
||||
dst->data = (unsigned char*)PORT_Alloc(numBytes);
|
||||
}
|
||||
if (!dst->data) {
|
||||
return SECFailure;
|
||||
}
|
||||
PORT_Memcpy(dst->data + dst->len, buf, numBytes);
|
||||
dst->len += numBytes;
|
||||
if (dst->data) {
|
||||
unsigned char * p = dst->data;
|
||||
dst->data = (unsigned char*)PORT_Realloc(p, dst->len + numBytes);
|
||||
if (!dst->data) {
|
||||
PORT_Free(p);
|
||||
}
|
||||
} else {
|
||||
dst->data = (unsigned char*)PORT_Alloc(numBytes);
|
||||
}
|
||||
if (!dst->data) {
|
||||
return SECFailure;
|
||||
}
|
||||
PORT_Memcpy(dst->data + dst->len, buf, numBytes);
|
||||
dst->len += numBytes;
|
||||
}
|
||||
|
||||
return SECSuccess;
|
||||
|
@ -323,24 +323,24 @@ SECU_FileToItem(SECItem *dst, PRFileDesc *src)
|
|||
PRStatus prStatus;
|
||||
|
||||
if (src == PR_STDIN)
|
||||
return secu_StdinToItem(dst);
|
||||
return secu_StdinToItem(dst);
|
||||
|
||||
prStatus = PR_GetOpenFileInfo(src, &info);
|
||||
|
||||
if (prStatus != PR_SUCCESS) {
|
||||
PORT_SetError(SEC_ERROR_IO);
|
||||
return SECFailure;
|
||||
PORT_SetError(SEC_ERROR_IO);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/* XXX workaround for 3.1, not all utils zero dst before sending */
|
||||
dst->data = 0;
|
||||
if (!SECITEM_AllocItem(NULL, dst, info.size))
|
||||
goto loser;
|
||||
goto loser;
|
||||
|
||||
numBytes = PR_Read(src, dst->data, info.size);
|
||||
if (numBytes != info.size) {
|
||||
PORT_SetError(SEC_ERROR_IO);
|
||||
goto loser;
|
||||
PORT_SetError(SEC_ERROR_IO);
|
||||
goto loser;
|
||||
}
|
||||
|
||||
return SECSuccess;
|
||||
|
@ -355,56 +355,56 @@ SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii)
|
|||
{
|
||||
SECStatus rv;
|
||||
if (ascii) {
|
||||
/* First convert ascii to binary */
|
||||
SECItem filedata;
|
||||
char *asc, *body;
|
||||
/* First convert ascii to binary */
|
||||
SECItem filedata;
|
||||
char *asc, *body;
|
||||
|
||||
/* Read in ascii data */
|
||||
rv = SECU_FileToItem(&filedata, inFile);
|
||||
asc = (char *)filedata.data;
|
||||
if (!asc) {
|
||||
fprintf(stderr, "unable to read data from input file\n");
|
||||
return SECFailure;
|
||||
}
|
||||
/* Read in ascii data */
|
||||
rv = SECU_FileToItem(&filedata, inFile);
|
||||
asc = (char *)filedata.data;
|
||||
if (!asc) {
|
||||
fprintf(stderr, "unable to read data from input file\n");
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/* check for headers and trailers and remove them */
|
||||
if ((body = strstr(asc, "-----BEGIN")) != NULL) {
|
||||
char *trailer = NULL;
|
||||
asc = body;
|
||||
body = PORT_Strchr(body, '\n');
|
||||
if (!body)
|
||||
body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */
|
||||
if (body)
|
||||
trailer = strstr(++body, "-----END");
|
||||
if (trailer != NULL) {
|
||||
*trailer = '\0';
|
||||
} else {
|
||||
fprintf(stderr, "input has header but no trailer\n");
|
||||
PORT_Free(filedata.data);
|
||||
return SECFailure;
|
||||
}
|
||||
} else {
|
||||
body = asc;
|
||||
}
|
||||
|
||||
/* Convert to binary */
|
||||
rv = ATOB_ConvertAsciiToItem(der, body);
|
||||
if (rv) {
|
||||
fprintf(stderr, "error converting ascii to binary (%d)\n",
|
||||
PORT_GetError());
|
||||
PORT_Free(filedata.data);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
PORT_Free(filedata.data);
|
||||
/* check for headers and trailers and remove them */
|
||||
if ((body = strstr(asc, "-----BEGIN")) != NULL) {
|
||||
char *trailer = NULL;
|
||||
asc = body;
|
||||
body = PORT_Strchr(body, '\n');
|
||||
if (!body)
|
||||
body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */
|
||||
if (body)
|
||||
trailer = strstr(++body, "-----END");
|
||||
if (trailer != NULL) {
|
||||
*trailer = '\0';
|
||||
} else {
|
||||
fprintf(stderr, "input has header but no trailer\n");
|
||||
PORT_Free(filedata.data);
|
||||
return SECFailure;
|
||||
}
|
||||
} else {
|
||||
/* Read in binary der */
|
||||
rv = SECU_FileToItem(der, inFile);
|
||||
if (rv) {
|
||||
fprintf(stderr, "error converting der (%d)\n",
|
||||
PORT_GetError());
|
||||
return SECFailure;
|
||||
}
|
||||
body = asc;
|
||||
}
|
||||
|
||||
/* Convert to binary */
|
||||
rv = ATOB_ConvertAsciiToItem(der, body);
|
||||
if (rv) {
|
||||
fprintf(stderr, "error converting ascii to binary (%d)\n",
|
||||
PORT_GetError());
|
||||
PORT_Free(filedata.data);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
PORT_Free(filedata.data);
|
||||
} else {
|
||||
/* Read in binary der */
|
||||
rv = SECU_FileToItem(der, inFile);
|
||||
if (rv) {
|
||||
fprintf(stderr, "error converting der (%d)\n",
|
||||
PORT_GetError());
|
||||
return SECFailure;
|
||||
}
|
||||
}
|
||||
return SECSuccess;
|
||||
}
|
||||
|
@ -440,12 +440,12 @@ void
|
|||
SECU_SECItemToHex(const SECItem * item, char * dst)
|
||||
{
|
||||
if (dst && item && item->data) {
|
||||
unsigned char * src = item->data;
|
||||
unsigned int len = item->len;
|
||||
for (; len > 0; --len, dst += 2) {
|
||||
sprintf(dst, "%02x", *src++);
|
||||
}
|
||||
*dst = '\0';
|
||||
unsigned char * src = item->data;
|
||||
unsigned int len = item->len;
|
||||
for (; len > 0; --len, dst += 2) {
|
||||
sprintf(dst, "%02x", *src++);
|
||||
}
|
||||
*dst = '\0';
|
||||
}
|
||||
}
|
||||
|
||||
|
|
62
secutil.h
62
secutil.h
|
@ -46,12 +46,12 @@
|
|||
#include <secder.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#define SEC_CT_PRIVATE_KEY "private-key"
|
||||
#define SEC_CT_PUBLIC_KEY "public-key"
|
||||
#define SEC_CT_CERTIFICATE "certificate"
|
||||
#define SEC_CT_CERTIFICATE_REQUEST "certificate-request"
|
||||
#define SEC_CT_PKCS7 "pkcs7"
|
||||
#define SEC_CT_CRL "crl"
|
||||
#define SEC_CT_PRIVATE_KEY "private-key"
|
||||
#define SEC_CT_PUBLIC_KEY "public-key"
|
||||
#define SEC_CT_CERTIFICATE "certificate"
|
||||
#define SEC_CT_CERTIFICATE_REQUEST "certificate-request"
|
||||
#define SEC_CT_PKCS7 "pkcs7"
|
||||
#define SEC_CT_CRL "crl"
|
||||
|
||||
#define NS_CERTREQ_HEADER "-----BEGIN NEW CERTIFICATE REQUEST-----"
|
||||
#define NS_CERTREQ_TRAILER "-----END NEW CERTIFICATE REQUEST-----"
|
||||
|
@ -64,7 +64,7 @@
|
|||
|
||||
/* From libsec/pcertdb.c --- it's not declared in sec.h */
|
||||
extern SECStatus SEC_AddPermCertificate(CERTCertDBHandle *handle,
|
||||
SECItem *derCert, char *nickname, CERTCertTrust *trust);
|
||||
SECItem *derCert, char *nickname, CERTCertTrust *trust);
|
||||
|
||||
|
||||
#ifdef SECUTIL_NEW
|
||||
|
@ -76,10 +76,10 @@ typedef int (*SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level);
|
|||
|
||||
typedef struct {
|
||||
enum {
|
||||
PW_NONE = 0,
|
||||
PW_FROMFILE = 1,
|
||||
PW_PLAINTEXT = 2,
|
||||
PW_EXTERNAL = 3
|
||||
PW_NONE = 0,
|
||||
PW_FROMFILE = 1,
|
||||
PW_PLAINTEXT = 2,
|
||||
PW_EXTERNAL = 3
|
||||
} source;
|
||||
char *data;
|
||||
} secuPWData;
|
||||
|
@ -123,7 +123,7 @@ extern PRBool SEC_BlindCheckPassword(char *password);
|
|||
** The password is then checked using "chkpw".
|
||||
*/
|
||||
extern char *SEC_GetPassword(FILE *in, FILE *out, char *msg,
|
||||
PRBool (*chkpw)(char *));
|
||||
PRBool (*chkpw)(char *));
|
||||
|
||||
char *SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg);
|
||||
|
||||
|
@ -165,9 +165,9 @@ extern char *SECU_ConfigDirectory(const char* base);
|
|||
*/
|
||||
extern int
|
||||
SECU_GetClientAuthData(void *arg, PRFileDesc *fd,
|
||||
struct CERTDistNamesStr *caNames,
|
||||
struct CERTCertificateStr **pRetCert,
|
||||
struct SECKEYPrivateKeyStr **pRetKey);
|
||||
struct CERTDistNamesStr *caNames,
|
||||
struct CERTCertificateStr **pRetCert,
|
||||
struct SECKEYPrivateKeyStr **pRetKey);
|
||||
|
||||
/* print out an error message */
|
||||
extern void SECU_PrintError(char *progName, char *msg, ...);
|
||||
|
@ -182,15 +182,15 @@ extern const char * SECU_Strerror(PRErrorCode errNum);
|
|||
* failure at time == now */
|
||||
extern void
|
||||
SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle,
|
||||
CERTCertificate *cert, PRBool checksig,
|
||||
SECCertificateUsage certUsage, void *pinArg, PRBool verbose);
|
||||
CERTCertificate *cert, PRBool checksig,
|
||||
SECCertificateUsage certUsage, void *pinArg, PRBool verbose);
|
||||
|
||||
/* revalidate the cert and print information about cert verification
|
||||
* failure at specified time */
|
||||
extern void
|
||||
SECU_printCertProblemsOnDate(FILE *outfile, CERTCertDBHandle *handle,
|
||||
CERTCertificate *cert, PRBool checksig, SECCertificateUsage certUsage,
|
||||
void *pinArg, PRBool verbose, PRTime datetime);
|
||||
CERTCertificate *cert, PRBool checksig, SECCertificateUsage certUsage,
|
||||
void *pinArg, PRBool verbose, PRTime datetime);
|
||||
|
||||
/* print out CERTVerifyLog info. */
|
||||
extern void
|
||||
|
@ -216,7 +216,7 @@ extern SECOidTag SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level)
|
|||
|
||||
/* Print AlgorithmIdentifier symbolically */
|
||||
extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m,
|
||||
int level);
|
||||
int level);
|
||||
|
||||
/* Print SECItem as hex */
|
||||
extern void SECU_PrintAsHex(FILE *out, SECItem *i, const char *m, int level);
|
||||
|
@ -237,7 +237,7 @@ extern void SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level);
|
|||
* afterward; otherwise just print the formatted time string only.
|
||||
*/
|
||||
extern void SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m,
|
||||
int level);
|
||||
int level);
|
||||
|
||||
/*
|
||||
* Format and print the UTC or Generalized Time "t". If the tag message
|
||||
|
@ -259,7 +259,7 @@ int SECU_CheckCertNameExists(CERTCertDBHandle *handle, char *nickname);
|
|||
|
||||
/* Dump contents of cert req */
|
||||
extern int SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m,
|
||||
int level);
|
||||
int level);
|
||||
|
||||
/* Dump contents of certificate */
|
||||
extern int SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level);
|
||||
|
@ -285,14 +285,14 @@ extern int SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m,
|
|||
|
||||
/* Pretty-print any PKCS7 thing */
|
||||
extern int SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m,
|
||||
int level);
|
||||
int level);
|
||||
|
||||
/* Init PKCS11 stuff */
|
||||
extern SECStatus SECU_PKCS11Init(PRBool readOnly);
|
||||
|
||||
/* Dump contents of signed data */
|
||||
extern int SECU_PrintSignedData(FILE *out, SECItem *der, char *m, int level,
|
||||
SECU_PPFunc inner);
|
||||
SECU_PPFunc inner);
|
||||
|
||||
/* Print cert data and its trust flags */
|
||||
extern SECStatus SEC_PrintCertificateAndTrust(CERTCertificate *cert,
|
||||
|
@ -312,7 +312,7 @@ extern void SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value,
|
|||
char *msg, int level);
|
||||
|
||||
extern void SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
|
||||
char *msg, int level);
|
||||
char *msg, int level);
|
||||
|
||||
extern void SECU_PrintName(FILE *out, CERTName *name, char *msg, int level);
|
||||
|
||||
|
@ -347,12 +347,12 @@ extern SECStatus SECU_StoreCRL(PK11SlotInfo *slot, SECItem *derCrl,
|
|||
** MD5 hashing algorithm. This routine first computes a digital signature
|
||||
** using SEC_SignData, then wraps it with an CERTSignedData and then der
|
||||
** encodes the result.
|
||||
** "arena" is the memory arena to use to allocate data from
|
||||
** "arena" is the memory arena to use to allocate data from
|
||||
** "sd" returned CERTSignedData
|
||||
** "result" the final der encoded data (memory is allocated)
|
||||
** "buf" the input data to sign
|
||||
** "len" the amount of data to sign
|
||||
** "pk" the private key to encrypt with
|
||||
** "result" the final der encoded data (memory is allocated)
|
||||
** "buf" the input data to sign
|
||||
** "len" the amount of data to sign
|
||||
** "pk" the private key to encrypt with
|
||||
*/
|
||||
extern SECStatus SECU_DerSignDataCRL(PRArenaPool *arena, CERTSignedData *sd,
|
||||
unsigned char *buf, int len,
|
||||
|
@ -436,7 +436,7 @@ typedef struct
|
|||
/* fill the "arg" and "activated" fields for each flag */
|
||||
SECStatus
|
||||
SECU_ParseCommandLine(int argc, char **argv, char *progName,
|
||||
const secuCommand *cmd);
|
||||
const secuCommand *cmd);
|
||||
char *
|
||||
SECU_GetOptionArg(const secuCommand *cmd, int optionNum);
|
||||
|
||||
|
|
Loading…
Reference in New Issue