• file
• revisions
• annotate
• diff
• comparison
• raw

security/nss/cmd/p7content/p7content.c@141e0f1194b1 (annotated)

security/nss/cmd/p7content/p7content.c

Wed, 31 Dec 2014 07:16:47 +0100

author

Michael Schloh von Bennewitz <michael@schloh.com>

date

Wed, 31 Dec 2014 07:16:47 +0100

branch

TOR_BUG_9701

changeset 3

141e0f1194b1

permissions

-rw-r--r--

Revert simplistic fix pending revisit of Mozilla integration attempt.

michael@0	1	/* This Source Code Form is subject to the terms of the Mozilla Public
michael@0	2	* License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0	3	* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0	4
michael@0	5	/*
michael@0	6	* p7content -- A command to display pkcs7 content.
michael@0	7	*/
michael@0	8
michael@0	9	#include "nspr.h"
michael@0	10	#include "secutil.h"
michael@0	11	#include "plgetopt.h"
michael@0	12	#include "secpkcs7.h"
michael@0	13	#include "cert.h"
michael@0	14	#include "certdb.h"
michael@0	15	#include "nss.h"
michael@0	16	#include "pk11pub.h"
michael@0	17
michael@0	18	#if defined(XP_UNIX)
michael@0	19	#include <unistd.h>
michael@0	20	#endif
michael@0	21
michael@0	22	#include <stdio.h>
michael@0	23	#include <string.h>
michael@0	24
michael@0	25	#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4))
michael@0	26	extern int fwrite(char *, size_t, size_t, FILE*);
michael@0	27	extern int fprintf(FILE *, char *, ...);
michael@0	28	#endif
michael@0	29
michael@0	30
michael@0	31
michael@0	32	static void
michael@0	33	Usage(char *progName)
michael@0	34	{
michael@0	35	fprintf(stderr,
michael@0	36	"Usage: %s [-d dbdir] [-i input] [-o output]\n",
michael@0	37	progName);
michael@0	38	fprintf(stderr,
michael@0	39	"%-20s Key/Cert database directory (default is ~/.netscape)\n",
michael@0	40	"-d dbdir");
michael@0	41	fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
michael@0	42	"-i input");
michael@0	43	fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
michael@0	44	"-o output");
michael@0	45	exit(-1);
michael@0	46	}
michael@0	47
michael@0	48	static PRBool saw_content;
michael@0	49	static secuPWData pwdata = { PW_NONE, 0 };
michael@0	50
michael@0	51	static void
michael@0	52	PrintBytes(void *arg, const char *buf, unsigned long len)
michael@0	53	{
michael@0	54	FILE *out;
michael@0	55
michael@0	56	out = arg;
michael@0	57	fwrite (buf, len, 1, out);
michael@0	58
michael@0	59	saw_content = PR_TRUE;
michael@0	60	}
michael@0	61
michael@0	62	/*
michael@0	63	* XXX Someday we may want to do real policy stuff here. This allows
michael@0	64	* anything to be decrypted, which is okay for a test program but does
michael@0	65	* not set an example of how a real client with a real policy would
michael@0	66	* need to do it.
michael@0	67	*/
michael@0	68	static PRBool
michael@0	69	decryption_allowed(SECAlgorithmID *algid, PK11SymKey *key)
michael@0	70	{
michael@0	71	return PR_TRUE;
michael@0	72	}
michael@0	73
michael@0	74	int
michael@0	75	DecodeAndPrintFile(FILE *out, PRFileDesc *in, char *progName)
michael@0	76	{
michael@0	77	SECItem derdata;
michael@0	78	SEC_PKCS7ContentInfo *cinfo = NULL;
michael@0	79	SEC_PKCS7DecoderContext *dcx;
michael@0	80
michael@0	81	if (SECU_ReadDERFromFile(&derdata, in, PR_FALSE, PR_FALSE)) {
michael@0	82	SECU_PrintError(progName, "error converting der");
michael@0	83	return -1;
michael@0	84	}
michael@0	85
michael@0	86	fprintf(out,
michael@0	87	"Content printed between bars (newline added before second bar):");
michael@0	88	fprintf(out, "\n---------------------------------------------\n");
michael@0	89
michael@0	90	saw_content = PR_FALSE;
michael@0	91	dcx = SEC_PKCS7DecoderStart(PrintBytes, out, NULL, &pwdata,
michael@0	92	NULL, NULL, decryption_allowed);
michael@0	93	if (dcx != NULL) {
michael@0	94	#if 0 /* Test that decoder works when data is really streaming in. */
michael@0	95	{
michael@0	96	unsigned long i;
michael@0	97	for (i = 0; i < derdata.len; i++)
michael@0	98	SEC_PKCS7DecoderUpdate(dcx, derdata.data + i, 1);
michael@0	99	}
michael@0	100	#else
michael@0	101	SEC_PKCS7DecoderUpdate(dcx, (char *)derdata.data, derdata.len);
michael@0	102	#endif
michael@0	103	cinfo = SEC_PKCS7DecoderFinish(dcx);
michael@0	104	}
michael@0	105
michael@0	106	fprintf(out, "\n---------------------------------------------\n");
michael@0	107
michael@0	108	if (cinfo == NULL)
michael@0	109	return -1;
michael@0	110
michael@0	111	fprintf(out, "Content was%s encrypted.\n",
michael@0	112	SEC_PKCS7ContentIsEncrypted(cinfo) ? "" : " not");
michael@0	113
michael@0	114	if (SEC_PKCS7ContentIsSigned(cinfo)) {
michael@0	115	char *signer_cname, *signer_ename;
michael@0	116	SECItem *signing_time;
michael@0	117
michael@0	118	if (saw_content) {
michael@0	119	fprintf(out, "Signature is ");
michael@0	120	PORT_SetError(0);
michael@0	121	if (SEC_PKCS7VerifySignature(cinfo, certUsageEmailSigner, PR_FALSE))
michael@0	122	fprintf(out, "valid.\n");
michael@0	123	else
michael@0	124	fprintf(out, "invalid (Reason: %s).\n",
michael@0	125	SECU_Strerror(PORT_GetError()));
michael@0	126	} else {
michael@0	127	fprintf(out,
michael@0	128	"Content is detached; signature cannot be verified.\n");
michael@0	129	}
michael@0	130
michael@0	131	signer_cname = SEC_PKCS7GetSignerCommonName(cinfo);
michael@0	132	if (signer_cname != NULL) {
michael@0	133	fprintf(out, "The signer's common name is %s\n", signer_cname);
michael@0	134	PORT_Free(signer_cname);
michael@0	135	} else {
michael@0	136	fprintf(out, "No signer common name.\n");
michael@0	137	}
michael@0	138
michael@0	139	signer_ename = SEC_PKCS7GetSignerEmailAddress(cinfo);
michael@0	140	if (signer_ename != NULL) {
michael@0	141	fprintf(out, "The signer's email address is %s\n", signer_ename);
michael@0	142	PORT_Free(signer_ename);
michael@0	143	} else {
michael@0	144	fprintf(out, "No signer email address.\n");
michael@0	145	}
michael@0	146
michael@0	147	signing_time = SEC_PKCS7GetSigningTime(cinfo);
michael@0	148	if (signing_time != NULL) {
michael@0	149	SECU_PrintTimeChoice(out, signing_time, "Signing time", 0);
michael@0	150	} else {
michael@0	151	fprintf(out, "No signing time included.\n");
michael@0	152	}
michael@0	153	} else {
michael@0	154	fprintf(out, "Content was not signed.\n");
michael@0	155	}
michael@0	156
michael@0	157	fprintf(out, "There were%s certs or crls included.\n",
michael@0	158	SEC_PKCS7ContainsCertsOrCrls(cinfo) ? "" : " no");
michael@0	159
michael@0	160	SEC_PKCS7DestroyContentInfo(cinfo);
michael@0	161	return 0;
michael@0	162	}
michael@0	163
michael@0	164	/*
michael@0	165	* Print the contents of a PKCS7 message, indicating signatures, etc.
michael@0	166	*/
michael@0	167
michael@0	168	int
michael@0	169	main(int argc, char **argv)
michael@0	170	{
michael@0	171	char *progName;
michael@0	172	FILE *outFile;
michael@0	173	PRFileDesc *inFile;
michael@0	174	PLOptState *optstate;
michael@0	175	PLOptStatus status;
michael@0	176	SECStatus rv;
michael@0	177
michael@0	178	progName = strrchr(argv[0], '/');
michael@0	179	progName = progName ? progName+1 : argv[0];
michael@0	180
michael@0	181	inFile = NULL;
michael@0	182	outFile = NULL;
michael@0	183
michael@0	184	/*
michael@0	185	* Parse command line arguments
michael@0	186	*/
michael@0	187	optstate = PL_CreateOptState(argc, argv, "d:i:o:p:f:");
michael@0	188	while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
michael@0	189	switch (optstate->option) {
michael@0	190	case 'd':
michael@0	191	SECU_ConfigDirectory(optstate->value);
michael@0	192	break;
michael@0	193
michael@0	194	case 'i':
michael@0	195	inFile = PR_Open(optstate->value, PR_RDONLY, 0);
michael@0	196	if (!inFile) {
michael@0	197	fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
michael@0	198	progName, optstate->value);
michael@0	199	return -1;
michael@0	200	}
michael@0	201	break;
michael@0	202
michael@0	203	case 'o':
michael@0	204	outFile = fopen(optstate->value, "w");
michael@0	205	if (!outFile) {
michael@0	206	fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
michael@0	207	progName, optstate->value);
michael@0	208	return -1;
michael@0	209	}
michael@0	210	break;
michael@0	211
michael@0	212	case 'p':
michael@0	213	pwdata.source = PW_PLAINTEXT;
michael@0	214	pwdata.data = PORT_Strdup (optstate->value);
michael@0	215	break;
michael@0	216
michael@0	217	case 'f':
michael@0	218	pwdata.source = PW_FROMFILE;
michael@0	219	pwdata.data = PORT_Strdup (optstate->value);
michael@0	220	break;
michael@0	221
michael@0	222	default:
michael@0	223	Usage(progName);
michael@0	224	break;
michael@0	225	}
michael@0	226	}
michael@0	227	if (status == PL_OPT_BAD)
michael@0	228	Usage(progName);
michael@0	229
michael@0	230	if (!inFile) inFile = PR_STDIN;
michael@0	231	if (!outFile) outFile = stdout;
michael@0	232
michael@0	233	/* Call the initialization routines */
michael@0	234	PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
michael@0	235	rv = NSS_Init(SECU_ConfigDirectory(NULL));
michael@0	236	if (rv != SECSuccess) {
michael@0	237	SECU_PrintPRandOSError(progName);
michael@0	238	return -1;
michael@0	239	}
michael@0	240
michael@0	241	PK11_SetPasswordFunc(SECU_GetModulePassword);
michael@0	242
michael@0	243	if (DecodeAndPrintFile(outFile, inFile, progName)) {
michael@0	244	SECU_PrintError(progName, "problem decoding data");
michael@0	245	return -1;
michael@0	246	}
michael@0	247
michael@0	248	if (NSS_Shutdown() != SECSuccess) {
michael@0	249	exit(1);
michael@0	250	}
michael@0	251
michael@0	252	return 0;
michael@0	253	}