SECStatus DumpCRL(PRFileDesc *inFile)
{
int rv;
PLArenaPool *arena = NULL;
CERTSignedCrl *newCrl = NULL;
SECItem crlDER;
crlDER.data = NULL;
/* Read in the entire file specified with the -f argument */
rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE);
if (rv != SECSuccess) {
SECU_PrintError(progName, "unable to read input file");
return (SECFailure);
}
rv = SEC_ERROR_NO_MEMORY;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!arena)
return rv;
newCrl = CERT_DecodeDERCrlWithFlags(arena, &crlDER, SEC_CRL_TYPE,
CRL_DECODE_DEFAULT_OPTIONS);
if (!newCrl)
return SECFailure;
SECU_PrintCRLInfo (stdout, &newCrl->crl, "CRL file contents", 0);
PORT_FreeArena (arena, PR_FALSE);
return rv;
}
static SECStatus DisplayCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType)
{
CERTSignedCrl *crl = NULL;
crl = FindCRL (certHandle, nickName, crlType);
if (crl) {
SECU_PrintCRLInfo (stdout, &crl->crl, "CRL Info:\n", 0);
SEC_DestroyCrl (crl);
return SECSuccess;
}
return SECFailure;
}
/*
** secu_PrintPKCS7SignedEnveloped
** Pretty print a PKCS7 singed and enveloped data type (up to version 1).
*/
int
secu_PrintPKCS7SignedAndEnveloped(FILE *out,
SEC_PKCS7SignedAndEnvelopedData *src,
char *m, int level)
{
SECAlgorithmID *digAlg; /* pointer for digest algorithms */
SECItem *aCert; /* pointer for certificate */
CERTSignedCrl *aCrl; /* pointer for certificate revocation list */
SEC_PKCS7SignerInfo *sigInfo; /* pointer for signer information */
SEC_PKCS7RecipientInfo *recInfo; /* pointer for recipient information */
int rv, iv;
char om[100];
secu_Indent(out, level); fprintf(out, "%s:\n", m);
sv_PrintInteger(out, &(src->version), "Version", level + 1);
/* Parse and list recipients (this is not optional) */
if (src->recipientInfos != NULL) {
secu_Indent(out, level + 1);
fprintf(out, "Recipient Information List:\n");
iv = 0;
while ((recInfo = src->recipientInfos[iv++]) != NULL) {
sprintf(om, "Recipient Information (%x)", iv);
secu_PrintRecipientInfo(out, recInfo, om, level + 2);
}
}
/* Parse and list digest algorithms (if any) */
if (src->digestAlgorithms != NULL) {
secu_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n");
iv = 0;
while ((digAlg = src->digestAlgorithms[iv++]) != NULL) {
sprintf(om, "Digest Algorithm (%x)", iv);
sv_PrintAlgorithmID(out, digAlg, om);
}
}
secu_PrintPKCS7EncContent(out, &src->encContentInfo,
"Encrypted Content Information", level + 1);
/* Parse and list certificates (if any) */
if (src->rawCerts != NULL) {
secu_Indent(out, level + 1); fprintf(out, "Certificate List:\n");
iv = 0;
while ((aCert = src->rawCerts[iv++]) != NULL) {
sprintf(om, "Certificate (%x)", iv);
rv = SECU_PrintSignedData(out, aCert, om, level + 2,
SECU_PrintCertificate);
if (rv)
return rv;
}
}
/* Parse and list CRL's (if any) */
if (src->crls != NULL) {
secu_Indent(out, level + 1);
fprintf(out, "Signed Revocation Lists:\n");
iv = 0;
while ((aCrl = src->crls[iv++]) != NULL) {
sprintf(om, "Signed Revocation List (%x)", iv);
secu_Indent(out, level + 2); fprintf(out, "%s:\n", om);
sv_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
"Signature Algorithm");
DER_ConvertBitString(&aCrl->signatureWrap.signature);
sv_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature",
level+3);
SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List",
level + 3);
}
}
/* Parse and list signatures (if any) */
if (src->signerInfos != NULL) {
secu_Indent(out, level + 1);
fprintf(out, "Signer Information List:\n");
iv = 0;
while ((sigInfo = src->signerInfos[iv++]) != NULL) {
sprintf(om, "Signer Information (%x)", iv);
secu_PrintSignerInfo(out, sigInfo, om, level + 2);
}
}
return 0;
}
static SECStatus
GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName,
PRFileDesc *inCrlInitFile, PRFileDesc *inFile,
char *outFileName, int ascii, char *slotName,
PRInt32 importOptions, char *alg, PRBool quiet,
PRInt32 decodeOptions, char *url, secuPWData *pwdata,
int modifyFlag)
{
CERTCertificate *cert = NULL;
CERTSignedCrl *signCrl = NULL;
PLArenaPool *arena = NULL;
SECStatus rv;
SECOidTag hashAlgTag = SEC_OID_UNKNOWN;
if (alg) {
hashAlgTag = SECU_StringToSignatureAlgTag(alg);
if (hashAlgTag == SEC_OID_UNKNOWN) {
SECU_PrintError(progName, "%s -Z: %s is not a recognized type.\n",
progName, alg);
return SECFailure;
}
} else {
hashAlgTag = SEC_OID_UNKNOWN;
}
arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
if (!arena) {
SECU_PrintError(progName, "fail to allocate memory\n");
return SECFailure;
}
if (modifyFlag == PR_TRUE) {
signCrl = CreateModifiedCRLCopy(arena, certHandle, &cert, certNickName,
inFile, decodeOptions, importOptions);
if (signCrl == NULL) {
goto loser;
}
}
if (!cert) {
cert = FindSigningCert(certHandle, signCrl, certNickName);
if (cert == NULL) {
goto loser;
}
}
if (!signCrl) {
if (modifyFlag == PR_TRUE) {
if (!outFileName) {
int len = strlen(certNickName) + 5;
outFileName = PORT_ArenaAlloc(arena, len);
PR_snprintf(outFileName, len, "%s.crl", certNickName);
}
SECU_PrintError(progName, "Will try to generate crl. "
"It will be saved in file: %s",
outFileName);
}
signCrl = CreateNewCrl(arena, certHandle, cert);
if (!signCrl)
goto loser;
}
rv = UpdateCrl(signCrl, inCrlInitFile);
if (rv != SECSuccess) {
goto loser;
}
rv = SignAndStoreCrl(signCrl, cert, outFileName, hashAlgTag, ascii,
slotName, url, pwdata);
if (rv != SECSuccess) {
goto loser;
}
if (signCrl && !quiet) {
SECU_PrintCRLInfo (stdout, &signCrl->crl, "CRL Info:\n", 0);
}
loser:
if (arena && (!signCrl || !signCrl->arena))
PORT_FreeArena (arena, PR_FALSE);
if (signCrl)
SEC_DestroyCrl (signCrl);
if (cert)
CERT_DestroyCertificate (cert);
return (rv);
}
