int main(int argc, char **argv) { SECStatus rv = SECFailure; PRBool good_result = PR_FALSE; if (argc != 2) return Usage(); rv = RNG_RNGInit(); if (rv != SECSuccess) { SECU_PrintPRandOSError(""); return -1; } rv = BL_Init(); if (rv != SECSuccess) { SECU_PrintPRandOSError(""); return -1; } RNG_SystemInfoForRNG(); good_result = BLAPI_SHVerifyFile(argv[1]); printf("%s\n", (good_result ? "SUCCESS" : "FAILURE")); return (good_result) ? SECSuccess : SECFailure; }
static Error init_crypto(PRBool create, PRBool readOnly) { PRUint32 flags = 0; SECStatus rv; Error retval; /* Open/create key database */ if (readOnly) flags |= NSS_INIT_READONLY; if (nocertdb) flags |= NSS_INIT_NOCERTDB; rv = NSS_Initialize(SECU_ConfigDirectory(NULL), dbprefix, dbprefix, secmodName, flags); if (rv != SECSuccess) { SECU_PrintPRandOSError(progName); retval = NSS_INITIALIZE_FAILED_ERR; } else retval = SUCCESS; return retval; }
int main(int argc, char **argv) { CERTCertDBHandle *certHandle; PRFileDesc *inFile; PRFileDesc *inCrlInitFile = NULL; int generateCRL; int modifyCRL; int listCRL; int importCRL; int showFileCRL; int deleteCRL; int rv; char *nickName; char *url; char *dbPrefix = ""; char *alg = NULL; char *outFile = NULL; char *slotName = NULL; int ascii = 0; int crlType; PLOptState *optstate; PLOptStatus status; SECStatus secstatus; PRInt32 decodeOptions = CRL_DECODE_DEFAULT_OPTIONS; PRInt32 importOptions = CRL_IMPORT_DEFAULT_OPTIONS; PRBool quiet = PR_FALSE; PRBool test = PR_FALSE; PRBool erase = PR_FALSE; PRInt32 i = 0; PRInt32 iterations = 1; PRBool readonly = PR_FALSE; secuPWData pwdata = { PW_NONE, 0 }; progName = strrchr(argv[0], '/'); progName = progName ? progName+1 : argv[0]; rv = 0; deleteCRL = importCRL = listCRL = generateCRL = modifyCRL = showFileCRL = 0; inFile = NULL; nickName = url = NULL; certHandle = NULL; crlType = SEC_CRL_TYPE; /* * Parse command line arguments */ optstate = PL_CreateOptState(argc, argv, "sqBCDGILMSTEP:f:d:i:h:n:p:t:u:r:aZ:o:c:"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': Usage(progName); break; case 'T': test = PR_TRUE; break; case 'E': erase = PR_TRUE; break; case 'B': importOptions |= CRL_IMPORT_BYPASS_CHECKS; break; case 'G': generateCRL = 1; break; case 'M': modifyCRL = 1; break; case 'D': deleteCRL = 1; break; case 'I': importCRL = 1; break; case 'S': showFileCRL = 1; break; case 'C': case 'L': listCRL = 1; break; case 'P': dbPrefix = strdup(optstate->value); break; case 'Z': alg = strdup(optstate->value); break; case 'a': ascii = 1; break; case 'c': inCrlInitFile = PR_Open(optstate->value, PR_RDONLY, 0); if (!inCrlInitFile) { PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading\n", progName, optstate->value); PL_DestroyOptState(optstate); return -1; } break; case 'd': SECU_ConfigDirectory(optstate->value); break; case 'f': pwdata.source = PW_FROMFILE; pwdata.data = strdup(optstate->value); break; case 'h': slotName = strdup(optstate->value); break; case 'i': inFile = PR_Open(optstate->value, PR_RDONLY, 0); if (!inFile) { PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading\n", progName, optstate->value); PL_DestroyOptState(optstate); return -1; } break; case 'n': nickName = strdup(optstate->value); break; case 'o': outFile = strdup(optstate->value); break; case 'p': decodeOptions |= CRL_DECODE_SKIP_ENTRIES; break; case 'r': { const char* str = optstate->value; if (str && atoi(str)>0) iterations = atoi(str); } break; case 't': { crlType = atoi(optstate->value); if (crlType != SEC_CRL_TYPE && crlType != SEC_KRL_TYPE) { PR_fprintf(PR_STDERR, "%s: invalid crl type\n", progName); PL_DestroyOptState(optstate); return -1; } break; case 'q': quiet = PR_TRUE; break; case 'w': pwdata.source = PW_PLAINTEXT; pwdata.data = strdup(optstate->value); break; case 'u': url = strdup(optstate->value); break; } } } PL_DestroyOptState(optstate); if (deleteCRL && !nickName) Usage (progName); if (importCRL && !inFile) Usage (progName); if (showFileCRL && !inFile) Usage (progName); if ((generateCRL && !nickName) || (modifyCRL && !inFile && !nickName)) Usage (progName); if (!(listCRL || deleteCRL || importCRL || showFileCRL || generateCRL || modifyCRL || test || erase)) Usage (progName); if (listCRL || showFileCRL) { readonly = PR_TRUE; } PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); PK11_SetPasswordFunc(SECU_GetModulePassword); if (showFileCRL) { NSS_NoDB_Init(NULL); } else { secstatus = NSS_Initialize(SECU_ConfigDirectory(NULL), dbPrefix, dbPrefix, "secmod.db", readonly ? NSS_INIT_READONLY : 0); if (secstatus != SECSuccess) { SECU_PrintPRandOSError(progName); return -1; } } SECU_RegisterDynamicOids(); certHandle = CERT_GetDefaultCertDB(); if (certHandle == NULL) { SECU_PrintError(progName, "unable to open the cert db"); /*ignoring return value of NSS_Shutdown() as code returns -1*/ (void) NSS_Shutdown(); return (-1); } CRLGEN_InitCrlGenParserLock(); for (i=0; i<iterations; i++) { /* Read in the private key info */ if (deleteCRL) DeleteCRL (certHandle, nickName, crlType); else if (listCRL) { rv = ListCRL (certHandle, nickName, crlType); } else if (importCRL) { rv = ImportCRL (certHandle, url, crlType, inFile, importOptions, decodeOptions, &pwdata); } else if (showFileCRL) { rv = DumpCRL (inFile); } else if (generateCRL || modifyCRL) { if (!inCrlInitFile) inCrlInitFile = PR_STDIN; rv = GenerateCRL (certHandle, nickName, inCrlInitFile, inFile, outFile, ascii, slotName, importOptions, alg, quiet, decodeOptions, url, &pwdata, modifyCRL); } else if (erase) { /* list and delete all CRLs */ ListCRLNames (certHandle, crlType, PR_TRUE); } #ifdef DEBUG else if (test) { /* list and delete all CRLs */ ListCRLNames (certHandle, crlType, PR_TRUE); /* list CRLs */ ListCRLNames (certHandle, crlType, PR_FALSE); /* import CRL as a blob */ rv = ImportCRL (certHandle, url, crlType, inFile, importOptions, decodeOptions, &pwdata); /* list CRLs */ ListCRLNames (certHandle, crlType, PR_FALSE); } #endif } CRLGEN_DestroyCrlGenParserLock(); if (NSS_Shutdown() != SECSuccess) { rv = SECFailure; } return (rv != SECSuccess); }
int main(int argc, char **argv) { char *progName; FILE *inFile, *outFile; char *certName; CERTCertDBHandle *certHandle; struct recipient *recipients, *rcpt; PLOptState *optstate; PLOptStatus status; SECStatus rv; progName = strrchr(argv[0], '/'); progName = progName ? progName+1 : argv[0]; inFile = NULL; outFile = NULL; certName = NULL; recipients = NULL; rcpt = NULL; /* * Parse command line arguments * XXX This needs to be enhanced to allow selection of algorithms * and key sizes (or to look up algorithms and key sizes for each * recipient in the magic database). */ optstate = PL_CreateOptState(argc, argv, "d:i:o:r:"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': Usage(progName); break; case 'd': SECU_ConfigDirectory(optstate->value); break; case 'i': inFile = fopen(optstate->value, "r"); if (!inFile) { fprintf(stderr, "%s: unable to open \"%s\" for reading\n", progName, optstate->value); return -1; } break; case 'o': outFile = fopen(optstate->value, "wb"); if (!outFile) { fprintf(stderr, "%s: unable to open \"%s\" for writing\n", progName, optstate->value); return -1; } break; case 'r': if (rcpt == NULL) { recipients = rcpt = PORT_Alloc (sizeof(struct recipient)); } else { rcpt->next = PORT_Alloc (sizeof(struct recipient)); rcpt = rcpt->next; } if (rcpt == NULL) { fprintf(stderr, "%s: unable to allocate recipient struct\n", progName); return -1; } rcpt->nickname = strdup(optstate->value); rcpt->cert = NULL; rcpt->next = NULL; break; } } if (!recipients) Usage(progName); if (!inFile) inFile = stdin; if (!outFile) outFile = stdout; /* Call the NSS initialization routines */ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); rv = NSS_Init(SECU_ConfigDirectory(NULL)); if (rv != SECSuccess) { SECU_PrintPRandOSError(progName); return -1; } /* open cert database */ certHandle = CERT_GetDefaultCertDB(); if (certHandle == NULL) { return -1; } /* find certs */ for (rcpt = recipients; rcpt != NULL; rcpt = rcpt->next) { rcpt->cert = CERT_FindCertByNickname(certHandle, rcpt->nickname); if (rcpt->cert == NULL) { SECU_PrintError(progName, "the cert for name \"%s\" not found in database", rcpt->nickname); return -1; } } if (EncryptFile(outFile, inFile, recipients, progName)) { SECU_PrintError(progName, "problem encrypting data"); return -1; } return 0; }
int main(int argc, char **argv) { char *progName; FILE *contentFile, *outFile; PRFileDesc *signatureFile; SECCertUsage certUsage = certUsageEmailSigner; PLOptState *optstate; PLOptStatus status; SECStatus rv; progName = strrchr(argv[0], '/'); progName = progName ? progName+1 : argv[0]; contentFile = NULL; signatureFile = NULL; outFile = NULL; /* * Parse command line arguments */ optstate = PL_CreateOptState(argc, argv, "c:d:o:s:u:"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': Usage(progName); break; case 'c': contentFile = fopen(optstate->value, "r"); if (!contentFile) { fprintf(stderr, "%s: unable to open \"%s\" for reading\n", progName, optstate->value); return -1; } break; case 'd': SECU_ConfigDirectory(optstate->value); break; case 'o': outFile = fopen(optstate->value, "w"); if (!outFile) { fprintf(stderr, "%s: unable to open \"%s\" for writing\n", progName, optstate->value); return -1; } break; case 's': signatureFile = PR_Open(optstate->value, PR_RDONLY, 0); if (!signatureFile) { fprintf(stderr, "%s: unable to open \"%s\" for reading\n", progName, optstate->value); return -1; } break; case 'u': { int usageType; usageType = atoi (strdup(optstate->value)); if (usageType < certUsageSSLClient || usageType > certUsageAnyCA) return -1; certUsage = (SECCertUsage)usageType; break; } } } if (!contentFile) Usage (progName); if (!signatureFile) Usage (progName); if (!outFile) outFile = stdout; /* Call the NSS initialization routines */ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); rv = NSS_Init(SECU_ConfigDirectory(NULL)); if (rv != SECSuccess) { SECU_PrintPRandOSError(progName); return -1; } if (HashDecodeAndVerify(outFile, contentFile, signatureFile, certUsage, progName)) { SECU_PrintError(progName, "problem decoding/verifying signature"); return -1; } if (NSS_Shutdown() != SECSuccess) { exit(1); } return 0; }
int main(int argc, char **argv) { char *progName; FILE *outFile; PRFileDesc *inFile; char *keyName = NULL; CERTCertDBHandle *certHandle; CERTCertificate *cert; PLOptState *optstate; PLOptStatus status; SECStatus rv; progName = strrchr(argv[0], '/'); progName = progName ? progName+1 : argv[0]; inFile = NULL; outFile = NULL; keyName = NULL; /* * Parse command line arguments */ optstate = PL_CreateOptState(argc, argv, "ed:k:i:o:p:f:"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': Usage(progName); break; case 'd': SECU_ConfigDirectory(optstate->value); break; case 'i': inFile = PR_Open(optstate->value, PR_RDONLY, 0); if (!inFile) { fprintf(stderr, "%s: unable to open \"%s\" for reading\n", progName, optstate->value); return -1; } break; case 'k': keyName = strdup(optstate->value); break; case 'o': outFile = fopen(optstate->value, "wb"); if (!outFile) { fprintf(stderr, "%s: unable to open \"%s\" for writing\n", progName, optstate->value); return -1; } break; case 'p': pwdata.source = PW_PLAINTEXT; pwdata.data = strdup (optstate->value); break; case 'f': pwdata.source = PW_FROMFILE; pwdata.data = PORT_Strdup (optstate->value); break; } } if (!keyName) Usage(progName); if (!inFile) inFile = PR_STDIN; if (!outFile) outFile = stdout; /* Call the initialization routines */ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); rv = NSS_Init(SECU_ConfigDirectory(NULL)); if (rv != SECSuccess) { SECU_PrintPRandOSError(progName); goto loser; } PK11_SetPasswordFunc(SECU_GetModulePassword); /* open cert database */ certHandle = CERT_GetDefaultCertDB(); if (certHandle == NULL) { rv = SECFailure; goto loser; } /* find cert */ cert = CERT_FindCertByNickname(certHandle, keyName); if (cert == NULL) { SECU_PrintError(progName, "the corresponding cert for key \"%s\" does not exist", keyName); rv = SECFailure; goto loser; } if (SignFile(outFile, inFile, cert)) { SECU_PrintError(progName, "problem signing data"); rv = SECFailure; goto loser; } loser: if (pwdata.data) { PORT_Free(pwdata.data); } if (keyName) { PORT_Free(keyName); } if (cert) { CERT_DestroyCertificate(cert); } if (inFile && inFile != PR_STDIN) { PR_Close(inFile); } if (outFile && outFile != stdout) { fclose(outFile); } if (NSS_Shutdown() != SECSuccess) { SECU_PrintError(progName, "NSS shutdown:"); exit(1); } return (rv != SECSuccess); }
int main(int argc, char **argv) { PRFileDesc *contentFile = NULL; PRFileDesc *signFile = PR_STDIN; FILE * outFile = stdout; char * progName; SECStatus rv; int result = 1; SECItem pkcs7der, content; secuCommand signver; pkcs7der.data = NULL; content.data = NULL; signver.numCommands = sizeof(signver_commands) /sizeof(secuCommandFlag); signver.numOptions = sizeof(signver_options) / sizeof(secuCommandFlag); signver.commands = signver_commands; signver.options = signver_options; #ifdef XP_PC progName = strrchr(argv[0], '\\'); #else progName = strrchr(argv[0], '/'); #endif progName = progName ? progName+1 : argv[0]; rv = SECU_ParseCommandLine(argc, argv, progName, &signver); if (SECSuccess != rv) { Usage(progName, outFile); } debugInfo = signver.options[opt_DebugInfo ].activated; verbose = signver.options[opt_PrintWhyFailure ].activated; doVerify = signver.commands[cmd_VerifySignedObj].activated; displayAll= signver.commands[cmd_DisplayAllPCKS7Info].activated; if (!doVerify && !displayAll) doVerify = PR_TRUE; /* Set the certdb directory (default is ~/.netscape) */ rv = NSS_Init(SECU_ConfigDirectory(signver.options[opt_CertDir].arg)); if (rv != SECSuccess) { SECU_PrintPRandOSError(progName); return result; } /* below here, goto cleanup */ SECU_RegisterDynamicOids(); /* Open the input content file. */ if (signver.options[opt_InputDataFile].activated && signver.options[opt_InputDataFile].arg) { if (PL_strcmp("-", signver.options[opt_InputDataFile].arg)) { contentFile = PR_Open(signver.options[opt_InputDataFile].arg, PR_RDONLY, 0); if (!contentFile) { PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading.\n", progName, signver.options[opt_InputDataFile].arg); goto cleanup; } } else contentFile = PR_STDIN; } /* Open the input signature file. */ if (signver.options[opt_InputSigFile].activated && signver.options[opt_InputSigFile].arg) { if (PL_strcmp("-", signver.options[opt_InputSigFile].arg)) { signFile = PR_Open(signver.options[opt_InputSigFile].arg, PR_RDONLY, 0); if (!signFile) { PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading.\n", progName, signver.options[opt_InputSigFile].arg); goto cleanup; } } } if (contentFile == PR_STDIN && signFile == PR_STDIN && doVerify) { PR_fprintf(PR_STDERR, "%s: cannot read both content and signature from standard input\n", progName); goto cleanup; } /* Open|Create the output file. */ if (signver.options[opt_OutputFile].activated) { outFile = fopen(signver.options[opt_OutputFile].arg, "w"); if (!outFile) { PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for writing.\n", progName, signver.options[opt_OutputFile].arg); goto cleanup; } } /* read in the input files' contents */ rv = SECU_ReadDERFromFile(&pkcs7der, signFile, signver.options[opt_ASCII].activated); if (signFile != PR_STDIN) PR_Close(signFile); if (rv != SECSuccess) { SECU_PrintError(progName, "problem reading PKCS7 input"); goto cleanup; } if (contentFile) { rv = SECU_FileToItem(&content, contentFile); if (contentFile != PR_STDIN) PR_Close(contentFile); if (rv != SECSuccess) content.data = NULL; } /* Signature Verification */ if (doVerify) { SEC_PKCS7ContentInfo *cinfo; SEC_PKCS7SignedData *signedData; HASH_HashType digestType; PRBool contentIsSigned; cinfo = SEC_PKCS7DecodeItem(&pkcs7der, NULL, NULL, NULL, NULL, NULL, NULL, NULL); if (cinfo == NULL) { PR_fprintf(PR_STDERR, "Unable to decode PKCS7 data\n"); goto cleanup; } /* below here, goto done */ contentIsSigned = SEC_PKCS7ContentIsSigned(cinfo); if (debugInfo) { PR_fprintf(PR_STDERR, "Content is%s encrypted.\n", SEC_PKCS7ContentIsEncrypted(cinfo) ? "" : " not"); } if (debugInfo || !contentIsSigned) { PR_fprintf(PR_STDERR, "Content is%s signed.\n", contentIsSigned ? "" : " not"); } if (!contentIsSigned) goto done; signedData = cinfo->content.signedData; /* assume that there is only one digest algorithm for now */ digestType = AlgorithmToHashType(signedData->digestAlgorithms[0]); if (digestType == HASH_AlgNULL) { PR_fprintf(PR_STDERR, "Invalid hash algorithmID\n"); goto done; } if (content.data) { SECCertUsage usage = certUsageEmailSigner; SECItem digest; unsigned char digestBuffer[HASH_LENGTH_MAX]; if (debugInfo) PR_fprintf(PR_STDERR, "contentToVerify=%s\n", content.data); digest.data = digestBuffer; digest.len = sizeof digestBuffer; if (DigestContent(&digest, &content, digestType)) { SECU_PrintError(progName, "Message digest computation failure"); goto done; } if (debugInfo) { unsigned int i; PR_fprintf(PR_STDERR, "Data Digest=:"); for (i = 0; i < digest.len; i++) PR_fprintf(PR_STDERR, "%02x:", digest.data[i]); PR_fprintf(PR_STDERR, "\n"); } fprintf(outFile, "signatureValid="); PORT_SetError(0); if (SEC_PKCS7VerifyDetachedSignature (cinfo, usage, &digest, digestType, PR_FALSE)) { fprintf(outFile, "yes"); } else { fprintf(outFile, "no"); if (verbose) { fprintf(outFile, ":%s", SECU_Strerror(PORT_GetError())); } } fprintf(outFile, "\n"); result = 0; } done: SEC_PKCS7DestroyContentInfo(cinfo); } if (displayAll) { if (SV_PrintPKCS7ContentInfo(outFile, &pkcs7der)) result = 1; } cleanup: SECITEM_FreeItem(&pkcs7der, PR_FALSE); SECITEM_FreeItem(&content, PR_FALSE); if (NSS_Shutdown() != SECSuccess) { result = 1; } return result; }
int main(int argc, char **argv) { SECStatus rv; int retval = -1; CERTCertDBHandle *certHandle = NULL; CERTCertificate *caCert = NULL, *cert = NULL; CERTOCSPCertID *cid = NULL; PLArenaPool *arena = NULL; PRTime now = PR_Now(); SECItem *encoded = NULL; CERTOCSPResponse *decoded = NULL; SECStatus statusDecoded; SECItem *encodedRev = NULL; CERTOCSPResponse *decodedRev = NULL; SECStatus statusDecodedRev; SECItem *encodedFail = NULL; CERTOCSPResponse *decodedFail = NULL; SECStatus statusDecodedFail; CERTCertificate *obtainedSignerCert = NULL; if (argc != 4 && argc != 6) { return Usage(); } if (argc == 6) { if (!strcmp(argv[4], "-p")) { pwdata.source = PW_PLAINTEXT; pwdata.data = PORT_Strdup(argv[5]); } else if (!strcmp(argv[4], "-f")) { pwdata.source = PW_FROMFILE; pwdata.data = PORT_Strdup(argv[5]); } else return Usage(); } PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); /*rv = NSS_Init(SECU_ConfigDirectory(NULL));*/ rv = NSS_Init(argv[1]); if (rv != SECSuccess) { SECU_PrintPRandOSError(argv[0]); goto loser; } PK11_SetPasswordFunc(SECU_GetModulePassword); certHandle = CERT_GetDefaultCertDB(); if (!certHandle) goto loser; if (!getCaAndSubjectCert(certHandle, argv[2], argv[3], &caCert, &cert)) goto loser; cid = CERT_CreateOCSPCertID(cert, now); arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); encoded = encode(arena, cid, caCert); PORT_Assert(encoded); decoded = CERT_DecodeOCSPResponse(encoded); statusDecoded = CERT_GetOCSPResponseStatus(decoded); PORT_Assert(statusDecoded == SECSuccess); statusDecoded = CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata, &obtainedSignerCert, caCert); PORT_Assert(statusDecoded == SECSuccess); statusDecoded = CERT_GetOCSPStatusForCertID(certHandle, decoded, cid, obtainedSignerCert, now); PORT_Assert(statusDecoded == SECSuccess); CERT_DestroyCertificate(obtainedSignerCert); encodedRev = encodeRevoked(arena, cid, caCert); PORT_Assert(encodedRev); decodedRev = CERT_DecodeOCSPResponse(encodedRev); statusDecodedRev = CERT_GetOCSPResponseStatus(decodedRev); PORT_Assert(statusDecodedRev == SECSuccess); statusDecodedRev = CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata, &obtainedSignerCert, caCert); PORT_Assert(statusDecodedRev == SECSuccess); statusDecodedRev = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid, obtainedSignerCert, now); PORT_Assert(statusDecodedRev == SECFailure); PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE); CERT_DestroyCertificate(obtainedSignerCert); encodedFail = CERT_CreateEncodedOCSPErrorResponse( arena, SEC_ERROR_OCSP_TRY_SERVER_LATER); PORT_Assert(encodedFail); decodedFail = CERT_DecodeOCSPResponse(encodedFail); statusDecodedFail = CERT_GetOCSPResponseStatus(decodedFail); PORT_Assert(statusDecodedFail == SECFailure); PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER); retval = 0; loser: if (retval != 0) SECU_PrintError(argv[0], "tests failed"); if (cid) CERT_DestroyOCSPCertID(cid); if (cert) CERT_DestroyCertificate(cert); if (caCert) CERT_DestroyCertificate(caCert); if (arena) PORT_FreeArena(arena, PR_FALSE); if (decoded) CERT_DestroyOCSPResponse(decoded); if (decodedRev) CERT_DestroyOCSPResponse(decodedRev); if (decodedFail) CERT_DestroyOCSPResponse(decodedFail); if (pwdata.data) { PORT_Free(pwdata.data); } if (NSS_Shutdown() != SECSuccess) { SECU_PrintError(argv[0], "NSS shutdown:"); if (retval == 0) retval = -2; } return retval; }
int main(int argc, char **argv) { PLOptState *optstate; PLOptStatus optstatus; PRUint32 flags = 0; Error ret; SECStatus rv; char *dbString = NULL; PRBool doInitTest = PR_FALSE; int i; progName = strrchr(argv[0], '/'); if (!progName) progName = strrchr(argv[0], '\\'); progName = progName ? progName + 1 : argv[0]; optstate = PL_CreateOptState(argc, argv, "rfip:d:h"); while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case 'h': default: Usage(progName); break; case 'r': flags |= NSS_INIT_READONLY; break; case 'f': flags |= NSS_INIT_FORCEOPEN; break; case 'i': doInitTest = PR_TRUE; break; case 'p': userPassword = PORT_Strdup(optstate->value); break; case 'd': dbDir = PORT_Strdup(optstate->value); break; } } if (optstatus == PL_OPT_BAD) Usage(progName); if (!dbDir) { dbDir = SECU_DefaultSSLDir(); /* Look in $SSL_DIR */ } dbDir = SECU_ConfigDirectory(dbDir); PR_fprintf(PR_STDERR, "dbdir selected is %s\n\n", dbDir); if (dbDir[0] == '\0') { PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dbDir); ret = DIR_DOESNT_EXIST_ERR; goto loser; } PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); /* get the status of the directory and databases and output message */ if (PR_Access(dbDir, PR_ACCESS_EXISTS) != PR_SUCCESS) { PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dbDir); } else if (PR_Access(dbDir, PR_ACCESS_READ_OK) != PR_SUCCESS) { PR_fprintf(PR_STDERR, errStrings[DIR_NOT_READABLE_ERR], dbDir); } else { if (!(flags & NSS_INIT_READONLY) && PR_Access(dbDir, PR_ACCESS_WRITE_OK) != PR_SUCCESS) { PR_fprintf(PR_STDERR, errStrings[DIR_NOT_WRITEABLE_ERR], dbDir); } if (!doInitTest) { for (i = 0; i < 3; i++) { dbString = PR_smprintf("%s/%s", dbDir, dbName[i]); PR_fprintf(PR_STDOUT, "database checked is %s\n", dbString); if (PR_Access(dbString, PR_ACCESS_EXISTS) != PR_SUCCESS) { PR_fprintf(PR_STDERR, errStrings[FILE_DOESNT_EXIST_ERR], dbString); } else if (PR_Access(dbString, PR_ACCESS_READ_OK) != PR_SUCCESS) { PR_fprintf(PR_STDERR, errStrings[FILE_NOT_READABLE_ERR], dbString); } else if (!(flags & NSS_INIT_READONLY) && PR_Access(dbString, PR_ACCESS_WRITE_OK) != PR_SUCCESS) { PR_fprintf(PR_STDERR, errStrings[FILE_NOT_WRITEABLE_ERR], dbString); } } } } rv = NSS_Initialize(SECU_ConfigDirectory(dbDir), dbprefix, dbprefix, secmodName, flags); if (rv != SECSuccess) { SECU_PrintPRandOSError(progName); ret = NSS_INITIALIZE_FAILED_ERR; } else { ret = SUCCESS; if (doInitTest) { PK11SlotInfo *slot = PK11_GetInternalKeySlot(); SECStatus rv; int passwordSuccess = 0; int type = CKM_DES3_CBC; SECItem keyid = { 0, NULL, 0 }; unsigned char keyIdData[] = { 0xff, 0xfe }; PK11SymKey *key = NULL; keyid.data = keyIdData; keyid.len = sizeof(keyIdData); PK11_SetPasswordFunc(getPassword); rv = PK11_InitPin(slot, (char *)NULL, userPassword); if (rv != SECSuccess) { PR_fprintf(PR_STDERR, "Failed to Init DB: %s\n", SECU_Strerror(PORT_GetError())); ret = CHANGEPW_FAILED_ERR; } if (*userPassword && !PK11_IsLoggedIn(slot, &passwordSuccess)) { PR_fprintf(PR_STDERR, "New DB did not log in after init\n"); ret = AUTHENTICATION_FAILED_ERR; } /* generate a symetric key */ key = PK11_TokenKeyGen(slot, type, NULL, 0, &keyid, PR_TRUE, &passwordSuccess); if (!key) { PR_fprintf(PR_STDERR, "Could not generated symetric key: %s\n", SECU_Strerror(PORT_GetError())); exit(UNSPECIFIED_ERR); } PK11_FreeSymKey(key); PK11_Logout(slot); PK11_Authenticate(slot, PR_TRUE, &passwordSuccess); if (*userPassword && !passwordSuccess) { PR_fprintf(PR_STDERR, "New DB Did not initalize\n"); ret = AUTHENTICATION_FAILED_ERR; } key = PK11_FindFixedKey(slot, type, &keyid, &passwordSuccess); if (!key) { PR_fprintf(PR_STDERR, "Could not find generated key: %s\n", SECU_Strerror(PORT_GetError())); ret = UNSPECIFIED_ERR; } else { PK11_FreeSymKey(key); } PK11_FreeSlot(slot); } if (NSS_Shutdown() != SECSuccess) { PR_fprintf(PR_STDERR, "Could not find generated key: %s\n", SECU_Strerror(PORT_GetError())); exit(1); } } loser: return ret; }