SECStatus DumpCRL(PRFileDesc *inFile) { int rv; PLArenaPool *arena = NULL; CERTSignedCrl *newCrl = NULL; SECItem crlDER; crlDER.data = NULL; /* Read in the entire file specified with the -f argument */ rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE); if (rv != SECSuccess) { SECU_PrintError(progName, "unable to read input file"); return (SECFailure); } rv = SEC_ERROR_NO_MEMORY; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) return rv; newCrl = CERT_DecodeDERCrlWithFlags(arena, &crlDER, SEC_CRL_TYPE, CRL_DECODE_DEFAULT_OPTIONS); if (!newCrl) return SECFailure; SECU_PrintCRLInfo (stdout, &newCrl->crl, "CRL file contents", 0); PORT_FreeArena (arena, PR_FALSE); return rv; }
static SECStatus DisplayCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType) { CERTSignedCrl *crl = NULL; crl = FindCRL (certHandle, nickName, crlType); if (crl) { SECU_PrintCRLInfo (stdout, &crl->crl, "CRL Info:\n", 0); SEC_DestroyCrl (crl); return SECSuccess; } return SECFailure; }
/* ** secu_PrintPKCS7SignedEnveloped ** Pretty print a PKCS7 singed and enveloped data type (up to version 1). */ int secu_PrintPKCS7SignedAndEnveloped(FILE *out, SEC_PKCS7SignedAndEnvelopedData *src, char *m, int level) { SECAlgorithmID *digAlg; /* pointer for digest algorithms */ SECItem *aCert; /* pointer for certificate */ CERTSignedCrl *aCrl; /* pointer for certificate revocation list */ SEC_PKCS7SignerInfo *sigInfo; /* pointer for signer information */ SEC_PKCS7RecipientInfo *recInfo; /* pointer for recipient information */ int rv, iv; char om[100]; secu_Indent(out, level); fprintf(out, "%s:\n", m); sv_PrintInteger(out, &(src->version), "Version", level + 1); /* Parse and list recipients (this is not optional) */ if (src->recipientInfos != NULL) { secu_Indent(out, level + 1); fprintf(out, "Recipient Information List:\n"); iv = 0; while ((recInfo = src->recipientInfos[iv++]) != NULL) { sprintf(om, "Recipient Information (%x)", iv); secu_PrintRecipientInfo(out, recInfo, om, level + 2); } } /* Parse and list digest algorithms (if any) */ if (src->digestAlgorithms != NULL) { secu_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n"); iv = 0; while ((digAlg = src->digestAlgorithms[iv++]) != NULL) { sprintf(om, "Digest Algorithm (%x)", iv); sv_PrintAlgorithmID(out, digAlg, om); } } secu_PrintPKCS7EncContent(out, &src->encContentInfo, "Encrypted Content Information", level + 1); /* Parse and list certificates (if any) */ if (src->rawCerts != NULL) { secu_Indent(out, level + 1); fprintf(out, "Certificate List:\n"); iv = 0; while ((aCert = src->rawCerts[iv++]) != NULL) { sprintf(om, "Certificate (%x)", iv); rv = SECU_PrintSignedData(out, aCert, om, level + 2, SECU_PrintCertificate); if (rv) return rv; } } /* Parse and list CRL's (if any) */ if (src->crls != NULL) { secu_Indent(out, level + 1); fprintf(out, "Signed Revocation Lists:\n"); iv = 0; while ((aCrl = src->crls[iv++]) != NULL) { sprintf(om, "Signed Revocation List (%x)", iv); secu_Indent(out, level + 2); fprintf(out, "%s:\n", om); sv_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm, "Signature Algorithm"); DER_ConvertBitString(&aCrl->signatureWrap.signature); sv_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature", level+3); SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List", level + 3); } } /* Parse and list signatures (if any) */ if (src->signerInfos != NULL) { secu_Indent(out, level + 1); fprintf(out, "Signer Information List:\n"); iv = 0; while ((sigInfo = src->signerInfos[iv++]) != NULL) { sprintf(om, "Signer Information (%x)", iv); secu_PrintSignerInfo(out, sigInfo, om, level + 2); } } return 0; }
static SECStatus GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName, PRFileDesc *inCrlInitFile, PRFileDesc *inFile, char *outFileName, int ascii, char *slotName, PRInt32 importOptions, char *alg, PRBool quiet, PRInt32 decodeOptions, char *url, secuPWData *pwdata, int modifyFlag) { CERTCertificate *cert = NULL; CERTSignedCrl *signCrl = NULL; PLArenaPool *arena = NULL; SECStatus rv; SECOidTag hashAlgTag = SEC_OID_UNKNOWN; if (alg) { hashAlgTag = SECU_StringToSignatureAlgTag(alg); if (hashAlgTag == SEC_OID_UNKNOWN) { SECU_PrintError(progName, "%s -Z: %s is not a recognized type.\n", progName, alg); return SECFailure; } } else { hashAlgTag = SEC_OID_UNKNOWN; } arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE); if (!arena) { SECU_PrintError(progName, "fail to allocate memory\n"); return SECFailure; } if (modifyFlag == PR_TRUE) { signCrl = CreateModifiedCRLCopy(arena, certHandle, &cert, certNickName, inFile, decodeOptions, importOptions); if (signCrl == NULL) { goto loser; } } if (!cert) { cert = FindSigningCert(certHandle, signCrl, certNickName); if (cert == NULL) { goto loser; } } if (!signCrl) { if (modifyFlag == PR_TRUE) { if (!outFileName) { int len = strlen(certNickName) + 5; outFileName = PORT_ArenaAlloc(arena, len); PR_snprintf(outFileName, len, "%s.crl", certNickName); } SECU_PrintError(progName, "Will try to generate crl. " "It will be saved in file: %s", outFileName); } signCrl = CreateNewCrl(arena, certHandle, cert); if (!signCrl) goto loser; } rv = UpdateCrl(signCrl, inCrlInitFile); if (rv != SECSuccess) { goto loser; } rv = SignAndStoreCrl(signCrl, cert, outFileName, hashAlgTag, ascii, slotName, url, pwdata); if (rv != SECSuccess) { goto loser; } if (signCrl && !quiet) { SECU_PrintCRLInfo (stdout, &signCrl->crl, "CRL Info:\n", 0); } loser: if (arena && (!signCrl || !signCrl->arena)) PORT_FreeArena (arena, PR_FALSE); if (signCrl) SEC_DestroyCrl (signCrl); if (cert) CERT_DestroyCertificate (cert); return (rv); }