int
main(int argc, char **argv)
{
char *progName;
FILE *outFile;
PRFileDesc *inFile;
char *keyName = NULL;
CERTCertDBHandle *certHandle;
CERTCertificate *cert;
PLOptState *optstate;
PLOptStatus status;
SECStatus rv;
progName = strrchr(argv[0], '/');
progName = progName ? progName+1 : argv[0];
inFile = NULL;
outFile = NULL;
keyName = NULL;
/*
* Parse command line arguments
*/
optstate = PL_CreateOptState(argc, argv, "ed:k:i:o:p:f:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case '?':
Usage(progName);
break;
case 'd':
SECU_ConfigDirectory(optstate->value);
break;
case 'i':
inFile = PR_Open(optstate->value, PR_RDONLY, 0);
if (!inFile) {
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
progName, optstate->value);
return -1;
}
break;
case 'k':
keyName = strdup(optstate->value);
break;
case 'o':
outFile = fopen(optstate->value, "wb");
if (!outFile) {
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
progName, optstate->value);
return -1;
}
break;
case 'p':
pwdata.source = PW_PLAINTEXT;
pwdata.data = strdup (optstate->value);
break;
case 'f':
pwdata.source = PW_FROMFILE;
pwdata.data = PORT_Strdup (optstate->value);
break;
}
}
if (!keyName) Usage(progName);
if (!inFile) inFile = PR_STDIN;
if (!outFile) outFile = stdout;
/* Call the initialization routines */
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
rv = NSS_Init(SECU_ConfigDirectory(NULL));
if (rv != SECSuccess) {
SECU_PrintPRandOSError(progName);
goto loser;
}
PK11_SetPasswordFunc(SECU_GetModulePassword);
/* open cert database */
certHandle = CERT_GetDefaultCertDB();
if (certHandle == NULL) {
rv = SECFailure;
goto loser;
}
/* find cert */
cert = CERT_FindCertByNickname(certHandle, keyName);
if (cert == NULL) {
SECU_PrintError(progName,
"the corresponding cert for key \"%s\" does not exist",
keyName);
rv = SECFailure;
goto loser;
}
if (SignFile(outFile, inFile, cert)) {
SECU_PrintError(progName, "problem signing data");
rv = SECFailure;
goto loser;
}
loser:
if (pwdata.data) {
PORT_Free(pwdata.data);
}
if (keyName) {
PORT_Free(keyName);
}
if (cert) {
CERT_DestroyCertificate(cert);
}
if (inFile && inFile != PR_STDIN) {
PR_Close(inFile);
}
if (outFile && outFile != stdout) {
fclose(outFile);
}
if (NSS_Shutdown() != SECSuccess) {
SECU_PrintError(progName, "NSS shutdown:");
exit(1);
}
return (rv != SECSuccess);
}
/*********************************************************************
*
* c r e a t e _ p k 7
*/
static int
create_pk7 (char *dir, char *keyName, int *keyType)
{
int status = 0;
char *file_ext;
CERTCertificate * cert;
CERTCertDBHandle * db;
FILE * in, *out;
char sf_file [FNSIZE];
char pk7_file [FNSIZE];
/* open cert database */
db = CERT_GetDefaultCertDB();
if (db == NULL)
return - 1;
/* find cert */
/*cert = CERT_FindCertByNicknameOrEmailAddr(db, keyName);*/
cert = PK11_FindCertFromNickname(keyName, &pwdata);
if (cert == NULL) {
SECU_PrintError ( PROGRAM_NAME,
"Cannot find the cert \"%s\"", keyName);
return -1;
}
/* determine the key type, which sets the extension for pkcs7 object */
*keyType = jar_find_key_type (cert);
file_ext = (*keyType == dsaKey) ? "dsa" : "rsa";
sprintf (sf_file, "%s/META-INF/%s.sf", dir, base);
sprintf (pk7_file, "%s/META-INF/%s.%s", dir, base, file_ext);
if ((in = fopen (sf_file, "rb")) == NULL) {
PR_fprintf(errorFD, "%s: Can't open %s for reading\n", PROGRAM_NAME,
sf_file);
errorCount++;
exit (ERRX);
}
if ((out = fopen (pk7_file, "wb")) == NULL) {
PR_fprintf(errorFD, "%s: Can't open %s for writing\n", PROGRAM_NAME,
sf_file);
errorCount++;
exit (ERRX);
}
status = SignFile (out, in, cert);
CERT_DestroyCertificate (cert);
fclose (in);
fclose (out);
if (status) {
PR_fprintf(errorFD, "%s: PROBLEM signing data (%s)\n",
PROGRAM_NAME, SECU_ErrorString ((int16) PORT_GetError()));
errorCount++;
return - 1;
}
return 0;
}