Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Mozilla/mozilla/security/nss/cmd/signver/signver.c
nelsonb%netscape.com dbd95a18a1 Changes to deal with exporting data from Windows DLLs. 
SECHashObjects[] is no longer exported.
New function HASH_GetHashObject returns pointer to selected const object.
SSL statistics are now in a structure whose address is obtained via a
call to SSL_GetStatistics().
On NT, the new symbol NSS_USE_STATIC_LIBS must be declared in programs
that use the static SSL library.
Also, propagate "const" declaration for SECHashObjects.


git-svn-id: svn://10.0.0.236/trunk@84403 18797224-902f-48f8-a5cc-f745e15eee43
2001-01-05 01:38:26 +00:00

460 lines
15 KiB
C
Raw Blame History

/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "secutil.h"
#include "secmod.h"
#include "cdbhdl.h"
#include "cert.h"
#include "secoid.h"
/* NSPR 2.0 header files */
#include "prinit.h"
#include "prprf.h"
#include "prsystem.h"
#include "prmem.h"
/* Portable layer header files */
#include "plstr.h"
#include "sechash.h" /* for HASH_GetHashObject() */
static int debugInfo = 0;
static char *usageInfo[] = {
"Options:",
" -a signature file is ASCII",
" -d certdir directory containing cert database",
" -i dataFileName input file name containing data,",
" leave filename blank to use stdin",
" -s signatureFileName input file name containing signature,",
" leave filename blank to use stdin",
" -o outputFileName output file name, default stdout",
" -A display all information from pkcs #7",
" -C display all information from all certs",
" -C -n display number of certificates",
" -C -n certNum display all information from the certNum",
" certificate in pkcs #7 signed object",
" -C -n certNum f1 ... fN display information about specified",
" fields from the certNum certificate in",
" the pkcs #7 signed object",
" -S display signer information list",
" -S -n display number of signer information blocks",
" -S -n signerNum display all information from the signerNum",
" signer information block in pkcs #7",
" -S -n signerNum f1 ... fN display information about specified",
" fields from the signerNum signer",
" information block in pkcs #7 object",
" -V verify the signed object and display result",
" -V -v verify the signed object and display",
" result and reason for failure",
"Version 2.0"
};
static int nUsageInfo = sizeof(usageInfo)/sizeof(char *);
extern int SV_PrintPKCS7ContentInfo(FILE *, SECItem *);
static void Usage(char *progName, FILE *outFile)
{
int i;
fprintf(outFile, "Usage: %s options\n", progName);
for (i = 0; i < nUsageInfo; i++)
fprintf(outFile, "%s\n", usageInfo[i]);
exit(-1);
}
static HASH_HashType
AlgorithmToHashType(SECAlgorithmID *digestAlgorithms)
{
SECOidTag tag;
tag = SECOID_GetAlgorithmTag(digestAlgorithms);
switch (tag) {
case SEC_OID_MD2:
if (debugInfo) PR_fprintf(PR_STDERR, "Hash algorithm: HASH_AlgMD2 SEC_OID_MD2\n");
return HASH_AlgMD2;
case SEC_OID_MD5:
if (debugInfo) PR_fprintf(PR_STDERR, "Hash algorithm: HASH_AlgMD5 SEC_OID_MD5\n");
return HASH_AlgMD5;
case SEC_OID_SHA1:
if (debugInfo) PR_fprintf(PR_STDERR, "Hash algorithm: HASH_AlgSHA1 SEC_OID_SHA1\n");
return HASH_AlgSHA1;
default:
if (debugInfo) PR_fprintf(PR_STDERR, "should never get here\n");
return HASH_AlgNULL;
}
}
static int
DigestData (unsigned char *digest, unsigned char *data,
unsigned int *len, unsigned int maxLen,
HASH_HashType hashType)
{
const SECHashObject *hashObj;
void *hashcx;
hashObj = HASH_GetHashObject(hashType);
hashcx = (* hashObj->create)();
if (hashcx == NULL)
return -1;
(* hashObj->begin)(hashcx);
(* hashObj->update)(hashcx, data, PORT_Strlen(data));
(* hashObj->end)(hashcx, digest, len, maxLen);
(* hashObj->destroy)(hashcx, PR_TRUE);
return 0;
}
enum {
cmd_DisplayAllPCKS7Info = 0,
cmd_DisplayCertInfo,
cmd_DisplaySignerInfo,
cmd_VerifySignedObj
};
enum {
opt_ASCII,
opt_CertDir,
opt_InputDataFile,
opt_ItemNumber,
opt_OutputFile,
opt_InputSigFile,
opt_TypeTag,
opt_PrintWhyFailure
};
static secuCommandFlag signver_commands[] =
{
{ /* cmd_DisplayAllPCKS7Info*/ 'A', PR_FALSE, 0, PR_FALSE },
{ /* cmd_DisplayCertInfo */ 'C', PR_FALSE, 0, PR_FALSE },
{ /* cmd_DisplaySignerInfo */ 'S', PR_FALSE, 0, PR_FALSE },
{ /* cmd_VerifySignedObj */ 'V', PR_FALSE, 0, PR_FALSE }
};
static secuCommandFlag signver_options[] =
{
{ /* opt_ASCII */ 'a', PR_FALSE, 0, PR_FALSE },
{ /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE },
{ /* opt_InputDataFile */ 'i', PR_TRUE, 0, PR_FALSE },
{ /* opt_ItemNumber */ 'n', PR_FALSE, 0, PR_FALSE },
{ /* opt_OutputFile */ 'o', PR_TRUE, 0, PR_FALSE },
{ /* opt_InputSigFile */ 's', PR_TRUE, 0, PR_FALSE },
{ /* opt_TypeTag */ 't', PR_TRUE, 0, PR_FALSE },
{ /* opt_PrintWhyFailure */ 'v', PR_FALSE, 0, PR_FALSE }
};
int main(int argc, char **argv)
{
PRExplodedTime explodedCurrent;
SECItem der, data;
char *progName;
int rv;
PRFileDesc *dataFile = 0;
PRFileDesc *signFile = 0;
FILE *outFile = stdout;
char *typeTag = 0;
PRBool displayAllCerts = PR_FALSE;
PRBool displayAllSigners = PR_FALSE;
PRFileInfo info;
PRInt32 nb;
secuCommand signver;
signver.numCommands = sizeof(signver_commands) /sizeof(secuCommandFlag);
signver.numOptions = sizeof(signver_options) / sizeof(secuCommandFlag);
signver.commands = signver_commands;
signver.options = signver_options;
#ifdef XP_PC
progName = strrchr(argv[0], '\\');
#else
progName = strrchr(argv[0], '/');
#endif
progName = progName ? progName+1 : argv[0];
/*_asm int 3*/
PR_ExplodeTime(PR_Now(), PR_LocalTimeParameters, &explodedCurrent);
#if 0
if (explodedCurrent.tm_year >= 1998
&& explodedCurrent.tm_month >= 5 /* months past tm_year (0-11, Jan = 0) */
&& explodedCurrent.tm_mday >= 1) {
PR_fprintf(PR_STDERR, "%s: expired\n", progName);
return -1;
}
#endif
SECU_ParseCommandLine(argc, argv, progName, &signver);
/* Set the certdb directory (default is ~/.{browser}) */
SECU_ConfigDirectory(signver.options[opt_CertDir].arg);
/* Set the certificate type. */
typeTag = SECU_GetOptionArg(&signver, opt_TypeTag);
/* -i and -s without filenames */
if (signver.options[opt_InputDataFile].activated &&
signver.options[opt_InputSigFile].activated &&
!signver.options[opt_InputDataFile].arg &&
!signver.options[opt_InputSigFile].arg)
PR_fprintf(PR_STDERR,
"%s: Only data or signature file can use stdin (not both).\n",
progName);
/* Open the input data file (no arg == use stdin). */
if (signver.options[opt_InputDataFile].activated) {
if (signver.options[opt_InputDataFile].arg)
dataFile = PR_Open(signver.options[opt_InputDataFile].arg,
PR_RDONLY, 0);
else
dataFile = PR_STDIN;
if (!dataFile) {
PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading.\n",
progName, signver.options[opt_InputDataFile].arg);
return -1;
}
}
/* Open the input signature file (no arg == use stdin). */
if (signver.options[opt_InputSigFile].activated) {
if (signver.options[opt_InputSigFile].arg)
signFile = PR_Open(signver.options[opt_InputSigFile].arg,
PR_RDONLY, 0);
else
signFile = PR_STDIN;
if (!signFile) {
PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading.\n",
progName, signver.options[opt_InputSigFile].arg);
return -1;
}
}
#if 0
if (!typeTag) ascii = 1;
#endif
/* Open|Create the output file. */
if (signver.options[opt_OutputFile].activated) {
outFile = fopen(signver.options[opt_OutputFile].arg, "w");
/*
outFile = PR_Open(signver.options[opt_OutputFile].arg,
PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE, 00660);
*/
if (!outFile) {
PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for writing.\n",
progName, signver.options[opt_OutputFile].arg);
return -1;
}
}
if (signver.commands[cmd_DisplayCertInfo].activated &&
!signver.options[opt_ItemNumber].arg)
displayAllCerts = PR_TRUE;
if (signver.commands[cmd_DisplaySignerInfo].activated &&
!signver.options[opt_ItemNumber].arg)
displayAllSigners = PR_TRUE;
#if 0
case 'W':
debugInfo = 1;
break;
#endif
if (!signFile && !dataFile && !typeTag)
Usage(progName, outFile);
if (!signFile && !dataFile &&
signver.commands[cmd_VerifySignedObj].activated) {
PR_fprintf(PR_STDERR,
"%s: unable to read all data from standard input\n",
progName);
return -1;
}
PR_SetError(0, 0); /* PR_Init("pp", 1, 1, 0);*/
SECU_PKCS11Init(PR_FALSE);
SEC_Init();
rv = SECU_ReadDERFromFile(&der, signFile,
signver.options[opt_ASCII].activated);
/* Data is untyped, using the specified type */
data.data = der.data;
data.len = der.len;
/* Signature Verification */
if (!signver.options[opt_TypeTag].activated) {
if (signver.commands[cmd_VerifySignedObj].activated) {
SEC_PKCS7ContentInfo *cinfo;
cinfo = SEC_PKCS7DecodeItem(&data, NULL, NULL, NULL, NULL,
NULL, NULL, NULL);
if (cinfo != NULL) {
#if 0
if (debugInfo) {
PR_fprintf(PR_STDERR, "Content %s encrypted.\n",
SEC_PKCS7ContentIsEncrypted(cinfo) ? "was" : "was not");
PR_fprintf(PR_STDERR, "Content %s signed.\n",
SEC_PKCS7ContentIsSigned(cinfo) ? "was" : "was not");
}
#endif
if (SEC_PKCS7ContentIsSigned(cinfo)) {
SEC_PKCS7SignedData *signedData;
HASH_HashType digestType;
SECItem digest, data;
unsigned char *dataToVerify, digestBuffer[32];
signedData = cinfo->content.signedData;
/* assume that there is only one digest algorithm for now */
digestType =
AlgorithmToHashType(signedData->digestAlgorithms[0]);
if (digestType == HASH_AlgNULL) {
PR_fprintf(PR_STDERR, "Invalid hash algorithmID\n");
return (-1);
}
rv = SECU_FileToItem(&data, dataFile);
dataToVerify = data.data;
if (dataToVerify) {
SECKEYKeyDBHandle *keyHandle;
CERTCertDBHandle *certHandle;
/*certUsageObjectSigner;*/
SECCertUsage usage = certUsageEmailSigner;
#if 0
if (debugInfo)
PR_fprintf(PR_STDERR, "dataToVerify=%s\n",
dataToVerify);
#endif
digest.data = digestBuffer;
if (DigestData (digest.data, dataToVerify,
&digest.len, 32, digestType)) {
PR_fprintf(PR_STDERR, "Fail to compute message digest for verification. Reason: %s\n",
SECU_ErrorString((int16)PORT_GetError()));
return (-1);
}
#if 0
if (debugInfo) {
PR_fprintf(PR_STDERR, "Data Digest=:");
for (i = 0; i < digest.len; i++)
PR_fprintf(PR_STDERR, "%02x:", digest.data[i]);
PR_fprintf(PR_STDERR, "\n");
}
#endif
keyHandle = SECKEY_GetDefaultKeyDB();
if (keyHandle == NULL) {
PR_fprintf(PR_STDERR, ": %s\n", SECU_ErrorString((int16)PORT_GetError()));
return -1;
}
/* open cert database */
certHandle = SECU_OpenCertDB(PR_TRUE);
if (certHandle == NULL) {
PR_fprintf(PR_STDERR, "%s Problem open the cert dbase\n",
progName);
return -1;
}
if (signver.commands[cmd_VerifySignedObj].activated)
fprintf(outFile, "signatureValid=");
PORT_SetError(0);
if (SEC_PKCS7VerifyDetachedSignature (cinfo, usage,
&digest, digestType, PR_FALSE)) {
if (signver.commands[cmd_VerifySignedObj].activated)
fprintf(outFile, "yes");
} else {
if (signver.commands[cmd_VerifySignedObj].activated){
fprintf(outFile, "no");
if (signver.options[opt_PrintWhyFailure].activated)
fprintf(outFile, ":%s", SECU_ErrorString((int16)PORT_GetError()));
}
}
if (signver.commands[cmd_VerifySignedObj].activated)
fprintf(outFile, "\n");
SECITEM_FreeItem(&data, PR_FALSE);
} else {
PR_fprintf(PR_STDERR, "Cannot read data\n");
return (-1);
}
}
SEC_PKCS7DestroyContentInfo(cinfo);
} else
PR_fprintf(PR_STDERR, "Unable to decode PKCS7 data\n");
}
if (signver.commands[cmd_DisplayAllPCKS7Info].activated)
SV_PrintPKCS7ContentInfo(outFile, &data);
if (displayAllCerts)
PR_fprintf(PR_STDERR, "-C option is not implemented in this version\n");
if (displayAllSigners)
PR_fprintf(PR_STDERR, "-S option is not implemented in this version\n");
/* Pretty print it */
} else if (PL_strcmp(typeTag, SEC_CT_CERTIFICATE) == 0) {
rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0,
SECU_PrintCertificate);
} else if (PL_strcmp(typeTag, SEC_CT_CERTIFICATE_REQUEST) == 0) {
rv = SECU_PrintSignedData(outFile, &data, "Certificate Request", 0,
SECU_PrintCertificateRequest);
} else if (PL_strcmp (typeTag, SEC_CT_CRL) == 0) {
rv = SECU_PrintSignedData (outFile, &data, "CRL", 0, SECU_PrintCrl);
} else if (PL_strcmp(typeTag, SEC_CT_PRIVATE_KEY) == 0) {
rv = SECU_PrintPrivateKey(outFile, &data, "Private Key", 0);
} else if (PL_strcmp(typeTag, SEC_CT_PUBLIC_KEY) == 0) {
rv = SECU_PrintPublicKey(outFile, &data, "Public Key", 0);
} else if (PL_strcmp(typeTag, SEC_CT_PKCS7) == 0) {
rv = SECU_PrintPKCS7ContentInfo(outFile, &data,
"PKCS #7 Content Info", 0);
} else {
PR_fprintf(PR_STDERR, "%s: don't know how to print out '%s' files\n",
progName, typeTag);
return -1;
}
if (rv) {
PR_fprintf(PR_STDERR, "%s: problem converting data (%s)\n",
progName, SECU_ErrorString((int16)PORT_GetError()));
return -1;
}
return 0;
}
Reference in New Issue View Git Blame Copy Permalink