2
* The contents of this file are subject to the Mozilla Public
3
* License Version 1.1 (the "License"); you may not use this file
4
* except in compliance with the License. You may obtain a copy of
5
* the License at http://www.mozilla.org/MPL/
7
* Software distributed under the License is distributed on an "AS
8
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9
* implied. See the License for the specific language governing
10
* rights and limitations under the License.
12
* The Original Code is the Netscape security libraries.
14
* The Initial Developer of the Original Code is Netscape
15
* Communications Corporation. Portions created by Netscape are
16
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
21
* Alternatively, the contents of this file may be used under the
22
* terms of the GNU General Public License Version 2 or later (the
23
* "GPL"), in which case the provisions of the GPL are applicable
24
* instead of those above. If you wish to allow use of your
25
* version of this file only under the terms of the GPL and not to
26
* allow others to use your version of this file under the MPL,
27
* indicate your decision by deleting the provisions above and
28
* replace them with the notice and other provisions required by
29
* the GPL. If you do not delete the provisions above, a recipient
30
* may use your version of this file under either the MPL or the
37
** utility for managing certificates and the cert database
50
#define SEC_CERT_DB_EXISTS 0
51
#define SEC_CREATE_CERT_DB 1
53
static char *progName;
55
static CERTSignedCrl *FindCRL
56
(CERTCertDBHandle *certHandle, char *name, int type)
58
CERTSignedCrl *crl = NULL;
59
CERTCertificate *cert = NULL;
62
cert = CERT_FindCertByNickname(certHandle, name);
64
SECU_PrintError(progName, "could not find certificate named %s", name);
65
return ((CERTSignedCrl *)NULL);
68
crl = SEC_FindCrlByName(certHandle, &cert->derSubject, type);
71
(progName, "could not find %s's CRL", name);
72
CERT_DestroyCertificate (cert);
76
static void DisplayCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType)
78
CERTCertificate *cert = NULL;
79
CERTSignedCrl *crl = NULL;
81
crl = FindCRL (certHandle, nickName, crlType);
84
SECU_PrintCRLInfo (stdout, &crl->crl, "CRL Info:\n", 0);
89
static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType, PRBool deletecrls)
91
CERTCrlHeadNode *crlList = NULL;
92
CERTCrlNode *crlNode = NULL;
93
CERTName *name = NULL;
94
PRArenaPool *arena = NULL;
98
arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
100
fprintf(stderr, "%s: fail to allocate memory\n", progName);
104
name = PORT_ArenaZAlloc (arena, sizeof(*name));
106
fprintf(stderr, "%s: fail to allocate memory\n", progName);
111
rv = SEC_LookupCrls (certHandle, &crlList, crlType);
112
if (rv != SECSuccess) {
113
fprintf(stderr, "%s: fail to look up CRLs (%s)\n", progName,
114
SECU_Strerror(PORT_GetError()));
122
crlNode = crlList->first;
124
fprintf (stdout, "\n");
125
fprintf (stdout, "\n%-40s %-5s\n\n", "CRL names", "CRL Type");
127
char* asciiname = NULL;
128
name = &crlNode->crl->crl.name;
130
fprintf(stderr, "%s: fail to get the CRL issuer name (%s)\n", progName,
131
SECU_Strerror(PORT_GetError()));
135
asciiname = CERT_NameToAscii(name);
136
fprintf (stdout, "\n%-40s %-5s\n", asciiname, "CRL");
138
PORT_Free(asciiname);
140
if ( PR_TRUE == deletecrls) {
141
CERTSignedCrl* acrl = NULL;
142
SECItem* issuer = &crlNode->crl->crl.derName;
143
acrl = SEC_FindCrlByName(certHandle, issuer, crlType);
146
SEC_DeletePermCRL(acrl);
147
SEC_DestroyCrl(acrl);
150
crlNode = crlNode->next;
155
PORT_FreeArena (crlList->arena, PR_FALSE);
156
PORT_FreeArena (arena, PR_FALSE);
159
static void ListCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType)
161
if (nickName == NULL)
162
ListCRLNames (certHandle, crlType, PR_FALSE);
164
DisplayCRL (certHandle, nickName, crlType);
169
static SECStatus DeleteCRL (CERTCertDBHandle *certHandle, char *name, int type)
171
CERTSignedCrl *crl = NULL;
172
SECStatus rv = SECFailure;
174
crl = FindCRL (certHandle, name, type);
177
(progName, "could not find the issuer %s's CRL", name);
180
rv = SEC_DeletePermCRL (crl);
182
if (rv != SECSuccess) {
184
(progName, "fail to delete the issuer %s's CRL from the perm database (reason: %s)",
185
name, SECU_Strerror(PORT_GetError()));
191
SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type,
192
PRFileDesc *inFile, PRInt32 importOptions, PRInt32 decodeOptions)
194
CERTCertificate *cert = NULL;
195
CERTSignedCrl *crl = NULL;
197
PK11SlotInfo* slot = NULL;
199
PRIntervalTime starttime, endtime, elapsed;
200
PRUint32 mins, secs, msecs;
205
/* Read in the entire file specified with the -f argument */
206
rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE);
207
if (rv != SECSuccess) {
208
SECU_PrintError(progName, "unable to read input file");
212
decodeOptions |= CRL_DECODE_DONT_COPY_DER;
214
slot = PK11_GetInternalKeySlot();
216
starttime = PR_IntervalNow();
217
crl = PK11_ImportCRL(slot, &crlDER, url, type,
218
NULL, importOptions, NULL, decodeOptions);
219
endtime = PR_IntervalNow();
220
elapsed = endtime - starttime;
221
mins = PR_IntervalToSeconds(elapsed) / 60;
222
secs = PR_IntervalToSeconds(elapsed) % 60;
223
msecs = PR_IntervalToMilliseconds(elapsed) % 1000;
224
printf("Elapsed : %2d:%2d.%3d\n", mins, secs, msecs);
226
const char *errString;
228
errString = SECU_Strerror(PORT_GetError());
229
if ( errString && PORT_Strlen (errString) == 0)
231
(progName, "CRL is not imported (error: input CRL is not up to date.)");
234
(progName, "unable to import CRL");
236
SEC_DestroyCrl (crl);
244
static void Usage(char *progName)
247
"Usage: %s -L [-n nickname] [-d keydir] [-P dbprefix] [-t crlType]\n"
248
" %s -D -n nickname [-d keydir] [-P dbprefix]\n"
249
" %s -I -i crl -t crlType [-u url] [-d keydir] [-P dbprefix] [-B]\n"
250
" %s -E -t crlType [-d keydir] [-P dbprefix]\n"
251
" %s -T\n", progName, progName, progName, progName, progName);
253
fprintf (stderr, "%-15s List CRL\n", "-L");
254
fprintf(stderr, "%-20s Specify the nickname of the CA certificate\n",
256
fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
258
fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n",
261
fprintf (stderr, "%-15s Delete a CRL from the cert database\n", "-D");
262
fprintf(stderr, "%-20s Specify the nickname for the CA certificate\n",
264
fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType");
265
fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
267
fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n",
270
fprintf (stderr, "%-15s Erase all CRLs of specified type from hte cert database\n", "-E");
271
fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType");
272
fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
274
fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n",
277
fprintf (stderr, "%-15s Import a CRL to the cert database\n", "-I");
278
fprintf(stderr, "%-20s Specify the file which contains the CRL to import\n",
280
fprintf(stderr, "%-20s Specify the url.\n", "-u url");
281
fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType");
282
fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
284
fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n",
287
fprintf (stderr, "%-15s Test . Only for debugging purposes. See source code\n", "-T");
289
fprintf(stderr, "%-20s CRL Types (default is SEC_CRL_TYPE):\n", " ");
290
fprintf(stderr, "%-20s \t 0 - SEC_KRL_TYPE\n", " ");
291
fprintf(stderr, "%-20s \t 1 - SEC_CRL_TYPE\n", " ");
292
fprintf(stderr, "\n%-20s Bypass CA certificate checks.\n", "-B");
293
fprintf(stderr, "\n%-20s Partial decode for faster operation.\n", "-p");
294
fprintf(stderr, "%-20s Repeat the operation.\n", "-r <iterations>");
299
int main(int argc, char **argv)
302
CERTCertDBHandle *certHandle;
313
PLOptState *optstate;
316
PRBool bypassChecks = PR_FALSE;
317
PRInt32 decodeOptions = CRL_DECODE_DEFAULT_OPTIONS;
318
PRInt32 importOptions = CRL_IMPORT_DEFAULT_OPTIONS;
319
PRBool test = PR_FALSE;
320
PRBool erase = PR_FALSE;
322
PRInt32 iterations = 1;
324
progName = strrchr(argv[0], '/');
325
progName = progName ? progName+1 : argv[0];
328
deleteCRL = importCRL = listCRL = 0;
331
nickName = url = NULL;
332
privKeyDER.data = NULL;
334
crlType = SEC_CRL_TYPE;
336
* Parse command line arguments
338
optstate = PL_CreateOptState(argc, argv, "BCDILP:d:i:n:pt:u:TEr:");
339
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
340
switch (optstate->option) {
354
importOptions |= CRL_IMPORT_BYPASS_CHECKS;
374
dbPrefix = strdup(optstate->value);
378
SECU_ConfigDirectory(optstate->value);
382
inFile = PR_Open(optstate->value, PR_RDONLY, 0);
384
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
385
progName, optstate->value);
386
PL_DestroyOptState(optstate);
392
nickName = strdup(optstate->value);
396
decodeOptions |= CRL_DECODE_SKIP_ENTRIES;
400
const char* str = optstate->value;
401
if (str && atoi(str)>0)
402
iterations = atoi(str);
409
type = strdup(optstate->value);
410
crlType = atoi (type);
411
if (crlType != SEC_CRL_TYPE && crlType != SEC_KRL_TYPE) {
412
fprintf(stderr, "%s: invalid crl type\n", progName);
413
PL_DestroyOptState(optstate);
419
url = strdup(optstate->value);
424
PL_DestroyOptState(optstate);
426
if (deleteCRL && !nickName) Usage (progName);
427
if (!(listCRL || deleteCRL || importCRL || test || erase)) Usage (progName);
428
if (importCRL && !inFile) Usage (progName);
430
PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
431
secstatus = NSS_Initialize(SECU_ConfigDirectory(NULL), dbPrefix, dbPrefix,
433
if (secstatus != SECSuccess) {
434
SECU_PrintPRandOSError(progName);
438
certHandle = CERT_GetDefaultCertDB();
439
if (certHandle == NULL) {
440
SECU_PrintError(progName, "unable to open the cert db");
441
/*ignoring return value of NSS_Shutdown() as code returns -1*/
442
(void) NSS_Shutdown();
446
for (i=0; i<iterations; i++) {
447
/* Read in the private key info */
449
DeleteCRL (certHandle, nickName, crlType);
451
ListCRL (certHandle, nickName, crlType);
453
else if (importCRL) {
454
rv = ImportCRL (certHandle, url, crlType, inFile, importOptions,
458
/* list and delete all CRLs */
459
ListCRLNames (certHandle, crlType, PR_TRUE);
463
/* list and delete all CRLs */
464
ListCRLNames (certHandle, crlType, PR_TRUE);
466
ListCRLNames (certHandle, crlType, PR_FALSE);
467
/* import CRL as a blob */
468
rv = ImportCRL (certHandle, url, crlType, inFile, importOptions,
471
ListCRLNames (certHandle, crlType, PR_FALSE);
475
if (NSS_Shutdown() != SECSuccess) {