2
* The contents of this file are subject to the Mozilla Public
3
* License Version 1.1 (the "License"); you may not use this file
4
* except in compliance with the License. You may obtain a copy of
5
* the License at http://www.mozilla.org/MPL/
7
* Software distributed under the License is distributed on an "AS
8
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9
* implied. See the License for the specific language governing
10
* rights and limitations under the License.
12
* The Original Code is the Netscape security libraries.
14
* The Initial Developer of the Original Code is Netscape
15
* Communications Corporation. Portions created by Netscape are
16
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
21
* Alternatively, the contents of this file may be used under the
22
* terms of the GNU General Public License Version 2 or later (the
23
* "GPL"), in which case the provisions of the GPL are applicable
24
* instead of those above. If you wish to allow use of your
25
* version of this file only under the terms of the GPL and not to
26
* allow others to use your version of this file under the MPL,
27
* indicate your decision by deleting the provisions above and
28
* replace them with the notice and other provisions required by
29
* the GPL. If you do not delete the provisions above, a recipient
30
* may use your version of this file under either the MPL or the
35
* p7content -- A command to display pkcs7 content.
37
* $Id: p7content.c,v 1.9 2003/09/26 06:18:40 jpierre%netscape.com Exp $
55
#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4))
56
extern int fwrite(char *, size_t, size_t, FILE*);
57
extern int fprintf(FILE *, char *, ...);
66
"Usage: %s [-d dbdir] [-i input] [-o output]\n",
69
"%-20s Key/Cert database directory (default is ~/.netscape)\n",
71
fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
73
fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
78
static PRBool saw_content;
81
PrintBytes(void *arg, const char *buf, unsigned long len)
86
fwrite (buf, len, 1, out);
88
saw_content = PR_TRUE;
92
* XXX Someday we may want to do real policy stuff here. This allows
93
* anything to be decrypted, which is okay for a test program but does
94
* not set an example of how a real client with a real policy would
98
decryption_allowed(SECAlgorithmID *algid, PK11SymKey *key)
104
DecodeAndPrintFile(FILE *out, PRFileDesc *in, char *progName)
107
SEC_PKCS7ContentInfo *cinfo = NULL;
108
SEC_PKCS7DecoderContext *dcx;
110
if (SECU_ReadDERFromFile(&derdata, in, PR_FALSE)) {
111
SECU_PrintError(progName, "error converting der");
116
"Content printed between bars (newline added before second bar):");
117
fprintf(out, "\n---------------------------------------------\n");
119
saw_content = PR_FALSE;
120
dcx = SEC_PKCS7DecoderStart(PrintBytes, out, NULL, NULL,
121
NULL, NULL, decryption_allowed);
123
#if 0 /* Test that decoder works when data is really streaming in. */
126
for (i = 0; i < derdata.len; i++)
127
SEC_PKCS7DecoderUpdate(dcx, derdata.data + i, 1);
130
SEC_PKCS7DecoderUpdate(dcx, (char *)derdata.data, derdata.len);
132
cinfo = SEC_PKCS7DecoderFinish(dcx);
135
fprintf(out, "\n---------------------------------------------\n");
140
fprintf(out, "Content was%s encrypted.\n",
141
SEC_PKCS7ContentIsEncrypted(cinfo) ? "" : " not");
143
if (SEC_PKCS7ContentIsSigned(cinfo)) {
144
char *signer_cname, *signer_ename;
145
SECItem *signing_time;
148
fprintf(out, "Signature is ");
150
if (SEC_PKCS7VerifySignature(cinfo, certUsageEmailSigner, PR_FALSE))
151
fprintf(out, "valid.\n");
153
fprintf(out, "invalid (Reason: %s).\n",
154
SECU_Strerror(PORT_GetError()));
157
"Content is detached; signature cannot be verified.\n");
160
signer_cname = SEC_PKCS7GetSignerCommonName(cinfo);
161
if (signer_cname != NULL) {
162
fprintf(out, "The signer's common name is %s\n", signer_cname);
163
PORT_Free(signer_cname);
165
fprintf(out, "No signer common name.\n");
168
signer_ename = SEC_PKCS7GetSignerEmailAddress(cinfo);
169
if (signer_ename != NULL) {
170
fprintf(out, "The signer's email address is %s\n", signer_ename);
171
PORT_Free(signer_ename);
173
fprintf(out, "No signer email address.\n");
176
signing_time = SEC_PKCS7GetSigningTime(cinfo);
177
if (signing_time != NULL) {
178
SECU_PrintTimeChoice(out, signing_time, "Signing time", 0);
180
fprintf(out, "No signing time included.\n");
183
fprintf(out, "Content was not signed.\n");
186
fprintf(out, "There were%s certs or crls included.\n",
187
SEC_PKCS7ContainsCertsOrCrls(cinfo) ? "" : " no");
189
SEC_PKCS7DestroyContentInfo(cinfo);
195
* Print the contents of a PKCS7 message, indicating signatures, etc.
199
main(int argc, char **argv)
204
PLOptState *optstate;
208
progName = strrchr(argv[0], '/');
209
progName = progName ? progName+1 : argv[0];
215
* Parse command line arguments
217
optstate = PL_CreateOptState(argc, argv, "d:i:o:");
218
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
219
switch (optstate->option) {
221
SECU_ConfigDirectory(optstate->value);
225
inFile = PR_Open(optstate->value, PR_RDONLY, 0);
227
fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
228
progName, optstate->value);
234
outFile = fopen(optstate->value, "w");
236
fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
237
progName, optstate->value);
247
if (status == PL_OPT_BAD)
250
if (!inFile) inFile = PR_STDIN;
251
if (!outFile) outFile = stdout;
253
/* Call the initialization routines */
254
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
255
rv = NSS_Init(SECU_ConfigDirectory(NULL));
256
if (rv != SECSuccess) {
257
SECU_PrintPRandOSError(progName);
261
if (DecodeAndPrintFile(outFile, inFile, progName)) {
262
SECU_PrintError(progName, "problem decoding data");
266
if (NSS_Shutdown() != SECSuccess) {