diff options
author | JustOff <Off.Just.Off@gmail.com> | 2018-06-09 15:11:22 +0300 |
---|---|---|
committer | JustOff <Off.Just.Off@gmail.com> | 2018-06-11 16:42:50 +0300 |
commit | f83f62e1bff0c2aedc32e67fe369ba923c5b104a (patch) | |
tree | fbb69e76754552dde5c3c5d4fe928ed9693f601a /security/nss/cmd | |
parent | 75323087aea91719bbb4f766bc6298d0618f0163 (diff) | |
download | UXP-f83f62e1bff0c2aedc32e67fe369ba923c5b104a.tar UXP-f83f62e1bff0c2aedc32e67fe369ba923c5b104a.tar.gz UXP-f83f62e1bff0c2aedc32e67fe369ba923c5b104a.tar.lz UXP-f83f62e1bff0c2aedc32e67fe369ba923c5b104a.tar.xz UXP-f83f62e1bff0c2aedc32e67fe369ba923c5b104a.zip |
Update NSS to 3.36.4-RTM
Diffstat (limited to 'security/nss/cmd')
-rw-r--r-- | security/nss/cmd/certcgi/HOWTO.txt | 137 | ||||
-rw-r--r-- | security/nss/cmd/certcgi/Makefile | 48 | ||||
-rw-r--r-- | security/nss/cmd/certcgi/ca.html | 19 | ||||
-rw-r--r-- | security/nss/cmd/certcgi/ca_form.html | 357 | ||||
-rw-r--r-- | security/nss/cmd/certcgi/certcgi.c | 2245 | ||||
-rw-r--r-- | security/nss/cmd/certcgi/certcgi.gyp | 33 | ||||
-rw-r--r-- | security/nss/cmd/certcgi/index.html | 789 | ||||
-rw-r--r-- | security/nss/cmd/certcgi/main.html | 76 | ||||
-rw-r--r-- | security/nss/cmd/certcgi/manifest.mn | 22 | ||||
-rw-r--r-- | security/nss/cmd/certcgi/nscp_ext_form.html | 84 | ||||
-rw-r--r-- | security/nss/cmd/certcgi/stnd_ext_form.html | 219 | ||||
-rw-r--r-- | security/nss/cmd/certutil/certutil.c | 2 | ||||
-rw-r--r-- | security/nss/cmd/manifest.mn | 1 | ||||
-rw-r--r-- | security/nss/cmd/signtool/sign.c | 58 |
14 files changed, 49 insertions, 4041 deletions
diff --git a/security/nss/cmd/certcgi/HOWTO.txt b/security/nss/cmd/certcgi/HOWTO.txt deleted file mode 100644 index 54edf8e1a..000000000 --- a/security/nss/cmd/certcgi/HOWTO.txt +++ /dev/null @@ -1,137 +0,0 @@ - How to setup your very own Cert-O-Matic Root CA server - - This Source Code Form is subject to the terms of the Mozilla Public - # License, v. 2.0. If a copy of the MPL was not distributed with this - # file, You can obtain one at http://mozilla.org/MPL/2.0/. - - How to setup your very own Cert-O-Matic Root CA server - -The program certcgi is part of a small test CA that is used inside -Netscape by the NSS development team. That CA is affectionately known -as "Cert-O-Matic" or "Cert-O-Matic II". It presently runs on a server -named interzone.mcom.com inside Netscape's firewall. - -If you wish to setup your own Cert-O-Matic, here are directions. - -Disclaimer: This program does not follow good practices for root CAs. -It should be used only for playing/testing and never for production use. -Remember, you've been warned! - -Cert-O-Matic consists of some html files, shell scripts, one executable -program that uses NSS and NSPR, the usual set of NSS .db files, and a file -in which to remember the serial number of the last cert issued. The -html files and the source to the executable program are in this directory. -Sample shell scripts are shown below. - -The shell scripts and executable program run as CGI "scripts". The -entire thing runs on an ordinary http web server. It would also run on -an https web server. The shell scripts and html files must be -customized for the server on which they run. - -The package assumes you have a "document root" directory $DOCROOT, and a -"cgi-bin" directory $CGIBIN. In this example, the document root is -assumed to be located in /var/www/htdocs, and the cgi-bin directory in -/var/www/cgi-bin. - -The server is assumed to run all cgi scripts as the user "nobody". -The names of the cgi scripts run directly by the server all end in .cgi -because some servers like it that way. - -Instructions: - -- Create directory $DOCROOT/certomatic -- Copy the following files from nss/cmd/certcgi to $DOCROOT/certomatic - ca.html index.html main.html nscp_ext_form.html stnd_ext_form.html -- Edit the html files, substituting the name of your own server for the - server named in those files. -- In some web page (e.g. your server's home page), provide an html link to - $DOCROOT/certomatic/index.html. This is where users start to get their - own certs from certomatic. -- give these files and directories appropriate permissions. - -- Create directories $CGIBIN/certomatic and $CGIBIN/certomatic/bin - make sure that $CGIBIN/certomatic is writable by "nobody" - -- Create a new set of NSS db files there with the following command: - - certutil -N -d $CGIBIN/certomatic - -- when certutil prompts you for the password, enter the word foo - because that is compiled into the certcgi program. - -- Create the new Root CA cert with this command - - certutil -S -x -d $CGIBIN/certomatic -n "Cert-O-Matic II" \ - -s "CN=Cert-O-Matic II, O=Cert-O-Matic II" -t TCu,cu,cu -k rsa \ - -g 1024 -m 10001 -v 60 - - (adjust the -g, -m and -v parameters to taste. -s and -x must be as -shown.) - -- dump out the new root CA cert in base64 encoding: - - certutil -d $CGIBIN/certomatic -L -n "Cert-O-Matic II" -a > \ - $CGIBIN/certomatic/root.cacert - -- In $CGIBIN/certomatic/bin add two shell scripts - one to download the - root CA cert on demand, and one to run the certcgi program. - -download.cgi, the script to install the root CA cert into a browser on -demand, is this: - -#!/bin/sh -echo "Content-type: application/x-x509-ca-cert" -echo -cat $CGIBIN/certomatic/root.cacert - -You'll have to put the real path into that cat command because CGIBIN -won't be defined when this script is run by the server. - -certcgi.cgi, the script to run the certcgi program is similar to this: - -#!/bin/sh -cd $CGIBIN/certomatic/bin -LD_LIBRARY_PATH=$PLATFORM/lib -export LD_LIBRARY_PATH -$PLATFORM/bin/certcgi $* 2>&1 - -Where $PLATFORM/lib is where the NSPR nad NSS DSOs are located, and -$PLATFORM/bin is where certcgi is located. PLATFORM is not defined when -the server runs this script, so you'll have to substitute the right value -in your script. certcgi requires that the working directory be one level -below the NSS DBs, that is, the DBs are accessed in the directory "..". - -You'll want to provide an html link somewhere to the script that downloads -the root.cacert file. You'll probably want to put that next to the link -that loads the index.html page. On interzone, this is done with the -following html: - -<a href="/certomatic/index.html">Cert-O-Matic II Root CA server</a> -<p> -<a href="/cgi-bin/certomatic/bin/download.cgi">Download and trust Root CA -certificate</a> - -The index.html file in this directory invokes the certcgi.cgi script with -the form post method, so if you change the name of the certcgi.cgi script, -you'll also have to change the index.html file in $DOCROOT/certomatic - -The 4 files used by the certcgi program (the 3 NSS DBs, and the serial -number file) are not required to live in $CGIBIN/certomatic, but they are -required to live in $CWD/.. when certcgi starts. - -Known bugs: - -1. Because multiple of these CAs exist simultaneously, it would be best if -they didn't all have to be called "Cert-O-Matic II", but that string is -presently hard coded into certcgi.c. - -2. the html files in this directory contain numerous extraneous <FORM> tags -which appear to use the post method and have action URLS that are never -actually used. burp.cgi and echoform.cgi are never actually used. This -should be cleaned up. - -3. The html files use <layer> tags which are supported only in Netscape -Navigator and Netscape Communication 4.x browsers. The html files do -not work as intended with Netscape 6.x, Mozilla or Microsoft IE browsers. -The html files should be fixed to work with all those named browsers. - diff --git a/security/nss/cmd/certcgi/Makefile b/security/nss/cmd/certcgi/Makefile deleted file mode 100644 index c2039d82b..000000000 --- a/security/nss/cmd/certcgi/Makefile +++ /dev/null @@ -1,48 +0,0 @@ -#! gmake -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - -include ../platrules.mk - diff --git a/security/nss/cmd/certcgi/ca.html b/security/nss/cmd/certcgi/ca.html deleted file mode 100644 index 3f3f08699..000000000 --- a/security/nss/cmd/certcgi/ca.html +++ /dev/null @@ -1,19 +0,0 @@ -<!-- This Source Code Form is subject to the terms of the Mozilla Public - - License, v. 2.0. If a copy of the MPL was not distributed with this - - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> - -<form method="post" name="ca_form" action="mailto:jerdonek@netscape.com"> -<input type="radio" name="caChoiceradio" value="SignWithDefaultkey" - onClick="{parent.choice_change(this.form)}"> - Use the Cert-O-matic certificate to issue the cert</p> -<input type="radio" name="caChoiceradio" value="SignWithRandomChain" - onClick="{parent.choice_change(this.form)}"> Use a - <input type="text" size="2" maxsize="2" name="autoCAs"> CA long - automatically generated chain ending with the Cert-O-Matic Cert - (18 maximum)</p> -<input type="radio" name="caChoiceradio" value="SignWithSpecifiedChain" - onClick="{parent.choice_change(this.form)}"> Use a - <input type="text" size="1" maxlength="1" name="manCAs" - onChange="{parent.ca_num_change(this.value,this.form)}"> CA long - user input chain ending in the Cert-O-Matic Cert.</p> -</form> diff --git a/security/nss/cmd/certcgi/ca_form.html b/security/nss/cmd/certcgi/ca_form.html deleted file mode 100644 index 452996b58..000000000 --- a/security/nss/cmd/certcgi/ca_form.html +++ /dev/null @@ -1,357 +0,0 @@ -<html> -<!-- This Source Code Form is subject to the terms of the Mozilla Public - - License, v. 2.0. If a copy of the MPL was not distributed with this - - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> - <form method="post" name="primary_form" action="http://interzone.mcom.com/burp.cgi"> - <table border=0 cellspacing=10 cellpadding=0> - <tr> - <td> - Common Name:</td><td> <input type="text" name="name" onChange="{window.top.reset_subject('CN=', value, form)}"></p> - </td> - <td></td><td></td><td> - Mail: </td><td><input type="text" name="email" onChange="var temp;{if (email_type[0].checked) {temp = 'MAIL='} else {temp = 'E='}} ;{window.top.reset_subject(temp, value, form)}"></p> - RFC 1274<input type="radio" name="email_type" value="1" onClick="window.top.switch_mail(form)"> - e-mail<input type="radio" name="email_type" value="2" checked onClick="window.top.switch_mail(form)"></td> - <tr> - <td> - Organization: </td><td> <input type="text" name="org" onChange="{window.top.reset_subject('O=', value, form)}"></p></td> - <td></td><td></td><td> - Organizational Unit: </td><td><input type="text" name="org_unit" onChange="{window.top.reset_subject('OU=', value, form)}"></p></td> - <tr> - <td> - RFC 1274 UID: </td><td><input type="text" name="uid" onChange="{window.top.reset_subject('UID=', value, form)}"></p></td> - <td></td><td></td><td> - Locality: </td><td><input type="text" name="loc" onChange="{window.top.reset_subject('L=', value, form)}"></p></td> - <tr> - <td> - State or Province: </td><td><input type="text" name="state" onChange="{window.top.reset_subject('ST=', value, form)}"></p></td> - <td></td><td></td><td> - Country: </td><td><input type="text" size="2" maxsize="2" name="country" onChange="{window.top.reset_subject('C=', value, form)}"></p></td> - </table> - <table border=0 cellspacing=10 cellpadding=0> - <tr> - <td> - Serial Number:</p> - <DD> - <input type="radio" name="serial" value="auto" checked> Auto Generate</P> - <DD> - <input type="radio" name="serial" value="input"> - Use this value: <input type="text" name="serial_value" size="8" maxlength="8"></p> - </td> - <td></td><td></td><td></td><td></td> - <td> - X.509 version:</p> - <DD> - <input type="radio" name="ver" value="1" checked> Version 1</p> - <DD> - <input type="radio" name="ver" value="3"> Version 3</P></td> - <td></td><td></td><td></td><td></td><td></td><td></td><td></td><td></td><td></td> - <td> - Key Type:</p> - <DD> - <input type="radio" name="keyType" value="rsa" checked> RSA</p> - <DD> - <input type="radio" name="keyType" value="dsa"> DSA</P></td> - </table> - DN: <input type="text" name="subject" size="70" onChange="{window.top.reset_subjectFields(form)}"></P> - <Select name="keysize"> - <option>1024 (High Grade) - <option>768 (Medium Grade) - <option>512 (Low Grade) - </select> - </p> - <hr> - </p> - <table border=1 cellspacing=5 cellpadding=5> - <tr> - <td> - <b>Netscape Certificate Type: </b></p> - Activate extension: <input type="checkbox" name="netscape-cert-type"></P> - Critical: <input type="checkbox" name="netscape-cert-type-crit"> - <td> - <input type="checkbox" name="netscape-cert-type-ssl-client"> SSL Client</P> - <input type="checkbox" name="netscape-cert-type-ssl-server"> SSL Server</P> - <input type="checkbox" name="netscape-cert-type-smime"> S/MIME</P> - <input type="checkbox" name="netscape-cert-type-object-signing"> Object Signing</P> - <input type="checkbox" name="netscape-cert-type-reserved"> Reserved for future use (bit 4)</P> - <input type="checkbox" name="netscape-cert-type-ssl-ca"> SSL CA</P> - <input type="checkbox" name="netscape-cert-type-smime-ca"> S/MIME CA</P> - <input type="checkbox" name="netscape-cert-type-object-signing-ca"> Object Signing CA</P> - </tr> - <tr> - <td> - <b>Netscape Base URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-base-url"></P> - Critical: <input type="checkbox" name="netscape-base-url-crit"> - <td> - <input type="text" name="netscape-base-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape Revocation URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-revocation-url"></P> - Critical: <input type="checkbox" name="netscape-revocation-url-crit"> - <td> - <input type="text" name="netscape-revocation-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape CA Revocation URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-ca-revocation-url"></P> - Critical: <input type="checkbox" name="netscape-ca-revocation-url-crit"> - <td> - <input type="text" name="netscape-ca-revocation-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape Certificate Renewal URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-cert-renewal-url"></P> - Critical: <input type="checkbox" name="netscape-cert-renewal-url-crit"> - <td> - <input type="text" name="netscape-cert-renewal-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape CA Policy URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-ca-policy-url"></P> - Critical: <input type="checkbox" name="netscape-ca-policy-url-crit"> - <td> - <input type="text" name="netscape-ca-policy-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape SSL Server Name:</b></p> - Activate extension: <input type="checkbox" name="netscape-ssl-server-name"></P> - Critical: <input type="checkbox" name="netscape-ssl-server-name-crit"> - <td> - <input type="text" name="netscape-ssl-server-name-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape Comment:</b></p> - Activate extension: <input type="checkbox" name="netscape-comment"></P> - Critical: <input type="checkbox" name="netscape-comment-crit"> - <td> - <textarea name="netscape-comment-text" rows="5" cols="50"></textarea> - </tr> - </table> - </p> - <hr> - </p> - <table border=1 cellspacing=5 cellpadding=5> - <form method="post" name="primary_form" action="http://interzone.mcom.com/burp.cgi"> - <tr> - <td> - <b>Key Usage: </b></p> - Activate extension: <input type="checkbox" name="keyUsage"></P> - Critical: <input type="checkbox" name="keyUsage-crit"> - <td> - <input type="checkbox" name="keyUsage-digitalSignature"> Digital Signature</P> - <input type="checkbox" name="keyUsage-nonRepudiation"> Non Repudiation</P> - <input type="checkbox" name="keyUsage-keyEncipherment"> Key Encipherment</P> - <input type="checkbox" name="keyUsage-dataEncipherment"> Data Encipherment</P> - <input type="checkbox" name="keyUsage-keyAgreement"> Key Agreement</P> - <input type="checkbox" name="keyUsage-keyCertSign"> Key Certificate Signing</P> - <input type="checkbox" name="keyUsage-cRLSign"> CRL Signing</P> - </tr> - <tr> - <td> - <b>Extended Key Usage: </b></p> - Activate extension: <input type="checkbox" name="extKeyUsage"></P> - Critical: <input type="checkbox" name="extKeyUsage-crit"> - <td> - <input type="checkbox" name="extKeyUsage-serverAuth"> Server Auth</P> - <input type="checkbox" name="extKeyUsage-clientAuth"> Client Auth</P> - <input type="checkbox" name="extKeyUsage-codeSign"> Code Signing</P> - <input type="checkbox" name="extKeyUsage-emailProtect"> Email Protection</P> - <input type="checkbox" name="extKeyUsage-timeStamp"> Timestamp</P> - <input type="checkbox" name="extKeyUsage-ocspResponder"> OCSP Responder</P> - <input type="checkbox" name="extKeyUsage-NS-govtApproved"> Step-up</P> - <input type="checkbox" name="extKeyUsage-msTrustListSign"> Microsoft Trust List Signing</P> - </tr> - <tr> - <td> - <b>Basic Constraints:</b></p> - Activate extension: <input type="checkbox" name="basicConstraints"></P> - Critical: <input type="checkbox" name="basicConstraints-crit"> - <td> - CA:</p> - <dd><input type=radio name="basicConstraints-cA-radio" value="CA"> True</p> - <dd><input type=radio name="basicConstraints-cA-radio" value="NotCA"> False</p> - <input type="checkbox" name="basicConstraints-pathLengthConstraint"> - Include Path length: <input type="text" name="basicConstraints-pathLengthConstraint-text" size="2"></p> - </tr> - <tr> - <td> - <b>Authority Key Identifier:</b></p> - Activate extension: <input type="checkbox" name="authorityKeyIdentifier"> - <td> - <input type="radio" name="authorityKeyIdentifier-radio" value="keyIdentifier"> Key Identider</p> - <input type="radio" name="authorityKeyIdentifier-radio" value="authorityCertIssuer"> Issuer Name and Serial number</p> - </tr> - <tr> - <td> - <b>Subject Key Identifier:</b></p> - Activate extension: <input type="checkbox" name="subjectKeyIdentifier"> - <td> - Key Identifier: - <input type="text" name="subjectKeyIdentifier-text"></p> - This is an:<p> - <dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="ascii"> ascii text value<p> - <dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="hex"> hex value<p> - </tr> - <tr> - <td> - <b>Private Key Usage Period:</b></p> - Activate extension: <input type="checkbox" name="privKeyUsagePeriod"></p> - Critical: <input type="checkbox" name="privKeyUsagePeriod-crit"> - <td> - Use:</p> - <dd><input type="radio" name="privKeyUsagePeriod-radio" value="notBefore"> Not Before</p> - <dd><input type="radio" name="privKeyUsagePeriod-radio" value="notAfter"> Not After</p> - <dd><input type="radio" name="privKeyUsagePeriod-radio" value="both" > Both</p> - <b>Not to be used to sign before:</b></p> - <dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="auto"> Set to time of certificate issue</p> - <dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="manual"> Use This value</p> - <dd><dd>(YYYY/MM/DD HH:MM:SS): - <input type="text" name="privKeyUsagePeriod-notBefore-year" size="4" maxlength="4">/ - <input type="text" name="privKeyUsagePeriod-notBefore-month" size="2" maxlength="2">/ - <input type="text" name="privKeyUsagePeriod-notBefore-day" size="2" maxlength="2"> - <input type="text" name="privKeyUsagePeriod-notBefore-hour" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notBefore-minute" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notBefore-second" size="2" maxlength="2"></p> - <b>Not to be used to sign after:</b></p> - <dd>(YYYY/MM/DD HH:MM:SS): - <input type="text" name="privKeyUsagePeriod-notAfter-year" size="4" maxlength="4">/ - <input type="text" name="privKeyUsagePeriod-notAfter-month" size="2" maxlength="2">/ - <input type="text" name="privKeyUsagePeriod-notAfter-day" size="2" maxlength="2"> - <input type="text" name="privKeyUsagePeriod-notAfter-hour" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notAfter-minute" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notAfter-second" size="2" maxlength="2"></p> - </tr> - <tr> - <td> - <b>Subject Alternative Name:</b></p> - Activate extension: <input type="checkbox" name="SubAltName"></P> - Critical: <input type="checkbox" name="SubAltName-crit"> - <td> - <table> - <tr> - <td> - General Names:</p> - <select name="SubAltNameSelect" multiple size="10"> - </select></p></p> - <input type="button" name="SubAltName-add" value="Add" onClick="{parent.addSubAltName(this.form)}"> - <input type="button" name="SubAltName-delete" value="Delete" onClick="parent.deleteSubAltName(this.form)"> - </td><td> - <table><tr><td> - Name Type: </td></tr><tr><td> - <input type="radio" name="SubAltNameRadio" value="otherName" onClick="parent.setSubAltNameType(form)"> Other Name, - OID: <input type="text" name="SubAltNameOtherNameOID" size="6"> </td><td> - <input type="radio" name="SubAltNameRadio" value="rfc822Name" onClick="parent.setSubAltNameType(form)"> RFC 822 Name</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="dnsName" onClick="parent.setSubAltNameType(form)"> DNS Name </td><td> - <input type="radio" name="SubAltNameRadio" value="x400" onClick="parent.setSubAltNameType(form)"> X400 Address</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="directoryName" onClick="parent.setSubAltNameType(form)"> Directory Name</td><td> - <input type="radio" name="SubAltNameRadio" value="ediPartyName" onClick="parent.setSubAltNameType(form)"> EDI Party Name</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="URL" onClick="parent.setSubAltNameType(form)"> Uniform Resource Locator</td><td> - <input type="radio" name="SubAltNameRadio" value="ipAddress" onClick="parent.setSubAltNameType(form)"> IP Address</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="regID"onClick="parent.setSubAltNameType(form)"> Registered ID</td><td> - <input type="radio" name="SubAltNameRadio" value="nscpNickname" onClick="parent.setSubAltNameType(form)"> Netscape Certificate Nickname</td><td></tr> - </table> - Name: <input type="text" name="SubAltNameText"> - Binary Encoded: <input type="checkbox" name="SubAltNameDataType" value="binary" onClick="parent.setSubAltNameType(form)"></p> - </tr> - </table> - </tr> - - - <tr> - <td> - <b>Issuer Alternative Name:</b></p> - Activate extension: <input type="checkbox" name="IssuerAltName"></P> - Critical: <input type="checkbox" name="IssuerAltName-crit"> - <td> - <input type="radio" name="IssuerAltNameSourceRadio" value="auto"> Use the Subject Alternative Name from the Issuers Certificate</p> - <input type="radio" name="IssuerAltNameSourceRadio" value="man"> Use this Name: - <table> - <tr> - <td> - General Names:</p> - <select name="IssuerAltNameSelect" multiple size="10"> - </select></p></p> - <input type="button" name="IssuerAltName-add" value="Add" onClick="{parent.addIssuerAltName(this.form)}"> - <input type="button" name="IssuerAltName-delete" value="Delete" onClick="parent.deleteIssuerAltName(this.form)"> - </td><td> - <table><tr><td> - Name Type: </td></tr><tr><td> - <input type="radio" name="IssuerAltNameRadio" value="otherName" onClick="parent.setIssuerAltNameType(form)"> Other Name, - OID: <input type="text" name="IssuerAltNameOtherNameOID" size="6"> </td><td> - <input type="radio" name="IssuerAltNameRadio" value="rfc822Name" onClick="parent.setIssuerAltNameType(form)"> RFC 822 Name</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="dnsName" onClick="parent.setIssuerAltNameType(form)"> DNS Name </td><td> - <input type="radio" name="IssuerAltNameRadio" value="x400" onClick="parent.setIssuerAltNameType(form)"> X400 Address</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="directoryName" onClick="parent.setIssuerAltNameType(form)"> Directory Name</td><td> - <input type="radio" name="IssuerAltNameRadio" value="ediPartyName" onClick="parent.setIssuerAltNameType(form)"> EDI Party Name</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="URL" onClick="parent.setIssuerAltNameType(form)"> Uniform Resource Locator</td><td> - <input type="radio" name="IssuerAltNameRadio" value="ipAddress" onClick="parent.setIssuerAltNameType(form)"> IP Address</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="regID" onClick="parent.setIssuerAltNameType(form)"> Registered ID</td><td></tr> - </table> - Name: <input type="text" name="IssuerAltNameText"> - Binary Encoded: <input type="checkbox" name="IssuerAltNameDataType" value="binary" onClick="parent.setIssuerAltNameType(form)"></p> - </tr> - </table> - </tr> - - <tr> - <td> - <b>Name Constraints:</b></p> - Activate extension: <input type="checkbox" name="NameConstraints"></P> - <td> - <table> - <tr> - <td> - Name Constraints:</p> - - - <select name="NameConstraintSelect" multiple size="10"> - </select></p></p> - <input type="button" name="NameConstraint-add" value="Add" onClick="{parent.addNameConstraint(this.form)}"> - <input type="button" name="NameConstraint-delete" value="Delete" onClick="parent.deleteNameConstraint(this.form)"> - </td><td> - <table><tr><td> - Name Type: </td></tr><tr><td> - <input type="radio" name="NameConstraintRadio" value="otherName" onClick="parent.setNameConstraintNameType(form)"> Other Name, - OID: <input type="text" name="NameConstraintOtherNameOID" size="6"> </td><td> - <input type="radio" name="NameConstraintRadio" value="rfc822Name" onClick="parent.setNameConstraintNameType(form)"> RFC 822 Name</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="dnsName" onClick="parent.setNameConstraintNameType(form)"> DNS Name </td><td> - <input type="radio" name="NameConstraintRadio" value="x400" onClick="parent.setNameConstraintNameType(form)"> X400 Address</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="directoryName" onClick="parent.setNameConstraintNameType(form)"> Directory Name</td><td> - <input type="radio" name="NameConstraintRadio" value="ediPartyName" onClick="parent.setNameConstraintNameType(form)"> EDI Party Name</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="URL" onClick="parent.setNameConstraintNameType(form)"> Uniform Resource Locator</td><td> - <input type="radio" name="NameConstraintRadio" value="ipAddress" onClick="parent.setNameConstraintNameType(form)"> IP Address</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="regID" onClick="parent.setNameConstraintNameType(form)"> Registered ID</td><td></tr> - </table> - Name: <input type="text" name="NameConstraintText"> - Binary Encoded: <input type="checkbox" name="NameConstraintNameDataType" value="binary" onClick="parent.setNameConstraintNameType(form)"></p> - Constraint type:<p> - <dd><input type="radio" name="NameConstraintTypeRadio" value="permited"> permited<p> - <dd><input type="radio" name="NameConstraintTypeRadio" value="excluded"> excluded<p> - Minimum: <input type="text" name="NameConstraintMin" size="8" maxlength="8"></p> - Maximum: <input type="text" name="NameConstraintMax" size="8" maxlength="8"></p> - - - - </tr> - </table> - </tr> - </table> - </form> - - - - - - - - - - diff --git a/security/nss/cmd/certcgi/certcgi.c b/security/nss/cmd/certcgi/certcgi.c deleted file mode 100644 index 4d1a1061a..000000000 --- a/security/nss/cmd/certcgi/certcgi.c +++ /dev/null @@ -1,2245 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -/* Cert-O-Matic CGI */ - -#include "nspr.h" -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" - -#include "pk11func.h" -#include "cert.h" -#include "cryptohi.h" -#include "secoid.h" -#include "secder.h" -#include "genname.h" -#include "xconst.h" -#include "secutil.h" -#include "pk11pqg.h" -#include "certxutl.h" -#include "nss.h" - -/* #define TEST 1 */ -/* #define FILEOUT 1 */ -/* #define OFFLINE 1 */ -#define START_FIELDS 100 -#define PREFIX_LEN 6 -#define SERIAL_FILE "../serial" -#define DB_DIRECTORY ".." - -static char *progName; - -typedef struct PairStr Pair; - -struct PairStr { - char *name; - char *data; -}; - -char prefix[PREFIX_LEN]; - -const SEC_ASN1Template CERTIA5TypeTemplate[] = { - { SEC_ASN1_IA5_STRING } -}; - -SECKEYPrivateKey *privkeys[9] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, - NULL, NULL }; - -#ifdef notdef -const SEC_ASN1Template CERT_GeneralNameTemplate[] = { - { SEC_ASN1_SEQUENCE_OF, 0, SEC_AnyTemplate } -}; -#endif - -static void -error_out(char *error_string) -{ - printf("Content-type: text/plain\n\n"); - printf("%s", error_string); - fflush(stderr); - fflush(stdout); - exit(1); -} - -static void -error_allocate(void) -{ - error_out("ERROR: Unable to allocate memory"); -} - -static char * -make_copy_string(char *read_pos, - int length, - char sentinal_value) -/* copys string from to a new string it creates and - returns a pointer to the new string */ -{ - int remaining = length; - char *write_pos; - char *new; - - new = write_pos = (char *)PORT_Alloc(length); - if (new == NULL) { - error_allocate(); - } - while (*read_pos != sentinal_value) { - if (remaining == 1) { - remaining += length; - length = length * 2; - new = PORT_Realloc(new, length); - if (new == NULL) { - error_allocate(); - } - write_pos = new + length - remaining; - } - *write_pos = *read_pos; - ++write_pos; - ++read_pos; - remaining = remaining - 1; - } - *write_pos = '\0'; - return new; -} - -static SECStatus -clean_input(Pair *data) -/* converts the non-alphanumeric characters in a form post - from hex codes back to characters */ -{ - int length; - int hi_digit; - int low_digit; - char character; - char *begin_pos; - char *read_pos; - char *write_pos; - PRBool name = PR_TRUE; - - begin_pos = data->name; - while (begin_pos != NULL) { - length = strlen(begin_pos); - read_pos = write_pos = begin_pos; - while ((read_pos - begin_pos) < length) { - if (*read_pos == '+') { - *read_pos = ' '; - } - if (*read_pos == '%') { - hi_digit = *(read_pos + 1); - low_digit = *(read_pos + 2); - read_pos += 3; - if (isdigit(hi_digit)) { - hi_digit = hi_digit - '0'; - } else { - hi_digit = toupper(hi_digit); - if (isxdigit(hi_digit)) { - hi_digit = (hi_digit - 'A') + 10; - } else { - error_out("ERROR: Form data incorrectly formated"); - } - } - if (isdigit(low_digit)) { - low_digit = low_digit - '0'; - } else { - low_digit = toupper(low_digit); - if ((low_digit >= 'A') && (low_digit <= 'F')) { - low_digit = (low_digit - 'A') + 10; - } else { - error_out("ERROR: Form data incorrectly formated"); - } - } - character = (hi_digit << 4) | low_digit; - if (character != 10) { - *write_pos = character; - ++write_pos; - } - } else { - *write_pos = *read_pos; - ++write_pos; - ++read_pos; - } - } - *write_pos = '\0'; - if (name == PR_TRUE) { - begin_pos = data->data; - name = PR_FALSE; - } else { - data++; - begin_pos = data->name; - name = PR_TRUE; - } - } - return SECSuccess; -} - -static char * -make_name(char *new_data) -/* gets the next field name in the input string and returns - a pointer to a string containing a copy of it */ -{ - int length = 20; - char *name; - - name = make_copy_string(new_data, length, '='); - return name; -} - -static char * -make_data(char *new_data) -/* gets the data for the next field in the input string - and returns a pointer to a string containing it */ -{ - int length = 100; - char *data; - char *read_pos; - - read_pos = new_data; - while (*(read_pos - 1) != '=') { - ++read_pos; - } - data = make_copy_string(read_pos, length, '&'); - return data; -} - -static Pair -make_pair(char *new_data) -/* makes a pair name/data pair from the input string */ -{ - Pair temp; - - temp.name = make_name(new_data); - temp.data = make_data(new_data); - return temp; -} - -static Pair * -make_datastruct(char *data, int len) -/* parses the input from the form post into a data - structure of field name/data pairs */ -{ - Pair *datastruct; - Pair *current; - char *curr_pos; - int fields = START_FIELDS; - int remaining = START_FIELDS; - - curr_pos = data; - datastruct = current = (Pair *)PORT_Alloc(fields * sizeof(Pair)); - if (datastruct == NULL) { - error_allocate(); - } - while (curr_pos - data < len) { - if (remaining == 1) { - remaining += fields; - fields = fields * 2; - datastruct = (Pair *)PORT_Realloc(datastruct, fields * sizeof(Pair)); - if (datastruct == NULL) { - error_allocate(); - } - current = datastruct + (fields - remaining); - } - *current = make_pair(curr_pos); - while (*curr_pos != '&') { - ++curr_pos; - } - ++curr_pos; - ++current; - remaining = remaining - 1; - } - current->name = NULL; - return datastruct; -} - -static char * -return_name(Pair *data_struct, - int n) -/* returns a pointer to the name of the nth - (starting from 0) item in the data structure */ -{ - char *name; - - if ((data_struct + n)->name != NULL) { - name = (data_struct + n)->name; - return name; - } else { - return NULL; - } -} - -static char * -return_data(Pair *data_struct, int n) -/* returns a pointer to the data of the nth (starting from 0) - itme in the data structure */ -{ - char *data; - - data = (data_struct + n)->data; - return data; -} - -static char * -add_prefix(char *field_name) -{ - extern char prefix[PREFIX_LEN]; - int i = 0; - char *rv; - char *write; - - rv = write = PORT_Alloc(PORT_Strlen(prefix) + PORT_Strlen(field_name) + 1); - for (i = 0; i < PORT_Strlen(prefix); i++) { - *write = prefix[i]; - write++; - } - *write = '\0'; - rv = PORT_Strcat(rv, field_name); - return rv; -} - -static char * -find_field(Pair *data, - char *field_name, - PRBool add_pre) -/* returns a pointer to the data of the first pair - thats name matches the string it is passed */ -{ - int i = 0; - char *retrieved; - int found = 0; - - if (add_pre) { - field_name = add_prefix(field_name); - } - while (return_name(data, i) != NULL) { - if (PORT_Strcmp(return_name(data, i), field_name) == 0) { - retrieved = return_data(data, i); - found = 1; - break; - } - i++; - } - if (!found) { - retrieved = NULL; - } - return retrieved; -} - -static PRBool -find_field_bool(Pair *data, - char *fieldname, - PRBool add_pre) -{ - char *rv; - - rv = find_field(data, fieldname, add_pre); - - if ((rv != NULL) && (PORT_Strcmp(rv, "true")) == 0) { - return PR_TRUE; - } else { - return PR_FALSE; - } -} - -static CERTCertificateRequest * -makeCertReq(Pair *form_data, - int which_priv_key) -/* makes and encodes a certrequest */ -{ - - PK11SlotInfo *slot; - CERTCertificateRequest *certReq = NULL; - CERTSubjectPublicKeyInfo *spki; - SECKEYPrivateKey *privkey = NULL; - SECKEYPublicKey *pubkey = NULL; - CERTName *name; - char *key; - extern SECKEYPrivateKey *privkeys[9]; - int keySizeInBits; - char *challenge = "foo"; - SECStatus rv = SECSuccess; - PQGParams *pqgParams = NULL; - PQGVerify *pqgVfy = NULL; - - name = CERT_AsciiToName(find_field(form_data, "subject", PR_TRUE)); - if (name == NULL) { - error_out("ERROR: Unable to create Subject Name"); - } - key = find_field(form_data, "key", PR_TRUE); - if (key == NULL) { - switch (*find_field(form_data, "keysize", PR_TRUE)) { - case '0': - keySizeInBits = 2048; - break; - case '1': - keySizeInBits = 1024; - break; - case '2': - keySizeInBits = 512; - break; - default: - error_out("ERROR: Unsupported Key length selected"); - } - if (find_field_bool(form_data, "keyType-dsa", PR_TRUE)) { - rv = PK11_PQG_ParamGen(keySizeInBits, &pqgParams, &pqgVfy); - if (rv != SECSuccess) { - error_out("ERROR: Unable to generate PQG parameters"); - } - slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); - privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, - pqgParams, &pubkey, PR_FALSE, - PR_TRUE, NULL); - } else { - privkey = SECKEY_CreateRSAPrivateKey(keySizeInBits, &pubkey, NULL); - } - privkeys[which_priv_key] = privkey; - spki = SECKEY_CreateSubjectPublicKeyInfo(pubkey); - } else { - spki = SECKEY_ConvertAndDecodePublicKeyAndChallenge(key, challenge, - NULL); - if (spki == NULL) { - error_out("ERROR: Unable to decode Public Key and Challenge String"); - } - } - certReq = CERT_CreateCertificateRequest(name, spki, NULL); - if (certReq == NULL) { - error_out("ERROR: Unable to create Certificate Request"); - } - if (pubkey != NULL) { - SECKEY_DestroyPublicKey(pubkey); - } - if (spki != NULL) { - SECKEY_DestroySubjectPublicKeyInfo(spki); - } - if (pqgParams != NULL) { - PK11_PQG_DestroyParams(pqgParams); - } - if (pqgVfy != NULL) { - PK11_PQG_DestroyVerify(pqgVfy); - } - return certReq; -} - -static CERTCertificate * -MakeV1Cert(CERTCertDBHandle *handle, - CERTCertificateRequest *req, - char *issuerNameStr, - PRBool selfsign, - int serialNumber, - int warpmonths, - Pair *data) -{ - CERTCertificate *issuerCert = NULL; - CERTValidity *validity; - CERTCertificate *cert = NULL; - PRExplodedTime printableTime; - PRTime now, - after; - if (!selfsign) { - issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); - if (!issuerCert) { - error_out("ERROR: Could not find issuer's certificate"); - return NULL; - } - } - if (find_field_bool(data, "manValidity", PR_TRUE)) { - (void)DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE)); - } else { - now = PR_Now(); - } - PR_ExplodeTime(now, PR_GMTParameters, &printableTime); - if (warpmonths) { - printableTime.tm_month += warpmonths; - now = PR_ImplodeTime(&printableTime); - PR_ExplodeTime(now, PR_GMTParameters, &printableTime); - } - if (find_field_bool(data, "manValidity", PR_TRUE)) { - (void)DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE)); - PR_ExplodeTime(after, PR_GMTParameters, &printableTime); - } else { - printableTime.tm_month += 3; - after = PR_ImplodeTime(&printableTime); - } - /* note that the time is now in micro-second unit */ - validity = CERT_CreateValidity(now, after); - - if (selfsign) { - cert = CERT_CreateCertificate(serialNumber, &(req->subject), validity, req); - } else { - cert = CERT_CreateCertificate(serialNumber, &(issuerCert->subject), validity, req); - } - - CERT_DestroyValidity(validity); - if (issuerCert) { - CERT_DestroyCertificate(issuerCert); - } - return (cert); -} - -static int -get_serial_number(Pair *data) -{ - int serial = 0; - int error; - char *filename = SERIAL_FILE; - char *SN; - FILE *serialFile; - - if (find_field_bool(data, "serial-auto", PR_TRUE)) { - serialFile = fopen(filename, "r"); - if (serialFile != NULL) { - size_t nread = fread(&serial, sizeof(int), 1, serialFile); - if (ferror(serialFile) != 0 || nread != 1) { - error_out("Error: Unable to read serial number file"); - } - if (serial == -1) { - serial = 21; - } - fclose(serialFile); - ++serial; - serialFile = fopen(filename, "w"); - if (serialFile == NULL) { - error_out("ERROR: Unable to open serial number file for writing"); - } - fwrite(&serial, sizeof(int), 1, serialFile); - if (ferror(serialFile) != 0) { - error_out("Error: Unable to write to serial number file"); - } - } else { - fclose(serialFile); - serialFile = fopen(filename, "w"); - if (serialFile == NULL) { - error_out("ERROR: Unable to open serial number file"); - } - serial = 21; - fwrite(&serial, sizeof(int), 1, serialFile); - if (ferror(serialFile) != 0) { - error_out("Error: Unable to write to serial number file"); - } - error = ferror(serialFile); - if (error != 0) { - error_out("ERROR: Unable to write to serial file"); - } - } - fclose(serialFile); - } else { - SN = find_field(data, "serial_value", PR_TRUE); - while (*SN != '\0') { - serial = serial * 16; - if ((*SN >= 'A') && (*SN <= 'F')) { - serial += *SN - 'A' + 10; - } else { - if ((*SN >= 'a') && (*SN <= 'f')) { - serial += *SN - 'a' + 10; - } else { - serial += *SN - '0'; - } - } - ++SN; - } - } - return serial; -} - -typedef SECStatus (*EXTEN_VALUE_ENCODER)(PLArenaPool *extHandle, void *value, SECItem *encodedValue); - -static SECStatus -EncodeAndAddExtensionValue( - PLArenaPool *arena, - void *extHandle, - void *value, - PRBool criticality, - int extenType, - EXTEN_VALUE_ENCODER EncodeValueFn) -{ - SECItem encodedValue; - SECStatus rv; - - encodedValue.data = NULL; - encodedValue.len = 0; - rv = (*EncodeValueFn)(arena, value, &encodedValue); - if (rv != SECSuccess) { - error_out("ERROR: Unable to encode extension value"); - } - rv = CERT_AddExtension(extHandle, extenType, &encodedValue, criticality, PR_TRUE); - return (rv); -} - -static SECStatus -AddKeyUsage(void *extHandle, - Pair *data) -{ - SECItem bitStringValue; - unsigned char keyUsage = 0x0; - - if (find_field_bool(data, "keyUsage-digitalSignature", PR_TRUE)) { - keyUsage |= (0x80 >> 0); - } - if (find_field_bool(data, "keyUsage-nonRepudiation", PR_TRUE)) { - keyUsage |= (0x80 >> 1); - } - if (find_field_bool(data, "keyUsage-keyEncipherment", PR_TRUE)) { - keyUsage |= (0x80 >> 2); - } - if (find_field_bool(data, "keyUsage-dataEncipherment", PR_TRUE)) { - keyUsage |= (0x80 >> 3); - } - if (find_field_bool(data, "keyUsage-keyAgreement", PR_TRUE)) { - keyUsage |= (0x80 >> 4); - } - if (find_field_bool(data, "keyUsage-keyCertSign", PR_TRUE)) { - keyUsage |= (0x80 >> 5); - } - if (find_field_bool(data, "keyUsage-cRLSign", PR_TRUE)) { - keyUsage |= (0x80 >> 6); - } - - bitStringValue.data = &keyUsage; - bitStringValue.len = 1; - - return (CERT_EncodeAndAddBitStrExtension(extHandle, SEC_OID_X509_KEY_USAGE, &bitStringValue, - (find_field_bool(data, "keyUsage-crit", PR_TRUE)))); -} - -static CERTOidSequence * -CreateOidSequence(void) -{ - CERTOidSequence *rv = (CERTOidSequence *)NULL; - PLArenaPool *arena = (PLArenaPool *)NULL; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ((PLArenaPool *)NULL == arena) { - goto loser; - } - - rv = (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence)); - if ((CERTOidSequence *)NULL == rv) { - goto loser; - } - - rv->oids = (SECItem **)PORT_ArenaZAlloc(arena, sizeof(SECItem *)); - if ((SECItem **)NULL == rv->oids) { - goto loser; - } - - rv->arena = arena; - return rv; - -loser: - if ((PLArenaPool *)NULL != arena) { - PORT_FreeArena(arena, PR_FALSE); - } - - return (CERTOidSequence *)NULL; -} - -static SECStatus -AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag) -{ - SECItem **oids; - PRUint32 count = 0; - SECOidData *od; - - od = SECOID_FindOIDByTag(oidTag); - if ((SECOidData *)NULL == od) { - return SECFailure; - } - - for (oids = os->oids; (SECItem *)NULL != *oids; oids++) { - count++; - } - - /* ArenaZRealloc */ - - { - PRUint32 i; - - oids = (SECItem **)PORT_ArenaZAlloc(os->arena, sizeof(SECItem *) * (count + 2)); - if ((SECItem **)NULL == oids) { - return SECFailure; - } - - for (i = 0; i < count; i++) { - oids[i] = os->oids[i]; - } - - /* ArenaZFree(os->oids); */ - } - - os->oids = oids; - os->oids[count] = &od->oid; - - return SECSuccess; -} - -static SECItem * -EncodeOidSequence(CERTOidSequence *os) -{ - SECItem *rv; - extern const SEC_ASN1Template CERT_OidSeqTemplate[]; - - rv = (SECItem *)PORT_ArenaZAlloc(os->arena, sizeof(SECItem)); - if ((SECItem *)NULL == rv) { - goto loser; - } - - if (!SEC_ASN1EncodeItem(os->arena, rv, os, CERT_OidSeqTemplate)) { - goto loser; - } - - return rv; - -loser: - return (SECItem *)NULL; -} - -static SECStatus -AddExtKeyUsage(void *extHandle, Pair *data) -{ - SECStatus rv; - CERTOidSequence *os; - SECItem *value; - PRBool crit; - - os = CreateOidSequence(); - if ((CERTOidSequence *)NULL == os) { - return SECFailure; - } - - if (find_field_bool(data, "extKeyUsage-serverAuth", PR_TRUE)) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH); - if (SECSuccess != rv) - goto loser; - } - - if (find_field_bool(data, "extKeyUsage-msTrustListSign", PR_TRUE)) { - rv = AddOidToSequence(os, SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING); - if (SECSuccess != rv) - goto loser; - } - - if (find_field_bool(data, "extKeyUsage-clientAuth", PR_TRUE)) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH); - if (SECSuccess != rv) - goto loser; - } - - if (find_field_bool(data, "extKeyUsage-codeSign", PR_TRUE)) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CODE_SIGN); - if (SECSuccess != rv) - goto loser; - } - - if (find_field_bool(data, "extKeyUsage-emailProtect", PR_TRUE)) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT); - if (SECSuccess != rv) - goto loser; - } - - if (find_field_bool(data, "extKeyUsage-timeStamp", PR_TRUE)) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_TIME_STAMP); - if (SECSuccess != rv) - goto loser; - } - - if (find_field_bool(data, "extKeyUsage-ocspResponder", PR_TRUE)) { - rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER); - if (SECSuccess != rv) - goto loser; - } - - if (find_field_bool(data, "extKeyUsage-NS-govtApproved", PR_TRUE)) { - rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED); - if (SECSuccess != rv) - goto loser; - } - - value = EncodeOidSequence(os); - - crit = find_field_bool(data, "extKeyUsage-crit", PR_TRUE); - - rv = CERT_AddExtension(extHandle, SEC_OID_X509_EXT_KEY_USAGE, value, - crit, PR_TRUE); -/*FALLTHROUGH*/ -loser: - CERT_DestroyOidSequence(os); - return rv; -} - -static SECStatus -AddSubKeyID(void *extHandle, - Pair *data, - CERTCertificate *subjectCert) -{ - SECItem encodedValue; - SECStatus rv; - char *read; - char *write; - char *first; - char character; - int high_digit = 0, - low_digit = 0; - int len; - PRBool odd = PR_FALSE; - - encodedValue.data = NULL; - encodedValue.len = 0; - first = read = write = find_field(data, "subjectKeyIdentifier-text", - PR_TRUE); - len = PORT_Strlen(first); - odd = ((len % 2) != 0) ? PR_TRUE : PR_FALSE; - if (find_field_bool(data, "subjectKeyIdentifier-radio-hex", PR_TRUE)) { - if (odd) { - error_out("ERROR: Improperly formated subject key identifier, hex values must be expressed as an octet string"); - } - while (*read != '\0') { - if (!isxdigit(*read)) { - error_out("ERROR: Improperly formated subject key identifier"); - } - *read = toupper(*read); - if ((*read >= 'A') && (*read <= 'F')) { - high_digit = *read - 'A' + 10; - } else { - high_digit = *read - '0'; - } - ++read; - if (!isxdigit(*read)) { - error_out("ERROR: Improperly formated subject key identifier"); - } - *read = toupper(*read); - if ((*read >= 'A') && (*read <= 'F')) { - low_digit = *(read) - 'A' + 10; - } else { - low_digit = *(read) - '0'; - } - character = (high_digit << 4) | low_digit; - *write = character; - ++write; - ++read; - } - *write = '\0'; - len = write - first; - } - subjectCert->subjectKeyID.data = (unsigned char *)find_field(data, "subjectKeyIdentifier-text", PR_TRUE); - subjectCert->subjectKeyID.len = len; - rv = CERT_EncodeSubjectKeyID(NULL, &subjectCert->subjectKeyID, &encodedValue); - if (rv) { - return (rv); - } - return (CERT_AddExtension(extHandle, SEC_OID_X509_SUBJECT_KEY_ID, - &encodedValue, PR_FALSE, PR_TRUE)); -} - -static SECStatus -AddAuthKeyID(void *extHandle, - Pair *data, - char *issuerNameStr, - CERTCertDBHandle *handle) -{ - CERTAuthKeyID *authKeyID = NULL; - PLArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - CERTCertificate *issuerCert = NULL; - CERTGeneralName *genNames; - CERTName *directoryName = NULL; - - issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (!arena) { - error_allocate(); - } - - authKeyID = PORT_ArenaZAlloc(arena, sizeof(CERTAuthKeyID)); - if (authKeyID == NULL) { - error_allocate(); - } - if (find_field_bool(data, "authorityKeyIdentifier-radio-keyIdentifier", - PR_TRUE)) { - authKeyID->keyID.data = PORT_ArenaAlloc(arena, PORT_Strlen((char *)issuerCert->subjectKeyID.data)); - if (authKeyID->keyID.data == NULL) { - error_allocate(); - } - PORT_Memcpy(authKeyID->keyID.data, issuerCert->subjectKeyID.data, - authKeyID->keyID.len = - PORT_Strlen((char *)issuerCert->subjectKeyID.data)); - } else { - - PORT_Assert(arena); - genNames = (CERTGeneralName *)PORT_ArenaZAlloc(arena, (sizeof(CERTGeneralName))); - if (genNames == NULL) { - error_allocate(); - } - genNames->l.next = genNames->l.prev = &(genNames->l); - genNames->type = certDirectoryName; - - directoryName = CERT_AsciiToName(issuerCert->subjectName); - if (!directoryName) { - error_out("ERROR: Unable to create Directory Name"); - } - rv = CERT_CopyName(arena, &genNames->name.directoryName, - directoryName); - CERT_DestroyName(directoryName); - if (rv != SECSuccess) { - error_out("ERROR: Unable to copy Directory Name"); - } - authKeyID->authCertIssuer = genNames; - if (authKeyID->authCertIssuer == NULL && SECFailure == PORT_GetError()) { - error_out("ERROR: Unable to get Issuer General Name for Authority Key ID Extension"); - } - authKeyID->authCertSerialNumber = issuerCert->serialNumber; - } - rv = EncodeAndAddExtensionValue(arena, extHandle, authKeyID, PR_FALSE, - SEC_OID_X509_AUTH_KEY_ID, - (EXTEN_VALUE_ENCODER) - CERT_EncodeAuthKeyID); - if (arena) { - PORT_FreeArena(arena, PR_FALSE); - } - return (rv); -} - -static SECStatus -AddPrivKeyUsagePeriod(void *extHandle, - Pair *data, - CERTCertificate *cert) -{ - char *notBeforeStr; - char *notAfterStr; - PLArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - CERTPrivKeyUsagePeriod *pkup; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (!arena) { - error_allocate(); - } - pkup = PORT_ArenaZNew(arena, CERTPrivKeyUsagePeriod); - if (pkup == NULL) { - error_allocate(); - } - notBeforeStr = (char *)PORT_Alloc(16); - if (notBeforeStr == NULL) { - error_allocate(); - } - notAfterStr = (char *)PORT_Alloc(16); - if (notAfterStr == NULL) { - error_allocate(); - } - *notBeforeStr = '\0'; - *notAfterStr = '\0'; - pkup->arena = arena; - pkup->notBefore.len = 0; - pkup->notBefore.data = NULL; - pkup->notAfter.len = 0; - pkup->notAfter.data = NULL; - if (find_field_bool(data, "privKeyUsagePeriod-radio-notBefore", PR_TRUE) || - find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) { - pkup->notBefore.len = 15; - pkup->notBefore.data = (unsigned char *)notBeforeStr; - if (find_field_bool(data, "privKeyUsagePeriod-notBefore-radio-manual", - PR_TRUE)) { - PORT_Strcat(notBeforeStr, find_field(data, - "privKeyUsagePeriod-notBefore-year", - PR_TRUE)); - PORT_Strcat(notBeforeStr, find_field(data, - "privKeyUsagePeriod-notBefore-month", - PR_TRUE)); - PORT_Strcat(notBeforeStr, find_field(data, - "privKeyUsagePeriod-notBefore-day", - PR_TRUE)); - PORT_Strcat(notBeforeStr, find_field(data, - "privKeyUsagePeriod-notBefore-hour", - PR_TRUE)); - PORT_Strcat(notBeforeStr, find_field(data, - "privKeyUsagePeriod-notBefore-minute", - PR_TRUE)); - PORT_Strcat(notBeforeStr, find_field(data, - "privKeyUsagePeriod-notBefore-second", - PR_TRUE)); - if ((*(notBeforeStr + 14) != '\0') || - (!isdigit(*(notBeforeStr + 13))) || - (*(notBeforeStr + 12) >= '5' && *(notBeforeStr + 12) <= '0') || - (!isdigit(*(notBeforeStr + 11))) || - (*(notBeforeStr + 10) >= '5' && *(notBeforeStr + 10) <= '0') || - (!isdigit(*(notBeforeStr + 9))) || - (*(notBeforeStr + 8) >= '2' && *(notBeforeStr + 8) <= '0') || - (!isdigit(*(notBeforeStr + 7))) || - (*(notBeforeStr + 6) >= '3' && *(notBeforeStr + 6) <= '0') || - (!isdigit(*(notBeforeStr + 5))) || - (*(notBeforeStr + 4) >= '1' && *(notBeforeStr + 4) <= '0') || - (!isdigit(*(notBeforeStr + 3))) || - (!isdigit(*(notBeforeStr + 2))) || - (!isdigit(*(notBeforeStr + 1))) || - (!isdigit(*(notBeforeStr + 0))) || - (*(notBeforeStr + 8) == '2' && *(notBeforeStr + 9) >= '4') || - (*(notBeforeStr + 6) == '3' && *(notBeforeStr + 7) >= '1') || - (*(notBeforeStr + 4) == '1' && *(notBeforeStr + 5) >= '2')) { - error_out("ERROR: Improperly formated private key usage period"); - } - *(notBeforeStr + 14) = 'Z'; - *(notBeforeStr + 15) = '\0'; - } else { - if ((*(cert->validity.notBefore.data) > '5') || - ((*(cert->validity.notBefore.data) == '5') && - (*(cert->validity.notBefore.data + 1) != '0'))) { - PORT_Strcat(notBeforeStr, "19"); - } else { - PORT_Strcat(notBeforeStr, "20"); - } - PORT_Strcat(notBeforeStr, (char *)cert->validity.notBefore.data); - } - } - if (find_field_bool(data, "privKeyUsagePeriod-radio-notAfter", PR_TRUE) || - find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) { - pkup->notAfter.len = 15; - pkup->notAfter.data = (unsigned char *)notAfterStr; - PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-year", - PR_TRUE)); - PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-month", - PR_TRUE)); - PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-day", - PR_TRUE)); - PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-hour", - PR_TRUE)); - PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-minute", - PR_TRUE)); - PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-second", - PR_TRUE)); - if ((*(notAfterStr + 14) != '\0') || - (!isdigit(*(notAfterStr + 13))) || - (*(notAfterStr + 12) >= '5' && *(notAfterStr + 12) <= '0') || - (!isdigit(*(notAfterStr + 11))) || - (*(notAfterStr + 10) >= '5' && *(notAfterStr + 10) <= '0') || - (!isdigit(*(notAfterStr + 9))) || - (*(notAfterStr + 8) >= '2' && *(notAfterStr + 8) <= '0') || - (!isdigit(*(notAfterStr + 7))) || - (*(notAfterStr + 6) >= '3' && *(notAfterStr + 6) <= '0') || - (!isdigit(*(notAfterStr + 5))) || - (*(notAfterStr + 4) >= '1' && *(notAfterStr + 4) <= '0') || - (!isdigit(*(notAfterStr + 3))) || - (!isdigit(*(notAfterStr + 2))) || - (!isdigit(*(notAfterStr + 1))) || - (!isdigit(*(notAfterStr + 0))) || - (*(notAfterStr + 8) == '2' && *(notAfterStr + 9) >= '4') || - (*(notAfterStr + 6) == '3' && *(notAfterStr + 7) >= '1') || - (*(notAfterStr + 4) == '1' && *(notAfterStr + 5) >= '2')) { - error_out("ERROR: Improperly formated private key usage period"); - } - *(notAfterStr + 14) = 'Z'; - *(notAfterStr + 15) = '\0'; - } - - PORT_Assert(arena); - - rv = EncodeAndAddExtensionValue(arena, extHandle, pkup, - find_field_bool(data, - "privKeyUsagePeriod-crit", - PR_TRUE), - SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD, - (EXTEN_VALUE_ENCODER) - CERT_EncodePrivateKeyUsagePeriod); - PORT_FreeArena(arena, PR_FALSE); - PORT_Free(notBeforeStr); - PORT_Free(notAfterStr); - return (rv); -} - -static SECStatus -AddBasicConstraint(void *extHandle, - Pair *data) -{ - CERTBasicConstraints basicConstraint; - SECItem encodedValue; - SECStatus rv; - - encodedValue.data = NULL; - encodedValue.len = 0; - basicConstraint.pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT; - basicConstraint.isCA = (find_field_bool(data, "basicConstraints-cA-radio-CA", - PR_TRUE)); - if (find_field_bool(data, "basicConstraints-pathLengthConstraint", PR_TRUE)) { - basicConstraint.pathLenConstraint = atoi(find_field(data, "basicConstraints-pathLengthConstraint-text", - PR_TRUE)); - } - - rv = CERT_EncodeBasicConstraintValue(NULL, &basicConstraint, - &encodedValue); - if (rv) - return (rv); - rv = CERT_AddExtension(extHandle, SEC_OID_X509_BASIC_CONSTRAINTS, - &encodedValue, - (find_field_bool(data, "basicConstraints-crit", - PR_TRUE)), - PR_TRUE); - - PORT_Free(encodedValue.data); - return (rv); -} - -static SECStatus -AddNscpCertType(void *extHandle, - Pair *data) -{ - SECItem bitStringValue; - unsigned char CertType = 0x0; - - if (find_field_bool(data, "netscape-cert-type-ssl-client", PR_TRUE)) { - CertType |= (0x80 >> 0); - } - if (find_field_bool(data, "netscape-cert-type-ssl-server", PR_TRUE)) { - CertType |= (0x80 >> 1); - } - if (find_field_bool(data, "netscape-cert-type-smime", PR_TRUE)) { - CertType |= (0x80 >> 2); - } - if (find_field_bool(data, "netscape-cert-type-object-signing", PR_TRUE)) { - CertType |= (0x80 >> 3); - } - if (find_field_bool(data, "netscape-cert-type-reserved", PR_TRUE)) { - CertType |= (0x80 >> 4); - } - if (find_field_bool(data, "netscape-cert-type-ssl-ca", PR_TRUE)) { - CertType |= (0x80 >> 5); - } - if (find_field_bool(data, "netscape-cert-type-smime-ca", PR_TRUE)) { - CertType |= (0x80 >> 6); - } - if (find_field_bool(data, "netscape-cert-type-object-signing-ca", PR_TRUE)) { - CertType |= (0x80 >> 7); - } - - bitStringValue.data = &CertType; - bitStringValue.len = 1; - - return (CERT_EncodeAndAddBitStrExtension(extHandle, SEC_OID_NS_CERT_EXT_CERT_TYPE, &bitStringValue, - (find_field_bool(data, "netscape-cert-type-crit", PR_TRUE)))); -} - -static SECStatus -add_IA5StringExtension(void *extHandle, - char *string, - PRBool crit, - int idtag) -{ - SECItem encodedValue; - SECStatus rv; - - encodedValue.data = NULL; - encodedValue.len = 0; - - rv = CERT_EncodeIA5TypeExtension(NULL, string, &encodedValue); - if (rv) { - return (rv); - } - return (CERT_AddExtension(extHandle, idtag, &encodedValue, crit, PR_TRUE)); -} - -static SECItem * -string_to_oid(char *string) -{ - int i; - int length = 20; - int remaining; - int first_value; - int second_value; - int value; - int oidLength; - unsigned char *oidString; - unsigned char *write; - unsigned char *read; - unsigned char *temp; - SECItem *oid; - - remaining = length; - i = 0; - while (*string == ' ') { - string++; - } - while (isdigit(*(string + i))) { - i++; - } - if (*(string + i) == '.') { - *(string + i) = '\0'; - } else { - error_out("ERROR: Improperly formated OID"); - } - first_value = atoi(string); - if (first_value < 0 || first_value > 2) { - error_out("ERROR: Improperly formated OID"); - } - string += i + 1; - i = 0; - while (isdigit(*(string + i))) { - i++; - } - if (*(string + i) == '.') { - *(string + i) = '\0'; - } else { - error_out("ERROR: Improperly formated OID"); - } - second_value = atoi(string); - if (second_value < 0 || second_value > 39) { - error_out("ERROR: Improperly formated OID"); - } - oidString = PORT_ZAlloc(2); - *oidString = (first_value * 40) + second_value; - *(oidString + 1) = '\0'; - oidLength = 1; - string += i + 1; - i = 0; - temp = write = PORT_ZAlloc(length); - while (*string != '\0') { - value = 0; - while (isdigit(*(string + i))) { - i++; - } - if (*(string + i) == '\0') { - value = atoi(string); - string += i; - } else { - if (*(string + i) == '.') { - *(string + i) = '\0'; - value = atoi(string); - string += i + 1; - } else { - *(string + i) = '\0'; - i++; - value = atoi(string); - while (*(string + i) == ' ') - i++; - if (*(string + i) != '\0') { - error_out("ERROR: Improperly formated OID"); - } - } - } - i = 0; - while (value != 0) { - if (remaining < 1) { - remaining += length; - length = length * 2; - temp = PORT_Realloc(temp, length); - write = temp + length - remaining; - } - *write = (value & 0x7f) | (0x80); - write++; - remaining--; - value = value >> 7; - } - *temp = *temp & (0x7f); - oidLength += write - temp; - oidString = PORT_Realloc(oidString, (oidLength + 1)); - read = write - 1; - write = oidLength + oidString - 1; - for (i = 0; i < (length - remaining); i++) { - *write = *read; - write--; - read++; - } - write = temp; - remaining = length; - } - *(oidString + oidLength) = '\0'; - oid = (SECItem *)PORT_ZAlloc(sizeof(SECItem)); - oid->data = oidString; - oid->len = oidLength; - PORT_Free(temp); - return oid; -} - -static SECItem * -string_to_ipaddress(char *string) -{ - int i = 0; - int value; - int j = 0; - SECItem *ipaddress; - - while (*string == ' ') { - string++; - } - ipaddress = (SECItem *)PORT_ZAlloc(sizeof(SECItem)); - ipaddress->data = PORT_ZAlloc(9); - while (*string != '\0' && j < 8) { - while (isdigit(*(string + i))) { - i++; - } - if (*(string + i) == '.') { - *(string + i) = '\0'; - value = atoi(string); - string = string + i + 1; - i = 0; - } else { - if (*(string + i) == '\0') { - value = atoi(string); - string = string + i; - i = 0; - } else { - *(string + i) = '\0'; - while (*(string + i) == ' ') { - i++; - } - if (*(string + i) == '\0') { - value = atoi(string); - string = string + i; - i = 0; - } else { - error_out("ERROR: Improperly formated IP Address"); - } - } - } - if (value >= 0 && value < 256) { - *(ipaddress->data + j) = value; - } else { - error_out("ERROR: Improperly formated IP Address"); - } - j++; - } - *(ipaddress->data + j) = '\0'; - if (j != 4 && j != 8) { - error_out("ERROR: Improperly formated IP Address"); - } - ipaddress->len = j; - return ipaddress; -} - -static int -chr_to_hex(char c) -{ - if (isdigit(c)) { - return c - '0'; - } - if (isxdigit(c)) { - return toupper(c) - 'A' + 10; - } - return -1; -} - -static SECItem * -string_to_binary(char *string) -{ - SECItem *rv; - - rv = (SECItem *)PORT_ZAlloc(sizeof(SECItem)); - if (rv == NULL) { - error_allocate(); - } - rv->data = (unsigned char *)PORT_ZAlloc((PORT_Strlen(string)) / 3 + 2); - rv->len = 0; - while (*string && !isxdigit(*string)) { - string++; - } - while (*string) { - int high, low; - high = chr_to_hex(*string++); - low = chr_to_hex(*string++); - if (high < 0 || low < 0) { - error_out("ERROR: Improperly formated binary encoding"); - } - rv->data[(rv->len)++] = high << 4 | low; - if (*string != ':') { - break; - } - ++string; - } - while (*string == ' ') { - ++string; - } - if (*string) { - error_out("ERROR: Junk after binary encoding"); - } - - return rv; -} - -static SECStatus -MakeGeneralName(char *name, - CERTGeneralName *genName, - PLArenaPool *arena) -{ - SECItem *oid; - SECOidData *oidData; - SECItem *ipaddress; - SECItem *temp = NULL; - int i; - int nameType; - PRBool binary = PR_FALSE; - SECStatus rv = SECSuccess; - PRBool nickname = PR_FALSE; - - PORT_Assert(genName); - PORT_Assert(arena); - nameType = *(name + PORT_Strlen(name) - 1) - '0'; - if (nameType == 0 && *(name + PORT_Strlen(name) - 2) == '1') { - nickname = PR_TRUE; - nameType = certOtherName; - } - if (nameType < 1 || nameType > 9) { - error_out("ERROR: Unknown General Name Type"); - } - *(name + PORT_Strlen(name) - 4) = '\0'; - genName->type = nameType; - - switch (genName->type) { - case certURI: - case certRFC822Name: - case certDNSName: { - genName->name.other.data = (unsigned char *)name; - genName->name.other.len = PORT_Strlen(name); - break; - } - - case certIPAddress: { - ipaddress = string_to_ipaddress(name); - genName->name.other.data = ipaddress->data; - genName->name.other.len = ipaddress->len; - break; - } - - case certRegisterID: { - oid = string_to_oid(name); - genName->name.other.data = oid->data; - genName->name.other.len = oid->len; - break; - } - - case certEDIPartyName: - case certX400Address: { - - genName->name.other.data = PORT_ArenaAlloc(arena, - PORT_Strlen(name) + 2); - if (genName->name.other.data == NULL) { - error_allocate(); - } - - PORT_Memcpy(genName->name.other.data + 2, name, PORT_Strlen(name)); - /* This may not be accurate for all cases. - For now, use this tag type */ - genName->name.other.data[0] = (char)(((genName->type - 1) & - 0x1f) | - 0x80); - genName->name.other.data[1] = (char)PORT_Strlen(name); - genName->name.other.len = PORT_Strlen(name) + 2; - break; - } - - case certOtherName: { - i = 0; - if (!nickname) { - while (!isdigit(*(name + PORT_Strlen(name) - i))) { - i++; - } - if (*(name + PORT_Strlen(name) - i) == '1') { - binary = PR_TRUE; - } else { - binary = PR_FALSE; - } - while (*(name + PORT_Strlen(name) - i) != '-') { - i++; - } - *(name + PORT_Strlen(name) - i - 1) = '\0'; - i = 0; - while (*(name + i) != '-') { - i++; - } - *(name + i - 1) = '\0'; - oid = string_to_oid(name + i + 2); - } else { - oidData = SECOID_FindOIDByTag(SEC_OID_NETSCAPE_NICKNAME); - oid = &oidData->oid; - while (*(name + PORT_Strlen(name) - i) != '-') { - i++; - } - *(name + PORT_Strlen(name) - i) = '\0'; - } - genName->name.OthName.oid.data = oid->data; - genName->name.OthName.oid.len = oid->len; - if (binary) { - temp = string_to_binary(name); - genName->name.OthName.name.data = temp->data; - genName->name.OthName.name.len = temp->len; - } else { - temp = (SECItem *)PORT_ZAlloc(sizeof(SECItem)); - if (temp == NULL) { - error_allocate(); - } - temp->data = (unsigned char *)name; - temp->len = PORT_Strlen(name); - SEC_ASN1EncodeItem(arena, &(genName->name.OthName.name), temp, - CERTIA5TypeTemplate); - } - PORT_Free(temp); - break; - } - - case certDirectoryName: { - CERTName *directoryName = NULL; - - directoryName = CERT_AsciiToName(name); - if (!directoryName) { - error_out("ERROR: Improperly formated alternative name"); - break; - } - rv = CERT_CopyName(arena, &genName->name.directoryName, - directoryName); - CERT_DestroyName(directoryName); - - break; - } - } - genName->l.next = &(genName->l); - genName->l.prev = &(genName->l); - return rv; -} - -static CERTGeneralName * -MakeAltName(Pair *data, - char *which, - PLArenaPool *arena) -{ - CERTGeneralName *SubAltName; - CERTGeneralName *current; - CERTGeneralName *newname; - char *name = NULL; - SECStatus rv = SECSuccess; - int len; - - len = PORT_Strlen(which); - name = find_field(data, which, PR_TRUE); - SubAltName = current = (CERTGeneralName *)PORT_ZAlloc(sizeof(CERTGeneralName)); - if (current == NULL) { - error_allocate(); - } - while (name != NULL) { - - rv = MakeGeneralName(name, current, arena); - - if (rv != SECSuccess) { - break; - } - if (*(which + len - 1) < '9') { - *(which + len - 1) = *(which + len - 1) + 1; - } else { - if (isdigit(*(which + len - 2))) { - *(which + len - 2) = *(which + len - 2) + 1; - *(which + len - 1) = '0'; - } else { - *(which + len - 1) = '1'; - *(which + len) = '0'; - *(which + len + 1) = '\0'; - len++; - } - } - len = PORT_Strlen(which); - name = find_field(data, which, PR_TRUE); - if (name != NULL) { - newname = (CERTGeneralName *)PORT_ZAlloc(sizeof(CERTGeneralName)); - if (newname == NULL) { - error_allocate(); - } - current->l.next = &(newname->l); - newname->l.prev = &(current->l); - current = newname; - newname = NULL; - } else { - current->l.next = &(SubAltName->l); - SubAltName->l.prev = &(current->l); - } - } - if (rv == SECFailure) { - return NULL; - } - return SubAltName; -} - -static CERTNameConstraints * -MakeNameConstraints(Pair *data, - PLArenaPool *arena) -{ - CERTNameConstraints *NameConstraints; - CERTNameConstraint *current = NULL; - CERTNameConstraint *last_permited = NULL; - CERTNameConstraint *last_excluded = NULL; - char *constraint = NULL; - char *which; - SECStatus rv = SECSuccess; - int len; - int i; - long max; - long min; - PRBool permited; - - NameConstraints = (CERTNameConstraints *)PORT_ZAlloc(sizeof(CERTNameConstraints)); - which = make_copy_string("NameConstraintSelect0", 25, '\0'); - len = PORT_Strlen(which); - constraint = find_field(data, which, PR_TRUE); - NameConstraints->permited = NameConstraints->excluded = NULL; - while (constraint != NULL) { - current = (CERTNameConstraint *)PORT_ZAlloc(sizeof(CERTNameConstraint)); - if (current == NULL) { - error_allocate(); - } - i = 0; - while (*(constraint + PORT_Strlen(constraint) - i) != '-') { - i++; - } - *(constraint + PORT_Strlen(constraint) - i - 1) = '\0'; - max = (long)atoi(constraint + PORT_Strlen(constraint) + 3); - if (max > 0) { - (void)SEC_ASN1EncodeInteger(arena, ¤t->max, max); - } - i = 0; - while (*(constraint + PORT_Strlen(constraint) - i) != '-') { - i++; - } - *(constraint + PORT_Strlen(constraint) - i - 1) = '\0'; - min = (long)atoi(constraint + PORT_Strlen(constraint) + 3); - (void)SEC_ASN1EncodeInteger(arena, ¤t->min, min); - while (*(constraint + PORT_Strlen(constraint) - i) != '-') { - i++; - } - *(constraint + PORT_Strlen(constraint) - i - 1) = '\0'; - if (*(constraint + PORT_Strlen(constraint) + 3) == 'p') { - permited = PR_TRUE; - } else { - permited = PR_FALSE; - } - rv = MakeGeneralName(constraint, &(current->name), arena); - - if (rv != SECSuccess) { - break; - } - if (*(which + len - 1) < '9') { - *(which + len - 1) = *(which + len - 1) + 1; - } else { - if (isdigit(*(which + len - 2))) { - *(which + len - 2) = *(which + len - 2) + 1; - *(which + len - 1) = '0'; - } else { - *(which + len - 1) = '1'; - *(which + len) = '0'; - *(which + len + 1) = '\0'; - len++; - } - } - len = PORT_Strlen(which); - if (permited) { - if (NameConstraints->permited == NULL) { - NameConstraints->permited = last_permited = current; - } - last_permited->l.next = &(current->l); - current->l.prev = &(last_permited->l); - last_permited = current; - } else { - if (NameConstraints->excluded == NULL) { - NameConstraints->excluded = last_excluded = current; - } - last_excluded->l.next = &(current->l); - current->l.prev = &(last_excluded->l); - last_excluded = current; - } - constraint = find_field(data, which, PR_TRUE); - if (constraint != NULL) { - current = (CERTNameConstraint *)PORT_ZAlloc(sizeof(CERTNameConstraint)); - if (current == NULL) { - error_allocate(); - } - } - } - if (NameConstraints->permited != NULL) { - last_permited->l.next = &(NameConstraints->permited->l); - NameConstraints->permited->l.prev = &(last_permited->l); - } - if (NameConstraints->excluded != NULL) { - last_excluded->l.next = &(NameConstraints->excluded->l); - NameConstraints->excluded->l.prev = &(last_excluded->l); - } - if (which != NULL) { - PORT_Free(which); - } - if (rv == SECFailure) { - return NULL; - } - return NameConstraints; -} - -static SECStatus -AddAltName(void *extHandle, - Pair *data, - char *issuerNameStr, - CERTCertDBHandle *handle, - int type) -{ - PRBool autoIssuer = PR_FALSE; - PLArenaPool *arena = NULL; - CERTGeneralName *genName = NULL; - char *which = NULL; - char *name = NULL; - SECStatus rv = SECSuccess; - SECItem *issuersAltName = NULL; - CERTCertificate *issuerCert = NULL; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - error_allocate(); - } - if (type == 0) { - which = make_copy_string("SubAltNameSelect0", 20, '\0'); - genName = MakeAltName(data, which, arena); - } else { - if (autoIssuer) { - autoIssuer = find_field_bool(data, "IssuerAltNameSourceRadio-auto", - PR_TRUE); - issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); - rv = cert_FindExtension((*issuerCert).extensions, - SEC_OID_X509_SUBJECT_ALT_NAME, - issuersAltName); - if (issuersAltName == NULL) { - name = PORT_Alloc(PORT_Strlen((*issuerCert).subjectName) + 4); - PORT_Strcpy(name, (*issuerCert).subjectName); - PORT_Strcat(name, " - 5"); - } - } else { - which = make_copy_string("IssuerAltNameSelect0", 20, '\0'); - genName = MakeAltName(data, which, arena); - } - } - if (type == 0) { - EncodeAndAddExtensionValue(arena, extHandle, genName, - find_field_bool(data, "SubAltName-crit", - PR_TRUE), - SEC_OID_X509_SUBJECT_ALT_NAME, - (EXTEN_VALUE_ENCODER) - CERT_EncodeAltNameExtension); - - } else { - if (autoIssuer && (name == NULL)) { - rv = CERT_AddExtension(extHandle, SEC_OID_X509_ISSUER_ALT_NAME, issuersAltName, - find_field_bool(data, "IssuerAltName-crit", PR_TRUE), PR_TRUE); - } else { - EncodeAndAddExtensionValue(arena, extHandle, genName, - find_field_bool(data, - "IssuerAltName-crit", - PR_TRUE), - SEC_OID_X509_ISSUER_ALT_NAME, - (EXTEN_VALUE_ENCODER) - CERT_EncodeAltNameExtension); - } - } - if (which != NULL) { - PORT_Free(which); - } - if (issuerCert != NULL) { - CERT_DestroyCertificate(issuerCert); - } - return rv; -} - -static SECStatus -AddNameConstraints(void *extHandle, - Pair *data) -{ - PLArenaPool *arena = NULL; - CERTNameConstraints *constraints = NULL; - SECStatus rv = SECSuccess; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - error_allocate(); - } - constraints = MakeNameConstraints(data, arena); - if (constraints != NULL) { - EncodeAndAddExtensionValue(arena, extHandle, constraints, PR_TRUE, - SEC_OID_X509_NAME_CONSTRAINTS, - (EXTEN_VALUE_ENCODER) - CERT_EncodeNameConstraintsExtension); - } - if (arena != NULL) { - PORT_ArenaRelease(arena, NULL); - } - return rv; -} - -static SECStatus -add_extensions(CERTCertificate *subjectCert, - Pair *data, - char *issuerNameStr, - CERTCertDBHandle *handle) -{ - void *extHandle; - SECStatus rv = SECSuccess; - - extHandle = CERT_StartCertExtensions(subjectCert); - if (extHandle == NULL) { - error_out("ERROR: Unable to get certificates extension handle"); - } - if (find_field_bool(data, "keyUsage", PR_TRUE)) { - rv = AddKeyUsage(extHandle, data); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Key Usage extension"); - } - } - - if (find_field_bool(data, "extKeyUsage", PR_TRUE)) { - rv = AddExtKeyUsage(extHandle, data); - if (SECSuccess != rv) { - error_out("ERROR: Unable to add Extended Key Usage extension"); - } - } - - if (find_field_bool(data, "basicConstraints", PR_TRUE)) { - rv = AddBasicConstraint(extHandle, data); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Basic Constraint extension"); - } - } - if (find_field_bool(data, "subjectKeyIdentifier", PR_TRUE)) { - rv = AddSubKeyID(extHandle, data, subjectCert); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Subject Key Identifier Extension"); - } - } - if (find_field_bool(data, "authorityKeyIdentifier", PR_TRUE)) { - rv = AddAuthKeyID(extHandle, data, issuerNameStr, handle); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Authority Key Identifier extension"); - } - } - if (find_field_bool(data, "privKeyUsagePeriod", PR_TRUE)) { - rv = AddPrivKeyUsagePeriod(extHandle, data, subjectCert); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Private Key Usage Period extension"); - } - } - if (find_field_bool(data, "SubAltName", PR_TRUE)) { - rv = AddAltName(extHandle, data, NULL, NULL, 0); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Subject Alternative Name extension"); - } - } - if (find_field_bool(data, "IssuerAltName", PR_TRUE)) { - rv = AddAltName(extHandle, data, issuerNameStr, handle, 1); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Issuer Alternative Name Extension"); - } - } - if (find_field_bool(data, "NameConstraints", PR_TRUE)) { - rv = AddNameConstraints(extHandle, data); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Name Constraints Extension"); - } - } - if (find_field_bool(data, "netscape-cert-type", PR_TRUE)) { - rv = AddNscpCertType(extHandle, data); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Certificate Type Extension"); - } - } - if (find_field_bool(data, "netscape-base-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, "netscape-base-url-text", - PR_TRUE), - find_field_bool(data, - "netscape-base-url-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_BASE_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Base URL Extension"); - } - } - if (find_field_bool(data, "netscape-revocation-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-revocation-url-text", - PR_TRUE), - find_field_bool(data, "netscape-revocation-url-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_REVOCATION_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Revocation URL Extension"); - } - } - if (find_field_bool(data, "netscape-ca-revocation-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-ca-revocation-url-text", - PR_TRUE), - find_field_bool(data, "netscape-ca-revocation-url-crit", PR_TRUE), - SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape CA Revocation URL Extension"); - } - } - if (find_field_bool(data, "netscape-cert-renewal-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-cert-renewal-url-text", - PR_TRUE), - find_field_bool(data, "netscape-cert-renewal-url-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Certificate Renewal URL Extension"); - } - } - if (find_field_bool(data, "netscape-ca-policy-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-ca-policy-url-text", - PR_TRUE), - find_field_bool(data, "netscape-ca-policy-url-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_CA_POLICY_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape CA Policy URL Extension"); - } - } - if (find_field_bool(data, "netscape-ssl-server-name", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-ssl-server-name-text", - PR_TRUE), - find_field_bool(data, "netscape-ssl-server-name-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape SSL Server Name Extension"); - } - } - if (find_field_bool(data, "netscape-comment", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, "netscape-comment-text", - PR_TRUE), - find_field_bool(data, - "netscape-comment-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_COMMENT); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Comment Extension"); - } - } - CERT_FinishExtensions(extHandle); - return (rv); -} - -char * -return_dbpasswd(PK11SlotInfo *slot, PRBool retry, void *data) -{ - char *rv; - - /* don't clobber our poor smart card */ - if (retry == PR_TRUE) { - return NULL; - } - rv = PORT_Alloc(4); - PORT_Strcpy(rv, "foo"); - return rv; -} - -SECKEYPrivateKey * -FindPrivateKeyFromNameStr(char *name, - CERTCertDBHandle *certHandle) -{ - SECKEYPrivateKey *key; - CERTCertificate *cert; - CERTCertificate *p11Cert; - - /* We don't presently have a PK11 function to find a cert by - ** subject name. - ** We do have a function to find a cert in the internal slot's - ** cert db by subject name, but it doesn't setup the slot info. - ** So, this HACK works, but should be replaced as soon as we - ** have a function to search for certs accross slots by subject name. - */ - cert = CERT_FindCertByNameString(certHandle, name); - if (cert == NULL || cert->nickname == NULL) { - error_out("ERROR: Unable to retrieve issuers certificate"); - } - p11Cert = PK11_FindCertFromNickname(cert->nickname, NULL); - if (p11Cert == NULL) { - error_out("ERROR: Unable to retrieve issuers certificate"); - } - key = PK11_FindKeyByAnyCert(p11Cert, NULL); - return key; -} - -static SECItem * -SignCert(CERTCertificate *cert, - char *issuerNameStr, - Pair *data, - CERTCertDBHandle *handle, - int which_key) -{ - SECItem der; - SECKEYPrivateKey *caPrivateKey = NULL; - SECStatus rv; - PLArenaPool *arena; - SECOidTag algID; - - if (which_key == 0) { - caPrivateKey = FindPrivateKeyFromNameStr(issuerNameStr, handle); - } else { - caPrivateKey = privkeys[which_key - 1]; - } - if (caPrivateKey == NULL) { - error_out("ERROR: unable to retrieve issuers key"); - } - - arena = cert->arena; - - algID = SEC_GetSignatureAlgorithmOidTag(caPrivateKey->keyType, - SEC_OID_UNKNOWN); - if (algID == SEC_OID_UNKNOWN) { - error_out("ERROR: Unknown key type for issuer."); - goto done; - } - - rv = SECOID_SetAlgorithmID(arena, &cert->signature, algID, 0); - if (rv != SECSuccess) { - error_out("ERROR: Could not set signature algorithm id."); - } - - if (find_field_bool(data, "ver-1", PR_TRUE)) { - *(cert->version.data) = 0; - cert->version.len = 1; - } else { - *(cert->version.data) = 2; - cert->version.len = 1; - } - der.data = NULL; - der.len = 0; - (void)SEC_ASN1EncodeItem(arena, &der, cert, CERT_CertificateTemplate); - if (der.data == NULL) { - error_out("ERROR: Could not encode certificate.\n"); - } - rv = SEC_DerSignData(arena, &(cert->derCert), der.data, der.len, caPrivateKey, - algID); - if (rv != SECSuccess) { - error_out("ERROR: Could not sign encoded certificate data.\n"); - } -done: - SECKEY_DestroyPrivateKey(caPrivateKey); - return &(cert->derCert); -} - -int -main(int argc, char **argv) -{ - int length = 500; - int remaining = 500; - int n; - int i; - int serial; - int chainLen; - int which_key; - char *pos; -#ifdef OFFLINE - char *form_output = "key=MIIBPTCBpzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7" - "SLqjWBL9Wl11Vlg%0AaMqZCvcQOL%2FnvSqYPPRP0XZy9SoAeyWzQnBOiCm2t8H5mK7r2" - "jnKdAQOmfhjaJil%0A3hNVu3SekHOXF6Ze7bkWa6%2FSGVcY%2FojkydxFSgY43nd1iyd" - "zPQDp8WWLL%2BpVpt%2B%2B%0ATRhFtVXbF0fQI03j9h3BoTgP2lkCAwEAARYDZm9vMA0" - "GCSqGSIb3DQEBBAUAA4GB%0AAJ8UfRKJ0GtG%2B%2BufCC6tAfTzKrq3CTBHnom55EyXc" - "sAsv6WbDqI%2F0rLAPkn2Xo1r%0AnNhtMxIuj441blMt%2Fa3AGLOy5zmC7Qawt8IytvQ" - "ikQ1XTpTBCXevytrmLjCmlURr%0ANJryTM48WaMQHiMiJpbXCqVJC1d%2FpEWBtqvALzZ" - "aOOIy&subject=CN%3D%22test%22%26serial-auto%3Dtrue%26serial_value%3D%" - "26ver-1%3Dtrue%26ver-3%3Dfalse%26caChoiceradio-SignWithDefaultkey%3Dt" - "rue%26caChoiceradio-SignWithRandomChain%3Dfalse%26autoCAs%3D%26caChoi" - "ceradio-SignWithSpecifiedChain%3Dfalse%26manCAs%3D%26%24"; -#else - char *form_output; -#endif - char *issuerNameStr; - char *certName; - char *DBdir = DB_DIRECTORY; - char *prefixs[10] = { "CA#1-", "CA#2-", "CA#3-", - "CA#4-", "CA#5-", "CA#6-", - "CA#7-", "CA#8-", "CA#9-", "" }; - Pair *form_data; - CERTCertificate *cert; - CERTCertDBHandle *handle; - CERTCertificateRequest *certReq = NULL; - int warpmonths = 0; - SECItem *certDER; -#ifdef FILEOUT - FILE *outfile; -#endif - SECStatus status = SECSuccess; - extern char prefix[PREFIX_LEN]; - SEC_PKCS7ContentInfo *certChain; - SECItem *encodedCertChain; - PRBool UChain = PR_FALSE; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName + 1 : argv[0]; - -#ifdef TEST - sleep(20); -#endif - SECU_ConfigDirectory(DBdir); - - PK11_SetPasswordFunc(return_dbpasswd); - status = NSS_InitReadWrite(DBdir); - if (status != SECSuccess) { - SECU_PrintPRandOSError(progName); - return -1; - } - handle = CERT_GetDefaultCertDB(); - - prefix[0] = '\0'; -#if !defined(OFFLINE) - form_output = (char *)PORT_Alloc(length); - if (form_output == NULL) { - error_allocate(); - } - pos = form_output; - while (feof(stdin) == 0) { - if (remaining <= 1) { - remaining += length; - length = length * 2; - form_output = PORT_Realloc(form_output, (length)); - if (form_output == NULL) { - error_allocate(); - } - pos = form_output + length - remaining; - } - n = fread(pos, 1, (size_t)(remaining - 1), stdin); - pos += n; - remaining -= n; - } - *pos = '&'; - pos++; - length = pos - form_output; -#else - length = PORT_Strlen(form_output); -#endif -#ifdef FILEOUT - printf("Content-type: text/plain\n\n"); - fwrite(form_output, 1, (size_t)length, stdout); - printf("\n"); -#endif -#ifdef FILEOUT - fwrite(form_output, 1, (size_t)length, stdout); - printf("\n"); - fflush(stdout); -#endif - form_data = make_datastruct(form_output, length); - status = clean_input(form_data); -#if !defined(OFFLINE) - PORT_Free(form_output); -#endif -#ifdef FILEOUT - i = 0; - while (return_name(form_data, i) != NULL) { - printf("%s", return_name(form_data, i)); - printf("=\n"); - printf("%s", return_data(form_data, i)); - printf("\n"); - i++; - } - printf("I got that done, woo hoo\n"); - fflush(stdout); -#endif - issuerNameStr = PORT_Alloc(200); - if (find_field_bool(form_data, "caChoiceradio-SignWithSpecifiedChain", - PR_FALSE)) { - UChain = PR_TRUE; - chainLen = atoi(find_field(form_data, "manCAs", PR_FALSE)); - PORT_Strcpy(prefix, prefixs[0]); - issuerNameStr = PORT_Strcpy(issuerNameStr, - "CN=Cert-O-Matic II, O=Cert-O-Matic II"); - if (chainLen == 0) { - UChain = PR_FALSE; - } - } else { - if (find_field_bool(form_data, "caChoiceradio-SignWithRandomChain", - PR_FALSE)) { - PORT_Strcpy(prefix, prefixs[9]); - chainLen = atoi(find_field(form_data, "autoCAs", PR_FALSE)); - if (chainLen < 1 || chainLen > 18) { - issuerNameStr = PORT_Strcpy(issuerNameStr, - "CN=CA18, O=Cert-O-Matic II"); - } - issuerNameStr = PORT_Strcpy(issuerNameStr, "CN=CA"); - issuerNameStr = PORT_Strcat(issuerNameStr, - find_field(form_data, "autoCAs", PR_FALSE)); - issuerNameStr = PORT_Strcat(issuerNameStr, ", O=Cert-O-Matic II"); - } else { - issuerNameStr = PORT_Strcpy(issuerNameStr, - "CN=Cert-O-Matic II, O=Cert-O-Matic II"); - } - chainLen = 0; - } - - i = -1; - which_key = 0; - do { - extern SECStatus cert_GetKeyID(CERTCertificate * cert); - i++; - if (i != 0 && UChain) { - PORT_Strcpy(prefix, prefixs[i]); - } - /* find_field(form_data,"subject", PR_TRUE); */ - certReq = makeCertReq(form_data, which_key); -#ifdef OFFLINE - serial = 900; -#else - serial = get_serial_number(form_data); -#endif - cert = MakeV1Cert(handle, certReq, issuerNameStr, PR_FALSE, - serial, warpmonths, form_data); - if (certReq != NULL) { - CERT_DestroyCertificateRequest(certReq); - } - if (find_field_bool(form_data, "ver-3", PR_TRUE)) { - status = add_extensions(cert, form_data, issuerNameStr, handle); - if (status != SECSuccess) { - error_out("ERROR: Unable to add extensions"); - } - } - status = cert_GetKeyID(cert); - if (status == SECFailure) { - error_out("ERROR: Unable to get Key ID."); - } - certDER = SignCert(cert, issuerNameStr, form_data, handle, which_key); - CERT_NewTempCertificate(handle, certDER, NULL, PR_FALSE, PR_TRUE); - issuerNameStr = find_field(form_data, "subject", PR_TRUE); - /* SECITEM_FreeItem(certDER, PR_TRUE); */ - CERT_DestroyCertificate(cert); - if (i == (chainLen - 1)) { - i = 8; - } - ++which_key; - } while (i < 9 && UChain); - -#ifdef FILEOUT - outfile = fopen("../certout", "wb"); -#endif - certName = find_field(form_data, "subject", PR_FALSE); - cert = CERT_FindCertByNameString(handle, certName); - certChain = SEC_PKCS7CreateCertsOnly(cert, PR_TRUE, handle); - if (certChain == NULL) { - error_out("ERROR: No certificates in cert chain"); - } - encodedCertChain = SEC_PKCS7EncodeItem(NULL, NULL, certChain, NULL, NULL, - NULL); - if (encodedCertChain) { -#if !defined(FILEOUT) - printf("Content-type: application/x-x509-user-cert\r\n"); - printf("Content-length: %d\r\n\r\n", encodedCertChain->len); - fwrite(encodedCertChain->data, 1, encodedCertChain->len, stdout); -#else - fwrite(encodedCertChain->data, 1, encodedCertChain->len, outfile); -#endif - - } else { - error_out("Error: Unable to DER encode certificate"); - } -#ifdef FILEOUT - printf("\nI got here!\n"); - fflush(outfile); - fclose(outfile); -#endif - fflush(stdout); - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - return 0; -} diff --git a/security/nss/cmd/certcgi/certcgi.gyp b/security/nss/cmd/certcgi/certcgi.gyp deleted file mode 100644 index 5ad2893e0..000000000 --- a/security/nss/cmd/certcgi/certcgi.gyp +++ /dev/null @@ -1,33 +0,0 @@ -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -{ - 'includes': [ - '../../coreconf/config.gypi', - '../../cmd/platlibs.gypi' - ], - 'targets': [ - { - 'target_name': 'certcgi', - 'type': 'executable', - 'sources': [ - 'certcgi.c' - ], - 'dependencies': [ - '<(DEPTH)/exports.gyp:dbm_exports', - '<(DEPTH)/exports.gyp:nss_exports', - '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3' - ] - } - ], - 'target_defaults': { - 'defines': [ - 'NSPR20', - 'NSS_USE_STATIC_LIBS' - ] - }, - 'variables': { - 'module': 'nss', - 'use_static_libs': 1 - } -}
\ No newline at end of file diff --git a/security/nss/cmd/certcgi/index.html b/security/nss/cmd/certcgi/index.html deleted file mode 100644 index 3ae6a10d4..000000000 --- a/security/nss/cmd/certcgi/index.html +++ /dev/null @@ -1,789 +0,0 @@ -<HTML> <!-- -*- Mode: Java; tab-width: 8 -*- --> -<!-- This Source Code Form is subject to the terms of the Mozilla Public - - License, v. 2.0. If a copy of the MPL was not distributed with this - - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<HEAD> -<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> -<SCRIPT LANGUAGE="JavaScript1.2"> - -script_url = 'http://interzone.mcom.com/cgi-bin/certomatic/bin/certcgi.cgi' - -ext_page_ver1 = - make_page_intro('Version 1 extensions', "#FFFFFF") + - '<IFRAME WIDTH="100%" HEIGHT="100%" FRAMEBORDER=0 ID="ext1">' + - 'Version 1 X.509 certs do not support extensions' + - '</IFRAME>' + - '</body></html>'; - -num_ca = 0; - -your_certificate_index_label = 'Your Certificate'; -netscape_extensions_index_label = 'Netscape X.509 Extensions'; -standard_extensions_index_label = 'Standard X.509 Extensions'; -certifying_authorities_index_label = 'Certifying Authorities'; -add_sub_alt_name_index_label = 'Add Subject Alternative Name'; - -index_list = - '0, your_certificate_index_label,' + - '0, netscape_extensions_index_label,' + - '0, standard_extensions_index_label,' + - '0, certifying_authorities_index_label'; - -add_index_list = ''; - -ver = 3 - -max_pages = 13; -cur_page = 1; - -ext_page_array = new Array(max_pages); - -index_label = 'Options'; - -var main_page = - make_page_intro('Your Key', "#FFFFFF") + - '<IFRAME WIDTH="100%" HEIGHT="100%" FRAMEBORDER=0 ID="main" SRC="main.html">' + - '</IFRAME>' + - '</body></html>' ; - -function setSubAltNameType(form) -{ - with(form) { - if (SubAltNameRadio[0].checked) { - return true; - } - if (SubAltNameRadio[3].checked || SubAltNameRadio[5].checked) { - SubAltNameDataType.checked = true; - return true; - } - if (SubAltNameRadio[1].checked || SubAltNameRadio[2].checked || - SubAltNameRadio[4].checked || SubAltNameRadio[6].checked || - SubAltNameRadio[7].checked || SubAltNameRadio[8].checked) { - SubAltNameDataType.checked = false; - return true; - } - } - return true; -} - -function setIssuerAltNameType(form) -{ - with(form) { - if (IssuerAltNameRadio[0].checked) { - return true; - } - if (IssuerAltNameRadio[3].checked || IssuerAltNameRadio[5].checked) { - IssuerAltNameDataType.checked = true; - return true; - } - if (IssuerAltNameRadio[1].checked || IssuerAltNameRadio[2].checked || - IssuerAltNameRadio[4].checked || IssuerAltNameRadio[6].checked || - IssuerAltNameRadio[7].checked || IssuerAltNameRadio[8].checked) { - IssuerAltNameDataType.checked = false; - return true; - } - } - return true; -} - - -function setNameConstraintNameType(form) -{ - with(form) { - if (NameConstraintRadio[0].checked) { - return true; - } - if (NameConstraintRadio[3].checked || NameConstraintRadio[5].checked) { - NameConstraintNameDataType.checked = true; - return true; - } - if (NameConstraintRadio[1].checked || NameConstraintRadio[2].checked || - NameConstraintRadio[4].checked || NameConstraintRadio[6].checked || - NameConstraintRadio[7].checked || NameConstraintRadio[8].checked) { - NameConstraintNameDataType.checked = false; - return true; - } - } - return true; -} - - -function addSubAltName(form) -{ - with(form) { - var len = SubAltNameSelect.length; - var value; - var i = 0; - while(!(i == (SubAltNameRadio.length - 1)) & - !(SubAltNameRadio[i].checked == true)) { - i++; - } - if (i != 0) { - value = SubAltNameText.value + " - " + (i + 1); - } else { - value = SubAltNameText.value + " - " + - SubAltNameOtherNameOID.value + " - "; - if (SubAltNameDataType.checked) { - value += "1 - "; - } else { - value += "0 - "; - } - value += (i + 1); - if (SubAltNameOtherNameOID.value == "") { - alert("Other names must include an OID"); - return false; - } - } - - if ((SubAltNameText.value == "") | (SubAltNameRadio[i].checked != true)) { - alert("Alternative Names must include values for name and name type."); - } else { - SubAltNameSelect.options[len] = new Option(value, value); - } - } - return true; -} - -function deleteSubAltName(form) -{ - with(form) { - while (SubAltNameSelect.selectedIndex >= 0) { - SubAltNameSelect[SubAltNameSelect.selectedIndex] = null; - } - } -} - -function addIssuerAltName(form) -{ - with(form) - { - var len = IssuerAltNameSelect.length; - var value; - var i = 0; - - while(!(i == (IssuerAltNameRadio.length -1)) & - !(IssuerAltNameRadio[i].checked == true)) { - i++; - } - if (i != 0) { - value = IssuerAltNameText.value + " - " + (i + 1); - } else { - value = IssuerAltNameText.value + " - " + - IssuerAltNameOtherNameOID.value + " - "; - if (IssuerAltNameDataType.checked) { - value += "1 - "; - } else { - value += "0 - "; - } - value += (i + 1); - if (IssuerAltNameOtherNameOID.value == "") { - alert("Other names must include an OID"); - return false; - } - } - if ((IssuerAltNameText.value == "") | - (IssuerAltNameRadio[i].checked != true)) { - alert("Alternative Names must include values for name and name type.") - } else { - IssuerAltNameSelect.options[len] = new Option(value, value); - } - } - return true; -} - -function deleteIssuerAltName(form) -{ - with(form) { - while (IssuerAltNameSelect.selectedIndex >= 0) { - IssuerAltNameSelect[IssuerAltNameSelect.selectedIndex] = null; - } - } -} - - - -function addNameConstraint(form) -{ - with(form) { - var len = NameConstraintSelect.length; - var value; - var i = 0; - var min = NameConstraintMin.value; - var max = NameConstraintMax.value; - - while(!(i == (NameConstraintRadio.length - 1) ) & - !(NameConstraintRadio[i].checked == true)) { - i++; - } - value = NameConstraintText.value + " - "; - if (i == 0) { - value += NameConstraintOtherNameOID.value + " - "; - if (NameConstraintNameDataType.checked) { - value += "1 - "; - } else { - value += "0 - "; - } - if (NameConstraintOtherNameOID.value == "") { - alert("Other names must include an OID"); - return false; - } - } - value += (i + 1) + " - "; - if (NameConstraintTypeRadio[0].checked == true) { - value += "p - "; - } else { - value += "e - "; - } - value += min + " - " + max; - if ((min == "") | (NameConstraintText.value == "") | - (NameConstraintRadio[i].checked != true)) { - alert("Name Constraints must include values for minimum, name, and name type.") - } else { - NameConstraintSelect.options[len] = new Option(value, value); - } - } - return true; -} - -function deleteNameConstraint(form) -{ - with(form) { - while (NameConstraintSelect.selectedIndex >= 0) { - NameConstraintSelect[NameConstraintSelect.selectedIndex] = null; - } - } -} - - -function submit_it() -{ - save_cur_page(cur_page); - - var ver1 = (ver == 1); - var ver3 = (ver == 3); - var array_string; - var serial = ext_page_array[0][10][0]; - var serial_number = ext_page_array[0][12][0]; - var manValidity = ext_page_array[0][19][0]; - var notBefore = ext_page_array[0][20][0]; - var notAfter = ext_page_array[0][21][0]; - var subject = ext_page_array[0][22][0]; - - if (subject == "") { - alert("The DN field must contain some data"); - return false; - } - if (!serial & serial_number == "") { - alert("No serial number specified"); - return false; - } - if (ext_page_array[0][15][0]) { - var keygen = "<keygen name=\"key\" challenge=\"foo\">"; - } else { - switch (ext_page_array[0][17][0]) { - case 2: - var keygen = "<keygen keytype=\"dsa\" pqg=\"MIGdAkEAjfKklEkidqo9JXWbsGhpy+rA2Dr7jQz3y7gyTw14guXQdi/FtyEOr8Lprawyq3qsSWk9+/g3JMLsBzbuMcgCkQIVAMdzIYxzfsjumTtPLe0w9I7azpFfAkEAYm0CeDnqChNBMWOlW0y1ACmdVSKVbO/LO/8Q85nOLC5xy53l+iS6v1jlt5UhklycxC6fb0ZLCIzFcq9T5teIAg==\" name=\"key\" challenge=\"foo\">"; - break; - case 1: - var keygen = "<keygen keytype=\"dsa\" pqg=\"MIHaAmDCboVgX0+6pEeMlbwsasWDVBcJNHPKMzkq9kbCRK2U3k+tE15n+Dc2g3ZjDYr1um51e2iLC34/BwAAAAAAAAAAAAAAAAAAAAAAAAABbBhnlFN5Djmt0Mk8cdEBY5H8iPMCFMhUnFtbpjn3EyfH2DjVg3ALh7FtAmA2zWzhpeCwvOTjYnQorlXiv0WcnSiWmaC79CRYkFt5i+UEfRxwP1eNGJBVB1T+CPW6JGd4WhgsqtSf53pn5DEtv++O7lNfXyOhWhb3KaWHYIx8fuAXtioIWkWmpfEIVZA=\" name=\"key\" challenge=\"foo\">"; - break; - case 0: - var keygen = "<keygen keytype=\"dsa\" pqg=\"MIIBHAKBgId8SiiWrcdua5zbsBhPkKfFcnHBG7T/bQla7c6OixGjjmSSuq2fJLvMKa579CaxHxLZzZZXIHmAk9poRgWl2GUUkCJ68XSum8OQzDPXPsofcEdeANjw3mIAAAAAAAAAAAAAAAAAAAAAAAAIE+MkW5hguLIQqWvEVi9dMpbNu6OZAhTIA+y3TgyiwA0D8pt686ofaL1IOQKBgAiZQC6UCXztr2iXxJrAC+51gN5oX/R9Thilln9RGegsWnHrdxUOpcm5vAWp1LU8TOXtujE8kqkm3UxIRhUWQORe9IxLANAXmZJqkw9FEVHkxj6Cy9detwT2MyBzSwS6avsf7aLisgHmI/IHSeapJsQ3NQa3rikb6zRiqIV+TVa6\" name=\"key\" challenge=\"foo\">"; - break; - } - } - array_string = build_array_string(); - hiddens = "<input type=\"hidden\" name=\"subject\" value=\'" + subject + "\'> \n" + - "<input type=\"hidden\" name=\"serial-auto\" value=\"" + serial + "\"> \n" + - "<input type=\"hidden\" name=\"serial_value\" value=\"" + serial_number + "\"> \n" + - "<input type=\"hidden\" name=\"ver-1\" value=\"" + ver1 + "\"> \n" + - "<input type=\"hidden\" name=\"ver-3\" value=\"" + ver3 + "\"> \n" + - "<input type=\"hidden\" name=\"notBefore\" value=\"" + notBefore + "\"> \n" + - "<input type=\"hidden\" name=\"notAfter\" value=\"" + notAfter + "\"> \n" + - "<input type=\"hidden\" name=\"manValidity\" value=\"" + manValidity + "\"> \n" + - array_string; - - var good_submit_page = - '<html>' + - '<BODY TEXT="#000000" LINK="#000000" VLINK="#000000" ALINK="#FF0000" BGCOLOR="#FFFFFF">' + - '<form method="post" action="' + script_url + '">' + - 'Select size for your key:' + keygen + '</p>' + - '<input type="submit"></p>' + - hiddens + - '</form>\n' + - '</body>\n' + - '</html>\n'; - - window.frames['right'].document.write(good_submit_page); - window.frames['right'].document.close(); - cur_page = max_pages + 1; - make_left_frame(window); - return false; -} - - - -function build_array_string() -{ - var pg; - var array_string = ''; - var pages; - - if ((ext_page_array[3][4][0] > 0) && ext_page_array[3][3][0]) { - pages = 4 + parseInt(ext_page_array[3][4][0]); - } else { - pages = 4; - } - for (pg = 1; pg < pages; pg++) { - if ((pg > 1 || (ver == 3)) && (ext_page_array[pg].length > 1)) { - if (pg < 4) { - for (i = 0; i < ext_page_array[pg].length; i++) { - if (ext_page_array[pg][i][3].indexOf("radio") == -1) { - if (ext_page_array[pg][i][3].indexOf("multiple") == -1) { - array_string += '<input type=\"hidden\" name=\"' + - ext_page_array[pg][i][1] + '\" value=\'' + - ext_page_array[pg][i][0] + '\'> \n'; - } else { - for (k = 0; k < ext_page_array[pg][i][0].length; k++) { - array_string += '<input type=\"hidden\" name=\"' + - ext_page_array[pg][i][1] + k + '\" value=\'' + - ext_page_array[pg][i][0][k] + '\'> \n'; - } - } - } else { - array_string += '<input type=\"hidden\" name=\"' + - ext_page_array[pg][i][1] + '-' + - ext_page_array[pg][i][2] + '\" value=\'' + - ext_page_array[pg][i][0] + '\'> \n'; - } - } - } else { - for (i = 0; i < ext_page_array[pg].length; i++) { - if (ext_page_array[pg][i][3].indexOf("radio") == -1) { - if (ext_page_array[pg][i][3].indexOf("multiple") == -1) { - array_string += '<input type=\"hidden\" name=\"' + - 'CA#' + (pg - 3) + '-' + - ext_page_array[pg][i][1] + '\" value=\'' + - ext_page_array[pg][i][0] +'\'> \n'; - } else { - for (k = 0; k < ext_page_array[pg][i][0].length; k++) { - array_string += '<input type=\"hidden\" name=\"' + - 'CA#' + (pg - 3) + '-' + - ext_page_array[pg][i][1] + k + '\" value=\'' + - ext_page_array[pg][i][0][k] + '\'> \n'; - } - } - } else { - array_string += '<input type=\"hidden\" name=\"' + - 'CA#' + (pg - 3) + '-' + - ext_page_array[pg][i][1] + '-' + - ext_page_array[pg][i][2] + '\" value=\'' + - ext_page_array[pg][i][0] + '\'> \n'; - } - } - } - } - } - return array_string; -} - - - -function init_ext_page_array() -{ - for (i = 0; i < max_pages; i++) { - ext_page_array[i] = ''; - } -} - -function ca_num_change(n,ca_form) -{ - with(ca_form) { - n = parseInt(n,10); - if (caChoiceradio[2].checked) { - if (n) { - update_left_frame(n); - } else { - update_left_frame(0); - } - } - } -} - -function choice_change(ca_form) -{ - with(ca_form) { - if (caChoiceradio[2].checked) { - ca_num_change(manCAs.value,ca_form); - } else { - update_left_frame(0); - } - } -} - -function update_left_frame(n) -{ - var add_string = ''; - for (var i = 0; i < n; i++) { - var j = i + 1; - add_string = add_string + ',1, \'CA #' + j + '\''; - } - top.add_index_list = add_string; - num_ca = n; - make_left_frame(window); -} - -function set_ver1() -// redraws the extensions page for version 1 certificates -{ - ver = 1 - if (cur_page == 2 || cur_page == 3) { - switch_right_frame(window, cur_page, cur_page); - } -} - - -function set_ver3() -// redraws the extensions page for version 3 certificates -{ - ver = 3 - if (cur_page == 2) { - switch_right_frame(window, 0, 2); - } else if (cur_page == 3) { - switch_right_frame(window, 0, 3); - } -} - -function reset_subject(marker, value, form) -// Updates the subject field from a subordinate field -{ - with(form) { - var field_sep = '", '; - var begin_index = subject.value.indexOf(marker); - if (begin_index != 0 && subject.value[begin_index - 1] != ' ') { - begin_index = subject.value.indexOf(marker, begin_index +1); - } - var end_index = subject.value.indexOf(field_sep, begin_index); - if (begin_index > -1) { // is it a delete/change? - if (end_index == -1) { // is it the last one (includes only one)? - if (value.length > 0) { // do I have to change it? - if (begin_index == 0) { // is is the only one? - subject.value = marker + '"' + value + '"'; - } else { // it is the last of many - subject.value = subject.value.substring(0,begin_index) + - marker + '"' + value + '"'; - } - } else { // must be a delete - if (begin_index == 0) { // is it the only one? - begin_index += 2; - } - subject.value = subject.value.substring(0,(begin_index - 2)); - } - } else { // it is the first of many or a middle one - if (value.length >0) { // do I have to change it? - subject.value = - subject.value.substring(0,(begin_index + marker.length + 1)) + - value + subject.value.substring(end_index,subject.length); - } else { // it is a delete - subject.value = subject.value.substring(0,begin_index) + - subject.value.substring((end_index + 3),subject.length); - } - } - } else { // It is either an insert or a do nothing - if (value.length > 0) { // is it an insert? - if (subject.value.length == 0) { // is subject currently empty? - subject.value = marker + '"' + value + '"'; - } else { - subject.value = subject.value + ', ' + marker + '"' + value + '"'; - } - } - } - } -} - - - -function reset_subjectFields(form) -// updates all the subordinate fields from the subject field of a form -// **** move the strings to global variables, to make maintentance easier **** -{ - - update_subject_Field(form, 'CN=\"', form.name); - update_subject_Field(form, 'MAIL=\"', form.email); - update_subject_Field(form, 'O=\"', form.org); - update_subject_Field(form, 'C=\"', form.country); - update_subject_Field(form, ' L=\"', form.loc); - update_subject_Field(form, 'ST=\"', form.state); - update_subject_Field(form, 'E=\"', form.email); - update_subject_Field(form, 'OU=\"', form.org_unit); - update_subject_Field(form, 'UID=\"', form.uid); -} - -function update_subject_Field(form, marker, update_field) -//updates a single subordinate field from the subject field of a form -// *** need to deal with the two types of e-mail addresses ************** -{ - with(form) { - var field_sep = '", '; - var begin_index = subject.value.indexOf(marker) + marker.length; - var end_index = subject.value.indexOf(field_sep, begin_index); - if (end_index == -1) { - end_index = subject.value.indexOf('"',begin_index); - } - if (begin_index != (-1 + marker.length) ) { - update_field.value = subject.value.substring(begin_index, end_index); - } else { - update_field.value = ''; - } - } -} - - -function switch_mail(form) -// **** Do I want to delete the other type of e-mail address ? ************ -{ - if (form.email_type[0].checked) { - var del = 'E='; - var ins = 'MAIL='; - } else { - var del = 'MAIL='; - var ins = 'E='; - } - reset_subject(del, '', form); - reset_subject(ins, form.email.value, form); -} - -function make_page_intro(title, bgcolor) -{ - var style = '<STYLE TYPE="text/css">BODY{' + - 'font-family: Geneva,MS Sans Serif,Arial,Lucida,Helvetica,sans-serif;' + - 'font-size: 10pt;' + - '}' + - 'TD{' + - 'font-family: Geneva,MS Sans Serif,Arial,Lucida,Helvetica,sans-serif;' + - 'font-size: 10pt;}' + - '</STYLE>'; - - if (bgcolor == null) { bgcolor = "#C0C0C0"; } - return '<HTML><HEAD>' + - '<TITLE>' + title + '</TITLE>' + - '</HEAD>' + - '<BODY TEXT="#000000" LINK="#000000" VLINK="#000000" ALINK="#FF0000" ' + - 'BGCOLOR="' + bgcolor + '">'; -} - - -function make_left_frame(window) -{ - with (window.frames['index']) { - eval ('index_string = make_left_frame_page(cur_page, ' - + index_list + add_index_list + ' )'); - fool1 = make_page_intro(index_label, "#FFFFFF") + - index_string + '</BODY></HTML>'; - document.write(fool1); - document.close(); - } -} - - -function save_cur_page(page_number) -{ - var len; - var pg = page_number - 1; - if (window.frames['right'].document.forms.length != 0) { - with (window.frames['right'].document) { - if ((page_number != 2 && page_number != 3 && page_number <= max_pages) || - ver == 3) { - ext_page_array[pg] = new Array(forms[0].elements.length); - for (i = 0; i < forms[0].elements.length; i++) { - ext_page_array[pg][i] = new Array(4); - switch (forms[0].elements[i].type) { - case 'radio': - case 'checkbox': - ext_page_array[pg][i][0] = forms[0].elements[i].checked; - break; - case 'select-one': - ext_page_array[pg][i][0] = forms[0].elements[i].selectedIndex; - break; - case 'select-multiple': - len = forms[0].elements[i].options.length; - ext_page_array[pg][i][0] = new Array(len); - for(k = 0; k < len; k++) { - ext_page_array[pg][i][0][k] = forms[0].elements[i].options[k].value; - } - break; - default: - ext_page_array[pg][i][0] = forms[0].elements[i].value; - } - ext_page_array[pg][i][1] = forms[0].elements[i].name; - ext_page_array[pg][i][2] = forms[0].elements[i].value; - ext_page_array[pg][i][3] = forms[0].elements[i].type; - } - } - } - } -} - -function reload_form(page_number) -{ - var j = page_number - 1; - with (window.frames['right'].document) { - if (((page_number < 2 || page_number > 3) || ver == 3) - && page_number != 0 && (ext_page_array[j].length > 1)) { - for (i = 0; i < ext_page_array[j].length; i++) { - switch (forms[0].elements[i].type) { - case 'radio': case 'checkbox': - forms[0].elements[i].checked = ext_page_array[j][i][0]; - break; - case 'select-one': - forms[0].elements[i].selectedIndex = ext_page_array[j][i][0]; - break; - case 'select-multiple': - for (k = 0; k < ext_page_array[j][i][0].length; k++) { - forms[0].elements[i].options[k] = - new Option(ext_page_array[j][i][0][k], - ext_page_array[j][i][0][k]); - } - break; - default: - forms[0].elements[i].value = ext_page_array[j][i][0]; - } - } - } - } -} - -function switch_right_frame(top_window, old_pane, new_pane) -{ - var ext_page_stnd = - make_page_intro(standard_extensions_index_label, "#FFFFFF") + - '<IFRAME WIDTH="100%" HEIGHT="100%" FRAMEBORDER=0 ID="ext" ' + - 'SRC="stnd_ext_form.html">' + - '</IFRAME></body></html>'; - - var ext_page_nscp = - make_page_intro(netscape_extensions_index_label, "#FFFFFF") + - '<IFRAME WIDTH="100%" HEIGHT="100%" FRAMEBORDER=0 ID="ext" ' + - 'SRC="nscp_ext_form.html">' + - '</IFRAME></body></html>'; - - var ext_page_ca = - make_page_intro(certifying_authorities_index_label, "#FFFFFF") + - '<IFRAME WIDTH="100%" HEIGHT="100%" FRAMEBORDER=0 ID="ext" ' + - 'SRC="ca.html">' + - '</IFRAME></body</html>'; - - var ext_page_ca_exp = - make_page_intro('Certifying Authority Details', "#FFFFFF") + - '<IFRAME WIDTH="100%" HEIGHT="100%" FRAMEBORDER=0 ID="ext" ' + - 'SRC="ca_form.html">' + - '</IFRAME></body></html>'; - - - if (old_pane > 0 && cur_page <= max_pages) { - save_cur_page(old_pane); - } - cur_page = new_pane; - make_left_frame(top_window); - if (new_pane == 2 || new_pane == 3) { - if (ver == 1) { - frames['right'].document.write(ext_page_ver1); - frames['right'].document.close(); - } else if (new_pane == 2) { - frames['right'].document.write(ext_page_nscp); - frames['right'].document.close(); - reload_form(new_pane); - } else { - frames['right'].document.write(ext_page_stnd); - frames['right'].document.close(); - reload_form(new_pane); - } - } else if (new_pane == 4) { - frames['right'].document.write(ext_page_ca); - frames['right'].document.close(); - reload_form(new_pane); - } else if (new_pane == 1) { - frames['right'].document.write(main_page); - frames['right'].document.close(); - reload_form(new_pane); - } else { - frames['right'].document.write(ext_page_ca_exp); - frames['right'].document.close(); - reload_form(new_pane); - } -} - -function make_left_frame_page(selected) -{ - var n_strings = ( make_left_frame_page.arguments.length - 1 ) / 2; - var table_background; - var command; - var indent; - var label; - var ret_string = ""; - - ret_string += '<TABLE CELLSPACING=4>'; - for ( var i = 1; i <= n_strings; i++ ) { - if ( i == selected ) { - table_background = 'BGCOLOR=#BBCCBB'; - } else { - table_background = ''; - } - - indent = make_left_frame_page.arguments[(i*2) - 1]; - label = make_left_frame_page.arguments[(i*2)]; - - if ( indent == 0 ) { - ret_string += ('<TR><TD COLSPAN=2 ' + table_background + '>'); - } else { - ret_string += ('<TR><TD> </TD><TD ' + table_background + '>'); - } - - command = "'parent.switch_right_frame(parent," + selected + "," + i + ")'"; - ret_string += ('<A HREF="javascript:void setTimeout(' + command + ',0)">'); - if ( indent == 0 ) { ret_string += "<B>"; } - ret_string += label; - if ( indent == 0 ) { ret_string += "</B>"; } - ret_string += '</A></TD></TR>'; - } - if (selected == (max_pages + 1)) { - table_background = 'BGCOLOR=#BBCCBB'; - } else { - table_background = ''; - } - ret_string += - '<TR><TD COLSPAN=2 ' + table_background + - '><b><A HREF="javascript:void setTimeout(\'top.submit_it()\', 0)">Finish</A></b>' + - '</TD></TR>' + - '<input type="submit"></form>' + - '</TABLE>'; - return(ret_string); -} - - -function make_page(window) -// Draws the initial page setup -{ - selected = cur_page - init_ext_page_array() - - with (window.frames['right']) { - location="main.html"; -// document.write(main_page); -// document.close(); - } - - make_left_frame(window); - -} -</script> - -</HEAD> -<title>Cert-O-Matic</title> - <FRAMESET cols="150,*" BORDER=3 ONLOAD="make_page(window)"> - <FRAME SRC="about:blank" ID="index" NAME="index" - MARGINWIDTH=15 MARGINHEIGHT=10 BORDER=3> - <FRAME SRC="about:blank" ID="right" NAME="right" - MARGINWIDTH=15 MARGINHEIGHT=10 BORDER=3> - </FRAMESET> -</HTML> diff --git a/security/nss/cmd/certcgi/main.html b/security/nss/cmd/certcgi/main.html deleted file mode 100644 index 05dd9daad..000000000 --- a/security/nss/cmd/certcgi/main.html +++ /dev/null @@ -1,76 +0,0 @@ -<HTML> -<!-- This Source Code Form is subject to the terms of the Mozilla Public - - License, v. 2.0. If a copy of the MPL was not distributed with this - - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> -<HEAD> - <TITLE>Main Layer for CertOMatic</TITLE> -</HEAD> - - <form method="post" name="primary_form" action="http://interzone.mcom.com/burp.cgi"> - <table border=0 cellspacing=10 cellpadding=0> - <tr> - <td> - Common Name:</td><td> <input type="text" name="name" onChange="{window.top.reset_subject('CN=', value, form)}"></p> - </td> - <td></td><td></td> - <td> - Organization: </td><td> <input type="text" name="org" onChange="{window.top.reset_subject('O=', value, form)}"></p></td> - <tr> - <td> - <input type="radio" name="email_type" value="1" onClick="window.top.switch_mail(form)">MAIL= - - <input type="radio" name="email_type" value="2" checked onClick="window.top.switch_mail(form)">E= - </td> - <td> - <input type="text" name="email" onChange="var temp;{if (email_type[0].checked) {temp = 'MAIL='} else {temp = 'E='}} ;{window.top.reset_subject(temp, value, form)}"> - </td> - <td></td><td></td><td> - Organizational Unit: </td><td><input type="text" name="org_unit" onChange="{window.top.reset_subject('OU=', value, form)}"></p></td> - <tr> - <td> - UID= </td><td><input type="text" name="uid" onChange="{window.top.reset_subject('UID=', value, form)}"></p></td> - <td></td><td></td><td> - Locality: </td><td><input type="text" name="loc" onChange="{window.top.reset_subject('L=', value, form)}"></p></td> - <tr> - <td> - State or Province: </td><td><input type="text" name="state" onChange="{window.top.reset_subject('ST=', value, form)}"></p></td> - <td></td><td></td><td> - Country: </td><td><input type="text" size="2" name="country" onChange="{window.top.reset_subject('C=', value, form)}" maxlength="2"></p></td> - <tr> - <td COLSPAN=2> - Serial Number: - <DD><input type="radio" name="serial" value="auto" checked> Auto Generate - <DD><input type="radio" name="serial" value="input"> - Use this hex value: <input type="text" name="serial_value" size="8" maxlength="8"></p> - </td> - <td></td> <td></td> - <td COLSPAN=2> - X.509 version: - <DD><input type="radio" name="ver" value="1" onClick="if (this.checked) {window.top.set_ver1();}"> Version 1 - <DD><input type="radio" name="ver" value="3" checked onClick="if (this.checked) {window.top.set_ver3();}"> Version 3</P></td> - <tr> - <td COLSPAN=2> - Key Type: - <DD><input type="radio" name="keyType" value="rsa" checked> RSA - <DD><input type="radio" name="keyType" value="dsa"> DSA</p> - Intermediate CA Key Sizes: - <DD><select name="keysize"> - <option>2048 (Very High Grade) - <option>1024 (High Grade) - <option>512 (Low Grade) - </select> - </td> - <td></td> <td></td> - <td COLSPAN=2> - Validity: - <DD><input type="radio" name="validity" value="auto" checked> - Generate Automatically - <DD><input type="radio" name="validity" value="man"> Use these values: - <DD>Not Before: <input type="text" size="15" maxlength="17" name="notBefore"> - <DD>Not After: <input type="text" size="15" maxlength="17" name="notAfter"> - <DD> - <FONT SIZE=-1><TT>YYMMDDhhmm[ss]{Z|+hhmm|-hhmm} </TT></FONT> - </table> - DN: <input type="text" name="subject" size="70" onChange="{window.top.reset_subjectFields(form)}"></P> - </form> -</HTML> diff --git a/security/nss/cmd/certcgi/manifest.mn b/security/nss/cmd/certcgi/manifest.mn deleted file mode 100644 index 9e17cef9d..000000000 --- a/security/nss/cmd/certcgi/manifest.mn +++ /dev/null @@ -1,22 +0,0 @@ -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -CORE_DEPTH = ../.. - -# MODULE public and private header directories are implicitly REQUIREd. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = certcgi.c - -PROGRAM = certcgi - -USE_STATIC_LIBS = 1 - diff --git a/security/nss/cmd/certcgi/nscp_ext_form.html b/security/nss/cmd/certcgi/nscp_ext_form.html deleted file mode 100644 index f2a4a20c3..000000000 --- a/security/nss/cmd/certcgi/nscp_ext_form.html +++ /dev/null @@ -1,84 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> -<html> -<!-- This Source Code Form is subject to the terms of the Mozilla Public - - License, v. 2.0. If a copy of the MPL was not distributed with this - - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> - - <body> - <table border=1 cellspacing=5 cellpadding=5> - <form method="post" name="primary_form" action="http://interzone.mcom.com/burp.cgi"> - <tr> - <td> - <b>Netscape Certificate Type: </b></p> - Activate extension: <input type="checkbox" name="netscape-cert-type"></P> - Critical: <input type="checkbox" name="netscape-cert-type-crit"> - <td> - <input type="checkbox" name="netscape-cert-type-ssl-client"> SSL Client</P> - <input type="checkbox" name="netscape-cert-type-ssl-server"> SSL Server</P> - <input type="checkbox" name="netscape-cert-type-smime"> S/MIME</P> - <input type="checkbox" name="netscape-cert-type-object-signing"> Object Signing</P> - <input type="checkbox" name="netscape-cert-type-reserved"> Reserved for future use (bit 4)</P> - <input type="checkbox" name="netscape-cert-type-ssl-ca"> SSL CA</P> - <input type="checkbox" name="netscape-cert-type-smime-ca"> S/MIME CA</P> - <input type="checkbox" name="netscape-cert-type-object-signing-ca"> Object Signing CA</P> - </tr> - <tr> - <td> - <b>Netscape Base URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-base-url"></P> - Critical: <input type="checkbox" name="netscape-base-url-crit"> - <td> - <input type="text" name="netscape-base-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape Revocation URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-revocation-url"></P> - Critical: <input type="checkbox" name="netscape-revocation-url-crit"> - <td> - <input type="text" name="netscape-revocation-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape CA Revocation URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-ca-revocation-url"></P> - Critical: <input type="checkbox" name="netscape-ca-revocation-url-crit"> - <td> - <input type="text" name="netscape-ca-revocation-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape Certificate Renewal URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-cert-renewal-url"></P> - Critical: <input type="checkbox" name="netscape-cert-renewal-url-crit"> - <td> - <input type="text" name="netscape-cert-renewal-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape CA Policy URL:</b></p> - Activate extension: <input type="checkbox" name="netscape-ca-policy-url"></P> - Critical: <input type="checkbox" name="netscape-ca-policy-url-crit"> - <td> - <input type="text" name="netscape-ca-policy-url-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape SSL Server Name:</b></p> - Activate extension: <input type="checkbox" name="netscape-ssl-server-name"></P> - Critical: <input type="checkbox" name="netscape-ssl-server-name-crit"> - <td> - <input type="text" name="netscape-ssl-server-name-text" size="50"> - </tr> - <tr> - <td> - <b>Netscape Comment:</b></p> - Activate extension: <input type="checkbox" name="netscape-comment"></P> - Critical: <input type="checkbox" name="netscape-comment-crit"> - <td> - <textarea name="netscape-comment-text" rows="5" cols="50"></textarea> - </tr> - - </table> - </body> -</html> diff --git a/security/nss/cmd/certcgi/stnd_ext_form.html b/security/nss/cmd/certcgi/stnd_ext_form.html deleted file mode 100644 index 60d4d86a0..000000000 --- a/security/nss/cmd/certcgi/stnd_ext_form.html +++ /dev/null @@ -1,219 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> -<html> -<!-- This Source Code Form is subject to the terms of the Mozilla Public - - License, v. 2.0. If a copy of the MPL was not distributed with this - - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> - - <body> - <table border=1 cellspacing=5 cellpadding=5> - <form method="post" name="primary_form" action="http://interzone.mcom.com/burp.cgi"> - <tr> - <td> - <b>Key Usage: </b></p> - Activate extension: <input type="checkbox" name="keyUsage"></P> - Critical: <input type="checkbox" name="keyUsage-crit"> - <td> - <input type="checkbox" name="keyUsage-digitalSignature"> Digital Signature</P> - <input type="checkbox" name="keyUsage-nonRepudiation"> Non Repudiation</P> - <input type="checkbox" name="keyUsage-keyEncipherment"> Key Encipherment</P> - <input type="checkbox" name="keyUsage-dataEncipherment"> Data Encipherment</P> - <input type="checkbox" name="keyUsage-keyAgreement"> Key Agreement</P> - <input type="checkbox" name="keyUsage-keyCertSign"> Key Certificate Signing</P> - <input type="checkbox" name="keyUsage-cRLSign"> CRL Signing</P> - </tr> - <tr> - <td> - <b>Extended Key Usage: </b></p> - Activate extension: <input type="checkbox" name="extKeyUsage"></P> - Critical: <input type="checkbox" name="extKeyUsage-crit"> - <td> - <input type="checkbox" name="extKeyUsage-serverAuth"> Server Auth</P> - <input type="checkbox" name="extKeyUsage-clientAuth"> Client Auth</P> - <input type="checkbox" name="extKeyUsage-codeSign"> Code Signing</P> - <input type="checkbox" name="extKeyUsage-emailProtect"> Email Protection</P> - <input type="checkbox" name="extKeyUsage-timeStamp"> Timestamp</P> - <input type="checkbox" name="extKeyUsage-ocspResponder"> OCSP Responder</P> - <input type="checkbox" name="extKeyUsage-NS-govtApproved"> Step-up</P> - <input type="checkbox" name="extKeyUsage-msTrustListSign"> Microsoft Trust List Signing</P> - </tr> - <tr> - <td> - <b>Basic Constraints:</b></p> - Activate extension: <input type="checkbox" name="basicConstraints"></P> - Critical: <input type="checkbox" name="basicConstraints-crit"> - <td> - CA:</p> - <dd><input type=radio name="basicConstraints-cA-radio" value="CA"> True</p> - <dd><input type=radio name="basicConstraints-cA-radio" value="NotCA"> False</p> - <input type="checkbox" name="basicConstraints-pathLengthConstraint"> - Include Path length: <input type="text" name="basicConstraints-pathLengthConstraint-text" size="2"></p> - </tr> - <tr> - <td> - <b>Authority Key Identifier:</b></p> - Activate extension: <input type="checkbox" name="authorityKeyIdentifier"> - <td> - <input type="radio" name="authorityKeyIdentifier-radio" value="keyIdentifier"> Key Identider</p> - <input type="radio" name="authorityKeyIdentifier-radio" value="authorityCertIssuer"> Issuer Name and Serial number</p> - </tr> - <tr> - <td> - <b>Subject Key Identifier:</b></p> - Activate extension: <input type="checkbox" name="subjectKeyIdentifier"> - <td> - Key Identifier: - <input type="text" name="subjectKeyIdentifier-text"></p> - This is an:<p> - <dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="ascii"> ascii text value<p> - <dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="hex"> hex value<p> - </tr> - <tr> - <td> - <b>Private Key Usage Period:</b></p> - Activate extension: <input type="checkbox" name="privKeyUsagePeriod"></p> - Critical: <input type="checkbox" name="privKeyUsagePeriod-crit"> - <td> - Use:</p> - <dd><input type="radio" name="privKeyUsagePeriod-radio" value="notBefore"> Not Before</p> - <dd><input type="radio" name="privKeyUsagePeriod-radio" value="notAfter"> Not After</p> - <dd><input type="radio" name="privKeyUsagePeriod-radio" value="both" > Both</p> - <b>Not to be used to sign before:</b></p> - <dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="auto"> Set to time of certificate issue</p> - <dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="manual"> Use This value</p> - <dd><dd>(YYYY/MM/DD HH:MM:SS): - <input type="text" name="privKeyUsagePeriod-notBefore-year" size="4" maxlength="4">/ - <input type="text" name="privKeyUsagePeriod-notBefore-month" size="2" maxlength="2">/ - <input type="text" name="privKeyUsagePeriod-notBefore-day" size="2" maxlength="2"> - <input type="text" name="privKeyUsagePeriod-notBefore-hour" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notBefore-minute" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notBefore-second" size="2" maxlength="2"></p> - <b>Not to be used to sign after:</b></p> - <dd>(YYYY/MM/DD HH:MM:SS): - <input type="text" name="privKeyUsagePeriod-notAfter-year" size="4" maxlength="4">/ - <input type="text" name="privKeyUsagePeriod-notAfter-month" size="2" maxlength="2">/ - <input type="text" name="privKeyUsagePeriod-notAfter-day" size="2" maxlength="2"> - <input type="text" name="privKeyUsagePeriod-notAfter-hour" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notAfter-minute" size="2" maxlength="2">: - <input type="text" name="privKeyUsagePeriod-notAfter-second" size="2" maxlength="2"></p> - </tr> - <tr> - <td> - <b>Subject Alternative Name:</b></p> - Activate extension: <input type="checkbox" name="SubAltName"></P> - Critical: <input type="checkbox" name="SubAltName-crit"> - <td> - <table> - <tr> - <td> - General Names:</p> - <select name="SubAltNameSelect" multiple size="10"> - </select></p></p> - <input type="button" name="SubAltName-add" value="Add" onClick="{parent.addSubAltName(this.form)}"> - <input type="button" name="SubAltName-delete" value="Delete" onClick="parent.deleteSubAltName(this.form)"> - </td><td> - <table><tr><td> - Name Type: </td></tr><tr><td> - <input type="radio" name="SubAltNameRadio" value="otherName" onClick="parent.setSubAltNameType(form)"> Other Name, - OID: <input type="text" name="SubAltNameOtherNameOID" size="6"> </td><td> - <input type="radio" name="SubAltNameRadio" value="rfc822Name" onClick="parent.setSubAltNameType(form)"> RFC 822 Name</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="dnsName" onClick="parent.setSubAltNameType(form)"> DNS Name </td><td> - <input type="radio" name="SubAltNameRadio" value="x400" onClick="parent.setSubAltNameType(form)"> X400 Address</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="directoryName" onClick="parent.setSubAltNameType(form)"> Directory Name</td><td> - <input type="radio" name="SubAltNameRadio" value="ediPartyName" onClick="parent.setSubAltNameType(form)"> EDI Party Name</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="URL" onClick="parent.setSubAltNameType(form)"> Uniform Resource Locator</td><td> - <input type="radio" name="SubAltNameRadio" value="ipAddress" onClick="parent.setSubAltNameType(form)"> IP Address</td></tr><td> - <input type="radio" name="SubAltNameRadio" value="regID"onClick="parent.setSubAltNameType(form)"> Registered ID</td><td> - <input type="radio" name="SubAltNameRadio" value="nscpNickname" onClick="parent.setSubAltNameType(form)"> Netscape Certificate Nickname</td><td></tr> - </table> - Name: <input type="text" name="SubAltNameText"> - Binary Encoded: <input type="checkbox" name="SubAltNameDataType" value="binary" onClick="parent.setSubAltNameType(form)"></p> - </tr> - </table> - </tr> - - - <tr> - <td> - <b>Issuer Alternative Name:</b></p> - Activate extension: <input type="checkbox" name="IssuerAltName"></P> - Critical: <input type="checkbox" name="IssuerAltName-crit"> - <td> - <input type="radio" name="IssuerAltNameSourceRadio" value="auto"> Use the Subject Alternative Name from the Issuers Certificate</p> - <input type="radio" name="IssuerAltNameSourceRadio" value="man"> Use this Name: - <table> - <tr> - <td> - General Names:</p> - <select name="IssuerAltNameSelect" multiple size="10"> - </select></p></p> - <input type="button" name="IssuerAltName-add" value="Add" onClick="{parent.addIssuerAltName(this.form)}"> - <input type="button" name="IssuerAltName-delete" value="Delete" onClick="parent.deleteIssuerAltName(this.form)"> - </td><td> - <table><tr><td> - Name Type: </td></tr><tr><td> - <input type="radio" name="IssuerAltNameRadio" value="otherName" onClick="parent.setIssuerAltNameType(form)"> Other Name, - OID: <input type="text" name="IssuerAltNameOtherNameOID" size="6"> </td><td> - <input type="radio" name="IssuerAltNameRadio" value="rfc822Name" onClick="parent.setIssuerAltNameType(form)"> RFC 822 Name</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="dnsName" onClick="parent.setIssuerAltNameType(form)"> DNS Name </td><td> - <input type="radio" name="IssuerAltNameRadio" value="x400" onClick="parent.setIssuerAltNameType(form)"> X400 Address</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="directoryName" onClick="parent.setIssuerAltNameType(form)"> Directory Name</td><td> - <input type="radio" name="IssuerAltNameRadio" value="ediPartyName" onClick="parent.setIssuerAltNameType(form)"> EDI Party Name</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="URL" onClick="parent.setIssuerAltNameType(form)"> Uniform Resource Locator</td><td> - <input type="radio" name="IssuerAltNameRadio" value="ipAddress" onClick="parent.setIssuerAltNameType(form)"> IP Address</td></tr><td> - <input type="radio" name="IssuerAltNameRadio" value="regID" onClick="parent.setIssuerAltNameType(form)"> Registered ID</td><td></tr> - </table> - Name: <input type="text" name="IssuerAltNameText"> - Binary Encoded: <input type="checkbox" name="IssuerAltNameDataType" value="binary" onClick="parent.setIssuerAltNameType(form)"></p> - </tr> - </table> - </tr> - - <tr> - <td> - <b>Name Constraints:</b></p> - Activate extension: <input type="checkbox" name="NameConstraints"></P> - <td> - <table> - <tr> - <td> - Name Constraints:</p> - <select name="NameConstraintSelect" multiple size="10"> - </select></p></p> - <input type="button" name="NameConstraint-add" value="Add" onClick="{parent.addNameConstraint(this.form)}"> - <input type="button" name="NameConstraint-delete" value="Delete" onClick="parent.deleteNameConstraint(this.form)"> - </td><td> - <table><tr><td> - Name Type: </td></tr><tr><td> - <input type="radio" name="NameConstraintRadio" value="otherName" onClick="parent.setNameConstraintNameType(form)"> Other Name, - OID: <input type="text" name="NameConstraintOtherNameOID" size="6"> </td><td> - <input type="radio" name="NameConstraintRadio" value="rfc822Name" onClick="parent.setNameConstraintNameType(form)"> RFC 822 Name</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="dnsName" onClick="parent.setNameConstraintNameType(form)"> DNS Name </td><td> - <input type="radio" name="NameConstraintRadio" value="x400" onClick="parent.setNameConstraintNameType(form)"> X400 Address</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="directoryName" onClick="parent.setNameConstraintNameType(form)"> Directory Name</td><td> - <input type="radio" name="NameConstraintRadio" value="ediPartyName" onClick="parent.setNameConstraintNameType(form)"> EDI Party Name</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="URL" onClick="parent.setNameConstraintNameType(form)"> Uniform Resource Locator</td><td> - <input type="radio" name="NameConstraintRadio" value="ipAddress" onClick="parent.setNameConstraintNameType(form)"> IP Address</td></tr><td> - <input type="radio" name="NameConstraintRadio" value="regID" onClick="parent.setNameConstraintNameType(form)"> Registered ID</td><td></tr> - </table> - Name: <input type="text" name="NameConstraintText"> - Binary Encoded: <input type="checkbox" name="NameConstraintNameDataType" value="binary" onClick="parent.setNameConstraintNameType(form)"></p> - Constraint type:<p> - <dd><input type="radio" name="NameConstraintTypeRadio" value="permited"> permited<p> - <dd><input type="radio" name="NameConstraintTypeRadio" value="excluded"> excluded<p> - Minimum: <input type="text" name="NameConstraintMin" size="8" maxlength="8"></p> - Maximum: <input type="text" name="NameConstraintMax" size="8" maxlength="8"></p> - </tr> - </table> - </tr> - - </table> - </body> -</html> - - - - - - - - diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index 03f4478b7..20722ae78 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -1371,7 +1371,7 @@ luF(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "F")); if (ul == usage_all || !command || is_my_command) - FPS "%-15s Delete a key from the database\n", + FPS "%-15s Delete a key and associated certificate from the database\n", "-F"); if (ul == usage_selected && !is_my_command) return; diff --git a/security/nss/cmd/manifest.mn b/security/nss/cmd/manifest.mn index f5e6bc236..567c6bb9d 100644 --- a/security/nss/cmd/manifest.mn +++ b/security/nss/cmd/manifest.mn @@ -36,7 +36,6 @@ NSS_SRCDIRS = \ addbuiltin \ atob \ btoa \ - certcgi \ certutil \ chktest \ crlutil \ diff --git a/security/nss/cmd/signtool/sign.c b/security/nss/cmd/signtool/sign.c index 6e776069a..6f8e43946 100644 --- a/security/nss/cmd/signtool/sign.c +++ b/security/nss/cmd/signtool/sign.c @@ -43,6 +43,7 @@ SignArchive(char *tree, char *keyName, char *zip_file, int javascript, int status; char tempfn[FNSIZE], fullfn[FNSIZE]; int keyType = rsaKey; + int count; metafile = meta_file; optimize = _optimize; @@ -81,9 +82,18 @@ SignArchive(char *tree, char *keyName, char *zip_file, int javascript, } /* rsa/dsa to zip */ - sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" - : "rsa")); - sprintf(fullfn, "%s/%s", tree, tempfn); + count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa")); + if (count >= sizeof(tempfn)) { + PR_fprintf(errorFD, "unable to write key metadata\n"); + errorCount++; + exit(ERRX); + } + count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); + if (count >= sizeof(fullfn)) { + PR_fprintf(errorFD, "unable to write key metadata\n"); + errorCount++; + exit(ERRX); + } JzipAdd(fullfn, tempfn, zipfile, compression_level); /* Loop through all files & subdirectories, add to archive */ @@ -93,20 +103,44 @@ SignArchive(char *tree, char *keyName, char *zip_file, int javascript, } /* mf to zip */ strcpy(tempfn, "META-INF/manifest.mf"); - sprintf(fullfn, "%s/%s", tree, tempfn); + count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); + if (count >= sizeof(fullfn)) { + PR_fprintf(errorFD, "unable to write manifest\n"); + errorCount++; + exit(ERRX); + } JzipAdd(fullfn, tempfn, zipfile, compression_level); /* sf to zip */ - sprintf(tempfn, "META-INF/%s.sf", base); - sprintf(fullfn, "%s/%s", tree, tempfn); + count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.sf", base); + if (count >= sizeof(tempfn)) { + PR_fprintf(errorFD, "unable to write sf metadata\n"); + errorCount++; + exit(ERRX); + } + count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); + if (count >= sizeof(fullfn)) { + PR_fprintf(errorFD, "unable to write sf metadata\n"); + errorCount++; + exit(ERRX); + } JzipAdd(fullfn, tempfn, zipfile, compression_level); /* Add the rsa/dsa file to the zip archive normally */ if (!xpi_arc) { /* rsa/dsa to zip */ - sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" - : "rsa")); - sprintf(fullfn, "%s/%s", tree, tempfn); + count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa")); + if (count >= sizeof(tempfn)) { + PR_fprintf(errorFD, "unable to write key metadata\n"); + errorCount++; + exit(ERRX); + } + count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); + if (count >= sizeof(fullfn)) { + PR_fprintf(errorFD, "unable to write key metadata\n"); + errorCount++; + exit(ERRX); + } JzipAdd(fullfn, tempfn, zipfile, compression_level); } @@ -408,6 +442,7 @@ static int manifesto_xpi_fn(char *relpath, char *basedir, char *reldir, char *filename, void *arg) { char fullname[FNSIZE]; + int count; if (verbosity >= 0) { PR_fprintf(outputFD, "--> %s\n", relpath); @@ -421,7 +456,10 @@ manifesto_xpi_fn(char *relpath, char *basedir, char *reldir, char *filename, voi if (!PL_HashTableLookup(extensions, ext)) return 0; } - sprintf(fullname, "%s/%s", basedir, relpath); + count = snprintf(fullname, sizeof(fullname), "%s/%s", basedir, relpath); + if (count >= sizeof(fullname)) { + return 1; + } JzipAdd(fullname, relpath, zipfile, compression_level); return 0; |