tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

p7content.c (7408B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 /*
      6 * p7content -- A command to display pkcs7 content.
      7 */
      8 
      9 #include "nspr.h"
     10 #include "secutil.h"
     11 #include "plgetopt.h"
     12 #include "secpkcs7.h"
     13 #include "cert.h"
     14 #include "certdb.h"
     15 #include "nss.h"
     16 #include "pk11pub.h"
     17 
     18 #if defined(XP_UNIX)
     19 #include <unistd.h>
     20 #endif
     21 
     22 #include <stdio.h>
     23 #include <string.h>
     24 
     25 #if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4))
     26 extern int fwrite(char *, size_t, size_t, FILE *);
     27 extern int fprintf(FILE *, char *, ...);
     28 #endif
     29 
     30 static void
     31 Usage(char *progName)
     32 {
     33    fprintf(stderr,
     34            "Usage:  %s [-d dbdir] [-i input] [-o output]\n",
     35            progName);
     36    fprintf(stderr,
     37            "%-20s Key/Cert database directory (default is ~/.netscape)\n",
     38            "-d dbdir");
     39    fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
     40            "-i input");
     41    fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
     42            "-o output");
     43    exit(-1);
     44 }
     45 
     46 static PRBool saw_content;
     47 static secuPWData pwdata = { PW_NONE, 0 };
     48 
     49 static void
     50 PrintBytes(void *arg, const char *buf, unsigned long len)
     51 {
     52    FILE *out;
     53 
     54    out = arg;
     55    fwrite(buf, len, 1, out);
     56 
     57    saw_content = PR_TRUE;
     58 }
     59 
     60 /*
     61 * XXX Someday we may want to do real policy stuff here.  This allows
     62 * anything to be decrypted, which is okay for a test program but does
     63 * not set an example of how a real client with a real policy would
     64 * need to do it.
     65 */
     66 static PRBool
     67 decryption_allowed(SECAlgorithmID *algid, PK11SymKey *key)
     68 {
     69    return PR_TRUE;
     70 }
     71 
     72 int
     73 DecodeAndPrintFile(FILE *out, PRFileDesc *in, char *progName)
     74 {
     75    SECItem derdata;
     76    SEC_PKCS7ContentInfo *cinfo = NULL;
     77    SEC_PKCS7DecoderContext *dcx;
     78 
     79    if (SECU_ReadDERFromFile(&derdata, in, PR_FALSE, PR_FALSE)) {
     80        SECU_PrintError(progName, "error converting der");
     81        return -1;
     82    }
     83 
     84    fprintf(out,
     85            "Content printed between bars (newline added before second bar):");
     86    fprintf(out, "\n---------------------------------------------\n");
     87 
     88    saw_content = PR_FALSE;
     89    dcx = SEC_PKCS7DecoderStart(PrintBytes, out, NULL, &pwdata,
     90                                NULL, NULL, decryption_allowed);
     91    if (dcx != NULL) {
     92 #if 0 /* Test that decoder works when data is really streaming in. */
     93    {
     94        unsigned long i;
     95        for (i = 0; i < derdata.len; i++)
     96        SEC_PKCS7DecoderUpdate(dcx, derdata.data + i, 1);
     97    }
     98 #else
     99        SEC_PKCS7DecoderUpdate(dcx, (char *)derdata.data, derdata.len);
    100 #endif
    101        cinfo = SEC_PKCS7DecoderFinish(dcx);
    102    }
    103 
    104    fprintf(out, "\n---------------------------------------------\n");
    105 
    106    if (cinfo == NULL)
    107        return -1;
    108 
    109    fprintf(out, "Content was%s encrypted.\n",
    110            SEC_PKCS7ContentIsEncrypted(cinfo) ? "" : " not");
    111 
    112    if (SEC_PKCS7ContentIsSigned(cinfo)) {
    113        char *signer_cname, *signer_ename;
    114        SECItem *signing_time;
    115 
    116        if (saw_content) {
    117            fprintf(out, "Signature is ");
    118            PORT_SetError(0);
    119            if (SEC_PKCS7VerifySignature(cinfo, certUsageEmailSigner, PR_FALSE))
    120                fprintf(out, "valid.\n");
    121            else
    122                fprintf(out, "invalid (Reason: %s).\n",
    123                        SECU_Strerror(PORT_GetError()));
    124        } else {
    125            fprintf(out,
    126                    "Content is detached; signature cannot be verified.\n");
    127        }
    128 
    129        signer_cname = SEC_PKCS7GetSignerCommonName(cinfo);
    130        if (signer_cname != NULL) {
    131            fprintf(out, "The signer's common name is %s\n", signer_cname);
    132            PORT_Free(signer_cname);
    133        } else {
    134            fprintf(out, "No signer common name.\n");
    135        }
    136 
    137        signer_ename = SEC_PKCS7GetSignerEmailAddress(cinfo);
    138        if (signer_ename != NULL) {
    139            fprintf(out, "The signer's email address is %s\n", signer_ename);
    140            PORT_Free(signer_ename);
    141        } else {
    142            fprintf(out, "No signer email address.\n");
    143        }
    144 
    145        signing_time = SEC_PKCS7GetSigningTime(cinfo);
    146        if (signing_time != NULL) {
    147            SECU_PrintTimeChoice(out, signing_time, "Signing time", 0);
    148        } else {
    149            fprintf(out, "No signing time included.\n");
    150        }
    151    } else {
    152        fprintf(out, "Content was not signed.\n");
    153    }
    154 
    155    fprintf(out, "There were%s certs or crls included.\n",
    156            SEC_PKCS7ContainsCertsOrCrls(cinfo) ? "" : " no");
    157 
    158    SECITEM_FreeItem(&derdata, PR_FALSE);
    159    SEC_PKCS7DestroyContentInfo(cinfo);
    160    return 0;
    161 }
    162 
    163 /*
    164 * Print the contents of a PKCS7 message, indicating signatures, etc.
    165 */
    166 
    167 int
    168 main(int argc, char **argv)
    169 {
    170    char *progName;
    171    FILE *outFile;
    172    PRFileDesc *inFile;
    173    PLOptState *optstate;
    174    PLOptStatus status;
    175    SECStatus rv;
    176    int error = 0;
    177 
    178    progName = strrchr(argv[0], '/');
    179    progName = progName ? progName + 1 : argv[0];
    180 
    181    inFile = NULL;
    182    outFile = NULL;
    183 
    184    /*
    185     * Parse command line arguments
    186     */
    187    optstate = PL_CreateOptState(argc, argv, "d:i:o:p:f:");
    188    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
    189        switch (optstate->option) {
    190            case 'd':
    191                SECU_ConfigDirectory(optstate->value);
    192                break;
    193 
    194            case 'i':
    195                inFile = PR_Open(optstate->value, PR_RDONLY, 0);
    196                if (!inFile) {
    197                    fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
    198                            progName, optstate->value);
    199                    error = -1;
    200                    goto done;
    201                }
    202                break;
    203 
    204            case 'o':
    205                outFile = fopen(optstate->value, "w");
    206                if (!outFile) {
    207                    fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
    208                            progName, optstate->value);
    209                    error = -1;
    210                    goto done;
    211                }
    212                break;
    213 
    214            case 'p':
    215                pwdata.source = PW_PLAINTEXT;
    216                pwdata.data = PORT_Strdup(optstate->value);
    217                break;
    218 
    219            case 'f':
    220                pwdata.source = PW_FROMFILE;
    221                pwdata.data = PORT_Strdup(optstate->value);
    222                break;
    223 
    224            default:
    225                Usage(progName);
    226                break;
    227        }
    228    }
    229    PL_DestroyOptState(optstate);
    230 
    231    if (status == PL_OPT_BAD)
    232        Usage(progName);
    233 
    234    if (!inFile)
    235        inFile = PR_STDIN;
    236    if (!outFile)
    237        outFile = stdout;
    238 
    239    /* Call the initialization routines */
    240    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
    241    rv = NSS_Init(SECU_ConfigDirectory(NULL));
    242    if (rv != SECSuccess) {
    243        SECU_PrintPRandOSError(progName);
    244        error = -1;
    245        goto done;
    246    }
    247 
    248    PK11_SetPasswordFunc(SECU_GetModulePassword);
    249 
    250    if (DecodeAndPrintFile(outFile, inFile, progName)) {
    251        SECU_PrintError(progName, "problem decoding data");
    252        error = -1;
    253        goto done;
    254    }
    255 
    256 done:
    257    if (inFile && inFile != PR_STDIN) {
    258        PR_Close(inFile);
    259    }
    260    if (outFile && outFile != stdout) {
    261        fclose(outFile);
    262    }
    263 
    264    if (NSS_Shutdown() != SECSuccess) {
    265        error = -1;
    266    }
    267 
    268    return error;
    269 }