2 * rootUtils.cpp - utility routines for rootStoreTool
10 #include <Security/SecCertificatePriv.h>
11 #include <Security/SecBasePriv.h>
12 #include <Security/SecTrustSettings.h>
13 #include <Security/TrustSettingsSchema.h> /* private header */
14 #include <Security/SecAsn1Coder.h>
15 #include <Security/nameTemplates.h> /* oh frabjous day */
17 #include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
19 static int indentSize
= 0;
20 void indentIncr(void) { indentSize
+= 3; }
21 void indentDecr(void) { indentSize
-= 3; }
26 printf("***indent screwup\n");
29 for (int dex
=0; dex
<indentSize
; dex
++) {
39 bool doEllipsis
= false;
44 for(unsigned dex
=0; dex
<len
; dex
++) {
46 if(isalnum(c
) || (c
== ' ')) {
60 const unsigned char *buf
,
64 bool doEllipsis
= false;
69 for(unsigned dex
=0; dex
<len
; dex
++) {
70 printf("%02X ", *buf
++);
82 char outstr
[OID_PARSER_STRING_SIZE
];
83 parser
.oidParse((const unsigned char *)buf
, len
, outstr
);
90 PrintDataType whichType
,
93 const unsigned char *buf
= CFDataGetBytePtr(data
);
94 unsigned len
= CFDataGetLength(data
);
96 printf("%s: ", label
);
99 printHex(buf
, len
, 16);
102 printAscii((const char *)buf
, len
, 50);
105 printOid(buf
, len
, parser
);
110 /* print the contents of a CFString */
114 CFDataRef strData
= CFStringCreateExternalRepresentation(NULL
, cfstr
,
115 kCFStringEncodingUTF8
, true);
116 if(strData
== NULL
) {
117 printf("<<string decode error>>");
120 const char *cp
= (const char *)CFDataGetBytePtr(strData
);
121 CFIndex len
= CFDataGetLength(strData
);
122 for(CFIndex dex
=0; dex
<len
; dex
++) {
128 /* print a CFDateRef */
129 static const char *months
[12] = {
130 "Jan", "Feb", "Mar", "Apr", "May", "Jun",
131 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
137 CFAbsoluteTime absTime
= CFDateGetAbsoluteTime(dateRef
);
139 printf("<<Malformed CFDateeRef>>\n");
142 CFGregorianDate gregDate
= CFAbsoluteTimeGetGregorianDate(absTime
, NULL
);
143 const char *month
= "Unknown";
144 if((gregDate
.month
> 12) || (gregDate
.month
<= 0)) {
145 printf("Huh? GregDate.month > 11. These amps only GO to 11.\n");
148 month
= months
[gregDate
.month
- 1];
150 printf("%s %d, %ld %02d:%02d",
151 month
, gregDate
.day
, gregDate
.year
, gregDate
.hour
, gregDate
.minute
);
154 /* print a CFNumber */
159 if(!CFNumberGetValue(cfNum
, kCFNumberSInt32Type
, &s
)) {
160 printf("***CFNumber overflow***");
166 /* print a CFNumber as a SecTrustSettingsResult */
171 if(!CFNumberGetValue(cfNum
, kCFNumberSInt32Type
, &n
)) {
172 printf("***CFNumber overflow***");
178 case kSecTrustSettingsResultInvalid
: s
= "kSecTrustSettingsResultInvalid"; break;
179 case kSecTrustSettingsResultTrustRoot
: s
= "kSecTrustSettingsResultTrustRoot"; break;
180 case kSecTrustSettingsResultTrustAsRoot
: s
= "kSecTrustSettingsResultTrustAsRoot"; break;
181 case kSecTrustSettingsResultDeny
: s
= "kSecTrustSettingsResultDeny"; break;
182 case kSecTrustSettingsResultUnspecified
: s
= "kSecTrustSettingsResultUnspecified"; break;
184 sprintf(bogus
, "Unknown SecTrustSettingsResult (%ld)", n
);
191 /* print a CFNumber as SecTrustSettingsKeyUsage */
196 if(!CFNumberGetValue(cfNum
, kCFNumberSInt32Type
, &s
)) {
197 printf("***CFNumber overflow***");
200 uint32 n
= (uint32
)s
;
201 if(n
== kSecTrustSettingsKeyUseAny
) {
210 if(n
& kSecTrustSettingsKeyUseSignature
) {
211 printf("Signature ");
213 if(n
& kSecTrustSettingsKeyUseEnDecryptData
) {
214 printf("EnDecryptData ");
216 if(n
& kSecTrustSettingsKeyUseEnDecryptKey
) {
217 printf("EnDecryptKey ");
219 if(n
& kSecTrustSettingsKeyUseSignCert
) {
222 if(n
& kSecTrustSettingsKeyUseSignRevocation
) {
223 printf("SignRevocation ");
225 if(n
& kSecTrustSettingsKeyUseKeyExchange
) {
226 printf("KeyExchange ");
231 /* print a CFNumber as CSSM_RETURN string */
236 if(!CFNumberGetValue(cfNum
, kCFNumberSInt32Type
, &s
)) {
237 printf("***CFNumber overflow***");
240 printf("%s", cssmErrorString((CSSM_RETURN
)s
));
243 /* print cert's label (the one SecCertificate infers) */
244 OSStatus
printCertLabel(
245 SecCertificateRef certRef
)
250 ortn
= SecCertificateInferLabel(certRef
, &label
);
252 cssmPerror("SecCertificateInferLabel", ortn
);
261 * How many items in a NULL-terminated array of pointers?
263 static unsigned nssArraySize(
275 static int compareOids(
276 const CSSM_OID
*data1
,
277 const CSSM_OID
*data2
)
279 if((data1
== NULL
) || (data1
->Data
== NULL
) ||
280 (data2
== NULL
) || (data2
->Data
== NULL
) ||
281 (data1
->Length
!= data2
->Length
)) {
284 if(data1
->Length
!= data2
->Length
) {
287 return memcmp(data1
->Data
, data2
->Data
, data1
->Length
) == 0;
290 static void printRdn(const NSS_RDN
*rdn
, OidParser
&parser
)
292 unsigned numAtvs
= nssArraySize((const void **)rdn
->atvs
);
295 for(unsigned dex
=0; dex
<numAtvs
; dex
++) {
296 const NSS_ATV
*atv
= rdn
->atvs
[dex
];
297 if(compareOids(&atv
->type
, &CSSMOID_CountryName
)) {
298 fieldName
= "Country ";
300 else if(compareOids(&atv
->type
, &CSSMOID_OrganizationName
)) {
303 else if(compareOids(&atv
->type
, &CSSMOID_LocalityName
)) {
304 fieldName
= "Locality ";
306 else if(compareOids(&atv
->type
, &CSSMOID_OrganizationalUnitName
)) {
307 fieldName
= "OrgUnit ";
309 else if(compareOids(&atv
->type
, &CSSMOID_CommonName
)) {
310 fieldName
= "Common Name ";
312 else if(compareOids(&atv
->type
, &CSSMOID_Surname
)) {
313 fieldName
= "Surname ";
315 else if(compareOids(&atv
->type
, &CSSMOID_Title
)) {
316 fieldName
= "Title ";
318 else if(compareOids(&atv
->type
, &CSSMOID_Surname
)) {
319 fieldName
= "Surname ";
321 else if(compareOids(&atv
->type
, &CSSMOID_StateProvinceName
)) {
322 fieldName
= "State ";
324 else if(compareOids(&atv
->type
, &CSSMOID_CollectiveStateProvinceName
)) {
325 fieldName
= "Coll. State ";
327 else if(compareOids(&atv
->type
, &CSSMOID_EmailAddress
)) {
328 /* deprecated, used by Thawte */
329 fieldName
= "Email addrs ";
332 fieldName
= "Other name ";
334 indent(); printf("%s : ", fieldName
);
335 /* Not strictly true here, but we'll just assume we can print everything */
336 printAscii((char *)atv
->value
.item
.Data
, atv
->value
.item
.Length
,
337 atv
->value
.item
.Length
);
342 /* print a CFData as an X509 Name (i.e., subject or issuer) */
347 SecAsn1CoderRef coder
= NULL
;
350 ortn
= SecAsn1CoderCreate(&coder
);
352 cssmPerror("SecAsn1CoderCreate", ortn
);
355 /* subsequent errors to errOut: */
357 NSS_Name nssName
= {NULL
};
360 ortn
= SecAsn1Decode(coder
,
361 CFDataGetBytePtr(nameData
), CFDataGetLength(nameData
),
362 kSecAsn1NameTemplate
,
365 printf("***Error decoding NSS_Name\n");
368 numRdns
= nssArraySize((const void **)nssName
.rdns
);
369 for(unsigned dex
=0; dex
<numRdns
; dex
++) {
370 printRdn(nssName
.rdns
[dex
], parser
);
375 SecAsn1CoderRelease(coder
);