--- /dev/null
+/*
+ * dotMacTool.cpp - .mac TP exerciser
+ */
+
+#include <Security/Security.h>
+#include <Security/SecKeyPriv.h>
+#include <security_cdsa_utils/cuCdsaUtils.h>
+#include <security_cdsa_utils/cuFileIo.h>
+#include <security_cdsa_utils/cuPem.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+//#include <security_dotmac_tp/dotMacTp.h>
+#include <dotMacTp.h>
+#include <security_cdsa_utils/cuPrintCert.h>
+
+#include "keyPicker.h"
+#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
+
+#define USER_DEFAULT "dmitchtest@mac.com"
+#define PWD_DEF "123456"
+
+static void usage(char **argv)
+{
+ printf("usage: %s op [options]\n", argv[0]);
+ printf("Op:\n");
+ printf(" g generate identity cert\n");
+ printf(" G generate email signing cert\n");
+ printf(" e generate email encrypting cert\n");
+ printf(" l lookup cert (requires -f)\n");
+ printf(" L lookup identity cert (via -u)\n");
+ printf(" M lookup email signing cert (via -u)\n");
+ printf(" N lookup encrypting cert (via -u)\n");
+ printf("Options:\n");
+ printf(" -g Generate keypair\n");
+ printf(" -p pick key pair from existing\n");
+ printf(" -u username Default = %s\n", USER_DEFAULT);
+ printf(" -Z password Specify password immediately\n");
+ printf(" -z Use default password %s\n", PWD_DEF);
+ printf(" -k keychain Source/destination of keys and certs\n");
+ printf(" -c filename Write CSR to filename\n");
+ printf(" -C filename Use existing CSR (no keygen)\n");
+ printf(" -f refIdFile RefId file for cert lookup\n");
+ printf(" -n Do NOT post the CSR to the .mac server\n");
+ printf(" -H hostname Alternate .mac server host name (default %s)\n",
+ DOT_MAC_SIGN_HOST_NAME);
+ printf(" -o outFile Write output cert or refId (if any) to outFile\n");
+ printf(" -r Renew (default is new)\n");
+ printf(" -M Pause for MallocDebug\n");
+ printf(" -q Quiet\n");
+ printf(" -v Verbose\n");
+ printf(" -h Usage\n");
+ exit(1);
+}
+
+static CSSM_VERSION vers = {2, 0};
+
+static CSSM_API_MEMORY_FUNCS memFuncs = {
+ cuAppMalloc,
+ cuAppFree,
+ cuAppRealloc,
+ cuAppCalloc,
+ NULL
+ };
+
+static CSSM_TP_HANDLE dotMacStartup()
+{
+ CSSM_TP_HANDLE tpHand;
+ CSSM_RETURN crtn;
+
+ if(cuCssmStartup() == CSSM_FALSE) {
+ return 0;
+ }
+ crtn = CSSM_ModuleLoad(&gGuidAppleDotMacTP,
+ CSSM_KEY_HIERARCHY_NONE,
+ NULL, // eventHandler
+ NULL); // AppNotifyCallbackCtx
+ if(crtn) {
+ cuPrintError("CSSM_ModuleLoad(DotMacTP)", crtn);
+ return 0;
+ }
+ crtn = CSSM_ModuleAttach (&gGuidAppleDotMacTP,
+ &vers,
+ &memFuncs, // memFuncs
+ 0, // SubserviceID
+ CSSM_SERVICE_TP, // SubserviceFlags
+ 0, // AttachFlags
+ CSSM_KEY_HIERARCHY_NONE,
+ NULL, // FunctionTable
+ 0, // NumFuncTable
+ NULL, // reserved
+ &tpHand);
+ if(crtn) {
+ cuPrintError("CSSM_ModuleAttach(DotMacTP)", crtn);
+ return 0;
+ }
+ else {
+ return tpHand;
+ }
+}
+
+/* print text, safely */
+static void snDumpText(
+ const unsigned char *rcvBuf,
+ unsigned len)
+{
+ char *cp = (char *)rcvBuf;
+ unsigned i;
+ char c;
+
+ for(i=0; i<len; i++) {
+ c = *cp++;
+ if(c == '\0') {
+ break;
+ }
+ switch(c) {
+ case '\n':
+ printf("\\n\n"); // graphic and liternal newline
+ break;
+ case '\r':
+ printf("\\r\n");
+ break;
+ default:
+ if(isprint(c) && (c != '\n')) {
+ printf("%c", c);
+ }
+ else {
+ printf("<%02X>", ((unsigned)c) & 0xff);
+ }
+ break;
+ }
+
+ }
+}
+
+static OSStatus genKeyPair(
+ SecKeychainRef kcRef, // NULL means the default list
+ SecKeyRef *pubKey, // RETURNED
+ SecKeyRef *privKey) // RETURNED
+{
+ OSStatus ortn;
+
+ ortn = SecKeyCreatePair(kcRef,
+ DOT_MAC_KEY_ALG,
+ DOT_MAC_KEY_SIZE,
+ 0, // context handle
+ /* public key usage and attrs */
+ CSSM_KEYUSE_ANY,
+ CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_EXTRACTABLE,
+ /* private key usage and attrs */
+ CSSM_KEYUSE_ANY,
+ CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_EXTRACTABLE |
+ CSSM_KEYATTR_SENSITIVE,
+ NULL, // initial access
+ pubKey,
+ privKey);
+ if(ortn) {
+ cssmPerror("SecKeyCreatePair", ortn);
+ }
+ return ortn;
+}
+
+/* Lookup via ReferenceID, obtained from CSSM_TP_SubmitCredRequest() */
+OSStatus doLookupViaRefId(
+ CSSM_TP_HANDLE tpHand,
+ unsigned char *refId,
+ unsigned refIdLen,
+ char *outFile,
+ bool verbose)
+{
+ CSSM_DATA refIdData = { refIdLen, refId };
+ sint32 EstimatedTime;
+ CSSM_BOOL ConfirmationRequired;
+ CSSM_TP_RESULT_SET_PTR resultSet = NULL;
+ CSSM_RETURN crtn;
+
+ crtn = CSSM_TP_RetrieveCredResult(tpHand, &refIdData, NULL,
+ &EstimatedTime, &ConfirmationRequired, &resultSet);
+ if(crtn) {
+ cssmPerror("CSSM_TP_RetrieveCredResult", crtn);
+ return crtn;
+ }
+ if(resultSet == NULL) {
+ printf("***CSSM_TP_RetrieveCredResult OK, but no result set\n");
+ return -1;
+ }
+ if(resultSet->NumberOfResults != 1) {
+ printf("***CSSM_TP_RetrieveCredResult OK, NumberOfResults (%u)\n",
+ (unsigned)resultSet->NumberOfResults);
+ return -1;
+ }
+ if(resultSet->Results == NULL) {
+ printf("***CSSM_TP_RetrieveCredResult OK, but empty result set\n");
+ return -1;
+ }
+ CSSM_DATA_PTR certData = (CSSM_DATA_PTR)resultSet->Results;
+
+ printf("...cert retrieval complete\n");
+ if(outFile) {
+ if(!writeFile(outFile, certData->Data, certData->Length)) {
+ printf("...%lu bytes of cert data written to %s\n",
+ certData->Length, outFile);
+ }
+ else {
+ printf("***Error writing cert to %s\n", outFile);
+ crtn = ioErr;
+ }
+ }
+ else if(verbose) {
+ unsigned char *der;
+ unsigned derLen;
+ if(pemDecode(certData->Data, certData->Length, &der, &derLen)) {
+ printf("***Error PEM decoding returned cert\n");
+ }
+ else {
+ printCert(der, derLen, CSSM_FALSE);
+ free(der);
+ }
+ }
+ return noErr;
+}
+
+/*
+* Lookup via user name, a greatly simplified form of CSSM_TP_SubmitCredRequest()
+*/
+OSStatus doLookupViaUserName(
+ CSSM_TP_HANDLE tpHand,
+ const CSSM_OID *opOid,
+ const char *userName,
+ const char *hostName, // optional
+ char *outFile,
+ bool verbose)
+{
+ CSSM_APPLE_DOTMAC_TP_CERT_REQUEST certReq;
+ CSSM_TP_AUTHORITY_ID tpAuthority;
+ CSSM_TP_AUTHORITY_ID *tpAuthPtr = NULL;
+ CSSM_NET_ADDRESS tpNetAddrs;
+ CSSM_TP_REQUEST_SET reqSet;
+ CSSM_FIELD policyField;
+ CSSM_DATA certData = {0, NULL};
+ sint32 estTime;
+ CSSM_TP_CALLERAUTH_CONTEXT callerAuth;
+
+ memset(&certReq, 0, sizeof(certReq));
+ certReq.userName.Data = (uint8 *)userName;
+ certReq.userName.Length = strlen(userName);
+ if(hostName != NULL) {
+ tpAuthority.AuthorityCert = NULL;
+ tpAuthority.AuthorityLocation = &tpNetAddrs;
+ tpNetAddrs.AddressType = CSSM_ADDR_NAME;
+ tpNetAddrs.Address.Data = (uint8 *)hostName;
+ tpNetAddrs.Address.Length = strlen(hostName);
+ tpAuthPtr = &tpAuthority;
+ };
+
+ certReq.version = CSSM_DOT_MAC_TP_REQ_VERSION;
+ reqSet.NumberOfRequests = 1;
+ reqSet.Requests = &certReq;
+ policyField.FieldOid = *opOid;
+ policyField.FieldValue.Data = NULL;
+ policyField.FieldValue.Length = 0;
+ memset(&callerAuth, 0, sizeof(callerAuth));
+ callerAuth.Policy.NumberOfPolicyIds = 1;
+ callerAuth.Policy.PolicyIds = &policyField;
+
+ CSSM_RETURN crtn = CSSM_TP_SubmitCredRequest (tpHand,
+ tpAuthPtr,
+ CSSM_TP_AUTHORITY_REQUEST_CERTLOOKUP,
+ &reqSet, // const CSSM_TP_REQUEST_SET *RequestInput,
+ &callerAuth,
+ &estTime, // sint32 *EstimatedTime,
+ &certData); // CSSM_DATA_PTR ReferenceIdentifier
+
+ if(crtn) {
+ cssmPerror("CSSM_TP_SubmitCredRequest(lookup)", crtn);
+ return crtn;
+ }
+
+ printf("...cert lookup complete\n");
+ if(outFile) {
+ if(!writeFile(outFile, certData.Data, certData.Length)) {
+ printf("...%lu bytes of cert data written to %s\n",
+ certData.Length, outFile);
+ }
+ else {
+ printf("***Error writing cert to %s\n", outFile);
+ crtn = ioErr;
+ }
+ }
+ if(verbose) {
+ /* This one returns the cert in DER format, we might revisit that */
+ printCert(certData.Data, certData.Length, CSSM_FALSE);
+ }
+ return crtn;
+}
+
+#define FULL_EMAIL_ADDRESS 1
+
+int main(int argc, char **argv)
+{
+ CSSM_RETURN crtn;
+ CSSM_TP_AUTHORITY_ID tpAuthority;
+ CSSM_TP_AUTHORITY_ID *tpAuthPtr = NULL;
+ CSSM_NET_ADDRESS tpNetAddrs;
+ CSSM_APPLE_DOTMAC_TP_CERT_REQUEST certReq;
+ CSSM_TP_REQUEST_SET reqSet;
+ CSSM_CSP_HANDLE cspHand = 0;
+ CSSM_X509_TYPE_VALUE_PAIR tvp;
+ char pwdBuf[1000];
+ CSSM_TP_CALLERAUTH_CONTEXT callerAuth;
+ sint32 estTime;
+ CSSM_DATA refId = {0, NULL};
+ OSStatus ortn;
+ SecKeyRef pubKeyRef = NULL;
+ SecKeyRef privKeyRef = NULL;
+ const CSSM_KEY *privKey = NULL;
+ const CSSM_KEY *pubKey = NULL;
+ SecKeychainRef kcRef = NULL;
+ CSSM_FIELD policyField;
+
+ /* user-spec'd variables */
+ bool genKeys = false;
+ bool pickKeys = false;
+ char *keychainName = NULL;
+ char *csrOutName = NULL;
+ char *csrInName = NULL;
+ const char *userName = USER_DEFAULT;
+ char *password = NULL;
+ char *hostName = NULL;
+ bool doNotPost = false;
+ bool doRenew = false;
+ const CSSM_OID *opOid = NULL;
+ char *outFile = NULL;
+ bool quiet = false;
+ bool verbose = false;
+ bool lookupViaRefId = false;
+ bool lookupViaUserName = false;
+ char *refIdFile = NULL;
+ bool doPause = false;
+
+ if(argc < 2) {
+ usage(argv);
+ }
+ switch(argv[1][0]) {
+ case 'L':
+ lookupViaUserName = true;
+ /* drop thru */
+ case 'g':
+ opOid = &CSSMOID_DOTMAC_CERT_REQ_IDENTITY;
+ break;
+
+ case 'M':
+ lookupViaUserName = true;
+ /* drop thru */
+ case 'G':
+ opOid = &CSSMOID_DOTMAC_CERT_REQ_EMAIL_SIGN;
+ break;
+
+ case 'N':
+ lookupViaUserName = true;
+ /* drop thru */
+ case 'e':
+ opOid = &CSSMOID_DOTMAC_CERT_REQ_EMAIL_ENCRYPT;
+ break;
+
+ case 'l':
+ lookupViaRefId = true;
+ break;
+ default:
+ usage(argv);
+ }
+
+ extern char *optarg;
+ extern int optind;
+ optind = 2;
+ int arg;
+ while ((arg = getopt(argc, argv, "gpk:c:u:Z:H:nzrC:o:hf:Mqv")) != -1) {
+ switch (arg) {
+ case 'g':
+ genKeys = true;
+ break;
+ case 'p':
+ pickKeys = true;
+ break;
+ case 'u':
+ userName = optarg;
+ break;
+ case 'Z':
+ password = optarg;
+ break;
+ case 'z':
+ password = (char *)PWD_DEF;
+ break;
+ case 'k':
+ keychainName = optarg;
+ break;
+ case 'c':
+ csrOutName = optarg;
+ break;
+ case 'C':
+ csrInName = optarg;
+ break;
+ case 'H':
+ hostName = optarg;
+ break;
+ case 'n':
+ doNotPost = true;
+ break;
+ case 'r':
+ doRenew = true;
+ break;
+ case 'o':
+ outFile = optarg;
+ break;
+ case 'f':
+ refIdFile = optarg;
+ break;
+ case 'M':
+ doPause = true;
+ break;
+ case 'v':
+ verbose = true;
+ break;
+ case 'q':
+ quiet = true;
+ break;
+ case 'h':
+ usage(argv);
+ }
+ }
+
+ if(doPause) {
+ fpurge(stdin);
+ printf("Pausing for MallocDebug attach; CR to continue: ");
+ getchar();
+ }
+
+ CSSM_TP_HANDLE tpHand = dotMacStartup();
+ if(tpHand == 0) {
+ printf("Error attaching to the .mac TP. Check your MDS file.\n");
+ exit(1);
+ }
+
+ if(lookupViaRefId) {
+ if(refIdFile == NULL) {
+ printf("I need a refIdFile to do a lookup.\n");
+ usage(argv);
+ }
+ unsigned char *refId;
+ unsigned refIdLen;
+ int irtn = readFile(refIdFile, &refId, &refIdLen);
+ if(irtn) {
+ printf("***Error reading refId from %s. Aborting.\n", refIdFile);
+ exit(1);
+ }
+ ortn = doLookupViaRefId(tpHand, refId, refIdLen, outFile, verbose);
+ free(refId);
+ goto done;
+ }
+ if(lookupViaUserName) {
+ ortn = doLookupViaUserName(tpHand, opOid, userName, hostName, outFile, verbose);
+ goto done;
+ }
+ if(!pickKeys && !genKeys && (csrInName == NULL)) {
+ printf("***You must specify either the -p (pick keys) or -g (generate keys)"
+ " arguments, or provide a CSR (-C).\n");
+ exit(1);
+ }
+
+ memset(&certReq, 0, sizeof(certReq));
+
+ /* all of the subsequest argument are superfluous for lookupViaUserName, except for
+ * the user name itself, which has a default */
+ if(keychainName != NULL) {
+ /* pick a keychain (optional) */
+ ortn = SecKeychainOpen(keychainName, &kcRef);
+ if(ortn) {
+ cssmPerror("SecKeychainOpen", ortn);
+ exit(1);
+ }
+
+ /* make sure it's there since a successful SecKeychainOpen proves nothing */
+ SecKeychainStatus kcStat;
+ ortn = SecKeychainGetStatus(kcRef, &kcStat);
+ if(ortn) {
+ cssmPerror("SecKeychainGetStatus", ortn);
+ goto done;
+ }
+ }
+
+ if(password == NULL) {
+ const char *pwdp = getpass("Enter .mac password: ");
+ if(pwdp == NULL) {
+ printf("Aboerting.\n");
+ ortn = paramErr;
+ goto done;
+ }
+ memmove(pwdBuf, pwdp, strlen(pwdp) + 1);
+ password = pwdBuf;
+ }
+ certReq.password.Data = (uint8 *)password;
+ certReq.password.Length = strlen(password);
+ certReq.userName.Data = (uint8 *)userName;
+ certReq.userName.Length = strlen(userName);
+
+ if(csrInName) {
+ unsigned len;
+ if(readFile(csrInName, &certReq.csr.Data, &len)) {
+ printf("***Error reading CSR from %s. Aborting.\n", csrInName);
+ exit(1);
+ }
+ certReq.csr.Length = len;
+ certReq.flags |= CSSM_DOTMAC_TP_EXIST_CSR;
+ }
+ else {
+ /*
+ * All the stuff the TP needs to actually generate a CSR.
+ *
+ * Get a key pair, somehow.
+ */
+ if(genKeys) {
+ ortn = genKeyPair(kcRef, &pubKeyRef, &privKeyRef);
+ }
+ else {
+ ortn = keyPicker(kcRef, &pubKeyRef, &privKeyRef);
+ }
+ if(ortn) {
+ printf("Can't proceed without a keypair. Aborting.\n");
+ exit(1);
+ }
+ ortn = SecKeyGetCSSMKey(pubKeyRef, &pubKey);
+ if(ortn) {
+ cssmPerror("SecKeyGetCSSMKey", ortn);
+ goto done;
+ }
+ ortn = SecKeyGetCSSMKey(privKeyRef, &privKey);
+ if(ortn) {
+ cssmPerror("SecKeyGetCSSMKey", ortn);
+ goto done;
+ }
+ ortn = SecKeyGetCSPHandle(privKeyRef, &cspHand);
+ if(ortn) {
+ cssmPerror("SecKeyGetCSPHandle", ortn);
+ goto done;
+ }
+
+ /* CSSM_X509_TYPE_VALUE_PAIR - one pair for now */
+ // tvp.type = CSSMOID_EmailAddress;
+ tvp.type = CSSMOID_CommonName;
+ tvp.valueType = BER_TAG_PRINTABLE_STRING;
+ #if FULL_EMAIL_ADDRESS
+ {
+ unsigned nameLen = strlen(userName);
+ tvp.value.Data = (uint8 *)malloc(nameLen + strlen("@mac.com") + 1);
+ strcpy((char *)tvp.value.Data, userName);
+ strcpy((char *)tvp.value.Data + nameLen, "@mac.com");
+ tvp.value.Length = strlen((char *)tvp.value.Data);
+ }
+ #else
+ tvp.value.Data = (uint8 *)userName;
+ tvp.value.Length = strlen(userName);
+ #endif
+ }
+ /* set up args for CSSM_TP_SubmitCredRequest */
+ if(hostName != NULL) {
+ tpAuthority.AuthorityCert = NULL;
+ tpAuthority.AuthorityLocation = &tpNetAddrs;
+ tpNetAddrs.AddressType = CSSM_ADDR_NAME;
+ tpNetAddrs.Address.Data = (uint8 *)hostName;
+ tpNetAddrs.Address.Length = strlen(hostName);
+ tpAuthPtr = &tpAuthority;
+ };
+
+ certReq.version = CSSM_DOT_MAC_TP_REQ_VERSION;
+ if(!csrInName) {
+ certReq.cspHand = cspHand;
+ certReq.clHand = cuClStartup();
+ certReq.numTypeValuePairs = 1;
+ certReq.typeValuePairs = &tvp;
+ certReq.publicKey = (CSSM_KEY_PTR)pubKey;
+ certReq.privateKey = (CSSM_KEY_PTR)privKey;
+ }
+ if(doNotPost) {
+ certReq.flags |= CSSM_DOTMAC_TP_DO_NOT_POST;
+ }
+ if(csrOutName != NULL) {
+ certReq.flags |= CSSM_DOTMAC_TP_RETURN_CSR;
+ }
+ if(doRenew) {
+ certReq.flags |= CSSM_DOTMAC_TP_SIGN_RENEW;
+ }
+
+ reqSet.NumberOfRequests = 1;
+ reqSet.Requests = &certReq;
+
+ policyField.FieldOid = *opOid;
+ policyField.FieldValue.Data = NULL;
+ policyField.FieldValue.Length = 0;
+ memset(&callerAuth, 0, sizeof(callerAuth));
+ callerAuth.Policy.NumberOfPolicyIds = 1;
+ callerAuth.Policy.PolicyIds = &policyField;
+ if(!csrInName) {
+ ortn = SecKeyGetCredentials(privKeyRef,
+ CSSM_ACL_AUTHORIZATION_SIGN,
+ kSecCredentialTypeDefault,
+ const_cast<const CSSM_ACCESS_CREDENTIALS **>(&callerAuth.CallerCredentials));
+ if(ortn) {
+ cssmPerror("SecKeyGetCredentials", crtn);
+ goto done;
+ }
+ }
+
+ crtn = CSSM_TP_SubmitCredRequest (tpHand,
+ tpAuthPtr,
+ CSSM_TP_AUTHORITY_REQUEST_CERTISSUE, // CSSM_TP_AUTHORITY_REQUEST_TYPE
+ &reqSet, // const CSSM_TP_REQUEST_SET *RequestInput,
+ &callerAuth,
+ &estTime, // sint32 *EstimatedTime,
+ &refId); // CSSM_DATA_PTR ReferenceIdentifier
+ switch(crtn) {
+ case CSSM_OK:
+ case CSSMERR_APPLE_DOTMAC_REQ_QUEUED:
+ {
+ /*
+ * refId should be a cert or RefId
+ */
+ const char *itemType = "Cert";
+ const char *statStr = "OK";
+ if(crtn != CSSM_OK) {
+ itemType = "RefId";
+ statStr = "Cert";
+ }
+ if((refId.Data == NULL) || (refId.Length == 0)) {
+ printf("CSSM_TP_SubmitCredRequest returned %s but no data\n", statStr);
+ break;
+ }
+ if(crtn == CSSM_OK) {
+ printf("...cert acquisition complete\n");
+ }
+ else {
+ printf("...Cert request QUEUED\n");
+ }
+ if(outFile) {
+ if(!writeFile(outFile, refId.Data, refId.Length)) {
+ if(!quiet) {
+ printf("...%lu bytes of %s written to %s\n",
+ refId.Length, itemType, outFile);
+ }
+ }
+ else {
+ printf("***Error writing %s to %s\n", itemType, outFile);
+ crtn = ioErr;
+ }
+ }
+ else if(verbose) {
+ if(crtn == CSSM_OK) {
+ unsigned char *der;
+ unsigned derLen;
+ if(pemDecode(refId.Data, refId.Length, &der, &derLen)) {
+ printf("***Error PEM decoding returned cert\n");
+ }
+ else {
+ printCert(der, derLen, CSSM_FALSE);
+ free(der);
+ }
+ }
+ else {
+ printf("RefId data:\n");
+ snDumpText(refId.Data, refId.Length);
+ }
+ }
+ break;
+ }
+ case CSSMERR_APPLE_DOTMAC_REQ_REDIRECT:
+ if((refId.Data == NULL) || (refId.Length == 0)) {
+ printf("CSSM_TP_SubmitCredRequest returned REDIRECT but no data\n");
+ break;
+ }
+ printf("...cert acquisition : REDIRECTED to: ");
+ snDumpText(refId.Data, refId.Length);
+ printf("\n");
+ break;
+ default:
+ cssmPerror("CSSM_TP_SubmitCredRequest", crtn);
+ break;
+ }
+ if(csrOutName) {
+ if((certReq.csr.Data == NULL) || (certReq.csr.Length == 0)) {
+ printf("***Asked for CSR but didn't get one\n");
+ ortn = paramErr;
+ goto done;
+ }
+ if(writeFile(csrOutName, certReq.csr.Data, certReq.csr.Length)) {
+ printf("***Error writing CSR to %s.\n", csrOutName);
+ }
+ else {
+ printf("...%lu bytes written as CSR to %s\n", certReq.csr.Length, csrOutName);
+ }
+ }
+done:
+ /* cleanup */
+ CSSM_ModuleDetach(tpHand);
+ if(certReq.clHand) {
+ CSSM_ModuleDetach(certReq.clHand);
+ }
+ if(kcRef) {
+ CFRelease(kcRef);
+ }
+ if(csrInName) {
+ free(certReq.csr.Data);
+ }
+ if(privKeyRef) {
+ CFRelease(privKeyRef);
+ }
+ if(pubKeyRef) {
+ CFRelease(pubKeyRef);
+ }
+ if(refId.Data) {
+ cuAppFree(refId.Data, NULL);
+ }
+ if(doPause) {
+ fpurge(stdin);
+ printf("Pausing for MallocDebug measurement; CR to continue: ");
+ getchar();
+ }
+
+ return ortn;
+}
projects / apple / security.git / blobdiff