+++ /dev/null
-/*
- * Parse a cert, dump its subject name (in normalized DER-encoded form),
- * key size, and public key blob to stdout.
- */
-#include <utilLib/common.h>
-#include <utilLib/cspwrap.h>
-#include <security_cdsa_utils/cuFileIo.h>
-#include <security_cdsa_utils/cuPrintCert.h>
-#include <clAppUtils/clutils.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <Security/cssm.h>
-#include <Security/oidscert.h>
-#include <Security/SecAsn1Coder.h>
-#include <Security/X509Templates.h>
-
-#define WRITE_NAME_FILE 1
-
-/* allow checking various DER encoded fields */
-#define SUBJECT_NAME_OID CSSMOID_X509V1SubjectName /* normalized */
-// #define SUBJECT_NAME_OID CSSMOID_X509V1SubjectNameStd /* non normalized */
-
-/*
- * Print the contents of a CSSM_DATA, like so:
- *
- * static const uint8 <label>_bytes[] = {
- * ....contents.....
- * };
- * static const CSSM_DATA <label> = { length, (uint8 *)<label>_bytes} ;
- */
-static void dumpDataBlob(
- const char *label,
- const CSSM_DATA_PTR data)
-{
- unsigned i;
-
- printf("static const uint8 %s_bytes[] = {\n ", label);
- for(i=0; i<data->Length; i++) {
- printf("0x%02x", data->Data[i]);
- if(i != (data->Length - 1)) {
- printf(", ");
- }
- if((i % 8) == 7) {
- printf("\n ");
- }
- }
- printf("\n};\n");
- printf("static const CSSM_DATA %s = { %lu, (uint8 *)%s_bytes };\n",
- label, data->Length, label);
-}
-
-static void printHeader(
- const char *fileName,
- CSSM_DATA_PTR subject)
-{
- CSSM_FIELD field;
- OidParser parser(false); // quick parser, no config file
-
- printf("/***********************\n");
- printf("Cert File Name: %s\n", fileName);
- field.FieldValue = *subject;
- field.FieldOid = CSSMOID_X509V1SubjectNameCStruct;
- printCertField(field, parser, true);
- printf(" ***********************/\n");
-}
-
-int main(int argc, char **argv)
-{
- CSSM_CL_HANDLE clHand; // CL handle
- CSSM_DATA rawCert = {0, NULL};
- uint32 numFields;
- CSSM_HANDLE ResultsHandle = 0;
- char baseName[255];
- char blobName[255];
- char *cp;
- int rtn;
- int nameLen;
- CSSM_RETURN crtn;
- CSSM_DATA_PTR value;
- CSSM_KEY_PTR key;
- uint32 keySize;
- NSS_Certificate signedCert;
- SecAsn1CoderRef coder;
-
- if(argc != 2) {
- printf("usage: %s certFile\n", argv[0]);
- exit(1);
- }
-
- /* connect to CL */
- clHand = clStartup();
- if(clHand == 0) {
- printf("clStartup failure; aborting\n");
- return 0;
- }
-
- /* subsequent errors to abort: */
- /* read a in raw cert */
- unsigned len;
- rtn = readFile(argv[1], &rawCert.Data, &len);
- if(rtn) {
- printf("Error %s reading file %s\n", strerror(rtn), argv[1]);
- exit(1);
- }
- rawCert.Length = len;
-
- /* C string of file name, terminating at '.' or space */
- nameLen = strlen(argv[1]);
- memmove(baseName, argv[1], nameLen);
- baseName[nameLen] = '\0';
- cp = strchr(baseName, '.');
- if(cp) {
- *cp = '\0';
- }
- cp = strchr(baseName, ' ');
- if(cp) {
- *cp = '\0';
- }
-
- /* print filename and parsed subject name as comment */
- crtn = CSSM_CL_CertGetFirstFieldValue(
- clHand,
- &rawCert,
- &CSSMOID_X509V1SubjectNameCStruct,
- &ResultsHandle,
- &numFields,
- &value);
- if(crtn) {
- printError("CSSM_CL_CertGetFirstFieldValue(CSSMOID_X509V1SubjectNameCStruct)", crtn);
- goto abort;
- }
- CSSM_CL_CertAbortQuery(clHand, ResultsHandle);
- if(value == NULL) {
- printf("Error extracting subject name\n");
- goto abort;
- }
- printHeader(argv[1], value);
- CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1SubjectNameCStruct, value);
-
- /* print normalized & encoded subject name as C data */
- crtn = CSSM_CL_CertGetFirstFieldValue(
- clHand,
- &rawCert,
- &SUBJECT_NAME_OID,
- &ResultsHandle,
- &numFields,
- &value);
- if(crtn) {
- printError("CSSM_CL_CertGetFirstFieldValue(CSSMOID_X509V1SubjectName)", crtn);
- goto abort;
- }
- CSSM_CL_CertAbortQuery(clHand, ResultsHandle);
- if(value == NULL) {
- printf("Error extracting subject name\n");
- goto abort;
- }
- sprintf(blobName, "%s_subject", baseName);
- dumpDataBlob(blobName, value);
- #if WRITE_NAME_FILE
- writeFile(blobName, value->Data, (unsigned)value->Length);
- #endif
- CSSM_CL_FreeFieldValue(clHand, &SUBJECT_NAME_OID, value);
-
- /* print key blob as data */
- crtn = CSSM_CL_CertGetFirstFieldValue(
- clHand,
- &rawCert,
- &CSSMOID_CSSMKeyStruct,
- &ResultsHandle,
- &numFields,
- &value);
- if(crtn) {
- printError("CSSM_CL_CertGetFirstFieldValue(CSSMOID_CSSMKeyStruct)", crtn);
- goto abort;
- }
- CSSM_CL_CertAbortQuery(clHand, ResultsHandle );
- if(value == NULL) {
- printf("Error extracting public key\n");
- goto abort;
- }
- if(value->Length != sizeof(CSSM_KEY)) {
- printf("CSSMOID_CSSMKeyStruct length error\n");
- goto abort;
- }
- key = (CSSM_KEY_PTR)value->Data;
- sprintf(blobName, "%s_pubKey", baseName);
- dumpDataBlob(blobName, &key->KeyData);
- keySize = key->KeyHeader.LogicalKeySizeInBits;
- CSSM_CL_FreeFieldValue(clHand, &CSSMOID_CSSMKeyStruct, value);
-
- /* unnormalized DER-encoded issuer */
- SecAsn1CoderCreate(&coder);
- memset(&signedCert, 0, sizeof(signedCert));
- if(SecAsn1DecodeData(coder, &rawCert, kSecAsn1SignedCertTemplate, &signedCert)) {
- printf("***Error NSS-decoding certificate\n");
- }
- else {
- sprintf(blobName, "%s_derIssuer", baseName);
- dumpDataBlob(blobName, &signedCert.tbs.derIssuer);
- }
- /* now the the struct containing all three */
- printf("\n { &%s_subject, &%s_pubKey, %u },\n", baseName, baseName, (unsigned)keySize);
-abort:
- free(rawCert.Data);
- if(clHand != 0) {
- CSSM_ModuleDetach(clHand);
- }
- SecAsn1CoderRelease(coder);
- return 0;
-}
projects / apple / security.git / blobdiff