+++ /dev/null
-/*
- * Decode P12 PFX using either C++ P12Coder or public
- * C API (both from SecurityNssPkcs12)
- */
-
-#include <security_pkcs12/pkcs12Coder.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <Security/cssmtype.h>
-#include <security_cdsa_utils/cuPrintCert.h>
-#include <security_cdsa_utils/cuCdsaUtils.h>
-#include "p12GetPassKey.h"
-#include "p12.h"
-
-/* use this option to debug the P12Coder class directly */
-#define P12_DECODE_VIA_CPP 0
-
-/*
- * Print CFString - stored as unicode, we get the C string,
- * print it plus newline
- */
-static void printUcStr(
- CFStringRef cfstr)
-{
- CFIndex len = CFStringGetLength(cfstr) + 1;
- char *outStr = (char *)malloc(len);
- if(CFStringGetCString(cfstr, outStr, len, kCFStringEncodingASCII)) {
- printf("%s\n", outStr);
- }
- else {
- printf("***Error converting from unicode to ASCII\n");
- }
- free(outStr);
-}
-
-static void printDataAsHex(
- CFDataRef d,
- unsigned maxToPrint = 0) // optional, 0 means print it all
-{
- unsigned i;
- bool more = false;
- uint32 len = CFDataGetLength(d);
- const uint8 *cp = CFDataGetBytePtr(d);
-
- if((maxToPrint != 0) && (len > maxToPrint)) {
- len = maxToPrint;
- more = true;
- }
- for(i=0; i<len; i++) {
- printf("%02X ", ((unsigned char *)cp)[i]);
- }
- if(more) {
- printf("...\n");
- }
- else {
- printf("\n");
- }
-}
-
-static void printAlgAsString(
- CSSM_ALGORITHMS alg)
-{
- char *s = "unknown alg";
- switch(alg) {
- case CSSM_ALGID_RSA:
- s = "RSA";
- break;
- case CSSM_ALGID_DSA:
- s = "DSA";
- break;
- case CSSM_ALGID_FEE:
- s = "FEE";
- break;
- default:
- break;
- }
- printf("%s\n", s);
-}
-
-#if P12_DECODE_VIA_CPP
-
-/* common bag attrs - friendlyName, localKeyId */
-static void printBagAttrs(
- P12SafeBag &bag)
-{
- CFStringRef friendlyName = bag.friendlyName();
- if(friendlyName) {
- printf(" friendlyName : ");
- printUcStr(friendlyName);
- CFRelease(friendlyName);
- }
-
- CFDataRef keyId = bag.localKeyId();
- if(keyId) {
- printf(" localKeyId : ");
- printDataAsHex(keyId, 16);
- CFRelease(keyId);
- }
- if((friendlyName == NULL) && (keyId == NULL)) {
- printf(" <no attributes found>\n");
- }
-}
-
-OSStatus p12Decode(
- const CSSM_DATA &pfx,
- CSSM_CSP_HANDLE cspHand,
- CFStringRef pwd,
- bool verbose,
- unsigned loops)
-{
- OSStatus ourRtn;
-
- for(unsigned loop=0; loop<loops; loop++) {
- {
- /* localize scope of coder for malloc test */
- P12Coder coder;
- CFDataRef cfd = CFDataCreate(NULL, pfx.Data, pfx.Length);
- ourRtn = noErr;
-
- try {
- coder.setCsp(cspHand);
- coder.setMacPassPhrase(pwd);
- coder.decode(cfd);
- }
- catch(...) {
- printf("***decode error\n");
- ourRtn = 1;
- }
- CFRelease(cfd);
-
- try {
- unsigned i;
-
- unsigned numCerts = coder.numCerts();
- printf("\n%u certs found\n", numCerts);
- for(i=0; i<numCerts; i++) {
- P12CertBag *cert = coder.getCert(i);
- printf("=== Cert %u ===\n", i);
- printBagAttrs(*cert);
- if(verbose) {
- CSSM_DATA &certData = cert->certData();
- printCert(certData.Data, certData.Length,
- CSSM_FALSE);
-
- }
- printf("\n");
- }
-
- unsigned numCrls = coder.numCrls();
- printf("%u crls found\n", numCrls);
- for(i=0; i<numCrls; i++) {
- P12CrlBag *crl = coder.getCrl(i);
- printf("=== Crl %u ===\n", i);
- printBagAttrs(*crl);
- if(verbose) {
- CSSM_DATA &crlData = crl->crlData();
- printCrl(crlData.Data, crlData.Length, CSSM_FALSE);
-
- }
- printf("\n");
- }
-
- unsigned numKeys = coder.numKeys();
- printf("%u keys found\n", numKeys);
- for(i=0; i<numKeys; i++) {
- P12KeyBag *key = coder.getKey(i);
- printf("\n=== Key %u ===\n", i);
- printBagAttrs(*key);
- /* fix this up */
- CSSM_KEY_PTR ckey = key->key();
- CSSM_KEYHEADER &hdr = ckey->KeyHeader;
- printf(" Key Alg : ");
- printAlgAsString(hdr.AlgorithmId);
- printf(" Key Size : %u bits\n",
- (unsigned)hdr.LogicalKeySizeInBits);
- printf("\n");
- }
-
- unsigned numBlobs = coder.numOpaqueBlobs();
- printf("%u blobs found\n", numBlobs);
- }
- catch(...) {
- printf("***exception extracting fields\n");
- ourRtn = 1;
- }
- }
- if(loops > 1) {
- fpurge(stdin);
- printf("CR to continue: ");
- getchar();
- }
- if(ourRtn) {
- return ourRtn;
- }
- }
- return ourRtn;
-}
-
-#else /* P12_DECODE_VIA_CPP */
-
-/* Normal decode using public API in SecPkcs12.h */
-
-/* common bag attrs - friendlyName, localKeyId */
-static void printBagAttrs(
- CFStringRef friendlyName,
- CFDataRef localKeyId)
-{
- if(friendlyName) {
- printf(" friendlyName : ");
- printUcStr(friendlyName);
- }
-
- if(localKeyId) {
- printf(" localKeyId : ");
- printDataAsHex(localKeyId, 20);
- }
- if((friendlyName == NULL) && (localKeyId == NULL)) {
- printf(" <no attributes found>\n");
- }
-}
-
-/* release attrs if present */
-static void releaseAttrs(
- CFStringRef friendlyName,
- CFDataRef localKeyId,
- SecPkcs12AttrsRef attrs)
-{
- if(friendlyName) {
- CFRelease(friendlyName);
- }
- if(localKeyId) {
- CFRelease(localKeyId);
- }
- if(attrs) {
- SecPkcs12AttrsRelease(attrs);
- }
-}
-
-static void printOsError(
- const char *op,
- OSStatus ortn)
-{
- /* may want to parse out CSSM errors */
- cssmPerror(op, ortn);
- printf("\n");
-}
-
-/* Sec calls all return 1 - not the fault of SecNssPkcs12 */
-#define GET_CERTS_WORKING 1
-
-OSStatus p12Decode(
- const CSSM_DATA &pfx,
- CSSM_CSP_HANDLE cspHand,
- CFStringRef pwd, // explicit passphrase, mutually exclusive with...
- bool usePassKey, // use SECURE_PASSPHRASE key
- bool verbose,
- unsigned loops)
-{
- OSStatus ortn;
- CSSM_KEY passKey;
- CSSM_KEY_PTR passKeyPtr = NULL;
-
- CFDataRef cfd = CFDataCreate(NULL, pfx.Data, pfx.Length);
- if(usePassKey) {
- ortn = p12GetPassKey(cspHand, GPK_Decode, true, &passKey);
- if(ortn) {
- return ortn;
- }
- passKeyPtr = &passKey;
- }
- for(unsigned loop=0; loop<loops; loop++) {
- SecPkcs12CoderRef coder;
- ortn = SecPkcs12CoderCreate(&coder);
- if(ortn) {
- printOsError("SecPkcs12CoderCreate", ortn);
- return ortn;
- }
-
- ortn = SecPkcs12SetCspHandle(coder, cspHand);
- if(ortn) {
- printOsError("SecPkcs12SetCspHandle", ortn);
- return ortn;
- }
-
- if(usePassKey) {
- ortn = SecPkcs12SetMACPassKey(coder, passKeyPtr);
- if(ortn) {
- printOsError("SecPkcs12SetMACPassKey", ortn);
- return ortn;
- }
- }
- else {
- ortn = SecPkcs12SetMACPassphrase(coder, pwd);
- if(ortn) {
- printOsError("SecPkcs12SetMACPassphrase", ortn);
- return ortn;
- }
- }
- ortn = SecPkcs12Decode(coder, cfd);
- if(ortn) {
- printOsError("SecPkcs12Decode", ortn);
- return ortn;
- }
-
- CFIndex i;
- CFStringRef fname;
- CFDataRef keyId;
-
- CFIndex numCerts;
- SecPkcs12CertificateCount(coder, &numCerts);
- printf("\n=== %ld certs found ===\n", numCerts);
- #if GET_CERTS_WORKING
- for(i=0; i<numCerts; i++) {
- SecCertificateRef secCert;
- ortn = SecPkcs12CopyCertificate(coder,
- i,
- &secCert,
- &fname,
- &keyId,
- NULL); // attrs
- if(ortn) {
- printOsError("SecPkcs12CopyCertificate", ortn);
- return ortn;
- }
- printf("Cert %ld:\n", i);
- printBagAttrs(fname, keyId);
- if(verbose) {
- CSSM_DATA certData;
- ortn = SecCertificateGetData(secCert, &certData);
- if(ortn) {
- printOsError("SecCertificateGetData", ortn);
- return ortn;
- }
- printCert(certData.Data, certData.Length,
- CSSM_FALSE);
-
- }
- releaseAttrs(fname, keyId, NULL);
- CFRelease(secCert);
- printf("\n");
- }
- #endif /* GET_CERTS_WORKING */
-
- CFIndex numCrls;
- SecPkcs12CrlCount(coder, &numCrls);
- printf("=== %ld crls found ===\n", numCrls);
- for(i=0; i<numCrls; i++) {
- CFDataRef crl;
- ortn = SecPkcs12CopyCrl(coder,
- i,
- &crl,
- &fname,
- &keyId,
- NULL); // attrs
- if(ortn) {
- printOsError("SecPkcs12CopyCrl", ortn);
- return ortn;
- }
- printf("Crl %ld:\n", i);
- printBagAttrs(fname, keyId);
- if(verbose) {
- const CSSM_DATA crlData = {
- CFDataGetLength(crl),
- (uint8 *)CFDataGetBytePtr(crl) };
- printCrl(crlData.Data, crlData.Length, CSSM_FALSE);
-
- }
- releaseAttrs(fname, keyId, NULL);
- CFRelease(crl);
- printf("\n");
- }
-
- CFIndex numKeys;
- SecPkcs12PrivateKeyCount(coder, &numKeys);
- printf("=== %ld keys found ===\n", numKeys);
- for(i=0; i<numKeys; i++) {
- CSSM_KEY_PTR key;
- ortn = SecPkcs12GetCssmPrivateKey(coder,
- i,
- &key,
- &fname,
- &keyId,
- NULL);
-
- printf("Key %ld:\n", i);
- printBagAttrs(fname, keyId);
- /* fix this up */
- CSSM_KEYHEADER &hdr = key->KeyHeader;
- printf(" Key Alg : ");
- printAlgAsString(hdr.AlgorithmId);
- printf(" Key Size : %u bits\n",
- (unsigned)hdr.LogicalKeySizeInBits);
- printf("\n");
- releaseAttrs(fname, keyId, NULL);
- }
-
- CFIndex numBlobs;
- SecPkcs12OpaqueBlobCount(coder, &numBlobs);
- if(numBlobs != 0) {
- printf("%ld blobs found\n", numBlobs);
- }
-
- /* this should free all memory allocated in the decode */
- SecPkcs12CoderRelease(coder);
-
- if(loops > 1) {
- fpurge(stdin);
- printf("CR to continue: ");
- getchar();
- }
- }
- return 0;
-}
-
-
-#endif /* P12_DECODE_VIA_CPP */
projects / apple / security.git / blobdiff