+++ /dev/null
-/*
- * rootUtils.cpp - utility routines for rootStoreTool
- */
-
-#include <stdlib.h>
-#include <strings.h>
-#include <stdio.h>
-#include <unistd.h>
-#include "rootUtils.h"
-#include <Security/SecCertificatePriv.h>
-#include <Security/SecBasePriv.h>
-#include <Security/SecTrustSettings.h>
-#include <Security/TrustSettingsSchema.h> /* private header */
-#include <Security/SecAsn1Coder.h>
-#include <Security/nameTemplates.h> /* oh frabjous day */
-
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
-
-static int indentSize = 0;
-void indentIncr(void) { indentSize += 3; }
-void indentDecr(void) { indentSize -= 3; }
-
-void indent(void)
-{
- if(indentSize < 0) {
- printf("***indent screwup\n");
- indentSize = 0;
- }
- for (int dex=0; dex<indentSize; dex++) {
- putchar(' ');
- }
-}
-
-void printAscii(
- const char *buf,
- unsigned len,
- unsigned maxLen)
-{
- bool doEllipsis = false;
- if(len > maxLen) {
- len = maxLen;
- doEllipsis = true;
- }
- for(unsigned dex=0; dex<len; dex++) {
- char c = *buf++;
- if(isalnum(c) || (c == ' ')) {
- putchar(c);
- }
- else {
- putchar('.');
- }
- fflush(stdout);
- }
- if(doEllipsis) {
- printf("...etc.");
- }
-}
-
-void printHex(
- const unsigned char *buf,
- unsigned len,
- unsigned maxLen)
-{
- bool doEllipsis = false;
- if(len > maxLen) {
- len = maxLen;
- doEllipsis = true;
- }
- for(unsigned dex=0; dex<len; dex++) {
- printf("%02X ", *buf++);
- }
- if(doEllipsis) {
- printf("...etc.");
- }
-}
-
-void printOid(
- const void *buf,
- unsigned len,
- OidParser &parser)
-{
- char outstr[OID_PARSER_STRING_SIZE];
- parser.oidParse((const unsigned char *)buf, len, outstr);
- printf("%s", outstr);
-}
-
-void printData(
- const char *label,
- CFDataRef data,
- PrintDataType whichType,
- OidParser &parser)
-{
- const unsigned char *buf = CFDataGetBytePtr(data);
- unsigned len = CFDataGetLength(data);
-
- printf("%s: ", label);
- switch(whichType) {
- case PD_Hex:
- printHex(buf, len, 16);
- break;
- case PD_ASCII:
- printAscii((const char *)buf, len, 50);
- break;
- case PD_OID:
- printOid(buf, len, parser);
- }
- putchar('\n');
-}
-
-/* print the contents of a CFString */
-void printCfStr(
- CFStringRef cfstr)
-{
- CFDataRef strData = CFStringCreateExternalRepresentation(NULL, cfstr,
- kCFStringEncodingUTF8, true);
- if(strData == NULL) {
- printf("<<string decode error>>");
- return;
- }
- const char *cp = (const char *)CFDataGetBytePtr(strData);
- CFIndex len = CFDataGetLength(strData);
- for(CFIndex dex=0; dex<len; dex++) {
- putchar(*cp++);
- }
- CFRelease(strData);
-}
-
-/* print a CFDateRef */
-static const char *months[12] = {
- "Jan", "Feb", "Mar", "Apr", "May", "Jun",
- "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
-};
-
-void printCFDate(
- CFDateRef dateRef)
-{
- CFAbsoluteTime absTime = CFDateGetAbsoluteTime(dateRef);
- if(absTime == 0.0) {
- printf("<<Malformed CFDateeRef>>\n");
- return;
- }
- CFGregorianDate gregDate = CFAbsoluteTimeGetGregorianDate(absTime, NULL);
- const char *month = "Unknown";
- if((gregDate.month > 12) || (gregDate.month <= 0)) {
- printf("Huh? GregDate.month > 11. These amps only GO to 11.\n");
- }
- else {
- month = months[gregDate.month - 1];
- }
- printf("%s %d, %ld %02d:%02d",
- month, gregDate.day, gregDate.year, gregDate.hour, gregDate.minute);
-}
-
-/* print a CFNumber */
-void printCfNumber(
- CFNumberRef cfNum)
-{
- SInt32 s;
- if(!CFNumberGetValue(cfNum, kCFNumberSInt32Type, &s)) {
- printf("***CFNumber overflow***");
- return;
- }
- printf("%ld", s);
-}
-
-/* print a CFNumber as a SecTrustSettingsResult */
-void printResult(
- CFNumberRef cfNum)
-{
- SInt32 n;
- if(!CFNumberGetValue(cfNum, kCFNumberSInt32Type, &n)) {
- printf("***CFNumber overflow***");
- return;
- }
- const char *s;
- char bogus[100];
- switch(n) {
- case kSecTrustSettingsResultInvalid: s = "kSecTrustSettingsResultInvalid"; break;
- case kSecTrustSettingsResultTrustRoot: s = "kSecTrustSettingsResultTrustRoot"; break;
- case kSecTrustSettingsResultTrustAsRoot: s = "kSecTrustSettingsResultTrustAsRoot"; break;
- case kSecTrustSettingsResultDeny: s = "kSecTrustSettingsResultDeny"; break;
- case kSecTrustSettingsResultUnspecified: s = "kSecTrustSettingsResultUnspecified"; break;
- default:
- sprintf(bogus, "Unknown SecTrustSettingsResult (%ld)", n);
- s = bogus;
- break;
- }
- printf("%s", s);
-}
-
-/* print a CFNumber as SecTrustSettingsKeyUsage */
-void printKeyUsage(
- CFNumberRef cfNum)
-{
- SInt32 s;
- if(!CFNumberGetValue(cfNum, kCFNumberSInt32Type, &s)) {
- printf("***CFNumber overflow***");
- return;
- }
- uint32 n = (uint32)s;
- if(n == kSecTrustSettingsKeyUseAny) {
- printf("<any>");
- return;
- }
- else if(n == 0) {
- printf("<none>");
- return;
- }
- printf("< ");
- if(n & kSecTrustSettingsKeyUseSignature) {
- printf("Signature ");
- }
- if(n & kSecTrustSettingsKeyUseEnDecryptData) {
- printf("EnDecryptData ");
- }
- if(n & kSecTrustSettingsKeyUseEnDecryptKey) {
- printf("EnDecryptKey ");
- }
- if(n & kSecTrustSettingsKeyUseSignCert) {
- printf("SignCert ");
- }
- if(n & kSecTrustSettingsKeyUseSignRevocation) {
- printf("SignRevocation ");
- }
- if(n & kSecTrustSettingsKeyUseKeyExchange) {
- printf("KeyExchange ");
- }
- printf(" >");
-}
-
-/* print a CFNumber as CSSM_RETURN string */
-void printCssmErr(
- CFNumberRef cfNum)
-{
- SInt32 s;
- if(!CFNumberGetValue(cfNum, kCFNumberSInt32Type, &s)) {
- printf("***CFNumber overflow***");
- return;
- }
- printf("%s", cssmErrorString((CSSM_RETURN)s));
-}
-
-/* print cert's label (the one SecCertificate infers) */
-OSStatus printCertLabel(
- SecCertificateRef certRef)
-{
- OSStatus ortn;
- CFStringRef label;
-
- ortn = SecCertificateInferLabel(certRef, &label);
- if(ortn) {
- cssmPerror("SecCertificateInferLabel", ortn);
- return ortn;
- }
- printCfStr(label);
- CFRelease(label);
- return noErr;
-}
-
-/*
- * How many items in a NULL-terminated array of pointers?
- */
-static unsigned nssArraySize(
- const void **array)
-{
- unsigned count = 0;
- if (array) {
- while (*array++) {
- count++;
- }
- }
- return count;
-}
-
-static int compareOids(
- const CSSM_OID *data1,
- const CSSM_OID *data2)
-{
- if((data1 == NULL) || (data1->Data == NULL) ||
- (data2 == NULL) || (data2->Data == NULL) ||
- (data1->Length != data2->Length)) {
- return 0;
- }
- if(data1->Length != data2->Length) {
- return 0;
- }
- return memcmp(data1->Data, data2->Data, data1->Length) == 0;
-}
-
-static void printRdn(const NSS_RDN *rdn, OidParser &parser)
-{
- unsigned numAtvs = nssArraySize((const void **)rdn->atvs);
- char *fieldName;
-
- for(unsigned dex=0; dex<numAtvs; dex++) {
- const NSS_ATV *atv = rdn->atvs[dex];
- if(compareOids(&atv->type, &CSSMOID_CountryName)) {
- fieldName = "Country ";
- }
- else if(compareOids(&atv->type, &CSSMOID_OrganizationName)) {
- fieldName = "Org ";
- }
- else if(compareOids(&atv->type, &CSSMOID_LocalityName)) {
- fieldName = "Locality ";
- }
- else if(compareOids(&atv->type, &CSSMOID_OrganizationalUnitName)) {
- fieldName = "OrgUnit ";
- }
- else if(compareOids(&atv->type, &CSSMOID_CommonName)) {
- fieldName = "Common Name ";
- }
- else if(compareOids(&atv->type, &CSSMOID_Surname)) {
- fieldName = "Surname ";
- }
- else if(compareOids(&atv->type, &CSSMOID_Title)) {
- fieldName = "Title ";
- }
- else if(compareOids(&atv->type, &CSSMOID_Surname)) {
- fieldName = "Surname ";
- }
- else if(compareOids(&atv->type, &CSSMOID_StateProvinceName)) {
- fieldName = "State ";
- }
- else if(compareOids(&atv->type, &CSSMOID_CollectiveStateProvinceName)) {
- fieldName = "Coll. State ";
- }
- else if(compareOids(&atv->type, &CSSMOID_EmailAddress)) {
- /* deprecated, used by Thawte */
- fieldName = "Email addrs ";
- }
- else {
- fieldName = "Other name ";
- }
- indent(); printf("%s : ", fieldName);
- /* Not strictly true here, but we'll just assume we can print everything */
- printAscii((char *)atv->value.item.Data, atv->value.item.Length,
- atv->value.item.Length);
- putchar('\n');
- }
-}
-
-/* print a CFData as an X509 Name (i.e., subject or issuer) */
-void printCfName(
- CFDataRef nameData,
- OidParser &parser)
-{
- SecAsn1CoderRef coder = NULL;
- OSStatus ortn;
-
- ortn = SecAsn1CoderCreate(&coder);
- if(ortn) {
- cssmPerror("SecAsn1CoderCreate", ortn);
- return;
- }
- /* subsequent errors to errOut: */
-
- NSS_Name nssName = {NULL};
- unsigned numRdns;
-
- ortn = SecAsn1Decode(coder,
- CFDataGetBytePtr(nameData), CFDataGetLength(nameData),
- kSecAsn1NameTemplate,
- &nssName);
- if(ortn) {
- printf("***Error decoding NSS_Name\n");
- goto errOut;
- }
- numRdns = nssArraySize((const void **)nssName.rdns);
- for(unsigned dex=0; dex<numRdns; dex++) {
- printRdn(nssName.rdns[dex], parser);
- }
-
-errOut:
- if(coder) {
- SecAsn1CoderRelease(coder);
- }
-}
-
projects / apple / security.git / blobdiff