本文整理汇总了C++中PK11_FindCertFromNickname函数的典型用法代码示例。如果您正苦于以下问题:C++ PK11_FindCertFromNickname函数的具体用法?C++ PK11_FindCertFromNickname怎么用?C++ PK11_FindCertFromNickname使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了PK11_FindCertFromNickname函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: aUtf8Nickname
NS_IMETHODIMP
nsNSSCertificateDB::FindCertByNickname(nsISupports *aToken,
const nsAString &nickname,
nsIX509Cert **_rvCert)
{
nsNSSShutDownPreventionLock locker;
CERTCertificate *cert = NULL;
char *asciiname = NULL;
NS_ConvertUTF16toUTF8 aUtf8Nickname(nickname);
asciiname = const_cast<char*>(aUtf8Nickname.get());
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting \"%s\"\n", asciiname));
#if 0
// what it should be, but for now...
if (aToken) {
cert = PK11_FindCertFromNickname(asciiname, NULL);
} else {
cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), asciiname);
}
#endif
cert = PK11_FindCertFromNickname(asciiname, NULL);
if (!cert) {
cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), asciiname);
}
if (cert) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("got it\n"));
nsCOMPtr<nsIX509Cert> pCert = new nsNSSCertificate(cert);
CERT_DestroyCertificate(cert);
*_rvCert = pCert;
NS_ADDREF(*_rvCert);
return NS_OK;
}
*_rvCert = nsnull;
return NS_ERROR_FAILURE;
}
开发者ID:amyvmiwei,项目名称:firefox,代码行数:34,代码来源:nsNSSCertificateDB.cpp
示例2: nss_get_cert
static X509*
nss_get_cert(NSS_CTX *ctx, const char *s) {
X509 *x509 = NULL;
CERTCertificate *cert = NULL;
CALL_TRACE("nss_get_cert...\n");
if (ctx == NULL) {
NSSerr(NSS_F_GET_CERT, NSS_R_INVALID_ARGUMENT);
goto done;
}
if (!NSS_IsInitialized()) {
NSSerr(NSS_F_GET_CERT, NSS_R_DB_IS_NOT_INITIALIZED);
goto done;
}
nss_debug(ctx, "search certificate '%s'", s);
cert = PK11_FindCertFromNickname(s, NULL);
nss_trace(ctx, "found certificate mem='%p'", cert);
if (cert == NULL) goto done;
x509 = X509_from_CERTCertificate(cert);
done:
if (cert) CERT_DestroyCertificate(cert);
nss_debug(ctx, "certificate %s", (x509 ? "found": "not found"));
return(x509);
}
开发者ID:BackupTheBerlios,项目名称:enss-svn,代码行数:30,代码来源:e_nss_cmd.c
示例3: check_issuer_cert
/**
*
* Check that the Peer certificate's issuer certificate matches the one found
* by issuer_nickname. This is not exactly the way OpenSSL and GNU TLS do the
* issuer check, so we provide comments that mimic the OpenSSL
* X509_check_issued function (in x509v3/v3_purp.c)
*/
static SECStatus check_issuer_cert(PRFileDesc *sock,
char *issuer_nickname)
{
CERTCertificate *cert,*cert_issuer,*issuer;
SECStatus res=SECSuccess;
void *proto_win = NULL;
/*
PRArenaPool *tmpArena = NULL;
CERTAuthKeyID *authorityKeyID = NULL;
SECITEM *caname = NULL;
*/
cert = SSL_PeerCertificate(sock);
cert_issuer = CERT_FindCertIssuer(cert,PR_Now(),certUsageObjectSigner);
proto_win = SSL_RevealPinArg(sock);
issuer = PK11_FindCertFromNickname(issuer_nickname, proto_win);
if((!cert_issuer) || (!issuer))
res = SECFailure;
else if(SECITEM_CompareItem(&cert_issuer->derCert,
&issuer->derCert)!=SECEqual)
res = SECFailure;
CERT_DestroyCertificate(cert);
CERT_DestroyCertificate(issuer);
CERT_DestroyCertificate(cert_issuer);
return res;
}
开发者ID:3s3s,项目名称:simple_server,代码行数:37,代码来源:nss.c
示例4: NSSSignBegin
/**
* Obtains a signing context.
*
* @param ctx A pointer to the signing context to fill
* @return 0 on success
* -1 on error
*/
int
NSSSignBegin(const char *certName,
SGNContext **ctx,
SECKEYPrivateKey **privKey,
CERTCertificate **cert,
uint32_t *signatureLength)
{
secuPWData pwdata = { PW_NONE, 0 };
if (!certName || !ctx || !privKey || !cert || !signatureLength) {
fprintf(stderr, "ERROR: Invalid parameter passed to NSSSignBegin\n");
return -1;
}
/* Get the cert and embedded public key out of the database */
*cert = PK11_FindCertFromNickname(certName, &pwdata);
if (!*cert) {
fprintf(stderr, "ERROR: Could not find cert from nickname\n");
return -1;
}
/* Get the private key out of the database */
*privKey = PK11_FindKeyByAnyCert(*cert, &pwdata);
if (!*privKey) {
fprintf(stderr, "ERROR: Could not find private key\n");
return -1;
}
*signatureLength = PK11_SignatureLen(*privKey);
if (*signatureLength > BLOCKSIZE) {
fprintf(stderr,
"ERROR: Program must be compiled with a larger block size"
" to support signing with signatures this large: %u.\n",
*signatureLength);
return -1;
}
/* Check that the key length is large enough for our requirements */
if (*signatureLength < XP_MIN_SIGNATURE_LEN_IN_BYTES) {
fprintf(stderr, "ERROR: Key length must be >= %d bytes\n",
XP_MIN_SIGNATURE_LEN_IN_BYTES);
return -1;
}
*ctx = SGN_NewContext (SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE, *privKey);
if (!*ctx) {
fprintf(stderr, "ERROR: Could not create signature context\n");
return -1;
}
if (SGN_Begin(*ctx) != SECSuccess) {
fprintf(stderr, "ERROR: Could not begin signature\n");
return -1;
}
return 0;
}
开发者ID:Flatta,项目名称:LibreOffice-core,代码行数:64,代码来源:mar_sign.c
示例5: GenerateCert
/***********************************************************************
*
* G e n e r a t e C e r t
*
* Runs the whole process of creating a new cert, getting info from the
* user, etc.
*/
int
GenerateCert(char *nickname, int keysize, char *token)
{
CERTCertDBHandle * db;
CERTCertificate * cert;
char *subject;
unsigned long serial;
char stdinbuf[160];
/* Print warning about having the browser open */
PR_fprintf(PR_STDOUT /*always go to console*/,
"\nWARNING: Performing this operation while the browser is running could cause"
"\ncorruption of your security databases. If the browser is currently running,"
"\nyou should exit the browser before continuing this operation. Enter "
"\n\"y\" to continue, or anything else to abort: ");
pr_fgets(stdinbuf, 160, PR_STDIN);
PR_fprintf(PR_STDOUT, "\n");
if (tolower(stdinbuf[0]) != 'y') {
PR_fprintf(errorFD, "Operation aborted at user's request.\n");
errorCount++;
return - 1;
}
db = CERT_GetDefaultCertDB();
if (!db) {
FatalError("Unable to open certificate database");
}
if (PK11_FindCertFromNickname(nickname, &pwdata)) {
PR_fprintf(errorFD,
"ERROR: Certificate with nickname \"%s\" already exists in database. You\n"
"must choose a different nickname.\n", nickname);
errorCount++;
exit(ERRX);
}
LL_L2UI(serial, PR_Now());
subject = GetSubjectFromUser(serial);
cert = GenerateSelfSignedObjectSigningCert(nickname, db, subject,
serial, keysize, token);
if (cert) {
output_ca_cert(cert, db);
CERT_DestroyCertificate(cert);
}
PORT_Free(subject);
return 0;
}
开发者ID:AOSC-Dev,项目名称:nss-purified,代码行数:58,代码来源:certgen.c
示例6: SelectClientCert
/**
*
* Callback to pick the SSL client certificate.
*/
static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
struct CERTDistNamesStr *caNames,
struct CERTCertificateStr **pRetCert,
struct SECKEYPrivateKeyStr **pRetKey)
{
SECKEYPrivateKey *privKey;
struct ssl_connect_data *connssl = (struct ssl_connect_data *) arg;
char *nickname = connssl->client_nickname;
void *proto_win = NULL;
SECStatus secStatus = SECFailure;
PK11SlotInfo *slot;
(void)caNames;
proto_win = SSL_RevealPinArg(sock);
if(!nickname)
return secStatus;
connssl->client_cert = PK11_FindCertFromNickname(nickname, proto_win);
if(connssl->client_cert) {
if(!strncmp(nickname, "PEM Token", 9)) {
CK_SLOT_ID slotID = 1; /* hardcoded for now */
char slotname[SLOTSIZE];
snprintf(slotname, SLOTSIZE, "PEM Token #%ld", slotID);
slot = PK11_FindSlotByName(slotname);
privKey = PK11_FindPrivateKeyFromCert(slot, connssl->client_cert, NULL);
PK11_FreeSlot(slot);
if(privKey) {
secStatus = SECSuccess;
}
}
else {
privKey = PK11_FindKeyByAnyCert(connssl->client_cert, proto_win);
if(privKey)
secStatus = SECSuccess;
}
}
if(secStatus == SECSuccess) {
*pRetCert = connssl->client_cert;
*pRetKey = privKey;
}
else {
if(connssl->client_cert)
CERT_DestroyCertificate(connssl->client_cert);
connssl->client_cert = NULL;
}
return secStatus;
}
开发者ID:heavilessrose,项目名称:my-sync,代码行数:55,代码来源:nss.c
示例7: cName
int SslSocket::listen(const SocketAddress& sa, int backlog) const
{
//get certificate and key (is this the correct way?)
std::string cName( (certname == "") ? "localhost.localdomain" : certname);
CERTCertificate *cert = PK11_FindCertFromNickname(const_cast<char*>(cName.c_str()), 0);
if (!cert) throw Exception(QPID_MSG("Failed to load certificate '" << cName << "'"));
SECKEYPrivateKey *key = PK11_FindKeyByAnyCert(cert, 0);
if (!key) throw Exception(QPID_MSG("Failed to retrieve private key from certificate"));
NSS_CHECK(SSL_ConfigSecureServer(prototype, cert, key, NSS_FindCertKEAType(cert)));
SECKEY_DestroyPrivateKey(key);
CERT_DestroyCertificate(cert);
return BSDSocket::listen(sa, backlog);
}
开发者ID:ChugR,项目名称:qpid-cpp,代码行数:14,代码来源:SslSocket.cpp
示例8: qnetd_instance_init_certs
int
qnetd_instance_init_certs(struct qnetd_instance *instance)
{
instance->server.cert = PK11_FindCertFromNickname(
instance->advanced_settings->cert_nickname, NULL);
if (instance->server.cert == NULL) {
return (-1);
}
instance->server.private_key = PK11_FindKeyByAnyCert(instance->server.cert, NULL);
if (instance->server.private_key == NULL) {
return (-1);
}
return (0);
}
开发者ID:credativ,项目名称:corosync,代码行数:17,代码来源:qnetd-instance.c
示例9: nss_load_cert
static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
const char *filename, PRBool cacert)
{
CURLcode err = (cacert)
? CURLE_SSL_CACERT_BADFILE
: CURLE_SSL_CERTPROBLEM;
#ifdef HAVE_PK11_CREATEGENERICOBJECT
/* libnsspem.so leaks memory if the requested file does not exist. For more
* details, go to <https://bugzilla.redhat.com/734760>. */
if(is_file(filename))
err = nss_create_object(ssl, CKO_CERTIFICATE, filename, cacert);
if(CURLE_OK == err && !cacert) {
/* we have successfully loaded a client certificate */
CERTCertificate *cert;
char *nickname = NULL;
char *n = strrchr(filename, '/');
if(n)
n++;
/* The following undocumented magic helps to avoid a SIGSEGV on call
* of PK11_ReadRawAttribute() from SelectClientCert() when using an
* immature version of libnsspem.so. For more details, go to
* <https://bugzilla.redhat.com/733685>. */
nickname = aprintf("PEM Token #1:%s", n);
if(nickname) {
cert = PK11_FindCertFromNickname(nickname, NULL);
if(cert)
CERT_DestroyCertificate(cert);
free(nickname);
}
}
#endif
return err;
}
开发者ID:CedricCabessa,项目名称:curl-android,代码行数:38,代码来源:nss.c
示例10: SSL_ImportFD
int SslSocket::listen(uint16_t port, int backlog, const std::string& certName, bool clientAuth) const
{
//configure prototype socket:
prototype = SSL_ImportFD(0, PR_NewTCPSocket());
if (clientAuth) {
NSS_CHECK(SSL_OptionSet(prototype, SSL_REQUEST_CERTIFICATE, PR_TRUE));
NSS_CHECK(SSL_OptionSet(prototype, SSL_REQUIRE_CERTIFICATE, PR_TRUE));
}
//get certificate and key (is this the correct way?)
CERTCertificate *cert = PK11_FindCertFromNickname(const_cast<char*>(certName.c_str()), 0);
if (!cert) throw Exception(QPID_MSG("Failed to load certificate '" << certName << "'"));
SECKEYPrivateKey *key = PK11_FindKeyByAnyCert(cert, 0);
if (!key) throw Exception(QPID_MSG("Failed to retrieve private key from certificate"));
NSS_CHECK(SSL_ConfigSecureServer(prototype, cert, key, NSS_FindCertKEAType(cert)));
SECKEY_DestroyPrivateKey(key);
CERT_DestroyCertificate(cert);
//bind and listen
const int& socket = impl->fd;
int yes=1;
QPID_POSIX_CHECK(setsockopt(socket,SOL_SOCKET,SO_REUSEADDR,&yes,sizeof(yes)));
struct sockaddr_in name;
name.sin_family = AF_INET;
name.sin_port = htons(port);
name.sin_addr.s_addr = 0;
if (::bind(socket, (struct sockaddr*)&name, sizeof(name)) < 0)
throw Exception(QPID_MSG("Can't bind to port " << port << ": " << strError(errno)));
if (::listen(socket, backlog) < 0)
throw Exception(QPID_MSG("Can't listen on port " << port << ": " << strError(errno)));
socklen_t namelen = sizeof(name);
if (::getsockname(socket, (struct sockaddr*)&name, &namelen) < 0)
throw QPID_POSIX_ERROR(errno);
return ntohs(name.sin_port);
}
开发者ID:KeithLatteri,项目名称:awips2,代码行数:37,代码来源:SslSocket.cpp
示例11: CERT_FindCertByNickname
CERTCertificate *
CERT_FindCertByNickname(CERTCertDBHandle *handle, const char *nickname)
{
NSSCryptoContext *cc;
NSSCertificate *c, *ct;
CERTCertificate *cert;
NSSUsage usage;
usage.anyUsage = PR_TRUE;
cc = STAN_GetDefaultCryptoContext();
ct = NSSCryptoContext_FindBestCertificateByNickname(cc, nickname, NULL,
&usage, NULL);
cert = PK11_FindCertFromNickname(nickname, NULL);
c = NULL;
if (cert) {
c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert));
CERT_DestroyCertificate(cert);
if (ct) {
CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
}
} else {
c = ct;
}
return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
}
开发者ID:MekliCZ,项目名称:positron,代码行数:24,代码来源:stanpcertdb.c
示例12: CERT_FindCertByNicknameOrEmailAddr
CERTCertificate *
CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name)
{
NSSCryptoContext *cc;
NSSCertificate *c, *ct;
CERTCertificate *cert;
NSSUsage usage;
if (NULL == name) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
usage.anyUsage = PR_TRUE;
cc = STAN_GetDefaultCryptoContext();
ct = NSSCryptoContext_FindBestCertificateByNickname(cc, name,
NULL, &usage, NULL);
if (!ct && PORT_Strchr(name, '@') != NULL) {
char* lowercaseName = CERT_FixupEmailAddr(name);
if (lowercaseName) {
ct = NSSCryptoContext_FindBestCertificateByEmail(cc, lowercaseName,
NULL, &usage, NULL);
PORT_Free(lowercaseName);
}
}
cert = PK11_FindCertFromNickname(name, NULL);
if (cert) {
c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert));
CERT_DestroyCertificate(cert);
if (ct) {
CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
}
} else {
c = ct;
}
return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
}
开发者ID:binoc-software,项目名称:mozilla-cvs,代码行数:36,代码来源:stanpcertdb.c
示例13: main
//.........这里部分代码省略.........
print_usage();
return -1;
}
return import_signature(argv[2], sigIndex, argv[3], argv[4]);
case 'v':
if (certCount == 0) {
print_usage();
return -1;
}
#if (!defined(XP_WIN) && !defined(XP_MACOSX)) || defined(MAR_NSS)
if (!NSSConfigDir || certCount == 0) {
print_usage();
return -1;
}
if (NSSInitCryptoContext(NSSConfigDir)) {
fprintf(stderr, "ERROR: Could not initialize crypto library.\n");
return -1;
}
#endif
rv = 0;
for (k = 0; k < certCount; ++k) {
#if (defined(XP_WIN) || defined(XP_MACOSX)) && !defined(MAR_NSS)
rv = mar_read_entire_file(DERFilePaths[k], MAR_MAX_CERT_SIZE,
&certBuffers[k], &fileSizes[k]);
#else
/* It is somewhat circuitous to look up a CERTCertificate and then pass
* in its DER encoding just so we can later re-create that
* CERTCertificate to extract the public key out of it. However, by doing
* things this way, we maximize the reuse of the mar_verify_signatures
* function and also we keep the control flow as similar as possible
* between programs and operating systems, at least for the functions
* that are critically important to security.
*/
certs[k] = PK11_FindCertFromNickname(certNames[k], NULL);
if (certs[k]) {
certBuffers[k] = certs[k]->derCert.data;
fileSizes[k] = certs[k]->derCert.len;
} else {
rv = -1;
}
#endif
if (rv) {
fprintf(stderr, "ERROR: could not read file %s", DERFilePaths[k]);
break;
}
}
if (!rv) {
MarFile *mar = mar_open(argv[2]);
if (mar) {
rv = mar_verify_signatures(mar, certBuffers, fileSizes, certCount);
mar_close(mar);
} else {
fprintf(stderr, "ERROR: Could not open MAR file.\n");
rv = -1;
}
}
for (k = 0; k < certCount; ++k) {
#if (defined(XP_WIN) || defined(XP_MACOSX)) && !defined(MAR_NSS)
free((void*)certBuffers[k]);
#else
/* certBuffers[k] is owned by certs[k] so don't free it */
CERT_DestroyCertificate(certs[k]);
#endif
}
if (rv) {
/* Determine if the source MAR file has the new fields for signing */
int hasSignatureBlock;
if (get_mar_file_info(argv[2], &hasSignatureBlock,
NULL, NULL, NULL, NULL)) {
fprintf(stderr, "ERROR: could not determine if MAR is old or new.\n");
} else if (!hasSignatureBlock) {
fprintf(stderr, "ERROR: The MAR file is in the old format so has"
" no signature to verify.\n");
}
return -1;
}
return 0;
case 's':
if (!NSSConfigDir || certCount == 0 || argc < 4) {
print_usage();
return -1;
}
return mar_repackage_and_sign(NSSConfigDir, certNames, certCount,
argv[2], argv[3]);
case 'r':
return strip_signature_block(argv[2], argv[3]);
#endif /* endif NO_SIGN_VERIFY disabled */
default:
print_usage();
return -1;
}
}
开发者ID:Jar-win,项目名称:Waterfox,代码行数:101,代码来源:mar.c
示例14: CERT_GetDefaultCertDB
void
nsNSSCertificateDB::get_default_nickname(CERTCertificate *cert,
nsIInterfaceRequestor* ctx,
nsCString &nickname)
{
nickname.Truncate();
nsNSSShutDownPreventionLock locker;
nsresult rv;
CK_OBJECT_HANDLE keyHandle;
CERTCertDBHandle *defaultcertdb = CERT_GetDefaultCertDB();
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
if (NS_FAILED(rv))
return;
nsCAutoString username;
char *temp_un = CERT_GetCommonName(&cert->subject);
if (temp_un) {
username = temp_un;
PORT_Free(temp_un);
temp_un = nsnull;
}
nsCAutoString caname;
char *temp_ca = CERT_GetOrgName(&cert->issuer);
if (temp_ca) {
caname = temp_ca;
PORT_Free(temp_ca);
temp_ca = nsnull;
}
nsAutoString tmpNickFmt;
nssComponent->GetPIPNSSBundleString("nick_template", tmpNickFmt);
NS_ConvertUTF16toUTF8 nickFmt(tmpNickFmt);
nsCAutoString baseName;
char *temp_nn = PR_smprintf(nickFmt.get(), username.get(), caname.get());
if (!temp_nn) {
return;
} else {
baseName = temp_nn;
PR_smprintf_free(temp_nn);
temp_nn = nsnull;
}
nickname = baseName;
/*
* We need to see if the private key exists on a token, if it does
* then we need to check for nicknames that already exist on the smart
* card.
*/
PK11SlotInfo *slot = PK11_KeyForCertExists(cert, &keyHandle, ctx);
PK11SlotInfoCleaner slotCleaner(slot);
if (!slot)
return;
if (!PK11_IsInternal(slot)) {
char *tmp = PR_smprintf("%s:%s", PK11_GetTokenName(slot), baseName.get());
if (!tmp) {
nickname.Truncate();
return;
}
baseName = tmp;
PR_smprintf_free(tmp);
nickname = baseName;
}
int count = 1;
while (true) {
if ( count > 1 ) {
char *tmp = PR_smprintf("%s #%d", baseName.get(), count);
if (!tmp) {
nickname.Truncate();
return;
}
nickname = tmp;
PR_smprintf_free(tmp);
}
CERTCertificate *dummycert = nsnull;
CERTCertificateCleaner dummycertCleaner(dummycert);
if (PK11_IsInternal(slot)) {
/* look up the nickname to make sure it isn't in use already */
dummycert = CERT_FindCertByNickname(defaultcertdb, nickname.get());
} else {
/*
* Check the cert against others that already live on the smart
* card.
*/
dummycert = PK11_FindCertFromNickname(nickname.get(), ctx);
if (dummycert != NULL) {
/*
* Make sure the subject names are different.
*/
if (CERT_CompareName(&cert->subject, &dummycert->subject) == SECEqual)
//.........这里部分代码省略.........
开发者ID:amyvmiwei,项目名称:firefox,代码行数:101,代码来源:nsNSSCertificateDB.cpp
示例15: create_pk7
/*********************************************************************
*
* c r e a t e _ p k 7
*/
static int
create_pk7 (char *dir, char *keyName, int *keyType)
{
int status = 0;
char *file_ext;
CERTCertificate * cert;
CERTCertDBHandle * db;
FILE * in, *out;
char sf_file [FNSIZE];
char pk7_file [FNSIZE];
/* open cert database */
db = CERT_GetDefaultCertDB();
if (db == NULL)
return - 1;
/* find cert */
/*cert = CERT_FindCertByNicknameOrEmailAddr(db, keyName);*/
cert = PK11_FindCertFromNickname(keyName, &pwdata);
if (cert == NULL) {
SECU_PrintError ( PROGRAM_NAME,
"Cannot find the cert \"%s\"", keyName);
return -1;
}
/* determine the key type, which sets the extension for pkcs7 object */
*keyType = jar_find_key_type (cert);
file_ext = (*keyType == dsaKey) ? "dsa" : "rsa";
sprintf (sf_file, "%s/META-INF/%s.sf", dir, base);
sprintf (pk7_file, "%s/META-INF/%s.%s", dir, base, file_ext);
if ((in = fopen (sf_file, "rb")) == NULL) {
PR_fprintf(errorFD, "%s: Can't open %s for reading\n", PROGRAM_NAME,
sf_file);
errorCount++;
exit (ERRX);
}
if ((out = fopen (pk7_file, "wb")) == NULL) {
PR_fprintf(errorFD, "%s: Can't open %s for writing\n", PROGRAM_NAME,
sf_file);
errorCount++;
exit (ERRX);
}
status = SignFile (out, in, cert);
CERT_DestroyCertificate (cert);
fclose (in);
fclose (out);
if (status) {
PR_fprintf(errorFD, "%s: PROBLEM signing data (%s)\n",
PROGRAM_NAME, SECU_ErrorString ((int16) PORT_GetError()));
errorCount++;
return - 1;
}
return 0;
}
开发者ID:Akin-Net,项目名称:mozilla-central,代码行数:72,代码来源:sign.c
示例16: ListCerts
/*********************************************************************
*
* L i s t C e r t s
*/
int
ListCerts(char *key, int list_certs)
{
int failed = 0;
SECStatus rv;
char *ugly_list;
CERTCertDBHandle *db;
CERTCertificate *cert;
CERTVerifyLog errlog;
errlog.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (errlog.arena == NULL) {
out_of_memory();
}
errlog.head = NULL;
errlog.tail = NULL;
errlog.count = 0;
ugly_list = PORT_ZAlloc(16);
if (ugly_list == NULL) {
out_of_memory();
}
*ugly_list = 0;
db = CERT_GetDefaultCertDB();
if (list_certs == 2) {
PR_fprintf(outputFD, "\nS Certificates\n");
PR_fprintf(outputFD, "- ------------\n");
} else {
PR_fprintf(outputFD, "\nObject signing certificates\n");
PR_fprintf(outputFD, "---------------------------------------\n");
}
num_trav_certs = 0;
/* Traverse ALL tokens in all slots, authenticating to them all */
rv = PK11_TraverseSlotCerts(cert_trav_callback, (void *)&list_certs,
&pwdata);
if (rv) {
PR_fprintf(outputFD, "**Traverse of ALL slots & tokens failed**\n");
return -1;
}
if (num_trav_certs == 0) {
PR_fprintf(outputFD,
"You don't appear to have any object signing certificates.\n");
}
if (list_certs == 2) {
PR_fprintf(outputFD, "- ------------\n");
} else {
PR_fprintf(outputFD, "---------------------------------------\n");
}
if (list_certs == 1) {
PR_fprintf(outputFD,
"For a list including CA's, use \"%s -L\"\n", PROGRAM_NAME);
}
if (list_certs == 2) {
PR_fprintf(outputFD,
"Certificates that can be used to sign objects have *'s to "
"their left.\n");
}
if (key) {
/* Do an analysis of the given cert */
cert = PK11_FindCertFromNickname(key, &pwdata);
if (cert) {
PR_fprintf(outputFD,
"\nThe certificate with nickname \"%s\" was found:\n",
cert->nickname);
PR_fprintf(outputFD, "\tsubject name: %s\n", cert->subjectName);
PR_fprintf(outputFD, "\tissuer name: %s\n", cert->issuerName);
PR_fprintf(outputFD, "\n");
rv = CERT_CertTimesValid(cert);
if (rv != SECSuccess) {
PR_fprintf(outputFD, "**This certificate is expired**\n");
} else {
PR_fprintf(outputFD, "This certificate is not expired.\n");
}
rv = CERT_VerifyCert(db, cert, PR_TRUE,
certUsageObjectSigner, PR_Now(), &pwdata, &errlog);
if (rv != SECSuccess) {
failed = 1;
//.........这里部分代码省略.........
开发者ID:MichaelKohler,项目名称:gecko-dev,代码行数:101,代码来源:list.c
示例17: vcard_emul_init
VCardEmulError
vcard_emul_init(const VCardEmulOptions *options)
{
SECStatus rv;
PRBool ret, has_readers = PR_FALSE;
VReader *vreader;
VReaderEmul *vreader_emul;
SECMODListLock *module_lock;
SECMODModuleList *module_list;
SECMODModuleList *mlp;
int i;
if (vcard_emul_init_called) {
return VCARD_EMUL_INIT_ALREADY_INITED;
}
vcard_emul_init_called = 1;
vreader_init();
vevent_queue_init();
if (options == NULL) {
options = &default_options;
}
/* first initialize NSS */
if (options->nss_db) {
rv = NSS_Init(options->nss_db);
} else {
gchar *path;
#ifndef _WIN32
path = g_strdup("/etc/pki/nssdb");
#else
if (g_get_system_config_dirs() == NULL ||
g_get_system_config_dirs()[0] == NULL) {
return VCARD_EMUL_FAIL;
}
path = g_build_filename(
g_get_system_config_dirs()[0], "pki", "nssdb", NULL);
#endif
rv = NSS_Init(path);
g_free(path);
}
if (rv != SECSuccess) {
return VCARD_EMUL_FAIL;
}
/* Set password callback function */
PK11_SetPasswordFunc(vcard_emul_get_password);
/* set up soft cards emulated by software certs rather than physical cards
* */
for (i = 0; i < options->vreader_count; i++) {
int j;
int cert_count;
unsigned char **certs;
int *cert_len;
VCardKey **keys;
PK11SlotInfo *slot;
slot = PK11_FindSlotByName(options->vreader[i].name);
if (slot == NULL) {
continue;
}
vreader_emul = vreader_emul_new(slot, options->vreader[i].card_type,
options->vreader[i].type_params);
vreader = vreader_new(options->vreader[i].vname, vreader_emul,
vreader_emul_delete);
vreader_add_reader(vreader);
cert_count = options->vreader[i].cert_count;
ret = vcard_emul_alloc_arrays(&certs, &cert_len, &keys,
options->vreader[i].cert_count);
if (ret == PR_FALSE) {
continue;
}
cert_count = 0;
for (j = 0; j < options->vreader[i].cert_count; j++) {
/* we should have a better way of identifying certs than by
* nickname here */
CERTCertificate *cert = PK11_FindCertFromNickname(
options->vreader[i].cert_name[j],
NULL);
if (cert == NULL) {
continue;
}
certs[cert_count] = cert->derCert.data;
cert_len[cert_count] = cert->derCert.len;
keys[cert_count] = vcard_emul_make_key(slot, cert);
/* this is safe because the key is still holding a cert reference */
CERT_DestroyCertificate(cert);
cert_count++;
}
if (cert_count) {
VCard *vcard = vcard_emul_make_card(vreader, certs, cert_len,
keys, cert_count);
vreader_insert_card(vreader, vcard);
vcard_emul_init_series(vreader, vcard);
/* allow insertion and removal of soft cards */
vreader_emul->saved_vcard = vcard_reference(vcard);
vcard_free(vcard);
//.........这里部分代码省略.........
开发者ID:AjayMashi,项目名称:x-tier,代码行数:101,代码来源:vcard_emul_nss.c
示例18: common_FindCertByNicknameOrEmailAddrForUsage
static CERTCertificate *
common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
const char *name, PRBool anyUsage,
SECCertUsage lookingForUsage)
{
NSSCryptoContext *cc;
NSSCertificate *c, *ct;
CERTCertificate *cert = NULL;
NSSUsage usage;
CERTCertList *certlist;
if (NULL == name) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
usage.anyUsage = anyUsage;
if (!anyUsage) {
usage.nss3lookingForCA = PR_FALSE;
usage.nss3usage = lookingForUsage;
}
cc = STAN_GetDefaultCryptoContext();
ct = NSSCryptoContext_FindBestCertificateByNickname(cc, name, NULL, &usage,
NULL);
if (!ct && PORT_Strchr(name, '@') != NULL) {
char *lowercaseName = CERT_FixupEmailAddr(name);
if (lowercaseName) {
ct = NSSCryptoContext_FindBestCertificateByEmail(
cc, lowercaseName, NULL, &usage, NULL);
PORT_Free(lowercaseName);
}
}
if (anyUsage) {
cert = PK11_FindCertFromNickname(name, NULL);
} else {
if (ct) {
/* Does ct really have the required usage? */
nssDecodedCert *dc;
dc = nssCertificate_GetDecoding(ct);
if (!dc->matchUsage(dc, &usage)) {
CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
ct = NULL;
}
}
certlist = PK11_FindCertsFromNickname(name, NULL);
if (certlist) {
SECStatus rv =
CERT_FilterCertListByUsage(certlist, lookingForUsage, PR_FALSE);
if (SECSuccess == rv &&
!CERT_LIST_END(CERT_LIST_HEAD(certlist), certlist)) {
cert = CERT_DupCertificate(CERT_LIST_HEAD(certlist)->cert);
}
CERT_DestroyCertList(certlist);
}
}
if (cert) {
c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert));
CERT_DestroyCertificate(cert);
if (ct) {
CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
}
} else {
c = ct;
}
return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
}
开发者ID:MekliCZ,项目名称:positron,代码行数:71,代码来源:stanpcertdb.c
示例19: SetServerSecParms
int SetServerSecParms(struct ThreadData *td) {
int rv;
SECKEYPrivateKey *privKey;
PRFileDesc *s;
s = td->r;
rv = SSL_Enable(s, SSL_SECURITY, 1); /* Enable security on this socket */
if (rv < 0) return Error(10);
if (SSLT_CLIENTAUTH_INITIAL == REP_ServerDoClientAuth) {
rv = SSL_Enable(s, SSL_REQUEST_CERTIFICATE, 1);
if (rv < 0) return Error(11);
}
ClearCiphers(td);
EnableCiphers(td);
PK11_SetPasswordFunc(MyPWFunc);
SSL_SetPKCS11PinArg(s,(void*) MyPWFunc);
/* Find the certificates we are going to use from the database */
/* Test for dummy certificate, which shouldn't exist */
td->cert = PK11_FindCertFromNickname("XXXXXX_CERT_HARDCOREII_1024",NULL);
if (td->cert != NULL) return Error(16);
td->cert = NULL;
if (NO_CERT != REP_ServerCert) {
td->cert = PK11_FindCertFromNickname(nicknames[REP_ServerCert],NULL);
}
/* Note: if we're set to use NO_CERT as the server cert, then we'll
* just essentially skip the rest of this (except for session ID cache setup)
*/
if ( (NULL == td->cert) && ( NO_CERT != REP_ServerCert )) {
PR_fprintf(PR_STDERR, "Can't find certificate %s\n", nicknames[REP_ServerCert]);
PR_fprintf(PR_STDERR, "Server: Seclib error: %s\n",
SECU_ErrorString ((int16) PR_GetError()));
return Error(12);
}
if ((NO_CERT != REP_ServerCert)) {
privKey = PK11_FindKeyByAnyCert(td->cert, NULL);
if (privKey == NULL) {
dbmsg((PR_STDERR, "Can't find key for this certificate\n"));
return Error(13);
}
rv = SSL_ConfigSecureServer(s,td->cert,privKey, kt_rsa);
if (rv != PR_SUCCESS) {
dbmsg((PR_STDERR, "Can't config server error(%d) \n",rv));
return Error(14);
}
}
rv = SSL_ConfigServerSessionIDCache(10, 0, 0, ".");
if (rv != 0) {
dbmsg((PR_STDERR, "Can't config server session ID cache (%d) \n",rv));
return Error(15);
}
return 0;
}
开发者ID:Akin-Net,项目名称:mozilla-central,代码行数:71,代码来源:sslc.c
示例20: PK11_FindCertFromNickname
void OsTLSServerConnectionSocket::NSSInitSocket(PRFileDesc* pDescriptor, long timeoutInSecs, const char* szPassword)
{
PRFileDesc *tcpSocket = NULL;
PRSocketOptionData socketOption;
PRStatus prStatus;
SECStatus secStatus;
// PRIntn hostenum;
// PRNetAddr addr;
SSLKEAType certKEA;
tcpSocket = pDescriptor;
if (socketDescriptor > OS_INVALID_SOCKET_DESCRIPTOR)
{
mpCert = PK11_FindCertFromNickname((char*)mCertNickname.data(), (char*)mCertPassword.data());
if (mpCert == NULL)
{
mbInitializeFailed = true;
goto TlsError;
}
unsigned char* szPwd = (unsigned char*) PR_Malloc(mCertPassword.length()+ 1);
strncpy((char*)szPwd, mCertPassword.data(), mCertPassword.length()+1);
mpPrivKey = PK11_FindKeyByAnyCert(mpCert, (char*)szPwd);
if (mpPrivKey == NULL)
{
mbInitializeFailed = true;
goto TlsError;
}
if (tcpSocket)
{
/* Make the socket blocking. */
socketOption.option = PR_SockOpt_Nonblocking;
socketOption.value.non_blocking = PR_FALSE;
prStatus = PR_SetSocketOption(tcpSocket, &socketOption);
if (prStatus != PR_SUCCESS)
{
mbInitializeFailed = true;
goto TlsError;
}
/* Import the socket into the SSL layer. */
mpPRfd = SSL_ImportFD(NULL, tcpSocket);
if (!mpPRfd)
{
mbInitializeFailed = true;
goto TlsError;
}
/* Set configuration options. */
secStatus = SSL_OptionSet(mpPRfd, SSL_SECURITY, PR_TRUE);
if (secStatus != SECSuccess)
{
mbInitializeFailed = true;
goto TlsError;
}
secStatus = SSL_OptionSet(mpPRfd, SSL_HANDSHAKE_AS_SERVER, PR_TRUE);
if (secStatus != SECSuccess)
{
mbInitializeFailed = true;
goto TlsError;
}
secStatus = SSL_AuthCertificateHook(mpPRfd,
(SSLAuthCertificate)OsTLS::AuthCertificate,
(void *)CERT_GetDefaultCertDB());
if (secStatus != SECSuccess)
{
mbInitializeFailed = true;
goto TlsError;
}
secStatus = SSL_BadCertHook(mpPRfd,
(SSLBadCertHandler)OsTLS::BadCertHandler, NULL);
if (secStatus != SECSuccess)
{
mbInitializeFailed = true;
goto TlsError;
}
secStatus = SSL_HandshakeCallback(mpPRfd,
(SSLHandshakeCallback)OsTLS::HandshakeCallback,
(void*)this);
if (secStatus != SECSucc
|
客服电话
APP下载
官方微信
请发表评论