本文整理汇总了C++中PK11_FindCertFromNickname函数的典型用法代码示例。如果您正苦于以下问题:C++ PK11_FindCertFromNickname函数的具体用法?C++ PK11_FindCertFromNickname怎么用?C++ PK11_FindCertFromNickname使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了PK11_FindCertFromNickname函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: aUtf8Nickname
NS_IMETHODIMP
nsNSSCertificateDB::FindCertByNickname(nsISupports *aToken,
const nsAString &nickname,
nsIX509Cert **_rvCert)
{
nsNSSShutDownPreventionLock locker;
CERTCertificate *cert = NULL;
char *asciiname = NULL;
NS_ConvertUTF16toUTF8 aUtf8Nickname(nickname);
asciiname = const_cast<char*>(aUtf8Nickname.get());
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting \"%s\"\n", asciiname));
#if 0
// what it should be, but for now...
if (aToken) {
cert = PK11_FindCertFromNickname(asciiname, NULL);
} else {
cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), asciiname);
}
#endif
cert = PK11_FindCertFromNickname(asciiname, NULL);
if (!cert) {
cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), asciiname);
}
if (cert) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("got it\n"));
nsCOMPtr<nsIX509Cert> pCert = new nsNSSCertificate(cert);
CERT_DestroyCertificate(cert);
*_rvCert = pCert;
NS_ADDREF(*_rvCert);
return NS_OK;
}
*_rvCert = nsnull;
return NS_ERROR_FAILURE;
}示例2: nss_get_cert
static X509*
nss_get_cert(NSS_CTX *ctx, const char *s) {
X509 *x509 = NULL;
CERTCertificate *cert = NULL;
CALL_TRACE("nss_get_cert...\n");
if (ctx == NULL) {
NSSerr(NSS_F_GET_CERT, NSS_R_INVALID_ARGUMENT);
goto done;
}
if (!NSS_IsInitialized()) {
NSSerr(NSS_F_GET_CERT, NSS_R_DB_IS_NOT_INITIALIZED);
goto done;
}
nss_debug(ctx, "search certificate '%s'", s);
cert = PK11_FindCertFromNickname(s, NULL);
nss_trace(ctx, "found certificate mem='%p'", cert);
if (cert == NULL) goto done;
x509 = X509_from_CERTCertificate(cert);
done:
if (cert) CERT_DestroyCertificate(cert);
nss_debug(ctx, "certificate %s", (x509 ? "found": "not found"));
return(x509);
}示例3: check_issuer_cert
/**
*
* Check that the Peer certificate's issuer certificate matches the one found
* by issuer_nickname. This is not exactly the way OpenSSL and GNU TLS do the
* issuer check, so we provide comments that mimic the OpenSSL
* X509_check_issued function (in x509v3/v3_purp.c)
*/
static SECStatus check_issuer_cert(PRFileDesc *sock,
char *issuer_nickname)
{
CERTCertificate *cert,*cert_issuer,*issuer;
SECStatus res=SECSuccess;
void *proto_win = NULL;
/*
PRArenaPool *tmpArena = NULL;
CERTAuthKeyID *authorityKeyID = NULL;
SECITEM *caname = NULL;
*/
cert = SSL_PeerCertificate(sock);
cert_issuer = CERT_FindCertIssuer(cert,PR_Now(),certUsageObjectSigner);
proto_win = SSL_RevealPinArg(sock);
issuer = PK11_FindCertFromNickname(issuer_nickname, proto_win);
if((!cert_issuer) || (!issuer))
res = SECFailure;
else if(SECITEM_CompareItem(&cert_issuer->derCert,
&issuer->derCert)!=SECEqual)
res = SECFailure;
CERT_DestroyCertificate(cert);
CERT_DestroyCertificate(issuer);
CERT_DestroyCertificate(cert_issuer);
return res;
}示例4: NSSSignBegin
/**
* Obtains a signing context.
*
* @param ctx A pointer to the signing context to fill
* @return 0 on success
* -1 on error
*/
int
NSSSignBegin(const char *certName,
SGNContext **ctx,
SECKEYPrivateKey **privKey,
CERTCertificate **cert,
uint32_t *signatureLength)
{
secuPWData pwdata = { PW_NONE, 0 };
if (!certName || !ctx || !privKey || !cert || !signatureLength) {
fprintf(stderr, "ERROR: Invalid parameter passed to NSSSignBegin\n");
return -1;
}
/* Get the cert and embedded public key out of the database */
*cert = PK11_FindCertFromNickname(certName, &pwdata);
if (!*cert) {
fprintf(stderr, "ERROR: Could not find cert from nickname\n");
return -1;
}
/* Get the private key out of the database */
*privKey = PK11_FindKeyByAnyCert(*cert, &pwdata);
if (!*privKey) {
fprintf(stderr, "ERROR: Could not find private key\n");
return -1;
}
*signatureLength = PK11_SignatureLen(*privKey);
if (*signatureLength > BLOCKSIZE) {
fprintf(stderr,
"ERROR: Program must be compiled with a larger block size"
" to support signing with signatures this large: %u.\n",
*signatureLength);
return -1;
}
/* Check that the key length is large enough for our requirements */
if (*signatureLength < XP_MIN_SIGNATURE_LEN_IN_BYTES) {
fprintf(stderr, "ERROR: Key length must be >= %d bytes\n",
XP_MIN_SIGNATURE_LEN_IN_BYTES);
return -1;
}
*ctx = SGN_NewContext (SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE, *privKey);
if (!*ctx) {
fprintf(stderr, "ERROR: Could not create signature context\n");
return -1;
}
if (SGN_Begin(*ctx) != SECSuccess) {
fprintf(stderr, "ERROR: Could not begin signature\n");
return -1;
}
return 0;
}示例5: GenerateCert
/***********************************************************************
*
* G e n e r a t e C e r t
*
* Runs the whole process of creating a new cert, getting info from the
* user, etc.
*/
int
GenerateCert(char *nickname, int keysize, char *token)
{
CERTCertDBHandle * db;
CERTCertificate * cert;
char *subject;
unsigned long serial;
char stdinbuf[160];
/* Print warning about having the browser open */
PR_fprintf(PR_STDOUT /*always go to console*/,
"\nWARNING: Performing this operation while the browser is running could cause"
"\ncorruption of your security databases. If the browser is currently running,"
"\nyou should exit the browser before continuing this operation. Enter "
"\n\"y\" to continue, or anything else to abort: ");
pr_fgets(stdinbuf, 160, PR_STDIN);
PR_fprintf(PR_STDOUT, "\n");
if (tolower(stdinbuf[0]) != 'y') {
PR_fprintf(errorFD, "Operation aborted at user's request.\n");
errorCount++;
return - 1;
}
db = CERT_GetDefaultCertDB();
if (!db) {
FatalError("Unable to open certificate database");
}
if (PK11_FindCertFromNickname(nickname, &pwdata)) {
PR_fprintf(errorFD,
"ERROR: Certificate with nickname \"%s\" already exists in database. You\n"
"must choose a different nickname.\n", nickname);
errorCount++;
exit(ERRX);
}
LL_L2UI(serial, PR_Now());
subject = GetSubjectFromUser(serial);
cert = GenerateSelfSignedObjectSigningCert(nickname, db, subject,
serial, keysize, token);
if (cert) {
output_ca_cert(cert, db);
CERT_DestroyCertificate(cert);
}
PORT_Free(subject);
return 0;
}示例6: SelectClientCert
/**
*
* Callback to pick the SSL client certificate.
*/
static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
struct CERTDistNamesStr *caNames,
struct CERTCertificateStr **pRetCert,
struct SECKEYPrivateKeyStr **pRetKey)
{
SECKEYPrivateKey *privKey;
struct ssl_connect_data *connssl = (struct ssl_connect_data *) arg;
char *nickname = connssl->client_nickname;
void *proto_win = NULL;
SECStatus secStatus = SECFailure;
PK11SlotInfo *slot;
(void)caNames;
proto_win = SSL_RevealPinArg(sock);
if(!nickname)
return secStatus;
connssl->client_cert = PK11_FindCertFromNickname(nickname, proto_win);
if(connssl->client_cert) {
if(!strncmp(nickname, "PEM Token", 9)) {
CK_SLOT_ID slotID = 1; /* hardcoded for now */
char slotname[SLOTSIZE];
snprintf(slotname, SLOTSIZE, "PEM Token #%ld", slotID);
slot = PK11_FindSlotByName(slotname);
privKey = PK11_FindPrivateKeyFromCert(slot, connssl->client_cert, NULL);
PK11_FreeSlot(slot);
if(privKey) {
secStatus = SECSuccess;
}
}
else {
privKey = PK11_FindKeyByAnyCert(connssl->client_cert, proto_win);
if(privKey)
secStatus = SECSuccess;
}
}
if(secStatus == SECSuccess) {
*pRetCert = connssl->client_cert;
*pRetKey = privKey;
}
else {
if(connssl->client_cert)
CERT_DestroyCertificate(connssl->client_cert);
connssl->client_cert = NULL;
}
return secStatus;
}示例7: cName
int SslSocket::listen(const SocketAddress& sa, int backlog) const
{
//get certificate and key (is this the correct way?)
std::string cName( (certname == "") ? "localhost.localdomain" : certname);
CERTCertificate *cert = PK11_FindCertFromNickname(const_cast<char*>(cName.c_str()), 0);
if (!cert) throw Exception(QPID_MSG("Failed to load certificate '" << cName << "'"));
SECKEYPrivateKey *key = PK11_FindKeyByAnyCert(cert, 0);
if (!key) throw Exception(QPID_MSG("Failed to retrieve private key from certificate"));
NSS_CHECK(SSL_ConfigSecureServer(prototype, cert, key, NSS_FindCertKEAType(cert)));
SECKEY_DestroyPrivateKey(key);
CERT_DestroyCertificate(cert);
return BSDSocket::listen(sa, backlog);
}示例8: qnetd_instance_init_certs
int
qnetd_instance_init_certs(struct qnetd_instance *instance)
{
instance->server.cert = PK11_FindCertFromNickname(
instance->advanced_settings->cert_nickname, NULL);
if (instance->server.cert == NULL) {
return (-1);
}
instance->server.private_key = PK11_FindKeyByAnyCert(instance->server.cert, NULL);
if (instance->server.private_key == NULL) {
return (-1);
}
return (0);
}示例9: nss_load_cert
static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
const char *filename, PRBool cacert)
{
CURLcode err = (cacert)
? CURLE_SSL_CACERT_BADFILE
: CURLE_SSL_CERTPROBLEM;
#ifdef HAVE_PK11_CREATEGENERICOBJECT
/* libnsspem.so leaks memory if the requested file does not exist. For more
* details, go to <https://bugzilla.redhat.com/734760>. */
if(is_file(filename))
err = nss_create_object(ssl, CKO_CERTIFICATE, filename, cacert);
if(CURLE_OK == err && !cacert) {
/* we have successfully loaded a client certificate */
CERTCertificate *cert;
char *nickname = NULL;
char *n = strrchr(filename, '/');
if(n)
n++;
/* The following undocumented magic helps to avoid a SIGSEGV on call
* of PK11_ReadRawAttribute() from SelectClientCert() when using an
* immature version of libnsspem.so. For more details, go to
* <https://bugzilla.redhat.com/733685>. */
nickname = aprintf("PEM Token #1:%s", n);
if(nickname) {
cert = PK11_FindCertFromNickname(nickname, NULL);
if(cert)
CERT_DestroyCertificate(cert);
free(nickname);
}
}
#endif
return err;
}示例10: SSL_ImportFD
int SslSocket::listen(uint16_t port, int backlog, const std::string& certName, bool clientAuth) const
{
//configure prototype socket:
prototype = SSL_ImportFD(0, PR_NewTCPSocket());
if (clientAuth) {
NSS_CHECK(SSL_OptionSet(prototype, SSL_REQUEST_CERTIFICATE, PR_TRUE));
NSS_CHECK(SSL_OptionSet(prototype, SSL_REQUIRE_CERTIFICATE, PR_TRUE));
}
//get certificate and key (is this the correct way?)
CERTCertificate *cert = PK11_FindCertFromNickname(const_cast<char*>(certName.c_str()), 0);
if (!cert) throw Exception(QPID_MSG("Failed to load certificate '" << certName << "'"));
SECKEYPrivateKey *key = PK11_FindKeyByAnyCert(cert, 0);
if (!key) throw Exception(QPID_MSG("Failed to retrieve private key from certificate"));
NSS_CHECK(SSL_ConfigSecureServer(prototype, cert, key, NSS_FindCertKEAType(cert)));
SECKEY_DestroyPrivateKey(key);
CERT_DestroyCertificate(cert);
//bind and listen
const int& socket = impl->fd;
int yes=1;
QPID_POSIX_CHECK(setsockopt(socket,SOL_SOCKET,SO_REUSEADDR,&yes,sizeof(yes)));
struct sockaddr_in name;
name.sin_family = AF_INET;
name.sin_port = htons(port);
name.sin_addr.s_addr = 0;
if (::bind(socket, (struct sockaddr*)&name, sizeof(name)) < 0)
throw Exception(QPID_MSG("Can't bind to port " << port << ": " << strError(errno)));
if (::listen(socket, backlog) < 0)
throw Exception(QPID_MSG("Can't listen on port " << port << ": " << strError(errno)));
socklen_t namelen = sizeof(name);
if (::getsockname(socket, (struct sockaddr*)&name, &namelen) < 0)
throw QPID_POSIX_ERROR(errno);
return ntohs(name.sin_port);
}示例11: CERT_FindCertByNickname
CERTCertificate *
CERT_FindCertByNickname(CERTCertDBHandle *handle, const char *nickname)
{
NSSCryptoContext *cc;
NSSCertificate *c, *ct;
CERTCertificate *cert;
NSSUsage usage;
usage.anyUsage = PR_TRUE;
cc = STAN_GetDefaultCryptoContext();
ct = NSSCryptoContext_FindBestCertificateByNickname(cc, nickname, NULL,
&usage, NULL);
cert = PK11_FindCertFromNickname(nickname, NULL);
c = NULL;
if (cert) {
c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert));
CERT_DestroyCertificate(cert);
if (ct) {
CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
}
} else {
c = ct;
}
return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
}示例12: CERT_FindCertByNicknameOrEmailAddr
CERTCertificate *
CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name)
{
NSSCryptoContext *cc;
NSSCertificate *c, *ct;
CERTCertificate *cert;
NSSUsage usage;
if (NULL == name) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
usage.anyUsage = PR_TRUE;
cc = STAN_GetDefaultCryptoContext();
ct = NSSCryptoContext_FindBestCertificateByNickname(cc, name,
NULL, &usage, NULL);
if (!ct && PORT_Strchr(name, '@') != NULL) {
char* lowercaseName = CERT_FixupEmailAddr(name);
if (lowercaseName) {
ct = NSSCryptoContext_FindBestCertificateByEmail(cc, lowercaseName,
NULL, &usage, NULL);
PORT_Free(lowercaseName);
}
}
cert = PK11_FindCertFromNickname(name, NULL);
if (cert) {
c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert));
CERT_DestroyCertificate(cert);
if (ct) {
CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
}
} else {
c = ct;
}
return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
}示例13: main
//.........这里部分代码省略.........
print_usage();
return -1;
}
return import_signature(argv[2], sigIndex, argv[3], argv[4]);
case 'v':
if (certCount == 0) {
print_usage();
return -1;
}
#if (!defined(XP_WIN) && !defined(XP_MACOSX)) || defined(MAR_NSS)
if (!NSSConfigDir || certCount == 0) {
print_usage();
return -1;
}
if (NSSInitCryptoContext(NSSConfigDir)) {
fprintf(stderr, "ERROR: Could not initialize crypto library.\n");
return -1;
}
#endif
rv = 0;
for (k = 0; k < certCount; ++k) {
#if (defined(XP_WIN) || defined(XP_MACOSX)) && !defined(MAR_NSS)
rv = mar_read_entire_file(DERFilePaths[k], MAR_MAX_CERT_SIZE,
&certBuffers[k], &fileSizes[k]);
#else
/* It is somewhat circuitous to look up a CERTCertificate and then pass
* in its DER encoding just so we can later re-create that
* CERTCertificate to extract the public key out of it. However, by doing
* things this way, we maximize the reuse of the mar_verify_signatures
* function and also we keep the control flow as similar as possible
* between programs and operating systems, at least for the functions
* that are critically important to security.
*/
certs[k] = PK11_FindCertFromNickname(certNames[k], NULL);
if (certs[k]) {
certBuffers[k] = certs[k]->derCert.data;
fileSizes[k] = certs[k]->derCert.len;
} else {
rv = -1;
}
#endif
if (rv) {
fprintf(stderr, "ERROR: could not read file %s", DERFilePaths[k]);
break;
}
}
if (!rv) {
MarFile *mar = mar_open(argv[2]);
if (mar) {
rv = mar_verify_signatures(mar, certBuffers, fileSizes, certCount);
mar_close(mar);
} else {
fprintf(stderr, "ERROR: Could not open MAR file.\n");
rv = -1;
}
}
for (k = 0; k < certCount; ++k) {
#if (defined(XP_WIN) || defined(XP_MACOSX)) && !defined(MAR_NSS)
free((void*)certBuffers[k]);
#else
/* certBuffers[k] is owned by certs[k] so don't free it */
CERT_DestroyCertificate(certs[k]);
#endif
}
if (rv) {
/* Determine if the source MAR file has the new fields for signing */
int hasSignatureBlock;
if (get_mar_file_info(argv[2], &hasSignatureBlock,
NULL, NULL, NULL, NULL)) {
fprintf(stderr, "ERROR: could not determine if MAR is old or new.\n");
} else if (!hasSignatureBlock) {
fprintf(stderr, "ERROR: The MAR file is in the old format so has"
" no signature to verify.\n");
}
return -1;
}
return 0;
case 's':
if (!NSSConfigDir || certCount == 0 || argc < 4) {
print_usage();
return -1;
}
return mar_repackage_and_sign(NSSConfigDir, certNames, certCount,
argv[2], argv[3]);
case 'r':
return strip_signature_block(argv[2], argv[3]);
#endif /* endif NO_SIGN_VERIFY disabled */
default:
print_usage();
return -1;
}
}示例14: CERT_GetDefaultCertDB
void
nsNSSCertificateDB::get_default_nickname(CERTCertificate *cert,
nsIInterfaceRequestor* ctx,
nsCString &nickname)
{
nickname.Truncate();
nsNSSShutDownPreventionLock locker;
nsresult rv;
CK_OBJECT_HANDLE keyHandle;
CERTCertDBHandle *defaultcertdb = CERT_GetDefaultCertDB();
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
if (NS_FAILED(rv))
return;
nsCAutoString username;
char *temp_un = CERT_GetCommonName(&cert->subject);
if (temp_un) {
username = temp_un;
PORT_Free(temp_un);
temp_un = nsnull;
}
nsCAutoString caname;
char *temp_ca = CERT_GetOrgName(&cert->issuer);
if (temp_ca) {
caname = temp_ca;
PORT_Free(temp_ca);
temp_ca = nsnull;
}
nsAutoString tmpNickFmt;
nssComponent->GetPIPNSSBundleString("nick_template", tmpNickFmt);
NS_ConvertUTF16toUTF8 nickFmt(tmpNickFmt);
nsCAutoString baseName;
char *temp_nn = PR_smprintf(nickFmt.get(), username.get(), caname.get());
if (!temp_nn) {
return;
} else {
baseName = temp_nn;
PR_smprintf_free(temp_nn);
temp_nn = nsnull;
}
nickname = baseName;
/*
* We need to see if the private key exists on a token, if it does
* then we need to check for nicknames that already exist on the smart
* card.
*/
PK11SlotInfo *slot = PK11_KeyForCertExists(cert, &keyHandle, ctx);
PK11SlotInfoCleaner slotCleaner(slot);
if (!slot)
return;
if (!PK11_IsInternal(slot)) {
char *tmp = PR_smprintf("%s:%s", PK11_GetTokenName(slot), baseName.get());
if (!tmp) {
nickname.Truncate();
return;
}
baseName = tmp;
PR_smprintf_free(tmp);
nickname = baseName;
}
int count = 1;
while (true) {
if ( count > 1 ) {
char *tmp = PR_smprintf("%s #%d", baseName.get(), count);
if (!tmp) {
nickname.Truncate();
return;
}
nickname = tmp;
PR_smprintf_free(tmp);
}
CERTCertificate *dummycert = nsnull;
CERTCertificateCleaner dummycertCleaner(dummycert);
if (PK11_IsInternal(slot)) {
/* look up the nickname to make sure it isn't in use already */
dummycert = CERT_FindCertByNickname(defaultcertdb, nickname.get());
} else {
/*
* Check the cert against others that already live on the smart
* card.
*/
dummycert = PK11_FindCertFromNickname(nickname.get(), ctx);
if (dummycert != NULL) {
/*
* Make sure the subject names are different.
*/
if (CERT_CompareName(&cert->subject, &dummycert->subject) == SECEqual)
//.........这里部分代码省略.........
示例15: create_pk7
/*********************************************************************
*
* c r e a t e _ p k 7
*/
static int
create_pk7 (char *dir, char *keyName, int *keyType)
{
int status = 0;
char *file_ext;
CERTCertificate * cert;
CERTCertDBHandle * db;
FILE * in, *out;
char sf_file [FNSIZE];
char pk7_file [FNSIZE];
/* open cert database */
db = CERT_GetDefaultCertDB();
if (db == NULL)
return - 1;
/* find cert */
/*cert = CERT_FindCertByNicknameOrEmailAddr(db, keyName);*/
cert = PK11_FindCertFromNickname(keyName, &pwdata);
if (cert == NULL) {
SECU_PrintError ( PROGRAM_NAME,
"Cannot find the cert \"%s\"", keyName);
return -1;
}
/* determine the key type, which sets the extension for pkcs7 object */
*keyType = jar_find_key_type (cert);
file_ext = (*keyType == dsaKey) ? "dsa" : "rsa";
sprintf (sf_file, "%s/META-INF/%s.sf", dir, base);
sprintf (pk7_file, "%s/META-INF/%s.%s", dir, base, file_ext);
if ((in = fopen (sf_file, "rb")) == NULL) {
PR_fprintf(errorFD, "%s: Can't open %s for reading\n", PROGRAM_NAME,
sf_file);
errorCount++;
exit (ERRX);
}
if ((out = fopen (pk7_file, "wb")) == NULL) {
PR_fprintf(errorFD, "%s: Can't open %s for writing\n", PROGRAM_NAME,
sf_file);
errorCount++;
exit (ERRX);
}
status = SignFile (out, in, cert);
CERT_DestroyCertificate (cert);
fclose (in);
fclose (out);
if (status) {
PR_fprintf(errorFD, "%s: PROBLEM signing data (%s)\n",
PROGRAM_NAME, SECU_ErrorString ((int16) PORT_GetError()));
errorCount++;
return - 1;
}
return 0;
}