C++ SECU_Strerror函数代码示例

int sign_value(pkcs11_handle_t *h, cert_object_t *cert, CK_BYTE *data,
	      CK_ULONG length, CK_BYTE **signature, CK_ULONG *signature_length)
{
  SECOidTag algtag;
  SECKEYPrivateKey *key;
  SECItem result;
  SECStatus rv;

  if (h->slot == NULL) {
    return -1;
  }

  /* get the key */
  key = PK11_FindPrivateKeyFromCert(h->slot, (CERTCertificate *)cert, NULL);
  if (key == NULL) {
    DBG1("Couldn't Find key for Cert: %s", SECU_Strerror(PR_GetError()));
    return -1;
  }

  /* get the oid */
  algtag = SEC_GetSignatureAlgorithmOidTag(key->keyType, SEC_OID_SHA1);

  /* sign the data */
  rv = SEC_SignData(&result, data, length, key, algtag);
  SECKEY_DestroyPrivateKey(key);
  if (rv != SECSuccess) {
    DBG1("Signature failed: %s", SECU_Strerror(PR_GetError()));
    return -1;
  }

  *signature = (CK_BYTE *)result.data;
  *signature_length = result.len;
  return 0;
}

void release_pkcs11_module(pkcs11_handle_t *h)
{
  SECStatus rv;
  close_pkcs11_session(h);
  if (h->is_user_module) {
    rv = SECMOD_UnloadUserModule(h->module);
    if (rv != SECSuccess) {
      DBG1("Unloading UserModule failed: %s", SECU_Strerror(PR_GetError()));
    }
  }

  if (h->module) {
    SECMOD_DestroyModule(h->module);
  }
  memset(h, 0, sizeof(pkcs11_handle_t));
  free(h);

  /* if we initialized NSS, then we need to shut it down */
  if (!app_has_NSS) {
    rv = NSS_Shutdown();
    if (rv != SECSuccess) {
      DBG1("NSS Shutdown Failed: %s", SECU_Strerror(PR_GetError()));
    }
  }
}

/*************************************************************************
 *
 * F i p s M o d e
 * If arg=="true", enable FIPS mode on the internal module.  If arg=="false",
 * disable FIPS mode on the internal module.
 */
Error
FipsMode(char *arg)
{
    char *internal_name;

    if (!PORT_Strcasecmp(arg, "true")) {
        if (!PK11_IsFIPS()) {
            internal_name = PR_smprintf("%s",
                                        SECMOD_GetInternalModule()->commonName);
            if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
                PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
                PR_smprintf_free(internal_name);
                PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
                return FIPS_SWITCH_FAILED_ERR;
            }
            PR_smprintf_free(internal_name);
            if (!PK11_IsFIPS()) {
                PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
                return FIPS_SWITCH_FAILED_ERR;
            }
            PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
        } else {
            PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]);
            return FIPS_ALREADY_ON_ERR;
        }
    } else if (!PORT_Strcasecmp(arg, "false")) {
        if (PK11_IsFIPS()) {
            internal_name = PR_smprintf("%s",
                                        SECMOD_GetInternalModule()->commonName);
            if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
                PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
                PR_smprintf_free(internal_name);
                PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
                return FIPS_SWITCH_FAILED_ERR;
            }
            PR_smprintf_free(internal_name);
            if (PK11_IsFIPS()) {
                PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
                return FIPS_SWITCH_FAILED_ERR;
            }
            PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]);
        } else {
            PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_OFF_ERR]);
            return FIPS_ALREADY_OFF_ERR;
        }
    } else {
        PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]);
        return INVALID_FIPS_ARG;
    }

    return SUCCESS;
}

CERTCertificate *
getCert(const char *name, PRBool isAscii, const char * progName)
{
    CERTCertificate * cert;
    CERTCertDBHandle *defaultDB;
    PRFileDesc*     fd;
    SECStatus       rv;
    SECItem         item        = {0, NULL, 0};

    defaultDB = CERT_GetDefaultCertDB();

    /* First, let's try to find the cert in existing DB. */
    cert = CERT_FindCertByNicknameOrEmailAddr(defaultDB, name);
    if (cert) {
        return cert;
    }

    /* Don't have a cert with name "name" in the DB. Try to
     * open a file with such name and get the cert from there.*/
    fd = PR_Open(name, PR_RDONLY, 0777); 
    if (!fd) {
	PRIntn err = PR_GetError();
    	fprintf(stderr, "open of %s failed, %d = %s\n", 
	        name, err, SECU_Strerror(err));
	return cert;
    }

    rv = SECU_ReadDERFromFile(&item, fd, isAscii);
    PR_Close(fd);
    if (rv != SECSuccess) {
	fprintf(stderr, "%s: SECU_ReadDERFromFile failed\n", progName);
	return cert;
    }

    if (!item.len) { /* file was empty */
	fprintf(stderr, "cert file %s was empty.\n", name);
	return cert;
    }

    cert = CERT_NewTempCertificate(defaultDB, &item, 
                                   NULL     /* nickname */, 
                                   PR_FALSE /* isPerm */, 
				   PR_TRUE  /* copyDER */);
    if (!cert) {
	PRIntn err = PR_GetError();
	fprintf(stderr, "couldn't import %s, %d = %s\n",
	        name, err, SECU_Strerror(err));
    }
    PORT_Free(item.data);
    return cert;
}

int crypto_init(cert_policy *policy) {
  SECStatus rv;

  DBG("Initializing NSS ...");
  if (NSS_IsInitialized()) {
    app_has_NSS = 1;
    /* we should save the app's password function */
    PK11_SetPasswordFunc(password_passthrough);
    DBG("...  NSS is initialized");
    return 0;
  }
  if (policy->nss_dir) {
    /* initialize with read only databases */
    DBG1("Initializing NSS ... database=%s", policy->nss_dir);
    rv = NSS_Init(policy->nss_dir);
  } else {
    /* not database secified */
    DBG("Initializing NSS ... with no db");
    rv = NSS_NoDB_Init(NULL);
  }

  if (rv != SECSuccess) {
    DBG1("NSS_Initialize failed: %s", SECU_Strerror(PR_GetError()));
    return -1;
  }
  /* register a callback */
  PK11_SetPasswordFunc(password_passthrough);

  if (policy->ocsp_policy == OCSP_ON) {
    CERT_EnableOCSPChecking(CERT_GetDefaultCertDB());
  }
  DBG("...  NSS Complete");
  return 0;
}

/*
 * Get the status for the specified certificate (whose nickname is "cert_name").
 * Directly use the OCSP function rather than doing a full verification.
 */
static SECStatus
get_cert_status (FILE *out_file, CERTCertDBHandle *handle,
		 CERTCertificate *cert, const char *cert_name,
		 PRTime verify_time)
{
    SECStatus rv = SECFailure;

    if (handle == NULL || cert == NULL)
	goto loser;

    rv = CERT_CheckOCSPStatus (handle, cert, verify_time, NULL);

    fprintf (out_file, "Check of certificate \"%s\" ", cert_name); 
    if (rv == SECSuccess) {
	fprintf (out_file, "succeeded.\n"); 
    } else {
	const char *error_string = SECU_Strerror(PORT_GetError());
	fprintf (out_file, "failed.  Reason:\n");
	if (error_string != NULL && PORT_Strlen(error_string) > 0)
	    fprintf (out_file, "%s\n", error_string);
	else
	    fprintf (out_file, "Unknown\n");
    }

    rv = SECSuccess;

loser:

    return rv;
}

/*
 * Verify the specified certificate (whose nickname is "cert_name").
 * OCSP is already turned on, so we just need to call the standard
 * certificate verification API and let it do all the work.
 */
static SECStatus
verify_cert (FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
	     const char *cert_name, SECCertUsage cert_usage, PRTime verify_time)
{
    SECStatus rv = SECFailure;

    if (handle == NULL || cert == NULL)
	return rv;

    rv = CERT_VerifyCert (handle, cert, PR_TRUE, cert_usage, verify_time,
			  NULL, NULL);

    fprintf (out_file, "Verification of certificate \"%s\" ", cert_name); 
    if (rv == SECSuccess) {
	fprintf (out_file, "succeeded.\n"); 
    } else {
	const char *error_string = SECU_Strerror(PORT_GetError());
	fprintf (out_file, "failed.  Reason:\n");
	if (error_string != NULL && PORT_Strlen(error_string) > 0)
	    fprintf (out_file, "%s\n", error_string);
	else
	    fprintf (out_file, "Unknown\n");
    }

    rv = SECSuccess;

    return rv;
}

char *
XP_GetString(int i)
{
    /* nasty hackish cast to avoid changing the signature of
     * JAR_init_callbacks() */
    return (char *)SECU_Strerror(i);
}

int get_random_value(unsigned char *data, int length)
{
  SECStatus rv = PK11_GenerateRandom(data,length);
  if (rv != SECSuccess) {
    DBG1("couldn't generate random number: %s", SECU_Strerror(PR_GetError()));
  }
  return (rv == SECSuccess) ? 0 : -1;
}

static void
errWarn(char * funcString)
{
    PRErrorCode  perr      = PR_GetError();
    const char * errString = SECU_Strerror(perr);

    fprintf(stderr, "strsclnt: %s returned error %d:\n%s\n",
            funcString, perr, errString);
}

SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type, 
                     PRFileDesc *inFile, PRInt32 importOptions, PRInt32 decodeOptions)
{
    CERTSignedCrl *crl = NULL;
    SECItem crlDER;
    PK11SlotInfo* slot = NULL;
    int rv;
#if defined(DEBUG_jp96085)
    PRIntervalTime starttime, endtime, elapsed;
    PRUint32 mins, secs, msecs;
#endif

    crlDER.data = NULL;


    /* Read in the entire file specified with the -f argument */
    rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE);
    if (rv != SECSuccess) {
	SECU_PrintError(progName, "unable to read input file");
	return (SECFailure);
    }

    decodeOptions |= CRL_DECODE_DONT_COPY_DER;

    slot = PK11_GetInternalKeySlot();
 
#if defined(DEBUG_jp96085)
    starttime = PR_IntervalNow();
#endif
    crl = PK11_ImportCRL(slot, &crlDER, url, type,
          NULL, importOptions, NULL, decodeOptions);
#if defined(DEBUG_jp96085)
    endtime = PR_IntervalNow();
    elapsed = endtime - starttime;
    mins = PR_IntervalToSeconds(elapsed) / 60;
    secs = PR_IntervalToSeconds(elapsed) % 60;
    msecs = PR_IntervalToMilliseconds(elapsed) % 1000;
    printf("Elapsed : %2d:%2d.%3d\n", mins, secs, msecs);
#endif
    if (!crl) {
	const char *errString;

	rv = SECFailure;
	errString = SECU_Strerror(PORT_GetError());
	if ( errString && PORT_Strlen (errString) == 0)
	    SECU_PrintError (progName, 
	        "CRL is not imported (error: input CRL is not up to date.)");
	else    
	    SECU_PrintError (progName, "unable to import CRL");
    } else {
	SEC_DestroyCrl (crl);
    }
    if (slot) {
        PK11_FreeSlot(slot);
    }
    return (rv);
}

void
errWarn(char *function)
{
    PRErrorCode  errorNumber = PR_GetError();
    const char * errorString = SECU_Strerror(errorNumber);

    fprintf(stderr, "Error in function %s: %d\n - %s\n",
		    function, errorNumber, errorString);
}

static const char *
errWarn(char *funcString)
{
    PRErrorCode perr = PR_GetError();
    const char *errString = SECU_Strerror(perr);

    fprintf(stderr, "httpserv: %s returned error %d:\n%s\n",
            funcString, perr, errString);
    return errString;
}

static SECStatus
myBadCertHandler( void *arg, PRFileDesc *fd)
{
    PRErrorCode err = PR_GetError();
    if (!MakeCertOK)
	fprintf(stderr, 
	    "strsclnt: -- SSL: Server Certificate Invalid, err %d.\n%s\n", 
            err, SECU_Strerror(err));
    return (MakeCertOK ? SECSuccess : SECFailure);
}

LDAP_CALL
ldapssl_err2string( const int prerrno )
{
    const char	*s;

    if (( s = SECU_Strerror( (PRErrorCode)prerrno )) == NULL ) {
	s = dgettext(TEXT_DOMAIN, "unknown");
    }

    return( s );
}