Correctly print cert request attributes in pp. Bug 284191. r=neil.williams
authornelsonb%netscape.com
Tue, 08 Mar 2005 01:20:04 +0000
changeset 5517 8f67b8db11cddd81d5ca83592f5ed577c568f64b
parent 5513 750e217e52d9d3ee011d0d74f7c88f74b5cef83e
child 5518 ea6bdd7f41d7952300f5d9f1df0d7153a5b4dc6d
push idunknown
push userunknown
push dateunknown
reviewersneil.williams
bugs284191
Correctly print cert request attributes in pp. Bug 284191. r=neil.williams
security/nss/cmd/lib/secutil.c
security/nss/cmd/lib/secutil.h
--- a/security/nss/cmd/lib/secutil.c
+++ b/security/nss/cmd/lib/secutil.c
@@ -1366,41 +1366,42 @@ secu_PrintValidity(FILE *out, CERTValidi
 {
     SECU_Indent(out, level);  fprintf(out, "%s:\n", m);
     SECU_PrintTimeChoice(out, &v->notBefore, "Not Before", level+1);
     SECU_PrintTimeChoice(out, &v->notAfter,  "Not After ", level+1);
     return 0;
 }
 
 /* This function does NOT expect a DER type and length. */
-void
+SECOidTag
 SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level)
 {
     SECOidData *oiddata;
     char *      oidString = NULL;
     
     oiddata = SECOID_FindOID(oid);
     if (oiddata != NULL) {
 	const char *name = oiddata->desc;
 	SECU_Indent(out, level);
 	if (m != NULL)
 	    fprintf(out, "%s: ", m);
 	fprintf(out, "%s\n", name);
-	return;
+	return oiddata->offset;
     } 
     oidString = CERT_GetOidString(oid);
     if (oidString) {
 	SECU_Indent(out, level);
 	if (m != NULL)
 	    fprintf(out, "%s: ", m);
 	fprintf(out, "%s\n", oidString);
 	PR_smprintf_free(oidString);
-	return;
+	return SEC_OID_UNKNOWN;
     }
     SECU_PrintAsHex(out, oid, m, level);
+    return SEC_OID_UNKNOWN;
 }
 
 
 /* This function does NOT expect a DER type and length. */
 void
 SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m, int level)
 {
     SECU_PrintObjectID(out, &a->algorithm, m, level);
@@ -1975,89 +1976,91 @@ secu_PrintAuthorityInfoAcess(FILE *out, 
 
 void
 SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
 		     char *msg, int level)
 {
     SECOidTag oidTag;
     
     if ( extensions ) {
-	SECU_Indent(out, level); fprintf(out, "%s:\n", msg);
+	if (msg && *msg) {
+	    SECU_Indent(out, level++); fprintf(out, "%s:\n", msg);
+	}
 	
 	while ( *extensions ) {
 	    SECItem *tmpitem;
 
 	    tmpitem = &(*extensions)->id;
-	    SECU_PrintObjectID(out, tmpitem, "Name", level+1);
+	    SECU_PrintObjectID(out, tmpitem, "Name", level);
 
 	    tmpitem = &(*extensions)->critical;
 	    if ( tmpitem->len ) {
-		secu_PrintBoolean(out, tmpitem, "Critical", level+1);
+		secu_PrintBoolean(out, tmpitem, "Critical", level);
 	    }
 
 	    oidTag = SECOID_FindOIDTag (&((*extensions)->id));
 	    tmpitem = &((*extensions)->value);
 
 	    switch (oidTag) {
 	      	case SEC_OID_X509_INVALID_DATE:
 		case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME:
-		   secu_PrintX509InvalidDate(out, tmpitem, "Date", level + 1);
+		   secu_PrintX509InvalidDate(out, tmpitem, "Date", level );
 		   break;
 		case SEC_OID_X509_CERTIFICATE_POLICIES:
-		   SECU_PrintPolicy(out, tmpitem, "Data", level +1);
+		   SECU_PrintPolicy(out, tmpitem, "Data", level );
 		   break;
 		case SEC_OID_NS_CERT_EXT_BASE_URL:
 		case SEC_OID_NS_CERT_EXT_REVOCATION_URL:
 		case SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL:
 		case SEC_OID_NS_CERT_EXT_CA_CRL_URL:
 		case SEC_OID_NS_CERT_EXT_CA_CERT_URL:
 		case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL:
 		case SEC_OID_NS_CERT_EXT_CA_POLICY_URL:
 		case SEC_OID_NS_CERT_EXT_HOMEPAGE_URL:
 		case SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL:
 		case SEC_OID_OCSP_RESPONDER:
-		    SECU_PrintString(out,tmpitem, "URL", level+1);
+		    SECU_PrintString(out,tmpitem, "URL", level);
 		    break;
 		case SEC_OID_NS_CERT_EXT_COMMENT:
-		    SECU_PrintString(out,tmpitem, "Comment", level+1);
+		    SECU_PrintString(out,tmpitem, "Comment", level);
 		    break;
 		case SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME:
-		    SECU_PrintString(out,tmpitem, "ServerName", level+1);
+		    SECU_PrintString(out,tmpitem, "ServerName", level);
 		    break;
 		case SEC_OID_NS_CERT_EXT_CERT_TYPE:
-		    secu_PrintNSCertType(out,tmpitem,"Data",level+1);
+		    secu_PrintNSCertType(out,tmpitem,"Data",level);
 		    break;
 		case SEC_OID_X509_BASIC_CONSTRAINTS:
-		    secu_PrintBasicConstraints(out,tmpitem,"Data",level+1);
+		    secu_PrintBasicConstraints(out,tmpitem,"Data",level);
 		    break;
 		case SEC_OID_X509_EXT_KEY_USAGE:
-		    PrintExtKeyUsageExtension(out, tmpitem, NULL, level+1);
+		    PrintExtKeyUsageExtension(out, tmpitem, NULL, level);
 		    break;
 		case SEC_OID_X509_KEY_USAGE:
-		    secu_PrintX509KeyUsage(out, tmpitem, NULL, level + 1);
+		    secu_PrintX509KeyUsage(out, tmpitem, NULL, level );
 		    break;
 		case SEC_OID_X509_AUTH_KEY_ID:
-		    secu_PrintAuthKeyIDExtension(out, tmpitem, NULL, level + 1);
+		    secu_PrintAuthKeyIDExtension(out, tmpitem, NULL, level );
 		    break;
 		case SEC_OID_X509_SUBJECT_ALT_NAME:
 		case SEC_OID_X509_ISSUER_ALT_NAME:
-		    secu_PrintAltNameExtension(out, tmpitem, NULL, level + 1);
+		    secu_PrintAltNameExtension(out, tmpitem, NULL, level );
 		    break;
 		case SEC_OID_X509_CRL_DIST_POINTS:
-		    secu_PrintCRLDistPtsExtension(out, tmpitem, NULL, level + 1);
+		    secu_PrintCRLDistPtsExtension(out, tmpitem, NULL, level );
 		    break;
 		case SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD:
 		    SECU_PrintPrivKeyUsagePeriodExtension(out, tmpitem, NULL, 
-							level +1);
+							level );
 		    break;
 		case SEC_OID_X509_NAME_CONSTRAINTS:
-		    secu_PrintNameConstraintsExtension(out, tmpitem, NULL, level+1);
+		    secu_PrintNameConstraintsExtension(out, tmpitem, NULL, level);
 		    break;
 		case SEC_OID_X509_AUTH_INFO_ACCESS:
-		    secu_PrintAuthorityInfoAcess(out, tmpitem, NULL, level+1);
+		    secu_PrintAuthorityInfoAcess(out, tmpitem, NULL, level);
 		    break;
 
 		case SEC_OID_X509_CRL_NUMBER:
 		case SEC_OID_X509_REASON_CODE:
 
 		/* PKIX OIDs */
 		case SEC_OID_PKIX_OCSP:
 		case SEC_OID_PKIX_OCSP_BASIC_RESPONSE:
@@ -2086,17 +2089,17 @@ SECU_PrintExtensions(FILE *out, CERTCert
 		/* x.509 v3 Extensions */
 		case SEC_OID_X509_SUBJECT_DIRECTORY_ATTR:
 		case SEC_OID_X509_SUBJECT_KEY_ID:
 		case SEC_OID_X509_POLICY_MAPPINGS:
 		case SEC_OID_X509_POLICY_CONSTRAINTS:
 
 
 	        default:
-		    SECU_PrintAny(out, tmpitem, "Data", level+1);
+		    SECU_PrintAny(out, tmpitem, "Data", level);
 		break;
 	    }
 
 	    secu_Newline(out);
 	    extensions++;
 	}
     }
 }
@@ -2188,16 +2191,91 @@ SECU_PrintCertNickname(CERTCertListNode 
     } else {
         PORT_Memcpy(trusts,",,",3);
     }
     fprintf(out, "%-60s %-5s\n", name, trusts);
 
     return (SECSuccess);
 }
 
+int
+SECU_DecodeAndPrintExtensions(FILE *out, SECItem *any, char *m, int level)
+{
+    CERTCertExtension **extensions = NULL;
+    PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    int rv = 0;
+
+    if (!arena) 
+	return SEC_ERROR_NO_MEMORY;
+
+    rv = SEC_QuickDERDecodeItem(arena, &extensions, 
+		   SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate), any);
+    if (!rv)
+	SECU_PrintExtensions(out, extensions, m, level);
+    else 
+    	SECU_PrintAny(out, any, m, level);
+    PORT_FreeArena(arena, PR_FALSE);
+    return rv;
+}
+
+/* print a decoded SET OF or SEQUENCE OF Extensions */
+int
+SECU_PrintSetOfExtensions(FILE *out, SECItem **any, char *m, int level)
+{
+    int rv = 0;
+    if (m && *m) {
+	SECU_Indent(out, level++); fprintf(out, "%s:\n", m);
+    }
+    while (any && any[0]) {
+    	rv |= SECU_DecodeAndPrintExtensions(out, any[0], "", level);
+	any++;
+    }
+    return rv;
+}
+
+/* print a decoded SET OF or SEQUENCE OF "ANY" */
+int
+SECU_PrintSetOfAny(FILE *out, SECItem **any, char *m, int level)
+{
+    int rv = 0;
+    if (m && *m) {
+	SECU_Indent(out, level++); fprintf(out, "%s:\n", m);
+    }
+    while (any && any[0]) {
+    	SECU_PrintAny(out, any[0], "", level);
+	any++;
+    }
+    return rv;
+}
+
+int
+SECU_PrintCertAttribute(FILE *out, CERTAttribute *attr, char *m, int level)
+{
+    int rv = 0;
+    SECOidTag tag;
+    tag = SECU_PrintObjectID(out, &attr->attrType, "Attribute Type", level);
+    if (tag == SEC_OID_PKCS9_EXTENSION_REQUEST) {
+	rv = SECU_PrintSetOfExtensions(out, attr->attrValue, "Extensions", level);
+    } else {
+	rv = SECU_PrintSetOfAny(out, attr->attrValue, "Attribute Values", level);
+    }
+    return rv;
+}
+
+int
+SECU_PrintCertAttributes(FILE *out, CERTAttribute **attrs, char *m, int level)
+{
+    int rv = 0;
+    while (attrs[0]) {
+	rv |= SECU_PrintCertAttribute(out, attrs[0], m, level+1);
+    	attrs++;
+    }
+    return rv;
+}
+
 int  /* sometimes a PRErrorCode, other times a SECStatus.  Sigh. */
 SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, int level)
 {
     PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     CERTCertificateRequest *cr;
     int rv = SEC_ERROR_NO_MEMORY;
 
     if (!arena) 
@@ -2215,17 +2293,17 @@ SECU_PrintCertificateRequest(FILE *out, 
 
     /* Pretty print it out */
     SECU_Indent(out, level); fprintf(out, "%s:\n", m);
     SECU_PrintInteger(out, &cr->version, "Version", level+1);
     SECU_PrintName(out, &cr->subject, "Subject", level+1);
     secu_PrintSubjectPublicKeyInfo(out, arena, &cr->subjectPublicKeyInfo,
 			      "Subject Public Key Info", level+1);
     if (cr->attributes)
-	SECU_PrintAny(out, cr->attributes[0], "Attributes", level+1);
+	SECU_PrintCertAttributes(out, cr->attributes, "Attributes", level+1);
     rv = 0;
 loser:
     PORT_FreeArena(arena, PR_FALSE);
     return rv;
 }
 
 int
 SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level)
--- a/security/nss/cmd/lib/secutil.h
+++ b/security/nss/cmd/lib/secutil.h
@@ -181,17 +181,17 @@ SECU_ReadDERFromFile(SECItem *der, PRFil
 
 /* Indent based on "level" */
 extern void SECU_Indent(FILE *out, int level);
 
 /* Print integer value and hex */
 extern void SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level);
 
 /* Print ObjectIdentifier symbolically */
-extern void SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level);
+extern SECOidTag SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level);
 
 /* Print AlgorithmIdentifier symbolically */
 extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m,
 				  int level);
 
 /* Print SECItem as hex */
 extern void SECU_PrintAsHex(FILE *out, SECItem *i, const char *m, int level);