Search completed in 1.06 seconds.
Enc Dec MAC Using Key Wrap CertReq PKCS10 CSR
this may take a few moments...\n\n"); privkey = pk11_generatekeypair(slot, mechanism, params, pubkeyp, pr_true /*isperm*/, pr_true /*issensitive*/, pwdata); cleanup: return privkey; } /* * get the certificate request from csr */ static
certcertificaterequest * getcertrequest(char *infilename, prbool ascii) { certsigneddata signeddata; secitem reqder;
certcertificaterequest *certreq = null; secstatus rv = secsuccess; prarenapool *arena = null; reqder.data = null; arena = port_newarena(der_default_chunksize); if (arena == null) { rv = secfailure; goto cle...
...anup; } rv = readderfromfile(&reqder, infilename, ascii); if (rv) { rv = secfailure; goto cleanup; } certreq = (
certcertificaterequest*) port_arenazalloc (arena, sizeof(
certcertificaterequest)); if (!certreq) { rv = secfailure; goto cleanup; } certreq->arena = arena; /* since cert request is a signed data, must decode to get the inner data */ port_memset(&signeddata, 0, sizeof(signeddata)); rv = sec_asn1decodeitem(arena, &signeddata, sec_asn1_get(cert_signeddatatemplate), &reqder); if (rv) { rv = secfailure; goto cleanup; } rv = sec_asn1decodeitem(arena, certreq, sec_asn1_get(cert_certificaterequesttemplate), ...
...info, null /* wincx */); if (reqder.data) { secitem_freeitem(&reqder, pr_false); } cleanup: if (rv) { pr_fprintf(pr_stderr, "bad certificate request\n"); if (arena) { port_freearena(arena, pr_false); } certreq = null; } return certreq; } /* * sign cert */ static secitem * signcert(certcertdbhandle *handle,
certcertificate *cert, prbool selfsign, secoidtag hashalgtag, seckeyprivatekey *privkey, char *issuernickname, void *pwarg) { secitem der; secstatus rv; secoidtag algid; void *dummy; prarenapool *arena = null; secitem *result = null; seckeyprivatekey *caprivatekey = null; if (!selfsign) {
certcertificate *issuer = pk...
...And 14 more matches
sample2
this may take a few moments...\n\n"); privkey = pk11_generatekeypair(slot, mechanism, params, pubkeyp, pr_true /*isperm*/, pr_true /*issensitive*/, pwdata); cleanup: return privkey; } /* * get the certificate request from csr */ static
certcertificaterequest * getcertrequest(char *infilename, prbool ascii) { certsigneddata signeddata; secitem reqder;
certcertificaterequest *certreq = null; secstatus rv = secsuccess; prarenapool *arena = null; reqder.data = null; arena = port_newarena(der_default_chunksize); if (arena == null) { rv = secfailure; goto cleanup; } rv = readderfromfile(&reqder, infilename, ascii); if (rv) { rv = secfailure; goto cl...
...eanup; } certreq = (
certcertificaterequest*) port_arenazalloc (arena, sizeof(
certcertificaterequest)); if (!certreq) { rv = secfailure; goto cleanup; } certreq->arena = arena; /* since cert request is a signed data, must decode to get the inner data */ port_memset(&signeddata, 0, sizeof(signeddata)); rv = sec_asn1decodeitem(arena, &signeddata, sec_asn1_get(cert_signeddatatemplate), &reqder); if (rv) { rv = secfailure; goto cleanup; } rv = sec_asn1decodeitem(arena, certreq, sec_asn1_get(cert_certificaterequesttemplate), &signeddata.data); if (rv) { rv = secfailure; goto cleanup; } rv = cert_verifysigneddatawithpublickeyinfo(&signeddata, &certreq->subjectpublickeyinfo, null /* wincx */); if (reqder.data) { secitem_freeitem(&reqder, pr_false); } cleanup: if (rv) { pr_fprintf(pr_stderr, "bad certificate requ...
...est\n"); if (arena) { port_freearena(arena, pr_false); } certreq = null; } return certreq; } /* * sign cert */ static secitem * signcert(certcertdbhandle *handle,
certcertificate *cert, prbool selfsign, secoidtag hashalgtag, seckeyprivatekey *privkey, char *issuernickname, void *pwarg) { secitem der; secstatus rv; secoidtag algid; void *dummy; prarenapool *arena = null; secitem *result = null; seckeyprivatekey *caprivatekey = null; if (!selfsign) {
certcertificate *issuer = pk11_findcertfromnickname(issuernickname, pwarg); if ((
certcertificate *)null == issuer) { pr_fprintf(pr_stderr, "unable to find issuer with nickname %s\n", issuernickname); goto cleanup; } privkey = caprivatekey = pk11_findkeybyanycert(issuer, pwarg); cert_destroycertificate(issuer); if (caprivatekey == null) { pr_fprintf(pr_stderr, ...
...And 12 more matches
sslcrt.html
syntax #include <cert.h> secstatus cert_verifycertnow( certcertdbhandle *handle,
certcertificate *cert, prbool checksig, seccertusage certusage, void *wincx); parameters this function has the following parameters: handle a pointer to the certificate database handle.
... syntax #include <cert.h> secstatus cert_verifycertname(
certcertificate *cert, char *hostname); parameters this function has the following parameters: cert a pointer to the certificate against which to check the hostname referenced by hostname.
... syntax #include <cert.h> #include <certt.h> seccerttimevalidity cert_checkcertvalidtimes(
certcertificate *cert, int64 t); parameters this function has the following parameters: cert a pointer to the certificate whose validity period you want to check against.
...And 7 more matches
nss tech note4
include these files #include "ssl.h" #include "cert.h" get the handle of the cert associated with an ssl connection
certcertificate* cert = ssl_peercertificate(prfiledesc *fd); if ssl client, this will get you the server's cert handle; if ssl server, this will get you the client's cert handle if client auth is enabled
certcertificate* cert = ssl_localcertificate(prfiledesc *fd); if ssl client, this will get you the client cert's handle, if client aut...
...h happened if ssl server, this will get you the server's cert handle don't forget to clean up the cert handle when you're done with it void cert_destroycertificate(
certcertificate *cert); some info is readily available cert->subjectname (char*) cert->issuername (char*) cert->emailaddr (char*) or char *cert_getcertificateemailaddress(
certcertificate *cert); cert->keyusage (unsigned int) to break the issuer and subject names into components pass &(cert->issuer) or &(cert->subject) to the following functions char *cert_getcommonname(certname *name); char *cert_getcertemailaddress(certname *name); char *cert_getcountryname(certname *name); char *cert_getlocalit...
... <=4, then int value = der_getinteger(item); interpreting a secitem value as a string use string copy functions to copy item->len bytes from item->data and null terminate explicitly some higher level extension functions get a specific extension from the list of extensions, given the extension tag secstatus cert_findcertextension (
certcertificate *cert, int tag, secitem *value); get a specific extension from the issuer's cert secstatus cert_findissuercertextension (
certcertificate *cert, int tag, secitem *value); get the value of an extension with the given oid secstatus cert_findcertextensionbyoid (
certcertificate *cert, secitem *oid, secitem *value); get the decoded value ...
...And 3 more matches
sslfnc.html
syntax #include "ssl.h" secstatus ssl_configsecureserver( prfiledesc *fd,
certcertificate *cert, seckeyprivatekey *key, sslkeatype keatype); parameters this function has the following parameters: fd a pointer to the file descriptor for the ssl listen socket.
... the callback function has the following prototype: typedef secstatus (*sslgetclientauthdata)( void *arg, prfiledesc *fd, certdistnames *canames,
certcertificate **pretcert, seckeyprivatekey **pretkey); this callback function has the following parameters: arg the arg parameter passed to ssl_getclientauthdatahook.
... syntax #include "ssl.h" secstatus nss_getclientauthdata( void * arg, prfiledesc *socket, struct certdistnamesstr *canames, struct
certcertificatestr **pretcert, struct seckeyprivatekeystr **pretkey); parameters this function has the following parameters: arg the arg parameter passed to ssl_getclientauthdatahook, which should be a pointer to a null-terminated string containing the nickname of the certificate and key pair to use.
... syntax #include "ssl.h"
certcertificate *ssl_peercertificate(prfiledesc *fd); parameter this function has the following parameter: fd a pointer to the file descriptor for the ssl socket.
ssltyp.html
types and structures managing secitem memory types and structures these types and structures are described here: certcertdbhandle
certcertificate pk11slotinfo secitem seckeyprivatekey secstatus additional types used by a single function only are described with the function's entry in each chapter.
...<a name="> many of the structures presented here (certcertdbhandle,
certcertificate, pk11slotinfo, and seckeyprivatekey) are opaque--that is, they are types defined as structures (for example, certcertdbhandlestr) that may change in future releases of network security services.
... syntax #include <certt.h> typedef struct certcertdbhandlestr certcertdbhandle;
certcertificate an opaque x.509 certificate object.
... syntax #include <certt.h> typedef struct
certcertificatestr
certcertificate; description certificate structures are shared objects.
Enc Dec MAC Output Public Key as CSR
eypair(slot, mechanism, params, pubkeyp, pr_true /*isperm*/, pr_true /*issensitive*/, pwdata); cleanup: return privkey; } /* * extract the public key request from csr */ seckeypublickey * extractpublickeyfromcertrequest(const char *infilename, prbool ascii) { certsigneddata signeddata; secitem reqder;
certcertificaterequest *certreq = null; secstatus rv = secsuccess; prarenapool *arena = null; seckeypublickey *publickey = null; arena = port_newarena(der_default_chunksize); if (arena == null) { rv = secfailure; goto cleanup; } rv = readderfromfile(&reqder, infilename, ascii); if (rv) { rv = secfailure; goto c...
...leanup; } certreq = (
certcertificaterequest*) port_arenazalloc (arena, sizeof(
certcertificaterequest)); if (!certreq) { rv = secfailure; goto cleanup; } certreq->arena = arena; /* since cert request is a signed data, must decode to get the inner data */ port_memset(&signeddata, 0, sizeof(signeddata)); rv = sec_asn1decodeitem(arena, &signeddata, sec_asn1_get(cert_signeddatatemplate), &reqder); if (rv) { rv = secfailure; goto cleanup; } rv = sec_asn1decodeitem(arena, certreq, sec_asn1_get(cert_certificaterequesttemplate), &signeddata.data); if (rv) { rv = secfailure; goto cleanup; } rv = cert_verifysigneddatawithpublickeyi...
..._id); privkey = pk11_findkeybykeyid(slot, cka_id, pwdata); cleanup: return privkey; } /* * generate the certificate request with subject */ static secstatus certreq(seckeyprivatekey *privk, seckeypublickey *pubk, keytype keytype, secoidtag hashalgtag, certname *subject, prbool ascii, const char *certreqfilename) { certsubjectpublickeyinfo *spki = null;
certcertificaterequest *cr = null; secitem *encoding = null; secoidtag signalgtag; secitem result; secstatus rv = secsuccess; print32 numbytes; void *exthandle; prarenapool *arena = null; prfiledesc *outfile ...
CERT_FindCertByDERCert
syntax #include <cert.h>
certcertificate *cert_findcertbydercert( certcertdbhandle *handle, secitem *dercert ); parameters handle in pointer to a certcertdbhandle representing the certificate database to look in dercert in pointer to an secitem whose type must be sidercertbuffer and whose data contains a der-encoded certificate description this function looks in the ?nsscryptocontext?
... returns a pointer to a
certcertificate representing the certificate in the database that matched the dercert, or null if none was found.
CERT_FindCertByIssuerAndSN
syntax #include <cert.h>
certcertificate *cert_findcertbyissuerandsn ( certcertdbhandle *handle, certissuerandsn *issuerandsn ); parameters handle in pointer to a certcertdbhandle representing the certificate database to look in issuerandsn in pointer to a certissuerandsn that must be properly formed to contain the issuer name and the serial number (see [example]) description this function creates a certificate key using the issuerandsn and it then uses the key to find the matching certificate in the database.
... returns a pointer to a
certcertificate representing the certificate in the database that matched the issuer and serial number, or null if none was found.
NSS 3.44 release notes
new in nss 3.44 new functionality new functions in lib/certdb/cert.h cert_getcertificateder - access the der-encoded form of a
certcertificate.
... bugs fixed in nss 3.44 1501542 - implement checkarmsupport for android 1531244 - use __builtin_bswap64 in crypto_primitives.h 1533216 - cert_decodecertpackage() crash with netscape certificate sequences 1533616 - sdb_getattributevaluenolock should make at most one sql query, rather than one for each attribute 1531236 - provide accessor for
certcertificate.dercert 1536734 - lib/freebl/crypto_primitives.c assumes a big endian machine 1532384 - in nss test certificates, use @example.com (not @bogus.com) 1538479 - post-handshake messages after async server authentication break when using record layer separation 1521578 - x25519 support in pk11pars.c 1540205 - freebl build fails with -dnss_disable_chachapoly 1532312 - post-handshake auth doesn't ...
NSS PKCS11 Functions
syntax #include <pk11pub.h> #include <certt.h>
certcertificate *pk11_findcertfromnickname( char *nickname, void *passwordarg); parameters this function has the following parameters: nickname a pointer to the nickname in the certificate database or to the nickname in the token.
...syntax #include <pk11pub.h> #include <certt.h> #include <keyt.h> seckeyprivatekey *pk11_findkeybyanycert(
certcertificate *cert, void *passwordarg); parameters this function has the following parameters: cert a pointer to a certificate structure in the certificate database.
pkfnc.html
syntax #include <pk11func.h> #include <certt.h>
certcertificate *pk11_findcertfromnickname( char *nickname, void *wincx); parameters this function has the following parameters: nickname a pointer to the nickname in the certificate database or to the nickname in the token.
... syntax #include <pk11func.h> #include <certt.h> #include <keyt.h> seckeyprivatekey *pk11_findkeybyanycert(
certcertificate *cert, void *wincx); parameters this function has the following parameters: cert a pointer to a certificate structure in the certificate database.
Function_Name
returns full description of the return value, for example: a pointer to a
certcertificate representing the certificate in the database that matched the dercert, or null if none was found.
NSS CERTVerify Log
*/ struct certverifylognodestr {
certcertificate *cert; /* what cert had the error */ long error; /* what error was it?
NSS Sample Code sample4
* in a real app, this function should obtain the password using secure means * such as prompting an operator, or retrieving it over a secure communication * channel */ char *passwdcb(pk11slotinfo *info, prbool retry, void *arg); int main(int argc, char **argv) { secstatus rv;
certcertificate *cert = null; seckeypublickey *pubkey = null; seckeyprivatekey *pvtkey = null; int modulus_len, i, outlen; char *buf1 = null; char *buf2 = null; /* initialize nss */ pk11_setpasswordfunc(passwdcb); rv = nss_init("."); if (rv != secsuccess) { fprintf(stderr, "nss initialization failed (err %d)\n", pr_geterror()); ...