OLD | NEW |
1 /* ***** BEGIN LICENSE BLOCK ***** | 1 /* ***** BEGIN LICENSE BLOCK ***** |
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
3 * | 3 * |
4 * The contents of this file are subject to the Mozilla Public License Version | 4 * The contents of this file are subject to the Mozilla Public License Version |
5 * 1.1 (the "License"); you may not use this file except in compliance with | 5 * 1.1 (the "License"); you may not use this file except in compliance with |
6 * the License. You may obtain a copy of the License at | 6 * the License. You may obtain a copy of the License at |
7 * http://www.mozilla.org/MPL/ | 7 * http://www.mozilla.org/MPL/ |
8 * | 8 * |
9 * Software distributed under the License is distributed on an "AS IS" basis, | 9 * Software distributed under the License is distributed on an "AS IS" basis, |
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License | 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License |
(...skipping 24 matching lines...) Expand all Loading... |
35 * ***** END LICENSE BLOCK ***** */ | 35 * ***** END LICENSE BLOCK ***** */ |
36 | 36 |
37 #include "plarena.h" | 37 #include "plarena.h" |
38 #include "seccomon.h" | 38 #include "seccomon.h" |
39 #include "secitem.h" | 39 #include "secitem.h" |
40 #include "secoidt.h" | 40 #include "secoidt.h" |
41 #include "secasn1.h" | 41 #include "secasn1.h" |
42 #include "secder.h" | 42 #include "secder.h" |
43 #include "certt.h" | 43 #include "certt.h" |
44 #include "cert.h" | 44 #include "cert.h" |
| 45 #include "certi.h" |
45 #include "xconst.h" | 46 #include "xconst.h" |
46 #include "secerr.h" | 47 #include "secerr.h" |
47 #include "secoid.h" | 48 #include "secoid.h" |
48 #include "prprf.h" | 49 #include "prprf.h" |
49 #include "genname.h" | 50 #include "genname.h" |
50 | 51 |
51 SEC_ASN1_MKSUB(SEC_AnyTemplate) | 52 SEC_ASN1_MKSUB(SEC_AnyTemplate) |
52 SEC_ASN1_MKSUB(SEC_IntegerTemplate) | 53 SEC_ASN1_MKSUB(SEC_IntegerTemplate) |
53 SEC_ASN1_MKSUB(SEC_IA5StringTemplate) | 54 SEC_ASN1_MKSUB(SEC_IA5StringTemplate) |
54 SEC_ASN1_MKSUB(SEC_ObjectIDTemplate) | 55 SEC_ASN1_MKSUB(SEC_ObjectIDTemplate) |
(...skipping 1020 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1075 /* combine new names with old one. */ | 1076 /* combine new names with old one. */ |
1076 name = cert_CombineNamesLists(name, nameList); | 1077 name = cert_CombineNamesLists(name, nameList); |
1077 /* TODO: unmark arena */ | 1078 /* TODO: unmark arena */ |
1078 return SECSuccess; | 1079 return SECSuccess; |
1079 | 1080 |
1080 loser: | 1081 loser: |
1081 /* TODO: release arena back to mark */ | 1082 /* TODO: release arena back to mark */ |
1082 return SECFailure; | 1083 return SECFailure; |
1083 } | 1084 } |
1084 | 1085 |
| 1086 /* Extract all names except Subject Common Name from a cert |
| 1087 ** in preparation for a name constraints test. |
| 1088 */ |
| 1089 CERTGeneralName * |
| 1090 CERT_GetCertificateNames(CERTCertificate *cert, PRArenaPool *arena) |
| 1091 { |
| 1092 return CERT_GetConstrainedCertificateNames(cert, arena, PR_FALSE); |
| 1093 } |
| 1094 |
1085 /* This function is called by CERT_VerifyCertChain to extract all | 1095 /* This function is called by CERT_VerifyCertChain to extract all |
1086 ** names from a cert in preparation for a name constraints test. | 1096 ** names from a cert in preparation for a name constraints test. |
1087 */ | 1097 */ |
1088 CERTGeneralName * | 1098 CERTGeneralName * |
1089 CERT_GetCertificateNames(CERTCertificate *cert, PRArenaPool *arena) | 1099 CERT_GetConstrainedCertificateNames(CERTCertificate *cert, PRArenaPool *arena, |
| 1100 PRBool includeSubjectCommonName) |
1090 { | 1101 { |
1091 CERTGeneralName *DN; | 1102 CERTGeneralName *DN; |
1092 CERTGeneralName *altName = NULL; | 1103 CERTGeneralName *SAN; |
1093 SECItem altNameExtension = {siBuffer, NULL, 0 }; | 1104 PRUint32 numDNSNames = 0; |
1094 SECStatus rv; | 1105 SECStatus rv; |
1095 | 1106 |
| 1107 if (!arena) { |
| 1108 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
| 1109 return NULL; |
| 1110 } |
1096 /* TODO: mark arena */ | 1111 /* TODO: mark arena */ |
1097 DN = CERT_NewGeneralName(arena, certDirectoryName); | 1112 DN = CERT_NewGeneralName(arena, certDirectoryName); |
1098 if (DN == NULL) { | 1113 if (DN == NULL) { |
1099 goto loser; | 1114 goto loser; |
1100 } | 1115 } |
1101 rv = CERT_CopyName(arena, &DN->name.directoryName, &cert->subject); | 1116 rv = CERT_CopyName(arena, &DN->name.directoryName, &cert->subject); |
1102 if (rv != SECSuccess) { | 1117 if (rv != SECSuccess) { |
1103 goto loser; | 1118 goto loser; |
1104 } | 1119 } |
1105 rv = SECITEM_CopyItem(arena, &DN->derDirectoryName, &cert->derSubject); | 1120 rv = SECITEM_CopyItem(arena, &DN->derDirectoryName, &cert->derSubject); |
1106 if (rv != SECSuccess) { | 1121 if (rv != SECSuccess) { |
1107 goto loser; | 1122 goto loser; |
1108 } | 1123 } |
1109 /* Extract email addresses from DN, construct CERTGeneralName structs | 1124 /* Extract email addresses from DN, construct CERTGeneralName structs |
1110 ** for them, add them to the name list | 1125 ** for them, add them to the name list |
1111 */ | 1126 */ |
1112 rv = cert_ExtractDNEmailAddrs(DN, arena); | 1127 rv = cert_ExtractDNEmailAddrs(DN, arena); |
1113 if (rv != SECSuccess) | 1128 if (rv != SECSuccess) |
1114 goto loser; | 1129 goto loser; |
1115 | 1130 |
1116 /* Now extract any GeneralNames from the subject name names extension. */ | 1131 /* Now extract any GeneralNames from the subject name names extension. */ |
1117 rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME, | 1132 SAN = cert_GetSubjectAltNameList(cert, arena); |
1118 » » » » &altNameExtension); | 1133 if (SAN) { |
| 1134 » numDNSNames = cert_CountDNSPatterns(SAN); |
| 1135 » DN = cert_CombineNamesLists(DN, SAN); |
| 1136 } |
| 1137 if (!numDNSNames && includeSubjectCommonName) { |
| 1138 » char *cn = CERT_GetCommonName(&cert->subject); |
| 1139 » if (cn) { |
| 1140 » CERTGeneralName *CN = CERT_NewGeneralName(arena, certDNSName); |
| 1141 » if (CN) { |
| 1142 » » SECItem cnItem = {siBuffer, NULL, 0}; |
| 1143 » » cnItem.data = (unsigned char *)cn; |
| 1144 » » cnItem.len = strlen(cn); |
| 1145 » » rv = SECITEM_CopyItem(arena, &CN->name.other, &cnItem); |
| 1146 » » if (rv == SECSuccess) { |
| 1147 » » DN = cert_CombineNamesLists(DN, CN); |
| 1148 » } |
| 1149 » } |
| 1150 » PORT_Free(cn); |
| 1151 » } |
| 1152 } |
1119 if (rv == SECSuccess) { | 1153 if (rv == SECSuccess) { |
1120 » altName = CERT_DecodeAltNameExtension(arena, &altNameExtension); | 1154 » /* TODO: unmark arena */ |
1121 » rv = altName ? SECSuccess : SECFailure; | 1155 » return DN; |
1122 } | 1156 } |
1123 if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) | |
1124 rv = SECSuccess; | |
1125 if (altNameExtension.data) | |
1126 SECITEM_FreeItem(&altNameExtension, PR_FALSE); | |
1127 if (rv != SECSuccess) | |
1128 goto loser; | |
1129 DN = cert_CombineNamesLists(DN, altName); | |
1130 | |
1131 /* TODO: unmark arena */ | |
1132 return DN; | |
1133 loser: | 1157 loser: |
1134 /* TODO: release arena to mark */ | 1158 /* TODO: release arena to mark */ |
1135 return NULL; | 1159 return NULL; |
1136 } | 1160 } |
1137 | 1161 |
1138 /* Returns SECSuccess if name matches constraint per RFC 3280 rules for | 1162 /* Returns SECSuccess if name matches constraint per RFC 3280 rules for |
1139 ** URI name constraints. SECFailure otherwise. | 1163 ** URI name constraints. SECFailure otherwise. |
1140 ** If the constraint begins with a dot, it is a domain name, otherwise | 1164 ** If the constraint begins with a dot, it is a domain name, otherwise |
1141 ** It is a host name. Examples: | 1165 ** It is a host name. Examples: |
1142 ** Constraint Name Result | 1166 ** Constraint Name Result |
(...skipping 822 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1965 break; | 1989 break; |
1966 } | 1990 } |
1967 list->name = cert_CombineNamesLists(list->name, name); | 1991 list->name = cert_CombineNamesLists(list->name, name); |
1968 list->len++; | 1992 list->len++; |
1969 done: | 1993 done: |
1970 PZ_Unlock(list->lock); | 1994 PZ_Unlock(list->lock); |
1971 } | 1995 } |
1972 return; | 1996 return; |
1973 } | 1997 } |
1974 #endif | 1998 #endif |
OLD | NEW |