| OLD | NEW |
| (Empty) |
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 4 | |
| 5 /* | |
| 6 * Support for various policy related extensions | |
| 7 * | |
| 8 * $Id: polcyxtn.c,v 1.14 2012/04/25 14:49:27 gerv%gerv.net Exp $ | |
| 9 */ | |
| 10 | |
| 11 #include "seccomon.h" | |
| 12 #include "secport.h" | |
| 13 #include "secder.h" | |
| 14 #include "cert.h" | |
| 15 #include "secoid.h" | |
| 16 #include "secasn1.h" | |
| 17 #include "secerr.h" | |
| 18 #include "nspr.h" | |
| 19 | |
| 20 SEC_ASN1_MKSUB(SEC_IntegerTemplate) | |
| 21 SEC_ASN1_MKSUB(SEC_ObjectIDTemplate) | |
| 22 | |
| 23 const SEC_ASN1Template CERT_DisplayTextTypeTemplate[] = { | |
| 24 { SEC_ASN1_CHOICE, offsetof(SECItem, type), 0, sizeof(SECItem) }, | |
| 25 { SEC_ASN1_IA5_STRING, 0, 0, siAsciiString}, | |
| 26 { SEC_ASN1_VISIBLE_STRING , 0, 0, siVisibleString}, | |
| 27 { SEC_ASN1_BMP_STRING , 0, 0, siBMPString }, | |
| 28 { SEC_ASN1_UTF8_STRING , 0, 0, siUTF8String }, | |
| 29 { 0 } | |
| 30 }; | |
| 31 | |
| 32 const SEC_ASN1Template CERT_NoticeReferenceTemplate[] = { | |
| 33 { SEC_ASN1_SEQUENCE, | |
| 34 0, NULL, sizeof(CERTNoticeReference) }, | |
| 35 { SEC_ASN1_INLINE, | |
| 36 offsetof(CERTNoticeReference, organization), | |
| 37 CERT_DisplayTextTypeTemplate, 0 }, | |
| 38 { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, | |
| 39 offsetof(CERTNoticeReference, noticeNumbers), | |
| 40 SEC_ASN1_SUB(SEC_IntegerTemplate) }, | |
| 41 { 0 } | |
| 42 }; | |
| 43 | |
| 44 const SEC_ASN1Template CERT_UserNoticeTemplate[] = { | |
| 45 { SEC_ASN1_SEQUENCE, | |
| 46 0, NULL, sizeof(CERTUserNotice) }, | |
| 47 { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL, | |
| 48 offsetof(CERTUserNotice, noticeReference), | |
| 49 CERT_NoticeReferenceTemplate, 0 }, | |
| 50 { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL, | |
| 51 offsetof(CERTUserNotice, displayText), | |
| 52 CERT_DisplayTextTypeTemplate, 0 }, | |
| 53 { 0 } | |
| 54 }; | |
| 55 | |
| 56 const SEC_ASN1Template CERT_PolicyQualifierTemplate[] = { | |
| 57 { SEC_ASN1_SEQUENCE, | |
| 58 0, NULL, sizeof(CERTPolicyQualifier) }, | |
| 59 { SEC_ASN1_OBJECT_ID, | |
| 60 offsetof(CERTPolicyQualifier, qualifierID) }, | |
| 61 { SEC_ASN1_ANY, | |
| 62 offsetof(CERTPolicyQualifier, qualifierValue) }, | |
| 63 { 0 } | |
| 64 }; | |
| 65 | |
| 66 const SEC_ASN1Template CERT_PolicyInfoTemplate[] = { | |
| 67 { SEC_ASN1_SEQUENCE, | |
| 68 0, NULL, sizeof(CERTPolicyInfo) }, | |
| 69 { SEC_ASN1_OBJECT_ID, | |
| 70 offsetof(CERTPolicyInfo, policyID) }, | |
| 71 { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_OPTIONAL, | |
| 72 offsetof(CERTPolicyInfo, policyQualifiers), | |
| 73 CERT_PolicyQualifierTemplate }, | |
| 74 { 0 } | |
| 75 }; | |
| 76 | |
| 77 const SEC_ASN1Template CERT_CertificatePoliciesTemplate[] = { | |
| 78 { SEC_ASN1_SEQUENCE_OF, | |
| 79 offsetof(CERTCertificatePolicies, policyInfos), | |
| 80 CERT_PolicyInfoTemplate, sizeof(CERTCertificatePolicies) } | |
| 81 }; | |
| 82 | |
| 83 const SEC_ASN1Template CERT_PolicyMapTemplate[] = { | |
| 84 { SEC_ASN1_SEQUENCE, | |
| 85 0, NULL, sizeof(CERTPolicyMap) }, | |
| 86 { SEC_ASN1_OBJECT_ID, | |
| 87 offsetof(CERTPolicyMap, issuerDomainPolicy) }, | |
| 88 { SEC_ASN1_OBJECT_ID, | |
| 89 offsetof(CERTPolicyMap, subjectDomainPolicy) }, | |
| 90 { 0 } | |
| 91 }; | |
| 92 | |
| 93 const SEC_ASN1Template CERT_PolicyMappingsTemplate[] = { | |
| 94 { SEC_ASN1_SEQUENCE_OF, | |
| 95 offsetof(CERTCertificatePolicyMappings, policyMaps), | |
| 96 CERT_PolicyMapTemplate, sizeof(CERTPolicyMap) } | |
| 97 }; | |
| 98 | |
| 99 const SEC_ASN1Template CERT_PolicyConstraintsTemplate[] = { | |
| 100 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCertificatePolicyConstraints) }, | |
| 101 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, | |
| 102 offsetof(CERTCertificatePolicyConstraints, explicitPolicySkipCerts), | |
| 103 SEC_ASN1_SUB(SEC_IntegerTemplate) }, | |
| 104 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1, | |
| 105 offsetof(CERTCertificatePolicyConstraints, inhibitMappingSkipCerts), | |
| 106 SEC_ASN1_SUB(SEC_IntegerTemplate) }, | |
| 107 { 0 } | |
| 108 }; | |
| 109 | |
| 110 const SEC_ASN1Template CERT_InhibitAnyTemplate[] = { | |
| 111 { SEC_ASN1_INTEGER, | |
| 112 offsetof(CERTCertificateInhibitAny, inhibitAnySkipCerts), | |
| 113 NULL, sizeof(CERTCertificateInhibitAny) } | |
| 114 }; | |
| 115 | |
| 116 static void | |
| 117 breakLines(char *string) | |
| 118 { | |
| 119 char *tmpstr; | |
| 120 char *lastspace = NULL; | |
| 121 int curlen = 0; | |
| 122 int c; | |
| 123 | |
| 124 tmpstr = string; | |
| 125 | |
| 126 while ( ( c = *tmpstr ) != '\0' ) { | |
| 127 switch ( c ) { | |
| 128 case ' ': | |
| 129 lastspace = tmpstr; | |
| 130 break; | |
| 131 case '\n': | |
| 132 lastspace = NULL; | |
| 133 curlen = 0; | |
| 134 break; | |
| 135 } | |
| 136 | |
| 137 if ( ( curlen >= 55 ) && ( lastspace != NULL ) ) { | |
| 138 *lastspace = '\n'; | |
| 139 curlen = ( tmpstr - lastspace ); | |
| 140 lastspace = NULL; | |
| 141 } | |
| 142 | |
| 143 curlen++; | |
| 144 tmpstr++; | |
| 145 } | |
| 146 | |
| 147 return; | |
| 148 } | |
| 149 | |
| 150 CERTCertificatePolicies * | |
| 151 CERT_DecodeCertificatePoliciesExtension(SECItem *extnValue) | |
| 152 { | |
| 153 PRArenaPool *arena = NULL; | |
| 154 SECStatus rv; | |
| 155 CERTCertificatePolicies *policies; | |
| 156 CERTPolicyInfo **policyInfos, *policyInfo; | |
| 157 CERTPolicyQualifier **policyQualifiers, *policyQualifier; | |
| 158 SECItem newExtnValue; | |
| 159 | |
| 160 /* make a new arena */ | |
| 161 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | |
| 162 | |
| 163 if ( !arena ) { | |
| 164 goto loser; | |
| 165 } | |
| 166 | |
| 167 /* allocate the certificate policies structure */ | |
| 168 policies = (CERTCertificatePolicies *) | |
| 169 PORT_ArenaZAlloc(arena, sizeof(CERTCertificatePolicies)); | |
| 170 | |
| 171 if ( policies == NULL ) { | |
| 172 goto loser; | |
| 173 } | |
| 174 | |
| 175 policies->arena = arena; | |
| 176 | |
| 177 /* copy the DER into the arena, since Quick DER returns data that points | |
| 178 into the DER input, which may get freed by the caller */ | |
| 179 rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue); | |
| 180 if ( rv != SECSuccess ) { | |
| 181 goto loser; | |
| 182 } | |
| 183 | |
| 184 /* decode the policy info */ | |
| 185 rv = SEC_QuickDERDecodeItem(arena, policies, CERT_CertificatePoliciesTemplat
e, | |
| 186 &newExtnValue); | |
| 187 | |
| 188 if ( rv != SECSuccess ) { | |
| 189 goto loser; | |
| 190 } | |
| 191 | |
| 192 /* initialize the oid tags */ | |
| 193 policyInfos = policies->policyInfos; | |
| 194 while (*policyInfos != NULL ) { | |
| 195 policyInfo = *policyInfos; | |
| 196 policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID); | |
| 197 policyQualifiers = policyInfo->policyQualifiers; | |
| 198 while ( policyQualifiers != NULL && *policyQualifiers != NULL ) { | |
| 199 policyQualifier = *policyQualifiers; | |
| 200 policyQualifier->oid = | |
| 201 SECOID_FindOIDTag(&policyQualifier->qualifierID); | |
| 202 policyQualifiers++; | |
| 203 } | |
| 204 policyInfos++; | |
| 205 } | |
| 206 | |
| 207 return(policies); | |
| 208 | |
| 209 loser: | |
| 210 if ( arena != NULL ) { | |
| 211 PORT_FreeArena(arena, PR_FALSE); | |
| 212 } | |
| 213 | |
| 214 return(NULL); | |
| 215 } | |
| 216 | |
| 217 void | |
| 218 CERT_DestroyCertificatePoliciesExtension(CERTCertificatePolicies *policies) | |
| 219 { | |
| 220 if ( policies != NULL ) { | |
| 221 PORT_FreeArena(policies->arena, PR_FALSE); | |
| 222 } | |
| 223 return; | |
| 224 } | |
| 225 | |
| 226 CERTCertificatePolicyMappings * | |
| 227 CERT_DecodePolicyMappingsExtension(SECItem *extnValue) | |
| 228 { | |
| 229 PRArenaPool *arena = NULL; | |
| 230 SECStatus rv; | |
| 231 CERTCertificatePolicyMappings *mappings; | |
| 232 SECItem newExtnValue; | |
| 233 | |
| 234 /* make a new arena */ | |
| 235 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | |
| 236 if ( !arena ) { | |
| 237 goto loser; | |
| 238 } | |
| 239 | |
| 240 /* allocate the policy mappings structure */ | |
| 241 mappings = (CERTCertificatePolicyMappings *) | |
| 242 PORT_ArenaZAlloc(arena, sizeof(CERTCertificatePolicyMappings)); | |
| 243 if ( mappings == NULL ) { | |
| 244 goto loser; | |
| 245 } | |
| 246 mappings->arena = arena; | |
| 247 | |
| 248 /* copy the DER into the arena, since Quick DER returns data that points | |
| 249 into the DER input, which may get freed by the caller */ | |
| 250 rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue); | |
| 251 if ( rv != SECSuccess ) { | |
| 252 goto loser; | |
| 253 } | |
| 254 | |
| 255 /* decode the policy mappings */ | |
| 256 rv = SEC_QuickDERDecodeItem | |
| 257 (arena, mappings, CERT_PolicyMappingsTemplate, &newExtnValue); | |
| 258 if ( rv != SECSuccess ) { | |
| 259 goto loser; | |
| 260 } | |
| 261 | |
| 262 return(mappings); | |
| 263 | |
| 264 loser: | |
| 265 if ( arena != NULL ) { | |
| 266 PORT_FreeArena(arena, PR_FALSE); | |
| 267 } | |
| 268 | |
| 269 return(NULL); | |
| 270 } | |
| 271 | |
| 272 SECStatus | |
| 273 CERT_DestroyPolicyMappingsExtension(CERTCertificatePolicyMappings *mappings) | |
| 274 { | |
| 275 if ( mappings != NULL ) { | |
| 276 PORT_FreeArena(mappings->arena, PR_FALSE); | |
| 277 } | |
| 278 return SECSuccess; | |
| 279 } | |
| 280 | |
| 281 SECStatus | |
| 282 CERT_DecodePolicyConstraintsExtension | |
| 283 (CERTCertificatePolicyConstraints *decodedValue, | |
| 284 SECItem *encodedValue) | |
| 285 { | |
| 286 CERTCertificatePolicyConstraints decodeContext; | |
| 287 PRArenaPool *arena = NULL; | |
| 288 SECStatus rv = SECSuccess; | |
| 289 | |
| 290 /* initialize so we can tell when an optional component is omitted */ | |
| 291 PORT_Memset(&decodeContext, 0, sizeof(decodeContext)); | |
| 292 | |
| 293 /* make a new arena */ | |
| 294 arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); | |
| 295 if (!arena) { | |
| 296 return SECFailure; | |
| 297 } | |
| 298 | |
| 299 do { | |
| 300 /* decode the policy constraints */ | |
| 301 rv = SEC_QuickDERDecodeItem(arena, | |
| 302 &decodeContext, CERT_PolicyConstraintsTemplate, encodedValue); | |
| 303 | |
| 304 if ( rv != SECSuccess ) { | |
| 305 break; | |
| 306 } | |
| 307 | |
| 308 if (decodeContext.explicitPolicySkipCerts.len == 0) { | |
| 309 *(PRInt32 *)decodedValue->explicitPolicySkipCerts.data = -1; | |
| 310 } else { | |
| 311 *(PRInt32 *)decodedValue->explicitPolicySkipCerts.data = | |
| 312 DER_GetInteger(&decodeContext.explicitPolicySkipCerts); | |
| 313 } | |
| 314 | |
| 315 if (decodeContext.inhibitMappingSkipCerts.len == 0) { | |
| 316 *(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data = -1; | |
| 317 } else { | |
| 318 *(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data = | |
| 319 DER_GetInteger(&decodeContext.inhibitMappingSkipCerts); | |
| 320 } | |
| 321 | |
| 322 if ((*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data == | |
| 323 PR_INT32_MIN) || | |
| 324 (*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data == | |
| 325 PR_INT32_MAX) || | |
| 326 (*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data == | |
| 327 PR_INT32_MIN) || | |
| 328 (*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data == | |
| 329 PR_INT32_MAX)) { | |
| 330 rv = SECFailure; | |
| 331 } | |
| 332 | |
| 333 } while (0); | |
| 334 | |
| 335 PORT_FreeArena(arena, PR_FALSE); | |
| 336 return(rv); | |
| 337 } | |
| 338 | |
| 339 SECStatus CERT_DecodeInhibitAnyExtension | |
| 340 (CERTCertificateInhibitAny *decodedValue, SECItem *encodedValue) | |
| 341 { | |
| 342 CERTCertificateInhibitAny decodeContext; | |
| 343 PRArenaPool *arena = NULL; | |
| 344 SECStatus rv = SECSuccess; | |
| 345 | |
| 346 /* make a new arena */ | |
| 347 arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); | |
| 348 if ( !arena ) { | |
| 349 return SECFailure; | |
| 350 } | |
| 351 | |
| 352 do { | |
| 353 | |
| 354 /* decode the policy mappings */ | |
| 355 decodeContext.inhibitAnySkipCerts.type = siUnsignedInteger; | |
| 356 rv = SEC_QuickDERDecodeItem(arena, | |
| 357 &decodeContext, CERT_InhibitAnyTemplate, encodedValue); | |
| 358 | |
| 359 if ( rv != SECSuccess ) { | |
| 360 break; | |
| 361 } | |
| 362 | |
| 363 *(PRInt32 *)decodedValue->inhibitAnySkipCerts.data = | |
| 364 DER_GetInteger(&decodeContext.inhibitAnySkipCerts); | |
| 365 | |
| 366 } while (0); | |
| 367 | |
| 368 PORT_FreeArena(arena, PR_FALSE); | |
| 369 return(rv); | |
| 370 } | |
| 371 | |
| 372 CERTUserNotice * | |
| 373 CERT_DecodeUserNotice(SECItem *noticeItem) | |
| 374 { | |
| 375 PRArenaPool *arena = NULL; | |
| 376 SECStatus rv; | |
| 377 CERTUserNotice *userNotice; | |
| 378 SECItem newNoticeItem; | |
| 379 | |
| 380 /* make a new arena */ | |
| 381 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | |
| 382 | |
| 383 if ( !arena ) { | |
| 384 goto loser; | |
| 385 } | |
| 386 | |
| 387 /* allocate the userNotice structure */ | |
| 388 userNotice = (CERTUserNotice *)PORT_ArenaZAlloc(arena, | |
| 389 sizeof(CERTUserNotice)); | |
| 390 | |
| 391 if ( userNotice == NULL ) { | |
| 392 goto loser; | |
| 393 } | |
| 394 | |
| 395 userNotice->arena = arena; | |
| 396 | |
| 397 /* copy the DER into the arena, since Quick DER returns data that points | |
| 398 into the DER input, which may get freed by the caller */ | |
| 399 rv = SECITEM_CopyItem(arena, &newNoticeItem, noticeItem); | |
| 400 if ( rv != SECSuccess ) { | |
| 401 goto loser; | |
| 402 } | |
| 403 | |
| 404 /* decode the user notice */ | |
| 405 rv = SEC_QuickDERDecodeItem(arena, userNotice, CERT_UserNoticeTemplate, | |
| 406 &newNoticeItem); | |
| 407 | |
| 408 if ( rv != SECSuccess ) { | |
| 409 goto loser; | |
| 410 } | |
| 411 | |
| 412 if (userNotice->derNoticeReference.data != NULL) { | |
| 413 | |
| 414 rv = SEC_QuickDERDecodeItem(arena, &userNotice->noticeReference, | |
| 415 CERT_NoticeReferenceTemplate, | |
| 416 &userNotice->derNoticeReference); | |
| 417 if (rv == SECFailure) { | |
| 418 goto loser; | |
| 419 } | |
| 420 } | |
| 421 | |
| 422 return(userNotice); | |
| 423 | |
| 424 loser: | |
| 425 if ( arena != NULL ) { | |
| 426 PORT_FreeArena(arena, PR_FALSE); | |
| 427 } | |
| 428 | |
| 429 return(NULL); | |
| 430 } | |
| 431 | |
| 432 void | |
| 433 CERT_DestroyUserNotice(CERTUserNotice *userNotice) | |
| 434 { | |
| 435 if ( userNotice != NULL ) { | |
| 436 PORT_FreeArena(userNotice->arena, PR_FALSE); | |
| 437 } | |
| 438 return; | |
| 439 } | |
| 440 | |
| 441 static CERTPolicyStringCallback policyStringCB = NULL; | |
| 442 static void *policyStringCBArg = NULL; | |
| 443 | |
| 444 void | |
| 445 CERT_SetCAPolicyStringCallback(CERTPolicyStringCallback cb, void *cbarg) | |
| 446 { | |
| 447 policyStringCB = cb; | |
| 448 policyStringCBArg = cbarg; | |
| 449 return; | |
| 450 } | |
| 451 | |
| 452 char * | |
| 453 stringFromUserNotice(SECItem *noticeItem) | |
| 454 { | |
| 455 SECItem *org; | |
| 456 unsigned int len, headerlen; | |
| 457 char *stringbuf; | |
| 458 CERTUserNotice *userNotice; | |
| 459 char *policystr; | |
| 460 char *retstr = NULL; | |
| 461 SECItem *displayText; | |
| 462 SECItem **noticeNumbers; | |
| 463 unsigned int strnum; | |
| 464 | |
| 465 /* decode the user notice */ | |
| 466 userNotice = CERT_DecodeUserNotice(noticeItem); | |
| 467 if ( userNotice == NULL ) { | |
| 468 return(NULL); | |
| 469 } | |
| 470 | |
| 471 org = &userNotice->noticeReference.organization; | |
| 472 if ( (org->len != 0 ) && ( policyStringCB != NULL ) ) { | |
| 473 /* has a noticeReference */ | |
| 474 | |
| 475 /* extract the org string */ | |
| 476 len = org->len; | |
| 477 stringbuf = (char*)PORT_Alloc(len + 1); | |
| 478 if ( stringbuf != NULL ) { | |
| 479 PORT_Memcpy(stringbuf, org->data, len); | |
| 480 stringbuf[len] = '\0'; | |
| 481 | |
| 482 noticeNumbers = userNotice->noticeReference.noticeNumbers; | |
| 483 while ( *noticeNumbers != NULL ) { | |
| 484 /* XXX - only one byte integers right now*/ | |
| 485 strnum = (*noticeNumbers)->data[0]; | |
| 486 policystr = (* policyStringCB)(stringbuf, | |
| 487 strnum, | |
| 488 policyStringCBArg); | |
| 489 if ( policystr != NULL ) { | |
| 490 if ( retstr != NULL ) { | |
| 491 retstr = PR_sprintf_append(retstr, "\n%s", policystr); | |
| 492 } else { | |
| 493 retstr = PR_sprintf_append(retstr, "%s", policystr); | |
| 494 } | |
| 495 | |
| 496 PORT_Free(policystr); | |
| 497 } | |
| 498 | |
| 499 noticeNumbers++; | |
| 500 } | |
| 501 | |
| 502 PORT_Free(stringbuf); | |
| 503 } | |
| 504 } | |
| 505 | |
| 506 if ( retstr == NULL ) { | |
| 507 if ( userNotice->displayText.len != 0 ) { | |
| 508 displayText = &userNotice->displayText; | |
| 509 | |
| 510 if ( displayText->len > 2 ) { | |
| 511 if ( displayText->data[0] == SEC_ASN1_VISIBLE_STRING ) { | |
| 512 headerlen = 2; | |
| 513 if ( displayText->data[1] & 0x80 ) { | |
| 514 /* multibyte length */ | |
| 515 headerlen += ( displayText->data[1] & 0x7f ); | |
| 516 } | |
| 517 | |
| 518 len = displayText->len - headerlen; | |
| 519 retstr = (char*)PORT_Alloc(len + 1); | |
| 520 if ( retstr != NULL ) { | |
| 521 PORT_Memcpy(retstr, &displayText->data[headerlen],len); | |
| 522 retstr[len] = '\0'; | |
| 523 } | |
| 524 } | |
| 525 } | |
| 526 } | |
| 527 } | |
| 528 | |
| 529 CERT_DestroyUserNotice(userNotice); | |
| 530 | |
| 531 return(retstr); | |
| 532 } | |
| 533 | |
| 534 char * | |
| 535 CERT_GetCertCommentString(CERTCertificate *cert) | |
| 536 { | |
| 537 char *retstring = NULL; | |
| 538 SECStatus rv; | |
| 539 SECItem policyItem; | |
| 540 CERTCertificatePolicies *policies = NULL; | |
| 541 CERTPolicyInfo **policyInfos; | |
| 542 CERTPolicyQualifier **policyQualifiers, *qualifier; | |
| 543 | |
| 544 policyItem.data = NULL; | |
| 545 | |
| 546 rv = CERT_FindCertExtension(cert, SEC_OID_X509_CERTIFICATE_POLICIES, | |
| 547 &policyItem); | |
| 548 if ( rv != SECSuccess ) { | |
| 549 goto nopolicy; | |
| 550 } | |
| 551 | |
| 552 policies = CERT_DecodeCertificatePoliciesExtension(&policyItem); | |
| 553 if ( policies == NULL ) { | |
| 554 goto nopolicy; | |
| 555 } | |
| 556 | |
| 557 policyInfos = policies->policyInfos; | |
| 558 /* search through policyInfos looking for the verisign policy */ | |
| 559 while (*policyInfos != NULL ) { | |
| 560 if ( (*policyInfos)->oid == SEC_OID_VERISIGN_USER_NOTICES ) { | |
| 561 policyQualifiers = (*policyInfos)->policyQualifiers; | |
| 562 /* search through the policy qualifiers looking for user notice */ | |
| 563 while ( policyQualifiers != NULL && *policyQualifiers != NULL ) { | |
| 564 qualifier = *policyQualifiers; | |
| 565 if ( qualifier->oid == SEC_OID_PKIX_USER_NOTICE_QUALIFIER ) { | |
| 566 retstring = | |
| 567 stringFromUserNotice(&qualifier->qualifierValue); | |
| 568 break; | |
| 569 } | |
| 570 | |
| 571 policyQualifiers++; | |
| 572 } | |
| 573 break; | |
| 574 } | |
| 575 policyInfos++; | |
| 576 } | |
| 577 | |
| 578 nopolicy: | |
| 579 if ( policyItem.data != NULL ) { | |
| 580 PORT_Free(policyItem.data); | |
| 581 } | |
| 582 | |
| 583 if ( policies != NULL ) { | |
| 584 CERT_DestroyCertificatePoliciesExtension(policies); | |
| 585 } | |
| 586 | |
| 587 if ( retstring == NULL ) { | |
| 588 retstring = CERT_FindNSStringExtension(cert, | |
| 589 SEC_OID_NS_CERT_EXT_COMMENT); | |
| 590 } | |
| 591 | |
| 592 if ( retstring != NULL ) { | |
| 593 breakLines(retstring); | |
| 594 } | |
| 595 | |
| 596 return(retstring); | |
| 597 } | |
| 598 | |
| 599 | |
| 600 const SEC_ASN1Template CERT_OidSeqTemplate[] = { | |
| 601 { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, | |
| 602 offsetof(CERTOidSequence, oids), | |
| 603 SEC_ASN1_SUB(SEC_ObjectIDTemplate) } | |
| 604 }; | |
| 605 | |
| 606 CERTOidSequence * | |
| 607 CERT_DecodeOidSequence(SECItem *seqItem) | |
| 608 { | |
| 609 PRArenaPool *arena = NULL; | |
| 610 SECStatus rv; | |
| 611 CERTOidSequence *oidSeq; | |
| 612 SECItem newSeqItem; | |
| 613 | |
| 614 /* make a new arena */ | |
| 615 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | |
| 616 | |
| 617 if ( !arena ) { | |
| 618 goto loser; | |
| 619 } | |
| 620 | |
| 621 /* allocate the userNotice structure */ | |
| 622 oidSeq = (CERTOidSequence *)PORT_ArenaZAlloc(arena, | |
| 623 sizeof(CERTOidSequence)); | |
| 624 | |
| 625 if ( oidSeq == NULL ) { | |
| 626 goto loser; | |
| 627 } | |
| 628 | |
| 629 oidSeq->arena = arena; | |
| 630 | |
| 631 /* copy the DER into the arena, since Quick DER returns data that points | |
| 632 into the DER input, which may get freed by the caller */ | |
| 633 rv = SECITEM_CopyItem(arena, &newSeqItem, seqItem); | |
| 634 if ( rv != SECSuccess ) { | |
| 635 goto loser; | |
| 636 } | |
| 637 | |
| 638 /* decode the user notice */ | |
| 639 rv = SEC_QuickDERDecodeItem(arena, oidSeq, CERT_OidSeqTemplate, &newSeqItem)
; | |
| 640 | |
| 641 if ( rv != SECSuccess ) { | |
| 642 goto loser; | |
| 643 } | |
| 644 | |
| 645 return(oidSeq); | |
| 646 | |
| 647 loser: | |
| 648 return(NULL); | |
| 649 } | |
| 650 | |
| 651 | |
| 652 void | |
| 653 CERT_DestroyOidSequence(CERTOidSequence *oidSeq) | |
| 654 { | |
| 655 if ( oidSeq != NULL ) { | |
| 656 PORT_FreeArena(oidSeq->arena, PR_FALSE); | |
| 657 } | |
| 658 return; | |
| 659 } | |
| 660 | |
| 661 PRBool | |
| 662 CERT_GovtApprovedBitSet(CERTCertificate *cert) | |
| 663 { | |
| 664 SECStatus rv; | |
| 665 SECItem extItem; | |
| 666 CERTOidSequence *oidSeq = NULL; | |
| 667 PRBool ret; | |
| 668 SECItem **oids; | |
| 669 SECItem *oid; | |
| 670 SECOidTag oidTag; | |
| 671 | |
| 672 extItem.data = NULL; | |
| 673 rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE, &extItem); | |
| 674 if ( rv != SECSuccess ) { | |
| 675 goto loser; | |
| 676 } | |
| 677 | |
| 678 oidSeq = CERT_DecodeOidSequence(&extItem); | |
| 679 if ( oidSeq == NULL ) { | |
| 680 goto loser; | |
| 681 } | |
| 682 | |
| 683 oids = oidSeq->oids; | |
| 684 while ( oids != NULL && *oids != NULL ) { | |
| 685 oid = *oids; | |
| 686 | |
| 687 oidTag = SECOID_FindOIDTag(oid); | |
| 688 | |
| 689 if ( oidTag == SEC_OID_NS_KEY_USAGE_GOVT_APPROVED ) { | |
| 690 goto success; | |
| 691 } | |
| 692 | |
| 693 oids++; | |
| 694 } | |
| 695 | |
| 696 loser: | |
| 697 ret = PR_FALSE; | |
| 698 goto done; | |
| 699 success: | |
| 700 ret = PR_TRUE; | |
| 701 done: | |
| 702 if ( oidSeq != NULL ) { | |
| 703 CERT_DestroyOidSequence(oidSeq); | |
| 704 } | |
| 705 if (extItem.data != NULL) { | |
| 706 PORT_Free(extItem.data); | |
| 707 } | |
| 708 return(ret); | |
| 709 } | |
| 710 | |
| 711 | |
| 712 SECStatus | |
| 713 CERT_EncodePolicyConstraintsExtension(PRArenaPool *arena, | |
| 714 CERTCertificatePolicyConstraints *constr, | |
| 715 SECItem *dest) | |
| 716 { | |
| 717 SECStatus rv = SECSuccess; | |
| 718 | |
| 719 PORT_Assert(constr != NULL && dest != NULL); | |
| 720 if (constr == NULL || dest == NULL) { | |
| 721 return SECFailure; | |
| 722 } | |
| 723 | |
| 724 if (SEC_ASN1EncodeItem (arena, dest, constr, | |
| 725 CERT_PolicyConstraintsTemplate) == NULL) { | |
| 726 rv = SECFailure; | |
| 727 } | |
| 728 return(rv); | |
| 729 } | |
| 730 | |
| 731 SECStatus | |
| 732 CERT_EncodePolicyMappingExtension(PRArenaPool *arena, | |
| 733 CERTCertificatePolicyMappings *mapping, | |
| 734 SECItem *dest) | |
| 735 { | |
| 736 SECStatus rv = SECSuccess; | |
| 737 | |
| 738 PORT_Assert(mapping != NULL && dest != NULL); | |
| 739 if (mapping == NULL || dest == NULL) { | |
| 740 return SECFailure; | |
| 741 } | |
| 742 | |
| 743 if (SEC_ASN1EncodeItem (arena, dest, mapping, | |
| 744 CERT_PolicyMappingsTemplate) == NULL) { | |
| 745 rv = SECFailure; | |
| 746 } | |
| 747 return(rv); | |
| 748 } | |
| 749 | |
| 750 | |
| 751 | |
| 752 SECStatus | |
| 753 CERT_EncodeCertPoliciesExtension(PRArenaPool *arena, | |
| 754 CERTPolicyInfo **info, | |
| 755 SECItem *dest) | |
| 756 { | |
| 757 SECStatus rv = SECSuccess; | |
| 758 | |
| 759 PORT_Assert(info != NULL && dest != NULL); | |
| 760 if (info == NULL || dest == NULL) { | |
| 761 return SECFailure; | |
| 762 } | |
| 763 | |
| 764 if (SEC_ASN1EncodeItem (arena, dest, info, | |
| 765 CERT_CertificatePoliciesTemplate) == NULL) { | |
| 766 rv = SECFailure; | |
| 767 } | |
| 768 return(rv); | |
| 769 } | |
| 770 | |
| 771 SECStatus | |
| 772 CERT_EncodeUserNotice(PRArenaPool *arena, | |
| 773 CERTUserNotice *notice, | |
| 774 SECItem *dest) | |
| 775 { | |
| 776 SECStatus rv = SECSuccess; | |
| 777 | |
| 778 PORT_Assert(notice != NULL && dest != NULL); | |
| 779 if (notice == NULL || dest == NULL) { | |
| 780 return SECFailure; | |
| 781 } | |
| 782 | |
| 783 if (SEC_ASN1EncodeItem(arena, dest, | |
| 784 notice, CERT_UserNoticeTemplate) == NULL) { | |
| 785 rv = SECFailure; | |
| 786 } | |
| 787 | |
| 788 return(rv); | |
| 789 } | |
| 790 | |
| 791 SECStatus | |
| 792 CERT_EncodeNoticeReference(PRArenaPool *arena, | |
| 793 CERTNoticeReference *reference, | |
| 794 SECItem *dest) | |
| 795 { | |
| 796 SECStatus rv = SECSuccess; | |
| 797 | |
| 798 PORT_Assert(reference != NULL && dest != NULL); | |
| 799 if (reference == NULL || dest == NULL) { | |
| 800 return SECFailure; | |
| 801 } | |
| 802 | |
| 803 if (SEC_ASN1EncodeItem (arena, dest, reference, | |
| 804 CERT_NoticeReferenceTemplate) == NULL) { | |
| 805 rv = SECFailure; | |
| 806 } | |
| 807 | |
| 808 return(rv); | |
| 809 } | |
| 810 | |
| 811 SECStatus | |
| 812 CERT_EncodeInhibitAnyExtension(PRArenaPool *arena, | |
| 813 CERTCertificateInhibitAny *certInhibitAny, | |
| 814 SECItem *dest) | |
| 815 { | |
| 816 SECStatus rv = SECSuccess; | |
| 817 | |
| 818 PORT_Assert(certInhibitAny != NULL && dest != NULL); | |
| 819 if (certInhibitAny == NULL || dest == NULL) { | |
| 820 return SECFailure; | |
| 821 } | |
| 822 | |
| 823 if (SEC_ASN1EncodeItem (arena, dest, certInhibitAny, | |
| 824 CERT_InhibitAnyTemplate) == NULL) { | |
| 825 rv = SECFailure; | |
| 826 } | |
| 827 return(rv); | |
| 828 } | |
| OLD | NEW |