| OLD | NEW |
|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 | 4 |
| 5 /* | 5 /* |
| 6 * Support for various policy related extensions | 6 * Support for various policy related extensions |
| 7 */ | 7 */ |
| 8 | 8 |
| 9 #include "seccomon.h" | 9 #include "seccomon.h" |
| 10 #include "secport.h" | 10 #include "secport.h" |
| 11 #include "secder.h" | 11 #include "secder.h" |
| 12 #include "cert.h" | 12 #include "cert.h" |
| 13 #include "secoid.h" | 13 #include "secoid.h" |
| 14 #include "secasn1.h" | 14 #include "secasn1.h" |
| 15 #include "secerr.h" | 15 #include "secerr.h" |
| 16 #include "nspr.h" | 16 #include "nspr.h" |
| 17 | 17 |
| 18 SEC_ASN1_MKSUB(SEC_IntegerTemplate) | 18 SEC_ASN1_MKSUB(SEC_IntegerTemplate) |
| 19 SEC_ASN1_MKSUB(SEC_ObjectIDTemplate) | 19 SEC_ASN1_MKSUB(SEC_ObjectIDTemplate) |
| 20 | 20 |
| 21 const SEC_ASN1Template CERT_DisplayTextTypeTemplate[] = { | 21 const SEC_ASN1Template CERT_DisplayTextTypeTemplate[] = { |
| 22 { SEC_ASN1_CHOICE, offsetof(SECItem, type), 0, sizeof(SECItem) }, | 22 { SEC_ASN1_CHOICE, offsetof(SECItem, type), 0, sizeof(SECItem) }, |
| 23 { SEC_ASN1_IA5_STRING, 0, 0, siAsciiString}, | 23 { SEC_ASN1_IA5_STRING, 0, 0, siAsciiString }, |
| 24 { SEC_ASN1_VISIBLE_STRING , 0, 0, siVisibleString}, | 24 { SEC_ASN1_VISIBLE_STRING, 0, 0, siVisibleString }, |
| 25 { SEC_ASN1_BMP_STRING , 0, 0, siBMPString }, | 25 { SEC_ASN1_BMP_STRING, 0, 0, siBMPString }, |
| 26 { SEC_ASN1_UTF8_STRING , 0, 0, siUTF8String }, | 26 { SEC_ASN1_UTF8_STRING, 0, 0, siUTF8String }, |
| 27 { 0 } | 27 { 0 } |
| 28 }; | 28 }; |
| 29 | 29 |
| 30 const SEC_ASN1Template CERT_NoticeReferenceTemplate[] = { | 30 const SEC_ASN1Template CERT_NoticeReferenceTemplate[] = { |
| 31 { SEC_ASN1_SEQUENCE, | 31 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTNoticeReference) }, |
| 32 » 0, NULL, sizeof(CERTNoticeReference) }, | 32 { SEC_ASN1_INLINE, offsetof(CERTNoticeReference, organization), |
| 33 { SEC_ASN1_INLINE, | 33 CERT_DisplayTextTypeTemplate, 0 }, |
| 34 » offsetof(CERTNoticeReference, organization), | |
| 35 CERT_DisplayTextTypeTemplate, 0 }, | |
| 36 { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, | 34 { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, |
| 37 offsetof(CERTNoticeReference, noticeNumbers), | 35 offsetof(CERTNoticeReference, noticeNumbers), |
| 38 SEC_ASN1_SUB(SEC_IntegerTemplate) }, | 36 SEC_ASN1_SUB(SEC_IntegerTemplate) }, |
| 39 { 0 } | 37 { 0 } |
| 40 }; | 38 }; |
| 41 | 39 |
| 42 const SEC_ASN1Template CERT_UserNoticeTemplate[] = { | 40 const SEC_ASN1Template CERT_UserNoticeTemplate[] = { |
| 43 { SEC_ASN1_SEQUENCE, | 41 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTUserNotice) }, |
| 44 » 0, NULL, sizeof(CERTUserNotice) }, | |
| 45 { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL, | 42 { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL, |
| 46 » offsetof(CERTUserNotice, noticeReference), | 43 offsetof(CERTUserNotice, noticeReference), CERT_NoticeReferenceTemplate, |
| 47 CERT_NoticeReferenceTemplate, 0 }, | 44 0 }, |
| 48 { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL, | 45 { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL, |
| 49 » offsetof(CERTUserNotice, displayText), | 46 offsetof(CERTUserNotice, displayText), CERT_DisplayTextTypeTemplate, 0 }, |
| 50 CERT_DisplayTextTypeTemplate, 0 }, | |
| 51 { 0 } | 47 { 0 } |
| 52 }; | 48 }; |
| 53 | 49 |
| 54 const SEC_ASN1Template CERT_PolicyQualifierTemplate[] = { | 50 const SEC_ASN1Template CERT_PolicyQualifierTemplate[] = { |
| 55 { SEC_ASN1_SEQUENCE, | 51 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPolicyQualifier) }, |
| 56 » 0, NULL, sizeof(CERTPolicyQualifier) }, | 52 { SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyQualifier, qualifierID) }, |
| 57 { SEC_ASN1_OBJECT_ID, | 53 { SEC_ASN1_ANY, offsetof(CERTPolicyQualifier, qualifierValue) }, |
| 58 » offsetof(CERTPolicyQualifier, qualifierID) }, | |
| 59 { SEC_ASN1_ANY, | |
| 60 » offsetof(CERTPolicyQualifier, qualifierValue) }, | |
| 61 { 0 } | 54 { 0 } |
| 62 }; | 55 }; |
| 63 | 56 |
| 64 const SEC_ASN1Template CERT_PolicyInfoTemplate[] = { | 57 const SEC_ASN1Template CERT_PolicyInfoTemplate[] = { |
| 65 { SEC_ASN1_SEQUENCE, | 58 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPolicyInfo) }, |
| 66 » 0, NULL, sizeof(CERTPolicyInfo) }, | 59 { SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyInfo, policyID) }, |
| 67 { SEC_ASN1_OBJECT_ID, | |
| 68 » offsetof(CERTPolicyInfo, policyID) }, | |
| 69 { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_OPTIONAL, | 60 { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_OPTIONAL, |
| 70 » offsetof(CERTPolicyInfo, policyQualifiers), | 61 offsetof(CERTPolicyInfo, policyQualifiers), |
| 71 » CERT_PolicyQualifierTemplate }, | 62 CERT_PolicyQualifierTemplate }, |
| 72 { 0 } | 63 { 0 } |
| 73 }; | 64 }; |
| 74 | 65 |
| 75 const SEC_ASN1Template CERT_CertificatePoliciesTemplate[] = { | 66 const SEC_ASN1Template CERT_CertificatePoliciesTemplate[] = { |
| 76 { SEC_ASN1_SEQUENCE_OF, | 67 { SEC_ASN1_SEQUENCE_OF, offsetof(CERTCertificatePolicies, policyInfos), |
| 77 » offsetof(CERTCertificatePolicies, policyInfos), | 68 CERT_PolicyInfoTemplate, sizeof(CERTCertificatePolicies) } |
| 78 » CERT_PolicyInfoTemplate, sizeof(CERTCertificatePolicies) } | |
| 79 }; | 69 }; |
| 80 | 70 |
| 81 const SEC_ASN1Template CERT_PolicyMapTemplate[] = { | 71 const SEC_ASN1Template CERT_PolicyMapTemplate[] = { |
| 82 { SEC_ASN1_SEQUENCE, | 72 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPolicyMap) }, |
| 83 » 0, NULL, sizeof(CERTPolicyMap) }, | 73 { SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyMap, issuerDomainPolicy) }, |
| 84 { SEC_ASN1_OBJECT_ID, | 74 { SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyMap, subjectDomainPolicy) }, |
| 85 » offsetof(CERTPolicyMap, issuerDomainPolicy) }, | |
| 86 { SEC_ASN1_OBJECT_ID, | |
| 87 » offsetof(CERTPolicyMap, subjectDomainPolicy) }, | |
| 88 { 0 } | 75 { 0 } |
| 89 }; | 76 }; |
| 90 | 77 |
| 91 const SEC_ASN1Template CERT_PolicyMappingsTemplate[] = { | 78 const SEC_ASN1Template CERT_PolicyMappingsTemplate[] = { |
| 92 { SEC_ASN1_SEQUENCE_OF, | 79 { SEC_ASN1_SEQUENCE_OF, offsetof(CERTCertificatePolicyMappings, policyMaps), |
| 93 » offsetof(CERTCertificatePolicyMappings, policyMaps), | 80 CERT_PolicyMapTemplate, sizeof(CERTPolicyMap) } |
| 94 » CERT_PolicyMapTemplate, sizeof(CERTPolicyMap) } | |
| 95 }; | 81 }; |
| 96 | 82 |
| 97 const SEC_ASN1Template CERT_PolicyConstraintsTemplate[] = { | 83 const SEC_ASN1Template CERT_PolicyConstraintsTemplate[] = { |
| 98 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCertificatePolicyConstraints) }, | 84 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCertificatePolicyConstraints) }, |
| 99 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, | 85 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, |
| 100 » offsetof(CERTCertificatePolicyConstraints, explicitPolicySkipCerts), | 86 offsetof(CERTCertificatePolicyConstraints, explicitPolicySkipCerts), |
| 101 » SEC_ASN1_SUB(SEC_IntegerTemplate) }, | 87 SEC_ASN1_SUB(SEC_IntegerTemplate) }, |
| 102 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1, | 88 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1, |
| 103 » offsetof(CERTCertificatePolicyConstraints, inhibitMappingSkipCerts), | 89 offsetof(CERTCertificatePolicyConstraints, inhibitMappingSkipCerts), |
| 104 » SEC_ASN1_SUB(SEC_IntegerTemplate) }, | 90 SEC_ASN1_SUB(SEC_IntegerTemplate) }, |
| 105 { 0 } | 91 { 0 } |
| 106 }; | 92 }; |
| 107 | 93 |
| 108 const SEC_ASN1Template CERT_InhibitAnyTemplate[] = { | 94 const SEC_ASN1Template CERT_InhibitAnyTemplate[] = { |
| 109 { SEC_ASN1_INTEGER, | 95 { SEC_ASN1_INTEGER, |
| 110 » offsetof(CERTCertificateInhibitAny, inhibitAnySkipCerts), | 96 offsetof(CERTCertificateInhibitAny, inhibitAnySkipCerts), NULL, |
| 111 » NULL, sizeof(CERTCertificateInhibitAny) } | 97 sizeof(CERTCertificateInhibitAny) } |
| 112 }; | 98 }; |
| 113 | 99 |
| 114 static void | 100 static void |
| 115 breakLines(char *string) | 101 breakLines(char *string) |
| 116 { | 102 { |
| 117 char *tmpstr; | 103 char *tmpstr; |
| 118 char *lastspace = NULL; | 104 char *lastspace = NULL; |
| 119 int curlen = 0; | 105 int curlen = 0; |
| 120 int c; | 106 int c; |
| 121 | 107 |
| 122 tmpstr = string; | 108 tmpstr = string; |
| 123 | 109 |
| 124 while ( ( c = *tmpstr ) != '\0' ) { | 110 while ((c = *tmpstr) != '\0') { |
| 125 » switch ( c ) { | 111 switch (c) { |
| 126 » case ' ': | 112 case ' ': |
| 127 » lastspace = tmpstr; | 113 lastspace = tmpstr; |
| 128 » break; | 114 break; |
| 129 » case '\n': | 115 case '\n': |
| 130 » lastspace = NULL; | 116 lastspace = NULL; |
| 131 » curlen = 0; | 117 curlen = 0; |
| 132 » break; | 118 break; |
| 133 » } | 119 } |
| 134 » | 120 |
| 135 » if ( ( curlen >= 55 ) && ( lastspace != NULL ) ) { | 121 if ((curlen >= 55) && (lastspace != NULL)) { |
| 136 » *lastspace = '\n'; | 122 *lastspace = '\n'; |
| 137 » curlen = ( tmpstr - lastspace ); | 123 curlen = (tmpstr - lastspace); |
| 138 » lastspace = NULL; | 124 lastspace = NULL; |
| 139 » } | 125 } |
| 140 » | 126 |
| 141 » curlen++; | 127 curlen++; |
| 142 » tmpstr++; | 128 tmpstr++; |
| 143 } | 129 } |
| 144 | 130 |
| 145 return; | 131 return; |
| 146 } | 132 } |
| 147 | 133 |
| 148 CERTCertificatePolicies * | 134 CERTCertificatePolicies * |
| 149 CERT_DecodeCertificatePoliciesExtension(const SECItem *extnValue) | 135 CERT_DecodeCertificatePoliciesExtension(const SECItem *extnValue) |
| 150 { | 136 { |
| 151 PLArenaPool *arena = NULL; | 137 PLArenaPool *arena = NULL; |
| 152 SECStatus rv; | 138 SECStatus rv; |
| 153 CERTCertificatePolicies *policies; | 139 CERTCertificatePolicies *policies; |
| 154 CERTPolicyInfo **policyInfos, *policyInfo; | 140 CERTPolicyInfo **policyInfos, *policyInfo; |
| 155 CERTPolicyQualifier **policyQualifiers, *policyQualifier; | 141 CERTPolicyQualifier **policyQualifiers, *policyQualifier; |
| 156 SECItem newExtnValue; | 142 SECItem newExtnValue; |
| 157 | 143 |
| 158 /* make a new arena */ | 144 /* make a new arena */ |
| 159 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 145 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| 160 | 146 |
| 161 if ( !arena ) { | 147 if (!arena) { |
| 162 » goto loser; | 148 goto loser; |
| 163 } | 149 } |
| 164 | 150 |
| 165 /* allocate the certificate policies structure */ | 151 /* allocate the certificate policies structure */ |
| 166 policies = (CERTCertificatePolicies *) | 152 policies = (CERTCertificatePolicies *)PORT_ArenaZAlloc( |
| 167 » PORT_ArenaZAlloc(arena, sizeof(CERTCertificatePolicies)); | 153 arena, sizeof(CERTCertificatePolicies)); |
| 168 | 154 |
| 169 if ( policies == NULL ) { | 155 if (policies == NULL) { |
| 170 » goto loser; | 156 goto loser; |
| 171 } | 157 } |
| 172 | 158 |
| 173 policies->arena = arena; | 159 policies->arena = arena; |
| 174 | 160 |
| 175 /* copy the DER into the arena, since Quick DER returns data that points | 161 /* copy the DER into the arena, since Quick DER returns data that points |
| 176 into the DER input, which may get freed by the caller */ | 162 into the DER input, which may get freed by the caller */ |
| 177 rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue); | 163 rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue); |
| 178 if ( rv != SECSuccess ) { | 164 if (rv != SECSuccess) { |
| 179 » goto loser; | 165 goto loser; |
| 180 } | 166 } |
| 181 | 167 |
| 182 /* decode the policy info */ | 168 /* decode the policy info */ |
| 183 rv = SEC_QuickDERDecodeItem(arena, policies, CERT_CertificatePoliciesTemplat
e, | 169 rv = SEC_QuickDERDecodeItem( |
| 184 » » » &newExtnValue); | 170 arena, policies, CERT_CertificatePoliciesTemplate, &newExtnValue); |
| 185 | 171 |
| 186 if ( rv != SECSuccess ) { | 172 if (rv != SECSuccess) { |
| 187 » goto loser; | 173 goto loser; |
| 188 } | 174 } |
| 189 | 175 |
| 190 /* initialize the oid tags */ | 176 /* initialize the oid tags */ |
| 191 policyInfos = policies->policyInfos; | 177 policyInfos = policies->policyInfos; |
| 192 while (*policyInfos != NULL ) { | 178 while (*policyInfos != NULL) { |
| 193 » policyInfo = *policyInfos; | 179 policyInfo = *policyInfos; |
| 194 » policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID); | 180 policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID); |
| 195 » policyQualifiers = policyInfo->policyQualifiers; | 181 policyQualifiers = policyInfo->policyQualifiers; |
| 196 » while ( policyQualifiers != NULL && *policyQualifiers != NULL ) { | 182 while (policyQualifiers != NULL && *policyQualifiers != NULL) { |
| 197 » policyQualifier = *policyQualifiers; | 183 policyQualifier = *policyQualifiers; |
| 198 » policyQualifier->oid = | 184 policyQualifier->oid = |
| 199 » » SECOID_FindOIDTag(&policyQualifier->qualifierID); | 185 SECOID_FindOIDTag(&policyQualifier->qualifierID); |
| 200 » policyQualifiers++; | 186 policyQualifiers++; |
| 201 » } | 187 } |
| 202 » policyInfos++; | 188 policyInfos++; |
| 203 } | 189 } |
| 204 | 190 |
| 205 return(policies); | 191 return (policies); |
| 206 | 192 |
| 207 loser: | 193 loser: |
| 208 if ( arena != NULL ) { | 194 if (arena != NULL) { |
| 209 » PORT_FreeArena(arena, PR_FALSE); | 195 PORT_FreeArena(arena, PR_FALSE); |
| 210 } | 196 } |
| 211 | 197 |
| 212 return(NULL); | 198 return (NULL); |
| 213 } | 199 } |
| 214 | 200 |
| 215 void | 201 void |
| 216 CERT_DestroyCertificatePoliciesExtension(CERTCertificatePolicies *policies) | 202 CERT_DestroyCertificatePoliciesExtension(CERTCertificatePolicies *policies) |
| 217 { | 203 { |
| 218 if ( policies != NULL ) { | 204 if (policies != NULL) { |
| 219 » PORT_FreeArena(policies->arena, PR_FALSE); | 205 PORT_FreeArena(policies->arena, PR_FALSE); |
| 220 } | 206 } |
| 221 return; | 207 return; |
| 222 } | 208 } |
| 223 | 209 |
| 224 CERTCertificatePolicyMappings * | 210 CERTCertificatePolicyMappings * |
| 225 CERT_DecodePolicyMappingsExtension(SECItem *extnValue) | 211 CERT_DecodePolicyMappingsExtension(SECItem *extnValue) |
| 226 { | 212 { |
| 227 PLArenaPool *arena = NULL; | 213 PLArenaPool *arena = NULL; |
| 228 SECStatus rv; | 214 SECStatus rv; |
| 229 CERTCertificatePolicyMappings *mappings; | 215 CERTCertificatePolicyMappings *mappings; |
| 230 SECItem newExtnValue; | 216 SECItem newExtnValue; |
| 231 | 217 |
| 232 /* make a new arena */ | 218 /* make a new arena */ |
| 233 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 219 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| 234 if ( !arena ) { | 220 if (!arena) { |
| 235 goto loser; | 221 goto loser; |
| 236 } | 222 } |
| 237 | 223 |
| 238 /* allocate the policy mappings structure */ | 224 /* allocate the policy mappings structure */ |
| 239 mappings = (CERTCertificatePolicyMappings *) | 225 mappings = (CERTCertificatePolicyMappings *)PORT_ArenaZAlloc( |
| 240 PORT_ArenaZAlloc(arena, sizeof(CERTCertificatePolicyMappings)); | 226 arena, sizeof(CERTCertificatePolicyMappings)); |
| 241 if ( mappings == NULL ) { | 227 if (mappings == NULL) { |
| 242 goto loser; | 228 goto loser; |
| 243 } | 229 } |
| 244 mappings->arena = arena; | 230 mappings->arena = arena; |
| 245 | 231 |
| 246 /* copy the DER into the arena, since Quick DER returns data that points | 232 /* copy the DER into the arena, since Quick DER returns data that points |
| 247 into the DER input, which may get freed by the caller */ | 233 into the DER input, which may get freed by the caller */ |
| 248 rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue); | 234 rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue); |
| 249 if ( rv != SECSuccess ) { | 235 if (rv != SECSuccess) { |
| 250 goto loser; | 236 goto loser; |
| 251 } | 237 } |
| 252 | 238 |
| 253 /* decode the policy mappings */ | 239 /* decode the policy mappings */ |
| 254 rv = SEC_QuickDERDecodeItem | 240 rv = SEC_QuickDERDecodeItem(arena, mappings, CERT_PolicyMappingsTemplate, |
| 255 (arena, mappings, CERT_PolicyMappingsTemplate, &newExtnValue); | 241 &newExtnValue); |
| 256 if ( rv != SECSuccess ) { | 242 if (rv != SECSuccess) { |
| 257 goto loser; | 243 goto loser; |
| 258 } | 244 } |
| 259 | 245 |
| 260 return(mappings); | 246 return (mappings); |
| 261 | 247 |
| 262 loser: | 248 loser: |
| 263 if ( arena != NULL ) { | 249 if (arena != NULL) { |
| 264 PORT_FreeArena(arena, PR_FALSE); | 250 PORT_FreeArena(arena, PR_FALSE); |
| 265 } | 251 } |
| 266 | 252 |
| 267 return(NULL); | 253 return (NULL); |
| 268 } | 254 } |
| 269 | 255 |
| 270 SECStatus | 256 SECStatus |
| 271 CERT_DestroyPolicyMappingsExtension(CERTCertificatePolicyMappings *mappings) | 257 CERT_DestroyPolicyMappingsExtension(CERTCertificatePolicyMappings *mappings) |
| 272 { | 258 { |
| 273 if ( mappings != NULL ) { | 259 if (mappings != NULL) { |
| 274 PORT_FreeArena(mappings->arena, PR_FALSE); | 260 PORT_FreeArena(mappings->arena, PR_FALSE); |
| 275 } | 261 } |
| 276 return SECSuccess; | 262 return SECSuccess; |
| 277 } | 263 } |
| 278 | 264 |
| 279 SECStatus | 265 SECStatus |
| 280 CERT_DecodePolicyConstraintsExtension | 266 CERT_DecodePolicyConstraintsExtension( |
| 281 (CERTCertificatePolicyConstraints *decodedValue, | 267 CERTCertificatePolicyConstraints *decodedValue, const SECItem *encodedValue) |
| 282 const SECItem *encodedValue) | |
| 283 { | 268 { |
| 284 CERTCertificatePolicyConstraints decodeContext; | 269 CERTCertificatePolicyConstraints decodeContext; |
| 285 PLArenaPool *arena = NULL; | 270 PLArenaPool *arena = NULL; |
| 286 SECStatus rv = SECSuccess; | 271 SECStatus rv = SECSuccess; |
| 287 | 272 |
| 288 /* initialize so we can tell when an optional component is omitted */ | 273 /* initialize so we can tell when an optional component is omitted */ |
| 289 PORT_Memset(&decodeContext, 0, sizeof(decodeContext)); | 274 PORT_Memset(&decodeContext, 0, sizeof(decodeContext)); |
| 290 | 275 |
| 291 /* make a new arena */ | 276 /* make a new arena */ |
| 292 arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); | 277 arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); |
| 293 if (!arena) { | 278 if (!arena) { |
| 294 return SECFailure; | 279 return SECFailure; |
| 295 } | 280 } |
| 296 | 281 |
| 297 do { | 282 do { |
| 298 /* decode the policy constraints */ | 283 /* decode the policy constraints */ |
| 299 rv = SEC_QuickDERDecodeItem(arena, | 284 rv = SEC_QuickDERDecodeItem(arena, &decodeContext, |
| 300 &decodeContext, CERT_PolicyConstraintsTemplate, encodedValue); | 285 CERT_PolicyConstraintsTemplate, |
| 286 encodedValue); |
| 301 | 287 |
| 302 if ( rv != SECSuccess ) { | 288 if (rv != SECSuccess) { |
| 303 break; | 289 break; |
| 304 } | 290 } |
| 305 | 291 |
| 306 if (decodeContext.explicitPolicySkipCerts.len == 0) { | 292 if (decodeContext.explicitPolicySkipCerts.len == 0) { |
| 307 *(PRInt32 *)decodedValue->explicitPolicySkipCerts.data = -1; | 293 *(PRInt32 *)decodedValue->explicitPolicySkipCerts.data = -1; |
| 308 } else { | 294 } else { |
| 309 *(PRInt32 *)decodedValue->explicitPolicySkipCerts.data = | 295 *(PRInt32 *)decodedValue->explicitPolicySkipCerts.data = |
| 310 DER_GetInteger(&decodeContext.explicitPolicySkipCerts); | 296 DER_GetInteger(&decodeContext.explicitPolicySkipCerts); |
| 311 } | 297 } |
| 312 | 298 |
| 313 if (decodeContext.inhibitMappingSkipCerts.len == 0) { | 299 if (decodeContext.inhibitMappingSkipCerts.len == 0) { |
| 314 *(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data = -1; | 300 *(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data = -1; |
| 315 } else { | 301 } else { |
| 316 *(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data = | 302 *(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data = |
| 317 DER_GetInteger(&decodeContext.inhibitMappingSkipCerts); | 303 DER_GetInteger(&decodeContext.inhibitMappingSkipCerts); |
| 318 } | 304 } |
| 319 | 305 |
| 320 if ((*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data == | 306 if ((*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data == |
| 321 PR_INT32_MIN) || | 307 PR_INT32_MIN) || |
| 322 (*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data == | 308 (*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data == |
| 323 PR_INT32_MAX) || | 309 PR_INT32_MAX) || |
| 324 (*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data == | 310 (*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data == |
| 325 PR_INT32_MIN) || | 311 PR_INT32_MIN) || |
| 326 (*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data == | 312 (*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data == |
| 327 PR_INT32_MAX)) { | 313 PR_INT32_MAX)) { |
| 328 rv = SECFailure; | 314 rv = SECFailure; |
| 329 } | 315 } |
| 330 | 316 |
| 331 } while (0); | 317 } while (0); |
| 332 | 318 |
| 333 PORT_FreeArena(arena, PR_FALSE); | 319 PORT_FreeArena(arena, PR_FALSE); |
| 334 return(rv); | 320 return (rv); |
| 335 } | 321 } |
| 336 | 322 |
| 337 SECStatus CERT_DecodeInhibitAnyExtension | 323 SECStatus |
| 338 (CERTCertificateInhibitAny *decodedValue, SECItem *encodedValue) | 324 CERT_DecodeInhibitAnyExtension(CERTCertificateInhibitAny *decodedValue, |
| 325 SECItem *encodedValue) |
| 339 { | 326 { |
| 340 CERTCertificateInhibitAny decodeContext; | 327 CERTCertificateInhibitAny decodeContext; |
| 341 PLArenaPool *arena = NULL; | 328 PLArenaPool *arena = NULL; |
| 342 SECStatus rv = SECSuccess; | 329 SECStatus rv = SECSuccess; |
| 343 | 330 |
| 344 /* make a new arena */ | 331 /* make a new arena */ |
| 345 arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); | 332 arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); |
| 346 if ( !arena ) { | 333 if (!arena) { |
| 347 return SECFailure; | 334 return SECFailure; |
| 348 } | 335 } |
| 349 | 336 |
| 350 do { | 337 do { |
| 351 | 338 |
| 352 /* decode the policy mappings */ | 339 /* decode the policy mappings */ |
| 353 decodeContext.inhibitAnySkipCerts.type = siUnsignedInteger; | 340 decodeContext.inhibitAnySkipCerts.type = siUnsignedInteger; |
| 354 rv = SEC_QuickDERDecodeItem(arena, | 341 rv = SEC_QuickDERDecodeItem(arena, &decodeContext, |
| 355 &decodeContext, CERT_InhibitAnyTemplate, encodedValue); | 342 CERT_InhibitAnyTemplate, encodedValue); |
| 356 | 343 |
| 357 if ( rv != SECSuccess ) { | 344 if (rv != SECSuccess) { |
| 358 break; | 345 break; |
| 359 } | 346 } |
| 360 | 347 |
| 361 *(PRInt32 *)decodedValue->inhibitAnySkipCerts.data = | 348 *(PRInt32 *)decodedValue->inhibitAnySkipCerts.data = |
| 362 DER_GetInteger(&decodeContext.inhibitAnySkipCerts); | 349 DER_GetInteger(&decodeContext.inhibitAnySkipCerts); |
| 363 | 350 |
| 364 } while (0); | 351 } while (0); |
| 365 | 352 |
| 366 PORT_FreeArena(arena, PR_FALSE); | 353 PORT_FreeArena(arena, PR_FALSE); |
| 367 return(rv); | 354 return (rv); |
| 368 } | 355 } |
| 369 | 356 |
| 370 CERTUserNotice * | 357 CERTUserNotice * |
| 371 CERT_DecodeUserNotice(SECItem *noticeItem) | 358 CERT_DecodeUserNotice(SECItem *noticeItem) |
| 372 { | 359 { |
| 373 PLArenaPool *arena = NULL; | 360 PLArenaPool *arena = NULL; |
| 374 SECStatus rv; | 361 SECStatus rv; |
| 375 CERTUserNotice *userNotice; | 362 CERTUserNotice *userNotice; |
| 376 SECItem newNoticeItem; | 363 SECItem newNoticeItem; |
| 377 | 364 |
| 378 /* make a new arena */ | 365 /* make a new arena */ |
| 379 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 366 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| 380 | 367 |
| 381 if ( !arena ) { | 368 if (!arena) { |
| 382 » goto loser; | 369 goto loser; |
| 383 } | 370 } |
| 384 | 371 |
| 385 /* allocate the userNotice structure */ | 372 /* allocate the userNotice structure */ |
| 386 userNotice = (CERTUserNotice *)PORT_ArenaZAlloc(arena, | 373 userNotice = |
| 387 » » » » » » sizeof(CERTUserNotice)); | 374 (CERTUserNotice *)PORT_ArenaZAlloc(arena, sizeof(CERTUserNotice)); |
| 388 | 375 |
| 389 if ( userNotice == NULL ) { | 376 if (userNotice == NULL) { |
| 390 » goto loser; | 377 goto loser; |
| 391 } | 378 } |
| 392 | 379 |
| 393 userNotice->arena = arena; | 380 userNotice->arena = arena; |
| 394 | 381 |
| 395 /* copy the DER into the arena, since Quick DER returns data that points | 382 /* copy the DER into the arena, since Quick DER returns data that points |
| 396 into the DER input, which may get freed by the caller */ | 383 into the DER input, which may get freed by the caller */ |
| 397 rv = SECITEM_CopyItem(arena, &newNoticeItem, noticeItem); | 384 rv = SECITEM_CopyItem(arena, &newNoticeItem, noticeItem); |
| 398 if ( rv != SECSuccess ) { | 385 if (rv != SECSuccess) { |
| 399 » goto loser; | 386 goto loser; |
| 400 } | 387 } |
| 401 | 388 |
| 402 /* decode the user notice */ | 389 /* decode the user notice */ |
| 403 rv = SEC_QuickDERDecodeItem(arena, userNotice, CERT_UserNoticeTemplate, | 390 rv = SEC_QuickDERDecodeItem(arena, userNotice, CERT_UserNoticeTemplate, |
| 404 » » » &newNoticeItem); | 391 &newNoticeItem); |
| 405 | 392 |
| 406 if ( rv != SECSuccess ) { | 393 if (rv != SECSuccess) { |
| 407 » goto loser; | 394 goto loser; |
| 408 } | 395 } |
| 409 | 396 |
| 410 if (userNotice->derNoticeReference.data != NULL) { | 397 if (userNotice->derNoticeReference.data != NULL) { |
| 411 | 398 |
| 412 rv = SEC_QuickDERDecodeItem(arena, &userNotice->noticeReference, | 399 rv = SEC_QuickDERDecodeItem(arena, &userNotice->noticeReference, |
| 413 CERT_NoticeReferenceTemplate, | 400 CERT_NoticeReferenceTemplate, |
| 414 &userNotice->derNoticeReference); | 401 &userNotice->derNoticeReference); |
| 415 if (rv == SECFailure) { | 402 if (rv == SECFailure) { |
| 416 goto loser; | 403 goto loser; |
| 417 » } | 404 } |
| 418 } | 405 } |
| 419 | 406 |
| 420 return(userNotice); | 407 return (userNotice); |
| 421 | 408 |
| 422 loser: | 409 loser: |
| 423 if ( arena != NULL ) { | 410 if (arena != NULL) { |
| 424 » PORT_FreeArena(arena, PR_FALSE); | 411 PORT_FreeArena(arena, PR_FALSE); |
| 425 } | 412 } |
| 426 | 413 |
| 427 return(NULL); | 414 return (NULL); |
| 428 } | 415 } |
| 429 | 416 |
| 430 void | 417 void |
| 431 CERT_DestroyUserNotice(CERTUserNotice *userNotice) | 418 CERT_DestroyUserNotice(CERTUserNotice *userNotice) |
| 432 { | 419 { |
| 433 if ( userNotice != NULL ) { | 420 if (userNotice != NULL) { |
| 434 » PORT_FreeArena(userNotice->arena, PR_FALSE); | 421 PORT_FreeArena(userNotice->arena, PR_FALSE); |
| 435 } | 422 } |
| 436 return; | 423 return; |
| 437 } | 424 } |
| 438 | 425 |
| 439 static CERTPolicyStringCallback policyStringCB = NULL; | 426 static CERTPolicyStringCallback policyStringCB = NULL; |
| 440 static void *policyStringCBArg = NULL; | 427 static void *policyStringCBArg = NULL; |
| 441 | 428 |
| 442 void | 429 void |
| 443 CERT_SetCAPolicyStringCallback(CERTPolicyStringCallback cb, void *cbarg) | 430 CERT_SetCAPolicyStringCallback(CERTPolicyStringCallback cb, void *cbarg) |
| 444 { | 431 { |
| 445 policyStringCB = cb; | 432 policyStringCB = cb; |
| 446 policyStringCBArg = cbarg; | 433 policyStringCBArg = cbarg; |
| 447 return; | 434 return; |
| 448 } | 435 } |
| 449 | 436 |
| 450 char * | 437 char * |
| 451 stringFromUserNotice(SECItem *noticeItem) | 438 stringFromUserNotice(SECItem *noticeItem) |
| 452 { | 439 { |
| 453 SECItem *org; | 440 SECItem *org; |
| 454 unsigned int len, headerlen; | 441 unsigned int len, headerlen; |
| 455 char *stringbuf; | 442 char *stringbuf; |
| 456 CERTUserNotice *userNotice; | 443 CERTUserNotice *userNotice; |
| 457 char *policystr; | 444 char *policystr; |
| 458 char *retstr = NULL; | 445 char *retstr = NULL; |
| 459 SECItem *displayText; | 446 SECItem *displayText; |
| 460 SECItem **noticeNumbers; | 447 SECItem **noticeNumbers; |
| 461 unsigned int strnum; | 448 unsigned int strnum; |
| 462 | 449 |
| 463 /* decode the user notice */ | 450 /* decode the user notice */ |
| 464 userNotice = CERT_DecodeUserNotice(noticeItem); | 451 userNotice = CERT_DecodeUserNotice(noticeItem); |
| 465 if ( userNotice == NULL ) { | 452 if (userNotice == NULL) { |
| 466 » return(NULL); | 453 return (NULL); |
| 467 } | |
| 468 | |
| 469 org = &userNotice->noticeReference.organization; | |
| 470 if ( (org->len != 0 ) && ( policyStringCB != NULL ) ) { | |
| 471 » /* has a noticeReference */ | |
| 472 | |
| 473 » /* extract the org string */ | |
| 474 » len = org->len; | |
| 475 » stringbuf = (char*)PORT_Alloc(len + 1); | |
| 476 » if ( stringbuf != NULL ) { | |
| 477 » PORT_Memcpy(stringbuf, org->data, len); | |
| 478 » stringbuf[len] = '\0'; | |
| 479 | |
| 480 » noticeNumbers = userNotice->noticeReference.noticeNumbers; | |
| 481 » while ( *noticeNumbers != NULL ) { | |
| 482 » » /* XXX - only one byte integers right now*/ | |
| 483 » » strnum = (*noticeNumbers)->data[0]; | |
| 484 » » policystr = (* policyStringCB)(stringbuf, | |
| 485 » » » » » strnum, | |
| 486 » » » » » policyStringCBArg); | |
| 487 » » if ( policystr != NULL ) { | |
| 488 » » if ( retstr != NULL ) { | |
| 489 » » » retstr = PR_sprintf_append(retstr, "\n%s", policystr); | |
| 490 » » } else { | |
| 491 » » » retstr = PR_sprintf_append(retstr, "%s", policystr); | |
| 492 » » } | |
| 493 | |
| 494 » » PORT_Free(policystr); | |
| 495 » » } | |
| 496 » » | |
| 497 » » noticeNumbers++; | |
| 498 » } | |
| 499 | |
| 500 » PORT_Free(stringbuf); | |
| 501 » } | |
| 502 } | 454 } |
| 503 | 455 |
| 504 if ( retstr == NULL ) { | 456 org = &userNotice->noticeReference.organization; |
| 505 » if ( userNotice->displayText.len != 0 ) { | 457 if ((org->len != 0) && (policyStringCB != NULL)) { |
| 506 » displayText = &userNotice->displayText; | 458 /* has a noticeReference */ |
| 507 | 459 |
| 508 » if ( displayText->len > 2 ) { | 460 /* extract the org string */ |
| 509 » » if ( displayText->data[0] == SEC_ASN1_VISIBLE_STRING ) { | 461 len = org->len; |
| 510 » » headerlen = 2; | 462 stringbuf = (char *)PORT_Alloc(len + 1); |
| 511 » » if ( displayText->data[1] & 0x80 ) { | 463 if (stringbuf != NULL) { |
| 512 » » » /* multibyte length */ | 464 PORT_Memcpy(stringbuf, org->data, len); |
| 513 » » » headerlen += ( displayText->data[1] & 0x7f ); | 465 stringbuf[len] = '\0'; |
| 514 » » } | |
| 515 | 466 |
| 516 » » len = displayText->len - headerlen; | 467 noticeNumbers = userNotice->noticeReference.noticeNumbers; |
| 517 » » retstr = (char*)PORT_Alloc(len + 1); | 468 while (*noticeNumbers != NULL) { |
| 518 » » if ( retstr != NULL ) { | 469 /* XXX - only one byte integers right now*/ |
| 519 » » » PORT_Memcpy(retstr, &displayText->data[headerlen],len); | 470 strnum = (*noticeNumbers)->data[0]; |
| 520 » » » retstr[len] = '\0'; | 471 policystr = |
| 521 » » } | 472 (*policyStringCB)(stringbuf, strnum, policyStringCBArg); |
| 522 » » } | 473 if (policystr != NULL) { |
| 523 » } | 474 if (retstr != NULL) { |
| 524 » } | 475 retstr = PR_sprintf_append(retstr, "\n%s", policystr); |
| 476 } else { |
| 477 retstr = PR_sprintf_append(retstr, "%s", policystr); |
| 478 } |
| 479 |
| 480 PORT_Free(policystr); |
| 481 } |
| 482 |
| 483 noticeNumbers++; |
| 484 } |
| 485 |
| 486 PORT_Free(stringbuf); |
| 487 } |
| 525 } | 488 } |
| 526 | 489 |
| 490 if (retstr == NULL) { |
| 491 if (userNotice->displayText.len != 0) { |
| 492 displayText = &userNotice->displayText; |
| 493 |
| 494 if (displayText->len > 2) { |
| 495 if (displayText->data[0] == SEC_ASN1_VISIBLE_STRING) { |
| 496 headerlen = 2; |
| 497 if (displayText->data[1] & 0x80) { |
| 498 /* multibyte length */ |
| 499 headerlen += (displayText->data[1] & 0x7f); |
| 500 } |
| 501 |
| 502 len = displayText->len - headerlen; |
| 503 retstr = (char *)PORT_Alloc(len + 1); |
| 504 if (retstr != NULL) { |
| 505 PORT_Memcpy(retstr, &displayText->data[headerlen], len); |
| 506 retstr[len] = '\0'; |
| 507 } |
| 508 } |
| 509 } |
| 510 } |
| 511 } |
| 512 |
| 527 CERT_DestroyUserNotice(userNotice); | 513 CERT_DestroyUserNotice(userNotice); |
| 528 | 514 |
| 529 return(retstr); | 515 return (retstr); |
| 530 } | 516 } |
| 531 | 517 |
| 532 char * | 518 char * |
| 533 CERT_GetCertCommentString(CERTCertificate *cert) | 519 CERT_GetCertCommentString(CERTCertificate *cert) |
| 534 { | 520 { |
| 535 char *retstring = NULL; | 521 char *retstring = NULL; |
| 536 SECStatus rv; | 522 SECStatus rv; |
| 537 SECItem policyItem; | 523 SECItem policyItem; |
| 538 CERTCertificatePolicies *policies = NULL; | 524 CERTCertificatePolicies *policies = NULL; |
| 539 CERTPolicyInfo **policyInfos; | 525 CERTPolicyInfo **policyInfos; |
| 540 CERTPolicyQualifier **policyQualifiers, *qualifier; | 526 CERTPolicyQualifier **policyQualifiers, *qualifier; |
| 541 | 527 |
| 542 policyItem.data = NULL; | 528 policyItem.data = NULL; |
| 543 | 529 |
| 544 rv = CERT_FindCertExtension(cert, SEC_OID_X509_CERTIFICATE_POLICIES, | 530 rv = CERT_FindCertExtension(cert, SEC_OID_X509_CERTIFICATE_POLICIES, |
| 545 » » » » &policyItem); | 531 &policyItem); |
| 546 if ( rv != SECSuccess ) { | 532 if (rv != SECSuccess) { |
| 547 » goto nopolicy; | 533 goto nopolicy; |
| 548 } | 534 } |
| 549 | 535 |
| 550 policies = CERT_DecodeCertificatePoliciesExtension(&policyItem); | 536 policies = CERT_DecodeCertificatePoliciesExtension(&policyItem); |
| 551 if ( policies == NULL ) { | 537 if (policies == NULL) { |
| 552 » goto nopolicy; | 538 goto nopolicy; |
| 553 } | 539 } |
| 554 | 540 |
| 555 policyInfos = policies->policyInfos; | 541 policyInfos = policies->policyInfos; |
| 556 /* search through policyInfos looking for the verisign policy */ | 542 /* search through policyInfos looking for the verisign policy */ |
| 557 while (*policyInfos != NULL ) { | 543 while (*policyInfos != NULL) { |
| 558 » if ( (*policyInfos)->oid == SEC_OID_VERISIGN_USER_NOTICES ) { | 544 if ((*policyInfos)->oid == SEC_OID_VERISIGN_USER_NOTICES) { |
| 559 » policyQualifiers = (*policyInfos)->policyQualifiers; | 545 policyQualifiers = (*policyInfos)->policyQualifiers; |
| 560 » /* search through the policy qualifiers looking for user notice */ | 546 /* search through the policy qualifiers looking for user notice */ |
| 561 » while ( policyQualifiers != NULL && *policyQualifiers != NULL ) { | 547 while (policyQualifiers != NULL && *policyQualifiers != NULL) { |
| 562 » » qualifier = *policyQualifiers; | 548 qualifier = *policyQualifiers; |
| 563 » » if ( qualifier->oid == SEC_OID_PKIX_USER_NOTICE_QUALIFIER ) { | 549 if (qualifier->oid == SEC_OID_PKIX_USER_NOTICE_QUALIFIER) { |
| 564 » » retstring = | 550 retstring = |
| 565 » » » stringFromUserNotice(&qualifier->qualifierValue); | 551 stringFromUserNotice(&qualifier->qualifierValue); |
| 566 » » break; | 552 break; |
| 567 » » } | 553 } |
| 568 | 554 |
| 569 » » policyQualifiers++; | 555 policyQualifiers++; |
| 570 » } | 556 } |
| 571 » break; | 557 break; |
| 572 » } | 558 } |
| 573 » policyInfos++; | 559 policyInfos++; |
| 574 } | 560 } |
| 575 | 561 |
| 576 nopolicy: | 562 nopolicy: |
| 577 if ( policyItem.data != NULL ) { | 563 if (policyItem.data != NULL) { |
| 578 » PORT_Free(policyItem.data); | 564 PORT_Free(policyItem.data); |
| 579 } | 565 } |
| 580 | 566 |
| 581 if ( policies != NULL ) { | 567 if (policies != NULL) { |
| 582 » CERT_DestroyCertificatePoliciesExtension(policies); | 568 CERT_DestroyCertificatePoliciesExtension(policies); |
| 583 } | 569 } |
| 584 | 570 |
| 585 if ( retstring == NULL ) { | 571 if (retstring == NULL) { |
| 586 » retstring = CERT_FindNSStringExtension(cert, | 572 retstring = |
| 587 » » » » » SEC_OID_NS_CERT_EXT_COMMENT); | 573 CERT_FindNSStringExtension(cert, SEC_OID_NS_CERT_EXT_COMMENT); |
| 588 } | 574 } |
| 589 | 575 |
| 590 if ( retstring != NULL ) { | 576 if (retstring != NULL) { |
| 591 » breakLines(retstring); | 577 breakLines(retstring); |
| 592 } | 578 } |
| 593 | 579 |
| 594 return(retstring); | 580 return (retstring); |
| 595 } | 581 } |
| 596 | 582 |
| 597 | |
| 598 const SEC_ASN1Template CERT_OidSeqTemplate[] = { | 583 const SEC_ASN1Template CERT_OidSeqTemplate[] = { |
| 599 { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, | 584 { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, offsetof(CERTOidSequence, oids), |
| 600 » offsetof(CERTOidSequence, oids), | 585 SEC_ASN1_SUB(SEC_ObjectIDTemplate) } |
| 601 » SEC_ASN1_SUB(SEC_ObjectIDTemplate) } | |
| 602 }; | 586 }; |
| 603 | 587 |
| 604 CERTOidSequence * | 588 CERTOidSequence * |
| 605 CERT_DecodeOidSequence(const SECItem *seqItem) | 589 CERT_DecodeOidSequence(const SECItem *seqItem) |
| 606 { | 590 { |
| 607 PLArenaPool *arena = NULL; | 591 PLArenaPool *arena = NULL; |
| 608 SECStatus rv; | 592 SECStatus rv; |
| 609 CERTOidSequence *oidSeq; | 593 CERTOidSequence *oidSeq; |
| 610 SECItem newSeqItem; | 594 SECItem newSeqItem; |
| 611 | 595 |
| 612 /* make a new arena */ | 596 /* make a new arena */ |
| 613 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | 597 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| 614 | 598 |
| 615 if ( !arena ) { | 599 if (!arena) { |
| 616 » goto loser; | 600 goto loser; |
| 617 } | 601 } |
| 618 | 602 |
| 619 /* allocate the userNotice structure */ | 603 /* allocate the userNotice structure */ |
| 620 oidSeq = (CERTOidSequence *)PORT_ArenaZAlloc(arena, | 604 oidSeq = |
| 621 » » » » » » sizeof(CERTOidSequence)); | 605 (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence)); |
| 622 | 606 |
| 623 if ( oidSeq == NULL ) { | 607 if (oidSeq == NULL) { |
| 624 » goto loser; | 608 goto loser; |
| 625 } | 609 } |
| 626 | 610 |
| 627 oidSeq->arena = arena; | 611 oidSeq->arena = arena; |
| 628 | 612 |
| 629 /* copy the DER into the arena, since Quick DER returns data that points | 613 /* copy the DER into the arena, since Quick DER returns data that points |
| 630 into the DER input, which may get freed by the caller */ | 614 into the DER input, which may get freed by the caller */ |
| 631 rv = SECITEM_CopyItem(arena, &newSeqItem, seqItem); | 615 rv = SECITEM_CopyItem(arena, &newSeqItem, seqItem); |
| 632 if ( rv != SECSuccess ) { | 616 if (rv != SECSuccess) { |
| 633 » goto loser; | 617 goto loser; |
| 634 } | 618 } |
| 635 | 619 |
| 636 /* decode the user notice */ | 620 /* decode the user notice */ |
| 637 rv = SEC_QuickDERDecodeItem(arena, oidSeq, CERT_OidSeqTemplate, &newSeqItem)
; | 621 rv = |
| 622 SEC_QuickDERDecodeItem(arena, oidSeq, CERT_OidSeqTemplate, &newSeqItem); |
| 638 | 623 |
| 639 if ( rv != SECSuccess ) { | 624 if (rv != SECSuccess) { |
| 640 » goto loser; | 625 goto loser; |
| 641 } | 626 } |
| 642 | 627 |
| 643 return(oidSeq); | 628 return (oidSeq); |
| 644 | 629 |
| 645 loser: | 630 loser: |
| 646 if (arena) { | 631 if (arena) { |
| 647 PORT_FreeArena(arena, PR_FALSE); | 632 PORT_FreeArena(arena, PR_FALSE); |
| 648 } | 633 } |
| 649 return(NULL); | 634 return (NULL); |
| 650 } | 635 } |
| 651 | 636 |
| 652 | |
| 653 void | 637 void |
| 654 CERT_DestroyOidSequence(CERTOidSequence *oidSeq) | 638 CERT_DestroyOidSequence(CERTOidSequence *oidSeq) |
| 655 { | 639 { |
| 656 if ( oidSeq != NULL ) { | 640 if (oidSeq != NULL) { |
| 657 » PORT_FreeArena(oidSeq->arena, PR_FALSE); | 641 PORT_FreeArena(oidSeq->arena, PR_FALSE); |
| 658 } | 642 } |
| 659 return; | 643 return; |
| 660 } | 644 } |
| 661 | 645 |
| 662 PRBool | 646 PRBool |
| 663 CERT_GovtApprovedBitSet(CERTCertificate *cert) | 647 CERT_GovtApprovedBitSet(CERTCertificate *cert) |
| 664 { | 648 { |
| 665 SECStatus rv; | 649 SECStatus rv; |
| 666 SECItem extItem; | 650 SECItem extItem; |
| 667 CERTOidSequence *oidSeq = NULL; | 651 CERTOidSequence *oidSeq = NULL; |
| 668 PRBool ret; | 652 PRBool ret; |
| 669 SECItem **oids; | 653 SECItem **oids; |
| 670 SECItem *oid; | 654 SECItem *oid; |
| 671 SECOidTag oidTag; | 655 SECOidTag oidTag; |
| 672 | 656 |
| 673 extItem.data = NULL; | 657 extItem.data = NULL; |
| 674 rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE, &extItem); | 658 rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE, &extItem); |
| 675 if ( rv != SECSuccess ) { | 659 if (rv != SECSuccess) { |
| 676 » goto loser; | 660 goto loser; |
| 677 } | 661 } |
| 678 | 662 |
| 679 oidSeq = CERT_DecodeOidSequence(&extItem); | 663 oidSeq = CERT_DecodeOidSequence(&extItem); |
| 680 if ( oidSeq == NULL ) { | 664 if (oidSeq == NULL) { |
| 681 » goto loser; | 665 goto loser; |
| 682 } | 666 } |
| 683 | 667 |
| 684 oids = oidSeq->oids; | 668 oids = oidSeq->oids; |
| 685 while ( oids != NULL && *oids != NULL ) { | 669 while (oids != NULL && *oids != NULL) { |
| 686 » oid = *oids; | 670 oid = *oids; |
| 687 » | 671 |
| 688 » oidTag = SECOID_FindOIDTag(oid); | 672 oidTag = SECOID_FindOIDTag(oid); |
| 689 » | 673 |
| 690 » if ( oidTag == SEC_OID_NS_KEY_USAGE_GOVT_APPROVED ) { | 674 if (oidTag == SEC_OID_NS_KEY_USAGE_GOVT_APPROVED) { |
| 691 » goto success; | 675 goto success; |
| 692 » } | 676 } |
| 693 » | 677 |
| 694 » oids++; | 678 oids++; |
| 695 } | 679 } |
| 696 | 680 |
| 697 loser: | 681 loser: |
| 698 ret = PR_FALSE; | 682 ret = PR_FALSE; |
| 699 goto done; | 683 goto done; |
| 700 success: | 684 success: |
| 701 ret = PR_TRUE; | 685 ret = PR_TRUE; |
| 702 done: | 686 done: |
| 703 if ( oidSeq != NULL ) { | 687 if (oidSeq != NULL) { |
| 704 » CERT_DestroyOidSequence(oidSeq); | 688 CERT_DestroyOidSequence(oidSeq); |
| 705 } | 689 } |
| 706 if (extItem.data != NULL) { | 690 if (extItem.data != NULL) { |
| 707 » PORT_Free(extItem.data); | 691 PORT_Free(extItem.data); |
| 708 } | 692 } |
| 709 return(ret); | 693 return (ret); |
| 710 } | 694 } |
| 711 | 695 |
| 712 | |
| 713 SECStatus | 696 SECStatus |
| 714 CERT_EncodePolicyConstraintsExtension(PLArenaPool *arena, | 697 CERT_EncodePolicyConstraintsExtension(PLArenaPool *arena, |
| 715 CERTCertificatePolicyConstraints *constr, | 698 CERTCertificatePolicyConstraints *constr, |
| 716 SECItem *dest) | 699 SECItem *dest) |
| 717 { | 700 { |
| 718 SECStatus rv = SECSuccess; | 701 SECStatus rv = SECSuccess; |
| 719 | 702 |
| 720 PORT_Assert(constr != NULL && dest != NULL); | 703 PORT_Assert(constr != NULL && dest != NULL); |
| 721 if (constr == NULL || dest == NULL) { | 704 if (constr == NULL || dest == NULL) { |
| 722 » return SECFailure; | 705 return SECFailure; |
| 723 } | 706 } |
| 724 | 707 |
| 725 if (SEC_ASN1EncodeItem (arena, dest, constr, | 708 if (SEC_ASN1EncodeItem(arena, dest, constr, |
| 726 CERT_PolicyConstraintsTemplate) == NULL) { | 709 CERT_PolicyConstraintsTemplate) == NULL) { |
| 727 » rv = SECFailure; | 710 rv = SECFailure; |
| 728 } | 711 } |
| 729 return(rv); | 712 return (rv); |
| 730 } | 713 } |
| 731 | 714 |
| 732 SECStatus | 715 SECStatus |
| 733 CERT_EncodePolicyMappingExtension(PLArenaPool *arena, | 716 CERT_EncodePolicyMappingExtension(PLArenaPool *arena, |
| 734 CERTCertificatePolicyMappings *mapping, | 717 CERTCertificatePolicyMappings *mapping, |
| 735 SECItem *dest) | 718 SECItem *dest) |
| 736 { | 719 { |
| 737 SECStatus rv = SECSuccess; | 720 SECStatus rv = SECSuccess; |
| 738 | 721 |
| 739 PORT_Assert(mapping != NULL && dest != NULL); | 722 PORT_Assert(mapping != NULL && dest != NULL); |
| 740 if (mapping == NULL || dest == NULL) { | 723 if (mapping == NULL || dest == NULL) { |
| 741 » return SECFailure; | 724 return SECFailure; |
| 742 } | 725 } |
| 743 | 726 |
| 744 if (SEC_ASN1EncodeItem (arena, dest, mapping, | 727 if (SEC_ASN1EncodeItem(arena, dest, mapping, CERT_PolicyMappingsTemplate) == |
| 745 CERT_PolicyMappingsTemplate) == NULL) { | 728 NULL) { |
| 746 » rv = SECFailure; | 729 rv = SECFailure; |
| 747 } | 730 } |
| 748 return(rv); | 731 return (rv); |
| 749 } | 732 } |
| 750 | 733 |
| 751 | |
| 752 | |
| 753 SECStatus | 734 SECStatus |
| 754 CERT_EncodeCertPoliciesExtension(PLArenaPool *arena, | 735 CERT_EncodeCertPoliciesExtension(PLArenaPool *arena, CERTPolicyInfo **info, |
| 755 CERTPolicyInfo **info, | |
| 756 SECItem *dest) | 736 SECItem *dest) |
| 757 { | 737 { |
| 758 SECStatus rv = SECSuccess; | 738 SECStatus rv = SECSuccess; |
| 759 | 739 |
| 760 PORT_Assert(info != NULL && dest != NULL); | 740 PORT_Assert(info != NULL && dest != NULL); |
| 761 if (info == NULL || dest == NULL) { | 741 if (info == NULL || dest == NULL) { |
| 762 » return SECFailure; | 742 return SECFailure; |
| 763 } | 743 } |
| 764 | 744 |
| 765 if (SEC_ASN1EncodeItem (arena, dest, info, | 745 if (SEC_ASN1EncodeItem(arena, dest, info, |
| 766 CERT_CertificatePoliciesTemplate) == NULL) { | 746 CERT_CertificatePoliciesTemplate) == NULL) { |
| 767 » rv = SECFailure; | 747 rv = SECFailure; |
| 768 } | 748 } |
| 769 return(rv); | 749 return (rv); |
| 770 } | 750 } |
| 771 | 751 |
| 772 SECStatus | 752 SECStatus |
| 773 CERT_EncodeUserNotice(PLArenaPool *arena, | 753 CERT_EncodeUserNotice(PLArenaPool *arena, CERTUserNotice *notice, SECItem *dest) |
| 774 CERTUserNotice *notice, | |
| 775 SECItem *dest) | |
| 776 { | 754 { |
| 777 SECStatus rv = SECSuccess; | 755 SECStatus rv = SECSuccess; |
| 778 | 756 |
| 779 PORT_Assert(notice != NULL && dest != NULL); | 757 PORT_Assert(notice != NULL && dest != NULL); |
| 780 if (notice == NULL || dest == NULL) { | 758 if (notice == NULL || dest == NULL) { |
| 781 » return SECFailure; | 759 return SECFailure; |
| 782 } | 760 } |
| 783 | 761 |
| 784 if (SEC_ASN1EncodeItem(arena, dest, | 762 if (SEC_ASN1EncodeItem(arena, dest, notice, CERT_UserNoticeTemplate) == |
| 785 notice, CERT_UserNoticeTemplate) == NULL) { | 763 NULL) { |
| 786 » rv = SECFailure; | 764 rv = SECFailure; |
| 787 } | 765 } |
| 788 | 766 |
| 789 return(rv); | 767 return (rv); |
| 790 } | 768 } |
| 791 | 769 |
| 792 SECStatus | 770 SECStatus |
| 793 CERT_EncodeNoticeReference(PLArenaPool *arena, | 771 CERT_EncodeNoticeReference(PLArenaPool *arena, CERTNoticeReference *reference, |
| 794 CERTNoticeReference *reference, | |
| 795 SECItem *dest) | 772 SECItem *dest) |
| 796 { | 773 { |
| 797 SECStatus rv = SECSuccess; | 774 SECStatus rv = SECSuccess; |
| 798 | 775 |
| 799 PORT_Assert(reference != NULL && dest != NULL); | 776 PORT_Assert(reference != NULL && dest != NULL); |
| 800 if (reference == NULL || dest == NULL) { | 777 if (reference == NULL || dest == NULL) { |
| 801 » return SECFailure; | 778 return SECFailure; |
| 802 } | 779 } |
| 803 | 780 |
| 804 if (SEC_ASN1EncodeItem (arena, dest, reference, | 781 if (SEC_ASN1EncodeItem(arena, dest, reference, |
| 805 CERT_NoticeReferenceTemplate) == NULL) { | 782 CERT_NoticeReferenceTemplate) == NULL) { |
| 806 » rv = SECFailure; | 783 rv = SECFailure; |
| 807 } | 784 } |
| 808 | 785 |
| 809 return(rv); | 786 return (rv); |
| 810 } | 787 } |
| 811 | 788 |
| 812 SECStatus | 789 SECStatus |
| 813 CERT_EncodeInhibitAnyExtension(PLArenaPool *arena, | 790 CERT_EncodeInhibitAnyExtension(PLArenaPool *arena, |
| 814 CERTCertificateInhibitAny *certInhibitAny, | 791 CERTCertificateInhibitAny *certInhibitAny, |
| 815 SECItem *dest) | 792 SECItem *dest) |
| 816 { | 793 { |
| 817 SECStatus rv = SECSuccess; | 794 SECStatus rv = SECSuccess; |
| 818 | 795 |
| 819 PORT_Assert(certInhibitAny != NULL && dest != NULL); | 796 PORT_Assert(certInhibitAny != NULL && dest != NULL); |
| 820 if (certInhibitAny == NULL || dest == NULL) { | 797 if (certInhibitAny == NULL || dest == NULL) { |
| 821 » return SECFailure; | 798 return SECFailure; |
| 822 } | 799 } |
| 823 | 800 |
| 824 if (SEC_ASN1EncodeItem (arena, dest, certInhibitAny, | 801 if (SEC_ASN1EncodeItem(arena, dest, certInhibitAny, |
| 825 CERT_InhibitAnyTemplate) == NULL) { | 802 CERT_InhibitAnyTemplate) == NULL) { |
| 826 » rv = SECFailure; | 803 rv = SECFailure; |
| 827 } | 804 } |
| 828 return(rv); | 805 return (rv); |
| 829 } | 806 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1843333003:
Update NSPR to 4.12 and NSS to 3.23 on iOS (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/nss.git@master