| Index: nss/lib/certdb/polcyxtn.c
|
| diff --git a/nss/lib/certdb/polcyxtn.c b/nss/lib/certdb/polcyxtn.c
|
| deleted file mode 100644
|
| index aae34e243370bc58d4a203927a3c30ba0cffd77d..0000000000000000000000000000000000000000
|
| --- a/nss/lib/certdb/polcyxtn.c
|
| +++ /dev/null
|
| @@ -1,806 +0,0 @@
|
| -/* This Source Code Form is subject to the terms of the Mozilla Public
|
| - * License, v. 2.0. If a copy of the MPL was not distributed with this
|
| - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
| -
|
| -/*
|
| - * Support for various policy related extensions
|
| - */
|
| -
|
| -#include "seccomon.h"
|
| -#include "secport.h"
|
| -#include "secder.h"
|
| -#include "cert.h"
|
| -#include "secoid.h"
|
| -#include "secasn1.h"
|
| -#include "secerr.h"
|
| -#include "nspr.h"
|
| -
|
| -SEC_ASN1_MKSUB(SEC_IntegerTemplate)
|
| -SEC_ASN1_MKSUB(SEC_ObjectIDTemplate)
|
| -
|
| -const SEC_ASN1Template CERT_DisplayTextTypeTemplate[] = {
|
| - { SEC_ASN1_CHOICE, offsetof(SECItem, type), 0, sizeof(SECItem) },
|
| - { SEC_ASN1_IA5_STRING, 0, 0, siAsciiString },
|
| - { SEC_ASN1_VISIBLE_STRING, 0, 0, siVisibleString },
|
| - { SEC_ASN1_BMP_STRING, 0, 0, siBMPString },
|
| - { SEC_ASN1_UTF8_STRING, 0, 0, siUTF8String },
|
| - { 0 }
|
| -};
|
| -
|
| -const SEC_ASN1Template CERT_NoticeReferenceTemplate[] = {
|
| - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTNoticeReference) },
|
| - { SEC_ASN1_INLINE, offsetof(CERTNoticeReference, organization),
|
| - CERT_DisplayTextTypeTemplate, 0 },
|
| - { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN,
|
| - offsetof(CERTNoticeReference, noticeNumbers),
|
| - SEC_ASN1_SUB(SEC_IntegerTemplate) },
|
| - { 0 }
|
| -};
|
| -
|
| -const SEC_ASN1Template CERT_UserNoticeTemplate[] = {
|
| - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTUserNotice) },
|
| - { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL,
|
| - offsetof(CERTUserNotice, noticeReference), CERT_NoticeReferenceTemplate,
|
| - 0 },
|
| - { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL,
|
| - offsetof(CERTUserNotice, displayText), CERT_DisplayTextTypeTemplate, 0 },
|
| - { 0 }
|
| -};
|
| -
|
| -const SEC_ASN1Template CERT_PolicyQualifierTemplate[] = {
|
| - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPolicyQualifier) },
|
| - { SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyQualifier, qualifierID) },
|
| - { SEC_ASN1_ANY, offsetof(CERTPolicyQualifier, qualifierValue) },
|
| - { 0 }
|
| -};
|
| -
|
| -const SEC_ASN1Template CERT_PolicyInfoTemplate[] = {
|
| - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPolicyInfo) },
|
| - { SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyInfo, policyID) },
|
| - { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_OPTIONAL,
|
| - offsetof(CERTPolicyInfo, policyQualifiers),
|
| - CERT_PolicyQualifierTemplate },
|
| - { 0 }
|
| -};
|
| -
|
| -const SEC_ASN1Template CERT_CertificatePoliciesTemplate[] = {
|
| - { SEC_ASN1_SEQUENCE_OF, offsetof(CERTCertificatePolicies, policyInfos),
|
| - CERT_PolicyInfoTemplate, sizeof(CERTCertificatePolicies) }
|
| -};
|
| -
|
| -const SEC_ASN1Template CERT_PolicyMapTemplate[] = {
|
| - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPolicyMap) },
|
| - { SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyMap, issuerDomainPolicy) },
|
| - { SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyMap, subjectDomainPolicy) },
|
| - { 0 }
|
| -};
|
| -
|
| -const SEC_ASN1Template CERT_PolicyMappingsTemplate[] = {
|
| - { SEC_ASN1_SEQUENCE_OF, offsetof(CERTCertificatePolicyMappings, policyMaps),
|
| - CERT_PolicyMapTemplate, sizeof(CERTPolicyMap) }
|
| -};
|
| -
|
| -const SEC_ASN1Template CERT_PolicyConstraintsTemplate[] = {
|
| - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCertificatePolicyConstraints) },
|
| - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
|
| - offsetof(CERTCertificatePolicyConstraints, explicitPolicySkipCerts),
|
| - SEC_ASN1_SUB(SEC_IntegerTemplate) },
|
| - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
|
| - offsetof(CERTCertificatePolicyConstraints, inhibitMappingSkipCerts),
|
| - SEC_ASN1_SUB(SEC_IntegerTemplate) },
|
| - { 0 }
|
| -};
|
| -
|
| -const SEC_ASN1Template CERT_InhibitAnyTemplate[] = {
|
| - { SEC_ASN1_INTEGER,
|
| - offsetof(CERTCertificateInhibitAny, inhibitAnySkipCerts), NULL,
|
| - sizeof(CERTCertificateInhibitAny) }
|
| -};
|
| -
|
| -static void
|
| -breakLines(char *string)
|
| -{
|
| - char *tmpstr;
|
| - char *lastspace = NULL;
|
| - int curlen = 0;
|
| - int c;
|
| -
|
| - tmpstr = string;
|
| -
|
| - while ((c = *tmpstr) != '\0') {
|
| - switch (c) {
|
| - case ' ':
|
| - lastspace = tmpstr;
|
| - break;
|
| - case '\n':
|
| - lastspace = NULL;
|
| - curlen = 0;
|
| - break;
|
| - }
|
| -
|
| - if ((curlen >= 55) && (lastspace != NULL)) {
|
| - *lastspace = '\n';
|
| - curlen = (tmpstr - lastspace);
|
| - lastspace = NULL;
|
| - }
|
| -
|
| - curlen++;
|
| - tmpstr++;
|
| - }
|
| -
|
| - return;
|
| -}
|
| -
|
| -CERTCertificatePolicies *
|
| -CERT_DecodeCertificatePoliciesExtension(const SECItem *extnValue)
|
| -{
|
| - PLArenaPool *arena = NULL;
|
| - SECStatus rv;
|
| - CERTCertificatePolicies *policies;
|
| - CERTPolicyInfo **policyInfos, *policyInfo;
|
| - CERTPolicyQualifier **policyQualifiers, *policyQualifier;
|
| - SECItem newExtnValue;
|
| -
|
| - /* make a new arena */
|
| - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
| -
|
| - if (!arena) {
|
| - goto loser;
|
| - }
|
| -
|
| - /* allocate the certificate policies structure */
|
| - policies = (CERTCertificatePolicies *)PORT_ArenaZAlloc(
|
| - arena, sizeof(CERTCertificatePolicies));
|
| -
|
| - if (policies == NULL) {
|
| - goto loser;
|
| - }
|
| -
|
| - policies->arena = arena;
|
| -
|
| - /* copy the DER into the arena, since Quick DER returns data that points
|
| - into the DER input, which may get freed by the caller */
|
| - rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
|
| - if (rv != SECSuccess) {
|
| - goto loser;
|
| - }
|
| -
|
| - /* decode the policy info */
|
| - rv = SEC_QuickDERDecodeItem(
|
| - arena, policies, CERT_CertificatePoliciesTemplate, &newExtnValue);
|
| -
|
| - if (rv != SECSuccess) {
|
| - goto loser;
|
| - }
|
| -
|
| - /* initialize the oid tags */
|
| - policyInfos = policies->policyInfos;
|
| - while (*policyInfos != NULL) {
|
| - policyInfo = *policyInfos;
|
| - policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID);
|
| - policyQualifiers = policyInfo->policyQualifiers;
|
| - while (policyQualifiers != NULL && *policyQualifiers != NULL) {
|
| - policyQualifier = *policyQualifiers;
|
| - policyQualifier->oid =
|
| - SECOID_FindOIDTag(&policyQualifier->qualifierID);
|
| - policyQualifiers++;
|
| - }
|
| - policyInfos++;
|
| - }
|
| -
|
| - return (policies);
|
| -
|
| -loser:
|
| - if (arena != NULL) {
|
| - PORT_FreeArena(arena, PR_FALSE);
|
| - }
|
| -
|
| - return (NULL);
|
| -}
|
| -
|
| -void
|
| -CERT_DestroyCertificatePoliciesExtension(CERTCertificatePolicies *policies)
|
| -{
|
| - if (policies != NULL) {
|
| - PORT_FreeArena(policies->arena, PR_FALSE);
|
| - }
|
| - return;
|
| -}
|
| -
|
| -CERTCertificatePolicyMappings *
|
| -CERT_DecodePolicyMappingsExtension(SECItem *extnValue)
|
| -{
|
| - PLArenaPool *arena = NULL;
|
| - SECStatus rv;
|
| - CERTCertificatePolicyMappings *mappings;
|
| - SECItem newExtnValue;
|
| -
|
| - /* make a new arena */
|
| - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
| - if (!arena) {
|
| - goto loser;
|
| - }
|
| -
|
| - /* allocate the policy mappings structure */
|
| - mappings = (CERTCertificatePolicyMappings *)PORT_ArenaZAlloc(
|
| - arena, sizeof(CERTCertificatePolicyMappings));
|
| - if (mappings == NULL) {
|
| - goto loser;
|
| - }
|
| - mappings->arena = arena;
|
| -
|
| - /* copy the DER into the arena, since Quick DER returns data that points
|
| - into the DER input, which may get freed by the caller */
|
| - rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
|
| - if (rv != SECSuccess) {
|
| - goto loser;
|
| - }
|
| -
|
| - /* decode the policy mappings */
|
| - rv = SEC_QuickDERDecodeItem(arena, mappings, CERT_PolicyMappingsTemplate,
|
| - &newExtnValue);
|
| - if (rv != SECSuccess) {
|
| - goto loser;
|
| - }
|
| -
|
| - return (mappings);
|
| -
|
| -loser:
|
| - if (arena != NULL) {
|
| - PORT_FreeArena(arena, PR_FALSE);
|
| - }
|
| -
|
| - return (NULL);
|
| -}
|
| -
|
| -SECStatus
|
| -CERT_DestroyPolicyMappingsExtension(CERTCertificatePolicyMappings *mappings)
|
| -{
|
| - if (mappings != NULL) {
|
| - PORT_FreeArena(mappings->arena, PR_FALSE);
|
| - }
|
| - return SECSuccess;
|
| -}
|
| -
|
| -SECStatus
|
| -CERT_DecodePolicyConstraintsExtension(
|
| - CERTCertificatePolicyConstraints *decodedValue, const SECItem *encodedValue)
|
| -{
|
| - CERTCertificatePolicyConstraints decodeContext;
|
| - PLArenaPool *arena = NULL;
|
| - SECStatus rv = SECSuccess;
|
| -
|
| - /* initialize so we can tell when an optional component is omitted */
|
| - PORT_Memset(&decodeContext, 0, sizeof(decodeContext));
|
| -
|
| - /* make a new arena */
|
| - arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
|
| - if (!arena) {
|
| - return SECFailure;
|
| - }
|
| -
|
| - do {
|
| - /* decode the policy constraints */
|
| - rv = SEC_QuickDERDecodeItem(arena, &decodeContext,
|
| - CERT_PolicyConstraintsTemplate,
|
| - encodedValue);
|
| -
|
| - if (rv != SECSuccess) {
|
| - break;
|
| - }
|
| -
|
| - if (decodeContext.explicitPolicySkipCerts.len == 0) {
|
| - *(PRInt32 *)decodedValue->explicitPolicySkipCerts.data = -1;
|
| - } else {
|
| - *(PRInt32 *)decodedValue->explicitPolicySkipCerts.data =
|
| - DER_GetInteger(&decodeContext.explicitPolicySkipCerts);
|
| - }
|
| -
|
| - if (decodeContext.inhibitMappingSkipCerts.len == 0) {
|
| - *(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data = -1;
|
| - } else {
|
| - *(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data =
|
| - DER_GetInteger(&decodeContext.inhibitMappingSkipCerts);
|
| - }
|
| -
|
| - if ((*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data ==
|
| - PR_INT32_MIN) ||
|
| - (*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data ==
|
| - PR_INT32_MAX) ||
|
| - (*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data ==
|
| - PR_INT32_MIN) ||
|
| - (*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data ==
|
| - PR_INT32_MAX)) {
|
| - rv = SECFailure;
|
| - }
|
| -
|
| - } while (0);
|
| -
|
| - PORT_FreeArena(arena, PR_FALSE);
|
| - return (rv);
|
| -}
|
| -
|
| -SECStatus
|
| -CERT_DecodeInhibitAnyExtension(CERTCertificateInhibitAny *decodedValue,
|
| - SECItem *encodedValue)
|
| -{
|
| - CERTCertificateInhibitAny decodeContext;
|
| - PLArenaPool *arena = NULL;
|
| - SECStatus rv = SECSuccess;
|
| -
|
| - /* make a new arena */
|
| - arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
|
| - if (!arena) {
|
| - return SECFailure;
|
| - }
|
| -
|
| - do {
|
| -
|
| - /* decode the policy mappings */
|
| - decodeContext.inhibitAnySkipCerts.type = siUnsignedInteger;
|
| - rv = SEC_QuickDERDecodeItem(arena, &decodeContext,
|
| - CERT_InhibitAnyTemplate, encodedValue);
|
| -
|
| - if (rv != SECSuccess) {
|
| - break;
|
| - }
|
| -
|
| - *(PRInt32 *)decodedValue->inhibitAnySkipCerts.data =
|
| - DER_GetInteger(&decodeContext.inhibitAnySkipCerts);
|
| -
|
| - } while (0);
|
| -
|
| - PORT_FreeArena(arena, PR_FALSE);
|
| - return (rv);
|
| -}
|
| -
|
| -CERTUserNotice *
|
| -CERT_DecodeUserNotice(SECItem *noticeItem)
|
| -{
|
| - PLArenaPool *arena = NULL;
|
| - SECStatus rv;
|
| - CERTUserNotice *userNotice;
|
| - SECItem newNoticeItem;
|
| -
|
| - /* make a new arena */
|
| - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
| -
|
| - if (!arena) {
|
| - goto loser;
|
| - }
|
| -
|
| - /* allocate the userNotice structure */
|
| - userNotice =
|
| - (CERTUserNotice *)PORT_ArenaZAlloc(arena, sizeof(CERTUserNotice));
|
| -
|
| - if (userNotice == NULL) {
|
| - goto loser;
|
| - }
|
| -
|
| - userNotice->arena = arena;
|
| -
|
| - /* copy the DER into the arena, since Quick DER returns data that points
|
| - into the DER input, which may get freed by the caller */
|
| - rv = SECITEM_CopyItem(arena, &newNoticeItem, noticeItem);
|
| - if (rv != SECSuccess) {
|
| - goto loser;
|
| - }
|
| -
|
| - /* decode the user notice */
|
| - rv = SEC_QuickDERDecodeItem(arena, userNotice, CERT_UserNoticeTemplate,
|
| - &newNoticeItem);
|
| -
|
| - if (rv != SECSuccess) {
|
| - goto loser;
|
| - }
|
| -
|
| - if (userNotice->derNoticeReference.data != NULL) {
|
| -
|
| - rv = SEC_QuickDERDecodeItem(arena, &userNotice->noticeReference,
|
| - CERT_NoticeReferenceTemplate,
|
| - &userNotice->derNoticeReference);
|
| - if (rv == SECFailure) {
|
| - goto loser;
|
| - }
|
| - }
|
| -
|
| - return (userNotice);
|
| -
|
| -loser:
|
| - if (arena != NULL) {
|
| - PORT_FreeArena(arena, PR_FALSE);
|
| - }
|
| -
|
| - return (NULL);
|
| -}
|
| -
|
| -void
|
| -CERT_DestroyUserNotice(CERTUserNotice *userNotice)
|
| -{
|
| - if (userNotice != NULL) {
|
| - PORT_FreeArena(userNotice->arena, PR_FALSE);
|
| - }
|
| - return;
|
| -}
|
| -
|
| -static CERTPolicyStringCallback policyStringCB = NULL;
|
| -static void *policyStringCBArg = NULL;
|
| -
|
| -void
|
| -CERT_SetCAPolicyStringCallback(CERTPolicyStringCallback cb, void *cbarg)
|
| -{
|
| - policyStringCB = cb;
|
| - policyStringCBArg = cbarg;
|
| - return;
|
| -}
|
| -
|
| -char *
|
| -stringFromUserNotice(SECItem *noticeItem)
|
| -{
|
| - SECItem *org;
|
| - unsigned int len, headerlen;
|
| - char *stringbuf;
|
| - CERTUserNotice *userNotice;
|
| - char *policystr;
|
| - char *retstr = NULL;
|
| - SECItem *displayText;
|
| - SECItem **noticeNumbers;
|
| - unsigned int strnum;
|
| -
|
| - /* decode the user notice */
|
| - userNotice = CERT_DecodeUserNotice(noticeItem);
|
| - if (userNotice == NULL) {
|
| - return (NULL);
|
| - }
|
| -
|
| - org = &userNotice->noticeReference.organization;
|
| - if ((org->len != 0) && (policyStringCB != NULL)) {
|
| - /* has a noticeReference */
|
| -
|
| - /* extract the org string */
|
| - len = org->len;
|
| - stringbuf = (char *)PORT_Alloc(len + 1);
|
| - if (stringbuf != NULL) {
|
| - PORT_Memcpy(stringbuf, org->data, len);
|
| - stringbuf[len] = '\0';
|
| -
|
| - noticeNumbers = userNotice->noticeReference.noticeNumbers;
|
| - while (*noticeNumbers != NULL) {
|
| - /* XXX - only one byte integers right now*/
|
| - strnum = (*noticeNumbers)->data[0];
|
| - policystr =
|
| - (*policyStringCB)(stringbuf, strnum, policyStringCBArg);
|
| - if (policystr != NULL) {
|
| - if (retstr != NULL) {
|
| - retstr = PR_sprintf_append(retstr, "\n%s", policystr);
|
| - } else {
|
| - retstr = PR_sprintf_append(retstr, "%s", policystr);
|
| - }
|
| -
|
| - PORT_Free(policystr);
|
| - }
|
| -
|
| - noticeNumbers++;
|
| - }
|
| -
|
| - PORT_Free(stringbuf);
|
| - }
|
| - }
|
| -
|
| - if (retstr == NULL) {
|
| - if (userNotice->displayText.len != 0) {
|
| - displayText = &userNotice->displayText;
|
| -
|
| - if (displayText->len > 2) {
|
| - if (displayText->data[0] == SEC_ASN1_VISIBLE_STRING) {
|
| - headerlen = 2;
|
| - if (displayText->data[1] & 0x80) {
|
| - /* multibyte length */
|
| - headerlen += (displayText->data[1] & 0x7f);
|
| - }
|
| -
|
| - len = displayText->len - headerlen;
|
| - retstr = (char *)PORT_Alloc(len + 1);
|
| - if (retstr != NULL) {
|
| - PORT_Memcpy(retstr, &displayText->data[headerlen], len);
|
| - retstr[len] = '\0';
|
| - }
|
| - }
|
| - }
|
| - }
|
| - }
|
| -
|
| - CERT_DestroyUserNotice(userNotice);
|
| -
|
| - return (retstr);
|
| -}
|
| -
|
| -char *
|
| -CERT_GetCertCommentString(CERTCertificate *cert)
|
| -{
|
| - char *retstring = NULL;
|
| - SECStatus rv;
|
| - SECItem policyItem;
|
| - CERTCertificatePolicies *policies = NULL;
|
| - CERTPolicyInfo **policyInfos;
|
| - CERTPolicyQualifier **policyQualifiers, *qualifier;
|
| -
|
| - policyItem.data = NULL;
|
| -
|
| - rv = CERT_FindCertExtension(cert, SEC_OID_X509_CERTIFICATE_POLICIES,
|
| - &policyItem);
|
| - if (rv != SECSuccess) {
|
| - goto nopolicy;
|
| - }
|
| -
|
| - policies = CERT_DecodeCertificatePoliciesExtension(&policyItem);
|
| - if (policies == NULL) {
|
| - goto nopolicy;
|
| - }
|
| -
|
| - policyInfos = policies->policyInfos;
|
| - /* search through policyInfos looking for the verisign policy */
|
| - while (*policyInfos != NULL) {
|
| - if ((*policyInfos)->oid == SEC_OID_VERISIGN_USER_NOTICES) {
|
| - policyQualifiers = (*policyInfos)->policyQualifiers;
|
| - /* search through the policy qualifiers looking for user notice */
|
| - while (policyQualifiers != NULL && *policyQualifiers != NULL) {
|
| - qualifier = *policyQualifiers;
|
| - if (qualifier->oid == SEC_OID_PKIX_USER_NOTICE_QUALIFIER) {
|
| - retstring =
|
| - stringFromUserNotice(&qualifier->qualifierValue);
|
| - break;
|
| - }
|
| -
|
| - policyQualifiers++;
|
| - }
|
| - break;
|
| - }
|
| - policyInfos++;
|
| - }
|
| -
|
| -nopolicy:
|
| - if (policyItem.data != NULL) {
|
| - PORT_Free(policyItem.data);
|
| - }
|
| -
|
| - if (policies != NULL) {
|
| - CERT_DestroyCertificatePoliciesExtension(policies);
|
| - }
|
| -
|
| - if (retstring == NULL) {
|
| - retstring =
|
| - CERT_FindNSStringExtension(cert, SEC_OID_NS_CERT_EXT_COMMENT);
|
| - }
|
| -
|
| - if (retstring != NULL) {
|
| - breakLines(retstring);
|
| - }
|
| -
|
| - return (retstring);
|
| -}
|
| -
|
| -const SEC_ASN1Template CERT_OidSeqTemplate[] = {
|
| - { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, offsetof(CERTOidSequence, oids),
|
| - SEC_ASN1_SUB(SEC_ObjectIDTemplate) }
|
| -};
|
| -
|
| -CERTOidSequence *
|
| -CERT_DecodeOidSequence(const SECItem *seqItem)
|
| -{
|
| - PLArenaPool *arena = NULL;
|
| - SECStatus rv;
|
| - CERTOidSequence *oidSeq;
|
| - SECItem newSeqItem;
|
| -
|
| - /* make a new arena */
|
| - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
| -
|
| - if (!arena) {
|
| - goto loser;
|
| - }
|
| -
|
| - /* allocate the userNotice structure */
|
| - oidSeq =
|
| - (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence));
|
| -
|
| - if (oidSeq == NULL) {
|
| - goto loser;
|
| - }
|
| -
|
| - oidSeq->arena = arena;
|
| -
|
| - /* copy the DER into the arena, since Quick DER returns data that points
|
| - into the DER input, which may get freed by the caller */
|
| - rv = SECITEM_CopyItem(arena, &newSeqItem, seqItem);
|
| - if (rv != SECSuccess) {
|
| - goto loser;
|
| - }
|
| -
|
| - /* decode the user notice */
|
| - rv =
|
| - SEC_QuickDERDecodeItem(arena, oidSeq, CERT_OidSeqTemplate, &newSeqItem);
|
| -
|
| - if (rv != SECSuccess) {
|
| - goto loser;
|
| - }
|
| -
|
| - return (oidSeq);
|
| -
|
| -loser:
|
| - if (arena) {
|
| - PORT_FreeArena(arena, PR_FALSE);
|
| - }
|
| - return (NULL);
|
| -}
|
| -
|
| -void
|
| -CERT_DestroyOidSequence(CERTOidSequence *oidSeq)
|
| -{
|
| - if (oidSeq != NULL) {
|
| - PORT_FreeArena(oidSeq->arena, PR_FALSE);
|
| - }
|
| - return;
|
| -}
|
| -
|
| -PRBool
|
| -CERT_GovtApprovedBitSet(CERTCertificate *cert)
|
| -{
|
| - SECStatus rv;
|
| - SECItem extItem;
|
| - CERTOidSequence *oidSeq = NULL;
|
| - PRBool ret;
|
| - SECItem **oids;
|
| - SECItem *oid;
|
| - SECOidTag oidTag;
|
| -
|
| - extItem.data = NULL;
|
| - rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE, &extItem);
|
| - if (rv != SECSuccess) {
|
| - goto loser;
|
| - }
|
| -
|
| - oidSeq = CERT_DecodeOidSequence(&extItem);
|
| - if (oidSeq == NULL) {
|
| - goto loser;
|
| - }
|
| -
|
| - oids = oidSeq->oids;
|
| - while (oids != NULL && *oids != NULL) {
|
| - oid = *oids;
|
| -
|
| - oidTag = SECOID_FindOIDTag(oid);
|
| -
|
| - if (oidTag == SEC_OID_NS_KEY_USAGE_GOVT_APPROVED) {
|
| - goto success;
|
| - }
|
| -
|
| - oids++;
|
| - }
|
| -
|
| -loser:
|
| - ret = PR_FALSE;
|
| - goto done;
|
| -success:
|
| - ret = PR_TRUE;
|
| -done:
|
| - if (oidSeq != NULL) {
|
| - CERT_DestroyOidSequence(oidSeq);
|
| - }
|
| - if (extItem.data != NULL) {
|
| - PORT_Free(extItem.data);
|
| - }
|
| - return (ret);
|
| -}
|
| -
|
| -SECStatus
|
| -CERT_EncodePolicyConstraintsExtension(PLArenaPool *arena,
|
| - CERTCertificatePolicyConstraints *constr,
|
| - SECItem *dest)
|
| -{
|
| - SECStatus rv = SECSuccess;
|
| -
|
| - PORT_Assert(constr != NULL && dest != NULL);
|
| - if (constr == NULL || dest == NULL) {
|
| - return SECFailure;
|
| - }
|
| -
|
| - if (SEC_ASN1EncodeItem(arena, dest, constr,
|
| - CERT_PolicyConstraintsTemplate) == NULL) {
|
| - rv = SECFailure;
|
| - }
|
| - return (rv);
|
| -}
|
| -
|
| -SECStatus
|
| -CERT_EncodePolicyMappingExtension(PLArenaPool *arena,
|
| - CERTCertificatePolicyMappings *mapping,
|
| - SECItem *dest)
|
| -{
|
| - SECStatus rv = SECSuccess;
|
| -
|
| - PORT_Assert(mapping != NULL && dest != NULL);
|
| - if (mapping == NULL || dest == NULL) {
|
| - return SECFailure;
|
| - }
|
| -
|
| - if (SEC_ASN1EncodeItem(arena, dest, mapping, CERT_PolicyMappingsTemplate) ==
|
| - NULL) {
|
| - rv = SECFailure;
|
| - }
|
| - return (rv);
|
| -}
|
| -
|
| -SECStatus
|
| -CERT_EncodeCertPoliciesExtension(PLArenaPool *arena, CERTPolicyInfo **info,
|
| - SECItem *dest)
|
| -{
|
| - SECStatus rv = SECSuccess;
|
| -
|
| - PORT_Assert(info != NULL && dest != NULL);
|
| - if (info == NULL || dest == NULL) {
|
| - return SECFailure;
|
| - }
|
| -
|
| - if (SEC_ASN1EncodeItem(arena, dest, info,
|
| - CERT_CertificatePoliciesTemplate) == NULL) {
|
| - rv = SECFailure;
|
| - }
|
| - return (rv);
|
| -}
|
| -
|
| -SECStatus
|
| -CERT_EncodeUserNotice(PLArenaPool *arena, CERTUserNotice *notice, SECItem *dest)
|
| -{
|
| - SECStatus rv = SECSuccess;
|
| -
|
| - PORT_Assert(notice != NULL && dest != NULL);
|
| - if (notice == NULL || dest == NULL) {
|
| - return SECFailure;
|
| - }
|
| -
|
| - if (SEC_ASN1EncodeItem(arena, dest, notice, CERT_UserNoticeTemplate) ==
|
| - NULL) {
|
| - rv = SECFailure;
|
| - }
|
| -
|
| - return (rv);
|
| -}
|
| -
|
| -SECStatus
|
| -CERT_EncodeNoticeReference(PLArenaPool *arena, CERTNoticeReference *reference,
|
| - SECItem *dest)
|
| -{
|
| - SECStatus rv = SECSuccess;
|
| -
|
| - PORT_Assert(reference != NULL && dest != NULL);
|
| - if (reference == NULL || dest == NULL) {
|
| - return SECFailure;
|
| - }
|
| -
|
| - if (SEC_ASN1EncodeItem(arena, dest, reference,
|
| - CERT_NoticeReferenceTemplate) == NULL) {
|
| - rv = SECFailure;
|
| - }
|
| -
|
| - return (rv);
|
| -}
|
| -
|
| -SECStatus
|
| -CERT_EncodeInhibitAnyExtension(PLArenaPool *arena,
|
| - CERTCertificateInhibitAny *certInhibitAny,
|
| - SECItem *dest)
|
| -{
|
| - SECStatus rv = SECSuccess;
|
| -
|
| - PORT_Assert(certInhibitAny != NULL && dest != NULL);
|
| - if (certInhibitAny == NULL || dest == NULL) {
|
| - return SECFailure;
|
| - }
|
| -
|
| - if (SEC_ASN1EncodeItem(arena, dest, certInhibitAny,
|
| - CERT_InhibitAnyTemplate) == NULL) {
|
| - rv = SECFailure;
|
| - }
|
| - return (rv);
|
| -}
|
|
|
Chromium Code Reviews
Issue 2078763002:
Delete bundled copy of NSS and replace with README. (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/nss@master