/security/nss/lib/certdb/xconst.c

http://github.com/zpao/v8monkey · C · 318 lines · 222 code · 52 blank · 44 comment · 43 complexity · 7eeb924d1204a99022f64329263b61b8 MD5 · raw file

  1. /* ***** BEGIN LICENSE BLOCK *****
  2. * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3. *
  4. * The contents of this file are subject to the Mozilla Public License Version
  5. * 1.1 (the "License"); you may not use this file except in compliance with
  6. * the License. You may obtain a copy of the License at
  7. * http://www.mozilla.org/MPL/
  8. *
  9. * Software distributed under the License is distributed on an "AS IS" basis,
  10. * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  11. * for the specific language governing rights and limitations under the
  12. * License.
  13. *
  14. * The Original Code is the Netscape security libraries.
  15. *
  16. * The Initial Developer of the Original Code is
  17. * Netscape Communications Corporation.
  18. * Portions created by the Initial Developer are Copyright (C) 1994-2000
  19. * the Initial Developer. All Rights Reserved.
  20. *
  21. * Contributor(s):
  22. *
  23. * Alternatively, the contents of this file may be used under the terms of
  24. * either the GNU General Public License Version 2 or later (the "GPL"), or
  25. * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  26. * in which case the provisions of the GPL or the LGPL are applicable instead
  27. * of those above. If you wish to allow use of your version of this file only
  28. * under the terms of either the GPL or the LGPL, and not to allow others to
  29. * use your version of this file under the terms of the MPL, indicate your
  30. * decision by deleting the provisions above and replace them with the notice
  31. * and other provisions required by the GPL or the LGPL. If you do not delete
  32. * the provisions above, a recipient may use your version of this file under
  33. * the terms of any one of the MPL, the GPL or the LGPL.
  34. *
  35. * ***** END LICENSE BLOCK ***** */
  36. /*
  37. * X.509 Extension Encoding
  38. */
  39. #include "prtypes.h"
  40. #include "seccomon.h"
  41. #include "secdert.h"
  42. #include "secoidt.h"
  43. #include "secasn1t.h"
  44. #include "secasn1.h"
  45. #include "cert.h"
  46. #include "secder.h"
  47. #include "prprf.h"
  48. #include "xconst.h"
  49. #include "genname.h"
  50. #include "secasn1.h"
  51. #include "secerr.h"
  52. static const SEC_ASN1Template CERTSubjectKeyIDTemplate[] = {
  53. { SEC_ASN1_OCTET_STRING }
  54. };
  55. static const SEC_ASN1Template CERTIA5TypeTemplate[] = {
  56. { SEC_ASN1_IA5_STRING }
  57. };
  58. SEC_ASN1_MKSUB(SEC_GeneralizedTimeTemplate)
  59. static const SEC_ASN1Template CERTPrivateKeyUsagePeriodTemplate[] = {
  60. { SEC_ASN1_SEQUENCE,
  61. 0, NULL, sizeof(CERTPrivKeyUsagePeriod) },
  62. { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
  63. offsetof(CERTPrivKeyUsagePeriod, notBefore),
  64. SEC_ASN1_SUB(SEC_GeneralizedTimeTemplate) },
  65. { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
  66. offsetof(CERTPrivKeyUsagePeriod, notAfter),
  67. SEC_ASN1_SUB(SEC_GeneralizedTimeTemplate)},
  68. { 0, }
  69. };
  70. const SEC_ASN1Template CERTAltNameTemplate[] = {
  71. { SEC_ASN1_CONSTRUCTED, offsetof(CERTAltNameEncodedContext, encodedGenName),
  72. CERT_GeneralNamesTemplate}
  73. };
  74. const SEC_ASN1Template CERTAuthInfoAccessItemTemplate[] = {
  75. { SEC_ASN1_SEQUENCE,
  76. 0, NULL, sizeof(CERTAuthInfoAccess) },
  77. { SEC_ASN1_OBJECT_ID,
  78. offsetof(CERTAuthInfoAccess, method) },
  79. { SEC_ASN1_ANY,
  80. offsetof(CERTAuthInfoAccess, derLocation) },
  81. { 0, }
  82. };
  83. const SEC_ASN1Template CERTAuthInfoAccessTemplate[] = {
  84. { SEC_ASN1_SEQUENCE_OF, 0, CERTAuthInfoAccessItemTemplate }
  85. };
  86. SECStatus
  87. CERT_EncodeSubjectKeyID(PRArenaPool *arena, const SECItem* srcString,
  88. SECItem *encodedValue)
  89. {
  90. SECStatus rv = SECSuccess;
  91. if (!srcString) {
  92. PORT_SetError(SEC_ERROR_INVALID_ARGS);
  93. return SECFailure;
  94. }
  95. if (SEC_ASN1EncodeItem (arena, encodedValue, srcString,
  96. CERTSubjectKeyIDTemplate) == NULL) {
  97. rv = SECFailure;
  98. }
  99. return(rv);
  100. }
  101. SECStatus
  102. CERT_EncodePrivateKeyUsagePeriod(PRArenaPool *arena,
  103. CERTPrivKeyUsagePeriod *pkup,
  104. SECItem *encodedValue)
  105. {
  106. SECStatus rv = SECSuccess;
  107. if (SEC_ASN1EncodeItem (arena, encodedValue, pkup,
  108. CERTPrivateKeyUsagePeriodTemplate) == NULL) {
  109. rv = SECFailure;
  110. }
  111. return(rv);
  112. }
  113. CERTPrivKeyUsagePeriod *
  114. CERT_DecodePrivKeyUsagePeriodExtension(PLArenaPool *arena, SECItem *extnValue)
  115. {
  116. SECStatus rv;
  117. CERTPrivKeyUsagePeriod *pPeriod;
  118. SECItem newExtnValue;
  119. /* allocate the certificate policies structure */
  120. pPeriod = PORT_ArenaZNew(arena, CERTPrivKeyUsagePeriod);
  121. if ( pPeriod == NULL ) {
  122. goto loser;
  123. }
  124. pPeriod->arena = arena;
  125. /* copy the DER into the arena, since Quick DER returns data that points
  126. into the DER input, which may get freed by the caller */
  127. rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
  128. if ( rv != SECSuccess ) {
  129. goto loser;
  130. }
  131. rv = SEC_QuickDERDecodeItem(arena, pPeriod,
  132. CERTPrivateKeyUsagePeriodTemplate,
  133. &newExtnValue);
  134. if ( rv != SECSuccess ) {
  135. goto loser;
  136. }
  137. return pPeriod;
  138. loser:
  139. return NULL;
  140. }
  141. SECStatus
  142. CERT_EncodeIA5TypeExtension(PRArenaPool *arena, char *value, SECItem *encodedValue)
  143. {
  144. SECItem encodeContext;
  145. SECStatus rv = SECSuccess;
  146. PORT_Memset (&encodeContext, 0, sizeof (encodeContext));
  147. if (value != NULL) {
  148. encodeContext.data = (unsigned char *)value;
  149. encodeContext.len = strlen(value);
  150. }
  151. if (SEC_ASN1EncodeItem (arena, encodedValue, &encodeContext,
  152. CERTIA5TypeTemplate) == NULL) {
  153. rv = SECFailure;
  154. }
  155. return(rv);
  156. }
  157. SECStatus
  158. CERT_EncodeAltNameExtension(PRArenaPool *arena, CERTGeneralName *value, SECItem *encodedValue)
  159. {
  160. SECItem **encodedGenName;
  161. SECStatus rv = SECSuccess;
  162. encodedGenName = cert_EncodeGeneralNames(arena, value);
  163. if (SEC_ASN1EncodeItem (arena, encodedValue, &encodedGenName,
  164. CERT_GeneralNamesTemplate) == NULL) {
  165. rv = SECFailure;
  166. }
  167. return rv;
  168. }
  169. CERTGeneralName *
  170. CERT_DecodeAltNameExtension(PRArenaPool *reqArena, SECItem *EncodedAltName)
  171. {
  172. SECStatus rv = SECSuccess;
  173. CERTAltNameEncodedContext encodedContext;
  174. SECItem* newEncodedAltName;
  175. if (!reqArena) {
  176. PORT_SetError(SEC_ERROR_INVALID_ARGS);
  177. return NULL;
  178. }
  179. newEncodedAltName = SECITEM_ArenaDupItem(reqArena, EncodedAltName);
  180. if (!newEncodedAltName) {
  181. return NULL;
  182. }
  183. encodedContext.encodedGenName = NULL;
  184. PORT_Memset(&encodedContext, 0, sizeof(CERTAltNameEncodedContext));
  185. rv = SEC_QuickDERDecodeItem (reqArena, &encodedContext,
  186. CERT_GeneralNamesTemplate, newEncodedAltName);
  187. if (rv == SECFailure) {
  188. goto loser;
  189. }
  190. if (encodedContext.encodedGenName && encodedContext.encodedGenName[0])
  191. return cert_DecodeGeneralNames(reqArena,
  192. encodedContext.encodedGenName);
  193. /* Extension contained an empty GeneralNames sequence */
  194. /* Treat as extension not found */
  195. PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
  196. loser:
  197. return NULL;
  198. }
  199. SECStatus
  200. CERT_EncodeNameConstraintsExtension(PRArenaPool *arena,
  201. CERTNameConstraints *value,
  202. SECItem *encodedValue)
  203. {
  204. SECStatus rv = SECSuccess;
  205. rv = cert_EncodeNameConstraints(value, arena, encodedValue);
  206. return rv;
  207. }
  208. CERTNameConstraints *
  209. CERT_DecodeNameConstraintsExtension(PRArenaPool *arena,
  210. SECItem *encodedConstraints)
  211. {
  212. return cert_DecodeNameConstraints(arena, encodedConstraints);
  213. }
  214. CERTAuthInfoAccess **
  215. CERT_DecodeAuthInfoAccessExtension(PRArenaPool *reqArena,
  216. SECItem *encodedExtension)
  217. {
  218. CERTAuthInfoAccess **info = NULL;
  219. SECStatus rv;
  220. int i;
  221. SECItem* newEncodedExtension;
  222. if (!reqArena) {
  223. PORT_SetError(SEC_ERROR_INVALID_ARGS);
  224. return NULL;
  225. }
  226. newEncodedExtension = SECITEM_ArenaDupItem(reqArena, encodedExtension);
  227. if (!newEncodedExtension) {
  228. return NULL;
  229. }
  230. rv = SEC_QuickDERDecodeItem(reqArena, &info, CERTAuthInfoAccessTemplate,
  231. newEncodedExtension);
  232. if (rv != SECSuccess || info == NULL) {
  233. return NULL;
  234. }
  235. for (i = 0; info[i] != NULL; i++) {
  236. info[i]->location = CERT_DecodeGeneralName(reqArena,
  237. &(info[i]->derLocation),
  238. NULL);
  239. }
  240. return info;
  241. }
  242. SECStatus
  243. CERT_EncodeInfoAccessExtension(PRArenaPool *arena,
  244. CERTAuthInfoAccess **info,
  245. SECItem *dest)
  246. {
  247. SECItem *dummy;
  248. int i;
  249. PORT_Assert(info != NULL);
  250. PORT_Assert(dest != NULL);
  251. if (info == NULL || dest == NULL) {
  252. return SECFailure;
  253. }
  254. for (i = 0; info[i] != NULL; i++) {
  255. if (CERT_EncodeGeneralName(info[i]->location, &(info[i]->derLocation),
  256. arena) == NULL)
  257. /* Note that this may leave some of the locations filled in. */
  258. return SECFailure;
  259. }
  260. dummy = SEC_ASN1EncodeItem(arena, dest, &info,
  261. CERTAuthInfoAccessTemplate);
  262. if (dummy == NULL) {
  263. return SECFailure;
  264. }
  265. return SECSuccess;
  266. }