/security/nss/lib/certdb/xconst.c

  1/* ***** BEGIN LICENSE BLOCK *****
  2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3 *
  4 * The contents of this file are subject to the Mozilla Public License Version
  5 * 1.1 (the "License"); you may not use this file except in compliance with
  6 * the License. You may obtain a copy of the License at
  7 * http://www.mozilla.org/MPL/
  8 *
  9 * Software distributed under the License is distributed on an "AS IS" basis,
 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 11 * for the specific language governing rights and limitations under the
 12 * License.
 13 *
 14 * The Original Code is the Netscape security libraries.
 15 *
 16 * The Initial Developer of the Original Code is
 17 * Netscape Communications Corporation.
 18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
 19 * the Initial Developer. All Rights Reserved.
 20 *
 21 * Contributor(s):
 22 *
 23 * Alternatively, the contents of this file may be used under the terms of
 24 * either the GNU General Public License Version 2 or later (the "GPL"), or
 25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 26 * in which case the provisions of the GPL or the LGPL are applicable instead
 27 * of those above. If you wish to allow use of your version of this file only
 28 * under the terms of either the GPL or the LGPL, and not to allow others to
 29 * use your version of this file under the terms of the MPL, indicate your
 30 * decision by deleting the provisions above and replace them with the notice
 31 * and other provisions required by the GPL or the LGPL. If you do not delete
 32 * the provisions above, a recipient may use your version of this file under
 33 * the terms of any one of the MPL, the GPL or the LGPL.
 34 *
 35 * ***** END LICENSE BLOCK ***** */
 36
 37/*
 38 * X.509 Extension Encoding  
 39 */
 40
 41#include "prtypes.h"
 42#include "seccomon.h"
 43#include "secdert.h"
 44#include "secoidt.h"
 45#include "secasn1t.h"
 46#include "secasn1.h"
 47#include "cert.h"
 48#include "secder.h"
 49#include "prprf.h"
 50#include "xconst.h"
 51#include "genname.h"
 52#include "secasn1.h"
 53#include "secerr.h"
 54
 55
 56static const SEC_ASN1Template CERTSubjectKeyIDTemplate[] = {
 57    { SEC_ASN1_OCTET_STRING }
 58};
 59
 60
 61static const SEC_ASN1Template CERTIA5TypeTemplate[] = {
 62    { SEC_ASN1_IA5_STRING }
 63};
 64
 65SEC_ASN1_MKSUB(SEC_GeneralizedTimeTemplate)
 66
 67static const SEC_ASN1Template CERTPrivateKeyUsagePeriodTemplate[] = {
 68    { SEC_ASN1_SEQUENCE,
 69      0, NULL, sizeof(CERTPrivKeyUsagePeriod) },
 70    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC  | SEC_ASN1_XTRN | 0,
 71	  offsetof(CERTPrivKeyUsagePeriod, notBefore), 
 72	  SEC_ASN1_SUB(SEC_GeneralizedTimeTemplate) },
 73    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC  | SEC_ASN1_XTRN | 1,
 74	  offsetof(CERTPrivKeyUsagePeriod, notAfter), 
 75	  SEC_ASN1_SUB(SEC_GeneralizedTimeTemplate)},
 76    { 0, } 
 77};
 78
 79
 80const SEC_ASN1Template CERTAltNameTemplate[] = {
 81    { SEC_ASN1_CONSTRUCTED, offsetof(CERTAltNameEncodedContext, encodedGenName), 
 82      CERT_GeneralNamesTemplate}
 83};
 84
 85const SEC_ASN1Template CERTAuthInfoAccessItemTemplate[] = {
 86    { SEC_ASN1_SEQUENCE,
 87      0, NULL, sizeof(CERTAuthInfoAccess) },
 88    { SEC_ASN1_OBJECT_ID,
 89      offsetof(CERTAuthInfoAccess, method) },
 90    { SEC_ASN1_ANY,
 91      offsetof(CERTAuthInfoAccess, derLocation) },
 92    { 0, }
 93};
 94
 95const SEC_ASN1Template CERTAuthInfoAccessTemplate[] = {
 96    { SEC_ASN1_SEQUENCE_OF, 0, CERTAuthInfoAccessItemTemplate }
 97};
 98
 99
100SECStatus 
101CERT_EncodeSubjectKeyID(PRArenaPool *arena, const SECItem* srcString,
102                        SECItem *encodedValue)
103{
104    SECStatus rv = SECSuccess;
105
106    if (!srcString) {
107        PORT_SetError(SEC_ERROR_INVALID_ARGS);
108        return SECFailure;
109    }
110    if (SEC_ASN1EncodeItem (arena, encodedValue, srcString,
111			    CERTSubjectKeyIDTemplate) == NULL) {
112	rv = SECFailure;
113    }
114    
115    return(rv);
116}
117
118
119SECStatus
120CERT_EncodePrivateKeyUsagePeriod(PRArenaPool *arena, 
121                                CERTPrivKeyUsagePeriod *pkup, 
122				SECItem *encodedValue)
123{
124    SECStatus rv = SECSuccess;
125
126    if (SEC_ASN1EncodeItem (arena, encodedValue, pkup,
127			    CERTPrivateKeyUsagePeriodTemplate) == NULL) {
128	rv = SECFailure;
129    }
130    return(rv);
131}
132
133CERTPrivKeyUsagePeriod *
134CERT_DecodePrivKeyUsagePeriodExtension(PLArenaPool *arena, SECItem *extnValue)
135{
136    SECStatus rv;
137    CERTPrivKeyUsagePeriod *pPeriod;
138    SECItem newExtnValue;
139
140    /* allocate the certificate policies structure */
141    pPeriod = PORT_ArenaZNew(arena, CERTPrivKeyUsagePeriod);
142    if ( pPeriod == NULL ) {
143	goto loser;
144    }
145    
146    pPeriod->arena = arena;
147
148    /* copy the DER into the arena, since Quick DER returns data that points
149       into the DER input, which may get freed by the caller */
150    rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
151    if ( rv != SECSuccess ) {
152	goto loser;
153    }
154
155    rv = SEC_QuickDERDecodeItem(arena, pPeriod, 
156                                CERTPrivateKeyUsagePeriodTemplate,
157			        &newExtnValue);
158    if ( rv != SECSuccess ) {
159	goto loser;
160    }
161    return pPeriod;
162    
163loser:
164    return NULL;
165}
166
167
168SECStatus 
169CERT_EncodeIA5TypeExtension(PRArenaPool *arena, char *value, SECItem *encodedValue)
170{
171    SECItem encodeContext;
172    SECStatus rv = SECSuccess;
173
174
175    PORT_Memset (&encodeContext, 0, sizeof (encodeContext));
176    
177    if (value != NULL) {
178	encodeContext.data = (unsigned char *)value;
179	encodeContext.len = strlen(value);
180    }
181    if (SEC_ASN1EncodeItem (arena, encodedValue, &encodeContext,
182			    CERTIA5TypeTemplate) == NULL) {
183	rv = SECFailure;
184    }
185    
186    return(rv);
187}
188
189SECStatus
190CERT_EncodeAltNameExtension(PRArenaPool *arena,  CERTGeneralName  *value, SECItem *encodedValue)
191{
192    SECItem                **encodedGenName;
193    SECStatus              rv = SECSuccess;
194
195    encodedGenName = cert_EncodeGeneralNames(arena, value);
196    if (SEC_ASN1EncodeItem (arena, encodedValue, &encodedGenName,
197			    CERT_GeneralNamesTemplate) == NULL) {
198	rv = SECFailure;
199    }
200
201    return rv;
202}
203
204CERTGeneralName *
205CERT_DecodeAltNameExtension(PRArenaPool *reqArena, SECItem *EncodedAltName)
206{
207    SECStatus                  rv = SECSuccess;
208    CERTAltNameEncodedContext  encodedContext;
209    SECItem*                   newEncodedAltName;
210
211    if (!reqArena) {
212        PORT_SetError(SEC_ERROR_INVALID_ARGS);
213        return NULL;
214    }
215
216    newEncodedAltName = SECITEM_ArenaDupItem(reqArena, EncodedAltName);
217    if (!newEncodedAltName) {
218        return NULL;
219    }
220
221    encodedContext.encodedGenName = NULL;
222    PORT_Memset(&encodedContext, 0, sizeof(CERTAltNameEncodedContext));
223    rv = SEC_QuickDERDecodeItem (reqArena, &encodedContext,
224                                 CERT_GeneralNamesTemplate, newEncodedAltName);
225    if (rv == SECFailure) {
226	goto loser;
227    }
228    if (encodedContext.encodedGenName && encodedContext.encodedGenName[0])
229	return cert_DecodeGeneralNames(reqArena,
230                                       encodedContext.encodedGenName);
231    /* Extension contained an empty GeneralNames sequence */
232    /* Treat as extension not found */
233    PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
234loser:
235    return NULL;
236}
237
238
239SECStatus
240CERT_EncodeNameConstraintsExtension(PRArenaPool          *arena, 
241				    CERTNameConstraints  *value,
242				    SECItem              *encodedValue)
243{
244    SECStatus     rv = SECSuccess;
245    
246    rv = cert_EncodeNameConstraints(value, arena, encodedValue);
247    return rv;
248}
249
250
251CERTNameConstraints *
252CERT_DecodeNameConstraintsExtension(PRArenaPool          *arena,
253				    SECItem              *encodedConstraints)
254{
255    return cert_DecodeNameConstraints(arena, encodedConstraints);
256}
257
258
259CERTAuthInfoAccess **
260CERT_DecodeAuthInfoAccessExtension(PRArenaPool *reqArena,
261				   SECItem     *encodedExtension)
262{
263    CERTAuthInfoAccess **info = NULL;
264    SECStatus rv;
265    int i;
266    SECItem* newEncodedExtension;
267
268    if (!reqArena) {
269        PORT_SetError(SEC_ERROR_INVALID_ARGS);
270        return NULL;
271    }
272
273    newEncodedExtension = SECITEM_ArenaDupItem(reqArena, encodedExtension);
274    if (!newEncodedExtension) {
275        return NULL;
276    }
277
278    rv = SEC_QuickDERDecodeItem(reqArena, &info, CERTAuthInfoAccessTemplate, 
279			    newEncodedExtension);
280    if (rv != SECSuccess || info == NULL) {
281	return NULL;
282    }
283
284    for (i = 0; info[i] != NULL; i++) {
285	info[i]->location = CERT_DecodeGeneralName(reqArena,
286						   &(info[i]->derLocation),
287						   NULL);
288    }
289    return info;
290}
291
292SECStatus
293CERT_EncodeInfoAccessExtension(PRArenaPool *arena,
294				   CERTAuthInfoAccess **info,
295				   SECItem *dest)
296{
297    SECItem *dummy;
298    int i;
299
300    PORT_Assert(info != NULL);
301    PORT_Assert(dest != NULL);
302    if (info == NULL || dest == NULL) {
303	return SECFailure;
304    }
305
306    for (i = 0; info[i] != NULL; i++) {
307	if (CERT_EncodeGeneralName(info[i]->location, &(info[i]->derLocation),
308				   arena) == NULL)
309	    /* Note that this may leave some of the locations filled in. */
310	    return SECFailure;
311    }
312    dummy = SEC_ASN1EncodeItem(arena, dest, &info,
313			       CERTAuthInfoAccessTemplate);
314    if (dummy == NULL) {
315	return SECFailure;
316    }
317    return SECSuccess;
318}