The Tor Browser / file comparison
comparison: security/nss/lib/certhigh/crlv2.c
security/nss/lib/certhigh/crlv2.c
- changeset 0
- 6474c204b198
equal
deleted
inserted
replaced
| -1:000000000000 | 0:dc5f34559a8b |
|---|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 4 | |
| 5 /* | |
| 6 * Code for dealing with x.509 v3 crl and crl entries extensions. | |
| 7 */ | |
| 8 | |
| 9 #include "cert.h" | |
| 10 #include "secitem.h" | |
| 11 #include "secoid.h" | |
| 12 #include "secoidt.h" | |
| 13 #include "secder.h" | |
| 14 #include "secasn1.h" | |
| 15 #include "certxutl.h" | |
| 16 | |
| 17 SECStatus | |
| 18 CERT_FindCRLExtensionByOID(CERTCrl *crl, SECItem *oid, SECItem *value) | |
| 19 { | |
| 20 return (cert_FindExtensionByOID (crl->extensions, oid, value)); | |
| 21 } | |
| 22 | |
| 23 | |
| 24 SECStatus | |
| 25 CERT_FindCRLExtension(CERTCrl *crl, int tag, SECItem *value) | |
| 26 { | |
| 27 return (cert_FindExtension (crl->extensions, tag, value)); | |
| 28 } | |
| 29 | |
| 30 | |
| 31 /* Callback to set extensions and adjust verison */ | |
| 32 static void | |
| 33 SetCrlExts(void *object, CERTCertExtension **exts) | |
| 34 { | |
| 35 CERTCrl *crl = (CERTCrl *)object; | |
| 36 | |
| 37 crl->extensions = exts; | |
| 38 DER_SetUInteger (crl->arena, &crl->version, SEC_CRL_VERSION_2); | |
| 39 } | |
| 40 | |
| 41 void * | |
| 42 CERT_StartCRLExtensions(CERTCrl *crl) | |
| 43 { | |
| 44 return (cert_StartExtensions ((void *)crl, crl->arena, SetCrlExts)); | |
| 45 } | |
| 46 | |
| 47 static void | |
| 48 SetCrlEntryExts(void *object, CERTCertExtension **exts) | |
| 49 { | |
| 50 CERTCrlEntry *crlEntry = (CERTCrlEntry *)object; | |
| 51 | |
| 52 crlEntry->extensions = exts; | |
| 53 } | |
| 54 | |
| 55 void * | |
| 56 CERT_StartCRLEntryExtensions(CERTCrl *crl, CERTCrlEntry *entry) | |
| 57 { | |
| 58 return (cert_StartExtensions (entry, crl->arena, SetCrlEntryExts)); | |
| 59 } | |
| 60 | |
| 61 SECStatus CERT_FindCRLNumberExten (PLArenaPool *arena, CERTCrl *crl, | |
| 62 SECItem *value) | |
| 63 { | |
| 64 SECItem encodedExtenValue; | |
| 65 SECItem *tmpItem = NULL; | |
| 66 SECStatus rv; | |
| 67 void *mark = NULL; | |
| 68 | |
| 69 encodedExtenValue.data = NULL; | |
| 70 encodedExtenValue.len = 0; | |
| 71 | |
| 72 rv = cert_FindExtension(crl->extensions, SEC_OID_X509_CRL_NUMBER, | |
| 73 &encodedExtenValue); | |
| 74 if ( rv != SECSuccess ) | |
| 75 return (rv); | |
| 76 | |
| 77 mark = PORT_ArenaMark(arena); | |
| 78 | |
| 79 tmpItem = SECITEM_ArenaDupItem(arena, &encodedExtenValue); | |
| 80 if (tmpItem) { | |
| 81 rv = SEC_QuickDERDecodeItem (arena, value, | |
| 82 SEC_ASN1_GET(SEC_IntegerTemplate), | |
| 83 tmpItem); | |
| 84 } else { | |
| 85 rv = SECFailure; | |
| 86 } | |
| 87 | |
| 88 PORT_Free (encodedExtenValue.data); | |
| 89 if (rv == SECFailure) { | |
| 90 PORT_ArenaRelease(arena, mark); | |
| 91 } else { | |
| 92 PORT_ArenaUnmark(arena, mark); | |
| 93 } | |
| 94 return (rv); | |
| 95 } | |
| 96 | |
| 97 SECStatus CERT_FindCRLEntryReasonExten (CERTCrlEntry *crlEntry, | |
| 98 CERTCRLEntryReasonCode *value) | |
| 99 { | |
| 100 SECItem wrapperItem = {siBuffer,0}; | |
| 101 SECItem tmpItem = {siBuffer,0}; | |
| 102 SECStatus rv; | |
| 103 PLArenaPool *arena = NULL; | |
| 104 | |
| 105 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | |
| 106 if ( ! arena ) { | |
| 107 return(SECFailure); | |
| 108 } | |
| 109 | |
| 110 rv = cert_FindExtension(crlEntry->extensions, SEC_OID_X509_REASON_CODE, | |
| 111 &wrapperItem); | |
| 112 if ( rv != SECSuccess ) { | |
| 113 goto loser; | |
| 114 } | |
| 115 | |
| 116 rv = SEC_QuickDERDecodeItem(arena, &tmpItem, | |
| 117 SEC_ASN1_GET(SEC_EnumeratedTemplate), | |
| 118 &wrapperItem); | |
| 119 | |
| 120 if ( rv != SECSuccess ) { | |
| 121 goto loser; | |
| 122 } | |
| 123 | |
| 124 *value = (CERTCRLEntryReasonCode) DER_GetInteger(&tmpItem); | |
| 125 | |
| 126 loser: | |
| 127 if ( arena ) { | |
| 128 PORT_FreeArena(arena, PR_FALSE); | |
| 129 } | |
| 130 | |
| 131 if ( wrapperItem.data ) { | |
| 132 PORT_Free(wrapperItem.data); | |
| 133 } | |
| 134 | |
| 135 return (rv); | |
| 136 } | |
| 137 | |
| 138 SECStatus CERT_FindInvalidDateExten (CERTCrl *crl, PRTime *value) | |
| 139 { | |
| 140 SECItem encodedExtenValue; | |
| 141 SECItem decodedExtenValue = {siBuffer,0}; | |
| 142 SECStatus rv; | |
| 143 | |
| 144 encodedExtenValue.data = decodedExtenValue.data = NULL; | |
| 145 encodedExtenValue.len = decodedExtenValue.len = 0; | |
| 146 | |
| 147 rv = cert_FindExtension | |
| 148 (crl->extensions, SEC_OID_X509_INVALID_DATE, &encodedExtenValue); | |
| 149 if ( rv != SECSuccess ) | |
| 150 return (rv); | |
| 151 | |
| 152 rv = SEC_ASN1DecodeItem (NULL, &decodedExtenValue, | |
| 153 SEC_ASN1_GET(SEC_GeneralizedTimeTemplate), | |
| 154 &encodedExtenValue); | |
| 155 if (rv == SECSuccess) | |
| 156 rv = DER_GeneralizedTimeToTime(value, &encodedExtenValue); | |
| 157 PORT_Free (decodedExtenValue.data); | |
| 158 PORT_Free (encodedExtenValue.data); | |
| 159 return (rv); | |
| 160 } |
