The Tor Browser / file diff

diff: security/nss/lib/certdb/xauthkid.c

security/nss/lib/certdb/xauthkid.c

changeset 0
6474c204b198
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/security/nss/lib/certdb/xauthkid.c	Wed Dec 31 06:09:35 2014 +0100
     1.3 @@ -0,0 +1,128 @@
     1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
     1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
     1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
     1.7 +
     1.8 +/*
     1.9 + * X.509 v3 Subject Key Usage Extension 
    1.10 + *
    1.11 + */
    1.12 +
    1.13 +#include "prtypes.h"
    1.14 +#include "seccomon.h"
    1.15 +#include "secdert.h"
    1.16 +#include "secoidt.h"
    1.17 +#include "secasn1t.h"
    1.18 +#include "secasn1.h"
    1.19 +#include "secport.h"
    1.20 +#include "certt.h"  
    1.21 +#include "genname.h"
    1.22 +#include "secerr.h"
    1.23 +
    1.24 +SEC_ASN1_MKSUB(SEC_IntegerTemplate)
    1.25 +SEC_ASN1_MKSUB(SEC_OctetStringTemplate)
    1.26 +
    1.27 +const SEC_ASN1Template CERTAuthKeyIDTemplate[] = {
    1.28 +    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAuthKeyID) },
    1.29 +    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
    1.30 +	  offsetof(CERTAuthKeyID,keyID), SEC_ASN1_SUB(SEC_OctetStringTemplate)},
    1.31 +    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC  | 1,
    1.32 +          offsetof(CERTAuthKeyID, DERAuthCertIssuer), CERT_GeneralNamesTemplate},
    1.33 +    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
    1.34 +	  offsetof(CERTAuthKeyID,authCertSerialNumber),
    1.35 +          SEC_ASN1_SUB(SEC_IntegerTemplate) },
    1.36 +    { 0 }
    1.37 +};
    1.38 +
    1.39 +
    1.40 +
    1.41 +SECStatus CERT_EncodeAuthKeyID (PLArenaPool *arena, CERTAuthKeyID *value, SECItem *encodedValue)
    1.42 +{
    1.43 +    SECStatus rv = SECFailure;
    1.44 + 
    1.45 +    PORT_Assert (value);
    1.46 +    PORT_Assert (arena);
    1.47 +    PORT_Assert (value->DERAuthCertIssuer == NULL);
    1.48 +    PORT_Assert (encodedValue);
    1.49 +
    1.50 +    do {
    1.51 +	
    1.52 +	/* If both of the authCertIssuer and the serial number exist, encode
    1.53 +	   the name first.  Otherwise, it is an error if one exist and the other
    1.54 +	   is not.
    1.55 +	 */
    1.56 +	if (value->authCertIssuer) {
    1.57 +	    if (!value->authCertSerialNumber.data) {
    1.58 +		PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
    1.59 +		break;
    1.60 +	    }
    1.61 +
    1.62 +	    value->DERAuthCertIssuer = cert_EncodeGeneralNames
    1.63 +		(arena, value->authCertIssuer);
    1.64 +	    if (!value->DERAuthCertIssuer) {
    1.65 +		PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
    1.66 +		break;
    1.67 +	    }
    1.68 +	}
    1.69 +	else if (value->authCertSerialNumber.data) {
    1.70 +		PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
    1.71 +		break;
    1.72 +	}
    1.73 +
    1.74 +	if (SEC_ASN1EncodeItem (arena, encodedValue, value,
    1.75 +				CERTAuthKeyIDTemplate) == NULL)
    1.76 +	    break;
    1.77 +	rv = SECSuccess;
    1.78 +
    1.79 +    } while (0);
    1.80 +     return(rv);
    1.81 +}
    1.82 +
    1.83 +CERTAuthKeyID *
    1.84 +CERT_DecodeAuthKeyID (PLArenaPool *arena, const SECItem *encodedValue)
    1.85 +{
    1.86 +    CERTAuthKeyID * value = NULL;
    1.87 +    SECStatus       rv    = SECFailure;
    1.88 +    void *          mark;
    1.89 +    SECItem         newEncodedValue;
    1.90 +
    1.91 +    PORT_Assert (arena);
    1.92 +   
    1.93 +    do {
    1.94 +	mark = PORT_ArenaMark (arena);
    1.95 +	value = (CERTAuthKeyID*)PORT_ArenaZAlloc (arena, sizeof (*value));
    1.96 +	if (value == NULL)
    1.97 +	    break;
    1.98 +	value->DERAuthCertIssuer = NULL;
    1.99 +        /* copy the DER into the arena, since Quick DER returns data that points
   1.100 +           into the DER input, which may get freed by the caller */
   1.101 +        rv = SECITEM_CopyItem(arena, &newEncodedValue, encodedValue);
   1.102 +        if ( rv != SECSuccess ) {
   1.103 +	    break;
   1.104 +        }
   1.105 +
   1.106 +        rv = SEC_QuickDERDecodeItem
   1.107 +	     (arena, value, CERTAuthKeyIDTemplate, &newEncodedValue);
   1.108 +	if (rv != SECSuccess)
   1.109 +	    break;
   1.110 +
   1.111 +        value->authCertIssuer = cert_DecodeGeneralNames (arena, value->DERAuthCertIssuer);
   1.112 +	if (value->authCertIssuer == NULL)
   1.113 +	    break;
   1.114 +	
   1.115 +	/* what if the general name contains other format but not URI ?
   1.116 +	   hl
   1.117 +	 */
   1.118 +	if ((value->authCertSerialNumber.data && !value->authCertIssuer) ||
   1.119 +	    (!value->authCertSerialNumber.data && value->authCertIssuer)){
   1.120 +	    PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
   1.121 +	    break;
   1.122 +	}
   1.123 +    } while (0);
   1.124 +
   1.125 +    if (rv != SECSuccess) {
   1.126 +	PORT_ArenaRelease (arena, mark);
   1.127 +	return ((CERTAuthKeyID *)NULL);	    
   1.128 +    } 
   1.129 +    PORT_ArenaUnmark(arena, mark);
   1.130 +    return (value);
   1.131 +}

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial