1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/crmf/crmfget.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,450 @@
1.4 +/* -*- Mode: C; tab-width: 8 -*-*/
1.5 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.6 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.7 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.8 +
1.9 +#include "crmf.h"
1.10 +#include "crmfi.h"
1.11 +#include "keyhi.h"
1.12 +#include "secder.h"
1.13 +
1.14 +
1.15 +CRMFPOPChoice
1.16 +CRMF_CertReqMsgGetPOPType(CRMFCertReqMsg *inCertReqMsg)
1.17 +{
1.18 + PORT_Assert(inCertReqMsg != NULL);
1.19 + if (inCertReqMsg != NULL && inCertReqMsg->pop != NULL) {
1.20 + return inCertReqMsg->pop->popUsed;
1.21 + }
1.22 + return crmfNoPOPChoice;
1.23 +}
1.24 +
1.25 +static SECStatus
1.26 +crmf_destroy_validity(CRMFOptionalValidity *inValidity, PRBool freeit)
1.27 +{
1.28 + if (inValidity != NULL){
1.29 + if (inValidity->notBefore.data != NULL) {
1.30 + PORT_Free(inValidity->notBefore.data);
1.31 + }
1.32 + if (inValidity->notAfter.data != NULL) {
1.33 + PORT_Free(inValidity->notAfter.data);
1.34 + }
1.35 + if (freeit) {
1.36 + PORT_Free(inValidity);
1.37 + }
1.38 + }
1.39 + return SECSuccess;
1.40 +}
1.41 +
1.42 +static SECStatus
1.43 +crmf_copy_cert_request_validity(PLArenaPool *poolp,
1.44 + CRMFOptionalValidity **destValidity,
1.45 + CRMFOptionalValidity *srcValidity)
1.46 +{
1.47 + CRMFOptionalValidity *myValidity = NULL;
1.48 + SECStatus rv;
1.49 +
1.50 + *destValidity = myValidity = (poolp == NULL) ?
1.51 + PORT_ZNew(CRMFOptionalValidity) :
1.52 + PORT_ArenaZNew(poolp, CRMFOptionalValidity);
1.53 + if (myValidity == NULL) {
1.54 + goto loser;
1.55 + }
1.56 + if (srcValidity->notBefore.data != NULL) {
1.57 + rv = SECITEM_CopyItem(poolp, &myValidity->notBefore,
1.58 + &srcValidity->notBefore);
1.59 + if (rv != SECSuccess) {
1.60 + goto loser;
1.61 + }
1.62 + }
1.63 + if (srcValidity->notAfter.data != NULL) {
1.64 + rv = SECITEM_CopyItem(poolp, &myValidity->notAfter,
1.65 + &srcValidity->notAfter);
1.66 + if (rv != SECSuccess) {
1.67 + goto loser;
1.68 + }
1.69 + }
1.70 + return SECSuccess;
1.71 + loser:
1.72 + if (myValidity != NULL && poolp == NULL) {
1.73 + crmf_destroy_validity(myValidity, PR_TRUE);
1.74 + }
1.75 + return SECFailure;
1.76 +}
1.77 +
1.78 +static SECStatus
1.79 +crmf_copy_extensions(PLArenaPool *poolp,
1.80 + CRMFCertTemplate *destTemplate,
1.81 + CRMFCertExtension **srcExt)
1.82 +{
1.83 + int numExt = 0, i;
1.84 + CRMFCertExtension **myExtArray = NULL;
1.85 +
1.86 + while (srcExt[numExt] != NULL) {
1.87 + numExt++;
1.88 + }
1.89 + if (numExt == 0) {
1.90 + /*No extensions to copy.*/
1.91 + destTemplate->extensions = NULL;
1.92 + destTemplate->numExtensions = 0;
1.93 + return SECSuccess;
1.94 + }
1.95 + destTemplate->extensions = myExtArray =
1.96 + PORT_NewArray(CRMFCertExtension*, numExt+1);
1.97 + if (myExtArray == NULL) {
1.98 + goto loser;
1.99 + }
1.100 +
1.101 + for (i=0; i<numExt; i++) {
1.102 + myExtArray[i] = crmf_copy_cert_extension(poolp, srcExt[i]);
1.103 + if (myExtArray[i] == NULL) {
1.104 + goto loser;
1.105 + }
1.106 + }
1.107 + destTemplate->numExtensions = numExt;
1.108 + myExtArray[numExt] = NULL;
1.109 + return SECSuccess;
1.110 + loser:
1.111 + if (myExtArray != NULL) {
1.112 + if (poolp == NULL) {
1.113 + for (i=0; myExtArray[i] != NULL; i++) {
1.114 + CRMF_DestroyCertExtension(myExtArray[i]);
1.115 + }
1.116 + }
1.117 + PORT_Free(myExtArray);
1.118 + }
1.119 + destTemplate->extensions = NULL;
1.120 + destTemplate->numExtensions = 0;
1.121 + return SECFailure;
1.122 +}
1.123 +
1.124 +static SECStatus
1.125 +crmf_copy_cert_request_template(PLArenaPool *poolp,
1.126 + CRMFCertTemplate *destTemplate,
1.127 + CRMFCertTemplate *srcTemplate)
1.128 +{
1.129 + SECStatus rv;
1.130 +
1.131 + if (srcTemplate->version.data != NULL) {
1.132 + rv = SECITEM_CopyItem(poolp, &destTemplate->version,
1.133 + &srcTemplate->version);
1.134 + if (rv != SECSuccess) {
1.135 + goto loser;
1.136 + }
1.137 + }
1.138 + if (srcTemplate->serialNumber.data != NULL) {
1.139 + rv = SECITEM_CopyItem(poolp, &destTemplate->serialNumber,
1.140 + &srcTemplate->serialNumber);
1.141 + if (rv != SECSuccess) {
1.142 + goto loser;
1.143 + }
1.144 + }
1.145 + if (srcTemplate->signingAlg != NULL) {
1.146 + rv = crmf_template_copy_secalg(poolp, &destTemplate->signingAlg,
1.147 + srcTemplate->signingAlg);
1.148 + if (rv != SECSuccess) {
1.149 + goto loser;
1.150 + }
1.151 + }
1.152 + if (srcTemplate->issuer != NULL) {
1.153 + rv = crmf_copy_cert_name(poolp, &destTemplate->issuer,
1.154 + srcTemplate->issuer);
1.155 + if (rv != SECSuccess) {
1.156 + goto loser;
1.157 + }
1.158 + }
1.159 + if (srcTemplate->validity != NULL) {
1.160 + rv = crmf_copy_cert_request_validity(poolp, &destTemplate->validity,
1.161 + srcTemplate->validity);
1.162 + if (rv != SECSuccess) {
1.163 + goto loser;
1.164 + }
1.165 + }
1.166 + if (srcTemplate->subject != NULL) {
1.167 + rv = crmf_copy_cert_name(poolp, &destTemplate->subject,
1.168 + srcTemplate->subject);
1.169 + if (rv != SECSuccess) {
1.170 + goto loser;
1.171 + }
1.172 + }
1.173 + if (srcTemplate->publicKey != NULL) {
1.174 + rv = crmf_template_add_public_key(poolp, &destTemplate->publicKey,
1.175 + srcTemplate->publicKey);
1.176 + if (rv != SECSuccess) {
1.177 + goto loser;
1.178 + }
1.179 + }
1.180 + if (srcTemplate->issuerUID.data != NULL) {
1.181 + rv = crmf_make_bitstring_copy(poolp, &destTemplate->issuerUID,
1.182 + &srcTemplate->issuerUID);
1.183 + if (rv != SECSuccess) {
1.184 + goto loser;
1.185 + }
1.186 + }
1.187 + if (srcTemplate->subjectUID.data != NULL) {
1.188 + rv = crmf_make_bitstring_copy(poolp, &destTemplate->subjectUID,
1.189 + &srcTemplate->subjectUID);
1.190 + if (rv != SECSuccess) {
1.191 + goto loser;
1.192 + }
1.193 + }
1.194 + if (srcTemplate->extensions != NULL) {
1.195 + rv = crmf_copy_extensions(poolp, destTemplate,
1.196 + srcTemplate->extensions);
1.197 + if (rv != SECSuccess) {
1.198 + goto loser;
1.199 + }
1.200 + }
1.201 + return SECSuccess;
1.202 + loser:
1.203 + return SECFailure;
1.204 +}
1.205 +
1.206 +static CRMFControl*
1.207 +crmf_copy_control(PLArenaPool *poolp, CRMFControl *srcControl)
1.208 +{
1.209 + CRMFControl *newControl;
1.210 + SECStatus rv;
1.211 +
1.212 + newControl = (poolp == NULL) ? PORT_ZNew(CRMFControl) :
1.213 + PORT_ArenaZNew(poolp, CRMFControl);
1.214 + if (newControl == NULL) {
1.215 + goto loser;
1.216 + }
1.217 + newControl->tag = srcControl->tag;
1.218 + rv = SECITEM_CopyItem(poolp, &newControl->derTag, &srcControl->derTag);
1.219 + if (rv != SECSuccess) {
1.220 + goto loser;
1.221 + }
1.222 + rv = SECITEM_CopyItem(poolp, &newControl->derValue, &srcControl->derValue);
1.223 + if (rv != SECSuccess) {
1.224 + goto loser;
1.225 + }
1.226 + /* We only handle PKIArchiveOptions Control right now. But if in
1.227 + * the future, more controls that are part of the union are added,
1.228 + * then they need to be handled here as well.
1.229 + */
1.230 + switch (newControl->tag) {
1.231 + case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
1.232 + rv = crmf_copy_pkiarchiveoptions(poolp,
1.233 + &newControl->value.archiveOptions,
1.234 + &srcControl->value.archiveOptions);
1.235 + break;
1.236 + default:
1.237 + rv = SECSuccess;
1.238 + }
1.239 + if (rv != SECSuccess) {
1.240 + goto loser;
1.241 + }
1.242 + return newControl;
1.243 +
1.244 + loser:
1.245 + if (poolp == NULL && newControl != NULL) {
1.246 + CRMF_DestroyControl(newControl);
1.247 + }
1.248 + return NULL;
1.249 +}
1.250 +
1.251 +static SECStatus
1.252 +crmf_copy_cert_request_controls(PLArenaPool *poolp,
1.253 + CRMFCertRequest *destReq,
1.254 + CRMFCertRequest *srcReq)
1.255 +{
1.256 + int numControls, i;
1.257 + CRMFControl **myControls = NULL;
1.258 +
1.259 + numControls = CRMF_CertRequestGetNumControls(srcReq);
1.260 + if (numControls == 0) {
1.261 + /* No Controls To Copy*/
1.262 + return SECSuccess;
1.263 + }
1.264 + myControls = destReq->controls = PORT_NewArray(CRMFControl*,
1.265 + numControls+1);
1.266 + if (myControls == NULL) {
1.267 + goto loser;
1.268 + }
1.269 + for (i=0; i<numControls; i++) {
1.270 + myControls[i] = crmf_copy_control(poolp, srcReq->controls[i]);
1.271 + if (myControls[i] == NULL) {
1.272 + goto loser;
1.273 + }
1.274 + }
1.275 + myControls[numControls] = NULL;
1.276 + return SECSuccess;
1.277 + loser:
1.278 + if (myControls != NULL) {
1.279 + if (poolp == NULL) {
1.280 + for (i=0; myControls[i] != NULL; i++) {
1.281 + CRMF_DestroyControl(myControls[i]);
1.282 + }
1.283 + }
1.284 + PORT_Free(myControls);
1.285 + }
1.286 + return SECFailure;
1.287 +}
1.288 +
1.289 +
1.290 +CRMFCertRequest*
1.291 +crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq)
1.292 +{
1.293 + CRMFCertRequest *newReq = NULL;
1.294 + SECStatus rv;
1.295 +
1.296 + if (srcReq == NULL) {
1.297 + return NULL;
1.298 + }
1.299 + newReq = (poolp == NULL) ? PORT_ZNew(CRMFCertRequest) :
1.300 + PORT_ArenaZNew(poolp, CRMFCertRequest);
1.301 + if (newReq == NULL) {
1.302 + goto loser;
1.303 + }
1.304 + rv = SECITEM_CopyItem(poolp, &newReq->certReqId, &srcReq->certReqId);
1.305 + if (rv != SECSuccess) {
1.306 + goto loser;
1.307 + }
1.308 + rv = crmf_copy_cert_request_template(poolp, &newReq->certTemplate,
1.309 + &srcReq->certTemplate);
1.310 + if (rv != SECSuccess) {
1.311 + goto loser;
1.312 + }
1.313 + rv = crmf_copy_cert_request_controls(poolp, newReq, srcReq);
1.314 + if (rv != SECSuccess) {
1.315 + goto loser;
1.316 + }
1.317 + return newReq;
1.318 + loser:
1.319 + if (newReq != NULL && poolp == NULL) {
1.320 + CRMF_DestroyCertRequest(newReq);
1.321 + PORT_Free(newReq);
1.322 + }
1.323 + return NULL;
1.324 +}
1.325 +
1.326 +SECStatus
1.327 +CRMF_DestroyGetValidity(CRMFGetValidity *inValidity)
1.328 +{
1.329 + PORT_Assert(inValidity != NULL);
1.330 + if (inValidity != NULL) {
1.331 + if (inValidity->notAfter) {
1.332 + PORT_Free(inValidity->notAfter);
1.333 + inValidity->notAfter = NULL;
1.334 + }
1.335 + if (inValidity->notBefore) {
1.336 + PORT_Free(inValidity->notBefore);
1.337 + inValidity->notBefore = NULL;
1.338 + }
1.339 + }
1.340 + return SECSuccess;
1.341 +}
1.342 +
1.343 +SECStatus
1.344 +crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest, SECItem *src)
1.345 +{
1.346 + int origLenBits;
1.347 + int bytesToCopy;
1.348 + SECStatus rv;
1.349 +
1.350 + origLenBits = src->len;
1.351 + bytesToCopy = CRMF_BITS_TO_BYTES(origLenBits);
1.352 + src->len = bytesToCopy;
1.353 + rv = SECITEM_CopyItem(arena, dest, src);
1.354 + src->len = origLenBits;
1.355 + if (rv != SECSuccess) {
1.356 + return rv;
1.357 + }
1.358 + dest->len = origLenBits;
1.359 + return SECSuccess;
1.360 +}
1.361 +
1.362 +int
1.363 +CRMF_CertRequestGetNumberOfExtensions(CRMFCertRequest *inCertReq)
1.364 +{
1.365 + CRMFCertTemplate *certTemplate;
1.366 + int count = 0;
1.367 +
1.368 + certTemplate = &inCertReq->certTemplate;
1.369 + if (certTemplate->extensions) {
1.370 + while (certTemplate->extensions[count] != NULL)
1.371 + count++;
1.372 + }
1.373 + return count;
1.374 +}
1.375 +
1.376 +SECOidTag
1.377 +CRMF_CertExtensionGetOidTag(CRMFCertExtension *inExtension)
1.378 +{
1.379 + PORT_Assert(inExtension != NULL);
1.380 + if (inExtension == NULL) {
1.381 + return SEC_OID_UNKNOWN;
1.382 + }
1.383 + return SECOID_FindOIDTag(&inExtension->id);
1.384 +}
1.385 +
1.386 +PRBool
1.387 +CRMF_CertExtensionGetIsCritical(CRMFCertExtension *inExt)
1.388 +{
1.389 + PORT_Assert(inExt != NULL);
1.390 + if (inExt == NULL) {
1.391 + return PR_FALSE;
1.392 + }
1.393 + return inExt->critical.data != NULL;
1.394 +}
1.395 +
1.396 +SECItem*
1.397 +CRMF_CertExtensionGetValue(CRMFCertExtension *inExtension)
1.398 +{
1.399 + PORT_Assert(inExtension != NULL);
1.400 + if (inExtension == NULL) {
1.401 + return NULL;
1.402 + }
1.403 +
1.404 + return SECITEM_DupItem(&inExtension->value);
1.405 +}
1.406 +
1.407 +
1.408 +SECStatus
1.409 +CRMF_DestroyPOPOSigningKey(CRMFPOPOSigningKey *inKey)
1.410 +{
1.411 + PORT_Assert(inKey != NULL);
1.412 + if (inKey != NULL) {
1.413 + if (inKey->derInput.data != NULL) {
1.414 + SECITEM_FreeItem(&inKey->derInput, PR_FALSE);
1.415 + }
1.416 + if (inKey->algorithmIdentifier != NULL) {
1.417 + SECOID_DestroyAlgorithmID(inKey->algorithmIdentifier, PR_TRUE);
1.418 + }
1.419 + if (inKey->signature.data != NULL) {
1.420 + SECITEM_FreeItem(&inKey->signature, PR_FALSE);
1.421 + }
1.422 + PORT_Free(inKey);
1.423 + }
1.424 + return SECSuccess;
1.425 +}
1.426 +
1.427 +SECStatus
1.428 +CRMF_DestroyPOPOPrivKey(CRMFPOPOPrivKey *inPrivKey)
1.429 +{
1.430 + PORT_Assert(inPrivKey != NULL);
1.431 + if (inPrivKey != NULL) {
1.432 + SECITEM_FreeItem(&inPrivKey->message.thisMessage, PR_FALSE);
1.433 + PORT_Free(inPrivKey);
1.434 + }
1.435 + return SECSuccess;
1.436 +}
1.437 +
1.438 +int
1.439 +CRMF_CertRequestGetNumControls(CRMFCertRequest *inCertReq)
1.440 +{
1.441 + int count = 0;
1.442 +
1.443 + PORT_Assert(inCertReq != NULL);
1.444 + if (inCertReq == NULL) {
1.445 + return 0;
1.446 + }
1.447 + if (inCertReq->controls) {
1.448 + while (inCertReq->controls[count] != NULL)
1.449 + count++;
1.450 + }
1.451 + return count;
1.452 +}
1.453 +
