1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/crmf/servget.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,978 @@
1.4 +/* -*- Mode: C; tab-width: 8 -*-*/
1.5 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.6 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.7 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.8 +
1.9 +
1.10 +#include "cmmf.h"
1.11 +#include "cmmfi.h"
1.12 +#include "secitem.h"
1.13 +#include "keyhi.h"
1.14 +#include "secder.h"
1.15 +
1.16 +CRMFEncryptedKeyChoice
1.17 +CRMF_EncryptedKeyGetChoice(CRMFEncryptedKey *inEncrKey)
1.18 +{
1.19 + PORT_Assert(inEncrKey != NULL);
1.20 + if (inEncrKey == NULL) {
1.21 + return crmfNoEncryptedKeyChoice;
1.22 + }
1.23 + return inEncrKey->encKeyChoice;
1.24 +}
1.25 +
1.26 +CRMFEncryptedValue*
1.27 +CRMF_EncryptedKeyGetEncryptedValue(CRMFEncryptedKey *inEncrKey)
1.28 +{
1.29 + CRMFEncryptedValue *newEncrValue = NULL;
1.30 + SECStatus rv;
1.31 +
1.32 + PORT_Assert(inEncrKey != NULL);
1.33 + if (inEncrKey == NULL ||
1.34 + CRMF_EncryptedKeyGetChoice(inEncrKey) != crmfEncryptedValueChoice) {
1.35 + goto loser;
1.36 + }
1.37 + newEncrValue = PORT_ZNew(CRMFEncryptedValue);
1.38 + if (newEncrValue == NULL) {
1.39 + goto loser;
1.40 + }
1.41 + rv = crmf_copy_encryptedvalue(NULL, &inEncrKey->value.encryptedValue,
1.42 + newEncrValue);
1.43 + if (rv != SECSuccess) {
1.44 + goto loser;
1.45 + }
1.46 + return newEncrValue;
1.47 + loser:
1.48 + if (newEncrValue != NULL) {
1.49 + CRMF_DestroyEncryptedValue(newEncrValue);
1.50 + }
1.51 + return NULL;
1.52 +}
1.53 +
1.54 +static SECItem*
1.55 +crmf_get_encvalue_bitstring(SECItem *srcItem)
1.56 +{
1.57 + SECItem *newItem = NULL;
1.58 + SECStatus rv;
1.59 +
1.60 + if (srcItem->data == NULL) {
1.61 + return NULL;
1.62 + }
1.63 + newItem = PORT_ZNew(SECItem);
1.64 + if (newItem == NULL) {
1.65 + goto loser;
1.66 + }
1.67 + rv = crmf_make_bitstring_copy(NULL, newItem, srcItem);
1.68 + if (rv != SECSuccess) {
1.69 + goto loser;
1.70 + }
1.71 + return newItem;
1.72 + loser:
1.73 + if (newItem != NULL) {
1.74 + SECITEM_FreeItem(newItem, PR_TRUE);
1.75 + }
1.76 + return NULL;
1.77 +}
1.78 +
1.79 +SECItem*
1.80 +CRMF_EncryptedValueGetEncSymmKey(CRMFEncryptedValue *inEncValue)
1.81 +{
1.82 + if (inEncValue == NULL) {
1.83 + return NULL;
1.84 + }
1.85 + return crmf_get_encvalue_bitstring(&inEncValue->encSymmKey);
1.86 +}
1.87 +
1.88 +SECItem*
1.89 +CRMF_EncryptedValueGetEncValue(CRMFEncryptedValue *inEncrValue)
1.90 +{
1.91 + if (inEncrValue == NULL || inEncrValue->encValue.data == NULL) {
1.92 + return NULL;
1.93 + }
1.94 + return crmf_get_encvalue_bitstring(&inEncrValue->encValue);
1.95 +}
1.96 +
1.97 +static SECAlgorithmID*
1.98 +crmf_get_encvalue_algid(SECAlgorithmID *srcAlg)
1.99 +{
1.100 + SECStatus rv;
1.101 + SECAlgorithmID *newAlgID;
1.102 +
1.103 + if (srcAlg == NULL) {
1.104 + return NULL;
1.105 + }
1.106 + rv = crmf_copy_encryptedvalue_secalg(NULL, srcAlg, &newAlgID);
1.107 + if (rv != SECSuccess) {
1.108 + return NULL;
1.109 + }
1.110 + return newAlgID;
1.111 +}
1.112 +
1.113 +SECAlgorithmID*
1.114 +CRMF_EncryptedValueGetIntendedAlg(CRMFEncryptedValue *inEncValue)
1.115 +{
1.116 + if (inEncValue == NULL) {
1.117 + return NULL;
1.118 + }
1.119 + return crmf_get_encvalue_algid(inEncValue->intendedAlg);
1.120 +}
1.121 +
1.122 +SECAlgorithmID*
1.123 +CRMF_EncryptedValueGetKeyAlg(CRMFEncryptedValue *inEncValue)
1.124 +{
1.125 + if (inEncValue == NULL) {
1.126 + return NULL;
1.127 + }
1.128 + return crmf_get_encvalue_algid(inEncValue->keyAlg);
1.129 +}
1.130 +
1.131 +SECAlgorithmID*
1.132 +CRMF_EncryptedValueGetSymmAlg(CRMFEncryptedValue *inEncValue)
1.133 +{
1.134 + if (inEncValue == NULL) {
1.135 + return NULL;
1.136 + }
1.137 + return crmf_get_encvalue_algid(inEncValue->symmAlg);
1.138 +}
1.139 +
1.140 +SECItem*
1.141 +CRMF_EncryptedValueGetValueHint(CRMFEncryptedValue *inEncValue)
1.142 +{
1.143 + if (inEncValue == NULL || inEncValue->valueHint.data == NULL) {
1.144 + return NULL;
1.145 + }
1.146 + return SECITEM_DupItem(&inEncValue->valueHint);
1.147 +}
1.148 +
1.149 +SECStatus
1.150 +CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey(CRMFPKIArchiveOptions *inOpt,
1.151 + PRBool *destVal)
1.152 +{
1.153 + if (inOpt == NULL || destVal == NULL ||
1.154 + CRMF_PKIArchiveOptionsGetOptionType(inOpt) != crmfArchiveRemGenPrivKey){
1.155 + return SECFailure;
1.156 + }
1.157 + *destVal = (inOpt->option.archiveRemGenPrivKey.data[0] == hexFalse)
1.158 + ? PR_FALSE:
1.159 + PR_TRUE;
1.160 + return SECSuccess;
1.161 +}
1.162 +
1.163 +CRMFEncryptedKey*
1.164 +CRMF_PKIArchiveOptionsGetEncryptedPrivKey(CRMFPKIArchiveOptions *inOpts)
1.165 +{
1.166 + CRMFEncryptedKey *newEncrKey = NULL;
1.167 + SECStatus rv;
1.168 +
1.169 + PORT_Assert(inOpts != NULL);
1.170 + if (inOpts == NULL ||
1.171 + CRMF_PKIArchiveOptionsGetOptionType(inOpts) != crmfEncryptedPrivateKey){
1.172 + return NULL;
1.173 + }
1.174 + newEncrKey = PORT_ZNew(CRMFEncryptedKey);
1.175 + if (newEncrKey == NULL) {
1.176 + goto loser;
1.177 + }
1.178 + rv = crmf_copy_encryptedkey(NULL, &inOpts->option.encryptedKey,
1.179 + newEncrKey);
1.180 + if (rv != SECSuccess) {
1.181 + goto loser;
1.182 + }
1.183 + return newEncrKey;
1.184 + loser:
1.185 + if (newEncrKey != NULL) {
1.186 + CRMF_DestroyEncryptedKey(newEncrKey);
1.187 + }
1.188 + return NULL;
1.189 +}
1.190 +
1.191 +SECItem*
1.192 +CRMF_PKIArchiveOptionsGetKeyGenParameters(CRMFPKIArchiveOptions *inOptions)
1.193 +{
1.194 + if (inOptions == NULL ||
1.195 + CRMF_PKIArchiveOptionsGetOptionType(inOptions) != crmfKeyGenParameters ||
1.196 + inOptions->option.keyGenParameters.data == NULL) {
1.197 + return NULL;
1.198 + }
1.199 + return SECITEM_DupItem(&inOptions->option.keyGenParameters);
1.200 +}
1.201 +
1.202 +CRMFPKIArchiveOptionsType
1.203 +CRMF_PKIArchiveOptionsGetOptionType(CRMFPKIArchiveOptions *inOptions)
1.204 +{
1.205 + PORT_Assert (inOptions != NULL);
1.206 + if (inOptions == NULL) {
1.207 + return crmfNoArchiveOptions;
1.208 + }
1.209 + return inOptions->archOption;
1.210 +}
1.211 +
1.212 +static SECStatus
1.213 +crmf_extract_long_from_item(SECItem *intItem, long *destLong)
1.214 +{
1.215 + *destLong = DER_GetInteger(intItem);
1.216 + return (*destLong == -1) ? SECFailure : SECSuccess;
1.217 +}
1.218 +
1.219 +SECStatus
1.220 +CRMF_POPOPrivGetKeySubseqMess(CRMFPOPOPrivKey *inKey,
1.221 + CRMFSubseqMessOptions *destOpt)
1.222 +{
1.223 + long value;
1.224 + SECStatus rv;
1.225 +
1.226 + PORT_Assert(inKey != NULL);
1.227 + if (inKey == NULL ||
1.228 + inKey->messageChoice != crmfSubsequentMessage) {
1.229 + return SECFailure;
1.230 + }
1.231 + rv = crmf_extract_long_from_item(&inKey->message.subsequentMessage,&value);
1.232 + if (rv != SECSuccess) {
1.233 + return SECFailure;
1.234 + }
1.235 + switch (value) {
1.236 + case 0:
1.237 + *destOpt = crmfEncrCert;
1.238 + break;
1.239 + case 1:
1.240 + *destOpt = crmfChallengeResp;
1.241 + break;
1.242 + default:
1.243 + rv = SECFailure;
1.244 + }
1.245 + if (rv != SECSuccess) {
1.246 + return rv;
1.247 + }
1.248 + return SECSuccess;
1.249 +}
1.250 +
1.251 +CRMFPOPOPrivKeyChoice
1.252 +CRMF_POPOPrivKeyGetChoice(CRMFPOPOPrivKey *inPrivKey)
1.253 +{
1.254 + PORT_Assert(inPrivKey != NULL);
1.255 + if (inPrivKey != NULL) {
1.256 + return inPrivKey->messageChoice;
1.257 + }
1.258 + return crmfNoMessage;
1.259 +}
1.260 +
1.261 +SECStatus
1.262 +CRMF_POPOPrivKeyGetDHMAC(CRMFPOPOPrivKey *inKey, SECItem *destMAC)
1.263 +{
1.264 + PORT_Assert(inKey != NULL);
1.265 + if (inKey == NULL || inKey->message.dhMAC.data == NULL) {
1.266 + return SECFailure;
1.267 + }
1.268 + return crmf_make_bitstring_copy(NULL, destMAC, &inKey->message.dhMAC);
1.269 +}
1.270 +
1.271 +SECStatus
1.272 +CRMF_POPOPrivKeyGetThisMessage(CRMFPOPOPrivKey *inKey,
1.273 + SECItem *destString)
1.274 +{
1.275 + PORT_Assert(inKey != NULL);
1.276 + if (inKey == NULL ||
1.277 + inKey->messageChoice != crmfThisMessage) {
1.278 + return SECFailure;
1.279 + }
1.280 +
1.281 + return crmf_make_bitstring_copy(NULL, destString,
1.282 + &inKey->message.thisMessage);
1.283 +}
1.284 +
1.285 +SECAlgorithmID*
1.286 +CRMF_POPOSigningKeyGetAlgID(CRMFPOPOSigningKey *inSignKey)
1.287 +{
1.288 + SECAlgorithmID *newAlgId = NULL;
1.289 + SECStatus rv;
1.290 +
1.291 + PORT_Assert(inSignKey != NULL);
1.292 + if (inSignKey == NULL) {
1.293 + return NULL;
1.294 + }
1.295 + newAlgId = PORT_ZNew(SECAlgorithmID);
1.296 + if (newAlgId == NULL) {
1.297 + goto loser;
1.298 + }
1.299 + rv = SECOID_CopyAlgorithmID(NULL, newAlgId,
1.300 + inSignKey->algorithmIdentifier);
1.301 + if (rv != SECSuccess) {
1.302 + goto loser;
1.303 + }
1.304 + return newAlgId;
1.305 +
1.306 + loser:
1.307 + if (newAlgId != NULL) {
1.308 + SECOID_DestroyAlgorithmID(newAlgId, PR_TRUE);
1.309 + }
1.310 + return NULL;
1.311 +}
1.312 +
1.313 +SECItem*
1.314 +CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey)
1.315 +{
1.316 + PORT_Assert(inSignKey != NULL);
1.317 + if (inSignKey == NULL || inSignKey->derInput.data == NULL) {
1.318 + return NULL;
1.319 + }
1.320 + return SECITEM_DupItem(&inSignKey->derInput);
1.321 +}
1.322 +
1.323 +SECItem*
1.324 +CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey)
1.325 +{
1.326 + SECItem *newSig = NULL;
1.327 + SECStatus rv;
1.328 +
1.329 + PORT_Assert(inSignKey != NULL);
1.330 + if (inSignKey == NULL) {
1.331 + return NULL;
1.332 + }
1.333 + newSig = PORT_ZNew(SECItem);
1.334 + if (newSig == NULL) {
1.335 + goto loser;
1.336 + }
1.337 + rv = crmf_make_bitstring_copy(NULL, newSig, &inSignKey->signature);
1.338 + if (rv != SECSuccess) {
1.339 + goto loser;
1.340 + }
1.341 + return newSig;
1.342 + loser:
1.343 + if (newSig != NULL) {
1.344 + SECITEM_FreeItem(newSig, PR_TRUE);
1.345 + }
1.346 + return NULL;
1.347 +}
1.348 +
1.349 +static SECStatus
1.350 +crmf_copy_poposigningkey(PLArenaPool *poolp,
1.351 + CRMFPOPOSigningKey *inPopoSignKey,
1.352 + CRMFPOPOSigningKey *destPopoSignKey)
1.353 +{
1.354 + SECStatus rv;
1.355 +
1.356 + /* We don't support use of the POPOSigningKeyInput, so we'll only
1.357 + * store away the DER encoding.
1.358 + */
1.359 + if (inPopoSignKey->derInput.data != NULL) {
1.360 + rv = SECITEM_CopyItem(poolp, &destPopoSignKey->derInput,
1.361 + &inPopoSignKey->derInput);
1.362 + }
1.363 + destPopoSignKey->algorithmIdentifier = (poolp == NULL) ?
1.364 + PORT_ZNew(SECAlgorithmID) :
1.365 + PORT_ArenaZNew(poolp, SECAlgorithmID);
1.366 +
1.367 + if (destPopoSignKey->algorithmIdentifier == NULL) {
1.368 + goto loser;
1.369 + }
1.370 + rv = SECOID_CopyAlgorithmID(poolp, destPopoSignKey->algorithmIdentifier,
1.371 + inPopoSignKey->algorithmIdentifier);
1.372 + if (rv != SECSuccess) {
1.373 + goto loser;
1.374 + }
1.375 +
1.376 + rv = crmf_make_bitstring_copy(poolp, &destPopoSignKey->signature,
1.377 + &inPopoSignKey->signature);
1.378 + if (rv != SECSuccess) {
1.379 + goto loser;
1.380 + }
1.381 + return SECSuccess;
1.382 + loser:
1.383 + if (poolp == NULL) {
1.384 + CRMF_DestroyPOPOSigningKey(destPopoSignKey);
1.385 + }
1.386 + return SECFailure;
1.387 +}
1.388 +
1.389 +static SECStatus
1.390 +crmf_copy_popoprivkey(PLArenaPool *poolp,
1.391 + CRMFPOPOPrivKey *srcPrivKey,
1.392 + CRMFPOPOPrivKey *destPrivKey)
1.393 +{
1.394 + SECStatus rv;
1.395 +
1.396 + destPrivKey->messageChoice = srcPrivKey->messageChoice;
1.397 + switch (destPrivKey->messageChoice) {
1.398 + case crmfThisMessage:
1.399 + case crmfDHMAC:
1.400 + /* I've got a union, so taking the address of one, will also give
1.401 + * me a pointer to the other (eg, message.dhMAC)
1.402 + */
1.403 + rv = crmf_make_bitstring_copy(poolp, &destPrivKey->message.thisMessage,
1.404 + &srcPrivKey->message.thisMessage);
1.405 + break;
1.406 + case crmfSubsequentMessage:
1.407 + rv = SECITEM_CopyItem(poolp, &destPrivKey->message.subsequentMessage,
1.408 + &srcPrivKey->message.subsequentMessage);
1.409 + break;
1.410 + default:
1.411 + rv = SECFailure;
1.412 + }
1.413 +
1.414 + if (rv != SECSuccess && poolp == NULL) {
1.415 + CRMF_DestroyPOPOPrivKey(destPrivKey);
1.416 + }
1.417 + return rv;
1.418 +}
1.419 +
1.420 +static CRMFProofOfPossession*
1.421 +crmf_copy_pop(PLArenaPool *poolp, CRMFProofOfPossession *srcPOP)
1.422 +{
1.423 + CRMFProofOfPossession *newPOP;
1.424 + SECStatus rv;
1.425 +
1.426 + /*
1.427 + * Proof Of Possession structures are always part of the Request
1.428 + * message, so there will always be an arena for allocating memory.
1.429 + */
1.430 + if (poolp == NULL) {
1.431 + return NULL;
1.432 + }
1.433 + newPOP = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
1.434 + if (newPOP == NULL) {
1.435 + return NULL;
1.436 + }
1.437 + switch (srcPOP->popUsed) {
1.438 + case crmfRAVerified:
1.439 + newPOP->popChoice.raVerified.data = NULL;
1.440 + newPOP->popChoice.raVerified.len = 0;
1.441 + break;
1.442 + case crmfSignature:
1.443 + rv = crmf_copy_poposigningkey(poolp, &srcPOP->popChoice.signature,
1.444 + &newPOP->popChoice.signature);
1.445 + if (rv != SECSuccess) {
1.446 + goto loser;
1.447 + }
1.448 + break;
1.449 + case crmfKeyEncipherment:
1.450 + case crmfKeyAgreement:
1.451 + /* We've got a union, so a pointer to one, is a pointer to the
1.452 + * other one.
1.453 + */
1.454 + rv = crmf_copy_popoprivkey(poolp, &srcPOP->popChoice.keyEncipherment,
1.455 + &newPOP->popChoice.keyEncipherment);
1.456 + if (rv != SECSuccess) {
1.457 + goto loser;
1.458 + }
1.459 + break;
1.460 + default:
1.461 + goto loser;
1.462 + }
1.463 + newPOP->popUsed = srcPOP->popUsed;
1.464 + return newPOP;
1.465 +
1.466 + loser:
1.467 + return NULL;
1.468 +}
1.469 +
1.470 +static CRMFCertReqMsg*
1.471 +crmf_copy_cert_req_msg(CRMFCertReqMsg *srcReqMsg)
1.472 +{
1.473 + CRMFCertReqMsg *newReqMsg;
1.474 + PLArenaPool *poolp;
1.475 +
1.476 + poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
1.477 + if (poolp == NULL) {
1.478 + return NULL;
1.479 + }
1.480 + newReqMsg = PORT_ArenaZNew(poolp, CRMFCertReqMsg);
1.481 + if (newReqMsg == NULL) {
1.482 + PORT_FreeArena(poolp, PR_TRUE);
1.483 + return NULL;
1.484 + }
1.485 +
1.486 + newReqMsg->poolp = poolp;
1.487 + newReqMsg->certReq = crmf_copy_cert_request(poolp, srcReqMsg->certReq);
1.488 + if (newReqMsg->certReq == NULL) {
1.489 + goto loser;
1.490 + }
1.491 + newReqMsg->pop = crmf_copy_pop(poolp, srcReqMsg->pop);
1.492 + if (newReqMsg->pop == NULL) {
1.493 + goto loser;
1.494 + }
1.495 + /* None of my set/get routines operate on the regInfo field, so
1.496 + * for now, that won't get copied over.
1.497 + */
1.498 + return newReqMsg;
1.499 +
1.500 + loser:
1.501 + if (newReqMsg != NULL) {
1.502 + CRMF_DestroyCertReqMsg(newReqMsg);
1.503 + }
1.504 + return NULL;
1.505 +}
1.506 +
1.507 +CRMFCertReqMsg*
1.508 +CRMF_CertReqMessagesGetCertReqMsgAtIndex(CRMFCertReqMessages *inReqMsgs,
1.509 + int index)
1.510 +{
1.511 + int numMsgs;
1.512 +
1.513 + PORT_Assert(inReqMsgs != NULL && index >= 0);
1.514 + if (inReqMsgs == NULL) {
1.515 + return NULL;
1.516 + }
1.517 + numMsgs = CRMF_CertReqMessagesGetNumMessages(inReqMsgs);
1.518 + if (index < 0 || index >= numMsgs) {
1.519 + return NULL;
1.520 + }
1.521 + return crmf_copy_cert_req_msg(inReqMsgs->messages[index]);
1.522 +}
1.523 +
1.524 +int
1.525 +CRMF_CertReqMessagesGetNumMessages(CRMFCertReqMessages *inCertReqMsgs)
1.526 +{
1.527 + int numMessages = 0;
1.528 +
1.529 + PORT_Assert(inCertReqMsgs != NULL);
1.530 + if (inCertReqMsgs == NULL) {
1.531 + return 0;
1.532 + }
1.533 + while (inCertReqMsgs->messages[numMessages] != NULL) {
1.534 + numMessages++;
1.535 + }
1.536 + return numMessages;
1.537 +}
1.538 +
1.539 +CRMFCertRequest*
1.540 +CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg)
1.541 +{
1.542 + PLArenaPool *poolp = NULL;
1.543 + CRMFCertRequest *newCertReq = NULL;
1.544 +
1.545 + PORT_Assert(inCertReqMsg != NULL);
1.546 +
1.547 + poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
1.548 + if (poolp == NULL) {
1.549 + goto loser;
1.550 + }
1.551 + newCertReq = crmf_copy_cert_request(poolp, inCertReqMsg->certReq);
1.552 + if (newCertReq == NULL) {
1.553 + goto loser;
1.554 + }
1.555 + newCertReq->poolp = poolp;
1.556 + return newCertReq;
1.557 + loser:
1.558 + if (poolp != NULL) {
1.559 + PORT_FreeArena(poolp, PR_FALSE);
1.560 + }
1.561 + return NULL;
1.562 +}
1.563 +
1.564 +SECStatus
1.565 +CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg, long *destID)
1.566 +{
1.567 + PORT_Assert(inCertReqMsg != NULL && destID != NULL);
1.568 + if (inCertReqMsg == NULL || inCertReqMsg->certReq == NULL) {
1.569 + return SECFailure;
1.570 + }
1.571 + return crmf_extract_long_from_item(&inCertReqMsg->certReq->certReqId,
1.572 + destID);
1.573 +}
1.574 +
1.575 +SECStatus
1.576 +CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg *inCertReqMsg,
1.577 + CRMFPOPOPrivKey **destKey)
1.578 +{
1.579 + PORT_Assert(inCertReqMsg != NULL && destKey != NULL);
1.580 + if (inCertReqMsg == NULL || destKey == NULL ||
1.581 + CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyAgreement) {
1.582 + return SECFailure;
1.583 + }
1.584 + *destKey = PORT_ZNew(CRMFPOPOPrivKey);
1.585 + if (*destKey == NULL) {
1.586 + return SECFailure;
1.587 + }
1.588 + return crmf_copy_popoprivkey(NULL,
1.589 + &inCertReqMsg->pop->popChoice.keyAgreement,
1.590 + *destKey);
1.591 +}
1.592 +
1.593 +SECStatus
1.594 +CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg,
1.595 + CRMFPOPOPrivKey **destKey)
1.596 +{
1.597 + PORT_Assert(inCertReqMsg != NULL && destKey != NULL);
1.598 + if (inCertReqMsg == NULL || destKey == NULL ||
1.599 + CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyEncipherment) {
1.600 + return SECFailure;
1.601 + }
1.602 + *destKey = PORT_ZNew(CRMFPOPOPrivKey);
1.603 + if (destKey == NULL) {
1.604 + return SECFailure;
1.605 + }
1.606 + return crmf_copy_popoprivkey(NULL,
1.607 + &inCertReqMsg->pop->popChoice.keyEncipherment,
1.608 + *destKey);
1.609 +}
1.610 +
1.611 +SECStatus
1.612 +CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg,
1.613 + CRMFPOPOSigningKey **destKey)
1.614 +{
1.615 + CRMFProofOfPossession *pop;
1.616 + PORT_Assert(inCertReqMsg != NULL);
1.617 + if (inCertReqMsg == NULL) {
1.618 + return SECFailure;
1.619 + }
1.620 + pop = inCertReqMsg->pop;;
1.621 + if (pop->popUsed != crmfSignature) {
1.622 + return SECFailure;
1.623 + }
1.624 + *destKey = PORT_ZNew(CRMFPOPOSigningKey);
1.625 + if (*destKey == NULL) {
1.626 + return SECFailure;
1.627 + }
1.628 + return crmf_copy_poposigningkey(NULL,&pop->popChoice.signature, *destKey);
1.629 +}
1.630 +
1.631 +static SECStatus
1.632 +crmf_copy_name(CERTName *destName, CERTName *srcName)
1.633 +{
1.634 + PLArenaPool *poolp = NULL;
1.635 + SECStatus rv;
1.636 +
1.637 + if (destName->arena != NULL) {
1.638 + poolp = destName->arena;
1.639 + } else {
1.640 + poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
1.641 + }
1.642 + if (poolp == NULL) {
1.643 + return SECFailure;
1.644 + }
1.645 + /* Need to do this so that CERT_CopyName doesn't free out
1.646 + * the arena from underneath us.
1.647 + */
1.648 + destName->arena = NULL;
1.649 + rv = CERT_CopyName(poolp, destName, srcName);
1.650 + destName->arena = poolp;
1.651 + return rv;
1.652 +}
1.653 +
1.654 +SECStatus
1.655 +CRMF_CertRequestGetCertTemplateIssuer(CRMFCertRequest *inCertReq,
1.656 + CERTName *destIssuer)
1.657 +{
1.658 + PORT_Assert(inCertReq != NULL);
1.659 + if (inCertReq == NULL) {
1.660 + return SECFailure;
1.661 + }
1.662 + if (CRMF_DoesRequestHaveField(inCertReq, crmfIssuer)) {
1.663 + return crmf_copy_name(destIssuer,
1.664 + inCertReq->certTemplate.issuer);
1.665 + }
1.666 + return SECFailure;
1.667 +}
1.668 +
1.669 +SECStatus
1.670 +CRMF_CertRequestGetCertTemplateIssuerUID(CRMFCertRequest *inCertReq,
1.671 + SECItem *destIssuerUID)
1.672 +{
1.673 + PORT_Assert(inCertReq != NULL);
1.674 + if (inCertReq == NULL) {
1.675 + return SECFailure;
1.676 + }
1.677 + if (CRMF_DoesRequestHaveField(inCertReq, crmfIssuerUID)) {
1.678 + return crmf_make_bitstring_copy(NULL, destIssuerUID,
1.679 + &inCertReq->certTemplate.issuerUID);
1.680 + }
1.681 + return SECFailure;
1.682 +}
1.683 +
1.684 +SECStatus
1.685 +CRMF_CertRequestGetCertTemplatePublicKey(CRMFCertRequest *inCertReq,
1.686 + CERTSubjectPublicKeyInfo *destPublicKey)
1.687 +{
1.688 + PORT_Assert (inCertReq != NULL);
1.689 + if (inCertReq == NULL) {
1.690 + return SECFailure;
1.691 + }
1.692 + if (CRMF_DoesRequestHaveField(inCertReq, crmfPublicKey)) {
1.693 + return SECKEY_CopySubjectPublicKeyInfo(NULL, destPublicKey,
1.694 + inCertReq->certTemplate.publicKey);
1.695 + }
1.696 + return SECFailure;
1.697 +}
1.698 +
1.699 +SECStatus
1.700 +CRMF_CertRequestGetCertTemplateSerialNumber(CRMFCertRequest *inCertReq,
1.701 + long *serialNumber)
1.702 +{
1.703 + PORT_Assert(inCertReq != NULL);
1.704 + if (inCertReq == NULL) {
1.705 + return SECFailure;
1.706 + }
1.707 + if (CRMF_DoesRequestHaveField(inCertReq, crmfSerialNumber)) {
1.708 + return
1.709 + crmf_extract_long_from_item(&inCertReq->certTemplate.serialNumber,
1.710 + serialNumber);
1.711 + }
1.712 + return SECFailure;
1.713 +}
1.714 +
1.715 +SECStatus
1.716 +CRMF_CertRequestGetCertTemplateSigningAlg(CRMFCertRequest *inCertReq,
1.717 + SECAlgorithmID *destAlg)
1.718 +{
1.719 + PORT_Assert(inCertReq != NULL);
1.720 + if (inCertReq == NULL) {
1.721 + return SECFailure;
1.722 + }
1.723 + if (CRMF_DoesRequestHaveField(inCertReq, crmfSigningAlg)) {
1.724 + return SECOID_CopyAlgorithmID(NULL, destAlg,
1.725 + inCertReq->certTemplate.signingAlg);
1.726 + }
1.727 + return SECFailure;
1.728 +}
1.729 +
1.730 +SECStatus
1.731 +CRMF_CertRequestGetCertTemplateSubject(CRMFCertRequest *inCertReq,
1.732 + CERTName *destSubject)
1.733 +{
1.734 + PORT_Assert(inCertReq != NULL);
1.735 + if (inCertReq == NULL) {
1.736 + return SECFailure;
1.737 + }
1.738 + if (CRMF_DoesRequestHaveField(inCertReq, crmfSubject)) {
1.739 + return crmf_copy_name(destSubject, inCertReq->certTemplate.subject);
1.740 + }
1.741 + return SECFailure;
1.742 +}
1.743 +
1.744 +SECStatus
1.745 +CRMF_CertRequestGetCertTemplateSubjectUID(CRMFCertRequest *inCertReq,
1.746 + SECItem *destSubjectUID)
1.747 +{
1.748 + PORT_Assert(inCertReq != NULL);
1.749 + if (inCertReq == NULL) {
1.750 + return SECFailure;
1.751 + }
1.752 + if (CRMF_DoesRequestHaveField(inCertReq, crmfSubjectUID)) {
1.753 + return crmf_make_bitstring_copy(NULL, destSubjectUID,
1.754 + &inCertReq->certTemplate.subjectUID);
1.755 + }
1.756 + return SECFailure;
1.757 +}
1.758 +
1.759 +SECStatus
1.760 +CRMF_CertRequestGetCertTemplateVersion(CRMFCertRequest *inCertReq,
1.761 + long *version)
1.762 +{
1.763 + PORT_Assert (inCertReq != NULL);
1.764 + if (inCertReq == NULL) {
1.765 + return SECFailure;
1.766 + }
1.767 + if (CRMF_DoesRequestHaveField(inCertReq, crmfVersion)) {
1.768 + return crmf_extract_long_from_item(&inCertReq->certTemplate.version,
1.769 + version);
1.770 + }
1.771 + return SECFailure;
1.772 +}
1.773 +
1.774 +static SECStatus
1.775 +crmf_copy_validity(CRMFGetValidity *destValidity,
1.776 + CRMFOptionalValidity *src)
1.777 +{
1.778 + SECStatus rv;
1.779 +
1.780 + destValidity->notBefore = destValidity->notAfter = NULL;
1.781 + if (src->notBefore.data != NULL) {
1.782 + rv = crmf_create_prtime(&src->notBefore,
1.783 + &destValidity->notBefore);
1.784 + if (rv != SECSuccess) {
1.785 + return rv;
1.786 + }
1.787 + }
1.788 + if (src->notAfter.data != NULL) {
1.789 + rv = crmf_create_prtime(&src->notAfter,
1.790 + &destValidity->notAfter);
1.791 + if (rv != SECSuccess) {
1.792 + return rv;
1.793 + }
1.794 + }
1.795 + return SECSuccess;
1.796 +}
1.797 +
1.798 +SECStatus
1.799 +CRMF_CertRequestGetCertTemplateValidity(CRMFCertRequest *inCertReq,
1.800 + CRMFGetValidity *destValidity)
1.801 +{
1.802 + PORT_Assert(inCertReq != NULL);
1.803 + if (inCertReq == NULL) {
1.804 + return SECFailure;
1.805 + }
1.806 + if (CRMF_DoesRequestHaveField(inCertReq, crmfValidity)) {
1.807 + return crmf_copy_validity(destValidity,
1.808 + inCertReq->certTemplate.validity);
1.809 + }
1.810 + return SECFailure;
1.811 +}
1.812 +
1.813 +CRMFControl*
1.814 +CRMF_CertRequestGetControlAtIndex(CRMFCertRequest *inCertReq, int index)
1.815 +{
1.816 + CRMFControl *newControl, *srcControl;
1.817 + int numControls;
1.818 + SECStatus rv;
1.819 +
1.820 + PORT_Assert(inCertReq != NULL);
1.821 + if (inCertReq == NULL) {
1.822 + return NULL;
1.823 + }
1.824 + numControls = CRMF_CertRequestGetNumControls(inCertReq);
1.825 + if (index >= numControls || index < 0) {
1.826 + return NULL;
1.827 + }
1.828 + newControl = PORT_ZNew(CRMFControl);
1.829 + if (newControl == NULL) {
1.830 + return NULL;
1.831 + }
1.832 + srcControl = inCertReq->controls[index];
1.833 + newControl->tag = srcControl->tag;
1.834 + rv = SECITEM_CopyItem (NULL, &newControl->derTag, &srcControl->derTag);
1.835 + if (rv != SECSuccess) {
1.836 + goto loser;
1.837 + }
1.838 +
1.839 + rv = SECITEM_CopyItem(NULL, &newControl->derValue,
1.840 + &srcControl->derValue);
1.841 + if (rv != SECSuccess) {
1.842 + goto loser;
1.843 + }
1.844 + /* Copy over the PKIArchiveOptions stuff */
1.845 + switch (srcControl->tag) {
1.846 + case SEC_OID_PKIX_REGCTRL_REGTOKEN:
1.847 + case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
1.848 + /* No further processing necessary for these types. */
1.849 + rv = SECSuccess;
1.850 + break;
1.851 + case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
1.852 + case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
1.853 + case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
1.854 + /* These aren't supported yet, so no post-processing will
1.855 + * be done at this time. But we don't want to fail in case
1.856 + * we read in DER that has one of these options.
1.857 + */
1.858 + rv = SECSuccess;
1.859 + break;
1.860 + case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
1.861 + rv = crmf_copy_pkiarchiveoptions(NULL,
1.862 + &newControl->value.archiveOptions,
1.863 + &srcControl->value.archiveOptions);
1.864 + break;
1.865 + default:
1.866 + rv = SECFailure;
1.867 + }
1.868 + if (rv != SECSuccess) {
1.869 + goto loser;
1.870 + }
1.871 + return newControl;
1.872 + loser:
1.873 + if (newControl != NULL) {
1.874 + CRMF_DestroyControl(newControl);
1.875 + }
1.876 + return NULL;
1.877 +}
1.878 +
1.879 +static SECItem*
1.880 +crmf_copy_control_value(CRMFControl *inControl)
1.881 +{
1.882 + return SECITEM_DupItem(&inControl->derValue);
1.883 +}
1.884 +
1.885 +SECItem*
1.886 +CRMF_ControlGetAuthenticatorControlValue(CRMFControl *inControl)
1.887 +{
1.888 + PORT_Assert (inControl!= NULL);
1.889 + if (inControl == NULL ||
1.890 + CRMF_ControlGetControlType(inControl) != crmfAuthenticatorControl) {
1.891 + return NULL;
1.892 + }
1.893 + return crmf_copy_control_value(inControl);
1.894 +}
1.895 +
1.896 +CRMFControlType
1.897 +CRMF_ControlGetControlType(CRMFControl *inControl)
1.898 +{
1.899 + CRMFControlType retType;
1.900 +
1.901 + PORT_Assert(inControl != NULL);
1.902 + switch (inControl->tag) {
1.903 + case SEC_OID_PKIX_REGCTRL_REGTOKEN:
1.904 + retType = crmfRegTokenControl;
1.905 + break;
1.906 + case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
1.907 + retType = crmfAuthenticatorControl;
1.908 + break;
1.909 + case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
1.910 + retType = crmfPKIPublicationInfoControl;
1.911 + break;
1.912 + case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
1.913 + retType = crmfPKIArchiveOptionsControl;
1.914 + break;
1.915 + case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
1.916 + retType = crmfOldCertIDControl;
1.917 + break;
1.918 + case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
1.919 + retType = crmfProtocolEncrKeyControl;
1.920 + break;
1.921 + default:
1.922 + retType = crmfNoControl;
1.923 + }
1.924 + return retType;
1.925 +}
1.926 +
1.927 +CRMFPKIArchiveOptions*
1.928 +CRMF_ControlGetPKIArchiveOptions(CRMFControl *inControl)
1.929 +{
1.930 + CRMFPKIArchiveOptions *newOpt = NULL;
1.931 + SECStatus rv;
1.932 +
1.933 + PORT_Assert(inControl != NULL);
1.934 + if (inControl == NULL ||
1.935 + CRMF_ControlGetControlType(inControl) != crmfPKIArchiveOptionsControl){
1.936 + goto loser;
1.937 + }
1.938 + newOpt = PORT_ZNew(CRMFPKIArchiveOptions);
1.939 + if (newOpt == NULL) {
1.940 + goto loser;
1.941 + }
1.942 + rv = crmf_copy_pkiarchiveoptions(NULL, newOpt,
1.943 + &inControl->value.archiveOptions);
1.944 + if (rv != SECSuccess) {
1.945 + goto loser;
1.946 + }
1.947 +
1.948 + loser:
1.949 + if (newOpt != NULL) {
1.950 + CRMF_DestroyPKIArchiveOptions(newOpt);
1.951 + }
1.952 + return NULL;
1.953 +}
1.954 +
1.955 +SECItem*
1.956 +CRMF_ControlGetRegTokenControlValue(CRMFControl *inControl)
1.957 +{
1.958 + PORT_Assert(inControl != NULL);
1.959 + if (inControl == NULL ||
1.960 + CRMF_ControlGetControlType(inControl) != crmfRegTokenControl) {
1.961 + return NULL;
1.962 + }
1.963 + return crmf_copy_control_value(inControl);;
1.964 +}
1.965 +
1.966 +CRMFCertExtension*
1.967 +CRMF_CertRequestGetExtensionAtIndex(CRMFCertRequest *inCertReq,
1.968 + int index)
1.969 +{
1.970 + int numExtensions;
1.971 +
1.972 + PORT_Assert(inCertReq != NULL);
1.973 + numExtensions = CRMF_CertRequestGetNumberOfExtensions(inCertReq);
1.974 + if (index >= numExtensions || index < 0) {
1.975 + return NULL;
1.976 + }
1.977 + return
1.978 + crmf_copy_cert_extension(NULL,
1.979 + inCertReq->certTemplate.extensions[index]);
1.980 +}
1.981 +
