security/nss/lib/certdb/xauthkid.c@b8a032363ba2
security/nss/lib/certdb/xauthkid.c
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 /*
6 * X.509 v3 Subject Key Usage Extension
7 *
8 */
10 #include "prtypes.h"
11 #include "seccomon.h"
12 #include "secdert.h"
13 #include "secoidt.h"
14 #include "secasn1t.h"
15 #include "secasn1.h"
16 #include "secport.h"
17 #include "certt.h"
18 #include "genname.h"
19 #include "secerr.h"
21 SEC_ASN1_MKSUB(SEC_IntegerTemplate)
22 SEC_ASN1_MKSUB(SEC_OctetStringTemplate)
24 const SEC_ASN1Template CERTAuthKeyIDTemplate[] = {
25 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAuthKeyID) },
26 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
27 offsetof(CERTAuthKeyID,keyID), SEC_ASN1_SUB(SEC_OctetStringTemplate)},
28 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
29 offsetof(CERTAuthKeyID, DERAuthCertIssuer), CERT_GeneralNamesTemplate},
30 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
31 offsetof(CERTAuthKeyID,authCertSerialNumber),
32 SEC_ASN1_SUB(SEC_IntegerTemplate) },
33 { 0 }
34 };
38 SECStatus CERT_EncodeAuthKeyID (PLArenaPool *arena, CERTAuthKeyID *value, SECItem *encodedValue)
39 {
40 SECStatus rv = SECFailure;
42 PORT_Assert (value);
43 PORT_Assert (arena);
44 PORT_Assert (value->DERAuthCertIssuer == NULL);
45 PORT_Assert (encodedValue);
47 do {
49 /* If both of the authCertIssuer and the serial number exist, encode
50 the name first. Otherwise, it is an error if one exist and the other
51 is not.
52 */
53 if (value->authCertIssuer) {
54 if (!value->authCertSerialNumber.data) {
55 PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
56 break;
57 }
59 value->DERAuthCertIssuer = cert_EncodeGeneralNames
60 (arena, value->authCertIssuer);
61 if (!value->DERAuthCertIssuer) {
62 PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
63 break;
64 }
65 }
66 else if (value->authCertSerialNumber.data) {
67 PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
68 break;
69 }
71 if (SEC_ASN1EncodeItem (arena, encodedValue, value,
72 CERTAuthKeyIDTemplate) == NULL)
73 break;
74 rv = SECSuccess;
76 } while (0);
77 return(rv);
78 }
80 CERTAuthKeyID *
81 CERT_DecodeAuthKeyID (PLArenaPool *arena, const SECItem *encodedValue)
82 {
83 CERTAuthKeyID * value = NULL;
84 SECStatus rv = SECFailure;
85 void * mark;
86 SECItem newEncodedValue;
88 PORT_Assert (arena);
90 do {
91 mark = PORT_ArenaMark (arena);
92 value = (CERTAuthKeyID*)PORT_ArenaZAlloc (arena, sizeof (*value));
93 if (value == NULL)
94 break;
95 value->DERAuthCertIssuer = NULL;
96 /* copy the DER into the arena, since Quick DER returns data that points
97 into the DER input, which may get freed by the caller */
98 rv = SECITEM_CopyItem(arena, &newEncodedValue, encodedValue);
99 if ( rv != SECSuccess ) {
100 break;
101 }
103 rv = SEC_QuickDERDecodeItem
104 (arena, value, CERTAuthKeyIDTemplate, &newEncodedValue);
105 if (rv != SECSuccess)
106 break;
108 value->authCertIssuer = cert_DecodeGeneralNames (arena, value->DERAuthCertIssuer);
109 if (value->authCertIssuer == NULL)
110 break;
112 /* what if the general name contains other format but not URI ?
113 hl
114 */
115 if ((value->authCertSerialNumber.data && !value->authCertIssuer) ||
116 (!value->authCertSerialNumber.data && value->authCertIssuer)){
117 PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID);
118 break;
119 }
120 } while (0);
122 if (rv != SECSuccess) {
123 PORT_ArenaRelease (arena, mark);
124 return ((CERTAuthKeyID *)NULL);
125 }
126 PORT_ArenaUnmark(arena, mark);
127 return (value);
128 }
