michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #include "cert.h" michael@0: #include "secoid.h" michael@0: #include "secder.h" /* XXX remove this when remove the DERTemplates */ michael@0: #include "secasn1.h" michael@0: #include "secitem.h" michael@0: #include michael@0: #include "secerr.h" michael@0: #include "certi.h" michael@0: michael@0: static const SEC_ASN1Template cert_AVATemplate[] = { michael@0: { SEC_ASN1_SEQUENCE, michael@0: 0, NULL, sizeof(CERTAVA) }, michael@0: { SEC_ASN1_OBJECT_ID, michael@0: offsetof(CERTAVA,type), }, michael@0: { SEC_ASN1_ANY, michael@0: offsetof(CERTAVA,value), }, michael@0: { 0, } michael@0: }; michael@0: michael@0: const SEC_ASN1Template CERT_RDNTemplate[] = { michael@0: { SEC_ASN1_SET_OF, michael@0: offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) } michael@0: }; michael@0: michael@0: michael@0: static int michael@0: CountArray(void **array) michael@0: { michael@0: int count = 0; michael@0: if (array) { michael@0: while (*array++) { michael@0: count++; michael@0: } michael@0: } michael@0: return count; michael@0: } michael@0: michael@0: static void ** michael@0: AddToArray(PLArenaPool *arena, void **array, void *element) michael@0: { michael@0: unsigned count; michael@0: void **ap; michael@0: michael@0: /* Count up number of slots already in use in the array */ michael@0: count = 0; michael@0: ap = array; michael@0: if (ap) { michael@0: while (*ap++) { michael@0: count++; michael@0: } michael@0: } michael@0: michael@0: if (array) { michael@0: array = (void**) PORT_ArenaGrow(arena, array, michael@0: (count + 1) * sizeof(void *), michael@0: (count + 2) * sizeof(void *)); michael@0: } else { michael@0: array = (void**) PORT_ArenaAlloc(arena, (count + 2) * sizeof(void *)); michael@0: } michael@0: if (array) { michael@0: array[count] = element; michael@0: array[count+1] = 0; michael@0: } michael@0: return array; michael@0: } michael@0: michael@0: michael@0: SECOidTag michael@0: CERT_GetAVATag(CERTAVA *ava) michael@0: { michael@0: SECOidData *oid; michael@0: if (!ava->type.data) return (SECOidTag)-1; michael@0: michael@0: oid = SECOID_FindOID(&ava->type); michael@0: michael@0: if ( oid ) { michael@0: return(oid->offset); michael@0: } michael@0: return (SECOidTag)-1; michael@0: } michael@0: michael@0: static SECStatus michael@0: SetupAVAType(PLArenaPool *arena, SECOidTag type, SECItem *it, unsigned *maxLenp) michael@0: { michael@0: unsigned char *oid; michael@0: unsigned oidLen; michael@0: unsigned char *cp; michael@0: int maxLen; michael@0: SECOidData *oidrec; michael@0: michael@0: oidrec = SECOID_FindOIDByTag(type); michael@0: if (oidrec == NULL) michael@0: return SECFailure; michael@0: michael@0: oid = oidrec->oid.data; michael@0: oidLen = oidrec->oid.len; michael@0: michael@0: maxLen = cert_AVAOidTagToMaxLen(type); michael@0: if (maxLen < 0) { michael@0: PORT_SetError(SEC_ERROR_INVALID_ARGS); michael@0: return SECFailure; michael@0: } michael@0: michael@0: it->data = cp = (unsigned char*) PORT_ArenaAlloc(arena, oidLen); michael@0: if (cp == NULL) { michael@0: return SECFailure; michael@0: } michael@0: it->len = oidLen; michael@0: PORT_Memcpy(cp, oid, oidLen); michael@0: *maxLenp = (unsigned)maxLen; michael@0: return SECSuccess; michael@0: } michael@0: michael@0: static SECStatus michael@0: SetupAVAValue(PLArenaPool *arena, int valueType, const SECItem *in, michael@0: SECItem *out, unsigned maxLen) michael@0: { michael@0: PRUint8 *value, *cp, *ucs4Val; michael@0: unsigned valueLen, valueLenLen, total; michael@0: unsigned ucs4Len = 0, ucs4MaxLen; michael@0: michael@0: value = in->data; michael@0: valueLen = in->len; michael@0: switch (valueType) { michael@0: case SEC_ASN1_PRINTABLE_STRING: michael@0: case SEC_ASN1_IA5_STRING: michael@0: case SEC_ASN1_T61_STRING: michael@0: case SEC_ASN1_UTF8_STRING: /* no conversion required */ michael@0: break; michael@0: case SEC_ASN1_UNIVERSAL_STRING: michael@0: ucs4MaxLen = valueLen * 6; michael@0: ucs4Val = (PRUint8 *)PORT_ArenaZAlloc(arena, ucs4MaxLen); michael@0: if(!ucs4Val || !PORT_UCS4_UTF8Conversion(PR_TRUE, value, valueLen, michael@0: ucs4Val, ucs4MaxLen, &ucs4Len)) { michael@0: PORT_SetError(SEC_ERROR_INVALID_ARGS); michael@0: return SECFailure; michael@0: } michael@0: value = ucs4Val; michael@0: valueLen = ucs4Len; michael@0: maxLen *= 4; michael@0: break; michael@0: default: michael@0: PORT_SetError(SEC_ERROR_INVALID_ARGS); michael@0: return SECFailure; michael@0: } michael@0: michael@0: if (valueLen > maxLen) { michael@0: PORT_SetError(SEC_ERROR_INVALID_ARGS); michael@0: return SECFailure; michael@0: } michael@0: michael@0: valueLenLen = DER_LengthLength(valueLen); michael@0: total = 1 + valueLenLen + valueLen; michael@0: cp = (PRUint8*)PORT_ArenaAlloc(arena, total); michael@0: if (!cp) { michael@0: return SECFailure; michael@0: } michael@0: out->data = cp; michael@0: out->len = total; michael@0: cp = (PRUint8 *)DER_StoreHeader(cp, valueType, valueLen); michael@0: PORT_Memcpy(cp, value, valueLen); michael@0: return SECSuccess; michael@0: } michael@0: michael@0: CERTAVA * michael@0: CERT_CreateAVAFromRaw(PLArenaPool *pool, const SECItem * OID, michael@0: const SECItem * value) michael@0: { michael@0: CERTAVA *ava; michael@0: int rv; michael@0: michael@0: ava = PORT_ArenaZNew(pool, CERTAVA); michael@0: if (ava) { michael@0: rv = SECITEM_CopyItem(pool, &ava->type, OID); michael@0: if (rv) michael@0: return NULL; michael@0: michael@0: rv = SECITEM_CopyItem(pool, &ava->value, value); michael@0: if (rv) michael@0: return NULL; michael@0: } michael@0: return ava; michael@0: } michael@0: michael@0: CERTAVA * michael@0: CERT_CreateAVAFromSECItem(PLArenaPool *arena, SECOidTag kind, int valueType, michael@0: SECItem *value) michael@0: { michael@0: CERTAVA *ava; michael@0: int rv; michael@0: unsigned maxLen; michael@0: michael@0: ava = (CERTAVA*) PORT_ArenaZAlloc(arena, sizeof(CERTAVA)); michael@0: if (ava) { michael@0: rv = SetupAVAType(arena, kind, &ava->type, &maxLen); michael@0: if (rv) { michael@0: /* Illegal AVA type */ michael@0: return NULL; michael@0: } michael@0: rv = SetupAVAValue(arena, valueType, value, &ava->value, maxLen); michael@0: if (rv) { michael@0: /* Illegal value type */ michael@0: return NULL; michael@0: } michael@0: } michael@0: return ava; michael@0: } michael@0: michael@0: CERTAVA * michael@0: CERT_CreateAVA(PLArenaPool *arena, SECOidTag kind, int valueType, char *value) michael@0: { michael@0: SECItem item = { siBuffer, NULL, 0 }; michael@0: michael@0: item.data = (PRUint8 *)value; michael@0: item.len = PORT_Strlen(value); michael@0: michael@0: return CERT_CreateAVAFromSECItem(arena, kind, valueType, &item); michael@0: } michael@0: michael@0: CERTAVA * michael@0: CERT_CopyAVA(PLArenaPool *arena, CERTAVA *from) michael@0: { michael@0: CERTAVA *ava; michael@0: int rv; michael@0: michael@0: ava = (CERTAVA*) PORT_ArenaZAlloc(arena, sizeof(CERTAVA)); michael@0: if (ava) { michael@0: rv = SECITEM_CopyItem(arena, &ava->type, &from->type); michael@0: if (rv) goto loser; michael@0: rv = SECITEM_CopyItem(arena, &ava->value, &from->value); michael@0: if (rv) goto loser; michael@0: } michael@0: return ava; michael@0: michael@0: loser: michael@0: return 0; michael@0: } michael@0: michael@0: /************************************************************************/ michael@0: /* XXX This template needs to go away in favor of the new SEC_ASN1 version. */ michael@0: static const SEC_ASN1Template cert_RDNTemplate[] = { michael@0: { SEC_ASN1_SET_OF, michael@0: offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) } michael@0: }; michael@0: michael@0: michael@0: CERTRDN * michael@0: CERT_CreateRDN(PLArenaPool *arena, CERTAVA *ava0, ...) michael@0: { michael@0: CERTAVA *ava; michael@0: CERTRDN *rdn; michael@0: va_list ap; michael@0: unsigned count; michael@0: CERTAVA **avap; michael@0: michael@0: rdn = (CERTRDN*) PORT_ArenaAlloc(arena, sizeof(CERTRDN)); michael@0: if (rdn) { michael@0: /* Count number of avas going into the rdn */ michael@0: count = 0; michael@0: if (ava0) { michael@0: count++; michael@0: va_start(ap, ava0); michael@0: while ((ava = va_arg(ap, CERTAVA*)) != 0) { michael@0: count++; michael@0: } michael@0: va_end(ap); michael@0: } michael@0: michael@0: /* Now fill in the pointers */ michael@0: rdn->avas = avap = michael@0: (CERTAVA**) PORT_ArenaAlloc( arena, (count + 1)*sizeof(CERTAVA*)); michael@0: if (!avap) { michael@0: return 0; michael@0: } michael@0: if (ava0) { michael@0: *avap++ = ava0; michael@0: va_start(ap, ava0); michael@0: while ((ava = va_arg(ap, CERTAVA*)) != 0) { michael@0: *avap++ = ava; michael@0: } michael@0: va_end(ap); michael@0: } michael@0: *avap++ = 0; michael@0: } michael@0: return rdn; michael@0: } michael@0: michael@0: SECStatus michael@0: CERT_AddAVA(PLArenaPool *arena, CERTRDN *rdn, CERTAVA *ava) michael@0: { michael@0: rdn->avas = (CERTAVA**) AddToArray(arena, (void**) rdn->avas, ava); michael@0: return rdn->avas ? SECSuccess : SECFailure; michael@0: } michael@0: michael@0: SECStatus michael@0: CERT_CopyRDN(PLArenaPool *arena, CERTRDN *to, CERTRDN *from) michael@0: { michael@0: CERTAVA **avas, *fava, *tava; michael@0: SECStatus rv = SECSuccess; michael@0: michael@0: /* Copy each ava from from */ michael@0: avas = from->avas; michael@0: if (avas) { michael@0: if (avas[0] == NULL) { michael@0: rv = CERT_AddAVA(arena, to, NULL); michael@0: return rv; michael@0: } michael@0: while ((fava = *avas++) != 0) { michael@0: tava = CERT_CopyAVA(arena, fava); michael@0: if (!tava) { michael@0: rv = SECFailure; michael@0: break; michael@0: } michael@0: rv = CERT_AddAVA(arena, to, tava); michael@0: if (rv != SECSuccess) michael@0: break; michael@0: } michael@0: } michael@0: return rv; michael@0: } michael@0: michael@0: /************************************************************************/ michael@0: michael@0: const SEC_ASN1Template CERT_NameTemplate[] = { michael@0: { SEC_ASN1_SEQUENCE_OF, michael@0: offsetof(CERTName,rdns), CERT_RDNTemplate, sizeof(CERTName) } michael@0: }; michael@0: michael@0: SEC_ASN1_CHOOSER_IMPLEMENT(CERT_NameTemplate) michael@0: michael@0: CERTName * michael@0: CERT_CreateName(CERTRDN *rdn0, ...) michael@0: { michael@0: CERTRDN *rdn; michael@0: CERTName *name; michael@0: va_list ap; michael@0: unsigned count; michael@0: CERTRDN **rdnp; michael@0: PLArenaPool *arena; michael@0: michael@0: arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); michael@0: if ( !arena ) { michael@0: return(0); michael@0: } michael@0: michael@0: name = (CERTName*) PORT_ArenaAlloc(arena, sizeof(CERTName)); michael@0: if (name) { michael@0: name->arena = arena; michael@0: michael@0: /* Count number of RDNs going into the Name */ michael@0: if (!rdn0) { michael@0: count = 0; michael@0: } else { michael@0: count = 1; michael@0: va_start(ap, rdn0); michael@0: while ((rdn = va_arg(ap, CERTRDN*)) != 0) { michael@0: count++; michael@0: } michael@0: va_end(ap); michael@0: } michael@0: michael@0: /* Allocate space (including space for terminal null ptr) */ michael@0: name->rdns = rdnp = michael@0: (CERTRDN**) PORT_ArenaAlloc(arena, (count + 1) * sizeof(CERTRDN*)); michael@0: if (!name->rdns) { michael@0: goto loser; michael@0: } michael@0: michael@0: /* Now fill in the pointers */ michael@0: if (count > 0) { michael@0: *rdnp++ = rdn0; michael@0: va_start(ap, rdn0); michael@0: while ((rdn = va_arg(ap, CERTRDN*)) != 0) { michael@0: *rdnp++ = rdn; michael@0: } michael@0: va_end(ap); michael@0: } michael@0: michael@0: /* null terminate the list */ michael@0: *rdnp++ = 0; michael@0: } michael@0: return name; michael@0: michael@0: loser: michael@0: PORT_FreeArena(arena, PR_FALSE); michael@0: return(0); michael@0: } michael@0: michael@0: void michael@0: CERT_DestroyName(CERTName *name) michael@0: { michael@0: if (name) michael@0: { michael@0: PLArenaPool *arena = name->arena; michael@0: name->rdns = NULL; michael@0: name->arena = NULL; michael@0: if (arena) PORT_FreeArena(arena, PR_FALSE); michael@0: } michael@0: } michael@0: michael@0: SECStatus michael@0: CERT_AddRDN(CERTName *name, CERTRDN *rdn) michael@0: { michael@0: name->rdns = (CERTRDN**) AddToArray(name->arena, (void**) name->rdns, rdn); michael@0: return name->rdns ? SECSuccess : SECFailure; michael@0: } michael@0: michael@0: SECStatus michael@0: CERT_CopyName(PLArenaPool *arena, CERTName *to, const CERTName *from) michael@0: { michael@0: CERTRDN **rdns, *frdn, *trdn; michael@0: SECStatus rv = SECSuccess; michael@0: michael@0: if (!to || !from) { michael@0: PORT_SetError(SEC_ERROR_INVALID_ARGS); michael@0: return SECFailure; michael@0: } michael@0: michael@0: CERT_DestroyName(to); michael@0: to->arena = arena; michael@0: michael@0: /* Copy each rdn from from */ michael@0: rdns = from->rdns; michael@0: if (rdns) { michael@0: if (rdns[0] == NULL) { michael@0: rv = CERT_AddRDN(to, NULL); michael@0: return rv; michael@0: } michael@0: while ((frdn = *rdns++) != NULL) { michael@0: trdn = CERT_CreateRDN(arena, NULL); michael@0: if (!trdn) { michael@0: rv = SECFailure; michael@0: break; michael@0: } michael@0: rv = CERT_CopyRDN(arena, trdn, frdn); michael@0: if (rv != SECSuccess) michael@0: break; michael@0: rv = CERT_AddRDN(to, trdn); michael@0: if (rv != SECSuccess) michael@0: break; michael@0: } michael@0: } michael@0: return rv; michael@0: } michael@0: michael@0: /************************************************************************/ michael@0: michael@0: static void michael@0: canonicalize(SECItem * foo) michael@0: { michael@0: int ch, lastch, len, src, dest; michael@0: michael@0: /* strip trailing whitespace. */ michael@0: len = foo->len; michael@0: while (len > 0 && ((ch = foo->data[len - 1]) == ' ' || michael@0: ch == '\t' || ch == '\r' || ch == '\n')) { michael@0: len--; michael@0: } michael@0: michael@0: src = 0; michael@0: /* strip leading whitespace. */ michael@0: while (src < len && ((ch = foo->data[src]) == ' ' || michael@0: ch == '\t' || ch == '\r' || ch == '\n')) { michael@0: src++; michael@0: } michael@0: dest = 0; lastch = ' '; michael@0: while (src < len) { michael@0: ch = foo->data[src++]; michael@0: if (ch == ' ' || ch == '\t' || ch == '\r' || ch == '\n') { michael@0: ch = ' '; michael@0: if (ch == lastch) michael@0: continue; michael@0: } else if (ch >= 'A' && ch <= 'Z') { michael@0: ch |= 0x20; /* downshift */ michael@0: } michael@0: foo->data[dest++] = lastch = ch; michael@0: } michael@0: foo->len = dest; michael@0: } michael@0: michael@0: /* SECItems a and b contain DER-encoded printable strings. */ michael@0: SECComparison michael@0: CERT_CompareDERPrintableStrings(const SECItem *a, const SECItem *b) michael@0: { michael@0: SECComparison rv = SECLessThan; michael@0: SECItem * aVal = CERT_DecodeAVAValue(a); michael@0: SECItem * bVal = CERT_DecodeAVAValue(b); michael@0: michael@0: if (aVal && aVal->len && aVal->data && michael@0: bVal && bVal->len && bVal->data) { michael@0: canonicalize(aVal); michael@0: canonicalize(bVal); michael@0: rv = SECITEM_CompareItem(aVal, bVal); michael@0: } michael@0: SECITEM_FreeItem(aVal, PR_TRUE); michael@0: SECITEM_FreeItem(bVal, PR_TRUE); michael@0: return rv; michael@0: } michael@0: michael@0: SECComparison michael@0: CERT_CompareAVA(const CERTAVA *a, const CERTAVA *b) michael@0: { michael@0: SECComparison rv; michael@0: michael@0: rv = SECITEM_CompareItem(&a->type, &b->type); michael@0: if (SECEqual != rv) michael@0: return rv; /* Attribute types don't match. */ michael@0: /* Let's be optimistic. Maybe the values will just compare equal. */ michael@0: rv = SECITEM_CompareItem(&a->value, &b->value); michael@0: if (SECEqual == rv) michael@0: return rv; /* values compared exactly. */ michael@0: if (a->value.len && a->value.data && b->value.len && b->value.data) { michael@0: /* Here, the values did not match. michael@0: ** If the values had different encodings, convert them to the same michael@0: ** encoding and compare that way. michael@0: */ michael@0: if (a->value.data[0] != b->value.data[0]) { michael@0: /* encodings differ. Convert both to UTF-8 and compare. */ michael@0: SECItem * aVal = CERT_DecodeAVAValue(&a->value); michael@0: SECItem * bVal = CERT_DecodeAVAValue(&b->value); michael@0: if (aVal && aVal->len && aVal->data && michael@0: bVal && bVal->len && bVal->data) { michael@0: rv = SECITEM_CompareItem(aVal, bVal); michael@0: } michael@0: SECITEM_FreeItem(aVal, PR_TRUE); michael@0: SECITEM_FreeItem(bVal, PR_TRUE); michael@0: } else if (a->value.data[0] == 0x13) { /* both are printable strings. */ michael@0: /* printable strings */ michael@0: rv = CERT_CompareDERPrintableStrings(&a->value, &b->value); michael@0: } michael@0: } michael@0: return rv; michael@0: } michael@0: michael@0: SECComparison michael@0: CERT_CompareRDN(const CERTRDN *a, const CERTRDN *b) michael@0: { michael@0: CERTAVA **aavas, *aava; michael@0: CERTAVA **bavas, *bava; michael@0: int ac, bc; michael@0: SECComparison rv = SECEqual; michael@0: michael@0: aavas = a->avas; michael@0: bavas = b->avas; michael@0: michael@0: /* michael@0: ** Make sure array of ava's are the same length. If not, then we are michael@0: ** not equal michael@0: */ michael@0: ac = CountArray((void**) aavas); michael@0: bc = CountArray((void**) bavas); michael@0: if (ac < bc) return SECLessThan; michael@0: if (ac > bc) return SECGreaterThan; michael@0: michael@0: while (NULL != (aava = *aavas++)) { michael@0: for (bavas = b->avas; NULL != (bava = *bavas++); ) { michael@0: rv = SECITEM_CompareItem(&aava->type, &bava->type); michael@0: if (SECEqual == rv) { michael@0: rv = CERT_CompareAVA(aava, bava); michael@0: if (SECEqual != rv) michael@0: return rv; michael@0: break; michael@0: } michael@0: } michael@0: if (!bava) /* didn't find a match */ michael@0: return SECGreaterThan; michael@0: } michael@0: return rv; michael@0: } michael@0: michael@0: SECComparison michael@0: CERT_CompareName(const CERTName *a, const CERTName *b) michael@0: { michael@0: CERTRDN **ardns, *ardn; michael@0: CERTRDN **brdns, *brdn; michael@0: int ac, bc; michael@0: SECComparison rv = SECEqual; michael@0: michael@0: ardns = a->rdns; michael@0: brdns = b->rdns; michael@0: michael@0: /* michael@0: ** Make sure array of rdn's are the same length. If not, then we are michael@0: ** not equal michael@0: */ michael@0: ac = CountArray((void**) ardns); michael@0: bc = CountArray((void**) brdns); michael@0: if (ac < bc) return SECLessThan; michael@0: if (ac > bc) return SECGreaterThan; michael@0: michael@0: for (;;) { michael@0: ardn = *ardns++; michael@0: brdn = *brdns++; michael@0: if (!ardn) { michael@0: break; michael@0: } michael@0: rv = CERT_CompareRDN(ardn, brdn); michael@0: if (rv) return rv; michael@0: } michael@0: return rv; michael@0: } michael@0: michael@0: /* Moved from certhtml.c */ michael@0: SECItem * michael@0: CERT_DecodeAVAValue(const SECItem *derAVAValue) michael@0: { michael@0: SECItem *retItem; michael@0: const SEC_ASN1Template *theTemplate = NULL; michael@0: enum { conv_none, conv_ucs4, conv_ucs2, conv_iso88591 } convert = conv_none; michael@0: SECItem avaValue = {siBuffer, 0}; michael@0: PLArenaPool *newarena = NULL; michael@0: michael@0: if (!derAVAValue || !derAVAValue->len || !derAVAValue->data) { michael@0: PORT_SetError(SEC_ERROR_INVALID_ARGS); michael@0: return NULL; michael@0: } michael@0: michael@0: switch(derAVAValue->data[0]) { michael@0: case SEC_ASN1_UNIVERSAL_STRING: michael@0: convert = conv_ucs4; michael@0: theTemplate = SEC_ASN1_GET(SEC_UniversalStringTemplate); michael@0: break; michael@0: case SEC_ASN1_IA5_STRING: michael@0: theTemplate = SEC_ASN1_GET(SEC_IA5StringTemplate); michael@0: break; michael@0: case SEC_ASN1_PRINTABLE_STRING: michael@0: theTemplate = SEC_ASN1_GET(SEC_PrintableStringTemplate); michael@0: break; michael@0: case SEC_ASN1_T61_STRING: michael@0: /* michael@0: * Per common practice, we're not decoding actual T.61, but instead michael@0: * treating T61-labeled strings as containing ISO-8859-1. michael@0: */ michael@0: convert = conv_iso88591; michael@0: theTemplate = SEC_ASN1_GET(SEC_T61StringTemplate); michael@0: break; michael@0: case SEC_ASN1_BMP_STRING: michael@0: convert = conv_ucs2; michael@0: theTemplate = SEC_ASN1_GET(SEC_BMPStringTemplate); michael@0: break; michael@0: case SEC_ASN1_UTF8_STRING: michael@0: /* No conversion needed ! */ michael@0: theTemplate = SEC_ASN1_GET(SEC_UTF8StringTemplate); michael@0: break; michael@0: default: michael@0: PORT_SetError(SEC_ERROR_INVALID_AVA); michael@0: return NULL; michael@0: } michael@0: michael@0: PORT_Memset(&avaValue, 0, sizeof(SECItem)); michael@0: newarena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); michael@0: if (!newarena) { michael@0: return NULL; michael@0: } michael@0: if(SEC_QuickDERDecodeItem(newarena, &avaValue, theTemplate, derAVAValue) michael@0: != SECSuccess) { michael@0: PORT_FreeArena(newarena, PR_FALSE); michael@0: return NULL; michael@0: } michael@0: michael@0: if (convert != conv_none) { michael@0: unsigned int utf8ValLen = avaValue.len * 3; michael@0: unsigned char *utf8Val = (unsigned char*) michael@0: PORT_ArenaZAlloc(newarena, utf8ValLen); michael@0: michael@0: switch (convert) { michael@0: case conv_ucs4: michael@0: if(avaValue.len % 4 != 0 || michael@0: !PORT_UCS4_UTF8Conversion(PR_FALSE, avaValue.data, avaValue.len, michael@0: utf8Val, utf8ValLen, &utf8ValLen)) { michael@0: PORT_FreeArena(newarena, PR_FALSE); michael@0: PORT_SetError(SEC_ERROR_INVALID_AVA); michael@0: return NULL; michael@0: } michael@0: break; michael@0: case conv_ucs2: michael@0: if(avaValue.len % 2 != 0 || michael@0: !PORT_UCS2_UTF8Conversion(PR_FALSE, avaValue.data, avaValue.len, michael@0: utf8Val, utf8ValLen, &utf8ValLen)) { michael@0: PORT_FreeArena(newarena, PR_FALSE); michael@0: PORT_SetError(SEC_ERROR_INVALID_AVA); michael@0: return NULL; michael@0: } michael@0: break; michael@0: case conv_iso88591: michael@0: if(!PORT_ISO88591_UTF8Conversion(avaValue.data, avaValue.len, michael@0: utf8Val, utf8ValLen, &utf8ValLen)) { michael@0: PORT_FreeArena(newarena, PR_FALSE); michael@0: PORT_SetError(SEC_ERROR_INVALID_AVA); michael@0: return NULL; michael@0: } michael@0: break; michael@0: case conv_none: michael@0: PORT_Assert(0); /* not reached */ michael@0: break; michael@0: } michael@0: michael@0: avaValue.data = utf8Val; michael@0: avaValue.len = utf8ValLen; michael@0: } michael@0: michael@0: retItem = SECITEM_DupItem(&avaValue); michael@0: PORT_FreeArena(newarena, PR_FALSE); michael@0: return retItem; michael@0: }