Coverage Report

Created: 2024-11-21 07:03

/src/nss-nspr/nss/lib/certdb/xauthkid.c
Line
Count
Source (jump to first uncovered line)
1
/* This Source Code Form is subject to the terms of the Mozilla Public
2
 * License, v. 2.0. If a copy of the MPL was not distributed with this
3
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5
/*
6
 * X.509 v3 Subject Key Usage Extension
7
 *
8
 */
9
10
#include "prtypes.h"
11
#include "seccomon.h"
12
#include "secdert.h"
13
#include "secoidt.h"
14
#include "secasn1t.h"
15
#include "secasn1.h"
16
#include "secport.h"
17
#include "certt.h"
18
#include "genname.h"
19
#include "secerr.h"
20
21
SEC_ASN1_MKSUB(SEC_IntegerTemplate)
22
SEC_ASN1_MKSUB(SEC_OctetStringTemplate)
23
24
const SEC_ASN1Template CERTAuthKeyIDTemplate[] = {
25
    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAuthKeyID) },
26
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
27
      offsetof(CERTAuthKeyID, keyID), SEC_ASN1_SUB(SEC_OctetStringTemplate) },
28
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
29
      offsetof(CERTAuthKeyID, DERAuthCertIssuer), CERT_GeneralNamesTemplate },
30
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
31
      offsetof(CERTAuthKeyID, authCertSerialNumber),
32
      SEC_ASN1_SUB(SEC_IntegerTemplate) },
33
    { 0 }
34
};
35
36
SECStatus
37
CERT_EncodeAuthKeyID(PLArenaPool *arena, CERTAuthKeyID *value,
38
                     SECItem *encodedValue)
39
0
{
40
0
    SECStatus rv = SECFailure;
41
42
0
    PORT_Assert(value);
43
0
    PORT_Assert(arena);
44
0
    PORT_Assert(value->DERAuthCertIssuer == NULL);
45
0
    PORT_Assert(encodedValue);
46
47
0
    do {
48
49
        /* If both of the authCertIssuer and the serial number exist, encode
50
           the name first.  Otherwise, it is an error if one exist and the other
51
           is not.
52
         */
53
0
        if (value->authCertIssuer) {
54
0
            if (!value->authCertSerialNumber.data) {
55
0
                PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
56
0
                break;
57
0
            }
58
59
0
            value->DERAuthCertIssuer =
60
0
                cert_EncodeGeneralNames(arena, value->authCertIssuer);
61
0
            if (!value->DERAuthCertIssuer) {
62
0
                PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
63
0
                break;
64
0
            }
65
0
        } else if (value->authCertSerialNumber.data) {
66
0
            PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
67
0
            break;
68
0
        }
69
70
0
        if (SEC_ASN1EncodeItem(arena, encodedValue, value,
71
0
                               CERTAuthKeyIDTemplate) == NULL)
72
0
            break;
73
0
        rv = SECSuccess;
74
75
0
    } while (0);
76
0
    return (rv);
77
0
}
78
79
CERTAuthKeyID *
80
CERT_DecodeAuthKeyID(PLArenaPool *arena, const SECItem *encodedValue)
81
0
{
82
0
    CERTAuthKeyID *value = NULL;
83
0
    SECStatus rv = SECFailure;
84
0
    void *mark;
85
0
    SECItem newEncodedValue;
86
87
0
    PORT_Assert(arena);
88
89
0
    do {
90
0
        mark = PORT_ArenaMark(arena);
91
0
        value = (CERTAuthKeyID *)PORT_ArenaZAlloc(arena, sizeof(*value));
92
0
        if (value == NULL)
93
0
            break;
94
0
        value->DERAuthCertIssuer = NULL;
95
        /* copy the DER into the arena, since Quick DER returns data that points
96
           into the DER input, which may get freed by the caller */
97
0
        rv = SECITEM_CopyItem(arena, &newEncodedValue, encodedValue);
98
0
        if (rv != SECSuccess) {
99
0
            break;
100
0
        }
101
102
0
        rv = SEC_QuickDERDecodeItem(arena, value, CERTAuthKeyIDTemplate,
103
0
                                    &newEncodedValue);
104
0
        if (rv != SECSuccess)
105
0
            break;
106
107
0
        value->authCertIssuer =
108
0
            cert_DecodeGeneralNames(arena, value->DERAuthCertIssuer);
109
0
        if (value->authCertIssuer == NULL)
110
0
            break;
111
112
        /* what if the general name contains other format but not URI ?
113
           hl
114
         */
115
0
        if ((value->authCertSerialNumber.data && !value->authCertIssuer) ||
116
0
            (!value->authCertSerialNumber.data && value->authCertIssuer)) {
117
0
            PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
118
0
            break;
119
0
        }
120
0
    } while (0);
121
122
0
    if (rv != SECSuccess) {
123
0
        PORT_ArenaRelease(arena, mark);
124
0
        return ((CERTAuthKeyID *)NULL);
125
0
    }
126
0
    PORT_ArenaUnmark(arena, mark);
127
0
    return (value);
128
0
}