/src/nss-nspr/nss/lib/certdb/xauthkid.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* This Source Code Form is subject to the terms of the Mozilla Public |
2 | | * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 | | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | | |
5 | | /* |
6 | | * X.509 v3 Subject Key Usage Extension |
7 | | * |
8 | | */ |
9 | | |
10 | | #include "prtypes.h" |
11 | | #include "seccomon.h" |
12 | | #include "secdert.h" |
13 | | #include "secoidt.h" |
14 | | #include "secasn1t.h" |
15 | | #include "secasn1.h" |
16 | | #include "secport.h" |
17 | | #include "certt.h" |
18 | | #include "genname.h" |
19 | | #include "secerr.h" |
20 | | |
21 | | SEC_ASN1_MKSUB(SEC_IntegerTemplate) |
22 | | SEC_ASN1_MKSUB(SEC_OctetStringTemplate) |
23 | | |
24 | | const SEC_ASN1Template CERTAuthKeyIDTemplate[] = { |
25 | | { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAuthKeyID) }, |
26 | | { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, |
27 | | offsetof(CERTAuthKeyID, keyID), SEC_ASN1_SUB(SEC_OctetStringTemplate) }, |
28 | | { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1, |
29 | | offsetof(CERTAuthKeyID, DERAuthCertIssuer), CERT_GeneralNamesTemplate }, |
30 | | { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2, |
31 | | offsetof(CERTAuthKeyID, authCertSerialNumber), |
32 | | SEC_ASN1_SUB(SEC_IntegerTemplate) }, |
33 | | { 0 } |
34 | | }; |
35 | | |
36 | | SECStatus |
37 | | CERT_EncodeAuthKeyID(PLArenaPool *arena, CERTAuthKeyID *value, |
38 | | SECItem *encodedValue) |
39 | 0 | { |
40 | 0 | SECStatus rv = SECFailure; |
41 | |
|
42 | 0 | PORT_Assert(value); |
43 | 0 | PORT_Assert(arena); |
44 | 0 | PORT_Assert(value->DERAuthCertIssuer == NULL); |
45 | 0 | PORT_Assert(encodedValue); |
46 | |
|
47 | 0 | do { |
48 | | |
49 | | /* If both of the authCertIssuer and the serial number exist, encode |
50 | | the name first. Otherwise, it is an error if one exist and the other |
51 | | is not. |
52 | | */ |
53 | 0 | if (value->authCertIssuer) { |
54 | 0 | if (!value->authCertSerialNumber.data) { |
55 | 0 | PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID); |
56 | 0 | break; |
57 | 0 | } |
58 | | |
59 | 0 | value->DERAuthCertIssuer = |
60 | 0 | cert_EncodeGeneralNames(arena, value->authCertIssuer); |
61 | 0 | if (!value->DERAuthCertIssuer) { |
62 | 0 | PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID); |
63 | 0 | break; |
64 | 0 | } |
65 | 0 | } else if (value->authCertSerialNumber.data) { |
66 | 0 | PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID); |
67 | 0 | break; |
68 | 0 | } |
69 | | |
70 | 0 | if (SEC_ASN1EncodeItem(arena, encodedValue, value, |
71 | 0 | CERTAuthKeyIDTemplate) == NULL) |
72 | 0 | break; |
73 | 0 | rv = SECSuccess; |
74 | |
|
75 | 0 | } while (0); |
76 | 0 | return (rv); |
77 | 0 | } |
78 | | |
79 | | CERTAuthKeyID * |
80 | | CERT_DecodeAuthKeyID(PLArenaPool *arena, const SECItem *encodedValue) |
81 | 0 | { |
82 | 0 | CERTAuthKeyID *value = NULL; |
83 | 0 | SECStatus rv = SECFailure; |
84 | 0 | void *mark; |
85 | 0 | SECItem newEncodedValue; |
86 | |
|
87 | 0 | PORT_Assert(arena); |
88 | |
|
89 | 0 | do { |
90 | 0 | mark = PORT_ArenaMark(arena); |
91 | 0 | value = (CERTAuthKeyID *)PORT_ArenaZAlloc(arena, sizeof(*value)); |
92 | 0 | if (value == NULL) |
93 | 0 | break; |
94 | 0 | value->DERAuthCertIssuer = NULL; |
95 | | /* copy the DER into the arena, since Quick DER returns data that points |
96 | | into the DER input, which may get freed by the caller */ |
97 | 0 | rv = SECITEM_CopyItem(arena, &newEncodedValue, encodedValue); |
98 | 0 | if (rv != SECSuccess) { |
99 | 0 | break; |
100 | 0 | } |
101 | | |
102 | 0 | rv = SEC_QuickDERDecodeItem(arena, value, CERTAuthKeyIDTemplate, |
103 | 0 | &newEncodedValue); |
104 | 0 | if (rv != SECSuccess) |
105 | 0 | break; |
106 | | |
107 | 0 | value->authCertIssuer = |
108 | 0 | cert_DecodeGeneralNames(arena, value->DERAuthCertIssuer); |
109 | 0 | if (value->authCertIssuer == NULL) |
110 | 0 | break; |
111 | | |
112 | | /* what if the general name contains other format but not URI ? |
113 | | hl |
114 | | */ |
115 | 0 | if ((value->authCertSerialNumber.data && !value->authCertIssuer) || |
116 | 0 | (!value->authCertSerialNumber.data && value->authCertIssuer)) { |
117 | 0 | PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID); |
118 | 0 | break; |
119 | 0 | } |
120 | 0 | } while (0); |
121 | | |
122 | 0 | if (rv != SECSuccess) { |
123 | 0 | PORT_ArenaRelease(arena, mark); |
124 | 0 | return ((CERTAuthKeyID *)NULL); |
125 | 0 | } |
126 | 0 | PORT_ArenaUnmark(arena, mark); |
127 | 0 | return (value); |
128 | 0 | } |