/src/nss/lib/certhigh/crlv2.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* This Source Code Form is subject to the terms of the Mozilla Public |
2 | | * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 | | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | | |
5 | | /* |
6 | | * Code for dealing with x.509 v3 crl and crl entries extensions. |
7 | | */ |
8 | | |
9 | | #include "cert.h" |
10 | | #include "secitem.h" |
11 | | #include "secoid.h" |
12 | | #include "secoidt.h" |
13 | | #include "secder.h" |
14 | | #include "secasn1.h" |
15 | | #include "certxutl.h" |
16 | | |
17 | | SECStatus |
18 | | CERT_FindCRLExtensionByOID(CERTCrl *crl, SECItem *oid, SECItem *value) |
19 | 0 | { |
20 | 0 | return (cert_FindExtensionByOID(crl->extensions, oid, value)); |
21 | 0 | } |
22 | | |
23 | | SECStatus |
24 | | CERT_FindCRLExtension(CERTCrl *crl, int tag, SECItem *value) |
25 | 0 | { |
26 | 0 | return (cert_FindExtension(crl->extensions, tag, value)); |
27 | 0 | } |
28 | | |
29 | | /* Callback to set extensions and adjust verison */ |
30 | | static void |
31 | | SetCrlExts(void *object, CERTCertExtension **exts) |
32 | 0 | { |
33 | 0 | CERTCrl *crl = (CERTCrl *)object; |
34 | |
|
35 | 0 | crl->extensions = exts; |
36 | 0 | DER_SetUInteger(crl->arena, &crl->version, SEC_CRL_VERSION_2); |
37 | 0 | } |
38 | | |
39 | | void * |
40 | | CERT_StartCRLExtensions(CERTCrl *crl) |
41 | 0 | { |
42 | 0 | return (cert_StartExtensions((void *)crl, crl->arena, SetCrlExts)); |
43 | 0 | } |
44 | | |
45 | | static void |
46 | | SetCrlEntryExts(void *object, CERTCertExtension **exts) |
47 | 0 | { |
48 | 0 | CERTCrlEntry *crlEntry = (CERTCrlEntry *)object; |
49 | |
|
50 | 0 | crlEntry->extensions = exts; |
51 | 0 | } |
52 | | |
53 | | void * |
54 | | CERT_StartCRLEntryExtensions(CERTCrl *crl, CERTCrlEntry *entry) |
55 | 0 | { |
56 | 0 | return (cert_StartExtensions(entry, crl->arena, SetCrlEntryExts)); |
57 | 0 | } |
58 | | |
59 | | SECStatus |
60 | | CERT_FindCRLNumberExten(PLArenaPool *arena, CERTCrl *crl, |
61 | | SECItem *value) |
62 | 0 | { |
63 | 0 | SECItem encodedExtenValue; |
64 | 0 | SECItem *tmpItem = NULL; |
65 | 0 | SECStatus rv; |
66 | 0 | void *mark = NULL; |
67 | |
|
68 | 0 | encodedExtenValue.data = NULL; |
69 | 0 | encodedExtenValue.len = 0; |
70 | |
|
71 | 0 | rv = cert_FindExtension(crl->extensions, SEC_OID_X509_CRL_NUMBER, |
72 | 0 | &encodedExtenValue); |
73 | 0 | if (rv != SECSuccess) |
74 | 0 | return (rv); |
75 | | |
76 | 0 | mark = PORT_ArenaMark(arena); |
77 | |
|
78 | 0 | tmpItem = SECITEM_ArenaDupItem(arena, &encodedExtenValue); |
79 | 0 | if (tmpItem) { |
80 | 0 | rv = SEC_QuickDERDecodeItem(arena, value, |
81 | 0 | SEC_ASN1_GET(SEC_IntegerTemplate), |
82 | 0 | tmpItem); |
83 | 0 | } else { |
84 | 0 | rv = SECFailure; |
85 | 0 | } |
86 | |
|
87 | 0 | PORT_Free(encodedExtenValue.data); |
88 | 0 | if (rv == SECFailure) { |
89 | 0 | PORT_ArenaRelease(arena, mark); |
90 | 0 | } else { |
91 | 0 | PORT_ArenaUnmark(arena, mark); |
92 | 0 | } |
93 | 0 | return (rv); |
94 | 0 | } |
95 | | |
96 | | SECStatus |
97 | | CERT_FindCRLEntryReasonExten(CERTCrlEntry *crlEntry, |
98 | | CERTCRLEntryReasonCode *value) |
99 | 0 | { |
100 | 0 | SECItem wrapperItem = { siBuffer, 0 }; |
101 | 0 | SECItem tmpItem = { siBuffer, 0 }; |
102 | 0 | SECStatus rv; |
103 | 0 | PLArenaPool *arena = NULL; |
104 | |
|
105 | 0 | arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
106 | 0 | if (!arena) { |
107 | 0 | return (SECFailure); |
108 | 0 | } |
109 | | |
110 | 0 | rv = cert_FindExtension(crlEntry->extensions, SEC_OID_X509_REASON_CODE, |
111 | 0 | &wrapperItem); |
112 | 0 | if (rv != SECSuccess) { |
113 | 0 | goto loser; |
114 | 0 | } |
115 | | |
116 | 0 | rv = SEC_QuickDERDecodeItem(arena, &tmpItem, |
117 | 0 | SEC_ASN1_GET(SEC_EnumeratedTemplate), |
118 | 0 | &wrapperItem); |
119 | |
|
120 | 0 | if (rv != SECSuccess) { |
121 | 0 | goto loser; |
122 | 0 | } |
123 | | |
124 | 0 | *value = (CERTCRLEntryReasonCode)DER_GetInteger(&tmpItem); |
125 | |
|
126 | 0 | loser: |
127 | 0 | if (arena) { |
128 | 0 | PORT_FreeArena(arena, PR_FALSE); |
129 | 0 | } |
130 | |
|
131 | 0 | if (wrapperItem.data) { |
132 | 0 | PORT_Free(wrapperItem.data); |
133 | 0 | } |
134 | |
|
135 | 0 | return (rv); |
136 | 0 | } |
137 | | |
138 | | SECStatus |
139 | | CERT_FindInvalidDateExten(CERTCrl *crl, PRTime *value) |
140 | 0 | { |
141 | 0 | SECItem encodedExtenValue; |
142 | 0 | SECItem decodedExtenValue = { siBuffer, 0 }; |
143 | 0 | SECStatus rv; |
144 | |
|
145 | 0 | encodedExtenValue.data = decodedExtenValue.data = NULL; |
146 | 0 | encodedExtenValue.len = decodedExtenValue.len = 0; |
147 | |
|
148 | 0 | rv = cert_FindExtension(crl->extensions, SEC_OID_X509_INVALID_DATE, &encodedExtenValue); |
149 | 0 | if (rv != SECSuccess) |
150 | 0 | return (rv); |
151 | | |
152 | 0 | rv = SEC_ASN1DecodeItem(NULL, &decodedExtenValue, |
153 | 0 | SEC_ASN1_GET(SEC_GeneralizedTimeTemplate), |
154 | 0 | &encodedExtenValue); |
155 | 0 | if (rv == SECSuccess) |
156 | 0 | rv = DER_GeneralizedTimeToTime(value, &encodedExtenValue); |
157 | 0 | PORT_Free(decodedExtenValue.data); |
158 | 0 | PORT_Free(encodedExtenValue.data); |
159 | 0 | return (rv); |
160 | 0 | } |