/src/nss/lib/certdb/secname.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* This Source Code Form is subject to the terms of the Mozilla Public |
2 | | * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 | | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | | |
5 | | #include "cert.h" |
6 | | #include "secoid.h" |
7 | | #include "secder.h" /* XXX remove this when remove the DERTemplates */ |
8 | | #include "secasn1.h" |
9 | | #include "secitem.h" |
10 | | #include <stdarg.h> |
11 | | #include "secerr.h" |
12 | | #include "certi.h" |
13 | | |
14 | | static const SEC_ASN1Template cert_AVATemplate[] = { |
15 | | { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAVA) }, |
16 | | { SEC_ASN1_OBJECT_ID, offsetof(CERTAVA, type) }, |
17 | | { SEC_ASN1_ANY, offsetof(CERTAVA, value) }, |
18 | | { 0 } |
19 | | }; |
20 | | |
21 | | const SEC_ASN1Template CERT_RDNTemplate[] = { |
22 | | { SEC_ASN1_SET_OF, offsetof(CERTRDN, avas), cert_AVATemplate, |
23 | | sizeof(CERTRDN) } |
24 | | }; |
25 | | |
26 | | static int |
27 | | CountArray(void **array) |
28 | 0 | { |
29 | 0 | int count = 0; |
30 | 0 | if (array) { |
31 | 0 | while (*array++) { |
32 | 0 | count++; |
33 | 0 | } |
34 | 0 | } |
35 | 0 | return count; |
36 | 0 | } |
37 | | |
38 | | static void ** |
39 | | AddToArray(PLArenaPool *arena, void **array, void *element) |
40 | 0 | { |
41 | 0 | unsigned count; |
42 | 0 | void **ap; |
43 | | |
44 | | /* Count up number of slots already in use in the array */ |
45 | 0 | count = 0; |
46 | 0 | ap = array; |
47 | 0 | if (ap) { |
48 | 0 | while (*ap++) { |
49 | 0 | count++; |
50 | 0 | } |
51 | 0 | } |
52 | |
|
53 | 0 | if (array) { |
54 | 0 | array = |
55 | 0 | (void **)PORT_ArenaGrow(arena, array, (count + 1) * sizeof(void *), |
56 | 0 | (count + 2) * sizeof(void *)); |
57 | 0 | } else { |
58 | 0 | array = (void **)PORT_ArenaAlloc(arena, (count + 2) * sizeof(void *)); |
59 | 0 | } |
60 | 0 | if (array) { |
61 | 0 | array[count] = element; |
62 | 0 | array[count + 1] = 0; |
63 | 0 | } |
64 | 0 | return array; |
65 | 0 | } |
66 | | |
67 | | SECOidTag |
68 | | CERT_GetAVATag(CERTAVA *ava) |
69 | 0 | { |
70 | 0 | SECOidData *oid; |
71 | 0 | if (!ava->type.data) |
72 | 0 | return (SECOidTag)-1; |
73 | | |
74 | 0 | oid = SECOID_FindOID(&ava->type); |
75 | |
|
76 | 0 | if (oid) { |
77 | 0 | return (oid->offset); |
78 | 0 | } |
79 | 0 | return (SECOidTag)-1; |
80 | 0 | } |
81 | | |
82 | | static SECStatus |
83 | | SetupAVAType(PLArenaPool *arena, SECOidTag type, SECItem *it, unsigned *maxLenp) |
84 | 0 | { |
85 | 0 | unsigned char *oid; |
86 | 0 | unsigned oidLen; |
87 | 0 | unsigned char *cp; |
88 | 0 | int maxLen; |
89 | 0 | SECOidData *oidrec; |
90 | |
|
91 | 0 | oidrec = SECOID_FindOIDByTag(type); |
92 | 0 | if (oidrec == NULL) |
93 | 0 | return SECFailure; |
94 | | |
95 | 0 | oid = oidrec->oid.data; |
96 | 0 | oidLen = oidrec->oid.len; |
97 | |
|
98 | 0 | maxLen = cert_AVAOidTagToMaxLen(type); |
99 | 0 | if (maxLen < 0) { |
100 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
101 | 0 | return SECFailure; |
102 | 0 | } |
103 | | |
104 | 0 | it->data = cp = (unsigned char *)PORT_ArenaAlloc(arena, oidLen); |
105 | 0 | if (cp == NULL) { |
106 | 0 | return SECFailure; |
107 | 0 | } |
108 | 0 | it->len = oidLen; |
109 | 0 | PORT_Memcpy(cp, oid, oidLen); |
110 | 0 | *maxLenp = (unsigned)maxLen; |
111 | 0 | return SECSuccess; |
112 | 0 | } |
113 | | |
114 | | static SECStatus |
115 | | SetupAVAValue(PLArenaPool *arena, int valueType, const SECItem *in, |
116 | | SECItem *out, unsigned maxLen) |
117 | 0 | { |
118 | 0 | PRUint8 *value, *cp, *ucs4Val; |
119 | 0 | unsigned valueLen, valueLenLen, total; |
120 | 0 | unsigned ucs4Len = 0, ucs4MaxLen; |
121 | |
|
122 | 0 | value = in->data; |
123 | 0 | valueLen = in->len; |
124 | 0 | switch (valueType) { |
125 | 0 | case SEC_ASN1_PRINTABLE_STRING: |
126 | 0 | case SEC_ASN1_IA5_STRING: |
127 | 0 | case SEC_ASN1_T61_STRING: |
128 | 0 | case SEC_ASN1_UTF8_STRING: /* no conversion required */ |
129 | 0 | break; |
130 | 0 | case SEC_ASN1_UNIVERSAL_STRING: |
131 | 0 | ucs4MaxLen = valueLen * 6; |
132 | 0 | ucs4Val = (PRUint8 *)PORT_ArenaZAlloc(arena, ucs4MaxLen); |
133 | 0 | if (!ucs4Val || |
134 | 0 | !PORT_UCS4_UTF8Conversion(PR_TRUE, value, valueLen, ucs4Val, |
135 | 0 | ucs4MaxLen, &ucs4Len)) { |
136 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
137 | 0 | return SECFailure; |
138 | 0 | } |
139 | 0 | value = ucs4Val; |
140 | 0 | valueLen = ucs4Len; |
141 | 0 | maxLen *= 4; |
142 | 0 | break; |
143 | 0 | default: |
144 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
145 | 0 | return SECFailure; |
146 | 0 | } |
147 | | |
148 | 0 | if (valueLen > maxLen) { |
149 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
150 | 0 | return SECFailure; |
151 | 0 | } |
152 | | |
153 | 0 | valueLenLen = DER_LengthLength(valueLen); |
154 | 0 | total = 1 + valueLenLen + valueLen; |
155 | 0 | cp = (PRUint8 *)PORT_ArenaAlloc(arena, total); |
156 | 0 | if (!cp) { |
157 | 0 | return SECFailure; |
158 | 0 | } |
159 | 0 | out->data = cp; |
160 | 0 | out->len = total; |
161 | 0 | cp = (PRUint8 *)DER_StoreHeader(cp, valueType, valueLen); |
162 | 0 | PORT_Memcpy(cp, value, valueLen); |
163 | 0 | return SECSuccess; |
164 | 0 | } |
165 | | |
166 | | CERTAVA * |
167 | | CERT_CreateAVAFromRaw(PLArenaPool *pool, const SECItem *OID, |
168 | | const SECItem *value) |
169 | 0 | { |
170 | 0 | CERTAVA *ava; |
171 | 0 | int rv; |
172 | |
|
173 | 0 | ava = PORT_ArenaZNew(pool, CERTAVA); |
174 | 0 | if (ava) { |
175 | 0 | rv = SECITEM_CopyItem(pool, &ava->type, OID); |
176 | 0 | if (rv) |
177 | 0 | return NULL; |
178 | | |
179 | 0 | rv = SECITEM_CopyItem(pool, &ava->value, value); |
180 | 0 | if (rv) |
181 | 0 | return NULL; |
182 | 0 | } |
183 | 0 | return ava; |
184 | 0 | } |
185 | | |
186 | | CERTAVA * |
187 | | CERT_CreateAVAFromSECItem(PLArenaPool *arena, SECOidTag kind, int valueType, |
188 | | SECItem *value) |
189 | 0 | { |
190 | 0 | CERTAVA *ava; |
191 | 0 | int rv; |
192 | 0 | unsigned maxLen; |
193 | |
|
194 | 0 | ava = (CERTAVA *)PORT_ArenaZAlloc(arena, sizeof(CERTAVA)); |
195 | 0 | if (ava) { |
196 | 0 | rv = SetupAVAType(arena, kind, &ava->type, &maxLen); |
197 | 0 | if (rv) { |
198 | | /* Illegal AVA type */ |
199 | 0 | return NULL; |
200 | 0 | } |
201 | 0 | rv = SetupAVAValue(arena, valueType, value, &ava->value, maxLen); |
202 | 0 | if (rv) { |
203 | | /* Illegal value type */ |
204 | 0 | return NULL; |
205 | 0 | } |
206 | 0 | } |
207 | 0 | return ava; |
208 | 0 | } |
209 | | |
210 | | CERTAVA * |
211 | | CERT_CreateAVA(PLArenaPool *arena, SECOidTag kind, int valueType, char *value) |
212 | 0 | { |
213 | 0 | SECItem item = { siBuffer, NULL, 0 }; |
214 | |
|
215 | 0 | item.data = (PRUint8 *)value; |
216 | 0 | item.len = PORT_Strlen(value); |
217 | |
|
218 | 0 | return CERT_CreateAVAFromSECItem(arena, kind, valueType, &item); |
219 | 0 | } |
220 | | |
221 | | CERTAVA * |
222 | | CERT_CopyAVA(PLArenaPool *arena, CERTAVA *from) |
223 | 0 | { |
224 | 0 | CERTAVA *ava; |
225 | 0 | int rv; |
226 | |
|
227 | 0 | ava = (CERTAVA *)PORT_ArenaZAlloc(arena, sizeof(CERTAVA)); |
228 | 0 | if (ava) { |
229 | 0 | rv = SECITEM_CopyItem(arena, &ava->type, &from->type); |
230 | 0 | if (rv) |
231 | 0 | goto loser; |
232 | 0 | rv = SECITEM_CopyItem(arena, &ava->value, &from->value); |
233 | 0 | if (rv) |
234 | 0 | goto loser; |
235 | 0 | } |
236 | 0 | return ava; |
237 | | |
238 | 0 | loser: |
239 | 0 | return 0; |
240 | 0 | } |
241 | | |
242 | | CERTRDN * |
243 | | CERT_CreateRDN(PLArenaPool *arena, CERTAVA *ava0, ...) |
244 | 0 | { |
245 | 0 | CERTAVA *ava; |
246 | 0 | CERTRDN *rdn; |
247 | 0 | va_list ap; |
248 | 0 | unsigned count; |
249 | 0 | CERTAVA **avap; |
250 | |
|
251 | 0 | rdn = (CERTRDN *)PORT_ArenaAlloc(arena, sizeof(CERTRDN)); |
252 | 0 | if (rdn) { |
253 | | /* Count number of avas going into the rdn */ |
254 | 0 | count = 0; |
255 | 0 | if (ava0) { |
256 | 0 | count++; |
257 | 0 | va_start(ap, ava0); |
258 | 0 | while (va_arg(ap, CERTAVA *) != 0) { |
259 | 0 | count++; |
260 | 0 | } |
261 | 0 | va_end(ap); |
262 | 0 | } |
263 | | |
264 | | /* Now fill in the pointers */ |
265 | 0 | rdn->avas = avap = |
266 | 0 | (CERTAVA **)PORT_ArenaAlloc(arena, (count + 1) * sizeof(CERTAVA *)); |
267 | 0 | if (!avap) { |
268 | 0 | return 0; |
269 | 0 | } |
270 | 0 | if (ava0) { |
271 | 0 | *avap++ = ava0; |
272 | 0 | va_start(ap, ava0); |
273 | 0 | while ((ava = va_arg(ap, CERTAVA *)) != 0) { |
274 | 0 | *avap++ = ava; |
275 | 0 | } |
276 | 0 | va_end(ap); |
277 | 0 | } |
278 | 0 | *avap++ = 0; |
279 | 0 | } |
280 | 0 | return rdn; |
281 | 0 | } |
282 | | |
283 | | SECStatus |
284 | | CERT_AddAVA(PLArenaPool *arena, CERTRDN *rdn, CERTAVA *ava) |
285 | 0 | { |
286 | 0 | rdn->avas = (CERTAVA **)AddToArray(arena, (void **)rdn->avas, ava); |
287 | 0 | return rdn->avas ? SECSuccess : SECFailure; |
288 | 0 | } |
289 | | |
290 | | SECStatus |
291 | | CERT_CopyRDN(PLArenaPool *arena, CERTRDN *to, CERTRDN *from) |
292 | 0 | { |
293 | 0 | CERTAVA **avas, *fava, *tava; |
294 | 0 | SECStatus rv = SECSuccess; |
295 | | |
296 | | /* Copy each ava from from */ |
297 | 0 | avas = from->avas; |
298 | 0 | if (avas) { |
299 | 0 | if (avas[0] == NULL) { |
300 | 0 | rv = CERT_AddAVA(arena, to, NULL); |
301 | 0 | return rv; |
302 | 0 | } |
303 | 0 | while ((fava = *avas++) != 0) { |
304 | 0 | tava = CERT_CopyAVA(arena, fava); |
305 | 0 | if (!tava) { |
306 | 0 | rv = SECFailure; |
307 | 0 | break; |
308 | 0 | } |
309 | 0 | rv = CERT_AddAVA(arena, to, tava); |
310 | 0 | if (rv != SECSuccess) |
311 | 0 | break; |
312 | 0 | } |
313 | 0 | } |
314 | 0 | return rv; |
315 | 0 | } |
316 | | |
317 | | /************************************************************************/ |
318 | | |
319 | | const SEC_ASN1Template CERT_NameTemplate[] = { |
320 | | { SEC_ASN1_SEQUENCE_OF, offsetof(CERTName, rdns), CERT_RDNTemplate, |
321 | | sizeof(CERTName) } |
322 | | }; |
323 | | |
324 | | SEC_ASN1_CHOOSER_IMPLEMENT(CERT_NameTemplate) |
325 | | |
326 | | CERTName * |
327 | | CERT_CreateName(CERTRDN *rdn0, ...) |
328 | 0 | { |
329 | 0 | CERTRDN *rdn; |
330 | 0 | CERTName *name; |
331 | 0 | va_list ap; |
332 | 0 | unsigned count; |
333 | 0 | CERTRDN **rdnp; |
334 | 0 | PLArenaPool *arena; |
335 | |
|
336 | 0 | arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
337 | 0 | if (!arena) { |
338 | 0 | return (0); |
339 | 0 | } |
340 | | |
341 | 0 | name = (CERTName *)PORT_ArenaAlloc(arena, sizeof(CERTName)); |
342 | 0 | if (name) { |
343 | 0 | name->arena = arena; |
344 | | |
345 | | /* Count number of RDNs going into the Name */ |
346 | 0 | if (!rdn0) { |
347 | 0 | count = 0; |
348 | 0 | } else { |
349 | 0 | count = 1; |
350 | 0 | va_start(ap, rdn0); |
351 | 0 | while (va_arg(ap, CERTRDN *) != 0) { |
352 | 0 | count++; |
353 | 0 | } |
354 | 0 | va_end(ap); |
355 | 0 | } |
356 | | |
357 | | /* Allocate space (including space for terminal null ptr) */ |
358 | 0 | name->rdns = rdnp = |
359 | 0 | (CERTRDN **)PORT_ArenaAlloc(arena, (count + 1) * sizeof(CERTRDN *)); |
360 | 0 | if (!name->rdns) { |
361 | 0 | goto loser; |
362 | 0 | } |
363 | | |
364 | | /* Now fill in the pointers */ |
365 | 0 | if (count > 0) { |
366 | 0 | *rdnp++ = rdn0; |
367 | 0 | va_start(ap, rdn0); |
368 | 0 | while ((rdn = va_arg(ap, CERTRDN *)) != 0) { |
369 | 0 | *rdnp++ = rdn; |
370 | 0 | } |
371 | 0 | va_end(ap); |
372 | 0 | } |
373 | | |
374 | | /* null terminate the list */ |
375 | 0 | *rdnp++ = 0; |
376 | 0 | } |
377 | 0 | return name; |
378 | | |
379 | 0 | loser: |
380 | 0 | PORT_FreeArena(arena, PR_FALSE); |
381 | 0 | return (0); |
382 | 0 | } |
383 | | |
384 | | void |
385 | | CERT_DestroyName(CERTName *name) |
386 | 0 | { |
387 | 0 | if (name) { |
388 | 0 | PLArenaPool *arena = name->arena; |
389 | 0 | name->rdns = NULL; |
390 | 0 | name->arena = NULL; |
391 | 0 | if (arena) |
392 | 0 | PORT_FreeArena(arena, PR_FALSE); |
393 | 0 | } |
394 | 0 | } |
395 | | |
396 | | SECStatus |
397 | | CERT_AddRDN(CERTName *name, CERTRDN *rdn) |
398 | 0 | { |
399 | 0 | name->rdns = (CERTRDN **)AddToArray(name->arena, (void **)name->rdns, rdn); |
400 | 0 | return name->rdns ? SECSuccess : SECFailure; |
401 | 0 | } |
402 | | |
403 | | SECStatus |
404 | | CERT_CopyName(PLArenaPool *arena, CERTName *to, const CERTName *from) |
405 | 0 | { |
406 | 0 | CERTRDN **rdns, *frdn, *trdn; |
407 | 0 | SECStatus rv = SECSuccess; |
408 | |
|
409 | 0 | if (!to || !from) { |
410 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
411 | 0 | return SECFailure; |
412 | 0 | } |
413 | | |
414 | 0 | CERT_DestroyName(to); |
415 | 0 | to->arena = arena; |
416 | | |
417 | | /* Copy each rdn from from */ |
418 | 0 | rdns = from->rdns; |
419 | 0 | if (rdns) { |
420 | 0 | if (rdns[0] == NULL) { |
421 | 0 | rv = CERT_AddRDN(to, NULL); |
422 | 0 | return rv; |
423 | 0 | } |
424 | 0 | while ((frdn = *rdns++) != NULL) { |
425 | 0 | trdn = CERT_CreateRDN(arena, NULL); |
426 | 0 | if (!trdn) { |
427 | 0 | rv = SECFailure; |
428 | 0 | break; |
429 | 0 | } |
430 | 0 | rv = CERT_CopyRDN(arena, trdn, frdn); |
431 | 0 | if (rv != SECSuccess) |
432 | 0 | break; |
433 | 0 | rv = CERT_AddRDN(to, trdn); |
434 | 0 | if (rv != SECSuccess) |
435 | 0 | break; |
436 | 0 | } |
437 | 0 | } |
438 | 0 | return rv; |
439 | 0 | } |
440 | | |
441 | | /************************************************************************/ |
442 | | |
443 | | static void |
444 | | canonicalize(SECItem *foo) |
445 | 0 | { |
446 | 0 | int ch, lastch, len, src, dest; |
447 | | |
448 | | /* strip trailing whitespace. */ |
449 | 0 | len = foo->len; |
450 | 0 | while (len > 0 && ((ch = foo->data[len - 1]) == ' ' || ch == '\t' || |
451 | 0 | ch == '\r' || ch == '\n')) { |
452 | 0 | len--; |
453 | 0 | } |
454 | |
|
455 | 0 | src = 0; |
456 | | /* strip leading whitespace. */ |
457 | 0 | while (src < len && ((ch = foo->data[src]) == ' ' || ch == '\t' || |
458 | 0 | ch == '\r' || ch == '\n')) { |
459 | 0 | src++; |
460 | 0 | } |
461 | 0 | dest = 0; |
462 | 0 | lastch = ' '; |
463 | 0 | while (src < len) { |
464 | 0 | ch = foo->data[src++]; |
465 | 0 | if (ch == ' ' || ch == '\t' || ch == '\r' || ch == '\n') { |
466 | 0 | ch = ' '; |
467 | 0 | if (ch == lastch) |
468 | 0 | continue; |
469 | 0 | } else if (ch >= 'A' && ch <= 'Z') { |
470 | 0 | ch |= 0x20; /* downshift */ |
471 | 0 | } |
472 | 0 | foo->data[dest++] = lastch = ch; |
473 | 0 | } |
474 | 0 | foo->len = dest; |
475 | 0 | } |
476 | | |
477 | | /* SECItems a and b contain DER-encoded printable strings. */ |
478 | | SECComparison |
479 | | CERT_CompareDERPrintableStrings(const SECItem *a, const SECItem *b) |
480 | 0 | { |
481 | 0 | SECComparison rv = SECLessThan; |
482 | 0 | SECItem *aVal = CERT_DecodeAVAValue(a); |
483 | 0 | SECItem *bVal = CERT_DecodeAVAValue(b); |
484 | |
|
485 | 0 | if (aVal && aVal->len && aVal->data && bVal && bVal->len && bVal->data) { |
486 | 0 | canonicalize(aVal); |
487 | 0 | canonicalize(bVal); |
488 | 0 | rv = SECITEM_CompareItem(aVal, bVal); |
489 | 0 | } |
490 | 0 | SECITEM_FreeItem(aVal, PR_TRUE); |
491 | 0 | SECITEM_FreeItem(bVal, PR_TRUE); |
492 | 0 | return rv; |
493 | 0 | } |
494 | | |
495 | | SECComparison |
496 | | CERT_CompareAVA(const CERTAVA *a, const CERTAVA *b) |
497 | 0 | { |
498 | 0 | SECComparison rv; |
499 | |
|
500 | 0 | rv = SECITEM_CompareItem(&a->type, &b->type); |
501 | 0 | if (SECEqual != rv) |
502 | 0 | return rv; /* Attribute types don't match. */ |
503 | | /* Let's be optimistic. Maybe the values will just compare equal. */ |
504 | 0 | rv = SECITEM_CompareItem(&a->value, &b->value); |
505 | 0 | if (SECEqual == rv) |
506 | 0 | return rv; /* values compared exactly. */ |
507 | 0 | if (a->value.len && a->value.data && b->value.len && b->value.data) { |
508 | | /* Here, the values did not match. |
509 | | ** If the values had different encodings, convert them to the same |
510 | | ** encoding and compare that way. |
511 | | */ |
512 | 0 | if (a->value.data[0] != b->value.data[0]) { |
513 | | /* encodings differ. Convert both to UTF-8 and compare. */ |
514 | 0 | SECItem *aVal = CERT_DecodeAVAValue(&a->value); |
515 | 0 | SECItem *bVal = CERT_DecodeAVAValue(&b->value); |
516 | 0 | if (aVal && aVal->len && aVal->data && bVal && bVal->len && |
517 | 0 | bVal->data) { |
518 | 0 | rv = SECITEM_CompareItem(aVal, bVal); |
519 | 0 | } |
520 | 0 | SECITEM_FreeItem(aVal, PR_TRUE); |
521 | 0 | SECITEM_FreeItem(bVal, PR_TRUE); |
522 | 0 | } else if (a->value.data[0] == 0x13) { /* both are printable strings. */ |
523 | | /* printable strings */ |
524 | 0 | rv = CERT_CompareDERPrintableStrings(&a->value, &b->value); |
525 | 0 | } |
526 | 0 | } |
527 | 0 | return rv; |
528 | 0 | } |
529 | | |
530 | | SECComparison |
531 | | CERT_CompareRDN(const CERTRDN *a, const CERTRDN *b) |
532 | 0 | { |
533 | 0 | CERTAVA **aavas, *aava; |
534 | 0 | CERTAVA **bavas, *bava; |
535 | 0 | int ac, bc; |
536 | 0 | SECComparison rv = SECEqual; |
537 | |
|
538 | 0 | aavas = a->avas; |
539 | 0 | bavas = b->avas; |
540 | | |
541 | | /* |
542 | | ** Make sure array of ava's are the same length. If not, then we are |
543 | | ** not equal |
544 | | */ |
545 | 0 | ac = CountArray((void **)aavas); |
546 | 0 | bc = CountArray((void **)bavas); |
547 | 0 | if (ac < bc) |
548 | 0 | return SECLessThan; |
549 | 0 | if (ac > bc) |
550 | 0 | return SECGreaterThan; |
551 | | |
552 | 0 | while (NULL != (aava = *aavas++)) { |
553 | 0 | for (bavas = b->avas; NULL != (bava = *bavas++);) { |
554 | 0 | rv = SECITEM_CompareItem(&aava->type, &bava->type); |
555 | 0 | if (SECEqual == rv) { |
556 | 0 | rv = CERT_CompareAVA(aava, bava); |
557 | 0 | if (SECEqual != rv) |
558 | 0 | return rv; |
559 | 0 | break; |
560 | 0 | } |
561 | 0 | } |
562 | 0 | if (!bava) /* didn't find a match */ |
563 | 0 | return SECGreaterThan; |
564 | 0 | } |
565 | 0 | return rv; |
566 | 0 | } |
567 | | |
568 | | SECComparison |
569 | | CERT_CompareName(const CERTName *a, const CERTName *b) |
570 | 0 | { |
571 | 0 | CERTRDN **ardns; |
572 | 0 | CERTRDN **brdns; |
573 | 0 | int ac, bc; |
574 | 0 | SECComparison rv = SECEqual; |
575 | |
|
576 | 0 | ardns = a->rdns; |
577 | 0 | brdns = b->rdns; |
578 | | |
579 | | /* |
580 | | ** Make sure array of rdn's are the same length. If not, then we are |
581 | | ** not equal |
582 | | */ |
583 | 0 | ac = CountArray((void **)ardns); |
584 | 0 | bc = CountArray((void **)brdns); |
585 | 0 | if (ac < bc) |
586 | 0 | return SECLessThan; |
587 | 0 | if (ac > bc) |
588 | 0 | return SECGreaterThan; |
589 | | |
590 | 0 | while (rv == SECEqual && *ardns) { |
591 | 0 | rv = CERT_CompareRDN(*ardns++, *brdns++); |
592 | 0 | } |
593 | 0 | return rv; |
594 | 0 | } |
595 | | |
596 | | /* Moved from certhtml.c */ |
597 | | SECItem * |
598 | | CERT_DecodeAVAValue(const SECItem *derAVAValue) |
599 | 0 | { |
600 | 0 | SECItem *retItem; |
601 | 0 | const SEC_ASN1Template *theTemplate = NULL; |
602 | 0 | enum { conv_none, |
603 | 0 | conv_ucs4, |
604 | 0 | conv_ucs2, |
605 | 0 | conv_iso88591 } convert = conv_none; |
606 | 0 | SECItem avaValue = { siBuffer, 0 }; |
607 | 0 | PORTCheapArenaPool tmpArena; |
608 | |
|
609 | 0 | if (!derAVAValue || !derAVAValue->len || !derAVAValue->data) { |
610 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
611 | 0 | return NULL; |
612 | 0 | } |
613 | | |
614 | 0 | switch (derAVAValue->data[0]) { |
615 | 0 | case SEC_ASN1_UNIVERSAL_STRING: |
616 | 0 | convert = conv_ucs4; |
617 | 0 | theTemplate = SEC_ASN1_GET(SEC_UniversalStringTemplate); |
618 | 0 | break; |
619 | 0 | case SEC_ASN1_IA5_STRING: |
620 | 0 | theTemplate = SEC_ASN1_GET(SEC_IA5StringTemplate); |
621 | 0 | break; |
622 | 0 | case SEC_ASN1_PRINTABLE_STRING: |
623 | 0 | theTemplate = SEC_ASN1_GET(SEC_PrintableStringTemplate); |
624 | 0 | break; |
625 | 0 | case SEC_ASN1_T61_STRING: |
626 | | /* |
627 | | * Per common practice, we're not decoding actual T.61, but instead |
628 | | * treating T61-labeled strings as containing ISO-8859-1. |
629 | | */ |
630 | 0 | convert = conv_iso88591; |
631 | 0 | theTemplate = SEC_ASN1_GET(SEC_T61StringTemplate); |
632 | 0 | break; |
633 | 0 | case SEC_ASN1_BMP_STRING: |
634 | 0 | convert = conv_ucs2; |
635 | 0 | theTemplate = SEC_ASN1_GET(SEC_BMPStringTemplate); |
636 | 0 | break; |
637 | 0 | case SEC_ASN1_UTF8_STRING: |
638 | | /* No conversion needed ! */ |
639 | 0 | theTemplate = SEC_ASN1_GET(SEC_UTF8StringTemplate); |
640 | 0 | break; |
641 | 0 | default: |
642 | 0 | PORT_SetError(SEC_ERROR_INVALID_AVA); |
643 | 0 | return NULL; |
644 | 0 | } |
645 | | |
646 | 0 | PORT_Memset(&avaValue, 0, sizeof(SECItem)); |
647 | 0 | PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE); |
648 | 0 | if (SEC_QuickDERDecodeItem(&tmpArena.arena, &avaValue, theTemplate, |
649 | 0 | derAVAValue) != SECSuccess) { |
650 | 0 | PORT_DestroyCheapArena(&tmpArena); |
651 | 0 | return NULL; |
652 | 0 | } |
653 | | |
654 | 0 | if (convert != conv_none) { |
655 | 0 | unsigned int utf8ValLen = avaValue.len * 3; |
656 | 0 | unsigned char *utf8Val = |
657 | 0 | (unsigned char *)PORT_ArenaZAlloc(&tmpArena.arena, utf8ValLen); |
658 | |
|
659 | 0 | switch (convert) { |
660 | 0 | case conv_ucs4: |
661 | 0 | if (avaValue.len % 4 != 0 || |
662 | 0 | !PORT_UCS4_UTF8Conversion(PR_FALSE, avaValue.data, |
663 | 0 | avaValue.len, utf8Val, utf8ValLen, |
664 | 0 | &utf8ValLen)) { |
665 | 0 | PORT_DestroyCheapArena(&tmpArena); |
666 | 0 | PORT_SetError(SEC_ERROR_INVALID_AVA); |
667 | 0 | return NULL; |
668 | 0 | } |
669 | 0 | break; |
670 | 0 | case conv_ucs2: |
671 | 0 | if (avaValue.len % 2 != 0 || |
672 | 0 | !PORT_UCS2_UTF8Conversion(PR_FALSE, avaValue.data, |
673 | 0 | avaValue.len, utf8Val, utf8ValLen, |
674 | 0 | &utf8ValLen)) { |
675 | 0 | PORT_DestroyCheapArena(&tmpArena); |
676 | 0 | PORT_SetError(SEC_ERROR_INVALID_AVA); |
677 | 0 | return NULL; |
678 | 0 | } |
679 | 0 | break; |
680 | 0 | case conv_iso88591: |
681 | 0 | if (!PORT_ISO88591_UTF8Conversion(avaValue.data, avaValue.len, |
682 | 0 | utf8Val, utf8ValLen, |
683 | 0 | &utf8ValLen)) { |
684 | 0 | PORT_DestroyCheapArena(&tmpArena); |
685 | 0 | PORT_SetError(SEC_ERROR_INVALID_AVA); |
686 | 0 | return NULL; |
687 | 0 | } |
688 | 0 | break; |
689 | 0 | case conv_none: |
690 | 0 | PORT_Assert(0); /* not reached */ |
691 | 0 | break; |
692 | 0 | } |
693 | | |
694 | 0 | avaValue.data = utf8Val; |
695 | 0 | avaValue.len = utf8ValLen; |
696 | 0 | } |
697 | | |
698 | 0 | retItem = SECITEM_DupItem(&avaValue); |
699 | 0 | PORT_DestroyCheapArena(&tmpArena); |
700 | 0 | return retItem; |
701 | 0 | } |