Mercurial > trustbridge > nss-cmake-static
annotate nss/lib/softoken/legacydb/lowcert.c @ 3:150b72113545
Add DBM and legacydb support
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Tue, 05 Aug 2014 18:32:02 +0200 |
parents | |
children |
rev | line source |
---|---|
3
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
1 /* This Source Code Form is subject to the terms of the Mozilla Public |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
4 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
5 /* |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
6 * Certificate handling code |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
7 */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
8 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
9 #include "seccomon.h" |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
10 #include "secder.h" |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
11 #include "nssilock.h" |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
12 #include "lowkeyi.h" |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
13 #include "secasn1.h" |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
14 #include "secoid.h" |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
15 #include "secerr.h" |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
16 #include "pcert.h" |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
17 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
18 SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
19 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
20 static const SEC_ASN1Template nsslowcert_SubjectPublicKeyInfoTemplate[] = { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
21 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWCERTSubjectPublicKeyInfo) }, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
22 { SEC_ASN1_INLINE | SEC_ASN1_XTRN, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
23 offsetof(NSSLOWCERTSubjectPublicKeyInfo,algorithm), |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
24 SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
25 { SEC_ASN1_BIT_STRING, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
26 offsetof(NSSLOWCERTSubjectPublicKeyInfo,subjectPublicKey), }, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
27 { 0, } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
28 }; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
29 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
30 static const SEC_ASN1Template nsslowcert_RSAPublicKeyTemplate[] = { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
31 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPublicKey) }, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
32 { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPublicKey,u.rsa.modulus), }, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
33 { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPublicKey,u.rsa.publicExponent), }, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
34 { 0, } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
35 }; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
36 static const SEC_ASN1Template nsslowcert_DSAPublicKeyTemplate[] = { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
37 { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPublicKey,u.dsa.publicValue), }, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
38 { 0, } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
39 }; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
40 static const SEC_ASN1Template nsslowcert_DHPublicKeyTemplate[] = { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
41 { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPublicKey,u.dh.publicValue), }, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
42 { 0, } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
43 }; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
44 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
45 /* |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
46 * See bugzilla bug 125359 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
47 * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
48 * all of the templates above that en/decode into integers must be converted |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
49 * from ASN.1's signed integer type. This is done by marking either the |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
50 * source or destination (encoding or decoding, respectively) type as |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
51 * siUnsignedInteger. |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
52 */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
53 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
54 static void |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
55 prepare_low_rsa_pub_key_for_asn1(NSSLOWKEYPublicKey *pubk) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
56 { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
57 pubk->u.rsa.modulus.type = siUnsignedInteger; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
58 pubk->u.rsa.publicExponent.type = siUnsignedInteger; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
59 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
60 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
61 static void |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
62 prepare_low_dsa_pub_key_for_asn1(NSSLOWKEYPublicKey *pubk) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
63 { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
64 pubk->u.dsa.publicValue.type = siUnsignedInteger; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
65 pubk->u.dsa.params.prime.type = siUnsignedInteger; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
66 pubk->u.dsa.params.subPrime.type = siUnsignedInteger; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
67 pubk->u.dsa.params.base.type = siUnsignedInteger; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
68 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
69 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
70 static void |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
71 prepare_low_dh_pub_key_for_asn1(NSSLOWKEYPublicKey *pubk) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
72 { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
73 pubk->u.dh.prime.type = siUnsignedInteger; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
74 pubk->u.dh.base.type = siUnsignedInteger; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
75 pubk->u.dh.publicValue.type = siUnsignedInteger; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
76 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
77 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
78 /* |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
79 * simple cert decoder to avoid the cost of asn1 engine |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
80 */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
81 static unsigned char * |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
82 nsslowcert_dataStart(unsigned char *buf, unsigned int length, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
83 unsigned int *data_length, PRBool includeTag, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
84 unsigned char* rettag) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
85 unsigned char tag; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
86 unsigned int used_length= 0; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
87 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
88 /* need at least a tag and a 1 byte length */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
89 if (length < 2) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
90 return NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
91 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
92 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
93 tag = buf[used_length++]; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
94 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
95 if (rettag) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
96 *rettag = tag; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
97 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
98 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
99 /* blow out when we come to the end */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
100 if (tag == 0) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
101 return NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
102 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
103 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
104 *data_length = buf[used_length++]; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
105 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
106 if (*data_length&0x80) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
107 int len_count = *data_length & 0x7f; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
108 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
109 if (len_count+used_length > length) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
110 return NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
111 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
112 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
113 *data_length = 0; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
114 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
115 while (len_count-- > 0) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
116 *data_length = (*data_length << 8) | buf[used_length++]; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
117 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
118 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
119 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
120 if (*data_length > (length-used_length) ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
121 *data_length = length-used_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
122 return NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
123 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
124 if (includeTag) *data_length += used_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
125 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
126 return (buf + (includeTag ? 0 : used_length)); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
127 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
128 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
129 static void SetTimeType(SECItem* item, unsigned char tagtype) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
130 { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
131 switch (tagtype) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
132 case SEC_ASN1_UTC_TIME: |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
133 item->type = siUTCTime; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
134 break; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
135 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
136 case SEC_ASN1_GENERALIZED_TIME: |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
137 item->type = siGeneralizedTime; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
138 break; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
139 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
140 default: |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
141 PORT_Assert(0); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
142 break; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
143 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
144 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
145 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
146 static int |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
147 nsslowcert_GetValidityFields(unsigned char *buf,int buf_length, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
148 SECItem *notBefore, SECItem *notAfter) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
149 { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
150 unsigned char tagtype; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
151 notBefore->data = nsslowcert_dataStart(buf,buf_length, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
152 ¬Before->len,PR_FALSE, &tagtype); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
153 if (notBefore->data == NULL) return SECFailure; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
154 SetTimeType(notBefore, tagtype); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
155 buf_length -= (notBefore->data-buf) + notBefore->len; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
156 buf = notBefore->data + notBefore->len; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
157 notAfter->data = nsslowcert_dataStart(buf,buf_length, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
158 ¬After->len,PR_FALSE, &tagtype); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
159 if (notAfter->data == NULL) return SECFailure; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
160 SetTimeType(notAfter, tagtype); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
161 return SECSuccess; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
162 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
163 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
164 static int |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
165 nsslowcert_GetCertFields(unsigned char *cert,int cert_length, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
166 SECItem *issuer, SECItem *serial, SECItem *derSN, SECItem *subject, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
167 SECItem *valid, SECItem *subjkey, SECItem *extensions) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
168 { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
169 unsigned char *buf; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
170 unsigned int buf_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
171 unsigned char *dummy; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
172 unsigned int dummylen; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
173 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
174 /* get past the signature wrap */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
175 buf = nsslowcert_dataStart(cert,cert_length,&buf_length,PR_FALSE, NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
176 if (buf == NULL) return SECFailure; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
177 /* get into the raw cert data */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
178 buf = nsslowcert_dataStart(buf,buf_length,&buf_length,PR_FALSE, NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
179 if (buf == NULL) return SECFailure; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
180 /* skip past any optional version number */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
181 if ((buf[0] & 0xa0) == 0xa0) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
182 dummy = nsslowcert_dataStart(buf,buf_length,&dummylen,PR_FALSE, NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
183 if (dummy == NULL) return SECFailure; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
184 buf_length -= (dummy-buf) + dummylen; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
185 buf = dummy + dummylen; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
186 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
187 /* serial number */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
188 if (derSN) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
189 derSN->data=nsslowcert_dataStart(buf,buf_length,&derSN->len,PR_TRUE, NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
190 /* derSN->data doesn't need to be checked because if it fails so will |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
191 * serial->data below. The only difference between the two calls is |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
192 * whether or not the tags are included in the returned buffer */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
193 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
194 serial->data = nsslowcert_dataStart(buf,buf_length,&serial->len,PR_FALSE, NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
195 if (serial->data == NULL) return SECFailure; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
196 buf_length -= (serial->data-buf) + serial->len; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
197 buf = serial->data + serial->len; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
198 /* skip the OID */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
199 dummy = nsslowcert_dataStart(buf,buf_length,&dummylen,PR_FALSE, NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
200 if (dummy == NULL) return SECFailure; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
201 buf_length -= (dummy-buf) + dummylen; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
202 buf = dummy + dummylen; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
203 /* issuer */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
204 issuer->data = nsslowcert_dataStart(buf,buf_length,&issuer->len,PR_TRUE, NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
205 if (issuer->data == NULL) return SECFailure; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
206 buf_length -= (issuer->data-buf) + issuer->len; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
207 buf = issuer->data + issuer->len; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
208 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
209 /* only wanted issuer/SN */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
210 if (valid == NULL) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
211 return SECSuccess; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
212 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
213 /* validity */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
214 valid->data = nsslowcert_dataStart(buf,buf_length,&valid->len,PR_FALSE, NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
215 if (valid->data == NULL) return SECFailure; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
216 buf_length -= (valid->data-buf) + valid->len; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
217 buf = valid->data + valid->len; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
218 /*subject */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
219 subject->data=nsslowcert_dataStart(buf,buf_length,&subject->len,PR_TRUE, NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
220 if (subject->data == NULL) return SECFailure; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
221 buf_length -= (subject->data-buf) + subject->len; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
222 buf = subject->data + subject->len; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
223 /* subject key info */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
224 subjkey->data=nsslowcert_dataStart(buf,buf_length,&subjkey->len,PR_TRUE, NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
225 if (subjkey->data == NULL) return SECFailure; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
226 buf_length -= (subjkey->data-buf) + subjkey->len; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
227 buf = subjkey->data + subjkey->len; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
228 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
229 extensions->data = NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
230 extensions->len = 0; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
231 while (buf_length > 0) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
232 /* EXTENSIONS */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
233 if (buf[0] == 0xa3) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
234 extensions->data = nsslowcert_dataStart(buf,buf_length, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
235 &extensions->len, PR_FALSE, NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
236 /* if the DER is bad, we should fail. Previously we accepted |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
237 * bad DER here and treated the extension as missin */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
238 if (extensions->data == NULL || |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
239 (extensions->data - buf) + extensions->len != buf_length) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
240 return SECFailure; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
241 buf = extensions->data; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
242 buf_length = extensions->len; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
243 /* now parse the SEQUENCE holding the extensions. */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
244 dummy = nsslowcert_dataStart(buf,buf_length,&dummylen,PR_FALSE,NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
245 if (dummy == NULL || |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
246 (dummy - buf) + dummylen != buf_length) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
247 return SECFailure; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
248 buf_length -= (dummy - buf); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
249 buf = dummy; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
250 /* Now parse the extensions inside this sequence */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
251 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
252 dummy = nsslowcert_dataStart(buf,buf_length,&dummylen,PR_FALSE,NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
253 if (dummy == NULL) return SECFailure; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
254 buf_length -= (dummy - buf) + dummylen; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
255 buf = dummy + dummylen; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
256 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
257 return SECSuccess; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
258 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
259 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
260 static SECStatus |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
261 nsslowcert_GetCertTimes(NSSLOWCERTCertificate *c, PRTime *notBefore, PRTime *notAfter) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
262 { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
263 int rv; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
264 NSSLOWCERTValidity validity; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
265 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
266 rv = nsslowcert_GetValidityFields(c->validity.data,c->validity.len, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
267 &validity.notBefore,&validity.notAfter); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
268 if (rv != SECSuccess) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
269 return rv; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
270 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
271 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
272 /* convert DER not-before time */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
273 rv = DER_DecodeTimeChoice(notBefore, &validity.notBefore); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
274 if (rv) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
275 return(SECFailure); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
276 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
277 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
278 /* convert DER not-after time */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
279 rv = DER_DecodeTimeChoice(notAfter, &validity.notAfter); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
280 if (rv) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
281 return(SECFailure); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
282 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
283 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
284 return(SECSuccess); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
285 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
286 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
287 /* |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
288 * is certa newer than certb? If one is expired, pick the other one. |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
289 */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
290 PRBool |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
291 nsslowcert_IsNewer(NSSLOWCERTCertificate *certa, NSSLOWCERTCertificate *certb) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
292 { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
293 PRTime notBeforeA, notAfterA, notBeforeB, notAfterB, now; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
294 SECStatus rv; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
295 PRBool newerbefore, newerafter; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
296 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
297 rv = nsslowcert_GetCertTimes(certa, ¬BeforeA, ¬AfterA); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
298 if ( rv != SECSuccess ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
299 return(PR_FALSE); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
300 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
301 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
302 rv = nsslowcert_GetCertTimes(certb, ¬BeforeB, ¬AfterB); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
303 if ( rv != SECSuccess ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
304 return(PR_TRUE); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
305 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
306 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
307 newerbefore = PR_FALSE; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
308 if ( LL_CMP(notBeforeA, >, notBeforeB) ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
309 newerbefore = PR_TRUE; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
310 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
311 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
312 newerafter = PR_FALSE; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
313 if ( LL_CMP(notAfterA, >, notAfterB) ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
314 newerafter = PR_TRUE; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
315 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
316 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
317 if ( newerbefore && newerafter ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
318 return(PR_TRUE); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
319 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
320 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
321 if ( ( !newerbefore ) && ( !newerafter ) ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
322 return(PR_FALSE); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
323 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
324 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
325 /* get current time */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
326 now = PR_Now(); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
327 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
328 if ( newerbefore ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
329 /* cert A was issued after cert B, but expires sooner */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
330 /* if A is expired, then pick B */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
331 if ( LL_CMP(notAfterA, <, now ) ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
332 return(PR_FALSE); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
333 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
334 return(PR_TRUE); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
335 } else { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
336 /* cert B was issued after cert A, but expires sooner */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
337 /* if B is expired, then pick A */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
338 if ( LL_CMP(notAfterB, <, now ) ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
339 return(PR_TRUE); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
340 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
341 return(PR_FALSE); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
342 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
343 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
344 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
345 #define SOFT_DEFAULT_CHUNKSIZE 2048 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
346 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
347 static SECStatus |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
348 nsslowcert_KeyFromIssuerAndSN(PLArenaPool *arena, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
349 SECItem *issuer, SECItem *sn, SECItem *key) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
350 { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
351 unsigned int len = sn->len + issuer->len; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
352 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
353 if (!arena) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
354 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
355 goto loser; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
356 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
357 if (len > NSS_MAX_LEGACY_DB_KEY_SIZE) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
358 PORT_SetError(SEC_ERROR_INPUT_LEN); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
359 goto loser; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
360 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
361 key->data = (unsigned char*)PORT_ArenaAlloc(arena, len); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
362 if ( !key->data ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
363 goto loser; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
364 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
365 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
366 key->len = len; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
367 /* copy the serialNumber */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
368 PORT_Memcpy(key->data, sn->data, sn->len); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
369 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
370 /* copy the issuer */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
371 PORT_Memcpy(&key->data[sn->len], issuer->data, issuer->len); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
372 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
373 return(SECSuccess); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
374 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
375 loser: |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
376 return(SECFailure); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
377 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
378 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
379 static SECStatus |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
380 nsslowcert_KeyFromIssuerAndSNStatic(unsigned char *space, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
381 int spaceLen, SECItem *issuer, SECItem *sn, SECItem *key) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
382 { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
383 unsigned int len = sn->len + issuer->len; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
384 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
385 key->data = pkcs11_allocStaticData(len, space, spaceLen); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
386 if ( !key->data ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
387 goto loser; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
388 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
389 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
390 key->len = len; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
391 /* copy the serialNumber */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
392 PORT_Memcpy(key->data, sn->data, sn->len); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
393 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
394 /* copy the issuer */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
395 PORT_Memcpy(&key->data[sn->len], issuer->data, issuer->len); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
396 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
397 return(SECSuccess); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
398 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
399 loser: |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
400 return(SECFailure); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
401 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
402 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
403 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
404 static char * |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
405 nsslowcert_EmailName(SECItem *derDN, char *space, unsigned int len) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
406 { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
407 unsigned char *buf; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
408 unsigned int buf_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
409 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
410 /* unwrap outer sequence */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
411 buf=nsslowcert_dataStart(derDN->data,derDN->len,&buf_length,PR_FALSE,NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
412 if (buf == NULL) return NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
413 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
414 /* Walk each RDN */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
415 while (buf_length > 0) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
416 unsigned char *rdn; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
417 unsigned int rdn_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
418 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
419 /* grab next rdn */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
420 rdn=nsslowcert_dataStart(buf, buf_length, &rdn_length, PR_FALSE, NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
421 if (rdn == NULL) { return NULL; } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
422 buf_length -= (rdn - buf) + rdn_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
423 buf = rdn+rdn_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
424 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
425 while (rdn_length > 0) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
426 unsigned char *ava; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
427 unsigned int ava_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
428 unsigned char *oid; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
429 unsigned int oid_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
430 unsigned char *name; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
431 unsigned int name_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
432 SECItem oidItem; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
433 SECOidTag type; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
434 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
435 /* unwrap the ava */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
436 ava=nsslowcert_dataStart(rdn, rdn_length, &ava_length, PR_FALSE, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
437 NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
438 if (ava == NULL) return NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
439 rdn_length -= (ava-rdn)+ava_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
440 rdn = ava + ava_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
441 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
442 oid=nsslowcert_dataStart(ava, ava_length, &oid_length, PR_FALSE, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
443 NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
444 if (oid == NULL) { return NULL; } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
445 ava_length -= (oid-ava)+oid_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
446 ava = oid+oid_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
447 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
448 name=nsslowcert_dataStart(ava, ava_length, &name_length, PR_FALSE, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
449 NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
450 if (oid == NULL) { return NULL; } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
451 ava_length -= (name-ava)+name_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
452 ava = name+name_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
453 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
454 oidItem.data = oid; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
455 oidItem.len = oid_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
456 type = SECOID_FindOIDTag(&oidItem); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
457 if ((type == SEC_OID_PKCS9_EMAIL_ADDRESS) || |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
458 (type == SEC_OID_RFC1274_MAIL)) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
459 /* Email is supposed to be IA5String, so no |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
460 * translation necessary */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
461 char *emailAddr; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
462 emailAddr = (char *)pkcs11_copyStaticData(name,name_length+1, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
463 (unsigned char *)space,len); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
464 if (emailAddr) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
465 emailAddr[name_length] = 0; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
466 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
467 return emailAddr; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
468 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
469 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
470 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
471 return NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
472 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
473 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
474 static char * |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
475 nsslowcert_EmailAltName(NSSLOWCERTCertificate *cert, char *space, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
476 unsigned int len) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
477 { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
478 unsigned char *exts; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
479 unsigned int exts_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
480 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
481 /* unwrap the sequence */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
482 exts = nsslowcert_dataStart(cert->extensions.data, cert->extensions.len, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
483 &exts_length, PR_FALSE, NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
484 /* loop through extension */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
485 while (exts && exts_length > 0) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
486 unsigned char * ext; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
487 unsigned int ext_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
488 unsigned char *oid; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
489 unsigned int oid_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
490 unsigned char *nameList; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
491 unsigned int nameList_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
492 SECItem oidItem; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
493 SECOidTag type; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
494 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
495 ext = nsslowcert_dataStart(exts, exts_length, &ext_length, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
496 PR_FALSE, NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
497 if (ext == NULL) { break; } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
498 exts_length -= (ext - exts) + ext_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
499 exts = ext+ext_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
500 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
501 oid=nsslowcert_dataStart(ext, ext_length, &oid_length, PR_FALSE, NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
502 if (oid == NULL) { break; } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
503 ext_length -= (oid - ext) + oid_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
504 ext = oid+oid_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
505 oidItem.data = oid; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
506 oidItem.len = oid_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
507 type = SECOID_FindOIDTag(&oidItem); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
508 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
509 /* get Alt Extension */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
510 if (type != SEC_OID_X509_SUBJECT_ALT_NAME) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
511 continue; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
512 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
513 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
514 /* skip passed the critical flag */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
515 if (ext[0] == 0x01) { /* BOOLEAN */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
516 unsigned char *dummy; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
517 unsigned int dummy_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
518 dummy = nsslowcert_dataStart(ext, ext_length, &dummy_length, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
519 PR_FALSE, NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
520 if (dummy == NULL) { break; } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
521 ext_length -= (dummy - ext) + dummy_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
522 ext = dummy+dummy_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
523 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
524 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
525 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
526 /* unwrap the name list */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
527 nameList = nsslowcert_dataStart(ext, ext_length, &nameList_length, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
528 PR_FALSE, NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
529 if (nameList == NULL) { break; } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
530 ext_length -= (nameList - ext) + nameList_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
531 ext = nameList+nameList_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
532 nameList = nsslowcert_dataStart(nameList, nameList_length, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
533 &nameList_length, PR_FALSE, NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
534 /* loop through the name list */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
535 while (nameList && nameList_length > 0) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
536 unsigned char *thisName; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
537 unsigned int thisName_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
538 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
539 thisName = nsslowcert_dataStart(nameList, nameList_length, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
540 &thisName_length, PR_FALSE, NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
541 if (thisName == NULL) { break; } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
542 if (nameList[0] == 0xa2) { /* DNS Name */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
543 SECItem dn; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
544 char *emailAddr; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
545 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
546 dn.data = thisName; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
547 dn.len = thisName_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
548 emailAddr = nsslowcert_EmailName(&dn, space, len); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
549 if (emailAddr) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
550 return emailAddr; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
551 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
552 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
553 if (nameList[0] == 0x81) { /* RFC 822name */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
554 char *emailAddr; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
555 emailAddr = (char *)pkcs11_copyStaticData(thisName, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
556 thisName_length+1, (unsigned char *)space,len); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
557 if (emailAddr) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
558 emailAddr[thisName_length] = 0; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
559 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
560 return emailAddr; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
561 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
562 nameList_length -= (thisName-nameList) + thisName_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
563 nameList = thisName + thisName_length; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
564 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
565 break; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
566 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
567 return NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
568 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
569 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
570 static char * |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
571 nsslowcert_GetCertificateEmailAddress(NSSLOWCERTCertificate *cert) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
572 { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
573 char *emailAddr = NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
574 char *str; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
575 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
576 emailAddr = nsslowcert_EmailName(&cert->derSubject,cert->emailAddrSpace, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
577 sizeof(cert->emailAddrSpace)); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
578 /* couldn't find the email address in the DN, check the subject Alt name */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
579 if (!emailAddr && cert->extensions.data) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
580 emailAddr = nsslowcert_EmailAltName(cert, cert->emailAddrSpace, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
581 sizeof(cert->emailAddrSpace)); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
582 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
583 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
584 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
585 /* make it lower case */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
586 str = emailAddr; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
587 while ( str && *str ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
588 *str = tolower( *str ); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
589 str++; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
590 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
591 return emailAddr; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
592 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
593 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
594 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
595 /* |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
596 * take a DER certificate and decode it into a certificate structure |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
597 */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
598 NSSLOWCERTCertificate * |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
599 nsslowcert_DecodeDERCertificate(SECItem *derSignedCert, char *nickname) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
600 { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
601 NSSLOWCERTCertificate *cert; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
602 int rv; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
603 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
604 /* allocate the certificate structure */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
605 cert = nsslowcert_CreateCert(); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
606 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
607 if ( !cert ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
608 goto loser; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
609 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
610 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
611 /* point to passed in DER data */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
612 cert->derCert = *derSignedCert; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
613 cert->nickname = NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
614 cert->certKey.data = NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
615 cert->referenceCount = 1; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
616 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
617 /* decode the certificate info */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
618 rv = nsslowcert_GetCertFields(cert->derCert.data, cert->derCert.len, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
619 &cert->derIssuer, &cert->serialNumber, &cert->derSN, &cert->derSubject, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
620 &cert->validity, &cert->derSubjKeyInfo, &cert->extensions); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
621 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
622 if (rv != SECSuccess) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
623 goto loser; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
624 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
625 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
626 /* cert->subjectKeyID; x509v3 subject key identifier */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
627 cert->subjectKeyID.data = NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
628 cert->subjectKeyID.len = 0; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
629 cert->dbEntry = NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
630 cert ->trust = NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
631 cert ->dbhandle = NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
632 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
633 /* generate and save the database key for the cert */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
634 rv = nsslowcert_KeyFromIssuerAndSNStatic(cert->certKeySpace, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
635 sizeof(cert->certKeySpace), &cert->derIssuer, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
636 &cert->serialNumber, &cert->certKey); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
637 if ( rv ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
638 goto loser; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
639 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
640 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
641 /* set the nickname */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
642 if ( nickname == NULL ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
643 cert->nickname = NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
644 } else { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
645 /* copy and install the nickname */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
646 cert->nickname = pkcs11_copyNickname(nickname,cert->nicknameSpace, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
647 sizeof(cert->nicknameSpace)); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
648 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
649 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
650 #ifdef FIXME |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
651 /* initialize the subjectKeyID */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
652 rv = cert_GetKeyID(cert); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
653 if ( rv != SECSuccess ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
654 goto loser; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
655 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
656 #endif |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
657 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
658 /* set the email address */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
659 cert->emailAddr = nsslowcert_GetCertificateEmailAddress(cert); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
660 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
661 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
662 cert->referenceCount = 1; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
663 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
664 return(cert); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
665 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
666 loser: |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
667 if (cert) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
668 nsslowcert_DestroyCertificate(cert); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
669 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
670 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
671 return(0); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
672 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
673 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
674 char * |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
675 nsslowcert_FixupEmailAddr(char *emailAddr) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
676 { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
677 char *retaddr; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
678 char *str; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
679 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
680 if ( emailAddr == NULL ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
681 return(NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
682 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
683 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
684 /* copy the string */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
685 str = retaddr = PORT_Strdup(emailAddr); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
686 if ( str == NULL ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
687 return(NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
688 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
689 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
690 /* make it lower case */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
691 while ( *str ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
692 *str = tolower( *str ); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
693 str++; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
694 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
695 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
696 return(retaddr); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
697 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
698 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
699 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
700 /* |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
701 * Generate a database key, based on serial number and issuer, from a |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
702 * DER certificate. |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
703 */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
704 SECStatus |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
705 nsslowcert_KeyFromDERCert(PLArenaPool *arena, SECItem *derCert, SECItem *key) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
706 { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
707 int rv; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
708 NSSLOWCERTCertKey certkey; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
709 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
710 PORT_Memset(&certkey, 0, sizeof(NSSLOWCERTCertKey)); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
711 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
712 rv = nsslowcert_GetCertFields(derCert->data, derCert->len, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
713 &certkey.derIssuer, &certkey.serialNumber, NULL, NULL, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
714 NULL, NULL, NULL); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
715 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
716 if ( rv ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
717 goto loser; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
718 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
719 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
720 return(nsslowcert_KeyFromIssuerAndSN(arena, &certkey.derIssuer, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
721 &certkey.serialNumber, key)); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
722 loser: |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
723 return(SECFailure); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
724 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
725 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
726 NSSLOWKEYPublicKey * |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
727 nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
728 { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
729 NSSLOWCERTSubjectPublicKeyInfo spki; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
730 NSSLOWKEYPublicKey *pubk; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
731 SECItem os; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
732 SECStatus rv; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
733 PLArenaPool *arena; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
734 SECOidTag tag; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
735 SECItem newDerSubjKeyInfo; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
736 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
737 arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
738 if (arena == NULL) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
739 return NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
740 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
741 pubk = (NSSLOWKEYPublicKey *) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
742 PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYPublicKey)); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
743 if (pubk == NULL) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
744 PORT_FreeArena (arena, PR_FALSE); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
745 return NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
746 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
747 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
748 pubk->arena = arena; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
749 PORT_Memset(&spki,0,sizeof(spki)); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
750 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
751 /* copy the DER into the arena, since Quick DER returns data that points |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
752 into the DER input, which may get freed by the caller */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
753 rv = SECITEM_CopyItem(arena, &newDerSubjKeyInfo, &cert->derSubjKeyInfo); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
754 if ( rv != SECSuccess ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
755 PORT_FreeArena (arena, PR_FALSE); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
756 return NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
757 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
758 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
759 /* we haven't bothered decoding the spki struct yet, do it now */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
760 rv = SEC_QuickDERDecodeItem(arena, &spki, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
761 nsslowcert_SubjectPublicKeyInfoTemplate, &newDerSubjKeyInfo); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
762 if (rv != SECSuccess) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
763 PORT_FreeArena (arena, PR_FALSE); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
764 return NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
765 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
766 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
767 /* Convert bit string length from bits to bytes */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
768 os = spki.subjectPublicKey; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
769 DER_ConvertBitString (&os); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
770 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
771 tag = SECOID_GetAlgorithmTag(&spki.algorithm); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
772 switch ( tag ) { |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
773 case SEC_OID_X500_RSA_ENCRYPTION: |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
774 case SEC_OID_PKCS1_RSA_ENCRYPTION: |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
775 pubk->keyType = NSSLOWKEYRSAKey; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
776 prepare_low_rsa_pub_key_for_asn1(pubk); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
777 rv = SEC_QuickDERDecodeItem(arena, pubk, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
778 nsslowcert_RSAPublicKeyTemplate, &os); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
779 if (rv == SECSuccess) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
780 return pubk; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
781 break; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
782 case SEC_OID_ANSIX9_DSA_SIGNATURE: |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
783 pubk->keyType = NSSLOWKEYDSAKey; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
784 prepare_low_dsa_pub_key_for_asn1(pubk); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
785 rv = SEC_QuickDERDecodeItem(arena, pubk, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
786 nsslowcert_DSAPublicKeyTemplate, &os); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
787 if (rv == SECSuccess) return pubk; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
788 break; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
789 case SEC_OID_X942_DIFFIE_HELMAN_KEY: |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
790 pubk->keyType = NSSLOWKEYDHKey; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
791 prepare_low_dh_pub_key_for_asn1(pubk); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
792 rv = SEC_QuickDERDecodeItem(arena, pubk, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
793 nsslowcert_DHPublicKeyTemplate, &os); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
794 if (rv == SECSuccess) return pubk; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
795 break; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
796 #ifndef NSS_DISABLE_ECC |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
797 case SEC_OID_ANSIX962_EC_PUBLIC_KEY: |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
798 pubk->keyType = NSSLOWKEYECKey; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
799 /* Since PKCS#11 directly takes the DER encoding of EC params |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
800 * and public value, we don't need any decoding here. |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
801 */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
802 rv = SECITEM_CopyItem(arena, &pubk->u.ec.ecParams.DEREncoding, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
803 &spki.algorithm.parameters); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
804 if ( rv != SECSuccess ) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
805 break; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
806 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
807 /* Fill out the rest of the ecParams structure |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
808 * based on the encoded params |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
809 */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
810 if (LGEC_FillParams(arena, &pubk->u.ec.ecParams.DEREncoding, |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
811 &pubk->u.ec.ecParams) != SECSuccess) |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
812 break; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
813 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
814 rv = SECITEM_CopyItem(arena, &pubk->u.ec.publicValue, &os); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
815 if (rv == SECSuccess) return pubk; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
816 break; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
817 #endif /* NSS_DISABLE_ECC */ |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
818 default: |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
819 rv = SECFailure; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
820 break; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
821 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
822 |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
823 lg_nsslowkey_DestroyPublicKey (pubk); |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
824 return NULL; |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
825 } |
150b72113545
Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff
changeset
|
826 |