annotate nss/lib/softoken/legacydb/lowcert.c @ 3:150b72113545

Add DBM and legacydb support
author Andre Heinecke <andre.heinecke@intevation.de>
date Tue, 05 Aug 2014 18:32:02 +0200
parents
children
rev   line source
3
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
1 /* This Source Code Form is subject to the terms of the Mozilla Public
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
4
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
5 /*
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
6 * Certificate handling code
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
7 */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
8
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
9 #include "seccomon.h"
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
10 #include "secder.h"
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
11 #include "nssilock.h"
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
12 #include "lowkeyi.h"
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
13 #include "secasn1.h"
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
14 #include "secoid.h"
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
15 #include "secerr.h"
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
16 #include "pcert.h"
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
17
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
18 SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
19
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
20 static const SEC_ASN1Template nsslowcert_SubjectPublicKeyInfoTemplate[] = {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
21 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWCERTSubjectPublicKeyInfo) },
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
22 { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
23 offsetof(NSSLOWCERTSubjectPublicKeyInfo,algorithm),
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
24 SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
25 { SEC_ASN1_BIT_STRING,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
26 offsetof(NSSLOWCERTSubjectPublicKeyInfo,subjectPublicKey), },
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
27 { 0, }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
28 };
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
29
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
30 static const SEC_ASN1Template nsslowcert_RSAPublicKeyTemplate[] = {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
31 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPublicKey) },
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
32 { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPublicKey,u.rsa.modulus), },
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
33 { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPublicKey,u.rsa.publicExponent), },
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
34 { 0, }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
35 };
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
36 static const SEC_ASN1Template nsslowcert_DSAPublicKeyTemplate[] = {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
37 { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPublicKey,u.dsa.publicValue), },
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
38 { 0, }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
39 };
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
40 static const SEC_ASN1Template nsslowcert_DHPublicKeyTemplate[] = {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
41 { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPublicKey,u.dh.publicValue), },
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
42 { 0, }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
43 };
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
44
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
45 /*
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
46 * See bugzilla bug 125359
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
47 * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
48 * all of the templates above that en/decode into integers must be converted
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
49 * from ASN.1's signed integer type. This is done by marking either the
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
50 * source or destination (encoding or decoding, respectively) type as
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
51 * siUnsignedInteger.
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
52 */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
53
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
54 static void
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
55 prepare_low_rsa_pub_key_for_asn1(NSSLOWKEYPublicKey *pubk)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
56 {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
57 pubk->u.rsa.modulus.type = siUnsignedInteger;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
58 pubk->u.rsa.publicExponent.type = siUnsignedInteger;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
59 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
60
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
61 static void
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
62 prepare_low_dsa_pub_key_for_asn1(NSSLOWKEYPublicKey *pubk)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
63 {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
64 pubk->u.dsa.publicValue.type = siUnsignedInteger;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
65 pubk->u.dsa.params.prime.type = siUnsignedInteger;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
66 pubk->u.dsa.params.subPrime.type = siUnsignedInteger;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
67 pubk->u.dsa.params.base.type = siUnsignedInteger;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
68 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
69
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
70 static void
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
71 prepare_low_dh_pub_key_for_asn1(NSSLOWKEYPublicKey *pubk)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
72 {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
73 pubk->u.dh.prime.type = siUnsignedInteger;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
74 pubk->u.dh.base.type = siUnsignedInteger;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
75 pubk->u.dh.publicValue.type = siUnsignedInteger;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
76 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
77
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
78 /*
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
79 * simple cert decoder to avoid the cost of asn1 engine
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
80 */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
81 static unsigned char *
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
82 nsslowcert_dataStart(unsigned char *buf, unsigned int length,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
83 unsigned int *data_length, PRBool includeTag,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
84 unsigned char* rettag) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
85 unsigned char tag;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
86 unsigned int used_length= 0;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
87
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
88 /* need at least a tag and a 1 byte length */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
89 if (length < 2) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
90 return NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
91 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
92
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
93 tag = buf[used_length++];
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
94
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
95 if (rettag) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
96 *rettag = tag;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
97 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
98
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
99 /* blow out when we come to the end */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
100 if (tag == 0) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
101 return NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
102 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
103
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
104 *data_length = buf[used_length++];
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
105
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
106 if (*data_length&0x80) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
107 int len_count = *data_length & 0x7f;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
108
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
109 if (len_count+used_length > length) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
110 return NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
111 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
112
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
113 *data_length = 0;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
114
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
115 while (len_count-- > 0) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
116 *data_length = (*data_length << 8) | buf[used_length++];
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
117 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
118 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
119
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
120 if (*data_length > (length-used_length) ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
121 *data_length = length-used_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
122 return NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
123 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
124 if (includeTag) *data_length += used_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
125
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
126 return (buf + (includeTag ? 0 : used_length));
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
127 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
128
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
129 static void SetTimeType(SECItem* item, unsigned char tagtype)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
130 {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
131 switch (tagtype) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
132 case SEC_ASN1_UTC_TIME:
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
133 item->type = siUTCTime;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
134 break;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
135
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
136 case SEC_ASN1_GENERALIZED_TIME:
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
137 item->type = siGeneralizedTime;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
138 break;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
139
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
140 default:
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
141 PORT_Assert(0);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
142 break;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
143 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
144 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
145
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
146 static int
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
147 nsslowcert_GetValidityFields(unsigned char *buf,int buf_length,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
148 SECItem *notBefore, SECItem *notAfter)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
149 {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
150 unsigned char tagtype;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
151 notBefore->data = nsslowcert_dataStart(buf,buf_length,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
152 &notBefore->len,PR_FALSE, &tagtype);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
153 if (notBefore->data == NULL) return SECFailure;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
154 SetTimeType(notBefore, tagtype);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
155 buf_length -= (notBefore->data-buf) + notBefore->len;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
156 buf = notBefore->data + notBefore->len;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
157 notAfter->data = nsslowcert_dataStart(buf,buf_length,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
158 &notAfter->len,PR_FALSE, &tagtype);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
159 if (notAfter->data == NULL) return SECFailure;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
160 SetTimeType(notAfter, tagtype);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
161 return SECSuccess;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
162 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
163
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
164 static int
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
165 nsslowcert_GetCertFields(unsigned char *cert,int cert_length,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
166 SECItem *issuer, SECItem *serial, SECItem *derSN, SECItem *subject,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
167 SECItem *valid, SECItem *subjkey, SECItem *extensions)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
168 {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
169 unsigned char *buf;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
170 unsigned int buf_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
171 unsigned char *dummy;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
172 unsigned int dummylen;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
173
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
174 /* get past the signature wrap */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
175 buf = nsslowcert_dataStart(cert,cert_length,&buf_length,PR_FALSE, NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
176 if (buf == NULL) return SECFailure;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
177 /* get into the raw cert data */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
178 buf = nsslowcert_dataStart(buf,buf_length,&buf_length,PR_FALSE, NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
179 if (buf == NULL) return SECFailure;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
180 /* skip past any optional version number */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
181 if ((buf[0] & 0xa0) == 0xa0) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
182 dummy = nsslowcert_dataStart(buf,buf_length,&dummylen,PR_FALSE, NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
183 if (dummy == NULL) return SECFailure;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
184 buf_length -= (dummy-buf) + dummylen;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
185 buf = dummy + dummylen;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
186 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
187 /* serial number */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
188 if (derSN) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
189 derSN->data=nsslowcert_dataStart(buf,buf_length,&derSN->len,PR_TRUE, NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
190 /* derSN->data doesn't need to be checked because if it fails so will
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
191 * serial->data below. The only difference between the two calls is
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
192 * whether or not the tags are included in the returned buffer */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
193 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
194 serial->data = nsslowcert_dataStart(buf,buf_length,&serial->len,PR_FALSE, NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
195 if (serial->data == NULL) return SECFailure;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
196 buf_length -= (serial->data-buf) + serial->len;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
197 buf = serial->data + serial->len;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
198 /* skip the OID */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
199 dummy = nsslowcert_dataStart(buf,buf_length,&dummylen,PR_FALSE, NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
200 if (dummy == NULL) return SECFailure;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
201 buf_length -= (dummy-buf) + dummylen;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
202 buf = dummy + dummylen;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
203 /* issuer */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
204 issuer->data = nsslowcert_dataStart(buf,buf_length,&issuer->len,PR_TRUE, NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
205 if (issuer->data == NULL) return SECFailure;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
206 buf_length -= (issuer->data-buf) + issuer->len;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
207 buf = issuer->data + issuer->len;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
208
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
209 /* only wanted issuer/SN */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
210 if (valid == NULL) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
211 return SECSuccess;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
212 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
213 /* validity */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
214 valid->data = nsslowcert_dataStart(buf,buf_length,&valid->len,PR_FALSE, NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
215 if (valid->data == NULL) return SECFailure;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
216 buf_length -= (valid->data-buf) + valid->len;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
217 buf = valid->data + valid->len;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
218 /*subject */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
219 subject->data=nsslowcert_dataStart(buf,buf_length,&subject->len,PR_TRUE, NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
220 if (subject->data == NULL) return SECFailure;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
221 buf_length -= (subject->data-buf) + subject->len;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
222 buf = subject->data + subject->len;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
223 /* subject key info */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
224 subjkey->data=nsslowcert_dataStart(buf,buf_length,&subjkey->len,PR_TRUE, NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
225 if (subjkey->data == NULL) return SECFailure;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
226 buf_length -= (subjkey->data-buf) + subjkey->len;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
227 buf = subjkey->data + subjkey->len;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
228
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
229 extensions->data = NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
230 extensions->len = 0;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
231 while (buf_length > 0) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
232 /* EXTENSIONS */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
233 if (buf[0] == 0xa3) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
234 extensions->data = nsslowcert_dataStart(buf,buf_length,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
235 &extensions->len, PR_FALSE, NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
236 /* if the DER is bad, we should fail. Previously we accepted
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
237 * bad DER here and treated the extension as missin */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
238 if (extensions->data == NULL ||
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
239 (extensions->data - buf) + extensions->len != buf_length)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
240 return SECFailure;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
241 buf = extensions->data;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
242 buf_length = extensions->len;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
243 /* now parse the SEQUENCE holding the extensions. */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
244 dummy = nsslowcert_dataStart(buf,buf_length,&dummylen,PR_FALSE,NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
245 if (dummy == NULL ||
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
246 (dummy - buf) + dummylen != buf_length)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
247 return SECFailure;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
248 buf_length -= (dummy - buf);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
249 buf = dummy;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
250 /* Now parse the extensions inside this sequence */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
251 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
252 dummy = nsslowcert_dataStart(buf,buf_length,&dummylen,PR_FALSE,NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
253 if (dummy == NULL) return SECFailure;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
254 buf_length -= (dummy - buf) + dummylen;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
255 buf = dummy + dummylen;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
256 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
257 return SECSuccess;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
258 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
259
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
260 static SECStatus
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
261 nsslowcert_GetCertTimes(NSSLOWCERTCertificate *c, PRTime *notBefore, PRTime *notAfter)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
262 {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
263 int rv;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
264 NSSLOWCERTValidity validity;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
265
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
266 rv = nsslowcert_GetValidityFields(c->validity.data,c->validity.len,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
267 &validity.notBefore,&validity.notAfter);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
268 if (rv != SECSuccess) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
269 return rv;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
270 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
271
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
272 /* convert DER not-before time */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
273 rv = DER_DecodeTimeChoice(notBefore, &validity.notBefore);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
274 if (rv) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
275 return(SECFailure);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
276 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
277
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
278 /* convert DER not-after time */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
279 rv = DER_DecodeTimeChoice(notAfter, &validity.notAfter);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
280 if (rv) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
281 return(SECFailure);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
282 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
283
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
284 return(SECSuccess);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
285 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
286
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
287 /*
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
288 * is certa newer than certb? If one is expired, pick the other one.
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
289 */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
290 PRBool
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
291 nsslowcert_IsNewer(NSSLOWCERTCertificate *certa, NSSLOWCERTCertificate *certb)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
292 {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
293 PRTime notBeforeA, notAfterA, notBeforeB, notAfterB, now;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
294 SECStatus rv;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
295 PRBool newerbefore, newerafter;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
296
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
297 rv = nsslowcert_GetCertTimes(certa, &notBeforeA, &notAfterA);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
298 if ( rv != SECSuccess ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
299 return(PR_FALSE);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
300 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
301
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
302 rv = nsslowcert_GetCertTimes(certb, &notBeforeB, &notAfterB);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
303 if ( rv != SECSuccess ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
304 return(PR_TRUE);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
305 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
306
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
307 newerbefore = PR_FALSE;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
308 if ( LL_CMP(notBeforeA, >, notBeforeB) ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
309 newerbefore = PR_TRUE;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
310 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
311
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
312 newerafter = PR_FALSE;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
313 if ( LL_CMP(notAfterA, >, notAfterB) ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
314 newerafter = PR_TRUE;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
315 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
316
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
317 if ( newerbefore && newerafter ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
318 return(PR_TRUE);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
319 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
320
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
321 if ( ( !newerbefore ) && ( !newerafter ) ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
322 return(PR_FALSE);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
323 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
324
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
325 /* get current time */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
326 now = PR_Now();
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
327
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
328 if ( newerbefore ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
329 /* cert A was issued after cert B, but expires sooner */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
330 /* if A is expired, then pick B */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
331 if ( LL_CMP(notAfterA, <, now ) ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
332 return(PR_FALSE);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
333 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
334 return(PR_TRUE);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
335 } else {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
336 /* cert B was issued after cert A, but expires sooner */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
337 /* if B is expired, then pick A */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
338 if ( LL_CMP(notAfterB, <, now ) ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
339 return(PR_TRUE);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
340 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
341 return(PR_FALSE);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
342 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
343 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
344
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
345 #define SOFT_DEFAULT_CHUNKSIZE 2048
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
346
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
347 static SECStatus
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
348 nsslowcert_KeyFromIssuerAndSN(PLArenaPool *arena,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
349 SECItem *issuer, SECItem *sn, SECItem *key)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
350 {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
351 unsigned int len = sn->len + issuer->len;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
352
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
353 if (!arena) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
354 PORT_SetError(SEC_ERROR_INVALID_ARGS);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
355 goto loser;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
356 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
357 if (len > NSS_MAX_LEGACY_DB_KEY_SIZE) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
358 PORT_SetError(SEC_ERROR_INPUT_LEN);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
359 goto loser;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
360 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
361 key->data = (unsigned char*)PORT_ArenaAlloc(arena, len);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
362 if ( !key->data ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
363 goto loser;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
364 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
365
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
366 key->len = len;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
367 /* copy the serialNumber */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
368 PORT_Memcpy(key->data, sn->data, sn->len);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
369
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
370 /* copy the issuer */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
371 PORT_Memcpy(&key->data[sn->len], issuer->data, issuer->len);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
372
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
373 return(SECSuccess);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
374
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
375 loser:
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
376 return(SECFailure);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
377 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
378
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
379 static SECStatus
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
380 nsslowcert_KeyFromIssuerAndSNStatic(unsigned char *space,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
381 int spaceLen, SECItem *issuer, SECItem *sn, SECItem *key)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
382 {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
383 unsigned int len = sn->len + issuer->len;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
384
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
385 key->data = pkcs11_allocStaticData(len, space, spaceLen);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
386 if ( !key->data ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
387 goto loser;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
388 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
389
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
390 key->len = len;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
391 /* copy the serialNumber */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
392 PORT_Memcpy(key->data, sn->data, sn->len);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
393
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
394 /* copy the issuer */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
395 PORT_Memcpy(&key->data[sn->len], issuer->data, issuer->len);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
396
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
397 return(SECSuccess);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
398
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
399 loser:
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
400 return(SECFailure);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
401 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
402
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
403
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
404 static char *
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
405 nsslowcert_EmailName(SECItem *derDN, char *space, unsigned int len)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
406 {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
407 unsigned char *buf;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
408 unsigned int buf_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
409
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
410 /* unwrap outer sequence */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
411 buf=nsslowcert_dataStart(derDN->data,derDN->len,&buf_length,PR_FALSE,NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
412 if (buf == NULL) return NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
413
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
414 /* Walk each RDN */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
415 while (buf_length > 0) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
416 unsigned char *rdn;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
417 unsigned int rdn_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
418
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
419 /* grab next rdn */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
420 rdn=nsslowcert_dataStart(buf, buf_length, &rdn_length, PR_FALSE, NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
421 if (rdn == NULL) { return NULL; }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
422 buf_length -= (rdn - buf) + rdn_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
423 buf = rdn+rdn_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
424
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
425 while (rdn_length > 0) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
426 unsigned char *ava;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
427 unsigned int ava_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
428 unsigned char *oid;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
429 unsigned int oid_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
430 unsigned char *name;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
431 unsigned int name_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
432 SECItem oidItem;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
433 SECOidTag type;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
434
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
435 /* unwrap the ava */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
436 ava=nsslowcert_dataStart(rdn, rdn_length, &ava_length, PR_FALSE,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
437 NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
438 if (ava == NULL) return NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
439 rdn_length -= (ava-rdn)+ava_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
440 rdn = ava + ava_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
441
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
442 oid=nsslowcert_dataStart(ava, ava_length, &oid_length, PR_FALSE,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
443 NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
444 if (oid == NULL) { return NULL; }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
445 ava_length -= (oid-ava)+oid_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
446 ava = oid+oid_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
447
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
448 name=nsslowcert_dataStart(ava, ava_length, &name_length, PR_FALSE,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
449 NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
450 if (oid == NULL) { return NULL; }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
451 ava_length -= (name-ava)+name_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
452 ava = name+name_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
453
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
454 oidItem.data = oid;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
455 oidItem.len = oid_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
456 type = SECOID_FindOIDTag(&oidItem);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
457 if ((type == SEC_OID_PKCS9_EMAIL_ADDRESS) ||
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
458 (type == SEC_OID_RFC1274_MAIL)) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
459 /* Email is supposed to be IA5String, so no
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
460 * translation necessary */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
461 char *emailAddr;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
462 emailAddr = (char *)pkcs11_copyStaticData(name,name_length+1,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
463 (unsigned char *)space,len);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
464 if (emailAddr) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
465 emailAddr[name_length] = 0;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
466 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
467 return emailAddr;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
468 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
469 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
470 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
471 return NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
472 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
473
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
474 static char *
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
475 nsslowcert_EmailAltName(NSSLOWCERTCertificate *cert, char *space,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
476 unsigned int len)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
477 {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
478 unsigned char *exts;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
479 unsigned int exts_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
480
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
481 /* unwrap the sequence */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
482 exts = nsslowcert_dataStart(cert->extensions.data, cert->extensions.len,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
483 &exts_length, PR_FALSE, NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
484 /* loop through extension */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
485 while (exts && exts_length > 0) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
486 unsigned char * ext;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
487 unsigned int ext_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
488 unsigned char *oid;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
489 unsigned int oid_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
490 unsigned char *nameList;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
491 unsigned int nameList_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
492 SECItem oidItem;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
493 SECOidTag type;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
494
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
495 ext = nsslowcert_dataStart(exts, exts_length, &ext_length,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
496 PR_FALSE, NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
497 if (ext == NULL) { break; }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
498 exts_length -= (ext - exts) + ext_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
499 exts = ext+ext_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
500
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
501 oid=nsslowcert_dataStart(ext, ext_length, &oid_length, PR_FALSE, NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
502 if (oid == NULL) { break; }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
503 ext_length -= (oid - ext) + oid_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
504 ext = oid+oid_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
505 oidItem.data = oid;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
506 oidItem.len = oid_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
507 type = SECOID_FindOIDTag(&oidItem);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
508
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
509 /* get Alt Extension */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
510 if (type != SEC_OID_X509_SUBJECT_ALT_NAME) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
511 continue;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
512 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
513
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
514 /* skip passed the critical flag */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
515 if (ext[0] == 0x01) { /* BOOLEAN */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
516 unsigned char *dummy;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
517 unsigned int dummy_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
518 dummy = nsslowcert_dataStart(ext, ext_length, &dummy_length,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
519 PR_FALSE, NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
520 if (dummy == NULL) { break; }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
521 ext_length -= (dummy - ext) + dummy_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
522 ext = dummy+dummy_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
523 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
524
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
525
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
526 /* unwrap the name list */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
527 nameList = nsslowcert_dataStart(ext, ext_length, &nameList_length,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
528 PR_FALSE, NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
529 if (nameList == NULL) { break; }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
530 ext_length -= (nameList - ext) + nameList_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
531 ext = nameList+nameList_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
532 nameList = nsslowcert_dataStart(nameList, nameList_length,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
533 &nameList_length, PR_FALSE, NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
534 /* loop through the name list */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
535 while (nameList && nameList_length > 0) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
536 unsigned char *thisName;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
537 unsigned int thisName_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
538
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
539 thisName = nsslowcert_dataStart(nameList, nameList_length,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
540 &thisName_length, PR_FALSE, NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
541 if (thisName == NULL) { break; }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
542 if (nameList[0] == 0xa2) { /* DNS Name */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
543 SECItem dn;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
544 char *emailAddr;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
545
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
546 dn.data = thisName;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
547 dn.len = thisName_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
548 emailAddr = nsslowcert_EmailName(&dn, space, len);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
549 if (emailAddr) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
550 return emailAddr;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
551 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
552 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
553 if (nameList[0] == 0x81) { /* RFC 822name */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
554 char *emailAddr;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
555 emailAddr = (char *)pkcs11_copyStaticData(thisName,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
556 thisName_length+1, (unsigned char *)space,len);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
557 if (emailAddr) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
558 emailAddr[thisName_length] = 0;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
559 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
560 return emailAddr;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
561 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
562 nameList_length -= (thisName-nameList) + thisName_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
563 nameList = thisName + thisName_length;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
564 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
565 break;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
566 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
567 return NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
568 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
569
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
570 static char *
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
571 nsslowcert_GetCertificateEmailAddress(NSSLOWCERTCertificate *cert)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
572 {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
573 char *emailAddr = NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
574 char *str;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
575
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
576 emailAddr = nsslowcert_EmailName(&cert->derSubject,cert->emailAddrSpace,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
577 sizeof(cert->emailAddrSpace));
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
578 /* couldn't find the email address in the DN, check the subject Alt name */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
579 if (!emailAddr && cert->extensions.data) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
580 emailAddr = nsslowcert_EmailAltName(cert, cert->emailAddrSpace,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
581 sizeof(cert->emailAddrSpace));
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
582 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
583
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
584
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
585 /* make it lower case */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
586 str = emailAddr;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
587 while ( str && *str ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
588 *str = tolower( *str );
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
589 str++;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
590 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
591 return emailAddr;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
592
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
593 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
594
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
595 /*
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
596 * take a DER certificate and decode it into a certificate structure
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
597 */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
598 NSSLOWCERTCertificate *
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
599 nsslowcert_DecodeDERCertificate(SECItem *derSignedCert, char *nickname)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
600 {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
601 NSSLOWCERTCertificate *cert;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
602 int rv;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
603
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
604 /* allocate the certificate structure */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
605 cert = nsslowcert_CreateCert();
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
606
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
607 if ( !cert ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
608 goto loser;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
609 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
610
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
611 /* point to passed in DER data */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
612 cert->derCert = *derSignedCert;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
613 cert->nickname = NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
614 cert->certKey.data = NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
615 cert->referenceCount = 1;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
616
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
617 /* decode the certificate info */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
618 rv = nsslowcert_GetCertFields(cert->derCert.data, cert->derCert.len,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
619 &cert->derIssuer, &cert->serialNumber, &cert->derSN, &cert->derSubject,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
620 &cert->validity, &cert->derSubjKeyInfo, &cert->extensions);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
621
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
622 if (rv != SECSuccess) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
623 goto loser;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
624 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
625
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
626 /* cert->subjectKeyID; x509v3 subject key identifier */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
627 cert->subjectKeyID.data = NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
628 cert->subjectKeyID.len = 0;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
629 cert->dbEntry = NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
630 cert ->trust = NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
631 cert ->dbhandle = NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
632
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
633 /* generate and save the database key for the cert */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
634 rv = nsslowcert_KeyFromIssuerAndSNStatic(cert->certKeySpace,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
635 sizeof(cert->certKeySpace), &cert->derIssuer,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
636 &cert->serialNumber, &cert->certKey);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
637 if ( rv ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
638 goto loser;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
639 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
640
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
641 /* set the nickname */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
642 if ( nickname == NULL ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
643 cert->nickname = NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
644 } else {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
645 /* copy and install the nickname */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
646 cert->nickname = pkcs11_copyNickname(nickname,cert->nicknameSpace,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
647 sizeof(cert->nicknameSpace));
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
648 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
649
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
650 #ifdef FIXME
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
651 /* initialize the subjectKeyID */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
652 rv = cert_GetKeyID(cert);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
653 if ( rv != SECSuccess ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
654 goto loser;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
655 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
656 #endif
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
657
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
658 /* set the email address */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
659 cert->emailAddr = nsslowcert_GetCertificateEmailAddress(cert);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
660
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
661
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
662 cert->referenceCount = 1;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
663
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
664 return(cert);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
665
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
666 loser:
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
667 if (cert) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
668 nsslowcert_DestroyCertificate(cert);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
669 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
670
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
671 return(0);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
672 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
673
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
674 char *
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
675 nsslowcert_FixupEmailAddr(char *emailAddr)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
676 {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
677 char *retaddr;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
678 char *str;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
679
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
680 if ( emailAddr == NULL ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
681 return(NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
682 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
683
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
684 /* copy the string */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
685 str = retaddr = PORT_Strdup(emailAddr);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
686 if ( str == NULL ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
687 return(NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
688 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
689
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
690 /* make it lower case */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
691 while ( *str ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
692 *str = tolower( *str );
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
693 str++;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
694 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
695
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
696 return(retaddr);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
697 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
698
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
699
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
700 /*
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
701 * Generate a database key, based on serial number and issuer, from a
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
702 * DER certificate.
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
703 */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
704 SECStatus
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
705 nsslowcert_KeyFromDERCert(PLArenaPool *arena, SECItem *derCert, SECItem *key)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
706 {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
707 int rv;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
708 NSSLOWCERTCertKey certkey;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
709
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
710 PORT_Memset(&certkey, 0, sizeof(NSSLOWCERTCertKey));
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
711
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
712 rv = nsslowcert_GetCertFields(derCert->data, derCert->len,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
713 &certkey.derIssuer, &certkey.serialNumber, NULL, NULL,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
714 NULL, NULL, NULL);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
715
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
716 if ( rv ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
717 goto loser;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
718 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
719
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
720 return(nsslowcert_KeyFromIssuerAndSN(arena, &certkey.derIssuer,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
721 &certkey.serialNumber, key));
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
722 loser:
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
723 return(SECFailure);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
724 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
725
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
726 NSSLOWKEYPublicKey *
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
727 nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
728 {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
729 NSSLOWCERTSubjectPublicKeyInfo spki;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
730 NSSLOWKEYPublicKey *pubk;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
731 SECItem os;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
732 SECStatus rv;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
733 PLArenaPool *arena;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
734 SECOidTag tag;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
735 SECItem newDerSubjKeyInfo;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
736
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
737 arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
738 if (arena == NULL)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
739 return NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
740
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
741 pubk = (NSSLOWKEYPublicKey *)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
742 PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYPublicKey));
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
743 if (pubk == NULL) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
744 PORT_FreeArena (arena, PR_FALSE);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
745 return NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
746 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
747
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
748 pubk->arena = arena;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
749 PORT_Memset(&spki,0,sizeof(spki));
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
750
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
751 /* copy the DER into the arena, since Quick DER returns data that points
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
752 into the DER input, which may get freed by the caller */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
753 rv = SECITEM_CopyItem(arena, &newDerSubjKeyInfo, &cert->derSubjKeyInfo);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
754 if ( rv != SECSuccess ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
755 PORT_FreeArena (arena, PR_FALSE);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
756 return NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
757 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
758
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
759 /* we haven't bothered decoding the spki struct yet, do it now */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
760 rv = SEC_QuickDERDecodeItem(arena, &spki,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
761 nsslowcert_SubjectPublicKeyInfoTemplate, &newDerSubjKeyInfo);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
762 if (rv != SECSuccess) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
763 PORT_FreeArena (arena, PR_FALSE);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
764 return NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
765 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
766
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
767 /* Convert bit string length from bits to bytes */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
768 os = spki.subjectPublicKey;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
769 DER_ConvertBitString (&os);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
770
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
771 tag = SECOID_GetAlgorithmTag(&spki.algorithm);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
772 switch ( tag ) {
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
773 case SEC_OID_X500_RSA_ENCRYPTION:
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
774 case SEC_OID_PKCS1_RSA_ENCRYPTION:
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
775 pubk->keyType = NSSLOWKEYRSAKey;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
776 prepare_low_rsa_pub_key_for_asn1(pubk);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
777 rv = SEC_QuickDERDecodeItem(arena, pubk,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
778 nsslowcert_RSAPublicKeyTemplate, &os);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
779 if (rv == SECSuccess)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
780 return pubk;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
781 break;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
782 case SEC_OID_ANSIX9_DSA_SIGNATURE:
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
783 pubk->keyType = NSSLOWKEYDSAKey;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
784 prepare_low_dsa_pub_key_for_asn1(pubk);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
785 rv = SEC_QuickDERDecodeItem(arena, pubk,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
786 nsslowcert_DSAPublicKeyTemplate, &os);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
787 if (rv == SECSuccess) return pubk;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
788 break;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
789 case SEC_OID_X942_DIFFIE_HELMAN_KEY:
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
790 pubk->keyType = NSSLOWKEYDHKey;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
791 prepare_low_dh_pub_key_for_asn1(pubk);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
792 rv = SEC_QuickDERDecodeItem(arena, pubk,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
793 nsslowcert_DHPublicKeyTemplate, &os);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
794 if (rv == SECSuccess) return pubk;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
795 break;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
796 #ifndef NSS_DISABLE_ECC
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
797 case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
798 pubk->keyType = NSSLOWKEYECKey;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
799 /* Since PKCS#11 directly takes the DER encoding of EC params
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
800 * and public value, we don't need any decoding here.
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
801 */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
802 rv = SECITEM_CopyItem(arena, &pubk->u.ec.ecParams.DEREncoding,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
803 &spki.algorithm.parameters);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
804 if ( rv != SECSuccess )
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
805 break;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
806
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
807 /* Fill out the rest of the ecParams structure
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
808 * based on the encoded params
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
809 */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
810 if (LGEC_FillParams(arena, &pubk->u.ec.ecParams.DEREncoding,
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
811 &pubk->u.ec.ecParams) != SECSuccess)
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
812 break;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
813
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
814 rv = SECITEM_CopyItem(arena, &pubk->u.ec.publicValue, &os);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
815 if (rv == SECSuccess) return pubk;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
816 break;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
817 #endif /* NSS_DISABLE_ECC */
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
818 default:
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
819 rv = SECFailure;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
820 break;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
821 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
822
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
823 lg_nsslowkey_DestroyPublicKey (pubk);
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
824 return NULL;
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
825 }
150b72113545 Add DBM and legacydb support
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
826
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)