Mercurial > trustbridge > nss-cmake-static
comparison nss/lib/certdb/xauthkid.c @ 0:1e5118fa0cb1
This is NSS with a Cmake Buildsyste
To compile a static NSS library for Windows we've used the
Chromium-NSS fork and added a Cmake buildsystem to compile
it statically for Windows. See README.chromium for chromium
changes and README.trustbridge for our modifications.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Mon, 28 Jul 2014 10:47:06 +0200 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:1e5118fa0cb1 |
|---|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 4 | |
| 5 /* | |
| 6 * X.509 v3 Subject Key Usage Extension | |
| 7 * | |
| 8 */ | |
| 9 | |
| 10 #include "prtypes.h" | |
| 11 #include "seccomon.h" | |
| 12 #include "secdert.h" | |
| 13 #include "secoidt.h" | |
| 14 #include "secasn1t.h" | |
| 15 #include "secasn1.h" | |
| 16 #include "secport.h" | |
| 17 #include "certt.h" | |
| 18 #include "genname.h" | |
| 19 #include "secerr.h" | |
| 20 | |
| 21 SEC_ASN1_MKSUB(SEC_IntegerTemplate) | |
| 22 SEC_ASN1_MKSUB(SEC_OctetStringTemplate) | |
| 23 | |
| 24 const SEC_ASN1Template CERTAuthKeyIDTemplate[] = { | |
| 25 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAuthKeyID) }, | |
| 26 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, | |
| 27 offsetof(CERTAuthKeyID,keyID), SEC_ASN1_SUB(SEC_OctetStringTemplate)}, | |
| 28 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1, | |
| 29 offsetof(CERTAuthKeyID, DERAuthCertIssuer), CERT_GeneralNamesTemplate}, | |
| 30 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2, | |
| 31 offsetof(CERTAuthKeyID,authCertSerialNumber), | |
| 32 SEC_ASN1_SUB(SEC_IntegerTemplate) }, | |
| 33 { 0 } | |
| 34 }; | |
| 35 | |
| 36 | |
| 37 | |
| 38 SECStatus CERT_EncodeAuthKeyID (PLArenaPool *arena, CERTAuthKeyID *value, SECItem *encodedValue) | |
| 39 { | |
| 40 SECStatus rv = SECFailure; | |
| 41 | |
| 42 PORT_Assert (value); | |
| 43 PORT_Assert (arena); | |
| 44 PORT_Assert (value->DERAuthCertIssuer == NULL); | |
| 45 PORT_Assert (encodedValue); | |
| 46 | |
| 47 do { | |
| 48 | |
| 49 /* If both of the authCertIssuer and the serial number exist, encode | |
| 50 the name first. Otherwise, it is an error if one exist and the other | |
| 51 is not. | |
| 52 */ | |
| 53 if (value->authCertIssuer) { | |
| 54 if (!value->authCertSerialNumber.data) { | |
| 55 PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID); | |
| 56 break; | |
| 57 } | |
| 58 | |
| 59 value->DERAuthCertIssuer = cert_EncodeGeneralNames | |
| 60 (arena, value->authCertIssuer); | |
| 61 if (!value->DERAuthCertIssuer) { | |
| 62 PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID); | |
| 63 break; | |
| 64 } | |
| 65 } | |
| 66 else if (value->authCertSerialNumber.data) { | |
| 67 PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID); | |
| 68 break; | |
| 69 } | |
| 70 | |
| 71 if (SEC_ASN1EncodeItem (arena, encodedValue, value, | |
| 72 CERTAuthKeyIDTemplate) == NULL) | |
| 73 break; | |
| 74 rv = SECSuccess; | |
| 75 | |
| 76 } while (0); | |
| 77 return(rv); | |
| 78 } | |
| 79 | |
| 80 CERTAuthKeyID * | |
| 81 CERT_DecodeAuthKeyID (PLArenaPool *arena, const SECItem *encodedValue) | |
| 82 { | |
| 83 CERTAuthKeyID * value = NULL; | |
| 84 SECStatus rv = SECFailure; | |
| 85 void * mark; | |
| 86 SECItem newEncodedValue; | |
| 87 | |
| 88 PORT_Assert (arena); | |
| 89 | |
| 90 do { | |
| 91 mark = PORT_ArenaMark (arena); | |
| 92 value = (CERTAuthKeyID*)PORT_ArenaZAlloc (arena, sizeof (*value)); | |
| 93 if (value == NULL) | |
| 94 break; | |
| 95 value->DERAuthCertIssuer = NULL; | |
| 96 /* copy the DER into the arena, since Quick DER returns data that points | |
| 97 into the DER input, which may get freed by the caller */ | |
| 98 rv = SECITEM_CopyItem(arena, &newEncodedValue, encodedValue); | |
| 99 if ( rv != SECSuccess ) { | |
| 100 break; | |
| 101 } | |
| 102 | |
| 103 rv = SEC_QuickDERDecodeItem | |
| 104 (arena, value, CERTAuthKeyIDTemplate, &newEncodedValue); | |
| 105 if (rv != SECSuccess) | |
| 106 break; | |
| 107 | |
| 108 value->authCertIssuer = cert_DecodeGeneralNames (arena, value->DERAuthCertIssuer); | |
| 109 if (value->authCertIssuer == NULL) | |
| 110 break; | |
| 111 | |
| 112 /* what if the general name contains other format but not URI ? | |
| 113 hl | |
| 114 */ | |
| 115 if ((value->authCertSerialNumber.data && !value->authCertIssuer) || | |
| 116 (!value->authCertSerialNumber.data && value->authCertIssuer)){ | |
| 117 PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID); | |
| 118 break; | |
| 119 } | |
| 120 } while (0); | |
| 121 | |
| 122 if (rv != SECSuccess) { | |
| 123 PORT_ArenaRelease (arena, mark); | |
| 124 return ((CERTAuthKeyID *)NULL); | |
| 125 } | |
| 126 PORT_ArenaUnmark(arena, mark); | |
| 127 return (value); | |
| 128 } |