andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: andre@0: /* andre@0: * X.509 v3 Subject Key Usage Extension andre@0: * andre@0: */ andre@0: andre@0: #include "prtypes.h" andre@0: #include "seccomon.h" andre@0: #include "secdert.h" andre@0: #include "secoidt.h" andre@0: #include "secasn1t.h" andre@0: #include "secasn1.h" andre@0: #include "secport.h" andre@0: #include "certt.h" andre@0: #include "genname.h" andre@0: #include "secerr.h" andre@0: andre@0: SEC_ASN1_MKSUB(SEC_IntegerTemplate) andre@0: SEC_ASN1_MKSUB(SEC_OctetStringTemplate) andre@0: andre@0: const SEC_ASN1Template CERTAuthKeyIDTemplate[] = { andre@0: { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAuthKeyID) }, andre@0: { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, andre@0: offsetof(CERTAuthKeyID,keyID), SEC_ASN1_SUB(SEC_OctetStringTemplate)}, andre@0: { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1, andre@0: offsetof(CERTAuthKeyID, DERAuthCertIssuer), CERT_GeneralNamesTemplate}, andre@0: { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2, andre@0: offsetof(CERTAuthKeyID,authCertSerialNumber), andre@0: SEC_ASN1_SUB(SEC_IntegerTemplate) }, andre@0: { 0 } andre@0: }; andre@0: andre@0: andre@0: andre@0: SECStatus CERT_EncodeAuthKeyID (PLArenaPool *arena, CERTAuthKeyID *value, SECItem *encodedValue) andre@0: { andre@0: SECStatus rv = SECFailure; andre@0: andre@0: PORT_Assert (value); andre@0: PORT_Assert (arena); andre@0: PORT_Assert (value->DERAuthCertIssuer == NULL); andre@0: PORT_Assert (encodedValue); andre@0: andre@0: do { andre@0: andre@0: /* If both of the authCertIssuer and the serial number exist, encode andre@0: the name first. Otherwise, it is an error if one exist and the other andre@0: is not. andre@0: */ andre@0: if (value->authCertIssuer) { andre@0: if (!value->authCertSerialNumber.data) { andre@0: PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID); andre@0: break; andre@0: } andre@0: andre@0: value->DERAuthCertIssuer = cert_EncodeGeneralNames andre@0: (arena, value->authCertIssuer); andre@0: if (!value->DERAuthCertIssuer) { andre@0: PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID); andre@0: break; andre@0: } andre@0: } andre@0: else if (value->authCertSerialNumber.data) { andre@0: PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID); andre@0: break; andre@0: } andre@0: andre@0: if (SEC_ASN1EncodeItem (arena, encodedValue, value, andre@0: CERTAuthKeyIDTemplate) == NULL) andre@0: break; andre@0: rv = SECSuccess; andre@0: andre@0: } while (0); andre@0: return(rv); andre@0: } andre@0: andre@0: CERTAuthKeyID * andre@0: CERT_DecodeAuthKeyID (PLArenaPool *arena, const SECItem *encodedValue) andre@0: { andre@0: CERTAuthKeyID * value = NULL; andre@0: SECStatus rv = SECFailure; andre@0: void * mark; andre@0: SECItem newEncodedValue; andre@0: andre@0: PORT_Assert (arena); andre@0: andre@0: do { andre@0: mark = PORT_ArenaMark (arena); andre@0: value = (CERTAuthKeyID*)PORT_ArenaZAlloc (arena, sizeof (*value)); andre@0: if (value == NULL) andre@0: break; andre@0: value->DERAuthCertIssuer = NULL; andre@0: /* copy the DER into the arena, since Quick DER returns data that points andre@0: into the DER input, which may get freed by the caller */ andre@0: rv = SECITEM_CopyItem(arena, &newEncodedValue, encodedValue); andre@0: if ( rv != SECSuccess ) { andre@0: break; andre@0: } andre@0: andre@0: rv = SEC_QuickDERDecodeItem andre@0: (arena, value, CERTAuthKeyIDTemplate, &newEncodedValue); andre@0: if (rv != SECSuccess) andre@0: break; andre@0: andre@0: value->authCertIssuer = cert_DecodeGeneralNames (arena, value->DERAuthCertIssuer); andre@0: if (value->authCertIssuer == NULL) andre@0: break; andre@0: andre@0: /* what if the general name contains other format but not URI ? andre@0: hl andre@0: */ andre@0: if ((value->authCertSerialNumber.data && !value->authCertIssuer) || andre@0: (!value->authCertSerialNumber.data && value->authCertIssuer)){ andre@0: PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID); andre@0: break; andre@0: } andre@0: } while (0); andre@0: andre@0: if (rv != SECSuccess) { andre@0: PORT_ArenaRelease (arena, mark); andre@0: return ((CERTAuthKeyID *)NULL); andre@0: } andre@0: PORT_ArenaUnmark(arena, mark); andre@0: return (value); andre@0: }