diff options
author | ian.mcgreer%sun.com <devnull@localhost> | 2003-05-15 21:24:10 +0000 |
---|---|---|
committer | ian.mcgreer%sun.com <devnull@localhost> | 2003-05-15 21:24:10 +0000 |
commit | c87947ba878af31b7e432f880afabfb8bffc24a5 (patch) | |
tree | 9b8ff079374ef618eed855abfc6ec6f6370cf37a /security/nss/lib/certdb/secname.c | |
parent | d594ce42f4da5bfc61c6f5dea6f7baad9b89098e (diff) | |
parent | adf8706c2fdecef78d1ff4aad76fe2dafba70173 (diff) | |
download | nss-hg-c87947ba878af31b7e432f880afabfb8bffc24a5.tar.gz |
bug 204788, DirectoryString should default to UTF8String
r=nelsonb
Diffstat (limited to 'security/nss/lib/certdb/secname.c')
-rw-r--r-- | security/nss/lib/certdb/secname.c | 654 |
1 files changed, 654 insertions, 0 deletions
diff --git a/security/nss/lib/certdb/secname.c b/security/nss/lib/certdb/secname.c new file mode 100644 index 000000000..7d8b35b22 --- /dev/null +++ b/security/nss/lib/certdb/secname.c @@ -0,0 +1,654 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#include "cert.h" +#include "secoid.h" +#include "secder.h" /* XXX remove this when remove the DERTemplates */ +#include "secasn1.h" +#include "secitem.h" +#include <stdarg.h> +#include "secerr.h" + +static const SEC_ASN1Template cert_AVATemplate[] = { + { SEC_ASN1_SEQUENCE, + 0, NULL, sizeof(CERTAVA) }, + { SEC_ASN1_OBJECT_ID, + offsetof(CERTAVA,type), }, + { SEC_ASN1_ANY, + offsetof(CERTAVA,value), }, + { 0, } +}; + +const SEC_ASN1Template CERT_RDNTemplate[] = { + { SEC_ASN1_SET_OF, + offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) } +}; + + +static int +CountArray(void **array) +{ + int count = 0; + if (array) { + while (*array++) { + count++; + } + } + return count; +} + +static void +**AddToArray(PRArenaPool *arena, void **array, void *element) +{ + unsigned count; + void **ap; + + /* Count up number of slots already in use in the array */ + count = 0; + ap = array; + if (ap) { + while (*ap++) { + count++; + } + } + + if (array) { + array = (void**) PORT_ArenaGrow(arena, array, + (count + 1) * sizeof(void *), + (count + 2) * sizeof(void *)); + } else { + array = (void**) PORT_ArenaAlloc(arena, (count + 2) * sizeof(void *)); + } + if (array) { + array[count] = element; + array[count+1] = 0; + } + return array; +} + +#if 0 +static void +**RemoveFromArray(void **array, void *element) +{ + unsigned count; + void **ap; + int slot; + + /* Look for element */ + ap = array; + if (ap) { + count = 1; /* count the null at the end */ + slot = -1; + for (; *ap; ap++, count++) { + if (*ap == element) { + /* Found it */ + slot = ap - array; + } + } + if (slot >= 0) { + /* Found it. Squish array down */ + PORT_Memmove((void*) (array + slot), (void*) (array + slot + 1), + (count - slot - 1) * sizeof(void*)); + /* Don't bother reallocing the memory */ + } + } + return array; +} +#endif /* 0 */ + +SECOidTag +CERT_GetAVATag(CERTAVA *ava) +{ + SECOidData *oid; + if (!ava->type.data) return (SECOidTag)-1; + + oid = SECOID_FindOID(&ava->type); + + if ( oid ) { + return(oid->offset); + } + return (SECOidTag)-1; +} + +static SECStatus +SetupAVAType(PRArenaPool *arena, SECOidTag type, SECItem *it, unsigned *maxLenp) +{ + unsigned char *oid; + unsigned oidLen; + unsigned char *cp; + unsigned maxLen; + SECOidData *oidrec; + + oidrec = SECOID_FindOIDByTag(type); + if (oidrec == NULL) + return SECFailure; + + oid = oidrec->oid.data; + oidLen = oidrec->oid.len; + + switch (type) { + case SEC_OID_AVA_COUNTRY_NAME: + maxLen = 2; + break; + case SEC_OID_AVA_ORGANIZATION_NAME: + maxLen = 64; + break; + case SEC_OID_AVA_COMMON_NAME: + maxLen = 64; + break; + case SEC_OID_AVA_LOCALITY: + maxLen = 128; + break; + case SEC_OID_AVA_STATE_OR_PROVINCE: + maxLen = 128; + break; + case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME: + maxLen = 64; + break; + case SEC_OID_AVA_DC: + maxLen = 128; + break; + case SEC_OID_AVA_DN_QUALIFIER: + maxLen = 0x7fff; + break; + case SEC_OID_PKCS9_EMAIL_ADDRESS: + maxLen = 128; + break; + case SEC_OID_RFC1274_UID: + maxLen = 256; /* RFC 1274 specifies 256 */ + break; + case SEC_OID_RFC1274_MAIL: + maxLen = 256; /* RFC 1274 specifies 256 */ + break; + default: + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + it->data = cp = (unsigned char*) PORT_ArenaAlloc(arena, oidLen); + if (cp == NULL) { + return SECFailure; + } + it->len = oidLen; + PORT_Memcpy(cp, oid, oidLen); + *maxLenp = maxLen; + return SECSuccess; +} + +static SECStatus +SetupAVAValue(PRArenaPool *arena, int valueType, char *value, SECItem *it, + unsigned maxLen) +{ + unsigned valueLen, valueLenLen, total; + unsigned ucs4Len = 0, ucs4MaxLen; + unsigned char *cp, *ucs4Val; + + switch (valueType) { + case SEC_ASN1_PRINTABLE_STRING: + case SEC_ASN1_IA5_STRING: + case SEC_ASN1_T61_STRING: + case SEC_ASN1_UTF8_STRING: /* no conversion required */ + valueLen = PORT_Strlen(value); + break; + case SEC_ASN1_UNIVERSAL_STRING: + valueLen = PORT_Strlen(value); + ucs4Val = (unsigned char *)PORT_ArenaZAlloc(arena, + PORT_Strlen(value) * 6); + ucs4MaxLen = PORT_Strlen(value) * 6; + if(!ucs4Val || !PORT_UCS4_UTF8Conversion(PR_TRUE, (unsigned char *)value, valueLen, + ucs4Val, ucs4MaxLen, &ucs4Len)) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + value = (char *)ucs4Val; + valueLen = ucs4Len; + break; + default: + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + if (((valueType != SEC_ASN1_UNIVERSAL_STRING) && (valueLen > maxLen)) || + ((valueType == SEC_ASN1_UNIVERSAL_STRING) && (valueLen > (maxLen * 4)))) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + valueLenLen = DER_LengthLength(valueLen); + total = 1 + valueLenLen + valueLen; + it->data = cp = (unsigned char*) PORT_ArenaAlloc(arena, total); + if (!cp) { + return SECFailure; + } + it->len = total; + cp = (unsigned char*) DER_StoreHeader(cp, valueType, valueLen); + PORT_Memcpy(cp, value, valueLen); + return SECSuccess; +} + +CERTAVA * +CERT_CreateAVA(PRArenaPool *arena, SECOidTag kind, int valueType, char *value) +{ + CERTAVA *ava; + int rv; + unsigned maxLen; + + ava = (CERTAVA*) PORT_ArenaZAlloc(arena, sizeof(CERTAVA)); + if (ava) { + rv = SetupAVAType(arena, kind, &ava->type, &maxLen); + if (rv) { + /* Illegal AVA type */ + return 0; + } + rv = SetupAVAValue(arena, valueType, value, &ava->value, maxLen); + if (rv) { + /* Illegal value type */ + return 0; + } + } + return ava; +} + +CERTAVA * +CERT_CopyAVA(PRArenaPool *arena, CERTAVA *from) +{ + CERTAVA *ava; + int rv; + + ava = (CERTAVA*) PORT_ArenaZAlloc(arena, sizeof(CERTAVA)); + if (ava) { + rv = SECITEM_CopyItem(arena, &ava->type, &from->type); + if (rv) goto loser; + rv = SECITEM_CopyItem(arena, &ava->value, &from->value); + if (rv) goto loser; + } + return ava; + + loser: + return 0; +} + +/************************************************************************/ +/* XXX This template needs to go away in favor of the new SEC_ASN1 version. */ +static const SEC_ASN1Template cert_RDNTemplate[] = { + { SEC_ASN1_SET_OF, + offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) } +}; + + +CERTRDN * +CERT_CreateRDN(PRArenaPool *arena, CERTAVA *ava0, ...) +{ + CERTAVA *ava; + CERTRDN *rdn; + va_list ap; + unsigned count; + CERTAVA **avap; + + rdn = (CERTRDN*) PORT_ArenaAlloc(arena, sizeof(CERTRDN)); + if (rdn) { + /* Count number of avas going into the rdn */ + count = 0; + if (ava0) { + count++; + va_start(ap, ava0); + while ((ava = va_arg(ap, CERTAVA*)) != 0) { + count++; + } + va_end(ap); + } + + /* Now fill in the pointers */ + rdn->avas = avap = + (CERTAVA**) PORT_ArenaAlloc( arena, (count + 1)*sizeof(CERTAVA*)); + if (!avap) { + return 0; + } + if (ava0) { + *avap++ = ava0; + va_start(ap, ava0); + while ((ava = va_arg(ap, CERTAVA*)) != 0) { + *avap++ = ava; + } + va_end(ap); + } + *avap++ = 0; + } + return rdn; +} + +SECStatus +CERT_AddAVA(PRArenaPool *arena, CERTRDN *rdn, CERTAVA *ava) +{ + rdn->avas = (CERTAVA**) AddToArray(arena, (void**) rdn->avas, ava); + return rdn->avas ? SECSuccess : SECFailure; +} + +SECStatus +CERT_CopyRDN(PRArenaPool *arena, CERTRDN *to, CERTRDN *from) +{ + CERTAVA **avas, *fava, *tava; + SECStatus rv; + + /* Copy each ava from from */ + avas = from->avas; + while ((fava = *avas++) != 0) { + tava = CERT_CopyAVA(arena, fava); + if (!tava) return SECFailure; + rv = CERT_AddAVA(arena, to, tava); + if (rv) return rv; + } + return SECSuccess; +} + +/************************************************************************/ + +const SEC_ASN1Template CERT_NameTemplate[] = { + { SEC_ASN1_SEQUENCE_OF, + offsetof(CERTName,rdns), CERT_RDNTemplate, sizeof(CERTName) } +}; + +SEC_ASN1_CHOOSER_IMPLEMENT(CERT_NameTemplate) + +CERTName * +CERT_CreateName(CERTRDN *rdn0, ...) +{ + CERTRDN *rdn; + CERTName *name; + va_list ap; + unsigned count; + CERTRDN **rdnp; + PRArenaPool *arena; + + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if ( !arena ) { + return(0); + } + + name = (CERTName*) PORT_ArenaAlloc(arena, sizeof(CERTName)); + if (name) { + name->arena = arena; + + /* Count number of RDNs going into the Name */ + if (!rdn0) { + count = 0; + } else { + count = 1; + va_start(ap, rdn0); + while ((rdn = va_arg(ap, CERTRDN*)) != 0) { + count++; + } + va_end(ap); + } + + /* Allocate space (including space for terminal null ptr) */ + name->rdns = rdnp = + (CERTRDN**) PORT_ArenaAlloc(arena, (count + 1) * sizeof(CERTRDN*)); + if (!name->rdns) { + goto loser; + } + + /* Now fill in the pointers */ + if (count > 0) { + *rdnp++ = rdn0; + va_start(ap, rdn0); + while ((rdn = va_arg(ap, CERTRDN*)) != 0) { + *rdnp++ = rdn; + } + va_end(ap); + } + + /* null terminate the list */ + *rdnp++ = 0; + } + return name; + +loser: + PORT_FreeArena(arena, PR_FALSE); + return(0); +} + +void +CERT_DestroyName(CERTName *name) +{ + if (name) + { + PRArenaPool *arena = name->arena; + name->rdns = NULL; + name->arena = NULL; + if (arena) PORT_FreeArena(arena, PR_FALSE); + } +} + +SECStatus +CERT_AddRDN(CERTName *name, CERTRDN *rdn) +{ + name->rdns = (CERTRDN**) AddToArray(name->arena, (void**) name->rdns, rdn); + return name->rdns ? SECSuccess : SECFailure; +} + +SECStatus +CERT_CopyName(PRArenaPool *arena, CERTName *to, CERTName *from) +{ + CERTRDN **rdns, *frdn, *trdn; + SECStatus rv; + + if (!to || !from) + return SECFailure; + + CERT_DestroyName(to); + to->arena = arena; + + /* Copy each rdn from from */ + rdns = from->rdns; + while ((frdn = *rdns++) != 0) { + trdn = CERT_CreateRDN(arena, 0); + if ( trdn == NULL ) { + return(SECFailure); + } + rv = CERT_CopyRDN(arena, trdn, frdn); + if (rv) return rv; + rv = CERT_AddRDN(to, trdn); + if (rv) return rv; + } + return SECSuccess; +} + +/************************************************************************/ + +SECComparison +CERT_CompareAVA(CERTAVA *a, CERTAVA *b) +{ + SECComparison rv; + + rv = SECITEM_CompareItem(&a->type, &b->type); + if (rv) { + /* + ** XXX for now we are going to just assume that a bitwise + ** comparison of the value codes will do the trick. + */ + } + rv = SECITEM_CompareItem(&a->value, &b->value); + return rv; +} + +SECComparison +CERT_CompareRDN(CERTRDN *a, CERTRDN *b) +{ + CERTAVA **aavas, *aava; + CERTAVA **bavas, *bava; + int ac, bc; + SECComparison rv = SECEqual; + + aavas = a->avas; + bavas = b->avas; + + /* + ** Make sure array of ava's are the same length. If not, then we are + ** not equal + */ + ac = CountArray((void**) aavas); + bc = CountArray((void**) bavas); + if (ac < bc) return SECLessThan; + if (ac > bc) return SECGreaterThan; + + for (;;) { + aava = *aavas++; + bava = *bavas++; + if (!aava) { + break; + } + rv = CERT_CompareAVA(aava, bava); + if (rv) return rv; + } + return rv; +} + +SECComparison +CERT_CompareName(CERTName *a, CERTName *b) +{ + CERTRDN **ardns, *ardn; + CERTRDN **brdns, *brdn; + int ac, bc; + SECComparison rv = SECEqual; + + ardns = a->rdns; + brdns = b->rdns; + + /* + ** Make sure array of rdn's are the same length. If not, then we are + ** not equal + */ + ac = CountArray((void**) ardns); + bc = CountArray((void**) brdns); + if (ac < bc) return SECLessThan; + if (ac > bc) return SECGreaterThan; + + for (;;) { + ardn = *ardns++; + brdn = *brdns++; + if (!ardn) { + break; + } + rv = CERT_CompareRDN(ardn, brdn); + if (rv) return rv; + } + return rv; +} + +/* Moved from certhtml.c */ +SECItem * +CERT_DecodeAVAValue(SECItem *derAVAValue) +{ + SECItem *retItem; + const SEC_ASN1Template *theTemplate = NULL; + PRBool convertUCS4toUTF8 = PR_FALSE; + PRBool convertUCS2toUTF8 = PR_FALSE; + SECItem avaValue = {siBuffer, 0}; + PLArenaPool *newarena = NULL; + + if(!derAVAValue) { + return NULL; + } + + switch(derAVAValue->data[0]) { + case SEC_ASN1_UNIVERSAL_STRING: + convertUCS4toUTF8 = PR_TRUE; + theTemplate = SEC_UniversalStringTemplate; + break; + case SEC_ASN1_IA5_STRING: + theTemplate = SEC_IA5StringTemplate; + break; + case SEC_ASN1_PRINTABLE_STRING: + theTemplate = SEC_PrintableStringTemplate; + break; + case SEC_ASN1_T61_STRING: + theTemplate = SEC_T61StringTemplate; + break; + case SEC_ASN1_BMP_STRING: + convertUCS2toUTF8 = PR_TRUE; + theTemplate = SEC_BMPStringTemplate; + break; + case SEC_ASN1_UTF8_STRING: + /* No conversion needed ! */ + theTemplate = SEC_UTF8StringTemplate; + break; + default: + return NULL; + } + + PORT_Memset(&avaValue, 0, sizeof(SECItem)); + newarena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (!newarena) { + return NULL; + } + if(SEC_QuickDERDecodeItem(newarena, &avaValue, theTemplate, derAVAValue) + != SECSuccess) { + PORT_FreeArena(newarena, PR_FALSE); + return NULL; + } + + if (convertUCS4toUTF8) { + unsigned int utf8ValLen = avaValue.len * 3; + unsigned char *utf8Val = (unsigned char*) + PORT_ArenaZAlloc(newarena, utf8ValLen); + + if(!PORT_UCS4_UTF8Conversion(PR_FALSE, avaValue.data, avaValue.len, + utf8Val, utf8ValLen, &utf8ValLen)) { + PORT_FreeArena(newarena, PR_FALSE); + return NULL; + } + + avaValue.data = utf8Val; + avaValue.len = utf8ValLen; + + } else if (convertUCS2toUTF8) { + + unsigned int utf8ValLen = avaValue.len * 3; + unsigned char *utf8Val = (unsigned char*) + PORT_ArenaZAlloc(newarena, utf8ValLen); + + if(!PORT_UCS2_UTF8Conversion(PR_FALSE, avaValue.data, avaValue.len, + utf8Val, utf8ValLen, &utf8ValLen)) { + PORT_FreeArena(newarena, PR_FALSE); + return NULL; + } + + avaValue.data = utf8Val; + avaValue.len = utf8ValLen; + } + + retItem = SECITEM_DupItem(&avaValue); + PORT_FreeArena(newarena, PR_FALSE); + return retItem; +} |