diff options
author | relyea%netscape.com <devnull@localhost> | 2000-03-31 19:16:26 +0000 |
---|---|---|
committer | relyea%netscape.com <devnull@localhost> | 2000-03-31 19:16:26 +0000 |
commit | 222a52dab759085f56dcb6588b69a6a937d82aa2 (patch) | |
tree | 8cc2b9251b3777cc1b8a9fe5b615d02b0aadece9 /security/nss/lib/pki1 | |
parent | dc6d4e64be376d12f325301e7e3c5cd048338e9a (diff) | |
download | nss-hg-222a52dab759085f56dcb6588b69a6a937d82aa2.tar.gz |
Initial NSS Open Source Checkin
Diffstat (limited to 'security/nss/lib/pki1')
-rw-r--r-- | security/nss/lib/pki1/.cvsignore | 3 | ||||
-rw-r--r-- | security/nss/lib/pki1/Makefile | 38 | ||||
-rw-r--r-- | security/nss/lib/pki1/atav.c | 1803 | ||||
-rw-r--r-- | security/nss/lib/pki1/config.mk | 37 | ||||
-rw-r--r-- | security/nss/lib/pki1/genname.c | 94 | ||||
-rw-r--r-- | security/nss/lib/pki1/gnseq.c | 71 | ||||
-rw-r--r-- | security/nss/lib/pki1/manifest.mn | 63 | ||||
-rw-r--r-- | security/nss/lib/pki1/name.c | 77 | ||||
-rw-r--r-- | security/nss/lib/pki1/nsspki1.h | 2869 | ||||
-rw-r--r-- | security/nss/lib/pki1/nsspki1t.h | 202 | ||||
-rw-r--r-- | security/nss/lib/pki1/oid.c | 1615 | ||||
-rwxr-xr-x | security/nss/lib/pki1/oidgen.perl | 311 | ||||
-rw-r--r-- | security/nss/lib/pki1/oids.txt | 2115 | ||||
-rw-r--r-- | security/nss/lib/pki1/pki1.h | 3032 | ||||
-rw-r--r-- | security/nss/lib/pki1/pki1t.h | 104 | ||||
-rw-r--r-- | security/nss/lib/pki1/rdn.c | 73 | ||||
-rw-r--r-- | security/nss/lib/pki1/rdnseq.c | 71 |
17 files changed, 12578 insertions, 0 deletions
diff --git a/security/nss/lib/pki1/.cvsignore b/security/nss/lib/pki1/.cvsignore new file mode 100644 index 000000000..12bfbfc7c --- /dev/null +++ b/security/nss/lib/pki1/.cvsignore @@ -0,0 +1,3 @@ +oiddata.c +oiddata.h + diff --git a/security/nss/lib/pki1/Makefile b/security/nss/lib/pki1/Makefile new file mode 100644 index 000000000..03e1fb4c6 --- /dev/null +++ b/security/nss/lib/pki1/Makefile @@ -0,0 +1,38 @@ +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# +MAKEFILE_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$" + +include manifest.mn +include config.mk +include $(CORE_DEPTH)/coreconf/config.mk +include $(CORE_DEPTH)/coreconf/rules.mk diff --git a/security/nss/lib/pki1/atav.c b/security/nss/lib/pki1/atav.c new file mode 100644 index 000000000..299ddfc0d --- /dev/null +++ b/security/nss/lib/pki1/atav.c @@ -0,0 +1,1803 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; +#endif /* DEBUG */ + +/* + * atav.c + * + * This file contains the implementation of the PKIX part-1 object + * AttributeTypeAndValue. + */ + +#ifndef NSSBASE_H +#include "nssbase.h" +#endif /* NSSBASE_H */ + +#ifndef ASN1_H +#include "asn1.h" +#endif /* ASN1_H */ + +#ifndef PKI1_H +#include "pki1.h" +#endif /* PKI1_H */ + +/* + * AttributeTypeAndValue + * + * From draft-ietf-pkix-ipki-part1-10: + * + * AttributeTypeAndValue ::= SEQUENCE { + * type ATTRIBUTE.&id ({SupportedAttributes}), + * value ATTRIBUTE.&Type ({SupportedAttributes}{@type})} + * + * -- ATTRIBUTE information object class specification + * -- Note: This has been greatly simplified for PKIX !! + * + * ATTRIBUTE ::= CLASS { + * &Type, + * &id OBJECT IDENTIFIER UNIQUE } + * WITH SYNTAX { + * WITH SYNTAX &Type ID &id } + * + * What this means is that the "type" of the value is determined by + * the value of the oid. If we hide the structure, our accessors + * can (at least in debug builds) assert value semantics beyond what + * the compiler can provide. Since these things are only used in + * RelativeDistinguishedNames, and since RDNs always contain a SET + * of these things, we don't lose anything by hiding the structure + * (and its size). + */ + +struct NSSATAVStr { + NSSBER ber; + const NSSOID *oid; + NSSUTF8 *value; + nssStringType stringForm; +}; + +/* + * NSSATAV + * + * The public "methods" regarding this "object" are: + * + * NSSATAV_CreateFromBER -- constructor + * NSSATAV_CreateFromUTF8 -- constructor + * NSSATAV_Create -- constructor + * + * NSSATAV_Destroy + * NSSATAV_GetDEREncoding + * NSSATAV_GetUTF8Encoding + * NSSATAV_GetType + * NSSATAV_GetValue + * NSSATAV_Compare + * NSSATAV_Duplicate + * + * The non-public "methods" regarding this "object" are: + * + * nssATAV_CreateFromBER -- constructor + * nssATAV_CreateFromUTF8 -- constructor + * nssATAV_Create -- constructor + * + * nssATAV_Destroy + * nssATAV_GetDEREncoding + * nssATAV_GetUTF8Encoding + * nssATAV_GetType + * nssATAV_GetValue + * nssATAV_Compare + * nssATAV_Duplicate + * + * In debug builds, the following non-public call is also available: + * + * nssATAV_verifyPointer + */ + +/* + * NSSATAV_CreateFromBER + * + * This routine creates an NSSATAV by decoding a BER- or DER-encoded + * ATAV. If the optional arena argument is non-null, the memory used + * will be obtained from that arena; otherwise, the memory will be + * obtained from the heap. This routine may return NULL upon error, + * in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_BER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSATAV upon success + */ + +NSS_IMPLEMENT NSSATAV * +NSSATAV_CreateFromBER +( + NSSArena *arenaOpt, + NSSBER *berATAV +) +{ + nss_ClearErrorStack(); + +#ifdef DEBUG + if( (NSSArena *)NULL != arenaOpt ) { + if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) { + return (NSSATAV *)NULL; + } + } + + /* + * NSSBERs can be created by the user, + * so no pointer-tracking can be checked. + */ + + if( (NSSBER *)NULL == berATAV ) { + nss_SetError(NSS_ERROR_INVALID_BER); + return (NSSATAV *)NULL; + } + + if( (void *)NULL == berATAV->data ) { + nss_SetError(NSS_ERROR_INVALID_BER); + return (NSSATAV *)NULL; + } +#endif /* DEBUG */ + + return nssATAV_CreateFromBER(arenaOpt, berATAV); +} + +/* + * NSSATAV_CreateFromUTF8 + * + * This routine creates an NSSATAV by decoding a UTF8 string in the + * "equals" format, e.g., "c=US." If the optional arena argument is + * non-null, the memory used will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. This routine + * may return NULL upon error, in which case it will have created an + * error stack. + * + * The error may be one of the following values: + * NSS_ERROR_UNKNOWN_ATTRIBUTE + * NSS_ERROR_INVALID_STRING + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSATAV upon success + */ + +NSS_IMPLEMENT NSSATAV * +NSSATAV_CreateFromUTF8 +( + NSSArena *arenaOpt, + NSSUTF8 *stringATAV +) +{ + nss_ClearErrorStack(); + +#ifdef DEBUG + if( (NSSArena *)NULL != arenaOpt ) { + if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) { + return (NSSATAV *)NULL; + } + } + + /* + * NSSUTF8s can be created by the user, + * so no pointer-tracking can be checked. + */ + + if( (NSSUTF8 *)NULL == stringATAV ) { + nss_SetError(NSS_ERROR_INVALID_UTF8); + return (NSSATAV *)NULL; + } +#endif /* DEBUG */ + + return nssATAV_CreateFromUTF8(arenaOpt, stringATAV); +} + +/* + * NSSATAV_Create + * + * This routine creates an NSSATAV from the specified NSSOID and the + * specified data. If the optional arena argument is non-null, the + * memory used will be obtained from that arena; otherwise, the memory + * will be obtained from the heap.If the specified data length is zero, + * the data is assumed to be terminated by first zero byte; this allows + * UTF8 strings to be easily specified. This routine may return NULL + * upon error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ARENA + * NSS_ERROR_INVALID_NSSOID + * NSS_ERROR_INVALID_POINTER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSATAV upon success + */ + +NSS_IMPLEMENT NSSATAV * +NSSATAV_Create +( + NSSArena *arenaOpt, + const NSSOID *oid, + const void *data, + PRUint32 length +) +{ + nss_ClearErrorStack(); + +#ifdef DEBUG + if( (NSSArena *)NULL != arenaOpt ) { + if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) { + return (NSSATAV *)NULL; + } + } + + if( PR_SUCCESS != nssOID_verifyPointer(oid) ) { + return (NSSATAV *)NULL; + } + + if( (const void *)NULL == data ) { + nss_SetError(NSS_ERROR_INVALID_POINTER); + return (NSSATAV *)NULL; + } +#endif /* DEBUG */ + + return nssATAV_Create(arenaOpt, oid, data, length); +} + +/* + * NSSATAV_Destroy + * + * This routine will destroy an ATAV object. It should eventually be + * called on all ATAVs created without an arena. While it is not + * necessary to call it on ATAVs created within an arena, it is not an + * error to do so. This routine returns a PRStatus value; if + * successful, it will return PR_SUCCESS. If unsuccessful, it will + * create an error stack and return PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * + * Return value: + * PR_FAILURE upon error + * PR_SUCCESS upon success + */ + +NSS_IMPLEMENT PRStatus +NSSATAV_Destroy +( + NSSATAV *atav +) +{ + nss_ClearErrorStack(); + +#ifdef DEBUG + if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) { + return PR_FAILURE; + } +#endif /* DEBUG */ + + return nssATAV_Destroy(atav); +} + +/* + * NSSATAV_GetDEREncoding + * + * This routine will DER-encode an ATAV object. If the optional arena + * argument is non-null, the memory used will be obtained from that + * arena; otherwise, the memory will be obtained from the heap. This + * routine may return null upon error, in which case it will have + * created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * The DER encoding of this NSSATAV + */ + +NSS_IMPLEMENT NSSDER * +NSSATAV_GetDEREncoding +( + NSSATAV *atav, + NSSArena *arenaOpt +) +{ + nss_ClearErrorStack(); + +#ifdef DEBUG + if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) { + return (NSSDER *)NULL; + } + + if( (NSSArena *)NULL != arenaOpt ) { + if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) { + return (NSSDER *)NULL; + } + } +#endif /* DEBUG */ + + return nssATAV_GetDEREncoding(atav, arenaOpt); +} + +/* + * NSSATAV_GetUTF8Encoding + * + * This routine returns a UTF8 string containing a string + * representation of the ATAV in "equals" notation (e.g., "o=Acme"). + * If the optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return null upon error, in which + * case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 string containing the "equals" encoding of the + * ATAV + */ + +NSS_IMPLEMENT NSSUTF8 * +NSSATAV_GetUTF8Encoding +( + NSSATAV *atav, + NSSArena *arenaOpt +) +{ + nss_ClearErrorStack(); + +#ifdef DEBUG + if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) { + return (NSSUTF8 *)NULL; + } + + if( (NSSArena *)NULL != arenaOpt ) { + if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) { + return (NSSUTF8 *)NULL; + } + } +#endif /* DEBUG */ + + return nssATAV_GetUTF8Encoding(atav, arenaOpt); +} + +/* + * NSSATAV_GetType + * + * This routine returns the NSSOID corresponding to the attribute type + * in the specified ATAV. This routine may return NSS_OID_UNKNOWN + * upon error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * + * Return value: + * NSS_OID_UNKNOWN upon error + * An element of enum NSSOIDenum upon success + */ + +NSS_IMPLEMENT const NSSOID * +NSSATAV_GetType +( + NSSATAV *atav +) +{ + nss_ClearErrorStack(); + +#ifdef DEBUG + if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) { + return (NSSOID *)NULL; + } +#endif /* DEBUG */ + + return nssATAV_GetType(atav); +} + +/* + * NSSATAV_GetValue + * + * This routine returns a string containing the attribute value + * in the specified ATAV. If the optional arena argument is non-null, + * the memory used will be obtained from that arena; otherwise, the + * memory will be obtained from the heap. This routine may return + * NULL upon error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSItem containing the attribute value. + */ + +NSS_IMPLEMENT NSSUTF8 * +NSSATAV_GetValue +( + NSSATAV *atav, + NSSArena *arenaOpt +) +{ + nss_ClearErrorStack(); + +#ifdef DEBUG + if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) { + return (NSSUTF8 *)NULL; + } + + if( (NSSArena *)NULL != arenaOpt ) { + if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) { + return (NSSUTF8 *)NULL; + } + } +#endif /* DEBUG */ + + return nssATAV_GetValue(atav, arenaOpt); +} + +/* + * NSSATAV_Compare + * + * This routine compares two ATAVs for equality. For two ATAVs to be + * equal, the attribute types must be the same, and the attribute + * values must have equal length and contents. The result of the + * comparison will be stored at the location pointed to by the "equalp" + * variable, which must point to a valid PRBool. This routine may + * return PR_FAILURE upon error, in which case it will have created an + * error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_INVALID_ARGUMENT + * + * Return value: + * PR_FAILURE on error + * PR_SUCCESS upon a successful comparison (equal or not) + */ + +NSS_IMPLEMENT PRStatus +NSSATAV_Compare +( + NSSATAV *atav1, + NSSATAV *atav2, + PRBool *equalp +) +{ + nss_ClearErrorStack(); + +#ifdef DEBUG + if( PR_SUCCESS != nssATAV_verifyPointer(atav1) ) { + return PR_FAILURE; + } + + if( PR_SUCCESS != nssATAV_verifyPointer(atav2) ) { + return PR_FAILURE; + } + + if( (PRBool *)NULL == equalp ) { + nss_SetError(NSS_ERROR_INVALID_ARGUMENT); + return PR_FAILURE; + } +#endif /* DEBUG */ + + return nssATAV_Compare(atav1, atav2, equalp); +} + +/* + * NSSATAV_Duplicate + * + * This routine duplicates the specified ATAV. If the optional arena + * argument is non-null, the memory required will be obtained from + * that arena; otherwise, the memory will be obtained from the heap. + * This routine may return NULL upon error, in which case it will have + * created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL on error + * A pointer to a new ATAV + */ + +NSS_IMPLEMENT NSSATAV * +NSSATAV_Duplicate +( + NSSATAV *atav, + NSSArena *arenaOpt +) +{ + nss_ClearErrorStack(); + +#ifdef DEBUG + if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) { + return (NSSATAV *)NULL; + } + + if( (NSSArena *)NULL != arenaOpt ) { + if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) { + return (NSSATAV *)NULL; + } + } +#endif /* DEBUG */ + + return nssATAV_Duplicate(atav, arenaOpt); +} + +/* + * The pointer-tracking code + */ + +#ifdef DEBUG +extern const NSSError NSS_ERROR_INTERNAL_ERROR; + +static nssPointerTracker atav_pointer_tracker; + +static PRStatus +atav_add_pointer +( + const NSSATAV *atav +) +{ + PRStatus rv; + + rv = nssPointerTracker_initialize(&atav_pointer_tracker); + if( PR_SUCCESS != rv ) { + return rv; + } + + rv = nssPointerTracker_add(&atav_pointer_tracker, atav); + if( PR_SUCCESS != rv ) { + NSSError e = NSS_GetError(); + if( NSS_ERROR_NO_MEMORY != e ) { + nss_SetError(NSS_ERROR_INTERNAL_ERROR); + } + + return rv; + } + + return PR_SUCCESS; +} + +static PRStatus +atav_remove_pointer +( + const NSSATAV *atav +) +{ + PRStatus rv; + + rv = nssPointerTracker_remove(&atav_pointer_tracker, atav); + if( PR_SUCCESS != rv ) { + nss_SetError(NSS_ERROR_INTERNAL_ERROR); + } + + return rv; +} + +/* + * nssATAV_verifyPointer + * + * This method is only present in debug builds. + * + * If the specified pointer is a valid pointer to an NSSATAV object, + * this routine will return PR_SUCCESS. Otherwise, it will put an + * error on the error stack and return PR_FAILRUE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NSSATAV + * NSS_ERROR_NO_MEMORY + * + * Return value: + * PR_SUCCESS if the pointer is valid + * PR_FAILURE if it isn't + */ + +NSS_IMPLEMENT PRStatus +nssATAV_verifyPointer +( + NSSATAV *atav +) +{ + PRStatus rv; + + rv = nssPointerTracker_initialize(&atav_pointer_tracker); + if( PR_SUCCESS != rv ) { + return PR_FAILURE; + } + + rv = nssPointerTracker_verify(&atav_pointer_tracker, atav); + if( PR_SUCCESS != rv ) { + nss_SetError(NSS_ERROR_INVALID_ATAV); + return PR_FAILURE; + } + + return PR_SUCCESS; +} +#endif /* DEBUG */ + +typedef struct { + NSSBER oid; + NSSBER value; +} atav_holder; + +static const nssASN1Template nss_atav_template[] = { + { nssASN1_SEQUENCE, 0, NULL, sizeof(atav_holder) }, + { nssASN1_OBJECT_ID, nsslibc_offsetof(atav_holder, oid), NULL, 0 }, + { nssASN1_ANY, nsslibc_offsetof(atav_holder, value), NULL, 0 }, + { 0, 0, NULL, 0 } +}; + +/* + * There are several common attributes, with well-known type aliases + * and value semantics. This table lists the ones we recognize. + */ + +struct nss_attribute_data_str { + const NSSOID **oid; + nssStringType stringType; + PRUint32 minStringLength; + PRUint32 maxStringLength; /* zero for no limit */ +}; + +static const struct nss_attribute_data_str nss_attribute_data[] = { + { &NSS_OID_X520_NAME, + nssStringType_DirectoryString, 1, 32768 }, + { &NSS_OID_X520_COMMON_NAME, + nssStringType_DirectoryString, 1, 64 }, + { &NSS_OID_X520_SURNAME, + nssStringType_DirectoryString, 1, 40 }, + { &NSS_OID_X520_GIVEN_NAME, + nssStringType_DirectoryString, 1, 16 }, + { &NSS_OID_X520_INITIALS, + nssStringType_DirectoryString, 1, 5 }, + { &NSS_OID_X520_GENERATION_QUALIFIER, + nssStringType_DirectoryString, 1, 3 }, + { &NSS_OID_X520_DN_QUALIFIER, + nssStringType_PrintableString, 1, 0 }, + { &NSS_OID_X520_COUNTRY_NAME, + nssStringType_PrintableString, 2, 2 }, + { &NSS_OID_X520_LOCALITY_NAME, + nssStringType_DirectoryString, 1, 128 }, + { &NSS_OID_X520_STATE_OR_PROVINCE_NAME, + nssStringType_DirectoryString, 1, 128 }, + { &NSS_OID_X520_ORGANIZATION_NAME, + nssStringType_DirectoryString, 1, 64 }, + { &NSS_OID_X520_ORGANIZATIONAL_UNIT_NAME, + nssStringType_DirectoryString, 1, + /* + * Note, draft #11 defines both "32" and "64" for this maximum, + * in two separate places. Until it's settled, "conservative + * in what you send." We're always liberal in what we accept. + */ + 32 }, + { &NSS_OID_X520_TITLE, + nssStringType_DirectoryString, 1, 64 }, + { &NSS_OID_RFC1274_EMAIL, + nssStringType_PHGString, 1, 128 } +}; + +PRUint32 nss_attribute_data_quantity = + (sizeof(nss_attribute_data)/sizeof(nss_attribute_data[0])); + +static nssStringType +nss_attr_underlying_string_form +( + nssStringType type, + void *data +) +{ + if( nssStringType_DirectoryString == type ) { + PRUint8 tag = *(PRUint8 *)data; + switch( tag & nssASN1_TAGNUM_MASK ) { + case 20: + /* + * XXX fgmr-- we have to accept Latin-1 for Teletex; (see + * below) but is T61 a suitable value for "Latin-1"? + */ + return nssStringType_TeletexString; + case 19: + return nssStringType_PrintableString; + case 28: + return nssStringType_UniversalString; + case 30: + return nssStringType_BMPString; + case 12: + return nssStringType_UTF8String; + default: + return nssStringType_Unknown; + } + } + + return type; +} + + +/* + * This routine decodes the attribute value, in a type-specific way. + * + */ + +static NSSUTF8 * +nss_attr_to_utf8 +( + NSSArena *arenaOpt, + const NSSOID *oid, + NSSItem *item, + nssStringType *stringForm +) +{ + NSSUTF8 *rv = (NSSUTF8 *)NULL; + PRUint32 i; + const struct nss_attribute_data_str *which = + (struct nss_attribute_data_str *)NULL; + PRUint32 len = 0; + + for( i = 0; i < nss_attribute_data_quantity; i++ ) { + if( *(nss_attribute_data[ i ].oid) == oid ) { + which = &nss_attribute_data[i]; + break; + } + } + + if( (struct nss_attribute_data_str *)NULL == which ) { + /* Unknown OID. Encode it as hex. */ + PRUint8 *c; + PRUint8 *d = (PRUint8 *)item->data; + PRUint32 amt = item->size; + + if( item->size >= 0x7FFFFFFF ) { + nss_SetError(NSS_ERROR_INVALID_STRING); + return (NSSUTF8 *)NULL; + } + + len = 1 + (item->size * 2) + 1; /* '#' + hex + '\0' */ + rv = (NSSUTF8 *)nss_ZAlloc(arenaOpt, len); + if( (NSSUTF8 *)NULL == rv ) { + return (NSSUTF8 *)NULL; + } + + c = (PRUint8 *)rv; + *c++ = '#'; /* XXX fgmr check this */ + while( amt > 0 ) { + static char hex[16] = "0123456789ABCDEF"; + *c++ = hex[ ((*d) & 0xf0) >> 4 ]; + *c++ = hex[ ((*d) & 0x0f) ]; + } + + /* *c = '\0'; nss_ZAlloc, remember */ + + *stringForm = nssStringType_Unknown; /* force exact comparison */ + } else { + rv = nssUTF8_CreateFromBER(arenaOpt, which->stringType, + (NSSBER *)item); + + if( (NSSUTF8 *)NULL == rv ) { + return (NSSUTF8 *)NULL; + } + + if( PR_SUCCESS != nssUTF8_Length(rv, &len) ) { + nss_ZFreeIf(rv); + return (NSSUTF8 *)NULL; + } + + *stringForm = nss_attr_underlying_string_form(which->stringType, + item->data); + } + + return rv; +} + +/* + * nssATAV_CreateFromBER + * + * This routine creates an NSSATAV by decoding a BER- or DER-encoded + * ATAV. If the optional arena argument is non-null, the memory used + * will be obtained from that arena; otherwise, the memory will be + * obtained from the heap. This routine may return NULL upon error, + * in which case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_BER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSATAV upon success + */ + +NSS_IMPLEMENT NSSATAV * +nssATAV_CreateFromBER +( + NSSArena *arenaOpt, + const NSSBER *berATAV +) +{ + atav_holder holder; + PRStatus status; + NSSATAV *rv; + +#ifdef NSSDEBUG + if( (NSSArena *)NULL != arenaOpt ) { + if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) { + return (NSSATAV *)NULL; + } + } + + /* + * NSSBERs can be created by the user, + * so no pointer-tracking can be checked. + */ + + if( (NSSBER *)NULL == berATAV ) { + nss_SetError(NSS_ERROR_INVALID_BER); + return (NSSATAV *)NULL; + } + + if( (void *)NULL == berATAV->data ) { + nss_SetError(NSS_ERROR_INVALID_BER); + return (NSSATAV *)NULL; + } +#endif /* NSSDEBUG */ + + status = nssASN1_DecodeBER(arenaOpt, &holder, + nss_atav_template, berATAV); + if( PR_SUCCESS != status ) { + return (NSSATAV *)NULL; + } + + rv = nss_ZNEW(arenaOpt, NSSATAV); + if( (NSSATAV *)NULL == rv ) { + nss_ZFreeIf(holder.oid.data); + nss_ZFreeIf(holder.value.data); + return (NSSATAV *)NULL; + } + + rv->oid = nssOID_CreateFromBER(&holder.oid); + if( (NSSOID *)NULL == rv->oid ) { + nss_ZFreeIf(rv); + nss_ZFreeIf(holder.oid.data); + nss_ZFreeIf(holder.value.data); + return (NSSATAV *)NULL; + } + + nss_ZFreeIf(holder.oid.data); + + rv->ber.data = nss_ZAlloc(arenaOpt, berATAV->size); + if( (void *)NULL == rv->ber.data ) { + nss_ZFreeIf(rv); + nss_ZFreeIf(holder.value.data); + return (NSSATAV *)NULL; + } + + rv->ber.size = berATAV->size; + (void)nsslibc_memcpy(rv->ber.data, berATAV->data, berATAV->size); + + rv->value = nss_attr_to_utf8(arenaOpt, rv->oid, &holder.value, + &rv->stringForm); + if( (NSSUTF8 *)NULL == rv->value ) { + nss_ZFreeIf(rv->ber.data); + nss_ZFreeIf(rv); + nss_ZFreeIf(holder.value.data); + return (NSSATAV *)NULL; + } + + nss_ZFreeIf(holder.value.data); + +#ifdef DEBUG + if( PR_SUCCESS != atav_add_pointer(rv) ) { + nss_ZFreeIf(rv->ber.data); + nss_ZFreeIf(rv->value); + nss_ZFreeIf(rv); + return (NSSATAV *)NULL; + } +#endif /* DEBUG */ + + return rv; +} + +static PRBool +nss_atav_utf8_string_is_hex +( + const NSSUTF8 *s +) +{ + /* All hex digits are ASCII, so this works */ + PRUint8 *p = (PRUint8 *)s; + + for( ; (PRUint8)0 != *p; p++ ) { + if( (('0' <= *p) && (*p <= '9')) || + (('A' <= *p) && (*p <= 'F')) || + (('a' <= *p) && (*p <= 'f')) ) { + continue; + } else { + return PR_FALSE; + } + } + + return PR_TRUE; +} + +static PRUint8 +nss_atav_fromhex +( + PRUint8 *d +) +{ + PRUint8 rv; + + if( d[0] <= '9' ) { + rv = (d[0] - '0') * 16; + } else if( d[0] >= 'a' ) { + rv = (d[0] - 'a' + 10) * 16; + } else { + rv = (d[0] - 'A' + 10); + } + + if( d[1] <= '9' ) { + rv += (d[1] - '0'); + } else if( d[1] >= 'a' ) { + rv += (d[1] - 'a' + 10); + } else { + rv += (d[1] - 'A' + 10); + } + + return rv; +} + +/* + * nssATAV_CreateFromUTF8 + * + * This routine creates an NSSATAV by decoding a UTF8 string in the + * "equals" format, e.g., "c=US." If the optional arena argument is + * non-null, the memory used will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. This routine + * may return NULL upon error, in which case it will have set an error + * on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_UNKNOWN_ATTRIBUTE + * NSS_ERROR_INVALID_STRING + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSATAV upon success + */ + +extern const NSSError NSS_ERROR_INTERNAL_ERROR; + +NSS_IMPLEMENT NSSATAV * +nssATAV_CreateFromUTF8 +( + NSSArena *arenaOpt, + const NSSUTF8 *stringATAV +) +{ + char *c; + NSSUTF8 *type; + NSSUTF8 *value; + PRUint32 i; + const NSSOID *oid = (NSSOID *)NULL; + NSSATAV *rv; + NSSItem xitem; + + xitem.data = (void *)NULL; + + for( c = (char *)stringATAV; '\0' != *c; c++ ) { + if( '=' == *c ) { +#ifdef PEDANTIC + /* + * Theoretically, one could have an '=' in an + * attribute string alias. We don't, yet, though. + */ + if( (char *)stringATAV == c ) { + nss_SetError(NSS_ERROR_INVALID_STRING); + return (NSSATAV *)NULL; + } else { + if( '\\' == c[-1] ) { + continue; + } + } +#endif /* PEDANTIC */ + break; + } + } + + if( '\0' == *c ) { + nss_SetError(NSS_ERROR_INVALID_UTF8); + return (NSSATAV *)NULL; + } else { + c++; + value = (NSSUTF8 *)c; + } + + i = ((NSSUTF8 *)c - stringATAV); + type = (NSSUTF8 *)nss_ZAlloc((NSSArena *)NULL, i); + if( (NSSUTF8 *)NULL == type ) { + return (NSSATAV *)NULL; + } + + (void)nsslibc_memcpy(type, stringATAV, i-1); + + c = (char *)stringATAV; + if( (('0' <= *c) && (*c <= '9')) || ('#' == *c) ) { + oid = nssOID_CreateFromUTF8(type); + if( (NSSOID *)NULL == oid ) { + nss_ZFreeIf(type); + return (NSSATAV *)NULL; + } + } else { + for( i = 0; i < nss_attribute_type_alias_count; i++ ) { + const nssAttributeTypeAliasTable *e = &nss_attribute_type_aliases[i]; + PRBool match = PR_FALSE; + if( PR_SUCCESS != nssUTF8_CaseIgnoreMatch(type, e->alias, + &match) ) { + nss_ZFreeIf(type); + return (NSSATAV *)NULL; + } + if( PR_TRUE == match ) { + oid = *(e->oid); + break; + } + } + + if( (NSSOID *)NULL == oid ) { + nss_ZFreeIf(type); + nss_SetError(NSS_ERROR_UNKNOWN_ATTRIBUTE); + return (NSSATAV *)NULL; + } + } + + nss_ZFreeIf(type); + type = (NSSUTF8 *)NULL; + + rv = nss_ZNEW(arenaOpt, NSSATAV); + if( (NSSATAV *)NULL == rv ) { + return (NSSATAV *)NULL; + } + + rv->oid = oid; + + if( '#' == *value ) { /* XXX fgmr.. was it '#'? or backslash? */ + PRUint32 size; + PRUint32 len; + PRUint8 *c; + PRUint8 *d; + /* It's in hex */ + + value++; + if( PR_TRUE != nss_atav_utf8_string_is_hex(value) ) { + (void)nss_ZFreeIf(rv); + nss_SetError(NSS_ERROR_INVALID_STRING); + return (NSSATAV *)NULL; + } + + if( PR_SUCCESS != nssUTF8_Size(value, &size) ) { + /* + * Only returns an error on bad pointer (nope) or string + * too long. The defined limits for known attributes are + * small enough to fit in PRUint32, and when undefined we + * get to apply our own practical limits. Ergo, I say the + * string is invalid. + */ + (void)nss_ZFreeIf(rv); + nss_SetError(NSS_ERROR_INVALID_STRING); + return (NSSATAV *)NULL; + } + + if( ((size-1) & 1) ) { + /* odd length */ + (void)nss_ZFreeIf(rv); + nss_SetError(NSS_ERROR_INVALID_STRING); + return (NSSATAV *)NULL; + } + + len = (size-1)/2; + + rv->value = (NSSUTF8 *)nss_ZAlloc(arenaOpt, len+1); + if( (NSSUTF8 *)NULL == rv->value ) { + (void)nss_ZFreeIf(rv); + return (NSSATAV *)NULL; + } + + xitem.size = len; + xitem.data = (void *)rv->value; + + for( c = rv->value, d = value; len--; c++, d += 2 ) { + *c = nss_atav_fromhex(d); + } + + *c = 0; + } else { + PRUint32 i, len; + PRUint8 *s; + + /* + * XXX fgmr-- okay, this is a little wasteful, and should + * probably be abstracted out a bit. Later. + */ + + rv->value = nssUTF8_Duplicate(value, arenaOpt); + if( (NSSUTF8 *)NULL == rv->value ) { + (void)nss_ZFreeIf(rv); + return (NSSATAV *)NULL; + } + + if( PR_SUCCESS != nssUTF8_Size(rv->value, &len) ) { + (void)nss_ZFreeIf(rv->value); + (void)nss_ZFreeIf(rv); + return (NSSATAV *)NULL; + } + + s = (PRUint8 *)rv->value; + for( i = 0; i < len; i++ ) { + if( '\\' == s[i] ) { + (void)nsslibc_memcpy(&s[i], &s[i+1], len-i-1); + } + } + } + + /* Now just BER-encode the baby and we're through.. */ + { + const struct nss_attribute_data_str *which = + (struct nss_attribute_data_str *)NULL; + PRUint32 i; + NSSArena *a; + NSSDER *oidder; + NSSItem *vitem; + atav_holder ah; + NSSDER *status; + + for( i = 0; i < nss_attribute_data_quantity; i++ ) { + if( *(nss_attribute_data[ i ].oid) == rv->oid ) { + which = &nss_attribute_data[i]; + break; + } + } + + a = NSSArena_Create(); + if( (NSSArena *)NULL == a ) { + (void)nss_ZFreeIf(rv->value); + (void)nss_ZFreeIf(rv); + return (NSSATAV *)NULL; + } + + oidder = nssOID_GetDEREncoding(rv->oid, a); + if( (NSSDER *)NULL == oidder ) { + (void)NSSArena_Destroy(a); + (void)nss_ZFreeIf(rv->value); + (void)nss_ZFreeIf(rv); + return (NSSATAV *)NULL; + } + + if( (struct nss_attribute_data_str *)NULL == which ) { + /* + * We'll just have to take the user data as an octet stream. + */ + if( (void *)NULL == xitem.data ) { + /* + * This means that an ATTR entry has been added to oids.txt, + * but no corresponding entry has been added to the array + * ns_attribute_data[] above. + */ + nss_SetError(NSS_ERROR_INTERNAL_ERROR); + (void)NSSArena_Destroy(a); + (void)nss_ZFreeIf(rv->value); + (void)nss_ZFreeIf(rv); + return (NSSATAV *)NULL; + } + + vitem = nssASN1_EncodeDER(a, (NSSDER *)NULL, &xitem, + nssASN1Template_OctetString); + if( (NSSItem *)NULL == vitem ) { + (void)NSSArena_Destroy(a); + (void)nss_ZFreeIf(rv->value); + (void)nss_ZFreeIf(rv); + return (NSSATAV *)NULL; + } + + rv->stringForm = nssStringType_Unknown; + } else { + PRUint32 length = 0; + + if( PR_SUCCESS != nssUTF8_Length(rv->value, &length) ) { + (void)NSSArena_Destroy(a); + (void)nss_ZFreeIf(rv->value); + (void)nss_ZFreeIf(rv); + return (NSSATAV *)NULL; + } + + if( ((0 != which->minStringLength) && + (length < which->minStringLength)) || + ((0 != which->maxStringLength) && + (length > which->maxStringLength)) ) { + nss_SetError(NSS_ERROR_INVALID_STRING); + (void)NSSArena_Destroy(a); + (void)nss_ZFreeIf(rv->value); + (void)nss_ZFreeIf(rv); + return (NSSATAV *)NULL; + } + + vitem = nssUTF8_GetDEREncoding(a, which->stringType, rv->value); + if( (NSSItem *)NULL == vitem ) { + (void)NSSArena_Destroy(a); + (void)nss_ZFreeIf(rv->value); + (void)nss_ZFreeIf(rv); + return (NSSATAV *)NULL; + } + + if( nssStringType_DirectoryString == which->stringType ) { + rv->stringForm = nssStringType_UTF8String; + } else { + rv->stringForm = which->stringType; + } + } + + ah.oid = *oidder; + ah.value = *vitem; + + status = nssASN1_EncodeDER(arenaOpt, &rv->ber, &ah, + nss_atav_template); + + if( (NSSDER *)NULL == status ) { + (void)NSSArena_Destroy(a); + (void)nss_ZFreeIf(rv->value); + (void)nss_ZFreeIf(rv); + return (NSSATAV *)NULL; + } + + (void)NSSArena_Destroy(a); + } + + return rv; +} + +/* + * nssATAV_Create + * + * This routine creates an NSSATAV from the specified NSSOID and the + * specified data. If the optional arena argument is non-null, the + * memory used will be obtained from that arena; otherwise, the memory + * will be obtained from the heap.If the specified data length is zero, + * the data is assumed to be terminated by first zero byte; this allows + * UTF8 strings to be easily specified. This routine may return NULL + * upon error, in which case it will have set an error on the error + * stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ARENA + * NSS_ERROR_INVALID_NSSOID + * NSS_ERROR_INVALID_POINTER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSATAV upon success + */ + +NSS_IMPLEMENT NSSATAV * +nssATAV_Create +( + NSSArena *arenaOpt, + const NSSOID *oid, + const void *data, + PRUint32 length +) +{ +#ifdef NSSDEBUG + if( (NSSArena *)NULL != arenaOpt ) { + if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) { + return (NSSATAV *)NULL; + } + } + + if( PR_SUCCESS != nssOID_verifyPointer(oid) ) { + return (NSSATAV *)NULL; + } + + if( (const void *)NULL == data ) { + nss_SetError(NSS_ERROR_INVALID_POINTER); + return (NSSATAV *)NULL; + } +#endif /* NSSDEBUG */ + + /* XXX fgmr-- oops, forgot this one */ + return (NSSATAV *)NULL; +} + +/* + * nssATAV_Destroy + * + * This routine will destroy an ATAV object. It should eventually be + * called on all ATAVs created without an arena. While it is not + * necessary to call it on ATAVs created within an arena, it is not an + * error to do so. This routine returns a PRStatus value; if + * successful, it will return PR_SUCCESS. If unsuccessful, it will + * set an error on the error stack and return PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * + * Return value: + * PR_FAILURE upon error + * PR_SUCCESS upon success + */ + +NSS_IMPLEMENT PRStatus +nssATAV_Destroy +( + NSSATAV *atav +) +{ +#ifdef NSSDEBUG + if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) { + return PR_FAILURE; + } +#endif /* NSSDEBUG */ + + (void)nss_ZFreeIf(atav->ber.data); + (void)nss_ZFreeIf(atav->value); + +#ifdef DEBUG + if( PR_SUCCESS != atav_remove_pointer(atav) ) { + return PR_FAILURE; + } +#endif /* DEBUG */ + + return PR_SUCCESS; +} + +/* + * nssATAV_GetDEREncoding + * + * This routine will DER-encode an ATAV object. If the optional arena + * argument is non-null, the memory used will be obtained from that + * arena; otherwise, the memory will be obtained from the heap. This + * routine may return null upon error, in which case it will have set + * an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * The DER encoding of this NSSATAV + */ + +NSS_IMPLEMENT NSSDER * +nssATAV_GetDEREncoding +( + NSSATAV *atav, + NSSArena *arenaOpt +) +{ + NSSDER *rv; + +#ifdef NSSDEBUG + if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) { + return (NSSDER *)NULL; + } +#endif /* NSSDEBUG */ + + rv = nss_ZNEW(arenaOpt, NSSDER); + if( (NSSDER *)NULL == rv ) { + return (NSSDER *)NULL; + } + + rv->data = nss_ZAlloc(arenaOpt, atav->ber.size); + if( (void *)NULL == rv->data ) { + (void)nss_ZFreeIf(rv); + return (NSSDER *)NULL; + } + + rv->size = atav->ber.size; + if( PR_SUCCESS != nsslibc_memcpy(rv->data, atav->ber.data, + rv->size) ) { + (void)nss_ZFreeIf(rv->data); + (void)nss_ZFreeIf(rv); + return (NSSDER *)NULL; + } + + return rv; +} + +/* + * nssATAV_GetUTF8Encoding + * + * This routine returns a UTF8 string containing a string + * representation of the ATAV in "equals" notation (e.g., "o=Acme"). + * If the optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return null upon error, in which + * case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 string containing the "equals" encoding of the + * ATAV + */ + +NSS_IMPLEMENT NSSUTF8 * +nssATAV_GetUTF8Encoding +( + NSSATAV *atav, + NSSArena *arenaOpt +) +{ + NSSUTF8 *rv; + PRUint32 i; + const NSSUTF8 *alias = (NSSUTF8 *)NULL; + NSSUTF8 *oid; + NSSUTF8 *value; + PRUint32 oidlen; + PRUint32 valuelen; + PRUint32 totallen; + +#ifdef NSSDEBUG + if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) { + return (NSSUTF8 *)NULL; + } +#endif /* NSSDEBUG */ + + for( i = 0; i < nss_attribute_type_alias_count; i++ ) { + if( *(nss_attribute_type_aliases[i].oid) == atav->oid ) { + alias = nss_attribute_type_aliases[i].alias; + break; + } + } + + if( (NSSUTF8 *)NULL == alias ) { + oid = nssOID_GetUTF8Encoding(atav->oid, (NSSArena *)NULL); + if( (NSSUTF8 *)NULL == oid ) { + return (NSSUTF8 *)NULL; + } + + if( PR_SUCCESS != nssUTF8_Size(oid, &oidlen) ) { + (void)nss_ZFreeIf(oid); + return (NSSUTF8 *)NULL; + } + } else { + if( PR_SUCCESS != nssUTF8_Size(alias, &oidlen) ) { + return (NSSUTF8 *)NULL; + } + oid = (NSSUTF8 *)NULL; + } + + value = nssATAV_GetValue(atav, (NSSArena *)NULL); + if( (NSSUTF8 *)NULL == value ) { + (void)nss_ZFreeIf(oid); + return (NSSUTF8 *)NULL; + } + + if( PR_SUCCESS != nssUTF8_Size(value, &valuelen) ) { + (void)nss_ZFreeIf(value); + (void)nss_ZFreeIf(oid); + return (NSSUTF8 *)NULL; + } + + totallen = oidlen + valuelen - 1 + 1; + rv = (NSSUTF8 *)nss_ZAlloc(arenaOpt, totallen); + if( (NSSUTF8 *)NULL == rv ) { + (void)nss_ZFreeIf(value); + (void)nss_ZFreeIf(oid); + return (NSSUTF8 *)NULL; + } + + if( (NSSUTF8 *)NULL == alias ) { + if( (void *)NULL == nsslibc_memcpy(rv, oid, oidlen-1) ) { + (void)nss_ZFreeIf(rv); + (void)nss_ZFreeIf(value); + (void)nss_ZFreeIf(oid); + return (NSSUTF8 *)NULL; + } + } else { + if( (void *)NULL == nsslibc_memcpy(rv, alias, oidlen-1) ) { + (void)nss_ZFreeIf(rv); + (void)nss_ZFreeIf(value); + return (NSSUTF8 *)NULL; + } + } + + rv[ oidlen-1 ] = '='; + + if( (void *)NULL == nsslibc_memcpy(&rv[oidlen], value, valuelen) ) { + (void)nss_ZFreeIf(rv); + (void)nss_ZFreeIf(value); + (void)nss_ZFreeIf(oid); + return (NSSUTF8 *)NULL; + } + + return rv; +} + +/* + * nssATAV_GetType + * + * This routine returns the NSSOID corresponding to the attribute type + * in the specified ATAV. This routine may return NSS_OID_UNKNOWN + * upon error, in which case it will have set an error on the error + * stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * + * Return value: + * NSS_OID_UNKNOWN upon error + * A valid NSSOID pointer upon success + */ + +NSS_IMPLEMENT const NSSOID * +nssATAV_GetType +( + NSSATAV *atav +) +{ +#ifdef NSSDEBUG + if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) { + return (NSSOID *)NULL; + } +#endif /* NSSDEBUG */ + + return atav->oid; +} + +/* + * nssATAV_GetValue + * + * This routine returns a NSSUTF8 string containing the attribute value + * in the specified ATAV. If the optional arena argument is non-null, + * the memory used will be obtained from that arena; otherwise, the + * memory will be obtained from the heap. This routine may return + * NULL upon error, in which case it will have set an error upon the + * error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSItem containing the attribute value. + */ + +NSS_IMPLEMENT NSSUTF8 * +nssATAV_GetValue +( + NSSATAV *atav, + NSSArena *arenaOpt +) +{ +#ifdef NSSDEBUG + if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) { + return (NSSUTF8 *)NULL; + } +#endif /* NSSDEBUG */ + + return nssUTF8_Duplicate(atav->value, arenaOpt); +} + +/* + * nssATAV_Compare + * + * This routine compares two ATAVs for equality. For two ATAVs to be + * equal, the attribute types must be the same, and the attribute + * values must have equal length and contents. The result of the + * comparison will be stored at the location pointed to by the "equalp" + * variable, which must point to a valid PRBool. This routine may + * return PR_FAILURE upon error, in which case it will have set an + * error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_INVALID_ARGUMENT + * + * Return value: + * PR_FAILURE on error + * PR_SUCCESS upon a successful comparison (equal or not) + */ + +NSS_IMPLEMENT PRStatus +nssATAV_Compare +( + NSSATAV *atav1, + NSSATAV *atav2, + PRBool *equalp +) +{ + nssStringType comparison; + PRUint32 len1; + PRUint32 len2; + +#ifdef DEBUG + if( PR_SUCCESS != nssATAV_verifyPointer(atav1) ) { + return PR_FAILURE; + } + + if( PR_SUCCESS != nssATAV_verifyPointer(atav2) ) { + return PR_FAILURE; + } + + if( (PRBool *)NULL == equalp ) { + nss_SetError(NSS_ERROR_INVALID_ARGUMENT); + return PR_FAILURE; + } +#endif /* DEBUG */ + + if( atav1->oid != atav2->oid ) { + *equalp = PR_FALSE; + return PR_SUCCESS; + } + + if( atav1->stringForm != atav2->stringForm ) { + if( (nssStringType_PrintableString == atav1->stringForm) || + (nssStringType_PrintableString == atav2->stringForm) ) { + comparison = nssStringType_PrintableString; + } else if( (nssStringType_PHGString == atav1->stringForm) || + (nssStringType_PHGString == atav2->stringForm) ) { + comparison = nssStringType_PHGString; + } else { + comparison = atav1->stringForm; + } + } else { + comparison = atav1->stringForm; + } + + switch( comparison ) { + case nssStringType_DirectoryString: + nss_SetError(NSS_ERROR_INTERNAL_ERROR); + return PR_FAILURE; + case nssStringType_TeletexString: + break; + case nssStringType_PrintableString: + return nssUTF8_PrintableMatch(atav1->value, atav2->value, + equalp); + /* Case-insensitive, with whitespace reduction */ + break; + case nssStringType_UniversalString: + break; + case nssStringType_BMPString: + break; + case nssStringType_UTF8String: + break; + case nssStringType_PHGString: + /* Case-insensitive (XXX fgmr, actually see draft-11 pg. 21) */ + return nssUTF8_CaseIgnoreMatch(atav1->value, atav2->value, + equalp); + case nssStringType_Unknown: + break; + } + + if( PR_SUCCESS != nssUTF8_Size(atav1->value, &len1) ) { + return PR_FAILURE; + } + + if( PR_SUCCESS != nssUTF8_Size(atav2->value, &len2) ) { + return PR_FAILURE; + } + + if( len1 != len2 ) { + *equalp = PR_FALSE; + return PR_SUCCESS; + } + + return nsslibc_compare(atav1->value, atav2->value, len1, equalp); +} + + +/* + * nssATAV_Duplicate + * + * This routine duplicates the specified ATAV. If the optional arena + * argument is non-null, the memory required will be obtained from + * that arena; otherwise, the memory will be obtained from the heap. + * This routine may return NULL upon error, in which case it will have + * placed an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL on error + * A pointer to a new ATAV + */ + +NSS_IMPLEMENT NSSATAV * +nssATAV_Duplicate +( + NSSATAV *atav, + NSSArena *arenaOpt +) +{ + NSSATAV *rv; + +#ifdef NSSDEBUG + if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) { + return (NSSATAV *)NULL; + } + + if( (NSSArena *)NULL != arenaOpt ) { + if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) { + return (NSSATAV *)NULL; + } + } +#endif /* NSSDEBUG */ + + rv = nss_ZNEW(arenaOpt, NSSATAV); + if( (NSSATAV *)NULL == rv ) { + return (NSSATAV *)NULL; + } + + rv->oid = atav->oid; + rv->stringForm = atav->stringForm; + rv->value = nssUTF8_Duplicate(atav->value, arenaOpt); + if( (NSSUTF8 *)NULL == rv->value ) { + (void)nss_ZFreeIf(rv); + return (NSSATAV *)NULL; + } + + rv->ber.data = nss_ZAlloc(arenaOpt, atav->ber.size); + if( (void *)NULL == rv->ber.data ) { + (void)nss_ZFreeIf(rv->value); + (void)nss_ZFreeIf(rv); + return (NSSATAV *)NULL; + } + + rv->ber.size = atav->ber.size; + if( PR_SUCCESS != nsslibc_memcpy(rv->ber.data, atav->ber.data, + atav->ber.size) ) { + (void)nss_ZFreeIf(rv->ber.data); + (void)nss_ZFreeIf(rv->value); + (void)nss_ZFreeIf(rv); + return (NSSATAV *)NULL; + } + + return rv; +} diff --git a/security/nss/lib/pki1/config.mk b/security/nss/lib/pki1/config.mk new file mode 100644 index 000000000..80b3135f4 --- /dev/null +++ b/security/nss/lib/pki1/config.mk @@ -0,0 +1,37 @@ +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# +CONFIG_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$" + +ifdef BUILD_IDG +DEFINES += -DNSSDEBUG +endif diff --git a/security/nss/lib/pki1/genname.c b/security/nss/lib/pki1/genname.c new file mode 100644 index 000000000..e7b12806a --- /dev/null +++ b/security/nss/lib/pki1/genname.c @@ -0,0 +1,94 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; +#endif /* DEBUG */ + +/* + * genname.c + * + * This file contains the implementation of the PKIX part-1 object + * GeneralName. + */ + +#ifndef NSSBASE_H +#include "nssbase.h" +#endif /* NSSBASE_H */ + +#ifndef ASN1_H +#include "asn1.h" +#endif /* ASN1_H */ + +#ifndef PKI1_H +#include "pki1.h" +#endif /* PKI1_H */ + +/* + * GeneralName + * + * From draft-ietf-pkix-ipki-part1-10: + * + * GeneralName ::= CHOICE { + * otherName [0] INSTANCE OF OTHER-NAME, + * rfc822Name [1] IA5String, + * dNSName [2] IA5String, + * x400Address [3] ORAddress, + * directoryName [4] Name, + * ediPartyName [5] EDIPartyName, + * uniformResourceIdentifier [6] IA5String, + * iPAddress [7] OCTET STRING, + * registeredID [8] OBJECT IDENTIFIER } + * + * OTHER-NAME ::= TYPE-IDENTIFIER + * + * EDIPartyName ::= SEQUENCE { + * nameAssigner [0] DirectoryString {ub-name} OPTIONAL, + * partyName [1] DirectoryString {ub-name} } + * + */ + +struct nssGeneralNameStr { + NSSGeneralNameChoice choice; + union { + /* OTHER-NAME otherName */ + NSSUTF8 *rfc822Name; + NSSUTF8 *dNSName; + /* ORAddress x400Address */ + NSSName *directoryName; + /* EDIPartyName ediPartyName */ + NSSUTF8 *uniformResourceIdentifier; + NSSItem *iPAddress; + NSSOID *registeredID; + } u; +}; diff --git a/security/nss/lib/pki1/gnseq.c b/security/nss/lib/pki1/gnseq.c new file mode 100644 index 000000000..e56ec93b9 --- /dev/null +++ b/security/nss/lib/pki1/gnseq.c @@ -0,0 +1,71 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; +#endif /* DEBUG */ + +/* + * gnseq.c + * + * This file contains the implementation of the PKIX part-1 object + * GeneralNames (note the ending 's'). + */ + +#ifndef NSSBASE_H +#include "nssbase.h" +#endif /* NSSBASE_H */ + +#ifndef ASN1_H +#include "asn1.h" +#endif /* ASN1_H */ + +#ifndef PKI1_H +#include "pki1.h" +#endif /* PKI1_H */ + +/* + * GeneralNames (or, as we call it, GeneralNameSeq) + * + * From draft-ietf-pkix-ipki-part1-10: + * + * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName + * + * A GeneralNames is simply an (ordered) sequence of General Names. + * The seqSize variable is "helper" kept for simplicity. + */ + +struct nssGeneralNameSeqStr { + PRUint32 seqSize; + NSSGeneralName **generalNames; +}; diff --git a/security/nss/lib/pki1/manifest.mn b/security/nss/lib/pki1/manifest.mn new file mode 100644 index 000000000..8e032d974 --- /dev/null +++ b/security/nss/lib/pki1/manifest.mn @@ -0,0 +1,63 @@ +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# +MANIFEST_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$" + +CORE_DEPTH = ../../.. + +PRIVATE_EXPORTS = \ + pki1.h \ + pki1t.h \ + $(NULL) + +EXPORTS = \ + oiddata.h \ + nsspki1.h \ + nsspki1t.h \ + $(NULL) + +MODULE = security + +CSRCS = \ + atav.c \ + genname.c \ + gnseq.c \ + name.c \ + oid.c \ + oiddata.c \ + rdn.c \ + rdnseq.c \ + $(NULL) + +REQUIRES = security nspr + +LIBRARY_NAME = pki1 diff --git a/security/nss/lib/pki1/name.c b/security/nss/lib/pki1/name.c new file mode 100644 index 000000000..558e1142f --- /dev/null +++ b/security/nss/lib/pki1/name.c @@ -0,0 +1,77 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; +#endif /* DEBUG */ + +/* + * name.c + * + * This file contains the implementation of the PKIX part-1 object + * Name. + */ + +#ifndef NSSBASE_H +#include "nssbase.h" +#endif /* NSSBASE_H */ + +#ifndef ASN1_H +#include "asn1.h" +#endif /* ASN1_H */ + +#ifndef PKI1_H +#include "pki1.h" +#endif /* PKI1_H */ + +/* + * Name + * + * From draft-ietf-pkix-ipki-part1-10: + * + * -- naming data types -- + * + * Name ::= CHOICE { -- only one possibility for now -- + * rdnSequence RDNSequence } + * + * A name is basically a union of the possible names. At the moment, + * there is only one type of name: an RDNSequence. + */ + +struct nssNameStr { + PRUint32 tagPlaceHolder; + union { + NSSRDNSeq *rdnSequence; + } n; +}; + diff --git a/security/nss/lib/pki1/nsspki1.h b/security/nss/lib/pki1/nsspki1.h new file mode 100644 index 000000000..3498ab520 --- /dev/null +++ b/security/nss/lib/pki1/nsspki1.h @@ -0,0 +1,2869 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#ifndef NSSPKI1_H +#define NSSPKI1_H + +#ifdef DEBUG +static const char NSSPKI1_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; +#endif /* DEBUG */ + +/* + * nsspki1.h + * + * This file contains the prototypes of the public NSS routines + * dealing with the PKIX part-1 definitions. + */ + +#ifndef NSSBASET_H +#include "nssbaset.h" +#endif /* NSSBASET_H */ + +#ifndef NSSPKI1T_H +#include "nsspki1t.h" +#endif /* NSSPKI1T_H */ + +#ifndef OIDDATA_H +#include "oiddata.h" +#endif /* OIDDATA_H */ + +PR_BEGIN_EXTERN_C + +/* + * NSSOID + * + * The public "methods" regarding this "object" are: + * + * NSSOID_CreateFromBER -- constructor + * NSSOID_CreateFromUTF8 -- constructor + * (there is no explicit destructor) + * + * NSSOID_GetDEREncoding + * NSSOID_GetUTF8Encoding + */ + +extern const NSSOID *NSS_OID_UNKNOWN; + +/* + * NSSOID_CreateFromBER + * + * This routine creates an NSSOID by decoding a BER- or DER-encoded + * OID. It may return NSS_OID_UNKNOWN upon error, in which case it + * will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_BER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NSS_OID_UNKNOWN upon error + * An NSSOID upon success + */ + +NSS_EXTERN NSSOID * +NSSOID_CreateFromBER +( + NSSBER *berOid +); + +extern const NSSError NSS_ERROR_INVALID_BER; +extern const NSSError NSS_ERROR_NO_MEMORY; + +/* + * NSSOID_CreateFromUTF8 + * + * This routine creates an NSSOID by decoding a UTF8 string + * representation of an OID in dotted-number format. The string may + * optionally begin with an octothorpe. It may return NSS_OID_UNKNOWN + * upon error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_STRING + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NSS_OID_UNKNOWN upon error + * An NSSOID upon success + */ + +NSS_EXTERN NSSOID * +NSSOID_CreateFromUTF8 +( + NSSUTF8 *stringOid +); + +extern const NSSError NSS_ERROR_INVALID_STRING; +extern const NSSError NSS_ERROR_NO_MEMORY; + +/* + * NSSOID_GetDEREncoding + * + * This routine returns the DER encoding of the specified NSSOID. + * If the optional arena argument is non-null, the memory used will + * be obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return return null upon error, in + * which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NSSOID + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * The DER encoding of this NSSOID + */ + +NSS_EXTERN NSSDER * +NSSOID_GetDEREncoding +( + const NSSOID *oid, + NSSDER *rvOpt, + NSSArena *arenaOpt +); + +extern const NSSError NSS_ERROR_INVALID_NSSOID; +extern const NSSError NSS_ERROR_NO_MEMORY; + +/* + * NSSOID_GetUTF8Encoding + * + * This routine returns a UTF8 string containing the dotted-number + * encoding of the specified NSSOID. If the optional arena argument + * is non-null, the memory used will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. This routine + * may return null upon error, in which case it will have created an + * error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NSSOID + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 string containing the dotted-digit encoding of + * this NSSOID + */ + +NSS_EXTERN NSSUTF8 * +NSSOID_GetUTF8Encoding +( + const NSSOID *oid, + NSSArena *arenaOpt +); + +extern const NSSError NSS_ERROR_INVALID_NSSOID; +extern const NSSError NSS_ERROR_NO_MEMORY; + +/* + * NSSATAV + * + * The public "methods" regarding this "object" are: + * + * NSSATAV_CreateFromBER -- constructor + * NSSATAV_CreateFromUTF8 -- constructor + * NSSATAV_Create -- constructor + * + * NSSATAV_Destroy + * NSSATAV_GetDEREncoding + * NSSATAV_GetUTF8Encoding + * NSSATAV_GetType + * NSSATAV_GetValue + * NSSATAV_Compare + * NSSATAV_Duplicate + */ + +/* + * NSSATAV_CreateFromBER + * + * This routine creates an NSSATAV by decoding a BER- or DER-encoded + * ATAV. If the optional arena argument is non-null, the memory used + * will be obtained from that arena; otherwise, the memory will be + * obtained from the heap. This routine may return NULL upon error, + * in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_BER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSATAV upon success + */ + +NSS_EXTERN NSSATAV * +NSSATAV_CreateFromBER +( + NSSArena *arenaOpt, + NSSBER *derATAV +); + +extern const NSSError NSS_ERROR_INVALID_BER; +extern const NSSError NSS_ERROR_NO_MEMORY; + +/* + * NSSATAV_CreateFromUTF8 + * + * This routine creates an NSSATAV by decoding a UTF8 string in the + * "equals" format, e.g., "c=US." If the optional arena argument is + * non-null, the memory used will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. This routine + * may return NULL upon error, in which case it will have created an + * error stack. + * + * The error may be one of the following values: + * NSS_ERROR_UNKNOWN_ATTRIBUTE + * NSS_ERROR_INVALID_STRING + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSATAV upon success + */ + +NSS_EXTERN NSSATAV * +NSSATAV_CreateFromUTF8 +( + NSSArena *arenaOpt, + NSSUTF8 *stringATAV +); + +extern const NSSError NSS_ERROR_UNKNOWN_ATTRIBUTE; +extern const NSSError NSS_ERROR_INVALID_STRING; +extern const NSSError NSS_ERROR_NO_MEMORY; + +/* + * NSSATAV_Create + * + * This routine creates an NSSATAV from the specified NSSOID and the + * specified data. If the optional arena argument is non-null, the + * memory used will be obtained from that arena; otherwise, the memory + * will be obtained from the heap.If the specified data length is zero, + * the data is assumed to be terminated by first zero byte; this allows + * UTF8 strings to be easily specified. This routine may return NULL + * upon error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ARENA + * NSS_ERROR_INVALID_NSSOID + * NSS_ERROR_INVALID_POINTER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSATAV upon success + */ + +NSS_EXTERN NSSATAV * +NSSATAV_Create +( + NSSArena *arenaOpt, + const NSSOID *oid, + const void *data, + PRUint32 length +); + +extern const NSSError NSS_ERROR_INVALID_ARENA; +extern const NSSError NSS_ERROR_INVALID_NSSOID; +extern const NSSError NSS_ERROR_INVALID_POINTER; +extern const NSSError NSS_ERROR_NO_MEMORY; + +/* + * NSSATAV_Destroy + * + * This routine will destroy an ATAV object. It should eventually be + * called on all ATAVs created without an arena. While it is not + * necessary to call it on ATAVs created within an arena, it is not an + * error to do so. This routine returns a PRStatus value; if + * successful, it will return PR_SUCCESS. If unsuccessful, it will + * create an error stack and return PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * + * Return value: + * PR_FAILURE upon error + * PR_SUCCESS upon success + */ + +NSS_EXTERN PRStatus +NSSATAV_Destroy +( + NSSATAV *atav +); + +extern const NSSError NSS_ERROR_INVALID_ATAV; + +/* + * NSSATAV_GetDEREncoding + * + * This routine will DER-encode an ATAV object. If the optional arena + * argument is non-null, the memory used will be obtained from that + * arena; otherwise, the memory will be obtained from the heap. This + * routine may return null upon error, in which case it will have + * created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * The DER encoding of this NSSATAV + */ + +NSS_EXTERN NSSDER * +NSSATAV_GetDEREncoding +( + NSSATAV *atav, + NSSArena *arenaOpt +); + +extern const NSSError NSS_ERROR_INVALID_ATAV; +extern const NSSError NSS_ERROR_NO_MEMORY; + +/* + * NSSATAV_GetUTF8Encoding + * + * This routine returns a UTF8 string containing a string + * representation of the ATAV in "equals" notation (e.g., "o=Acme"). + * If the optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return null upon error, in which + * case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 string containing the "equals" encoding of the + * ATAV + */ + +NSS_EXTERN NSSUTF8 * +NSSATAV_GetUTF8Encoding +( + NSSATAV *atav, + NSSArena *arenaOpt +); + +extern const NSSError NSS_ERROR_INVALID_ATAV; +extern const NSSError NSS_ERROR_NO_MEMORY; + +/* + * NSSATAV_GetType + * + * This routine returns the NSSOID corresponding to the attribute type + * in the specified ATAV. This routine may return NSS_OID_UNKNOWN + * upon error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * + * Return value: + * NSS_OID_UNKNOWN upon error + * An element of enum NSSOIDenum upon success + */ + +NSS_EXTERN const NSSOID * +NSSATAV_GetType +( + NSSATAV *atav +); + +extern const NSSError NSS_ERROR_INVALID_ATAV; + +/* + * NSSATAV_GetValue + * + * This routine returns an NSSItem containing the attribute value + * in the specified ATAV. If the optional arena argument is non-null, + * the memory used will be obtained from that arena; otherwise, the + * memory will be obtained from the heap. This routine may return + * NULL upon error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSItem containing the attribute value. + */ + +NSS_EXTERN NSSUTF8 * +NSSATAV_GetValue +( + NSSATAV *atav, + NSSArena *arenaOpt +); + +extern const NSSError NSS_ERROR_INVALID_ATAV; +extern const NSSError NSS_ERROR_NO_MEMORY; + +/* + * NSSATAV_Compare + * + * This routine compares two ATAVs for equality. For two ATAVs to be + * equal, the attribute types must be the same, and the attribute + * values must have equal length and contents. The result of the + * comparison will be stored at the location pointed to by the "equalp" + * variable, which must point to a valid PRBool. This routine may + * return PR_FAILURE upon error, in which case it will have created an + * error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_INVALID_ARGUMENT + * + * Return value: + * PR_FAILURE on error + * PR_SUCCESS upon a successful comparison (equal or not) + */ + +NSS_EXTERN PRStatus +NSSATAV_Compare +( + NSSATAV *atav1, + NSSATAV *atav2, + PRBool *equalp +); + +extern const NSSError NSS_ERROR_INVALID_ATAV; +extern const NSSError NSS_ERROR_INVALID_ARGUMENT; + +/* + * NSSATAV_Duplicate + * + * This routine duplicates the specified ATAV. If the optional arena + * argument is non-null, the memory required will be obtained from + * that arena; otherwise, the memory will be obtained from the heap. + * This routine may return NULL upon error, in which case it will have + * created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL on error + * A pointer to a new ATAV + */ + +NSS_EXTERN NSSATAV * +NSSATAV_Duplicate +( + NSSATAV *atav, + NSSArena *arenaOpt +); + +extern const NSSError NSS_ERROR_INVALID_ATAV; +extern const NSSError NSS_ERROR_NO_MEMORY; + +/* + * NSSRDN + * + * The public "methods" regarding this "object" are: + * + * NSSRDN_CreateFromBER -- constructor + * NSSRDN_CreateFromUTF8 -- constructor + * NSSRDN_Create -- constructor + * NSSRDN_CreateSimple -- constructor + * + * NSSRDN_Destroy + * NSSRDN_GetDEREncoding + * NSSRDN_GetUTF8Encoding + * NSSRDN_AddATAV + * NSSRDN_GetATAVCount + * NSSRDN_GetATAV + * NSSRDN_GetSimpleATAV + * NSSRDN_Compare + * NSSRDN_Duplicate + */ + +/* + * NSSRDN_CreateFromBER + * + * This routine creates an NSSRDN by decoding a BER- or DER-encoded + * RDN. If the optional arena argument is non-null, the memory used + * will be obtained from that arena; otherwise, the memory will be + * obtained from the heap. This routine may return NULL upon error, + * in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_BER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSRDN upon success + */ + +NSS_EXTERN NSSRDN * +NSSRDN_CreateFromBER +( + NSSArena *arenaOpt, + NSSBER *berRDN +); + +/* + * NSSRDN_CreateFromUTF8 + * + * This routine creates an NSSRDN by decoding an UTF8 string + * consisting of either a single ATAV in the "equals" format, e.g., + * "uid=smith," or one or more such ATAVs in parentheses, e.g., + * "(sn=Smith,ou=Sales)." If the optional arena argument is non-null, + * the memory used will be obtained from that arena; otherwise, the + * memory will be obtained from the heap. This routine may return + * NULL upon error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_UNKNOWN_ATTRIBUTE + * NSS_ERROR_INVALID_STRING + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSRDN upon success + */ + +NSS_EXTERN NSSRDN * +NSSRDN_CreateFromUTF8 +( + NSSArena *arenaOpt, + NSSUTF8 *stringRDN +); + +/* + * NSSRDN_Create + * + * This routine creates an NSSRDN from one or more NSSATAVs. The + * final argument to this routine must be NULL. If the optional arena + * argument is non-null, the memory used will be obtained from that + * arena; otherwise, the memory will be obtained from the heap. This + * routine may return NULL upon error, in which case it will have + * created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_NO_MEMORY + * NSS_ERROR_INVALID_ATAV + * + * Return value: + * NULL upon error + * A pointer to an NSSRDN upon success + */ + +NSS_EXTERN NSSRDN * +NSSRDN_Create +( + NSSArena *arenaOpt, + NSSATAV *atav1, + ... +); + +/* + * NSSRDN_CreateSimple + * + * This routine creates a simple NSSRDN from a single NSSATAV. If the + * optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return NULL upon error, in which + * case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_NO_MEMORY + * NSS_ERROR_INVALID_ATAV + * + * Return value: + * NULL upon error + * A pointer to an NSSRDN upon success + */ + +NSS_EXTERN NSSRDN * +NSSRDN_CreateSimple +( + NSSArena *arenaOpt, + NSSATAV *atav +); + +/* + * NSSRDN_Destroy + * + * This routine will destroy an RDN object. It should eventually be + * called on all RDNs created without an arena. While it is not + * necessary to call it on RDNs created within an arena, it is not an + * error to do so. This routine returns a PRStatus value; if + * successful, it will return PR_SUCCESS. If unsuccessful, it will + * create an error stack and return PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDN + * + * Return value: + * PR_FAILURE upon failure + * PR_SUCCESS upon success + */ + +NSS_EXTERN PRStatus +NSSRDN_Destroy +( + NSSRDN *rdn +); + +/* + * NSSRDN_GetDEREncoding + * + * This routine will DER-encode an RDN object. If the optional arena + * argument is non-null, the memory used will be obtained from that + * arena; otherwise, the memory will be obtained from the heap. This + * routine may return null upon error, in which case it will have + * created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDN + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * The DER encoding of this NSSRDN + */ + +NSS_EXTERN NSSDER * +NSSRDN_GetDEREncoding +( + NSSRDN *rdn, + NSSArena *arenaOpt +); + +/* + * NSSRDN_GetUTF8Encoding + * + * This routine returns a UTF8 string containing a string + * representation of the RDN. A simple (one-ATAV) RDN will be simply + * the string representation of that ATAV; a non-simple RDN will be in + * parenthesised form. If the optional arena argument is non-null, + * the memory used will be obtained from that arena; otherwise, the + * memory will be obtained from the heap. This routine may return + * null upon error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDN + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 string + */ + +NSS_EXTERN NSSUTF8 * +NSSRDN_GetUTF8Encoding +( + NSSRDN *rdn, + NSSArena *arenaOpt +); + +/* + * NSSRDN_AddATAV + * + * This routine adds an ATAV to the set of ATAVs in the specified RDN. + * Remember that RDNs consist of an unordered set of ATAVs. If the + * RDN was created with a non-null arena argument, that same arena + * will be used for any additional required memory. If the RDN was + * created with a NULL arena argument, any additional memory will + * be obtained from the heap. This routine returns a PRStatus value; + * it will return PR_SUCCESS upon success, and upon failure it will + * create an error stack and return PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDN + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_NO_MEMORY + * + * Return value: + * PR_SUCCESS upon success + * PR_FAILURE upon failure + */ + +NSS_EXTERN PRStatus +NSSRDN_AddATAV +( + NSSRDN *rdn, + NSSATAV *atav +); + +/* + * NSSRDN_GetATAVCount + * + * This routine returns the cardinality of the set of ATAVs within + * the specified RDN. This routine may return 0 upon error, in which + * case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDN + * + * Return value: + * 0 upon error + * A positive number upon success + */ + +NSS_EXTERN PRUint32 +NSSRDN_GetATAVCount +( + NSSRDN *rdn +); + +/* + * NSSRDN_GetATAV + * + * This routine returns a pointer to an ATAV that is a member of + * the set of ATAVs within the specified RDN. While the set of + * ATAVs within an RDN is unordered, this routine will return + * distinct values for distinct values of 'i' as long as the RDN + * is not changed in any way. The RDN may be changed by calling + * NSSRDN_AddATAV. The value of the variable 'i' is on the range + * [0,c) where c is the cardinality returned from NSSRDN_GetATAVCount. + * The caller owns the ATAV the pointer to which is returned. If the + * optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return NULL upon error, in which + * case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDN + * NSS_ERROR_VALUE_OUT_OF_RANGE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSATAV + */ + +NSS_EXTERN NSSATAV * +NSSRDN_GetATAV +( + NSSRDN *rdn, + NSSArena *arenaOpt, + PRUint32 i +); + +/* + * NSSRDN_GetSimpleATAV + * + * Most RDNs are actually very simple, with a single ATAV. This + * routine will return the single ATAV from such an RDN. The caller + * owns the ATAV the pointer to which is returned. If the optional + * arena argument is non-null, the memory used will be obtained from + * that arena; otherwise, the memory will be obtained from the heap. + * This routine may return NULL upon error, including the case where + * the set of ATAVs in the RDN is nonsingular. Upon error, this + * routine will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDN + * NSS_ERROR_RDN_NOT_SIMPLE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSATAV + */ + +NSS_EXTERN NSSATAV * +NSSRDN_GetSimpleATAV +( + NSSRDN *rdn, + NSSArena *arenaOpt +); + +/* + * NSSRDN_Compare + * + * This routine compares two RDNs for equality. For two RDNs to be + * equal, they must have the same number of ATAVs, and every ATAV in + * one must be equal to an ATAV in the other. (Note that the sets + * of ATAVs are unordered.) The result of the comparison will be + * stored at the location pointed to by the "equalp" variable, which + * must point to a valid PRBool. This routine may return PR_FAILURE + * upon error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDN + * NSS_ERROR_INVALID_ARGUMENT + * + * Return value: + * PR_FAILURE on error + * PR_SUCCESS upon a successful comparison (equal or not) + */ + +NSS_EXTERN PRStatus +NSSRDN_Compare +( + NSSRDN *rdn1, + NSSRDN *rdn2, + PRBool *equalp +); + +/* + * NSSRDN_Duplicate + * + * This routine duplicates the specified RDN. If the optional arena + * argument is non-null, the memory required will be obtained from + * that arena; otherwise, the memory will be obtained from the heap. + * This routine may return NULL upon error, in which case it will have + * created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDN + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL on error + * A pointer to a new RDN + */ + +NSS_EXTERN NSSRDN * +NSSRDN_Duplicate +( + NSSRDN *rdn, + NSSArena *arenaOpt +); + +/* + * NSSRDNSeq + * + * The public "methods" regarding this "object" are: + * + * NSSRDNSeq_CreateFromBER -- constructor + * NSSRDNSeq_CreateFromUTF8 -- constructor + * NSSRDNSeq_Create -- constructor + * + * NSSRDNSeq_Destroy + * NSSRDNSeq_GetDEREncoding + * NSSRDNSeq_GetUTF8Encoding + * NSSRDNSeq_AppendRDN + * NSSRDNSeq_GetRDNCount + * NSSRDNSeq_GetRDN + * NSSRDNSeq_Compare + * NSSRDNSeq_Duplicate + */ + +/* + * NSSRDNSeq_CreateFromBER + * + * This routine creates an NSSRDNSeq by decoding a BER- or DER-encoded + * sequence of RDNs. If the optional arena argument is non-null, + * the memory used will be obtained from that arena; otherwise, the + * memory will be obtained from the heap. This routine may return + * NULL upon error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_BER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSRDNSeq upon success + */ + +NSS_EXTERN NSSRDNSeq * +NSSRDNSeq_CreateFromBER +( + NSSArena *arenaOpt, + NSSBER *berRDNSeq +); + +/* + * NSSRDNSeq_CreateFromUTF8 + * + * This routine creates an NSSRDNSeq by decoding a UTF8 string + * consisting of a comma-separated sequence of RDNs, such as + * "(sn=Smith,ou=Sales),o=Acme,c=US." If the optional arena argument + * is non-null, the memory used will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. This routine + * may return NULL upon error, in which case it will have created an + * error stack. + * + * The error may be one of the following values: + * NSS_ERROR_UNKNOWN_ATTRIBUTE + * NSS_ERROR_INVALID_STRING + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSRDNSeq upon success + */ + +NSS_EXTERN NSSRDNSeq * +NSSRDNSeq_CreateFromUTF8 +( + NSSArena *arenaOpt, + NSSUTF8 *stringRDNSeq +); + +/* + * NSSRDNSeq_Create + * + * This routine creates an NSSRDNSeq from one or more NSSRDNs. The + * final argument to this routine must be NULL. If the optional arena + * argument is non-null, the memory used will be obtained from that + * arena; otherwise, the memory will be obtained from the heap. This + * routine may return NULL upon error, in which case it will have + * created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_NO_MEMORY + * NSS_ERROR_INVALID_RDN + * + * Return value: + * NULL upon error + * A pointero to an NSSRDNSeq upon success + */ + +NSS_EXTERN NSSRDNSeq * +NSSRDNSeq_Create +( + NSSArena *arenaOpt, + NSSRDN *rdn1, + ... +); + +/* + * NSSRDNSeq_Destroy + * + * This routine will destroy an RDNSeq object. It should eventually + * be called on all RDNSeqs created without an arena. While it is not + * necessary to call it on RDNSeqs created within an arena, it is not + * an error to do so. This routine returns a PRStatus value; if + * successful, it will return PR_SUCCESS. If unsuccessful, it will + * create an error stack and return PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDNSEQ + * + * Return value: + * PR_FAILURE upon error + * PR_SUCCESS upon success + */ + +NSS_EXTERN PRStatus +NSSRDNSeq_Destroy +( + NSSRDNSeq *rdnseq +); + +/* + * NSSRDNSeq_GetDEREncoding + * + * This routine will DER-encode an RDNSeq object. If the optional + * arena argument is non-null, the memory used will be obtained from + * that arena; otherwise, the memory will be obtained from the heap. + * This routine may return null upon error, in which case it will have + * created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDNSEQ + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * The DER encoding of this NSSRDNSeq + */ + +NSS_EXTERN NSSDER * +NSSRDNSeq_GetDEREncoding +( + NSSRDNSeq *rdnseq, + NSSArena *arenaOpt +); + +/* + * NSSRDNSeq_GetUTF8Encoding + * + * This routine returns a UTF8 string containing a string + * representation of the RDNSeq as a comma-separated sequence of RDNs. + * If the optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return null upon error, in which + * case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDNSEQ + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to the UTF8 string + */ + +NSS_EXTERN NSSUTF8 * +NSSRDNSeq_GetUTF8Encoding +( + NSSRDNSeq *rdnseq, + NSSArena *arenaOpt +); + +/* + * NSSRDNSeq_AppendRDN + * + * This routine appends an RDN to the end of the existing RDN + * sequence. If the RDNSeq was created with a non-null arena + * argument, that same arena will be used for any additional required + * memory. If the RDNSeq was created with a NULL arena argument, any + * additional memory will be obtained from the heap. This routine + * returns a PRStatus value; it will return PR_SUCCESS upon success, + * and upon failure it will create an error stack and return PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDNSEQ + * NSS_ERROR_INVALID_RDN + * NSS_ERROR_NO_MEMORY + * + * Return value: + * PR_SUCCESS upon success + * PR_FAILURE upon failure + */ + +NSS_EXTERN PRStatus +NSSRDNSeq_AppendRDN +( + NSSRDNSeq *rdnseq, + NSSRDN *rdn +); + +/* + * NSSRDNSeq_GetRDNCount + * + * This routine returns the cardinality of the sequence of RDNs within + * the specified RDNSeq. This routine may return 0 upon error, in + * which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDNSEQ + * + * Return value: + * 0 upon error + * A positive number upon success + */ + +NSS_EXTERN PRUint32 +NSSRDNSeq_GetRDNCount +( + NSSRDNSeq *rdnseq +); + +/* + * NSSRDNSeq_GetRDN + * + * This routine returns a pointer to the i'th RDN in the sequence of + * RDNs that make up the specified RDNSeq. The sequence begins with + * the top-level (e.g., "c=US") RDN. The value of the variable 'i' + * is on the range [0,c) where c is the cardinality returned from + * NSSRDNSeq_GetRDNCount. The caller owns the RDN the pointer to which + * is returned. If the optional arena argument is non-null, the memory + * used will be obtained from that areana; otherwise, the memory will + * be obtained from the heap. This routine may return NULL upon error, + * in which case it will have created an error stack. Note that the + * usual string representation of RDN Sequences is from last to first. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDNSEQ + * NSS_ERROR_VALUE_OUT_OF_RANGE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSRDN + */ + +NSS_EXTERN NSSRDN * +NSSRDNSeq_GetRDN +( + NSSRDNSeq *rdnseq, + NSSArena *arenaOpt, + PRUint32 i +); + +/* + * NSSRDNSeq_Compare + * + * This routine compares two RDNSeqs for equality. For two RDNSeqs to + * be equal, they must have the same number of RDNs, and each RDN in + * one sequence must be equal to the corresponding RDN in the other + * sequence. The result of the comparison will be stored at the + * location pointed to by the "equalp" variable, which must point to a + * valid PRBool. This routine may return PR_FAILURE upon error, in + * which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDNSEQ + * NSS_ERROR_INVALID_ARGUMENT + * + * Return value: + * PR_FAILURE on error + * PR_SUCCESS upon a successful comparison (equal or not) + */ + +NSS_EXTERN PRStatus +NSSRDNSeq_Compare +( + NSSRDNSeq *rdnseq1, + NSSRDNSeq *rdnseq2, + PRBool *equalp +); + +/* + * NSSRDNSeq_Duplicate + * + * This routine duplicates the specified RDNSeq. If the optional arena + * argument is non-null, the memory required will be obtained from that + * arena; otherwise, the memory will be obtained from the heap. This + * routine may return NULL upon error, in which case it will have + * created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDNSEQ + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a new RDNSeq + */ + +NSS_EXTERN NSSRDNSeq * +NSSRDNSeq_Duplicate +( + NSSRDNSeq *rdnseq, + NSSArena *arenaOpt +); + +/* + * NSSName + * + * The public "methods" regarding this "object" are: + * + * NSSName_CreateFromBER -- constructor + * NSSName_CreateFromUTF8 -- constructor + * NSSName_Create -- constructor + * + * NSSName_Destroy + * NSSName_GetDEREncoding + * NSSName_GetUTF8Encoding + * NSSName_GetChoice + * NSSName_GetRDNSequence + * NSSName_GetSpecifiedChoice + * NSSName_Compare + * NSSName_Duplicate + * + * NSSName_GetUID + * NSSName_GetEmail + * NSSName_GetCommonName + * NSSName_GetOrganization + * NSSName_GetOrganizationalUnits + * NSSName_GetStateOrProvince + * NSSName_GetLocality + * NSSName_GetCountry + * NSSName_GetAttribute + */ + +/* + * NSSName_CreateFromBER + * + * This routine creates an NSSName by decoding a BER- or DER-encoded + * (directory) Name. If the optional arena argument is non-null, + * the memory used will be obtained from that arena; otherwise, + * the memory will be obtained from the heap. This routine may + * return NULL upon error, in which case it will have created an error + * stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_BER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSName upon success + */ + +NSS_EXTERN NSSName * +NSSName_CreateFromBER +( + NSSArena *arenaOpt, + NSSBER *berName +); + +/* + * NSSName_CreateFromUTF8 + * + * This routine creates an NSSName by decoding a UTF8 string + * consisting of the string representation of one of the choices of + * (directory) names. Currently the only choice is an RDNSeq. If the + * optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. The routine may return NULL upon error, in which + * case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_STRING + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSName upon success + */ + +NSS_EXTERN NSSName * +NSSName_CreateFromUTF8 +( + NSSArena *arenaOpt, + NSSUTF8 *stringName +); + +/* + * NSSName_Create + * + * This routine creates an NSSName with the specified choice of + * underlying name types. The value of the choice variable must be + * one of the values of the NSSNameChoice enumeration, and the type + * of the arg variable must be as specified in the following table: + * + * Choice Type + * ======================== =========== + * NSSNameChoiceRdnSequence NSSRDNSeq * + * + * If the optional arena argument is non-null, the memory used will + * be obtained from that arena; otherwise, the memory will be + * obtained from the heap. This routine may return NULL upon error, + * in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_CHOICE + * NSS_ERROR_INVALID_ARGUMENT + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSName upon success + */ + +NSS_EXTERN NSSName * +NSSName_Create +( + NSSArena *arenaOpt, + NSSNameChoice choice, + void *arg +); + +/* + * NSSName_Destroy + * + * This routine will destroy a Name object. It should eventually be + * called on all Names created without an arena. While it is not + * necessary to call it on Names created within an arena, it is not + * an error to do so. This routine returns a PRStatus value; if + * successful, it will return PR_SUCCESS. If unsuccessful, it will + * create an error stack and return PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * + * Return value: + * PR_FAILURE upon error + * PR_SUCCESS upon success + */ + +NSS_EXTERN PRStatus +NSSName_Destroy +( + NSSName *name +); + +/* + * NSSName_GetDEREncoding + * + * This routine will DER-encode a name object. If the optional arena + * argument is non-null, the memory used will be obtained from that + * arena; otherwise, the memory will be obtained from the heap. This + * routine may return null upon error, in which case it will have + * created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * The DER encoding of this NSSName + */ + +NSS_EXTERN NSSDER * +NSSName_GetDEREncoding +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * NSSName_GetUTF8Encoding + * + * This routine returns a UTF8 string containing a string + * representation of the Name in the format specified by the + * underlying name choice. If the optional arena argument is non-null, + * the memory used will be obtained from that arena; otherwise, the + * memory will be obtained from the heap. This routine may return + * NULL upon error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to the UTF8 string + */ + +NSS_EXTERN NSSUTF8 * +NSSName_GetUTF8Encoding +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * NSSName_GetChoice + * + * This routine returns the type of the choice underlying the specified + * name. The return value will be a member of the NSSNameChoice + * enumeration. This routine may return NSSNameChoiceInvalid upon + * error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * + * Return value: + * NSSNameChoiceInvalid upon error + * An other member of the NSSNameChoice enumeration upon success + */ + +NSS_EXTERN NSSNameChoice +NSSName_GetChoice +( + NSSName *name +); + +/* + * NSSName_GetRDNSequence + * + * If the choice underlying the specified NSSName is that of an + * RDNSequence, this routine will return a pointer to that RDN + * sequence. Otherwise, this routine will place an error on the + * error stack, and return NULL. If the optional arena argument is + * non-null, the memory required will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. The + * caller owns the returned pointer. This routine may return NULL + * upon error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSRDNSeq + */ + +NSS_EXTERN NSSRDNSeq * +NSSName_GetRDNSequence +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * NSSName_GetSpecifiedChoice + * + * If the choice underlying the specified NSSName matches the specified + * choice, a caller-owned pointer to that underlying object will be + * returned. Otherwise, an error will be placed on the error stack and + * NULL will be returned. If the optional arena argument is non-null, + * the memory required will be obtained from that arena; otherwise, the + * memory will be obtained from the heap. The caller owns the returned + * pointer. This routine may return NULL upon error, in which case it + * will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer, which must be typecast + */ + +NSS_EXTERN void * +NSSName_GetSpecifiedChoice +( + NSSName *name, + NSSNameChoice choice, + NSSArena *arenaOpt +); + +/* + * NSSName_Compare + * + * This routine compares two Names for equality. For two Names to be + * equal, they must have the same choice of underlying types, and the + * underlying values must be equal. The result of the comparison will + * be stored at the location pointed to by the "equalp" variable, which + * must point to a valid PRBool. This routine may return PR_FAILURE + * upon error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_INVALID_ARGUMENT + * + * Return value: + * PR_FAILURE on error + * PR_SUCCESS upon a successful comparison (equal or not) + */ + +NSS_EXTERN PRStatus +NSSName_Compare +( + NSSName *name1, + NSSName *name2, + PRBool *equalp +); + +/* + * NSSName_Duplicate + * + * This routine duplicates the specified nssname. If the optional + * arena argument is non-null, the memory required will be obtained + * from that arena; otherwise, the memory will be obtained from the + * heap. This routine may return NULL upon error, in which case it + * will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a new NSSName + */ + +NSS_EXTERN NSSName * +NSSName_Duplicate +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * NSSName_GetUID + * + * This routine will attempt to derive a user identifier from the + * specified name, if the choices and content of the name permit. + * If the Name consists of a Sequence of Relative Distinguished + * Names containing a UID attribute, the UID will be the value of + * that attribute. Note that no UID attribute is defined in either + * PKIX or PKCS#9; rather, this seems to derive from RFC 1274, which + * defines the type as a caseIgnoreString. We'll return a Directory + * String. If the optional arena argument is non-null, the memory + * used will be obtained from that arena; otherwise, the memory will + * be obtained from the heap. This routine may return NULL upon error, + * in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_UID + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String. + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +NSSName_GetUID +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * NSSName_GetEmail + * + * This routine will attempt to derive an email address from the + * specified name, if the choices and content of the name permit. + * If the Name consists of a Sequence of Relative Distinguished + * Names containing either a PKIX email address or a PKCS#9 email + * address, the result will be the value of that attribute. If the + * optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return NULL upon error, in which + * case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_EMAIL + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr IA5 String */ +NSSName_GetEmail +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * NSSName_GetCommonName + * + * This routine will attempt to derive a common name from the + * specified name, if the choices and content of the name permit. + * If the Name consists of a Sequence of Relative Distinguished Names + * containing a PKIX Common Name, the result will be that name. If + * the optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return NULL upon error, in which + * case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_COMMON_NAME + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +NSSName_GetCommonName +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * NSSName_GetOrganization + * + * This routine will attempt to derive an organisation name from the + * specified name, if the choices and content of the name permit. + * If Name consists of a Sequence of Relative Distinguished names + * containing a PKIX Organization, the result will be the value of + * that attribute. If the optional arena argument is non-null, the + * memory used will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. This routine may return NULL upon + * error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_ORGANIZATION + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +NSSName_GetOrganization +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * NSSName_GetOrganizationalUnits + * + * This routine will attempt to derive a sequence of organisational + * unit names from the specified name, if the choices and content of + * the name permit. If the Name consists of a Sequence of Relative + * Distinguished Names containing one or more organisational units, + * the result will be the values of those attributes. If the optional + * arena argument is non-null, the memory used will be obtained from + * that arena; otherwise, the memory will be obtained from the heap. + * This routine may return NULL upon error, in which case it will have + * created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_ORGANIZATIONAL_UNITS + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a null-terminated array of UTF8 Strings + */ + +NSS_EXTERN NSSUTF8 ** /* XXX fgmr DirectoryString */ +NSSName_GetOrganizationalUnits +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * NSSName_GetStateOrProvince + * + * This routine will attempt to derive a state or province name from + * the specified name, if the choices and content of the name permit. + * If the Name consists of a Sequence of Relative Distinguished Names + * containing a state or province, the result will be the value of + * that attribute. If the optional arena argument is non-null, the + * memory used will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. This routine may return NULL upon + * error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_STATE_OR_PROVINCE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +NSSName_GetStateOrProvince +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * NSSName_GetLocality + * + * This routine will attempt to derive a locality name from the + * specified name, if the choices and content of the name permit. If + * the Name consists of a Sequence of Relative Distinguished names + * containing a Locality, the result will be the value of that + * attribute. If the optional arena argument is non-null, the memory + * used will be obtained from that arena; otherwise, the memory will + * be obtained from the heap. This routine may return NULL upon error, + * in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_LOCALITY + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +NSSName_GetLocality +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * NSSName_GetCountry + * + * This routine will attempt to derive a country name from the + * specified name, if the choices and content of the name permit. + * If the Name consists of a Sequence of Relative Distinguished + * Names containing a Country, the result will be the value of + * that attribute.. If the optional arena argument is non-null, + * the memory used will be obtained from that arena; otherwise, + * the memory will be obtained from the heap. This routine may + * return NULL upon error, in which case it will have created an + * error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_COUNTRY + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr PrintableString */ +NSSName_GetCountry +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * NSSName_GetAttribute + * + * If the specified name consists of a Sequence of Relative + * Distinguished Names containing an attribute with the specified + * type, and the actual value of that attribute may be expressed + * with a Directory String, then the value of that attribute will + * be returned as a Directory String. If the optional arena argument + * is non-null, the memory used will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. This routine + * may return NULL upon error, in which case it will have created an + * error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_ATTRIBUTE + * NSS_ERROR_ATTRIBUTE_VALUE_NOT_STRING + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +NSSName_GetAttribute +( + NSSName *name, + NSSOID *attribute, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName + * + * The public "methods" regarding this "object" are: + * + * NSSGeneralName_CreateFromBER -- constructor + * NSSGeneralName_CreateFromUTF8 -- constructor + * NSSGeneralName_Create -- constructor + * + * NSSGeneralName_Destroy + * NSSGeneralName_GetDEREncoding + * NSSGeneralName_GetUTF8Encoding + * NSSGeneralName_GetChoice + * NSSGeneralName_GetOtherName + * NSSGeneralName_GetRfc822Name + * NSSGeneralName_GetDNSName + * NSSGeneralName_GetX400Address + * NSSGeneralName_GetDirectoryName + * NSSGeneralName_GetEdiPartyName + * NSSGeneralName_GetUniformResourceIdentifier + * NSSGeneralName_GetIPAddress + * NSSGeneralName_GetRegisteredID + * NSSGeneralName_GetSpecifiedChoice + * NSSGeneralName_Compare + * NSSGeneralName_Duplicate + * + * NSSGeneralName_GetUID + * NSSGeneralName_GetEmail + * NSSGeneralName_GetCommonName + * NSSGeneralName_GetOrganization + * NSSGeneralName_GetOrganizationalUnits + * NSSGeneralName_GetStateOrProvince + * NSSGeneralName_GetLocality + * NSSGeneralName_GetCountry + * NSSGeneralName_GetAttribute + */ + +/* + * NSSGeneralName_CreateFromBER + * + * This routine creates an NSSGeneralName by decoding a BER- or DER- + * encoded general name. If the optional arena argument is non-null, + * the memory used will be obtained from that arena; otherwise, the + * memory will be obtained from the heap. This routine may return + * NULL upon error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_BER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSGeneralName upon success + */ + +NSS_EXTERN NSSGeneralName * +NSSGeneralName_CreateFromBER +( + NSSArena *arenaOpt, + NSSBER *berGeneralName +); + +/* + * NSSGeneralName_CreateFromUTF8 + * + * This routine creates an NSSGeneralName by decoding a UTF8 string + * consisting of the string representation of one of the choices of + * general names. If the optional arena argument is non-null, the + * memory used will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. The routine may return NULL upon + * error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_STRING + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSGeneralName upon success + */ + +NSS_EXTERN NSSGeneralName * +NSSGeneralName_CreateFromUTF8 +( + NSSArena *arenaOpt, + NSSUTF8 *stringGeneralName +); + +/* + * NSSGeneralName_Create + * + * This routine creates an NSSGeneralName with the specified choice of + * underlying name types. The value of the choice variable must be one + * of the values of the NSSGeneralNameChoice enumeration, and the type + * of the arg variable must be as specified in the following table: + * + * Choice Type + * ============================================ ========= + * NSSGeneralNameChoiceOtherName + * NSSGeneralNameChoiceRfc822Name + * NSSGeneralNameChoiceDNSName + * NSSGeneralNameChoiceX400Address + * NSSGeneralNameChoiceDirectoryName NSSName * + * NSSGeneralNameChoiceEdiPartyName + * NSSGeneralNameChoiceUniformResourceIdentifier + * NSSGeneralNameChoiceIPAddress + * NSSGeneralNameChoiceRegisteredID + * + * If the optional arena argument is non-null, the memory used will + * be obtained from that arena; otherwise, the memory will be + * obtained from the heap. This routine may return NULL upon error, + * in which case it will have created an error stack. + * + * The error may be one fo the following values: + * NSS_ERROR_INVALID_CHOICE + * NSS_ERROR_INVALID_ARGUMENT + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSGeneralName upon success + */ + +NSS_EXTERN NSSGeneralName * +NSSGeneralName_Create +( + NSSGeneralNameChoice choice, + void *arg +); + +/* + * NSSGeneralName_Destroy + * + * This routine will destroy a General Name object. It should + * eventually be called on all General Names created without an arena. + * While it is not necessary to call it on General Names created within + * an arena, it is not an error to do so. This routine returns a + * PRStatus value; if successful, it will return PR_SUCCESS. If + * usuccessful, it will create an error stack and return PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * + * Return value: + * PR_FAILURE upon failure + * PR_SUCCESS upon success + */ + +NSS_EXTERN PRStatus +NSSGeneralName_Destroy +( + NSSGeneralName *generalName +); + +/* + * NSSGeneralName_GetDEREncoding + * + * This routine will DER-encode a name object. If the optional arena + * argument is non-null, the memory used will be obtained from that + * arena; otherwise, the memory will be obtained from the heap. This + * routine may return null upon error, in which case it will have + * created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * The DER encoding of this NSSGeneralName + */ + +NSS_EXTERN NSSDER * +NSSGeneralName_GetDEREncoding +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_GetUTF8Encoding + * + * This routine returns a UTF8 string containing a string + * representation of the General Name in the format specified by the + * underlying name choice. If the optional arena argument is + * non-null, the memory used will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. This routine + * may return NULL upon error, in which case it will have created an + * error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 string + */ + +NSS_EXTERN NSSUTF8 * +NSSGeneralName_GetUTF8Encoding +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_GetChoice + * + * This routine returns the type of choice underlying the specified + * general name. The return value will be a member of the + * NSSGeneralNameChoice enumeration. This routine may return + * NSSGeneralNameChoiceInvalid upon error, in which case it will have + * created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * + * Return value: + * NSSGeneralNameChoiceInvalid upon error + * An other member of the NSSGeneralNameChoice enumeration + */ + +NSS_EXTERN NSSGeneralNameChoice +NSSGeneralName_GetChoice +( + NSSGeneralName *generalName +); + +/* + * NSSGeneralName_GetOtherName + * + * If the choice underlying the specified NSSGeneralName is that of an + * Other Name, this routine will return a pointer to that Other name. + * Otherwise, this routine will place an error on the error stack, and + * return NULL. If the optional arena argument is non-null, the memory + * required will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. The caller owns the returned + * pointer. This routine may return NULL upon error, in which case it + * will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSOtherName + */ + +NSS_EXTERN NSSOtherName * +NSSGeneralName_GetOtherName +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_GetRfc822Name + * + * If the choice underlying the specified NSSGeneralName is that of an + * RFC 822 Name, this routine will return a pointer to that name. + * Otherwise, this routine will place an error on the error stack, and + * return NULL. If the optional arena argument is non-null, the memory + * required will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. The caller owns the returned + * pointer. This routine may return NULL upon error, in which case it + * will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSRFC822Name + */ + +NSS_EXTERN NSSRFC822Name * +NSSGeneralName_GetRfc822Name +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_GetDNSName + * + * If the choice underlying the specified NSSGeneralName is that of a + * DNS Name, this routine will return a pointer to that DNS name. + * Otherwise, this routine will place an error on the error stack, and + * return NULL. If the optional arena argument is non-null, the memory + * required will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. The caller owns the returned + * pointer. This routine may return NULL upon error, in which case it + * will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSDNSName + */ + +NSS_EXTERN NSSDNSName * +NSSGeneralName_GetDNSName +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_GetX400Address + * + * If the choice underlying the specified NSSGeneralName is that of an + * X.400 Address, this routine will return a pointer to that Address. + * Otherwise, this routine will place an error on the error stack, and + * return NULL. If the optional arena argument is non-null, the memory + * required will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. The caller owns the returned + * pointer. This routine may return NULL upon error, in which case it + * will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSX400Address + */ + +NSS_EXTERN NSSX400Address * +NSSGeneralName_GetX400Address +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_GetDirectoryName + * + * If the choice underlying the specified NSSGeneralName is that of a + * (directory) Name, this routine will return a pointer to that name. + * Otherwise, this routine will place an error on the error stack, and + * return NULL. If the optional arena argument is non-null, the memory + * required will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. The caller owns the returned + * pointer. This routine may return NULL upon error, in which case it + * will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSName + */ + +NSS_EXTERN NSSName * +NSSGeneralName_GetName +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_GetEdiPartyName + * + * If the choice underlying the specified NSSGeneralName is that of an + * EDI Party Name, this routine will return a pointer to that name. + * Otherwise, this routine will place an error on the error stack, and + * return NULL. If the optional arena argument is non-null, the memory + * required will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. The caller owns the returned + * pointer. This routine may return NULL upon error, in which case it + * will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSEdiPartyName + */ + +NSS_EXTERN NSSEdiPartyName * +NSSGeneralName_GetEdiPartyName +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_GetUniformResourceIdentifier + * + * If the choice underlying the specified NSSGeneralName is that of a + * URI, this routine will return a pointer to that URI. + * Otherwise, this routine will place an error on the error stack, and + * return NULL. If the optional arena argument is non-null, the memory + * required will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. The caller owns the returned + * pointer. This routine may return NULL upon error, in which case it + * will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSURI + */ + +NSS_EXTERN NSSURI * +NSSGeneralName_GetUniformResourceIdentifier +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_GetIPAddress + * + * If the choice underlying the specified NSSGeneralName is that of an + * IP Address , this routine will return a pointer to that address. + * Otherwise, this routine will place an error on the error stack, and + * return NULL. If the optional arena argument is non-null, the memory + * required will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. The caller owns the returned + * pointer. This routine may return NULL upon error, in which case it + * will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSIPAddress + */ + +NSS_EXTERN NSSIPAddress * +NSSGeneralName_GetIPAddress +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_GetRegisteredID + * + * If the choice underlying the specified NSSGeneralName is that of a + * Registered ID, this routine will return a pointer to that ID. + * Otherwise, this routine will place an error on the error stack, and + * return NULL. If the optional arena argument is non-null, the memory + * required will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. The caller owns the returned + * pointer. This routine may return NULL upon error, in which case it + * will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSRegisteredID + */ + +NSS_EXTERN NSSRegisteredID * +NSSGeneralName_GetRegisteredID +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_GetSpecifiedChoice + * + * If the choice underlying the specified NSSGeneralName matches the + * specified choice, a caller-owned pointer to that underlying object + * will be returned. Otherwise, an error will be placed on the error + * stack and NULL will be returned. If the optional arena argument + * is non-null, the memory required will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. The caller + * owns the returned pointer. This routine may return NULL upon + * error, in which caes it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer, which must be typecast + */ + +NSS_EXTERN void * +NSSGeneralName_GetSpecifiedChoice +( + NSSGeneralName *generalName, + NSSGeneralNameChoice choice, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_Compare + * + * This routine compares two General Names for equality. For two + * General Names to be equal, they must have the same choice of + * underlying types, and the underlying values must be equal. The + * result of the comparison will be stored at the location pointed + * to by the "equalp" variable, which must point to a valid PRBool. + * This routine may return PR_FAILURE upon error, in which case it + * will have created an error stack. + * + * The error may be one of the following value: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_INVALID_ARGUMENT + * + * Return value: + * PR_FAILURE upon error + * PR_SUCCESS upon a successful comparison (equal or not) + */ + +NSS_EXTERN PRStatus +NSSGeneralName_Compare +( + NSSGeneralName *generalName1, + NSSGeneralName *generalName2, + PRBool *equalp +); + +/* + * NSSGeneralName_Duplicate + * + * This routine duplicates the specified General Name. If the optional + * arena argument is non-null, the memory required will be obtained + * from that arena; otherwise, the memory will be obtained from the + * heap. This routine may return NULL upon error, in which case it + * will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a new NSSGeneralName + */ + +NSS_EXTERN NSSGeneralName * +NSSGeneralName_Duplicate +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_GetUID + * + * This routine will attempt to derive a user identifier from the + * specified general name, if the choices and content of the name + * permit. If the General Name is a (directory) Name consisting + * of a Sequence of Relative Distinguished Names containing a UID + * attribute, the UID will be the value of that attribute. Note + * that no UID attribute is defined in either PKIX or PKCS#9; + * rather, this seems to derive from RFC 1274, which defines the + * type as a caseIgnoreString. We'll return a Directory String. + * If the optional arena argument is non-null, the memory used + * will be obtained from that arena; otherwise, the memory will be + * obtained from the heap. This routine may return NULL upon error, + * in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_UID + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String. + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +NSSGeneralName_GetUID +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_GetEmail + * + * This routine will attempt to derive an email address from the + * specified general name, if the choices and content of the name + * permit. If the General Name is a (directory) Name consisting + * of a Sequence of Relative Distinguished names containing either + * a PKIX email address or a PKCS#9 email address, the result will + * be the value of that attribute. If the General Name is an RFC 822 + * Name, the result will be the string form of that name. If the + * optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return NULL upon error, in which + * case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_EMAIL + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr IA5String */ +NSSGeneralName_GetEmail +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_GetCommonName + * + * This routine will attempt to derive a common name from the + * specified general name, if the choices and content of the name + * permit. If the General Name is a (directory) Name consisting + * of a Sequence of Relative Distinguished names containing a PKIX + * Common Name, the result will be that name. If the optional arena + * argument is non-null, the memory used will be obtained from that + * arena; otherwise, the memory will be obtained from the heap. This + * routine may return NULL upon error, in which case it will have + * created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_COMMON_NAME + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +NSSGeneralName_GetCommonName +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_GetOrganization + * + * This routine will attempt to derive an organisation name from the + * specified general name, if the choices and content of the name + * permit. If the General Name is a (directory) Name consisting + * of a Sequence of Relative Distinguished names containing an + * Organization, the result will be the value of that attribute. + * If the optional arena argument is non-null, the memory used will + * be obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return NULL upon error, in which + * case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_ORGANIZATION + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +NSSGeneralName_GetOrganization +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_GetOrganizationalUnits + * + * This routine will attempt to derive a sequence of organisational + * unit names from the specified general name, if the choices and + * content of the name permit. If the General Name is a (directory) + * Name consisting of a Sequence of Relative Distinguished names + * containing one or more organisational units, the result will + * consist of those units. If the optional arena argument is non- + * null, the memory used will be obtained from that arena; otherwise, + * the memory will be obtained from the heap. This routine may return + * NULL upon error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_ORGANIZATIONAL_UNITS + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a null-terminated array of UTF8 Strings + */ + +NSS_EXTERN NSSUTF8 ** /* XXX fgmr DirectoryString */ +NSSGeneralName_GetOrganizationalUnits +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_GetStateOrProvince + * + * This routine will attempt to derive a state or province name from + * the specified general name, if the choices and content of the name + * permit. If the General Name is a (directory) Name consisting + * of a Sequence of Relative Distinguished names containing a state or + * province, the result will be the value of that attribute. If the + * optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return NULL upon error, in which + * case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_STATE_OR_PROVINCE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +NSSGeneralName_GetStateOrProvince +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_GetLocality + * + * This routine will attempt to derive a locality name from + * the specified general name, if the choices and content of the name + * permit. If the General Name is a (directory) Name consisting + * of a Sequence of Relative Distinguished names containing a Locality, + * the result will be the value of that attribute. If the optional + * arena argument is non-null, the memory used will be obtained from + * that arena; otherwise, the memory will be obtained from the heap. + * This routine may return NULL upon error, in which case it will have + * created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_LOCALITY + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +NSSGeneralName_GetLocality +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_GetCountry + * + * This routine will attempt to derive a country name from the + * specified general name, if the choices and content of the name + * permit. If the General Name is a (directory) Name consisting of a + * Sequence of Relative Distinguished names containing a Country, the + * result will be the value of that attribute. If the optional + * arena argument is non-null, the memory used will be obtained from + * that arena; otherwise, the memory will be obtained from the heap. + * This routine may return NULL upon error, in which case it will have + * created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_COUNTRY + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr PrintableString */ +NSSGeneralName_GetCountry +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * NSSGeneralName_GetAttribute + * + * If the specified general name is a (directory) name consisting + * of a Sequence of Relative Distinguished Names containing an + * attribute with the specified type, and the actual value of that + * attribute may be expressed with a Directory String, then the + * value of that attribute will be returned as a Directory String. + * If the optional arena argument is non-null, the memory used will + * be obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return NULL upon error, in which + * case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_ATTRIBUTE + * NSS_ERROR_ATTRIBUTE_VALUE_NOT_STRING + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +NSSGeneralName_GetAttribute +( + NSSGeneralName *generalName, + NSSOID *attribute, + NSSArena *arenaOpt +); + +/* + * NSSGeneralNameSeq + * + * The public "methods" regarding this "object" are: + * + * NSSGeneralNameSeq_CreateFromBER -- constructor + * NSSGeneralNameSeq_Create -- constructor + * + * NSSGeneralNameSeq_Destroy + * NSSGeneralNameSeq_GetDEREncoding + * NSSGeneralNameSeq_AppendGeneralName + * NSSGeneralNameSeq_GetGeneralNameCount + * NSSGeneralNameSeq_GetGeneralName + * NSSGeneralNameSeq_Compare + * NSSGeneralnameSeq_Duplicate + */ + +/* + * NSSGeneralNameSeq_CreateFromBER + * + * This routine creates a general name sequence by decoding a BER- + * or DER-encoded GeneralNames. If the optional arena argument is + * non-null, the memory used will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. This routine + * may return NULL upon error, in which case it will have created an + * error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_BER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSGeneralNameSeq upon success + */ + +NSS_EXTERN NSSGeneralNameSeq * +NSSGeneralNameSeq_CreateFromBER +( + NSSArena *arenaOpt, + NSSBER *berGeneralNameSeq +); + +/* + * NSSGeneralNameSeq_Create + * + * This routine creates an NSSGeneralNameSeq from one or more General + * Names. The final argument to this routine must be NULL. If the + * optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return NULL upon error, in which + * case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_NO_MEMORY + * NSS_ERROR_INVALID_GENERAL_NAME + * + * Return value: + * NULL upon error + * A pointer to an NSSGeneralNameSeq upon success + */ + +NSS_EXTERN NSSGeneralNameSeq * +NSSGeneralNameSeq_Create +( + NSSArena *arenaOpt, + NSSGeneralName *generalName1, + ... +); + +/* + * NSSGeneralNameSeq_Destroy + * + * This routine will destroy an NSSGeneralNameSeq object. It should + * eventually be called on all NSSGeneralNameSeqs created without an + * arena. While it is not necessary to call it on NSSGeneralNameSeq's + * created within an arena, it is not an error to do so. This routine + * returns a PRStatus value; if successful, it will return PR_SUCCESS. + * If unsuccessful, it will create an error stack and return PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME_SEQ + * + * Return value: + * PR_FAILURE upon error + * PR_SUCCESS upon success + */ + +NSS_EXTERN PRStatus +NSSGeneralNameSeq_Destroy +( + NSSGeneralNameSeq *generalNameSeq +); + +/* + * NSSGeneralNameSeq_GetDEREncoding + * + * This routine will DER-encode an NSSGeneralNameSeq object. If the + * optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return null upon error, in which + * case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME_SEQ + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * The DER encoding of this NSSGeneralNameSeq + */ + +NSS_EXTERN NSSDER * +NSSGeneralNameSeq_GetDEREncoding +( + NSSGeneralNameSeq *generalNameSeq, + NSSArena *arenaOpt +); + +/* + * NSSGeneralNameSeq_AppendGeneralName + * + * This routine appends a General Name to the end of the existing + * General Name Sequence. If the sequence was created with a non-null + * arena argument, that same arena will be used for any additional + * required memory. If the sequence was created with a NULL arena + * argument, any additional memory will be obtained from the heap. + * This routine returns a PRStatus value; it will return PR_SUCCESS + * upon success, and upon failure it will create an error stack and + * return PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME_SEQ + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_MEMORY + * + * Return value: + * PR_SUCCESS upon success + * PR_FAILURE upon failure. + */ + +NSS_EXTERN PRStatus +NSSGeneralNameSeq_AppendGeneralName +( + NSSGeneralNameSeq *generalNameSeq, + NSSGeneralName *generalName +); + +/* + * NSSGeneralNameSeq_GetGeneralNameCount + * + * This routine returns the cardinality of the specified General name + * Sequence. This routine may return 0 upon error, in which case it + * will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME_SEQ + * + * Return value; + * 0 upon error + * A positive number upon success + */ + +NSS_EXTERN PRUint32 +NSSGeneralNameSeq_GetGeneralNameCount +( + NSSGeneralNameSeq *generalNameSeq +); + +/* + * NSSGeneralNameSeq_GetGeneralName + * + * This routine returns a pointer to the i'th General Name in the + * specified General Name Sequence. The value of the variable 'i' is + * on the range [0,c) where c is the cardinality returned from + * NSSGeneralNameSeq_GetGeneralNameCount. The caller owns the General + * Name the pointer to which is returned. If the optional arena + * argument is non-null, the memory used will be obtained from that + * arena; otherwise, the memory will be obtained from the heap. This + * routine may return NULL upon error, in which case it will have + * created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME_SEQ + * NSS_ERROR_VALUE_OUT_OF_RANGE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to a General Name. + */ + +NSS_EXTERN NSSGeneralName * +NSSGeneralNameSeq_GetGeneralName +( + NSSGeneralNameSeq *generalNameSeq, + NSSArena *arenaOpt, + PRUint32 i +); + +/* + * NSSGeneralNameSeq_Compare + * + * This routine compares two General Name Sequences for equality. For + * two General Name Sequences to be equal, they must have the same + * cardinality, and each General Name in one sequence must be equal to + * the corresponding General Name in the other. The result of the + * comparison will be stored at the location pointed to by the "equalp" + * variable, which must point to a valid PRBool. This routine may + * return PR_FAILURE upon error, in which case it will have created an + * error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME_SEQ + * NSS_ERROR_INVALID_ARGUMENT + * + * Return value: + * PR_FAILURE upon error + * PR_SUCCESS upon a successful comparison (equal or not) + */ + +NSS_EXTERN PRStatus +NSSGeneralNameSeq_Compare +( + NSSGeneralNameSeq *generalNameSeq1, + NSSGeneralNameSeq *generalNameSeq2, + PRBool *equalp +); + +/* + * NSSGeneralNameSeq_Duplicate + * + * This routine duplicates the specified sequence of general names. If + * the optional arena argument is non-null, the memory required will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return NULL upon error, in which + * case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME_SEQ + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a new General Name Sequence. + */ + +NSS_EXTERN NSSGeneralNameSeq * +NSSGeneralNameSeq_Duplicate +( + NSSGeneralNameSeq *generalNameSeq, + NSSArena *arenaOpt +); + +PR_END_EXTERN_C + +#endif /* NSSPT1M_H */ diff --git a/security/nss/lib/pki1/nsspki1t.h b/security/nss/lib/pki1/nsspki1t.h new file mode 100644 index 000000000..8765a3ad3 --- /dev/null +++ b/security/nss/lib/pki1/nsspki1t.h @@ -0,0 +1,202 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#ifndef NSSPKI1T_H +#define NSSPKI1T_H + +#ifdef DEBUG +static const char NSSPKI1T_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; +#endif /* DEBUG */ + +/* + * nsspki1t.h + * + * This file contains the public type definitions for the PKIX part-1 + * objects. + */ + +#ifndef NSSBASET_H +#include "nssbaset.h" +#endif /* NSSBASET_H */ + +PR_BEGIN_EXTERN_C + +/* + * OBJECT IDENTIFIER + * + * This is the basic OID that crops up everywhere. + */ + +struct NSSOIDStr; +typedef struct NSSOIDStr NSSOID; + +/* + * AttributeTypeAndValue + * + * This structure contains an attribute type (indicated by an OID), + * and the type-specific value. RelativeDistinguishedNamess consist + * of a set of these. These are distinct from Attributes (which have + * SET of values), from AttributeDescriptions (which have qualifiers + * on the types), and from AttributeValueAssertions (which assert a + * a value comparison under some matching rule). + */ + +struct NSSATAVStr; +typedef struct NSSATAVStr NSSATAV; + +/* + * RelativeDistinguishedName + * + * This structure contains an unordered set of AttributeTypeAndValue + * objects. RDNs are used to distinguish a set of objects underneath + * a common object. + * + * Often, a single ATAV is sufficient to make a unique distinction. + * For example, if a company assigns its people unique uid values, + * then in the Name "uid=smith,ou=People,o=Acme,c=US" the "uid=smith" + * ATAV by itself forms an RDN. However, sometimes a set of ATAVs is + * needed. For example, if a company needed to distinguish between + * two Smiths by specifying their corporate divisions, then in the + * Name "(cn=Smith,ou=Sales),ou=People,o=Acme,c=US" the parenthesised + * set of ATAVs forms the RDN. + */ + +struct NSSRDNStr; +typedef struct NSSRDNStr NSSRDN; + +/* + * RDNSequence + * + * This structure contains a sequence of RelativeDistinguishedName + * objects. + */ + +struct NSSRDNSeqStr; +typedef struct NSSRDNSeqStr NSSRDNSeq; + +/* + * Name + * + * This structure contains a union of the possible name formats, + * which at the moment is limited to an RDNSequence. + */ + +struct NSSNameStr; +typedef struct NSSNameStr NSSName; + +/* + * NameChoice + * + * This enumeration is used to specify choice within a name. + */ + +enum NSSNameChoiceEnum { + NSSNameChoiceInvalid = -1, + NSSNameChoiceRdnSequence +}; +typedef enum NSSNameChoiceEnum NSSNameChoice; + +/* + * GeneralName + * + * This structure contains a union of the possible general names, + * of which there are several. + */ + +struct NSSGeneralNameStr; +typedef struct NSSGeneralNameStr NSSGeneralName; + +/* + * GeneralNameChoice + * + * This enumerates the possible general name types. + */ + +enum NSSGeneralNameChoiceEnum { + NSSGeneralNameChoiceInvalid = -1, + NSSGeneralNameChoiceOtherName = 0, + NSSGeneralNameChoiceRfc822Name = 1, + NSSGeneralNameChoiceDNSName = 2, + NSSGeneralNameChoiceX400Address = 3, + NSSGeneralNameChoiceDirectoryName = 4, + NSSGeneralNameChoiceEdiPartyName = 5, + NSSGeneralNameChoiceUniformResourceIdentifier = 6, + NSSGeneralNameChoiceIPAddress = 7, + NSSGeneralNameChoiceRegisteredID = 8 +}; +typedef enum NSSGeneralNameChoiceEnum NSSGeneralNameChoice; + +/* + * The "other" types of general names. + */ + +struct NSSOtherNameStr; +typedef struct NSSOtherNameStr NSSOtherName; + +struct NSSRFC822NameStr; +typedef struct NSSRFC822NameStr NSSRFC822Name; + +struct NSSDNSNameStr; +typedef struct NSSDNSNameStr NSSDNSName; + +struct NSSX400AddressStr; +typedef struct NSSX400AddressStr NSSX400Address; + +struct NSSEdiPartyNameStr; +typedef struct NSSEdiPartyNameStr NSSEdiPartyName; + +struct NSSURIStr; +typedef struct NSSURIStr NSSURI; + +struct NSSIPAddressStr; +typedef struct NSSIPAddressStr NSSIPAddress; + +struct NSSRegisteredIDStr; +typedef struct NSSRegisteredIDStr NSSRegisteredID; + +/* + * GeneralNameSeq + * + * This structure contains a sequence of GeneralName objects. + * Note that the PKIX documents refer to this as "GeneralNames," + * which differs from "GeneralName" by only one letter. To + * try to reduce confusion, we expand the name slightly to + * "GeneralNameSeq." + */ + +struct NSSGeneralNameSeqStr; +typedef struct NSSGeneralNameSeqStr NSSGeneralNameSeq; + +PR_END_EXTERN_C + +#endif /* NSSPKI1T_H */ diff --git a/security/nss/lib/pki1/oid.c b/security/nss/lib/pki1/oid.c new file mode 100644 index 000000000..c4028a803 --- /dev/null +++ b/security/nss/lib/pki1/oid.c @@ -0,0 +1,1615 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; +#endif /* DEBUG */ + +/* + * oid.c + * + * This file contains the implementation of the basic OID routines. + */ + +#ifndef BASE_H +#include "base.h" +#endif /* BASE_H */ + +#ifndef PKI1_H +#include "pki1.h" +#endif /* PKI1_H */ + +#include "plhash.h" +#include "plstr.h" + +/* + * NSSOID + * + * The public "methods" regarding this "object" are: + * + * NSSOID_CreateFromBER -- constructor + * NSSOID_CreateFromUTF8 -- constructor + * (there is no explicit destructor) + * + * NSSOID_GetDEREncoding + * NSSOID_GetUTF8Encoding + + * The non-public "methods" regarding this "object" are: + * + * nssOID_CreateFromBER -- constructor + * nssOID_CreateFromUTF8 -- constructor + * (there is no explicit destructor) + * + * nssOID_GetDEREncoding + * nssOID_GetUTF8Encoding + * + * In debug builds, the following non-public calls are also available: + * + * nssOID_verifyPointer + * nssOID_getExplanation + * nssOID_getTaggedUTF8 + */ + +const NSSOID *NSS_OID_UNKNOWN = (NSSOID *)NULL; + +/* + * First, the public "wrappers" + */ + +/* + * NSSOID_CreateFromBER + * + * This routine creates an NSSOID by decoding a BER- or DER-encoded + * OID. It may return NULL upon error, in which case it + * will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_BER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * An NSSOID upon success + */ + +NSS_EXTERN NSSOID * +NSSOID_CreateFromBER +( + NSSBER *berOid +) +{ + nss_ClearErrorStack(); + +#ifdef DEBUG + /* + * NSSBERs can be created by the user, + * so no pointer-tracking can be checked. + */ + + if( (NSSBER *)NULL == berOid ) { + nss_SetError(NSS_ERROR_INVALID_BER); + return (NSSOID *)NULL; + } + + if( (void *)NULL == berOid->data ) { + nss_SetError(NSS_ERROR_INVALID_BER); + return (NSSOID *)NULL; + } +#endif /* DEBUG */ + + return nssOID_CreateFromBER(berOid); +} + +/* + * NSSOID_CreateFromUTF8 + * + * This routine creates an NSSOID by decoding a UTF8 string + * representation of an OID in dotted-number format. The string may + * optionally begin with an octothorpe. It may return NULL + * upon error, in which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_UTF8 + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * An NSSOID upon success + */ + +NSS_EXTERN NSSOID * +NSSOID_CreateFromUTF8 +( + NSSUTF8 *stringOid +) +{ + nss_ClearErrorStack(); + +#ifdef DEBUG + /* + * NSSUTF8s can be created by the user, + * so no pointer-tracking can be checked. + */ + + if( (NSSUTF8 *)NULL == stringOid ) { + nss_SetError(NSS_ERROR_INVALID_UTF8); + return (NSSOID *)NULL; + } +#endif /* DEBUG */ + + return nssOID_CreateFromUTF8(stringOid); +} + +/* + * NSSOID_GetDEREncoding + * + * This routine returns the DER encoding of the specified NSSOID. + * If the optional arena argument is non-null, the memory used will + * be obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return return null upon error, in + * which case it will have created an error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NSSOID + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * The DER encoding of this NSSOID + */ + +NSS_EXTERN NSSDER * +NSSOID_GetDEREncoding +( + const NSSOID *oid, + NSSDER *rvOpt, + NSSArena *arenaOpt +) +{ + nss_ClearErrorStack(); + +#ifdef DEBUG + if( PR_SUCCESS != nssOID_verifyPointer(oid) ) { + return (NSSDER *)NULL; + } + + if( (NSSArena *)NULL != arenaOpt ) { + if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) { + return (NSSDER *)NULL; + } + } +#endif /* DEBUG */ + + return nssOID_GetDEREncoding(oid, rvOpt, arenaOpt); +} + +/* + * NSSOID_GetUTF8Encoding + * + * This routine returns a UTF8 string containing the dotted-number + * encoding of the specified NSSOID. If the optional arena argument + * is non-null, the memory used will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. This routine + * may return null upon error, in which case it will have created an + * error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NSSOID + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 string containing the dotted-digit encoding of + * this NSSOID + */ + +NSS_EXTERN NSSUTF8 * +NSSOID_GetUTF8Encoding +( + const NSSOID *oid, + NSSArena *arenaOpt +) +{ + nss_ClearErrorStack(); + +#ifdef DEBUG + if( PR_SUCCESS != nssOID_verifyPointer(oid) ) { + return (NSSUTF8 *)NULL; + } + + if( (NSSArena *)NULL != arenaOpt ) { + if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) { + return (NSSUTF8 *)NULL; + } + } +#endif /* DEBUG */ + + return nssOID_GetUTF8Encoding(oid, arenaOpt); +} + +/* + * Next, some internal bookkeeping; including the OID "tag" table + * and the debug-version pointer tracker. + */ + +/* + * For implementation reasons (so NSSOIDs can be compared with ==), + * we hash all NSSOIDs. This is the hash table. + */ + +static PLHashTable *oid_hash_table; + +/* + * And this is its lock. + */ + +static PRLock *oid_hash_lock; + +/* + * This is the hash function. We simply XOR the encoded form with + * itself in sizeof(PLHashNumber)-byte chunks. Improving this + * routine is left as an excercise for the more mathematically + * inclined student. + */ + +static PR_CALLBACK PLHashNumber +oid_hash +( + const void *key +) +{ + const NSSItem *item = (const NSSItem *)key; + PLHashNumber rv = 0; + + PRUint8 *data = (PRUint8 *)item->data; + PRUint32 i; + PRUint8 *rvc = (PRUint8 *)&rv; + + for( i = 0; i < item->size; i++ ) { + rvc[ i % sizeof(rv) ] ^= *data; + data++; + } + + return rv; +} + +/* + * This is the key-compare function. It simply does a lexical + * comparison on the encoded OID form. This does not result in + * quite the same ordering as the "sequence of numbers" order, + * but heck it's only used internally by the hash table anyway. + */ + +static PR_CALLBACK PRIntn +oid_hash_compare +( + const void *k1, + const void *k2 +) +{ + PRIntn rv; + + const NSSItem *i1 = (const NSSItem *)k1; + const NSSItem *i2 = (const NSSItem *)k2; + + PRUint32 size = (i1->size < i2->size) ? i1->size : i2->size; + + rv = (PRIntn)nsslibc_memcmp(i1->data, i2->data, size, (PRStatus *)NULL); + if( 0 == rv ) { + rv = i1->size - i2->size; + } + + return !rv; +} + +/* + * The pointer-tracking code + */ + +#ifdef DEBUG +extern const NSSError NSS_ERROR_INTERNAL_ERROR; + +static nssPointerTracker oid_pointer_tracker; + +static PRStatus +oid_add_pointer +( + const NSSOID *oid +) +{ + PRStatus rv; + + rv = nssPointerTracker_initialize(&oid_pointer_tracker); + if( PR_SUCCESS != rv ) { + return rv; + } + + rv = nssPointerTracker_add(&oid_pointer_tracker, oid); + if( PR_SUCCESS != rv ) { + NSSError e = NSS_GetError(); + if( NSS_ERROR_NO_MEMORY != e ) { + nss_SetError(NSS_ERROR_INTERNAL_ERROR); + } + + return rv; + } + + return PR_SUCCESS; +} + +#if defined(CAN_DELETE_OIDS) +/* + * We actually don't define NSSOID deletion, since we keep OIDs + * in a hash table for easy comparison. Were we to, this is + * what the pointer-removal function would look like. + */ + +static PRStatus +oid_remove_pointer +( + const NSSOID *oid +) +{ + PRStatus rv; + + rv = nssPointerTracker_remove(&oid_pointer_tracker, oid); + if( PR_SUCCESS != rv ) { + nss_SetError(NSS_ERROR_INTERNAL_ERROR); + } + + return rv; +} +#endif /* CAN_DELETE_OIDS */ + +#endif /* DEBUG */ + +/* + * All dynamically-added OIDs get their memory from one statically- + * declared arena here, merely so that any cleanup code will have + * an easier time of it. + */ + +static NSSArena *oid_arena; + +/* + * This is the call-once function which initializes the hashtable. + * It creates it, then prepopulates it with all of the builtin OIDs. + * It also creates the aforementioned NSSArena. + */ + +static PR_CALLBACK PRStatus +oid_once_func +( + void +) +{ + PRUint32 i; + + /* Initialize the arena */ + oid_arena = nssArena_Create(); + if( (NSSArena *)NULL == oid_arena ) { + goto loser; + } + + /* Create the hash table lock */ + oid_hash_lock = PR_NewLock(); + if( (PRLock *)NULL == oid_hash_lock ) { + nss_SetError(NSS_ERROR_NO_MEMORY); + goto loser; + } + + /* Create the hash table */ + oid_hash_table = PL_NewHashTable(0, oid_hash, oid_hash_compare, + PL_CompareValues, + (PLHashAllocOps *)0, + (void *)0); + if( (PLHashTable *)NULL == oid_hash_table ) { + nss_SetError(NSS_ERROR_NO_MEMORY); + goto loser; + } + + /* And populate it with all the builtins */ + for( i = 0; i < nss_builtin_oid_count; i++ ) { + NSSOID *oid = (NSSOID *)&nss_builtin_oids[i]; + PLHashEntry *e = PL_HashTableAdd(oid_hash_table, &oid->data, oid); + if( (PLHashEntry *)NULL == e ) { + nss_SetError(NSS_ERROR_NO_MEMORY); + goto loser; + } + +#ifdef DEBUG + if( PR_SUCCESS != oid_add_pointer(oid) ) { + goto loser; + } +#endif /* DEBUG */ + } + + return PR_SUCCESS; + + loser: + if( (PLHashTable *)NULL != oid_hash_table ) { + PL_HashTableDestroy(oid_hash_table); + oid_hash_table = (PLHashTable *)NULL; + } + + if( (PRLock *)NULL != oid_hash_lock ) { + PR_DestroyLock(oid_hash_lock); + oid_hash_lock = (PRLock *)NULL; + } + + if( (NSSArena *)NULL != oid_arena ) { + (void)nssArena_Destroy(oid_arena); + oid_arena = (NSSArena *)NULL; + } + + return PR_FAILURE; +} + +/* + * This is NSPR's once-block. + */ + +static PRCallOnceType oid_call_once; + +/* + * And this is our multiply-callable internal init routine, which + * will call-once our call-once function. + */ + +static PRStatus +oid_init +( + void +) +{ + return PR_CallOnce(&oid_call_once, oid_once_func); +} + +#ifdef DEBUG + +/* + * nssOID_verifyPointer + * + * This method is only present in debug builds. + * + * If the specified pointer is a valid pointer to an NSSOID object, + * this routine will return PR_SUCCESS. Otherwise, it will put an + * error on the error stack and return PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NSSOID + * NSS_ERROR_NO_MEMORY + * + * Return value: + * PR_SUCCESS if the pointer is valid + * PR_FAILURE if it isn't + */ + +NSS_EXTERN PRStatus +nssOID_verifyPointer +( + const NSSOID *oid +) +{ + PRStatus rv; + + rv = oid_init(); + if( PR_SUCCESS != rv ) { + return PR_FAILURE; + } + + rv = nssPointerTracker_initialize(&oid_pointer_tracker); + if( PR_SUCCESS != rv ) { + return PR_FAILURE; + } + + rv = nssPointerTracker_verify(&oid_pointer_tracker, oid); + if( PR_SUCCESS != rv ) { + nss_SetError(NSS_ERROR_INVALID_NSSOID); + return PR_FAILURE; + } + + return PR_SUCCESS; +} +#endif /* DEBUG */ + +/* + * oid_sanity_check_ber + * + * This routine merely applies some sanity-checking to the BER-encoded + * OID. + */ + +static PRStatus +oid_sanity_check_ber +( + NSSBER *berOid +) +{ + PRUint32 i; + PRUint8 *data = (PRUint8 *)berOid->data; + + /* + * The size must be longer than zero bytes. + */ + + if( berOid->size <= 0 ) { + return PR_FAILURE; + } + + /* + * In general, we can't preclude any number from showing up + * someday. We could probably guess that top-level numbers + * won't get very big (beyond the current ccitt(0), iso(1), + * or joint-ccitt-iso(2)). However, keep in mind that the + * encoding rules wrap the first two numbers together, as + * + * (first * 40) + second + * + * Also, it is noted in the specs that this implies that the + * second number won't go above forty. + * + * 128 encodes 3.8, which seems pretty safe for now. Let's + * check that the first byte is less than that. + * + * XXX This is a "soft check" -- we may want to exclude it. + */ + + if( data[0] >= 0x80 ) { + return PR_FAILURE; + } + + /* + * In a normalised format, leading 0x80s will never show up. + * This means that no 0x80 will be preceeded by the final + * byte of a sequence, which would naturaly be less than 0x80. + * Our internal encoding for the single-digit OIDs uses 0x80, + * but the only places we use them (loading the builtin table, + * and adding a UTF8-encoded OID) bypass this check. + */ + + for( i = 1; i < berOid->size; i++ ) { + if( (0x80 == data[i]) && (data[i-1] < 0x80) ) { + return PR_FAILURE; + } + } + + /* + * The high bit of each octet indicates that following octets + * are included in the current number. Thus the last byte can't + * have the high bit set. + */ + + if( data[ berOid->size-1 ] >= 0x80 ) { + return PR_FAILURE; + } + + /* + * Other than that, any byte sequence is legit. + */ + return PR_SUCCESS; +} + +/* + * nssOID_CreateFromBER + * + * This routine creates an NSSOID by decoding a BER- or DER-encoded + * OID. It may return NULL upon error, in which case it + * will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_BER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * An NSSOID upon success + */ + +NSS_EXTERN NSSOID * +nssOID_CreateFromBER +( + NSSBER *berOid +) +{ + NSSOID *rv; + PLHashEntry *e; + + if( PR_SUCCESS != oid_init() ) { + return (NSSOID *)NULL; + } + + if( PR_SUCCESS != oid_sanity_check_ber(berOid) ) { + nss_SetError(NSS_ERROR_INVALID_BER); + return (NSSOID *)NULL; + } + + /* + * Does it exist? + */ + PR_Lock(oid_hash_lock); + rv = (NSSOID *)PL_HashTableLookup(oid_hash_table, berOid); + (void)PR_Unlock(oid_hash_lock); + if( (NSSOID *)NULL != rv ) { + /* Found it! */ + return rv; + } + + /* + * Doesn't exist-- create it. + */ + rv = nss_ZNEW(oid_arena, NSSOID); + if( (NSSOID *)NULL == rv ) { + return (NSSOID *)NULL; + } + + rv->data.data = nss_ZAlloc(oid_arena, berOid->size); + if( (void *)NULL == rv->data.data ) { + return (NSSOID *)NULL; + } + + rv->data.size = berOid->size; + nsslibc_memcpy(rv->data.data, berOid->data, berOid->size); + +#ifdef DEBUG + rv->tag = "<runtime>"; + rv->expl = "(OID registered at runtime)"; +#endif /* DEBUG */ + + PR_Lock(oid_hash_lock); + e = PL_HashTableAdd(oid_hash_table, &rv->data, rv); + (void)PR_Unlock(oid_hash_lock); + if( (PLHashEntry *)NULL == e ) { + nss_ZFreeIf(rv->data.data); + nss_ZFreeIf(rv); + nss_SetError(NSS_ERROR_NO_MEMORY); + return (NSSOID *)NULL; + } + +#ifdef DEBUG + { + PRStatus st; + st = oid_add_pointer(rv); + if( PR_SUCCESS != st ) { + PR_Lock(oid_hash_lock); + (void)PL_HashTableRemove(oid_hash_table, &rv->data); + (void)PR_Unlock(oid_hash_lock); + (void)nss_ZFreeIf(rv->data.data); + (void)nss_ZFreeIf(rv); + return (NSSOID *)NULL; + } + } +#endif /* DEBUG */ + + return rv; +} + +/* + * oid_sanity_check_utf8 + * + * This routine merely applies some sanity-checking to the + * UTF8-encoded OID. + */ + +static PRStatus +oid_sanity_check_utf8 +( + NSSUTF8 *s +) +{ + /* + * It may begin with an octothorpe, which we skip. + */ + + if( '#' == *s ) { + s++; + } + + /* + * It begins with a number + */ + + if( (*s < '0') || (*s > '9') ) { + return PR_FAILURE; + } + + /* + * First number is only one digit long + * + * XXX This is a "soft check" -- we may want to exclude it + */ + + if( (s[1] != '.') && (s[1] != '\0') ) { + return PR_FAILURE; + } + + /* + * Every character is either a digit or a period + */ + + for( ; '\0' != *s; s++ ) { + if( ('.' != *s) && ((*s < '0') || (*s > '9')) ) { + return PR_FAILURE; + } + + /* No two consecutive periods */ + if( ('.' == *s) && ('.' == s[1]) ) { + return PR_FAILURE; + } + } + + /* + * The last character isn't a period + */ + + if( '.' == *--s ) { + return PR_FAILURE; + } + + return PR_SUCCESS; +} + +static PRUint32 +oid_encode_number +( + PRUint32 n, + PRUint8 *dp, + PRUint32 nb +) +{ + PRUint32 a[5]; + PRUint32 i; + PRUint32 rv; + + a[0] = (n >> 28) & 0x7f; + a[1] = (n >> 21) & 0x7f; + a[2] = (n >> 14) & 0x7f; + a[3] = (n >> 7) & 0x7f; + a[4] = n & 0x7f; + + for( i = 0; i < 5; i++ ) { + if( 0 != a[i] ) { + break; + } + } + + if( 5 == i ) { + i--; + } + + rv = 5-i; + if( rv > nb ) { + return rv; + } + + for( ; i < 4; i++ ) { + *dp = 0x80 | a[i]; + dp++; + } + + *dp = a[4]; + + return rv; +} + +/* + * oid_encode_huge + * + * This routine will convert a huge decimal number into the DER + * encoding for oid numbers. It is not limited to numbers that will + * fit into some wordsize, like oid_encode_number. But it's not + * necessarily very fast, either. This is here in case some joker + * throws us an ASCII oid like 1.2.3.99999999999999999999999999. + */ + +static PRUint32 +oid_encode_huge +( + NSSUTF8 *s, + NSSUTF8 *e, + PRUint8 *dp, + PRUint32 nb +) +{ + PRUint32 slen = (e-s); + PRUint32 blen = (slen+1)/2; + PRUint8 *st = (PRUint8 *)NULL; + PRUint8 *bd = (PRUint8 *)NULL; + PRUint32 i; + PRUint32 bitno; + PRUint8 *last; + PRUint8 *first; + PRUint32 byteno; + PRUint8 mask; + + /* We'll be munging the data, so duplicate it */ + st = (PRUint8 *)nss_ZAlloc((NSSArena *)NULL, slen); + if( (PRUint8 *)NULL == st ) { + return 0; + } + + /* Don't know ahead of time exactly how long we'll need */ + bd = (PRUint8 *)nss_ZAlloc((NSSArena *)NULL, blen); + if( (PRUint8 *)NULL == bd ) { + (void)nss_ZFreeIf(st); + return 0; + } + + /* Copy the original, and convert ASCII to numbers */ + for( i = 0; i < slen; i++ ) { + st[i] = (PRUint8)(s[i] - '0'); + } + + last = &st[slen-1]; + first = &st[0]; + + /* + * The way we create the binary version is by looking at it + * bit by bit. Start with the least significant bit. If the + * number is odd, set that bit. Halve the number (with integer + * division), and go to the next least significant bit. Keep + * going until the number goes to zero. + */ + for( bitno = 0; ; bitno++ ) { + PRUint8 *d; + + byteno = bitno/7; + mask = (PRUint8)(1 << (bitno%7)); + + /* Skip leading zeroes */ + for( ; first < last; first ++ ) { + if( 0 != *first ) { + break; + } + } + + /* Down to one number and it's a zero? Done. */ + if( (first == last) && (0 == *last) ) { + break; + } + + /* Last digit is odd? Set the bit */ + if( *last & 1 ) { + bd[ byteno ] |= mask; + } + + + /* + * Divide the number in half. This is just a matter + * of going from the least significant digit upwards, + * halving each one. If any digit is odd (other than + * the last, which has already been handled), add five + * to the digit to its right. + */ + *last /= 2; + + for( d = &last[-1]; d >= first; d-- ) { + if( *d & 1 ) { + d[1] += 5; + } + + *d /= 2; + } + } + + /* Is there room to write the encoded data? */ + if( (byteno+1) > nb ) { + return (byteno+1); + } + + /* Trim any leading zero that crept in there */ + for( ; byteno > 0; byteno-- ) { + if( 0 != bd[ byteno ] ) { + break; + } + } + + /* Copy all but the last, marking the "continue" bit */ + for( i = 0; i < byteno; i++ ) { + dp[i] = bd[ byteno-i ] | 0x80; + } + /* And the last with the "continue" bit clear */ + dp[byteno] = bd[0]; + + (void)nss_ZFreeIf(bd); + (void)nss_ZFreeIf(st); + return (byteno+1); +} + +/* + * oid_encode_string + * + * This routine converts a dotted-number OID into a DER-encoded + * one. It assumes we've already sanity-checked the string. + */ + +extern const NSSError NSS_ERROR_INTERNAL_ERROR; + +static NSSOID * +oid_encode_string +( + NSSUTF8 *s +) +{ + PRUint32 nn = 0; /* number of numbers */ + PRUint32 nb = 0; /* number of bytes (estimated) */ + NSSUTF8 *t; + PRUint32 nd = 0; /* number of digits */ + NSSOID *rv; + PRUint8 *dp; + PRUint32 a, b; + PRUint32 inc; + + /* Dump any octothorpe */ + if( '#' == *s ) { + s++; + } + + /* Count up the bytes needed */ + for( t = s; '\0' != *t; t++ ) { + if( '.' == *t ) { + nb += (nd+1)/2; /* errs on the big side */ + nd = 0; + nn++; + } else { + nd++; + } + } + nb += (nd+1)/2; + nn++; + + if( 1 == nn ) { + /* + * We have our own "denormalised" encoding for these, + * which is only used internally. + */ + nb++; + } + + /* + * Allocate. Note that we don't use the oid_arena here.. this is + * because there really isn't a "free()" for stuff allocated out of + * arenas (at least with the current implementation), so this would + * keep using up memory each time a UTF8-encoded OID were added. + * If need be (if this is the first time this oid has been seen), + * we'll copy it. + */ + rv = nss_ZNEW((NSSArena *)NULL, NSSOID); + if( (NSSOID *)NULL == rv ) { + return (NSSOID *)NULL; + } + + rv->data.data = nss_ZAlloc((NSSArena *)NULL, nb); + if( (void *)NULL == rv->data.data ) { + (void)nss_ZFreeIf(rv); + return (NSSOID *)NULL; + } + + dp = (PRUint8 *)rv->data.data; + + a = atoi(s); + + if( 1 == nn ) { + dp[0] = '\x80'; + inc = oid_encode_number(a, &dp[1], nb-1); + if( inc >= nb ) { + goto loser; + } + } else { + for( t = s; '.' != *t; t++ ) { + ; + } + + t++; + b = atoi(t); + inc = oid_encode_number(a*40+b, dp, nb); + if( inc > nb ) { + goto loser; + } + dp += inc; + nb -= inc; + nn -= 2; + + while( nn-- > 0 ) { + NSSUTF8 *u; + + for( ; '.' != *t; t++ ) { + ; + } + + t++; + + for( u = t; ('\0' != *u) && ('.' != *u); u++ ) { + ; + } + + if( (u-t > 9) ) { + /* In the billions. Rats. */ + inc = oid_encode_huge(t, u, dp, nb); + } else { + b = atoi(t); + inc = oid_encode_number(b, dp, nb); + } + + if( inc > nb ) { + goto loser; + } + dp += inc; + nb -= inc; + } + } + + return rv; + + loser: + nss_SetError(NSS_ERROR_INTERNAL_ERROR); + return (NSSOID *)NULL; +} + +/* + * nssOID_CreateFromUTF8 + * + * This routine creates an NSSOID by decoding a UTF8 string + * representation of an OID in dotted-number format. The string may + * optionally begin with an octothorpe. It may return NULL + * upon error, in which case it will have set an error on the error + * stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_STRING + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * An NSSOID upon success + */ + +NSS_EXTERN NSSOID * +nssOID_CreateFromUTF8 +( + NSSUTF8 *stringOid +) +{ + NSSOID *rv = (NSSOID *)NULL; + NSSOID *candidate = (NSSOID *)NULL; + PLHashEntry *e; + + if( PR_SUCCESS != oid_init() ) { + return (NSSOID *)NULL; + } + + if( PR_SUCCESS != oid_sanity_check_utf8(stringOid) ) { + nss_SetError(NSS_ERROR_INVALID_STRING); + return (NSSOID *)NULL; + } + + candidate = oid_encode_string(stringOid); + if( (NSSOID *)NULL == candidate ) { + /* Internal error only */ + return rv; + } + + /* + * Does it exist? + */ + PR_Lock(oid_hash_lock); + rv = (NSSOID *)PL_HashTableLookup(oid_hash_table, &candidate->data); + (void)PR_Unlock(oid_hash_lock); + if( (NSSOID *)NULL != rv ) { + /* Already exists. Delete my copy and return the original. */ + (void)nss_ZFreeIf(candidate->data.data); + (void)nss_ZFreeIf(candidate); + return rv; + } + + /* + * Nope. Add it. Remember to allocate it out of the oid arena. + */ + + rv = nss_ZNEW(oid_arena, NSSOID); + if( (NSSOID *)NULL == rv ) { + goto loser; + } + + rv->data.data = nss_ZAlloc(oid_arena, candidate->data.size); + if( (void *)NULL == rv->data.data ) { + goto loser; + } + + rv->data.size = candidate->data.size; + nsslibc_memcpy(rv->data.data, candidate->data.data, rv->data.size); + + (void)nss_ZFreeIf(candidate->data.data); + (void)nss_ZFreeIf(candidate); + +#ifdef DEBUG + rv->tag = "<runtime>"; + rv->expl = "(OID registered at runtime)"; +#endif /* DEBUG */ + + PR_Lock(oid_hash_lock); + e = PL_HashTableAdd(oid_hash_table, &rv->data, rv); + (void)PR_Unlock(oid_hash_lock); + if( (PLHashEntry *)NULL == e ) { + nss_SetError(NSS_ERROR_NO_MEMORY); + goto loser; + } + +#ifdef DEBUG + { + PRStatus st; + st = oid_add_pointer(rv); + if( PR_SUCCESS != st ) { + PR_Lock(oid_hash_lock); + (void)PL_HashTableRemove(oid_hash_table, &rv->data); + (void)PR_Unlock(oid_hash_lock); + goto loser; + } + } +#endif /* DEBUG */ + + return rv; + + loser: + if( (NSSOID *)NULL != candidate ) { + (void)nss_ZFreeIf(candidate->data.data); + } + (void)nss_ZFreeIf(candidate); + + if( (NSSOID *)NULL != rv ) { + (void)nss_ZFreeIf(rv->data.data); + } + (void)nss_ZFreeIf(rv); + + return (NSSOID *)NULL; +} + +/* + * nssOID_GetDEREncoding + * + * This routine returns the DER encoding of the specified NSSOID. + * If the optional arena argument is non-null, the memory used will + * be obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return return null upon error, in + * which case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_OID + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * The DER encoding of this NSSOID + */ + +NSS_EXTERN NSSDER * +nssOID_GetDEREncoding +( + const NSSOID *oid, + NSSDER *rvOpt, + NSSArena *arenaOpt +) +{ + const NSSItem *it; + NSSDER *rv; + + if( PR_SUCCESS != oid_init() ) { + return (NSSDER *)NULL; + } + +#ifdef NSSDEBUG + if( PR_SUCCESS != nssOID_verifyPointer(oid) ) { + return (NSSDER *)NULL; + } + + if( (NSSArena *)NULL != arenaOpt ) { + if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) { + return (NSSDER *)NULL; + } + } +#endif /* NSSDEBUG */ + + it = &oid->data; + + if( (NSSDER *)NULL == rvOpt ) { + rv = nss_ZNEW(arenaOpt, NSSDER); + if( (NSSDER *)NULL == rv ) { + return (NSSDER *)NULL; + } + } else { + rv = rvOpt; + } + + rv->data = nss_ZAlloc(arenaOpt, it->size); + if( (void *)NULL == rv->data ) { + if( rv != rvOpt ) { + (void)nss_ZFreeIf(rv); + } + return (NSSDER *)NULL; + } + + rv->size = it->size; + nsslibc_memcpy(rv->data, it->data, it->size); + + return rv; +} + +/* + * nssOID_GetUTF8Encoding + * + * This routine returns a UTF8 string containing the dotted-number + * encoding of the specified NSSOID. If the optional arena argument + * is non-null, the memory used will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. This routine + * may return null upon error, in which case it will have set an error + * on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_OID + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 string containing the dotted-digit encoding of + * this NSSOID + */ + +NSS_EXTERN NSSUTF8 * +nssOID_GetUTF8Encoding +( + const NSSOID *oid, + NSSArena *arenaOpt +) +{ + NSSUTF8 *rv; + PRUint8 *end; + PRUint8 *d; + PRUint8 *e; + char *a; + char *b; + PRUint32 len; + + if( PR_SUCCESS != oid_init() ) { + return (NSSUTF8 *)NULL; + } + +#ifdef NSSDEBUG + if( PR_SUCCESS != nssOID_verifyPointer(oid) ) { + return (NSSUTF8 *)NULL; + } + + if( (NSSArena *)NULL != arenaOpt ) { + if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) { + return (NSSUTF8 *)NULL; + } + } +#endif /* NSSDEBUG */ + + a = (char *)NULL; + + /* d will point to the next sequence of bytes to decode */ + d = (PRUint8 *)oid->data.data; + /* end points to one past the legitimate data */ + end = &d[ oid->data.size ]; + +#ifdef NSSDEBUG + /* + * Guarantee that the for(e=d;e<end;e++) loop below will + * terminate. Our BER sanity-checking code above will prevent + * such a BER from being registered, so the only other way one + * might show up is if our dotted-decimal encoder above screws + * up or our generated list is wrong. So I'll wrap it with + * #ifdef NSSDEBUG and #endif. + */ + if( end[-1] & 0x80 ) { + nss_SetError(NSS_ERROR_INTERNAL_ERROR); + return (NSSUTF8 *)NULL; + } +#endif /* NSSDEBUG */ + + /* + * Check for our pseudo-encoded single-digit OIDs + */ + if( (*d == 0x80) && (2 == oid->data.size) ) { + /* Funky encoding. The second byte is the number */ + a = PR_smprintf("%lu", (PRUint32)d[1]); + if( (char *)NULL == a ) { + nss_SetError(NSS_ERROR_NO_MEMORY); + return (NSSUTF8 *)NULL; + } + goto done; + } + + for( ; d < end; d = &e[1] ) { + + for( e = d; e < end; e++ ) { + if( 0 == (*e & 0x80) ) { + break; + } + } + + if( ((e-d) > 4) || (((e-d) == 4) && (*d & 0x70)) ) { + /* More than a 32-bit number */ + } else { + PRUint32 n = 0; + + switch( e-d ) { + case 4: + n |= ((PRUint32)(e[-4] & 0x0f)) << 28; + case 3: + n |= ((PRUint32)(e[-3] & 0x7f)) << 21; + case 2: + n |= ((PRUint32)(e[-2] & 0x7f)) << 14; + case 1: + n |= ((PRUint32)(e[-1] & 0x7f)) << 7; + case 0: + n |= ((PRUint32)(e[-0] & 0x7f)) ; + } + + if( (char *)NULL == a ) { + /* This is the first number.. decompose it */ + PRUint32 one = (n/40), two = (n%40); + + a = PR_smprintf("%lu.%lu", one, two); + if( (char *)NULL == a ) { + nss_SetError(NSS_ERROR_NO_MEMORY); + return (NSSUTF8 *)NULL; + } + } else { + b = PR_smprintf("%s.%lu", a, n); + if( (char *)NULL == b ) { + PR_smprintf_free(a); + nss_SetError(NSS_ERROR_NO_MEMORY); + return (NSSUTF8 *)NULL; + } + + PR_smprintf_free(a); + a = b; + } + } + } + + done: + /* + * Even if arenaOpt is NULL, we have to copy the data so that + * it'll be freed with the right version of free: ours, not + * PR_smprintf_free's. + */ + len = PL_strlen(a); + rv = (NSSUTF8 *)nss_ZAlloc(arenaOpt, len); + if( (NSSUTF8 *)NULL == rv ) { + PR_smprintf_free(a); + return (NSSUTF8 *)NULL; + } + + nsslibc_memcpy(rv, a, len); + PR_smprintf_free(a); + + return rv; +} + +/* + * nssOID_getExplanation + * + * This method is only present in debug builds. + * + * This routine will return a static pointer to a UTF8-encoded string + * describing (in English) the specified OID. The memory pointed to + * by the return value is not owned by the caller, and should not be + * freed or modified. Note that explanations are only provided for + * the OIDs built into the NSS library; there is no way to specify an + * explanation for dynamically created OIDs. This routine is intended + * only for use in debugging tools such as "derdump." This routine + * may return null upon error, in which case it will have placed an + * error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NSSOID + * + * Return value: + * NULL upon error + * A static pointer to a readonly, non-caller-owned UTF8-encoded + * string explaining the specified OID. + */ + +#ifdef DEBUG +NSS_EXTERN const NSSUTF8 * +nssOID_getExplanation +( + NSSOID *oid +) +{ + if( PR_SUCCESS != oid_init() ) { + return (const NSSUTF8 *)NULL; + } + +#ifdef NSSDEBUG + if( PR_SUCCESS != nssOID_verifyPointer(oid) ) { + return (NSSUTF8 *)NULL; + } +#endif /* NSSDEBUG */ + + return oid->expl; +} + +extern const NSSError NSS_ERROR_INVALID_NSSOID; +#endif /* DEBUG */ + +/* + * nssOID_getTaggedUTF8 + * + * This method is only present in debug builds. + * + * This routine will return a pointer to a caller-owned UTF8-encoded + * string containing a tagged encoding of the specified OID. Note + * that OID (component) tags are only provided for the OIDs built + * into the NSS library; there is no way to specify tags for + * dynamically created OIDs. This routine is intended for use in + * debugging tools such as "derdump." If the optional arena argument + * is non-null, the memory used will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. This routine + * may return return null upon error, in which case it will have set + * an error on the error stack. + * + * The error may be one of the following values + * NSS_ERROR_INVALID_NSSOID + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 string containing the tagged encoding of + * this NSSOID + */ + +#ifdef DEBUG +NSS_EXTERN NSSUTF8 * +nssOID_getTaggedUTF8 +( + NSSOID *oid, + NSSArena *arenaOpt +) +{ + NSSUTF8 *rv; + char *raw; + char *c; + char *a = (char *)NULL; + char *b; + PRBool done = PR_FALSE; + PRUint32 len; + + if( PR_SUCCESS != oid_init() ) { + return (NSSUTF8 *)NULL; + } + +#ifdef NSSDEBUG + if( PR_SUCCESS != nssOID_verifyPointer(oid) ) { + return (NSSUTF8 *)NULL; + } + + if( (NSSArena *)NULL != arenaOpt ) { + if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) { + return (NSSUTF8 *)NULL; + } + } +#endif /* NSSDEBUG */ + + a = PR_smprintf("{"); + if( (char *)NULL == a ) { + nss_SetError(NSS_ERROR_NO_MEMORY); + return (NSSUTF8 *)NULL; + } + + /* + * What I'm doing here is getting the text version of the OID, + * e.g. 1.2.12.92, then looking up each set of leading numbers + * as oids.. e.g. "1," then "1.2," then "1.2.12," etc. Each of + * those will have the leaf tag, and I just build up the string. + * I never said this was the most efficient way of doing it, + * but hey it's a debug-build thing, and I'm getting really tired + * of writing this stupid low-level PKI code. + */ + + /* I know it's all ASCII, so I can use char */ + raw = (char *)nssOID_GetUTF8Encoding(oid, (NSSArena *)NULL); + if( (char *)NULL == raw ) { + return (NSSUTF8 *)NULL; + } + + for( c = raw; !done; c++ ) { + NSSOID *lead; + char *lastdot; + + for( ; '.' != *c; c++ ) { + if( '\0' == *c ) { + done = PR_TRUE; + break; + } + } + + *c = '\0'; + lead = nssOID_CreateFromUTF8((NSSUTF8 *)raw); + if( (NSSOID *)NULL == lead ) { + PR_smprintf_free(a); + nss_ZFreeIf(raw); + nss_SetError(NSS_ERROR_NO_MEMORY); + return (NSSUTF8 *)NULL; + } + + lastdot = PL_strrchr(raw, '.'); + if( (char *)NULL == lastdot ) { + lastdot = raw; + } + + b = PR_smprintf("%s %s(%s) ", a, lead->tag, &lastdot[1]); + if( (char *)NULL == b ) { + PR_smprintf_free(a); + nss_ZFreeIf(raw); + /* drop the OID reference on the floor */ + nss_SetError(NSS_ERROR_NO_MEMORY); + return (NSSUTF8 *)NULL; + } + + PR_smprintf_free(a); + a = b; + + if( !done ) { + *c = '.'; + } + } + + nss_ZFreeIf(raw); + + b = PR_smprintf("%s }", a); + if( (char *)NULL == b ) { + PR_smprintf_free(a); + nss_SetError(NSS_ERROR_NO_MEMORY); + return (NSSUTF8 *)NULL; + } + + len = PL_strlen(b); + + rv = (NSSUTF8 *)nss_ZAlloc(arenaOpt, len+1); + if( (NSSUTF8 *)NULL == rv ) { + PR_smprintf_free(b); + return (NSSUTF8 *)NULL; + } + + nsslibc_memcpy(rv, b, len); + PR_smprintf_free(b); + + return rv; +} + +extern const NSSError NSS_ERROR_INVALID_NSSOID; +extern const NSSError NSS_ERROR_NO_MEMORY; +#endif /* DEBUG */ diff --git a/security/nss/lib/pki1/oidgen.perl b/security/nss/lib/pki1/oidgen.perl new file mode 100755 index 000000000..959e3cbaf --- /dev/null +++ b/security/nss/lib/pki1/oidgen.perl @@ -0,0 +1,311 @@ +#!perl +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# +$cvs_id = '@(#) $RCSfile$ $Revision$ $Date$ $Name$'; + +$count = -1; +while(<>) { + s/^((?:[^"#]+|"[^"]*")*)(\s*#.*$)/$1/; + next if (/^\s*$/); + + /^([\S]+)\s+([^"][\S]*|"[^"]*")/; + $name = $1; + $value = $2; + # This is certainly not the best way to dequote the data. + $value =~ s/"//g; + + if( $name =~ "OID" ) { + $count++; + $x[$count]{$name} = $value; + $enc = encodeoid($value); + $x[$count]{" encoding"} = escapeoid($enc); + $x[$count]{" encoding length"} = length($enc); + } else { + if( $count < 0 ) { + $g{$name} = $value; + } else { + $x[$count]{$name} = $value; + } + } +} + +# dodump(); +doprint(); + +sub dodump { +for( $i = 0; $i <= $count; $i++ ) { + print "number $i:\n"; + %y = %{$x[$i]}; + while(($n,$v) = each(%y)) { + print "\t$n ==> $v\n"; + } +} +} + +sub doprint { +open(CFILE, ">oiddata.c") || die "Can't open oiddata.c: $!"; +open(HFILE, ">oiddata.h") || die "Can't open oiddata.h: $!"; + +print CFILE <<EOD +/* THIS IS A GENERATED FILE */ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ +#ifdef DEBUG +static const char CVS_ID[] = "$g{CVS_ID} ; $cvs_id"; +#endif /* DEBUG */ + +#ifndef PKI1T_H +#include "pki1t.h" +#endif /* PKI1T_H */ + +const NSSOID nss_builtin_oids[] = { +EOD + ; + +for( $i = 0; $i <= $count; $i++ ) { + %y = %{$x[$i]}; + print CFILE " {\n"; + print CFILE "#ifdef DEBUG\n"; + print CFILE " \"$y{TAG}\",\n"; + print CFILE " \"$y{EXPL}\",\n"; + print CFILE "#endif /* DEBUG */\n"; + print CFILE " { \"", $y{" encoding"}; + print CFILE "\", ", $y{" encoding length"}, " }\n"; + + if( $i == $count ) { + print CFILE " }\n"; + } else { + print CFILE " },\n"; + } +} + +print CFILE "};\n\n"; + +print CFILE "const PRUint32 nss_builtin_oid_count = ", ($count+1), ";\n\n"; + +for( $i = 0; $i <= $count; $i++ ) { + %y = %{$x[$i]}; + if( defined($y{NAME}) ) { + print CFILE "const NSSOID *$y{NAME} = (NSSOID *)&nss_builtin_oids[$i];\n"; + } +} + +print CFILE "\n"; + +$attrcount = -1; +for( $i = 0; $i <= $count; $i++ ) { + %y = %{$x[$i]}; + if( defined($y{ATTR}) ) { + if( defined($y{NAME}) ) { + $attrcount++; + $attr[$attrcount]{ATTR} = $y{ATTR}; + $attr[$attrcount]{NAME} = $y{NAME}; + } else { + warn "Attribute $y{ATTR} has no name, and will be omitted!"; + } + } +} + +print CFILE "const nssAttributeTypeAliasTable nss_attribute_type_aliases[] = {\n"; + +for( $i = 0; $i <= $attrcount; $i++ ) { + %y = %{$attr[$i]}; + print CFILE " {\n"; + print CFILE " \"$y{ATTR}\",\n"; + print CFILE " &$y{NAME}\n"; + + if( $i == $attrcount ) { + print CFILE " }\n"; + } else { + print CFILE " },\n"; + } +} + +print CFILE "};\n\n"; + +print CFILE "const PRUint32 nss_attribute_type_alias_count = ", ($attrcount+1), ";\n\n"; + +print HFILE <<EOD +/* THIS IS A GENERATED FILE */ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#ifndef OIDDATA_H +#define OIDDATA_H + +#ifdef DEBUG +static const char OIDDATA_CVS_ID[] = "$g{CVS_ID} ; $cvs_id"; +#endif /* DEBUG */ + +#ifndef NSSPKI1T_H +#include "nsspki1t.h" +#endif /* NSSPKI1T_H */ + +extern const NSSOID nss_builtin_oids[]; +extern const PRUint32 nss_builtin_oid_count; + +/*extern const nssAttributeTypeAliasTable nss_attribute_type_aliases[];*/ +/*extern const PRUint32 nss_attribute_type_alias_count;*/ + +EOD + ; + +for( $i = 0; $i <= $count; $i++ ) { + %y = %{$x[$i]}; + if( defined($y{NAME}) ) { + print HFILE "extern const NSSOID *$y{NAME};\n"; + } +} + +print HFILE <<EOD + +#endif /* OIDDATA_H */ +EOD + ; + +close CFILE; +close HFILE; +} + +sub encodenum { + my $v = $_[0]; + my @d; + my $i; + my $rv = ""; + + while( $v > 128 ) { + push @d, ($v % 128); + $v /= 128; + }; + push @d, ($v%128); + + for( $i = @d-1; $i > 0; $i-- ) { + $rv = $rv . chr(128 + $d[$i]); + } + + $rv = $rv . chr($d[0]); + + return $rv; +} + +sub encodeoid { + my @o = split(/\./, $_[0]); + my $rv = ""; + my $i; + + if( @o < 2 ) { + # NSS's special "illegal" encoding + return chr(128) . encodenum($o[0]); + } + + $rv = encodenum($o[0] * 40 + $o[1]); + shift @o; shift @o; + + foreach $i (@o) { + $rv = $rv . encodenum($i); + } + + return $rv; +} + +sub escapeoid { + my @v = unpack("C*", $_[0]); + my $a; + my $rv = ""; + + foreach $a (@v) { + $rv = $rv . sprintf("\\x%02x", $a); + } + + return $rv; +} diff --git a/security/nss/lib/pki1/oids.txt b/security/nss/lib/pki1/oids.txt new file mode 100644 index 000000000..df7b3ab28 --- /dev/null +++ b/security/nss/lib/pki1/oids.txt @@ -0,0 +1,2115 @@ +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# +CVS_ID "@(#) $RCSfile$ $Revision$ $Date$ $Name$" + +# Fields +# OID -- the OID data itself, in dotted-number format +# TAG -- the unofficial but common name. e.g., when written like +# { joint-iso-ccitt(2) country(16) US(840) company(1) netscape(113730) } +# those words ("joint-iso-ccitt," "country," etc.) are the tags. +# EXPL -- a textual explanation, that should stand by itself +# NAME -- the name we use in our code. If no NAME is given, it won't be included +# +# Additionally, some sets of OIDs map to some other spaces.. +# additional fields capture that data: +# +# CKM -- the corresponding Cryptoki Mechanism, if any +# CKK -- the corresponding Cryptoki Key type, if any +# ATTR -- the UTF-8 attribute type encoding, if applicable +# it should be in the standard presentation style (e.g., lowercase), +# already-escaped a la RFC 2253 if necessary (which would only +# be necessary if some idiot defined an attribute with, say, +# an equals sign in it) +# CERT_EXTENSION -- SUPPORTED or UNSUPPORTED certificate extension, if applicable + +# Top of the OID tree -- see http://www.alvestrand.no/objectid/top.html +# +OID 0 +TAG ccitt # ITU-T used to be called CCITT +EXPL "ITU-T" + +# See X.208 Annex C for an explanation of the OIDs below ccitt/itu-t + +OID 0.0 +TAG recommendation +EXPL "ITU-T Recommendation" + +OID 0.1 +TAG question +EXPL "ITU-T Question" + +OID 0.2 +TAG administration +EXPL "ITU-T Administration" + +OID 0.3 +TAG network-operator +EXPL "ITU-T Network Operator" + +OID 0.4 +TAG identified-organization +EXPL "ITU-T Identified Organization" + +OID 0.9 # used in some RFCs (unofficial!) +TAG data +EXPL "RFC Data" + +OID 0.9.2342 +TAG pss +EXPL "PSS British Telecom X.25 Network" + +OID 0.9.2342.19200300 +TAG ucl +EXPL "RFC 1274 UCL Data networks" + +OID 0.9.2342.19200300.100 +TAG pilot +EXPL "RFC 1274 pilot" + +OID 0.9.2342.19200300.100.1 +TAG attributeType +EXPL "RFC 1274 Attribute Type" + +OID 0.9.2342.19200300.100.1.1 +TAG uid +EXPL "RFC 1274 User Id" +NAME NSS_OID_RFC1274_UID +ATTR "uid" + +OID 0.9.2342.19200300.100.1.3 +TAG mail +EXPL "RFC 1274 E-mail Addres" +NAME NSS_OID_RFC1274_EMAIL +ATTR "mail" # XXX fgmr + +OID 0.9.2342.19200300.100.1.25 +TAG dc +EXPL "RFC 2247 Domain Component" +NAME NSS_OID_RFC2247_DC +ATTR "dc" + +OID 0.9.2342.19200300.100.3 +TAG attributeSyntax +EXPL "RFC 1274 Attribute Syntax" + +OID 0.9.2342.19200300.100.3.4 +TAG iA5StringSyntax +EXPL "RFC 1274 IA5 String Attribute Syntax" + +OID 0.9.2342.19200300.100.3.5 +TAG caseIgnoreIA5StringSyntax +EXPL "RFC 1274 Case-Ignore IA5 String Attribute Syntax" + +OID 0.9.2342.19200300.100.4 +TAG objectClass +EXPL "RFC 1274 Object Class" + +OID 0.9.2342.19200300.100.10 +TAG groups +EXPL "RFC 1274 Groups" + +OID 0.9.2342.234219200300 +TAG ucl +EXPL "RFC 1327 ucl" + +OID 1 +TAG iso +EXPL "ISO" + +# See X.208 Annex B for an explanation of the OIDs below iso + +OID 1.0 +TAG standard +EXPL "ISO Standard" + +OID 1.1 +TAG registration-authority +EXPL "ISO Registration Authority" + +OID 1.2 +TAG member-body +EXPL "ISO Member Body" + +OID 1.2.36 +TAG australia +EXPL "Australia (ISO)" + +OID 1.2.158 +TAG taiwan +EXPL "Taiwan (ISO)" + +OID 1.2.372 +TAG ireland +EXPL "Ireland (ISO)" + +OID 1.2.578 +TAG norway +EXPL "Norway (ISO)" + +OID 1.2.752 +TAG sweden +EXPL "Sweden (ISO)" + +OID 1.2.826 +TAG great-britain +EXPL "Great Britain (ISO)" + +OID 1.2.840 +TAG us +EXPL "United States (ISO)" + +OID 1.2.840.1 +TAG organization +EXPL "US (ISO) organization" + +OID 1.2.840.10003 +TAG ansi-z30-50 +EXPL "ANSI Z39.50" + +OID 1.2.840.10008 +TAG dicom +EXPL "DICOM" + +OID 1.2.840.10017 +TAG ieee-1224 +EXPL "IEEE 1224" + +OID 1.2.840.10022 +TAG ieee-802-10 +EXPL "IEEE 802.10" + +OID 1.2.840.10036 +TAG ieee-802-11 +EXPL "IEEE 802.11" + +OID 1.2.840.10040 +TAG x9-57 +EXPL "ANSI X9.57" + +# RFC 2459: +# +# holdInstruction OBJECT IDENTIFIER ::= +# {iso(1) member-body(2) us(840) x9cm(10040) 2} +# +# Note that the appendices of RFC 2459 define the (wrong) value +# of 2.2.840.10040.2 for this oid. +OID 1.2.840.10040.2 +TAG holdInstruction +EXPL "ANSI X9.57 Hold Instruction" + +# RFC 2459: +# +# id-holdinstruction-none OBJECT IDENTIFIER ::= +# {holdInstruction 1} -- deprecated +OID 1.2.840.10040.2.1 +TAG id-holdinstruction-none +EXPL "ANSI X9.57 Hold Instruction: None" + +# RFC 2459: +# +# id-holdinstruction-callissuer OBJECT IDENTIFIER ::= +# {holdInstruction 2} +OID 1.2.840.10040.2.2 +TAG id-holdinstruction-callissuer +EXPL "ANSI X9.57 Hold Instruction: Call Issuer" + +# RFC 2459: +# +# id-holdinstruction-reject OBJECT IDENTIFIER ::= +# {holdInstruction 3} +OID 1.2.840.10040.2.3 +TAG id-holdinstruction-reject +EXPL "ANSI X9.57 Hold Instruction: Reject" + +OID 1.2.840.10040.4 +TAG x9algorithm +EXPL "ANSI X9.57 Algorithm" + +# RFC 2459: +# +# id-dsa OBJECT IDENTIFIER ::= { +# iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 } +OID 1.2.840.10040.4.1 +TAG id-dsa +EXPL "ANSI X9.57 DSA Signature" +NAME NSS_OID_ANSIX9_DSA_SIGNATURE +CKM CKM_DSA +CKK CKK_DSA + +# RFC 2459: +# +# id-dsa-with-sha1 OBJECT IDENTIFIER ::= { +# iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 } +OID 1.2.840.10040.4.3 +TAG id-dsa-with-sha1 +EXPL "ANSI X9.57 Algorithm DSA Signature with SHA-1 Digest" +NAME NSS_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST +CKM CKM_DSA_SHA1 + +OID 1.2.840.10046 +TAG x942 +EXPL "ANSI X9.42" + +OID 1.2.840.10046.2 +TAG algorithm +EXPL "ANSI X9.42 Algorithm" + +# RFC 2459: +# +# dhpublicnumber OBJECT IDENTIFIER ::= { +# iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1 } +OID 1.2.840.10046.2.1 +TAG dhpublicnumber +EXPL "Diffie-Hellman Public Key Algorithm" +NAME NSS_OID_X942_DIFFIE_HELMAN_KEY +CKM CKM_DH_PKCS_DERIVE +CKK CKK_DH + +OID 1.2.840.113533 +TAG entrust +EXPL "Entrust Technologies" + +OID 1.2.840.113549 +TAG rsadsi +EXPL "RSA Data Security Inc." + +OID 1.2.840.113549.1 +# http://www.rsa.com/rsalabs/pubs/PKCS/ +TAG pkcs +EXPL "PKCS" + +# RFC 2459: +# +# pkcs-1 OBJECT IDENTIFIER ::= { +# iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } +OID 1.2.840.113549.1.1 +# ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-1.asc +TAG pkcs-1 +EXPL "PKCS #1" + +# RFC 2459: +# +# rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } +OID 1.2.840.113549.1.1.1 +TAG rsaEncryption +EXPL "PKCS #1 RSA Encryption" +NAME NSS_OID_PKCS1_RSA_ENCRYPTION +CKM CKM_RSA_PKCS +CKK CKK_RSA + +# RFC 2459: +# +# md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 } +OID 1.2.840.113549.1.1.2 +TAG md2WithRSAEncryption +EXPL "PKCS #1 MD2 With RSA Encryption" +NAME NSS_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION +CKM CKM_MD2_RSA_PKCS + +OID 1.2.840.113549.1.1.3 +TAG md4WithRSAEncryption +EXPL "PKCS #1 MD4 With RSA Encryption" +NAME NSS_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION +# No CKM! + +# RFC 2459: +# +# md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 } +OID 1.2.840.113549.1.1.4 +TAG md5WithRSAEncryption +EXPL "PKCS #1 MD5 With RSA Encryption" +NAME NSS_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION +CKM CKM_MD5_RSA_PKCS + +# RFC 2459: +# +# sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 } +OID 1.2.840.113549.1.1.5 +TAG sha1WithRSAEncryption +EXPL "PKCS #1 SHA-1 With RSA Encryption" +NAME NSS_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION +CKM CKM_SHA1_RSA_PKCS + +OID 1.2.840.113549.1.5 +# ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-5.asc +TAG pkcs-5 +EXPL "PKCS #5" + +OID 1.2.840.113549.1.5.1 +TAG pbeWithMD2AndDES-CBC +EXPL "PKCS #5 Password Based Encryption With MD2 and DES-CBC" +NAME NSS_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC +CKM CKM_PBE_MD2_DES_CBC + +OID 1.2.840.113549.1.5.3 +TAG pbeWithMD5AndDES-CBC +EXPL "PKCS #5 Password Based Encryption With MD5 and DES-CBC" +NAME NSS_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC +CKM CKM_PBE_MD5_DES_CBC + +OID 1.2.840.113549.1.5.10 +TAG pbeWithSha1AndDES-CBC +EXPL "PKCS #5 Password Based Encryption With SHA-1 and DES-CBC" +NAME NSS_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC +CKM CKM_NETSCAPE_PBE_SHA1_DES_CBC + +OID 1.2.840.113549.1.7 +# ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-7.asc +TAG pkcs-7 +EXPL "PKCS #7" +NAME NSS_OID_PKCS7 + +OID 1.2.840.113549.1.7.1 +TAG data +EXPL "PKCS #7 Data" +NAME NSS_OID_PKCS7_DATA + +OID 1.2.840.113549.1.7.2 +TAG signedData +EXPL "PKCS #7 Signed Data" +NAME NSS_OID_PKCS7_SIGNED_DATA + +OID 1.2.840.113549.1.7.3 +TAG envelopedData +EXPL "PKCS #7 Enveloped Data" +NAME NSS_OID_PKCS7_ENVELOPED_DATA + +OID 1.2.840.113549.1.7.4 +TAG signedAndEnvelopedData +EXPL "PKCS #7 Signed and Enveloped Data" +NAME NSS_OID_PKCS7_SIGNED_ENVELOPED_DATA + +OID 1.2.840.113549.1.7.5 +TAG digestedData +EXPL "PKCS #7 Digested Data" +NAME NSS_OID_PKCS7_DIGESTED_DATA + +OID 1.2.840.113549.1.7.6 +TAG encryptedData +EXPL "PKCS #7 Encrypted Data" +NAME NSS_OID_PKCS7_ENCRYPTED_DATA + +# RFC 2459: +# +# pkcs-9 OBJECT IDENTIFIER ::= +# { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } +OID 1.2.840.113549.1.9 +# ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-9.asc +TAG pkcs-9 +EXPL "PKCS #9" + +# RFC 2459: +# +# emailAddress AttributeType ::= { pkcs-9 1 } +OID 1.2.840.113549.1.9.1 +TAG emailAddress +EXPL "PKCS #9 Email Address" +NAME NSS_OID_PKCS9_EMAIL_ADDRESS + +OID 1.2.840.113549.1.9.2 +TAG unstructuredName +EXPL "PKCS #9 Unstructured Name" +NAME NSS_OID_PKCS9_UNSTRUCTURED_NAME + +OID 1.2.840.113549.1.9.3 +TAG contentType +EXPL "PKCS #9 Content Type" +NAME NSS_OID_PKCS9_CONTENT_TYPE + +OID 1.2.840.113549.1.9.4 +TAG messageDigest +EXPL "PKCS #9 Message Digest" +NAME NSS_OID_PKCS9_MESSAGE_DIGEST + +OID 1.2.840.113549.1.9.5 +TAG signingTime +EXPL "PKCS #9 Signing Time" +NAME NSS_OID_PKCS9_SIGNING_TIME + +OID 1.2.840.113549.1.9.6 +TAG counterSignature +EXPL "PKCS #9 Counter Signature" +NAME NSS_OID_PKCS9_COUNTER_SIGNATURE + +OID 1.2.840.113549.1.9.7 +TAG challengePassword +EXPL "PKCS #9 Challenge Password" +NAME NSS_OID_PKCS9_CHALLENGE_PASSWORD + +OID 1.2.840.113549.1.9.8 +TAG unstructuredAddress +EXPL "PKCS #9 Unstructured Address" +NAME NSS_OID_PKCS9_UNSTRUCTURED_ADDRESS + +OID 1.2.840.113549.1.9.9 +TAG extendedCertificateAttributes +EXPL "PKCS #9 Extended Certificate Attributes" +NAME NSS_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES + +OID 1.2.840.113549.1.9.15 +TAG sMIMECapabilities +EXPL "PKCS #9 S/MIME Capabilities" +NAME NSS_OID_PKCS9_SMIME_CAPABILITIES + +OID 1.2.840.113549.1.9.20 +TAG friendlyName +EXPL "PKCS #9 Friendly Name" +NAME NSS_OID_PKCS9_FRIENDLY_NAME + +OID 1.2.840.113549.1.9.21 +TAG localKeyID +EXPL "PKCS #9 Local Key ID" +NAME NSS_OID_PKCS9_LOCAL_KEY_ID + +OID 1.2.840.113549.1.9.22 +TAG certTypes +EXPL "PKCS #9 Certificate Types" + +OID 1.2.840.113549.1.9.22.1 +TAG x509Certificate +EXPL "PKCS #9 Certificate Type = X.509" +NAME NSS_OID_PKCS9_X509_CERT + +OID 1.2.840.113549.1.9.22.2 +TAG sdsiCertificate +EXPL "PKCS #9 Certificate Type = SDSI" +NAME NSS_OID_PKCS9_SDSI_CERT + +OID 1.2.840.113549.1.9.23 +TAG crlTypes +EXPL "PKCS #9 Certificate Revocation List Types" + +OID 1.2.840.113549.1.9.23.1 +TAG x509Crl +EXPL "PKCS #9 CRL Type = X.509" +NAME NSS_OID_PKCS9_X509_CRL + +OID 1.2.840.113549.1.12 +# http://www.rsa.com/rsalabs/pubs/PKCS/html/pkcs-12.html +# NOTE -- PKCS #12 multiple contradictory +# documents exist. Somebody go figure out the canonical +# OID list, keeping in mind backwards-compatability.. +TAG pkcs-12 +EXPL "PKCS #12" +NAME NSS_OID_PKCS12 + +OID 1.2.840.113549.1.12.1 +TAG pkcs-12PbeIds +EXPL "PKCS #12 Password Based Encryption IDs" +NAME NSS_OID_PKCS12_PBE_IDS +# We called it SEC_OID_PKCS12_MODE_IDS + +OID 1.2.840.113549.1.12.1.1 +TAG pbeWithSHA1And128BitRC4 +EXPL "PKCS #12 Password Based Encryption With SHA-1 and 128-bit RC4" +NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4 +CKM CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4 +# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4 + +OID 1.2.840.113549.1.12.1.2 +TAG pbeWithSHA1And40BitRC4 +EXPL "PKCS #12 Password Based Encryption With SHA-1 and 40-bit RC4" +NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4 +CKM CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4 +# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4 + +OID 1.2.840.113549.1.12.1.3 +TAG pbeWithSHA1And3-KeyTripleDES-CBC +EXPL "PKCS #12 Password Based Encryption With SHA-1 and 3-key Triple DES-CBC" +NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_3_KEY_TRIPLE_DES_CBC +CKM CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC +# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC + +OID 1.2.840.113549.1.12.1.4 +TAG pbeWithSHA1And2-KeyTripleDES-CBC +EXPL "PKCS #12 Password Based Encryption With SHA-1 and 2-key Triple DES-CBC" +NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_2_KEY_TRIPLE_DES_CBC +CKM CKM_PBE_SHA1_DES2_EDE_CBC +# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC + +OID 1.2.840.113549.1.12.1.5 +TAG pbeWithSHA1And128BitRC2-CBC +EXPL "PKCS #12 Password Based Encryption With SHA-1 and 128-bit RC2-CBC" +NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC +CKM CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC +# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC + +OID 1.2.840.113549.1.12.1.6 +TAG pbeWithSHA1And40BitRC2-CBC +EXPL "PKCS #12 Password Based Encryption With SHA-1 and 40-bit RC2-CBC" +NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC +CKM CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC +# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC + +OID 1.2.840.113549.1.12.2 +TAG pkcs-12EspvkIds +EXPL "PKCS #12 ESPVK IDs" +# We called it SEC_OID_PKCS12_ESPVK_IDS + +OID 1.2.840.113549.1.12.2.1 +TAG pkcs8-key-shrouding +EXPL "PKCS #12 Key Shrouding" +# We called it SEC_OID_PKCS12_PKCS8_KEY_SHROUDING + +OID 1.2.840.113549.1.12.3 +TAG draft1Pkcs-12Bag-ids +EXPL "Draft 1.0 PKCS #12 Bag IDs" +# We called it SEC_OID_PKCS12_BAG_IDS + +OID 1.2.840.113549.1.12.3.1 +TAG keyBag +EXPL "Draft 1.0 PKCS #12 Key Bag" +# We called it SEC_OID_PKCS12_KEY_BAG_ID + +OID 1.2.840.113549.1.12.3.2 +TAG certAndCRLBagId +EXPL "Draft 1.0 PKCS #12 Cert and CRL Bag ID" +# We called it SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID + +OID 1.2.840.113549.1.12.3.3 +TAG secretBagId +EXPL "Draft 1.0 PKCS #12 Secret Bag ID" +# We called it SEC_OID_PKCS12_SECRET_BAG_ID + +OID 1.2.840.113549.1.12.3.4 +TAG safeContentsId +EXPL "Draft 1.0 PKCS #12 Safe Contents Bag ID" +# We called it SEC_OID_PKCS12_SAFE_CONTENTS_ID + +OID 1.2.840.113549.1.12.3.5 +TAG pkcs-8ShroudedKeyBagId +EXPL "Draft 1.0 PKCS #12 PKCS #8-shrouded Key Bag ID" +# We called it SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID + +OID 1.2.840.113549.1.12.4 +TAG pkcs-12CertBagIds +EXPL "PKCS #12 Certificate Bag IDs" +# We called it SEC_OID_PKCS12_CERT_BAG_IDS + +OID 1.2.840.113549.1.12.4.1 +TAG x509CertCRLBagId +EXPL "PKCS #12 X.509 Certificate and CRL Bag" +# We called it SEC_OID_PKCS12_X509_CERT_CRL_BAG + +OID 1.2.840.113549.1.12.4.2 +TAG SDSICertBagID +EXPL "PKCS #12 SDSI Certificate Bag" +# We called it SEC_OID_PKCS12_SDSI_CERT_BAG + +OID 1.2.840.113549.1.12.5 +TAG pkcs-12Oids +EXPL "PKCS #12 OIDs (XXX)" +# We called it SEC_OID_PKCS12_OIDS + +OID 1.2.840.113549.1.12.5.1 +TAG pkcs-12PbeIds +EXPL "PKCS #12 OIDs PBE IDs (XXX)" +# We called it SEC_OID_PKCS12_PBE_IDS + +OID 1.2.840.113549.1.12.5.1.1 +TAG pbeWithSha1And128BitRC4 +EXPL "PKCS #12 OIDs PBE with SHA-1 and 128-bit RC4 (XXX)" +CKM CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4 +# We called it SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4 + +OID 1.2.840.113549.1.12.5.1.2 +TAG pbeWithSha1And40BitRC4 +EXPL "PKCS #12 OIDs PBE with SHA-1 and 40-bit RC4 (XXX)" +CKM CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4 +# We called it SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4 + +OID 1.2.840.113549.1.12.5.1.3 +TAG pbeWithSha1AndTripleDES-CBC +EXPL "PKCS #12 OIDs PBE with SHA-1 and Triple DES-CBC (XXX)" +CKM CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC +# We called it SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC + +OID 1.2.840.113549.1.12.5.1.4 +TAG pbeWithSha1And128BitRC2-CBC +EXPL "PKCS #12 OIDs PBE with SHA-1 and 128-bit RC2-CBC (XXX)" +CKM CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC +# We called it SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC + +OID 1.2.840.113549.1.12.5.1.5 +TAG pbeWithSha1And40BitRC2-CBC +EXPL "PKCS #12 OIDs PBE with SHA-1 and 40-bit RC2-CBC (XXX)" +CKM CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC +# We called it SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC + +OID 1.2.840.113549.1.12.5.2 +TAG pkcs-12EnvelopingIds +EXPL "PKCS #12 OIDs Enveloping IDs (XXX)" +# We called it SEC_OID_PKCS12_ENVELOPING_IDS + +OID 1.2.840.113549.1.12.5.2.1 +TAG rsaEncryptionWith128BitRC4 +EXPL "PKCS #12 OIDs Enveloping RSA Encryption with 128-bit RC4" +# We called it SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4 + +OID 1.2.840.113549.1.12.5.2.2 +TAG rsaEncryptionWith40BitRC4 +EXPL "PKCS #12 OIDs Enveloping RSA Encryption with 40-bit RC4" +# We called it SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4 + +OID 1.2.840.113549.1.12.5.2.3 +TAG rsaEncryptionWithTripleDES +EXPL "PKCS #12 OIDs Enveloping RSA Encryption with Triple DES" +# We called it SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES + +OID 1.2.840.113549.1.12.5.3 +TAG pkcs-12SignatureIds +EXPL "PKCS #12 OIDs Signature IDs (XXX)" +# We called it SEC_OID_PKCS12_SIGNATURE_IDS + +OID 1.2.840.113549.1.12.5.3.1 +TAG rsaSignatureWithSHA1Digest +EXPL "PKCS #12 OIDs RSA Signature with SHA-1 Digest" +# We called it SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST + +OID 1.2.840.113549.1.12.10 +TAG pkcs-12Version1 +EXPL "PKCS #12 Version 1" + +OID 1.2.840.113549.1.12.10.1 +TAG pkcs-12BagIds +EXPL "PKCS #12 Bag IDs" + +OID 1.2.840.113549.1.12.10.1.1 +TAG keyBag +EXPL "PKCS #12 Key Bag" +NAME NSS_OID_PKCS12_KEY_BAG +# We called it SEC_OID_PKCS12_V1_KEY_BAG_ID + +OID 1.2.840.113549.1.12.10.1.2 +TAG pkcs-8ShroudedKeyBag +EXPL "PKCS #12 PKCS #8-shrouded Key Bag" +NAME NSS_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG +# We called it SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID + +OID 1.2.840.113549.1.12.10.1.3 +TAG certBag +EXPL "PKCS #12 Certificate Bag" +NAME NSS_OID_PKCS12_CERT_BAG +# We called it SEC_OID_PKCS12_V1_CERT_BAG_ID + +OID 1.2.840.113549.1.12.10.1.4 +TAG crlBag +EXPL "PKCS #12 CRL Bag" +NAME NSS_OID_PKCS12_CRL_BAG +# We called it SEC_OID_PKCS12_V1_CRL_BAG_ID + +OID 1.2.840.113549.1.12.10.1.5 +TAG secretBag +EXPL "PKCS #12 Secret Bag" +NAME NSS_OID_PKCS12_SECRET_BAG +# We called it SEC_OID_PKCS12_V1_SECRET_BAG_ID + +OID 1.2.840.113549.1.12.10.1.6 +TAG safeContentsBag +EXPL "PKCS #12 Safe Contents Bag" +NAME NSS_OID_PKCS12_SAFE_CONTENTS_BAG +# We called it SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID + +OID 1.2.840.113549.2 +TAG digest +EXPL "RSA digest algorithm" + +OID 1.2.840.113549.2.2 +TAG md2 +EXPL "MD2" +NAME NSS_OID_MD2 +CKM CKM_MD2 + +OID 1.2.840.113549.2.4 +TAG md4 +EXPL "MD4" +NAME NSS_OID_MD4 +# No CKM + +OID 1.2.840.113549.2.5 +TAG md5 +EXPL "MD5" +NAME NSS_OID_MD5 +CKM CKM_MD5 + +OID 1.2.840.113549.3 +TAG cipher +EXPL "RSA cipher algorithm" + +OID 1.2.840.113549.3.2 +TAG rc2cbc +EXPL "RC2-CBC" +NAME NSS_OID_RC2_CBC +CKM_RC2_CBC + +OID 1.2.840.113549.3.4 +TAG rc4 +EXPL "RC4" +NAME NSS_OID_RC4 +CKM CKM_RC4 + +OID 1.2.840.113549.3.7 +TAG desede3cbc +EXPL "DES-EDE3-CBC" +NAME NSS_OID_DES_EDE3_CBC +CKM CKM_DES3_CBC + +OID 1.2.840.113549.3.9 +TAG rc5cbcpad +EXPL "RC5-CBCPad" +NAME NSS_OID_RC5_CBC_PAD +CKM CKM_RC5_CBC + +OID 1.2.840.113556 +TAG microsoft +EXPL "Microsoft" + +OID 1.2.840.113560 +TAG columbia-university +EXPL "Columbia University" + +OID 1.2.840.113572 +TAG unisys +EXPL "Unisys" + +OID 1.2.840.113658 +TAG xapia +EXPL "XAPIA" + +OID 1.2.840.113699 +TAG wordperfect +EXPL "WordPerfect" + +OID 1.3 +TAG identified-organization +EXPL "ISO identified organizations" + +OID 1.3.6 +TAG us-dod +EXPL "United States Department of Defense" + +OID 1.3.6.1 +TAG internet # See RFC 1065 +EXPL "The Internet" + +OID 1.3.6.1.1 +TAG directory +EXPL "Internet: Directory" + +OID 1.3.6.1.2 +TAG management +EXPL "Internet: Management" + +OID 1.3.6.1.3 +TAG experimental +EXPL "Internet: Experimental" + +OID 1.3.6.1.4 +TAG private +EXPL "Internet: Private" + +OID 1.3.6.1.5 +TAG security +EXPL "Internet: Security" + +OID 1.3.6.1.5.5 + +# RFC 2459: +# +# id-pkix OBJECT IDENTIFIER ::= +# { iso(1) identified-organization(3) dod(6) internet(1) +# security(5) mechanisms(5) pkix(7) } +OID 1.3.6.1.5.5.7 +TAG id-pkix +EXPL "Public Key Infrastructure" + +# RFC 2459: +# +# PKIX1Explicit88 {iso(1) identified-organization(3) dod(6) internet(1) +# security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit-88(1)} +OID 1.3.6.1.5.5.7.0.1 +TAG PKIX1Explicit88 +EXPL "RFC 2459 Explicitly Tagged Module, 1988 Syntax" + +# RFC 2459: +# +# PKIX1Implicit88 {iso(1) identified-organization(3) dod(6) internet(1) +# security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit-88(2)} +OID 1.3.6.1.5.5.7.0.2 +TAG PKIXImplicit88 +EXPL "RFC 2459 Implicitly Tagged Module, 1988 Syntax" + +# RFC 2459: +# +# PKIX1Explicit93 {iso(1) identified-organization(3) dod(6) internet(1) +# security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit-93(3)} +OID 1.3.6.1.5.5.7.0.3 +TAG PKIXExplicit93 +EXPL "RFC 2459 Explicitly Tagged Module, 1993 Syntax" + +# RFC 2459: +# +# id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } +# -- arc for private certificate extensions +OID 1.3.6.1.5.5.7.1 +TAG id-pe +EXPL "PKIX Private Certificate Extensions" + +# RFC 2459: +# +# id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } +OID 1.3.6.1.5.5.7.1.1 +TAG id-pe-authorityInfoAccess +EXPL "Certificate Authority Information Access" +NAME NSS_OID_X509_AUTH_INFO_ACCESS +CERT_EXTENSION SUPPORTED + +# RFC 2459: +# +# id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } +# -- arc for policy qualifier types +OID 1.3.6.1.5.5.7.2 +TAG id-qt +EXPL "PKIX Policy Qualifier Types" + +# RFC 2459: +# +# id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } +# -- OID for CPS qualifier +OID 1.3.6.1.5.5.7.2.1 +TAG id-qt-cps +EXPL "PKIX CPS Pointer Qualifier" +NAME NSS_OID_PKIX_CPS_POINTER_QUALIFIER + +# RFC 2459: +# +# id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } +# -- OID for user notice qualifier +OID 1.3.6.1.5.5.7.2.2 +TAG id-qt-unotice +EXPL "PKIX User Notice Qualifier" +NAME NSS_OID_PKIX_USER_NOTICE_QUALIFIER + +# RFC 2459: +# +# id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } +# -- arc for extended key purpose OIDS +OID 1.3.6.1.5.5.7.3 +TAG id-kp +EXPL "PKIX Key Purpose" + +# RFC 2459: +# +# id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } +OID 1.3.6.1.5.5.7.3.1 +TAG id-kp-serverAuth +EXPL "TLS Web Server Authentication Certificate" +NAME NSS_OID_EXT_KEY_USAGE_SERVER_AUTH + +# RFC 2459: +# +# id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } +OID 1.3.6.1.5.5.7.3.2 +TAG id-kp-clientAuth +EXPL "TLS Web Client Authentication Certificate" +NAME NSS_OID_EXT_KEY_USAGE_CLIENT_AUTH + +# RFC 2459: +# +# id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } +OID 1.3.6.1.5.5.7.3.3 +TAG id-kp-codeSigning +EXPL "Code Signing Certificate" +NAME NSS_OID_EXT_KEY_USAGE_CODE_SIGN + +# RFC 2459: +# +# id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } +OID 1.3.6.1.5.5.7.3.4 +TAG id-kp-emailProtection +EXPL "E-Mail Protection Certificate" +NAME NSS_OID_EXT_KEY_USAGE_EMAIL_PROTECTION + +# RFC 2459: +# +# id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 } +OID 1.3.6.1.5.5.7.3.5 +TAG id-kp-ipsecEndSystem +EXPL "IPSEC End System Certificate" +NAME NSS_OID_EXT_KEY_USAGE_IPSEC_END_SYSTEM + +# RFC 2459: +# +# id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 } +OID 1.3.6.1.5.5.7.3.6 +TAG id-kp-ipsecTunnel +EXPL "IPSEC Tunnel Certificate" +NAME NSS_OID_EXT_KEY_USAGE_IPSEC_TUNNEL + +# RFC 2459: +# +# id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 } +OID 1.3.6.1.5.5.7.3.7 +TAG id-kp-ipsecUser +EXPL "IPSEC User Certificate" +NAME NSS_OID_EXT_KEY_USAGE_IPSEC_USER + +# RFC 2459: +# +# id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } +OID 1.3.6.1.5.5.7.3.8 +TAG id-kp-timeStamping +EXPL "Time Stamping Certificate" +NAME NSS_OID_EXT_KEY_USAGE_TIME_STAMP + +OID 1.3.6.1.5.5.7.3.9 +TAG ocsp-responder +EXPL "OCSP Responder Certificate" +NAME NSS_OID_OCSP_RESPONDER + +OID 1.3.6.1.5.5.7.7 +TAG pkix-id-pkix + +OID 1.3.6.1.5.5.7.7.5 +TAG pkix-id-pkip + +OID 1.3.6.1.5.5.7.7.5.1 +TAG pkix-id-regctrl +EXPL "CRMF Registration Control" + +OID 1.3.6.1.5.5.7.7.5.1.1 +TAG regtoken +EXPL "CRMF Registration Control, Registration Token" +NAME NSS_OID_PKIX_REGCTRL_REGTOKEN + +OID 1.3.6.1.5.5.7.7.5.1.2 +TAG authenticator +EXPL "CRMF Registration Control, Registration Authenticator" +NAME NSS_OID_PKIX_REGCTRL_AUTHENTICATOR + +OID 1.3.6.1.5.5.7.7.5.1.3 +TAG pkipubinfo +EXPL "CRMF Registration Control, PKI Publication Info" +NAME NSS_OID_PKIX_REGCTRL_PKIPUBINFO + +OID 1.3.6.1.5.5.7.7.5.1.4 +TAG pki-arch-options +EXPL "CRMF Registration Control, PKI Archive Options" +NAME NSS_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS + +OID 1.3.6.1.5.5.7.7.5.1.5 +TAG old-cert-id +EXPL "CRMF Registration Control, Old Certificate ID" +NAME NSS_OID_PKIX_REGCTRL_OLD_CERT_ID + +OID 1.3.6.1.5.5.7.7.5.1.6 +TAG protocol-encryption-key +EXPL "CRMF Registration Control, Protocol Encryption Key" +NAME NSS_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY + +OID 1.3.6.1.5.5.7.7.5.2 +TAG pkix-id-reginfo +EXPL "CRMF Registration Info" + +OID 1.3.6.1.5.5.7.7.5.2.1 +TAG utf8-pairs +EXPL "CRMF Registration Info, UTF8 Pairs" +NAME NSS_OID_PKIX_REGINFO_UTF8_PAIRS + +OID 1.3.6.1.5.5.7.7.5.2.2 +TAG cert-request +EXPL "CRMF Registration Info, Certificate Request" +NAME NSS_OID_PKIX_REGINFO_CERT_REQUEST + +# RFC 2549: +# +# id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } +# -- arc for access descriptors +OID 1.3.6.1.5.5.7.48 +TAG id-ad +EXPL "PKIX Access Descriptors" + +# RFC 2549: +# +# id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } +OID 1.3.6.1.5.5.7.48.1 +TAG id-ad-ocsp +EXPL "PKIX Online Certificate Status Protocol" +NAME NSS_OID_OID_PKIX_OCSP + +OID 1.3.6.1.5.5.7.48.1.1 +TAG basic-response +EXPL "OCSP Basic Response" +NAME NSS_OID_PKIX_OCSP_BASIC_RESPONSE + +OID 1.3.6.1.5.5.7.48.1.2 +TAG nonce-extension +EXPL "OCSP Nonce Extension" +NAME NSS_OID_PKIX_OCSP_NONCE + +OID 1.3.6.1.5.5.7.48.1.3 +TAG response +EXPL "OCSP Response Types Extension" +NAME NSS_OID_PKIX_OCSP_RESPONSE + +OID 1.3.6.1.5.5.7.48.1.4 +TAG crl +EXPL "OCSP CRL Reference Extension" +NAME NSS_OID_PKIX_OCSP_CRL + +OID 1.3.6.1.5.5.7.48.1.5 +TAG no-check +EXPL "OCSP No Check Extension" +NAME NSS_OID_X509_OCSP_NO_CHECK # X509_... ? + +OID 1.3.6.1.5.5.7.48.1.6 +TAG archive-cutoff +EXPL "OCSP Archive Cutoff Extension" +NAME NSS_OID_PKIX_OCSP_ARCHIVE_CUTOFF + +OID 1.3.6.1.5.5.7.48.1.7 +TAG service-locator +EXPL "OCSP Service Locator Extension" +NAME NSS_OID_PKIX_OCSP_SERVICE_LOCATOR + +# RFC 2549: +# +# id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } +OID 1.3.6.1.5.5.7.48.2 +TAG id-ad-caIssuers +EXPL "Certificate Authority Issuers" + +OID 1.3.6.1.6 +TAG snmpv2 +EXPL "Internet: SNMPv2" + +OID 1.3.6.1.7 +TAG mail +EXPL "Internet: mail" + +OID 1.3.6.1.7.1 +TAG mime-mhs +EXPL "Internet: mail MIME mhs" + +OID 1.3.12 +TAG ecma +EXPL "European Computers Manufacturing Association" + +OID 1.3.14 +TAG oiw +EXPL "Open Systems Implementors Workshop" + +OID 1.3.14.3 secsig +TAG secsig +EXPL "Open Systems Implementors Workshop Security Special Interest Group" + +OID 1.3.14.3.1 +TAG oIWSECSIGAlgorithmObjectIdentifiers +EXPL "OIW SECSIG Algorithm OIDs" + +OID 1.3.14.3.2 +TAG algorithm +EXPL "OIW SECSIG Algorithm" + +OID 1.3.14.3.2.6 +TAG desecb +EXPL "DES-ECB" +NAME NSS_OID_DES_ECB +CKM CKM_DES_ECB + +OID 1.3.14.3.2.7 +TAG descbc +EXPL "DES-CBC" +NAME NSS_OID_DES_CBC +CKM CKM_DES_CBC + +OID 1.3.14.3.2.8 +TAG desofb +EXPL "DES-OFB" +NAME NSS_OID_DES_OFB +# No CKM.. + +OID 1.3.14.3.2.9 +TAG descfb +EXPL "DES-CFB" +NAME NSS_OID_DES_CFB +# No CKM.. + +OID 1.3.14.3.2.10 +TAG desmac +EXPL "DES-MAC" +NAME NSS_OID_DES_MAC +CKM CKM_DES_MAC + +OID 1.3.14.3.2.15 +TAG isoSHAWithRSASignature +EXPL "ISO SHA with RSA Signature" +NAME NSS_OID_ISO_SHA_WITH_RSA_SIGNATURE +# No CKM.. + +OID 1.3.14.3.2.17 +TAG desede +EXPL "DES-EDE" +NAME NSS_OID_DES_EDE +# No CKM.. + +OID 1.3.14.3.2.26 +TAG sha1 +EXPL "SHA-1" +NAME NSS_OID_SHA1 +CKM CKM_SHA_1 + +OID 1.3.14.3.2.27 +TAG bogusDSASignatureWithSHA1Digest +EXPL "Forgezza DSA Signature with SHA-1 Digest" +NAME NSS_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST +CKM CKM_DSA_SHA1 + +OID 1.3.14.3.3 +TAG authentication-mechanism +EXPL "OIW SECSIG Authentication Mechanisms" + +OID 1.3.14.3.4 +TAG security-attribute +EXPL "OIW SECSIG Security Attributes" + +OID 1.3.14.3.5 +TAG document-definition +EXPL "OIW SECSIG Document Definitions used in security" + +OID 1.3.14.7 +TAG directory-services-sig +EXPL "OIW directory services sig" + +OID 1.3.16 +TAG ewos +EXPL "European Workshop on Open Systems" + +OID 1.3.22 +TAG osf +EXPL "Open Software Foundation" + +OID 1.3.23 +TAG nordunet +EXPL "Nordunet" + +OID 1.3.26 +TAG nato-id-org +EXPL "NATO identified organisation" + +OID 1.3.36 +TAG teletrust +EXPL "Teletrust" + +OID 1.3.52 +TAG smpte +EXPL "Society of Motion Picture and Television Engineers" + +OID 1.3.69 +TAG sita +EXPL "Societe Internationale de Telecommunications Aeronautiques" + +OID 1.3.90 +TAG iana +EXPL "Internet Assigned Numbers Authority" + +OID 1.3.101 +TAG thawte +EXPL "Thawte" + +OID 2 +TAG joint-iso-ccitt +EXPL "Joint ISO/ITU-T assignment" + +OID 2.0 +TAG presentation +EXPL "Joint ISO/ITU-T Presentation" + +OID 2.1 +TAG asn-1 +EXPL "Abstract Syntax Notation One" + +OID 2.2 +TAG acse +EXPL "Association Control" + +OID 2.3 +TAG rtse +EXPL "Reliable Transfer" + +OID 2.4 +TAG rose +EXPL "Remote Operations" + +OID 2.5 +TAG x500 +EXPL "Directory" + +OID 2.5.1 +TAG modules +EXPL "X.500 modules" + +OID 2.5.2 +TAG service-environment +EXPL "X.500 service environment" + +OID 2.5.3 +TAG application-context +EXPL "X.500 application context" + +# RFC 2459: +# +# id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} +OID 2.5.4 +TAG id-at +EXPL "X.520 attribute types" + +# RFC 2459: +# +# id-at-commonName AttributeType ::= {id-at 3} +OID 2.5.4.3 +TAG id-at-commonName +EXPL "X.520 Common Name" +NAME NSS_OID_X520_COMMON_NAME +ATTR "cn" + +# RFC 2459: +# +# id-at-surname AttributeType ::= {id-at 4} +OID 2.5.4.4 +TAG id-at-surname +EXPL "X.520 Surname" +NAME NSS_OID_X520_SURNAME +ATTR "sn" + +# RFC 2459: +# +# id-at-countryName AttributeType ::= {id-at 6} +OID 2.5.4.6 +TAG id-at-countryName +EXPL "X.520 Country Name" +NAME NSS_OID_X520_COUNTRY_NAME +ATTR "c" + +# RFC 2459: +# +# id-at-localityName AttributeType ::= {id-at 7} +OID 2.5.4.7 +TAG id-at-localityName +EXPL "X.520 Locality Name" +NAME NSS_OID_X520_LOCALITY_NAME +ATTR "l" + +# RFC 2459: +# +# id-at-stateOrProvinceName AttributeType ::= {id-at 8} +OID 2.5.4.8 +TAG id-at-stateOrProvinceName +EXPL "X.520 State or Province Name" +NAME NSS_OID_X520_STATE_OR_PROVINCE_NAME +ATTR "s" + +# RFC 2459: +# +# id-at-organizationName AttributeType ::= {id-at 10} +OID 2.5.4.10 +TAG id-at-organizationName +EXPL "X.520 Organization Name" +NAME NSS_OID_X520_ORGANIZATION_NAME +ATTR "o" + +# RFC 2459: +# +# id-at-organizationalUnitName AttributeType ::= {id-at 11} +OID 2.5.4.11 +TAG id-at-organizationalUnitName +EXPL "X.520 Organizational Unit Name" +NAME NSS_OID_X520_ORGANIZATIONAL_UNIT_NAME +ATTR "ou" + +# RFC 2459: +# +# id-at-title AttributeType ::= {id-at 12} +OID 2.5.4.12 +TAG id-at-title +EXPL "X.520 Title" +NAME NSS_OID_X520_TITLE +ATTR "title" + +# RFC 2459: +# +# id-at-name AttributeType ::= {id-at 41} +OID 2.5.4.41 +TAG id-at-name +EXPL "X.520 Name" +NAME NSS_OID_X520_NAME +ATTR "name" + +# RFC 2459: +# +# id-at-givenName AttributeType ::= {id-at 42} +OID 2.5.4.42 +TAG id-at-givenName +EXPL "X.520 Given Name" +NAME NSS_OID_X520_GIVEN_NAME +ATTR "givenName" + +# RFC 2459: +# +# id-at-initials AttributeType ::= {id-at 43} +OID 2.5.4.43 +TAG id-at-initials +EXPL "X.520 Initials" +NAME NSS_OID_X520_INITIALS +ATTR "initials" + +# RFC 2459: +# +# id-at-generationQualifier AttributeType ::= {id-at 44} +OID 2.5.4.44 +TAG id-at-generationQualifier +EXPL "X.520 Generation Qualifier" +NAME NSS_OID_X520_GENERATION_QUALIFIER +ATTR "generationQualifier" + +# RFC 2459: +# +# id-at-dnQualifier AttributeType ::= {id-at 46} +OID 2.5.4.46 +TAG id-at-dnQualifier +EXPL "X.520 DN Qualifier" +NAME NSS_OID_X520_DN_QUALIFIER +ATTR "dnQualifier" + +OID 2.5.5 +TAG attribute-syntax +EXPL "X.500 attribute syntaxes" + +OID 2.5.6 +TAG object-classes +EXPL "X.500 standard object classes" + +OID 2.5.7 +TAG attribute-set +EXPL "X.500 attribute sets" + +OID 2.5.8 +TAG algorithms +EXPL "X.500-defined algorithms" + +OID 2.5.8.1 +TAG encryption +EXPL "X.500-defined encryption algorithms" + +OID 2.5.8.1.1 +TAG rsa +EXPL "RSA Encryption Algorithm" +NAME NSS_OID_X500_RSA_ENCRYPTION +CKM CKM_RSA_X_509 + +OID 2.5.9 +TAG abstract-syntax +EXPL "X.500 abstract syntaxes" + +OID 2.5.12 +TAG operational-attribute +EXPL "DSA Operational Attributes" + +OID 2.5.13 +TAG matching-rule +EXPL "Matching Rule" + +OID 2.5.14 +TAG knowledge-matching-rule +EXPL "X.500 knowledge Matching Rules" + +OID 2.5.15 +TAG name-form +EXPL "X.500 name forms" + +OID 2.5.16 +TAG group +EXPL "X.500 groups" + +OID 2.5.17 +TAG subentry +EXPL "X.500 subentry" + +OID 2.5.18 +TAG operational-attribute-type +EXPL "X.500 operational attribute type" + +OID 2.5.19 +TAG operational-binding +EXPL "X.500 operational binding" + +OID 2.5.20 +TAG schema-object-class +EXPL "X.500 schema Object class" + +OID 2.5.21 +TAG schema-operational-attribute +EXPL "X.500 schema operational attributes" + +OID 2.5.23 +TAG administrative-role +EXPL "X.500 administrative roles" + +OID 2.5.24 +TAG access-control-attribute +EXPL "X.500 access control attribute" + +OID 2.5.25 +TAG ros +EXPL "X.500 ros object" + +OID 2.5.26 +TAG contract +EXPL "X.500 contract" + +OID 2.5.27 +TAG package +EXPL "X.500 package" + +OID 2.5.28 +TAG access-control-schema +EXPL "X.500 access control schema" + +# RFC 2459: +# +# id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} +OID 2.5.29 +TAG id-ce +EXPL "X.500 Certificate Extension" + +OID 2.5.29.5 +TAG subject-directory-attributes +EXPL "Certificate Subject Directory Attributes" +NAME NSS_OID_X509_SUBJECT_DIRECTORY_ATTR +CERT_EXTENSION UNSUPPORTED + +# RFC 2459: +# +# id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } +OID 2.5.29.9 +TAG id-ce-subjectDirectoryAttributes +EXPL "Certificate Subject Directory Attributes" +NAME NSS_OID_X509_SUBJECT_DIRECTORY_ATTRIBUTES +CERT_EXTENSION UNSUPPORTED + +# RFC 2459: +# +# id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } +OID 2.5.29.14 +TAG id-ce-subjectKeyIdentifier +EXPL "Certificate Subject Key ID" +NAME NSS_OID_X509_SUBJECT_KEY_ID +CERT_EXTENSION SUPPORTED + +# RFC 2459: +# +# id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } +OID 2.5.29.15 +TAG id-ce-keyUsage +EXPL "Certificate Key Usage" +NAME NSS_OID_X509_KEY_USAGE +CERT_EXTENSION SUPPORTED +# We called it PKCS12_KEY_USAGE + +# RFC 2459: +# +# id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 } +OID 2.5.29.16 +TAG id-ce-privateKeyUsagePeriod +EXPL "Certificate Private Key Usage Period" +NAME NSS_OID_X509_PRIVATE_KEY_USAGE_PERIOD +CERT_EXTENSION UNSUPPORTED + +# RFC 2459: +# +# id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } +OID 2.5.29.17 +TAG id-ce-subjectAltName +EXPL "Certificate Subject Alternate Name" +NAME NSS_OID_X509_SUBJECT_ALT_NAME +CERT_EXTENSION SUPPORTED + +# RFC 2459: +# +# id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } +OID 2.5.29.18 +TAG id-ce-issuerAltName +EXPL "Certificate Issuer Alternate Name" +NAME NSS_OID_X509_ISSUER_ALT_NAME +CERT_EXTENSION UNSUPPORTED + +# RFC 2459: +# +# id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } +OID 2.5.29.19 +TAG id-ce-basicConstraints +EXPL "Certificate Basic Constraints" +NAME NSS_OID_X509_BASIC_CONSTRAINTS +CERT_EXTENSION SUPPORTED + +# RFC 2459: +# +# id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } +OID 2.5.29.20 +TAG id-ce-cRLNumber +EXPL "CRL Number" +NAME NSS_OID_X509_CRL_NUMBER +CERT_EXTENSION SUPPORTED + +# RFC 2459: +# +# id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 } +OID 2.5.29.21 +TAG id-ce-cRLReasons +EXPL "CRL Reason Code" +NAME NSS_OID_X509_REASON_CODE +CERT_EXTENSION SUPPORTED + +# RFC 2459: +# +# id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 } +OID 2.5.29.23 +TAG id-ce-holdInstructionCode +EXPL "Hold Instruction Code" +NAME NSS_OID_X509_HOLD_INSTRUCTION_CODE +CERT_EXTENSION UNSUPPORTED + +# RFC 2459: +# +# id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 } +OID 2.5.29.24 +TAG id-ce-invalidityDate +EXPL "Invalid Date" +NAME NSS_OID_X509_INVALID_DATE +CERT_EXTENSION SUPPORTED + +# RFC 2459: +# +# id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 } +OID 2.5.29.27 +TAG id-ce-deltaCRLIndicator +EXPL "Delta CRL Indicator" +NAME NSS_OID_X509_DELTA_CRL_INDICATOR +CERT_EXTENSION UNSUPPORTED + +# RFC 2459: +# +# id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 } +OID 2.5.29.28 +TAG id-ce-issuingDistributionPoint +EXPL "Issuing Distribution Point" +NAME NSS_OID_X509_ISSUING_DISTRIBUTION_POINT +CERT_EXTENSION UNSUPPORTED + +# RFC 2459: +# +# id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 } +OID 2.5.29.29 +TAG id-ce-certificateIssuer +EXPL "Certificate Issuer" +NAME NSS_OID_X509_CERTIFICATE_ISSUER +CERT_EXTENSION UNSUPPORTED + +# RFC 2459: +# +# id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } +OID 2.5.29.30 +TAG id-ce-nameConstraints +EXPL "Certificate Name Constraints" +NAME NSS_OID_X509_NAME_CONSTRAINTS +CERT_EXTENSION SUPPORTED + +# RFC 2459: +# +# id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31} +OID 2.5.29.31 +TAG id-ce-cRLDistributionPoints +EXPL "CRL Distribution Points" +NAME NSS_OID_X509_CRL_DIST_POINTS +CERT_EXTENSION UNSUPPORTED + +# RFC 2459: +# +# id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } +OID 2.5.29.32 +TAG id-ce-certificatePolicies +EXPL "Certificate Policies" +NAME NSS_OID_X509_CERTIFICATE_POLICIES +CERT_EXTENSION UNSUPPORTED + +# RFC 2459: +# +# id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } +OID 2.5.29.33 +TAG id-ce-policyMappings +EXPL "Certificate Policy Mappings" +NAME NSS_OID_X509_POLICY_MAPPINGS +CERT_EXTENSION UNSUPPORTED + +OID 2.5.29.34 +TAG policy-constraints +EXPL "Certificate Policy Constraints (old)" +CERT_EXTENSION UNSUPPORTED + +# RFC 2459: +# +# id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } +OID 2.5.29.35 +TAG id-ce-authorityKeyIdentifier +EXPL "Certificate Authority Key Identifier" +NAME NSS_OID_X509_AUTH_KEY_ID +CERT_EXTENSION SUPPORTED + +# RFC 2459: +# +# id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } +OID 2.5.29.36 +TAG id-ce-policyConstraints +EXPL "Certificate Policy Constraints" +NAME NSS_OID_X509_POLICY_CONSTRAINTS +CERT_EXTENSION SUPPORTED + +# RFC 2459: +# +# id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37} +OID 2.5.29.37 +TAG id-ce-extKeyUsage +EXPL "Extended Key Usage" +NAME NSS_OID_X509_EXT_KEY_USAGE +CERT_EXTENSION SUPPORTED + +OID 2.5.30 +TAG id-mgt +EXPL "X.500 Management Object" + +OID 2.6 +TAG x400 +EXPL "X.400 MHS" + +OID 2.7 +TAG ccr +EXPL "Committment, Concurrency and Recovery" + +OID 2.8 +TAG oda +EXPL "Office Document Architecture" + +OID 2.9 +TAG osi-management +EXPL "OSI management" + +OID 2.10 +TAG tp +EXPL "Transaction Processing" + +OID 2.11 +TAG dor +EXPL "Distinguished Object Reference" + +OID 2.12 +TAG rdt +EXPL "Referenced Data Transfer" + +OID 2.13 +TAG nlm +EXPL "Network Layer Management" + +OID 2.14 +TAG tlm +EXPL "Transport Layer Management" + +OID 2.15 +TAG llm +EXPL "Link Layer Management" + +OID 2.16 +TAG country +EXPL "Country Assignments" + +OID 2.16.124 +TAG canada +EXPL "Canada" + +OID 2.16.158 +TAG taiwan +EXPL "Taiwan" + +OID 2.16.578 +TAG norway +EXPL "Norway" + +OID 2.16.756 +TAG switzerland +EXPL "Switzerland" + +OID 2.16.840 +TAG us +EXPL "United States" + +OID 2.16.840.1 +TAG us-company +EXPL "United States Company" + +OID 2.16.840.1.101 +TAG us-government +EXPL "United States Government (1.101)" + +OID 2.16.840.1.101.2 +TAG us-dod +EXPL "United States Department of Defense" + +OID 2.16.840.1.101.2.1 +TAG id-infosec +EXPL "US DOD Infosec" + +OID 2.16.840.1.101.2.1.0 +TAG id-modules +EXPL "US DOD Infosec modules" + +OID 2.16.840.1.101.2.1.1 +TAG id-algorithms +EXPL "US DOD Infosec algorithms (MISSI)" + +OID 2.16.840.1.101.2.1.1.2 +TAG old-dss +EXPL "MISSI DSS Algorithm (Old)" +NAME NSS_OID_MISSI_DSS_OLD + +# This is labeled as "### mwelch temporary" +# Is it official?? XXX fgmr +OID 2.16.840.1.101.2.1.1.4 +TAG skipjack-cbc-64 +EXPL "Skipjack CBC64" +NAME NSS_OID_FORTEZZA_SKIPJACK +CKM CKM_SKIPJACK_CBC64 + +OID 2.16.840.1.101.2.1.1.10 +TAG kea +EXPL "MISSI KEA Algorithm" +NAME NSS_OID_MISSI_KEA + +OID 2.16.840.1.101.2.1.1.12 +TAG old-kea-dss +EXPL "MISSI KEA and DSS Algorithm (Old)" +NAME NSS_OID_MISSI_KEA_DSS_OLD + +OID 2.16.840.1.101.2.1.1.19 +TAG dss +EXPL "MISSI DSS Algorithm" +NAME NSS_OID_MISSI_DSS + +OID 2.16.840.1.101.2.1.1.20 +TAG kea-dss +EXPL "MISSI KEA and DSS Algorithm" +NAME NSS_OID_MISSI_KEA_DSS + +OID 2.16.840.1.101.2.1.1.22 +TAG alt-kea +EXPL "MISSI Alternate KEA Algorithm" +NAME NSS_OID_MISSI_ALT_KEY + +OID 2.16.840.1.101.2.1.2 +TAG id-formats +EXPL "US DOD Infosec formats" + +OID 2.16.840.1.101.2.1.3 +TAG id-policy +EXPL "US DOD Infosec policy" + +OID 2.16.840.1.101.2.1.4 +TAG id-object-classes +EXPL "US DOD Infosec object classes" + +OID 2.16.840.1.101.2.1.5 +TAG id-attributes +EXPL "US DOD Infosec attributes" + +OID 2.16.840.1.101.2.1.6 +TAG id-attribute-syntax +EXPL "US DOD Infosec attribute syntax" + +OID 2.16.840.1.113730 +# The Netscape OID space +TAG netscape +EXPL "Netscape Communications Corp." + +OID 2.16.840.1.113730.1 +TAG cert-ext +EXPL "Netscape Cert Extensions" + +OID 2.16.840.1.113730.1.1 +TAG cert-type +EXPL "Certificate Type" +NAME NSS_OID_NS_CERT_EXT_CERT_TYPE +CERT_EXTENSION SUPPORTED + +OID 2.16.840.1.113730.1.2 +TAG base-url +EXPL "Certificate Extension Base URL" +NAME NSS_OID_NS_CERT_EXT_BASE_URL +CERT_EXTENSION SUPPORTED + +OID 2.16.840.1.113730.1.3 +TAG revocation-url +EXPL "Certificate Revocation URL" +NAME NSS_OID_NS_CERT_EXT_REVOCATION_URL +CERT_EXTENSION SUPPORTED + +OID 2.16.840.1.113730.1.4 +TAG ca-revocation-url +EXPL "Certificate Authority Revocation URL" +NAME NSS_OID_NS_CERT_EXT_CA_REVOCATION_URL +CERT_EXTENSION SUPPORTED + +OID 2.16.840.1.113730.1.5 +TAG ca-crl-download-url +EXPL "Certificate Authority CRL Download URL" +NAME NSS_OID_NS_CERT_EXT_CA_CRL_URL +CERT_EXTENSION UNSUPPORTED + +OID 2.16.840.1.113730.1.6 +TAG ca-cert-url +EXPL "Certificate Authority Certificate Download URL" +NAME NSS_OID_NS_CERT_EXT_CA_CERT_URL +CERT_EXTENSION UNSUPPORTED + +OID 2.16.840.1.113730.1.7 +TAG renewal-url +EXPL "Certificate Renewal URL" +NAME NSS_OID_NS_CERT_EXT_CERT_RENEWAL_URL +CERT_EXTENSION SUPPORTED + +OID 2.16.840.1.113730.1.8 +TAG ca-policy-url +EXPL "Certificate Authority Policy URL" +NAME NSS_OID_NS_CERT_EXT_CA_POLICY_URL +CERT_EXTENSION SUPPORTED + +OID 2.16.840.1.113730.1.9 +TAG homepage-url +EXPL "Certificate Homepage URL" +NAME NSS_OID_NS_CERT_EXT_HOMEPAGE_URL +CERT_EXTENSION UNSUPPORTED + +OID 2.16.840.1.113730.1.10 +TAG entity-logo +EXPL "Certificate Entity Logo" +NAME NSS_OID_NS_CERT_EXT_ENTITY_LOGO +CERT_EXTENSION UNSUPPORTED + +OID 2.16.840.1.113730.1.11 +TAG user-picture +EXPL "Certificate User Picture" +NAME NSS_OID_NS_CERT_EXT_USER_PICTURE +CERT_EXTENSION UNSUPPORTED + +OID 2.16.840.1.113730.1.12 +TAG ssl-server-name +EXPL "Certificate SSL Server Name" +NAME NSS_OID_NS_CERT_EXT_SSL_SERVER_NAME +CERT_EXTENSION SUPPORTED + +OID 2.16.840.1.113730.1.13 +TAG comment +EXPL "Certificate Comment" +NAME NSS_OID_NS_CERT_EXT_COMMENT +CERT_EXTENSION SUPPORTED + +OID 2.16.840.1.113730.1.14 +TAG thayes +EXPL "" +NAME NSS_OID_NS_CERT_EXT_THAYES +CERT_EXTENSION SUPPORTED + +OID 2.16.840.1.113730.2 +TAG data-type +EXPL "Netscape Data Types" + +OID 2.16.840.1.113730.2.1 +TAG gif +EXPL "image/gif" +NAME NSS_OID_NS_TYPE_GIF + +OID 2.16.840.1.113730.2.2 +TAG jpeg +EXPL "image/jpeg" +NAME NSS_OID_NS_TYPE_JPEG + +OID 2.16.840.1.113730.2.3 +TAG url +EXPL "URL" +NAME NSS_OID_NS_TYPE_URL + +OID 2.16.840.1.113730.2.4 +TAG html +EXPL "text/html" +NAME NSS_OID_NS_TYPE_HTML + +OID 2.16.840.1.113730.2.5 +TAG cert-sequence +EXPL "Certificate Sequence" +NAME NSS_OID_NS_TYPE_CERT_SEQUENCE + +OID 2.16.840.1.113730.3 +# The Netscape Directory OID space +TAG directory +EXPL "Netscape Directory" + +OID 2.16.840.1.113730.4 +TAG policy +EXPL "Netscape Policy Type OIDs" + +OID 2.16.840.1.113730.4.1 +TAG export-approved +EXPL "Strong Crypto Export Approved" +NAME NSS_OID_NS_KEY_USAGE_GOVT_APPROVED +CERT_EXTENSION UNSUPPORTED + +OID 2.16.840.1.113730.5 +TAG cert-server +EXPL "Netscape Certificate Server" + +OID 2.16.840.1.113730.5.1 + +OID 2.16.840.1.113730.5.1.1 +TAG recovery-request +EXPL "Netscape Cert Server Recovery Request" +NAME NSS_OID_NETSCAPE_RECOVERY_REQUEST + +OID 2.16.840.1.113730.6 +TAG algs +EXPL "Netscape algorithm OIDs" + +OID 2.16.840.1.113730.6.1 +TAG smime-kea +EXPL "Netscape S/MIME KEA" +NAME NSS_OID_NETSCAPE_SMIME_KEA + +OID 2.16.840.1.113730.7 +TAG name-components +EXPL "Netscape Name Components" + +OID 2.16.840.1.113730.7.1 +TAG nickname +EXPL "Netscape Nickname" +NAME NSS_OID_NETSCAPE_NICKNAME + +OID 2.16.840.1.113733 +TAG verisign +EXPL "Verisign" + +OID 2.16.840.1.113733.1 + +OID 2.16.840.1.113733.1.7 + +OID 2.16.840.1.113733.1.7.1 + +OID 2.16.840.1.113733.1.7.1.1 +TAG verisign-user-notices +EXPL "Verisign User Notices" +NAME NSS_OID_VERISIGN_USER_NOTICES + +OID 2.16.840.101 +TAG us-government +EXPL "US Government (101)" + +OID 2.16.840.102 +TAG us-government2 +EXPL "US Government (102)" + +OID 2.16.840.11370 +TAG old-netscape +EXPL "Netscape Communications Corp. (Old)" + +OID 2.16.840.11370.1 +TAG ns-cert-ext +EXPL "Netscape Cert Extensions (Old NS)" + +OID 2.16.840.11370.1.1 +TAG netscape-ok +EXPL "Netscape says this cert is ok (Old NS)" +NAME NSS_OID_NS_CERT_EXT_NETSCAPE_OK +CERT_EXTENSION UNSUPPORTED + +OID 2.16.840.11370.1.2 +TAG issuer-logo +EXPL "Certificate Issuer Logo (Old NS)" +NAME NSS_OID_NS_CERT_EXT_ISSUER_LOGO +CERT_EXTENSION UNSUPPORTED + +OID 2.16.840.11370.1.3 +TAG subject-logo +EXPL "Certificate Subject Logo (Old NS)" +NAME NSS_OID_NS_CERT_EXT_SUBJECT_LOGO +CERT_EXTENSION UNSUPPORTED + +OID 2.16.840.11370.2 +TAG ns-file-type +EXPL "Netscape File Type" + +OID 2.16.840.11370.3 +TAG ns-image-type +EXPL "Netscape Image Type" + +OID 2.17 +TAG registration-procedures +EXPL "Registration procedures" + +OID 2.18 +TAG physical-layer-management +EXPL "Physical layer Management" + +OID 2.19 +TAG mheg +EXPL "MHEG" + +OID 2.20 +TAG guls +EXPL "Generic Upper Layer Security" + +OID 2.21 +TAG tls +EXPL "Transport Layer Security Protocol" + +OID 2.22 +TAG nls +EXPL "Network Layer Security Protocol" + +OID 2.23 +TAG organization +EXPL "International organizations" diff --git a/security/nss/lib/pki1/pki1.h b/security/nss/lib/pki1/pki1.h new file mode 100644 index 000000000..62049efcc --- /dev/null +++ b/security/nss/lib/pki1/pki1.h @@ -0,0 +1,3032 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#ifndef PKI1_H +#define PKI1_H + +#ifdef DEBUG +static const char PKI1_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; +#endif /* DEBUG */ + +/* + * pki1.h + * + * This file contains the prototypes to the non-public NSS routines + * relating to the PKIX part-1 objects. + */ + +#ifndef PKI1T_H +#include "pki1t.h" +#endif /* PKI1T_H */ + +#ifndef NSSPKI1_H +#include "nsspki1.h" +#endif /* NSSPKI1_H */ + +PR_BEGIN_EXTERN_C + +/* fgmr 19990505 moved these here from oiddata.h */ +extern const nssAttributeTypeAliasTable nss_attribute_type_aliases[]; +extern const PRUint32 nss_attribute_type_alias_count; + +/* + * NSSOID + * + * The non-public "methods" regarding this "object" are: + * + * nssOID_CreateFromBER -- constructor + * nssOID_CreateFromUTF8 -- constructor + * (there is no explicit destructor) + * + * nssOID_GetDEREncoding + * nssOID_GetUTF8Encoding + * + * In debug builds, the following non-public calls are also available: + * + * nssOID_verifyPointer + * nssOID_getExplanation + * nssOID_getTaggedUTF8 + */ + +/* + * nssOID_CreateFromBER + * + * This routine creates an NSSOID by decoding a BER- or DER-encoded + * OID. It may return NSS_OID_UNKNOWN upon error, in which case it + * will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_BER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NSS_OID_UNKNOWN upon error + * An NSSOID upon success + */ + +NSS_EXTERN NSSOID * +nssOID_CreateFromBER +( + NSSBER *berOid +); + +extern const NSSError NSS_ERROR_INVALID_BER; +extern const NSSError NSS_ERROR_NO_MEMORY; + +/* + * nssOID_CreateFromUTF8 + * + * This routine creates an NSSOID by decoding a UTF8 string + * representation of an OID in dotted-number format. The string may + * optionally begin with an octothorpe. It may return NSS_OID_UNKNOWN + * upon error, in which case it will have set an error on the error + * stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_UTF8 + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NSS_OID_UNKNOWN upon error + * An NSSOID upon success + */ + +NSS_EXTERN NSSOID * +nssOID_CreateFromUTF8 +( + NSSUTF8 *stringOid +); + +extern const NSSError NSS_ERROR_INVALID_UTF8; +extern const NSSError NSS_ERROR_NO_MEMORY; + +/* + * nssOID_GetDEREncoding + * + * This routine returns the DER encoding of the specified NSSOID. + * If the optional arena argument is non-null, the memory used will + * be obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return return null upon error, in + * which case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NSSOID + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * The DER encoding of this NSSOID + */ + +NSS_EXTERN NSSDER * +nssOID_GetDEREncoding +( + const NSSOID *oid, + NSSDER *rvOpt, + NSSArena *arenaOpt +); + +/* + * nssOID_GetUTF8Encoding + * + * This routine returns a UTF8 string containing the dotted-number + * encoding of the specified NSSOID. If the optional arena argument + * is non-null, the memory used will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. This routine + * may return null upon error, in which case it will have set an error + * on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NSSOID + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 string containing the dotted-digit encoding of + * this NSSOID + */ + +NSS_EXTERN NSSUTF8 * +nssOID_GetUTF8Encoding +( + const NSSOID *oid, + NSSArena *arenaOpt +); + +/* + * nssOID_verifyPointer + * + * This method is only present in debug builds. + * + * If the specified pointer is a valid poitner to an NSSOID object, + * this routine will return PR_SUCCESS. Otherwise, it will put an + * error on the error stack and return PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NSSOID + * + * Return value: + * PR_SUCCESS if the pointer is valid + * PR_FAILURE if it isn't + */ + +#ifdef DEBUG +NSS_EXTERN PRStatus +nssOID_verifyPointer +( + const NSSOID *oid +); + +extern const NSSError NSS_ERROR_INVALID_NSSOID; +#endif /* DEBUG */ + +/* + * nssOID_getExplanation + * + * This method is only present in debug builds. + * + * This routine will return a static pointer to a UTF8-encoded string + * describing (in English) the specified OID. The memory pointed to + * by the return value is not owned by the caller, and should not be + * freed or modified. Note that explanations are only provided for + * the OIDs built into the NSS library; there is no way to specify an + * explanation for dynamically created OIDs. This routine is intended + * only for use in debugging tools such as "derdump." This routine + * may return null upon error, in which case it will have placed an + * error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NSSOID + * + * Return value: + * NULL upon error + * A static pointer to a readonly, non-caller-owned UTF8-encoded + * string explaining the specified OID. + */ + +#ifdef DEBUG +NSS_EXTERN const char * +nssOID_getExplanation +( + NSSOID *oid +); + +extern const NSSError NSS_ERROR_INVALID_NSSOID; +#endif /* DEBUG */ + +/* + * nssOID_getTaggedUTF8 + * + * This method is only present in debug builds. + * + * This routine will return a pointer to a caller-owned UTF8-encoded + * string containing a tagged encoding of the specified OID. Note + * that OID (component) tags are only provided for the OIDs built + * into the NSS library; there is no way to specify tags for + * dynamically created OIDs. This routine is intended for use in + * debugging tools such as "derdump." If the optional arena argument + * is non-null, the memory used will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. This routine + * may return return null upon error, in which case it will have set + * an error on the error stack. + * + * The error may be one of the following values + * NSS_ERROR_INVALID_NSSOID + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 string containing the tagged encoding of + * this NSSOID + */ + +#ifdef DEBUG +NSS_EXTERN NSSUTF8 * +nssOID_getTaggedUTF8 +( + NSSOID *oid, + NSSArena *arenaOpt +); + +extern const NSSError NSS_ERROR_INVALID_NSSOID; +extern const NSSError NSS_ERROR_NO_MEMORY; +#endif /* DEBUG */ + +/* + * NSSATAV + * + * The non-public "methods" regarding this "object" are: + * + * nssATAV_CreateFromBER -- constructor + * nssATAV_CreateFromUTF8 -- constructor + * nssATAV_Create -- constructor + * + * nssATAV_Destroy + * nssATAV_GetDEREncoding + * nssATAV_GetUTF8Encoding + * nssATAV_GetType + * nssATAV_GetValue + * nssATAV_Compare + * nssATAV_Duplicate + * + * In debug builds, the following non-public call is also available: + * + * nssATAV_verifyPointer + */ + +/* + * nssATAV_CreateFromBER + * + * This routine creates an NSSATAV by decoding a BER- or DER-encoded + * ATAV. If the optional arena argument is non-null, the memory used + * will be obtained from that arena; otherwise, the memory will be + * obtained from the heap. This routine may return NULL upon error, + * in which case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_BER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSATAV upon success + */ + +NSS_EXTERN NSSATAV * +nssATAV_CreateFromBER +( + NSSArena *arenaOpt, + const NSSBER *berATAV +); + +/* + * nssATAV_CreateFromUTF8 + * + * This routine creates an NSSATAV by decoding a UTF8 string in the + * "equals" format, e.g., "c=US." If the optional arena argument is + * non-null, the memory used will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. This routine + * may return NULL upon error, in which case it will have set an error + * on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_UNKNOWN_ATTRIBUTE + * NSS_ERROR_INVALID_UTF8 + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSATAV upon success + */ + +NSS_EXTERN NSSATAV * +nssATAV_CreateFromUTF8 +( + NSSArena *arenaOpt, + const NSSUTF8 *stringATAV +); + +/* + * nssATAV_Create + * + * This routine creates an NSSATAV from the specified NSSOID and the + * specified data. If the optional arena argument is non-null, the + * memory used will be obtained from that arena; otherwise, the memory + * will be obtained from the heap.If the specified data length is zero, + * the data is assumed to be terminated by first zero byte; this allows + * UTF8 strings to be easily specified. This routine may return NULL + * upon error, in which case it will have set an error on the error + * stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ARENA + * NSS_ERROR_INVALID_NSSOID + * NSS_ERROR_INVALID_POINTER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSATAV upon success + */ + +NSS_EXTERN NSSATAV * +nssATAV_Create +( + NSSArena *arenaOpt, + const NSSOID *oid, + const void *data, + PRUint32 length +); + +/* + * nssATAV_Destroy + * + * This routine will destroy an ATAV object. It should eventually be + * called on all ATAVs created without an arena. While it is not + * necessary to call it on ATAVs created within an arena, it is not an + * error to do so. This routine returns a PRStatus value; if + * successful, it will return PR_SUCCESS. If unsuccessful, it will + * set an error on the error stack and return PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * + * Return value: + * PR_FAILURE upon error + * PR_SUCCESS upon success + */ + +NSS_EXTERN PRStatus +nssATAV_Destroy +( + NSSATAV *atav +); + +/* + * nssATAV_GetDEREncoding + * + * This routine will DER-encode an ATAV object. If the optional arena + * argument is non-null, the memory used will be obtained from that + * arena; otherwise, the memory will be obtained from the heap. This + * routine may return null upon error, in which case it will have set + * an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * The DER encoding of this NSSATAV + */ + +NSS_EXTERN NSSDER * +nssATAV_GetDEREncoding +( + NSSATAV *atav, + NSSArena *arenaOpt +); + +/* + * nssATAV_GetUTF8Encoding + * + * This routine returns a UTF8 string containing a string + * representation of the ATAV in "equals" notation (e.g., "o=Acme"). + * If the optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return null upon error, in which + * case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 string containing the "equals" encoding of the + * ATAV + */ + +NSS_EXTERN NSSUTF8 * +nssATAV_GetUTF8Encoding +( + NSSATAV *atav, + NSSArena *arenaOpt +); + +/* + * nssATAV_GetType + * + * This routine returns the NSSOID corresponding to the attribute type + * in the specified ATAV. This routine may return NSS_OID_UNKNOWN + * upon error, in which case it will have set an error on the error + * stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * + * Return value: + * NSS_OID_UNKNOWN upon error + * An element of enum NSSOIDenum upon success + */ + +NSS_EXTERN const NSSOID * +nssATAV_GetType +( + NSSATAV *atav +); + +/* + * nssATAV_GetValue + * + * This routine returns a string containing the attribute value + * in the specified ATAV. If the optional arena argument is non-null, + * the memory used will be obtained from that arena; otherwise, the + * memory will be obtained from the heap. This routine may return + * NULL upon error, in which case it will have set an error upon the + * error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSItem containing the attribute value. + */ + +NSS_EXTERN NSSUTF8 * +nssATAV_GetValue +( + NSSATAV *atav, + NSSArena *arenaOpt +); + +/* + * nssATAV_Compare + * + * This routine compares two ATAVs for equality. For two ATAVs to be + * equal, the attribute types must be the same, and the attribute + * values must have equal length and contents. The result of the + * comparison will be stored at the location pointed to by the "equalp" + * variable, which must point to a valid PRBool. This routine may + * return PR_FAILURE upon error, in which case it will have set an + * error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_INVALID_ARGUMENT + * + * Return value: + * PR_FAILURE on error + * PR_SUCCESS upon a successful comparison (equal or not) + */ + +NSS_EXTERN PRStatus +nssATAV_Compare +( + NSSATAV *atav1, + NSSATAV *atav2, + PRBool *equalp +); + +/* + * nssATAV_Duplicate + * + * This routine duplicates the specified ATAV. If the optional arena + * argument is non-null, the memory required will be obtained from + * that arena; otherwise, the memory will be obtained from the heap. + * This routine may return NULL upon error, in which case it will have + * placed an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL on error + * A pointer to a new ATAV + */ + +NSS_EXTERN NSSATAV * +nssATAV_Duplicate +( + NSSATAV *atav, + NSSArena *arenaOpt +); + +/* + * nssATAV_verifyPointer + * + * This method is only present in debug builds. + * + * If the specified pointer is a valid pointer to an NSSATAV object, + * this routine will return PR_SUCCESS. Otherwise, it will put an + * error on the error stack and return PR_FAILRUE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NSSATAV + * NSS_ERROR_NO_MEMORY + * + * Return value: + * PR_SUCCESS if the pointer is valid + * PR_FAILURE if it isn't + */ + +#ifdef DEBUG +NSS_EXTERN PRStatus +nssATAV_verifyPointer +( + NSSATAV *atav +); +#endif /* DEBUG */ + +/* + * NSSRDN + * + * The non-public "methods" regarding this "object" are: + * + * nssRDN_CreateFromBER -- constructor + * nssRDN_CreateFromUTF8 -- constructor + * nssRDN_Create -- constructor + * nssRDN_CreateSimple -- constructor + * + * nssRDN_Destroy + * nssRDN_GetDEREncoding + * nssRDN_GetUTF8Encoding + * nssRDN_AddATAV + * nssRDN_GetATAVCount + * nssRDN_GetATAV + * nssRDN_GetSimpleATAV + * nssRDN_Compare + * nssRDN_Duplicate + */ + +/* + * nssRDN_CreateFromBER + * + * This routine creates an NSSRDN by decoding a BER- or DER-encoded + * RDN. If the optional arena argument is non-null, the memory used + * will be obtained from that arena; otherwise, the memory will be + * obtained from the heap. This routine may return NULL upon error, + * in which case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_BER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSRDN upon success + */ + +NSS_EXTERN NSSRDN * +nssRDN_CreateFromBER +( + NSSArena *arenaOpt, + NSSBER *berRDN +); + +/* + * nssRDN_CreateFromUTF8 + * + * This routine creates an NSSRDN by decoding an UTF8 string + * consisting of either a single ATAV in the "equals" format, e.g., + * "uid=smith," or one or more such ATAVs in parentheses, e.g., + * "(sn=Smith,ou=Sales)." If the optional arena argument is non-null, + * the memory used will be obtained from that arena; otherwise, the + * memory will be obtained from the heap. This routine may return + * NULL upon error, in which case it will have set an error on the + * error stack. + * + * The error may be one of the following values: + * NSS_ERROR_UNKNOWN_ATTRIBUTE + * NSS_ERROR_INVALID_UTF8 + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSRDN upon success + */ + +NSS_EXTERN NSSRDN * +nssRDN_CreateFromUTF8 +( + NSSArena *arenaOpt, + NSSUTF8 *stringRDN +); + +/* + * nssRDN_Create + * + * This routine creates an NSSRDN from one or more NSSATAVs. The + * final argument to this routine must be NULL. If the optional arena + * argument is non-null, the memory used will be obtained from that + * arena; otherwise, the memory will be obtained from the heap. This + * routine may return NULL upon error, in which case it will have set + * an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_NO_MEMORY + * NSS_ERROR_INVALID_ATAV + * + * Return value: + * NULL upon error + * A pointer to an NSSRDN upon success + */ + +NSS_EXTERN NSSRDN * +nssRDN_Create +( + NSSArena *arenaOpt, + NSSATAV *atav1, + ... +); + +/* + * nssRDN_CreateSimple + * + * This routine creates a simple NSSRDN from a single NSSATAV. If the + * optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return NULL upon error, in which + * case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_NO_MEMORY + * NSS_ERROR_INVALID_ATAV + * + * Return value: + * NULL upon error + * A pointer to an NSSRDN upon success + */ + +NSS_EXTERN NSSRDN * +nssRDN_CreateSimple +( + NSSArena *arenaOpt, + NSSATAV *atav +); + +/* + * nssRDN_Destroy + * + * This routine will destroy an RDN object. It should eventually be + * called on all RDNs created without an arena. While it is not + * necessary to call it on RDNs created within an arena, it is not an + * error to do so. This routine returns a PRStatus value; if + * successful, it will return PR_SUCCESS. If unsuccessful, it will + * set an error on the error stack and return PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDN + * + * Return value: + * PR_FAILURE upon failure + * PR_SUCCESS upon success + */ + +NSS_EXTERN PRStatus +nssRDN_Destroy +( + NSSRDN *rdn +); + +/* + * nssRDN_GetDEREncoding + * + * This routine will DER-encode an RDN object. If the optional arena + * argument is non-null, the memory used will be obtained from that + * arena; otherwise, the memory will be obtained from the heap. This + * routine may return null upon error, in which case it will have set + * an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDN + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * The DER encoding of this NSSRDN + */ + +NSS_EXTERN NSSDER * +nssRDN_GetDEREncoding +( + NSSRDN *rdn, + NSSArena *arenaOpt +); + +/* + * nssRDN_GetUTF8Encoding + * + * This routine returns a UTF8 string containing a string + * representation of the RDN. A simple (one-ATAV) RDN will be simply + * the string representation of that ATAV; a non-simple RDN will be in + * parenthesised form. If the optional arena argument is non-null, + * the memory used will be obtained from that arena; otherwise, the + * memory will be obtained from the heap. This routine may return + * null upon error, in which case it will have set an error on the + * error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDN + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 string + */ + +NSS_EXTERN NSSUTF8 * +nssRDN_GetUTF8Encoding +( + NSSRDN *rdn, + NSSArena *arenaOpt +); + +/* + * nssRDN_AddATAV + * + * This routine adds an ATAV to the set of ATAVs in the specified RDN. + * Remember that RDNs consist of an unordered set of ATAVs. If the + * RDN was created with a non-null arena argument, that same arena + * will be used for any additional required memory. If the RDN was + * created with a NULL arena argument, any additional memory will + * be obtained from the heap. This routine returns a PRStatus value; + * it will return PR_SUCCESS upon success, and upon failure it will + * set an error on the error stack and return PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDN + * NSS_ERROR_INVALID_ATAV + * NSS_ERROR_NO_MEMORY + * + * Return value: + * PR_SUCCESS upon success + * PR_FAILURE upon failure + */ + +NSS_EXTERN PRStatus +nssRDN_AddATAV +( + NSSRDN *rdn, + NSSATAV *atav +); + +/* + * nssRDN_GetATAVCount + * + * This routine returns the cardinality of the set of ATAVs within + * the specified RDN. This routine may return 0 upon error, in which + * case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDN + * + * Return value: + * 0 upon error + * A positive number upon success + */ + +NSS_EXTERN PRUint32 +nssRDN_GetATAVCount +( + NSSRDN *rdn +); + +/* + * nssRDN_GetATAV + * + * This routine returns a pointer to an ATAV that is a member of + * the set of ATAVs within the specified RDN. While the set of + * ATAVs within an RDN is unordered, this routine will return + * distinct values for distinct values of 'i' as long as the RDN + * is not changed in any way. The RDN may be changed by calling + * NSSRDN_AddATAV. The value of the variable 'i' is on the range + * [0,c) where c is the cardinality returned from NSSRDN_GetATAVCount. + * The caller owns the ATAV the pointer to which is returned. If the + * optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return NULL upon error, in which + * case it will have set an error upon the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDN + * NSS_ERROR_VALUE_OUT_OF_RANGE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSATAV + */ + +NSS_EXTERN NSSATAV * +nssRDN_GetATAV +( + NSSRDN *rdn, + NSSArena *arenaOpt, + PRUint32 i +); + +/* + * nssRDN_GetSimpleATAV + * + * Most RDNs are actually very simple, with a single ATAV. This + * routine will return the single ATAV from such an RDN. The caller + * owns the ATAV the pointer to which is returned. If the optional + * arena argument is non-null, the memory used will be obtained from + * that arena; otherwise, the memory will be obtained from the heap. + * This routine may return NULL upon error, including the case where + * the set of ATAVs in the RDN is nonsingular. Upon error, this + * routine will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDN + * NSS_ERROR_RDN_NOT_SIMPLE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSATAV + */ + +NSS_EXTERN NSSATAV * +nssRDN_GetSimpleATAV +( + NSSRDN *rdn, + NSSArena *arenaOpt +); + +/* + * nssRDN_Compare + * + * This routine compares two RDNs for equality. For two RDNs to be + * equal, they must have the same number of ATAVs, and every ATAV in + * one must be equal to an ATAV in the other. (Note that the sets + * of ATAVs are unordered.) The result of the comparison will be + * stored at the location pointed to by the "equalp" variable, which + * must point to a valid PRBool. This routine may return PR_FAILURE + * upon error, in which case it will have set an error on the error + * stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDN + * NSS_ERROR_INVALID_ARGUMENT + * + * Return value: + * PR_FAILURE on error + * PR_SUCCESS upon a successful comparison (equal or not) + */ + +NSS_EXTERN PRStatus +nssRDN_Compare +( + NSSRDN *rdn1, + NSSRDN *rdn2, + PRBool *equalp +); + +/* + * nssRDN_Duplicate + * + * This routine duplicates the specified RDN. If the optional arena + * argument is non-null, the memory required will be obtained from + * that arena; otherwise, the memory will be obtained from the heap. + * This routine may return NULL upon error, in which case it will have + * placed an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDN + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL on error + * A pointer to a new RDN + */ + +NSS_EXTERN NSSRDN * +nssRDN_Duplicate +( + NSSRDN *rdn, + NSSArena *arenaOpt +); + +/* + * NSSRDNSeq + * + * The non-public "methods" regarding this "object" are: + * + * nssRDNSeq_CreateFromBER -- constructor + * nssRDNSeq_CreateFromUTF8 -- constructor + * nssRDNSeq_Create -- constructor + * + * nssRDNSeq_Destroy + * nssRDNSeq_GetDEREncoding + * nssRDNSeq_GetUTF8Encoding + * nssRDNSeq_AppendRDN + * nssRDNSeq_GetRDNCount + * nssRDNSeq_GetRDN + * nssRDNSeq_Compare + * nssRDNSeq_Duplicate + * + * nssRDNSeq_EvaluateUTF8 -- not an object method + */ + +/* + * nssRDNSeq_CreateFromBER + * + * This routine creates an NSSRDNSeq by decoding a BER- or DER-encoded + * sequence of RDNs. If the optional arena argument is non-null, + * the memory used will be obtained from that arena; otherwise, the + * memory will be obtained from the heap. This routine may return + * NULL upon error, in which case it will have set an error on the + * error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_BER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSRDNSeq upon success + */ + +NSS_EXTERN NSSRDNSeq * +nssRDNSeq_CreateFromBER +( + NSSArena *arenaOpt, + NSSBER *berRDNSeq +); + +/* + * nssRDNSeq_CreateFromUTF8 + * + * This routine creates an NSSRDNSeq by decoding a UTF8 string + * consisting of a comma-separated sequence of RDNs, such as + * "(sn=Smith,ou=Sales),o=Acme,c=US." If the optional arena argument + * is non-null, the memory used will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. This routine + * may return NULL upon error, in which case it will have set an error + * on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_UNKNOWN_ATTRIBUTE + * NSS_ERROR_INVALID_UTF8 + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSRDNSeq upon success + */ + +NSS_EXTERN NSSRDNSeq * +nssRDNSeq_CreateFromUTF8 +( + NSSArena *arenaOpt, + NSSUTF8 *stringRDNSeq +); + +/* + * nssRDNSeq_Create + * + * This routine creates an NSSRDNSeq from one or more NSSRDNs. The + * final argument to this routine must be NULL. If the optional arena + * argument is non-null, the memory used will be obtained from that + * arena; otherwise, the memory will be obtained from the heap. This + * routine may return NULL upon error, in which case it will have set + * an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_NO_MEMORY + * NSS_ERROR_INVALID_RDN + * + * Return value: + * NULL upon error + * A pointero to an NSSRDNSeq upon success + */ + +NSS_EXTERN NSSRDNSeq * +nssRDNSeq_Create +( + NSSArena *arenaOpt, + NSSRDN *rdn1, + ... +); + +/* + * nssRDNSeq_Destroy + * + * This routine will destroy an RDNSeq object. It should eventually + * be called on all RDNSeqs created without an arena. While it is not + * necessary to call it on RDNSeqs created within an arena, it is not + * an error to do so. This routine returns a PRStatus value; if + * successful, it will return PR_SUCCESS. If unsuccessful, it will + * set an error on the error stack and return PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDNSEQ + * + * Return value: + * PR_FAILURE upon error + * PR_SUCCESS upon success + */ + +NSS_EXTERN PRStatus +nssRDNSeq_Destroy +( + NSSRDNSeq *rdnseq +); + +/* + * nssRDNSeq_GetDEREncoding + * + * This routine will DER-encode an RDNSeq object. If the optional + * arena argument is non-null, the memory used will be obtained from + * that arena; otherwise, the memory will be obtained from the heap. + * This routine may return null upon error, in which case it will have + * set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDNSEQ + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * The DER encoding of this NSSRDNSeq + */ + +NSS_EXTERN NSSDER * +nssRDNSeq_GetDEREncoding +( + NSSRDNSeq *rdnseq, + NSSArena *arenaOpt +); + +/* + * nssRDNSeq_GetUTF8Encoding + * + * This routine returns a UTF8 string containing a string + * representation of the RDNSeq as a comma-separated sequence of RDNs. + * If the optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return null upon error, in which + * case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDNSEQ + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to the UTF8 string + */ + +NSS_EXTERN NSSUTF8 * +nssRDNSeq_GetUTF8Encoding +( + NSSRDNSeq *rdnseq, + NSSArena *arenaOpt +); + +/* + * nssRDNSeq_AppendRDN + * + * This routine appends an RDN to the end of the existing RDN + * sequence. If the RDNSeq was created with a non-null arena + * argument, that same arena will be used for any additional required + * memory. If the RDNSeq was created with a NULL arena argument, any + * additional memory will be obtained from the heap. This routine + * returns a PRStatus value; it will return PR_SUCCESS upon success, + * and upon failure it will set an error on the error stack and return + * PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDNSEQ + * NSS_ERROR_INVALID_RDN + * NSS_ERROR_NO_MEMORY + * + * Return value: + * PR_SUCCESS upon success + * PR_FAILURE upon failure + */ + +NSS_EXTERN PRStatus +nssRDNSeq_AppendRDN +( + NSSRDNSeq *rdnseq, + NSSRDN *rdn +); + +/* + * nssRDNSeq_GetRDNCount + * + * This routine returns the cardinality of the sequence of RDNs within + * the specified RDNSeq. This routine may return 0 upon error, in + * which case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDNSEQ + * + * Return value: + * 0 upon error + * A positive number upon success + */ + +NSS_EXTERN PRUint32 +nssRDNSeq_GetRDNCount +( + NSSRDNSeq *rdnseq +); + +/* + * nssRDNSeq_GetRDN + * + * This routine returns a pointer to the i'th RDN in the sequence of + * RDNs that make up the specified RDNSeq. The sequence begins with + * the top-level (e.g., "c=US") RDN. The value of the variable 'i' + * is on the range [0,c) where c is the cardinality returned from + * NSSRDNSeq_GetRDNCount. The caller owns the RDN the pointer to which + * is returned. If the optional arena argument is non-null, the memory + * used will be obtained from that areana; otherwise, the memory will + * be obtained from the heap. This routine may return NULL upon error, + * in which case it will have set an error upon the error stack. Note + * that the usual UTF8 representation of RDN Sequences is from last + * to first. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDNSEQ + * NSS_ERROR_VALUE_OUT_OF_RANGE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSRDN + */ + +NSS_EXTERN NSSRDN * +nssRDNSeq_GetRDN +( + NSSRDNSeq *rdnseq, + NSSArena *arenaOpt, + PRUint32 i +); + +/* + * nssRDNSeq_Compare + * + * This routine compares two RDNSeqs for equality. For two RDNSeqs to + * be equal, they must have the same number of RDNs, and each RDN in + * one sequence must be equal to the corresponding RDN in the other + * sequence. The result of the comparison will be stored at the + * location pointed to by the "equalp" variable, which must point to a + * valid PRBool. This routine may return PR_FAILURE upon error, in + * which case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDNSEQ + * NSS_ERROR_INVALID_ARGUMENT + * + * Return value: + * PR_FAILURE on error + * PR_SUCCESS upon a successful comparison (equal or not) + */ + +NSS_EXTERN PRStatus +nssRDNSeq_Compare +( + NSSRDNSeq *rdnseq1, + NSSRDNSeq *rdnseq2, + PRBool *equalp +); + +/* + * nssRDNSeq_Duplicate + * + * This routine duplicates the specified RDNSeq. If the optional arena + * argument is non-null, the memory required will be obtained from that + * arena; otherwise, the memory will be obtained from the heap. This + * routine may return NULL upon error, in which case it will have + * placed an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_RDNSEQ + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a new RDNSeq + */ + +NSS_EXTERN NSSRDNSeq * +nssRDNSeq_Duplicate +( + NSSRDNSeq *rdnseq, + NSSArena *arenaOpt +); + +/* + * nssRDNSeq_EvaluateUTF8 + * + * This routine evaluates a UTF8 string, and returns PR_TRUE if the + * string contains the string representation of an RDNSeq. This + * routine is used by the (directory) Name routines + * nssName_CreateFromUTF8 and nssName_EvaluateUTF8 to determine which + * choice of directory name the string may encode. This routine may + * return PR_FALSE upon error, but it subsumes that condition under the + * general "string does not evaluate as an RDNSeq" state, and does not + * set an error on the error stack. + * + * Return value: + * PR_TRUE if the string represents an RDNSeq + * PR_FALSE if otherwise + */ + +NSS_EXTERN PRBool +nssRDNSeq_EvaluateUTF8 +( + NSSUTF8 *str +); + +/* + * NSSName + * + * The non-public "methods" regarding this "object" are: + * + * nssName_CreateFromBER -- constructor + * nssName_CreateFromUTF8 -- constructor + * nssName_Create -- constructor + * + * nssName_Destroy + * nssName_GetDEREncoding + * nssName_GetUTF8Encoding + * nssName_GetChoice + * nssName_GetRDNSequence + * nssName_GetSpecifiedChoice + * nssName_Compare + * nssName_Duplicate + * + * nssName_GetUID + * nssName_GetEmail + * nssName_GetCommonName + * nssName_GetOrganization + * nssName_GetOrganizationalUnits + * nssName_GetStateOrProvince + * nssName_GetLocality + * nssName_GetCountry + * nssName_GetAttribute + * + * nssName_EvaluateUTF8 -- not an object method + */ + +/* + * nssName_CreateFromBER + * + * This routine creates an NSSName by decoding a BER- or DER-encoded + * (directory) Name. If the optional arena argument is non-null, + * the memory used will be obtained from that arena; otherwise, + * the memory will be obtained from the heap. This routine may + * return NULL upon error, in which case it will have set an error + * on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_BER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSName upon success + */ + +NSS_EXTERN NSSName * +nssName_CreateFromBER +( + NSSArena *arenaOpt, + NSSBER *berName +); + +/* + * nssName_CreateFromUTF8 + * + * This routine creates an NSSName by decoding a UTF8 string + * consisting of the string representation of one of the choices of + * (directory) names. Currently the only choice is an RDNSeq. If the + * optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. The routine may return NULL upon error, in which + * case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_UTF8 + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSName upon success + */ + +NSS_EXTERN NSSName * +nssName_CreateFromUTF8 +( + NSSArena *arenaOpt, + NSSUTF8 *stringName +); + +/* + * nssName_Create + * + * This routine creates an NSSName with the specified choice of + * underlying name types. The value of the choice variable must be + * one of the values of the NSSNameChoice enumeration, and the type + * of the arg variable must be as specified in the following table: + * + * Choice Type + * ======================== =========== + * NSSNameChoiceRdnSequence NSSRDNSeq * + * + * If the optional arena argument is non-null, the memory used will + * be obtained from that arena; otherwise, the memory will be + * obtained from the heap. This routine may return NULL upon error, + * in which case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_CHOICE + * NSS_ERROR_INVALID_ARGUMENT + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSName upon success + */ + +NSS_EXTERN NSSName * +nssName_Create +( + NSSArena *arenaOpt, + NSSNameChoice choice, + void *arg +); + +/* + * nssName_Destroy + * + * This routine will destroy a Name object. It should eventually be + * called on all Names created without an arena. While it is not + * necessary to call it on Names created within an arena, it is not + * an error to do so. This routine returns a PRStatus value; if + * successful, it will return PR_SUCCESS. If unsuccessful, it will + * set an error on the error stack and return PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * + * Return value: + * PR_FAILURE upon error + * PR_SUCCESS upon success + */ + +NSS_EXTERN PRStatus +nssName_Destroy +( + NSSName *name +); + +/* + * nssName_GetDEREncoding + * + * This routine will DER-encode a name object. If the optional arena + * argument is non-null, the memory used will be obtained from that + * arena; otherwise, the memory will be obtained from the heap. This + * routine may return null upon error, in which case it will have set + * an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * The DER encoding of this NSSName + */ + +NSS_EXTERN NSSDER * +nssName_GetDEREncoding +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * nssName_GetUTF8Encoding + * + * This routine returns a UTF8 string containing a string + * representation of the Name in the format specified by the + * underlying name choice. If the optional arena argument is non-null, + * the memory used will be obtained from that arena; otherwise, the + * memory will be obtained from the heap. This routine may return + * NULL upon error, in which case it will have set an error on the + * error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to the UTF8 string + */ + +NSS_EXTERN NSSUTF8 * +nssName_GetUTF8Encoding +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * nssName_GetChoice + * + * This routine returns the type of the choice underlying the specified + * name. The return value will be a member of the NSSNameChoice + * enumeration. This routine may return NSSNameChoiceInvalid upon + * error, in which case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * + * Return value: + * NSSNameChoiceInvalid upon error + * An other member of the NSSNameChoice enumeration upon success + */ + +NSS_EXTERN NSSNameChoice +nssName_GetChoice +( + NSSName *name +); + +/* + * nssName_GetRDNSequence + * + * If the choice underlying the specified NSSName is that of an + * RDNSequence, this routine will return a pointer to that RDN + * sequence. Otherwise, this routine will place an error on the + * error stack, and return NULL. If the optional arena argument is + * non-null, the memory required will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. The + * caller owns the returned pointer. This routine may return NULL + * upon error, in which case it will have set an error on the error + * stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSRDNSeq + */ + +NSS_EXTERN NSSRDNSeq * +nssName_GetRDNSequence +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * nssName_GetSpecifiedChoice + * + * If the choice underlying the specified NSSName matches the specified + * choice, a caller-owned pointer to that underlying object will be + * returned. Otherwise, an error will be placed on the error stack and + * NULL will be returned. If the optional arena argument is non-null, + * the memory required will be obtained from that arena; otherwise, the + * memory will be obtained from the heap. The caller owns the returned + * pointer. This routine may return NULL upon error, in which case it + * will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer, which must be typecast + */ + +NSS_EXTERN void * +nssName_GetSpecifiedChoice +( + NSSName *name, + NSSNameChoice choice, + NSSArena *arenaOpt +); + +/* + * nssName_Compare + * + * This routine compares two Names for equality. For two Names to be + * equal, they must have the same choice of underlying types, and the + * underlying values must be equal. The result of the comparison will + * be stored at the location pointed to by the "equalp" variable, which + * must point to a valid PRBool. This routine may return PR_FAILURE + * upon error, in which case it will have set an error on the error + * stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_INVALID_ARGUMENT + * + * Return value: + * PR_FAILURE on error + * PR_SUCCESS upon a successful comparison (equal or not) + */ + +NSS_EXTERN PRStatus +nssName_Compare +( + NSSName *name1, + NSSName *name2, + PRBool *equalp +); + +/* + * nssName_Duplicate + * + * This routine duplicates the specified nssname. If the optional + * arena argument is non-null, the memory required will be obtained + * from that arena; otherwise, the memory will be obtained from the + * heap. This routine may return NULL upon error, in which case it + * will have placed an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a new NSSName + */ + +NSS_EXTERN NSSName * +nssName_Duplicate +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * nssName_GetUID + * + * This routine will attempt to derive a user identifier from the + * specified name, if the choices and content of the name permit. + * If the Name consists of a Sequence of Relative Distinguished + * Names containing a UID attribute, the UID will be the value of + * that attribute. Note that no UID attribute is defined in either + * PKIX or PKCS#9; rather, this seems to derive from RFC 1274, which + * defines the type as a caseIgnoreString. We'll return a Directory + * String. If the optional arena argument is non-null, the memory + * used will be obtained from that arena; otherwise, the memory will + * be obtained from the heap. This routine may return NULL upon error, + * in which case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_UID + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String. + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +nssName_GetUID +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * nssName_GetEmail + * + * This routine will attempt to derive an email address from the + * specified name, if the choices and content of the name permit. + * If the Name consists of a Sequence of Relative Distinguished + * Names containing either a PKIX email address or a PKCS#9 email + * address, the result will be the value of that attribute. If the + * optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return NULL upon error, in which + * case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_EMAIL + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr IA5 String */ +nssName_GetEmail +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * nssName_GetCommonName + * + * This routine will attempt to derive a common name from the + * specified name, if the choices and content of the name permit. + * If the Name consists of a Sequence of Relative Distinguished Names + * containing a PKIX Common Name, the result will be that name. If + * the optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return NULL upon error, in which + * case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_COMMON_NAME + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +nssName_GetCommonName +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * nssName_GetOrganization + * + * This routine will attempt to derive an organisation name from the + * specified name, if the choices and content of the name permit. + * If Name consists of a Sequence of Relative Distinguished names + * containing a PKIX Organization, the result will be the value of + * that attribute. If the optional arena argument is non-null, the + * memory used will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. This routine may return NULL upon + * error, in which case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_ORGANIZATION + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +nssName_GetOrganization +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * nssName_GetOrganizationalUnits + * + * This routine will attempt to derive a sequence of organisational + * unit names from the specified name, if the choices and content of + * the name permit. If the Name consists of a Sequence of Relative + * Distinguished Names containing one or more organisational units, + * the result will be the values of those attributes. If the optional + * arena argument is non-null, the memory used will be obtained from + * that arena; otherwise, the memory will be obtained from the heap. + * This routine may return NULL upon error, in which case it will have + * set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_ORGANIZATIONAL_UNITS + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a null-terminated array of UTF8 Strings + */ + +NSS_EXTERN NSSUTF8 ** /* XXX fgmr DirectoryString */ +nssName_GetOrganizationalUnits +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * nssName_GetStateOrProvince + * + * This routine will attempt to derive a state or province name from + * the specified name, if the choices and content of the name permit. + * If the Name consists of a Sequence of Relative Distinguished Names + * containing a state or province, the result will be the value of + * that attribute. If the optional arena argument is non-null, the + * memory used will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. This routine may return NULL upon + * error, in which case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_STATE_OR_PROVINCE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +nssName_GetStateOrProvince +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * nssName_GetLocality + * + * This routine will attempt to derive a locality name from the + * specified name, if the choices and content of the name permit. If + * the Name consists of a Sequence of Relative Distinguished names + * containing a Locality, the result will be the value of that + * attribute. If the optional arena argument is non-null, the memory + * used will be obtained from that arena; otherwise, the memory will + * be obtained from the heap. This routine may return NULL upon error, + * in which case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_LOCALITY + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +nssName_GetLocality +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * nssName_GetCountry + * + * This routine will attempt to derive a country name from the + * specified name, if the choices and content of the name permit. + * If the Name consists of a Sequence of Relative Distinguished + * Names containing a Country, the result will be the value of + * that attribute.. If the optional arena argument is non-null, + * the memory used will be obtained from that arena; otherwise, + * the memory will be obtained from the heap. This routine may + * return NULL upon error, in which case it will have set an error + * on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_COUNTRY + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr PrintableString */ +nssName_GetCountry +( + NSSName *name, + NSSArena *arenaOpt +); + +/* + * nssName_GetAttribute + * + * If the specified name consists of a Sequence of Relative + * Distinguished Names containing an attribute with the specified + * type, and the actual value of that attribute may be expressed + * with a Directory String, then the value of that attribute will + * be returned as a Directory String. If the optional arena argument + * is non-null, the memory used will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. This routine + * may return NULL upon error, in which case it will have set an error + * on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_NAME + * NSS_ERROR_NO_ATTRIBUTE + * NSS_ERROR_ATTRIBUTE_VALUE_NOT_STRING + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +nssName_GetAttribute +( + NSSName *name, + NSSOID *attribute, + NSSArena *arenaOpt +); + +/* + * nssName_EvaluateUTF8 + * + * This routine evaluates a UTF8 string, and returns PR_TRUE if the + * string contains the string representation of an NSSName. This + * routine is used by the GeneralName routine + * nssGeneralName_CreateFromUTF8 to determine which choice of + * general name the string may encode. This routine may return + * PR_FALSE upon error, but it subsumes that condition under the + * general "string does not evaluate as a Name" state, and does not + * set an error on the error stack. + * + * Return value: + * PR_TRUE if the string represents a Name + * PR_FALSE otherwise + */ + +NSS_EXTERN PRBool +nssName_EvaluateUTF8 +( + NSSUTF8 *str +); + +/* + * NSSGeneralName + * + * The non-public "methods" regarding this "object" are: + * + * nssGeneralName_CreateFromBER -- constructor + * nssGeneralName_CreateFromUTF8 -- constructor + * nssGeneralName_Create -- constructor + * + * nssGeneralName_Destroy + * nssGeneralName_GetDEREncoding + * nssGeneralName_GetUTF8Encoding + * nssGeneralName_GetChoice + * nssGeneralName_GetOtherName + * nssGeneralName_GetRfc822Name + * nssGeneralName_GetDNSName + * nssGeneralName_GetX400Address + * nssGeneralName_GetDirectoryName + * nssGeneralName_GetEdiPartyName + * nssGeneralName_GetUniformResourceIdentifier + * nssGeneralName_GetIPAddress + * nssGeneralName_GetRegisteredID + * nssGeneralName_GetSpecifiedChoice + * nssGeneralName_Compare + * nssGeneralName_Duplicate + * + * nssGeneralName_GetUID + * nssGeneralName_GetEmail + * nssGeneralName_GetCommonName + * nssGeneralName_GetOrganization + * nssGeneralName_GetOrganizationalUnits + * nssGeneralName_GetStateOrProvince + * nssGeneralName_GetLocality + * nssGeneralName_GetCountry + * nssGeneralName_GetAttribute + */ + +/* + * nssGeneralName_CreateFromBER + * + * This routine creates an NSSGeneralName by decoding a BER- or DER- + * encoded general name. If the optional arena argument is non-null, + * the memory used will be obtained from that arena; otherwise, the + * memory will be obtained from the heap. This routine may return + * NULL upon error, in which case it will have set an error on the + * error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_BER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSGeneralName upon success + */ + +NSS_EXTERN NSSGeneralName * +nssGeneralName_CreateFromBER +( + NSSArena *arenaOpt, + NSSBER *berGeneralName +); + +/* + * nssGeneralName_CreateFromUTF8 + * + * This routine creates an NSSGeneralName by decoding a UTF8 string + * consisting of the string representation of one of the choices of + * general names. If the optional arena argument is non-null, the + * memory used will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. The routine may return NULL upon + * error, in which case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_UTF8 + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSGeneralName upon success + */ + +NSS_EXTERN NSSGeneralName * +nssGeneralName_CreateFromUTF8 +( + NSSArena *arenaOpt, + NSSUTF8 *stringGeneralName +); + +/* + * nssGeneralName_Create + * + * This routine creates an NSSGeneralName with the specified choice of + * underlying name types. The value of the choice variable must be one + * of the values of the NSSGeneralNameChoice enumeration, and the type + * of the arg variable must be as specified in the following table: + * + * Choice Type + * ============================================ ========= + * NSSGeneralNameChoiceOtherName + * NSSGeneralNameChoiceRfc822Name + * NSSGeneralNameChoiceDNSName + * NSSGeneralNameChoiceX400Address + * NSSGeneralNameChoiceDirectoryName NSSName * + * NSSGeneralNameChoiceEdiPartyName + * NSSGeneralNameChoiceUniformResourceIdentifier + * NSSGeneralNameChoiceIPAddress + * NSSGeneralNameChoiceRegisteredID + * + * If the optional arena argument is non-null, the memory used will + * be obtained from that arena; otherwise, the memory will be + * obtained from the heap. This routine may return NULL upon error, + * in which case it will have set an error on the error stack. + * + * The error may be one fo the following values: + * NSS_ERROR_INVALID_CHOICE + * NSS_ERROR_INVALID_ARGUMENT + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSGeneralName upon success + */ + +NSS_EXTERN NSSGeneralName * +nssGeneralName_Create +( + NSSGeneralNameChoice choice, + void *arg +); + +/* + * nssGeneralName_Destroy + * + * This routine will destroy a General Name object. It should + * eventually be called on all General Names created without an arena. + * While it is not necessary to call it on General Names created within + * an arena, it is not an error to do so. This routine returns a + * PRStatus value; if successful, it will return PR_SUCCESS. If + * usuccessful, it will set an error on the error stack and return + * PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * + * Return value: + * PR_FAILURE upon failure + * PR_SUCCESS upon success + */ + +NSS_EXTERN PRStatus +nssGeneralName_Destroy +( + NSSGeneralName *generalName +); + +/* + * nssGeneralName_GetDEREncoding + * + * This routine will DER-encode a name object. If the optional arena + * argument is non-null, the memory used will be obtained from that + * arena; otherwise, the memory will be obtained from the heap. This + * routine may return null upon error, in which case it will have set + * an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * The DER encoding of this NSSGeneralName + */ + +NSS_EXTERN NSSDER * +nssGeneralName_GetDEREncoding +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_GetUTF8Encoding + * + * This routine returns a UTF8 string containing a string + * representation of the General Name in the format specified by the + * underlying name choice. If the optional arena argument is + * non-null, the memory used will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. This routine + * may return NULL upon error, in which case it will have set an error + * on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 string + */ + +NSS_EXTERN NSSUTF8 * +nssGeneralName_GetUTF8Encoding +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_GetChoice + * + * This routine returns the type of choice underlying the specified + * general name. The return value will be a member of the + * NSSGeneralNameChoice enumeration. This routine may return + * NSSGeneralNameChoiceInvalid upon error, in which case it will have + * set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * + * Return value: + * NSSGeneralNameChoiceInvalid upon error + * An other member of the NSSGeneralNameChoice enumeration + */ + +NSS_EXTERN NSSGeneralNameChoice +nssGeneralName_GetChoice +( + NSSGeneralName *generalName +); + +/* + * nssGeneralName_GetOtherName + * + * If the choice underlying the specified NSSGeneralName is that of an + * Other Name, this routine will return a pointer to that Other name. + * Otherwise, this routine will place an error on the error stack, and + * return NULL. If the optional arena argument is non-null, the memory + * required will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. The caller owns the returned + * pointer. This routine may return NULL upon error, in which case it + * will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSOtherName + */ + +NSS_EXTERN NSSOtherName * +nssGeneralName_GetOtherName +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_GetRfc822Name + * + * If the choice underlying the specified NSSGeneralName is that of an + * RFC 822 Name, this routine will return a pointer to that name. + * Otherwise, this routine will place an error on the error stack, and + * return NULL. If the optional arena argument is non-null, the memory + * required will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. The caller owns the returned + * pointer. This routine may return NULL upon error, in which case it + * will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSRFC822Name + */ + +NSS_EXTERN NSSRFC822Name * +nssGeneralName_GetRfc822Name +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_GetDNSName + * + * If the choice underlying the specified NSSGeneralName is that of a + * DNS Name, this routine will return a pointer to that DNS name. + * Otherwise, this routine will place an error on the error stack, and + * return NULL. If the optional arena argument is non-null, the memory + * required will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. The caller owns the returned + * pointer. This routine may return NULL upon error, in which case it + * will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSDNSName + */ + +NSS_EXTERN NSSDNSName * +nssGeneralName_GetDNSName +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_GetX400Address + * + * If the choice underlying the specified NSSGeneralName is that of an + * X.400 Address, this routine will return a pointer to that Address. + * Otherwise, this routine will place an error on the error stack, and + * return NULL. If the optional arena argument is non-null, the memory + * required will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. The caller owns the returned + * pointer. This routine may return NULL upon error, in which case it + * will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSX400Address + */ + +NSS_EXTERN NSSX400Address * +nssGeneralName_GetX400Address +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_GetDirectoryName + * + * If the choice underlying the specified NSSGeneralName is that of a + * (directory) Name, this routine will return a pointer to that name. + * Otherwise, this routine will place an error on the error stack, and + * return NULL. If the optional arena argument is non-null, the memory + * required will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. The caller owns the returned + * pointer. This routine may return NULL upon error, in which case it + * will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSName + */ + +NSS_EXTERN NSSName * +nssGeneralName_GetName +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_GetEdiPartyName + * + * If the choice underlying the specified NSSGeneralName is that of an + * EDI Party Name, this routine will return a pointer to that name. + * Otherwise, this routine will place an error on the error stack, and + * return NULL. If the optional arena argument is non-null, the memory + * required will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. The caller owns the returned + * pointer. This routine may return NULL upon error, in which case it + * will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSEdiPartyName + */ + +NSS_EXTERN NSSEdiPartyName * +nssGeneralName_GetEdiPartyName +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_GetUniformResourceIdentifier + * + * If the choice underlying the specified NSSGeneralName is that of a + * URI, this routine will return a pointer to that URI. + * Otherwise, this routine will place an error on the error stack, and + * return NULL. If the optional arena argument is non-null, the memory + * required will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. The caller owns the returned + * pointer. This routine may return NULL upon error, in which case it + * will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSURI + */ + +NSS_EXTERN NSSURI * +nssGeneralName_GetUniformResourceIdentifier +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_GetIPAddress + * + * If the choice underlying the specified NSSGeneralName is that of an + * IP Address , this routine will return a pointer to that address. + * Otherwise, this routine will place an error on the error stack, and + * return NULL. If the optional arena argument is non-null, the memory + * required will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. The caller owns the returned + * pointer. This routine may return NULL upon error, in which case it + * will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSIPAddress + */ + +NSS_EXTERN NSSIPAddress * +nssGeneralName_GetIPAddress +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_GetRegisteredID + * + * If the choice underlying the specified NSSGeneralName is that of a + * Registered ID, this routine will return a pointer to that ID. + * Otherwise, this routine will place an error on the error stack, and + * return NULL. If the optional arena argument is non-null, the memory + * required will be obtained from that arena; otherwise, the memory + * will be obtained from the heap. The caller owns the returned + * pointer. This routine may return NULL upon error, in which case it + * will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to an NSSRegisteredID + */ + +NSS_EXTERN NSSRegisteredID * +nssGeneralName_GetRegisteredID +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_GetSpecifiedChoice + * + * If the choice underlying the specified NSSGeneralName matches the + * specified choice, a caller-owned pointer to that underlying object + * will be returned. Otherwise, an error will be placed on the error + * stack and NULL will be returned. If the optional arena argument + * is non-null, the memory required will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. The caller + * owns the returned pointer. This routine may return NULL upon + * error, in which caes it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_WRONG_CHOICE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer, which must be typecast + */ + +NSS_EXTERN void * +nssGeneralName_GetSpecifiedChoice +( + NSSGeneralName *generalName, + NSSGeneralNameChoice choice, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_Compare + * + * This routine compares two General Names for equality. For two + * General Names to be equal, they must have the same choice of + * underlying types, and the underlying values must be equal. The + * result of the comparison will be stored at the location pointed + * to by the "equalp" variable, which must point to a valid PRBool. + * This routine may return PR_FAILURE upon error, in which case it + * will have set an error on the error stack. + * + * The error may be one of the following value: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_INVALID_ARGUMENT + * + * Return value: + * PR_FAILURE upon error + * PR_SUCCESS upon a successful comparison (equal or not) + */ + +NSS_EXTERN PRStatus +nssGeneralName_Compare +( + NSSGeneralName *generalName1, + NSSGeneralName *generalName2, + PRBool *equalp +); + +/* + * nssGeneralName_Duplicate + * + * This routine duplicates the specified General Name. If the optional + * arena argument is non-null, the memory required will be obtained + * from that arena; otherwise, the memory will be obtained from the + * heap. This routine may return NULL upon error, in which case it + * will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a new NSSGeneralName + */ + +NSS_EXTERN NSSGeneralName * +nssGeneralName_Duplicate +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_GetUID + * + * This routine will attempt to derive a user identifier from the + * specified general name, if the choices and content of the name + * permit. If the General Name is a (directory) Name consisting + * of a Sequence of Relative Distinguished Names containing a UID + * attribute, the UID will be the value of that attribute. Note + * that no UID attribute is defined in either PKIX or PKCS#9; + * rather, this seems to derive from RFC 1274, which defines the + * type as a caseIgnoreString. We'll return a Directory String. + * If the optional arena argument is non-null, the memory used + * will be obtained from that arena; otherwise, the memory will be + * obtained from the heap. This routine may return NULL upon error, + * in which case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_UID + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String. + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +nssGeneralName_GetUID +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_GetEmail + * + * This routine will attempt to derive an email address from the + * specified general name, if the choices and content of the name + * permit. If the General Name is a (directory) Name consisting + * of a Sequence of Relative Distinguished names containing either + * a PKIX email address or a PKCS#9 email address, the result will + * be the value of that attribute. If the General Name is an RFC 822 + * Name, the result will be the string form of that name. If the + * optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return NULL upon error, in which + * case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_EMAIL + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr IA5String */ +nssGeneralName_GetEmail +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_GetCommonName + * + * This routine will attempt to derive a common name from the + * specified general name, if the choices and content of the name + * permit. If the General Name is a (directory) Name consisting + * of a Sequence of Relative Distinguished names containing a PKIX + * Common Name, the result will be that name. If the optional arena + * argument is non-null, the memory used will be obtained from that + * arena; otherwise, the memory will be obtained from the heap. This + * routine may return NULL upon error, in which case it will have set + * an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_COMMON_NAME + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +nssGeneralName_GetCommonName +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_GetOrganization + * + * This routine will attempt to derive an organisation name from the + * specified general name, if the choices and content of the name + * permit. If the General Name is a (directory) Name consisting + * of a Sequence of Relative Distinguished names containing an + * Organization, the result will be the value of that attribute. + * If the optional arena argument is non-null, the memory used will + * be obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return NULL upon error, in which + * case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_ORGANIZATION + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +nssGeneralName_GetOrganization +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_GetOrganizationalUnits + * + * This routine will attempt to derive a sequence of organisational + * unit names from the specified general name, if the choices and + * content of the name permit. If the General Name is a (directory) + * Name consisting of a Sequence of Relative Distinguished names + * containing one or more organisational units, the result will + * consist of those units. If the optional arena argument is non- + * null, the memory used will be obtained from that arena; otherwise, + * the memory will be obtained from the heap. This routine may return + * NULL upon error, in which case it will have set an error on the + * error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_ORGANIZATIONAL_UNITS + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a null-terminated array of UTF8 Strings + */ + +NSS_EXTERN NSSUTF8 ** /* XXX fgmr DirectoryString */ +nssGeneralName_GetOrganizationalUnits +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_GetStateOrProvince + * + * This routine will attempt to derive a state or province name from + * the specified general name, if the choices and content of the name + * permit. If the General Name is a (directory) Name consisting + * of a Sequence of Relative Distinguished names containing a state or + * province, the result will be the value of that attribute. If the + * optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return NULL upon error, in which + * case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_STATE_OR_PROVINCE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +nssGeneralName_GetStateOrProvince +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_GetLocality + * + * This routine will attempt to derive a locality name from + * the specified general name, if the choices and content of the name + * permit. If the General Name is a (directory) Name consisting + * of a Sequence of Relative Distinguished names containing a Locality, + * the result will be the value of that attribute. If the optional + * arena argument is non-null, the memory used will be obtained from + * that arena; otherwise, the memory will be obtained from the heap. + * This routine may return NULL upon error, in which case it will have + * set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_LOCALITY + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +nssGeneralName_GetLocality +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_GetCountry + * + * This routine will attempt to derive a country name from the + * specified general name, if the choices and content of the name + * permit. If the General Name is a (directory) Name consisting of a + * Sequence of Relative Distinguished names containing a Country, the + * result will be the value of that attribute. If the optional + * arena argument is non-null, the memory used will be obtained from + * that arena; otherwise, the memory will be obtained from the heap. + * This routine may return NULL upon error, in which case it will have + * set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_COUNTRY + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr PrintableString */ +nssGeneralName_GetCountry +( + NSSGeneralName *generalName, + NSSArena *arenaOpt +); + +/* + * nssGeneralName_GetAttribute + * + * If the specified general name is a (directory) name consisting + * of a Sequence of Relative Distinguished Names containing an + * attribute with the specified type, and the actual value of that + * attribute may be expressed with a Directory String, then the + * value of that attribute will be returned as a Directory String. + * If the optional arena argument is non-null, the memory used will + * be obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return NULL upon error, in which + * case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_ATTRIBUTE + * NSS_ERROR_ATTRIBUTE_VALUE_NOT_STRING + * + * Return value: + * NULL upon error + * A pointer to a UTF8 String + */ + +NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */ +nssGeneralName_GetAttribute +( + NSSGeneralName *generalName, + NSSOID *attribute, + NSSArena *arenaOpt +); + +/* + * NSSGeneralNameSeq + * + * The public "methods" regarding this "object" are: + * + * nssGeneralNameSeq_CreateFromBER -- constructor + * nssGeneralNameSeq_Create -- constructor + * + * nssGeneralNameSeq_Destroy + * nssGeneralNameSeq_GetDEREncoding + * nssGeneralNameSeq_AppendGeneralName + * nssGeneralNameSeq_GetGeneralNameCount + * nssGeneralNameSeq_GetGeneralName + * nssGeneralNameSeq_Compare + * nssGeneralnameSeq_Duplicate + */ + +/* + * nssGeneralNameSeq_CreateFromBER + * + * This routine creates a general name sequence by decoding a BER- + * or DER-encoded GeneralNames. If the optional arena argument is + * non-null, the memory used will be obtained from that arena; + * otherwise, the memory will be obtained from the heap. This routine + * may return NULL upon error, in which case it will have set an error + * on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_BER + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to an NSSGeneralNameSeq upon success + */ + +NSS_EXTERN NSSGeneralNameSeq * +nssGeneralNameSeq_CreateFromBER +( + NSSArena *arenaOpt, + NSSBER *berGeneralNameSeq +); + +/* + * nssGeneralNameSeq_Create + * + * This routine creates an NSSGeneralNameSeq from one or more General + * Names. The final argument to this routine must be NULL. If the + * optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return NULL upon error, in which + * case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_NO_MEMORY + * NSS_ERROR_INVALID_GENERAL_NAME + * + * Return value: + * NULL upon error + * A pointer to an NSSGeneralNameSeq upon success + */ + +NSS_EXTERN NSSGeneralNameSeq * +nssGeneralNameSeq_Create +( + NSSArena *arenaOpt, + NSSGeneralName *generalName1, + ... +); + +/* + * nssGeneralNameSeq_Destroy + * + * This routine will destroy an NSSGeneralNameSeq object. It should + * eventually be called on all NSSGeneralNameSeqs created without an + * arena. While it is not necessary to call it on NSSGeneralNameSeq's + * created within an arena, it is not an error to do so. This routine + * returns a PRStatus value; if successful, it will return PR_SUCCESS. + * If unsuccessful, it will set an error on the error stack and return + * PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME_SEQ + * + * Return value: + * PR_FAILURE upon error + * PR_SUCCESS upon success + */ + +NSS_EXTERN PRStatus +nssGeneralNameSeq_Destroy +( + NSSGeneralNameSeq *generalNameSeq +); + +/* + * nssGeneralNameSeq_GetDEREncoding + * + * This routine will DER-encode an NSSGeneralNameSeq object. If the + * optional arena argument is non-null, the memory used will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return null upon error, in which + * case it will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME_SEQ + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * The DER encoding of this NSSGeneralNameSeq + */ + +NSS_EXTERN NSSDER * +nssGeneralNameSeq_GetDEREncoding +( + NSSGeneralNameSeq *generalNameSeq, + NSSArena *arenaOpt +); + +/* + * nssGeneralNameSeq_AppendGeneralName + * + * This routine appends a General Name to the end of the existing + * General Name Sequence. If the sequence was created with a non-null + * arena argument, that same arena will be used for any additional + * required memory. If the sequence was created with a NULL arena + * argument, any additional memory will be obtained from the heap. + * This routine returns a PRStatus value; it will return PR_SUCCESS + * upon success, and upon failure it will set an error on the error + * stack and return PR_FAILURE. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME_SEQ + * NSS_ERROR_INVALID_GENERAL_NAME + * NSS_ERROR_NO_MEMORY + * + * Return value: + * PR_SUCCESS upon success + * PR_FAILURE upon failure. + */ + +NSS_EXTERN PRStatus +nssGeneralNameSeq_AppendGeneralName +( + NSSGeneralNameSeq *generalNameSeq, + NSSGeneralName *generalName +); + +/* + * nssGeneralNameSeq_GetGeneralNameCount + * + * This routine returns the cardinality of the specified General name + * Sequence. This routine may return 0 upon error, in which case it + * will have set an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME_SEQ + * + * Return value; + * 0 upon error + * A positive number upon success + */ + +NSS_EXTERN PRUint32 +nssGeneralNameSeq_GetGeneralNameCount +( + NSSGeneralNameSeq *generalNameSeq +); + +/* + * nssGeneralNameSeq_GetGeneralName + * + * This routine returns a pointer to the i'th General Name in the + * specified General Name Sequence. The value of the variable 'i' is + * on the range [0,c) where c is the cardinality returned from + * NSSGeneralNameSeq_GetGeneralNameCount. The caller owns the General + * Name the pointer to which is returned. If the optional arena + * argument is non-null, the memory used will be obtained from that + * arena; otherwise, the memory will be obtained from the heap. This + * routine may return NULL upon error, in which case it will have set + * an error upon the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME_SEQ + * NSS_ERROR_VALUE_OUT_OF_RANGE + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A caller-owned pointer to a General Name. + */ + +NSS_EXTERN NSSGeneralName * +nssGeneralNameSeq_GetGeneralName +( + NSSGeneralNameSeq *generalNameSeq, + NSSArena *arenaOpt, + PRUint32 i +); + +/* + * nssGeneralNameSeq_Compare + * + * This routine compares two General Name Sequences for equality. For + * two General Name Sequences to be equal, they must have the same + * cardinality, and each General Name in one sequence must be equal to + * the corresponding General Name in the other. The result of the + * comparison will be stored at the location pointed to by the "equalp" + * variable, which must point to a valid PRBool. This routine may + * return PR_FAILURE upon error, in which case it will have set an + * error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME_SEQ + * NSS_ERROR_INVALID_ARGUMENT + * + * Return value: + * PR_FAILURE upon error + * PR_SUCCESS upon a successful comparison (equal or not) + */ + +NSS_EXTERN PRStatus +nssGeneralNameSeq_Compare +( + NSSGeneralNameSeq *generalNameSeq1, + NSSGeneralNameSeq *generalNameSeq2, + PRBool *equalp +); + +/* + * nssGeneralNameSeq_Duplicate + * + * This routine duplicates the specified sequence of general names. If + * the optional arena argument is non-null, the memory required will be + * obtained from that arena; otherwise, the memory will be obtained + * from the heap. This routine may return NULL upon error, in which + * case it will have placed an error on the error stack. + * + * The error may be one of the following values: + * NSS_ERROR_INVALID_GENERAL_NAME_SEQ + * NSS_ERROR_NO_MEMORY + * + * Return value: + * NULL upon error + * A pointer to a new General Name Sequence. + */ + +NSS_EXTERN NSSGeneralNameSeq * +nssGeneralNameSeq_Duplicate +( + NSSGeneralNameSeq *generalNameSeq, + NSSArena *arenaOpt +); + +PR_END_EXTERN_C + +#endif /* PKI1_H */ diff --git a/security/nss/lib/pki1/pki1t.h b/security/nss/lib/pki1/pki1t.h new file mode 100644 index 000000000..de6e5c835 --- /dev/null +++ b/security/nss/lib/pki1/pki1t.h @@ -0,0 +1,104 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#ifndef PKI1T_H +#define PKI1T_H + +#ifdef DEBUG +static const char PKI1T_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; +#endif /* DEBUG */ + +/* + * pki1t.h + * + * This file contains definitions for the types used in the PKIX part-1 + * code, but not available publicly. + */ + +#ifndef BASET_H +#include "baset.h" +#endif /* BASET_H */ + +#ifndef NSSPKI1T_H +#include "nsspki1t.h" +#endif /* NSSPKI1T_H */ + +PR_BEGIN_EXTERN_C + +/* + * NSSOID + * + * This structure is used to hold our internal table of built-in OID + * data. The fields are as follows: + * + * NSSItem data -- this is the actual DER-encoded multinumber oid + * const char *expl -- this explains the derivation, and is checked + * in a unit test. While the field always exists, + * it is only populated or used in debug builds. + * + */ + +struct NSSOIDStr { +#ifdef DEBUG + const NSSUTF8 *tag; + const NSSUTF8 *expl; +#endif /* DEBUG */ + NSSItem data; +}; + +/* + * nssAttributeTypeAliasTable + * + * Attribute types are passed around as oids (at least in the X.500 + * and PKI worlds, as opposed to ldap). However, when written as + * strings they usually have well-known aliases, e.g., "ou" or "c." + * + * This type defines a table, populated in the generated oiddata.c + * file, of the aliases we recognize. + * + * The fields are as follows: + * + * NSSUTF8 *alias -- a well-known string alias for an oid + * NSSOID *oid -- the oid to which the alias corresponds + * + */ + +struct nssAttributeTypeAliasTableStr { + const NSSUTF8 *alias; + const NSSOID **oid; +}; +typedef struct nssAttributeTypeAliasTableStr nssAttributeTypeAliasTable; + +PR_END_EXTERN_C + +#endif /* PKI1T_H */ diff --git a/security/nss/lib/pki1/rdn.c b/security/nss/lib/pki1/rdn.c new file mode 100644 index 000000000..f778de22c --- /dev/null +++ b/security/nss/lib/pki1/rdn.c @@ -0,0 +1,73 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; +#endif /* DEBUG */ + +/* + * rdn.c + * + * This file contains the implementation of the PKIX part-1 object + * RelativeDistinguishedName. + */ + +#ifndef NSSBASE_H +#include "nssbase.h" +#endif /* NSSBASE_H */ + +#ifndef ASN1_H +#include "asn1.h" +#endif /* ASN1_H */ + +#ifndef PKI1_H +#include "pki1.h" +#endif /* PKI1_H */ + +/* + * RelativeDistinguishedName + * + * From draft-ietf-pkix-ipki-part1-10: + * + * RelativeDistinguishedName ::= + * SET SIZE (1 .. MAX) OF AttributeTypeAndValue + * + * An RDN is merely an (unordered) set of ATAV's. The setSize (that's + * a noun, not a verb) variable is a "helper" variable kept for + * convenience. + */ + +struct nssRDNStr { + PRUint32 setSize; + NSSATAV **atavs; +}; diff --git a/security/nss/lib/pki1/rdnseq.c b/security/nss/lib/pki1/rdnseq.c new file mode 100644 index 000000000..bbd4dfe4b --- /dev/null +++ b/security/nss/lib/pki1/rdnseq.c @@ -0,0 +1,71 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; +#endif /* DEBUG */ + +/* + * rdnseq.c + * + * This file contains the implementation of the PKIX part-1 object + * RDNSequence. + */ + +#ifndef NSSBASE_H +#include "nssbase.h" +#endif /* NSSBASE_H */ + +#ifndef ASN1_H +#include "asn1.h" +#endif /* ASN1_H */ + +#ifndef PKI1_H +#include "pki1.h" +#endif /* PKI1_H */ + +/* + * RDNSequence + * + * From draft-ietf-pkix-ipki-part1-10: + * + * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName + * + * An RDNSequence is simply an (ordered) sequence of RDN's. The + * seqSize variable is a "helper" kept for simplicity. + */ + +struct nssRDNSeqStr { + PRUint32 seqSize; + NSSRDN **rdns; +}; |