diff options
Diffstat (limited to 'security/nss/lib/certdb/xauthkid.c')
-rw-r--r-- | security/nss/lib/certdb/xauthkid.c | 147 |
1 files changed, 147 insertions, 0 deletions
diff --git a/security/nss/lib/certdb/xauthkid.c b/security/nss/lib/certdb/xauthkid.c new file mode 100644 index 000000000..8b7ac4a92 --- /dev/null +++ b/security/nss/lib/certdb/xauthkid.c @@ -0,0 +1,147 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +/* + * X.509 v3 Subject Key Usage Extension + * + */ + +#include "prtypes.h" +#include "mcom_db.h" +#include "seccomon.h" +#include "secdert.h" +#include "secoidt.h" +#include "secasn1t.h" +#include "secasn1.h" +#include "secport.h" +#include "certt.h" +#include "genname.h" +#include "secerr.h" + + +const SEC_ASN1Template CERTAuthKeyIDTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAuthKeyID) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 0, + offsetof(CERTAuthKeyID,keyID), SEC_OctetStringTemplate}, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1, + offsetof(CERTAuthKeyID, DERAuthCertIssuer), CERT_GeneralNamesTemplate}, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 2, + offsetof(CERTAuthKeyID,authCertSerialNumber), SEC_IntegerTemplate}, + { 0 } +}; + + + +SECStatus CERT_EncodeAuthKeyID (PRArenaPool *arena, CERTAuthKeyID *value, SECItem *encodedValue) +{ + SECStatus rv = SECFailure; + + PORT_Assert (value); + PORT_Assert (arena); + PORT_Assert (value->DERAuthCertIssuer == NULL); + PORT_Assert (encodedValue); + + do { + + /* If both of the authCertIssuer and the serial number exist, encode + the name first. Otherwise, it is an error if one exist and the other + is not. + */ + if (value->authCertIssuer) { + if (!value->authCertSerialNumber.data) { + PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID); + break; + } + + value->DERAuthCertIssuer = cert_EncodeGeneralNames + (arena, value->authCertIssuer); + if (!value->DERAuthCertIssuer) { + PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID); + break; + } + } + else if (value->authCertSerialNumber.data) { + PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID); + break; + } + + if (SEC_ASN1EncodeItem (arena, encodedValue, value, + CERTAuthKeyIDTemplate) == NULL) + break; + rv = SECSuccess; + + } while (0); + return(rv); +} + +CERTAuthKeyID * +CERT_DecodeAuthKeyID (PRArenaPool *arena, SECItem *encodedValue) +{ + CERTAuthKeyID * value = NULL; + SECStatus rv = SECFailure; + void * mark; + + PORT_Assert (arena); + + do { + mark = PORT_ArenaMark (arena); + value = (CERTAuthKeyID*)PORT_ArenaZAlloc (arena, sizeof (*value)); + value->DERAuthCertIssuer = NULL; + if (value == NULL) + break; + rv = SEC_ASN1DecodeItem + (arena, value, CERTAuthKeyIDTemplate, encodedValue); + if (rv != SECSuccess) + break; + + value->authCertIssuer = cert_DecodeGeneralNames (arena, value->DERAuthCertIssuer); + if (value->authCertIssuer == NULL) + break; + + /* what if the general name contains other format but not URI ? + hl + */ + if ((value->authCertSerialNumber.data && !value->authCertIssuer) || + (!value->authCertSerialNumber.data && value->authCertIssuer)){ + PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID); + break; + } + } while (0); + + if (rv != SECSuccess) { + PORT_ArenaRelease (arena, mark); + return ((CERTAuthKeyID *)NULL); + } + PORT_ArenaUnmark(arena, mark); + return (value); +} |