summaryrefslogtreecommitdiff
path: root/security/nss/lib/pki1
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/pki1')
-rw-r--r--security/nss/lib/pki1/.cvsignore3
-rw-r--r--security/nss/lib/pki1/Makefile38
-rw-r--r--security/nss/lib/pki1/atav.c1803
-rw-r--r--security/nss/lib/pki1/config.mk37
-rw-r--r--security/nss/lib/pki1/genname.c94
-rw-r--r--security/nss/lib/pki1/gnseq.c71
-rw-r--r--security/nss/lib/pki1/manifest.mn63
-rw-r--r--security/nss/lib/pki1/name.c77
-rw-r--r--security/nss/lib/pki1/nsspki1.h2869
-rw-r--r--security/nss/lib/pki1/nsspki1t.h202
-rw-r--r--security/nss/lib/pki1/oid.c1615
-rwxr-xr-xsecurity/nss/lib/pki1/oidgen.perl311
-rw-r--r--security/nss/lib/pki1/oids.txt2115
-rw-r--r--security/nss/lib/pki1/pki1.h3032
-rw-r--r--security/nss/lib/pki1/pki1t.h104
-rw-r--r--security/nss/lib/pki1/rdn.c73
-rw-r--r--security/nss/lib/pki1/rdnseq.c71
17 files changed, 0 insertions, 12578 deletions
diff --git a/security/nss/lib/pki1/.cvsignore b/security/nss/lib/pki1/.cvsignore
deleted file mode 100644
index 12bfbfc7c..000000000
--- a/security/nss/lib/pki1/.cvsignore
+++ /dev/null
@@ -1,3 +0,0 @@
-oiddata.c
-oiddata.h
-
diff --git a/security/nss/lib/pki1/Makefile b/security/nss/lib/pki1/Makefile
deleted file mode 100644
index 03e1fb4c6..000000000
--- a/security/nss/lib/pki1/Makefile
+++ /dev/null
@@ -1,38 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-MAKEFILE_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-include manifest.mn
-include config.mk
-include $(CORE_DEPTH)/coreconf/config.mk
-include $(CORE_DEPTH)/coreconf/rules.mk
diff --git a/security/nss/lib/pki1/atav.c b/security/nss/lib/pki1/atav.c
deleted file mode 100644
index 299ddfc0d..000000000
--- a/security/nss/lib/pki1/atav.c
+++ /dev/null
@@ -1,1803 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * atav.c
- *
- * This file contains the implementation of the PKIX part-1 object
- * AttributeTypeAndValue.
- */
-
-#ifndef NSSBASE_H
-#include "nssbase.h"
-#endif /* NSSBASE_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-#ifndef PKI1_H
-#include "pki1.h"
-#endif /* PKI1_H */
-
-/*
- * AttributeTypeAndValue
- *
- * From draft-ietf-pkix-ipki-part1-10:
- *
- * AttributeTypeAndValue ::= SEQUENCE {
- * type ATTRIBUTE.&id ({SupportedAttributes}),
- * value ATTRIBUTE.&Type ({SupportedAttributes}{@type})}
- *
- * -- ATTRIBUTE information object class specification
- * -- Note: This has been greatly simplified for PKIX !!
- *
- * ATTRIBUTE ::= CLASS {
- * &Type,
- * &id OBJECT IDENTIFIER UNIQUE }
- * WITH SYNTAX {
- * WITH SYNTAX &Type ID &id }
- *
- * What this means is that the "type" of the value is determined by
- * the value of the oid. If we hide the structure, our accessors
- * can (at least in debug builds) assert value semantics beyond what
- * the compiler can provide. Since these things are only used in
- * RelativeDistinguishedNames, and since RDNs always contain a SET
- * of these things, we don't lose anything by hiding the structure
- * (and its size).
- */
-
-struct NSSATAVStr {
- NSSBER ber;
- const NSSOID *oid;
- NSSUTF8 *value;
- nssStringType stringForm;
-};
-
-/*
- * NSSATAV
- *
- * The public "methods" regarding this "object" are:
- *
- * NSSATAV_CreateFromBER -- constructor
- * NSSATAV_CreateFromUTF8 -- constructor
- * NSSATAV_Create -- constructor
- *
- * NSSATAV_Destroy
- * NSSATAV_GetDEREncoding
- * NSSATAV_GetUTF8Encoding
- * NSSATAV_GetType
- * NSSATAV_GetValue
- * NSSATAV_Compare
- * NSSATAV_Duplicate
- *
- * The non-public "methods" regarding this "object" are:
- *
- * nssATAV_CreateFromBER -- constructor
- * nssATAV_CreateFromUTF8 -- constructor
- * nssATAV_Create -- constructor
- *
- * nssATAV_Destroy
- * nssATAV_GetDEREncoding
- * nssATAV_GetUTF8Encoding
- * nssATAV_GetType
- * nssATAV_GetValue
- * nssATAV_Compare
- * nssATAV_Duplicate
- *
- * In debug builds, the following non-public call is also available:
- *
- * nssATAV_verifyPointer
- */
-
-/*
- * NSSATAV_CreateFromBER
- *
- * This routine creates an NSSATAV by decoding a BER- or DER-encoded
- * ATAV. If the optional arena argument is non-null, the memory used
- * will be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_IMPLEMENT NSSATAV *
-NSSATAV_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berATAV
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSATAV *)NULL;
- }
- }
-
- /*
- * NSSBERs can be created by the user,
- * so no pointer-tracking can be checked.
- */
-
- if( (NSSBER *)NULL == berATAV ) {
- nss_SetError(NSS_ERROR_INVALID_BER);
- return (NSSATAV *)NULL;
- }
-
- if( (void *)NULL == berATAV->data ) {
- nss_SetError(NSS_ERROR_INVALID_BER);
- return (NSSATAV *)NULL;
- }
-#endif /* DEBUG */
-
- return nssATAV_CreateFromBER(arenaOpt, berATAV);
-}
-
-/*
- * NSSATAV_CreateFromUTF8
- *
- * This routine creates an NSSATAV by decoding a UTF8 string in the
- * "equals" format, e.g., "c=US." If the optional arena argument is
- * non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_IMPLEMENT NSSATAV *
-NSSATAV_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *stringATAV
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSATAV *)NULL;
- }
- }
-
- /*
- * NSSUTF8s can be created by the user,
- * so no pointer-tracking can be checked.
- */
-
- if( (NSSUTF8 *)NULL == stringATAV ) {
- nss_SetError(NSS_ERROR_INVALID_UTF8);
- return (NSSATAV *)NULL;
- }
-#endif /* DEBUG */
-
- return nssATAV_CreateFromUTF8(arenaOpt, stringATAV);
-}
-
-/*
- * NSSATAV_Create
- *
- * This routine creates an NSSATAV from the specified NSSOID and the
- * specified data. If the optional arena argument is non-null, the
- * memory used will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap.If the specified data length is zero,
- * the data is assumed to be terminated by first zero byte; this allows
- * UTF8 strings to be easily specified. This routine may return NULL
- * upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_IMPLEMENT NSSATAV *
-NSSATAV_Create
-(
- NSSArena *arenaOpt,
- const NSSOID *oid,
- const void *data,
- PRUint32 length
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSATAV *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssOID_verifyPointer(oid) ) {
- return (NSSATAV *)NULL;
- }
-
- if( (const void *)NULL == data ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSATAV *)NULL;
- }
-#endif /* DEBUG */
-
- return nssATAV_Create(arenaOpt, oid, data, length);
-}
-
-/*
- * NSSATAV_Destroy
- *
- * This routine will destroy an ATAV object. It should eventually be
- * called on all ATAVs created without an arena. While it is not
- * necessary to call it on ATAVs created within an arena, it is not an
- * error to do so. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * create an error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_IMPLEMENT PRStatus
-NSSATAV_Destroy
-(
- NSSATAV *atav
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssATAV_Destroy(atav);
-}
-
-/*
- * NSSATAV_GetDEREncoding
- *
- * This routine will DER-encode an ATAV object. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return null upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSATAV
- */
-
-NSS_IMPLEMENT NSSDER *
-NSSATAV_GetDEREncoding
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return (NSSDER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSDER *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssATAV_GetDEREncoding(atav, arenaOpt);
-}
-
-/*
- * NSSATAV_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the ATAV in "equals" notation (e.g., "o=Acme").
- * If the optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return null upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string containing the "equals" encoding of the
- * ATAV
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-NSSATAV_GetUTF8Encoding
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssATAV_GetUTF8Encoding(atav, arenaOpt);
-}
-
-/*
- * NSSATAV_GetType
- *
- * This routine returns the NSSOID corresponding to the attribute type
- * in the specified ATAV. This routine may return NSS_OID_UNKNOWN
- * upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * NSS_OID_UNKNOWN upon error
- * An element of enum NSSOIDenum upon success
- */
-
-NSS_IMPLEMENT const NSSOID *
-NSSATAV_GetType
-(
- NSSATAV *atav
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return (NSSOID *)NULL;
- }
-#endif /* DEBUG */
-
- return nssATAV_GetType(atav);
-}
-
-/*
- * NSSATAV_GetValue
- *
- * This routine returns a string containing the attribute value
- * in the specified ATAV. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSItem containing the attribute value.
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-NSSATAV_GetValue
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssATAV_GetValue(atav, arenaOpt);
-}
-
-/*
- * NSSATAV_Compare
- *
- * This routine compares two ATAVs for equality. For two ATAVs to be
- * equal, the attribute types must be the same, and the attribute
- * values must have equal length and contents. The result of the
- * comparison will be stored at the location pointed to by the "equalp"
- * variable, which must point to a valid PRBool. This routine may
- * return PR_FAILURE upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE on error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_IMPLEMENT PRStatus
-NSSATAV_Compare
-(
- NSSATAV *atav1,
- NSSATAV *atav2,
- PRBool *equalp
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav1) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssATAV_verifyPointer(atav2) ) {
- return PR_FAILURE;
- }
-
- if( (PRBool *)NULL == equalp ) {
- nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return nssATAV_Compare(atav1, atav2, equalp);
-}
-
-/*
- * NSSATAV_Duplicate
- *
- * This routine duplicates the specified ATAV. If the optional arena
- * argument is non-null, the memory required will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL on error
- * A pointer to a new ATAV
- */
-
-NSS_IMPLEMENT NSSATAV *
-NSSATAV_Duplicate
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return (NSSATAV *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSATAV *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssATAV_Duplicate(atav, arenaOpt);
-}
-
-/*
- * The pointer-tracking code
- */
-
-#ifdef DEBUG
-extern const NSSError NSS_ERROR_INTERNAL_ERROR;
-
-static nssPointerTracker atav_pointer_tracker;
-
-static PRStatus
-atav_add_pointer
-(
- const NSSATAV *atav
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&atav_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return rv;
- }
-
- rv = nssPointerTracker_add(&atav_pointer_tracker, atav);
- if( PR_SUCCESS != rv ) {
- NSSError e = NSS_GetError();
- if( NSS_ERROR_NO_MEMORY != e ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
- }
-
- return PR_SUCCESS;
-}
-
-static PRStatus
-atav_remove_pointer
-(
- const NSSATAV *atav
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_remove(&atav_pointer_tracker, atav);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
-}
-
-/*
- * nssATAV_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSATAV object,
- * this routine will return PR_SUCCESS. Otherwise, it will put an
- * error on the error stack and return PR_FAILRUE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_IMPLEMENT PRStatus
-nssATAV_verifyPointer
-(
- NSSATAV *atav
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&atav_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return PR_FAILURE;
- }
-
- rv = nssPointerTracker_verify(&atav_pointer_tracker, atav);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_ATAV);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-#endif /* DEBUG */
-
-typedef struct {
- NSSBER oid;
- NSSBER value;
-} atav_holder;
-
-static const nssASN1Template nss_atav_template[] = {
- { nssASN1_SEQUENCE, 0, NULL, sizeof(atav_holder) },
- { nssASN1_OBJECT_ID, nsslibc_offsetof(atav_holder, oid), NULL, 0 },
- { nssASN1_ANY, nsslibc_offsetof(atav_holder, value), NULL, 0 },
- { 0, 0, NULL, 0 }
-};
-
-/*
- * There are several common attributes, with well-known type aliases
- * and value semantics. This table lists the ones we recognize.
- */
-
-struct nss_attribute_data_str {
- const NSSOID **oid;
- nssStringType stringType;
- PRUint32 minStringLength;
- PRUint32 maxStringLength; /* zero for no limit */
-};
-
-static const struct nss_attribute_data_str nss_attribute_data[] = {
- { &NSS_OID_X520_NAME,
- nssStringType_DirectoryString, 1, 32768 },
- { &NSS_OID_X520_COMMON_NAME,
- nssStringType_DirectoryString, 1, 64 },
- { &NSS_OID_X520_SURNAME,
- nssStringType_DirectoryString, 1, 40 },
- { &NSS_OID_X520_GIVEN_NAME,
- nssStringType_DirectoryString, 1, 16 },
- { &NSS_OID_X520_INITIALS,
- nssStringType_DirectoryString, 1, 5 },
- { &NSS_OID_X520_GENERATION_QUALIFIER,
- nssStringType_DirectoryString, 1, 3 },
- { &NSS_OID_X520_DN_QUALIFIER,
- nssStringType_PrintableString, 1, 0 },
- { &NSS_OID_X520_COUNTRY_NAME,
- nssStringType_PrintableString, 2, 2 },
- { &NSS_OID_X520_LOCALITY_NAME,
- nssStringType_DirectoryString, 1, 128 },
- { &NSS_OID_X520_STATE_OR_PROVINCE_NAME,
- nssStringType_DirectoryString, 1, 128 },
- { &NSS_OID_X520_ORGANIZATION_NAME,
- nssStringType_DirectoryString, 1, 64 },
- { &NSS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
- nssStringType_DirectoryString, 1,
- /*
- * Note, draft #11 defines both "32" and "64" for this maximum,
- * in two separate places. Until it's settled, "conservative
- * in what you send." We're always liberal in what we accept.
- */
- 32 },
- { &NSS_OID_X520_TITLE,
- nssStringType_DirectoryString, 1, 64 },
- { &NSS_OID_RFC1274_EMAIL,
- nssStringType_PHGString, 1, 128 }
-};
-
-PRUint32 nss_attribute_data_quantity =
- (sizeof(nss_attribute_data)/sizeof(nss_attribute_data[0]));
-
-static nssStringType
-nss_attr_underlying_string_form
-(
- nssStringType type,
- void *data
-)
-{
- if( nssStringType_DirectoryString == type ) {
- PRUint8 tag = *(PRUint8 *)data;
- switch( tag & nssASN1_TAGNUM_MASK ) {
- case 20:
- /*
- * XXX fgmr-- we have to accept Latin-1 for Teletex; (see
- * below) but is T61 a suitable value for "Latin-1"?
- */
- return nssStringType_TeletexString;
- case 19:
- return nssStringType_PrintableString;
- case 28:
- return nssStringType_UniversalString;
- case 30:
- return nssStringType_BMPString;
- case 12:
- return nssStringType_UTF8String;
- default:
- return nssStringType_Unknown;
- }
- }
-
- return type;
-}
-
-
-/*
- * This routine decodes the attribute value, in a type-specific way.
- *
- */
-
-static NSSUTF8 *
-nss_attr_to_utf8
-(
- NSSArena *arenaOpt,
- const NSSOID *oid,
- NSSItem *item,
- nssStringType *stringForm
-)
-{
- NSSUTF8 *rv = (NSSUTF8 *)NULL;
- PRUint32 i;
- const struct nss_attribute_data_str *which =
- (struct nss_attribute_data_str *)NULL;
- PRUint32 len = 0;
-
- for( i = 0; i < nss_attribute_data_quantity; i++ ) {
- if( *(nss_attribute_data[ i ].oid) == oid ) {
- which = &nss_attribute_data[i];
- break;
- }
- }
-
- if( (struct nss_attribute_data_str *)NULL == which ) {
- /* Unknown OID. Encode it as hex. */
- PRUint8 *c;
- PRUint8 *d = (PRUint8 *)item->data;
- PRUint32 amt = item->size;
-
- if( item->size >= 0x7FFFFFFF ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSUTF8 *)NULL;
- }
-
- len = 1 + (item->size * 2) + 1; /* '#' + hex + '\0' */
- rv = (NSSUTF8 *)nss_ZAlloc(arenaOpt, len);
- if( (NSSUTF8 *)NULL == rv ) {
- return (NSSUTF8 *)NULL;
- }
-
- c = (PRUint8 *)rv;
- *c++ = '#'; /* XXX fgmr check this */
- while( amt > 0 ) {
- static char hex[16] = "0123456789ABCDEF";
- *c++ = hex[ ((*d) & 0xf0) >> 4 ];
- *c++ = hex[ ((*d) & 0x0f) ];
- }
-
- /* *c = '\0'; nss_ZAlloc, remember */
-
- *stringForm = nssStringType_Unknown; /* force exact comparison */
- } else {
- rv = nssUTF8_CreateFromBER(arenaOpt, which->stringType,
- (NSSBER *)item);
-
- if( (NSSUTF8 *)NULL == rv ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( PR_SUCCESS != nssUTF8_Length(rv, &len) ) {
- nss_ZFreeIf(rv);
- return (NSSUTF8 *)NULL;
- }
-
- *stringForm = nss_attr_underlying_string_form(which->stringType,
- item->data);
- }
-
- return rv;
-}
-
-/*
- * nssATAV_CreateFromBER
- *
- * This routine creates an NSSATAV by decoding a BER- or DER-encoded
- * ATAV. If the optional arena argument is non-null, the memory used
- * will be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_IMPLEMENT NSSATAV *
-nssATAV_CreateFromBER
-(
- NSSArena *arenaOpt,
- const NSSBER *berATAV
-)
-{
- atav_holder holder;
- PRStatus status;
- NSSATAV *rv;
-
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSATAV *)NULL;
- }
- }
-
- /*
- * NSSBERs can be created by the user,
- * so no pointer-tracking can be checked.
- */
-
- if( (NSSBER *)NULL == berATAV ) {
- nss_SetError(NSS_ERROR_INVALID_BER);
- return (NSSATAV *)NULL;
- }
-
- if( (void *)NULL == berATAV->data ) {
- nss_SetError(NSS_ERROR_INVALID_BER);
- return (NSSATAV *)NULL;
- }
-#endif /* NSSDEBUG */
-
- status = nssASN1_DecodeBER(arenaOpt, &holder,
- nss_atav_template, berATAV);
- if( PR_SUCCESS != status ) {
- return (NSSATAV *)NULL;
- }
-
- rv = nss_ZNEW(arenaOpt, NSSATAV);
- if( (NSSATAV *)NULL == rv ) {
- nss_ZFreeIf(holder.oid.data);
- nss_ZFreeIf(holder.value.data);
- return (NSSATAV *)NULL;
- }
-
- rv->oid = nssOID_CreateFromBER(&holder.oid);
- if( (NSSOID *)NULL == rv->oid ) {
- nss_ZFreeIf(rv);
- nss_ZFreeIf(holder.oid.data);
- nss_ZFreeIf(holder.value.data);
- return (NSSATAV *)NULL;
- }
-
- nss_ZFreeIf(holder.oid.data);
-
- rv->ber.data = nss_ZAlloc(arenaOpt, berATAV->size);
- if( (void *)NULL == rv->ber.data ) {
- nss_ZFreeIf(rv);
- nss_ZFreeIf(holder.value.data);
- return (NSSATAV *)NULL;
- }
-
- rv->ber.size = berATAV->size;
- (void)nsslibc_memcpy(rv->ber.data, berATAV->data, berATAV->size);
-
- rv->value = nss_attr_to_utf8(arenaOpt, rv->oid, &holder.value,
- &rv->stringForm);
- if( (NSSUTF8 *)NULL == rv->value ) {
- nss_ZFreeIf(rv->ber.data);
- nss_ZFreeIf(rv);
- nss_ZFreeIf(holder.value.data);
- return (NSSATAV *)NULL;
- }
-
- nss_ZFreeIf(holder.value.data);
-
-#ifdef DEBUG
- if( PR_SUCCESS != atav_add_pointer(rv) ) {
- nss_ZFreeIf(rv->ber.data);
- nss_ZFreeIf(rv->value);
- nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-#endif /* DEBUG */
-
- return rv;
-}
-
-static PRBool
-nss_atav_utf8_string_is_hex
-(
- const NSSUTF8 *s
-)
-{
- /* All hex digits are ASCII, so this works */
- PRUint8 *p = (PRUint8 *)s;
-
- for( ; (PRUint8)0 != *p; p++ ) {
- if( (('0' <= *p) && (*p <= '9')) ||
- (('A' <= *p) && (*p <= 'F')) ||
- (('a' <= *p) && (*p <= 'f')) ) {
- continue;
- } else {
- return PR_FALSE;
- }
- }
-
- return PR_TRUE;
-}
-
-static PRUint8
-nss_atav_fromhex
-(
- PRUint8 *d
-)
-{
- PRUint8 rv;
-
- if( d[0] <= '9' ) {
- rv = (d[0] - '0') * 16;
- } else if( d[0] >= 'a' ) {
- rv = (d[0] - 'a' + 10) * 16;
- } else {
- rv = (d[0] - 'A' + 10);
- }
-
- if( d[1] <= '9' ) {
- rv += (d[1] - '0');
- } else if( d[1] >= 'a' ) {
- rv += (d[1] - 'a' + 10);
- } else {
- rv += (d[1] - 'A' + 10);
- }
-
- return rv;
-}
-
-/*
- * nssATAV_CreateFromUTF8
- *
- * This routine creates an NSSATAV by decoding a UTF8 string in the
- * "equals" format, e.g., "c=US." If the optional arena argument is
- * non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have set an error
- * on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-extern const NSSError NSS_ERROR_INTERNAL_ERROR;
-
-NSS_IMPLEMENT NSSATAV *
-nssATAV_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- const NSSUTF8 *stringATAV
-)
-{
- char *c;
- NSSUTF8 *type;
- NSSUTF8 *value;
- PRUint32 i;
- const NSSOID *oid = (NSSOID *)NULL;
- NSSATAV *rv;
- NSSItem xitem;
-
- xitem.data = (void *)NULL;
-
- for( c = (char *)stringATAV; '\0' != *c; c++ ) {
- if( '=' == *c ) {
-#ifdef PEDANTIC
- /*
- * Theoretically, one could have an '=' in an
- * attribute string alias. We don't, yet, though.
- */
- if( (char *)stringATAV == c ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSATAV *)NULL;
- } else {
- if( '\\' == c[-1] ) {
- continue;
- }
- }
-#endif /* PEDANTIC */
- break;
- }
- }
-
- if( '\0' == *c ) {
- nss_SetError(NSS_ERROR_INVALID_UTF8);
- return (NSSATAV *)NULL;
- } else {
- c++;
- value = (NSSUTF8 *)c;
- }
-
- i = ((NSSUTF8 *)c - stringATAV);
- type = (NSSUTF8 *)nss_ZAlloc((NSSArena *)NULL, i);
- if( (NSSUTF8 *)NULL == type ) {
- return (NSSATAV *)NULL;
- }
-
- (void)nsslibc_memcpy(type, stringATAV, i-1);
-
- c = (char *)stringATAV;
- if( (('0' <= *c) && (*c <= '9')) || ('#' == *c) ) {
- oid = nssOID_CreateFromUTF8(type);
- if( (NSSOID *)NULL == oid ) {
- nss_ZFreeIf(type);
- return (NSSATAV *)NULL;
- }
- } else {
- for( i = 0; i < nss_attribute_type_alias_count; i++ ) {
- const nssAttributeTypeAliasTable *e = &nss_attribute_type_aliases[i];
- PRBool match = PR_FALSE;
- if( PR_SUCCESS != nssUTF8_CaseIgnoreMatch(type, e->alias,
- &match) ) {
- nss_ZFreeIf(type);
- return (NSSATAV *)NULL;
- }
- if( PR_TRUE == match ) {
- oid = *(e->oid);
- break;
- }
- }
-
- if( (NSSOID *)NULL == oid ) {
- nss_ZFreeIf(type);
- nss_SetError(NSS_ERROR_UNKNOWN_ATTRIBUTE);
- return (NSSATAV *)NULL;
- }
- }
-
- nss_ZFreeIf(type);
- type = (NSSUTF8 *)NULL;
-
- rv = nss_ZNEW(arenaOpt, NSSATAV);
- if( (NSSATAV *)NULL == rv ) {
- return (NSSATAV *)NULL;
- }
-
- rv->oid = oid;
-
- if( '#' == *value ) { /* XXX fgmr.. was it '#'? or backslash? */
- PRUint32 size;
- PRUint32 len;
- PRUint8 *c;
- PRUint8 *d;
- /* It's in hex */
-
- value++;
- if( PR_TRUE != nss_atav_utf8_string_is_hex(value) ) {
- (void)nss_ZFreeIf(rv);
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSATAV *)NULL;
- }
-
- if( PR_SUCCESS != nssUTF8_Size(value, &size) ) {
- /*
- * Only returns an error on bad pointer (nope) or string
- * too long. The defined limits for known attributes are
- * small enough to fit in PRUint32, and when undefined we
- * get to apply our own practical limits. Ergo, I say the
- * string is invalid.
- */
- (void)nss_ZFreeIf(rv);
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSATAV *)NULL;
- }
-
- if( ((size-1) & 1) ) {
- /* odd length */
- (void)nss_ZFreeIf(rv);
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSATAV *)NULL;
- }
-
- len = (size-1)/2;
-
- rv->value = (NSSUTF8 *)nss_ZAlloc(arenaOpt, len+1);
- if( (NSSUTF8 *)NULL == rv->value ) {
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- xitem.size = len;
- xitem.data = (void *)rv->value;
-
- for( c = rv->value, d = value; len--; c++, d += 2 ) {
- *c = nss_atav_fromhex(d);
- }
-
- *c = 0;
- } else {
- PRUint32 i, len;
- PRUint8 *s;
-
- /*
- * XXX fgmr-- okay, this is a little wasteful, and should
- * probably be abstracted out a bit. Later.
- */
-
- rv->value = nssUTF8_Duplicate(value, arenaOpt);
- if( (NSSUTF8 *)NULL == rv->value ) {
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- if( PR_SUCCESS != nssUTF8_Size(rv->value, &len) ) {
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- s = (PRUint8 *)rv->value;
- for( i = 0; i < len; i++ ) {
- if( '\\' == s[i] ) {
- (void)nsslibc_memcpy(&s[i], &s[i+1], len-i-1);
- }
- }
- }
-
- /* Now just BER-encode the baby and we're through.. */
- {
- const struct nss_attribute_data_str *which =
- (struct nss_attribute_data_str *)NULL;
- PRUint32 i;
- NSSArena *a;
- NSSDER *oidder;
- NSSItem *vitem;
- atav_holder ah;
- NSSDER *status;
-
- for( i = 0; i < nss_attribute_data_quantity; i++ ) {
- if( *(nss_attribute_data[ i ].oid) == rv->oid ) {
- which = &nss_attribute_data[i];
- break;
- }
- }
-
- a = NSSArena_Create();
- if( (NSSArena *)NULL == a ) {
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- oidder = nssOID_GetDEREncoding(rv->oid, a);
- if( (NSSDER *)NULL == oidder ) {
- (void)NSSArena_Destroy(a);
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- if( (struct nss_attribute_data_str *)NULL == which ) {
- /*
- * We'll just have to take the user data as an octet stream.
- */
- if( (void *)NULL == xitem.data ) {
- /*
- * This means that an ATTR entry has been added to oids.txt,
- * but no corresponding entry has been added to the array
- * ns_attribute_data[] above.
- */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- (void)NSSArena_Destroy(a);
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- vitem = nssASN1_EncodeDER(a, (NSSDER *)NULL, &xitem,
- nssASN1Template_OctetString);
- if( (NSSItem *)NULL == vitem ) {
- (void)NSSArena_Destroy(a);
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- rv->stringForm = nssStringType_Unknown;
- } else {
- PRUint32 length = 0;
-
- if( PR_SUCCESS != nssUTF8_Length(rv->value, &length) ) {
- (void)NSSArena_Destroy(a);
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- if( ((0 != which->minStringLength) &&
- (length < which->minStringLength)) ||
- ((0 != which->maxStringLength) &&
- (length > which->maxStringLength)) ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- (void)NSSArena_Destroy(a);
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- vitem = nssUTF8_GetDEREncoding(a, which->stringType, rv->value);
- if( (NSSItem *)NULL == vitem ) {
- (void)NSSArena_Destroy(a);
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- if( nssStringType_DirectoryString == which->stringType ) {
- rv->stringForm = nssStringType_UTF8String;
- } else {
- rv->stringForm = which->stringType;
- }
- }
-
- ah.oid = *oidder;
- ah.value = *vitem;
-
- status = nssASN1_EncodeDER(arenaOpt, &rv->ber, &ah,
- nss_atav_template);
-
- if( (NSSDER *)NULL == status ) {
- (void)NSSArena_Destroy(a);
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- (void)NSSArena_Destroy(a);
- }
-
- return rv;
-}
-
-/*
- * nssATAV_Create
- *
- * This routine creates an NSSATAV from the specified NSSOID and the
- * specified data. If the optional arena argument is non-null, the
- * memory used will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap.If the specified data length is zero,
- * the data is assumed to be terminated by first zero byte; this allows
- * UTF8 strings to be easily specified. This routine may return NULL
- * upon error, in which case it will have set an error on the error
- * stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_IMPLEMENT NSSATAV *
-nssATAV_Create
-(
- NSSArena *arenaOpt,
- const NSSOID *oid,
- const void *data,
- PRUint32 length
-)
-{
-#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSATAV *)NULL;
- }
- }
-
- if( PR_SUCCESS != nssOID_verifyPointer(oid) ) {
- return (NSSATAV *)NULL;
- }
-
- if( (const void *)NULL == data ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSATAV *)NULL;
- }
-#endif /* NSSDEBUG */
-
- /* XXX fgmr-- oops, forgot this one */
- return (NSSATAV *)NULL;
-}
-
-/*
- * nssATAV_Destroy
- *
- * This routine will destroy an ATAV object. It should eventually be
- * called on all ATAVs created without an arena. While it is not
- * necessary to call it on ATAVs created within an arena, it is not an
- * error to do so. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * set an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_IMPLEMENT PRStatus
-nssATAV_Destroy
-(
- NSSATAV *atav
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return PR_FAILURE;
- }
-#endif /* NSSDEBUG */
-
- (void)nss_ZFreeIf(atav->ber.data);
- (void)nss_ZFreeIf(atav->value);
-
-#ifdef DEBUG
- if( PR_SUCCESS != atav_remove_pointer(atav) ) {
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- return PR_SUCCESS;
-}
-
-/*
- * nssATAV_GetDEREncoding
- *
- * This routine will DER-encode an ATAV object. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return null upon error, in which case it will have set
- * an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSATAV
- */
-
-NSS_IMPLEMENT NSSDER *
-nssATAV_GetDEREncoding
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-)
-{
- NSSDER *rv;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return (NSSDER *)NULL;
- }
-#endif /* NSSDEBUG */
-
- rv = nss_ZNEW(arenaOpt, NSSDER);
- if( (NSSDER *)NULL == rv ) {
- return (NSSDER *)NULL;
- }
-
- rv->data = nss_ZAlloc(arenaOpt, atav->ber.size);
- if( (void *)NULL == rv->data ) {
- (void)nss_ZFreeIf(rv);
- return (NSSDER *)NULL;
- }
-
- rv->size = atav->ber.size;
- if( PR_SUCCESS != nsslibc_memcpy(rv->data, atav->ber.data,
- rv->size) ) {
- (void)nss_ZFreeIf(rv->data);
- (void)nss_ZFreeIf(rv);
- return (NSSDER *)NULL;
- }
-
- return rv;
-}
-
-/*
- * nssATAV_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the ATAV in "equals" notation (e.g., "o=Acme").
- * If the optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return null upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string containing the "equals" encoding of the
- * ATAV
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-nssATAV_GetUTF8Encoding
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-)
-{
- NSSUTF8 *rv;
- PRUint32 i;
- const NSSUTF8 *alias = (NSSUTF8 *)NULL;
- NSSUTF8 *oid;
- NSSUTF8 *value;
- PRUint32 oidlen;
- PRUint32 valuelen;
- PRUint32 totallen;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return (NSSUTF8 *)NULL;
- }
-#endif /* NSSDEBUG */
-
- for( i = 0; i < nss_attribute_type_alias_count; i++ ) {
- if( *(nss_attribute_type_aliases[i].oid) == atav->oid ) {
- alias = nss_attribute_type_aliases[i].alias;
- break;
- }
- }
-
- if( (NSSUTF8 *)NULL == alias ) {
- oid = nssOID_GetUTF8Encoding(atav->oid, (NSSArena *)NULL);
- if( (NSSUTF8 *)NULL == oid ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( PR_SUCCESS != nssUTF8_Size(oid, &oidlen) ) {
- (void)nss_ZFreeIf(oid);
- return (NSSUTF8 *)NULL;
- }
- } else {
- if( PR_SUCCESS != nssUTF8_Size(alias, &oidlen) ) {
- return (NSSUTF8 *)NULL;
- }
- oid = (NSSUTF8 *)NULL;
- }
-
- value = nssATAV_GetValue(atav, (NSSArena *)NULL);
- if( (NSSUTF8 *)NULL == value ) {
- (void)nss_ZFreeIf(oid);
- return (NSSUTF8 *)NULL;
- }
-
- if( PR_SUCCESS != nssUTF8_Size(value, &valuelen) ) {
- (void)nss_ZFreeIf(value);
- (void)nss_ZFreeIf(oid);
- return (NSSUTF8 *)NULL;
- }
-
- totallen = oidlen + valuelen - 1 + 1;
- rv = (NSSUTF8 *)nss_ZAlloc(arenaOpt, totallen);
- if( (NSSUTF8 *)NULL == rv ) {
- (void)nss_ZFreeIf(value);
- (void)nss_ZFreeIf(oid);
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSUTF8 *)NULL == alias ) {
- if( (void *)NULL == nsslibc_memcpy(rv, oid, oidlen-1) ) {
- (void)nss_ZFreeIf(rv);
- (void)nss_ZFreeIf(value);
- (void)nss_ZFreeIf(oid);
- return (NSSUTF8 *)NULL;
- }
- } else {
- if( (void *)NULL == nsslibc_memcpy(rv, alias, oidlen-1) ) {
- (void)nss_ZFreeIf(rv);
- (void)nss_ZFreeIf(value);
- return (NSSUTF8 *)NULL;
- }
- }
-
- rv[ oidlen-1 ] = '=';
-
- if( (void *)NULL == nsslibc_memcpy(&rv[oidlen], value, valuelen) ) {
- (void)nss_ZFreeIf(rv);
- (void)nss_ZFreeIf(value);
- (void)nss_ZFreeIf(oid);
- return (NSSUTF8 *)NULL;
- }
-
- return rv;
-}
-
-/*
- * nssATAV_GetType
- *
- * This routine returns the NSSOID corresponding to the attribute type
- * in the specified ATAV. This routine may return NSS_OID_UNKNOWN
- * upon error, in which case it will have set an error on the error
- * stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * NSS_OID_UNKNOWN upon error
- * A valid NSSOID pointer upon success
- */
-
-NSS_IMPLEMENT const NSSOID *
-nssATAV_GetType
-(
- NSSATAV *atav
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return (NSSOID *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return atav->oid;
-}
-
-/*
- * nssATAV_GetValue
- *
- * This routine returns a NSSUTF8 string containing the attribute value
- * in the specified ATAV. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have set an error upon the
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSItem containing the attribute value.
- */
-
-NSS_IMPLEMENT NSSUTF8 *
-nssATAV_GetValue
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-)
-{
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return (NSSUTF8 *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return nssUTF8_Duplicate(atav->value, arenaOpt);
-}
-
-/*
- * nssATAV_Compare
- *
- * This routine compares two ATAVs for equality. For two ATAVs to be
- * equal, the attribute types must be the same, and the attribute
- * values must have equal length and contents. The result of the
- * comparison will be stored at the location pointed to by the "equalp"
- * variable, which must point to a valid PRBool. This routine may
- * return PR_FAILURE upon error, in which case it will have set an
- * error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE on error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_IMPLEMENT PRStatus
-nssATAV_Compare
-(
- NSSATAV *atav1,
- NSSATAV *atav2,
- PRBool *equalp
-)
-{
- nssStringType comparison;
- PRUint32 len1;
- PRUint32 len2;
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav1) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssATAV_verifyPointer(atav2) ) {
- return PR_FAILURE;
- }
-
- if( (PRBool *)NULL == equalp ) {
- nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
- return PR_FAILURE;
- }
-#endif /* DEBUG */
-
- if( atav1->oid != atav2->oid ) {
- *equalp = PR_FALSE;
- return PR_SUCCESS;
- }
-
- if( atav1->stringForm != atav2->stringForm ) {
- if( (nssStringType_PrintableString == atav1->stringForm) ||
- (nssStringType_PrintableString == atav2->stringForm) ) {
- comparison = nssStringType_PrintableString;
- } else if( (nssStringType_PHGString == atav1->stringForm) ||
- (nssStringType_PHGString == atav2->stringForm) ) {
- comparison = nssStringType_PHGString;
- } else {
- comparison = atav1->stringForm;
- }
- } else {
- comparison = atav1->stringForm;
- }
-
- switch( comparison ) {
- case nssStringType_DirectoryString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- return PR_FAILURE;
- case nssStringType_TeletexString:
- break;
- case nssStringType_PrintableString:
- return nssUTF8_PrintableMatch(atav1->value, atav2->value,
- equalp);
- /* Case-insensitive, with whitespace reduction */
- break;
- case nssStringType_UniversalString:
- break;
- case nssStringType_BMPString:
- break;
- case nssStringType_UTF8String:
- break;
- case nssStringType_PHGString:
- /* Case-insensitive (XXX fgmr, actually see draft-11 pg. 21) */
- return nssUTF8_CaseIgnoreMatch(atav1->value, atav2->value,
- equalp);
- case nssStringType_Unknown:
- break;
- }
-
- if( PR_SUCCESS != nssUTF8_Size(atav1->value, &len1) ) {
- return PR_FAILURE;
- }
-
- if( PR_SUCCESS != nssUTF8_Size(atav2->value, &len2) ) {
- return PR_FAILURE;
- }
-
- if( len1 != len2 ) {
- *equalp = PR_FALSE;
- return PR_SUCCESS;
- }
-
- return nsslibc_compare(atav1->value, atav2->value, len1, equalp);
-}
-
-
-/*
- * nssATAV_Duplicate
- *
- * This routine duplicates the specified ATAV. If the optional arena
- * argument is non-null, the memory required will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * placed an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL on error
- * A pointer to a new ATAV
- */
-
-NSS_IMPLEMENT NSSATAV *
-nssATAV_Duplicate
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-)
-{
- NSSATAV *rv;
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssATAV_verifyPointer(atav) ) {
- return (NSSATAV *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSATAV *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- rv = nss_ZNEW(arenaOpt, NSSATAV);
- if( (NSSATAV *)NULL == rv ) {
- return (NSSATAV *)NULL;
- }
-
- rv->oid = atav->oid;
- rv->stringForm = atav->stringForm;
- rv->value = nssUTF8_Duplicate(atav->value, arenaOpt);
- if( (NSSUTF8 *)NULL == rv->value ) {
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- rv->ber.data = nss_ZAlloc(arenaOpt, atav->ber.size);
- if( (void *)NULL == rv->ber.data ) {
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- rv->ber.size = atav->ber.size;
- if( PR_SUCCESS != nsslibc_memcpy(rv->ber.data, atav->ber.data,
- atav->ber.size) ) {
- (void)nss_ZFreeIf(rv->ber.data);
- (void)nss_ZFreeIf(rv->value);
- (void)nss_ZFreeIf(rv);
- return (NSSATAV *)NULL;
- }
-
- return rv;
-}
diff --git a/security/nss/lib/pki1/config.mk b/security/nss/lib/pki1/config.mk
deleted file mode 100644
index 80b3135f4..000000000
--- a/security/nss/lib/pki1/config.mk
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CONFIG_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-ifdef BUILD_IDG
-DEFINES += -DNSSDEBUG
-endif
diff --git a/security/nss/lib/pki1/genname.c b/security/nss/lib/pki1/genname.c
deleted file mode 100644
index e7b12806a..000000000
--- a/security/nss/lib/pki1/genname.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * genname.c
- *
- * This file contains the implementation of the PKIX part-1 object
- * GeneralName.
- */
-
-#ifndef NSSBASE_H
-#include "nssbase.h"
-#endif /* NSSBASE_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-#ifndef PKI1_H
-#include "pki1.h"
-#endif /* PKI1_H */
-
-/*
- * GeneralName
- *
- * From draft-ietf-pkix-ipki-part1-10:
- *
- * GeneralName ::= CHOICE {
- * otherName [0] INSTANCE OF OTHER-NAME,
- * rfc822Name [1] IA5String,
- * dNSName [2] IA5String,
- * x400Address [3] ORAddress,
- * directoryName [4] Name,
- * ediPartyName [5] EDIPartyName,
- * uniformResourceIdentifier [6] IA5String,
- * iPAddress [7] OCTET STRING,
- * registeredID [8] OBJECT IDENTIFIER }
- *
- * OTHER-NAME ::= TYPE-IDENTIFIER
- *
- * EDIPartyName ::= SEQUENCE {
- * nameAssigner [0] DirectoryString {ub-name} OPTIONAL,
- * partyName [1] DirectoryString {ub-name} }
- *
- */
-
-struct nssGeneralNameStr {
- NSSGeneralNameChoice choice;
- union {
- /* OTHER-NAME otherName */
- NSSUTF8 *rfc822Name;
- NSSUTF8 *dNSName;
- /* ORAddress x400Address */
- NSSName *directoryName;
- /* EDIPartyName ediPartyName */
- NSSUTF8 *uniformResourceIdentifier;
- NSSItem *iPAddress;
- NSSOID *registeredID;
- } u;
-};
diff --git a/security/nss/lib/pki1/gnseq.c b/security/nss/lib/pki1/gnseq.c
deleted file mode 100644
index e56ec93b9..000000000
--- a/security/nss/lib/pki1/gnseq.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * gnseq.c
- *
- * This file contains the implementation of the PKIX part-1 object
- * GeneralNames (note the ending 's').
- */
-
-#ifndef NSSBASE_H
-#include "nssbase.h"
-#endif /* NSSBASE_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-#ifndef PKI1_H
-#include "pki1.h"
-#endif /* PKI1_H */
-
-/*
- * GeneralNames (or, as we call it, GeneralNameSeq)
- *
- * From draft-ietf-pkix-ipki-part1-10:
- *
- * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
- *
- * A GeneralNames is simply an (ordered) sequence of General Names.
- * The seqSize variable is "helper" kept for simplicity.
- */
-
-struct nssGeneralNameSeqStr {
- PRUint32 seqSize;
- NSSGeneralName **generalNames;
-};
diff --git a/security/nss/lib/pki1/manifest.mn b/security/nss/lib/pki1/manifest.mn
deleted file mode 100644
index 8e032d974..000000000
--- a/security/nss/lib/pki1/manifest.mn
+++ /dev/null
@@ -1,63 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-MANIFEST_CVS_ID = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-CORE_DEPTH = ../../..
-
-PRIVATE_EXPORTS = \
- pki1.h \
- pki1t.h \
- $(NULL)
-
-EXPORTS = \
- oiddata.h \
- nsspki1.h \
- nsspki1t.h \
- $(NULL)
-
-MODULE = security
-
-CSRCS = \
- atav.c \
- genname.c \
- gnseq.c \
- name.c \
- oid.c \
- oiddata.c \
- rdn.c \
- rdnseq.c \
- $(NULL)
-
-REQUIRES = security nspr
-
-LIBRARY_NAME = pki1
diff --git a/security/nss/lib/pki1/name.c b/security/nss/lib/pki1/name.c
deleted file mode 100644
index 558e1142f..000000000
--- a/security/nss/lib/pki1/name.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * name.c
- *
- * This file contains the implementation of the PKIX part-1 object
- * Name.
- */
-
-#ifndef NSSBASE_H
-#include "nssbase.h"
-#endif /* NSSBASE_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-#ifndef PKI1_H
-#include "pki1.h"
-#endif /* PKI1_H */
-
-/*
- * Name
- *
- * From draft-ietf-pkix-ipki-part1-10:
- *
- * -- naming data types --
- *
- * Name ::= CHOICE { -- only one possibility for now --
- * rdnSequence RDNSequence }
- *
- * A name is basically a union of the possible names. At the moment,
- * there is only one type of name: an RDNSequence.
- */
-
-struct nssNameStr {
- PRUint32 tagPlaceHolder;
- union {
- NSSRDNSeq *rdnSequence;
- } n;
-};
-
diff --git a/security/nss/lib/pki1/nsspki1.h b/security/nss/lib/pki1/nsspki1.h
deleted file mode 100644
index 3498ab520..000000000
--- a/security/nss/lib/pki1/nsspki1.h
+++ /dev/null
@@ -1,2869 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef NSSPKI1_H
-#define NSSPKI1_H
-
-#ifdef DEBUG
-static const char NSSPKI1_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * nsspki1.h
- *
- * This file contains the prototypes of the public NSS routines
- * dealing with the PKIX part-1 definitions.
- */
-
-#ifndef NSSBASET_H
-#include "nssbaset.h"
-#endif /* NSSBASET_H */
-
-#ifndef NSSPKI1T_H
-#include "nsspki1t.h"
-#endif /* NSSPKI1T_H */
-
-#ifndef OIDDATA_H
-#include "oiddata.h"
-#endif /* OIDDATA_H */
-
-PR_BEGIN_EXTERN_C
-
-/*
- * NSSOID
- *
- * The public "methods" regarding this "object" are:
- *
- * NSSOID_CreateFromBER -- constructor
- * NSSOID_CreateFromUTF8 -- constructor
- * (there is no explicit destructor)
- *
- * NSSOID_GetDEREncoding
- * NSSOID_GetUTF8Encoding
- */
-
-extern const NSSOID *NSS_OID_UNKNOWN;
-
-/*
- * NSSOID_CreateFromBER
- *
- * This routine creates an NSSOID by decoding a BER- or DER-encoded
- * OID. It may return NSS_OID_UNKNOWN upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NSS_OID_UNKNOWN upon error
- * An NSSOID upon success
- */
-
-NSS_EXTERN NSSOID *
-NSSOID_CreateFromBER
-(
- NSSBER *berOid
-);
-
-extern const NSSError NSS_ERROR_INVALID_BER;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSOID_CreateFromUTF8
- *
- * This routine creates an NSSOID by decoding a UTF8 string
- * representation of an OID in dotted-number format. The string may
- * optionally begin with an octothorpe. It may return NSS_OID_UNKNOWN
- * upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NSS_OID_UNKNOWN upon error
- * An NSSOID upon success
- */
-
-NSS_EXTERN NSSOID *
-NSSOID_CreateFromUTF8
-(
- NSSUTF8 *stringOid
-);
-
-extern const NSSError NSS_ERROR_INVALID_STRING;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSOID_GetDEREncoding
- *
- * This routine returns the DER encoding of the specified NSSOID.
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return return null upon error, in
- * which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSOID
- */
-
-NSS_EXTERN NSSDER *
-NSSOID_GetDEREncoding
-(
- const NSSOID *oid,
- NSSDER *rvOpt,
- NSSArena *arenaOpt
-);
-
-extern const NSSError NSS_ERROR_INVALID_NSSOID;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSOID_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing the dotted-number
- * encoding of the specified NSSOID. If the optional arena argument
- * is non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return null upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string containing the dotted-digit encoding of
- * this NSSOID
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSOID_GetUTF8Encoding
-(
- const NSSOID *oid,
- NSSArena *arenaOpt
-);
-
-extern const NSSError NSS_ERROR_INVALID_NSSOID;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSATAV
- *
- * The public "methods" regarding this "object" are:
- *
- * NSSATAV_CreateFromBER -- constructor
- * NSSATAV_CreateFromUTF8 -- constructor
- * NSSATAV_Create -- constructor
- *
- * NSSATAV_Destroy
- * NSSATAV_GetDEREncoding
- * NSSATAV_GetUTF8Encoding
- * NSSATAV_GetType
- * NSSATAV_GetValue
- * NSSATAV_Compare
- * NSSATAV_Duplicate
- */
-
-/*
- * NSSATAV_CreateFromBER
- *
- * This routine creates an NSSATAV by decoding a BER- or DER-encoded
- * ATAV. If the optional arena argument is non-null, the memory used
- * will be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_EXTERN NSSATAV *
-NSSATAV_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *derATAV
-);
-
-extern const NSSError NSS_ERROR_INVALID_BER;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSATAV_CreateFromUTF8
- *
- * This routine creates an NSSATAV by decoding a UTF8 string in the
- * "equals" format, e.g., "c=US." If the optional arena argument is
- * non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_EXTERN NSSATAV *
-NSSATAV_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *stringATAV
-);
-
-extern const NSSError NSS_ERROR_UNKNOWN_ATTRIBUTE;
-extern const NSSError NSS_ERROR_INVALID_STRING;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSATAV_Create
- *
- * This routine creates an NSSATAV from the specified NSSOID and the
- * specified data. If the optional arena argument is non-null, the
- * memory used will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap.If the specified data length is zero,
- * the data is assumed to be terminated by first zero byte; this allows
- * UTF8 strings to be easily specified. This routine may return NULL
- * upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_EXTERN NSSATAV *
-NSSATAV_Create
-(
- NSSArena *arenaOpt,
- const NSSOID *oid,
- const void *data,
- PRUint32 length
-);
-
-extern const NSSError NSS_ERROR_INVALID_ARENA;
-extern const NSSError NSS_ERROR_INVALID_NSSOID;
-extern const NSSError NSS_ERROR_INVALID_POINTER;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSATAV_Destroy
- *
- * This routine will destroy an ATAV object. It should eventually be
- * called on all ATAVs created without an arena. While it is not
- * necessary to call it on ATAVs created within an arena, it is not an
- * error to do so. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * create an error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-NSSATAV_Destroy
-(
- NSSATAV *atav
-);
-
-extern const NSSError NSS_ERROR_INVALID_ATAV;
-
-/*
- * NSSATAV_GetDEREncoding
- *
- * This routine will DER-encode an ATAV object. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return null upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSATAV
- */
-
-NSS_EXTERN NSSDER *
-NSSATAV_GetDEREncoding
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-);
-
-extern const NSSError NSS_ERROR_INVALID_ATAV;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSATAV_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the ATAV in "equals" notation (e.g., "o=Acme").
- * If the optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return null upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string containing the "equals" encoding of the
- * ATAV
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSATAV_GetUTF8Encoding
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-);
-
-extern const NSSError NSS_ERROR_INVALID_ATAV;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSATAV_GetType
- *
- * This routine returns the NSSOID corresponding to the attribute type
- * in the specified ATAV. This routine may return NSS_OID_UNKNOWN
- * upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * NSS_OID_UNKNOWN upon error
- * An element of enum NSSOIDenum upon success
- */
-
-NSS_EXTERN const NSSOID *
-NSSATAV_GetType
-(
- NSSATAV *atav
-);
-
-extern const NSSError NSS_ERROR_INVALID_ATAV;
-
-/*
- * NSSATAV_GetValue
- *
- * This routine returns an NSSItem containing the attribute value
- * in the specified ATAV. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSItem containing the attribute value.
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSATAV_GetValue
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-);
-
-extern const NSSError NSS_ERROR_INVALID_ATAV;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSATAV_Compare
- *
- * This routine compares two ATAVs for equality. For two ATAVs to be
- * equal, the attribute types must be the same, and the attribute
- * values must have equal length and contents. The result of the
- * comparison will be stored at the location pointed to by the "equalp"
- * variable, which must point to a valid PRBool. This routine may
- * return PR_FAILURE upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE on error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-NSSATAV_Compare
-(
- NSSATAV *atav1,
- NSSATAV *atav2,
- PRBool *equalp
-);
-
-extern const NSSError NSS_ERROR_INVALID_ATAV;
-extern const NSSError NSS_ERROR_INVALID_ARGUMENT;
-
-/*
- * NSSATAV_Duplicate
- *
- * This routine duplicates the specified ATAV. If the optional arena
- * argument is non-null, the memory required will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL on error
- * A pointer to a new ATAV
- */
-
-NSS_EXTERN NSSATAV *
-NSSATAV_Duplicate
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-);
-
-extern const NSSError NSS_ERROR_INVALID_ATAV;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * NSSRDN
- *
- * The public "methods" regarding this "object" are:
- *
- * NSSRDN_CreateFromBER -- constructor
- * NSSRDN_CreateFromUTF8 -- constructor
- * NSSRDN_Create -- constructor
- * NSSRDN_CreateSimple -- constructor
- *
- * NSSRDN_Destroy
- * NSSRDN_GetDEREncoding
- * NSSRDN_GetUTF8Encoding
- * NSSRDN_AddATAV
- * NSSRDN_GetATAVCount
- * NSSRDN_GetATAV
- * NSSRDN_GetSimpleATAV
- * NSSRDN_Compare
- * NSSRDN_Duplicate
- */
-
-/*
- * NSSRDN_CreateFromBER
- *
- * This routine creates an NSSRDN by decoding a BER- or DER-encoded
- * RDN. If the optional arena argument is non-null, the memory used
- * will be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDN upon success
- */
-
-NSS_EXTERN NSSRDN *
-NSSRDN_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berRDN
-);
-
-/*
- * NSSRDN_CreateFromUTF8
- *
- * This routine creates an NSSRDN by decoding an UTF8 string
- * consisting of either a single ATAV in the "equals" format, e.g.,
- * "uid=smith," or one or more such ATAVs in parentheses, e.g.,
- * "(sn=Smith,ou=Sales)." If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDN upon success
- */
-
-NSS_EXTERN NSSRDN *
-NSSRDN_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *stringRDN
-);
-
-/*
- * NSSRDN_Create
- *
- * This routine creates an NSSRDN from one or more NSSATAVs. The
- * final argument to this routine must be NULL. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDN upon success
- */
-
-NSS_EXTERN NSSRDN *
-NSSRDN_Create
-(
- NSSArena *arenaOpt,
- NSSATAV *atav1,
- ...
-);
-
-/*
- * NSSRDN_CreateSimple
- *
- * This routine creates a simple NSSRDN from a single NSSATAV. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDN upon success
- */
-
-NSS_EXTERN NSSRDN *
-NSSRDN_CreateSimple
-(
- NSSArena *arenaOpt,
- NSSATAV *atav
-);
-
-/*
- * NSSRDN_Destroy
- *
- * This routine will destroy an RDN object. It should eventually be
- * called on all RDNs created without an arena. While it is not
- * necessary to call it on RDNs created within an arena, it is not an
- * error to do so. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * create an error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- *
- * Return value:
- * PR_FAILURE upon failure
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-NSSRDN_Destroy
-(
- NSSRDN *rdn
-);
-
-/*
- * NSSRDN_GetDEREncoding
- *
- * This routine will DER-encode an RDN object. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return null upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSRDN
- */
-
-NSS_EXTERN NSSDER *
-NSSRDN_GetDEREncoding
-(
- NSSRDN *rdn,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSRDN_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the RDN. A simple (one-ATAV) RDN will be simply
- * the string representation of that ATAV; a non-simple RDN will be in
- * parenthesised form. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * null upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSRDN_GetUTF8Encoding
-(
- NSSRDN *rdn,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSRDN_AddATAV
- *
- * This routine adds an ATAV to the set of ATAVs in the specified RDN.
- * Remember that RDNs consist of an unordered set of ATAVs. If the
- * RDN was created with a non-null arena argument, that same arena
- * will be used for any additional required memory. If the RDN was
- * created with a NULL arena argument, any additional memory will
- * be obtained from the heap. This routine returns a PRStatus value;
- * it will return PR_SUCCESS upon success, and upon failure it will
- * create an error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSRDN_AddATAV
-(
- NSSRDN *rdn,
- NSSATAV *atav
-);
-
-/*
- * NSSRDN_GetATAVCount
- *
- * This routine returns the cardinality of the set of ATAVs within
- * the specified RDN. This routine may return 0 upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- *
- * Return value:
- * 0 upon error
- * A positive number upon success
- */
-
-NSS_EXTERN PRUint32
-NSSRDN_GetATAVCount
-(
- NSSRDN *rdn
-);
-
-/*
- * NSSRDN_GetATAV
- *
- * This routine returns a pointer to an ATAV that is a member of
- * the set of ATAVs within the specified RDN. While the set of
- * ATAVs within an RDN is unordered, this routine will return
- * distinct values for distinct values of 'i' as long as the RDN
- * is not changed in any way. The RDN may be changed by calling
- * NSSRDN_AddATAV. The value of the variable 'i' is on the range
- * [0,c) where c is the cardinality returned from NSSRDN_GetATAVCount.
- * The caller owns the ATAV the pointer to which is returned. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSATAV
- */
-
-NSS_EXTERN NSSATAV *
-NSSRDN_GetATAV
-(
- NSSRDN *rdn,
- NSSArena *arenaOpt,
- PRUint32 i
-);
-
-/*
- * NSSRDN_GetSimpleATAV
- *
- * Most RDNs are actually very simple, with a single ATAV. This
- * routine will return the single ATAV from such an RDN. The caller
- * owns the ATAV the pointer to which is returned. If the optional
- * arena argument is non-null, the memory used will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, including the case where
- * the set of ATAVs in the RDN is nonsingular. Upon error, this
- * routine will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_RDN_NOT_SIMPLE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSATAV
- */
-
-NSS_EXTERN NSSATAV *
-NSSRDN_GetSimpleATAV
-(
- NSSRDN *rdn,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSRDN_Compare
- *
- * This routine compares two RDNs for equality. For two RDNs to be
- * equal, they must have the same number of ATAVs, and every ATAV in
- * one must be equal to an ATAV in the other. (Note that the sets
- * of ATAVs are unordered.) The result of the comparison will be
- * stored at the location pointed to by the "equalp" variable, which
- * must point to a valid PRBool. This routine may return PR_FAILURE
- * upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE on error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-NSSRDN_Compare
-(
- NSSRDN *rdn1,
- NSSRDN *rdn2,
- PRBool *equalp
-);
-
-/*
- * NSSRDN_Duplicate
- *
- * This routine duplicates the specified RDN. If the optional arena
- * argument is non-null, the memory required will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL on error
- * A pointer to a new RDN
- */
-
-NSS_EXTERN NSSRDN *
-NSSRDN_Duplicate
-(
- NSSRDN *rdn,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSRDNSeq
- *
- * The public "methods" regarding this "object" are:
- *
- * NSSRDNSeq_CreateFromBER -- constructor
- * NSSRDNSeq_CreateFromUTF8 -- constructor
- * NSSRDNSeq_Create -- constructor
- *
- * NSSRDNSeq_Destroy
- * NSSRDNSeq_GetDEREncoding
- * NSSRDNSeq_GetUTF8Encoding
- * NSSRDNSeq_AppendRDN
- * NSSRDNSeq_GetRDNCount
- * NSSRDNSeq_GetRDN
- * NSSRDNSeq_Compare
- * NSSRDNSeq_Duplicate
- */
-
-/*
- * NSSRDNSeq_CreateFromBER
- *
- * This routine creates an NSSRDNSeq by decoding a BER- or DER-encoded
- * sequence of RDNs. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDNSeq upon success
- */
-
-NSS_EXTERN NSSRDNSeq *
-NSSRDNSeq_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berRDNSeq
-);
-
-/*
- * NSSRDNSeq_CreateFromUTF8
- *
- * This routine creates an NSSRDNSeq by decoding a UTF8 string
- * consisting of a comma-separated sequence of RDNs, such as
- * "(sn=Smith,ou=Sales),o=Acme,c=US." If the optional arena argument
- * is non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDNSeq upon success
- */
-
-NSS_EXTERN NSSRDNSeq *
-NSSRDNSeq_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *stringRDNSeq
-);
-
-/*
- * NSSRDNSeq_Create
- *
- * This routine creates an NSSRDNSeq from one or more NSSRDNs. The
- * final argument to this routine must be NULL. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_RDN
- *
- * Return value:
- * NULL upon error
- * A pointero to an NSSRDNSeq upon success
- */
-
-NSS_EXTERN NSSRDNSeq *
-NSSRDNSeq_Create
-(
- NSSArena *arenaOpt,
- NSSRDN *rdn1,
- ...
-);
-
-/*
- * NSSRDNSeq_Destroy
- *
- * This routine will destroy an RDNSeq object. It should eventually
- * be called on all RDNSeqs created without an arena. While it is not
- * necessary to call it on RDNSeqs created within an arena, it is not
- * an error to do so. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * create an error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-NSSRDNSeq_Destroy
-(
- NSSRDNSeq *rdnseq
-);
-
-/*
- * NSSRDNSeq_GetDEREncoding
- *
- * This routine will DER-encode an RDNSeq object. If the optional
- * arena argument is non-null, the memory used will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return null upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSRDNSeq
- */
-
-NSS_EXTERN NSSDER *
-NSSRDNSeq_GetDEREncoding
-(
- NSSRDNSeq *rdnseq,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSRDNSeq_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the RDNSeq as a comma-separated sequence of RDNs.
- * If the optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return null upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to the UTF8 string
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSRDNSeq_GetUTF8Encoding
-(
- NSSRDNSeq *rdnseq,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSRDNSeq_AppendRDN
- *
- * This routine appends an RDN to the end of the existing RDN
- * sequence. If the RDNSeq was created with a non-null arena
- * argument, that same arena will be used for any additional required
- * memory. If the RDNSeq was created with a NULL arena argument, any
- * additional memory will be obtained from the heap. This routine
- * returns a PRStatus value; it will return PR_SUCCESS upon success,
- * and upon failure it will create an error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-NSSRDNSeq_AppendRDN
-(
- NSSRDNSeq *rdnseq,
- NSSRDN *rdn
-);
-
-/*
- * NSSRDNSeq_GetRDNCount
- *
- * This routine returns the cardinality of the sequence of RDNs within
- * the specified RDNSeq. This routine may return 0 upon error, in
- * which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- *
- * Return value:
- * 0 upon error
- * A positive number upon success
- */
-
-NSS_EXTERN PRUint32
-NSSRDNSeq_GetRDNCount
-(
- NSSRDNSeq *rdnseq
-);
-
-/*
- * NSSRDNSeq_GetRDN
- *
- * This routine returns a pointer to the i'th RDN in the sequence of
- * RDNs that make up the specified RDNSeq. The sequence begins with
- * the top-level (e.g., "c=US") RDN. The value of the variable 'i'
- * is on the range [0,c) where c is the cardinality returned from
- * NSSRDNSeq_GetRDNCount. The caller owns the RDN the pointer to which
- * is returned. If the optional arena argument is non-null, the memory
- * used will be obtained from that areana; otherwise, the memory will
- * be obtained from the heap. This routine may return NULL upon error,
- * in which case it will have created an error stack. Note that the
- * usual string representation of RDN Sequences is from last to first.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSRDN
- */
-
-NSS_EXTERN NSSRDN *
-NSSRDNSeq_GetRDN
-(
- NSSRDNSeq *rdnseq,
- NSSArena *arenaOpt,
- PRUint32 i
-);
-
-/*
- * NSSRDNSeq_Compare
- *
- * This routine compares two RDNSeqs for equality. For two RDNSeqs to
- * be equal, they must have the same number of RDNs, and each RDN in
- * one sequence must be equal to the corresponding RDN in the other
- * sequence. The result of the comparison will be stored at the
- * location pointed to by the "equalp" variable, which must point to a
- * valid PRBool. This routine may return PR_FAILURE upon error, in
- * which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE on error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-NSSRDNSeq_Compare
-(
- NSSRDNSeq *rdnseq1,
- NSSRDNSeq *rdnseq2,
- PRBool *equalp
-);
-
-/*
- * NSSRDNSeq_Duplicate
- *
- * This routine duplicates the specified RDNSeq. If the optional arena
- * argument is non-null, the memory required will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a new RDNSeq
- */
-
-NSS_EXTERN NSSRDNSeq *
-NSSRDNSeq_Duplicate
-(
- NSSRDNSeq *rdnseq,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName
- *
- * The public "methods" regarding this "object" are:
- *
- * NSSName_CreateFromBER -- constructor
- * NSSName_CreateFromUTF8 -- constructor
- * NSSName_Create -- constructor
- *
- * NSSName_Destroy
- * NSSName_GetDEREncoding
- * NSSName_GetUTF8Encoding
- * NSSName_GetChoice
- * NSSName_GetRDNSequence
- * NSSName_GetSpecifiedChoice
- * NSSName_Compare
- * NSSName_Duplicate
- *
- * NSSName_GetUID
- * NSSName_GetEmail
- * NSSName_GetCommonName
- * NSSName_GetOrganization
- * NSSName_GetOrganizationalUnits
- * NSSName_GetStateOrProvince
- * NSSName_GetLocality
- * NSSName_GetCountry
- * NSSName_GetAttribute
- */
-
-/*
- * NSSName_CreateFromBER
- *
- * This routine creates an NSSName by decoding a BER- or DER-encoded
- * (directory) Name. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise,
- * the memory will be obtained from the heap. This routine may
- * return NULL upon error, in which case it will have created an error
- * stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSName upon success
- */
-
-NSS_EXTERN NSSName *
-NSSName_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berName
-);
-
-/*
- * NSSName_CreateFromUTF8
- *
- * This routine creates an NSSName by decoding a UTF8 string
- * consisting of the string representation of one of the choices of
- * (directory) names. Currently the only choice is an RDNSeq. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. The routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSName upon success
- */
-
-NSS_EXTERN NSSName *
-NSSName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *stringName
-);
-
-/*
- * NSSName_Create
- *
- * This routine creates an NSSName with the specified choice of
- * underlying name types. The value of the choice variable must be
- * one of the values of the NSSNameChoice enumeration, and the type
- * of the arg variable must be as specified in the following table:
- *
- * Choice Type
- * ======================== ===========
- * NSSNameChoiceRdnSequence NSSRDNSeq *
- *
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_CHOICE
- * NSS_ERROR_INVALID_ARGUMENT
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSName upon success
- */
-
-NSS_EXTERN NSSName *
-NSSName_Create
-(
- NSSArena *arenaOpt,
- NSSNameChoice choice,
- void *arg
-);
-
-/*
- * NSSName_Destroy
- *
- * This routine will destroy a Name object. It should eventually be
- * called on all Names created without an arena. While it is not
- * necessary to call it on Names created within an arena, it is not
- * an error to do so. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * create an error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-NSSName_Destroy
-(
- NSSName *name
-);
-
-/*
- * NSSName_GetDEREncoding
- *
- * This routine will DER-encode a name object. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return null upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSName
- */
-
-NSS_EXTERN NSSDER *
-NSSName_GetDEREncoding
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the Name in the format specified by the
- * underlying name choice. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to the UTF8 string
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSName_GetUTF8Encoding
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetChoice
- *
- * This routine returns the type of the choice underlying the specified
- * name. The return value will be a member of the NSSNameChoice
- * enumeration. This routine may return NSSNameChoiceInvalid upon
- * error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- *
- * Return value:
- * NSSNameChoiceInvalid upon error
- * An other member of the NSSNameChoice enumeration upon success
- */
-
-NSS_EXTERN NSSNameChoice
-NSSName_GetChoice
-(
- NSSName *name
-);
-
-/*
- * NSSName_GetRDNSequence
- *
- * If the choice underlying the specified NSSName is that of an
- * RDNSequence, this routine will return a pointer to that RDN
- * sequence. Otherwise, this routine will place an error on the
- * error stack, and return NULL. If the optional arena argument is
- * non-null, the memory required will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. The
- * caller owns the returned pointer. This routine may return NULL
- * upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSRDNSeq
- */
-
-NSS_EXTERN NSSRDNSeq *
-NSSName_GetRDNSequence
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetSpecifiedChoice
- *
- * If the choice underlying the specified NSSName matches the specified
- * choice, a caller-owned pointer to that underlying object will be
- * returned. Otherwise, an error will be placed on the error stack and
- * NULL will be returned. If the optional arena argument is non-null,
- * the memory required will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer, which must be typecast
- */
-
-NSS_EXTERN void *
-NSSName_GetSpecifiedChoice
-(
- NSSName *name,
- NSSNameChoice choice,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_Compare
- *
- * This routine compares two Names for equality. For two Names to be
- * equal, they must have the same choice of underlying types, and the
- * underlying values must be equal. The result of the comparison will
- * be stored at the location pointed to by the "equalp" variable, which
- * must point to a valid PRBool. This routine may return PR_FAILURE
- * upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE on error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-NSSName_Compare
-(
- NSSName *name1,
- NSSName *name2,
- PRBool *equalp
-);
-
-/*
- * NSSName_Duplicate
- *
- * This routine duplicates the specified nssname. If the optional
- * arena argument is non-null, the memory required will be obtained
- * from that arena; otherwise, the memory will be obtained from the
- * heap. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a new NSSName
- */
-
-NSS_EXTERN NSSName *
-NSSName_Duplicate
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetUID
- *
- * This routine will attempt to derive a user identifier from the
- * specified name, if the choices and content of the name permit.
- * If the Name consists of a Sequence of Relative Distinguished
- * Names containing a UID attribute, the UID will be the value of
- * that attribute. Note that no UID attribute is defined in either
- * PKIX or PKCS#9; rather, this seems to derive from RFC 1274, which
- * defines the type as a caseIgnoreString. We'll return a Directory
- * String. If the optional arena argument is non-null, the memory
- * used will be obtained from that arena; otherwise, the memory will
- * be obtained from the heap. This routine may return NULL upon error,
- * in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_UID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String.
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSName_GetUID
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetEmail
- *
- * This routine will attempt to derive an email address from the
- * specified name, if the choices and content of the name permit.
- * If the Name consists of a Sequence of Relative Distinguished
- * Names containing either a PKIX email address or a PKCS#9 email
- * address, the result will be the value of that attribute. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_EMAIL
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr IA5 String */
-NSSName_GetEmail
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetCommonName
- *
- * This routine will attempt to derive a common name from the
- * specified name, if the choices and content of the name permit.
- * If the Name consists of a Sequence of Relative Distinguished Names
- * containing a PKIX Common Name, the result will be that name. If
- * the optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_COMMON_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSName_GetCommonName
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetOrganization
- *
- * This routine will attempt to derive an organisation name from the
- * specified name, if the choices and content of the name permit.
- * If Name consists of a Sequence of Relative Distinguished names
- * containing a PKIX Organization, the result will be the value of
- * that attribute. If the optional arena argument is non-null, the
- * memory used will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. This routine may return NULL upon
- * error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_ORGANIZATION
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSName_GetOrganization
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetOrganizationalUnits
- *
- * This routine will attempt to derive a sequence of organisational
- * unit names from the specified name, if the choices and content of
- * the name permit. If the Name consists of a Sequence of Relative
- * Distinguished Names containing one or more organisational units,
- * the result will be the values of those attributes. If the optional
- * arena argument is non-null, the memory used will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_ORGANIZATIONAL_UNITS
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a null-terminated array of UTF8 Strings
- */
-
-NSS_EXTERN NSSUTF8 ** /* XXX fgmr DirectoryString */
-NSSName_GetOrganizationalUnits
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetStateOrProvince
- *
- * This routine will attempt to derive a state or province name from
- * the specified name, if the choices and content of the name permit.
- * If the Name consists of a Sequence of Relative Distinguished Names
- * containing a state or province, the result will be the value of
- * that attribute. If the optional arena argument is non-null, the
- * memory used will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. This routine may return NULL upon
- * error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_STATE_OR_PROVINCE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSName_GetStateOrProvince
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetLocality
- *
- * This routine will attempt to derive a locality name from the
- * specified name, if the choices and content of the name permit. If
- * the Name consists of a Sequence of Relative Distinguished names
- * containing a Locality, the result will be the value of that
- * attribute. If the optional arena argument is non-null, the memory
- * used will be obtained from that arena; otherwise, the memory will
- * be obtained from the heap. This routine may return NULL upon error,
- * in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_LOCALITY
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSName_GetLocality
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetCountry
- *
- * This routine will attempt to derive a country name from the
- * specified name, if the choices and content of the name permit.
- * If the Name consists of a Sequence of Relative Distinguished
- * Names containing a Country, the result will be the value of
- * that attribute.. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise,
- * the memory will be obtained from the heap. This routine may
- * return NULL upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_COUNTRY
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr PrintableString */
-NSSName_GetCountry
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSName_GetAttribute
- *
- * If the specified name consists of a Sequence of Relative
- * Distinguished Names containing an attribute with the specified
- * type, and the actual value of that attribute may be expressed
- * with a Directory String, then the value of that attribute will
- * be returned as a Directory String. If the optional arena argument
- * is non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_ATTRIBUTE
- * NSS_ERROR_ATTRIBUTE_VALUE_NOT_STRING
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSName_GetAttribute
-(
- NSSName *name,
- NSSOID *attribute,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName
- *
- * The public "methods" regarding this "object" are:
- *
- * NSSGeneralName_CreateFromBER -- constructor
- * NSSGeneralName_CreateFromUTF8 -- constructor
- * NSSGeneralName_Create -- constructor
- *
- * NSSGeneralName_Destroy
- * NSSGeneralName_GetDEREncoding
- * NSSGeneralName_GetUTF8Encoding
- * NSSGeneralName_GetChoice
- * NSSGeneralName_GetOtherName
- * NSSGeneralName_GetRfc822Name
- * NSSGeneralName_GetDNSName
- * NSSGeneralName_GetX400Address
- * NSSGeneralName_GetDirectoryName
- * NSSGeneralName_GetEdiPartyName
- * NSSGeneralName_GetUniformResourceIdentifier
- * NSSGeneralName_GetIPAddress
- * NSSGeneralName_GetRegisteredID
- * NSSGeneralName_GetSpecifiedChoice
- * NSSGeneralName_Compare
- * NSSGeneralName_Duplicate
- *
- * NSSGeneralName_GetUID
- * NSSGeneralName_GetEmail
- * NSSGeneralName_GetCommonName
- * NSSGeneralName_GetOrganization
- * NSSGeneralName_GetOrganizationalUnits
- * NSSGeneralName_GetStateOrProvince
- * NSSGeneralName_GetLocality
- * NSSGeneralName_GetCountry
- * NSSGeneralName_GetAttribute
- */
-
-/*
- * NSSGeneralName_CreateFromBER
- *
- * This routine creates an NSSGeneralName by decoding a BER- or DER-
- * encoded general name. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSGeneralName upon success
- */
-
-NSS_EXTERN NSSGeneralName *
-NSSGeneralName_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berGeneralName
-);
-
-/*
- * NSSGeneralName_CreateFromUTF8
- *
- * This routine creates an NSSGeneralName by decoding a UTF8 string
- * consisting of the string representation of one of the choices of
- * general names. If the optional arena argument is non-null, the
- * memory used will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The routine may return NULL upon
- * error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSGeneralName upon success
- */
-
-NSS_EXTERN NSSGeneralName *
-NSSGeneralName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *stringGeneralName
-);
-
-/*
- * NSSGeneralName_Create
- *
- * This routine creates an NSSGeneralName with the specified choice of
- * underlying name types. The value of the choice variable must be one
- * of the values of the NSSGeneralNameChoice enumeration, and the type
- * of the arg variable must be as specified in the following table:
- *
- * Choice Type
- * ============================================ =========
- * NSSGeneralNameChoiceOtherName
- * NSSGeneralNameChoiceRfc822Name
- * NSSGeneralNameChoiceDNSName
- * NSSGeneralNameChoiceX400Address
- * NSSGeneralNameChoiceDirectoryName NSSName *
- * NSSGeneralNameChoiceEdiPartyName
- * NSSGeneralNameChoiceUniformResourceIdentifier
- * NSSGeneralNameChoiceIPAddress
- * NSSGeneralNameChoiceRegisteredID
- *
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have created an error stack.
- *
- * The error may be one fo the following values:
- * NSS_ERROR_INVALID_CHOICE
- * NSS_ERROR_INVALID_ARGUMENT
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSGeneralName upon success
- */
-
-NSS_EXTERN NSSGeneralName *
-NSSGeneralName_Create
-(
- NSSGeneralNameChoice choice,
- void *arg
-);
-
-/*
- * NSSGeneralName_Destroy
- *
- * This routine will destroy a General Name object. It should
- * eventually be called on all General Names created without an arena.
- * While it is not necessary to call it on General Names created within
- * an arena, it is not an error to do so. This routine returns a
- * PRStatus value; if successful, it will return PR_SUCCESS. If
- * usuccessful, it will create an error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- *
- * Return value:
- * PR_FAILURE upon failure
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-NSSGeneralName_Destroy
-(
- NSSGeneralName *generalName
-);
-
-/*
- * NSSGeneralName_GetDEREncoding
- *
- * This routine will DER-encode a name object. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return null upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSGeneralName
- */
-
-NSS_EXTERN NSSDER *
-NSSGeneralName_GetDEREncoding
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the General Name in the format specified by the
- * underlying name choice. If the optional arena argument is
- * non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSGeneralName_GetUTF8Encoding
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetChoice
- *
- * This routine returns the type of choice underlying the specified
- * general name. The return value will be a member of the
- * NSSGeneralNameChoice enumeration. This routine may return
- * NSSGeneralNameChoiceInvalid upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- *
- * Return value:
- * NSSGeneralNameChoiceInvalid upon error
- * An other member of the NSSGeneralNameChoice enumeration
- */
-
-NSS_EXTERN NSSGeneralNameChoice
-NSSGeneralName_GetChoice
-(
- NSSGeneralName *generalName
-);
-
-/*
- * NSSGeneralName_GetOtherName
- *
- * If the choice underlying the specified NSSGeneralName is that of an
- * Other Name, this routine will return a pointer to that Other name.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSOtherName
- */
-
-NSS_EXTERN NSSOtherName *
-NSSGeneralName_GetOtherName
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetRfc822Name
- *
- * If the choice underlying the specified NSSGeneralName is that of an
- * RFC 822 Name, this routine will return a pointer to that name.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSRFC822Name
- */
-
-NSS_EXTERN NSSRFC822Name *
-NSSGeneralName_GetRfc822Name
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetDNSName
- *
- * If the choice underlying the specified NSSGeneralName is that of a
- * DNS Name, this routine will return a pointer to that DNS name.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSDNSName
- */
-
-NSS_EXTERN NSSDNSName *
-NSSGeneralName_GetDNSName
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetX400Address
- *
- * If the choice underlying the specified NSSGeneralName is that of an
- * X.400 Address, this routine will return a pointer to that Address.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSX400Address
- */
-
-NSS_EXTERN NSSX400Address *
-NSSGeneralName_GetX400Address
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetDirectoryName
- *
- * If the choice underlying the specified NSSGeneralName is that of a
- * (directory) Name, this routine will return a pointer to that name.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSName
- */
-
-NSS_EXTERN NSSName *
-NSSGeneralName_GetName
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetEdiPartyName
- *
- * If the choice underlying the specified NSSGeneralName is that of an
- * EDI Party Name, this routine will return a pointer to that name.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSEdiPartyName
- */
-
-NSS_EXTERN NSSEdiPartyName *
-NSSGeneralName_GetEdiPartyName
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetUniformResourceIdentifier
- *
- * If the choice underlying the specified NSSGeneralName is that of a
- * URI, this routine will return a pointer to that URI.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSURI
- */
-
-NSS_EXTERN NSSURI *
-NSSGeneralName_GetUniformResourceIdentifier
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetIPAddress
- *
- * If the choice underlying the specified NSSGeneralName is that of an
- * IP Address , this routine will return a pointer to that address.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSIPAddress
- */
-
-NSS_EXTERN NSSIPAddress *
-NSSGeneralName_GetIPAddress
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetRegisteredID
- *
- * If the choice underlying the specified NSSGeneralName is that of a
- * Registered ID, this routine will return a pointer to that ID.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSRegisteredID
- */
-
-NSS_EXTERN NSSRegisteredID *
-NSSGeneralName_GetRegisteredID
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetSpecifiedChoice
- *
- * If the choice underlying the specified NSSGeneralName matches the
- * specified choice, a caller-owned pointer to that underlying object
- * will be returned. Otherwise, an error will be placed on the error
- * stack and NULL will be returned. If the optional arena argument
- * is non-null, the memory required will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. The caller
- * owns the returned pointer. This routine may return NULL upon
- * error, in which caes it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer, which must be typecast
- */
-
-NSS_EXTERN void *
-NSSGeneralName_GetSpecifiedChoice
-(
- NSSGeneralName *generalName,
- NSSGeneralNameChoice choice,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_Compare
- *
- * This routine compares two General Names for equality. For two
- * General Names to be equal, they must have the same choice of
- * underlying types, and the underlying values must be equal. The
- * result of the comparison will be stored at the location pointed
- * to by the "equalp" variable, which must point to a valid PRBool.
- * This routine may return PR_FAILURE upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following value:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-NSSGeneralName_Compare
-(
- NSSGeneralName *generalName1,
- NSSGeneralName *generalName2,
- PRBool *equalp
-);
-
-/*
- * NSSGeneralName_Duplicate
- *
- * This routine duplicates the specified General Name. If the optional
- * arena argument is non-null, the memory required will be obtained
- * from that arena; otherwise, the memory will be obtained from the
- * heap. This routine may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a new NSSGeneralName
- */
-
-NSS_EXTERN NSSGeneralName *
-NSSGeneralName_Duplicate
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetUID
- *
- * This routine will attempt to derive a user identifier from the
- * specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished Names containing a UID
- * attribute, the UID will be the value of that attribute. Note
- * that no UID attribute is defined in either PKIX or PKCS#9;
- * rather, this seems to derive from RFC 1274, which defines the
- * type as a caseIgnoreString. We'll return a Directory String.
- * If the optional arena argument is non-null, the memory used
- * will be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_UID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String.
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSGeneralName_GetUID
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetEmail
- *
- * This routine will attempt to derive an email address from the
- * specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished names containing either
- * a PKIX email address or a PKCS#9 email address, the result will
- * be the value of that attribute. If the General Name is an RFC 822
- * Name, the result will be the string form of that name. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_EMAIL
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr IA5String */
-NSSGeneralName_GetEmail
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetCommonName
- *
- * This routine will attempt to derive a common name from the
- * specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished names containing a PKIX
- * Common Name, the result will be that name. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_COMMON_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSGeneralName_GetCommonName
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetOrganization
- *
- * This routine will attempt to derive an organisation name from the
- * specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished names containing an
- * Organization, the result will be the value of that attribute.
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_ORGANIZATION
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSGeneralName_GetOrganization
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetOrganizationalUnits
- *
- * This routine will attempt to derive a sequence of organisational
- * unit names from the specified general name, if the choices and
- * content of the name permit. If the General Name is a (directory)
- * Name consisting of a Sequence of Relative Distinguished names
- * containing one or more organisational units, the result will
- * consist of those units. If the optional arena argument is non-
- * null, the memory used will be obtained from that arena; otherwise,
- * the memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_ORGANIZATIONAL_UNITS
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a null-terminated array of UTF8 Strings
- */
-
-NSS_EXTERN NSSUTF8 ** /* XXX fgmr DirectoryString */
-NSSGeneralName_GetOrganizationalUnits
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetStateOrProvince
- *
- * This routine will attempt to derive a state or province name from
- * the specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished names containing a state or
- * province, the result will be the value of that attribute. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_STATE_OR_PROVINCE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSGeneralName_GetStateOrProvince
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetLocality
- *
- * This routine will attempt to derive a locality name from
- * the specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished names containing a Locality,
- * the result will be the value of that attribute. If the optional
- * arena argument is non-null, the memory used will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_LOCALITY
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSGeneralName_GetLocality
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetCountry
- *
- * This routine will attempt to derive a country name from the
- * specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting of a
- * Sequence of Relative Distinguished names containing a Country, the
- * result will be the value of that attribute. If the optional
- * arena argument is non-null, the memory used will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_COUNTRY
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr PrintableString */
-NSSGeneralName_GetCountry
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralName_GetAttribute
- *
- * If the specified general name is a (directory) name consisting
- * of a Sequence of Relative Distinguished Names containing an
- * attribute with the specified type, and the actual value of that
- * attribute may be expressed with a Directory String, then the
- * value of that attribute will be returned as a Directory String.
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_ATTRIBUTE
- * NSS_ERROR_ATTRIBUTE_VALUE_NOT_STRING
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-NSSGeneralName_GetAttribute
-(
- NSSGeneralName *generalName,
- NSSOID *attribute,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralNameSeq
- *
- * The public "methods" regarding this "object" are:
- *
- * NSSGeneralNameSeq_CreateFromBER -- constructor
- * NSSGeneralNameSeq_Create -- constructor
- *
- * NSSGeneralNameSeq_Destroy
- * NSSGeneralNameSeq_GetDEREncoding
- * NSSGeneralNameSeq_AppendGeneralName
- * NSSGeneralNameSeq_GetGeneralNameCount
- * NSSGeneralNameSeq_GetGeneralName
- * NSSGeneralNameSeq_Compare
- * NSSGeneralnameSeq_Duplicate
- */
-
-/*
- * NSSGeneralNameSeq_CreateFromBER
- *
- * This routine creates a general name sequence by decoding a BER-
- * or DER-encoded GeneralNames. If the optional arena argument is
- * non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSGeneralNameSeq upon success
- */
-
-NSS_EXTERN NSSGeneralNameSeq *
-NSSGeneralNameSeq_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berGeneralNameSeq
-);
-
-/*
- * NSSGeneralNameSeq_Create
- *
- * This routine creates an NSSGeneralNameSeq from one or more General
- * Names. The final argument to this routine must be NULL. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_GENERAL_NAME
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSGeneralNameSeq upon success
- */
-
-NSS_EXTERN NSSGeneralNameSeq *
-NSSGeneralNameSeq_Create
-(
- NSSArena *arenaOpt,
- NSSGeneralName *generalName1,
- ...
-);
-
-/*
- * NSSGeneralNameSeq_Destroy
- *
- * This routine will destroy an NSSGeneralNameSeq object. It should
- * eventually be called on all NSSGeneralNameSeqs created without an
- * arena. While it is not necessary to call it on NSSGeneralNameSeq's
- * created within an arena, it is not an error to do so. This routine
- * returns a PRStatus value; if successful, it will return PR_SUCCESS.
- * If unsuccessful, it will create an error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-NSSGeneralNameSeq_Destroy
-(
- NSSGeneralNameSeq *generalNameSeq
-);
-
-/*
- * NSSGeneralNameSeq_GetDEREncoding
- *
- * This routine will DER-encode an NSSGeneralNameSeq object. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return null upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSGeneralNameSeq
- */
-
-NSS_EXTERN NSSDER *
-NSSGeneralNameSeq_GetDEREncoding
-(
- NSSGeneralNameSeq *generalNameSeq,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralNameSeq_AppendGeneralName
- *
- * This routine appends a General Name to the end of the existing
- * General Name Sequence. If the sequence was created with a non-null
- * arena argument, that same arena will be used for any additional
- * required memory. If the sequence was created with a NULL arena
- * argument, any additional memory will be obtained from the heap.
- * This routine returns a PRStatus value; it will return PR_SUCCESS
- * upon success, and upon failure it will create an error stack and
- * return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure.
- */
-
-NSS_EXTERN PRStatus
-NSSGeneralNameSeq_AppendGeneralName
-(
- NSSGeneralNameSeq *generalNameSeq,
- NSSGeneralName *generalName
-);
-
-/*
- * NSSGeneralNameSeq_GetGeneralNameCount
- *
- * This routine returns the cardinality of the specified General name
- * Sequence. This routine may return 0 upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- *
- * Return value;
- * 0 upon error
- * A positive number upon success
- */
-
-NSS_EXTERN PRUint32
-NSSGeneralNameSeq_GetGeneralNameCount
-(
- NSSGeneralNameSeq *generalNameSeq
-);
-
-/*
- * NSSGeneralNameSeq_GetGeneralName
- *
- * This routine returns a pointer to the i'th General Name in the
- * specified General Name Sequence. The value of the variable 'i' is
- * on the range [0,c) where c is the cardinality returned from
- * NSSGeneralNameSeq_GetGeneralNameCount. The caller owns the General
- * Name the pointer to which is returned. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have
- * created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to a General Name.
- */
-
-NSS_EXTERN NSSGeneralName *
-NSSGeneralNameSeq_GetGeneralName
-(
- NSSGeneralNameSeq *generalNameSeq,
- NSSArena *arenaOpt,
- PRUint32 i
-);
-
-/*
- * NSSGeneralNameSeq_Compare
- *
- * This routine compares two General Name Sequences for equality. For
- * two General Name Sequences to be equal, they must have the same
- * cardinality, and each General Name in one sequence must be equal to
- * the corresponding General Name in the other. The result of the
- * comparison will be stored at the location pointed to by the "equalp"
- * variable, which must point to a valid PRBool. This routine may
- * return PR_FAILURE upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-NSSGeneralNameSeq_Compare
-(
- NSSGeneralNameSeq *generalNameSeq1,
- NSSGeneralNameSeq *generalNameSeq2,
- PRBool *equalp
-);
-
-/*
- * NSSGeneralNameSeq_Duplicate
- *
- * This routine duplicates the specified sequence of general names. If
- * the optional arena argument is non-null, the memory required will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a new General Name Sequence.
- */
-
-NSS_EXTERN NSSGeneralNameSeq *
-NSSGeneralNameSeq_Duplicate
-(
- NSSGeneralNameSeq *generalNameSeq,
- NSSArena *arenaOpt
-);
-
-PR_END_EXTERN_C
-
-#endif /* NSSPT1M_H */
diff --git a/security/nss/lib/pki1/nsspki1t.h b/security/nss/lib/pki1/nsspki1t.h
deleted file mode 100644
index 8765a3ad3..000000000
--- a/security/nss/lib/pki1/nsspki1t.h
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef NSSPKI1T_H
-#define NSSPKI1T_H
-
-#ifdef DEBUG
-static const char NSSPKI1T_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * nsspki1t.h
- *
- * This file contains the public type definitions for the PKIX part-1
- * objects.
- */
-
-#ifndef NSSBASET_H
-#include "nssbaset.h"
-#endif /* NSSBASET_H */
-
-PR_BEGIN_EXTERN_C
-
-/*
- * OBJECT IDENTIFIER
- *
- * This is the basic OID that crops up everywhere.
- */
-
-struct NSSOIDStr;
-typedef struct NSSOIDStr NSSOID;
-
-/*
- * AttributeTypeAndValue
- *
- * This structure contains an attribute type (indicated by an OID),
- * and the type-specific value. RelativeDistinguishedNamess consist
- * of a set of these. These are distinct from Attributes (which have
- * SET of values), from AttributeDescriptions (which have qualifiers
- * on the types), and from AttributeValueAssertions (which assert a
- * a value comparison under some matching rule).
- */
-
-struct NSSATAVStr;
-typedef struct NSSATAVStr NSSATAV;
-
-/*
- * RelativeDistinguishedName
- *
- * This structure contains an unordered set of AttributeTypeAndValue
- * objects. RDNs are used to distinguish a set of objects underneath
- * a common object.
- *
- * Often, a single ATAV is sufficient to make a unique distinction.
- * For example, if a company assigns its people unique uid values,
- * then in the Name "uid=smith,ou=People,o=Acme,c=US" the "uid=smith"
- * ATAV by itself forms an RDN. However, sometimes a set of ATAVs is
- * needed. For example, if a company needed to distinguish between
- * two Smiths by specifying their corporate divisions, then in the
- * Name "(cn=Smith,ou=Sales),ou=People,o=Acme,c=US" the parenthesised
- * set of ATAVs forms the RDN.
- */
-
-struct NSSRDNStr;
-typedef struct NSSRDNStr NSSRDN;
-
-/*
- * RDNSequence
- *
- * This structure contains a sequence of RelativeDistinguishedName
- * objects.
- */
-
-struct NSSRDNSeqStr;
-typedef struct NSSRDNSeqStr NSSRDNSeq;
-
-/*
- * Name
- *
- * This structure contains a union of the possible name formats,
- * which at the moment is limited to an RDNSequence.
- */
-
-struct NSSNameStr;
-typedef struct NSSNameStr NSSName;
-
-/*
- * NameChoice
- *
- * This enumeration is used to specify choice within a name.
- */
-
-enum NSSNameChoiceEnum {
- NSSNameChoiceInvalid = -1,
- NSSNameChoiceRdnSequence
-};
-typedef enum NSSNameChoiceEnum NSSNameChoice;
-
-/*
- * GeneralName
- *
- * This structure contains a union of the possible general names,
- * of which there are several.
- */
-
-struct NSSGeneralNameStr;
-typedef struct NSSGeneralNameStr NSSGeneralName;
-
-/*
- * GeneralNameChoice
- *
- * This enumerates the possible general name types.
- */
-
-enum NSSGeneralNameChoiceEnum {
- NSSGeneralNameChoiceInvalid = -1,
- NSSGeneralNameChoiceOtherName = 0,
- NSSGeneralNameChoiceRfc822Name = 1,
- NSSGeneralNameChoiceDNSName = 2,
- NSSGeneralNameChoiceX400Address = 3,
- NSSGeneralNameChoiceDirectoryName = 4,
- NSSGeneralNameChoiceEdiPartyName = 5,
- NSSGeneralNameChoiceUniformResourceIdentifier = 6,
- NSSGeneralNameChoiceIPAddress = 7,
- NSSGeneralNameChoiceRegisteredID = 8
-};
-typedef enum NSSGeneralNameChoiceEnum NSSGeneralNameChoice;
-
-/*
- * The "other" types of general names.
- */
-
-struct NSSOtherNameStr;
-typedef struct NSSOtherNameStr NSSOtherName;
-
-struct NSSRFC822NameStr;
-typedef struct NSSRFC822NameStr NSSRFC822Name;
-
-struct NSSDNSNameStr;
-typedef struct NSSDNSNameStr NSSDNSName;
-
-struct NSSX400AddressStr;
-typedef struct NSSX400AddressStr NSSX400Address;
-
-struct NSSEdiPartyNameStr;
-typedef struct NSSEdiPartyNameStr NSSEdiPartyName;
-
-struct NSSURIStr;
-typedef struct NSSURIStr NSSURI;
-
-struct NSSIPAddressStr;
-typedef struct NSSIPAddressStr NSSIPAddress;
-
-struct NSSRegisteredIDStr;
-typedef struct NSSRegisteredIDStr NSSRegisteredID;
-
-/*
- * GeneralNameSeq
- *
- * This structure contains a sequence of GeneralName objects.
- * Note that the PKIX documents refer to this as "GeneralNames,"
- * which differs from "GeneralName" by only one letter. To
- * try to reduce confusion, we expand the name slightly to
- * "GeneralNameSeq."
- */
-
-struct NSSGeneralNameSeqStr;
-typedef struct NSSGeneralNameSeqStr NSSGeneralNameSeq;
-
-PR_END_EXTERN_C
-
-#endif /* NSSPKI1T_H */
diff --git a/security/nss/lib/pki1/oid.c b/security/nss/lib/pki1/oid.c
deleted file mode 100644
index 2631682d4..000000000
--- a/security/nss/lib/pki1/oid.c
+++ /dev/null
@@ -1,1615 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * oid.c
- *
- * This file contains the implementation of the basic OID routines.
- */
-
-#ifndef BASE_H
-#include "base.h"
-#endif /* BASE_H */
-
-#ifndef PKI1_H
-#include "pki1.h"
-#endif /* PKI1_H */
-
-#include "plhash.h"
-#include "plstr.h"
-
-/*
- * NSSOID
- *
- * The public "methods" regarding this "object" are:
- *
- * NSSOID_CreateFromBER -- constructor
- * NSSOID_CreateFromUTF8 -- constructor
- * (there is no explicit destructor)
- *
- * NSSOID_GetDEREncoding
- * NSSOID_GetUTF8Encoding
-
- * The non-public "methods" regarding this "object" are:
- *
- * nssOID_CreateFromBER -- constructor
- * nssOID_CreateFromUTF8 -- constructor
- * (there is no explicit destructor)
- *
- * nssOID_GetDEREncoding
- * nssOID_GetUTF8Encoding
- *
- * In debug builds, the following non-public calls are also available:
- *
- * nssOID_verifyPointer
- * nssOID_getExplanation
- * nssOID_getTaggedUTF8
- */
-
-const NSSOID *NSS_OID_UNKNOWN = (NSSOID *)NULL;
-
-/*
- * First, the public "wrappers"
- */
-
-/*
- * NSSOID_CreateFromBER
- *
- * This routine creates an NSSOID by decoding a BER- or DER-encoded
- * OID. It may return NULL upon error, in which case it
- * will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * An NSSOID upon success
- */
-
-NSS_EXTERN NSSOID *
-NSSOID_CreateFromBER
-(
- NSSBER *berOid
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- /*
- * NSSBERs can be created by the user,
- * so no pointer-tracking can be checked.
- */
-
- if( (NSSBER *)NULL == berOid ) {
- nss_SetError(NSS_ERROR_INVALID_BER);
- return (NSSOID *)NULL;
- }
-
- if( (void *)NULL == berOid->data ) {
- nss_SetError(NSS_ERROR_INVALID_BER);
- return (NSSOID *)NULL;
- }
-#endif /* DEBUG */
-
- return nssOID_CreateFromBER(berOid);
-}
-
-/*
- * NSSOID_CreateFromUTF8
- *
- * This routine creates an NSSOID by decoding a UTF8 string
- * representation of an OID in dotted-number format. The string may
- * optionally begin with an octothorpe. It may return NULL
- * upon error, in which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_UTF8
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * An NSSOID upon success
- */
-
-NSS_EXTERN NSSOID *
-NSSOID_CreateFromUTF8
-(
- NSSUTF8 *stringOid
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- /*
- * NSSUTF8s can be created by the user,
- * so no pointer-tracking can be checked.
- */
-
- if( (NSSUTF8 *)NULL == stringOid ) {
- nss_SetError(NSS_ERROR_INVALID_UTF8);
- return (NSSOID *)NULL;
- }
-#endif /* DEBUG */
-
- return nssOID_CreateFromUTF8(stringOid);
-}
-
-/*
- * NSSOID_GetDEREncoding
- *
- * This routine returns the DER encoding of the specified NSSOID.
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return return null upon error, in
- * which case it will have created an error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSOID
- */
-
-NSS_EXTERN NSSDER *
-NSSOID_GetDEREncoding
-(
- const NSSOID *oid,
- NSSDER *rvOpt,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssOID_verifyPointer(oid) ) {
- return (NSSDER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSDER *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssOID_GetDEREncoding(oid, rvOpt, arenaOpt);
-}
-
-/*
- * NSSOID_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing the dotted-number
- * encoding of the specified NSSOID. If the optional arena argument
- * is non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return null upon error, in which case it will have created an
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string containing the dotted-digit encoding of
- * this NSSOID
- */
-
-NSS_EXTERN NSSUTF8 *
-NSSOID_GetUTF8Encoding
-(
- const NSSOID *oid,
- NSSArena *arenaOpt
-)
-{
- nss_ClearErrorStack();
-
-#ifdef DEBUG
- if( PR_SUCCESS != nssOID_verifyPointer(oid) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return nssOID_GetUTF8Encoding(oid, arenaOpt);
-}
-
-/*
- * Next, some internal bookkeeping; including the OID "tag" table
- * and the debug-version pointer tracker.
- */
-
-/*
- * For implementation reasons (so NSSOIDs can be compared with ==),
- * we hash all NSSOIDs. This is the hash table.
- */
-
-static PLHashTable *oid_hash_table;
-
-/*
- * And this is its lock.
- */
-
-static PZLock *oid_hash_lock;
-
-/*
- * This is the hash function. We simply XOR the encoded form with
- * itself in sizeof(PLHashNumber)-byte chunks. Improving this
- * routine is left as an excercise for the more mathematically
- * inclined student.
- */
-
-static PLHashNumber PR_CALLBACK
-oid_hash
-(
- const void *key
-)
-{
- const NSSItem *item = (const NSSItem *)key;
- PLHashNumber rv = 0;
-
- PRUint8 *data = (PRUint8 *)item->data;
- PRUint32 i;
- PRUint8 *rvc = (PRUint8 *)&rv;
-
- for( i = 0; i < item->size; i++ ) {
- rvc[ i % sizeof(rv) ] ^= *data;
- data++;
- }
-
- return rv;
-}
-
-/*
- * This is the key-compare function. It simply does a lexical
- * comparison on the encoded OID form. This does not result in
- * quite the same ordering as the "sequence of numbers" order,
- * but heck it's only used internally by the hash table anyway.
- */
-
-static PRIntn PR_CALLBACK
-oid_hash_compare
-(
- const void *k1,
- const void *k2
-)
-{
- PRIntn rv;
-
- const NSSItem *i1 = (const NSSItem *)k1;
- const NSSItem *i2 = (const NSSItem *)k2;
-
- PRUint32 size = (i1->size < i2->size) ? i1->size : i2->size;
-
- rv = (PRIntn)nsslibc_memcmp(i1->data, i2->data, size, (PRStatus *)NULL);
- if( 0 == rv ) {
- rv = i1->size - i2->size;
- }
-
- return !rv;
-}
-
-/*
- * The pointer-tracking code
- */
-
-#ifdef DEBUG
-extern const NSSError NSS_ERROR_INTERNAL_ERROR;
-
-static nssPointerTracker oid_pointer_tracker;
-
-static PRStatus
-oid_add_pointer
-(
- const NSSOID *oid
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_initialize(&oid_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return rv;
- }
-
- rv = nssPointerTracker_add(&oid_pointer_tracker, oid);
- if( PR_SUCCESS != rv ) {
- NSSError e = NSS_GetError();
- if( NSS_ERROR_NO_MEMORY != e ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
- }
-
- return PR_SUCCESS;
-}
-
-#if defined(CAN_DELETE_OIDS)
-/*
- * We actually don't define NSSOID deletion, since we keep OIDs
- * in a hash table for easy comparison. Were we to, this is
- * what the pointer-removal function would look like.
- */
-
-static PRStatus
-oid_remove_pointer
-(
- const NSSOID *oid
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_remove(&oid_pointer_tracker, oid);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
-}
-#endif /* CAN_DELETE_OIDS */
-
-#endif /* DEBUG */
-
-/*
- * All dynamically-added OIDs get their memory from one statically-
- * declared arena here, merely so that any cleanup code will have
- * an easier time of it.
- */
-
-static NSSArena *oid_arena;
-
-/*
- * This is the call-once function which initializes the hashtable.
- * It creates it, then prepopulates it with all of the builtin OIDs.
- * It also creates the aforementioned NSSArena.
- */
-
-static PRStatus PR_CALLBACK
-oid_once_func
-(
- void
-)
-{
- PRUint32 i;
-
- /* Initialize the arena */
- oid_arena = nssArena_Create();
- if( (NSSArena *)NULL == oid_arena ) {
- goto loser;
- }
-
- /* Create the hash table lock */
- oid_hash_lock = PZ_NewLock(nssILockOID);
- if( (PZLock *)NULL == oid_hash_lock ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* Create the hash table */
- oid_hash_table = PL_NewHashTable(0, oid_hash, oid_hash_compare,
- PL_CompareValues,
- (PLHashAllocOps *)0,
- (void *)0);
- if( (PLHashTable *)NULL == oid_hash_table ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- goto loser;
- }
-
- /* And populate it with all the builtins */
- for( i = 0; i < nss_builtin_oid_count; i++ ) {
- NSSOID *oid = (NSSOID *)&nss_builtin_oids[i];
- PLHashEntry *e = PL_HashTableAdd(oid_hash_table, &oid->data, oid);
- if( (PLHashEntry *)NULL == e ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- goto loser;
- }
-
-#ifdef DEBUG
- if( PR_SUCCESS != oid_add_pointer(oid) ) {
- goto loser;
- }
-#endif /* DEBUG */
- }
-
- return PR_SUCCESS;
-
- loser:
- if( (PLHashTable *)NULL != oid_hash_table ) {
- PL_HashTableDestroy(oid_hash_table);
- oid_hash_table = (PLHashTable *)NULL;
- }
-
- if( (PZLock *)NULL != oid_hash_lock ) {
- PZ_DestroyLock(oid_hash_lock);
- oid_hash_lock = (PZLock *)NULL;
- }
-
- if( (NSSArena *)NULL != oid_arena ) {
- (void)nssArena_Destroy(oid_arena);
- oid_arena = (NSSArena *)NULL;
- }
-
- return PR_FAILURE;
-}
-
-/*
- * This is NSPR's once-block.
- */
-
-static PRCallOnceType oid_call_once;
-
-/*
- * And this is our multiply-callable internal init routine, which
- * will call-once our call-once function.
- */
-
-static PRStatus
-oid_init
-(
- void
-)
-{
- return PR_CallOnce(&oid_call_once, oid_once_func);
-}
-
-#ifdef DEBUG
-
-/*
- * nssOID_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSOID object,
- * this routine will return PR_SUCCESS. Otherwise, it will put an
- * error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-NSS_EXTERN PRStatus
-nssOID_verifyPointer
-(
- const NSSOID *oid
-)
-{
- PRStatus rv;
-
- rv = oid_init();
- if( PR_SUCCESS != rv ) {
- return PR_FAILURE;
- }
-
- rv = nssPointerTracker_initialize(&oid_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return PR_FAILURE;
- }
-
- rv = nssPointerTracker_verify(&oid_pointer_tracker, oid);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_NSSOID);
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-#endif /* DEBUG */
-
-/*
- * oid_sanity_check_ber
- *
- * This routine merely applies some sanity-checking to the BER-encoded
- * OID.
- */
-
-static PRStatus
-oid_sanity_check_ber
-(
- NSSBER *berOid
-)
-{
- PRUint32 i;
- PRUint8 *data = (PRUint8 *)berOid->data;
-
- /*
- * The size must be longer than zero bytes.
- */
-
- if( berOid->size <= 0 ) {
- return PR_FAILURE;
- }
-
- /*
- * In general, we can't preclude any number from showing up
- * someday. We could probably guess that top-level numbers
- * won't get very big (beyond the current ccitt(0), iso(1),
- * or joint-ccitt-iso(2)). However, keep in mind that the
- * encoding rules wrap the first two numbers together, as
- *
- * (first * 40) + second
- *
- * Also, it is noted in the specs that this implies that the
- * second number won't go above forty.
- *
- * 128 encodes 3.8, which seems pretty safe for now. Let's
- * check that the first byte is less than that.
- *
- * XXX This is a "soft check" -- we may want to exclude it.
- */
-
- if( data[0] >= 0x80 ) {
- return PR_FAILURE;
- }
-
- /*
- * In a normalised format, leading 0x80s will never show up.
- * This means that no 0x80 will be preceeded by the final
- * byte of a sequence, which would naturaly be less than 0x80.
- * Our internal encoding for the single-digit OIDs uses 0x80,
- * but the only places we use them (loading the builtin table,
- * and adding a UTF8-encoded OID) bypass this check.
- */
-
- for( i = 1; i < berOid->size; i++ ) {
- if( (0x80 == data[i]) && (data[i-1] < 0x80) ) {
- return PR_FAILURE;
- }
- }
-
- /*
- * The high bit of each octet indicates that following octets
- * are included in the current number. Thus the last byte can't
- * have the high bit set.
- */
-
- if( data[ berOid->size-1 ] >= 0x80 ) {
- return PR_FAILURE;
- }
-
- /*
- * Other than that, any byte sequence is legit.
- */
- return PR_SUCCESS;
-}
-
-/*
- * nssOID_CreateFromBER
- *
- * This routine creates an NSSOID by decoding a BER- or DER-encoded
- * OID. It may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * An NSSOID upon success
- */
-
-NSS_EXTERN NSSOID *
-nssOID_CreateFromBER
-(
- NSSBER *berOid
-)
-{
- NSSOID *rv;
- PLHashEntry *e;
-
- if( PR_SUCCESS != oid_init() ) {
- return (NSSOID *)NULL;
- }
-
- if( PR_SUCCESS != oid_sanity_check_ber(berOid) ) {
- nss_SetError(NSS_ERROR_INVALID_BER);
- return (NSSOID *)NULL;
- }
-
- /*
- * Does it exist?
- */
- PZ_Lock(oid_hash_lock);
- rv = (NSSOID *)PL_HashTableLookup(oid_hash_table, berOid);
- (void)PZ_Unlock(oid_hash_lock);
- if( (NSSOID *)NULL != rv ) {
- /* Found it! */
- return rv;
- }
-
- /*
- * Doesn't exist-- create it.
- */
- rv = nss_ZNEW(oid_arena, NSSOID);
- if( (NSSOID *)NULL == rv ) {
- return (NSSOID *)NULL;
- }
-
- rv->data.data = nss_ZAlloc(oid_arena, berOid->size);
- if( (void *)NULL == rv->data.data ) {
- return (NSSOID *)NULL;
- }
-
- rv->data.size = berOid->size;
- nsslibc_memcpy(rv->data.data, berOid->data, berOid->size);
-
-#ifdef DEBUG
- rv->tag = "<runtime>";
- rv->expl = "(OID registered at runtime)";
-#endif /* DEBUG */
-
- PZ_Lock(oid_hash_lock);
- e = PL_HashTableAdd(oid_hash_table, &rv->data, rv);
- (void)PZ_Unlock(oid_hash_lock);
- if( (PLHashEntry *)NULL == e ) {
- nss_ZFreeIf(rv->data.data);
- nss_ZFreeIf(rv);
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSOID *)NULL;
- }
-
-#ifdef DEBUG
- {
- PRStatus st;
- st = oid_add_pointer(rv);
- if( PR_SUCCESS != st ) {
- PZ_Lock(oid_hash_lock);
- (void)PL_HashTableRemove(oid_hash_table, &rv->data);
- (void)PZ_Unlock(oid_hash_lock);
- (void)nss_ZFreeIf(rv->data.data);
- (void)nss_ZFreeIf(rv);
- return (NSSOID *)NULL;
- }
- }
-#endif /* DEBUG */
-
- return rv;
-}
-
-/*
- * oid_sanity_check_utf8
- *
- * This routine merely applies some sanity-checking to the
- * UTF8-encoded OID.
- */
-
-static PRStatus
-oid_sanity_check_utf8
-(
- NSSUTF8 *s
-)
-{
- /*
- * It may begin with an octothorpe, which we skip.
- */
-
- if( '#' == *s ) {
- s++;
- }
-
- /*
- * It begins with a number
- */
-
- if( (*s < '0') || (*s > '9') ) {
- return PR_FAILURE;
- }
-
- /*
- * First number is only one digit long
- *
- * XXX This is a "soft check" -- we may want to exclude it
- */
-
- if( (s[1] != '.') && (s[1] != '\0') ) {
- return PR_FAILURE;
- }
-
- /*
- * Every character is either a digit or a period
- */
-
- for( ; '\0' != *s; s++ ) {
- if( ('.' != *s) && ((*s < '0') || (*s > '9')) ) {
- return PR_FAILURE;
- }
-
- /* No two consecutive periods */
- if( ('.' == *s) && ('.' == s[1]) ) {
- return PR_FAILURE;
- }
- }
-
- /*
- * The last character isn't a period
- */
-
- if( '.' == *--s ) {
- return PR_FAILURE;
- }
-
- return PR_SUCCESS;
-}
-
-static PRUint32
-oid_encode_number
-(
- PRUint32 n,
- PRUint8 *dp,
- PRUint32 nb
-)
-{
- PRUint32 a[5];
- PRUint32 i;
- PRUint32 rv;
-
- a[0] = (n >> 28) & 0x7f;
- a[1] = (n >> 21) & 0x7f;
- a[2] = (n >> 14) & 0x7f;
- a[3] = (n >> 7) & 0x7f;
- a[4] = n & 0x7f;
-
- for( i = 0; i < 5; i++ ) {
- if( 0 != a[i] ) {
- break;
- }
- }
-
- if( 5 == i ) {
- i--;
- }
-
- rv = 5-i;
- if( rv > nb ) {
- return rv;
- }
-
- for( ; i < 4; i++ ) {
- *dp = 0x80 | a[i];
- dp++;
- }
-
- *dp = a[4];
-
- return rv;
-}
-
-/*
- * oid_encode_huge
- *
- * This routine will convert a huge decimal number into the DER
- * encoding for oid numbers. It is not limited to numbers that will
- * fit into some wordsize, like oid_encode_number. But it's not
- * necessarily very fast, either. This is here in case some joker
- * throws us an ASCII oid like 1.2.3.99999999999999999999999999.
- */
-
-static PRUint32
-oid_encode_huge
-(
- NSSUTF8 *s,
- NSSUTF8 *e,
- PRUint8 *dp,
- PRUint32 nb
-)
-{
- PRUint32 slen = (e-s);
- PRUint32 blen = (slen+1)/2;
- PRUint8 *st = (PRUint8 *)NULL;
- PRUint8 *bd = (PRUint8 *)NULL;
- PRUint32 i;
- PRUint32 bitno;
- PRUint8 *last;
- PRUint8 *first;
- PRUint32 byteno;
- PRUint8 mask;
-
- /* We'll be munging the data, so duplicate it */
- st = (PRUint8 *)nss_ZAlloc((NSSArena *)NULL, slen);
- if( (PRUint8 *)NULL == st ) {
- return 0;
- }
-
- /* Don't know ahead of time exactly how long we'll need */
- bd = (PRUint8 *)nss_ZAlloc((NSSArena *)NULL, blen);
- if( (PRUint8 *)NULL == bd ) {
- (void)nss_ZFreeIf(st);
- return 0;
- }
-
- /* Copy the original, and convert ASCII to numbers */
- for( i = 0; i < slen; i++ ) {
- st[i] = (PRUint8)(s[i] - '0');
- }
-
- last = &st[slen-1];
- first = &st[0];
-
- /*
- * The way we create the binary version is by looking at it
- * bit by bit. Start with the least significant bit. If the
- * number is odd, set that bit. Halve the number (with integer
- * division), and go to the next least significant bit. Keep
- * going until the number goes to zero.
- */
- for( bitno = 0; ; bitno++ ) {
- PRUint8 *d;
-
- byteno = bitno/7;
- mask = (PRUint8)(1 << (bitno%7));
-
- /* Skip leading zeroes */
- for( ; first < last; first ++ ) {
- if( 0 != *first ) {
- break;
- }
- }
-
- /* Down to one number and it's a zero? Done. */
- if( (first == last) && (0 == *last) ) {
- break;
- }
-
- /* Last digit is odd? Set the bit */
- if( *last & 1 ) {
- bd[ byteno ] |= mask;
- }
-
-
- /*
- * Divide the number in half. This is just a matter
- * of going from the least significant digit upwards,
- * halving each one. If any digit is odd (other than
- * the last, which has already been handled), add five
- * to the digit to its right.
- */
- *last /= 2;
-
- for( d = &last[-1]; d >= first; d-- ) {
- if( *d & 1 ) {
- d[1] += 5;
- }
-
- *d /= 2;
- }
- }
-
- /* Is there room to write the encoded data? */
- if( (byteno+1) > nb ) {
- return (byteno+1);
- }
-
- /* Trim any leading zero that crept in there */
- for( ; byteno > 0; byteno-- ) {
- if( 0 != bd[ byteno ] ) {
- break;
- }
- }
-
- /* Copy all but the last, marking the "continue" bit */
- for( i = 0; i < byteno; i++ ) {
- dp[i] = bd[ byteno-i ] | 0x80;
- }
- /* And the last with the "continue" bit clear */
- dp[byteno] = bd[0];
-
- (void)nss_ZFreeIf(bd);
- (void)nss_ZFreeIf(st);
- return (byteno+1);
-}
-
-/*
- * oid_encode_string
- *
- * This routine converts a dotted-number OID into a DER-encoded
- * one. It assumes we've already sanity-checked the string.
- */
-
-extern const NSSError NSS_ERROR_INTERNAL_ERROR;
-
-static NSSOID *
-oid_encode_string
-(
- NSSUTF8 *s
-)
-{
- PRUint32 nn = 0; /* number of numbers */
- PRUint32 nb = 0; /* number of bytes (estimated) */
- NSSUTF8 *t;
- PRUint32 nd = 0; /* number of digits */
- NSSOID *rv;
- PRUint8 *dp;
- PRUint32 a, b;
- PRUint32 inc;
-
- /* Dump any octothorpe */
- if( '#' == *s ) {
- s++;
- }
-
- /* Count up the bytes needed */
- for( t = s; '\0' != *t; t++ ) {
- if( '.' == *t ) {
- nb += (nd+1)/2; /* errs on the big side */
- nd = 0;
- nn++;
- } else {
- nd++;
- }
- }
- nb += (nd+1)/2;
- nn++;
-
- if( 1 == nn ) {
- /*
- * We have our own "denormalised" encoding for these,
- * which is only used internally.
- */
- nb++;
- }
-
- /*
- * Allocate. Note that we don't use the oid_arena here.. this is
- * because there really isn't a "free()" for stuff allocated out of
- * arenas (at least with the current implementation), so this would
- * keep using up memory each time a UTF8-encoded OID were added.
- * If need be (if this is the first time this oid has been seen),
- * we'll copy it.
- */
- rv = nss_ZNEW((NSSArena *)NULL, NSSOID);
- if( (NSSOID *)NULL == rv ) {
- return (NSSOID *)NULL;
- }
-
- rv->data.data = nss_ZAlloc((NSSArena *)NULL, nb);
- if( (void *)NULL == rv->data.data ) {
- (void)nss_ZFreeIf(rv);
- return (NSSOID *)NULL;
- }
-
- dp = (PRUint8 *)rv->data.data;
-
- a = atoi(s);
-
- if( 1 == nn ) {
- dp[0] = '\x80';
- inc = oid_encode_number(a, &dp[1], nb-1);
- if( inc >= nb ) {
- goto loser;
- }
- } else {
- for( t = s; '.' != *t; t++ ) {
- ;
- }
-
- t++;
- b = atoi(t);
- inc = oid_encode_number(a*40+b, dp, nb);
- if( inc > nb ) {
- goto loser;
- }
- dp += inc;
- nb -= inc;
- nn -= 2;
-
- while( nn-- > 0 ) {
- NSSUTF8 *u;
-
- for( ; '.' != *t; t++ ) {
- ;
- }
-
- t++;
-
- for( u = t; ('\0' != *u) && ('.' != *u); u++ ) {
- ;
- }
-
- if( (u-t > 9) ) {
- /* In the billions. Rats. */
- inc = oid_encode_huge(t, u, dp, nb);
- } else {
- b = atoi(t);
- inc = oid_encode_number(b, dp, nb);
- }
-
- if( inc > nb ) {
- goto loser;
- }
- dp += inc;
- nb -= inc;
- }
- }
-
- return rv;
-
- loser:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- return (NSSOID *)NULL;
-}
-
-/*
- * nssOID_CreateFromUTF8
- *
- * This routine creates an NSSOID by decoding a UTF8 string
- * representation of an OID in dotted-number format. The string may
- * optionally begin with an octothorpe. It may return NULL
- * upon error, in which case it will have set an error on the error
- * stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_STRING
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * An NSSOID upon success
- */
-
-NSS_EXTERN NSSOID *
-nssOID_CreateFromUTF8
-(
- NSSUTF8 *stringOid
-)
-{
- NSSOID *rv = (NSSOID *)NULL;
- NSSOID *candidate = (NSSOID *)NULL;
- PLHashEntry *e;
-
- if( PR_SUCCESS != oid_init() ) {
- return (NSSOID *)NULL;
- }
-
- if( PR_SUCCESS != oid_sanity_check_utf8(stringOid) ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- return (NSSOID *)NULL;
- }
-
- candidate = oid_encode_string(stringOid);
- if( (NSSOID *)NULL == candidate ) {
- /* Internal error only */
- return rv;
- }
-
- /*
- * Does it exist?
- */
- PZ_Lock(oid_hash_lock);
- rv = (NSSOID *)PL_HashTableLookup(oid_hash_table, &candidate->data);
- (void)PZ_Unlock(oid_hash_lock);
- if( (NSSOID *)NULL != rv ) {
- /* Already exists. Delete my copy and return the original. */
- (void)nss_ZFreeIf(candidate->data.data);
- (void)nss_ZFreeIf(candidate);
- return rv;
- }
-
- /*
- * Nope. Add it. Remember to allocate it out of the oid arena.
- */
-
- rv = nss_ZNEW(oid_arena, NSSOID);
- if( (NSSOID *)NULL == rv ) {
- goto loser;
- }
-
- rv->data.data = nss_ZAlloc(oid_arena, candidate->data.size);
- if( (void *)NULL == rv->data.data ) {
- goto loser;
- }
-
- rv->data.size = candidate->data.size;
- nsslibc_memcpy(rv->data.data, candidate->data.data, rv->data.size);
-
- (void)nss_ZFreeIf(candidate->data.data);
- (void)nss_ZFreeIf(candidate);
-
-#ifdef DEBUG
- rv->tag = "<runtime>";
- rv->expl = "(OID registered at runtime)";
-#endif /* DEBUG */
-
- PZ_Lock(oid_hash_lock);
- e = PL_HashTableAdd(oid_hash_table, &rv->data, rv);
- (void)PZ_Unlock(oid_hash_lock);
- if( (PLHashEntry *)NULL == e ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- goto loser;
- }
-
-#ifdef DEBUG
- {
- PRStatus st;
- st = oid_add_pointer(rv);
- if( PR_SUCCESS != st ) {
- PZ_Lock(oid_hash_lock);
- (void)PL_HashTableRemove(oid_hash_table, &rv->data);
- (void)PZ_Unlock(oid_hash_lock);
- goto loser;
- }
- }
-#endif /* DEBUG */
-
- return rv;
-
- loser:
- if( (NSSOID *)NULL != candidate ) {
- (void)nss_ZFreeIf(candidate->data.data);
- }
- (void)nss_ZFreeIf(candidate);
-
- if( (NSSOID *)NULL != rv ) {
- (void)nss_ZFreeIf(rv->data.data);
- }
- (void)nss_ZFreeIf(rv);
-
- return (NSSOID *)NULL;
-}
-
-/*
- * nssOID_GetDEREncoding
- *
- * This routine returns the DER encoding of the specified NSSOID.
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return return null upon error, in
- * which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSOID
- */
-
-NSS_EXTERN NSSDER *
-nssOID_GetDEREncoding
-(
- const NSSOID *oid,
- NSSDER *rvOpt,
- NSSArena *arenaOpt
-)
-{
- const NSSItem *it;
- NSSDER *rv;
-
- if( PR_SUCCESS != oid_init() ) {
- return (NSSDER *)NULL;
- }
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssOID_verifyPointer(oid) ) {
- return (NSSDER *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSDER *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- it = &oid->data;
-
- if( (NSSDER *)NULL == rvOpt ) {
- rv = nss_ZNEW(arenaOpt, NSSDER);
- if( (NSSDER *)NULL == rv ) {
- return (NSSDER *)NULL;
- }
- } else {
- rv = rvOpt;
- }
-
- rv->data = nss_ZAlloc(arenaOpt, it->size);
- if( (void *)NULL == rv->data ) {
- if( rv != rvOpt ) {
- (void)nss_ZFreeIf(rv);
- }
- return (NSSDER *)NULL;
- }
-
- rv->size = it->size;
- nsslibc_memcpy(rv->data, it->data, it->size);
-
- return rv;
-}
-
-/*
- * nssOID_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing the dotted-number
- * encoding of the specified NSSOID. If the optional arena argument
- * is non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return null upon error, in which case it will have set an error
- * on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_OID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string containing the dotted-digit encoding of
- * this NSSOID
- */
-
-NSS_EXTERN NSSUTF8 *
-nssOID_GetUTF8Encoding
-(
- const NSSOID *oid,
- NSSArena *arenaOpt
-)
-{
- NSSUTF8 *rv;
- PRUint8 *end;
- PRUint8 *d;
- PRUint8 *e;
- char *a;
- char *b;
- PRUint32 len;
-
- if( PR_SUCCESS != oid_init() ) {
- return (NSSUTF8 *)NULL;
- }
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssOID_verifyPointer(oid) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- a = (char *)NULL;
-
- /* d will point to the next sequence of bytes to decode */
- d = (PRUint8 *)oid->data.data;
- /* end points to one past the legitimate data */
- end = &d[ oid->data.size ];
-
-#ifdef NSSDEBUG
- /*
- * Guarantee that the for(e=d;e<end;e++) loop below will
- * terminate. Our BER sanity-checking code above will prevent
- * such a BER from being registered, so the only other way one
- * might show up is if our dotted-decimal encoder above screws
- * up or our generated list is wrong. So I'll wrap it with
- * #ifdef NSSDEBUG and #endif.
- */
- if( end[-1] & 0x80 ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- return (NSSUTF8 *)NULL;
- }
-#endif /* NSSDEBUG */
-
- /*
- * Check for our pseudo-encoded single-digit OIDs
- */
- if( (*d == 0x80) && (2 == oid->data.size) ) {
- /* Funky encoding. The second byte is the number */
- a = PR_smprintf("%lu", (PRUint32)d[1]);
- if( (char *)NULL == a ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSUTF8 *)NULL;
- }
- goto done;
- }
-
- for( ; d < end; d = &e[1] ) {
-
- for( e = d; e < end; e++ ) {
- if( 0 == (*e & 0x80) ) {
- break;
- }
- }
-
- if( ((e-d) > 4) || (((e-d) == 4) && (*d & 0x70)) ) {
- /* More than a 32-bit number */
- } else {
- PRUint32 n = 0;
-
- switch( e-d ) {
- case 4:
- n |= ((PRUint32)(e[-4] & 0x0f)) << 28;
- case 3:
- n |= ((PRUint32)(e[-3] & 0x7f)) << 21;
- case 2:
- n |= ((PRUint32)(e[-2] & 0x7f)) << 14;
- case 1:
- n |= ((PRUint32)(e[-1] & 0x7f)) << 7;
- case 0:
- n |= ((PRUint32)(e[-0] & 0x7f)) ;
- }
-
- if( (char *)NULL == a ) {
- /* This is the first number.. decompose it */
- PRUint32 one = (n/40), two = (n%40);
-
- a = PR_smprintf("%lu.%lu", one, two);
- if( (char *)NULL == a ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSUTF8 *)NULL;
- }
- } else {
- b = PR_smprintf("%s.%lu", a, n);
- if( (char *)NULL == b ) {
- PR_smprintf_free(a);
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSUTF8 *)NULL;
- }
-
- PR_smprintf_free(a);
- a = b;
- }
- }
- }
-
- done:
- /*
- * Even if arenaOpt is NULL, we have to copy the data so that
- * it'll be freed with the right version of free: ours, not
- * PR_smprintf_free's.
- */
- len = PL_strlen(a);
- rv = (NSSUTF8 *)nss_ZAlloc(arenaOpt, len);
- if( (NSSUTF8 *)NULL == rv ) {
- PR_smprintf_free(a);
- return (NSSUTF8 *)NULL;
- }
-
- nsslibc_memcpy(rv, a, len);
- PR_smprintf_free(a);
-
- return rv;
-}
-
-/*
- * nssOID_getExplanation
- *
- * This method is only present in debug builds.
- *
- * This routine will return a static pointer to a UTF8-encoded string
- * describing (in English) the specified OID. The memory pointed to
- * by the return value is not owned by the caller, and should not be
- * freed or modified. Note that explanations are only provided for
- * the OIDs built into the NSS library; there is no way to specify an
- * explanation for dynamically created OIDs. This routine is intended
- * only for use in debugging tools such as "derdump." This routine
- * may return null upon error, in which case it will have placed an
- * error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSOID
- *
- * Return value:
- * NULL upon error
- * A static pointer to a readonly, non-caller-owned UTF8-encoded
- * string explaining the specified OID.
- */
-
-#ifdef DEBUG
-NSS_EXTERN const NSSUTF8 *
-nssOID_getExplanation
-(
- NSSOID *oid
-)
-{
- if( PR_SUCCESS != oid_init() ) {
- return (const NSSUTF8 *)NULL;
- }
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssOID_verifyPointer(oid) ) {
- return (NSSUTF8 *)NULL;
- }
-#endif /* NSSDEBUG */
-
- return oid->expl;
-}
-
-extern const NSSError NSS_ERROR_INVALID_NSSOID;
-#endif /* DEBUG */
-
-/*
- * nssOID_getTaggedUTF8
- *
- * This method is only present in debug builds.
- *
- * This routine will return a pointer to a caller-owned UTF8-encoded
- * string containing a tagged encoding of the specified OID. Note
- * that OID (component) tags are only provided for the OIDs built
- * into the NSS library; there is no way to specify tags for
- * dynamically created OIDs. This routine is intended for use in
- * debugging tools such as "derdump." If the optional arena argument
- * is non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return return null upon error, in which case it will have set
- * an error on the error stack.
- *
- * The error may be one of the following values
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string containing the tagged encoding of
- * this NSSOID
- */
-
-#ifdef DEBUG
-NSS_EXTERN NSSUTF8 *
-nssOID_getTaggedUTF8
-(
- NSSOID *oid,
- NSSArena *arenaOpt
-)
-{
- NSSUTF8 *rv;
- char *raw;
- char *c;
- char *a = (char *)NULL;
- char *b;
- PRBool done = PR_FALSE;
- PRUint32 len;
-
- if( PR_SUCCESS != oid_init() ) {
- return (NSSUTF8 *)NULL;
- }
-
-#ifdef NSSDEBUG
- if( PR_SUCCESS != nssOID_verifyPointer(oid) ) {
- return (NSSUTF8 *)NULL;
- }
-
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
- }
- }
-#endif /* NSSDEBUG */
-
- a = PR_smprintf("{");
- if( (char *)NULL == a ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSUTF8 *)NULL;
- }
-
- /*
- * What I'm doing here is getting the text version of the OID,
- * e.g. 1.2.12.92, then looking up each set of leading numbers
- * as oids.. e.g. "1," then "1.2," then "1.2.12," etc. Each of
- * those will have the leaf tag, and I just build up the string.
- * I never said this was the most efficient way of doing it,
- * but hey it's a debug-build thing, and I'm getting really tired
- * of writing this stupid low-level PKI code.
- */
-
- /* I know it's all ASCII, so I can use char */
- raw = (char *)nssOID_GetUTF8Encoding(oid, (NSSArena *)NULL);
- if( (char *)NULL == raw ) {
- return (NSSUTF8 *)NULL;
- }
-
- for( c = raw; !done; c++ ) {
- NSSOID *lead;
- char *lastdot;
-
- for( ; '.' != *c; c++ ) {
- if( '\0' == *c ) {
- done = PR_TRUE;
- break;
- }
- }
-
- *c = '\0';
- lead = nssOID_CreateFromUTF8((NSSUTF8 *)raw);
- if( (NSSOID *)NULL == lead ) {
- PR_smprintf_free(a);
- nss_ZFreeIf(raw);
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSUTF8 *)NULL;
- }
-
- lastdot = PL_strrchr(raw, '.');
- if( (char *)NULL == lastdot ) {
- lastdot = raw;
- }
-
- b = PR_smprintf("%s %s(%s) ", a, lead->tag, &lastdot[1]);
- if( (char *)NULL == b ) {
- PR_smprintf_free(a);
- nss_ZFreeIf(raw);
- /* drop the OID reference on the floor */
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSUTF8 *)NULL;
- }
-
- PR_smprintf_free(a);
- a = b;
-
- if( !done ) {
- *c = '.';
- }
- }
-
- nss_ZFreeIf(raw);
-
- b = PR_smprintf("%s }", a);
- if( (char *)NULL == b ) {
- PR_smprintf_free(a);
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSUTF8 *)NULL;
- }
-
- len = PL_strlen(b);
-
- rv = (NSSUTF8 *)nss_ZAlloc(arenaOpt, len+1);
- if( (NSSUTF8 *)NULL == rv ) {
- PR_smprintf_free(b);
- return (NSSUTF8 *)NULL;
- }
-
- nsslibc_memcpy(rv, b, len);
- PR_smprintf_free(b);
-
- return rv;
-}
-
-extern const NSSError NSS_ERROR_INVALID_NSSOID;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-#endif /* DEBUG */
diff --git a/security/nss/lib/pki1/oidgen.perl b/security/nss/lib/pki1/oidgen.perl
deleted file mode 100755
index 959e3cbaf..000000000
--- a/security/nss/lib/pki1/oidgen.perl
+++ /dev/null
@@ -1,311 +0,0 @@
-#!perl
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-$cvs_id = '@(#) $RCSfile$ $Revision$ $Date$ $Name$';
-
-$count = -1;
-while(<>) {
- s/^((?:[^"#]+|"[^"]*")*)(\s*#.*$)/$1/;
- next if (/^\s*$/);
-
- /^([\S]+)\s+([^"][\S]*|"[^"]*")/;
- $name = $1;
- $value = $2;
- # This is certainly not the best way to dequote the data.
- $value =~ s/"//g;
-
- if( $name =~ "OID" ) {
- $count++;
- $x[$count]{$name} = $value;
- $enc = encodeoid($value);
- $x[$count]{" encoding"} = escapeoid($enc);
- $x[$count]{" encoding length"} = length($enc);
- } else {
- if( $count < 0 ) {
- $g{$name} = $value;
- } else {
- $x[$count]{$name} = $value;
- }
- }
-}
-
-# dodump();
-doprint();
-
-sub dodump {
-for( $i = 0; $i <= $count; $i++ ) {
- print "number $i:\n";
- %y = %{$x[$i]};
- while(($n,$v) = each(%y)) {
- print "\t$n ==> $v\n";
- }
-}
-}
-
-sub doprint {
-open(CFILE, ">oiddata.c") || die "Can't open oiddata.c: $!";
-open(HFILE, ">oiddata.h") || die "Can't open oiddata.h: $!";
-
-print CFILE <<EOD
-/* THIS IS A GENERATED FILE */
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-#ifdef DEBUG
-static const char CVS_ID[] = "$g{CVS_ID} ; $cvs_id";
-#endif /* DEBUG */
-
-#ifndef PKI1T_H
-#include "pki1t.h"
-#endif /* PKI1T_H */
-
-const NSSOID nss_builtin_oids[] = {
-EOD
- ;
-
-for( $i = 0; $i <= $count; $i++ ) {
- %y = %{$x[$i]};
- print CFILE " {\n";
- print CFILE "#ifdef DEBUG\n";
- print CFILE " \"$y{TAG}\",\n";
- print CFILE " \"$y{EXPL}\",\n";
- print CFILE "#endif /* DEBUG */\n";
- print CFILE " { \"", $y{" encoding"};
- print CFILE "\", ", $y{" encoding length"}, " }\n";
-
- if( $i == $count ) {
- print CFILE " }\n";
- } else {
- print CFILE " },\n";
- }
-}
-
-print CFILE "};\n\n";
-
-print CFILE "const PRUint32 nss_builtin_oid_count = ", ($count+1), ";\n\n";
-
-for( $i = 0; $i <= $count; $i++ ) {
- %y = %{$x[$i]};
- if( defined($y{NAME}) ) {
- print CFILE "const NSSOID *$y{NAME} = (NSSOID *)&nss_builtin_oids[$i];\n";
- }
-}
-
-print CFILE "\n";
-
-$attrcount = -1;
-for( $i = 0; $i <= $count; $i++ ) {
- %y = %{$x[$i]};
- if( defined($y{ATTR}) ) {
- if( defined($y{NAME}) ) {
- $attrcount++;
- $attr[$attrcount]{ATTR} = $y{ATTR};
- $attr[$attrcount]{NAME} = $y{NAME};
- } else {
- warn "Attribute $y{ATTR} has no name, and will be omitted!";
- }
- }
-}
-
-print CFILE "const nssAttributeTypeAliasTable nss_attribute_type_aliases[] = {\n";
-
-for( $i = 0; $i <= $attrcount; $i++ ) {
- %y = %{$attr[$i]};
- print CFILE " {\n";
- print CFILE " \"$y{ATTR}\",\n";
- print CFILE " &$y{NAME}\n";
-
- if( $i == $attrcount ) {
- print CFILE " }\n";
- } else {
- print CFILE " },\n";
- }
-}
-
-print CFILE "};\n\n";
-
-print CFILE "const PRUint32 nss_attribute_type_alias_count = ", ($attrcount+1), ";\n\n";
-
-print HFILE <<EOD
-/* THIS IS A GENERATED FILE */
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef OIDDATA_H
-#define OIDDATA_H
-
-#ifdef DEBUG
-static const char OIDDATA_CVS_ID[] = "$g{CVS_ID} ; $cvs_id";
-#endif /* DEBUG */
-
-#ifndef NSSPKI1T_H
-#include "nsspki1t.h"
-#endif /* NSSPKI1T_H */
-
-extern const NSSOID nss_builtin_oids[];
-extern const PRUint32 nss_builtin_oid_count;
-
-/*extern const nssAttributeTypeAliasTable nss_attribute_type_aliases[];*/
-/*extern const PRUint32 nss_attribute_type_alias_count;*/
-
-EOD
- ;
-
-for( $i = 0; $i <= $count; $i++ ) {
- %y = %{$x[$i]};
- if( defined($y{NAME}) ) {
- print HFILE "extern const NSSOID *$y{NAME};\n";
- }
-}
-
-print HFILE <<EOD
-
-#endif /* OIDDATA_H */
-EOD
- ;
-
-close CFILE;
-close HFILE;
-}
-
-sub encodenum {
- my $v = $_[0];
- my @d;
- my $i;
- my $rv = "";
-
- while( $v > 128 ) {
- push @d, ($v % 128);
- $v /= 128;
- };
- push @d, ($v%128);
-
- for( $i = @d-1; $i > 0; $i-- ) {
- $rv = $rv . chr(128 + $d[$i]);
- }
-
- $rv = $rv . chr($d[0]);
-
- return $rv;
-}
-
-sub encodeoid {
- my @o = split(/\./, $_[0]);
- my $rv = "";
- my $i;
-
- if( @o < 2 ) {
- # NSS's special "illegal" encoding
- return chr(128) . encodenum($o[0]);
- }
-
- $rv = encodenum($o[0] * 40 + $o[1]);
- shift @o; shift @o;
-
- foreach $i (@o) {
- $rv = $rv . encodenum($i);
- }
-
- return $rv;
-}
-
-sub escapeoid {
- my @v = unpack("C*", $_[0]);
- my $a;
- my $rv = "";
-
- foreach $a (@v) {
- $rv = $rv . sprintf("\\x%02x", $a);
- }
-
- return $rv;
-}
diff --git a/security/nss/lib/pki1/oids.txt b/security/nss/lib/pki1/oids.txt
deleted file mode 100644
index df7b3ab28..000000000
--- a/security/nss/lib/pki1/oids.txt
+++ /dev/null
@@ -1,2115 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation. Portions created by Netscape are
-# Copyright (C) 1994-2000 Netscape Communications Corporation. All
-# Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable
-# instead of those above. If you wish to allow use of your
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL. If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CVS_ID "@(#) $RCSfile$ $Revision$ $Date$ $Name$"
-
-# Fields
-# OID -- the OID data itself, in dotted-number format
-# TAG -- the unofficial but common name. e.g., when written like
-# { joint-iso-ccitt(2) country(16) US(840) company(1) netscape(113730) }
-# those words ("joint-iso-ccitt," "country," etc.) are the tags.
-# EXPL -- a textual explanation, that should stand by itself
-# NAME -- the name we use in our code. If no NAME is given, it won't be included
-#
-# Additionally, some sets of OIDs map to some other spaces..
-# additional fields capture that data:
-#
-# CKM -- the corresponding Cryptoki Mechanism, if any
-# CKK -- the corresponding Cryptoki Key type, if any
-# ATTR -- the UTF-8 attribute type encoding, if applicable
-# it should be in the standard presentation style (e.g., lowercase),
-# already-escaped a la RFC 2253 if necessary (which would only
-# be necessary if some idiot defined an attribute with, say,
-# an equals sign in it)
-# CERT_EXTENSION -- SUPPORTED or UNSUPPORTED certificate extension, if applicable
-
-# Top of the OID tree -- see http://www.alvestrand.no/objectid/top.html
-#
-OID 0
-TAG ccitt # ITU-T used to be called CCITT
-EXPL "ITU-T"
-
-# See X.208 Annex C for an explanation of the OIDs below ccitt/itu-t
-
-OID 0.0
-TAG recommendation
-EXPL "ITU-T Recommendation"
-
-OID 0.1
-TAG question
-EXPL "ITU-T Question"
-
-OID 0.2
-TAG administration
-EXPL "ITU-T Administration"
-
-OID 0.3
-TAG network-operator
-EXPL "ITU-T Network Operator"
-
-OID 0.4
-TAG identified-organization
-EXPL "ITU-T Identified Organization"
-
-OID 0.9 # used in some RFCs (unofficial!)
-TAG data
-EXPL "RFC Data"
-
-OID 0.9.2342
-TAG pss
-EXPL "PSS British Telecom X.25 Network"
-
-OID 0.9.2342.19200300
-TAG ucl
-EXPL "RFC 1274 UCL Data networks"
-
-OID 0.9.2342.19200300.100
-TAG pilot
-EXPL "RFC 1274 pilot"
-
-OID 0.9.2342.19200300.100.1
-TAG attributeType
-EXPL "RFC 1274 Attribute Type"
-
-OID 0.9.2342.19200300.100.1.1
-TAG uid
-EXPL "RFC 1274 User Id"
-NAME NSS_OID_RFC1274_UID
-ATTR "uid"
-
-OID 0.9.2342.19200300.100.1.3
-TAG mail
-EXPL "RFC 1274 E-mail Addres"
-NAME NSS_OID_RFC1274_EMAIL
-ATTR "mail" # XXX fgmr
-
-OID 0.9.2342.19200300.100.1.25
-TAG dc
-EXPL "RFC 2247 Domain Component"
-NAME NSS_OID_RFC2247_DC
-ATTR "dc"
-
-OID 0.9.2342.19200300.100.3
-TAG attributeSyntax
-EXPL "RFC 1274 Attribute Syntax"
-
-OID 0.9.2342.19200300.100.3.4
-TAG iA5StringSyntax
-EXPL "RFC 1274 IA5 String Attribute Syntax"
-
-OID 0.9.2342.19200300.100.3.5
-TAG caseIgnoreIA5StringSyntax
-EXPL "RFC 1274 Case-Ignore IA5 String Attribute Syntax"
-
-OID 0.9.2342.19200300.100.4
-TAG objectClass
-EXPL "RFC 1274 Object Class"
-
-OID 0.9.2342.19200300.100.10
-TAG groups
-EXPL "RFC 1274 Groups"
-
-OID 0.9.2342.234219200300
-TAG ucl
-EXPL "RFC 1327 ucl"
-
-OID 1
-TAG iso
-EXPL "ISO"
-
-# See X.208 Annex B for an explanation of the OIDs below iso
-
-OID 1.0
-TAG standard
-EXPL "ISO Standard"
-
-OID 1.1
-TAG registration-authority
-EXPL "ISO Registration Authority"
-
-OID 1.2
-TAG member-body
-EXPL "ISO Member Body"
-
-OID 1.2.36
-TAG australia
-EXPL "Australia (ISO)"
-
-OID 1.2.158
-TAG taiwan
-EXPL "Taiwan (ISO)"
-
-OID 1.2.372
-TAG ireland
-EXPL "Ireland (ISO)"
-
-OID 1.2.578
-TAG norway
-EXPL "Norway (ISO)"
-
-OID 1.2.752
-TAG sweden
-EXPL "Sweden (ISO)"
-
-OID 1.2.826
-TAG great-britain
-EXPL "Great Britain (ISO)"
-
-OID 1.2.840
-TAG us
-EXPL "United States (ISO)"
-
-OID 1.2.840.1
-TAG organization
-EXPL "US (ISO) organization"
-
-OID 1.2.840.10003
-TAG ansi-z30-50
-EXPL "ANSI Z39.50"
-
-OID 1.2.840.10008
-TAG dicom
-EXPL "DICOM"
-
-OID 1.2.840.10017
-TAG ieee-1224
-EXPL "IEEE 1224"
-
-OID 1.2.840.10022
-TAG ieee-802-10
-EXPL "IEEE 802.10"
-
-OID 1.2.840.10036
-TAG ieee-802-11
-EXPL "IEEE 802.11"
-
-OID 1.2.840.10040
-TAG x9-57
-EXPL "ANSI X9.57"
-
-# RFC 2459:
-#
-# holdInstruction OBJECT IDENTIFIER ::=
-# {iso(1) member-body(2) us(840) x9cm(10040) 2}
-#
-# Note that the appendices of RFC 2459 define the (wrong) value
-# of 2.2.840.10040.2 for this oid.
-OID 1.2.840.10040.2
-TAG holdInstruction
-EXPL "ANSI X9.57 Hold Instruction"
-
-# RFC 2459:
-#
-# id-holdinstruction-none OBJECT IDENTIFIER ::=
-# {holdInstruction 1} -- deprecated
-OID 1.2.840.10040.2.1
-TAG id-holdinstruction-none
-EXPL "ANSI X9.57 Hold Instruction: None"
-
-# RFC 2459:
-#
-# id-holdinstruction-callissuer OBJECT IDENTIFIER ::=
-# {holdInstruction 2}
-OID 1.2.840.10040.2.2
-TAG id-holdinstruction-callissuer
-EXPL "ANSI X9.57 Hold Instruction: Call Issuer"
-
-# RFC 2459:
-#
-# id-holdinstruction-reject OBJECT IDENTIFIER ::=
-# {holdInstruction 3}
-OID 1.2.840.10040.2.3
-TAG id-holdinstruction-reject
-EXPL "ANSI X9.57 Hold Instruction: Reject"
-
-OID 1.2.840.10040.4
-TAG x9algorithm
-EXPL "ANSI X9.57 Algorithm"
-
-# RFC 2459:
-#
-# id-dsa OBJECT IDENTIFIER ::= {
-# iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
-OID 1.2.840.10040.4.1
-TAG id-dsa
-EXPL "ANSI X9.57 DSA Signature"
-NAME NSS_OID_ANSIX9_DSA_SIGNATURE
-CKM CKM_DSA
-CKK CKK_DSA
-
-# RFC 2459:
-#
-# id-dsa-with-sha1 OBJECT IDENTIFIER ::= {
-# iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 }
-OID 1.2.840.10040.4.3
-TAG id-dsa-with-sha1
-EXPL "ANSI X9.57 Algorithm DSA Signature with SHA-1 Digest"
-NAME NSS_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST
-CKM CKM_DSA_SHA1
-
-OID 1.2.840.10046
-TAG x942
-EXPL "ANSI X9.42"
-
-OID 1.2.840.10046.2
-TAG algorithm
-EXPL "ANSI X9.42 Algorithm"
-
-# RFC 2459:
-#
-# dhpublicnumber OBJECT IDENTIFIER ::= {
-# iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1 }
-OID 1.2.840.10046.2.1
-TAG dhpublicnumber
-EXPL "Diffie-Hellman Public Key Algorithm"
-NAME NSS_OID_X942_DIFFIE_HELMAN_KEY
-CKM CKM_DH_PKCS_DERIVE
-CKK CKK_DH
-
-OID 1.2.840.113533
-TAG entrust
-EXPL "Entrust Technologies"
-
-OID 1.2.840.113549
-TAG rsadsi
-EXPL "RSA Data Security Inc."
-
-OID 1.2.840.113549.1
-# http://www.rsa.com/rsalabs/pubs/PKCS/
-TAG pkcs
-EXPL "PKCS"
-
-# RFC 2459:
-#
-# pkcs-1 OBJECT IDENTIFIER ::= {
-# iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }
-OID 1.2.840.113549.1.1
-# ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-1.asc
-TAG pkcs-1
-EXPL "PKCS #1"
-
-# RFC 2459:
-#
-# rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
-OID 1.2.840.113549.1.1.1
-TAG rsaEncryption
-EXPL "PKCS #1 RSA Encryption"
-NAME NSS_OID_PKCS1_RSA_ENCRYPTION
-CKM CKM_RSA_PKCS
-CKK CKK_RSA
-
-# RFC 2459:
-#
-# md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
-OID 1.2.840.113549.1.1.2
-TAG md2WithRSAEncryption
-EXPL "PKCS #1 MD2 With RSA Encryption"
-NAME NSS_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION
-CKM CKM_MD2_RSA_PKCS
-
-OID 1.2.840.113549.1.1.3
-TAG md4WithRSAEncryption
-EXPL "PKCS #1 MD4 With RSA Encryption"
-NAME NSS_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION
-# No CKM!
-
-# RFC 2459:
-#
-# md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
-OID 1.2.840.113549.1.1.4
-TAG md5WithRSAEncryption
-EXPL "PKCS #1 MD5 With RSA Encryption"
-NAME NSS_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION
-CKM CKM_MD5_RSA_PKCS
-
-# RFC 2459:
-#
-# sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
-OID 1.2.840.113549.1.1.5
-TAG sha1WithRSAEncryption
-EXPL "PKCS #1 SHA-1 With RSA Encryption"
-NAME NSS_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION
-CKM CKM_SHA1_RSA_PKCS
-
-OID 1.2.840.113549.1.5
-# ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-5.asc
-TAG pkcs-5
-EXPL "PKCS #5"
-
-OID 1.2.840.113549.1.5.1
-TAG pbeWithMD2AndDES-CBC
-EXPL "PKCS #5 Password Based Encryption With MD2 and DES-CBC"
-NAME NSS_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC
-CKM CKM_PBE_MD2_DES_CBC
-
-OID 1.2.840.113549.1.5.3
-TAG pbeWithMD5AndDES-CBC
-EXPL "PKCS #5 Password Based Encryption With MD5 and DES-CBC"
-NAME NSS_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC
-CKM CKM_PBE_MD5_DES_CBC
-
-OID 1.2.840.113549.1.5.10
-TAG pbeWithSha1AndDES-CBC
-EXPL "PKCS #5 Password Based Encryption With SHA-1 and DES-CBC"
-NAME NSS_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC
-CKM CKM_NETSCAPE_PBE_SHA1_DES_CBC
-
-OID 1.2.840.113549.1.7
-# ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-7.asc
-TAG pkcs-7
-EXPL "PKCS #7"
-NAME NSS_OID_PKCS7
-
-OID 1.2.840.113549.1.7.1
-TAG data
-EXPL "PKCS #7 Data"
-NAME NSS_OID_PKCS7_DATA
-
-OID 1.2.840.113549.1.7.2
-TAG signedData
-EXPL "PKCS #7 Signed Data"
-NAME NSS_OID_PKCS7_SIGNED_DATA
-
-OID 1.2.840.113549.1.7.3
-TAG envelopedData
-EXPL "PKCS #7 Enveloped Data"
-NAME NSS_OID_PKCS7_ENVELOPED_DATA
-
-OID 1.2.840.113549.1.7.4
-TAG signedAndEnvelopedData
-EXPL "PKCS #7 Signed and Enveloped Data"
-NAME NSS_OID_PKCS7_SIGNED_ENVELOPED_DATA
-
-OID 1.2.840.113549.1.7.5
-TAG digestedData
-EXPL "PKCS #7 Digested Data"
-NAME NSS_OID_PKCS7_DIGESTED_DATA
-
-OID 1.2.840.113549.1.7.6
-TAG encryptedData
-EXPL "PKCS #7 Encrypted Data"
-NAME NSS_OID_PKCS7_ENCRYPTED_DATA
-
-# RFC 2459:
-#
-# pkcs-9 OBJECT IDENTIFIER ::=
-# { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }
-OID 1.2.840.113549.1.9
-# ftp://ftp.rsa.com/pub/pkcs/ascii/pkcs-9.asc
-TAG pkcs-9
-EXPL "PKCS #9"
-
-# RFC 2459:
-#
-# emailAddress AttributeType ::= { pkcs-9 1 }
-OID 1.2.840.113549.1.9.1
-TAG emailAddress
-EXPL "PKCS #9 Email Address"
-NAME NSS_OID_PKCS9_EMAIL_ADDRESS
-
-OID 1.2.840.113549.1.9.2
-TAG unstructuredName
-EXPL "PKCS #9 Unstructured Name"
-NAME NSS_OID_PKCS9_UNSTRUCTURED_NAME
-
-OID 1.2.840.113549.1.9.3
-TAG contentType
-EXPL "PKCS #9 Content Type"
-NAME NSS_OID_PKCS9_CONTENT_TYPE
-
-OID 1.2.840.113549.1.9.4
-TAG messageDigest
-EXPL "PKCS #9 Message Digest"
-NAME NSS_OID_PKCS9_MESSAGE_DIGEST
-
-OID 1.2.840.113549.1.9.5
-TAG signingTime
-EXPL "PKCS #9 Signing Time"
-NAME NSS_OID_PKCS9_SIGNING_TIME
-
-OID 1.2.840.113549.1.9.6
-TAG counterSignature
-EXPL "PKCS #9 Counter Signature"
-NAME NSS_OID_PKCS9_COUNTER_SIGNATURE
-
-OID 1.2.840.113549.1.9.7
-TAG challengePassword
-EXPL "PKCS #9 Challenge Password"
-NAME NSS_OID_PKCS9_CHALLENGE_PASSWORD
-
-OID 1.2.840.113549.1.9.8
-TAG unstructuredAddress
-EXPL "PKCS #9 Unstructured Address"
-NAME NSS_OID_PKCS9_UNSTRUCTURED_ADDRESS
-
-OID 1.2.840.113549.1.9.9
-TAG extendedCertificateAttributes
-EXPL "PKCS #9 Extended Certificate Attributes"
-NAME NSS_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES
-
-OID 1.2.840.113549.1.9.15
-TAG sMIMECapabilities
-EXPL "PKCS #9 S/MIME Capabilities"
-NAME NSS_OID_PKCS9_SMIME_CAPABILITIES
-
-OID 1.2.840.113549.1.9.20
-TAG friendlyName
-EXPL "PKCS #9 Friendly Name"
-NAME NSS_OID_PKCS9_FRIENDLY_NAME
-
-OID 1.2.840.113549.1.9.21
-TAG localKeyID
-EXPL "PKCS #9 Local Key ID"
-NAME NSS_OID_PKCS9_LOCAL_KEY_ID
-
-OID 1.2.840.113549.1.9.22
-TAG certTypes
-EXPL "PKCS #9 Certificate Types"
-
-OID 1.2.840.113549.1.9.22.1
-TAG x509Certificate
-EXPL "PKCS #9 Certificate Type = X.509"
-NAME NSS_OID_PKCS9_X509_CERT
-
-OID 1.2.840.113549.1.9.22.2
-TAG sdsiCertificate
-EXPL "PKCS #9 Certificate Type = SDSI"
-NAME NSS_OID_PKCS9_SDSI_CERT
-
-OID 1.2.840.113549.1.9.23
-TAG crlTypes
-EXPL "PKCS #9 Certificate Revocation List Types"
-
-OID 1.2.840.113549.1.9.23.1
-TAG x509Crl
-EXPL "PKCS #9 CRL Type = X.509"
-NAME NSS_OID_PKCS9_X509_CRL
-
-OID 1.2.840.113549.1.12
-# http://www.rsa.com/rsalabs/pubs/PKCS/html/pkcs-12.html
-# NOTE -- PKCS #12 multiple contradictory
-# documents exist. Somebody go figure out the canonical
-# OID list, keeping in mind backwards-compatability..
-TAG pkcs-12
-EXPL "PKCS #12"
-NAME NSS_OID_PKCS12
-
-OID 1.2.840.113549.1.12.1
-TAG pkcs-12PbeIds
-EXPL "PKCS #12 Password Based Encryption IDs"
-NAME NSS_OID_PKCS12_PBE_IDS
-# We called it SEC_OID_PKCS12_MODE_IDS
-
-OID 1.2.840.113549.1.12.1.1
-TAG pbeWithSHA1And128BitRC4
-EXPL "PKCS #12 Password Based Encryption With SHA-1 and 128-bit RC4"
-NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4
-CKM CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4
-# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4
-
-OID 1.2.840.113549.1.12.1.2
-TAG pbeWithSHA1And40BitRC4
-EXPL "PKCS #12 Password Based Encryption With SHA-1 and 40-bit RC4"
-NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4
-CKM CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4
-# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4
-
-OID 1.2.840.113549.1.12.1.3
-TAG pbeWithSHA1And3-KeyTripleDES-CBC
-EXPL "PKCS #12 Password Based Encryption With SHA-1 and 3-key Triple DES-CBC"
-NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_3_KEY_TRIPLE_DES_CBC
-CKM CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC
-# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC
-
-OID 1.2.840.113549.1.12.1.4
-TAG pbeWithSHA1And2-KeyTripleDES-CBC
-EXPL "PKCS #12 Password Based Encryption With SHA-1 and 2-key Triple DES-CBC"
-NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_2_KEY_TRIPLE_DES_CBC
-CKM CKM_PBE_SHA1_DES2_EDE_CBC
-# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC
-
-OID 1.2.840.113549.1.12.1.5
-TAG pbeWithSHA1And128BitRC2-CBC
-EXPL "PKCS #12 Password Based Encryption With SHA-1 and 128-bit RC2-CBC"
-NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC
-CKM CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC
-# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC
-
-OID 1.2.840.113549.1.12.1.6
-TAG pbeWithSHA1And40BitRC2-CBC
-EXPL "PKCS #12 Password Based Encryption With SHA-1 and 40-bit RC2-CBC"
-NAME NSS_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC
-CKM CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC
-# We called it SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC
-
-OID 1.2.840.113549.1.12.2
-TAG pkcs-12EspvkIds
-EXPL "PKCS #12 ESPVK IDs"
-# We called it SEC_OID_PKCS12_ESPVK_IDS
-
-OID 1.2.840.113549.1.12.2.1
-TAG pkcs8-key-shrouding
-EXPL "PKCS #12 Key Shrouding"
-# We called it SEC_OID_PKCS12_PKCS8_KEY_SHROUDING
-
-OID 1.2.840.113549.1.12.3
-TAG draft1Pkcs-12Bag-ids
-EXPL "Draft 1.0 PKCS #12 Bag IDs"
-# We called it SEC_OID_PKCS12_BAG_IDS
-
-OID 1.2.840.113549.1.12.3.1
-TAG keyBag
-EXPL "Draft 1.0 PKCS #12 Key Bag"
-# We called it SEC_OID_PKCS12_KEY_BAG_ID
-
-OID 1.2.840.113549.1.12.3.2
-TAG certAndCRLBagId
-EXPL "Draft 1.0 PKCS #12 Cert and CRL Bag ID"
-# We called it SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID
-
-OID 1.2.840.113549.1.12.3.3
-TAG secretBagId
-EXPL "Draft 1.0 PKCS #12 Secret Bag ID"
-# We called it SEC_OID_PKCS12_SECRET_BAG_ID
-
-OID 1.2.840.113549.1.12.3.4
-TAG safeContentsId
-EXPL "Draft 1.0 PKCS #12 Safe Contents Bag ID"
-# We called it SEC_OID_PKCS12_SAFE_CONTENTS_ID
-
-OID 1.2.840.113549.1.12.3.5
-TAG pkcs-8ShroudedKeyBagId
-EXPL "Draft 1.0 PKCS #12 PKCS #8-shrouded Key Bag ID"
-# We called it SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID
-
-OID 1.2.840.113549.1.12.4
-TAG pkcs-12CertBagIds
-EXPL "PKCS #12 Certificate Bag IDs"
-# We called it SEC_OID_PKCS12_CERT_BAG_IDS
-
-OID 1.2.840.113549.1.12.4.1
-TAG x509CertCRLBagId
-EXPL "PKCS #12 X.509 Certificate and CRL Bag"
-# We called it SEC_OID_PKCS12_X509_CERT_CRL_BAG
-
-OID 1.2.840.113549.1.12.4.2
-TAG SDSICertBagID
-EXPL "PKCS #12 SDSI Certificate Bag"
-# We called it SEC_OID_PKCS12_SDSI_CERT_BAG
-
-OID 1.2.840.113549.1.12.5
-TAG pkcs-12Oids
-EXPL "PKCS #12 OIDs (XXX)"
-# We called it SEC_OID_PKCS12_OIDS
-
-OID 1.2.840.113549.1.12.5.1
-TAG pkcs-12PbeIds
-EXPL "PKCS #12 OIDs PBE IDs (XXX)"
-# We called it SEC_OID_PKCS12_PBE_IDS
-
-OID 1.2.840.113549.1.12.5.1.1
-TAG pbeWithSha1And128BitRC4
-EXPL "PKCS #12 OIDs PBE with SHA-1 and 128-bit RC4 (XXX)"
-CKM CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4
-# We called it SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4
-
-OID 1.2.840.113549.1.12.5.1.2
-TAG pbeWithSha1And40BitRC4
-EXPL "PKCS #12 OIDs PBE with SHA-1 and 40-bit RC4 (XXX)"
-CKM CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4
-# We called it SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4
-
-OID 1.2.840.113549.1.12.5.1.3
-TAG pbeWithSha1AndTripleDES-CBC
-EXPL "PKCS #12 OIDs PBE with SHA-1 and Triple DES-CBC (XXX)"
-CKM CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC
-# We called it SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC
-
-OID 1.2.840.113549.1.12.5.1.4
-TAG pbeWithSha1And128BitRC2-CBC
-EXPL "PKCS #12 OIDs PBE with SHA-1 and 128-bit RC2-CBC (XXX)"
-CKM CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC
-# We called it SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC
-
-OID 1.2.840.113549.1.12.5.1.5
-TAG pbeWithSha1And40BitRC2-CBC
-EXPL "PKCS #12 OIDs PBE with SHA-1 and 40-bit RC2-CBC (XXX)"
-CKM CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC
-# We called it SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC
-
-OID 1.2.840.113549.1.12.5.2
-TAG pkcs-12EnvelopingIds
-EXPL "PKCS #12 OIDs Enveloping IDs (XXX)"
-# We called it SEC_OID_PKCS12_ENVELOPING_IDS
-
-OID 1.2.840.113549.1.12.5.2.1
-TAG rsaEncryptionWith128BitRC4
-EXPL "PKCS #12 OIDs Enveloping RSA Encryption with 128-bit RC4"
-# We called it SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4
-
-OID 1.2.840.113549.1.12.5.2.2
-TAG rsaEncryptionWith40BitRC4
-EXPL "PKCS #12 OIDs Enveloping RSA Encryption with 40-bit RC4"
-# We called it SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4
-
-OID 1.2.840.113549.1.12.5.2.3
-TAG rsaEncryptionWithTripleDES
-EXPL "PKCS #12 OIDs Enveloping RSA Encryption with Triple DES"
-# We called it SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES
-
-OID 1.2.840.113549.1.12.5.3
-TAG pkcs-12SignatureIds
-EXPL "PKCS #12 OIDs Signature IDs (XXX)"
-# We called it SEC_OID_PKCS12_SIGNATURE_IDS
-
-OID 1.2.840.113549.1.12.5.3.1
-TAG rsaSignatureWithSHA1Digest
-EXPL "PKCS #12 OIDs RSA Signature with SHA-1 Digest"
-# We called it SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST
-
-OID 1.2.840.113549.1.12.10
-TAG pkcs-12Version1
-EXPL "PKCS #12 Version 1"
-
-OID 1.2.840.113549.1.12.10.1
-TAG pkcs-12BagIds
-EXPL "PKCS #12 Bag IDs"
-
-OID 1.2.840.113549.1.12.10.1.1
-TAG keyBag
-EXPL "PKCS #12 Key Bag"
-NAME NSS_OID_PKCS12_KEY_BAG
-# We called it SEC_OID_PKCS12_V1_KEY_BAG_ID
-
-OID 1.2.840.113549.1.12.10.1.2
-TAG pkcs-8ShroudedKeyBag
-EXPL "PKCS #12 PKCS #8-shrouded Key Bag"
-NAME NSS_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG
-# We called it SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID
-
-OID 1.2.840.113549.1.12.10.1.3
-TAG certBag
-EXPL "PKCS #12 Certificate Bag"
-NAME NSS_OID_PKCS12_CERT_BAG
-# We called it SEC_OID_PKCS12_V1_CERT_BAG_ID
-
-OID 1.2.840.113549.1.12.10.1.4
-TAG crlBag
-EXPL "PKCS #12 CRL Bag"
-NAME NSS_OID_PKCS12_CRL_BAG
-# We called it SEC_OID_PKCS12_V1_CRL_BAG_ID
-
-OID 1.2.840.113549.1.12.10.1.5
-TAG secretBag
-EXPL "PKCS #12 Secret Bag"
-NAME NSS_OID_PKCS12_SECRET_BAG
-# We called it SEC_OID_PKCS12_V1_SECRET_BAG_ID
-
-OID 1.2.840.113549.1.12.10.1.6
-TAG safeContentsBag
-EXPL "PKCS #12 Safe Contents Bag"
-NAME NSS_OID_PKCS12_SAFE_CONTENTS_BAG
-# We called it SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID
-
-OID 1.2.840.113549.2
-TAG digest
-EXPL "RSA digest algorithm"
-
-OID 1.2.840.113549.2.2
-TAG md2
-EXPL "MD2"
-NAME NSS_OID_MD2
-CKM CKM_MD2
-
-OID 1.2.840.113549.2.4
-TAG md4
-EXPL "MD4"
-NAME NSS_OID_MD4
-# No CKM
-
-OID 1.2.840.113549.2.5
-TAG md5
-EXPL "MD5"
-NAME NSS_OID_MD5
-CKM CKM_MD5
-
-OID 1.2.840.113549.3
-TAG cipher
-EXPL "RSA cipher algorithm"
-
-OID 1.2.840.113549.3.2
-TAG rc2cbc
-EXPL "RC2-CBC"
-NAME NSS_OID_RC2_CBC
-CKM_RC2_CBC
-
-OID 1.2.840.113549.3.4
-TAG rc4
-EXPL "RC4"
-NAME NSS_OID_RC4
-CKM CKM_RC4
-
-OID 1.2.840.113549.3.7
-TAG desede3cbc
-EXPL "DES-EDE3-CBC"
-NAME NSS_OID_DES_EDE3_CBC
-CKM CKM_DES3_CBC
-
-OID 1.2.840.113549.3.9
-TAG rc5cbcpad
-EXPL "RC5-CBCPad"
-NAME NSS_OID_RC5_CBC_PAD
-CKM CKM_RC5_CBC
-
-OID 1.2.840.113556
-TAG microsoft
-EXPL "Microsoft"
-
-OID 1.2.840.113560
-TAG columbia-university
-EXPL "Columbia University"
-
-OID 1.2.840.113572
-TAG unisys
-EXPL "Unisys"
-
-OID 1.2.840.113658
-TAG xapia
-EXPL "XAPIA"
-
-OID 1.2.840.113699
-TAG wordperfect
-EXPL "WordPerfect"
-
-OID 1.3
-TAG identified-organization
-EXPL "ISO identified organizations"
-
-OID 1.3.6
-TAG us-dod
-EXPL "United States Department of Defense"
-
-OID 1.3.6.1
-TAG internet # See RFC 1065
-EXPL "The Internet"
-
-OID 1.3.6.1.1
-TAG directory
-EXPL "Internet: Directory"
-
-OID 1.3.6.1.2
-TAG management
-EXPL "Internet: Management"
-
-OID 1.3.6.1.3
-TAG experimental
-EXPL "Internet: Experimental"
-
-OID 1.3.6.1.4
-TAG private
-EXPL "Internet: Private"
-
-OID 1.3.6.1.5
-TAG security
-EXPL "Internet: Security"
-
-OID 1.3.6.1.5.5
-
-# RFC 2459:
-#
-# id-pkix OBJECT IDENTIFIER ::=
-# { iso(1) identified-organization(3) dod(6) internet(1)
-# security(5) mechanisms(5) pkix(7) }
-OID 1.3.6.1.5.5.7
-TAG id-pkix
-EXPL "Public Key Infrastructure"
-
-# RFC 2459:
-#
-# PKIX1Explicit88 {iso(1) identified-organization(3) dod(6) internet(1)
-# security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit-88(1)}
-OID 1.3.6.1.5.5.7.0.1
-TAG PKIX1Explicit88
-EXPL "RFC 2459 Explicitly Tagged Module, 1988 Syntax"
-
-# RFC 2459:
-#
-# PKIX1Implicit88 {iso(1) identified-organization(3) dod(6) internet(1)
-# security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit-88(2)}
-OID 1.3.6.1.5.5.7.0.2
-TAG PKIXImplicit88
-EXPL "RFC 2459 Implicitly Tagged Module, 1988 Syntax"
-
-# RFC 2459:
-#
-# PKIX1Explicit93 {iso(1) identified-organization(3) dod(6) internet(1)
-# security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit-93(3)}
-OID 1.3.6.1.5.5.7.0.3
-TAG PKIXExplicit93
-EXPL "RFC 2459 Explicitly Tagged Module, 1993 Syntax"
-
-# RFC 2459:
-#
-# id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
-# -- arc for private certificate extensions
-OID 1.3.6.1.5.5.7.1
-TAG id-pe
-EXPL "PKIX Private Certificate Extensions"
-
-# RFC 2459:
-#
-# id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
-OID 1.3.6.1.5.5.7.1.1
-TAG id-pe-authorityInfoAccess
-EXPL "Certificate Authority Information Access"
-NAME NSS_OID_X509_AUTH_INFO_ACCESS
-CERT_EXTENSION SUPPORTED
-
-# RFC 2459:
-#
-# id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
-# -- arc for policy qualifier types
-OID 1.3.6.1.5.5.7.2
-TAG id-qt
-EXPL "PKIX Policy Qualifier Types"
-
-# RFC 2459:
-#
-# id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
-# -- OID for CPS qualifier
-OID 1.3.6.1.5.5.7.2.1
-TAG id-qt-cps
-EXPL "PKIX CPS Pointer Qualifier"
-NAME NSS_OID_PKIX_CPS_POINTER_QUALIFIER
-
-# RFC 2459:
-#
-# id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
-# -- OID for user notice qualifier
-OID 1.3.6.1.5.5.7.2.2
-TAG id-qt-unotice
-EXPL "PKIX User Notice Qualifier"
-NAME NSS_OID_PKIX_USER_NOTICE_QUALIFIER
-
-# RFC 2459:
-#
-# id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
-# -- arc for extended key purpose OIDS
-OID 1.3.6.1.5.5.7.3
-TAG id-kp
-EXPL "PKIX Key Purpose"
-
-# RFC 2459:
-#
-# id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
-OID 1.3.6.1.5.5.7.3.1
-TAG id-kp-serverAuth
-EXPL "TLS Web Server Authentication Certificate"
-NAME NSS_OID_EXT_KEY_USAGE_SERVER_AUTH
-
-# RFC 2459:
-#
-# id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
-OID 1.3.6.1.5.5.7.3.2
-TAG id-kp-clientAuth
-EXPL "TLS Web Client Authentication Certificate"
-NAME NSS_OID_EXT_KEY_USAGE_CLIENT_AUTH
-
-# RFC 2459:
-#
-# id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
-OID 1.3.6.1.5.5.7.3.3
-TAG id-kp-codeSigning
-EXPL "Code Signing Certificate"
-NAME NSS_OID_EXT_KEY_USAGE_CODE_SIGN
-
-# RFC 2459:
-#
-# id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
-OID 1.3.6.1.5.5.7.3.4
-TAG id-kp-emailProtection
-EXPL "E-Mail Protection Certificate"
-NAME NSS_OID_EXT_KEY_USAGE_EMAIL_PROTECTION
-
-# RFC 2459:
-#
-# id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 }
-OID 1.3.6.1.5.5.7.3.5
-TAG id-kp-ipsecEndSystem
-EXPL "IPSEC End System Certificate"
-NAME NSS_OID_EXT_KEY_USAGE_IPSEC_END_SYSTEM
-
-# RFC 2459:
-#
-# id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 }
-OID 1.3.6.1.5.5.7.3.6
-TAG id-kp-ipsecTunnel
-EXPL "IPSEC Tunnel Certificate"
-NAME NSS_OID_EXT_KEY_USAGE_IPSEC_TUNNEL
-
-# RFC 2459:
-#
-# id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 }
-OID 1.3.6.1.5.5.7.3.7
-TAG id-kp-ipsecUser
-EXPL "IPSEC User Certificate"
-NAME NSS_OID_EXT_KEY_USAGE_IPSEC_USER
-
-# RFC 2459:
-#
-# id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
-OID 1.3.6.1.5.5.7.3.8
-TAG id-kp-timeStamping
-EXPL "Time Stamping Certificate"
-NAME NSS_OID_EXT_KEY_USAGE_TIME_STAMP
-
-OID 1.3.6.1.5.5.7.3.9
-TAG ocsp-responder
-EXPL "OCSP Responder Certificate"
-NAME NSS_OID_OCSP_RESPONDER
-
-OID 1.3.6.1.5.5.7.7
-TAG pkix-id-pkix
-
-OID 1.3.6.1.5.5.7.7.5
-TAG pkix-id-pkip
-
-OID 1.3.6.1.5.5.7.7.5.1
-TAG pkix-id-regctrl
-EXPL "CRMF Registration Control"
-
-OID 1.3.6.1.5.5.7.7.5.1.1
-TAG regtoken
-EXPL "CRMF Registration Control, Registration Token"
-NAME NSS_OID_PKIX_REGCTRL_REGTOKEN
-
-OID 1.3.6.1.5.5.7.7.5.1.2
-TAG authenticator
-EXPL "CRMF Registration Control, Registration Authenticator"
-NAME NSS_OID_PKIX_REGCTRL_AUTHENTICATOR
-
-OID 1.3.6.1.5.5.7.7.5.1.3
-TAG pkipubinfo
-EXPL "CRMF Registration Control, PKI Publication Info"
-NAME NSS_OID_PKIX_REGCTRL_PKIPUBINFO
-
-OID 1.3.6.1.5.5.7.7.5.1.4
-TAG pki-arch-options
-EXPL "CRMF Registration Control, PKI Archive Options"
-NAME NSS_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS
-
-OID 1.3.6.1.5.5.7.7.5.1.5
-TAG old-cert-id
-EXPL "CRMF Registration Control, Old Certificate ID"
-NAME NSS_OID_PKIX_REGCTRL_OLD_CERT_ID
-
-OID 1.3.6.1.5.5.7.7.5.1.6
-TAG protocol-encryption-key
-EXPL "CRMF Registration Control, Protocol Encryption Key"
-NAME NSS_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY
-
-OID 1.3.6.1.5.5.7.7.5.2
-TAG pkix-id-reginfo
-EXPL "CRMF Registration Info"
-
-OID 1.3.6.1.5.5.7.7.5.2.1
-TAG utf8-pairs
-EXPL "CRMF Registration Info, UTF8 Pairs"
-NAME NSS_OID_PKIX_REGINFO_UTF8_PAIRS
-
-OID 1.3.6.1.5.5.7.7.5.2.2
-TAG cert-request
-EXPL "CRMF Registration Info, Certificate Request"
-NAME NSS_OID_PKIX_REGINFO_CERT_REQUEST
-
-# RFC 2549:
-#
-# id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
-# -- arc for access descriptors
-OID 1.3.6.1.5.5.7.48
-TAG id-ad
-EXPL "PKIX Access Descriptors"
-
-# RFC 2549:
-#
-# id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
-OID 1.3.6.1.5.5.7.48.1
-TAG id-ad-ocsp
-EXPL "PKIX Online Certificate Status Protocol"
-NAME NSS_OID_OID_PKIX_OCSP
-
-OID 1.3.6.1.5.5.7.48.1.1
-TAG basic-response
-EXPL "OCSP Basic Response"
-NAME NSS_OID_PKIX_OCSP_BASIC_RESPONSE
-
-OID 1.3.6.1.5.5.7.48.1.2
-TAG nonce-extension
-EXPL "OCSP Nonce Extension"
-NAME NSS_OID_PKIX_OCSP_NONCE
-
-OID 1.3.6.1.5.5.7.48.1.3
-TAG response
-EXPL "OCSP Response Types Extension"
-NAME NSS_OID_PKIX_OCSP_RESPONSE
-
-OID 1.3.6.1.5.5.7.48.1.4
-TAG crl
-EXPL "OCSP CRL Reference Extension"
-NAME NSS_OID_PKIX_OCSP_CRL
-
-OID 1.3.6.1.5.5.7.48.1.5
-TAG no-check
-EXPL "OCSP No Check Extension"
-NAME NSS_OID_X509_OCSP_NO_CHECK # X509_... ?
-
-OID 1.3.6.1.5.5.7.48.1.6
-TAG archive-cutoff
-EXPL "OCSP Archive Cutoff Extension"
-NAME NSS_OID_PKIX_OCSP_ARCHIVE_CUTOFF
-
-OID 1.3.6.1.5.5.7.48.1.7
-TAG service-locator
-EXPL "OCSP Service Locator Extension"
-NAME NSS_OID_PKIX_OCSP_SERVICE_LOCATOR
-
-# RFC 2549:
-#
-# id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
-OID 1.3.6.1.5.5.7.48.2
-TAG id-ad-caIssuers
-EXPL "Certificate Authority Issuers"
-
-OID 1.3.6.1.6
-TAG snmpv2
-EXPL "Internet: SNMPv2"
-
-OID 1.3.6.1.7
-TAG mail
-EXPL "Internet: mail"
-
-OID 1.3.6.1.7.1
-TAG mime-mhs
-EXPL "Internet: mail MIME mhs"
-
-OID 1.3.12
-TAG ecma
-EXPL "European Computers Manufacturing Association"
-
-OID 1.3.14
-TAG oiw
-EXPL "Open Systems Implementors Workshop"
-
-OID 1.3.14.3 secsig
-TAG secsig
-EXPL "Open Systems Implementors Workshop Security Special Interest Group"
-
-OID 1.3.14.3.1
-TAG oIWSECSIGAlgorithmObjectIdentifiers
-EXPL "OIW SECSIG Algorithm OIDs"
-
-OID 1.3.14.3.2
-TAG algorithm
-EXPL "OIW SECSIG Algorithm"
-
-OID 1.3.14.3.2.6
-TAG desecb
-EXPL "DES-ECB"
-NAME NSS_OID_DES_ECB
-CKM CKM_DES_ECB
-
-OID 1.3.14.3.2.7
-TAG descbc
-EXPL "DES-CBC"
-NAME NSS_OID_DES_CBC
-CKM CKM_DES_CBC
-
-OID 1.3.14.3.2.8
-TAG desofb
-EXPL "DES-OFB"
-NAME NSS_OID_DES_OFB
-# No CKM..
-
-OID 1.3.14.3.2.9
-TAG descfb
-EXPL "DES-CFB"
-NAME NSS_OID_DES_CFB
-# No CKM..
-
-OID 1.3.14.3.2.10
-TAG desmac
-EXPL "DES-MAC"
-NAME NSS_OID_DES_MAC
-CKM CKM_DES_MAC
-
-OID 1.3.14.3.2.15
-TAG isoSHAWithRSASignature
-EXPL "ISO SHA with RSA Signature"
-NAME NSS_OID_ISO_SHA_WITH_RSA_SIGNATURE
-# No CKM..
-
-OID 1.3.14.3.2.17
-TAG desede
-EXPL "DES-EDE"
-NAME NSS_OID_DES_EDE
-# No CKM..
-
-OID 1.3.14.3.2.26
-TAG sha1
-EXPL "SHA-1"
-NAME NSS_OID_SHA1
-CKM CKM_SHA_1
-
-OID 1.3.14.3.2.27
-TAG bogusDSASignatureWithSHA1Digest
-EXPL "Forgezza DSA Signature with SHA-1 Digest"
-NAME NSS_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST
-CKM CKM_DSA_SHA1
-
-OID 1.3.14.3.3
-TAG authentication-mechanism
-EXPL "OIW SECSIG Authentication Mechanisms"
-
-OID 1.3.14.3.4
-TAG security-attribute
-EXPL "OIW SECSIG Security Attributes"
-
-OID 1.3.14.3.5
-TAG document-definition
-EXPL "OIW SECSIG Document Definitions used in security"
-
-OID 1.3.14.7
-TAG directory-services-sig
-EXPL "OIW directory services sig"
-
-OID 1.3.16
-TAG ewos
-EXPL "European Workshop on Open Systems"
-
-OID 1.3.22
-TAG osf
-EXPL "Open Software Foundation"
-
-OID 1.3.23
-TAG nordunet
-EXPL "Nordunet"
-
-OID 1.3.26
-TAG nato-id-org
-EXPL "NATO identified organisation"
-
-OID 1.3.36
-TAG teletrust
-EXPL "Teletrust"
-
-OID 1.3.52
-TAG smpte
-EXPL "Society of Motion Picture and Television Engineers"
-
-OID 1.3.69
-TAG sita
-EXPL "Societe Internationale de Telecommunications Aeronautiques"
-
-OID 1.3.90
-TAG iana
-EXPL "Internet Assigned Numbers Authority"
-
-OID 1.3.101
-TAG thawte
-EXPL "Thawte"
-
-OID 2
-TAG joint-iso-ccitt
-EXPL "Joint ISO/ITU-T assignment"
-
-OID 2.0
-TAG presentation
-EXPL "Joint ISO/ITU-T Presentation"
-
-OID 2.1
-TAG asn-1
-EXPL "Abstract Syntax Notation One"
-
-OID 2.2
-TAG acse
-EXPL "Association Control"
-
-OID 2.3
-TAG rtse
-EXPL "Reliable Transfer"
-
-OID 2.4
-TAG rose
-EXPL "Remote Operations"
-
-OID 2.5
-TAG x500
-EXPL "Directory"
-
-OID 2.5.1
-TAG modules
-EXPL "X.500 modules"
-
-OID 2.5.2
-TAG service-environment
-EXPL "X.500 service environment"
-
-OID 2.5.3
-TAG application-context
-EXPL "X.500 application context"
-
-# RFC 2459:
-#
-# id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4}
-OID 2.5.4
-TAG id-at
-EXPL "X.520 attribute types"
-
-# RFC 2459:
-#
-# id-at-commonName AttributeType ::= {id-at 3}
-OID 2.5.4.3
-TAG id-at-commonName
-EXPL "X.520 Common Name"
-NAME NSS_OID_X520_COMMON_NAME
-ATTR "cn"
-
-# RFC 2459:
-#
-# id-at-surname AttributeType ::= {id-at 4}
-OID 2.5.4.4
-TAG id-at-surname
-EXPL "X.520 Surname"
-NAME NSS_OID_X520_SURNAME
-ATTR "sn"
-
-# RFC 2459:
-#
-# id-at-countryName AttributeType ::= {id-at 6}
-OID 2.5.4.6
-TAG id-at-countryName
-EXPL "X.520 Country Name"
-NAME NSS_OID_X520_COUNTRY_NAME
-ATTR "c"
-
-# RFC 2459:
-#
-# id-at-localityName AttributeType ::= {id-at 7}
-OID 2.5.4.7
-TAG id-at-localityName
-EXPL "X.520 Locality Name"
-NAME NSS_OID_X520_LOCALITY_NAME
-ATTR "l"
-
-# RFC 2459:
-#
-# id-at-stateOrProvinceName AttributeType ::= {id-at 8}
-OID 2.5.4.8
-TAG id-at-stateOrProvinceName
-EXPL "X.520 State or Province Name"
-NAME NSS_OID_X520_STATE_OR_PROVINCE_NAME
-ATTR "s"
-
-# RFC 2459:
-#
-# id-at-organizationName AttributeType ::= {id-at 10}
-OID 2.5.4.10
-TAG id-at-organizationName
-EXPL "X.520 Organization Name"
-NAME NSS_OID_X520_ORGANIZATION_NAME
-ATTR "o"
-
-# RFC 2459:
-#
-# id-at-organizationalUnitName AttributeType ::= {id-at 11}
-OID 2.5.4.11
-TAG id-at-organizationalUnitName
-EXPL "X.520 Organizational Unit Name"
-NAME NSS_OID_X520_ORGANIZATIONAL_UNIT_NAME
-ATTR "ou"
-
-# RFC 2459:
-#
-# id-at-title AttributeType ::= {id-at 12}
-OID 2.5.4.12
-TAG id-at-title
-EXPL "X.520 Title"
-NAME NSS_OID_X520_TITLE
-ATTR "title"
-
-# RFC 2459:
-#
-# id-at-name AttributeType ::= {id-at 41}
-OID 2.5.4.41
-TAG id-at-name
-EXPL "X.520 Name"
-NAME NSS_OID_X520_NAME
-ATTR "name"
-
-# RFC 2459:
-#
-# id-at-givenName AttributeType ::= {id-at 42}
-OID 2.5.4.42
-TAG id-at-givenName
-EXPL "X.520 Given Name"
-NAME NSS_OID_X520_GIVEN_NAME
-ATTR "givenName"
-
-# RFC 2459:
-#
-# id-at-initials AttributeType ::= {id-at 43}
-OID 2.5.4.43
-TAG id-at-initials
-EXPL "X.520 Initials"
-NAME NSS_OID_X520_INITIALS
-ATTR "initials"
-
-# RFC 2459:
-#
-# id-at-generationQualifier AttributeType ::= {id-at 44}
-OID 2.5.4.44
-TAG id-at-generationQualifier
-EXPL "X.520 Generation Qualifier"
-NAME NSS_OID_X520_GENERATION_QUALIFIER
-ATTR "generationQualifier"
-
-# RFC 2459:
-#
-# id-at-dnQualifier AttributeType ::= {id-at 46}
-OID 2.5.4.46
-TAG id-at-dnQualifier
-EXPL "X.520 DN Qualifier"
-NAME NSS_OID_X520_DN_QUALIFIER
-ATTR "dnQualifier"
-
-OID 2.5.5
-TAG attribute-syntax
-EXPL "X.500 attribute syntaxes"
-
-OID 2.5.6
-TAG object-classes
-EXPL "X.500 standard object classes"
-
-OID 2.5.7
-TAG attribute-set
-EXPL "X.500 attribute sets"
-
-OID 2.5.8
-TAG algorithms
-EXPL "X.500-defined algorithms"
-
-OID 2.5.8.1
-TAG encryption
-EXPL "X.500-defined encryption algorithms"
-
-OID 2.5.8.1.1
-TAG rsa
-EXPL "RSA Encryption Algorithm"
-NAME NSS_OID_X500_RSA_ENCRYPTION
-CKM CKM_RSA_X_509
-
-OID 2.5.9
-TAG abstract-syntax
-EXPL "X.500 abstract syntaxes"
-
-OID 2.5.12
-TAG operational-attribute
-EXPL "DSA Operational Attributes"
-
-OID 2.5.13
-TAG matching-rule
-EXPL "Matching Rule"
-
-OID 2.5.14
-TAG knowledge-matching-rule
-EXPL "X.500 knowledge Matching Rules"
-
-OID 2.5.15
-TAG name-form
-EXPL "X.500 name forms"
-
-OID 2.5.16
-TAG group
-EXPL "X.500 groups"
-
-OID 2.5.17
-TAG subentry
-EXPL "X.500 subentry"
-
-OID 2.5.18
-TAG operational-attribute-type
-EXPL "X.500 operational attribute type"
-
-OID 2.5.19
-TAG operational-binding
-EXPL "X.500 operational binding"
-
-OID 2.5.20
-TAG schema-object-class
-EXPL "X.500 schema Object class"
-
-OID 2.5.21
-TAG schema-operational-attribute
-EXPL "X.500 schema operational attributes"
-
-OID 2.5.23
-TAG administrative-role
-EXPL "X.500 administrative roles"
-
-OID 2.5.24
-TAG access-control-attribute
-EXPL "X.500 access control attribute"
-
-OID 2.5.25
-TAG ros
-EXPL "X.500 ros object"
-
-OID 2.5.26
-TAG contract
-EXPL "X.500 contract"
-
-OID 2.5.27
-TAG package
-EXPL "X.500 package"
-
-OID 2.5.28
-TAG access-control-schema
-EXPL "X.500 access control schema"
-
-# RFC 2459:
-#
-# id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
-OID 2.5.29
-TAG id-ce
-EXPL "X.500 Certificate Extension"
-
-OID 2.5.29.5
-TAG subject-directory-attributes
-EXPL "Certificate Subject Directory Attributes"
-NAME NSS_OID_X509_SUBJECT_DIRECTORY_ATTR
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 }
-OID 2.5.29.9
-TAG id-ce-subjectDirectoryAttributes
-EXPL "Certificate Subject Directory Attributes"
-NAME NSS_OID_X509_SUBJECT_DIRECTORY_ATTRIBUTES
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }
-OID 2.5.29.14
-TAG id-ce-subjectKeyIdentifier
-EXPL "Certificate Subject Key ID"
-NAME NSS_OID_X509_SUBJECT_KEY_ID
-CERT_EXTENSION SUPPORTED
-
-# RFC 2459:
-#
-# id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
-OID 2.5.29.15
-TAG id-ce-keyUsage
-EXPL "Certificate Key Usage"
-NAME NSS_OID_X509_KEY_USAGE
-CERT_EXTENSION SUPPORTED
-# We called it PKCS12_KEY_USAGE
-
-# RFC 2459:
-#
-# id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 }
-OID 2.5.29.16
-TAG id-ce-privateKeyUsagePeriod
-EXPL "Certificate Private Key Usage Period"
-NAME NSS_OID_X509_PRIVATE_KEY_USAGE_PERIOD
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
-OID 2.5.29.17
-TAG id-ce-subjectAltName
-EXPL "Certificate Subject Alternate Name"
-NAME NSS_OID_X509_SUBJECT_ALT_NAME
-CERT_EXTENSION SUPPORTED
-
-# RFC 2459:
-#
-# id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 }
-OID 2.5.29.18
-TAG id-ce-issuerAltName
-EXPL "Certificate Issuer Alternate Name"
-NAME NSS_OID_X509_ISSUER_ALT_NAME
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
-OID 2.5.29.19
-TAG id-ce-basicConstraints
-EXPL "Certificate Basic Constraints"
-NAME NSS_OID_X509_BASIC_CONSTRAINTS
-CERT_EXTENSION SUPPORTED
-
-# RFC 2459:
-#
-# id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
-OID 2.5.29.20
-TAG id-ce-cRLNumber
-EXPL "CRL Number"
-NAME NSS_OID_X509_CRL_NUMBER
-CERT_EXTENSION SUPPORTED
-
-# RFC 2459:
-#
-# id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
-OID 2.5.29.21
-TAG id-ce-cRLReasons
-EXPL "CRL Reason Code"
-NAME NSS_OID_X509_REASON_CODE
-CERT_EXTENSION SUPPORTED
-
-# RFC 2459:
-#
-# id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 }
-OID 2.5.29.23
-TAG id-ce-holdInstructionCode
-EXPL "Hold Instruction Code"
-NAME NSS_OID_X509_HOLD_INSTRUCTION_CODE
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 }
-OID 2.5.29.24
-TAG id-ce-invalidityDate
-EXPL "Invalid Date"
-NAME NSS_OID_X509_INVALID_DATE
-CERT_EXTENSION SUPPORTED
-
-# RFC 2459:
-#
-# id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
-OID 2.5.29.27
-TAG id-ce-deltaCRLIndicator
-EXPL "Delta CRL Indicator"
-NAME NSS_OID_X509_DELTA_CRL_INDICATOR
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
-OID 2.5.29.28
-TAG id-ce-issuingDistributionPoint
-EXPL "Issuing Distribution Point"
-NAME NSS_OID_X509_ISSUING_DISTRIBUTION_POINT
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 }
-OID 2.5.29.29
-TAG id-ce-certificateIssuer
-EXPL "Certificate Issuer"
-NAME NSS_OID_X509_CERTIFICATE_ISSUER
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }
-OID 2.5.29.30
-TAG id-ce-nameConstraints
-EXPL "Certificate Name Constraints"
-NAME NSS_OID_X509_NAME_CONSTRAINTS
-CERT_EXTENSION SUPPORTED
-
-# RFC 2459:
-#
-# id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31}
-OID 2.5.29.31
-TAG id-ce-cRLDistributionPoints
-EXPL "CRL Distribution Points"
-NAME NSS_OID_X509_CRL_DIST_POINTS
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
-OID 2.5.29.32
-TAG id-ce-certificatePolicies
-EXPL "Certificate Policies"
-NAME NSS_OID_X509_CERTIFICATE_POLICIES
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }
-OID 2.5.29.33
-TAG id-ce-policyMappings
-EXPL "Certificate Policy Mappings"
-NAME NSS_OID_X509_POLICY_MAPPINGS
-CERT_EXTENSION UNSUPPORTED
-
-OID 2.5.29.34
-TAG policy-constraints
-EXPL "Certificate Policy Constraints (old)"
-CERT_EXTENSION UNSUPPORTED
-
-# RFC 2459:
-#
-# id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
-OID 2.5.29.35
-TAG id-ce-authorityKeyIdentifier
-EXPL "Certificate Authority Key Identifier"
-NAME NSS_OID_X509_AUTH_KEY_ID
-CERT_EXTENSION SUPPORTED
-
-# RFC 2459:
-#
-# id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }
-OID 2.5.29.36
-TAG id-ce-policyConstraints
-EXPL "Certificate Policy Constraints"
-NAME NSS_OID_X509_POLICY_CONSTRAINTS
-CERT_EXTENSION SUPPORTED
-
-# RFC 2459:
-#
-# id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
-OID 2.5.29.37
-TAG id-ce-extKeyUsage
-EXPL "Extended Key Usage"
-NAME NSS_OID_X509_EXT_KEY_USAGE
-CERT_EXTENSION SUPPORTED
-
-OID 2.5.30
-TAG id-mgt
-EXPL "X.500 Management Object"
-
-OID 2.6
-TAG x400
-EXPL "X.400 MHS"
-
-OID 2.7
-TAG ccr
-EXPL "Committment, Concurrency and Recovery"
-
-OID 2.8
-TAG oda
-EXPL "Office Document Architecture"
-
-OID 2.9
-TAG osi-management
-EXPL "OSI management"
-
-OID 2.10
-TAG tp
-EXPL "Transaction Processing"
-
-OID 2.11
-TAG dor
-EXPL "Distinguished Object Reference"
-
-OID 2.12
-TAG rdt
-EXPL "Referenced Data Transfer"
-
-OID 2.13
-TAG nlm
-EXPL "Network Layer Management"
-
-OID 2.14
-TAG tlm
-EXPL "Transport Layer Management"
-
-OID 2.15
-TAG llm
-EXPL "Link Layer Management"
-
-OID 2.16
-TAG country
-EXPL "Country Assignments"
-
-OID 2.16.124
-TAG canada
-EXPL "Canada"
-
-OID 2.16.158
-TAG taiwan
-EXPL "Taiwan"
-
-OID 2.16.578
-TAG norway
-EXPL "Norway"
-
-OID 2.16.756
-TAG switzerland
-EXPL "Switzerland"
-
-OID 2.16.840
-TAG us
-EXPL "United States"
-
-OID 2.16.840.1
-TAG us-company
-EXPL "United States Company"
-
-OID 2.16.840.1.101
-TAG us-government
-EXPL "United States Government (1.101)"
-
-OID 2.16.840.1.101.2
-TAG us-dod
-EXPL "United States Department of Defense"
-
-OID 2.16.840.1.101.2.1
-TAG id-infosec
-EXPL "US DOD Infosec"
-
-OID 2.16.840.1.101.2.1.0
-TAG id-modules
-EXPL "US DOD Infosec modules"
-
-OID 2.16.840.1.101.2.1.1
-TAG id-algorithms
-EXPL "US DOD Infosec algorithms (MISSI)"
-
-OID 2.16.840.1.101.2.1.1.2
-TAG old-dss
-EXPL "MISSI DSS Algorithm (Old)"
-NAME NSS_OID_MISSI_DSS_OLD
-
-# This is labeled as "### mwelch temporary"
-# Is it official?? XXX fgmr
-OID 2.16.840.1.101.2.1.1.4
-TAG skipjack-cbc-64
-EXPL "Skipjack CBC64"
-NAME NSS_OID_FORTEZZA_SKIPJACK
-CKM CKM_SKIPJACK_CBC64
-
-OID 2.16.840.1.101.2.1.1.10
-TAG kea
-EXPL "MISSI KEA Algorithm"
-NAME NSS_OID_MISSI_KEA
-
-OID 2.16.840.1.101.2.1.1.12
-TAG old-kea-dss
-EXPL "MISSI KEA and DSS Algorithm (Old)"
-NAME NSS_OID_MISSI_KEA_DSS_OLD
-
-OID 2.16.840.1.101.2.1.1.19
-TAG dss
-EXPL "MISSI DSS Algorithm"
-NAME NSS_OID_MISSI_DSS
-
-OID 2.16.840.1.101.2.1.1.20
-TAG kea-dss
-EXPL "MISSI KEA and DSS Algorithm"
-NAME NSS_OID_MISSI_KEA_DSS
-
-OID 2.16.840.1.101.2.1.1.22
-TAG alt-kea
-EXPL "MISSI Alternate KEA Algorithm"
-NAME NSS_OID_MISSI_ALT_KEY
-
-OID 2.16.840.1.101.2.1.2
-TAG id-formats
-EXPL "US DOD Infosec formats"
-
-OID 2.16.840.1.101.2.1.3
-TAG id-policy
-EXPL "US DOD Infosec policy"
-
-OID 2.16.840.1.101.2.1.4
-TAG id-object-classes
-EXPL "US DOD Infosec object classes"
-
-OID 2.16.840.1.101.2.1.5
-TAG id-attributes
-EXPL "US DOD Infosec attributes"
-
-OID 2.16.840.1.101.2.1.6
-TAG id-attribute-syntax
-EXPL "US DOD Infosec attribute syntax"
-
-OID 2.16.840.1.113730
-# The Netscape OID space
-TAG netscape
-EXPL "Netscape Communications Corp."
-
-OID 2.16.840.1.113730.1
-TAG cert-ext
-EXPL "Netscape Cert Extensions"
-
-OID 2.16.840.1.113730.1.1
-TAG cert-type
-EXPL "Certificate Type"
-NAME NSS_OID_NS_CERT_EXT_CERT_TYPE
-CERT_EXTENSION SUPPORTED
-
-OID 2.16.840.1.113730.1.2
-TAG base-url
-EXPL "Certificate Extension Base URL"
-NAME NSS_OID_NS_CERT_EXT_BASE_URL
-CERT_EXTENSION SUPPORTED
-
-OID 2.16.840.1.113730.1.3
-TAG revocation-url
-EXPL "Certificate Revocation URL"
-NAME NSS_OID_NS_CERT_EXT_REVOCATION_URL
-CERT_EXTENSION SUPPORTED
-
-OID 2.16.840.1.113730.1.4
-TAG ca-revocation-url
-EXPL "Certificate Authority Revocation URL"
-NAME NSS_OID_NS_CERT_EXT_CA_REVOCATION_URL
-CERT_EXTENSION SUPPORTED
-
-OID 2.16.840.1.113730.1.5
-TAG ca-crl-download-url
-EXPL "Certificate Authority CRL Download URL"
-NAME NSS_OID_NS_CERT_EXT_CA_CRL_URL
-CERT_EXTENSION UNSUPPORTED
-
-OID 2.16.840.1.113730.1.6
-TAG ca-cert-url
-EXPL "Certificate Authority Certificate Download URL"
-NAME NSS_OID_NS_CERT_EXT_CA_CERT_URL
-CERT_EXTENSION UNSUPPORTED
-
-OID 2.16.840.1.113730.1.7
-TAG renewal-url
-EXPL "Certificate Renewal URL"
-NAME NSS_OID_NS_CERT_EXT_CERT_RENEWAL_URL
-CERT_EXTENSION SUPPORTED
-
-OID 2.16.840.1.113730.1.8
-TAG ca-policy-url
-EXPL "Certificate Authority Policy URL"
-NAME NSS_OID_NS_CERT_EXT_CA_POLICY_URL
-CERT_EXTENSION SUPPORTED
-
-OID 2.16.840.1.113730.1.9
-TAG homepage-url
-EXPL "Certificate Homepage URL"
-NAME NSS_OID_NS_CERT_EXT_HOMEPAGE_URL
-CERT_EXTENSION UNSUPPORTED
-
-OID 2.16.840.1.113730.1.10
-TAG entity-logo
-EXPL "Certificate Entity Logo"
-NAME NSS_OID_NS_CERT_EXT_ENTITY_LOGO
-CERT_EXTENSION UNSUPPORTED
-
-OID 2.16.840.1.113730.1.11
-TAG user-picture
-EXPL "Certificate User Picture"
-NAME NSS_OID_NS_CERT_EXT_USER_PICTURE
-CERT_EXTENSION UNSUPPORTED
-
-OID 2.16.840.1.113730.1.12
-TAG ssl-server-name
-EXPL "Certificate SSL Server Name"
-NAME NSS_OID_NS_CERT_EXT_SSL_SERVER_NAME
-CERT_EXTENSION SUPPORTED
-
-OID 2.16.840.1.113730.1.13
-TAG comment
-EXPL "Certificate Comment"
-NAME NSS_OID_NS_CERT_EXT_COMMENT
-CERT_EXTENSION SUPPORTED
-
-OID 2.16.840.1.113730.1.14
-TAG thayes
-EXPL ""
-NAME NSS_OID_NS_CERT_EXT_THAYES
-CERT_EXTENSION SUPPORTED
-
-OID 2.16.840.1.113730.2
-TAG data-type
-EXPL "Netscape Data Types"
-
-OID 2.16.840.1.113730.2.1
-TAG gif
-EXPL "image/gif"
-NAME NSS_OID_NS_TYPE_GIF
-
-OID 2.16.840.1.113730.2.2
-TAG jpeg
-EXPL "image/jpeg"
-NAME NSS_OID_NS_TYPE_JPEG
-
-OID 2.16.840.1.113730.2.3
-TAG url
-EXPL "URL"
-NAME NSS_OID_NS_TYPE_URL
-
-OID 2.16.840.1.113730.2.4
-TAG html
-EXPL "text/html"
-NAME NSS_OID_NS_TYPE_HTML
-
-OID 2.16.840.1.113730.2.5
-TAG cert-sequence
-EXPL "Certificate Sequence"
-NAME NSS_OID_NS_TYPE_CERT_SEQUENCE
-
-OID 2.16.840.1.113730.3
-# The Netscape Directory OID space
-TAG directory
-EXPL "Netscape Directory"
-
-OID 2.16.840.1.113730.4
-TAG policy
-EXPL "Netscape Policy Type OIDs"
-
-OID 2.16.840.1.113730.4.1
-TAG export-approved
-EXPL "Strong Crypto Export Approved"
-NAME NSS_OID_NS_KEY_USAGE_GOVT_APPROVED
-CERT_EXTENSION UNSUPPORTED
-
-OID 2.16.840.1.113730.5
-TAG cert-server
-EXPL "Netscape Certificate Server"
-
-OID 2.16.840.1.113730.5.1
-
-OID 2.16.840.1.113730.5.1.1
-TAG recovery-request
-EXPL "Netscape Cert Server Recovery Request"
-NAME NSS_OID_NETSCAPE_RECOVERY_REQUEST
-
-OID 2.16.840.1.113730.6
-TAG algs
-EXPL "Netscape algorithm OIDs"
-
-OID 2.16.840.1.113730.6.1
-TAG smime-kea
-EXPL "Netscape S/MIME KEA"
-NAME NSS_OID_NETSCAPE_SMIME_KEA
-
-OID 2.16.840.1.113730.7
-TAG name-components
-EXPL "Netscape Name Components"
-
-OID 2.16.840.1.113730.7.1
-TAG nickname
-EXPL "Netscape Nickname"
-NAME NSS_OID_NETSCAPE_NICKNAME
-
-OID 2.16.840.1.113733
-TAG verisign
-EXPL "Verisign"
-
-OID 2.16.840.1.113733.1
-
-OID 2.16.840.1.113733.1.7
-
-OID 2.16.840.1.113733.1.7.1
-
-OID 2.16.840.1.113733.1.7.1.1
-TAG verisign-user-notices
-EXPL "Verisign User Notices"
-NAME NSS_OID_VERISIGN_USER_NOTICES
-
-OID 2.16.840.101
-TAG us-government
-EXPL "US Government (101)"
-
-OID 2.16.840.102
-TAG us-government2
-EXPL "US Government (102)"
-
-OID 2.16.840.11370
-TAG old-netscape
-EXPL "Netscape Communications Corp. (Old)"
-
-OID 2.16.840.11370.1
-TAG ns-cert-ext
-EXPL "Netscape Cert Extensions (Old NS)"
-
-OID 2.16.840.11370.1.1
-TAG netscape-ok
-EXPL "Netscape says this cert is ok (Old NS)"
-NAME NSS_OID_NS_CERT_EXT_NETSCAPE_OK
-CERT_EXTENSION UNSUPPORTED
-
-OID 2.16.840.11370.1.2
-TAG issuer-logo
-EXPL "Certificate Issuer Logo (Old NS)"
-NAME NSS_OID_NS_CERT_EXT_ISSUER_LOGO
-CERT_EXTENSION UNSUPPORTED
-
-OID 2.16.840.11370.1.3
-TAG subject-logo
-EXPL "Certificate Subject Logo (Old NS)"
-NAME NSS_OID_NS_CERT_EXT_SUBJECT_LOGO
-CERT_EXTENSION UNSUPPORTED
-
-OID 2.16.840.11370.2
-TAG ns-file-type
-EXPL "Netscape File Type"
-
-OID 2.16.840.11370.3
-TAG ns-image-type
-EXPL "Netscape Image Type"
-
-OID 2.17
-TAG registration-procedures
-EXPL "Registration procedures"
-
-OID 2.18
-TAG physical-layer-management
-EXPL "Physical layer Management"
-
-OID 2.19
-TAG mheg
-EXPL "MHEG"
-
-OID 2.20
-TAG guls
-EXPL "Generic Upper Layer Security"
-
-OID 2.21
-TAG tls
-EXPL "Transport Layer Security Protocol"
-
-OID 2.22
-TAG nls
-EXPL "Network Layer Security Protocol"
-
-OID 2.23
-TAG organization
-EXPL "International organizations"
diff --git a/security/nss/lib/pki1/pki1.h b/security/nss/lib/pki1/pki1.h
deleted file mode 100644
index 62049efcc..000000000
--- a/security/nss/lib/pki1/pki1.h
+++ /dev/null
@@ -1,3032 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef PKI1_H
-#define PKI1_H
-
-#ifdef DEBUG
-static const char PKI1_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * pki1.h
- *
- * This file contains the prototypes to the non-public NSS routines
- * relating to the PKIX part-1 objects.
- */
-
-#ifndef PKI1T_H
-#include "pki1t.h"
-#endif /* PKI1T_H */
-
-#ifndef NSSPKI1_H
-#include "nsspki1.h"
-#endif /* NSSPKI1_H */
-
-PR_BEGIN_EXTERN_C
-
-/* fgmr 19990505 moved these here from oiddata.h */
-extern const nssAttributeTypeAliasTable nss_attribute_type_aliases[];
-extern const PRUint32 nss_attribute_type_alias_count;
-
-/*
- * NSSOID
- *
- * The non-public "methods" regarding this "object" are:
- *
- * nssOID_CreateFromBER -- constructor
- * nssOID_CreateFromUTF8 -- constructor
- * (there is no explicit destructor)
- *
- * nssOID_GetDEREncoding
- * nssOID_GetUTF8Encoding
- *
- * In debug builds, the following non-public calls are also available:
- *
- * nssOID_verifyPointer
- * nssOID_getExplanation
- * nssOID_getTaggedUTF8
- */
-
-/*
- * nssOID_CreateFromBER
- *
- * This routine creates an NSSOID by decoding a BER- or DER-encoded
- * OID. It may return NSS_OID_UNKNOWN upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NSS_OID_UNKNOWN upon error
- * An NSSOID upon success
- */
-
-NSS_EXTERN NSSOID *
-nssOID_CreateFromBER
-(
- NSSBER *berOid
-);
-
-extern const NSSError NSS_ERROR_INVALID_BER;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * nssOID_CreateFromUTF8
- *
- * This routine creates an NSSOID by decoding a UTF8 string
- * representation of an OID in dotted-number format. The string may
- * optionally begin with an octothorpe. It may return NSS_OID_UNKNOWN
- * upon error, in which case it will have set an error on the error
- * stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_UTF8
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NSS_OID_UNKNOWN upon error
- * An NSSOID upon success
- */
-
-NSS_EXTERN NSSOID *
-nssOID_CreateFromUTF8
-(
- NSSUTF8 *stringOid
-);
-
-extern const NSSError NSS_ERROR_INVALID_UTF8;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-
-/*
- * nssOID_GetDEREncoding
- *
- * This routine returns the DER encoding of the specified NSSOID.
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return return null upon error, in
- * which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSOID
- */
-
-NSS_EXTERN NSSDER *
-nssOID_GetDEREncoding
-(
- const NSSOID *oid,
- NSSDER *rvOpt,
- NSSArena *arenaOpt
-);
-
-/*
- * nssOID_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing the dotted-number
- * encoding of the specified NSSOID. If the optional arena argument
- * is non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return null upon error, in which case it will have set an error
- * on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string containing the dotted-digit encoding of
- * this NSSOID
- */
-
-NSS_EXTERN NSSUTF8 *
-nssOID_GetUTF8Encoding
-(
- const NSSOID *oid,
- NSSArena *arenaOpt
-);
-
-/*
- * nssOID_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid poitner to an NSSOID object,
- * this routine will return PR_SUCCESS. Otherwise, it will put an
- * error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSOID
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssOID_verifyPointer
-(
- const NSSOID *oid
-);
-
-extern const NSSError NSS_ERROR_INVALID_NSSOID;
-#endif /* DEBUG */
-
-/*
- * nssOID_getExplanation
- *
- * This method is only present in debug builds.
- *
- * This routine will return a static pointer to a UTF8-encoded string
- * describing (in English) the specified OID. The memory pointed to
- * by the return value is not owned by the caller, and should not be
- * freed or modified. Note that explanations are only provided for
- * the OIDs built into the NSS library; there is no way to specify an
- * explanation for dynamically created OIDs. This routine is intended
- * only for use in debugging tools such as "derdump." This routine
- * may return null upon error, in which case it will have placed an
- * error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSOID
- *
- * Return value:
- * NULL upon error
- * A static pointer to a readonly, non-caller-owned UTF8-encoded
- * string explaining the specified OID.
- */
-
-#ifdef DEBUG
-NSS_EXTERN const char *
-nssOID_getExplanation
-(
- NSSOID *oid
-);
-
-extern const NSSError NSS_ERROR_INVALID_NSSOID;
-#endif /* DEBUG */
-
-/*
- * nssOID_getTaggedUTF8
- *
- * This method is only present in debug builds.
- *
- * This routine will return a pointer to a caller-owned UTF8-encoded
- * string containing a tagged encoding of the specified OID. Note
- * that OID (component) tags are only provided for the OIDs built
- * into the NSS library; there is no way to specify tags for
- * dynamically created OIDs. This routine is intended for use in
- * debugging tools such as "derdump." If the optional arena argument
- * is non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return return null upon error, in which case it will have set
- * an error on the error stack.
- *
- * The error may be one of the following values
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string containing the tagged encoding of
- * this NSSOID
- */
-
-#ifdef DEBUG
-NSS_EXTERN NSSUTF8 *
-nssOID_getTaggedUTF8
-(
- NSSOID *oid,
- NSSArena *arenaOpt
-);
-
-extern const NSSError NSS_ERROR_INVALID_NSSOID;
-extern const NSSError NSS_ERROR_NO_MEMORY;
-#endif /* DEBUG */
-
-/*
- * NSSATAV
- *
- * The non-public "methods" regarding this "object" are:
- *
- * nssATAV_CreateFromBER -- constructor
- * nssATAV_CreateFromUTF8 -- constructor
- * nssATAV_Create -- constructor
- *
- * nssATAV_Destroy
- * nssATAV_GetDEREncoding
- * nssATAV_GetUTF8Encoding
- * nssATAV_GetType
- * nssATAV_GetValue
- * nssATAV_Compare
- * nssATAV_Duplicate
- *
- * In debug builds, the following non-public call is also available:
- *
- * nssATAV_verifyPointer
- */
-
-/*
- * nssATAV_CreateFromBER
- *
- * This routine creates an NSSATAV by decoding a BER- or DER-encoded
- * ATAV. If the optional arena argument is non-null, the memory used
- * will be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_EXTERN NSSATAV *
-nssATAV_CreateFromBER
-(
- NSSArena *arenaOpt,
- const NSSBER *berATAV
-);
-
-/*
- * nssATAV_CreateFromUTF8
- *
- * This routine creates an NSSATAV by decoding a UTF8 string in the
- * "equals" format, e.g., "c=US." If the optional arena argument is
- * non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have set an error
- * on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- * NSS_ERROR_INVALID_UTF8
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_EXTERN NSSATAV *
-nssATAV_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- const NSSUTF8 *stringATAV
-);
-
-/*
- * nssATAV_Create
- *
- * This routine creates an NSSATAV from the specified NSSOID and the
- * specified data. If the optional arena argument is non-null, the
- * memory used will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap.If the specified data length is zero,
- * the data is assumed to be terminated by first zero byte; this allows
- * UTF8 strings to be easily specified. This routine may return NULL
- * upon error, in which case it will have set an error on the error
- * stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ARENA
- * NSS_ERROR_INVALID_NSSOID
- * NSS_ERROR_INVALID_POINTER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSATAV upon success
- */
-
-NSS_EXTERN NSSATAV *
-nssATAV_Create
-(
- NSSArena *arenaOpt,
- const NSSOID *oid,
- const void *data,
- PRUint32 length
-);
-
-/*
- * nssATAV_Destroy
- *
- * This routine will destroy an ATAV object. It should eventually be
- * called on all ATAVs created without an arena. While it is not
- * necessary to call it on ATAVs created within an arena, it is not an
- * error to do so. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * set an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssATAV_Destroy
-(
- NSSATAV *atav
-);
-
-/*
- * nssATAV_GetDEREncoding
- *
- * This routine will DER-encode an ATAV object. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return null upon error, in which case it will have set
- * an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSATAV
- */
-
-NSS_EXTERN NSSDER *
-nssATAV_GetDEREncoding
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-);
-
-/*
- * nssATAV_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the ATAV in "equals" notation (e.g., "o=Acme").
- * If the optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return null upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string containing the "equals" encoding of the
- * ATAV
- */
-
-NSS_EXTERN NSSUTF8 *
-nssATAV_GetUTF8Encoding
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-);
-
-/*
- * nssATAV_GetType
- *
- * This routine returns the NSSOID corresponding to the attribute type
- * in the specified ATAV. This routine may return NSS_OID_UNKNOWN
- * upon error, in which case it will have set an error on the error
- * stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * NSS_OID_UNKNOWN upon error
- * An element of enum NSSOIDenum upon success
- */
-
-NSS_EXTERN const NSSOID *
-nssATAV_GetType
-(
- NSSATAV *atav
-);
-
-/*
- * nssATAV_GetValue
- *
- * This routine returns a string containing the attribute value
- * in the specified ATAV. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have set an error upon the
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSItem containing the attribute value.
- */
-
-NSS_EXTERN NSSUTF8 *
-nssATAV_GetValue
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-);
-
-/*
- * nssATAV_Compare
- *
- * This routine compares two ATAVs for equality. For two ATAVs to be
- * equal, the attribute types must be the same, and the attribute
- * values must have equal length and contents. The result of the
- * comparison will be stored at the location pointed to by the "equalp"
- * variable, which must point to a valid PRBool. This routine may
- * return PR_FAILURE upon error, in which case it will have set an
- * error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE on error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-nssATAV_Compare
-(
- NSSATAV *atav1,
- NSSATAV *atav2,
- PRBool *equalp
-);
-
-/*
- * nssATAV_Duplicate
- *
- * This routine duplicates the specified ATAV. If the optional arena
- * argument is non-null, the memory required will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * placed an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL on error
- * A pointer to a new ATAV
- */
-
-NSS_EXTERN NSSATAV *
-nssATAV_Duplicate
-(
- NSSATAV *atav,
- NSSArena *arenaOpt
-);
-
-/*
- * nssATAV_verifyPointer
- *
- * This method is only present in debug builds.
- *
- * If the specified pointer is a valid pointer to an NSSATAV object,
- * this routine will return PR_SUCCESS. Otherwise, it will put an
- * error on the error stack and return PR_FAILRUE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NSSATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS if the pointer is valid
- * PR_FAILURE if it isn't
- */
-
-#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssATAV_verifyPointer
-(
- NSSATAV *atav
-);
-#endif /* DEBUG */
-
-/*
- * NSSRDN
- *
- * The non-public "methods" regarding this "object" are:
- *
- * nssRDN_CreateFromBER -- constructor
- * nssRDN_CreateFromUTF8 -- constructor
- * nssRDN_Create -- constructor
- * nssRDN_CreateSimple -- constructor
- *
- * nssRDN_Destroy
- * nssRDN_GetDEREncoding
- * nssRDN_GetUTF8Encoding
- * nssRDN_AddATAV
- * nssRDN_GetATAVCount
- * nssRDN_GetATAV
- * nssRDN_GetSimpleATAV
- * nssRDN_Compare
- * nssRDN_Duplicate
- */
-
-/*
- * nssRDN_CreateFromBER
- *
- * This routine creates an NSSRDN by decoding a BER- or DER-encoded
- * RDN. If the optional arena argument is non-null, the memory used
- * will be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDN upon success
- */
-
-NSS_EXTERN NSSRDN *
-nssRDN_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berRDN
-);
-
-/*
- * nssRDN_CreateFromUTF8
- *
- * This routine creates an NSSRDN by decoding an UTF8 string
- * consisting of either a single ATAV in the "equals" format, e.g.,
- * "uid=smith," or one or more such ATAVs in parentheses, e.g.,
- * "(sn=Smith,ou=Sales)." If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have set an error on the
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- * NSS_ERROR_INVALID_UTF8
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDN upon success
- */
-
-NSS_EXTERN NSSRDN *
-nssRDN_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *stringRDN
-);
-
-/*
- * nssRDN_Create
- *
- * This routine creates an NSSRDN from one or more NSSATAVs. The
- * final argument to this routine must be NULL. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have set
- * an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDN upon success
- */
-
-NSS_EXTERN NSSRDN *
-nssRDN_Create
-(
- NSSArena *arenaOpt,
- NSSATAV *atav1,
- ...
-);
-
-/*
- * nssRDN_CreateSimple
- *
- * This routine creates a simple NSSRDN from a single NSSATAV. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_ATAV
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDN upon success
- */
-
-NSS_EXTERN NSSRDN *
-nssRDN_CreateSimple
-(
- NSSArena *arenaOpt,
- NSSATAV *atav
-);
-
-/*
- * nssRDN_Destroy
- *
- * This routine will destroy an RDN object. It should eventually be
- * called on all RDNs created without an arena. While it is not
- * necessary to call it on RDNs created within an arena, it is not an
- * error to do so. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * set an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- *
- * Return value:
- * PR_FAILURE upon failure
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssRDN_Destroy
-(
- NSSRDN *rdn
-);
-
-/*
- * nssRDN_GetDEREncoding
- *
- * This routine will DER-encode an RDN object. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return null upon error, in which case it will have set
- * an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSRDN
- */
-
-NSS_EXTERN NSSDER *
-nssRDN_GetDEREncoding
-(
- NSSRDN *rdn,
- NSSArena *arenaOpt
-);
-
-/*
- * nssRDN_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the RDN. A simple (one-ATAV) RDN will be simply
- * the string representation of that ATAV; a non-simple RDN will be in
- * parenthesised form. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * null upon error, in which case it will have set an error on the
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string
- */
-
-NSS_EXTERN NSSUTF8 *
-nssRDN_GetUTF8Encoding
-(
- NSSRDN *rdn,
- NSSArena *arenaOpt
-);
-
-/*
- * nssRDN_AddATAV
- *
- * This routine adds an ATAV to the set of ATAVs in the specified RDN.
- * Remember that RDNs consist of an unordered set of ATAVs. If the
- * RDN was created with a non-null arena argument, that same arena
- * will be used for any additional required memory. If the RDN was
- * created with a NULL arena argument, any additional memory will
- * be obtained from the heap. This routine returns a PRStatus value;
- * it will return PR_SUCCESS upon success, and upon failure it will
- * set an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_INVALID_ATAV
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssRDN_AddATAV
-(
- NSSRDN *rdn,
- NSSATAV *atav
-);
-
-/*
- * nssRDN_GetATAVCount
- *
- * This routine returns the cardinality of the set of ATAVs within
- * the specified RDN. This routine may return 0 upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- *
- * Return value:
- * 0 upon error
- * A positive number upon success
- */
-
-NSS_EXTERN PRUint32
-nssRDN_GetATAVCount
-(
- NSSRDN *rdn
-);
-
-/*
- * nssRDN_GetATAV
- *
- * This routine returns a pointer to an ATAV that is a member of
- * the set of ATAVs within the specified RDN. While the set of
- * ATAVs within an RDN is unordered, this routine will return
- * distinct values for distinct values of 'i' as long as the RDN
- * is not changed in any way. The RDN may be changed by calling
- * NSSRDN_AddATAV. The value of the variable 'i' is on the range
- * [0,c) where c is the cardinality returned from NSSRDN_GetATAVCount.
- * The caller owns the ATAV the pointer to which is returned. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have set an error upon the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSATAV
- */
-
-NSS_EXTERN NSSATAV *
-nssRDN_GetATAV
-(
- NSSRDN *rdn,
- NSSArena *arenaOpt,
- PRUint32 i
-);
-
-/*
- * nssRDN_GetSimpleATAV
- *
- * Most RDNs are actually very simple, with a single ATAV. This
- * routine will return the single ATAV from such an RDN. The caller
- * owns the ATAV the pointer to which is returned. If the optional
- * arena argument is non-null, the memory used will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, including the case where
- * the set of ATAVs in the RDN is nonsingular. Upon error, this
- * routine will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_RDN_NOT_SIMPLE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSATAV
- */
-
-NSS_EXTERN NSSATAV *
-nssRDN_GetSimpleATAV
-(
- NSSRDN *rdn,
- NSSArena *arenaOpt
-);
-
-/*
- * nssRDN_Compare
- *
- * This routine compares two RDNs for equality. For two RDNs to be
- * equal, they must have the same number of ATAVs, and every ATAV in
- * one must be equal to an ATAV in the other. (Note that the sets
- * of ATAVs are unordered.) The result of the comparison will be
- * stored at the location pointed to by the "equalp" variable, which
- * must point to a valid PRBool. This routine may return PR_FAILURE
- * upon error, in which case it will have set an error on the error
- * stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE on error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-nssRDN_Compare
-(
- NSSRDN *rdn1,
- NSSRDN *rdn2,
- PRBool *equalp
-);
-
-/*
- * nssRDN_Duplicate
- *
- * This routine duplicates the specified RDN. If the optional arena
- * argument is non-null, the memory required will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * placed an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL on error
- * A pointer to a new RDN
- */
-
-NSS_EXTERN NSSRDN *
-nssRDN_Duplicate
-(
- NSSRDN *rdn,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSRDNSeq
- *
- * The non-public "methods" regarding this "object" are:
- *
- * nssRDNSeq_CreateFromBER -- constructor
- * nssRDNSeq_CreateFromUTF8 -- constructor
- * nssRDNSeq_Create -- constructor
- *
- * nssRDNSeq_Destroy
- * nssRDNSeq_GetDEREncoding
- * nssRDNSeq_GetUTF8Encoding
- * nssRDNSeq_AppendRDN
- * nssRDNSeq_GetRDNCount
- * nssRDNSeq_GetRDN
- * nssRDNSeq_Compare
- * nssRDNSeq_Duplicate
- *
- * nssRDNSeq_EvaluateUTF8 -- not an object method
- */
-
-/*
- * nssRDNSeq_CreateFromBER
- *
- * This routine creates an NSSRDNSeq by decoding a BER- or DER-encoded
- * sequence of RDNs. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have set an error on the
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDNSeq upon success
- */
-
-NSS_EXTERN NSSRDNSeq *
-nssRDNSeq_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berRDNSeq
-);
-
-/*
- * nssRDNSeq_CreateFromUTF8
- *
- * This routine creates an NSSRDNSeq by decoding a UTF8 string
- * consisting of a comma-separated sequence of RDNs, such as
- * "(sn=Smith,ou=Sales),o=Acme,c=US." If the optional arena argument
- * is non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have set an error
- * on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_UNKNOWN_ATTRIBUTE
- * NSS_ERROR_INVALID_UTF8
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSRDNSeq upon success
- */
-
-NSS_EXTERN NSSRDNSeq *
-nssRDNSeq_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *stringRDNSeq
-);
-
-/*
- * nssRDNSeq_Create
- *
- * This routine creates an NSSRDNSeq from one or more NSSRDNs. The
- * final argument to this routine must be NULL. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have set
- * an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_RDN
- *
- * Return value:
- * NULL upon error
- * A pointero to an NSSRDNSeq upon success
- */
-
-NSS_EXTERN NSSRDNSeq *
-nssRDNSeq_Create
-(
- NSSArena *arenaOpt,
- NSSRDN *rdn1,
- ...
-);
-
-/*
- * nssRDNSeq_Destroy
- *
- * This routine will destroy an RDNSeq object. It should eventually
- * be called on all RDNSeqs created without an arena. While it is not
- * necessary to call it on RDNSeqs created within an arena, it is not
- * an error to do so. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * set an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssRDNSeq_Destroy
-(
- NSSRDNSeq *rdnseq
-);
-
-/*
- * nssRDNSeq_GetDEREncoding
- *
- * This routine will DER-encode an RDNSeq object. If the optional
- * arena argument is non-null, the memory used will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return null upon error, in which case it will have
- * set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSRDNSeq
- */
-
-NSS_EXTERN NSSDER *
-nssRDNSeq_GetDEREncoding
-(
- NSSRDNSeq *rdnseq,
- NSSArena *arenaOpt
-);
-
-/*
- * nssRDNSeq_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the RDNSeq as a comma-separated sequence of RDNs.
- * If the optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return null upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to the UTF8 string
- */
-
-NSS_EXTERN NSSUTF8 *
-nssRDNSeq_GetUTF8Encoding
-(
- NSSRDNSeq *rdnseq,
- NSSArena *arenaOpt
-);
-
-/*
- * nssRDNSeq_AppendRDN
- *
- * This routine appends an RDN to the end of the existing RDN
- * sequence. If the RDNSeq was created with a non-null arena
- * argument, that same arena will be used for any additional required
- * memory. If the RDNSeq was created with a NULL arena argument, any
- * additional memory will be obtained from the heap. This routine
- * returns a PRStatus value; it will return PR_SUCCESS upon success,
- * and upon failure it will set an error on the error stack and return
- * PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_INVALID_RDN
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure
- */
-
-NSS_EXTERN PRStatus
-nssRDNSeq_AppendRDN
-(
- NSSRDNSeq *rdnseq,
- NSSRDN *rdn
-);
-
-/*
- * nssRDNSeq_GetRDNCount
- *
- * This routine returns the cardinality of the sequence of RDNs within
- * the specified RDNSeq. This routine may return 0 upon error, in
- * which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- *
- * Return value:
- * 0 upon error
- * A positive number upon success
- */
-
-NSS_EXTERN PRUint32
-nssRDNSeq_GetRDNCount
-(
- NSSRDNSeq *rdnseq
-);
-
-/*
- * nssRDNSeq_GetRDN
- *
- * This routine returns a pointer to the i'th RDN in the sequence of
- * RDNs that make up the specified RDNSeq. The sequence begins with
- * the top-level (e.g., "c=US") RDN. The value of the variable 'i'
- * is on the range [0,c) where c is the cardinality returned from
- * NSSRDNSeq_GetRDNCount. The caller owns the RDN the pointer to which
- * is returned. If the optional arena argument is non-null, the memory
- * used will be obtained from that areana; otherwise, the memory will
- * be obtained from the heap. This routine may return NULL upon error,
- * in which case it will have set an error upon the error stack. Note
- * that the usual UTF8 representation of RDN Sequences is from last
- * to first.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSRDN
- */
-
-NSS_EXTERN NSSRDN *
-nssRDNSeq_GetRDN
-(
- NSSRDNSeq *rdnseq,
- NSSArena *arenaOpt,
- PRUint32 i
-);
-
-/*
- * nssRDNSeq_Compare
- *
- * This routine compares two RDNSeqs for equality. For two RDNSeqs to
- * be equal, they must have the same number of RDNs, and each RDN in
- * one sequence must be equal to the corresponding RDN in the other
- * sequence. The result of the comparison will be stored at the
- * location pointed to by the "equalp" variable, which must point to a
- * valid PRBool. This routine may return PR_FAILURE upon error, in
- * which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE on error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-nssRDNSeq_Compare
-(
- NSSRDNSeq *rdnseq1,
- NSSRDNSeq *rdnseq2,
- PRBool *equalp
-);
-
-/*
- * nssRDNSeq_Duplicate
- *
- * This routine duplicates the specified RDNSeq. If the optional arena
- * argument is non-null, the memory required will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have
- * placed an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_RDNSEQ
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a new RDNSeq
- */
-
-NSS_EXTERN NSSRDNSeq *
-nssRDNSeq_Duplicate
-(
- NSSRDNSeq *rdnseq,
- NSSArena *arenaOpt
-);
-
-/*
- * nssRDNSeq_EvaluateUTF8
- *
- * This routine evaluates a UTF8 string, and returns PR_TRUE if the
- * string contains the string representation of an RDNSeq. This
- * routine is used by the (directory) Name routines
- * nssName_CreateFromUTF8 and nssName_EvaluateUTF8 to determine which
- * choice of directory name the string may encode. This routine may
- * return PR_FALSE upon error, but it subsumes that condition under the
- * general "string does not evaluate as an RDNSeq" state, and does not
- * set an error on the error stack.
- *
- * Return value:
- * PR_TRUE if the string represents an RDNSeq
- * PR_FALSE if otherwise
- */
-
-NSS_EXTERN PRBool
-nssRDNSeq_EvaluateUTF8
-(
- NSSUTF8 *str
-);
-
-/*
- * NSSName
- *
- * The non-public "methods" regarding this "object" are:
- *
- * nssName_CreateFromBER -- constructor
- * nssName_CreateFromUTF8 -- constructor
- * nssName_Create -- constructor
- *
- * nssName_Destroy
- * nssName_GetDEREncoding
- * nssName_GetUTF8Encoding
- * nssName_GetChoice
- * nssName_GetRDNSequence
- * nssName_GetSpecifiedChoice
- * nssName_Compare
- * nssName_Duplicate
- *
- * nssName_GetUID
- * nssName_GetEmail
- * nssName_GetCommonName
- * nssName_GetOrganization
- * nssName_GetOrganizationalUnits
- * nssName_GetStateOrProvince
- * nssName_GetLocality
- * nssName_GetCountry
- * nssName_GetAttribute
- *
- * nssName_EvaluateUTF8 -- not an object method
- */
-
-/*
- * nssName_CreateFromBER
- *
- * This routine creates an NSSName by decoding a BER- or DER-encoded
- * (directory) Name. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise,
- * the memory will be obtained from the heap. This routine may
- * return NULL upon error, in which case it will have set an error
- * on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSName upon success
- */
-
-NSS_EXTERN NSSName *
-nssName_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berName
-);
-
-/*
- * nssName_CreateFromUTF8
- *
- * This routine creates an NSSName by decoding a UTF8 string
- * consisting of the string representation of one of the choices of
- * (directory) names. Currently the only choice is an RDNSeq. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. The routine may return NULL upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_UTF8
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSName upon success
- */
-
-NSS_EXTERN NSSName *
-nssName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *stringName
-);
-
-/*
- * nssName_Create
- *
- * This routine creates an NSSName with the specified choice of
- * underlying name types. The value of the choice variable must be
- * one of the values of the NSSNameChoice enumeration, and the type
- * of the arg variable must be as specified in the following table:
- *
- * Choice Type
- * ======================== ===========
- * NSSNameChoiceRdnSequence NSSRDNSeq *
- *
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_CHOICE
- * NSS_ERROR_INVALID_ARGUMENT
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSName upon success
- */
-
-NSS_EXTERN NSSName *
-nssName_Create
-(
- NSSArena *arenaOpt,
- NSSNameChoice choice,
- void *arg
-);
-
-/*
- * nssName_Destroy
- *
- * This routine will destroy a Name object. It should eventually be
- * called on all Names created without an arena. While it is not
- * necessary to call it on Names created within an arena, it is not
- * an error to do so. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. If unsuccessful, it will
- * set an error on the error stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssName_Destroy
-(
- NSSName *name
-);
-
-/*
- * nssName_GetDEREncoding
- *
- * This routine will DER-encode a name object. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return null upon error, in which case it will have set
- * an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSName
- */
-
-NSS_EXTERN NSSDER *
-nssName_GetDEREncoding
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the Name in the format specified by the
- * underlying name choice. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have set an error on the
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to the UTF8 string
- */
-
-NSS_EXTERN NSSUTF8 *
-nssName_GetUTF8Encoding
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetChoice
- *
- * This routine returns the type of the choice underlying the specified
- * name. The return value will be a member of the NSSNameChoice
- * enumeration. This routine may return NSSNameChoiceInvalid upon
- * error, in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- *
- * Return value:
- * NSSNameChoiceInvalid upon error
- * An other member of the NSSNameChoice enumeration upon success
- */
-
-NSS_EXTERN NSSNameChoice
-nssName_GetChoice
-(
- NSSName *name
-);
-
-/*
- * nssName_GetRDNSequence
- *
- * If the choice underlying the specified NSSName is that of an
- * RDNSequence, this routine will return a pointer to that RDN
- * sequence. Otherwise, this routine will place an error on the
- * error stack, and return NULL. If the optional arena argument is
- * non-null, the memory required will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. The
- * caller owns the returned pointer. This routine may return NULL
- * upon error, in which case it will have set an error on the error
- * stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSRDNSeq
- */
-
-NSS_EXTERN NSSRDNSeq *
-nssName_GetRDNSequence
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetSpecifiedChoice
- *
- * If the choice underlying the specified NSSName matches the specified
- * choice, a caller-owned pointer to that underlying object will be
- * returned. Otherwise, an error will be placed on the error stack and
- * NULL will be returned. If the optional arena argument is non-null,
- * the memory required will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer, which must be typecast
- */
-
-NSS_EXTERN void *
-nssName_GetSpecifiedChoice
-(
- NSSName *name,
- NSSNameChoice choice,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_Compare
- *
- * This routine compares two Names for equality. For two Names to be
- * equal, they must have the same choice of underlying types, and the
- * underlying values must be equal. The result of the comparison will
- * be stored at the location pointed to by the "equalp" variable, which
- * must point to a valid PRBool. This routine may return PR_FAILURE
- * upon error, in which case it will have set an error on the error
- * stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE on error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-nssName_Compare
-(
- NSSName *name1,
- NSSName *name2,
- PRBool *equalp
-);
-
-/*
- * nssName_Duplicate
- *
- * This routine duplicates the specified nssname. If the optional
- * arena argument is non-null, the memory required will be obtained
- * from that arena; otherwise, the memory will be obtained from the
- * heap. This routine may return NULL upon error, in which case it
- * will have placed an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a new NSSName
- */
-
-NSS_EXTERN NSSName *
-nssName_Duplicate
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetUID
- *
- * This routine will attempt to derive a user identifier from the
- * specified name, if the choices and content of the name permit.
- * If the Name consists of a Sequence of Relative Distinguished
- * Names containing a UID attribute, the UID will be the value of
- * that attribute. Note that no UID attribute is defined in either
- * PKIX or PKCS#9; rather, this seems to derive from RFC 1274, which
- * defines the type as a caseIgnoreString. We'll return a Directory
- * String. If the optional arena argument is non-null, the memory
- * used will be obtained from that arena; otherwise, the memory will
- * be obtained from the heap. This routine may return NULL upon error,
- * in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_UID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String.
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssName_GetUID
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetEmail
- *
- * This routine will attempt to derive an email address from the
- * specified name, if the choices and content of the name permit.
- * If the Name consists of a Sequence of Relative Distinguished
- * Names containing either a PKIX email address or a PKCS#9 email
- * address, the result will be the value of that attribute. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_EMAIL
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr IA5 String */
-nssName_GetEmail
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetCommonName
- *
- * This routine will attempt to derive a common name from the
- * specified name, if the choices and content of the name permit.
- * If the Name consists of a Sequence of Relative Distinguished Names
- * containing a PKIX Common Name, the result will be that name. If
- * the optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_COMMON_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssName_GetCommonName
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetOrganization
- *
- * This routine will attempt to derive an organisation name from the
- * specified name, if the choices and content of the name permit.
- * If Name consists of a Sequence of Relative Distinguished names
- * containing a PKIX Organization, the result will be the value of
- * that attribute. If the optional arena argument is non-null, the
- * memory used will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. This routine may return NULL upon
- * error, in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_ORGANIZATION
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssName_GetOrganization
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetOrganizationalUnits
- *
- * This routine will attempt to derive a sequence of organisational
- * unit names from the specified name, if the choices and content of
- * the name permit. If the Name consists of a Sequence of Relative
- * Distinguished Names containing one or more organisational units,
- * the result will be the values of those attributes. If the optional
- * arena argument is non-null, the memory used will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_ORGANIZATIONAL_UNITS
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a null-terminated array of UTF8 Strings
- */
-
-NSS_EXTERN NSSUTF8 ** /* XXX fgmr DirectoryString */
-nssName_GetOrganizationalUnits
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetStateOrProvince
- *
- * This routine will attempt to derive a state or province name from
- * the specified name, if the choices and content of the name permit.
- * If the Name consists of a Sequence of Relative Distinguished Names
- * containing a state or province, the result will be the value of
- * that attribute. If the optional arena argument is non-null, the
- * memory used will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. This routine may return NULL upon
- * error, in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_STATE_OR_PROVINCE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssName_GetStateOrProvince
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetLocality
- *
- * This routine will attempt to derive a locality name from the
- * specified name, if the choices and content of the name permit. If
- * the Name consists of a Sequence of Relative Distinguished names
- * containing a Locality, the result will be the value of that
- * attribute. If the optional arena argument is non-null, the memory
- * used will be obtained from that arena; otherwise, the memory will
- * be obtained from the heap. This routine may return NULL upon error,
- * in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_LOCALITY
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssName_GetLocality
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetCountry
- *
- * This routine will attempt to derive a country name from the
- * specified name, if the choices and content of the name permit.
- * If the Name consists of a Sequence of Relative Distinguished
- * Names containing a Country, the result will be the value of
- * that attribute.. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise,
- * the memory will be obtained from the heap. This routine may
- * return NULL upon error, in which case it will have set an error
- * on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_COUNTRY
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr PrintableString */
-nssName_GetCountry
-(
- NSSName *name,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_GetAttribute
- *
- * If the specified name consists of a Sequence of Relative
- * Distinguished Names containing an attribute with the specified
- * type, and the actual value of that attribute may be expressed
- * with a Directory String, then the value of that attribute will
- * be returned as a Directory String. If the optional arena argument
- * is non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have set an error
- * on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_NAME
- * NSS_ERROR_NO_ATTRIBUTE
- * NSS_ERROR_ATTRIBUTE_VALUE_NOT_STRING
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssName_GetAttribute
-(
- NSSName *name,
- NSSOID *attribute,
- NSSArena *arenaOpt
-);
-
-/*
- * nssName_EvaluateUTF8
- *
- * This routine evaluates a UTF8 string, and returns PR_TRUE if the
- * string contains the string representation of an NSSName. This
- * routine is used by the GeneralName routine
- * nssGeneralName_CreateFromUTF8 to determine which choice of
- * general name the string may encode. This routine may return
- * PR_FALSE upon error, but it subsumes that condition under the
- * general "string does not evaluate as a Name" state, and does not
- * set an error on the error stack.
- *
- * Return value:
- * PR_TRUE if the string represents a Name
- * PR_FALSE otherwise
- */
-
-NSS_EXTERN PRBool
-nssName_EvaluateUTF8
-(
- NSSUTF8 *str
-);
-
-/*
- * NSSGeneralName
- *
- * The non-public "methods" regarding this "object" are:
- *
- * nssGeneralName_CreateFromBER -- constructor
- * nssGeneralName_CreateFromUTF8 -- constructor
- * nssGeneralName_Create -- constructor
- *
- * nssGeneralName_Destroy
- * nssGeneralName_GetDEREncoding
- * nssGeneralName_GetUTF8Encoding
- * nssGeneralName_GetChoice
- * nssGeneralName_GetOtherName
- * nssGeneralName_GetRfc822Name
- * nssGeneralName_GetDNSName
- * nssGeneralName_GetX400Address
- * nssGeneralName_GetDirectoryName
- * nssGeneralName_GetEdiPartyName
- * nssGeneralName_GetUniformResourceIdentifier
- * nssGeneralName_GetIPAddress
- * nssGeneralName_GetRegisteredID
- * nssGeneralName_GetSpecifiedChoice
- * nssGeneralName_Compare
- * nssGeneralName_Duplicate
- *
- * nssGeneralName_GetUID
- * nssGeneralName_GetEmail
- * nssGeneralName_GetCommonName
- * nssGeneralName_GetOrganization
- * nssGeneralName_GetOrganizationalUnits
- * nssGeneralName_GetStateOrProvince
- * nssGeneralName_GetLocality
- * nssGeneralName_GetCountry
- * nssGeneralName_GetAttribute
- */
-
-/*
- * nssGeneralName_CreateFromBER
- *
- * This routine creates an NSSGeneralName by decoding a BER- or DER-
- * encoded general name. If the optional arena argument is non-null,
- * the memory used will be obtained from that arena; otherwise, the
- * memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have set an error on the
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSGeneralName upon success
- */
-
-NSS_EXTERN NSSGeneralName *
-nssGeneralName_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berGeneralName
-);
-
-/*
- * nssGeneralName_CreateFromUTF8
- *
- * This routine creates an NSSGeneralName by decoding a UTF8 string
- * consisting of the string representation of one of the choices of
- * general names. If the optional arena argument is non-null, the
- * memory used will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The routine may return NULL upon
- * error, in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_UTF8
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSGeneralName upon success
- */
-
-NSS_EXTERN NSSGeneralName *
-nssGeneralName_CreateFromUTF8
-(
- NSSArena *arenaOpt,
- NSSUTF8 *stringGeneralName
-);
-
-/*
- * nssGeneralName_Create
- *
- * This routine creates an NSSGeneralName with the specified choice of
- * underlying name types. The value of the choice variable must be one
- * of the values of the NSSGeneralNameChoice enumeration, and the type
- * of the arg variable must be as specified in the following table:
- *
- * Choice Type
- * ============================================ =========
- * NSSGeneralNameChoiceOtherName
- * NSSGeneralNameChoiceRfc822Name
- * NSSGeneralNameChoiceDNSName
- * NSSGeneralNameChoiceX400Address
- * NSSGeneralNameChoiceDirectoryName NSSName *
- * NSSGeneralNameChoiceEdiPartyName
- * NSSGeneralNameChoiceUniformResourceIdentifier
- * NSSGeneralNameChoiceIPAddress
- * NSSGeneralNameChoiceRegisteredID
- *
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have set an error on the error stack.
- *
- * The error may be one fo the following values:
- * NSS_ERROR_INVALID_CHOICE
- * NSS_ERROR_INVALID_ARGUMENT
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSGeneralName upon success
- */
-
-NSS_EXTERN NSSGeneralName *
-nssGeneralName_Create
-(
- NSSGeneralNameChoice choice,
- void *arg
-);
-
-/*
- * nssGeneralName_Destroy
- *
- * This routine will destroy a General Name object. It should
- * eventually be called on all General Names created without an arena.
- * While it is not necessary to call it on General Names created within
- * an arena, it is not an error to do so. This routine returns a
- * PRStatus value; if successful, it will return PR_SUCCESS. If
- * usuccessful, it will set an error on the error stack and return
- * PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- *
- * Return value:
- * PR_FAILURE upon failure
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssGeneralName_Destroy
-(
- NSSGeneralName *generalName
-);
-
-/*
- * nssGeneralName_GetDEREncoding
- *
- * This routine will DER-encode a name object. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return null upon error, in which case it will have set
- * an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSGeneralName
- */
-
-NSS_EXTERN NSSDER *
-nssGeneralName_GetDEREncoding
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetUTF8Encoding
- *
- * This routine returns a UTF8 string containing a string
- * representation of the General Name in the format specified by the
- * underlying name choice. If the optional arena argument is
- * non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have set an error
- * on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 string
- */
-
-NSS_EXTERN NSSUTF8 *
-nssGeneralName_GetUTF8Encoding
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetChoice
- *
- * This routine returns the type of choice underlying the specified
- * general name. The return value will be a member of the
- * NSSGeneralNameChoice enumeration. This routine may return
- * NSSGeneralNameChoiceInvalid upon error, in which case it will have
- * set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- *
- * Return value:
- * NSSGeneralNameChoiceInvalid upon error
- * An other member of the NSSGeneralNameChoice enumeration
- */
-
-NSS_EXTERN NSSGeneralNameChoice
-nssGeneralName_GetChoice
-(
- NSSGeneralName *generalName
-);
-
-/*
- * nssGeneralName_GetOtherName
- *
- * If the choice underlying the specified NSSGeneralName is that of an
- * Other Name, this routine will return a pointer to that Other name.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSOtherName
- */
-
-NSS_EXTERN NSSOtherName *
-nssGeneralName_GetOtherName
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetRfc822Name
- *
- * If the choice underlying the specified NSSGeneralName is that of an
- * RFC 822 Name, this routine will return a pointer to that name.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSRFC822Name
- */
-
-NSS_EXTERN NSSRFC822Name *
-nssGeneralName_GetRfc822Name
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetDNSName
- *
- * If the choice underlying the specified NSSGeneralName is that of a
- * DNS Name, this routine will return a pointer to that DNS name.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSDNSName
- */
-
-NSS_EXTERN NSSDNSName *
-nssGeneralName_GetDNSName
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetX400Address
- *
- * If the choice underlying the specified NSSGeneralName is that of an
- * X.400 Address, this routine will return a pointer to that Address.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSX400Address
- */
-
-NSS_EXTERN NSSX400Address *
-nssGeneralName_GetX400Address
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetDirectoryName
- *
- * If the choice underlying the specified NSSGeneralName is that of a
- * (directory) Name, this routine will return a pointer to that name.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSName
- */
-
-NSS_EXTERN NSSName *
-nssGeneralName_GetName
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetEdiPartyName
- *
- * If the choice underlying the specified NSSGeneralName is that of an
- * EDI Party Name, this routine will return a pointer to that name.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSEdiPartyName
- */
-
-NSS_EXTERN NSSEdiPartyName *
-nssGeneralName_GetEdiPartyName
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetUniformResourceIdentifier
- *
- * If the choice underlying the specified NSSGeneralName is that of a
- * URI, this routine will return a pointer to that URI.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSURI
- */
-
-NSS_EXTERN NSSURI *
-nssGeneralName_GetUniformResourceIdentifier
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetIPAddress
- *
- * If the choice underlying the specified NSSGeneralName is that of an
- * IP Address , this routine will return a pointer to that address.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSIPAddress
- */
-
-NSS_EXTERN NSSIPAddress *
-nssGeneralName_GetIPAddress
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetRegisteredID
- *
- * If the choice underlying the specified NSSGeneralName is that of a
- * Registered ID, this routine will return a pointer to that ID.
- * Otherwise, this routine will place an error on the error stack, and
- * return NULL. If the optional arena argument is non-null, the memory
- * required will be obtained from that arena; otherwise, the memory
- * will be obtained from the heap. The caller owns the returned
- * pointer. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to an NSSRegisteredID
- */
-
-NSS_EXTERN NSSRegisteredID *
-nssGeneralName_GetRegisteredID
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetSpecifiedChoice
- *
- * If the choice underlying the specified NSSGeneralName matches the
- * specified choice, a caller-owned pointer to that underlying object
- * will be returned. Otherwise, an error will be placed on the error
- * stack and NULL will be returned. If the optional arena argument
- * is non-null, the memory required will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. The caller
- * owns the returned pointer. This routine may return NULL upon
- * error, in which caes it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_WRONG_CHOICE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer, which must be typecast
- */
-
-NSS_EXTERN void *
-nssGeneralName_GetSpecifiedChoice
-(
- NSSGeneralName *generalName,
- NSSGeneralNameChoice choice,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_Compare
- *
- * This routine compares two General Names for equality. For two
- * General Names to be equal, they must have the same choice of
- * underlying types, and the underlying values must be equal. The
- * result of the comparison will be stored at the location pointed
- * to by the "equalp" variable, which must point to a valid PRBool.
- * This routine may return PR_FAILURE upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following value:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-nssGeneralName_Compare
-(
- NSSGeneralName *generalName1,
- NSSGeneralName *generalName2,
- PRBool *equalp
-);
-
-/*
- * nssGeneralName_Duplicate
- *
- * This routine duplicates the specified General Name. If the optional
- * arena argument is non-null, the memory required will be obtained
- * from that arena; otherwise, the memory will be obtained from the
- * heap. This routine may return NULL upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a new NSSGeneralName
- */
-
-NSS_EXTERN NSSGeneralName *
-nssGeneralName_Duplicate
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetUID
- *
- * This routine will attempt to derive a user identifier from the
- * specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished Names containing a UID
- * attribute, the UID will be the value of that attribute. Note
- * that no UID attribute is defined in either PKIX or PKCS#9;
- * rather, this seems to derive from RFC 1274, which defines the
- * type as a caseIgnoreString. We'll return a Directory String.
- * If the optional arena argument is non-null, the memory used
- * will be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon error,
- * in which case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_UID
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String.
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssGeneralName_GetUID
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetEmail
- *
- * This routine will attempt to derive an email address from the
- * specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished names containing either
- * a PKIX email address or a PKCS#9 email address, the result will
- * be the value of that attribute. If the General Name is an RFC 822
- * Name, the result will be the string form of that name. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_EMAIL
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr IA5String */
-nssGeneralName_GetEmail
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetCommonName
- *
- * This routine will attempt to derive a common name from the
- * specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished names containing a PKIX
- * Common Name, the result will be that name. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have set
- * an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_COMMON_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssGeneralName_GetCommonName
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetOrganization
- *
- * This routine will attempt to derive an organisation name from the
- * specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished names containing an
- * Organization, the result will be the value of that attribute.
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_ORGANIZATION
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssGeneralName_GetOrganization
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetOrganizationalUnits
- *
- * This routine will attempt to derive a sequence of organisational
- * unit names from the specified general name, if the choices and
- * content of the name permit. If the General Name is a (directory)
- * Name consisting of a Sequence of Relative Distinguished names
- * containing one or more organisational units, the result will
- * consist of those units. If the optional arena argument is non-
- * null, the memory used will be obtained from that arena; otherwise,
- * the memory will be obtained from the heap. This routine may return
- * NULL upon error, in which case it will have set an error on the
- * error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_ORGANIZATIONAL_UNITS
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a null-terminated array of UTF8 Strings
- */
-
-NSS_EXTERN NSSUTF8 ** /* XXX fgmr DirectoryString */
-nssGeneralName_GetOrganizationalUnits
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetStateOrProvince
- *
- * This routine will attempt to derive a state or province name from
- * the specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished names containing a state or
- * province, the result will be the value of that attribute. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_STATE_OR_PROVINCE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssGeneralName_GetStateOrProvince
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetLocality
- *
- * This routine will attempt to derive a locality name from
- * the specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting
- * of a Sequence of Relative Distinguished names containing a Locality,
- * the result will be the value of that attribute. If the optional
- * arena argument is non-null, the memory used will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_LOCALITY
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssGeneralName_GetLocality
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetCountry
- *
- * This routine will attempt to derive a country name from the
- * specified general name, if the choices and content of the name
- * permit. If the General Name is a (directory) Name consisting of a
- * Sequence of Relative Distinguished names containing a Country, the
- * result will be the value of that attribute. If the optional
- * arena argument is non-null, the memory used will be obtained from
- * that arena; otherwise, the memory will be obtained from the heap.
- * This routine may return NULL upon error, in which case it will have
- * set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_COUNTRY
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr PrintableString */
-nssGeneralName_GetCountry
-(
- NSSGeneralName *generalName,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralName_GetAttribute
- *
- * If the specified general name is a (directory) name consisting
- * of a Sequence of Relative Distinguished Names containing an
- * attribute with the specified type, and the actual value of that
- * attribute may be expressed with a Directory String, then the
- * value of that attribute will be returned as a Directory String.
- * If the optional arena argument is non-null, the memory used will
- * be obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_ATTRIBUTE
- * NSS_ERROR_ATTRIBUTE_VALUE_NOT_STRING
- *
- * Return value:
- * NULL upon error
- * A pointer to a UTF8 String
- */
-
-NSS_EXTERN NSSUTF8 * /* XXX fgmr DirectoryString */
-nssGeneralName_GetAttribute
-(
- NSSGeneralName *generalName,
- NSSOID *attribute,
- NSSArena *arenaOpt
-);
-
-/*
- * NSSGeneralNameSeq
- *
- * The public "methods" regarding this "object" are:
- *
- * nssGeneralNameSeq_CreateFromBER -- constructor
- * nssGeneralNameSeq_Create -- constructor
- *
- * nssGeneralNameSeq_Destroy
- * nssGeneralNameSeq_GetDEREncoding
- * nssGeneralNameSeq_AppendGeneralName
- * nssGeneralNameSeq_GetGeneralNameCount
- * nssGeneralNameSeq_GetGeneralName
- * nssGeneralNameSeq_Compare
- * nssGeneralnameSeq_Duplicate
- */
-
-/*
- * nssGeneralNameSeq_CreateFromBER
- *
- * This routine creates a general name sequence by decoding a BER-
- * or DER-encoded GeneralNames. If the optional arena argument is
- * non-null, the memory used will be obtained from that arena;
- * otherwise, the memory will be obtained from the heap. This routine
- * may return NULL upon error, in which case it will have set an error
- * on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_BER
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSGeneralNameSeq upon success
- */
-
-NSS_EXTERN NSSGeneralNameSeq *
-nssGeneralNameSeq_CreateFromBER
-(
- NSSArena *arenaOpt,
- NSSBER *berGeneralNameSeq
-);
-
-/*
- * nssGeneralNameSeq_Create
- *
- * This routine creates an NSSGeneralNameSeq from one or more General
- * Names. The final argument to this routine must be NULL. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_NO_MEMORY
- * NSS_ERROR_INVALID_GENERAL_NAME
- *
- * Return value:
- * NULL upon error
- * A pointer to an NSSGeneralNameSeq upon success
- */
-
-NSS_EXTERN NSSGeneralNameSeq *
-nssGeneralNameSeq_Create
-(
- NSSArena *arenaOpt,
- NSSGeneralName *generalName1,
- ...
-);
-
-/*
- * nssGeneralNameSeq_Destroy
- *
- * This routine will destroy an NSSGeneralNameSeq object. It should
- * eventually be called on all NSSGeneralNameSeqs created without an
- * arena. While it is not necessary to call it on NSSGeneralNameSeq's
- * created within an arena, it is not an error to do so. This routine
- * returns a PRStatus value; if successful, it will return PR_SUCCESS.
- * If unsuccessful, it will set an error on the error stack and return
- * PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon success
- */
-
-NSS_EXTERN PRStatus
-nssGeneralNameSeq_Destroy
-(
- NSSGeneralNameSeq *generalNameSeq
-);
-
-/*
- * nssGeneralNameSeq_GetDEREncoding
- *
- * This routine will DER-encode an NSSGeneralNameSeq object. If the
- * optional arena argument is non-null, the memory used will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return null upon error, in which
- * case it will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * The DER encoding of this NSSGeneralNameSeq
- */
-
-NSS_EXTERN NSSDER *
-nssGeneralNameSeq_GetDEREncoding
-(
- NSSGeneralNameSeq *generalNameSeq,
- NSSArena *arenaOpt
-);
-
-/*
- * nssGeneralNameSeq_AppendGeneralName
- *
- * This routine appends a General Name to the end of the existing
- * General Name Sequence. If the sequence was created with a non-null
- * arena argument, that same arena will be used for any additional
- * required memory. If the sequence was created with a NULL arena
- * argument, any additional memory will be obtained from the heap.
- * This routine returns a PRStatus value; it will return PR_SUCCESS
- * upon success, and upon failure it will set an error on the error
- * stack and return PR_FAILURE.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- * NSS_ERROR_INVALID_GENERAL_NAME
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * PR_SUCCESS upon success
- * PR_FAILURE upon failure.
- */
-
-NSS_EXTERN PRStatus
-nssGeneralNameSeq_AppendGeneralName
-(
- NSSGeneralNameSeq *generalNameSeq,
- NSSGeneralName *generalName
-);
-
-/*
- * nssGeneralNameSeq_GetGeneralNameCount
- *
- * This routine returns the cardinality of the specified General name
- * Sequence. This routine may return 0 upon error, in which case it
- * will have set an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- *
- * Return value;
- * 0 upon error
- * A positive number upon success
- */
-
-NSS_EXTERN PRUint32
-nssGeneralNameSeq_GetGeneralNameCount
-(
- NSSGeneralNameSeq *generalNameSeq
-);
-
-/*
- * nssGeneralNameSeq_GetGeneralName
- *
- * This routine returns a pointer to the i'th General Name in the
- * specified General Name Sequence. The value of the variable 'i' is
- * on the range [0,c) where c is the cardinality returned from
- * NSSGeneralNameSeq_GetGeneralNameCount. The caller owns the General
- * Name the pointer to which is returned. If the optional arena
- * argument is non-null, the memory used will be obtained from that
- * arena; otherwise, the memory will be obtained from the heap. This
- * routine may return NULL upon error, in which case it will have set
- * an error upon the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- * NSS_ERROR_VALUE_OUT_OF_RANGE
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A caller-owned pointer to a General Name.
- */
-
-NSS_EXTERN NSSGeneralName *
-nssGeneralNameSeq_GetGeneralName
-(
- NSSGeneralNameSeq *generalNameSeq,
- NSSArena *arenaOpt,
- PRUint32 i
-);
-
-/*
- * nssGeneralNameSeq_Compare
- *
- * This routine compares two General Name Sequences for equality. For
- * two General Name Sequences to be equal, they must have the same
- * cardinality, and each General Name in one sequence must be equal to
- * the corresponding General Name in the other. The result of the
- * comparison will be stored at the location pointed to by the "equalp"
- * variable, which must point to a valid PRBool. This routine may
- * return PR_FAILURE upon error, in which case it will have set an
- * error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- * NSS_ERROR_INVALID_ARGUMENT
- *
- * Return value:
- * PR_FAILURE upon error
- * PR_SUCCESS upon a successful comparison (equal or not)
- */
-
-NSS_EXTERN PRStatus
-nssGeneralNameSeq_Compare
-(
- NSSGeneralNameSeq *generalNameSeq1,
- NSSGeneralNameSeq *generalNameSeq2,
- PRBool *equalp
-);
-
-/*
- * nssGeneralNameSeq_Duplicate
- *
- * This routine duplicates the specified sequence of general names. If
- * the optional arena argument is non-null, the memory required will be
- * obtained from that arena; otherwise, the memory will be obtained
- * from the heap. This routine may return NULL upon error, in which
- * case it will have placed an error on the error stack.
- *
- * The error may be one of the following values:
- * NSS_ERROR_INVALID_GENERAL_NAME_SEQ
- * NSS_ERROR_NO_MEMORY
- *
- * Return value:
- * NULL upon error
- * A pointer to a new General Name Sequence.
- */
-
-NSS_EXTERN NSSGeneralNameSeq *
-nssGeneralNameSeq_Duplicate
-(
- NSSGeneralNameSeq *generalNameSeq,
- NSSArena *arenaOpt
-);
-
-PR_END_EXTERN_C
-
-#endif /* PKI1_H */
diff --git a/security/nss/lib/pki1/pki1t.h b/security/nss/lib/pki1/pki1t.h
deleted file mode 100644
index de6e5c835..000000000
--- a/security/nss/lib/pki1/pki1t.h
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifndef PKI1T_H
-#define PKI1T_H
-
-#ifdef DEBUG
-static const char PKI1T_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * pki1t.h
- *
- * This file contains definitions for the types used in the PKIX part-1
- * code, but not available publicly.
- */
-
-#ifndef BASET_H
-#include "baset.h"
-#endif /* BASET_H */
-
-#ifndef NSSPKI1T_H
-#include "nsspki1t.h"
-#endif /* NSSPKI1T_H */
-
-PR_BEGIN_EXTERN_C
-
-/*
- * NSSOID
- *
- * This structure is used to hold our internal table of built-in OID
- * data. The fields are as follows:
- *
- * NSSItem data -- this is the actual DER-encoded multinumber oid
- * const char *expl -- this explains the derivation, and is checked
- * in a unit test. While the field always exists,
- * it is only populated or used in debug builds.
- *
- */
-
-struct NSSOIDStr {
-#ifdef DEBUG
- const NSSUTF8 *tag;
- const NSSUTF8 *expl;
-#endif /* DEBUG */
- NSSItem data;
-};
-
-/*
- * nssAttributeTypeAliasTable
- *
- * Attribute types are passed around as oids (at least in the X.500
- * and PKI worlds, as opposed to ldap). However, when written as
- * strings they usually have well-known aliases, e.g., "ou" or "c."
- *
- * This type defines a table, populated in the generated oiddata.c
- * file, of the aliases we recognize.
- *
- * The fields are as follows:
- *
- * NSSUTF8 *alias -- a well-known string alias for an oid
- * NSSOID *oid -- the oid to which the alias corresponds
- *
- */
-
-struct nssAttributeTypeAliasTableStr {
- const NSSUTF8 *alias;
- const NSSOID **oid;
-};
-typedef struct nssAttributeTypeAliasTableStr nssAttributeTypeAliasTable;
-
-PR_END_EXTERN_C
-
-#endif /* PKI1T_H */
diff --git a/security/nss/lib/pki1/rdn.c b/security/nss/lib/pki1/rdn.c
deleted file mode 100644
index f778de22c..000000000
--- a/security/nss/lib/pki1/rdn.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * rdn.c
- *
- * This file contains the implementation of the PKIX part-1 object
- * RelativeDistinguishedName.
- */
-
-#ifndef NSSBASE_H
-#include "nssbase.h"
-#endif /* NSSBASE_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-#ifndef PKI1_H
-#include "pki1.h"
-#endif /* PKI1_H */
-
-/*
- * RelativeDistinguishedName
- *
- * From draft-ietf-pkix-ipki-part1-10:
- *
- * RelativeDistinguishedName ::=
- * SET SIZE (1 .. MAX) OF AttributeTypeAndValue
- *
- * An RDN is merely an (unordered) set of ATAV's. The setSize (that's
- * a noun, not a verb) variable is a "helper" variable kept for
- * convenience.
- */
-
-struct nssRDNStr {
- PRUint32 setSize;
- NSSATAV **atavs;
-};
diff --git a/security/nss/lib/pki1/rdnseq.c b/security/nss/lib/pki1/rdnseq.c
deleted file mode 100644
index bbd4dfe4b..000000000
--- a/security/nss/lib/pki1/rdnseq.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$";
-#endif /* DEBUG */
-
-/*
- * rdnseq.c
- *
- * This file contains the implementation of the PKIX part-1 object
- * RDNSequence.
- */
-
-#ifndef NSSBASE_H
-#include "nssbase.h"
-#endif /* NSSBASE_H */
-
-#ifndef ASN1_H
-#include "asn1.h"
-#endif /* ASN1_H */
-
-#ifndef PKI1_H
-#include "pki1.h"
-#endif /* PKI1_H */
-
-/*
- * RDNSequence
- *
- * From draft-ietf-pkix-ipki-part1-10:
- *
- * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
- *
- * An RDNSequence is simply an (ordered) sequence of RDN's. The
- * seqSize variable is a "helper" kept for simplicity.
- */
-
-struct nssRDNSeqStr {
- PRUint32 seqSize;
- NSSRDN **rdns;
-};
View Lorry Controller Status