xconst.c - mozsearch

Enable keyboard shortcuts

/* This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this

 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/*

 * X.509 Extension Encoding

*/

#include "prtypes.h"

#include "seccomon.h"

#include "secdert.h"

#include "secoidt.h"

#include "secasn1t.h"

#include "secasn1.h"

#include "cert.h"

#include "secder.h"

#include "prprf.h"

#include "xconst.h"

#include "genname.h"

#include "secasn1.h"

#include "secerr.h"

static const SEC_ASN1Template CERTSubjectKeyIDTemplate[] = {

    { SEC_ASN1_OCTET_STRING }

};

static const SEC_ASN1Template CERTIA5TypeTemplate[] = {

    { SEC_ASN1_IA5_STRING }

};

SEC_ASN1_MKSUB(SEC_GeneralizedTimeTemplate)

static const SEC_ASN1Template CERTPrivateKeyUsagePeriodTemplate[] = {

    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPrivKeyUsagePeriod) },

    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,

      offsetof(CERTPrivKeyUsagePeriod, notBefore),

      SEC_ASN1_SUB(SEC_GeneralizedTimeTemplate) },

    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,

      offsetof(CERTPrivKeyUsagePeriod, notAfter),

      SEC_ASN1_SUB(SEC_GeneralizedTimeTemplate) },

    { 0 }

};

const SEC_ASN1Template CERTAltNameTemplate[] = {

    { SEC_ASN1_CONSTRUCTED, offsetof(CERTAltNameEncodedContext, encodedGenName),

      CERT_GeneralNamesTemplate }

};

const SEC_ASN1Template CERTAuthInfoAccessItemTemplate[] = {

    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAuthInfoAccess) },

    { SEC_ASN1_OBJECT_ID, offsetof(CERTAuthInfoAccess, method) },

    { SEC_ASN1_ANY, offsetof(CERTAuthInfoAccess, derLocation) },

    { 0 }

};

const SEC_ASN1Template CERTAuthInfoAccessTemplate[] = {

    { SEC_ASN1_SEQUENCE_OF, 0, CERTAuthInfoAccessItemTemplate }

};

SECStatus

CERT_EncodeSubjectKeyID(PLArenaPool *arena, const SECItem *srcString,

                        SECItem *encodedValue)

    SECStatus rv = SECSuccess;

    if (!srcString) {

        PORT_SetError(SEC_ERROR_INVALID_ARGS);

        return SECFailure;

    if (SEC_ASN1EncodeItem(arena, encodedValue, srcString,

                           CERTSubjectKeyIDTemplate) == NULL) {

        rv = SECFailure;

    return (rv);

SECStatus

CERT_EncodePrivateKeyUsagePeriod(PLArenaPool *arena,

                                 CERTPrivKeyUsagePeriod *pkup,

                                 SECItem *encodedValue)

    SECStatus rv = SECSuccess;

    if (SEC_ASN1EncodeItem(arena, encodedValue, pkup,

                           CERTPrivateKeyUsagePeriodTemplate) == NULL) {

        rv = SECFailure;

    return (rv);

CERTPrivKeyUsagePeriod *

CERT_DecodePrivKeyUsagePeriodExtension(PLArenaPool *arena, SECItem *extnValue)

    SECStatus rv;

    CERTPrivKeyUsagePeriod *pPeriod;

    SECItem newExtnValue;

    /* allocate the certificate policies structure */

    pPeriod = PORT_ArenaZNew(arena, CERTPrivKeyUsagePeriod);

    if (pPeriod == NULL) {

        goto loser;

    pPeriod->arena = arena;

    /* copy the DER into the arena, since Quick DER returns data that points

       into the DER input, which may get freed by the caller */

    rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);

    if (rv != SECSuccess) {

        goto loser;

    rv = SEC_QuickDERDecodeItem(

        arena, pPeriod, CERTPrivateKeyUsagePeriodTemplate, &newExtnValue);

    if (rv != SECSuccess) {

        goto loser;

    return pPeriod;

loser:

    return NULL;

SECStatus

CERT_EncodeIA5TypeExtension(PLArenaPool *arena, char *value,

                            SECItem *encodedValue)

    SECItem encodeContext;

    SECStatus rv = SECSuccess;

    PORT_Memset(&encodeContext, 0, sizeof(encodeContext));

    if (value != NULL) {

        encodeContext.data = (unsigned char *)value;

        encodeContext.len = strlen(value);

    if (SEC_ASN1EncodeItem(arena, encodedValue, &encodeContext,

                           CERTIA5TypeTemplate) == NULL) {

        rv = SECFailure;

    return (rv);

SECStatus

CERT_EncodeAltNameExtension(PLArenaPool *arena, CERTGeneralName *value,

                            SECItem *encodedValue)

    SECItem **encodedGenName;

    SECStatus rv = SECSuccess;

    encodedGenName = cert_EncodeGeneralNames(arena, value);

    if (SEC_ASN1EncodeItem(arena, encodedValue, &encodedGenName,

                           CERT_GeneralNamesTemplate) == NULL) {

        rv = SECFailure;

    return rv;

CERTGeneralName *

CERT_DecodeAltNameExtension(PLArenaPool *reqArena, SECItem *EncodedAltName)

    SECStatus rv = SECSuccess;

    CERTAltNameEncodedContext encodedContext;

    SECItem *newEncodedAltName;

    if (!reqArena) {

        PORT_SetError(SEC_ERROR_INVALID_ARGS);

        return NULL;

    newEncodedAltName = SECITEM_ArenaDupItem(reqArena, EncodedAltName);

    if (!newEncodedAltName) {

        return NULL;

    encodedContext.encodedGenName = NULL;

    PORT_Memset(&encodedContext, 0, sizeof(CERTAltNameEncodedContext));

    rv = SEC_QuickDERDecodeItem(reqArena, &encodedContext,

                                CERT_GeneralNamesTemplate, newEncodedAltName);

    if (rv == SECFailure) {

        goto loser;

    if (encodedContext.encodedGenName && encodedContext.encodedGenName[0])

        return cert_DecodeGeneralNames(reqArena, encodedContext.encodedGenName);

    /* Extension contained an empty GeneralNames sequence */

    /* Treat as extension not found */

    PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);

loser:

    return NULL;

SECStatus

CERT_EncodeNameConstraintsExtension(PLArenaPool *arena,

                                    CERTNameConstraints *value,

                                    SECItem *encodedValue)

    SECStatus rv = SECSuccess;

    rv = cert_EncodeNameConstraints(value, arena, encodedValue);

    return rv;

CERTNameConstraints *

CERT_DecodeNameConstraintsExtension(PLArenaPool *arena,

                                    const SECItem *encodedConstraints)

    return cert_DecodeNameConstraints(arena, encodedConstraints);

CERTAuthInfoAccess **

CERT_DecodeAuthInfoAccessExtension(PLArenaPool *reqArena,

                                   const SECItem *encodedExtension)

    CERTAuthInfoAccess **info = NULL;

    SECStatus rv;

    int i;

    SECItem *newEncodedExtension;

    if (!reqArena) {

        PORT_SetError(SEC_ERROR_INVALID_ARGS);

        return NULL;

    newEncodedExtension = SECITEM_ArenaDupItem(reqArena, encodedExtension);

    if (!newEncodedExtension) {

        return NULL;

    rv = SEC_QuickDERDecodeItem(reqArena, &info, CERTAuthInfoAccessTemplate,

                                newEncodedExtension);

    if (rv != SECSuccess || info == NULL) {

        return NULL;

    for (i = 0; info[i] != NULL; i++) {

        info[i]->location =

            CERT_DecodeGeneralName(reqArena, &(info[i]->derLocation), NULL);

    return info;

SECStatus

CERT_EncodeInfoAccessExtension(PLArenaPool *arena, CERTAuthInfoAccess **info,

                               SECItem *dest)

    SECItem *dummy;

    int i;

    PORT_Assert(info != NULL);

    PORT_Assert(dest != NULL);

    if (info == NULL || dest == NULL) {

        return SECFailure;

    for (i = 0; info[i] != NULL; i++) {

        if (CERT_EncodeGeneralName(info[i]->location, &(info[i]->derLocation),

                                   arena) == NULL)

            /* Note that this may leave some of the locations filled in. */

            return SECFailure;

    dummy = SEC_ASN1EncodeItem(arena, dest, &info, CERTAuthInfoAccessTemplate);

    if (dummy == NULL) {

        return SECFailure;

    return SECSuccess;