OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | 4 |
5 /* | 5 /* |
6 * Code for dealing with x.509 v3 CRL Distribution Point extension. | 6 * Code for dealing with x.509 v3 CRL Distribution Point extension. |
7 */ | 7 */ |
8 #include "genname.h" | 8 #include "genname.h" |
9 #include "certt.h" | 9 #include "certt.h" |
10 #include "secerr.h" | 10 #include "secerr.h" |
11 | 11 |
12 SEC_ASN1_MKSUB(SEC_AnyTemplate) | 12 SEC_ASN1_MKSUB(SEC_AnyTemplate) |
13 SEC_ASN1_MKSUB(SEC_BitStringTemplate) | 13 SEC_ASN1_MKSUB(SEC_BitStringTemplate) |
14 | 14 |
15 extern void PrepareBitStringForEncoding (SECItem *bitMap, SECItem *value); | 15 extern void PrepareBitStringForEncoding(SECItem *bitMap, SECItem *value); |
16 | 16 |
17 static const SEC_ASN1Template FullNameTemplate[] = { | 17 static const SEC_ASN1Template FullNameTemplate[] = { |
18 {SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 0, | 18 {SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 0, |
19 offsetof (CRLDistributionPoint,derFullName),· | 19 offsetof (CRLDistributionPoint,derFullName),· |
20 CERT_GeneralNamesTemplate} | 20 CERT_GeneralNamesTemplate} |
21 }; | 21 }; |
22 | 22 |
23 static const SEC_ASN1Template RelativeNameTemplate[] = { | 23 static const SEC_ASN1Template RelativeNameTemplate[] = { |
24 {SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 1,· | 24 {SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 1,· |
25 offsetof (CRLDistributionPoint,distPoint.relativeName),· | 25 offsetof (CRLDistributionPoint,distPoint.relativeName),· |
(...skipping 26 matching lines...) Expand all Loading... |
52 SEC_ASN1_CONSTRUCTED | 2, | 52 SEC_ASN1_CONSTRUCTED | 2, |
53 offsetof(CRLDistributionPoint, derCrlIssuer),· | 53 offsetof(CRLDistributionPoint, derCrlIssuer),· |
54 CERT_GeneralNamesTemplate}, | 54 CERT_GeneralNamesTemplate}, |
55 { 0 } | 55 { 0 } |
56 }; | 56 }; |
57 | 57 |
58 const SEC_ASN1Template CERTCRLDistributionPointsTemplate[] = { | 58 const SEC_ASN1Template CERTCRLDistributionPointsTemplate[] = { |
59 {SEC_ASN1_SEQUENCE_OF, 0, CRLDistributionPointTemplate} | 59 {SEC_ASN1_SEQUENCE_OF, 0, CRLDistributionPointTemplate} |
60 }; | 60 }; |
61 | 61 |
| 62 /* clang-format on */ |
| 63 |
62 SECStatus | 64 SECStatus |
63 CERT_EncodeCRLDistributionPoints (PLArenaPool *arena,· | 65 CERT_EncodeCRLDistributionPoints(PLArenaPool *arena, |
64 » » » » CERTCrlDistributionPoints *value, | 66 CERTCrlDistributionPoints *value, |
65 » » » » SECItem *derValue) | 67 SECItem *derValue) |
66 { | 68 { |
67 CRLDistributionPoint **pointList, *point; | 69 CRLDistributionPoint **pointList, *point; |
68 PLArenaPool *ourPool = NULL; | 70 PLArenaPool *ourPool = NULL; |
69 SECStatus rv = SECSuccess; | 71 SECStatus rv = SECSuccess; |
70 | 72 |
71 PORT_Assert (derValue); | 73 PORT_Assert(derValue); |
72 PORT_Assert (value && value->distPoints); | 74 PORT_Assert(value && value->distPoints); |
73 | 75 |
74 do { | 76 do { |
75 » ourPool = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE); | 77 ourPool = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); |
76 » if (ourPool == NULL) { | 78 if (ourPool == NULL) { |
77 » rv = SECFailure; | 79 rv = SECFailure; |
78 » break; | 80 break; |
79 » }···· | 81 } |
80 »······· | |
81 » pointList = value->distPoints; | |
82 » while (*pointList) { | |
83 » point = *pointList; | |
84 » point->derFullName = NULL; | |
85 » point->derDistPoint.data = NULL; | |
86 | 82 |
87 » switch (point->distPointType) { | 83 pointList = value->distPoints; |
88 » case generalName: | 84 while (*pointList) { |
89 » » point->derFullName = cert_EncodeGeneralNames | 85 point = *pointList; |
90 » » (ourPool, point->distPoint.fullName); | 86 point->derFullName = NULL; |
91 » »······· | 87 point->derDistPoint.data = NULL; |
92 » » if (!point->derFullName || | |
93 » » !SEC_ASN1EncodeItem (ourPool, &point->derDistPoint, | |
94 » » » point, FullNameTemplate)) | |
95 » » rv = SECFailure; | |
96 » » break; | |
97 | 88 |
98 » case relativeDistinguishedName: | 89 switch (point->distPointType) { |
99 » » if (!SEC_ASN1EncodeItem(ourPool, &point->derDistPoint,· | 90 case generalName: |
100 » » point, RelativeNameTemplate))· | 91 point->derFullName = cert_EncodeGeneralNames(ourPool, point-
>distPoint.fullName); |
101 » » rv = SECFailure; | |
102 » » break; | |
103 | 92 |
104 » /* distributionPointName is omitted */ | 93 if (!point->derFullName || |
105 » case 0: break; | 94 !SEC_ASN1EncodeItem(ourPool, &point->derDistPoint, |
| 95 point, FullNameTemplate)) |
| 96 rv = SECFailure; |
| 97 break; |
106 | 98 |
107 » default: | 99 case relativeDistinguishedName: |
108 » » PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID); | 100 if (!SEC_ASN1EncodeItem(ourPool, &point->derDistPoint, |
109 » » rv = SECFailure; | 101 point, RelativeNameTemplate)) |
110 » » break; | 102 rv = SECFailure; |
111 » } | 103 break; |
112 | 104 |
113 » if (rv != SECSuccess) | 105 /* distributionPointName is omitted */ |
114 » » break; | 106 case 0: |
| 107 break; |
115 | 108 |
116 » if (point->reasons.data) | 109 default: |
117 » » PrepareBitStringForEncoding (&point->bitsmap, &point->reasons); | 110 PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID); |
| 111 rv = SECFailure; |
| 112 break; |
| 113 } |
118 | 114 |
119 » if (point->crlIssuer) { | 115 if (rv != SECSuccess) |
120 » » point->derCrlIssuer = cert_EncodeGeneralNames | 116 break; |
121 » » (ourPool, point->crlIssuer); | 117 |
122 » » if (!point->derCrlIssuer) { | 118 if (point->reasons.data) |
123 » » rv = SECFailure; | 119 PrepareBitStringForEncoding(&point->bitsmap, &point->reasons); |
124 » » break; | 120 |
125 » » } | 121 if (point->crlIssuer) { |
126 » } | 122 point->derCrlIssuer = cert_EncodeGeneralNames(ourPool, point->cr
lIssuer); |
127 » ++pointList; | 123 if (!point->derCrlIssuer) { |
128 » } | 124 rv = SECFailure; |
129 » if (rv != SECSuccess) | 125 break; |
130 » break; | 126 } |
131 » if (!SEC_ASN1EncodeItem(arena, derValue, value,· | 127 } |
132 » » CERTCRLDistributionPointsTemplate)) { | 128 ++pointList; |
133 » rv = SECFailure; | 129 } |
134 » break; | 130 if (rv != SECSuccess) |
135 » } | 131 break; |
| 132 if (!SEC_ASN1EncodeItem(arena, derValue, value, |
| 133 CERTCRLDistributionPointsTemplate)) { |
| 134 rv = SECFailure; |
| 135 break; |
| 136 } |
136 } while (0); | 137 } while (0); |
137 PORT_FreeArena (ourPool, PR_FALSE); | 138 PORT_FreeArena(ourPool, PR_FALSE); |
138 return rv; | 139 return rv; |
139 } | 140 } |
140 | 141 |
141 CERTCrlDistributionPoints * | 142 CERTCrlDistributionPoints * |
142 CERT_DecodeCRLDistributionPoints (PLArenaPool *arena, SECItem *encodedValue) | 143 CERT_DecodeCRLDistributionPoints(PLArenaPool *arena, SECItem *encodedValue) |
143 { | 144 { |
144 CERTCrlDistributionPoints *value = NULL;···· | 145 CERTCrlDistributionPoints *value = NULL; |
145 CRLDistributionPoint **pointList, *point;···· | 146 CRLDistributionPoint **pointList, *point; |
146 SECStatus rv = SECSuccess; | 147 SECStatus rv = SECSuccess; |
147 SECItem newEncodedValue; | 148 SECItem newEncodedValue; |
148 | 149 |
149 PORT_Assert (arena); | 150 PORT_Assert(arena); |
150 do { | 151 do { |
151 » value = PORT_ArenaZNew(arena, CERTCrlDistributionPoints); | 152 value = PORT_ArenaZNew(arena, CERTCrlDistributionPoints); |
152 » if (value == NULL) { | 153 if (value == NULL) { |
153 » rv = SECFailure; | 154 rv = SECFailure; |
154 » break; | 155 break; |
155 » } | 156 } |
156 | 157 |
157 /* copy the DER into the arena, since Quick DER returns data that points | 158 /* copy the DER into the arena, since Quick DER returns data that points |
158 into the DER input, which may get freed by the caller */ | 159 into the DER input, which may get freed by the caller */ |
159 rv = SECITEM_CopyItem(arena, &newEncodedValue, encodedValue); | 160 rv = SECITEM_CopyItem(arena, &newEncodedValue, encodedValue); |
160 if (rv != SECSuccess) | 161 if (rv != SECSuccess) |
161 » break; | 162 break; |
162 | 163 |
163 » rv = SEC_QuickDERDecodeItem(arena, &value->distPoints,· | 164 rv = SEC_QuickDERDecodeItem(arena, &value->distPoints, |
164 » » CERTCRLDistributionPointsTemplate, &newEncodedValue); | 165 CERTCRLDistributionPointsTemplate, &newEncod
edValue); |
165 » if (rv != SECSuccess) | 166 if (rv != SECSuccess) |
166 » break; | 167 break; |
167 | 168 |
168 » pointList = value->distPoints; | 169 pointList = value->distPoints; |
169 » while (NULL != (point = *pointList)) { | 170 while (NULL != (point = *pointList)) { |
170 | 171 |
171 » /* get the data if the distributionPointName is not omitted */ | 172 /* get the data if the distributionPointName is not omitted */ |
172 » if (point->derDistPoint.data != NULL) { | 173 if (point->derDistPoint.data != NULL) { |
173 » » rv = SEC_QuickDERDecodeItem(arena, point,· | 174 rv = SEC_QuickDERDecodeItem(arena, point, |
174 » » » DistributionPointNameTemplate, &(point->derDistPoint)); | 175 DistributionPointNameTemplate, &(poi
nt->derDistPoint)); |
175 » » if (rv != SECSuccess) | 176 if (rv != SECSuccess) |
176 » » break; | 177 break; |
177 | 178 |
178 » » switch (point->distPointType) { | 179 switch (point->distPointType) { |
179 » » case generalName: | 180 case generalName: |
180 » » point->distPoint.fullName =· | 181 point->distPoint.fullName = |
181 » » » cert_DecodeGeneralNames(arena, point->derFullName); | 182 cert_DecodeGeneralNames(arena, point->derFullName); |
182 » » rv = point->distPoint.fullName ? SECSuccess : SECFailure; | 183 rv = point->distPoint.fullName ? SECSuccess : SECFailure
; |
183 » » break; | 184 break; |
184 | 185 |
185 » » case relativeDistinguishedName: | 186 case relativeDistinguishedName: |
186 » » break; | 187 break; |
187 | 188 |
188 » » default: | 189 default: |
189 » » PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID); | 190 PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID); |
190 » » rv = SECFailure; | 191 rv = SECFailure; |
191 » » break; | 192 break; |
192 » » } /* end switch */ | 193 } /* end switch */ |
193 » » if (rv != SECSuccess) | 194 if (rv != SECSuccess) |
194 » » break; | 195 break; |
195 » } /* end if */ | 196 } /* end if */ |
196 | 197 |
197 » /* Get the reason code if it's not omitted in the encoding */ | 198 /* Get the reason code if it's not omitted in the encoding */ |
198 » if (point->bitsmap.data != NULL) { | 199 if (point->bitsmap.data != NULL) { |
199 » » SECItem bitsmap = point->bitsmap; | 200 SECItem bitsmap = point->bitsmap; |
200 » » DER_ConvertBitString(&bitsmap); | 201 DER_ConvertBitString(&bitsmap); |
201 » » rv = SECITEM_CopyItem(arena, &point->reasons, &bitsmap); | 202 rv = SECITEM_CopyItem(arena, &point->reasons, &bitsmap); |
202 » » if (rv != SECSuccess) | 203 if (rv != SECSuccess) |
203 » » break; | 204 break; |
204 » } | 205 } |
205 | 206 |
206 » /* Get the crl issuer name if it's not omitted in the encoding */ | 207 /* Get the crl issuer name if it's not omitted in the encoding */ |
207 » if (point->derCrlIssuer != NULL) { | 208 if (point->derCrlIssuer != NULL) { |
208 » » point->crlIssuer = cert_DecodeGeneralNames(arena,· | 209 point->crlIssuer = cert_DecodeGeneralNames(arena, |
209 » » » point->derCrlIssuer); | 210 point->derCrlIssuer); |
210 » » if (!point->crlIssuer) | 211 if (!point->crlIssuer) |
211 » » break; | 212 break; |
212 » } | 213 } |
213 » ++pointList; | 214 ++pointList; |
214 » } /* end while points remain */ | 215 } /* end while points remain */ |
215 } while (0); | 216 } while (0); |
216 return (rv == SECSuccess ? value : NULL); | 217 return (rv == SECSuccess ? value : NULL); |
217 } | 218 } |
OLD | NEW |