Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add support for key identifiers

Browse Source 
git-svn-id: svn://10.0.0.236/branches/STAN_WORK_BRANCH@129419 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
ian.mcgreer%sun.com
2002-09-12 21:04:47 +00:00
parent 2011b63f8a
commit 0cb06e0fde
16 changed files with 994 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
mozilla/security/nss/cmd/cmdlib/cmderrors.c
View File

@@ -224,15 +224,19 @@ CMD_PrintError(char *message, ...)
va_list args;
e = NSS_GetError();
text = get_error_text(e);
va_start(args, message);
PR_vfprintf(PR_STDERR, message, args);
if (text) {
PR_fprintf(PR_STDERR, ": %s\n", text);
if (e) {
text = get_error_text(e);
if (text) {
PR_fprintf(PR_STDERR, ": %s\n", text);
} else {
PR_fprintf(PR_STDERR, ": (%d)\n", e);
}
} else {
PR_fprintf(PR_STDERR, ": (%d)\n", e);
PR_fprintf(PR_STDERR, "\n");
}
va_end(args);

62
mozilla/security/nss/cmd/cmdlib/cmdpp.c
View File

@@ -112,7 +112,8 @@ CMD_PrintHex(CMDPrinter *printer, NSSItem *item, char *message)
int i;
unsigned char *buf = (unsigned char *)item->data;
print_heading(printer, message);
if (message)
print_heading(printer, message);
for (i = 0; i < item->size; i++) {
if (i < item->size - 1) {
PR_fprintf(printer->out, "%02x:", buf[i]);
@@ -236,6 +237,44 @@ CMD_PrintPKIXKeyUsage(CMDPrinter *printer, NSSPKIXKeyUsage *keyUsage,
unindent(printer);
}
void
CMD_PrintPKIXBasicConstraints(CMDPrinter *printer,
NSSPKIXBasicConstraints *bc,
char *message)
{
print_heading(printer, message);
newline_reset(printer);
indent(printer);
if (NSSPKIXBasicConstraints_IsCA(bc)) {
PR_fprintf(printer->out, "Certificate is CA");
newline(printer);
PR_fprintf(printer->out, "With maximum path length %d",
NSSPKIXBasicConstraints_GetPathLengthConstraint(bc));
} else {
PR_fprintf(printer->out, "Certificate is not CA");
}
unindent(printer);
}
void
CMD_PrintPKIXAuthorityKeyID(CMDPrinter *printer,
NSSPKIXAuthorityKeyIdentifier *akid,
char *message)
{
NSSPKIXKeyIdentifier *kid;
print_heading(printer, message);
newline_reset(printer);
indent(printer);
kid = NSSPKIXAuthorityKeyIdentifier_GetKeyIdentifier(akid);
CMD_PrintHex(printer, kid, "Key Identifier");
unindent(printer);
}
void
CMD_PrintPKIXnsCertType(CMDPrinter *printer,
NSSPKIXnetscapeCertType *nsCertType,
@@ -293,6 +332,9 @@ CMD_PrintPKIXExtensions(CMDPrinter *printer, NSSPKIXExtensions *extensions,
char *message)
{
NSSPKIXKeyUsage *keyUsage;
NSSPKIXBasicConstraints *bc;
NSSPKIXAuthorityKeyIdentifier *akid;
NSSPKIXSubjectKeyIdentifier *skid;
NSSPKIXnetscapeCertType *nsCertType;
print_heading(printer, message);
@@ -305,6 +347,24 @@ CMD_PrintPKIXExtensions(CMDPrinter *printer, NSSPKIXExtensions *extensions,
newline_reset(printer);
}
bc = NSSPKIXExtensions_GetBasicConstraints(extensions);
if (bc) {
CMD_PrintPKIXBasicConstraints(printer, bc, "Basic Constraints");
newline_reset(printer);
}
akid = NSSPKIXExtensions_GetAuthorityKeyIdentifier(extensions);
if (akid) {
CMD_PrintPKIXAuthorityKeyID(printer, akid, "Authority Key Identifier");
newline_reset(printer);
}
skid = NSSPKIXExtensions_GetSubjectKeyIdentifier(extensions);
if (skid) {
CMD_PrintHex(printer, skid, "Subject Key Identifier");
newline_reset(printer);
}
nsCertType = NSSPKIXExtensions_GetNetscapeCertType(extensions);
if (keyUsage) {
CMD_PrintPKIXnsCertType(printer, nsCertType, "netscape Cert Type");

14
mozilla/security/nss/cmd/cmdlib/errorgen.perl
View File

@@ -31,7 +31,7 @@
# may use your version of this file under either the MPL or the
# GPL.
#
$cvs_id = '@(#) $RCSfile: errorgen.perl,v $ $Revision: 1.1.2.1 $ $Date: 2002-09-10 23:24:11 $ $Name: not supported by cvs2svn $';
$cvs_id = '@(#) $RCSfile: errorgen.perl,v $ $Revision: 1.1.2.2 $ $Date: 2002-09-12 21:04:19 $ $Name: not supported by cvs2svn $';
$cfile = shift;
open(CFILE, "> $cfile") || die "Can't open $cfile: $!";
@@ -134,15 +134,19 @@ CMD_PrintError(char *message, ...)
va_list args;
e = NSS_GetError();
text = get_error_text(e);
va_start(args, message);
PR_vfprintf(PR_STDERR, message, args);
if (text) {
PR_fprintf(PR_STDERR, ": %s\\n", text);
if (e) {
text = get_error_text(e);
if (text) {
PR_fprintf(PR_STDERR, ": %s\\n", text);
} else {
PR_fprintf(PR_STDERR, ": (%d)\\n", e);
}
} else {
PR_fprintf(PR_STDERR, ": (%d)\\n", e);
PR_fprintf(PR_STDERR, "\\n");
}
va_end(args);

118
mozilla/security/nss/cmd/pkiutil/pkiobject.c
View File

@@ -32,19 +32,67 @@ get_object_class(char *type)
return PKIUnknown;
}
/* XXX */
static NSSItem *
get_cert_serial_number(NSSCertificate *c)
{
NSSPKIXCertificate *pkixCert;
NSSPKIXTBSCertificate *tbsCert;
pkixCert = (NSSPKIXCertificate *)NSSCertificate_GetDecoding(c);
tbsCert = NSSPKIXCertificate_GetTBSCertificate(pkixCert);
return NSSPKIXTBSCertificate_GetSerialNumber(tbsCert);
}
/* XXX should have a filter function */
static NSSCertificate *
find_nick_cert_by_sn(NSSTrustDomain *td, char *nickname, char *serial)
{
int i = 0;
NSSCertificate **certs;
NSSCertificate *c = NULL;
certs = NSSTrustDomain_FindCertificatesByNickname(td, nickname,
NULL, 0, NULL);
if (certs) {
while (certs[i]) {
NSSItem *sn = get_cert_serial_number(certs[i]);
NSSItem *ser;
CMDFileMode mode = CMDFileMode_Hex;
ser = CMD_GetDataFromBuffer(serial, strlen(serial), &mode);
if (NSSItem_Equal(sn, ser, NULL)) {
int j = i;
c = certs[i];
/* XXX super-hack while not filter */
while (certs[i+1]) i++;
certs[j] = certs[i];
certs[i] = NULL;
break;
}
i++;
}
NSSCertificateArray_Destroy(certs);
}
return c;
}
static PRStatus
print_cert_callback(NSSCertificate *c, void *arg)
{
CMDRunTimeData *rtData = (CMDRunTimeData *)arg;
CMDPrinter printer;
NSSUTF8 *nickname = nssCertificate_GetNickname(c, NULL);
NSSItem *serialNumber;
#if 0
PRBool isUserCert = NSSCertificate_IsPrivateKeyAvailable(c, NULL, NULL);
#else
PRBool isUserCert = PR_FALSE;
#endif
PR_fprintf(rtData->output.file, "Listing %c %s\n",
serialNumber = get_cert_serial_number(c);
PR_fprintf(rtData->output.file, "%c %-40s",
(isUserCert) ? '*' : ' ',
nickname);
CMD_InitPrinter(&printer, rtData->output.file, 0, 80);
CMD_PrintHex(&printer, serialNumber, NULL);
PR_fprintf(rtData->output.file, "\n");
return PR_SUCCESS;
}
@@ -239,17 +287,33 @@ ListObjects
return status;
}
static PRStatus
dump_cert_chain
PRStatus
ListChain
(
NSSTrustDomain *td,
NSSCertificate *c,
char *nickname,
char *serial,
PRUint32 maximumOpt,
CMDRunTimeData *rtData
)
{
int i;
PRStatus status;
PRUint32 i, j;
NSSCertificate **chain, **chainp;
NSSCertificate *c;
NSSCertificate **chain;
if (serial) {
c = find_nick_cert_by_sn(td, nickname, serial);
} else {
c = NSSTrustDomain_FindBestCertificateByNickname(td, nickname,
NSSTime_Now(),
NULL, NULL);
}
if (!c) {
CMD_PrintError("Failed to find certificate %s", nickname);
return PR_FAILURE;
}
chain = NSSCertificate_BuildChain(c, NSSTime_Now(),
NULL, /* usage */
@@ -258,13 +322,11 @@ dump_cert_chain
0, /* rvLimit */
NULL, /* arena */
&status);
chainp = chain;
i = 0;
while (chainp && *chainp) {
for (j=0; j<i; j++) PR_fprintf(rtData->output.file, " ");
status = print_cert_callback(*chainp, rtData);
i++;
chainp++;
while (chain[++i]);
while (i > 0) {
--i;
status = print_cert_callback(chain[i], rtData);
}
NSSCertificateArray_Destroy(chain);
return PR_SUCCESS;
@@ -302,8 +364,8 @@ DumpObject
NSSTrustDomain *td,
char *objectType,
char *nickname,
char *serialOpt,
PRBool info,
PRBool chain,
CMDRunTimeData *rtData
)
{
@@ -313,12 +375,9 @@ DumpObject
switch (get_object_class(objectType)) {
case PKICertificate:
case PKIAny: /* default to certificate */
if (chain) {
c = NSSTrustDomain_FindBestCertificateByNickname(td, nickname,
NSSTime_Now(),
NULL,
NULL);
status = dump_cert_chain(td, c, rtData);
if (serialOpt) {
c = find_nick_cert_by_sn(td, nickname, serialOpt);
status = dump_cert_info(td, c, rtData);
NSSCertificate_Destroy(c);
} else if (info) {
c = NSSTrustDomain_FindBestCertificateByNickname(td, nickname,
@@ -348,6 +407,7 @@ ValidateCert
(
NSSTrustDomain *td,
char *nickname,
char *serial,
char *usageStr,
PRBool info,
CMDRunTimeData *rtData
@@ -355,6 +415,7 @@ ValidateCert
{
PRStatus status;
NSSCertificate *c;
NSSCertificate **certs = NULL;
char usage;
NSSUsages usages = { 0 };
@@ -379,12 +440,19 @@ ValidateCert
}
}
c = NSSTrustDomain_FindBestCertificateByNickname(td, nickname,
NSSTime_Now(),
NULL,
NULL);
if (serial) {
c = find_nick_cert_by_sn(td, nickname, serial);
} else {
c = NSSTrustDomain_FindBestCertificateByNickname(td, nickname,
NSSTime_Now(),
NULL,
NULL);
}
if (!c) {
CMD_PrintError("Failed to locate cert %s", nickname);
if (certs) {
NSSCertificateArray_Destroy(certs);
}
return PR_FAILURE;
}
@@ -395,6 +463,10 @@ ValidateCert
CMD_PrintError("Validation failed");
}
if (certs) {
NSSCertificateArray_Destroy(certs);
}
return status;
}

33
mozilla/security/nss/cmd/pkiutil/pkiutil.c
View File

@@ -56,6 +56,7 @@ enum {
cmd_Import,
cmd_Interactive,
cmd_List,
cmd_ListChain,
cmd_Print,
cmd_Validate,
cmd_Version,
@@ -66,7 +67,6 @@ enum {
enum {
opt_Help = 0,
opt_Ascii,
opt_Chain,
opt_ProfileDir,
opt_TokenName,
opt_InputFile,
@@ -75,6 +75,7 @@ enum {
opt_OutputFile,
opt_Orphans,
opt_Binary,
opt_Serial,
opt_Trust,
opt_Type,
opt_Usages,
@@ -157,6 +158,20 @@ static cmdCommandLineArg pkiutil_commands[] =
},
"List objects on the token"
},
{ /* cmd_ListChain */
0 , "list-chain",
CMDNoArg, 0, PR_FALSE,
{
CMDBIT(opt_Nickname),
0, 0, 0
},
{
CMDBIT(opt_ProfileDir) |
CMDBIT(opt_Serial),
0, 0, 0
},
"List a certificate chain"
},
{ /* cmd_Print */
'P', "print",
CMDNoArg, 0, PR_FALSE,
@@ -166,11 +181,11 @@ static cmdCommandLineArg pkiutil_commands[] =
},
{
CMDBIT(opt_Ascii) |
CMDBIT(opt_Chain) |
CMDBIT(opt_Info) |
CMDBIT(opt_ProfileDir) |
CMDBIT(opt_OutputFile) |
CMDBIT(opt_Binary) |
CMDBIT(opt_Serial) |
CMDBIT(opt_Type),
0, 0, 0
},
@@ -186,6 +201,7 @@ static cmdCommandLineArg pkiutil_commands[] =
{
CMDBIT(opt_Info) |
CMDBIT(opt_ProfileDir) |
CMDBIT(opt_Serial) |
CMDBIT(opt_Usages) |
0, 0, 0
},
@@ -204,7 +220,6 @@ static cmdCommandLineOpt pkiutil_options[] =
{
{ /* opt_Help */ '?', "help", CMDNoArg },
{ /* opt_Ascii */ 'a', "ascii", CMDNoArg },
{ /* opt_Chain */ 0 , "chain", CMDNoArg },
{ /* opt_ProfileDir */ 'd', "dbdir", CMDArgReq },
{ /* opt_TokenName */ 'h', "token", CMDArgReq },
{ /* opt_InputFile */ 'i', "infile", CMDArgReq },
@@ -213,6 +228,7 @@ static cmdCommandLineOpt pkiutil_options[] =
{ /* opt_OutputFile */ 'o', "outfile", CMDArgReq },
{ /* opt_Orphans */ 0 , "orphans", CMDNoArg },
{ /* opt_Binary */ 'r', "raw", CMDNoArg },
{ /* opt_Serial */ 0 , "serial", CMDArgReq },
{ /* opt_Trust */ 't', "trust", CMDArgReq },
{ /* opt_Type */ 0 , "type", CMDArgReq },
{ /* opt_Usages */ 'u', "usages", CMDArgReq },
@@ -222,7 +238,6 @@ static char * pkiutil_options_help[] =
{
"get help for command",
"use ascii (base-64 encoded) mode for I/O",
"list the certificate path (chain)",
"directory containing security databases (default: \"./\")",
"name of PKCS#11 token to use (default: internal)",
"file for input (default: stdin)",
@@ -422,17 +437,25 @@ pkiutil_command_dispatcher(cmdCommand *pkiutil, int cmdToRun)
0,
&rtData);
break;
case cmd_ListChain:
status = ListChain(td,
pkiutil->opt[opt_Nickname].arg,
pkiutil->opt[opt_Serial].arg,
0,
&rtData);
break;
case cmd_Print:
status = DumpObject(td,
NULL,
pkiutil->opt[opt_Nickname].arg,
pkiutil->opt[opt_Serial].arg,
pkiutil->opt[opt_Info].on,
pkiutil->opt[opt_Chain].on,
&rtData);
break;
case cmd_Validate:
status = ValidateCert(td,
pkiutil->opt[opt_Nickname].arg,
pkiutil->opt[opt_Serial].arg,
pkiutil->opt[opt_Usages].arg,
pkiutil->opt[opt_Info].on,
&rtData);

13
mozilla/security/nss/cmd/pkiutil/pkiutil.h
View File

@@ -45,14 +45,24 @@ ListObjects
CMDRunTimeData *rtData
);
PRStatus
ListChain
(
NSSTrustDomain *td,
char *nickname,
char *serial,
PRUint32 maximumOpt,
CMDRunTimeData *rtData
);
PRStatus
DumpObject
(
NSSTrustDomain *td,
char *objectType,
char *nickname,
char *serialOpt,
PRBool info,
PRBool chain,
CMDRunTimeData *rtData
);
@@ -61,6 +71,7 @@ ValidateCert
(
NSSTrustDomain *td,
char *nickname,
char *serial,
char *usages,
PRBool info,
CMDRunTimeData *rtData

5
mozilla/security/nss/lib/pki/certificate.c
View File

@@ -32,7 +32,7 @@
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.38.2.7 $ $Date: 2002-09-10 22:29:40 $ $Name: not supported by cvs2svn $";
static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.38.2.8 $ $Date: 2002-09-12 21:04:25 $ $Name: not supported by cvs2svn $";
#endif /* DEBUG */
#ifndef BASE_H
@@ -449,7 +449,8 @@ nssCertificate_IsNewer
PRStatus *statusOpt
)
{
nssCertDecoding *dc1, *dc2;
nssCertDecoding *dc1 = nssCertificate_GetDecoding(c1);
nssCertDecoding *dc2 = nssCertificate_GetDecoding(c2);
if (statusOpt) *statusOpt = PR_SUCCESS;
/* get the times from the decoding */
if (get_validity_period(dc1) == PR_FAILURE) {

14
mozilla/security/nss/lib/pkix/include/nsspkix.h
View File

@@ -35,7 +35,7 @@
#define NSSPKIX_H
#ifdef DEBUG
static const char NSSPKIX_CVS_ID[] = "@(#) $Source: /home/befator/cvs/jail/cvsroot/mozilla/security/nss/lib/pkix/include/Attic/nsspkix.h,v $ $Revision: 1.1.192.4 $ $Date: 2002-09-10 21:01:45 $ $Name: not supported by cvs2svn $";
static const char NSSPKIX_CVS_ID[] = "@(#) $Source: /home/befator/cvs/jail/cvsroot/mozilla/security/nss/lib/pkix/include/Attic/nsspkix.h,v $ $Revision: 1.1.192.5 $ $Date: 2002-09-12 21:04:29 $ $Name: not supported by cvs2svn $";
#endif /* DEBUG */
/*
@@ -14351,6 +14351,8 @@ NSSPKIXTeletexDomainDefinedAttribute_Duplicate
NSSArena *arenaOpt
);
#endif /* nodef */
/*
* AuthorityKeyIdentifier
*
@@ -14467,6 +14469,7 @@ NSSPKIXAuthorityKeyIdentifier_Destroy
* NULL upon failure
*/
#ifdef nodef
NSS_EXTERN NSSBER *
NSSPKIXAuthorityKeyIdentifier_Encode
(
@@ -14475,6 +14478,7 @@ NSSPKIXAuthorityKeyIdentifier_Encode
NSSBER *rvOpt,
NSSArena *arenaOpt
);
#endif
/*
* NSSPKIXAuthorityKeyIdentifier_HasKeyIdentifier
@@ -14516,9 +14520,7 @@ NSSPKIXAuthorityKeyIdentifier_HasKeyIdentifier
NSS_EXTERN NSSPKIXKeyIdentifier *
NSSPKIXAuthorityKeyIdentifier_GetKeyIdentifier
(
NSSPKIXAuthorityKeyIdentifier *aki,
NSSPKIXKeyIdentifier *rvOpt,
NSSArena *arenaOpt
NSSPKIXAuthorityKeyIdentifier *aki
);
/*
@@ -14853,6 +14855,7 @@ NSSPKIXKeyUsage_Destroy
* NULL upon failure
*/
#ifdef nodef
NSS_EXTERN NSSBER *
NSSPKIXKeyUsage_Encode
(
@@ -14861,6 +14864,7 @@ NSSPKIXKeyUsage_Encode
NSSBER *rvOpt,
NSSArena *arenaOpt
);
#endif
/*
* NSSPKIXKeyUsage_GetUTF8Encoding
@@ -14897,12 +14901,12 @@ NSSPKIXKeyUsage_GetUTF8Encoding
* NSSKeyUsage_NSSinvalid upon failure
*/
#endif /* nodef */
NSS_EXTERN NSSPKIXKeyUsageValue
NSSPKIXKeyUsage_GetValue
(
NSSPKIXKeyUsage *keyUsage
);
#ifdef nodef
/*

10
mozilla/security/nss/lib/pkix/include/pkix.h
View File

@@ -35,7 +35,7 @@
#define PKIX_H
#ifdef DEBUG
static const char PKIX_CVS_ID[] = "@(#) $Source: /home/befator/cvs/jail/cvsroot/mozilla/security/nss/lib/pkix/include/Attic/pkix.h,v $ $Revision: 1.1.192.5 $ $Date: 2002-09-10 21:01:48 $ $Name: not supported by cvs2svn $";
static const char PKIX_CVS_ID[] = "@(#) $Source: /home/befator/cvs/jail/cvsroot/mozilla/security/nss/lib/pkix/include/Attic/pkix.h,v $ $Revision: 1.1.192.6 $ $Date: 2002-09-12 21:04:35 $ $Name: not supported by cvs2svn $";
#endif /* DEBUG */
/*
@@ -14312,6 +14312,8 @@ nssPKIXTeletexDomainDefinedAttribute_Duplicate
NSSArena *arenaOpt
);
#endif /* nodef */
/*
* AuthorityKeyIdentifier
*
@@ -14476,9 +14478,7 @@ nssPKIXAuthorityKeyIdentifier_HasKeyIdentifier
NSS_EXTERN NSSPKIXKeyIdentifier *
nssPKIXAuthorityKeyIdentifier_GetKeyIdentifier
(
NSSPKIXAuthorityKeyIdentifier *aki,
NSSPKIXKeyIdentifier *rvOpt,
NSSArena *arenaOpt
NSSPKIXAuthorityKeyIdentifier *aki
);
/*
@@ -14679,8 +14679,6 @@ nssPKIXAuthorityKeyIdentifier_Duplicate
NSSArena *arenaOpt
);
#endif /* nodef */
/*
* KeyUsage
*

50
mozilla/security/nss/lib/pkix/include/pkixtm.h
View File

@@ -35,7 +35,7 @@
#define PKIXTM_H
#ifdef DEBUG
static const char PKIXTM_CVS_ID[] = "@(#) $Source: /home/befator/cvs/jail/cvsroot/mozilla/security/nss/lib/pkix/include/Attic/pkixtm.h,v $ $Revision: 1.1.192.2 $ $Date: 2002-09-10 21:01:53 $ $Name: not supported by cvs2svn $";
static const char PKIXTM_CVS_ID[] = "@(#) $Source: /home/befator/cvs/jail/cvsroot/mozilla/security/nss/lib/pkix/include/Attic/pkixtm.h,v $ $Revision: 1.1.192.3 $ $Date: 2002-09-12 21:04:41 $ $Name: not supported by cvs2svn $";
#endif /* DEBUG */
/*
@@ -1034,6 +1034,26 @@ struct NSSPKIXTeletexDomainDefinedAttributeStr {
NSSUTF8 *value;
};
#endif /* nodef */
/*
* GeneralNames
*
* This structure contains a sequence of GeneralName objects.
*
* From RFC 2459:
*
* GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
*
*/
struct NSSPKIXGeneralNamesStr {
NSSArena *arena;
PRBool i_allocated_arena;
NSSDER der;
/* ... */
};
/*
* AuthorityKeyIdentifier
*
@@ -1053,12 +1073,14 @@ struct NSSPKIXTeletexDomainDefinedAttributeStr {
struct NSSPKIXAuthorityKeyIdentifierStr {
NSSArena *arena;
PRBool i_allocated_arena;
NSSDER *der;
NSSPKIXKeyIdentifier *keyIdentifier;
NSSPKIXGeneralNames *authorityCertIssuer;
NSSPKIXCertificateSerialNumber *authorityCertSerialNumber;
NSSDER der;
NSSPKIXKeyIdentifier keyIdentifier;
NSSPKIXGeneralNames authorityCertIssuer;
NSSPKIXCertificateSerialNumber authorityCertSerialNumber;
};
#ifdef nodef
/*
* PrivateKeyUsagePeriod
*
@@ -1265,24 +1287,6 @@ struct NSSPKIXGeneralNameStr {
} u;
};
/*
* GeneralNames
*
* This structure contains a sequence of GeneralName objects.
*
* From RFC 2459:
*
* GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
*
*/
struct NSSPKIXGeneralNamesStr {
NSSArena *arena;
PRBool i_allocated_arena;
NSSDER *der;
...
};
/*
* AnotherName
*

487
mozilla/security/nss/lib/pkix/src/AuthorityKeyID.c Normal file
View File

@@ -0,0 +1,487 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $Source: /home/befator/cvs/jail/cvsroot/mozilla/security/nss/lib/pkix/src/Attic/AuthorityKeyID.c,v $ $Revision: 1.1.2.1 $ $Date: 2002-09-12 21:04:46 $ $Name: not supported by cvs2svn $";
#endif /* DEBUG */
#ifndef PKIXM_H
#include "../include/pkixm.h"
#endif /* PKIXM_H */
/* XXX move to common location */
static const NSSASN1Template NSSASN1Template_OctetString[] =
{
{ NSSASN1_OCTET_STRING | NSSASN1_MAY_STREAM, 0, NULL, sizeof(NSSItem) }
};
static const NSSASN1Template NSSASN1Template_Integer[] =
{
{ NSSASN1_INTEGER, 0, NULL, sizeof(NSSItem) }
};
static const NSSASN1Template NSSASN1Template_Any[] =
{
{ NSSASN1_ANY, 0, NULL, sizeof(NSSItem) }
};
/* XXX move to GeneralNames.c */
const NSSASN1Template nssPKIXGeneralNames_template[] =
{
{ NSSASN1_SEQUENCE_OF, 0, NSSASN1Template_Any }
};
/*
* nssPKIXAuthorityKeyIdentifier_template
*
*/
const NSSASN1Template nssPKIXAuthorityKeyIdentifier_template[] =
{
{ NSSASN1_SEQUENCE, 0, NULL, sizeof(NSSPKIXAuthorityKeyIdentifier) },
{ NSSASN1_OPTIONAL |
NSSASN1_CONTEXT_SPECIFIC | 0,
offsetof(NSSPKIXAuthorityKeyIdentifier, keyIdentifier),
NSSASN1Template_OctetString },
{ NSSASN1_OPTIONAL |
NSSASN1_CONSTRUCTED |
NSSASN1_CONTEXT_SPECIFIC | 1,
offsetof(NSSPKIXAuthorityKeyIdentifier, authorityCertIssuer.der),
nssPKIXGeneralNames_template },
{ NSSASN1_OPTIONAL |
NSSASN1_CONTEXT_SPECIFIC | 2,
offsetof(NSSPKIXAuthorityKeyIdentifier, authorityCertSerialNumber),
NSSASN1Template_Integer },
{ 0 }
};
static PRStatus
encode_me(NSSPKIXAuthorityKeyIdentifier *akid)
{
NSSASN1EncodingType encoding = NSSASN1DER;
if (NSSITEM_IS_EMPTY(&akid->der)) {
if ((NSSBER *)NULL == NSSASN1_EncodeItem(
akid->arena,
&akid->der,
akid,
nssPKIXAuthorityKeyIdentifier_template,
encoding))
{
return PR_FAILURE;
}
}
return PR_SUCCESS;
}
static PRStatus
decode_me(NSSPKIXAuthorityKeyIdentifier *akid)
{
if (!NSSITEM_IS_EMPTY(&akid->der)) {
return NSSASN1_DecodeBER(akid->arena, akid,
nssPKIXAuthorityKeyIdentifier_template,
&akid->der);
} else {
return PR_FAILURE;
}
}
static NSSPKIXAuthorityKeyIdentifier *
create_me
(
NSSArena *arenaOpt
)
{
NSSArena *arena;
PRBool arena_allocated = PR_FALSE;
nssArenaMark *mark = (nssArenaMark *)NULL;
NSSPKIXAuthorityKeyIdentifier *rv = (NSSPKIXAuthorityKeyIdentifier *)NULL;
if ((NSSArena *)NULL == arenaOpt) {
arena = NSSArena_Create();
if ((NSSArena *)NULL == arena) {
goto loser;
}
arena_allocated = PR_TRUE;
} else {
arena = arenaOpt;
mark = nssArena_Mark(arena);
if ((nssArenaMark *)NULL == mark ) {
goto loser;
}
}
rv = nss_ZNEW(arena, NSSPKIXAuthorityKeyIdentifier);
if ((NSSPKIXAuthorityKeyIdentifier *)NULL == rv) {
goto loser;
}
rv->arena = arena;
rv->i_allocated_arena = arena_allocated;
if ((nssArenaMark *)NULL != mark) {
if (PR_SUCCESS != nssArena_Unmark(arena, mark)) {
goto loser;
}
}
return rv;
loser:
if ((nssArenaMark *)NULL != mark) {
(void)nssArena_Release(arena, mark);
}
if (PR_TRUE == arena_allocated) {
(void)NSSArena_Destroy(arena);
}
return (NSSPKIXAuthorityKeyIdentifier *)NULL;
}
#if 0
NSS_IMPLEMENT NSSPKIXAuthorityKeyIdentifier *
nssPKIXAuthorityKeyIdentifier_Create
(
NSSArena *arenaOpt,
NSSOID *extnID,
PRBool critical,
NSSItem *extnValue
)
{
NSSPKIXAuthorityKeyIdentifier *rv = (NSSPKIXAuthorityKeyIdentifier *)NULL;
rv = create_me(arenaOpt);
if (!rv) {
return (NSSPKIXAuthorityKeyIdentifier *)NULL;
}
#if 0
NSSOID_Encode(extnID, &rv->extnID);
#endif
rv->critical = critical;
rv->extnValue = *extnValue;
return rv;
}
#endif
NSS_IMPLEMENT NSSPKIXAuthorityKeyIdentifier *
nssPKIXAuthorityKeyIdentifier_Decode
(
NSSArena *arenaOpt,
NSSBER *ber
)
{
NSSPKIXAuthorityKeyIdentifier *rv = (NSSPKIXAuthorityKeyIdentifier *)NULL;
PRStatus status;
rv = create_me(arenaOpt);
if (!rv) {
return (NSSPKIXAuthorityKeyIdentifier *)NULL;
}
if ((NSSItem *)NULL == NSSItem_Duplicate(ber, rv->arena, &rv->der)) {
goto loser;
}
status = decode_me(rv);
if (PR_SUCCESS != status) {
goto loser;
}
return rv;
loser:
nssPKIXAuthorityKeyIdentifier_Destroy(rv);
return (NSSPKIXAuthorityKeyIdentifier *)NULL;
}
NSS_IMPLEMENT PRStatus
nssPKIXAuthorityKeyIdentifier_Destroy
(
NSSPKIXAuthorityKeyIdentifier *akid
)
{
if (PR_TRUE == akid->i_allocated_arena) {
return NSSArena_Destroy(akid->arena);
}
return PR_SUCCESS;
}
NSS_IMPLEMENT NSSBER *
nssPKIXAuthorityKeyIdentifier_Encode
(
NSSPKIXAuthorityKeyIdentifier *akid,
NSSASN1EncodingType encoding,
NSSBER *rvOpt,
NSSArena *arenaOpt
)
{
PRStatus status;
switch (encoding) {
case NSSASN1BER:
case NSSASN1DER:
status = encode_me(akid);
if (status == PR_FAILURE) {
return (NSSBER *)NULL;
}
return &akid->der;
default:
#ifdef nodef
nss_SetError(NSS_ERROR_UNSUPPORTED_ENCODING);
#endif
return (NSSBER *)NULL;
}
}
#if 0
NSS_IMPLEMENT PRBool
nssPKIXAuthorityKeyIdentifier_Equal
(
NSSPKIXAuthorityKeyIdentifier *one,
NSSPKIXAuthorityKeyIdentifier *two,
PRStatus *statusOpt
)
{
PRStatus status;
/* either one or both have been encoded, get encoding and compare */
if (!(NSSITEM_IS_EMPTY(&one->der) && NSSITEM_IS_EMPTY(&two->der))) {
status = PR_SUCCESS;
if (NSSITEM_IS_EMPTY(&one->der)) {
status = encode_me(one);
} else if (NSSITEM_IS_EMPTY(&two->der)) {
status = encode_me(two);
}
if (status != PR_SUCCESS) {
if (statusOpt) *statusOpt = status;
return PR_FALSE;
}
return NSSItem_Equal(&one->der, &two->der, statusOpt);
}
/* both only exist as decoded parts, compare parts */
}
#endif
NSS_IMPLEMENT PRStatus
nssPKIXAuthorityKeyIdentifier_duplicate
(
NSSPKIXAuthorityKeyIdentifier *akid,
NSSArena *arena,
NSSPKIXAuthorityKeyIdentifier *copy
)
{
PRStatus status;
if (!NSSITEM_IS_EMPTY(&akid->der)) {
if (NSSItem_Duplicate(&akid->der, arena, &copy->der)
== (NSSItem *)NULL)
{
return PR_FAILURE;
}
}
if (!NSSITEM_IS_EMPTY(&akid->keyIdentifier)) {
if (NSSItem_Duplicate(&akid->keyIdentifier, arena,
&copy->keyIdentifier)
== (NSSItem *)NULL)
{
return PR_FAILURE;
}
}
/* XXX do the rest */
return PR_SUCCESS;
}
NSS_IMPLEMENT NSSPKIXAuthorityKeyIdentifier *
nssPKIXAuthorityKeyIdentifier_Duplicate
(
NSSPKIXAuthorityKeyIdentifier *akid,
NSSArena *arenaOpt
)
{
NSSPKIXAuthorityKeyIdentifier *rv = (NSSPKIXAuthorityKeyIdentifier *)NULL;
rv = create_me(arenaOpt);
if (rv) {
if (nssPKIXAuthorityKeyIdentifier_duplicate(akid, rv->arena, rv)
!= PR_SUCCESS)
{
nssPKIXAuthorityKeyIdentifier_Destroy(rv);
return (NSSPKIXAuthorityKeyIdentifier *)NULL;
}
}
return rv;
}
NSS_IMPLEMENT NSSPKIXKeyIdentifier *
nssPKIXAuthorityKeyIdentifier_GetKeyIdentifier
(
NSSPKIXAuthorityKeyIdentifier *aki
)
{
return &aki->keyIdentifier;
}
/*
* NSSPKIXAuthorityKeyIdentifier_Create
*
* -- fgmr comments --
*
* The error may be one of the following values:
* NSS_ERROR_NO_MEMORY
* NSS_ERROR_INVALID_ARENA
* NSS_ERROR_INVALID_OID
* NSS_ERROR_INVALID_POINTER
*
* Return value:
* A valid pointer to an NSSPKIXAuthorityKeyIdentifier upon success
* NULL upon failure
*/
#if 0
NSS_IMPLEMENT NSSPKIXAuthorityKeyIdentifier *
NSSPKIXAuthorityKeyIdentifier_Create
(
NSSArena *arenaOpt,
NSSOID *extnID,
PRBool critical,
NSSItem *extnValue
)
{
nss_ClearErrorStack();
return nssPKIXAuthorityKeyIdentifier_Create(arenaOpt, extnID, critical, extnValue);
}
#endif
/*
* NSSPKIXAuthorityKeyIdentifier_Decode
*
*
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_BER
* NSS_ERROR_NO_MEMORY
* NSS_ERROR_INVALID_ARENA
*
* Return value:
* A valid pointer to an NSSPKIXAuthorityKeyIdentifier upon success
* NULL upon failure
*/
NSS_IMPLEMENT NSSPKIXAuthorityKeyIdentifier *
NSSPKIXAuthorityKeyIdentifier_Decode
(
NSSArena *arenaOpt,
NSSBER *ber
)
{
nss_ClearErrorStack();
return nssPKIXAuthorityKeyIdentifier_Decode(arenaOpt, ber);
}
/*
* NSSPKIXAuthorityKeyIdentifier_Destroy
*
*/
NSS_IMPLEMENT PRStatus
NSSPKIXAuthorityKeyIdentifier_Destroy
(
NSSPKIXAuthorityKeyIdentifier *akid
)
{
nss_ClearErrorStack();
return nssPKIXAuthorityKeyIdentifier_Destroy(akid);
}
/*
* NSSPKIXAuthorityKeyIdentifier_Duplicate
*
*/
#if 0
NSS_IMPLEMENT NSSPKIXAuthorityKeyIdentifier *
NSSPKIXAuthorityKeyIdentifier_Duplicate
(
NSSPKIXAuthorityKeyIdentifier *akid,
NSSArena *arenaOpt
)
{
nss_ClearErrorStack();
return nssPKIXAuthorityKeyIdentifier_Duplicate(akid, arenaOpt);
}
#endif
/*
* NSSPKIXAuthorityKeyIdentifier_Encode
*
*/
NSS_IMPLEMENT NSSBER *
NSSPKIXAuthorityKeyIdentifier_Encode
(
NSSPKIXAuthorityKeyIdentifier *akid,
NSSASN1EncodingType encoding,
NSSBER *rvOpt,
NSSArena *arenaOpt
)
{
nss_ClearErrorStack();
/* XXX the idea is: assert that either akid has the DER or all of the
* parts, as that could only be an application error
*/
#if 0
PKIX_Assert(am_i_complete(akid));
#endif
return nssPKIXAuthorityKeyIdentifier_Encode(akid, encoding, rvOpt, arenaOpt);
}
NSS_IMPLEMENT NSSPKIXKeyIdentifier *
NSSPKIXAuthorityKeyIdentifier_GetKeyIdentifier
(
NSSPKIXAuthorityKeyIdentifier *akid
)
{
return nssPKIXAuthorityKeyIdentifier_GetKeyIdentifier(akid);
}

23
mozilla/security/nss/lib/pkix/src/BasicConstraints.c
View File

@@ -32,7 +32,7 @@
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $Source: /home/befator/cvs/jail/cvsroot/mozilla/security/nss/lib/pkix/src/Attic/BasicConstraints.c,v $ $Revision: 1.1.2.3 $ $Date: 2002-09-10 21:01:57 $ $Name: not supported by cvs2svn $";
static const char CVS_ID[] = "@(#) $Source: /home/befator/cvs/jail/cvsroot/mozilla/security/nss/lib/pkix/src/Attic/BasicConstraints.c,v $ $Revision: 1.1.2.4 $ $Date: 2002-09-12 21:04:46 $ $Name: not supported by cvs2svn $";
#endif /* DEBUG */
#ifndef PKIXM_H
@@ -480,6 +480,25 @@ NSSPKIXBasicConstraints_Encode
PKIX_Assert(am_i_complete(basicConstraints));
#endif
return nssPKIXBasicConstraints_Encode(basicConstraints, encoding, rvOpt, arenaOpt);
return nssPKIXBasicConstraints_Encode(basicConstraints, encoding,
rvOpt, arenaOpt);
}
NSS_IMPLEMENT PRBool
NSSPKIXBasicConstraints_IsCA
(
NSSPKIXBasicConstraints *basicConstraints
)
{
return nssPKIXBasicConstraints_IsCA(basicConstraints);
}
NSS_IMPLEMENT PRInt32
NSSPKIXBasicConstraints_GetPathLengthConstraint
(
NSSPKIXBasicConstraints *basicConstraints
)
{
return nssPKIXBasicConstraints_GetPathLengthConstraint(basicConstraints);
}

108
mozilla/security/nss/lib/pkix/src/Extensions.c
View File

@@ -32,7 +32,7 @@
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $Source: /home/befator/cvs/jail/cvsroot/mozilla/security/nss/lib/pkix/src/Attic/Extensions.c,v $ $Revision: 1.1.2.5 $ $Date: 2002-08-28 16:50:14 $ $Name: not supported by cvs2svn $";
static const char CVS_ID[] = "@(#) $Source: /home/befator/cvs/jail/cvsroot/mozilla/security/nss/lib/pkix/src/Attic/Extensions.c,v $ $Revision: 1.1.2.6 $ $Date: 2002-09-12 21:04:46 $ $Name: not supported by cvs2svn $";
#endif /* DEBUG */
#ifndef PKIXM_H
@@ -43,6 +43,12 @@ static const char CVS_ID[] = "@(#) $Source: /home/befator/cvs/jail/cvsroot/mozil
#include "nsspki1.h"
#endif /* NSSPKI1_H */
/* XXX move to common location */
static const NSSASN1Template NSSASN1Template_OctetString[] =
{
{ NSSASN1_OCTET_STRING | NSSASN1_MAY_STREAM, 0, NULL, sizeof(NSSItem) }
};
/*
* nssPKIXExtensions_template
*
@@ -428,6 +434,82 @@ nssPKIXExtensions_GetKeyUsage
return rv;
}
NSS_IMPLEMENT NSSPKIXAuthorityKeyIdentifier *
nssPKIXExtensions_GetAuthorityKeyIdentifier
(
NSSPKIXExtensions *extensions
)
{
NSSOID *extnOID;
NSSPKIXAuthorityKeyIdentifier *rv = NULL;
NSSPKIXExtension **extns;
PRIntn i;
if (extensions->count == 0) {
count_me(extensions);
if (extensions->count < 0) {
return (NSSPKIXAuthorityKeyIdentifier *)NULL;
}
}
extns = extensions->extensions;
for (i = 0; i < extensions->count; i++) {
extnOID = nssPKIXExtension_GetExtensionID(extns[i]);
if (NSSOID_IsTag(extnOID, NSS_OID_X509_AUTH_KEY_ID)) {
if (extns[i]->extnData) {
return (NSSPKIXAuthorityKeyIdentifier *)extns[i]->extnData;
}
rv = nssPKIXAuthorityKeyIdentifier_Decode(extns[i]->arena,
&extns[i]->extnValue);
if (rv) {
extns[i]->extnData = (void *)rv;
}
}
}
return rv;
}
NSS_IMPLEMENT NSSPKIXKeyIdentifier *
nssPKIXExtensions_GetSubjectKeyIdentifier
(
NSSPKIXExtensions *extensions
)
{
PRStatus status;
NSSOID *extnOID;
NSSPKIXSubjectKeyIdentifier *rv = NULL;
NSSPKIXExtension **extns;
PRIntn i;
if (extensions->count == 0) {
count_me(extensions);
if (extensions->count < 0) {
return (NSSPKIXSubjectKeyIdentifier *)NULL;
}
}
extns = extensions->extensions;
for (i = 0; i < extensions->count; i++) {
extnOID = nssPKIXExtension_GetExtensionID(extns[i]);
if (NSSOID_IsTag(extnOID, NSS_OID_X509_SUBJECT_KEY_ID)) {
if (extns[i]->extnData) {
return (NSSPKIXKeyIdentifier *)extns[i]->extnData;
}
/* XXX this doesn't seem right */
rv = NSSItem_Create(extns[i]->arena, NULL, 0, NULL);
if (!rv) {
return (NSSPKIXSubjectKeyIdentifier *)NULL;
}
status = NSSASN1_DecodeBER(extns[i]->arena, rv,
NSSASN1Template_OctetString,
&extns[i]->extnValue);
if (status == PR_FAILURE) {
return (NSSPKIXKeyIdentifier *)NULL;
}
if (rv) {
extns[i]->extnData = (void *)rv;
}
}
}
return rv;
}
NSS_IMPLEMENT NSSPKIXnetscapeCertType *
nssPKIXExtensions_GetNetscapeCertType
(
@@ -585,6 +667,15 @@ NSSPKIXExtensions_GetExtensionCount
return nssPKIXExtensions_GetExtensionCount(extensions);
}
NSS_IMPLEMENT NSSPKIXKeyUsage *
NSSPKIXExtensions_GetKeyUsage
(
NSSPKIXExtensions *extensions
)
{
return nssPKIXExtensions_GetKeyUsage(extensions);
}
NSS_IMPLEMENT NSSPKIXBasicConstraints *
NSSPKIXExtensions_GetBasicConstraints
(
@@ -594,13 +685,22 @@ NSSPKIXExtensions_GetBasicConstraints
return nssPKIXExtensions_GetBasicConstraints(extensions);
}
NSS_IMPLEMENT NSSPKIXKeyUsage *
NSSPKIXExtensions_GetKeyUsage
NSS_IMPLEMENT NSSPKIXAuthorityKeyIdentifier *
NSSPKIXExtensions_GetAuthorityKeyIdentifier
(
NSSPKIXExtensions *extensions
)
{
return nssPKIXExtensions_GetKeyUsage(extensions);
return nssPKIXExtensions_GetAuthorityKeyIdentifier(extensions);
}
NSS_IMPLEMENT NSSPKIXKeyIdentifier *
NSSPKIXExtensions_GetSubjectKeyIdentifier
(
NSSPKIXExtensions *extensions
)
{
return nssPKIXExtensions_GetSubjectKeyIdentifier(extensions);
}
NSS_IMPLEMENT NSSPKIXnetscapeCertType *

1
mozilla/security/nss/lib/pkix/src/manifest.mn
View File

@@ -40,6 +40,7 @@ MODULE = security
CSRCS= \
AlgorithmID.c \
AuthorityKeyID.c \
ATAV.c \
BasicConstraints.c \
Certificate.c \

6
mozilla/security/nss/lib/pkix/src/nsspkix.def
View File

@@ -49,6 +49,9 @@
LIBRARY nsspkix4;-
EXPORTS ;-
NSS_EnablePKIXCertificates;
NSSPKIXAuthorityKeyIdentifier_GetKeyIdentifier;
NSSPKIXBasicConstraints_IsCA;
NSSPKIXBasicConstraints_GetPathLengthConstraint;
NSSPKIXCertificate_Decode;
NSSPKIXCertificate_GetSignature;
NSSPKIXCertificate_GetTBSCertificate;
@@ -63,6 +66,9 @@ NSSPKIXValidity_GetNotBefore;
NSSPKIXValidity_GetNotAfter;
NSSPKIXExtensions_GetExtensionCount;
NSSPKIXExtensions_GetKeyUsage;
NSSPKIXExtensions_GetBasicConstraints;
NSSPKIXExtensions_GetAuthorityKeyIdentifier;
NSSPKIXExtensions_GetSubjectKeyIdentifier;
NSSPKIXExtensions_GetNetscapeCertType;
NSSPKIXKeyUsage_GetValue;
NSSPKIXnetscapeCertType_GetValue;

124
mozilla/security/nss/lib/pkix/src/pkiglue.c
View File

@@ -32,7 +32,7 @@
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $Source: /home/befator/cvs/jail/cvsroot/mozilla/security/nss/lib/pkix/src/Attic/pkiglue.c,v $ $Revision: 1.1.2.6 $ $Date: 2002-09-10 22:29:43 $ $Name: not supported by cvs2svn $";
static const char CVS_ID[] = "@(#) $Source: /home/befator/cvs/jail/cvsroot/mozilla/security/nss/lib/pkix/src/Attic/pkiglue.c,v $ $Revision: 1.1.2.7 $ $Date: 2002-09-12 21:04:47 $ $Name: not supported by cvs2svn $";
#endif /* DEBUG */
#ifndef NSSDEV_H
@@ -498,10 +498,10 @@ loser:
return PR_FAILURE;
}
#if 0
struct nss_pkix_issuer_id_str {
struct pkix_issuer_id_str {
NSSArena *arena;
NSSPKIXAuthorityKeyIdentifier *authKeyID;
};
#endif
static void *
pkix_GetIssuerIdentifier
@@ -509,7 +509,72 @@ pkix_GetIssuerIdentifier
void *cert
)
{
return NULL;
NSSArena *arena = NULL;
NSSPKIXTBSCertificate *tbsCert;
NSSPKIXExtensions *extns;
NSSPKIXCertificate *pkixCert = (NSSPKIXCertificate *)cert;
NSSPKIXAuthorityKeyIdentifier *authKeyID;
struct pkix_issuer_id_str *issuer_id = NULL;
nss_HoldErrorStack();
/*
* cert->tbsCert
*/
tbsCert = nssPKIXCertificate_GetTBSCertificate(pkixCert);
if (!tbsCert) {
goto loser;
}
/*
* tbsCert->extensions
*/
extns = nssPKIXTBSCertificate_GetExtensions(tbsCert);
if (!extns) {
if (NSS_GetError() == NSS_ERROR_INVALID_BER) {
goto loser;
} else {
/* no extensions */
nss_ResumeErrorStack();
return (void *)NULL;
}
}
/*
* extensions[authorityKeyIdentifier]
*/
authKeyID = nssPKIXExtensions_GetAuthorityKeyIdentifier(extns);
if (!authKeyID) {
if (NSS_GetError() == NSS_ERROR_INVALID_BER) {
goto loser;
} else {
/* authKeyID extension not present XXX should check code */
nss_ResumeErrorStack();
return (void *)NULL;
}
}
arena = NSSArena_Create();
if (!arena) {
goto loser;
}
issuer_id = nss_ZNEW(arena, struct pkix_issuer_id_str);
if (!issuer_id) {
goto loser;
}
issuer_id->arena = arena;
issuer_id->authKeyID = nssPKIXAuthorityKeyIdentifier_Duplicate(authKeyID,
arena);
nss_ResumeErrorStack();
return (void *)issuer_id;
loser:
if (arena) {
NSSArena_Destroy(arena);
}
nss_ResumeErrorStack();
return (void *)NULL;
}
static PRBool
@@ -519,6 +584,50 @@ pkix_IsMyIdentifier
void *id
)
{
NSSPKIXTBSCertificate *tbsCert;
NSSPKIXExtensions *extns;
NSSPKIXCertificate *pkixCert = (NSSPKIXCertificate *)cert;
NSSPKIXKeyIdentifier *skID, *akID;
struct pkix_issuer_id_str *iid = (struct pkix_issuer_id *)id;
nss_HoldErrorStack();
/*
* cert->tbsCert
*/
tbsCert = nssPKIXCertificate_GetTBSCertificate(pkixCert);
if (!tbsCert) {
goto loser;
}
/*
* tbsCert->extensions
*/
extns = nssPKIXTBSCertificate_GetExtensions(tbsCert);
if (!extns) {
if (NSS_GetError() == NSS_ERROR_INVALID_BER) {
goto loser;
} else {
nss_ResumeErrorStack();
return (void *)NULL;
}
}
/*
* extensions[subjectKeyIdentifier]
*/
skID = nssPKIXExtensions_GetSubjectKeyIdentifier(extns);
if (!skID) {
if (NSS_GetError() == NSS_ERROR_INVALID_BER) {
goto loser;
}
}
akID = nssPKIXAuthorityKeyIdentifier_GetKeyIdentifier(iid->authKeyID);
if (akID) {
return NSSItem_Equal(skID, akID, NULL);
}
/* XXX under construction */
loser:
nss_ResumeErrorStack();
return PR_FALSE;
}
@@ -528,6 +637,11 @@ pkix_FreeIdentifier
void *id
)
{
struct pkix_issuer_id_str *iid = (struct pkix_issuer_id *)id;
nss_HoldErrorStack();
NSSArena_Destroy(iid->arena);
nss_ResumeErrorStack();
}
struct nss_pkix_validation_data_str