mirror of
https://github.com/rn10950/RetroZilla.git
synced 2024-11-14 03:30:17 +01:00
451 lines
11 KiB
C
451 lines
11 KiB
C
/* -*- Mode: C; tab-width: 8 -*-*/
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "crmf.h"
|
|
#include "crmfi.h"
|
|
#include "keyhi.h"
|
|
#include "secder.h"
|
|
|
|
|
|
CRMFPOPChoice
|
|
CRMF_CertReqMsgGetPOPType(CRMFCertReqMsg *inCertReqMsg)
|
|
{
|
|
PORT_Assert(inCertReqMsg != NULL);
|
|
if (inCertReqMsg != NULL && inCertReqMsg->pop != NULL) {
|
|
return inCertReqMsg->pop->popUsed;
|
|
}
|
|
return crmfNoPOPChoice;
|
|
}
|
|
|
|
static SECStatus
|
|
crmf_destroy_validity(CRMFOptionalValidity *inValidity, PRBool freeit)
|
|
{
|
|
if (inValidity != NULL){
|
|
if (inValidity->notBefore.data != NULL) {
|
|
PORT_Free(inValidity->notBefore.data);
|
|
}
|
|
if (inValidity->notAfter.data != NULL) {
|
|
PORT_Free(inValidity->notAfter.data);
|
|
}
|
|
if (freeit) {
|
|
PORT_Free(inValidity);
|
|
}
|
|
}
|
|
return SECSuccess;
|
|
}
|
|
|
|
static SECStatus
|
|
crmf_copy_cert_request_validity(PLArenaPool *poolp,
|
|
CRMFOptionalValidity **destValidity,
|
|
CRMFOptionalValidity *srcValidity)
|
|
{
|
|
CRMFOptionalValidity *myValidity = NULL;
|
|
SECStatus rv;
|
|
|
|
*destValidity = myValidity = (poolp == NULL) ?
|
|
PORT_ZNew(CRMFOptionalValidity) :
|
|
PORT_ArenaZNew(poolp, CRMFOptionalValidity);
|
|
if (myValidity == NULL) {
|
|
goto loser;
|
|
}
|
|
if (srcValidity->notBefore.data != NULL) {
|
|
rv = SECITEM_CopyItem(poolp, &myValidity->notBefore,
|
|
&srcValidity->notBefore);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
}
|
|
if (srcValidity->notAfter.data != NULL) {
|
|
rv = SECITEM_CopyItem(poolp, &myValidity->notAfter,
|
|
&srcValidity->notAfter);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
}
|
|
return SECSuccess;
|
|
loser:
|
|
if (myValidity != NULL && poolp == NULL) {
|
|
crmf_destroy_validity(myValidity, PR_TRUE);
|
|
}
|
|
return SECFailure;
|
|
}
|
|
|
|
static SECStatus
|
|
crmf_copy_extensions(PLArenaPool *poolp,
|
|
CRMFCertTemplate *destTemplate,
|
|
CRMFCertExtension **srcExt)
|
|
{
|
|
int numExt = 0, i;
|
|
CRMFCertExtension **myExtArray = NULL;
|
|
|
|
while (srcExt[numExt] != NULL) {
|
|
numExt++;
|
|
}
|
|
if (numExt == 0) {
|
|
/*No extensions to copy.*/
|
|
destTemplate->extensions = NULL;
|
|
destTemplate->numExtensions = 0;
|
|
return SECSuccess;
|
|
}
|
|
destTemplate->extensions = myExtArray =
|
|
PORT_NewArray(CRMFCertExtension*, numExt+1);
|
|
if (myExtArray == NULL) {
|
|
goto loser;
|
|
}
|
|
|
|
for (i=0; i<numExt; i++) {
|
|
myExtArray[i] = crmf_copy_cert_extension(poolp, srcExt[i]);
|
|
if (myExtArray[i] == NULL) {
|
|
goto loser;
|
|
}
|
|
}
|
|
destTemplate->numExtensions = numExt;
|
|
myExtArray[numExt] = NULL;
|
|
return SECSuccess;
|
|
loser:
|
|
if (myExtArray != NULL) {
|
|
if (poolp == NULL) {
|
|
for (i=0; myExtArray[i] != NULL; i++) {
|
|
CRMF_DestroyCertExtension(myExtArray[i]);
|
|
}
|
|
}
|
|
PORT_Free(myExtArray);
|
|
}
|
|
destTemplate->extensions = NULL;
|
|
destTemplate->numExtensions = 0;
|
|
return SECFailure;
|
|
}
|
|
|
|
static SECStatus
|
|
crmf_copy_cert_request_template(PLArenaPool *poolp,
|
|
CRMFCertTemplate *destTemplate,
|
|
CRMFCertTemplate *srcTemplate)
|
|
{
|
|
SECStatus rv;
|
|
|
|
if (srcTemplate->version.data != NULL) {
|
|
rv = SECITEM_CopyItem(poolp, &destTemplate->version,
|
|
&srcTemplate->version);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
}
|
|
if (srcTemplate->serialNumber.data != NULL) {
|
|
rv = SECITEM_CopyItem(poolp, &destTemplate->serialNumber,
|
|
&srcTemplate->serialNumber);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
}
|
|
if (srcTemplate->signingAlg != NULL) {
|
|
rv = crmf_template_copy_secalg(poolp, &destTemplate->signingAlg,
|
|
srcTemplate->signingAlg);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
}
|
|
if (srcTemplate->issuer != NULL) {
|
|
rv = crmf_copy_cert_name(poolp, &destTemplate->issuer,
|
|
srcTemplate->issuer);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
}
|
|
if (srcTemplate->validity != NULL) {
|
|
rv = crmf_copy_cert_request_validity(poolp, &destTemplate->validity,
|
|
srcTemplate->validity);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
}
|
|
if (srcTemplate->subject != NULL) {
|
|
rv = crmf_copy_cert_name(poolp, &destTemplate->subject,
|
|
srcTemplate->subject);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
}
|
|
if (srcTemplate->publicKey != NULL) {
|
|
rv = crmf_template_add_public_key(poolp, &destTemplate->publicKey,
|
|
srcTemplate->publicKey);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
}
|
|
if (srcTemplate->issuerUID.data != NULL) {
|
|
rv = crmf_make_bitstring_copy(poolp, &destTemplate->issuerUID,
|
|
&srcTemplate->issuerUID);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
}
|
|
if (srcTemplate->subjectUID.data != NULL) {
|
|
rv = crmf_make_bitstring_copy(poolp, &destTemplate->subjectUID,
|
|
&srcTemplate->subjectUID);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
}
|
|
if (srcTemplate->extensions != NULL) {
|
|
rv = crmf_copy_extensions(poolp, destTemplate,
|
|
srcTemplate->extensions);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
}
|
|
return SECSuccess;
|
|
loser:
|
|
return SECFailure;
|
|
}
|
|
|
|
static CRMFControl*
|
|
crmf_copy_control(PLArenaPool *poolp, CRMFControl *srcControl)
|
|
{
|
|
CRMFControl *newControl;
|
|
SECStatus rv;
|
|
|
|
newControl = (poolp == NULL) ? PORT_ZNew(CRMFControl) :
|
|
PORT_ArenaZNew(poolp, CRMFControl);
|
|
if (newControl == NULL) {
|
|
goto loser;
|
|
}
|
|
newControl->tag = srcControl->tag;
|
|
rv = SECITEM_CopyItem(poolp, &newControl->derTag, &srcControl->derTag);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
rv = SECITEM_CopyItem(poolp, &newControl->derValue, &srcControl->derValue);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
/* We only handle PKIArchiveOptions Control right now. But if in
|
|
* the future, more controls that are part of the union are added,
|
|
* then they need to be handled here as well.
|
|
*/
|
|
switch (newControl->tag) {
|
|
case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
|
|
rv = crmf_copy_pkiarchiveoptions(poolp,
|
|
&newControl->value.archiveOptions,
|
|
&srcControl->value.archiveOptions);
|
|
break;
|
|
default:
|
|
rv = SECSuccess;
|
|
}
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
return newControl;
|
|
|
|
loser:
|
|
if (poolp == NULL && newControl != NULL) {
|
|
CRMF_DestroyControl(newControl);
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
static SECStatus
|
|
crmf_copy_cert_request_controls(PLArenaPool *poolp,
|
|
CRMFCertRequest *destReq,
|
|
CRMFCertRequest *srcReq)
|
|
{
|
|
int numControls, i;
|
|
CRMFControl **myControls = NULL;
|
|
|
|
numControls = CRMF_CertRequestGetNumControls(srcReq);
|
|
if (numControls == 0) {
|
|
/* No Controls To Copy*/
|
|
return SECSuccess;
|
|
}
|
|
myControls = destReq->controls = PORT_NewArray(CRMFControl*,
|
|
numControls+1);
|
|
if (myControls == NULL) {
|
|
goto loser;
|
|
}
|
|
for (i=0; i<numControls; i++) {
|
|
myControls[i] = crmf_copy_control(poolp, srcReq->controls[i]);
|
|
if (myControls[i] == NULL) {
|
|
goto loser;
|
|
}
|
|
}
|
|
myControls[numControls] = NULL;
|
|
return SECSuccess;
|
|
loser:
|
|
if (myControls != NULL) {
|
|
if (poolp == NULL) {
|
|
for (i=0; myControls[i] != NULL; i++) {
|
|
CRMF_DestroyControl(myControls[i]);
|
|
}
|
|
}
|
|
PORT_Free(myControls);
|
|
}
|
|
return SECFailure;
|
|
}
|
|
|
|
|
|
CRMFCertRequest*
|
|
crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq)
|
|
{
|
|
CRMFCertRequest *newReq = NULL;
|
|
SECStatus rv;
|
|
|
|
if (srcReq == NULL) {
|
|
return NULL;
|
|
}
|
|
newReq = (poolp == NULL) ? PORT_ZNew(CRMFCertRequest) :
|
|
PORT_ArenaZNew(poolp, CRMFCertRequest);
|
|
if (newReq == NULL) {
|
|
goto loser;
|
|
}
|
|
rv = SECITEM_CopyItem(poolp, &newReq->certReqId, &srcReq->certReqId);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
rv = crmf_copy_cert_request_template(poolp, &newReq->certTemplate,
|
|
&srcReq->certTemplate);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
rv = crmf_copy_cert_request_controls(poolp, newReq, srcReq);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
return newReq;
|
|
loser:
|
|
if (newReq != NULL && poolp == NULL) {
|
|
CRMF_DestroyCertRequest(newReq);
|
|
PORT_Free(newReq);
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
SECStatus
|
|
CRMF_DestroyGetValidity(CRMFGetValidity *inValidity)
|
|
{
|
|
PORT_Assert(inValidity != NULL);
|
|
if (inValidity != NULL) {
|
|
if (inValidity->notAfter) {
|
|
PORT_Free(inValidity->notAfter);
|
|
inValidity->notAfter = NULL;
|
|
}
|
|
if (inValidity->notBefore) {
|
|
PORT_Free(inValidity->notBefore);
|
|
inValidity->notBefore = NULL;
|
|
}
|
|
}
|
|
return SECSuccess;
|
|
}
|
|
|
|
SECStatus
|
|
crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest, SECItem *src)
|
|
{
|
|
int origLenBits;
|
|
int bytesToCopy;
|
|
SECStatus rv;
|
|
|
|
origLenBits = src->len;
|
|
bytesToCopy = CRMF_BITS_TO_BYTES(origLenBits);
|
|
src->len = bytesToCopy;
|
|
rv = SECITEM_CopyItem(arena, dest, src);
|
|
src->len = origLenBits;
|
|
if (rv != SECSuccess) {
|
|
return rv;
|
|
}
|
|
dest->len = origLenBits;
|
|
return SECSuccess;
|
|
}
|
|
|
|
int
|
|
CRMF_CertRequestGetNumberOfExtensions(CRMFCertRequest *inCertReq)
|
|
{
|
|
CRMFCertTemplate *certTemplate;
|
|
int count = 0;
|
|
|
|
certTemplate = &inCertReq->certTemplate;
|
|
if (certTemplate->extensions) {
|
|
while (certTemplate->extensions[count] != NULL)
|
|
count++;
|
|
}
|
|
return count;
|
|
}
|
|
|
|
SECOidTag
|
|
CRMF_CertExtensionGetOidTag(CRMFCertExtension *inExtension)
|
|
{
|
|
PORT_Assert(inExtension != NULL);
|
|
if (inExtension == NULL) {
|
|
return SEC_OID_UNKNOWN;
|
|
}
|
|
return SECOID_FindOIDTag(&inExtension->id);
|
|
}
|
|
|
|
PRBool
|
|
CRMF_CertExtensionGetIsCritical(CRMFCertExtension *inExt)
|
|
{
|
|
PORT_Assert(inExt != NULL);
|
|
if (inExt == NULL) {
|
|
return PR_FALSE;
|
|
}
|
|
return inExt->critical.data != NULL;
|
|
}
|
|
|
|
SECItem*
|
|
CRMF_CertExtensionGetValue(CRMFCertExtension *inExtension)
|
|
{
|
|
PORT_Assert(inExtension != NULL);
|
|
if (inExtension == NULL) {
|
|
return NULL;
|
|
}
|
|
|
|
return SECITEM_DupItem(&inExtension->value);
|
|
}
|
|
|
|
|
|
SECStatus
|
|
CRMF_DestroyPOPOSigningKey(CRMFPOPOSigningKey *inKey)
|
|
{
|
|
PORT_Assert(inKey != NULL);
|
|
if (inKey != NULL) {
|
|
if (inKey->derInput.data != NULL) {
|
|
SECITEM_FreeItem(&inKey->derInput, PR_FALSE);
|
|
}
|
|
if (inKey->algorithmIdentifier != NULL) {
|
|
SECOID_DestroyAlgorithmID(inKey->algorithmIdentifier, PR_TRUE);
|
|
}
|
|
if (inKey->signature.data != NULL) {
|
|
SECITEM_FreeItem(&inKey->signature, PR_FALSE);
|
|
}
|
|
PORT_Free(inKey);
|
|
}
|
|
return SECSuccess;
|
|
}
|
|
|
|
SECStatus
|
|
CRMF_DestroyPOPOPrivKey(CRMFPOPOPrivKey *inPrivKey)
|
|
{
|
|
PORT_Assert(inPrivKey != NULL);
|
|
if (inPrivKey != NULL) {
|
|
SECITEM_FreeItem(&inPrivKey->message.thisMessage, PR_FALSE);
|
|
PORT_Free(inPrivKey);
|
|
}
|
|
return SECSuccess;
|
|
}
|
|
|
|
int
|
|
CRMF_CertRequestGetNumControls(CRMFCertRequest *inCertReq)
|
|
{
|
|
int count = 0;
|
|
|
|
PORT_Assert(inCertReq != NULL);
|
|
if (inCertReq == NULL) {
|
|
return 0;
|
|
}
|
|
if (inCertReq->controls) {
|
|
while (inCertReq->controls[count] != NULL)
|
|
count++;
|
|
}
|
|
return count;
|
|
}
|
|
|