зеркало из https://github.com/mozilla/gecko-dev.git
400 строки
12 KiB
C
400 строки
12 KiB
C
/* -*- Mode: C; tab-width: 8 -*-*/
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "cmmf.h"
|
|
#include "cmmfi.h"
|
|
#include "secitem.h"
|
|
#include "secder.h"
|
|
|
|
SECStatus
|
|
cmmf_DestroyPKIStatusInfo(CMMFPKIStatusInfo *info, PRBool freeit)
|
|
{
|
|
if (info->status.data != NULL) {
|
|
PORT_Free(info->status.data);
|
|
info->status.data = NULL;
|
|
}
|
|
if (info->statusString.data != NULL) {
|
|
PORT_Free(info->statusString.data);
|
|
info->statusString.data = NULL;
|
|
}
|
|
if (info->failInfo.data != NULL) {
|
|
PORT_Free(info->failInfo.data);
|
|
info->failInfo.data = NULL;
|
|
}
|
|
if (freeit) {
|
|
PORT_Free(info);
|
|
}
|
|
return SECSuccess;
|
|
}
|
|
|
|
SECStatus
|
|
CMMF_DestroyCertResponse(CMMFCertResponse *inCertResp)
|
|
{
|
|
PORT_Assert(inCertResp != NULL);
|
|
if (inCertResp != NULL) {
|
|
if (inCertResp->certReqId.data != NULL) {
|
|
PORT_Free(inCertResp->certReqId.data);
|
|
}
|
|
cmmf_DestroyPKIStatusInfo(&inCertResp->status, PR_FALSE);
|
|
if (inCertResp->certifiedKeyPair != NULL) {
|
|
CMMF_DestroyCertifiedKeyPair(inCertResp->certifiedKeyPair);
|
|
}
|
|
PORT_Free(inCertResp);
|
|
}
|
|
return SECSuccess;
|
|
}
|
|
|
|
SECStatus
|
|
CMMF_DestroyCertRepContent(CMMFCertRepContent *inCertRepContent)
|
|
{
|
|
PORT_Assert(inCertRepContent != NULL);
|
|
if (inCertRepContent != NULL) {
|
|
CMMFCertResponse **pResponse = inCertRepContent->response;
|
|
if (pResponse != NULL) {
|
|
for (; *pResponse != NULL; pResponse++) {
|
|
CMMFCertifiedKeyPair *certKeyPair = (*pResponse)->certifiedKeyPair;
|
|
/* XXX Why not call CMMF_DestroyCertifiedKeyPair or
|
|
** XXX cmmf_DestroyCertOrEncCert ?
|
|
*/
|
|
if (certKeyPair != NULL &&
|
|
certKeyPair->certOrEncCert.choice == cmmfCertificate &&
|
|
certKeyPair->certOrEncCert.cert.certificate != NULL) {
|
|
CERT_DestroyCertificate(certKeyPair->certOrEncCert.cert.certificate);
|
|
certKeyPair->certOrEncCert.cert.certificate = NULL;
|
|
}
|
|
}
|
|
}
|
|
if (inCertRepContent->caPubs) {
|
|
CERTCertificate **caPubs = inCertRepContent->caPubs;
|
|
for (; *caPubs; ++caPubs) {
|
|
CERT_DestroyCertificate(*caPubs);
|
|
*caPubs = NULL;
|
|
}
|
|
}
|
|
if (inCertRepContent->poolp != NULL) {
|
|
PORT_FreeArena(inCertRepContent->poolp, PR_TRUE);
|
|
}
|
|
}
|
|
return SECSuccess;
|
|
}
|
|
|
|
SECStatus
|
|
CMMF_DestroyPOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyCont)
|
|
{
|
|
PORT_Assert(inDecKeyCont != NULL);
|
|
if (inDecKeyCont != NULL && inDecKeyCont->poolp) {
|
|
PORT_FreeArena(inDecKeyCont->poolp, PR_FALSE);
|
|
}
|
|
return SECSuccess;
|
|
}
|
|
|
|
SECStatus
|
|
crmf_create_prtime(SECItem *src, PRTime **dest)
|
|
{
|
|
*dest = PORT_ZNew(PRTime);
|
|
return DER_DecodeTimeChoice(*dest, src);
|
|
}
|
|
|
|
CRMFCertExtension *
|
|
crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension)
|
|
{
|
|
PRBool isCritical;
|
|
SECOidTag id;
|
|
SECItem *data;
|
|
CRMFCertExtension *newExt;
|
|
|
|
PORT_Assert(inExtension != NULL);
|
|
if (inExtension == NULL) {
|
|
return NULL;
|
|
}
|
|
id = CRMF_CertExtensionGetOidTag(inExtension);
|
|
isCritical = CRMF_CertExtensionGetIsCritical(inExtension);
|
|
data = CRMF_CertExtensionGetValue(inExtension);
|
|
newExt = crmf_create_cert_extension(poolp, id,
|
|
isCritical,
|
|
data);
|
|
SECITEM_FreeItem(data, PR_TRUE);
|
|
return newExt;
|
|
}
|
|
|
|
static SECItem *
|
|
cmmf_encode_certificate(CERTCertificate *inCert)
|
|
{
|
|
return SEC_ASN1EncodeItem(NULL, NULL, inCert,
|
|
SEC_ASN1_GET(SEC_SignedCertificateTemplate));
|
|
}
|
|
|
|
CERTCertList *
|
|
cmmf_MakeCertList(CERTCertificate **inCerts)
|
|
{
|
|
CERTCertList *certList;
|
|
CERTCertificate *currCert;
|
|
SECItem *derCert, *freeCert = NULL;
|
|
SECStatus rv;
|
|
int i;
|
|
|
|
certList = CERT_NewCertList();
|
|
if (certList == NULL) {
|
|
return NULL;
|
|
}
|
|
for (i = 0; inCerts[i] != NULL; i++) {
|
|
derCert = &inCerts[i]->derCert;
|
|
if (derCert->data == NULL) {
|
|
derCert = freeCert = cmmf_encode_certificate(inCerts[i]);
|
|
}
|
|
currCert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
|
|
derCert, NULL, PR_FALSE, PR_TRUE);
|
|
if (freeCert != NULL) {
|
|
SECITEM_FreeItem(freeCert, PR_TRUE);
|
|
freeCert = NULL;
|
|
}
|
|
if (currCert == NULL) {
|
|
goto loser;
|
|
}
|
|
rv = CERT_AddCertToListTail(certList, currCert);
|
|
if (rv != SECSuccess) {
|
|
goto loser;
|
|
}
|
|
}
|
|
return certList;
|
|
loser:
|
|
CERT_DestroyCertList(certList);
|
|
return NULL;
|
|
}
|
|
|
|
CMMFPKIStatus
|
|
cmmf_PKIStatusInfoGetStatus(CMMFPKIStatusInfo *inStatus)
|
|
{
|
|
long derVal;
|
|
|
|
derVal = DER_GetInteger(&inStatus->status);
|
|
if (derVal == -1 || derVal < cmmfGranted || derVal >= cmmfNumPKIStatus) {
|
|
return cmmfNoPKIStatus;
|
|
}
|
|
return (CMMFPKIStatus)derVal;
|
|
}
|
|
|
|
int
|
|
CMMF_CertRepContentGetNumResponses(CMMFCertRepContent *inCertRepContent)
|
|
{
|
|
int numResponses = 0;
|
|
PORT_Assert(inCertRepContent != NULL);
|
|
if (inCertRepContent != NULL && inCertRepContent->response != NULL) {
|
|
while (inCertRepContent->response[numResponses] != NULL) {
|
|
numResponses++;
|
|
}
|
|
}
|
|
return numResponses;
|
|
}
|
|
|
|
SECStatus
|
|
cmmf_DestroyCertOrEncCert(CMMFCertOrEncCert *certOrEncCert, PRBool freeit)
|
|
{
|
|
switch (certOrEncCert->choice) {
|
|
case cmmfCertificate:
|
|
CERT_DestroyCertificate(certOrEncCert->cert.certificate);
|
|
certOrEncCert->cert.certificate = NULL;
|
|
break;
|
|
case cmmfEncryptedCert:
|
|
crmf_destroy_encrypted_value(certOrEncCert->cert.encryptedCert,
|
|
PR_TRUE);
|
|
certOrEncCert->cert.encryptedCert = NULL;
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
if (freeit) {
|
|
PORT_Free(certOrEncCert);
|
|
}
|
|
return SECSuccess;
|
|
}
|
|
|
|
SECStatus
|
|
cmmf_copy_secitem(PLArenaPool *poolp, SECItem *dest, SECItem *src)
|
|
{
|
|
SECStatus rv;
|
|
|
|
if (src->data != NULL) {
|
|
rv = SECITEM_CopyItem(poolp, dest, src);
|
|
} else {
|
|
dest->data = NULL;
|
|
dest->len = 0;
|
|
rv = SECSuccess;
|
|
}
|
|
return rv;
|
|
}
|
|
|
|
SECStatus
|
|
CMMF_DestroyCertifiedKeyPair(CMMFCertifiedKeyPair *inCertKeyPair)
|
|
{
|
|
PORT_Assert(inCertKeyPair != NULL);
|
|
if (inCertKeyPair != NULL) {
|
|
cmmf_DestroyCertOrEncCert(&inCertKeyPair->certOrEncCert, PR_FALSE);
|
|
if (inCertKeyPair->privateKey) {
|
|
crmf_destroy_encrypted_value(inCertKeyPair->privateKey, PR_TRUE);
|
|
}
|
|
if (inCertKeyPair->derPublicationInfo.data) {
|
|
PORT_Free(inCertKeyPair->derPublicationInfo.data);
|
|
}
|
|
PORT_Free(inCertKeyPair);
|
|
}
|
|
return SECSuccess;
|
|
}
|
|
|
|
SECStatus
|
|
cmmf_CopyCertResponse(PLArenaPool *poolp,
|
|
CMMFCertResponse *dest,
|
|
CMMFCertResponse *src)
|
|
{
|
|
SECStatus rv;
|
|
|
|
if (src->certReqId.data != NULL) {
|
|
rv = SECITEM_CopyItem(poolp, &dest->certReqId, &src->certReqId);
|
|
if (rv != SECSuccess) {
|
|
return rv;
|
|
}
|
|
}
|
|
rv = cmmf_CopyPKIStatusInfo(poolp, &dest->status, &src->status);
|
|
if (rv != SECSuccess) {
|
|
return rv;
|
|
}
|
|
if (src->certifiedKeyPair != NULL) {
|
|
CMMFCertifiedKeyPair *destKeyPair;
|
|
|
|
destKeyPair = (poolp == NULL) ? PORT_ZNew(CMMFCertifiedKeyPair) : PORT_ArenaZNew(poolp, CMMFCertifiedKeyPair);
|
|
if (!destKeyPair) {
|
|
return SECFailure;
|
|
}
|
|
rv = cmmf_CopyCertifiedKeyPair(poolp, destKeyPair,
|
|
src->certifiedKeyPair);
|
|
if (rv != SECSuccess) {
|
|
if (!poolp) {
|
|
CMMF_DestroyCertifiedKeyPair(destKeyPair);
|
|
}
|
|
return rv;
|
|
}
|
|
dest->certifiedKeyPair = destKeyPair;
|
|
}
|
|
return SECSuccess;
|
|
}
|
|
|
|
static SECStatus
|
|
cmmf_CopyCertOrEncCert(PLArenaPool *poolp, CMMFCertOrEncCert *dest,
|
|
CMMFCertOrEncCert *src)
|
|
{
|
|
SECStatus rv = SECSuccess;
|
|
CRMFEncryptedValue *encVal;
|
|
|
|
dest->choice = src->choice;
|
|
rv = cmmf_copy_secitem(poolp, &dest->derValue, &src->derValue);
|
|
switch (src->choice) {
|
|
case cmmfCertificate:
|
|
dest->cert.certificate = CERT_DupCertificate(src->cert.certificate);
|
|
break;
|
|
case cmmfEncryptedCert:
|
|
encVal = (poolp == NULL) ? PORT_ZNew(CRMFEncryptedValue) : PORT_ArenaZNew(poolp, CRMFEncryptedValue);
|
|
if (encVal == NULL) {
|
|
return SECFailure;
|
|
}
|
|
rv = crmf_copy_encryptedvalue(poolp, src->cert.encryptedCert, encVal);
|
|
if (rv != SECSuccess) {
|
|
if (!poolp) {
|
|
crmf_destroy_encrypted_value(encVal, PR_TRUE);
|
|
}
|
|
return rv;
|
|
}
|
|
dest->cert.encryptedCert = encVal;
|
|
break;
|
|
default:
|
|
rv = SECFailure;
|
|
}
|
|
return rv;
|
|
}
|
|
|
|
SECStatus
|
|
cmmf_CopyCertifiedKeyPair(PLArenaPool *poolp, CMMFCertifiedKeyPair *dest,
|
|
CMMFCertifiedKeyPair *src)
|
|
{
|
|
SECStatus rv;
|
|
|
|
rv = cmmf_CopyCertOrEncCert(poolp, &dest->certOrEncCert,
|
|
&src->certOrEncCert);
|
|
if (rv != SECSuccess) {
|
|
return rv;
|
|
}
|
|
|
|
if (src->privateKey != NULL) {
|
|
CRMFEncryptedValue *encVal;
|
|
|
|
encVal = (poolp == NULL) ? PORT_ZNew(CRMFEncryptedValue) : PORT_ArenaZNew(poolp, CRMFEncryptedValue);
|
|
if (encVal == NULL) {
|
|
return SECFailure;
|
|
}
|
|
rv = crmf_copy_encryptedvalue(poolp, src->privateKey,
|
|
encVal);
|
|
if (rv != SECSuccess) {
|
|
if (!poolp) {
|
|
crmf_destroy_encrypted_value(encVal, PR_TRUE);
|
|
}
|
|
return rv;
|
|
}
|
|
dest->privateKey = encVal;
|
|
}
|
|
rv = cmmf_copy_secitem(poolp, &dest->derPublicationInfo,
|
|
&src->derPublicationInfo);
|
|
return rv;
|
|
}
|
|
|
|
SECStatus
|
|
cmmf_CopyPKIStatusInfo(PLArenaPool *poolp, CMMFPKIStatusInfo *dest,
|
|
CMMFPKIStatusInfo *src)
|
|
{
|
|
SECStatus rv;
|
|
|
|
rv = cmmf_copy_secitem(poolp, &dest->status, &src->status);
|
|
if (rv != SECSuccess) {
|
|
return rv;
|
|
}
|
|
rv = cmmf_copy_secitem(poolp, &dest->statusString, &src->statusString);
|
|
if (rv != SECSuccess) {
|
|
return rv;
|
|
}
|
|
rv = cmmf_copy_secitem(poolp, &dest->failInfo, &src->failInfo);
|
|
return rv;
|
|
}
|
|
|
|
CERTCertificate *
|
|
cmmf_CertOrEncCertGetCertificate(CMMFCertOrEncCert *certOrEncCert,
|
|
CERTCertDBHandle *certdb)
|
|
{
|
|
if (certOrEncCert->choice != cmmfCertificate ||
|
|
certOrEncCert->cert.certificate == NULL) {
|
|
return NULL;
|
|
}
|
|
return CERT_NewTempCertificate(certdb,
|
|
&certOrEncCert->cert.certificate->derCert,
|
|
NULL, PR_FALSE, PR_TRUE);
|
|
}
|
|
|
|
SECStatus
|
|
cmmf_PKIStatusInfoSetStatus(CMMFPKIStatusInfo *statusInfo,
|
|
PLArenaPool *poolp,
|
|
CMMFPKIStatus inStatus)
|
|
{
|
|
SECItem *dummy;
|
|
|
|
if (inStatus < cmmfGranted || inStatus >= cmmfNumPKIStatus) {
|
|
return SECFailure;
|
|
}
|
|
|
|
dummy = SEC_ASN1EncodeInteger(poolp, &statusInfo->status, inStatus);
|
|
PORT_Assert(dummy == &statusInfo->status);
|
|
if (dummy != &statusInfo->status) {
|
|
SECITEM_FreeItem(dummy, PR_TRUE);
|
|
return SECFailure;
|
|
}
|
|
return SECSuccess;
|
|
}
|