gecko-dev/security/nss/lib/crmf/servget.c

975 строки
26 KiB
C

/* -*- Mode: C; tab-width: 8 -*-*/
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "cmmf.h"
#include "cmmfi.h"
#include "secitem.h"
#include "keyhi.h"
#include "secder.h"
CRMFEncryptedKeyChoice
CRMF_EncryptedKeyGetChoice(CRMFEncryptedKey *inEncrKey)
{
PORT_Assert(inEncrKey != NULL);
if (inEncrKey == NULL) {
return crmfNoEncryptedKeyChoice;
}
return inEncrKey->encKeyChoice;
}
CRMFEncryptedValue *
CRMF_EncryptedKeyGetEncryptedValue(CRMFEncryptedKey *inEncrKey)
{
CRMFEncryptedValue *newEncrValue = NULL;
SECStatus rv;
PORT_Assert(inEncrKey != NULL);
if (inEncrKey == NULL ||
CRMF_EncryptedKeyGetChoice(inEncrKey) != crmfEncryptedValueChoice) {
goto loser;
}
newEncrValue = PORT_ZNew(CRMFEncryptedValue);
if (newEncrValue == NULL) {
goto loser;
}
rv = crmf_copy_encryptedvalue(NULL, &inEncrKey->value.encryptedValue,
newEncrValue);
if (rv != SECSuccess) {
goto loser;
}
return newEncrValue;
loser:
if (newEncrValue != NULL) {
CRMF_DestroyEncryptedValue(newEncrValue);
}
return NULL;
}
static SECItem *
crmf_get_encvalue_bitstring(SECItem *srcItem)
{
SECItem *newItem = NULL;
SECStatus rv;
if (srcItem->data == NULL) {
return NULL;
}
newItem = PORT_ZNew(SECItem);
if (newItem == NULL) {
goto loser;
}
rv = crmf_make_bitstring_copy(NULL, newItem, srcItem);
if (rv != SECSuccess) {
goto loser;
}
return newItem;
loser:
if (newItem != NULL) {
SECITEM_FreeItem(newItem, PR_TRUE);
}
return NULL;
}
SECItem *
CRMF_EncryptedValueGetEncSymmKey(CRMFEncryptedValue *inEncValue)
{
if (inEncValue == NULL) {
return NULL;
}
return crmf_get_encvalue_bitstring(&inEncValue->encSymmKey);
}
SECItem *
CRMF_EncryptedValueGetEncValue(CRMFEncryptedValue *inEncrValue)
{
if (inEncrValue == NULL || inEncrValue->encValue.data == NULL) {
return NULL;
}
return crmf_get_encvalue_bitstring(&inEncrValue->encValue);
}
static SECAlgorithmID *
crmf_get_encvalue_algid(SECAlgorithmID *srcAlg)
{
SECStatus rv;
SECAlgorithmID *newAlgID;
if (srcAlg == NULL) {
return NULL;
}
rv = crmf_copy_encryptedvalue_secalg(NULL, srcAlg, &newAlgID);
if (rv != SECSuccess) {
return NULL;
}
return newAlgID;
}
SECAlgorithmID *
CRMF_EncryptedValueGetIntendedAlg(CRMFEncryptedValue *inEncValue)
{
if (inEncValue == NULL) {
return NULL;
}
return crmf_get_encvalue_algid(inEncValue->intendedAlg);
}
SECAlgorithmID *
CRMF_EncryptedValueGetKeyAlg(CRMFEncryptedValue *inEncValue)
{
if (inEncValue == NULL) {
return NULL;
}
return crmf_get_encvalue_algid(inEncValue->keyAlg);
}
SECAlgorithmID *
CRMF_EncryptedValueGetSymmAlg(CRMFEncryptedValue *inEncValue)
{
if (inEncValue == NULL) {
return NULL;
}
return crmf_get_encvalue_algid(inEncValue->symmAlg);
}
SECItem *
CRMF_EncryptedValueGetValueHint(CRMFEncryptedValue *inEncValue)
{
if (inEncValue == NULL || inEncValue->valueHint.data == NULL) {
return NULL;
}
return SECITEM_DupItem(&inEncValue->valueHint);
}
SECStatus
CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey(CRMFPKIArchiveOptions *inOpt,
PRBool *destVal)
{
if (inOpt == NULL || destVal == NULL ||
CRMF_PKIArchiveOptionsGetOptionType(inOpt) != crmfArchiveRemGenPrivKey) {
return SECFailure;
}
*destVal = (inOpt->option.archiveRemGenPrivKey.data[0] == hexFalse)
? PR_FALSE
: PR_TRUE;
return SECSuccess;
}
CRMFEncryptedKey *
CRMF_PKIArchiveOptionsGetEncryptedPrivKey(CRMFPKIArchiveOptions *inOpts)
{
CRMFEncryptedKey *newEncrKey = NULL;
SECStatus rv;
PORT_Assert(inOpts != NULL);
if (inOpts == NULL ||
CRMF_PKIArchiveOptionsGetOptionType(inOpts) != crmfEncryptedPrivateKey) {
return NULL;
}
newEncrKey = PORT_ZNew(CRMFEncryptedKey);
if (newEncrKey == NULL) {
goto loser;
}
rv = crmf_copy_encryptedkey(NULL, &inOpts->option.encryptedKey,
newEncrKey);
if (rv != SECSuccess) {
goto loser;
}
return newEncrKey;
loser:
if (newEncrKey != NULL) {
CRMF_DestroyEncryptedKey(newEncrKey);
}
return NULL;
}
SECItem *
CRMF_PKIArchiveOptionsGetKeyGenParameters(CRMFPKIArchiveOptions *inOptions)
{
if (inOptions == NULL ||
CRMF_PKIArchiveOptionsGetOptionType(inOptions) != crmfKeyGenParameters ||
inOptions->option.keyGenParameters.data == NULL) {
return NULL;
}
return SECITEM_DupItem(&inOptions->option.keyGenParameters);
}
CRMFPKIArchiveOptionsType
CRMF_PKIArchiveOptionsGetOptionType(CRMFPKIArchiveOptions *inOptions)
{
PORT_Assert(inOptions != NULL);
if (inOptions == NULL) {
return crmfNoArchiveOptions;
}
return inOptions->archOption;
}
static SECStatus
crmf_extract_long_from_item(SECItem *intItem, long *destLong)
{
*destLong = DER_GetInteger(intItem);
return (*destLong == -1) ? SECFailure : SECSuccess;
}
SECStatus
CRMF_POPOPrivGetKeySubseqMess(CRMFPOPOPrivKey *inKey,
CRMFSubseqMessOptions *destOpt)
{
long value;
SECStatus rv;
PORT_Assert(inKey != NULL);
if (inKey == NULL ||
inKey->messageChoice != crmfSubsequentMessage) {
return SECFailure;
}
rv = crmf_extract_long_from_item(&inKey->message.subsequentMessage, &value);
if (rv != SECSuccess) {
return SECFailure;
}
switch (value) {
case 0:
*destOpt = crmfEncrCert;
break;
case 1:
*destOpt = crmfChallengeResp;
break;
default:
rv = SECFailure;
}
if (rv != SECSuccess) {
return rv;
}
return SECSuccess;
}
CRMFPOPOPrivKeyChoice
CRMF_POPOPrivKeyGetChoice(CRMFPOPOPrivKey *inPrivKey)
{
PORT_Assert(inPrivKey != NULL);
if (inPrivKey != NULL) {
return inPrivKey->messageChoice;
}
return crmfNoMessage;
}
SECStatus
CRMF_POPOPrivKeyGetDHMAC(CRMFPOPOPrivKey *inKey, SECItem *destMAC)
{
PORT_Assert(inKey != NULL);
if (inKey == NULL || inKey->message.dhMAC.data == NULL) {
return SECFailure;
}
return crmf_make_bitstring_copy(NULL, destMAC, &inKey->message.dhMAC);
}
SECStatus
CRMF_POPOPrivKeyGetThisMessage(CRMFPOPOPrivKey *inKey,
SECItem *destString)
{
PORT_Assert(inKey != NULL);
if (inKey == NULL ||
inKey->messageChoice != crmfThisMessage) {
return SECFailure;
}
return crmf_make_bitstring_copy(NULL, destString,
&inKey->message.thisMessage);
}
SECAlgorithmID *
CRMF_POPOSigningKeyGetAlgID(CRMFPOPOSigningKey *inSignKey)
{
SECAlgorithmID *newAlgId = NULL;
SECStatus rv;
PORT_Assert(inSignKey != NULL);
if (inSignKey == NULL) {
return NULL;
}
newAlgId = PORT_ZNew(SECAlgorithmID);
if (newAlgId == NULL) {
goto loser;
}
rv = SECOID_CopyAlgorithmID(NULL, newAlgId,
inSignKey->algorithmIdentifier);
if (rv != SECSuccess) {
goto loser;
}
return newAlgId;
loser:
if (newAlgId != NULL) {
SECOID_DestroyAlgorithmID(newAlgId, PR_TRUE);
}
return NULL;
}
SECItem *
CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey)
{
PORT_Assert(inSignKey != NULL);
if (inSignKey == NULL || inSignKey->derInput.data == NULL) {
return NULL;
}
return SECITEM_DupItem(&inSignKey->derInput);
}
SECItem *
CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey)
{
SECItem *newSig = NULL;
SECStatus rv;
PORT_Assert(inSignKey != NULL);
if (inSignKey == NULL) {
return NULL;
}
newSig = PORT_ZNew(SECItem);
if (newSig == NULL) {
goto loser;
}
rv = crmf_make_bitstring_copy(NULL, newSig, &inSignKey->signature);
if (rv != SECSuccess) {
goto loser;
}
return newSig;
loser:
if (newSig != NULL) {
SECITEM_FreeItem(newSig, PR_TRUE);
}
return NULL;
}
static SECStatus
crmf_copy_poposigningkey(PLArenaPool *poolp,
CRMFPOPOSigningKey *inPopoSignKey,
CRMFPOPOSigningKey *destPopoSignKey)
{
SECStatus rv;
/* We don't support use of the POPOSigningKeyInput, so we'll only
* store away the DER encoding.
*/
if (inPopoSignKey->derInput.data != NULL) {
rv = SECITEM_CopyItem(poolp, &destPopoSignKey->derInput,
&inPopoSignKey->derInput);
if (rv != SECSuccess) {
goto loser;
}
}
destPopoSignKey->algorithmIdentifier = (poolp == NULL) ? PORT_ZNew(SECAlgorithmID)
: PORT_ArenaZNew(poolp, SECAlgorithmID);
if (destPopoSignKey->algorithmIdentifier == NULL) {
goto loser;
}
rv = SECOID_CopyAlgorithmID(poolp, destPopoSignKey->algorithmIdentifier,
inPopoSignKey->algorithmIdentifier);
if (rv != SECSuccess) {
goto loser;
}
rv = crmf_make_bitstring_copy(poolp, &destPopoSignKey->signature,
&inPopoSignKey->signature);
if (rv != SECSuccess) {
goto loser;
}
return SECSuccess;
loser:
if (poolp == NULL) {
CRMF_DestroyPOPOSigningKey(destPopoSignKey);
}
return SECFailure;
}
static SECStatus
crmf_copy_popoprivkey(PLArenaPool *poolp,
CRMFPOPOPrivKey *srcPrivKey,
CRMFPOPOPrivKey *destPrivKey)
{
SECStatus rv;
destPrivKey->messageChoice = srcPrivKey->messageChoice;
switch (destPrivKey->messageChoice) {
case crmfThisMessage:
case crmfDHMAC:
/* I've got a union, so taking the address of one, will also give
* me a pointer to the other (eg, message.dhMAC)
*/
rv = crmf_make_bitstring_copy(poolp, &destPrivKey->message.thisMessage,
&srcPrivKey->message.thisMessage);
break;
case crmfSubsequentMessage:
rv = SECITEM_CopyItem(poolp, &destPrivKey->message.subsequentMessage,
&srcPrivKey->message.subsequentMessage);
break;
default:
rv = SECFailure;
}
if (rv != SECSuccess && poolp == NULL) {
CRMF_DestroyPOPOPrivKey(destPrivKey);
}
return rv;
}
static CRMFProofOfPossession *
crmf_copy_pop(PLArenaPool *poolp, CRMFProofOfPossession *srcPOP)
{
CRMFProofOfPossession *newPOP;
SECStatus rv;
/*
* Proof Of Possession structures are always part of the Request
* message, so there will always be an arena for allocating memory.
*/
if (poolp == NULL) {
return NULL;
}
newPOP = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
if (newPOP == NULL) {
return NULL;
}
switch (srcPOP->popUsed) {
case crmfRAVerified:
newPOP->popChoice.raVerified.data = NULL;
newPOP->popChoice.raVerified.len = 0;
break;
case crmfSignature:
rv = crmf_copy_poposigningkey(poolp, &srcPOP->popChoice.signature,
&newPOP->popChoice.signature);
if (rv != SECSuccess) {
goto loser;
}
break;
case crmfKeyEncipherment:
case crmfKeyAgreement:
/* We've got a union, so a pointer to one, is a pointer to the
* other one.
*/
rv = crmf_copy_popoprivkey(poolp, &srcPOP->popChoice.keyEncipherment,
&newPOP->popChoice.keyEncipherment);
if (rv != SECSuccess) {
goto loser;
}
break;
default:
goto loser;
}
newPOP->popUsed = srcPOP->popUsed;
return newPOP;
loser:
return NULL;
}
static CRMFCertReqMsg *
crmf_copy_cert_req_msg(CRMFCertReqMsg *srcReqMsg)
{
CRMFCertReqMsg *newReqMsg;
PLArenaPool *poolp;
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
if (poolp == NULL) {
return NULL;
}
newReqMsg = PORT_ArenaZNew(poolp, CRMFCertReqMsg);
if (newReqMsg == NULL) {
PORT_FreeArena(poolp, PR_TRUE);
return NULL;
}
newReqMsg->poolp = poolp;
newReqMsg->certReq = crmf_copy_cert_request(poolp, srcReqMsg->certReq);
if (newReqMsg->certReq == NULL) {
goto loser;
}
newReqMsg->pop = crmf_copy_pop(poolp, srcReqMsg->pop);
if (newReqMsg->pop == NULL) {
goto loser;
}
/* None of my set/get routines operate on the regInfo field, so
* for now, that won't get copied over.
*/
return newReqMsg;
loser:
CRMF_DestroyCertReqMsg(newReqMsg);
return NULL;
}
CRMFCertReqMsg *
CRMF_CertReqMessagesGetCertReqMsgAtIndex(CRMFCertReqMessages *inReqMsgs,
int index)
{
int numMsgs;
PORT_Assert(inReqMsgs != NULL && index >= 0);
if (inReqMsgs == NULL) {
return NULL;
}
numMsgs = CRMF_CertReqMessagesGetNumMessages(inReqMsgs);
if (index < 0 || index >= numMsgs) {
return NULL;
}
return crmf_copy_cert_req_msg(inReqMsgs->messages[index]);
}
int
CRMF_CertReqMessagesGetNumMessages(CRMFCertReqMessages *inCertReqMsgs)
{
int numMessages = 0;
PORT_Assert(inCertReqMsgs != NULL);
if (inCertReqMsgs == NULL) {
return 0;
}
while (inCertReqMsgs->messages[numMessages] != NULL) {
numMessages++;
}
return numMessages;
}
CRMFCertRequest *
CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg)
{
PLArenaPool *poolp = NULL;
CRMFCertRequest *newCertReq = NULL;
PORT_Assert(inCertReqMsg != NULL);
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
if (poolp == NULL) {
goto loser;
}
newCertReq = crmf_copy_cert_request(poolp, inCertReqMsg->certReq);
if (newCertReq == NULL) {
goto loser;
}
newCertReq->poolp = poolp;
return newCertReq;
loser:
if (poolp != NULL) {
PORT_FreeArena(poolp, PR_FALSE);
}
return NULL;
}
SECStatus
CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg, long *destID)
{
PORT_Assert(inCertReqMsg != NULL && destID != NULL);
if (inCertReqMsg == NULL || inCertReqMsg->certReq == NULL) {
return SECFailure;
}
return crmf_extract_long_from_item(&inCertReqMsg->certReq->certReqId,
destID);
}
SECStatus
CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg *inCertReqMsg,
CRMFPOPOPrivKey **destKey)
{
PORT_Assert(inCertReqMsg != NULL && destKey != NULL);
if (inCertReqMsg == NULL || destKey == NULL ||
CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyAgreement) {
return SECFailure;
}
*destKey = PORT_ZNew(CRMFPOPOPrivKey);
if (*destKey == NULL) {
return SECFailure;
}
return crmf_copy_popoprivkey(NULL,
&inCertReqMsg->pop->popChoice.keyAgreement,
*destKey);
}
SECStatus
CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg,
CRMFPOPOPrivKey **destKey)
{
PORT_Assert(inCertReqMsg != NULL && destKey != NULL);
if (inCertReqMsg == NULL || destKey == NULL ||
CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyEncipherment) {
return SECFailure;
}
*destKey = PORT_ZNew(CRMFPOPOPrivKey);
if (*destKey == NULL) {
return SECFailure;
}
return crmf_copy_popoprivkey(NULL,
&inCertReqMsg->pop->popChoice.keyEncipherment,
*destKey);
}
SECStatus
CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg,
CRMFPOPOSigningKey **destKey)
{
CRMFProofOfPossession *pop;
PORT_Assert(inCertReqMsg != NULL);
if (inCertReqMsg == NULL) {
return SECFailure;
}
pop = inCertReqMsg->pop;
;
if (pop->popUsed != crmfSignature) {
return SECFailure;
}
*destKey = PORT_ZNew(CRMFPOPOSigningKey);
if (*destKey == NULL) {
return SECFailure;
}
return crmf_copy_poposigningkey(NULL, &pop->popChoice.signature, *destKey);
}
static SECStatus
crmf_copy_name(CERTName *destName, CERTName *srcName)
{
PLArenaPool *poolp = NULL;
SECStatus rv;
if (destName->arena != NULL) {
poolp = destName->arena;
} else {
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
}
if (poolp == NULL) {
return SECFailure;
}
/* Need to do this so that CERT_CopyName doesn't free out
* the arena from underneath us.
*/
destName->arena = NULL;
rv = CERT_CopyName(poolp, destName, srcName);
destName->arena = poolp;
return rv;
}
SECStatus
CRMF_CertRequestGetCertTemplateIssuer(CRMFCertRequest *inCertReq,
CERTName *destIssuer)
{
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
return SECFailure;
}
if (CRMF_DoesRequestHaveField(inCertReq, crmfIssuer)) {
return crmf_copy_name(destIssuer,
inCertReq->certTemplate.issuer);
}
return SECFailure;
}
SECStatus
CRMF_CertRequestGetCertTemplateIssuerUID(CRMFCertRequest *inCertReq,
SECItem *destIssuerUID)
{
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
return SECFailure;
}
if (CRMF_DoesRequestHaveField(inCertReq, crmfIssuerUID)) {
return crmf_make_bitstring_copy(NULL, destIssuerUID,
&inCertReq->certTemplate.issuerUID);
}
return SECFailure;
}
SECStatus
CRMF_CertRequestGetCertTemplatePublicKey(CRMFCertRequest *inCertReq,
CERTSubjectPublicKeyInfo *destPublicKey)
{
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
return SECFailure;
}
if (CRMF_DoesRequestHaveField(inCertReq, crmfPublicKey)) {
return SECKEY_CopySubjectPublicKeyInfo(NULL, destPublicKey,
inCertReq->certTemplate.publicKey);
}
return SECFailure;
}
SECStatus
CRMF_CertRequestGetCertTemplateSerialNumber(CRMFCertRequest *inCertReq,
long *serialNumber)
{
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
return SECFailure;
}
if (CRMF_DoesRequestHaveField(inCertReq, crmfSerialNumber)) {
return crmf_extract_long_from_item(&inCertReq->certTemplate.serialNumber,
serialNumber);
}
return SECFailure;
}
SECStatus
CRMF_CertRequestGetCertTemplateSigningAlg(CRMFCertRequest *inCertReq,
SECAlgorithmID *destAlg)
{
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
return SECFailure;
}
if (CRMF_DoesRequestHaveField(inCertReq, crmfSigningAlg)) {
return SECOID_CopyAlgorithmID(NULL, destAlg,
inCertReq->certTemplate.signingAlg);
}
return SECFailure;
}
SECStatus
CRMF_CertRequestGetCertTemplateSubject(CRMFCertRequest *inCertReq,
CERTName *destSubject)
{
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
return SECFailure;
}
if (CRMF_DoesRequestHaveField(inCertReq, crmfSubject)) {
return crmf_copy_name(destSubject, inCertReq->certTemplate.subject);
}
return SECFailure;
}
SECStatus
CRMF_CertRequestGetCertTemplateSubjectUID(CRMFCertRequest *inCertReq,
SECItem *destSubjectUID)
{
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
return SECFailure;
}
if (CRMF_DoesRequestHaveField(inCertReq, crmfSubjectUID)) {
return crmf_make_bitstring_copy(NULL, destSubjectUID,
&inCertReq->certTemplate.subjectUID);
}
return SECFailure;
}
SECStatus
CRMF_CertRequestGetCertTemplateVersion(CRMFCertRequest *inCertReq,
long *version)
{
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
return SECFailure;
}
if (CRMF_DoesRequestHaveField(inCertReq, crmfVersion)) {
return crmf_extract_long_from_item(&inCertReq->certTemplate.version,
version);
}
return SECFailure;
}
static SECStatus
crmf_copy_validity(CRMFGetValidity *destValidity,
CRMFOptionalValidity *src)
{
SECStatus rv;
destValidity->notBefore = destValidity->notAfter = NULL;
if (src->notBefore.data != NULL) {
rv = crmf_create_prtime(&src->notBefore,
&destValidity->notBefore);
if (rv != SECSuccess) {
return rv;
}
}
if (src->notAfter.data != NULL) {
rv = crmf_create_prtime(&src->notAfter,
&destValidity->notAfter);
if (rv != SECSuccess) {
return rv;
}
}
return SECSuccess;
}
SECStatus
CRMF_CertRequestGetCertTemplateValidity(CRMFCertRequest *inCertReq,
CRMFGetValidity *destValidity)
{
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
return SECFailure;
}
if (CRMF_DoesRequestHaveField(inCertReq, crmfValidity)) {
return crmf_copy_validity(destValidity,
inCertReq->certTemplate.validity);
}
return SECFailure;
}
CRMFControl *
CRMF_CertRequestGetControlAtIndex(CRMFCertRequest *inCertReq, int index)
{
CRMFControl *newControl, *srcControl;
int numControls;
SECStatus rv;
PORT_Assert(inCertReq != NULL);
if (inCertReq == NULL) {
return NULL;
}
numControls = CRMF_CertRequestGetNumControls(inCertReq);
if (index >= numControls || index < 0) {
return NULL;
}
newControl = PORT_ZNew(CRMFControl);
if (newControl == NULL) {
return NULL;
}
srcControl = inCertReq->controls[index];
newControl->tag = srcControl->tag;
rv = SECITEM_CopyItem(NULL, &newControl->derTag, &srcControl->derTag);
if (rv != SECSuccess) {
goto loser;
}
rv = SECITEM_CopyItem(NULL, &newControl->derValue,
&srcControl->derValue);
if (rv != SECSuccess) {
goto loser;
}
/* Copy over the PKIArchiveOptions stuff */
switch (srcControl->tag) {
case SEC_OID_PKIX_REGCTRL_REGTOKEN:
case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
/* No further processing necessary for these types. */
rv = SECSuccess;
break;
case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
/* These aren't supported yet, so no post-processing will
* be done at this time. But we don't want to fail in case
* we read in DER that has one of these options.
*/
rv = SECSuccess;
break;
case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
rv = crmf_copy_pkiarchiveoptions(NULL,
&newControl->value.archiveOptions,
&srcControl->value.archiveOptions);
break;
default:
rv = SECFailure;
}
if (rv != SECSuccess) {
goto loser;
}
return newControl;
loser:
CRMF_DestroyControl(newControl);
return NULL;
}
static SECItem *
crmf_copy_control_value(CRMFControl *inControl)
{
return SECITEM_DupItem(&inControl->derValue);
}
SECItem *
CRMF_ControlGetAuthenticatorControlValue(CRMFControl *inControl)
{
PORT_Assert(inControl != NULL);
if (inControl == NULL ||
CRMF_ControlGetControlType(inControl) != crmfAuthenticatorControl) {
return NULL;
}
return crmf_copy_control_value(inControl);
}
CRMFControlType
CRMF_ControlGetControlType(CRMFControl *inControl)
{
CRMFControlType retType;
PORT_Assert(inControl != NULL);
switch (inControl->tag) {
case SEC_OID_PKIX_REGCTRL_REGTOKEN:
retType = crmfRegTokenControl;
break;
case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
retType = crmfAuthenticatorControl;
break;
case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
retType = crmfPKIPublicationInfoControl;
break;
case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
retType = crmfPKIArchiveOptionsControl;
break;
case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
retType = crmfOldCertIDControl;
break;
case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
retType = crmfProtocolEncrKeyControl;
break;
default:
retType = crmfNoControl;
}
return retType;
}
CRMFPKIArchiveOptions *
CRMF_ControlGetPKIArchiveOptions(CRMFControl *inControl)
{
CRMFPKIArchiveOptions *newOpt = NULL;
SECStatus rv;
PORT_Assert(inControl != NULL);
if (inControl == NULL ||
CRMF_ControlGetControlType(inControl) != crmfPKIArchiveOptionsControl) {
goto loser;
}
newOpt = PORT_ZNew(CRMFPKIArchiveOptions);
if (newOpt == NULL) {
goto loser;
}
rv = crmf_copy_pkiarchiveoptions(NULL, newOpt,
&inControl->value.archiveOptions);
if (rv != SECSuccess) {
goto loser;
}
loser:
if (newOpt != NULL) {
CRMF_DestroyPKIArchiveOptions(newOpt);
}
return NULL;
}
SECItem *
CRMF_ControlGetRegTokenControlValue(CRMFControl *inControl)
{
PORT_Assert(inControl != NULL);
if (inControl == NULL ||
CRMF_ControlGetControlType(inControl) != crmfRegTokenControl) {
return NULL;
}
return crmf_copy_control_value(inControl);
;
}
CRMFCertExtension *
CRMF_CertRequestGetExtensionAtIndex(CRMFCertRequest *inCertReq,
int index)
{
int numExtensions;
PORT_Assert(inCertReq != NULL);
numExtensions = CRMF_CertRequestGetNumberOfExtensions(inCertReq);
if (index >= numExtensions || index < 0) {
return NULL;
}
return crmf_copy_cert_extension(NULL,
inCertReq->certTemplate.extensions[index]);
}