pjs/security/nss/lib/certdb/secname.c

642 строки
15 KiB
C

/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "cert.h"
#include "secoid.h"
#include "secder.h" /* XXX remove this when remove the DERTemplates */
#include "secasn1.h"
#include "secitem.h"
#include <stdarg.h>
#include "secerr.h"
static const SEC_ASN1Template cert_AVATemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(CERTAVA) },
{ SEC_ASN1_OBJECT_ID,
offsetof(CERTAVA,type), },
{ SEC_ASN1_ANY,
offsetof(CERTAVA,value), },
{ 0, }
};
const SEC_ASN1Template CERT_RDNTemplate[] = {
{ SEC_ASN1_SET_OF,
offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) }
};
static int
CountArray(void **array)
{
int count = 0;
if (array) {
while (*array++) {
count++;
}
}
return count;
}
static void
**AddToArray(PRArenaPool *arena, void **array, void *element)
{
unsigned count;
void **ap;
/* Count up number of slots already in use in the array */
count = 0;
ap = array;
if (ap) {
while (*ap++) {
count++;
}
}
if (array) {
array = (void**) PORT_ArenaGrow(arena, array,
(count + 1) * sizeof(void *),
(count + 2) * sizeof(void *));
} else {
array = (void**) PORT_ArenaAlloc(arena, (count + 2) * sizeof(void *));
}
if (array) {
array[count] = element;
array[count+1] = 0;
}
return array;
}
#if 0
static void
**RemoveFromArray(void **array, void *element)
{
unsigned count;
void **ap;
int slot;
/* Look for element */
ap = array;
if (ap) {
count = 1; /* count the null at the end */
slot = -1;
for (; *ap; ap++, count++) {
if (*ap == element) {
/* Found it */
slot = ap - array;
}
}
if (slot >= 0) {
/* Found it. Squish array down */
PORT_Memmove((void*) (array + slot), (void*) (array + slot + 1),
(count - slot - 1) * sizeof(void*));
/* Don't bother reallocing the memory */
}
}
return array;
}
#endif /* 0 */
SECOidTag
CERT_GetAVATag(CERTAVA *ava)
{
SECOidData *oid;
if (!ava->type.data) return (SECOidTag)-1;
oid = SECOID_FindOID(&ava->type);
if ( oid ) {
return(oid->offset);
}
return (SECOidTag)-1;
}
static SECStatus
SetupAVAType(PRArenaPool *arena, SECOidTag type, SECItem *it, unsigned *maxLenp)
{
unsigned char *oid;
unsigned oidLen;
unsigned char *cp;
unsigned maxLen;
SECOidData *oidrec;
oidrec = SECOID_FindOIDByTag(type);
if (oidrec == NULL)
return SECFailure;
oid = oidrec->oid.data;
oidLen = oidrec->oid.len;
switch (type) {
case SEC_OID_AVA_COUNTRY_NAME:
maxLen = 2;
break;
case SEC_OID_AVA_ORGANIZATION_NAME:
maxLen = 64;
break;
case SEC_OID_AVA_COMMON_NAME:
maxLen = 64;
break;
case SEC_OID_AVA_LOCALITY:
maxLen = 128;
break;
case SEC_OID_AVA_STATE_OR_PROVINCE:
maxLen = 128;
break;
case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME:
maxLen = 64;
break;
case SEC_OID_AVA_DC:
maxLen = 128;
break;
case SEC_OID_AVA_DN_QUALIFIER:
maxLen = 0x7fff;
break;
case SEC_OID_PKCS9_EMAIL_ADDRESS:
maxLen = 128;
break;
case SEC_OID_RFC1274_UID:
maxLen = 256; /* RFC 1274 specifies 256 */
break;
case SEC_OID_RFC1274_MAIL:
maxLen = 256; /* RFC 1274 specifies 256 */
break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
it->data = cp = (unsigned char*) PORT_ArenaAlloc(arena, oidLen);
if (cp == NULL) {
return SECFailure;
}
it->len = oidLen;
PORT_Memcpy(cp, oid, oidLen);
*maxLenp = maxLen;
return SECSuccess;
}
static SECStatus
SetupAVAValue(PRArenaPool *arena, int valueType, char *value, SECItem *it,
unsigned maxLen)
{
unsigned valueLen, valueLenLen, total;
unsigned ucs4Len = 0, ucs4MaxLen;
unsigned char *cp, *ucs4Val;
switch (valueType) {
case SEC_ASN1_PRINTABLE_STRING:
case SEC_ASN1_IA5_STRING:
case SEC_ASN1_T61_STRING:
valueLen = PORT_Strlen(value);
break;
case SEC_ASN1_UNIVERSAL_STRING:
valueLen = PORT_Strlen(value);
ucs4Val = (unsigned char *)PORT_ArenaZAlloc(arena,
PORT_Strlen(value) * 6);
ucs4MaxLen = PORT_Strlen(value) * 6;
if(!ucs4Val || !PORT_UCS4_UTF8Conversion(PR_TRUE, (unsigned char *)value, valueLen,
ucs4Val, ucs4MaxLen, &ucs4Len)) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
value = (char *)ucs4Val;
valueLen = ucs4Len;
break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
if (((valueType != SEC_ASN1_UNIVERSAL_STRING) && (valueLen > maxLen)) ||
((valueType == SEC_ASN1_UNIVERSAL_STRING) && (valueLen > (maxLen * 4)))) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
valueLenLen = DER_LengthLength(valueLen);
total = 1 + valueLenLen + valueLen;
it->data = cp = (unsigned char*) PORT_ArenaAlloc(arena, total);
if (!cp) {
return SECFailure;
}
it->len = total;
cp = (unsigned char*) DER_StoreHeader(cp, valueType, valueLen);
PORT_Memcpy(cp, value, valueLen);
return SECSuccess;
}
CERTAVA *
CERT_CreateAVA(PRArenaPool *arena, SECOidTag kind, int valueType, char *value)
{
CERTAVA *ava;
int rv;
unsigned maxLen;
ava = (CERTAVA*) PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
if (ava) {
rv = SetupAVAType(arena, kind, &ava->type, &maxLen);
if (rv) {
/* Illegal AVA type */
return 0;
}
rv = SetupAVAValue(arena, valueType, value, &ava->value, maxLen);
if (rv) {
/* Illegal value type */
return 0;
}
}
return ava;
}
CERTAVA *
CERT_CopyAVA(PRArenaPool *arena, CERTAVA *from)
{
CERTAVA *ava;
int rv;
ava = (CERTAVA*) PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
if (ava) {
rv = SECITEM_CopyItem(arena, &ava->type, &from->type);
if (rv) goto loser;
rv = SECITEM_CopyItem(arena, &ava->value, &from->value);
if (rv) goto loser;
}
return ava;
loser:
return 0;
}
/************************************************************************/
/* XXX This template needs to go away in favor of the new SEC_ASN1 version. */
static const SEC_ASN1Template cert_RDNTemplate[] = {
{ SEC_ASN1_SET_OF,
offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) }
};
CERTRDN *
CERT_CreateRDN(PRArenaPool *arena, CERTAVA *ava0, ...)
{
CERTAVA *ava;
CERTRDN *rdn;
va_list ap;
unsigned count;
CERTAVA **avap;
rdn = (CERTRDN*) PORT_ArenaAlloc(arena, sizeof(CERTRDN));
if (rdn) {
/* Count number of avas going into the rdn */
count = 1;
va_start(ap, ava0);
while ((ava = va_arg(ap, CERTAVA*)) != 0) {
count++;
}
va_end(ap);
/* Now fill in the pointers */
rdn->avas = avap =
(CERTAVA**) PORT_ArenaAlloc( arena, (count + 1)*sizeof(CERTAVA*));
if (!avap) {
return 0;
}
*avap++ = ava0;
va_start(ap, ava0);
while ((ava = va_arg(ap, CERTAVA*)) != 0) {
*avap++ = ava;
}
va_end(ap);
*avap++ = 0;
}
return rdn;
}
SECStatus
CERT_AddAVA(PRArenaPool *arena, CERTRDN *rdn, CERTAVA *ava)
{
rdn->avas = (CERTAVA**) AddToArray(arena, (void**) rdn->avas, ava);
return rdn->avas ? SECSuccess : SECFailure;
}
SECStatus
CERT_CopyRDN(PRArenaPool *arena, CERTRDN *to, CERTRDN *from)
{
CERTAVA **avas, *fava, *tava;
SECStatus rv;
/* Copy each ava from from */
avas = from->avas;
while ((fava = *avas++) != 0) {
tava = CERT_CopyAVA(arena, fava);
if (!tava) return SECFailure;
rv = CERT_AddAVA(arena, to, tava);
if (rv) return rv;
}
return SECSuccess;
}
/************************************************************************/
const SEC_ASN1Template CERT_NameTemplate[] = {
{ SEC_ASN1_SEQUENCE_OF,
offsetof(CERTName,rdns), CERT_RDNTemplate, sizeof(CERTName) }
};
SEC_ASN1_CHOOSER_IMPLEMENT(CERT_NameTemplate)
CERTName *
CERT_CreateName(CERTRDN *rdn0, ...)
{
CERTRDN *rdn;
CERTName *name;
va_list ap;
unsigned count;
CERTRDN **rdnp;
PRArenaPool *arena;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( !arena ) {
return(0);
}
name = (CERTName*) PORT_ArenaAlloc(arena, sizeof(CERTName));
if (name) {
name->arena = arena;
/* Count number of RDNs going into the Name */
if (!rdn0) {
count = 0;
} else {
count = 1;
va_start(ap, rdn0);
while ((rdn = va_arg(ap, CERTRDN*)) != 0) {
count++;
}
va_end(ap);
}
/* Allocate space (including space for terminal null ptr) */
name->rdns = rdnp =
(CERTRDN**) PORT_ArenaAlloc(arena, (count + 1) * sizeof(CERTRDN*));
if (!name->rdns) {
goto loser;
}
/* Now fill in the pointers */
if (count > 0) {
*rdnp++ = rdn0;
va_start(ap, rdn0);
while ((rdn = va_arg(ap, CERTRDN*)) != 0) {
*rdnp++ = rdn;
}
va_end(ap);
}
/* null terminate the list */
*rdnp++ = 0;
}
return name;
loser:
PORT_FreeArena(arena, PR_FALSE);
return(0);
}
void
CERT_DestroyName(CERTName *name)
{
if (name)
{
PRArenaPool *arena = name->arena;
name->rdns = NULL;
name->arena = NULL;
if (arena) PORT_FreeArena(arena, PR_FALSE);
}
}
SECStatus
CERT_AddRDN(CERTName *name, CERTRDN *rdn)
{
name->rdns = (CERTRDN**) AddToArray(name->arena, (void**) name->rdns, rdn);
return name->rdns ? SECSuccess : SECFailure;
}
SECStatus
CERT_CopyName(PRArenaPool *arena, CERTName *to, CERTName *from)
{
CERTRDN **rdns, *frdn, *trdn;
SECStatus rv;
CERT_DestroyName(to);
to->arena = arena;
/* Copy each rdn from from */
rdns = from->rdns;
while ((frdn = *rdns++) != 0) {
trdn = CERT_CreateRDN(arena, 0);
if ( trdn == NULL ) {
return(SECFailure);
}
rv = CERT_CopyRDN(arena, trdn, frdn);
if (rv) return rv;
rv = CERT_AddRDN(to, trdn);
if (rv) return rv;
}
return SECSuccess;
}
/************************************************************************/
SECComparison
CERT_CompareAVA(CERTAVA *a, CERTAVA *b)
{
SECComparison rv;
rv = SECITEM_CompareItem(&a->type, &b->type);
if (rv) {
/*
** XXX for now we are going to just assume that a bitwise
** comparison of the value codes will do the trick.
*/
}
rv = SECITEM_CompareItem(&a->value, &b->value);
return rv;
}
SECComparison
CERT_CompareRDN(CERTRDN *a, CERTRDN *b)
{
CERTAVA **aavas, *aava;
CERTAVA **bavas, *bava;
int ac, bc;
SECComparison rv = SECEqual;
aavas = a->avas;
bavas = b->avas;
/*
** Make sure array of ava's are the same length. If not, then we are
** not equal
*/
ac = CountArray((void**) aavas);
bc = CountArray((void**) bavas);
if (ac < bc) return SECLessThan;
if (ac > bc) return SECGreaterThan;
for (;;) {
aava = *aavas++;
bava = *bavas++;
if (!aava) {
break;
}
rv = CERT_CompareAVA(aava, bava);
if (rv) return rv;
}
return rv;
}
SECComparison
CERT_CompareName(CERTName *a, CERTName *b)
{
CERTRDN **ardns, *ardn;
CERTRDN **brdns, *brdn;
int ac, bc;
SECComparison rv = SECEqual;
ardns = a->rdns;
brdns = b->rdns;
/*
** Make sure array of rdn's are the same length. If not, then we are
** not equal
*/
ac = CountArray((void**) ardns);
bc = CountArray((void**) brdns);
if (ac < bc) return SECLessThan;
if (ac > bc) return SECGreaterThan;
for (;;) {
ardn = *ardns++;
brdn = *brdns++;
if (!ardn) {
break;
}
rv = CERT_CompareRDN(ardn, brdn);
if (rv) return rv;
}
return rv;
}
/* Moved from certhtml.c */
SECItem *
CERT_DecodeAVAValue(SECItem *derAVAValue)
{
SECItem *retItem;
const SEC_ASN1Template *theTemplate = NULL;
PRBool convertUCS4toUTF8 = PR_FALSE;
PRBool convertUCS2toUTF8 = PR_FALSE;
SECItem avaValue = {siBuffer, 0};
if(!derAVAValue) {
return NULL;
}
switch(derAVAValue->data[0]) {
case SEC_ASN1_UNIVERSAL_STRING:
convertUCS4toUTF8 = PR_TRUE;
theTemplate = SEC_UniversalStringTemplate;
break;
case SEC_ASN1_IA5_STRING:
theTemplate = SEC_IA5StringTemplate;
break;
case SEC_ASN1_PRINTABLE_STRING:
theTemplate = SEC_PrintableStringTemplate;
break;
case SEC_ASN1_T61_STRING:
theTemplate = SEC_T61StringTemplate;
break;
case SEC_ASN1_BMP_STRING:
convertUCS2toUTF8 = PR_TRUE;
theTemplate = SEC_BMPStringTemplate;
break;
case SEC_ASN1_UTF8_STRING:
/* No conversion needed ! */
theTemplate = SEC_UTF8StringTemplate;
break;
default:
return NULL;
}
PORT_Memset(&avaValue, 0, sizeof(SECItem));
if(SEC_ASN1DecodeItem(NULL, &avaValue, theTemplate, derAVAValue)
!= SECSuccess) {
return NULL;
}
if (convertUCS4toUTF8) {
unsigned int utf8ValLen = avaValue.len * 3;
unsigned char *utf8Val = (unsigned char*)PORT_ZAlloc(utf8ValLen);
if(!PORT_UCS4_UTF8Conversion(PR_FALSE, avaValue.data, avaValue.len,
utf8Val, utf8ValLen, &utf8ValLen)) {
PORT_Free(utf8Val);
PORT_Free(avaValue.data);
return NULL;
}
PORT_Free(avaValue.data);
avaValue.data = utf8Val;
avaValue.len = utf8ValLen;
} else if (convertUCS2toUTF8) {
unsigned int utf8ValLen = avaValue.len * 3;
unsigned char *utf8Val = (unsigned char*)PORT_ZAlloc(utf8ValLen);
if(!PORT_UCS2_UTF8Conversion(PR_FALSE, avaValue.data, avaValue.len,
utf8Val, utf8ValLen, &utf8ValLen)) {
PORT_Free(utf8Val);
PORT_Free(avaValue.data);
return NULL;
}
PORT_Free(avaValue.data);
avaValue.data = utf8Val;
avaValue.len = utf8ValLen;
}
retItem = SECITEM_DupItem(&avaValue);
PORT_Free(avaValue.data);
return retItem;
}