search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Import from 1.9a8 tarball
[mozilla-nss.git] / security / nss / lib / crmf / servget.c
blob85be9e556342a3cd2d4ae73d0b59a40c56db9dbc
1 /* -*- Mode: C; tab-width: 8 -*-*/
2 /* ***** BEGIN LICENSE BLOCK *****
3 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
4 *
5 * The contents of this file are subject to the Mozilla Public License Version
6 * 1.1 (the "License"); you may not use this file except in compliance with
7 * the License. You may obtain a copy of the License at
8 * http://www.mozilla.org/MPL/
9 *
10 * Software distributed under the License is distributed on an "AS IS" basis,
11 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
12 * for the specific language governing rights and limitations under the
13 * License.
14 *
15 * The Original Code is the Netscape security libraries.
16 *
17 * The Initial Developer of the Original Code is
18 * Netscape Communications Corporation.
19 * Portions created by the Initial Developer are Copyright (C) 1994-2000
20 * the Initial Developer. All Rights Reserved.
21 *
22 * Contributor(s):
23 *
24 * Alternatively, the contents of this file may be used under the terms of
25 * either the GNU General Public License Version 2 or later (the "GPL"), or
26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27 * in which case the provisions of the GPL or the LGPL are applicable instead
28 * of those above. If you wish to allow use of your version of this file only
29 * under the terms of either the GPL or the LGPL, and not to allow others to
30 * use your version of this file under the terms of the MPL, indicate your
31 * decision by deleting the provisions above and replace them with the notice
32 * and other provisions required by the GPL or the LGPL. If you do not delete
33 * the provisions above, a recipient may use your version of this file under
34 * the terms of any one of the MPL, the GPL or the LGPL.
35 *
36 * ***** END LICENSE BLOCK ***** */
37
38
39 #include "cmmf.h"
40 #include "cmmfi.h"
41 #include "secitem.h"
42 #include "keyhi.h"
43 #include "secder.h"
44
45 CRMFEncryptedKeyChoice
46 CRMF_EncryptedKeyGetChoice(CRMFEncryptedKey *inEncrKey)
47 {
48 PORT_Assert(inEncrKey != NULL);
49 if (inEncrKey == NULL) {
50 return crmfNoEncryptedKeyChoice;
51 }
52 return inEncrKey->encKeyChoice;
53 }
54
55 CRMFEncryptedValue*
56 CRMF_EncryptedKeyGetEncryptedValue(CRMFEncryptedKey *inEncrKey)
57 {
58 CRMFEncryptedValue *newEncrValue = NULL;
59 SECStatus rv;
60
61 PORT_Assert(inEncrKey != NULL);
62 if (inEncrKey == NULL ||
63 CRMF_EncryptedKeyGetChoice(inEncrKey) != crmfEncryptedValueChoice) {
64 goto loser;
65 }
66 newEncrValue = PORT_ZNew(CRMFEncryptedValue);
67 if (newEncrValue == NULL) {
68 goto loser;
69 }
70 rv = crmf_copy_encryptedvalue(NULL, &inEncrKey->value.encryptedValue,
71 newEncrValue);
72 if (rv != SECSuccess) {
73 goto loser;
74 }
75 return newEncrValue;
76 loser:
77 if (newEncrValue != NULL) {
78 CRMF_DestroyEncryptedValue(newEncrValue);
79 }
80 return NULL;
81 }
82
83 static SECItem*
84 crmf_get_encvalue_bitstring(SECItem *srcItem)
85 {
86 SECItem *newItem = NULL;
87 SECStatus rv;
88
89 if (srcItem->data == NULL) {
90 return NULL;
91 }
92 newItem = PORT_ZNew(SECItem);
93 if (newItem == NULL) {
94 goto loser;
95 }
96 rv = crmf_make_bitstring_copy(NULL, newItem, srcItem);
97 if (rv != SECSuccess) {
98 goto loser;
99 }
100 return newItem;
101 loser:
102 if (newItem != NULL) {
103 SECITEM_FreeItem(newItem, PR_TRUE);
104 }
105 return NULL;
106 }
107
108 SECItem*
109 CRMF_EncryptedValueGetEncSymmKey(CRMFEncryptedValue *inEncValue)
110 {
111 if (inEncValue == NULL) {
112 return NULL;
113 }
114 return crmf_get_encvalue_bitstring(&inEncValue->encSymmKey);
115 }
116
117 SECItem*
118 CRMF_EncryptedValueGetEncValue(CRMFEncryptedValue *inEncrValue)
119 {
120 if (inEncrValue == NULL || inEncrValue->encValue.data == NULL) {
121 return NULL;
122 }
123 return crmf_get_encvalue_bitstring(&inEncrValue->encValue);
124 }
125
126 static SECAlgorithmID*
127 crmf_get_encvalue_algid(SECAlgorithmID *srcAlg)
128 {
129 SECStatus rv;
130 SECAlgorithmID *newAlgID;
131
132 if (srcAlg == NULL) {
133 return NULL;
134 }
135 rv = crmf_copy_encryptedvalue_secalg(NULL, srcAlg, &newAlgID);
136 if (rv != SECSuccess) {
137 return NULL;
138 }
139 return newAlgID;
140 }
141
142 SECAlgorithmID*
143 CRMF_EncryptedValueGetIntendedAlg(CRMFEncryptedValue *inEncValue)
144 {
145 if (inEncValue == NULL) {
146 return NULL;
147 }
148 return crmf_get_encvalue_algid(inEncValue->intendedAlg);
149 }
150
151 SECAlgorithmID*
152 CRMF_EncryptedValueGetKeyAlg(CRMFEncryptedValue *inEncValue)
153 {
154 if (inEncValue == NULL) {
155 return NULL;
156 }
157 return crmf_get_encvalue_algid(inEncValue->keyAlg);
158 }
159
160 SECAlgorithmID*
161 CRMF_EncryptedValueGetSymmAlg(CRMFEncryptedValue *inEncValue)
162 {
163 if (inEncValue == NULL) {
164 return NULL;
165 }
166 return crmf_get_encvalue_algid(inEncValue->symmAlg);
167 }
168
169 SECItem*
170 CRMF_EncryptedValueGetValueHint(CRMFEncryptedValue *inEncValue)
171 {
172 if (inEncValue == NULL || inEncValue->valueHint.data == NULL) {
173 return NULL;
174 }
175 return SECITEM_DupItem(&inEncValue->valueHint);
176 }
177
178 SECStatus
179 CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey(CRMFPKIArchiveOptions *inOpt,
180 PRBool *destVal)
181 {
182 if (inOpt == NULL || destVal == NULL ||
183 CRMF_PKIArchiveOptionsGetOptionType(inOpt) != crmfArchiveRemGenPrivKey){
184 return SECFailure;
185 }
186 *destVal = (inOpt->option.archiveRemGenPrivKey.data[0] == hexFalse)
187 ? PR_FALSE:
188 PR_TRUE;
189 return SECSuccess;
190 }
191
192 CRMFEncryptedKey*
193 CRMF_PKIArchiveOptionsGetEncryptedPrivKey(CRMFPKIArchiveOptions *inOpts)
194 {
195 CRMFEncryptedKey *newEncrKey = NULL;
196 SECStatus rv;
197
198 PORT_Assert(inOpts != NULL);
199 if (inOpts == NULL ||
200 CRMF_PKIArchiveOptionsGetOptionType(inOpts) != crmfEncryptedPrivateKey){
201 return NULL;
202 }
203 newEncrKey = PORT_ZNew(CRMFEncryptedKey);
204 if (newEncrKey == NULL) {
205 goto loser;
206 }
207 rv = crmf_copy_encryptedkey(NULL, &inOpts->option.encryptedKey,
208 newEncrKey);
209 if (rv != SECSuccess) {
210 goto loser;
211 }
212 return newEncrKey;
213 loser:
214 if (newEncrKey != NULL) {
215 CRMF_DestroyEncryptedKey(newEncrKey);
216 }
217 return NULL;
218 }
219
220 SECItem*
221 CRMF_PKIArchiveOptionsGetKeyGenParameters(CRMFPKIArchiveOptions *inOptions)
222 {
223 if (inOptions == NULL ||
224 CRMF_PKIArchiveOptionsGetOptionType(inOptions) != crmfKeyGenParameters ||
225 inOptions->option.keyGenParameters.data == NULL) {
226 return NULL;
227 }
228 return SECITEM_DupItem(&inOptions->option.keyGenParameters);
229 }
230
231 CRMFPKIArchiveOptionsType
232 CRMF_PKIArchiveOptionsGetOptionType(CRMFPKIArchiveOptions *inOptions)
233 {
234 PORT_Assert (inOptions != NULL);
235 if (inOptions == NULL) {
236 return crmfNoArchiveOptions;
237 }
238 return inOptions->archOption;
239 }
240
241 static SECStatus
242 crmf_extract_long_from_item(SECItem *intItem, long *destLong)
243 {
244 *destLong = DER_GetInteger(intItem);
245 return (*destLong == -1) ? SECFailure : SECSuccess;
246 }
247
248 SECStatus
249 CRMF_POPOPrivGetKeySubseqMess(CRMFPOPOPrivKey *inKey,
250 CRMFSubseqMessOptions *destOpt)
251 {
252 long value;
253 SECStatus rv;
254
255 PORT_Assert(inKey != NULL);
256 if (inKey == NULL ||
257 inKey->messageChoice != crmfSubsequentMessage) {
258 return SECFailure;
259 }
260 rv = crmf_extract_long_from_item(&inKey->message.subsequentMessage,&value);
261 if (rv != SECSuccess) {
262 return SECFailure;
263 }
264 switch (value) {
265 case 0:
266 *destOpt = crmfEncrCert;
267 break;
268 case 1:
269 *destOpt = crmfChallengeResp;
270 break;
271 default:
272 rv = SECFailure;
273 }
274 if (rv != SECSuccess) {
275 return rv;
276 }
277 return SECSuccess;
278 }
279
280 CRMFPOPOPrivKeyChoice
281 CRMF_POPOPrivKeyGetChoice(CRMFPOPOPrivKey *inPrivKey)
282 {
283 PORT_Assert(inPrivKey != NULL);
284 if (inPrivKey != NULL) {
285 return inPrivKey->messageChoice;
286 }
287 return crmfNoMessage;
288 }
289
290 SECStatus
291 CRMF_POPOPrivKeyGetDHMAC(CRMFPOPOPrivKey *inKey, SECItem *destMAC)
292 {
293 PORT_Assert(inKey != NULL);
294 if (inKey == NULL || inKey->message.dhMAC.data == NULL) {
295 return SECFailure;
296 }
297 return crmf_make_bitstring_copy(NULL, destMAC, &inKey->message.dhMAC);
298 }
299
300 SECStatus
301 CRMF_POPOPrivKeyGetThisMessage(CRMFPOPOPrivKey *inKey,
302 SECItem *destString)
303 {
304 PORT_Assert(inKey != NULL);
305 if (inKey == NULL ||
306 inKey->messageChoice != crmfThisMessage) {
307 return SECFailure;
308 }
309
310 return crmf_make_bitstring_copy(NULL, destString,
311 &inKey->message.thisMessage);
312 }
313
314 SECAlgorithmID*
315 CRMF_POPOSigningKeyGetAlgID(CRMFPOPOSigningKey *inSignKey)
316 {
317 SECAlgorithmID *newAlgId = NULL;
318 SECStatus rv;
319
320 PORT_Assert(inSignKey != NULL);
321 if (inSignKey == NULL) {
322 return NULL;
323 }
324 newAlgId = PORT_ZNew(SECAlgorithmID);
325 if (newAlgId == NULL) {
326 goto loser;
327 }
328 rv = SECOID_CopyAlgorithmID(NULL, newAlgId,
329 inSignKey->algorithmIdentifier);
330 if (rv != SECSuccess) {
331 goto loser;
332 }
333 return newAlgId;
334
335 loser:
336 if (newAlgId != NULL) {
337 SECOID_DestroyAlgorithmID(newAlgId, PR_TRUE);
338 }
339 return NULL;
340 }
341
342 SECItem*
343 CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey)
344 {
345 PORT_Assert(inSignKey != NULL);
346 if (inSignKey == NULL || inSignKey->derInput.data == NULL) {
347 return NULL;
348 }
349 return SECITEM_DupItem(&inSignKey->derInput);
350 }
351
352 SECItem*
353 CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey)
354 {
355 SECItem *newSig = NULL;
356 SECStatus rv;
357
358 PORT_Assert(inSignKey != NULL);
359 if (inSignKey == NULL) {
360 return NULL;
361 }
362 newSig = PORT_ZNew(SECItem);
363 if (newSig == NULL) {
364 goto loser;
365 }
366 rv = crmf_make_bitstring_copy(NULL, newSig, &inSignKey->signature);
367 if (rv != SECSuccess) {
368 goto loser;
369 }
370 return newSig;
371 loser:
372 if (newSig != NULL) {
373 SECITEM_FreeItem(newSig, PR_TRUE);
374 }
375 return NULL;
376 }
377
378 static SECStatus
379 crmf_copy_poposigningkey(PRArenaPool *poolp,
380 CRMFPOPOSigningKey *inPopoSignKey,
381 CRMFPOPOSigningKey *destPopoSignKey)
382 {
383 SECStatus rv;
384
385 /* We don't support use of the POPOSigningKeyInput, so we'll only
386 * store away the DER encoding.
387 */
388 if (inPopoSignKey->derInput.data != NULL) {
389 rv = SECITEM_CopyItem(poolp, &destPopoSignKey->derInput,
390 &inPopoSignKey->derInput);
391 }
392 destPopoSignKey->algorithmIdentifier = (poolp == NULL) ?
393 PORT_ZNew(SECAlgorithmID) :
394 PORT_ArenaZNew(poolp, SECAlgorithmID);
395
396 if (destPopoSignKey->algorithmIdentifier == NULL) {
397 goto loser;
398 }
399 rv = SECOID_CopyAlgorithmID(poolp, destPopoSignKey->algorithmIdentifier,
400 inPopoSignKey->algorithmIdentifier);
401 if (rv != SECSuccess) {
402 goto loser;
403 }
404
405 rv = crmf_make_bitstring_copy(poolp, &destPopoSignKey->signature,
406 &inPopoSignKey->signature);
407 if (rv != SECSuccess) {
408 goto loser;
409 }
410 return SECSuccess;
411 loser:
412 if (poolp == NULL) {
413 CRMF_DestroyPOPOSigningKey(destPopoSignKey);
414 }
415 return SECFailure;
416 }
417
418 static SECStatus
419 crmf_copy_popoprivkey(PRArenaPool *poolp,
420 CRMFPOPOPrivKey *srcPrivKey,
421 CRMFPOPOPrivKey *destPrivKey)
422 {
423 SECStatus rv;
424
425 destPrivKey->messageChoice = srcPrivKey->messageChoice;
426 switch (destPrivKey->messageChoice) {
427 case crmfThisMessage:
428 case crmfDHMAC:
429 /* I've got a union, so taking the address of one, will also give
430 * me a pointer to the other (eg, message.dhMAC)
431 */
432 rv = crmf_make_bitstring_copy(poolp, &destPrivKey->message.thisMessage,
433 &srcPrivKey->message.thisMessage);
434 break;
435 case crmfSubsequentMessage:
436 rv = SECITEM_CopyItem(poolp, &destPrivKey->message.subsequentMessage,
437 &srcPrivKey->message.subsequentMessage);
438 break;
439 default:
440 rv = SECFailure;
441 }
442
443 if (rv != SECSuccess && poolp == NULL) {
444 CRMF_DestroyPOPOPrivKey(destPrivKey);
445 }
446 return rv;
447 }
448
449 static CRMFProofOfPossession*
450 crmf_copy_pop(PRArenaPool *poolp, CRMFProofOfPossession *srcPOP)
451 {
452 CRMFProofOfPossession *newPOP;
453 SECStatus rv;
454
455 /*
456 * Proof Of Possession structures are always part of the Request
457 * message, so there will always be an arena for allocating memory.
458 */
459 if (poolp == NULL) {
460 return NULL;
461 }
462 newPOP = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
463 if (newPOP == NULL) {
464 return NULL;
465 }
466 switch (srcPOP->popUsed) {
467 case crmfRAVerified:
468 newPOP->popChoice.raVerified.data = NULL;
469 newPOP->popChoice.raVerified.len = 0;
470 break;
471 case crmfSignature:
472 rv = crmf_copy_poposigningkey(poolp, &srcPOP->popChoice.signature,
473 &newPOP->popChoice.signature);
474 if (rv != SECSuccess) {
475 goto loser;
476 }
477 break;
478 case crmfKeyEncipherment:
479 case crmfKeyAgreement:
480 /* We've got a union, so a pointer to one, is a pointer to the
481 * other one.
482 */
483 rv = crmf_copy_popoprivkey(poolp, &srcPOP->popChoice.keyEncipherment,
484 &newPOP->popChoice.keyEncipherment);
485 if (rv != SECSuccess) {
486 goto loser;
487 }
488 break;
489 default:
490 goto loser;
491 }
492 newPOP->popUsed = srcPOP->popUsed;
493 return newPOP;
494
495 loser:
496 return NULL;
497 }
498
499 static CRMFCertReqMsg*
500 crmf_copy_cert_req_msg(CRMFCertReqMsg *srcReqMsg)
501 {
502 CRMFCertReqMsg *newReqMsg;
503 PRArenaPool *poolp;
504
505 poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
506 if (poolp == NULL) {
507 return NULL;
508 }
509 newReqMsg = PORT_ArenaZNew(poolp, CRMFCertReqMsg);
510 if (newReqMsg == NULL) {
511 goto loser;
512 }
513
514 newReqMsg->poolp = poolp;
515 newReqMsg->certReq = crmf_copy_cert_request(poolp, srcReqMsg->certReq);
516 if (newReqMsg->certReq == NULL) {
517 goto loser;
518 }
519 newReqMsg->pop = crmf_copy_pop(poolp, srcReqMsg->pop);
520 if (newReqMsg->pop == NULL) {
521 goto loser;
522 }
523 /* None of my set/get routines operate on the regInfo field, so
524 * for now, that won't get copied over.
525 */
526 return newReqMsg;
527
528 loser:
529 if (newReqMsg != NULL) {
530 CRMF_DestroyCertReqMsg(newReqMsg);
531 }
532 return NULL;
533 }
534
535 CRMFCertReqMsg*
536 CRMF_CertReqMessagesGetCertReqMsgAtIndex(CRMFCertReqMessages *inReqMsgs,
537 int index)
538 {
539 int numMsgs;
540
541 PORT_Assert(inReqMsgs != NULL && index >= 0);
542 if (inReqMsgs == NULL) {
543 return NULL;
544 }
545 numMsgs = CRMF_CertReqMessagesGetNumMessages(inReqMsgs);
546 if (index < 0 || index >= numMsgs) {
547 return NULL;
548 }
549 return crmf_copy_cert_req_msg(inReqMsgs->messages[index]);
550 }
551
552 int
553 CRMF_CertReqMessagesGetNumMessages(CRMFCertReqMessages *inCertReqMsgs)
554 {
555 int numMessages = 0;
556
557 PORT_Assert(inCertReqMsgs != NULL);
558 if (inCertReqMsgs == NULL) {
559 return 0;
560 }
561 while (inCertReqMsgs->messages[numMessages] != NULL) {
562 numMessages++;
563 }
564 return numMessages;
565 }
566
567 CRMFCertRequest*
568 CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg)
569 {
570 PRArenaPool *poolp = NULL;
571 CRMFCertRequest *newCertReq = NULL;
572
573 PORT_Assert(inCertReqMsg != NULL);
574
575 poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
576 if (poolp == NULL) {
577 goto loser;
578 }
579 newCertReq = crmf_copy_cert_request(poolp, inCertReqMsg->certReq);
580 if (newCertReq == NULL) {
581 goto loser;
582 }
583 newCertReq->poolp = poolp;
584 return newCertReq;
585 loser:
586 if (poolp != NULL) {
587 PORT_FreeArena(poolp, PR_FALSE);
588 }
589 return NULL;
590 }
591
592 SECStatus
593 CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg, long *destID)
594 {
595 PORT_Assert(inCertReqMsg != NULL && destID != NULL);
596 if (inCertReqMsg == NULL || inCertReqMsg->certReq == NULL) {
597 return SECFailure;
598 }
599 return crmf_extract_long_from_item(&inCertReqMsg->certReq->certReqId,
600 destID);
601 }
602
603 SECStatus
604 CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg *inCertReqMsg,
605 CRMFPOPOPrivKey **destKey)
606 {
607 PORT_Assert(inCertReqMsg != NULL && destKey != NULL);
608 if (inCertReqMsg == NULL || destKey == NULL ||
609 CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyAgreement) {
610 return SECFailure;
611 }
612 *destKey = PORT_ZNew(CRMFPOPOPrivKey);
613 if (*destKey == NULL) {
614 return SECFailure;
615 }
616 return crmf_copy_popoprivkey(NULL,
617 &inCertReqMsg->pop->popChoice.keyAgreement,
618 *destKey);
619 }
620
621 SECStatus
622 CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg,
623 CRMFPOPOPrivKey **destKey)
624 {
625 PORT_Assert(inCertReqMsg != NULL && destKey != NULL);
626 if (inCertReqMsg == NULL || destKey == NULL ||
627 CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyEncipherment) {
628 return SECFailure;
629 }
630 *destKey = PORT_ZNew(CRMFPOPOPrivKey);
631 if (destKey == NULL) {
632 return SECFailure;
633 }
634 return crmf_copy_popoprivkey(NULL,
635 &inCertReqMsg->pop->popChoice.keyEncipherment,
636 *destKey);
637 }
638
639 SECStatus
640 CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg,
641 CRMFPOPOSigningKey **destKey)
642 {
643 CRMFProofOfPossession *pop;
644 PORT_Assert(inCertReqMsg != NULL);
645 if (inCertReqMsg == NULL) {
646 return SECFailure;
647 }
648 pop = inCertReqMsg->pop;;
649 if (pop->popUsed != crmfSignature) {
650 return SECFailure;
651 }
652 *destKey = PORT_ZNew(CRMFPOPOSigningKey);
653 if (*destKey == NULL) {
654 return SECFailure;
655 }
656 return crmf_copy_poposigningkey(NULL,&pop->popChoice.signature, *destKey);
657 }
658
659 static SECStatus
660 crmf_copy_name(CERTName *destName, CERTName *srcName)
661 {
662 PRArenaPool *poolp = NULL;
663 SECStatus rv;
664
665 if (destName->arena != NULL) {
666 poolp = destName->arena;
667 } else {
668 poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
669 }
670 if (poolp == NULL) {
671 return SECFailure;
672 }
673 /* Need to do this so that CERT_CopyName doesn't free out
674 * the arena from underneath us.
675 */
676 destName->arena = NULL;
677 rv = CERT_CopyName(poolp, destName, srcName);
678 destName->arena = poolp;
679 return rv;
680 }
681
682 SECStatus
683 CRMF_CertRequestGetCertTemplateIssuer(CRMFCertRequest *inCertReq,
684 CERTName *destIssuer)
685 {
686 PORT_Assert(inCertReq != NULL);
687 if (inCertReq == NULL) {
688 return SECFailure;
689 }
690 if (CRMF_DoesRequestHaveField(inCertReq, crmfIssuer)) {
691 return crmf_copy_name(destIssuer,
692 inCertReq->certTemplate.issuer);
693 }
694 return SECFailure;
695 }
696
697 SECStatus
698 CRMF_CertRequestGetCertTemplateIssuerUID(CRMFCertRequest *inCertReq,
699 SECItem *destIssuerUID)
700 {
701 PORT_Assert(inCertReq != NULL);
702 if (inCertReq == NULL) {
703 return SECFailure;
704 }
705 if (CRMF_DoesRequestHaveField(inCertReq, crmfIssuerUID)) {
706 return crmf_make_bitstring_copy(NULL, destIssuerUID,
707 &inCertReq->certTemplate.issuerUID);
708 }
709 return SECFailure;
710 }
711
712 SECStatus
713 CRMF_CertRequestGetCertTemplatePublicKey(CRMFCertRequest *inCertReq,
714 CERTSubjectPublicKeyInfo *destPublicKey)
715 {
716 PORT_Assert (inCertReq != NULL);
717 if (inCertReq == NULL) {
718 return SECFailure;
719 }
720 if (CRMF_DoesRequestHaveField(inCertReq, crmfPublicKey)) {
721 return SECKEY_CopySubjectPublicKeyInfo(NULL, destPublicKey,
722 inCertReq->certTemplate.publicKey);
723 }
724 return SECFailure;
725 }
726
727 SECStatus
728 CRMF_CertRequestGetCertTemplateSerialNumber(CRMFCertRequest *inCertReq,
729 long *serialNumber)
730 {
731 PORT_Assert(inCertReq != NULL);
732 if (inCertReq == NULL) {
733 return SECFailure;
734 }
735 if (CRMF_DoesRequestHaveField(inCertReq, crmfSerialNumber)) {
736 return
737 crmf_extract_long_from_item(&inCertReq->certTemplate.serialNumber,
738 serialNumber);
739 }
740 return SECFailure;
741 }
742
743 SECStatus
744 CRMF_CertRequestGetCertTemplateSigningAlg(CRMFCertRequest *inCertReq,
745 SECAlgorithmID *destAlg)
746 {
747 PORT_Assert(inCertReq != NULL);
748 if (inCertReq == NULL) {
749 return SECFailure;
750 }
751 if (CRMF_DoesRequestHaveField(inCertReq, crmfSigningAlg)) {
752 return SECOID_CopyAlgorithmID(NULL, destAlg,
753 inCertReq->certTemplate.signingAlg);
754 }
755 return SECFailure;
756 }
757
758 SECStatus
759 CRMF_CertRequestGetCertTemplateSubject(CRMFCertRequest *inCertReq,
760 CERTName *destSubject)
761 {
762 PORT_Assert(inCertReq != NULL);
763 if (inCertReq == NULL) {
764 return SECFailure;
765 }
766 if (CRMF_DoesRequestHaveField(inCertReq, crmfSubject)) {
767 return crmf_copy_name(destSubject, inCertReq->certTemplate.subject);
768 }
769 return SECFailure;
770 }
771
772 SECStatus
773 CRMF_CertRequestGetCertTemplateSubjectUID(CRMFCertRequest *inCertReq,
774 SECItem *destSubjectUID)
775 {
776 PORT_Assert(inCertReq != NULL);
777 if (inCertReq == NULL) {
778 return SECFailure;
779 }
780 if (CRMF_DoesRequestHaveField(inCertReq, crmfSubjectUID)) {
781 return crmf_make_bitstring_copy(NULL, destSubjectUID,
782 &inCertReq->certTemplate.subjectUID);
783 }
784 return SECFailure;
785 }
786
787 SECStatus
788 CRMF_CertRequestGetCertTemplateVersion(CRMFCertRequest *inCertReq,
789 long *version)
790 {
791 PORT_Assert (inCertReq != NULL);
792 if (inCertReq == NULL) {
793 return SECFailure;
794 }
795 if (CRMF_DoesRequestHaveField(inCertReq, crmfVersion)) {
796 return crmf_extract_long_from_item(&inCertReq->certTemplate.version,
797 version);
798 }
799 return SECFailure;
800 }
801
802 static SECStatus
803 crmf_copy_validity(CRMFGetValidity *destValidity,
804 CRMFOptionalValidity *src)
805 {
806 SECStatus rv;
807
808 destValidity->notBefore = destValidity->notAfter = NULL;
809 if (src->notBefore.data != NULL) {
810 rv = crmf_create_prtime(&src->notBefore,
811 &destValidity->notBefore);
812 if (rv != SECSuccess) {
813 return rv;
814 }
815 }
816 if (src->notAfter.data != NULL) {
817 rv = crmf_create_prtime(&src->notAfter,
818 &destValidity->notAfter);
819 if (rv != SECSuccess) {
820 return rv;
821 }
822 }
823 return SECSuccess;
824 }
825
826 SECStatus
827 CRMF_CertRequestGetCertTemplateValidity(CRMFCertRequest *inCertReq,
828 CRMFGetValidity *destValidity)
829 {
830 PORT_Assert(inCertReq != NULL);
831 if (inCertReq == NULL) {
832 return SECFailure;
833 }
834 if (CRMF_DoesRequestHaveField(inCertReq, crmfValidity)) {
835 return crmf_copy_validity(destValidity,
836 inCertReq->certTemplate.validity);
837 }
838 return SECFailure;
839 }
840
841 CRMFControl*
842 CRMF_CertRequestGetControlAtIndex(CRMFCertRequest *inCertReq, int index)
843 {
844 CRMFControl *newControl, *srcControl;
845 int numControls;
846 SECStatus rv;
847
848 PORT_Assert(inCertReq != NULL);
849 if (inCertReq == NULL) {
850 return NULL;
851 }
852 numControls = CRMF_CertRequestGetNumControls(inCertReq);
853 if (index >= numControls || index < 0) {
854 return NULL;
855 }
856 newControl = PORT_ZNew(CRMFControl);
857 if (newControl == NULL) {
858 return NULL;
859 }
860 srcControl = inCertReq->controls[index];
861 newControl->tag = srcControl->tag;
862 rv = SECITEM_CopyItem (NULL, &newControl->derTag, &srcControl->derTag);
863 if (rv != SECSuccess) {
864 goto loser;
865 }
866
867 rv = SECITEM_CopyItem(NULL, &newControl->derValue,
868 &srcControl->derValue);
869 if (rv != SECSuccess) {
870 goto loser;
871 }
872 /* Copy over the PKIArchiveOptions stuff */
873 switch (srcControl->tag) {
874 case SEC_OID_PKIX_REGCTRL_REGTOKEN:
875 case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
876 /* No further processing necessary for these types. */
877 rv = SECSuccess;
878 break;
879 case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
880 case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
881 case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
882 /* These aren't supported yet, so no post-processing will
883 * be done at this time. But we don't want to fail in case
884 * we read in DER that has one of these options.
885 */
886 rv = SECSuccess;
887 break;
888 case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
889 rv = crmf_copy_pkiarchiveoptions(NULL,
890 &newControl->value.archiveOptions,
891 &srcControl->value.archiveOptions);
892 break;
893 default:
894 rv = SECFailure;
895 }
896 if (rv != SECSuccess) {
897 goto loser;
898 }
899 return newControl;
900 loser:
901 if (newControl != NULL) {
902 CRMF_DestroyControl(newControl);
903 }
904 return NULL;
905 }
906
907 static SECItem*
908 crmf_copy_control_value(CRMFControl *inControl)
909 {
910 return SECITEM_DupItem(&inControl->derValue);
911 }
912
913 SECItem*
914 CRMF_ControlGetAuthenticatorControlValue(CRMFControl *inControl)
915 {
916 PORT_Assert (inControl!= NULL);
917 if (inControl == NULL ||
918 CRMF_ControlGetControlType(inControl) != crmfAuthenticatorControl) {
919 return NULL;
920 }
921 return crmf_copy_control_value(inControl);
922 }
923
924 CRMFControlType
925 CRMF_ControlGetControlType(CRMFControl *inControl)
926 {
927 CRMFControlType retType;
928
929 PORT_Assert(inControl != NULL);
930 switch (inControl->tag) {
931 case SEC_OID_PKIX_REGCTRL_REGTOKEN:
932 retType = crmfRegTokenControl;
933 break;
934 case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
935 retType = crmfAuthenticatorControl;
936 break;
937 case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
938 retType = crmfPKIPublicationInfoControl;
939 break;
940 case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
941 retType = crmfPKIArchiveOptionsControl;
942 break;
943 case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
944 retType = crmfOldCertIDControl;
945 break;
946 case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
947 retType = crmfProtocolEncrKeyControl;
948 break;
949 default:
950 retType = crmfNoControl;
951 }
952 return retType;
953 }
954
955 CRMFPKIArchiveOptions*
956 CRMF_ControlGetPKIArchiveOptions(CRMFControl *inControl)
957 {
958 CRMFPKIArchiveOptions *newOpt = NULL;
959 SECStatus rv;
960
961 PORT_Assert(inControl != NULL);
962 if (inControl == NULL ||
963 CRMF_ControlGetControlType(inControl) != crmfPKIArchiveOptionsControl){
964 goto loser;
965 }
966 newOpt = PORT_ZNew(CRMFPKIArchiveOptions);
967 if (newOpt == NULL) {
968 goto loser;
969 }
970 rv = crmf_copy_pkiarchiveoptions(NULL, newOpt,
971 &inControl->value.archiveOptions);
972 if (rv != SECSuccess) {
973 goto loser;
974 }
975
976 loser:
977 if (newOpt != NULL) {
978 CRMF_DestroyPKIArchiveOptions(newOpt);
979 }
980 return NULL;
981 }
982
983 SECItem*
984 CRMF_ControlGetRegTokenControlValue(CRMFControl *inControl)
985 {
986 PORT_Assert(inControl != NULL);
987 if (inControl == NULL ||
988 CRMF_ControlGetControlType(inControl) != crmfRegTokenControl) {
989 return NULL;
990 }
991 return crmf_copy_control_value(inControl);;
992 }
993
994 CRMFCertExtension*
995 CRMF_CertRequestGetExtensionAtIndex(CRMFCertRequest *inCertReq,
996 int index)
997 {
998 int numExtensions;
999
1000 PORT_Assert(inCertReq != NULL);
1001 numExtensions = CRMF_CertRequestGetNumberOfExtensions(inCertReq);
1002 if (index >= numExtensions || index < 0) {
1003 return NULL;
1004 }
1005 return
1006 crmf_copy_cert_extension(NULL,
1007 inCertReq->certTemplate.extensions[index]);
1008 }
1009
Mozilla NSS module