search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 460926 A11y hierachy is broken on Ubuntu 8.10 (GNOME 2.24), r=Evan.Yan sr=roc
[wine-gecko.git] / security / nss / lib / certdb / polcyxtn.c
blob812f4ba6218515e2e819ced11630736c3abd2a05
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 *
23 * Alternatively, the contents of this file may be used under the terms of
24 * either the GNU General Public License Version 2 or later (the "GPL"), or
25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
34 *
35 * ***** END LICENSE BLOCK ***** */
36
37 /*
38 * Support for various policy related extensions
39 *
40 * $Id: polcyxtn.c,v 1.11 2008/02/13 04:03:19 julien.pierre.boogz%sun.com Exp $
41 */
42
43 #include "seccomon.h"
44 #include "secport.h"
45 #include "secder.h"
46 #include "cert.h"
47 #include "secoid.h"
48 #include "secasn1.h"
49 #include "secerr.h"
50 #include "nspr.h"
51
52 SEC_ASN1_MKSUB(SEC_IntegerTemplate)
53 SEC_ASN1_MKSUB(SEC_ObjectIDTemplate)
54
55 const SEC_ASN1Template CERT_DisplayTextTypeTemplate[] = {
56 { SEC_ASN1_CHOICE, offsetof(SECItem, type), 0, sizeof(SECItem) },
57 { SEC_ASN1_IA5_STRING, 0, 0, siAsciiString},
58 { SEC_ASN1_VISIBLE_STRING , 0, 0, siVisibleString},
59 { SEC_ASN1_BMP_STRING , 0, 0, siBMPString },
60 { SEC_ASN1_UTF8_STRING , 0, 0, siUTF8String },
61 { 0 }
62 };
63
64 const SEC_ASN1Template CERT_NoticeReferenceTemplate[] = {
65 { SEC_ASN1_SEQUENCE,
66 0, NULL, sizeof(CERTNoticeReference) },
67 { SEC_ASN1_INLINE,
68 offsetof(CERTNoticeReference, organization),
69 CERT_DisplayTextTypeTemplate, 0 },
70 { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN,
71 offsetof(CERTNoticeReference, noticeNumbers),
72 SEC_ASN1_SUB(SEC_IntegerTemplate) },
73 { 0 }
74 };
75
76 const SEC_ASN1Template CERT_UserNoticeTemplate[] = {
77 { SEC_ASN1_SEQUENCE,
78 0, NULL, sizeof(CERTUserNotice) },
79 { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL,
80 offsetof(CERTUserNotice, noticeReference),
81 CERT_NoticeReferenceTemplate, 0 },
82 { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL,
83 offsetof(CERTUserNotice, displayText),
84 CERT_DisplayTextTypeTemplate, 0 },
85 { 0 }
86 };
87
88 const SEC_ASN1Template CERT_PolicyQualifierTemplate[] = {
89 { SEC_ASN1_SEQUENCE,
90 0, NULL, sizeof(CERTPolicyQualifier) },
91 { SEC_ASN1_OBJECT_ID,
92 offsetof(CERTPolicyQualifier, qualifierID) },
93 { SEC_ASN1_ANY,
94 offsetof(CERTPolicyQualifier, qualifierValue) },
95 { 0 }
96 };
97
98 const SEC_ASN1Template CERT_PolicyInfoTemplate[] = {
99 { SEC_ASN1_SEQUENCE,
100 0, NULL, sizeof(CERTPolicyInfo) },
101 { SEC_ASN1_OBJECT_ID,
102 offsetof(CERTPolicyInfo, policyID) },
103 { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_OPTIONAL,
104 offsetof(CERTPolicyInfo, policyQualifiers),
105 CERT_PolicyQualifierTemplate },
106 { 0 }
107 };
108
109 const SEC_ASN1Template CERT_CertificatePoliciesTemplate[] = {
110 { SEC_ASN1_SEQUENCE_OF,
111 offsetof(CERTCertificatePolicies, policyInfos),
112 CERT_PolicyInfoTemplate, sizeof(CERTCertificatePolicies) }
113 };
114
115 const SEC_ASN1Template CERT_PolicyMapTemplate[] = {
116 { SEC_ASN1_SEQUENCE,
117 0, NULL, sizeof(CERTPolicyMap) },
118 { SEC_ASN1_OBJECT_ID,
119 offsetof(CERTPolicyMap, issuerDomainPolicy) },
120 { SEC_ASN1_OBJECT_ID,
121 offsetof(CERTPolicyMap, subjectDomainPolicy) },
122 { 0 }
123 };
124
125 const SEC_ASN1Template CERT_PolicyMappingsTemplate[] = {
126 { SEC_ASN1_SEQUENCE_OF,
127 offsetof(CERTCertificatePolicyMappings, policyMaps),
128 CERT_PolicyMapTemplate, sizeof(CERTPolicyMap) }
129 };
130
131 const SEC_ASN1Template CERT_PolicyConstraintsTemplate[] = {
132 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCertificatePolicyConstraints) },
133 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
134 offsetof(CERTCertificatePolicyConstraints, explicitPolicySkipCerts),
135 SEC_ASN1_SUB(SEC_IntegerTemplate) },
136 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
137 offsetof(CERTCertificatePolicyConstraints, inhibitMappingSkipCerts),
138 SEC_ASN1_SUB(SEC_IntegerTemplate) },
139 { 0 }
140 };
141
142 const SEC_ASN1Template CERT_InhibitAnyTemplate[] = {
143 { SEC_ASN1_INTEGER,
144 offsetof(CERTCertificateInhibitAny, inhibitAnySkipCerts),
145 NULL, sizeof(CERTCertificateInhibitAny) }
146 };
147
148 static void
149 breakLines(char *string)
150 {
151 char *tmpstr;
152 char *lastspace = NULL;
153 int curlen = 0;
154 int c;
155
156 tmpstr = string;
157
158 while ( ( c = *tmpstr ) != '\0' ) {
159 switch ( c ) {
160 case ' ':
161 lastspace = tmpstr;
162 break;
163 case '\n':
164 lastspace = NULL;
165 curlen = 0;
166 break;
167 }
168
169 if ( ( curlen >= 55 ) && ( lastspace != NULL ) ) {
170 *lastspace = '\n';
171 curlen = ( tmpstr - lastspace );
172 lastspace = NULL;
173 }
174
175 curlen++;
176 tmpstr++;
177 }
178
179 return;
180 }
181
182 CERTCertificatePolicies *
183 CERT_DecodeCertificatePoliciesExtension(SECItem *extnValue)
184 {
185 PRArenaPool *arena = NULL;
186 SECStatus rv;
187 CERTCertificatePolicies *policies;
188 CERTPolicyInfo **policyInfos, *policyInfo;
189 CERTPolicyQualifier **policyQualifiers, *policyQualifier;
190 SECItem newExtnValue;
191
192 /* make a new arena */
193 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
194
195 if ( !arena ) {
196 goto loser;
197 }
198
199 /* allocate the certificate policies structure */
200 policies = (CERTCertificatePolicies *)
201 PORT_ArenaZAlloc(arena, sizeof(CERTCertificatePolicies));
202
203 if ( policies == NULL ) {
204 goto loser;
205 }
206
207 policies->arena = arena;
208
209 /* copy the DER into the arena, since Quick DER returns data that points
210 into the DER input, which may get freed by the caller */
211 rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
212 if ( rv != SECSuccess ) {
213 goto loser;
214 }
215
216 /* decode the policy info */
217 rv = SEC_QuickDERDecodeItem(arena, policies, CERT_CertificatePoliciesTemplate,
218 &newExtnValue);
219
220 if ( rv != SECSuccess ) {
221 goto loser;
222 }
223
224 /* initialize the oid tags */
225 policyInfos = policies->policyInfos;
226 while (*policyInfos != NULL ) {
227 policyInfo = *policyInfos;
228 policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID);
229 policyQualifiers = policyInfo->policyQualifiers;
230 while ( policyQualifiers != NULL && *policyQualifiers != NULL ) {
231 policyQualifier = *policyQualifiers;
232 policyQualifier->oid =
233 SECOID_FindOIDTag(&policyQualifier->qualifierID);
234 policyQualifiers++;
235 }
236 policyInfos++;
237 }
238
239 return(policies);
240
241 loser:
242 if ( arena != NULL ) {
243 PORT_FreeArena(arena, PR_FALSE);
244 }
245
246 return(NULL);
247 }
248
249 void
250 CERT_DestroyCertificatePoliciesExtension(CERTCertificatePolicies *policies)
251 {
252 if ( policies != NULL ) {
253 PORT_FreeArena(policies->arena, PR_FALSE);
254 }
255 return;
256 }
257
258 CERTCertificatePolicyMappings *
259 CERT_DecodePolicyMappingsExtension(SECItem *extnValue)
260 {
261 PRArenaPool *arena = NULL;
262 SECStatus rv;
263 CERTCertificatePolicyMappings *mappings;
264 SECItem newExtnValue;
265
266 /* make a new arena */
267 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
268 if ( !arena ) {
269 goto loser;
270 }
271
272 /* allocate the policy mappings structure */
273 mappings = (CERTCertificatePolicyMappings *)
274 PORT_ArenaZAlloc(arena, sizeof(CERTCertificatePolicyMappings));
275 if ( mappings == NULL ) {
276 goto loser;
277 }
278 mappings->arena = arena;
279
280 /* copy the DER into the arena, since Quick DER returns data that points
281 into the DER input, which may get freed by the caller */
282 rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
283 if ( rv != SECSuccess ) {
284 goto loser;
285 }
286
287 /* decode the policy mappings */
288 rv = SEC_QuickDERDecodeItem
289 (arena, mappings, CERT_PolicyMappingsTemplate, &newExtnValue);
290 if ( rv != SECSuccess ) {
291 goto loser;
292 }
293
294 return(mappings);
295
296 loser:
297 if ( arena != NULL ) {
298 PORT_FreeArena(arena, PR_FALSE);
299 }
300
301 return(NULL);
302 }
303
304 SECStatus
305 CERT_DestroyPolicyMappingsExtension(CERTCertificatePolicyMappings *mappings)
306 {
307 if ( mappings != NULL ) {
308 PORT_FreeArena(mappings->arena, PR_FALSE);
309 }
310 return SECSuccess;
311 }
312
313 SECStatus
314 CERT_DecodePolicyConstraintsExtension
315 (CERTCertificatePolicyConstraints *decodedValue,
316 SECItem *encodedValue)
317 {
318 CERTCertificatePolicyConstraints decodeContext;
319 PRArenaPool *arena = NULL;
320 SECStatus rv = SECSuccess;
321
322 /* initialize so we can tell when an optional component is omitted */
323 PORT_Memset(&decodeContext, 0, sizeof(decodeContext));
324
325 /* make a new arena */
326 arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
327 if (!arena) {
328 return SECFailure;
329 }
330
331 do {
332 /* decode the policy constraints */
333 rv = SEC_QuickDERDecodeItem(arena,
334 &decodeContext, CERT_PolicyConstraintsTemplate, encodedValue);
335
336 if ( rv != SECSuccess ) {
337 break;
338 }
339
340 if (decodeContext.explicitPolicySkipCerts.len == 0) {
341 *(PRInt32 *)decodedValue->explicitPolicySkipCerts.data = -1;
342 } else {
343 *(PRInt32 *)decodedValue->explicitPolicySkipCerts.data =
344 DER_GetInteger(&decodeContext.explicitPolicySkipCerts);
345 }
346
347 if (decodeContext.inhibitMappingSkipCerts.len == 0) {
348 *(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data = -1;
349 } else {
350 *(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data =
351 DER_GetInteger(&decodeContext.inhibitMappingSkipCerts);
352 }
353
354 if ((*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data ==
355 PR_INT32_MIN) ||
356 (*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data ==
357 PR_INT32_MAX) ||
358 (*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data ==
359 PR_INT32_MIN) ||
360 (*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data ==
361 PR_INT32_MAX)) {
362 rv = SECFailure;
363 }
364
365 } while (0);
366
367 PORT_FreeArena(arena, PR_FALSE);
368 return(rv);
369 }
370
371 SECStatus CERT_DecodeInhibitAnyExtension
372 (CERTCertificateInhibitAny *decodedValue, SECItem *encodedValue)
373 {
374 CERTCertificateInhibitAny decodeContext;
375 PRArenaPool *arena = NULL;
376 SECStatus rv = SECSuccess;
377
378 /* make a new arena */
379 arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
380 if ( !arena ) {
381 return SECFailure;
382 }
383
384 do {
385
386 /* decode the policy mappings */
387 decodeContext.inhibitAnySkipCerts.type = siUnsignedInteger;
388 rv = SEC_QuickDERDecodeItem(arena,
389 &decodeContext, CERT_InhibitAnyTemplate, encodedValue);
390
391 if ( rv != SECSuccess ) {
392 break;
393 }
394
395 *(PRInt32 *)decodedValue->inhibitAnySkipCerts.data =
396 DER_GetInteger(&decodeContext.inhibitAnySkipCerts);
397
398 } while (0);
399
400 PORT_FreeArena(arena, PR_FALSE);
401 return(rv);
402 }
403
404 CERTUserNotice *
405 CERT_DecodeUserNotice(SECItem *noticeItem)
406 {
407 PRArenaPool *arena = NULL;
408 SECStatus rv;
409 CERTUserNotice *userNotice;
410 SECItem newNoticeItem;
411
412 /* make a new arena */
413 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
414
415 if ( !arena ) {
416 goto loser;
417 }
418
419 /* allocate the userNotice structure */
420 userNotice = (CERTUserNotice *)PORT_ArenaZAlloc(arena,
421 sizeof(CERTUserNotice));
422
423 if ( userNotice == NULL ) {
424 goto loser;
425 }
426
427 userNotice->arena = arena;
428
429 /* copy the DER into the arena, since Quick DER returns data that points
430 into the DER input, which may get freed by the caller */
431 rv = SECITEM_CopyItem(arena, &newNoticeItem, noticeItem);
432 if ( rv != SECSuccess ) {
433 goto loser;
434 }
435
436 /* decode the user notice */
437 rv = SEC_QuickDERDecodeItem(arena, userNotice, CERT_UserNoticeTemplate,
438 &newNoticeItem);
439
440 if ( rv != SECSuccess ) {
441 goto loser;
442 }
443
444 if (userNotice->derNoticeReference.data != NULL) {
445
446 rv = SEC_QuickDERDecodeItem(arena, &userNotice->noticeReference,
447 CERT_NoticeReferenceTemplate,
448 &userNotice->derNoticeReference);
449 if (rv == SECFailure) {
450 goto loser;
451 }
452 }
453
454 return(userNotice);
455
456 loser:
457 if ( arena != NULL ) {
458 PORT_FreeArena(arena, PR_FALSE);
459 }
460
461 return(NULL);
462 }
463
464 void
465 CERT_DestroyUserNotice(CERTUserNotice *userNotice)
466 {
467 if ( userNotice != NULL ) {
468 PORT_FreeArena(userNotice->arena, PR_FALSE);
469 }
470 return;
471 }
472
473 static CERTPolicyStringCallback policyStringCB = NULL;
474 static void *policyStringCBArg = NULL;
475
476 void
477 CERT_SetCAPolicyStringCallback(CERTPolicyStringCallback cb, void *cbarg)
478 {
479 policyStringCB = cb;
480 policyStringCBArg = cbarg;
481 return;
482 }
483
484 char *
485 stringFromUserNotice(SECItem *noticeItem)
486 {
487 SECItem *org;
488 unsigned int len, headerlen;
489 char *stringbuf;
490 CERTUserNotice *userNotice;
491 char *policystr;
492 char *retstr = NULL;
493 SECItem *displayText;
494 SECItem **noticeNumbers;
495 unsigned int strnum;
496
497 /* decode the user notice */
498 userNotice = CERT_DecodeUserNotice(noticeItem);
499 if ( userNotice == NULL ) {
500 return(NULL);
501 }
502
503 org = &userNotice->noticeReference.organization;
504 if ( (org->len != 0 ) && ( policyStringCB != NULL ) ) {
505 /* has a noticeReference */
506
507 /* extract the org string */
508 len = org->len;
509 stringbuf = (char*)PORT_Alloc(len + 1);
510 if ( stringbuf != NULL ) {
511 PORT_Memcpy(stringbuf, org->data, len);
512 stringbuf[len] = '\0';
513
514 noticeNumbers = userNotice->noticeReference.noticeNumbers;
515 while ( *noticeNumbers != NULL ) {
516 /* XXX - only one byte integers right now*/
517 strnum = (*noticeNumbers)->data[0];
518 policystr = (* policyStringCB)(stringbuf,
519 strnum,
520 policyStringCBArg);
521 if ( policystr != NULL ) {
522 if ( retstr != NULL ) {
523 retstr = PR_sprintf_append(retstr, "\n%s", policystr);
524 } else {
525 retstr = PR_sprintf_append(retstr, "%s", policystr);
526 }
527
528 PORT_Free(policystr);
529 }
530
531 noticeNumbers++;
532 }
533
534 PORT_Free(stringbuf);
535 }
536 }
537
538 if ( retstr == NULL ) {
539 if ( userNotice->displayText.len != 0 ) {
540 displayText = &userNotice->displayText;
541
542 if ( displayText->len > 2 ) {
543 if ( displayText->data[0] == SEC_ASN1_VISIBLE_STRING ) {
544 headerlen = 2;
545 if ( displayText->data[1] & 0x80 ) {
546 /* multibyte length */
547 headerlen += ( displayText->data[1] & 0x7f );
548 }
549
550 len = displayText->len - headerlen;
551 retstr = (char*)PORT_Alloc(len + 1);
552 if ( retstr != NULL ) {
553 PORT_Memcpy(retstr, &displayText->data[headerlen],len);
554 retstr[len] = '\0';
555 }
556 }
557 }
558 }
559 }
560
561 CERT_DestroyUserNotice(userNotice);
562
563 return(retstr);
564 }
565
566 char *
567 CERT_GetCertCommentString(CERTCertificate *cert)
568 {
569 char *retstring = NULL;
570 SECStatus rv;
571 SECItem policyItem;
572 CERTCertificatePolicies *policies = NULL;
573 CERTPolicyInfo **policyInfos;
574 CERTPolicyQualifier **policyQualifiers, *qualifier;
575
576 policyItem.data = NULL;
577
578 rv = CERT_FindCertExtension(cert, SEC_OID_X509_CERTIFICATE_POLICIES,
579 &policyItem);
580 if ( rv != SECSuccess ) {
581 goto nopolicy;
582 }
583
584 policies = CERT_DecodeCertificatePoliciesExtension(&policyItem);
585 if ( policies == NULL ) {
586 goto nopolicy;
587 }
588
589 policyInfos = policies->policyInfos;
590 /* search through policyInfos looking for the verisign policy */
591 while (*policyInfos != NULL ) {
592 if ( (*policyInfos)->oid == SEC_OID_VERISIGN_USER_NOTICES ) {
593 policyQualifiers = (*policyInfos)->policyQualifiers;
594 /* search through the policy qualifiers looking for user notice */
595 while ( policyQualifiers != NULL && *policyQualifiers != NULL ) {
596 qualifier = *policyQualifiers;
597 if ( qualifier->oid == SEC_OID_PKIX_USER_NOTICE_QUALIFIER ) {
598 retstring =
599 stringFromUserNotice(&qualifier->qualifierValue);
600 break;
601 }
602
603 policyQualifiers++;
604 }
605 break;
606 }
607 policyInfos++;
608 }
609
610 nopolicy:
611 if ( policyItem.data != NULL ) {
612 PORT_Free(policyItem.data);
613 }
614
615 if ( policies != NULL ) {
616 CERT_DestroyCertificatePoliciesExtension(policies);
617 }
618
619 if ( retstring == NULL ) {
620 retstring = CERT_FindNSStringExtension(cert,
621 SEC_OID_NS_CERT_EXT_COMMENT);
622 }
623
624 if ( retstring != NULL ) {
625 breakLines(retstring);
626 }
627
628 return(retstring);
629 }
630
631
632 const SEC_ASN1Template CERT_OidSeqTemplate[] = {
633 { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN,
634 offsetof(CERTOidSequence, oids),
635 SEC_ASN1_SUB(SEC_ObjectIDTemplate) }
636 };
637
638 CERTOidSequence *
639 CERT_DecodeOidSequence(SECItem *seqItem)
640 {
641 PRArenaPool *arena = NULL;
642 SECStatus rv;
643 CERTOidSequence *oidSeq;
644 SECItem newSeqItem;
645
646 /* make a new arena */
647 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
648
649 if ( !arena ) {
650 goto loser;
651 }
652
653 /* allocate the userNotice structure */
654 oidSeq = (CERTOidSequence *)PORT_ArenaZAlloc(arena,
655 sizeof(CERTOidSequence));
656
657 if ( oidSeq == NULL ) {
658 goto loser;
659 }
660
661 oidSeq->arena = arena;
662
663 /* copy the DER into the arena, since Quick DER returns data that points
664 into the DER input, which may get freed by the caller */
665 rv = SECITEM_CopyItem(arena, &newSeqItem, seqItem);
666 if ( rv != SECSuccess ) {
667 goto loser;
668 }
669
670 /* decode the user notice */
671 rv = SEC_QuickDERDecodeItem(arena, oidSeq, CERT_OidSeqTemplate, &newSeqItem);
672
673 if ( rv != SECSuccess ) {
674 goto loser;
675 }
676
677 return(oidSeq);
678
679 loser:
680 return(NULL);
681 }
682
683
684 void
685 CERT_DestroyOidSequence(CERTOidSequence *oidSeq)
686 {
687 if ( oidSeq != NULL ) {
688 PORT_FreeArena(oidSeq->arena, PR_FALSE);
689 }
690 return;
691 }
692
693 PRBool
694 CERT_GovtApprovedBitSet(CERTCertificate *cert)
695 {
696 SECStatus rv;
697 SECItem extItem;
698 CERTOidSequence *oidSeq = NULL;
699 PRBool ret;
700 SECItem **oids;
701 SECItem *oid;
702 SECOidTag oidTag;
703
704 extItem.data = NULL;
705 rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE, &extItem);
706 if ( rv != SECSuccess ) {
707 goto loser;
708 }
709
710 oidSeq = CERT_DecodeOidSequence(&extItem);
711 if ( oidSeq == NULL ) {
712 goto loser;
713 }
714
715 oids = oidSeq->oids;
716 while ( oids != NULL && *oids != NULL ) {
717 oid = *oids;
718
719 oidTag = SECOID_FindOIDTag(oid);
720
721 if ( oidTag == SEC_OID_NS_KEY_USAGE_GOVT_APPROVED ) {
722 goto success;
723 }
724
725 oids++;
726 }
727
728 loser:
729 ret = PR_FALSE;
730 goto done;
731 success:
732 ret = PR_TRUE;
733 done:
734 if ( oidSeq != NULL ) {
735 CERT_DestroyOidSequence(oidSeq);
736 }
737 if (extItem.data != NULL) {
738 PORT_Free(extItem.data);
739 }
740 return(ret);
741 }
742
743
744 SECStatus
745 CERT_EncodePolicyConstraintsExtension(PRArenaPool *arena,
746 CERTCertificatePolicyConstraints *constr,
747 SECItem *dest)
748 {
749 SECStatus rv = SECSuccess;
750
751 PORT_Assert(constr != NULL && dest != NULL);
752 if (constr == NULL || dest == NULL) {
753 return SECFailure;
754 }
755
756 if (SEC_ASN1EncodeItem (arena, dest, constr,
757 CERT_PolicyConstraintsTemplate) == NULL) {
758 rv = SECFailure;
759 }
760 return(rv);
761 }
762
763 SECStatus
764 CERT_EncodePolicyMappingExtension(PRArenaPool *arena,
765 CERTCertificatePolicyMappings *mapping,
766 SECItem *dest)
767 {
768 SECStatus rv = SECSuccess;
769
770 PORT_Assert(mapping != NULL && dest != NULL);
771 if (mapping == NULL || dest == NULL) {
772 return SECFailure;
773 }
774
775 if (SEC_ASN1EncodeItem (arena, dest, mapping,
776 CERT_PolicyMappingsTemplate) == NULL) {
777 rv = SECFailure;
778 }
779 return(rv);
780 }
781
782
783
784 SECStatus
785 CERT_EncodeCertPoliciesExtension(PRArenaPool *arena,
786 CERTPolicyInfo **info,
787 SECItem *dest)
788 {
789 SECStatus rv = SECSuccess;
790
791 PORT_Assert(info != NULL && dest != NULL);
792 if (info == NULL || dest == NULL) {
793 return SECFailure;
794 }
795
796 if (SEC_ASN1EncodeItem (arena, dest, info,
797 CERT_CertificatePoliciesTemplate) == NULL) {
798 rv = SECFailure;
799 }
800 return(rv);
801 }
802
803 SECStatus
804 CERT_EncodeUserNotice(PRArenaPool *arena,
805 CERTUserNotice *notice,
806 SECItem *dest)
807 {
808 SECStatus rv = SECSuccess;
809
810 PORT_Assert(notice != NULL && dest != NULL);
811 if (notice == NULL || dest == NULL) {
812 return SECFailure;
813 }
814
815 if (SEC_ASN1EncodeItem(arena, dest,
816 notice, CERT_UserNoticeTemplate) == NULL) {
817 rv = SECFailure;
818 }
819
820 return(rv);
821 }
822
823 SECStatus
824 CERT_EncodeNoticeReference(PRArenaPool *arena,
825 CERTNoticeReference *reference,
826 SECItem *dest)
827 {
828 SECStatus rv = SECSuccess;
829
830 PORT_Assert(reference != NULL && dest != NULL);
831 if (reference == NULL || dest == NULL) {
832 return SECFailure;
833 }
834
835 if (SEC_ASN1EncodeItem (arena, dest, reference,
836 CERT_NoticeReferenceTemplate) == NULL) {
837 rv = SECFailure;
838 }
839
840 return(rv);
841 }
842
843 SECStatus
844 CERT_EncodeInhibitAnyExtension(PRArenaPool *arena,
845 CERTCertificateInhibitAny *certInhibitAny,
846 SECItem *dest)
847 {
848 SECStatus rv = SECSuccess;
849
850 PORT_Assert(certInhibitAny != NULL && dest != NULL);
851 if (certInhibitAny == NULL || dest == NULL) {
852 return SECFailure;
853 }
854
855 if (SEC_ASN1EncodeItem (arena, dest, certInhibitAny,
856 CERT_InhibitAnyTemplate) == NULL) {
857 rv = SECFailure;
858 }
859 return(rv);
860 }
Wine Gecko package