certcgi.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 2,362 行 · 第 1/5 页

	write = temp;
	remaining = length;
    }
    *(oidString + oidLength) = '\0';
    oid = (SECItem *) PORT_ZAlloc(sizeof(SECItem));
    oid->data = oidString;
    oid->len  = oidLength;
    PORT_Free(temp);
    return oid;
}

static SECItem *
string_to_ipaddress(char *string)
{
    int      i = 0;
    int      value;
    int      j = 0;
    SECItem  *ipaddress;
    

    while (*string == ' ') {
	string++;
    }
    ipaddress = (SECItem *) PORT_ZAlloc(sizeof(SECItem));
    ipaddress->data = PORT_ZAlloc(9);
    while (*string != '\0' && j < 8) {
	while (isdigit(*(string + i))) {
	    i++;
	}
	if (*(string + i) == '.') {
	    *(string + i) = '\0';
	    value = atoi(string);
	    string = string + i + 1;
	    i = 0;
	} else {
	    if (*(string + i) == '\0') {
		value = atoi(string);
		string = string + i;
		i = 0;
	    } else {
		*(string + i) = '\0';
		while (*(string + i) == ' ') {
		    i++;
		}
		if (*(string + i) == '\0') {
		    value = atoi(string);
		    string = string + i;
		    i = 0;
		} else {
		    error_out("ERROR: Improperly formated IP Address");
		}
	    }
	}
	if (value >= 0 || value < 256) {
	    *(ipaddress->data + j) = value;
	} else {
	    error_out("ERROR: Improperly formated IP Address");
	}
	j++;
    }
    *(ipaddress->data + j) = '\0';
    if (j != 4 && j != 8) {
	error_out("ERROR: Improperly formated IP Address");
    }
    ipaddress->len = j;
    return ipaddress;
}

static SECItem *
string_to_binary(char  *string)
{
    SECItem            *rv;
    int                high_digit;
    int                low_digit;

    rv = (SECItem *) PORT_ZAlloc(sizeof(SECItem));
    if (rv == NULL) {
	error_allocate();
    }
    rv->data = (unsigned char *) PORT_ZAlloc((PORT_Strlen(string))/3 + 2);
    while (!isxdigit(*string)) {
	string++;
    }
    rv->len = 0;
    while (*string != '\0') {
	if (isxdigit(*string)) {
	    if (*string >= '0' && *string <= '9') {
		high_digit = *string - '0';
	    } else {
		*string = toupper(*string);
		high_digit = *string - 'A';
	    }
	    string++;
	    if (*string >= '0' && *string <= '9') {
		low_digit = *string - '0';
	    } else {
		*string = toupper(*string);
		low_digit = *string = 'A';
	    }
	    (rv->len)++;
	} else {
	    if (*string == ':') {
		string++;
	    } else {
		if (*string == ' ') {
		    while (*string == ' ') {
			string++;
		    }
		}
		if (*string != '\0') {
		    error_out("ERROR: Improperly formated binary encoding");
		}
	    }
	} 
    }

    return rv;
}

static SECStatus
MakeGeneralName(char             *name, 
		CERTGeneralName  *genName,
		PRArenaPool      *arena)
{
    SECItem                      *oid;
    SECOidData                   *oidData;
    SECItem                      *ipaddress;
    SECItem                      *temp = NULL;
    int                          i;
    int                          nameType;
    PRBool                       binary = PR_FALSE;
    SECStatus                    rv = SECSuccess;
    PRBool                       nickname;

    PORT_Assert(genName);
    PORT_Assert(arena);
    nameType = *(name + PORT_Strlen(name) - 1) - '0';
    if (nameType == 0  && *(name +PORT_Strlen(name) - 2) == '1') {
	nickname = PR_TRUE;
	nameType = certOtherName;
    }
    if (nameType < 1 || nameType > 9) {
	error_out("ERROR: Unknown General Name Type");
    }
    *(name + PORT_Strlen(name) - 4) = '\0';
    genName->type = nameType;
    
    switch (genName->type) {
      case certURI:
      case certRFC822Name:
      case certDNSName: {
	  genName->name.other.data = (unsigned char *)name;
	  genName->name.other.len = PORT_Strlen(name);
	  break;
      }
      
      case certIPAddress: {
	  ipaddress = string_to_ipaddress(name);
	  genName->name.other.data = ipaddress->data;
	  genName->name.other.len = ipaddress->len;
	  break;
      }
      
      case certRegisterID: {
	  oid = string_to_oid(name);
	  genName->name.other.data = oid->data;
	  genName->name.other.len = oid->len;
	  break;
      }
      
      case certEDIPartyName:
      case certX400Address: {
	  
	  genName->name.other.data = PORT_ArenaAlloc (arena, 
						      PORT_Strlen (name) + 2);
	  if (genName->name.other.data == NULL) {
	      error_allocate();
	  }
	  
	  PORT_Memcpy (genName->name.other.data + 2, name, PORT_Strlen (name));
	  /* This may not be accurate for all cases.  
	     For now, use this tag type */
	  genName->name.other.data[0] = (char)(((genName->type - 1) & 
						0x1f)| 0x80);
	  genName->name.other.data[1] = (char)PORT_Strlen (name);
	  genName->name.other.len = PORT_Strlen (name) + 2;
	  break;
      }
      
      case certOtherName: {
	  i = 0;
	  if (!nickname) {
	      while (!isdigit(*(name + PORT_Strlen(name) - i))) {
		  i++;
	      }
	      if (*(name + PORT_Strlen(name) - i) == '1') {
		  binary = PR_TRUE;
	      } else {
		  binary = PR_FALSE;
	      }  
	      while (*(name + PORT_Strlen(name) - i) != '-') {
		  i++;
	      }
	      *(name + PORT_Strlen(name) - i - 1) = '\0';
	      i = 0;
	      while (*(name + i) != '-') {
		  i++;
	      }
	      *(name + i - 1) = '\0';
	      oid = string_to_oid(name + i + 2);
	  } else {
	      oidData = SECOID_FindOIDByTag(SEC_OID_NETSCAPE_NICKNAME);
	      oid = &oidData->oid;
	      while (*(name + PORT_Strlen(name) - i) != '-') {
		  i++;
	      }
	      *(name + PORT_Strlen(name) - i) = '\0';
	  }
	  genName->name.OthName.oid.data = oid->data;
	  genName->name.OthName.oid.len  = oid->len;
	  if (binary) {
	      temp = string_to_binary(name);
	      genName->name.OthName.name.data = temp->data;
	      genName->name.OthName.name.len = temp->len;
	  } else {
	      temp = (SECItem *) PORT_ZAlloc(sizeof(SECItem));
	      if (temp == NULL) {
		  error_allocate();
	      }
	      temp->data = (unsigned char *)name;
	      temp->len = PORT_Strlen(name);
	      SEC_ASN1EncodeItem (arena, &(genName->name.OthName.name), temp,
				  CERTIA5TypeTemplate);
	  }
	  PORT_Free(temp);
	  break;
      }
      
      case certDirectoryName: {
	  CERTName *directoryName = NULL;
	  
	  directoryName = CERT_AsciiToName (name);
	  if (!directoryName) {
	      error_out("ERROR: Improperly formated alternative name");
	      break;
	  }
	  rv = CERT_CopyName (arena, &genName->name.directoryName, 
			      directoryName);
	  CERT_DestroyName (directoryName);
	  
	  break;
      }
    }
    genName->l.next = &(genName->l);
    genName->l.prev = &(genName->l);
    return rv;
}


static CERTGeneralName *
MakeAltName(Pair             *data, 
	    char             *which, 
	    PRArenaPool      *arena)
{
    CERTGeneralName          *SubAltName;
    CERTGeneralName          *current;
    CERTGeneralName          *newname;
    char                     *name = NULL;
    SECStatus                rv = SECSuccess;
    int                      len;
    

    len = PORT_Strlen(which);
    name = find_field(data, which, PR_TRUE);
    SubAltName = current = (CERTGeneralName *) PORT_ZAlloc
	                                        (sizeof(CERTGeneralName));
    if (current == NULL) {
	error_allocate();
    }
    while (name != NULL) {

	rv = MakeGeneralName(name, current, arena);

	if (rv != SECSuccess) {
	    break;
	}
	if (*(which + len -1) < '9') {
	    *(which + len - 1) = *(which + len - 1) + 1;
	} else {
	    if (isdigit(*(which + len - 2) )) {
		*(which + len - 2) = *(which + len - 2) + 1;
		*(which + len - 1) = '0';
	    } else {
		*(which + len - 1) = '1';
		*(which + len) = '0';
		*(which + len + 1) = '\0';
		len++;
	    }
	}
	len = PORT_Strlen(which);
	name = find_field(data, which, PR_TRUE);
	if (name != NULL) {
	    newname = (CERTGeneralName *) PORT_ZAlloc(sizeof(CERTGeneralName));
	    if (newname == NULL) {
		error_allocate();
	    }
	    current->l.next = &(newname->l);
	    newname->l.prev = &(current->l);
	    current = newname;
            newname = NULL;
	} else {
	    current->l.next = &(SubAltName->l);
	    SubAltName->l.prev = &(current->l);
	}
    }
    if (rv == SECFailure) {
	return NULL;
    }
    return SubAltName;
}

static CERTNameConstraints *
MakeNameConstraints(Pair             *data, 
		    PRArenaPool      *arena)
{
    CERTNameConstraints      *NameConstraints;
    CERTNameConstraint       *current = NULL;
    CERTNameConstraint       *last_permited = NULL;
    CERTNameConstraint       *last_excluded = NULL;
    char                     *constraint = NULL;
    char                     *which;
    SECStatus                rv = SECSuccess;
    int                      len;
    int                      i;
    long                     max;
    long                     min;
    PRBool                   permited;
    

    NameConstraints = (CERTNameConstraints *) PORT_ZAlloc
	                            (sizeof(CERTNameConstraints));
    which = make_copy_string("NameConstraintSelect0", 25,'\0');
    len = PORT_Strlen(which);
    constraint = find_field(data, which, PR_TRUE);
    NameConstraints->permited = NameConstraints->excluded = NULL;
    while (constraint != NULL) {
	current = (CERTNameConstraint *) PORT_ZAlloc
	                       (sizeof(CERTNameConstraint));
	if (current == NULL) {
	    error_allocate();
	}
	i = 0;
	while (*(constraint + PORT_Strlen(constraint) - i) != '-') {
	    i++;
	}
        *(constraint + PORT_Strlen(constraint) - i - 1) = '\0'; 
	max = (long) atoi(constraint + PORT_Strlen(constraint) + 3);
	if (max > 0) {
	    (void) SEC_ASN1EncodeInteger(arena, &current->max, max);
	}
	i = 0;
	while (*(constraint + PORT_Strlen(constraint) - i) != '-') {
	    i++;
	}
        *(constraint + PORT_Strlen(constraint) - i - 1) = '\0';
	min = (long) atoi(constraint + PORT_Strlen(constraint) + 3);
	(void) SEC_ASN1EncodeInteger(arena, &current->min, min);
	while (*(constraint + PORT_Strlen(constraint) - i) != '-') {
	    i++;
	}
        *(constraint + PORT_Strlen(constraint) - i - 1) = '\0';
	if (*(constraint + PORT_Strlen(constraint) + 3) == 'p') {
	    permited = PR_TRUE;
	} else {
	    permited = PR_FALSE;
	}
	rv = MakeGeneralName(constraint, &(current->name), arena);

	if (rv != SECSuccess) {
	    break;
	}
	if (*(which + len - 1) < '9') {
	    *(which + len - 1) = *(which + len - 1) + 1;
	} else {
	    if (isdigit(*(which + len - 2) )) {
		*(which + len - 2) = *(which + len - 2) + 1;
		*(which + len - 1) = '0';
	    } else {
		*(which + len - 1) = '1';
		*(which + len) = '0';
		*(which + len + 1) = '\0';
		len++;
	    }
	}
	len = PORT_Strlen(which);
	if (permited) {
	    if (NameConstraints->permited == NULL) {
		NameConstraints->permited = last_permited = current;
	    }
	    last_permited->l.next = &(current->l);
	    current->l.prev = &(last_permited->l);
	    last_permited = current;
	} else {
	    if (NameConstraints->excluded == NULL) {
		NameConstraints->excluded = last_excluded = current;
	    }
	    last_excluded->l.next = &(current->l);
	    current->l.prev = &(last_excluded->l);
	    last_excluded = current;
	}
	constraint = find_field(data, which, PR_TRUE);
	if (constraint != NULL) {
	    current = (CERTNameConstraint *) PORT_ZAlloc(sizeof(CERTNameConstraint));
	    if (current = NULL) {
		error_allocate();
	    }
	}
    }
    if (NameConstraints->permited != NULL) {
	last_permited->l.next = &(NameConstraints->permited->l);
	NameConstraints->permited->l.prev = &(last_permited->l);
    }
    if (NameConstraints->excluded != NULL) {
	last_excluded->l.next = &(NameConstraints->excluded->l);
	NameConstraints->excluded->l.prev = &(last_excluded->l);
    }
    if (which != NULL) {
	PORT_Free(which);
    }
    if (rv == SECFailure) {
	return NULL;
    }
    return NameConstraints;
}



static SECStatus
AddAltName(void              *extHandle,
	   Pair              *data,
	   char              *issuerNameStr, 
	   CERTCertDBHandle  *handle,
	   int               type)
{
    PRBool             autoIssuer = PR_FALSE;
    PRArenaPool        *arena = NULL;
    CERTGeneralName    *genName = NULL;
    CERTName           *directoryName = NULL;
    char               *which = NULL;
    char               *name = NULL;
    SECStatus          rv = SECSuccess;
    SECItem            *issuersAltName = NULL;
    CERTCertificate    *issuerCert = NULL;
    void               *mark;


    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) {
	error_allocate();
    }
    if (type == 0) {
	which = make_copy_string("SubAltNameSelect0", 20,'\0');
	genName = MakeAltName(data, which, arena);
    } else {
	if (autoIssuer) {
	    autoIssuer = find_field_bool(data,"IssuerAltNameSourceRadio-auto",
					 PR_TRUE);
	    issuerCert = CERT_FindCertByNameString(handle, issuerNameStr);
	    rv = cert_FindExtension((*issuerCert).extensions, 
				    SEC_OID_X509_SUBJECT_ALT_NAME, 
				    issuersAltName);
	    if (issuersAltName == NULL) {
		name = PORT_Alloc(PORT_Strlen((*issuerCert).subjectName) + 4);