servget.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 1,008 行 · 第 1/2 页

    if (poolp == NULL) {
        return NULL;
    }
    newReqMsg = PORT_ArenaZNew(poolp, CRMFCertReqMsg);
    newReqMsg->poolp = poolp;
    if (newReqMsg == NULL) {
        goto loser;
    }
    newReqMsg->certReq = crmf_copy_cert_request(poolp, srcReqMsg->certReq);
    if (newReqMsg->certReq == NULL) {
        goto loser;
    }
    newReqMsg->pop = crmf_copy_pop(poolp, srcReqMsg->pop);
    if (newReqMsg->pop == NULL) {
        goto loser;
    }
    /* None of my set/get routines operate on the regInfo field, so
     * for now, that won't get copied over.
     */
    return newReqMsg;

 loser:
    if (newReqMsg != NULL) {
        CRMF_DestroyCertReqMsg(newReqMsg);
    }
    return NULL;
}

CRMFCertReqMsg*
CRMF_CertReqMessagesGetCertReqMsgAtIndex(CRMFCertReqMessages *inReqMsgs,
					 int                  index)
{
    int numMsgs;

    PORT_Assert(inReqMsgs != NULL && index >= 0);
    if (inReqMsgs == NULL) {
        return NULL;
    }
    numMsgs = CRMF_CertReqMessagesGetNumMessages(inReqMsgs);
    if (index < 0 || index >= numMsgs) {
        return NULL;
    }
    return crmf_copy_cert_req_msg(inReqMsgs->messages[index]);
}

int
CRMF_CertReqMessagesGetNumMessages(CRMFCertReqMessages *inCertReqMsgs)
{
    int numMessages = 0;

    PORT_Assert(inCertReqMsgs != NULL);
    if (inCertReqMsgs == NULL) {
        return 0;
    }
    while (inCertReqMsgs->messages[numMessages] != NULL) {
        numMessages++;
    }
    return numMessages;
}

CRMFCertRequest*
CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg)
{
    PRArenaPool     *poolp      = NULL;
    CRMFCertRequest *newCertReq = NULL;

    PORT_Assert(inCertReqMsg != NULL);

    poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
    if (poolp == NULL) {
        goto loser;
    }
    newCertReq = crmf_copy_cert_request(poolp, inCertReqMsg->certReq);
    if (newCertReq == NULL) {
        goto loser;
    }
    newCertReq->poolp = poolp;
    return newCertReq;
 loser:
    if (poolp != NULL) {
        PORT_FreeArena(poolp, PR_FALSE);
    }
    return NULL;
}

SECStatus
CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg, long *destID)
{
    PORT_Assert(inCertReqMsg != NULL && destID != NULL);
    if (inCertReqMsg == NULL || inCertReqMsg->certReq == NULL) {
        return SECFailure;
    }
    return crmf_extract_long_from_item(&inCertReqMsg->certReq->certReqId, 
				       destID);
}

SECStatus
CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg   *inCertReqMsg,
				  CRMFPOPOPrivKey **destKey)
{
    PORT_Assert(inCertReqMsg != NULL && destKey != NULL);
    if (inCertReqMsg == NULL || destKey == NULL ||
	CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyAgreement) {
        return SECFailure;
    }
    *destKey = PORT_ZNew(CRMFPOPOPrivKey);
    if (*destKey == NULL) {
        return SECFailure;
    }
    return crmf_copy_popoprivkey(NULL,
				 &inCertReqMsg->pop->popChoice.keyAgreement,
				 *destKey);
}

SECStatus
CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg   *inCertReqMsg,
				     CRMFPOPOPrivKey **destKey)
{
    PORT_Assert(inCertReqMsg != NULL && destKey != NULL);
    if (inCertReqMsg == NULL || destKey == NULL ||
	CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyEncipherment) {
        return SECFailure;
    }
    *destKey = PORT_ZNew(CRMFPOPOPrivKey);
    if (destKey == NULL) {
       return SECFailure;
    }
    return crmf_copy_popoprivkey(NULL,
				 &inCertReqMsg->pop->popChoice.keyEncipherment,
				 *destKey);
}

SECStatus
CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg      *inCertReqMsg,
				 CRMFPOPOSigningKey **destKey)
{
    CRMFProofOfPossession *pop;
    PORT_Assert(inCertReqMsg != NULL);
    if (inCertReqMsg  == NULL) {
        return SECFailure;
    }
    pop = inCertReqMsg->pop;;
    if (pop->popUsed != crmfSignature) {
        return SECFailure;
    }
    *destKey = PORT_ZNew(CRMFPOPOSigningKey);
    if (*destKey == NULL) {
        return SECFailure;
    }
    return crmf_copy_poposigningkey(NULL,&pop->popChoice.signature, *destKey);
}

static SECStatus
crmf_copy_name(CERTName *destName, CERTName *srcName)
{
  PRArenaPool *poolp = NULL;
  SECStatus rv;

  if (destName->arena != NULL) {
    poolp = destName->arena;
  } else {
    poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
  }
  if (poolp == NULL) {
    return SECFailure;
  }
  /* Need to do this so that CERT_CopyName doesn't free out
   * the arena from underneath us.
   */
  destName->arena = NULL;
  rv = CERT_CopyName(poolp, destName, srcName); 
  destName->arena = poolp;
  return rv;
}

SECStatus
CRMF_CertRequestGetCertTemplateIssuer(CRMFCertRequest *inCertReq,
				      CERTName        *destIssuer)
{
    PORT_Assert(inCertReq != NULL);
    if (inCertReq == NULL) {
        return SECFailure;
    }
    if (CRMF_DoesRequestHaveField(inCertReq, crmfIssuer)) {
        return crmf_copy_name(destIssuer, 
			      inCertReq->certTemplate.issuer);
    }
    return SECFailure;
}

SECStatus 
CRMF_CertRequestGetCertTemplateIssuerUID(CRMFCertRequest *inCertReq,
					 SECItem         *destIssuerUID)
{
    PORT_Assert(inCertReq != NULL);
    if (inCertReq == NULL) {
        return SECFailure;
    }
    if (CRMF_DoesRequestHaveField(inCertReq, crmfIssuerUID)) {
        return crmf_make_bitstring_copy(NULL, destIssuerUID,
					&inCertReq->certTemplate.issuerUID);
    }
    return SECFailure;
}

SECStatus
CRMF_CertRequestGetCertTemplatePublicKey(CRMFCertRequest          *inCertReq,
				       CERTSubjectPublicKeyInfo *destPublicKey)
{
    PORT_Assert (inCertReq != NULL);
    if (inCertReq == NULL) {
        return SECFailure;
    }
    if (CRMF_DoesRequestHaveField(inCertReq, crmfPublicKey)) {
        return SECKEY_CopySubjectPublicKeyInfo(NULL, destPublicKey,
					inCertReq->certTemplate.publicKey);
    }
    return SECFailure;
}

SECStatus
CRMF_CertRequestGetCertTemplateSerialNumber(CRMFCertRequest *inCertReq,
					    long            *serialNumber)
{
    PORT_Assert(inCertReq != NULL);
    if (inCertReq == NULL) {
        return SECFailure;
    }
    if (CRMF_DoesRequestHaveField(inCertReq, crmfSerialNumber)) {
        return 
	  crmf_extract_long_from_item(&inCertReq->certTemplate.serialNumber,
				      serialNumber);
    }
    return SECFailure;
}

SECStatus
CRMF_CertRequestGetCertTemplateSigningAlg(CRMFCertRequest *inCertReq,
					  SECAlgorithmID  *destAlg)
{
    PORT_Assert(inCertReq != NULL);
    if (inCertReq == NULL) {
        return SECFailure;
    }
    if (CRMF_DoesRequestHaveField(inCertReq, crmfSigningAlg)) {
        return SECOID_CopyAlgorithmID(NULL, destAlg, 
				      inCertReq->certTemplate.signingAlg);
    }
    return SECFailure;
}

SECStatus 
CRMF_CertRequestGetCertTemplateSubject(CRMFCertRequest *inCertReq,
				       CERTName        *destSubject)
{
  PORT_Assert(inCertReq != NULL);
  if (inCertReq == NULL) {
      return SECFailure;
  }
  if (CRMF_DoesRequestHaveField(inCertReq, crmfSubject)) {
      return crmf_copy_name(destSubject, inCertReq->certTemplate.subject);
  }
  return SECFailure;
}

SECStatus
CRMF_CertRequestGetCertTemplateSubjectUID(CRMFCertRequest *inCertReq,
					  SECItem         *destSubjectUID)
{
    PORT_Assert(inCertReq != NULL);
    if (inCertReq == NULL) {
        return SECFailure;
    }
    if (CRMF_DoesRequestHaveField(inCertReq, crmfSubjectUID)) {
        return crmf_make_bitstring_copy(NULL, destSubjectUID, 
					&inCertReq->certTemplate.subjectUID);
    }
    return SECFailure;
}

SECStatus 
CRMF_CertRequestGetCertTemplateVersion(CRMFCertRequest *inCertReq, 
				       long            *version)
{
    PORT_Assert (inCertReq != NULL);
    if (inCertReq == NULL) {
        return SECFailure;
    }
    if (CRMF_DoesRequestHaveField(inCertReq, crmfVersion)) {
        return crmf_extract_long_from_item(&inCertReq->certTemplate.version,
					   version);
    } 
    return SECFailure;
}

static SECStatus
crmf_copy_validity(CRMFGetValidity      *destValidity,
		   CRMFOptionalValidity *src)
{
    SECStatus rv;
    
    destValidity->notBefore = destValidity->notAfter = NULL;
    if (src->notBefore.data != NULL) {
        rv = crmf_create_prtime(&src->notBefore, 
				&destValidity->notBefore);
	if (rv != SECSuccess) {
	    return rv;
	}
    }
    if (src->notAfter.data != NULL) {
        rv = crmf_create_prtime(&src->notAfter,
				&destValidity->notAfter);
	if (rv != SECSuccess) {
	    return rv;
	}
    }
    return SECSuccess;
}

SECStatus 
CRMF_CertRequestGetCertTemplateValidity(CRMFCertRequest *inCertReq,
					CRMFGetValidity *destValidity)
{
    PORT_Assert(inCertReq != NULL);
    if (inCertReq == NULL) {
        return SECFailure;
    }
    if (CRMF_DoesRequestHaveField(inCertReq, crmfValidity)) {
        return crmf_copy_validity(destValidity, 
				  inCertReq->certTemplate.validity);
    }
    return SECFailure;
}

CRMFControl*
CRMF_CertRequestGetControlAtIndex(CRMFCertRequest *inCertReq, int index)
{
    CRMFControl *newControl, *srcControl;
    int          numControls;
    SECStatus    rv;

    PORT_Assert(inCertReq != NULL);
    if (inCertReq == NULL) {
        return NULL;
    }
    numControls = CRMF_CertRequestGetNumControls(inCertReq);
    if (index >= numControls || index < 0) {
        return NULL;
    }
    newControl = PORT_ZNew(CRMFControl);
    if (newControl == NULL) {
        return NULL;
    }
    srcControl = inCertReq->controls[index];
    newControl->tag = srcControl->tag;
    rv = SECITEM_CopyItem (NULL, &newControl->derTag, &srcControl->derTag);
    if (rv != SECSuccess) {
        goto loser;
    }

    rv = SECITEM_CopyItem(NULL, &newControl->derValue, 
			  &srcControl->derValue);
    if (rv != SECSuccess) {
        goto loser;
    }
    /* Copy over the PKIArchiveOptions stuff */
    switch (srcControl->tag) {
    case SEC_OID_PKIX_REGCTRL_REGTOKEN:
    case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
        /* No further processing necessary for these types. */
        rv = SECSuccess;
	break;
    case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
    case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
    case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
        /* These aren't supported yet, so no post-processing will
	 * be done at this time.  But we don't want to fail in case
	 * we read in DER that has one of these options.
	 */
        rv = SECSuccess;
	break;
    case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
        rv = crmf_copy_pkiarchiveoptions(NULL, 
					 &newControl->value.archiveOptions,
					 &srcControl->value.archiveOptions);
	break;
    default:
        rv = SECFailure;
    }
    if (rv != SECSuccess) {
        goto loser;
    }
    return newControl;
 loser:
    if (newControl != NULL) {
        CRMF_DestroyControl(newControl);
    }
    return NULL;
}

static SECItem*
crmf_copy_control_value(CRMFControl *inControl)
{
    return SECITEM_DupItem(&inControl->derValue);
}

SECItem*
CRMF_ControlGetAuthenticatorControlValue(CRMFControl *inControl)
{
    PORT_Assert (inControl!= NULL);
    if (inControl == NULL ||
	CRMF_ControlGetControlType(inControl) != crmfAuthenticatorControl) {
        return NULL;
    }
    return crmf_copy_control_value(inControl);
}

CRMFControlType
CRMF_ControlGetControlType(CRMFControl *inControl)
{
    CRMFControlType retType;

    PORT_Assert(inControl != NULL);
    switch (inControl->tag) {
    case SEC_OID_PKIX_REGCTRL_REGTOKEN:
        retType = crmfRegTokenControl;
	break;
    case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
        retType = crmfAuthenticatorControl;
	break;
    case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
        retType = crmfPKIPublicationInfoControl;
	break;
    case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
        retType = crmfPKIArchiveOptionsControl;
	break;
    case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
        retType = crmfOldCertIDControl;
	break;
    case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
        retType = crmfProtocolEncrKeyControl;
	break;
    default:
        retType = crmfNoControl;
    }
    return retType;
}

CRMFPKIArchiveOptions*
CRMF_ControlGetPKIArchiveOptions(CRMFControl *inControl)
{
    CRMFPKIArchiveOptions *newOpt = NULL;
    SECStatus rv;

    PORT_Assert(inControl != NULL);
    if (inControl == NULL ||
	CRMF_ControlGetControlType(inControl) != crmfPKIArchiveOptionsControl){
        goto loser;
    }
    newOpt = PORT_ZNew(CRMFPKIArchiveOptions);
    if (newOpt == NULL) {
        goto loser;
    }
    rv = crmf_copy_pkiarchiveoptions(NULL, newOpt, 
				     &inControl->value.archiveOptions);
    if (rv != SECSuccess) {
        goto loser;
    }

 loser:
    if (newOpt != NULL) {
        CRMF_DestroyPKIArchiveOptions(newOpt);
    }
    return NULL;
}

SECItem*
CRMF_ControlGetRegTokenControlValue(CRMFControl *inControl)
{
    PORT_Assert(inControl != NULL);
    if (inControl == NULL ||
	CRMF_ControlGetControlType(inControl) != crmfRegTokenControl) {
        return NULL;
    }
    return crmf_copy_control_value(inControl);;
}

CRMFCertExtension*
CRMF_CertRequestGetExtensionAtIndex(CRMFCertRequest *inCertReq,
				    int              index)
{
    int numExtensions;

    PORT_Assert(inCertReq != NULL);
    numExtensions = CRMF_CertRequestGetNumberOfExtensions(inCertReq);
    if (index >= numExtensions || index < 0) {
        return NULL;
    }
    return 
      crmf_copy_cert_extension(NULL, 
			       inCertReq->certTemplate.extensions[index]);
}