crmfcont.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 1,165 行 · 第 1/3 页

/* -*- Mode: C; tab-width: 8 -*-*/
/*
 * The contents of this file are subject to the Mozilla Public
 * License Version 1.1 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.mozilla.org/MPL/
 * 
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 * 
 * The Original Code is the Netscape security libraries.
 * 
 * The Initial Developer of the Original Code is Netscape
 * Communications Corporation.  Portions created by Netscape are 
 * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
 * Rights Reserved.
 * 
 * Contributor(s):
 * 
 * Alternatively, the contents of this file may be used under the
 * terms of the GNU General Public License Version 2 or later (the
 * "GPL"), in which case the provisions of the GPL are applicable 
 * instead of those above.  If you wish to allow use of your 
 * version of this file only under the terms of the GPL and not to
 * allow others to use your version of this file under the MPL,
 * indicate your decision by deleting the provisions above and
 * replace them with the notice and other provisions required by
 * the GPL.  If you do not delete the provisions above, a recipient
 * may use your version of this file under either the MPL or the
 * GPL.
 */

#include "crmf.h"
#include "crmfi.h"
#include "pk11func.h"
#include "keyhi.h"
#include "secoid.h"

static SECStatus
crmf_modify_control_array (CRMFCertRequest *inCertReq, int count)
{
    if (count > 0) {
        void *dummy = PORT_Realloc(inCertReq->controls, 
				   sizeof(CRMFControl*)*(count+2));
	if (dummy == NULL) {
	    return SECFailure;
	}
	inCertReq->controls = dummy;
    } else {
        inCertReq->controls = PORT_ZNewArray(CRMFControl*, 2);
    }
    return (inCertReq->controls == NULL) ? SECFailure : SECSuccess ;
}

static SECStatus
crmf_add_new_control(CRMFCertRequest *inCertReq,SECOidTag inTag,
		     CRMFControl **destControl)
{
    SECOidData  *oidData;
    SECStatus    rv;
    PRArenaPool *poolp;
    int          numControls = 0;
    CRMFControl *newControl;
    CRMFControl **controls;
    void        *mark;

    poolp = inCertReq->poolp;
    if (poolp == NULL) {
        return SECFailure;
    }
    mark = PORT_ArenaMark(poolp);
    if (inCertReq->controls != NULL) {
        while (inCertReq->controls[numControls] != NULL)
	    numControls++;
    }
    rv = crmf_modify_control_array(inCertReq, numControls);
    if (rv != SECSuccess) {
        goto loser;
    }
    controls = inCertReq->controls;
    oidData = SECOID_FindOIDByTag(inTag);
    newControl = *destControl = PORT_ArenaZNew(poolp,CRMFControl);
    if (newControl == NULL) {
        goto loser;
    }
    rv = SECITEM_CopyItem(poolp, &newControl->derTag, &oidData->oid);
    if (rv != SECSuccess) {
        goto loser;
    }
    newControl->tag = inTag;
    controls[numControls] = newControl;
    controls[numControls+1] = NULL;
    PORT_ArenaUnmark(poolp, mark);
    return SECSuccess;

 loser:
    PORT_ArenaRelease(poolp, mark);
    *destControl = NULL;
    return SECFailure;
			  
}

SECStatus
crmf_add_secitem_control(CRMFCertRequest *inCertReq, SECItem *value,
			 SECOidTag inTag)
{
    SECStatus    rv;
    CRMFControl *newControl;
    void        *mark;

    rv = crmf_add_new_control(inCertReq, inTag, &newControl);
    if (rv != SECSuccess) {
        return rv;
    }
    mark = PORT_ArenaMark(inCertReq->poolp);
    rv = SECITEM_CopyItem(inCertReq->poolp, &newControl->derValue, value);
    if (rv != SECSuccess) {
        PORT_ArenaRelease(inCertReq->poolp, mark);
	return rv;
    }
    PORT_ArenaUnmark(inCertReq->poolp, mark);
    return SECSuccess;
}

SECStatus
CRMF_CertRequestSetRegTokenControl(CRMFCertRequest *inCertReq, SECItem *value)
{
    return crmf_add_secitem_control(inCertReq, value, 
				    SEC_OID_PKIX_REGCTRL_REGTOKEN);
}

SECStatus
CRMF_CertRequestSetAuthenticatorControl (CRMFCertRequest *inCertReq, 
					 SECItem         *value)
{
    return crmf_add_secitem_control(inCertReq, value, 
				    SEC_OID_PKIX_REGCTRL_AUTHENTICATOR);
}

SECStatus
crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue, PRBool freeit)
{
    if (inEncrValue != NULL) {
        if (inEncrValue->intendedAlg) {
	    SECOID_DestroyAlgorithmID(inEncrValue->intendedAlg, PR_TRUE);
	}
	if (inEncrValue->symmAlg) {
	    SECOID_DestroyAlgorithmID(inEncrValue->symmAlg, PR_TRUE);
	}
        if (inEncrValue->encSymmKey.data) {
	    PORT_Free(inEncrValue->encSymmKey.data);
	}
	if (inEncrValue->keyAlg) {
	    SECOID_DestroyAlgorithmID(inEncrValue->keyAlg, PR_TRUE);
	}
	if (inEncrValue->valueHint.data) {
	    PORT_Free(inEncrValue->valueHint.data);
	}
        if (inEncrValue->encValue.data) {
	    PORT_Free(inEncrValue->encValue.data);
	}
	if (freeit) {
	    PORT_Free(inEncrValue);
	}
    }
    return SECSuccess;
}

SECStatus
CRMF_DestroyEncryptedValue(CRMFEncryptedValue *inEncrValue)
{
    return crmf_destroy_encrypted_value(inEncrValue, PR_TRUE);
}

SECStatus
crmf_copy_encryptedvalue_secalg(PRArenaPool     *poolp,
				SECAlgorithmID  *srcAlgId,
				SECAlgorithmID **destAlgId)
{
    SECAlgorithmID *newAlgId;

    *destAlgId = newAlgId = (poolp != NULL) ?
                            PORT_ArenaZNew(poolp, SECAlgorithmID) :
                            PORT_ZNew(SECAlgorithmID);
    if (newAlgId == NULL) {
        return SECFailure;
    }
    
    return SECOID_CopyAlgorithmID(poolp, newAlgId, srcAlgId);
}

SECStatus
crmf_copy_encryptedvalue(PRArenaPool        *poolp,
			 CRMFEncryptedValue *srcValue,
			 CRMFEncryptedValue *destValue)
{
    SECStatus           rv;

    if (srcValue->intendedAlg != NULL) {
        rv = crmf_copy_encryptedvalue_secalg(poolp,
					     srcValue->intendedAlg,
					     &destValue->intendedAlg);
	if (rv != SECSuccess) {
	    goto loser;
	}
    }
    if (srcValue->symmAlg != NULL) {
        rv = crmf_copy_encryptedvalue_secalg(poolp, 
					     srcValue->symmAlg,
					     &destValue->symmAlg);
	if (rv != SECSuccess) {
	    goto loser;
	}
    }
    if (srcValue->encSymmKey.data != NULL) {
        rv = crmf_make_bitstring_copy(poolp, 
				      &destValue->encSymmKey,
				      &srcValue->encSymmKey);
	if (rv != SECSuccess) {
	    goto loser;
	}
    }
    if (srcValue->keyAlg != NULL) {
        rv = crmf_copy_encryptedvalue_secalg(poolp,
					     srcValue->keyAlg,
					     &destValue->keyAlg);
	if (rv != SECSuccess) {
	    goto loser;
	}
    }
    if (srcValue->valueHint.data != NULL) {
        rv = SECITEM_CopyItem(poolp, 
			      &destValue->valueHint,
			      &srcValue->valueHint);
	if (rv != SECSuccess) {
	    goto loser;
	}
    }
    if (srcValue->encValue.data != NULL) {
        rv = crmf_make_bitstring_copy(poolp,
				      &destValue->encValue,
				      &srcValue->encValue);
	if (rv != SECSuccess) {
	    goto loser;
	}
    }
    return SECSuccess;
 loser:
    if (poolp == NULL && destValue != NULL) {
        crmf_destroy_encrypted_value(destValue, PR_TRUE);
    }
    return SECFailure;
}

SECStatus 
crmf_copy_encryptedkey(PRArenaPool       *poolp,
		       CRMFEncryptedKey  *srcEncrKey,
		       CRMFEncryptedKey  *destEncrKey)
{
    SECStatus          rv;
    void              *mark;

    if (poolp != NULL) {
        mark = PORT_ArenaMark(poolp);
    }

    switch (srcEncrKey->encKeyChoice) {
    case crmfEncryptedValueChoice:
        rv = crmf_copy_encryptedvalue(poolp, 
				      &srcEncrKey->value.encryptedValue,
				      &destEncrKey->value.encryptedValue);
	break;
    case crmfEnvelopedDataChoice:
        destEncrKey->value.envelopedData = 
	    SEC_PKCS7CopyContentInfo(srcEncrKey->value.envelopedData);
        rv = (destEncrKey->value.envelopedData != NULL) ? SECSuccess:
	                                                  SECFailure;
        break;
    default:
        rv = SECFailure;
    }
    if (rv != SECSuccess) {
        goto loser;
    }
    destEncrKey->encKeyChoice = srcEncrKey->encKeyChoice;
    if (poolp != NULL) {
    	PORT_ArenaUnmark(poolp, mark);
    }
    return SECSuccess;

 loser:
    if (poolp != NULL) {
        PORT_ArenaRelease(poolp, mark);
    }
    return SECFailure;
}

CRMFPKIArchiveOptions*
crmf_create_encr_pivkey_option(CRMFEncryptedKey *inEncryptedKey)
{
    CRMFPKIArchiveOptions *newArchOpt;
    SECStatus              rv;

    newArchOpt = PORT_ZNew(CRMFPKIArchiveOptions);
    if (newArchOpt == NULL) {
        goto loser;
    }

    rv = crmf_copy_encryptedkey(NULL, inEncryptedKey,
				&newArchOpt->option.encryptedKey);
    
    if (rv != SECSuccess) {
      goto loser;
    }
    newArchOpt->archOption = crmfEncryptedPrivateKey;
    return newArchOpt;
 loser:
    if (newArchOpt != NULL) {
        CRMF_DestroyPKIArchiveOptions(newArchOpt);
    }
    return NULL;
}

static CRMFPKIArchiveOptions*
crmf_create_keygen_param_option(SECItem *inKeyGenParams)
{
    CRMFPKIArchiveOptions *newArchOptions;
    SECStatus              rv;

    newArchOptions = PORT_ZNew(CRMFPKIArchiveOptions);
    if (newArchOptions == NULL) {
        goto loser;
    }
    newArchOptions->archOption = crmfKeyGenParameters;
    rv = SECITEM_CopyItem(NULL, &newArchOptions->option.keyGenParameters,
			  inKeyGenParams);
    if (rv != SECSuccess) {
        goto loser;
    }
    return newArchOptions;
 loser:
    if (newArchOptions != NULL) {
        CRMF_DestroyPKIArchiveOptions(newArchOptions);
    }
    return NULL;
}

static CRMFPKIArchiveOptions*
crmf_create_arch_rem_gen_privkey(PRBool archiveRemGenPrivKey)
{
    unsigned char          value;
    SECItem               *dummy;
    CRMFPKIArchiveOptions *newArchOptions;

    value = (archiveRemGenPrivKey) ? hexTrue : hexFalse;
    newArchOptions = PORT_ZNew(CRMFPKIArchiveOptions);
    if (newArchOptions == NULL) {
        goto loser;
    }
    dummy = SEC_ASN1EncodeItem(NULL, 
			       &newArchOptions->option.archiveRemGenPrivKey,
			       &value, SEC_BooleanTemplate);
    PORT_Assert (dummy == &newArchOptions->option.archiveRemGenPrivKey);
    if (dummy != &newArchOptions->option.archiveRemGenPrivKey) {
        SECITEM_FreeItem (dummy, PR_TRUE);
	goto loser;
    }
    newArchOptions->archOption = crmfArchiveRemGenPrivKey;
    return newArchOptions;
 loser:
    if (newArchOptions != NULL) {
        CRMF_DestroyPKIArchiveOptions(newArchOptions);
    }
    return NULL;
}

CRMFPKIArchiveOptions*
CRMF_CreatePKIArchiveOptions(CRMFPKIArchiveOptionsType inType, void *data)
{
    CRMFPKIArchiveOptions* retOptions;

    PORT_Assert(data != NULL);
    if (data == NULL) {
        return NULL;
    }
    switch(inType) {
    case crmfEncryptedPrivateKey: