crmfreq.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 698 行 · 第 1/2 页

    return crmf_copy_bitstring (poolp, dest, subjectUID);
}

static void
crmf_zeroize_new_extensions (CRMFCertExtension **extensions,
			     int numToZeroize) 
{
    PORT_Memset((void*)extensions, 0, sizeof(CERTCertExtension*)*numToZeroize);
}

/*
 * The strategy for adding templates will differ from all the other
 * attributes in the template.  First, we want to allow the client
 * of this API to set extensions more than just once.  So we will
 * need the ability grow the array of extensions.  Since arenas don't
 * give us the realloc function, we'll use the generic PORT_* functions
 * to allocate the array of pointers *ONLY*.  Then we will allocate each
 * individual extension from the arena that comes along with the certReq
 * structure that owns this template.
 */
static SECStatus
crmf_template_add_extensions(PRArenaPool *poolp, CRMFCertTemplate *inTemplate,
			     CRMFCertExtCreationInfo *extensions)
{
    void               *mark;
    int                 newSize, oldSize, i;
    SECStatus           rv;
    CRMFCertExtension **extArray;
    CRMFCertExtension  *newExt, *currExt;

    mark = PORT_ArenaMark(poolp);
    if (inTemplate->extensions == NULL) {
        newSize = extensions->numExtensions;
        extArray = PORT_ZNewArray(CRMFCertExtension*,newSize+1);
    } else {
        newSize = inTemplate->numExtensions + extensions->numExtensions;
        extArray = PORT_Realloc(inTemplate->extensions, 
				sizeof(CRMFCertExtension*)*(newSize+1));
    }
    if (extArray == NULL) {
        goto loser;
    }
    oldSize                   = inTemplate->numExtensions;
    inTemplate->extensions    = extArray;
    inTemplate->numExtensions = newSize;
    for (i=oldSize; i < newSize; i++) {
        newExt = PORT_ArenaZNew(poolp, CRMFCertExtension);
	if (newExt == NULL) {
	    goto loser2;
	}
	currExt = extensions->extensions[i-oldSize];
	rv = crmf_copy_secitem(poolp, &(newExt->id), &(currExt->id));
	if (rv != SECSuccess) {
	    goto loser2;
	}
	rv = crmf_copy_secitem(poolp, &(newExt->critical),
			       &(currExt->critical));
	if (rv != SECSuccess) {
	    goto loser2;
	}
	rv = crmf_copy_secitem(poolp, &(newExt->value), &(currExt->value));
	if (rv != SECSuccess) {
	    goto loser2;
	}
	extArray[i] = newExt;
    }
    extArray[newSize] = NULL;
    PORT_ArenaUnmark(poolp, mark);
    return SECSuccess;
 loser2:
    crmf_zeroize_new_extensions (&(inTemplate->extensions[oldSize]),
				 extensions->numExtensions);
    inTemplate->numExtensions = oldSize;
 loser:
    PORT_ArenaRelease(poolp, mark);
    return SECFailure;
}

SECStatus
CRMF_CertRequestSetTemplateField(CRMFCertRequest       *inCertReq, 
				 CRMFCertTemplateField  inTemplateField,
				 void                  *data)
{
    CRMFCertTemplate *certTemplate;
    PRArenaPool      *poolp;
    SECStatus         rv = SECFailure;
    void             *mark;
    

    if (inCertReq == NULL) {
        return SECFailure;
    }

    certTemplate = &(inCertReq->certTemplate);

    poolp = inCertReq->poolp;
    mark = PORT_ArenaMark(poolp);
    switch (inTemplateField) {
    case crmfVersion:
      rv = crmf_template_add_version(poolp,&(certTemplate->version), 
				     *(long*)data);
      break;
    case crmfSerialNumber:
      rv = crmf_template_add_serialnumber(poolp, 
					  &(certTemplate->serialNumber),
					  *(long*)data);
      break;
    case crmfSigningAlg:
      rv = crmf_template_copy_secalg (poolp, &(certTemplate->signingAlg),
				      (SECAlgorithmID*)data);
      break;
    case crmfIssuer:
      rv = crmf_template_add_issuer (poolp, &(certTemplate->issuer), 
				     (CERTName*)data);
      break;
    case crmfValidity:
      rv = crmf_template_add_validity (poolp, &(certTemplate->validity),
				       (CRMFValidityCreationInfo*)data);
      break;
    case crmfSubject:
      rv = crmf_template_add_subject (poolp, &(certTemplate->subject),
				      (CERTName*)data);
      break;
    case crmfPublicKey:
      rv = crmf_template_add_public_key(poolp, &(certTemplate->publicKey),
					(CERTSubjectPublicKeyInfo*)data);
      break;
    case crmfIssuerUID:
      rv = crmf_template_add_issuer_uid(poolp, &(certTemplate->issuerUID),
					(SECItem*)data);
      break;
    case crmfSubjectUID:
      rv = crmf_template_add_subject_uid(poolp, &(certTemplate->subjectUID),
					 (SECItem*)data);
      break;
    case crmfExtension:
      rv = crmf_template_add_extensions(poolp, certTemplate, 
					(CRMFCertExtCreationInfo*)data);
      break;
    }
    if (rv != SECSuccess) {
        PORT_ArenaRelease(poolp, mark);
    } else {
        PORT_ArenaUnmark(poolp, mark);
    }
    return rv;
}

SECStatus
CRMF_CertReqMsgSetCertRequest (CRMFCertReqMsg  *inCertReqMsg, 
			       CRMFCertRequest *inCertReq)
{
    PORT_Assert (inCertReqMsg != NULL && inCertReq != NULL);
    if (inCertReqMsg == NULL || inCertReq == NULL) {
        return SECFailure;
    }
    inCertReqMsg->certReq = crmf_copy_cert_request(inCertReqMsg->poolp,
						   inCertReq);
    return (inCertReqMsg->certReq == NULL) ? SECFailure : SECSuccess;
}

CRMFCertReqMsg*
CRMF_CreateCertReqMsg(void)
{
    PRArenaPool    *poolp;
    CRMFCertReqMsg *reqMsg;

    poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
    if (poolp == NULL) {
        goto loser;
    }
    reqMsg = PORT_ArenaZNew(poolp, CRMFCertReqMsg);
    if (reqMsg == NULL) {
        goto loser;
    }
    reqMsg->poolp = poolp;
    return reqMsg;
    
 loser:
    if (poolp) {
        PORT_FreeArena(poolp, PR_FALSE);
    }
    return NULL;
}

SECStatus 
CRMF_DestroyCertReqMsg(CRMFCertReqMsg *inCertReqMsg)
{
    PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->poolp != NULL);
    if (!inCertReqMsg->isDecoded) {
        if (inCertReqMsg->certReq->certTemplate.extensions != NULL) {
	    PORT_Free(inCertReqMsg->certReq->certTemplate.extensions);
	}
	if (inCertReqMsg->certReq->controls != NULL) {
	    PORT_Free(inCertReqMsg->certReq->controls);
	}
    }
    PORT_FreeArena(inCertReqMsg->poolp, PR_TRUE);
    return SECSuccess;
}

CRMFCertExtension*
crmf_create_cert_extension(PRArenaPool *poolp, 
			   SECOidTag    id,
			   PRBool       isCritical,
			   SECItem     *data)
{
    CRMFCertExtension *newExt;
    SECOidData        *oidData;
    SECStatus          rv;

    newExt = (poolp == NULL) ? PORT_ZNew(CRMFCertExtension) :
                               PORT_ArenaZNew(poolp, CRMFCertExtension);
    if (newExt == NULL) {
        goto loser;
    }
    oidData = SECOID_FindOIDByTag(id);
    if (oidData == NULL || 
	oidData->supportedExtension != SUPPORTED_CERT_EXTENSION) {
       goto loser;
    }

    rv = SECITEM_CopyItem(poolp, &(newExt->id), &(oidData->oid));
    if (rv != SECSuccess) {
        goto loser;
    }

    rv = SECITEM_CopyItem(poolp, &(newExt->value), data);
    if (rv != SECSuccess) {
        goto loser;
    }

    if (isCritical) {
        newExt->critical.data = (poolp == NULL) ? 
	                                PORT_New(unsigned char) :
	                                PORT_ArenaNew(poolp, unsigned char);
	if (newExt->critical.data == NULL) {
	    goto loser;
	}
	newExt->critical.data[0] = hexTrue;
	newExt->critical.len = 1;
    }
    return newExt;
 loser:
    if (newExt != NULL && poolp == NULL) {
        CRMF_DestroyCertExtension(newExt);
    }
    return NULL;
}

CRMFCertExtension *
CRMF_CreateCertExtension(SECOidTag id,
			 PRBool    isCritical,
			 SECItem  *data) 
{
    return crmf_create_cert_extension(NULL, id, isCritical, data);
}

SECStatus
crmf_destroy_cert_extension(CRMFCertExtension *inExtension, PRBool freeit)
{
    if (inExtension != NULL) {
        SECITEM_FreeItem (&(inExtension->id), PR_FALSE);
	SECITEM_FreeItem (&(inExtension->value), PR_FALSE);
	SECITEM_FreeItem (&(inExtension->critical), PR_FALSE);
	if (freeit) {
	    PORT_Free(inExtension);
	}
    }
    return SECSuccess;
}

SECStatus
CRMF_DestroyCertExtension(CRMFCertExtension *inExtension)
{
    return crmf_destroy_cert_extension(inExtension, PR_TRUE);
}

SECStatus
CRMF_DestroyCertReqMessages(CRMFCertReqMessages *inCertReqMsgs) 
{
    PORT_Assert (inCertReqMsgs != NULL);
    if (inCertReqMsgs != NULL) {
        PORT_FreeArena(inCertReqMsgs->poolp, PR_TRUE);
    }
    return SECSuccess;
}

static PRBool
crmf_item_has_data(SECItem *item)
{
    if (item != NULL && item->data != NULL) {
        return PR_TRUE;
    }
    return PR_FALSE;
}

PRBool
CRMF_CertRequestIsFieldPresent(CRMFCertRequest       *inCertReq,
			       CRMFCertTemplateField  inTemplateField)
{
    PRBool             retVal;
    CRMFCertTemplate *certTemplate;

    PORT_Assert(inCertReq != NULL);
    if (inCertReq == NULL) {
        /* This is probably some kind of error, but this is 
	 * the safest return value for this function.
	 */
        return PR_FALSE;
    }
    certTemplate = &inCertReq->certTemplate;
    switch (inTemplateField) {
    case crmfVersion:
      retVal = crmf_item_has_data(&certTemplate->version);
      break;
    case crmfSerialNumber:
      retVal = crmf_item_has_data(&certTemplate->serialNumber);
      break;
    case crmfSigningAlg:
      retVal = IS_NOT_NULL(certTemplate->signingAlg);
      break;
    case crmfIssuer:
      retVal = IS_NOT_NULL(certTemplate->issuer);
      break;
    case crmfValidity:
      retVal = IS_NOT_NULL(certTemplate->validity);
      break;
    case crmfSubject:
      retVal = IS_NOT_NULL(certTemplate->subject);
      break;
    case crmfPublicKey:
      retVal = IS_NOT_NULL(certTemplate->publicKey);
      break;
    case crmfIssuerUID:
      retVal = crmf_item_has_data(&certTemplate->issuerUID);
      break;
    case crmfSubjectUID:
      retVal = crmf_item_has_data(&certTemplate->subjectUID);
      break;
    case crmfExtension:
      retVal = IS_NOT_NULL(certTemplate->extensions);
      break;
    default:
      retVal = PR_FALSE;
    }
    return retVal;
}