diff options
Diffstat (limited to 'nss/lib/certdb/alg1485.c')
-rw-r--r-- | nss/lib/certdb/alg1485.c | 1750 |
1 files changed, 883 insertions, 867 deletions
diff --git a/nss/lib/certdb/alg1485.c b/nss/lib/certdb/alg1485.c index ea1621b..b6736c4 100644 --- a/nss/lib/certdb/alg1485.c +++ b/nss/lib/certdb/alg1485.c @@ -13,26 +13,28 @@ #include "secerr.h" typedef struct NameToKindStr { - const char * name; + const char* name; unsigned int maxLen; /* max bytes in UTF8 encoded string value */ - SECOidTag kind; - int valueType; + SECOidTag kind; + int valueType; } NameToKind; /* local type for directory string--could be printable_string or utf8 */ #define SEC_ASN1_DS SEC_ASN1_HIGH_TAG_NUMBER +/* clang-format off */ + /* Add new entries to this table, and maybe to function ParseRFC1485AVA */ static const NameToKind name2kinds[] = { /* IANA registered type names - * (See: http://www.iana.org/assignments/ldap-parameters) + * (See: http://www.iana.org/assignments/ldap-parameters) */ /* RFC 3280, 4630 MUST SUPPORT */ { "CN", 640, SEC_OID_AVA_COMMON_NAME, SEC_ASN1_DS}, { "ST", 128, SEC_OID_AVA_STATE_OR_PROVINCE, - SEC_ASN1_DS}, + SEC_ASN1_DS}, { "O", 128, SEC_OID_AVA_ORGANIZATION_NAME, - SEC_ASN1_DS}, + SEC_ASN1_DS}, { "OU", 128, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME, SEC_ASN1_DS}, { "dnQualifier", 32767, SEC_OID_AVA_DN_QUALIFIER, SEC_ASN1_PRINTABLE_STRING}, @@ -58,7 +60,7 @@ static const NameToKind name2kinds[] = { * below this line. The first SECOidTag below this line must be used to * conditionally define the "endKind" in function AppendAVA() below. * Most new attribute names should be added below this line. - * Maybe this line should be up higher? Say, after the 3280 MUSTs and + * Maybe this line should be up higher? Say, after the 3280 MUSTs and * before the 3280 SHOULDs? */ @@ -76,11 +78,11 @@ static const NameToKind name2kinds[] = { /* values defined by the CAB Forum for EV */ { "incorporationLocality", 128, SEC_OID_EV_INCORPORATION_LOCALITY, - SEC_ASN1_DS}, + SEC_ASN1_DS}, { "incorporationState", 128, SEC_OID_EV_INCORPORATION_STATE, - SEC_ASN1_DS}, + SEC_ASN1_DS}, { "incorporationCountry", 2, SEC_OID_EV_INCORPORATION_COUNTRY, - SEC_ASN1_PRINTABLE_STRING}, + SEC_ASN1_PRINTABLE_STRING}, { "businessCategory", 64, SEC_OID_BUSINESS_CATEGORY, SEC_ASN1_DS}, /* values defined in X.520 */ @@ -91,21 +93,21 @@ static const NameToKind name2kinds[] = { /* Table facilitates conversion of ASCII hex to binary. */ static const PRInt16 x2b[256] = { -/* #0x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -/* #1x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -/* #2x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -/* #3x */ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, -1, -1, -1, -1, -1, -1, -/* #4x */ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1, -/* #5x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -/* #6x */ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1, -/* #7x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -/* #8x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -/* #9x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -/* #ax */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -/* #bx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -/* #cx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -/* #dx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -/* #ex */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, +/* #0x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, +/* #1x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, +/* #2x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, +/* #3x */ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, -1, -1, -1, -1, -1, -1, +/* #4x */ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1, +/* #5x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, +/* #6x */ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1, +/* #7x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, +/* #8x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, +/* #9x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, +/* #ax */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, +/* #bx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, +/* #cx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, +/* #dx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, +/* #ex */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* #fx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }; @@ -117,330 +119,330 @@ static const PRInt16 x2b[256] = { #define C_EQUAL '=' -#define OPTIONAL_SPACE(c) \ +#define OPTIONAL_SPACE(c) \ (((c) == ' ') || ((c) == '\r') || ((c) == '\n')) -#define SPECIAL_CHAR(c) \ - (((c) == ',') || ((c) == '=') || ((c) == C_DOUBLE_QUOTE) || \ - ((c) == '\r') || ((c) == '\n') || ((c) == '+') || \ - ((c) == '<') || ((c) == '>') || ((c) == '#') || \ +#define SPECIAL_CHAR(c) \ + (((c) == ',') || ((c) == '=') || ((c) == C_DOUBLE_QUOTE) || \ + ((c) == '\r') || ((c) == '\n') || ((c) == '+') || \ + ((c) == '<') || ((c) == '>') || ((c) == '#') || \ ((c) == ';') || ((c) == C_BACKSLASH)) -#define IS_PRINTABLE(c) \ - ((((c) >= 'a') && ((c) <= 'z')) || \ - (((c) >= 'A') && ((c) <= 'Z')) || \ - (((c) >= '0') && ((c) <= '9')) || \ - ((c) == ' ') || \ - ((c) == '\'') || \ - ((c) == '\050') || /* ( */ \ - ((c) == '\051') || /* ) */ \ - (((c) >= '+') && ((c) <= '/')) || /* + , - . / */ \ - ((c) == ':') || \ - ((c) == '=') || \ +#define IS_PRINTABLE(c) \ + ((((c) >= 'a') && ((c) <= 'z')) || \ + (((c) >= 'A') && ((c) <= 'Z')) || \ + (((c) >= '0') && ((c) <= '9')) || \ + ((c) == ' ') || \ + ((c) == '\'') || \ + ((c) == '\050') || /* ( */ \ + ((c) == '\051') || /* ) */ \ + (((c) >= '+') && ((c) <= '/')) || /* + , - . / */ \ + ((c) == ':') || \ + ((c) == '=') || \ ((c) == '?')) +/* clang-format on */ + /* RFC 2253 says we must escape ",+\"\\<>;=" EXCEPT inside a quoted string. * Inside a quoted string, we only need to escape " and \ * We choose to quote strings containing any of those special characters, * so we only need to escape " and \ */ -#define NEEDS_ESCAPE(c) \ - (c == C_DOUBLE_QUOTE || c == C_BACKSLASH) +#define NEEDS_ESCAPE(c) (c == C_DOUBLE_QUOTE || c == C_BACKSLASH) -#define NEEDS_HEX_ESCAPE(c) \ - ((PRUint8)c < 0x20 || c == 0x7f) +#define NEEDS_HEX_ESCAPE(c) ((PRUint8)c < 0x20 || c == 0x7f) int cert_AVAOidTagToMaxLen(SECOidTag tag) { - const NameToKind *n2k = name2kinds; + const NameToKind* n2k = name2kinds; while (n2k->kind != tag && n2k->kind != SEC_OID_UNKNOWN) { - ++n2k; + ++n2k; } return (n2k->kind != SEC_OID_UNKNOWN) ? n2k->maxLen : -1; } static PRBool -IsPrintable(unsigned char *data, unsigned len) +IsPrintable(unsigned char* data, unsigned len) { unsigned char ch, *end; end = data + len; while (data < end) { - ch = *data++; - if (!IS_PRINTABLE(ch)) { - return PR_FALSE; - } + ch = *data++; + if (!IS_PRINTABLE(ch)) { + return PR_FALSE; + } } return PR_TRUE; } static void -skipSpace(const char **pbp, const char *endptr) +skipSpace(const char** pbp, const char* endptr) { - const char *bp = *pbp; + const char* bp = *pbp; while (bp < endptr && OPTIONAL_SPACE(*bp)) { - bp++; + bp++; } *pbp = bp; } static SECStatus -scanTag(const char **pbp, const char *endptr, char *tagBuf, int tagBufSize) +scanTag(const char** pbp, const char* endptr, char* tagBuf, int tagBufSize) { - const char *bp; - char *tagBufp; + const char* bp; + char* tagBufp; int taglen; PORT_Assert(tagBufSize > 0); - + /* skip optional leading space */ skipSpace(pbp, endptr); if (*pbp == endptr) { - /* nothing left */ - return SECFailure; + /* nothing left */ + return SECFailure; } - + /* fill tagBuf */ taglen = 0; bp = *pbp; tagBufp = tagBuf; while (bp < endptr && !OPTIONAL_SPACE(*bp) && (*bp != C_EQUAL)) { - if (++taglen >= tagBufSize) { - *pbp = bp; - return SECFailure; - } - *tagBufp++ = *bp++; + if (++taglen >= tagBufSize) { + *pbp = bp; + return SECFailure; + } + *tagBufp++ = *bp++; } /* null-terminate tagBuf -- guaranteed at least one space left */ *tagBufp++ = 0; *pbp = bp; - + /* skip trailing spaces till we hit something - should be an equal sign */ skipSpace(pbp, endptr); if (*pbp == endptr) { - /* nothing left */ - return SECFailure; + /* nothing left */ + return SECFailure; } if (**pbp != C_EQUAL) { - /* should be an equal sign */ - return SECFailure; + /* should be an equal sign */ + return SECFailure; } /* skip over the equal sign */ (*pbp)++; - + return SECSuccess; } /* Returns the number of bytes in the value. 0 means failure. */ static int -scanVal(const char **pbp, const char *endptr, char *valBuf, int valBufSize) +scanVal(const char** pbp, const char* endptr, char* valBuf, int valBufSize) { - const char *bp; - char *valBufp; + const char* bp; + char* valBufp; int vallen = 0; PRBool isQuoted; - + PORT_Assert(valBufSize > 0); - + /* skip optional leading space */ skipSpace(pbp, endptr); - if(*pbp == endptr) { - /* nothing left */ - return 0; + if (*pbp == endptr) { + /* nothing left */ + return 0; } - + bp = *pbp; - + /* quoted? */ if (*bp == C_DOUBLE_QUOTE) { - isQuoted = PR_TRUE; - /* skip over it */ - bp++; + isQuoted = PR_TRUE; + /* skip over it */ + bp++; } else { - isQuoted = PR_FALSE; + isQuoted = PR_FALSE; } - + valBufp = valBuf; while (bp < endptr) { - char c = *bp; - if (c == C_BACKSLASH) { - /* escape character */ - bp++; - if (bp >= endptr) { - /* escape charater must appear with paired char */ - *pbp = bp; - return 0; - } - c = *bp; - if (IS_HEX(c) && (endptr - bp) >= 2 && IS_HEX(bp[1])) { - bp++; - c = (char)((x2b[(PRUint8)c] << 4) | x2b[(PRUint8)*bp]); - } - } else if (c == '#' && bp == *pbp) { - /* ignore leading #, quotation not required for it. */ - } else if (!isQuoted && SPECIAL_CHAR(c)) { - /* unescaped special and not within quoted value */ - break; - } else if (c == C_DOUBLE_QUOTE) { - /* reached unescaped double quote */ - break; - } - /* append character */ + char c = *bp; + if (c == C_BACKSLASH) { + /* escape character */ + bp++; + if (bp >= endptr) { + /* escape charater must appear with paired char */ + *pbp = bp; + return 0; + } + c = *bp; + if (IS_HEX(c) && (endptr - bp) >= 2 && IS_HEX(bp[1])) { + bp++; + c = (char)((x2b[(PRUint8)c] << 4) | x2b[(PRUint8)*bp]); + } + } else if (c == '#' && bp == *pbp) { + /* ignore leading #, quotation not required for it. */ + } else if (!isQuoted && SPECIAL_CHAR(c)) { + /* unescaped special and not within quoted value */ + break; + } else if (c == C_DOUBLE_QUOTE) { + /* reached unescaped double quote */ + break; + } + /* append character */ vallen++; - if (vallen >= valBufSize) { - *pbp = bp; - return 0; - } - *valBufp++ = c; - bp++; - } - + if (vallen >= valBufSize) { + *pbp = bp; + return 0; + } + *valBufp++ = c; + bp++; + } + /* strip trailing spaces from unquoted values */ if (!isQuoted) { - while (valBufp > valBuf) { - char c = valBufp[-1]; - if (! OPTIONAL_SPACE(c)) - break; - --valBufp; - } - vallen = valBufp - valBuf; - } - + while (valBufp > valBuf) { + char c = valBufp[-1]; + if (!OPTIONAL_SPACE(c)) + break; + --valBufp; + } + vallen = valBufp - valBuf; + } + if (isQuoted) { - /* insist that we stopped on a double quote */ - if (*bp != C_DOUBLE_QUOTE) { - *pbp = bp; - return 0; - } - /* skip over the quote and skip optional space */ - bp++; - skipSpace(&bp, endptr); - } - + /* insist that we stopped on a double quote */ + if (*bp != C_DOUBLE_QUOTE) { + *pbp = bp; + return 0; + } + /* skip over the quote and skip optional space */ + bp++; + skipSpace(&bp, endptr); + } + *pbp = bp; - + /* null-terminate valBuf -- guaranteed at least one space left */ *valBufp = 0; - + return vallen; } /* Caller must set error code upon failure */ static SECStatus -hexToBin(PLArenaPool *pool, SECItem * destItem, const char * src, int len) +hexToBin(PLArenaPool* pool, SECItem* destItem, const char* src, int len) { - PRUint8 * dest; + PRUint8* dest; - destItem->data = NULL; + destItem->data = NULL; if (len <= 0 || (len & 1)) { - goto loser; + goto loser; } len >>= 1; if (!SECITEM_AllocItem(pool, destItem, len)) - goto loser; + goto loser; dest = destItem->data; for (; len > 0; len--, src += 2) { - PRInt16 bin = (x2b[(PRUint8)src[0]] << 4) | x2b[(PRUint8)src[1]]; - if (bin < 0) - goto loser; - *dest++ = (PRUint8)bin; + PRInt16 bin = (x2b[(PRUint8)src[0]] << 4) | x2b[(PRUint8)src[1]]; + if (bin < 0) + goto loser; + *dest++ = (PRUint8)bin; } return SECSuccess; loser: if (!pool) - SECITEM_FreeItem(destItem, PR_FALSE); + SECITEM_FreeItem(destItem, PR_FALSE); return SECFailure; } /* Parses one AVA, starting at *pbp. Stops at endptr. * Advances *pbp past parsed AVA and trailing separator (if present). * On any error, returns NULL and *pbp is undefined. - * On success, returns CERTAVA allocated from arena, and (*pbp)[-1] was - * the last character parsed. *pbp is either equal to endptr or + * On success, returns CERTAVA allocated from arena, and (*pbp)[-1] was + * the last character parsed. *pbp is either equal to endptr or * points to first character after separator. */ -static CERTAVA * -ParseRFC1485AVA(PLArenaPool *arena, const char **pbp, const char *endptr) +static CERTAVA* +ParseRFC1485AVA(PLArenaPool* arena, const char** pbp, const char* endptr) { - CERTAVA *a; - const NameToKind *n2k; - const char *bp; - int vt = -1; - int valLen; - SECOidTag kind = SEC_OID_UNKNOWN; - SECStatus rv = SECFailure; - SECItem derOid = { 0, NULL, 0 }; - SECItem derVal = { 0, NULL, 0}; - char sep = 0; + CERTAVA* a; + const NameToKind* n2k; + const char* bp; + int vt = -1; + int valLen; + SECOidTag kind = SEC_OID_UNKNOWN; + SECStatus rv = SECFailure; + SECItem derOid = { 0, NULL, 0 }; + SECItem derVal = { 0, NULL, 0 }; + char sep = 0; char tagBuf[32]; char valBuf[1024]; PORT_Assert(arena); if (SECSuccess != scanTag(pbp, endptr, tagBuf, sizeof tagBuf) || - !(valLen = scanVal(pbp, endptr, valBuf, sizeof valBuf))) { - goto loser; + !(valLen = scanVal(pbp, endptr, valBuf, sizeof valBuf))) { + goto loser; } bp = *pbp; if (bp < endptr) { - sep = *bp++; /* skip over separator */ + sep = *bp++; /* skip over separator */ } *pbp = bp; /* if we haven't finished, insist that we've stopped on a separator */ if (sep && sep != ',' && sep != ';' && sep != '+') { - goto loser; + goto loser; } /* is this a dotted decimal OID attribute type ? */ if (!PL_strncasecmp("oid.", tagBuf, 4)) { rv = SEC_StringToOID(arena, &derOid, tagBuf, strlen(tagBuf)); } else { - for (n2k = name2kinds; n2k->name; n2k++) { - SECOidData *oidrec; - if (PORT_Strcasecmp(n2k->name, tagBuf) == 0) { - kind = n2k->kind; - vt = n2k->valueType; - oidrec = SECOID_FindOIDByTag(kind); - if (oidrec == NULL) - goto loser; - derOid = oidrec->oid; - break; - } - } - } - if (kind == SEC_OID_UNKNOWN && rv != SECSuccess) - goto loser; + for (n2k = name2kinds; n2k->name; n2k++) { + SECOidData* oidrec; + if (PORT_Strcasecmp(n2k->name, tagBuf) == 0) { + kind = n2k->kind; + vt = n2k->valueType; + oidrec = SECOID_FindOIDByTag(kind); + if (oidrec == NULL) + goto loser; + derOid = oidrec->oid; + break; + } + } + } + if (kind == SEC_OID_UNKNOWN && rv != SECSuccess) + goto loser; /* Is this a hex encoding of a DER attribute value ? */ if ('#' == valBuf[0]) { - /* convert attribute value from hex to binary */ - rv = hexToBin(arena, &derVal, valBuf + 1, valLen - 1); - if (rv) - goto loser; - a = CERT_CreateAVAFromRaw(arena, &derOid, &derVal); + /* convert attribute value from hex to binary */ + rv = hexToBin(arena, &derVal, valBuf + 1, valLen - 1); + if (rv) + goto loser; + a = CERT_CreateAVAFromRaw(arena, &derOid, &derVal); } else { - if (kind == SEC_OID_UNKNOWN) - goto loser; - if (kind == SEC_OID_AVA_COUNTRY_NAME && valLen != 2) - goto loser; - if (vt == SEC_ASN1_PRINTABLE_STRING && - !IsPrintable((unsigned char*) valBuf, valLen)) - goto loser; - if (vt == SEC_ASN1_DS) { - /* RFC 4630: choose PrintableString or UTF8String */ - if (IsPrintable((unsigned char*) valBuf, valLen)) - vt = SEC_ASN1_PRINTABLE_STRING; - else - vt = SEC_ASN1_UTF8_STRING; - } - - derVal.data = (unsigned char*) valBuf; - derVal.len = valLen; - a = CERT_CreateAVAFromSECItem(arena, kind, vt, &derVal); + if (kind == SEC_OID_UNKNOWN) + goto loser; + if (kind == SEC_OID_AVA_COUNTRY_NAME && valLen != 2) + goto loser; + if (vt == SEC_ASN1_PRINTABLE_STRING && + !IsPrintable((unsigned char*)valBuf, valLen)) + goto loser; + if (vt == SEC_ASN1_DS) { + /* RFC 4630: choose PrintableString or UTF8String */ + if (IsPrintable((unsigned char*)valBuf, valLen)) + vt = SEC_ASN1_PRINTABLE_STRING; + else + vt = SEC_ASN1_UTF8_STRING; + } + + derVal.data = (unsigned char*)valBuf; + derVal.len = valLen; + a = CERT_CreateAVAFromSECItem(arena, kind, vt, &derVal); } return a; @@ -450,80 +452,81 @@ loser: return 0; } -static CERTName * -ParseRFC1485Name(const char *buf, int len) +static CERTName* +ParseRFC1485Name(const char* buf, int len) { SECStatus rv; - CERTName *name; + CERTName* name; const char *bp, *e; - CERTAVA *ava; - CERTRDN *rdn = NULL; + CERTAVA* ava; + CERTRDN* rdn = NULL; name = CERT_CreateName(NULL); if (name == NULL) { - return NULL; + return NULL; } - + e = buf + len; bp = buf; while (bp < e) { - ava = ParseRFC1485AVA(name->arena, &bp, e); - if (ava == 0) - goto loser; - if (!rdn) { - rdn = CERT_CreateRDN(name->arena, ava, (CERTAVA *)0); - if (rdn == 0) - goto loser; - rv = CERT_AddRDN(name, rdn); - } else { - rv = CERT_AddAVA(name->arena, rdn, ava); - } - if (rv) - goto loser; - if (bp[-1] != '+') - rdn = NULL; /* done with this RDN */ - skipSpace(&bp, e); + ava = ParseRFC1485AVA(name->arena, &bp, e); + if (ava == 0) + goto loser; + if (!rdn) { + rdn = CERT_CreateRDN(name->arena, ava, (CERTAVA*)0); + if (rdn == 0) + goto loser; + rv = CERT_AddRDN(name, rdn); + } else { + rv = CERT_AddAVA(name->arena, rdn, ava); + } + if (rv) + goto loser; + if (bp[-1] != '+') + rdn = NULL; /* done with this RDN */ + skipSpace(&bp, e); } if (name->rdns[0] == 0) { - /* empty name -- illegal */ - goto loser; + /* empty name -- illegal */ + goto loser; } /* Reverse order of RDNS to comply with RFC */ { - CERTRDN **firstRdn; - CERTRDN **lastRdn; - CERTRDN *tmp; - - /* get first one */ - firstRdn = name->rdns; - - /* find last one */ - lastRdn = name->rdns; - while (*lastRdn) lastRdn++; - lastRdn--; - - /* reverse list */ - for ( ; firstRdn < lastRdn; firstRdn++, lastRdn--) { - tmp = *firstRdn; - *firstRdn = *lastRdn; - *lastRdn = tmp; - } - } - + CERTRDN** firstRdn; + CERTRDN** lastRdn; + CERTRDN* tmp; + + /* get first one */ + firstRdn = name->rdns; + + /* find last one */ + lastRdn = name->rdns; + while (*lastRdn) + lastRdn++; + lastRdn--; + + /* reverse list */ + for (; firstRdn < lastRdn; firstRdn++, lastRdn--) { + tmp = *firstRdn; + *firstRdn = *lastRdn; + *lastRdn = tmp; + } + } + /* return result */ return name; - - loser: + +loser: CERT_DestroyName(name); return NULL; } -CERTName * -CERT_AsciiToName(const char *string) +CERTName* +CERT_AsciiToName(const char* string) { - CERTName *name; + CERTName* name; name = ParseRFC1485Name(string, PORT_Strlen(string)); return name; } @@ -531,7 +534,7 @@ CERT_AsciiToName(const char *string) /************************************************************************/ typedef struct stringBufStr { - char *buffer; + char* buffer; unsigned offset; unsigned size; } stringBuf; @@ -539,9 +542,9 @@ typedef struct stringBufStr { #define DEFAULT_BUFFER_SIZE 200 static SECStatus -AppendStr(stringBuf *bufp, char *str) +AppendStr(stringBuf* bufp, char* str) { - char *buf; + char* buf; unsigned bufLen, bufSize, len; int size = 0; @@ -551,33 +554,34 @@ AppendStr(stringBuf *bufp, char *str) len = PORT_Strlen(str); bufSize = bufLen + len; if (!buf) { - bufSize++; - size = PR_MAX(DEFAULT_BUFFER_SIZE,bufSize*2); - buf = (char *) PORT_Alloc(size); - bufp->size = size; + bufSize++; + size = PR_MAX(DEFAULT_BUFFER_SIZE, bufSize * 2); + buf = (char*)PORT_Alloc(size); + bufp->size = size; } else if (bufp->size < bufSize) { - size = bufSize*2; - buf =(char *) PORT_Realloc(buf,size); - bufp->size = size; + size = bufSize * 2; + buf = (char*)PORT_Realloc(buf, size); + bufp->size = size; } if (!buf) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - return SECFailure; + PORT_SetError(SEC_ERROR_NO_MEMORY); + return SECFailure; } bufp->buffer = buf; bufp->offset = bufSize; /* Concatenate str onto buf */ buf = buf + bufLen; - if (bufLen) buf--; /* stomp on old '\0' */ - PORT_Memcpy(buf, str, len+1); /* put in new null */ + if (bufLen) + buf--; /* stomp on old '\0' */ + PORT_Memcpy(buf, str, len + 1); /* put in new null */ return SECSuccess; } typedef enum { - minimalEscape = 0, /* only hex escapes, and " and \ */ - minimalEscapeAndQuote, /* as above, plus quoting */ - fullEscape /* no quoting, full escaping */ + minimalEscape = 0, /* only hex escapes, and " and \ */ + minimalEscapeAndQuote, /* as above, plus quoting */ + fullEscape /* no quoting, full escaping */ } EQMode; /* Some characters must be escaped as a hex string, e.g. c -> \nn . @@ -590,250 +594,251 @@ typedef enum { * need quoting, then this function changes it to minimalEscape. */ static int -cert_RFC1485_GetRequiredLen(const char *src, int srclen, EQMode *pEQMode) +cert_RFC1485_GetRequiredLen(const char* src, int srclen, EQMode* pEQMode) { - int i, reqLen=0; + int i, reqLen = 0; EQMode mode = pEQMode ? *pEQMode : minimalEscape; PRBool needsQuoting = PR_FALSE; char lastC = 0; /* need to make an initial pass to determine if quoting is needed */ for (i = 0; i < srclen; i++) { - char c = src[i]; - reqLen++; - if (NEEDS_HEX_ESCAPE(c)) { /* c -> \xx */ - reqLen += 2; - } else if (NEEDS_ESCAPE(c)) { /* c -> \c */ - reqLen++; - } else if (SPECIAL_CHAR(c)) { - if (mode == minimalEscapeAndQuote) /* quoting is allowed */ - needsQuoting = PR_TRUE; /* entirety will need quoting */ - else if (mode == fullEscape) - reqLen++; /* MAY escape this character */ - } else if (OPTIONAL_SPACE(c) && OPTIONAL_SPACE(lastC)) { - if (mode == minimalEscapeAndQuote) /* quoting is allowed */ - needsQuoting = PR_TRUE; /* entirety will need quoting */ - } - lastC = c; + char c = src[i]; + reqLen++; + if (NEEDS_HEX_ESCAPE(c)) { /* c -> \xx */ + reqLen += 2; + } else if (NEEDS_ESCAPE(c)) { /* c -> \c */ + reqLen++; + } else if (SPECIAL_CHAR(c)) { + if (mode == minimalEscapeAndQuote) /* quoting is allowed */ + needsQuoting = PR_TRUE; /* entirety will need quoting */ + else if (mode == fullEscape) + reqLen++; /* MAY escape this character */ + } else if (OPTIONAL_SPACE(c) && OPTIONAL_SPACE(lastC)) { + if (mode == minimalEscapeAndQuote) /* quoting is allowed */ + needsQuoting = PR_TRUE; /* entirety will need quoting */ + } + lastC = c; } /* if it begins or ends in optional space it needs quoting */ - if (!needsQuoting && srclen > 0 && mode == minimalEscapeAndQuote && - (OPTIONAL_SPACE(src[srclen-1]) || OPTIONAL_SPACE(src[0]))) { - needsQuoting = PR_TRUE; + if (!needsQuoting && srclen > 0 && mode == minimalEscapeAndQuote && + (OPTIONAL_SPACE(src[srclen - 1]) || OPTIONAL_SPACE(src[0]))) { + needsQuoting = PR_TRUE; } - if (needsQuoting) - reqLen += 2; + if (needsQuoting) + reqLen += 2; if (pEQMode && mode == minimalEscapeAndQuote && !needsQuoting) - *pEQMode = minimalEscape; + *pEQMode = minimalEscape; return reqLen; } static const char hexChars[16] = { "0123456789abcdef" }; static SECStatus -escapeAndQuote(char *dst, int dstlen, char *src, int srclen, EQMode *pEQMode) +escapeAndQuote(char* dst, int dstlen, char* src, int srclen, EQMode* pEQMode) { - int i, reqLen=0; + int i, reqLen = 0; EQMode mode = pEQMode ? *pEQMode : minimalEscape; /* space for terminal null */ reqLen = cert_RFC1485_GetRequiredLen(src, srclen, &mode) + 1; if (reqLen > dstlen) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; } if (mode == minimalEscapeAndQuote) *dst++ = C_DOUBLE_QUOTE; for (i = 0; i < srclen; i++) { - char c = src[i]; - if (NEEDS_HEX_ESCAPE(c)) { - *dst++ = C_BACKSLASH; - *dst++ = hexChars[ (c >> 4) & 0x0f ]; - *dst++ = hexChars[ c & 0x0f ]; - } else { - if (NEEDS_ESCAPE(c) || (SPECIAL_CHAR(c) && mode == fullEscape)) { - *dst++ = C_BACKSLASH; - } - *dst++ = c; - } + char c = src[i]; + if (NEEDS_HEX_ESCAPE(c)) { + *dst++ = C_BACKSLASH; + *dst++ = hexChars[(c >> 4) & 0x0f]; + *dst++ = hexChars[c & 0x0f]; + } else { + if (NEEDS_ESCAPE(c) || (SPECIAL_CHAR(c) && mode == fullEscape)) { + *dst++ = C_BACKSLASH; + } + *dst++ = c; + } } if (mode == minimalEscapeAndQuote) - *dst++ = C_DOUBLE_QUOTE; + *dst++ = C_DOUBLE_QUOTE; *dst++ = 0; if (pEQMode) - *pEQMode = mode; + *pEQMode = mode; return SECSuccess; } SECStatus -CERT_RFC1485_EscapeAndQuote(char *dst, int dstlen, char *src, int srclen) +CERT_RFC1485_EscapeAndQuote(char* dst, int dstlen, char* src, int srclen) { EQMode mode = minimalEscapeAndQuote; return escapeAndQuote(dst, dstlen, src, srclen, &mode); } - /* convert an OID to dotted-decimal representation */ /* Returns a string that must be freed with PR_smprintf_free(), */ -char * -CERT_GetOidString(const SECItem *oid) +char* +CERT_GetOidString(const SECItem* oid) { - PRUint8 *stop; /* points to first byte after OID string */ - PRUint8 *first; /* byte of an OID component integer */ - PRUint8 *last; /* byte of an OID component integer */ - char *rvString = NULL; - char *prefix = NULL; + PRUint8* stop; /* points to first byte after OID string */ + PRUint8* first; /* byte of an OID component integer */ + PRUint8* last; /* byte of an OID component integer */ + char* rvString = NULL; + char* prefix = NULL; #define MAX_OID_LEN 1024 /* bytes */ if (oid->len > MAX_OID_LEN) { - PORT_SetError(SEC_ERROR_INPUT_LEN); - return NULL; + PORT_SetError(SEC_ERROR_INPUT_LEN); + return NULL; } /* first will point to the next sequence of bytes to decode */ - first = (PRUint8 *)oid->data; + first = (PRUint8*)oid->data; /* stop points to one past the legitimate data */ - stop = &first[ oid->len ]; + stop = &first[oid->len]; /* - * Check for our pseudo-encoded single-digit OIDs - */ + * Check for our pseudo-encoded single-digit OIDs + */ if ((*first == 0x80) && (2 == oid->len)) { - /* Funky encoding. The second byte is the number */ - rvString = PR_smprintf("%lu", (PRUint32)first[1]); - if (!rvString) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - } - return rvString; + /* Funky encoding. The second byte is the number */ + rvString = PR_smprintf("%lu", (PRUint32)first[1]); + if (!rvString) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + } + return rvString; } for (; first < stop; first = last + 1) { - unsigned int bytesBeforeLast; - - for (last = first; last < stop; last++) { - if (0 == (*last & 0x80)) { - break; - } - } - bytesBeforeLast = (unsigned int)(last - first); - if (bytesBeforeLast <= 3U) { /* 0-28 bit number */ - PRUint32 n = 0; - PRUint32 c; - -#define CGET(i, m) \ - c = last[-i] & m; \ - n |= c << (7 * i) - -#define CASE(i, m) \ - case i: \ - CGET(i, m); \ - if (!n) goto unsupported \ - /* fall-through */ - - switch (bytesBeforeLast) { - CASE(3, 0x7f); - CASE(2, 0x7f); - CASE(1, 0x7f); - case 0: n |= last[0] & 0x7f; - break; - } - if (last[0] & 0x80) - goto unsupported; - - if (!rvString) { - /* This is the first number.. decompose it */ - PRUint32 one = PR_MIN(n/40, 2); /* never > 2 */ - PRUint32 two = n - (one * 40); - - rvString = PR_smprintf("OID.%lu.%lu", one, two); - } else { - prefix = rvString; - rvString = PR_smprintf("%s.%lu", prefix, n); - } - } else if (bytesBeforeLast <= 9U) { /* 29-64 bit number */ - PRUint64 n = 0; - PRUint64 c; - - switch (bytesBeforeLast) { - CASE(9, 0x01); - CASE(8, 0x7f); - CASE(7, 0x7f); - CASE(6, 0x7f); - CASE(5, 0x7f); - CASE(4, 0x7f); - CGET(3, 0x7f); - CGET(2, 0x7f); - CGET(1, 0x7f); - CGET(0, 0x7f); - break; - } - if (last[0] & 0x80) - goto unsupported; - - if (!rvString) { - /* This is the first number.. decompose it */ - PRUint64 one = PR_MIN(n/40, 2); /* never > 2 */ - PRUint64 two = n - (one * 40); - - rvString = PR_smprintf("OID.%llu.%llu", one, two); - } else { - prefix = rvString; - rvString = PR_smprintf("%s.%llu", prefix, n); - } - } else { - /* More than a 64-bit number, or not minimal encoding. */ -unsupported: - if (!rvString) - rvString = PR_smprintf("OID.UNSUPPORTED"); - else { - prefix = rvString; - rvString = PR_smprintf("%s.UNSUPPORTED", prefix); - } - } - - if (prefix) { - PR_smprintf_free(prefix); - prefix = NULL; - } - if (!rvString) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - break; - } + unsigned int bytesBeforeLast; + + for (last = first; last < stop; last++) { + if (0 == (*last & 0x80)) { + break; + } + } + bytesBeforeLast = (unsigned int)(last - first); + if (bytesBeforeLast <= 3U) { /* 0-28 bit number */ + PRUint32 n = 0; + PRUint32 c; + +#define CGET(i, m) \ + c = last[-i] & m; \ + n |= c << (7 * i) + +#define CASE(i, m) \ + case i: \ + CGET(i, m); \ + if (!n) \ + goto unsupported /* fall-through */ + + switch (bytesBeforeLast) { + CASE(3, 0x7f); + CASE(2, 0x7f); + CASE(1, 0x7f); + case 0: + n |= + last[0] & 0x7f; + break; + } + if (last[0] & 0x80) + goto unsupported; + + if (!rvString) { + /* This is the first number.. decompose it */ + PRUint32 one = PR_MIN(n / 40, 2); /* never > 2 */ + PRUint32 two = n - (one * 40); + + rvString = PR_smprintf("OID.%lu.%lu", one, two); + } else { + prefix = rvString; + rvString = PR_smprintf("%s.%lu", prefix, n); + } + } else if (bytesBeforeLast <= 9U) { /* 29-64 bit number */ + PRUint64 n = 0; + PRUint64 c; + + switch (bytesBeforeLast) { + CASE(9, 0x01); + CASE(8, 0x7f); + CASE(7, 0x7f); + CASE(6, 0x7f); + CASE(5, 0x7f); + CASE(4, 0x7f); + CGET(3, 0x7f); + CGET(2, 0x7f); + CGET(1, 0x7f); + CGET(0, 0x7f); + break; + } + if (last[0] & 0x80) + goto unsupported; + + if (!rvString) { + /* This is the first number.. decompose it */ + PRUint64 one = PR_MIN(n / 40, 2); /* never > 2 */ + PRUint64 two = n - (one * 40); + + rvString = PR_smprintf("OID.%llu.%llu", one, two); + } else { + prefix = rvString; + rvString = PR_smprintf("%s.%llu", prefix, n); + } + } else { + /* More than a 64-bit number, or not minimal encoding. */ + unsupported: + if (!rvString) + rvString = PR_smprintf("OID.UNSUPPORTED"); + else { + prefix = rvString; + rvString = PR_smprintf("%s.UNSUPPORTED", prefix); + } + } + + if (prefix) { + PR_smprintf_free(prefix); + prefix = NULL; + } + if (!rvString) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + break; + } } return rvString; } /* convert DER-encoded hex to a string */ -static SECItem * -get_hex_string(SECItem *data) +static SECItem* +get_hex_string(SECItem* data) { - SECItem *rv; + SECItem* rv; unsigned int i, j; static const char hex[] = { "0123456789ABCDEF" }; /* '#' + 2 chars per octet + terminator */ - rv = SECITEM_AllocItem(NULL, NULL, data->len*2 + 2); + rv = SECITEM_AllocItem(NULL, NULL, data->len * 2 + 2); if (!rv) { - return NULL; + return NULL; } rv->data[0] = '#'; rv->len = 1 + 2 * data->len; - for (i=0; i<data->len; i++) { - j = data->data[i]; - rv->data[2*i+1] = hex[j >> 4]; - rv->data[2*i+2] = hex[j & 15]; + for (i = 0; i < data->len; i++) { + j = data->data[i]; + rv->data[2 * i + 1] = hex[j >> 4]; + rv->data[2 * i + 2] = hex[j & 15]; } rv->data[rv->len] = 0; return rv; } -/* For compliance with RFC 2253, RFC 3280 and RFC 4630, we choose to - * use the NAME=STRING form, rather than the OID.N.N=#hexXXXX form, +/* For compliance with RFC 2253, RFC 3280 and RFC 4630, we choose to + * use the NAME=STRING form, rather than the OID.N.N=#hexXXXX form, * when both of these conditions are met: - * 1) The attribute name OID (kind) has a known name string that is + * 1) The attribute name OID (kind) has a known name string that is * defined in one of those RFCs, or in RFCs that they cite, AND * 2) The attribute's value encoding is RFC compliant for the kind * (e.g., the value's encoding tag is correct for the kind, and @@ -842,79 +847,79 @@ get_hex_string(SECItem *data) * Otherwise, we use the OID.N.N=#hexXXXX form. * * If the caller prefers maximum human readability to RFC compliance, - * then + * then * - We print the kind in NAME= string form if we know the name - * string for the attribute type OID, regardless of whether the + * string for the attribute type OID, regardless of whether the * value is correctly encoded or not. else we use the OID.N.N= form. * - We use the non-hex STRING form for the attribute value if the - * value can be represented in such a form. Otherwise, we use + * value can be represented in such a form. Otherwise, we use * the hex string form. - * This implies that, for maximum human readability, in addition to + * This implies that, for maximum human readability, in addition to * the two forms allowed by the RFC, we allow two other forms of output: - * - the OID.N.N=STRING form, and + * - the OID.N.N=STRING form, and * - the NAME=#hexXXXX form * When the caller prefers maximum human readability, we do not allow * the value of any attribute to exceed the length allowed by the RFC. - * If the attribute value exceeds the allowed length, we truncate it to + * If the attribute value exceeds the allowed length, we truncate it to * the allowed length and append "...". - * Also in this case, we arbitrarily impose a limit on the length of the + * Also in this case, we arbitrarily impose a limit on the length of the * entire AVA encoding, regardless of the form, of 384 bytes per AVA. - * This limit includes the trailing NULL character. If the encoded + * This limit includes the trailing NULL character. If the encoded * AVA length exceeds that limit, this function reports failure to encode * the AVA. * - * An ASCII representation of an AVA is said to be "invertible" if + * An ASCII representation of an AVA is said to be "invertible" if * conversion back to DER reproduces the original DER encoding exactly. * The RFC 2253 rules do not ensure that all ASCII AVAs derived according - * to its rules are invertible. That is because the RFCs allow some + * to its rules are invertible. That is because the RFCs allow some * attribute values to be encoded in any of a number of encodings, * and the encoding type information is lost in the non-hex STRING form. * This is particularly true of attributes of type DirectoryString. - * The encoding type information is always preserved in the hex string + * The encoding type information is always preserved in the hex string * form, because the hex includes the entire DER encoding of the value. * - * So, when the caller perfers maximum invertibility, we apply the - * RFC compliance rules stated above, and add a third required - * condition on the use of the NAME=STRING form. - * 3) The attribute's kind is not is allowed to be encoded in any of + * So, when the caller perfers maximum invertibility, we apply the + * RFC compliance rules stated above, and add a third required + * condition on the use of the NAME=STRING form. + * 3) The attribute's kind is not is allowed to be encoded in any of * several different encodings, such as DirectoryStrings. * * The chief difference between CERT_N2A_STRICT and CERT_N2A_INVERTIBLE * is that the latter forces DirectoryStrings to be hex encoded. * - * As a simplification, we assume the value is correctly encoded for + * As a simplification, we assume the value is correctly encoded for * its encoding type. That is, we do not test that all the characters * in a string encoded type are allowed by that type. We assume it. */ static SECStatus -AppendAVA(stringBuf *bufp, CERTAVA *ava, CertStrictnessLevel strict) +AppendAVA(stringBuf* bufp, CERTAVA* ava, CertStrictnessLevel strict) { #define TMPBUF_LEN 2048 - const NameToKind *pn2k = name2kinds; - SECItem *avaValue = NULL; - char *unknownTag = NULL; - char *encodedAVA = NULL; - PRBool useHex = PR_FALSE; /* use =#hexXXXX form */ - PRBool truncateName = PR_FALSE; - PRBool truncateValue = PR_FALSE; - SECOidTag endKind; - SECStatus rv; + const NameToKind* pn2k = name2kinds; + SECItem* avaValue = NULL; + char* unknownTag = NULL; + char* encodedAVA = NULL; + PRBool useHex = PR_FALSE; /* use =#hexXXXX form */ + PRBool truncateName = PR_FALSE; + PRBool truncateValue = PR_FALSE; + SECOidTag endKind; + SECStatus rv; unsigned int len; unsigned int nameLen, valueLen; unsigned int maxName, maxValue; - EQMode mode = minimalEscapeAndQuote; - NameToKind n2k = { NULL, 32767, SEC_OID_UNKNOWN, SEC_ASN1_DS }; - char tmpBuf[TMPBUF_LEN]; + EQMode mode = minimalEscapeAndQuote; + NameToKind n2k = { NULL, 32767, SEC_OID_UNKNOWN, SEC_ASN1_DS }; + char tmpBuf[TMPBUF_LEN]; -#define tagName n2k.name /* non-NULL means use NAME= form */ +#define tagName n2k.name /* non-NULL means use NAME= form */ #define maxBytes n2k.maxLen -#define tag n2k.kind -#define vt n2k.valueType +#define tag n2k.kind +#define vt n2k.valueType /* READABLE mode recognizes more names from the name2kinds table - * than do STRICT or INVERTIBLE modes. This assignment chooses the - * point in the table where the attribute type name scanning stops. - */ + * than do STRICT or INVERTIBLE modes. This assignment chooses the + * point in the table where the attribute type name scanning stops. + */ endKind = (strict == CERT_N2A_READABLE) ? SEC_OID_UNKNOWN : SEC_OID_AVA_POSTAL_ADDRESS; tag = CERT_GetAVATag(ava); @@ -922,146 +927,145 @@ AppendAVA(stringBuf *bufp, CERTAVA *ava, CertStrictnessLevel strict) ++pn2k; } - if (pn2k->kind != endKind ) { + if (pn2k->kind != endKind) { n2k = *pn2k; } else if (strict != CERT_N2A_READABLE) { useHex = PR_TRUE; } /* For invertable form, force Directory Strings to use hex form. */ if (strict == CERT_N2A_INVERTIBLE && vt == SEC_ASN1_DS) { - tagName = NULL; /* must use OID.N form */ - useHex = PR_TRUE; /* must use hex string */ + tagName = NULL; /* must use OID.N form */ + useHex = PR_TRUE; /* must use hex string */ } if (!useHex) { - avaValue = CERT_DecodeAVAValue(&ava->value); - if (!avaValue) { - useHex = PR_TRUE; - if (strict != CERT_N2A_READABLE) { - tagName = NULL; /* must use OID.N form */ - } - } + avaValue = CERT_DecodeAVAValue(&ava->value); + if (!avaValue) { + useHex = PR_TRUE; + if (strict != CERT_N2A_READABLE) { + tagName = NULL; /* must use OID.N form */ + } + } } if (!tagName) { - /* handle unknown attribute types per RFC 2253 */ - tagName = unknownTag = CERT_GetOidString(&ava->type); - if (!tagName) { - if (avaValue) - SECITEM_FreeItem(avaValue, PR_TRUE); - return SECFailure; - } + /* handle unknown attribute types per RFC 2253 */ + tagName = unknownTag = CERT_GetOidString(&ava->type); + if (!tagName) { + if (avaValue) + SECITEM_FreeItem(avaValue, PR_TRUE); + return SECFailure; + } } if (useHex) { - avaValue = get_hex_string(&ava->value); - if (!avaValue) { - if (unknownTag) - PR_smprintf_free(unknownTag); - return SECFailure; - } - } - - nameLen = strlen(tagName); - valueLen = (useHex ? avaValue->len : - cert_RFC1485_GetRequiredLen((char *)avaValue->data, avaValue->len, - &mode)); + avaValue = get_hex_string(&ava->value); + if (!avaValue) { + if (unknownTag) + PR_smprintf_free(unknownTag); + return SECFailure; + } + } + + nameLen = strlen(tagName); + valueLen = + (useHex ? avaValue->len : cert_RFC1485_GetRequiredLen( + (char*)avaValue->data, avaValue->len, &mode)); len = nameLen + valueLen + 2; /* Add 2 for '=' and trailing NUL */ - maxName = nameLen; + maxName = nameLen; maxValue = valueLen; if (len <= sizeof(tmpBuf)) { - encodedAVA = tmpBuf; + encodedAVA = tmpBuf; } else if (strict != CERT_N2A_READABLE) { - encodedAVA = PORT_Alloc(len); - if (!encodedAVA) { - SECITEM_FreeItem(avaValue, PR_TRUE); - if (unknownTag) - PR_smprintf_free(unknownTag); - return SECFailure; - } + encodedAVA = PORT_Alloc(len); + if (!encodedAVA) { + SECITEM_FreeItem(avaValue, PR_TRUE); + if (unknownTag) + PR_smprintf_free(unknownTag); + return SECFailure; + } } else { - /* Must make output fit in tmpbuf */ - unsigned int fair = (sizeof tmpBuf)/2 - 1; /* for = and \0 */ - - if (nameLen < fair) { - /* just truncate the value */ - maxValue = (sizeof tmpBuf) - (nameLen + 6); /* for "=...\0", - and possibly '"' */ - } else if (valueLen < fair) { - /* just truncate the name */ - maxName = (sizeof tmpBuf) - (valueLen + 5); /* for "=...\0" */ - } else { - /* truncate both */ - maxName = maxValue = fair - 3; /* for "..." */ - } - if (nameLen > maxName) { - PORT_Assert(unknownTag && unknownTag == tagName); - truncateName = PR_TRUE; - nameLen = maxName; - } - encodedAVA = tmpBuf; + /* Must make output fit in tmpbuf */ + unsigned int fair = (sizeof tmpBuf) / 2 - 1; /* for = and \0 */ + + if (nameLen < fair) { + /* just truncate the value */ + maxValue = (sizeof tmpBuf) - (nameLen + 6); /* for "=...\0", + and possibly '"' */ + } else if (valueLen < fair) { + /* just truncate the name */ + maxName = (sizeof tmpBuf) - (valueLen + 5); /* for "=...\0" */ + } else { + /* truncate both */ + maxName = maxValue = fair - 3; /* for "..." */ + } + if (nameLen > maxName) { + PORT_Assert(unknownTag && unknownTag == tagName); + truncateName = PR_TRUE; + nameLen = maxName; + } + encodedAVA = tmpBuf; } memcpy(encodedAVA, tagName, nameLen); if (truncateName) { - /* If tag name is too long, we know it is an OID form that was - * allocated from the heap, so we can modify it in place - */ - encodedAVA[nameLen-1] = '.'; - encodedAVA[nameLen-2] = '.'; - encodedAVA[nameLen-3] = '.'; + /* If tag name is too long, we know it is an OID form that was + * allocated from the heap, so we can modify it in place + */ + encodedAVA[nameLen - 1] = '.'; + encodedAVA[nameLen - 2] = '.'; + encodedAVA[nameLen - 3] = '.'; } encodedAVA[nameLen++] = '='; - if (unknownTag) - PR_smprintf_free(unknownTag); + if (unknownTag) + PR_smprintf_free(unknownTag); if (strict == CERT_N2A_READABLE && maxValue > maxBytes) - maxValue = maxBytes; + maxValue = maxBytes; if (valueLen > maxValue) { - valueLen = maxValue; - truncateValue = PR_TRUE; + valueLen = maxValue; + truncateValue = PR_TRUE; } /* escape and quote as necessary - don't quote hex strings */ if (useHex) { - char * end = encodedAVA + nameLen + valueLen; - memcpy(encodedAVA + nameLen, (char *)avaValue->data, valueLen); - end[0] = '\0'; - if (truncateValue) { - end[-1] = '.'; - end[-2] = '.'; - end[-3] = '.'; - } - rv = SECSuccess; + char* end = encodedAVA + nameLen + valueLen; + memcpy(encodedAVA + nameLen, (char*)avaValue->data, valueLen); + end[0] = '\0'; + if (truncateValue) { + end[-1] = '.'; + end[-2] = '.'; + end[-3] = '.'; + } + rv = SECSuccess; } else if (!truncateValue) { - rv = escapeAndQuote(encodedAVA + nameLen, len - nameLen, - (char *)avaValue->data, avaValue->len, &mode); + rv = escapeAndQuote(encodedAVA + nameLen, len - nameLen, + (char*)avaValue->data, avaValue->len, &mode); } else { - /* must truncate the escaped and quoted value */ - char bigTmpBuf[TMPBUF_LEN * 3 + 3]; - PORT_Assert(valueLen < sizeof tmpBuf); - rv = escapeAndQuote(bigTmpBuf, sizeof bigTmpBuf, - (char *)avaValue->data, - PR_MIN(avaValue->len, valueLen), &mode); - - bigTmpBuf[valueLen--] = '\0'; /* hard stop here */ - /* See if we're in the middle of a multi-byte UTF8 character */ - while (((bigTmpBuf[valueLen] & 0xc0) == 0x80) && valueLen > 0) { - bigTmpBuf[valueLen--] = '\0'; - } - /* add ellipsis to signify truncation. */ - bigTmpBuf[++valueLen] = '.'; - bigTmpBuf[++valueLen] = '.'; - bigTmpBuf[++valueLen] = '.'; - if (bigTmpBuf[0] == '"') - bigTmpBuf[++valueLen] = '"'; - bigTmpBuf[++valueLen] = '\0'; - PORT_Assert(nameLen + valueLen <= (sizeof tmpBuf) - 1); - memcpy(encodedAVA + nameLen, bigTmpBuf, valueLen+1); + /* must truncate the escaped and quoted value */ + char bigTmpBuf[TMPBUF_LEN * 3 + 3]; + PORT_Assert(valueLen < sizeof tmpBuf); + rv = escapeAndQuote(bigTmpBuf, sizeof bigTmpBuf, (char*)avaValue->data, + PR_MIN(avaValue->len, valueLen), &mode); + + bigTmpBuf[valueLen--] = '\0'; /* hard stop here */ + /* See if we're in the middle of a multi-byte UTF8 character */ + while (((bigTmpBuf[valueLen] & 0xc0) == 0x80) && valueLen > 0) { + bigTmpBuf[valueLen--] = '\0'; + } + /* add ellipsis to signify truncation. */ + bigTmpBuf[++valueLen] = '.'; + bigTmpBuf[++valueLen] = '.'; + bigTmpBuf[++valueLen] = '.'; + if (bigTmpBuf[0] == '"') + bigTmpBuf[++valueLen] = '"'; + bigTmpBuf[++valueLen] = '\0'; + PORT_Assert(nameLen + valueLen <= (sizeof tmpBuf) - 1); + memcpy(encodedAVA + nameLen, bigTmpBuf, valueLen + 1); } SECITEM_FreeItem(avaValue, PR_TRUE); if (rv == SECSuccess) - rv = AppendStr(bufp, encodedAVA); + rv = AppendStr(bufp, encodedAVA); if (encodedAVA != tmpBuf) - PORT_Free(encodedAVA); + PORT_Free(encodedAVA); return rv; } @@ -1070,63 +1074,66 @@ AppendAVA(stringBuf *bufp, CERTAVA *ava, CertStrictnessLevel strict) #undef tag #undef vt -char * -CERT_NameToAsciiInvertible(CERTName *name, CertStrictnessLevel strict) +char* +CERT_NameToAsciiInvertible(CERTName* name, CertStrictnessLevel strict) { CERTRDN** rdns; CERTRDN** lastRdn; CERTRDN** rdn; PRBool first = PR_TRUE; stringBuf strBuf = { NULL, 0, 0 }; - + rdns = name->rdns; if (rdns == NULL) { - return NULL; + return NULL; } - + /* find last RDN */ lastRdn = rdns; - while (*lastRdn) lastRdn++; + while (*lastRdn) + lastRdn++; lastRdn--; - + /* - * Loop over name contents in _reverse_ RDN order appending to string - */ + * Loop over name contents in _reverse_ RDN order appending to string + */ for (rdn = lastRdn; rdn >= rdns; rdn--) { - CERTAVA** avas = (*rdn)->avas; - CERTAVA* ava; - PRBool newRDN = PR_TRUE; - - /* - * XXX Do we need to traverse the AVAs in reverse order, too? - */ - while (avas && (ava = *avas++) != NULL) { - SECStatus rv; - /* Put in comma or plus separator */ - if (!first) { - /* Use of spaces is deprecated in RFC 2253. */ - rv = AppendStr(&strBuf, newRDN ? "," : "+"); - if (rv) goto loser; - } else { - first = PR_FALSE; - } - - /* Add in tag type plus value into strBuf */ - rv = AppendAVA(&strBuf, ava, strict); - if (rv) goto loser; - newRDN = PR_FALSE; - } + CERTAVA** avas = (*rdn)->avas; + CERTAVA* ava; + PRBool newRDN = PR_TRUE; + + /* + * XXX Do we need to traverse the AVAs in reverse order, too? + */ + while (avas && (ava = *avas++) != NULL) { + SECStatus rv; + /* Put in comma or plus separator */ + if (!first) { + /* Use of spaces is deprecated in RFC 2253. */ + rv = AppendStr(&strBuf, newRDN ? "," : "+"); + if (rv) + goto loser; + } else { + first = PR_FALSE; + } + + /* Add in tag type plus value into strBuf */ + rv = AppendAVA(&strBuf, ava, strict); + if (rv) + goto loser; + newRDN = PR_FALSE; + } } return strBuf.buffer; loser: if (strBuf.buffer) { - PORT_Free(strBuf.buffer); + PORT_Free(strBuf.buffer); } return NULL; } -char * -CERT_NameToAscii(CERTName *name) +char* +CERT_NameToAscii(CERTName* name) { return CERT_NameToAsciiInvertible(name, CERT_N2A_READABLE); } @@ -1135,62 +1142,62 @@ CERT_NameToAscii(CERTName *name) * Return the string representation of a DER encoded distinguished name * "dername" - The DER encoded name to convert */ -char * -CERT_DerNameToAscii(SECItem *dername) +char* +CERT_DerNameToAscii(SECItem* dername) { int rv; - PLArenaPool *arena = NULL; + PLArenaPool* arena = NULL; CERTName name; - char *retstr = NULL; - + char* retstr = NULL; + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - - if ( arena == NULL) { - goto loser; + + if (arena == NULL) { + goto loser; } - + rv = SEC_QuickDERDecodeItem(arena, &name, CERT_NameTemplate, dername); - - if ( rv != SECSuccess ) { - goto loser; + + if (rv != SECSuccess) { + goto loser; } retstr = CERT_NameToAscii(&name); loser: - if ( arena != NULL ) { - PORT_FreeArena(arena, PR_FALSE); + if (arena != NULL) { + PORT_FreeArena(arena, PR_FALSE); } - - return(retstr); + + return (retstr); } -static char * -avaToString(PLArenaPool *arena, CERTAVA *ava) +static char* +avaToString(PLArenaPool* arena, CERTAVA* ava) { - char * buf = NULL; - SECItem* avaValue; - int valueLen; + char* buf = NULL; + SECItem* avaValue; + int valueLen; avaValue = CERT_DecodeAVAValue(&ava->value); - if(!avaValue) { - return buf; + if (!avaValue) { + return buf; } - valueLen = cert_RFC1485_GetRequiredLen((char *)avaValue->data, - avaValue->len, NULL) + 1; + valueLen = + cert_RFC1485_GetRequiredLen((char*)avaValue->data, avaValue->len, NULL) + 1; if (arena) { - buf = (char *)PORT_ArenaZAlloc(arena, valueLen); + buf = (char*)PORT_ArenaZAlloc(arena, valueLen); } else { - buf = (char *)PORT_ZAlloc(valueLen); + buf = (char*)PORT_ZAlloc(valueLen); } if (buf) { - SECStatus rv = escapeAndQuote(buf, valueLen, (char *)avaValue->data, - avaValue->len, NULL); - if (rv != SECSuccess) { - if (!arena) - PORT_Free(buf); - buf = NULL; - } + SECStatus rv = + escapeAndQuote(buf, valueLen, (char*)avaValue->data, avaValue->len, NULL); + if (rv != SECSuccess) { + if (!arena) + PORT_Free(buf); + buf = NULL; + } } SECITEM_FreeItem(avaValue, PR_TRUE); return buf; @@ -1199,22 +1206,22 @@ avaToString(PLArenaPool *arena, CERTAVA *ava) /* RDNs are sorted from most general to most specific. * This code returns the FIRST one found, the most general one found. */ -static char * -CERT_GetNameElement(PLArenaPool *arena, const CERTName *name, int wantedTag) +static char* +CERT_GetNameElement(PLArenaPool* arena, const CERTName* name, int wantedTag) { CERTRDN** rdns = name->rdns; - CERTRDN* rdn; - CERTAVA* ava = NULL; + CERTRDN* rdn; + CERTAVA* ava = NULL; while (rdns && (rdn = *rdns++) != 0) { - CERTAVA** avas = rdn->avas; - while (avas && (ava = *avas++) != 0) { - int tag = CERT_GetAVATag(ava); - if ( tag == wantedTag ) { - avas = NULL; - rdns = NULL; /* break out of all loops */ - } - } + CERTAVA** avas = rdn->avas; + while (avas && (ava = *avas++) != 0) { + int tag = CERT_GetAVATag(ava); + if (tag == wantedTag) { + avas = NULL; + rdns = NULL; /* break out of all loops */ + } + } } return ava ? avaToString(arena, ava) : NULL; } @@ -1223,119 +1230,123 @@ CERT_GetNameElement(PLArenaPool *arena, const CERTName *name, int wantedTag) * This code returns the LAST one found, the most specific one found. * This is particularly appropriate for Common Name. See RFC 2818. */ -static char * -CERT_GetLastNameElement(PLArenaPool *arena, const CERTName *name, int wantedTag) +static char* +CERT_GetLastNameElement(PLArenaPool* arena, const CERTName* name, int wantedTag) { - CERTRDN** rdns = name->rdns; - CERTRDN* rdn; - CERTAVA* lastAva = NULL; - + CERTRDN** rdns = name->rdns; + CERTRDN* rdn; + CERTAVA* lastAva = NULL; + while (rdns && (rdn = *rdns++) != 0) { - CERTAVA** avas = rdn->avas; - CERTAVA* ava; - while (avas && (ava = *avas++) != 0) { - int tag = CERT_GetAVATag(ava); - if ( tag == wantedTag ) { - lastAva = ava; - } - } + CERTAVA** avas = rdn->avas; + CERTAVA* ava; + while (avas && (ava = *avas++) != 0) { + int tag = CERT_GetAVATag(ava); + if (tag == wantedTag) { + lastAva = ava; + } + } } return lastAva ? avaToString(arena, lastAva) : NULL; } -char * -CERT_GetCertificateEmailAddress(CERTCertificate *cert) +char* +CERT_GetCertificateEmailAddress(CERTCertificate* cert) { - char *rawEmailAddr = NULL; + char* rawEmailAddr = NULL; SECItem subAltName; SECStatus rv; - CERTGeneralName *nameList = NULL; - CERTGeneralName *current; - PLArenaPool *arena = NULL; + CERTGeneralName* nameList = NULL; + CERTGeneralName* current; + PLArenaPool* arena = NULL; int i; - + subAltName.data = NULL; rawEmailAddr = CERT_GetNameElement(cert->arena, &(cert->subject), - SEC_OID_PKCS9_EMAIL_ADDRESS); - if ( rawEmailAddr == NULL ) { - rawEmailAddr = CERT_GetNameElement(cert->arena, &(cert->subject), - SEC_OID_RFC1274_MAIL); - } - if ( rawEmailAddr == NULL) { - - rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME, - &subAltName); - if (rv != SECSuccess) { - goto finish; - } - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (!arena) { - goto finish; - } - nameList = current = CERT_DecodeAltNameExtension(arena, &subAltName); - if (!nameList ) { - goto finish; - } - if (nameList != NULL) { - do { - if (current->type == certDirectoryName) { - rawEmailAddr = CERT_GetNameElement(cert->arena, - &(current->name.directoryName), - SEC_OID_PKCS9_EMAIL_ADDRESS); - if ( rawEmailAddr == NULL ) { - rawEmailAddr = CERT_GetNameElement(cert->arena, - &(current->name.directoryName), SEC_OID_RFC1274_MAIL); - } - } else if (current->type == certRFC822Name) { - rawEmailAddr = (char*)PORT_ArenaZAlloc(cert->arena, - current->name.other.len + 1); - if (!rawEmailAddr) { - goto finish; - } - PORT_Memcpy(rawEmailAddr, current->name.other.data, - current->name.other.len); - rawEmailAddr[current->name.other.len] = '\0'; - } - if (rawEmailAddr) { - break; - } - current = CERT_GetNextGeneralName(current); - } while (current != nameList); - } + SEC_OID_PKCS9_EMAIL_ADDRESS); + if (rawEmailAddr == NULL) { + rawEmailAddr = + CERT_GetNameElement(cert->arena, &(cert->subject), SEC_OID_RFC1274_MAIL); + } + if (rawEmailAddr == NULL) { + + rv = + CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME, &subAltName); + if (rv != SECSuccess) { + goto finish; + } + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (!arena) { + goto finish; + } + nameList = current = CERT_DecodeAltNameExtension(arena, &subAltName); + if (!nameList) { + goto finish; + } + if (nameList != NULL) { + do { + if (current->type == certDirectoryName) { + rawEmailAddr = + CERT_GetNameElement(cert->arena, &(current->name.directoryName), + SEC_OID_PKCS9_EMAIL_ADDRESS); + if (rawEmailAddr == + NULL) { + rawEmailAddr = + CERT_GetNameElement(cert->arena, &(current->name.directoryName), + SEC_OID_RFC1274_MAIL); + } + } else if (current->type == certRFC822Name) { + rawEmailAddr = + (char*)PORT_ArenaZAlloc(cert->arena, current->name.other.len + + 1); + if (!rawEmailAddr) { + goto finish; + } + PORT_Memcpy(rawEmailAddr, current->name.other.data, + current->name.other.len); + rawEmailAddr[current->name.other.len] = + '\0'; + } + if (rawEmailAddr) { + break; + } + current = CERT_GetNextGeneralName(current); + } while (current != nameList); + } } if (rawEmailAddr) { - for (i = 0; i <= (int) PORT_Strlen(rawEmailAddr); i++) { - rawEmailAddr[i] = tolower(rawEmailAddr[i]); - } - } + for (i = 0; i <= (int)PORT_Strlen(rawEmailAddr); i++) { + rawEmailAddr[i] = tolower(rawEmailAddr[i]); + } + } finish: /* Don't free nameList, it's part of the arena. */ if (arena) { - PORT_FreeArena(arena, PR_FALSE); + PORT_FreeArena(arena, PR_FALSE); } - if ( subAltName.data ) { - SECITEM_FreeItem(&subAltName, PR_FALSE); + if (subAltName.data) { + SECITEM_FreeItem(&subAltName, PR_FALSE); } - return(rawEmailAddr); + return (rawEmailAddr); } -static char * -appendStringToBuf(char *dest, char *src, PRUint32 *pRemaining) +static char* +appendStringToBuf(char* dest, char* src, PRUint32* pRemaining) { PRUint32 len; if (dest && src && src[0] && *pRemaining > (len = PL_strlen(src))) { - PRUint32 i; - for (i = 0; i < len; ++i) - dest[i] = tolower(src[i]); - dest[len] = 0; - dest += len + 1; - *pRemaining -= len + 1; + PRUint32 i; + for (i = 0; i < len; ++i) + dest[i] = tolower(src[i]); + dest[len] = 0; + dest += len + 1; + *pRemaining -= len + 1; } return dest; } @@ -1343,112 +1354,118 @@ appendStringToBuf(char *dest, char *src, PRUint32 *pRemaining) #undef NEEDS_HEX_ESCAPE #define NEEDS_HEX_ESCAPE(c) (c < 0x20) -static char * -appendItemToBuf(char *dest, SECItem *src, PRUint32 *pRemaining) +static char* +appendItemToBuf(char* dest, SECItem* src, PRUint32* pRemaining) { if (dest && src && src->data && src->len && src->data[0]) { - PRUint32 len = src->len; - PRUint32 i; - PRUint32 reqLen = len + 1; - /* are there any embedded control characters ? */ - for (i = 0; i < len; i++) { - if (NEEDS_HEX_ESCAPE(src->data[i])) - reqLen += 2; - } - if (*pRemaining > reqLen) { - for (i = 0; i < len; ++i) { - PRUint8 c = src->data[i]; - if (NEEDS_HEX_ESCAPE(c)) { - *dest++ = C_BACKSLASH; - *dest++ = hexChars[ (c >> 4) & 0x0f ]; - *dest++ = hexChars[ c & 0x0f ]; - } else { - *dest++ = tolower(c); - } - } - *dest++ = '\0'; - *pRemaining -= reqLen; - } + PRUint32 len = src->len; + PRUint32 i; + PRUint32 reqLen = len + 1; + /* are there any embedded control characters ? */ + for (i = 0; i < len; i++) { + if (NEEDS_HEX_ESCAPE(src->data[i])) + reqLen += 2; + } + if (*pRemaining > reqLen) { + for (i = 0; i < len; ++i) { + PRUint8 c = src->data[i]; + if (NEEDS_HEX_ESCAPE(c)) { + *dest++ = + C_BACKSLASH; + *dest++ = + hexChars[(c >> 4) & 0x0f]; + *dest++ = + hexChars[c & 0x0f]; + } else { + *dest++ = + tolower(c); + } + } + *dest++ = '\0'; + *pRemaining -= reqLen; + } } return dest; } -/* Returns a pointer to an environment-like string, a series of +/* Returns a pointer to an environment-like string, a series of ** null-terminated strings, terminated by a zero-length string. ** This function is intended to be internal to NSS. */ -char * -cert_GetCertificateEmailAddresses(CERTCertificate *cert) +char* +cert_GetCertificateEmailAddresses(CERTCertificate* cert) { - char * rawEmailAddr = NULL; - char * addrBuf = NULL; - char * pBuf = NULL; - PLArenaPool * tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - PRUint32 maxLen = 0; - PRInt32 finalLen = 0; - SECStatus rv; - SECItem subAltName; - - if (!tmpArena) - return addrBuf; + char* rawEmailAddr = NULL; + char* addrBuf = NULL; + char* pBuf = NULL; + PORTCheapArenaPool tmpArena; + PRUint32 maxLen = 0; + PRInt32 finalLen = 0; + SECStatus rv; + SECItem subAltName; + + PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE); subAltName.data = NULL; maxLen = cert->derCert.len; PORT_Assert(maxLen); - if (!maxLen) - maxLen = 2000; /* a guess, should never happen */ + if (!maxLen) + maxLen = 2000; /* a guess, should never happen */ - pBuf = addrBuf = (char *)PORT_ArenaZAlloc(tmpArena, maxLen + 1); - if (!addrBuf) - goto loser; + pBuf = addrBuf = (char*)PORT_ArenaZAlloc(&tmpArena.arena, maxLen + 1); + if (!addrBuf) + goto loser; - rawEmailAddr = CERT_GetNameElement(tmpArena, &cert->subject, - SEC_OID_PKCS9_EMAIL_ADDRESS); + rawEmailAddr = CERT_GetNameElement(&tmpArena.arena, &cert->subject, + SEC_OID_PKCS9_EMAIL_ADDRESS); pBuf = appendStringToBuf(pBuf, rawEmailAddr, &maxLen); - rawEmailAddr = CERT_GetNameElement(tmpArena, &cert->subject, - SEC_OID_RFC1274_MAIL); + rawEmailAddr = CERT_GetNameElement(&tmpArena.arena, &cert->subject, + SEC_OID_RFC1274_MAIL); pBuf = appendStringToBuf(pBuf, rawEmailAddr, &maxLen); - rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME, - &subAltName); + rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME, &subAltName); if (rv == SECSuccess && subAltName.data) { - CERTGeneralName *nameList = NULL; - - if (!!(nameList = CERT_DecodeAltNameExtension(tmpArena, &subAltName))) { - CERTGeneralName *current = nameList; - do { - if (current->type == certDirectoryName) { - rawEmailAddr = CERT_GetNameElement(tmpArena, - ¤t->name.directoryName, - SEC_OID_PKCS9_EMAIL_ADDRESS); - pBuf = appendStringToBuf(pBuf, rawEmailAddr, &maxLen); - - rawEmailAddr = CERT_GetNameElement(tmpArena, - ¤t->name.directoryName, - SEC_OID_RFC1274_MAIL); - pBuf = appendStringToBuf(pBuf, rawEmailAddr, &maxLen); - } else if (current->type == certRFC822Name) { - pBuf = appendItemToBuf(pBuf, ¤t->name.other, &maxLen); - } - current = CERT_GetNextGeneralName(current); - } while (current != nameList); - } - SECITEM_FreeItem(&subAltName, PR_FALSE); - /* Don't free nameList, it's part of the tmpArena. */ + CERTGeneralName* nameList = NULL; + + if (!!(nameList = CERT_DecodeAltNameExtension(&tmpArena.arena, &subAltName))) { + CERTGeneralName* current = nameList; + do { + if (current->type == certDirectoryName) { + rawEmailAddr = + CERT_GetNameElement(&tmpArena.arena, + ¤t->name.directoryName, + SEC_OID_PKCS9_EMAIL_ADDRESS); + pBuf = + appendStringToBuf(pBuf, rawEmailAddr, &maxLen); + + rawEmailAddr = + CERT_GetNameElement(&tmpArena.arena, + ¤t->name.directoryName, + SEC_OID_RFC1274_MAIL); + pBuf = + appendStringToBuf(pBuf, rawEmailAddr, &maxLen); + } else if (current->type == certRFC822Name) { + pBuf = + appendItemToBuf(pBuf, ¤t->name.other, &maxLen); + } + current = CERT_GetNextGeneralName(current); + } while (current != nameList); + } + SECITEM_FreeItem(&subAltName, PR_FALSE); + /* Don't free nameList, it's part of the tmpArena. */ } /* now copy superstring to cert's arena */ finalLen = (pBuf - addrBuf) + 1; pBuf = NULL; if (finalLen > 1) { - pBuf = PORT_ArenaAlloc(cert->arena, finalLen); - if (pBuf) { - PORT_Memcpy(pBuf, addrBuf, finalLen); - } + pBuf = PORT_ArenaAlloc(cert->arena, finalLen); + if (pBuf) { + PORT_Memcpy(pBuf, addrBuf, finalLen); + } } loser: - if (tmpArena) - PORT_FreeArena(tmpArena, PR_FALSE); + PORT_DestroyCheapArena(&tmpArena); return pBuf; } @@ -1457,11 +1474,11 @@ loser: ** as long as cert's reference count doesn't go to zero. ** Caller should strdup or otherwise copy. */ -const char * /* const so caller won't muck with it. */ -CERT_GetFirstEmailAddress(CERTCertificate * cert) +const char* /* const so caller won't muck with it. */ + CERT_GetFirstEmailAddress(CERTCertificate* cert) { if (cert && cert->emailAddr && cert->emailAddr[0]) - return (const char *)cert->emailAddr; + return (const char*)cert->emailAddr; return NULL; } @@ -1469,92 +1486,91 @@ CERT_GetFirstEmailAddress(CERTCertificate * cert) ** as long as cert's reference count doesn't go to zero. ** Caller should strdup or otherwise copy. */ -const char * /* const so caller won't muck with it. */ -CERT_GetNextEmailAddress(CERTCertificate * cert, const char * prev) +const char* /* const so caller won't muck with it. */ + CERT_GetNextEmailAddress(CERTCertificate* cert, const char* prev) { if (cert && prev && prev[0]) { - PRUint32 len = PL_strlen(prev); - prev += len + 1; - if (prev && prev[0]) - return prev; + PRUint32 len = PL_strlen(prev); + prev += len + 1; + if (prev && prev[0]) + return prev; } return NULL; } /* This is seriously bogus, now that certs store their email addresses in -** subject Alternative Name extensions. +** subject Alternative Name extensions. ** Returns a string allocated by PORT_StrDup, which the caller must free. */ -char * -CERT_GetCertEmailAddress(const CERTName *name) +char* +CERT_GetCertEmailAddress(const CERTName* name) { - char *rawEmailAddr; - char *emailAddr; + char* rawEmailAddr; + char* emailAddr; - rawEmailAddr = CERT_GetNameElement(NULL, name, SEC_OID_PKCS9_EMAIL_ADDRESS); - if ( rawEmailAddr == NULL ) { - rawEmailAddr = CERT_GetNameElement(NULL, name, SEC_OID_RFC1274_MAIL); + if (rawEmailAddr == NULL) { + rawEmailAddr = CERT_GetNameElement(NULL, name, SEC_OID_RFC1274_MAIL); } emailAddr = CERT_FixupEmailAddr(rawEmailAddr); - if ( rawEmailAddr ) { - PORT_Free(rawEmailAddr); + if (rawEmailAddr) { + PORT_Free(rawEmailAddr); } - return(emailAddr); + return (emailAddr); } /* The return value must be freed with PORT_Free. */ -char * -CERT_GetCommonName(const CERTName *name) +char* +CERT_GetCommonName(const CERTName* name) { - return(CERT_GetLastNameElement(NULL, name, SEC_OID_AVA_COMMON_NAME)); + return (CERT_GetLastNameElement(NULL, name, SEC_OID_AVA_COMMON_NAME)); } -char * -CERT_GetCountryName(const CERTName *name) +char* +CERT_GetCountryName(const CERTName* name) { - return(CERT_GetNameElement(NULL, name, SEC_OID_AVA_COUNTRY_NAME)); + return (CERT_GetNameElement(NULL, name, SEC_OID_AVA_COUNTRY_NAME)); } -char * -CERT_GetLocalityName(const CERTName *name) +char* +CERT_GetLocalityName(const CERTName* name) { - return(CERT_GetNameElement(NULL, name, SEC_OID_AVA_LOCALITY)); + return (CERT_GetNameElement(NULL, name, SEC_OID_AVA_LOCALITY)); } -char * -CERT_GetStateName(const CERTName *name) +char* +CERT_GetStateName(const CERTName* name) { - return(CERT_GetNameElement(NULL, name, SEC_OID_AVA_STATE_OR_PROVINCE)); + return (CERT_GetNameElement(NULL, name, SEC_OID_AVA_STATE_OR_PROVINCE)); } -char * -CERT_GetOrgName(const CERTName *name) +char* +CERT_GetOrgName(const CERTName* name) { - return(CERT_GetNameElement(NULL, name, SEC_OID_AVA_ORGANIZATION_NAME)); + return (CERT_GetNameElement(NULL, name, SEC_OID_AVA_ORGANIZATION_NAME)); } -char * -CERT_GetDomainComponentName(const CERTName *name) +char* +CERT_GetDomainComponentName(const CERTName* name) { - return(CERT_GetNameElement(NULL, name, SEC_OID_AVA_DC)); + return (CERT_GetNameElement(NULL, name, SEC_OID_AVA_DC)); } -char * -CERT_GetOrgUnitName(const CERTName *name) +char* +CERT_GetOrgUnitName(const CERTName* name) { - return(CERT_GetNameElement(NULL, name, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME)); + return ( + CERT_GetNameElement(NULL, name, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME)); } -char * -CERT_GetDnQualifier(const CERTName *name) +char* +CERT_GetDnQualifier(const CERTName* name) { - return(CERT_GetNameElement(NULL, name, SEC_OID_AVA_DN_QUALIFIER)); + return (CERT_GetNameElement(NULL, name, SEC_OID_AVA_DN_QUALIFIER)); } -char * -CERT_GetCertUid(const CERTName *name) +char* +CERT_GetCertUid(const CERTName* name) { - return(CERT_GetNameElement(NULL, name, SEC_OID_RFC1274_UID)); + return (CERT_GetNameElement(NULL, name, SEC_OID_RFC1274_UID)); } - |