diff options
Diffstat (limited to 'nss/lib/certdb/polcyxtn.c')
-rw-r--r-- | nss/lib/certdb/polcyxtn.c | 681 |
1 files changed, 329 insertions, 352 deletions
diff --git a/nss/lib/certdb/polcyxtn.c b/nss/lib/certdb/polcyxtn.c index cef4783..aae34e2 100644 --- a/nss/lib/certdb/polcyxtn.c +++ b/nss/lib/certdb/polcyxtn.c @@ -20,95 +20,81 @@ SEC_ASN1_MKSUB(SEC_ObjectIDTemplate) const SEC_ASN1Template CERT_DisplayTextTypeTemplate[] = { { SEC_ASN1_CHOICE, offsetof(SECItem, type), 0, sizeof(SECItem) }, - { SEC_ASN1_IA5_STRING, 0, 0, siAsciiString}, - { SEC_ASN1_VISIBLE_STRING , 0, 0, siVisibleString}, - { SEC_ASN1_BMP_STRING , 0, 0, siBMPString }, - { SEC_ASN1_UTF8_STRING , 0, 0, siUTF8String }, + { SEC_ASN1_IA5_STRING, 0, 0, siAsciiString }, + { SEC_ASN1_VISIBLE_STRING, 0, 0, siVisibleString }, + { SEC_ASN1_BMP_STRING, 0, 0, siBMPString }, + { SEC_ASN1_UTF8_STRING, 0, 0, siUTF8String }, { 0 } }; const SEC_ASN1Template CERT_NoticeReferenceTemplate[] = { - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(CERTNoticeReference) }, - { SEC_ASN1_INLINE, - offsetof(CERTNoticeReference, organization), - CERT_DisplayTextTypeTemplate, 0 }, + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTNoticeReference) }, + { SEC_ASN1_INLINE, offsetof(CERTNoticeReference, organization), + CERT_DisplayTextTypeTemplate, 0 }, { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, - offsetof(CERTNoticeReference, noticeNumbers), - SEC_ASN1_SUB(SEC_IntegerTemplate) }, + offsetof(CERTNoticeReference, noticeNumbers), + SEC_ASN1_SUB(SEC_IntegerTemplate) }, { 0 } }; const SEC_ASN1Template CERT_UserNoticeTemplate[] = { - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(CERTUserNotice) }, + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTUserNotice) }, { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL, - offsetof(CERTUserNotice, noticeReference), - CERT_NoticeReferenceTemplate, 0 }, + offsetof(CERTUserNotice, noticeReference), CERT_NoticeReferenceTemplate, + 0 }, { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL, - offsetof(CERTUserNotice, displayText), - CERT_DisplayTextTypeTemplate, 0 }, + offsetof(CERTUserNotice, displayText), CERT_DisplayTextTypeTemplate, 0 }, { 0 } }; const SEC_ASN1Template CERT_PolicyQualifierTemplate[] = { - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(CERTPolicyQualifier) }, - { SEC_ASN1_OBJECT_ID, - offsetof(CERTPolicyQualifier, qualifierID) }, - { SEC_ASN1_ANY, - offsetof(CERTPolicyQualifier, qualifierValue) }, + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPolicyQualifier) }, + { SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyQualifier, qualifierID) }, + { SEC_ASN1_ANY, offsetof(CERTPolicyQualifier, qualifierValue) }, { 0 } }; const SEC_ASN1Template CERT_PolicyInfoTemplate[] = { - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(CERTPolicyInfo) }, - { SEC_ASN1_OBJECT_ID, - offsetof(CERTPolicyInfo, policyID) }, + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPolicyInfo) }, + { SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyInfo, policyID) }, { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_OPTIONAL, - offsetof(CERTPolicyInfo, policyQualifiers), - CERT_PolicyQualifierTemplate }, + offsetof(CERTPolicyInfo, policyQualifiers), + CERT_PolicyQualifierTemplate }, { 0 } }; const SEC_ASN1Template CERT_CertificatePoliciesTemplate[] = { - { SEC_ASN1_SEQUENCE_OF, - offsetof(CERTCertificatePolicies, policyInfos), - CERT_PolicyInfoTemplate, sizeof(CERTCertificatePolicies) } + { SEC_ASN1_SEQUENCE_OF, offsetof(CERTCertificatePolicies, policyInfos), + CERT_PolicyInfoTemplate, sizeof(CERTCertificatePolicies) } }; const SEC_ASN1Template CERT_PolicyMapTemplate[] = { - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(CERTPolicyMap) }, - { SEC_ASN1_OBJECT_ID, - offsetof(CERTPolicyMap, issuerDomainPolicy) }, - { SEC_ASN1_OBJECT_ID, - offsetof(CERTPolicyMap, subjectDomainPolicy) }, + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPolicyMap) }, + { SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyMap, issuerDomainPolicy) }, + { SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyMap, subjectDomainPolicy) }, { 0 } }; const SEC_ASN1Template CERT_PolicyMappingsTemplate[] = { - { SEC_ASN1_SEQUENCE_OF, - offsetof(CERTCertificatePolicyMappings, policyMaps), - CERT_PolicyMapTemplate, sizeof(CERTPolicyMap) } + { SEC_ASN1_SEQUENCE_OF, offsetof(CERTCertificatePolicyMappings, policyMaps), + CERT_PolicyMapTemplate, sizeof(CERTPolicyMap) } }; const SEC_ASN1Template CERT_PolicyConstraintsTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCertificatePolicyConstraints) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, - offsetof(CERTCertificatePolicyConstraints, explicitPolicySkipCerts), - SEC_ASN1_SUB(SEC_IntegerTemplate) }, + offsetof(CERTCertificatePolicyConstraints, explicitPolicySkipCerts), + SEC_ASN1_SUB(SEC_IntegerTemplate) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1, - offsetof(CERTCertificatePolicyConstraints, inhibitMappingSkipCerts), - SEC_ASN1_SUB(SEC_IntegerTemplate) }, + offsetof(CERTCertificatePolicyConstraints, inhibitMappingSkipCerts), + SEC_ASN1_SUB(SEC_IntegerTemplate) }, { 0 } }; const SEC_ASN1Template CERT_InhibitAnyTemplate[] = { { SEC_ASN1_INTEGER, - offsetof(CERTCertificateInhibitAny, inhibitAnySkipCerts), - NULL, sizeof(CERTCertificateInhibitAny) } + offsetof(CERTCertificateInhibitAny, inhibitAnySkipCerts), NULL, + sizeof(CERTCertificateInhibitAny) } }; static void @@ -118,30 +104,30 @@ breakLines(char *string) char *lastspace = NULL; int curlen = 0; int c; - + tmpstr = string; - while ( ( c = *tmpstr ) != '\0' ) { - switch ( c ) { - case ' ': - lastspace = tmpstr; - break; - case '\n': - lastspace = NULL; - curlen = 0; - break; - } - - if ( ( curlen >= 55 ) && ( lastspace != NULL ) ) { - *lastspace = '\n'; - curlen = ( tmpstr - lastspace ); - lastspace = NULL; - } - - curlen++; - tmpstr++; - } - + while ((c = *tmpstr) != '\0') { + switch (c) { + case ' ': + lastspace = tmpstr; + break; + case '\n': + lastspace = NULL; + curlen = 0; + break; + } + + if ((curlen >= 55) && (lastspace != NULL)) { + *lastspace = '\n'; + curlen = (tmpstr - lastspace); + lastspace = NULL; + } + + curlen++; + tmpstr++; + } + return; } @@ -154,69 +140,69 @@ CERT_DecodeCertificatePoliciesExtension(const SECItem *extnValue) CERTPolicyInfo **policyInfos, *policyInfo; CERTPolicyQualifier **policyQualifiers, *policyQualifier; SECItem newExtnValue; - + /* make a new arena */ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - - if ( !arena ) { - goto loser; + + if (!arena) { + goto loser; } /* allocate the certificate policies structure */ - policies = (CERTCertificatePolicies *) - PORT_ArenaZAlloc(arena, sizeof(CERTCertificatePolicies)); - - if ( policies == NULL ) { - goto loser; + policies = (CERTCertificatePolicies *)PORT_ArenaZAlloc( + arena, sizeof(CERTCertificatePolicies)); + + if (policies == NULL) { + goto loser; } - + policies->arena = arena; /* copy the DER into the arena, since Quick DER returns data that points into the DER input, which may get freed by the caller */ rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue); - if ( rv != SECSuccess ) { - goto loser; + if (rv != SECSuccess) { + goto loser; } /* decode the policy info */ - rv = SEC_QuickDERDecodeItem(arena, policies, CERT_CertificatePoliciesTemplate, - &newExtnValue); + rv = SEC_QuickDERDecodeItem( + arena, policies, CERT_CertificatePoliciesTemplate, &newExtnValue); - if ( rv != SECSuccess ) { - goto loser; + if (rv != SECSuccess) { + goto loser; } /* initialize the oid tags */ policyInfos = policies->policyInfos; - while (*policyInfos != NULL ) { - policyInfo = *policyInfos; - policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID); - policyQualifiers = policyInfo->policyQualifiers; - while ( policyQualifiers != NULL && *policyQualifiers != NULL ) { - policyQualifier = *policyQualifiers; - policyQualifier->oid = - SECOID_FindOIDTag(&policyQualifier->qualifierID); - policyQualifiers++; - } - policyInfos++; - } - - return(policies); - + while (*policyInfos != NULL) { + policyInfo = *policyInfos; + policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID); + policyQualifiers = policyInfo->policyQualifiers; + while (policyQualifiers != NULL && *policyQualifiers != NULL) { + policyQualifier = *policyQualifiers; + policyQualifier->oid = + SECOID_FindOIDTag(&policyQualifier->qualifierID); + policyQualifiers++; + } + policyInfos++; + } + + return (policies); + loser: - if ( arena != NULL ) { - PORT_FreeArena(arena, PR_FALSE); + if (arena != NULL) { + PORT_FreeArena(arena, PR_FALSE); } - - return(NULL); + + return (NULL); } void CERT_DestroyCertificatePoliciesExtension(CERTCertificatePolicies *policies) { - if ( policies != NULL ) { - PORT_FreeArena(policies->arena, PR_FALSE); + if (policies != NULL) { + PORT_FreeArena(policies->arena, PR_FALSE); } return; } @@ -228,17 +214,17 @@ CERT_DecodePolicyMappingsExtension(SECItem *extnValue) SECStatus rv; CERTCertificatePolicyMappings *mappings; SECItem newExtnValue; - + /* make a new arena */ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { + if (!arena) { goto loser; } /* allocate the policy mappings structure */ - mappings = (CERTCertificatePolicyMappings *) - PORT_ArenaZAlloc(arena, sizeof(CERTCertificatePolicyMappings)); - if ( mappings == NULL ) { + mappings = (CERTCertificatePolicyMappings *)PORT_ArenaZAlloc( + arena, sizeof(CERTCertificatePolicyMappings)); + if (mappings == NULL) { goto loser; } mappings->arena = arena; @@ -246,40 +232,39 @@ CERT_DecodePolicyMappingsExtension(SECItem *extnValue) /* copy the DER into the arena, since Quick DER returns data that points into the DER input, which may get freed by the caller */ rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue); - if ( rv != SECSuccess ) { + if (rv != SECSuccess) { goto loser; } /* decode the policy mappings */ - rv = SEC_QuickDERDecodeItem - (arena, mappings, CERT_PolicyMappingsTemplate, &newExtnValue); - if ( rv != SECSuccess ) { + rv = SEC_QuickDERDecodeItem(arena, mappings, CERT_PolicyMappingsTemplate, + &newExtnValue); + if (rv != SECSuccess) { goto loser; } - return(mappings); - + return (mappings); + loser: - if ( arena != NULL ) { + if (arena != NULL) { PORT_FreeArena(arena, PR_FALSE); } - - return(NULL); + + return (NULL); } SECStatus CERT_DestroyPolicyMappingsExtension(CERTCertificatePolicyMappings *mappings) { - if ( mappings != NULL ) { + if (mappings != NULL) { PORT_FreeArena(mappings->arena, PR_FALSE); } return SECSuccess; } SECStatus -CERT_DecodePolicyConstraintsExtension - (CERTCertificatePolicyConstraints *decodedValue, - const SECItem *encodedValue) +CERT_DecodePolicyConstraintsExtension( + CERTCertificatePolicyConstraints *decodedValue, const SECItem *encodedValue) { CERTCertificatePolicyConstraints decodeContext; PLArenaPool *arena = NULL; @@ -296,10 +281,11 @@ CERT_DecodePolicyConstraintsExtension do { /* decode the policy constraints */ - rv = SEC_QuickDERDecodeItem(arena, - &decodeContext, CERT_PolicyConstraintsTemplate, encodedValue); + rv = SEC_QuickDERDecodeItem(arena, &decodeContext, + CERT_PolicyConstraintsTemplate, + encodedValue); - if ( rv != SECSuccess ) { + if (rv != SECSuccess) { break; } @@ -307,35 +293,36 @@ CERT_DecodePolicyConstraintsExtension *(PRInt32 *)decodedValue->explicitPolicySkipCerts.data = -1; } else { *(PRInt32 *)decodedValue->explicitPolicySkipCerts.data = - DER_GetInteger(&decodeContext.explicitPolicySkipCerts); + DER_GetInteger(&decodeContext.explicitPolicySkipCerts); } if (decodeContext.inhibitMappingSkipCerts.len == 0) { *(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data = -1; } else { *(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data = - DER_GetInteger(&decodeContext.inhibitMappingSkipCerts); + DER_GetInteger(&decodeContext.inhibitMappingSkipCerts); } if ((*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data == - PR_INT32_MIN) || + PR_INT32_MIN) || (*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data == - PR_INT32_MAX) || + PR_INT32_MAX) || (*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data == - PR_INT32_MIN) || + PR_INT32_MIN) || (*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data == - PR_INT32_MAX)) { + PR_INT32_MAX)) { rv = SECFailure; } - + } while (0); PORT_FreeArena(arena, PR_FALSE); - return(rv); + return (rv); } -SECStatus CERT_DecodeInhibitAnyExtension - (CERTCertificateInhibitAny *decodedValue, SECItem *encodedValue) +SECStatus +CERT_DecodeInhibitAnyExtension(CERTCertificateInhibitAny *decodedValue, + SECItem *encodedValue) { CERTCertificateInhibitAny decodeContext; PLArenaPool *arena = NULL; @@ -343,7 +330,7 @@ SECStatus CERT_DecodeInhibitAnyExtension /* make a new arena */ arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); - if ( !arena ) { + if (!arena) { return SECFailure; } @@ -351,20 +338,20 @@ SECStatus CERT_DecodeInhibitAnyExtension /* decode the policy mappings */ decodeContext.inhibitAnySkipCerts.type = siUnsignedInteger; - rv = SEC_QuickDERDecodeItem(arena, - &decodeContext, CERT_InhibitAnyTemplate, encodedValue); + rv = SEC_QuickDERDecodeItem(arena, &decodeContext, + CERT_InhibitAnyTemplate, encodedValue); - if ( rv != SECSuccess ) { + if (rv != SECSuccess) { break; } *(PRInt32 *)decodedValue->inhibitAnySkipCerts.data = - DER_GetInteger(&decodeContext.inhibitAnySkipCerts); + DER_GetInteger(&decodeContext.inhibitAnySkipCerts); } while (0); PORT_FreeArena(arena, PR_FALSE); - return(rv); + return (rv); } CERTUserNotice * @@ -374,37 +361,37 @@ CERT_DecodeUserNotice(SECItem *noticeItem) SECStatus rv; CERTUserNotice *userNotice; SECItem newNoticeItem; - + /* make a new arena */ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - - if ( !arena ) { - goto loser; + + if (!arena) { + goto loser; } /* allocate the userNotice structure */ - userNotice = (CERTUserNotice *)PORT_ArenaZAlloc(arena, - sizeof(CERTUserNotice)); - - if ( userNotice == NULL ) { - goto loser; + userNotice = + (CERTUserNotice *)PORT_ArenaZAlloc(arena, sizeof(CERTUserNotice)); + + if (userNotice == NULL) { + goto loser; } - + userNotice->arena = arena; /* copy the DER into the arena, since Quick DER returns data that points into the DER input, which may get freed by the caller */ rv = SECITEM_CopyItem(arena, &newNoticeItem, noticeItem); - if ( rv != SECSuccess ) { - goto loser; + if (rv != SECSuccess) { + goto loser; } /* decode the user notice */ - rv = SEC_QuickDERDecodeItem(arena, userNotice, CERT_UserNoticeTemplate, - &newNoticeItem); + rv = SEC_QuickDERDecodeItem(arena, userNotice, CERT_UserNoticeTemplate, + &newNoticeItem); - if ( rv != SECSuccess ) { - goto loser; + if (rv != SECSuccess) { + goto loser; } if (userNotice->derNoticeReference.data != NULL) { @@ -414,24 +401,24 @@ CERT_DecodeUserNotice(SECItem *noticeItem) &userNotice->derNoticeReference); if (rv == SECFailure) { goto loser; - } + } } - return(userNotice); - + return (userNotice); + loser: - if ( arena != NULL ) { - PORT_FreeArena(arena, PR_FALSE); + if (arena != NULL) { + PORT_FreeArena(arena, PR_FALSE); } - - return(NULL); + + return (NULL); } void CERT_DestroyUserNotice(CERTUserNotice *userNotice) { - if ( userNotice != NULL ) { - PORT_FreeArena(userNotice->arena, PR_FALSE); + if (userNotice != NULL) { + PORT_FreeArena(userNotice->arena, PR_FALSE); } return; } @@ -459,74 +446,73 @@ stringFromUserNotice(SECItem *noticeItem) SECItem *displayText; SECItem **noticeNumbers; unsigned int strnum; - + /* decode the user notice */ userNotice = CERT_DecodeUserNotice(noticeItem); - if ( userNotice == NULL ) { - return(NULL); + if (userNotice == NULL) { + return (NULL); } - + org = &userNotice->noticeReference.organization; - if ( (org->len != 0 ) && ( policyStringCB != NULL ) ) { - /* has a noticeReference */ - - /* extract the org string */ - len = org->len; - stringbuf = (char*)PORT_Alloc(len + 1); - if ( stringbuf != NULL ) { - PORT_Memcpy(stringbuf, org->data, len); - stringbuf[len] = '\0'; - - noticeNumbers = userNotice->noticeReference.noticeNumbers; - while ( *noticeNumbers != NULL ) { - /* XXX - only one byte integers right now*/ - strnum = (*noticeNumbers)->data[0]; - policystr = (* policyStringCB)(stringbuf, - strnum, - policyStringCBArg); - if ( policystr != NULL ) { - if ( retstr != NULL ) { - retstr = PR_sprintf_append(retstr, "\n%s", policystr); - } else { - retstr = PR_sprintf_append(retstr, "%s", policystr); - } - - PORT_Free(policystr); - } - - noticeNumbers++; - } - - PORT_Free(stringbuf); - } - } - - if ( retstr == NULL ) { - if ( userNotice->displayText.len != 0 ) { - displayText = &userNotice->displayText; - - if ( displayText->len > 2 ) { - if ( displayText->data[0] == SEC_ASN1_VISIBLE_STRING ) { - headerlen = 2; - if ( displayText->data[1] & 0x80 ) { - /* multibyte length */ - headerlen += ( displayText->data[1] & 0x7f ); - } - - len = displayText->len - headerlen; - retstr = (char*)PORT_Alloc(len + 1); - if ( retstr != NULL ) { - PORT_Memcpy(retstr, &displayText->data[headerlen],len); - retstr[len] = '\0'; - } - } - } - } - } - + if ((org->len != 0) && (policyStringCB != NULL)) { + /* has a noticeReference */ + + /* extract the org string */ + len = org->len; + stringbuf = (char *)PORT_Alloc(len + 1); + if (stringbuf != NULL) { + PORT_Memcpy(stringbuf, org->data, len); + stringbuf[len] = '\0'; + + noticeNumbers = userNotice->noticeReference.noticeNumbers; + while (*noticeNumbers != NULL) { + /* XXX - only one byte integers right now*/ + strnum = (*noticeNumbers)->data[0]; + policystr = + (*policyStringCB)(stringbuf, strnum, policyStringCBArg); + if (policystr != NULL) { + if (retstr != NULL) { + retstr = PR_sprintf_append(retstr, "\n%s", policystr); + } else { + retstr = PR_sprintf_append(retstr, "%s", policystr); + } + + PORT_Free(policystr); + } + + noticeNumbers++; + } + + PORT_Free(stringbuf); + } + } + + if (retstr == NULL) { + if (userNotice->displayText.len != 0) { + displayText = &userNotice->displayText; + + if (displayText->len > 2) { + if (displayText->data[0] == SEC_ASN1_VISIBLE_STRING) { + headerlen = 2; + if (displayText->data[1] & 0x80) { + /* multibyte length */ + headerlen += (displayText->data[1] & 0x7f); + } + + len = displayText->len - headerlen; + retstr = (char *)PORT_Alloc(len + 1); + if (retstr != NULL) { + PORT_Memcpy(retstr, &displayText->data[headerlen], len); + retstr[len] = '\0'; + } + } + } + } + } + CERT_DestroyUserNotice(userNotice); - - return(retstr); + + return (retstr); } char * @@ -540,65 +526,63 @@ CERT_GetCertCommentString(CERTCertificate *cert) CERTPolicyQualifier **policyQualifiers, *qualifier; policyItem.data = NULL; - + rv = CERT_FindCertExtension(cert, SEC_OID_X509_CERTIFICATE_POLICIES, - &policyItem); - if ( rv != SECSuccess ) { - goto nopolicy; + &policyItem); + if (rv != SECSuccess) { + goto nopolicy; } policies = CERT_DecodeCertificatePoliciesExtension(&policyItem); - if ( policies == NULL ) { - goto nopolicy; + if (policies == NULL) { + goto nopolicy; } policyInfos = policies->policyInfos; /* search through policyInfos looking for the verisign policy */ - while (*policyInfos != NULL ) { - if ( (*policyInfos)->oid == SEC_OID_VERISIGN_USER_NOTICES ) { - policyQualifiers = (*policyInfos)->policyQualifiers; - /* search through the policy qualifiers looking for user notice */ - while ( policyQualifiers != NULL && *policyQualifiers != NULL ) { - qualifier = *policyQualifiers; - if ( qualifier->oid == SEC_OID_PKIX_USER_NOTICE_QUALIFIER ) { - retstring = - stringFromUserNotice(&qualifier->qualifierValue); - break; - } - - policyQualifiers++; - } - break; - } - policyInfos++; + while (*policyInfos != NULL) { + if ((*policyInfos)->oid == SEC_OID_VERISIGN_USER_NOTICES) { + policyQualifiers = (*policyInfos)->policyQualifiers; + /* search through the policy qualifiers looking for user notice */ + while (policyQualifiers != NULL && *policyQualifiers != NULL) { + qualifier = *policyQualifiers; + if (qualifier->oid == SEC_OID_PKIX_USER_NOTICE_QUALIFIER) { + retstring = + stringFromUserNotice(&qualifier->qualifierValue); + break; + } + + policyQualifiers++; + } + break; + } + policyInfos++; } nopolicy: - if ( policyItem.data != NULL ) { - PORT_Free(policyItem.data); + if (policyItem.data != NULL) { + PORT_Free(policyItem.data); } - if ( policies != NULL ) { - CERT_DestroyCertificatePoliciesExtension(policies); + if (policies != NULL) { + CERT_DestroyCertificatePoliciesExtension(policies); } - - if ( retstring == NULL ) { - retstring = CERT_FindNSStringExtension(cert, - SEC_OID_NS_CERT_EXT_COMMENT); + + if (retstring == NULL) { + retstring = + CERT_FindNSStringExtension(cert, SEC_OID_NS_CERT_EXT_COMMENT); } - - if ( retstring != NULL ) { - breakLines(retstring); + + if (retstring != NULL) { + breakLines(retstring); } - - return(retstring); -} + return (retstring); +} const SEC_ASN1Template CERT_OidSeqTemplate[] = { - { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, - offsetof(CERTOidSequence, oids), - SEC_ASN1_SUB(SEC_ObjectIDTemplate) } + { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, offsetof(CERTOidSequence, oids), + SEC_ASN1_SUB(SEC_ObjectIDTemplate) } }; CERTOidSequence * @@ -608,53 +592,53 @@ CERT_DecodeOidSequence(const SECItem *seqItem) SECStatus rv; CERTOidSequence *oidSeq; SECItem newSeqItem; - + /* make a new arena */ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - - if ( !arena ) { - goto loser; + + if (!arena) { + goto loser; } /* allocate the userNotice structure */ - oidSeq = (CERTOidSequence *)PORT_ArenaZAlloc(arena, - sizeof(CERTOidSequence)); - - if ( oidSeq == NULL ) { - goto loser; + oidSeq = + (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence)); + + if (oidSeq == NULL) { + goto loser; } - + oidSeq->arena = arena; /* copy the DER into the arena, since Quick DER returns data that points into the DER input, which may get freed by the caller */ rv = SECITEM_CopyItem(arena, &newSeqItem, seqItem); - if ( rv != SECSuccess ) { - goto loser; + if (rv != SECSuccess) { + goto loser; } /* decode the user notice */ - rv = SEC_QuickDERDecodeItem(arena, oidSeq, CERT_OidSeqTemplate, &newSeqItem); + rv = + SEC_QuickDERDecodeItem(arena, oidSeq, CERT_OidSeqTemplate, &newSeqItem); - if ( rv != SECSuccess ) { - goto loser; + if (rv != SECSuccess) { + goto loser; } - return(oidSeq); - + return (oidSeq); + loser: if (arena) { PORT_FreeArena(arena, PR_FALSE); } - return(NULL); + return (NULL); } - void CERT_DestroyOidSequence(CERTOidSequence *oidSeq) { - if ( oidSeq != NULL ) { - PORT_FreeArena(oidSeq->arena, PR_FALSE); + if (oidSeq != NULL) { + PORT_FreeArena(oidSeq->arena, PR_FALSE); } return; } @@ -669,29 +653,29 @@ CERT_GovtApprovedBitSet(CERTCertificate *cert) SECItem **oids; SECItem *oid; SECOidTag oidTag; - + extItem.data = NULL; rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE, &extItem); - if ( rv != SECSuccess ) { - goto loser; + if (rv != SECSuccess) { + goto loser; } oidSeq = CERT_DecodeOidSequence(&extItem); - if ( oidSeq == NULL ) { - goto loser; + if (oidSeq == NULL) { + goto loser; } oids = oidSeq->oids; - while ( oids != NULL && *oids != NULL ) { - oid = *oids; - - oidTag = SECOID_FindOIDTag(oid); - - if ( oidTag == SEC_OID_NS_KEY_USAGE_GOVT_APPROVED ) { - goto success; - } - - oids++; + while (oids != NULL && *oids != NULL) { + oid = *oids; + + oidTag = SECOID_FindOIDTag(oid); + + if (oidTag == SEC_OID_NS_KEY_USAGE_GOVT_APPROVED) { + goto success; + } + + oids++; } loser: @@ -700,16 +684,15 @@ loser: success: ret = PR_TRUE; done: - if ( oidSeq != NULL ) { - CERT_DestroyOidSequence(oidSeq); + if (oidSeq != NULL) { + CERT_DestroyOidSequence(oidSeq); } if (extItem.data != NULL) { - PORT_Free(extItem.data); + PORT_Free(extItem.data); } - return(ret); + return (ret); } - SECStatus CERT_EncodePolicyConstraintsExtension(PLArenaPool *arena, CERTCertificatePolicyConstraints *constr, @@ -719,14 +702,14 @@ CERT_EncodePolicyConstraintsExtension(PLArenaPool *arena, PORT_Assert(constr != NULL && dest != NULL); if (constr == NULL || dest == NULL) { - return SECFailure; + return SECFailure; } - if (SEC_ASN1EncodeItem (arena, dest, constr, - CERT_PolicyConstraintsTemplate) == NULL) { - rv = SECFailure; + if (SEC_ASN1EncodeItem(arena, dest, constr, + CERT_PolicyConstraintsTemplate) == NULL) { + rv = SECFailure; } - return(rv); + return (rv); } SECStatus @@ -738,75 +721,69 @@ CERT_EncodePolicyMappingExtension(PLArenaPool *arena, PORT_Assert(mapping != NULL && dest != NULL); if (mapping == NULL || dest == NULL) { - return SECFailure; + return SECFailure; } - if (SEC_ASN1EncodeItem (arena, dest, mapping, - CERT_PolicyMappingsTemplate) == NULL) { - rv = SECFailure; + if (SEC_ASN1EncodeItem(arena, dest, mapping, CERT_PolicyMappingsTemplate) == + NULL) { + rv = SECFailure; } - return(rv); + return (rv); } - - SECStatus -CERT_EncodeCertPoliciesExtension(PLArenaPool *arena, - CERTPolicyInfo **info, +CERT_EncodeCertPoliciesExtension(PLArenaPool *arena, CERTPolicyInfo **info, SECItem *dest) { SECStatus rv = SECSuccess; PORT_Assert(info != NULL && dest != NULL); if (info == NULL || dest == NULL) { - return SECFailure; + return SECFailure; } - if (SEC_ASN1EncodeItem (arena, dest, info, - CERT_CertificatePoliciesTemplate) == NULL) { - rv = SECFailure; + if (SEC_ASN1EncodeItem(arena, dest, info, + CERT_CertificatePoliciesTemplate) == NULL) { + rv = SECFailure; } - return(rv); + return (rv); } SECStatus -CERT_EncodeUserNotice(PLArenaPool *arena, - CERTUserNotice *notice, - SECItem *dest) +CERT_EncodeUserNotice(PLArenaPool *arena, CERTUserNotice *notice, SECItem *dest) { SECStatus rv = SECSuccess; PORT_Assert(notice != NULL && dest != NULL); if (notice == NULL || dest == NULL) { - return SECFailure; + return SECFailure; } - if (SEC_ASN1EncodeItem(arena, dest, - notice, CERT_UserNoticeTemplate) == NULL) { - rv = SECFailure; + if (SEC_ASN1EncodeItem(arena, dest, notice, CERT_UserNoticeTemplate) == + NULL) { + rv = SECFailure; } - return(rv); + return (rv); } SECStatus -CERT_EncodeNoticeReference(PLArenaPool *arena, - CERTNoticeReference *reference, +CERT_EncodeNoticeReference(PLArenaPool *arena, CERTNoticeReference *reference, SECItem *dest) { SECStatus rv = SECSuccess; - + PORT_Assert(reference != NULL && dest != NULL); if (reference == NULL || dest == NULL) { - return SECFailure; + return SECFailure; } - if (SEC_ASN1EncodeItem (arena, dest, reference, - CERT_NoticeReferenceTemplate) == NULL) { - rv = SECFailure; + if (SEC_ASN1EncodeItem(arena, dest, reference, + CERT_NoticeReferenceTemplate) == NULL) { + rv = SECFailure; } - return(rv); + return (rv); } SECStatus @@ -818,12 +795,12 @@ CERT_EncodeInhibitAnyExtension(PLArenaPool *arena, PORT_Assert(certInhibitAny != NULL && dest != NULL); if (certInhibitAny == NULL || dest == NULL) { - return SECFailure; + return SECFailure; } - if (SEC_ASN1EncodeItem (arena, dest, certInhibitAny, - CERT_InhibitAnyTemplate) == NULL) { - rv = SECFailure; + if (SEC_ASN1EncodeItem(arena, dest, certInhibitAny, + CERT_InhibitAnyTemplate) == NULL) { + rv = SECFailure; } - return(rv); + return (rv); } |