diff options
Diffstat (limited to 'nss/lib/certhigh/certreq.c')
-rw-r--r-- | nss/lib/certhigh/certreq.c | 193 |
1 files changed, 100 insertions, 93 deletions
diff --git a/nss/lib/certhigh/certreq.c b/nss/lib/certhigh/certreq.c index f5098a0..4087bc9 100644 --- a/nss/lib/certhigh/certreq.c +++ b/nss/lib/certhigh/certreq.c @@ -14,10 +14,10 @@ SEC_ASN1_MKSUB(SEC_AnyTemplate) const SEC_ASN1Template CERT_AttributeTemplate[] = { { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(CERTAttribute) }, + 0, NULL, sizeof(CERTAttribute) }, { SEC_ASN1_OBJECT_ID, offsetof(CERTAttribute, attrType) }, { SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(CERTAttribute, attrValue), - SEC_ASN1_SUB(SEC_AnyTemplate) }, + SEC_ASN1_SUB(SEC_AnyTemplate) }, { 0 } }; @@ -27,18 +27,18 @@ const SEC_ASN1Template CERT_SetOfAttributeTemplate[] = { const SEC_ASN1Template CERT_CertificateRequestTemplate[] = { { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(CERTCertificateRequest) }, + 0, NULL, sizeof(CERTCertificateRequest) }, { SEC_ASN1_INTEGER, - offsetof(CERTCertificateRequest,version) }, + offsetof(CERTCertificateRequest, version) }, { SEC_ASN1_INLINE, - offsetof(CERTCertificateRequest,subject), - CERT_NameTemplate }, + offsetof(CERTCertificateRequest, subject), + CERT_NameTemplate }, { SEC_ASN1_INLINE, - offsetof(CERTCertificateRequest,subjectPublicKeyInfo), - CERT_SubjectPublicKeyInfoTemplate }, + offsetof(CERTCertificateRequest, subjectPublicKeyInfo), + CERT_SubjectPublicKeyInfoTemplate }, { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0, - offsetof(CERTCertificateRequest,attributes), - CERT_SetOfAttributeTemplate }, + offsetof(CERTCertificateRequest, attributes), + CERT_SetOfAttributeTemplate }, { 0 } }; @@ -46,25 +46,25 @@ SEC_ASN1_CHOOSER_IMPLEMENT(CERT_CertificateRequestTemplate) CERTCertificate * CERT_CreateCertificate(unsigned long serialNumber, - CERTName *issuer, - CERTValidity *validity, - CERTCertificateRequest *req) + CERTName *issuer, + CERTValidity *validity, + CERTCertificateRequest *req) { CERTCertificate *c; int rv; PLArenaPool *arena; - + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - - if ( !arena ) { - return(0); + + if (!arena) { + return (0); } c = (CERTCertificate *)PORT_ArenaZAlloc(arena, sizeof(CERTCertificate)); - + if (!c) { - PORT_FreeArena(arena, PR_FALSE); - return 0; + PORT_FreeArena(arena, PR_FALSE); + return 0; } c->referenceCount = 1; @@ -75,44 +75,50 @@ CERT_CreateCertificate(unsigned long serialNumber, * If extensions are added, it will get changed as appropriate. */ rv = DER_SetUInteger(arena, &c->version, SEC_CERTIFICATE_VERSION_1); - if (rv) goto loser; + if (rv) + goto loser; rv = DER_SetUInteger(arena, &c->serialNumber, serialNumber); - if (rv) goto loser; + if (rv) + goto loser; rv = CERT_CopyName(arena, &c->issuer, issuer); - if (rv) goto loser; + if (rv) + goto loser; rv = CERT_CopyValidity(arena, &c->validity, validity); - if (rv) goto loser; + if (rv) + goto loser; rv = CERT_CopyName(arena, &c->subject, &req->subject); - if (rv) goto loser; + if (rv) + goto loser; rv = SECKEY_CopySubjectPublicKeyInfo(arena, &c->subjectPublicKeyInfo, - &req->subjectPublicKeyInfo); - if (rv) goto loser; + &req->subjectPublicKeyInfo); + if (rv) + goto loser; return c; - loser: +loser: CERT_DestroyCertificate(c); return 0; } /************************************************************************/ -/* It's clear from the comments that the original author of this +/* It's clear from the comments that the original author of this * function expected the template for certificate requests to treat - * the attributes as a SET OF ANY. This function expected to be + * the attributes as a SET OF ANY. This function expected to be * passed an array of SECItems each of which contained an already encoded - * Attribute. But the cert request template does not treat the + * Attribute. But the cert request template does not treat the * Attributes as a SET OF ANY, and AFAIK never has. Instead the template * encodes attributes as a SET OF xxxxxxx. That is, it expects to encode - * each of the Attributes, not have them pre-encoded. Consequently an - * array of SECItems containing encoded Attributes is of no value to this + * each of the Attributes, not have them pre-encoded. Consequently an + * array of SECItems containing encoded Attributes is of no value to this * function. But we cannot change the signature of this public function. * It must continue to take SECItems. * - * I have recoded this function so that each SECItem contains an + * I have recoded this function so that each SECItem contains an * encoded cert extension. The encoded cert extensions form the list for the * single attribute of the cert request. In this implementation there is at most * one attribute and it is always of type SEC_OID_PKCS9_EXTENSION_REQUEST. @@ -120,95 +126,95 @@ CERT_CreateCertificate(unsigned long serialNumber, CERTCertificateRequest * CERT_CreateCertificateRequest(CERTName *subject, - CERTSubjectPublicKeyInfo *spki, - SECItem **attributes) + CERTSubjectPublicKeyInfo *spki, + SECItem **attributes) { CERTCertificateRequest *certreq; PLArenaPool *arena; - CERTAttribute * attribute; - SECOidData * oidData; + CERTAttribute *attribute; + SECOidData *oidData; SECStatus rv; int i = 0; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( arena == NULL ) { - return NULL; + if (arena == NULL) { + return NULL; } - + certreq = PORT_ArenaZNew(arena, CERTCertificateRequest); if (!certreq) { - PORT_FreeArena(arena, PR_FALSE); - return NULL; + PORT_FreeArena(arena, PR_FALSE); + return NULL; } /* below here it is safe to goto loser */ certreq->arena = arena; - + rv = DER_SetUInteger(arena, &certreq->version, - SEC_CERTIFICATE_REQUEST_VERSION); + SEC_CERTIFICATE_REQUEST_VERSION); if (rv != SECSuccess) - goto loser; + goto loser; rv = CERT_CopyName(arena, &certreq->subject, subject); if (rv != SECSuccess) - goto loser; + goto loser; rv = SECKEY_CopySubjectPublicKeyInfo(arena, - &certreq->subjectPublicKeyInfo, - spki); + &certreq->subjectPublicKeyInfo, + spki); if (rv != SECSuccess) - goto loser; + goto loser; - certreq->attributes = PORT_ArenaZNewArray(arena, CERTAttribute*, 2); - if(!certreq->attributes) - goto loser; + certreq->attributes = PORT_ArenaZNewArray(arena, CERTAttribute *, 2); + if (!certreq->attributes) + goto loser; /* Copy over attribute information */ if (!attributes || !attributes[0]) { - /* + /* ** Invent empty attribute information. According to the ** pkcs#10 spec, attributes has this ASN.1 type: ** ** attributes [0] IMPLICIT Attributes - ** + ** ** Which means, we should create a NULL terminated list ** with the first entry being NULL; */ - certreq->attributes[0] = NULL; - return certreq; - } + certreq->attributes[0] = NULL; + return certreq; + } /* allocate space for attributes */ attribute = PORT_ArenaZNew(arena, CERTAttribute); - if (!attribute) - goto loser; + if (!attribute) + goto loser; - oidData = SECOID_FindOIDByTag( SEC_OID_PKCS9_EXTENSION_REQUEST ); + oidData = SECOID_FindOIDByTag(SEC_OID_PKCS9_EXTENSION_REQUEST); PORT_Assert(oidData); if (!oidData) - goto loser; + goto loser; rv = SECITEM_CopyItem(arena, &attribute->attrType, &oidData->oid); if (rv != SECSuccess) - goto loser; + goto loser; - for (i = 0; attributes[i] != NULL ; i++) - ; - attribute->attrValue = PORT_ArenaZNewArray(arena, SECItem *, i+1); - if (!attribute->attrValue) - goto loser; + for (i = 0; attributes[i] != NULL; i++) + ; + attribute->attrValue = PORT_ArenaZNewArray(arena, SECItem *, i + 1); + if (!attribute->attrValue) + goto loser; /* copy attributes */ for (i = 0; attributes[i]; i++) { - /* + /* ** Attributes are a SetOf Attribute which implies ** lexigraphical ordering. It is assumes that the ** attributes are passed in sorted. If we need to ** add functionality to sort them, there is an ** example in the PKCS 7 code. */ - attribute->attrValue[i] = SECITEM_ArenaDupItem(arena, attributes[i]); - if(!attribute->attrValue[i]) - goto loser; + attribute->attrValue[i] = SECITEM_ArenaDupItem(arena, attributes[i]); + if (!attribute->attrValue[i]) + goto loser; } certreq->attributes[0] = attribute; @@ -224,7 +230,7 @@ void CERT_DestroyCertificateRequest(CERTCertificateRequest *req) { if (req && req->arena) { - PORT_FreeArena(req->arena, PR_FALSE); + PORT_FreeArena(req->arena, PR_FALSE); } return; } @@ -241,11 +247,11 @@ setCRExt(void *o, CERTCertExtension **exts) ** attribute list by CERT_FinishCRAttributes(). */ extern void *cert_StartExtensions(void *owner, PLArenaPool *ownerArena, - void (*setExts)(void *object, CERTCertExtension **exts)); + void (*setExts)(void *object, CERTCertExtension **exts)); void * CERT_StartCertificateRequestAttributes(CERTCertificateRequest *req) { - return (cert_StartExtensions ((void *)req, req->arena, setCRExt)); + return (cert_StartExtensions((void *)req, req->arena, setCRExt)); } /* @@ -257,38 +263,39 @@ CERT_StartCertificateRequestAttributes(CERTCertificateRequest *req) */ SECStatus CERT_FinishCertificateRequestAttributes(CERTCertificateRequest *req) -{ SECItem *extlist; +{ + SECItem *extlist; SECOidData *oidrec; CERTAttribute *attribute; - + if (!req || !req->arena) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); + PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } if (req->attributes == NULL || req->attributes[0] == NULL) return SECSuccess; extlist = SEC_ASN1EncodeItem(req->arena, NULL, &req->attributes, - SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate)); + SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate)); if (extlist == NULL) - return(SECFailure); + return (SECFailure); oidrec = SECOID_FindOIDByTag(SEC_OID_PKCS9_EXTENSION_REQUEST); if (oidrec == NULL) - return SECFailure; + return SECFailure; /* now change the list of cert extensions into a list of attributes */ - req->attributes = PORT_ArenaZNewArray(req->arena, CERTAttribute*, 2); + req->attributes = PORT_ArenaZNewArray(req->arena, CERTAttribute *, 2); attribute = PORT_ArenaZNew(req->arena, CERTAttribute); - + if (req->attributes == NULL || attribute == NULL || SECITEM_CopyItem(req->arena, &attribute->attrType, &oidrec->oid) != 0) { PORT_SetError(SEC_ERROR_NO_MEMORY); - return SECFailure; + return SECFailure; } - attribute->attrValue = PORT_ArenaZNewArray(req->arena, SECItem*, 2); + attribute->attrValue = PORT_ArenaZNewArray(req->arena, SECItem *, 2); if (attribute->attrValue == NULL) return SECFailure; @@ -303,22 +310,22 @@ CERT_FinishCertificateRequestAttributes(CERTCertificateRequest *req) SECStatus CERT_GetCertificateRequestExtensions(CERTCertificateRequest *req, - CERTCertExtension ***exts) + CERTCertExtension ***exts) { if (req == NULL || exts == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); + PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } - + if (req->attributes == NULL || *req->attributes == NULL) return SECSuccess; - + if ((*req->attributes)->attrValue == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); + PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } - return(SEC_ASN1DecodeItem(req->arena, exts, - SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate), - (*req->attributes)->attrValue[0])); + return (SEC_ASN1DecodeItem(req->arena, exts, + SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate), + (*req->attributes)->attrValue[0])); } |