1
/* ***** BEGIN LICENSE BLOCK *****
2
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
4
* The contents of this file are subject to the Mozilla Public License Version
5
* 1.1 (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
7
* http://www.mozilla.org/MPL/
9
* Software distributed under the License is distributed on an "AS IS" basis,
10
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11
* for the specific language governing rights and limitations under the
14
* The Original Code is the Netscape security libraries.
16
* The Initial Developer of the Original Code is
17
* Netscape Communications Corporation.
18
* Portions created by the Initial Developer are Copyright (C) 1994-2000
19
* the Initial Developer. All Rights Reserved.
22
* John Gardiner Myers <jgmyers@speakeasy.net>
24
* Alternatively, the contents of this file may be used under the terms of
25
* either the GNU General Public License Version 2 or later (the "GPL"), or
26
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27
* in which case the provisions of the GPL or the LGPL are applicable instead
28
* of those above. If you wish to allow use of your version of this file only
29
* under the terms of either the GPL or the LGPL, and not to allow others to
30
* use your version of this file under the terms of the MPL, indicate your
31
* decision by deleting the provisions above and replace them with the notice
32
* and other provisions required by the GPL or the LGPL. If you do not delete
33
* the provisions above, a recipient may use your version of this file under
34
* the terms of any one of the MPL, the GPL or the LGPL.
36
* ***** END LICENSE BLOCK ***** */
40
#include "secder.h" /* XXX remove this when remove the DERTemplates */
47
static const SEC_ASN1Template cert_AVATemplate[] = {
49
0, NULL, sizeof(CERTAVA) },
51
offsetof(CERTAVA,type), },
53
offsetof(CERTAVA,value), },
57
const SEC_ASN1Template CERT_RDNTemplate[] = {
59
offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) }
64
CountArray(void **array)
76
AddToArray(PRArenaPool *arena, void **array, void *element)
81
/* Count up number of slots already in use in the array */
91
array = (void**) PORT_ArenaGrow(arena, array,
92
(count + 1) * sizeof(void *),
93
(count + 2) * sizeof(void *));
95
array = (void**) PORT_ArenaAlloc(arena, (count + 2) * sizeof(void *));
98
array[count] = element;
106
CERT_GetAVATag(CERTAVA *ava)
109
if (!ava->type.data) return (SECOidTag)-1;
111
oid = SECOID_FindOID(&ava->type);
116
return (SECOidTag)-1;
120
SetupAVAType(PRArenaPool *arena, SECOidTag type, SECItem *it, unsigned *maxLenp)
128
oidrec = SECOID_FindOIDByTag(type);
132
oid = oidrec->oid.data;
133
oidLen = oidrec->oid.len;
135
maxLen = cert_AVAOidTagToMaxLen(type);
137
PORT_SetError(SEC_ERROR_INVALID_ARGS);
141
it->data = cp = (unsigned char*) PORT_ArenaAlloc(arena, oidLen);
146
PORT_Memcpy(cp, oid, oidLen);
147
*maxLenp = (unsigned)maxLen;
152
SetupAVAValue(PRArenaPool *arena, int valueType, char *value, SECItem *it,
155
unsigned valueLen, valueLenLen, total;
156
unsigned ucs4Len = 0, ucs4MaxLen;
157
unsigned char *cp, *ucs4Val;
160
case SEC_ASN1_PRINTABLE_STRING:
161
case SEC_ASN1_IA5_STRING:
162
case SEC_ASN1_T61_STRING:
163
case SEC_ASN1_UTF8_STRING: /* no conversion required */
164
valueLen = PORT_Strlen(value);
166
case SEC_ASN1_UNIVERSAL_STRING:
167
valueLen = PORT_Strlen(value);
168
ucs4MaxLen = valueLen * 6;
169
ucs4Val = (unsigned char *)PORT_ArenaZAlloc(arena, ucs4MaxLen);
170
if(!ucs4Val || !PORT_UCS4_UTF8Conversion(PR_TRUE,
171
(unsigned char *)value, valueLen,
172
ucs4Val, ucs4MaxLen, &ucs4Len)) {
173
PORT_SetError(SEC_ERROR_INVALID_ARGS);
176
value = (char *)ucs4Val;
181
PORT_SetError(SEC_ERROR_INVALID_ARGS);
185
if (valueLen > maxLen) {
186
PORT_SetError(SEC_ERROR_INVALID_ARGS);
190
valueLenLen = DER_LengthLength(valueLen);
191
total = 1 + valueLenLen + valueLen;
192
it->data = cp = (unsigned char*) PORT_ArenaAlloc(arena, total);
197
cp = (unsigned char*) DER_StoreHeader(cp, valueType, valueLen);
198
PORT_Memcpy(cp, value, valueLen);
203
CERT_CreateAVA(PRArenaPool *arena, SECOidTag kind, int valueType, char *value)
209
ava = (CERTAVA*) PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
211
rv = SetupAVAType(arena, kind, &ava->type, &maxLen);
213
/* Illegal AVA type */
216
rv = SetupAVAValue(arena, valueType, value, &ava->value, maxLen);
218
/* Illegal value type */
226
CERT_CopyAVA(PRArenaPool *arena, CERTAVA *from)
231
ava = (CERTAVA*) PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
233
rv = SECITEM_CopyItem(arena, &ava->type, &from->type);
235
rv = SECITEM_CopyItem(arena, &ava->value, &from->value);
244
/************************************************************************/
245
/* XXX This template needs to go away in favor of the new SEC_ASN1 version. */
246
static const SEC_ASN1Template cert_RDNTemplate[] = {
248
offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) }
253
CERT_CreateRDN(PRArenaPool *arena, CERTAVA *ava0, ...)
261
rdn = (CERTRDN*) PORT_ArenaAlloc(arena, sizeof(CERTRDN));
263
/* Count number of avas going into the rdn */
268
while ((ava = va_arg(ap, CERTAVA*)) != 0) {
274
/* Now fill in the pointers */
276
(CERTAVA**) PORT_ArenaAlloc( arena, (count + 1)*sizeof(CERTAVA*));
283
while ((ava = va_arg(ap, CERTAVA*)) != 0) {
294
CERT_AddAVA(PRArenaPool *arena, CERTRDN *rdn, CERTAVA *ava)
296
rdn->avas = (CERTAVA**) AddToArray(arena, (void**) rdn->avas, ava);
297
return rdn->avas ? SECSuccess : SECFailure;
301
CERT_CopyRDN(PRArenaPool *arena, CERTRDN *to, CERTRDN *from)
303
CERTAVA **avas, *fava, *tava;
304
SECStatus rv = SECSuccess;
306
/* Copy each ava from from */
309
if (avas[0] == NULL) {
310
rv = CERT_AddAVA(arena, to, NULL);
313
while ((fava = *avas++) != 0) {
314
tava = CERT_CopyAVA(arena, fava);
319
rv = CERT_AddAVA(arena, to, tava);
320
if (rv != SECSuccess)
327
/************************************************************************/
329
const SEC_ASN1Template CERT_NameTemplate[] = {
330
{ SEC_ASN1_SEQUENCE_OF,
331
offsetof(CERTName,rdns), CERT_RDNTemplate, sizeof(CERTName) }
334
SEC_ASN1_CHOOSER_IMPLEMENT(CERT_NameTemplate)
337
CERT_CreateName(CERTRDN *rdn0, ...)
346
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
351
name = (CERTName*) PORT_ArenaAlloc(arena, sizeof(CERTName));
355
/* Count number of RDNs going into the Name */
361
while ((rdn = va_arg(ap, CERTRDN*)) != 0) {
367
/* Allocate space (including space for terminal null ptr) */
369
(CERTRDN**) PORT_ArenaAlloc(arena, (count + 1) * sizeof(CERTRDN*));
374
/* Now fill in the pointers */
378
while ((rdn = va_arg(ap, CERTRDN*)) != 0) {
384
/* null terminate the list */
390
PORT_FreeArena(arena, PR_FALSE);
395
CERT_DestroyName(CERTName *name)
399
PRArenaPool *arena = name->arena;
402
if (arena) PORT_FreeArena(arena, PR_FALSE);
407
CERT_AddRDN(CERTName *name, CERTRDN *rdn)
409
name->rdns = (CERTRDN**) AddToArray(name->arena, (void**) name->rdns, rdn);
410
return name->rdns ? SECSuccess : SECFailure;
414
CERT_CopyName(PRArenaPool *arena, CERTName *to, CERTName *from)
416
CERTRDN **rdns, *frdn, *trdn;
417
SECStatus rv = SECSuccess;
420
PORT_SetError(SEC_ERROR_INVALID_ARGS);
424
CERT_DestroyName(to);
427
/* Copy each rdn from from */
430
if (rdns[0] == NULL) {
431
rv = CERT_AddRDN(to, NULL);
434
while ((frdn = *rdns++) != NULL) {
435
trdn = CERT_CreateRDN(arena, 0);
440
rv = CERT_CopyRDN(arena, trdn, frdn);
441
if (rv != SECSuccess)
443
rv = CERT_AddRDN(to, trdn);
444
if (rv != SECSuccess)
451
/************************************************************************/
454
canonicalize(SECItem * foo)
456
int ch, lastch, len, src, dest;
458
/* strip trailing whitespace. */
460
while (len > 0 && ((ch = foo->data[len - 1]) == ' ' ||
461
ch == '\t' || ch == '\r' || ch == '\n')) {
466
/* strip leading whitespace. */
467
while (src < len && ((ch = foo->data[src]) == ' ' ||
468
ch == '\t' || ch == '\r' || ch == '\n')) {
471
dest = 0; lastch = ' ';
473
ch = foo->data[src++];
474
if (ch == ' ' || ch == '\t' || ch == '\r' || ch == '\n') {
478
} else if (ch >= 'A' && ch <= 'Z') {
479
ch |= 0x20; /* downshift */
481
foo->data[dest++] = lastch = ch;
486
/* SECItems a and b contain DER-encoded printable strings. */
488
CERT_CompareDERPrintableStrings(const SECItem *a, const SECItem *b)
490
SECComparison rv = SECLessThan;
491
SECItem * aVal = CERT_DecodeAVAValue(a);
492
SECItem * bVal = CERT_DecodeAVAValue(b);
494
if (aVal && aVal->len && aVal->data &&
495
bVal && bVal->len && bVal->data) {
498
rv = SECITEM_CompareItem(aVal, bVal);
500
SECITEM_FreeItem(aVal, PR_TRUE);
501
SECITEM_FreeItem(bVal, PR_TRUE);
506
CERT_CompareAVA(const CERTAVA *a, const CERTAVA *b)
510
rv = SECITEM_CompareItem(&a->type, &b->type);
512
return rv; /* Attribute types don't match. */
513
/* Let's be optimistic. Maybe the values will just compare equal. */
514
rv = SECITEM_CompareItem(&a->value, &b->value);
516
return rv; /* values compared exactly. */
517
if (a->value.len && a->value.data && b->value.len && b->value.data) {
518
/* Here, the values did not match.
519
** If the values had different encodings, convert them to the same
520
** encoding and compare that way.
522
if (a->value.data[0] != b->value.data[0]) {
523
/* encodings differ. Convert both to UTF-8 and compare. */
524
SECItem * aVal = CERT_DecodeAVAValue(&a->value);
525
SECItem * bVal = CERT_DecodeAVAValue(&b->value);
526
if (aVal && aVal->len && aVal->data &&
527
bVal && bVal->len && bVal->data) {
528
rv = SECITEM_CompareItem(aVal, bVal);
530
SECITEM_FreeItem(aVal, PR_TRUE);
531
SECITEM_FreeItem(bVal, PR_TRUE);
532
} else if (a->value.data[0] == 0x13) { /* both are printable strings. */
533
/* printable strings */
534
rv = CERT_CompareDERPrintableStrings(&a->value, &b->value);
541
CERT_CompareRDN(CERTRDN *a, CERTRDN *b)
543
CERTAVA **aavas, *aava;
544
CERTAVA **bavas, *bava;
546
SECComparison rv = SECEqual;
552
** Make sure array of ava's are the same length. If not, then we are
555
ac = CountArray((void**) aavas);
556
bc = CountArray((void**) bavas);
557
if (ac < bc) return SECLessThan;
558
if (ac > bc) return SECGreaterThan;
566
rv = CERT_CompareAVA(aava, bava);
573
CERT_CompareName(CERTName *a, CERTName *b)
575
CERTRDN **ardns, *ardn;
576
CERTRDN **brdns, *brdn;
578
SECComparison rv = SECEqual;
584
** Make sure array of rdn's are the same length. If not, then we are
587
ac = CountArray((void**) ardns);
588
bc = CountArray((void**) brdns);
589
if (ac < bc) return SECLessThan;
590
if (ac > bc) return SECGreaterThan;
598
rv = CERT_CompareRDN(ardn, brdn);
604
/* Moved from certhtml.c */
606
CERT_DecodeAVAValue(const SECItem *derAVAValue)
609
const SEC_ASN1Template *theTemplate = NULL;
610
enum { conv_none, conv_ucs4, conv_ucs2, conv_iso88591 } convert = conv_none;
611
SECItem avaValue = {siBuffer, 0};
612
PLArenaPool *newarena = NULL;
614
if (!derAVAValue || !derAVAValue->len || !derAVAValue->data) {
618
switch(derAVAValue->data[0]) {
619
case SEC_ASN1_UNIVERSAL_STRING:
621
theTemplate = SEC_UniversalStringTemplate;
623
case SEC_ASN1_IA5_STRING:
624
theTemplate = SEC_IA5StringTemplate;
626
case SEC_ASN1_PRINTABLE_STRING:
627
theTemplate = SEC_PrintableStringTemplate;
629
case SEC_ASN1_T61_STRING:
631
* Per common practice, we're not decoding actual T.61, but instead
632
* treating T61-labeled strings as containing ISO-8859-1.
634
convert = conv_iso88591;
635
theTemplate = SEC_T61StringTemplate;
637
case SEC_ASN1_BMP_STRING:
639
theTemplate = SEC_BMPStringTemplate;
641
case SEC_ASN1_UTF8_STRING:
642
/* No conversion needed ! */
643
theTemplate = SEC_UTF8StringTemplate;
649
PORT_Memset(&avaValue, 0, sizeof(SECItem));
650
newarena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
654
if(SEC_QuickDERDecodeItem(newarena, &avaValue, theTemplate, derAVAValue)
656
PORT_FreeArena(newarena, PR_FALSE);
660
if (convert != conv_none) {
661
unsigned int utf8ValLen = avaValue.len * 3;
662
unsigned char *utf8Val = (unsigned char*)
663
PORT_ArenaZAlloc(newarena, utf8ValLen);
667
if(avaValue.len % 4 != 0 ||
668
!PORT_UCS4_UTF8Conversion(PR_FALSE, avaValue.data, avaValue.len,
669
utf8Val, utf8ValLen, &utf8ValLen)) {
670
PORT_FreeArena(newarena, PR_FALSE);
671
PORT_SetError(SEC_ERROR_INVALID_AVA);
676
if(avaValue.len % 2 != 0 ||
677
!PORT_UCS2_UTF8Conversion(PR_FALSE, avaValue.data, avaValue.len,
678
utf8Val, utf8ValLen, &utf8ValLen)) {
679
PORT_FreeArena(newarena, PR_FALSE);
680
PORT_SetError(SEC_ERROR_INVALID_AVA);
685
if(!PORT_ISO88591_UTF8Conversion(avaValue.data, avaValue.len,
686
utf8Val, utf8ValLen, &utf8ValLen)) {
687
PORT_FreeArena(newarena, PR_FALSE);
688
PORT_SetError(SEC_ERROR_INVALID_AVA);
693
PORT_Assert(0); /* not reached */
697
avaValue.data = utf8Val;
698
avaValue.len = utf8ValLen;
701
retItem = SECITEM_DupItem(&avaValue);
702
PORT_FreeArena(newarena, PR_FALSE);