/*
* Lookup a certificate in the database by name
*/
CERTCertificate *
CERT_FindCertByNameString(CERTCertDBHandle *handle, char *nameStr)
{
CERTName *name;
SECItem *nameItem;
CERTCertificate *cert = NULL;
PRArenaPool *arena = NULL;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( arena == NULL ) {
goto loser;
}
name = CERT_AsciiToName(nameStr);
if ( name ) {
nameItem = SEC_ASN1EncodeItem (arena, NULL, (void *)name,
CERT_NameTemplate);
if ( nameItem != NULL ) {
cert = CERT_FindCertByName(handle, nameItem);
}
CERT_DestroyName(name);
}
loser:
if ( arena ) {
PORT_FreeArena(arena, PR_FALSE);
}
return(cert);
}
static CERTSignedCrl *
FindCRL(CERTCertDBHandle *certHandle, char *name, int type)
{
CERTSignedCrl *crl = NULL;
CERTCertificate *cert = NULL;
SECItem derName;
derName.data = NULL;
derName.len = 0;
cert = CERT_FindCertByNicknameOrEmailAddr(certHandle, name);
if (!cert) {
CERTName *certName = NULL;
PLArenaPool *arena = NULL;
SECStatus rv = SECSuccess;
certName = CERT_AsciiToName(name);
if (certName) {
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena) {
SECItem *nameItem =
SEC_ASN1EncodeItem(arena, NULL, (void *)certName,
SEC_ASN1_GET(CERT_NameTemplate));
if (nameItem) {
rv = SECITEM_CopyItem(NULL, &derName, nameItem);
}
PORT_FreeArena(arena, PR_FALSE);
}
CERT_DestroyName(certName);
}
if (rv != SECSuccess) {
SECU_PrintError(progName, "SECITEM_CopyItem failed, out of memory");
return ((CERTSignedCrl *)NULL);
}
if (!derName.len || !derName.data) {
SECU_PrintError(progName, "could not find certificate named '%s'", name);
return ((CERTSignedCrl *)NULL);
}
} else {
SECITEM_CopyItem(NULL, &derName, &cert->derSubject);
CERT_DestroyCertificate(cert);
}
crl = SEC_FindCrlByName(certHandle, &derName, type);
if (crl == NULL)
SECU_PrintError(progName, "could not find %s's CRL", name);
if (derName.data) {
SECITEM_FreeItem(&derName, PR_FALSE);
}
return (crl);
}
/******************************************************************
*
* m a k e _ c e r t _ r e q u e s t
*/
static CERTCertificateRequest*
make_cert_request(char *subject, SECKEYPublicKey *pubk)
{
CERTName * subj;
CERTSubjectPublicKeyInfo * spki;
CERTCertificateRequest * req;
/* Create info about public key */
spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);
if (!spki) {
SECU_PrintError(progName, "unable to create subject public key");
exit (ERRX);
}
subj = CERT_AsciiToName (subject);
if (subj == NULL) {
FatalError("Invalid data in certificate description");
}
/* Generate certificate request */
req = CERT_CreateCertificateRequest(subj, spki, 0);
if (!req) {
SECU_PrintError(progName, "unable to make certificate request");
exit (ERRX);
}
SECKEY_DestroySubjectPublicKeyInfo(spki);
CERT_DestroyName(subj);
if (verbosity >= 0) {
PR_fprintf(outputFD, "certificate request generated\n");
}
return req;
}
static CERTName *
ParseRFC1485Name(char *buf, int len)
{
SECStatus rv;
CERTName *name;
char *bp, *e;
CERTAVA *ava;
CERTRDN *rdn = NULL;
name = CERT_CreateName(NULL);
if (name == NULL) {
return NULL;
}
e = buf + len;
bp = buf;
while (bp < e) {
ava = ParseRFC1485AVA(name->arena, &bp, e);
if (ava == 0)
goto loser;
if (!rdn) {
rdn = CERT_CreateRDN(name->arena, ava, (CERTAVA *)0);
if (rdn == 0)
goto loser;
rv = CERT_AddRDN(name, rdn);
} else {
rv = CERT_AddAVA(name->arena, rdn, ava);
}
if (rv)
goto loser;
if (bp[-1] != '+')
rdn = NULL; /* done with this RDN */
skipSpace(&bp, e);
}
if (name->rdns[0] == 0) {
/* empty name -- illegal */
goto loser;
}
/* Reverse order of RDNS to comply with RFC */
{
CERTRDN **firstRdn;
CERTRDN **lastRdn;
CERTRDN *tmp;
/* get first one */
firstRdn = name->rdns;
/* find last one */
lastRdn = name->rdns;
while (*lastRdn) lastRdn++;
lastRdn--;
/* reverse list */
for ( ; firstRdn < lastRdn; firstRdn++, lastRdn--) {
tmp = *firstRdn;
*firstRdn = *lastRdn;
*lastRdn = tmp;
}
}
/* return result */
return name;
loser:
CERT_DestroyName(name);
return NULL;
}
/*
* FUNCTION: PKIX_PL_GeneralName_Create (see comments in pkix_pl_pki.h)
*/
PKIX_Error *
PKIX_PL_GeneralName_Create(
PKIX_UInt32 nameType,
PKIX_PL_String *stringRep,
PKIX_PL_GeneralName **pGName,
void *plContext)
{
PKIX_PL_X500Name *pkixDN = NULL;
PKIX_PL_OID *pkixOID = NULL;
SECItem *secItem = NULL;
char *asciiString = NULL;
PKIX_UInt32 length = 0;
PKIX_PL_GeneralName *genName = NULL;
CERTGeneralName *nssGenName = NULL;
CERTGeneralNameList *nssGenNameList = NULL;
CERTName *nssCertName = NULL;
PLArenaPool *arena = NULL;
PKIX_ENTER(GENERALNAME, "PKIX_PL_GeneralName_Create");
PKIX_NULLCHECK_TWO(pGName, stringRep);
PKIX_CHECK(PKIX_PL_String_GetEncoded
(stringRep,
PKIX_ESCASCII,
(void **)&asciiString,
&length,
plContext),
PKIX_STRINGGETENCODEDFAILED);
/* Create a temporary CERTGeneralName */
PKIX_GENERALNAME_DEBUG("\t\tCalling PL_strlen).\n");
length = PL_strlen(asciiString);
PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_AllocItem).\n");
secItem = SECITEM_AllocItem(NULL, NULL, length);
PKIX_GENERALNAME_DEBUG("\t\tCalling PORT_Memcpy).\n");
(void) PORT_Memcpy(secItem->data, asciiString, length);
PKIX_CERT_DEBUG("\t\tCalling PORT_NewArena).\n");
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
PKIX_ERROR(PKIX_OUTOFMEMORY);
}
PKIX_GENERALNAME_DEBUG("\t\tCalling CERT_NewGeneralName).\n");
nssGenName = CERT_NewGeneralName(arena, nameType);
if (nssGenName == NULL) {
PKIX_ERROR(PKIX_ALLOCATENEWCERTGENERALNAMEFAILED);
}
switch (nameType) {
case certRFC822Name:
case certDNSName:
case certURI:
nssGenName->name.other = *secItem;
break;
case certDirectoryName:
PKIX_CHECK(PKIX_PL_X500Name_Create
(stringRep, &pkixDN, plContext),
PKIX_X500NAMECREATEFAILED);
PKIX_GENERALNAME_DEBUG("\t\tCalling CERT_AsciiToName).\n");
nssCertName = CERT_AsciiToName(asciiString);
nssGenName->name.directoryName = *nssCertName;
break;
case certRegisterID:
PKIX_CHECK(PKIX_PL_OID_Create
(asciiString, &pkixOID, plContext),
PKIX_OIDCREATEFAILED);
nssGenName->name.other = *secItem;
break;
default:
/* including IPAddress, EDIPartyName, OtherName, X400Address */
PKIX_ERROR(PKIX_UNABLETOCREATEGENERALNAMEOFTHISTYPE);
}
/* create a PKIX_PL_GeneralName object */
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_GENERALNAME_TYPE,
sizeof (PKIX_PL_GeneralName),
(PKIX_PL_Object **)&genName,
plContext),
PKIX_COULDNOTCREATEOBJECT);
/* create a CERTGeneralNameList */
nssGenName->type = nameType;
PKIX_GENERALNAME_DEBUG("\t\tCalling CERT_CreateGeneralNameList).\n");
nssGenNameList = CERT_CreateGeneralNameList(nssGenName);
if (nssGenNameList == NULL) {
PKIX_ERROR(PKIX_CERTCREATEGENERALNAMELISTFAILED);
}
genName->nssGeneralNameList = nssGenNameList;
/* initialize fields */
genName->type = nameType;
genName->directoryName = pkixDN;
genName->OthName = NULL;
genName->other = secItem;
genName->oid = pkixOID;
*pGName = genName;
cleanup:
PKIX_FREE(asciiString);
if (nssCertName != NULL) {
PKIX_CERT_DEBUG("\t\tCalling CERT_DestroyName).\n");
CERT_DestroyName(nssCertName);
}
if (arena){ /* will free nssGenName */
PKIX_CERT_DEBUG("\t\tCalling PORT_FreeArena).\n");
PORT_FreeArena(arena, PR_FALSE);
}
if (PKIX_ERROR_RECEIVED){
PKIX_DECREF(pkixDN);
PKIX_DECREF(pkixOID);
PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_FreeItem).\n");
if (secItem){
SECITEM_FreeItem(secItem, PR_TRUE);
secItem = NULL;
}
}
PKIX_RETURN(GENERALNAME);
}
