/*
* FUNCTION: pkix_pl_CRL_GetSignatureAlgId
*
* DESCRIPTION:
* Retrieves a pointer to the OID that represents the signature algorithm of
* the CRL pointed to by "crl" and stores it at "pSignatureAlgId".
*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL }
*
* PARAMETERS:
* "crl"
* Address of CRL whose signature algorithm OID is to be stored.
* Must be non-NULL.
* "pSignatureAlgId"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRL Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_CRL_GetSignatureAlgId(
PKIX_PL_CRL *crl,
PKIX_PL_OID **pSignatureAlgId,
void *plContext)
{
CERTCrl *nssCrl = NULL;
PKIX_PL_OID *signatureAlgId = NULL;
SECAlgorithmID algorithm;
SECItem algBytes;
char *asciiOID = NULL;
PKIX_ENTER(CRL, "pkix_pl_CRL_GetSignatureAlgId");
PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pSignatureAlgId);
/* if we don't have a cached copy from before, we create one */
if (crl->signatureAlgId == NULL) {
PKIX_OBJECT_LOCK(crl);
if (crl->signatureAlgId == NULL) {
nssCrl = &(crl->nssSignedCrl->crl);
algorithm = nssCrl->signatureAlg;
algBytes = algorithm.algorithm;
PKIX_NULLCHECK_ONE(algBytes.data);
if (algBytes.len == 0) {
PKIX_ERROR_FATAL(PKIX_OIDBYTESLENGTH0);
}
PKIX_CHECK(pkix_pl_oidBytes2Ascii
(&algBytes, &asciiOID, plContext),
PKIX_OIDBYTES2ASCIIFAILED);
PKIX_CHECK(PKIX_PL_OID_Create
(asciiOID, &signatureAlgId, plContext),
PKIX_OIDCREATEFAILED);
/* save a cached copy in case it is asked for again */
crl->signatureAlgId = signatureAlgId;
}
PKIX_OBJECT_UNLOCK(crl);
}
PKIX_INCREF(crl->signatureAlgId);
*pSignatureAlgId = crl->signatureAlgId;
cleanup:
PKIX_FREE(asciiOID);
PKIX_RETURN(CRL);
}
/*
* FUNCTION: pkix_pl_GeneralName_ToString_Helper
* DESCRIPTION:
*
* Helper function that creates a string representation of the GeneralName
* pointed to by "name" and stores it at "pString" Different mechanisms are
* used to create the string, depending on the type of the GeneralName.
*
* PARAMETERS
* "name"
* Address of GeneralName whose string representation is desired.
* Must be non-NULL.
* "pString"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext" - Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a GeneralName Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_GeneralName_ToString_Helper(
PKIX_PL_GeneralName *name,
PKIX_PL_String **pString,
void *plContext)
{
PKIX_PL_X500Name *pkixDN = NULL;
PKIX_PL_OID *pkixOID = NULL;
char *x400AsciiName = NULL;
char *ediPartyName = NULL;
char *asciiName = NULL;
PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_ToString_Helper");
PKIX_NULLCHECK_TWO(name, pString);
switch (name->type) {
case certRFC822Name:
case certDNSName:
case certURI:
/*
* Note that we can't use PKIX_ESCASCII here because
* name->other->data is not guaranteed to be null-terminated.
*/
PKIX_NULLCHECK_ONE(name->other);
PKIX_CHECK(PKIX_PL_String_Create(PKIX_UTF8,
(name->other)->data,
(name->other)->len,
pString,
plContext),
PKIX_STRINGCREATEFAILED);
break;
case certEDIPartyName:
/* XXX print out the actual bytes */
ediPartyName = "EDIPartyName: <DER-encoded value>";
PKIX_CHECK(PKIX_PL_String_Create(PKIX_ESCASCII,
ediPartyName,
0,
pString,
plContext),
PKIX_STRINGCREATEFAILED);
break;
case certX400Address:
/* XXX print out the actual bytes */
x400AsciiName = "X400Address: <DER-encoded value>";
PKIX_CHECK(PKIX_PL_String_Create(PKIX_ESCASCII,
x400AsciiName,
0,
pString,
plContext),
PKIX_STRINGCREATEFAILED);
break;
case certIPAddress:
PKIX_CHECK(pkix_pl_ipAddrBytes2Ascii
(name->other, &asciiName, plContext),
PKIX_IPADDRBYTES2ASCIIFAILED);
PKIX_CHECK(PKIX_PL_String_Create(PKIX_ESCASCII,
asciiName,
0,
pString,
plContext),
PKIX_STRINGCREATEFAILED);
break;
case certOtherName:
PKIX_NULLCHECK_ONE(name->OthName);
/* we only print type-id - don't know how to print value */
/* XXX print out the bytes of the value */
PKIX_CHECK(pkix_pl_oidBytes2Ascii
(&name->OthName->oid, &asciiName, plContext),
PKIX_OIDBYTES2ASCIIFAILED);
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
asciiName,
0,
pString,
plContext),
PKIX_STRINGCREATEFAILED);
break;
case certRegisterID:
pkixOID = name->oid;
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)pkixOID, pString, plContext),
PKIX_OIDTOSTRINGFAILED);
break;
case certDirectoryName:
pkixDN = name->directoryName;
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)pkixDN, pString, plContext),
PKIX_X500NAMETOSTRINGFAILED);
break;
default:
PKIX_ERROR
(PKIX_TOSTRINGFORTHISGENERALNAMETYPENOTSUPPORTED);
}
cleanup:
PKIX_FREE(asciiName);
PKIX_RETURN(GENERALNAME);
}
/*
* FUNCTION: pkix_pl_GeneralName_Create
* DESCRIPTION:
*
* Creates new GeneralName which represents the CERTGeneralName pointed to by
* "nssAltName" and stores it at "pGenName".
*
* PARAMETERS:
* "nssAltName"
* Address of CERTGeneralName. Must be non-NULL.
* "pGenName"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext" - Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a GeneralName Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_pl_GeneralName_Create(
CERTGeneralName *nssAltName,
PKIX_PL_GeneralName **pGenName,
void *plContext)
{
PKIX_PL_GeneralName *genName = NULL;
PKIX_PL_X500Name *pkixDN = NULL;
PKIX_PL_OID *pkixOID = NULL;
OtherName *otherName = NULL;
CERTGeneralNameList *nssGenNameList = NULL;
CERTGeneralNameType nameType;
SECItem *secItem = NULL;
char *asciiName = NULL;
SECStatus rv;
PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_Create");
PKIX_NULLCHECK_TWO(nssAltName, pGenName);
/* create a PKIX_PL_GeneralName object */
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_GENERALNAME_TYPE,
sizeof (PKIX_PL_GeneralName),
(PKIX_PL_Object **)&genName,
plContext),
PKIX_COULDNOTCREATEOBJECT);
nameType = nssAltName->type;
/*
* We use CERT_CreateGeneralNameList to create just one CERTGeneralName
* item for memory allocation reason. If we want to just create one
* item, we have to use the calling path CERT_NewGeneralName, then
* CERT_CopyOneGeneralName. With this calling path, if we pass
* the arena argument as NULL, in CERT_CopyOneGeneralName's subsequent
* call to CERT_CopyName, it assumes arena should be valid, hence
* segmentation error (not sure this is a NSS bug, certainly it is
* not consistent). But on the other hand, we don't want to keep an
* arena record here explicitely for every PKIX_PL_GeneralName.
* So I concluded it is better to use CERT_CreateGeneralNameList,
* which keeps an arena pointer in its data structure and also masks
* out details calls from this libpkix level.
*/
PKIX_GENERALNAME_DEBUG("\t\tCalling CERT_CreateGeneralNameList).\n");
nssGenNameList = CERT_CreateGeneralNameList(nssAltName);
if (nssGenNameList == NULL) {
PKIX_ERROR(PKIX_CERTCREATEGENERALNAMELISTFAILED);
}
genName->nssGeneralNameList = nssGenNameList;
/* initialize fields */
genName->type = nameType;
genName->directoryName = NULL;
genName->OthName = NULL;
genName->other = NULL;
genName->oid = NULL;
switch (nameType){
case certOtherName:
PKIX_CHECK(pkix_pl_OtherName_Create
(nssAltName, &otherName, plContext),
PKIX_OTHERNAMECREATEFAILED);
genName->OthName = otherName;
break;
case certDirectoryName:
PKIX_CHECK(pkix_pl_DirectoryName_Create
(nssAltName, &pkixDN, plContext),
PKIX_DIRECTORYNAMECREATEFAILED);
genName->directoryName = pkixDN;
break;
case certRegisterID:
PKIX_CHECK(pkix_pl_oidBytes2Ascii
(&nssAltName->name.other, &asciiName, plContext),
PKIX_OIDBYTES2ASCIIFAILED);
PKIX_CHECK(PKIX_PL_OID_Create(asciiName, &pkixOID, plContext),
PKIX_OIDCREATEFAILED);
genName->oid = pkixOID;
break;
case certDNSName:
case certEDIPartyName:
case certIPAddress:
case certRFC822Name:
case certX400Address:
case certURI:
PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_AllocItem).\n");
secItem = SECITEM_AllocItem(NULL, NULL, 0);
if (secItem == NULL){
PKIX_ERROR(PKIX_OUTOFMEMORY);
}
PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_CopyItem).\n");
rv = SECITEM_CopyItem(NULL, secItem, &nssAltName->name.other);
if (rv != SECSuccess) {
PKIX_ERROR(PKIX_OUTOFMEMORY);
}
genName->other = secItem;
break;
default:
PKIX_ERROR(PKIX_NAMETYPENOTSUPPORTED);
}
*pGenName = genName;
cleanup:
PKIX_FREE(asciiName);
if (PKIX_ERROR_RECEIVED){
PKIX_DECREF(genName);
if (secItem){
PKIX_GENERALNAME_DEBUG
("\t\tCalling SECITEM_FreeItem).\n");
SECITEM_FreeItem(secItem, PR_TRUE);
secItem = NULL;
}
}
PKIX_RETURN(GENERALNAME);
}
