// Find the first policy OID that is known to be an EV policy OID. SECStatus GetFirstEVPolicy(CERTCertificate* cert, /*out*/ mozilla::pkix::CertPolicyId& policy, /*out*/ SECOidTag& policyOidTag) { if (!cert) { PR_SetError(SEC_ERROR_INVALID_ARGS, 0); return SECFailure; } if (cert->extensions) { for (int i=0; cert->extensions[i]; i++) { const SECItem* oid = &cert->extensions[i]->id; SECOidTag oidTag = SECOID_FindOIDTag(oid); if (oidTag != SEC_OID_X509_CERTIFICATE_POLICIES) continue; SECItem* value = &cert->extensions[i]->value; CERTCertificatePolicies* policies; CERTPolicyInfo** policyInfos; policies = CERT_DecodeCertificatePoliciesExtension(value); if (!policies) continue; policyInfos = policies->policyInfos; bool found = false; while (*policyInfos) { const CERTPolicyInfo* policyInfo = *policyInfos++; SECOidTag oid_tag = policyInfo->oid; if (oid_tag != SEC_OID_UNKNOWN && isEVPolicy(oid_tag)) { const SECOidData* oidData = SECOID_FindOIDByTag(oid_tag); PR_ASSERT(oidData); PR_ASSERT(oidData->oid.data); PR_ASSERT(oidData->oid.len > 0); PR_ASSERT(oidData->oid.len <= mozilla::pkix::CertPolicyId::MAX_BYTES); if (oidData && oidData->oid.data && oidData->oid.len > 0 && oidData->oid.len <= mozilla::pkix::CertPolicyId::MAX_BYTES) { policy.numBytes = static_cast<uint16_t>(oidData->oid.len); memcpy(policy.bytes, oidData->oid.data, policy.numBytes); policyOidTag = oid_tag; found = true; } break; } } CERT_DestroyCertificatePoliciesExtension(policies); if (found) { return SECSuccess; } } } PR_SetError(SEC_ERROR_POLICY_VALIDATION_FAILED, 0); return SECFailure; }
// Find the first policy OID that is known to be an EV policy OID. SECStatus GetFirstEVPolicy(CERTCertificate* cert, SECOidTag& outOidTag) { if (!cert) return SECFailure; if (cert->extensions) { for (int i=0; cert->extensions[i]; i++) { const SECItem* oid = &cert->extensions[i]->id; SECOidTag oidTag = SECOID_FindOIDTag(oid); if (oidTag != SEC_OID_X509_CERTIFICATE_POLICIES) continue; SECItem* value = &cert->extensions[i]->value; CERTCertificatePolicies* policies; CERTPolicyInfo** policyInfos; policies = CERT_DecodeCertificatePoliciesExtension(value); if (!policies) continue; policyInfos = policies->policyInfos; bool found = false; while (*policyInfos) { const CERTPolicyInfo* policyInfo = *policyInfos++; SECOidTag oid_tag = policyInfo->oid; if (oid_tag != SEC_OID_UNKNOWN && isEVPolicy(oid_tag)) { // in our list of OIDs accepted for EV outOidTag = oid_tag; found = true; break; } } CERT_DestroyCertificatePoliciesExtension(policies); if (found) return SECSuccess; } } return SECFailure; }
// Find the first policy OID that is known to be an EV policy OID. static SECStatus getFirstEVPolicy(CERTCertificate *cert, SECOidTag &outOidTag) { if (!cert) return SECFailure; if (cert->extensions) { for (int i=0; cert->extensions[i] != nsnull; i++) { const SECItem *oid = &cert->extensions[i]->id; SECOidTag oidTag = SECOID_FindOIDTag(oid); if (oidTag != SEC_OID_X509_CERTIFICATE_POLICIES) continue; SECItem *value = &cert->extensions[i]->value; CERTCertificatePolicies *policies; CERTPolicyInfo **policyInfos, *policyInfo; policies = CERT_DecodeCertificatePoliciesExtension(value); if (!policies) continue; policyInfos = policies->policyInfos; while (*policyInfos != NULL) { policyInfo = *policyInfos++; SECOidTag oid_tag = SECOID_FindOIDTag(&policyInfo->policyID); if (oid_tag == SEC_OID_UNKNOWN) // not in our list of OIDs accepted for EV continue; if (!isEVPolicy(oid_tag)) continue; outOidTag = oid_tag; return SECSuccess; } } } return SECFailure; }