void
SECU_PrintPolicy(FILE *out, SECItem *value, char *msg, int level)
{
CERTCertificatePolicies *policies = NULL;
CERTPolicyInfo **policyInfos;
if (msg) {
SECU_Indent(out, level);
fprintf(out,"%s: \n",msg);
level++;
}
policies = secu_DecodeCertificatePoliciesExtension(value);
if (policies == NULL) {
SECU_PrintAny(out, value, "Invalid Policy Data", level);
return;
}
policyInfos = policies->policyInfos;
while (policyInfos && *policyInfos != NULL) {
secu_PrintPolicyInfo(out,*policyInfos,"",level);
policyInfos++;
}
CERT_DestroyCertificatePoliciesExtension(policies);
}
// Find the first policy OID that is known to be an EV policy OID.
SECStatus
GetFirstEVPolicy(CERTCertificate* cert,
/*out*/ mozilla::pkix::CertPolicyId& policy,
/*out*/ SECOidTag& policyOidTag)
{
if (!cert) {
PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
return SECFailure;
}
if (cert->extensions) {
for (int i=0; cert->extensions[i]; i++) {
const SECItem* oid = &cert->extensions[i]->id;
SECOidTag oidTag = SECOID_FindOIDTag(oid);
if (oidTag != SEC_OID_X509_CERTIFICATE_POLICIES)
continue;
SECItem* value = &cert->extensions[i]->value;
CERTCertificatePolicies* policies;
CERTPolicyInfo** policyInfos;
policies = CERT_DecodeCertificatePoliciesExtension(value);
if (!policies)
continue;
policyInfos = policies->policyInfos;
bool found = false;
while (*policyInfos) {
const CERTPolicyInfo* policyInfo = *policyInfos++;
SECOidTag oid_tag = policyInfo->oid;
if (oid_tag != SEC_OID_UNKNOWN && isEVPolicy(oid_tag)) {
const SECOidData* oidData = SECOID_FindOIDByTag(oid_tag);
PR_ASSERT(oidData);
PR_ASSERT(oidData->oid.data);
PR_ASSERT(oidData->oid.len > 0);
PR_ASSERT(oidData->oid.len <= mozilla::pkix::CertPolicyId::MAX_BYTES);
if (oidData && oidData->oid.data && oidData->oid.len > 0 &&
oidData->oid.len <= mozilla::pkix::CertPolicyId::MAX_BYTES) {
policy.numBytes = static_cast<uint16_t>(oidData->oid.len);
memcpy(policy.bytes, oidData->oid.data, policy.numBytes);
policyOidTag = oid_tag;
found = true;
}
break;
}
}
CERT_DestroyCertificatePoliciesExtension(policies);
if (found) {
return SECSuccess;
}
}
}
PR_SetError(SEC_ERROR_POLICY_VALIDATION_FAILED, 0);
return SECFailure;
}
// Find the first policy OID that is known to be an EV policy OID.
SECStatus
GetFirstEVPolicy(CERTCertificate* cert, SECOidTag& outOidTag)
{
if (!cert)
return SECFailure;
if (cert->extensions) {
for (int i=0; cert->extensions[i]; i++) {
const SECItem* oid = &cert->extensions[i]->id;
SECOidTag oidTag = SECOID_FindOIDTag(oid);
if (oidTag != SEC_OID_X509_CERTIFICATE_POLICIES)
continue;
SECItem* value = &cert->extensions[i]->value;
CERTCertificatePolicies* policies;
CERTPolicyInfo** policyInfos;
policies = CERT_DecodeCertificatePoliciesExtension(value);
if (!policies)
continue;
policyInfos = policies->policyInfos;
bool found = false;
while (*policyInfos) {
const CERTPolicyInfo* policyInfo = *policyInfos++;
SECOidTag oid_tag = policyInfo->oid;
if (oid_tag != SEC_OID_UNKNOWN && isEVPolicy(oid_tag)) {
// in our list of OIDs accepted for EV
outOidTag = oid_tag;
found = true;
break;
}
}
CERT_DestroyCertificatePoliciesExtension(policies);
if (found)
return SECSuccess;
}
}
return SECFailure;
}
char *
CERT_GetCertCommentString(CERTCertificate *cert)
{
char *retstring = NULL;
SECStatus rv;
SECItem policyItem;
CERTCertificatePolicies *policies = NULL;
CERTPolicyInfo **policyInfos;
CERTPolicyQualifier **policyQualifiers, *qualifier;
policyItem.data = NULL;
rv = CERT_FindCertExtension(cert, SEC_OID_X509_CERTIFICATE_POLICIES,
&policyItem);
if ( rv != SECSuccess ) {
goto nopolicy;
}
policies = CERT_DecodeCertificatePoliciesExtension(&policyItem);
if ( policies == NULL ) {
goto nopolicy;
}
policyInfos = policies->policyInfos;
/* search through policyInfos looking for the verisign policy */
while (*policyInfos != NULL ) {
if ( (*policyInfos)->oid == SEC_OID_VERISIGN_USER_NOTICES ) {
policyQualifiers = (*policyInfos)->policyQualifiers;
/* search through the policy qualifiers looking for user notice */
while ( policyQualifiers != NULL && *policyQualifiers != NULL ) {
qualifier = *policyQualifiers;
if ( qualifier->oid == SEC_OID_PKIX_USER_NOTICE_QUALIFIER ) {
retstring =
stringFromUserNotice(&qualifier->qualifierValue);
break;
}
policyQualifiers++;
}
break;
}
policyInfos++;
}
nopolicy:
if ( policyItem.data != NULL ) {
PORT_Free(policyItem.data);
}
if ( policies != NULL ) {
CERT_DestroyCertificatePoliciesExtension(policies);
}
if ( retstring == NULL ) {
retstring = CERT_FindNSStringExtension(cert,
SEC_OID_NS_CERT_EXT_COMMENT);
}
if ( retstring != NULL ) {
breakLines(retstring);
}
return(retstring);
}
