void CL_cssmGeneralNamesToNss(
const CE_GeneralNames &cdsaObj,
NSS_GeneralNames &nssObj,
SecNssCoder &coder)
{
uint32 numNames = cdsaObj.numNames;
nssObj.names = (CSSM_DATA **)clNssNullArray(numNames, coder);
/*
* Convert each element in cdsaObj to NSS form, encode, drop into
* the ASN_ANY array.
*
* This array of (NSS_GeneralName)s is temporary, it doesn't
* persist outside of this routine other than the fact that it's
* mallocd by the coder arena pool.
*/
NSS_GeneralName *names =
(NSS_GeneralName *)coder.malloc(sizeof(NSS_GeneralName) * numNames);
memset(names, 0, sizeof(NSS_GeneralName) * numNames);
for(unsigned dex=0; dex<cdsaObj.numNames; dex++) {
nssObj.names[dex] = (CSSM_DATA_PTR)coder.malloc(sizeof(CSSM_DATA));
memset(nssObj.names[dex], 0, sizeof(CSSM_DATA));
CL_cssmGeneralNameToNss(cdsaObj.generalName[dex],
names[dex], coder);
if(coder.encodeItem(&names[dex], kSecAsn1GeneralNameTemplate,
*nssObj.names[dex])) {
clErrorLog("***Error encoding General.name\n");
CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR);
}
}
}
void CL_cssmQualCertStatementsToNss(
const CE_QC_Statements &cdsaObj,
NSS_QC_Statements &nssObj,
SecNssCoder &coder)
{
memset(&nssObj, 0, sizeof(nssObj));
uint32 numQcs = cdsaObj.numQCStatements;
nssObj.qcStatements =
(NSS_QC_Statement **)clNssNullArray(numQcs, coder);
for(uint32 dex=0; dex<numQcs; dex++) {
nssObj.qcStatements[dex] = (NSS_QC_Statement *)
coder.malloc(sizeof(NSS_QC_Statement));
NSS_QC_Statement *dst = nssObj.qcStatements[dex];
CE_QC_Statement *src = &cdsaObj.qcStatements[dex];
memset(dst, 0, sizeof(*dst));
coder.allocCopyItem(src->statementId, dst->statementId);
if(src->semanticsInfo) {
if(src->otherInfo) {
/* this is either/or, not both */
CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER);
}
/* encode this CE_SemanticsInformation */
CE_SemanticsInformation *srcSI = src->semanticsInfo;
NSS_SemanticsInformation dstSI;
memset(&dstSI, 0, sizeof(dstSI));
if(srcSI->semanticsIdentifier) {
dstSI.semanticsIdentifier = (CSSM_DATA_PTR)coder.malloc(sizeof(CSSM_DATA));
coder.allocCopyItem(*srcSI->semanticsIdentifier,
*dstSI.semanticsIdentifier);
}
if(srcSI->nameRegistrationAuthorities) {
dstSI.nameRegistrationAuthorities =
(NSS_GeneralNames *)coder.malloc(sizeof(NSS_GeneralNames));
CL_cssmGeneralNamesToNss(*srcSI->nameRegistrationAuthorities,
*dstSI.nameRegistrationAuthorities, coder);
}
PRErrorCode prtn = coder.encodeItem(&dstSI, kSecAsn1SemanticsInformationTemplate,
dst->info);
if(prtn) {
clErrorLog("CL_cssmQualCertStatementsToNss: encode error\n");
CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR);
}
}
if(src->otherInfo) {
/* drop in as ASN_ANY */
coder.allocCopyItem(*src->otherInfo, dst->info);
}
}
}
DecodedExten::DecodedExten(
const CSSM_OID &extnId, // copied
bool critical,
void *nssObj, // NSS_KeyUsage, NSS_BasicConstraints,
// etc. NOT COPIED, exists in same
// memory space as coder
bool berEncoded, // indicates unknown extension which we
// do not BER-decode when parsing a cert
const SecAsn1Template *templ, // to decode/encode if !berEncoded
SecNssCoder &coder, // all local allocs from here
const CSSM_DATA *rawExtn) // NSS_CertExtension.value, copied to
// mRawExtn
: mCritical(critical),
mNssObj(nssObj),
mBerEncoded(berEncoded),
mTempl(templ),
mCoder(coder),
mRawExtn(NULL)
{
coder.allocCopyItem(extnId, mExtnId);
if(rawExtn) {
mRawExtn = (CSSM_DATA *)coder.malloc(sizeof(CSSM_DATA));
coder.allocCopyItem(*rawExtn, *mRawExtn);
}
}
void CL_cssmDistPointsToNss(
const CE_CRLDistPointsSyntax &cdsaObj,
NSS_CRLDistributionPoints &nssObj,
SecNssCoder &coder)
{
memset(&nssObj, 0, sizeof(nssObj));
unsigned numPoints = cdsaObj.numDistPoints;
if(numPoints == 0) {
return;
}
nssObj.distPoints =
(NSS_DistributionPoint **)clNssNullArray(numPoints, coder);
for(unsigned dex=0; dex<numPoints; dex++) {
nssObj.distPoints[dex] = (NSS_DistributionPoint *)
coder.malloc(sizeof(NSS_DistributionPoint));
NSS_DistributionPoint *npoint = nssObj.distPoints[dex];
memset(npoint, 0, sizeof(NSS_DistributionPoint));
CE_CRLDistributionPoint *cpoint = &cdsaObj.distPoints[dex];
/* all fields are optional */
if(cpoint->distPointName) {
/* encode and drop into ASN_ANY slot */
npoint->distPointName = (CSSM_DATA *)
coder.malloc(sizeof(CSSM_DATA));
CL_encodeDistributionPointName(*cpoint->distPointName,
*npoint->distPointName, coder);
}
if(cpoint->reasonsPresent) {
/* bit string, presumed max length 8 bits */
coder.allocItem(npoint->reasons, 1);
npoint->reasons.Data[0] = cpoint->reasons;
/* adjust for bit string length */
npoint->reasons.Length = 8;
}
if(cpoint->crlIssuer) {
CL_cssmGeneralNamesToNss(*cpoint->crlIssuer,
npoint->crlIssuer, coder);
}
}
}
/* CSSM_X509_RDN --> NSS_RDN */
void CL_cssmRdnToNss(
const CSSM_X509_RDN &cssmObj,
NSS_RDN &nssObj,
SecNssCoder &coder)
{
memset(&nssObj, 0, sizeof(nssObj));
/* alloc NULL-terminated array of ATV pointers */
unsigned numAtvs = cssmObj.numberOfPairs;
unsigned size = (numAtvs + 1) * sizeof(void *);
nssObj.atvs = (NSS_ATV **)coder.malloc(size);
memset(nssObj.atvs, 0, size);
/* grind thru the elements */
for(unsigned atvDex=0; atvDex<numAtvs; atvDex++) {
nssObj.atvs[atvDex] = (NSS_ATV *)coder.malloc(sizeof(NSS_ATV));
CL_cssmAtvToNss(cssmObj.AttributeTypeAndValue[atvDex],
*nssObj.atvs[atvDex], coder);
}
}
/* CSSM_X509_NAME --> NSS_Name */
void CL_cssmNameToNss(
const CSSM_X509_NAME &cssmObj,
NSS_Name &nssObj,
SecNssCoder &coder)
{
memset(&nssObj, 0, sizeof(nssObj));
/* alloc NULL-terminated array of RDN pointers */
unsigned numRdns = cssmObj.numberOfRDNs;
nssObj.rdns = (NSS_RDN **)clNssNullArray(numRdns, coder);
/* grind thru the elements */
for(unsigned rdnDex=0; rdnDex<numRdns; rdnDex++) {
nssObj.rdns[rdnDex] = (NSS_RDN *)coder.malloc(sizeof(NSS_RDN));
CL_cssmRdnToNss(cssmObj.RelativeDistinguishedName[rdnDex],
*nssObj.rdns[rdnDex], coder);
}
}
void CL_cssmAuthorityKeyIdToNss(
const CE_AuthorityKeyID &cdsaObj,
NSS_AuthorityKeyId &nssObj,
SecNssCoder &coder)
{
memset(&nssObj, 0, sizeof(nssObj));
if(cdsaObj.keyIdentifierPresent) {
nssObj.keyIdentifier = (CSSM_DATA_PTR)coder.malloc(sizeof(CSSM_DATA));
coder.allocCopyItem(cdsaObj.keyIdentifier, *nssObj.keyIdentifier);
}
if(cdsaObj.generalNamesPresent ) {
/* GeneralNames, the hard one */
CL_cssmGeneralNamesToNss(*cdsaObj.generalNames,
nssObj.genNames, coder);
}
if(cdsaObj.serialNumberPresent) {
coder.allocCopyItem(cdsaObj.serialNumber,nssObj.serialNumber);
}
}
void CL_nssGeneralNamesToCssm(
const NSS_GeneralNames &nssObj,
CE_GeneralNames &cdsaObj,
SecNssCoder &coder, // for temp decoding
Allocator &alloc) // destination
{
memset(&cdsaObj, 0, sizeof(cdsaObj));
unsigned numNames = clNssArraySize((const void **)nssObj.names);
if(numNames == 0) {
return;
}
/*
* Decode each name element, currently a raw ASN_ANY blob.
* Then convert each result into CDSA form.
* This array of (NSS_GeneralName)s is temporary, it doesn't
* persist outside of this routine other than the fact that it's
* mallocd by the coder arena pool.
*/
NSS_GeneralName *names =
(NSS_GeneralName *)coder.malloc(sizeof(NSS_GeneralName) * numNames);
memset(names, 0, sizeof(NSS_GeneralName) * numNames);
cdsaObj.generalName = (CE_GeneralName *)alloc.malloc(
sizeof(CE_GeneralName) * numNames);
cdsaObj.numNames = numNames;
for(unsigned dex=0; dex<numNames; dex++) {
if(coder.decodeItem(*nssObj.names[dex], kSecAsn1GeneralNameTemplate,
&names[dex])) {
clErrorLog("***CL_nssGeneralNamesToCssm: Error decoding "
"General.name\n");
CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
}
CL_nssGeneralNameToCssm(names[dex],
cdsaObj.generalName[dex],
coder, alloc);
}
}
void CL_nssGeneralNameToCssm(
NSS_GeneralName &nssObj,
CE_GeneralName &cdsaObj,
SecNssCoder &coder, // for temp decoding
Allocator &alloc) // destination
{
memset(&cdsaObj, 0, sizeof(cdsaObj));
PRErrorCode prtn;
/* for caller's CE_GeneralName */
CSSM_BOOL berEncoded = CSSM_FALSE;
CE_GeneralNameType cdsaTag;
/*
* At this point, depending on the decoded object's tag, we either
* have the final bytes to copy out, or we need to decode further.
* After this switch, if doCopy is true, give the caller a copy
* of nssObj.item.
*/
bool doCopy = true;
switch(nssObj.tag) {
case NGT_OtherName: // ASN_ANY -> CE_OtherName
{
cdsaTag = GNT_OtherName;
/* decode to coder memory */
CE_OtherName *nssOther =
(CE_OtherName *)coder.malloc(sizeof(CE_OtherName));
memset(nssOther, 0, sizeof(CE_OtherName));
prtn = coder.decodeItem(nssObj.item,
kSecAsn1GenNameOtherNameTemplate,
nssOther);
if(prtn) {
clErrorLog("CL_nssGeneralNameToCssm: error decoding "
"OtherName\n");
CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
}
/* copy out to caller */
clAllocData(alloc, cdsaObj.name, sizeof(CE_OtherName));
clCopyOtherName(*nssOther, *((CE_OtherName *)cdsaObj.name.Data),
alloc);
doCopy = false;
break;
}
case NGT_RFC822Name: // IA5String, done
cdsaTag = GNT_RFC822Name;
break;
case NGT_DNSName: // IA5String
cdsaTag = GNT_DNSName;
break;
case NGT_X400Address: // ASY_ANY, leave alone
cdsaTag = GNT_X400Address;
berEncoded = CSSM_TRUE;
break;
case NGT_DirectoryName: // ASN_ANY --> NSS_Name
{
cdsaTag = GNT_DirectoryName;
/* Decode to coder memory */
NSS_Name *nssName = (NSS_Name *)coder.malloc(sizeof(NSS_Name));
memset(nssName, 0, sizeof(NSS_Name));
prtn = coder.decodeItem(nssObj.item, kSecAsn1NameTemplate, nssName);
if(prtn) {
clErrorLog("CL_nssGeneralNameToCssm: error decoding "
"NSS_Name\n");
CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
}
/* convert & copy out to caller */
clAllocData(alloc, cdsaObj.name, sizeof(CSSM_X509_NAME));
CL_nssNameToCssm(*nssName,
*((CSSM_X509_NAME *)cdsaObj.name.Data), alloc);
doCopy = false;
break;
}
case NGT_EdiPartyName: // ASN_ANY, leave alone
cdsaTag = GNT_EdiPartyName;
berEncoded = CSSM_TRUE;
break;
case NGT_URI: // IA5String
cdsaTag = GNT_URI;
break;
case NGT_IPAddress: // OCTET_STRING
cdsaTag = GNT_IPAddress;
break;
case NGT_RegisteredID: // OID
cdsaTag = GNT_RegisteredID;
break;
default:
clErrorLog("CL_nssGeneralNameToCssm: bad name tag\n");
CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
}
cdsaObj.nameType = cdsaTag;
cdsaObj.berEncoded = berEncoded;
if(doCopy) {
clAllocCopyData(alloc, nssObj.item, cdsaObj.name);
}
}