CERTGeneralName * CERT_DecodeAltNameExtension(PRArenaPool *reqArena, SECItem *EncodedAltName) { SECStatus rv = SECSuccess; CERTAltNameEncodedContext encodedContext; SECItem* newEncodedAltName; if (!reqArena) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } newEncodedAltName = SECITEM_ArenaDupItem(reqArena, EncodedAltName); if (!newEncodedAltName) { return NULL; } encodedContext.encodedGenName = NULL; PORT_Memset(&encodedContext, 0, sizeof(CERTAltNameEncodedContext)); rv = SEC_QuickDERDecodeItem (reqArena, &encodedContext, CERT_GeneralNamesTemplate, newEncodedAltName); if (rv == SECFailure) { goto loser; } if (encodedContext.encodedGenName && encodedContext.encodedGenName[0]) return cert_DecodeGeneralNames(reqArena, encodedContext.encodedGenName); /* Extension contained an empty GeneralNames sequence */ /* Treat as extension not found */ PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND); loser: return NULL; }
CERTAuthKeyID * CERT_DecodeAuthKeyID (PLArenaPool *arena, const SECItem *encodedValue) { CERTAuthKeyID * value = NULL; SECStatus rv = SECFailure; void * mark; SECItem newEncodedValue; PORT_Assert (arena); do { mark = PORT_ArenaMark (arena); value = (CERTAuthKeyID*)PORT_ArenaZAlloc (arena, sizeof (*value)); if (value == NULL) break; value->DERAuthCertIssuer = NULL; /* copy the DER into the arena, since Quick DER returns data that points into the DER input, which may get freed by the caller */ rv = SECITEM_CopyItem(arena, &newEncodedValue, encodedValue); if ( rv != SECSuccess ) { break; } rv = SEC_QuickDERDecodeItem (arena, value, CERTAuthKeyIDTemplate, &newEncodedValue); if (rv != SECSuccess) break; value->authCertIssuer = cert_DecodeGeneralNames (arena, value->DERAuthCertIssuer); if (value->authCertIssuer == NULL) break; /* what if the general name contains other format but not URI ? hl */ if ((value->authCertSerialNumber.data && !value->authCertIssuer) || (!value->authCertSerialNumber.data && value->authCertIssuer)){ PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID); break; } } while (0); if (rv != SECSuccess) { PORT_ArenaRelease (arena, mark); return ((CERTAuthKeyID *)NULL); } PORT_ArenaUnmark(arena, mark); return (value); }
CERTCrlDistributionPoints * CERT_DecodeCRLDistributionPoints (PLArenaPool *arena, SECItem *encodedValue) { CERTCrlDistributionPoints *value = NULL; CRLDistributionPoint **pointList, *point; SECStatus rv = SECSuccess; SECItem newEncodedValue; PORT_Assert (arena); do { value = PORT_ArenaZNew(arena, CERTCrlDistributionPoints); if (value == NULL) { rv = SECFailure; break; } /* copy the DER into the arena, since Quick DER returns data that points into the DER input, which may get freed by the caller */ rv = SECITEM_CopyItem(arena, &newEncodedValue, encodedValue); if (rv != SECSuccess) break; rv = SEC_QuickDERDecodeItem(arena, &value->distPoints, CERTCRLDistributionPointsTemplate, &newEncodedValue); if (rv != SECSuccess) break; pointList = value->distPoints; while (NULL != (point = *pointList)) { /* get the data if the distributionPointName is not omitted */ if (point->derDistPoint.data != NULL) { rv = SEC_QuickDERDecodeItem(arena, point, DistributionPointNameTemplate, &(point->derDistPoint)); if (rv != SECSuccess) break; switch (point->distPointType) { case generalName: point->distPoint.fullName = cert_DecodeGeneralNames(arena, point->derFullName); rv = point->distPoint.fullName ? SECSuccess : SECFailure; break; case relativeDistinguishedName: break; default: PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID); rv = SECFailure; break; } /* end switch */ if (rv != SECSuccess) break; } /* end if */ /* Get the reason code if it's not omitted in the encoding */ if (point->bitsmap.data != NULL) { SECItem bitsmap = point->bitsmap; DER_ConvertBitString(&bitsmap); rv = SECITEM_CopyItem(arena, &point->reasons, &bitsmap); if (rv != SECSuccess) break; } /* Get the crl issuer name if it's not omitted in the encoding */ if (point->derCrlIssuer != NULL) { point->crlIssuer = cert_DecodeGeneralNames(arena, point->derCrlIssuer); if (!point->crlIssuer) break; } ++pointList; } /* end while points remain */ } while (0); return (rv == SECSuccess ? value : NULL); }