static int
nsslowcert_GetValidityFields(unsigned char *buf,int buf_length,
SECItem *notBefore, SECItem *notAfter)
{
unsigned char tagtype;
notBefore->data = nsslowcert_dataStart(buf,buf_length,
¬Before->len,PR_FALSE, &tagtype);
if (notBefore->data == NULL) return SECFailure;
SetTimeType(notBefore, tagtype);
buf_length -= (notBefore->data-buf) + notBefore->len;
buf = notBefore->data + notBefore->len;
notAfter->data = nsslowcert_dataStart(buf,buf_length,
¬After->len,PR_FALSE, &tagtype);
if (notAfter->data == NULL) return SECFailure;
SetTimeType(notAfter, tagtype);
return SECSuccess;
}
static int
nsslowcert_GetCertFields(unsigned char *cert,int cert_length,
SECItem *issuer, SECItem *serial, SECItem *derSN, SECItem *subject,
SECItem *valid, SECItem *subjkey, SECItem *extensions)
{
unsigned char *buf;
unsigned int buf_length;
unsigned char *dummy;
unsigned int dummylen;
/* get past the signature wrap */
buf = nsslowcert_dataStart(cert,cert_length,&buf_length,PR_FALSE, NULL);
if (buf == NULL) return SECFailure;
/* get into the raw cert data */
buf = nsslowcert_dataStart(buf,buf_length,&buf_length,PR_FALSE, NULL);
if (buf == NULL) return SECFailure;
/* skip past any optional version number */
if ((buf[0] & 0xa0) == 0xa0) {
dummy = nsslowcert_dataStart(buf,buf_length,&dummylen,PR_FALSE, NULL);
if (dummy == NULL) return SECFailure;
buf_length -= (dummy-buf) + dummylen;
buf = dummy + dummylen;
}
/* serial number */
if (derSN) {
derSN->data=nsslowcert_dataStart(buf,buf_length,&derSN->len,PR_TRUE, NULL);
}
serial->data = nsslowcert_dataStart(buf,buf_length,&serial->len,PR_FALSE, NULL);
if (serial->data == NULL) return SECFailure;
buf_length -= (serial->data-buf) + serial->len;
buf = serial->data + serial->len;
/* skip the OID */
dummy = nsslowcert_dataStart(buf,buf_length,&dummylen,PR_FALSE, NULL);
if (dummy == NULL) return SECFailure;
buf_length -= (dummy-buf) + dummylen;
buf = dummy + dummylen;
/* issuer */
issuer->data = nsslowcert_dataStart(buf,buf_length,&issuer->len,PR_TRUE, NULL);
if (issuer->data == NULL) return SECFailure;
buf_length -= (issuer->data-buf) + issuer->len;
buf = issuer->data + issuer->len;
/* only wanted issuer/SN */
if (valid == NULL) {
return SECSuccess;
}
/* validity */
valid->data = nsslowcert_dataStart(buf,buf_length,&valid->len,PR_FALSE, NULL);
if (valid->data == NULL) return SECFailure;
buf_length -= (valid->data-buf) + valid->len;
buf = valid->data + valid->len;
/*subject */
subject->data=nsslowcert_dataStart(buf,buf_length,&subject->len,PR_TRUE, NULL);
if (subject->data == NULL) return SECFailure;
buf_length -= (subject->data-buf) + subject->len;
buf = subject->data + subject->len;
/* subject key info */
subjkey->data=nsslowcert_dataStart(buf,buf_length,&subjkey->len,PR_TRUE, NULL);
if (subjkey->data == NULL) return SECFailure;
buf_length -= (subjkey->data-buf) + subjkey->len;
buf = subjkey->data + subjkey->len;
extensions->data = NULL;
extensions->len = 0;
while (buf_length > 0) {
/* EXTENSIONS */
if (buf[0] == 0xa3) {
extensions->data = nsslowcert_dataStart(buf,buf_length,
&extensions->len, PR_FALSE, NULL);
break;
}
dummy = nsslowcert_dataStart(buf,buf_length,&dummylen,PR_FALSE,NULL);
if (dummy == NULL) return SECFailure;
buf_length -= (dummy - buf) + dummylen;
buf = dummy + dummylen;
}
return SECSuccess;
}
static int
nsslowcert_GetCertFields(unsigned char *cert, int cert_length,
SECItem *issuer, SECItem *serial, SECItem *derSN, SECItem *subject,
SECItem *valid, SECItem *subjkey, SECItem *extensions)
{
unsigned char *buf;
unsigned int buf_length;
unsigned char *dummy;
unsigned int dummylen;
/* get past the signature wrap */
buf = nsslowcert_dataStart(cert, cert_length, &buf_length, PR_FALSE, NULL);
if (buf == NULL)
return SECFailure;
/* get into the raw cert data */
buf = nsslowcert_dataStart(buf, buf_length, &buf_length, PR_FALSE, NULL);
if (buf == NULL)
return SECFailure;
/* skip past any optional version number */
if ((buf[0] & 0xa0) == 0xa0) {
dummy = nsslowcert_dataStart(buf, buf_length, &dummylen, PR_FALSE, NULL);
if (dummy == NULL)
return SECFailure;
buf_length -= (dummy - buf) + dummylen;
buf = dummy + dummylen;
}
/* serial number */
if (derSN) {
derSN->data = nsslowcert_dataStart(buf, buf_length, &derSN->len, PR_TRUE, NULL);
/* derSN->data doesn't need to be checked because if it fails so will
* serial->data below. The only difference between the two calls is
* whether or not the tags are included in the returned buffer */
}
serial->data = nsslowcert_dataStart(buf, buf_length, &serial->len, PR_FALSE, NULL);
if (serial->data == NULL)
return SECFailure;
buf_length -= (serial->data - buf) + serial->len;
buf = serial->data + serial->len;
/* skip the OID */
dummy = nsslowcert_dataStart(buf, buf_length, &dummylen, PR_FALSE, NULL);
if (dummy == NULL)
return SECFailure;
buf_length -= (dummy - buf) + dummylen;
buf = dummy + dummylen;
/* issuer */
issuer->data = nsslowcert_dataStart(buf, buf_length, &issuer->len, PR_TRUE, NULL);
if (issuer->data == NULL)
return SECFailure;
buf_length -= (issuer->data - buf) + issuer->len;
buf = issuer->data + issuer->len;
/* only wanted issuer/SN */
if (valid == NULL) {
return SECSuccess;
}
/* validity */
valid->data = nsslowcert_dataStart(buf, buf_length, &valid->len, PR_FALSE, NULL);
if (valid->data == NULL)
return SECFailure;
buf_length -= (valid->data - buf) + valid->len;
buf = valid->data + valid->len;
/*subject */
subject->data = nsslowcert_dataStart(buf, buf_length, &subject->len, PR_TRUE, NULL);
if (subject->data == NULL)
return SECFailure;
buf_length -= (subject->data - buf) + subject->len;
buf = subject->data + subject->len;
/* subject key info */
subjkey->data = nsslowcert_dataStart(buf, buf_length, &subjkey->len, PR_TRUE, NULL);
if (subjkey->data == NULL)
return SECFailure;
buf_length -= (subjkey->data - buf) + subjkey->len;
buf = subjkey->data + subjkey->len;
extensions->data = NULL;
extensions->len = 0;
while (buf_length > 0) {
/* EXTENSIONS */
if (buf[0] == 0xa3) {
extensions->data = nsslowcert_dataStart(buf, buf_length,
&extensions->len, PR_FALSE, NULL);
/* if the DER is bad, we should fail. Previously we accepted
* bad DER here and treated the extension as missin */
if (extensions->data == NULL ||
(extensions->data - buf) + extensions->len != buf_length)
return SECFailure;
buf = extensions->data;
buf_length = extensions->len;
/* now parse the SEQUENCE holding the extensions. */
dummy = nsslowcert_dataStart(buf, buf_length, &dummylen, PR_FALSE, NULL);
if (dummy == NULL ||
(dummy - buf) + dummylen != buf_length)
return SECFailure;
buf_length -= (dummy - buf);
buf = dummy;
/* Now parse the extensions inside this sequence */
}
dummy = nsslowcert_dataStart(buf, buf_length, &dummylen, PR_FALSE, NULL);
if (dummy == NULL)
return SECFailure;
buf_length -= (dummy - buf) + dummylen;
buf = dummy + dummylen;
}
return SECSuccess;
}
