void CL_certCrlDecodeComponents( const CssmData &signedItem, // DER-encoded cert or CRL CssmOwnedData &tbsBlob, // still DER-encoded CssmOwnedData &algId, // ditto CssmOwnedData &rawSig) // raw bits (not an encoded AsnBits) { /* BER-decode into temp memory */ NSS_SignedCertOrCRL nssObj; SecNssCoder coder; PRErrorCode prtn; memset(&nssObj, 0, sizeof(nssObj)); prtn = coder.decode(signedItem.data(), signedItem.length(), kSecAsn1SignedCertOrCRLTemplate, &nssObj); if(prtn) { CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); } /* tbsBlob and algId are raw ASN_ANY including tags, which we pass * back to caller intact */ tbsBlob.copy(nssObj.tbsBlob.Data, nssObj.tbsBlob.Length); algId.copy(nssObj.signatureAlgorithm.Data, nssObj.signatureAlgorithm.Length); /* signature is a bit string which we do in fact decode */ rawSig.copy(nssObj.signature.Data, (nssObj.signature.Length + 7) / 8); }