void CL_certCrlDecodeComponents(
const CssmData &signedItem, // DER-encoded cert or CRL
CssmOwnedData &tbsBlob, // still DER-encoded
CssmOwnedData &algId, // ditto
CssmOwnedData &rawSig) // raw bits (not an encoded AsnBits)
{
/* BER-decode into temp memory */
NSS_SignedCertOrCRL nssObj;
SecNssCoder coder;
PRErrorCode prtn;
memset(&nssObj, 0, sizeof(nssObj));
prtn = coder.decode(signedItem.data(), signedItem.length(),
kSecAsn1SignedCertOrCRLTemplate, &nssObj);
if(prtn) {
CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
}
/* tbsBlob and algId are raw ASN_ANY including tags, which we pass
* back to caller intact */
tbsBlob.copy(nssObj.tbsBlob.Data, nssObj.tbsBlob.Length);
algId.copy(nssObj.signatureAlgorithm.Data,
nssObj.signatureAlgorithm.Length);
/* signature is a bit string which we do in fact decode */
rawSig.copy(nssObj.signature.Data,
(nssObj.signature.Length + 7) / 8);
}
