ocspCertStatus*
ocsp_CreateCertStatus(PLArenaPool *arena,
ocspCertStatusType status,
PRTime revocationTime)
{
ocspCertStatus *cs;
if (!arena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
switch (status) {
case ocspCertStatus_good:
case ocspCertStatus_unknown:
case ocspCertStatus_revoked:
break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
cs = PORT_ArenaZNew(arena, ocspCertStatus);
if (!cs)
return NULL;
cs->certStatusType = status;
switch (status) {
case ocspCertStatus_good:
cs->certStatusInfo.goodInfo = SECITEM_AllocItem(arena, NULL, 0);
if (!cs->certStatusInfo.goodInfo)
return NULL;
break;
case ocspCertStatus_unknown:
cs->certStatusInfo.unknownInfo = SECITEM_AllocItem(arena, NULL, 0);
if (!cs->certStatusInfo.unknownInfo)
return NULL;
break;
case ocspCertStatus_revoked:
cs->certStatusInfo.revokedInfo =
PORT_ArenaZNew(arena, ocspRevokedInfo);
if (!cs->certStatusInfo.revokedInfo)
return NULL;
cs->certStatusInfo.revokedInfo->revocationReason =
SECITEM_AllocItem(arena, NULL, 0);
if (!cs->certStatusInfo.revokedInfo->revocationReason)
return NULL;
if (DER_TimeToGeneralizedTimeArena(arena,
&cs->certStatusInfo.revokedInfo->revocationTime,
revocationTime) != SECSuccess)
return NULL;
break;
default:
PORT_Assert(PR_FALSE);
}
return cs;
}
SECStatus
crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp,
SECAlgorithmID *srcAlgId,
SECAlgorithmID **destAlgId)
{
SECAlgorithmID *newAlgId;
SECStatus rv;
newAlgId = (poolp != NULL) ? PORT_ArenaZNew(poolp, SECAlgorithmID) :
PORT_ZNew(SECAlgorithmID);
if (newAlgId == NULL) {
return SECFailure;
}
rv = SECOID_CopyAlgorithmID(poolp, newAlgId, srcAlgId);
if (rv != SECSuccess) {
if (!poolp) {
SECOID_DestroyAlgorithmID(newAlgId, PR_TRUE);
}
return rv;
}
*destAlgId = newAlgId;
return rv;
}
SECKEYPublicKey*
CreateECPublicKey(const SECItem* aKeyData, const nsString& aNamedCurve)
{
ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
if (!arena) {
return nullptr;
}
SECKEYPublicKey* key = PORT_ArenaZNew(arena, SECKEYPublicKey);
if (!key) {
return nullptr;
}
key->keyType = ecKey;
key->pkcs11Slot = nullptr;
key->pkcs11ID = CK_INVALID_HANDLE;
// Create curve parameters.
SECItem* params = CreateECParamsForCurve(aNamedCurve, arena);
if (!params) {
return nullptr;
}
key->u.ec.DEREncodedParams = *params;
// Set public point.
key->u.ec.publicValue = *aKeyData;
// Ensure the given point is on the curve.
if (!CryptoKey::PublicKeyValid(key)) {
return nullptr;
}
return SECKEY_CopyPublicKey(key);
}
static SECStatus
cmmf_CopyCertOrEncCert(PLArenaPool *poolp, CMMFCertOrEncCert *dest,
CMMFCertOrEncCert *src)
{
SECStatus rv = SECSuccess;
CRMFEncryptedValue *encVal;
dest->choice = src->choice;
rv = cmmf_copy_secitem(poolp, &dest->derValue, &src->derValue);
switch (src->choice) {
case cmmfCertificate:
dest->cert.certificate = CERT_DupCertificate(src->cert.certificate);
break;
case cmmfEncryptedCert:
encVal = (poolp == NULL) ? PORT_ZNew(CRMFEncryptedValue) :
PORT_ArenaZNew(poolp, CRMFEncryptedValue);
if (encVal == NULL) {
return SECFailure;
}
rv = crmf_copy_encryptedvalue(poolp, src->cert.encryptedCert, encVal);
if (rv != SECSuccess) {
if (!poolp) {
crmf_destroy_encrypted_value(encVal, PR_TRUE);
}
return rv;
}
dest->cert.encryptedCert = encVal;
break;
default:
rv = SECFailure;
}
return rv;
}
SECStatus
PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *derPKI,
SECItem *nickname, SECItem *publicValue, PRBool isPerm,
PRBool isPrivate, unsigned int keyUsage, SECKEYPrivateKey** privk,
void *wincx)
{
SECKEYPrivateKeyInfo *pki = NULL;
PRArenaPool *temparena = NULL;
SECStatus rv = SECFailure;
temparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!temparena)
return rv;
pki = PORT_ArenaZNew(temparena, SECKEYPrivateKeyInfo);
if (!pki) {
PORT_FreeArena(temparena, PR_FALSE);
return rv;
}
pki->arena = temparena;
rv = SEC_ASN1DecodeItem(pki->arena, pki, SECKEY_PrivateKeyInfoTemplate,
derPKI);
if( rv != SECSuccess ) {
goto finish;
}
rv = PK11_ImportPrivateKeyInfoAndReturnKey(slot, pki, nickname,
publicValue, isPerm, isPrivate, keyUsage, privk, wincx);
finish:
/* this zeroes the key and frees the arena */
SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE /*freeit*/);
return rv;
}
SECKEYPublicKey*
CryptoKey::PublicDhKeyFromRaw(CryptoBuffer& aKeyData,
const CryptoBuffer& aPrime,
const CryptoBuffer& aGenerator,
const nsNSSShutDownPreventionLock& /*proofOfLock*/)
{
ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
if (!arena) {
return nullptr;
}
SECKEYPublicKey* key = PORT_ArenaZNew(arena, SECKEYPublicKey);
if (!key) {
return nullptr;
}
key->keyType = dhKey;
key->pkcs11Slot = nullptr;
key->pkcs11ID = CK_INVALID_HANDLE;
// Set DH public key params.
if (!aPrime.ToSECItem(arena, &key->u.dh.prime) ||
!aGenerator.ToSECItem(arena, &key->u.dh.base) ||
!aKeyData.ToSECItem(arena, &key->u.dh.publicValue)) {
return nullptr;
}
key->u.dh.prime.type = siUnsignedInteger;
key->u.dh.base.type = siUnsignedInteger;
key->u.dh.publicValue.type = siUnsignedInteger;
return SECKEY_CopyPublicKey(key);
}
SECStatus
crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest,
CERTName *src)
{
CERTName *newName;
SECStatus rv;
void *mark;
mark = PORT_ArenaMark(poolp);
*dest = newName = PORT_ArenaZNew(poolp, CERTName);
if (newName == NULL) {
goto loser;
}
rv = CERT_CopyName(poolp, newName, src);
if (rv != SECSuccess) {
goto loser;
}
PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
loser:
PORT_ArenaRelease(poolp, mark);
*dest = NULL;
return SECFailure;
}
CERTPrivKeyUsagePeriod *
CERT_DecodePrivKeyUsagePeriodExtension(PLArenaPool *arena, SECItem *extnValue)
{
SECStatus rv;
CERTPrivKeyUsagePeriod *pPeriod;
SECItem newExtnValue;
/* allocate the certificate policies structure */
pPeriod = PORT_ArenaZNew(arena, CERTPrivKeyUsagePeriod);
if ( pPeriod == NULL ) {
goto loser;
}
pPeriod->arena = arena;
/* copy the DER into the arena, since Quick DER returns data that points
into the DER input, which may get freed by the caller */
rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
if ( rv != SECSuccess ) {
goto loser;
}
rv = SEC_QuickDERDecodeItem(arena, pPeriod,
CERTPrivateKeyUsagePeriodTemplate,
&newExtnValue);
if ( rv != SECSuccess ) {
goto loser;
}
return pPeriod;
loser:
return NULL;
}
SECStatus
crmf_template_copy_secalg (PLArenaPool *poolp, SECAlgorithmID **dest,
SECAlgorithmID* src)
{
SECStatus rv;
void *mark = NULL;
SECAlgorithmID *mySecAlg;
if (!poolp) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
mark = PORT_ArenaMark(poolp);
*dest = mySecAlg = PORT_ArenaZNew(poolp, SECAlgorithmID);
if (mySecAlg == NULL) {
goto loser;
}
rv = SECOID_CopyAlgorithmID(poolp, mySecAlg, src);
if (rv != SECSuccess) {
goto loser;
}
if (mark) {
PORT_ArenaUnmark(poolp, mark);
}
return SECSuccess;
loser:
*dest = NULL;
if (mark) {
PORT_ArenaRelease(poolp, mark);
}
return SECFailure;
}
SECStatus
crmf_template_add_public_key(PLArenaPool *poolp,
CERTSubjectPublicKeyInfo **dest,
CERTSubjectPublicKeyInfo *pubKey)
{
CERTSubjectPublicKeyInfo *spki;
SECStatus rv;
*dest = spki = (poolp == NULL) ?
PORT_ZNew(CERTSubjectPublicKeyInfo) :
PORT_ArenaZNew (poolp, CERTSubjectPublicKeyInfo);
if (spki == NULL) {
goto loser;
}
rv = SECKEY_CopySubjectPublicKeyInfo (poolp, spki, pubKey);
if (rv != SECSuccess) {
goto loser;
}
return SECSuccess;
loser:
if (poolp == NULL && spki != NULL) {
SECKEY_DestroySubjectPublicKeyInfo(spki);
}
*dest = NULL;
return SECFailure;
}
CRMFCertRequest *
CRMF_CreateCertRequest (PRUint32 inRequestID)
{
PLArenaPool *poolp;
CRMFCertRequest *certReq;
SECStatus rv;
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
if (poolp == NULL) {
goto loser;
}
certReq=PORT_ArenaZNew(poolp,CRMFCertRequest);
if (certReq == NULL) {
goto loser;
}
certReq->poolp = poolp;
certReq->requestID = inRequestID;
rv = crmf_encode_unsigned_integer(poolp, &(certReq->certReqId),
inRequestID);
if (rv != SECSuccess) {
goto loser;
}
return certReq;
loser:
if (poolp) {
PORT_FreeArena(poolp, PR_FALSE);
}
return NULL;
}
SECStatus
cmmf_CopyCertifiedKeyPair(PLArenaPool *poolp, CMMFCertifiedKeyPair *dest,
CMMFCertifiedKeyPair *src)
{
SECStatus rv;
rv = cmmf_CopyCertOrEncCert(poolp, &dest->certOrEncCert,
&src->certOrEncCert);
if (rv != SECSuccess) {
return rv;
}
if (src->privateKey != NULL) {
CRMFEncryptedValue *encVal;
encVal = (poolp == NULL) ? PORT_ZNew(CRMFEncryptedValue) :
PORT_ArenaZNew(poolp, CRMFEncryptedValue);
if (encVal == NULL) {
return SECFailure;
}
rv = crmf_copy_encryptedvalue(poolp, src->privateKey,
encVal);
if (rv != SECSuccess) {
if (!poolp) {
crmf_destroy_encrypted_value(encVal, PR_TRUE);
}
return rv;
}
dest->privateKey = encVal;
}
rv = cmmf_copy_secitem(poolp, &dest->derPublicationInfo,
&src->derPublicationInfo);
return rv;
}
CMMFPOPODecKeyRespContent*
CMMF_CreatePOPODecKeyRespContentFromDER(const char *buf, long len)
{
PRArenaPool *poolp;
CMMFPOPODecKeyRespContent *decKeyResp;
SECStatus rv;
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
if (poolp == NULL) {
return NULL;
}
decKeyResp = PORT_ArenaZNew(poolp, CMMFPOPODecKeyRespContent);
if (decKeyResp == NULL) {
goto loser;
}
decKeyResp->poolp = poolp;
rv = SEC_ASN1Decode(poolp, decKeyResp, CMMFPOPODecKeyRespContentTemplate,
buf, len);
if (rv != SECSuccess) {
goto loser;
}
return decKeyResp;
loser:
if (poolp != NULL) {
PORT_FreeArena(poolp, PR_FALSE);
}
return NULL;
}
/*
* NSS_CMSEncryptedData_Create - create an empty encryptedData object.
*
* "algorithm" specifies the bulk encryption algorithm to use.
* "keysize" is the key size.
*
* An error results in a return value of NULL and an error set.
* (Retrieve specific errors via PORT_GetError()/XP_GetError().)
*/
NSSCMSEncryptedData *
NSS_CMSEncryptedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm,
int keysize)
{
void *mark;
NSSCMSEncryptedData *encd;
PLArenaPool *poolp;
SECAlgorithmID *pbe_algid;
SECStatus rv;
poolp = cmsg->poolp;
mark = PORT_ArenaMark(poolp);
encd = PORT_ArenaZNew(poolp, NSSCMSEncryptedData);
if (encd == NULL)
goto loser;
encd->cmsg = cmsg;
/* version is set in NSS_CMSEncryptedData_Encode_BeforeStart() */
if (!SEC_PKCS5IsAlgorithmPBEAlgTag(algorithm)) {
rv = NSS_CMSContentInfo_SetContentEncAlg(poolp, &(encd->contentInfo),
algorithm, NULL, keysize);
} else {
/* Assume password-based-encryption.
* Note: we can't generate pkcs5v2 from this interface.
* PK11_CreateBPEAlgorithmID generates pkcs5v2 by accepting
* non-PBE oids and assuming that they are pkcs5v2 oids, but
* NSS_CMSEncryptedData_Create accepts non-PBE oids as regular
* CMS encrypted data, so we can't tell NSS_CMS_EncryptedData_Create
* to create pkcs5v2 PBEs */
pbe_algid = PK11_CreatePBEAlgorithmID(algorithm, 1, NULL);
if (pbe_algid == NULL) {
rv = SECFailure;
} else {
rv = NSS_CMSContentInfo_SetContentEncAlgID(poolp,
&(encd->contentInfo),
pbe_algid, keysize);
SECOID_DestroyAlgorithmID(pbe_algid, PR_TRUE);
}
}
if (rv != SECSuccess)
goto loser;
PORT_ArenaUnmark(poolp, mark);
return encd;
loser:
PORT_ArenaRelease(poolp, mark);
return NULL;
}
CERTDistNames *
CERT_DistNamesFromCertList(CERTCertList *certList)
{
CERTDistNames *dnames = NULL;
PLArenaPool *arena;
CERTCertListNode *node = NULL;
SECItem *names = NULL;
int listLen = 0, i = 0;
if (certList == NULL) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
node = CERT_LIST_HEAD(certList);
while (!CERT_LIST_END(node, certList)) {
listLen += 1;
node = CERT_LIST_NEXT(node);
}
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL)
goto loser;
dnames = PORT_ArenaZNew(arena, CERTDistNames);
if (dnames == NULL)
goto loser;
dnames->arena = arena;
dnames->nnames = listLen;
dnames->names = names = PORT_ArenaZNewArray(arena, SECItem, listLen);
if (names == NULL)
goto loser;
node = CERT_LIST_HEAD(certList);
while (!CERT_LIST_END(node, certList)) {
CERTCertificate *cert = node->cert;
SECStatus rv = SECITEM_CopyItem(arena, &names[i++], &cert->derSubject);
if (rv == SECFailure) {
goto loser;
}
node = CERT_LIST_NEXT(node);
}
return dnames;
loser:
if (arena) {
PORT_FreeArena(arena, PR_FALSE);
}
return NULL;
}
static CRMFProofOfPossession *
crmf_copy_pop(PLArenaPool *poolp, CRMFProofOfPossession *srcPOP)
{
CRMFProofOfPossession *newPOP;
SECStatus rv;
/*
* Proof Of Possession structures are always part of the Request
* message, so there will always be an arena for allocating memory.
*/
if (poolp == NULL) {
return NULL;
}
newPOP = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
if (newPOP == NULL) {
return NULL;
}
switch (srcPOP->popUsed) {
case crmfRAVerified:
newPOP->popChoice.raVerified.data = NULL;
newPOP->popChoice.raVerified.len = 0;
break;
case crmfSignature:
rv = crmf_copy_poposigningkey(poolp, &srcPOP->popChoice.signature,
&newPOP->popChoice.signature);
if (rv != SECSuccess) {
goto loser;
}
break;
case crmfKeyEncipherment:
case crmfKeyAgreement:
/* We've got a union, so a pointer to one, is a pointer to the
* other one.
*/
rv = crmf_copy_popoprivkey(poolp, &srcPOP->popChoice.keyEncipherment,
&newPOP->popChoice.keyEncipherment);
if (rv != SECSuccess) {
goto loser;
}
break;
default:
goto loser;
}
newPOP->popUsed = srcPOP->popUsed;
return newPOP;
loser:
return NULL;
}
static SECStatus
cmmf_create_first_challenge(CMMFPOPODecKeyChallContent *challContent,
long inRandom,
SECItem *senderDER,
SECKEYPublicKey *inPubKey,
void *passwdArg)
{
SECOidData *oidData;
CMMFChallenge *challenge;
SECAlgorithmID *algId;
PRArenaPool *poolp;
SECStatus rv;
oidData = SECOID_FindOIDByTag(SEC_OID_SHA1);
if (oidData == NULL) {
return SECFailure;
}
poolp = challContent->poolp;
challenge = PORT_ArenaZNew(poolp, CMMFChallenge);
if (challenge == NULL) {
return SECFailure;
}
algId = challenge->owf = PORT_ArenaZNew(poolp, SECAlgorithmID);
if (algId == NULL) {
return SECFailure;
}
rv = SECITEM_CopyItem(poolp, &algId->algorithm, &oidData->oid);
if (rv != SECSuccess) {
return SECFailure;
}
rv = cmmf_create_witness_and_challenge(poolp, challenge, inRandom,
senderDER, inPubKey, passwdArg);
challContent->challenges[0] = (rv == SECSuccess) ? challenge : NULL;
challContent->numChallenges++;
return rv ;
}
static SECStatus
crmf_add_new_control(CRMFCertRequest *inCertReq,SECOidTag inTag,
CRMFControl **destControl)
{
SECOidData *oidData;
SECStatus rv;
PRArenaPool *poolp;
int numControls = 0;
CRMFControl *newControl;
CRMFControl **controls;
void *mark;
poolp = inCertReq->poolp;
if (poolp == NULL) {
return SECFailure;
}
mark = PORT_ArenaMark(poolp);
if (inCertReq->controls != NULL) {
while (inCertReq->controls[numControls] != NULL)
numControls++;
}
rv = crmf_modify_control_array(inCertReq, numControls);
if (rv != SECSuccess) {
goto loser;
}
controls = inCertReq->controls;
oidData = SECOID_FindOIDByTag(inTag);
newControl = *destControl = PORT_ArenaZNew(poolp,CRMFControl);
if (newControl == NULL) {
goto loser;
}
rv = SECITEM_CopyItem(poolp, &newControl->derTag, &oidData->oid);
if (rv != SECSuccess) {
goto loser;
}
newControl->tag = inTag;
controls[numControls] = newControl;
controls[numControls+1] = NULL;
PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
loser:
PORT_ArenaRelease(poolp, mark);
*destControl = NULL;
return SECFailure;
}
SECStatus
PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *derPKI,
SECItem *nickname, SECItem *publicValue,
PRBool isPerm, PRBool isPrivate, unsigned int keyUsage,
SECKEYPrivateKey **privk, void *wincx)
{
SECKEYPrivateKeyInfo *pki = NULL;
PLArenaPool *temparena = NULL;
SECStatus rv = SECFailure;
temparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!temparena)
return rv;
pki = PORT_ArenaZNew(temparena, SECKEYPrivateKeyInfo);
if (!pki) {
PORT_FreeArena(temparena, PR_FALSE);
return rv;
}
pki->arena = temparena;
rv = SEC_ASN1DecodeItem(pki->arena, pki, SECKEY_PrivateKeyInfoTemplate,
derPKI);
if (rv != SECSuccess) {
/* If SEC_ASN1DecodeItem fails, we cannot assume anything about the
* validity of the data in pki. The best we can do is free the arena
* and return. */
PORT_FreeArena(temparena, PR_TRUE);
return rv;
}
if (pki->privateKey.data == NULL) {
/* If SEC_ASN1DecodeItems succeeds but SECKEYPrivateKeyInfo.privateKey
* is a zero-length octet string, free the arena and return a failure
* to avoid trying to zero the corresponding SECItem in
* SECKEY_DestroyPrivateKeyInfo(). */
PORT_FreeArena(temparena, PR_TRUE);
PORT_SetError(SEC_ERROR_BAD_KEY);
return SECFailure;
}
rv = PK11_ImportPrivateKeyInfoAndReturnKey(slot, pki, nickname,
publicValue, isPerm, isPrivate,
keyUsage, privk, wincx);
/* this zeroes the key and frees the arena */
SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE /*freeit*/);
return rv;
}
SECStatus
CMMF_CertRepContentSetCertResponses(CMMFCertRepContent *inCertRepContent,
CMMFCertResponse **inCertResponses,
int inNumResponses)
{
PLArenaPool *poolp;
CMMFCertResponse **respArr, *newResp;
void *mark;
SECStatus rv;
int i;
PORT_Assert(inCertRepContent != NULL &&
inCertResponses != NULL &&
inNumResponses > 0);
if (inCertRepContent == NULL ||
inCertResponses == NULL ||
inCertRepContent->response != NULL) {
return SECFailure;
}
poolp = inCertRepContent->poolp;
mark = PORT_ArenaMark(poolp);
respArr = inCertRepContent->response =
PORT_ArenaZNewArray(poolp, CMMFCertResponse *, (inNumResponses + 1));
if (respArr == NULL) {
goto loser;
}
for (i = 0; i < inNumResponses; i++) {
newResp = PORT_ArenaZNew(poolp, CMMFCertResponse);
if (newResp == NULL) {
goto loser;
}
rv = cmmf_CopyCertResponse(poolp, newResp, inCertResponses[i]);
if (rv != SECSuccess) {
goto loser;
}
respArr[i] = newResp;
}
respArr[inNumResponses] = NULL;
PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
loser:
PORT_ArenaRelease(poolp, mark);
return SECFailure;
}
CMMFPOPODecKeyChallContent*
CMMF_CreatePOPODecKeyChallContent (void)
{
PRArenaPool *poolp;
CMMFPOPODecKeyChallContent *challContent;
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
if (poolp == NULL) {
return NULL;
}
challContent = PORT_ArenaZNew(poolp, CMMFPOPODecKeyChallContent);
if (challContent == NULL) {
PORT_FreeArena(poolp, PR_FALSE);
return NULL;
}
challContent->poolp = poolp;
return challContent;
}
static CERTOCSPSingleResponse*
ocsp_CreateSingleResponse(PLArenaPool *arena,
CERTOCSPCertID *id, ocspCertStatus *status,
PRTime thisUpdate, const PRTime *nextUpdate)
{
CERTOCSPSingleResponse *sr;
if (!arena || !id || !status) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
sr = PORT_ArenaZNew(arena, CERTOCSPSingleResponse);
if (!sr)
return NULL;
sr->arena = arena;
sr->certID = id;
sr->certStatus = status;
if (DER_TimeToGeneralizedTimeArena(arena, &sr->thisUpdate, thisUpdate)
!= SECSuccess)
return NULL;
sr->nextUpdate = NULL;
if (nextUpdate) {
sr->nextUpdate = SECITEM_AllocItem(arena, NULL, 0);
if (!sr->nextUpdate)
return NULL;
if (DER_TimeToGeneralizedTimeArena(arena, sr->nextUpdate, *nextUpdate)
!= SECSuccess)
return NULL;
}
sr->singleExtensions = PORT_ArenaNewArray(arena, CERTCertExtension*, 1);
if (!sr->singleExtensions)
return NULL;
sr->singleExtensions[0] = NULL;
if (!SEC_ASN1EncodeItem(arena, &sr->derCertStatus,
status, ocsp_CertStatusTemplate))
return NULL;
return sr;
}
CERTAVA *
CERT_CreateAVAFromRaw(PRArenaPool *pool, const SECItem * OID,
const SECItem * value)
{
CERTAVA *ava;
int rv;
ava = PORT_ArenaZNew(pool, CERTAVA);
if (ava) {
rv = SECITEM_CopyItem(pool, &ava->type, OID);
if (rv)
return NULL;
rv = SECITEM_CopyItem(pool, &ava->value, value);
if (rv)
return NULL;
}
return ava;
}
/* return a new public key for NSS */
static SECKEYPublicKey* nss_key_create(KeyType ktype)
{
SECKEYPublicKey* key;
PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if(!arena) {
log_err("out of memory, PORT_NewArena failed");
return NULL;
}
key = PORT_ArenaZNew(arena, SECKEYPublicKey);
if(!key) {
log_err("out of memory, PORT_ArenaZNew failed");
PORT_FreeArena(arena, PR_FALSE);
return NULL;
}
key->arena = arena;
key->keyType = ktype;
key->pkcs11Slot = NULL;
key->pkcs11ID = CK_INVALID_HANDLE;
return key;
}
CMMFKeyRecRepContent*
CMMF_CreateKeyRecRepContentFromDER(CERTCertDBHandle *db, const char *buf,
long len)
{
PRArenaPool *poolp;
CMMFKeyRecRepContent *keyRecContent;
SECStatus rv;
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
if (poolp == NULL) {
return NULL;
}
keyRecContent = PORT_ArenaZNew(poolp, CMMFKeyRecRepContent);
if (keyRecContent == NULL) {
goto loser;
}
keyRecContent->poolp = poolp;
rv = SEC_ASN1Decode(poolp, keyRecContent, CMMFKeyRecRepContentTemplate,
buf, len);
if (rv != SECSuccess) {
goto loser;
}
if (keyRecContent->keyPairHist != NULL) {
while(keyRecContent->keyPairHist[keyRecContent->numKeyPairs] != NULL) {
rv = cmmf_decode_process_certified_key_pair(poolp, db,
keyRecContent->keyPairHist[keyRecContent->numKeyPairs]);
if (rv != SECSuccess) {
goto loser;
}
keyRecContent->numKeyPairs++;
}
keyRecContent->allocKeyPairs = keyRecContent->numKeyPairs;
}
keyRecContent->isDecoded = PR_TRUE;
return keyRecContent;
loser:
if (poolp != NULL) {
PORT_FreeArena(poolp, PR_FALSE);
}
return NULL;
}
CERTDistNames *
CERT_DistNamesFromNicknames(CERTCertDBHandle *handle, char **nicknames,
int nnames)
{
CERTDistNames *dnames = NULL;
PLArenaPool *arena;
int i, rv;
SECItem *names = NULL;
CERTCertificate *cert = NULL;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL)
goto loser;
dnames = PORT_ArenaZNew(arena, CERTDistNames);
if (dnames == NULL)
goto loser;
dnames->arena = arena;
dnames->nnames = nnames;
dnames->names = names = PORT_ArenaZNewArray(arena, SECItem, nnames);
if (names == NULL)
goto loser;
for (i = 0; i < nnames; i++) {
cert = CERT_FindCertByNicknameOrEmailAddr(handle, nicknames[i]);
if (cert == NULL)
goto loser;
rv = SECITEM_CopyItem(arena, &names[i], &cert->derSubject);
if (rv == SECFailure)
goto loser;
CERT_DestroyCertificate(cert);
}
return dnames;
loser:
if (cert != NULL)
CERT_DestroyCertificate(cert);
if (arena != NULL)
PORT_FreeArena(arena, PR_FALSE);
return NULL;
}
static SECStatus
crmf_copy_poposigningkey(PLArenaPool *poolp,
CRMFPOPOSigningKey *inPopoSignKey,
CRMFPOPOSigningKey *destPopoSignKey)
{
SECStatus rv;
/* We don't support use of the POPOSigningKeyInput, so we'll only
* store away the DER encoding.
*/
if (inPopoSignKey->derInput.data != NULL) {
rv = SECITEM_CopyItem(poolp, &destPopoSignKey->derInput,
&inPopoSignKey->derInput);
}
destPopoSignKey->algorithmIdentifier = (poolp == NULL) ?
PORT_ZNew(SECAlgorithmID)
:
PORT_ArenaZNew(poolp, SECAlgorithmID);
if (destPopoSignKey->algorithmIdentifier == NULL) {
goto loser;
}
rv = SECOID_CopyAlgorithmID(poolp, destPopoSignKey->algorithmIdentifier,
inPopoSignKey->algorithmIdentifier);
if (rv != SECSuccess) {
goto loser;
}
rv = crmf_make_bitstring_copy(poolp, &destPopoSignKey->signature,
&inPopoSignKey->signature);
if (rv != SECSuccess) {
goto loser;
}
return SECSuccess;
loser:
if (poolp == NULL) {
CRMF_DestroyPOPOSigningKey(destPopoSignKey);
}
return SECFailure;
}
static SECItem *
crmf_decode_params(SECItem *inParams)
{
SECItem *params;
SECStatus rv = SECFailure;
PLArenaPool *poolp;
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
if (poolp == NULL) {
return NULL;
}
params = PORT_ArenaZNew(poolp, SECItem);
if (params) {
rv = SEC_ASN1DecodeItem(poolp, params,
SEC_ASN1_GET(SEC_OctetStringTemplate),
inParams);
}
params = (rv == SECSuccess) ? SECITEM_ArenaDupItem(NULL, params) : NULL;
PORT_FreeArena(poolp, PR_FALSE);
return params;
}
CMMFCertRepContent *
CMMF_CreateCertRepContent(void)
{
CMMFCertRepContent *retCertRep;
PLArenaPool *poolp;
poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
if (poolp == NULL) {
goto loser;
}
retCertRep = PORT_ArenaZNew(poolp, CMMFCertRepContent);
if (retCertRep == NULL) {
goto loser;
}
retCertRep->poolp = poolp;
return retCertRep;
loser:
if (poolp != NULL) {
PORT_FreeArena(poolp, PR_FALSE);
}
return NULL;
}
static SECStatus
crmf_template_add_validity (PLArenaPool *poolp, CRMFOptionalValidity **dest,
CRMFValidityCreationInfo *info)
{
SECStatus rv;
void *mark;
CRMFOptionalValidity *myValidity;
/*First off, let's make sure at least one of the two fields is present*/
if (!info || (!info->notBefore && !info->notAfter)) {
return SECFailure;
}
mark = PORT_ArenaMark (poolp);
*dest = myValidity = PORT_ArenaZNew(poolp, CRMFOptionalValidity);
if (myValidity == NULL) {
goto loser;
}
if (info->notBefore) {
rv = DER_EncodeTimeChoice (poolp, &myValidity->notBefore,
*info->notBefore);
if (rv != SECSuccess) {
goto loser;
}
}
if (info->notAfter) {
rv = DER_EncodeTimeChoice (poolp, &myValidity->notAfter,
*info->notAfter);
if (rv != SECSuccess) {
goto loser;
}
}
PORT_ArenaUnmark(poolp, mark);
return SECSuccess;
loser:
PORT_ArenaRelease(poolp, mark);
*dest = NULL;
return SECFailure;
}
