void CL_cssmGeneralNamesToNss(
const CE_GeneralNames &cdsaObj,
NSS_GeneralNames &nssObj,
SecNssCoder &coder)
{
uint32 numNames = cdsaObj.numNames;
nssObj.names = (CSSM_DATA **)clNssNullArray(numNames, coder);
/*
* Convert each element in cdsaObj to NSS form, encode, drop into
* the ASN_ANY array.
*
* This array of (NSS_GeneralName)s is temporary, it doesn't
* persist outside of this routine other than the fact that it's
* mallocd by the coder arena pool.
*/
NSS_GeneralName *names =
(NSS_GeneralName *)coder.malloc(sizeof(NSS_GeneralName) * numNames);
memset(names, 0, sizeof(NSS_GeneralName) * numNames);
for(unsigned dex=0; dex<cdsaObj.numNames; dex++) {
nssObj.names[dex] = (CSSM_DATA_PTR)coder.malloc(sizeof(CSSM_DATA));
memset(nssObj.names[dex], 0, sizeof(CSSM_DATA));
CL_cssmGeneralNameToNss(cdsaObj.generalName[dex],
names[dex], coder);
if(coder.encodeItem(&names[dex], kSecAsn1GeneralNameTemplate,
*nssObj.names[dex])) {
clErrorLog("***Error encoding General.name\n");
CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR);
}
}
}
void CL_cssmInfoAccessToNss(
const CE_AuthorityInfoAccess &cdsaObj,
NSS_AuthorityInfoAccess &nssObj,
SecNssCoder &coder)
{
memset(&nssObj, 0, sizeof(nssObj));
uint32 numDescs = cdsaObj.numAccessDescriptions;
nssObj.accessDescriptions = (NSS_AccessDescription **)clNssNullArray(numDescs, coder);
for(unsigned dex=0; dex<numDescs; dex++) {
nssObj.accessDescriptions[dex] = coder.mallocn<NSS_AccessDescription>();
CE_AccessDescription *src = &cdsaObj.accessDescriptions[dex];
NSS_AccessDescription *dst = nssObj.accessDescriptions[dex];
coder.allocCopyItem(src->accessMethod, dst->accessMethod);
/* Convert general name, then encode it into destination */
NSS_GeneralName nssGenName;
CL_cssmGeneralNameToNss(src->accessLocation, nssGenName, coder);
PRErrorCode prtn = coder.encodeItem(&nssGenName, kSecAsn1GeneralNameTemplate,
dst->encodedAccessLocation);
if(prtn) {
clErrorLog("CL_cssmInfoAccessToNss: encode error\n");
CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR);
}
}
}
void CL_cssmQualCertStatementsToNss(
const CE_QC_Statements &cdsaObj,
NSS_QC_Statements &nssObj,
SecNssCoder &coder)
{
memset(&nssObj, 0, sizeof(nssObj));
uint32 numQcs = cdsaObj.numQCStatements;
nssObj.qcStatements =
(NSS_QC_Statement **)clNssNullArray(numQcs, coder);
for(uint32 dex=0; dex<numQcs; dex++) {
nssObj.qcStatements[dex] = (NSS_QC_Statement *)
coder.malloc(sizeof(NSS_QC_Statement));
NSS_QC_Statement *dst = nssObj.qcStatements[dex];
CE_QC_Statement *src = &cdsaObj.qcStatements[dex];
memset(dst, 0, sizeof(*dst));
coder.allocCopyItem(src->statementId, dst->statementId);
if(src->semanticsInfo) {
if(src->otherInfo) {
/* this is either/or, not both */
CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER);
}
/* encode this CE_SemanticsInformation */
CE_SemanticsInformation *srcSI = src->semanticsInfo;
NSS_SemanticsInformation dstSI;
memset(&dstSI, 0, sizeof(dstSI));
if(srcSI->semanticsIdentifier) {
dstSI.semanticsIdentifier = (CSSM_DATA_PTR)coder.malloc(sizeof(CSSM_DATA));
coder.allocCopyItem(*srcSI->semanticsIdentifier,
*dstSI.semanticsIdentifier);
}
if(srcSI->nameRegistrationAuthorities) {
dstSI.nameRegistrationAuthorities =
(NSS_GeneralNames *)coder.malloc(sizeof(NSS_GeneralNames));
CL_cssmGeneralNamesToNss(*srcSI->nameRegistrationAuthorities,
*dstSI.nameRegistrationAuthorities, coder);
}
PRErrorCode prtn = coder.encodeItem(&dstSI, kSecAsn1SemanticsInformationTemplate,
dst->info);
if(prtn) {
clErrorLog("CL_cssmQualCertStatementsToNss: encode error\n");
CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR);
}
}
if(src->otherInfo) {
/* drop in as ASN_ANY */
coder.allocCopyItem(*src->otherInfo, dst->info);
}
}
}
void CL_encodeDistributionPointName(
CE_DistributionPointName &cpoint,
CSSM_DATA &npoint,
SecNssCoder &coder)
{
const SecAsn1Template *templ = NULL;
NSS_GeneralNames gnames;
NSS_RDN rdn;
void *encodeSrc = NULL;
/*
* Our job is to convert one of two incoming aggregate types
* into NSS format, then encode the result into npoint.
*/
switch(cpoint.nameType) {
case CE_CDNT_FullName:
CL_cssmGeneralNamesToNss(*cpoint.dpn.fullName,
gnames, coder);
encodeSrc = &gnames;
templ = kSecAsn1DistPointFullNameTemplate;
break;
case CE_CDNT_NameRelativeToCrlIssuer:
CL_cssmRdnToNss(*cpoint.dpn.rdn, rdn, coder);
encodeSrc = &rdn;
templ = kSecAsn1DistPointRDNTemplate;
break;
default:
clErrorLog("CL_encodeDistributionPointName: bad nameType\n");
CssmError::throwMe(CSSMERR_CL_UNKNOWN_TAG);
}
if(coder.encodeItem(encodeSrc, templ, npoint)) {
clErrorLog("CL_encodeDistributionPointName: encode error\n");
CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR);
}
}
void CL_cssmGeneralNameToNss(
CE_GeneralName &cdsaObj,
NSS_GeneralName &nssObj, // actually an NSSTaggedItem
SecNssCoder &coder) // for temp decoding
{
memset(&nssObj, 0, sizeof(nssObj));
/*
* The default here is just to use the app-supplied data as is...
*/
nssObj.item = cdsaObj.name;
unsigned char itemTag; // for nssObj.tag
bool doCopy = false; // unless we have to modify tag byte
unsigned char overrideTag; // to force context-specific tag for
// an ASN_ANY
PRErrorCode prtn;
switch(cdsaObj.nameType) {
case GNT_OtherName:
/*
* Caller supplies an CE_OtherName. Encode it.
*/
if((cdsaObj.name.Length != sizeof(CE_OtherName)) ||
(cdsaObj.name.Data == NULL)) {
clErrorLog("CL_cssmGeneralNameToNss: OtherName.Length"
" error\n");
CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
}
prtn = coder.encodeItem(cdsaObj.name.Data,
kSecAsn1OtherNameTemplate, nssObj.item);
if(prtn) {
clErrorLog("CL_cssmGeneralNameToNss: OtherName encode"
" error\n");
CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR);
}
itemTag = NGT_OtherName;
break;
case GNT_RFC822Name: // IA5String
itemTag = NGT_RFC822Name;
break;
case GNT_DNSName: // IA5String
itemTag = NGT_DNSName;
break;
case GNT_X400Address: // caller's resposibility
/*
* Encoded as ASN_ANY, the only thing we do is to
* force the correct context-specific tag
*/
itemTag = GNT_X400Address;
if(!cdsaObj.berEncoded) {
clErrorLog("CL_cssmGeneralNameToNss: X400Address must"
" be BER-encoded\n");
CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
}
overrideTag = SEC_ASN1_CONTEXT_SPECIFIC |
SEC_ASN1_CONSTRUCTED | NGT_X400Address;
doCopy = true;
break;
case GNT_DirectoryName:
{
/*
* Caller supplies an CSSM_X509_NAME. Convert to NSS
* format and encode it.
*/
if((cdsaObj.name.Length != sizeof(CSSM_X509_NAME)) ||
(cdsaObj.name.Data == NULL)) {
clErrorLog("CL_cssmGeneralNameToNss: DirectoryName.Length"
" error\n");
CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
}
NSS_Name nssName;
CSSM_X509_NAME_PTR cdsaName =
(CSSM_X509_NAME_PTR)cdsaObj.name.Data;
CL_cssmNameToNss(*cdsaName, nssName, coder);
prtn = coder.encodeItem(&nssName,
kSecAsn1NameTemplate, nssObj.item);
if(prtn) {
clErrorLog("CL_cssmGeneralNameToNss: X509Name encode"
" error\n");
CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR);
}
itemTag = GNT_DirectoryName;
/*
* AND, munge the tag to make it a context-specific
* sequence
* no, not needed, this is wrapped in an explicit...
*/
//nssObj.item.Data[0] = SEC_ASN1_CONTEXT_SPECIFIC |
// SEC_ASN1_CONSTRUCTED | GNT_DirectoryName;
break;
}
case GNT_EdiPartyName: // caller's resposibility
/*
* Encoded as ASN_ANY, the only thing we do is to
* force the correct context-specific tag
*/
itemTag = GNT_EdiPartyName;
if(!cdsaObj.berEncoded) {
clErrorLog("CL_cssmGeneralNameToNss: EdiPartyName must"
" be BER-encoded\n");
CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
}
overrideTag = SEC_ASN1_CONTEXT_SPECIFIC | NGT_X400Address;
doCopy = true;
break;
case GNT_URI: // IA5String
itemTag = GNT_URI;
break;
case GNT_IPAddress: // OCTET_STRING
itemTag = NGT_IPAddress;
break;
case GNT_RegisteredID: // OID
itemTag = NGT_RegisteredID;
break;
default:
clErrorLog("CL_cssmGeneralNameToNss: bad name tag\n");
CssmError::throwMe(CSSMERR_CL_UNKNOWN_TAG);
}
if(doCopy) {
coder.allocCopyItem(cdsaObj.name, nssObj.item);
nssObj.item.Data[0] = overrideTag;
}
nssObj.tag = itemTag;
}