Back to index

lightning-sunbird  0.9+nobinonly
Functions
certv3.c File Reference
#include "cert.h"
#include "secitem.h"
#include "secoid.h"
#include "secder.h"
#include "secasn1.h"
#include "certxutl.h"
#include "secerr.h"

Go to the source code of this file.

Functions

SECStatus CERT_FindCertExtensionByOID (CERTCertificate *cert, SECItem *oid, SECItem *value)
SECStatus CERT_FindCertExtension (CERTCertificate *cert, int tag, SECItem *value)
static void SetExts (void *object, CERTCertExtension **exts)
voidCERT_StartCertExtensions (CERTCertificate *cert)
SECStatus CERT_FindIssuerCertExtension (CERTCertificate *cert, int tag, SECItem *value)
char * CERT_FindCertURLExtension (CERTCertificate *cert, int tag, int catag)
SECStatus CERT_FindNSCertTypeExtension (CERTCertificate *cert, SECItem *retItem)
char * CERT_FindNSStringExtension (CERTCertificate *cert, int oidtag)
SECStatus CERT_FindKeyUsageExtension (CERTCertificate *cert, SECItem *retItem)
SECStatus CERT_FindSubjectKeyIDExtension (CERTCertificate *cert, SECItem *retItem)
SECStatus CERT_FindBasicConstraintExten (CERTCertificate *cert, CERTBasicConstraints *value)
CERTAuthKeyID * CERT_FindAuthKeyIDExten (PRArenaPool *arena, CERTCertificate *cert)
SECStatus CERT_CheckCertUsage (CERTCertificate *cert, unsigned char usage)

Function Documentation

SECStatus CERT_CheckCertUsage ( CERTCertificate *  cert,
unsigned char  usage 
)

Definition at line 374 of file certv3.c.

{
    SECItem keyUsage;
    SECStatus rv;

    /* There is no extension, v1 or v2 certificate */
    if (cert->extensions == NULL) {
       return (SECSuccess);
    }
    
    keyUsage.data = NULL;

    /* This code formerly ignored the Key Usage extension if it was
    ** marked non-critical.  That was wrong.  Since we do understand it,
    ** we are obligated to honor it, whether or not it is critical.
    */
    rv = CERT_FindKeyUsageExtension(cert, &keyUsage);
    if (rv == SECFailure) {
        rv = (PORT_GetError () == SEC_ERROR_EXTENSION_NOT_FOUND) ?
           SECSuccess : SECFailure;
    } else if (!(keyUsage.data[0] & usage)) {
       PORT_SetError (SEC_ERROR_CERT_USAGES_INVALID);
       rv = SECFailure;
    }
    PORT_Free (keyUsage.data);
    return (rv);
}

Here is the call graph for this function:

Here is the caller graph for this function:

CERTAuthKeyID* CERT_FindAuthKeyIDExten ( PRArenaPool arena,
CERTCertificate *  cert 
)

Definition at line 350 of file certv3.c.

{
    SECItem encodedExtenValue;
    SECStatus rv;
    CERTAuthKeyID *ret;
    
    encodedExtenValue.data = NULL;
    encodedExtenValue.len = 0;

    rv = cert_FindExtension(cert->extensions, SEC_OID_X509_AUTH_KEY_ID,
                         &encodedExtenValue);
    if ( rv != SECSuccess ) {
       return (NULL);
    }

    ret = CERT_DecodeAuthKeyID (arena, &encodedExtenValue);

    PORT_Free(encodedExtenValue.data);
    encodedExtenValue.data = NULL;
    
    return(ret);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus CERT_FindBasicConstraintExten ( CERTCertificate *  cert,
CERTBasicConstraints *  value 
)

Definition at line 325 of file certv3.c.

{
    SECItem encodedExtenValue;
    SECStatus rv;

    encodedExtenValue.data = NULL;
    encodedExtenValue.len = 0;

    rv = cert_FindExtension(cert->extensions, SEC_OID_X509_BASIC_CONSTRAINTS,
                         &encodedExtenValue);
    if ( rv != SECSuccess ) {
       return (rv);
    }

    rv = CERT_DecodeBasicConstraintValue (value, &encodedExtenValue);
    
    /* free the raw extension data */
    PORT_Free(encodedExtenValue.data);
    encodedExtenValue.data = NULL;
    
    return(rv);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus CERT_FindCertExtension ( CERTCertificate *  cert,
int  tag,
SECItem *  value 
)

Definition at line 60 of file certv3.c.

{
    return (cert_FindExtension (cert->extensions, tag, value));
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus CERT_FindCertExtensionByOID ( CERTCertificate *  cert,
SECItem *  oid,
SECItem *  value 
)

Definition at line 52 of file certv3.c.

{
    return (cert_FindExtensionByOID (cert->extensions, oid, value));
}

Here is the call graph for this function:

char* CERT_FindCertURLExtension ( CERTCertificate *  cert,
int  tag,
int  catag 
)

Definition at line 102 of file certv3.c.

{
    SECStatus rv;
    SECItem urlitem;
    SECItem baseitem;
    SECItem urlstringitem = {siBuffer,0};
    SECItem basestringitem = {siBuffer,0};
    PRArenaPool *arena = NULL;
    PRBool hasbase;
    char *urlstring;
    char *str;
    int len;
    unsigned int i;
    
    urlstring = NULL;

    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( ! arena ) {
       goto loser;
    }
    
    hasbase = PR_FALSE;
    urlitem.data = NULL;
    baseitem.data = NULL;
    
    rv = cert_FindExtension(cert->extensions, tag, &urlitem);
    if ( rv == SECSuccess ) {
       rv = cert_FindExtension(cert->extensions, SEC_OID_NS_CERT_EXT_BASE_URL,
                               &baseitem);
       if ( rv == SECSuccess ) {
           hasbase = PR_TRUE;
       }
       
    } else if ( catag ) {
       /* if the cert doesn't have the extensions, see if the issuer does */
       rv = CERT_FindIssuerCertExtension(cert, catag, &urlitem);
       if ( rv != SECSuccess ) {
           goto loser;
       }          
       rv = CERT_FindIssuerCertExtension(cert, SEC_OID_NS_CERT_EXT_BASE_URL,
                                    &baseitem);
       if ( rv == SECSuccess ) {
           hasbase = PR_TRUE;
       }
    } else {
       goto loser;
    }

    rv = SEC_QuickDERDecodeItem(arena, &urlstringitem, SEC_IA5StringTemplate, 
                         &urlitem);

    if ( rv != SECSuccess ) {
       goto loser;
    }
    if ( hasbase ) {
       rv = SEC_QuickDERDecodeItem(arena, &basestringitem, SEC_IA5StringTemplate,
                            &baseitem);

       if ( rv != SECSuccess ) {
           goto loser;
       }
    }
    
    len = urlstringitem.len + ( hasbase ? basestringitem.len : 0 ) + 1;
    
    str = urlstring = (char *)PORT_Alloc(len);
    if ( urlstring == NULL ) {
       goto loser;
    }
    
    /* copy the URL base first */
    if ( hasbase ) {

       /* if the urlstring has a : in it, then we assume it is an absolute
        * URL, and will not get the base string pre-pended
        */
       for ( i = 0; i < urlstringitem.len; i++ ) {
           if ( urlstringitem.data[i] == ':' ) {
              goto nobase;
           }
       }
       
       PORT_Memcpy(str, basestringitem.data, basestringitem.len);
       str += basestringitem.len;
       
    }

nobase:
    /* copy the rest (or all) of the URL */
    PORT_Memcpy(str, urlstringitem.data, urlstringitem.len);
    str += urlstringitem.len;
    
    *str = '\0';
    goto done;
    
loser:
    if ( urlstring ) {
       PORT_Free(urlstring);
    }
    
    urlstring = NULL;
done:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    if ( baseitem.data ) {
       PORT_Free(baseitem.data);
    }
    if ( urlitem.data ) {
       PORT_Free(urlitem.data);
    }

    return(urlstring);
}

Here is the call graph for this function:

SECStatus CERT_FindIssuerCertExtension ( CERTCertificate *  cert,
int  tag,
SECItem *  value 
)

Definition at line 82 of file certv3.c.

{
    CERTCertificate *issuercert;
    SECStatus rv;

    issuercert = CERT_FindCertByName(cert->dbhandle, &cert->derIssuer);
    if ( issuercert ) {
       rv = cert_FindExtension(issuercert->extensions, tag, value);
       CERT_DestroyCertificate(issuercert);
    } else {
       rv = SECFailure;
    }
    
    return(rv);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus CERT_FindKeyUsageExtension ( CERTCertificate *  cert,
SECItem *  retItem 
)

Definition at line 286 of file certv3.c.

{

    return (CERT_FindBitStringExtension(cert->extensions,
                                   SEC_OID_X509_KEY_USAGE, retItem));    
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus CERT_FindNSCertTypeExtension ( CERTCertificate *  cert,
SECItem *  retItem 
)

Definition at line 221 of file certv3.c.

{

    return (CERT_FindBitStringExtension
           (cert->extensions, SEC_OID_NS_CERT_EXT_CERT_TYPE, retItem));    
}

Here is the call graph for this function:

Here is the caller graph for this function:

char* CERT_FindNSStringExtension ( CERTCertificate *  cert,
int  oidtag 
)

Definition at line 233 of file certv3.c.

{
    SECItem wrapperItem, tmpItem = {siBuffer,0};
    SECStatus rv;
    PRArenaPool *arena = NULL;
    char *retstring = NULL;
    
    wrapperItem.data = NULL;
    tmpItem.data = NULL;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    
    if ( ! arena ) {
       goto loser;
    }
    
    rv = cert_FindExtension(cert->extensions, oidtag,
                            &wrapperItem);
    if ( rv != SECSuccess ) {
       goto loser;
    }

    rv = SEC_QuickDERDecodeItem(arena, &tmpItem, SEC_IA5StringTemplate, 
                         &wrapperItem);

    if ( rv != SECSuccess ) {
       goto loser;
    }

    retstring = (char *)PORT_Alloc(tmpItem.len + 1 );
    if ( retstring == NULL ) {
       goto loser;
    }
    
    PORT_Memcpy(retstring, tmpItem.data, tmpItem.len);
    retstring[tmpItem.len] = '\0';

loser:
    if ( arena ) {
       PORT_FreeArena(arena, PR_FALSE);
    }
    
    if ( wrapperItem.data ) {
       PORT_Free(wrapperItem.data);
    }

    return(retstring);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus CERT_FindSubjectKeyIDExtension ( CERTCertificate *  cert,
SECItem *  retItem 
)

Definition at line 297 of file certv3.c.

{

    SECStatus rv;
    SECItem encodedValue = {siBuffer, NULL, 0 };
    SECItem decodedValue = {siBuffer, NULL, 0 };

    rv = cert_FindExtension
        (cert->extensions, SEC_OID_X509_SUBJECT_KEY_ID, &encodedValue);
    if (rv == SECSuccess) {
       PLArenaPool * tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
       if (tmpArena) {
           rv = SEC_QuickDERDecodeItem(tmpArena, &decodedValue, 
                                       SEC_OctetStringTemplate, 
                                   &encodedValue);
           if (rv == SECSuccess) {
               rv = SECITEM_CopyItem(NULL, retItem, &decodedValue);
           }
           PORT_FreeArena(tmpArena, PR_FALSE);
       } else {
           rv = SECFailure;
       }
    }
    SECITEM_FreeItem(&encodedValue, PR_FALSE);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void* CERT_StartCertExtensions ( CERTCertificate *  cert)

Definition at line 75 of file certv3.c.

{
    return (cert_StartExtensions ((void *)cert, cert->arena, SetExts));
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void SetExts ( void object,
CERTCertExtension **  exts 
) [static]

Definition at line 66 of file certv3.c.

{
    CERTCertificate *cert = (CERTCertificate *)object;

    cert->extensions = exts;
    DER_SetUInteger (cert->arena, &(cert->version), SEC_CERTIFICATE_VERSION_3);
}

Here is the call graph for this function:

Here is the caller graph for this function: