Back to index

lightning-sunbird  0.9+nobinonly
Functions | Variables
genname.c File Reference
#include "plarena.h"
#include "seccomon.h"
#include "secitem.h"
#include "secoidt.h"
#include "mcom_db.h"
#include "secasn1.h"
#include "secder.h"
#include "certt.h"
#include "cert.h"
#include "xconst.h"
#include "secerr.h"
#include "secoid.h"
#include "prprf.h"
#include "genname.h"

Go to the source code of this file.

Functions

CERTGeneralName * cert_NewGeneralName (PLArenaPool *arena, CERTGeneralNameType type)
SECStatus cert_CopyOneGeneralName (PRArenaPool *arena, CERTGeneralName *dest, CERTGeneralName *src)
void CERT_DestroyGeneralNameList (CERTGeneralNameList *list)
CERTGeneralNameList * CERT_CreateGeneralNameList (CERTGeneralName *name)
CERTGeneralName * CERT_GetNextGeneralName (CERTGeneralName *current)
CERTGeneralName * CERT_GetPrevGeneralName (CERTGeneralName *current)
CERTNameConstraint * CERT_GetNextNameConstraint (CERTNameConstraint *current)
CERTNameConstraint * CERT_GetPrevNameConstraint (CERTNameConstraint *current)
SECItem * CERT_EncodeGeneralName (CERTGeneralName *genName, SECItem *dest, PRArenaPool *arena)
SECItem ** cert_EncodeGeneralNames (PRArenaPool *arena, CERTGeneralName *names)
CERTGeneralName * CERT_DecodeGeneralName (PRArenaPool *arena, SECItem *encodedName, CERTGeneralName *genName)
CERTGeneralName * cert_DecodeGeneralNames (PRArenaPool *arena, SECItem **encodedGenName)
void CERT_DestroyGeneralName (CERTGeneralName *name)
SECStatus cert_DestroyGeneralNames (CERTGeneralName *name)
static SECItem * cert_EncodeNameConstraint (CERTNameConstraint *constraint, SECItem *dest, PRArenaPool *arena)
SECStatus cert_EncodeNameConstraintSubTree (CERTNameConstraint *constraints, PRArenaPool *arena, SECItem ***dest, PRBool permited)
SECStatus cert_EncodeNameConstraints (CERTNameConstraints *constraints, PRArenaPool *arena, SECItem *dest)
CERTNameConstraint * cert_DecodeNameConstraint (PRArenaPool *arena, SECItem *encodedConstraint)
CERTNameConstraint * cert_DecodeNameConstraintSubTree (PRArenaPool *arena, SECItem **subTree, PRBool permited)
CERTNameConstraints * cert_DecodeNameConstraints (PRArenaPool *arena, SECItem *encodedConstraints)
SECStatus CERT_CopyGeneralName (PRArenaPool *arena, CERTGeneralName *dest, CERTGeneralName *src)
CERTGeneralNameList * CERT_DupGeneralNameList (CERTGeneralNameList *list)
CERTNameConstraint * CERT_CopyNameConstraint (PRArenaPool *arena, CERTNameConstraint *dest, CERTNameConstraint *src)
CERTGeneralName * cert_CombineNamesLists (CERTGeneralName *list1, CERTGeneralName *list2)
CERTNameConstraint * cert_CombineConstraintsLists (CERTNameConstraint *list1, CERTNameConstraint *list2)
CERTNameConstraint * CERT_AddNameConstraint (CERTNameConstraint *list, CERTNameConstraint *constraint)
SECStatus CERT_GetNameConstraintByType (CERTNameConstraint *constraints, CERTGeneralNameType type, CERTNameConstraint **returnList, PRArenaPool *arena)
voidCERT_GetGeneralNameByType (CERTGeneralName *genNames, CERTGeneralNameType type, PRBool derFormat)
int CERT_GetNamesLength (CERTGeneralName *names)
SECStatus cert_ExtractDNEmailAddrs (CERTGeneralName *name, PLArenaPool *arena)
CERTGeneralName * CERT_GetCertificateNames (CERTCertificate *cert, PRArenaPool *arena)
static SECStatus compareURIN2C (const SECItem *name, const SECItem *constraint)
static SECStatus compareDNSN2C (const SECItem *name, const SECItem *constraint)
static SECStatus compareRFC822N2C (const SECItem *name, const SECItem *constraint)
static SECStatus compareIPaddrN2C (const SECItem *name, const SECItem *constraint)
static SECStatus parseUriHostname (SECItem *item)
static SECStatus cert_CompareNameWithConstraints (CERTGeneralName *name, CERTNameConstraint *constraints, PRBool excluded)
SECStatus CERT_CompareNameSpace (CERTCertificate *cert, CERTGeneralName *namesList, CERTCertificate **certsList, PRArenaPool *arena, CERTCertificate **pBadCert)
char * CERT_GetNickName (CERTCertificate *cert, CERTCertDBHandle *handle, PRArenaPool *nicknameArena)

Variables

static const SEC_ASN1Template CERTNameConstraintTemplate []
const SEC_ASN1Template CERT_NameConstraintSubtreeSubTemplate []
const SEC_ASN1Template CERT_NameConstraintSubtreePermitedTemplate []
const SEC_ASN1Template CERT_NameConstraintSubtreeExcludedTemplate []
static const SEC_ASN1Template CERTNameConstraintsTemplate []
static const SEC_ASN1Template CERTOthNameTemplate []
static const SEC_ASN1Template CERTOtherNameTemplate []
static const SEC_ASN1Template CERTOtherName2Template []
static const SEC_ASN1Template CERT_RFC822NameTemplate []
static const SEC_ASN1Template CERT_DNSNameTemplate []
static const SEC_ASN1Template CERT_X400AddressTemplate []
static const SEC_ASN1Template CERT_DirectoryNameTemplate []
static const SEC_ASN1Template CERT_EDIPartyNameTemplate []
static const SEC_ASN1Template CERT_URITemplate []
static const SEC_ASN1Template CERT_IPAddressTemplate []
static const SEC_ASN1Template CERT_RegisteredIDTemplate []
const SEC_ASN1Template CERT_GeneralNamesTemplate []

Function Documentation

CERTNameConstraint* CERT_AddNameConstraint ( CERTNameConstraint *  list,
CERTNameConstraint *  constraint 
)

Definition at line 901 of file genname.c.

{
    PORT_Assert(constraint != NULL);
    constraint->l.next = constraint->l.prev = &constraint->l;
    list = cert_CombineConstraintsLists(list, constraint);
    return list;
}

Here is the call graph for this function:

Here is the caller graph for this function:

CERTNameConstraint* cert_CombineConstraintsLists ( CERTNameConstraint *  list1,
CERTNameConstraint *  list2 
)

Definition at line 875 of file genname.c.

{
    PRCList *begin1;
    PRCList *begin2;
    PRCList *end1;
    PRCList *end2;

    if (list1 == NULL){
       return list2;
    } else if (list2 == NULL) {
       return list1;
    } else {
       begin1 = &list1->l;
       begin2 = &list2->l;
       end1 = list1->l.prev;
       end2 = list2->l.prev;
       end1->next = begin2;
       end2->next = begin1;
       begin1->prev = end2;
       begin2->prev = end1;
       return list1;
    }
}

Here is the caller graph for this function:

CERTGeneralName* cert_CombineNamesLists ( CERTGeneralName *  list1,
CERTGeneralName *  list2 
)

Definition at line 849 of file genname.c.

{
    PRCList *begin1;
    PRCList *begin2;
    PRCList *end1;
    PRCList *end2;

    if (list1 == NULL){
       return list2;
    } else if (list2 == NULL) {
       return list1;
    } else {
       begin1 = &list1->l;
       begin2 = &list2->l;
       end1 = list1->l.prev;
       end2 = list2->l.prev;
       end1->next = begin2;
       end2->next = begin1;
       begin1->prev = end2;
       begin2->prev = end1;
       return list1;
    }
}

Here is the caller graph for this function:

SECStatus CERT_CompareNameSpace ( CERTCertificate *  cert,
CERTGeneralName *  namesList,
CERTCertificate **  certsList,
PRArenaPool arena,
CERTCertificate **  pBadCert 
)

Definition at line 1451 of file genname.c.

{
    SECStatus            rv = SECSuccess;
    SECItem              constraintsExtension;
    CERTNameConstraints  *constraints;
    CERTGeneralName      *currentName;
    int                  count = 0;
    CERTNameConstraint  *matchingConstraints;
    CERTCertificate      *badCert = NULL;
    
    /* If no names to check, then no names can be bad. */
    if (!namesList)
       goto done;
    constraintsExtension.data = NULL;
    rv = CERT_FindCertExtension(cert, SEC_OID_X509_NAME_CONSTRAINTS, 
                                &constraintsExtension);
    if (rv != SECSuccess) {
       if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) {
           rv = SECSuccess;
       } else {
           count = -1;
       }
       goto done;
    }
    /* TODO: mark arena */
    constraints = cert_DecodeNameConstraints(arena, &constraintsExtension);
    PORT_Free(constraintsExtension.data);
    currentName = namesList;
    if (constraints == NULL) { /* decode failed */
       rv = SECFailure;
       count = -1;
       goto done;
    } 
    do {
       if (constraints->excluded != NULL) {
           rv = CERT_GetNameConstraintByType(constraints->excluded, 
                                             currentName->type, 
                                         &matchingConstraints, arena);
           if (rv == SECSuccess && matchingConstraints != NULL) {
              rv = cert_CompareNameWithConstraints(currentName, 
                                                   matchingConstraints,
                                               PR_TRUE);
           }
           if (rv != SECSuccess) 
              break;
       }
       if (constraints->permited != NULL) {
           rv = CERT_GetNameConstraintByType(constraints->permited, 
                                             currentName->type, 
                                         &matchingConstraints, arena);
            if (rv == SECSuccess && matchingConstraints != NULL) {
              rv = cert_CompareNameWithConstraints(currentName, 
                                                   matchingConstraints,
                                               PR_FALSE);
           }
           if (rv != SECSuccess) 
              break;
       }
       currentName = CERT_GetNextGeneralName(currentName);
       count ++;
    } while (currentName != namesList);
done:
    if (rv != SECSuccess) {
       badCert = (count >= 0) ? certsList[count] : cert;
    }
    if (pBadCert)
       *pBadCert = badCert;
    /* TODO: release back to mark */
    return rv;
}

Here is the caller graph for this function:

static SECStatus cert_CompareNameWithConstraints ( CERTGeneralName *  name,
CERTNameConstraint *  constraints,
PRBool  excluded 
) [static]

Definition at line 1308 of file genname.c.

{
    SECStatus           rv     = SECSuccess;
    SECStatus           matched = SECFailure;
    CERTNameConstraint  *current;

    PORT_Assert(constraints);  /* caller should not call with NULL */
    if (!constraints) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    current = constraints;
    do {
       rv = SECSuccess;
       matched = SECFailure;
       PORT_Assert(name->type == current->name.type);
       switch (name->type) {

       case certDNSName:
           matched = compareDNSN2C(&name->name.other, 
                                   &current->name.name.other);
           break;

       case certRFC822Name:
           matched = compareRFC822N2C(&name->name.other, 
                                      &current->name.name.other);
           break;

       case certURI:
           {
              /* make a modifiable copy of the URI SECItem. */
              SECItem uri = name->name.other;
              /* find the hostname in the URI */
              rv = parseUriHostname(&uri);
              if (rv == SECSuccess) {
                  /* does our hostname meet the constraint? */
                  matched = compareURIN2C(&uri, &current->name.name.other);
              }
           }
           break;

       case certDirectoryName:
           /* Determine if the constraint directory name is a "prefix"
           ** for the directory name being tested. 
           */
         {
           /* status defaults to SECEqual, so that a constraint with 
           ** no AVAs will be a wildcard, matching all directory names.
           */
           SECComparison   status = SECEqual;
           const CERTRDN **cRDNs = current->name.name.directoryName.rdns;  
           const CERTRDN **nRDNs = name->name.directoryName.rdns;
           while (cRDNs && *cRDNs && nRDNs && *nRDNs) { 
              /* loop over name RDNs and constraint RDNs in lock step */
              const CERTRDN *cRDN = *cRDNs++;
              const CERTRDN *nRDN = *nRDNs++;
              CERTAVA **cAVAs = cRDN->avas;
              while (cAVAs && *cAVAs) { /* loop over constraint AVAs */
                  CERTAVA *cAVA = *cAVAs++;
                  CERTAVA **nAVAs = nRDN->avas;
                  while (nAVAs && *nAVAs) { /* loop over name AVAs */
                     CERTAVA *nAVA = *nAVAs++;
                     status = CERT_CompareAVA(cAVA, nAVA);
                     if (status == SECEqual) 
                         break;
                  } /* loop over name AVAs */
                  if (status != SECEqual) 
                     break;
              } /* loop over constraint AVAs */
              if (status != SECEqual) 
                  break;
           } /* loop over name RDNs and constraint RDNs */
           matched = (status == SECEqual) ? SECSuccess : SECFailure;
           break;
         }

       case certIPAddress:  /* type 8 */
           matched = compareIPaddrN2C(&name->name.other, 
                                      &current->name.name.other);
           break;

       /* NSS does not know how to compare these "Other" type names with 
       ** their respective constraints.  But it does know how to tell
       ** if the constraint applies to the type of name (by comparing
       ** the constraint OID to the name OID).  NSS makes no use of "Other"
       ** type names at all, so NSS errs on the side of leniency for these 
       ** types, provided that their OIDs match.  So, when an "Other"
       ** name constraint appears in an excluded subtree, it never causes
       ** a name to fail.  When an "Other" name constraint appears in a
       ** permitted subtree, AND the constraint's OID matches the name's
       ** OID, then name is treated as if it matches the constraint.
       */
       case certOtherName:  /* type 1 */
           matched = (!excluded &&
                     name->type == current->name.type &&
                     SECITEM_ItemsAreEqual(&name->name.OthName.oid,
                                        &current->name.name.OthName.oid))
               ? SECSuccess : SECFailure;
           break;

       /* NSS does not know how to compare these types of names with their
       ** respective constraints.  But NSS makes no use of these types of 
       ** names at all, so it errs on the side of leniency for these types.
       ** Constraints for these types of names never cause the name to 
       ** fail the constraints test.  NSS behaves as if the name matched
       ** for permitted constraints, and did not match for excluded ones.
       */
       case certX400Address:       /* type 4 */
       case certEDIPartyName:  /* type 6 */
       case certRegisterID: /* type 9 */
           matched = excluded ? SECFailure : SECSuccess;
           break;

       default: /* non-standard types are not supported */
           rv = SECFailure;
           break;
       }
       if (matched == SECSuccess || rv != SECSuccess)
           break;
       current = CERT_GetNextNameConstraint(current);
    } while (current != constraints);
    if (rv == SECSuccess) {
        if (matched == SECSuccess) 
           rv = excluded ? SECFailure : SECSuccess;
       else
           rv = excluded ? SECSuccess : SECFailure;
       return rv;
    }

    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus CERT_CopyGeneralName ( PRArenaPool arena,
CERTGeneralName *  dest,
CERTGeneralName *  src 
)

Definition at line 753 of file genname.c.

{
    SECStatus rv;
    CERTGeneralName *destHead = dest;
    CERTGeneralName *srcHead = src;

    PORT_Assert(dest != NULL);
    if (!dest) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }
    /* TODO: mark arena */
    do {
       rv = cert_CopyOneGeneralName(arena, dest, src);
       if (rv != SECSuccess)
           goto loser;
       src = CERT_GetNextGeneralName(src);
       /* if there is only one general name, we shouldn't do this */
       if (src != srcHead) {
           if (dest->l.next == &destHead->l) {
              CERTGeneralName *temp;
              temp = cert_NewGeneralName(arena, (CERTGeneralNameType)0);
              if (!temp) 
                  goto loser;
              temp->l.next = &destHead->l;
              temp->l.prev = &dest->l;
              destHead->l.prev = &temp->l;
              dest->l.next = &temp->l;
              dest = temp;
           } else {
              dest = CERT_GetNextGeneralName(dest);
           }
       }
    } while (src != srcHead && rv == SECSuccess);
    /* TODO: unmark arena */
    return rv;
loser:
    /* TODO: release back to mark */
    return SECFailure;
}

Here is the caller graph for this function:

CERTNameConstraint* CERT_CopyNameConstraint ( PRArenaPool arena,
CERTNameConstraint *  dest,
CERTNameConstraint *  src 
)

Definition at line 809 of file genname.c.

{
    SECStatus  rv;
    
    /* TODO: mark arena */
    if (dest == NULL) {
       dest = PORT_ArenaZNew(arena, CERTNameConstraint);
       if (!dest)
           goto loser;
       /* mark that it is not linked */
       dest->name.l.prev = dest->name.l.next = &(dest->name.l);
    }
    rv = CERT_CopyGeneralName(arena, &dest->name, &src->name);
    if (rv != SECSuccess) {
       goto loser;
    }
    rv = SECITEM_CopyItem(arena, &dest->DERName, &src->DERName);
    if (rv != SECSuccess) {
       goto loser;
    }
    rv = SECITEM_CopyItem(arena, &dest->min, &src->min);
    if (rv != SECSuccess) {
       goto loser;
    }
    rv = SECITEM_CopyItem(arena, &dest->max, &src->max);
    if (rv != SECSuccess) {
       goto loser;
    }
    dest->l.prev = dest->l.next = &dest->l;
    /* TODO: unmark arena */
    return dest;
loser:
    /* TODO: release arena to mark */
    return NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus cert_CopyOneGeneralName ( PRArenaPool arena,
CERTGeneralName *  dest,
CERTGeneralName *  src 
)

Definition at line 189 of file genname.c.

{
    SECStatus rv;

    /* TODO: mark arena */
    PORT_Assert(dest != NULL);
    dest->type = src->type;

    switch (src->type) {
    case certDirectoryName: 
       rv = SECITEM_CopyItem(arena, &dest->derDirectoryName, 
                                  &src->derDirectoryName);
       if (rv == SECSuccess) 
           rv = CERT_CopyName(arena, &dest->name.directoryName, 
                                   &src->name.directoryName);
       break;

    case certOtherName: 
       rv = SECITEM_CopyItem(arena, &dest->name.OthName.name, 
                                  &src->name.OthName.name);
       if (rv == SECSuccess) 
           rv = SECITEM_CopyItem(arena, &dest->name.OthName.oid, 
                                     &src->name.OthName.oid);
       break;

    default: 
       rv = SECITEM_CopyItem(arena, &dest->name.other, 
                                  &src->name.other);
       break;

    }
    if (rv != SECSuccess) {
       /* TODO: release back to mark */
    } else {
       /* TODO: unmark arena */
    }
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

CERTGeneralNameList* CERT_CreateGeneralNameList ( CERTGeneralName *  name)

Definition at line 251 of file genname.c.

                                                  {
    PRArenaPool *arena;
    CERTGeneralNameList *list = NULL;

    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) {
       goto done;
    }
    list = PORT_ArenaZNew(arena, CERTGeneralNameList);
    if (!list)
       goto loser;
    if (name != NULL) {
       SECStatus rv;
       list->name = cert_NewGeneralName(arena, (CERTGeneralNameType)0);
       if (!list->name)
           goto loser;
       rv = CERT_CopyGeneralName(arena, list->name, name);
       if (rv != SECSuccess)
           goto loser;
    }
    list->lock = PZ_NewLock(nssILockList);
    if (!list->lock)
       goto loser;
    list->arena = arena;
    list->refCount = 1;
done:
    return list;

loser:
    PORT_FreeArena(arena, PR_FALSE);
    return NULL;
}
CERTGeneralName* CERT_DecodeGeneralName ( PRArenaPool arena,
SECItem *  encodedName,
CERTGeneralName *  genName 
)

Definition at line 416 of file genname.c.

{
    const SEC_ASN1Template *         template;
    CERTGeneralNameType              genNameType;
    SECStatus                        rv = SECSuccess;

    PORT_Assert(arena);
    /* TODO: mark arena */
    genNameType = (CERTGeneralNameType)((*(encodedName->data) & 0x0f) + 1);
    if (genName == NULL) {
       genName = cert_NewGeneralName(arena, genNameType);
       if (!genName)
           goto loser;
    } else {
       genName->type = genNameType;
       genName->l.prev = genName->l.next = &genName->l;
    }
    switch (genNameType) {
    case certURI:           template = CERT_URITemplate;           break;
    case certRFC822Name:    template = CERT_RFC822NameTemplate;    break;
    case certDNSName:              template = CERT_DNSNameTemplate;       break;
    case certIPAddress:     template = CERT_IPAddressTemplate;     break;
    case certOtherName:     template = CERTOtherNameTemplate;      break;
    case certRegisterID:    template = CERT_RegisteredIDTemplate;  break;
    case certEDIPartyName:  template = CERT_EDIPartyNameTemplate;  break;
    case certX400Address:   template = CERT_X400AddressTemplate;   break;
    case certDirectoryName:        template = CERT_DirectoryNameTemplate; break;
    default: 
        goto loser;
    }
    rv = SEC_ASN1DecodeItem(arena, genName, template, encodedName);
    if (rv != SECSuccess) 
       goto loser;
    if (genNameType == certDirectoryName) {
       rv = SEC_ASN1DecodeItem(arena, &(genName->name.directoryName), 
                            CERT_NameTemplate, 
                            &(genName->derDirectoryName));
        if (rv != SECSuccess)
           goto loser;
    }

    /* TODO: unmark arena */
    return genName;
loser:
    /* TODO: release arena to mark */
    return NULL;
}
CERTGeneralName* cert_DecodeGeneralNames ( PRArenaPool arena,
SECItem **  encodedGenName 
)

Definition at line 467 of file genname.c.

{
    PRCList                           *head = NULL;
    PRCList                           *tail = NULL;
    CERTGeneralName                   *currentName = NULL;

    PORT_Assert(arena);
    if (!encodedGenName || !arena) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return NULL;
    }
    /* TODO: mark arena */
    while (*encodedGenName != NULL) {
       currentName = CERT_DecodeGeneralName(arena, *encodedGenName, NULL);
       if (currentName == NULL)
           break;
       if (head == NULL) {
           head = &(currentName->l);
           tail = head;
       }
       currentName->l.next = head;
       currentName->l.prev = tail;
       tail = head->prev = tail->next = &(currentName->l);
       encodedGenName++;
    }
    if (currentName) {
       /* TODO: unmark arena */
       return CERT_GetNextGeneralName(currentName);
    }
    /* TODO: release arena to mark */
    return NULL;
}

Here is the caller graph for this function:

CERTNameConstraint* cert_DecodeNameConstraint ( PRArenaPool arena,
SECItem *  encodedConstraint 
)

Definition at line 627 of file genname.c.

{
    CERTNameConstraint     *constraint;
    SECStatus              rv = SECSuccess;
    CERTGeneralName        *temp;

    PORT_Assert(arena);
    /* TODO: mark arena */
    constraint = PORT_ArenaZNew(arena, CERTNameConstraint);
    if (!constraint)
       goto loser;
    rv = SEC_ASN1DecodeItem(arena, constraint, CERTNameConstraintTemplate, 
                            encodedConstraint);
    if (rv != SECSuccess) {
       goto loser;
    }
    temp = CERT_DecodeGeneralName(arena, &(constraint->DERName), 
                                         &(constraint->name));
    if (temp != &(constraint->name)) {
       goto loser;
    }

    /* ### sjlee: since the name constraint contains only one 
     *            CERTGeneralName, the list within CERTGeneralName shouldn't 
     *            point anywhere else.  Otherwise, bad things will happen.
     */
    constraint->name.l.prev = constraint->name.l.next = &(constraint->name.l);
    /* TODO: unmark arena */
    return constraint;
loser:
    /* TODO: release arena back to mark */
    return NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

CERTNameConstraints* cert_DecodeNameConstraints ( PRArenaPool arena,
SECItem *  encodedConstraints 
)

Definition at line 696 of file genname.c.

{
    CERTNameConstraints   *constraints;
    SECStatus             rv;

    PORT_Assert(arena);
    PORT_Assert(encodedConstraints);
    /* TODO: mark arena */
    constraints = PORT_ArenaZNew(arena, CERTNameConstraints);
    if (constraints == NULL) {
       goto loser;
    }
    rv = SEC_ASN1DecodeItem(arena, constraints, CERTNameConstraintsTemplate, 
                         encodedConstraints);
    if (rv != SECSuccess) {
       goto loser;
    }
    if (constraints->DERPermited != NULL && 
        constraints->DERPermited[0] != NULL) {
       constraints->permited = 
           cert_DecodeNameConstraintSubTree(arena, constraints->DERPermited,
                                        PR_TRUE);
       if (constraints->permited == NULL) {
           goto loser;
       }
    }
    if (constraints->DERExcluded != NULL && 
        constraints->DERExcluded[0] != NULL) {
       constraints->excluded = 
           cert_DecodeNameConstraintSubTree(arena, constraints->DERExcluded,
                                        PR_FALSE);
       if (constraints->excluded == NULL) {
           goto loser;
       }
    }
    /* TODO: unmark arena */
    return constraints;
loser:
    /* TODO: release arena back to mark */
    return NULL;
}

Here is the caller graph for this function:

CERTNameConstraint* cert_DecodeNameConstraintSubTree ( PRArenaPool arena,
SECItem **  subTree,
PRBool  permited 
)

Definition at line 663 of file genname.c.

{
    CERTNameConstraint   *current = NULL;
    CERTNameConstraint   *first = NULL;
    CERTNameConstraint   *last = NULL;
    int                  i = 0;

    PORT_Assert(arena);
    /* TODO: mark arena */
    while (subTree[i] != NULL) {
       current = cert_DecodeNameConstraint(arena, subTree[i]);
       if (current == NULL) {
           goto loser;
       }
       if (last == NULL) {
           first = last = current;
       }
       current->l.prev = &(last->l);
       current->l.next = last->l.next;
       last->l.next = &(current->l);
       i++;
    }
    first->l.prev = &(current->l);
    /* TODO: unmark arena */
    return first;
loser:
    /* TODO: release arena back to mark */
    return NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void CERT_DestroyGeneralName ( CERTGeneralName *  name)

Definition at line 502 of file genname.c.

void CERT_DestroyGeneralNameList ( CERTGeneralNameList *  list)

Definition at line 232 of file genname.c.

{
    PZLock *lock;

    if (list != NULL) {
       lock = list->lock;
       PZ_Lock(lock);
       if (--list->refCount <= 0 && list->arena != NULL) {
           PORT_FreeArena(list->arena, PR_FALSE);
           PZ_Unlock(lock);
           PZ_DestroyLock(lock);
       } else {
           PZ_Unlock(lock);
       }
    }
    return;
}

Here is the caller graph for this function:

SECStatus cert_DestroyGeneralNames ( CERTGeneralName *  name)

Definition at line 508 of file genname.c.

{
    CERTGeneralName    *first;
    CERTGeneralName    *next = NULL;


    first = name;
    do {
       next = CERT_GetNextGeneralName(name);
       PORT_Free(name);
       name = next;
    } while (name != first);
    return SECSuccess;
}

Here is the caller graph for this function:

CERTGeneralNameList* CERT_DupGeneralNameList ( CERTGeneralNameList *  list)

Definition at line 798 of file genname.c.

{
    if (list != NULL) {
       PZ_Lock(list->lock);
       list->refCount++;
       PZ_Unlock(list->lock);
    }
    return list;
}
SECItem* CERT_EncodeGeneralName ( CERTGeneralName *  genName,
SECItem *  dest,
PRArenaPool arena 
)

Definition at line 319 of file genname.c.

{

    const SEC_ASN1Template * template;

    PORT_Assert(arena);
    if (arena == NULL) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return NULL;
    }
    /* TODO: mark arena */
    if (dest == NULL) {
       dest = PORT_ArenaZNew(arena, SECItem);
       if (!dest)
           goto loser;
    }
    if (genName->type == certDirectoryName) {
       if (genName->derDirectoryName.data == NULL) {
           /* The field hasn't been encoded yet. */
            SECItem * pre_dest =
            SEC_ASN1EncodeItem (arena, &(genName->derDirectoryName),
                                &(genName->name.directoryName),
                                CERT_NameTemplate);
            if (!pre_dest)
                goto loser;
       }
       if (genName->derDirectoryName.data == NULL) {
           goto loser;
       }
    }
    switch (genName->type) {
    case certURI:           template = CERT_URITemplate;           break;
    case certRFC822Name:    template = CERT_RFC822NameTemplate;    break;
    case certDNSName:       template = CERT_DNSNameTemplate;       break;
    case certIPAddress:     template = CERT_IPAddressTemplate;     break;
    case certOtherName:     template = CERTOtherNameTemplate;      break;
    case certRegisterID:    template = CERT_RegisteredIDTemplate;  break;
         /* for this type, we expect the value is already encoded */
    case certEDIPartyName:  template = CERT_EDIPartyNameTemplate;  break;
        /* for this type, we expect the value is already encoded */
    case certX400Address:   template = CERT_X400AddressTemplate;   break;
    case certDirectoryName: template = CERT_DirectoryNameTemplate; break;
    default:
       PORT_Assert(0); goto loser;
    }
    dest = SEC_ASN1EncodeItem(arena, dest, genName, template);
    if (!dest) {
       goto loser;
    }
    /* TODO: unmark arena */
    return dest;
loser:
    /* TODO: release arena back to mark */
    return NULL;
}
SECItem** cert_EncodeGeneralNames ( PRArenaPool arena,
CERTGeneralName *  names 
)

Definition at line 376 of file genname.c.

{
    CERTGeneralName  *current_name;
    SECItem          **items = NULL;
    int              count = 0;
    int              i;
    PRCList          *head;

    PORT_Assert(arena);
    /* TODO: mark arena */
    current_name = names;
    if (names != NULL) {
       count = 1;
    }
    head = &(names->l);
    while (current_name->l.next != head) {
       current_name = CERT_GetNextGeneralName(current_name);
       ++count;
    }
    current_name = CERT_GetNextGeneralName(current_name);
    items = PORT_ArenaNewArray(arena, SECItem *, count + 1);
    if (items == NULL) {
       goto loser;
    }
    for (i = 0; i < count; i++) {
       items[i] = CERT_EncodeGeneralName(current_name, (SECItem *)NULL, arena);
       if (items[i] == NULL) {
           goto loser;
       }
       current_name = CERT_GetNextGeneralName(current_name);
    }
    items[i] = NULL;
    /* TODO: unmark arena */
    return items;
loser:
    /* TODO: release arena to mark */
    return NULL;
}

Here is the caller graph for this function:

static SECItem* cert_EncodeNameConstraint ( CERTNameConstraint *  constraint,
SECItem *  dest,
PRArenaPool arena 
) [static]

Definition at line 524 of file genname.c.

{
    PORT_Assert(arena);
    if (dest == NULL) {
       dest = PORT_ArenaZNew(arena, SECItem);
       if (dest == NULL) {
           return NULL;
       }
    }
    CERT_EncodeGeneralName(&(constraint->name), &(constraint->DERName), arena);
    
    dest = SEC_ASN1EncodeItem (arena, dest, constraint,
                            CERTNameConstraintTemplate);
    return dest;
} 

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus cert_EncodeNameConstraints ( CERTNameConstraints *  constraints,
PRArenaPool arena,
SECItem *  dest 
)

Definition at line 589 of file genname.c.

{
    SECStatus    rv = SECSuccess;

    PORT_Assert(arena);
    /* TODO: mark arena */
    if (constraints->permited != NULL) {
       rv = cert_EncodeNameConstraintSubTree(constraints->permited, arena,
                                         &constraints->DERPermited, 
                                         PR_TRUE);
       if (rv == SECFailure) {
           goto loser;
       }
    }
    if (constraints->excluded != NULL) {
       rv = cert_EncodeNameConstraintSubTree(constraints->excluded, arena,
                                         &constraints->DERExcluded, 
                                         PR_FALSE);
       if (rv == SECFailure) {
           goto loser;
       }
    }
    dest = SEC_ASN1EncodeItem(arena, dest, constraints, 
                           CERTNameConstraintsTemplate);
    if (dest == NULL) {
       goto loser;
    }
    /* TODO: unmark arena */
    return SECSuccess;
loser:
    /* TODO: release arena to mark */
    return SECFailure;
}

Here is the caller graph for this function:

SECStatus cert_EncodeNameConstraintSubTree ( CERTNameConstraint *  constraints,
PRArenaPool arena,
SECItem ***  dest,
PRBool  permited 
)

Definition at line 543 of file genname.c.

{
    CERTNameConstraint  *current_constraint = constraints;
    SECItem             **items = NULL;
    int                 count = 0;
    int                 i;
    PRCList             *head;

    PORT_Assert(arena);
    /* TODO: mark arena */
    if (constraints != NULL) {
       count = 1;
    }
    head = &constraints->l;
    while (current_constraint->l.next != head) {
       current_constraint = CERT_GetNextNameConstraint(current_constraint);
       ++count;
    }
    current_constraint = CERT_GetNextNameConstraint(current_constraint);
    items = PORT_ArenaZNewArray(arena, SECItem *, count + 1);
    if (items == NULL) {
       goto loser;
    }
    for (i = 0; i < count; i++) {
       items[i] = cert_EncodeNameConstraint(current_constraint, 
                                        (SECItem *) NULL, arena);
       if (items[i] == NULL) {
           goto loser;
       }
       current_constraint = CERT_GetNextNameConstraint(current_constraint);
    }
    *dest = items;
    if (*dest == NULL) {
       goto loser;
    }
    /* TODO: unmark arena */
    return SECSuccess;
loser:
    /* TODO: release arena to mark */
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus cert_ExtractDNEmailAddrs ( CERTGeneralName *  name,
PLArenaPool arena 
)

Definition at line 1000 of file genname.c.

{
    CERTGeneralName  *nameList = NULL;
    const CERTRDN    **nRDNs   = name->name.directoryName.rdns;
    SECStatus        rv        = SECSuccess;

    PORT_Assert(name->type == certDirectoryName);
    if (name->type != certDirectoryName) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
    }
    /* TODO: mark arena */
    while (nRDNs && *nRDNs) { /* loop over RDNs */
       const CERTRDN *nRDN = *nRDNs++;
       CERTAVA **nAVAs = nRDN->avas;
       while (nAVAs && *nAVAs) { /* loop over AVAs */
           int tag;
           CERTAVA *nAVA = *nAVAs++;
           tag = CERT_GetAVATag(nAVA);
           if ( tag == SEC_OID_PKCS9_EMAIL_ADDRESS ||
               tag == SEC_OID_RFC1274_MAIL) { /* email AVA */
              CERTGeneralName *newName = NULL;
              SECItem *avaValue = CERT_DecodeAVAValue(&nAVA->value);
              if (!avaValue)
                  goto loser;
              rv = SECFailure;
                newName = cert_NewGeneralName(arena, certRFC822Name);
              if (newName) {
                 rv = SECITEM_CopyItem(arena, &newName->name.other, avaValue);
              }
              SECITEM_FreeItem(avaValue, PR_TRUE);
              if (rv != SECSuccess)
                  goto loser;
              nameList = cert_CombineNamesLists(nameList, newName);
           } /* handle one email AVA */
       } /* loop over AVAs */
    } /* loop over RDNs */
    /* combine new names with old one. */
    name = cert_CombineNamesLists(name, nameList);
    /* TODO: unmark arena */
    return SECSuccess;

loser:
    /* TODO: release arena back to mark */
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

CERTGeneralName* CERT_GetCertificateNames ( CERTCertificate *  cert,
PRArenaPool arena 
)

Definition at line 1051 of file genname.c.

{
    CERTGeneralName  *DN;
    CERTGeneralName  *altName         = NULL;
    SECItem          altNameExtension = {siBuffer, NULL, 0 };
    SECStatus        rv;

    /* TODO: mark arena */
    DN = cert_NewGeneralName(arena, certDirectoryName);
    if (DN == NULL) {
       goto loser;
    }
    rv = CERT_CopyName(arena, &DN->name.directoryName, &cert->subject);
    if (rv != SECSuccess) {
       goto loser;
    }
    rv = SECITEM_CopyItem(arena, &DN->derDirectoryName, &cert->derSubject);
    if (rv != SECSuccess) {
       goto loser;
    }
    /* Extract email addresses from DN, construct CERTGeneralName structs 
    ** for them, add them to the name list 
    */
    rv = cert_ExtractDNEmailAddrs(DN, arena);
    if (rv != SECSuccess)
        goto loser;

    /* Now extract any GeneralNames from the subject name names extension. */
    rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME, 
                            &altNameExtension);
    if (rv == SECSuccess) {
       altName = CERT_DecodeAltNameExtension(arena, &altNameExtension);
       rv = altName ? SECSuccess : SECFailure;
    }
    if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND)
       rv = SECSuccess;
    if (altNameExtension.data)
       SECITEM_FreeItem(&altNameExtension, PR_FALSE);
    if (rv != SECSuccess)
        goto loser;
    DN = cert_CombineNamesLists(DN, altName);

    /* TODO: unmark arena */
    return DN;
loser:
    /* TODO: release arena to mark */
    return NULL;
}
void* CERT_GetGeneralNameByType ( CERTGeneralName *  genNames,
CERTGeneralNameType  type,
PRBool  derFormat 
)

Definition at line 943 of file genname.c.

{
    CERTGeneralName *current;
    
    if (!genNames)
       return NULL;
    current = genNames;

    do {
       if (current->type == type) {
           switch (type) {
           case certDNSName:
           case certEDIPartyName:
           case certIPAddress:
           case certRegisterID:
           case certRFC822Name:
           case certX400Address:
           case certURI: 
              return (void *)&current->name.other;           /* SECItem * */

           case certOtherName: 
              return (void *)&current->name.OthName;         /* OthName * */

           case certDirectoryName: 
              return derFormat 
                     ? (void *)&current->derDirectoryName    /* SECItem * */
                     : (void *)&current->name.directoryName; /* CERTName * */
           }
           PORT_Assert(0); 
           return NULL;
       }
       current = CERT_GetNextGeneralName(current);
    } while (current != genNames);
    return NULL;
}
SECStatus CERT_GetNameConstraintByType ( CERTNameConstraint *  constraints,
CERTGeneralNameType  type,
CERTNameConstraint **  returnList,
PRArenaPool arena 
)

Definition at line 912 of file genname.c.

{
    CERTNameConstraint *current;
    
    *returnList = NULL;
    if (!constraints)
       return SECSuccess;
    /* TODO: mark arena */
    current = constraints;
    do {
       PORT_Assert(current->name.type);
       if (current->name.type == type) {
           CERTNameConstraint *temp;
           temp = CERT_CopyNameConstraint(arena, NULL, current);
           if (temp == NULL) 
              goto loser;
           *returnList = CERT_AddNameConstraint(*returnList, temp);
       }
       current = CERT_GetNextNameConstraint(current);
    } while (current != constraints);
    /* TODO: unmark arena */
    return SECSuccess;
loser:
    /* TODO: release arena back to mark */
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int CERT_GetNamesLength ( CERTGeneralName *  names)

Definition at line 981 of file genname.c.

{
    int              length = 0;
    CERTGeneralName  *first;

    first = names;
    if (names != NULL) {
       do {
           length++;
           names = CERT_GetNextGeneralName(names);
       } while (names != first);
    }
    return length;
}

Here is the caller graph for this function:

CERTGeneralName* CERT_GetNextGeneralName ( CERTGeneralName *  current)

Definition at line 285 of file genname.c.

{
    PRCList *next;
    
    next = current->l.next;
    return (CERTGeneralName *) (((char *) next) - offsetof(CERTGeneralName, l));
}
CERTNameConstraint* CERT_GetNextNameConstraint ( CERTNameConstraint *  current)

Definition at line 302 of file genname.c.

{
    PRCList *next;
    
    next = current->l.next;
    return (CERTNameConstraint *) (((char *) next) - offsetof(CERTNameConstraint, l));
}
char* CERT_GetNickName ( CERTCertificate *  cert,
CERTCertDBHandle *  handle,
PRArenaPool nicknameArena 
)

Definition at line 1534 of file genname.c.

{ 
    CERTGeneralName  *current;
    CERTGeneralName  *names;
    char             *nickname   = NULL;
    char             *returnName = NULL;
    char             *basename   = NULL;
    PRArenaPool      *arena      = NULL;
    CERTCertificate  *tmpcert;
    SECStatus        rv;
    int              count;
    int              found = 0;
    SECItem          altNameExtension;
    SECItem          nick;

    if (handle == NULL) {
       handle = CERT_GetDefaultCertDB();
    }
    altNameExtension.data = NULL;
    rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME, 
                            &altNameExtension);
    if (rv != SECSuccess) { 
       goto loser; 
    }
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) {
       goto loser;
    }
    names = CERT_DecodeAltNameExtension(arena, &altNameExtension);
    if (names == NULL) {
       goto loser;
    } 
    current = names;
    do {
       if (current->type == certOtherName && 
           SECOID_FindOIDTag(&current->name.OthName.oid) == 
             SEC_OID_NETSCAPE_NICKNAME) {
           found = 1;
           break;
       }
       current = CERT_GetNextGeneralName(current);
    } while (current != names);
    if (!found)
       goto loser;

    rv = SEC_ASN1DecodeItem(arena, &nick, SEC_IA5StringTemplate, 
                         &current->name.OthName.name);
    if (rv != SECSuccess) {
       goto loser;
    }

    /* make a null terminated string out of nick, with room enough at
    ** the end to add on a number of up to 21 digits in length, (a signed
    ** 64-bit number in decimal) plus a space and a "#". 
    */
    nickname = (char*)PORT_ZAlloc(nick.len + 24);
    if (!nickname) 
       goto loser;
    PORT_Strncpy(nickname, (char *)nick.data, nick.len);

    /* Don't let this cert's nickname duplicate one already in the DB.
    ** If it does, create a variant of the nickname that doesn't.
    */
    count = 0;
    while ((tmpcert = CERT_FindCertByNickname(handle, nickname)) != NULL) {
       CERT_DestroyCertificate(tmpcert);
       if (!basename) {
           basename = PORT_Strdup(nickname);
           if (!basename)
              goto loser;
       }
       count++;
       sprintf(nickname, "%s #%d", basename, count);
    }

    /* success */
    if (nicknameArena) {
       returnName =  PORT_ArenaStrdup(nicknameArena, nickname);
    } else {
       returnName = nickname;
       nickname = NULL;
    }
loser:
    if (arena != NULL) 
       PORT_FreeArena(arena, PR_FALSE);
    if (nickname)
       PORT_Free(nickname);
    if (basename)
       PORT_Free(basename);
    if (altNameExtension.data)
       PORT_Free(altNameExtension.data);
    return returnName;
}
CERTGeneralName* CERT_GetPrevGeneralName ( CERTGeneralName *  current)

Definition at line 294 of file genname.c.

{
    PRCList *prev;
    prev = current->l.prev;
    return (CERTGeneralName *) (((char *) prev) - offsetof(CERTGeneralName, l));
}
CERTNameConstraint* CERT_GetPrevNameConstraint ( CERTNameConstraint *  current)

Definition at line 311 of file genname.c.

{
    PRCList *prev;
    prev = current->l.prev;
    return (CERTNameConstraint *) (((char *) prev) - offsetof(CERTNameConstraint, l));
}
CERTGeneralName* cert_NewGeneralName ( PLArenaPool arena,
CERTGeneralNameType  type 
)

Definition at line 172 of file genname.c.

{
    CERTGeneralName *name = arena 
                            ? PORT_ArenaZNew(arena, CERTGeneralName)
                           : PORT_ZNew(CERTGeneralName);
    if (name) {
       name->type = type;
       name->l.prev = name->l.next = &name->l;
    }
    return name;
}

Here is the caller graph for this function:

static SECStatus compareDNSN2C ( const SECItem *  name,
const SECItem *  constraint 
) [static]

Definition at line 1168 of file genname.c.

{
    int offset;
    /* The spec is silent on intepreting zero-length constraints.
    ** We interpret them as matching all DNSnames.
    */
    if (!constraint->len)
        return SECSuccess;
    if (name->len < constraint->len)
        return SECFailure;
    offset = name->len - constraint->len;
    if (PL_strncasecmp(name->data + offset, constraint->data, constraint->len))
        return SECFailure;
    if (!offset || 
        (name->data[offset - 1] == '.') + (constraint->data[0] == '.') == 1)
       return SECSuccess;
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus compareIPaddrN2C ( const SECItem *  name,
const SECItem *  constraint 
) [static]

Definition at line 1229 of file genname.c.

{
    int i;
    if (name->len == 4 && constraint->len == 8) { /* ipv4 addr */
        for (i = 0; i < 4; i++) {
           if ((name->data[i] ^ constraint->data[i]) & constraint->data[i+4])
               goto loser;
       }
       return SECSuccess;
    }
    if (name->len == 16 && constraint->len == 32) { /* ipv6 addr */
        for (i = 0; i < 16; i++) {
           if ((name->data[i] ^ constraint->data[i]) & constraint->data[i+16])
               goto loser;
       }
       return SECSuccess;
    }
loser:
    return SECFailure;
}

Here is the caller graph for this function:

static SECStatus compareRFC822N2C ( const SECItem *  name,
const SECItem *  constraint 
) [static]

Definition at line 1196 of file genname.c.

{
    int offset;
    if (!constraint->len)
        return SECSuccess;
    if (name->len < constraint->len)
        return SECFailure;
    if (constraint->len == 1 && constraint->data[0] == '.')
        return SECSuccess;
    for (offset = constraint->len - 1; offset >= 0; --offset) {
       if (constraint->data[offset] == '@') {
           return (name->len == constraint->len && 
               !PL_strncasecmp(name->data, constraint->data, constraint->len))
              ? SECSuccess : SECFailure;
       }
    }
    offset = name->len - constraint->len;
    if (PL_strncasecmp(name->data + offset, constraint->data, constraint->len))
        return SECFailure;
    if (constraint->data[0] == '.')
        return SECSuccess;
    if (offset > 0 && name->data[offset - 1] == '@')
        return SECSuccess;
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus compareURIN2C ( const SECItem *  name,
const SECItem *  constraint 
) [static]

Definition at line 1116 of file genname.c.

{
    int offset;
    /* The spec is silent on intepreting zero-length constraints.
    ** We interpret them as matching no URI names.
    */
    if (!constraint->len)
        return SECFailure;
    if (constraint->data[0] != '.') { 
       /* constraint is a host name. */
       if (name->len != constraint->len ||
           PL_strncasecmp(name->data, constraint->data, constraint->len))
           return SECFailure;
       return SECSuccess;
    }
    /* constraint is a domain name. */
    if (name->len < constraint->len)
        return SECFailure;
    offset = name->len - constraint->len;
    if (PL_strncasecmp(name->data + offset, constraint->data, constraint->len))
        return SECFailure;
    if (!offset || 
        (name->data[offset - 1] == '.') + (constraint->data[0] == '.') == 1)
       return SECSuccess;
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus parseUriHostname ( SECItem *  item) [static]

Definition at line 1256 of file genname.c.

{
    int i;
    PRBool found = PR_FALSE;
    for (i = 0; (unsigned)(i+2) < item->len; ++i) {
       if (item->data[i  ] == ':' &&
           item->data[i+1] == '/' &&
           item->data[i+2] == '/') {
           i += 3;
           item->data += i;
           item->len  -= i;
           found = PR_TRUE;
           break;
       }
    }
    if (!found) 
        return SECFailure;
    /* now look for a '/', which is an upper bound in the end of the name */
    for (i = 0; (unsigned)i < item->len; ++i) {
       if (item->data[i] == '/') {
           item->len = i;
           break;
       }
    }
    /* now look for a ':', which marks the end of the name */
    for (i = item->len; --i >= 0; ) {
        if (item->data[i] == ':') {
           item->len = i;
           break;
       }
    }
    /* now look for an '@', which marks the beginning of the hostname */
    for (i = 0; (unsigned)i < item->len; ++i) {
       if (item->data[i] == '@') {
           ++i;
           item->data += i;
           item->len  -= i;
           break;
       }
    }
    return item->len ? SECSuccess : SECFailure;
}

Here is the caller graph for this function:


Variable Documentation

Initial value:
 {
    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 4,
          offsetof(CERTGeneralName, derDirectoryName), SEC_AnyTemplate,
          sizeof (CERTGeneralName)}
}

Definition at line 133 of file genname.c.

Initial value:
 {
    { SEC_ASN1_CONTEXT_SPECIFIC | 2 ,
          offsetof(CERTGeneralName, name.other), SEC_IA5StringTemplate,
          sizeof (CERTGeneralName)}
}

Definition at line 121 of file genname.c.

Initial value:
 {
    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 5,
          offsetof(CERTGeneralName, name.other), SEC_AnyTemplate,
          sizeof (CERTGeneralName)}
}

Definition at line 140 of file genname.c.

Initial value:

Definition at line 165 of file genname.c.

Initial value:
 {
    { SEC_ASN1_CONTEXT_SPECIFIC | 7 ,
          offsetof(CERTGeneralName, name.other), SEC_OctetStringTemplate,
          sizeof (CERTGeneralName)}
}

Definition at line 152 of file genname.c.

Initial value:

Definition at line 73 of file genname.c.

Initial value:

Definition at line 69 of file genname.c.

Initial value:

Definition at line 64 of file genname.c.

Initial value:
 {
    { SEC_ASN1_CONTEXT_SPECIFIC | 8 ,
          offsetof(CERTGeneralName, name.other), SEC_ObjectIDTemplate,
          sizeof (CERTGeneralName)}
}

Definition at line 158 of file genname.c.

Initial value:
 {
    { SEC_ASN1_CONTEXT_SPECIFIC | 1 ,
          offsetof(CERTGeneralName, name.other), SEC_IA5StringTemplate,
          sizeof (CERTGeneralName)}
}

Definition at line 115 of file genname.c.

Initial value:
 {
    { SEC_ASN1_CONTEXT_SPECIFIC | 6 ,
          offsetof(CERTGeneralName, name.other), SEC_IA5StringTemplate,
          sizeof (CERTGeneralName)}
}

Definition at line 146 of file genname.c.

Initial value:
 {
    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 3,
          offsetof(CERTGeneralName, name.other), SEC_AnyTemplate,
          sizeof (CERTGeneralName)}
}

Definition at line 127 of file genname.c.

Initial value:
 {
    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTNameConstraints) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 0, 
          offsetof(CERTNameConstraints, DERPermited), 
         CERT_NameConstraintSubtreeSubTemplate},
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 1, 
          offsetof(CERTNameConstraints, DERExcluded), 
         CERT_NameConstraintSubtreeSubTemplate},
    { 0, }
}

Definition at line 78 of file genname.c.

Initial value:
 {
    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTNameConstraint) },
    { SEC_ASN1_ANY, offsetof(CERTNameConstraint, DERName) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 0, 
          offsetof(CERTNameConstraint, min), SEC_IntegerTemplate }, 
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 1, 
          offsetof(CERTNameConstraint, max), SEC_IntegerTemplate },
    { 0, }
}

Definition at line 54 of file genname.c.

Initial value:
 {
    { SEC_ASN1_SEQUENCE | SEC_ASN1_CONTEXT_SPECIFIC | 0 ,
      0, NULL, sizeof(CERTGeneralName) },
    { SEC_ASN1_OBJECT_ID,
         offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, oid) },
    { SEC_ASN1_ANY,
         offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, name) },
    { 0, } 
}

Definition at line 105 of file genname.c.

Initial value:
 {
    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 0 ,
      offsetof(CERTGeneralName, name.OthName), CERTOthNameTemplate, 
      sizeof(CERTGeneralName) }
}

Definition at line 99 of file genname.c.

Initial value:

Definition at line 90 of file genname.c.