[apple/security.git] / OSX / libsecurity_asn1 / lib / pkcs12Templates.c

/*
 * Copyright (c) 2003-2004,2008,2010,2012 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */
/*
 * pkcs12Templates.cpp
 */
 
#include <stddef.h>
#include "pkcs12Templates.h"
#include "nssUtils.h"
#include "SecAsn1Templates.h"
#include "oidsattr.h"

const SecAsn1Template NSS_P12_MacDataTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(NSS_P12_MacData) },
	{ SEC_ASN1_INLINE,
	  offsetof(NSS_P12_MacData,mac),
	  NSS_P7_DigestInfoTemplate },
    { SEC_ASN1_OCTET_STRING,
	  offsetof(NSS_P12_MacData,macSalt) },
	/* iterations is unsigned - right? */
	{ SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL,
	  offsetof(NSS_P12_MacData,iterations) },
    { 0, }
};

const SecAsn1Template pointerToMacDataTemplate[] = {
    { SEC_ASN1_POINTER, 0, NSS_P12_MacDataTemplate }
};

/* raw PFX with unprocessed authSafe */
const SecAsn1Template NSS_P12_RawPFXTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(NSS_P12_RawPFX) },
	{ SEC_ASN1_INTEGER,
	  offsetof(NSS_P12_RawPFX,version) },
	{ SEC_ASN1_INLINE,
	  offsetof(NSS_P12_RawPFX, authSafe),
	  NSS_P7_RawContentInfoTemplate },
	{ SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL,
	  offsetof(NSS_P12_RawPFX, macData),
	  NSS_P12_MacDataTemplate },
    { 0, }
};

/* PFX with decoded authSafe */
const SecAsn1Template NSS_P12_DecodedPFXTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(NSS_P12_DecodedPFX) },
	{ SEC_ASN1_INTEGER,
	  offsetof(NSS_P12_DecodedPFX,version) },
	{ SEC_ASN1_INLINE,
	  offsetof(NSS_P12_DecodedPFX, authSafe),
	  NSS_P7_DecodedContentInfoTemplate },
	{ SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL,
	  offsetof(NSS_P12_DecodedPFX, macData),
	  NSS_P12_MacDataTemplate },
    { 0, }
};

/* AuthenticatedSafe */
const SecAsn1Template NSS_P12_AuthenticatedSafeTemplate[] = {
	{ SEC_ASN1_SEQUENCE_OF,
	  offsetof(NSS_P12_AuthenticatedSafe, info),
	  NSS_P7_DecodedContentInfoTemplate,
	  sizeof(NSS_P12_AuthenticatedSafe) }
};

/*
 * Individual SafeBag type-specific templates here when we write 'em
 */
const SecAsn1Template NSS_P12_PtrToShroudedKeyBagTemplate[] = {
	{ SEC_ASN1_POINTER, 0, kSecAsn1EncryptedPrivateKeyInfoTemplate }
};

/*
 * CertBag via SEC_ASN1_DYNAMIC
 */
static const SecAsn1Template * NSS_P12_CertBagChooser(
	void *arg, 			// --> NSS_P12_CertBag
	Boolean enc,
	const char *buf,	// on decode, tag byte and length
	size_t len,
	void *dest)			// --> NSS_P12_CertBag.bagValue
{
	NSS_P12_CertBag *bag = (NSS_P12_CertBag *)arg;
	const SecAsn1Template *templ = NULL;
	NSS_P12_CertBagType type = CT_Unknown;
	SecAsn1Oid *oid = &bag->bagType;
	
	if(nssCompareSecAsn1Items(oid, &CSSMOID_PKCS9_X509Certificate)) {
		templ = kSecAsn1OctetStringTemplate;
		type = CT_X509;
	}
	else if(nssCompareSecAsn1Items(oid, &CSSMOID_PKCS9_SdsiCertificate)) {
		templ = kSecAsn1IA5StringTemplate;
		type = CT_SDSI;
	}
	else {
		/* punt */
		templ = kSecAsn1AnyTemplate;
	}
	if(!enc) {
		bag->type = type;
	}
	return templ;
}

static const SecAsn1TemplateChooserPtr NSS_P12_CertBagChooserPtr = 
	NSS_P12_CertBagChooser;

const SecAsn1Template NSS_P12_CertBagTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(NSS_P12_CertBag) },
	{ SEC_ASN1_OBJECT_ID,
	  offsetof(NSS_P12_CertBag,bagType) },
	  /* these come in with a tag of 0xA0, context/constructed, 
	   * though I don't know why they are flagged as constructed */
	{ SEC_ASN1_DYNAMIC | SEC_ASN1_CONTEXT_SPECIFIC |
	  SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 0,
	  offsetof(NSS_P12_CertBag, certValue),
	  &NSS_P12_CertBagChooserPtr },
    { 0, }
};

const SecAsn1Template NSS_P12_PtrToCertBagTemplate[] = {
	{ SEC_ASN1_POINTER, 0, NSS_P12_CertBagTemplate }
};

/*
 * CrlBag via SEC_ASN1_DYNAMIC
 */
static const SecAsn1Template * NSS_P12_CrlBagChooser(
	void *arg, 			// --> NSS_P12_CrlBag
	Boolean enc,
	const char *buf,	// on decode, tag byte and length
	size_t len,
	void *dest)			// --> NSS_P12_CertBag.bagValue
{
	NSS_P12_CrlBag *bag = (NSS_P12_CrlBag *)arg;
	const SecAsn1Template *templ = NULL;
	NSS_P12_CrlBagType type = CRT_Unknown;
	SecAsn1Oid *oid = &bag->bagType;
	
	if(nssCompareSecAsn1Items(oid, &CSSMOID_PKCS9_X509Crl)) {
		templ = kSecAsn1OctetStringTemplate;
		type = CRT_X509;
	}
	else {
		/* punt */
		templ = kSecAsn1AnyTemplate;
	}
	if(!enc) {
		bag->type = type;
	}
	return templ;
}

static const SecAsn1TemplateChooserPtr NSS_P12_CrlBagChooserPtr = 
	NSS_P12_CrlBagChooser;

const SecAsn1Template NSS_P12_CrlBagTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(NSS_P12_CrlBag) },
	{ SEC_ASN1_OBJECT_ID,
	  offsetof(NSS_P12_CrlBag,bagType) },
	  /* these come in with a tag of 0xA0, context/constructed, 
	   * though I don't know why they are flagged as constructed */
	{ SEC_ASN1_DYNAMIC | SEC_ASN1_CONTEXT_SPECIFIC |
	  SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 0,
	  offsetof(NSS_P12_CrlBag, crlValue),
	  &NSS_P12_CrlBagChooserPtr },
    { 0, }
};

const SecAsn1Template NSS_P12_PtrToCrlBagTemplate[] = {
	{ SEC_ASN1_POINTER, 0, NSS_P12_CrlBagTemplate }
};


/* the stub templates for unimplemented BagTypes */
#define NSS_P12_PtrToKeyBagTemplate				kSecAsn1PointerToAnyTemplate
#define NSS_P12_PtrToSecretBagTemplate			kSecAsn1PointerToAnyTemplate
#define NSS_P12_PtrToSafeContentsBagTemplate	kSecAsn1PointerToAnyTemplate

 
/*
 * SafeBag via SEC_ASN1_DYNAMIC
 */
static const SecAsn1Template * NSS_P12_SafeBagChooser(
	void *arg, 			// --> NSS_P12_SafeBag
	Boolean enc,
	const char *buf,	// on decode, tag byte and len
	size_t len,
	void *dest)			// --> NSS_P12_SafeBag.bagValue
{
	NSS_P12_SafeBag *bag = (NSS_P12_SafeBag *)arg;
	const SecAsn1Template *templ = NULL;
	NSS_P12_SB_Type type = BT_None;
	SecAsn1Oid *oid = &bag->bagId;
	
	if(nssCompareSecAsn1Items(oid, &CSSMOID_PKCS12_keyBag)) {
		templ = NSS_P12_PtrToKeyBagTemplate;
		type = BT_KeyBag;
	}
	else if(nssCompareSecAsn1Items(oid, &CSSMOID_PKCS12_shroudedKeyBag)) {
		templ = NSS_P12_PtrToShroudedKeyBagTemplate;
		type = BT_ShroudedKeyBag;
	}
	else if(nssCompareSecAsn1Items(oid, &CSSMOID_PKCS12_certBag)) {
		templ = NSS_P12_PtrToCertBagTemplate;
		type = BT_CertBag;
	}
	else if(nssCompareSecAsn1Items(oid, &CSSMOID_PKCS12_crlBag)) {
		templ = NSS_P12_PtrToCrlBagTemplate;
		type = BT_CrlBag;
	}
	else if(nssCompareSecAsn1Items(oid, &CSSMOID_PKCS12_secretBag)) {
		templ = NSS_P12_PtrToSecretBagTemplate;
		type = BT_SecretBag;
	}
	else if(nssCompareSecAsn1Items(oid, &CSSMOID_PKCS12_safeContentsBag)) {
		templ = NSS_P12_PtrToSafeContentsBagTemplate;
		type = BT_SafeContentsBag;
	}
	/* add more here when we implement them */
	else {
		templ = kSecAsn1PointerToAnyTemplate;
	}
	if(!enc) {
		bag->type = type;
	}
	return templ;
}

static const SecAsn1TemplateChooserPtr NSS_P12_SafeBagChooserPtr = 
	NSS_P12_SafeBagChooser;

const SecAsn1Template NSS_P12_SafeBagTemplate[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(NSS_P12_SafeBag) },
    { SEC_ASN1_OBJECT_ID,
	  offsetof(NSS_P12_SafeBag,bagId) },
    { SEC_ASN1_DYNAMIC | SEC_ASN1_CONSTRUCTED |
		SEC_ASN1_EXPLICIT | SEC_ASN1_CONTEXT_SPECIFIC | 0,
	  offsetof(NSS_P12_SafeBag,bagValue),
	  &NSS_P12_SafeBagChooserPtr },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_SET_OF,
        offsetof(NSS_P12_SafeBag,bagAttrs),
        kSecAsn1AttributeTemplate },
   { 0 }
};

const SecAsn1Template NSS_P12_SafeContentsTemplate[] = {
	{ SEC_ASN1_SEQUENCE_OF,
	  offsetof(NSS_P12_SafeContents, bags),
	  NSS_P12_SafeBagTemplate,
	  sizeof(NSS_P12_SafeContents) }
};

const SecAsn1Template NSS_P12_PBE_ParamsTemplate[] = {
	{ SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(NSS_P12_PBE_Params) },
    { SEC_ASN1_OCTET_STRING,
	  offsetof(NSS_P12_PBE_Params,salt) },
	/* iterations is unsigned - right? */
	{ SEC_ASN1_INTEGER,
	  offsetof(NSS_P12_PBE_Params,iterations) },
	{ 0 }
};
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2003-2004,2008,2010,2012 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23	/*
	24	* pkcs12Templates.cpp
	25	*/
	26
	27	#include <stddef.h>
	28	#include "pkcs12Templates.h"
	29	#include "nssUtils.h"
	30	#include "SecAsn1Templates.h"
	31	#include "oidsattr.h"
	32
	33	const SecAsn1Template NSS_P12_MacDataTemplate[] = {
	34	{ SEC_ASN1_SEQUENCE,
	35	0, NULL, sizeof(NSS_P12_MacData) },
	36	{ SEC_ASN1_INLINE,
	37	offsetof(NSS_P12_MacData,mac),
	38	NSS_P7_DigestInfoTemplate },
	39	{ SEC_ASN1_OCTET_STRING,
	40	offsetof(NSS_P12_MacData,macSalt) },
	41	/* iterations is unsigned - right? */
	42	{ SEC_ASN1_INTEGER \| SEC_ASN1_OPTIONAL,
	43	offsetof(NSS_P12_MacData,iterations) },
	44	{ 0, }
	45	};
	46
	47	const SecAsn1Template pointerToMacDataTemplate[] = {
	48	{ SEC_ASN1_POINTER, 0, NSS_P12_MacDataTemplate }
	49	};
	50
	51	/* raw PFX with unprocessed authSafe */
	52	const SecAsn1Template NSS_P12_RawPFXTemplate[] = {
	53	{ SEC_ASN1_SEQUENCE,
	54	0, NULL, sizeof(NSS_P12_RawPFX) },
	55	{ SEC_ASN1_INTEGER,
	56	offsetof(NSS_P12_RawPFX,version) },
	57	{ SEC_ASN1_INLINE,
	58	offsetof(NSS_P12_RawPFX, authSafe),
	59	NSS_P7_RawContentInfoTemplate },
	60	{ SEC_ASN1_POINTER \| SEC_ASN1_OPTIONAL,
	61	offsetof(NSS_P12_RawPFX, macData),
	62	NSS_P12_MacDataTemplate },
	63	{ 0, }
	64	};
	65
	66	/* PFX with decoded authSafe */
67	const SecAsn1Template NSS_P12_DecodedPFXTemplate[] = {
68	{ SEC_ASN1_SEQUENCE,
69	0, NULL, sizeof(NSS_P12_DecodedPFX) },
70	{ SEC_ASN1_INTEGER,
71	offsetof(NSS_P12_DecodedPFX,version) },
72	{ SEC_ASN1_INLINE,
73	offsetof(NSS_P12_DecodedPFX, authSafe),
74	NSS_P7_DecodedContentInfoTemplate },
75	{ SEC_ASN1_POINTER \| SEC_ASN1_OPTIONAL,
76	offsetof(NSS_P12_DecodedPFX, macData),
77	NSS_P12_MacDataTemplate },
78	{ 0, }
79	};
80
81	/* AuthenticatedSafe */
82	const SecAsn1Template NSS_P12_AuthenticatedSafeTemplate[] = {
83	{ SEC_ASN1_SEQUENCE_OF,
84	offsetof(NSS_P12_AuthenticatedSafe, info),
85	NSS_P7_DecodedContentInfoTemplate,
86	sizeof(NSS_P12_AuthenticatedSafe) }
87	};
88
89	/*
90	* Individual SafeBag type-specific templates here when we write 'em
91	*/
92	const SecAsn1Template NSS_P12_PtrToShroudedKeyBagTemplate[] = {
93	{ SEC_ASN1_POINTER, 0, kSecAsn1EncryptedPrivateKeyInfoTemplate }
94	};
95
96	/*
97	* CertBag via SEC_ASN1_DYNAMIC
98	*/
99	static const SecAsn1Template * NSS_P12_CertBagChooser(
100	void *arg, // --> NSS_P12_CertBag
101	Boolean enc,
822b670c A	102	const char *buf, // on decode, tag byte and length
822b670c A	103	size_t len,
b1ab9ed8 A	104	void *dest) // --> NSS_P12_CertBag.bagValue
	105	{
	106	NSS_P12_CertBag bag = (NSS_P12_CertBag )arg;
	107	const SecAsn1Template *templ = NULL;
	108	NSS_P12_CertBagType type = CT_Unknown;
	109	SecAsn1Oid *oid = &bag->bagType;
	110
	111	if(nssCompareSecAsn1Items(oid, &CSSMOID_PKCS9_X509Certificate)) {
	112	templ = kSecAsn1OctetStringTemplate;
	113	type = CT_X509;
	114	}
	115	else if(nssCompareSecAsn1Items(oid, &CSSMOID_PKCS9_SdsiCertificate)) {
	116	templ = kSecAsn1IA5StringTemplate;
	117	type = CT_SDSI;
	118	}
	119	else {
	120	/* punt */
	121	templ = kSecAsn1AnyTemplate;
	122	}
	123	if(!enc) {
	124	bag->type = type;
	125	}
	126	return templ;
	127	}
	128
	129	static const SecAsn1TemplateChooserPtr NSS_P12_CertBagChooserPtr =
	130	NSS_P12_CertBagChooser;
	131
	132	const SecAsn1Template NSS_P12_CertBagTemplate[] = {
	133	{ SEC_ASN1_SEQUENCE,
	134	0, NULL, sizeof(NSS_P12_CertBag) },
	135	{ SEC_ASN1_OBJECT_ID,
	136	offsetof(NSS_P12_CertBag,bagType) },
	137	/* these come in with a tag of 0xA0, context/constructed,
	138	* though I don't know why they are flagged as constructed */
	139	{ SEC_ASN1_DYNAMIC \| SEC_ASN1_CONTEXT_SPECIFIC \|
	140	SEC_ASN1_EXPLICIT \| SEC_ASN1_CONSTRUCTED \| 0,
	141	offsetof(NSS_P12_CertBag, certValue),
	142	&NSS_P12_CertBagChooserPtr },
	143	{ 0, }
	144	};
	145
	146	const SecAsn1Template NSS_P12_PtrToCertBagTemplate[] = {
	147	{ SEC_ASN1_POINTER, 0, NSS_P12_CertBagTemplate }
	148	};
	149
	150	/*
	151	* CrlBag via SEC_ASN1_DYNAMIC
	152	*/
	153	static const SecAsn1Template * NSS_P12_CrlBagChooser(
	154	void *arg, // --> NSS_P12_CrlBag
	155	Boolean enc,
822b670c A	156	const char *buf, // on decode, tag byte and length
822b670c A	157	size_t len,
b1ab9ed8 A	158	void *dest) // --> NSS_P12_CertBag.bagValue
	159	{
	160	NSS_P12_CrlBag bag = (NSS_P12_CrlBag )arg;
	161	const SecAsn1Template *templ = NULL;
	162	NSS_P12_CrlBagType type = CRT_Unknown;
	163	SecAsn1Oid *oid = &bag->bagType;
	164
	165	if(nssCompareSecAsn1Items(oid, &CSSMOID_PKCS9_X509Crl)) {
	166	templ = kSecAsn1OctetStringTemplate;
	167	type = CRT_X509;
	168	}
	169	else {
	170	/* punt */
	171	templ = kSecAsn1AnyTemplate;
	172	}
	173	if(!enc) {
	174	bag->type = type;
	175	}
	176	return templ;
	177	}
	178
	179	static const SecAsn1TemplateChooserPtr NSS_P12_CrlBagChooserPtr =
	180	NSS_P12_CrlBagChooser;
	181
	182	const SecAsn1Template NSS_P12_CrlBagTemplate[] = {
	183	{ SEC_ASN1_SEQUENCE,
	184	0, NULL, sizeof(NSS_P12_CrlBag) },
	185	{ SEC_ASN1_OBJECT_ID,
	186	offsetof(NSS_P12_CrlBag,bagType) },
	187	/* these come in with a tag of 0xA0, context/constructed,
	188	* though I don't know why they are flagged as constructed */
	189	{ SEC_ASN1_DYNAMIC \| SEC_ASN1_CONTEXT_SPECIFIC \|
	190	SEC_ASN1_EXPLICIT \| SEC_ASN1_CONSTRUCTED \| 0,
	191	offsetof(NSS_P12_CrlBag, crlValue),
	192	&NSS_P12_CrlBagChooserPtr },
	193	{ 0, }
	194	};
	195
	196	const SecAsn1Template NSS_P12_PtrToCrlBagTemplate[] = {
	197	{ SEC_ASN1_POINTER, 0, NSS_P12_CrlBagTemplate }
	198	};
	199
	200
	201	/* the stub templates for unimplemented BagTypes */
	202	#define NSS_P12_PtrToKeyBagTemplate kSecAsn1PointerToAnyTemplate
	203	#define NSS_P12_PtrToSecretBagTemplate kSecAsn1PointerToAnyTemplate
	204	#define NSS_P12_PtrToSafeContentsBagTemplate kSecAsn1PointerToAnyTemplate
	205
	206
	207	/*
	208	* SafeBag via SEC_ASN1_DYNAMIC
	209	*/
	210	static const SecAsn1Template * NSS_P12_SafeBagChooser(
	211	void *arg, // --> NSS_P12_SafeBag
	212	Boolean enc,
822b670c A	213	const char *buf, // on decode, tag byte and len
822b670c A	214	size_t len,
b1ab9ed8 A	215	void *dest) // --> NSS_P12_SafeBag.bagValue
	216	{
	217	NSS_P12_SafeBag bag = (NSS_P12_SafeBag )arg;
	218	const SecAsn1Template *templ = NULL;
	219	NSS_P12_SB_Type type = BT_None;
	220	SecAsn1Oid *oid = &bag->bagId;
	221
	222	if(nssCompareSecAsn1Items(oid, &CSSMOID_PKCS12_keyBag)) {
	223	templ = NSS_P12_PtrToKeyBagTemplate;
	224	type = BT_KeyBag;
	225	}
	226	else if(nssCompareSecAsn1Items(oid, &CSSMOID_PKCS12_shroudedKeyBag)) {
	227	templ = NSS_P12_PtrToShroudedKeyBagTemplate;
	228	type = BT_ShroudedKeyBag;
	229	}
	230	else if(nssCompareSecAsn1Items(oid, &CSSMOID_PKCS12_certBag)) {
	231	templ = NSS_P12_PtrToCertBagTemplate;
	232	type = BT_CertBag;
	233	}
	234	else if(nssCompareSecAsn1Items(oid, &CSSMOID_PKCS12_crlBag)) {
	235	templ = NSS_P12_PtrToCrlBagTemplate;
	236	type = BT_CrlBag;
	237	}
	238	else if(nssCompareSecAsn1Items(oid, &CSSMOID_PKCS12_secretBag)) {
	239	templ = NSS_P12_PtrToSecretBagTemplate;
	240	type = BT_SecretBag;
	241	}
	242	else if(nssCompareSecAsn1Items(oid, &CSSMOID_PKCS12_safeContentsBag)) {
	243	templ = NSS_P12_PtrToSafeContentsBagTemplate;
	244	type = BT_SafeContentsBag;
	245	}
	246	/* add more here when we implement them */
	247	else {
	248	templ = kSecAsn1PointerToAnyTemplate;
	249	}
	250	if(!enc) {
	251	bag->type = type;
	252	}
	253	return templ;
	254	}
	255
	256	static const SecAsn1TemplateChooserPtr NSS_P12_SafeBagChooserPtr =
	257	NSS_P12_SafeBagChooser;
	258
	259	const SecAsn1Template NSS_P12_SafeBagTemplate[] = {
	260	{ SEC_ASN1_SEQUENCE,
	261	0, NULL, sizeof(NSS_P12_SafeBag) },
	262	{ SEC_ASN1_OBJECT_ID,
	263	offsetof(NSS_P12_SafeBag,bagId) },
	264	{ SEC_ASN1_DYNAMIC \| SEC_ASN1_CONSTRUCTED \|
	265	SEC_ASN1_EXPLICIT \| SEC_ASN1_CONTEXT_SPECIFIC \| 0,
	266	offsetof(NSS_P12_SafeBag,bagValue),
	267	&NSS_P12_SafeBagChooserPtr },
	268	{ SEC_ASN1_OPTIONAL \| SEC_ASN1_SET_OF,
	269	offsetof(NSS_P12_SafeBag,bagAttrs),
	270	kSecAsn1AttributeTemplate },
	271	{ 0 }
	272	};
	273
	274	const SecAsn1Template NSS_P12_SafeContentsTemplate[] = {
	275	{ SEC_ASN1_SEQUENCE_OF,
	276	offsetof(NSS_P12_SafeContents, bags),
	277	NSS_P12_SafeBagTemplate,
	278	sizeof(NSS_P12_SafeContents) }
279	};
280
281	const SecAsn1Template NSS_P12_PBE_ParamsTemplate[] = {
282	{ SEC_ASN1_SEQUENCE,
283	0, NULL, sizeof(NSS_P12_PBE_Params) },
284	{ SEC_ASN1_OCTET_STRING,
285	offsetof(NSS_P12_PBE_Params,salt) },
286	/* iterations is unsigned - right? */
287	{ SEC_ASN1_INTEGER,
288	offsetof(NSS_P12_PBE_Params,iterations) },
289	{ 0 }
290	};
291
292