]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_apple_x509_cl/lib/DecodedCrl.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59306.101.1.tar.gz
[apple/security.git] / OSX / libsecurity_apple_x509_cl / lib / DecodedCrl.cpp
1 /*
2 * Copyright (c) 2002,2011,2014 Apple Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 * DecodedCrl.cpp - object representing a decoded CRL, in NSS format,
21 * with extensions parsed and decoded (still in NSS format).
22 *
23 */
24
25 #include "DecodedCrl.h"
26 #include "cldebugging.h"
27 #include "AppleX509CLSession.h"
28 #include "CSPAttacher.h"
29 #include <Security/cssmapple.h>
30
31 DecodedCrl::DecodedCrl(
32 AppleX509CLSession &session)
33 : DecodedItem(session)
34 {
35 memset(&mCrl, 0, sizeof(mCrl));
36 }
37
38 /* one-shot constructor, decoding from DER-encoded data */
39 DecodedCrl::DecodedCrl(
40 AppleX509CLSession &session,
41 const CssmData &encodedCrl)
42 : DecodedItem(session)
43 {
44 memset(&mCrl, 0, sizeof(mCrl));
45 PRErrorCode prtn = mCoder.decode(encodedCrl.data(), encodedCrl.length(),
46 kSecAsn1SignedCrlTemplate, &mCrl);
47 if(prtn) {
48 CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
49 }
50 mDecodedExtensions.decodeFromNss(mCrl.tbs.extensions);
51 mState = IS_DecodedAll;
52 }
53
54 DecodedCrl::~DecodedCrl()
55 {
56 }
57
58 /* decode mCrl.tbs and its extensions */
59 void DecodedCrl::decodeCts(
60 const CssmData &encodedCts)
61 {
62 assert(mState == IS_Empty);
63 memset(&mCrl, 0, sizeof(mCrl));
64 PRErrorCode prtn = mCoder.decode(encodedCts.data(), encodedCts.length(),
65 kSecAsn1TBSCrlTemplate, &mCrl.tbs);
66 if(prtn) {
67 CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
68 }
69 mDecodedExtensions.decodeFromNss(mCrl.tbs.extensions);
70 mState = IS_DecodedTBS;
71 }
72
73 void DecodedCrl::encodeExtensions()
74 {
75 NSS_TBSCrl &tbs = mCrl.tbs;
76 assert(mState == IS_Building);
77 assert(tbs.extensions == NULL);
78
79 if(mDecodedExtensions.numExtensions() == 0) {
80 /* no extensions, no error */
81 return;
82 }
83 mDecodedExtensions.encodeToNss(tbs.extensions);
84 }
85
86 /*
87 * FIXME : how to determine max encoding size at run time!?
88 */
89 #define MAX_TEMPLATE_SIZE (16 * 1024)
90
91 /* encode TBS component; only called from CrlCreateTemplate */
92 void DecodedCrl::encodeCts(
93 CssmOwnedData &encodedCts)
94 {
95 encodeExtensions();
96 assert(mState == IS_Building);
97
98 /* enforce required fields - could go deeper, maybe we should */
99 NSS_TBSCrl &tbs = mCrl.tbs;
100 if((tbs.signature.algorithm.Data == NULL) ||
101 (tbs.issuer.rdns == NULL)) {
102 clErrorLog("DecodedCrl::encodeTbs: incomplete TBS");
103 /* an odd, undocumented error return */
104 CssmError::throwMe(CSSMERR_CL_NO_FIELD_VALUES);
105 }
106
107 PRErrorCode prtn;
108 prtn = SecNssEncodeItemOdata(&tbs, kSecAsn1TBSCrlTemplate,
109 encodedCts);
110 if(prtn) {
111 CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR);
112 }
113 }
114
mirror of Security