+++ /dev/null
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "cmslocal.h"
-
-#include "cert.h"
-#include "secitem.h"
-#include "secoid.h"
-
-#include <security_asn1/secasn1.h>
-#include <security_asn1/secerr.h>
-#include <Security/SecIdentity.h>
-
-static int
-nss_cms_recipients_traverse(SecCmsRecipientInfoRef *recipientinfos, SecCmsRecipient **recipient_list)
-{
- int count = 0;
- int rlindex = 0;
- int i, j;
- SecCmsRecipient *rle;
- SecCmsRecipientInfoRef ri;
- SecCmsRecipientEncryptedKey *rek;
-
- for (i = 0; recipientinfos[i] != NULL; i++) {
- ri = recipientinfos[i];
- switch (ri->recipientInfoType) {
- case SecCmsRecipientInfoIDKeyTrans:
- if (recipient_list) {
- /* alloc one & fill it out */
- rle = (SecCmsRecipient *)PORT_ZAlloc(sizeof(SecCmsRecipient));
- if (rle == NULL)
- return -1;
-
- rle->riIndex = i;
- rle->subIndex = -1;
- switch (ri->ri.keyTransRecipientInfo.recipientIdentifier.identifierType) {
- case SecCmsRecipientIDIssuerSN:
- rle->kind = RLIssuerSN;
- rle->id.issuerAndSN = ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN;
- break;
- case SecCmsRecipientIDSubjectKeyID:
- rle->kind = RLSubjKeyID;
- rle->id.subjectKeyID = ri->ri.keyTransRecipientInfo.recipientIdentifier.id.subjectKeyID;
- break;
- }
- recipient_list[rlindex++] = rle;
- } else {
- count++;
- }
- break;
- case SecCmsRecipientInfoIDKeyAgree:
- if (ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys == NULL)
- break;
- for (j=0; ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[j] != NULL; j++) {
- if (recipient_list) {
- rek = ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[j];
- /* alloc one & fill it out */
- rle = (SecCmsRecipient *)PORT_ZAlloc(sizeof(SecCmsRecipient));
- if (rle == NULL)
- return -1;
-
- rle->riIndex = i;
- rle->subIndex = j;
- switch (rek->recipientIdentifier.identifierType) {
- case SecCmsKeyAgreeRecipientIDIssuerSN:
- rle->kind = RLIssuerSN;
- rle->id.issuerAndSN = rek->recipientIdentifier.id.issuerAndSN;
- break;
- case SecCmsKeyAgreeRecipientIDRKeyID:
- rle->kind = RLSubjKeyID;
- rle->id.subjectKeyID = rek->recipientIdentifier.id.recipientKeyIdentifier.subjectKeyIdentifier;
- break;
- }
- recipient_list[rlindex++] = rle;
- } else {
- count++;
- }
- }
- break;
- case SecCmsRecipientInfoIDKEK:
- /* KEK is not implemented */
- break;
- }
- }
- /* if we have a recipient list, we return on success (-1, above, on failure) */
- /* otherwise, we return the count. */
- if (recipient_list) {
- recipient_list[rlindex] = NULL;
- return 0;
- } else {
- return count;
- }
-}
-
-SecCmsRecipient **
-nss_cms_recipient_list_create(SecCmsRecipientInfoRef *recipientinfos)
-{
- int count, rv;
- SecCmsRecipient **recipient_list;
-
- /* count the number of recipient identifiers */
- count = nss_cms_recipients_traverse(recipientinfos, NULL);
- if (count <= 0 || count>=(int)((INT_MAX/sizeof(SecCmsRecipient *))-1)) {
- /* no recipients? or risk of underallocation 20130783 */
- PORT_SetError(SEC_ERROR_BAD_DATA);
-#if 0
- PORT_SetErrorString("Cannot find recipient data in envelope.");
-#endif
- return NULL;
- }
-
- /* allocate an array of pointers */
- recipient_list = (SecCmsRecipient **)
- PORT_ZAlloc((count + 1) * sizeof(SecCmsRecipient *));
- if (recipient_list == NULL)
- return NULL;
-
- /* now fill in the recipient_list */
- rv = nss_cms_recipients_traverse(recipientinfos, recipient_list);
- if (rv < 0) {
- nss_cms_recipient_list_destroy(recipient_list);
- return NULL;
- }
- return recipient_list;
-}
-
-void
-nss_cms_recipient_list_destroy(SecCmsRecipient **recipient_list)
-{
- int i;
- SecCmsRecipient *recipient;
-
- for (i=0; recipient_list[i] != NULL; i++) {
- recipient = recipient_list[i];
- if (recipient->cert)
- CFRelease(recipient->cert);
- if (recipient->privkey)
- CFRelease(recipient->privkey);
-#if 0
- // @@@ Eliminate slot stuff.
- if (recipient->slot)
- PK11_FreeSlot(recipient->slot);
-#endif
- PORT_Free(recipient);
- }
- PORT_Free(recipient_list);
-}
-
-SecCmsRecipientEncryptedKey *
-SecCmsRecipientEncryptedKeyCreate(PLArenaPool *poolp)
-{
- return (SecCmsRecipientEncryptedKey *)PORT_ArenaZAlloc(poolp, sizeof(SecCmsRecipientEncryptedKey));
-}
-
-
-int
-nss_cms_FindCertAndKeyByRecipientList(SecCmsRecipient **recipient_list, void *wincx)
-{
- SecCmsRecipient *recipient = NULL;
- SecCertificateRef cert = NULL;
- SecPrivateKeyRef privKey = NULL;
- SecIdentityRef identity = NULL;
- CFTypeRef keychainOrArray = NULL; // @@@ The caller should be able to pass this in somehow.
- int index;
-
- for (index = 0; recipient_list[index] != NULL; ++index)
- {
- recipient = recipient_list[index];
-
- switch (recipient->kind)
- {
- case RLIssuerSN:
- identity = CERT_FindIdentityByIssuerAndSN(keychainOrArray, recipient->id.issuerAndSN);
- break;
- case RLSubjKeyID:
- identity = CERT_FindIdentityBySubjectKeyID(keychainOrArray, recipient->id.subjectKeyID);
- break;
- }
-
- if (identity)
- break;
- }
-
- if (!recipient)
- goto loser;
-
- if (SecIdentityCopyCertificate(identity, &cert))
- goto loser;
- if (SecIdentityCopyPrivateKey(identity, &privKey))
- goto loser;
- CFRelease(identity);
-
- recipient->cert = cert;
- recipient->privkey = privKey;
-
- return index;
-
-loser:
- if (identity)
- CFRelease(identity);
- if (cert)
- CFRelease(cert);
- if (privKey)
- CFRelease(privKey);
-
- return -1;
-}
projects / apple / security.git / blobdiff