+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-/*
- * CrlFields.cpp - convert between NSS-based NSS_Crl components and CDSA-style
- * fields. A major component of DecodedCrl.
- *
- * Created 8/29/2002 by Doug Mitchell.
- * Copyright (c) 2002 by Apple Computer.
- */
-
-#include "DecodedCrl.h"
-#include <security_utilities/debugging.h>
-#include "cldebugging.h"
-#include "CLCrlExtensions.h"
-#include "CLCertExtensions.h"
-#include "CLFieldsCommon.h"
-#include "clNssUtils.h"
-#include "clNameUtils.h"
-#include <security_utilities/utilities.h>
-#include <Security/oidscrl.h>
-#include <Security/oidscert.h>
-#include <Security/cssmerr.h>
-#include <Security/x509defs.h>
-
-static void CL_freeCssmExtensions(
- CSSM_X509_EXTENSIONS &extens,
- Allocator &alloc);
-
-/***
- *** Version
- *** Format = DER-encoded int (max of four bytes in this case)
- ***/
-static bool getField_Version (
- DecodedItem &item,
- unsigned index, // which occurrence (0 = first)
- uint32 &numFields, // RETURNED
- CssmOwnedData &fieldValue) // RETURNED
-{
- const DecodedCrl &crl = dynamic_cast<const DecodedCrl &>(item);
- const CSSM_DATA &vers = crl.mCrl.tbs.version;
- if(!tbsGetCheck(vers.Data, index)) {
- /* not present, optional */
- return false;
- }
- fieldValue.copy(vers.Data, vers.Length);
- numFields = 1;
- return true;
-}
-
-static void setField_Version (
- DecodedItem &item,
- const CssmData &fieldValue)
-{
- DecodedCrl &crl = dynamic_cast<DecodedCrl &>(item);
- CSSM_DATA &vers = crl.mCrl.tbs.version;
- tbsSetCheck(vers.Data, fieldValue, 0, "version");
- crl.coder().allocCopyItem(fieldValue, vers);
-}
-
-/*** issuer
- *** Format = CSSM_X509_NAME
- *** class Name from sm_x501if
- ***/
-static bool getField_Issuer (
- DecodedItem &item,
- unsigned index, // which occurrence (0 = first)
- uint32 &numFields, // RETURNED
- CssmOwnedData &fieldValue) // RETURNED
-{
- if(index != 0) {
- return false;
- }
-
- bool brtn;
-
- const DecodedCrl &crl = dynamic_cast<const DecodedCrl &>(item);
- try {
- brtn = getField_RDN_NSS(crl.mCrl.tbs.issuer, fieldValue);
- if(brtn) {
- numFields = 1;
- }
- }
- catch (...) {
- freeField_RDN(fieldValue);
- throw;
- }
- return brtn;
-}
-
-static void setField_Issuer (
- DecodedItem &item,
- const CssmData &fieldValue)
-{
- DecodedCrl &crl = dynamic_cast<DecodedCrl &>(item);
- const CSSM_X509_NAME *cssmName = (const CSSM_X509_NAME *)fieldValue.Data;
- NSS_Name &nssName = crl.mCrl.tbs.issuer;
- tbsSetCheck(nssName.rdns, fieldValue, sizeof(CSSM_X509_NAME),
- "IssuerName");
- CL_cssmNameToNss(*cssmName, nssName, crl.coder());
-}
-
-/***
- *** This/Next update
- *** Format: CSSM_X509_TIME
- ***/
-static bool getField_ThisUpdate (
- DecodedItem &item,
- unsigned index, // which occurrence (0 = first)
- uint32 &numFields, // RETURNED
- CssmOwnedData &fieldValue) // RETURNED
-{
- const DecodedCrl &crl = dynamic_cast<const DecodedCrl &>(item);
- const NSS_Time &srcTime = crl.mCrl.tbs.thisUpdate;
- return getField_TimeNSS(srcTime, index, numFields, fieldValue);
-}
-
-static void setField_ThisUpdate (
- DecodedItem &item,
- const CssmData &fieldValue)
-{
- DecodedCrl &crl = dynamic_cast<DecodedCrl &>(item);
- NSS_Time &dstTime = crl.mCrl.tbs.thisUpdate;
- tbsSetCheck(dstTime.item.Data, fieldValue,
- sizeof(CSSM_X509_TIME), "NotBefore");
- setField_TimeNSS(fieldValue, dstTime, crl.coder());
-}
-
-static bool getField_NextUpdate (
- DecodedItem &item,
- unsigned index, // which occurrence (0 = first)
- uint32 &numFields, // RETURNED
- CssmOwnedData &fieldValue) // RETURNED
-{
- const DecodedCrl &crl = dynamic_cast<const DecodedCrl &>(item);
- const NSS_Time &srcTime = crl.mCrl.tbs.nextUpdate;
- return getField_TimeNSS(srcTime, index, numFields, fieldValue);
-}
-
-static void setField_NextUpdate (
- DecodedItem &item,
- const CssmData &fieldValue)
-{
- DecodedCrl &crl = dynamic_cast<DecodedCrl &>(item);
- NSS_Time &dstTime = crl.mCrl.tbs.nextUpdate;
- tbsSetCheck(dstTime.item.Data, fieldValue,
- sizeof(CSSM_X509_TIME), "NotBefore");
- setField_TimeNSS(fieldValue, dstTime, crl.coder());
-}
-
-/***
- *** Issuer Name (normalized and encoded version)
- *** Format = CSSM_DATA containing the DER encoding of the normalized name
- ***/
-static bool getFieldIssuerNorm(
- DecodedItem &item,
- unsigned index, // which occurrence (0 = first)
- uint32 &numFields, // RETURNED
- CssmOwnedData &fieldValue) // RETURNED
-{
- if(index != 0) {
- return false;
- }
- const DecodedCrl &crl = dynamic_cast<const DecodedCrl &>(item);
- return getField_normRDN_NSS(crl.mCrl.tbs.derIssuer, numFields,
- fieldValue);
-}
-
-/***
- *** TBS AlgId
- *** Format = CSSM_X509_ALGORITHM_IDENTIFIER
- ***/
-static bool getField_CrlTbsAlgId (
- DecodedItem &item,
- unsigned index, // which occurrence (0 = first)
- uint32 &numFields, // RETURNED
- CssmOwnedData &fieldValue) // RETURNED
-{
- const DecodedCrl &crl = dynamic_cast<const DecodedCrl &>(item);
- const CSSM_X509_ALGORITHM_IDENTIFIER &srcAlgId =
- crl.mCrl.signatureAlgorithm;
- if(!tbsGetCheck(srcAlgId.algorithm.Data, index)) {
- return false;
- }
- getField_AlgIdNSS(srcAlgId, fieldValue);
- numFields = 1;
- return true;
-}
-
-/*
- * Support for entries in revocation list
- */
-static void nssRevokedEntryToCssm(
- NSS_RevokedCert &nssEntry,
- CSSM_X509_REVOKED_CERT_ENTRY &cssmEntry,
- Allocator &alloc)
-{
- clAllocCopyData(alloc, nssEntry.userCertificate, cssmEntry.certificateSerialNumber);
- CL_nssTimeToCssm(nssEntry.revocationDate, cssmEntry.revocationDate, alloc);
-
- /* CSSM_X509_EXTENSIONS extensions */
- NSS_CertExtension **nssExtens = nssEntry.extensions;
- if(nssExtens == NULL) {
- /* done */
- return;
- }
-
- /*
- * First we have to decode the NSS-style Extensions into a
- * DecodedExtensions object. For cert- and CRL-wide extensions, this
- * is done at the construction of Decoded{Cert,Crl}. However for
- * per-CRL-entry entensions, this is (currently) the only place
- * this decoding is done.
- */
- SecNssCoder coder;
- DecodedExtensions decodedExtens(coder, alloc);
- decodedExtens.decodeFromNss(nssExtens);
-
- /* convert to CDSA style */
- decodedExtens.convertToCdsa(cssmEntry.extensions, alloc);
-}
-
-static void freeCssmEntry(
- CSSM_X509_REVOKED_CERT_ENTRY_PTR cssmEntry,
- Allocator &alloc)
-{
- if(cssmEntry == NULL) {
- return;
- }
- if(cssmEntry->certificateSerialNumber.Data) {
- alloc.free(cssmEntry->certificateSerialNumber.Data);
- cssmEntry->certificateSerialNumber.Data = NULL;
- cssmEntry->certificateSerialNumber.Length = 0;
- }
- CL_freeCssmTime(&cssmEntry->revocationDate, alloc);
-
- /* CSSM_X509_EXTENSIONS extensions */
- CL_freeCssmExtensions(cssmEntry->extensions, alloc);
-
- memset(cssmEntry, 0, sizeof(CSSM_X509_REVOKED_CERT_ENTRY));
-}
-
-static void nssRevokedListToCssm(
- NSS_RevokedCert **nssList, // may be NULL
- CSSM_X509_REVOKED_CERT_LIST_PTR cssmList,
- Allocator &alloc)
-{
- unsigned numEntries = clNssArraySize((const void **)nssList);
- cssmList->numberOfRevokedCertEntries = numEntries;
- if(numEntries == 0) {
- cssmList->revokedCertEntry = NULL;
- return;
- }
- cssmList->revokedCertEntry = (CSSM_X509_REVOKED_CERT_ENTRY_PTR)alloc.malloc(
- sizeof(CSSM_X509_REVOKED_CERT_ENTRY) * numEntries);
- memset(cssmList->revokedCertEntry, 0,
- sizeof(CSSM_X509_REVOKED_CERT_ENTRY) * numEntries);
- for(unsigned dex=0; dex<numEntries; dex++) {
- NSS_RevokedCert *nssEntry = nssList[dex];
- assert(nssEntry != NULL);
- CSSM_X509_REVOKED_CERT_ENTRY_PTR cssmEntry =
- &cssmList->revokedCertEntry[dex];
- nssRevokedEntryToCssm(*nssEntry, *cssmEntry, alloc);
- }
-}
-
-
-static void freeCssmRevokedList(
- CSSM_X509_REVOKED_CERT_LIST_PTR cssmList,
- Allocator &alloc)
-{
- if(cssmList == NULL) {
- return;
- }
- for(unsigned dex=0; dex<cssmList->numberOfRevokedCertEntries; dex++) {
- CSSM_X509_REVOKED_CERT_ENTRY_PTR cssmEntry =
- &cssmList->revokedCertEntry[dex];
- freeCssmEntry(cssmEntry, alloc);
- }
- if(cssmList->revokedCertEntry) {
- alloc.free(cssmList->revokedCertEntry);
- }
- memset(cssmList, 0, sizeof(CSSM_X509_REVOKED_CERT_LIST));
-}
-
-/***
- *** SignedCRL
- *** Format: CSSM_X509_SIGNED_CRL (the whole enchilada, parsed)
- ***/
-static bool getField_SignedCrl (
- DecodedItem &item,
- unsigned index, // which occurrence (0 = first)
- uint32 &numFields, // RETURNED
- CssmOwnedData &fieldValue) // RETURNED
-{
- Allocator &alloc = fieldValue.allocator;
-
- const DecodedCrl &nssCrl = dynamic_cast<const DecodedCrl &>(item);
- const NSS_TBSCrl &nssTbs = nssCrl.mCrl.tbs;
- fieldValue.malloc(sizeof(CSSM_X509_SIGNED_CRL));
- CSSM_X509_SIGNED_CRL &cssmCrl = *((CSSM_X509_SIGNED_CRL *)fieldValue.data());
-
- memset(&cssmCrl, 0, sizeof(CSSM_X509_SIGNED_CRL));
- CSSM_X509_TBS_CERTLIST &cssmTbs = cssmCrl.tbsCertList;
-
- /* version */
- clAllocCopyData(alloc, nssTbs.version, cssmTbs.version);
-
- /* CSSM_X509_ALGORITHM_IDENTIFIER signature - in TBS and CRL */
- CL_copyAlgId(nssTbs.signature, cssmTbs.signature, alloc);
- CL_copyAlgId(nssCrl.mCrl.signatureAlgorithm,
- cssmCrl.signature.algorithmIdentifier, alloc);
-
- /* CSSM_X509_NAME issuer */
- CL_nssNameToCssm(nssTbs.issuer, cssmTbs.issuer, alloc);
-
- /* CSSM_X509_TIME thisUpdate, nextUpdate */
- CL_nssTimeToCssm(nssTbs.thisUpdate, cssmTbs.thisUpdate, alloc);
- CL_nssTimeToCssm(nssTbs.nextUpdate, cssmTbs.nextUpdate, alloc);
-
- /* CSSM_X509_REVOKED_CERT_LIST_PTR revokedCertificates */
- if(nssTbs.revokedCerts != NULL) {
- cssmTbs.revokedCertificates = (CSSM_X509_REVOKED_CERT_LIST_PTR)
- alloc.malloc(sizeof(CSSM_X509_REVOKED_CERT_LIST));
- memset(cssmTbs.revokedCertificates, 0, sizeof(CSSM_X509_REVOKED_CERT_LIST));
- nssRevokedListToCssm(nssTbs.revokedCerts,
- cssmTbs.revokedCertificates, alloc);
- }
-
- /* CSSM_X509_EXTENSIONS extensions */
- const DecodedExtensions &decodedExtens = nssCrl.decodedExtens();
- decodedExtens.convertToCdsa(cssmTbs.extensions, alloc);
-
- /* raw signature - stored in bits - note signature.algId set above */
- CSSM_DATA nssSig = nssCrl.mCrl.signature;
- nssSig.Length = (nssSig.Length + 7) / 8;
- clAllocCopyData(alloc, nssSig, cssmCrl.signature.encrypted);
- numFields = 1;
- return true;
-}
-
-static void setField_SignedCrl (
- DecodedItem &item,
- const CssmData &fieldValue)
-{
- /* TBD - writing CRLs not supported now */
- CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
-}
-
-static void freeField_SignedCrl (
- CssmOwnedData &fieldValue)
-{
- CSSM_X509_SIGNED_CRL *cssmCrl =
- (CSSM_X509_SIGNED_CRL *)fieldValue.data();
-
- if(cssmCrl == NULL) {
- return;
- }
- if(fieldValue.length() != sizeof(CSSM_X509_SIGNED_CRL)) {
- CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER);
- }
- Allocator &alloc = fieldValue.allocator;
- CSSM_X509_TBS_CERTLIST_PTR cssmTbs = &cssmCrl->tbsCertList;
- if(cssmTbs == NULL) {
- CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER);
- }
-
- /* run down the fields */
- if(cssmTbs->version.Data) {
- alloc.free(cssmTbs->version.Data);
- }
-
- /* CSSM_X509_ALGORITHM_IDENTIFIER signature - in TBS and CRL */
- CL_freeCssmAlgId(&cssmTbs->signature, alloc);
- CL_freeCssmAlgId(&cssmCrl->signature.algorithmIdentifier, alloc);
-
- /* issuer, thisUpdate, nextUpdate */
- CL_freeX509Name(&cssmTbs->issuer, alloc);
- CL_freeCssmTime(&cssmTbs->thisUpdate, alloc);
- CL_freeCssmTime(&cssmTbs->nextUpdate, alloc);
-
- /* CSSM_X509_REVOKED_CERT_LIST_PTR revokedCertificates */
- freeCssmRevokedList(cssmTbs->revokedCertificates, alloc);
- alloc.free(cssmTbs->revokedCertificates);
-
- /* CSSM_X509_EXTENSIONS extensions */
- CL_freeCssmExtensions(cssmTbs->extensions, alloc);
-
- /* raw signature - note signature.algId freed above */
- alloc.free(cssmCrl->signature.encrypted.Data);
-
- memset(cssmCrl, 0, sizeof(CSSM_X509_SIGNED_CRL));
-}
-
-/*
- * Table to map OID to {get,set,free}field
- */
-typedef struct {
- const CSSM_OID *fieldId;
- getItemFieldFcn *getFcn;
- setItemFieldFcn *setFcn;
- freeFieldFcn *freeFcn; // OPTIONAL - NULL means just free the
- // top-level data
-} oidToFieldFuncs;
-
-
-static const oidToFieldFuncs crlFieldTable[] = {
- /* this first one, which returns everything in a parsed format,
- * is intended to be normally the only field used */
- { &CSSMOID_X509V2CRLSignedCrlCStruct,
- &getField_SignedCrl, &setField_SignedCrl, &freeField_SignedCrl },
- { &CSSMOID_X509V2CRLVersion,
- &getField_Version, &setField_Version, NULL },
- { &CSSMOID_X509V1CRLIssuerNameCStruct,
- &getField_Issuer, &setField_Issuer, &freeField_RDN },
- { &CSSMOID_X509V1CRLThisUpdate,
- &getField_ThisUpdate, &setField_ThisUpdate, &freeField_Time },
- { &CSSMOID_X509V1CRLNextUpdate,
- &getField_NextUpdate, &setField_NextUpdate, &freeField_Time },
- { &CSSMOID_X509V1IssuerName,
- getFieldIssuerNorm, &setField_ReadOnly, NULL },
- { &CSSMOID_X509V1SignatureAlgorithmTBS,
- &getField_CrlTbsAlgId, &setField_ReadOnly, &freeField_AlgId },
- // ...etc..
- /*
- * Extensions, implemented in CrlExtensions.cpp
- * When adding new ones, also add to:
- * -- clOidToNssInfo() in CLFieldsCommon.cpp
- * -- get/set/free functions in CrlExtensions.{cpp,h}
- * -- DecodedExten::parse in DecodedExtensions.cpp
- */
- { &CSSMOID_CrlNumber,
- &getFieldCrlNumber, &setFieldCrlNumber, freeFieldSimpleExtension },
- { &CSSMOID_DeltaCrlIndicator,
- &getFieldDeltaCrl, &setFieldCrlNumber, freeFieldSimpleExtension },
- { &CSSMOID_CertIssuer, // get/set not implemented
- &getField_Unimplemented, &setField_ReadOnly,
- &freeFieldSubjIssuerAltName},
- { &CSSMOID_CrlReason, // get/set not implemented
- &getField_Unimplemented, &setField_ReadOnly,
- freeFieldSimpleExtension},
- { &CSSMOID_IssuingDistributionPoint, // get/set not implemented
- &getField_Unimplemented, &setField_ReadOnly,
- &freeFieldIssuingDistPoint},
- { &CSSMOID_HoldInstructionCode, // get/set not implemented
- &getField_Unimplemented, &setField_ReadOnly,
- &freeFieldOidOrData},
- { &CSSMOID_InvalidityDate, // get/set not implemented
- &getField_Unimplemented, &setField_ReadOnly,
- &freeFieldOidOrData},
-
- /* in common with CertExtensions */
- { &CSSMOID_AuthorityKeyIdentifier, &getFieldAuthorityKeyId,
- &setFieldAuthorityKeyId, &freeFieldAuthorityKeyId } ,
- { &CSSMOID_X509V3CertificateExtensionCStruct, &getFieldUnknownExt,
- &setFieldUnknownExt, &freeFieldUnknownExt },
- { &CSSMOID_SubjectAltName, &getFieldSubjAltName,
- &setFieldSubjIssuerAltName, &freeFieldSubjIssuerAltName } ,
- { &CSSMOID_IssuerAltName, &getFieldIssuerAltName,
- &setFieldSubjIssuerAltName, &freeFieldSubjIssuerAltName } ,
-
- { &CSSMOID_CrlDistributionPoints, // get/set not implemented
- &getField_Unimplemented, &setField_ReadOnly,
- &freeFieldCrlDistributionPoints},
- // etc..
-};
-
-#define NUM_KNOWN_FIELDS (sizeof(crlFieldTable) / sizeof(oidToFieldFuncs))
-#define NUM_STD_CRL_FIELDS 2 /* TBD not including extensions */
-
-/* map an OID to an oidToFieldFuncs */
-static const oidToFieldFuncs *oidToFields(
- const CssmOid &fieldId)
-{
- const oidToFieldFuncs *fieldTable = crlFieldTable;
- for(unsigned i=0; i<NUM_KNOWN_FIELDS; i++) {
- if(fieldId == CssmData::overlay(*fieldTable->fieldId)) {
- return fieldTable;
- }
- fieldTable++;
- }
- CssmError::throwMe(CSSMERR_CL_UNKNOWN_TAG);
-}
-
-/*
- * Common routine to free OID-specific field data. Used in the
- * public DecodedCrl::freeCrlFieldData and when freeing
- * extensions in a CSSM_X509_TBS_CERTLIST.
- */
-static void CL_freeCrlFieldData(
- const CssmOid &fieldId,
- CssmOwnedData &fieldValue,
- bool reset = true)
-{
- if((fieldValue.data() == NULL) || (fieldValue.length() == 0)) {
- CssmError::throwMe(CSSM_ERRCODE_INVALID_FIELD_POINTER);
- }
- const oidToFieldFuncs *fieldFuncs = oidToFields(fieldId);
- if(fieldFuncs->freeFcn != NULL) {
- /* optional - simple cases handled below */
- fieldFuncs->freeFcn(fieldValue);
- }
- if(reset) {
- fieldValue.reset();
- fieldValue.release();
- }
-}
-
-/*
- * Common routime to free a CSSM_X509_EXTENSIONS. Used to free
- * CSSM_X509_TBS_CERTLIST.extensions and
- * CSSM_X509_REVOKED_CERT_ENTRY.extensions.
- * We just cook up a CssmOid and a CssmOwnedData for each extension
- * and pass to CL_freeCrlFieldData().
- */
-static void CL_freeCssmExtensions(
- CSSM_X509_EXTENSIONS &extens,
- Allocator &alloc)
-{
- for(uint32 dex=0; dex<extens.numberOfExtensions; dex++) {
- CSSM_X509_EXTENSION_PTR exten = &extens.extensions[dex];
- const CSSM_OID *fieldOid;
-
- /*
- * The field OID is either the same as the extension's OID (if we parsed
- * it) or CSSMOID_X509V3CertificateExtensionCStruct (if we didn't).
- */
- switch(exten->format) {
- case CSSM_X509_DATAFORMAT_ENCODED:
- fieldOid = &CSSMOID_X509V3CertificateExtensionCStruct;
- break;
- case CSSM_X509_DATAFORMAT_PARSED:
- case CSSM_X509_DATAFORMAT_PAIR:
- fieldOid = &exten->extnId;
- break;
- default:
- clErrorLog("CL_freeCssmExtensions: bad exten->format (%d)",
- (int)exten->format);
- CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER);
- }
-
- const CssmOid &fieldId = CssmOid::overlay(*fieldOid);
-
- if (exten->extnId.Data != NULL) // if this is null, something threw when it was instantiated
- {
- CssmData cData((uint8 *)exten, sizeof(CSSM_X509_EXTENSION));
- CssmRemoteData fieldValue(alloc, cData);
- CL_freeCrlFieldData(fieldId, fieldValue, false);
- fieldValue.release(); // but no free (via reset() */
- }
- }
- alloc.free(extens.extensions);
- memset(&extens, 0, sizeof(CSSM_X509_EXTENSIONS));
-}
-
-
-
-/***
- *** Public functions
- ***/
-
-/*
- * Obtain the index'th occurrence of field specified by fieldId in specified cert.
- * Format of the returned field depends on fieldId.
- * Returns total number of fieldId fields in the cert if index is 0.
- * FieldValue assumed to be empty on entry.
- * Returns true if specified field was found, else returns false.
- */
-bool DecodedCrl::getCrlFieldData(
- const CssmOid &fieldId, // which field
- unsigned index, // which occurrence (0 = first)
- uint32 &numFields, // RETURNED
- CssmOwnedData &fieldValue) // RETURNED
-{
- switch(mState) {
- case IS_Empty:
- case IS_Building:
- clErrorLog("DecodedCrl::getCrlField: can't parse undecoded CRL!");
- CssmError::throwMe(CSSMERR_CL_INTERNAL_ERROR);
- case IS_DecodedAll:
- case IS_DecodedTBS:
- break;
- }
- const oidToFieldFuncs *fieldFuncs = oidToFields(fieldId);
- return fieldFuncs->getFcn(*this, index, numFields, fieldValue);
-}
-
-/*
- * Set the field specified by fieldId in the specified Cert.
- * Note no index - individual field routines either append (for extensions)
- * or if field already set ::throwMe(for all others)
- */
-void DecodedCrl::setCrlField(
- const CssmOid &fieldId, // which field
- const CssmData &fieldValue)
-{
- switch(mState) {
- case IS_Empty: // first time thru
- mState = IS_Building;
- break;
- case IS_Building: // subsequent passes
- break;
- case IS_DecodedAll:
- case IS_DecodedTBS:
- clErrorLog("DecodedCrl::setCrlField: can't build on a decoded CRL!");
- CssmError::throwMe(CSSMERR_CL_INTERNAL_ERROR);
- }
- if((fieldValue.data() == NULL) || (fieldValue.length() == 0)) {
- CssmError::throwMe(CSSMERR_CL_INVALID_FIELD_POINTER);
- }
- const oidToFieldFuncs *fieldFuncs = oidToFields(fieldId);
- const CssmData &value = CssmData::overlay(fieldValue);
- fieldFuncs->setFcn(*this, value);
-}
-
-/*
- * Free the fieldId-specific data referred to by fieldValue->Data.
- * No state from DecodedCrl needed; use the routine shared with
- * CL_freeCssmExtensions().
- */
-void DecodedCrl::freeCrlFieldData(
- const CssmOid &fieldId,
- CssmOwnedData &fieldValue)
-{
- CL_freeCrlFieldData(fieldId, fieldValue);
-}
-
-
-/*
- * Common means to get all fields from a decoded CRL. Used in
- * CrlGetAllTemplateFields and CrlGetAllFields.
- */
-void DecodedCrl::getAllParsedCrlFields(
- uint32 &NumberOfFields, // RETURNED
- CSSM_FIELD_PTR &CrlFields) // RETURNED
-{
- /* this is the max - some might be missing */
- uint32 maxFields = NUM_STD_CRL_FIELDS + mDecodedExtensions.numExtensions();
- CSSM_FIELD_PTR outFields = (CSSM_FIELD_PTR)mAlloc.malloc(
- maxFields * sizeof(CSSM_FIELD));
-
- /*
- * We'll be copying oids and values for fields we find into
- * outFields; current number of valid fields found in numOutFields.
- */
- memset(outFields, 0, maxFields * sizeof(CSSM_FIELD));
- uint32 numOutFields = 0;
- CSSM_FIELD_PTR currOutField;
- uint32 currOidDex;
- const CSSM_OID *currOid;
- CssmAutoData aData(mAlloc); // for malloc/copy of outgoing data
-
- /* query for each OID we know about */
- for(currOidDex=0; currOidDex<NUM_KNOWN_FIELDS; currOidDex++) {
- const oidToFieldFuncs *fieldFuncs = &crlFieldTable[currOidDex];
- currOid = fieldFuncs->fieldId;
- uint32 numFields; // for THIS oid
-
- /*
- * Return false if field not there, which is not an error here.
- * Actual exceptions are fatal.
- */
- if(!fieldFuncs->getFcn(*this,
- 0, // index - looking for first one
- numFields,
- aData)) {
- continue;
- }
-
- /* got some data for this oid - copy it and oid to outgoing CrlFields */
- assert(numOutFields < maxFields);
- currOutField = &outFields[numOutFields];
- currOutField->FieldValue = aData.release();
- aData.copy(*currOid);
- currOutField->FieldOid = aData.release();
- numOutFields++;
-
- /* if more fields are available for this OID, snag them too */
- for(uint32 fieldDex=1; fieldDex<numFields; fieldDex++) {
- /* note this should always succeed */
- bool brtn = fieldFuncs->getFcn(*this,
- fieldDex,
- numFields, // shouldn't change
- aData);
- if(!brtn) {
- clErrorLog("getAllParsedCrlFields: index screwup");
- CssmError::throwMe(CSSMERR_CL_INTERNAL_ERROR);
- }
- assert(numOutFields < maxFields);
- currOutField = &outFields[numOutFields];
- currOutField->FieldValue = aData.release();
- aData.copy(*currOid);
- currOutField->FieldOid = aData.release();
- numOutFields++;
- } /* multiple fields for currOid */
- } /* for each known OID */
-
- NumberOfFields = numOutFields;
- CrlFields = outFields;
-}
-
-void
-DecodedCrl::describeFormat(
- Allocator &alloc,
- uint32 &NumberOfFields,
- CSSM_OID_PTR &OidList)
-{
- /* malloc in app's space, do deep copy (including ->Data) */
- CSSM_OID_PTR oidList = (CSSM_OID_PTR)alloc.malloc(
- NUM_KNOWN_FIELDS * sizeof(CSSM_OID));
- memset(oidList, 0, NUM_KNOWN_FIELDS * sizeof(CSSM_OID));
- for(unsigned i=0; i<NUM_KNOWN_FIELDS; i++) {
- CssmAutoData oidCopy(alloc, *crlFieldTable[i].fieldId);
- oidList[i] = oidCopy.release();
- }
- NumberOfFields = NUM_KNOWN_FIELDS;
- OidList = oidList;
-}
projects / apple / security.git / blobdiff