X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/Security/libsecurity_apple_x509_cl/lib/DecodedCrl.cpp?ds=sidebyside diff --git a/Security/libsecurity_apple_x509_cl/lib/DecodedCrl.cpp b/Security/libsecurity_apple_x509_cl/lib/DecodedCrl.cpp new file mode 100644 index 00000000..1613ef44 --- /dev/null +++ b/Security/libsecurity_apple_x509_cl/lib/DecodedCrl.cpp @@ -0,0 +1,114 @@ +/* + * Copyright (c) 2002,2011,2014 Apple Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +/* + * DecodedCrl.cpp - object representing a decoded CRL, in NSS format, + * with extensions parsed and decoded (still in NSS format). + * + */ + +#include "DecodedCrl.h" +#include "cldebugging.h" +#include "AppleX509CLSession.h" +#include "CSPAttacher.h" +#include + +DecodedCrl::DecodedCrl( + AppleX509CLSession &session) + : DecodedItem(session) +{ + memset(&mCrl, 0, sizeof(mCrl)); +} + +/* one-shot constructor, decoding from DER-encoded data */ +DecodedCrl::DecodedCrl( + AppleX509CLSession &session, + const CssmData &encodedCrl) + : DecodedItem(session) +{ + memset(&mCrl, 0, sizeof(mCrl)); + PRErrorCode prtn = mCoder.decode(encodedCrl.data(), encodedCrl.length(), + kSecAsn1SignedCrlTemplate, &mCrl); + if(prtn) { + CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); + } + mDecodedExtensions.decodeFromNss(mCrl.tbs.extensions); + mState = IS_DecodedAll; +} + +DecodedCrl::~DecodedCrl() +{ +} + +/* decode mCrl.tbs and its extensions */ +void DecodedCrl::decodeCts( + const CssmData &encodedCts) +{ + assert(mState == IS_Empty); + memset(&mCrl, 0, sizeof(mCrl)); + PRErrorCode prtn = mCoder.decode(encodedCts.data(), encodedCts.length(), + kSecAsn1TBSCrlTemplate, &mCrl.tbs); + if(prtn) { + CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT); + } + mDecodedExtensions.decodeFromNss(mCrl.tbs.extensions); + mState = IS_DecodedTBS; +} + +void DecodedCrl::encodeExtensions() +{ + NSS_TBSCrl &tbs = mCrl.tbs; + assert(mState == IS_Building); + assert(tbs.extensions == NULL); + + if(mDecodedExtensions.numExtensions() == 0) { + /* no extensions, no error */ + return; + } + mDecodedExtensions.encodeToNss(tbs.extensions); +} + +/* + * FIXME : how to determine max encoding size at run time!? + */ +#define MAX_TEMPLATE_SIZE (16 * 1024) + +/* encode TBS component; only called from CrlCreateTemplate */ +void DecodedCrl::encodeCts( + CssmOwnedData &encodedCts) +{ + encodeExtensions(); + assert(mState == IS_Building); + + /* enforce required fields - could go deeper, maybe we should */ + NSS_TBSCrl &tbs = mCrl.tbs; + if((tbs.signature.algorithm.Data == NULL) || + (tbs.issuer.rdns == NULL)) { + clErrorLog("DecodedCrl::encodeTbs: incomplete TBS"); + /* an odd, undocumented error return */ + CssmError::throwMe(CSSMERR_CL_NO_FIELD_VALUES); + } + + PRErrorCode prtn; + prtn = SecNssEncodeItemOdata(&tbs, kSecAsn1TBSCrlTemplate, + encodedCts); + if(prtn) { + CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR); + } +} +