CLCertExtensions.cpp [plain text]
#include "DecodedCert.h"
#include "cldebugging.h"
#include "CLCertExtensions.h"
#include "CLFieldsCommon.h"
#include "clNssUtils.h"
#include "clNameUtils.h"
#include <security_utilities/utilities.h>
#include <Security/oidscert.h>
#include <Security/oidsattr.h>
#include <Security/cssmerr.h>
#include <Security/x509defs.h>
#include <Security/certextensions.h>
#include <security_utilities/globalizer.h>
#include <Security/certExtensionTemplates.h>
#include <Security/SecAsn1Templates.h>
void setFieldKeyUsage(
DecodedItem &cert,
const CssmData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue,
false);
CE_KeyUsage *cdsaObj = (CE_KeyUsage *)cssmExt->value.parsedValue;
SecNssCoder &coder = cert.coder();
CSSM_DATA *nssObj = (CSSM_DATA *)coder.malloc(sizeof(CSSM_DATA));
coder.allocItem(*nssObj, 2);
nssObj->Data[0] = (*cdsaObj) >> 8;
nssObj->Data[1] = *cdsaObj;
clCssmBitStringToNss(*nssObj);
cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false,
kSecAsn1KeyUsageTemplate);
}
bool getFieldKeyUsage(
DecodedItem &cert,
unsigned index, uint32 &numFields, CssmOwnedData &fieldValue)
{
const DecodedExten *decodedExt;
CSSM_DATA *nssObj;
CE_KeyUsage *cdsaObj;
bool brtn;
brtn = cert.GetExtenTop<CSSM_DATA, CE_KeyUsage>(
index,
numFields,
fieldValue.allocator,
CSSMOID_KeyUsage,
nssObj,
cdsaObj,
decodedExt);
if(!brtn) {
return false;
}
CSSM_DATA bitString = *nssObj;
clNssBitStringToCssm(bitString);
size_t toCopy = bitString.Length;
if(toCopy > 2) {
clErrorLog("getFieldKeyUsage: KeyUsage larger than 2 bytes!");
toCopy = 2;
}
unsigned char bits[2] = {0, 0};
memmove(bits, bitString.Data, toCopy);
*cdsaObj = (((unsigned)bits[0]) << 8) | bits[1];
getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue);
return true;
}
void setFieldBasicConstraints(
DecodedItem &cert,
const CssmData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt =
verifySetFreeExtension(fieldValue, false);
CE_BasicConstraints *cdsaObj =
(CE_BasicConstraints *)cssmExt->value.parsedValue;
SecNssCoder &coder = cert.coder();
NSS_BasicConstraints *nssObj =
(NSS_BasicConstraints *)coder.malloc(sizeof(NSS_BasicConstraints));
memset(nssObj, 0, sizeof(*nssObj));
ArenaAllocator arenaAlloc(coder);
clCssmBoolToNss(cdsaObj->cA, nssObj->cA, arenaAlloc);
if(cdsaObj->pathLenConstraintPresent) {
clIntToData(cdsaObj->pathLenConstraint,
nssObj->pathLenConstraint, arenaAlloc);
}
cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false,
kSecAsn1BasicConstraintsTemplate);
}
bool getFieldBasicConstraints(
DecodedItem &cert,
unsigned index, uint32 &numFields, CssmOwnedData &fieldValue)
{
const DecodedExten *decodedExt;
NSS_BasicConstraints *nssObj;
CE_BasicConstraints *cdsaObj;
bool brtn;
brtn = cert.GetExtenTop<NSS_BasicConstraints, CE_BasicConstraints>(
index,
numFields,
fieldValue.allocator,
CSSMOID_BasicConstraints,
nssObj,
cdsaObj,
decodedExt);
if(!brtn) {
return false;
}
if(nssObj->cA.Data == NULL) {
cdsaObj->cA = CSSM_FALSE;
}
else {
cdsaObj->cA = clNssBoolToCssm(nssObj->cA);
}
if(nssObj->pathLenConstraint.Data == NULL) {
cdsaObj->pathLenConstraintPresent = CSSM_FALSE;
cdsaObj->pathLenConstraint = 0;
}
else {
cdsaObj->pathLenConstraintPresent = CSSM_TRUE;
cdsaObj->pathLenConstraint = clDataToInt(nssObj->pathLenConstraint);
}
getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue);
return true;
}
void setFieldExtKeyUsage(
DecodedItem &cert,
const CssmData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue,
false);
CE_ExtendedKeyUsage *cdsaObj =
(CE_ExtendedKeyUsage *)cssmExt->value.parsedValue;
SecNssCoder &coder = cert.coder();
NSS_ExtKeyUsage *nssObj =
(NSS_ExtKeyUsage *)coder.malloc(sizeof(NSS_ExtKeyUsage));
memset(nssObj, 0, sizeof(*nssObj));
if(cdsaObj->numPurposes != 0) {
nssObj->purposes =
(CSSM_OID **)clNssNullArray(cdsaObj->numPurposes, coder);
}
for(unsigned dex=0; dex<cdsaObj->numPurposes; dex++) {
nssObj->purposes[dex] = (CSSM_OID *)coder.malloc(sizeof(CSSM_OID));
coder.allocCopyItem(cdsaObj->purposes[dex],
*nssObj->purposes[dex]);
}
cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false,
kSecAsn1ExtKeyUsageTemplate);
}
bool getFieldExtKeyUsage(
DecodedItem &cert,
unsigned index, uint32 &numFields, CssmOwnedData &fieldValue)
{
const DecodedExten *decodedExt;
NSS_ExtKeyUsage *nssObj;
CE_ExtendedKeyUsage *cdsaObj;
bool brtn;
Allocator &alloc = fieldValue.allocator;
brtn = cert.GetExtenTop<NSS_ExtKeyUsage, CE_ExtendedKeyUsage>(
index,
numFields,
alloc,
CSSMOID_ExtendedKeyUsage,
nssObj,
cdsaObj,
decodedExt);
if(!brtn) {
return false;
}
unsigned numPurposes = clNssArraySize((const void **)nssObj->purposes);
cdsaObj->numPurposes = numPurposes;
if(numPurposes) {
unsigned len = numPurposes * sizeof(CSSM_OID);
cdsaObj->purposes = (CSSM_OID_PTR)alloc.malloc(len);
memset(cdsaObj->purposes, 0, len);
}
for(unsigned dex=0; dex<numPurposes; dex++) {
clAllocCopyData(alloc, *nssObj->purposes[dex], cdsaObj->purposes[dex]);
}
getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue);
return true;
}
void freeFieldExtKeyUsage(
CssmOwnedData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, false);
Allocator &alloc = fieldValue.allocator;
CE_ExtendedKeyUsage *cdsaObj =
(CE_ExtendedKeyUsage *)cssmExt->value.parsedValue;
unsigned oidDex;
for(oidDex=0; oidDex<cdsaObj->numPurposes; oidDex++) {
alloc.free(cdsaObj->purposes[oidDex].Data);
}
alloc.free(cdsaObj->purposes);
freeFieldExtenCommon(cssmExt, alloc); }
void setFieldSubjectKeyId(
DecodedItem &cert,
const CssmData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue,
false);
CE_SubjectKeyID *cdsaObj = (CE_SubjectKeyID *)cssmExt->value.parsedValue;
SecNssCoder &coder = cert.coder();
CSSM_DATA *nssObj = (CSSM_DATA *)coder.malloc(sizeof(CSSM_DATA));
coder.allocCopyItem(*cdsaObj, *nssObj);
cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false,
kSecAsn1SubjectKeyIdTemplate);
}
bool getFieldSubjectKeyId(
DecodedItem &cert,
unsigned index, uint32 &numFields, CssmOwnedData &fieldValue)
{
const DecodedExten *decodedExt;
CSSM_DATA *nssObj;
CE_SubjectKeyID *cdsaObj;
bool brtn;
Allocator &alloc = fieldValue.allocator;
brtn = cert.GetExtenTop<CSSM_DATA, CE_SubjectKeyID>(
index,
numFields,
alloc,
CSSMOID_SubjectKeyIdentifier,
nssObj,
cdsaObj,
decodedExt);
if(!brtn) {
return false;
}
assert(nssObj != NULL);
clAllocCopyData(alloc, *nssObj, *cdsaObj);
getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue);
return true;
}
void freeFieldSubjectKeyId (
CssmOwnedData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, false);
Allocator &alloc = fieldValue.allocator;
CE_SubjectKeyID *cdsaObj = (CE_SubjectKeyID *)cssmExt->value.parsedValue;
alloc.free(cdsaObj->Data);
freeFieldExtenCommon(cssmExt, alloc); }
void setFieldAuthorityKeyId(
DecodedItem &cert,
const CssmData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue,
false);
CE_AuthorityKeyID *cdsaObj =
(CE_AuthorityKeyID *)cssmExt->value.parsedValue;
SecNssCoder &coder = cert.coder();
NSS_AuthorityKeyId *nssObj =
(NSS_AuthorityKeyId *)coder.malloc(sizeof(NSS_AuthorityKeyId));
memset(nssObj, 0, sizeof(*nssObj));
CL_cssmAuthorityKeyIdToNss(*cdsaObj, *nssObj, coder);
cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false,
kSecAsn1AuthorityKeyIdTemplate);
}
bool getFieldAuthorityKeyId(
DecodedItem &cert,
unsigned index, uint32 &numFields, CssmOwnedData &fieldValue)
{
const DecodedExten *decodedExt;
NSS_AuthorityKeyId *nssObj;
CE_AuthorityKeyID *cdsaObj;
bool brtn;
Allocator &alloc = fieldValue.allocator;
brtn = cert.GetExtenTop<NSS_AuthorityKeyId, CE_AuthorityKeyID>(
index,
numFields,
alloc,
CSSMOID_AuthorityKeyIdentifier,
nssObj,
cdsaObj,
decodedExt);
if(!brtn) {
return false;
}
assert(nssObj != NULL);
CL_nssAuthorityKeyIdToCssm(*nssObj, *cdsaObj, cert.coder(), alloc);
getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue);
return true;
}
void freeFieldAuthorityKeyId (
CssmOwnedData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, false);
Allocator &alloc = fieldValue.allocator;
CE_AuthorityKeyID *cdsaObj = (CE_AuthorityKeyID *)cssmExt->value.parsedValue;
CL_freeAuthorityKeyId(*cdsaObj, alloc);
freeFieldExtenCommon(cssmExt, alloc); }
void setFieldSubjIssuerAltName(
DecodedItem &cert,
const CssmData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt =
verifySetFreeExtension(fieldValue, false);
CE_GeneralNames *cdsaObj = (CE_GeneralNames *)cssmExt->value.parsedValue;
SecNssCoder &coder = cert.coder();
NSS_GeneralNames *nssObj =
(NSS_GeneralNames *)coder.malloc(sizeof(NSS_GeneralNames));
memset(nssObj, 0, sizeof(*nssObj));
CL_cssmGeneralNamesToNss(*cdsaObj, *nssObj, coder);
cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false,
kSecAsn1GeneralNamesTemplate);
}
bool getFieldSubjAltName(
DecodedItem &cert,
unsigned index, uint32 &numFields, CssmOwnedData &fieldValue)
{
const DecodedExten *decodedExt;
NSS_GeneralNames *nssObj;
CE_GeneralNames *cdsaObj;
bool brtn;
brtn = cert.GetExtenTop<NSS_GeneralNames, CE_GeneralNames>(
index,
numFields,
fieldValue.allocator,
CSSMOID_SubjectAltName,
nssObj,
cdsaObj,
decodedExt);
if(!brtn) {
return false;
}
CL_nssGeneralNamesToCssm(*nssObj, *cdsaObj,
cert.coder(), fieldValue.allocator);
getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue);
return true;
}
bool getFieldIssuerAltName(
DecodedItem &cert,
unsigned index, uint32 &numFields, CssmOwnedData &fieldValue)
{
const DecodedExten *decodedExt;
NSS_GeneralNames *nssObj;
CE_GeneralNames *cdsaObj;
bool brtn;
brtn = cert.GetExtenTop<NSS_GeneralNames, CE_GeneralNames>(
index,
numFields,
fieldValue.allocator,
CSSMOID_IssuerAltName,
nssObj,
cdsaObj,
decodedExt);
if(!brtn) {
return false;
}
CL_nssGeneralNamesToCssm(*nssObj, *cdsaObj,
cert.coder(), fieldValue.allocator);
getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue);
return true;
}
void freeFieldSubjIssuerAltName (
CssmOwnedData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, false);
Allocator &alloc = fieldValue.allocator;
CE_GeneralNames *cdsaObj = (CE_GeneralNames *)cssmExt->value.parsedValue;
CL_freeCssmGeneralNames(cdsaObj, alloc);
freeFieldExtenCommon(cssmExt, alloc); }
#define MAX_IA5_NAME_SIZE 1024
void setFieldCertPolicies(
DecodedItem &cert,
const CssmData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt =
verifySetFreeExtension(fieldValue, false);
SecNssCoder &coder = cert.coder();
NSS_CertPolicies *nssObj =
(NSS_CertPolicies *)coder.malloc(sizeof(NSS_CertPolicies));
memset(nssObj, 0, sizeof(NSS_CertPolicies));
CE_CertPolicies *cdsaObj =
(CE_CertPolicies *)cssmExt->value.parsedValue;
if(cdsaObj->numPolicies) {
nssObj->policies =
(NSS_PolicyInformation **)clNssNullArray(
cdsaObj->numPolicies, coder);
}
for(unsigned polDex=0; polDex<cdsaObj->numPolicies; polDex++) {
CE_PolicyInformation *cPolInfo = &cdsaObj->policies[polDex];
NSS_PolicyInformation *nPolInfo = (NSS_PolicyInformation *)
coder.malloc(sizeof(NSS_PolicyInformation));
memset(nPolInfo, 0, sizeof(*nPolInfo));
nssObj->policies[polDex] = nPolInfo;
coder.allocCopyItem(cPolInfo->certPolicyId, nPolInfo->certPolicyId);
unsigned numQual = cPolInfo->numPolicyQualifiers;
if(numQual != 0) {
nPolInfo->policyQualifiers =
(NSS_PolicyQualifierInfo **)clNssNullArray(numQual,
coder);
}
for(unsigned qualDex=0; qualDex<numQual; qualDex++) {
CE_PolicyQualifierInfo *cQualInfo =
&cPolInfo->policyQualifiers[qualDex];
NSS_PolicyQualifierInfo *nQualInfo =
(NSS_PolicyQualifierInfo *)coder.malloc(
sizeof(NSS_PolicyQualifierInfo));
memset(nQualInfo, 0, sizeof(NSS_PolicyQualifierInfo));
nPolInfo->policyQualifiers[qualDex] = nQualInfo;
coder.allocCopyItem(cQualInfo->policyQualifierId,
nQualInfo->policyQualifierId);
if(clCompareCssmData(&cQualInfo->policyQualifierId,
&CSSMOID_QT_CPS)) {
if(coder.encodeItem(&cQualInfo->qualifier,
kSecAsn1IA5StringTemplate,
nQualInfo->qualifier)) {
clErrorLog("setFieldCertPOlicies: IA5 encode error\n");
CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR);
}
}
else {
coder.allocCopyItem(cQualInfo->qualifier,
nQualInfo->qualifier);
}
}
}
cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false,
kSecAsn1CertPoliciesTemplate);
}
bool getFieldCertPolicies(
DecodedItem &cert,
unsigned index, uint32 &numFields, CssmOwnedData &fieldValue)
{
const DecodedExten *decodedExt;
NSS_CertPolicies *nssObj;
CE_CertPolicies *cdsaObj;
bool brtn;
Allocator &alloc = fieldValue.allocator;
brtn = cert.GetExtenTop<NSS_CertPolicies, CE_CertPolicies>(
index,
numFields,
fieldValue.allocator,
CSSMOID_CertificatePolicies,
nssObj,
cdsaObj,
decodedExt);
if(!brtn) {
return false;
}
assert(nssObj != NULL);
memset(cdsaObj, 0, sizeof(*cdsaObj));
cdsaObj->numPolicies =
clNssArraySize((const void **)nssObj->policies);
unsigned sz = cdsaObj->numPolicies * sizeof(CE_PolicyInformation);
if(sz) {
cdsaObj->policies = (CE_PolicyInformation *)alloc.malloc(sz);
memset(cdsaObj->policies, 0, sz);
}
for(unsigned polDex=0; polDex<cdsaObj->numPolicies; polDex++) {
CE_PolicyInformation *cPolInfo = &cdsaObj->policies[polDex];
NSS_PolicyInformation *nPolInfo = nssObj->policies[polDex];
clAllocCopyData(alloc, nPolInfo->certPolicyId,
cPolInfo->certPolicyId);
if(nPolInfo->policyQualifiers == NULL) {
continue;
}
cPolInfo->numPolicyQualifiers =
clNssArraySize((const void **)nPolInfo->policyQualifiers);
sz = cPolInfo->numPolicyQualifiers *
sizeof(CE_PolicyQualifierInfo);
cPolInfo->policyQualifiers = (CE_PolicyQualifierInfo *)
alloc.malloc(sz);
memset(cPolInfo->policyQualifiers, 0, sz);
for(unsigned qualDex=0; qualDex<cPolInfo->numPolicyQualifiers;
qualDex++) {
NSS_PolicyQualifierInfo *nQualInfo =
nPolInfo->policyQualifiers[qualDex];
CE_PolicyQualifierInfo *cQualInfo =
&cPolInfo->policyQualifiers[qualDex];
clAllocCopyData(alloc, nQualInfo->policyQualifierId,
cQualInfo->policyQualifierId);
CSSM_DATA toCopy = nQualInfo->qualifier;
if(clCompareCssmData(&nQualInfo->policyQualifierId,
&CSSMOID_QT_CPS)) {
toCopy.Data = NULL;
toCopy.Length = 0;
if(cert.coder().decodeItem(nQualInfo->qualifier,
kSecAsn1IA5StringTemplate,
&toCopy)) {
clErrorLog("***getCertPolicies: bad IA5String!\n");
CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
}
}
clAllocCopyData(alloc, toCopy, cQualInfo->qualifier);
}
}
getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue);
return true;
}
void freeFieldCertPolicies (
CssmOwnedData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, false);
Allocator &alloc = fieldValue.allocator;
CE_CertPolicies *cdsaObj = (CE_CertPolicies *)cssmExt->value.parsedValue;
for(unsigned polDex=0; polDex<cdsaObj->numPolicies; polDex++) {
CE_PolicyInformation *cPolInfo = &cdsaObj->policies[polDex];
alloc.free(cPolInfo->certPolicyId.Data);
for(unsigned qualDex=0;
qualDex<cPolInfo->numPolicyQualifiers;
qualDex++) {
CE_PolicyQualifierInfo *cQualInfo =
&cPolInfo->policyQualifiers[qualDex];
alloc.free(cQualInfo->policyQualifierId.Data);
alloc.free(cQualInfo->qualifier.Data);
}
alloc.free(cPolInfo->policyQualifiers);
}
alloc.free(cdsaObj->policies);
freeFieldExtenCommon(cssmExt, alloc); }
void setFieldNetscapeCertType(
DecodedItem &cert,
const CssmData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue,
false);
CE_NetscapeCertType *cdsaObj =
(CE_NetscapeCertType *)cssmExt->value.parsedValue;
SecNssCoder &coder = cert.coder();
CSSM_DATA *nssObj = (CSSM_DATA *)coder.malloc(sizeof(CSSM_DATA));
coder.allocItem(*nssObj, 2);
nssObj->Data[0] = (*cdsaObj) >> 8;
nssObj->Data[1] = *cdsaObj;
clCssmBitStringToNss(*nssObj);
cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false,
kSecAsn1NetscapeCertTypeTemplate);
}
bool getFieldNetscapeCertType(
DecodedItem &cert,
unsigned index, uint32 &numFields, CssmOwnedData &fieldValue)
{
const DecodedExten *decodedExt;
CSSM_DATA *nssObj;
CE_NetscapeCertType *cdsaObj;
bool brtn;
brtn = cert.GetExtenTop<CSSM_DATA, CE_NetscapeCertType>(
index,
numFields,
fieldValue.allocator,
CSSMOID_NetscapeCertType,
nssObj,
cdsaObj,
decodedExt);
if(!brtn) {
return false;
}
CSSM_DATA bitString = *nssObj;
clNssBitStringToCssm(bitString);
size_t toCopy = bitString.Length;
if(toCopy > 2) {
clErrorLog("getFieldKeyUsage: CertType larger than 2 bytes!");
toCopy = 2;
}
unsigned char bits[2] = {0, 0};
memmove(bits, bitString.Data, toCopy);
*cdsaObj = (((unsigned)bits[0]) << 8) | bits[1];
getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue);
return true;
}
void setFieldCrlDistPoints(
DecodedItem &cert,
const CssmData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt =
verifySetFreeExtension(fieldValue, false);
CE_CRLDistPointsSyntax *cdsaObj =
(CE_CRLDistPointsSyntax *)cssmExt->value.parsedValue;
SecNssCoder &coder = cert.coder();
NSS_CRLDistributionPoints *nssObj =
(NSS_CRLDistributionPoints *)coder.malloc(
sizeof(NSS_CRLDistributionPoints));
CL_cssmDistPointsToNss(*cdsaObj, *nssObj, coder);
cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false,
kSecAsn1CRLDistributionPointsTemplate);
}
bool getFieldCrlDistPoints(
DecodedItem &cert,
unsigned index, uint32 &numFields, CssmOwnedData &fieldValue)
{
const DecodedExten *decodedExt;
NSS_CRLDistributionPoints *nssObj;
CE_CRLDistPointsSyntax *cdsaObj;
bool brtn;
Allocator &alloc = fieldValue.allocator;
brtn = cert.GetExtenTop<NSS_CRLDistributionPoints,
CE_CRLDistPointsSyntax>(
index,
numFields,
alloc,
CSSMOID_CrlDistributionPoints,
nssObj,
cdsaObj,
decodedExt);
if(!brtn) {
return false;
}
assert(nssObj != NULL);
CL_nssDistPointsToCssm(*nssObj, *cdsaObj, cert.coder(), alloc);
getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue);
return true;
}
void freeFieldCrlDistPoints (
CssmOwnedData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, false);
Allocator &alloc = fieldValue.allocator;
CE_CRLDistPointsSyntax *cdsaObj =
(CE_CRLDistPointsSyntax *)cssmExt->value.parsedValue;
CL_freeCssmDistPoints(cdsaObj, alloc);
freeFieldExtenCommon(cssmExt, alloc); }
void setFieldAuthInfoAccess(
DecodedItem &cert,
const CssmData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt =
verifySetFreeExtension(fieldValue, false);
CE_AuthorityInfoAccess *cdsaObj =
(CE_AuthorityInfoAccess *)cssmExt->value.parsedValue;
SecNssCoder &coder = cert.coder();
NSS_AuthorityInfoAccess *nssObj =
(NSS_AuthorityInfoAccess *)coder.malloc(
sizeof(NSS_AuthorityInfoAccess));
CL_cssmInfoAccessToNss(*cdsaObj, *nssObj, coder);
cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false,
kSecAsn1AuthorityInfoAccessTemplate);
}
bool getFieldAuthInfoAccess(
DecodedItem &cert,
unsigned index, uint32 &numFields, CssmOwnedData &fieldValue)
{
const DecodedExten *decodedExt;
NSS_AuthorityInfoAccess *nssObj;
CE_AuthorityInfoAccess *cdsaObj;
bool brtn;
Allocator &alloc = fieldValue.allocator;
brtn = cert.GetExtenTop<NSS_AuthorityInfoAccess,
CE_AuthorityInfoAccess>(
index,
numFields,
alloc,
CSSMOID_AuthorityInfoAccess,
nssObj,
cdsaObj,
decodedExt);
if(!brtn) {
return false;
}
assert(nssObj != NULL);
CL_infoAccessToCssm(*nssObj, *cdsaObj, cert.coder(), alloc);
getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue);
return true;
}
bool getFieldSubjInfoAccess(
DecodedItem &cert,
unsigned index, uint32 &numFields, CssmOwnedData &fieldValue)
{
const DecodedExten *decodedExt;
NSS_AuthorityInfoAccess *nssObj;
CE_AuthorityInfoAccess *cdsaObj;
bool brtn;
Allocator &alloc = fieldValue.allocator;
brtn = cert.GetExtenTop<NSS_AuthorityInfoAccess,
CE_AuthorityInfoAccess>(
index,
numFields,
alloc,
CSSMOID_SubjectInfoAccess,
nssObj,
cdsaObj,
decodedExt);
if(!brtn) {
return false;
}
assert(nssObj != NULL);
CL_infoAccessToCssm(*nssObj, *cdsaObj, cert.coder(), alloc);
getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue);
return true;
}
void freeFieldInfoAccess (
CssmOwnedData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, false);
Allocator &alloc = fieldValue.allocator;
CE_AuthorityInfoAccess *cdsaObj =
(CE_AuthorityInfoAccess *)cssmExt->value.parsedValue;
CL_freeInfoAccess(*cdsaObj, alloc);
freeFieldExtenCommon(cssmExt, alloc);
}
void setFieldQualCertStatements(
DecodedItem &cert,
const CssmData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt =
verifySetFreeExtension(fieldValue, false);
CE_QC_Statements *cdsaObj =
(CE_QC_Statements *)cssmExt->value.parsedValue;
SecNssCoder &coder = cert.coder();
NSS_QC_Statements *nssObj =
(NSS_QC_Statements *)coder.malloc(
sizeof(NSS_QC_Statements));
CL_cssmQualCertStatementsToNss(*cdsaObj, *nssObj, coder);
cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false,
kSecAsn1QC_StatementsTemplate);
}
bool getFieldQualCertStatements(
DecodedItem &cert,
unsigned index, uint32 &numFields, CssmOwnedData &fieldValue)
{
const DecodedExten *decodedExt;
NSS_QC_Statements *nssObj;
CE_QC_Statements *cdsaObj;
bool brtn;
Allocator &alloc = fieldValue.allocator;
brtn = cert.GetExtenTop<NSS_QC_Statements,
CE_QC_Statements>(
index,
numFields,
alloc,
CSSMOID_QC_Statements,
nssObj,
cdsaObj,
decodedExt);
if(!brtn) {
return false;
}
assert(nssObj != NULL);
CL_qualCertStatementsToCssm(*nssObj, *cdsaObj, cert.coder(), alloc);
getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue);
return true;
}
void freeFieldQualCertStatements(
CssmOwnedData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, false);
Allocator &alloc = fieldValue.allocator;
CE_QC_Statements *cdsaObj =
(CE_QC_Statements *)cssmExt->value.parsedValue;
CL_freeQualCertStatements(*cdsaObj, alloc);
freeFieldExtenCommon(cssmExt, alloc); }
void setFieldNameConstraints(
DecodedItem &cert,
const CssmData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt =
verifySetFreeExtension(fieldValue, false);
CE_NameConstraints *cdsaObj =
(CE_NameConstraints *)cssmExt->value.parsedValue;
SecNssCoder &coder = cert.coder();
NSS_NameConstraints *nssObj =
(NSS_NameConstraints *)coder.malloc(
sizeof(NSS_NameConstraints));
CL_cssmNameConstraintsToNss(*cdsaObj, *nssObj, coder);
cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false,
kSecAsn1NameConstraintsTemplate);
}
bool getFieldNameConstraints(
DecodedItem &cert,
unsigned index, uint32 &numFields, CssmOwnedData &fieldValue)
{
const DecodedExten *decodedExt;
NSS_NameConstraints *nssObj;
CE_NameConstraints *cdsaObj;
bool brtn;
Allocator &alloc = fieldValue.allocator;
brtn = cert.GetExtenTop<NSS_NameConstraints,
CE_NameConstraints>(
index,
numFields,
alloc,
CSSMOID_NameConstraints,
nssObj,
cdsaObj,
decodedExt);
if(!brtn) {
return false;
}
assert(nssObj != NULL);
CL_nssNameConstraintsToCssm(*nssObj, *cdsaObj, cert.coder(), alloc);
getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue);
return true;
}
void freeFieldNameConstraints (
CssmOwnedData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, false);
Allocator &alloc = fieldValue.allocator;
CE_NameConstraints *cdsaObj =
(CE_NameConstraints *)cssmExt->value.parsedValue;
CL_freeCssmNameConstraints(cdsaObj, alloc);
freeFieldExtenCommon(cssmExt, alloc); }
void setFieldPolicyMappings(
DecodedItem &cert,
const CssmData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt =
verifySetFreeExtension(fieldValue, false);
CE_PolicyMappings *cdsaObj =
(CE_PolicyMappings *)cssmExt->value.parsedValue;
SecNssCoder &coder = cert.coder();
NSS_PolicyMappings *nssObj =
(NSS_PolicyMappings *)coder.malloc(
sizeof(NSS_PolicyMappings));
CL_cssmPolicyMappingsToNss(*cdsaObj, *nssObj, coder);
cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false,
kSecAsn1PolicyMappingsTemplate);
}
bool getFieldPolicyMappings(
DecodedItem &cert,
unsigned index, uint32 &numFields, CssmOwnedData &fieldValue)
{
const DecodedExten *decodedExt;
NSS_PolicyMappings *nssObj;
CE_PolicyMappings *cdsaObj;
bool brtn;
Allocator &alloc = fieldValue.allocator;
brtn = cert.GetExtenTop<NSS_PolicyMappings,
CE_PolicyMappings>(
index,
numFields,
alloc,
CSSMOID_PolicyMappings,
nssObj,
cdsaObj,
decodedExt);
if(!brtn) {
return false;
}
assert(nssObj != NULL);
CL_nssPolicyMappingsToCssm(*nssObj, *cdsaObj, cert.coder(), alloc);
getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue);
return true;
}
void freeFieldPolicyMappings (
CssmOwnedData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, false);
Allocator &alloc = fieldValue.allocator;
CE_PolicyMappings *cdsaObj =
(CE_PolicyMappings *)cssmExt->value.parsedValue;
CL_freeCssmPolicyMappings(cdsaObj, alloc);
freeFieldExtenCommon(cssmExt, alloc); }
void setFieldPolicyConstraints(
DecodedItem &cert,
const CssmData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt =
verifySetFreeExtension(fieldValue, false);
CE_PolicyConstraints *cdsaObj =
(CE_PolicyConstraints *)cssmExt->value.parsedValue;
SecNssCoder &coder = cert.coder();
NSS_PolicyConstraints *nssObj =
(NSS_PolicyConstraints *)coder.malloc(
sizeof(NSS_PolicyConstraints));
CL_cssmPolicyConstraintsToNss(cdsaObj, nssObj, coder);
cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false,
kSecAsn1PolicyConstraintsTemplate);
}
bool getFieldPolicyConstraints(
DecodedItem &cert,
unsigned index, uint32 &numFields, CssmOwnedData &fieldValue)
{
const DecodedExten *decodedExt;
NSS_PolicyConstraints *nssObj;
CE_PolicyConstraints *cdsaObj;
bool brtn;
Allocator &alloc = fieldValue.allocator;
brtn = cert.GetExtenTop<NSS_PolicyConstraints,
CE_PolicyConstraints>(
index,
numFields,
alloc,
CSSMOID_PolicyConstraints,
nssObj,
cdsaObj,
decodedExt);
if(!brtn) {
return false;
}
assert(nssObj != NULL);
CL_nssPolicyConstraintsToCssm(nssObj, cdsaObj, cert.coder(), alloc);
getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue);
return true;
}
void freeFieldPolicyConstraints (
CssmOwnedData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue, false);
Allocator &alloc = fieldValue.allocator;
CE_PolicyConstraints *cdsaObj =
(CE_PolicyConstraints *)cssmExt->value.parsedValue;
CL_freeCssmPolicyConstraints(cdsaObj, alloc);
freeFieldExtenCommon(cssmExt, alloc); }
void setFieldInhibitAnyPolicy(
DecodedItem &cert,
const CssmData &fieldValue)
{
CSSM_X509_EXTENSION_PTR cssmExt = verifySetFreeExtension(fieldValue,
false);
CE_InhibitAnyPolicy *cdsaObj =
(CE_InhibitAnyPolicy *)cssmExt->value.parsedValue;
SecNssCoder &coder = cert.coder();
CSSM_DATA *nssObj = (CSSM_DATA *)coder.malloc(sizeof(CSSM_DATA));
coder.allocItem(*nssObj, sizeof(uint32));
nssObj->Data[0] = (*cdsaObj) >> 24;
nssObj->Data[1] = (*cdsaObj) >> 16;
nssObj->Data[2] = (*cdsaObj) >> 8;
nssObj->Data[3] = *cdsaObj;
cert.addExtension(nssObj, cssmExt->extnId, cssmExt->critical, false,
kSecAsn1IntegerTemplate);
}
bool getFieldInhibitAnyPolicy(
DecodedItem &cert,
unsigned index, uint32 &numFields, CssmOwnedData &fieldValue)
{
const DecodedExten *decodedExt;
CSSM_DATA *nssObj;
CE_InhibitAnyPolicy *cdsaObj;
bool brtn;
brtn = cert.GetExtenTop<CSSM_DATA, CE_InhibitAnyPolicy>(
index,
numFields,
fieldValue.allocator,
CSSMOID_InhibitAnyPolicy,
nssObj,
cdsaObj,
decodedExt);
if(!brtn) {
return false;
}
*cdsaObj = *(nssObj->Data);
getFieldExtenCommon(cdsaObj, *decodedExt, fieldValue);
return true;
}