ocspExtensions.cpp [plain text]
#include "ocspExtensions.h"
#include "ocspdDebug.h"
#include "ocspdUtils.h"
#include <Security/oidscrl.h>
#include <Security/cssmapple.h>
#include <strings.h>
#include "ocspdDebug.h"
#include <security_cdsa_utilities/cssmerrors.h>
#pragma mark ----- base class : OCSCExtension -----
OCSPExtension *OCSPExtension::createFromNSS(
SecAsn1CoderRef coder,
const NSS_CertExtension &nssExt)
{
const CSSM_OID *extnId = &nssExt.extnId;
if(ocspdCompareCssmData(extnId, &CSSMOID_PKIX_OCSP_NONCE)) {
return new OCSPNonce(coder, nssExt);
}
else {
return new OCSPExtension(coder, nssExt, OET_Unknown);
}
}
OCSPExtension::OCSPExtension(
SecAsn1CoderRef coder,
const NSS_CertExtension &nssExt,
OCSPExtensionTag tag)
: mNssExt(const_cast<NSS_CertExtension *>(&nssExt)),
mCoder(coder),
mTag(tag),
mUnrecognizedCritical(false)
{
if((nssExt.critical.Data != NULL) && (*nssExt.critical.Data != 0)) {
mCritical = true;
}
else {
mCritical = false;
}
if(mCritical && (tag == OET_Unknown)) {
mUnrecognizedCritical = true;
}
}
OCSPExtension::OCSPExtension(
SecAsn1CoderRef coder, const CSSM_OID &extnId, OCSPExtensionTag tag, bool critical) : mNssExt(NULL), mCoder(coder),
mCritical(critical),
mTag(tag),
mUnrecognizedCritical(false) {
mNssExt = (NSS_CertExtension *)SecAsn1Malloc(coder, sizeof(NSS_CertExtension));
memset(mNssExt, 0, sizeof(NSS_CertExtension));
SecAsn1AllocCopyItem(coder, &extnId, &mNssExt->extnId);
SecAsn1AllocItem(coder, &mNssExt->critical, 1);
mNssExt->critical.Data[0] = critical ? 0xff : 0;
}
OCSPExtension::~OCSPExtension()
{
}
#pragma mark ---- Nonce -----
OCSPNonce::OCSPNonce(
SecAsn1CoderRef coder,
bool critical,
const CSSM_DATA &nonce)
: OCSPExtension(coder, CSSMOID_PKIX_OCSP_NONCE, OET_Nonce, critical)
{
SecAsn1AllocCopyItem(coder, &nonce, &mNonce);
setDerValue(mNonce);
}
OCSPNonce::OCSPNonce(
SecAsn1CoderRef coder,
const NSS_CertExtension &nssExt)
: OCSPExtension(coder, nssExt, OET_Nonce)
{
SecAsn1AllocCopyItem(coder, &nssExt.value, &mNonce);
}
OCSPNonce::~OCSPNonce()
{
}
#pragma mark ----- Extensions array -----
OCSPExtensions::OCSPExtensions(
NSS_CertExtension **nssExts)
: mCoder(NULL), mNumExtensions(0), mExtensions(NULL)
{
SecAsn1CoderCreate(&mCoder);
mNumExtensions = ocspdArraySize((const void **)nssExts);
if(mNumExtensions == 0) {
return;
}
mExtensions = (OCSPExtension **)SecAsn1Malloc(mCoder,
(mNumExtensions * sizeof(OCSPExtension *)));
for(unsigned dex=0; dex<mNumExtensions; dex++) {
try {
mExtensions[dex] =
OCSPExtension::createFromNSS(mCoder, *nssExts[dex]);
if(mExtensions[dex] == NULL) {
ocspdErrorLog("OCSPExtensions: extension failure (NULL) dex %u\n", dex);
CssmError::throwMe(CSSMERR_APPLETP_OCSP_BAD_RESPONSE);
}
if(mExtensions[dex]->unrecognizedCritical()) {
ocspdErrorLog("OCSPExtensions: unrecognized critical extension\n");
CssmError::throwMe(CSSMERR_APPLETP_OCSP_BAD_RESPONSE);
}
}
catch (...) {
ocspdErrorLog("OCSPExtensions: extension failure dex %u\n", dex);
CssmError::throwMe(CSSMERR_APPLETP_OCSP_BAD_RESPONSE);
}
}
}
OCSPExtensions::~OCSPExtensions()
{
for(unsigned dex=0; dex<mNumExtensions; dex++) {
delete mExtensions[dex];
}
if(mCoder) {
SecAsn1CoderRelease(mCoder);
}
}
OCSPExtension *OCSPExtensions::findExtension(
const CSSM_OID &oid)
{
for(unsigned dex=0; dex<mNumExtensions; dex++) {
const CSSM_OID &extnId = mExtensions[dex]->extnId();
if(ocspdCompareCssmData(&oid, &extnId)) {
return mExtensions[dex];
}
}
return NULL;
}