#include "cmslocal.h"
#include "cert.h"
#include "SecAsn1Item.h"
#include "secoid.h"
#include <security_asn1/secasn1.h>
#include <security_asn1/secerr.h>
#include <security_asn1/secport.h>
#include <Security/SecIdentity.h>
static int
nss_cms_recipients_traverse(SecCmsRecipientInfoRef *recipientinfos, SecCmsRecipient **recipient_list)
{
int count = 0;
int rlindex = 0;
int i, j;
SecCmsRecipient *rle;
SecCmsRecipientInfoRef ri;
SecCmsRecipientEncryptedKey *rek;
for (i = 0; recipientinfos[i] != NULL; i++) {
ri = recipientinfos[i];
switch (ri->recipientInfoType) {
case SecCmsRecipientInfoIDKeyTrans:
if (recipient_list) {
rle = (SecCmsRecipient *)PORT_ZAlloc(sizeof(SecCmsRecipient));
if (rle == NULL)
return -1;
rle->riIndex = i;
rle->subIndex = -1;
switch (ri->ri.keyTransRecipientInfo.recipientIdentifier.identifierType) {
case SecCmsRecipientIDIssuerSN:
rle->kind = RLIssuerSN;
rle->id.issuerAndSN = ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN;
break;
case SecCmsRecipientIDSubjectKeyID:
rle->kind = RLSubjKeyID;
rle->id.subjectKeyID = ri->ri.keyTransRecipientInfo.recipientIdentifier.id.subjectKeyID;
break;
}
recipient_list[rlindex++] = rle;
} else {
count++;
}
break;
case SecCmsRecipientInfoIDKeyAgree:
if (ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys == NULL)
break;
for (j=0; ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[j] != NULL; j++) {
if (recipient_list) {
rek = ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[j];
rle = (SecCmsRecipient *)PORT_ZAlloc(sizeof(SecCmsRecipient));
if (rle == NULL)
return -1;
rle->riIndex = i;
rle->subIndex = j;
switch (rek->recipientIdentifier.identifierType) {
case SecCmsKeyAgreeRecipientIDIssuerSN:
rle->kind = RLIssuerSN;
rle->id.issuerAndSN = rek->recipientIdentifier.id.issuerAndSN;
break;
case SecCmsKeyAgreeRecipientIDRKeyID:
rle->kind = RLSubjKeyID;
rle->id.subjectKeyID = &rek->recipientIdentifier.id.recipientKeyIdentifier.subjectKeyIdentifier;
break;
}
recipient_list[rlindex++] = rle;
} else {
count++;
}
}
break;
case SecCmsRecipientInfoIDKEK:
break;
}
}
if (recipient_list) {
recipient_list[rlindex] = NULL;
return 0;
} else {
return count;
}
}
SecCmsRecipient **
nss_cms_recipient_list_create(SecCmsRecipientInfoRef *recipientinfos)
{
int count, rv;
SecCmsRecipient **recipient_list;
count = nss_cms_recipients_traverse(recipientinfos, NULL);
if (count <= 0 || count>=(int)((INT_MAX/sizeof(SecCmsRecipient *))-1)) {
PORT_SetError(SEC_ERROR_BAD_DATA);
#if 0
PORT_SetErrorString("Cannot find recipient data in envelope.");
#endif
return NULL;
}
recipient_list = (SecCmsRecipient **)
PORT_ZAlloc((count + 1) * sizeof(SecCmsRecipient *));
if (recipient_list == NULL)
return NULL;
rv = nss_cms_recipients_traverse(recipientinfos, recipient_list);
if (rv < 0) {
nss_cms_recipient_list_destroy(recipient_list);
return NULL;
}
return recipient_list;
}
void
nss_cms_recipient_list_destroy(SecCmsRecipient **recipient_list)
{
int i;
SecCmsRecipient *recipient;
for (i=0; recipient_list[i] != NULL; i++) {
recipient = recipient_list[i];
if (recipient->cert)
CFRelease(recipient->cert);
if (recipient->privkey)
CFRelease(recipient->privkey);
#if 0
if (recipient->slot)
PK11_FreeSlot(recipient->slot);
#endif
PORT_Free(recipient);
}
PORT_Free(recipient_list);
}
SecCmsRecipientEncryptedKey *
SecCmsRecipientEncryptedKeyCreate(PLArenaPool *poolp)
{
return (SecCmsRecipientEncryptedKey *)PORT_ArenaZAlloc(poolp, sizeof(SecCmsRecipientEncryptedKey));
}
int
nss_cms_FindCertAndKeyByRecipientList(SecCmsRecipient **recipient_list, void *wincx)
{
SecCmsRecipient *recipient = NULL;
SecCertificateRef cert = NULL;
SecPrivateKeyRef privKey = NULL;
SecIdentityRef identity = NULL;
int ix;
CFTypeRef keychainOrArray = NULL;
for (ix = 0; recipient_list[ix] != NULL; ++ix)
{
recipient = recipient_list[ix];
switch (recipient->kind)
{
case RLIssuerSN:
identity = CERT_FindIdentityByIssuerAndSN(keychainOrArray, recipient->id.issuerAndSN);
break;
case RLSubjKeyID:
identity = CERT_FindIdentityBySubjectKeyID(keychainOrArray, recipient->id.subjectKeyID);
break;
}
if (identity)
break;
}
if (!identity)
goto loser;
if (!recipient)
goto loser;
if (SecIdentityCopyCertificate(identity, &cert))
goto loser;
if (SecIdentityCopyPrivateKey(identity, &privKey))
goto loser;
CFRelease(identity);
recipient->cert = cert;
recipient->privkey = privKey;
return ix;
loser:
if (identity)
CFRelease(identity);
if (cert)
CFRelease(cert);
if (privKey)
CFRelease(privKey);
return -1;
}