tor-browser

respcmn.c (11844B)

---

/* -*- Mode: C; tab-width: 8 -*-*/
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "cmmf.h"
#include "cmmfi.h"
#include "secitem.h"
#include "secder.h"

SECStatus
cmmf_DestroyPKIStatusInfo(CMMFPKIStatusInfo *info, PRBool freeit)
{
   if (info->status.data != NULL) {
       PORT_Free(info->status.data);
       info->status.data = NULL;
   }
   if (info->statusString.data != NULL) {
       PORT_Free(info->statusString.data);
       info->statusString.data = NULL;
   }
   if (info->failInfo.data != NULL) {
       PORT_Free(info->failInfo.data);
       info->failInfo.data = NULL;
   }
   if (freeit) {
       PORT_Free(info);
   }
   return SECSuccess;
}

SECStatus
CMMF_DestroyCertResponse(CMMFCertResponse *inCertResp)
{
   PORT_Assert(inCertResp != NULL);
   if (inCertResp != NULL) {
       if (inCertResp->certReqId.data != NULL) {
           PORT_Free(inCertResp->certReqId.data);
       }
       cmmf_DestroyPKIStatusInfo(&inCertResp->status, PR_FALSE);
       if (inCertResp->certifiedKeyPair != NULL) {
           CMMF_DestroyCertifiedKeyPair(inCertResp->certifiedKeyPair);
       }
       PORT_Free(inCertResp);
   }
   return SECSuccess;
}

SECStatus
CMMF_DestroyCertRepContent(CMMFCertRepContent *inCertRepContent)
{
   PORT_Assert(inCertRepContent != NULL);
   if (inCertRepContent != NULL) {
       CMMFCertResponse **pResponse = inCertRepContent->response;
       if (pResponse != NULL) {
           for (; *pResponse != NULL; pResponse++) {
               CMMFCertifiedKeyPair *certKeyPair = (*pResponse)->certifiedKeyPair;
               /* XXX Why not call CMMF_DestroyCertifiedKeyPair or
                ** XXX cmmf_DestroyCertOrEncCert ?
                */
               if (certKeyPair != NULL &&
                   certKeyPair->certOrEncCert.choice == cmmfCertificate &&
                   certKeyPair->certOrEncCert.cert.certificate != NULL) {
                   CERT_DestroyCertificate(certKeyPair->certOrEncCert.cert.certificate);
                   certKeyPair->certOrEncCert.cert.certificate = NULL;
               }
           }
       }
       if (inCertRepContent->caPubs) {
           CERTCertificate **caPubs = inCertRepContent->caPubs;
           for (; *caPubs; ++caPubs) {
               CERT_DestroyCertificate(*caPubs);
               *caPubs = NULL;
           }
       }
       if (inCertRepContent->poolp != NULL) {
           PORT_FreeArena(inCertRepContent->poolp, PR_TRUE);
       }
   }
   return SECSuccess;
}

SECStatus
CMMF_DestroyPOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyCont)
{
   PORT_Assert(inDecKeyCont != NULL);
   if (inDecKeyCont != NULL && inDecKeyCont->poolp) {
       PORT_FreeArena(inDecKeyCont->poolp, PR_FALSE);
   }
   return SECSuccess;
}

SECStatus
crmf_create_prtime(SECItem *src, PRTime **dest)
{
   *dest = PORT_ZNew(PRTime);
   return DER_DecodeTimeChoice(*dest, src);
}

CRMFCertExtension *
crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension)
{
   PRBool isCritical;
   SECOidTag id;
   SECItem *data;
   CRMFCertExtension *newExt;

   PORT_Assert(inExtension != NULL);
   if (inExtension == NULL) {
       return NULL;
   }
   id = CRMF_CertExtensionGetOidTag(inExtension);
   isCritical = CRMF_CertExtensionGetIsCritical(inExtension);
   data = CRMF_CertExtensionGetValue(inExtension);
   newExt = crmf_create_cert_extension(poolp, id,
                                       isCritical,
                                       data);
   SECITEM_FreeItem(data, PR_TRUE);
   return newExt;
}

static SECItem *
cmmf_encode_certificate(CERTCertificate *inCert)
{
   return SEC_ASN1EncodeItem(NULL, NULL, inCert,
                             SEC_ASN1_GET(SEC_SignedCertificateTemplate));
}

CERTCertList *
cmmf_MakeCertList(CERTCertificate **inCerts)
{
   CERTCertList *certList;
   CERTCertificate *currCert;
   SECItem *derCert, *freeCert = NULL;
   SECStatus rv;
   int i;

   certList = CERT_NewCertList();
   if (certList == NULL) {
       return NULL;
   }
   for (i = 0; inCerts[i] != NULL; i++) {
       derCert = &inCerts[i]->derCert;
       if (derCert->data == NULL) {
           derCert = freeCert = cmmf_encode_certificate(inCerts[i]);
       }
       currCert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
                                          derCert, NULL, PR_FALSE, PR_TRUE);
       if (freeCert != NULL) {
           SECITEM_FreeItem(freeCert, PR_TRUE);
           freeCert = NULL;
       }
       if (currCert == NULL) {
           goto loser;
       }
       rv = CERT_AddCertToListTail(certList, currCert);
       if (rv != SECSuccess) {
           goto loser;
       }
   }
   return certList;
loser:
   CERT_DestroyCertList(certList);
   return NULL;
}

CMMFPKIStatus
cmmf_PKIStatusInfoGetStatus(CMMFPKIStatusInfo *inStatus)
{
   long derVal;

   derVal = DER_GetInteger(&inStatus->status);
   if (derVal == -1 || derVal < cmmfGranted || derVal >= cmmfNumPKIStatus) {
       return cmmfNoPKIStatus;
   }
   return (CMMFPKIStatus)derVal;
}

int
CMMF_CertRepContentGetNumResponses(CMMFCertRepContent *inCertRepContent)
{
   int numResponses = 0;
   PORT_Assert(inCertRepContent != NULL);
   if (inCertRepContent != NULL && inCertRepContent->response != NULL) {
       while (inCertRepContent->response[numResponses] != NULL) {
           numResponses++;
       }
   }
   return numResponses;
}

SECStatus
cmmf_DestroyCertOrEncCert(CMMFCertOrEncCert *certOrEncCert, PRBool freeit)
{
   switch (certOrEncCert->choice) {
       case cmmfCertificate:
           CERT_DestroyCertificate(certOrEncCert->cert.certificate);
           certOrEncCert->cert.certificate = NULL;
           break;
       case cmmfEncryptedCert:
           crmf_destroy_encrypted_value(certOrEncCert->cert.encryptedCert,
                                        PR_TRUE);
           certOrEncCert->cert.encryptedCert = NULL;
           break;
       default:
           break;
   }
   if (freeit) {
       PORT_Free(certOrEncCert);
   }
   return SECSuccess;
}

SECStatus
cmmf_copy_secitem(PLArenaPool *poolp, SECItem *dest, SECItem *src)
{
   SECStatus rv;

   if (src->data != NULL) {
       rv = SECITEM_CopyItem(poolp, dest, src);
   } else {
       dest->data = NULL;
       dest->len = 0;
       rv = SECSuccess;
   }
   return rv;
}

SECStatus
CMMF_DestroyCertifiedKeyPair(CMMFCertifiedKeyPair *inCertKeyPair)
{
   PORT_Assert(inCertKeyPair != NULL);
   if (inCertKeyPair != NULL) {
       cmmf_DestroyCertOrEncCert(&inCertKeyPair->certOrEncCert, PR_FALSE);
       if (inCertKeyPair->privateKey) {
           crmf_destroy_encrypted_value(inCertKeyPair->privateKey, PR_TRUE);
       }
       if (inCertKeyPair->derPublicationInfo.data) {
           PORT_Free(inCertKeyPair->derPublicationInfo.data);
       }
       PORT_Free(inCertKeyPair);
   }
   return SECSuccess;
}

SECStatus
cmmf_CopyCertResponse(PLArenaPool *poolp,
                     CMMFCertResponse *dest,
                     CMMFCertResponse *src)
{
   SECStatus rv;

   if (src->certReqId.data != NULL) {
       rv = SECITEM_CopyItem(poolp, &dest->certReqId, &src->certReqId);
       if (rv != SECSuccess) {
           return rv;
       }
   }
   rv = cmmf_CopyPKIStatusInfo(poolp, &dest->status, &src->status);
   if (rv != SECSuccess) {
       return rv;
   }
   if (src->certifiedKeyPair != NULL) {
       CMMFCertifiedKeyPair *destKeyPair;

       destKeyPair = (poolp == NULL) ? PORT_ZNew(CMMFCertifiedKeyPair) : PORT_ArenaZNew(poolp, CMMFCertifiedKeyPair);
       if (!destKeyPair) {
           return SECFailure;
       }
       rv = cmmf_CopyCertifiedKeyPair(poolp, destKeyPair,
                                      src->certifiedKeyPair);
       if (rv != SECSuccess) {
           if (!poolp) {
               CMMF_DestroyCertifiedKeyPair(destKeyPair);
           }
           return rv;
       }
       dest->certifiedKeyPair = destKeyPair;
   }
   return SECSuccess;
}

static SECStatus
cmmf_CopyCertOrEncCert(PLArenaPool *poolp, CMMFCertOrEncCert *dest,
                      CMMFCertOrEncCert *src)
{
   SECStatus rv = SECSuccess;
   CRMFEncryptedValue *encVal;

   dest->choice = src->choice;
   rv = cmmf_copy_secitem(poolp, &dest->derValue, &src->derValue);
   switch (src->choice) {
       case cmmfCertificate:
           dest->cert.certificate = CERT_DupCertificate(src->cert.certificate);
           break;
       case cmmfEncryptedCert:
           encVal = (poolp == NULL) ? PORT_ZNew(CRMFEncryptedValue) : PORT_ArenaZNew(poolp, CRMFEncryptedValue);
           if (encVal == NULL) {
               return SECFailure;
           }
           rv = crmf_copy_encryptedvalue(poolp, src->cert.encryptedCert, encVal);
           if (rv != SECSuccess) {
               if (!poolp) {
                   crmf_destroy_encrypted_value(encVal, PR_TRUE);
               }
               return rv;
           }
           dest->cert.encryptedCert = encVal;
           break;
       default:
           rv = SECFailure;
   }
   return rv;
}

SECStatus
cmmf_CopyCertifiedKeyPair(PLArenaPool *poolp, CMMFCertifiedKeyPair *dest,
                         CMMFCertifiedKeyPair *src)
{
   SECStatus rv;

   rv = cmmf_CopyCertOrEncCert(poolp, &dest->certOrEncCert,
                               &src->certOrEncCert);
   if (rv != SECSuccess) {
       return rv;
   }

   if (src->privateKey != NULL) {
       CRMFEncryptedValue *encVal;

       encVal = (poolp == NULL) ? PORT_ZNew(CRMFEncryptedValue) : PORT_ArenaZNew(poolp, CRMFEncryptedValue);
       if (encVal == NULL) {
           return SECFailure;
       }
       rv = crmf_copy_encryptedvalue(poolp, src->privateKey,
                                     encVal);
       if (rv != SECSuccess) {
           if (!poolp) {
               crmf_destroy_encrypted_value(encVal, PR_TRUE);
           }
           return rv;
       }
       dest->privateKey = encVal;
   }
   rv = cmmf_copy_secitem(poolp, &dest->derPublicationInfo,
                          &src->derPublicationInfo);
   return rv;
}

SECStatus
cmmf_CopyPKIStatusInfo(PLArenaPool *poolp, CMMFPKIStatusInfo *dest,
                      CMMFPKIStatusInfo *src)
{
   SECStatus rv;

   rv = cmmf_copy_secitem(poolp, &dest->status, &src->status);
   if (rv != SECSuccess) {
       return rv;
   }
   rv = cmmf_copy_secitem(poolp, &dest->statusString, &src->statusString);
   if (rv != SECSuccess) {
       return rv;
   }
   rv = cmmf_copy_secitem(poolp, &dest->failInfo, &src->failInfo);
   return rv;
}

CERTCertificate *
cmmf_CertOrEncCertGetCertificate(CMMFCertOrEncCert *certOrEncCert,
                                CERTCertDBHandle *certdb)
{
   if (certOrEncCert->choice != cmmfCertificate ||
       certOrEncCert->cert.certificate == NULL) {
       return NULL;
   }
   return CERT_NewTempCertificate(certdb,
                                  &certOrEncCert->cert.certificate->derCert,
                                  NULL, PR_FALSE, PR_TRUE);
}

SECStatus
cmmf_PKIStatusInfoSetStatus(CMMFPKIStatusInfo *statusInfo,
                           PLArenaPool *poolp,
                           CMMFPKIStatus inStatus)
{
   SECItem *dummy;

   if (inStatus < cmmfGranted || inStatus >= cmmfNumPKIStatus) {
       return SECFailure;
   }

   dummy = SEC_ASN1EncodeInteger(poolp, &statusInfo->status, inStatus);
   PORT_Assert(dummy == &statusInfo->status);
   if (dummy != &statusInfo->status) {
       SECITEM_FreeItem(dummy, PR_TRUE);
       return SECFailure;
   }
   return SECSuccess;
}