summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/util/pkcs11uri.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:47:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:47:29 +0000
commit0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d (patch)
treea31f07c9bcca9d56ce61e9a1ffd30ef350d513aa /security/nss/lib/util/pkcs11uri.c
parentInitial commit. (diff)
downloadfirefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.tar.xz
firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.zip
Adding upstream version 115.8.0esr.upstream/115.8.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/lib/util/pkcs11uri.c')
-rw-r--r--security/nss/lib/util/pkcs11uri.c867
1 files changed, 867 insertions, 0 deletions
diff --git a/security/nss/lib/util/pkcs11uri.c b/security/nss/lib/util/pkcs11uri.c
new file mode 100644
index 0000000000..e0c4077a3d
--- /dev/null
+++ b/security/nss/lib/util/pkcs11uri.c
@@ -0,0 +1,867 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pkcs11.h"
+#include "pkcs11uri.h"
+#include "plarena.h"
+#include "prprf.h"
+#include "secport.h"
+
+/* Character sets used in the ABNF rules in RFC7512. */
+#define PK11URI_DIGIT "0123456789"
+#define PK11URI_ALPHA "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+#define PK11URI_HEXDIG PK11URI_DIGIT "abcdefABCDEF"
+#define PK11URI_UNRESERVED PK11URI_ALPHA PK11URI_DIGIT "-._~"
+#define PK11URI_RES_AVAIL ":[]@!$'()*+,="
+#define PK11URI_PATH_RES_AVAIL PK11URI_RES_AVAIL "&"
+#define PK11URI_QUERY_RES_AVAIL PK11URI_RES_AVAIL "/?|"
+#define PK11URI_ATTR_NM_CHAR PK11URI_ALPHA PK11URI_DIGIT "-_"
+#define PK11URI_PCHAR PK11URI_UNRESERVED PK11URI_PATH_RES_AVAIL
+#define PK11URI_QCHAR PK11URI_UNRESERVED PK11URI_QUERY_RES_AVAIL
+
+/* Path attributes defined in RFC7512. */
+static const char *pattr_names[] = {
+ PK11URI_PATTR_TOKEN,
+ PK11URI_PATTR_MANUFACTURER,
+ PK11URI_PATTR_SERIAL,
+ PK11URI_PATTR_MODEL,
+ PK11URI_PATTR_LIBRARY_MANUFACTURER,
+ PK11URI_PATTR_LIBRARY_DESCRIPTION,
+ PK11URI_PATTR_LIBRARY_VERSION,
+ PK11URI_PATTR_OBJECT,
+ PK11URI_PATTR_TYPE,
+ PK11URI_PATTR_ID,
+ PK11URI_PATTR_SLOT_MANUFACTURER,
+ PK11URI_PATTR_SLOT_DESCRIPTION,
+ PK11URI_PATTR_SLOT_ID
+};
+
+/* Query attributes defined in RFC7512. */
+static const char *qattr_names[] = {
+ PK11URI_QATTR_PIN_SOURCE,
+ PK11URI_QATTR_PIN_VALUE,
+ PK11URI_QATTR_MODULE_NAME,
+ PK11URI_QATTR_MODULE_PATH
+};
+
+struct PK11URIBufferStr {
+ PLArenaPool *arena;
+ unsigned char *data;
+ size_t size;
+ size_t allocated;
+};
+typedef struct PK11URIBufferStr PK11URIBuffer;
+
+struct PK11URIAttributeListEntryStr {
+ char *name;
+ SECItem value;
+};
+typedef struct PK11URIAttributeListEntryStr PK11URIAttributeListEntry;
+
+struct PK11URIAttributeListStr {
+ PLArenaPool *arena;
+ PK11URIAttributeListEntry *attrs;
+ size_t num_attrs;
+};
+typedef struct PK11URIAttributeListStr PK11URIAttributeList;
+
+struct PK11URIStr {
+ PLArenaPool *arena;
+
+ PK11URIAttributeList pattrs;
+ PK11URIAttributeList vpattrs;
+
+ PK11URIAttributeList qattrs;
+ PK11URIAttributeList vqattrs;
+};
+
+#define PK11URI_ARENA_SIZE 1024
+
+typedef int (*PK11URIAttributeCompareNameFunc)(const char *a, const char *b);
+
+/* This belongs in secport.h */
+#define PORT_ArenaGrowArray(poolp, oldptr, type, oldnum, newnum) \
+ (type *)PORT_ArenaGrow((poolp), (oldptr), \
+ (oldnum) * sizeof(type), (newnum) * sizeof(type))
+#define PORT_ReallocArray(oldptr, type, newnum) \
+ (type *)PORT_Realloc((oldptr), (newnum) * sizeof(type))
+
+/* Functions for resizable buffer. */
+static SECStatus
+pk11uri_AppendBuffer(PK11URIBuffer *buffer, const unsigned char *data,
+ size_t size)
+{
+ /* Check overflow. */
+ if (buffer->size + size < buffer->size)
+ return SECFailure;
+
+ if (buffer->size + size > buffer->allocated) {
+ size_t allocated = buffer->allocated * 2 + size;
+ if (allocated < buffer->allocated)
+ return SECFailure;
+ if (buffer->arena)
+ buffer->data = PORT_ArenaGrow(buffer->arena, buffer->data,
+ buffer->allocated, allocated);
+ else
+ buffer->data = PORT_Realloc(buffer->data, allocated);
+ if (buffer->data == NULL)
+ return SECFailure;
+ buffer->allocated = allocated;
+ }
+
+ memcpy(&buffer->data[buffer->size], data, size);
+ buffer->size += size;
+
+ return SECSuccess;
+}
+
+static void
+pk11uri_InitBuffer(PK11URIBuffer *buffer, PLArenaPool *arena)
+{
+ memset(buffer, 0, sizeof(PK11URIBuffer));
+ buffer->arena = arena;
+}
+
+static void
+pk11uri_DestroyBuffer(PK11URIBuffer *buffer)
+{
+ if (buffer->arena == NULL) {
+ PORT_Free(buffer->data);
+ }
+}
+
+/* URI encoding functions. */
+static char *
+pk11uri_Escape(PLArenaPool *arena, const unsigned char *value, size_t length,
+ const char *available)
+{
+ PK11URIBuffer buffer;
+ const unsigned char *p;
+ unsigned char buf[4];
+ char *result = NULL;
+ SECStatus ret;
+
+ pk11uri_InitBuffer(&buffer, arena);
+
+ for (p = value; p < value + length; p++) {
+ if (strchr(available, *p) == NULL) {
+ if (PR_snprintf((char *)buf, sizeof(buf), "%%%02X", *p) == (PRUint32)-1) {
+ goto fail;
+ }
+ ret = pk11uri_AppendBuffer(&buffer, buf, 3);
+ if (ret != SECSuccess) {
+ goto fail;
+ }
+ } else {
+ ret = pk11uri_AppendBuffer(&buffer, p, 1);
+ if (ret != SECSuccess) {
+ goto fail;
+ }
+ }
+ }
+ buf[0] = '\0';
+ ret = pk11uri_AppendBuffer(&buffer, buf, 1);
+ if (ret != SECSuccess) {
+ goto fail;
+ }
+
+ /* Steal the memory allocated in buffer. */
+ result = (char *)buffer.data;
+ buffer.data = NULL;
+
+fail:
+ pk11uri_DestroyBuffer(&buffer);
+
+ return result;
+}
+
+static unsigned char *
+pk11uri_Unescape(PLArenaPool *arena, const char *value, size_t *length)
+{
+ PK11URIBuffer buffer;
+ const char *p;
+ unsigned char buf[1];
+ unsigned char *result = NULL;
+ SECStatus ret;
+
+ pk11uri_InitBuffer(&buffer, arena);
+
+ for (p = value; p < value + *length; p++) {
+ if (*p == '%') {
+ int c;
+ size_t i;
+
+ p++;
+ for (c = 0, i = 0; i < 2; i++) {
+ int h = *(p + i);
+ if ('0' <= h && h <= '9') {
+ c = (c << 4) | (h - '0');
+ } else if ('a' <= h && h <= 'f') {
+ c = (c << 4) | (h - 'a' + 10);
+ } else if ('A' <= h && h <= 'F') {
+ c = (c << 4) | (h - 'A' + 10);
+ } else {
+ break;
+ }
+ }
+ if (i != 2) {
+ goto fail;
+ }
+ p++;
+ buf[0] = c;
+ } else {
+ buf[0] = *p;
+ }
+ ret = pk11uri_AppendBuffer(&buffer, buf, 1);
+ if (ret != SECSuccess) {
+ goto fail;
+ }
+ }
+ *length = buffer.size;
+ buf[0] = '\0';
+ ret = pk11uri_AppendBuffer(&buffer, buf, 1);
+ if (ret != SECSuccess) {
+ goto fail;
+ }
+
+ result = buffer.data;
+ buffer.data = NULL;
+
+fail:
+ pk11uri_DestroyBuffer(&buffer);
+
+ return result;
+}
+
+/* Functions for manipulating attributes array. */
+
+/* Compare two attribute names by the array index in attr_names. Both
+ * attribute names must be present in attr_names, otherwise it is a
+ * programming error. */
+static int
+pk11uri_CompareByPosition(const char *a, const char *b,
+ const char **attr_names, size_t num_attr_names)
+{
+ size_t i, j;
+
+ for (i = 0; i < num_attr_names; i++) {
+ if (strcmp(a, attr_names[i]) == 0) {
+ break;
+ }
+ }
+ PR_ASSERT(i < num_attr_names);
+
+ for (j = 0; j < num_attr_names; j++) {
+ if (strcmp(b, attr_names[j]) == 0) {
+ break;
+ }
+ }
+ PR_ASSERT(j < num_attr_names);
+
+ return i - j;
+}
+
+/* Those pk11uri_Compare{Path,Query}AttributeName functions are used
+ * to reorder attributes when inserting. */
+static int
+pk11uri_ComparePathAttributeName(const char *a, const char *b)
+{
+ return pk11uri_CompareByPosition(a, b, pattr_names, PR_ARRAY_SIZE(pattr_names));
+}
+
+static int
+pk11uri_CompareQueryAttributeName(const char *a, const char *b)
+{
+ return pk11uri_CompareByPosition(a, b, qattr_names, PR_ARRAY_SIZE(qattr_names));
+}
+
+static SECStatus
+pk11uri_InsertToAttributeList(PK11URIAttributeList *attrs,
+ char *name, unsigned char *value, size_t size,
+ PK11URIAttributeCompareNameFunc compare_name,
+ PRBool allow_duplicate)
+{
+ size_t i;
+
+ if (attrs->arena) {
+ attrs->attrs = PORT_ArenaGrowArray(attrs->arena, attrs->attrs,
+ PK11URIAttributeListEntry,
+ attrs->num_attrs,
+ attrs->num_attrs + 1);
+ } else {
+ attrs->attrs = PORT_ReallocArray(attrs->attrs,
+ PK11URIAttributeListEntry,
+ attrs->num_attrs + 1);
+ }
+ if (attrs->attrs == NULL) {
+ return SECFailure;
+ }
+
+ for (i = 0; i < attrs->num_attrs; i++) {
+ if (!allow_duplicate && strcmp(name, attrs->attrs[i].name) == 0) {
+ return SECFailure;
+ }
+ if (compare_name(name, attrs->attrs[i].name) < 0) {
+ memmove(&attrs->attrs[i + 1], &attrs->attrs[i],
+ sizeof(PK11URIAttributeListEntry) * (attrs->num_attrs - i));
+ break;
+ }
+ }
+
+ attrs->attrs[i].name = name;
+ attrs->attrs[i].value.type = siBuffer;
+ attrs->attrs[i].value.data = value;
+ attrs->attrs[i].value.len = size;
+
+ attrs->num_attrs++;
+
+ return SECSuccess;
+}
+
+static SECStatus
+pk11uri_InsertToAttributeListEscaped(PK11URIAttributeList *attrs,
+ const char *name, size_t name_size,
+ const char *value, size_t value_size,
+ PK11URIAttributeCompareNameFunc compare_name,
+ PRBool allow_duplicate)
+{
+ char *name_copy = NULL;
+ unsigned char *value_copy = NULL;
+ SECStatus ret;
+
+ if (attrs->arena) {
+ name_copy = PORT_ArenaNewArray(attrs->arena, char, name_size + 1);
+ } else {
+ name_copy = PORT_Alloc(name_size + 1);
+ }
+ if (name_copy == NULL) {
+ goto fail;
+ }
+ memcpy(name_copy, name, name_size);
+ name_copy[name_size] = '\0';
+
+ value_copy = pk11uri_Unescape(attrs->arena, value, &value_size);
+ if (value_copy == NULL) {
+ goto fail;
+ }
+
+ ret = pk11uri_InsertToAttributeList(attrs, name_copy, value_copy, value_size,
+ compare_name, allow_duplicate);
+ if (ret != SECSuccess) {
+ goto fail;
+ }
+
+ return ret;
+
+fail:
+ if (attrs->arena == NULL) {
+ PORT_Free(name_copy);
+ PORT_Free(value_copy);
+ }
+
+ return SECFailure;
+}
+
+static void
+pk11uri_InitAttributeList(PK11URIAttributeList *attrs, PLArenaPool *arena)
+{
+ memset(attrs, 0, sizeof(PK11URIAttributeList));
+ attrs->arena = arena;
+}
+
+static void
+pk11uri_DestroyAttributeList(PK11URIAttributeList *attrs)
+{
+ if (attrs->arena == NULL) {
+ size_t i;
+
+ for (i = 0; i < attrs->num_attrs; i++) {
+ PORT_Free(attrs->attrs[i].name);
+ PORT_Free(attrs->attrs[i].value.data);
+ }
+ PORT_Free(attrs->attrs);
+ }
+}
+
+static SECStatus
+pk11uri_AppendAttributeListToBuffer(PK11URIBuffer *buffer,
+ PK11URIAttributeList *attrs,
+ int separator,
+ const char *unescaped)
+{
+ size_t i;
+ SECStatus ret;
+
+ for (i = 0; i < attrs->num_attrs; i++) {
+ unsigned char sep[1];
+ char *escaped;
+ PK11URIAttributeListEntry *attr = &attrs->attrs[i];
+
+ if (i > 0) {
+ sep[0] = separator;
+ ret = pk11uri_AppendBuffer(buffer, sep, 1);
+ if (ret != SECSuccess) {
+ return ret;
+ }
+ }
+
+ ret = pk11uri_AppendBuffer(buffer, (unsigned char *)attr->name,
+ strlen(attr->name));
+ if (ret != SECSuccess) {
+ return ret;
+ }
+
+ sep[0] = '=';
+ ret = pk11uri_AppendBuffer(buffer, sep, 1);
+ if (ret != SECSuccess) {
+ return ret;
+ }
+
+ escaped = pk11uri_Escape(buffer->arena, attr->value.data, attr->value.len,
+ unescaped);
+ if (escaped == NULL) {
+ return ret;
+ }
+ ret = pk11uri_AppendBuffer(buffer, (unsigned char *)escaped,
+ strlen(escaped));
+ if (buffer->arena == NULL) {
+ PORT_Free(escaped);
+ }
+ if (ret != SECSuccess) {
+ return ret;
+ }
+ }
+
+ return SECSuccess;
+}
+
+/* Creation of PK11URI object. */
+static PK11URI *
+pk11uri_AllocURI(void)
+{
+ PLArenaPool *arena;
+ PK11URI *result;
+
+ arena = PORT_NewArena(PK11URI_ARENA_SIZE);
+ if (arena == NULL) {
+ return NULL;
+ }
+
+ result = PORT_ArenaZAlloc(arena, sizeof(PK11URI));
+ if (result == NULL) {
+ PORT_FreeArena(arena, PR_FALSE);
+ return NULL;
+ }
+
+ result->arena = arena;
+ pk11uri_InitAttributeList(&result->pattrs, arena);
+ pk11uri_InitAttributeList(&result->vpattrs, arena);
+ pk11uri_InitAttributeList(&result->qattrs, arena);
+ pk11uri_InitAttributeList(&result->vqattrs, arena);
+
+ return result;
+}
+
+static SECStatus
+pk11uri_InsertAttributes(PK11URIAttributeList *dest_attrs,
+ PK11URIAttributeList *dest_vattrs,
+ const PK11URIAttribute *attrs,
+ size_t num_attrs,
+ const char **attr_names,
+ size_t num_attr_names,
+ PK11URIAttributeCompareNameFunc compare_name,
+ PRBool allow_duplicate,
+ PRBool vendor_allow_duplicate)
+{
+ SECStatus ret;
+ size_t i;
+
+ for (i = 0; i < num_attrs; i++) {
+ char *name, *value;
+ const char *p;
+ size_t j;
+
+ p = attrs[i].name;
+
+ /* The attribute must not be empty. */
+ if (*p == '\0') {
+ return SECFailure;
+ }
+
+ /* Check that the name doesn't contain invalid character. */
+ for (; *p != '\0'; p++) {
+ if (strchr(PK11URI_ATTR_NM_CHAR, *p) == NULL) {
+ return SECFailure;
+ }
+ }
+
+ name = PORT_ArenaStrdup(dest_attrs->arena, attrs[i].name);
+ if (name == NULL) {
+ return SECFailure;
+ }
+
+ value = PORT_ArenaStrdup(dest_attrs->arena, attrs[i].value);
+ if (value == NULL) {
+ return SECFailure;
+ }
+
+ for (j = 0; j < num_attr_names; j++) {
+ if (strcmp(name, attr_names[j]) == 0) {
+ break;
+ }
+ }
+ if (j < num_attr_names) {
+ /* Named attribute. */
+ ret = pk11uri_InsertToAttributeList(dest_attrs,
+ name,
+ (unsigned char *)value,
+ strlen(value),
+ compare_name,
+ allow_duplicate);
+ if (ret != SECSuccess) {
+ return ret;
+ }
+ } else {
+ /* Vendor attribute. */
+ ret = pk11uri_InsertToAttributeList(dest_vattrs,
+ name,
+ (unsigned char *)value,
+ strlen(value),
+ strcmp,
+ vendor_allow_duplicate);
+ if (ret != SECSuccess) {
+ return ret;
+ }
+ }
+ }
+
+ return SECSuccess;
+}
+
+PK11URI *
+PK11URI_CreateURI(const PK11URIAttribute *pattrs,
+ size_t num_pattrs,
+ const PK11URIAttribute *qattrs,
+ size_t num_qattrs)
+{
+ PK11URI *result;
+ SECStatus ret;
+
+ result = pk11uri_AllocURI();
+
+ ret = pk11uri_InsertAttributes(&result->pattrs, &result->vpattrs,
+ pattrs, num_pattrs,
+ pattr_names, PR_ARRAY_SIZE(pattr_names),
+ pk11uri_ComparePathAttributeName,
+ PR_FALSE, PR_FALSE);
+ if (ret != SECSuccess) {
+ goto fail;
+ }
+
+ ret = pk11uri_InsertAttributes(&result->qattrs, &result->vqattrs,
+ qattrs, num_qattrs,
+ qattr_names, PR_ARRAY_SIZE(qattr_names),
+ pk11uri_CompareQueryAttributeName,
+ PR_FALSE, PR_TRUE);
+ if (ret != SECSuccess) {
+ goto fail;
+ }
+
+ return result;
+
+fail:
+ PK11URI_DestroyURI(result);
+
+ return NULL;
+}
+
+/* Parsing. */
+static SECStatus
+pk11uri_ParseAttributes(const char **string,
+ const char *stop_chars,
+ int separator,
+ const char *accept_chars,
+ const char **attr_names, size_t num_attr_names,
+ PK11URIAttributeList *attrs,
+ PK11URIAttributeList *vattrs,
+ PK11URIAttributeCompareNameFunc compare_name,
+ PRBool allow_duplicate,
+ PRBool vendor_allow_duplicate)
+{
+ const char *p = *string;
+
+ for (; *p != '\0'; p++) {
+ const char *name_start, *name_end, *value_start, *value_end;
+ size_t name_length, value_length, i;
+ SECStatus ret;
+
+ if (strchr(stop_chars, *p) != NULL) {
+ break;
+ }
+ for (name_start = p; *p != '=' && *p != '\0'; p++) {
+ if (strchr(PK11URI_ATTR_NM_CHAR, *p) != NULL)
+ continue;
+
+ return SECFailure;
+ }
+ if (*p == '\0') {
+ return SECFailure;
+ }
+ name_end = p++;
+
+ /* The attribute name must not be empty. */
+ if (name_end == name_start) {
+ return SECFailure;
+ }
+
+ for (value_start = p; *p != separator && *p != '\0'; p++) {
+ if (strchr(stop_chars, *p) != NULL) {
+ break;
+ }
+ if (strchr(accept_chars, *p) != NULL) {
+ continue;
+ }
+ if (*p == '%') {
+ const char ch2 = *++p;
+ if (strchr(PK11URI_HEXDIG, ch2) != NULL) {
+ const char ch3 = *++p;
+ if (strchr(PK11URI_HEXDIG, ch3) != NULL)
+ continue;
+ }
+ }
+
+ return SECFailure;
+ }
+ value_end = p;
+
+ name_length = name_end - name_start;
+ value_length = value_end - value_start;
+
+ for (i = 0; i < num_attr_names; i++) {
+ if (name_length == strlen(attr_names[i]) &&
+ memcmp(name_start, attr_names[i], name_length) == 0) {
+ break;
+ }
+ }
+ if (i < num_attr_names) {
+ /* Named attribute. */
+ ret = pk11uri_InsertToAttributeListEscaped(attrs,
+ name_start, name_length,
+ value_start, value_length,
+ compare_name,
+ allow_duplicate);
+ if (ret != SECSuccess) {
+ return ret;
+ }
+ } else {
+ /* Vendor attribute. */
+ ret = pk11uri_InsertToAttributeListEscaped(vattrs,
+ name_start, name_length,
+ value_start, value_length,
+ strcmp,
+ vendor_allow_duplicate);
+ if (ret != SECSuccess) {
+ return ret;
+ }
+ }
+
+ if (*p == '?' || *p == '\0') {
+ break;
+ }
+ }
+
+ *string = p;
+ return SECSuccess;
+}
+
+PK11URI *
+PK11URI_ParseURI(const char *string)
+{
+ PK11URI *result;
+ const char *p = string;
+ SECStatus ret;
+
+ if (PORT_Strncasecmp("pkcs11:", p, 7) != 0) {
+ return NULL;
+ }
+ p += 7;
+
+ result = pk11uri_AllocURI();
+ if (result == NULL) {
+ return NULL;
+ }
+
+ /* Parse the path component and its attributes. */
+ ret = pk11uri_ParseAttributes(&p, "?", ';', PK11URI_PCHAR,
+ pattr_names, PR_ARRAY_SIZE(pattr_names),
+ &result->pattrs, &result->vpattrs,
+ pk11uri_ComparePathAttributeName,
+ PR_FALSE, PR_FALSE);
+ if (ret != SECSuccess) {
+ goto fail;
+ }
+
+ /* Parse the query component and its attributes. */
+ if (*p == '?') {
+ p++;
+ ret = pk11uri_ParseAttributes(&p, "", '&', PK11URI_QCHAR,
+ qattr_names, PR_ARRAY_SIZE(qattr_names),
+ &result->qattrs, &result->vqattrs,
+ pk11uri_CompareQueryAttributeName,
+ PR_FALSE, PR_TRUE);
+ if (ret != SECSuccess) {
+ goto fail;
+ }
+ }
+
+ return result;
+
+fail:
+ PK11URI_DestroyURI(result);
+
+ return NULL;
+}
+
+/* Formatting. */
+char *
+PK11URI_FormatURI(PLArenaPool *arena, PK11URI *uri)
+{
+ PK11URIBuffer buffer;
+ SECStatus ret;
+ char *result = NULL;
+
+ pk11uri_InitBuffer(&buffer, arena);
+
+ ret = pk11uri_AppendBuffer(&buffer, (unsigned char *)"pkcs11:", 7);
+ if (ret != SECSuccess)
+ goto fail;
+
+ ret = pk11uri_AppendAttributeListToBuffer(&buffer, &uri->pattrs, ';', PK11URI_PCHAR);
+ if (ret != SECSuccess) {
+ goto fail;
+ }
+
+ if (uri->pattrs.num_attrs > 0 && uri->vpattrs.num_attrs > 0) {
+ ret = pk11uri_AppendBuffer(&buffer, (unsigned char *)";", 1);
+ if (ret != SECSuccess) {
+ goto fail;
+ }
+ }
+
+ ret = pk11uri_AppendAttributeListToBuffer(&buffer, &uri->vpattrs, ';',
+ PK11URI_PCHAR);
+ if (ret != SECSuccess) {
+ goto fail;
+ }
+
+ if (uri->qattrs.num_attrs > 0 || uri->vqattrs.num_attrs > 0) {
+ ret = pk11uri_AppendBuffer(&buffer, (unsigned char *)"?", 1);
+ if (ret != SECSuccess) {
+ goto fail;
+ }
+ }
+
+ ret = pk11uri_AppendAttributeListToBuffer(&buffer, &uri->qattrs, '&', PK11URI_QCHAR);
+ if (ret != SECSuccess) {
+ goto fail;
+ }
+
+ if (uri->qattrs.num_attrs > 0 && uri->vqattrs.num_attrs > 0) {
+ ret = pk11uri_AppendBuffer(&buffer, (unsigned char *)"&", 1);
+ if (ret != SECSuccess) {
+ goto fail;
+ }
+ }
+
+ ret = pk11uri_AppendAttributeListToBuffer(&buffer, &uri->vqattrs, '&',
+ PK11URI_QCHAR);
+ if (ret != SECSuccess) {
+ goto fail;
+ }
+
+ ret = pk11uri_AppendBuffer(&buffer, (unsigned char *)"\0", 1);
+ if (ret != SECSuccess) {
+ goto fail;
+ }
+
+ result = (char *)buffer.data;
+ buffer.data = NULL;
+
+fail:
+ pk11uri_DestroyBuffer(&buffer);
+
+ return result;
+}
+
+/* Deallocating. */
+void
+PK11URI_DestroyURI(PK11URI *uri)
+{
+ pk11uri_DestroyAttributeList(&uri->pattrs);
+ pk11uri_DestroyAttributeList(&uri->vpattrs);
+ pk11uri_DestroyAttributeList(&uri->qattrs);
+ pk11uri_DestroyAttributeList(&uri->vqattrs);
+ PORT_FreeArena(uri->arena, PR_FALSE);
+}
+
+/* Accessors. */
+static const SECItem *
+pk11uri_GetAttribute(PK11URIAttributeList *attrs,
+ PK11URIAttributeList *vattrs,
+ const char *name)
+{
+ size_t i;
+
+ for (i = 0; i < attrs->num_attrs; i++) {
+ if (strcmp(name, attrs->attrs[i].name) == 0) {
+ return &attrs->attrs[i].value;
+ }
+ }
+
+ for (i = 0; i < vattrs->num_attrs; i++) {
+ if (strcmp(name, vattrs->attrs[i].name) == 0) {
+ return &vattrs->attrs[i].value;
+ }
+ }
+
+ return NULL;
+}
+
+const SECItem *
+PK11URI_GetPathAttributeItem(PK11URI *uri, const char *name)
+{
+ return pk11uri_GetAttribute(&uri->pattrs, &uri->vpattrs, name);
+}
+
+const char *
+PK11URI_GetPathAttribute(PK11URI *uri, const char *name)
+{
+ const SECItem *value;
+
+ value = PK11URI_GetPathAttributeItem(uri, name);
+ if (!value) {
+ return NULL;
+ }
+
+ return (const char *)value->data;
+}
+
+const SECItem *
+PK11URI_GetQueryAttributeItem(PK11URI *uri, const char *name)
+{
+ return pk11uri_GetAttribute(&uri->qattrs, &uri->vqattrs, name);
+}
+
+const char *
+PK11URI_GetQueryAttribute(PK11URI *uri, const char *name)
+{
+ const SECItem *value;
+
+ value = PK11URI_GetQueryAttributeItem(uri, name);
+ if (!value) {
+ return NULL;
+ }
+
+ return (const char *)value->data;
+}