summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/certhigh/crlv2.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /security/nss/lib/certhigh/crlv2.c
parentInitial commit. (diff)
downloadfirefox-esr-upstream.tar.xz
firefox-esr-upstream.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/lib/certhigh/crlv2.c')
-rw-r--r--security/nss/lib/certhigh/crlv2.c160
1 files changed, 160 insertions, 0 deletions
diff --git a/security/nss/lib/certhigh/crlv2.c b/security/nss/lib/certhigh/crlv2.c
new file mode 100644
index 0000000000..d58d4e083b
--- /dev/null
+++ b/security/nss/lib/certhigh/crlv2.c
@@ -0,0 +1,160 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Code for dealing with x.509 v3 crl and crl entries extensions.
+ */
+
+#include "cert.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "secoidt.h"
+#include "secder.h"
+#include "secasn1.h"
+#include "certxutl.h"
+
+SECStatus
+CERT_FindCRLExtensionByOID(CERTCrl *crl, SECItem *oid, SECItem *value)
+{
+ return (cert_FindExtensionByOID(crl->extensions, oid, value));
+}
+
+SECStatus
+CERT_FindCRLExtension(CERTCrl *crl, int tag, SECItem *value)
+{
+ return (cert_FindExtension(crl->extensions, tag, value));
+}
+
+/* Callback to set extensions and adjust verison */
+static void
+SetCrlExts(void *object, CERTCertExtension **exts)
+{
+ CERTCrl *crl = (CERTCrl *)object;
+
+ crl->extensions = exts;
+ DER_SetUInteger(crl->arena, &crl->version, SEC_CRL_VERSION_2);
+}
+
+void *
+CERT_StartCRLExtensions(CERTCrl *crl)
+{
+ return (cert_StartExtensions((void *)crl, crl->arena, SetCrlExts));
+}
+
+static void
+SetCrlEntryExts(void *object, CERTCertExtension **exts)
+{
+ CERTCrlEntry *crlEntry = (CERTCrlEntry *)object;
+
+ crlEntry->extensions = exts;
+}
+
+void *
+CERT_StartCRLEntryExtensions(CERTCrl *crl, CERTCrlEntry *entry)
+{
+ return (cert_StartExtensions(entry, crl->arena, SetCrlEntryExts));
+}
+
+SECStatus
+CERT_FindCRLNumberExten(PLArenaPool *arena, CERTCrl *crl,
+ SECItem *value)
+{
+ SECItem encodedExtenValue;
+ SECItem *tmpItem = NULL;
+ SECStatus rv;
+ void *mark = NULL;
+
+ encodedExtenValue.data = NULL;
+ encodedExtenValue.len = 0;
+
+ rv = cert_FindExtension(crl->extensions, SEC_OID_X509_CRL_NUMBER,
+ &encodedExtenValue);
+ if (rv != SECSuccess)
+ return (rv);
+
+ mark = PORT_ArenaMark(arena);
+
+ tmpItem = SECITEM_ArenaDupItem(arena, &encodedExtenValue);
+ if (tmpItem) {
+ rv = SEC_QuickDERDecodeItem(arena, value,
+ SEC_ASN1_GET(SEC_IntegerTemplate),
+ tmpItem);
+ } else {
+ rv = SECFailure;
+ }
+
+ PORT_Free(encodedExtenValue.data);
+ if (rv == SECFailure) {
+ PORT_ArenaRelease(arena, mark);
+ } else {
+ PORT_ArenaUnmark(arena, mark);
+ }
+ return (rv);
+}
+
+SECStatus
+CERT_FindCRLEntryReasonExten(CERTCrlEntry *crlEntry,
+ CERTCRLEntryReasonCode *value)
+{
+ SECItem wrapperItem = { siBuffer, 0 };
+ SECItem tmpItem = { siBuffer, 0 };
+ SECStatus rv;
+ PLArenaPool *arena = NULL;
+
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (!arena) {
+ return (SECFailure);
+ }
+
+ rv = cert_FindExtension(crlEntry->extensions, SEC_OID_X509_REASON_CODE,
+ &wrapperItem);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+
+ rv = SEC_QuickDERDecodeItem(arena, &tmpItem,
+ SEC_ASN1_GET(SEC_EnumeratedTemplate),
+ &wrapperItem);
+
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+
+ *value = (CERTCRLEntryReasonCode)DER_GetInteger(&tmpItem);
+
+loser:
+ if (arena) {
+ PORT_FreeArena(arena, PR_FALSE);
+ }
+
+ if (wrapperItem.data) {
+ PORT_Free(wrapperItem.data);
+ }
+
+ return (rv);
+}
+
+SECStatus
+CERT_FindInvalidDateExten(CERTCrl *crl, PRTime *value)
+{
+ SECItem encodedExtenValue;
+ SECItem decodedExtenValue = { siBuffer, 0 };
+ SECStatus rv;
+
+ encodedExtenValue.data = decodedExtenValue.data = NULL;
+ encodedExtenValue.len = decodedExtenValue.len = 0;
+
+ rv = cert_FindExtension(crl->extensions, SEC_OID_X509_INVALID_DATE, &encodedExtenValue);
+ if (rv != SECSuccess)
+ return (rv);
+
+ rv = SEC_ASN1DecodeItem(NULL, &decodedExtenValue,
+ SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
+ &encodedExtenValue);
+ if (rv == SECSuccess)
+ rv = DER_GeneralizedTimeToTime(value, &encodedExtenValue);
+ PORT_Free(decodedExtenValue.data);
+ PORT_Free(encodedExtenValue.data);
+ return (rv);
+}