| /* This Source Code Form is subject to the terms of the Mozilla Public |
| * License, v. 2.0. If a copy of the MPL was not distributed with this |
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| |
| #include "plarena.h" |
| #include "secitem.h" |
| #include "secoid.h" |
| #include "seccomon.h" |
| #include "secport.h" |
| #include "cert.h" |
| #include "pkcs12.h" |
| #include "p12local.h" |
| #include "secpkcs7.h" |
| #include "secasn1.h" |
| #include "secerr.h" |
| #include "p12plcy.h" |
| |
| /* release the memory taken up by the list of nicknames */ |
| static void |
| sec_pkcs12_destroy_nickname_list(SECItem **nicknames) |
| { |
| int i = 0; |
| |
| if (nicknames == NULL) { |
| return; |
| } |
| |
| while (nicknames[i] != NULL) { |
| SECITEM_FreeItem(nicknames[i], PR_FALSE); |
| i++; |
| } |
| |
| PORT_Free(nicknames); |
| } |
| |
| /* release the memory taken up by the list of certificates */ |
| static void |
| sec_pkcs12_destroy_certificate_list(CERTCertificate **ref_certs) |
| { |
| int i = 0; |
| |
| if (ref_certs == NULL) { |
| return; |
| } |
| |
| while (ref_certs[i] != NULL) { |
| CERT_DestroyCertificate(ref_certs[i]); |
| i++; |
| } |
| } |
| |
| static void |
| sec_pkcs12_destroy_cinfos_for_cert_bags(SEC_PKCS12CertAndCRLBag *certBag) |
| { |
| int j = 0; |
| j = 0; |
| while (certBag->certAndCRLs[j] != NULL) { |
| SECOidTag certType = SECOID_FindOIDTag(&certBag->certAndCRLs[j]->BagID); |
| if (certType == SEC_OID_PKCS12_X509_CERT_CRL_BAG) { |
| SEC_PKCS12X509CertCRL *x509; |
| x509 = certBag->certAndCRLs[j]->value.x509; |
| SEC_PKCS7DestroyContentInfo(&x509->certOrCRL); |
| } |
| j++; |
| } |
| } |
| |
| /* destroy all content infos since they were not allocated in common |
| * pool |
| */ |
| static void |
| sec_pkcs12_destroy_cert_content_infos(SEC_PKCS12SafeContents *safe, |
| SEC_PKCS12Baggage *baggage) |
| { |
| int i, j; |
| |
| if ((safe != NULL) && (safe->contents != NULL)) { |
| i = 0; |
| while (safe->contents[i] != NULL) { |
| SECOidTag bagType = SECOID_FindOIDTag(&safe->contents[i]->safeBagType); |
| if (bagType == SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID) { |
| SEC_PKCS12CertAndCRLBag *certBag; |
| certBag = safe->contents[i]->safeContent.certAndCRLBag; |
| sec_pkcs12_destroy_cinfos_for_cert_bags(certBag); |
| } |
| i++; |
| } |
| } |
| |
| if ((baggage != NULL) && (baggage->bags != NULL)) { |
| i = 0; |
| while (baggage->bags[i] != NULL) { |
| if (baggage->bags[i]->unencSecrets != NULL) { |
| j = 0; |
| while (baggage->bags[i]->unencSecrets[j] != NULL) { |
| SECOidTag bagType; |
| bagType = SECOID_FindOIDTag(&baggage->bags[i]->unencSecrets[j]->safeBagType); |
| if (bagType == SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID) { |
| SEC_PKCS12CertAndCRLBag *certBag; |
| certBag = baggage->bags[i]->unencSecrets[j]->safeContent.certAndCRLBag; |
| sec_pkcs12_destroy_cinfos_for_cert_bags(certBag); |
| } |
| j++; |
| } |
| } |
| i++; |
| } |
| } |
| } |
| |
| /* convert the nickname list from a NULL termincated Char list |
| * to a NULL terminated SECItem list |
| */ |
| static SECItem ** |
| sec_pkcs12_convert_nickname_list(char **nicknames) |
| { |
| SECItem **nicks; |
| int i, j; |
| PRBool error = PR_FALSE; |
| |
| if (nicknames == NULL) { |
| return NULL; |
| } |
| |
| i = j = 0; |
| while (nicknames[i] != NULL) { |
| i++; |
| } |
| |
| /* allocate the space and copy the data */ |
| nicks = (SECItem **)PORT_ZAlloc(sizeof(SECItem *) * (i + 1)); |
| if (nicks != NULL) { |
| for (j = 0; ((j < i) && (error == PR_FALSE)); j++) { |
| nicks[j] = (SECItem *)PORT_ZAlloc(sizeof(SECItem)); |
| if (nicks[j] != NULL) { |
| nicks[j]->data = |
| (unsigned char *)PORT_ZAlloc(PORT_Strlen(nicknames[j]) + 1); |
| if (nicks[j]->data != NULL) { |
| nicks[j]->len = PORT_Strlen(nicknames[j]); |
| PORT_Memcpy(nicks[j]->data, nicknames[j], nicks[j]->len); |
| nicks[j]->data[nicks[j]->len] = 0; |
| } else { |
| error = PR_TRUE; |
| } |
| } else { |
| error = PR_TRUE; |
| } |
| } |
| } |
| |
| if (error == PR_TRUE) { |
| for (i = 0; i < j; i++) { |
| SECITEM_FreeItem(nicks[i], PR_TRUE); |
| } |
| PORT_Free(nicks); |
| nicks = NULL; |
| } |
| |
| return nicks; |
| } |
| |
| /* package the certificate add_cert into PKCS12 structures, |
| * retrieve the certificate chain for the cert and return |
| * the packaged contents. |
| * poolp -- common memory pool; |
| * add_cert -- certificate to package up |
| * nickname for the certificate |
| * a return of NULL indicates an error |
| */ |
| static SEC_PKCS12CertAndCRL * |
| sec_pkcs12_get_cert(PLArenaPool *poolp, |
| CERTCertificate *add_cert, |
| SECItem *nickname) |
| { |
| SEC_PKCS12CertAndCRL *cert; |
| SEC_PKCS7ContentInfo *cinfo; |
| SGNDigestInfo *t_di; |
| void *mark; |
| SECStatus rv; |
| |
| if ((poolp == NULL) || (add_cert == NULL) || (nickname == NULL)) { |
| return NULL; |
| } |
| mark = PORT_ArenaMark(poolp); |
| |
| cert = sec_pkcs12_new_cert_crl(poolp, SEC_OID_PKCS12_X509_CERT_CRL_BAG); |
| if (cert != NULL) { |
| |
| /* copy the nickname */ |
| rv = SECITEM_CopyItem(poolp, &cert->nickname, nickname); |
| if (rv != SECSuccess) { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| cert = NULL; |
| } else { |
| |
| /* package the certificate and cert chain into a NULL signer |
| * PKCS 7 SignedData content Info and prepare it for encoding |
| * since we cannot use DER_ANY_TEMPLATE |
| */ |
| cinfo = SEC_PKCS7CreateCertsOnly(add_cert, PR_TRUE, NULL); |
| rv = SEC_PKCS7PrepareForEncode(cinfo, NULL, NULL, NULL); |
| |
| /* thumbprint the certificate */ |
| if ((cinfo != NULL) && (rv == SECSuccess)) { |
| PORT_Memcpy(&cert->value.x509->certOrCRL, cinfo, sizeof(*cinfo)); |
| t_di = sec_pkcs12_compute_thumbprint(&add_cert->derCert); |
| if (t_di != NULL) { |
| /* test */ |
| rv = SGN_CopyDigestInfo(poolp, &cert->value.x509->thumbprint, |
| t_di); |
| if (rv != SECSuccess) { |
| cert = NULL; |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| } |
| SGN_DestroyDigestInfo(t_di); |
| } else |
| cert = NULL; |
| } |
| } |
| } |
| |
| if (cert == NULL) { |
| PORT_ArenaRelease(poolp, mark); |
| } else { |
| PORT_ArenaUnmark(poolp, mark); |
| } |
| |
| return cert; |
| } |
| |
| /* package the private key associated with the certificate and |
| * return the appropriate PKCS 12 structure |
| * poolp common memory pool |
| * nickname key nickname |
| * cert -- cert to look up |
| * wincx -- window handle |
| * an error is indicated by a return of NULL |
| */ |
| static SEC_PKCS12PrivateKey * |
| sec_pkcs12_get_private_key(PLArenaPool *poolp, |
| SECItem *nickname, |
| CERTCertificate *cert, |
| void *wincx) |
| { |
| SECKEYPrivateKeyInfo *pki; |
| SEC_PKCS12PrivateKey *pk; |
| SECStatus rv; |
| void *mark; |
| |
| if ((poolp == NULL) || (nickname == NULL)) { |
| return NULL; |
| } |
| |
| mark = PORT_ArenaMark(poolp); |
| |
| /* retrieve key from the data base */ |
| pki = PK11_ExportPrivateKeyInfo(nickname, cert, wincx); |
| if (pki == NULL) { |
| PORT_ArenaRelease(poolp, mark); |
| PORT_SetError(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY); |
| return NULL; |
| } |
| |
| pk = (SEC_PKCS12PrivateKey *)PORT_ArenaZAlloc(poolp, |
| sizeof(SEC_PKCS12PrivateKey)); |
| if (pk != NULL) { |
| rv = sec_pkcs12_init_pvk_data(poolp, &pk->pvkData); |
| |
| if (rv == SECSuccess) { |
| /* copy the key into poolp memory space */ |
| rv = SECKEY_CopyPrivateKeyInfo(poolp, &pk->pkcs8data, pki); |
| if (rv == SECSuccess) { |
| rv = SECITEM_CopyItem(poolp, &pk->pvkData.nickname, nickname); |
| } |
| } |
| |
| if (rv != SECSuccess) { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| pk = NULL; |
| } |
| } else { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| } |
| |
| /* destroy private key, zeroing out data */ |
| SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE); |
| if (pk == NULL) { |
| PORT_ArenaRelease(poolp, mark); |
| } else { |
| PORT_ArenaUnmark(poolp, mark); |
| } |
| |
| return pk; |
| } |
| |
| /* get a shrouded key item associated with a certificate |
| * return the appropriate PKCS 12 structure |
| * poolp common memory pool |
| * nickname key nickname |
| * cert -- cert to look up |
| * wincx -- window handle |
| * an error is indicated by a return of NULL |
| */ |
| static SEC_PKCS12ESPVKItem * |
| sec_pkcs12_get_shrouded_key(PLArenaPool *poolp, |
| SECItem *nickname, |
| CERTCertificate *cert, |
| SECOidTag algorithm, |
| SECItem *pwitem, |
| PKCS12UnicodeConvertFunction unicodeFn, |
| void *wincx) |
| { |
| SECKEYEncryptedPrivateKeyInfo *epki; |
| SEC_PKCS12ESPVKItem *pk; |
| void *mark; |
| SECStatus rv; |
| PK11SlotInfo *slot = NULL; |
| PRBool swapUnicodeBytes = PR_FALSE; |
| |
| #ifdef IS_LITTLE_ENDIAN |
| swapUnicodeBytes = PR_TRUE; |
| #endif |
| |
| if ((poolp == NULL) || (nickname == NULL)) |
| return NULL; |
| |
| mark = PORT_ArenaMark(poolp); |
| |
| /* use internal key slot */ |
| slot = PK11_GetInternalKeySlot(); |
| |
| /* retrieve encrypted prviate key */ |
| epki = PK11_ExportEncryptedPrivateKeyInfo(slot, algorithm, pwitem, |
| nickname, cert, 1, 0, NULL); |
| PK11_FreeSlot(slot); |
| if (epki == NULL) { |
| PORT_SetError(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY); |
| PORT_ArenaRelease(poolp, mark); |
| return NULL; |
| } |
| |
| /* create a private key and store the data into the poolp memory space */ |
| pk = sec_pkcs12_create_espvk(poolp, SEC_OID_PKCS12_PKCS8_KEY_SHROUDING); |
| if (pk != NULL) { |
| rv = sec_pkcs12_init_pvk_data(poolp, &pk->espvkData); |
| rv = SECITEM_CopyItem(poolp, &pk->espvkData.nickname, nickname); |
| pk->espvkCipherText.pkcs8KeyShroud = |
| (SECKEYEncryptedPrivateKeyInfo *)PORT_ArenaZAlloc(poolp, |
| sizeof(SECKEYEncryptedPrivateKeyInfo)); |
| if ((pk->espvkCipherText.pkcs8KeyShroud != NULL) && (rv == SECSuccess)) { |
| rv = SECKEY_CopyEncryptedPrivateKeyInfo(poolp, |
| pk->espvkCipherText.pkcs8KeyShroud, epki); |
| if (rv == SECSuccess) { |
| rv = (*unicodeFn)(poolp, &pk->espvkData.uniNickName, nickname, |
| PR_TRUE, swapUnicodeBytes); |
| } |
| } |
| |
| if (rv != SECSuccess) { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| pk = NULL; |
| } |
| } |
| |
| SECKEY_DestroyEncryptedPrivateKeyInfo(epki, PR_TRUE); |
| if (pk == NULL) { |
| PORT_ArenaRelease(poolp, mark); |
| } else { |
| PORT_ArenaUnmark(poolp, mark); |
| } |
| |
| return pk; |
| } |
| |
| /* add a thumbprint to a private key associated certs list |
| * pvk is the area where the list is stored |
| * thumb is the thumbprint to copy |
| * a return of SECFailure indicates an error |
| */ |
| static SECStatus |
| sec_pkcs12_add_thumbprint(SEC_PKCS12PVKSupportingData *pvk, |
| SGNDigestInfo *thumb) |
| { |
| SGNDigestInfo **thumb_list = NULL; |
| int nthumbs, size; |
| void *mark, *dummy; |
| SECStatus rv = SECFailure; |
| |
| if ((pvk == NULL) || (thumb == NULL)) { |
| return SECFailure; |
| } |
| |
| mark = PORT_ArenaMark(pvk->poolp); |
| |
| thumb_list = pvk->assocCerts; |
| nthumbs = pvk->nThumbs; |
| |
| /* allocate list space needed -- either growing or allocating |
| * list must be NULL terminated |
| */ |
| size = sizeof(SGNDigestInfo *); |
| dummy = PORT_ArenaGrow(pvk->poolp, thumb_list, (size * (nthumbs + 1)), |
| (size * (nthumbs + 2))); |
| thumb_list = dummy; |
| if (dummy != NULL) { |
| thumb_list[nthumbs] = (SGNDigestInfo *)PORT_ArenaZAlloc(pvk->poolp, |
| sizeof(SGNDigestInfo)); |
| if (thumb_list[nthumbs] != NULL) { |
| SGN_CopyDigestInfo(pvk->poolp, thumb_list[nthumbs], thumb); |
| nthumbs += 1; |
| thumb_list[nthumbs] = 0; |
| } else { |
| dummy = NULL; |
| } |
| } |
| |
| if (dummy == NULL) { |
| PORT_ArenaRelease(pvk->poolp, mark); |
| return SECFailure; |
| } |
| |
| pvk->assocCerts = thumb_list; |
| pvk->nThumbs = nthumbs; |
| |
| PORT_ArenaUnmark(pvk->poolp, mark); |
| return SECSuccess; |
| } |
| |
| /* search the list of shrouded keys in the baggage for the desired |
| * name. return a pointer to the item. a return of NULL indicates |
| * that no match was present or that an error occurred. |
| */ |
| static SEC_PKCS12ESPVKItem * |
| sec_pkcs12_get_espvk_by_name(SEC_PKCS12Baggage *luggage, |
| SECItem *name) |
| { |
| PRBool found = PR_FALSE; |
| SEC_PKCS12ESPVKItem *espvk = NULL; |
| int i, j; |
| SECComparison rv = SECEqual; |
| SECItem *t_name; |
| SEC_PKCS12BaggageItem *bag; |
| |
| if ((luggage == NULL) || (name == NULL)) { |
| return NULL; |
| } |
| |
| i = 0; |
| while ((found == PR_FALSE) && (i < luggage->luggage_size)) { |
| j = 0; |
| bag = luggage->bags[i]; |
| while ((found == PR_FALSE) && (j < bag->nEspvks)) { |
| espvk = bag->espvks[j]; |
| if (espvk->poolp == NULL) { |
| espvk->poolp = luggage->poolp; |
| } |
| t_name = SECITEM_DupItem(&espvk->espvkData.nickname); |
| if (t_name != NULL) { |
| rv = SECITEM_CompareItem(name, t_name); |
| if (rv == SECEqual) { |
| found = PR_TRUE; |
| } |
| SECITEM_FreeItem(t_name, PR_TRUE); |
| } else { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| return NULL; |
| } |
| j++; |
| } |
| i++; |
| } |
| |
| if (found != PR_TRUE) { |
| PORT_SetError(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME); |
| return NULL; |
| } |
| |
| return espvk; |
| } |
| |
| /* locates a certificate and copies the thumbprint to the |
| * appropriate private key |
| */ |
| static SECStatus |
| sec_pkcs12_propagate_thumbprints(SECItem **nicknames, |
| CERTCertificate **ref_certs, |
| SEC_PKCS12SafeContents *safe, |
| SEC_PKCS12Baggage *baggage) |
| { |
| SEC_PKCS12CertAndCRL *cert; |
| SEC_PKCS12PrivateKey *key; |
| SEC_PKCS12ESPVKItem *espvk; |
| int i; |
| PRBool error = PR_FALSE; |
| SECStatus rv = SECFailure; |
| |
| if ((nicknames == NULL) || (safe == NULL)) { |
| return SECFailure; |
| } |
| |
| i = 0; |
| while ((nicknames[i] != NULL) && (error == PR_FALSE)) { |
| /* process all certs */ |
| cert = (SEC_PKCS12CertAndCRL *)sec_pkcs12_find_object(safe, baggage, |
| SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID, |
| nicknames[i], NULL); |
| if (cert != NULL) { |
| /* locate key and copy thumbprint */ |
| key = (SEC_PKCS12PrivateKey *)sec_pkcs12_find_object(safe, baggage, |
| SEC_OID_PKCS12_KEY_BAG_ID, |
| nicknames[i], NULL); |
| if (key != NULL) { |
| key->pvkData.poolp = key->poolp; |
| rv = sec_pkcs12_add_thumbprint(&key->pvkData, |
| &cert->value.x509->thumbprint); |
| if (rv == SECFailure) |
| error = PR_TRUE; /* XXX Set error? */ |
| } |
| |
| /* look in the baggage as well...*/ |
| if ((baggage != NULL) && (error == PR_FALSE)) { |
| espvk = sec_pkcs12_get_espvk_by_name(baggage, nicknames[i]); |
| if (espvk != NULL) { |
| espvk->espvkData.poolp = espvk->poolp; |
| rv = sec_pkcs12_add_thumbprint(&espvk->espvkData, |
| &cert->value.x509->thumbprint); |
| if (rv == SECFailure) |
| error = PR_TRUE; /* XXX Set error? */ |
| } |
| } |
| } |
| i++; |
| } |
| |
| if (error == PR_TRUE) { |
| return SECFailure; |
| } |
| |
| return SECSuccess; |
| } |
| |
| /* append a safe bag to the end of the safe contents list */ |
| SECStatus |
| sec_pkcs12_append_safe_bag(SEC_PKCS12SafeContents *safe, |
| SEC_PKCS12SafeBag *bag) |
| { |
| int size; |
| void *mark = NULL, *dummy = NULL; |
| |
| if ((bag == NULL) || (safe == NULL)) |
| return SECFailure; |
| |
| mark = PORT_ArenaMark(safe->poolp); |
| |
| size = (safe->safe_size * sizeof(SEC_PKCS12SafeBag *)); |
| |
| if (safe->safe_size > 0) { |
| dummy = (SEC_PKCS12SafeBag **)PORT_ArenaGrow(safe->poolp, |
| safe->contents, |
| size, |
| (size + sizeof(SEC_PKCS12SafeBag *))); |
| safe->contents = dummy; |
| } else { |
| safe->contents = (SEC_PKCS12SafeBag **)PORT_ArenaZAlloc(safe->poolp, |
| (2 * sizeof(SEC_PKCS12SafeBag *))); |
| dummy = safe->contents; |
| } |
| |
| if (dummy == NULL) { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| goto loser; |
| } |
| |
| safe->contents[safe->safe_size] = bag; |
| safe->safe_size++; |
| safe->contents[safe->safe_size] = NULL; |
| |
| PORT_ArenaUnmark(safe->poolp, mark); |
| return SECSuccess; |
| |
| loser: |
| PORT_ArenaRelease(safe->poolp, mark); |
| return SECFailure; |
| } |
| |
| /* append a certificate onto the end of a cert bag */ |
| static SECStatus |
| sec_pkcs12_append_cert_to_bag(PLArenaPool *arena, |
| SEC_PKCS12SafeBag *safebag, |
| CERTCertificate *cert, |
| SECItem *nickname) |
| { |
| int size; |
| void *dummy = NULL, *mark = NULL; |
| SEC_PKCS12CertAndCRL *p12cert; |
| SEC_PKCS12CertAndCRLBag *bag; |
| |
| if ((arena == NULL) || (safebag == NULL) || |
| (cert == NULL) || (nickname == NULL)) { |
| return SECFailure; |
| } |
| |
| bag = safebag->safeContent.certAndCRLBag; |
| if (bag == NULL) { |
| return SECFailure; |
| } |
| |
| mark = PORT_ArenaMark(arena); |
| |
| p12cert = sec_pkcs12_get_cert(arena, cert, nickname); |
| if (p12cert == NULL) { |
| PORT_ArenaRelease(bag->poolp, mark); |
| return SECFailure; |
| } |
| |
| size = bag->bag_size * sizeof(SEC_PKCS12CertAndCRL *); |
| if (bag->bag_size > 0) { |
| dummy = (SEC_PKCS12CertAndCRL **)PORT_ArenaGrow(bag->poolp, |
| bag->certAndCRLs, |
| size, |
| size + sizeof(SEC_PKCS12CertAndCRL *)); |
| bag->certAndCRLs = dummy; |
| } else { |
| bag->certAndCRLs = (SEC_PKCS12CertAndCRL **)PORT_ArenaZAlloc(bag->poolp, |
| (2 * sizeof(SEC_PKCS12CertAndCRL *))); |
| dummy = bag->certAndCRLs; |
| } |
| |
| if (dummy == NULL) { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| goto loser; |
| } |
| |
| bag->certAndCRLs[bag->bag_size] = p12cert; |
| bag->bag_size++; |
| bag->certAndCRLs[bag->bag_size] = NULL; |
| |
| PORT_ArenaUnmark(bag->poolp, mark); |
| return SECSuccess; |
| |
| loser: |
| PORT_ArenaRelease(bag->poolp, mark); |
| return SECFailure; |
| } |
| |
| /* append a key onto the end of a list of keys in a key bag */ |
| SECStatus |
| sec_pkcs12_append_key_to_bag(SEC_PKCS12SafeBag *safebag, |
| SEC_PKCS12PrivateKey *pk) |
| { |
| void *mark, *dummy; |
| SEC_PKCS12PrivateKeyBag *bag; |
| int size; |
| |
| if ((safebag == NULL) || (pk == NULL)) |
| return SECFailure; |
| |
| bag = safebag->safeContent.keyBag; |
| if (bag == NULL) { |
| return SECFailure; |
| } |
| |
| mark = PORT_ArenaMark(bag->poolp); |
| |
| size = (bag->bag_size * sizeof(SEC_PKCS12PrivateKey *)); |
| |
| if (bag->bag_size > 0) { |
| dummy = (SEC_PKCS12PrivateKey **)PORT_ArenaGrow(bag->poolp, |
| bag->privateKeys, |
| size, |
| size + sizeof(SEC_PKCS12PrivateKey *)); |
| bag->privateKeys = dummy; |
| } else { |
| bag->privateKeys = (SEC_PKCS12PrivateKey **)PORT_ArenaZAlloc(bag->poolp, |
| (2 * sizeof(SEC_PKCS12PrivateKey *))); |
| dummy = bag->privateKeys; |
| } |
| |
| if (dummy == NULL) { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| goto loser; |
| } |
| |
| bag->privateKeys[bag->bag_size] = pk; |
| bag->bag_size++; |
| bag->privateKeys[bag->bag_size] = NULL; |
| |
| PORT_ArenaUnmark(bag->poolp, mark); |
| return SECSuccess; |
| |
| loser: |
| /* XXX Free memory? */ |
| PORT_ArenaRelease(bag->poolp, mark); |
| return SECFailure; |
| } |
| |
| /* append a safe bag to the baggage area */ |
| static SECStatus |
| sec_pkcs12_append_unshrouded_bag(SEC_PKCS12BaggageItem *bag, |
| SEC_PKCS12SafeBag *u_bag) |
| { |
| int size; |
| void *mark = NULL, *dummy = NULL; |
| |
| if ((bag == NULL) || (u_bag == NULL)) |
| return SECFailure; |
| |
| mark = PORT_ArenaMark(bag->poolp); |
| |
| /* dump things into the first bag */ |
| size = (bag->nSecrets + 1) * sizeof(SEC_PKCS12SafeBag *); |
| dummy = PORT_ArenaGrow(bag->poolp, |
| bag->unencSecrets, size, |
| size + sizeof(SEC_PKCS12SafeBag *)); |
| bag->unencSecrets = dummy; |
| if (dummy == NULL) { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| goto loser; |
| } |
| |
| bag->unencSecrets[bag->nSecrets] = u_bag; |
| bag->nSecrets++; |
| bag->unencSecrets[bag->nSecrets] = NULL; |
| |
| PORT_ArenaUnmark(bag->poolp, mark); |
| return SECSuccess; |
| |
| loser: |
| PORT_ArenaRelease(bag->poolp, mark); |
| return SECFailure; |
| } |
| |
| /* gather up all certificates and keys and package them up |
| * in the safe, baggage, or both. |
| * nicknames is the list of nicknames and corresponding certs in ref_certs |
| * ref_certs a null terminated list of certificates |
| * rSafe, rBaggage -- return areas for safe and baggage |
| * shroud_keys -- store keys externally |
| * pwitem -- password for computing integrity mac and encrypting contents |
| * wincx -- window handle |
| * |
| * if a failure occurs, an error is set and SECFailure returned. |
| */ |
| static SECStatus |
| sec_pkcs12_package_certs_and_keys(SECItem **nicknames, |
| CERTCertificate **ref_certs, |
| PRBool unencryptedCerts, |
| SEC_PKCS12SafeContents **rSafe, |
| SEC_PKCS12Baggage **rBaggage, |
| PRBool shroud_keys, |
| SECOidTag shroud_alg, |
| SECItem *pwitem, |
| PKCS12UnicodeConvertFunction unicodeFn, |
| void *wincx) |
| { |
| PLArenaPool *permArena; |
| SEC_PKCS12SafeContents *safe = NULL; |
| SEC_PKCS12Baggage *baggage = NULL; |
| |
| SECStatus rv = SECFailure; |
| PRBool problem = PR_FALSE; |
| |
| SEC_PKCS12ESPVKItem *espvk = NULL; |
| SEC_PKCS12PrivateKey *pk = NULL; |
| CERTCertificate *add_cert = NULL; |
| SEC_PKCS12SafeBag *certbag = NULL, *keybag = NULL; |
| SEC_PKCS12BaggageItem *external_bag = NULL; |
| int ncerts = 0, nkeys = 0; |
| int i; |
| |
| if ((nicknames == NULL) || (rSafe == NULL) || (rBaggage == NULL)) { |
| return SECFailure; |
| } |
| |
| *rBaggage = baggage; |
| *rSafe = safe; |
| |
| permArena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); |
| if (permArena == NULL) { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| return SECFailure; |
| } |
| |
| /* allocate structures */ |
| safe = sec_pkcs12_create_safe_contents(permArena); |
| if (safe == NULL) { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| rv = SECFailure; |
| goto loser; |
| } |
| |
| certbag = sec_pkcs12_create_safe_bag(permArena, |
| SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID); |
| if (certbag == NULL) { |
| rv = SECFailure; |
| goto loser; |
| } |
| |
| if (shroud_keys != PR_TRUE) { |
| keybag = sec_pkcs12_create_safe_bag(permArena, |
| SEC_OID_PKCS12_KEY_BAG_ID); |
| if (keybag == NULL) { |
| rv = SECFailure; |
| goto loser; |
| } |
| } |
| |
| if ((shroud_keys == PR_TRUE) || (unencryptedCerts == PR_TRUE)) { |
| baggage = sec_pkcs12_create_baggage(permArena); |
| if (baggage == NULL) { |
| rv = SECFailure; |
| goto loser; |
| } |
| external_bag = sec_pkcs12_create_external_bag(baggage); |
| } |
| |
| /* package keys and certs */ |
| i = 0; |
| while ((nicknames[i] != NULL) && (problem == PR_FALSE)) { |
| if (ref_certs[i] != NULL) { |
| /* append cert to bag o certs */ |
| rv = sec_pkcs12_append_cert_to_bag(permArena, certbag, |
| ref_certs[i], |
| nicknames[i]); |
| if (rv == SECFailure) { |
| problem = PR_FALSE; |
| } else { |
| ncerts++; |
| } |
| |
| if (rv == SECSuccess) { |
| /* package up them keys */ |
| if (shroud_keys == PR_TRUE) { |
| espvk = sec_pkcs12_get_shrouded_key(permArena, |
| nicknames[i], |
| ref_certs[i], |
| shroud_alg, |
| pwitem, unicodeFn, |
| wincx); |
| if (espvk != NULL) { |
| rv = sec_pkcs12_append_shrouded_key(external_bag, espvk); |
| SECITEM_CopyItem(permArena, &espvk->derCert, |
| &ref_certs[i]->derCert); |
| } else { |
| rv = SECFailure; |
| } |
| } else { |
| pk = sec_pkcs12_get_private_key(permArena, nicknames[i], |
| ref_certs[i], wincx); |
| if (pk != NULL) { |
| rv = sec_pkcs12_append_key_to_bag(keybag, pk); |
| SECITEM_CopyItem(permArena, &espvk->derCert, |
| &ref_certs[i]->derCert); |
| } else { |
| rv = SECFailure; |
| } |
| } |
| |
| if (rv == SECFailure) { |
| problem = PR_TRUE; |
| } else { |
| nkeys++; |
| } |
| } |
| } else { |
| /* handle only keys here ? */ |
| problem = PR_TRUE; |
| } |
| i++; |
| } |
| |
| /* let success fall through */ |
| loser: |
| if (problem == PR_FALSE) { |
| /* if we have certs, we want to append the cert bag to the |
| * appropriate area |
| */ |
| if (ncerts > 0) { |
| if (unencryptedCerts != PR_TRUE) { |
| rv = sec_pkcs12_append_safe_bag(safe, certbag); |
| } else { |
| rv = sec_pkcs12_append_unshrouded_bag(external_bag, certbag); |
| } |
| } else { |
| rv = SECSuccess; |
| } |
| |
| /* append key bag, if they are stored in safe contents */ |
| if ((rv == SECSuccess) && (shroud_keys == PR_FALSE) && (nkeys > 0)) { |
| rv = sec_pkcs12_append_safe_bag(safe, keybag); |
| } |
| } else { |
| rv = SECFailure; |
| } |
| |
| /* if baggage not used, NULLify it */ |
| if ((shroud_keys == PR_TRUE) || (unencryptedCerts == PR_TRUE)) { |
| if (((unencryptedCerts == PR_TRUE) && (ncerts == 0)) && |
| ((shroud_keys == PR_TRUE) && (nkeys == 0))) |
| baggage = NULL; |
| } else { |
| baggage = NULL; |
| } |
| |
| if ((problem == PR_TRUE) || (rv == SECFailure)) { |
| PORT_FreeArena(permArena, PR_TRUE); |
| rv = SECFailure; |
| baggage = NULL; |
| safe = NULL; |
| } |
| |
| *rBaggage = baggage; |
| *rSafe = safe; |
| |
| return rv; |
| } |
| |
| /* DER encode the safe contents and return a SECItem. if an error |
| * occurs, NULL is returned. |
| */ |
| static SECItem * |
| sec_pkcs12_encode_safe_contents(SEC_PKCS12SafeContents *safe) |
| { |
| SECItem *dsafe = NULL, *tsafe; |
| void *dummy = NULL; |
| PLArenaPool *arena; |
| |
| if (safe == NULL) { |
| return NULL; |
| } |
| |
| /* rv = sec_pkcs12_prepare_for_der_code_safe(safe, PR_TRUE); |
| if(rv != SECSuccess) { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| return NULL; |
| }*/ |
| |
| arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); |
| if (arena == NULL) { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| return NULL; |
| } |
| |
| tsafe = (SECItem *)PORT_ArenaZAlloc(arena, sizeof(SECItem)); |
| if (tsafe != NULL) { |
| dummy = SEC_ASN1EncodeItem(arena, tsafe, safe, |
| SEC_PKCS12SafeContentsTemplate); |
| if (dummy != NULL) { |
| dsafe = SECITEM_DupItem(tsafe); |
| } else { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| } |
| } else { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| } |
| |
| PORT_FreeArena(arena, PR_TRUE); |
| |
| return dsafe; |
| } |
| |
| /* prepare the authenicated safe for encoding and encode it. |
| * baggage is copied to the appropriate area, safe is encoded and |
| * encrypted. the version and transport mode are set on the asafe. |
| * the whole ball of wax is then der encoded and packaged up into |
| * data content info |
| * safe -- container of certs and keys, is encrypted. |
| * baggage -- container of certs and keys, keys assumed to be encrypted by |
| * another method, certs are in the clear |
| * algorithm -- algorithm by which to encrypt safe |
| * pwitem -- password for encryption |
| * wincx - window handle |
| * |
| * return of NULL is an error condition. |
| */ |
| static SEC_PKCS7ContentInfo * |
| sec_pkcs12_get_auth_safe(SEC_PKCS12SafeContents *safe, |
| SEC_PKCS12Baggage *baggage, |
| SECOidTag algorithm, |
| SECItem *pwitem, |
| PKCS12UnicodeConvertFunction unicodeFn, |
| void *wincx) |
| { |
| SECItem *src = NULL, *dest = NULL, *psalt = NULL; |
| PLArenaPool *poolp; |
| SEC_PKCS12AuthenticatedSafe *asafe; |
| SEC_PKCS7ContentInfo *safe_cinfo = NULL; |
| SEC_PKCS7ContentInfo *asafe_cinfo = NULL; |
| void *dummy; |
| SECStatus rv = SECSuccess; |
| PRBool swapUnicodeBytes = PR_FALSE; |
| |
| #ifdef IS_LITTLE_ENDIAN |
| swapUnicodeBytes = PR_TRUE; |
| #endif |
| |
| if (((safe != NULL) && (pwitem == NULL)) && (baggage == NULL)) |
| return NULL; |
| |
| poolp = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); |
| if (poolp == NULL) { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| return NULL; |
| } |
| |
| /* prepare authenticated safe for encode */ |
| asafe = sec_pkcs12_new_asafe(poolp); |
| if (asafe != NULL) { |
| |
| /* set version */ |
| dummy = SEC_ASN1EncodeInteger(asafe->poolp, &asafe->version, |
| SEC_PKCS12_PFX_VERSION); |
| if (dummy == NULL) { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| rv = SECFailure; |
| goto loser; |
| } |
| |
| /* generate the privacy salt used to create virtual pwd */ |
| psalt = sec_pkcs12_generate_salt(); |
| if (psalt != NULL) { |
| rv = SECITEM_CopyItem(asafe->poolp, &asafe->privacySalt, |
| psalt); |
| if (rv == SECSuccess) { |
| asafe->privacySalt.len *= 8; |
| } else { |
| SECITEM_ZfreeItem(psalt, PR_TRUE); |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| goto loser; |
| } |
| } |
| |
| if ((psalt == NULL) || (rv == SECFailure)) { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| rv = SECFailure; |
| goto loser; |
| } |
| |
| /* package up safe contents */ |
| if (safe != NULL) { |
| safe_cinfo = SEC_PKCS7CreateEncryptedData(algorithm, NULL, wincx); |
| if ((safe_cinfo != NULL) && (safe->safe_size > 0)) { |
| /* encode the safe and encrypt the contents of the |
| * content info |
| */ |
| src = sec_pkcs12_encode_safe_contents(safe); |
| |
| if (src != NULL) { |
| rv = SEC_PKCS7SetContent(safe_cinfo, (char *)src->data, src->len); |
| SECITEM_ZfreeItem(src, PR_TRUE); |
| if (rv == SECSuccess) { |
| SECItem *vpwd; |
| vpwd = sec_pkcs12_create_virtual_password(pwitem, psalt, |
| unicodeFn, swapUnicodeBytes); |
| if (vpwd != NULL) { |
| rv = SEC_PKCS7EncryptContents(NULL, safe_cinfo, |
| vpwd, wincx); |
| SECITEM_ZfreeItem(vpwd, PR_TRUE); |
| } else { |
| rv = SECFailure; |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| } |
| } else { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| } |
| } else { |
| rv = SECFailure; |
| } |
| } else if (safe->safe_size > 0) { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| goto loser; |
| } else { |
| /* case where there is NULL content in the safe contents */ |
| rv = SEC_PKCS7SetContent(safe_cinfo, NULL, 0); |
| if (rv != SECFailure) { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| } |
| } |
| |
| if (rv != SECSuccess) { |
| SEC_PKCS7DestroyContentInfo(safe_cinfo); |
| safe_cinfo = NULL; |
| goto loser; |
| } |
| |
| asafe->safe = safe_cinfo; |
| /* |
| PORT_Memcpy(&asafe->safe, safe_cinfo, sizeof(*safe_cinfo)); |
| */ |
| } |
| |
| /* copy the baggage to the authenticated safe baggage if present */ |
| if (baggage != NULL) { |
| PORT_Memcpy(&asafe->baggage, baggage, sizeof(*baggage)); |
| } |
| |
| /* encode authenticated safe and store it in a Data content info */ |
| dest = (SECItem *)PORT_ArenaZAlloc(poolp, sizeof(SECItem)); |
| if (dest != NULL) { |
| dummy = SEC_ASN1EncodeItem(poolp, dest, asafe, |
| SEC_PKCS12AuthenticatedSafeTemplate); |
| if (dummy != NULL) { |
| asafe_cinfo = SEC_PKCS7CreateData(); |
| if (asafe_cinfo != NULL) { |
| rv = SEC_PKCS7SetContent(asafe_cinfo, |
| (char *)dest->data, |
| dest->len); |
| if (rv != SECSuccess) { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| SEC_PKCS7DestroyContentInfo(asafe_cinfo); |
| asafe_cinfo = NULL; |
| } |
| } |
| } else { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| rv = SECFailure; |
| } |
| } |
| } |
| |
| loser: |
| PORT_FreeArena(poolp, PR_TRUE); |
| if (safe_cinfo != NULL) { |
| SEC_PKCS7DestroyContentInfo(safe_cinfo); |
| } |
| if (psalt != NULL) { |
| SECITEM_ZfreeItem(psalt, PR_TRUE); |
| } |
| |
| if (rv == SECFailure) { |
| return NULL; |
| } |
| |
| return asafe_cinfo; |
| } |
| |
| /* generates the PFX and computes the mac on the authenticated safe |
| * NULL implies an error |
| */ |
| static SEC_PKCS12PFXItem * |
| sec_pkcs12_get_pfx(SEC_PKCS7ContentInfo *cinfo, |
| PRBool do_mac, |
| SECItem *pwitem, PKCS12UnicodeConvertFunction unicodeFn) |
| { |
| SECItem *dest = NULL, *mac = NULL, *salt = NULL, *key = NULL; |
| SEC_PKCS12PFXItem *pfx; |
| SECStatus rv = SECFailure; |
| SGNDigestInfo *di; |
| SECItem *vpwd; |
| PRBool swapUnicodeBytes = PR_FALSE; |
| |
| #ifdef IS_LITTLE_ENDIAN |
| swapUnicodeBytes = PR_TRUE; |
| #endif |
| |
| if ((cinfo == NULL) || ((do_mac == PR_TRUE) && (pwitem == NULL))) { |
| return NULL; |
| } |
| |
| /* allocate new pfx structure */ |
| pfx = sec_pkcs12_new_pfx(); |
| if (pfx == NULL) { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| return NULL; |
| } |
| |
| PORT_Memcpy(&pfx->authSafe, cinfo, sizeof(*cinfo)); |
| if (do_mac == PR_TRUE) { |
| |
| /* salt for computing mac */ |
| salt = sec_pkcs12_generate_salt(); |
| if (salt != NULL) { |
| rv = SECITEM_CopyItem(pfx->poolp, &pfx->macData.macSalt, salt); |
| pfx->macData.macSalt.len *= 8; |
| |
| vpwd = sec_pkcs12_create_virtual_password(pwitem, salt, |
| unicodeFn, swapUnicodeBytes); |
| if (vpwd == NULL) { |
| rv = SECFailure; |
| key = NULL; |
| } else { |
| key = sec_pkcs12_generate_key_from_password(SEC_OID_SHA1, |
| salt, vpwd); |
| SECITEM_ZfreeItem(vpwd, PR_TRUE); |
| } |
| |
| if ((key != NULL) && (rv == SECSuccess)) { |
| dest = SEC_PKCS7GetContent(cinfo); |
| if (dest != NULL) { |
| |
| /* compute mac on data -- for password integrity mode */ |
| mac = sec_pkcs12_generate_mac(key, dest, PR_FALSE); |
| if (mac != NULL) { |
| di = SGN_CreateDigestInfo(SEC_OID_SHA1, |
| mac->data, mac->len); |
| if (di != NULL) { |
| rv = SGN_CopyDigestInfo(pfx->poolp, |
| &pfx->macData.safeMac, di); |
| SGN_DestroyDigestInfo(di); |
| } else { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| } |
| SECITEM_ZfreeItem(mac, PR_TRUE); |
| } |
| } else { |
| rv = SECFailure; |
| } |
| } else { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| rv = SECFailure; |
| } |
| |
| if (key != NULL) { |
| SECITEM_ZfreeItem(key, PR_TRUE); |
| } |
| SECITEM_ZfreeItem(salt, PR_TRUE); |
| } |
| } |
| |
| if (rv == SECFailure) { |
| SEC_PKCS12DestroyPFX(pfx); |
| pfx = NULL; |
| } |
| |
| return pfx; |
| } |
| |
| /* der encode the pfx */ |
| static SECItem * |
| sec_pkcs12_encode_pfx(SEC_PKCS12PFXItem *pfx) |
| { |
| SECItem *dest; |
| void *dummy; |
| |
| if (pfx == NULL) { |
| return NULL; |
| } |
| |
| dest = (SECItem *)PORT_ZAlloc(sizeof(SECItem)); |
| if (dest == NULL) { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| return NULL; |
| } |
| |
| dummy = SEC_ASN1EncodeItem(NULL, dest, pfx, SEC_PKCS12PFXItemTemplate); |
| if (dummy == NULL) { |
| PORT_SetError(SEC_ERROR_NO_MEMORY); |
| SECITEM_ZfreeItem(dest, PR_TRUE); |
| dest = NULL; |
| } |
| |
| return dest; |
| } |
| |
| SECItem * |
| SEC_PKCS12GetPFX(char **nicknames, |
| CERTCertificate **ref_certs, |
| PRBool shroud_keys, |
| SEC_PKCS5GetPBEPassword pbef, |
| void *pbearg, |
| PKCS12UnicodeConvertFunction unicodeFn, |
| void *wincx) |
| { |
| SECItem **nicks = NULL; |
| SEC_PKCS12PFXItem *pfx = NULL; |
| SEC_PKCS12Baggage *baggage = NULL; |
| SEC_PKCS12SafeContents *safe = NULL; |
| SEC_PKCS7ContentInfo *cinfo = NULL; |
| SECStatus rv = SECFailure; |
| SECItem *dest = NULL, *pwitem = NULL; |
| PRBool problem = PR_FALSE; |
| PRBool unencryptedCerts; |
| SECOidTag shroud_alg, safe_alg; |
| |
| /* how should we encrypt certs ? */ |
| unencryptedCerts = !SEC_PKCS12IsEncryptionAllowed(); |
| if (!unencryptedCerts) { |
| safe_alg = SEC_PKCS12GetPreferredEncryptionAlgorithm(); |
| if (safe_alg == SEC_OID_UNKNOWN) { |
| safe_alg = SEC_PKCS12GetStrongestAllowedAlgorithm(); |
| } |
| if (safe_alg == SEC_OID_UNKNOWN) { |
| unencryptedCerts = PR_TRUE; |
| /* for export where no encryption is allowed, we still need |
| * to encrypt the NULL contents per the spec. encrypted info |
| * is known plaintext, so it shouldn't be a problem. |
| */ |
| safe_alg = SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC; |
| } |
| } else { |
| /* for export where no encryption is allowed, we still need |
| * to encrypt the NULL contents per the spec. encrypted info |
| * is known plaintext, so it shouldn't be a problem. |
| */ |
| safe_alg = SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC; |
| } |
| |
| /* keys are always stored with triple DES */ |
| shroud_alg = SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC; |
| |
| /* check for FIPS, if so, do not encrypt certs */ |
| if (PK11_IsFIPS() && !unencryptedCerts) { |
| unencryptedCerts = PR_TRUE; |
| } |
| |
| if ((nicknames == NULL) || (pbef == NULL) || (ref_certs == NULL)) { |
| problem = PR_TRUE; |
| goto loser; |
| } |
| |
| /* get password */ |
| pwitem = (*pbef)(pbearg); |
| if (pwitem == NULL) { |
| problem = PR_TRUE; |
| goto loser; |
| } |
| nicks = sec_pkcs12_convert_nickname_list(nicknames); |
| |
| /* get safe and baggage */ |
| rv = sec_pkcs12_package_certs_and_keys(nicks, ref_certs, unencryptedCerts, |
| &safe, &baggage, shroud_keys, |
| shroud_alg, pwitem, unicodeFn, wincx); |
| if (rv == SECFailure) { |
| problem = PR_TRUE; |
| } |
| |
| if ((safe != NULL) && (problem == PR_FALSE)) { |
| /* copy thumbprints */ |
| rv = sec_pkcs12_propagate_thumbprints(nicks, ref_certs, safe, baggage); |
| |
| /* package everything up into AuthenticatedSafe */ |
| cinfo = sec_pkcs12_get_auth_safe(safe, baggage, |
| safe_alg, pwitem, unicodeFn, wincx); |
| |
| sec_pkcs12_destroy_cert_content_infos(safe, baggage); |
| |
| /* get the pfx and mac it */ |
| if (cinfo != NULL) { |
| pfx = sec_pkcs12_get_pfx(cinfo, PR_TRUE, pwitem, unicodeFn); |
| if (pfx != NULL) { |
| dest = sec_pkcs12_encode_pfx(pfx); |
| SEC_PKCS12DestroyPFX(pfx); |
| } |
| SEC_PKCS7DestroyContentInfo(cinfo); |
| } |
| |
| if (safe != NULL) { |
| PORT_FreeArena(safe->poolp, PR_TRUE); |
| } |
| } else { |
| if (safe != NULL) { |
| PORT_FreeArena(safe->poolp, PR_TRUE); |
| } |
| } |
| |
| loser: |
| if (nicks != NULL) { |
| sec_pkcs12_destroy_nickname_list(nicks); |
| } |
| |
| if (ref_certs != NULL) { |
| sec_pkcs12_destroy_certificate_list(ref_certs); |
| } |
| |
| if (pwitem != NULL) { |
| SECITEM_ZfreeItem(pwitem, PR_TRUE); |
| } |
| |
| if (problem == PR_TRUE) { |
| dest = NULL; |
| } |
| |
| return dest; |
| } |