From 8b976124ac57d2e318691253b77371bf85d42a92 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Mon, 27 Sep 2010 23:49:44 -0400 Subject: [PATCH 012/150] - refactor a bit --- src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 56 +++++++++++++----------- 1 files changed, 30 insertions(+), 26 deletions(-) diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index 4b75d07..df0b81a 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -1072,6 +1072,22 @@ crypto_cert_iteration_next(krb5_context context, } /* Read names, key usage, and extended key usage from the cert. */ +static SECItem * +cert_get_ext_by_tag(CERTCertificate *cert, SECOidTag tag) +{ + SECOidData *oid; + int i; + oid = SECOID_FindOIDByTag(tag); + for (i = 0; + (cert->extensions != NULL) && (cert->extensions[i] != NULL); + i++) { + if (SECITEM_ItemsAreEqual(&cert->extensions[i]->id, + &oid->oid)) { + return &cert->extensions[i]->value; + } + } + return NULL; +} static unsigned int cert_get_ku_bits(krb5_context context, pkinit_cert_handle cert_handle) { @@ -1106,40 +1122,24 @@ static unsigned int cert_get_eku_bits(krb5_context context, pkinit_cert_handle cert_handle, int kdc) { PLArenaPool *pool; - CERTCertExtension *ext; - SECItem **oids; - SECOidData *oid, *clientauth, *email; + SECItem *ext, **oids; + SECOidData *clientauth, *email; int i; unsigned int eku; - /* Find the extended key usage extension. */ - ext = NULL; - oid = SECOID_FindOIDByTag(SEC_OID_X509_EXT_KEY_USAGE); - for (i = 0; - (cert_handle->cert->extensions != NULL) && - (cert_handle->cert->extensions[i] != NULL); - i++) { - ext = cert_handle->cert->extensions[i]; - if (SECITEM_ItemsAreEqual(&ext->id, &oid->oid)) { - break; - } - ext = NULL; - } - if (ext == NULL) { - /* No extendedKeyUsage extension present. */ - return 0; - } + /* Pull out the extension. */ + ext = cert_get_ext_by_tag(cert_handle->cert, + SEC_OID_X509_EXT_KEY_USAGE); /* Look up the well-known OIDs. */ clientauth = SECOID_FindOIDByTag(SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH); email = SECOID_FindOIDByTag(SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT); - /* Decode the list of EKU values. */ + /* Decode the list of OIDs. */ pool = PORT_NewArena(sizeof(double)); oids = NULL; - if (SEC_ASN1DecodeItem(pool, &oids, - SEC_SequenceOfObjectIDTemplate, - &ext->value) != SECSuccess) { + if (SEC_ASN1DecodeItem(pool, &oids, SEC_SequenceOfObjectIDTemplate, + ext) != SECSuccess) { PORT_FreeArena(pool, PR_TRUE); return 0; } @@ -1180,8 +1180,10 @@ crypto_cert_get_matching_data(krb5_context context, return ENOMEM; } md->ch = cert; - md->subject_dn = cert->cert->subjectName; /* FIXME: not RFC2253 */ - md->issuer_dn = cert->cert->issuerName; /* FIXME: not RFC2253 */ + md->subject_dn = strdup(cert->cert->subjectName); + /* FIXME: not RFC2253 */ + md->issuer_dn = strdup(cert->cert->issuerName); + /* FIXME: not RFC2253 */ md->ku_bits = cert_get_ku_bits(context, cert_handle); md->eku_bits = cert_get_eku_bits(context, cert_handle, 0); md->sans = NULL; /* FIXME */ @@ -1202,6 +1204,8 @@ krb5_error_code crypto_cert_free_matching_data(krb5_context context, pkinit_cert_matching_data *data) { + free(data->subject_dn); + free(data->issuer_dn); free(data); return 0; } -- 1.7.6.4