本文整理汇总了C++中SecNssCoder类的典型用法代码示例。如果您正苦于以下问题:C++ SecNssCoder类的具体用法?C++ SecNssCoder怎么用?C++ SecNssCoder使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了SecNssCoder类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: mCritical
DecodedExten::DecodedExten(
const CSSM_OID &extnId, // copied
bool critical,
void *nssObj, // NSS_KeyUsage, NSS_BasicConstraints,
// etc. NOT COPIED, exists in same
// memory space as coder
bool berEncoded, // indicates unknown extension which we
// do not BER-decode when parsing a cert
const SecAsn1Template *templ, // to decode/encode if !berEncoded
SecNssCoder &coder, // all local allocs from here
const CSSM_DATA *rawExtn) // NSS_CertExtension.value, copied to
// mRawExtn
: mCritical(critical),
mNssObj(nssObj),
mBerEncoded(berEncoded),
mTempl(templ),
mCoder(coder),
mRawExtn(NULL)
{
coder.allocCopyItem(extnId, mExtnId);
if(rawExtn) {
mRawExtn = (CSSM_DATA *)coder.malloc(sizeof(CSSM_DATA));
coder.allocCopyItem(*rawExtn, *mRawExtn);
}
}示例2: CL_cssmInfoAccessToNss
void CL_cssmInfoAccessToNss(
const CE_AuthorityInfoAccess &cdsaObj,
NSS_AuthorityInfoAccess &nssObj,
SecNssCoder &coder)
{
memset(&nssObj, 0, sizeof(nssObj));
uint32 numDescs = cdsaObj.numAccessDescriptions;
nssObj.accessDescriptions = (NSS_AccessDescription **)clNssNullArray(numDescs, coder);
for(unsigned dex=0; dex<numDescs; dex++) {
nssObj.accessDescriptions[dex] = coder.mallocn<NSS_AccessDescription>();
CE_AccessDescription *src = &cdsaObj.accessDescriptions[dex];
NSS_AccessDescription *dst = nssObj.accessDescriptions[dex];
coder.allocCopyItem(src->accessMethod, dst->accessMethod);
/* Convert general name, then encode it into destination */
NSS_GeneralName nssGenName;
CL_cssmGeneralNameToNss(src->accessLocation, nssGenName, coder);
PRErrorCode prtn = coder.encodeItem(&nssGenName, kSecAsn1GeneralNameTemplate,
dst->encodedAccessLocation);
if(prtn) {
clErrorLog("CL_cssmInfoAccessToNss: encode error\n");
CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR);
}
}
}示例3: CL_certCrlDecodeComponents
void CL_certCrlDecodeComponents(
const CssmData &signedItem, // DER-encoded cert or CRL
CssmOwnedData &tbsBlob, // still DER-encoded
CssmOwnedData &algId, // ditto
CssmOwnedData &rawSig) // raw bits (not an encoded AsnBits)
{
/* BER-decode into temp memory */
NSS_SignedCertOrCRL nssObj;
SecNssCoder coder;
PRErrorCode prtn;
memset(&nssObj, 0, sizeof(nssObj));
prtn = coder.decode(signedItem.data(), signedItem.length(),
kSecAsn1SignedCertOrCRLTemplate, &nssObj);
if(prtn) {
CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
}
/* tbsBlob and algId are raw ASN_ANY including tags, which we pass
* back to caller intact */
tbsBlob.copy(nssObj.tbsBlob.Data, nssObj.tbsBlob.Length);
algId.copy(nssObj.signatureAlgorithm.Data,
nssObj.signatureAlgorithm.Length);
/* signature is a bit string which we do in fact decode */
rawSig.copy(nssObj.signature.Data,
(nssObj.signature.Length + 7) / 8);
}示例4: CL_cssmGeneralNamesToNss
void CL_cssmGeneralNamesToNss(
const CE_GeneralNames &cdsaObj,
NSS_GeneralNames &nssObj,
SecNssCoder &coder)
{
uint32 numNames = cdsaObj.numNames;
nssObj.names = (CSSM_DATA **)clNssNullArray(numNames, coder);
/*
* Convert each element in cdsaObj to NSS form, encode, drop into
* the ASN_ANY array.
*
* This array of (NSS_GeneralName)s is temporary, it doesn't
* persist outside of this routine other than the fact that it's
* mallocd by the coder arena pool.
*/
NSS_GeneralName *names =
(NSS_GeneralName *)coder.malloc(sizeof(NSS_GeneralName) * numNames);
memset(names, 0, sizeof(NSS_GeneralName) * numNames);
for(unsigned dex=0; dex<cdsaObj.numNames; dex++) {
nssObj.names[dex] = (CSSM_DATA_PTR)coder.malloc(sizeof(CSSM_DATA));
memset(nssObj.names[dex], 0, sizeof(CSSM_DATA));
CL_cssmGeneralNameToNss(cdsaObj.generalName[dex],
names[dex], coder);
if(coder.encodeItem(&names[dex], kSecAsn1GeneralNameTemplate,
*nssObj.names[dex])) {
clErrorLog("***Error encoding General.name\n");
CssmError::throwMe(CSSMERR_CL_MEMORY_ERROR);
}
}
}示例5: CL_CSSMKeyToSubjPubKeyInfoNSS
/*
* Convert a CSSM_KEY to a CSSM_X509_SUBJECT_PUBLIC_KEY_INFO. The
* CSSM key must be in raw format and with a specific blob format.
* -- RSA keys have to be CSSM_KEYBLOB_RAW_FORMAT_PKCS1
* -- DSA keys have to be CSSM_KEYBLOB_RAW_FORMAT_X509
* -- ECDSA keys have to be CSSM_KEYBLOB_RAW_FORMAT_X509
*/
void CL_CSSMKeyToSubjPubKeyInfoNSS(
const CSSM_KEY &cssmKey,
CSSM_X509_SUBJECT_PUBLIC_KEY_INFO &nssKeyInfo,
SecNssCoder &coder)
{
const CSSM_KEYHEADER &hdr = cssmKey.KeyHeader;
if(hdr.BlobType != CSSM_KEYBLOB_RAW) {
clErrorLog("CL SetField: must specify RAW key blob\n");
CssmError::throwMe(CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT);
}
memset(&nssKeyInfo, 0, sizeof(nssKeyInfo));
/* algorithm and format dependent from here... */
switch(hdr.AlgorithmId) {
case CSSM_ALGID_RSA:
if(hdr.Format != CSSM_KEYBLOB_RAW_FORMAT_PKCS1) {
clErrorLog("CL SetField: RSA key must be in PKCS1 format\n");
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT);
}
/* and fall thru */
default:
{
/* Key header's algorithm --> OID */
const CSSM_OID *oid = cssmAlgToOid(hdr.AlgorithmId);
if(oid == NULL) {
clErrorLog("CL SetField: Unknown key algorithm\n");
CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
}
CSSM_X509_ALGORITHM_IDENTIFIER &algId = nssKeyInfo.algorithm;
coder.allocCopyItem(*oid, algId.algorithm);
/* NULL algorithm parameters, always in this case */
CL_nullAlgParams(algId);
/* Copy key bits, destination is a BIT STRING */
coder.allocCopyItem(cssmKey.KeyData, nssKeyInfo.subjectPublicKey);
nssKeyInfo.subjectPublicKey.Length *= 8;
break;
}
case CSSM_ALGID_DSA:
case CSSM_ALGID_ECDSA:
if(hdr.Format != CSSM_KEYBLOB_RAW_FORMAT_X509) {
clErrorLog("CL SetField: DSA/ECDSA key must be in X509 format\n");
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT);
}
/*
* All we do is decode the whole key blob into the
* SubjectPublicKeyInfo.
*/
if(coder.decodeItem(cssmKey.KeyData,
kSecAsn1SubjectPublicKeyInfoTemplate,
&nssKeyInfo)) {
clErrorLog("CL SetField: Error decoding DSA public key\n");
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT);
}
break;
}
}示例6: CL_decodeDistributionPointName
/* This is always a DER-encoded blob at the NSS level */
void CL_decodeDistributionPointName(
const CSSM_DATA &nssBlob,
CE_DistributionPointName &cssmDpn,
SecNssCoder &coder,
Allocator &alloc)
{
memset(&cssmDpn, 0, sizeof(CE_DistributionPointName));
if(nssBlob.Length == 0) {
clErrorLog("***CL_decodeDistributionPointName: bad PointName\n");
CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
}
unsigned char tag = nssBlob.Data[0] & SEC_ASN1_TAGNUM_MASK;
switch(tag) {
case NSS_DIST_POINT_FULL_NAME_TAG:
{
/* decode to temp coder memory */
NSS_GeneralNames gnames;
gnames.names = NULL;
if(coder.decodeItem(nssBlob, kSecAsn1DistPointFullNameTemplate,
&gnames)) {
clErrorLog("***Error decoding DistPointFullName\n");
CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
}
cssmDpn.nameType = CE_CDNT_FullName;
cssmDpn.dpn.fullName = (CE_GeneralNames *)alloc.malloc(
sizeof(CE_GeneralNames));
/* copy out to caller */
CL_nssGeneralNamesToCssm(gnames,
*cssmDpn.dpn.fullName, coder, alloc);
break;
}
case NSS_DIST_POINT_RDN_TAG:
{
/* decode to temp coder memory */
NSS_RDN rdn;
memset(&rdn, 0, sizeof(rdn));
if(coder.decodeItem(nssBlob, kSecAsn1DistPointRDNTemplate,
&rdn)) {
clErrorLog("***Error decoding DistPointRDN\n");
CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
}
cssmDpn.nameType = CE_CDNT_NameRelativeToCrlIssuer;
cssmDpn.dpn.rdn = (CSSM_X509_RDN_PTR)alloc.malloc(
sizeof(CSSM_X509_RDN));
/* copy out to caller */
CL_nssRdnToCssm(rdn, *cssmDpn.dpn.rdn, alloc, coder);
break;
}
default:
clErrorLog("***Bad CE_DistributionPointName tag\n");
CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
}
}示例7: sizeof
/* top-level PKCS12 PFX decoder */
void P12Coder::decode(
CFDataRef cdpfx)
{
SecNssCoder localCdr;
NSS_P12_DecodedPFX pfx;
p12DecodeLog("decode");
memset(&pfx, 0, sizeof(pfx));
const CSSM_DATA rawBlob = {int_cast<CFIndex, CSSM_SIZE>(CFDataGetLength(cdpfx)),
(uint8 *)CFDataGetBytePtr(cdpfx)};
if(localCdr.decodeItem(rawBlob, NSS_P12_DecodedPFXTemplate, &pfx)) {
p12ErrorLog("Error on top-level decode of NSS_P12_DecodedPFX\n");
P12_THROW_DECODE;
}
NSS_P7_DecodedContentInfo &dci = pfx.authSafe;
if(dci.type != CT_Data) {
/* no other types supported yet */
p12ErrorLog("bad top-level contentType\n");
P12_THROW_DECODE;
}
mIntegrityMode = kSecPkcs12ModePassword;
if(pfx.macData == NULL) {
/* not present is an error in kSecPkcs12ModePassword */
p12ErrorLog("no MAC in PFX\n");
P12_THROW_DECODE;
}
macParse(*pfx.macData, localCdr);
const CSSM_DATA *macPhrase = getMacPassPhrase();
const CSSM_KEY *macPassKey = getMacPassKey();
if((macPhrase == NULL) && (macPassKey == NULL)) {
p12ErrorLog("no passphrase set\n");
CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_PASSPHRASE);
}
CSSM_RETURN crtn = p12VerifyMac(pfx, mCspHand, macPhrase,
macPassKey, localCdr);
if(crtn) {
p12LogCssmError("p12VerifyMac", crtn);
CssmError::throwMe(errSecPkcs12VerifyFailure);
}
authSafeParse(*dci.content.data, localCdr);
/*
* On success, if we have a keychain, store certs and CRLs there
*/
if(mKeychain != NULL) {
storeDecodeResults();
}
}示例8: CL_cssmAtvToNss
/*
* CSSM_X509_TYPE_VALUE_PAIR --> NSS_ATV
*/
void CL_cssmAtvToNss(
const CSSM_X509_TYPE_VALUE_PAIR &cssmObj,
NSS_ATV &nssObj,
SecNssCoder &coder)
{
memset(&nssObj, 0, sizeof(nssObj));
/* copy the OID */
coder.allocCopyItem(cssmObj.type, nssObj.type);
/* tag and value */
nssObj.value.tag = cssmObj.valueType;
coder.allocCopyItem(cssmObj.value, nssObj.value.item);
}示例9: writeAuthSafeContent
static int writeAuthSafeContent(
const CSSM_DATA &rawBlob,
const char *outFile,
SecNssCoder &coder,
OidParser &parser)
{
NSS_P12_RawPFX pfx;
memset(&pfx, 0, sizeof(pfx));
if(coder.decodeItem(rawBlob, NSS_P12_RawPFXTemplate, &pfx)) {
printf("***Error on top-level decode of NSS_P12_RawPFX\n");
return 1;
}
printf("...version = %u\n", (unsigned)dataToInt(pfx.version));
NSS_P7_RawContentInfo &rci = pfx.authSafe;
printf("...contentType = %s\n", oidStr(rci.contentType, parser));
/* parse content per OID the only special case is PKCS7_Data,
* which we unwrap from an octet string before writing it */
CSSM_DATA toWrite;
if(nssCompareCssmData(&rci.contentType, &CSSMOID_PKCS7_Data)) {
if(coder.decodeItem(rci.content, SEC_OctetStringTemplate,
&toWrite)) {
printf("***Error decoding PKCS7_Data Octet string; writing"
" raw contents\n");
toWrite = rci.content;
}
}
else if(nssCompareCssmData(&rci.contentType,
&CSSMOID_PKCS7_SignedData)) {
/* the only other legal content type here */
/* This is encoded SignedData which I am not even close
* to worrying about - Panther p12 won't do this */
toWrite = rci.content;
}
else {
printf("***writeAuthSafeContent: bad contentType\n");
return 1;
}
if(writeFile(outFile, toWrite.Data, toWrite.Length)) {
printf("***Error writing to %s\n", outFile);
return 1;
}
else {
printf("...%u bytes written to %s\n",
(unsigned)toWrite.Length, outFile);
return 0;
}
}示例10: CL_infoAccessToCssm
void CL_infoAccessToCssm(
const NSS_AuthorityInfoAccess &nssObj,
CE_AuthorityInfoAccess &cdsaObj,
SecNssCoder &coder, // for temp decoding
Allocator &alloc)
{
memset(&cdsaObj, 0, sizeof(cdsaObj));
unsigned numDescs = clNssArraySize((const void **)nssObj.accessDescriptions);
if(numDescs == 0) {
return;
}
cdsaObj.accessDescriptions = (CE_AccessDescription *)alloc.malloc(
numDescs * sizeof(CE_AccessDescription));
cdsaObj.numAccessDescriptions = numDescs;
for(unsigned dex=0; dex<numDescs; dex++) {
CE_AccessDescription *dst = &cdsaObj.accessDescriptions[dex];
NSS_AccessDescription *src = nssObj.accessDescriptions[dex];
clAllocCopyData(alloc, src->accessMethod, dst->accessMethod);
/* decode the general name */
NSS_GeneralName nssGenName;
memset(&nssGenName, 0, sizeof(nssGenName));
PRErrorCode prtn = coder.decodeItem(src->encodedAccessLocation,
kSecAsn1GeneralNameTemplate, &nssGenName);
if(prtn) {
clErrorLog("***Error decoding NSS_AuthorityInfoAccess.accessLocation\n");
CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
}
/* then convert the result to CSSM */
CL_nssGeneralNameToCssm(nssGenName, dst->accessLocation, coder, alloc);
}
}示例11: CL_nssDecodeECDSASigAlgParams
/*
* Some implementations use a two-OID mechanism to specify ECDSA signature
* algorithm with a digest of other than SHA1. This is really not necessary;
* we use the single-OID method (e.g. CSSMOID_ECDSA_WithSHA512) when
* encoding, but we have to accomodate externally generated items with
* the two-OID method. This routine decodes the digest OID and infers a
* CSSM_ALGORITHMS from it.
* Throws CSSMERR_CL_UNKNOWN_FORMAT on any error.
*/
CSSM_ALGORITHMS CL_nssDecodeECDSASigAlgParams(
const CSSM_DATA &encParams,
SecNssCoder &coder)
{
CSSM_X509_ALGORITHM_IDENTIFIER algParams;
memset(&algParams, 0, sizeof(algParams));
PRErrorCode prtn = coder.decodeItem(encParams, kSecAsn1AlgorithmIDTemplate, &algParams);
if(prtn) {
clErrorLog("CL_nssDecodeECDSASigAlgParams: error decoding CSSM_X509_ALGORITHM_IDENTIFIER\n");
CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
}
/* get the digest algorithm, convert to ECDSA w/digest OID */
CSSM_ALGORITHMS digestAlg = CL_oidToAlg(algParams.algorithm);
switch(digestAlg) {
case CSSM_ALGID_SHA1:
return CSSM_ALGID_SHA1WithECDSA;
case CSSM_ALGID_SHA224:
return CSSM_ALGID_SHA224WithECDSA;
case CSSM_ALGID_SHA256:
return CSSM_ALGID_SHA256WithECDSA;
case CSSM_ALGID_SHA384:
return CSSM_ALGID_SHA384WithECDSA;
case CSSM_ALGID_SHA512:
return CSSM_ALGID_SHA512WithECDSA;
default:
clErrorLog("CL_nssDecodeECDSASigAlgParams: unknown digest algorithm\n");
CssmError::throwMe(CSSMERR_CL_UNKNOWN_FORMAT);
}
}示例12: p12IntToData
/* uint32 --> CSSM_DATA */
void p12IntToData(
uint32 num,
CSSM_DATA &cdata,
SecNssCoder &coder)
{
uint32 len = 0;
if(num < 0x100) {
len = 1;
}
else if(num < 0x10000) {
len = 2;
}
else if(num < 0x1000000) {
len = 3;
}
else {
len = 4;
}
coder.allocItem(cdata, len);
uint8 *cp = &cdata.Data[len - 1];
for(unsigned i=0; i<len; i++) {
*cp-- = num & 0xff;
num >>= 8;
}
}示例13: p12GenMac
/*
* Calculate the MAC for a PFX. Caller is either going compare
* the result against an existing PFX's MAC or drop the result into
* a newly created PFX.
*/
CSSM_RETURN p12GenMac(
CSSM_CSP_HANDLE cspHand,
const CSSM_DATA &ptext, // e.g., NSS_P12_DecodedPFX.derAuthSaafe
CSSM_ALGORITHMS alg, // better be SHA1!
unsigned iterCount,
const CSSM_DATA &salt,
/* exactly one of the following two must be valid */
const CSSM_DATA *pwd, // unicode external representation
const CSSM_KEY *passKey,
SecNssCoder &coder, // for mallocing macData
CSSM_DATA &macData) // RETURNED
{
CSSM_RETURN crtn;
CSSM_CC_HANDLE ccHand = 0;
/* P12 style key derivation */
unsigned keySizeInBits;
CSSM_ALGORITHMS hmacAlg;
switch(alg) {
case CSSM_ALGID_SHA1:
keySizeInBits = 160;
hmacAlg = CSSM_ALGID_SHA1HMAC;
break;
case CSSM_ALGID_MD5:
/* not even sure if this is legal in p12 world... */
keySizeInBits = 128;
hmacAlg = CSSM_ALGID_MD5HMAC;
break;
default:
return CSSMERR_CSP_INVALID_ALGORITHM;
}
CSSM_KEY macKey;
CSSM_DATA iv = {0, NULL};
crtn = p12KeyGen(cspHand, macKey, false, hmacAlg, alg,
keySizeInBits, iterCount, salt, pwd, passKey, iv);
if(crtn) {
return crtn;
}
/* subsequent errors to errOut: */
/* prealloc the mac data */
coder.allocItem(macData, keySizeInBits / 8);
crtn = CSSM_CSP_CreateMacContext(cspHand, hmacAlg, &macKey, &ccHand);
if(crtn) {
cuPrintError("CSSM_CSP_CreateMacContext", crtn);
goto errOut;
}
crtn = CSSM_GenerateMac (ccHand, &ptext, 1, &macData);
if(crtn) {
cuPrintError("CSSM_GenerateMac", crtn);
}
errOut:
if(ccHand) {
CSSM_DeleteContext(ccHand);
}
CSSM_FreeKey(cspHand, NULL, &macKey, CSSM_FALSE);
return crtn;
}示例14: CL_cssmTimeToNss
/*
* CSSM time to NSS time.
*/
void CL_cssmTimeToNss(
const CSSM_X509_TIME &cssmTime,
NSS_TaggedItem &nssTime,
SecNssCoder &coder)
{
nssTime.tag = cssmTime.timeType;
coder.allocCopyItem(cssmTime.time, nssTime.item);
}示例15: p12CfDataToCssm
void p12CfDataToCssm(
CFDataRef cf,
CSSM_DATA &c,
SecNssCoder &coder)
{
coder.allocCopyItem(CFDataGetBytePtr(cf),
CFDataGetLength(cf), c);
}