Closed Bug 231881 Opened 21 years ago Closed 21 years ago

export cert functions that decode extensions

Categories

(NSS :: Libraries, enhancement, P2)

Product:
NSS
Component:
Libraries
Platform:
x86
Windows 2000
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: nelson, Assigned: nelson)

References

Details

Attachments

(2 files)

patch v1 - see comment 2
25.35 KB, patch
wtc
: review+
rrelyea
: superreview+
Details | Diff | Splinter Review
Revised patch for certt.h
1.40 KB, patch
rrelyea
: review+
Details | Diff | Splinter Review
The CERTCertificate structure contains a pointer to an array of unparsed extensions. There are function in nss to parse many (most) of the common extensions, but most of those functions are not exported, and are declared in private header files. These functions need to be exported and made public. It is difficult for applications to make any use of these extensions without the functions to parse them. The Pretty Printing enhancements in bug 132942 will need them. The issue/question is: Do we make some of the existing private header files public? or do we move the declarations of the affected functions to public headers? files that contain the relevant declarations include: certdb/genname.h certdb/xconst.h and perhaps others.
I think the declaration of these functions should be moved to cert.h.
Summary: export cert functions that decode extensions → export cert functions that decode extensions
Priority: -- → P2
Target Milestone: --- → 3.10
This patch is large, bug the changes it makes are conceptually small. It touches a lot of lines because functions were renamed for exporting. Reviewers, please review this bug to see that it does all the following, and only these things: 1. renames functions as follows: cert_get_next_general_name -> CERT_GetNextGeneralName cert_get_prev_general_name -> CERT_GetPrevGeneralName cert_get_next_name_constraint -> CERT_GetNextNameConstraint cert_get_prev_name_constraint -> CERT_GetPrevNameConstraint cert_DecodeAuthInfoAccessExtension -> CERT_DecodeAuthInfoAccessExtension 2. Adds declarations for the following functions to cert.h (public file) CERT_DecodeAltNameExtension( CERT_DecodeNameConstraintsExtension( CERT_DecodeAuthInfoAccessExtension( CERT_DecodePrivKeyUsagePeriodExtension( CERT_GetNextGeneralName( CERT_GetPrevGeneralName( CERT_GetNextNameConstraint( CERT_GetPrevNameConstraint( 3. Renames struct PKUPEncodedContext to CERTPrivKeyUsagePeriod. and moves the declaration to cert.h, and a typedef for it. and sorts the struct typedefs into alphabetical order. Also renamed struct AltNameEncodedContext to CERTAltNameEncodedContext 4. removes declarations of the followingt functions from private header genname.h: cert_get_next_general_name cert_get_prev_general_name 5. Renames CERT_EncodePublicKeyUsagePeriod to CERT_EncodePrivateKeyUsagePeriod. The function has always encoded Private Key Usage Periods, and was simply misnamed. Adds new function CERT_DecodePrivKeyUsagePeriodExtension to xconst.c. This function complements CERT_EncodePrivateKeyUsagePeriod() and uses the same signature as the other CERT_Decode functions. 6. makes xconst.h idempotent, and compilable by C++. 7. exports the following functions: CERT_DecodeAltNameExtension; CERT_DecodeAuthInfoAccessExtension; CERT_DecodeAuthKeyID; CERT_DecodeCRLDistributionPoints; CERT_DecodeNameConstraintsExtension; CERT_DecodePrivKeyUsagePeriodExtension; CERT_GetNextGeneralName; CERT_GetNextNameConstraint; CERT_GetPrevGeneralName; CERT_GetPrevNameConstraint; 8. Breaks some lines that were longer than 80 columns.
Comment on attachment 139952 [details] [diff] [review] patch v1 - see comment 2 Please review.
Attachment #139952 - Flags: review?(wchang0222)
Comment on attachment 139952 [details] [diff] [review] patch v1 - see comment 2 The patch looks good. My only comment is I would prefer the changes to certt.h not get checked in. The only changes in certt.h is to reorder several typedefs. The current typedefs are orded alphabetically according the newly defined types, the new order is orded alphabetically according to the base structures of these types. I believe the original order is more "correct" or "useful" since when humans look at the file, the are usually know they defined type and what to know what data structure defines it. Example: Original order... typedef struct CERTCertificateStr CERTCertificate; typedef struct CERTCertificateListStr CERTCertificateList; typedef struct CERTCertificateRequestStr CERTCertificateRequest; New order: typedef struct CERTCertificateListStr CERTCertificateList; typedef struct CERTCertificateRequestStr CERTCertificateRequest; typedef struct CERTCertificateStr CERTCertificate; r+ because the rest of the patch can go in as is.
Attachment #139952 - Flags: superreview+
Comment on attachment 139952 [details] [diff] [review] patch v1 - see comment 2 r=wtc. >+CERTPrivKeyUsagePeriod * >+CERT_DecodePrivKeyUsagePeriodExtension(PLArenaPool *arena, SECItem *extnValue) >+{ ... >+ /* decode the policy info */ >+ rv = SEC_QuickDERDecodeItem(arena, pPeriod, >+ CERTPrivateKeyUsagePeriodTemplate, >+ &newExtnValue); The comment is wrong.
Attachment #139952 - Flags: review?(wchang0222) → review+
Comment on attachment 139952 [details] [diff] [review] patch v1 - see comment 2 Another comment: I think the 'arena' field in the CERTPrivKeyUsagePeriod structure is useless because the structure doesn't own that arena and won't need to allocate memory from that arena after the structure has been constructed: >+/* Private Key Usage Period extension struct. */ >+struct CERTPrivKeyUsagePeriodStr { >+ SECItem notBefore; >+ SECItem notAfter; >+ PRArenaPool *arena; >+};
Blocks: 124923
Bob write: > The only changes in certt.h is to reorder several typedefs. No, there is a new struct in certt.h, and a new typedef for it. I metnioned that in item 3 of my summary (I said cert.h, but it was actually in certt.h). I'm willing to sort the names by the typedef'ed name, rather than the structure name.
I resorted the typedefs by the typedef name. This patch is the result.
Comment on attachment 140039 [details] [diff] [review] Revised patch for certt.h bob, pls review.
Attachment #140039 - Flags: review?(rrelyea0264)
Comment on attachment 140039 [details] [diff] [review] Revised patch for certt.h Looks good. r=relyea
Attachment #140039 - Flags: review?(rrelyea0264) → review+
No longer blocks: 124923
/cvsroot/mozilla/security/nss/lib/certdb/alg1485.c,v <-- alg1485.c new revision: 1.20; previous revision: 1.19 /cvsroot/mozilla/security/nss/lib/certdb/cert.h,v <-- cert.h new revision: 1.45; previous revision: 1.44 /cvsroot/mozilla/security/nss/lib/certdb/certdb.c,v <-- certdb.c new revision: 1.62; previous revision: 1.61 /cvsroot/mozilla/security/nss/lib/certdb/certt.h,v <-- certt.h new revision: 1.25; previous revision: 1.24 /cvsroot/mozilla/security/nss/lib/certdb/genname.c,v <-- genname.c new revision: 1.26; previous revision: 1.25 /cvsroot/mozilla/security/nss/lib/certdb/genname.h,v <-- genname.h new revision: 1.7; previous revision: 1.6 /cvsroot/mozilla/security/nss/lib/certdb/xconst.c,v <-- xconst.c new revision: 1.6; previous revision: 1.5 /cvsroot/mozilla/security/nss/lib/certdb/xconst.h,v <-- xconst.h new revision: 1.3; previous revision: 1.2 /cvsroot/mozilla/security/nss/lib/certhigh/ocsp.c,v <-- ocsp.c new revision: 1.18; previous revision: 1.17 /cvsroot/mozilla/security/nss/lib/nss/nss.def,v <-- nss.def new revision: 1.129; previous revision: 1.128 /cvsroot/mozilla/security/nss/cmd/certcgi/certcgi.c,v <-- certcgi.c new revision: 1.15; previous revision: 1.14
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: