/* alg1485.c - implementation of RFCs 1485, 1779 and 2253.

 *

 * This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this

 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "prprf.h"

#include "cert.h"

#include "certi.h"

#include "xconst.h"

#include "genname.h"

#include "secitem.h"

#include "secerr.h"

typedef struct NameToKindStr {

    const char * name;

    unsigned int maxLen; /* max bytes in UTF8 encoded string value */

    SECOidTag    kind;

    int		 valueType;

} NameToKind;

/* local type for directory string--could be printable_string or utf8 */

#define SEC_ASN1_DS SEC_ASN1_HIGH_TAG_NUMBER

/* Add new entries to this table, and maybe to function ParseRFC1485AVA */

static const NameToKind name2kinds[] = {

/* IANA registered type names

 * (See: http://www.iana.org/assignments/ldap-parameters) 

 */

/* RFC 3280, 4630 MUST SUPPORT */

    { "CN",            640, SEC_OID_AVA_COMMON_NAME,    SEC_ASN1_DS},

    { "ST",            128, SEC_OID_AVA_STATE_OR_PROVINCE,

							SEC_ASN1_DS},

    { "O",             128, SEC_OID_AVA_ORGANIZATION_NAME,

							SEC_ASN1_DS},

    { "OU",            128, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,

                                                        SEC_ASN1_DS},

    { "dnQualifier", 32767, SEC_OID_AVA_DN_QUALIFIER, SEC_ASN1_PRINTABLE_STRING},

    { "C",               2, SEC_OID_AVA_COUNTRY_NAME, SEC_ASN1_PRINTABLE_STRING},

    { "serialNumber",   64, SEC_OID_AVA_SERIAL_NUMBER,SEC_ASN1_PRINTABLE_STRING},

/* RFC 3280, 4630 SHOULD SUPPORT */

    { "L",             128, SEC_OID_AVA_LOCALITY,       SEC_ASN1_DS},

    { "title",          64, SEC_OID_AVA_TITLE,          SEC_ASN1_DS},

    { "SN",             64, SEC_OID_AVA_SURNAME,        SEC_ASN1_DS},

    { "givenName",      64, SEC_OID_AVA_GIVEN_NAME,     SEC_ASN1_DS},

    { "initials",       64, SEC_OID_AVA_INITIALS,       SEC_ASN1_DS},

    { "generationQualifier",

                        64, SEC_OID_AVA_GENERATION_QUALIFIER,

                                                        SEC_ASN1_DS},

/* RFC 3280, 4630 MAY SUPPORT */

    { "DC",            128, SEC_OID_AVA_DC,             SEC_ASN1_IA5_STRING},

    { "MAIL",          256, SEC_OID_RFC1274_MAIL,       SEC_ASN1_IA5_STRING},

    { "UID",           256, SEC_OID_RFC1274_UID,        SEC_ASN1_DS},

/* ------------------ "strict" boundary ---------------------------------

 * In strict mode, cert_NameToAscii does not encode any of the attributes

 * below this line. The first SECOidTag below this line must be used to

 * conditionally define the "endKind" in function AppendAVA() below.

 * Most new attribute names should be added below this line.

 * Maybe this line should be up higher?  Say, after the 3280 MUSTs and 

 * before the 3280 SHOULDs?

 */

/* values from draft-ietf-ldapbis-user-schema-05 (not in RFC 3280) */

    { "postalAddress", 128, SEC_OID_AVA_POSTAL_ADDRESS, SEC_ASN1_DS},

    { "postalCode",     40, SEC_OID_AVA_POSTAL_CODE,    SEC_ASN1_DS},

    { "postOfficeBox",  40, SEC_OID_AVA_POST_OFFICE_BOX,SEC_ASN1_DS},

    { "houseIdentifier",64, SEC_OID_AVA_HOUSE_IDENTIFIER,SEC_ASN1_DS},

/* end of IANA registered type names */

/* legacy keywords */

    { "E",             128, SEC_OID_PKCS9_EMAIL_ADDRESS,SEC_ASN1_IA5_STRING},

    { "STREET",        128, SEC_OID_AVA_STREET_ADDRESS, SEC_ASN1_DS},

    { "pseudonym",      64, SEC_OID_AVA_PSEUDONYM,      SEC_ASN1_DS},

/* values defined by the CAB Forum for EV */

    { "incorporationLocality", 128, SEC_OID_EV_INCORPORATION_LOCALITY,

                                                        SEC_ASN1_DS},

    { "incorporationState",    128, SEC_OID_EV_INCORPORATION_STATE,

                                                        SEC_ASN1_DS},

    { "incorporationCountry",    2, SEC_OID_EV_INCORPORATION_COUNTRY,

                                                    SEC_ASN1_PRINTABLE_STRING},

    { "businessCategory",       64, SEC_OID_BUSINESS_CATEGORY, SEC_ASN1_DS},

/* values defined in X.520 */

    { "name",           64, SEC_OID_AVA_NAME,           SEC_ASN1_DS},

    { 0,               256, SEC_OID_UNKNOWN,            0},

};

/* Table facilitates conversion of ASCII hex to binary. */

static const PRInt16 x2b[256] = {

/* #0x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 

/* #1x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 

/* #2x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 

/* #3x */  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, -1, -1, -1, -1, -1, -1, 

/* #4x */ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1, 

/* #5x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 

/* #6x */ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1, 

/* #7x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 

/* #8x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 

/* #9x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 

/* #ax */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 

/* #bx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 

/* #cx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 

/* #dx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 

/* #ex */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 

/* #fx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1

};

#define IS_HEX(c) (x2b[(PRUint8)(c)] >= 0)

#define C_DOUBLE_QUOTE '\042'

#define C_BACKSLASH '\134'

#define C_EQUAL '='

#define OPTIONAL_SPACE(c) \

    (((c) == ' ') || ((c) == '\r') || ((c) == '\n'))

#define SPECIAL_CHAR(c)						\

    (((c) == ',') || ((c) == '=') || ((c) == C_DOUBLE_QUOTE) ||	\

     ((c) == '\r') || ((c) == '\n') || ((c) == '+') ||		\

     ((c) == '<') || ((c) == '>') || ((c) == '#') ||		\

     ((c) == ';') || ((c) == C_BACKSLASH))

#define IS_PRINTABLE(c)						\

    ((((c) >= 'a') && ((c) <= 'z')) ||				\

     (((c) >= 'A') && ((c) <= 'Z')) ||				\

     (((c) >= '0') && ((c) <= '9')) ||				\

     ((c) == ' ') ||						\

     ((c) == '\'') ||						\

     ((c) == '\050') ||				/* ( */		\

     ((c) == '\051') ||				/* ) */		\

     (((c) >= '+') && ((c) <= '/')) ||		/* + , - . / */	\

     ((c) == ':') ||						\

     ((c) == '=') ||						\

     ((c) == '?'))

/* RFC 2253 says we must escape ",+\"\\<>;=" EXCEPT inside a quoted string.

 * Inside a quoted string, we only need to escape " and \

 * We choose to quote strings containing any of those special characters,

 * so we only need to escape " and \

 */

#define NEEDS_ESCAPE(c) \

    (c == C_DOUBLE_QUOTE || c == C_BACKSLASH)

#define NEEDS_HEX_ESCAPE(c) \

    ((PRUint8)c < 0x20 || c == 0x7f)

int

cert_AVAOidTagToMaxLen(SECOidTag tag)

{

    const NameToKind *n2k = name2kinds;

    while (n2k->kind != tag && n2k->kind != SEC_OID_UNKNOWN) {

	++n2k;

    }

    return (n2k->kind != SEC_OID_UNKNOWN) ? n2k->maxLen : -1;

}

static PRBool

IsPrintable(unsigned char *data, unsigned len)

{

    unsigned char ch, *end;

    end = data + len;

    while (data < end) {

	ch = *data++;

	if (!IS_PRINTABLE(ch)) {

	    return PR_FALSE;

	}

    }

    return PR_TRUE;

}

static void

skipSpace(const char **pbp, const char *endptr)

{

    const char *bp = *pbp;

    while (bp < endptr && OPTIONAL_SPACE(*bp)) {

	bp++;

    }

    *pbp = bp;

}

static SECStatus

scanTag(const char **pbp, const char *endptr, char *tagBuf, int tagBufSize)

{

    const char *bp;

    char *tagBufp;

    int taglen;

    PORT_Assert(tagBufSize > 0);

    /* skip optional leading space */

    skipSpace(pbp, endptr);

    if (*pbp == endptr) {

	/* nothing left */

	return SECFailure;

    }

    /* fill tagBuf */

    taglen = 0;

    bp = *pbp;

    tagBufp = tagBuf;

    while (bp < endptr && !OPTIONAL_SPACE(*bp) && (*bp != C_EQUAL)) {

	if (++taglen >= tagBufSize) {

	    *pbp = bp;

	    return SECFailure;

	}

	*tagBufp++ = *bp++;

    }

    /* null-terminate tagBuf -- guaranteed at least one space left */

    *tagBufp++ = 0;

    *pbp = bp;

    /* skip trailing spaces till we hit something - should be an equal sign */

    skipSpace(pbp, endptr);

    if (*pbp == endptr) {

	/* nothing left */

	return SECFailure;

    }

    if (**pbp != C_EQUAL) {

	/* should be an equal sign */

	return SECFailure;

    }

    /* skip over the equal sign */

    (*pbp)++;

    return SECSuccess;

}

/* Returns the number of bytes in the value. 0 means failure. */

static int

scanVal(const char **pbp, const char *endptr, char *valBuf, int valBufSize)  

{

    const char *bp;

    char *valBufp;

    int vallen = 0;

    PRBool isQuoted;

    PORT_Assert(valBufSize > 0);

    /* skip optional leading space */

    skipSpace(pbp, endptr);

    if(*pbp == endptr) {

	/* nothing left */

	return 0;

    }

    bp = *pbp;

    /* quoted? */

    if (*bp == C_DOUBLE_QUOTE) {

	isQuoted = PR_TRUE;

	/* skip over it */

	bp++;

    } else {

	isQuoted = PR_FALSE;

    }

    valBufp = valBuf;

    while (bp < endptr) {

	char c = *bp;

	if (c == C_BACKSLASH) {

	    /* escape character */

	    bp++;

	    if (bp >= endptr) {

		/* escape charater must appear with paired char */

		*pbp = bp;

		return 0;

	    }

	    c = *bp;

	    if (IS_HEX(c) && (endptr - bp) >= 2 && IS_HEX(bp[1])) {

		bp++;

		c = (char)((x2b[(PRUint8)c] << 4) | x2b[(PRUint8)*bp]); 

	    }

	} else if (c == '#' && bp == *pbp) {

	    /* ignore leading #, quotation not required for it. */

	} else if (!isQuoted && SPECIAL_CHAR(c)) {

	    /* unescaped special and not within quoted value */

	    break;

	} else if (c == C_DOUBLE_QUOTE) {

	    /* reached unescaped double quote */

	    break;

	}

	/* append character */

        vallen++;

	if (vallen >= valBufSize) {

	    *pbp = bp;

	    return 0;

	}

	*valBufp++ = c;

	bp++;

    }

    /* strip trailing spaces from unquoted values */

    if (!isQuoted) {

	while (valBufp > valBuf) {

	    char c = valBufp[-1];

	    if (! OPTIONAL_SPACE(c))

	        break;

	    --valBufp;

	}

	vallen = valBufp - valBuf;

    }

    if (isQuoted) {

	/* insist that we stopped on a double quote */

	if (*bp != C_DOUBLE_QUOTE) {

	    *pbp = bp;

	    return 0;

	}

	/* skip over the quote and skip optional space */

	bp++;

	skipSpace(&bp, endptr);

    }

    *pbp = bp;

    /* null-terminate valBuf -- guaranteed at least one space left */

    *valBufp = 0;

    return vallen;

}

/* Caller must set error code upon failure */

static SECStatus

hexToBin(PLArenaPool *pool, SECItem * destItem, const char * src, int len)

{

    PRUint8 * dest;

    destItem->data = NULL; 

    if (len <= 0 || (len & 1)) {

	goto loser;

    }

    len >>= 1;

    if (!SECITEM_AllocItem(pool, destItem, len))

	goto loser;

    dest = destItem->data;

    for (; len > 0; len--, src += 2) {

	PRInt16 bin = (x2b[(PRUint8)src[0]] << 4) | x2b[(PRUint8)src[1]]; 

	if (bin < 0)

	    goto loser;

	*dest++ = (PRUint8)bin;

    }

    return SECSuccess;

loser:

    if (!pool)

    	SECITEM_FreeItem(destItem, PR_FALSE);

    return SECFailure;

}

/* Parses one AVA, starting at *pbp.  Stops at endptr.

 * Advances *pbp past parsed AVA and trailing separator (if present).

 * On any error, returns NULL and *pbp is undefined.

 * On success, returns CERTAVA allocated from arena, and (*pbp)[-1] was 

 * the last character parsed.  *pbp is either equal to endptr or 

 * points to first character after separator.

 */

static CERTAVA *

ParseRFC1485AVA(PLArenaPool *arena, const char **pbp, const char *endptr)

{

    CERTAVA *a;

    const NameToKind *n2k;

    const char *bp;

    int       vt = -1;

    int       valLen;

    SECOidTag kind  = SEC_OID_UNKNOWN;

    SECStatus rv    = SECFailure;

    SECItem   derOid = { 0, NULL, 0 };

    SECItem   derVal = { 0, NULL, 0};

    char      sep   = 0;

    char tagBuf[32];

    char valBuf[1024];

    PORT_Assert(arena);

    if (SECSuccess != scanTag(pbp, endptr, tagBuf, sizeof tagBuf) ||

	!(valLen    = scanVal(pbp, endptr, valBuf, sizeof valBuf))) {

	goto loser;

    }

    bp = *pbp;

    if (bp < endptr) {

	sep = *bp++; /* skip over separator */

    }

    *pbp = bp;

    /* if we haven't finished, insist that we've stopped on a separator */

    if (sep && sep != ',' && sep != ';' && sep != '+') {

	goto loser;

    }

    /* is this a dotted decimal OID attribute type ? */

    if (!PL_strncasecmp("oid.", tagBuf, 4)) {

        rv = SEC_StringToOID(arena, &derOid, tagBuf, strlen(tagBuf));

    } else {

	for (n2k = name2kinds; n2k->name; n2k++) {

	    SECOidData *oidrec;

	    if (PORT_Strcasecmp(n2k->name, tagBuf) == 0) {

		kind = n2k->kind;

		vt   = n2k->valueType;

		oidrec = SECOID_FindOIDByTag(kind);

		if (oidrec == NULL)

		    goto loser;

		derOid = oidrec->oid;

		break;

	    }

	}

    }

    if (kind == SEC_OID_UNKNOWN && rv != SECSuccess) 

	goto loser;

    /* Is this a hex encoding of a DER attribute value ? */

    if ('#' == valBuf[0]) {

    	/* convert attribute value from hex to binary */

	rv = hexToBin(arena, &derVal, valBuf + 1, valLen - 1);

	if (rv)

	    goto loser;

	a = CERT_CreateAVAFromRaw(arena, &derOid, &derVal);

    } else {

	if (kind == SEC_OID_UNKNOWN)

	    goto loser;

	if (kind == SEC_OID_AVA_COUNTRY_NAME && valLen != 2)

	    goto loser;

	if (vt == SEC_ASN1_PRINTABLE_STRING &&

	    !IsPrintable((unsigned char*) valBuf, valLen)) 

	    goto loser;

	if (vt == SEC_ASN1_DS) {

	    /* RFC 4630: choose PrintableString or UTF8String */

	    if (IsPrintable((unsigned char*) valBuf, valLen))

		vt = SEC_ASN1_PRINTABLE_STRING;

	    else 

		vt = SEC_ASN1_UTF8_STRING;

	}

	derVal.data = (unsigned char*) valBuf;

	derVal.len  = valLen;

	a = CERT_CreateAVAFromSECItem(arena, kind, vt, &derVal);

    }

    return a;

loser:

    /* matched no kind -- invalid tag */

    PORT_SetError(SEC_ERROR_INVALID_AVA);

    return 0;

}

static CERTName *

ParseRFC1485Name(const char *buf, int len)

{

    SECStatus rv;

    CERTName *name;

    const char *bp, *e;

    CERTAVA *ava;

    CERTRDN *rdn = NULL;

    name = CERT_CreateName(NULL);

    if (name == NULL) {

	return NULL;

    }

    e = buf + len;

    bp = buf;

    while (bp < e) {

	ava = ParseRFC1485AVA(name->arena, &bp, e);

	if (ava == 0) 

	    goto loser;

	if (!rdn) {

	    rdn = CERT_CreateRDN(name->arena, ava, (CERTAVA *)0);

	    if (rdn == 0) 

		goto loser;

	    rv = CERT_AddRDN(name, rdn);

	} else {

	    rv = CERT_AddAVA(name->arena, rdn, ava);

	}

	if (rv) 

	    goto loser;

	if (bp[-1] != '+')

	    rdn = NULL; /* done with this RDN */

	skipSpace(&bp, e);

    }

    if (name->rdns[0] == 0) {

	/* empty name -- illegal */

	goto loser;

    }

    /* Reverse order of RDNS to comply with RFC */

    {

	CERTRDN **firstRdn;

	CERTRDN **lastRdn;

	CERTRDN *tmp;

	/* get first one */

	firstRdn = name->rdns;

	/* find last one */

	lastRdn = name->rdns;

	while (*lastRdn) lastRdn++;

	lastRdn--;

	/* reverse list */

	for ( ; firstRdn < lastRdn; firstRdn++, lastRdn--) {

	    tmp = *firstRdn;

	    *firstRdn = *lastRdn;

	    *lastRdn = tmp;

	}

    }

    /* return result */

    return name;

  loser:

    CERT_DestroyName(name);

    return NULL;

}

CERTName *

CERT_AsciiToName(const char *string)

{

    CERTName *name;

    name = ParseRFC1485Name(string, PORT_Strlen(string));

    return name;

}

/************************************************************************/

typedef struct stringBufStr {

    char *buffer;

    unsigned offset;

    unsigned size;

} stringBuf;

#define DEFAULT_BUFFER_SIZE 200

static SECStatus

AppendStr(stringBuf *bufp, char *str)

{

    char *buf;

    unsigned bufLen, bufSize, len;

    int size = 0;

    /* Figure out how much to grow buf by (add in the '\0') */

    buf = bufp->buffer;

    bufLen = bufp->offset;

    len = PORT_Strlen(str);

    bufSize = bufLen + len;

    if (!buf) {

	bufSize++;

	size = PR_MAX(DEFAULT_BUFFER_SIZE,bufSize*2);

	buf = (char *) PORT_Alloc(size);

	bufp->size = size;

    } else if (bufp->size < bufSize) {

	size = bufSize*2;

	buf =(char *) PORT_Realloc(buf,size);

	bufp->size = size;

    }

    if (!buf) {

	PORT_SetError(SEC_ERROR_NO_MEMORY);

	return SECFailure;

    }

    bufp->buffer = buf;

    bufp->offset = bufSize;

    /* Concatenate str onto buf */

    buf = buf + bufLen;

    if (bufLen) buf--;			/* stomp on old '\0' */

    PORT_Memcpy(buf, str, len+1);		/* put in new null */

    return SECSuccess;

}

typedef enum {

    minimalEscape = 0,		/* only hex escapes, and " and \ */

    minimalEscapeAndQuote,	/* as above, plus quoting        */

    fullEscape                  /* no quoting, full escaping     */

} EQMode;

/* Some characters must be escaped as a hex string, e.g. c -> \nn .

 * Others must be escaped by preceding with a '\', e.g. c -> \c , but

 * there are certain "special characters" that may be handled by either

 * escaping them, or by enclosing the entire attribute value in quotes.

 * A NULL value for pEQMode implies selecting minimalEscape mode.

 * Some callers will do quoting when needed, others will not.

 * If a caller selects minimalEscapeAndQuote, and the string does not

 * need quoting, then this function changes it to minimalEscape.

 */

static int

cert_RFC1485_GetRequiredLen(const char *src, int srclen, EQMode *pEQMode)

{

    int i, reqLen=0;

    EQMode mode = pEQMode ? *pEQMode : minimalEscape;

    PRBool needsQuoting = PR_FALSE;

    char lastC = 0;

    /* need to make an initial pass to determine if quoting is needed */

    for (i = 0; i < srclen; i++) {

	char c = src[i];

	reqLen++;

	if (NEEDS_HEX_ESCAPE(c)) {      /* c -> \xx  */

	    reqLen += 2;

	} else if (NEEDS_ESCAPE(c)) {   /* c -> \c   */

	    reqLen++;

	} else if (SPECIAL_CHAR(c)) {

	    if (mode == minimalEscapeAndQuote) /* quoting is allowed */

		needsQuoting = PR_TRUE; /* entirety will need quoting */

	    else if (mode == fullEscape)

	    	reqLen++;               /* MAY escape this character */

	} else if (OPTIONAL_SPACE(c) && OPTIONAL_SPACE(lastC)) {

	    if (mode == minimalEscapeAndQuote) /* quoting is allowed */

		needsQuoting = PR_TRUE; /* entirety will need quoting */

	}

	lastC = c;

    }

    /* if it begins or ends in optional space it needs quoting */

    if (!needsQuoting && srclen > 0 && mode == minimalEscapeAndQuote && 

	(OPTIONAL_SPACE(src[srclen-1]) || OPTIONAL_SPACE(src[0]))) {

	needsQuoting = PR_TRUE;

    }

    if (needsQuoting) 

    	reqLen += 2;

    if (pEQMode && mode == minimalEscapeAndQuote && !needsQuoting)

    	*pEQMode = minimalEscape;

    return reqLen;

}

static const char hexChars[16] = { "0123456789abcdef" };

static SECStatus

escapeAndQuote(char *dst, int dstlen, char *src, int srclen, EQMode *pEQMode)

{

    int i, reqLen=0;

    EQMode mode = pEQMode ? *pEQMode : minimalEscape;

    /* space for terminal null */

    reqLen = cert_RFC1485_GetRequiredLen(src, srclen, &mode) + 1;

    if (reqLen > dstlen) {

	PORT_SetError(SEC_ERROR_OUTPUT_LEN);

	return SECFailure;

    }

    if (mode == minimalEscapeAndQuote)

        *dst++ = C_DOUBLE_QUOTE;

    for (i = 0; i < srclen; i++) {

	char c = src[i];

	if (NEEDS_HEX_ESCAPE(c)) {

	    *dst++ = C_BACKSLASH;

	    *dst++ = hexChars[ (c >> 4) & 0x0f ];

	    *dst++ = hexChars[  c       & 0x0f ];

	} else {

	    if (NEEDS_ESCAPE(c) || (SPECIAL_CHAR(c) && mode == fullEscape)) {

		*dst++ = C_BACKSLASH;

	    }

	    *dst++ = c;

	}

    }

    if (mode == minimalEscapeAndQuote)

    	*dst++ = C_DOUBLE_QUOTE;

    *dst++ = 0;

    if (pEQMode)

    	*pEQMode = mode;

    return SECSuccess;

}

SECStatus

CERT_RFC1485_EscapeAndQuote(char *dst, int dstlen, char *src, int srclen)

{

    EQMode mode = minimalEscapeAndQuote;

    return escapeAndQuote(dst, dstlen, src, srclen, &mode);

}

/* convert an OID to dotted-decimal representation */

/* Returns a string that must be freed with PR_smprintf_free(), */

char *

CERT_GetOidString(const SECItem *oid)

{

    PRUint8 *stop;   /* points to first byte after OID string */

    PRUint8 *first;  /* byte of an OID component integer      */

    PRUint8 *last;   /* byte of an OID component integer      */

    char *rvString   = NULL;

    char *prefix     = NULL;

#define MAX_OID_LEN 1024 /* bytes */

    if (oid->len > MAX_OID_LEN) {

    	PORT_SetError(SEC_ERROR_INPUT_LEN);

	return NULL;

    }

    /* first will point to the next sequence of bytes to decode */

    first = (PRUint8 *)oid->data;

    /* stop points to one past the legitimate data */

    stop = &first[ oid->len ];

    /*

     * Check for our pseudo-encoded single-digit OIDs

     */

    if ((*first == 0x80) && (2 == oid->len)) {

	/* Funky encoding.  The second byte is the number */

	rvString = PR_smprintf("%lu", (PRUint32)first[1]);

	if (!rvString) {

	    PORT_SetError(SEC_ERROR_NO_MEMORY);

	}

	return rvString;

    }

    for (; first < stop; first = last + 1) {

    	unsigned int bytesBeforeLast;

	for (last = first; last < stop; last++) {

	    if (0 == (*last & 0x80)) {

		break;

	    }

	}

	bytesBeforeLast = (unsigned int)(last - first);

	if (bytesBeforeLast <= 3U) {        /* 0-28 bit number */

	    PRUint32 n = 0;

	    PRUint32 c;

#define CGET(i, m) \

		c  = last[-i] & m; \

		n |= c << (7 * i)

#define CASE(i, m) \

	    case i:                      \

		CGET(i, m);              \

		if (!n) goto unsupported \

		/* fall-through */

	    switch (bytesBeforeLast) {

	    CASE(3, 0x7f);

	    CASE(2, 0x7f);

	    CASE(1, 0x7f);

	    case 0: n |= last[0] & 0x7f;

		break;

	    }

	    if (last[0] & 0x80)

	    	goto unsupported;

	    if (!rvString) {

		/* This is the first number.. decompose it */

		PRUint32 one = PR_MIN(n/40, 2); /* never > 2 */

		PRUint32 two = n - (one * 40);

		rvString = PR_smprintf("OID.%lu.%lu", one, two);

	    } else {

		prefix = rvString;

		rvString = PR_smprintf("%s.%lu", prefix, n);

	    }

	} else if (bytesBeforeLast <= 9U) { /* 29-64 bit number */

	    PRUint64 n = 0;

	    PRUint64 c;

	    switch (bytesBeforeLast) {

	    CASE(9, 0x01);

	    CASE(8, 0x7f);

	    CASE(7, 0x7f);

	    CASE(6, 0x7f);

	    CASE(5, 0x7f);

	    CASE(4, 0x7f);

	    CGET(3, 0x7f);

	    CGET(2, 0x7f);

	    CGET(1, 0x7f);

	    CGET(0, 0x7f);

		break;

	    }

	    if (last[0] & 0x80)

	    	goto unsupported;

	    if (!rvString) {

		/* This is the first number.. decompose it */

		PRUint64 one = PR_MIN(n/40, 2); /* never > 2 */

		PRUint64 two = n - (one * 40);

		rvString = PR_smprintf("OID.%llu.%llu", one, two);

	    } else {

		prefix = rvString;

		rvString = PR_smprintf("%s.%llu", prefix, n);

	    }

	} else {

	    /* More than a 64-bit number, or not minimal encoding. */

unsupported:

	    if (!rvString)

		rvString = PR_smprintf("OID.UNSUPPORTED");

	    else {

		prefix = rvString;

		rvString = PR_smprintf("%s.UNSUPPORTED", prefix);

	    }

	}

	if (prefix) {

	    PR_smprintf_free(prefix);

	    prefix = NULL;

	}

	if (!rvString) {

	    PORT_SetError(SEC_ERROR_NO_MEMORY);

	    break;

	}

    }

    return rvString;

}

/* convert DER-encoded hex to a string */

static SECItem *

get_hex_string(SECItem *data)

{

    SECItem *rv;

    unsigned int i, j;

    static const char hex[] = { "0123456789ABCDEF" };

    /* '#' + 2 chars per octet + terminator */

    rv = SECITEM_AllocItem(NULL, NULL, data->len*2 + 2);

    if (!rv) {

	return NULL;

    }

    rv->data[0] = '#';

    rv->len = 1 + 2 * data->len;

    for (i=0; i<data->len; i++) {

	j = data->data[i];

	rv->data[2*i+1] = hex[j >> 4];

	rv->data[2*i+2] = hex[j & 15];

    }

    rv->data[rv->len] = 0;

    return rv;

}

/* For compliance with RFC 2253, RFC 3280 and RFC 4630, we choose to 

 * use the NAME=STRING form, rather than the OID.N.N=#hexXXXX form, 

 * when both of these conditions are met:

 *  1) The attribute name OID (kind) has a known name string that is 

 *     defined in one of those RFCs, or in RFCs that they cite, AND

 *  2) The attribute's value encoding is RFC compliant for the kind

 *     (e.g., the value's encoding tag is correct for the kind, and

 *     the value's length is in the range allowed for the kind, and

 *     the value's contents are appropriate for the encoding tag).

 *  Otherwise, we use the OID.N.N=#hexXXXX form.

 *

 *  If the caller prefers maximum human readability to RFC compliance,

 *  then 

 *  - We print the kind in NAME= string form if we know the name

 *    string for the attribute type OID, regardless of whether the 

 *    value is correctly encoded or not. else we use the OID.N.N= form.

 *  - We use the non-hex STRING form for the attribute value if the

 *    value can be represented in such a form.  Otherwise, we use 

 *    the hex string form.

 *  This implies that, for maximum human readability, in addition to 

 *  the two forms allowed by the RFC, we allow two other forms of output:

 *  - the OID.N.N=STRING form, and 

 *  - the NAME=#hexXXXX form

 *  When the caller prefers maximum human readability, we do not allow

 *  the value of any attribute to exceed the length allowed by the RFC.

 *  If the attribute value exceeds the allowed length, we truncate it to 

 *  the allowed length and append "...".

 *  Also in this case, we arbitrarily impose a limit on the length of the 

 *  entire AVA encoding, regardless of the form, of 384 bytes per AVA.

 *  This limit includes the trailing NULL character.  If the encoded 

 *  AVA length exceeds that limit, this function reports failure to encode

 *  the AVA.

 *

 *  An ASCII representation of an AVA is said to be "invertible" if 

 *  conversion back to DER reproduces the original DER encoding exactly.

 *  The RFC 2253 rules do not ensure that all ASCII AVAs derived according

 *  to its rules are invertible. That is because the RFCs allow some 

 *  attribute values to be encoded in any of a number of encodings,

 *  and the encoding type information is lost in the non-hex STRING form.

 *  This is particularly true of attributes of type DirectoryString.

 *  The encoding type information is always preserved in the hex string 

 *  form, because the hex includes the entire DER encoding of the value.

 *

 *  So, when the caller perfers maximum invertibility, we apply the 

 *  RFC compliance rules stated above, and add a third required 

 *  condition on the use of the NAME=STRING form.  

 *   3) The attribute's kind is not is allowed to be encoded in any of