Add hx509_cert_init_data and use everywhere

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21085 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/hx509/cert.c

@@ -233,6 +233,32 @@ hx509_cert_init(hx509_context context, const Certificate *c, hx509_cert *cert)
     return ret;
 }
 
+int
+hx509_cert_init_data(hx509_context context, 
+		     const void *ptr,
+		     size_t len,
+		     hx509_cert *cert)
+{
+    Certificate t;
+    size_t size;
+    int ret;
+
+    ret = decode_Certificate(ptr, len, &t, &size);
+    if (ret) {
+	hx509_set_error_string(context, 0, ret, "Failed to decode certificate");
+	return ret;
+    }
+    if (size != len) {
+	hx509_set_error_string(context, 0, HX509_EXTRA_DATA_AFTER_STRUCTURE,
+			       "Extra data after certificate");
+	return HX509_EXTRA_DATA_AFTER_STRUCTURE;
+    }
+
+    ret = hx509_cert_init(context, &t, cert);
+    free_Certificate(&t);
+    return ret;
+}
+
 void
 _hx509_cert_set_release(hx509_cert cert, 
 			_hx509_cert_release_func release,

lib/hx509/cms.c

@@ -585,22 +585,12 @@ any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs)
 	return 0;
 
     for (i = 0; i < sd->certificates->len; i++) {
-	Certificate cert;
 	hx509_cert c;
 
-	const void *p = sd->certificates->val[i].data;
+	ret = hx509_cert_init_data(context, 
-	size_t size, length = sd->certificates->val[i].length;
+				   sd->certificates->val[i].data, 
-
+				   sd->certificates->val[i].length,
-	ret = decode_Certificate(p, length, &cert, &size);
+				   &c);
-	if (ret) {
-	    hx509_set_error_string(context, 0, ret,
-				   "Failed to decode certificate %d "
-				   "in SignedData.certificates", i);
-	    return ret;
-	}
-
-	ret = hx509_cert_init(context, &cert, &c);
-	free_Certificate(&cert);
 	if (ret)
 	    return ret;
 	ret = hx509_certs_add(context, certs, c);

lib/hx509/ks_file.c

@@ -105,20 +105,9 @@ parse_certificate(hx509_context context, const char *fn,
 		  const void *data, size_t len)
 {
     hx509_cert cert;
-    Certificate t;
-    size_t size;
     int ret;
 
-    ret = decode_Certificate(data, len, &t, &size);
+    ret = hx509_cert_init_data(context, data, len, &cert);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, 
-			       "Failed to parse certificate in %s",
-			       fn);
-	return ret;
-    }
-
-    ret = hx509_cert_init(context, &t, &cert);
-    free_Certificate(&t);
     if (ret)
 	return ret;
 

lib/hx509/ks_keychain.c

@@ -347,25 +347,19 @@ keychain_iter_start(hx509_context context,
 	    return ENOMEM;
 	}
 	for (i = 0; i < CFArrayGetCount(anchors); i++) {
-	    Certificate t;
+	    SecCertificateRef cr; 
 	    hx509_cert cert;
-
-	    SecCertificateRef cr = 
-		(SecCertificateRef)CFArrayGetValueAtIndex(anchors, i);
 	    CSSM_DATA cssm;
 
+	    cr = (SecCertificateRef)CFArrayGetValueAtIndex(anchors, i);
+
 	    SecCertificateGetData(cr, &cssm);
 
-	    ret = decode_Certificate(cssm.Data, cssm.Length, &t, NULL);
+	    ret = hx509_cert_init_data(context, cssm.Data, cssm.Length, &cert);
-	    if (ret)
-		continue;
-
-	    ret = hx509_cert_init(context, &t, &cert);
 	    if (ret)
 		continue;
 
 	    ret = hx509_certs_add(context, iter->certs, cert);
-	    free_Certificate(&t);
 	    hx509_cert_free(cert);
 	}
 	CFRelease(anchors);
@@ -412,11 +406,9 @@ keychain_iter(hx509_context context,
     SecKeychainItemRef itemRef;
     SecItemAttr item;
     struct iter *iter = cursor;
-    Certificate t;
     OSStatus ret;
     UInt32 len;
     void *ptr = NULL;
-    size_t size;
 
     if (iter->certs)
 	return hx509_certs_next_cert(context, iter->certs, iter->cursor, cert);
@@ -444,15 +436,7 @@ keychain_iter(hx509_context context,
     if (ret)
 	return EINVAL;
     
-    ret = decode_Certificate(ptr, len, &t, &size);
+    ret = hx509_cert_init_data(context, ptr, len, cert);
-    CFRelease(itemRef);
-    if (ret) {
-	hx509_set_error_string(context, 0, ret, "Failed to parse certificate");
-	goto out;
-    }
-
-    ret = hx509_cert_init(context, &t, cert);
-    free_Certificate(&t);
     if (ret)
 	goto out;
 

lib/hx509/ks_p11.c

@@ -682,7 +682,6 @@ collect_cert(hx509_context context,
 {
     struct hx509_collector *collector = ptr;
     hx509_cert cert;
-    Certificate t;
     int ret;
 
     if ((CK_LONG)query[0].ulValueLen == -1 ||
@@ -691,16 +690,8 @@ collect_cert(hx509_context context,
 	return 0;
     }
 
-
+    ret = hx509_cert_init_data(context, query[1].pValue, 
-    ret = decode_Certificate(query[1].pValue, query[1].ulValueLen,
+			       query[1].ulValueLen, &cert);
-			     &t, NULL);
-    if (ret) {
-	hx509_clear_error_string(context);
-	return 0;
-    }
-
-    ret = hx509_cert_init(context, &t, &cert);
-    free_Certificate(&t);
     if (ret)
 	return ret;
 

lib/hx509/ks_p12.c

@@ -132,7 +132,6 @@ certBag_parser(hx509_context context,
 	       const PKCS12_Attributes *attrs)
 {
     heim_octet_string os;
-    Certificate t;
     hx509_cert cert;
     PKCS12_CertBag cb;
     int ret;
@@ -154,16 +153,11 @@ certBag_parser(hx509_context context,
     if (ret)
 	return ret;
 
-    ret = decode_Certificate(os.data, os.length, &t, NULL);
+    ret = hx509_cert_init_data(context, os.data, os.length, &cert);
     der_free_octet_string(&os);
     if (ret)
 	return ret;
 
-    ret = hx509_cert_init(context, &t, &cert);
-    free_Certificate(&t);
-    if (ret)
-	return ret;
-
     ret = _hx509_collector_certs_add(context, c, cert);
     if (ret) {
 	hx509_cert_free(cert);