/*
* FUNCTION: pkix_pl_Date_Comparator
* (see comments for PKIX_PL_ComparatorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_pl_Date_Comparator(
PKIX_PL_Object *firstObject,
PKIX_PL_Object *secondObject,
PKIX_Int32 *pResult,
void *plContext)
{
PRTime firstTime;
PRTime secondTime;
SECComparison cmpResult;
PKIX_ENTER(DATE, "pkix_pl_Date_Comparator");
PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
PKIX_CHECK(pkix_CheckTypes
(firstObject, secondObject, PKIX_DATE_TYPE, plContext),
PKIX_ARGUMENTSNOTDATES);
firstTime = ((PKIX_PL_Date *)firstObject)->nssTime;
secondTime = ((PKIX_PL_Date *)secondObject)->nssTime;
if (firstTime == secondTime)
cmpResult = SECEqual;
else if (firstTime < secondTime)
cmpResult = SECLessThan;
else
cmpResult = SECGreaterThan;
*pResult = cmpResult;
cleanup:
PKIX_RETURN(DATE);
}
/*
* FUNCTION: pkix_pl_Date_Equals
* (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_pl_Date_Equals(
PKIX_PL_Object *firstObject,
PKIX_PL_Object *secondObject,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_ENTER(DATE, "pkix_pl_Date_Equals");
PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
/* test that firstObject is a Date */
PKIX_CHECK(pkix_CheckType(firstObject, PKIX_DATE_TYPE, plContext),
PKIX_FIRSTOBJECTNOTDATE);
/*
* Since we know firstObject is a Date, if both references are
* identical, they must be equal
*/
if (firstObject == secondObject){
*pResult = PKIX_TRUE;
goto cleanup;
}
*pResult = PKIX_FALSE;
pkixErrorResult =
pkix_pl_Date_Comparator(firstObject, secondObject,
pResult, plContext);
if (pkixErrorResult) {
PKIX_DECREF(pkixErrorResult);
}
cleanup:
PKIX_RETURN(DATE);
}
/*
* FUNCTION: pkix_pl_CRL_GetVersion
* DESCRIPTION:
*
* Retrieves the version of the CRL pointed to by "crl" and stores it at
* "pVersion". The version number will either be 0 or 1 (corresponding to
* v1 or v2, respectively).
*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
*
* PARAMETERS:
* "crl"
* Address of CRL whose version is to be stored. Must be non-NULL.
* "pVersion"
* Address where a version will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRL Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_CRL_GetVersion(
PKIX_PL_CRL *crl,
PKIX_UInt32 *pVersion,
void *plContext)
{
PKIX_UInt32 myVersion;
PKIX_ENTER(CRL, "pkix_pl_CRL_GetVersion");
PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pVersion);
PKIX_NULLCHECK_ONE(crl->nssSignedCrl->crl.version.data);
myVersion = *(crl->nssSignedCrl->crl.version.data);
if (myVersion > 1) {
PKIX_ERROR(PKIX_VERSIONVALUEMUSTBEV1ORV2);
}
*pVersion = myVersion;
cleanup:
PKIX_RETURN(CRL);
}
/*
* FUNCTION: pkix_pl_CertPolicyMap_Create
* DESCRIPTION:
*
* Creates a new CertPolicyMap Object pairing the OID given by
* "issuerDomainPolicy" with the OID given by "subjectDomainPolicy", and
* stores the result at "pCertPolicyMap".
*
* PARAMETERS
* "issuerDomainPolicy"
* Address of the OID of the IssuerDomainPolicy. Must be non-NULL.
* "subjectDomainPolicy"
* Address of the OID of the SubjectDomainPolicy. Must be non-NULL.
* "pCertPolicyMap"
* Address where CertPolicyMap pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertPolicyMap Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_pl_CertPolicyMap_Create(
PKIX_PL_OID *issuerDomainPolicy,
PKIX_PL_OID *subjectDomainPolicy,
PKIX_PL_CertPolicyMap **pCertPolicyMap,
void *plContext)
{
PKIX_PL_CertPolicyMap *policyMap = NULL;
PKIX_ENTER(CERTPOLICYMAP, "pkix_pl_CertPolicyMap_Create");
PKIX_NULLCHECK_THREE
(issuerDomainPolicy, subjectDomainPolicy, pCertPolicyMap);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CERTPOLICYMAP_TYPE,
sizeof (PKIX_PL_CertPolicyMap),
(PKIX_PL_Object **)&policyMap,
plContext),
PKIX_COULDNOTCREATECERTPOLICYMAPOBJECT);
PKIX_INCREF(issuerDomainPolicy);
policyMap->issuerDomainPolicy = issuerDomainPolicy;
PKIX_INCREF(subjectDomainPolicy);
policyMap->subjectDomainPolicy = subjectDomainPolicy;
*pCertPolicyMap = policyMap;
cleanup:
PKIX_RETURN(CERTPOLICYMAP);
}
/*
* FUNCTION: pkix_pl_OID_Comparator
* (see comments for PKIX_PL_ComparatorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_pl_OID_Comparator(
PKIX_PL_Object *firstObject,
PKIX_PL_Object *secondObject,
PKIX_Int32 *pRes,
void *plContext)
{
PKIX_PL_OID *firstOID = NULL;
PKIX_PL_OID *secondOID = NULL;
PKIX_ENTER(OID, "pkix_pl_OID_Comparator");
PKIX_NULLCHECK_THREE(firstObject, secondObject, pRes);
PKIX_CHECK(pkix_CheckTypes
(firstObject, secondObject, PKIX_OID_TYPE, plContext),
PKIX_ARGUMENTSNOTOIDS);
firstOID = (PKIX_PL_OID*)firstObject;
secondOID = (PKIX_PL_OID*)secondObject;
*pRes = (PKIX_Int32)SECITEM_CompareItem(&firstOID->derOid,
&secondOID->derOid);
cleanup:
PKIX_RETURN(OID);
}
/*
* FUNCTION: pkix_pl_Date_Comparator
* (see comments for PKIX_PL_ComparatorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_pl_Date_Comparator(
PKIX_PL_Object *firstObject,
PKIX_PL_Object *secondObject,
PKIX_Int32 *pResult,
void *plContext)
{
SECItem *firstTime = NULL;
SECItem *secondTime = NULL;
SECComparison cmpResult;
PKIX_ENTER(DATE, "pkix_pl_Date_Comparator");
PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
PKIX_CHECK(pkix_CheckTypes
(firstObject, secondObject, PKIX_DATE_TYPE, plContext),
PKIX_ARGUMENTSNOTDATES);
firstTime = &((PKIX_PL_Date *)firstObject)->nssTime;
secondTime = &((PKIX_PL_Date *)secondObject)->nssTime;
PKIX_DATE_DEBUG("\t\tCalling SECITEM_CompareItem).\n");
cmpResult = SECITEM_CompareItem(firstTime, secondTime);
*pResult = cmpResult;
cleanup:
PKIX_RETURN(DATE);
}
/*
* FUNCTION: pkix_pl_HashTableLookup
* DESCRIPTION:
*
* Looks up object using the key pointed to by "key" and hashCode value
* equal to "hashCode" from the PrimHashtable pointed to by "ht", using the
* function pointed to by "keyComp" to compare keys, and stores the object's
* value at "pResult". Assumes "key" is a PKIX_UInt32 or a PKIX_PL_Object.
* This function sets "pResult" to NULL if the key is not in the hashtable.
*
* PARAMETERS:
* "ht"
* Address of PrimHashtable to lookup object from. Must be non-NULL.
* "key"
* Address of key for lookup. Typically a PKIX_UInt32 or PKIX_PL_Object.
* Must be non-NULL.
* "keyComp"
* Address of function used to determine if two keys are equal.
* If NULL, pkix_pl_KeyComparator_Default is used.
* "hashCode"
* Hashcode value of the key.
* "pResult"
* Address where value will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_pl_PrimHashTable_Lookup(
pkix_pl_PrimHashTable *ht,
void *key,
PKIX_UInt32 hashCode,
PKIX_PL_EqualsCallback keyComp,
void **pResult,
void *plContext)
{
pkix_pl_HT_Elem *element = NULL;
PKIX_Boolean compResult = PKIX_FALSE;
PKIX_ENTER(HASHTABLE, "pkix_pl_PrimHashTable_Lookup");
PKIX_NULLCHECK_THREE(ht, key, pResult);
*pResult = NULL;
for (element = (ht->buckets)[hashCode%ht->size];
(element != NULL) && (*pResult == NULL);
element = element->next) {
if (element->hashCode != hashCode){
/* no possibility of a match */
continue;
}
if (keyComp == NULL){
PKIX_CHECK(pkix_pl_KeyComparator_Default
((PKIX_UInt32 *)key,
(PKIX_UInt32 *)(element->key),
&compResult,
plContext),
PKIX_COULDNOTTESTWHETHERKEYSEQUAL);
} else {
pkixErrorResult =
keyComp((PKIX_PL_Object *)key,
(PKIX_PL_Object *)(element->key),
&compResult,
plContext);
if (pkixErrorResult) {
pkixErrorClass = PKIX_FATAL_ERROR;
pkixErrorCode = PKIX_COULDNOTTESTWHETHERKEYSEQUAL;
goto cleanup;
}
}
if ((element->hashCode == hashCode) &&
(compResult == PKIX_TRUE)){
*pResult = element->value;
goto cleanup;
}
}
/* if we've reached here, specified key doesn't exist in hashtable */
*pResult = NULL;
cleanup:
PKIX_RETURN(HASHTABLE);
}
/*
* FUNCTION: pkix_pl_PrimHashTable_RemoveFIFO
* DESCRIPTION:
*
* Remove the first entry in the bucket the "hashCode" is designated in
* the hashtable "ht". Since new entry is added at end of the link list
* the first one is the oldest (FI) therefore removed first (FO).
*
* PARAMETERS:
* "ht"
* Address of PrimHashtable to get entries count. Must be non-NULL.
* "hashCode"
* Hashcode value of the key.
* "pKey"
* Address of key of the entry deleted. Must be non-NULL.
* "pValue"
* Address of Value of the entry deleted. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe - assumes exclusive access to "ht"
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a HashTable Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_pl_PrimHashTable_RemoveFIFO(
pkix_pl_PrimHashTable *ht,
PKIX_UInt32 hashCode,
void **pKey,
void **pValue,
void *plContext)
{
pkix_pl_HT_Elem *element = NULL;
PKIX_ENTER(HASHTABLE, "pkix_pl_PrimHashTable_Remove");
PKIX_NULLCHECK_THREE(ht, pKey, pValue);
element = (ht->buckets)[hashCode%ht->size];
if (element != NULL) {
*pKey = element->key;
*pValue = element->value;
ht->buckets[hashCode%ht->size] = element->next;
element->key = NULL;
element->value = NULL;
element->next = NULL;
PKIX_FREE(element);
}
PKIX_RETURN(HASHTABLE);
}
/*
* FUNCTION: pkix_pl_LdapCertStore_GetCertContinue
* (see description of PKIX_CertStore_CertCallback in pkix_certstore.h)
*/
PKIX_Error *
pkix_pl_LdapCertStore_GetCertContinue(
PKIX_CertStore *store,
PKIX_CertSelector *selector,
PKIX_VerifyNode *verifyNode,
void **pNBIOContext,
PKIX_List **pCertList,
void *plContext)
{
PKIX_Boolean cacheFlag = PKIX_FALSE;
PKIX_PL_LdapCertStoreContext *lcs = NULL;
void *pollDesc = NULL;
PKIX_List *responses = NULL;
PKIX_List *unfilteredCerts = NULL;
PKIX_List *filteredCerts = NULL;
PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_GetCertContinue");
PKIX_NULLCHECK_THREE(store, selector, pCertList);
PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
(store, (PKIX_PL_Object **)&lcs, plContext),
PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
PKIX_CHECK(PKIX_PL_LdapClient_ResumeRequest
((PKIX_PL_LdapClient *)lcs, &pollDesc, &responses, plContext),
PKIX_LDAPCLIENTRESUMEREQUESTFAILED);
if (pollDesc != NULL) {
/* client is waiting for non-blocking I/O to complete */
*pNBIOContext = (void *)pollDesc;
*pCertList = NULL;
goto cleanup;
}
/* LdapClient has given us a response! */
if (responses) {
PKIX_CHECK(PKIX_CertStore_GetCertStoreCacheFlag
(store, &cacheFlag, plContext),
PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED);
PKIX_CHECK(pkix_pl_LdapCertStore_BuildCertList
(responses, &unfilteredCerts, plContext),
PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED);
PKIX_CHECK(pkix_CertSelector_Select
(selector, unfilteredCerts, &filteredCerts, plContext),
PKIX_CERTSELECTORSELECTFAILED);
}
*pNBIOContext = NULL;
*pCertList = filteredCerts;
cleanup:
PKIX_DECREF(responses);
PKIX_DECREF(unfilteredCerts);
PKIX_DECREF(lcs);
PKIX_RETURN(CERTSTORE);
}
/*
* FUNCTION: PKIX_PL_OcspCertID_GetFreshCacheStatus
* DESCRIPTION:
*
* This function may return cached OCSP results for the provided
* certificate, but only if stored information is still considered to be
* fresh.
*
* PARAMETERS
* "cid"
* A certificate ID as used by OCSP
* "validity"
* Optional date parameter to request validity for a specifc time.
* "hasFreshStatus"
* Output parameter, if the function successed to find fresh cached
* information, this will be set to true. Must be non-NULL.
* "statusIsGood"
* The good/bad result stored in the cache. Must be non-NULL.
* "missingResponseError"
* If OCSP status is "bad", this variable may indicate the exact
* reason why the previous OCSP request had failed.
* "plContext"
* Platform-specific context pointer.
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an OcspCertID Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_PL_OcspCertID_GetFreshCacheStatus(
PKIX_PL_OcspCertID *cid,
PKIX_PL_Date *validity,
PKIX_Boolean *hasFreshStatus,
PKIX_Boolean *statusIsGood,
SECErrorCodes *missingResponseError,
void *plContext)
{
PRTime time = 0;
SECStatus rv;
SECStatus rvOcsp;
OCSPFreshness freshness;
PKIX_ENTER(DATE, "PKIX_PL_OcspCertID_GetFreshCacheStatus");
PKIX_NULLCHECK_THREE(cid, hasFreshStatus, statusIsGood);
if (validity != NULL) {
PKIX_CHECK(pkix_pl_Date_GetPRTime(validity, &time, plContext),
PKIX_DATEGETPRTIMEFAILED);
} else {
time = PR_Now();
}
rv = ocsp_GetCachedOCSPResponseStatus(
cid->certID, time, PR_TRUE, /*ignoreGlobalOcspFailureSetting*/
&rvOcsp, missingResponseError, &freshness);
*hasFreshStatus = (rv == SECSuccess && freshness == ocspFresh);
if (*hasFreshStatus) {
*statusIsGood = (rvOcsp == SECSuccess);
}
cleanup:
PKIX_RETURN(OCSPCERTID);
}
/*
* FUNCTION: pkix_pl_CertPolicyQualifier_Create
* DESCRIPTION:
*
* Creates a CertPolicyQualifier object with the OID given by "oid"
* and the ByteArray given by "qualifier", and stores it at "pObject".
*
* PARAMETERS
* "oid"
* Address of OID of the desired policyQualifierId; must be non-NULL
* "qualifier"
* Address of ByteArray with the desired value of the qualifier;
* must be non-NULL
* "pObject"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_pl_CertPolicyQualifier_Create(
PKIX_PL_OID *oid,
PKIX_PL_ByteArray *qualifier,
PKIX_PL_CertPolicyQualifier **pObject,
void *plContext)
{
PKIX_PL_CertPolicyQualifier *qual = NULL;
PKIX_ENTER(CERTPOLICYQUALIFIER, "pkix_pl_CertPolicyQualifier_Create");
PKIX_NULLCHECK_THREE(oid, qualifier, pObject);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CERTPOLICYQUALIFIER_TYPE,
sizeof (PKIX_PL_CertPolicyQualifier),
(PKIX_PL_Object **)&qual,
plContext),
PKIX_COULDNOTCREATECERTPOLICYQUALIFIEROBJECT);
PKIX_INCREF(oid);
qual->policyQualifierId = oid;
PKIX_INCREF(qualifier);
qual->qualifier = qualifier;
*pObject = qual;
qual = NULL;
cleanup:
PKIX_DECREF(qual);
PKIX_RETURN(CERTPOLICYQUALIFIER);
}
/*
* FUNCTION: pkix_pl_CRL_Equals
* (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_pl_CRL_Equals(
PKIX_PL_Object *firstObject,
PKIX_PL_Object *secondObject,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_PL_CRL *firstCrl = NULL;
PKIX_PL_CRL *secondCrl = NULL;
PKIX_UInt32 secondType;
PKIX_ENTER(CRL, "pkix_pl_CRL_Equals");
PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
/* test that firstObject is a CRL */
PKIX_CHECK(pkix_CheckType(firstObject, PKIX_CRL_TYPE, plContext),
PKIX_FIRSTOBJECTNOTCRL);
firstCrl = (PKIX_PL_CRL *)firstObject;
secondCrl = (PKIX_PL_CRL *)secondObject;
/*
* Since we know firstObject is a CRL, if both references are
* identical, they must be equal
*/
if (firstCrl == secondCrl) {
*pResult = PKIX_TRUE;
goto cleanup;
}
/*
* If secondCrl isn't a CRL, we don't throw an error.
* We simply return a Boolean result of FALSE
*/
*pResult = PKIX_FALSE;
PKIX_CHECK(PKIX_PL_Object_GetType
((PKIX_PL_Object *)secondCrl, &secondType, plContext),
PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
if (secondType != PKIX_CRL_TYPE) goto cleanup;
/* Compare DER Bytes */
PKIX_NULLCHECK_TWO
(firstCrl->nssSignedCrl,
firstCrl->nssSignedCrl->derCrl);
PKIX_NULLCHECK_TWO
(secondCrl->nssSignedCrl,
secondCrl->nssSignedCrl->derCrl);
PKIX_CRL_DEBUG("\t\tCalling SECITEM_CompareItem on derCrl\n");
if (SECITEM_CompareItem(firstCrl->nssSignedCrl->derCrl,
secondCrl->nssSignedCrl->derCrl) == SECEqual) {
*pResult = PKIX_TRUE;
}
cleanup:
PKIX_RETURN(CRL);
}
/*
* FUNCTION: pkix_pl_AiaMgr_FindLDAPClient
* DESCRIPTION:
*
* This function checks the collection of LDAPClient connections held by the
* AIAMgr pointed to by "aiaMgr" for one matching the domain name given by
* "domainName". The string may include a port number: e.g., "betty.nist.gov"
* or "nss.red.iplanet.com:1389". If a match is found, that LDAPClient is
* stored at "pClient". Otherwise, an LDAPClient is created and added to the
* collection, and then stored at "pClient".
*
* PARAMETERS:
* "aiaMgr"
* The AIAMgr whose LDAPClient connected are to be managed. Must be
* non-NULL.
* "domainName"
* Address of a string pointing to a server name. Must be non-NULL.
* "pClient"
* Address at which the returned LDAPClient is stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an AIAMgr Error if the function fails in a non-fatal way
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_AiaMgr_FindLDAPClient(
PKIX_PL_AIAMgr *aiaMgr,
char *domainName,
PKIX_PL_LdapClient **pClient,
void *plContext)
{
PKIX_PL_String *domainString = NULL;
PKIX_PL_LdapDefaultClient *client = NULL;
PKIX_ENTER(AIAMGR, "pkix_pl_AiaMgr_FindLDAPClient");
PKIX_NULLCHECK_THREE(aiaMgr, domainName, pClient);
/* create PKIX_PL_String from domain name */
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII, domainName, 0, &domainString, plContext),
PKIX_STRINGCREATEFAILED);
/* Is this domainName already in cache? */
PKIX_CHECK(PKIX_PL_HashTable_Lookup
(aiaConnectionCache,
(PKIX_PL_Object *)domainString,
(PKIX_PL_Object **)&client,
plContext),
PKIX_HASHTABLELOOKUPFAILED);
if (client == NULL) {
/* No, create a connection (and cache it) */
PKIX_CHECK(PKIX_PL_LdapDefaultClient_CreateByName
(domainName,
/* Do not use NBIO until we verify, that
* it is working. For now use 1 min timeout. */
PR_SecondsToInterval(
((PKIX_PL_NssContext*)plContext)->timeoutSeconds),
NULL,
&client,
plContext),
PKIX_LDAPDEFAULTCLIENTCREATEBYNAMEFAILED);
PKIX_CHECK(PKIX_PL_HashTable_Add
(aiaConnectionCache,
(PKIX_PL_Object *)domainString,
(PKIX_PL_Object *)client,
plContext),
PKIX_HASHTABLEADDFAILED);
}
*pClient = (PKIX_PL_LdapClient *)client;
cleanup:
PKIX_DECREF(domainString);
PKIX_RETURN(AIAMGR);
}
/*
* FUNCTION: pkix_pl_CRL_GetSignatureAlgId
*
* DESCRIPTION:
* Retrieves a pointer to the OID that represents the signature algorithm of
* the CRL pointed to by "crl" and stores it at "pSignatureAlgId".
*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL }
*
* PARAMETERS:
* "crl"
* Address of CRL whose signature algorithm OID is to be stored.
* Must be non-NULL.
* "pSignatureAlgId"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRL Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_CRL_GetSignatureAlgId(
PKIX_PL_CRL *crl,
PKIX_PL_OID **pSignatureAlgId,
void *plContext)
{
CERTCrl *nssCrl = NULL;
PKIX_PL_OID *signatureAlgId = NULL;
SECAlgorithmID algorithm;
SECItem algBytes;
char *asciiOID = NULL;
PKIX_ENTER(CRL, "pkix_pl_CRL_GetSignatureAlgId");
PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pSignatureAlgId);
/* if we don't have a cached copy from before, we create one */
if (crl->signatureAlgId == NULL) {
PKIX_OBJECT_LOCK(crl);
if (crl->signatureAlgId == NULL) {
nssCrl = &(crl->nssSignedCrl->crl);
algorithm = nssCrl->signatureAlg;
algBytes = algorithm.algorithm;
PKIX_NULLCHECK_ONE(algBytes.data);
if (algBytes.len == 0) {
PKIX_ERROR_FATAL(PKIX_OIDBYTESLENGTH0);
}
PKIX_CHECK(pkix_pl_oidBytes2Ascii
(&algBytes, &asciiOID, plContext),
PKIX_OIDBYTES2ASCIIFAILED);
PKIX_CHECK(PKIX_PL_OID_Create
(asciiOID, &signatureAlgId, plContext),
PKIX_OIDCREATEFAILED);
/* save a cached copy in case it is asked for again */
crl->signatureAlgId = signatureAlgId;
}
PKIX_OBJECT_UNLOCK(crl);
}
PKIX_INCREF(crl->signatureAlgId);
*pSignatureAlgId = crl->signatureAlgId;
cleanup:
PKIX_FREE(asciiOID);
PKIX_RETURN(CRL);
}
/*
* FUNCTION: PKIX_PL_HashTable_Lookup (see comments in pkix_pl_system.h)
*/
PKIX_Error *
PKIX_PL_HashTable_Lookup(
PKIX_PL_HashTable *ht,
PKIX_PL_Object *key,
PKIX_PL_Object **pResult,
void *plContext)
{
PKIX_PL_Mutex *lockedMutex = NULL;
PKIX_UInt32 hashCode;
PKIX_PL_EqualsCallback keyComp;
PKIX_PL_Object *result = NULL;
PKIX_ENTER(HASHTABLE, "PKIX_PL_HashTable_Lookup");
#if !defined(PKIX_OBJECT_LEAK_TEST)
PKIX_NULLCHECK_THREE(ht, key, pResult);
#else
PKIX_NULLCHECK_TWO(key, pResult);
if (ht == NULL) {
PKIX_RETURN(HASHTABLE);
}
#endif
PKIX_CHECK(PKIX_PL_Object_Hashcode(key, &hashCode, plContext),
PKIX_OBJECTHASHCODEFAILED);
PKIX_CHECK(pkix_pl_Object_RetrieveEqualsCallback
(key, &keyComp, plContext),
PKIX_OBJECTRETRIEVEEQUALSCALLBACKFAILED);
PKIX_MUTEX_LOCK(ht->tableLock);
/* Lookup in primitive hashtable */
PKIX_CHECK(pkix_pl_PrimHashTable_Lookup
(ht->primHash,
(void *)key,
hashCode,
keyComp,
(void **)&result,
plContext),
PKIX_PRIMHASHTABLELOOKUPFAILED);
PKIX_INCREF(result);
PKIX_MUTEX_UNLOCK(ht->tableLock);
*pResult = result;
cleanup:
PKIX_MUTEX_UNLOCK(ht->tableLock);
PKIX_RETURN(HASHTABLE);
}
/*
* FUNCTION: pkix_SingleVerifyNode_Equals
* DESCRIPTION:
*
* Compares for equality the components of the VerifyNode pointed to by
* "firstPN", other than its parents and children, with those of the
* VerifyNode pointed to by "secondPN" and stores the result at "pResult"
* (PKIX_TRUE if equal; PKIX_FALSE if not).
*
* PARAMETERS:
* "firstPN"
* Address of first of the VerifyNodes to be compared; must be non-NULL
* "secondPN"
* Address of second of the VerifyNodes to be compared; must be non-NULL
* "pResult"
* Address where Boolean will be stored; must be non-NULL
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if function succeeds
* Returns a VerifyNode Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in a fatal way
*/
static PKIX_Error *
pkix_SingleVerifyNode_Equals(
PKIX_VerifyNode *firstVN,
PKIX_VerifyNode *secondVN,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_Boolean compResult = PKIX_FALSE;
PKIX_ENTER(VERIFYNODE, "pkix_SingleVerifyNode_Equals");
PKIX_NULLCHECK_THREE(firstVN, secondVN, pResult);
/* If both references are identical, they must be equal */
if (firstVN == secondVN) {
compResult = PKIX_TRUE;
goto cleanup;
}
/*
* It seems we have to do the comparisons. Do
* the easiest ones first.
*/
if ((firstVN->depth) != (secondVN->depth)) {
goto cleanup;
}
/* These fields must be non-NULL */
PKIX_NULLCHECK_TWO(firstVN->verifyCert, secondVN->verifyCert);
PKIX_EQUALS
(firstVN->verifyCert,
secondVN->verifyCert,
&compResult,
plContext,
PKIX_OBJECTEQUALSFAILED);
if (compResult == PKIX_FALSE) {
goto cleanup;
}
PKIX_EQUALS
(firstVN->error,
secondVN->error,
&compResult,
plContext,
PKIX_OBJECTEQUALSFAILED);
cleanup:
*pResult = compResult;
PKIX_RETURN(VERIFYNODE);
}
/*
* FUNCTION: pkix_pl_Date_Equals
* (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_pl_Date_Equals(
PKIX_PL_Object *firstObject,
PKIX_PL_Object *secondObject,
PKIX_Boolean *pResult,
void *plContext)
{
/* note: pkix_pl_Date can only represent UTCTime,not GeneralizedTime */
SECItem *firstTime = NULL;
SECItem *secondTime = NULL;
PKIX_UInt32 secondType;
SECComparison cmpResult;
PKIX_ENTER(DATE, "pkix_pl_Date_Equals");
PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
/* test that firstObject is a Date */
PKIX_CHECK(pkix_CheckType(firstObject, PKIX_DATE_TYPE, plContext),
PKIX_FIRSTOBJECTNOTDATE);
/*
* Since we know firstObject is a Date, if both references are
* identical, they must be equal
*/
if (firstObject == secondObject){
*pResult = PKIX_TRUE;
goto cleanup;
}
/*
* If secondObject isn't a Date, we don't throw an error.
* We simply return a Boolean result of FALSE
*/
*pResult = PKIX_FALSE;
PKIX_CHECK(PKIX_PL_Object_GetType
(secondObject, &secondType, plContext),
PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
if (secondType != PKIX_DATE_TYPE) goto cleanup;
firstTime = &((PKIX_PL_Date *)firstObject)->nssTime;
secondTime = &((PKIX_PL_Date *)secondObject)->nssTime;
PKIX_DATE_DEBUG("\t\tCalling SECITEM_CompareItem).\n");
cmpResult = SECITEM_CompareItem(firstTime, secondTime);
*pResult = (cmpResult == SECEqual);
cleanup:
PKIX_RETURN(DATE);
}
/*
* FUNCTION: PKIX_PL_CRL_GetIssuer (see comments in pkix_pl_pki.h)
*/
PKIX_Error *
PKIX_PL_CRL_GetIssuer(
PKIX_PL_CRL *crl,
PKIX_PL_X500Name **pCRLIssuer,
void *plContext)
{
PKIX_PL_String *crlString = NULL;
PKIX_PL_X500Name *issuer = NULL;
SECItem *derIssuerName = NULL;
CERTName *issuerName = NULL;
PKIX_ENTER(CRL, "PKIX_PL_CRL_GetIssuer");
PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pCRLIssuer);
/* Can call this function only with der been adopted. */
PORT_Assert(crl->adoptedDerCrl);
/* if we don't have a cached copy from before, we create one */
if (crl->issuer == NULL){
PKIX_OBJECT_LOCK(crl);
if (crl->issuer == NULL) {
issuerName = &crl->nssSignedCrl->crl.name;
derIssuerName = &crl->nssSignedCrl->crl.derName;
PKIX_CHECK(
PKIX_PL_X500Name_CreateFromCERTName(derIssuerName,
issuerName,
&issuer,
plContext),
PKIX_X500NAMECREATEFROMCERTNAMEFAILED);
/* save a cached copy in case it is asked for again */
crl->issuer = issuer;
}
PKIX_OBJECT_UNLOCK(crl);
}
PKIX_INCREF(crl->issuer);
*pCRLIssuer = crl->issuer;
cleanup:
PKIX_DECREF(crlString);
PKIX_RETURN(CRL);
}
/*
* FUNCTION: pkix_PolicyNode_Create
* DESCRIPTION:
*
* Creates a new PolicyNode using the OID pointed to by "validPolicy", the List
* of CertPolicyQualifiers pointed to by "qualifierSet", the criticality
* indicated by the Boolean value of "criticality", and the List of OIDs
* pointed to by "expectedPolicySet", and stores the result at "pObject". The
* criticality should be derived from whether the certificate policy extension
* was marked as critical in the certificate that led to creation of this
* PolicyNode. The "qualifierSet" and "expectedPolicySet" Lists are made
* immutable. The PolicyNode pointers to parent and to children are initialized
* to NULL, and the depth is set to zero; those values should be set by using
* the pkix_PolicyNode_AddToParent function.
*
* PARAMETERS
* "validPolicy"
* Address of OID of the valid policy for the path. Must be non-NULL
* "qualifierSet"
* Address of List of CertPolicyQualifiers associated with the validpolicy.
* May be NULL
* "criticality"
* Boolean indicator of whether the criticality should be set in this
* PolicyNode
* "expectedPolicySet"
* Address of List of OIDs that would satisfy this policy in the next
* certificate. Must be non-NULL
* "pObject"
* Address where the PolicyNode pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a PolicyNode Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_PolicyNode_Create(
PKIX_PL_OID *validPolicy,
PKIX_List *qualifierSet,
PKIX_Boolean criticality,
PKIX_List *expectedPolicySet,
PKIX_PolicyNode **pObject,
void *plContext)
{
PKIX_PolicyNode *node = NULL;
PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Create");
PKIX_NULLCHECK_THREE(validPolicy, expectedPolicySet, pObject);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CERTPOLICYNODE_TYPE,
sizeof (PKIX_PolicyNode),
(PKIX_PL_Object **)&node,
plContext),
PKIX_COULDNOTCREATEPOLICYNODEOBJECT);
PKIX_INCREF(validPolicy);
node->validPolicy = validPolicy;
PKIX_INCREF(qualifierSet);
node->qualifierSet = qualifierSet;
if (qualifierSet) {
PKIX_CHECK(PKIX_List_SetImmutable(qualifierSet, plContext),
PKIX_LISTSETIMMUTABLEFAILED);
}
node->criticality = criticality;
PKIX_INCREF(expectedPolicySet);
node->expectedPolicySet = expectedPolicySet;
PKIX_CHECK(PKIX_List_SetImmutable(expectedPolicySet, plContext),
PKIX_LISTSETIMMUTABLEFAILED);
node->parent = NULL;
node->children = NULL;
node->depth = 0;
*pObject = node;
node = NULL;
cleanup:
PKIX_DECREF(node);
PKIX_RETURN(CERTPOLICYNODE);
}
/*
* FUNCTION: pkix_ValidateParams_Equals
* (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ValidateParams_Equals(
PKIX_PL_Object *first,
PKIX_PL_Object *second,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_UInt32 secondType;
PKIX_Boolean cmpResult;
PKIX_ValidateParams *firstValParams = NULL;
PKIX_ValidateParams *secondValParams = NULL;
PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_Equals");
PKIX_NULLCHECK_THREE(first, second, pResult);
PKIX_CHECK(pkix_CheckType(first, PKIX_VALIDATEPARAMS_TYPE, plContext),
PKIX_FIRSTOBJECTNOTVALIDATEPARAMS);
PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
*pResult = PKIX_FALSE;
if (secondType != PKIX_VALIDATEPARAMS_TYPE) goto cleanup;
firstValParams = (PKIX_ValidateParams *)first;
secondValParams = (PKIX_ValidateParams *)second;
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstValParams->procParams,
(PKIX_PL_Object *)secondValParams->procParams,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
if (!cmpResult) goto cleanup;
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstValParams->chain,
(PKIX_PL_Object *)secondValParams->chain,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
if (!cmpResult) goto cleanup;
*pResult = cmpResult;
cleanup:
PKIX_RETURN(VALIDATEPARAMS);
}
/*
* FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_TrustAnchor_CreateWithNameKeyPair(
PKIX_PL_X500Name *name,
PKIX_PL_PublicKey *pubKey,
PKIX_PL_CertNameConstraints *nameConstraints,
PKIX_TrustAnchor **pAnchor,
void *plContext)
{
PKIX_TrustAnchor *anchor = NULL;
PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithNameKeyPair");
#ifndef BUILD_LIBPKIX_TESTS
/* Nss creates trust anchors by using PKIX_TrustAnchor_CreateWithCert
* function as the complete trusted cert structure, and not only cert
* public key, is required for chain building and validation processes.
* Restricting this function for been used only in libpkix unit
* tests. */
PKIX_ERROR(PKIX_FUNCTIONMUSTNOTBEUSED);
#endif
PKIX_NULLCHECK_THREE(name, pubKey, pAnchor);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_TRUSTANCHOR_TYPE,
sizeof (PKIX_TrustAnchor),
(PKIX_PL_Object **)&anchor,
plContext),
PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
/* initialize fields */
anchor->trustedCert = NULL;
PKIX_INCREF(name);
anchor->caName = name;
PKIX_INCREF(pubKey);
anchor->caPubKey = pubKey;
PKIX_INCREF(nameConstraints);
anchor->nameConstraints = nameConstraints;
*pAnchor = anchor;
anchor = NULL;
cleanup:
PKIX_DECREF(anchor);
PKIX_RETURN(TRUSTANCHOR);
}
/*
* FUNCTION: pkix_pl_CollectionCertStore_CheckTrust
* DESCRIPTION:
* This function checks the trust status of this "cert" that was retrieved
* from the CertStore "store" and returns its trust status at "pTrusted".
*
* PARAMETERS:
* "store"
* Address of the CertStore. Must be non-NULL.
* "cert"
* Address of the Cert. Must be non-NULL.
* "pTrusted"
* Address of PKIX_Boolean where the "cert" trust status is returned.
* Must be non-NULL.
* "plContext"
* Platform-specific context pointer
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertStore Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_CollectionCertStore_CheckTrust(
PKIX_CertStore *store,
PKIX_PL_Cert *cert,
PKIX_Boolean *pTrusted,
void *plContext)
{
PKIX_ENTER(CERTSTORE, "pkix_pl_CollectionCertStore_CheckTrust");
PKIX_NULLCHECK_THREE(store, cert, pTrusted);
*pTrusted = PKIX_TRUE;
PKIX_RETURN(CERTSTORE);
}
/*
* FUNCTION: pkix_pl_ByteArray_Comparator
* (see comments for PKIX_PL_ComparatorCallback in pkix_pl_system.h)
*
* NOTE:
* It is not clear that this definition of comparing byte arrays makes
* sense. It does allow you to tell whether two blocks of memory are
* identical, so we only use it for the Equals function (i.e. we don't
* register it as a Compare function for ByteArray).
*/
static PKIX_Error *
pkix_pl_ByteArray_Comparator(
PKIX_PL_Object *firstObject,
PKIX_PL_Object *secondObject,
PKIX_Int32 *pResult,
void *plContext)
{
PKIX_PL_ByteArray *firstByteArray = NULL;
PKIX_PL_ByteArray *secondByteArray = NULL;
unsigned char *firstData = NULL;
unsigned char *secondData = NULL;
PKIX_UInt32 i;
PKIX_ENTER(BYTEARRAY, "pkix_pl_ByteArray_Comparator");
PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
PKIX_CHECK(pkix_CheckTypes
(firstObject, secondObject, PKIX_BYTEARRAY_TYPE, plContext),
PKIX_ARGUMENTSNOTBYTEARRAYS);
/* It's safe to cast */
firstByteArray = (PKIX_PL_ByteArray *)firstObject;
secondByteArray = (PKIX_PL_ByteArray *)secondObject;
*pResult = 0;
firstData = (unsigned char *)firstByteArray->array;
secondData = (unsigned char *)secondByteArray->array;
if (firstByteArray->length < secondByteArray->length) {
*pResult = -1;
} else if (firstByteArray->length > secondByteArray->length) {
*pResult = 1;
} else if (firstByteArray->length == secondByteArray->length) {
/* Check if both array contents are identical */
for (i = 0;
(i < firstByteArray->length) && (*pResult == 0);
i++) {
if (firstData[i] < secondData[i]) {
*pResult = -1;
} else if (firstData[i] > secondData[i]) {
*pResult = 1;
}
}
}
cleanup:
PKIX_RETURN(BYTEARRAY);
}
/*
* FUNCTION: PKIX_CertStore_Create (see comments in pkix_certstore.h)
*/
PKIX_Error *
PKIX_CertStore_Create(
PKIX_CertStore_CertCallback certCallback,
PKIX_CertStore_CRLCallback crlCallback,
PKIX_CertStore_CertContinueFunction certContinue,
PKIX_CertStore_CrlContinueFunction crlContinue,
PKIX_CertStore_CheckTrustCallback trustCallback,
PKIX_CertStore_ImportCrlCallback importCrlCallback,
PKIX_CertStore_CheckRevokationByCrlCallback checkRevByCrlCallback,
PKIX_PL_Object *certStoreContext,
PKIX_Boolean cacheFlag,
PKIX_Boolean localFlag,
PKIX_CertStore **pStore,
void *plContext)
{
PKIX_CertStore *certStore = NULL;
PKIX_ENTER(CERTSTORE, "PKIX_CertStore_Create");
PKIX_NULLCHECK_THREE(certCallback, crlCallback, pStore);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CERTSTORE_TYPE,
sizeof (PKIX_CertStore),
(PKIX_PL_Object **)&certStore,
plContext),
PKIX_COULDNOTCREATECERTSTOREOBJECT);
certStore->certCallback = certCallback;
certStore->crlCallback = crlCallback;
certStore->certContinue = certContinue;
certStore->crlContinue = crlContinue;
certStore->trustCallback = trustCallback;
certStore->importCrlCallback = importCrlCallback;
certStore->checkRevByCrlCallback = checkRevByCrlCallback;
certStore->cacheFlag = cacheFlag;
certStore->localFlag = localFlag;
PKIX_INCREF(certStoreContext);
certStore->certStoreContext = certStoreContext;
*pStore = certStore;
certStore = NULL;
cleanup:
PKIX_DECREF(certStore);
PKIX_RETURN(CERTSTORE);
}
/*
* FUNCTION: pkix_pl_Object_Equals_Default
* DESCRIPTION:
*
* Default Object_Equals callback: Compares the address of the Object pointed
* to by "firstObject" with the address of the Object pointed to by
* "secondObject" and stores the Boolean result at "pResult".
*
* PARAMETERS:
* "firstObject"
* Address of first Object to compare. Must be non-NULL.
* "secondObject"
* Address of second Object to compare. Must be non-NULL.
* "pResult"
* Address where Boolean result will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_Object_Equals_Default(
PKIX_PL_Object *firstObject,
PKIX_PL_Object *secondObject,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_ENTER(OBJECT, "pkix_pl_Object_Equals_Default");
PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
/* Just compare pointer values */
*pResult = (firstObject == secondObject)?PKIX_TRUE:PKIX_FALSE;
PKIX_RETURN(OBJECT);
}
/*
* FUNCTION: pkix_pl_ipAddrBytes2Ascii
* DESCRIPTION:
*
* Converts the DER encoding of an IPAddress pointed to by "secItem" to an
* ASCII representation and stores the result at "pAscii". The ASCII
* representation is guaranteed to end with a NUL character. The input
* SECItem must contain non-NULL data and must have a positive length.
*
* The return value "pAscii" is not reference-counted and will need to
* be freed with PKIX_PL_Free.
* XXX this function assumes that IPv4 addresses are being used
* XXX what about IPv6? can NSS tell the difference
*
* PARAMETERS
* "secItem"
* Address of SECItem which contains bytes and length of DER encoding.
* Must be non-NULL.
* "pAscii"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an Object Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_pl_ipAddrBytes2Ascii(
SECItem *secItem,
char **pAscii,
void *plContext)
{
char *data = NULL;
PKIX_UInt32 *tokens = NULL;
PKIX_UInt32 numTokens = 0;
PKIX_UInt32 i = 0;
char *asciiString = NULL;
PKIX_ENTER(OBJECT, "pkix_pl_ipAddrBytes2Ascii");
PKIX_NULLCHECK_THREE(secItem, pAscii, secItem->data);
if (secItem->len == 0) {
PKIX_ERROR_FATAL(PKIX_IPADDRBYTES2ASCIIDATALENGTHZERO);
}
data = (char *)(secItem->data);
numTokens = secItem->len;
/* allocate space for array of integers */
PKIX_CHECK(PKIX_PL_Malloc
(numTokens * sizeof (PKIX_UInt32),
(void **)&tokens,
plContext),
PKIX_MALLOCFAILED);
/* populate array of integers */
for (i = 0; i < numTokens; i++){
tokens[i] = data[i];
}
/* convert array of integers to ASCII */
PKIX_CHECK(pkix_pl_helperBytes2Ascii
(tokens, numTokens, &asciiString, plContext),
PKIX_HELPERBYTES2ASCIIFAILED);
*pAscii = asciiString;
cleanup:
PKIX_FREE(tokens);
PKIX_RETURN(OBJECT);
}
/*
* FUNCTION: pkix_pl_GeneralName_GetNssGeneralName
* DESCRIPTION:
*
* Retrieves the NSS representation of the PKIX_PL_GeneralName pointed by
* "genName" and stores it at "pNssGenName". The NSS data type CERTGeneralName
* is stored in this object when the object was created.
*
* PARAMETERS:
* "genName"
* Address of PKIX_PL_GeneralName. Must be non-NULL.
* "pNssGenName"
* Address where CERTGeneralName will be stored. Must be non-NULL.
* "plContext" - Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a GeneralName Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_pl_GeneralName_GetNssGeneralName(
PKIX_PL_GeneralName *genName,
CERTGeneralName **pNssGenName,
void *plContext)
{
CERTGeneralName *nssGenName = NULL;
PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_GetNssGeneralName");
PKIX_NULLCHECK_THREE(genName, pNssGenName, genName->nssGeneralNameList);
nssGenName = genName->nssGeneralNameList->name;
*pNssGenName = nssGenName;
PKIX_RETURN(GENERALNAME);
}
/*
* FUNCTION: pkix_pl_CollectionCertStoreContext_Equals
* (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_pl_CollectionCertStoreContext_Equals(
PKIX_PL_Object *firstObject,
PKIX_PL_Object *secondObject,
PKIX_Int32 *pResult,
void *plContext)
{
PKIX_PL_CollectionCertStoreContext *firstCCSContext = NULL;
PKIX_PL_CollectionCertStoreContext *secondCCSContext = NULL;
PKIX_Boolean cmpResult = 0;
PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
"pkix_pl_CollectionCertStoreContext_Equals");
PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
PKIX_CHECK(pkix_CheckTypes
(firstObject,
secondObject,
PKIX_COLLECTIONCERTSTORECONTEXT_TYPE,
plContext),
PKIX_OBJECTNOTCOLLECTIONCERTSTORECONTEXT);
firstCCSContext = (PKIX_PL_CollectionCertStoreContext *)firstObject;
secondCCSContext = (PKIX_PL_CollectionCertStoreContext *)secondObject;
if (firstCCSContext->storeDir == secondCCSContext->storeDir) {
cmpResult = PKIX_TRUE;
} else {
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *) firstCCSContext->storeDir,
(PKIX_PL_Object *) secondCCSContext->storeDir,
&cmpResult,
plContext),
PKIX_STRINGEQUALSFAILED);
}
*pResult = cmpResult;
/* should not check equal on crlList and certList, data are dynamic */
cleanup:
PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
}
/*
* FUNCTION: PKIX_PL_CRL_GetCriticalExtensionOIDs
* (see comments in pkix_pl_pki.h)
*/
PKIX_Error *
PKIX_PL_CRL_GetCriticalExtensionOIDs(
PKIX_PL_CRL *crl,
PKIX_List **pExtensions, /* list of PKIX_PL_OID */
void *plContext)
{
PKIX_List *oidsList = NULL;
CERTCertExtension **extensions = NULL;
CERTCrl *nssSignedCrl = NULL;
PKIX_ENTER(CRL, "PKIX_PL_CRL_GetCriticalExtensionOIDs");
PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pExtensions);
/* Can call this function only with der been adopted. */
PORT_Assert(crl->adoptedDerCrl);
/* if we don't have a cached copy from before, we create one */
if (crl->critExtOids == NULL) {
PKIX_OBJECT_LOCK(crl);
nssSignedCrl = &(crl->nssSignedCrl->crl);
extensions = nssSignedCrl->extensions;
if (crl->critExtOids == NULL) {
PKIX_CHECK(pkix_pl_OID_GetCriticalExtensionOIDs
(extensions, &oidsList, plContext),
PKIX_GETCRITICALEXTENSIONOIDSFAILED);
crl->critExtOids = oidsList;
}
PKIX_OBJECT_UNLOCK(crl);
}
/* We should return a copy of the List since this list changes */
PKIX_DUPLICATE(crl->critExtOids, pExtensions, plContext,
PKIX_OBJECTDUPLICATELISTFAILED);
cleanup:
PKIX_RETURN(CRL);
}
/*
* FUNCTION: pkix_pl_CRL_GetCRLEntries
* DESCRIPTION:
*
* Retrieves a pointer to the List of CRLEntries found in the CRL pointed to
* by "crl" and stores it at "pCRLEntries". If there are no CRLEntries,
* this functions stores NULL at "pCRLEntries".
*
* PARAMETERS:
* "crl"
* Address of CRL whose CRL Entries are to be retrieved. Must be non-NULL.
* "pCRLEntries"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRL Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_CRL_GetCRLEntries(
PKIX_PL_CRL *crl,
PKIX_List **pCrlEntries,
void *plContext)
{
PKIX_List *entryList = NULL;
CERTCrl *nssCrl = NULL;
PKIX_ENTER(CRL, "pkix_pl_CRL_GetCRLEntries");
PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pCrlEntries);
/* if we don't have a cached copy from before, we create one */
if (crl->crlEntryList == NULL) {
PKIX_OBJECT_LOCK(crl);
if (crl->crlEntryList == NULL){
nssCrl = &(crl->nssSignedCrl->crl);
PKIX_CHECK(pkix_pl_CRLEntry_Create
(nssCrl->entries, &entryList, plContext),
PKIX_CRLENTRYCREATEFAILED);
PKIX_CHECK(PKIX_List_SetImmutable
(entryList, plContext),
PKIX_LISTSETIMMUTABLEFAILED);
crl->crlEntryList = entryList;
}
PKIX_OBJECT_UNLOCK(crl);
}
PKIX_INCREF(crl->crlEntryList);
*pCrlEntries = crl->crlEntryList;
cleanup:
PKIX_RETURN(CRL);
}
