/* * FUNCTION: pkix_pl_CertPolicyQualifier_Create * DESCRIPTION: * * Creates a CertPolicyQualifier object with the OID given by "oid" * and the ByteArray given by "qualifier", and stores it at "pObject". * * PARAMETERS * "oid" * Address of OID of the desired policyQualifierId; must be non-NULL * "qualifier" * Address of ByteArray with the desired value of the qualifier; * must be non-NULL * "pObject" * Address where object pointer will be stored. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a Fatal Error if the function fails in an unrecoverable way. */ PKIX_Error * pkix_pl_CertPolicyQualifier_Create( PKIX_PL_OID *oid, PKIX_PL_ByteArray *qualifier, PKIX_PL_CertPolicyQualifier **pObject, void *plContext) { PKIX_PL_CertPolicyQualifier *qual = NULL; PKIX_ENTER(CERTPOLICYQUALIFIER, "pkix_pl_CertPolicyQualifier_Create"); PKIX_NULLCHECK_THREE(oid, qualifier, pObject); PKIX_CHECK(PKIX_PL_Object_Alloc (PKIX_CERTPOLICYQUALIFIER_TYPE, sizeof (PKIX_PL_CertPolicyQualifier), (PKIX_PL_Object **)&qual, plContext), PKIX_COULDNOTCREATECERTPOLICYQUALIFIEROBJECT); PKIX_INCREF(oid); qual->policyQualifierId = oid; PKIX_INCREF(qualifier); qual->qualifier = qualifier; *pObject = qual; qual = NULL; cleanup: PKIX_DECREF(qual); PKIX_RETURN(CERTPOLICYQUALIFIER); }
/* * FUNCTION: pkix_pl_CertPolicyMap_Create * DESCRIPTION: * * Creates a new CertPolicyMap Object pairing the OID given by * "issuerDomainPolicy" with the OID given by "subjectDomainPolicy", and * stores the result at "pCertPolicyMap". * * PARAMETERS * "issuerDomainPolicy" * Address of the OID of the IssuerDomainPolicy. Must be non-NULL. * "subjectDomainPolicy" * Address of the OID of the SubjectDomainPolicy. Must be non-NULL. * "pCertPolicyMap" * Address where CertPolicyMap pointer will be stored. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a CertPolicyMap Error if the function fails in a non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ PKIX_Error * pkix_pl_CertPolicyMap_Create( PKIX_PL_OID *issuerDomainPolicy, PKIX_PL_OID *subjectDomainPolicy, PKIX_PL_CertPolicyMap **pCertPolicyMap, void *plContext) { PKIX_PL_CertPolicyMap *policyMap = NULL; PKIX_ENTER(CERTPOLICYMAP, "pkix_pl_CertPolicyMap_Create"); PKIX_NULLCHECK_THREE (issuerDomainPolicy, subjectDomainPolicy, pCertPolicyMap); PKIX_CHECK(PKIX_PL_Object_Alloc (PKIX_CERTPOLICYMAP_TYPE, sizeof (PKIX_PL_CertPolicyMap), (PKIX_PL_Object **)&policyMap, plContext), PKIX_COULDNOTCREATECERTPOLICYMAPOBJECT); PKIX_INCREF(issuerDomainPolicy); policyMap->issuerDomainPolicy = issuerDomainPolicy; PKIX_INCREF(subjectDomainPolicy); policyMap->subjectDomainPolicy = subjectDomainPolicy; *pCertPolicyMap = policyMap; cleanup: PKIX_RETURN(CERTPOLICYMAP); }
/* * FUNCTION: PKIX_Error_Create (see comments in pkix_util.h) */ PKIX_Error * PKIX_Error_Create( PKIX_ERRORCLASS errClass, PKIX_Error *cause, PKIX_PL_Object *info, PKIX_ERRORCODE errCode, PKIX_Error **pError, void *plContext) { PKIX_Error *tempCause = NULL; PKIX_Error *error = NULL; PKIX_ENTER(ERROR, "PKIX_Error_Create"); PKIX_NULLCHECK_ONE(pError); /* * when called here, if PKIX_PL_Object_Alloc returns an error, * it must be a PKIX_ALLOC_ERROR */ pkixErrorResult = PKIX_PL_Object_Alloc (PKIX_ERROR_TYPE, ((PKIX_UInt32)(sizeof (PKIX_Error))), (PKIX_PL_Object **)&error, plContext); if (pkixErrorResult) return (pkixErrorResult); error->errClass = errClass; /* Ensure we don't have a loop. Follow causes until NULL */ for (tempCause = cause; tempCause != NULL; tempCause = tempCause->cause) { /* If we detect a loop, throw a new error */ if (tempCause == error) { PKIX_ERROR(PKIX_LOOPOFERRORCAUSEDETECTED); } } PKIX_INCREF(cause); error->cause = cause; PKIX_INCREF(info); error->info = info; error->errCode = errCode; error->plErr = PKIX_PLErrorIndex[error->errCode]; *pError = error; error = NULL; cleanup: /* PKIX-XXX Fix for leak during error creation */ PKIX_DECREF(error); PKIX_RETURN(ERROR); }
/* * FUNCTION: PKIX_List_InsertItem (see comments in pkix_util.h) */ PKIX_Error * PKIX_List_InsertItem( PKIX_List *list, PKIX_UInt32 index, PKIX_PL_Object *item, void *plContext) { PKIX_List *element = NULL; PKIX_List *newElem = NULL; PKIX_ENTER(LIST, "PKIX_List_InsertItem"); PKIX_NULLCHECK_ONE(list); if (list->immutable){ PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST); } if (!list->isHeader){ PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER); } /* Create a new list object */ PKIX_CHECK(pkix_List_Create_Internal(PKIX_FALSE, &newElem, plContext), PKIX_LISTCREATEINTERNALFAILED); if (list->length) { PKIX_CHECK(pkix_List_GetElement(list, index, &element, plContext), PKIX_LISTGETELEMENTFAILED); /* Copy the old element's contents into the new element */ newElem->item = element->item; /* Add new item to the list */ PKIX_INCREF(item); element->item = item; /* Set the new element's next pointer to the old element's next */ newElem->next = element->next; /* Set the old element's next pointer to the new element */ element->next = newElem; newElem = NULL; } else { PKIX_INCREF(item); newElem->item = item; newElem->next = NULL; list->next = newElem; newElem = NULL; } list->length++; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)list, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: PKIX_DECREF(newElem); PKIX_RETURN(LIST); }
/* * FUNCTION: pkix_PolicyNode_Create * DESCRIPTION: * * Creates a new PolicyNode using the OID pointed to by "validPolicy", the List * of CertPolicyQualifiers pointed to by "qualifierSet", the criticality * indicated by the Boolean value of "criticality", and the List of OIDs * pointed to by "expectedPolicySet", and stores the result at "pObject". The * criticality should be derived from whether the certificate policy extension * was marked as critical in the certificate that led to creation of this * PolicyNode. The "qualifierSet" and "expectedPolicySet" Lists are made * immutable. The PolicyNode pointers to parent and to children are initialized * to NULL, and the depth is set to zero; those values should be set by using * the pkix_PolicyNode_AddToParent function. * * PARAMETERS * "validPolicy" * Address of OID of the valid policy for the path. Must be non-NULL * "qualifierSet" * Address of List of CertPolicyQualifiers associated with the validpolicy. * May be NULL * "criticality" * Boolean indicator of whether the criticality should be set in this * PolicyNode * "expectedPolicySet" * Address of List of OIDs that would satisfy this policy in the next * certificate. Must be non-NULL * "pObject" * Address where the PolicyNode pointer will be stored. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a PolicyNode Error if the function fails in a non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ PKIX_Error * pkix_PolicyNode_Create( PKIX_PL_OID *validPolicy, PKIX_List *qualifierSet, PKIX_Boolean criticality, PKIX_List *expectedPolicySet, PKIX_PolicyNode **pObject, void *plContext) { PKIX_PolicyNode *node = NULL; PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Create"); PKIX_NULLCHECK_THREE(validPolicy, expectedPolicySet, pObject); PKIX_CHECK(PKIX_PL_Object_Alloc (PKIX_CERTPOLICYNODE_TYPE, sizeof (PKIX_PolicyNode), (PKIX_PL_Object **)&node, plContext), PKIX_COULDNOTCREATEPOLICYNODEOBJECT); PKIX_INCREF(validPolicy); node->validPolicy = validPolicy; PKIX_INCREF(qualifierSet); node->qualifierSet = qualifierSet; if (qualifierSet) { PKIX_CHECK(PKIX_List_SetImmutable(qualifierSet, plContext), PKIX_LISTSETIMMUTABLEFAILED); } node->criticality = criticality; PKIX_INCREF(expectedPolicySet); node->expectedPolicySet = expectedPolicySet; PKIX_CHECK(PKIX_List_SetImmutable(expectedPolicySet, plContext), PKIX_LISTSETIMMUTABLEFAILED); node->parent = NULL; node->children = NULL; node->depth = 0; *pObject = node; node = NULL; cleanup: PKIX_DECREF(node); PKIX_RETURN(CERTPOLICYNODE); }
/* * FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair * (see comments in pkix_params.h) */ PKIX_Error * PKIX_TrustAnchor_CreateWithNameKeyPair( PKIX_PL_X500Name *name, PKIX_PL_PublicKey *pubKey, PKIX_PL_CertNameConstraints *nameConstraints, PKIX_TrustAnchor **pAnchor, void *plContext) { PKIX_TrustAnchor *anchor = NULL; PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithNameKeyPair"); #ifndef BUILD_LIBPKIX_TESTS /* Nss creates trust anchors by using PKIX_TrustAnchor_CreateWithCert * function as the complete trusted cert structure, and not only cert * public key, is required for chain building and validation processes. * Restricting this function for been used only in libpkix unit * tests. */ PKIX_ERROR(PKIX_FUNCTIONMUSTNOTBEUSED); #endif PKIX_NULLCHECK_THREE(name, pubKey, pAnchor); PKIX_CHECK(PKIX_PL_Object_Alloc (PKIX_TRUSTANCHOR_TYPE, sizeof (PKIX_TrustAnchor), (PKIX_PL_Object **)&anchor, plContext), PKIX_COULDNOTCREATETRUSTANCHOROBJECT); /* initialize fields */ anchor->trustedCert = NULL; PKIX_INCREF(name); anchor->caName = name; PKIX_INCREF(pubKey); anchor->caPubKey = pubKey; PKIX_INCREF(nameConstraints); anchor->nameConstraints = nameConstraints; *pAnchor = anchor; anchor = NULL; cleanup: PKIX_DECREF(anchor); PKIX_RETURN(TRUSTANCHOR); }
/* * FUNCTION: PKIX_PL_CollectionCertStoreContext_Create * DESCRIPTION: * * Creates a new CollectionCertStoreContext using the String pointed to * by "storeDir" and stores it at "pColCertStoreContext". * * PARAMETERS: * "storeDir" * The absolute path where *.crl and *.crt files are located. * "pColCertStoreContext" * Address where object pointer will be stored. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a CollectionCertStoreContext Error if the function fails in * a non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ static PKIX_Error * pkix_pl_CollectionCertStoreContext_Create( PKIX_PL_String *storeDir, PKIX_PL_CollectionCertStoreContext **pColCertStoreContext, void *plContext) { PKIX_PL_CollectionCertStoreContext *colCertStoreContext = NULL; PKIX_ENTER(COLLECTIONCERTSTORECONTEXT, "pkix_pl_CollectionCertStoreContext_Create"); PKIX_NULLCHECK_TWO(storeDir, pColCertStoreContext); PKIX_CHECK(PKIX_PL_Object_Alloc (PKIX_COLLECTIONCERTSTORECONTEXT_TYPE, sizeof (PKIX_PL_CollectionCertStoreContext), (PKIX_PL_Object **)&colCertStoreContext, plContext), PKIX_COULDNOTCREATECOLLECTIONCERTSTORECONTEXTOBJECT); PKIX_INCREF(storeDir); colCertStoreContext->storeDir = storeDir; colCertStoreContext->crlList = NULL; colCertStoreContext->certList = NULL; *pColCertStoreContext = colCertStoreContext; colCertStoreContext = NULL; cleanup: PKIX_DECREF(colCertStoreContext); PKIX_RETURN(COLLECTIONCERTSTORECONTEXT); }
/* * FUNCTION: PKIX_ProcessingParams_SetRevocationCheckers * (see comments in pkix_params.h) */ PKIX_Error * PKIX_ProcessingParams_SetRevocationCheckers( PKIX_ProcessingParams *params, PKIX_List *checkers, /* list of PKIX_RevocationChecker */ void *plContext) { PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetRevocationCheckers"); PKIX_NULLCHECK_ONE(params); PKIX_DECREF(params->revCheckers); PKIX_INCREF(checkers); params->revCheckers = checkers; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: if (PKIX_ERROR_RECEIVED && params) { PKIX_DECREF(params->revCheckers); } PKIX_RETURN(PROCESSINGPARAMS); }
/* * FUNCTION: PKIX_ProcessingParams_GetRevocationCheckers * (see comments in pkix_params.h) */ PKIX_Error * PKIX_ProcessingParams_GetRevocationCheckers( PKIX_ProcessingParams *params, PKIX_List **pCheckers, /* list of PKIX_RevocationChecker */ void *plContext) { PKIX_ENTER (PROCESSINGPARAMS, "PKIX_ProcessingParams_GetRevocationCheckers"); PKIX_NULLCHECK_TWO(params, pCheckers); if (params->revCheckers == NULL) { PKIX_CHECK(PKIX_List_Create (&(params->revCheckers), plContext), PKIX_LISTCREATEFAILED); } PKIX_INCREF(params->revCheckers); *pCheckers = params->revCheckers; cleanup: PKIX_RETURN(PROCESSINGPARAMS); }
/* * FUNCTION: PKIX_ProcessingParams_SetInitialPolicies * (see comments in pkix_params.h) */ PKIX_Error * PKIX_ProcessingParams_SetInitialPolicies( PKIX_ProcessingParams *params, PKIX_List *initPolicies, /* list of PKIX_PL_OID */ void *plContext) { PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetInitialPolicies"); PKIX_NULLCHECK_ONE(params); PKIX_DECREF(params->initialPolicies); PKIX_INCREF(initPolicies); params->initialPolicies = initPolicies; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: if (PKIX_ERROR_RECEIVED && params) { PKIX_DECREF(params->initialPolicies); } PKIX_RETURN(PROCESSINGPARAMS); }
/* * FUNCTION: PKIX_ProcessingParams_GetInitialPolicies * (see comments in pkix_params.h) */ PKIX_Error * PKIX_ProcessingParams_GetInitialPolicies( PKIX_ProcessingParams *params, PKIX_List **pInitPolicies, /* list of PKIX_PL_OID */ void *plContext) { PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetInitialPolicies"); PKIX_NULLCHECK_TWO(params, pInitPolicies); if (params->initialPolicies == NULL) { PKIX_CHECK(PKIX_List_Create (¶ms->initialPolicies, plContext), PKIX_UNABLETOCREATELIST); PKIX_CHECK(PKIX_List_SetImmutable (params->initialPolicies, plContext), PKIX_UNABLETOMAKELISTIMMUTABLE); PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); } PKIX_INCREF(params->initialPolicies); *pInitPolicies = params->initialPolicies; cleanup: PKIX_RETURN(PROCESSINGPARAMS); }
/* * FUNCTION: PKIX_ProcessingParams_SetDate (see comments in pkix_params.h) */ PKIX_Error * PKIX_ProcessingParams_SetDate( PKIX_ProcessingParams *params, PKIX_PL_Date *date, void *plContext) { PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetDate"); PKIX_NULLCHECK_ONE(params); PKIX_DECREF(params->date); PKIX_INCREF(date); params->date = date; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: if (PKIX_ERROR_RECEIVED && params) { PKIX_DECREF(params->date); } PKIX_RETURN(PROCESSINGPARAMS); }
/* * FUNCTION: PKIX_Logger_Create (see comments in pkix_util.h) */ PKIX_Error * PKIX_Logger_Create( PKIX_Logger_LogCallback callback, PKIX_PL_Object *loggerContext, PKIX_Logger **pLogger, void *plContext) { PKIX_Logger *logger = NULL; PKIX_ENTER(LOGGER, "PKIX_Logger_Create"); PKIX_NULLCHECK_ONE(pLogger); PKIX_CHECK(PKIX_PL_Object_Alloc (PKIX_LOGGER_TYPE, sizeof (PKIX_Logger), (PKIX_PL_Object **)&logger, plContext), PKIX_COULDNOTCREATELOGGEROBJECT); logger->callback = callback; logger->maxLevel = 0; logger->logComponent = (PKIX_ERRORCLASS)NULL; PKIX_INCREF(loggerContext); logger->context = loggerContext; *pLogger = logger; logger = NULL; cleanup: PKIX_DECREF(logger); PKIX_RETURN(LOGGER); }
/* * FUNCTION: PKIX_RevocationChecker_Create (see comments in pkix_checker.h) */ PKIX_Error * PKIX_RevocationChecker_Create( PKIX_RevocationChecker_RevCallback callback, PKIX_PL_Object *revCheckerContext, PKIX_RevocationChecker **pChecker, void *plContext) { PKIX_RevocationChecker *checker = NULL; PKIX_ENTER(REVOCATIONCHECKER, "PKIX_RevocationChecker_Create"); PKIX_NULLCHECK_ONE(pChecker); PKIX_CHECK(PKIX_PL_Object_Alloc (PKIX_REVOCATIONCHECKER_TYPE, sizeof (PKIX_RevocationChecker), (PKIX_PL_Object **)&checker, plContext), PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT); /* initialize fields */ checker->checkCallback = callback; PKIX_INCREF(revCheckerContext); checker->revCheckerContext = revCheckerContext; *pChecker = checker; cleanup: PKIX_RETURN(REVOCATIONCHECKER); }
/* * FUNCTION: PKIX_PolicyNode_GetPolicyQualifiers * (see description of this function in pkix_results.h) */ PKIX_Error * PKIX_PolicyNode_GetPolicyQualifiers( PKIX_PolicyNode *node, PKIX_List **pQualifiers, /* list of PKIX_PL_CertPolicyQualifier */ void *plContext) { PKIX_List *qualifiers = NULL; PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetPolicyQualifiers"); PKIX_NULLCHECK_TWO(node, pQualifiers); PKIX_INCREF(node->qualifierSet); qualifiers = node->qualifierSet; if (!qualifiers) { PKIX_CHECK(PKIX_List_Create(&qualifiers, plContext), PKIX_LISTCREATEFAILED); } PKIX_CHECK(PKIX_List_SetImmutable(qualifiers, plContext), PKIX_LISTSETIMMUTABLEFAILED); *pQualifiers = qualifiers; cleanup: PKIX_RETURN(CERTPOLICYNODE); }
/* * FUNCTION: PKIX_PolicyNode_GetChildren * (see description of this function in pkix_results.h) */ PKIX_Error * PKIX_PolicyNode_GetChildren( PKIX_PolicyNode *node, PKIX_List **pChildren, /* list of PKIX_PolicyNode */ void *plContext) { PKIX_List *children = NULL; PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetChildren"); PKIX_NULLCHECK_TWO(node, pChildren); PKIX_INCREF(node->children); children = node->children; if (!children) { PKIX_CHECK(PKIX_List_Create(&children, plContext), PKIX_LISTCREATEFAILED); } PKIX_CHECK(PKIX_List_SetImmutable(children, plContext), PKIX_LISTSETIMMUTABLEFAILED); *pChildren = children; cleanup: if (PKIX_ERROR_RECEIVED) { PKIX_DECREF(children); } PKIX_RETURN(CERTPOLICYNODE); }
/* * FUNCTION: PKIX_List_GetItem (see comments in pkix_util.h) */ PKIX_Error * PKIX_List_GetItem( PKIX_List *list, PKIX_UInt32 index, PKIX_PL_Object **pItem, void *plContext) { PKIX_List *element = NULL; PKIX_ENTER(LIST, "PKIX_List_GetItem"); PKIX_NULLCHECK_TWO(list, pItem); if (!list->isHeader){ PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER); } PKIX_CHECK(pkix_List_GetElement(list, index, &element, plContext), PKIX_LISTGETELEMENTFAILED); PKIX_INCREF(element->item); *pItem = element->item; cleanup: PKIX_RETURN(LIST); }
/* * FUNCTION: PKIX_ProcessingParams_SetTargetCertConstraints * (see comments in pkix_params.h) */ PKIX_Error * PKIX_ProcessingParams_SetTargetCertConstraints( PKIX_ProcessingParams *params, PKIX_CertSelector *constraints, void *plContext) { PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetTargetCertConstraints"); PKIX_NULLCHECK_ONE(params); PKIX_DECREF(params->constraints); PKIX_INCREF(constraints); params->constraints = constraints; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: if (PKIX_ERROR_RECEIVED && params) { PKIX_DECREF(params->constraints); } PKIX_RETURN(PROCESSINGPARAMS); }
/* * FUNCTION: pkix_pl_CRL_GetSignatureAlgId * * DESCRIPTION: * Retrieves a pointer to the OID that represents the signature algorithm of * the CRL pointed to by "crl" and stores it at "pSignatureAlgId". * * AlgorithmIdentifier ::= SEQUENCE { * algorithm OBJECT IDENTIFIER, * parameters ANY DEFINED BY algorithm OPTIONAL } * * PARAMETERS: * "crl" * Address of CRL whose signature algorithm OID is to be stored. * Must be non-NULL. * "pSignatureAlgId" * Address where object pointer will be stored. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a CRL Error if the function fails in a non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ static PKIX_Error * pkix_pl_CRL_GetSignatureAlgId( PKIX_PL_CRL *crl, PKIX_PL_OID **pSignatureAlgId, void *plContext) { CERTCrl *nssCrl = NULL; PKIX_PL_OID *signatureAlgId = NULL; SECAlgorithmID algorithm; SECItem algBytes; char *asciiOID = NULL; PKIX_ENTER(CRL, "pkix_pl_CRL_GetSignatureAlgId"); PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pSignatureAlgId); /* if we don't have a cached copy from before, we create one */ if (crl->signatureAlgId == NULL) { PKIX_OBJECT_LOCK(crl); if (crl->signatureAlgId == NULL) { nssCrl = &(crl->nssSignedCrl->crl); algorithm = nssCrl->signatureAlg; algBytes = algorithm.algorithm; PKIX_NULLCHECK_ONE(algBytes.data); if (algBytes.len == 0) { PKIX_ERROR_FATAL(PKIX_OIDBYTESLENGTH0); } PKIX_CHECK(pkix_pl_oidBytes2Ascii (&algBytes, &asciiOID, plContext), PKIX_OIDBYTES2ASCIIFAILED); PKIX_CHECK(PKIX_PL_OID_Create (asciiOID, &signatureAlgId, plContext), PKIX_OIDCREATEFAILED); /* save a cached copy in case it is asked for again */ crl->signatureAlgId = signatureAlgId; } PKIX_OBJECT_UNLOCK(crl); } PKIX_INCREF(crl->signatureAlgId); *pSignatureAlgId = crl->signatureAlgId; cleanup: PKIX_FREE(asciiOID); PKIX_RETURN(CRL); }
/* * FUNCTION: PKIX_PL_HashTable_Lookup (see comments in pkix_pl_system.h) */ PKIX_Error * PKIX_PL_HashTable_Lookup( PKIX_PL_HashTable *ht, PKIX_PL_Object *key, PKIX_PL_Object **pResult, void *plContext) { PKIX_PL_Mutex *lockedMutex = NULL; PKIX_UInt32 hashCode; PKIX_PL_EqualsCallback keyComp; PKIX_PL_Object *result = NULL; PKIX_ENTER(HASHTABLE, "PKIX_PL_HashTable_Lookup"); #if !defined(PKIX_OBJECT_LEAK_TEST) PKIX_NULLCHECK_THREE(ht, key, pResult); #else PKIX_NULLCHECK_TWO(key, pResult); if (ht == NULL) { PKIX_RETURN(HASHTABLE); } #endif PKIX_CHECK(PKIX_PL_Object_Hashcode(key, &hashCode, plContext), PKIX_OBJECTHASHCODEFAILED); PKIX_CHECK(pkix_pl_Object_RetrieveEqualsCallback (key, &keyComp, plContext), PKIX_OBJECTRETRIEVEEQUALSCALLBACKFAILED); PKIX_MUTEX_LOCK(ht->tableLock); /* Lookup in primitive hashtable */ PKIX_CHECK(pkix_pl_PrimHashTable_Lookup (ht->primHash, (void *)key, hashCode, keyComp, (void **)&result, plContext), PKIX_PRIMHASHTABLELOOKUPFAILED); PKIX_INCREF(result); PKIX_MUTEX_UNLOCK(ht->tableLock); *pResult = result; cleanup: PKIX_MUTEX_UNLOCK(ht->tableLock); PKIX_RETURN(HASHTABLE); }
/* * FUNCTION: pkix_List_Duplicate * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_List_Duplicate( PKIX_PL_Object *object, PKIX_PL_Object **pNewObject, void *plContext) { PKIX_List *list = NULL; PKIX_List *listDuplicate = NULL; PKIX_ENTER(LIST, "pkix_List_Duplicate"); PKIX_NULLCHECK_TWO(object, pNewObject); PKIX_CHECK(pkix_CheckType(object, PKIX_LIST_TYPE, plContext), PKIX_OBJECTNOTLIST); list = (PKIX_List *)object; if (list->immutable){ PKIX_CHECK(pkix_duplicateImmutable (object, pNewObject, plContext), PKIX_DUPLICATEIMMUTABLEFAILED); } else { PKIX_CHECK(pkix_List_Create_Internal (list->isHeader, &listDuplicate, plContext), PKIX_LISTCREATEINTERNALFAILED); listDuplicate->length = list->length; PKIX_INCREF(list->item); listDuplicate->item = list->item; if (list->next == NULL){ listDuplicate->next = NULL; } else { /* Recursively Duplicate list */ PKIX_CHECK(pkix_List_Duplicate ((PKIX_PL_Object *)list->next, (PKIX_PL_Object **)&listDuplicate->next, plContext), PKIX_LISTDUPLICATEFAILED); } *pNewObject = (PKIX_PL_Object *)listDuplicate; } cleanup: if (PKIX_ERROR_RECEIVED){ PKIX_DECREF(listDuplicate); } PKIX_RETURN(LIST); }
/* * FUNCTION: pkix_ValidateResult_Create * DESCRIPTION: * * Creates a new ValidateResult Object using the PublicKey pointed to by * "pubKey", the TrustAnchor pointed to by "anchor", and the PolicyNode * pointed to by "policyTree", and stores it at "pResult". * * PARAMETERS * "pubKey" * PublicKey of the desired ValidateResult. Must be non-NULL. * "anchor" * TrustAnchor of the desired Validateresult. Must be non-NULL. * "policyTree" * PolicyNode of the desired ValidateResult; may be NULL * "pResult" * Address where object pointer will be stored. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a Fatal Error if the function fails in an unrecoverable way. */ PKIX_Error * pkix_ValidateResult_Create( PKIX_PL_PublicKey *pubKey, PKIX_TrustAnchor *anchor, PKIX_PolicyNode *policyTree, PKIX_ValidateResult **pResult, void *plContext) { PKIX_ValidateResult *result = NULL; PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_Create"); PKIX_NULLCHECK_THREE(pubKey, anchor, pResult); PKIX_CHECK(PKIX_PL_Object_Alloc (PKIX_VALIDATERESULT_TYPE, sizeof (PKIX_ValidateResult), (PKIX_PL_Object **)&result, plContext), PKIX_COULDNOTCREATEVALIDATERESULTOBJECT); /* initialize fields */ PKIX_INCREF(pubKey); result->pubKey = pubKey; PKIX_INCREF(anchor); result->anchor = anchor; PKIX_INCREF(policyTree); result->policyTree = policyTree; *pResult = result; result = NULL; cleanup: PKIX_DECREF(result); PKIX_RETURN(VALIDATERESULT); }
/* * FUNCTION: PKIX_VerifyNode_FindError * DESCRIPTION: * * Finds meaningful error in the log. For now, just returns the first * error it finds in. In the future the function should be changed to * return a top priority error. * * PARAMETERS: * "node" * The address of the VerifyNode to be modified. Must be non-NULL. * "error" * The address of a pointer the error will be returned to. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a Fatal Error if the function fails in an unrecoverable way. */ PKIX_Error * pkix_VerifyNode_FindError( PKIX_VerifyNode *node, PKIX_Error **error, void *plContext) { PKIX_VerifyNode *childNode = NULL; PKIX_ENTER(VERIFYNODE, "PKIX_VerifyNode_FindError"); /* Make sure the return address is initialized with NULL */ PKIX_DECREF(*error); if (!node) goto cleanup; /* First, try to get error from lowest level. */ if (node->children) { PKIX_UInt32 length = 0; PKIX_UInt32 index = 0; PKIX_CHECK( PKIX_List_GetLength(node->children, &length, plContext), PKIX_LISTGETLENGTHFAILED); for (index = 0;index < length;index++) { PKIX_CHECK( PKIX_List_GetItem(node->children, index, (PKIX_PL_Object**)&childNode, plContext), PKIX_LISTGETITEMFAILED); if (!childNode) continue; PKIX_CHECK( pkix_VerifyNode_FindError(childNode, error, plContext), PKIX_VERIFYNODEFINDERRORFAILED); PKIX_DECREF(childNode); if (*error) { goto cleanup; } } } if (node->error) { PKIX_INCREF(node->error); *error = node->error; } cleanup: PKIX_DECREF(childNode); PKIX_RETURN(VERIFYNODE); }
/* * FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair * (see comments in pkix_params.h) */ PKIX_Error * PKIX_TrustAnchor_CreateWithNameKeyPair( PKIX_PL_X500Name *name, PKIX_PL_PublicKey *pubKey, PKIX_PL_CertNameConstraints *nameConstraints, PKIX_TrustAnchor **pAnchor, void *plContext) { PKIX_TrustAnchor *anchor = NULL; PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithNameKeyPair"); PKIX_NULLCHECK_THREE(name, pubKey, pAnchor); PKIX_CHECK(PKIX_PL_Object_Alloc (PKIX_TRUSTANCHOR_TYPE, sizeof (PKIX_TrustAnchor), (PKIX_PL_Object **)&anchor, plContext), PKIX_COULDNOTCREATETRUSTANCHOROBJECT); /* initialize fields */ anchor->trustedCert = NULL; PKIX_INCREF(name); anchor->caName = name; PKIX_INCREF(pubKey); anchor->caPubKey = pubKey; PKIX_INCREF(nameConstraints); anchor->nameConstraints = nameConstraints; *pAnchor = anchor; anchor = NULL; cleanup: PKIX_DECREF(anchor); PKIX_RETURN(TRUSTANCHOR); }
/* * FUNCTION: pkix_VerifyNode_Create * DESCRIPTION: * * This function creates a VerifyNode using the Cert pointed to by "cert", * the depth given by "depth", and the Error pointed to by "error", storing * the result at "pObject". * * PARAMETERS * "cert" * Address of Cert for the node. Must be non-NULL * "depth" * UInt32 value of the depth for this node. * "error" * Address of Error for the node. * "pObject" * Address where the VerifyNode pointer will be stored. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a Fatal Error if the function fails in an unrecoverable way. */ PKIX_Error * pkix_VerifyNode_Create( PKIX_PL_Cert *cert, PKIX_UInt32 depth, PKIX_Error *error, PKIX_VerifyNode **pObject, void *plContext) { PKIX_VerifyNode *node = NULL; PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_Create"); PKIX_NULLCHECK_TWO(cert, pObject); PKIX_CHECK(PKIX_PL_Object_Alloc (PKIX_VERIFYNODE_TYPE, sizeof (PKIX_VerifyNode), (PKIX_PL_Object **)&node, plContext), PKIX_COULDNOTCREATEVERIFYNODEOBJECT); PKIX_INCREF(cert); node->verifyCert = cert; PKIX_INCREF(error); node->error = error; node->depth = depth; node->children = NULL; *pObject = node; node = NULL; cleanup: PKIX_DECREF(node); PKIX_RETURN(VERIFYNODE); }
/* * FUNCTION: PKIX_PL_CRL_GetIssuer (see comments in pkix_pl_pki.h) */ PKIX_Error * PKIX_PL_CRL_GetIssuer( PKIX_PL_CRL *crl, PKIX_PL_X500Name **pCRLIssuer, void *plContext) { PKIX_PL_String *crlString = NULL; PKIX_PL_X500Name *issuer = NULL; SECItem *derIssuerName = NULL; CERTName *issuerName = NULL; PKIX_ENTER(CRL, "PKIX_PL_CRL_GetIssuer"); PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pCRLIssuer); /* Can call this function only with der been adopted. */ PORT_Assert(crl->adoptedDerCrl); /* if we don't have a cached copy from before, we create one */ if (crl->issuer == NULL){ PKIX_OBJECT_LOCK(crl); if (crl->issuer == NULL) { issuerName = &crl->nssSignedCrl->crl.name; derIssuerName = &crl->nssSignedCrl->crl.derName; PKIX_CHECK( PKIX_PL_X500Name_CreateFromCERTName(derIssuerName, issuerName, &issuer, plContext), PKIX_X500NAMECREATEFROMCERTNAMEFAILED); /* save a cached copy in case it is asked for again */ crl->issuer = issuer; } PKIX_OBJECT_UNLOCK(crl); } PKIX_INCREF(crl->issuer); *pCRLIssuer = crl->issuer; cleanup: PKIX_DECREF(crlString); PKIX_RETURN(CRL); }
/* * FUNCTION: PKIX_List_AppendItem (see comments in pkix_util.h) */ PKIX_Error * PKIX_List_AppendItem( PKIX_List *list, PKIX_PL_Object *item, void *plContext) { PKIX_List *lastElement = NULL; PKIX_List *newElement = NULL; PKIX_UInt32 length, i; PKIX_ENTER(LIST, "PKIX_List_AppendItem"); PKIX_NULLCHECK_ONE(list); if (list->immutable){ PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST); } if (!list->isHeader){ PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER); } length = list->length; /* find last element of list and create new element there */ lastElement = list; for (i = 0; i < length; i++){ lastElement = lastElement->next; } PKIX_CHECK(pkix_List_Create_Internal (PKIX_FALSE, &newElement, plContext), PKIX_LISTCREATEINTERNALFAILED); PKIX_INCREF(item); newElement->item = item; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)list, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); lastElement->next = newElement; newElement = NULL; list->length += 1; cleanup: PKIX_DECREF(newElement); PKIX_RETURN(LIST); }
/* * FUNCTION: PKIX_CertStore_Create (see comments in pkix_certstore.h) */ PKIX_Error * PKIX_CertStore_Create( PKIX_CertStore_CertCallback certCallback, PKIX_CertStore_CRLCallback crlCallback, PKIX_CertStore_CertContinueFunction certContinue, PKIX_CertStore_CrlContinueFunction crlContinue, PKIX_CertStore_CheckTrustCallback trustCallback, PKIX_CertStore_ImportCrlCallback importCrlCallback, PKIX_CertStore_CheckRevokationByCrlCallback checkRevByCrlCallback, PKIX_PL_Object *certStoreContext, PKIX_Boolean cacheFlag, PKIX_Boolean localFlag, PKIX_CertStore **pStore, void *plContext) { PKIX_CertStore *certStore = NULL; PKIX_ENTER(CERTSTORE, "PKIX_CertStore_Create"); PKIX_NULLCHECK_THREE(certCallback, crlCallback, pStore); PKIX_CHECK(PKIX_PL_Object_Alloc (PKIX_CERTSTORE_TYPE, sizeof (PKIX_CertStore), (PKIX_PL_Object **)&certStore, plContext), PKIX_COULDNOTCREATECERTSTOREOBJECT); certStore->certCallback = certCallback; certStore->crlCallback = crlCallback; certStore->certContinue = certContinue; certStore->crlContinue = crlContinue; certStore->trustCallback = trustCallback; certStore->importCrlCallback = importCrlCallback; certStore->checkRevByCrlCallback = checkRevByCrlCallback; certStore->cacheFlag = cacheFlag; certStore->localFlag = localFlag; PKIX_INCREF(certStoreContext); certStore->certStoreContext = certStoreContext; *pStore = certStore; certStore = NULL; cleanup: PKIX_DECREF(certStore); PKIX_RETURN(CERTSTORE); }
/* * FUNCTION: PKIX_ComCertSelParams_GetSerialNumber * (see comments in pkix_certsel.h) */ PKIX_Error * PKIX_ComCertSelParams_GetSerialNumber( PKIX_ComCertSelParams *params, PKIX_PL_BigInt **pSerialNumber, void *plContext) { PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetSerialNumber"); PKIX_NULLCHECK_TWO(params, pSerialNumber); PKIX_INCREF(params->serialNumber); *pSerialNumber = params->serialNumber; cleanup: PKIX_RETURN(COMCERTSELPARAMS); }
/* * FUNCTION: PKIX_ComCertSelParams_GetIssuer * (see comments in pkix_certsel.h) */ PKIX_Error * PKIX_ComCertSelParams_GetIssuer( PKIX_ComCertSelParams *params, PKIX_PL_X500Name **pIssuer, void *plContext) { PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetIssuer"); PKIX_NULLCHECK_TWO(params, pIssuer); PKIX_INCREF(params->issuer); *pIssuer = params->issuer; cleanup: PKIX_RETURN(COMCERTSELPARAMS); }