/*
* FUNCTION: PKIX_ProcessingParams_SetInitialPolicies
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ProcessingParams_SetInitialPolicies(
PKIX_ProcessingParams *params,
PKIX_List *initPolicies, /* list of PKIX_PL_OID */
void *plContext)
{
PKIX_ENTER(PROCESSINGPARAMS,
"PKIX_ProcessingParams_SetInitialPolicies");
PKIX_NULLCHECK_ONE(params);
PKIX_DECREF(params->initialPolicies);
PKIX_INCREF(initPolicies);
params->initialPolicies = initPolicies;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
if (PKIX_ERROR_RECEIVED && params) {
PKIX_DECREF(params->initialPolicies);
}
PKIX_RETURN(PROCESSINGPARAMS);
}
/*
* FUNCTION: PKIX_ProcessingParams_SetTargetCertConstraints
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ProcessingParams_SetTargetCertConstraints(
PKIX_ProcessingParams *params,
PKIX_CertSelector *constraints,
void *plContext)
{
PKIX_ENTER(PROCESSINGPARAMS,
"PKIX_ProcessingParams_SetTargetCertConstraints");
PKIX_NULLCHECK_ONE(params);
PKIX_DECREF(params->constraints);
PKIX_INCREF(constraints);
params->constraints = constraints;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
if (PKIX_ERROR_RECEIVED && params) {
PKIX_DECREF(params->constraints);
}
PKIX_RETURN(PROCESSINGPARAMS);
}
/*
* FUNCTION: PKIX_ProcessingParams_GetInitialPolicies
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ProcessingParams_GetInitialPolicies(
PKIX_ProcessingParams *params,
PKIX_List **pInitPolicies, /* list of PKIX_PL_OID */
void *plContext)
{
PKIX_ENTER(PROCESSINGPARAMS,
"PKIX_ProcessingParams_GetInitialPolicies");
PKIX_NULLCHECK_TWO(params, pInitPolicies);
if (params->initialPolicies == NULL) {
PKIX_CHECK(PKIX_List_Create
(¶ms->initialPolicies, plContext),
PKIX_UNABLETOCREATELIST);
PKIX_CHECK(PKIX_List_SetImmutable
(params->initialPolicies, plContext),
PKIX_UNABLETOMAKELISTIMMUTABLE);
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
}
PKIX_INCREF(params->initialPolicies);
*pInitPolicies = params->initialPolicies;
cleanup:
PKIX_RETURN(PROCESSINGPARAMS);
}
/*
* FUNCTION: PKIX_ProcessingParams_SetDate (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ProcessingParams_SetDate(
PKIX_ProcessingParams *params,
PKIX_PL_Date *date,
void *plContext)
{
PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetDate");
PKIX_NULLCHECK_ONE(params);
PKIX_DECREF(params->date);
PKIX_INCREF(date);
params->date = date;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
if (PKIX_ERROR_RECEIVED && params) {
PKIX_DECREF(params->date);
}
PKIX_RETURN(PROCESSINGPARAMS);
}
/*
* FUNCTION: PKIX_ComCertSelParams_AddPathToName
* (see comments in pkix_certsel.h)
*/
PKIX_Error *
PKIX_ComCertSelParams_AddPathToName(
PKIX_ComCertSelParams *params,
PKIX_PL_GeneralName *name,
void *plContext)
{
PKIX_List *pathToNamesList = NULL;
PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_AddPathToName");
PKIX_NULLCHECK_ONE(params);
if (name == NULL) {
goto cleanup;
}
if (params->pathToNames == NULL) {
/* Create a list for name item */
PKIX_CHECK(PKIX_List_Create(&pathToNamesList, plContext),
PKIX_LISTCREATEFAILED);
params->pathToNames = pathToNamesList;
}
PKIX_CHECK(PKIX_List_AppendItem
(params->pathToNames, (PKIX_PL_Object *)name, plContext),
PKIX_LISTAPPENDITEMFAILED);
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(COMCERTSELPARAMS);
}
/*
* FUNCTION: PKIX_ProcessingParams_AddCertStore
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ProcessingParams_AddCertStore(
PKIX_ProcessingParams *params,
PKIX_CertStore *store,
void *plContext)
{
PKIX_List *certStores = NULL;
PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_AddCertStore");
PKIX_NULLCHECK_TWO(params, store);
PKIX_CHECK(PKIX_ProcessingParams_GetCertStores
(params, &certStores, plContext),
PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED);
PKIX_CHECK(PKIX_List_AppendItem
(certStores, (PKIX_PL_Object *)store, plContext),
PKIX_LISTAPPENDITEMFAILED);
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_DECREF(certStores);
PKIX_RETURN(PROCESSINGPARAMS);
}
/*
* FUNCTION: PKIX_ProcessingParams_SetRevocationCheckers
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ProcessingParams_SetRevocationCheckers(
PKIX_ProcessingParams *params,
PKIX_List *checkers, /* list of PKIX_RevocationChecker */
void *plContext)
{
PKIX_ENTER(PROCESSINGPARAMS,
"PKIX_ProcessingParams_SetRevocationCheckers");
PKIX_NULLCHECK_ONE(params);
PKIX_DECREF(params->revCheckers);
PKIX_INCREF(checkers);
params->revCheckers = checkers;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
if (PKIX_ERROR_RECEIVED && params) {
PKIX_DECREF(params->revCheckers);
}
PKIX_RETURN(PROCESSINGPARAMS);
}
/*
* FUNCTION: pkix_PolicyNode_AddToParent
* DESCRIPTION:
*
* Adds the PolicyNode pointed to by "child" to the List of children of
* the PolicyNode pointed to by "parentNode". If "parentNode" had a
* NULL pointer for the List of children, a new List is created containing
* "child". Otherwise "child" is appended to the existing List. The
* parent field in "child" is set to "parent", and the depth field is
* set to one more than the corresponding value in "parent".
*
* Depth, in this context, means distance from the root node, which
* is at depth zero.
*
* PARAMETERS:
* "parentNode"
* Address of PolicyNode whose List of child PolicyNodes is to be
* created or appended to. Must be non-NULL.
* "child"
* Address of PolicyNode to be added to parentNode's List. Must be
* non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a PolicyNode Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_PolicyNode_AddToParent(
PKIX_PolicyNode *parentNode,
PKIX_PolicyNode *child,
void *plContext)
{
PKIX_List *listOfChildren = NULL;
PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_AddToParent");
PKIX_NULLCHECK_TWO(parentNode, child);
listOfChildren = parentNode->children;
if (listOfChildren == NULL) {
PKIX_CHECK(PKIX_List_Create(&listOfChildren, plContext),
PKIX_LISTCREATEFAILED);
parentNode->children = listOfChildren;
}
/*
* Note: this link is not reference-counted. The link from parent
* to child is counted (actually, the parent "owns" a List which
* "owns" children), but the children do not "own" the parent.
* Otherwise, there would be loops.
*/
child->parent = parentNode;
child->depth = 1 + (parentNode->depth);
PKIX_CHECK(PKIX_List_AppendItem
(listOfChildren, (PKIX_PL_Object *)child, plContext),
PKIX_COULDNOTAPPENDCHILDTOPARENTSPOLICYNODELIST);
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)parentNode, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)child, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(CERTPOLICYNODE);
}
/*
* FUNCTION: PKIX_List_InsertItem (see comments in pkix_util.h)
*/
PKIX_Error *
PKIX_List_InsertItem(
PKIX_List *list,
PKIX_UInt32 index,
PKIX_PL_Object *item,
void *plContext)
{
PKIX_List *element = NULL;
PKIX_List *newElem = NULL;
PKIX_ENTER(LIST, "PKIX_List_InsertItem");
PKIX_NULLCHECK_ONE(list);
if (list->immutable){
PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
}
if (!list->isHeader){
PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
}
/* Create a new list object */
PKIX_CHECK(pkix_List_Create_Internal(PKIX_FALSE, &newElem, plContext),
PKIX_LISTCREATEINTERNALFAILED);
if (list->length) {
PKIX_CHECK(pkix_List_GetElement(list, index, &element, plContext),
PKIX_LISTGETELEMENTFAILED);
/* Copy the old element's contents into the new element */
newElem->item = element->item;
/* Add new item to the list */
PKIX_INCREF(item);
element->item = item;
/* Set the new element's next pointer to the old element's next */
newElem->next = element->next;
/* Set the old element's next pointer to the new element */
element->next = newElem;
newElem = NULL;
} else {
PKIX_INCREF(item);
newElem->item = item;
newElem->next = NULL;
list->next = newElem;
newElem = NULL;
}
list->length++;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)list, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_DECREF(newElem);
PKIX_RETURN(LIST);
}
/*
* FUNCTION: PKIX_List_AppendItem (see comments in pkix_util.h)
*/
PKIX_Error *
PKIX_List_AppendItem(
PKIX_List *list,
PKIX_PL_Object *item,
void *plContext)
{
PKIX_List *lastElement = NULL;
PKIX_List *newElement = NULL;
PKIX_UInt32 length, i;
PKIX_ENTER(LIST, "PKIX_List_AppendItem");
PKIX_NULLCHECK_ONE(list);
if (list->immutable){
PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
}
if (!list->isHeader){
PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
}
length = list->length;
/* find last element of list and create new element there */
lastElement = list;
for (i = 0; i < length; i++){
lastElement = lastElement->next;
}
PKIX_CHECK(pkix_List_Create_Internal
(PKIX_FALSE, &newElement, plContext),
PKIX_LISTCREATEINTERNALFAILED);
PKIX_INCREF(item);
newElement->item = item;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)list, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
lastElement->next = newElement;
newElement = NULL;
list->length += 1;
cleanup:
PKIX_DECREF(newElement);
PKIX_RETURN(LIST);
}
/*
* FUNCTION: PKIX_ComCertSelParams_SetVersion
* (see comments in pkix_certsel.h)
*/
PKIX_Error *
PKIX_ComCertSelParams_SetVersion(
PKIX_ComCertSelParams *params,
PKIX_Int32 version,
void *plContext)
{
PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetVersion");
PKIX_NULLCHECK_ONE(params);
params->version = version;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(COMCERTSELPARAMS);
}
/*
* FUNCTION: PKIX_ComCertSelParams_SetLeafCertFlag
* (see comments in pkix_certsel.h)
*/
PKIX_Error *
PKIX_ComCertSelParams_SetLeafCertFlag(
PKIX_ComCertSelParams *params,
PKIX_Boolean leafFlag,
void *plContext)
{
PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetLeafCertFlag");
PKIX_NULLCHECK_ONE(params);
params->leafCertFlag = leafFlag;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(COMCERTSELPARAMS);
}
/*
* FUNCTION: PKIX_ComCertSelParams_SetCertificate
* (see comments in pkix_certsel.h)
*/
PKIX_Error *
PKIX_ComCertSelParams_SetCertificate(
PKIX_ComCertSelParams *params,
PKIX_PL_Cert *cert,
void *plContext)
{
PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetCertificate");
PKIX_NULLCHECK_ONE(params);
PKIX_DECREF(params->cert);
PKIX_INCREF(cert);
params->cert = cert;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(COMCERTSELPARAMS);
}
/*
* FUNCTION: PKIX_ComCertSelParams_SetPolicy (see comments in pkix_certsel.h)
*/
PKIX_Error *
PKIX_ComCertSelParams_SetPolicy(
PKIX_ComCertSelParams *params,
PKIX_List *policy, /* List of PKIX_PL_OID */
void *plContext)
{
PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetPolicy");
PKIX_NULLCHECK_ONE(params);
PKIX_DECREF(params->policies);
PKIX_INCREF(policy);
params->policies = policy;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(COMCERTSELPARAMS);
}
/*
* FUNCTION: PKIX_ComCertSelParams_SetBasicConstraints
* (see comments in pkix_certsel.h)
*/
PKIX_Error *
PKIX_ComCertSelParams_SetBasicConstraints(
PKIX_ComCertSelParams *params,
PKIX_Int32 minPathLength,
void *plContext)
{
PKIX_ENTER(COMCERTSELPARAMS,
"PKIX_ComCertSelParams_SetBasicConstraints");
PKIX_NULLCHECK_ONE(params);
params->minPathLength = minPathLength;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(COMCERTSELPARAMS);
}
/*
* FUNCTION: PKIX_ProcessingParams_SetPolicyQualifiersRejected
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ProcessingParams_SetPolicyQualifiersRejected(
PKIX_ProcessingParams *params,
PKIX_Boolean rejected,
void *plContext)
{
PKIX_ENTER(PROCESSINGPARAMS,
"PKIX_ProcessingParams_SetPolicyQualifiersRejected");
PKIX_NULLCHECK_ONE(params);
params->qualifiersRejected = rejected;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(PROCESSINGPARAMS);
}
/*
* FUNCTION: PKIX_ProcessingParams_SetNISTRevocationPolicyEnabled
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ProcessingParams_SetNISTRevocationPolicyEnabled(
PKIX_ProcessingParams *params,
PKIX_Boolean enabled,
void *plContext)
{
PKIX_ENTER(PROCESSINGPARAMS,
"PKIX_ProcessingParams_SetNISTRevocationPolicyEnabled");
PKIX_NULLCHECK_ONE(params);
params->isCrlRevocationCheckingEnabledWithNISTPolicy = enabled;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(PROCESSINGPARAMS);
}
/*
* FUNCTION: PKIX_ComCertSelParams_SetSerialNumber
* (see comments in pkix_certsel.h)
*/
PKIX_Error *
PKIX_ComCertSelParams_SetSerialNumber(
PKIX_ComCertSelParams *params,
PKIX_PL_BigInt *serialNumber,
void *plContext)
{
PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetSerialNumber");
PKIX_NULLCHECK_ONE(params);
PKIX_DECREF(params->serialNumber);
PKIX_INCREF(serialNumber);
params->serialNumber = serialNumber;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(COMCERTSELPARAMS);
}
/*
* FUNCTION: PKIX_ComCertSelParams_SetNameConstraints
* (see comments in pkix_certsel.h)
*/
PKIX_Error *
PKIX_ComCertSelParams_SetNameConstraints(
PKIX_ComCertSelParams *params,
PKIX_PL_CertNameConstraints *nameConstraints,
void *plContext)
{
PKIX_ENTER(COMCERTSELPARAMS,
"PKIX_ComCertSelParams_SetNameConstraints");
PKIX_NULLCHECK_ONE(params);
PKIX_DECREF(params->nameConstraints);
PKIX_INCREF(nameConstraints);
params->nameConstraints = nameConstraints;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(COMCERTSELPARAMS);
}
/*
* FUNCTION: PKIX_ComCertSelParams_SetSubjPKAlgId
* (see comments in pkix_certsel.h)
*/
PKIX_Error *
PKIX_ComCertSelParams_SetSubjPKAlgId(
PKIX_ComCertSelParams *params,
PKIX_PL_OID *algId,
void *plContext)
{
PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetSubjPKAlgId");
PKIX_NULLCHECK_ONE(params);
PKIX_DECREF(params->subjPKAlgId);
PKIX_INCREF(algId);
params->subjPKAlgId = algId;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(COMCERTSELPARAMS);
}
/*
* FUNCTION: PKIX_ComCertSelParams_SetPathToNames
* (see comments in pkix_certsel.h)
*/
PKIX_Error *
PKIX_ComCertSelParams_SetPathToNames(
PKIX_ComCertSelParams *params,
PKIX_List *names, /* list of PKIX_PL_GeneralName */
void *plContext)
{
PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetPathToNames");
PKIX_NULLCHECK_ONE(params);
PKIX_DECREF(params->pathToNames);
PKIX_INCREF(names);
params->pathToNames = names;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(COMCERTSELPARAMS);
}
/*
* FUNCTION: PKIX_List_SetItem (see comments in pkix_util.h)
*/
PKIX_Error *
PKIX_List_SetItem(
PKIX_List *list,
PKIX_UInt32 index,
PKIX_PL_Object *item,
void *plContext)
{
PKIX_List *element;
PKIX_ENTER(LIST, "PKIX_List_SetItem");
PKIX_NULLCHECK_ONE(list);
if (list->immutable){
PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
}
if (!list->isHeader){
PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
}
PKIX_CHECK(pkix_List_GetElement(list, index, &element, plContext),
PKIX_LISTGETELEMENTFAILED);
/* DecRef old contents */
PKIX_DECREF(element->item);
/* Set New Contents */
PKIX_INCREF(item);
element->item = item;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)list, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(LIST);
}
/*
* FUNCTION: PKIX_ProcessingParams_AddCertChainCheckers
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ProcessingParams_AddCertChainChecker(
PKIX_ProcessingParams *params,
PKIX_CertChainChecker *checker,
void *plContext)
{
PKIX_List *list = NULL;
PKIX_ENTER(PROCESSINGPARAMS,
"PKIX_ProcessingParams_AddCertChainChecker");
PKIX_NULLCHECK_TWO(params, checker);
if (params->certChainCheckers == NULL) {
PKIX_CHECK(PKIX_List_Create(&list, plContext),
PKIX_LISTCREATEFAILED);
params->certChainCheckers = list;
}
PKIX_CHECK(PKIX_List_AppendItem
(params->certChainCheckers, (PKIX_PL_Object *)checker, plContext),
PKIX_LISTAPPENDITEMFAILED);
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
list = NULL;
cleanup:
if (list && params) {
PKIX_DECREF(params->certChainCheckers);
}
PKIX_RETURN(PROCESSINGPARAMS);
}
/*
* FUNCTION: PKIX_ComCertSelParams_SetAuthorityKeyIdentifier
* (see comments in pkix_certsel.h)
*/
PKIX_Error *
PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(
PKIX_ComCertSelParams *params,
PKIX_PL_ByteArray *authKeyId,
void *plContext)
{
PKIX_ENTER(COMCERTSELPARAMS,
"PKIX_ComCertSelParams_SetAuthKeyIdentifier");
PKIX_NULLCHECK_ONE(params);
PKIX_DECREF(params->authKeyId);
PKIX_INCREF(authKeyId);
params->authKeyId = authKeyId;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(COMCERTSELPARAMS);
}
/*
* FUNCTION: PKIX_ComCertSelParams_SetSubject (see comments in pkix_certsel.h)
*/
PKIX_Error *
PKIX_ComCertSelParams_SetSubject(
PKIX_ComCertSelParams *params,
PKIX_PL_X500Name *subject,
void *plContext)
{
PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetSubject");
PKIX_NULLCHECK_ONE(params);
PKIX_DECREF(params->subject);
PKIX_INCREF(subject);
params->subject = subject;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(COMCERTSELPARAMS);
}
/*
* FUNCTION: pkix_PolicyNode_Prune
* DESCRIPTION:
*
* Prunes a tree below the PolicyNode whose address is pointed to by "node",
* using the UInt32 value of "height" as the distance from the leaf level,
* and storing at "pDelete" the Boolean value of whether this PolicyNode is,
* after pruning, childless and should be pruned.
*
* Any PolicyNode at height 0 is allowed to survive. If the height is greater
* than zero, pkix_PolicyNode_Prune is called recursively for each child of
* the current PolicyNode. After this process, a node with no children
* stores PKIX_TRUE in "pDelete" to indicate that it should be deleted.
*
* PARAMETERS:
* "node"
* Address of the PolicyNode to be pruned. Must be non-NULL.
* "height"
* UInt32 value for the distance from the leaf level
* "pDelete"
* Address to store the Boolean return value of PKIX_TRUE if this node
* should be pruned, or PKIX_FALSE if there remains at least one
* branch of the required height. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a PolicyNode Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_PolicyNode_Prune(
PKIX_PolicyNode *node,
PKIX_UInt32 height,
PKIX_Boolean *pDelete,
void *plContext)
{
PKIX_Boolean childless = PKIX_FALSE;
PKIX_Boolean shouldBePruned = PKIX_FALSE;
PKIX_UInt32 listSize = 0;
PKIX_UInt32 listIndex = 0;
PKIX_PolicyNode *candidate = NULL;
PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Prune");
PKIX_NULLCHECK_TWO(node, pDelete);
/* Don't prune at the leaf */
if (height == 0) {
goto cleanup;
}
/* Above the bottom level, childless nodes get pruned */
if (!(node->children)) {
childless = PKIX_TRUE;
goto cleanup;
}
/*
* This node has children. If they are leaf nodes,
* we know they will live. Otherwise, check them out.
*/
if (height > 1) {
PKIX_CHECK(PKIX_List_GetLength
(node->children, &listSize, plContext),
PKIX_LISTGETLENGTHFAILED);
/*
* By working backwards from the end of the list,
* we avoid having to worry about possible
* decreases in the size of the list, as we
* delete items. The only nuisance is that since the
* index is UInt32, we can't check for it to reach -1;
* we have to use the 1-based index, rather than the
* 0-based index that PKIX_List functions require.
*/
for (listIndex = listSize; listIndex > 0; listIndex--) {
PKIX_CHECK(PKIX_List_GetItem
(node->children,
(listIndex - 1),
(PKIX_PL_Object **)&candidate,
plContext),
PKIX_LISTGETITEMFAILED);
PKIX_CHECK(pkix_PolicyNode_Prune
(candidate,
height - 1,
&shouldBePruned,
plContext),
PKIX_POLICYNODEPRUNEFAILED);
if (shouldBePruned == PKIX_TRUE) {
PKIX_CHECK(PKIX_List_DeleteItem
(node->children,
(listIndex - 1),
plContext),
PKIX_LISTDELETEITEMFAILED);
}
PKIX_DECREF(candidate);
}
}
/* Prune if this node has *become* childless */
PKIX_CHECK(PKIX_List_GetLength
(node->children, &listSize, plContext),
PKIX_LISTGETLENGTHFAILED);
if (listSize == 0) {
childless = PKIX_TRUE;
}
/*
* Even if we did not change this node, or any of its children,
* maybe a [great-]*grandchild was pruned.
*/
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)node, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
*pDelete = childless;
PKIX_DECREF(candidate);
PKIX_RETURN(CERTPOLICYNODE);
}
/*
* FUNCTION: PKIX_List_DeleteItem (see comments in pkix_util.h)
*/
PKIX_Error *
PKIX_List_DeleteItem(
PKIX_List *list,
PKIX_UInt32 index,
void *plContext)
{
PKIX_List *element = NULL;
PKIX_List *prevElement = NULL;
PKIX_List *nextElement = NULL;
PKIX_ENTER(LIST, "PKIX_List_DeleteItem");
PKIX_NULLCHECK_ONE(list);
if (list->immutable){
PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
}
if (!list->isHeader){
PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
}
PKIX_CHECK(pkix_List_GetElement(list, index, &element, plContext),
PKIX_LISTGETELEMENTFAILED);
/* DecRef old contents */
PKIX_DECREF(element->item);
nextElement = element->next;
if (nextElement != NULL) {
/* If the next element exists, splice it out. */
/* Don't need to change ref counts for targets of next */
element->item = nextElement->item;
nextElement->item = NULL;
/* Don't need to change ref counts for targets of next */
element->next = nextElement->next;
nextElement->next = NULL;
PKIX_DECREF(nextElement);
} else { /* The element is at the tail of the list */
if (index != 0) {
PKIX_CHECK(pkix_List_GetElement
(list, index-1, &prevElement, plContext),
PKIX_LISTGETELEMENTFAILED);
} else if (index == 0){ /* prevElement must be header */
prevElement = list;
}
prevElement->next = NULL;
/* Delete the element */
PKIX_DECREF(element);
}
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)list, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
list->length = list->length - 1;
cleanup:
PKIX_RETURN(LIST);
}
/*
* FUNCTION: pkix_VerifyNode_AddToChain
* DESCRIPTION:
*
* Adds the VerifyNode pointed to by "child", at the appropriate depth, to the
* List of children of the VerifyNode pointed to by "parentNode". The chain of
* VerifyNodes is traversed until a VerifyNode is found at a depth one less
* than that specified in "child". An Error is returned if there is no parent
* at a suitable depth.
*
* If "parentNode" has a NULL pointer for the List of children, a new List is
* created containing "child". Otherwise "child" is appended to the existing
* List.
*
* Depth, in this context, means distance from the root node, which
* is at depth zero.
*
* PARAMETERS:
* "parentNode"
* Address of VerifyNode whose List of child VerifyNodes is to be
* created or appended to. Must be non-NULL.
* "child"
* Address of VerifyNode to be added to parentNode's List. Must be
* non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a VerifyNode Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_VerifyNode_AddToChain(
PKIX_VerifyNode *parentNode,
PKIX_VerifyNode *child,
void *plContext)
{
PKIX_VerifyNode *successor = NULL;
PKIX_List *listOfChildren = NULL;
PKIX_UInt32 numChildren = 0;
PKIX_UInt32 parentDepth = 0;
PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_AddToChain");
PKIX_NULLCHECK_TWO(parentNode, child);
parentDepth = parentNode->depth;
listOfChildren = parentNode->children;
if (listOfChildren == NULL) {
if (parentDepth != (child->depth - 1)) {
PKIX_ERROR(PKIX_NODESMISSINGFROMCHAIN);
}
PKIX_CHECK(PKIX_List_Create(&listOfChildren, plContext),
PKIX_LISTCREATEFAILED);
PKIX_CHECK(PKIX_List_AppendItem
(listOfChildren, (PKIX_PL_Object *)child, plContext),
PKIX_COULDNOTAPPENDCHILDTOPARENTSVERIFYNODELIST);
parentNode->children = listOfChildren;
} else {
/* get number of children */
PKIX_CHECK(PKIX_List_GetLength
(listOfChildren, &numChildren, plContext),
PKIX_LISTGETLENGTHFAILED);
if (numChildren != 1) {
PKIX_ERROR(PKIX_AMBIGUOUSPARENTAGEOFVERIFYNODE);
}
/* successor = listOfChildren[0] */
PKIX_CHECK(PKIX_List_GetItem
(listOfChildren,
0,
(PKIX_PL_Object **)&successor,
plContext),
PKIX_LISTGETITEMFAILED);
PKIX_CHECK(pkix_VerifyNode_AddToChain
(successor, child, plContext),
PKIX_VERIFYNODEADDTOCHAINFAILED);
}
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)parentNode, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_DECREF(successor);
PKIX_RETURN(VERIFYNODE);
}
