/* * FUNCTION: PKIX_ProcessingParams_SetInitialPolicies * (see comments in pkix_params.h) */ PKIX_Error * PKIX_ProcessingParams_SetInitialPolicies( PKIX_ProcessingParams *params, PKIX_List *initPolicies, /* list of PKIX_PL_OID */ void *plContext) { PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetInitialPolicies"); PKIX_NULLCHECK_ONE(params); PKIX_DECREF(params->initialPolicies); PKIX_INCREF(initPolicies); params->initialPolicies = initPolicies; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: if (PKIX_ERROR_RECEIVED && params) { PKIX_DECREF(params->initialPolicies); } PKIX_RETURN(PROCESSINGPARAMS); }
/* * FUNCTION: PKIX_ProcessingParams_SetTargetCertConstraints * (see comments in pkix_params.h) */ PKIX_Error * PKIX_ProcessingParams_SetTargetCertConstraints( PKIX_ProcessingParams *params, PKIX_CertSelector *constraints, void *plContext) { PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetTargetCertConstraints"); PKIX_NULLCHECK_ONE(params); PKIX_DECREF(params->constraints); PKIX_INCREF(constraints); params->constraints = constraints; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: if (PKIX_ERROR_RECEIVED && params) { PKIX_DECREF(params->constraints); } PKIX_RETURN(PROCESSINGPARAMS); }
/* * FUNCTION: PKIX_ProcessingParams_GetInitialPolicies * (see comments in pkix_params.h) */ PKIX_Error * PKIX_ProcessingParams_GetInitialPolicies( PKIX_ProcessingParams *params, PKIX_List **pInitPolicies, /* list of PKIX_PL_OID */ void *plContext) { PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetInitialPolicies"); PKIX_NULLCHECK_TWO(params, pInitPolicies); if (params->initialPolicies == NULL) { PKIX_CHECK(PKIX_List_Create (¶ms->initialPolicies, plContext), PKIX_UNABLETOCREATELIST); PKIX_CHECK(PKIX_List_SetImmutable (params->initialPolicies, plContext), PKIX_UNABLETOMAKELISTIMMUTABLE); PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); } PKIX_INCREF(params->initialPolicies); *pInitPolicies = params->initialPolicies; cleanup: PKIX_RETURN(PROCESSINGPARAMS); }
/* * FUNCTION: PKIX_ProcessingParams_SetDate (see comments in pkix_params.h) */ PKIX_Error * PKIX_ProcessingParams_SetDate( PKIX_ProcessingParams *params, PKIX_PL_Date *date, void *plContext) { PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetDate"); PKIX_NULLCHECK_ONE(params); PKIX_DECREF(params->date); PKIX_INCREF(date); params->date = date; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: if (PKIX_ERROR_RECEIVED && params) { PKIX_DECREF(params->date); } PKIX_RETURN(PROCESSINGPARAMS); }
/* * FUNCTION: PKIX_ComCertSelParams_AddPathToName * (see comments in pkix_certsel.h) */ PKIX_Error * PKIX_ComCertSelParams_AddPathToName( PKIX_ComCertSelParams *params, PKIX_PL_GeneralName *name, void *plContext) { PKIX_List *pathToNamesList = NULL; PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_AddPathToName"); PKIX_NULLCHECK_ONE(params); if (name == NULL) { goto cleanup; } if (params->pathToNames == NULL) { /* Create a list for name item */ PKIX_CHECK(PKIX_List_Create(&pathToNamesList, plContext), PKIX_LISTCREATEFAILED); params->pathToNames = pathToNamesList; } PKIX_CHECK(PKIX_List_AppendItem (params->pathToNames, (PKIX_PL_Object *)name, plContext), PKIX_LISTAPPENDITEMFAILED); PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: PKIX_RETURN(COMCERTSELPARAMS); }
/* * FUNCTION: PKIX_ProcessingParams_AddCertStore * (see comments in pkix_params.h) */ PKIX_Error * PKIX_ProcessingParams_AddCertStore( PKIX_ProcessingParams *params, PKIX_CertStore *store, void *plContext) { PKIX_List *certStores = NULL; PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_AddCertStore"); PKIX_NULLCHECK_TWO(params, store); PKIX_CHECK(PKIX_ProcessingParams_GetCertStores (params, &certStores, plContext), PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED); PKIX_CHECK(PKIX_List_AppendItem (certStores, (PKIX_PL_Object *)store, plContext), PKIX_LISTAPPENDITEMFAILED); PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: PKIX_DECREF(certStores); PKIX_RETURN(PROCESSINGPARAMS); }
/* * FUNCTION: PKIX_ProcessingParams_SetRevocationCheckers * (see comments in pkix_params.h) */ PKIX_Error * PKIX_ProcessingParams_SetRevocationCheckers( PKIX_ProcessingParams *params, PKIX_List *checkers, /* list of PKIX_RevocationChecker */ void *plContext) { PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetRevocationCheckers"); PKIX_NULLCHECK_ONE(params); PKIX_DECREF(params->revCheckers); PKIX_INCREF(checkers); params->revCheckers = checkers; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: if (PKIX_ERROR_RECEIVED && params) { PKIX_DECREF(params->revCheckers); } PKIX_RETURN(PROCESSINGPARAMS); }
/* * FUNCTION: pkix_PolicyNode_AddToParent * DESCRIPTION: * * Adds the PolicyNode pointed to by "child" to the List of children of * the PolicyNode pointed to by "parentNode". If "parentNode" had a * NULL pointer for the List of children, a new List is created containing * "child". Otherwise "child" is appended to the existing List. The * parent field in "child" is set to "parent", and the depth field is * set to one more than the corresponding value in "parent". * * Depth, in this context, means distance from the root node, which * is at depth zero. * * PARAMETERS: * "parentNode" * Address of PolicyNode whose List of child PolicyNodes is to be * created or appended to. Must be non-NULL. * "child" * Address of PolicyNode to be added to parentNode's List. Must be * non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a PolicyNode Error if the function fails in a non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ PKIX_Error * pkix_PolicyNode_AddToParent( PKIX_PolicyNode *parentNode, PKIX_PolicyNode *child, void *plContext) { PKIX_List *listOfChildren = NULL; PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_AddToParent"); PKIX_NULLCHECK_TWO(parentNode, child); listOfChildren = parentNode->children; if (listOfChildren == NULL) { PKIX_CHECK(PKIX_List_Create(&listOfChildren, plContext), PKIX_LISTCREATEFAILED); parentNode->children = listOfChildren; } /* * Note: this link is not reference-counted. The link from parent * to child is counted (actually, the parent "owns" a List which * "owns" children), but the children do not "own" the parent. * Otherwise, there would be loops. */ child->parent = parentNode; child->depth = 1 + (parentNode->depth); PKIX_CHECK(PKIX_List_AppendItem (listOfChildren, (PKIX_PL_Object *)child, plContext), PKIX_COULDNOTAPPENDCHILDTOPARENTSPOLICYNODELIST); PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)parentNode, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)child, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: PKIX_RETURN(CERTPOLICYNODE); }
/* * FUNCTION: PKIX_List_InsertItem (see comments in pkix_util.h) */ PKIX_Error * PKIX_List_InsertItem( PKIX_List *list, PKIX_UInt32 index, PKIX_PL_Object *item, void *plContext) { PKIX_List *element = NULL; PKIX_List *newElem = NULL; PKIX_ENTER(LIST, "PKIX_List_InsertItem"); PKIX_NULLCHECK_ONE(list); if (list->immutable){ PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST); } if (!list->isHeader){ PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER); } /* Create a new list object */ PKIX_CHECK(pkix_List_Create_Internal(PKIX_FALSE, &newElem, plContext), PKIX_LISTCREATEINTERNALFAILED); if (list->length) { PKIX_CHECK(pkix_List_GetElement(list, index, &element, plContext), PKIX_LISTGETELEMENTFAILED); /* Copy the old element's contents into the new element */ newElem->item = element->item; /* Add new item to the list */ PKIX_INCREF(item); element->item = item; /* Set the new element's next pointer to the old element's next */ newElem->next = element->next; /* Set the old element's next pointer to the new element */ element->next = newElem; newElem = NULL; } else { PKIX_INCREF(item); newElem->item = item; newElem->next = NULL; list->next = newElem; newElem = NULL; } list->length++; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)list, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: PKIX_DECREF(newElem); PKIX_RETURN(LIST); }
/* * FUNCTION: PKIX_List_AppendItem (see comments in pkix_util.h) */ PKIX_Error * PKIX_List_AppendItem( PKIX_List *list, PKIX_PL_Object *item, void *plContext) { PKIX_List *lastElement = NULL; PKIX_List *newElement = NULL; PKIX_UInt32 length, i; PKIX_ENTER(LIST, "PKIX_List_AppendItem"); PKIX_NULLCHECK_ONE(list); if (list->immutable){ PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST); } if (!list->isHeader){ PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER); } length = list->length; /* find last element of list and create new element there */ lastElement = list; for (i = 0; i < length; i++){ lastElement = lastElement->next; } PKIX_CHECK(pkix_List_Create_Internal (PKIX_FALSE, &newElement, plContext), PKIX_LISTCREATEINTERNALFAILED); PKIX_INCREF(item); newElement->item = item; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)list, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); lastElement->next = newElement; newElement = NULL; list->length += 1; cleanup: PKIX_DECREF(newElement); PKIX_RETURN(LIST); }
/* * FUNCTION: PKIX_ComCertSelParams_SetVersion * (see comments in pkix_certsel.h) */ PKIX_Error * PKIX_ComCertSelParams_SetVersion( PKIX_ComCertSelParams *params, PKIX_Int32 version, void *plContext) { PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetVersion"); PKIX_NULLCHECK_ONE(params); params->version = version; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: PKIX_RETURN(COMCERTSELPARAMS); }
/* * FUNCTION: PKIX_ComCertSelParams_SetLeafCertFlag * (see comments in pkix_certsel.h) */ PKIX_Error * PKIX_ComCertSelParams_SetLeafCertFlag( PKIX_ComCertSelParams *params, PKIX_Boolean leafFlag, void *plContext) { PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetLeafCertFlag"); PKIX_NULLCHECK_ONE(params); params->leafCertFlag = leafFlag; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: PKIX_RETURN(COMCERTSELPARAMS); }
/* * FUNCTION: PKIX_ComCertSelParams_SetCertificate * (see comments in pkix_certsel.h) */ PKIX_Error * PKIX_ComCertSelParams_SetCertificate( PKIX_ComCertSelParams *params, PKIX_PL_Cert *cert, void *plContext) { PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetCertificate"); PKIX_NULLCHECK_ONE(params); PKIX_DECREF(params->cert); PKIX_INCREF(cert); params->cert = cert; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: PKIX_RETURN(COMCERTSELPARAMS); }
/* * FUNCTION: PKIX_ComCertSelParams_SetPolicy (see comments in pkix_certsel.h) */ PKIX_Error * PKIX_ComCertSelParams_SetPolicy( PKIX_ComCertSelParams *params, PKIX_List *policy, /* List of PKIX_PL_OID */ void *plContext) { PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetPolicy"); PKIX_NULLCHECK_ONE(params); PKIX_DECREF(params->policies); PKIX_INCREF(policy); params->policies = policy; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: PKIX_RETURN(COMCERTSELPARAMS); }
/* * FUNCTION: PKIX_ComCertSelParams_SetBasicConstraints * (see comments in pkix_certsel.h) */ PKIX_Error * PKIX_ComCertSelParams_SetBasicConstraints( PKIX_ComCertSelParams *params, PKIX_Int32 minPathLength, void *plContext) { PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetBasicConstraints"); PKIX_NULLCHECK_ONE(params); params->minPathLength = minPathLength; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: PKIX_RETURN(COMCERTSELPARAMS); }
/* * FUNCTION: PKIX_ProcessingParams_SetPolicyQualifiersRejected * (see comments in pkix_params.h) */ PKIX_Error * PKIX_ProcessingParams_SetPolicyQualifiersRejected( PKIX_ProcessingParams *params, PKIX_Boolean rejected, void *plContext) { PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetPolicyQualifiersRejected"); PKIX_NULLCHECK_ONE(params); params->qualifiersRejected = rejected; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: PKIX_RETURN(PROCESSINGPARAMS); }
/* * FUNCTION: PKIX_ProcessingParams_SetNISTRevocationPolicyEnabled * (see comments in pkix_params.h) */ PKIX_Error * PKIX_ProcessingParams_SetNISTRevocationPolicyEnabled( PKIX_ProcessingParams *params, PKIX_Boolean enabled, void *plContext) { PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetNISTRevocationPolicyEnabled"); PKIX_NULLCHECK_ONE(params); params->isCrlRevocationCheckingEnabledWithNISTPolicy = enabled; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: PKIX_RETURN(PROCESSINGPARAMS); }
/* * FUNCTION: PKIX_ComCertSelParams_SetSerialNumber * (see comments in pkix_certsel.h) */ PKIX_Error * PKIX_ComCertSelParams_SetSerialNumber( PKIX_ComCertSelParams *params, PKIX_PL_BigInt *serialNumber, void *plContext) { PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetSerialNumber"); PKIX_NULLCHECK_ONE(params); PKIX_DECREF(params->serialNumber); PKIX_INCREF(serialNumber); params->serialNumber = serialNumber; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: PKIX_RETURN(COMCERTSELPARAMS); }
/* * FUNCTION: PKIX_ComCertSelParams_SetNameConstraints * (see comments in pkix_certsel.h) */ PKIX_Error * PKIX_ComCertSelParams_SetNameConstraints( PKIX_ComCertSelParams *params, PKIX_PL_CertNameConstraints *nameConstraints, void *plContext) { PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetNameConstraints"); PKIX_NULLCHECK_ONE(params); PKIX_DECREF(params->nameConstraints); PKIX_INCREF(nameConstraints); params->nameConstraints = nameConstraints; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: PKIX_RETURN(COMCERTSELPARAMS); }
/* * FUNCTION: PKIX_ComCertSelParams_SetSubjPKAlgId * (see comments in pkix_certsel.h) */ PKIX_Error * PKIX_ComCertSelParams_SetSubjPKAlgId( PKIX_ComCertSelParams *params, PKIX_PL_OID *algId, void *plContext) { PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetSubjPKAlgId"); PKIX_NULLCHECK_ONE(params); PKIX_DECREF(params->subjPKAlgId); PKIX_INCREF(algId); params->subjPKAlgId = algId; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: PKIX_RETURN(COMCERTSELPARAMS); }
/* * FUNCTION: PKIX_ComCertSelParams_SetPathToNames * (see comments in pkix_certsel.h) */ PKIX_Error * PKIX_ComCertSelParams_SetPathToNames( PKIX_ComCertSelParams *params, PKIX_List *names, /* list of PKIX_PL_GeneralName */ void *plContext) { PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetPathToNames"); PKIX_NULLCHECK_ONE(params); PKIX_DECREF(params->pathToNames); PKIX_INCREF(names); params->pathToNames = names; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: PKIX_RETURN(COMCERTSELPARAMS); }
/* * FUNCTION: PKIX_List_SetItem (see comments in pkix_util.h) */ PKIX_Error * PKIX_List_SetItem( PKIX_List *list, PKIX_UInt32 index, PKIX_PL_Object *item, void *plContext) { PKIX_List *element; PKIX_ENTER(LIST, "PKIX_List_SetItem"); PKIX_NULLCHECK_ONE(list); if (list->immutable){ PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST); } if (!list->isHeader){ PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER); } PKIX_CHECK(pkix_List_GetElement(list, index, &element, plContext), PKIX_LISTGETELEMENTFAILED); /* DecRef old contents */ PKIX_DECREF(element->item); /* Set New Contents */ PKIX_INCREF(item); element->item = item; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)list, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: PKIX_RETURN(LIST); }
/* * FUNCTION: PKIX_ProcessingParams_AddCertChainCheckers * (see comments in pkix_params.h) */ PKIX_Error * PKIX_ProcessingParams_AddCertChainChecker( PKIX_ProcessingParams *params, PKIX_CertChainChecker *checker, void *plContext) { PKIX_List *list = NULL; PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_AddCertChainChecker"); PKIX_NULLCHECK_TWO(params, checker); if (params->certChainCheckers == NULL) { PKIX_CHECK(PKIX_List_Create(&list, plContext), PKIX_LISTCREATEFAILED); params->certChainCheckers = list; } PKIX_CHECK(PKIX_List_AppendItem (params->certChainCheckers, (PKIX_PL_Object *)checker, plContext), PKIX_LISTAPPENDITEMFAILED); PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); list = NULL; cleanup: if (list && params) { PKIX_DECREF(params->certChainCheckers); } PKIX_RETURN(PROCESSINGPARAMS); }
/* * FUNCTION: PKIX_ComCertSelParams_SetAuthorityKeyIdentifier * (see comments in pkix_certsel.h) */ PKIX_Error * PKIX_ComCertSelParams_SetAuthorityKeyIdentifier( PKIX_ComCertSelParams *params, PKIX_PL_ByteArray *authKeyId, void *plContext) { PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetAuthKeyIdentifier"); PKIX_NULLCHECK_ONE(params); PKIX_DECREF(params->authKeyId); PKIX_INCREF(authKeyId); params->authKeyId = authKeyId; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: PKIX_RETURN(COMCERTSELPARAMS); }
/* * FUNCTION: PKIX_ComCertSelParams_SetSubject (see comments in pkix_certsel.h) */ PKIX_Error * PKIX_ComCertSelParams_SetSubject( PKIX_ComCertSelParams *params, PKIX_PL_X500Name *subject, void *plContext) { PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetSubject"); PKIX_NULLCHECK_ONE(params); PKIX_DECREF(params->subject); PKIX_INCREF(subject); params->subject = subject; PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)params, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: PKIX_RETURN(COMCERTSELPARAMS); }
/* * FUNCTION: pkix_PolicyNode_Prune * DESCRIPTION: * * Prunes a tree below the PolicyNode whose address is pointed to by "node", * using the UInt32 value of "height" as the distance from the leaf level, * and storing at "pDelete" the Boolean value of whether this PolicyNode is, * after pruning, childless and should be pruned. * * Any PolicyNode at height 0 is allowed to survive. If the height is greater * than zero, pkix_PolicyNode_Prune is called recursively for each child of * the current PolicyNode. After this process, a node with no children * stores PKIX_TRUE in "pDelete" to indicate that it should be deleted. * * PARAMETERS: * "node" * Address of the PolicyNode to be pruned. Must be non-NULL. * "height" * UInt32 value for the distance from the leaf level * "pDelete" * Address to store the Boolean return value of PKIX_TRUE if this node * should be pruned, or PKIX_FALSE if there remains at least one * branch of the required height. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a PolicyNode Error if the function fails in a non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ PKIX_Error * pkix_PolicyNode_Prune( PKIX_PolicyNode *node, PKIX_UInt32 height, PKIX_Boolean *pDelete, void *plContext) { PKIX_Boolean childless = PKIX_FALSE; PKIX_Boolean shouldBePruned = PKIX_FALSE; PKIX_UInt32 listSize = 0; PKIX_UInt32 listIndex = 0; PKIX_PolicyNode *candidate = NULL; PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Prune"); PKIX_NULLCHECK_TWO(node, pDelete); /* Don't prune at the leaf */ if (height == 0) { goto cleanup; } /* Above the bottom level, childless nodes get pruned */ if (!(node->children)) { childless = PKIX_TRUE; goto cleanup; } /* * This node has children. If they are leaf nodes, * we know they will live. Otherwise, check them out. */ if (height > 1) { PKIX_CHECK(PKIX_List_GetLength (node->children, &listSize, plContext), PKIX_LISTGETLENGTHFAILED); /* * By working backwards from the end of the list, * we avoid having to worry about possible * decreases in the size of the list, as we * delete items. The only nuisance is that since the * index is UInt32, we can't check for it to reach -1; * we have to use the 1-based index, rather than the * 0-based index that PKIX_List functions require. */ for (listIndex = listSize; listIndex > 0; listIndex--) { PKIX_CHECK(PKIX_List_GetItem (node->children, (listIndex - 1), (PKIX_PL_Object **)&candidate, plContext), PKIX_LISTGETITEMFAILED); PKIX_CHECK(pkix_PolicyNode_Prune (candidate, height - 1, &shouldBePruned, plContext), PKIX_POLICYNODEPRUNEFAILED); if (shouldBePruned == PKIX_TRUE) { PKIX_CHECK(PKIX_List_DeleteItem (node->children, (listIndex - 1), plContext), PKIX_LISTDELETEITEMFAILED); } PKIX_DECREF(candidate); } } /* Prune if this node has *become* childless */ PKIX_CHECK(PKIX_List_GetLength (node->children, &listSize, plContext), PKIX_LISTGETLENGTHFAILED); if (listSize == 0) { childless = PKIX_TRUE; } /* * Even if we did not change this node, or any of its children, * maybe a [great-]*grandchild was pruned. */ PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)node, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: *pDelete = childless; PKIX_DECREF(candidate); PKIX_RETURN(CERTPOLICYNODE); }
/* * FUNCTION: PKIX_List_DeleteItem (see comments in pkix_util.h) */ PKIX_Error * PKIX_List_DeleteItem( PKIX_List *list, PKIX_UInt32 index, void *plContext) { PKIX_List *element = NULL; PKIX_List *prevElement = NULL; PKIX_List *nextElement = NULL; PKIX_ENTER(LIST, "PKIX_List_DeleteItem"); PKIX_NULLCHECK_ONE(list); if (list->immutable){ PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST); } if (!list->isHeader){ PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER); } PKIX_CHECK(pkix_List_GetElement(list, index, &element, plContext), PKIX_LISTGETELEMENTFAILED); /* DecRef old contents */ PKIX_DECREF(element->item); nextElement = element->next; if (nextElement != NULL) { /* If the next element exists, splice it out. */ /* Don't need to change ref counts for targets of next */ element->item = nextElement->item; nextElement->item = NULL; /* Don't need to change ref counts for targets of next */ element->next = nextElement->next; nextElement->next = NULL; PKIX_DECREF(nextElement); } else { /* The element is at the tail of the list */ if (index != 0) { PKIX_CHECK(pkix_List_GetElement (list, index-1, &prevElement, plContext), PKIX_LISTGETELEMENTFAILED); } else if (index == 0){ /* prevElement must be header */ prevElement = list; } prevElement->next = NULL; /* Delete the element */ PKIX_DECREF(element); } PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)list, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); list->length = list->length - 1; cleanup: PKIX_RETURN(LIST); }
/* * FUNCTION: pkix_VerifyNode_AddToChain * DESCRIPTION: * * Adds the VerifyNode pointed to by "child", at the appropriate depth, to the * List of children of the VerifyNode pointed to by "parentNode". The chain of * VerifyNodes is traversed until a VerifyNode is found at a depth one less * than that specified in "child". An Error is returned if there is no parent * at a suitable depth. * * If "parentNode" has a NULL pointer for the List of children, a new List is * created containing "child". Otherwise "child" is appended to the existing * List. * * Depth, in this context, means distance from the root node, which * is at depth zero. * * PARAMETERS: * "parentNode" * Address of VerifyNode whose List of child VerifyNodes is to be * created or appended to. Must be non-NULL. * "child" * Address of VerifyNode to be added to parentNode's List. Must be * non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a VerifyNode Error if the function fails in a non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ PKIX_Error * pkix_VerifyNode_AddToChain( PKIX_VerifyNode *parentNode, PKIX_VerifyNode *child, void *plContext) { PKIX_VerifyNode *successor = NULL; PKIX_List *listOfChildren = NULL; PKIX_UInt32 numChildren = 0; PKIX_UInt32 parentDepth = 0; PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_AddToChain"); PKIX_NULLCHECK_TWO(parentNode, child); parentDepth = parentNode->depth; listOfChildren = parentNode->children; if (listOfChildren == NULL) { if (parentDepth != (child->depth - 1)) { PKIX_ERROR(PKIX_NODESMISSINGFROMCHAIN); } PKIX_CHECK(PKIX_List_Create(&listOfChildren, plContext), PKIX_LISTCREATEFAILED); PKIX_CHECK(PKIX_List_AppendItem (listOfChildren, (PKIX_PL_Object *)child, plContext), PKIX_COULDNOTAPPENDCHILDTOPARENTSVERIFYNODELIST); parentNode->children = listOfChildren; } else { /* get number of children */ PKIX_CHECK(PKIX_List_GetLength (listOfChildren, &numChildren, plContext), PKIX_LISTGETLENGTHFAILED); if (numChildren != 1) { PKIX_ERROR(PKIX_AMBIGUOUSPARENTAGEOFVERIFYNODE); } /* successor = listOfChildren[0] */ PKIX_CHECK(PKIX_List_GetItem (listOfChildren, 0, (PKIX_PL_Object **)&successor, plContext), PKIX_LISTGETITEMFAILED); PKIX_CHECK(pkix_VerifyNode_AddToChain (successor, child, plContext), PKIX_VERIFYNODEADDTOCHAINFAILED); } PKIX_CHECK(PKIX_PL_Object_InvalidateCache ((PKIX_PL_Object *)parentNode, plContext), PKIX_OBJECTINVALIDATECACHEFAILED); cleanup: PKIX_DECREF(successor); PKIX_RETURN(VERIFYNODE); }