/*
* FUNCTION: pkix_pl_CRL_GetSignatureAlgId
*
* DESCRIPTION:
* Retrieves a pointer to the OID that represents the signature algorithm of
* the CRL pointed to by "crl" and stores it at "pSignatureAlgId".
*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL }
*
* PARAMETERS:
* "crl"
* Address of CRL whose signature algorithm OID is to be stored.
* Must be non-NULL.
* "pSignatureAlgId"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRL Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_CRL_GetSignatureAlgId(
PKIX_PL_CRL *crl,
PKIX_PL_OID **pSignatureAlgId,
void *plContext)
{
CERTCrl *nssCrl = NULL;
PKIX_PL_OID *signatureAlgId = NULL;
SECAlgorithmID algorithm;
SECItem algBytes;
char *asciiOID = NULL;
PKIX_ENTER(CRL, "pkix_pl_CRL_GetSignatureAlgId");
PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pSignatureAlgId);
/* if we don't have a cached copy from before, we create one */
if (crl->signatureAlgId == NULL) {
PKIX_OBJECT_LOCK(crl);
if (crl->signatureAlgId == NULL) {
nssCrl = &(crl->nssSignedCrl->crl);
algorithm = nssCrl->signatureAlg;
algBytes = algorithm.algorithm;
PKIX_NULLCHECK_ONE(algBytes.data);
if (algBytes.len == 0) {
PKIX_ERROR_FATAL(PKIX_OIDBYTESLENGTH0);
}
PKIX_CHECK(pkix_pl_oidBytes2Ascii
(&algBytes, &asciiOID, plContext),
PKIX_OIDBYTES2ASCIIFAILED);
PKIX_CHECK(PKIX_PL_OID_Create
(asciiOID, &signatureAlgId, plContext),
PKIX_OIDCREATEFAILED);
/* save a cached copy in case it is asked for again */
crl->signatureAlgId = signatureAlgId;
}
PKIX_OBJECT_UNLOCK(crl);
}
PKIX_INCREF(crl->signatureAlgId);
*pSignatureAlgId = crl->signatureAlgId;
cleanup:
PKIX_FREE(asciiOID);
PKIX_RETURN(CRL);
}
/*
* FUNCTION: pkix_pl_CollectionCertStore_GetCRL
* DESCRIPTION:
*
* Retrieve CRL's in a list of PKIX_PL_CRL object.
*
* PARAMETERS:
* "colCertStoreContext"
* The object CertStore is passed in by checker call.
* "crlSelector"
* CRLSelector specifies criteria for chosing CRL's
* "pNBIOContext"
* Address where platform-dependent information is returned for CertStores
* that use non-blocking I/O. Must be non-NULL.
* "pCrlList"
* Address where object pointer will be returned. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertStore Error if the function fails in
* a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_pl_CollectionCertStore_GetCRL(
PKIX_CertStore *certStore,
PKIX_CRLSelector *selector,
void **pNBIOContext,
PKIX_List **pCrlList,
void *plContext)
{
PKIX_PL_CollectionCertStoreContext *colCertStoreContext = NULL;
PKIX_List *selectCrl = NULL;
PKIX_ENTER(CERTSTORE, "pkix_pl_CollectionCertStore_GetCRL");
PKIX_NULLCHECK_FOUR(certStore, selector, pNBIOContext, pCrlList);
*pNBIOContext = NULL; /* We don't use non-blocking I/O */
PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
(certStore,
(PKIX_PL_Object **) &colCertStoreContext,
plContext),
PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
if (colCertStoreContext->crlList == NULL) {
PKIX_OBJECT_LOCK(colCertStoreContext);
/*
* CRLs in the directory are cached based on the
* assumption that the directory contents won't be
* changed dynamically.
*/
if (colCertStoreContext->crlList == NULL){
PKIX_CHECK(pkix_pl_CollectionCertStoreContext_PopulateCRL
(colCertStoreContext, plContext),
PKIX_COLLECTIONCERTSTORECONTEXTPOPULATECRLFAILED);
}
PKIX_OBJECT_UNLOCK(colCertStoreContext);
}
PKIX_CHECK(pkix_pl_CollectionCertStoreContext_GetSelectedCRL
(colCertStoreContext->crlList,
selector,
&selectCrl,
plContext),
PKIX_COLLECTIONCERTSTORECONTEXTGETSELECTCRLFAILED);
*pCrlList = selectCrl;
cleanup:
PKIX_OBJECT_UNLOCK(lockedObject);
PKIX_DECREF(colCertStoreContext);
PKIX_RETURN(CERTSTORE);
}
/*
* FUNCTION: PKIX_PL_CRL_GetIssuer (see comments in pkix_pl_pki.h)
*/
PKIX_Error *
PKIX_PL_CRL_GetIssuer(
PKIX_PL_CRL *crl,
PKIX_PL_X500Name **pCRLIssuer,
void *plContext)
{
PKIX_PL_String *crlString = NULL;
PKIX_PL_X500Name *issuer = NULL;
SECItem *derIssuerName = NULL;
CERTName *issuerName = NULL;
PKIX_ENTER(CRL, "PKIX_PL_CRL_GetIssuer");
PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pCRLIssuer);
/* Can call this function only with der been adopted. */
PORT_Assert(crl->adoptedDerCrl);
/* if we don't have a cached copy from before, we create one */
if (crl->issuer == NULL){
PKIX_OBJECT_LOCK(crl);
if (crl->issuer == NULL) {
issuerName = &crl->nssSignedCrl->crl.name;
derIssuerName = &crl->nssSignedCrl->crl.derName;
PKIX_CHECK(
PKIX_PL_X500Name_CreateFromCERTName(derIssuerName,
issuerName,
&issuer,
plContext),
PKIX_X500NAMECREATEFROMCERTNAMEFAILED);
/* save a cached copy in case it is asked for again */
crl->issuer = issuer;
}
PKIX_OBJECT_UNLOCK(crl);
}
PKIX_INCREF(crl->issuer);
*pCRLIssuer = crl->issuer;
cleanup:
PKIX_DECREF(crlString);
PKIX_RETURN(CRL);
}
/*
* FUNCTION: PKIX_PL_CRL_GetCriticalExtensionOIDs
* (see comments in pkix_pl_pki.h)
*/
PKIX_Error *
PKIX_PL_CRL_GetCriticalExtensionOIDs(
PKIX_PL_CRL *crl,
PKIX_List **pExtensions, /* list of PKIX_PL_OID */
void *plContext)
{
PKIX_List *oidsList = NULL;
CERTCertExtension **extensions = NULL;
CERTCrl *nssSignedCrl = NULL;
PKIX_ENTER(CRL, "PKIX_PL_CRL_GetCriticalExtensionOIDs");
PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pExtensions);
/* Can call this function only with der been adopted. */
PORT_Assert(crl->adoptedDerCrl);
/* if we don't have a cached copy from before, we create one */
if (crl->critExtOids == NULL) {
PKIX_OBJECT_LOCK(crl);
nssSignedCrl = &(crl->nssSignedCrl->crl);
extensions = nssSignedCrl->extensions;
if (crl->critExtOids == NULL) {
PKIX_CHECK(pkix_pl_OID_GetCriticalExtensionOIDs
(extensions, &oidsList, plContext),
PKIX_GETCRITICALEXTENSIONOIDSFAILED);
crl->critExtOids = oidsList;
}
PKIX_OBJECT_UNLOCK(crl);
}
/* We should return a copy of the List since this list changes */
PKIX_DUPLICATE(crl->critExtOids, pExtensions, plContext,
PKIX_OBJECTDUPLICATELISTFAILED);
cleanup:
PKIX_RETURN(CRL);
}
/*
* FUNCTION: pkix_pl_CRL_GetCRLEntries
* DESCRIPTION:
*
* Retrieves a pointer to the List of CRLEntries found in the CRL pointed to
* by "crl" and stores it at "pCRLEntries". If there are no CRLEntries,
* this functions stores NULL at "pCRLEntries".
*
* PARAMETERS:
* "crl"
* Address of CRL whose CRL Entries are to be retrieved. Must be non-NULL.
* "pCRLEntries"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRL Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_CRL_GetCRLEntries(
PKIX_PL_CRL *crl,
PKIX_List **pCrlEntries,
void *plContext)
{
PKIX_List *entryList = NULL;
CERTCrl *nssCrl = NULL;
PKIX_ENTER(CRL, "pkix_pl_CRL_GetCRLEntries");
PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pCrlEntries);
/* if we don't have a cached copy from before, we create one */
if (crl->crlEntryList == NULL) {
PKIX_OBJECT_LOCK(crl);
if (crl->crlEntryList == NULL){
nssCrl = &(crl->nssSignedCrl->crl);
PKIX_CHECK(pkix_pl_CRLEntry_Create
(nssCrl->entries, &entryList, plContext),
PKIX_CRLENTRYCREATEFAILED);
PKIX_CHECK(PKIX_List_SetImmutable
(entryList, plContext),
PKIX_LISTSETIMMUTABLEFAILED);
crl->crlEntryList = entryList;
}
PKIX_OBJECT_UNLOCK(crl);
}
PKIX_INCREF(crl->crlEntryList);
*pCrlEntries = crl->crlEntryList;
cleanup:
PKIX_RETURN(CRL);
}
/*
* FUNCTION: pkix_pl_CRL_GetSignatureAlgId
*
* DESCRIPTION:
* Retrieves a pointer to the OID that represents the signature algorithm of
* the CRL pointed to by "crl" and stores it at "pSignatureAlgId".
*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL }
*
* PARAMETERS:
* "crl"
* Address of CRL whose signature algorithm OID is to be stored.
* Must be non-NULL.
* "pSignatureAlgId"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRL Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_CRL_GetSignatureAlgId(
PKIX_PL_CRL *crl,
PKIX_PL_OID **pSignatureAlgId,
void *plContext)
{
PKIX_PL_OID *signatureAlgId = NULL;
PKIX_ENTER(CRL, "pkix_pl_CRL_GetSignatureAlgId");
PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pSignatureAlgId);
/* if we don't have a cached copy from before, we create one */
if (crl->signatureAlgId == NULL){
PKIX_OBJECT_LOCK(crl);
if (crl->signatureAlgId == NULL){
CERTCrl *nssCrl = &(crl->nssSignedCrl->crl);
SECAlgorithmID *algorithm = &nssCrl->signatureAlg;
SECItem *algBytes = &algorithm->algorithm;
if (!algBytes->data || !algBytes->len) {
PKIX_ERROR(PKIX_OIDBYTESLENGTH0);
}
PKIX_CHECK(PKIX_PL_OID_CreateBySECItem
(algBytes, &signatureAlgId, plContext),
PKIX_OIDCREATEFAILED);
/* save a cached copy in case it is asked for again */
crl->signatureAlgId = signatureAlgId;
signatureAlgId = NULL;
}
PKIX_OBJECT_UNLOCK(crl);
}
PKIX_INCREF(crl->signatureAlgId);
*pSignatureAlgId = crl->signatureAlgId;
cleanup:
PKIX_DECREF(signatureAlgId);
PKIX_RETURN(CRL);
}
/*
* FUNCTION: PKIX_PL_CRL_GetCRLNumber (see comments in pkix_pl_pki.h)
*/
PKIX_Error *
PKIX_PL_CRL_GetCRLNumber(
PKIX_PL_CRL *crl,
PKIX_PL_BigInt **pCrlNumber,
void *plContext)
{
PKIX_PL_BigInt *crlNumber = NULL;
SECItem nssCrlNumber;
PLArenaPool *arena = NULL;
SECStatus status;
PKIX_UInt32 length = 0;
char *bytes = NULL;
PKIX_ENTER(CRL, "PKIX_PL_CRL_GetCRLNumber");
PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pCrlNumber);
/* Can call this function only with der been adopted. */
PORT_Assert(crl->adoptedDerCrl);
if (!crl->crlNumberAbsent && crl->crlNumber == NULL) {
PKIX_OBJECT_LOCK(crl);
if (!crl->crlNumberAbsent && crl->crlNumber == NULL) {
nssCrlNumber.type = 0;
nssCrlNumber.len = 0;
nssCrlNumber.data = NULL;
PKIX_CRL_DEBUG("\t\tCalling PORT_NewArena).\n");
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
PKIX_ERROR(PKIX_OUTOFMEMORY);
}
PKIX_CRL_DEBUG("\t\tCalling CERT_FindCRLNumberExten\n");
status = CERT_FindCRLNumberExten
(arena, &crl->nssSignedCrl->crl, &nssCrlNumber);
if (status == SECSuccess) {
/* Get data in bytes then convert to bigint */
length = nssCrlNumber.len;
bytes = (char *)nssCrlNumber.data;
PKIX_CHECK(pkix_pl_BigInt_CreateWithBytes
(bytes, length, &crlNumber, plContext),
PKIX_BIGINTCREATEWITHBYTESFAILED);
/* arena release does the job
PKIX_CRL_DEBUG("\t\tCalling SECITEM_FreeItem\n");
SECITEM_FreeItem(&nssCrlNumber, PKIX_FALSE);
*/
crl->crlNumber = crlNumber;
} else {
crl->crlNumberAbsent = PKIX_TRUE;
}
}
PKIX_OBJECT_UNLOCK(crl);
}
PKIX_INCREF(crl->crlNumber);
*pCrlNumber = crl->crlNumber;
cleanup:
if (arena){
PKIX_CRL_DEBUG("\t\tCalling PORT_FreeArena).\n");
PORT_FreeArena(arena, PR_FALSE);
}
PKIX_RETURN(CRL);
}
