/* * FUNCTION: pkix_pl_CRL_CreateToList * DESCRIPTION: * * This function decodes a DER-encoded Certificate Revocation List pointed to * by "derCrlItem", adding the resulting PKIX_PL_CRL, if the decoding was * successful, to the List (possibly empty) pointed to by "crlList". * * PARAMETERS: * "derCrlItem" * The address of the SECItem containing the DER-encoded Certificate * Revocation List. Must be non-NULL. * "crlList" * The address of the List to which the decoded CRL is added. May be * empty, but must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a CertStore Error if the function fails in a non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ PKIX_Error * pkix_pl_CRL_CreateToList( SECItem *derCrlItem, PKIX_List *crlList, void *plContext) { CERTSignedCrl *nssCrl = NULL; PKIX_PL_CRL *crl = NULL; PKIX_ENTER(CRL, "pkix_pl_CRL_CreateToList"); PKIX_NULLCHECK_TWO(derCrlItem, crlList); nssCrl = CERT_DecodeDERCrl(NULL, derCrlItem, SEC_CRL_TYPE); if (nssCrl == NULL) { goto cleanup; } PKIX_CHECK(pkix_pl_CRL_CreateWithSignedCRL (nssCrl, &crl, plContext), PKIX_CRLCREATEWITHSIGNEDCRLFAILED); nssCrl = NULL; PKIX_CHECK(PKIX_List_AppendItem (crlList, (PKIX_PL_Object *) crl, plContext), PKIX_LISTAPPENDITEMFAILED); cleanup: if (nssCrl) { SEC_DestroyCrl(nssCrl); } PKIX_DECREF(crl); PKIX_RETURN(CRL); }
static SECStatus pk11_CollectCrls(PK11SlotInfo *slot, CK_OBJECT_HANDLE crlID, void *arg) { SECItem derCrl; CERTCrlHeadNode *head = (CERTCrlHeadNode *) arg; CERTCrlNode *new_node = NULL; CK_ATTRIBUTE fetchCrl[3] = { { CKA_VALUE, NULL, 0}, { CKA_NETSCAPE_KRL, NULL, 0}, { CKA_NETSCAPE_URL, NULL, 0}, }; const int fetchCrlSize = sizeof(fetchCrl)/sizeof(fetchCrl[2]); CK_RV crv; SECStatus rv = SECFailure; crv = PK11_GetAttributes(head->arena,slot,crlID,fetchCrl,fetchCrlSize); if (CKR_OK != crv) { PORT_SetError(PK11_MapError(crv)); goto loser; } if (!fetchCrl[1].pValue) { PORT_SetError(SEC_ERROR_CRL_INVALID); goto loser; } new_node = (CERTCrlNode *)PORT_ArenaAlloc(head->arena, sizeof(CERTCrlNode)); if (new_node == NULL) { goto loser; } if (*((CK_BBOOL *)fetchCrl[1].pValue)) new_node->type = SEC_KRL_TYPE; else new_node->type = SEC_CRL_TYPE; derCrl.type = siBuffer; derCrl.data = (unsigned char *)fetchCrl[0].pValue; derCrl.len = fetchCrl[0].ulValueLen; new_node->crl=CERT_DecodeDERCrl(head->arena,&derCrl,new_node->type); if (new_node->crl == NULL) { goto loser; } if (fetchCrl[2].pValue) { int nnlen = fetchCrl[2].ulValueLen; new_node->crl->url = (char *)PORT_ArenaAlloc(head->arena, nnlen+1); if ( !new_node->crl->url ) { goto loser; } PORT_Memcpy(new_node->crl->url, fetchCrl[2].pValue, nnlen); new_node->crl->url[nnlen] = 0; } else { new_node->crl->url = NULL; } new_node->next = NULL; if (head->last) { head->last->next = new_node; head->last = new_node; } else { head->first = head->last = new_node; } rv = SECSuccess; loser: return(rv); }
/* * FUNCTION: PKIX_PL_CRL_Create (see comments in pkix_pl_pki.h) */ PKIX_Error * PKIX_PL_CRL_Create( PKIX_PL_ByteArray *byteArray, PKIX_PL_CRL **pCrl, void *plContext) { CERTSignedCrl *nssSignedCrl = NULL; SECItem *derCrlItem = NULL; void *derBytes = NULL; PKIX_UInt32 derLength; PKIX_PL_CRL *crl = NULL; PKIX_ENTER(CRL, "PKIX_PL_CRL_Create"); PKIX_NULLCHECK_TWO(byteArray, pCrl); PKIX_CHECK(PKIX_PL_ByteArray_GetLength (byteArray, &derLength, plContext), PKIX_BYTEARRAYGETLENGTHFAILED); if (derLength == 0) { PKIX_ERROR(PKIX_ZEROLENGTHBYTEARRAYFORCRLENCODING); } PKIX_CHECK(PKIX_PL_ByteArray_GetPointer (byteArray, &derBytes, plContext), PKIX_BYTEARRAYGETPOINTERFAILED); PKIX_CRL_DEBUG("\t\tCalling SECITEM_AllocItem\n"); derCrlItem = SECITEM_AllocItem(NULL, NULL, derLength); if (derCrlItem == NULL) { PKIX_ERROR(PKIX_OUTOFMEMORY); } PKIX_CRL_DEBUG("\t\tCalling PORT_Memcpy\n"); (void) PORT_Memcpy(derCrlItem->data, derBytes, derLength); PKIX_CRL_DEBUG("\t\tCalling CERT_DecodeDERCrl\n"); nssSignedCrl = CERT_DecodeDERCrl(NULL, derCrlItem, SEC_CRL_TYPE); if (nssSignedCrl == NULL) { PKIX_ERROR(PKIX_CERTDECODEDERCRLFAILED); } PKIX_CHECK(pkix_pl_CRL_CreateWithSignedCRL (nssSignedCrl, &crl, plContext), PKIX_CRLCREATEWITHSIGNEDCRLFAILED); *pCrl = crl; cleanup: if (derCrlItem != NULL) { PKIX_CRL_DEBUG("\t\tCalling SECITEM_FreeItem\n"); SECITEM_FreeItem(derCrlItem, PKIX_TRUE); derCrlItem = NULL; } if (PKIX_ERROR_RECEIVED) { if (nssSignedCrl != NULL) { PKIX_CRL_DEBUG("\t\tCalling CERT_DestroyCrl\n"); CERT_DestroyCrl(nssSignedCrl); nssSignedCrl = NULL; } PKIX_DECREF(crl); } PKIX_FREE(derBytes); PKIX_RETURN(CRL); }