/* * FUNCTION: pkix_pl_CRL_GetSignatureAlgId * * DESCRIPTION: * Retrieves a pointer to the OID that represents the signature algorithm of * the CRL pointed to by "crl" and stores it at "pSignatureAlgId". * * AlgorithmIdentifier ::= SEQUENCE { * algorithm OBJECT IDENTIFIER, * parameters ANY DEFINED BY algorithm OPTIONAL } * * PARAMETERS: * "crl" * Address of CRL whose signature algorithm OID is to be stored. * Must be non-NULL. * "pSignatureAlgId" * Address where object pointer will be stored. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a CRL Error if the function fails in a non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ static PKIX_Error * pkix_pl_CRL_GetSignatureAlgId( PKIX_PL_CRL *crl, PKIX_PL_OID **pSignatureAlgId, void *plContext) { CERTCrl *nssCrl = NULL; PKIX_PL_OID *signatureAlgId = NULL; SECAlgorithmID algorithm; SECItem algBytes; char *asciiOID = NULL; PKIX_ENTER(CRL, "pkix_pl_CRL_GetSignatureAlgId"); PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pSignatureAlgId); /* if we don't have a cached copy from before, we create one */ if (crl->signatureAlgId == NULL) { PKIX_OBJECT_LOCK(crl); if (crl->signatureAlgId == NULL) { nssCrl = &(crl->nssSignedCrl->crl); algorithm = nssCrl->signatureAlg; algBytes = algorithm.algorithm; PKIX_NULLCHECK_ONE(algBytes.data); if (algBytes.len == 0) { PKIX_ERROR_FATAL(PKIX_OIDBYTESLENGTH0); } PKIX_CHECK(pkix_pl_oidBytes2Ascii (&algBytes, &asciiOID, plContext), PKIX_OIDBYTES2ASCIIFAILED); PKIX_CHECK(PKIX_PL_OID_Create (asciiOID, &signatureAlgId, plContext), PKIX_OIDCREATEFAILED); /* save a cached copy in case it is asked for again */ crl->signatureAlgId = signatureAlgId; } PKIX_OBJECT_UNLOCK(crl); } PKIX_INCREF(crl->signatureAlgId); *pSignatureAlgId = crl->signatureAlgId; cleanup: PKIX_FREE(asciiOID); PKIX_RETURN(CRL); }
/* * FUNCTION: pkix_pl_CollectionCertStore_GetCRL * DESCRIPTION: * * Retrieve CRL's in a list of PKIX_PL_CRL object. * * PARAMETERS: * "colCertStoreContext" * The object CertStore is passed in by checker call. * "crlSelector" * CRLSelector specifies criteria for chosing CRL's * "pNBIOContext" * Address where platform-dependent information is returned for CertStores * that use non-blocking I/O. Must be non-NULL. * "pCrlList" * Address where object pointer will be returned. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a CertStore Error if the function fails in * a non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ PKIX_Error * pkix_pl_CollectionCertStore_GetCRL( PKIX_CertStore *certStore, PKIX_CRLSelector *selector, void **pNBIOContext, PKIX_List **pCrlList, void *plContext) { PKIX_PL_CollectionCertStoreContext *colCertStoreContext = NULL; PKIX_List *selectCrl = NULL; PKIX_ENTER(CERTSTORE, "pkix_pl_CollectionCertStore_GetCRL"); PKIX_NULLCHECK_FOUR(certStore, selector, pNBIOContext, pCrlList); *pNBIOContext = NULL; /* We don't use non-blocking I/O */ PKIX_CHECK(PKIX_CertStore_GetCertStoreContext (certStore, (PKIX_PL_Object **) &colCertStoreContext, plContext), PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED); if (colCertStoreContext->crlList == NULL) { PKIX_OBJECT_LOCK(colCertStoreContext); /* * CRLs in the directory are cached based on the * assumption that the directory contents won't be * changed dynamically. */ if (colCertStoreContext->crlList == NULL){ PKIX_CHECK(pkix_pl_CollectionCertStoreContext_PopulateCRL (colCertStoreContext, plContext), PKIX_COLLECTIONCERTSTORECONTEXTPOPULATECRLFAILED); } PKIX_OBJECT_UNLOCK(colCertStoreContext); } PKIX_CHECK(pkix_pl_CollectionCertStoreContext_GetSelectedCRL (colCertStoreContext->crlList, selector, &selectCrl, plContext), PKIX_COLLECTIONCERTSTORECONTEXTGETSELECTCRLFAILED); *pCrlList = selectCrl; cleanup: PKIX_OBJECT_UNLOCK(lockedObject); PKIX_DECREF(colCertStoreContext); PKIX_RETURN(CERTSTORE); }
/* * FUNCTION: PKIX_PL_CRL_GetIssuer (see comments in pkix_pl_pki.h) */ PKIX_Error * PKIX_PL_CRL_GetIssuer( PKIX_PL_CRL *crl, PKIX_PL_X500Name **pCRLIssuer, void *plContext) { PKIX_PL_String *crlString = NULL; PKIX_PL_X500Name *issuer = NULL; SECItem *derIssuerName = NULL; CERTName *issuerName = NULL; PKIX_ENTER(CRL, "PKIX_PL_CRL_GetIssuer"); PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pCRLIssuer); /* Can call this function only with der been adopted. */ PORT_Assert(crl->adoptedDerCrl); /* if we don't have a cached copy from before, we create one */ if (crl->issuer == NULL){ PKIX_OBJECT_LOCK(crl); if (crl->issuer == NULL) { issuerName = &crl->nssSignedCrl->crl.name; derIssuerName = &crl->nssSignedCrl->crl.derName; PKIX_CHECK( PKIX_PL_X500Name_CreateFromCERTName(derIssuerName, issuerName, &issuer, plContext), PKIX_X500NAMECREATEFROMCERTNAMEFAILED); /* save a cached copy in case it is asked for again */ crl->issuer = issuer; } PKIX_OBJECT_UNLOCK(crl); } PKIX_INCREF(crl->issuer); *pCRLIssuer = crl->issuer; cleanup: PKIX_DECREF(crlString); PKIX_RETURN(CRL); }
/* * FUNCTION: PKIX_PL_CRL_GetCriticalExtensionOIDs * (see comments in pkix_pl_pki.h) */ PKIX_Error * PKIX_PL_CRL_GetCriticalExtensionOIDs( PKIX_PL_CRL *crl, PKIX_List **pExtensions, /* list of PKIX_PL_OID */ void *plContext) { PKIX_List *oidsList = NULL; CERTCertExtension **extensions = NULL; CERTCrl *nssSignedCrl = NULL; PKIX_ENTER(CRL, "PKIX_PL_CRL_GetCriticalExtensionOIDs"); PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pExtensions); /* Can call this function only with der been adopted. */ PORT_Assert(crl->adoptedDerCrl); /* if we don't have a cached copy from before, we create one */ if (crl->critExtOids == NULL) { PKIX_OBJECT_LOCK(crl); nssSignedCrl = &(crl->nssSignedCrl->crl); extensions = nssSignedCrl->extensions; if (crl->critExtOids == NULL) { PKIX_CHECK(pkix_pl_OID_GetCriticalExtensionOIDs (extensions, &oidsList, plContext), PKIX_GETCRITICALEXTENSIONOIDSFAILED); crl->critExtOids = oidsList; } PKIX_OBJECT_UNLOCK(crl); } /* We should return a copy of the List since this list changes */ PKIX_DUPLICATE(crl->critExtOids, pExtensions, plContext, PKIX_OBJECTDUPLICATELISTFAILED); cleanup: PKIX_RETURN(CRL); }
/* * FUNCTION: pkix_pl_CRL_GetCRLEntries * DESCRIPTION: * * Retrieves a pointer to the List of CRLEntries found in the CRL pointed to * by "crl" and stores it at "pCRLEntries". If there are no CRLEntries, * this functions stores NULL at "pCRLEntries". * * PARAMETERS: * "crl" * Address of CRL whose CRL Entries are to be retrieved. Must be non-NULL. * "pCRLEntries" * Address where object pointer will be stored. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a CRL Error if the function fails in a non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ static PKIX_Error * pkix_pl_CRL_GetCRLEntries( PKIX_PL_CRL *crl, PKIX_List **pCrlEntries, void *plContext) { PKIX_List *entryList = NULL; CERTCrl *nssCrl = NULL; PKIX_ENTER(CRL, "pkix_pl_CRL_GetCRLEntries"); PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pCrlEntries); /* if we don't have a cached copy from before, we create one */ if (crl->crlEntryList == NULL) { PKIX_OBJECT_LOCK(crl); if (crl->crlEntryList == NULL){ nssCrl = &(crl->nssSignedCrl->crl); PKIX_CHECK(pkix_pl_CRLEntry_Create (nssCrl->entries, &entryList, plContext), PKIX_CRLENTRYCREATEFAILED); PKIX_CHECK(PKIX_List_SetImmutable (entryList, plContext), PKIX_LISTSETIMMUTABLEFAILED); crl->crlEntryList = entryList; } PKIX_OBJECT_UNLOCK(crl); } PKIX_INCREF(crl->crlEntryList); *pCrlEntries = crl->crlEntryList; cleanup: PKIX_RETURN(CRL); }
/* * FUNCTION: pkix_pl_CRL_GetSignatureAlgId * * DESCRIPTION: * Retrieves a pointer to the OID that represents the signature algorithm of * the CRL pointed to by "crl" and stores it at "pSignatureAlgId". * * AlgorithmIdentifier ::= SEQUENCE { * algorithm OBJECT IDENTIFIER, * parameters ANY DEFINED BY algorithm OPTIONAL } * * PARAMETERS: * "crl" * Address of CRL whose signature algorithm OID is to be stored. * Must be non-NULL. * "pSignatureAlgId" * Address where object pointer will be stored. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a CRL Error if the function fails in a non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ static PKIX_Error * pkix_pl_CRL_GetSignatureAlgId( PKIX_PL_CRL *crl, PKIX_PL_OID **pSignatureAlgId, void *plContext) { PKIX_PL_OID *signatureAlgId = NULL; PKIX_ENTER(CRL, "pkix_pl_CRL_GetSignatureAlgId"); PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pSignatureAlgId); /* if we don't have a cached copy from before, we create one */ if (crl->signatureAlgId == NULL){ PKIX_OBJECT_LOCK(crl); if (crl->signatureAlgId == NULL){ CERTCrl *nssCrl = &(crl->nssSignedCrl->crl); SECAlgorithmID *algorithm = &nssCrl->signatureAlg; SECItem *algBytes = &algorithm->algorithm; if (!algBytes->data || !algBytes->len) { PKIX_ERROR(PKIX_OIDBYTESLENGTH0); } PKIX_CHECK(PKIX_PL_OID_CreateBySECItem (algBytes, &signatureAlgId, plContext), PKIX_OIDCREATEFAILED); /* save a cached copy in case it is asked for again */ crl->signatureAlgId = signatureAlgId; signatureAlgId = NULL; } PKIX_OBJECT_UNLOCK(crl); } PKIX_INCREF(crl->signatureAlgId); *pSignatureAlgId = crl->signatureAlgId; cleanup: PKIX_DECREF(signatureAlgId); PKIX_RETURN(CRL); }
/* * FUNCTION: PKIX_PL_CRL_GetCRLNumber (see comments in pkix_pl_pki.h) */ PKIX_Error * PKIX_PL_CRL_GetCRLNumber( PKIX_PL_CRL *crl, PKIX_PL_BigInt **pCrlNumber, void *plContext) { PKIX_PL_BigInt *crlNumber = NULL; SECItem nssCrlNumber; PLArenaPool *arena = NULL; SECStatus status; PKIX_UInt32 length = 0; char *bytes = NULL; PKIX_ENTER(CRL, "PKIX_PL_CRL_GetCRLNumber"); PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pCrlNumber); /* Can call this function only with der been adopted. */ PORT_Assert(crl->adoptedDerCrl); if (!crl->crlNumberAbsent && crl->crlNumber == NULL) { PKIX_OBJECT_LOCK(crl); if (!crl->crlNumberAbsent && crl->crlNumber == NULL) { nssCrlNumber.type = 0; nssCrlNumber.len = 0; nssCrlNumber.data = NULL; PKIX_CRL_DEBUG("\t\tCalling PORT_NewArena).\n"); arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { PKIX_ERROR(PKIX_OUTOFMEMORY); } PKIX_CRL_DEBUG("\t\tCalling CERT_FindCRLNumberExten\n"); status = CERT_FindCRLNumberExten (arena, &crl->nssSignedCrl->crl, &nssCrlNumber); if (status == SECSuccess) { /* Get data in bytes then convert to bigint */ length = nssCrlNumber.len; bytes = (char *)nssCrlNumber.data; PKIX_CHECK(pkix_pl_BigInt_CreateWithBytes (bytes, length, &crlNumber, plContext), PKIX_BIGINTCREATEWITHBYTESFAILED); /* arena release does the job PKIX_CRL_DEBUG("\t\tCalling SECITEM_FreeItem\n"); SECITEM_FreeItem(&nssCrlNumber, PKIX_FALSE); */ crl->crlNumber = crlNumber; } else { crl->crlNumberAbsent = PKIX_TRUE; } } PKIX_OBJECT_UNLOCK(crl); } PKIX_INCREF(crl->crlNumber); *pCrlNumber = crl->crlNumber; cleanup: if (arena){ PKIX_CRL_DEBUG("\t\tCalling PORT_FreeArena).\n"); PORT_FreeArena(arena, PR_FALSE); } PKIX_RETURN(CRL); }