PKIX_Error *
PKIX_OcspChecker_Initialize(
PKIX_PL_Date *validityTime,
void *passwordInfo,
void *responder,
PKIX_RevocationChecker **pChecker,
void *plContext)
{
PKIX_OcspChecker *oChecker = NULL;
PKIX_ENTER(OCSPCHECKER, "PKIX_OcspChecker_Initialize");
PKIX_NULLCHECK_ONE(pChecker);
PKIX_CHECK(pkix_OcspChecker_Create
(validityTime, passwordInfo, responder, &oChecker, plContext),
PKIX_OCSPCHECKERCREATEFAILED);
PKIX_CHECK(PKIX_RevocationChecker_Create
(pkix_OcspChecker_Check,
(PKIX_PL_Object *)oChecker,
pChecker,
plContext),
PKIX_REVOCATIONCHECKERCREATEFAILED);
cleanup:
PKIX_DECREF(oChecker);
PKIX_RETURN(OCSPCHECKER);
}
/*
* FUNCTION: PKIX_RevocationChecker_CreateAndAddMethod
*/
PKIX_Error *
PKIX_RevocationChecker_CreateAndAddMethod(
PKIX_RevocationChecker *revChecker,
PKIX_ProcessingParams *params,
PKIX_RevocationMethodType methodType,
PKIX_UInt32 flags,
PKIX_UInt32 priority,
PKIX_PL_VerifyCallback verificationFn,
PKIX_Boolean isLeafMethod,
void *plContext)
{
PKIX_List **methodList = NULL;
PKIX_List *unsortedList = NULL;
PKIX_List *certStores = NULL;
pkix_RevocationMethod *method = NULL;
pkix_LocalRevocationCheckFn *localRevChecker = NULL;
pkix_ExternalRevocationCheckFn *externRevChecker = NULL;
PKIX_UInt32 miFlags;
PKIX_ENTER(REVOCATIONCHECKER, "PKIX_RevocationChecker_CreateAndAddMethod");
PKIX_NULLCHECK_ONE(revChecker);
/* If the caller has said "Either one is sufficient, then don't let the
* absence of any one method's info lead to an overall failure.
*/
miFlags = isLeafMethod ? revChecker->leafMethodListFlags
: revChecker->chainMethodListFlags;
if (miFlags & PKIX_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE)
flags &= ~PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO;
switch (methodType) {
case PKIX_RevocationMethod_CRL:
localRevChecker = pkix_CrlChecker_CheckLocal;
externRevChecker = pkix_CrlChecker_CheckExternal;
PKIX_CHECK(
PKIX_ProcessingParams_GetCertStores(params, &certStores,
plContext),
PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED);
PKIX_CHECK(
pkix_CrlChecker_Create(methodType, flags, priority,
localRevChecker, externRevChecker,
certStores, verificationFn,
&method,
plContext),
PKIX_COULDNOTCREATECRLCHECKEROBJECT);
break;
case PKIX_RevocationMethod_OCSP:
localRevChecker = pkix_OcspChecker_CheckLocal;
externRevChecker = pkix_OcspChecker_CheckExternal;
PKIX_CHECK(
pkix_OcspChecker_Create(methodType, flags, priority,
localRevChecker, externRevChecker,
verificationFn,
&method,
plContext),
PKIX_COULDNOTCREATEOCSPCHECKEROBJECT);
break;
default:
PKIX_ERROR(PKIX_INVALIDREVOCATIONMETHOD);
}
if (isLeafMethod) {
methodList = &revChecker->leafMethodList;
} else {
methodList = &revChecker->chainMethodList;
}
if (*methodList == NULL) {
PKIX_CHECK(
PKIX_List_Create(methodList, plContext),
PKIX_LISTCREATEFAILED);
}
unsortedList = *methodList;
PKIX_CHECK(
PKIX_List_AppendItem(unsortedList, (PKIX_PL_Object*)method, plContext),
PKIX_LISTAPPENDITEMFAILED);
PKIX_CHECK(
pkix_List_BubbleSort(unsortedList,
pkix_RevocationChecker_SortComparator,
methodList, plContext),
PKIX_LISTBUBBLESORTFAILED);
cleanup:
PKIX_DECREF(method);
PKIX_DECREF(unsortedList);
PKIX_DECREF(certStores);
PKIX_RETURN(REVOCATIONCHECKER);
}
