static void
createObjects(
PKIX_PL_Object **obj,
PKIX_PL_Object **obj2,
PKIX_PL_Object **obj3,
PKIX_PL_Object **obj4)
{
PKIX_TEST_STD_VARS();
#ifdef PKIX_USER_OBJECT_TYPE
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_RegisterType(1000, /* type */
"thousand", /* description */
NULL, /* destructor */
NULL, /* equals */
(PKIX_PL_HashcodeCallback)hashcodeCallback,
NULL, /* toString */
NULL, /* Comparator */
NULL,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Alloc(1000, /* type */
12, /* size */
obj,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_RegisterType(2000, /* type */
"two thousand" /* description */,
(PKIX_PL_DestructorCallback)destructor,
(PKIX_PL_EqualsCallback)equalsCallback,
NULL, /* hashcode */
(PKIX_PL_ToStringCallback)toStringCallback,
(PKIX_PL_ComparatorCallback)comparator,
NULL,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Alloc(2000, /* type */
1, /* size */
obj2,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Alloc(2000, /* type */
1, /* size */
obj4,
plContext));
*obj3 = *obj;
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef(*obj3, plContext));
cleanup:
#endif /* PKIX_USER_OBJECT_TYPE */
PKIX_TEST_RETURN();
}
/*
* FUNCTION: PKIX_Logger_Create (see comments in pkix_util.h)
*/
PKIX_Error *
PKIX_Logger_Create(
PKIX_Logger_LogCallback callback,
PKIX_PL_Object *loggerContext,
PKIX_Logger **pLogger,
void *plContext)
{
PKIX_Logger *logger = NULL;
PKIX_ENTER(LOGGER, "PKIX_Logger_Create");
PKIX_NULLCHECK_ONE(pLogger);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_LOGGER_TYPE,
sizeof (PKIX_Logger),
(PKIX_PL_Object **)&logger,
plContext),
PKIX_COULDNOTCREATELOGGEROBJECT);
logger->callback = callback;
logger->maxLevel = 0;
logger->logComponent = (PKIX_ERRORCLASS)NULL;
PKIX_INCREF(loggerContext);
logger->context = loggerContext;
*pLogger = logger;
logger = NULL;
cleanup:
PKIX_DECREF(logger);
PKIX_RETURN(LOGGER);
}
/*
* FUNCTION: PKIX_RevocationChecker_Create (see comments in pkix_checker.h)
*/
PKIX_Error *
PKIX_RevocationChecker_Create(
PKIX_RevocationChecker_RevCallback callback,
PKIX_PL_Object *revCheckerContext,
PKIX_RevocationChecker **pChecker,
void *plContext)
{
PKIX_RevocationChecker *checker = NULL;
PKIX_ENTER(REVOCATIONCHECKER, "PKIX_RevocationChecker_Create");
PKIX_NULLCHECK_ONE(pChecker);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_REVOCATIONCHECKER_TYPE,
sizeof (PKIX_RevocationChecker),
(PKIX_PL_Object **)&checker,
plContext),
PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT);
/* initialize fields */
checker->checkCallback = callback;
PKIX_INCREF(revCheckerContext);
checker->revCheckerContext = revCheckerContext;
*pChecker = checker;
cleanup:
PKIX_RETURN(REVOCATIONCHECKER);
}
/*
* FUNCTION: pkix_pl_CertPolicyQualifier_Create
* DESCRIPTION:
*
* Creates a CertPolicyQualifier object with the OID given by "oid"
* and the ByteArray given by "qualifier", and stores it at "pObject".
*
* PARAMETERS
* "oid"
* Address of OID of the desired policyQualifierId; must be non-NULL
* "qualifier"
* Address of ByteArray with the desired value of the qualifier;
* must be non-NULL
* "pObject"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_pl_CertPolicyQualifier_Create(
PKIX_PL_OID *oid,
PKIX_PL_ByteArray *qualifier,
PKIX_PL_CertPolicyQualifier **pObject,
void *plContext)
{
PKIX_PL_CertPolicyQualifier *qual = NULL;
PKIX_ENTER(CERTPOLICYQUALIFIER, "pkix_pl_CertPolicyQualifier_Create");
PKIX_NULLCHECK_THREE(oid, qualifier, pObject);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CERTPOLICYQUALIFIER_TYPE,
sizeof (PKIX_PL_CertPolicyQualifier),
(PKIX_PL_Object **)&qual,
plContext),
PKIX_COULDNOTCREATECERTPOLICYQUALIFIEROBJECT);
PKIX_INCREF(oid);
qual->policyQualifierId = oid;
PKIX_INCREF(qualifier);
qual->qualifier = qualifier;
*pObject = qual;
qual = NULL;
cleanup:
PKIX_DECREF(qual);
PKIX_RETURN(CERTPOLICYQUALIFIER);
}
/*
* FUNCTION: pkix_List_Create_Internal
* DESCRIPTION:
*
* Creates a new List, using the Boolean value of "isHeader" to determine
* whether the new List should be a header, and stores it at "pList". The
* List is initially empty and holds no items. To initially add items to
* the List, use PKIX_List_AppendItem.
*
* PARAMETERS:
* "isHeader"
* Boolean value indicating whether new List should be a header.
* "pList"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_List_Create_Internal(
PKIX_Boolean isHeader,
PKIX_List **pList,
void *plContext)
{
PKIX_List *list = NULL;
PKIX_ENTER(LIST, "pkix_List_Create_Internal");
PKIX_NULLCHECK_ONE(pList);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_LIST_TYPE,
((PKIX_UInt32)(sizeof (PKIX_List))),
(PKIX_PL_Object **)&list, plContext),
PKIX_ERRORCREATINGLISTITEM);
list->item = NULL;
list->next = NULL;
list->immutable = PKIX_FALSE;
list->length = 0;
list->isHeader = isHeader;
*pList = list;
cleanup:
PKIX_RETURN(LIST);
}
/*
* FUNCTION: pkix_pl_CertPolicyMap_Create
* DESCRIPTION:
*
* Creates a new CertPolicyMap Object pairing the OID given by
* "issuerDomainPolicy" with the OID given by "subjectDomainPolicy", and
* stores the result at "pCertPolicyMap".
*
* PARAMETERS
* "issuerDomainPolicy"
* Address of the OID of the IssuerDomainPolicy. Must be non-NULL.
* "subjectDomainPolicy"
* Address of the OID of the SubjectDomainPolicy. Must be non-NULL.
* "pCertPolicyMap"
* Address where CertPolicyMap pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertPolicyMap Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_pl_CertPolicyMap_Create(
PKIX_PL_OID *issuerDomainPolicy,
PKIX_PL_OID *subjectDomainPolicy,
PKIX_PL_CertPolicyMap **pCertPolicyMap,
void *plContext)
{
PKIX_PL_CertPolicyMap *policyMap = NULL;
PKIX_ENTER(CERTPOLICYMAP, "pkix_pl_CertPolicyMap_Create");
PKIX_NULLCHECK_THREE
(issuerDomainPolicy, subjectDomainPolicy, pCertPolicyMap);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CERTPOLICYMAP_TYPE,
sizeof (PKIX_PL_CertPolicyMap),
(PKIX_PL_Object **)&policyMap,
plContext),
PKIX_COULDNOTCREATECERTPOLICYMAPOBJECT);
PKIX_INCREF(issuerDomainPolicy);
policyMap->issuerDomainPolicy = issuerDomainPolicy;
PKIX_INCREF(subjectDomainPolicy);
policyMap->subjectDomainPolicy = subjectDomainPolicy;
*pCertPolicyMap = policyMap;
cleanup:
PKIX_RETURN(CERTPOLICYMAP);
}
/*
* FUNCTION: PKIX_PL_CollectionCertStoreContext_Create
* DESCRIPTION:
*
* Creates a new CollectionCertStoreContext using the String pointed to
* by "storeDir" and stores it at "pColCertStoreContext".
*
* PARAMETERS:
* "storeDir"
* The absolute path where *.crl and *.crt files are located.
* "pColCertStoreContext"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CollectionCertStoreContext Error if the function fails in
* a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_CollectionCertStoreContext_Create(
PKIX_PL_String *storeDir,
PKIX_PL_CollectionCertStoreContext **pColCertStoreContext,
void *plContext)
{
PKIX_PL_CollectionCertStoreContext *colCertStoreContext = NULL;
PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
"pkix_pl_CollectionCertStoreContext_Create");
PKIX_NULLCHECK_TWO(storeDir, pColCertStoreContext);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_COLLECTIONCERTSTORECONTEXT_TYPE,
sizeof (PKIX_PL_CollectionCertStoreContext),
(PKIX_PL_Object **)&colCertStoreContext,
plContext),
PKIX_COULDNOTCREATECOLLECTIONCERTSTORECONTEXTOBJECT);
PKIX_INCREF(storeDir);
colCertStoreContext->storeDir = storeDir;
colCertStoreContext->crlList = NULL;
colCertStoreContext->certList = NULL;
*pColCertStoreContext = colCertStoreContext;
colCertStoreContext = NULL;
cleanup:
PKIX_DECREF(colCertStoreContext);
PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
}
/*
* FUNCTION: PKIX_PL_AIAMgr_Create
* DESCRIPTION:
*
* This function creates an AIAMgr, storing the result at "pAIAMgr".
*
* PARAMETERS:
* "pAIAMGR"
* Address at which the returned AIAMgr is stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an AIAMgr Error if the function fails in a non-fatal way
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_PL_AIAMgr_Create(
PKIX_PL_AIAMgr **pAIAMgr,
void *plContext)
{
PKIX_PL_AIAMgr *aiaMgr = NULL;
PKIX_ENTER(AIAMGR, "PKIX_PL_AIAMgr_Create");
PKIX_NULLCHECK_ONE(pAIAMgr);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_AIAMGR_TYPE,
sizeof(PKIX_PL_AIAMgr),
(PKIX_PL_Object **)&aiaMgr,
plContext),
PKIX_COULDNOTCREATEAIAMGROBJECT);
/* pointer to cert cache */
/* pointer to crl cache */
aiaMgr->method = 0;
aiaMgr->aiaIndex = 0;
aiaMgr->numAias = 0;
aiaMgr->aia = NULL;
aiaMgr->location = NULL;
aiaMgr->results = NULL;
aiaMgr->client.hdata.httpClient = NULL;
aiaMgr->client.hdata.serverSession = NULL;
aiaMgr->client.hdata.requestSession = NULL;
*pAIAMgr = aiaMgr;
cleanup:
PKIX_RETURN(AIAMGR);
}
/*
* FUNCTION: PKIX_RevocationChecker_Create (see comments in pkix_revchecker.h)
*/
PKIX_Error *
PKIX_RevocationChecker_Create(
PKIX_UInt32 leafMethodListFlags,
PKIX_UInt32 chainMethodListFlags,
PKIX_RevocationChecker **pChecker,
void *plContext)
{
PKIX_RevocationChecker *checker = NULL;
PKIX_ENTER(REVOCATIONCHECKER, "PKIX_RevocationChecker_Create");
PKIX_NULLCHECK_ONE(pChecker);
PKIX_CHECK(
PKIX_PL_Object_Alloc(PKIX_REVOCATIONCHECKER_TYPE,
sizeof (PKIX_RevocationChecker),
(PKIX_PL_Object **)&checker,
plContext),
PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT);
checker->leafMethodListFlags = leafMethodListFlags;
checker->chainMethodListFlags = chainMethodListFlags;
checker->leafMethodList = NULL;
checker->chainMethodList = NULL;
*pChecker = checker;
checker = NULL;
cleanup:
PKIX_DECREF(checker);
PKIX_RETURN(REVOCATIONCHECKER);
}
PKIX_Error *
PKIX_PL_RWLock_Create(
PKIX_PL_RWLock **pNewLock,
void *plContext)
{
PKIX_PL_RWLock *rwLock = NULL;
PKIX_ENTER(RWLOCK, "PKIX_PL_RWLock_Create");
PKIX_NULLCHECK_ONE(pNewLock);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_RWLOCK_TYPE,
sizeof (PKIX_PL_RWLock),
(PKIX_PL_Object **)&rwLock,
plContext),
PKIX_ERRORALLOCATINGRWLOCK);
PKIX_RWLOCK_DEBUG("\tCalling PR_NewRWLock)\n");
rwLock->lock = PR_NewRWLock(PR_RWLOCK_RANK_NONE, "PKIX RWLock");
if (rwLock->lock == NULL) {
PKIX_DECREF(rwLock);
PKIX_ERROR(PKIX_OUTOFMEMORY);
}
rwLock->readCount = 0;
rwLock->writeLocked = PKIX_FALSE;
*pNewLock = rwLock;
cleanup:
PKIX_RETURN(RWLOCK);
}
/*
* FUNCTION: PKIX_PL_Date_Create_CurrentOffBySeconds
* (see comments in pkix_pl_pki.h)
*/
PKIX_Error *
PKIX_PL_Date_Create_CurrentOffBySeconds(
PKIX_Int32 secondsOffset,
PKIX_PL_Date **pDate,
void *plContext)
{
PKIX_PL_Date *date = NULL;
PRTime time;
PKIX_ENTER(DATE, "PKIX_PL_Date_Create_CurrentOffBySeconds");
PKIX_NULLCHECK_ONE(pDate);
time = PR_Now() + PR_SecondsToInterval(secondsOffset);
/* create a PKIX_PL_Date object */
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_DATE_TYPE,
sizeof (PKIX_PL_Date),
(PKIX_PL_Object **)&date,
plContext),
PKIX_COULDNOTCREATEOBJECT);
/* populate the nssTime field */
date->nssTime = time;
*pDate = date;
cleanup:
PKIX_RETURN(DATE);
}
/*
* FUNCTION: pkix_pl_CertBasicConstraints_Create
* DESCRIPTION:
*
* Creates a new CertBasicConstraints object whose CA Flag has the value
* given by the Boolean value of "isCA" and whose path length field has the
* value given by the "pathLen" argument and stores it at "pObject".
*
* PARAMETERS
* "isCA"
* Boolean value with the desired value of CA Flag.
* "pathLen"
* a PKIX_Int32 with the desired value of path length
* "pObject"
* Address of object pointer's destination. Must be non-NULL.
* "plContext" - Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertBasicConstraints Error if the function fails
* in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_pl_CertBasicConstraints_Create(
PKIX_Boolean isCA,
PKIX_Int32 pathLen,
PKIX_PL_CertBasicConstraints **pObject,
void *plContext)
{
PKIX_PL_CertBasicConstraints *basic = NULL;
PKIX_ENTER(CERTBASICCONSTRAINTS,
"pkix_pl_CertBasicConstraints_Create");
PKIX_NULLCHECK_ONE(pObject);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CERTBASICCONSTRAINTS_TYPE,
sizeof (PKIX_PL_CertBasicConstraints),
(PKIX_PL_Object **)&basic,
plContext),
PKIX_COULDNOTCREATECERTBASICCONSTRAINTSOBJECT);
basic->isCA = isCA;
/* pathLen has meaning only for CAs, but it's not worth checking */
basic->pathLen = pathLen;
*pObject = basic;
cleanup:
PKIX_RETURN(CERTBASICCONSTRAINTS);
}
/*
* FUNCTION: PKIX_ResourceLimits_Create (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ResourceLimits_Create(
PKIX_ResourceLimits **pResourceLimits,
void *plContext)
{
PKIX_ResourceLimits *rLimits = NULL;
PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_Create");
PKIX_NULLCHECK_ONE(pResourceLimits);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_RESOURCELIMITS_TYPE,
sizeof (PKIX_ResourceLimits),
(PKIX_PL_Object **)&rLimits,
plContext),
PKIX_COULDNOTCREATERESOURCELIMITOBJECT);
/* initialize fields */
rLimits->maxTime = 0;
rLimits->maxFanout = 0;
rLimits->maxDepth = 0;
rLimits->maxCertsNumber = 0;
rLimits->maxCrlsNumber = 0;
*pResourceLimits = rLimits;
cleanup:
PKIX_RETURN(RESOURCELIMITS);
}
/*
* FUNCTION: PKIX_PL_OID_CreateBySECItem (see comments in pkix_pl_system.h)
*/
PKIX_Error *
PKIX_PL_OID_CreateBySECItem(
SECItem *derOid,
PKIX_PL_OID **pOID,
void *plContext)
{
PKIX_PL_OID *oid = NULL;
SECStatus rv;
PKIX_ENTER(OID, "PKIX_PL_OID_CreateBySECItem");
PKIX_NULLCHECK_TWO(pOID, derOid);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_OID_TYPE,
sizeof (PKIX_PL_OID),
(PKIX_PL_Object **)&oid,
plContext),
PKIX_COULDNOTCREATEOBJECT);
rv = SECITEM_CopyItem(NULL, &oid->derOid, derOid);
if (rv != SECSuccess) {
PKIX_ERROR(PKIX_OUTOFMEMORY);
}
*pOID = oid;
oid = NULL;
cleanup:
PKIX_DECREF(oid);
PKIX_RETURN(OID);
}
PKIX_Error *
PKIX_PL_MonitorLock_Create(
PKIX_PL_MonitorLock **pNewLock,
void *plContext)
{
PKIX_PL_MonitorLock *monitorLock = NULL;
PKIX_ENTER(MONITORLOCK, "PKIX_PL_MonitorLock_Create");
PKIX_NULLCHECK_ONE(pNewLock);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_MONITORLOCK_TYPE,
sizeof (PKIX_PL_MonitorLock),
(PKIX_PL_Object **)&monitorLock,
plContext),
PKIX_ERRORALLOCATINGMONITORLOCK);
PKIX_MONITORLOCK_DEBUG("\tCalling PR_NewMonitor)\n");
monitorLock->lock = PR_NewMonitor();
if (monitorLock->lock == NULL) {
PKIX_DECREF(monitorLock);
PKIX_ERROR(PKIX_OUTOFMEMORY);
}
*pNewLock = monitorLock;
cleanup:
PKIX_RETURN(MONITORLOCK);
}
/*
* FUNCTION: PKIX_Error_Create (see comments in pkix_util.h)
*/
PKIX_Error *
PKIX_Error_Create(
PKIX_ERRORCLASS errClass,
PKIX_Error *cause,
PKIX_PL_Object *info,
PKIX_ERRORCODE errCode,
PKIX_Error **pError,
void *plContext)
{
PKIX_Error *tempCause = NULL;
PKIX_Error *error = NULL;
PKIX_ENTER(ERROR, "PKIX_Error_Create");
PKIX_NULLCHECK_ONE(pError);
/*
* when called here, if PKIX_PL_Object_Alloc returns an error,
* it must be a PKIX_ALLOC_ERROR
*/
pkixErrorResult = PKIX_PL_Object_Alloc
(PKIX_ERROR_TYPE,
((PKIX_UInt32)(sizeof (PKIX_Error))),
(PKIX_PL_Object **)&error,
plContext);
if (pkixErrorResult) return (pkixErrorResult);
error->errClass = errClass;
/* Ensure we don't have a loop. Follow causes until NULL */
for (tempCause = cause;
tempCause != NULL;
tempCause = tempCause->cause) {
/* If we detect a loop, throw a new error */
if (tempCause == error) {
PKIX_ERROR(PKIX_LOOPOFERRORCAUSEDETECTED);
}
}
PKIX_INCREF(cause);
error->cause = cause;
PKIX_INCREF(info);
error->info = info;
error->errCode = errCode;
error->plErr = PKIX_PLErrorIndex[error->errCode];
*pError = error;
error = NULL;
cleanup:
/* PKIX-XXX Fix for leak during error creation */
PKIX_DECREF(error);
PKIX_RETURN(ERROR);
}
/*
* FUNCTION: PKIX_PL_Date_Create_UTCTime (see comments in pkix_pl_pki.h)
*/
PKIX_Error *
PKIX_PL_Date_Create_UTCTime(
PKIX_PL_String *stringRep,
PKIX_PL_Date **pDate,
void *plContext)
{
PKIX_PL_Date *date = NULL;
char *asciiString = NULL;
PKIX_UInt32 escAsciiLength;
SECStatus rv;
PRTime time;
PKIX_ENTER(DATE, "PKIX_PL_Date_Create_UTCTime");
PKIX_NULLCHECK_ONE(pDate);
if (stringRep == NULL){
PKIX_DATE_DEBUG("\t\tCalling PR_Now).\n");
time = PR_Now();
} else {
/* convert the input PKIX_PL_String to PKIX_ESCASCII */
PKIX_CHECK(PKIX_PL_String_GetEncoded
(stringRep,
PKIX_ESCASCII,
(void **)&asciiString,
&escAsciiLength,
plContext),
PKIX_STRINGGETENCODEDFAILED);
PKIX_DATE_DEBUG("\t\tCalling DER_AsciiToTime).\n");
/* DER_AsciiToTime only supports UTCTime (2-digit years) */
rv = DER_AsciiToTime(&time, asciiString);
if (rv != SECSuccess){
PKIX_ERROR(PKIX_DERASCIITOTIMEFAILED);
}
}
/* create a PKIX_PL_Date object */
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_DATE_TYPE,
sizeof (PKIX_PL_Date),
(PKIX_PL_Object **)&date,
plContext),
PKIX_COULDNOTCREATEOBJECT);
/* populate the nssTime field */
date->nssTime = time;
*pDate = date;
cleanup:
PKIX_FREE(asciiString);
PKIX_RETURN(DATE);
}
/*
* FUNCTION: pkix_PolicyNode_Create
* DESCRIPTION:
*
* Creates a new PolicyNode using the OID pointed to by "validPolicy", the List
* of CertPolicyQualifiers pointed to by "qualifierSet", the criticality
* indicated by the Boolean value of "criticality", and the List of OIDs
* pointed to by "expectedPolicySet", and stores the result at "pObject". The
* criticality should be derived from whether the certificate policy extension
* was marked as critical in the certificate that led to creation of this
* PolicyNode. The "qualifierSet" and "expectedPolicySet" Lists are made
* immutable. The PolicyNode pointers to parent and to children are initialized
* to NULL, and the depth is set to zero; those values should be set by using
* the pkix_PolicyNode_AddToParent function.
*
* PARAMETERS
* "validPolicy"
* Address of OID of the valid policy for the path. Must be non-NULL
* "qualifierSet"
* Address of List of CertPolicyQualifiers associated with the validpolicy.
* May be NULL
* "criticality"
* Boolean indicator of whether the criticality should be set in this
* PolicyNode
* "expectedPolicySet"
* Address of List of OIDs that would satisfy this policy in the next
* certificate. Must be non-NULL
* "pObject"
* Address where the PolicyNode pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a PolicyNode Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_PolicyNode_Create(
PKIX_PL_OID *validPolicy,
PKIX_List *qualifierSet,
PKIX_Boolean criticality,
PKIX_List *expectedPolicySet,
PKIX_PolicyNode **pObject,
void *plContext)
{
PKIX_PolicyNode *node = NULL;
PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Create");
PKIX_NULLCHECK_THREE(validPolicy, expectedPolicySet, pObject);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CERTPOLICYNODE_TYPE,
sizeof (PKIX_PolicyNode),
(PKIX_PL_Object **)&node,
plContext),
PKIX_COULDNOTCREATEPOLICYNODEOBJECT);
PKIX_INCREF(validPolicy);
node->validPolicy = validPolicy;
PKIX_INCREF(qualifierSet);
node->qualifierSet = qualifierSet;
if (qualifierSet) {
PKIX_CHECK(PKIX_List_SetImmutable(qualifierSet, plContext),
PKIX_LISTSETIMMUTABLEFAILED);
}
node->criticality = criticality;
PKIX_INCREF(expectedPolicySet);
node->expectedPolicySet = expectedPolicySet;
PKIX_CHECK(PKIX_List_SetImmutable(expectedPolicySet, plContext),
PKIX_LISTSETIMMUTABLEFAILED);
node->parent = NULL;
node->children = NULL;
node->depth = 0;
*pObject = node;
node = NULL;
cleanup:
PKIX_DECREF(node);
PKIX_RETURN(CERTPOLICYNODE);
}
/*
* FUNCTION: PKIX_ProcessingParams_Create (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ProcessingParams_Create(
PKIX_ProcessingParams **pParams,
void *plContext)
{
PKIX_ProcessingParams *params = NULL;
PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_Create");
PKIX_NULLCHECK_ONE(pParams);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_PROCESSINGPARAMS_TYPE,
sizeof (PKIX_ProcessingParams),
(PKIX_PL_Object **)¶ms,
plContext),
PKIX_COULDNOTCREATEPROCESSINGPARAMSOBJECT);
/* initialize fields */
PKIX_CHECK(PKIX_List_Create(¶ms->trustAnchors, plContext),
PKIX_LISTCREATEFAILED);
PKIX_CHECK(PKIX_List_SetImmutable(params->trustAnchors, plContext),
PKIX_LISTSETIMMUTABLEFAILED);
params->hintCerts = NULL;
params->constraints = NULL;
params->date = NULL;
params->initialPolicies = NULL;
params->initialPolicyMappingInhibit = PKIX_FALSE;
params->initialAnyPolicyInhibit = PKIX_FALSE;
params->initialExplicitPolicy = PKIX_FALSE;
params->qualifiersRejected = PKIX_FALSE;
params->certChainCheckers = NULL;
params->revCheckers = NULL;
params->certStores = NULL;
params->resourceLimits = NULL;
params->isCrlRevocationCheckingEnabled = PKIX_TRUE;
params->isCrlRevocationCheckingEnabledWithNISTPolicy = PKIX_TRUE;
params->useAIAForCertFetching = PKIX_FALSE;
*pParams = params;
params = NULL;
cleanup:
PKIX_DECREF(params);
PKIX_RETURN(PROCESSINGPARAMS);
}
/*
* FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_TrustAnchor_CreateWithNameKeyPair(
PKIX_PL_X500Name *name,
PKIX_PL_PublicKey *pubKey,
PKIX_PL_CertNameConstraints *nameConstraints,
PKIX_TrustAnchor **pAnchor,
void *plContext)
{
PKIX_TrustAnchor *anchor = NULL;
PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithNameKeyPair");
#ifndef BUILD_LIBPKIX_TESTS
/* Nss creates trust anchors by using PKIX_TrustAnchor_CreateWithCert
* function as the complete trusted cert structure, and not only cert
* public key, is required for chain building and validation processes.
* Restricting this function for been used only in libpkix unit
* tests. */
PKIX_ERROR(PKIX_FUNCTIONMUSTNOTBEUSED);
#endif
PKIX_NULLCHECK_THREE(name, pubKey, pAnchor);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_TRUSTANCHOR_TYPE,
sizeof (PKIX_TrustAnchor),
(PKIX_PL_Object **)&anchor,
plContext),
PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
/* initialize fields */
anchor->trustedCert = NULL;
PKIX_INCREF(name);
anchor->caName = name;
PKIX_INCREF(pubKey);
anchor->caPubKey = pubKey;
PKIX_INCREF(nameConstraints);
anchor->nameConstraints = nameConstraints;
*pAnchor = anchor;
anchor = NULL;
cleanup:
PKIX_DECREF(anchor);
PKIX_RETURN(TRUSTANCHOR);
}
/*
* FUNCTION: PKIX_CertStore_Create (see comments in pkix_certstore.h)
*/
PKIX_Error *
PKIX_CertStore_Create(
PKIX_CertStore_CertCallback certCallback,
PKIX_CertStore_CRLCallback crlCallback,
PKIX_CertStore_CertContinueFunction certContinue,
PKIX_CertStore_CrlContinueFunction crlContinue,
PKIX_CertStore_CheckTrustCallback trustCallback,
PKIX_CertStore_ImportCrlCallback importCrlCallback,
PKIX_CertStore_CheckRevokationByCrlCallback checkRevByCrlCallback,
PKIX_PL_Object *certStoreContext,
PKIX_Boolean cacheFlag,
PKIX_Boolean localFlag,
PKIX_CertStore **pStore,
void *plContext)
{
PKIX_CertStore *certStore = NULL;
PKIX_ENTER(CERTSTORE, "PKIX_CertStore_Create");
PKIX_NULLCHECK_THREE(certCallback, crlCallback, pStore);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CERTSTORE_TYPE,
sizeof (PKIX_CertStore),
(PKIX_PL_Object **)&certStore,
plContext),
PKIX_COULDNOTCREATECERTSTOREOBJECT);
certStore->certCallback = certCallback;
certStore->crlCallback = crlCallback;
certStore->certContinue = certContinue;
certStore->crlContinue = crlContinue;
certStore->trustCallback = trustCallback;
certStore->importCrlCallback = importCrlCallback;
certStore->checkRevByCrlCallback = checkRevByCrlCallback;
certStore->cacheFlag = cacheFlag;
certStore->localFlag = localFlag;
PKIX_INCREF(certStoreContext);
certStore->certStoreContext = certStoreContext;
*pStore = certStore;
certStore = NULL;
cleanup:
PKIX_DECREF(certStore);
PKIX_RETURN(CERTSTORE);
}
/*
* FUNCTION: PKIX_ComCertSelParams_Create (see comments in pkix_certsel.h)
*/
PKIX_Error *
PKIX_ComCertSelParams_Create(
PKIX_ComCertSelParams **pParams,
void *plContext)
{
PKIX_ComCertSelParams *params = NULL;
PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_Create");
PKIX_NULLCHECK_ONE(pParams);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_COMCERTSELPARAMS_TYPE,
sizeof (PKIX_ComCertSelParams),
(PKIX_PL_Object **)¶ms,
plContext),
PKIX_COULDNOTCREATECOMMONCERTSELPARAMSOBJECT);
/* initialize fields */
params->version = 0xFFFFFFFF;
params->minPathLength = -1;
params->matchAllSubjAltNames = PKIX_TRUE;
params->subject = NULL;
params->policies = NULL;
params->cert = NULL;
params->nameConstraints = NULL;
params->pathToNames = NULL;
params->subjAltNames = NULL;
params->extKeyUsage = NULL;
params->keyUsage = 0;
params->extKeyUsage = NULL;
params->keyUsage = 0;
params->date = NULL;
params->certValid = NULL;
params->issuer = NULL;
params->serialNumber = NULL;
params->authKeyId = NULL;
params->subjKeyId = NULL;
params->subjPubKey = NULL;
params->subjPKAlgId = NULL;
params->leafCertFlag = PKIX_FALSE;
*pParams = params;
cleanup:
PKIX_RETURN(COMCERTSELPARAMS);
}
/*
* FUNCTION: pkix_pl_CRL_CreateWithSignedCRL
* DESCRIPTION:
*
* Creates a new CRL using the CERTSignedCrl pointed to by "nssSignedCrl"
* and stores it at "pCRL". If the decoding of the CERTSignedCrl fails,
* a PKIX_Error is returned.
*
* PARAMETERS:
* "nssSignedCrl"
* Address of CERTSignedCrl. Must be non-NULL.
* "adoptedDerCrl"
* SECItem ponter that if not NULL is indicating that memory used
* for der should be adopted by crl that is about to be created.
* "pCRL"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRL Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_pl_CRL_CreateWithSignedCRL(
CERTSignedCrl *nssSignedCrl,
SECItem *adoptedDerCrl,
SECItem *derGenName,
PKIX_PL_CRL **pCrl,
void *plContext)
{
PKIX_PL_CRL *crl = NULL;
PKIX_ENTER(CRL, "pkix_pl_CRL_CreateWithSignedCRL");
PKIX_NULLCHECK_ONE(pCrl);
/* create a PKIX_PL_CRL object */
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CRL_TYPE,
sizeof (PKIX_PL_CRL),
(PKIX_PL_Object **)&crl,
plContext),
PKIX_COULDNOTCREATECRLOBJECT);
/* populate the nssSignedCrl field */
crl->nssSignedCrl = nssSignedCrl;
crl->adoptedDerCrl = adoptedDerCrl;
crl->issuer = NULL;
crl->signatureAlgId = NULL;
crl->crlNumber = NULL;
crl->crlNumberAbsent = PKIX_FALSE;
crl->crlEntryList = NULL;
crl->critExtOids = NULL;
if (derGenName) {
crl->derGenName =
SECITEM_DupItem(derGenName);
if (!crl->derGenName) {
PKIX_ERROR(PKIX_ALLOCERROR);
}
}
*pCrl = crl;
cleanup:
if (PKIX_ERROR_RECEIVED){
PKIX_DECREF(crl);
}
PKIX_RETURN(CRL);
}
/*
* FUNCTION: pkix_pl_CRL_CreateWithSignedCRL
* DESCRIPTION:
*
* Creates a new CRL using the CERTSignedCrl pointed to by "nssSignedCrl"
* and stores it at "pCRL". If the decoding of the CERTSignedCrl fails,
* a PKIX_Error is returned.
*
* PARAMETERS:
* "nssSignedCrl"
* Address of CERTSignedCrl. Must be non-NULL.
* "pCRL"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRL Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_pl_CRL_CreateWithSignedCRL(
CERTSignedCrl *nssSignedCrl,
PKIX_PL_CRL **pCrl,
void *plContext)
{
SECStatus status;
PKIX_PL_CRL *crl = NULL;
PKIX_ENTER(CRL, "pkix_pl_CRL_CreateWithSignedCRL");
PKIX_NULLCHECK_TWO(nssSignedCrl, pCrl);
/* create a PKIX_PL_CRL object */
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CRL_TYPE,
sizeof (PKIX_PL_CRL),
(PKIX_PL_Object **)&crl,
plContext),
PKIX_COULDNOTCREATECRLOBJECT);
/* populate the nssSignedCrl field */
crl->nssSignedCrl = nssSignedCrl;
PKIX_CRL_DEBUG("\t\tCalling CERT_CompleteCRLDecodeEntries\n");
status = CERT_CompleteCRLDecodeEntries(crl->nssSignedCrl);
if (status != SECSuccess) {
PKIX_ERROR(PKIX_CERTCOMPLETECRLDECODEDENTRIESFAILED);
}
crl->issuer = NULL;
crl->signatureAlgId = NULL;
crl->crlNumber = NULL;
crl->crlNumberAbsent = PKIX_FALSE;
crl->crlEntryList = NULL;
crl->critExtOids = NULL;
*pCrl = crl;
cleanup:
if (PKIX_ERROR_RECEIVED) {
PKIX_DECREF(crl);
}
PKIX_RETURN(CRL);
}
/*
* FUNCTION: PKIX_PL_Date_Create_CurrentOffBySeconds
* (see comments in pkix_pl_pki.h)
*/
PKIX_Error *
PKIX_PL_Date_Create_CurrentOffBySeconds(
PKIX_Int32 secondsOffset,
PKIX_PL_Date **pDate,
void *plContext)
{
PKIX_PL_Date *date = NULL;
SECItem nssTime;
SECStatus rv;
PRTime time;
PKIX_ENTER(DATE, "PKIX_PL_Date_Create_CurrentOffBySeconds");
PKIX_NULLCHECK_ONE(pDate);
PKIX_DATE_DEBUG("\t\tCalling PR_Now).\n");
time = PR_Now();
time += (secondsOffset * PR_USEC_PER_SEC);
PKIX_DATE_DEBUG("\t\tCalling DER_TimeToUTCTime).\n");
rv = DER_TimeToUTCTime(&nssTime, time);
if (rv != SECSuccess){
PKIX_ERROR(PKIX_DERTIMETOUTCTIMEFAILED);
}
/* create a PKIX_PL_Date object */
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_DATE_TYPE,
sizeof (PKIX_PL_Date),
(PKIX_PL_Object **)&date,
plContext),
PKIX_COULDNOTCREATEOBJECT);
/* populate the nssTime field */
date->nssTime = nssTime;
*pDate = date;
cleanup:
if (PKIX_ERROR_RECEIVED){
PR_Free(nssTime.data);
}
PKIX_RETURN(DATE);
}
/*
* FUNCTION: pkix_Logger_Duplicate
* (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_Logger_Duplicate(
PKIX_PL_Object *object,
PKIX_PL_Object **pNewObject,
void *plContext)
{
PKIX_Logger *logger = NULL;
PKIX_Logger *dupLogger = NULL;
PKIX_ENTER(LOGGER, "pkix_Logger_Duplicate");
PKIX_NULLCHECK_TWO(object, pNewObject);
PKIX_CHECK(pkix_CheckType
((PKIX_PL_Object *)object, PKIX_LOGGER_TYPE, plContext),
PKIX_OBJECTNOTLOGGER);
logger = (PKIX_Logger *) object;
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_LOGGER_TYPE,
sizeof (PKIX_Logger),
(PKIX_PL_Object **)&dupLogger,
plContext),
PKIX_COULDNOTCREATELOGGEROBJECT);
dupLogger->callback = logger->callback;
dupLogger->maxLevel = logger->maxLevel;
PKIX_DUPLICATE
(logger->context,
&dupLogger->context,
plContext,
PKIX_OBJECTDUPLICATEFAILED);
dupLogger->logComponent = logger->logComponent;
*pNewObject = (PKIX_PL_Object *) dupLogger;
cleanup:
if (PKIX_ERROR_RECEIVED){
PKIX_DECREF(dupLogger);
}
PKIX_RETURN(LOGGER);
}
/*
* FUNCTION: PKIX_PL_HashTable_Create (see comments in pkix_pl_system.h)
*/
PKIX_Error *
PKIX_PL_HashTable_Create(
PKIX_UInt32 numBuckets,
PKIX_UInt32 maxEntriesPerBucket,
PKIX_PL_HashTable **pResult,
void *plContext)
{
PKIX_PL_HashTable *hashTable = NULL;
PKIX_ENTER(HASHTABLE, "PKIX_PL_HashTable_Create");
PKIX_NULLCHECK_ONE(pResult);
if (numBuckets == 0) {
PKIX_ERROR(PKIX_NUMBUCKETSEQUALSZERO);
}
/* Allocate a new hashtable */
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_HASHTABLE_TYPE,
sizeof (PKIX_PL_HashTable),
(PKIX_PL_Object **)&hashTable,
plContext),
PKIX_COULDNOTCREATEHASHTABLEOBJECT);
/* Create the underlying primitive hash table type */
PKIX_CHECK(pkix_pl_PrimHashTable_Create
(numBuckets, &hashTable->primHash, plContext),
PKIX_PRIMHASHTABLECREATEFAILED);
/* Create a lock for this table */
PKIX_CHECK(PKIX_PL_Mutex_Create(&hashTable->tableLock, plContext),
PKIX_ERRORCREATINGTABLELOCK);
hashTable->maxEntriesPerBucket = maxEntriesPerBucket;
*pResult = hashTable;
cleanup:
if (PKIX_ERROR_RECEIVED) {
PKIX_DECREF(hashTable);
}
PKIX_RETURN(HASHTABLE);
}
/*
* FUNCTION: PKIX_TrustAnchor_CreateWithCert (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_TrustAnchor_CreateWithCert(
PKIX_PL_Cert *cert,
PKIX_TrustAnchor **pAnchor,
void *plContext)
{
PKIX_TrustAnchor *anchor = NULL;
PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithCert");
PKIX_NULLCHECK_TWO(cert, pAnchor);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_TRUSTANCHOR_TYPE,
sizeof (PKIX_TrustAnchor),
(PKIX_PL_Object **)&anchor,
plContext),
PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
/* initialize fields */
PKIX_CHECK(
PKIX_PL_Cert_SetAsTrustAnchor(cert, plContext),
PKIX_CERTSETASTRUSTANCHORFAILED);
PKIX_INCREF(cert);
anchor->trustedCert = cert;
anchor->caName = NULL;
anchor->caPubKey = NULL;
PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints
(anchor->trustedCert, &anchor->nameConstraints, plContext),
PKIX_CERTGETNAMECONSTRAINTSFAILED);
*pAnchor = anchor;
anchor = NULL;
cleanup:
PKIX_DECREF(anchor);
PKIX_RETURN(TRUSTANCHOR);
}
/*
* FUNCTION: PKIX_PL_ByteArray_Create (see comments in pkix_pl_system.h)
*/
PKIX_Error *
PKIX_PL_ByteArray_Create(
void *array,
PKIX_UInt32 length,
PKIX_PL_ByteArray **pByteArray,
void *plContext)
{
PKIX_PL_ByteArray *byteArray = NULL;
PKIX_ENTER(BYTEARRAY, "PKIX_PL_ByteArray_Create");
PKIX_NULLCHECK_ONE(pByteArray);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_BYTEARRAY_TYPE,
sizeof (PKIX_PL_ByteArray),
(PKIX_PL_Object **)&byteArray,
plContext),
PKIX_COULDNOTCREATEOBJECTSTORAGE);
byteArray->length = length;
byteArray->array = NULL;
if (length != 0){
/* Alloc space for array */
PKIX_NULLCHECK_ONE(array);
PKIX_CHECK(PKIX_PL_Malloc
(length, (void**)&(byteArray->array), plContext),
PKIX_MALLOCFAILED);
PKIX_BYTEARRAY_DEBUG("\tCalling PORT_Memcpy).\n");
(void) PORT_Memcpy(byteArray->array, array, length);
}
*pByteArray = byteArray;
cleanup:
if (PKIX_ERROR_RECEIVED){
PKIX_DECREF(byteArray);
}
PKIX_RETURN(BYTEARRAY);
}
/*
* FUNCTION: pkix_CrlChecker_Create
*
* DESCRIPTION:
* Allocate and initialize CRLChecker state data.
*
* PARAMETERS
* "certStores"
* Address of CertStore List to be stored in state. Must be non-NULL.
* "testDate"
* Address of PKIX_PL_Date to be checked. May be NULL.
* "trustedPubKey"
* Trusted Anchor Public Key for verifying first Cert in the chain.
* Must be non-NULL.
* "certsRemaining"
* Number of certificates remaining in the chain.
* "nistCRLPolicyEnabled"
* If enabled, enforce nist crl policy.
* "pChecker"
* Address of CRLChecker that is returned. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
*
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
*
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a DefaultCrlChecker Error if the function fails in a
* non-fatal way.
* Returns a Fatal Error
*/
PKIX_Error *
pkix_CrlChecker_Create(PKIX_RevocationMethodType methodType,
PKIX_UInt32 flags,
PKIX_UInt32 priority,
pkix_LocalRevocationCheckFn localRevChecker,
pkix_ExternalRevocationCheckFn externalRevChecker,
PKIX_List *certStores,
PKIX_PL_VerifyCallback crlVerifyFn,
pkix_RevocationMethod **pChecker,
void *plContext)
{
pkix_CrlChecker *crlChecker = NULL;
PKIX_ENTER(CRLCHECKER, "pkix_CrlChecker_Create");
PKIX_NULLCHECK_TWO(certStores, pChecker);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CRLCHECKER_TYPE,
sizeof (pkix_CrlChecker),
(PKIX_PL_Object **)&crlChecker,
plContext),
PKIX_COULDNOTCREATECRLCHECKEROBJECT);
pkixErrorResult = pkix_RevocationMethod_Init(
(pkix_RevocationMethod*)crlChecker, methodType, flags, priority,
localRevChecker, externalRevChecker, plContext);
if (pkixErrorResult) {
goto cleanup;
}
/* Initialize fields */
PKIX_INCREF(certStores);
crlChecker->certStores = certStores;
crlChecker->crlVerifyFn = crlVerifyFn;
*pChecker = (pkix_RevocationMethod*)crlChecker;
crlChecker = NULL;
cleanup:
PKIX_DECREF(crlChecker);
PKIX_RETURN(CRLCHECKER);
}