/*
* FUNCTION: pkix_pl_CertPolicyQualifier_Create
* DESCRIPTION:
*
* Creates a CertPolicyQualifier object with the OID given by "oid"
* and the ByteArray given by "qualifier", and stores it at "pObject".
*
* PARAMETERS
* "oid"
* Address of OID of the desired policyQualifierId; must be non-NULL
* "qualifier"
* Address of ByteArray with the desired value of the qualifier;
* must be non-NULL
* "pObject"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_pl_CertPolicyQualifier_Create(
PKIX_PL_OID *oid,
PKIX_PL_ByteArray *qualifier,
PKIX_PL_CertPolicyQualifier **pObject,
void *plContext)
{
PKIX_PL_CertPolicyQualifier *qual = NULL;
PKIX_ENTER(CERTPOLICYQUALIFIER, "pkix_pl_CertPolicyQualifier_Create");
PKIX_NULLCHECK_THREE(oid, qualifier, pObject);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CERTPOLICYQUALIFIER_TYPE,
sizeof (PKIX_PL_CertPolicyQualifier),
(PKIX_PL_Object **)&qual,
plContext),
PKIX_COULDNOTCREATECERTPOLICYQUALIFIEROBJECT);
PKIX_INCREF(oid);
qual->policyQualifierId = oid;
PKIX_INCREF(qualifier);
qual->qualifier = qualifier;
*pObject = qual;
qual = NULL;
cleanup:
PKIX_DECREF(qual);
PKIX_RETURN(CERTPOLICYQUALIFIER);
}
/*
* FUNCTION: pkix_pl_CertPolicyMap_Create
* DESCRIPTION:
*
* Creates a new CertPolicyMap Object pairing the OID given by
* "issuerDomainPolicy" with the OID given by "subjectDomainPolicy", and
* stores the result at "pCertPolicyMap".
*
* PARAMETERS
* "issuerDomainPolicy"
* Address of the OID of the IssuerDomainPolicy. Must be non-NULL.
* "subjectDomainPolicy"
* Address of the OID of the SubjectDomainPolicy. Must be non-NULL.
* "pCertPolicyMap"
* Address where CertPolicyMap pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertPolicyMap Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_pl_CertPolicyMap_Create(
PKIX_PL_OID *issuerDomainPolicy,
PKIX_PL_OID *subjectDomainPolicy,
PKIX_PL_CertPolicyMap **pCertPolicyMap,
void *plContext)
{
PKIX_PL_CertPolicyMap *policyMap = NULL;
PKIX_ENTER(CERTPOLICYMAP, "pkix_pl_CertPolicyMap_Create");
PKIX_NULLCHECK_THREE
(issuerDomainPolicy, subjectDomainPolicy, pCertPolicyMap);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CERTPOLICYMAP_TYPE,
sizeof (PKIX_PL_CertPolicyMap),
(PKIX_PL_Object **)&policyMap,
plContext),
PKIX_COULDNOTCREATECERTPOLICYMAPOBJECT);
PKIX_INCREF(issuerDomainPolicy);
policyMap->issuerDomainPolicy = issuerDomainPolicy;
PKIX_INCREF(subjectDomainPolicy);
policyMap->subjectDomainPolicy = subjectDomainPolicy;
*pCertPolicyMap = policyMap;
cleanup:
PKIX_RETURN(CERTPOLICYMAP);
}
/*
* FUNCTION: PKIX_Error_Create (see comments in pkix_util.h)
*/
PKIX_Error *
PKIX_Error_Create(
PKIX_ERRORCLASS errClass,
PKIX_Error *cause,
PKIX_PL_Object *info,
PKIX_ERRORCODE errCode,
PKIX_Error **pError,
void *plContext)
{
PKIX_Error *tempCause = NULL;
PKIX_Error *error = NULL;
PKIX_ENTER(ERROR, "PKIX_Error_Create");
PKIX_NULLCHECK_ONE(pError);
/*
* when called here, if PKIX_PL_Object_Alloc returns an error,
* it must be a PKIX_ALLOC_ERROR
*/
pkixErrorResult = PKIX_PL_Object_Alloc
(PKIX_ERROR_TYPE,
((PKIX_UInt32)(sizeof (PKIX_Error))),
(PKIX_PL_Object **)&error,
plContext);
if (pkixErrorResult) return (pkixErrorResult);
error->errClass = errClass;
/* Ensure we don't have a loop. Follow causes until NULL */
for (tempCause = cause;
tempCause != NULL;
tempCause = tempCause->cause) {
/* If we detect a loop, throw a new error */
if (tempCause == error) {
PKIX_ERROR(PKIX_LOOPOFERRORCAUSEDETECTED);
}
}
PKIX_INCREF(cause);
error->cause = cause;
PKIX_INCREF(info);
error->info = info;
error->errCode = errCode;
error->plErr = PKIX_PLErrorIndex[error->errCode];
*pError = error;
error = NULL;
cleanup:
/* PKIX-XXX Fix for leak during error creation */
PKIX_DECREF(error);
PKIX_RETURN(ERROR);
}
/*
* FUNCTION: PKIX_List_InsertItem (see comments in pkix_util.h)
*/
PKIX_Error *
PKIX_List_InsertItem(
PKIX_List *list,
PKIX_UInt32 index,
PKIX_PL_Object *item,
void *plContext)
{
PKIX_List *element = NULL;
PKIX_List *newElem = NULL;
PKIX_ENTER(LIST, "PKIX_List_InsertItem");
PKIX_NULLCHECK_ONE(list);
if (list->immutable){
PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
}
if (!list->isHeader){
PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
}
/* Create a new list object */
PKIX_CHECK(pkix_List_Create_Internal(PKIX_FALSE, &newElem, plContext),
PKIX_LISTCREATEINTERNALFAILED);
if (list->length) {
PKIX_CHECK(pkix_List_GetElement(list, index, &element, plContext),
PKIX_LISTGETELEMENTFAILED);
/* Copy the old element's contents into the new element */
newElem->item = element->item;
/* Add new item to the list */
PKIX_INCREF(item);
element->item = item;
/* Set the new element's next pointer to the old element's next */
newElem->next = element->next;
/* Set the old element's next pointer to the new element */
element->next = newElem;
newElem = NULL;
} else {
PKIX_INCREF(item);
newElem->item = item;
newElem->next = NULL;
list->next = newElem;
newElem = NULL;
}
list->length++;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)list, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_DECREF(newElem);
PKIX_RETURN(LIST);
}
/*
* FUNCTION: pkix_PolicyNode_Create
* DESCRIPTION:
*
* Creates a new PolicyNode using the OID pointed to by "validPolicy", the List
* of CertPolicyQualifiers pointed to by "qualifierSet", the criticality
* indicated by the Boolean value of "criticality", and the List of OIDs
* pointed to by "expectedPolicySet", and stores the result at "pObject". The
* criticality should be derived from whether the certificate policy extension
* was marked as critical in the certificate that led to creation of this
* PolicyNode. The "qualifierSet" and "expectedPolicySet" Lists are made
* immutable. The PolicyNode pointers to parent and to children are initialized
* to NULL, and the depth is set to zero; those values should be set by using
* the pkix_PolicyNode_AddToParent function.
*
* PARAMETERS
* "validPolicy"
* Address of OID of the valid policy for the path. Must be non-NULL
* "qualifierSet"
* Address of List of CertPolicyQualifiers associated with the validpolicy.
* May be NULL
* "criticality"
* Boolean indicator of whether the criticality should be set in this
* PolicyNode
* "expectedPolicySet"
* Address of List of OIDs that would satisfy this policy in the next
* certificate. Must be non-NULL
* "pObject"
* Address where the PolicyNode pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a PolicyNode Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_PolicyNode_Create(
PKIX_PL_OID *validPolicy,
PKIX_List *qualifierSet,
PKIX_Boolean criticality,
PKIX_List *expectedPolicySet,
PKIX_PolicyNode **pObject,
void *plContext)
{
PKIX_PolicyNode *node = NULL;
PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Create");
PKIX_NULLCHECK_THREE(validPolicy, expectedPolicySet, pObject);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CERTPOLICYNODE_TYPE,
sizeof (PKIX_PolicyNode),
(PKIX_PL_Object **)&node,
plContext),
PKIX_COULDNOTCREATEPOLICYNODEOBJECT);
PKIX_INCREF(validPolicy);
node->validPolicy = validPolicy;
PKIX_INCREF(qualifierSet);
node->qualifierSet = qualifierSet;
if (qualifierSet) {
PKIX_CHECK(PKIX_List_SetImmutable(qualifierSet, plContext),
PKIX_LISTSETIMMUTABLEFAILED);
}
node->criticality = criticality;
PKIX_INCREF(expectedPolicySet);
node->expectedPolicySet = expectedPolicySet;
PKIX_CHECK(PKIX_List_SetImmutable(expectedPolicySet, plContext),
PKIX_LISTSETIMMUTABLEFAILED);
node->parent = NULL;
node->children = NULL;
node->depth = 0;
*pObject = node;
node = NULL;
cleanup:
PKIX_DECREF(node);
PKIX_RETURN(CERTPOLICYNODE);
}
/*
* FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_TrustAnchor_CreateWithNameKeyPair(
PKIX_PL_X500Name *name,
PKIX_PL_PublicKey *pubKey,
PKIX_PL_CertNameConstraints *nameConstraints,
PKIX_TrustAnchor **pAnchor,
void *plContext)
{
PKIX_TrustAnchor *anchor = NULL;
PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithNameKeyPair");
#ifndef BUILD_LIBPKIX_TESTS
/* Nss creates trust anchors by using PKIX_TrustAnchor_CreateWithCert
* function as the complete trusted cert structure, and not only cert
* public key, is required for chain building and validation processes.
* Restricting this function for been used only in libpkix unit
* tests. */
PKIX_ERROR(PKIX_FUNCTIONMUSTNOTBEUSED);
#endif
PKIX_NULLCHECK_THREE(name, pubKey, pAnchor);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_TRUSTANCHOR_TYPE,
sizeof (PKIX_TrustAnchor),
(PKIX_PL_Object **)&anchor,
plContext),
PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
/* initialize fields */
anchor->trustedCert = NULL;
PKIX_INCREF(name);
anchor->caName = name;
PKIX_INCREF(pubKey);
anchor->caPubKey = pubKey;
PKIX_INCREF(nameConstraints);
anchor->nameConstraints = nameConstraints;
*pAnchor = anchor;
anchor = NULL;
cleanup:
PKIX_DECREF(anchor);
PKIX_RETURN(TRUSTANCHOR);
}
/*
* FUNCTION: PKIX_PL_CollectionCertStoreContext_Create
* DESCRIPTION:
*
* Creates a new CollectionCertStoreContext using the String pointed to
* by "storeDir" and stores it at "pColCertStoreContext".
*
* PARAMETERS:
* "storeDir"
* The absolute path where *.crl and *.crt files are located.
* "pColCertStoreContext"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CollectionCertStoreContext Error if the function fails in
* a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_CollectionCertStoreContext_Create(
PKIX_PL_String *storeDir,
PKIX_PL_CollectionCertStoreContext **pColCertStoreContext,
void *plContext)
{
PKIX_PL_CollectionCertStoreContext *colCertStoreContext = NULL;
PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
"pkix_pl_CollectionCertStoreContext_Create");
PKIX_NULLCHECK_TWO(storeDir, pColCertStoreContext);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_COLLECTIONCERTSTORECONTEXT_TYPE,
sizeof (PKIX_PL_CollectionCertStoreContext),
(PKIX_PL_Object **)&colCertStoreContext,
plContext),
PKIX_COULDNOTCREATECOLLECTIONCERTSTORECONTEXTOBJECT);
PKIX_INCREF(storeDir);
colCertStoreContext->storeDir = storeDir;
colCertStoreContext->crlList = NULL;
colCertStoreContext->certList = NULL;
*pColCertStoreContext = colCertStoreContext;
colCertStoreContext = NULL;
cleanup:
PKIX_DECREF(colCertStoreContext);
PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
}
/*
* FUNCTION: PKIX_ProcessingParams_SetRevocationCheckers
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ProcessingParams_SetRevocationCheckers(
PKIX_ProcessingParams *params,
PKIX_List *checkers, /* list of PKIX_RevocationChecker */
void *plContext)
{
PKIX_ENTER(PROCESSINGPARAMS,
"PKIX_ProcessingParams_SetRevocationCheckers");
PKIX_NULLCHECK_ONE(params);
PKIX_DECREF(params->revCheckers);
PKIX_INCREF(checkers);
params->revCheckers = checkers;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
if (PKIX_ERROR_RECEIVED && params) {
PKIX_DECREF(params->revCheckers);
}
PKIX_RETURN(PROCESSINGPARAMS);
}
/*
* FUNCTION: PKIX_ProcessingParams_GetRevocationCheckers
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ProcessingParams_GetRevocationCheckers(
PKIX_ProcessingParams *params,
PKIX_List **pCheckers, /* list of PKIX_RevocationChecker */
void *plContext)
{
PKIX_ENTER
(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetRevocationCheckers");
PKIX_NULLCHECK_TWO(params, pCheckers);
if (params->revCheckers == NULL) {
PKIX_CHECK(PKIX_List_Create
(&(params->revCheckers), plContext),
PKIX_LISTCREATEFAILED);
}
PKIX_INCREF(params->revCheckers);
*pCheckers = params->revCheckers;
cleanup:
PKIX_RETURN(PROCESSINGPARAMS);
}
/*
* FUNCTION: PKIX_ProcessingParams_SetInitialPolicies
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ProcessingParams_SetInitialPolicies(
PKIX_ProcessingParams *params,
PKIX_List *initPolicies, /* list of PKIX_PL_OID */
void *plContext)
{
PKIX_ENTER(PROCESSINGPARAMS,
"PKIX_ProcessingParams_SetInitialPolicies");
PKIX_NULLCHECK_ONE(params);
PKIX_DECREF(params->initialPolicies);
PKIX_INCREF(initPolicies);
params->initialPolicies = initPolicies;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
if (PKIX_ERROR_RECEIVED && params) {
PKIX_DECREF(params->initialPolicies);
}
PKIX_RETURN(PROCESSINGPARAMS);
}
/*
* FUNCTION: PKIX_ProcessingParams_GetInitialPolicies
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ProcessingParams_GetInitialPolicies(
PKIX_ProcessingParams *params,
PKIX_List **pInitPolicies, /* list of PKIX_PL_OID */
void *plContext)
{
PKIX_ENTER(PROCESSINGPARAMS,
"PKIX_ProcessingParams_GetInitialPolicies");
PKIX_NULLCHECK_TWO(params, pInitPolicies);
if (params->initialPolicies == NULL) {
PKIX_CHECK(PKIX_List_Create
(¶ms->initialPolicies, plContext),
PKIX_UNABLETOCREATELIST);
PKIX_CHECK(PKIX_List_SetImmutable
(params->initialPolicies, plContext),
PKIX_UNABLETOMAKELISTIMMUTABLE);
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
}
PKIX_INCREF(params->initialPolicies);
*pInitPolicies = params->initialPolicies;
cleanup:
PKIX_RETURN(PROCESSINGPARAMS);
}
/*
* FUNCTION: PKIX_ProcessingParams_SetDate (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ProcessingParams_SetDate(
PKIX_ProcessingParams *params,
PKIX_PL_Date *date,
void *plContext)
{
PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetDate");
PKIX_NULLCHECK_ONE(params);
PKIX_DECREF(params->date);
PKIX_INCREF(date);
params->date = date;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
if (PKIX_ERROR_RECEIVED && params) {
PKIX_DECREF(params->date);
}
PKIX_RETURN(PROCESSINGPARAMS);
}
/*
* FUNCTION: PKIX_Logger_Create (see comments in pkix_util.h)
*/
PKIX_Error *
PKIX_Logger_Create(
PKIX_Logger_LogCallback callback,
PKIX_PL_Object *loggerContext,
PKIX_Logger **pLogger,
void *plContext)
{
PKIX_Logger *logger = NULL;
PKIX_ENTER(LOGGER, "PKIX_Logger_Create");
PKIX_NULLCHECK_ONE(pLogger);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_LOGGER_TYPE,
sizeof (PKIX_Logger),
(PKIX_PL_Object **)&logger,
plContext),
PKIX_COULDNOTCREATELOGGEROBJECT);
logger->callback = callback;
logger->maxLevel = 0;
logger->logComponent = (PKIX_ERRORCLASS)NULL;
PKIX_INCREF(loggerContext);
logger->context = loggerContext;
*pLogger = logger;
logger = NULL;
cleanup:
PKIX_DECREF(logger);
PKIX_RETURN(LOGGER);
}
/*
* FUNCTION: PKIX_RevocationChecker_Create (see comments in pkix_checker.h)
*/
PKIX_Error *
PKIX_RevocationChecker_Create(
PKIX_RevocationChecker_RevCallback callback,
PKIX_PL_Object *revCheckerContext,
PKIX_RevocationChecker **pChecker,
void *plContext)
{
PKIX_RevocationChecker *checker = NULL;
PKIX_ENTER(REVOCATIONCHECKER, "PKIX_RevocationChecker_Create");
PKIX_NULLCHECK_ONE(pChecker);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_REVOCATIONCHECKER_TYPE,
sizeof (PKIX_RevocationChecker),
(PKIX_PL_Object **)&checker,
plContext),
PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT);
/* initialize fields */
checker->checkCallback = callback;
PKIX_INCREF(revCheckerContext);
checker->revCheckerContext = revCheckerContext;
*pChecker = checker;
cleanup:
PKIX_RETURN(REVOCATIONCHECKER);
}
/*
* FUNCTION: PKIX_PolicyNode_GetPolicyQualifiers
* (see description of this function in pkix_results.h)
*/
PKIX_Error *
PKIX_PolicyNode_GetPolicyQualifiers(
PKIX_PolicyNode *node,
PKIX_List **pQualifiers, /* list of PKIX_PL_CertPolicyQualifier */
void *plContext)
{
PKIX_List *qualifiers = NULL;
PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetPolicyQualifiers");
PKIX_NULLCHECK_TWO(node, pQualifiers);
PKIX_INCREF(node->qualifierSet);
qualifiers = node->qualifierSet;
if (!qualifiers) {
PKIX_CHECK(PKIX_List_Create(&qualifiers, plContext),
PKIX_LISTCREATEFAILED);
}
PKIX_CHECK(PKIX_List_SetImmutable(qualifiers, plContext),
PKIX_LISTSETIMMUTABLEFAILED);
*pQualifiers = qualifiers;
cleanup:
PKIX_RETURN(CERTPOLICYNODE);
}
/*
* FUNCTION: PKIX_PolicyNode_GetChildren
* (see description of this function in pkix_results.h)
*/
PKIX_Error *
PKIX_PolicyNode_GetChildren(
PKIX_PolicyNode *node,
PKIX_List **pChildren, /* list of PKIX_PolicyNode */
void *plContext)
{
PKIX_List *children = NULL;
PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetChildren");
PKIX_NULLCHECK_TWO(node, pChildren);
PKIX_INCREF(node->children);
children = node->children;
if (!children) {
PKIX_CHECK(PKIX_List_Create(&children, plContext),
PKIX_LISTCREATEFAILED);
}
PKIX_CHECK(PKIX_List_SetImmutable(children, plContext),
PKIX_LISTSETIMMUTABLEFAILED);
*pChildren = children;
cleanup:
if (PKIX_ERROR_RECEIVED) {
PKIX_DECREF(children);
}
PKIX_RETURN(CERTPOLICYNODE);
}
/*
* FUNCTION: PKIX_List_GetItem (see comments in pkix_util.h)
*/
PKIX_Error *
PKIX_List_GetItem(
PKIX_List *list,
PKIX_UInt32 index,
PKIX_PL_Object **pItem,
void *plContext)
{
PKIX_List *element = NULL;
PKIX_ENTER(LIST, "PKIX_List_GetItem");
PKIX_NULLCHECK_TWO(list, pItem);
if (!list->isHeader){
PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
}
PKIX_CHECK(pkix_List_GetElement(list, index, &element, plContext),
PKIX_LISTGETELEMENTFAILED);
PKIX_INCREF(element->item);
*pItem = element->item;
cleanup:
PKIX_RETURN(LIST);
}
/*
* FUNCTION: PKIX_ProcessingParams_SetTargetCertConstraints
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ProcessingParams_SetTargetCertConstraints(
PKIX_ProcessingParams *params,
PKIX_CertSelector *constraints,
void *plContext)
{
PKIX_ENTER(PROCESSINGPARAMS,
"PKIX_ProcessingParams_SetTargetCertConstraints");
PKIX_NULLCHECK_ONE(params);
PKIX_DECREF(params->constraints);
PKIX_INCREF(constraints);
params->constraints = constraints;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
if (PKIX_ERROR_RECEIVED && params) {
PKIX_DECREF(params->constraints);
}
PKIX_RETURN(PROCESSINGPARAMS);
}
/*
* FUNCTION: pkix_pl_CRL_GetSignatureAlgId
*
* DESCRIPTION:
* Retrieves a pointer to the OID that represents the signature algorithm of
* the CRL pointed to by "crl" and stores it at "pSignatureAlgId".
*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL }
*
* PARAMETERS:
* "crl"
* Address of CRL whose signature algorithm OID is to be stored.
* Must be non-NULL.
* "pSignatureAlgId"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRL Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_CRL_GetSignatureAlgId(
PKIX_PL_CRL *crl,
PKIX_PL_OID **pSignatureAlgId,
void *plContext)
{
CERTCrl *nssCrl = NULL;
PKIX_PL_OID *signatureAlgId = NULL;
SECAlgorithmID algorithm;
SECItem algBytes;
char *asciiOID = NULL;
PKIX_ENTER(CRL, "pkix_pl_CRL_GetSignatureAlgId");
PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pSignatureAlgId);
/* if we don't have a cached copy from before, we create one */
if (crl->signatureAlgId == NULL) {
PKIX_OBJECT_LOCK(crl);
if (crl->signatureAlgId == NULL) {
nssCrl = &(crl->nssSignedCrl->crl);
algorithm = nssCrl->signatureAlg;
algBytes = algorithm.algorithm;
PKIX_NULLCHECK_ONE(algBytes.data);
if (algBytes.len == 0) {
PKIX_ERROR_FATAL(PKIX_OIDBYTESLENGTH0);
}
PKIX_CHECK(pkix_pl_oidBytes2Ascii
(&algBytes, &asciiOID, plContext),
PKIX_OIDBYTES2ASCIIFAILED);
PKIX_CHECK(PKIX_PL_OID_Create
(asciiOID, &signatureAlgId, plContext),
PKIX_OIDCREATEFAILED);
/* save a cached copy in case it is asked for again */
crl->signatureAlgId = signatureAlgId;
}
PKIX_OBJECT_UNLOCK(crl);
}
PKIX_INCREF(crl->signatureAlgId);
*pSignatureAlgId = crl->signatureAlgId;
cleanup:
PKIX_FREE(asciiOID);
PKIX_RETURN(CRL);
}
/*
* FUNCTION: PKIX_PL_HashTable_Lookup (see comments in pkix_pl_system.h)
*/
PKIX_Error *
PKIX_PL_HashTable_Lookup(
PKIX_PL_HashTable *ht,
PKIX_PL_Object *key,
PKIX_PL_Object **pResult,
void *plContext)
{
PKIX_PL_Mutex *lockedMutex = NULL;
PKIX_UInt32 hashCode;
PKIX_PL_EqualsCallback keyComp;
PKIX_PL_Object *result = NULL;
PKIX_ENTER(HASHTABLE, "PKIX_PL_HashTable_Lookup");
#if !defined(PKIX_OBJECT_LEAK_TEST)
PKIX_NULLCHECK_THREE(ht, key, pResult);
#else
PKIX_NULLCHECK_TWO(key, pResult);
if (ht == NULL) {
PKIX_RETURN(HASHTABLE);
}
#endif
PKIX_CHECK(PKIX_PL_Object_Hashcode(key, &hashCode, plContext),
PKIX_OBJECTHASHCODEFAILED);
PKIX_CHECK(pkix_pl_Object_RetrieveEqualsCallback
(key, &keyComp, plContext),
PKIX_OBJECTRETRIEVEEQUALSCALLBACKFAILED);
PKIX_MUTEX_LOCK(ht->tableLock);
/* Lookup in primitive hashtable */
PKIX_CHECK(pkix_pl_PrimHashTable_Lookup
(ht->primHash,
(void *)key,
hashCode,
keyComp,
(void **)&result,
plContext),
PKIX_PRIMHASHTABLELOOKUPFAILED);
PKIX_INCREF(result);
PKIX_MUTEX_UNLOCK(ht->tableLock);
*pResult = result;
cleanup:
PKIX_MUTEX_UNLOCK(ht->tableLock);
PKIX_RETURN(HASHTABLE);
}
/*
* FUNCTION: pkix_List_Duplicate
* (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_List_Duplicate(
PKIX_PL_Object *object,
PKIX_PL_Object **pNewObject,
void *plContext)
{
PKIX_List *list = NULL;
PKIX_List *listDuplicate = NULL;
PKIX_ENTER(LIST, "pkix_List_Duplicate");
PKIX_NULLCHECK_TWO(object, pNewObject);
PKIX_CHECK(pkix_CheckType(object, PKIX_LIST_TYPE, plContext),
PKIX_OBJECTNOTLIST);
list = (PKIX_List *)object;
if (list->immutable){
PKIX_CHECK(pkix_duplicateImmutable
(object, pNewObject, plContext),
PKIX_DUPLICATEIMMUTABLEFAILED);
} else {
PKIX_CHECK(pkix_List_Create_Internal
(list->isHeader, &listDuplicate, plContext),
PKIX_LISTCREATEINTERNALFAILED);
listDuplicate->length = list->length;
PKIX_INCREF(list->item);
listDuplicate->item = list->item;
if (list->next == NULL){
listDuplicate->next = NULL;
} else {
/* Recursively Duplicate list */
PKIX_CHECK(pkix_List_Duplicate
((PKIX_PL_Object *)list->next,
(PKIX_PL_Object **)&listDuplicate->next,
plContext),
PKIX_LISTDUPLICATEFAILED);
}
*pNewObject = (PKIX_PL_Object *)listDuplicate;
}
cleanup:
if (PKIX_ERROR_RECEIVED){
PKIX_DECREF(listDuplicate);
}
PKIX_RETURN(LIST);
}
/*
* FUNCTION: pkix_ValidateResult_Create
* DESCRIPTION:
*
* Creates a new ValidateResult Object using the PublicKey pointed to by
* "pubKey", the TrustAnchor pointed to by "anchor", and the PolicyNode
* pointed to by "policyTree", and stores it at "pResult".
*
* PARAMETERS
* "pubKey"
* PublicKey of the desired ValidateResult. Must be non-NULL.
* "anchor"
* TrustAnchor of the desired Validateresult. Must be non-NULL.
* "policyTree"
* PolicyNode of the desired ValidateResult; may be NULL
* "pResult"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_ValidateResult_Create(
PKIX_PL_PublicKey *pubKey,
PKIX_TrustAnchor *anchor,
PKIX_PolicyNode *policyTree,
PKIX_ValidateResult **pResult,
void *plContext)
{
PKIX_ValidateResult *result = NULL;
PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_Create");
PKIX_NULLCHECK_THREE(pubKey, anchor, pResult);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_VALIDATERESULT_TYPE,
sizeof (PKIX_ValidateResult),
(PKIX_PL_Object **)&result,
plContext),
PKIX_COULDNOTCREATEVALIDATERESULTOBJECT);
/* initialize fields */
PKIX_INCREF(pubKey);
result->pubKey = pubKey;
PKIX_INCREF(anchor);
result->anchor = anchor;
PKIX_INCREF(policyTree);
result->policyTree = policyTree;
*pResult = result;
result = NULL;
cleanup:
PKIX_DECREF(result);
PKIX_RETURN(VALIDATERESULT);
}
/*
* FUNCTION: PKIX_VerifyNode_FindError
* DESCRIPTION:
*
* Finds meaningful error in the log. For now, just returns the first
* error it finds in. In the future the function should be changed to
* return a top priority error.
*
* PARAMETERS:
* "node"
* The address of the VerifyNode to be modified. Must be non-NULL.
* "error"
* The address of a pointer the error will be returned to.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_VerifyNode_FindError(
PKIX_VerifyNode *node,
PKIX_Error **error,
void *plContext)
{
PKIX_VerifyNode *childNode = NULL;
PKIX_ENTER(VERIFYNODE, "PKIX_VerifyNode_FindError");
/* Make sure the return address is initialized with NULL */
PKIX_DECREF(*error);
if (!node)
goto cleanup;
/* First, try to get error from lowest level. */
if (node->children) {
PKIX_UInt32 length = 0;
PKIX_UInt32 index = 0;
PKIX_CHECK(
PKIX_List_GetLength(node->children, &length,
plContext),
PKIX_LISTGETLENGTHFAILED);
for (index = 0;index < length;index++) {
PKIX_CHECK(
PKIX_List_GetItem(node->children, index,
(PKIX_PL_Object**)&childNode, plContext),
PKIX_LISTGETITEMFAILED);
if (!childNode)
continue;
PKIX_CHECK(
pkix_VerifyNode_FindError(childNode, error,
plContext),
PKIX_VERIFYNODEFINDERRORFAILED);
PKIX_DECREF(childNode);
if (*error) {
goto cleanup;
}
}
}
if (node->error) {
PKIX_INCREF(node->error);
*error = node->error;
}
cleanup:
PKIX_DECREF(childNode);
PKIX_RETURN(VERIFYNODE);
}
/*
* FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_TrustAnchor_CreateWithNameKeyPair(
PKIX_PL_X500Name *name,
PKIX_PL_PublicKey *pubKey,
PKIX_PL_CertNameConstraints *nameConstraints,
PKIX_TrustAnchor **pAnchor,
void *plContext)
{
PKIX_TrustAnchor *anchor = NULL;
PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithNameKeyPair");
PKIX_NULLCHECK_THREE(name, pubKey, pAnchor);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_TRUSTANCHOR_TYPE,
sizeof (PKIX_TrustAnchor),
(PKIX_PL_Object **)&anchor,
plContext),
PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
/* initialize fields */
anchor->trustedCert = NULL;
PKIX_INCREF(name);
anchor->caName = name;
PKIX_INCREF(pubKey);
anchor->caPubKey = pubKey;
PKIX_INCREF(nameConstraints);
anchor->nameConstraints = nameConstraints;
*pAnchor = anchor;
anchor = NULL;
cleanup:
PKIX_DECREF(anchor);
PKIX_RETURN(TRUSTANCHOR);
}
/*
* FUNCTION: pkix_VerifyNode_Create
* DESCRIPTION:
*
* This function creates a VerifyNode using the Cert pointed to by "cert",
* the depth given by "depth", and the Error pointed to by "error", storing
* the result at "pObject".
*
* PARAMETERS
* "cert"
* Address of Cert for the node. Must be non-NULL
* "depth"
* UInt32 value of the depth for this node.
* "error"
* Address of Error for the node.
* "pObject"
* Address where the VerifyNode pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_VerifyNode_Create(
PKIX_PL_Cert *cert,
PKIX_UInt32 depth,
PKIX_Error *error,
PKIX_VerifyNode **pObject,
void *plContext)
{
PKIX_VerifyNode *node = NULL;
PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_Create");
PKIX_NULLCHECK_TWO(cert, pObject);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_VERIFYNODE_TYPE,
sizeof (PKIX_VerifyNode),
(PKIX_PL_Object **)&node,
plContext),
PKIX_COULDNOTCREATEVERIFYNODEOBJECT);
PKIX_INCREF(cert);
node->verifyCert = cert;
PKIX_INCREF(error);
node->error = error;
node->depth = depth;
node->children = NULL;
*pObject = node;
node = NULL;
cleanup:
PKIX_DECREF(node);
PKIX_RETURN(VERIFYNODE);
}
/*
* FUNCTION: PKIX_PL_CRL_GetIssuer (see comments in pkix_pl_pki.h)
*/
PKIX_Error *
PKIX_PL_CRL_GetIssuer(
PKIX_PL_CRL *crl,
PKIX_PL_X500Name **pCRLIssuer,
void *plContext)
{
PKIX_PL_String *crlString = NULL;
PKIX_PL_X500Name *issuer = NULL;
SECItem *derIssuerName = NULL;
CERTName *issuerName = NULL;
PKIX_ENTER(CRL, "PKIX_PL_CRL_GetIssuer");
PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pCRLIssuer);
/* Can call this function only with der been adopted. */
PORT_Assert(crl->adoptedDerCrl);
/* if we don't have a cached copy from before, we create one */
if (crl->issuer == NULL){
PKIX_OBJECT_LOCK(crl);
if (crl->issuer == NULL) {
issuerName = &crl->nssSignedCrl->crl.name;
derIssuerName = &crl->nssSignedCrl->crl.derName;
PKIX_CHECK(
PKIX_PL_X500Name_CreateFromCERTName(derIssuerName,
issuerName,
&issuer,
plContext),
PKIX_X500NAMECREATEFROMCERTNAMEFAILED);
/* save a cached copy in case it is asked for again */
crl->issuer = issuer;
}
PKIX_OBJECT_UNLOCK(crl);
}
PKIX_INCREF(crl->issuer);
*pCRLIssuer = crl->issuer;
cleanup:
PKIX_DECREF(crlString);
PKIX_RETURN(CRL);
}
/*
* FUNCTION: PKIX_List_AppendItem (see comments in pkix_util.h)
*/
PKIX_Error *
PKIX_List_AppendItem(
PKIX_List *list,
PKIX_PL_Object *item,
void *plContext)
{
PKIX_List *lastElement = NULL;
PKIX_List *newElement = NULL;
PKIX_UInt32 length, i;
PKIX_ENTER(LIST, "PKIX_List_AppendItem");
PKIX_NULLCHECK_ONE(list);
if (list->immutable){
PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
}
if (!list->isHeader){
PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
}
length = list->length;
/* find last element of list and create new element there */
lastElement = list;
for (i = 0; i < length; i++){
lastElement = lastElement->next;
}
PKIX_CHECK(pkix_List_Create_Internal
(PKIX_FALSE, &newElement, plContext),
PKIX_LISTCREATEINTERNALFAILED);
PKIX_INCREF(item);
newElement->item = item;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)list, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
lastElement->next = newElement;
newElement = NULL;
list->length += 1;
cleanup:
PKIX_DECREF(newElement);
PKIX_RETURN(LIST);
}
/*
* FUNCTION: PKIX_CertStore_Create (see comments in pkix_certstore.h)
*/
PKIX_Error *
PKIX_CertStore_Create(
PKIX_CertStore_CertCallback certCallback,
PKIX_CertStore_CRLCallback crlCallback,
PKIX_CertStore_CertContinueFunction certContinue,
PKIX_CertStore_CrlContinueFunction crlContinue,
PKIX_CertStore_CheckTrustCallback trustCallback,
PKIX_CertStore_ImportCrlCallback importCrlCallback,
PKIX_CertStore_CheckRevokationByCrlCallback checkRevByCrlCallback,
PKIX_PL_Object *certStoreContext,
PKIX_Boolean cacheFlag,
PKIX_Boolean localFlag,
PKIX_CertStore **pStore,
void *plContext)
{
PKIX_CertStore *certStore = NULL;
PKIX_ENTER(CERTSTORE, "PKIX_CertStore_Create");
PKIX_NULLCHECK_THREE(certCallback, crlCallback, pStore);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CERTSTORE_TYPE,
sizeof (PKIX_CertStore),
(PKIX_PL_Object **)&certStore,
plContext),
PKIX_COULDNOTCREATECERTSTOREOBJECT);
certStore->certCallback = certCallback;
certStore->crlCallback = crlCallback;
certStore->certContinue = certContinue;
certStore->crlContinue = crlContinue;
certStore->trustCallback = trustCallback;
certStore->importCrlCallback = importCrlCallback;
certStore->checkRevByCrlCallback = checkRevByCrlCallback;
certStore->cacheFlag = cacheFlag;
certStore->localFlag = localFlag;
PKIX_INCREF(certStoreContext);
certStore->certStoreContext = certStoreContext;
*pStore = certStore;
certStore = NULL;
cleanup:
PKIX_DECREF(certStore);
PKIX_RETURN(CERTSTORE);
}
/*
* FUNCTION: PKIX_ComCertSelParams_GetSerialNumber
* (see comments in pkix_certsel.h)
*/
PKIX_Error *
PKIX_ComCertSelParams_GetSerialNumber(
PKIX_ComCertSelParams *params,
PKIX_PL_BigInt **pSerialNumber,
void *plContext)
{
PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetSerialNumber");
PKIX_NULLCHECK_TWO(params, pSerialNumber);
PKIX_INCREF(params->serialNumber);
*pSerialNumber = params->serialNumber;
cleanup:
PKIX_RETURN(COMCERTSELPARAMS);
}
/*
* FUNCTION: PKIX_ComCertSelParams_GetIssuer
* (see comments in pkix_certsel.h)
*/
PKIX_Error *
PKIX_ComCertSelParams_GetIssuer(
PKIX_ComCertSelParams *params,
PKIX_PL_X500Name **pIssuer,
void *plContext)
{
PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetIssuer");
PKIX_NULLCHECK_TWO(params, pIssuer);
PKIX_INCREF(params->issuer);
*pIssuer = params->issuer;
cleanup:
PKIX_RETURN(COMCERTSELPARAMS);
}
