Exemplo n.º 1
0
static void
testGetType(
    PKIX_PL_Object *obj,
    PKIX_PL_Object *obj2,
    PKIX_PL_Object *obj3)
{
    PKIX_UInt32 testType;

    PKIX_TEST_STD_VARS();

    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_GetType(obj, &testType, plContext));

    if (testType != 1000)
        testError("Object 1 returned the wrong type");

    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_GetType(obj2, &testType, plContext));
    if (testType != 2000)
        testError("Object 2 returned the wrong type");

    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_GetType(obj3, &testType, plContext));
    if (testType != 1000)
        testError("Object 3 returned the wrong type");

cleanup:

    PKIX_TEST_RETURN();
}
Exemplo n.º 2
0
/*
 * FUNCTION: pkix_pl_CRL_Equals
 * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_pl_CRL_Equals(
    PKIX_PL_Object *firstObject,
    PKIX_PL_Object *secondObject,
    PKIX_Boolean *pResult,
    void *plContext)
{
    PKIX_PL_CRL *firstCrl = NULL;
    PKIX_PL_CRL *secondCrl = NULL;
    PKIX_UInt32 secondType;

    PKIX_ENTER(CRL, "pkix_pl_CRL_Equals");
    PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);

    /* test that firstObject is a CRL */
    PKIX_CHECK(pkix_CheckType(firstObject, PKIX_CRL_TYPE, plContext),
               PKIX_FIRSTOBJECTNOTCRL);

    firstCrl = (PKIX_PL_CRL *)firstObject;
    secondCrl = (PKIX_PL_CRL *)secondObject;

    /*
     * Since we know firstObject is a CRL, if both references are
     * identical, they must be equal
     */
    if (firstCrl == secondCrl) {
        *pResult = PKIX_TRUE;
        goto cleanup;
    }

    /*
     * If secondCrl isn't a CRL, we don't throw an error.
     * We simply return a Boolean result of FALSE
     */
    *pResult = PKIX_FALSE;
    PKIX_CHECK(PKIX_PL_Object_GetType
               ((PKIX_PL_Object *)secondCrl, &secondType, plContext),
               PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
    if (secondType != PKIX_CRL_TYPE) goto cleanup;

    /* Compare DER Bytes */
    PKIX_NULLCHECK_TWO
    (firstCrl->nssSignedCrl,
     firstCrl->nssSignedCrl->derCrl);

    PKIX_NULLCHECK_TWO
    (secondCrl->nssSignedCrl,
     secondCrl->nssSignedCrl->derCrl);

    PKIX_CRL_DEBUG("\t\tCalling SECITEM_CompareItem on derCrl\n");
    if (SECITEM_CompareItem(firstCrl->nssSignedCrl->derCrl,
                            secondCrl->nssSignedCrl->derCrl) == SECEqual) {
        *pResult = PKIX_TRUE;
    }

cleanup:

    PKIX_RETURN(CRL);
}
Exemplo n.º 3
0
/*
 * FUNCTION: pkix_pl_Date_Equals
 * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_pl_Date_Equals(
        PKIX_PL_Object *firstObject,
        PKIX_PL_Object *secondObject,
        PKIX_Boolean *pResult,
        void *plContext)
{

        /* note: pkix_pl_Date can only represent UTCTime,not GeneralizedTime */

        SECItem *firstTime = NULL;
        SECItem *secondTime = NULL;
        PKIX_UInt32 secondType;
        SECComparison cmpResult;

        PKIX_ENTER(DATE, "pkix_pl_Date_Equals");
        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);

        /* test that firstObject is a Date */
        PKIX_CHECK(pkix_CheckType(firstObject, PKIX_DATE_TYPE, plContext),
                PKIX_FIRSTOBJECTNOTDATE);

        /*
         * Since we know firstObject is a Date, if both references are
         * identical, they must be equal
         */
        if (firstObject == secondObject){
                *pResult = PKIX_TRUE;
                goto cleanup;
        }

        /*
         * If secondObject isn't a Date, we don't throw an error.
         * We simply return a Boolean result of FALSE
         */
        *pResult = PKIX_FALSE;
        PKIX_CHECK(PKIX_PL_Object_GetType
                    (secondObject, &secondType, plContext),
                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
        if (secondType != PKIX_DATE_TYPE) goto cleanup;

        firstTime = &((PKIX_PL_Date *)firstObject)->nssTime;
        secondTime = &((PKIX_PL_Date *)secondObject)->nssTime;

        PKIX_DATE_DEBUG("\t\tCalling SECITEM_CompareItem).\n");
        cmpResult = SECITEM_CompareItem(firstTime, secondTime);

        *pResult = (cmpResult == SECEqual);

cleanup:

        PKIX_RETURN(DATE);
}
Exemplo n.º 4
0
static PKIX_Error *
equalsCallback(
    PKIX_PL_Object *first,
    PKIX_PL_Object *second,
    PKIX_Boolean *result,
    void *plContext)
{

    PKIX_UInt32 firstType = 0, secondType = 0;

    if ((first == plContext) || (second == plContext))
        testError("Null Object");

    (void)PKIX_PL_Object_GetType(first, &firstType, plContext);

    (void)PKIX_PL_Object_GetType(second, &secondType, plContext);

    *result = (firstType == secondType) ? PKIX_TRUE : PKIX_FALSE;

    return (NULL);
}
Exemplo n.º 5
0
/*
 * FUNCTION: pkix_ValidateParams_Equals
 * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_ValidateParams_Equals(
        PKIX_PL_Object *first,
        PKIX_PL_Object *second,
        PKIX_Boolean *pResult,
        void *plContext)
{
        PKIX_UInt32 secondType;
        PKIX_Boolean cmpResult;
        PKIX_ValidateParams *firstValParams = NULL;
        PKIX_ValidateParams *secondValParams = NULL;

        PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_Equals");
        PKIX_NULLCHECK_THREE(first, second, pResult);

        PKIX_CHECK(pkix_CheckType(first, PKIX_VALIDATEPARAMS_TYPE, plContext),
                    PKIX_FIRSTOBJECTNOTVALIDATEPARAMS);

        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);

        *pResult = PKIX_FALSE;

        if (secondType != PKIX_VALIDATEPARAMS_TYPE) goto cleanup;

        firstValParams = (PKIX_ValidateParams *)first;
        secondValParams = (PKIX_ValidateParams *)second;

        PKIX_CHECK(PKIX_PL_Object_Equals
                    ((PKIX_PL_Object *)firstValParams->procParams,
                    (PKIX_PL_Object *)secondValParams->procParams,
                    &cmpResult,
                    plContext),
                    PKIX_OBJECTEQUALSFAILED);

        if (!cmpResult) goto cleanup;

        PKIX_CHECK(PKIX_PL_Object_Equals
                    ((PKIX_PL_Object *)firstValParams->chain,
                    (PKIX_PL_Object *)secondValParams->chain,
                    &cmpResult,
                    plContext),
                    PKIX_OBJECTEQUALSFAILED);

        if (!cmpResult) goto cleanup;

        *pResult = cmpResult;

cleanup:

        PKIX_RETURN(VALIDATEPARAMS);
}
Exemplo n.º 6
0
/*
 * FUNCTION: pkix_ResourceLimits_Equals
 * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_ResourceLimits_Equals(
        PKIX_PL_Object *first,
        PKIX_PL_Object *second,
        PKIX_Boolean *pResult,
        void *plContext)
{
        PKIX_UInt32 secondType;
        PKIX_Boolean cmpResult;
        PKIX_ResourceLimits *firstRLimits = NULL;
        PKIX_ResourceLimits *secondRLimits = NULL;

        PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_Equals");
        PKIX_NULLCHECK_THREE(first, second, pResult);

        PKIX_CHECK(pkix_CheckType(first, PKIX_RESOURCELIMITS_TYPE, plContext),
                    PKIX_FIRSTOBJECTNOTRESOURCELIMITS);

        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);

        *pResult = PKIX_FALSE;

        if (secondType != PKIX_RESOURCELIMITS_TYPE) goto cleanup;

        firstRLimits = (PKIX_ResourceLimits *)first;
        secondRLimits = (PKIX_ResourceLimits *)second;

        cmpResult = (firstRLimits->maxTime == secondRLimits->maxTime) &&
                    (firstRLimits->maxFanout == secondRLimits->maxFanout) &&
                    (firstRLimits->maxDepth == secondRLimits->maxDepth) &&
                    (firstRLimits->maxCertsNumber == 
                        secondRLimits->maxCertsNumber) &&
                    (firstRLimits->maxCrlsNumber == 
                        secondRLimits->maxCrlsNumber);

        *pResult = cmpResult;

cleanup:

        PKIX_RETURN(RESOURCELIMITS);
}
Exemplo n.º 7
0
static PKIX_Error *
toStringCallback(
    PKIX_PL_Object *obj,
    PKIX_PL_String **pString,
    /* ARGSUSED */ void *plContext)
{

    PKIX_Error *errorResult;
    PKIX_UInt32 type;
    char *format = "(addr: %x, type: %d)";
    PKIX_PL_String *formatString = NULL;

    errorResult = PKIX_PL_String_Create(
        PKIX_ESCASCII,
        format,
        PL_strlen(format),
        &formatString,
        plContext);
    if (errorResult)
        testError("PKIX_PL_String_Create failed");

    if (pString == plContext)
        testError("Null String");

    type = (unsigned int)0;

    (void)PKIX_PL_Object_GetType(obj, &type, plContext);

    errorResult = PKIX_PL_Sprintf(pString, plContext,
                                  formatString,
                                  (int)obj, type);
    if (errorResult)
        testError("PKIX_PL_Sprintf failed");

    errorResult = PKIX_PL_Object_DecRef((PKIX_PL_Object *)formatString,
                                        plContext);
    if (errorResult)
        testError("PKIX_PL_Object_DecRef failed");

    return (NULL);
}
Exemplo n.º 8
0
/*
 * FUNCTION: pkix_pl_OID_Equals
 * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_pl_OID_Equals(
        PKIX_PL_Object *first,
        PKIX_PL_Object *second,
        PKIX_Boolean *pResult,
        void *plContext)
{
        PKIX_UInt32 secondType;
        SECComparison cmpResult;

        PKIX_ENTER(OID, "pkix_pl_OID_Equals");
        PKIX_NULLCHECK_THREE(first, second, pResult);

        PKIX_CHECK(pkix_CheckType(first, PKIX_OID_TYPE, plContext),
                    PKIX_FIRSTARGUMENTNOTANOID);

        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);

        *pResult = PKIX_FALSE;

        /*
         * Do a quick check that the second object is an OID.
         * If so, check that their lengths are equal.
         */
        if (secondType != PKIX_OID_TYPE) {
                goto cleanup;
        }

        PKIX_CHECK(pkix_pl_OID_Comparator
                    (first, second, &cmpResult, plContext),
                    PKIX_OIDCOMPARATORFAILED);

        *pResult = (cmpResult == SECEqual);
cleanup:

        PKIX_RETURN(OID);
}
Exemplo n.º 9
0
/*
 * FUNCTION: pkix_pl_ByteArray_Equals
 * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_pl_ByteArray_Equals(
        PKIX_PL_Object *first,
        PKIX_PL_Object *second,
        PKIX_Boolean *pResult,
        void *plContext)
{
        PKIX_UInt32 secondType;
        PKIX_Int32 cmpResult = 0;

        PKIX_ENTER(BYTEARRAY, "pkix_pl_ByteArray_Equals");
        PKIX_NULLCHECK_THREE(first, second, pResult);

        /* Sanity check: Test that "first" is a ByteArray */
        PKIX_CHECK(pkix_CheckType(first, PKIX_BYTEARRAY_TYPE, plContext),
                    PKIX_FIRSTARGUMENTNOTBYTEARRAY);

        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);

        /* If types differ, then we will return false */
        *pResult = PKIX_FALSE;

        /* Second type may not be a BA */
        if (secondType != PKIX_BYTEARRAY_TYPE) goto cleanup;

        /* It's safe to cast here */
        PKIX_CHECK(pkix_pl_ByteArray_Comparator
                (first, second, &cmpResult, plContext),
                PKIX_BYTEARRAYCOMPARATORFAILED);

        /* ByteArrays are equal iff Comparator Result is 0 */
        *pResult = (cmpResult == 0);

cleanup:

        PKIX_RETURN(BYTEARRAY);
}
Exemplo n.º 10
0
/*
 * FUNCTION: pkix_Logger_Equals
 * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_Logger_Equals(
        PKIX_PL_Object *first,
        PKIX_PL_Object *second,
        PKIX_Boolean *pResult,
        void *plContext)
{
        PKIX_UInt32 secondType;
        PKIX_Boolean cmpResult;
        PKIX_Logger *firstLogger = NULL;
        PKIX_Logger *secondLogger = NULL;

        PKIX_ENTER(LOGGER, "pkix_Logger_Equals");
        PKIX_NULLCHECK_THREE(first, second, pResult);

        /* test that first is a Logger */
        PKIX_CHECK(pkix_CheckType(first, PKIX_LOGGER_TYPE, plContext),
                PKIX_FIRSTOBJECTNOTLOGGER);

        /*
         * Since we know first is a Logger, if both references are
         * identical, they must be equal
         */
        if (first == second){
                *pResult = PKIX_TRUE;
                goto cleanup;
        }

        /*
         * If second isn't a Logger, we don't throw an error.
         * We simply return a Boolean result of FALSE
         */
        *pResult = PKIX_FALSE;
        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
        if (secondType != PKIX_LOGGER_TYPE) goto cleanup;

        firstLogger = (PKIX_Logger *)first;
        secondLogger = (PKIX_Logger *)second;

        cmpResult = PKIX_FALSE;

        if (firstLogger->callback != secondLogger->callback) {
                goto cleanup;
        }

        if (firstLogger->logComponent != secondLogger->logComponent) {
                goto cleanup;
        }

        PKIX_EQUALS  
                (firstLogger->context,
                secondLogger->context,
                &cmpResult,
                plContext,
                PKIX_OBJECTEQUALSFAILED);

        if (cmpResult == PKIX_FALSE) {
                goto cleanup;
        }

        if (firstLogger->maxLevel != secondLogger->maxLevel) {
                goto cleanup;
        }

        *pResult = cmpResult;

cleanup:

        PKIX_RETURN(LOGGER);
}
Exemplo n.º 11
0
/*
 * FUNCTION: pkix_List_Equals
 * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_List_Equals(
        PKIX_PL_Object *first,
        PKIX_PL_Object *second,
        PKIX_Boolean *pResult,
        void *plContext)
{
        PKIX_UInt32 secondType;
        PKIX_Boolean cmpResult;
        PKIX_List *firstList = NULL;
        PKIX_List *secondList = NULL;
        PKIX_UInt32 firstLength = 0;
        PKIX_UInt32 secondLength = 0;
        PKIX_PL_Object *firstItem = NULL;
        PKIX_PL_Object *secondItem = NULL;
        PKIX_UInt32 i = 0;

        PKIX_ENTER(LIST, "pkix_List_Equals");
        PKIX_NULLCHECK_THREE(first, second, pResult);

        /* test that first is a List */
        PKIX_CHECK(pkix_CheckType(first, PKIX_LIST_TYPE, plContext),
                PKIX_FIRSTOBJECTNOTLIST);

        /*
         * Since we know first is a List, if both references are
         * identical, they must be equal
         */
        if (first == second){
                *pResult = PKIX_TRUE;
                goto cleanup;
        }

        /*
         * If second isn't a List, we don't throw an error.
         * We simply return a Boolean result of FALSE
         */
        *pResult = PKIX_FALSE;
        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
        if (secondType != PKIX_LIST_TYPE) goto cleanup;

        firstList = (PKIX_List *)first;
        secondList = (PKIX_List *)second;

        if ((!firstList->isHeader) && (!secondList->isHeader)){
                PKIX_ERROR(PKIX_INPUTLISTSMUSTBELISTHEADERS);
        }

        firstLength = firstList->length;
        secondLength = secondList->length;

        cmpResult = PKIX_FALSE;
        if (firstLength == secondLength){
                for (i = 0, cmpResult = PKIX_TRUE;
                    ((i < firstLength) && cmpResult);
                    i++){
                        PKIX_CHECK(PKIX_List_GetItem
                                    (firstList, i, &firstItem, plContext),
                                    PKIX_LISTGETITEMFAILED);

                        PKIX_CHECK(PKIX_List_GetItem
                                    (secondList, i, &secondItem, plContext),
                                    PKIX_LISTGETITEMFAILED);

                        if ((!firstItem && secondItem) ||
                            (firstItem && !secondItem)){
                                        cmpResult = PKIX_FALSE;
                        } else if (!firstItem && !secondItem){
                                continue;
                        } else {
                                PKIX_CHECK(PKIX_PL_Object_Equals
                                            (firstItem,
                                            secondItem,
                                            &cmpResult,
                                            plContext),
                                            PKIX_OBJECTEQUALSFAILED);

                                PKIX_DECREF(firstItem);
                                PKIX_DECREF(secondItem);
                        }
                }
        }

        *pResult = cmpResult;

cleanup:

        PKIX_DECREF(firstItem);
        PKIX_DECREF(secondItem);

        PKIX_RETURN(LIST);
}
Exemplo n.º 12
0
/*
 * FUNCTION: pkix_pl_CertPolicyQualifier_Equals
 * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_pl_CertPolicyQualifier_Equals(
        PKIX_PL_Object *firstObject,
        PKIX_PL_Object *secondObject,
        PKIX_Boolean *pResult,
        void *plContext)
{
        PKIX_PL_CertPolicyQualifier *firstCPQ = NULL;
        PKIX_PL_CertPolicyQualifier *secondCPQ = NULL;
        PKIX_UInt32 secondType = 0;
        PKIX_Boolean compare = PKIX_FALSE;

        PKIX_ENTER(CERTPOLICYQUALIFIER, "pkix_pl_CertPolicyQualifier_Equals");
        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);

        /* test that firstObject is a CertPolicyQualifier */
        PKIX_CHECK(pkix_CheckType
                (firstObject, PKIX_CERTPOLICYQUALIFIER_TYPE, plContext),
                PKIX_FIRSTOBJECTNOTCERTPOLICYQUALIFIER);

        /*
         * Since we know firstObject is a CertPolicyQualifier,
         * if both references are identical, they must be equal
         */
        if (firstObject == secondObject){
                *pResult = PKIX_TRUE;
                goto cleanup;
        }

        /*
         * If secondObject isn't a CertPolicyQualifier, we
         * don't throw an error. We simply return FALSE.
         */
        PKIX_CHECK(PKIX_PL_Object_GetType
                (secondObject, &secondType, plContext),
                PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
        if (secondType != PKIX_CERTPOLICYQUALIFIER_TYPE) {
                *pResult = PKIX_FALSE;
                goto cleanup;
        }

        firstCPQ = (PKIX_PL_CertPolicyQualifier *)firstObject;
        secondCPQ = (PKIX_PL_CertPolicyQualifier *)secondObject;

        /*
         * Compare the value of the OID components
         */

        PKIX_NULLCHECK_TWO
                (firstCPQ->policyQualifierId, secondCPQ->policyQualifierId);

        PKIX_EQUALS
                (firstCPQ->policyQualifierId,
                secondCPQ->policyQualifierId,
                &compare,
                plContext,
                PKIX_OIDEQUALSFAILED);

        /*
         * If the OIDs did not match, we don't need to
         * compare the ByteArrays. If the OIDs did match,
         * the return value is the value of the
         * ByteArray comparison.
         */
        if (compare) {
                PKIX_NULLCHECK_TWO(firstCPQ->qualifier, secondCPQ->qualifier);

                PKIX_EQUALS
                        (firstCPQ->qualifier,
                        secondCPQ->qualifier,
                        &compare,
                        plContext,
                        PKIX_BYTEARRAYEQUALSFAILED);
        }

        *pResult = compare;

cleanup:

        PKIX_RETURN(CERTPOLICYQUALIFIER);
}
Exemplo n.º 13
0
/*
 * FUNCTION: pkix_pl_CertPolicyMap_Equals
 * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_pl_CertPolicyMap_Equals(
        PKIX_PL_Object *firstObject,
        PKIX_PL_Object *secondObject,
        PKIX_Boolean *pResult,
        void *plContext)
{
        PKIX_PL_CertPolicyMap *firstCertMap = NULL;
        PKIX_PL_CertPolicyMap *secondCertMap = NULL;
        PKIX_UInt32 secondType = 0;
        PKIX_Boolean compare = PKIX_FALSE;

        PKIX_ENTER(CERTPOLICYMAP, "pkix_pl_CertPolicyMap_Equals");
        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);

        /* test that firstObject is a CertPolicyMap */
        PKIX_CHECK(pkix_CheckType
                (firstObject, PKIX_CERTPOLICYMAP_TYPE, plContext),
                PKIX_FIRSTOBJECTNOTCERTPOLICYMAP);

        /*
         * Since we know firstObject is a CertPolicyMap,
         * if both references are identical, they must be equal
         */
        if (firstObject == secondObject){
                *pResult = PKIX_TRUE;
                goto cleanup;
        }

        /*
         * If secondObject isn't a CertPolicyMap, we
         * don't throw an error. We simply return FALSE.
         */
        PKIX_CHECK(PKIX_PL_Object_GetType
                (secondObject, &secondType, plContext),
                PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
        if (secondType != PKIX_CERTPOLICYMAP_TYPE) {
                *pResult = PKIX_FALSE;
                goto cleanup;
        }

        firstCertMap = (PKIX_PL_CertPolicyMap *)firstObject;
        secondCertMap = (PKIX_PL_CertPolicyMap *)secondObject;

        PKIX_EQUALS
                (firstCertMap->issuerDomainPolicy,
                secondCertMap->issuerDomainPolicy,
                &compare,
                plContext,
                PKIX_OBJECTEQUALSFAILED);

        if (compare) {
                PKIX_EQUALS
                        (firstCertMap->subjectDomainPolicy,
                        secondCertMap->subjectDomainPolicy,
                        &compare,
                        plContext,
                        PKIX_OBJECTEQUALSFAILED);
        }

        *pResult = compare;

cleanup:

        PKIX_RETURN(CERTPOLICYMAP);
}
Exemplo n.º 14
0
/*
 * FUNCTION: pkix_pl_GeneralName_Equals
 * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_pl_GeneralName_Equals(
        PKIX_PL_Object *firstObject,
        PKIX_PL_Object *secondObject,
        PKIX_Boolean *pResult,
        void *plContext)
{
        PKIX_PL_GeneralName *firstName = NULL;
        PKIX_PL_GeneralName *secondName = NULL;
        PKIX_UInt32 secondType;

        PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_Equals");
        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);

        /* test that firstObject is a GeneralName */
        PKIX_CHECK(pkix_CheckType
                    (firstObject, PKIX_GENERALNAME_TYPE, plContext),
                    PKIX_FIRSTOBJECTNOTGENERALNAME);

        /*
         * Since we know firstObject is a GeneralName, if both references are
         * identical, they must be equal
         */
        if (firstObject == secondObject){
                *pResult = PKIX_TRUE;
                goto cleanup;
        }

        /*
         * If secondObject isn't a GeneralName, we don't throw an error.
         * We simply return a Boolean result of FALSE
         */
        *pResult = PKIX_FALSE;
        PKIX_CHECK(PKIX_PL_Object_GetType
                    (secondObject, &secondType, plContext),
                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
        if (secondType != PKIX_GENERALNAME_TYPE){
                goto cleanup;
        }

        firstName = (PKIX_PL_GeneralName *)firstObject;
        secondName = (PKIX_PL_GeneralName *)secondObject;

        if (firstName->type != secondName->type){
                goto cleanup;
        }

        switch (firstName->type) {
        case certRFC822Name:
        case certDNSName:
        case certX400Address:
        case certEDIPartyName:
        case certURI:
        case certIPAddress:
                PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_CompareItem).\n");
                if (SECITEM_CompareItem(firstName->other,
                                        secondName->other) != SECEqual) {
                        goto cleanup;
                }
                break;
        case certRegisterID:
                PKIX_CHECK(PKIX_PL_Object_Equals
                            ((PKIX_PL_Object *)firstName->oid,
                            (PKIX_PL_Object *)secondName->oid,
                            pResult,
                            plContext),
                            PKIX_OIDEQUALSFAILED);
                goto cleanup;
        case certOtherName:
                PKIX_NULLCHECK_TWO(firstName->OthName, secondName->OthName);
                PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_CompareItem).\n");
                if (SECITEM_CompareItem(&firstName->OthName->oid,
                                        &secondName->OthName->oid)
                    != SECEqual ||
                    SECITEM_CompareItem(&firstName->OthName->name,
                                        &secondName->OthName->name)
                    != SECEqual) {
                        goto cleanup;
                }
                break;
        case certDirectoryName:
                PKIX_CHECK(PKIX_PL_Object_Equals
                            ((PKIX_PL_Object *)firstName->directoryName,
                            (PKIX_PL_Object *)secondName->directoryName,
                            pResult,
                            plContext),
                            PKIX_X500NAMEEQUALSFAILED);
                goto cleanup;
        }

        *pResult = PKIX_TRUE;

cleanup:

        PKIX_RETURN(GENERALNAME);
}
Exemplo n.º 15
0
/*
 * FUNCTION: pkix_pl_Object_ToString_Default
 * DESCRIPTION:
 *
 *  Default Object_ToString callback: Creates a string consisting of the
 *  typename and address of the Object pointed to by "object" and stores
 *  the result at "pString". The format for the string is
 *  "TypeName@Address: <address>", where the default typename is "Object".
 *
 * PARAMETERS:
 *  "object"
 *      Address of Object to convert to a string. Must be non-NULL.
 *  "pString"
 *      Address where object pointer will be stored. Must be non-NULL.
 *  "plContext"
 *      Platform-specific context pointer.
 * THREAD SAFETY:
 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
 * RETURNS:
 *  Returns NULL if the function succeeds.
 *  Returns an Object Error if the function fails in a non-fatal way.
 *  Returns a Fatal Error if the function fails in an unrecoverable way.
 */
static PKIX_Error *
pkix_pl_Object_ToString_Default(
        PKIX_PL_Object *object,
        PKIX_PL_String **pString,
        void *plContext)
{
        PKIX_PL_String *formatString = NULL;
        PKIX_PL_String *descString = NULL;
        char *format = "%s@Address: %x";
        char *description = NULL;
        PKIX_UInt32 objType;

        PKIX_ENTER(OBJECT, "pkix_pl_Object_ToString_Default");
        PKIX_NULLCHECK_TWO(object, pString);

        PKIX_CHECK(PKIX_PL_Object_GetType(object, &objType, plContext),
                    PKIX_OBJECTGETTYPEFAILED);

        if (objType >= PKIX_NUMTYPES){
#ifdef PKIX_USER_OBJECT_TYPE
                pkix_ClassTable_Entry *ctEntry = NULL;

                PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
                PR_Lock(classTableLock);
                pkixErrorResult = pkix_pl_PrimHashTable_Lookup
                        (classTable,
                        (void *)&objType,
                        objType,
                        NULL,
                        (void **)&ctEntry,
                        plContext);
                PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
                PR_Unlock(classTableLock);
                if (pkixErrorResult){
                        PKIX_ERROR_FATAL(PKIX_ERRORGETTINGCLASSTABLEENTRY);
                }

                if (ctEntry == NULL){
                        PKIX_ERROR_FATAL(PKIX_UNDEFINEDCLASSTABLEENTRY);
                } else {
                        description = ctEntry->description;
                        if (description == NULL) {
                            description = "User Type Object";
                        }
                }
#else
                PORT_Assert (0);
                pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
                pkixErrorClass = PKIX_FATAL_ERROR;
                goto cleanup;
#endif /* PKIX_USER_OBJECT_TYPE */
        } else {
                description = systemClasses[objType].description;
        }
        PKIX_CHECK(PKIX_PL_String_Create
                    (PKIX_ESCASCII,
                    (void *)format,
                    0,
                    &formatString,
                    plContext),
                    PKIX_STRINGCREATEFAILED);

        PKIX_CHECK(PKIX_PL_String_Create
                    (PKIX_ESCASCII,
                    (void *)description,
                    0,
                    &descString,
                    plContext),
                    PKIX_STRINGCREATEFAILED);

        PKIX_CHECK(PKIX_PL_Sprintf
                    (pString,
                    plContext,
                    formatString,
                    descString,
                    object),
                    PKIX_SPRINTFFAILED);

cleanup:

        PKIX_DECREF(formatString);
        PKIX_DECREF(descString);

        PKIX_RETURN(OBJECT);
}
Exemplo n.º 16
0
/*
 * FUNCTION: pkix_PolicyNode_Equals
 * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_PolicyNode_Equals(
    PKIX_PL_Object *firstObject,
    PKIX_PL_Object *secondObject,
    PKIX_Boolean *pResult,
    void *plContext)
{
    PKIX_PolicyNode *firstPN = NULL;
    PKIX_PolicyNode *secondPN = NULL;
    PKIX_UInt32 secondType;
    PKIX_Boolean compResult = PKIX_FALSE;

    PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Equals");
    PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);

    /* test that firstObject is a PolicyNode */
    PKIX_CHECK(pkix_CheckType
               (firstObject, PKIX_CERTPOLICYNODE_TYPE, plContext),
               PKIX_FIRSTOBJECTNOTPOLICYNODE);

    /*
     * Since we know firstObject is a PolicyNode,
     * if both references are identical, they must be equal
     */
    if (firstObject == secondObject) {
        compResult = PKIX_TRUE;
        goto cleanup;
    }

    /*
     * If secondObject isn't a PolicyNode, we
     * don't throw an error. We simply return FALSE.
     */
    PKIX_CHECK(PKIX_PL_Object_GetType
               (secondObject, &secondType, plContext),
               PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);

    if (secondType != PKIX_CERTPOLICYNODE_TYPE) {
        goto cleanup;
    }

    /*
     * Oh, well, we have to do the comparisons. Do
     * the easiest ones first.
     */
    firstPN = (PKIX_PolicyNode *)firstObject;
    secondPN = (PKIX_PolicyNode *)secondObject;

    /*
     * We don't require the parents to be identical. In the
     * course of traversing the tree, we will have checked the
     * attributes of the parent nodes, and checking the lists
     * of children will determine whether they match.
     */

    PKIX_EQUALS
    (firstPN->children,
     secondPN->children,
     &compResult,
     plContext,
     PKIX_OBJECTEQUALSFAILEDONCHILDREN);

    if (compResult == PKIX_FALSE) {
        goto cleanup;
    }

    PKIX_CHECK(pkix_SinglePolicyNode_Equals
               (firstPN, secondPN, &compResult, plContext),
               PKIX_SINGLEPOLICYNODEEQUALSFAILED);

cleanup:

    *pResult = compResult;

    PKIX_RETURN(CERTPOLICYNODE);
}
Exemplo n.º 17
0
/*
 * FUNCTION: pkix_Error_Equals
 * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_Error_Equals(
        PKIX_PL_Object *firstObject,
        PKIX_PL_Object *secondObject,
        PKIX_Boolean *pResult,
        void *plContext)
{
        PKIX_Error *firstError = NULL;
        PKIX_Error *secondError = NULL;
        PKIX_Error *firstCause = NULL;
        PKIX_Error *secondCause = NULL;
        PKIX_PL_Object *firstInfo = NULL;
        PKIX_PL_Object *secondInfo = NULL;
        PKIX_ERRORCLASS firstClass, secondClass;
        PKIX_UInt32 secondType;
        PKIX_Boolean boolResult, unequalFlag;

        PKIX_ENTER(ERROR, "pkix_Error_Equals");
        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);

        unequalFlag = PKIX_FALSE;

        /* First just compare pointer values to save time */
        if (firstObject == secondObject) {
                *pResult = PKIX_TRUE;
                goto cleanup;
        } else {
                /* Result will only be set to true if all tests pass */
                *pResult = PKIX_FALSE;
        }

        PKIX_CHECK(pkix_CheckType(firstObject, PKIX_ERROR_TYPE, plContext),
                    PKIX_FIRSTOBJECTNOTANERROROBJECT);

        PKIX_CHECK(PKIX_PL_Object_GetType
                    (secondObject, &secondType, plContext),
                    PKIX_ERRORGETTINGSECONDOBJECTTYPE);

        /* If types differ, then return false. Result is already set */
        if (secondType != PKIX_ERROR_TYPE) goto cleanup;

        /* It is safe to cast to PKIX_Error */
        firstError = (PKIX_Error *) firstObject;
        secondError = (PKIX_Error *) secondObject;

        /* Compare error codes */
        firstClass = firstError->errClass;
        secondClass = secondError->errClass;

        /* If codes differ, return false. Result is already set */
        if (firstClass != secondClass) goto cleanup;

        /* Compare causes */
        firstCause = firstError->cause;
        secondCause = secondError->cause;

        /* Ensure that either both or none of the causes are NULL */
        if (((firstCause != NULL) && (secondCause == NULL))||
            ((firstCause == NULL) && (secondCause != NULL)))
                unequalFlag = PKIX_TRUE;

        if ((firstCause != NULL) && (secondCause != NULL)) {
                PKIX_CHECK(PKIX_PL_Object_Equals
                            ((PKIX_PL_Object*)firstCause,
                            (PKIX_PL_Object*)secondCause,
                            &boolResult,
                            plContext),
                            PKIX_ERRORINRECURSIVEEQUALSCALL);

                /* Set the unequalFlag so that we return after dec refing */
                if (boolResult == 0) unequalFlag = PKIX_TRUE;
        }

        /* If the cause errors are not equal, return null */
        if (unequalFlag) goto cleanup;

        /* Compare info fields */
        firstInfo = firstError->info;
        secondInfo = secondError->info;

        if (firstInfo != secondInfo) goto cleanup;

        /* Ensure that either both or none of the infos are NULL */
        if (((firstInfo != NULL) && (secondInfo == NULL))||
            ((firstInfo == NULL) && (secondInfo != NULL)))
                unequalFlag = PKIX_TRUE;

        if ((firstInfo != NULL) && (secondInfo != NULL)) {

                PKIX_CHECK(PKIX_PL_Object_Equals
                            ((PKIX_PL_Object*)firstInfo,
                            (PKIX_PL_Object*)secondInfo,
                            &boolResult,
                            plContext),
                            PKIX_ERRORINRECURSIVEEQUALSCALL);

                /* Set the unequalFlag so that we return after dec refing */
                if (boolResult == 0) unequalFlag = PKIX_TRUE;
        }

        /* If the infos are not equal, return null */
        if (unequalFlag) goto cleanup;


        /* Compare descs */
        if (firstError->errCode != secondError->errCode) {
                unequalFlag = PKIX_TRUE;
        }

        if (firstError->plErr != secondError->plErr) {
                unequalFlag = PKIX_TRUE;
        }

        /* If the unequalFlag was set, return false */
        if (unequalFlag) goto cleanup;

        /* Errors are equal in all fields at this point */
        *pResult = PKIX_TRUE;

cleanup:

        PKIX_RETURN(ERROR);
}
Exemplo n.º 18
0
/*
 * FUNCTION: pkix_ValidateResult_Equals
 * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_ValidateResult_Equals(
        PKIX_PL_Object *first,
        PKIX_PL_Object *second,
        PKIX_Boolean *pResult,
        void *plContext)
{
        PKIX_UInt32 secondType;
        PKIX_Boolean cmpResult;
        PKIX_ValidateResult *firstValResult = NULL;
        PKIX_ValidateResult *secondValResult = NULL;
        PKIX_PolicyNode *firstTree = NULL;
        PKIX_PolicyNode *secondTree = NULL;

        PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_Equals");
        PKIX_NULLCHECK_THREE(first, second, pResult);

        PKIX_CHECK(pkix_CheckType(first, PKIX_VALIDATERESULT_TYPE, plContext),
                PKIX_FIRSTOBJECTNOTVALIDATERESULT);

        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
                PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);

        *pResult = PKIX_FALSE;

        if (secondType != PKIX_VALIDATERESULT_TYPE) goto cleanup;

        firstValResult = (PKIX_ValidateResult *)first;
        secondValResult = (PKIX_ValidateResult *)second;

        PKIX_CHECK(PKIX_PL_Object_Equals
                ((PKIX_PL_Object *)firstValResult->pubKey,
                (PKIX_PL_Object *)secondValResult->pubKey,
                &cmpResult,
                plContext),
                PKIX_OBJECTEQUALSFAILED);

        if (!cmpResult) goto cleanup;

        PKIX_CHECK(PKIX_PL_Object_Equals
                ((PKIX_PL_Object *)firstValResult->anchor,
                (PKIX_PL_Object *)secondValResult->anchor,
                &cmpResult,
                plContext),
                PKIX_OBJECTEQUALSFAILED);

        if (!cmpResult) goto cleanup;

        firstTree = firstValResult->policyTree;
        secondTree = secondValResult->policyTree;

        if ((firstTree != NULL) && (secondTree != NULL)) {
                PKIX_CHECK(PKIX_PL_Object_Equals
                        ((PKIX_PL_Object *)firstTree,
                        (PKIX_PL_Object *)secondTree,
                        &cmpResult,
                        plContext),
                        PKIX_OBJECTEQUALSFAILED);
        } else {
                if (PKIX_EXACTLY_ONE_NULL(firstTree, secondTree)) {
                        cmpResult = PKIX_FALSE;
                }
        }

        /*
         * The remaining case is that both are null,
         * which we consider equality.
         *      cmpResult = PKIX_TRUE;
         */

        *pResult = cmpResult;

cleanup:

        PKIX_RETURN(VALIDATERESULT);
}
Exemplo n.º 19
0
/*
 * FUNCTION: pkix_pl_CertBasicConstraints_Equals
 * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_pl_CertBasicConstraints_Equals(
        PKIX_PL_Object *firstObject,
        PKIX_PL_Object *secondObject,
        PKIX_Boolean *pResult,
        void *plContext)
{
        PKIX_PL_CertBasicConstraints *firstCBC = NULL;
        PKIX_PL_CertBasicConstraints *secondCBC = NULL;
        PKIX_UInt32 secondType;
        PKIX_Boolean firstIsCA = PKIX_FALSE;
        PKIX_Boolean secondIsCA = PKIX_FALSE;
        PKIX_Int32 firstPathLen = 0;
        PKIX_Int32 secondPathLen = 0;

        PKIX_ENTER(CERTBASICCONSTRAINTS,
                "pkix_pl_CertBasicConstraints_Equals");
        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);

        /* test that firstObject is a CertBasicConstraints */
        PKIX_CHECK(pkix_CheckType
                    (firstObject, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext),
                    PKIX_FIRSTOBJECTNOTCERTBASICCONSTRAINTS);

        /*
         * Since we know firstObject is a CertBasicConstraints,
         * if both references are identical, they must be equal
         */
        if (firstObject == secondObject){
                *pResult = PKIX_TRUE;
                goto cleanup;
        }

        /*
         * If secondObject isn't a CertBasicConstraints, we
         * don't throw an error. We simply return FALSE.
         */
        PKIX_CHECK(PKIX_PL_Object_GetType
                    (secondObject, &secondType, plContext),
                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
        if (secondType != PKIX_CERTBASICCONSTRAINTS_TYPE) {
                *pResult = PKIX_FALSE;
                goto cleanup;
        }

        firstCBC = (PKIX_PL_CertBasicConstraints *)firstObject;
        secondCBC = (PKIX_PL_CertBasicConstraints *)secondObject;

        /*
         * Compare the value of the CAFlag components
         */

        firstIsCA = firstCBC->isCA;

        /*
         * Failure here would be an error, not merely a miscompare,
         * since we know second is a CertBasicConstraints.
         */
        secondIsCA = secondCBC->isCA;

        /*
         * If isCA flags differ, the objects are not equal.
         */
        if (secondIsCA != firstIsCA) {
                *pResult = PKIX_FALSE;
                goto cleanup;
        }

        /*
         * If isCA was FALSE, the objects are equal, because
         * pathLen is meaningless in that case.
         */
        if (!firstIsCA) {
                *pResult = PKIX_TRUE;
                goto cleanup;
        }

        firstPathLen = firstCBC->pathLen;
        secondPathLen = secondCBC->pathLen;

        *pResult = (secondPathLen == firstPathLen);

cleanup:

        PKIX_RETURN(CERTBASICCONSTRAINTS);
}
Exemplo n.º 20
0
/*
 * FUNCTION: pkix_VerifyNode_Equals
 * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_VerifyNode_Equals(
        PKIX_PL_Object *firstObject,
        PKIX_PL_Object *secondObject,
        PKIX_Boolean *pResult,
        void *plContext)
{
        PKIX_VerifyNode *firstVN = NULL;
        PKIX_VerifyNode *secondVN = NULL;
        PKIX_UInt32 secondType;
        PKIX_Boolean compResult = PKIX_FALSE;

        PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_Equals");
        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);

        /* test that firstObject is a VerifyNode */
        PKIX_CHECK(pkix_CheckType
                (firstObject, PKIX_VERIFYNODE_TYPE, plContext),
                PKIX_FIRSTOBJECTNOTVERIFYNODE);

        /*
         * Since we know firstObject is a VerifyNode,
         * if both references are identical, they must be equal
         */
        if (firstObject == secondObject){
                compResult = PKIX_TRUE;
                goto cleanup;
        }

        /*
         * If secondObject isn't a VerifyNode, we
         * don't throw an error. We simply return FALSE.
         */
        PKIX_CHECK(PKIX_PL_Object_GetType
                    (secondObject, &secondType, plContext),
                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);

        if (secondType != PKIX_VERIFYNODE_TYPE) {
                goto cleanup;
        }

        /*
         * Oh, well, we have to do the comparisons. Do
         * the easiest ones first.
         */
        firstVN = (PKIX_VerifyNode *)firstObject;
        secondVN = (PKIX_VerifyNode *)secondObject;

        PKIX_CHECK(pkix_SingleVerifyNode_Equals
                (firstVN, secondVN, &compResult, plContext),
                PKIX_SINGLEVERIFYNODEEQUALSFAILED);

        if (compResult == PKIX_FALSE) {
                goto cleanup;
        }

        PKIX_EQUALS
                (firstVN->children,
                secondVN->children,
                &compResult,
                plContext,
                PKIX_OBJECTEQUALSFAILEDONCHILDREN);

cleanup:

        *pResult = compResult;

        PKIX_RETURN(VERIFYNODE);
}
Exemplo n.º 21
0
/*
 * FUNCTION: pkix_pl_OcspResponse_Equals
 * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_pl_OcspResponse_Equals(
        PKIX_PL_Object *firstObj,
        PKIX_PL_Object *secondObj,
        PKIX_Boolean *pResult,
        void *plContext)
{
        PKIX_UInt32 secondType = 0;
        PKIX_UInt32 firstLen = 0;
        PKIX_UInt32 i = 0;
        PKIX_PL_OcspResponse *rsp1 = NULL;
        PKIX_PL_OcspResponse *rsp2 = NULL;
        const unsigned char *firstData = NULL;
        const unsigned char *secondData = NULL;

        PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_Equals");
        PKIX_NULLCHECK_THREE(firstObj, secondObj, pResult);

        /* test that firstObj is a OcspResponse */
        PKIX_CHECK(pkix_CheckType(firstObj, PKIX_OCSPRESPONSE_TYPE, plContext),
                    PKIX_FIRSTOBJARGUMENTNOTANOCSPRESPONSE);

        /*
         * Since we know firstObj is a OcspResponse, if both references are
         * identical, they must be equal
         */
        if (firstObj == secondObj){
                *pResult = PKIX_TRUE;
                goto cleanup;
        }

        /*
         * If secondObj isn't a OcspResponse, we don't throw an error.
         * We simply return a Boolean result of FALSE
         */
        *pResult = PKIX_FALSE;
        PKIX_CHECK(PKIX_PL_Object_GetType(secondObj, &secondType, plContext),
                PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
        if (secondType != PKIX_OCSPRESPONSE_TYPE) {
                goto cleanup;
        }

        rsp1 = (PKIX_PL_OcspResponse *)firstObj;
        rsp2 = (PKIX_PL_OcspResponse *)secondObj;

        /* If either lacks an encoded string, they cannot be compared */
        firstData = (const unsigned char *)rsp1->encodedResponse->data;
        secondData = (const unsigned char *)rsp2->encodedResponse->data;
        if ((firstData == NULL) || (secondData == NULL)) {
                goto cleanup;
        }

        firstLen = rsp1->encodedResponse->len;

        if (firstLen != rsp2->encodedResponse->len) {
                goto cleanup;
        }

        for (i = 0; i < firstLen; i++) {
                if (*firstData++ != *secondData++) {
                        goto cleanup;
                }
        }

        *pResult = PKIX_TRUE;

cleanup:

        PKIX_RETURN(OCSPRESPONSE);
}
Exemplo n.º 22
0
/*
 * FUNCTION: pkix_TrustAnchor_Equals
 * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_TrustAnchor_Equals(
        PKIX_PL_Object *first,
        PKIX_PL_Object *second,
        PKIX_Boolean *pResult,
        void *plContext)
{
        PKIX_UInt32 secondType;
        PKIX_Boolean cmpResult;
        PKIX_TrustAnchor *firstAnchor = NULL;
        PKIX_TrustAnchor *secondAnchor = NULL;
        PKIX_PL_Cert *firstCert = NULL;
        PKIX_PL_Cert *secondCert = NULL;

        PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Equals");
        PKIX_NULLCHECK_THREE(first, second, pResult);

        PKIX_CHECK(pkix_CheckType(first, PKIX_TRUSTANCHOR_TYPE, plContext),
                    PKIX_FIRSTOBJECTNOTTRUSTANCHOR);

        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);

        *pResult = PKIX_FALSE;

        if (secondType != PKIX_TRUSTANCHOR_TYPE) goto cleanup;

        firstAnchor = (PKIX_TrustAnchor *)first;
        secondAnchor = (PKIX_TrustAnchor *)second;

        firstCert = firstAnchor->trustedCert;
        secondCert = secondAnchor->trustedCert;

        if ((firstCert && !secondCert) || (!firstCert && secondCert)){
                goto cleanup;
        }

        if (firstCert && secondCert){
                PKIX_CHECK(PKIX_PL_Object_Equals
                            ((PKIX_PL_Object *)firstCert,
                            (PKIX_PL_Object *)secondCert,
                            &cmpResult,
                            plContext),
                            PKIX_OBJECTEQUALSFAILED);
        } else {
                PKIX_CHECK(PKIX_PL_Object_Equals
                            ((PKIX_PL_Object *)firstAnchor->caName,
                            (PKIX_PL_Object *)secondAnchor->caName,
                            &cmpResult,
                            plContext),
                            PKIX_OBJECTEQUALSFAILED);

                if (!cmpResult) goto cleanup;

                PKIX_CHECK(PKIX_PL_Object_Equals
                            ((PKIX_PL_Object *)firstAnchor->caPubKey,
                            (PKIX_PL_Object *)secondAnchor->caPubKey,
                            &cmpResult,
                            plContext),
                            PKIX_OBJECTEQUALSFAILED);

                if (!cmpResult) goto cleanup;

                PKIX_EQUALS
                        (firstAnchor->nameConstraints,
                        secondAnchor->nameConstraints,
                        &cmpResult,
                        plContext,
                        PKIX_OBJECTEQUALSFAILED);

                if (!cmpResult) goto cleanup;

        }

        *pResult = cmpResult;

cleanup:

        PKIX_RETURN(TRUSTANCHOR);
}
Exemplo n.º 23
0
/*
 * FUNCTION: pkix_ProcessingParams_Equals
 * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_ProcessingParams_Equals(
        PKIX_PL_Object *first,
        PKIX_PL_Object *second,
        PKIX_Boolean *pResult,
        void *plContext)
{
        PKIX_UInt32 secondType;
        PKIX_Boolean cmpResult;
        PKIX_ProcessingParams *firstProcParams = NULL;
        PKIX_ProcessingParams *secondProcParams = NULL;

        PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_Equals");
        PKIX_NULLCHECK_THREE(first, second, pResult);

        PKIX_CHECK(pkix_CheckType(first, PKIX_PROCESSINGPARAMS_TYPE, plContext),
                    PKIX_FIRSTOBJECTNOTPROCESSINGPARAMS);

        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);

        *pResult = PKIX_FALSE;

        if (secondType != PKIX_PROCESSINGPARAMS_TYPE) goto cleanup;

        firstProcParams = (PKIX_ProcessingParams *)first;
        secondProcParams = (PKIX_ProcessingParams *)second;

        /* Do the simplest tests first */
        if ((firstProcParams->qualifiersRejected) !=
            (secondProcParams->qualifiersRejected)) {
                goto cleanup;
        }

        if (firstProcParams->isCrlRevocationCheckingEnabled !=
            secondProcParams->isCrlRevocationCheckingEnabled) {
                goto cleanup;
        }
        if (firstProcParams->isCrlRevocationCheckingEnabledWithNISTPolicy !=
            secondProcParams->isCrlRevocationCheckingEnabledWithNISTPolicy) {
                goto cleanup;
        }

        /* trustAnchors can never be NULL */

        PKIX_EQUALS
                (firstProcParams->trustAnchors,
                secondProcParams->trustAnchors,
                &cmpResult,
                plContext,
                PKIX_OBJECTEQUALSFAILED);

        if (!cmpResult) goto cleanup;

        PKIX_EQUALS
                (firstProcParams->hintCerts,
                secondProcParams->hintCerts,
                &cmpResult,
                plContext,
                PKIX_OBJECTEQUALSFAILED);

        if (!cmpResult) goto cleanup;

        PKIX_EQUALS
                (firstProcParams->date,
                secondProcParams->date,
                &cmpResult,
                plContext,
                PKIX_OBJECTEQUALSFAILED);

        if (!cmpResult) goto cleanup;

        PKIX_EQUALS
                (firstProcParams->constraints,
                secondProcParams->constraints,
                &cmpResult,
                plContext,
                PKIX_OBJECTEQUALSFAILED);

        if (!cmpResult) goto cleanup;

        PKIX_EQUALS
                (firstProcParams->initialPolicies,
                secondProcParams->initialPolicies,
                &cmpResult,
                plContext,
                PKIX_OBJECTEQUALSFAILED);

        if (!cmpResult) goto cleanup;

        /* There is no Equals function for CertChainCheckers */

        PKIX_EQUALS
                    ((PKIX_PL_Object *)firstProcParams->certStores,
                    (PKIX_PL_Object *)secondProcParams->certStores,
                    &cmpResult,
                    plContext,
                    PKIX_OBJECTEQUALSFAILED);

        if (!cmpResult) goto cleanup;

        PKIX_EQUALS
                (firstProcParams->resourceLimits,
                secondProcParams->resourceLimits,
                &cmpResult,
                plContext,
                PKIX_OBJECTEQUALSFAILED);

        if (cmpResult == PKIX_FALSE) {
                *pResult = PKIX_FALSE;
                goto cleanup;
        }

        *pResult = cmpResult;

cleanup:

        PKIX_RETURN(PROCESSINGPARAMS);
}