static int getDynData( OUT DYNBUF *dynBuf,
IN_HANDLE const CRYPT_HANDLE cryptHandle,
IN_MESSAGE const MESSAGE_TYPE message,
IN_INT const int messageParam )
{
MESSAGE_DATA msgData;
void *dataPtr = NULL;
int status;
assert( isWritePtr( dynBuf, sizeof( DYNBUF ) ) );
REQUIRES( isHandleRangeValid( cryptHandle ) );
REQUIRES( ( message == IMESSAGE_GETATTRIBUTE_S && \
( isAttribute( messageParam ) || \
isInternalAttribute( messageParam ) ) ) || \
( message == IMESSAGE_CRT_EXPORT && \
messageParam == CRYPT_CERTFORMAT_CERTIFICATE ) );
/* Clear return values. Note that we don't use the usual memset() to
clear the value since the structure contains the storage for the
fixed-size portion of the buffer appended to it, and using memset()
to clear that is just unnecessary overhead */
dynBuf->data = dynBuf->dataBuffer;
dynBuf->length = 0;
/* Get the data from the object */
setMessageData( &msgData, NULL, 0 );
status = krnlSendMessage( cryptHandle, message, &msgData, messageParam );
if( cryptStatusError( status ) )
return( status );
if( msgData.length > DYNBUF_SIZE )
{
/* The data is larger than the built-in buffer size, dynamically
allocate a larger buffer */
if( ( dataPtr = clDynAlloc( "dynCreate", msgData.length ) ) == NULL )
return( CRYPT_ERROR_MEMORY );
msgData.data = dataPtr;
status = krnlSendMessage( cryptHandle, message, &msgData,
messageParam );
if( cryptStatusError( status ) )
{
clFree( "dynCreate", dataPtr );
return( status );
}
dynBuf->data = dataPtr;
}
else
{
/* The data will fit into the built-in buffer, read it directly into
the buffer */
msgData.data = dynBuf->data;
status = krnlSendMessage( cryptHandle, message, &msgData,
messageParam );
if( cryptStatusError( status ) )
return( status );
}
dynBuf->length = msgData.length;
return( CRYPT_OK );
}
//-------------------------------------------------------------------------------------------------------
void LightNode::EraseAttribute( const LightAttribute& att )
{
if ( isAttribute( att) )
{
m_LightAttrib &= ( ~att );
}
}
//-------------------------------------------------------------------------------------------------------
void LightNode::SetAttribute( const LightAttribute& att )
{
if ( !isAttribute( att) )
{
m_LightAttrib |= att;
}
}
//-------------------------------------------------------------------------------------------------------
void RealLightNode::SetAttribute( const LightAttribute& att )
{
if ( LA_SHADOW == att && !isAttribute(att) )
{
_NewShadowCaster();
}
LightNode::SetAttribute( att );
}
int dynCreate( OUT DYNBUF *dynBuf,
IN_HANDLE const CRYPT_HANDLE cryptHandle,
IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attributeType )
{
assert( isWritePtr( dynBuf, sizeof( DYNBUF ) ) );
REQUIRES( isHandleRangeValid( cryptHandle ) );
REQUIRES( isAttribute( attributeType ) || \
isInternalAttribute( attributeType ) );
return( getDynData( dynBuf, cryptHandle, IMESSAGE_GETATTRIBUTE_S,
attributeType ) );
}
v8::Local<v8::Function> V8EventListener::getListenerFunction(
ScriptState* scriptState) {
v8::Local<v8::Object> listener =
getListenerObject(scriptState->getExecutionContext());
// Has the listener been disposed?
if (listener.IsEmpty())
return v8::Local<v8::Function>();
if (listener->IsFunction())
return v8::Local<v8::Function>::Cast(listener);
// The EventHandler callback function type (used for event handler
// attributes in HTML) has [TreatNonObjectAsNull], which implies that
// non-function objects should be treated as no-op functions that return
// undefined.
if (isAttribute())
return v8::Local<v8::Function>();
// Getting the handleEvent property can runs script in the getter.
if (ScriptForbiddenScope::isScriptForbidden()) {
V8ThrowException::throwError(isolate(), "Script execution is forbidden.");
return v8::Local<v8::Function>();
}
if (listener->IsObject()) {
// Check that no exceptions were thrown when getting the
// handleEvent property and that the value is a function.
v8::Local<v8::Value> property;
if (listener
->Get(scriptState->context(),
v8AtomicString(isolate(), "handleEvent"))
.ToLocal(&property) &&
property->IsFunction())
return v8::Local<v8::Function>::Cast(property);
}
return v8::Local<v8::Function>();
}
v8::Local<v8::Function> V8EventListener::getListenerFunction(ScriptState* scriptState)
{
v8::Local<v8::Object> listener = getListenerObject(scriptState->executionContext());
// Has the listener been disposed?
if (listener.IsEmpty())
return v8::Local<v8::Function>();
if (listener->IsFunction())
return v8::Local<v8::Function>::Cast(listener);
if (listener->IsObject()) {
ASSERT_WITH_MESSAGE(!isAttribute(), "EventHandler attributes should only accept JS Functions as input.");
v8::Local<v8::Value> property = listener->Get(v8AtomicString(isolate(), "handleEvent"));
// Check that no exceptions were thrown when getting the
// handleEvent property and that the value is a function.
if (!property.IsEmpty() && property->IsFunction())
return v8::Local<v8::Function>::Cast(property);
}
return v8::Local<v8::Function>();
}
* *
* Utility Routines *
* *
****************************************************************************/
/* Exit after setting extended error information */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
static int exitError( INOUT DEVICE_INFO *deviceInfoPtr,
IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE errorLocus,
IN_ENUM( CRYPT_ERRTYPE ) const CRYPT_ERRTYPE_TYPE errorType,
IN_ERROR const int status )
{
assert( isWritePtr( deviceInfoPtr, sizeof( DEVICE_INFO ) ) );
REQUIRES( isAttribute( errorLocus ) || \
isInternalAttribute( errorLocus ) );
REQUIRES( errorType > CRYPT_ERRTYPE_NONE && \
errorType < CRYPT_ERRTYPE_LAST );
REQUIRES( cryptStatusError( status ) );
setErrorInfo( deviceInfoPtr, errorLocus, errorType );
return( status );
}
CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
static int exitErrorInited( INOUT DEVICE_INFO *deviceInfoPtr,
IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE errorLocus )
{
assert( isWritePtr( deviceInfoPtr, sizeof( DEVICE_INFO ) ) );
OUT_ENUM_OPT( KEYFORMAT ) KEYFORMAT_TYPE *keyformat )
{
static const MAP_TABLE attributeMapTbl[] = {
{ CRYPT_IATTRIBUTE_KEY_SSH, KEYFORMAT_SSH },
{ CRYPT_IATTRIBUTE_KEY_SSL, KEYFORMAT_SSL },
{ CRYPT_IATTRIBUTE_KEY_PGP, KEYFORMAT_PGP },
{ CRYPT_IATTRIBUTE_KEY_PGP_PARTIAL, KEYFORMAT_PGP },
{ CRYPT_IATTRIBUTE_KEY_SPKI, KEYFORMAT_CERT },
{ CRYPT_IATTRIBUTE_KEY_SPKI_PARTIAL, KEYFORMAT_CERT },
{ CRYPT_ERROR, 0 }, { CRYPT_ERROR, 0 }
};
int value, status;
assert( isWritePtr( keyformat, sizeof( KEYFORMAT_TYPE ) ) );
REQUIRES( isAttribute( attribute ) || \
isInternalAttribute( attribute ) );
/* Clear return value */
*keyformat = KEYFORMAT_NONE;
status = mapValue( attribute, &value, attributeMapTbl,
FAILSAFE_ARRAYSIZE( attributeMapTbl, MAP_TABLE ) );
ENSURES( cryptStatusOK( status ) );
*keyformat = value;
return( CRYPT_OK );
}
/****************************************************************************
* *
static int deleteCertAttribute( INOUT CERT_INFO *certInfoPtr,
IN_ATTRIBUTE \
const CRYPT_ATTRIBUTE_TYPE certInfoType )
{
ATTRIBUTE_PTR **attributeListHeadPtrPtr;
ATTRIBUTE_PTR *attributePtr;
const BOOLEAN isRevocationEntry = \
isRevocationEntryComponent( certInfoType ) ? TRUE : FALSE;
int status;
assert( isWritePtr( certInfoPtr, sizeof( CERT_INFO ) ) );
REQUIRES( isAttribute( certInfoType ) || \
isInternalAttribute( certInfoType ) );
/* Try and find this attribute in the attribute list */
attributePtr = findAttributeComponent( certInfoPtr, certInfoType );
if( attributePtr == NULL )
return( CRYPT_ERROR_NOTFOUND );
/* If this is a non-present field with a default value in a present
attribute (so that its value can be read but the field itself isn't
really there) there isn't any terribly satisfactory return code to
indicate this. Returning CRYPT_OK is wrong because the caller can
keep deleting the same field over and over, and returning
CRYPT_ERROR_NOTFOUND is wrong because the caller may have added the
attribute at an earlier date but it was never written because it had
the default value so that to the caller it appears that the field
they added has been lost. The least unexpected action is probably to
return CRYPT_OK */
if( checkAttributeProperty( attributePtr,
ATTRIBUTE_PROPERTY_DEFAULTVALUE ) )
return( CRYPT_OK );
/* If this is a complete attribute (e.g. CRYPT_CERTINFO_SUBJECTINFOACCESS
rather than one of its fields like
CRYPT_CERTINFO_SUBJECTINFO_CAREPOSITORY), delete the entire attribute */
if( checkAttributeProperty( attributePtr,
ATTRIBUTE_PROPERTY_COMPLETEATRIBUTE ) )
{
ATTRIBUTE_PTR *fieldAttributePtr;
/* If the certificate has a fleur de lis make sure that it can't be
scraped off */
fieldAttributePtr = findAttribute( certInfoPtr->attributes,
certInfoType, TRUE );
if( fieldAttributePtr != NULL && \
checkAttributeProperty( fieldAttributePtr,
ATTRIBUTE_PROPERTY_LOCKED ) )
return( CRYPT_ERROR_PERMISSION );
/* This is an ID for an entire (constructed) attribute, delete the
attribute */
if( isRevocationEntry )
{
attributeListHeadPtrPtr = getEntryAttributeListHead( certInfoPtr );
ENSURES( attributeListHeadPtrPtr != NULL );
}
else
attributeListHeadPtrPtr = &certInfoPtr->attributes;
return( deleteCompleteAttribute( attributeListHeadPtrPtr,
&certInfoPtr->attributeCursor, certInfoType,
certInfoPtr->currentSelection.dnPtr ) );
}
/* If the certificate has a fleur de lis make sure that it can't be
scraped off */
if( checkAttributeProperty( attributePtr, ATTRIBUTE_PROPERTY_LOCKED ) )
return( CRYPT_ERROR_PERMISSION );
/* It's a single field, delete that */
if( isRevocationEntry )
{
attributeListHeadPtrPtr = getEntryAttributeListHead( certInfoPtr );
ENSURES( attributeListHeadPtrPtr != NULL );
}
else
attributeListHeadPtrPtr = &certInfoPtr->attributes;
status = deleteAttributeField( attributeListHeadPtrPtr,
&certInfoPtr->attributeCursor, attributePtr,
certInfoPtr->currentSelection.dnPtr );
/* If we've deleted the attribute containing the currently selected DN,
deselect it */
if( status == OK_SPECIAL )
{
certInfoPtr->currentSelection.dnPtr = NULL;
status = CRYPT_OK;
}
return( status );
}
int deleteCertComponent( INOUT CERT_INFO *certInfoPtr,
IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE certInfoType )
{
int status;
assert( isWritePtr( certInfoPtr, sizeof( CERT_INFO ) ) );
REQUIRES( isAttribute( certInfoType ) || \
isInternalAttribute( certInfoType ) );
/* If it's a GeneralName or DN component, delete it. These are
special-case attribute values so they have to come before the
general attribute-handling code */
if( isGeneralNameSelectionComponent( certInfoType ) )
{
/* Check whether this GeneralName is present */
status = selectGeneralName( certInfoPtr, certInfoType,
MUST_BE_PRESENT );
if( cryptStatusError( status ) )
return( status );
/* Delete each field in the GeneralName */
if( deleteCompositeAttributeField( &certInfoPtr->attributes,
&certInfoPtr->attributeCursor, certInfoPtr->attributeCursor,
certInfoPtr->currentSelection.dnPtr ) == OK_SPECIAL )
{
/* We've deleted the attribute containing the currently selected
DN, deselect it */
certInfoPtr->currentSelection.dnPtr = NULL;
}
return( CRYPT_OK );
}
if( isGeneralNameComponent( certInfoType ) )
{
SELECTION_STATE selectionState;
ATTRIBUTE_PTR *attributePtr = DUMMY_INIT_PTR;
/* Find the requested GeneralName component. Since
selectGeneralNameComponent() changes the current selection within
the GeneralName, we save the selection state around the call */
saveSelectionState( selectionState, certInfoPtr );
status = selectGeneralNameComponent( certInfoPtr, certInfoType );
if( cryptStatusOK( status ) )
attributePtr = certInfoPtr->attributeCursor;
restoreSelectionState( selectionState, certInfoPtr );
if( cryptStatusError( status ))
return( status );
ENSURES( attributePtr != NULL );
/* Delete the field within the GeneralName */
if( deleteAttributeField( &certInfoPtr->attributes,
&certInfoPtr->attributeCursor, attributePtr,
certInfoPtr->currentSelection.dnPtr ) == OK_SPECIAL )
{
/* We've deleted the attribute containing the currently selected
DN, deselect it */
certInfoPtr->currentSelection.dnPtr = NULL;
}
return( CRYPT_OK );
}
if( isDNComponent( certInfoType ) )
{
status = selectDN( certInfoPtr, CRYPT_ATTRIBUTE_NONE,
MUST_BE_PRESENT );
if( cryptStatusOK( status ) )
status = deleteDNComponent( certInfoPtr->currentSelection.dnPtr,
certInfoType, NULL, 0 );
return( status );
}
/* If it's standard certificate or CMS attribute, delete it */
if( ( certInfoType >= CRYPT_CERTINFO_FIRST_EXTENSION && \
certInfoType <= CRYPT_CERTINFO_LAST_EXTENSION ) || \
( certInfoType >= CRYPT_CERTINFO_FIRST_CMS && \
certInfoType <= CRYPT_CERTINFO_LAST_CMS ) )
return( deleteCertAttribute( certInfoPtr, certInfoType ) );
/* If it's anything else, handle it specially */
switch( certInfoType )
{
case CRYPT_CERTINFO_SELFSIGNED:
if( !( certInfoPtr->flags & CERT_FLAG_SELFSIGNED ) )
return( CRYPT_ERROR_NOTFOUND );
certInfoPtr->flags &= ~CERT_FLAG_SELFSIGNED;
return( CRYPT_OK );
case CRYPT_CERTINFO_CURRENT_CERTIFICATE:
case CRYPT_ATTRIBUTE_CURRENT_GROUP:
case CRYPT_ATTRIBUTE_CURRENT:
case CRYPT_ATTRIBUTE_CURRENT_INSTANCE:
if( certInfoPtr->attributeCursor == NULL )
return( CRYPT_ERROR_NOTFOUND );
if( certInfoType == CRYPT_ATTRIBUTE_CURRENT_GROUP )
{
status = deleteAttribute( &certInfoPtr->attributes,
&certInfoPtr->attributeCursor,
certInfoPtr->attributeCursor,
certInfoPtr->currentSelection.dnPtr );
}
else
{
/* The current component and field are essentially the
same thing since a component is one of a set of
entries in a multivalued field, thus they're handled
identically */
status = deleteAttributeField( &certInfoPtr->attributes,
&certInfoPtr->attributeCursor,
certInfoPtr->attributeCursor,
certInfoPtr->currentSelection.dnPtr );
}
if( status == OK_SPECIAL )
{
/* We've deleted the attribute containing the currently
selected DN, deselect it */
certInfoPtr->currentSelection.dnPtr = NULL;
}
return( CRYPT_OK );
case CRYPT_CERTINFO_TRUSTED_USAGE:
if( certInfoPtr->cCertCert->trustedUsage == CRYPT_ERROR )
return( CRYPT_ERROR_NOTFOUND );
certInfoPtr->cCertCert->trustedUsage = CRYPT_ERROR;
return( CRYPT_OK );
case CRYPT_CERTINFO_TRUSTED_IMPLICIT:
return( krnlSendMessage( certInfoPtr->ownerHandle,
IMESSAGE_USER_TRUSTMGMT,
&certInfoPtr->objectHandle,
MESSAGE_TRUSTMGMT_DELETE ) );
case CRYPT_CERTINFO_VALIDFROM:
case CRYPT_CERTINFO_THISUPDATE:
if( certInfoPtr->startTime <= 0 )
return( CRYPT_ERROR_NOTFOUND );
certInfoPtr->startTime = 0;
return( CRYPT_OK );
case CRYPT_CERTINFO_VALIDTO:
case CRYPT_CERTINFO_NEXTUPDATE:
if( certInfoPtr->endTime <= 0 )
return( CRYPT_ERROR_NOTFOUND );
certInfoPtr->endTime = 0;
return( CRYPT_OK );
case CRYPT_CERTINFO_SUBJECTNAME:
if( certInfoPtr->currentSelection.dnPtr == &certInfoPtr->subjectName )
{
/* This is the currently selected DN, deselect it before
deleting it */
certInfoPtr->currentSelection.dnPtr = NULL;
}
deleteDN( &certInfoPtr->subjectName );
return( CRYPT_OK );
#ifdef USE_CERTREV
case CRYPT_CERTINFO_REVOCATIONDATE:
{
time_t *revocationTimePtr = ( time_t * ) \
getRevocationTimePtr( certInfoPtr );
if( revocationTimePtr == NULL )
return( CRYPT_ERROR_NOTFOUND );
*revocationTimePtr = 0;
return( CRYPT_OK );
}
#endif /* USE_CERTREV */
#ifdef USE_PKIUSER
case CRYPT_CERTINFO_PKIUSER_RA:
if( !certInfoPtr->cCertUser->isRA )
return( CRYPT_ERROR_NOTFOUND );
certInfoPtr->cCertUser->isRA = FALSE;
return( CRYPT_OK );
#endif /* USE_PKIUSER */
}
retIntError();
}
/**
* Indicate if this method was defined as an attribute method
* (using ::attribute or ::method attribute)
*
* @return .true if the method is defined as an attribute.
* .false otherwise.
*/
RexxObject *MethodClass::isAttributeRexx( )
{
return booleanObject(isAttribute());
}
int
generateAddressingHeaders(struct bes_context *context,
epr_t endpointepr,
char *action,
char **endpoint_ret)
{
struct soap *s;
struct soap_dom_element *dom, *iter;
struct soap_dom_element *refparams, *refparam;
struct soap_dom_attribute *isrefparam;
struct bes_epr *epr;
char *endpoint;
int i, numrefparams, ret = BESE_OK;
s = context->soap;
epr = (struct bes_epr*)endpointepr;
dom = epr->dom;
iter = dom->elts;
if (!iter || !isElement(iter, WSA_NS, "Address")) {
setErrorString(context, NULL, BESE_ENDPOINT_ERR);
ret = BESE_ENDPOINT_ERR;
goto end;
}
endpoint = soap_strdup(s, iter->data);
if (endpoint == NULL) {
setErrorString(context, s, BESE_SOAP_ERR);
ret = BESE_SOAP_ERR;
goto end;
}
s->header->wsa__To.__item = endpoint;
s->header->wsa__Action.__item = soap_strdup(s, action);
if (s->header->wsa__Action.__item == NULL) {
setErrorString(context, s, BESE_SOAP_ERR);
ret = BESE_SOAP_ERR;
goto end;
}
iter = iter->next;
while (iter) {
if (isElement(iter, WSA_NS, "ReferenceParameters")) {
isrefparam = (struct soap_dom_attribute*)soap_malloc(s, sizeof(struct soap_dom_attribute));
if (isrefparam == NULL) {
setErrorString(context, s, BESE_SOAP_ERR);
ret = BESE_SOAP_ERR;
goto end;
}
memset(isrefparam, 0, sizeof(struct soap_dom_attribute));
isrefparam->soap = s;
isrefparam->nstr = WSA_NS;
isrefparam->name = soap_strdup(s, "wsa:IsReferenceParameter");
isrefparam->data = soap_strdup(s, "true");
if (!isrefparam->name || !isrefparam->data) {
setErrorString(context, s, BESE_SOAP_ERR);
ret = BESE_SOAP_ERR;
goto end;
}
refparam = iter->elts;
numrefparams = 0;
while (refparam) {
if (refparam->atts) {
struct soap_dom_attribute *last, *attr = refparam->atts;
while (attr) {
if (isAttribute(attr, WSA_NS, "IsReferenceParameter")) {
attr->nstr = soap_strdup (s, isrefparam->nstr);
attr->name = soap_strdup (s, isrefparam->name);
attr->data = soap_strdup (s, isrefparam->data);
break;
}
last = attr;
attr = attr->next;
}
if (!attr) {
last->next = isrefparam;
}
}
else {
refparam->atts = isrefparam;
}
refparam = refparam->next;
numrefparams++;
}
refparams = (struct soap_dom_element*)soap_malloc(s, sizeof(struct soap_dom_element)*numrefparams);
if (refparams == NULL) {
setErrorString(context, s, BESE_SOAP_ERR);
ret = BESE_SOAP_ERR;
goto end;
}
memset(refparams, 0, sizeof(struct soap_dom_element)*numrefparams);
refparam = iter->elts;
for (i = 0; i < numrefparams; i++) {
refparams[i].nstr = soap_strdup (s, refparam->nstr);
refparams[i].name = soap_strdup (s, refparam->name);
refparams[i].data = soap_strdup (s, refparam->data);
refparams[i].atts = refparam->atts;
refparams[i].soap = refparam->soap;
refparams[i].elts = refparam->elts;
refparam = refparam->next;
}
s->header->__size = numrefparams;
s->header->__any = refparams;
}
iter = iter->next;
}
if (endpoint_ret) *endpoint_ret = endpoint;
end:
return ret;
}
static int controlFunction( DEVICE_INFO *deviceInfo,
const CRYPT_ATTRIBUTE_TYPE type,
const void *data, const int dataLength,
MESSAGE_FUNCTION_EXTINFO *messageExtInfo )
{
HARDWARE_INFO *hardwareInfo = deviceInfo->deviceHardware;
int status;
assert( isWritePtr( deviceInfo, sizeof( DEVICE_INFO ) ) );
REQUIRES( isAttribute( type ) || isInternalAttribute( type ) );
UNUSED_ARG( hardwareInfo );
UNUSED_ARG( messageExtInfo );
/* Handle user authorisation. Since this is a built-in hardware device
it's always available for use so these are just dummy routines,
although they can be expanded to call down into the HAL for actual
authentication if any hardware with such a facility is ever used */
if( type == CRYPT_DEVINFO_AUTHENT_USER || \
type == CRYPT_DEVINFO_AUTHENT_SUPERVISOR )
{
/* Authenticate the user */
/* ... */
/* The device is now ready for use */
deviceInfo->flags |= DEVICE_LOGGEDIN;
krnlSendMessage( deviceInfo->objectHandle, IMESSAGE_SETATTRIBUTE,
MESSAGE_VALUE_UNUSED, CRYPT_IATTRIBUTE_INITIALISED );
return( CRYPT_OK );
}
/* Handle authorisation value change */
if( type == CRYPT_DEVINFO_SET_AUTHENT_SUPERVISOR )
{
/* Set SO PIN */
/* ... */
return( CRYPT_OK );
}
if( type == CRYPT_DEVINFO_SET_AUTHENT_USER )
{
/* Set user PIN */
/* ... */
return( CRYPT_OK );
}
/* Handle initialisation and zeroisation */
if( type == CRYPT_DEVINFO_INITIALISE || \
type == CRYPT_DEVINFO_ZEROISE )
{
CRYPT_KEYSET iCryptKeyset;
/* Shut down any existing state if necessary in preparation for the
zeroise/initialise. Since this clears all state we manually
reset the device-active flag since we're still active, just with
all information cleared */
if( hardwareInfo->iCryptKeyset != CRYPT_ERROR )
shutdownFunction( deviceInfo );
hwInitialise();
deviceInfo->flags |= DEVICE_ACTIVE;
/* The only real difference between a zeroise and an initialise is
that the zeroise only clears existing state and exits while the
initialise resets the state with the device ready to be used
again */
if( type == CRYPT_DEVINFO_ZEROISE )
{
char storageFilePath[ MAX_PATH_LENGTH + 1 + 8 ];
int storageFilePathLen;
/* Zeroise the device */
status = fileBuildCryptlibPath( storageFilePath, MAX_PATH_LENGTH,
&storageFilePathLen, "CLKEYS", 6,
BUILDPATH_GETPATH );
if( cryptStatusOK( status ) )
{
storageFilePath[ storageFilePathLen ] = '\0';
fileErase( storageFilePath );
}
deviceInfo->flags &= ~DEVICE_LOGGEDIN;
return( status );
}
/* Initialise the device. In theory we're already in the logged-in
state but if the initialise was preceded by a zeroise then this
will have been cleared, so we explicitly re-set it */
status = openStorageObject( &iCryptKeyset, CRYPT_KEYOPT_CREATE,
deviceInfo->objectHandle );
if( cryptStatusError( status ) )
return( status );
hardwareInfo->iCryptKeyset = iCryptKeyset;
deviceInfo->flags |= DEVICE_LOGGEDIN;
return( CRYPT_OK );
}
/* Handle high-reliability time */
if( type == CRYPT_IATTRIBUTE_TIME )
{
time_t *timePtr = ( time_t * ) data;
UNUSED_ARG( timePtr );
return( CRYPT_ERROR_NOTAVAIL );
}
retIntError();
}
CHECK_RETVAL_BOOL \
BOOLEAN isGeneralNameSelectionComponent( IN_ATTRIBUTE \
const CRYPT_ATTRIBUTE_TYPE certInfoType )
{
static const CRYPT_ATTRIBUTE_TYPE certGeneralNameTbl[] = {
CRYPT_CERTINFO_AUTHORITYINFO_RTCS,
CRYPT_CERTINFO_AUTHORITYINFO_OCSP,
CRYPT_CERTINFO_AUTHORITYINFO_CAISSUERS,
CRYPT_CERTINFO_AUTHORITYINFO_CERTSTORE,
CRYPT_CERTINFO_AUTHORITYINFO_CRLS,
CRYPT_CERTINFO_QCSTATEMENT_REGISTRATIONAUTHORITY,
CRYPT_CERTINFO_SUBJECTINFO_TIMESTAMPING,
CRYPT_CERTINFO_SUBJECTINFO_CAREPOSITORY,
CRYPT_CERTINFO_SUBJECTINFO_SIGNEDOBJECTREPOSITORY,
CRYPT_CERTINFO_SUBJECTINFO_RPKIMANIFEST,
CRYPT_CERTINFO_SUBJECTINFO_SIGNEDOBJECT,
CRYPT_CERTINFO_SIGG_PROCURE_SIGNINGFOR,
CRYPT_CERTINFO_SIGG_ADMISSIONS_AUTHORITY,
CRYPT_CERTINFO_SUBJECTALTNAME,
CRYPT_CERTINFO_ISSUERALTNAME,
CRYPT_CERTINFO_ISSUINGDIST_FULLNAME,
CRYPT_CERTINFO_CERTIFICATEISSUER,
CRYPT_CERTINFO_PERMITTEDSUBTREES,
CRYPT_CERTINFO_EXCLUDEDSUBTREES,
CRYPT_CERTINFO_CRLDIST_FULLNAME,
CRYPT_CERTINFO_CRLDIST_CRLISSUER,
CRYPT_CERTINFO_AUTHORITY_CERTISSUER,
CRYPT_CERTINFO_FRESHESTCRL_FULLNAME,
CRYPT_CERTINFO_FRESHESTCRL_CRLISSUER,
CRYPT_CERTINFO_DELTAINFO_LOCATION,
CRYPT_CERTINFO_TOBEREVOKED_CERTISSUER,
CRYPT_CERTINFO_REVOKEDGROUPS_CERTISSUER,
CRYPT_CERTINFO_AAISSUINGDIST_FULLNAME,
CRYPT_ATTRIBUTE_NONE, CRYPT_ATTRIBUTE_NONE
};
static const CRYPT_ATTRIBUTE_TYPE cmsGeneralNameTbl[] = {
CRYPT_CERTINFO_CMS_RECEIPT_TO,
CRYPT_CERTINFO_CMS_MLEXP_INSTEADOF,
CRYPT_CERTINFO_CMS_MLEXP_INADDITIONTO,
CRYPT_ATTRIBUTE_NONE, CRYPT_ATTRIBUTE_NONE
};
const CRYPT_ATTRIBUTE_TYPE *generalNameTbl;
int generalNameTblSize, i;
REQUIRES_B( isAttribute( certInfoType ) || \
isInternalAttribute( certInfoType ) );
/* Determine which type of attribute we're dealing with */
if( certInfoType >= CRYPT_CERTINFO_FIRST_EXTENSION && \
certInfoType <= CRYPT_CERTINFO_LAST_EXTENSION )
{
generalNameTbl = certGeneralNameTbl;
generalNameTblSize = FAILSAFE_ARRAYSIZE( certGeneralNameTbl, \
CRYPT_ATTRIBUTE_TYPE );
}
else
{
if( certInfoType >= CRYPT_CERTINFO_FIRST_CMS && \
certInfoType <= CRYPT_CERTINFO_LAST_CMS )
{
generalNameTbl = cmsGeneralNameTbl;
generalNameTblSize = FAILSAFE_ARRAYSIZE( cmsGeneralNameTbl, \
CRYPT_ATTRIBUTE_TYPE );
}
else
{
/* It's neither a certificate nor a CMS attribute extension, it
can't be a GeneralName */
return( FALSE );
}
}
/* Check for membership in the GeneralName set. In theory we could
divide this further via binary search but we're really reaching the
law of diminishing returns here */
for( i = 0; i < generalNameTblSize && \
generalNameTbl[ i ] != CRYPT_ATTRIBUTE_NONE; i++ )
{
if( generalNameTbl[ i ] == certInfoType )
return( TRUE );
}
ENSURES_B( i < generalNameTblSize );
return( FALSE );
}
