/* * This function creates a crlSelector with ComCrlSelParams set up to * select entries that would be valid at the Date specified by the Date * criterion. */ static void test_makeDateCRLSelector( PKIX_PL_Date *dateToMatch, PKIX_CRLSelector **pSelector, void *plContext) { PKIX_CRLSelector *selector = NULL; PKIX_ComCRLSelParams *dateParams = NULL; PKIX_TEST_STD_VARS(); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create (NULL, NULL, &selector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create (&dateParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetDateAndTime (dateParams, dateToMatch, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_CRLSelector_SetCommonCRLSelectorParams (selector, dateParams, plContext)); *pSelector = selector; cleanup: PKIX_TEST_DECREF_AC(dateParams); PKIX_TEST_RETURN(); }
/* * This function creates a crlSelector with ComCrlSelParams set up to * select entries whose Issuer Name matches that in the given Crl. */ static void test_makeIssuerCRLSelector( PKIX_PL_CRL *crlNameToMatch, PKIX_CRLSelector **pSelector, void *plContext) { PKIX_CRLSelector *selector = NULL; PKIX_ComCRLSelParams *issuerParams = NULL; PKIX_PL_X500Name *issuerName = NULL; PKIX_List *names = NULL; PKIX_TEST_STD_VARS(); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL, NULL, &selector, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&issuerParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetIssuer(crlNameToMatch, &issuerName, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&names, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(names, (PKIX_PL_Object *)issuerName, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetIssuerNames(issuerParams, names, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams(selector, issuerParams, plContext)); *pSelector = selector; cleanup: PKIX_TEST_DECREF_AC(issuerParams); PKIX_TEST_DECREF_AC(issuerName); PKIX_TEST_DECREF_AC(names); PKIX_TEST_RETURN(); }
/* * FUNCTION: pkix_DefaultCRLChecker_Check_SetSelector * * DESCRIPTION: * This function creates a CRLSelector suitable for finding a CRL for * the Cert pointed to by "cert", setting the result in the * defaultCRLCheckerState pointed to by "state". * * PARAMETERS * "cert" * Address of Cert for which a CRLSelector is to be constructed. Must be * non-NULL. * "state" * Address of defaultCRLCheckerState whose CRLSelector is to be set. Must * be non-NULL. * "plContext" * Platform-specific context pointer. * * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * * RETURNS: * Returns NULL if the function succeeds. * Returns a DefaultCrlCheckerState Error if the function fails in a * non-fatal way. * Returns a Fatal Error */ PKIX_Error * pkix_DefaultCRLChecker_Check_SetSelector( PKIX_PL_Cert *cert, pkix_DefaultCRLCheckerState *state, void *plContext) { PKIX_PL_X500Name *certIssuer = NULL; PKIX_PL_BigInt *certSerialNumber = NULL; PKIX_PL_Date *nowDate = NULL; PKIX_ComCRLSelParams *comCrlSelParams = NULL; PKIX_CRLSelector *crlSelector = NULL; PKIX_ENTER (CERTCHAINCHECKER, "pkix_DefaultCRLChecker_Check_SetSelector"); PKIX_NULLCHECK_TWO(cert, state); PKIX_CHECK(PKIX_PL_Cert_GetIssuer(cert, &certIssuer, plContext), PKIX_CERTGETISSUERFAILED); PKIX_CHECK(PKIX_PL_Cert_GetSerialNumber (cert, &certSerialNumber, plContext), PKIX_CERTGETSERIALNUMBERFAILED); if (state->testDate != NULL) { PKIX_INCREF(state->testDate); nowDate = state->testDate; } else { PKIX_CHECK(PKIX_PL_Date_Create_UTCTime (NULL, &nowDate, plContext), PKIX_DATECREATEUTCTIMEFAILED); } PKIX_CHECK(PKIX_ComCRLSelParams_Create (&comCrlSelParams, plContext), PKIX_COMCRLSELPARAMSCREATEFAILED); PKIX_CHECK(PKIX_ComCRLSelParams_AddIssuerName (comCrlSelParams, certIssuer, plContext), PKIX_COMCRLSELPARAMSADDISSUERNAMEFAILED); PKIX_CHECK(PKIX_ComCRLSelParams_SetDateAndTime (comCrlSelParams, nowDate, plContext), PKIX_COMCRLSELPARAMSSETDATEANDTIMEFAILED); PKIX_CHECK(PKIX_ComCRLSelParams_SetNISTPolicyEnabled (comCrlSelParams, state->nistCRLPolicyEnabled, plContext), PKIX_COMCERTSELPARAMSSETNISTPOLICYENABLEDFAILED); PKIX_CHECK(PKIX_CRLSelector_Create (NULL, NULL, /* never used? (PKIX_PL_Object *)checker, */ &crlSelector, plContext), PKIX_CRLSELECTORCREATEFAILED); PKIX_CHECK(PKIX_CRLSelector_SetCommonCRLSelectorParams (crlSelector, comCrlSelParams, plContext), PKIX_CRLSELECTORSETCOMMONCRLSELECTORPARAMSFAILED); PKIX_DECREF(state->certIssuer); PKIX_INCREF(certIssuer); state->certIssuer = certIssuer; PKIX_DECREF(state->certSerialNumber); PKIX_INCREF(certSerialNumber); state->certSerialNumber = certSerialNumber; PKIX_DECREF(state->crlSelector); PKIX_INCREF(crlSelector); state->crlSelector = crlSelector; state->crlStoreIndex = 0; PKIX_CHECK(PKIX_List_GetLength (state->certStores, &(state->numCrlStores), plContext), PKIX_LISTGETLENGTHFAILED); state->certHasValidCrl = PKIX_FALSE; cleanup: PKIX_DECREF(certIssuer); PKIX_DECREF(certSerialNumber); PKIX_DECREF(nowDate); PKIX_DECREF(comCrlSelParams); PKIX_DECREF(crlSelector); PKIX_RETURN(CERTCHAINCHECKER); }