/*
* FUNCTION: PKIX_PL_CRL_GetCriticalExtensionOIDs
* (see comments in pkix_pl_pki.h)
*/
PKIX_Error *
PKIX_PL_CRL_GetCriticalExtensionOIDs(
PKIX_PL_CRL *crl,
PKIX_List **pExtensions, /* list of PKIX_PL_OID */
void *plContext)
{
PKIX_List *oidsList = NULL;
CERTCertExtension **extensions = NULL;
CERTCrl *nssSignedCrl = NULL;
PKIX_ENTER(CRL, "PKIX_PL_CRL_GetCriticalExtensionOIDs");
PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pExtensions);
/* if we don't have a cached copy from before, we create one */
if (crl->critExtOids == NULL) {
PKIX_OBJECT_LOCK(crl);
nssSignedCrl = &(crl->nssSignedCrl->crl);
extensions = nssSignedCrl->extensions;
if (crl->critExtOids == NULL) {
PKIX_CHECK(pkix_pl_OID_GetCriticalExtensionOIDs
(extensions, &oidsList, plContext),
PKIX_GETCRITICALEXTENSIONOIDSFAILED);
crl->critExtOids = oidsList;
}
PKIX_OBJECT_UNLOCK(crl);
}
/* We should return a copy of the List since this list changes */
PKIX_DUPLICATE(crl->critExtOids, pExtensions, plContext,
PKIX_OBJECTDUPLICATELISTFAILED);
cleanup:
PKIX_RETURN(CRL);
}
/*
* FUNCTION: pkix_pl_CRL_GetSignatureAlgId
*
* DESCRIPTION:
* Retrieves a pointer to the OID that represents the signature algorithm of
* the CRL pointed to by "crl" and stores it at "pSignatureAlgId".
*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL }
*
* PARAMETERS:
* "crl"
* Address of CRL whose signature algorithm OID is to be stored.
* Must be non-NULL.
* "pSignatureAlgId"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRL Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_CRL_GetSignatureAlgId(
PKIX_PL_CRL *crl,
PKIX_PL_OID **pSignatureAlgId,
void *plContext)
{
PKIX_PL_OID *signatureAlgId = NULL;
PKIX_ENTER(CRL, "pkix_pl_CRL_GetSignatureAlgId");
PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pSignatureAlgId);
/* if we don't have a cached copy from before, we create one */
if (crl->signatureAlgId == NULL){
PKIX_OBJECT_LOCK(crl);
if (crl->signatureAlgId == NULL){
CERTCrl *nssCrl = &(crl->nssSignedCrl->crl);
SECAlgorithmID *algorithm = &nssCrl->signatureAlg;
SECItem *algBytes = &algorithm->algorithm;
if (!algBytes->data || !algBytes->len) {
PKIX_ERROR(PKIX_OIDBYTESLENGTH0);
}
PKIX_CHECK(PKIX_PL_OID_CreateBySECItem
(algBytes, &signatureAlgId, plContext),
PKIX_OIDCREATEFAILED);
/* save a cached copy in case it is asked for again */
crl->signatureAlgId = signatureAlgId;
signatureAlgId = NULL;
}
PKIX_OBJECT_UNLOCK(crl);
}
PKIX_INCREF(crl->signatureAlgId);
*pSignatureAlgId = crl->signatureAlgId;
cleanup:
PKIX_DECREF(signatureAlgId);
PKIX_RETURN(CRL);
}
/*
* FUNCTION: PKIX_PL_CRL_GetCRLNumber (see comments in pkix_pl_pki.h)
*/
PKIX_Error *
PKIX_PL_CRL_GetCRLNumber(
PKIX_PL_CRL *crl,
PKIX_PL_BigInt **pCrlNumber,
void *plContext)
{
PKIX_PL_BigInt *crlNumber = NULL;
SECItem nssCrlNumber;
PLArenaPool *arena = NULL;
SECStatus status;
PKIX_UInt32 length = 0;
char *bytes = NULL;
PKIX_ENTER(CRL, "PKIX_PL_CRL_GetCRLNumber");
PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pCrlNumber);
/* Can call this function only with der been adopted. */
PORT_Assert(crl->adoptedDerCrl);
if (!crl->crlNumberAbsent && crl->crlNumber == NULL) {
PKIX_OBJECT_LOCK(crl);
if (!crl->crlNumberAbsent && crl->crlNumber == NULL) {
nssCrlNumber.type = 0;
nssCrlNumber.len = 0;
nssCrlNumber.data = NULL;
PKIX_CRL_DEBUG("\t\tCalling PORT_NewArena).\n");
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) {
PKIX_ERROR(PKIX_OUTOFMEMORY);
}
PKIX_CRL_DEBUG("\t\tCalling CERT_FindCRLNumberExten\n");
status = CERT_FindCRLNumberExten
(arena, &crl->nssSignedCrl->crl, &nssCrlNumber);
if (status == SECSuccess) {
/* Get data in bytes then convert to bigint */
length = nssCrlNumber.len;
bytes = (char *)nssCrlNumber.data;
PKIX_CHECK(pkix_pl_BigInt_CreateWithBytes
(bytes, length, &crlNumber, plContext),
PKIX_BIGINTCREATEWITHBYTESFAILED);
/* arena release does the job
PKIX_CRL_DEBUG("\t\tCalling SECITEM_FreeItem\n");
SECITEM_FreeItem(&nssCrlNumber, PKIX_FALSE);
*/
crl->crlNumber = crlNumber;
} else {
crl->crlNumberAbsent = PKIX_TRUE;
}
}
PKIX_OBJECT_UNLOCK(crl);
}
PKIX_INCREF(crl->crlNumber);
*pCrlNumber = crl->crlNumber;
cleanup:
if (arena){
PKIX_CRL_DEBUG("\t\tCalling PORT_FreeArena).\n");
PORT_FreeArena(arena, PR_FALSE);
}
PKIX_RETURN(CRL);
}
