/* * FUNCTION: PKIX_PL_CRL_GetCriticalExtensionOIDs * (see comments in pkix_pl_pki.h) */ PKIX_Error * PKIX_PL_CRL_GetCriticalExtensionOIDs( PKIX_PL_CRL *crl, PKIX_List **pExtensions, /* list of PKIX_PL_OID */ void *plContext) { PKIX_List *oidsList = NULL; CERTCertExtension **extensions = NULL; CERTCrl *nssSignedCrl = NULL; PKIX_ENTER(CRL, "PKIX_PL_CRL_GetCriticalExtensionOIDs"); PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pExtensions); /* if we don't have a cached copy from before, we create one */ if (crl->critExtOids == NULL) { PKIX_OBJECT_LOCK(crl); nssSignedCrl = &(crl->nssSignedCrl->crl); extensions = nssSignedCrl->extensions; if (crl->critExtOids == NULL) { PKIX_CHECK(pkix_pl_OID_GetCriticalExtensionOIDs (extensions, &oidsList, plContext), PKIX_GETCRITICALEXTENSIONOIDSFAILED); crl->critExtOids = oidsList; } PKIX_OBJECT_UNLOCK(crl); } /* We should return a copy of the List since this list changes */ PKIX_DUPLICATE(crl->critExtOids, pExtensions, plContext, PKIX_OBJECTDUPLICATELISTFAILED); cleanup: PKIX_RETURN(CRL); }
/* * FUNCTION: pkix_pl_CRL_GetSignatureAlgId * * DESCRIPTION: * Retrieves a pointer to the OID that represents the signature algorithm of * the CRL pointed to by "crl" and stores it at "pSignatureAlgId". * * AlgorithmIdentifier ::= SEQUENCE { * algorithm OBJECT IDENTIFIER, * parameters ANY DEFINED BY algorithm OPTIONAL } * * PARAMETERS: * "crl" * Address of CRL whose signature algorithm OID is to be stored. * Must be non-NULL. * "pSignatureAlgId" * Address where object pointer will be stored. Must be non-NULL. * "plContext" * Platform-specific context pointer. * THREAD SAFETY: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) * RETURNS: * Returns NULL if the function succeeds. * Returns a CRL Error if the function fails in a non-fatal way. * Returns a Fatal Error if the function fails in an unrecoverable way. */ static PKIX_Error * pkix_pl_CRL_GetSignatureAlgId( PKIX_PL_CRL *crl, PKIX_PL_OID **pSignatureAlgId, void *plContext) { PKIX_PL_OID *signatureAlgId = NULL; PKIX_ENTER(CRL, "pkix_pl_CRL_GetSignatureAlgId"); PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pSignatureAlgId); /* if we don't have a cached copy from before, we create one */ if (crl->signatureAlgId == NULL){ PKIX_OBJECT_LOCK(crl); if (crl->signatureAlgId == NULL){ CERTCrl *nssCrl = &(crl->nssSignedCrl->crl); SECAlgorithmID *algorithm = &nssCrl->signatureAlg; SECItem *algBytes = &algorithm->algorithm; if (!algBytes->data || !algBytes->len) { PKIX_ERROR(PKIX_OIDBYTESLENGTH0); } PKIX_CHECK(PKIX_PL_OID_CreateBySECItem (algBytes, &signatureAlgId, plContext), PKIX_OIDCREATEFAILED); /* save a cached copy in case it is asked for again */ crl->signatureAlgId = signatureAlgId; signatureAlgId = NULL; } PKIX_OBJECT_UNLOCK(crl); } PKIX_INCREF(crl->signatureAlgId); *pSignatureAlgId = crl->signatureAlgId; cleanup: PKIX_DECREF(signatureAlgId); PKIX_RETURN(CRL); }
/* * FUNCTION: PKIX_PL_CRL_GetCRLNumber (see comments in pkix_pl_pki.h) */ PKIX_Error * PKIX_PL_CRL_GetCRLNumber( PKIX_PL_CRL *crl, PKIX_PL_BigInt **pCrlNumber, void *plContext) { PKIX_PL_BigInt *crlNumber = NULL; SECItem nssCrlNumber; PLArenaPool *arena = NULL; SECStatus status; PKIX_UInt32 length = 0; char *bytes = NULL; PKIX_ENTER(CRL, "PKIX_PL_CRL_GetCRLNumber"); PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pCrlNumber); /* Can call this function only with der been adopted. */ PORT_Assert(crl->adoptedDerCrl); if (!crl->crlNumberAbsent && crl->crlNumber == NULL) { PKIX_OBJECT_LOCK(crl); if (!crl->crlNumberAbsent && crl->crlNumber == NULL) { nssCrlNumber.type = 0; nssCrlNumber.len = 0; nssCrlNumber.data = NULL; PKIX_CRL_DEBUG("\t\tCalling PORT_NewArena).\n"); arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { PKIX_ERROR(PKIX_OUTOFMEMORY); } PKIX_CRL_DEBUG("\t\tCalling CERT_FindCRLNumberExten\n"); status = CERT_FindCRLNumberExten (arena, &crl->nssSignedCrl->crl, &nssCrlNumber); if (status == SECSuccess) { /* Get data in bytes then convert to bigint */ length = nssCrlNumber.len; bytes = (char *)nssCrlNumber.data; PKIX_CHECK(pkix_pl_BigInt_CreateWithBytes (bytes, length, &crlNumber, plContext), PKIX_BIGINTCREATEWITHBYTESFAILED); /* arena release does the job PKIX_CRL_DEBUG("\t\tCalling SECITEM_FreeItem\n"); SECITEM_FreeItem(&nssCrlNumber, PKIX_FALSE); */ crl->crlNumber = crlNumber; } else { crl->crlNumberAbsent = PKIX_TRUE; } } PKIX_OBJECT_UNLOCK(crl); } PKIX_INCREF(crl->crlNumber); *pCrlNumber = crl->crlNumber; cleanup: if (arena){ PKIX_CRL_DEBUG("\t\tCalling PORT_FreeArena).\n"); PORT_FreeArena(arena, PR_FALSE); } PKIX_RETURN(CRL); }