/* * FUNCTION: pkix_RevocationChecker_Duplicate * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_RevocationChecker_Duplicate( PKIX_PL_Object *object, PKIX_PL_Object **pNewObject, void *plContext) { PKIX_RevocationChecker *checker = NULL; PKIX_RevocationChecker *checkerDuplicate = NULL; PKIX_List *dupLeafList = NULL; PKIX_List *dupChainList = NULL; PKIX_ENTER(REVOCATIONCHECKER, "pkix_RevocationChecker_Duplicate"); PKIX_NULLCHECK_TWO(object, pNewObject); PKIX_CHECK(pkix_CheckType (object, PKIX_REVOCATIONCHECKER_TYPE, plContext), PKIX_OBJECTNOTCERTCHAINCHECKER); checker = (PKIX_RevocationChecker *)object; if (checker->leafMethodList){ PKIX_CHECK(PKIX_PL_Object_Duplicate ((PKIX_PL_Object *)checker->leafMethodList, (PKIX_PL_Object **)&dupLeafList, plContext), PKIX_OBJECTDUPLICATEFAILED); } if (checker->chainMethodList){ PKIX_CHECK(PKIX_PL_Object_Duplicate ((PKIX_PL_Object *)checker->chainMethodList, (PKIX_PL_Object **)&dupChainList, plContext), PKIX_OBJECTDUPLICATEFAILED); } PKIX_CHECK( PKIX_RevocationChecker_Create(checker->leafMethodListFlags, checker->chainMethodListFlags, &checkerDuplicate, plContext), PKIX_REVOCATIONCHECKERCREATEFAILED); checkerDuplicate->leafMethodList = dupLeafList; checkerDuplicate->chainMethodList = dupChainList; dupLeafList = NULL; dupChainList = NULL; *pNewObject = (PKIX_PL_Object *)checkerDuplicate; cleanup: PKIX_DECREF(dupLeafList); PKIX_DECREF(dupChainList); PKIX_RETURN(REVOCATIONCHECKER); }
/* * FUNCTION: PKIX_List_ReverseList (see comments in pkix_util.h) */ PKIX_Error * PKIX_List_ReverseList( PKIX_List *list, PKIX_List **pReversedList, void *plContext) { PKIX_List *reversedList = NULL; PKIX_PL_Object *item = NULL; PKIX_PL_Object *duplicateItem = NULL; PKIX_UInt32 length, i; PKIX_ENTER(LIST, "pkix_List_ReverseList"); PKIX_NULLCHECK_TWO(list, pReversedList); if (!list->isHeader){ PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER); } length = list->length; /* Create a new list object */ PKIX_CHECK(PKIX_List_Create(&reversedList, plContext), PKIX_LISTCREATEINTERNALFAILED); /* * Starting with the last item and traversing backwards (from * the original list), append each item to the reversed list */ for (i = 1; i <= length; i++){ PKIX_CHECK(PKIX_List_GetItem (list, (length - i), &item, plContext), PKIX_LISTGETITEMFAILED); PKIX_CHECK(PKIX_PL_Object_Duplicate (item, &duplicateItem, plContext), PKIX_LISTDUPLICATEFAILED); PKIX_CHECK(PKIX_List_AppendItem (reversedList, duplicateItem, plContext), PKIX_LISTAPPENDITEMFAILED); PKIX_DECREF(item); PKIX_DECREF(duplicateItem); } *pReversedList = reversedList; cleanup: PKIX_DECREF(item); PKIX_DECREF(duplicateItem); if (PKIX_ERROR_RECEIVED){ PKIX_DECREF(reversedList); } PKIX_RETURN(LIST); }
/* * This test is the same as testDuplicateHelper, except that it * produces a more useful "Actual value" and "Expected value" * in the case of an unexpected mismatch. */ static void test_DuplicateHelper(PKIX_PolicyNode *object, void *plContext) { PKIX_PolicyNode *newObject = NULL; PKIX_Boolean cmpResult; PKIX_PL_String *original = NULL; PKIX_PL_String *copy = NULL; PKIX_TEST_STD_VARS(); subTest("testing pkix_PolicyNode_Duplicate"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate ((PKIX_PL_Object *)object, (PKIX_PL_Object **)&newObject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals ((PKIX_PL_Object *)object, (PKIX_PL_Object *)newObject, &cmpResult, plContext)); if (!cmpResult){ PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object*)object, &original, plContext)); testError("unexpected mismatch"); (void) printf ("original value:\t%s\n", original->escAsciiString); if (newObject) { PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString ((PKIX_PL_Object*)newObject, ©, plContext)); (void) printf ("copy value:\t%s\n", copy->escAsciiString); } else { (void) printf("copy value:\t(NULL)\n"); } } cleanup: PKIX_TEST_DECREF_AC(newObject); PKIX_TEST_DECREF_AC(original); PKIX_TEST_DECREF_AC(copy); PKIX_TEST_RETURN(); }
/* * FUNCTION: pkix_RevocationChecker_Duplicate * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_RevocationChecker_Duplicate( PKIX_PL_Object *object, PKIX_PL_Object **pNewObject, void *plContext) { PKIX_RevocationChecker *checker = NULL; PKIX_RevocationChecker *checkerDuplicate = NULL; PKIX_PL_Object *contextDuplicate = NULL; PKIX_ENTER(REVOCATIONCHECKER, "pkix_RevocationChecker_Duplicate"); PKIX_NULLCHECK_TWO(object, pNewObject); PKIX_CHECK(pkix_CheckType (object, PKIX_REVOCATIONCHECKER_TYPE, plContext), PKIX_OBJECTNOTCERTCHAINCHECKER); checker = (PKIX_RevocationChecker *)object; if (checker->revCheckerContext){ PKIX_CHECK(PKIX_PL_Object_Duplicate ((PKIX_PL_Object *)checker->revCheckerContext, (PKIX_PL_Object **)&contextDuplicate, plContext), PKIX_OBJECTDUPLICATEFAILED); } PKIX_CHECK(PKIX_RevocationChecker_Create (checker->checkCallback, contextDuplicate, &checkerDuplicate, plContext), PKIX_REVOCATIONCHECKERCREATEFAILED); *pNewObject = (PKIX_PL_Object *)checkerDuplicate; cleanup: PKIX_DECREF(contextDuplicate); PKIX_RETURN(REVOCATIONCHECKER); }
/* * FUNCTION: pkix_ComCertSelParams_Duplicate * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h) */ static PKIX_Error * pkix_ComCertSelParams_Duplicate( PKIX_PL_Object *object, PKIX_PL_Object **pNewObject, void *plContext) { PKIX_ComCertSelParams *params = NULL; PKIX_ComCertSelParams *paramsDuplicate = NULL; PKIX_ENTER(COMCERTSELPARAMS, "pkix_ComCertSelParams_Duplicate"); PKIX_NULLCHECK_TWO(object, pNewObject); PKIX_CHECK(pkix_CheckType (object, PKIX_COMCERTSELPARAMS_TYPE, plContext), PKIX_OBJECTNOTCOMCERTSELPARAMS); params = (PKIX_ComCertSelParams *)object; PKIX_CHECK(PKIX_ComCertSelParams_Create(¶msDuplicate, plContext), PKIX_COMCERTSELPARAMSCREATEFAILED); paramsDuplicate->minPathLength = params->minPathLength; paramsDuplicate->matchAllSubjAltNames = params->matchAllSubjAltNames; PKIX_DUPLICATE(params->subject, ¶msDuplicate->subject, plContext, PKIX_OBJECTDUPLICATEFAILED); PKIX_DUPLICATE(params->policies, ¶msDuplicate->policies, plContext, PKIX_OBJECTDUPLICATEFAILED); if (params->cert){ PKIX_CHECK(PKIX_PL_Object_Duplicate ((PKIX_PL_Object *)params->cert, (PKIX_PL_Object **)¶msDuplicate->cert, plContext), PKIX_OBJECTDUPLICATEFAILED); } PKIX_DUPLICATE (params->nameConstraints, ¶msDuplicate->nameConstraints, plContext, PKIX_OBJECTDUPLICATEFAILED); PKIX_DUPLICATE (params->pathToNames, ¶msDuplicate->pathToNames, plContext, PKIX_OBJECTDUPLICATEFAILED); PKIX_DUPLICATE (params->subjAltNames, ¶msDuplicate->subjAltNames, plContext, PKIX_OBJECTDUPLICATEFAILED); if (params->date){ PKIX_CHECK(PKIX_PL_Object_Duplicate ((PKIX_PL_Object *)params->date, (PKIX_PL_Object **)¶msDuplicate->date, plContext), PKIX_OBJECTDUPLICATEFAILED); } paramsDuplicate->keyUsage = params->keyUsage; PKIX_DUPLICATE(params->certValid, ¶msDuplicate->certValid, plContext, PKIX_OBJECTDUPLICATEFAILED); PKIX_DUPLICATE(params->issuer, ¶msDuplicate->issuer, plContext, PKIX_OBJECTDUPLICATEFAILED); PKIX_DUPLICATE(params->serialNumber, ¶msDuplicate->serialNumber, plContext, PKIX_OBJECTDUPLICATEFAILED); PKIX_DUPLICATE(params->authKeyId, ¶msDuplicate->authKeyId, plContext, PKIX_OBJECTDUPLICATEFAILED); PKIX_DUPLICATE(params->subjKeyId, ¶msDuplicate->subjKeyId, plContext, PKIX_OBJECTDUPLICATEFAILED); PKIX_DUPLICATE(params->subjPubKey, ¶msDuplicate->subjPubKey, plContext, PKIX_OBJECTDUPLICATEFAILED); PKIX_DUPLICATE(params->subjPKAlgId, ¶msDuplicate->subjPKAlgId, plContext, PKIX_OBJECTDUPLICATEFAILED); paramsDuplicate->leafCertFlag = params->leafCertFlag; *pNewObject = (PKIX_PL_Object *)paramsDuplicate; cleanup: if (PKIX_ERROR_RECEIVED){ PKIX_DECREF(paramsDuplicate); } PKIX_RETURN(COMCERTSELPARAMS); }
int test_comcertselparams(int argc, char *argv[]) { PKIX_UInt32 actualMinorVersion; PKIX_UInt32 j = 0; PKIX_PL_Cert *testCert = NULL; PKIX_PL_Cert *goodCert = NULL; PKIX_PL_Cert *equalCert = NULL; PKIX_PL_Cert *diffCert = NULL; PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL; PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL; PKIX_List *testPolicyInfos = NULL; /* CertPolicyInfos */ PKIX_List *cert2PolicyInfos = NULL; /* CertPolicyInfos */ PKIX_ComCertSelParams *goodParams = NULL; PKIX_ComCertSelParams *equalParams = NULL; PKIX_PL_X500Name *goodSubject = NULL; PKIX_PL_X500Name *equalSubject = NULL; PKIX_PL_X500Name *diffSubject = NULL; PKIX_PL_X500Name *testSubject = NULL; PKIX_Int32 goodMinPathLength = 0; PKIX_Int32 equalMinPathLength = 0; PKIX_Int32 diffMinPathLength = 0; PKIX_Int32 testMinPathLength = 0; PKIX_List *goodPolicies = NULL; /* OIDs */ PKIX_List *equalPolicies = NULL; /* OIDs */ PKIX_List *testPolicies = NULL; /* OIDs */ PKIX_List *cert2Policies = NULL; /* OIDs */ PKIX_PL_Date *testDate = NULL; PKIX_PL_Date *goodDate = NULL; PKIX_PL_Date *equalDate = NULL; PKIX_PL_String *stringRep = NULL; char *asciiRep = NULL; char *dirName = NULL; PKIX_TEST_STD_VARS(); if (argc < 2) { printUsage(); return (0); } startTests("ComCertSelParams"); PKIX_TEST_EXPECT_NO_ERROR( PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext)); dirName = argv[j + 1]; asciiRep = "050501000000Z"; PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiRep, 0, &stringRep, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(stringRep, &testDate, plContext)); testCert = createCert(dirName, "PoliciesP1234CACert.crt", plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(testCert, &testSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(testCert, &goodBasicConstraints, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(goodBasicConstraints, &testMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(testCert, &testPolicyInfos, plContext)); /* Convert from List of CertPolicyInfos to List of OIDs */ test_CreateOIDList(testPolicyInfos, &testPolicies); subTest("Create goodParams and set its fields"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(goodParams, testSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(goodParams, testMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(goodParams, testDate, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(goodParams, testPolicies, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(goodParams, testCert, plContext)); subTest("Duplicate goodParams and verify copy"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)goodParams, (PKIX_PL_Object **)&equalParams, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(goodParams, &goodSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(goodParams, &goodMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(goodParams, &goodCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(goodParams, &goodDate, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(goodParams, &goodPolicies, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(equalParams, &equalCert, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(equalParams, &equalDate, plContext)); testEqualsHelper((PKIX_PL_Object *)goodSubject, (PKIX_PL_Object *)equalSubject, PKIX_TRUE, plContext); if (goodMinPathLength != equalMinPathLength) { testError("unexpected mismatch"); (void)printf("goodMinPathLength:\t%d\n", goodMinPathLength); (void)printf("equalMinPathLength:\t%d\n", equalMinPathLength); } testEqualsHelper((PKIX_PL_Object *)goodPolicies, (PKIX_PL_Object *)equalPolicies, PKIX_TRUE, plContext); testEqualsHelper((PKIX_PL_Object *)goodCert, (PKIX_PL_Object *)equalCert, PKIX_TRUE, plContext); testEqualsHelper((PKIX_PL_Object *)goodDate, (PKIX_PL_Object *)equalDate, PKIX_TRUE, plContext); PKIX_TEST_DECREF_BC(equalSubject); PKIX_TEST_DECREF_BC(equalPolicies); PKIX_TEST_DECREF_BC(equalCert); PKIX_TEST_DECREF_AC(equalDate); subTest("Set different values and verify differences"); diffCert = createCert(dirName, "pathLenConstraint6CACert.crt", plContext); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffCert, &diffSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(diffCert, &diffBasicConstraints, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(diffBasicConstraints, &diffMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &cert2PolicyInfos, plContext)); test_CreateOIDList(cert2PolicyInfos, &cert2Policies); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject( equalParams, diffSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(equalParams, diffMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(equalParams, cert2Policies, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext)); testEqualsHelper((PKIX_PL_Object *)goodSubject, (PKIX_PL_Object *)equalSubject, PKIX_FALSE, plContext); if (goodMinPathLength == equalMinPathLength) { testError("unexpected match"); (void)printf("goodMinPathLength:\t%d\n", goodMinPathLength); (void)printf("equalMinPathLength:\t%d\n", equalMinPathLength); } testEqualsHelper((PKIX_PL_Object *)goodPolicies, (PKIX_PL_Object *)equalPolicies, PKIX_FALSE, plContext); test_NameConstraints(dirName); test_PathToNames(); test_SubjAltNames(); test_KeyUsages(); test_Version_Issuer_SerialNumber(); test_SubjKeyId_AuthKeyId(); test_SubjAlgId_SubjPublicKey(dirName); cleanup: PKIX_TEST_DECREF_AC(testSubject); PKIX_TEST_DECREF_AC(goodSubject); PKIX_TEST_DECREF_AC(equalSubject); PKIX_TEST_DECREF_AC(diffSubject); PKIX_TEST_DECREF_AC(testSubject); PKIX_TEST_DECREF_AC(goodPolicies); PKIX_TEST_DECREF_AC(equalPolicies); PKIX_TEST_DECREF_AC(testPolicies); PKIX_TEST_DECREF_AC(cert2Policies); PKIX_TEST_DECREF_AC(goodParams); PKIX_TEST_DECREF_AC(equalParams); PKIX_TEST_DECREF_AC(goodCert); PKIX_TEST_DECREF_AC(diffCert); PKIX_TEST_DECREF_AC(testCert); PKIX_TEST_DECREF_AC(goodBasicConstraints); PKIX_TEST_DECREF_AC(diffBasicConstraints); PKIX_TEST_DECREF_AC(testPolicyInfos); PKIX_TEST_DECREF_AC(cert2PolicyInfos); PKIX_TEST_DECREF_AC(stringRep); PKIX_TEST_DECREF_AC(testDate); PKIX_TEST_DECREF_AC(goodDate); PKIX_Shutdown(plContext); PKIX_TEST_RETURN(); endTests("ComCertSelParams"); return (0); }
static void test_CertChainChecker_Duplicate(PKIX_CertChainChecker *original) { PKIX_Boolean originalForward = PKIX_FALSE; PKIX_Boolean copyForward = PKIX_FALSE; PKIX_Boolean originalForwardDir = PKIX_FALSE; PKIX_Boolean copyForwardDir = PKIX_FALSE; PKIX_CertChainChecker *copy = NULL; PKIX_CertChainChecker_CheckCallback originalCallback = NULL; PKIX_CertChainChecker_CheckCallback copyCallback = NULL; PKIX_PL_Object *originalState = NULL; PKIX_PL_Object *copyState = NULL; PKIX_List *originalList = NULL; PKIX_List *copyList = NULL; PKIX_TEST_STD_VARS(); subTest("CertChainChecker_Duplicate"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate ((PKIX_PL_Object *)original, (PKIX_PL_Object **)©, plContext)); subTest("CertChainChecker_GetCheckCallback"); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCheckCallback (original, &originalCallback, plContext)); PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCheckCallback (copy, ©Callback, plContext)); if (originalCallback != copyCallback) { pkixTestErrorMsg = "CheckCallback functions are not equal!"; goto cleanup; } subTest("CertChainChecker_IsForwardCheckingSupported"); PKIX_TEST_EXPECT_NO_ERROR (PKIX_CertChainChecker_IsForwardCheckingSupported (original, &originalForward, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_CertChainChecker_IsForwardCheckingSupported (copy, ©Forward, plContext)); if (originalForward != copyForward) { pkixTestErrorMsg = "ForwardChecking booleans are not equal!"; goto cleanup; } subTest("CertChainChecker_IsForwardDirectionExpected"); PKIX_TEST_EXPECT_NO_ERROR (PKIX_CertChainChecker_IsForwardDirectionExpected (original, &originalForwardDir, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_CertChainChecker_IsForwardDirectionExpected (copy, ©ForwardDir, plContext)); if (originalForwardDir != copyForwardDir) { pkixTestErrorMsg = "ForwardDirection booleans are not equal!"; goto cleanup; } subTest("CertChainChecker_GetCertChainCheckerState"); PKIX_TEST_EXPECT_NO_ERROR (PKIX_CertChainChecker_GetCertChainCheckerState (original, &originalState, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_CertChainChecker_GetCertChainCheckerState (copy, ©State, plContext)); testEqualsHelper(originalState, copyState, PKIX_TRUE, plContext); subTest("CertChainChecker_GetSupportedExtensions"); PKIX_TEST_EXPECT_NO_ERROR (PKIX_CertChainChecker_GetSupportedExtensions (original, &originalList, plContext)); PKIX_TEST_EXPECT_NO_ERROR (PKIX_CertChainChecker_GetSupportedExtensions (copy, ©List, plContext)); testEqualsHelper ((PKIX_PL_Object *)originalList, (PKIX_PL_Object *)copyList, PKIX_TRUE, plContext); cleanup: PKIX_TEST_DECREF_AC(copy); PKIX_TEST_DECREF_AC(originalState); PKIX_TEST_DECREF_AC(copyState); PKIX_TEST_DECREF_AC(originalList); PKIX_TEST_DECREF_AC(copyList); PKIX_TEST_RETURN(); }
/* * This is the libpkix replacement for CERT_VerifyOCSPResponseSignature. * It is used if it has been set as the verifyFcn member of ocspChecker. */ PKIX_Error * PKIX_PL_OcspResponse_UseBuildChain( PKIX_PL_Cert *signerCert, PKIX_PL_Date *producedAt, PKIX_ProcessingParams *procParams, void **pNBIOContext, void **pState, PKIX_BuildResult **pBuildResult, PKIX_VerifyNode **pVerifyTree, void *plContext) { PKIX_ProcessingParams *caProcParams = NULL; PKIX_PL_Date *date = NULL; PKIX_ComCertSelParams *certSelParams = NULL; PKIX_CertSelector *certSelector = NULL; void *nbioContext = NULL; PKIX_Error *buildError = NULL; PKIX_ENTER(OCSPRESPONSE, "pkix_OcspResponse_UseBuildChain"); PKIX_NULLCHECK_THREE(signerCert, producedAt, procParams); PKIX_NULLCHECK_THREE(pNBIOContext, pState, pBuildResult); nbioContext = *pNBIOContext; *pNBIOContext = NULL; /* Are we resuming after a WOULDBLOCK return, or starting anew ? */ if (nbioContext == NULL) { /* Starting anew */ PKIX_CHECK(PKIX_PL_Object_Duplicate ((PKIX_PL_Object *)procParams, (PKIX_PL_Object **)&caProcParams, plContext), PKIX_OBJECTDUPLICATEFAILED); PKIX_CHECK(PKIX_ProcessingParams_SetDate(procParams, date, plContext), PKIX_PROCESSINGPARAMSSETDATEFAILED); /* create CertSelector with target certificate in params */ PKIX_CHECK(PKIX_CertSelector_Create (NULL, NULL, &certSelector, plContext), PKIX_CERTSELECTORCREATEFAILED); PKIX_CHECK(PKIX_ComCertSelParams_Create (&certSelParams, plContext), PKIX_COMCERTSELPARAMSCREATEFAILED); PKIX_CHECK(PKIX_ComCertSelParams_SetCertificate (certSelParams, signerCert, plContext), PKIX_COMCERTSELPARAMSSETCERTIFICATEFAILED); PKIX_CHECK(PKIX_CertSelector_SetCommonCertSelectorParams (certSelector, certSelParams, plContext), PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED); PKIX_CHECK(PKIX_ProcessingParams_SetTargetCertConstraints (caProcParams, certSelector, plContext), PKIX_PROCESSINGPARAMSSETTARGETCERTCONSTRAINTSFAILED); } buildError = PKIX_BuildChain (caProcParams, &nbioContext, pState, pBuildResult, pVerifyTree, plContext); /* non-null nbioContext means the build would block */ if (nbioContext != NULL) { *pNBIOContext = nbioContext; /* no buildResult means the build has failed */ } else if (buildError) { pkixErrorResult = buildError; buildError = NULL; } else { PKIX_DECREF(*pState); } cleanup: PKIX_DECREF(caProcParams); PKIX_DECREF(date); PKIX_DECREF(certSelParams); PKIX_DECREF(certSelector); PKIX_RETURN(OCSPRESPONSE); }