OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 /* | 4 /* |
5 * pkix_crlselector.c | 5 * pkix_crlselector.c |
6 * | 6 * |
7 * CRLSelector Function Definitions | 7 * CRLSelector Function Definitions |
8 * | 8 * |
9 */ | 9 */ |
10 | 10 |
11 #include "pkix_crlselector.h" | 11 #include "pkix_crlselector.h" |
12 | 12 |
13 /* --CRLSelector Private-Functions-------------------------------------- */ | 13 /* --CRLSelector Private-Functions-------------------------------------- */ |
14 | 14 |
15 /* | 15 /* |
16 * FUNCTION: pkix_CRLSelector_Destroy | 16 * FUNCTION: pkix_CRLSelector_Destroy |
17 * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h) | 17 * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h) |
18 */ | 18 */ |
19 static PKIX_Error * | 19 static PKIX_Error *pkix_CRLSelector_Destroy(PKIX_PL_Object *object, |
20 pkix_CRLSelector_Destroy( | 20 void *plContext) { |
21 PKIX_PL_Object *object, | 21 PKIX_CRLSelector *selector = NULL; |
22 void *plContext) | |
23 { | |
24 PKIX_CRLSelector *selector = NULL; | |
25 | 22 |
26 PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Destroy"); | 23 PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Destroy"); |
27 PKIX_NULLCHECK_ONE(object); | 24 PKIX_NULLCHECK_ONE(object); |
28 | 25 |
29 PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext), | 26 PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext), |
30 PKIX_OBJECTNOTCRLSELECTOR); | 27 PKIX_OBJECTNOTCRLSELECTOR); |
31 | 28 |
32 selector = (PKIX_CRLSelector *)object; | 29 selector = (PKIX_CRLSelector *)object; |
33 | 30 |
34 selector->matchCallback = NULL; | 31 selector->matchCallback = NULL; |
35 | 32 |
36 PKIX_DECREF(selector->params); | 33 PKIX_DECREF(selector->params); |
37 PKIX_DECREF(selector->context); | 34 PKIX_DECREF(selector->context); |
38 | 35 |
39 cleanup: | 36 cleanup: |
40 | 37 |
41 PKIX_RETURN(CRLSELECTOR); | 38 PKIX_RETURN(CRLSELECTOR); |
42 } | 39 } |
43 | 40 |
44 /* | 41 /* |
45 * FUNCTION: pkix_CRLSelector_ToString_Helper | 42 * FUNCTION: pkix_CRLSelector_ToString_Helper |
46 * | 43 * |
47 * DESCRIPTION: | 44 * DESCRIPTION: |
48 * Helper function that creates a string representation of CRLSelector | 45 * Helper function that creates a string representation of CRLSelector |
49 * pointed to by "crlParams" and stores its address in the object pointed to | 46 * pointed to by "crlParams" and stores its address in the object pointed to |
50 * by "pString". | 47 * by "pString". |
51 * | 48 * |
52 * PARAMETERS | 49 * PARAMETERS |
53 * "list" | 50 * "list" |
54 * Address of CRLSelector whose string representation is desired. | 51 * Address of CRLSelector whose string representation is desired. |
55 * Must be non-NULL. | 52 * Must be non-NULL. |
56 * "pString" | 53 * "pString" |
57 * Address of object pointer's destination. Must be non-NULL. | 54 * Address of object pointer's destination. Must be non-NULL. |
58 * "plContext" - Platform-specific context pointer. | 55 * "plContext" - Platform-specific context pointer. |
59 * | 56 * |
60 * THREAD SAFETY: | 57 * THREAD SAFETY: |
61 * Conditionally Thread Safe | 58 * Conditionally Thread Safe |
62 * (see Thread Safety Definitions in Programmer's Guide) | 59 * (see Thread Safety Definitions in Programmer's Guide) |
63 * | 60 * |
64 * RETURNS: | 61 * RETURNS: |
65 * Returns NULL if the function succeeds. | 62 * Returns NULL if the function succeeds. |
66 * Returns a CRLSelector Error if the function fails in a non-fatal way. | 63 * Returns a CRLSelector Error if the function fails in a non-fatal way. |
67 * Returns a Fatal Error if the function fails in an unrecoverable way. | 64 * Returns a Fatal Error if the function fails in an unrecoverable way. |
68 */ | 65 */ |
69 static PKIX_Error * | 66 static PKIX_Error *pkix_CRLSelector_ToString_Helper( |
70 pkix_CRLSelector_ToString_Helper( | 67 PKIX_CRLSelector *crlSelector, PKIX_PL_String **pString, void *plContext) { |
71 PKIX_CRLSelector *crlSelector, | 68 PKIX_PL_String *crlSelectorString = NULL; |
72 PKIX_PL_String **pString, | 69 PKIX_PL_String *formatString = NULL; |
73 void *plContext) | 70 PKIX_PL_String *crlParamsString = NULL; |
74 { | 71 PKIX_PL_String *crlContextString = NULL; |
75 PKIX_PL_String *crlSelectorString = NULL; | 72 char *asciiFormat = NULL; |
76 PKIX_PL_String *formatString = NULL; | 73 |
77 PKIX_PL_String *crlParamsString = NULL; | 74 PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_ToString_Helper"); |
78 PKIX_PL_String *crlContextString = NULL; | 75 PKIX_NULLCHECK_TWO(crlSelector, pString); |
79 char *asciiFormat = NULL; | 76 PKIX_NULLCHECK_ONE(crlSelector->params); |
80 | 77 |
81 PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_ToString_Helper"); | 78 asciiFormat = |
82 PKIX_NULLCHECK_TWO(crlSelector, pString); | 79 "\n\t[\n" |
83 PKIX_NULLCHECK_ONE(crlSelector->params); | 80 "\tMatchCallback: 0x%x\n" |
84 | 81 "\tParams: %s\n" |
85 asciiFormat = | 82 "\tContext: %s\n" |
86 "\n\t[\n" | 83 "\t]\n"; |
87 "\tMatchCallback: 0x%x\n" | 84 |
88 "\tParams: %s\n" | 85 PKIX_CHECK(PKIX_PL_String_Create(PKIX_ESCASCII, asciiFormat, 0, &formatString, |
89 "\tContext: %s\n" | 86 plContext), |
90 "\t]\n"; | 87 PKIX_STRINGCREATEFAILED); |
91 | 88 |
92 PKIX_CHECK(PKIX_PL_String_Create | 89 /* Params */ |
93 (PKIX_ESCASCII, | 90 PKIX_TOSTRING((PKIX_PL_Object *)crlSelector->params, &crlParamsString, |
94 asciiFormat, | 91 plContext, PKIX_COMCRLSELPARAMSTOSTRINGFAILED); |
95 0, | 92 |
96 &formatString, | 93 /* Context */ |
97 plContext), | 94 PKIX_TOSTRING(crlSelector->context, &crlContextString, plContext, |
98 PKIX_STRINGCREATEFAILED); | 95 PKIX_LISTTOSTRINGFAILED); |
99 | 96 |
100 /* Params */ | 97 PKIX_CHECK(PKIX_PL_Sprintf(&crlSelectorString, plContext, formatString, |
101 PKIX_TOSTRING | 98 crlSelector->matchCallback, crlParamsString, |
102 ((PKIX_PL_Object *)crlSelector->params, | 99 crlContextString), |
103 &crlParamsString, | 100 PKIX_SPRINTFFAILED); |
104 plContext, | 101 |
105 PKIX_COMCRLSELPARAMSTOSTRINGFAILED); | 102 *pString = crlSelectorString; |
106 | 103 |
107 /* Context */ | 104 cleanup: |
108 PKIX_TOSTRING(crlSelector->context, &crlContextString, plContext, | 105 |
109 PKIX_LISTTOSTRINGFAILED); | 106 PKIX_DECREF(crlParamsString); |
110 | 107 PKIX_DECREF(crlContextString); |
111 PKIX_CHECK(PKIX_PL_Sprintf | 108 PKIX_DECREF(formatString); |
112 (&crlSelectorString, | 109 |
113 plContext, | 110 PKIX_RETURN(CRLSELECTOR); |
114 formatString, | |
115 crlSelector->matchCallback, | |
116 crlParamsString, | |
117 crlContextString), | |
118 PKIX_SPRINTFFAILED); | |
119 | |
120 *pString = crlSelectorString; | |
121 | |
122 cleanup: | |
123 | |
124 PKIX_DECREF(crlParamsString); | |
125 PKIX_DECREF(crlContextString); | |
126 PKIX_DECREF(formatString); | |
127 | |
128 PKIX_RETURN(CRLSELECTOR); | |
129 } | 111 } |
130 | 112 |
131 /* | 113 /* |
132 * FUNCTION: pkix_CRLSelector_ToString | 114 * FUNCTION: pkix_CRLSelector_ToString |
133 * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) | 115 * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) |
134 */ | 116 */ |
135 static PKIX_Error * | 117 static PKIX_Error *pkix_CRLSelector_ToString(PKIX_PL_Object *object, |
136 pkix_CRLSelector_ToString( | 118 PKIX_PL_String **pString, |
137 PKIX_PL_Object *object, | 119 void *plContext) { |
138 PKIX_PL_String **pString, | 120 PKIX_PL_String *crlSelectorString = NULL; |
139 void *plContext) | 121 PKIX_CRLSelector *crlSelector = NULL; |
140 { | 122 |
141 PKIX_PL_String *crlSelectorString = NULL; | 123 PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_ToString"); |
142 PKIX_CRLSelector *crlSelector = NULL; | 124 PKIX_NULLCHECK_TWO(object, pString); |
143 | 125 |
144 PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_ToString"); | 126 PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext), |
145 PKIX_NULLCHECK_TWO(object, pString); | 127 PKIX_OBJECTNOTCRLSELECTOR); |
146 | 128 |
147 PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext), | 129 crlSelector = (PKIX_CRLSelector *)object; |
148 PKIX_OBJECTNOTCRLSELECTOR); | 130 |
149 | 131 PKIX_CHECK(pkix_CRLSelector_ToString_Helper(crlSelector, &crlSelectorString, |
150 crlSelector = (PKIX_CRLSelector *) object; | 132 plContext), |
151 | 133 PKIX_CRLSELECTORTOSTRINGHELPERFAILED); |
152 PKIX_CHECK(pkix_CRLSelector_ToString_Helper | 134 |
153 (crlSelector, &crlSelectorString, plContext), | 135 *pString = crlSelectorString; |
154 PKIX_CRLSELECTORTOSTRINGHELPERFAILED); | 136 |
155 | 137 cleanup: |
156 *pString = crlSelectorString; | 138 |
157 | 139 PKIX_RETURN(CRLSELECTOR); |
158 cleanup: | |
159 | |
160 PKIX_RETURN(CRLSELECTOR); | |
161 } | 140 } |
162 | 141 |
163 /* | 142 /* |
164 * FUNCTION: pkix_CRLSelector_Hashcode | 143 * FUNCTION: pkix_CRLSelector_Hashcode |
165 * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h) | 144 * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h) |
166 */ | 145 */ |
167 static PKIX_Error * | 146 static PKIX_Error *pkix_CRLSelector_Hashcode(PKIX_PL_Object *object, |
168 pkix_CRLSelector_Hashcode( | 147 PKIX_UInt32 *pHashcode, |
169 PKIX_PL_Object *object, | 148 void *plContext) { |
170 PKIX_UInt32 *pHashcode, | 149 PKIX_UInt32 paramsHash = 0; |
171 void *plContext) | 150 PKIX_UInt32 contextHash = 0; |
172 { | 151 PKIX_UInt32 hash = 0; |
173 PKIX_UInt32 paramsHash = 0; | 152 |
174 PKIX_UInt32 contextHash = 0; | 153 PKIX_CRLSelector *crlSelector = NULL; |
175 PKIX_UInt32 hash = 0; | 154 |
176 | 155 PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Hashcode"); |
177 PKIX_CRLSelector *crlSelector = NULL; | 156 PKIX_NULLCHECK_TWO(object, pHashcode); |
178 | 157 |
179 PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Hashcode"); | 158 PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext), |
180 PKIX_NULLCHECK_TWO(object, pHashcode); | 159 PKIX_OBJECTNOTCRLSELECTOR); |
181 | 160 |
182 PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext), | 161 crlSelector = (PKIX_CRLSelector *)object; |
183 PKIX_OBJECTNOTCRLSELECTOR); | 162 |
184 | 163 PKIX_HASHCODE(crlSelector->params, ¶msHash, plContext, |
185 crlSelector = (PKIX_CRLSelector *)object; | |
186 | |
187 PKIX_HASHCODE(crlSelector->params, ¶msHash, plContext, | |
188 PKIX_OBJECTHASHCODEFAILED); | 164 PKIX_OBJECTHASHCODEFAILED); |
189 | 165 |
190 PKIX_HASHCODE(crlSelector->context, &contextHash, plContext, | 166 PKIX_HASHCODE(crlSelector->context, &contextHash, plContext, |
191 PKIX_OBJECTHASHCODEFAILED); | 167 PKIX_OBJECTHASHCODEFAILED); |
192 | 168 |
193 hash = 31 * ((PKIX_UInt32)crlSelector->matchCallback + | 169 hash = 31 * ((PKIX_UInt32)crlSelector->matchCallback + (contextHash << 3)) + |
194 (contextHash << 3)) + paramsHash; | 170 paramsHash; |
195 | 171 |
196 *pHashcode = hash; | 172 *pHashcode = hash; |
197 | 173 |
198 cleanup: | 174 cleanup: |
199 | 175 |
200 PKIX_RETURN(CRLSELECTOR); | 176 PKIX_RETURN(CRLSELECTOR); |
201 } | 177 } |
202 | 178 |
203 /* | 179 /* |
204 * FUNCTION: pkix_CRLSelector_Equals | 180 * FUNCTION: pkix_CRLSelector_Equals |
205 * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h) | 181 * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h) |
206 */ | 182 */ |
207 static PKIX_Error * | 183 static PKIX_Error *pkix_CRLSelector_Equals(PKIX_PL_Object *firstObject, |
208 pkix_CRLSelector_Equals( | 184 PKIX_PL_Object *secondObject, |
209 PKIX_PL_Object *firstObject, | 185 PKIX_Boolean *pResult, |
210 PKIX_PL_Object *secondObject, | 186 void *plContext) { |
211 PKIX_Boolean *pResult, | 187 PKIX_CRLSelector *firstCrlSelector = NULL; |
212 void *plContext) | 188 PKIX_CRLSelector *secondCrlSelector = NULL; |
213 { | 189 PKIX_UInt32 secondType; |
214 PKIX_CRLSelector *firstCrlSelector = NULL; | 190 PKIX_Boolean cmpResult = PKIX_FALSE; |
215 PKIX_CRLSelector *secondCrlSelector = NULL; | 191 |
216 PKIX_UInt32 secondType; | 192 PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Equals"); |
217 PKIX_Boolean cmpResult = PKIX_FALSE; | 193 PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult); |
218 | 194 |
219 PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Equals"); | 195 /* test that firstObject is a CRLSelector */ |
220 PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult); | 196 PKIX_CHECK(pkix_CheckType(firstObject, PKIX_CRLSELECTOR_TYPE, plContext), |
221 | 197 PKIX_FIRSTOBJECTNOTCRLSELECTOR); |
222 /* test that firstObject is a CRLSelector */ | 198 |
223 PKIX_CHECK(pkix_CheckType | 199 firstCrlSelector = (PKIX_CRLSelector *)firstObject; |
224 (firstObject, PKIX_CRLSELECTOR_TYPE, plContext), | 200 secondCrlSelector = (PKIX_CRLSelector *)secondObject; |
225 PKIX_FIRSTOBJECTNOTCRLSELECTOR); | 201 |
226 | 202 /* |
227 firstCrlSelector = (PKIX_CRLSelector *)firstObject; | 203 * Since we know firstObject is a CRLSelector, if both references are |
228 secondCrlSelector = (PKIX_CRLSelector *)secondObject; | 204 * identical, they must be equal |
229 | 205 */ |
230 /* | 206 if (firstCrlSelector == secondCrlSelector) { |
231 * Since we know firstObject is a CRLSelector, if both references are | 207 *pResult = PKIX_TRUE; |
232 * identical, they must be equal | 208 goto cleanup; |
233 */ | 209 } |
234 if (firstCrlSelector == secondCrlSelector){ | 210 |
235 *pResult = PKIX_TRUE; | 211 /* |
236 goto cleanup; | 212 * If secondCRLSelector isn't a CRLSelector, we don't throw an error. |
237 } | 213 * We simply return a Boolean result of FALSE |
238 | 214 */ |
239 /* | 215 *pResult = PKIX_FALSE; |
240 * If secondCRLSelector isn't a CRLSelector, we don't throw an error. | 216 PKIX_CHECK(PKIX_PL_Object_GetType((PKIX_PL_Object *)secondCrlSelector, |
241 * We simply return a Boolean result of FALSE | 217 &secondType, plContext), |
242 */ | 218 PKIX_COULDNOTGETTYPEOFSECONDARGUMENT); |
243 *pResult = PKIX_FALSE; | 219 |
244 PKIX_CHECK(PKIX_PL_Object_GetType | 220 if (secondType != PKIX_CRLSELECTOR_TYPE) { |
245 ((PKIX_PL_Object *)secondCrlSelector, | 221 goto cleanup; |
246 &secondType, | 222 } |
247 plContext), | 223 |
248 PKIX_COULDNOTGETTYPEOFSECONDARGUMENT); | 224 /* Compare MatchCallback address */ |
249 | 225 cmpResult = |
250 if (secondType != PKIX_CRLSELECTOR_TYPE) { | 226 (firstCrlSelector->matchCallback == secondCrlSelector->matchCallback); |
251 goto cleanup; | 227 |
252 } | 228 if (cmpResult == PKIX_FALSE) { |
253 | 229 goto cleanup; |
254 /* Compare MatchCallback address */ | 230 } |
255 cmpResult = (firstCrlSelector->matchCallback == | 231 |
256 secondCrlSelector->matchCallback); | 232 /* Compare Common CRL Selector Params */ |
257 | 233 PKIX_EQUALS(firstCrlSelector->params, secondCrlSelector->params, &cmpResult, |
258 if (cmpResult == PKIX_FALSE) { | 234 plContext, PKIX_COMCRLSELPARAMSEQUALSFAILED); |
259 goto cleanup; | 235 |
260 } | 236 if (cmpResult == PKIX_FALSE) { |
261 | 237 goto cleanup; |
262 /* Compare Common CRL Selector Params */ | 238 } |
263 PKIX_EQUALS | 239 |
264 (firstCrlSelector->params, | 240 /* Compare Context */ |
265 secondCrlSelector->params, | 241 PKIX_EQUALS(firstCrlSelector->context, secondCrlSelector->context, &cmpResult, |
266 &cmpResult, | 242 plContext, PKIX_COMCRLSELPARAMSEQUALSFAILED); |
267 plContext, | 243 |
268 PKIX_COMCRLSELPARAMSEQUALSFAILED); | 244 *pResult = cmpResult; |
269 | 245 |
270 | 246 cleanup: |
271 if (cmpResult == PKIX_FALSE) { | 247 |
272 goto cleanup; | 248 PKIX_RETURN(CRLSELECTOR); |
273 } | |
274 | |
275 /* Compare Context */ | |
276 PKIX_EQUALS | |
277 (firstCrlSelector->context, | |
278 secondCrlSelector->context, | |
279 &cmpResult, | |
280 plContext, | |
281 PKIX_COMCRLSELPARAMSEQUALSFAILED); | |
282 | |
283 *pResult = cmpResult; | |
284 | |
285 cleanup: | |
286 | |
287 PKIX_RETURN(CRLSELECTOR); | |
288 } | 249 } |
289 | 250 |
290 /* | 251 /* |
291 * FUNCTION: pkix_CRLSelector_Duplicate | 252 * FUNCTION: pkix_CRLSelector_Duplicate |
292 * (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h) | 253 * (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h) |
293 */ | 254 */ |
294 static PKIX_Error * | 255 static PKIX_Error *pkix_CRLSelector_Duplicate(PKIX_PL_Object *object, |
295 pkix_CRLSelector_Duplicate( | 256 PKIX_PL_Object **pNewObject, |
296 PKIX_PL_Object *object, | 257 void *plContext) { |
297 PKIX_PL_Object **pNewObject, | 258 PKIX_CRLSelector *old; |
298 void *plContext) | 259 PKIX_CRLSelector *new = NULL; |
299 { | 260 |
300 PKIX_CRLSelector *old; | 261 PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Duplicate"); |
301 PKIX_CRLSelector *new = NULL; | 262 PKIX_NULLCHECK_TWO(object, pNewObject); |
302 | 263 |
303 PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Duplicate"); | 264 PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext), |
304 PKIX_NULLCHECK_TWO(object, pNewObject); | 265 PKIX_OBJECTNOTCRLSELECTOR); |
305 | 266 |
306 PKIX_CHECK(pkix_CheckType | 267 old = (PKIX_CRLSelector *)object; |
307 (object, PKIX_CRLSELECTOR_TYPE, plContext), | 268 |
308 PKIX_OBJECTNOTCRLSELECTOR); | 269 PKIX_CHECK(PKIX_PL_Object_Alloc(PKIX_CRLSELECTOR_TYPE, |
309 | 270 (PKIX_UInt32)(sizeof(PKIX_CRLSelector)), |
310 old = (PKIX_CRLSelector *)object; | 271 (PKIX_PL_Object **)&new, plContext), |
311 | 272 PKIX_CREATECRLSELECTORDUPLICATEOBJECTFAILED); |
312 PKIX_CHECK(PKIX_PL_Object_Alloc | 273 |
313 (PKIX_CRLSELECTOR_TYPE, | 274 new->matchCallback = old->matchCallback; |
314 (PKIX_UInt32)(sizeof (PKIX_CRLSelector)), | 275 |
315 (PKIX_PL_Object **)&new, | 276 PKIX_DUPLICATE(old->params, &new->params, plContext, |
316 plContext), | 277 PKIX_OBJECTDUPLICATEPARAMSFAILED); |
317 PKIX_CREATECRLSELECTORDUPLICATEOBJECTFAILED); | 278 |
318 | 279 PKIX_DUPLICATE(old->context, &new->context, plContext, |
319 new->matchCallback = old->matchCallback; | 280 PKIX_OBJECTDUPLICATECONTEXTFAILED); |
320 | 281 |
321 PKIX_DUPLICATE(old->params, &new->params, plContext, | 282 *pNewObject = (PKIX_PL_Object *)new; |
322 PKIX_OBJECTDUPLICATEPARAMSFAILED); | 283 |
323 | 284 cleanup: |
324 PKIX_DUPLICATE(old->context, &new->context, plContext, | 285 |
325 PKIX_OBJECTDUPLICATECONTEXTFAILED); | 286 if (PKIX_ERROR_RECEIVED) { |
326 | 287 PKIX_DECREF(new); |
327 *pNewObject = (PKIX_PL_Object *)new; | 288 } |
328 | 289 |
329 cleanup: | 290 PKIX_RETURN(CRLSELECTOR); |
330 | |
331 if (PKIX_ERROR_RECEIVED){ | |
332 PKIX_DECREF(new); | |
333 } | |
334 | |
335 PKIX_RETURN(CRLSELECTOR); | |
336 } | 291 } |
337 | 292 |
338 /* | 293 /* |
339 * FUNCTION: pkix_CRLSelector_DefaultMatch | 294 * FUNCTION: pkix_CRLSelector_DefaultMatch |
340 * | 295 * |
341 * DESCRIPTION: | 296 * DESCRIPTION: |
342 * This function compares the parameter values (Issuer, date, and CRL number) | 297 * This function compares the parameter values (Issuer, date, and CRL number) |
343 * set in the ComCRLSelParams of the CRLSelector pointed to by "selector" with | 298 * set in the ComCRLSelParams of the CRLSelector pointed to by "selector" with |
344 * the corresponding values in the CRL pointed to by "crl". When all the | 299 * the corresponding values in the CRL pointed to by "crl". When all the |
345 * criteria set in the parameter values match the values in "crl", PKIX_TRUE is | 300 * criteria set in the parameter values match the values in "crl", PKIX_TRUE is |
(...skipping 13 matching lines...) Expand all Loading... |
359 * | 314 * |
360 * THREAD SAFETY: | 315 * THREAD SAFETY: |
361 * Conditionally Thread Safe | 316 * Conditionally Thread Safe |
362 * (see Thread Safety Definitions in Programmer's Guide) | 317 * (see Thread Safety Definitions in Programmer's Guide) |
363 * | 318 * |
364 * RETURNS: | 319 * RETURNS: |
365 * Returns NULL if the function succeeds. | 320 * Returns NULL if the function succeeds. |
366 * Returns a CRLSelector Error if the function fails in a non-fatal way. | 321 * Returns a CRLSelector Error if the function fails in a non-fatal way. |
367 * Returns a Fatal Error if the function fails in an unrecoverable way. | 322 * Returns a Fatal Error if the function fails in an unrecoverable way. |
368 */ | 323 */ |
369 static PKIX_Error * | 324 static PKIX_Error *pkix_CRLSelector_DefaultMatch(PKIX_CRLSelector *selector, |
370 pkix_CRLSelector_DefaultMatch( | 325 PKIX_PL_CRL *crl, |
371 PKIX_CRLSelector *selector, | 326 PKIX_Boolean *pMatch, |
372 PKIX_PL_CRL *crl, | 327 void *plContext) { |
373 PKIX_Boolean *pMatch, | 328 PKIX_ComCRLSelParams *params = NULL; |
374 void *plContext) | 329 PKIX_PL_X500Name *crlIssuerName = NULL; |
375 { | 330 PKIX_PL_X500Name *issuerName = NULL; |
376 PKIX_ComCRLSelParams *params = NULL; | 331 PKIX_List *selIssuerNames = NULL; |
377 PKIX_PL_X500Name *crlIssuerName = NULL; | 332 PKIX_PL_Date *selDate = NULL; |
378 PKIX_PL_X500Name *issuerName = NULL; | 333 PKIX_Boolean result = PKIX_TRUE; |
379 PKIX_List *selIssuerNames = NULL; | 334 PKIX_UInt32 numIssuers = 0; |
380 PKIX_PL_Date *selDate = NULL; | 335 PKIX_UInt32 i; |
381 PKIX_Boolean result = PKIX_TRUE; | 336 PKIX_PL_BigInt *minCRLNumber = NULL; |
382 PKIX_UInt32 numIssuers = 0; | 337 PKIX_PL_BigInt *maxCRLNumber = NULL; |
383 PKIX_UInt32 i; | 338 PKIX_PL_BigInt *crlNumber = NULL; |
384 PKIX_PL_BigInt *minCRLNumber = NULL; | 339 PKIX_Boolean nistPolicyEnabled = PKIX_FALSE; |
385 PKIX_PL_BigInt *maxCRLNumber = NULL; | 340 |
386 PKIX_PL_BigInt *crlNumber = NULL; | 341 PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_DefaultMatch"); |
387 PKIX_Boolean nistPolicyEnabled = PKIX_FALSE; | 342 PKIX_NULLCHECK_TWO(selector, crl); |
388 | 343 |
389 PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_DefaultMatch"); | 344 *pMatch = PKIX_TRUE; |
390 PKIX_NULLCHECK_TWO(selector, crl); | 345 params = selector->params; |
391 | 346 |
392 *pMatch = PKIX_TRUE; | 347 /* No matching parameter provided, just a match */ |
393 params = selector->params; | 348 if (params == NULL) { |
394 | 349 goto cleanup; |
395 /* No matching parameter provided, just a match */ | 350 } |
396 if (params == NULL) { | 351 |
397 goto cleanup; | 352 PKIX_CHECK( |
398 } | 353 PKIX_ComCRLSelParams_GetIssuerNames(params, &selIssuerNames, plContext), |
399 | 354 PKIX_COMCRLSELPARAMSGETISSUERNAMESFAILED); |
400 PKIX_CHECK(PKIX_ComCRLSelParams_GetIssuerNames | 355 |
401 (params, &selIssuerNames, plContext), | 356 /* Check for Issuers */ |
402 PKIX_COMCRLSELPARAMSGETISSUERNAMESFAILED); | 357 if (selIssuerNames != NULL) { |
403 | 358 |
404 /* Check for Issuers */ | 359 result = PKIX_FALSE; |
405 if (selIssuerNames != NULL){ | 360 |
406 | 361 PKIX_CHECK(PKIX_PL_CRL_GetIssuer(crl, &crlIssuerName, plContext), |
407 result = PKIX_FALSE; | 362 PKIX_CRLGETISSUERFAILED); |
408 | 363 |
409 PKIX_CHECK(PKIX_PL_CRL_GetIssuer | 364 PKIX_CHECK(PKIX_List_GetLength(selIssuerNames, &numIssuers, plContext), |
410 (crl, &crlIssuerName, plContext), | 365 PKIX_LISTGETLENGTHFAILED); |
411 PKIX_CRLGETISSUERFAILED); | 366 |
412 | 367 for (i = 0; i < numIssuers; i++) { |
413 PKIX_CHECK(PKIX_List_GetLength | 368 |
414 (selIssuerNames, &numIssuers, plContext), | 369 PKIX_CHECK(PKIX_List_GetItem(selIssuerNames, i, |
415 PKIX_LISTGETLENGTHFAILED); | 370 (PKIX_PL_Object **)&issuerName, plContext), |
416 | 371 PKIX_LISTGETITEMFAILED); |
417 for (i = 0; i < numIssuers; i++){ | 372 |
418 | 373 PKIX_CHECK( |
419 PKIX_CHECK(PKIX_List_GetItem | 374 PKIX_PL_X500Name_Match(crlIssuerName, issuerName, &result, plContext), |
420 (selIssuerNames, | 375 PKIX_X500NAMEMATCHFAILED); |
421 i, | 376 |
422 (PKIX_PL_Object **)&issuerName, | 377 PKIX_DECREF(issuerName); |
423 plContext), | 378 |
424 PKIX_LISTGETITEMFAILED); | 379 if (result == PKIX_TRUE) { |
425 | 380 break; |
426 PKIX_CHECK(PKIX_PL_X500Name_Match | 381 } |
427 (crlIssuerName, | 382 } |
428 issuerName, | 383 |
429 &result, | 384 if (result == PKIX_FALSE) { |
430 plContext), | 385 PKIX_CRLSELECTOR_DEBUG("Issuer Match Failed\N"); |
431 PKIX_X500NAMEMATCHFAILED); | 386 *pMatch = PKIX_FALSE; |
432 | 387 goto cleanup; |
433 PKIX_DECREF(issuerName); | 388 } |
434 | 389 } |
435 if (result == PKIX_TRUE) { | 390 |
436 break; | 391 PKIX_CHECK(PKIX_ComCRLSelParams_GetDateAndTime(params, &selDate, plContext), |
437 } | 392 PKIX_COMCRLSELPARAMSGETDATEANDTIMEFAILED); |
438 } | 393 |
439 | 394 /* Check for Date */ |
440 if (result == PKIX_FALSE) { | 395 if (selDate != NULL) { |
441 PKIX_CRLSELECTOR_DEBUG("Issuer Match Failed\N"); | 396 |
442 *pMatch = PKIX_FALSE; | 397 PKIX_CHECK(PKIX_ComCRLSelParams_GetNISTPolicyEnabled( |
443 goto cleanup; | 398 params, &nistPolicyEnabled, plContext), |
444 } | 399 PKIX_COMCRLSELPARAMSGETNISTPOLICYENABLEDFAILED); |
445 | 400 |
446 } | 401 /* check crl dates only for if NIST policies enforced */ |
447 | 402 if (nistPolicyEnabled) { |
448 PKIX_CHECK(PKIX_ComCRLSelParams_GetDateAndTime | 403 result = PKIX_FALSE; |
449 (params, &selDate, plContext), | 404 |
450 PKIX_COMCRLSELPARAMSGETDATEANDTIMEFAILED); | 405 PKIX_CHECK(PKIX_PL_CRL_VerifyUpdateTime(crl, selDate, &result, plContext), |
451 | 406 PKIX_CRLVERIFYUPDATETIMEFAILED); |
452 /* Check for Date */ | 407 |
453 if (selDate != NULL){ | 408 if (result == PKIX_FALSE) { |
454 | 409 *pMatch = PKIX_FALSE; |
455 PKIX_CHECK(PKIX_ComCRLSelParams_GetNISTPolicyEnabled | 410 goto cleanup; |
456 (params, &nistPolicyEnabled, plContext), | 411 } |
457 PKIX_COMCRLSELPARAMSGETNISTPOLICYENABLEDFAILED); | 412 } |
458 | 413 } |
459 /* check crl dates only for if NIST policies enforced */ | 414 |
460 if (nistPolicyEnabled) { | 415 /* Check for CRL number in range */ |
461 result = PKIX_FALSE; | 416 PKIX_CHECK(PKIX_PL_CRL_GetCRLNumber(crl, &crlNumber, plContext), |
462 ···················· | 417 PKIX_CRLGETCRLNUMBERFAILED); |
463 PKIX_CHECK(PKIX_PL_CRL_VerifyUpdateTime | 418 |
464 (crl, selDate, &result, plContext), | 419 if (crlNumber != NULL) { |
465 PKIX_CRLVERIFYUPDATETIMEFAILED); | 420 result = PKIX_FALSE; |
466 ···················· | 421 |
467 if (result == PKIX_FALSE) { | 422 PKIX_CHECK( |
468 *pMatch = PKIX_FALSE; | 423 PKIX_ComCRLSelParams_GetMinCRLNumber(params, &minCRLNumber, plContext), |
469 goto cleanup; | 424 PKIX_COMCRLSELPARAMSGETMINCRLNUMBERFAILED); |
470 } | 425 |
471 } | 426 if (minCRLNumber != NULL) { |
472 | 427 |
473 } | 428 PKIX_CHECK(PKIX_PL_Object_Compare((PKIX_PL_Object *)minCRLNumber, |
474 | 429 (PKIX_PL_Object *)crlNumber, &result, |
475 /* Check for CRL number in range */ | 430 plContext), |
476 PKIX_CHECK(PKIX_PL_CRL_GetCRLNumber(crl, &crlNumber, plContext), | 431 PKIX_OBJECTCOMPARATORFAILED); |
477 PKIX_CRLGETCRLNUMBERFAILED); | 432 |
478 | 433 if (result == 1) { |
479 if (crlNumber != NULL) { | 434 PKIX_CRLSELECTOR_DEBUG("CRL MinNumber Range Match Failed\n"); |
480 result = PKIX_FALSE; | 435 *pMatch = PKIX_FALSE; |
481 | 436 goto cleanup; |
482 PKIX_CHECK(PKIX_ComCRLSelParams_GetMinCRLNumber | 437 } |
483 (params, &minCRLNumber, plContext), | 438 } |
484 PKIX_COMCRLSELPARAMSGETMINCRLNUMBERFAILED); | 439 |
485 | 440 PKIX_CHECK( |
486 if (minCRLNumber != NULL) { | 441 PKIX_ComCRLSelParams_GetMaxCRLNumber(params, &maxCRLNumber, plContext), |
487 | 442 PKIX_COMCRLSELPARAMSGETMAXCRLNUMBERFAILED); |
488 PKIX_CHECK(PKIX_PL_Object_Compare | 443 |
489 ((PKIX_PL_Object *)minCRLNumber, | 444 if (maxCRLNumber != NULL) { |
490 (PKIX_PL_Object *)crlNumber, | 445 |
491 &result, | 446 PKIX_CHECK(PKIX_PL_Object_Compare((PKIX_PL_Object *)crlNumber, |
492 plContext), | 447 (PKIX_PL_Object *)maxCRLNumber, &result, |
493 PKIX_OBJECTCOMPARATORFAILED); | 448 plContext), |
494 | 449 PKIX_OBJECTCOMPARATORFAILED); |
495 if (result == 1) { | 450 |
496 PKIX_CRLSELECTOR_DEBUG | 451 if (result == 1) { |
497 ("CRL MinNumber Range Match Failed\n"); | 452 PKIX_CRLSELECTOR_DEBUG(PKIX_CRLMAXNUMBERRANGEMATCHFAILED); |
498 *pMatch = PKIX_FALSE; | 453 *pMatch = PKIX_FALSE; |
499 goto cleanup; | 454 goto cleanup; |
500 } | 455 } |
501 } | 456 } |
502 | 457 } |
503 PKIX_CHECK(PKIX_ComCRLSelParams_GetMaxCRLNumber | 458 |
504 (params, &maxCRLNumber, plContext), | 459 cleanup: |
505 PKIX_COMCRLSELPARAMSGETMAXCRLNUMBERFAILED); | 460 |
506 | 461 PKIX_DECREF(selIssuerNames); |
507 if (maxCRLNumber != NULL) { | 462 PKIX_DECREF(selDate); |
508 | 463 PKIX_DECREF(crlIssuerName); |
509 PKIX_CHECK(PKIX_PL_Object_Compare | 464 PKIX_DECREF(issuerName); |
510 ((PKIX_PL_Object *)crlNumber, | 465 PKIX_DECREF(crlNumber); |
511 (PKIX_PL_Object *)maxCRLNumber, | 466 PKIX_DECREF(minCRLNumber); |
512 &result, | 467 PKIX_DECREF(maxCRLNumber); |
513 plContext), | 468 |
514 PKIX_OBJECTCOMPARATORFAILED); | 469 PKIX_RETURN(CRLSELECTOR); |
515 | |
516 if (result == 1) { | |
517 PKIX_CRLSELECTOR_DEBUG· | |
518 (PKIX_CRLMAXNUMBERRANGEMATCHFAILED); | |
519 *pMatch = PKIX_FALSE; | |
520 goto cleanup; | |
521 } | |
522 } | |
523 } | |
524 | |
525 cleanup: | |
526 | |
527 PKIX_DECREF(selIssuerNames); | |
528 PKIX_DECREF(selDate); | |
529 PKIX_DECREF(crlIssuerName); | |
530 PKIX_DECREF(issuerName); | |
531 PKIX_DECREF(crlNumber); | |
532 PKIX_DECREF(minCRLNumber); | |
533 PKIX_DECREF(maxCRLNumber); | |
534 | |
535 PKIX_RETURN(CRLSELECTOR); | |
536 } | 470 } |
537 | 471 |
538 /* | 472 /* |
539 * FUNCTION: pkix_CRLSelector_RegisterSelf | 473 * FUNCTION: pkix_CRLSelector_RegisterSelf |
540 * DESCRIPTION: | 474 * DESCRIPTION: |
541 * Registers PKIX_CRLSELECTOR_TYPE and its related functions with | 475 * Registers PKIX_CRLSELECTOR_TYPE and its related functions with |
542 * systemClasses[] | 476 * systemClasses[] |
543 * THREAD SAFETY: | 477 * THREAD SAFETY: |
544 * Not Thread Safe - for performance and complexity reasons | 478 * Not Thread Safe - for performance and complexity reasons |
545 * | 479 * |
546 * Since this function is only called by PKIX_PL_Initialize, which should | 480 * Since this function is only called by PKIX_PL_Initialize, which should |
547 * only be called once, it is acceptable that this function is not | 481 * only be called once, it is acceptable that this function is not |
548 * thread-safe. | 482 * thread-safe. |
549 */ | 483 */ |
550 PKIX_Error * | 484 PKIX_Error *pkix_CRLSelector_RegisterSelf(void *plContext) { |
551 pkix_CRLSelector_RegisterSelf(void *plContext) | 485 extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES]; |
552 { | 486 pkix_ClassTable_Entry entry; |
553 extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES]; | 487 |
554 pkix_ClassTable_Entry entry; | 488 PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_RegisterSelf"); |
555 | 489 |
556 PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_RegisterSelf"); | 490 entry.description = "CRLSelector"; |
557 | 491 entry.objCounter = 0; |
558 entry.description = "CRLSelector"; | 492 entry.typeObjectSize = sizeof(PKIX_CRLSelector); |
559 entry.objCounter = 0; | 493 entry.destructor = pkix_CRLSelector_Destroy; |
560 entry.typeObjectSize = sizeof(PKIX_CRLSelector); | 494 entry.equalsFunction = pkix_CRLSelector_Equals; |
561 entry.destructor = pkix_CRLSelector_Destroy; | 495 entry.hashcodeFunction = pkix_CRLSelector_Hashcode; |
562 entry.equalsFunction = pkix_CRLSelector_Equals; | 496 entry.toStringFunction = pkix_CRLSelector_ToString; |
563 entry.hashcodeFunction = pkix_CRLSelector_Hashcode; | 497 entry.comparator = NULL; |
564 entry.toStringFunction = pkix_CRLSelector_ToString; | 498 entry.duplicateFunction = pkix_CRLSelector_Duplicate; |
565 entry.comparator = NULL; | 499 |
566 entry.duplicateFunction = pkix_CRLSelector_Duplicate; | 500 systemClasses[PKIX_CRLSELECTOR_TYPE] = entry; |
567 | 501 |
568 systemClasses[PKIX_CRLSELECTOR_TYPE] = entry; | 502 PKIX_RETURN(CRLSELECTOR); |
569 | |
570 PKIX_RETURN(CRLSELECTOR); | |
571 } | 503 } |
572 | 504 |
573 /* --CRLSelector-Public-Functions---------------------------------------- */ | 505 /* --CRLSelector-Public-Functions---------------------------------------- */ |
574 PKIX_Error * | 506 PKIX_Error *pkix_CRLSelector_Create(PKIX_CRLSelector_MatchCallback callback, |
575 pkix_CRLSelector_Create( | 507 PKIX_PL_Object *crlSelectorContext, |
576 PKIX_CRLSelector_MatchCallback callback, | 508 PKIX_CRLSelector **pSelector, |
577 PKIX_PL_Object *crlSelectorContext, | 509 void *plContext) { |
578 PKIX_CRLSelector **pSelector, | 510 PKIX_CRLSelector *selector = NULL; |
579 void *plContext) | 511 |
580 { | 512 PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_Create"); |
581 PKIX_CRLSelector *selector = NULL; | 513 PKIX_NULLCHECK_ONE(pSelector); |
582 | 514 |
583 PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_Create"); | 515 PKIX_CHECK( |
584 PKIX_NULLCHECK_ONE(pSelector); | 516 PKIX_PL_Object_Alloc(PKIX_CRLSELECTOR_TYPE, sizeof(PKIX_CRLSelector), |
585 | 517 (PKIX_PL_Object **)&selector, plContext), |
586 PKIX_CHECK(PKIX_PL_Object_Alloc | 518 PKIX_COULDNOTCREATECRLSELECTOROBJECT); |
587 (PKIX_CRLSELECTOR_TYPE, | 519 |
588 sizeof (PKIX_CRLSelector), | 520 /* |
589 (PKIX_PL_Object **)&selector, | 521 * if user specified a particular match callback, we use that one. |
590 plContext), | 522 * otherwise, we use the default match provided. |
591 PKIX_COULDNOTCREATECRLSELECTOROBJECT); | 523 */ |
592 | 524 |
593 /* | 525 if (callback != NULL) { |
594 * if user specified a particular match callback, we use that one. | 526 selector->matchCallback = callback; |
595 * otherwise, we use the default match provided. | 527 } else { |
596 */ | 528 selector->matchCallback = pkix_CRLSelector_DefaultMatch; |
597 | 529 } |
598 if (callback != NULL){ | 530 |
599 selector->matchCallback = callback; | 531 /* initialize other fields */ |
600 } else { | 532 selector->params = NULL; |
601 selector->matchCallback = pkix_CRLSelector_DefaultMatch; | 533 |
602 } | 534 PKIX_INCREF(crlSelectorContext); |
603 | 535 selector->context = crlSelectorContext; |
604 /* initialize other fields */ | 536 |
605 selector->params = NULL; | 537 *pSelector = selector; |
606 | 538 selector = NULL; |
607 PKIX_INCREF(crlSelectorContext); | 539 |
608 selector->context = crlSelectorContext; | 540 cleanup: |
609 | 541 |
610 *pSelector = selector; | 542 PKIX_DECREF(selector); |
611 selector = NULL; | 543 |
612 | 544 PKIX_RETURN(CRLSELECTOR); |
613 cleanup: | |
614 | |
615 PKIX_DECREF(selector); | |
616 | |
617 PKIX_RETURN(CRLSELECTOR); | |
618 } | 545 } |
619 | 546 |
620 /* | 547 /* |
621 * FUNCTION: PKIX_CRLSelector_Create (see comments in pkix_crlsel.h) | 548 * FUNCTION: PKIX_CRLSelector_Create (see comments in pkix_crlsel.h) |
622 */ | 549 */ |
623 PKIX_Error * | 550 PKIX_Error *PKIX_CRLSelector_Create(PKIX_PL_Cert *issuer, PKIX_List *crldpList, |
624 PKIX_CRLSelector_Create( | 551 PKIX_PL_Date *date, |
625 PKIX_PL_Cert *issuer, | 552 PKIX_CRLSelector **pCrlSelector, |
626 PKIX_List *crldpList, | 553 void *plContext) { |
627 PKIX_PL_Date *date, | 554 PKIX_PL_X500Name *issuerName = NULL; |
628 PKIX_CRLSelector **pCrlSelector, | 555 PKIX_PL_Date *nowDate = NULL; |
629 void *plContext) | 556 PKIX_ComCRLSelParams *comCrlSelParams = NULL; |
630 { | 557 PKIX_CRLSelector *crlSelector = NULL; |
631 PKIX_PL_X500Name *issuerName = NULL; | 558 |
632 PKIX_PL_Date *nowDate = NULL; | 559 PKIX_ENTER(CERTCHAINCHECKER, "PKIX_CrlSelector_Create"); |
633 PKIX_ComCRLSelParams *comCrlSelParams = NULL; | 560 PKIX_NULLCHECK_ONE(issuer); |
634 PKIX_CRLSelector *crlSelector = NULL; | 561 |
635 | 562 PKIX_CHECK(PKIX_PL_Cert_GetSubject(issuer, &issuerName, plContext), |
636 PKIX_ENTER(CERTCHAINCHECKER, "PKIX_CrlSelector_Create"); | 563 PKIX_CERTGETISSUERFAILED); |
637 PKIX_NULLCHECK_ONE(issuer); | 564 |
638 | 565 if (date != NULL) { |
639 PKIX_CHECK(· | 566 PKIX_INCREF(date); |
640 PKIX_PL_Cert_GetSubject(issuer, &issuerName, plContext), | 567 nowDate = date; |
641 PKIX_CERTGETISSUERFAILED); | 568 } else { |
642 | 569 PKIX_CHECK(PKIX_PL_Date_Create_UTCTime(NULL, &nowDate, plContext), |
643 if (date != NULL) { | 570 PKIX_DATECREATEUTCTIMEFAILED); |
644 PKIX_INCREF(date); | 571 } |
645 nowDate = date; | 572 |
646 } else { | 573 PKIX_CHECK(PKIX_ComCRLSelParams_Create(&comCrlSelParams, plContext), |
647 PKIX_CHECK( | 574 PKIX_COMCRLSELPARAMSCREATEFAILED); |
648 PKIX_PL_Date_Create_UTCTime(NULL, &nowDate, plContext), | 575 |
649 PKIX_DATECREATEUTCTIMEFAILED); | 576 PKIX_CHECK(PKIX_ComCRLSelParams_AddIssuerName(comCrlSelParams, issuerName, |
650 } | 577 plContext), |
651 | 578 PKIX_COMCRLSELPARAMSADDISSUERNAMEFAILED); |
652 PKIX_CHECK( | 579 |
653 PKIX_ComCRLSelParams_Create(&comCrlSelParams, plContext), | 580 PKIX_CHECK( |
654 PKIX_COMCRLSELPARAMSCREATEFAILED); | 581 PKIX_ComCRLSelParams_SetCrlDp(comCrlSelParams, crldpList, plContext), |
655 | 582 PKIX_COMCRLSELPARAMSSETCERTFAILED); |
656 PKIX_CHECK( | 583 |
657 PKIX_ComCRLSelParams_AddIssuerName(comCrlSelParams, issuerName, | 584 PKIX_CHECK( |
658 plContext), | 585 PKIX_ComCRLSelParams_SetDateAndTime(comCrlSelParams, nowDate, plContext), |
659 PKIX_COMCRLSELPARAMSADDISSUERNAMEFAILED); | 586 PKIX_COMCRLSELPARAMSSETDATEANDTIMEFAILED); |
660 | 587 |
661 PKIX_CHECK( | 588 PKIX_CHECK(pkix_CRLSelector_Create(NULL, NULL, &crlSelector, plContext), |
662 PKIX_ComCRLSelParams_SetCrlDp(comCrlSelParams, crldpList, | 589 PKIX_CRLSELECTORCREATEFAILED); |
663 plContext), | 590 |
664 PKIX_COMCRLSELPARAMSSETCERTFAILED); | 591 PKIX_CHECK(PKIX_CRLSelector_SetCommonCRLSelectorParams( |
665 | 592 crlSelector, comCrlSelParams, plContext), |
666 PKIX_CHECK( | 593 PKIX_CRLSELECTORSETCOMMONCRLSELECTORPARAMSFAILED); |
667 PKIX_ComCRLSelParams_SetDateAndTime(comCrlSelParams, nowDate, | 594 |
668 plContext), | 595 *pCrlSelector = crlSelector; |
669 PKIX_COMCRLSELPARAMSSETDATEANDTIMEFAILED); | 596 crlSelector = NULL; |
670 | 597 |
671 PKIX_CHECK( | 598 cleanup: |
672 pkix_CRLSelector_Create(NULL, NULL, &crlSelector, plContext), | 599 |
673 PKIX_CRLSELECTORCREATEFAILED); | 600 PKIX_DECREF(issuerName); |
674 | 601 PKIX_DECREF(nowDate); |
675 PKIX_CHECK( | 602 PKIX_DECREF(comCrlSelParams); |
676 PKIX_CRLSelector_SetCommonCRLSelectorParams(crlSelector, | 603 PKIX_DECREF(crlSelector); |
677 comCrlSelParams, | 604 |
678 plContext), | 605 PKIX_RETURN(CERTCHAINCHECKER); |
679 PKIX_CRLSELECTORSETCOMMONCRLSELECTORPARAMSFAILED); | |
680 | |
681 *pCrlSelector = crlSelector; | |
682 crlSelector = NULL; | |
683 | |
684 cleanup: | |
685 | |
686 PKIX_DECREF(issuerName); | |
687 PKIX_DECREF(nowDate); | |
688 PKIX_DECREF(comCrlSelParams); | |
689 PKIX_DECREF(crlSelector); | |
690 | |
691 PKIX_RETURN(CERTCHAINCHECKER); | |
692 } | 606 } |
693 | 607 |
694 /* | 608 /* |
695 * FUNCTION: PKIX_CRLSelector_GetMatchCallback (see comments in pkix_crlsel.h) | 609 * FUNCTION: PKIX_CRLSelector_GetMatchCallback (see comments in pkix_crlsel.h) |
696 */ | 610 */ |
697 PKIX_Error * | 611 PKIX_Error *PKIX_CRLSelector_GetMatchCallback( |
698 PKIX_CRLSelector_GetMatchCallback( | 612 PKIX_CRLSelector *selector, PKIX_CRLSelector_MatchCallback *pCallback, |
699 PKIX_CRLSelector *selector, | 613 void *plContext) { |
700 PKIX_CRLSelector_MatchCallback *pCallback, | 614 PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetMatchCallback"); |
701 void *plContext) | 615 PKIX_NULLCHECK_TWO(selector, pCallback); |
702 { | 616 |
703 PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetMatchCallback"); | 617 *pCallback = selector->matchCallback; |
704 PKIX_NULLCHECK_TWO(selector, pCallback); | 618 |
705 | 619 PKIX_RETURN(CRLSELECTOR); |
706 *pCallback = selector->matchCallback; | 620 } |
707 | |
708 PKIX_RETURN(CRLSELECTOR); | |
709 } | |
710 | |
711 | 621 |
712 /* | 622 /* |
713 * FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext | 623 * FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext |
714 * (see comments in pkix_crlsel.h) | 624 * (see comments in pkix_crlsel.h) |
715 */ | 625 */ |
716 PKIX_Error * | 626 PKIX_Error *PKIX_CRLSelector_GetCRLSelectorContext(PKIX_CRLSelector *selector, |
717 PKIX_CRLSelector_GetCRLSelectorContext( | 627 void **pCrlSelectorContext, |
718 PKIX_CRLSelector *selector, | 628 void *plContext) { |
719 void **pCrlSelectorContext, | 629 PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetCRLSelectorContext"); |
720 void *plContext) | 630 PKIX_NULLCHECK_TWO(selector, pCrlSelectorContext); |
721 { | 631 |
722 PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetCRLSelectorContext"); | 632 PKIX_INCREF(selector->context); |
723 PKIX_NULLCHECK_TWO(selector, pCrlSelectorContext); | 633 |
724 | 634 *pCrlSelectorContext = selector->context; |
725 PKIX_INCREF(selector->context); | 635 |
726 | 636 cleanup: |
727 *pCrlSelectorContext = selector->context; | 637 PKIX_RETURN(CRLSELECTOR); |
728 | |
729 cleanup: | |
730 PKIX_RETURN(CRLSELECTOR); | |
731 } | 638 } |
732 | 639 |
733 /* | 640 /* |
734 * FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams | 641 * FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams |
735 * (see comments in pkix_crlsel.h) | 642 * (see comments in pkix_crlsel.h) |
736 */ | 643 */ |
737 PKIX_Error * | 644 PKIX_Error *PKIX_CRLSelector_GetCommonCRLSelectorParams( |
738 PKIX_CRLSelector_GetCommonCRLSelectorParams( | 645 PKIX_CRLSelector *selector, PKIX_ComCRLSelParams **pParams, |
739 PKIX_CRLSelector *selector, | 646 void *plContext) { |
740 PKIX_ComCRLSelParams **pParams, | 647 PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetCommonCRLSelectorParams"); |
741 void *plContext) | 648 PKIX_NULLCHECK_TWO(selector, pParams); |
742 { | 649 |
743 PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetCommonCRLSelectorParams"); | 650 PKIX_INCREF(selector->params); |
744 PKIX_NULLCHECK_TWO(selector, pParams); | 651 |
745 | 652 *pParams = selector->params; |
746 PKIX_INCREF(selector->params); | 653 |
747 | 654 cleanup: |
748 *pParams = selector->params; | 655 PKIX_RETURN(CRLSELECTOR); |
749 | |
750 cleanup: | |
751 PKIX_RETURN(CRLSELECTOR); | |
752 } | 656 } |
753 | 657 |
754 /* | 658 /* |
755 * FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams | 659 * FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams |
756 * (see comments in pkix_crlsel.h) | 660 * (see comments in pkix_crlsel.h) |
757 */ | 661 */ |
758 PKIX_Error * | 662 PKIX_Error *PKIX_CRLSelector_SetCommonCRLSelectorParams( |
759 PKIX_CRLSelector_SetCommonCRLSelectorParams( | 663 PKIX_CRLSelector *selector, PKIX_ComCRLSelParams *params, void *plContext) { |
760 PKIX_CRLSelector *selector, | 664 PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_SetCommonCRLSelectorParams"); |
761 PKIX_ComCRLSelParams *params, | 665 PKIX_NULLCHECK_TWO(selector, params); |
762 void *plContext) | 666 |
763 { | 667 PKIX_DECREF(selector->params); |
764 PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_SetCommonCRLSelectorParams"); | 668 |
765 PKIX_NULLCHECK_TWO(selector, params); | 669 PKIX_INCREF(params); |
766 | 670 selector->params = params; |
767 PKIX_DECREF(selector->params); | 671 |
768 | 672 PKIX_CHECK( |
769 PKIX_INCREF(params); | 673 PKIX_PL_Object_InvalidateCache((PKIX_PL_Object *)selector, plContext), |
770 selector->params = params; | 674 PKIX_OBJECTINVALIDATECACHEFAILED); |
771 | 675 |
772 PKIX_CHECK(PKIX_PL_Object_InvalidateCache | 676 cleanup: |
773 ((PKIX_PL_Object *)selector, plContext), | 677 |
774 PKIX_OBJECTINVALIDATECACHEFAILED); | 678 PKIX_RETURN(CRLSELECTOR); |
775 | |
776 cleanup: | |
777 | |
778 PKIX_RETURN(CRLSELECTOR); | |
779 } | 679 } |
780 | 680 |
781 /* | 681 /* |
782 * FUNCTION: pkix_CRLSelector_Select | 682 * FUNCTION: pkix_CRLSelector_Select |
783 * DESCRIPTION: | 683 * DESCRIPTION: |
784 * | 684 * |
785 * This function applies the selector pointed to by "selector" to each CRL, | 685 * This function applies the selector pointed to by "selector" to each CRL, |
786 * in turn, in the List pointed to by "before", and creates a List containing | 686 * in turn, in the List pointed to by "before", and creates a List containing |
787 * all the CRLs that matched, or passed the selection process, storing that | 687 * all the CRLs that matched, or passed the selection process, storing that |
788 * List at "pAfter". If no CRLs match, an empty List is stored at "pAfter". | 688 * List at "pAfter". If no CRLs match, an empty List is stored at "pAfter". |
(...skipping 10 matching lines...) Expand all Loading... |
799 * non-NULL. | 699 * non-NULL. |
800 * "plContext" | 700 * "plContext" |
801 * Platform-specific context pointer. | 701 * Platform-specific context pointer. |
802 * THREAD SAFETY: | 702 * THREAD SAFETY: |
803 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | 703 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
804 * RETURNS: | 704 * RETURNS: |
805 * Returns NULL if the function succeeds. | 705 * Returns NULL if the function succeeds. |
806 * Returns a CRLSelector Error if the function fails in a non-fatal way. | 706 * Returns a CRLSelector Error if the function fails in a non-fatal way. |
807 * Returns a Fatal Error if the function fails in an unrecoverable way. | 707 * Returns a Fatal Error if the function fails in an unrecoverable way. |
808 */ | 708 */ |
809 PKIX_Error * | 709 PKIX_Error *pkix_CRLSelector_Select(PKIX_CRLSelector *selector, |
810 pkix_CRLSelector_Select( | 710 PKIX_List *before, PKIX_List **pAfter, |
811 » PKIX_CRLSelector *selector, | 711 void *plContext) { |
812 » PKIX_List *before, | 712 PKIX_Boolean match = PKIX_FALSE; |
813 » PKIX_List **pAfter, | 713 PKIX_UInt32 numBefore = 0; |
814 » void *plContext) | 714 PKIX_UInt32 i = 0; |
815 { | 715 PKIX_List *filtered = NULL; |
816 » PKIX_Boolean match = PKIX_FALSE; | 716 PKIX_PL_CRL *candidate = NULL; |
817 » PKIX_UInt32 numBefore = 0; | |
818 » PKIX_UInt32 i = 0; | |
819 » PKIX_List *filtered = NULL; | |
820 » PKIX_PL_CRL *candidate = NULL; | |
821 | 717 |
822 PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_Select"); | 718 PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_Select"); |
823 PKIX_NULLCHECK_THREE(selector, before, pAfter); | 719 PKIX_NULLCHECK_THREE(selector, before, pAfter); |
824 | 720 |
825 PKIX_CHECK(PKIX_List_Create(&filtered, plContext), | 721 PKIX_CHECK(PKIX_List_Create(&filtered, plContext), PKIX_LISTCREATEFAILED); |
826 PKIX_LISTCREATEFAILED); | |
827 | 722 |
828 PKIX_CHECK(PKIX_List_GetLength(before, &numBefore, plContext), | 723 PKIX_CHECK(PKIX_List_GetLength(before, &numBefore, plContext), |
829 PKIX_LISTGETLENGTHFAILED); | 724 PKIX_LISTGETLENGTHFAILED); |
830 | 725 |
831 for (i = 0; i < numBefore; i++) { | 726 for (i = 0; i < numBefore; i++) { |
832 | 727 |
833 PKIX_CHECK(PKIX_List_GetItem | 728 PKIX_CHECK( |
834 (before, i, (PKIX_PL_Object **)&candidate, plContext), | 729 PKIX_List_GetItem(before, i, (PKIX_PL_Object **)&candidate, plContext), |
835 PKIX_LISTGETITEMFAILED); | 730 PKIX_LISTGETITEMFAILED); |
836 | 731 |
837 PKIX_CHECK_ONLY_FATAL(selector->matchCallback | 732 PKIX_CHECK_ONLY_FATAL( |
838 (selector, candidate, &match, plContext), | 733 selector->matchCallback(selector, candidate, &match, plContext), |
839 PKIX_CRLSELECTORMATCHCALLBACKFAILED); | 734 PKIX_CRLSELECTORMATCHCALLBACKFAILED); |
840 | 735 |
841 if (!(PKIX_ERROR_RECEIVED) && match == PKIX_TRUE) { | 736 if (!(PKIX_ERROR_RECEIVED) && match == PKIX_TRUE) { |
842 | 737 |
843 PKIX_CHECK_ONLY_FATAL(PKIX_List_AppendItem | 738 PKIX_CHECK_ONLY_FATAL( |
844 (filtered, | 739 PKIX_List_AppendItem(filtered, (PKIX_PL_Object *)candidate, |
845 (PKIX_PL_Object *)candidate, | 740 plContext), |
846 plContext), | 741 PKIX_LISTAPPENDITEMFAILED); |
847 PKIX_LISTAPPENDITEMFAILED); | 742 } |
848 } | |
849 | 743 |
850 pkixTempErrorReceived = PKIX_FALSE; | 744 pkixTempErrorReceived = PKIX_FALSE; |
851 PKIX_DECREF(candidate); | 745 PKIX_DECREF(candidate); |
852 } | 746 } |
853 | 747 |
854 PKIX_CHECK(PKIX_List_SetImmutable(filtered, plContext), | 748 PKIX_CHECK(PKIX_List_SetImmutable(filtered, plContext), |
855 PKIX_LISTSETIMMUTABLEFAILED); | 749 PKIX_LISTSETIMMUTABLEFAILED); |
856 | 750 |
857 /* Don't throw away the list if one CRL was bad! */ | 751 /* Don't throw away the list if one CRL was bad! */ |
858 pkixTempErrorReceived = PKIX_FALSE; | 752 pkixTempErrorReceived = PKIX_FALSE; |
859 | 753 |
860 *pAfter = filtered; | 754 *pAfter = filtered; |
861 filtered = NULL; | 755 filtered = NULL; |
862 | 756 |
863 cleanup: | 757 cleanup: |
864 | 758 |
865 PKIX_DECREF(filtered); | 759 PKIX_DECREF(filtered); |
866 PKIX_DECREF(candidate); | 760 PKIX_DECREF(candidate); |
867 | 761 |
868 PKIX_RETURN(CRLSELECTOR); | 762 PKIX_RETURN(CRLSELECTOR); |
869 | |
870 } | 763 } |
OLD | NEW |