OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 /* | 4 /* |
5 * pkix_pl_httpcertstore.c | 5 * pkix_pl_httpcertstore.c |
6 * | 6 * |
7 * HTTPCertStore Function Definitions | 7 * HTTPCertStore Function Definitions |
8 * | 8 * |
9 */ | 9 */ |
10 | 10 |
11 /* We can't decode the length of a message without at least this many bytes */ | 11 /* We can't decode the length of a message without at least this many bytes */ |
12 | 12 |
13 #include "pkix_pl_httpcertstore.h" | 13 #include "pkix_pl_httpcertstore.h" |
14 extern PKIX_PL_HashTable *httpSocketCache; | 14 extern PKIX_PL_HashTable *httpSocketCache; |
15 SEC_ASN1_MKSUB(CERT_IssuerAndSNTemplate) | 15 SEC_ASN1_MKSUB(CERT_IssuerAndSNTemplate) |
16 SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) | 16 SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) |
17 SEC_ASN1_MKSUB(SEC_SetOfAnyTemplate) | 17 SEC_ASN1_MKSUB(SEC_SetOfAnyTemplate) |
18 SEC_ASN1_MKSUB(CERT_SetOfSignedCrlTemplate) | 18 SEC_ASN1_MKSUB(CERT_SetOfSignedCrlTemplate) |
19 | 19 |
20 SEC_ASN1_CHOOSER_DECLARE(CERT_IssuerAndSNTemplate) | 20 SEC_ASN1_CHOOSER_DECLARE(CERT_IssuerAndSNTemplate) |
21 SEC_ASN1_CHOOSER_DECLARE(SECOID_AlgorithmIDTemplate) | 21 SEC_ASN1_CHOOSER_DECLARE(SECOID_AlgorithmIDTemplate) |
22 /* SEC_ASN1_CHOOSER_DECLARE(SEC_SetOfAnyTemplate) | 22 /* SEC_ASN1_CHOOSER_DECLARE(SEC_SetOfAnyTemplate) |
23 SEC_ASN1_CHOOSER_DECLARE(CERT_SetOfSignedCrlTemplate) | 23 SEC_ASN1_CHOOSER_DECLARE(CERT_SetOfSignedCrlTemplate) |
24 | 24 |
25 const SEC_ASN1Template CERT_IssuerAndSNTemplate[] = { | 25 const SEC_ASN1Template CERT_IssuerAndSNTemplate[] = { |
26 { SEC_ASN1_SEQUENCE, | 26 { SEC_ASN1_SEQUENCE, |
27 » 0, NULL, sizeof(CERTIssuerAndSN) }, | 27 0, NULL, sizeof(CERTIssuerAndSN) }, |
28 { SEC_ASN1_SAVE, | 28 { SEC_ASN1_SAVE, |
29 » offsetof(CERTIssuerAndSN,derIssuer) }, | 29 offsetof(CERTIssuerAndSN,derIssuer) }, |
30 { SEC_ASN1_INLINE, | 30 { SEC_ASN1_INLINE, |
31 » offsetof(CERTIssuerAndSN,issuer), | 31 offsetof(CERTIssuerAndSN,issuer), |
32 » CERT_NameTemplate }, | 32 CERT_NameTemplate }, |
33 { SEC_ASN1_INTEGER, | 33 { SEC_ASN1_INTEGER, |
34 » offsetof(CERTIssuerAndSN,serialNumber) }, | 34 offsetof(CERTIssuerAndSN,serialNumber) }, |
35 { 0 } | 35 { 0 } |
36 }; | 36 }; |
37 | 37 |
38 const SEC_ASN1Template SECOID_AlgorithmIDTemplate[] = { | 38 const SEC_ASN1Template SECOID_AlgorithmIDTemplate[] = { |
39 { SEC_ASN1_SEQUENCE, | 39 { SEC_ASN1_SEQUENCE, |
40 » 0, NULL, sizeof(SECAlgorithmID) }, | 40 0, NULL, sizeof(SECAlgorithmID) }, |
41 { SEC_ASN1_OBJECT_ID, | 41 { SEC_ASN1_OBJECT_ID, |
42 » offsetof(SECAlgorithmID,algorithm), }, | 42 offsetof(SECAlgorithmID,algorithm), }, |
43 { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY, | 43 { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY, |
44 » offsetof(SECAlgorithmID,parameters), }, | 44 offsetof(SECAlgorithmID,parameters), }, |
45 { 0, } | 45 { 0, } |
46 }; */ | 46 }; */ |
47 | 47 |
48 /* --Private-HttpCertStoreContext-Object Functions----------------------- */ | 48 /* --Private-HttpCertStoreContext-Object Functions----------------------- */ |
49 | 49 |
50 /* | 50 /* |
51 * FUNCTION: pkix_pl_HttpCertStoreContext_Destroy | 51 * FUNCTION: pkix_pl_HttpCertStoreContext_Destroy |
52 * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h) | 52 * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h) |
53 */ | 53 */ |
54 static PKIX_Error * | 54 static PKIX_Error *pkix_pl_HttpCertStoreContext_Destroy(PKIX_PL_Object *object, |
55 pkix_pl_HttpCertStoreContext_Destroy( | 55 void *plContext) { |
56 PKIX_PL_Object *object, | 56 const SEC_HttpClientFcnV1 *hcv1 = NULL; |
57 void *plContext) | 57 PKIX_PL_HttpCertStoreContext *context = NULL; |
58 { | |
59 const SEC_HttpClientFcnV1 *hcv1 = NULL; | |
60 PKIX_PL_HttpCertStoreContext *context = NULL; | |
61 | 58 |
62 PKIX_ENTER | 59 PKIX_ENTER(HTTPCERTSTORECONTEXT, "pkix_pl_HttpCertStoreContext_Destroy"); |
63 (HTTPCERTSTORECONTEXT, "pkix_pl_HttpCertStoreContext_Destroy"); | 60 PKIX_NULLCHECK_ONE(object); |
64 PKIX_NULLCHECK_ONE(object); | |
65 | 61 |
66 PKIX_CHECK(pkix_CheckType | 62 PKIX_CHECK(pkix_CheckType(object, PKIX_HTTPCERTSTORECONTEXT_TYPE, plContext), |
67 (object, PKIX_HTTPCERTSTORECONTEXT_TYPE, plContext), | 63 PKIX_OBJECTNOTANHTTPCERTSTORECONTEXT); |
68 PKIX_OBJECTNOTANHTTPCERTSTORECONTEXT); | |
69 | 64 |
70 context = (PKIX_PL_HttpCertStoreContext *)object; | 65 context = (PKIX_PL_HttpCertStoreContext *)object; |
71 hcv1 = (const SEC_HttpClientFcnV1 *)(context->client); | 66 hcv1 = (const SEC_HttpClientFcnV1 *)(context->client); |
72 if (context->requestSession != NULL) { | 67 if (context->requestSession != NULL) { |
73 (*hcv1->freeFcn)(context->requestSession); | 68 (*hcv1->freeFcn)(context->requestSession); |
74 context->requestSession = NULL; | 69 context->requestSession = NULL; |
75 } | 70 } |
76 if (context->serverSession != NULL) { | 71 if (context->serverSession != NULL) { |
77 (*hcv1->freeSessionFcn)(context->serverSession); | 72 (*hcv1->freeSessionFcn)(context->serverSession); |
78 context->serverSession = NULL; | 73 context->serverSession = NULL; |
79 } | 74 } |
80 if (context->path != NULL) { | 75 if (context->path != NULL) { |
81 PORT_Free(context->path); | 76 PORT_Free(context->path); |
82 context->path = NULL; | 77 context->path = NULL; |
83 } | 78 } |
84 | 79 |
85 cleanup: | 80 cleanup: |
86 | 81 |
87 PKIX_RETURN(HTTPCERTSTORECONTEXT); | 82 PKIX_RETURN(HTTPCERTSTORECONTEXT); |
88 } | 83 } |
89 | 84 |
90 /* | 85 /* |
91 * FUNCTION: pkix_pl_HttpCertStoreContext_RegisterSelf | 86 * FUNCTION: pkix_pl_HttpCertStoreContext_RegisterSelf |
92 * | 87 * |
93 * DESCRIPTION: | 88 * DESCRIPTION: |
94 * Registers PKIX_PL_HTTPCERTSTORECONTEXT_TYPE and its related | 89 * Registers PKIX_PL_HTTPCERTSTORECONTEXT_TYPE and its related |
95 * functions with systemClasses[] | 90 * functions with systemClasses[] |
96 * | 91 * |
97 * THREAD SAFETY: | 92 * THREAD SAFETY: |
98 * Not Thread Safe - for performance and complexity reasons | 93 * Not Thread Safe - for performance and complexity reasons |
99 * | 94 * |
100 * Since this function is only called by PKIX_PL_Initialize, which should | 95 * Since this function is only called by PKIX_PL_Initialize, which should |
101 * only be called once, it is acceptable that this function is not | 96 * only be called once, it is acceptable that this function is not |
102 * thread-safe. | 97 * thread-safe. |
103 */ | 98 */ |
104 PKIX_Error * | 99 PKIX_Error *pkix_pl_HttpCertStoreContext_RegisterSelf(void *plContext) { |
105 pkix_pl_HttpCertStoreContext_RegisterSelf(void *plContext) | 100 extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES]; |
106 { | 101 pkix_ClassTable_Entry *entry = &systemClasses[PKIX_HTTPCERTSTORECONTEXT_TYPE]; |
107 extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES]; | |
108 pkix_ClassTable_Entry *entry = &systemClasses[PKIX_HTTPCERTSTORECONTEXT_
TYPE]; | |
109 | 102 |
110 PKIX_ENTER(HTTPCERTSTORECONTEXT, | 103 PKIX_ENTER(HTTPCERTSTORECONTEXT, "pkix_pl_HttpCertStoreContext_RegisterSelf"); |
111 "pkix_pl_HttpCertStoreContext_RegisterSelf"); | |
112 | 104 |
113 entry->description = "HttpCertStoreContext"; | 105 entry->description = "HttpCertStoreContext"; |
114 entry->typeObjectSize = sizeof(PKIX_PL_HttpCertStoreContext); | 106 entry->typeObjectSize = sizeof(PKIX_PL_HttpCertStoreContext); |
115 entry->destructor = pkix_pl_HttpCertStoreContext_Destroy; | 107 entry->destructor = pkix_pl_HttpCertStoreContext_Destroy; |
116 | 108 |
117 PKIX_RETURN(HTTPCERTSTORECONTEXT); | 109 PKIX_RETURN(HTTPCERTSTORECONTEXT); |
118 } | 110 } |
119 | 111 |
120 | |
121 /* --Private-Http-CertStore-Database-Functions----------------------- */ | 112 /* --Private-Http-CertStore-Database-Functions----------------------- */ |
122 | 113 |
123 typedef struct callbackContextStruct { | 114 typedef struct callbackContextStruct { |
124 PKIX_List *pkixCertList; | 115 PKIX_List *pkixCertList; |
125 PKIX_Error *error; | 116 PKIX_Error *error; |
126 void *plContext; | 117 void *plContext; |
127 } callbackContext; | 118 } callbackContext; |
128 | 119 |
129 | |
130 /* | 120 /* |
131 * FUNCTION: certCallback | 121 * FUNCTION: certCallback |
132 * DESCRIPTION: | 122 * DESCRIPTION: |
133 * | 123 * |
134 * This function processes the null-terminated array of SECItems produced by | 124 * This function processes the null-terminated array of SECItems produced by |
135 * extracting the contents of a signedData message received in response to an | 125 * extracting the contents of a signedData message received in response to an |
136 * HTTP cert query. Its address is supplied as a callback function to | 126 * HTTP cert query. Its address is supplied as a callback function to |
137 * CERT_DecodeCertPackage; it is not expected to be called directly. | 127 * CERT_DecodeCertPackage; it is not expected to be called directly. |
138 * | 128 * |
139 * Note that it does not conform to the libpkix API standard of returning | 129 * Note that it does not conform to the libpkix API standard of returning |
140 * a PKIX_Error*. It returns a SECStatus. | 130 * a PKIX_Error*. It returns a SECStatus. |
141 * | 131 * |
142 * PARAMETERS: | 132 * PARAMETERS: |
143 * "arg" | 133 * "arg" |
144 * The address of the callbackContext provided as a void* argument to | 134 * The address of the callbackContext provided as a void* argument to |
145 * CERT_DecodeCertPackage. Must be non-NULL. | 135 * CERT_DecodeCertPackage. Must be non-NULL. |
146 * "secitemCerts" | 136 * "secitemCerts" |
147 * The address of the null-terminated array of SECItems. Must be non-NULL. | 137 * The address of the null-terminated array of SECItems. Must be non-NULL. |
148 * "numcerts" | 138 * "numcerts" |
149 * The number of SECItems found in the signedData. Must be non-NULL. | 139 * The number of SECItems found in the signedData. Must be non-NULL. |
150 * "plContext" | 140 * "plContext" |
151 * Platform-specific context pointer. | 141 * Platform-specific context pointer. |
152 * THREAD SAFETY: | 142 * THREAD SAFETY: |
153 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | 143 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
154 * RETURNS: | 144 * RETURNS: |
155 * Returns SECSuccess if the function succeeds. | 145 * Returns SECSuccess if the function succeeds. |
156 * Returns SECFailure if the function fails. | 146 * Returns SECFailure if the function fails. |
157 */ | 147 */ |
158 static SECStatus | 148 static SECStatus certCallback(void *arg, SECItem **secitemCerts, int numcerts) { |
159 certCallback(void *arg, SECItem **secitemCerts, int numcerts) | 149 callbackContext *cbContext; |
160 { | 150 PKIX_List *pkixCertList = NULL; |
161 callbackContext *cbContext; | 151 PKIX_Error *error = NULL; |
162 PKIX_List *pkixCertList = NULL; | 152 void *plContext = NULL; |
163 PKIX_Error *error = NULL; | 153 int itemNum = 0; |
164 void *plContext = NULL; | |
165 int itemNum = 0; | |
166 | 154 |
167 if ((arg == NULL) || (secitemCerts == NULL)) { | 155 if ((arg == NULL) || (secitemCerts == NULL)) { |
168 return (SECFailure); | 156 return (SECFailure); |
169 } | 157 } |
170 | 158 |
171 cbContext = (callbackContext *)arg; | 159 cbContext = (callbackContext *)arg; |
172 plContext = cbContext->plContext; | 160 plContext = cbContext->plContext; |
173 pkixCertList = cbContext->pkixCertList; | 161 pkixCertList = cbContext->pkixCertList; |
174 | 162 |
175 for (; itemNum < numcerts; itemNum++ ) { | 163 for (; itemNum < numcerts; itemNum++) { |
176 error = pkix_pl_Cert_CreateToList(secitemCerts[itemNum], | 164 error = pkix_pl_Cert_CreateToList(secitemCerts[itemNum], pkixCertList, |
177 pkixCertList, plContext); | 165 plContext); |
178 if (error != NULL) { | 166 if (error != NULL) { |
179 if (error->errClass == PKIX_FATAL_ERROR) { | 167 if (error->errClass == PKIX_FATAL_ERROR) { |
180 cbContext->error = error; | 168 cbContext->error = error; |
181 return SECFailure; | 169 return SECFailure; |
182 }· | 170 } |
183 /* reuse "error" since we could not destruct the old * | 171 /* reuse "error" since we could not destruct the old * |
184 * value */ | 172 * value */ |
185 error = PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, | 173 error = PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext); |
186 plContext); | 174 if (error) { |
187 if (error) { | 175 /* Treat decref failure as a fatal error. |
188 /* Treat decref failure as a fatal error. | 176 * In this case will leak error, but can not do |
189 * In this case will leak error, but can not do | 177 * anything about it. */ |
190 * anything about it. */ | 178 error->errClass = PKIX_FATAL_ERROR; |
191 error->errClass = PKIX_FATAL_ERROR; | 179 cbContext->error = error; |
192 cbContext->error = error; | 180 return SECFailure; |
193 return SECFailure; | 181 } |
194 } | 182 } |
195 } | 183 } |
196 } | |
197 | 184 |
198 return SECSuccess; | 185 return SECSuccess; |
199 } | 186 } |
200 | 187 |
201 | |
202 typedef SECStatus (*pkix_DecodeCertsFunc)(char *certbuf, int certlen, | 188 typedef SECStatus (*pkix_DecodeCertsFunc)(char *certbuf, int certlen, |
203 CERTImportCertificateFunc f, void *arg
); | 189 CERTImportCertificateFunc f, |
204 | 190 void *arg); |
205 | 191 |
206 struct pkix_DecodeFuncStr { | 192 struct pkix_DecodeFuncStr { |
207 pkix_DecodeCertsFunc func; /* function pointer to the | 193 pkix_DecodeCertsFunc func; /* function pointer to the |
208 * CERT_DecodeCertPackage function */ | 194 * CERT_DecodeCertPackage function */ |
209 PRLibrary *smimeLib; /* Pointer to the smime shared lib*/ | 195 PRLibrary *smimeLib; /* Pointer to the smime shared lib*/ |
210 PRCallOnceType once; | 196 PRCallOnceType once; |
211 }; | 197 }; |
212 | 198 |
213 static struct pkix_DecodeFuncStr pkix_decodeFunc; | 199 static struct pkix_DecodeFuncStr pkix_decodeFunc; |
214 static const PRCallOnceType pkix_pristine; | 200 static const PRCallOnceType pkix_pristine; |
215 | 201 |
216 #define SMIME_LIB_NAME SHLIB_PREFIX"smime3."SHLIB_SUFFIX | 202 #define SMIME_LIB_NAME SHLIB_PREFIX "smime3." SHLIB_SUFFIX |
217 | 203 |
218 /* | 204 /* |
219 * load the smime library and look up the SEC_ReadPKCS7Certs function. | 205 * load the smime library and look up the SEC_ReadPKCS7Certs function. |
220 * we do this so we don't have a circular depenency on the smime library, | 206 * we do this so we don't have a circular depenency on the smime library, |
221 * and also so we don't have to load the smime library in applications that | 207 * and also so we don't have to load the smime library in applications that |
222 * don't use it. | 208 * don't use it. |
223 */ | 209 */ |
224 static PRStatus PR_CALLBACK pkix_getDecodeFunction(void) | 210 static PRStatus PR_CALLBACK pkix_getDecodeFunction(void) { |
225 { | 211 pkix_decodeFunc.smimeLib = |
226 pkix_decodeFunc.smimeLib =· | 212 PR_LoadLibrary(SHLIB_PREFIX "smime3." SHLIB_SUFFIX); |
227 » » PR_LoadLibrary(SHLIB_PREFIX"smime3."SHLIB_SUFFIX); | 213 if (pkix_decodeFunc.smimeLib == NULL) { |
228 if (pkix_decodeFunc.smimeLib == NULL) { | 214 return PR_FAILURE; |
229 » return PR_FAILURE; | 215 } |
230 } | |
231 | 216 |
232 pkix_decodeFunc.func = (pkix_DecodeCertsFunc) PR_FindFunctionSymbol( | 217 pkix_decodeFunc.func = (pkix_DecodeCertsFunc)PR_FindFunctionSymbol( |
233 » » pkix_decodeFunc.smimeLib, "CERT_DecodeCertPackage"); | 218 pkix_decodeFunc.smimeLib, "CERT_DecodeCertPackage"); |
234 if (!pkix_decodeFunc.func) { | 219 if (!pkix_decodeFunc.func) { |
235 » return PR_FAILURE; | 220 return PR_FAILURE; |
236 } | 221 } |
237 return PR_SUCCESS; | 222 return PR_SUCCESS; |
238 | |
239 } | 223 } |
240 | 224 |
241 /* | 225 /* |
242 * clears our global state on shutdown. | 226 * clears our global state on shutdown. |
243 */ | 227 */ |
244 void | 228 void pkix_pl_HttpCertStore_Shutdown(void *plContext) { |
245 pkix_pl_HttpCertStore_Shutdown(void *plContext) | 229 if (pkix_decodeFunc.smimeLib) { |
246 { | 230 PR_UnloadLibrary(pkix_decodeFunc.smimeLib); |
247 if (pkix_decodeFunc.smimeLib) { | 231 pkix_decodeFunc.smimeLib = NULL; |
248 » PR_UnloadLibrary(pkix_decodeFunc.smimeLib); | 232 } |
249 » pkix_decodeFunc.smimeLib = NULL; | 233 /* the function pointer just need to be cleared, not freed */ |
250 } | 234 pkix_decodeFunc.func = NULL; |
251 /* the function pointer just need to be cleared, not freed */ | 235 pkix_decodeFunc.once = pkix_pristine; |
252 pkix_decodeFunc.func = NULL; | |
253 pkix_decodeFunc.once = pkix_pristine; | |
254 } | 236 } |
255 | 237 |
256 /* | 238 /* |
257 * This function is based on CERT_DecodeCertPackage from lib/pkcs7/certread.c | 239 * This function is based on CERT_DecodeCertPackage from lib/pkcs7/certread.c |
258 * read an old style ascii or binary certificate chain | 240 * read an old style ascii or binary certificate chain |
259 */ | 241 */ |
260 PKIX_Error * | 242 PKIX_Error *pkix_pl_HttpCertStore_DecodeCertPackage(const char *certbuf, |
261 pkix_pl_HttpCertStore_DecodeCertPackage | 243 int certlen, |
262 (const char *certbuf, | 244 CERTImportCertificateFunc f, |
263 int certlen, | 245 void *arg, |
264 CERTImportCertificateFunc f, | 246 void *plContext) { |
265 void *arg, | |
266 void *plContext) | |
267 { | |
268 ··· | |
269 PRStatus status; | |
270 SECStatus rv; | |
271 | 247 |
272 PKIX_ENTER | 248 PRStatus status; |
273 (HTTPCERTSTORECONTEXT, | 249 SECStatus rv; |
274 "pkix_pl_HttpCertStore_DecodeCertPackage"); | |
275 PKIX_NULLCHECK_TWO(certbuf, f); | |
276 | 250 |
277 status = PR_CallOnce(&pkix_decodeFunc.once, pkix_getDecodeFunction); | 251 PKIX_ENTER(HTTPCERTSTORECONTEXT, "pkix_pl_HttpCertStore_DecodeCertPackage"); |
| 252 PKIX_NULLCHECK_TWO(certbuf, f); |
278 | 253 |
279 if (status != PR_SUCCESS) { | 254 status = PR_CallOnce(&pkix_decodeFunc.once, pkix_getDecodeFunction); |
280 PKIX_ERROR(PKIX_CANTLOADLIBSMIME); | |
281 } | |
282 | 255 |
283 /* paranoia, shouldn't happen if status == PR_SUCCESS); */ | 256 if (status != PR_SUCCESS) { |
284 if (!pkix_decodeFunc.func) { | 257 PKIX_ERROR(PKIX_CANTLOADLIBSMIME); |
285 PKIX_ERROR(PKIX_CANTLOADLIBSMIME); | 258 } |
286 } | |
287 | 259 |
288 rv = (*pkix_decodeFunc.func)((char*)certbuf, certlen, f, arg); | 260 /* paranoia, shouldn't happen if status == PR_SUCCESS); */ |
| 261 if (!pkix_decodeFunc.func) { |
| 262 PKIX_ERROR(PKIX_CANTLOADLIBSMIME); |
| 263 } |
289 | 264 |
290 if (rv != SECSuccess) { | 265 rv = (*pkix_decodeFunc.func)((char *)certbuf, certlen, f, arg); |
291 PKIX_ERROR (PKIX_SECREADPKCS7CERTSFAILED); | 266 |
292 } | 267 if (rv != SECSuccess) { |
293 ···· | 268 PKIX_ERROR(PKIX_SECREADPKCS7CERTSFAILED); |
| 269 } |
294 | 270 |
295 cleanup: | 271 cleanup: |
296 | 272 |
297 PKIX_RETURN(HTTPCERTSTORECONTEXT); | 273 PKIX_RETURN(HTTPCERTSTORECONTEXT); |
298 } | 274 } |
299 | 275 |
300 | |
301 /* | 276 /* |
302 * FUNCTION: pkix_pl_HttpCertStore_ProcessCertResponse | 277 * FUNCTION: pkix_pl_HttpCertStore_ProcessCertResponse |
303 * DESCRIPTION: | 278 * DESCRIPTION: |
304 * | 279 * |
305 * This function verifies that the response code pointed to by "responseCode" | 280 * This function verifies that the response code pointed to by "responseCode" |
306 * and the content type pointed to by "responseContentType" are as expected, | 281 * and the content type pointed to by "responseContentType" are as expected, |
307 * and then decodes the data pointed to by "responseData", of length | 282 * and then decodes the data pointed to by "responseData", of length |
308 * "responseDataLen", into a List of Certs, possibly empty, which is returned | 283 * "responseDataLen", into a List of Certs, possibly empty, which is returned |
309 * at "pCertList". | 284 * at "pCertList". |
310 * | 285 * |
(...skipping 10 matching lines...) Expand all Loading... |
321 * The address of the List that is created. Must be non-NULL. | 296 * The address of the List that is created. Must be non-NULL. |
322 * "plContext" | 297 * "plContext" |
323 * Platform-specific context pointer. | 298 * Platform-specific context pointer. |
324 * THREAD SAFETY: | 299 * THREAD SAFETY: |
325 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | 300 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
326 * RETURNS: | 301 * RETURNS: |
327 * Returns NULL if the function succeeds. | 302 * Returns NULL if the function succeeds. |
328 * Returns a HttpCertStore Error if the function fails in a non-fatal way. | 303 * Returns a HttpCertStore Error if the function fails in a non-fatal way. |
329 * Returns a Fatal Error if the function fails in an unrecoverable way. | 304 * Returns a Fatal Error if the function fails in an unrecoverable way. |
330 */ | 305 */ |
331 PKIX_Error * | 306 PKIX_Error *pkix_pl_HttpCertStore_ProcessCertResponse( |
332 pkix_pl_HttpCertStore_ProcessCertResponse( | 307 PRUint16 responseCode, const char *responseContentType, |
333 PRUint16 responseCode, | 308 const char *responseData, PRUint32 responseDataLen, PKIX_List **pCertList, |
334 const char *responseContentType, | 309 void *plContext) { |
335 const char *responseData, | 310 callbackContext cbContext; |
336 PRUint32 responseDataLen, | |
337 PKIX_List **pCertList, | |
338 void *plContext) | |
339 { | |
340 callbackContext cbContext; | |
341 | 311 |
342 PKIX_ENTER(HTTPCERTSTORECONTEXT, | 312 PKIX_ENTER(HTTPCERTSTORECONTEXT, "pkix_pl_HttpCertStore_ProcessCertResponse"); |
343 "pkix_pl_HttpCertStore_ProcessCertResponse"); | |
344 ········ | |
345 cbContext.error = NULL; | |
346 cbContext.plContext = plContext; | |
347 cbContext.pkixCertList = NULL; | |
348 | 313 |
349 PKIX_NULLCHECK_ONE(pCertList); | 314 cbContext.error = NULL; |
| 315 cbContext.plContext = plContext; |
| 316 cbContext.pkixCertList = NULL; |
350 | 317 |
351 if (responseCode != 200) { | 318 PKIX_NULLCHECK_ONE(pCertList); |
352 PKIX_ERROR(PKIX_BADHTTPRESPONSE); | |
353 } | |
354 | 319 |
355 /* check that response type is application/pkcs7-mime */ | 320 if (responseCode != 200) { |
356 if (responseContentType == NULL) { | 321 PKIX_ERROR(PKIX_BADHTTPRESPONSE); |
357 PKIX_ERROR(PKIX_NOCONTENTTYPEINHTTPRESPONSE); | 322 } |
358 } | |
359 | 323 |
360 if (responseData == NULL) { | 324 /* check that response type is application/pkcs7-mime */ |
361 PKIX_ERROR(PKIX_NORESPONSEDATAINHTTPRESPONSE); | 325 if (responseContentType == NULL) { |
362 } | 326 PKIX_ERROR(PKIX_NOCONTENTTYPEINHTTPRESPONSE); |
| 327 } |
363 | 328 |
364 PKIX_CHECK( | 329 if (responseData == NULL) { |
365 PKIX_List_Create(&cbContext.pkixCertList, plContext), | 330 PKIX_ERROR(PKIX_NORESPONSEDATAINHTTPRESPONSE); |
366 PKIX_LISTCREATEFAILED); | 331 } |
367 ········ | 332 |
368 PKIX_CHECK_ONLY_FATAL( | 333 PKIX_CHECK(PKIX_List_Create(&cbContext.pkixCertList, plContext), |
369 pkix_pl_HttpCertStore_DecodeCertPackage(responseData, | 334 PKIX_LISTCREATEFAILED); |
370 responseDataLen, | 335 |
371 certCallback, | 336 PKIX_CHECK_ONLY_FATAL( |
372 &cbContext, | 337 pkix_pl_HttpCertStore_DecodeCertPackage( |
373 plContext), | 338 responseData, responseDataLen, certCallback, &cbContext, plContext), |
374 PKIX_HTTPCERTSTOREDECODECERTPACKAGEFAILED); | 339 PKIX_HTTPCERTSTOREDECODECERTPACKAGEFAILED); |
375 if (cbContext.error) { | 340 if (cbContext.error) { |
376 /* Aborting on a fatal error(See certCallback fn) */ | 341 /* Aborting on a fatal error(See certCallback fn) */ |
377 pkixErrorResult = cbContext.error; | 342 pkixErrorResult = cbContext.error; |
378 goto cleanup; | 343 goto cleanup; |
379 } | 344 } |
380 ········ | 345 |
381 *pCertList = cbContext.pkixCertList; | 346 *pCertList = cbContext.pkixCertList; |
382 cbContext.pkixCertList = NULL; | 347 cbContext.pkixCertList = NULL; |
383 | 348 |
384 cleanup: | 349 cleanup: |
385 | 350 |
386 PKIX_DECREF(cbContext.pkixCertList); | 351 PKIX_DECREF(cbContext.pkixCertList); |
387 | 352 |
388 PKIX_RETURN(HTTPCERTSTORECONTEXT); | 353 PKIX_RETURN(HTTPCERTSTORECONTEXT); |
389 } | 354 } |
390 | 355 |
391 /* | 356 /* |
392 * FUNCTION: pkix_pl_HttpCertStore_ProcessCrlResponse | 357 * FUNCTION: pkix_pl_HttpCertStore_ProcessCrlResponse |
393 * DESCRIPTION: | 358 * DESCRIPTION: |
394 * | 359 * |
395 * This function verifies that the response code pointed to by "responseCode" | 360 * This function verifies that the response code pointed to by "responseCode" |
396 * and the content type pointed to by "responseContentType" are as expected, | 361 * and the content type pointed to by "responseContentType" are as expected, |
397 * and then decodes the data pointed to by "responseData", of length | 362 * and then decodes the data pointed to by "responseData", of length |
398 * "responseDataLen", into a List of Crls, possibly empty, which is returned | 363 * "responseDataLen", into a List of Crls, possibly empty, which is returned |
(...skipping 12 matching lines...) Expand all Loading... |
411 * The address of the List that is created. Must be non-NULL. | 376 * The address of the List that is created. Must be non-NULL. |
412 * "plContext" | 377 * "plContext" |
413 * Platform-specific context pointer. | 378 * Platform-specific context pointer. |
414 * THREAD SAFETY: | 379 * THREAD SAFETY: |
415 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | 380 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
416 * RETURNS: | 381 * RETURNS: |
417 * Returns NULL if the function succeeds. | 382 * Returns NULL if the function succeeds. |
418 * Returns a HttpCertStore Error if the function fails in a non-fatal way. | 383 * Returns a HttpCertStore Error if the function fails in a non-fatal way. |
419 * Returns a Fatal Error if the function fails in an unrecoverable way. | 384 * Returns a Fatal Error if the function fails in an unrecoverable way. |
420 */ | 385 */ |
421 PKIX_Error * | 386 PKIX_Error *pkix_pl_HttpCertStore_ProcessCrlResponse( |
422 pkix_pl_HttpCertStore_ProcessCrlResponse( | 387 PRUint16 responseCode, const char *responseContentType, |
423 PRUint16 responseCode, | 388 const char *responseData, PRUint32 responseDataLen, PKIX_List **pCrlList, |
424 const char *responseContentType, | 389 void *plContext) { |
425 const char *responseData, | 390 SECItem encodedResponse; |
426 PRUint32 responseDataLen, | 391 PRInt16 compareVal = 0; |
427 PKIX_List **pCrlList, | 392 PKIX_List *crls = NULL; |
428 void *plContext) | 393 SECItem *derCrlCopy = NULL; |
429 { | 394 CERTSignedCrl *nssCrl = NULL; |
430 SECItem encodedResponse; | 395 PKIX_PL_CRL *crl = NULL; |
431 PRInt16 compareVal = 0; | |
432 PKIX_List *crls = NULL; | |
433 SECItem *derCrlCopy = NULL; | |
434 CERTSignedCrl *nssCrl = NULL; | |
435 PKIX_PL_CRL *crl = NULL; | |
436 | 396 |
437 PKIX_ENTER(HTTPCERTSTORECONTEXT, | 397 PKIX_ENTER(HTTPCERTSTORECONTEXT, "pkix_pl_HttpCertStore_ProcessCrlResponse"); |
438 "pkix_pl_HttpCertStore_ProcessCrlResponse"); | 398 PKIX_NULLCHECK_ONE(pCrlList); |
439 PKIX_NULLCHECK_ONE(pCrlList); | |
440 | 399 |
441 if (responseCode != 200) { | 400 if (responseCode != 200) { |
442 PKIX_ERROR(PKIX_BADHTTPRESPONSE); | 401 PKIX_ERROR(PKIX_BADHTTPRESPONSE); |
443 } | 402 } |
444 | 403 |
445 /* check that response type is application/pkix-crl */ | 404 /* check that response type is application/pkix-crl */ |
446 if (responseContentType == NULL) { | 405 if (responseContentType == NULL) { |
447 PKIX_ERROR(PKIX_NOCONTENTTYPEINHTTPRESPONSE); | 406 PKIX_ERROR(PKIX_NOCONTENTTYPEINHTTPRESPONSE); |
448 } | 407 } |
449 | 408 |
450 compareVal = PORT_Strcasecmp(responseContentType, | 409 compareVal = PORT_Strcasecmp(responseContentType, "application/pkix-crl"); |
451 "application/pkix-crl"); | 410 if (compareVal != 0) { |
452 if (compareVal != 0) { | 411 PKIX_ERROR(PKIX_CONTENTTYPENOTPKIXCRL); |
453 PKIX_ERROR(PKIX_CONTENTTYPENOTPKIXCRL); | 412 } |
454 } | 413 encodedResponse.type = siBuffer; |
455 encodedResponse.type = siBuffer; | 414 encodedResponse.data = (void *)responseData; |
456 encodedResponse.data = (void*)responseData; | 415 encodedResponse.len = responseDataLen; |
457 encodedResponse.len = responseDataLen; | |
458 | 416 |
459 derCrlCopy = SECITEM_DupItem(&encodedResponse); | 417 derCrlCopy = SECITEM_DupItem(&encodedResponse); |
460 if (!derCrlCopy) { | 418 if (!derCrlCopy) { |
461 PKIX_ERROR(PKIX_ALLOCERROR); | 419 PKIX_ERROR(PKIX_ALLOCERROR); |
462 } | 420 } |
463 /* crl will be based on derCrlCopy, but will not own the der. */ | 421 /* crl will be based on derCrlCopy, but will not own the der. */ |
464 nssCrl = | 422 nssCrl = CERT_DecodeDERCrlWithFlags( |
465 CERT_DecodeDERCrlWithFlags(NULL, derCrlCopy, SEC_CRL_TYPE, | 423 NULL, derCrlCopy, SEC_CRL_TYPE, |
466 CRL_DECODE_DONT_COPY_DER | | 424 CRL_DECODE_DONT_COPY_DER | CRL_DECODE_SKIP_ENTRIES); |
467 CRL_DECODE_SKIP_ENTRIES); | 425 if (!nssCrl) { |
468 if (!nssCrl) { | 426 PKIX_ERROR(PKIX_FAILEDTODECODECRL); |
469 PKIX_ERROR(PKIX_FAILEDTODECODECRL); | 427 } |
470 } | 428 /* pkix crls own the der. */ |
471 /* pkix crls own the der. */ | 429 PKIX_CHECK(pkix_pl_CRL_CreateWithSignedCRL(nssCrl, derCrlCopy, NULL, &crl, |
472 PKIX_CHECK( | 430 plContext), |
473 pkix_pl_CRL_CreateWithSignedCRL(nssCrl, derCrlCopy, NULL, | 431 PKIX_CRLCREATEWITHSIGNEDCRLFAILED); |
474 &crl, plContext), | 432 /* Left control over memory pointed by derCrlCopy and |
475 PKIX_CRLCREATEWITHSIGNEDCRLFAILED); | 433 * nssCrl to pkix crl. */ |
476 /* Left control over memory pointed by derCrlCopy and | 434 derCrlCopy = NULL; |
477 * nssCrl to pkix crl. */ | 435 nssCrl = NULL; |
478 derCrlCopy = NULL; | 436 PKIX_CHECK(PKIX_List_Create(&crls, plContext), PKIX_LISTCREATEFAILED); |
479 nssCrl = NULL; | 437 PKIX_CHECK(PKIX_List_AppendItem(crls, (PKIX_PL_Object *)crl, plContext), |
480 PKIX_CHECK(PKIX_List_Create(&crls, plContext), | 438 PKIX_LISTAPPENDITEMFAILED); |
481 PKIX_LISTCREATEFAILED); | 439 *pCrlList = crls; |
482 PKIX_CHECK(PKIX_List_AppendItem | 440 crls = NULL; |
483 (crls, (PKIX_PL_Object *) crl, plContext), | |
484 PKIX_LISTAPPENDITEMFAILED); | |
485 *pCrlList = crls; | |
486 crls = NULL; | |
487 cleanup: | 441 cleanup: |
488 if (derCrlCopy) { | 442 if (derCrlCopy) { |
489 SECITEM_FreeItem(derCrlCopy, PR_TRUE); | 443 SECITEM_FreeItem(derCrlCopy, PR_TRUE); |
490 } | 444 } |
491 if (nssCrl) { | 445 if (nssCrl) { |
492 SEC_DestroyCrl(nssCrl); | 446 SEC_DestroyCrl(nssCrl); |
493 } | 447 } |
494 PKIX_DECREF(crl); | 448 PKIX_DECREF(crl); |
495 PKIX_DECREF(crls); | 449 PKIX_DECREF(crls); |
496 | 450 |
497 PKIX_RETURN(HTTPCERTSTORECONTEXT); | 451 PKIX_RETURN(HTTPCERTSTORECONTEXT); |
498 } | 452 } |
499 | 453 |
500 /* | 454 /* |
501 * FUNCTION: pkix_pl_HttpCertStore_CreateRequestSession | 455 * FUNCTION: pkix_pl_HttpCertStore_CreateRequestSession |
502 * DESCRIPTION: | 456 * DESCRIPTION: |
503 * | 457 * |
504 * This function takes elements from the HttpCertStoreContext pointed to by | 458 * This function takes elements from the HttpCertStoreContext pointed to by |
505 * "context" (path, client, and serverSession) and creates a RequestSession. | 459 * "context" (path, client, and serverSession) and creates a RequestSession. |
506 * See the HTTPClient API described in ocspt.h for further details. | 460 * See the HTTPClient API described in ocspt.h for further details. |
507 * | 461 * |
508 * PARAMETERS: | 462 * PARAMETERS: |
509 * "context" | 463 * "context" |
510 * The address of the HttpCertStoreContext. Must be non-NULL. | 464 * The address of the HttpCertStoreContext. Must be non-NULL. |
511 * "plContext" | 465 * "plContext" |
512 * Platform-specific context pointer. | 466 * Platform-specific context pointer. |
513 * THREAD SAFETY: | 467 * THREAD SAFETY: |
514 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | 468 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
515 * RETURNS: | 469 * RETURNS: |
516 * Returns NULL if the function succeeds. | 470 * Returns NULL if the function succeeds. |
517 * Returns a HttpCertStore Error if the function fails in a non-fatal way. | 471 * Returns a HttpCertStore Error if the function fails in a non-fatal way. |
518 * Returns a Fatal Error if the function fails in an unrecoverable way. | 472 * Returns a Fatal Error if the function fails in an unrecoverable way. |
519 */ | 473 */ |
520 PKIX_Error * | 474 PKIX_Error *pkix_pl_HttpCertStore_CreateRequestSession( |
521 pkix_pl_HttpCertStore_CreateRequestSession( | 475 PKIX_PL_HttpCertStoreContext *context, void *plContext) { |
522 PKIX_PL_HttpCertStoreContext *context, | 476 const SEC_HttpClientFcnV1 *hcv1 = NULL; |
523 void *plContext) | 477 SECStatus rv = SECFailure; |
524 { | 478 |
525 const SEC_HttpClientFcnV1 *hcv1 = NULL; | 479 PKIX_ENTER(HTTPCERTSTORECONTEXT, |
526 SECStatus rv = SECFailure; | 480 "pkix_pl_HttpCertStore_CreateRequestSession"); |
527 | 481 PKIX_NULLCHECK_TWO(context, context->serverSession); |
528 PKIX_ENTER | 482 |
529 (HTTPCERTSTORECONTEXT, | 483 if (context->client->version != 1) { |
530 "pkix_pl_HttpCertStore_CreateRequestSession"); | 484 PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT); |
531 PKIX_NULLCHECK_TWO(context, context->serverSession); | 485 } |
532 | 486 |
533 if (context->client->version != 1) { | 487 hcv1 = &(context->client->fcnTable.ftable1); |
534 PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT); | 488 if (context->requestSession != NULL) { |
535 } | 489 (*hcv1->freeFcn)(context->requestSession); |
536 | 490 context->requestSession = 0; |
537 hcv1 = &(context->client->fcnTable.ftable1); | 491 } |
538 if (context->requestSession != NULL) { | 492 |
539 (*hcv1->freeFcn)(context->requestSession); | 493 rv = (*hcv1->createFcn)( |
540 context->requestSession = 0; | 494 context->serverSession, "http", context->path, "GET", |
541 } | 495 PR_SecondsToInterval(((PKIX_PL_NssContext *)plContext)->timeoutSeconds), |
542 ········ | 496 &(context->requestSession)); |
543 rv = (*hcv1->createFcn)(context->serverSession, "http", | 497 |
544 context->path, "GET", | 498 if (rv != SECSuccess) { |
545 PR_SecondsToInterval( | 499 PKIX_ERROR(PKIX_HTTPSERVERERROR); |
546 ((PKIX_PL_NssContext*)plContext)->timeoutSeconds), | 500 } |
547 &(context->requestSession)); | 501 cleanup: |
548 ········ | 502 |
549 if (rv != SECSuccess) { | 503 PKIX_RETURN(HTTPCERTSTORECONTEXT); |
550 PKIX_ERROR(PKIX_HTTPSERVERERROR); | |
551 } | |
552 cleanup: | |
553 | |
554 PKIX_RETURN(HTTPCERTSTORECONTEXT); | |
555 | |
556 } | 504 } |
557 | 505 |
558 /* | 506 /* |
559 * FUNCTION: pkix_pl_HttpCertStore_GetCert | 507 * FUNCTION: pkix_pl_HttpCertStore_GetCert |
560 * (see description of PKIX_CertStore_CertCallback in pkix_certstore.h) | 508 * (see description of PKIX_CertStore_CertCallback in pkix_certstore.h) |
561 */ | 509 */ |
562 PKIX_Error * | 510 PKIX_Error *pkix_pl_HttpCertStore_GetCert(PKIX_CertStore *store, |
563 pkix_pl_HttpCertStore_GetCert( | 511 PKIX_CertSelector *selector, |
564 PKIX_CertStore *store, | 512 PKIX_VerifyNode *verifyNode, |
565 PKIX_CertSelector *selector, | 513 void **pNBIOContext, |
566 PKIX_VerifyNode *verifyNode, | 514 PKIX_List **pCertList, |
567 void **pNBIOContext, | 515 void *plContext) { |
568 PKIX_List **pCertList, | 516 const SEC_HttpClientFcnV1 *hcv1 = NULL; |
569 void *plContext) | 517 PKIX_PL_HttpCertStoreContext *context = NULL; |
570 { | 518 void *nbioContext = NULL; |
571 const SEC_HttpClientFcnV1 *hcv1 = NULL; | 519 SECStatus rv = SECFailure; |
572 PKIX_PL_HttpCertStoreContext *context = NULL; | 520 PRUint16 responseCode = 0; |
573 void *nbioContext = NULL; | 521 const char *responseContentType = NULL; |
574 SECStatus rv = SECFailure; | 522 const char *responseData = NULL; |
575 PRUint16 responseCode = 0; | 523 PRUint32 responseDataLen = 0; |
576 const char *responseContentType = NULL; | 524 PKIX_List *certList = NULL; |
577 const char *responseData = NULL; | 525 |
578 PRUint32 responseDataLen = 0; | 526 PKIX_ENTER(HTTPCERTSTORECONTEXT, "pkix_pl_HttpCertStore_GetCert"); |
579 PKIX_List *certList = NULL; | 527 PKIX_NULLCHECK_THREE(store, selector, pCertList); |
580 | 528 |
581 PKIX_ENTER(HTTPCERTSTORECONTEXT, "pkix_pl_HttpCertStore_GetCert"); | 529 nbioContext = *pNBIOContext; |
582 PKIX_NULLCHECK_THREE(store, selector, pCertList); | 530 *pNBIOContext = NULL; |
583 | 531 |
584 nbioContext = *pNBIOContext; | 532 PKIX_CHECK(PKIX_CertStore_GetCertStoreContext( |
585 *pNBIOContext = NULL; | 533 store, (PKIX_PL_Object **)&context, plContext), |
586 | 534 PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED); |
587 PKIX_CHECK(PKIX_CertStore_GetCertStoreContext | 535 |
588 (store, (PKIX_PL_Object **)&context, plContext), | 536 if (context->client->version != 1) { |
589 PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED); | 537 PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT); |
590 | 538 } |
591 if (context->client->version != 1) { | 539 |
592 PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT); | 540 hcv1 = &(context->client->fcnTable.ftable1); |
593 } | 541 |
594 ········ | 542 PKIX_CHECK(pkix_pl_HttpCertStore_CreateRequestSession(context, plContext), |
595 hcv1 = &(context->client->fcnTable.ftable1); | 543 PKIX_HTTPCERTSTORECREATEREQUESTSESSIONFAILED); |
596 | 544 |
597 PKIX_CHECK(pkix_pl_HttpCertStore_CreateRequestSession | 545 responseDataLen = ((PKIX_PL_NssContext *)plContext)->maxResponseLength; |
598 (context, plContext), | 546 |
599 PKIX_HTTPCERTSTORECREATEREQUESTSESSIONFAILED); | 547 rv = (*hcv1->trySendAndReceiveFcn)( |
600 ········ | 548 context->requestSession, (PRPollDesc **)&nbioContext, &responseCode, |
601 responseDataLen = | 549 (const char **)&responseContentType, NULL, /* &responseHeaders */ |
602 ((PKIX_PL_NssContext*)plContext)->maxResponseLength; | 550 (const char **)&responseData, &responseDataLen); |
603 ········ | 551 if (rv != SECSuccess) { |
604 rv = (*hcv1->trySendAndReceiveFcn)(context->requestSession, | 552 PKIX_ERROR(PKIX_HTTPSERVERERROR); |
605 (PRPollDesc **)&nbioContext, | 553 } |
606 &responseCode, | 554 |
607 (const char **)&responseContentType, | 555 if (nbioContext != 0) { |
608 NULL, /* &responseHeaders */ | 556 *pNBIOContext = nbioContext; |
609 (const char **)&responseData, | 557 goto cleanup; |
610 &responseDataLen); | 558 } |
611 if (rv != SECSuccess) { | 559 |
612 PKIX_ERROR(PKIX_HTTPSERVERERROR); | 560 PKIX_CHECK(pkix_pl_HttpCertStore_ProcessCertResponse( |
613 } | 561 responseCode, responseContentType, responseData, |
614 ········ | 562 responseDataLen, &certList, plContext), |
615 if (nbioContext != 0) { | 563 PKIX_HTTPCERTSTOREPROCESSCERTRESPONSEFAILED); |
616 *pNBIOContext = nbioContext; | 564 |
617 goto cleanup; | 565 *pCertList = certList; |
618 } | 566 |
619 | 567 cleanup: |
620 PKIX_CHECK(pkix_pl_HttpCertStore_ProcessCertResponse | 568 PKIX_DECREF(context); |
621 (responseCode, | 569 |
622 responseContentType, | 570 PKIX_RETURN(CERTSTORE); |
623 responseData, | |
624 responseDataLen, | |
625 &certList, | |
626 plContext), | |
627 PKIX_HTTPCERTSTOREPROCESSCERTRESPONSEFAILED); | |
628 | |
629 *pCertList = certList; | |
630 | |
631 cleanup: | |
632 PKIX_DECREF(context); | |
633 | |
634 PKIX_RETURN(CERTSTORE); | |
635 } | 571 } |
636 | 572 |
637 /* | 573 /* |
638 * FUNCTION: pkix_pl_HttpCertStore_GetCertContinue | 574 * FUNCTION: pkix_pl_HttpCertStore_GetCertContinue |
639 * (see description of PKIX_CertStore_CertCallback in pkix_certstore.h) | 575 * (see description of PKIX_CertStore_CertCallback in pkix_certstore.h) |
640 */ | 576 */ |
641 PKIX_Error * | 577 PKIX_Error *pkix_pl_HttpCertStore_GetCertContinue(PKIX_CertStore *store, |
642 pkix_pl_HttpCertStore_GetCertContinue( | 578 PKIX_CertSelector *selector, |
643 PKIX_CertStore *store, | 579 PKIX_VerifyNode *verifyNode, |
644 PKIX_CertSelector *selector, | 580 void **pNBIOContext, |
645 PKIX_VerifyNode *verifyNode, | 581 PKIX_List **pCertList, |
646 void **pNBIOContext, | 582 void *plContext) { |
647 PKIX_List **pCertList, | 583 const SEC_HttpClientFcnV1 *hcv1 = NULL; |
648 void *plContext) | 584 PKIX_PL_HttpCertStoreContext *context = NULL; |
649 { | 585 void *nbioContext = NULL; |
650 const SEC_HttpClientFcnV1 *hcv1 = NULL; | 586 SECStatus rv = SECFailure; |
651 PKIX_PL_HttpCertStoreContext *context = NULL; | 587 PRUint16 responseCode = 0; |
652 void *nbioContext = NULL; | 588 const char *responseContentType = NULL; |
653 SECStatus rv = SECFailure; | 589 const char *responseData = NULL; |
654 PRUint16 responseCode = 0; | 590 PRUint32 responseDataLen = 0; |
655 const char *responseContentType = NULL; | 591 PKIX_List *certList = NULL; |
656 const char *responseData = NULL; | 592 |
657 PRUint32 responseDataLen = 0; | 593 PKIX_ENTER(CERTSTORE, "pkix_pl_HttpCertStore_GetCertContinue"); |
658 PKIX_List *certList = NULL; | 594 PKIX_NULLCHECK_THREE(store, selector, pCertList); |
659 | 595 |
660 PKIX_ENTER(CERTSTORE, "pkix_pl_HttpCertStore_GetCertContinue"); | 596 nbioContext = *pNBIOContext; |
661 PKIX_NULLCHECK_THREE(store, selector, pCertList); | 597 *pNBIOContext = NULL; |
662 | 598 |
663 nbioContext = *pNBIOContext; | 599 PKIX_CHECK(PKIX_CertStore_GetCertStoreContext( |
664 *pNBIOContext = NULL; | 600 store, (PKIX_PL_Object **)&context, plContext), |
665 | 601 PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED); |
666 PKIX_CHECK(PKIX_CertStore_GetCertStoreContext | 602 |
667 (store, (PKIX_PL_Object **)&context, plContext), | 603 if (context->client->version != 1) { |
668 PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED); | 604 PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT); |
669 | 605 } |
670 if (context->client->version != 1) { | 606 |
671 PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT); | 607 hcv1 = &(context->client->fcnTable.ftable1); |
672 } | 608 PKIX_NULLCHECK_ONE(context->requestSession); |
673 | 609 |
674 hcv1 = &(context->client->fcnTable.ftable1); | 610 responseDataLen = ((PKIX_PL_NssContext *)plContext)->maxResponseLength; |
675 PKIX_NULLCHECK_ONE(context->requestSession); | 611 |
676 | 612 rv = (*hcv1->trySendAndReceiveFcn)( |
677 responseDataLen = | 613 context->requestSession, (PRPollDesc **)&nbioContext, &responseCode, |
678 ((PKIX_PL_NssContext*)plContext)->maxResponseLength; | 614 (const char **)&responseContentType, NULL, /* &responseHeaders */ |
679 | 615 (const char **)&responseData, &responseDataLen); |
680 rv = (*hcv1->trySendAndReceiveFcn)(context->requestSession, | 616 |
681 (PRPollDesc **)&nbioContext, | 617 if (rv != SECSuccess) { |
682 &responseCode, | 618 PKIX_ERROR(PKIX_HTTPSERVERERROR); |
683 (const char **)&responseContentType, | 619 } |
684 NULL, /* &responseHeaders */ | 620 |
685 (const char **)&responseData, | 621 if (nbioContext != 0) { |
686 &responseDataLen); | 622 *pNBIOContext = nbioContext; |
687 | 623 goto cleanup; |
688 if (rv != SECSuccess) { | 624 } |
689 PKIX_ERROR(PKIX_HTTPSERVERERROR); | 625 |
690 } | 626 PKIX_CHECK(pkix_pl_HttpCertStore_ProcessCertResponse( |
691 ········ | 627 responseCode, responseContentType, responseData, |
692 if (nbioContext != 0) { | 628 responseDataLen, &certList, plContext), |
693 *pNBIOContext = nbioContext; | 629 PKIX_HTTPCERTSTOREPROCESSCERTRESPONSEFAILED); |
694 goto cleanup; | 630 |
695 } | 631 *pCertList = certList; |
696 | 632 |
697 PKIX_CHECK(pkix_pl_HttpCertStore_ProcessCertResponse | 633 cleanup: |
698 (responseCode, | 634 PKIX_DECREF(context); |
699 responseContentType, | 635 |
700 responseData, | 636 PKIX_RETURN(CERTSTORE); |
701 responseDataLen, | |
702 &certList, | |
703 plContext), | |
704 PKIX_HTTPCERTSTOREPROCESSCERTRESPONSEFAILED); | |
705 | |
706 *pCertList = certList; | |
707 | |
708 cleanup: | |
709 PKIX_DECREF(context); | |
710 ········ | |
711 PKIX_RETURN(CERTSTORE); | |
712 } | 637 } |
713 | 638 |
714 /* | 639 /* |
715 * FUNCTION: pkix_pl_HttpCertStore_GetCRL | 640 * FUNCTION: pkix_pl_HttpCertStore_GetCRL |
716 * (see description of PKIX_CertStore_CRLCallback in pkix_certstore.h) | 641 * (see description of PKIX_CertStore_CRLCallback in pkix_certstore.h) |
717 */ | 642 */ |
718 PKIX_Error * | 643 PKIX_Error *pkix_pl_HttpCertStore_GetCRL(PKIX_CertStore *store, |
719 pkix_pl_HttpCertStore_GetCRL( | 644 PKIX_CRLSelector *selector, |
720 PKIX_CertStore *store, | 645 void **pNBIOContext, |
721 PKIX_CRLSelector *selector, | 646 PKIX_List **pCrlList, |
722 void **pNBIOContext, | 647 void *plContext) { |
723 PKIX_List **pCrlList, | 648 |
724 void *plContext) | 649 const SEC_HttpClientFcnV1 *hcv1 = NULL; |
725 { | 650 PKIX_PL_HttpCertStoreContext *context = NULL; |
726 | 651 void *nbioContext = NULL; |
727 const SEC_HttpClientFcnV1 *hcv1 = NULL; | 652 SECStatus rv = SECFailure; |
728 PKIX_PL_HttpCertStoreContext *context = NULL; | 653 PRUint16 responseCode = 0; |
729 void *nbioContext = NULL; | 654 const char *responseContentType = NULL; |
730 SECStatus rv = SECFailure; | 655 const char *responseData = NULL; |
731 PRUint16 responseCode = 0; | 656 PRUint32 responseDataLen = 0; |
732 const char *responseContentType = NULL; | 657 PKIX_List *crlList = NULL; |
733 const char *responseData = NULL; | 658 |
734 PRUint32 responseDataLen = 0; | 659 PKIX_ENTER(CERTSTORE, "pkix_pl_HttpCertStore_GetCRL"); |
735 PKIX_List *crlList = NULL; | 660 PKIX_NULLCHECK_THREE(store, selector, pCrlList); |
736 | 661 |
737 PKIX_ENTER(CERTSTORE, "pkix_pl_HttpCertStore_GetCRL"); | 662 nbioContext = *pNBIOContext; |
738 PKIX_NULLCHECK_THREE(store, selector, pCrlList); | 663 *pNBIOContext = NULL; |
739 | 664 |
740 nbioContext = *pNBIOContext; | 665 PKIX_CHECK(PKIX_CertStore_GetCertStoreContext( |
741 *pNBIOContext = NULL; | 666 store, (PKIX_PL_Object **)&context, plContext), |
742 | 667 PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED); |
743 PKIX_CHECK(PKIX_CertStore_GetCertStoreContext | 668 |
744 (store, (PKIX_PL_Object **)&context, plContext), | 669 if (context->client->version != 1) { |
745 PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED); | 670 PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT); |
746 | 671 } |
747 if (context->client->version != 1) { | 672 |
748 PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT); | 673 hcv1 = &(context->client->fcnTable.ftable1); |
749 } | 674 PKIX_CHECK(pkix_pl_HttpCertStore_CreateRequestSession(context, plContext), |
750 | 675 PKIX_HTTPCERTSTORECREATEREQUESTSESSIONFAILED); |
751 hcv1 = &(context->client->fcnTable.ftable1); | 676 |
752 PKIX_CHECK(pkix_pl_HttpCertStore_CreateRequestSession | 677 responseDataLen = ((PKIX_PL_NssContext *)plContext)->maxResponseLength; |
753 (context, plContext), | 678 |
754 PKIX_HTTPCERTSTORECREATEREQUESTSESSIONFAILED); | 679 rv = (*hcv1->trySendAndReceiveFcn)( |
755 | 680 context->requestSession, (PRPollDesc **)&nbioContext, &responseCode, |
756 responseDataLen = | 681 (const char **)&responseContentType, NULL, /* &responseHeaders */ |
757 ((PKIX_PL_NssContext*)plContext)->maxResponseLength; | 682 (const char **)&responseData, &responseDataLen); |
758 | 683 |
759 rv = (*hcv1->trySendAndReceiveFcn)(context->requestSession, | 684 if (rv != SECSuccess) { |
760 (PRPollDesc **)&nbioContext, | 685 PKIX_ERROR(PKIX_HTTPSERVERERROR); |
761 &responseCode, | 686 } |
762 (const char **)&responseContentType, | 687 |
763 NULL, /* &responseHeaders */ | 688 if (nbioContext != 0) { |
764 (const char **)&responseData, | 689 *pNBIOContext = nbioContext; |
765 &responseDataLen); | 690 goto cleanup; |
766 | 691 } |
767 if (rv != SECSuccess) { | 692 |
768 PKIX_ERROR(PKIX_HTTPSERVERERROR); | 693 PKIX_CHECK(pkix_pl_HttpCertStore_ProcessCrlResponse( |
769 } | 694 responseCode, responseContentType, responseData, |
770 ········ | 695 responseDataLen, &crlList, plContext), |
771 if (nbioContext != 0) { | 696 PKIX_HTTPCERTSTOREPROCESSCRLRESPONSEFAILED); |
772 *pNBIOContext = nbioContext; | 697 |
773 goto cleanup; | 698 *pCrlList = crlList; |
774 } | 699 |
775 | 700 cleanup: |
776 PKIX_CHECK(pkix_pl_HttpCertStore_ProcessCrlResponse | 701 PKIX_DECREF(context); |
777 (responseCode, | 702 |
778 responseContentType, | 703 PKIX_RETURN(CERTSTORE); |
779 responseData, | |
780 responseDataLen, | |
781 &crlList, | |
782 plContext), | |
783 PKIX_HTTPCERTSTOREPROCESSCRLRESPONSEFAILED); | |
784 | |
785 *pCrlList = crlList; | |
786 | |
787 cleanup: | |
788 PKIX_DECREF(context); | |
789 | |
790 PKIX_RETURN(CERTSTORE); | |
791 } | 704 } |
792 | 705 |
793 /* | 706 /* |
794 * FUNCTION: pkix_pl_HttpCertStore_GetCRLContinue | 707 * FUNCTION: pkix_pl_HttpCertStore_GetCRLContinue |
795 * (see description of PKIX_CertStore_CRLCallback in pkix_certstore.h) | 708 * (see description of PKIX_CertStore_CRLCallback in pkix_certstore.h) |
796 */ | 709 */ |
797 PKIX_Error * | 710 PKIX_Error *pkix_pl_HttpCertStore_GetCRLContinue(PKIX_CertStore *store, |
798 pkix_pl_HttpCertStore_GetCRLContinue( | 711 PKIX_CRLSelector *selector, |
799 PKIX_CertStore *store, | 712 void **pNBIOContext, |
800 PKIX_CRLSelector *selector, | 713 PKIX_List **pCrlList, |
801 void **pNBIOContext, | 714 void *plContext) { |
802 PKIX_List **pCrlList, | 715 const SEC_HttpClientFcnV1 *hcv1 = NULL; |
803 void *plContext) | 716 PKIX_PL_HttpCertStoreContext *context = NULL; |
804 { | 717 void *nbioContext = NULL; |
805 const SEC_HttpClientFcnV1 *hcv1 = NULL; | 718 SECStatus rv = SECFailure; |
806 PKIX_PL_HttpCertStoreContext *context = NULL; | 719 PRUint16 responseCode = 0; |
807 void *nbioContext = NULL; | 720 const char *responseContentType = NULL; |
808 SECStatus rv = SECFailure; | 721 const char *responseData = NULL; |
809 PRUint16 responseCode = 0; | 722 PRUint32 responseDataLen = 0; |
810 const char *responseContentType = NULL; | 723 PKIX_List *crlList = NULL; |
811 const char *responseData = NULL; | 724 |
812 PRUint32 responseDataLen = 0; | 725 PKIX_ENTER(CERTSTORE, "pkix_pl_HttpCertStore_GetCRLContinue"); |
813 PKIX_List *crlList = NULL; | 726 PKIX_NULLCHECK_FOUR(store, selector, pNBIOContext, pCrlList); |
814 | 727 |
815 PKIX_ENTER(CERTSTORE, "pkix_pl_HttpCertStore_GetCRLContinue"); | 728 nbioContext = *pNBIOContext; |
816 PKIX_NULLCHECK_FOUR(store, selector, pNBIOContext, pCrlList); | 729 *pNBIOContext = NULL; |
817 | 730 |
818 nbioContext = *pNBIOContext; | 731 PKIX_CHECK(PKIX_CertStore_GetCertStoreContext( |
819 *pNBIOContext = NULL; | 732 store, (PKIX_PL_Object **)&context, plContext), |
820 | 733 PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED); |
821 PKIX_CHECK(PKIX_CertStore_GetCertStoreContext | 734 |
822 (store, (PKIX_PL_Object **)&context, plContext), | 735 if (context->client->version != 1) { |
823 PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED); | 736 PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT); |
824 | 737 } |
825 if (context->client->version != 1) { | 738 hcv1 = &(context->client->fcnTable.ftable1); |
826 PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT); | 739 |
827 } | 740 PKIX_CHECK(pkix_pl_HttpCertStore_CreateRequestSession(context, plContext), |
828 hcv1 = &(context->client->fcnTable.ftable1); | 741 PKIX_HTTPCERTSTORECREATEREQUESTSESSIONFAILED); |
829 ················ | 742 |
830 PKIX_CHECK(pkix_pl_HttpCertStore_CreateRequestSession | 743 responseDataLen = ((PKIX_PL_NssContext *)plContext)->maxResponseLength; |
831 (context, plContext), | 744 |
832 PKIX_HTTPCERTSTORECREATEREQUESTSESSIONFAILED); | 745 rv = (*hcv1->trySendAndReceiveFcn)( |
833 ········ | 746 context->requestSession, (PRPollDesc **)&nbioContext, &responseCode, |
834 responseDataLen = | 747 (const char **)&responseContentType, NULL, /* &responseHeaders */ |
835 ((PKIX_PL_NssContext*)plContext)->maxResponseLength; | 748 (const char **)&responseData, &responseDataLen); |
836 | 749 |
837 rv = (*hcv1->trySendAndReceiveFcn)(context->requestSession, | 750 if (rv != SECSuccess) { |
838 (PRPollDesc **)&nbioContext, | 751 PKIX_ERROR(PKIX_HTTPSERVERERROR); |
839 &responseCode, | 752 } |
840 (const char **)&responseContentType, | 753 |
841 NULL, /* &responseHeaders */ | 754 if (nbioContext != 0) { |
842 (const char **)&responseData, | 755 *pNBIOContext = nbioContext; |
843 &responseDataLen); | 756 goto cleanup; |
844 ········ | 757 } |
845 if (rv != SECSuccess) { | 758 |
846 PKIX_ERROR(PKIX_HTTPSERVERERROR); | 759 PKIX_CHECK(pkix_pl_HttpCertStore_ProcessCrlResponse( |
847 } | 760 responseCode, responseContentType, responseData, |
848 ········ | 761 responseDataLen, &crlList, plContext), |
849 if (nbioContext != 0) { | 762 PKIX_HTTPCERTSTOREPROCESSCRLRESPONSEFAILED); |
850 *pNBIOContext = nbioContext; | 763 |
851 goto cleanup; | 764 *pCrlList = crlList; |
852 } | 765 |
853 | 766 cleanup: |
854 PKIX_CHECK(pkix_pl_HttpCertStore_ProcessCrlResponse | 767 PKIX_DECREF(context); |
855 (responseCode, | 768 |
856 responseContentType, | 769 PKIX_RETURN(CERTSTORE); |
857 responseData, | |
858 responseDataLen, | |
859 &crlList, | |
860 plContext), | |
861 PKIX_HTTPCERTSTOREPROCESSCRLRESPONSEFAILED); | |
862 | |
863 *pCrlList = crlList; | |
864 | |
865 cleanup: | |
866 PKIX_DECREF(context); | |
867 | |
868 PKIX_RETURN(CERTSTORE); | |
869 } | 770 } |
870 | 771 |
871 /* --Public-HttpCertStore-Functions----------------------------------- */ | 772 /* --Public-HttpCertStore-Functions----------------------------------- */ |
872 | 773 |
873 /* | 774 /* |
874 * FUNCTION: pkix_pl_HttpCertStore_CreateWithAsciiName | 775 * FUNCTION: pkix_pl_HttpCertStore_CreateWithAsciiName |
875 * DESCRIPTION: | 776 * DESCRIPTION: |
876 * | 777 * |
877 * This function uses the HttpClient pointed to by "client" and the string | 778 * This function uses the HttpClient pointed to by "client" and the string |
878 * (hostname:portnum/path, with portnum optional) pointed to by "locationAscii" | 779 * (hostname:portnum/path, with portnum optional) pointed to by "locationAscii" |
(...skipping 10 matching lines...) Expand all Loading... |
889 * The address in which the object is stored. Must be non-NULL. | 790 * The address in which the object is stored. Must be non-NULL. |
890 * "plContext" | 791 * "plContext" |
891 * Platform-specific context pointer. | 792 * Platform-specific context pointer. |
892 * THREAD SAFETY: | 793 * THREAD SAFETY: |
893 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | 794 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
894 * RETURNS: | 795 * RETURNS: |
895 * Returns NULL if the function succeeds. | 796 * Returns NULL if the function succeeds. |
896 * Returns a HttpCertStore Error if the function fails in a non-fatal way. | 797 * Returns a HttpCertStore Error if the function fails in a non-fatal way. |
897 * Returns a Fatal Error if the function fails in an unrecoverable way. | 798 * Returns a Fatal Error if the function fails in an unrecoverable way. |
898 */ | 799 */ |
899 PKIX_Error * | 800 PKIX_Error *pkix_pl_HttpCertStore_CreateWithAsciiName( |
900 pkix_pl_HttpCertStore_CreateWithAsciiName( | 801 PKIX_PL_HttpClient *client, char *locationAscii, |
901 PKIX_PL_HttpClient *client, | 802 PKIX_CertStore **pCertStore, void *plContext) { |
902 char *locationAscii, | 803 const SEC_HttpClientFcn *clientFcn = NULL; |
903 PKIX_CertStore **pCertStore, | 804 const SEC_HttpClientFcnV1 *hcv1 = NULL; |
904 void *plContext) | 805 PKIX_PL_HttpCertStoreContext *httpCertStore = NULL; |
905 { | 806 PKIX_CertStore *certStore = NULL; |
906 const SEC_HttpClientFcn *clientFcn = NULL; | 807 char *hostname = NULL; |
907 const SEC_HttpClientFcnV1 *hcv1 = NULL; | 808 char *path = NULL; |
908 PKIX_PL_HttpCertStoreContext *httpCertStore = NULL; | 809 PRUint16 port = 0; |
909 PKIX_CertStore *certStore = NULL; | 810 SECStatus rv = SECFailure; |
910 char *hostname = NULL; | |
911 char *path = NULL; | |
912 PRUint16 port = 0; | |
913 SECStatus rv = SECFailure; | |
914 | 811 |
915 PKIX_ENTER(CERTSTORE, "pkix_pl_HttpCertStore_CreateWithAsciiName"); | 812 PKIX_ENTER(CERTSTORE, "pkix_pl_HttpCertStore_CreateWithAsciiName"); |
916 PKIX_NULLCHECK_TWO(locationAscii, pCertStore); | 813 PKIX_NULLCHECK_TWO(locationAscii, pCertStore); |
917 | 814 |
918 if (client == NULL) { | 815 if (client == NULL) { |
919 clientFcn = SEC_GetRegisteredHttpClient(); | 816 clientFcn = SEC_GetRegisteredHttpClient(); |
920 if (clientFcn == NULL) { | 817 if (clientFcn == NULL) { |
921 PKIX_ERROR(PKIX_NOREGISTEREDHTTPCLIENT); | 818 PKIX_ERROR(PKIX_NOREGISTEREDHTTPCLIENT); |
922 } | 819 } |
923 } else { | 820 } else { |
924 clientFcn = (const SEC_HttpClientFcn *)client; | 821 clientFcn = (const SEC_HttpClientFcn *)client; |
925 } | 822 } |
926 | 823 |
927 if (clientFcn->version != 1) { | 824 if (clientFcn->version != 1) { |
928 PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT); | 825 PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT); |
929 } | 826 } |
930 | 827 |
931 /* create a PKIX_PL_HttpCertStore object */ | 828 /* create a PKIX_PL_HttpCertStore object */ |
932 PKIX_CHECK(PKIX_PL_Object_Alloc | 829 PKIX_CHECK(PKIX_PL_Object_Alloc(PKIX_HTTPCERTSTORECONTEXT_TYPE, |
933 (PKIX_HTTPCERTSTORECONTEXT_TYPE, | 830 sizeof(PKIX_PL_HttpCertStoreContext), |
934 sizeof (PKIX_PL_HttpCertStoreContext), | 831 (PKIX_PL_Object **)&httpCertStore, plContext), |
935 (PKIX_PL_Object **)&httpCertStore, | 832 PKIX_COULDNOTCREATEOBJECT); |
936 plContext), | |
937 PKIX_COULDNOTCREATEOBJECT); | |
938 | 833 |
939 /* Initialize fields */ | 834 /* Initialize fields */ |
940 httpCertStore->client = clientFcn; /* not a PKIX object! */ | 835 httpCertStore->client = clientFcn; /* not a PKIX object! */ |
941 | 836 |
942 /* parse location -> hostname, port, path */ | 837 /* parse location -> hostname, port, path */ |
943 rv = CERT_ParseURL(locationAscii, &hostname, &port, &path); | 838 rv = CERT_ParseURL(locationAscii, &hostname, &port, &path); |
944 if (rv == SECFailure || hostname == NULL || path == NULL) { | 839 if (rv == SECFailure || hostname == NULL || path == NULL) { |
945 PKIX_ERROR(PKIX_URLPARSINGFAILED); | 840 PKIX_ERROR(PKIX_URLPARSINGFAILED); |
946 } | 841 } |
947 | 842 |
948 httpCertStore->path = path; | 843 httpCertStore->path = path; |
949 path = NULL; | 844 path = NULL; |
950 | 845 |
951 hcv1 = &(clientFcn->fcnTable.ftable1); | 846 hcv1 = &(clientFcn->fcnTable.ftable1); |
952 rv = (*hcv1->createSessionFcn)(hostname, port, | 847 rv = (*hcv1->createSessionFcn)(hostname, port, |
953 &(httpCertStore->serverSession)); | 848 &(httpCertStore->serverSession)); |
954 if (rv != SECSuccess) { | 849 if (rv != SECSuccess) { |
955 PKIX_ERROR(PKIX_HTTPCLIENTCREATESESSIONFAILED); | 850 PKIX_ERROR(PKIX_HTTPCLIENTCREATESESSIONFAILED); |
956 } | 851 } |
957 | 852 |
958 httpCertStore->requestSession = NULL; | 853 httpCertStore->requestSession = NULL; |
959 | 854 |
960 PKIX_CHECK(PKIX_CertStore_Create | 855 PKIX_CHECK( |
961 (pkix_pl_HttpCertStore_GetCert, | 856 PKIX_CertStore_Create( |
962 pkix_pl_HttpCertStore_GetCRL, | 857 pkix_pl_HttpCertStore_GetCert, pkix_pl_HttpCertStore_GetCRL, |
963 pkix_pl_HttpCertStore_GetCertContinue, | 858 pkix_pl_HttpCertStore_GetCertContinue, |
964 pkix_pl_HttpCertStore_GetCRLContinue, | 859 pkix_pl_HttpCertStore_GetCRLContinue, NULL, /* don't support trust */ |
965 NULL, /* don't support trust */ | 860 NULL, /* can not store crls */ |
966 NULL, /* can not store crls */ | 861 NULL, /* can not do revocation check */ |
967 NULL, /* can not do revocation check */ | 862 (PKIX_PL_Object *)httpCertStore, PKIX_TRUE, /* cache flag */ |
968 (PKIX_PL_Object *)httpCertStore, | 863 PKIX_FALSE, /* not local */ |
969 PKIX_TRUE, /* cache flag */ | 864 &certStore, plContext), |
970 PKIX_FALSE, /* not local */ | 865 PKIX_CERTSTORECREATEFAILED); |
971 &certStore, | |
972 plContext), | |
973 PKIX_CERTSTORECREATEFAILED); | |
974 | 866 |
975 *pCertStore = certStore; | 867 *pCertStore = certStore; |
976 certStore = NULL; | 868 certStore = NULL; |
977 | 869 |
978 cleanup: | 870 cleanup: |
979 PKIX_DECREF(httpCertStore); | 871 PKIX_DECREF(httpCertStore); |
980 if (hostname) { | 872 if (hostname) { |
981 PORT_Free(hostname); | 873 PORT_Free(hostname); |
982 } | 874 } |
983 if (path) { | 875 if (path) { |
984 PORT_Free(path); | 876 PORT_Free(path); |
985 } | 877 } |
986 | 878 |
987 PKIX_RETURN(CERTSTORE); | 879 PKIX_RETURN(CERTSTORE); |
988 } | 880 } |
989 | 881 |
990 /* | 882 /* |
991 * FUNCTION: PKIX_PL_HttpCertStore_Create | 883 * FUNCTION: PKIX_PL_HttpCertStore_Create |
992 * (see comments in pkix_samples_modules.h) | 884 * (see comments in pkix_samples_modules.h) |
993 */ | 885 */ |
994 PKIX_Error * | 886 PKIX_Error *PKIX_PL_HttpCertStore_Create(PKIX_PL_HttpClient *client, |
995 PKIX_PL_HttpCertStore_Create( | 887 PKIX_PL_GeneralName *location, |
996 PKIX_PL_HttpClient *client, | 888 PKIX_CertStore **pCertStore, |
997 PKIX_PL_GeneralName *location, | 889 void *plContext) { |
998 PKIX_CertStore **pCertStore, | 890 PKIX_PL_String *locationString = NULL; |
999 void *plContext) | 891 char *locationAscii = NULL; |
1000 { | 892 PKIX_UInt32 len = 0; |
1001 PKIX_PL_String *locationString = NULL; | |
1002 char *locationAscii = NULL; | |
1003 PKIX_UInt32 len = 0; | |
1004 | 893 |
1005 PKIX_ENTER(CERTSTORE, "PKIX_PL_HttpCertStore_Create"); | 894 PKIX_ENTER(CERTSTORE, "PKIX_PL_HttpCertStore_Create"); |
1006 PKIX_NULLCHECK_TWO(location, pCertStore); | 895 PKIX_NULLCHECK_TWO(location, pCertStore); |
1007 | 896 |
1008 PKIX_TOSTRING(location, &locationString, plContext, | 897 PKIX_TOSTRING(location, &locationString, plContext, |
1009 PKIX_GENERALNAMETOSTRINGFAILED); | 898 PKIX_GENERALNAMETOSTRINGFAILED); |
1010 | 899 |
1011 PKIX_CHECK(PKIX_PL_String_GetEncoded | 900 PKIX_CHECK( |
1012 (locationString, | 901 PKIX_PL_String_GetEncoded(locationString, PKIX_ESCASCII, |
1013 PKIX_ESCASCII, | 902 (void **)&locationAscii, &len, plContext), |
1014 (void **)&locationAscii, | 903 PKIX_STRINGGETENCODEDFAILED); |
1015 &len, | |
1016 plContext), | |
1017 PKIX_STRINGGETENCODEDFAILED); | |
1018 | 904 |
1019 PKIX_CHECK(pkix_pl_HttpCertStore_CreateWithAsciiName | 905 PKIX_CHECK(pkix_pl_HttpCertStore_CreateWithAsciiName(client, locationAscii, |
1020 (client, locationAscii, pCertStore, plContext), | 906 pCertStore, plContext), |
1021 PKIX_HTTPCERTSTORECREATEWITHASCIINAMEFAILED); | 907 PKIX_HTTPCERTSTORECREATEWITHASCIINAMEFAILED); |
1022 | 908 |
1023 cleanup: | 909 cleanup: |
1024 | 910 |
1025 PKIX_DECREF(locationString); | 911 PKIX_DECREF(locationString); |
1026 | 912 |
1027 PKIX_RETURN(CERTSTORE); | 913 PKIX_RETURN(CERTSTORE); |
1028 } | 914 } |
1029 | 915 |
1030 /* | 916 /* |
1031 * FUNCTION: pkix_HttpCertStore_FindSocketConnection | 917 * FUNCTION: pkix_HttpCertStore_FindSocketConnection |
1032 * DESCRIPTION: | 918 * DESCRIPTION: |
1033 * | 919 * |
1034 PRIntervalTime timeout, | 920 PRIntervalTime timeout, |
1035 char *hostname, | 921 char *hostname, |
1036 PRUint16 portnum, | 922 PRUint16 portnum, |
1037 PRErrorCode *pStatus, | 923 PRErrorCode *pStatus, |
(...skipping 18 matching lines...) Expand all Loading... |
1056 * The address at which the socket is stored. Must be non-NULL. | 942 * The address at which the socket is stored. Must be non-NULL. |
1057 * "plContext" | 943 * "plContext" |
1058 * Platform-specific context pointer. | 944 * Platform-specific context pointer. |
1059 * THREAD SAFETY: | 945 * THREAD SAFETY: |
1060 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) | 946 * Thread Safe (see Thread Safety Definitions in Programmer's Guide) |
1061 * RETURNS: | 947 * RETURNS: |
1062 * Returns NULL if the function succeeds. | 948 * Returns NULL if the function succeeds. |
1063 * Returns a HttpCertStore Error if the function fails in a non-fatal way. | 949 * Returns a HttpCertStore Error if the function fails in a non-fatal way. |
1064 * Returns a Fatal Error if the function fails in an unrecoverable way. | 950 * Returns a Fatal Error if the function fails in an unrecoverable way. |
1065 */ | 951 */ |
1066 PKIX_Error * | 952 PKIX_Error *pkix_HttpCertStore_FindSocketConnection( |
1067 pkix_HttpCertStore_FindSocketConnection( | 953 PRIntervalTime timeout, char *hostname, PRUint16 portnum, |
1068 PRIntervalTime timeout, | 954 PRErrorCode *pStatus, PKIX_PL_Socket **pSocket, void *plContext) { |
1069 char *hostname, | 955 PKIX_PL_String *formatString = NULL; |
1070 PRUint16 portnum, | 956 PKIX_PL_String *hostString = NULL; |
1071 PRErrorCode *pStatus, | 957 PKIX_PL_String *domainString = NULL; |
1072 PKIX_PL_Socket **pSocket, | 958 PKIX_PL_Socket *socket = NULL; |
1073 void *plContext) | |
1074 { | |
1075 PKIX_PL_String *formatString = NULL; | |
1076 PKIX_PL_String *hostString = NULL; | |
1077 PKIX_PL_String *domainString = NULL; | |
1078 PKIX_PL_Socket *socket = NULL; | |
1079 | 959 |
1080 PKIX_ENTER(CERTSTORE, "pkix_HttpCertStore_FindSocketConnection"); | 960 PKIX_ENTER(CERTSTORE, "pkix_HttpCertStore_FindSocketConnection"); |
1081 PKIX_NULLCHECK_THREE(hostname, pStatus, pSocket); | 961 PKIX_NULLCHECK_THREE(hostname, pStatus, pSocket); |
1082 | 962 |
1083 *pStatus = 0; | 963 *pStatus = 0; |
1084 | 964 |
1085 /* create PKIX_PL_String from hostname and port */ | 965 /* create PKIX_PL_String from hostname and port */ |
1086 PKIX_CHECK(PKIX_PL_String_Create | 966 PKIX_CHECK(PKIX_PL_String_Create(PKIX_ESCASCII, "%s:%d", 0, &formatString, |
1087 (PKIX_ESCASCII, "%s:%d", 0, &formatString, plContext), | 967 plContext), |
1088 PKIX_STRINGCREATEFAILED); | 968 PKIX_STRINGCREATEFAILED); |
1089 | 969 |
1090 #if 0 | 970 #if 0 |
1091 hostname = "variation.red.iplanet.com"; | 971 hostname = "variation.red.iplanet.com"; |
1092 portnum = 2001; | 972 portnum = 2001; |
1093 #endif | 973 #endif |
1094 | 974 |
1095 PKIX_CHECK(PKIX_PL_String_Create | 975 PKIX_CHECK( |
1096 (PKIX_ESCASCII, hostname, 0, &hostString, plContext), | 976 PKIX_PL_String_Create(PKIX_ESCASCII, hostname, 0, &hostString, plContext), |
1097 PKIX_STRINGCREATEFAILED); | 977 PKIX_STRINGCREATEFAILED); |
1098 | 978 |
1099 PKIX_CHECK(PKIX_PL_Sprintf | 979 PKIX_CHECK(PKIX_PL_Sprintf(&domainString, plContext, formatString, hostString, |
1100 (&domainString, plContext, formatString, hostString, portnum), | 980 portnum), |
1101 PKIX_STRINGCREATEFAILED); | 981 PKIX_STRINGCREATEFAILED); |
1102 | 982 |
1103 #ifdef PKIX_SOCKETCACHE | 983 #ifdef PKIX_SOCKETCACHE |
1104 /* Is this domainName already in cache? */ | 984 /* Is this domainName already in cache? */ |
1105 PKIX_CHECK(PKIX_PL_HashTable_Lookup | 985 PKIX_CHECK( |
1106 (httpSocketCache, | 986 PKIX_PL_HashTable_Lookup(httpSocketCache, (PKIX_PL_Object *)domainString, |
1107 (PKIX_PL_Object *)domainString, | 987 (PKIX_PL_Object **)&socket, plContext), |
1108 (PKIX_PL_Object **)&socket, | 988 PKIX_HASHTABLELOOKUPFAILED); |
1109 plContext), | |
1110 PKIX_HASHTABLELOOKUPFAILED); | |
1111 #endif | 989 #endif |
1112 if (socket == NULL) { | 990 if (socket == NULL) { |
1113 | 991 |
1114 /* No, create a connection (and cache it) */ | 992 /* No, create a connection (and cache it) */ |
1115 PKIX_CHECK(pkix_pl_Socket_CreateByHostAndPort | 993 PKIX_CHECK(pkix_pl_Socket_CreateByHostAndPort( |
1116 (PKIX_FALSE, /* create a client, not a server */ | 994 PKIX_FALSE, /* create a client, not a server */ |
1117 timeout, | 995 timeout, hostname, portnum, pStatus, &socket, plContext), |
1118 hostname, | 996 PKIX_SOCKETCREATEBYHOSTANDPORTFAILED); |
1119 portnum, | |
1120 pStatus, | |
1121 &socket, | |
1122 plContext), | |
1123 PKIX_SOCKETCREATEBYHOSTANDPORTFAILED); | |
1124 | 997 |
1125 #ifdef PKIX_SOCKETCACHE | 998 #ifdef PKIX_SOCKETCACHE |
1126 PKIX_CHECK(PKIX_PL_HashTable_Add | 999 PKIX_CHECK( |
1127 (httpSocketCache, | 1000 PKIX_PL_HashTable_Add(httpSocketCache, (PKIX_PL_Object *)domainString, |
1128 (PKIX_PL_Object *)domainString, | 1001 (PKIX_PL_Object *)socket, plContext), |
1129 (PKIX_PL_Object *)socket, | 1002 PKIX_HASHTABLEADDFAILED); |
1130 plContext), | 1003 #endif |
1131 PKIX_HASHTABLEADDFAILED); | 1004 } |
1132 #endif | |
1133 } | |
1134 | 1005 |
1135 *pSocket = socket; | 1006 *pSocket = socket; |
1136 socket = NULL; | 1007 socket = NULL; |
1137 | 1008 |
1138 cleanup: | 1009 cleanup: |
1139 | 1010 |
1140 PKIX_DECREF(formatString); | 1011 PKIX_DECREF(formatString); |
1141 PKIX_DECREF(hostString); | 1012 PKIX_DECREF(hostString); |
1142 PKIX_DECREF(domainString); | 1013 PKIX_DECREF(domainString); |
1143 PKIX_DECREF(socket); | 1014 PKIX_DECREF(socket); |
1144 | 1015 |
1145 PKIX_RETURN(CERTSTORE); | 1016 PKIX_RETURN(CERTSTORE); |
1146 } | 1017 } |
1147 | |
OLD | NEW |