Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(1346)

Unified Diff: lib/libpkix/pkix/util/pkix_tools.c

Issue 201830043: Bug 1118245 - Apply uniform style across NSS
Patch Set: Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « lib/libpkix/pkix/util/pkix_tools.h ('k') | lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: lib/libpkix/pkix/util/pkix_tools.c
===================================================================
old mode 100755
new mode 100644
--- a/lib/libpkix/pkix/util/pkix_tools.c
+++ b/lib/libpkix/pkix/util/pkix_tools.c
@@ -5,23 +5,23 @@
* pkix_tools.c
*
* Private Utility Functions
*
*/
#include "pkix_tools.h"
-#define CACHE_ITEM_PERIOD_SECONDS (3600) /* one hour */
+#define CACHE_ITEM_PERIOD_SECONDS (3600) /* one hour */
/*
* This cahce period is only for CertCache. A Cert from a trusted CertStore
* should be checked more frequently for update new arrival, etc.
*/
-#define CACHE_TRUST_ITEM_PERIOD_SECONDS (CACHE_ITEM_PERIOD_SECONDS/10)
+#define CACHE_TRUST_ITEM_PERIOD_SECONDS (CACHE_ITEM_PERIOD_SECONDS / 10)
extern PKIX_PL_HashTable *cachedCertChainTable;
extern PKIX_PL_HashTable *cachedCertTable;
extern PKIX_PL_HashTable *cachedCrlEntryTable;
/* Following variables are used to checked cache hits - can be taken out */
extern int pkix_ccAddCount;
extern int pkix_ccLookupCount;
@@ -51,33 +51,31 @@ char *errorFnStackString;
#ifdef PKIX_OBJECT_LEAK_TEST
/*
* FUNCTION: pkix_ErrorGen_Hash
* DESCRIPTION:
*
* Hash function to be used in object leak test hash table.
*
*/
-PLHashNumber PR_CALLBACK
-pkix_ErrorGen_Hash (const void *key)
-{
- char *str = NULL;
- PLHashNumber rv = (*(PRUint8*)key) << 5;
- PRUint32 i, counter = 0;
- PRUint8 *rvc = (PRUint8 *)&rv;
+PLHashNumber PR_CALLBACK pkix_ErrorGen_Hash(const void *key) {
+ char *str = NULL;
+ PLHashNumber rv = (*(PRUint8 *)key) << 5;
+ PRUint32 i, counter = 0;
+ PRUint8 *rvc = (PRUint8 *)&rv;
- while ((str = fnStackNameArr[counter++]) != NULL) {
- PRUint32 len = strlen(str);
- for( i = 0; i < len; i++ ) {
- rvc[ i % sizeof(rv) ] ^= *str;
- str++;
- }
+ while ((str = fnStackNameArr[counter++]) != NULL) {
+ PRUint32 len = strlen(str);
+ for (i = 0; i < len; i++) {
+ rvc[i % sizeof(rv)] ^= *str;
+ str++;
}
+ }
- return rv;
+ return rv;
}
#endif /* PKIX_OBJECT_LEAK_TEST */
/*
* FUNCTION: pkix_IsCertSelfIssued
* DESCRIPTION:
*
@@ -96,48 +94,43 @@ pkix_ErrorGen_Hash (const void *key)
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Cert Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
-PKIX_Error *
-pkix_IsCertSelfIssued(
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pSelfIssued,
- void *plContext)
-{
- PKIX_PL_X500Name *subject = NULL;
- PKIX_PL_X500Name *issuer = NULL;
+PKIX_Error *pkix_IsCertSelfIssued(PKIX_PL_Cert *cert, PKIX_Boolean *pSelfIssued,
+ void *plContext) {
+ PKIX_PL_X500Name *subject = NULL;
+ PKIX_PL_X500Name *issuer = NULL;
- PKIX_ENTER(CERT, "pkix_IsCertSelfIssued");
- PKIX_NULLCHECK_TWO(cert, pSelfIssued);
+ PKIX_ENTER(CERT, "pkix_IsCertSelfIssued");
+ PKIX_NULLCHECK_TWO(cert, pSelfIssued);
- PKIX_CHECK(PKIX_PL_Cert_GetSubject(cert, &subject, plContext),
- PKIX_CERTGETSUBJECTFAILED);
+ PKIX_CHECK(PKIX_PL_Cert_GetSubject(cert, &subject, plContext),
+ PKIX_CERTGETSUBJECTFAILED);
- PKIX_CHECK(PKIX_PL_Cert_GetIssuer(cert, &issuer, plContext),
- PKIX_CERTGETISSUERFAILED);
+ PKIX_CHECK(PKIX_PL_Cert_GetIssuer(cert, &issuer, plContext),
+ PKIX_CERTGETISSUERFAILED);
- if (subject == NULL || issuer == NULL) {
- *pSelfIssued = PKIX_FALSE;
- } else {
+ if (subject == NULL || issuer == NULL) {
+ *pSelfIssued = PKIX_FALSE;
+ } else {
- PKIX_CHECK(PKIX_PL_X500Name_Match
- (subject, issuer, pSelfIssued, plContext),
- PKIX_X500NAMEMATCHFAILED);
- }
+ PKIX_CHECK(PKIX_PL_X500Name_Match(subject, issuer, pSelfIssued, plContext),
+ PKIX_X500NAMEMATCHFAILED);
+ }
cleanup:
- PKIX_DECREF(subject);
- PKIX_DECREF(issuer);
+ PKIX_DECREF(subject);
+ PKIX_DECREF(issuer);
- PKIX_RETURN(CERT);
+ PKIX_RETURN(CERT);
}
/*
* FUNCTION: pkix_Throw
* DESCRIPTION:
*
* Creates an Error using the value of "errorCode", the character array
* pointed to by "funcName", the character array pointed to by "errorText",
@@ -163,91 +156,84 @@ cleanup:
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an Error Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
-PKIX_Error *
-pkix_Throw(
- PKIX_ERRORCLASS errorClass,
- const char *funcName,
- PKIX_ERRORCODE errorCode,
- PKIX_ERRORCLASS overrideClass,
- PKIX_Error *cause,
- PKIX_Error **pError,
- void *plContext)
-{
- PKIX_Error *error = NULL;
+PKIX_Error *pkix_Throw(PKIX_ERRORCLASS errorClass, const char *funcName,
+ PKIX_ERRORCODE errorCode, PKIX_ERRORCLASS overrideClass,
+ PKIX_Error *cause, PKIX_Error **pError,
+ void *plContext) {
+ PKIX_Error *error = NULL;
- PKIX_ENTER(ERROR, "pkix_Throw");
- PKIX_NULLCHECK_TWO(funcName, pError);
+ PKIX_ENTER(ERROR, "pkix_Throw");
+ PKIX_NULLCHECK_TWO(funcName, pError);
- *pError = NULL;
+ *pError = NULL;
-#ifdef PKIX_OBJECT_LEAK_TEST
- noErrorState = PKIX_TRUE;
- if (pkixLog) {
-#ifdef PKIX_ERROR_DESCRIPTION
- PR_LOG(pkixLog, 4, ("Error in function \"%s\":\"%s\" with cause \"%s\"\n",
- funcName, PKIX_ErrorText[errorCode],
- (cause ? PKIX_ErrorText[cause->errCode] : "null")));
+#ifdef PKIX_OBJECT_LEAK_TEST
+ noErrorState = PKIX_TRUE;
+ if (pkixLog) {
+#ifdef PKIX_ERROR_DESCRIPTION
+ PR_LOG(pkixLog, 4, ("Error in function \"%s\":\"%s\" with cause \"%s\"\n",
+ funcName, PKIX_ErrorText[errorCode],
+ (cause ? PKIX_ErrorText[cause->errCode] : "null")));
#else
- PR_LOG(pkixLog, 4, ("Error in function \"%s\": error code \"%d\"\n",
- funcName, errorCode));
+ PR_LOG(pkixLog, 4, ("Error in function \"%s\": error code \"%d\"\n",
+ funcName, errorCode));
#endif /* PKIX_ERROR_DESCRIPTION */
- PORT_Assert(strcmp(funcName, "PKIX_PL_Object_DecRef"));
- }
+ PORT_Assert(strcmp(funcName, "PKIX_PL_Object_DecRef"));
+ }
#endif /* PKIX_OBJECT_LEAK_TEST */
- /* if cause has error class of PKIX_FATAL_ERROR, return immediately */
- if (cause) {
- if (cause->errClass == PKIX_FATAL_ERROR){
- PKIX_INCREF(cause);
- *pError = cause;
- goto cleanup;
- }
- }
-
- if (overrideClass == PKIX_FATAL_ERROR){
- errorClass = overrideClass;
- }
+ /* if cause has error class of PKIX_FATAL_ERROR, return immediately */
+ if (cause) {
+ if (cause->errClass == PKIX_FATAL_ERROR) {
+ PKIX_INCREF(cause);
+ *pError = cause;
+ goto cleanup;
+ }
+ }
- pkixTempResult = PKIX_Error_Create(errorClass, cause, NULL,
- errorCode, &error, plContext);
-
- if (!pkixTempResult) {
- /* Setting plErr error code:
- * get it from PORT_GetError if it is a leaf error and
- * default error code does not exist(eq 0) */
- if (!cause && !error->plErr) {
- error->plErr = PKIX_PL_GetPLErrorCode();
- }
- }
+ if (overrideClass == PKIX_FATAL_ERROR) {
+ errorClass = overrideClass;
+ }
- *pError = error;
+ pkixTempResult =
+ PKIX_Error_Create(errorClass, cause, NULL, errorCode, &error, plContext);
+
+ if (!pkixTempResult) {
+ /* Setting plErr error code:
+ * get it from PORT_GetError if it is a leaf error and
+ * default error code does not exist(eq 0) */
+ if (!cause && !error->plErr) {
+ error->plErr = PKIX_PL_GetPLErrorCode();
+ }
+ }
+
+ *pError = error;
cleanup:
- PKIX_DEBUG_EXIT(ERROR);
- pkixErrorClass = 0;
-#ifdef PKIX_OBJECT_LEAK_TEST
- noErrorState = PKIX_FALSE;
+ PKIX_DEBUG_EXIT(ERROR);
+ pkixErrorClass = 0;
+#ifdef PKIX_OBJECT_LEAK_TEST
+ noErrorState = PKIX_FALSE;
- if (runningLeakTest && fnStackNameArr) {
- PR_LOG(pkixLog, 5,
- ("%s%*s<- %s(%d) - %s\n", (errorGenerated ? "*" : " "),
- stackPosition, " ", fnStackNameArr[stackPosition],
- stackPosition, myFuncName));
- fnStackNameArr[stackPosition--] = NULL;
- }
+ if (runningLeakTest && fnStackNameArr) {
+ PR_LOG(pkixLog, 5, ("%s%*s<- %s(%d) - %s\n", (errorGenerated ? "*" : " "),
+ stackPosition, " ", fnStackNameArr[stackPosition],
+ stackPosition, myFuncName));
+ fnStackNameArr[stackPosition--] = NULL;
+ }
#endif /* PKIX_OBJECT_LEAK_TEST */
- return (pkixTempResult);
+ return (pkixTempResult);
}
/*
* FUNCTION: pkix_CheckTypes
* DESCRIPTION:
*
* Checks that the types of the Object pointed to by "first" and the Object
* pointed to by "second" are both equal to the value of "type". If they
@@ -264,41 +250,36 @@ cleanup:
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an Error Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
-PKIX_Error *
-pkix_CheckTypes(
- PKIX_PL_Object *first,
- PKIX_PL_Object *second,
- PKIX_UInt32 type,
- void *plContext)
-{
- PKIX_UInt32 firstType, secondType;
+PKIX_Error *pkix_CheckTypes(PKIX_PL_Object *first, PKIX_PL_Object *second,
+ PKIX_UInt32 type, void *plContext) {
+ PKIX_UInt32 firstType, secondType;
- PKIX_ENTER(OBJECT, "pkix_CheckTypes");
- PKIX_NULLCHECK_TWO(first, second);
+ PKIX_ENTER(OBJECT, "pkix_CheckTypes");
+ PKIX_NULLCHECK_TWO(first, second);
- PKIX_CHECK(PKIX_PL_Object_GetType(first, &firstType, plContext),
- PKIX_COULDNOTGETFIRSTOBJECTTYPE);
+ PKIX_CHECK(PKIX_PL_Object_GetType(first, &firstType, plContext),
+ PKIX_COULDNOTGETFIRSTOBJECTTYPE);
- PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
- PKIX_COULDNOTGETSECONDOBJECTTYPE);
+ PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
+ PKIX_COULDNOTGETSECONDOBJECTTYPE);
- if ((firstType != type)||(firstType != secondType)) {
- PKIX_ERROR(PKIX_OBJECTTYPESDONOTMATCH);
- }
+ if ((firstType != type) || (firstType != secondType)) {
+ PKIX_ERROR(PKIX_OBJECTTYPESDONOTMATCH);
+ }
cleanup:
- PKIX_RETURN(OBJECT);
+ PKIX_RETURN(OBJECT);
}
/*
* FUNCTION: pkix_CheckType
* DESCRIPTION:
*
* Checks that the type of the Object pointed to by "object" is equal to the
* value of "type". If it is not equal, a PKIX_Error is returned.
@@ -312,23 +293,19 @@ cleanup:
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an Error Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
-PKIX_Error *
-pkix_CheckType(
- PKIX_PL_Object *object,
- PKIX_UInt32 type,
- void *plContext)
-{
- return (pkix_CheckTypes(object, object, type, plContext));
+PKIX_Error *pkix_CheckType(PKIX_PL_Object *object, PKIX_UInt32 type,
+ void *plContext) {
+ return (pkix_CheckTypes(object, object, type, plContext));
}
/*
* FUNCTION: pkix_hash
* DESCRIPTION:
*
* Computes a hash value for "length" bytes starting at the array of bytes
* pointed to by "bytes" and stores the result at "pHash".
@@ -346,41 +323,36 @@ pkix_CheckType(
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
-PKIX_Error *
-pkix_hash(
- const unsigned char *bytes,
- PKIX_UInt32 length,
- PKIX_UInt32 *pHash,
- void *plContext)
-{
- PKIX_UInt32 i;
- PKIX_UInt32 hash;
+PKIX_Error *pkix_hash(const unsigned char *bytes, PKIX_UInt32 length,
+ PKIX_UInt32 *pHash, void *plContext) {
+ PKIX_UInt32 i;
+ PKIX_UInt32 hash;
- PKIX_ENTER(OBJECT, "pkix_hash");
- if (length != 0) {
- PKIX_NULLCHECK_ONE(bytes);
- }
- PKIX_NULLCHECK_ONE(pHash);
+ PKIX_ENTER(OBJECT, "pkix_hash");
+ if (length != 0) {
+ PKIX_NULLCHECK_ONE(bytes);
+ }
+ PKIX_NULLCHECK_ONE(pHash);
- hash = 0;
- for (i = 0; i < length; i++) {
- /* hash = 31 * hash + bytes[i]; */
- hash = (hash << 5) - hash + bytes[i];
- }
+ hash = 0;
+ for (i = 0; i < length; i++) {
+ /* hash = 31 * hash + bytes[i]; */
+ hash = (hash << 5) - hash + bytes[i];
+ }
- *pHash = hash;
+ *pHash = hash;
- PKIX_RETURN(OBJECT);
+ PKIX_RETURN(OBJECT);
}
/*
* FUNCTION: pkix_countArray
* DESCRIPTION:
*
* Counts the number of elements in the null-terminated array of pointers
* pointed to by "array" and returns the result.
@@ -388,54 +360,49 @@ pkix_hash(
* PARAMETERS
* "array"
* Address of null-terminated array of pointers.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns the number of elements in the array.
*/
-PKIX_UInt32
-pkix_countArray(void **array)
-{
- PKIX_UInt32 count = 0;
+PKIX_UInt32 pkix_countArray(void **array) {
+ PKIX_UInt32 count = 0;
- if (array) {
- while (*array++) {
- count++;
- }
- }
- return (count);
+ if (array) {
+ while (*array++) {
+ count++;
+ }
+ }
+ return (count);
}
/*
* FUNCTION: pkix_duplicateImmutable
* DESCRIPTION:
*
* Convenience callback function used for duplicating immutable objects.
* Since the objects can not be modified, this function simply increments the
* reference count on the object, and returns a reference to that object.
*
* (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
*/
-PKIX_Error *
-pkix_duplicateImmutable(
- PKIX_PL_Object *object,
- PKIX_PL_Object **pNewObject,
- void *plContext)
-{
- PKIX_ENTER(OBJECT, "pkix_duplicateImmutable");
- PKIX_NULLCHECK_TWO(object, pNewObject);
+PKIX_Error *pkix_duplicateImmutable(PKIX_PL_Object *object,
+ PKIX_PL_Object **pNewObject,
+ void *plContext) {
+ PKIX_ENTER(OBJECT, "pkix_duplicateImmutable");
+ PKIX_NULLCHECK_TWO(object, pNewObject);
- PKIX_INCREF(object);
+ PKIX_INCREF(object);
- *pNewObject = object;
+ *pNewObject = object;
cleanup:
- PKIX_RETURN(OBJECT);
+ PKIX_RETURN(OBJECT);
}
/* --String-Encoding-Conversion-Functions------------------------ */
/*
* FUNCTION: pkix_hex2i
* DESCRIPTION:
*
@@ -444,52 +411,48 @@ cleanup:
* PARAMETERS
* "c"
* Character to convert to a hex value.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* The hexadecimal value of "c". Otherwise -1. (Unsigned 0xFFFFFFFF).
*/
-PKIX_UInt32
-pkix_hex2i(char c)
-{
- if ((c >= '0')&&(c <= '9'))
- return (c-'0');
- else if ((c >= 'a')&&(c <= 'f'))
- return (c-'a'+10);
- else if ((c >= 'A')&&(c <= 'F'))
- return (c-'A'+10);
- else
- return ((PKIX_UInt32)(-1));
+PKIX_UInt32 pkix_hex2i(char c) {
+ if ((c >= '0') && (c <= '9'))
+ return (c - '0');
+ else if ((c >= 'a') && (c <= 'f'))
+ return (c - 'a' + 10);
+ else if ((c >= 'A') && (c <= 'F'))
+ return (c - 'A' + 10);
+ else
+ return ((PKIX_UInt32)(-1));
}
/*
* FUNCTION: pkix_i2hex
* DESCRIPTION:
*
* Converts integer value "digit" to its ASCII hex value
*
* PARAMETERS
* "digit"
* Value of integer to convert to ASCII hex value. Must be 0-15.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* The ASCII hexadecimal value of "digit".
*/
-char
-pkix_i2hex(char digit)
-{
- if ((digit >= 0)&&(digit <= 9))
- return (digit+'0');
- else if ((digit >= 0xa)&&(digit <= 0xf))
- return (digit - 10 + 'a');
- else
- return (-1);
+char pkix_i2hex(char digit) {
+ if ((digit >= 0) && (digit <= 9))
+ return (digit + '0');
+ else if ((digit >= 0xa) && (digit <= 0xf))
+ return (digit - 10 + 'a');
+ else
+ return (-1);
}
/*
* FUNCTION: pkix_isPlaintext
* DESCRIPTION:
*
* Returns whether character "c" is plaintext using EscASCII or EscASCII_Debug
* depending on the value of "debug".
@@ -502,46 +465,45 @@ pkix_i2hex(char digit)
* Character to check.
* "debug"
* Value of debug flag.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* True if "c" is plaintext.
*/
-PKIX_Boolean
-pkix_isPlaintext(unsigned char c, PKIX_Boolean debug) {
- return ((c >= 0x01)&&(c <= 0x7E)&&(c != '&')&&(!debug || (c >= 20)));
+PKIX_Boolean pkix_isPlaintext(unsigned char c, PKIX_Boolean debug) {
+ return ((c >= 0x01) && (c <= 0x7E) && (c != '&') && (!debug || (c >= 20)));
}
/* --Cache-Functions------------------------ */
/*
* FUNCTION: pkix_CacheCertChain_Lookup
* DESCRIPTION:
*
* Look up CertChain Hash Table for a cached BuildResult based on "targetCert"
* and "anchors" as the hash keys. If there is no item to match the key,
* PKIX_FALSE is stored at "pFound". If an item is found, its cache time is
* compared to "testDate". If expired, the item is removed and PKIX_FALSE is
- * stored at "pFound". Otherwise, PKIX_TRUE is stored at "pFound" and the
+ * stored at "pFound". Otherwise, PKIX_TRUE is stored at "pFound" and the
* BuildResult is stored at "pBuildResult".
* The hashtable is maintained in the following ways:
* 1) When creating the hashtable, maximum bucket size can be specified (0 for
* unlimited). If items in a bucket reaches its full size, an new addition
* will trigger the removal of the old as FIFO sequence.
- * 2) A PKIX_PL_Date created with current time offset by constant
+ * 2) A PKIX_PL_Date created with current time offset by constant
* CACHE_ITEM_PERIOD_SECONDS is attached to each item in the Hash Table.
* When an item is retrieved, this date is compared against "testDate" for
* validity. If comparison indicates this item is expired, the item is
* removed from the bucket.
*
* PARAMETERS:
* "targetCert"
- * Address of Target Cert as key to retrieve this CertChain. Must be
+ * Address of Target Cert as key to retrieve this CertChain. Must be
* non-NULL.
* "anchors"
* Address of PKIX_List of "anchors" is used as key to retrive CertChain.
* Must be non-NULL.
* "testDate"
* Address of PKIX_PL_Date for verifying time validity and cache validity.
* May be NULL. If testDate is NULL, this cache item will not be out-dated.
* "pFound"
@@ -553,237 +515,199 @@ pkix_isPlaintext(unsigned char c, PKIX_B
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an Error Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
-PKIX_Error *
-pkix_CacheCertChain_Lookup(
- PKIX_PL_Cert* targetCert,
- PKIX_List* anchors,
- PKIX_PL_Date *testDate,
- PKIX_Boolean *pFound,
- PKIX_BuildResult **pBuildResult,
- void *plContext)
-{
- PKIX_List *cachedValues = NULL;
- PKIX_List *cachedKeys = NULL;
- PKIX_Error *cachedCertChainError = NULL;
- PKIX_PL_Date *cacheValidUntilDate = NULL;
- PKIX_PL_Date *validityDate = NULL;
- PKIX_Int32 cmpValidTimeResult = 0;
- PKIX_Int32 cmpCacheTimeResult = 0;
+PKIX_Error *pkix_CacheCertChain_Lookup(
+ PKIX_PL_Cert *targetCert, PKIX_List *anchors, PKIX_PL_Date *testDate,
+ PKIX_Boolean *pFound, PKIX_BuildResult **pBuildResult, void *plContext) {
+ PKIX_List *cachedValues = NULL;
+ PKIX_List *cachedKeys = NULL;
+ PKIX_Error *cachedCertChainError = NULL;
+ PKIX_PL_Date *cacheValidUntilDate = NULL;
+ PKIX_PL_Date *validityDate = NULL;
+ PKIX_Int32 cmpValidTimeResult = 0;
+ PKIX_Int32 cmpCacheTimeResult = 0;
- PKIX_ENTER(BUILD, "pkix_CacheCertChain_Lookup");
+ PKIX_ENTER(BUILD, "pkix_CacheCertChain_Lookup");
- PKIX_NULLCHECK_FOUR(targetCert, anchors, pFound, pBuildResult);
+ PKIX_NULLCHECK_FOUR(targetCert, anchors, pFound, pBuildResult);
- *pFound = PKIX_FALSE;
+ *pFound = PKIX_FALSE;
- /* use trust anchors and target cert as hash key */
+ /* use trust anchors and target cert as hash key */
- PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
- PKIX_LISTCREATEFAILED);
+ PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext), PKIX_LISTCREATEFAILED);
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys,
- (PKIX_PL_Object *)targetCert,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(
+ PKIX_List_AppendItem(cachedKeys, (PKIX_PL_Object *)targetCert, plContext),
+ PKIX_LISTAPPENDITEMFAILED);
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys,
- (PKIX_PL_Object *)anchors,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(
+ PKIX_List_AppendItem(cachedKeys, (PKIX_PL_Object *)anchors, plContext),
+ PKIX_LISTAPPENDITEMFAILED);
- cachedCertChainError = PKIX_PL_HashTable_Lookup
- (cachedCertChainTable,
- (PKIX_PL_Object *) cachedKeys,
- (PKIX_PL_Object **) &cachedValues,
- plContext);
+ cachedCertChainError = PKIX_PL_HashTable_Lookup(
+ cachedCertChainTable, (PKIX_PL_Object *)cachedKeys,
+ (PKIX_PL_Object **)&cachedValues, plContext);
- pkix_ccLookupCount++;
+ pkix_ccLookupCount++;
- /* retrieve data from hashed value list */
+ /* retrieve data from hashed value list */
- if (cachedValues != NULL && cachedCertChainError == NULL) {
+ if (cachedValues != NULL && cachedCertChainError == NULL) {
- PKIX_CHECK(PKIX_List_GetItem
- (cachedValues,
- 0,
- (PKIX_PL_Object **) &cacheValidUntilDate,
- plContext),
- PKIX_LISTGETITEMFAILED);
+ PKIX_CHECK(
+ PKIX_List_GetItem(cachedValues, 0,
+ (PKIX_PL_Object **)&cacheValidUntilDate, plContext),
+ PKIX_LISTGETITEMFAILED);
- /* check validity time and cache age time */
- PKIX_CHECK(PKIX_List_GetItem
- (cachedValues,
- 1,
- (PKIX_PL_Object **) &validityDate,
- plContext),
- PKIX_LISTGETITEMFAILED);
+ /* check validity time and cache age time */
+ PKIX_CHECK(PKIX_List_GetItem(cachedValues, 1,
+ (PKIX_PL_Object **)&validityDate, plContext),
+ PKIX_LISTGETITEMFAILED);
- /* if testDate is not set, this cache item is not out-dated */
- if (testDate) {
+ /* if testDate is not set, this cache item is not out-dated */
+ if (testDate) {
- PKIX_CHECK(PKIX_PL_Object_Compare
- ((PKIX_PL_Object *)testDate,
- (PKIX_PL_Object *)cacheValidUntilDate,
- &cmpCacheTimeResult,
- plContext),
- PKIX_OBJECTCOMPARATORFAILED);
+ PKIX_CHECK(PKIX_PL_Object_Compare((PKIX_PL_Object *)testDate,
+ (PKIX_PL_Object *)cacheValidUntilDate,
+ &cmpCacheTimeResult, plContext),
+ PKIX_OBJECTCOMPARATORFAILED);
- PKIX_CHECK(PKIX_PL_Object_Compare
- ((PKIX_PL_Object *)testDate,
- (PKIX_PL_Object *)validityDate,
- &cmpValidTimeResult,
- plContext),
- PKIX_OBJECTCOMPARATORFAILED);
- }
+ PKIX_CHECK(PKIX_PL_Object_Compare((PKIX_PL_Object *)testDate,
+ (PKIX_PL_Object *)validityDate,
+ &cmpValidTimeResult, plContext),
+ PKIX_OBJECTCOMPARATORFAILED);
+ }
- /* certs' date are all valid and cache item is not old */
- if (cmpValidTimeResult <= 0 && cmpCacheTimeResult <=0) {
+ /* certs' date are all valid and cache item is not old */
+ if (cmpValidTimeResult <= 0 && cmpCacheTimeResult <= 0) {
- PKIX_CHECK(PKIX_List_GetItem
- (cachedValues,
- 2,
- (PKIX_PL_Object **) pBuildResult,
- plContext),
- PKIX_LISTGETITEMFAILED);
+ PKIX_CHECK(PKIX_List_GetItem(cachedValues, 2,
+ (PKIX_PL_Object **)pBuildResult, plContext),
+ PKIX_LISTGETITEMFAILED);
- *pFound = PKIX_TRUE;
+ *pFound = PKIX_TRUE;
- } else {
+ } else {
- pkix_ccRemoveCount++;
- *pFound = PKIX_FALSE;
+ pkix_ccRemoveCount++;
+ *pFound = PKIX_FALSE;
- /* out-dated item, remove it from cache */
- PKIX_CHECK(PKIX_PL_HashTable_Remove
- (cachedCertChainTable,
- (PKIX_PL_Object *) cachedKeys,
- plContext),
- PKIX_HASHTABLEREMOVEFAILED);
- }
- }
+ /* out-dated item, remove it from cache */
+ PKIX_CHECK(
+ PKIX_PL_HashTable_Remove(cachedCertChainTable,
+ (PKIX_PL_Object *)cachedKeys, plContext),
+ PKIX_HASHTABLEREMOVEFAILED);
+ }
+ }
cleanup:
- PKIX_DECREF(cachedValues);
- PKIX_DECREF(cachedKeys);
- PKIX_DECREF(cachedCertChainError);
- PKIX_DECREF(cacheValidUntilDate);
- PKIX_DECREF(validityDate);
+ PKIX_DECREF(cachedValues);
+ PKIX_DECREF(cachedKeys);
+ PKIX_DECREF(cachedCertChainError);
+ PKIX_DECREF(cacheValidUntilDate);
+ PKIX_DECREF(validityDate);
- PKIX_RETURN(BUILD);
-
+ PKIX_RETURN(BUILD);
}
/*
* FUNCTION: pkix_CacheCertChain_Remove
* DESCRIPTION:
*
* Remove CertChain Hash Table entry based on "targetCert" and "anchors"
* as the hash keys. If there is no item to match the key, no action is
* taken.
* The hashtable is maintained in the following ways:
* 1) When creating the hashtable, maximum bucket size can be specified (0 for
* unlimited). If items in a bucket reaches its full size, an new addition
* will trigger the removal of the old as FIFO sequence.
- * 2) A PKIX_PL_Date created with current time offset by constant
+ * 2) A PKIX_PL_Date created with current time offset by constant
* CACHE_ITEM_PERIOD_SECONDS is attached to each item in the Hash Table.
* When an item is retrieved, this date is compared against "testDate" for
* validity. If comparison indicates this item is expired, the item is
* removed from the bucket.
*
* PARAMETERS:
* "targetCert"
- * Address of Target Cert as key to retrieve this CertChain. Must be
+ * Address of Target Cert as key to retrieve this CertChain. Must be
* non-NULL.
* "anchors"
* Address of PKIX_List of "anchors" is used as key to retrive CertChain.
* Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an Error Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
-PKIX_Error *
-pkix_CacheCertChain_Remove(
- PKIX_PL_Cert* targetCert,
- PKIX_List* anchors,
- void *plContext)
-{
- PKIX_List *cachedKeys = NULL;
+PKIX_Error *pkix_CacheCertChain_Remove(PKIX_PL_Cert *targetCert,
+ PKIX_List *anchors, void *plContext) {
+ PKIX_List *cachedKeys = NULL;
- PKIX_ENTER(BUILD, "pkix_CacheCertChain_Remove");
- PKIX_NULLCHECK_TWO(targetCert, anchors);
+ PKIX_ENTER(BUILD, "pkix_CacheCertChain_Remove");
+ PKIX_NULLCHECK_TWO(targetCert, anchors);
- /* use trust anchors and target cert as hash key */
+ /* use trust anchors and target cert as hash key */
- PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
- PKIX_LISTCREATEFAILED);
+ PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext), PKIX_LISTCREATEFAILED);
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys,
- (PKIX_PL_Object *)targetCert,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(
+ PKIX_List_AppendItem(cachedKeys, (PKIX_PL_Object *)targetCert, plContext),
+ PKIX_LISTAPPENDITEMFAILED);
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys,
- (PKIX_PL_Object *)anchors,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(
+ PKIX_List_AppendItem(cachedKeys, (PKIX_PL_Object *)anchors, plContext),
+ PKIX_LISTAPPENDITEMFAILED);
- PKIX_CHECK_ONLY_FATAL(PKIX_PL_HashTable_Remove
- (cachedCertChainTable,
- (PKIX_PL_Object *) cachedKeys,
- plContext),
- PKIX_HASHTABLEREMOVEFAILED);
+ PKIX_CHECK_ONLY_FATAL(
+ PKIX_PL_HashTable_Remove(cachedCertChainTable,
+ (PKIX_PL_Object *)cachedKeys, plContext),
+ PKIX_HASHTABLEREMOVEFAILED);
- pkix_ccRemoveCount++;
+ pkix_ccRemoveCount++;
cleanup:
- PKIX_DECREF(cachedKeys);
+ PKIX_DECREF(cachedKeys);
- PKIX_RETURN(BUILD);
-
+ PKIX_RETURN(BUILD);
}
/*
* FUNCTION: pkix_CacheCertChain_Add
* DESCRIPTION:
*
* Add a BuildResult to the CertChain Hash Table for a "buildResult" with
* "targetCert" and "anchors" as the hash keys.
* "validityDate" is the most restricted notAfter date of all Certs in
* this CertChain and is verified when this BuildChain is retrieved.
* The hashtable is maintained in the following ways:
* 1) When creating the hashtable, maximum bucket size can be specified (0 for
* unlimited). If items in a bucket reaches its full size, an new addition
* will trigger the removal of the old as FIFO sequence.
- * 2) A PKIX_PL_Date created with current time offset by constant
+ * 2) A PKIX_PL_Date created with current time offset by constant
* CACHE_ITEM_PERIOD_SECONDS is attached to each item in the Hash Table.
* When an item is retrieved, this date is compared against "testDate" for
* validity. If comparison indicates this item is expired, the item is
* removed from the bucket.
*
* PARAMETERS:
* "targetCert"
- * Address of Target Cert as key to retrieve this CertChain. Must be
+ * Address of Target Cert as key to retrieve this CertChain. Must be
* non-NULL.
* "anchors"
* Address of PKIX_List of "anchors" is used as key to retrive CertChain.
* Must be non-NULL.
* "validityDate"
* Address of PKIX_PL_Date contains the most restriced notAfter time of
* all "certs". Must be non-NULL.
* Address of PKIX_Boolean indicating valid data is found.
@@ -794,114 +718,105 @@ cleanup:
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an Error Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
-PKIX_Error *
-pkix_CacheCertChain_Add(
- PKIX_PL_Cert* targetCert,
- PKIX_List* anchors,
- PKIX_PL_Date *validityDate,
- PKIX_BuildResult *buildResult,
- void *plContext)
-{
- PKIX_List *cachedValues = NULL;
- PKIX_List *cachedKeys = NULL;
- PKIX_Error *cachedCertChainError = NULL;
- PKIX_PL_Date *cacheValidUntilDate = NULL;
+PKIX_Error *pkix_CacheCertChain_Add(PKIX_PL_Cert *targetCert,
+ PKIX_List *anchors,
+ PKIX_PL_Date *validityDate,
+ PKIX_BuildResult *buildResult,
+ void *plContext) {
+ PKIX_List *cachedValues = NULL;
+ PKIX_List *cachedKeys = NULL;
+ PKIX_Error *cachedCertChainError = NULL;
+ PKIX_PL_Date *cacheValidUntilDate = NULL;
- PKIX_ENTER(BUILD, "pkix_CacheCertChain_Add");
+ PKIX_ENTER(BUILD, "pkix_CacheCertChain_Add");
- PKIX_NULLCHECK_FOUR(targetCert, anchors, validityDate, buildResult);
+ PKIX_NULLCHECK_FOUR(targetCert, anchors, validityDate, buildResult);
- PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
- PKIX_LISTCREATEFAILED);
+ PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext), PKIX_LISTCREATEFAILED);
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys, (PKIX_PL_Object *)targetCert, plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(
+ PKIX_List_AppendItem(cachedKeys, (PKIX_PL_Object *)targetCert, plContext),
+ PKIX_LISTAPPENDITEMFAILED);
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys, (PKIX_PL_Object *)anchors, plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(
+ PKIX_List_AppendItem(cachedKeys, (PKIX_PL_Object *)anchors, plContext),
+ PKIX_LISTAPPENDITEMFAILED);
- PKIX_CHECK(PKIX_List_Create(&cachedValues, plContext),
- PKIX_LISTCREATEFAILED);
+ PKIX_CHECK(PKIX_List_Create(&cachedValues, plContext), PKIX_LISTCREATEFAILED);
- PKIX_CHECK(PKIX_PL_Date_Create_CurrentOffBySeconds
- (CACHE_ITEM_PERIOD_SECONDS,
- &cacheValidUntilDate,
- plContext),
- PKIX_DATECREATECURRENTOFFBYSECONDSFAILED);
+ PKIX_CHECK(PKIX_PL_Date_Create_CurrentOffBySeconds(
+ CACHE_ITEM_PERIOD_SECONDS, &cacheValidUntilDate, plContext),
+ PKIX_DATECREATECURRENTOFFBYSECONDSFAILED);
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedValues,
- (PKIX_PL_Object *)cacheValidUntilDate,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(
+ PKIX_List_AppendItem(cachedValues, (PKIX_PL_Object *)cacheValidUntilDate,
+ plContext),
+ PKIX_LISTAPPENDITEMFAILED);
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedValues, (PKIX_PL_Object *)validityDate, plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(PKIX_List_AppendItem(cachedValues, (PKIX_PL_Object *)validityDate,
+ plContext),
+ PKIX_LISTAPPENDITEMFAILED);
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedValues, (PKIX_PL_Object *)buildResult, plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(PKIX_List_AppendItem(cachedValues, (PKIX_PL_Object *)buildResult,
+ plContext),
+ PKIX_LISTAPPENDITEMFAILED);
- cachedCertChainError = PKIX_PL_HashTable_Add
- (cachedCertChainTable,
- (PKIX_PL_Object *) cachedKeys,
- (PKIX_PL_Object *) cachedValues,
- plContext);
+ cachedCertChainError =
+ PKIX_PL_HashTable_Add(cachedCertChainTable, (PKIX_PL_Object *)cachedKeys,
+ (PKIX_PL_Object *)cachedValues, plContext);
- pkix_ccAddCount++;
+ pkix_ccAddCount++;
- if (cachedCertChainError != NULL) {
- PKIX_DEBUG("PKIX_PL_HashTable_Add for CertChain skipped: "
- "entry existed\n");
- }
+ if (cachedCertChainError != NULL) {
+ PKIX_DEBUG(
+ "PKIX_PL_HashTable_Add for CertChain skipped: "
+ "entry existed\n");
+ }
cleanup:
- PKIX_DECREF(cachedValues);
- PKIX_DECREF(cachedKeys);
- PKIX_DECREF(cachedCertChainError);
- PKIX_DECREF(cacheValidUntilDate);
+ PKIX_DECREF(cachedValues);
+ PKIX_DECREF(cachedKeys);
+ PKIX_DECREF(cachedCertChainError);
+ PKIX_DECREF(cacheValidUntilDate);
- PKIX_RETURN(BUILD);
+ PKIX_RETURN(BUILD);
}
/*
* FUNCTION: pkix_CacheCert_Lookup
* DESCRIPTION:
*
* Look up Cert Hash Table for a cached item based on "store" and Subject in
* "certSelParams" as the hash keys and returns values Certs in "pCerts".
* If there isn't an item to match the key, a PKIX_FALSE is returned at
* "pFound". The item's cache time is verified with "testDate". If out-dated,
* this item is removed and PKIX_FALSE is returned at "pFound".
* This hashtable is maintained in the following ways:
* 1) When creating the hashtable, maximum bucket size can be specified (0 for
* unlimited). If items in a bucket reaches its full size, an new addition
* will trigger the removal of the old as FIFO sequence.
- * 2) A PKIX_PL_Date created with current time offset by constant
+ * 2) A PKIX_PL_Date created with current time offset by constant
* CACHE_ITEM_PERIOD_SECONDS is attached to each item in the Hash Table.
* If the CertStore this Cert is from is a trusted one, the cache period is
* shorter so cache can be updated more frequently.
* When an item is retrieved, this date is compared against "testDate" for
* validity. If comparison indicates this item is expired, the item is
* removed from the bucket.
*
* PARAMETERS:
* "store"
- * Address of CertStore as key to retrieve this CertChain. Must be
+ * Address of CertStore as key to retrieve this CertChain. Must be
* non-NULL.
* "certSelParams"
* Address of ComCertSelParams that its subject is used as key to retrieve
* this CertChain. Must be non-NULL.
* "testDate"
* Address of PKIX_PL_Date for verifying time cache validity.
* Must be non-NULL. If testDate is NULL, this cache item won't be out
* dated.
@@ -914,344 +829,304 @@ cleanup:
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an Error Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
-PKIX_Error *
-pkix_CacheCert_Lookup(
- PKIX_CertStore *store,
- PKIX_ComCertSelParams *certSelParams,
- PKIX_PL_Date *testDate,
- PKIX_Boolean *pFound,
- PKIX_List** pCerts,
- void *plContext)
-{
- PKIX_PL_Cert *cert = NULL;
- PKIX_List *cachedKeys = NULL;
- PKIX_List *cachedValues = NULL;
- PKIX_List *cachedCertList = NULL;
- PKIX_List *selCertList = NULL;
- PKIX_PL_X500Name *subject = NULL;
- PKIX_PL_Date *invalidAfterDate = NULL;
- PKIX_PL_Date *cacheValidUntilDate = NULL;
- PKIX_CertSelector *certSel = NULL;
- PKIX_Error *cachedCertError = NULL;
- PKIX_Error *selectorError = NULL;
- PKIX_CertSelector_MatchCallback selectorMatch = NULL;
- PKIX_Int32 cmpValidTimeResult = PKIX_FALSE;
- PKIX_Int32 cmpCacheTimeResult = 0;
- PKIX_UInt32 numItems = 0;
- PKIX_UInt32 i;
+PKIX_Error *pkix_CacheCert_Lookup(PKIX_CertStore *store,
+ PKIX_ComCertSelParams *certSelParams,
+ PKIX_PL_Date *testDate, PKIX_Boolean *pFound,
+ PKIX_List **pCerts, void *plContext) {
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_List *cachedKeys = NULL;
+ PKIX_List *cachedValues = NULL;
+ PKIX_List *cachedCertList = NULL;
+ PKIX_List *selCertList = NULL;
+ PKIX_PL_X500Name *subject = NULL;
+ PKIX_PL_Date *invalidAfterDate = NULL;
+ PKIX_PL_Date *cacheValidUntilDate = NULL;
+ PKIX_CertSelector *certSel = NULL;
+ PKIX_Error *cachedCertError = NULL;
+ PKIX_Error *selectorError = NULL;
+ PKIX_CertSelector_MatchCallback selectorMatch = NULL;
+ PKIX_Int32 cmpValidTimeResult = PKIX_FALSE;
+ PKIX_Int32 cmpCacheTimeResult = 0;
+ PKIX_UInt32 numItems = 0;
+ PKIX_UInt32 i;
- PKIX_ENTER(BUILD, "pkix_CacheCert_Lookup");
- PKIX_NULLCHECK_TWO(store, certSelParams);
- PKIX_NULLCHECK_TWO(pFound, pCerts);
+ PKIX_ENTER(BUILD, "pkix_CacheCert_Lookup");
+ PKIX_NULLCHECK_TWO(store, certSelParams);
+ PKIX_NULLCHECK_TWO(pFound, pCerts);
- *pFound = PKIX_FALSE;
+ *pFound = PKIX_FALSE;
- PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
- PKIX_LISTCREATEFAILED);
+ PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext), PKIX_LISTCREATEFAILED);
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys, (PKIX_PL_Object *)store, plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(
+ PKIX_List_AppendItem(cachedKeys, (PKIX_PL_Object *)store, plContext),
+ PKIX_LISTAPPENDITEMFAILED);
- PKIX_CHECK(PKIX_ComCertSelParams_GetSubject
- (certSelParams, &subject, plContext),
- PKIX_COMCERTSELPARAMSGETSUBJECTFAILED);
+ PKIX_CHECK(
+ PKIX_ComCertSelParams_GetSubject(certSelParams, &subject, plContext),
+ PKIX_COMCERTSELPARAMSGETSUBJECTFAILED);
- PKIX_NULLCHECK_ONE(subject);
+ PKIX_NULLCHECK_ONE(subject);
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys, (PKIX_PL_Object *)subject, plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(
+ PKIX_List_AppendItem(cachedKeys, (PKIX_PL_Object *)subject, plContext),
+ PKIX_LISTAPPENDITEMFAILED);
- cachedCertError = PKIX_PL_HashTable_Lookup
- (cachedCertTable,
- (PKIX_PL_Object *) cachedKeys,
- (PKIX_PL_Object **) &cachedValues,
- plContext);
- pkix_cLookupCount++;
+ cachedCertError =
+ PKIX_PL_HashTable_Lookup(cachedCertTable, (PKIX_PL_Object *)cachedKeys,
+ (PKIX_PL_Object **)&cachedValues, plContext);
+ pkix_cLookupCount++;
- if (cachedValues != NULL && cachedCertError == NULL) {
+ if (cachedValues != NULL && cachedCertError == NULL) {
- PKIX_CHECK(PKIX_List_GetItem
- (cachedValues,
- 0,
- (PKIX_PL_Object **) &cacheValidUntilDate,
- plContext),
- PKIX_LISTGETITEMFAILED);
+ PKIX_CHECK(
+ PKIX_List_GetItem(cachedValues, 0,
+ (PKIX_PL_Object **)&cacheValidUntilDate, plContext),
+ PKIX_LISTGETITEMFAILED);
- if (testDate) {
- PKIX_CHECK(PKIX_PL_Object_Compare
- ((PKIX_PL_Object *)testDate,
- (PKIX_PL_Object *)cacheValidUntilDate,
- &cmpCacheTimeResult,
- plContext),
- PKIX_OBJECTCOMPARATORFAILED);
- }
+ if (testDate) {
+ PKIX_CHECK(PKIX_PL_Object_Compare((PKIX_PL_Object *)testDate,
+ (PKIX_PL_Object *)cacheValidUntilDate,
+ &cmpCacheTimeResult, plContext),
+ PKIX_OBJECTCOMPARATORFAILED);
+ }
- if (cmpCacheTimeResult <= 0) {
+ if (cmpCacheTimeResult <= 0) {
- PKIX_CHECK(PKIX_List_GetItem
- (cachedValues,
- 1,
- (PKIX_PL_Object **) &cachedCertList,
- plContext),
- PKIX_LISTGETITEMFAILED);
+ PKIX_CHECK(
+ PKIX_List_GetItem(cachedValues, 1, (PKIX_PL_Object **)&cachedCertList,
+ plContext),
+ PKIX_LISTGETITEMFAILED);
- /*
- * Certs put on cache satifies only for Subject,
- * user selector and ComCertSelParams to filter.
- */
- PKIX_CHECK(PKIX_CertSelector_Create
- (NULL, NULL, &certSel, plContext),
- PKIX_CERTSELECTORCREATEFAILED);
+ /*
+ * Certs put on cache satifies only for Subject,
+ * user selector and ComCertSelParams to filter.
+ */
+ PKIX_CHECK(PKIX_CertSelector_Create(NULL, NULL, &certSel, plContext),
+ PKIX_CERTSELECTORCREATEFAILED);
- PKIX_CHECK(PKIX_CertSelector_SetCommonCertSelectorParams
- (certSel, certSelParams, plContext),
- PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED);
+ PKIX_CHECK(PKIX_CertSelector_SetCommonCertSelectorParams(
+ certSel, certSelParams, plContext),
+ PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED);
- PKIX_CHECK(PKIX_CertSelector_GetMatchCallback
- (certSel, &selectorMatch, plContext),
- PKIX_CERTSELECTORGETMATCHCALLBACKFAILED);
+ PKIX_CHECK(PKIX_CertSelector_GetMatchCallback(certSel, &selectorMatch,
+ plContext),
+ PKIX_CERTSELECTORGETMATCHCALLBACKFAILED);
- PKIX_CHECK(PKIX_List_Create(&selCertList, plContext),
- PKIX_LISTCREATEFAILED);
+ PKIX_CHECK(PKIX_List_Create(&selCertList, plContext),
+ PKIX_LISTCREATEFAILED);
- /*
- * If any of the Cert on the list is out-dated, invalidate
- * this cache item.
- */
- PKIX_CHECK(PKIX_List_GetLength
- (cachedCertList, &numItems, plContext),
- PKIX_LISTGETLENGTHFAILED);
+ /*
+ * If any of the Cert on the list is out-dated, invalidate
+ * this cache item.
+ */
+ PKIX_CHECK(PKIX_List_GetLength(cachedCertList, &numItems, plContext),
+ PKIX_LISTGETLENGTHFAILED);
- for (i = 0; i < numItems; i++){
+ for (i = 0; i < numItems; i++) {
- PKIX_CHECK(PKIX_List_GetItem
- (cachedCertList,
- i,
- (PKIX_PL_Object **)&cert,
- plContext),
- PKIX_LISTGETITEMFAILED);
+ PKIX_CHECK(PKIX_List_GetItem(cachedCertList, i,
+ (PKIX_PL_Object **)&cert, plContext),
+ PKIX_LISTGETITEMFAILED);
- PKIX_CHECK(PKIX_PL_Cert_GetValidityNotAfter
- (cert, &invalidAfterDate, plContext),
- PKIX_CERTGETVALIDITYNOTAFTERFAILED);
+ PKIX_CHECK(PKIX_PL_Cert_GetValidityNotAfter(cert, &invalidAfterDate,
+ plContext),
+ PKIX_CERTGETVALIDITYNOTAFTERFAILED);
- if (testDate) {
- PKIX_CHECK(PKIX_PL_Object_Compare
- ((PKIX_PL_Object *)invalidAfterDate,
- (PKIX_PL_Object *)testDate,
- &cmpValidTimeResult,
- plContext),
- PKIX_OBJECTCOMPARATORFAILED);
- }
+ if (testDate) {
+ PKIX_CHECK(PKIX_PL_Object_Compare((PKIX_PL_Object *)invalidAfterDate,
+ (PKIX_PL_Object *)testDate,
+ &cmpValidTimeResult, plContext),
+ PKIX_OBJECTCOMPARATORFAILED);
+ }
- if (cmpValidTimeResult < 0) {
+ if (cmpValidTimeResult < 0) {
- pkix_cRemoveCount++;
- *pFound = PKIX_FALSE;
+ pkix_cRemoveCount++;
+ *pFound = PKIX_FALSE;
- /* one cert is out-dated, remove item from cache */
- PKIX_CHECK(PKIX_PL_HashTable_Remove
- (cachedCertTable,
- (PKIX_PL_Object *) cachedKeys,
- plContext),
- PKIX_HASHTABLEREMOVEFAILED);
- goto cleanup;
- }
+ /* one cert is out-dated, remove item from cache */
+ PKIX_CHECK(
+ PKIX_PL_HashTable_Remove(cachedCertTable,
+ (PKIX_PL_Object *)cachedKeys, plContext),
+ PKIX_HASHTABLEREMOVEFAILED);
+ goto cleanup;
+ }
- selectorError = selectorMatch(certSel, cert, plContext);
- if (!selectorError){
- /* put on the return list */
- PKIX_CHECK(PKIX_List_AppendItem
- (selCertList,
- (PKIX_PL_Object *)cert,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- } else {
- PKIX_DECREF(selectorError);
- }
+ selectorError = selectorMatch(certSel, cert, plContext);
+ if (!selectorError) {
+ /* put on the return list */
+ PKIX_CHECK(PKIX_List_AppendItem(selCertList, (PKIX_PL_Object *)cert,
+ plContext),
+ PKIX_LISTAPPENDITEMFAILED);
+ } else {
+ PKIX_DECREF(selectorError);
+ }
- PKIX_DECREF(cert);
- PKIX_DECREF(invalidAfterDate);
+ PKIX_DECREF(cert);
+ PKIX_DECREF(invalidAfterDate);
+ }
- }
+ if (*pFound) {
+ PKIX_INCREF(selCertList);
+ *pCerts = selCertList;
+ }
- if (*pFound) {
- PKIX_INCREF(selCertList);
- *pCerts = selCertList;
- }
+ } else {
- } else {
-
- pkix_cRemoveCount++;
- *pFound = PKIX_FALSE;
- /* cache item is out-dated, remove it from cache */
- PKIX_CHECK(PKIX_PL_HashTable_Remove
- (cachedCertTable,
- (PKIX_PL_Object *) cachedKeys,
- plContext),
- PKIX_HASHTABLEREMOVEFAILED);
- }
-
- }
+ pkix_cRemoveCount++;
+ *pFound = PKIX_FALSE;
+ /* cache item is out-dated, remove it from cache */
+ PKIX_CHECK(PKIX_PL_HashTable_Remove(
+ cachedCertTable, (PKIX_PL_Object *)cachedKeys, plContext),
+ PKIX_HASHTABLEREMOVEFAILED);
+ }
+ }
cleanup:
- PKIX_DECREF(subject);
- PKIX_DECREF(certSel);
- PKIX_DECREF(cachedKeys);
- PKIX_DECREF(cachedValues);
- PKIX_DECREF(cacheValidUntilDate);
- PKIX_DECREF(cert);
- PKIX_DECREF(cachedCertList);
- PKIX_DECREF(selCertList);
- PKIX_DECREF(invalidAfterDate);
- PKIX_DECREF(cachedCertError);
- PKIX_DECREF(selectorError);
+ PKIX_DECREF(subject);
+ PKIX_DECREF(certSel);
+ PKIX_DECREF(cachedKeys);
+ PKIX_DECREF(cachedValues);
+ PKIX_DECREF(cacheValidUntilDate);
+ PKIX_DECREF(cert);
+ PKIX_DECREF(cachedCertList);
+ PKIX_DECREF(selCertList);
+ PKIX_DECREF(invalidAfterDate);
+ PKIX_DECREF(cachedCertError);
+ PKIX_DECREF(selectorError);
- PKIX_RETURN(BUILD);
+ PKIX_RETURN(BUILD);
}
/*
* FUNCTION: pkix_CacheCert_Add
* DESCRIPTION:
*
* Add Cert Hash Table for a cached item based on "store" and Subject in
* "certSelParams" as the hash keys and have "certs" as the key value.
* This hashtable is maintained in the following ways:
* 1) When creating the hashtable, maximum bucket size can be specified (0 for
* unlimited). If items in a bucket reaches its full size, an new addition
* will trigger the removal of the old as FIFO sequence.
- * 2) A PKIX_PL_Date created with current time offset by constant
+ * 2) A PKIX_PL_Date created with current time offset by constant
* CACHE_ITEM_PERIOD_SECONDS is attached to each item in the Hash Table.
* If the CertStore this Cert is from is a trusted one, the cache period is
* shorter so cache can be updated more frequently.
* When an item is retrieved, this date is compared against "testDate" for
* validity. If comparison indicates this item is expired, the item is
* removed from the bucket.
*
* PARAMETERS:
* "store"
- * Address of CertStore as key to retrieve this CertChain. Must be
+ * Address of CertStore as key to retrieve this CertChain. Must be
* non-NULL.
* "certSelParams"
* Address of ComCertSelParams that its subject is used as key to retrieve
* this CertChain. Must be non-NULL.
* "certs"
* Address PKIX_List of Certs will be stored. Must be no-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an Error Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
-PKIX_Error *
-pkix_CacheCert_Add(
- PKIX_CertStore *store,
- PKIX_ComCertSelParams *certSelParams,
- PKIX_List* certs,
- void *plContext)
-{
- PKIX_List *cachedKeys = NULL;
- PKIX_List *cachedValues = NULL;
- PKIX_PL_Date *cacheValidUntilDate = NULL;
- PKIX_PL_X500Name *subject = NULL;
- PKIX_Error *cachedCertError = NULL;
- PKIX_CertStore_CheckTrustCallback trustCallback = NULL;
- PKIX_UInt32 cachePeriod = CACHE_ITEM_PERIOD_SECONDS;
- PKIX_UInt32 numCerts = 0;
+PKIX_Error *pkix_CacheCert_Add(PKIX_CertStore *store,
+ PKIX_ComCertSelParams *certSelParams,
+ PKIX_List *certs, void *plContext) {
+ PKIX_List *cachedKeys = NULL;
+ PKIX_List *cachedValues = NULL;
+ PKIX_PL_Date *cacheValidUntilDate = NULL;
+ PKIX_PL_X500Name *subject = NULL;
+ PKIX_Error *cachedCertError = NULL;
+ PKIX_CertStore_CheckTrustCallback trustCallback = NULL;
+ PKIX_UInt32 cachePeriod = CACHE_ITEM_PERIOD_SECONDS;
+ PKIX_UInt32 numCerts = 0;
- PKIX_ENTER(BUILD, "pkix_CacheCert_Add");
- PKIX_NULLCHECK_THREE(store, certSelParams, certs);
+ PKIX_ENTER(BUILD, "pkix_CacheCert_Add");
+ PKIX_NULLCHECK_THREE(store, certSelParams, certs);
- PKIX_CHECK(PKIX_List_GetLength(certs, &numCerts,
- plContext),
- PKIX_LISTGETLENGTHFAILED);
- if (numCerts == 0) {
- /* Don't want to add an empty list. */
- goto cleanup;
- }
+ PKIX_CHECK(PKIX_List_GetLength(certs, &numCerts, plContext),
+ PKIX_LISTGETLENGTHFAILED);
+ if (numCerts == 0) {
+ /* Don't want to add an empty list. */
+ goto cleanup;
+ }
- PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
- PKIX_LISTCREATEFAILED);
+ PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext), PKIX_LISTCREATEFAILED);
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys, (PKIX_PL_Object *)store, plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(
+ PKIX_List_AppendItem(cachedKeys, (PKIX_PL_Object *)store, plContext),
+ PKIX_LISTAPPENDITEMFAILED);
- PKIX_CHECK(PKIX_ComCertSelParams_GetSubject
- (certSelParams, &subject, plContext),
- PKIX_COMCERTSELPARAMSGETSUBJECTFAILED);
+ PKIX_CHECK(
+ PKIX_ComCertSelParams_GetSubject(certSelParams, &subject, plContext),
+ PKIX_COMCERTSELPARAMSGETSUBJECTFAILED);
- PKIX_NULLCHECK_ONE(subject);
+ PKIX_NULLCHECK_ONE(subject);
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys, (PKIX_PL_Object *)subject, plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(
+ PKIX_List_AppendItem(cachedKeys, (PKIX_PL_Object *)subject, plContext),
+ PKIX_LISTAPPENDITEMFAILED);
- PKIX_CHECK(PKIX_List_Create(&cachedValues, plContext),
- PKIX_LISTCREATEFAILED);
+ PKIX_CHECK(PKIX_List_Create(&cachedValues, plContext), PKIX_LISTCREATEFAILED);
- PKIX_CHECK(PKIX_CertStore_GetTrustCallback
- (store, &trustCallback, plContext),
- PKIX_CERTSTOREGETTRUSTCALLBACKFAILED);
+ PKIX_CHECK(PKIX_CertStore_GetTrustCallback(store, &trustCallback, plContext),
+ PKIX_CERTSTOREGETTRUSTCALLBACKFAILED);
- if (trustCallback) {
- cachePeriod = CACHE_TRUST_ITEM_PERIOD_SECONDS;
- }
+ if (trustCallback) {
+ cachePeriod = CACHE_TRUST_ITEM_PERIOD_SECONDS;
+ }
- PKIX_CHECK(PKIX_PL_Date_Create_CurrentOffBySeconds
- (cachePeriod, &cacheValidUntilDate, plContext),
- PKIX_DATECREATECURRENTOFFBYSECONDSFAILED);
+ PKIX_CHECK(PKIX_PL_Date_Create_CurrentOffBySeconds(
+ cachePeriod, &cacheValidUntilDate, plContext),
+ PKIX_DATECREATECURRENTOFFBYSECONDSFAILED);
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedValues,
- (PKIX_PL_Object *)cacheValidUntilDate,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(
+ PKIX_List_AppendItem(cachedValues, (PKIX_PL_Object *)cacheValidUntilDate,
+ plContext),
+ PKIX_LISTAPPENDITEMFAILED);
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedValues,
- (PKIX_PL_Object *)certs,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(
+ PKIX_List_AppendItem(cachedValues, (PKIX_PL_Object *)certs, plContext),
+ PKIX_LISTAPPENDITEMFAILED);
- cachedCertError = PKIX_PL_HashTable_Add
- (cachedCertTable,
- (PKIX_PL_Object *) cachedKeys,
- (PKIX_PL_Object *) cachedValues,
- plContext);
+ cachedCertError =
+ PKIX_PL_HashTable_Add(cachedCertTable, (PKIX_PL_Object *)cachedKeys,
+ (PKIX_PL_Object *)cachedValues, plContext);
- pkix_cAddCount++;
+ pkix_cAddCount++;
- if (cachedCertError != NULL) {
- PKIX_DEBUG("PKIX_PL_HashTable_Add for Certs skipped: "
- "entry existed\n");
- }
+ if (cachedCertError != NULL) {
+ PKIX_DEBUG(
+ "PKIX_PL_HashTable_Add for Certs skipped: "
+ "entry existed\n");
+ }
cleanup:
- PKIX_DECREF(subject);
- PKIX_DECREF(cachedKeys);
- PKIX_DECREF(cachedValues);
- PKIX_DECREF(cacheValidUntilDate);
- PKIX_DECREF(cachedCertError);
+ PKIX_DECREF(subject);
+ PKIX_DECREF(cachedKeys);
+ PKIX_DECREF(cachedValues);
+ PKIX_DECREF(cacheValidUntilDate);
+ PKIX_DECREF(cachedCertError);
- PKIX_RETURN(BUILD);
+ PKIX_RETURN(BUILD);
}
/*
* FUNCTION: pkix_CacheCrlEntry_Lookup
* DESCRIPTION:
*
* Look up CrlEntry Hash Table for a cached item based on "store",
* "certIssuer" and "certSerialNumber" as the hash keys and returns values
@@ -1259,17 +1134,17 @@ cleanup:
* returned at "pFound".
* This hashtable is maintained in the following way:
* 1) When creating the hashtable, maximum bucket size can be specified (0 for
* unlimited). If items in a bucket reaches its full size, an new addition
* will trigger the removal of the old as FIFO sequence.
*
* PARAMETERS:
* "store"
- * Address of CertStore as key to retrieve this CertChain. Must be
+ * Address of CertStore as key to retrieve this CertChain. Must be
* non-NULL.
* "certIssuer"
* Address of X500Name that is used as key to retrieve the CRLEntries.
* Must be non-NULL.
* "certSerialNumber"
* Address of BigInt that is used as key to retrieve the CRLEntries.
* Must be non-NULL.
* "pFound"
@@ -1281,86 +1156,77 @@ cleanup:
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an Error Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
-PKIX_Error *
-pkix_CacheCrlEntry_Lookup(
- PKIX_CertStore *store,
- PKIX_PL_X500Name *certIssuer,
- PKIX_PL_BigInt *certSerialNumber,
- PKIX_Boolean *pFound,
- PKIX_List** pCrls,
- void *plContext)
-{
- PKIX_List *cachedKeys = NULL;
- PKIX_List *cachedCrlEntryList = NULL;
- PKIX_Error *cachedCrlEntryError = NULL;
+PKIX_Error *pkix_CacheCrlEntry_Lookup(PKIX_CertStore *store,
+ PKIX_PL_X500Name *certIssuer,
+ PKIX_PL_BigInt *certSerialNumber,
+ PKIX_Boolean *pFound, PKIX_List **pCrls,
+ void *plContext) {
+ PKIX_List *cachedKeys = NULL;
+ PKIX_List *cachedCrlEntryList = NULL;
+ PKIX_Error *cachedCrlEntryError = NULL;
- PKIX_ENTER(BUILD, "pkix_CacheCrlEntry_Lookup");
- PKIX_NULLCHECK_THREE(store, certIssuer, certSerialNumber);
- PKIX_NULLCHECK_TWO(pFound, pCrls);
+ PKIX_ENTER(BUILD, "pkix_CacheCrlEntry_Lookup");
+ PKIX_NULLCHECK_THREE(store, certIssuer, certSerialNumber);
+ PKIX_NULLCHECK_TWO(pFound, pCrls);
- *pFound = PKIX_FALSE;
+ *pFound = PKIX_FALSE;
- /* Find CrlEntry(s) by issuer and serial number */
-
- PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
- PKIX_LISTCREATEFAILED);
+ /* Find CrlEntry(s) by issuer and serial number */
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys, (PKIX_PL_Object *)store, plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext), PKIX_LISTCREATEFAILED);
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys, (PKIX_PL_Object *)certIssuer, plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(
+ PKIX_List_AppendItem(cachedKeys, (PKIX_PL_Object *)store, plContext),
+ PKIX_LISTAPPENDITEMFAILED);
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys,
- (PKIX_PL_Object *)certSerialNumber,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(
+ PKIX_List_AppendItem(cachedKeys, (PKIX_PL_Object *)certIssuer, plContext),
+ PKIX_LISTAPPENDITEMFAILED);
- cachedCrlEntryError = PKIX_PL_HashTable_Lookup
- (cachedCrlEntryTable,
- (PKIX_PL_Object *) cachedKeys,
- (PKIX_PL_Object **) &cachedCrlEntryList,
- plContext);
- pkix_ceLookupCount++;
+ PKIX_CHECK(PKIX_List_AppendItem(
+ cachedKeys, (PKIX_PL_Object *)certSerialNumber, plContext),
+ PKIX_LISTAPPENDITEMFAILED);
- /*
- * We don't need check Date to invalidate this cache item,
- * the item is uniquely defined and won't be reverted. Let
- * the FIFO for cleaning up.
- */
+ cachedCrlEntryError = PKIX_PL_HashTable_Lookup(
+ cachedCrlEntryTable, (PKIX_PL_Object *)cachedKeys,
+ (PKIX_PL_Object **)&cachedCrlEntryList, plContext);
+ pkix_ceLookupCount++;
- if (cachedCrlEntryList != NULL && cachedCrlEntryError == NULL ) {
+ /*
+ * We don't need check Date to invalidate this cache item,
+ * the item is uniquely defined and won't be reverted. Let
+ * the FIFO for cleaning up.
+ */
- PKIX_INCREF(cachedCrlEntryList);
- *pCrls = cachedCrlEntryList;
+ if (cachedCrlEntryList != NULL && cachedCrlEntryError == NULL) {
- *pFound = PKIX_TRUE;
+ PKIX_INCREF(cachedCrlEntryList);
+ *pCrls = cachedCrlEntryList;
- } else {
+ *pFound = PKIX_TRUE;
- *pFound = PKIX_FALSE;
- }
+ } else {
+
+ *pFound = PKIX_FALSE;
+ }
cleanup:
- PKIX_DECREF(cachedKeys);
- PKIX_DECREF(cachedCrlEntryList);
- PKIX_DECREF(cachedCrlEntryError);
+ PKIX_DECREF(cachedKeys);
+ PKIX_DECREF(cachedCrlEntryList);
+ PKIX_DECREF(cachedCrlEntryError);
- PKIX_RETURN(BUILD);
+ PKIX_RETURN(BUILD);
}
/*
* FUNCTION: pkix_CacheCrlEntry_Add
* DESCRIPTION:
*
* Look up CrlEntry Hash Table for a cached item based on "store",
* "certIssuer" and "certSerialNumber" as the hash keys and have "pCrls" as
@@ -1368,17 +1234,17 @@ cleanup:
* returned at "pFound".
* This hashtable is maintained in the following way:
* 1) When creating the hashtable, maximum bucket size can be specified (0 for
* unlimited). If items in a bucket reaches its full size, an new addition
* will trigger the removal of the old as FIFO sequence.
*
* PARAMETERS:
* "store"
- * Address of CertStore as key to retrieve this CertChain. Must be
+ * Address of CertStore as key to retrieve this CertChain. Must be
* non-NULL.
* "certIssuer"
* Address of X500Name that is used as key to retrieve the CRLEntries.
* Must be non-NULL.
* "certSerialNumber"
* Address of BigInt that is used as key to retrieve the CRLEntries.
* Must be non-NULL.
* "crls"
@@ -1387,133 +1253,120 @@ cleanup:
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an Error Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
-PKIX_Error *
-pkix_CacheCrlEntry_Add(
- PKIX_CertStore *store,
- PKIX_PL_X500Name *certIssuer,
- PKIX_PL_BigInt *certSerialNumber,
- PKIX_List* crls,
- void *plContext)
-{
- PKIX_List *cachedKeys = NULL;
- PKIX_Error *cachedCrlEntryError = NULL;
+PKIX_Error *pkix_CacheCrlEntry_Add(PKIX_CertStore *store,
+ PKIX_PL_X500Name *certIssuer,
+ PKIX_PL_BigInt *certSerialNumber,
+ PKIX_List *crls, void *plContext) {
+ PKIX_List *cachedKeys = NULL;
+ PKIX_Error *cachedCrlEntryError = NULL;
- PKIX_ENTER(BUILD, "pkix_CacheCrlEntry_Add");
- PKIX_NULLCHECK_THREE(store, certIssuer, certSerialNumber);
- PKIX_NULLCHECK_ONE(crls);
+ PKIX_ENTER(BUILD, "pkix_CacheCrlEntry_Add");
+ PKIX_NULLCHECK_THREE(store, certIssuer, certSerialNumber);
+ PKIX_NULLCHECK_ONE(crls);
- /* Add CrlEntry(s) by issuer and serial number */
-
- PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
- PKIX_LISTCREATEFAILED);
+ /* Add CrlEntry(s) by issuer and serial number */
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys, (PKIX_PL_Object *)store, plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext), PKIX_LISTCREATEFAILED);
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys, (PKIX_PL_Object *)certIssuer, plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(
+ PKIX_List_AppendItem(cachedKeys, (PKIX_PL_Object *)store, plContext),
+ PKIX_LISTAPPENDITEMFAILED);
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys,
- (PKIX_PL_Object *)certSerialNumber,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
+ PKIX_CHECK(
+ PKIX_List_AppendItem(cachedKeys, (PKIX_PL_Object *)certIssuer, plContext),
+ PKIX_LISTAPPENDITEMFAILED);
- cachedCrlEntryError = PKIX_PL_HashTable_Add
- (cachedCrlEntryTable,
- (PKIX_PL_Object *) cachedKeys,
- (PKIX_PL_Object *) crls,
- plContext);
- pkix_ceAddCount++;
+ PKIX_CHECK(PKIX_List_AppendItem(
+ cachedKeys, (PKIX_PL_Object *)certSerialNumber, plContext),
+ PKIX_LISTAPPENDITEMFAILED);
+
+ cachedCrlEntryError =
+ PKIX_PL_HashTable_Add(cachedCrlEntryTable, (PKIX_PL_Object *)cachedKeys,
+ (PKIX_PL_Object *)crls, plContext);
+ pkix_ceAddCount++;
cleanup:
- PKIX_DECREF(cachedKeys);
- PKIX_DECREF(cachedCrlEntryError);
+ PKIX_DECREF(cachedKeys);
+ PKIX_DECREF(cachedCrlEntryError);
- PKIX_RETURN(BUILD);
+ PKIX_RETURN(BUILD);
}
#ifdef PKIX_OBJECT_LEAK_TEST
/* TEST_START_FN and testStartFnStackPosition define at what state
* of the stack the object leak testing should begin. The condition
* in pkix_CheckForGeneratedError works the following way: do leak
* testing if at position testStartFnStackPosition in stack array
* (fnStackNameArr) we have called function TEST_START_FN.
* Note, that stack array get filled only when executing libpkix
* functions.
* */
#define TEST_START_FN "PKIX_BuildChain"
-PKIX_Error*
-pkix_CheckForGeneratedError(PKIX_StdVars * stdVars,
- PKIX_ERRORCLASS errClass,
- char * fnName,
- PKIX_Boolean *errSetFlag,
- void * plContext)
-{
- PKIX_Error *genErr = NULL;
- PKIX_UInt32 pos = 0;
- PKIX_UInt32 strLen = 0;
+PKIX_Error *pkix_CheckForGeneratedError(PKIX_StdVars *stdVars,
+ PKIX_ERRORCLASS errClass, char *fnName,
+ PKIX_Boolean *errSetFlag,
+ void *plContext) {
+ PKIX_Error *genErr = NULL;
+ PKIX_UInt32 pos = 0;
+ PKIX_UInt32 strLen = 0;
- if (fnName) {
- if (fnStackNameArr[testStartFnStackPosition] == NULL ||
- strcmp(fnStackNameArr[testStartFnStackPosition], TEST_START_FN)
- ) {
- /* return with out error if not with in boundary */
- return NULL;
- }
- if (!strcmp(fnName, TEST_START_FN)) {
- *errSetFlag = PKIX_TRUE;
- noErrorState = PKIX_FALSE;
- errorGenerated = PKIX_FALSE;
- }
- }
+ if (fnName) {
+ if (fnStackNameArr[testStartFnStackPosition] == NULL ||
+ strcmp(fnStackNameArr[testStartFnStackPosition], TEST_START_FN)) {
+ /* return with out error if not with in boundary */
+ return NULL;
+ }
+ if (!strcmp(fnName, TEST_START_FN)) {
+ *errSetFlag = PKIX_TRUE;
+ noErrorState = PKIX_FALSE;
+ errorGenerated = PKIX_FALSE;
+ }
+ }
- if (noErrorState || errorGenerated) return NULL;
+ if (noErrorState || errorGenerated) return NULL;
- if (fnName && (
- !strcmp(fnName, "PKIX_PL_Object_DecRef") ||
- !strcmp(fnName, "PKIX_PL_Object_Unlock") ||
- !strcmp(fnName, "pkix_UnlockObject") ||
- !strcmp(fnName, "pkix_Throw") ||
- !strcmp(fnName, "pkix_trace_dump_cert") ||
- !strcmp(fnName, "PKIX_PL_Free"))) {
- /* do not generate error for this functions */
- noErrorState = PKIX_TRUE;
- *errSetFlag = PKIX_TRUE;
- return NULL;
- }
+ if (fnName &&
+ (!strcmp(fnName, "PKIX_PL_Object_DecRef") ||
+ !strcmp(fnName, "PKIX_PL_Object_Unlock") ||
+ !strcmp(fnName, "pkix_UnlockObject") || !strcmp(fnName, "pkix_Throw") ||
+ !strcmp(fnName, "pkix_trace_dump_cert") ||
+ !strcmp(fnName, "PKIX_PL_Free"))) {
+ /* do not generate error for this functions */
+ noErrorState = PKIX_TRUE;
+ *errSetFlag = PKIX_TRUE;
+ return NULL;
+ }
- if (PL_HashTableLookup(fnInvTable, &fnStackInvCountArr[stackPosition - 1])) {
- return NULL;
- }
+ if (PL_HashTableLookup(fnInvTable, &fnStackInvCountArr[stackPosition - 1])) {
+ return NULL;
+ }
- PL_HashTableAdd(fnInvTable, &fnStackInvCountArr[stackPosition - 1], nonNullValue);
- errorGenerated = PKIX_TRUE;
- noErrorState = PKIX_TRUE;
- genErr = PKIX_DoThrow(stdVars, errClass, PKIX_MEMLEAKGENERATEDERROR,
- errClass, plContext);
- while(fnStackNameArr[pos]) {
- strLen += PORT_Strlen(fnStackNameArr[pos++]) + 1;
- }
- strLen += 1; /* end of line. */
- pos = 0;
- errorFnStackString = PORT_ZAlloc(strLen);
- while(fnStackNameArr[pos]) {
- strcat(errorFnStackString, "/");
- strcat(errorFnStackString, fnStackNameArr[pos++]);
- }
- noErrorState = PKIX_FALSE;
-
- return genErr;
+ PL_HashTableAdd(fnInvTable, &fnStackInvCountArr[stackPosition - 1],
+ nonNullValue);
+ errorGenerated = PKIX_TRUE;
+ noErrorState = PKIX_TRUE;
+ genErr = PKIX_DoThrow(stdVars, errClass, PKIX_MEMLEAKGENERATEDERROR, errClass,
+ plContext);
+ while (fnStackNameArr[pos]) {
+ strLen += PORT_Strlen(fnStackNameArr[pos++]) + 1;
+ }
+ strLen += 1; /* end of line. */
+ pos = 0;
+ errorFnStackString = PORT_ZAlloc(strLen);
+ while (fnStackNameArr[pos]) {
+ strcat(errorFnStackString, "/");
+ strcat(errorFnStackString, fnStackNameArr[pos++]);
+ }
+ noErrorState = PKIX_FALSE;
+
+ return genErr;
}
#endif /* PKIX_OBJECT_LEAK_TEST */
« no previous file with comments | « lib/libpkix/pkix/util/pkix_tools.h ('k') | lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h » ('j') | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b