trustbridge/nss-cmake-static: nss/lib/libpkix/pkix/results/pkix

comparison nss/lib/libpkix/pkix/results/pkix_policynode.c @ 0:1e5118fa0cb1

This is NSS with a Cmake Buildsyste To compile a static NSS library for Windows we've used the Chromium-NSS fork and added a Cmake buildsystem to compile it statically for Windows. See README.chromium for chromium changes and README.trustbridge for our modifications.

author	Andre Heinecke <andre.heinecke@intevation.de>
date	Mon, 28 Jul 2014 10:47:06 +0200
parents
children

comparison

equal deleted inserted replaced

--1:000000000000
+:1e5118fa0cb1
+/* This Source Code Form is subject to the terms of the Mozilla Public
+* License, v. 2.0. If a copy of the MPL was not distributed with this
+* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+* pkix_policynode.c
+*
+* Policy Node Object Type Definition
+*
+*/
+#include "pkix_policynode.h"
+/* --Private-PolicyNode-Functions---------------------------------- */
+/*
+* FUNCTION: pkix_PolicyNode_GetChildrenMutable
+* DESCRIPTION:
+*
+*  Retrieves the List of PolicyNodes representing the child nodes of the
+*  Policy Node pointed to by "node" and stores it at "pChildren". If "node"
+*  has no List of child nodes, this function stores NULL at "pChildren".
+*
+*  Note that the List returned by this function may be mutable. This function
+*  differs from the public function PKIX_PolicyNode_GetChildren in that
+*  respect. (It also differs in that the public function creates an empty
+*  List, if necessary, rather than storing NULL.)
+*
+*  During certificate processing, children Lists are created and modified.
+*  Once the list is accessed using the public call, the List is set immutable.
+*
+* PARAMETERS:
+*  "node"
+*      Address of PolicyNode whose child nodes are to be stored.
+*      Must be non-NULL.
+*  "pChildren"
+*      Address where object pointer will be stored. Must be non-NULL.
+*  "plContext"
+*      Platform-specific context pointer.
+* THREAD SAFETY:
+*  Conditionally Thread Safe
+*  (see Thread Safety Definitions in Programmer's Guide)
+* RETURNS:
+*  Returns NULL if the function succeeds.
+*  Returns a PolicyNode Error if the function fails in a non-fatal way.
+*  Returns a Fatal Error if the function fails in an unrecoverable way.
+*/
+PKIX_Error *
+pkix_PolicyNode_GetChildrenMutable(
+PKIX_PolicyNode *node,
+PKIX_List **pChildren,  /* list of PKIX_PolicyNode */
+void *plContext)
+{
+PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_GetChildrenMutable");
+PKIX_NULLCHECK_TWO(node, pChildren);
+PKIX_INCREF(node->children);
+*pChildren = node->children;
+cleanup:
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/*
+* FUNCTION: pkix_PolicyNode_Create
+* DESCRIPTION:
+*
+*  Creates a new PolicyNode using the OID pointed to by "validPolicy", the List
+*  of CertPolicyQualifiers pointed to by "qualifierSet", the criticality
+*  indicated by the Boolean value of "criticality", and the List of OIDs
+*  pointed to by "expectedPolicySet", and stores the result at "pObject". The
+*  criticality should be derived from whether the certificate policy extension
+*  was marked as critical in the certificate that led to creation of this
+*  PolicyNode. The "qualifierSet" and "expectedPolicySet" Lists are made
+*  immutable. The PolicyNode pointers to parent and to children are initialized
+*  to NULL, and the depth is set to zero; those values should be set by using
+*  the pkix_PolicyNode_AddToParent function.
+*
+* PARAMETERS
+*  "validPolicy"
+*      Address of OID of the valid policy for the path. Must be non-NULL
+*  "qualifierSet"
+*      Address of List of CertPolicyQualifiers associated with the validpolicy.
+*      May be NULL
+*  "criticality"
+*      Boolean indicator of whether the criticality should be set in this
+*      PolicyNode
+*  "expectedPolicySet"
+*      Address of List of OIDs that would satisfy this policy in the next
+*      certificate. Must be non-NULL
+*  "pObject"
+*      Address where the PolicyNode pointer will be stored. Must be non-NULL.
+*  "plContext"
+*      Platform-specific context pointer.
+* THREAD SAFETY:
+*  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+* RETURNS:
+*  Returns NULL if the function succeeds.
+*  Returns a PolicyNode Error if the function fails  in a non-fatal way.
+*  Returns a Fatal Error if the function fails in an unrecoverable way.
+*/
+PKIX_Error *
+pkix_PolicyNode_Create(
+PKIX_PL_OID *validPolicy,
+PKIX_List *qualifierSet,
+PKIX_Boolean criticality,
+PKIX_List *expectedPolicySet,
+PKIX_PolicyNode **pObject,
+void *plContext)
+{
+PKIX_PolicyNode *node = NULL;
+PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Create");
+PKIX_NULLCHECK_THREE(validPolicy, expectedPolicySet, pObject);
+PKIX_CHECK(PKIX_PL_Object_Alloc
+(PKIX_CERTPOLICYNODE_TYPE,
+sizeof (PKIX_PolicyNode),
+(PKIX_PL_Object **)&node,
+plContext),
+PKIX_COULDNOTCREATEPOLICYNODEOBJECT);
+PKIX_INCREF(validPolicy);
+node->validPolicy = validPolicy;
+PKIX_INCREF(qualifierSet);
+node->qualifierSet = qualifierSet;
+if (qualifierSet) {
+PKIX_CHECK(PKIX_List_SetImmutable(qualifierSet, plContext),
+PKIX_LISTSETIMMUTABLEFAILED);
+}
+node->criticality = criticality;
+PKIX_INCREF(expectedPolicySet);
+node->expectedPolicySet = expectedPolicySet;
+PKIX_CHECK(PKIX_List_SetImmutable(expectedPolicySet, plContext),
+PKIX_LISTSETIMMUTABLEFAILED);
+node->parent = NULL;
+node->children = NULL;
+node->depth = 0;
+*pObject = node;
+node = NULL;
+cleanup:
+PKIX_DECREF(node);
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/*
+* FUNCTION: pkix_PolicyNode_AddToParent
+* DESCRIPTION:
+*
+*  Adds the PolicyNode pointed to by "child" to the List of children of
+*  the PolicyNode pointed to by "parentNode". If "parentNode" had a
+*  NULL pointer for the List of children, a new List is created containing
+*  "child". Otherwise "child" is appended to the existing List. The
+*  parent field in "child" is set to "parent", and the depth field is
+*  set to one more than the corresponding value in "parent".
+*
+*  Depth, in this context, means distance from the root node, which
+*  is at depth zero.
+*
+* PARAMETERS:
+*  "parentNode"
+*      Address of PolicyNode whose List of child PolicyNodes is to be
+*      created or appended to. Must be non-NULL.
+*  "child"
+*      Address of PolicyNode to be added to parentNode's List. Must be
+*      non-NULL.
+*  "plContext"
+*      Platform-specific context pointer.
+* THREAD SAFETY:
+*  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+* RETURNS:
+*  Returns NULL if the function succeeds.
+*  Returns a PolicyNode Error if the function fails in a non-fatal way.
+*  Returns a Fatal Error if the function fails in an unrecoverable way.
+*/
+PKIX_Error *
+pkix_PolicyNode_AddToParent(
+PKIX_PolicyNode *parentNode,
+PKIX_PolicyNode *child,
+void *plContext)
+{
+PKIX_List *listOfChildren = NULL;
+PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_AddToParent");
+PKIX_NULLCHECK_TWO(parentNode, child);
+listOfChildren = parentNode->children;
+if (listOfChildren == NULL) {
+PKIX_CHECK(PKIX_List_Create(&listOfChildren, plContext),
+PKIX_LISTCREATEFAILED);
+parentNode->children = listOfChildren;
+}
+/*
+* Note: this link is not reference-counted. The link from parent
+* to child is counted (actually, the parent "owns" a List which
+* "owns" children), but the children do not "own" the parent.
+* Otherwise, there would be loops.
+*/
+child->parent = parentNode;
+child->depth = 1 + (parentNode->depth);
+PKIX_CHECK(PKIX_List_AppendItem
+(listOfChildren, (PKIX_PL_Object *)child, plContext),
+PKIX_COULDNOTAPPENDCHILDTOPARENTSPOLICYNODELIST);
+PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+((PKIX_PL_Object *)parentNode, plContext),
+PKIX_OBJECTINVALIDATECACHEFAILED);
+PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+((PKIX_PL_Object *)child, plContext),
+PKIX_OBJECTINVALIDATECACHEFAILED);
+cleanup:
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/*
+* FUNCTION: pkix_PolicyNode_Prune
+* DESCRIPTION:
+*
+*  Prunes a tree below the PolicyNode whose address is pointed to by "node",
+*  using the UInt32 value of "height" as the distance from the leaf level,
+*  and storing at "pDelete" the Boolean value of whether this PolicyNode is,
+*  after pruning, childless and should be pruned.
+*
+*  Any PolicyNode at height 0 is allowed to survive. If the height is greater
+*  than zero, pkix_PolicyNode_Prune is called recursively for each child of
+*  the current PolicyNode. After this process, a node with no children
+*  stores PKIX_TRUE in "pDelete" to indicate that it should be deleted.
+*
+* PARAMETERS:
+*  "node"
+*      Address of the PolicyNode to be pruned. Must be non-NULL.
+*  "height"
+*      UInt32 value for the distance from the leaf level
+*  "pDelete"
+*      Address to store the Boolean return value of PKIX_TRUE if this node
+*      should be pruned, or PKIX_FALSE if there remains at least one
+*      branch of the required height. Must be non-NULL.
+*  "plContext"
+*      Platform-specific context pointer.
+* THREAD SAFETY:
+*  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+* RETURNS:
+*  Returns NULL if the function succeeds.
+*  Returns a PolicyNode Error if the function fails in a non-fatal way.
+*  Returns a Fatal Error if the function fails in an unrecoverable way.
+*/
+PKIX_Error *
+pkix_PolicyNode_Prune(
+PKIX_PolicyNode *node,
+PKIX_UInt32 height,
+PKIX_Boolean *pDelete,
+void *plContext)
+{
+PKIX_Boolean childless = PKIX_FALSE;
+PKIX_Boolean shouldBePruned = PKIX_FALSE;
+PKIX_UInt32 listSize = 0;
+PKIX_UInt32 listIndex = 0;
+PKIX_PolicyNode *candidate = NULL;
+PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Prune");
+PKIX_NULLCHECK_TWO(node, pDelete);
+/* Don't prune at the leaf */
+if (height == 0) {
+goto cleanup;
+}
+/* Above the bottom level, childless nodes get pruned */
+if (!(node->children)) {
+childless = PKIX_TRUE;
+goto cleanup;
+}
+/*
+* This node has children. If they are leaf nodes,
+* we know they will live. Otherwise, check them out.
+*/
+if (height > 1) {
+PKIX_CHECK(PKIX_List_GetLength
+(node->children, &listSize, plContext),
+PKIX_LISTGETLENGTHFAILED);
+/*
+* By working backwards from the end of the list,
+* we avoid having to worry about possible
+* decreases in the size of the list, as we
+* delete items. The only nuisance is that since the
+* index is UInt32, we can't check for it to reach -1;
+* we have to use the 1-based index, rather than the
+* 0-based index that PKIX_List functions require.
+*/
+for (listIndex = listSize; listIndex > 0; listIndex--) {
+PKIX_CHECK(PKIX_List_GetItem
+(node->children,
+(listIndex - 1),
+(PKIX_PL_Object **)&candidate,
+plContext),
+PKIX_LISTGETITEMFAILED);
+PKIX_CHECK(pkix_PolicyNode_Prune
+(candidate,
+height - 1,
+&shouldBePruned,
+plContext),
+PKIX_POLICYNODEPRUNEFAILED);
+if (shouldBePruned == PKIX_TRUE) {
+PKIX_CHECK(PKIX_List_DeleteItem
+(node->children,
+(listIndex - 1),
+plContext),
+PKIX_LISTDELETEITEMFAILED);
+}
+PKIX_DECREF(candidate);
+}
+}
+/* Prune if this node has *become* childless */
+PKIX_CHECK(PKIX_List_GetLength
+(node->children, &listSize, plContext),
+PKIX_LISTGETLENGTHFAILED);
+if (listSize == 0) {
+childless = PKIX_TRUE;
+}
+/*
+* Even if we did not change this node, or any of its children,
+* maybe a [great-]*grandchild was pruned.
+*/
+PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+((PKIX_PL_Object *)node, plContext),
+PKIX_OBJECTINVALIDATECACHEFAILED);
+cleanup:
+*pDelete = childless;
+PKIX_DECREF(candidate);
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/*
+* FUNCTION: pkix_SinglePolicyNode_ToString
+* DESCRIPTION:
+*
+*  Creates a String representation of the attributes of the PolicyNode
+*  pointed to by "node", other than its parents or children, and
+*  stores the result at "pString".
+*
+* PARAMETERS:
+*  "node"
+*      Address of PolicyNode to be described by the string. Must be non-NULL.
+*  "pString"
+*      Address where object pointer will be stored. Must be non-NULL.
+*  "plContext"
+*      Platform-specific context pointer.
+* THREAD SAFETY:
+*  Conditionally Thread Safe
+*  (see Thread Safety Definitions in Programmer's Guide)
+* RETURNS:
+*  Returns NULL if function succeeds
+*  Returns a PolicyNode Error if the function fails in a non-fatal way.
+*  Returns a Fatal Error if the function fails in a fatal way
+*/
+PKIX_Error *
+pkix_SinglePolicyNode_ToString(
+PKIX_PolicyNode *node,
+PKIX_PL_String **pString,
+void *plContext)
+{
+PKIX_PL_String *fmtString = NULL;
+PKIX_PL_String *validString = NULL;
+PKIX_PL_String *qualifierString = NULL;
+PKIX_PL_String *criticalityString = NULL;
+PKIX_PL_String *expectedString = NULL;
+PKIX_PL_String *outString = NULL;
+PKIX_ENTER(CERTPOLICYNODE, "pkix_SinglePolicyNode_ToString");
+PKIX_NULLCHECK_TWO(node, pString);
+PKIX_NULLCHECK_TWO(node->validPolicy, node->expectedPolicySet);
+PKIX_CHECK(PKIX_PL_String_Create
+(PKIX_ESCASCII,
+"{%s,%s,%s,%s,%d}",
+0,
+&fmtString,
+plContext),
+PKIX_CANTCREATESTRING);
+PKIX_CHECK(PKIX_PL_Object_ToString
+((PKIX_PL_Object *)(node->validPolicy),
+&validString,
+plContext),
+PKIX_OIDTOSTRINGFAILED);
+PKIX_CHECK(PKIX_PL_Object_ToString
+((PKIX_PL_Object *)(node->expectedPolicySet),
+&expectedString,
+plContext),
+PKIX_LISTTOSTRINGFAILED);
+if (node->qualifierSet) {
+PKIX_CHECK(PKIX_PL_Object_ToString
+((PKIX_PL_Object *)(node->qualifierSet),
+&qualifierString,
+plContext),
+PKIX_LISTTOSTRINGFAILED);
+} else {
+PKIX_CHECK(PKIX_PL_String_Create
+(PKIX_ESCASCII,
+"{}",
+0,
+&qualifierString,
+plContext),
+PKIX_CANTCREATESTRING);
+}
+PKIX_CHECK(PKIX_PL_String_Create
+(PKIX_ESCASCII,
+(node->criticality)?"Critical":"Not Critical",
+0,
+&criticalityString,
+plContext),
+PKIX_CANTCREATESTRING);
+PKIX_CHECK(PKIX_PL_Sprintf
+(&outString,
+plContext,
+fmtString,
+validString,
+qualifierString,
+criticalityString,
+expectedString,
+node->depth),
+PKIX_SPRINTFFAILED);
+*pString = outString;
+cleanup:
+PKIX_DECREF(fmtString);
+PKIX_DECREF(validString);
+PKIX_DECREF(qualifierString);
+PKIX_DECREF(criticalityString);
+PKIX_DECREF(expectedString);
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/*
+* FUNCTION: pkix_PolicyNode_ToString_Helper
+* DESCRIPTION:
+*
+*  Produces a String representation of a PolicyNode tree below the PolicyNode
+*  pointed to by "rootNode", with each line of output prefixed by the String
+*  pointed to by "indent", and stores the result at "pTreeString". It is
+*  called recursively, with ever-increasing indentation, for successively
+*  lower nodes on the tree.
+*
+* PARAMETERS:
+*  "rootNode"
+*      Address of PolicyNode subtree. Must be non-NULL.
+*  "indent"
+*      Address of String to be prefixed to each line of output. May be NULL
+*      if no indentation is desired
+*  "pTreeString"
+*      Address where the resulting String will be stored; must be non-NULL
+*  "plContext"
+*      Platform-specific context pointer.
+* THREAD SAFETY:
+*  Conditionally Thread Safe
+*  (see Thread Safety Definitions in Programmer's Guide)
+* RETURNS:
+*  Returns NULL if the function succeeds.
+*  Returns a PolicyNode Error if the function fails in a non-fatal way.
+*  Returns a Fatal Error if the function fails in an unrecoverable way.
+*/
+static PKIX_Error *
+pkix_PolicyNode_ToString_Helper(
+PKIX_PolicyNode *rootNode,
+PKIX_PL_String *indent,
+PKIX_PL_String **pTreeString,
+void *plContext)
+{
+PKIX_PL_String *nextIndentFormat = NULL;
+PKIX_PL_String *thisNodeFormat = NULL;
+PKIX_PL_String *childrenFormat = NULL;
+PKIX_PL_String *nextIndentString = NULL;
+PKIX_PL_String *resultString = NULL;
+PKIX_PL_String *thisItemString = NULL;
+PKIX_PL_String *childString = NULL;
+PKIX_PolicyNode *childNode = NULL;
+PKIX_UInt32 numberOfChildren = 0;
+PKIX_UInt32 childIndex = 0;
+PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_ToString_Helper");
+PKIX_NULLCHECK_TWO(rootNode, pTreeString);
+/* Create a string for this node */
+PKIX_CHECK(pkix_SinglePolicyNode_ToString
+(rootNode, &thisItemString, plContext),
+PKIX_ERRORINSINGLEPOLICYNODETOSTRING);
+if (indent) {
+PKIX_CHECK(PKIX_PL_String_Create
+(PKIX_ESCASCII,
+"%s%s",
+0,
+&thisNodeFormat,
+plContext),
+PKIX_ERRORCREATINGFORMATSTRING);
+PKIX_CHECK(PKIX_PL_Sprintf
+(&resultString,
+plContext,
+thisNodeFormat,
+indent,
+thisItemString),
+PKIX_ERRORINSPRINTF);
+} else {
+PKIX_CHECK(PKIX_PL_String_Create
+(PKIX_ESCASCII,
+"%s",
+0,
+&thisNodeFormat,
+plContext),
+PKIX_ERRORCREATINGFORMATSTRING);
+PKIX_CHECK(PKIX_PL_Sprintf
+(&resultString,
+plContext,
+thisNodeFormat,
+thisItemString),
+PKIX_ERRORINSPRINTF);
+}
+PKIX_DECREF(thisItemString);
+thisItemString = resultString;
+/* if no children, we are done */
+if (rootNode->children) {
+PKIX_CHECK(PKIX_List_GetLength
+(rootNode->children, &numberOfChildren, plContext),
+PKIX_LISTGETLENGTHFAILED);
+}
+if (numberOfChildren != 0) {
+/*
+* We create a string for each child in turn,
+* concatenating them to thisItemString.
+*/
+/* Prepare an indent string for each child */
+if (indent) {
+PKIX_CHECK(PKIX_PL_String_Create
+(PKIX_ESCASCII,
+"%s. ",
+0,
+&nextIndentFormat,
+plContext),
+PKIX_ERRORCREATINGFORMATSTRING);
+PKIX_CHECK(PKIX_PL_Sprintf
+(&nextIndentString,
+plContext,
+nextIndentFormat,
+indent),
+PKIX_ERRORINSPRINTF);
+} else {
+PKIX_CHECK(PKIX_PL_String_Create
+(PKIX_ESCASCII,
+". ",
+0,
+&nextIndentString,
+plContext),
+PKIX_ERRORCREATINGINDENTSTRING);
+}
+/* Prepare the format for concatenation. */
+PKIX_CHECK(PKIX_PL_String_Create
+(PKIX_ESCASCII,
+"%s\n%s",
+0,
+&childrenFormat,
+plContext),
+PKIX_ERRORCREATINGFORMATSTRING);
+for (childIndex = 0;
+childIndex < numberOfChildren;
+childIndex++) {
+PKIX_CHECK(PKIX_List_GetItem
+(rootNode->children,
+childIndex,
+(PKIX_PL_Object **)&childNode,
+plContext),
+PKIX_LISTGETITEMFAILED);
+PKIX_CHECK(pkix_PolicyNode_ToString_Helper
+(childNode,
+nextIndentString,
+&childString,
+plContext),
+PKIX_ERRORCREATINGCHILDSTRING);
+PKIX_CHECK(PKIX_PL_Sprintf
+(&resultString,
+plContext,
+childrenFormat,
+thisItemString,
+childString),
+PKIX_ERRORINSPRINTF);
+PKIX_DECREF(childNode);
+PKIX_DECREF(childString);
+PKIX_DECREF(thisItemString);
+thisItemString = resultString;
+}
+}
+*pTreeString = thisItemString;
+cleanup:
+if (PKIX_ERROR_RECEIVED) {
+PKIX_DECREF(thisItemString);
+}
+PKIX_DECREF(nextIndentFormat);
+PKIX_DECREF(thisNodeFormat);
+PKIX_DECREF(childrenFormat);
+PKIX_DECREF(nextIndentString);
+PKIX_DECREF(childString);
+PKIX_DECREF(childNode);
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/*
+* FUNCTION: pkix_PolicyNode_ToString
+* (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+*/
+static PKIX_Error *
+pkix_PolicyNode_ToString(
+PKIX_PL_Object *object,
+PKIX_PL_String **pTreeString,
+void *plContext)
+{
+PKIX_PolicyNode *rootNode = NULL;
+PKIX_PL_String *resultString = NULL;
+PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_ToString");
+PKIX_NULLCHECK_TWO(object, pTreeString);
+PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYNODE_TYPE, plContext),
+PKIX_OBJECTNOTPOLICYNODE);
+rootNode = (PKIX_PolicyNode *)object;
+PKIX_CHECK(pkix_PolicyNode_ToString_Helper
+(rootNode, NULL, &resultString, plContext),
+PKIX_ERRORCREATINGSUBTREESTRING);
+*pTreeString = resultString;
+cleanup:
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/*
+* FUNCTION: pkix_PolicyNode_Destroy
+* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+*/
+static PKIX_Error *
+pkix_PolicyNode_Destroy(
+PKIX_PL_Object *object,
+void *plContext)
+{
+PKIX_PolicyNode *node = NULL;
+PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Destroy");
+PKIX_NULLCHECK_ONE(object);
+PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYNODE_TYPE, plContext),
+PKIX_OBJECTNOTPOLICYNODE);
+node = (PKIX_PolicyNode*)object;
+node->criticality = PKIX_FALSE;
+PKIX_DECREF(node->validPolicy);
+PKIX_DECREF(node->qualifierSet);
+PKIX_DECREF(node->expectedPolicySet);
+PKIX_DECREF(node->children);
+/*
+* Note: the link to parent is not reference-counted. See comment
+* in pkix_PolicyNode_AddToParent for more details.
+*/
+node->parent = NULL;
+node->depth = 0;
+cleanup:
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/*
+* FUNCTION: pkix_SinglePolicyNode_Hashcode
+* DESCRIPTION:
+*
+*  Computes the hashcode of the attributes of the PolicyNode pointed to by
+*  "node", other than its parents and children, and stores the result at
+*  "pHashcode".
+*
+* PARAMETERS:
+*  "node"
+*      Address of PolicyNode to be hashcoded; must be non-NULL
+*  "pHashcode"
+*      Address where UInt32 result will be stored; must be non-NULL
+*  "plContext"
+*      Platform-specific context pointer.
+* THREAD SAFETY:
+*  Conditionally Thread Safe
+*  (see Thread Safety Definitions in Programmer's Guide)
+* RETURNS:
+*  Returns NULL if function succeeds
+*  Returns a PolicyNode Error if the function fails in a non-fatal way.
+*  Returns a Fatal Error if the function fails in a fatal way
+*/
+static PKIX_Error *
+pkix_SinglePolicyNode_Hashcode(
+PKIX_PolicyNode *node,
+PKIX_UInt32 *pHashcode,
+void *plContext)
+{
+PKIX_UInt32 componentHash = 0;
+PKIX_UInt32 nodeHash = 0;
+PKIX_ENTER(CERTPOLICYNODE, "pkix_SinglePolicyNode_Hashcode");
+PKIX_NULLCHECK_TWO(node, pHashcode);
+PKIX_NULLCHECK_TWO(node->validPolicy, node->expectedPolicySet);
+PKIX_HASHCODE
+(node->qualifierSet,
+&nodeHash,
+plContext,
+PKIX_FAILUREHASHINGLISTQUALIFIERSET);
+if (PKIX_TRUE == (node->criticality)) {
+nodeHash = 31*nodeHash + 0xff;
+} else {
+nodeHash = 31*nodeHash + 0x00;
+}
+PKIX_CHECK(PKIX_PL_Object_Hashcode
+((PKIX_PL_Object *)node->validPolicy,
+&componentHash,
+plContext),
+PKIX_FAILUREHASHINGOIDVALIDPOLICY);
+nodeHash = 31*nodeHash + componentHash;
+PKIX_CHECK(PKIX_PL_Object_Hashcode
+((PKIX_PL_Object *)node->expectedPolicySet,
+&componentHash,
+plContext),
+PKIX_FAILUREHASHINGLISTEXPECTEDPOLICYSET);
+nodeHash = 31*nodeHash + componentHash;
+*pHashcode = nodeHash;
+cleanup:
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/*
+* FUNCTION: pkix_PolicyNode_Hashcode
+* (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+*/
+static PKIX_Error *
+pkix_PolicyNode_Hashcode(
+PKIX_PL_Object *object,
+PKIX_UInt32 *pHashcode,
+void *plContext)
+{
+PKIX_PolicyNode *node = NULL;
+PKIX_UInt32 childrenHash = 0;
+PKIX_UInt32 nodeHash = 0;
+PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Hashcode");
+PKIX_NULLCHECK_TWO(object, pHashcode);
+PKIX_CHECK(pkix_CheckType
+(object, PKIX_CERTPOLICYNODE_TYPE, plContext),
+PKIX_OBJECTNOTPOLICYNODE);
+node = (PKIX_PolicyNode *)object;
+PKIX_CHECK(pkix_SinglePolicyNode_Hashcode
+(node, &nodeHash, plContext),
+PKIX_SINGLEPOLICYNODEHASHCODEFAILED);
+nodeHash = 31*nodeHash + (PKIX_UInt32)(node->parent);
+PKIX_HASHCODE
+(node->children,
+&childrenHash,
+plContext,
+PKIX_OBJECTHASHCODEFAILED);
+nodeHash = 31*nodeHash + childrenHash;
+*pHashcode = nodeHash;
+cleanup:
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/*
+* FUNCTION: pkix_SinglePolicyNode_Equals
+* DESCRIPTION:
+*
+*  Compares for equality the components of the PolicyNode pointed to by
+*  "firstPN", other than its parents and children, with those of the
+*  PolicyNode pointed to by "secondPN" and stores the result at "pResult"
+*  (PKIX_TRUE if equal; PKIX_FALSE if not).
+*
+* PARAMETERS:
+*  "firstPN"
+*      Address of first of the PolicyNodes to be compared; must be non-NULL
+*  "secondPN"
+*      Address of second of the PolicyNodes to be compared; must be non-NULL
+*  "pResult"
+*      Address where Boolean will be stored; must be non-NULL
+*  "plContext"
+*      Platform-specific context pointer.
+* THREAD SAFETY:
+*  Conditionally Thread Safe
+*  (see Thread Safety Definitions in Programmer's Guide)
+* RETURNS:
+*  Returns NULL if function succeeds
+*  Returns a PolicyNode Error if the function fails in a non-fatal way.
+*  Returns a Fatal Error if the function fails in a fatal way
+*/
+static PKIX_Error *
+pkix_SinglePolicyNode_Equals(
+PKIX_PolicyNode *firstPN,
+PKIX_PolicyNode *secondPN,
+PKIX_Boolean *pResult,
+void *plContext)
+{
+PKIX_Boolean compResult = PKIX_FALSE;
+PKIX_ENTER(CERTPOLICYNODE, "pkix_SinglePolicyNode_Equals");
+PKIX_NULLCHECK_THREE(firstPN, secondPN, pResult);
+/* If both references are identical, they must be equal */
+if (firstPN == secondPN) {
+compResult = PKIX_TRUE;
+goto cleanup;
+}
+/*
+* It seems we have to do the comparisons. Do
+* the easiest ones first.
+*/
+if ((firstPN->criticality) != (secondPN->criticality)) {
+goto cleanup;
+}
+if ((firstPN->depth) != (secondPN->depth)) {
+goto cleanup;
+}
+PKIX_EQUALS
+(firstPN->qualifierSet,
+secondPN->qualifierSet,
+&compResult,
+plContext,
+PKIX_OBJECTEQUALSFAILED);
+if (compResult == PKIX_FALSE) {
+goto cleanup;
+}
+/* These fields must be non-NULL */
+PKIX_NULLCHECK_TWO(firstPN->validPolicy, secondPN->validPolicy);
+PKIX_EQUALS
+(firstPN->validPolicy,
+secondPN->validPolicy,
+&compResult,
+plContext,
+PKIX_OBJECTEQUALSFAILED);
+if (compResult == PKIX_FALSE) {
+goto cleanup;
+}
+/* These fields must be non-NULL */
+PKIX_NULLCHECK_TWO
+(firstPN->expectedPolicySet, secondPN->expectedPolicySet);
+PKIX_EQUALS
+(firstPN->expectedPolicySet,
+secondPN->expectedPolicySet,
+&compResult,
+plContext,
+PKIX_OBJECTEQUALSFAILEDONEXPECTEDPOLICYSETS);
+cleanup:
+*pResult = compResult;
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/*
+* FUNCTION: pkix_PolicyNode_Equals
+* (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+*/
+static PKIX_Error *
+pkix_PolicyNode_Equals(
+PKIX_PL_Object *firstObject,
+PKIX_PL_Object *secondObject,
+PKIX_Boolean *pResult,
+void *plContext)
+{
+PKIX_PolicyNode *firstPN = NULL;
+PKIX_PolicyNode *secondPN = NULL;
+PKIX_UInt32 secondType;
+PKIX_Boolean compResult = PKIX_FALSE;
+PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Equals");
+PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+/* test that firstObject is a PolicyNode */
+PKIX_CHECK(pkix_CheckType
+(firstObject, PKIX_CERTPOLICYNODE_TYPE, plContext),
+PKIX_FIRSTOBJECTNOTPOLICYNODE);
+/*
+* Since we know firstObject is a PolicyNode,
+* if both references are identical, they must be equal
+*/
+if (firstObject == secondObject){
+compResult = PKIX_TRUE;
+goto cleanup;
+}
+/*
+* If secondObject isn't a PolicyNode, we
+* don't throw an error. We simply return FALSE.
+*/
+PKIX_CHECK(PKIX_PL_Object_GetType
+(secondObject, &secondType, plContext),
+PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+if (secondType != PKIX_CERTPOLICYNODE_TYPE) {
+goto cleanup;
+}
+/*
+* Oh, well, we have to do the comparisons. Do
+* the easiest ones first.
+*/
+firstPN = (PKIX_PolicyNode *)firstObject;
+secondPN = (PKIX_PolicyNode *)secondObject;
+/*
+* We don't require the parents to be identical. In the
+* course of traversing the tree, we will have checked the
+* attributes of the parent nodes, and checking the lists
+* of children will determine whether they match.
+*/
+PKIX_EQUALS
+(firstPN->children,
+secondPN->children,
+&compResult,
+plContext,
+PKIX_OBJECTEQUALSFAILEDONCHILDREN);
+if (compResult == PKIX_FALSE) {
+goto cleanup;
+}
+PKIX_CHECK(pkix_SinglePolicyNode_Equals
+(firstPN, secondPN, &compResult, plContext),
+PKIX_SINGLEPOLICYNODEEQUALSFAILED);
+cleanup:
+*pResult = compResult;
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/*
+* FUNCTION: pkix_PolicyNode_DuplicateHelper
+* DESCRIPTION:
+*
+*  Duplicates the PolicyNode whose address is pointed to by "original",
+*  and stores the result at "pNewNode", if a non-NULL pointer is provided
+*  for "pNewNode". In addition, the created PolicyNode is added as a child
+*  to "parent", if a non-NULL pointer is provided for "parent". Then this
+*  function is called recursively to duplicate each of the children of
+*  "original". At the top level this function is called with a null
+*  "parent" and a non-NULL "pNewNode". Below the top level "parent" will
+*  be non-NULL and "pNewNode" will be NULL.
+*
+* PARAMETERS:
+*  "original"
+*      Address of PolicyNode to be copied; must be non-NULL
+*  "parent"
+*      Address of PolicyNode to which the created node is to be added as a
+*      child; NULL for the top-level call and non-NULL below the top level
+*  "pNewNode"
+*      Address to store the node created; should be NULL if "parent" is
+*      non-NULL and vice versa
+*  "plContext"
+*      Platform-specific context pointer.
+* THREAD SAFETY:
+*  Conditionally Thread Safe
+*  (see Thread Safety Definitions in Programmer's Guide)
+* RETURNS:
+*  Returns NULL if function succeeds
+*  Returns a PolicyNode Error if the function fails in a non-fatal way.
+*  Returns a Fatal Error if the function fails in a fatal way
+*/
+static PKIX_Error *
+pkix_PolicyNode_DuplicateHelper(
+PKIX_PolicyNode *original,
+PKIX_PolicyNode *parent,
+PKIX_PolicyNode **pNewNode,
+void *plContext)
+{
+PKIX_UInt32 numChildren = 0;
+PKIX_UInt32 childIndex = 0;
+PKIX_List *children = NULL; /* List of PKIX_PolicyNode */
+PKIX_PolicyNode *copy = NULL;
+PKIX_PolicyNode *child = NULL;
+PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_DuplicateHelper");
+PKIX_NULLCHECK_THREE
+(original, original->validPolicy, original->expectedPolicySet);
+/*
+* These components are immutable, so copying the pointers
+* is sufficient. The create function increments the reference
+* counts as it stores the pointers into the new object.
+*/
+PKIX_CHECK(pkix_PolicyNode_Create
+(original->validPolicy,
+original->qualifierSet,
+original->criticality,
+original->expectedPolicySet,
+&copy,
+plContext),
+PKIX_POLICYNODECREATEFAILED);
+if (parent) {
+PKIX_CHECK(pkix_PolicyNode_AddToParent(parent, copy, plContext),
+PKIX_POLICYNODEADDTOPARENTFAILED);
+}
+/* Are there any children to duplicate? */
+children = original->children;
+if (children) {
+PKIX_CHECK(PKIX_List_GetLength(children, &numChildren, plContext),
+PKIX_LISTGETLENGTHFAILED);
+}
+for (childIndex = 0; childIndex < numChildren; childIndex++) {
+PKIX_CHECK(PKIX_List_GetItem
+(children,
+childIndex,
+(PKIX_PL_Object **)&child,
+plContext),
+PKIX_LISTGETITEMFAILED);
+PKIX_CHECK(pkix_PolicyNode_DuplicateHelper
+(child, copy, NULL, plContext),
+PKIX_POLICYNODEDUPLICATEHELPERFAILED);
+PKIX_DECREF(child);
+}
+if (pNewNode) {
+*pNewNode = copy;
+copy = NULL; /* no DecRef if we give our handle away */
+}
+cleanup:
+PKIX_DECREF(copy);
+PKIX_DECREF(child);
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/*
+* FUNCTION: pkix_PolicyNode_Duplicate
+* (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h)
+*/
+static PKIX_Error *
+pkix_PolicyNode_Duplicate(
+PKIX_PL_Object *object,
+PKIX_PL_Object **pNewObject,
+void *plContext)
+{
+PKIX_PolicyNode *original = NULL;
+PKIX_PolicyNode *copy = NULL;
+PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Duplicate");
+PKIX_NULLCHECK_TWO(object, pNewObject);
+PKIX_CHECK(pkix_CheckType
+(object, PKIX_CERTPOLICYNODE_TYPE, plContext),
+PKIX_OBJECTNOTPOLICYNODE);
+original = (PKIX_PolicyNode *)object;
+PKIX_CHECK(pkix_PolicyNode_DuplicateHelper
+(original, NULL, &copy, plContext),
+PKIX_POLICYNODEDUPLICATEHELPERFAILED);
+*pNewObject = (PKIX_PL_Object *)copy;
+cleanup:
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/*
+* FUNCTION: pkix_PolicyNode_RegisterSelf
+* DESCRIPTION:
+*
+*  Registers PKIX_CERTPOLICYNODE_TYPE and its related
+*  functions with systemClasses[]
+*
+* THREAD SAFETY:
+*  Not Thread Safe - for performance and complexity reasons
+*
+*  Since this function is only called by PKIX_PL_Initialize,
+*  which should only be called once, it is acceptable that
+*  this function is not thread-safe.
+*/
+PKIX_Error *
+pkix_PolicyNode_RegisterSelf(void *plContext)
+{
+extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+pkix_ClassTable_Entry entry;
+PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_RegisterSelf");
+entry.description = "PolicyNode";
+entry.objCounter = 0;
+entry.typeObjectSize = sizeof(PKIX_PolicyNode);
+entry.destructor = pkix_PolicyNode_Destroy;
+entry.equalsFunction = pkix_PolicyNode_Equals;
+entry.hashcodeFunction = pkix_PolicyNode_Hashcode;
+entry.toStringFunction = pkix_PolicyNode_ToString;
+entry.comparator = NULL;
+entry.duplicateFunction = pkix_PolicyNode_Duplicate;
+systemClasses[PKIX_CERTPOLICYNODE_TYPE] = entry;
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/* --Public-PolicyNode-Functions----------------------------------- */
+/*
+* FUNCTION: PKIX_PolicyNode_GetChildren
+* (see description of this function in pkix_results.h)
+*/
+PKIX_Error *
+PKIX_PolicyNode_GetChildren(
+PKIX_PolicyNode *node,
+PKIX_List **pChildren,  /* list of PKIX_PolicyNode */
+void *plContext)
+{
+PKIX_List *children = NULL;
+PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetChildren");
+PKIX_NULLCHECK_TWO(node, pChildren);
+PKIX_INCREF(node->children);
+children = node->children;
+if (!children) {
+PKIX_CHECK(PKIX_List_Create(&children, plContext),
+PKIX_LISTCREATEFAILED);
+}
+PKIX_CHECK(PKIX_List_SetImmutable(children, plContext),
+PKIX_LISTSETIMMUTABLEFAILED);
+*pChildren = children;
+cleanup:
+if (PKIX_ERROR_RECEIVED) {
+PKIX_DECREF(children);
+}
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/*
+* FUNCTION: PKIX_PolicyNode_GetParent
+* (see description of this function in pkix_results.h)
+*/
+PKIX_Error *
+PKIX_PolicyNode_GetParent(
+PKIX_PolicyNode *node,
+PKIX_PolicyNode **pParent,
+void *plContext)
+{
+PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetParent");
+PKIX_NULLCHECK_TWO(node, pParent);
+PKIX_INCREF(node->parent);
+*pParent = node->parent;
+cleanup:
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/*
+* FUNCTION: PKIX_PolicyNode_GetValidPolicy
+* (see description of this function in pkix_results.h)
+*/
+PKIX_Error *
+PKIX_PolicyNode_GetValidPolicy(
+PKIX_PolicyNode *node,
+PKIX_PL_OID **pValidPolicy,
+void *plContext)
+{
+PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetValidPolicy");
+PKIX_NULLCHECK_TWO(node, pValidPolicy);
+PKIX_INCREF(node->validPolicy);
+*pValidPolicy = node->validPolicy;
+cleanup:
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/*
+* FUNCTION: PKIX_PolicyNode_GetPolicyQualifiers
+* (see description of this function in pkix_results.h)
+*/
+PKIX_Error *
+PKIX_PolicyNode_GetPolicyQualifiers(
+PKIX_PolicyNode *node,
+PKIX_List **pQualifiers,  /* list of PKIX_PL_CertPolicyQualifier */
+void *plContext)
+{
+PKIX_List *qualifiers = NULL;
+PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetPolicyQualifiers");
+PKIX_NULLCHECK_TWO(node, pQualifiers);
+PKIX_INCREF(node->qualifierSet);
+qualifiers = node->qualifierSet;
+if (!qualifiers) {
+PKIX_CHECK(PKIX_List_Create(&qualifiers, plContext),
+PKIX_LISTCREATEFAILED);
+}
+PKIX_CHECK(PKIX_List_SetImmutable(qualifiers, plContext),
+PKIX_LISTSETIMMUTABLEFAILED);
+*pQualifiers = qualifiers;
+cleanup:
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/*
+* FUNCTION: PKIX_PolicyNode_GetExpectedPolicies
+* (see description of this function in pkix_results.h)
+*/
+PKIX_Error *
+PKIX_PolicyNode_GetExpectedPolicies(
+PKIX_PolicyNode *node,
+PKIX_List **pExpPolicies,  /* list of PKIX_PL_OID */
+void *plContext)
+{
+PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetExpectedPolicies");
+PKIX_NULLCHECK_TWO(node, pExpPolicies);
+PKIX_INCREF(node->expectedPolicySet);
+*pExpPolicies = node->expectedPolicySet;
+cleanup:
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/*
+* FUNCTION: PKIX_PolicyNode_IsCritical
+* (see description of this function in pkix_results.h)
+*/
+PKIX_Error *
+PKIX_PolicyNode_IsCritical(
+PKIX_PolicyNode *node,
+PKIX_Boolean *pCritical,
+void *plContext)
+{
+PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_IsCritical");
+PKIX_NULLCHECK_TWO(node, pCritical);
+*pCritical = node->criticality;
+PKIX_RETURN(CERTPOLICYNODE);
+}
+/*
+* FUNCTION: PKIX_PolicyNode_GetDepth
+* (see description of this function in pkix_results.h)
+*/
+PKIX_Error *
+PKIX_PolicyNode_GetDepth(
+PKIX_PolicyNode *node,
+PKIX_UInt32 *pDepth,
+void *plContext)
+{
+PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetDepth");
+PKIX_NULLCHECK_TWO(node, pDepth);
+*pDepth = node->depth;
+PKIX_RETURN(CERTPOLICYNODE);
+}

Mercurial > trustbridge > nss-cmake-static

comparison nss/lib/libpkix/pkix/results/pkix_policynode.c @ 0:1e5118fa0cb1