view nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.c @ 3:150b72113545

Add DBM and legacydb support
author Andre Heinecke <andre.heinecke@intevation.de>
date Tue, 05 Aug 2014 18:32:02 +0200
parents 1e5118fa0cb1
children
line wrap: on
line source
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
 * pkix_pl_crlentry.c
 *
 * CRLENTRY Function Definitions
 *
 */

#include "pkix_pl_crlentry.h"

/* --Private-CRLEntry-Functions------------------------------------- */

/*
 * FUNCTION: pkix_pl_CRLEntry_Destroy
 * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_pl_CRLEntry_Destroy(
        PKIX_PL_Object *object,
        void *plContext)
{
        PKIX_PL_CRLEntry *crlEntry = NULL;

        PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Destroy");
        PKIX_NULLCHECK_ONE(object);

        PKIX_CHECK(pkix_CheckType(object, PKIX_CRLENTRY_TYPE, plContext),
                    PKIX_OBJECTNOTCRLENTRY);

        crlEntry = (PKIX_PL_CRLEntry*)object;

        /* crlEntry->nssCrlEntry is freed by NSS when freeing CRL */
        crlEntry->userReasonCode = 0;
        crlEntry->userReasonCodeAbsent = PKIX_FALSE;
        crlEntry->nssCrlEntry = NULL;
        PKIX_DECREF(crlEntry->serialNumber);
        PKIX_DECREF(crlEntry->critExtOids);

cleanup:

        PKIX_RETURN(CRLENTRY);
}

/*
 * FUNCTION: pkix_pl_CRLEntry_ToString_Helper
 *
 * DESCRIPTION:
 *  Helper function that creates a string representation of the CRLEntry
 *  pointed to by "crlEntry" and stores it at "pString".
 *
 * PARAMETERS
 *  "crlEntry"
 *      Address of CRLEntry whose string representation is desired.
 *      Must be non-NULL.
 *  "pString"
 *      Address where object pointer will be stored. Must be non-NULL.
 *  "plContext"
 *      Platform-specific context pointer.
 * THREAD SAFETY:
 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
 * RETURNS:
 *  Returns NULL if the function succeeds.
 *  Returns a CRLEntry Error if the function fails in a non-fatal way.
 *  Returns a Fatal Error if the function fails in an unrecoverable way.
 */
PKIX_Error *
pkix_pl_CRLEntry_ToString_Helper(
        PKIX_PL_CRLEntry *crlEntry,
        PKIX_PL_String **pString,
        void *plContext)
{
        char *asciiFormat = NULL;
        PKIX_List *critExtOIDs = NULL;
        PKIX_PL_String *crlEntryString = NULL;
        PKIX_PL_String *formatString = NULL;
        PKIX_PL_String *crlSerialNumberString = NULL;
        PKIX_PL_String *crlRevocationDateString = NULL;
        PKIX_PL_String *critExtOIDsString = NULL;
        PKIX_Int32 reasonCode = 0;

        PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_ToString_Helper");
        PKIX_NULLCHECK_FOUR
                (crlEntry,
                crlEntry->serialNumber,
                crlEntry->nssCrlEntry,
                pString);

        asciiFormat =
                "\n\t[\n"
                "\tSerialNumber:    %s\n"
                "\tReasonCode:      %d\n"
                "\tRevocationDate:  %s\n"
                "\tCritExtOIDs:     %s\n"
                "\t]\n\t";

        PKIX_CHECK(PKIX_PL_String_Create
                    (PKIX_ESCASCII,
                    asciiFormat,
                    0,
                    &formatString,
                    plContext),
                    PKIX_STRINGCREATEFAILED);

        /* SerialNumber */
        PKIX_CHECK(PKIX_PL_Object_ToString
                    ((PKIX_PL_Object *)crlEntry->serialNumber,
                    &crlSerialNumberString,
                    plContext),
                    PKIX_BIGINTTOSTRINGHELPERFAILED);

        /* RevocationDate - No Date object created, use nss data directly */
        PKIX_CHECK(pkix_pl_Date_ToString_Helper
                    (&(crlEntry->nssCrlEntry->revocationDate),
                    &crlRevocationDateString,
                    plContext),
                    PKIX_DATETOSTRINGHELPERFAILED);

        /* CriticalExtensionOIDs */
        PKIX_CHECK(PKIX_PL_CRLEntry_GetCriticalExtensionOIDs
                    (crlEntry, &critExtOIDs, plContext),
                    PKIX_CRLENTRYGETCRITICALEXTENSIONOIDSFAILED);

        PKIX_TOSTRING(critExtOIDs, &critExtOIDsString, plContext,
                    PKIX_LISTTOSTRINGFAILED);

        /* Revocation Reason Code */
        PKIX_CHECK(PKIX_PL_CRLEntry_GetCRLEntryReasonCode
                            (crlEntry, &reasonCode, plContext),
                            PKIX_CRLENTRYGETCRLENTRYREASONCODEFAILED);

        PKIX_CHECK(PKIX_PL_Sprintf
                    (&crlEntryString,
                    plContext,
                    formatString,
                    crlSerialNumberString,
                    reasonCode,
                    crlRevocationDateString,
                    critExtOIDsString),
                    PKIX_SPRINTFFAILED);

        *pString = crlEntryString;

cleanup:

        PKIX_DECREF(critExtOIDs);
        PKIX_DECREF(crlSerialNumberString);
        PKIX_DECREF(crlRevocationDateString);
        PKIX_DECREF(critExtOIDsString);
        PKIX_DECREF(formatString);

        PKIX_RETURN(CRLENTRY);
}

/*
 * FUNCTION: pkix_pl_CRLEntry_ToString
 * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_pl_CRLEntry_ToString(
        PKIX_PL_Object *object,
        PKIX_PL_String **pString,
        void *plContext)
{
        PKIX_PL_String *crlEntryString = NULL;
        PKIX_PL_CRLEntry *crlEntry = NULL;

        PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_ToString");
        PKIX_NULLCHECK_TWO(object, pString);

        PKIX_CHECK(pkix_CheckType(object, PKIX_CRLENTRY_TYPE, plContext),
                    PKIX_OBJECTNOTCRLENTRY);

        crlEntry = (PKIX_PL_CRLEntry *) object;

        PKIX_CHECK(pkix_pl_CRLEntry_ToString_Helper
                    (crlEntry, &crlEntryString, plContext),
                    PKIX_CRLENTRYTOSTRINGHELPERFAILED);

        *pString = crlEntryString;

cleanup:

        PKIX_RETURN(CRLENTRY);
}

/*
 * FUNCTION: pkix_pl_CRLEntry_Extensions_Hashcode
 * DESCRIPTION:
 *
 *  For each CRL Entry extension stored at NSS structure CERTCertExtension,
 *  get its derbyte data and do the hash.
 *
 * PARAMETERS
 *  "extensions"
 *      Address of arrray of CERTCertExtension whose hash value is desired.
 *      Must be non-NULL.
 *  "pHashValue"
 *      Address where the final hash value is returned. Must be non-NULL.
 *  "plContext"
 *      Platform-specific context pointer.
 * THREAD SAFETY:
 *  Conditional Thread Safe
 *  Though the value of extensions once created is not supposed to change,
 *  it may be de-allocated while we are accessing it. But since we are
 *  validating the object, it is unlikely we or someone is de-allocating
 *  at the moment.
 * RETURNS:
 *  Returns NULL if the function succeeds.
 *  Returns an OID Error if the function fails in a non-fatal way.
 *  Returns a Fatal Error if the function fails in an unrecoverable way.
 */
static PKIX_Error *
pkix_pl_CRLEntry_Extensions_Hashcode(
        CERTCertExtension **extensions,
        PKIX_UInt32 *pHashValue,
        void *plContext)
{
        CERTCertExtension *extension = NULL;
        PLArenaPool *arena = NULL;
        PKIX_UInt32 extHash = 0;
        PKIX_UInt32 hashValue = 0;
        SECItem *derBytes = NULL;
        SECItem *resultSecItem = NULL;

        PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Extensions_Hashcode");
        PKIX_NULLCHECK_TWO(extensions, pHashValue);

        if (extensions) {

                PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_NewArena\n");
                arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
                if (arena == NULL) {
                        PKIX_ERROR(PKIX_OUTOFMEMORY);
                }

                while (*extensions) {

                        extension = *extensions++;

                        PKIX_NULLCHECK_ONE(extension);

                        PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_ArenaZNew\n");
                        derBytes = PORT_ArenaZNew(arena, SECItem);
                        if (derBytes == NULL) {
                                PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
                        }

                        PKIX_CRLENTRY_DEBUG
                                ("\t\tCalling SEC_ASN1EncodeItem\n");
                        resultSecItem = SEC_ASN1EncodeItem
                                (arena,
                                derBytes,
                                extension,
                                CERT_CertExtensionTemplate);

                        if (resultSecItem == NULL){
                                PKIX_ERROR(PKIX_SECASN1ENCODEITEMFAILED);
                        }

                        PKIX_CHECK(pkix_hash
                                (derBytes->data,
                                derBytes->len,
                                &extHash,
                                plContext),
                                PKIX_HASHFAILED);

                        hashValue += (extHash << 7);

                }
        }

        *pHashValue = hashValue;

cleanup:

        if (arena){
                /* Note that freeing the arena also frees derBytes */
                PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_FreeArena\n");
                PORT_FreeArena(arena, PR_FALSE);
                arena = NULL;
        }
        PKIX_RETURN(CRLENTRY);
}

/*
 * FUNCTION: pkix_pl_CRLEntry_Hashcode
 * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_pl_CRLEntry_Hashcode(
        PKIX_PL_Object *object,
        PKIX_UInt32 *pHashcode,
        void *plContext)
{
        SECItem *nssDate = NULL;
        PKIX_PL_CRLEntry *crlEntry = NULL;
        PKIX_UInt32 crlEntryHash;
        PKIX_UInt32 hashValue;
        PKIX_Int32 reasonCode = 0;

        PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Hashcode");
        PKIX_NULLCHECK_TWO(object, pHashcode);

        PKIX_CHECK(pkix_CheckType(object, PKIX_CRLENTRY_TYPE, plContext),
                    PKIX_OBJECTNOTCRLENTRY);

        crlEntry = (PKIX_PL_CRLEntry *)object;

        PKIX_NULLCHECK_ONE(crlEntry->nssCrlEntry);
        nssDate = &(crlEntry->nssCrlEntry->revocationDate);

        PKIX_NULLCHECK_ONE(nssDate->data);

        PKIX_CHECK(pkix_hash
                ((const unsigned char *)nssDate->data,
                nssDate->len,
                &crlEntryHash,
                plContext),
                PKIX_ERRORGETTINGHASHCODE);

        PKIX_CHECK(PKIX_PL_Object_Hashcode
                ((PKIX_PL_Object *)crlEntry->serialNumber,
                &hashValue,
                plContext),
                PKIX_OBJECTHASHCODEFAILED);

        crlEntryHash += (hashValue << 7);

        hashValue = 0;

        if (crlEntry->nssCrlEntry->extensions) {

                PKIX_CHECK(pkix_pl_CRLEntry_Extensions_Hashcode
                    (crlEntry->nssCrlEntry->extensions, &hashValue, plContext),
                    PKIX_CRLENTRYEXTENSIONSHASHCODEFAILED);
        }

        crlEntryHash += (hashValue << 7);

        PKIX_CHECK(PKIX_PL_CRLEntry_GetCRLEntryReasonCode
                (crlEntry, &reasonCode, plContext),
                PKIX_CRLENTRYGETCRLENTRYREASONCODEFAILED);

        crlEntryHash += (reasonCode + 777) << 3;

        *pHashcode = crlEntryHash;

cleanup:

        PKIX_RETURN(CRLENTRY);
}

/*
 * FUNCTION: pkix_pl_CRLENTRY_Extensions_Equals
 * DESCRIPTION:
 *
 *  Compare each extension's DERbyte data in "firstExtensions" with extension
 *  in "secondExtensions" in sequential order and store the result in
 *  "pResult".
 *
 * PARAMETERS
 *  "firstExtensions"
 *      Address of first NSS structure CERTCertExtension to be compared.
 *      Must be non-NULL.
 *  "secondExtensions"
 *      Address of second NSS structure CERTCertExtension to be compared.
 *      Must be non-NULL.
 *  "pResult"
 *      Address where the comparison result is returned. Must be non-NULL.
 *  "plContext"
 *      Platform-specific context pointer.
 * THREAD SAFETY:
 *  Conditionally Thread Safe
 *  Though the value of extensions once created is not supposed to change,
 *  it may be de-allocated while we are accessing it. But since we are
 *  validating the object, it is unlikely we or someone is de-allocating
 *  at the moment.
 * RETURNS:
 *  Returns NULL if the function succeeds.
 *  Returns an OID Error if the function fails in a non-fatal way.
 *  Returns a Fatal Error if the function fails in an unrecoverable way.
 */
static PKIX_Error *
pkix_pl_CRLEntry_Extensions_Equals(
        CERTCertExtension **extensions1,
        CERTCertExtension **extensions2,
        PKIX_Boolean *pResult,
        void *plContext)
{
        CERTCertExtension **firstExtensions;
        CERTCertExtension **secondExtensions;
        CERTCertExtension *firstExtension = NULL;
        CERTCertExtension *secondExtension = NULL;
        PLArenaPool *arena = NULL;
        PKIX_Boolean cmpResult = PKIX_FALSE;
        SECItem *firstDerBytes = NULL;
        SECItem *secondDerBytes = NULL;
        SECItem *firstResultSecItem = NULL;
        SECItem *secondResultSecItem = NULL;
        PKIX_UInt32 firstNumExt = 0;
        PKIX_UInt32 secondNumExt = 0;
        SECComparison secResult;

        PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Extensions_Equals");
        PKIX_NULLCHECK_THREE(extensions1, extensions2, pResult);

        firstExtensions = extensions1;
        secondExtensions = extensions2;

        if (firstExtensions) {
                while (*firstExtensions) {
                        firstExtension = *firstExtensions++;
                        firstNumExt++;
                }
        }

        if (secondExtensions) {
                while (*secondExtensions) {
                        secondExtension = *secondExtensions++;
                        secondNumExt++;
                }
        }

        if (firstNumExt != secondNumExt) {
                *pResult = PKIX_FALSE;
                goto cleanup;
        }

        if (firstNumExt == 0 && secondNumExt == 0) {
                *pResult = PKIX_TRUE;
                goto cleanup;
        }

        /* now have equal number, but non-zero extension items to compare */

        firstExtensions = extensions1;
        secondExtensions = extensions2;

        cmpResult = PKIX_TRUE;

        PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_NewArena\n");
        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE*2);
        if (arena == NULL) {
                PKIX_ERROR(PKIX_OUTOFMEMORY);
        }

        while (firstNumExt--) {

                firstExtension = *firstExtensions++;
                secondExtension = *secondExtensions++;

                PKIX_NULLCHECK_TWO(firstExtension, secondExtension);

                PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_ArenaZNew\n");
                firstDerBytes = PORT_ArenaZNew(arena, SECItem);
                if (firstDerBytes == NULL) {
                        PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
                }

                PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_ArenaZNew\n");
                secondDerBytes = PORT_ArenaZNew(arena, SECItem);
                if (secondDerBytes == NULL) {
                        PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
                }

                PKIX_CRLENTRY_DEBUG
                        ("\t\tCalling SEC_ASN1EncodeItem\n");
                firstResultSecItem = SEC_ASN1EncodeItem
                        (arena,
                        firstDerBytes,
                        firstExtension,
                        CERT_CertExtensionTemplate);

                if (firstResultSecItem == NULL){
                        PKIX_ERROR(PKIX_SECASN1ENCODEITEMFAILED);
                }

                PKIX_CRLENTRY_DEBUG
                        ("\t\tCalling SEC_ASN1EncodeItem\n");
                secondResultSecItem = SEC_ASN1EncodeItem
                        (arena,
                        secondDerBytes,
                        secondExtension,
                        CERT_CertExtensionTemplate);

                if (secondResultSecItem == NULL){
                        PKIX_ERROR(PKIX_SECASN1ENCODEITEMFAILED);
                }

                PKIX_CRLENTRY_DEBUG("\t\tCalling SECITEM_CompareItem\n");
                secResult = SECITEM_CompareItem
                        (firstResultSecItem, secondResultSecItem);

                if (secResult != SECEqual) {
                        cmpResult = PKIX_FALSE;
                        break;
                }

        }

        *pResult = cmpResult;

cleanup:

        if (arena){
                /* Note that freeing the arena also frees derBytes */
                PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_FreeArena\n");
                PORT_FreeArena(arena, PR_FALSE);
                arena = NULL;
        }

        PKIX_RETURN(CRLENTRY);
}

/*
 * FUNCTION: pkix_pl_CRLEntry_Equals
 * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
 */
static PKIX_Error *
pkix_pl_CRLEntry_Equals(
        PKIX_PL_Object *firstObject,
        PKIX_PL_Object *secondObject,
        PKIX_Boolean *pResult,
        void *plContext)
{
        PKIX_PL_CRLEntry *firstCrlEntry = NULL;
        PKIX_PL_CRLEntry *secondCrlEntry = NULL;
        PKIX_UInt32 secondType;
        PKIX_Boolean cmpResult = PKIX_FALSE;

        PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Equals");
        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);

        /* test that firstObject is a CRLEntry */
        PKIX_CHECK(pkix_CheckType(firstObject, PKIX_CRLENTRY_TYPE, plContext),
                PKIX_FIRSTOBJECTNOTCRLENTRY);

        firstCrlEntry = (PKIX_PL_CRLEntry *)firstObject;
        secondCrlEntry = (PKIX_PL_CRLEntry *)secondObject;

        PKIX_NULLCHECK_TWO
                (firstCrlEntry->nssCrlEntry, secondCrlEntry->nssCrlEntry);

        /*
         * Since we know firstObject is a CRLEntry, if both references are
         * identical, they must be equal
         */
        if (firstCrlEntry == secondCrlEntry){
                *pResult = PKIX_TRUE;
                goto cleanup;
        }

        /*
         * If secondCrlEntry isn't a CRL Entry, we don't throw an error.
         * We simply return a Boolean result of FALSE
         */
        *pResult = PKIX_FALSE;
        PKIX_CHECK(PKIX_PL_Object_GetType
                    ((PKIX_PL_Object *)secondCrlEntry, &secondType, plContext),
                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
        if (secondType != PKIX_CRLENTRY_TYPE) goto cleanup;

        /* Compare userSerialNumber */
        PKIX_CRLENTRY_DEBUG("\t\tCalling SECITEM_CompareItem\n");
        if (SECITEM_CompareItem(
            &(((PKIX_PL_CRLEntry *)firstCrlEntry)->nssCrlEntry->serialNumber),
            &(((PKIX_PL_CRLEntry *)secondCrlEntry)->nssCrlEntry->serialNumber))
            != SECEqual) {
                *pResult = PKIX_FALSE;
                goto cleanup;
        }

        /* Compare revocationDate */
        PKIX_CRLENTRY_DEBUG("\t\tCalling SECITEM_CompareItem\n");
        if (SECITEM_CompareItem
            (&(((PKIX_PL_CRLEntry *)firstCrlEntry)->nssCrlEntry->
                revocationDate),
            &(((PKIX_PL_CRLEntry *)secondCrlEntry)->nssCrlEntry->
                revocationDate))
            != SECEqual) {
                *pResult = PKIX_FALSE;
                goto cleanup;
        }

        /* Compare Critical Extension List */
        PKIX_CHECK(pkix_pl_CRLEntry_Extensions_Equals
                    (firstCrlEntry->nssCrlEntry->extensions,
                    secondCrlEntry->nssCrlEntry->extensions,
                    &cmpResult,
                    plContext),
                    PKIX_CRLENTRYEXTENSIONSEQUALSFAILED);

        if (cmpResult != PKIX_TRUE){
                *pResult = PKIX_FALSE;
                goto cleanup;
        }

        cmpResult = (firstCrlEntry->userReasonCode ==
                    secondCrlEntry->userReasonCode);

        *pResult = cmpResult;

cleanup:

        PKIX_RETURN(CRLENTRY);
}

/*
 * FUNCTION: pkix_pl_CRLEntry_RegisterSelf
 * DESCRIPTION:
 *  Registers PKIX_CRLEntry_TYPE and its related functions with systemClasses[]
 * THREAD SAFETY:
 *  Not Thread Safe - for performance and complexity reasons
 *
 *  Since this function is only called by PKIX_PL_Initialize, which should
 *  only be called once, it is acceptable that this function is not
 *  thread-safe.
 */
PKIX_Error *
pkix_pl_CRLEntry_RegisterSelf(void *plContext)
{

        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
        pkix_ClassTable_Entry entry;

        PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_RegisterSelf");

        entry.description = "CRLEntry";
        entry.objCounter = 0;
        entry.typeObjectSize = sizeof(PKIX_PL_CRLEntry);
        entry.destructor = pkix_pl_CRLEntry_Destroy;
        entry.equalsFunction = pkix_pl_CRLEntry_Equals;
        entry.hashcodeFunction = pkix_pl_CRLEntry_Hashcode;
        entry.toStringFunction = pkix_pl_CRLEntry_ToString;
        entry.comparator = NULL;
        entry.duplicateFunction = pkix_duplicateImmutable;

        systemClasses[PKIX_CRLENTRY_TYPE] = entry;

        PKIX_RETURN(CRLENTRY);
}

/*
 * FUNCTION: pkix_pl_CRLEntry_CreateEntry
 * DESCRIPTION:
 *
 *  Creates a new CRLEntry using the CertCrlEntry pointed to by "nssCrlEntry"
 *  and stores it at "pCrlEntry". Once created, a CRLEntry is immutable.
 *
 *  revokedCertificates SEQUENCE OF SEQUENCE  {
 *              userCertificate         CertificateSerialNumber,
 *              revocationDate          Time,
 *              crlEntryExtensions      Extensions OPTIONAL
 *                                      -- if present, MUST be v2
 *
 * PARAMETERS:
 *  "nssCrlEntry"
 *      Address of CERTCrlEntry representing an NSS CRL entry.
 *      Must be non-NULL.
 *  "pCrlEntry"
 *      Address where object pointer will be stored. Must be non-NULL.
 *  "plContext"
 *      Platform-specific context pointer.
 * THREAD SAFETY:
 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
 * RETURNS:
 *  Returns NULL if the function succeeds.
 *  Returns a CRLEntry Error if the function fails in a non-fatal way.
 *  Returns a Fatal Error if the function fails in an unrecoverable way.
 */
static PKIX_Error *
pkix_pl_CRLEntry_CreateEntry(
        CERTCrlEntry *nssCrlEntry, /* entry data to be created from */
        PKIX_PL_CRLEntry **pCrlEntry,
        void *plContext)
{
        PKIX_PL_CRLEntry *crlEntry = NULL;

        PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_CreateEntry");
        PKIX_NULLCHECK_TWO(nssCrlEntry, pCrlEntry);

        PKIX_CHECK(PKIX_PL_Object_Alloc
                    (PKIX_CRLENTRY_TYPE,
                    sizeof (PKIX_PL_CRLEntry),
                    (PKIX_PL_Object **)&crlEntry,
                    plContext),
                    PKIX_COULDNOTCREATECRLENTRYOBJECT);

        crlEntry->nssCrlEntry = nssCrlEntry;
        crlEntry->serialNumber = NULL;
        crlEntry->critExtOids = NULL;
        crlEntry->userReasonCode = 0;
        crlEntry->userReasonCodeAbsent = PKIX_FALSE;

        *pCrlEntry = crlEntry;

cleanup:

        PKIX_RETURN(CRLENTRY);
}

/*
 * FUNCTION: pkix_pl_CRLEntry_Create
 * DESCRIPTION:
 *
 *  Creates a List of CRLEntries using the array of CERTCrlEntries pointed to
 *  by "nssCrlEntries" and stores it at "pCrlEntryList". If "nssCrlEntries" is
 *  NULL, this function stores an empty List at "pCrlEntryList".
 *                              }
 * PARAMETERS:
 *  "nssCrlEntries"
 *      Address of array of CERTCrlEntries representing NSS CRL entries.
 *      Can be NULL if CRL has no NSS CRL entries.
 *  "pCrlEntryList"
 *      Address where object pointer will be stored. Must be non-NULL.
 *  "plContext"
 *      Platform-specific context pointer.
 * THREAD SAFETY:
 *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
 * RETURNS:
 *  Returns NULL if the function succeeds.
 *  Returns a CRLEntry Error if the function fails in a non-fatal way.
 *  Returns a Fatal Error if the function fails in an unrecoverable way.
 */
PKIX_Error *
pkix_pl_CRLEntry_Create(
        CERTCrlEntry **nssCrlEntries, /* head of entry list */
        PKIX_List **pCrlEntryList,
        void *plContext)
{
        PKIX_List *entryList = NULL;
        PKIX_PL_CRLEntry *crlEntry = NULL;
        CERTCrlEntry **entries = NULL;
        SECItem serialNumberItem;
        PKIX_PL_BigInt *serialNumber;
        char *bytes = NULL;
        PKIX_UInt32 length;

        PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Create");
        PKIX_NULLCHECK_ONE(pCrlEntryList);

        entries = nssCrlEntries;

        PKIX_CHECK(PKIX_List_Create(&entryList, plContext),
                    PKIX_LISTCREATEFAILED);

        if (entries) {
            while (*entries){
                PKIX_CHECK(pkix_pl_CRLEntry_CreateEntry
                            (*entries, &crlEntry, plContext),
                            PKIX_COULDNOTCREATECRLENTRYOBJECT);

                /* Get Serial Number */
                serialNumberItem = (*entries)->serialNumber;
                length = serialNumberItem.len;
                bytes = (char *)serialNumberItem.data;

                PKIX_CHECK(pkix_pl_BigInt_CreateWithBytes
                            (bytes, length, &serialNumber, plContext),
                            PKIX_BIGINTCREATEWITHBYTESFAILED);

                crlEntry->serialNumber = serialNumber;
                crlEntry->nssCrlEntry = *entries;

                PKIX_CHECK(PKIX_List_AppendItem
                            (entryList, (PKIX_PL_Object *)crlEntry, plContext),
                            PKIX_LISTAPPENDITEMFAILED);

                PKIX_DECREF(crlEntry);

                entries++;
            }
        }

        *pCrlEntryList = entryList;

cleanup:
        PKIX_DECREF(crlEntry);

        if (PKIX_ERROR_RECEIVED){
                PKIX_DECREF(entryList);
        }

        PKIX_RETURN(CRLENTRY);
}

/* --Public-CRLENTRY-Functions------------------------------------- */

/*
 * FUNCTION: PKIX_PL_CRLEntry_GetCRLEntryReasonCode
 * (see comments in pkix_pl_pki.h)
 */
PKIX_Error *
PKIX_PL_CRLEntry_GetCRLEntryReasonCode (
        PKIX_PL_CRLEntry *crlEntry,
        PKIX_Int32 *pReason,
        void *plContext)
{
        SECStatus status;
        CERTCRLEntryReasonCode nssReasonCode;

        PKIX_ENTER(CRLENTRY, "PKIX_PL_CRLEntry_GetCRLEntryReasonCode");
        PKIX_NULLCHECK_TWO(crlEntry, pReason);

        if (!crlEntry->userReasonCodeAbsent && crlEntry->userReasonCode == 0) {

            PKIX_OBJECT_LOCK(crlEntry);

            if (!crlEntry->userReasonCodeAbsent &&
                crlEntry->userReasonCode == 0) {

                /* reason code has not been cached in */
                PKIX_CRLENTRY_DEBUG("\t\tCERT_FindCRLEntryReasonExten.\n");
                status = CERT_FindCRLEntryReasonExten
                        (crlEntry->nssCrlEntry, &nssReasonCode);

                if (status == SECSuccess) {
                        crlEntry->userReasonCode = (PKIX_Int32) nssReasonCode;
                } else {
                        crlEntry->userReasonCodeAbsent = PKIX_TRUE;
                }
            }

            PKIX_OBJECT_UNLOCK(crlEntry);

        }

        *pReason = crlEntry->userReasonCode;

cleanup:

        PKIX_RETURN(CRLENTRY);
}

/*
 * FUNCTION: PKIX_PL_CRLEntry_GetCriticalExtensionOIDs
 * (see comments in pkix_pl_pki.h)
 */
PKIX_Error *
PKIX_PL_CRLEntry_GetCriticalExtensionOIDs (
        PKIX_PL_CRLEntry *crlEntry,
        PKIX_List **pList,  /* list of PKIX_PL_OID */
        void *plContext)
{
        PKIX_List *oidsList = NULL;
        CERTCertExtension **extensions;

        PKIX_ENTER(CRLENTRY, "PKIX_PL_CRLEntry_GetCriticalExtensionOIDs");
        PKIX_NULLCHECK_THREE(crlEntry, crlEntry->nssCrlEntry, pList);

        /* if we don't have a cached copy from before, we create one */
        if (crlEntry->critExtOids == NULL) {

                PKIX_OBJECT_LOCK(crlEntry);

                if (crlEntry->critExtOids == NULL) {

                        extensions = crlEntry->nssCrlEntry->extensions;

                        PKIX_CHECK(pkix_pl_OID_GetCriticalExtensionOIDs
                                    (extensions, &oidsList, plContext),
                                    PKIX_GETCRITICALEXTENSIONOIDSFAILED);

                        crlEntry->critExtOids = oidsList;
                }

                PKIX_OBJECT_UNLOCK(crlEntry);

        }

        /* We should return a copy of the List since this list changes */
        PKIX_DUPLICATE(crlEntry->critExtOids, pList, plContext,
                PKIX_OBJECTDUPLICATELISTFAILED);

cleanup:

        PKIX_RETURN(CRLENTRY);
}
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)