andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: /* andre@0: * pkix_crlselector.c andre@0: * andre@0: * CRLSelector Function Definitions andre@0: * andre@0: */ andre@0: andre@0: #include "pkix_crlselector.h" andre@0: andre@0: /* --CRLSelector Private-Functions-------------------------------------- */ andre@0: andre@0: /* andre@0: * FUNCTION: pkix_CRLSelector_Destroy andre@0: * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h) andre@0: */ andre@0: static PKIX_Error * andre@0: pkix_CRLSelector_Destroy( andre@0: PKIX_PL_Object *object, andre@0: void *plContext) andre@0: { andre@0: PKIX_CRLSelector *selector = NULL; andre@0: andre@0: PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Destroy"); andre@0: PKIX_NULLCHECK_ONE(object); andre@0: andre@0: PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext), andre@0: PKIX_OBJECTNOTCRLSELECTOR); andre@0: andre@0: selector = (PKIX_CRLSelector *)object; andre@0: andre@0: selector->matchCallback = NULL; andre@0: andre@0: PKIX_DECREF(selector->params); andre@0: PKIX_DECREF(selector->context); andre@0: andre@0: cleanup: andre@0: andre@0: PKIX_RETURN(CRLSELECTOR); andre@0: } andre@0: andre@0: /* andre@0: * FUNCTION: pkix_CRLSelector_ToString_Helper andre@0: * andre@0: * DESCRIPTION: andre@0: * Helper function that creates a string representation of CRLSelector andre@0: * pointed to by "crlParams" and stores its address in the object pointed to andre@0: * by "pString". andre@0: * andre@0: * PARAMETERS andre@0: * "list" andre@0: * Address of CRLSelector whose string representation is desired. andre@0: * Must be non-NULL. andre@0: * "pString" andre@0: * Address of object pointer's destination. Must be non-NULL. andre@0: * "plContext" - Platform-specific context pointer. andre@0: * andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: static PKIX_Error * andre@0: pkix_CRLSelector_ToString_Helper( andre@0: PKIX_CRLSelector *crlSelector, andre@0: PKIX_PL_String **pString, andre@0: void *plContext) andre@0: { andre@0: PKIX_PL_String *crlSelectorString = NULL; andre@0: PKIX_PL_String *formatString = NULL; andre@0: PKIX_PL_String *crlParamsString = NULL; andre@0: PKIX_PL_String *crlContextString = NULL; andre@0: char *asciiFormat = NULL; andre@0: andre@0: PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_ToString_Helper"); andre@0: PKIX_NULLCHECK_TWO(crlSelector, pString); andre@0: PKIX_NULLCHECK_ONE(crlSelector->params); andre@0: andre@0: asciiFormat = andre@0: "\n\t[\n" andre@0: "\tMatchCallback: 0x%x\n" andre@0: "\tParams: %s\n" andre@0: "\tContext: %s\n" andre@0: "\t]\n"; andre@0: andre@0: PKIX_CHECK(PKIX_PL_String_Create andre@0: (PKIX_ESCASCII, andre@0: asciiFormat, andre@0: 0, andre@0: &formatString, andre@0: plContext), andre@0: PKIX_STRINGCREATEFAILED); andre@0: andre@0: /* Params */ andre@0: PKIX_TOSTRING andre@0: ((PKIX_PL_Object *)crlSelector->params, andre@0: &crlParamsString, andre@0: plContext, andre@0: PKIX_COMCRLSELPARAMSTOSTRINGFAILED); andre@0: andre@0: /* Context */ andre@0: PKIX_TOSTRING(crlSelector->context, &crlContextString, plContext, andre@0: PKIX_LISTTOSTRINGFAILED); andre@0: andre@0: PKIX_CHECK(PKIX_PL_Sprintf andre@0: (&crlSelectorString, andre@0: plContext, andre@0: formatString, andre@0: crlSelector->matchCallback, andre@0: crlParamsString, andre@0: crlContextString), andre@0: PKIX_SPRINTFFAILED); andre@0: andre@0: *pString = crlSelectorString; andre@0: andre@0: cleanup: andre@0: andre@0: PKIX_DECREF(crlParamsString); andre@0: PKIX_DECREF(crlContextString); andre@0: PKIX_DECREF(formatString); andre@0: andre@0: PKIX_RETURN(CRLSELECTOR); andre@0: } andre@0: andre@0: /* andre@0: * FUNCTION: pkix_CRLSelector_ToString andre@0: * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) andre@0: */ andre@0: static PKIX_Error * andre@0: pkix_CRLSelector_ToString( andre@0: PKIX_PL_Object *object, andre@0: PKIX_PL_String **pString, andre@0: void *plContext) andre@0: { andre@0: PKIX_PL_String *crlSelectorString = NULL; andre@0: PKIX_CRLSelector *crlSelector = NULL; andre@0: andre@0: PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_ToString"); andre@0: PKIX_NULLCHECK_TWO(object, pString); andre@0: andre@0: PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext), andre@0: PKIX_OBJECTNOTCRLSELECTOR); andre@0: andre@0: crlSelector = (PKIX_CRLSelector *) object; andre@0: andre@0: PKIX_CHECK(pkix_CRLSelector_ToString_Helper andre@0: (crlSelector, &crlSelectorString, plContext), andre@0: PKIX_CRLSELECTORTOSTRINGHELPERFAILED); andre@0: andre@0: *pString = crlSelectorString; andre@0: andre@0: cleanup: andre@0: andre@0: PKIX_RETURN(CRLSELECTOR); andre@0: } andre@0: andre@0: /* andre@0: * FUNCTION: pkix_CRLSelector_Hashcode andre@0: * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h) andre@0: */ andre@0: static PKIX_Error * andre@0: pkix_CRLSelector_Hashcode( andre@0: PKIX_PL_Object *object, andre@0: PKIX_UInt32 *pHashcode, andre@0: void *plContext) andre@0: { andre@0: PKIX_UInt32 paramsHash = 0; andre@0: PKIX_UInt32 contextHash = 0; andre@0: PKIX_UInt32 hash = 0; andre@0: andre@0: PKIX_CRLSelector *crlSelector = NULL; andre@0: andre@0: PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Hashcode"); andre@0: PKIX_NULLCHECK_TWO(object, pHashcode); andre@0: andre@0: PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext), andre@0: PKIX_OBJECTNOTCRLSELECTOR); andre@0: andre@0: crlSelector = (PKIX_CRLSelector *)object; andre@0: andre@0: PKIX_HASHCODE(crlSelector->params, ¶msHash, plContext, andre@0: PKIX_OBJECTHASHCODEFAILED); andre@0: andre@0: PKIX_HASHCODE(crlSelector->context, &contextHash, plContext, andre@0: PKIX_OBJECTHASHCODEFAILED); andre@0: andre@0: hash = 31 * ((PKIX_UInt32)crlSelector->matchCallback + andre@0: (contextHash << 3)) + paramsHash; andre@0: andre@0: *pHashcode = hash; andre@0: andre@0: cleanup: andre@0: andre@0: PKIX_RETURN(CRLSELECTOR); andre@0: } andre@0: andre@0: /* andre@0: * FUNCTION: pkix_CRLSelector_Equals andre@0: * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h) andre@0: */ andre@0: static PKIX_Error * andre@0: pkix_CRLSelector_Equals( andre@0: PKIX_PL_Object *firstObject, andre@0: PKIX_PL_Object *secondObject, andre@0: PKIX_Boolean *pResult, andre@0: void *plContext) andre@0: { andre@0: PKIX_CRLSelector *firstCrlSelector = NULL; andre@0: PKIX_CRLSelector *secondCrlSelector = NULL; andre@0: PKIX_UInt32 secondType; andre@0: PKIX_Boolean cmpResult = PKIX_FALSE; andre@0: andre@0: PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Equals"); andre@0: PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult); andre@0: andre@0: /* test that firstObject is a CRLSelector */ andre@0: PKIX_CHECK(pkix_CheckType andre@0: (firstObject, PKIX_CRLSELECTOR_TYPE, plContext), andre@0: PKIX_FIRSTOBJECTNOTCRLSELECTOR); andre@0: andre@0: firstCrlSelector = (PKIX_CRLSelector *)firstObject; andre@0: secondCrlSelector = (PKIX_CRLSelector *)secondObject; andre@0: andre@0: /* andre@0: * Since we know firstObject is a CRLSelector, if both references are andre@0: * identical, they must be equal andre@0: */ andre@0: if (firstCrlSelector == secondCrlSelector){ andre@0: *pResult = PKIX_TRUE; andre@0: goto cleanup; andre@0: } andre@0: andre@0: /* andre@0: * If secondCRLSelector isn't a CRLSelector, we don't throw an error. andre@0: * We simply return a Boolean result of FALSE andre@0: */ andre@0: *pResult = PKIX_FALSE; andre@0: PKIX_CHECK(PKIX_PL_Object_GetType andre@0: ((PKIX_PL_Object *)secondCrlSelector, andre@0: &secondType, andre@0: plContext), andre@0: PKIX_COULDNOTGETTYPEOFSECONDARGUMENT); andre@0: andre@0: if (secondType != PKIX_CRLSELECTOR_TYPE) { andre@0: goto cleanup; andre@0: } andre@0: andre@0: /* Compare MatchCallback address */ andre@0: cmpResult = (firstCrlSelector->matchCallback == andre@0: secondCrlSelector->matchCallback); andre@0: andre@0: if (cmpResult == PKIX_FALSE) { andre@0: goto cleanup; andre@0: } andre@0: andre@0: /* Compare Common CRL Selector Params */ andre@0: PKIX_EQUALS andre@0: (firstCrlSelector->params, andre@0: secondCrlSelector->params, andre@0: &cmpResult, andre@0: plContext, andre@0: PKIX_COMCRLSELPARAMSEQUALSFAILED); andre@0: andre@0: andre@0: if (cmpResult == PKIX_FALSE) { andre@0: goto cleanup; andre@0: } andre@0: andre@0: /* Compare Context */ andre@0: PKIX_EQUALS andre@0: (firstCrlSelector->context, andre@0: secondCrlSelector->context, andre@0: &cmpResult, andre@0: plContext, andre@0: PKIX_COMCRLSELPARAMSEQUALSFAILED); andre@0: andre@0: *pResult = cmpResult; andre@0: andre@0: cleanup: andre@0: andre@0: PKIX_RETURN(CRLSELECTOR); andre@0: } andre@0: andre@0: /* andre@0: * FUNCTION: pkix_CRLSelector_Duplicate andre@0: * (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h) andre@0: */ andre@0: static PKIX_Error * andre@0: pkix_CRLSelector_Duplicate( andre@0: PKIX_PL_Object *object, andre@0: PKIX_PL_Object **pNewObject, andre@0: void *plContext) andre@0: { andre@0: PKIX_CRLSelector *old; andre@0: PKIX_CRLSelector *new = NULL; andre@0: andre@0: PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Duplicate"); andre@0: PKIX_NULLCHECK_TWO(object, pNewObject); andre@0: andre@0: PKIX_CHECK(pkix_CheckType andre@0: (object, PKIX_CRLSELECTOR_TYPE, plContext), andre@0: PKIX_OBJECTNOTCRLSELECTOR); andre@0: andre@0: old = (PKIX_CRLSelector *)object; andre@0: andre@0: PKIX_CHECK(PKIX_PL_Object_Alloc andre@0: (PKIX_CRLSELECTOR_TYPE, andre@0: (PKIX_UInt32)(sizeof (PKIX_CRLSelector)), andre@0: (PKIX_PL_Object **)&new, andre@0: plContext), andre@0: PKIX_CREATECRLSELECTORDUPLICATEOBJECTFAILED); andre@0: andre@0: new->matchCallback = old->matchCallback; andre@0: andre@0: PKIX_DUPLICATE(old->params, &new->params, plContext, andre@0: PKIX_OBJECTDUPLICATEPARAMSFAILED); andre@0: andre@0: PKIX_DUPLICATE(old->context, &new->context, plContext, andre@0: PKIX_OBJECTDUPLICATECONTEXTFAILED); andre@0: andre@0: *pNewObject = (PKIX_PL_Object *)new; andre@0: andre@0: cleanup: andre@0: andre@0: if (PKIX_ERROR_RECEIVED){ andre@0: PKIX_DECREF(new); andre@0: } andre@0: andre@0: PKIX_RETURN(CRLSELECTOR); andre@0: } andre@0: andre@0: /* andre@0: * FUNCTION: pkix_CRLSelector_DefaultMatch andre@0: * andre@0: * DESCRIPTION: andre@0: * This function compares the parameter values (Issuer, date, and CRL number) andre@0: * set in the ComCRLSelParams of the CRLSelector pointed to by "selector" with andre@0: * the corresponding values in the CRL pointed to by "crl". When all the andre@0: * criteria set in the parameter values match the values in "crl", PKIX_TRUE is andre@0: * stored at "pMatch". If the CRL does not match the CRLSelector's criteria, andre@0: * PKIX_FALSE is stored at "pMatch". andre@0: * andre@0: * PARAMETERS andre@0: * "selector" andre@0: * Address of CRLSelector which is verified for a match andre@0: * Must be non-NULL. andre@0: * "crl" andre@0: * Address of the CRL object to be verified. Must be non-NULL. andre@0: * "pMatch" andre@0: * Address at which Boolean result is stored. Must be non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * andre@0: * THREAD SAFETY: andre@0: * Conditionally Thread Safe andre@0: * (see Thread Safety Definitions in Programmer's Guide) andre@0: * andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: static PKIX_Error * andre@0: pkix_CRLSelector_DefaultMatch( andre@0: PKIX_CRLSelector *selector, andre@0: PKIX_PL_CRL *crl, andre@0: PKIX_Boolean *pMatch, andre@0: void *plContext) andre@0: { andre@0: PKIX_ComCRLSelParams *params = NULL; andre@0: PKIX_PL_X500Name *crlIssuerName = NULL; andre@0: PKIX_PL_X500Name *issuerName = NULL; andre@0: PKIX_List *selIssuerNames = NULL; andre@0: PKIX_PL_Date *selDate = NULL; andre@0: PKIX_Boolean result = PKIX_TRUE; andre@0: PKIX_UInt32 numIssuers = 0; andre@0: PKIX_UInt32 i; andre@0: PKIX_PL_BigInt *minCRLNumber = NULL; andre@0: PKIX_PL_BigInt *maxCRLNumber = NULL; andre@0: PKIX_PL_BigInt *crlNumber = NULL; andre@0: PKIX_Boolean nistPolicyEnabled = PKIX_FALSE; andre@0: andre@0: PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_DefaultMatch"); andre@0: PKIX_NULLCHECK_TWO(selector, crl); andre@0: andre@0: *pMatch = PKIX_TRUE; andre@0: params = selector->params; andre@0: andre@0: /* No matching parameter provided, just a match */ andre@0: if (params == NULL) { andre@0: goto cleanup; andre@0: } andre@0: andre@0: PKIX_CHECK(PKIX_ComCRLSelParams_GetIssuerNames andre@0: (params, &selIssuerNames, plContext), andre@0: PKIX_COMCRLSELPARAMSGETISSUERNAMESFAILED); andre@0: andre@0: /* Check for Issuers */ andre@0: if (selIssuerNames != NULL){ andre@0: andre@0: result = PKIX_FALSE; andre@0: andre@0: PKIX_CHECK(PKIX_PL_CRL_GetIssuer andre@0: (crl, &crlIssuerName, plContext), andre@0: PKIX_CRLGETISSUERFAILED); andre@0: andre@0: PKIX_CHECK(PKIX_List_GetLength andre@0: (selIssuerNames, &numIssuers, plContext), andre@0: PKIX_LISTGETLENGTHFAILED); andre@0: andre@0: for (i = 0; i < numIssuers; i++){ andre@0: andre@0: PKIX_CHECK(PKIX_List_GetItem andre@0: (selIssuerNames, andre@0: i, andre@0: (PKIX_PL_Object **)&issuerName, andre@0: plContext), andre@0: PKIX_LISTGETITEMFAILED); andre@0: andre@0: PKIX_CHECK(PKIX_PL_X500Name_Match andre@0: (crlIssuerName, andre@0: issuerName, andre@0: &result, andre@0: plContext), andre@0: PKIX_X500NAMEMATCHFAILED); andre@0: andre@0: PKIX_DECREF(issuerName); andre@0: andre@0: if (result == PKIX_TRUE) { andre@0: break; andre@0: } andre@0: } andre@0: andre@0: if (result == PKIX_FALSE) { andre@0: PKIX_CRLSELECTOR_DEBUG("Issuer Match Failed\N"); andre@0: *pMatch = PKIX_FALSE; andre@0: goto cleanup; andre@0: } andre@0: andre@0: } andre@0: andre@0: PKIX_CHECK(PKIX_ComCRLSelParams_GetDateAndTime andre@0: (params, &selDate, plContext), andre@0: PKIX_COMCRLSELPARAMSGETDATEANDTIMEFAILED); andre@0: andre@0: /* Check for Date */ andre@0: if (selDate != NULL){ andre@0: andre@0: PKIX_CHECK(PKIX_ComCRLSelParams_GetNISTPolicyEnabled andre@0: (params, &nistPolicyEnabled, plContext), andre@0: PKIX_COMCRLSELPARAMSGETNISTPOLICYENABLEDFAILED); andre@0: andre@0: /* check crl dates only for if NIST policies enforced */ andre@0: if (nistPolicyEnabled) { andre@0: result = PKIX_FALSE; andre@0: andre@0: PKIX_CHECK(PKIX_PL_CRL_VerifyUpdateTime andre@0: (crl, selDate, &result, plContext), andre@0: PKIX_CRLVERIFYUPDATETIMEFAILED); andre@0: andre@0: if (result == PKIX_FALSE) { andre@0: *pMatch = PKIX_FALSE; andre@0: goto cleanup; andre@0: } andre@0: } andre@0: andre@0: } andre@0: andre@0: /* Check for CRL number in range */ andre@0: PKIX_CHECK(PKIX_PL_CRL_GetCRLNumber(crl, &crlNumber, plContext), andre@0: PKIX_CRLGETCRLNUMBERFAILED); andre@0: andre@0: if (crlNumber != NULL) { andre@0: result = PKIX_FALSE; andre@0: andre@0: PKIX_CHECK(PKIX_ComCRLSelParams_GetMinCRLNumber andre@0: (params, &minCRLNumber, plContext), andre@0: PKIX_COMCRLSELPARAMSGETMINCRLNUMBERFAILED); andre@0: andre@0: if (minCRLNumber != NULL) { andre@0: andre@0: PKIX_CHECK(PKIX_PL_Object_Compare andre@0: ((PKIX_PL_Object *)minCRLNumber, andre@0: (PKIX_PL_Object *)crlNumber, andre@0: &result, andre@0: plContext), andre@0: PKIX_OBJECTCOMPARATORFAILED); andre@0: andre@0: if (result == 1) { andre@0: PKIX_CRLSELECTOR_DEBUG andre@0: ("CRL MinNumber Range Match Failed\n"); andre@0: *pMatch = PKIX_FALSE; andre@0: goto cleanup; andre@0: } andre@0: } andre@0: andre@0: PKIX_CHECK(PKIX_ComCRLSelParams_GetMaxCRLNumber andre@0: (params, &maxCRLNumber, plContext), andre@0: PKIX_COMCRLSELPARAMSGETMAXCRLNUMBERFAILED); andre@0: andre@0: if (maxCRLNumber != NULL) { andre@0: andre@0: PKIX_CHECK(PKIX_PL_Object_Compare andre@0: ((PKIX_PL_Object *)crlNumber, andre@0: (PKIX_PL_Object *)maxCRLNumber, andre@0: &result, andre@0: plContext), andre@0: PKIX_OBJECTCOMPARATORFAILED); andre@0: andre@0: if (result == 1) { andre@0: PKIX_CRLSELECTOR_DEBUG andre@0: (PKIX_CRLMAXNUMBERRANGEMATCHFAILED); andre@0: *pMatch = PKIX_FALSE; andre@0: goto cleanup; andre@0: } andre@0: } andre@0: } andre@0: andre@0: cleanup: andre@0: andre@0: PKIX_DECREF(selIssuerNames); andre@0: PKIX_DECREF(selDate); andre@0: PKIX_DECREF(crlIssuerName); andre@0: PKIX_DECREF(issuerName); andre@0: PKIX_DECREF(crlNumber); andre@0: PKIX_DECREF(minCRLNumber); andre@0: PKIX_DECREF(maxCRLNumber); andre@0: andre@0: PKIX_RETURN(CRLSELECTOR); andre@0: } andre@0: andre@0: /* andre@0: * FUNCTION: pkix_CRLSelector_RegisterSelf andre@0: * DESCRIPTION: andre@0: * Registers PKIX_CRLSELECTOR_TYPE and its related functions with andre@0: * systemClasses[] andre@0: * THREAD SAFETY: andre@0: * Not Thread Safe - for performance and complexity reasons andre@0: * andre@0: * Since this function is only called by PKIX_PL_Initialize, which should andre@0: * only be called once, it is acceptable that this function is not andre@0: * thread-safe. andre@0: */ andre@0: PKIX_Error * andre@0: pkix_CRLSelector_RegisterSelf(void *plContext) andre@0: { andre@0: extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES]; andre@0: pkix_ClassTable_Entry entry; andre@0: andre@0: PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_RegisterSelf"); andre@0: andre@0: entry.description = "CRLSelector"; andre@0: entry.objCounter = 0; andre@0: entry.typeObjectSize = sizeof(PKIX_CRLSelector); andre@0: entry.destructor = pkix_CRLSelector_Destroy; andre@0: entry.equalsFunction = pkix_CRLSelector_Equals; andre@0: entry.hashcodeFunction = pkix_CRLSelector_Hashcode; andre@0: entry.toStringFunction = pkix_CRLSelector_ToString; andre@0: entry.comparator = NULL; andre@0: entry.duplicateFunction = pkix_CRLSelector_Duplicate; andre@0: andre@0: systemClasses[PKIX_CRLSELECTOR_TYPE] = entry; andre@0: andre@0: PKIX_RETURN(CRLSELECTOR); andre@0: } andre@0: andre@0: /* --CRLSelector-Public-Functions---------------------------------------- */ andre@0: PKIX_Error * andre@0: pkix_CRLSelector_Create( andre@0: PKIX_CRLSelector_MatchCallback callback, andre@0: PKIX_PL_Object *crlSelectorContext, andre@0: PKIX_CRLSelector **pSelector, andre@0: void *plContext) andre@0: { andre@0: PKIX_CRLSelector *selector = NULL; andre@0: andre@0: PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_Create"); andre@0: PKIX_NULLCHECK_ONE(pSelector); andre@0: andre@0: PKIX_CHECK(PKIX_PL_Object_Alloc andre@0: (PKIX_CRLSELECTOR_TYPE, andre@0: sizeof (PKIX_CRLSelector), andre@0: (PKIX_PL_Object **)&selector, andre@0: plContext), andre@0: PKIX_COULDNOTCREATECRLSELECTOROBJECT); andre@0: andre@0: /* andre@0: * if user specified a particular match callback, we use that one. andre@0: * otherwise, we use the default match provided. andre@0: */ andre@0: andre@0: if (callback != NULL){ andre@0: selector->matchCallback = callback; andre@0: } else { andre@0: selector->matchCallback = pkix_CRLSelector_DefaultMatch; andre@0: } andre@0: andre@0: /* initialize other fields */ andre@0: selector->params = NULL; andre@0: andre@0: PKIX_INCREF(crlSelectorContext); andre@0: selector->context = crlSelectorContext; andre@0: andre@0: *pSelector = selector; andre@0: selector = NULL; andre@0: andre@0: cleanup: andre@0: andre@0: PKIX_DECREF(selector); andre@0: andre@0: PKIX_RETURN(CRLSELECTOR); andre@0: } andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_CRLSelector_Create (see comments in pkix_crlsel.h) andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_CRLSelector_Create( andre@0: PKIX_PL_Cert *issuer, andre@0: PKIX_List *crldpList, andre@0: PKIX_PL_Date *date, andre@0: PKIX_CRLSelector **pCrlSelector, andre@0: void *plContext) andre@0: { andre@0: PKIX_PL_X500Name *issuerName = NULL; andre@0: PKIX_PL_Date *nowDate = NULL; andre@0: PKIX_ComCRLSelParams *comCrlSelParams = NULL; andre@0: PKIX_CRLSelector *crlSelector = NULL; andre@0: andre@0: PKIX_ENTER(CERTCHAINCHECKER, "PKIX_CrlSelector_Create"); andre@0: PKIX_NULLCHECK_ONE(issuer); andre@0: andre@0: PKIX_CHECK( andre@0: PKIX_PL_Cert_GetSubject(issuer, &issuerName, plContext), andre@0: PKIX_CERTGETISSUERFAILED); andre@0: andre@0: if (date != NULL) { andre@0: PKIX_INCREF(date); andre@0: nowDate = date; andre@0: } else { andre@0: PKIX_CHECK( andre@0: PKIX_PL_Date_Create_UTCTime(NULL, &nowDate, plContext), andre@0: PKIX_DATECREATEUTCTIMEFAILED); andre@0: } andre@0: andre@0: PKIX_CHECK( andre@0: PKIX_ComCRLSelParams_Create(&comCrlSelParams, plContext), andre@0: PKIX_COMCRLSELPARAMSCREATEFAILED); andre@0: andre@0: PKIX_CHECK( andre@0: PKIX_ComCRLSelParams_AddIssuerName(comCrlSelParams, issuerName, andre@0: plContext), andre@0: PKIX_COMCRLSELPARAMSADDISSUERNAMEFAILED); andre@0: andre@0: PKIX_CHECK( andre@0: PKIX_ComCRLSelParams_SetCrlDp(comCrlSelParams, crldpList, andre@0: plContext), andre@0: PKIX_COMCRLSELPARAMSSETCERTFAILED); andre@0: andre@0: PKIX_CHECK( andre@0: PKIX_ComCRLSelParams_SetDateAndTime(comCrlSelParams, nowDate, andre@0: plContext), andre@0: PKIX_COMCRLSELPARAMSSETDATEANDTIMEFAILED); andre@0: andre@0: PKIX_CHECK( andre@0: pkix_CRLSelector_Create(NULL, NULL, &crlSelector, plContext), andre@0: PKIX_CRLSELECTORCREATEFAILED); andre@0: andre@0: PKIX_CHECK( andre@0: PKIX_CRLSelector_SetCommonCRLSelectorParams(crlSelector, andre@0: comCrlSelParams, andre@0: plContext), andre@0: PKIX_CRLSELECTORSETCOMMONCRLSELECTORPARAMSFAILED); andre@0: andre@0: *pCrlSelector = crlSelector; andre@0: crlSelector = NULL; andre@0: andre@0: cleanup: andre@0: andre@0: PKIX_DECREF(issuerName); andre@0: PKIX_DECREF(nowDate); andre@0: PKIX_DECREF(comCrlSelParams); andre@0: PKIX_DECREF(crlSelector); andre@0: andre@0: PKIX_RETURN(CERTCHAINCHECKER); andre@0: } andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_CRLSelector_GetMatchCallback (see comments in pkix_crlsel.h) andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_CRLSelector_GetMatchCallback( andre@0: PKIX_CRLSelector *selector, andre@0: PKIX_CRLSelector_MatchCallback *pCallback, andre@0: void *plContext) andre@0: { andre@0: PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetMatchCallback"); andre@0: PKIX_NULLCHECK_TWO(selector, pCallback); andre@0: andre@0: *pCallback = selector->matchCallback; andre@0: andre@0: PKIX_RETURN(CRLSELECTOR); andre@0: } andre@0: andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext andre@0: * (see comments in pkix_crlsel.h) andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_CRLSelector_GetCRLSelectorContext( andre@0: PKIX_CRLSelector *selector, andre@0: void **pCrlSelectorContext, andre@0: void *plContext) andre@0: { andre@0: PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetCRLSelectorContext"); andre@0: PKIX_NULLCHECK_TWO(selector, pCrlSelectorContext); andre@0: andre@0: PKIX_INCREF(selector->context); andre@0: andre@0: *pCrlSelectorContext = selector->context; andre@0: andre@0: cleanup: andre@0: PKIX_RETURN(CRLSELECTOR); andre@0: } andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams andre@0: * (see comments in pkix_crlsel.h) andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_CRLSelector_GetCommonCRLSelectorParams( andre@0: PKIX_CRLSelector *selector, andre@0: PKIX_ComCRLSelParams **pParams, andre@0: void *plContext) andre@0: { andre@0: PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetCommonCRLSelectorParams"); andre@0: PKIX_NULLCHECK_TWO(selector, pParams); andre@0: andre@0: PKIX_INCREF(selector->params); andre@0: andre@0: *pParams = selector->params; andre@0: andre@0: cleanup: andre@0: PKIX_RETURN(CRLSELECTOR); andre@0: } andre@0: andre@0: /* andre@0: * FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams andre@0: * (see comments in pkix_crlsel.h) andre@0: */ andre@0: PKIX_Error * andre@0: PKIX_CRLSelector_SetCommonCRLSelectorParams( andre@0: PKIX_CRLSelector *selector, andre@0: PKIX_ComCRLSelParams *params, andre@0: void *plContext) andre@0: { andre@0: PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_SetCommonCRLSelectorParams"); andre@0: PKIX_NULLCHECK_TWO(selector, params); andre@0: andre@0: PKIX_DECREF(selector->params); andre@0: andre@0: PKIX_INCREF(params); andre@0: selector->params = params; andre@0: andre@0: PKIX_CHECK(PKIX_PL_Object_InvalidateCache andre@0: ((PKIX_PL_Object *)selector, plContext), andre@0: PKIX_OBJECTINVALIDATECACHEFAILED); andre@0: andre@0: cleanup: andre@0: andre@0: PKIX_RETURN(CRLSELECTOR); andre@0: } andre@0: andre@0: /* andre@0: * FUNCTION: pkix_CRLSelector_Select andre@0: * DESCRIPTION: andre@0: * andre@0: * This function applies the selector pointed to by "selector" to each CRL, andre@0: * in turn, in the List pointed to by "before", and creates a List containing andre@0: * all the CRLs that matched, or passed the selection process, storing that andre@0: * List at "pAfter". If no CRLs match, an empty List is stored at "pAfter". andre@0: * andre@0: * The List returned in "pAfter" is immutable. andre@0: * andre@0: * PARAMETERS: andre@0: * "selector" andre@0: * Address of CRLSelelector to be applied to the List. Must be non-NULL. andre@0: * "before" andre@0: * Address of List that is to be filtered. Must be non-NULL. andre@0: * "pAfter" andre@0: * Address at which resulting List, possibly empty, is stored. Must be andre@0: * non-NULL. andre@0: * "plContext" andre@0: * Platform-specific context pointer. andre@0: * THREAD SAFETY: andre@0: * Thread Safe (see Thread Safety Definitions in Programmer's Guide) andre@0: * RETURNS: andre@0: * Returns NULL if the function succeeds. andre@0: * Returns a CRLSelector Error if the function fails in a non-fatal way. andre@0: * Returns a Fatal Error if the function fails in an unrecoverable way. andre@0: */ andre@0: PKIX_Error * andre@0: pkix_CRLSelector_Select( andre@0: PKIX_CRLSelector *selector, andre@0: PKIX_List *before, andre@0: PKIX_List **pAfter, andre@0: void *plContext) andre@0: { andre@0: PKIX_Boolean match = PKIX_FALSE; andre@0: PKIX_UInt32 numBefore = 0; andre@0: PKIX_UInt32 i = 0; andre@0: PKIX_List *filtered = NULL; andre@0: PKIX_PL_CRL *candidate = NULL; andre@0: andre@0: PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_Select"); andre@0: PKIX_NULLCHECK_THREE(selector, before, pAfter); andre@0: andre@0: PKIX_CHECK(PKIX_List_Create(&filtered, plContext), andre@0: PKIX_LISTCREATEFAILED); andre@0: andre@0: PKIX_CHECK(PKIX_List_GetLength(before, &numBefore, plContext), andre@0: PKIX_LISTGETLENGTHFAILED); andre@0: andre@0: for (i = 0; i < numBefore; i++) { andre@0: andre@0: PKIX_CHECK(PKIX_List_GetItem andre@0: (before, i, (PKIX_PL_Object **)&candidate, plContext), andre@0: PKIX_LISTGETITEMFAILED); andre@0: andre@0: PKIX_CHECK_ONLY_FATAL(selector->matchCallback andre@0: (selector, candidate, &match, plContext), andre@0: PKIX_CRLSELECTORMATCHCALLBACKFAILED); andre@0: andre@0: if (!(PKIX_ERROR_RECEIVED) && match == PKIX_TRUE) { andre@0: andre@0: PKIX_CHECK_ONLY_FATAL(PKIX_List_AppendItem andre@0: (filtered, andre@0: (PKIX_PL_Object *)candidate, andre@0: plContext), andre@0: PKIX_LISTAPPENDITEMFAILED); andre@0: } andre@0: andre@0: pkixTempErrorReceived = PKIX_FALSE; andre@0: PKIX_DECREF(candidate); andre@0: } andre@0: andre@0: PKIX_CHECK(PKIX_List_SetImmutable(filtered, plContext), andre@0: PKIX_LISTSETIMMUTABLEFAILED); andre@0: andre@0: /* Don't throw away the list if one CRL was bad! */ andre@0: pkixTempErrorReceived = PKIX_FALSE; andre@0: andre@0: *pAfter = filtered; andre@0: filtered = NULL; andre@0: andre@0: cleanup: andre@0: andre@0: PKIX_DECREF(filtered); andre@0: PKIX_DECREF(candidate); andre@0: andre@0: PKIX_RETURN(CRLSELECTOR); andre@0: andre@0: }