diff options
Diffstat (limited to 'security/nss/lib/libpkix/pkix/certsel')
7 files changed, 0 insertions, 3238 deletions
diff --git a/security/nss/lib/libpkix/pkix/certsel/Makefile b/security/nss/lib/libpkix/pkix/certsel/Makefile deleted file mode 100755 index a06b8bed4..000000000 --- a/security/nss/lib/libpkix/pkix/certsel/Makefile +++ /dev/null @@ -1,81 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the PKIX-C library. -# -# The Initial Developer of the Original Code is -# Sun Microsystems, Inc. -# Portions created by the Initial Developer are -# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. -# -# Contributor(s): -# Sun Microsystems, Inc. -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -export:: private_export - diff --git a/security/nss/lib/libpkix/pkix/certsel/config.mk b/security/nss/lib/libpkix/pkix/certsel/config.mk deleted file mode 100755 index 6f3fb7b4b..000000000 --- a/security/nss/lib/libpkix/pkix/certsel/config.mk +++ /dev/null @@ -1,48 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the PKIX-C library. -# -# The Initial Developer of the Original Code is -# Sun Microsystems, Inc. -# Portions created by the Initial Developer are -# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. -# -# Contributor(s): -# Sun Microsystems, Inc. -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -# -# Override TARGETS variable so that only static libraries -# are specifed as dependencies within rules.mk. -# - -TARGETS = $(LIBRARY) -SHARED_LIBRARY = -IMPORT_LIBRARY = -PROGRAM = - diff --git a/security/nss/lib/libpkix/pkix/certsel/manifest.mn b/security/nss/lib/libpkix/pkix/certsel/manifest.mn deleted file mode 100755 index c5d1b4e01..000000000 --- a/security/nss/lib/libpkix/pkix/certsel/manifest.mn +++ /dev/null @@ -1,58 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the PKIX-C library. -# -# The Initial Developer of the Original Code is -# Sun Microsystems, Inc. -# Portions created by the Initial Developer are -# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. -# -# Contributor(s): -# Sun Microsystems, Inc. -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** -CORE_DEPTH = ../../../../.. - -EXPORTS = \ - $(NULL) - -PRIVATE_EXPORTS = \ - pkix_certselector.h \ - pkix_comcertselparams.h \ - $(NULL) - -MODULE = nss - -CSRCS = \ - pkix_certselector.c \ - pkix_comcertselparams.c \ - $(NULL) - -REQUIRES = dbm - -LIBRARY_NAME = pkixcertsel - diff --git a/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c b/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c deleted file mode 100755 index 23eda7ac1..000000000 --- a/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c +++ /dev/null @@ -1,1666 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the PKIX-C library. - * - * The Initial Developer of the Original Code is - * Sun Microsystems, Inc. - * Portions created by the Initial Developer are - * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sun Microsystems, Inc. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* - * pkix_certselector.c - * - * CertSelector Object Functions - * - */ - -#include "pkix_certselector.h" - -/* --Private-Functions-------------------------------------------- */ - -/* - * FUNCTION: pkix_CertSelector_Destroy - * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h) - */ -static PKIX_Error * -pkix_CertSelector_Destroy( - PKIX_PL_Object *object, - void *plContext) -{ - PKIX_CertSelector *selector = NULL; - - PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Destroy"); - PKIX_NULLCHECK_ONE(object); - - /* Check that this object is a cert selector */ - PKIX_CHECK(pkix_CheckType(object, PKIX_CERTSELECTOR_TYPE, plContext), - PKIX_OBJECTNOTCERTSELECTOR); - - selector = (PKIX_CertSelector *)object; - PKIX_DECREF(selector->params); - PKIX_DECREF(selector->context); - -cleanup: - - PKIX_RETURN(CERTSELECTOR); -} - -/* - * FUNCTION: pkix_CertSelector_Duplicate - * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h) - */ -static PKIX_Error * -pkix_CertSelector_Duplicate( - PKIX_PL_Object *object, - PKIX_PL_Object **pNewObject, - void *plContext) -{ - PKIX_CertSelector *certSelector = NULL; - PKIX_CertSelector *certSelectorDuplicate = NULL; - - PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Duplicate"); - PKIX_NULLCHECK_TWO(object, pNewObject); - - PKIX_CHECK(pkix_CheckType(object, PKIX_CERTSELECTOR_TYPE, plContext), - PKIX_OBJECTNOTCERTSELECTOR); - - certSelector = (PKIX_CertSelector *)object; - - PKIX_CHECK(PKIX_CertSelector_Create - (certSelector->matchCallback, - certSelector->context, - &certSelectorDuplicate, - plContext), - PKIX_CERTSELECTORCREATEFAILED); - - PKIX_CHECK(PKIX_PL_Object_Duplicate - ((PKIX_PL_Object *)certSelector->params, - (PKIX_PL_Object **)&certSelectorDuplicate->params, - plContext), - PKIX_OBJECTDUPLICATEFAILED); - - *pNewObject = (PKIX_PL_Object *)certSelectorDuplicate; - -cleanup: - - if (PKIX_ERROR_RECEIVED){ - PKIX_DECREF(certSelectorDuplicate); - } - - PKIX_RETURN(CERTSELECTOR); -} - -/* - * FUNCTION: pkix_CertSelector_Match_BasicConstraint - * DESCRIPTION: - * - * Determines whether the Cert pointed to by "cert" matches the basic - * constraints criterion using the basic constraints field of the - * ComCertSelParams pointed to by "params". If the basic constraints field is - * -1, no basic constraints check is done and the Cert is considered to match - * the basic constraints criterion. If the Cert does not match the basic - * constraints criterion, an Error pointer is returned. - * - * In order to match against this criterion, there are several possibilities. - * - * 1) If the criterion's minimum path length is greater than or equal to zero, - * a certificate must include a BasicConstraints extension with a pathLen of - * at least this value. - * - * 2) If the criterion's minimum path length is -2, a certificate must be an - * end-entity certificate. - * - * 3) If the criterion's minimum path length is -1, no basic constraints check - * is done and all certificates are considered to match this criterion. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams whose basic constraints field is used. - * Must be non-NULL. - * "cert" - * Address of Cert that is to be matched. Must be non-NULL. - * "pResult" - * Address of PKIX_Boolean that returns the match result. - * "plContext" - * Platform-specific context pointer. - * OUTPUT PARAMETERS ON FAILURE: - * If the function returns a failure, - * the output parameters of this function are undefined. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -static PKIX_Error * -pkix_CertSelector_Match_BasicConstraint( - PKIX_ComCertSelParams *params, - PKIX_PL_Cert *cert, - PKIX_Boolean *pResult, - void *plContext) -{ - PKIX_PL_CertBasicConstraints *basicConstraints = NULL; - PKIX_Boolean caFlag = PKIX_FALSE; /* EE Cert by default */ - PKIX_Int32 pathLength = 0; - PKIX_Int32 minPathLength = 0; - - PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_BasicConstraint"); - PKIX_NULLCHECK_THREE(params, cert, pResult); - *pResult = PKIX_TRUE; - - PKIX_CHECK(PKIX_ComCertSelParams_GetBasicConstraints - (params, &minPathLength, plContext), - PKIX_COMCERTSELPARAMSGETBASICCONSTRAINTSFAILED); - - /* If the minPathLength is unlimited (-1), no checking */ - if (minPathLength == PKIX_CERTSEL_ALL_MATCH_MIN_PATHLENGTH) { - goto cleanup; - } - - PKIX_CHECK(PKIX_PL_Cert_GetBasicConstraints - (cert, &basicConstraints, plContext), - PKIX_CERTGETBASICCONSTRAINTSFAILED); - - if (basicConstraints != NULL) { - PKIX_CHECK(PKIX_PL_BasicConstraints_GetCAFlag - (basicConstraints, &caFlag, plContext), - PKIX_BASICCONSTRAINTSGETCAFLAGFAILED); - - PKIX_CHECK(PKIX_PL_BasicConstraints_GetPathLenConstraint - (basicConstraints, &pathLength, plContext), - PKIX_BASICCONSTRAINTSGETPATHLENCONSTRAINTFAILED); - } - - /* - * if minPathLength >= 0, the cert must have a BasicConstraints ext and - * the pathLength in this cert - * BasicConstraints needs to be >= minPathLength. - */ - if (minPathLength >= 0){ - if ((!basicConstraints) || (caFlag == PKIX_FALSE)){ - PKIX_ERROR(PKIX_CERTNOTALLOWEDTOSIGNCERTIFICATES); - } else if ((pathLength != PKIX_UNLIMITED_PATH_CONSTRAINT) && - (pathLength < minPathLength)){ - PKIX_CERTSELECTOR_DEBUG - ("Basic Constraints path length match failed\n"); - *pResult = PKIX_FALSE; - PKIX_ERROR(PKIX_PATHLENCONSTRAINTINVALID); - } - } - - /* if the minPathLength is -2, this cert must be an end-entity cert. */ - if (minPathLength == PKIX_CERTSEL_ENDENTITY_MIN_PATHLENGTH) { - if (caFlag == PKIX_TRUE) { - PKIX_CERTSELECTOR_DEBUG - ("Basic Constraints end-entity match failed\n"); - *pResult = PKIX_FALSE; - PKIX_ERROR(PKIX_PATHLENCONSTRAINTINVALID); - } - } - -cleanup: - - PKIX_DECREF(basicConstraints); - PKIX_RETURN(CERTSELECTOR); -} - -/* - * FUNCTION: pkix_CertSelector_Match_Policies - * DESCRIPTION: - * - * Determines whether the Cert pointed to by "cert" matches the policy - * constraints specified in the ComCertsSelParams given by "params". - * If "params" specifies a policy constraint of NULL, all certificates - * match. If "params" specifies an empty list, "cert" must have at least - * some policy. Otherwise "cert" must include at least one of the - * policies in the list. See the description of PKIX_CertSelector in - * pkix_certsel.h for more. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams whose policy criterion (if any) is used. - * Must be non-NULL. - * "cert" - * Address of Cert that is to be matched. Must be non-NULL. - * "pResult" - * Address of PKIX_Boolean that returns the match result. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -static PKIX_Error * -pkix_CertSelector_Match_Policies( - PKIX_ComCertSelParams *params, - PKIX_PL_Cert *cert, - PKIX_Boolean *pResult, - void *plContext) -{ - PKIX_UInt32 numConstraintPolicies = 0; - PKIX_UInt32 numCertPolicies = 0; - PKIX_UInt32 certPolicyIndex = 0; - PKIX_Boolean result = PKIX_FALSE; - PKIX_List *constraintPolicies = NULL; /* List of PKIX_PL_OID */ - PKIX_List *certPolicyInfos = NULL; /* List of PKIX_PL_CertPolicyInfo */ - PKIX_PL_CertPolicyInfo *policyInfo = NULL; - PKIX_PL_OID *polOID = NULL; - - PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_Policies"); - PKIX_NULLCHECK_THREE(params, cert, pResult); - - PKIX_CHECK(PKIX_ComCertSelParams_GetPolicy - (params, &constraintPolicies, plContext), - PKIX_COMCERTSELPARAMSGETPOLICYFAILED); - - /* If constraintPolicies is NULL, all certificates "match" */ - if (constraintPolicies) { - PKIX_CHECK(PKIX_PL_Cert_GetPolicyInformation - (cert, &certPolicyInfos, plContext), - PKIX_CERTGETPOLICYINFORMATIONFAILED); - - /* No hope of a match if cert has no policies */ - if (!certPolicyInfos) { - PKIX_CERTSELECTOR_DEBUG("Certificate has no policies\n"); - *pResult = PKIX_FALSE; - PKIX_ERROR(PKIX_CERTSELECTORMATCHPOLICIESFAILED); - } - - PKIX_CHECK(PKIX_List_GetLength - (constraintPolicies, &numConstraintPolicies, plContext), - PKIX_LISTGETLENGTHFAILED); - - if (numConstraintPolicies > 0) { - - PKIX_CHECK(PKIX_List_GetLength - (certPolicyInfos, &numCertPolicies, plContext), - PKIX_LISTGETLENGTHFAILED); - - for (certPolicyIndex = 0; - ((!result) && (certPolicyIndex < numCertPolicies)); - certPolicyIndex++) { - - PKIX_CHECK(PKIX_List_GetItem - (certPolicyInfos, - certPolicyIndex, - (PKIX_PL_Object **)&policyInfo, - plContext), - PKIX_LISTGETELEMENTFAILED); - PKIX_CHECK(PKIX_PL_CertPolicyInfo_GetPolicyId - (policyInfo, &polOID, plContext), - PKIX_CERTPOLICYINFOGETPOLICYIDFAILED); - - PKIX_CHECK(pkix_List_Contains - (constraintPolicies, - (PKIX_PL_Object *)polOID, - &result, - plContext), - PKIX_LISTCONTAINSFAILED); - PKIX_DECREF(policyInfo); - PKIX_DECREF(polOID); - } - if (!result) { - *pResult = PKIX_FALSE; - PKIX_ERROR(PKIX_CERTSELECTORMATCHPOLICIESFAILED); - } - } - } - -cleanup: - - PKIX_DECREF(constraintPolicies); - PKIX_DECREF(certPolicyInfos); - PKIX_DECREF(policyInfo); - PKIX_DECREF(polOID); - - PKIX_RETURN(CERTSELECTOR); - -} - -/* - * FUNCTION: pkix_CertSelector_Match_CertificateValid - * DESCRIPTION: - * - * Determines whether the Cert pointed to by "cert" matches the certificate - * validity criterion using the CertificateValid field of the - * ComCertSelParams pointed to by "params". If the CertificateValid field is - * NULL, no validity check is done and the Cert is considered to match - * the CertificateValid criterion. If the CertificateValid field specifies a - * Date prior to the notBefore field in the Cert, or greater than the notAfter - * field in the Cert, an Error is returned. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams whose certValid field is used. - * Must be non-NULL. - * "cert" - * Address of Cert that is to be matched. Must be non-NULL. - * "pResult" - * Address of PKIX_Boolean that returns the match result. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -static PKIX_Error * -pkix_CertSelector_Match_CertificateValid( - PKIX_ComCertSelParams *params, - PKIX_PL_Cert *cert, - PKIX_Boolean *pResult, - void *plContext) -{ - PKIX_PL_Date *validityTime = NULL; - - PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_CertificateValid"); - PKIX_NULLCHECK_THREE(params, cert, pResult); - - PKIX_CHECK(PKIX_ComCertSelParams_GetCertificateValid - (params, &validityTime, plContext), - PKIX_COMCERTSELPARAMSGETCERTIFICATEVALIDFAILED); - - /* If the validityTime is not set, all certificates are acceptable */ - if (validityTime) { - PKIX_CHECK(PKIX_PL_Cert_CheckValidity - (cert, validityTime, plContext), - PKIX_CERTCHECKVALIDITYFAILED); - } - -cleanup: - if (PKIX_ERROR_RECEIVED) { - *pResult = PKIX_FALSE; - } - PKIX_DECREF(validityTime); - - PKIX_RETURN(CERTSELECTOR); -} - -/* - * FUNCTION: pkix_CertSelector_Match_NameConstraints - * DESCRIPTION: - * - * Determines whether the Cert pointed to by "cert" matches the name - * constraints criterion specified in the ComCertSelParams pointed to by - * "params". If the name constraints field is NULL, no name constraints check - * is done and the Cert is considered to match the name constraints criterion. - * If the Cert does not match the name constraints criterion, an Error pointer - * is returned. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams whose name constraints field is used. - * Must be non-NULL. - * "cert" - * Address of Cert that is to be matched. Must be non-NULL. - * "pResult" - * Address of PKIX_Boolean that returns the match result. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -static PKIX_Error * -pkix_CertSelector_Match_NameConstraints( - PKIX_ComCertSelParams *params, - PKIX_PL_Cert *cert, - PKIX_Boolean *pResult, - void *plContext) -{ - PKIX_PL_CertNameConstraints *nameConstraints = NULL; - - PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_NameConstraints"); - PKIX_NULLCHECK_THREE(params, cert, pResult); - - PKIX_CHECK(PKIX_ComCertSelParams_GetNameConstraints - (params, &nameConstraints, plContext), - PKIX_COMCERTSELPARAMSGETNAMECONSTRAINTSFAILED); - - if (nameConstraints != NULL) { - - PKIX_CHECK(PKIX_PL_Cert_CheckNameConstraints - (cert, nameConstraints, plContext), - PKIX_CERTCHECKNAMECONSTRAINTSFAILED); - } - -cleanup: - if (PKIX_ERROR_RECEIVED) { - *pResult = PKIX_FALSE; - } - - PKIX_DECREF(nameConstraints); - PKIX_RETURN(CERTSELECTOR); -} - -/* - * FUNCTION: pkix_CertSelector_Match_PathToNames - * DESCRIPTION: - * - * Determines whether the names at pathToNames in "params" complies with the - * NameConstraints pointed to by "cert". If the pathToNames field is NULL - * or there is no name constraints for this "cert", no checking is done - * and the Cert is considered to match the name constraints criterion. - * If the Cert does not match the name constraints criterion, an Error - * pointer is returned. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams whose PathToNames field is used. - * Must be non-NULL. - * "cert" - * Address of Cert that is to be matched. Must be non-NULL. - * "pResult" - * Address of PKIX_Boolean that returns the match result. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -static PKIX_Error * -pkix_CertSelector_Match_PathToNames( - PKIX_ComCertSelParams *params, - PKIX_PL_Cert *cert, - PKIX_Boolean *pResult, - void *plContext) -{ - PKIX_List *pathToNamesList = NULL; - PKIX_Boolean passed = PKIX_FALSE; - PKIX_PL_CertNameConstraints *nameConstraints = NULL; - - PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_PathToNames"); - PKIX_NULLCHECK_THREE(params, cert, pResult); - - PKIX_CHECK(PKIX_ComCertSelParams_GetPathToNames - (params, &pathToNamesList, plContext), - PKIX_COMCERTSELPARAMSGETPATHTONAMESFAILED); - - if (pathToNamesList != NULL) { - - PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints - (cert, &nameConstraints, plContext), - PKIX_CERTGETNAMECONSTRAINTSFAILED); - - if (nameConstraints != NULL) { - - PKIX_CHECK(PKIX_PL_CertNameConstraints_CheckNamesInNameSpace - (pathToNamesList, nameConstraints, &passed, plContext), - PKIX_CERTNAMECONSTRAINTSCHECKNAMESINNAMESPACEFAILED); - - if (passed != PKIX_TRUE) { - *pResult = PKIX_FALSE; - PKIX_ERROR(PKIX_CERTSELECTORMATCHPATHTONAMESFAILED); - } - } - - } - -cleanup: - - PKIX_DECREF(nameConstraints); - PKIX_DECREF(pathToNamesList); - - PKIX_RETURN(CERTSELECTOR); -} - -/* - * FUNCTION: pkix_CertSelector_Match_SubjAltNames - * DESCRIPTION: - * - * Determines whether the names at subjAltNames in "params" match with the - * SubjAltNames pointed to by "cert". If the subjAltNames field is NULL, - * no name checking is done and the Cert is considered to match the - * criterion. If the Cert does not match the criterion, an Error pointer - * is returned. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams whose SubjAltNames field is used. - * Must be non-NULL. - * "cert" - * Address of Cert that is to be matched. Must be non-NULL. - * "pResult" - * Address of PKIX_Boolean that returns the match result. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -static PKIX_Error * -pkix_CertSelector_Match_SubjAltNames( - PKIX_ComCertSelParams *params, - PKIX_PL_Cert *cert, - PKIX_Boolean *pResult, - void *plContext) -{ - PKIX_List *subjAltNamesList = NULL; - PKIX_List *certSubjAltNames = NULL; - PKIX_PL_GeneralName *name = NULL; - PKIX_Boolean checkPassed = PKIX_FALSE; - PKIX_Boolean matchAll = PKIX_TRUE; - PKIX_UInt32 i, numItems; - PKIX_UInt32 matchCount = 0; - - PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_SubjAltNames"); - PKIX_NULLCHECK_THREE(params, cert, pResult); - - PKIX_CHECK(PKIX_ComCertSelParams_GetMatchAllSubjAltNames - (params, &matchAll, plContext), - PKIX_COMCERTSELPARAMSGETMATCHALLSUBJALTNAMESFAILED); - - PKIX_CHECK(PKIX_ComCertSelParams_GetSubjAltNames - (params, &subjAltNamesList, plContext), - PKIX_COMCERTSELPARAMSGETSUBJALTNAMESFAILED); - - if (subjAltNamesList != NULL) { - - PKIX_CHECK(PKIX_PL_Cert_GetSubjectAltNames - (cert, &certSubjAltNames, plContext), - PKIX_CERTGETSUBJALTNAMESFAILED); - - if (certSubjAltNames == NULL) { - *pResult = PKIX_FALSE; - PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJALTNAMESFAILED); - } - - PKIX_CHECK(PKIX_List_GetLength - (subjAltNamesList, &numItems, plContext), - PKIX_LISTGETLENGTHFAILED); - - for (i = 0; i < numItems; i++) { - - PKIX_CHECK(PKIX_List_GetItem - (subjAltNamesList, - i, - (PKIX_PL_Object **) &name, - plContext), - PKIX_LISTGETITEMFAILED); - - PKIX_CHECK(pkix_List_Contains - (certSubjAltNames, - (PKIX_PL_Object *) name, - &checkPassed, - plContext), - PKIX_LISTCONTAINSFAILED); - - PKIX_DECREF(name); - - if (checkPassed == PKIX_TRUE) { - - if (matchAll == PKIX_FALSE) { - /* one match is good enough */ - matchCount = numItems; - break; - } else { - /* else continue checking next */ - matchCount++; - } - - } - - } - - if (matchCount != numItems) { - *pResult = PKIX_FALSE; - PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJALTNAMESFAILED); - } - } - -cleanup: - - PKIX_DECREF(name); - PKIX_DECREF(certSubjAltNames); - PKIX_DECREF(subjAltNamesList); - - PKIX_RETURN(CERTSELECTOR); -} - -/* - * FUNCTION: pkix_CertSelector_Match_ExtendedKeyUsage - * DESCRIPTION: - * - * Determines whether the names at ExtKeyUsage in "params" matches with the - * ExtKeyUsage pointed to by "cert". If the ExtKeyUsage criterion or - * ExtKeyUsage in "cert" is NULL, no checking is done and the Cert is - * considered a match. If the Cert does not match, an Error pointer is - * returned. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams whose ExtKeyUsage field is used. - * Must be non-NULL. - * "cert" - * Address of Cert that is to be matched. Must be non-NULL. - * "pResult" - * Address of PKIX_Boolean that returns the match result. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -static PKIX_Error * -pkix_CertSelector_Match_ExtendedKeyUsage( - PKIX_ComCertSelParams *params, - PKIX_PL_Cert *cert, - PKIX_Boolean *pResult, - void *plContext) -{ - PKIX_List *extKeyUsageList = NULL; - PKIX_List *certExtKeyUsageList = NULL; - PKIX_PL_OID *ekuOid = NULL; - PKIX_Boolean isContained = PKIX_FALSE; - PKIX_UInt32 numItems = 0; - PKIX_UInt32 i; - - PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_ExtendedKeyUsage"); - PKIX_NULLCHECK_THREE(params, cert, pResult); - - PKIX_CHECK(PKIX_ComCertSelParams_GetExtendedKeyUsage - (params, &extKeyUsageList, plContext), - PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED); - - if (extKeyUsageList == NULL) { - goto cleanup; - } - - PKIX_CHECK(PKIX_PL_Cert_GetExtendedKeyUsage - (cert, &certExtKeyUsageList, plContext), - PKIX_CERTGETEXTENDEDKEYUSAGEFAILED); - - if (certExtKeyUsageList != NULL) { - - PKIX_CHECK(PKIX_List_GetLength - (extKeyUsageList, &numItems, plContext), - PKIX_LISTGETLENGTHFAILED); - - for (i = 0; i < numItems; i++) { - - PKIX_CHECK(PKIX_List_GetItem - (extKeyUsageList, i, (PKIX_PL_Object **)&ekuOid, plContext), - PKIX_LISTGETITEMFAILED); - - PKIX_CHECK(pkix_List_Contains - (certExtKeyUsageList, - (PKIX_PL_Object *)ekuOid, - &isContained, - plContext), - PKIX_LISTCONTAINSFAILED); - - PKIX_DECREF(ekuOid); - - if (isContained != PKIX_TRUE) { - *pResult = PKIX_FALSE; - PKIX_ERROR(PKIX_CERTSELECTORMATCHEXTENDEDKEYUSAGEFAILED); - } - } - } - -cleanup: - - PKIX_DECREF(ekuOid); - PKIX_DECREF(extKeyUsageList); - PKIX_DECREF(certExtKeyUsageList); - - PKIX_RETURN(CERTSELECTOR); -} - -/* - * FUNCTION: pkix_CertSelector_Match_KeyUsage - * DESCRIPTION: - * - * Determines whether the bits at KeyUsage in "params" matches with the - * KeyUsage pointed to by "cert". If the KeyUsage in params is 0 - * no checking is done and the Cert is considered a match. If the Cert does - * not match, an Error pointer is returned. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams whose ExtKeyUsage field is used. - * Must be non-NULL. - * "cert" - * Address of Cert that is to be matched. Must be non-NULL. - * "pResult" - * Address of PKIX_Boolean that returns the match result. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -static PKIX_Error * -pkix_CertSelector_Match_KeyUsage( - PKIX_ComCertSelParams *params, - PKIX_PL_Cert *cert, - PKIX_Boolean *pResult, - void *plContext) -{ - PKIX_UInt32 keyUsage = 0; - - PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_KeyUsage"); - PKIX_NULLCHECK_THREE(params, cert, pResult); - - PKIX_CHECK(PKIX_ComCertSelParams_GetKeyUsage - (params, &keyUsage, plContext), - PKIX_COMCERTSELPARAMSGETKEYUSAGEFAILED); - - if (keyUsage != 0) { - - PKIX_CHECK(PKIX_PL_Cert_VerifyKeyUsage - (cert, keyUsage, plContext), - PKIX_CERTVERIFYKEYUSAGEFAILED); - - } - -cleanup: - if (PKIX_ERROR_RECEIVED) { - *pResult = PKIX_FALSE; - } - - PKIX_RETURN(CERTSELECTOR); -} - -/* - * FUNCTION: pkix_CertSelector_Match_SubjKeyId - * DESCRIPTION: - * - * Determines whether the bytes at subjKeyId in "params" matches with the - * Subject Key Identifier pointed to by "cert". If the subjKeyId in params is - * set to NULL, no checking is done and the Cert is considered a match. If - * the Cert does not match, an Error pointer is returned. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams whose subjKeyId field is used. - * Must be non-NULL. - * "cert" - * Address of Cert that is to be matched. Must be non-NULL. - * "pResult" - * Address of PKIX_Boolean that returns the match result. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -static PKIX_Error * -pkix_CertSelector_Match_SubjKeyId( - PKIX_ComCertSelParams *params, - PKIX_PL_Cert *cert, - PKIX_Boolean *pResult, - void *plContext) -{ - PKIX_PL_ByteArray *selSubjKeyId = NULL; - PKIX_PL_ByteArray *certSubjKeyId = NULL; - PKIX_Boolean equals = PKIX_FALSE; - - PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_SubjKeyId"); - PKIX_NULLCHECK_THREE(params, cert, pResult); - - PKIX_CHECK(PKIX_ComCertSelParams_GetSubjKeyIdentifier - (params, &selSubjKeyId, plContext), - PKIX_COMCERTSELPARAMSGETSUBJKEYIDENTIFIERFAILED); - - if (selSubjKeyId != NULL) { - - PKIX_CHECK(PKIX_PL_Cert_GetSubjectKeyIdentifier - (cert, &certSubjKeyId, plContext), - PKIX_CERTGETSUBJECTKEYIDENTIFIERFAILED); - - if (certSubjKeyId == NULL) { - *pResult = PKIX_FALSE; - PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJKEYIDFAILED); - } - - PKIX_CHECK(PKIX_PL_Object_Equals - ((PKIX_PL_Object *)selSubjKeyId, - (PKIX_PL_Object *)certSubjKeyId, - &equals, - plContext), - PKIX_OBJECTEQUALSFAILED); - - if (equals != PKIX_TRUE) { - *pResult = PKIX_FALSE; - PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJKEYIDFAILED); - } - } - -cleanup: - - PKIX_DECREF(selSubjKeyId); - PKIX_DECREF(certSubjKeyId); - - PKIX_RETURN(CERTSELECTOR); -} - -/* - * FUNCTION: pkix_CertSelector_Match_AuthKeyId - * DESCRIPTION: - * - * Determines whether the bytes at authKeyId in "params" matches with the - * Authority Key Identifier pointed to by "cert". If the authKeyId in params - * is set to NULL, no checking is done and the Cert is considered a match. If - * the Cert does not match, an Error pointer is returned. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams whose authKeyId field is used. - * Must be non-NULL. - * "cert" - * Address of Cert that is to be matched. Must be non-NULL. - * "pResult" - * Address of PKIX_Boolean that returns the match result. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -static PKIX_Error * -pkix_CertSelector_Match_AuthKeyId( - PKIX_ComCertSelParams *params, - PKIX_PL_Cert *cert, - PKIX_Boolean *pResult, - void *plContext) -{ - PKIX_PL_ByteArray *selAuthKeyId = NULL; - PKIX_PL_ByteArray *certAuthKeyId = NULL; - PKIX_Boolean equals = PKIX_FALSE; - - PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_AuthKeyId"); - PKIX_NULLCHECK_THREE(params, cert, pResult); - - PKIX_CHECK(PKIX_ComCertSelParams_GetAuthorityKeyIdentifier - (params, &selAuthKeyId, plContext), - PKIX_COMCERTSELPARAMSGETAUTHORITYKEYIDENTIFIERFAILED); - - if (selAuthKeyId != NULL) { - - PKIX_CHECK(PKIX_PL_Cert_GetAuthorityKeyIdentifier - (cert, &certAuthKeyId, plContext), - PKIX_CERTGETAUTHORITYKEYIDENTIFIERFAILED); - - if (certAuthKeyId == NULL) { - *pResult = PKIX_FALSE; - PKIX_ERROR(PKIX_CERTSELECTORMATCHAUTHKEYIDFAILED); - } - PKIX_CHECK(PKIX_PL_Object_Equals - ((PKIX_PL_Object *)selAuthKeyId, - (PKIX_PL_Object *)certAuthKeyId, - &equals, - plContext), - PKIX_OBJECTEQUALSFAILED); - - if (equals != PKIX_TRUE) { - *pResult = PKIX_FALSE; - PKIX_ERROR(PKIX_CERTSELECTORMATCHAUTHKEYIDFAILED); - } - } - -cleanup: - - PKIX_DECREF(selAuthKeyId); - PKIX_DECREF(certAuthKeyId); - - PKIX_RETURN(CERTSELECTOR); -} - -/* - * FUNCTION: pkix_CertSelector_Match_SubjPKAlgId - * DESCRIPTION: - * - * Determines whether the OID at subjPKAlgId in "params" matches with the - * Subject Public Key Alg Id pointed to by "cert". If the subjPKAlgId in params - * is set to NULL, no checking is done and the Cert is considered a match. If - * the Cert does not match, an Error pointer is returned. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams whose subjPKAlgId field is used. - * Must be non-NULL. - * "cert" - * Address of Cert that is to be matched. Must be non-NULL. - * "pResult" - * Address of PKIX_Boolean that returns the match result. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -static PKIX_Error * -pkix_CertSelector_Match_SubjPKAlgId( - PKIX_ComCertSelParams *params, - PKIX_PL_Cert *cert, - PKIX_Boolean *pResult, - void *plContext) -{ - PKIX_PL_OID *selPKAlgId = NULL; - PKIX_PL_OID *certPKAlgId = NULL; - PKIX_Boolean equals = PKIX_FALSE; - - PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_SubjPKAlgId"); - PKIX_NULLCHECK_THREE(params, cert, pResult); - - PKIX_CHECK(PKIX_ComCertSelParams_GetSubjPKAlgId - (params, &selPKAlgId, plContext), - PKIX_COMCERTSELPARAMSGETSUBJPKALGIDFAILED); - - if (selPKAlgId != NULL) { - - PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKeyAlgId - (cert, &certPKAlgId, plContext), - PKIX_CERTGETSUBJECTPUBLICKEYALGIDFAILED); - - if (certPKAlgId != NULL) { - *pResult = PKIX_FALSE; - PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJPKALGIDFAILED); - } - PKIX_CHECK(PKIX_PL_Object_Equals - ((PKIX_PL_Object *)selPKAlgId, - (PKIX_PL_Object *)certPKAlgId, - &equals, - plContext), - PKIX_OBJECTEQUALSFAILED); - - if (equals != PKIX_TRUE) { - *pResult = PKIX_FALSE; - PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJPKALGIDFAILED); - } - } - -cleanup: - - PKIX_DECREF(selPKAlgId); - PKIX_DECREF(certPKAlgId); - - PKIX_RETURN(CERTSELECTOR); -} - -/* - * FUNCTION: pkix_CertSelector_Match_SubjPubKey - * DESCRIPTION: - * - * Determines whether the key at subjPubKey in "params" matches with the - * Subject Public Key pointed to by "cert". If the subjPubKey in params - * is set to NULL, no checking is done and the Cert is considered a match. If - * the Cert does not match, an Error pointer is returned. - * - * PARAMETERS: - * "params" - * Address of ComCertSelParams whose subPubKey field is used. - * Must be non-NULL. - * "cert" - * Address of Cert that is to be matched. Must be non-NULL. - * "pResult" - * Address of PKIX_Boolean that returns the match result. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -static PKIX_Error * -pkix_CertSelector_Match_SubjPubKey( - PKIX_ComCertSelParams *params, - PKIX_PL_Cert *cert, - PKIX_Boolean *pResult, - void *plContext) -{ - PKIX_PL_PublicKey *selPK = NULL; - PKIX_PL_PublicKey *certPK = NULL; - PKIX_Boolean equals = PKIX_FALSE; - - PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_SubjPubKey"); - PKIX_NULLCHECK_THREE(params, cert, pResult); - - PKIX_CHECK(PKIX_ComCertSelParams_GetSubjPubKey - (params, &selPK, plContext), - PKIX_COMCERTSELPARAMSGETSUBJPUBKEYFAILED); - - if (selPK != NULL) { - - PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKey - (cert, &certPK, plContext), - PKIX_CERTGETSUBJECTPUBLICKEYFAILED); - - if (certPK == NULL) { - *pResult = PKIX_FALSE; - PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJPUBKEYFAILED); - } - PKIX_CHECK(PKIX_PL_Object_Equals - ((PKIX_PL_Object *)selPK, - (PKIX_PL_Object *)certPK, - &equals, - plContext), - PKIX_OBJECTEQUALSFAILED); - - if (equals != PKIX_TRUE) { - *pResult = PKIX_FALSE; - PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJPUBKEYFAILED); - } - } - -cleanup: - - PKIX_DECREF(selPK); - PKIX_DECREF(certPK); - - PKIX_RETURN(CERTSELECTOR); -} - -/* - * FUNCTION: pkix_CertSelector_DefaultMatch - * DESCRIPTION: - * - * This default match function determines whether the specified Cert pointed - * to by "cert" matches the criteria of the CertSelector pointed to by - * "selector". If the Cert does not match the CertSelector's - * criteria, an error will be thrown. - * - * This default match function understands how to process the most common - * parameters. Any common parameter that is not set is assumed to be disabled, - * which means this function will select all certificates without regard to - * that particular disabled parameter. For example, if the SerialNumber - * parameter is not set, this function will not filter out any certificate - * based on its serial number. As such, if no parameters are set, all are - * disabled and any certificate will match. If a parameter is disabled, its - * associated PKIX_ComCertSelParams_Get* function returns a default value. - * That value is -1 for PKIX_ComCertSelParams_GetBasicConstraints and - * PKIX_ComCertSelParams_GetVersion, 0 for PKIX_ComCertSelParams_GetKeyUsage, - * and NULL for all other Get functions. - * - * PARAMETERS: - * "selector" - * Address of CertSelector whose MatchCallback logic and parameters are - * to be used. Must be non-NULL. - * "cert" - * Address of Cert that is to be matched using "selector". - * Must be non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Conditionally Thread Safe - * (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -static PKIX_Error * -pkix_CertSelector_DefaultMatch( - PKIX_CertSelector *selector, - PKIX_PL_Cert *cert, - void *plContext) -{ - PKIX_ComCertSelParams *params = NULL; - PKIX_PL_X500Name *certSubject = NULL; - PKIX_PL_X500Name *selSubject = NULL; - PKIX_PL_X500Name *certIssuer = NULL; - PKIX_PL_X500Name *selIssuer = NULL; - PKIX_PL_BigInt *certSerialNumber = NULL; - PKIX_PL_BigInt *selSerialNumber = NULL; - PKIX_PL_Cert *selCert = NULL; - PKIX_PL_Date *selDate = NULL; - PKIX_UInt32 selVersion = 0xFFFFFFFF; - PKIX_UInt32 certVersion = 0; - PKIX_Boolean result = PKIX_TRUE; - PKIX_Boolean isLeafCert = PKIX_TRUE; - -#ifdef PKIX_BUILDDEBUG - PKIX_PL_String *certString = NULL; - void *certAscii = NULL; - PKIX_UInt32 certAsciiLen; -#endif - - PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_DefaultMatch"); - PKIX_NULLCHECK_TWO(selector, cert); - - PKIX_INCREF(selector->params); - params = selector->params; - - /* Are we looking for CAs? */ - PKIX_CHECK(PKIX_ComCertSelParams_GetLeafCertFlag - (params, &isLeafCert, plContext), - PKIX_COMCERTSELPARAMSGETLEAFCERTFLAGFAILED); - - if (params == NULL){ - goto cleanup; - } - - PKIX_CHECK(PKIX_ComCertSelParams_GetVersion - (params, &selVersion, plContext), - PKIX_COMCERTSELPARAMSGETVERSIONFAILED); - - if (selVersion != 0xFFFFFFFF){ - PKIX_CHECK(PKIX_PL_Cert_GetVersion - (cert, &certVersion, plContext), - PKIX_CERTGETVERSIONFAILED); - - if (selVersion != certVersion) { - PKIX_ERROR(PKIX_CERTSELECTORMATCHCERTVERSIONFAILED); - } - } - - PKIX_CHECK(PKIX_ComCertSelParams_GetSubject - (params, &selSubject, plContext), - PKIX_COMCERTSELPARAMSGETSUBJECTFAILED); - - if (selSubject){ - PKIX_CHECK(PKIX_PL_Cert_GetSubject - (cert, &certSubject, plContext), - PKIX_CERTGETSUBJECTFAILED); - - if (certSubject){ - PKIX_CHECK(PKIX_PL_X500Name_Match - (selSubject, certSubject, &result, plContext), - PKIX_X500NAMEMATCHFAILED); - - if (result == PKIX_FALSE){ - PKIX_ERROR(PKIX_CERTSELECTORMATCHCERTSUBJECTFAILED); - } - } else { /* cert has no subject */ - PKIX_ERROR(PKIX_CERTSELECTORMATCHCERTSUBJECTFAILED); - } - } - - PKIX_CHECK(PKIX_ComCertSelParams_GetIssuer - (params, &selIssuer, plContext), - PKIX_COMCERTSELPARAMSGETISSUERFAILED); - - if (selIssuer){ - PKIX_CHECK(PKIX_PL_Cert_GetIssuer - (cert, &certIssuer, plContext), - PKIX_CERTGETISSUERFAILED); - - PKIX_CHECK(PKIX_PL_X500Name_Match - (selIssuer, certIssuer, &result, plContext), - PKIX_X500NAMEMATCHFAILED); - - if (result == PKIX_FALSE){ - PKIX_ERROR(PKIX_CERTSELECTORMATCHCERTISSUERFAILED); - } - } - - PKIX_CHECK(PKIX_ComCertSelParams_GetSerialNumber - (params, &selSerialNumber, plContext), - PKIX_COMCERTSELPARAMSGETSERIALNUMBERFAILED); - - if (selSerialNumber){ - PKIX_CHECK(PKIX_PL_Cert_GetSerialNumber - (cert, &certSerialNumber, plContext), - PKIX_CERTGETSERIALNUMBERFAILED); - - PKIX_CHECK(PKIX_PL_Object_Equals - ((PKIX_PL_Object *)selSerialNumber, - (PKIX_PL_Object *)certSerialNumber, - &result, - plContext), - PKIX_OBJECTEQUALSFAILED); - - if (result == PKIX_FALSE){ - PKIX_ERROR(PKIX_CERTSELECTORMATCHCERTSERIALNUMFAILED); - } - } - - PKIX_CHECK(PKIX_ComCertSelParams_GetCertificate - (params, &selCert, plContext), - PKIX_COMCERTSELPARAMSGETCERTIFICATEFAILED); - - if (selCert){ - PKIX_CHECK(PKIX_PL_Object_Equals - ((PKIX_PL_Object *) selCert, - (PKIX_PL_Object *) cert, - &result, - plContext), - PKIX_OBJECTEQUALSFAILED); - - if (result == PKIX_FALSE){ - PKIX_ERROR(PKIX_CERTSELECTORMATCHCERTOBJECTFAILED); - } - } - - PKIX_CHECK(PKIX_ComCertSelParams_GetCertificateValid - (params, &selDate, plContext), - PKIX_COMCERTSELPARAMSGETCERTIFICATEVALIDFAILED); - - if (selDate){ - PKIX_CHECK(PKIX_PL_Cert_CheckValidity - (cert, selDate, plContext), - PKIX_CERTCHECKVALIDITYFAILED); - } - - PKIX_CHECK(pkix_CertSelector_Match_BasicConstraint - (params, cert, &result, plContext), - PKIX_CERTSELECTORMATCHBASICCONSTRAINTFAILED); - - PKIX_CHECK(pkix_CertSelector_Match_Policies - (params, cert, &result, plContext), - PKIX_CERTSELECTORMATCHPOLICIESFAILED); - - PKIX_CHECK(pkix_CertSelector_Match_CertificateValid - (params, cert, &result, plContext), - PKIX_CERTSELECTORMATCHCERTIFICATEVALIDFAILED); - - PKIX_CHECK(pkix_CertSelector_Match_NameConstraints - (params, cert, &result, plContext), - PKIX_CERTSELECTORMATCHNAMECONSTRAINTSFAILED); - - PKIX_CHECK(pkix_CertSelector_Match_PathToNames - (params, cert, &result, plContext), - PKIX_CERTSELECTORMATCHPATHTONAMESFAILED); - - PKIX_CHECK(pkix_CertSelector_Match_SubjAltNames - (params, cert, &result, plContext), - PKIX_CERTSELECTORMATCHSUBJALTNAMESFAILED); - - /* Check key usage and cert type based on certificate usage. */ - PKIX_CHECK(PKIX_PL_Cert_VerifyCertAndKeyType(cert, !isLeafCert, - plContext), - PKIX_CERTVERIFYCERTTYPEFAILED); - - /* Next two check are for user supplied additional KU and EKU. */ - PKIX_CHECK(pkix_CertSelector_Match_ExtendedKeyUsage - (params, cert, &result, plContext), - PKIX_CERTSELECTORMATCHEXTENDEDKEYUSAGEFAILED); - - PKIX_CHECK(pkix_CertSelector_Match_KeyUsage - (params, cert, &result, plContext), - PKIX_CERTSELECTORMATCHKEYUSAGEFAILED); - - PKIX_CHECK(pkix_CertSelector_Match_SubjKeyId - (params, cert, &result, plContext), - PKIX_CERTSELECTORMATCHSUBJKEYIDFAILED); - - PKIX_CHECK(pkix_CertSelector_Match_AuthKeyId - (params, cert, &result, plContext), - PKIX_CERTSELECTORMATCHAUTHKEYIDFAILED); - - PKIX_CHECK(pkix_CertSelector_Match_SubjPKAlgId - (params, cert, &result, plContext), - PKIX_CERTSELECTORMATCHSUBJPKALGIDFAILED); - - PKIX_CHECK(pkix_CertSelector_Match_SubjPubKey - (params, cert, &result, plContext), - PKIX_CERTSELECTORMATCHSUBJPUBKEYFAILED); - - /* if we reach here, the cert has successfully matched criteria */ - - -#ifdef PKIX_BUILDDEBUG - - PKIX_CHECK(pkix_pl_Cert_ToString_Helper - (cert, PKIX_TRUE, &certString, plContext), - PKIX_CERTTOSTRINGHELPERFAILED); - - PKIX_CHECK(PKIX_PL_String_GetEncoded - (certString, - PKIX_ESCASCII, - &certAscii, - &certAsciiLen, - plContext), - PKIX_STRINGGETENCODEDFAILED); - - PKIX_CERTSELECTOR_DEBUG_ARG("Cert Selected:\n%s\n", certAscii); - -#endif - -cleanup: - -#ifdef PKIX_BUILDDEBUG - PKIX_DECREF(certString); - PKIX_FREE(certAscii); -#endif - - PKIX_DECREF(certSubject); - PKIX_DECREF(selSubject); - PKIX_DECREF(certIssuer); - PKIX_DECREF(selIssuer); - PKIX_DECREF(certSerialNumber); - PKIX_DECREF(selSerialNumber); - PKIX_DECREF(selCert); - PKIX_DECREF(selDate); - PKIX_DECREF(params); - PKIX_RETURN(CERTSELECTOR); -} - -/* - * FUNCTION: pkix_CertSelector_RegisterSelf - * DESCRIPTION: - * Registers PKIX_CERTSELECTOR_TYPE and its related functions with - * systemClasses[] - * THREAD SAFETY: - * Not Thread Safe - for performance and complexity reasons - * - * Since this function is only called by PKIX_PL_Initialize, which should - * only be called once, it is acceptable that this function is not - * thread-safe. - */ -PKIX_Error * -pkix_CertSelector_RegisterSelf(void *plContext) -{ - extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES]; - pkix_ClassTable_Entry entry; - - PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_RegisterSelf"); - - entry.description = "CertSelector"; - entry.objCounter = 0; - entry.typeObjectSize = sizeof(PKIX_CertSelector); - entry.destructor = pkix_CertSelector_Destroy; - entry.equalsFunction = NULL; - entry.hashcodeFunction = NULL; - entry.toStringFunction = NULL; - entry.comparator = NULL; - entry.duplicateFunction = pkix_CertSelector_Duplicate; - - systemClasses[PKIX_CERTSELECTOR_TYPE] = entry; - - PKIX_RETURN(CERTSELECTOR); -} - -/* --Public-Functions--------------------------------------------- */ - - -/* - * FUNCTION: PKIX_CertSelector_Create (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_CertSelector_Create( - PKIX_CertSelector_MatchCallback callback, - PKIX_PL_Object *certSelectorContext, - PKIX_CertSelector **pSelector, - void *plContext) -{ - PKIX_CertSelector *selector = NULL; - - PKIX_ENTER(CERTSELECTOR, "PKIX_CertSelector_Create"); - PKIX_NULLCHECK_ONE(pSelector); - - PKIX_CHECK(PKIX_PL_Object_Alloc - (PKIX_CERTSELECTOR_TYPE, - sizeof (PKIX_CertSelector), - (PKIX_PL_Object **)&selector, - plContext), - PKIX_COULDNOTCREATECERTSELECTOROBJECT); - - /* - * if user specified a particular match callback, we use that one. - * otherwise, we use the default match implementation which - * understands how to process PKIX_ComCertSelParams - */ - - if (callback){ - selector->matchCallback = callback; - } else { - selector->matchCallback = pkix_CertSelector_DefaultMatch; - } - - /* initialize other fields */ - selector->params = NULL; - - PKIX_INCREF(certSelectorContext); - selector->context = certSelectorContext; - - *pSelector = selector; - -cleanup: - - PKIX_RETURN(CERTSELECTOR); - -} - -/* - * FUNCTION: PKIX_CertSelector_GetMatchCallback - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_CertSelector_GetMatchCallback( - PKIX_CertSelector *selector, - PKIX_CertSelector_MatchCallback *pCallback, - void *plContext) -{ - PKIX_ENTER(CERTSELECTOR, "PKIX_CertSelector_GetMatchCallback"); - PKIX_NULLCHECK_TWO(selector, pCallback); - - *pCallback = selector->matchCallback; - - PKIX_RETURN(CERTSELECTOR); -} - -/* - * FUNCTION: PKIX_CertSelector_GetCertSelectorContext - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_CertSelector_GetCertSelectorContext( - PKIX_CertSelector *selector, - PKIX_PL_Object **pCertSelectorContext, - void *plContext) -{ - PKIX_ENTER(CERTSELECTOR, "PKIX_CertSelector_GetCertSelectorContext"); - PKIX_NULLCHECK_TWO(selector, pCertSelectorContext); - - PKIX_INCREF(selector->context); - - *pCertSelectorContext = selector->context; - -cleanup: - PKIX_RETURN(CERTSELECTOR); -} - -/* - * FUNCTION: PKIX_CertSelector_GetCommonCertSelectorParams - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_CertSelector_GetCommonCertSelectorParams( - PKIX_CertSelector *selector, - PKIX_ComCertSelParams **pParams, - void *plContext) -{ - PKIX_ENTER(CERTSELECTOR, - "PKIX_CertSelector_GetCommonCertSelectorParams"); - - PKIX_NULLCHECK_TWO(selector, pParams); - - PKIX_INCREF(selector->params); - *pParams = selector->params; - -cleanup: - PKIX_RETURN(CERTSELECTOR); - -} - -/* - * FUNCTION: PKIX_CertSelector_SetCommonCertSelectorParams - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_CertSelector_SetCommonCertSelectorParams( - PKIX_CertSelector *selector, - PKIX_ComCertSelParams *params, - void *plContext) -{ - PKIX_ENTER(CERTSELECTOR, - "PKIX_CertSelector_SetCommonCertSelectorParams"); - - PKIX_NULLCHECK_ONE(selector); - - PKIX_DECREF(selector->params); - PKIX_INCREF(params); - selector->params = params; - - PKIX_CHECK(PKIX_PL_Object_InvalidateCache - ((PKIX_PL_Object *)selector, plContext), - PKIX_OBJECTINVALIDATECACHEFAILED); - -cleanup: - - PKIX_RETURN(CERTSELECTOR); - -} - -/* - * FUNCTION: pkix_CertSelector_Select - * DESCRIPTION: - * - * This function applies the selector pointed to by "selector" to each Cert, - * in turn, in the List pointed to by "before", and creates a List containing - * all the Certs that matched, or passed the selection process, storing that - * List at "pAfter". If no Certs match, an empty List is stored at "pAfter". - * - * The List returned in "pAfter" is immutable. - * - * PARAMETERS: - * "selector" - * Address of CertSelelector to be applied to the List. Must be non-NULL. - * "before" - * Address of List that is to be filtered. Must be non-NULL. - * "pAfter" - * Address at which resulting List, possibly empty, is stored. Must be - * non-NULL. - * "plContext" - * Platform-specific context pointer. - * THREAD SAFETY: - * Thread Safe (see Thread Safety Definitions in Programmer's Guide) - * RETURNS: - * Returns NULL if the function succeeds. - * Returns a CertSelector Error if the function fails in a non-fatal way. - * Returns a Fatal Error if the function fails in an unrecoverable way. - */ -PKIX_Error * -pkix_CertSelector_Select( - PKIX_CertSelector *selector, - PKIX_List *before, - PKIX_List **pAfter, - void *plContext) -{ - PKIX_UInt32 numBefore = 0; - PKIX_UInt32 i = 0; - PKIX_List *filtered = NULL; - PKIX_PL_Cert *candidate = NULL; - - PKIX_ENTER(CERTSELECTOR, "PKIX_CertSelector_Select"); - PKIX_NULLCHECK_THREE(selector, before, pAfter); - - PKIX_CHECK(PKIX_List_Create(&filtered, plContext), - PKIX_LISTCREATEFAILED); - - PKIX_CHECK(PKIX_List_GetLength(before, &numBefore, plContext), - PKIX_LISTGETLENGTHFAILED); - - for (i = 0; i < numBefore; i++) { - - PKIX_CHECK(PKIX_List_GetItem - (before, i, (PKIX_PL_Object **)&candidate, plContext), - PKIX_LISTGETITEMFAILED); - - PKIX_CHECK_ONLY_FATAL(selector->matchCallback - (selector, candidate, plContext), - PKIX_CERTSELECTORMATCHCALLBACKFAILED); - - if (!(PKIX_ERROR_RECEIVED)) { - - PKIX_CHECK_ONLY_FATAL(PKIX_List_AppendItem - (filtered, - (PKIX_PL_Object *)candidate, - plContext), - PKIX_LISTAPPENDITEMFAILED); - } - - pkixTempErrorReceived = PKIX_FALSE; - PKIX_DECREF(candidate); - } - - PKIX_CHECK(PKIX_List_SetImmutable(filtered, plContext), - PKIX_LISTSETIMMUTABLEFAILED); - - /* Don't throw away the list if one Cert was bad! */ - pkixTempErrorReceived = PKIX_FALSE; - - *pAfter = filtered; - filtered = NULL; - -cleanup: - - PKIX_DECREF(filtered); - PKIX_DECREF(candidate); - - PKIX_RETURN(CERTSELECTOR); - -} diff --git a/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.h b/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.h deleted file mode 100755 index 28676b9cd..000000000 --- a/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.h +++ /dev/null @@ -1,74 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the PKIX-C library. - * - * The Initial Developer of the Original Code is - * Sun Microsystems, Inc. - * Portions created by the Initial Developer are - * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sun Microsystems, Inc. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* - * pkix_certselector.h - * - * CertSelector Object Type Definition - * - */ - -#ifndef _PKIX_CERTSELECTOR_H -#define _PKIX_CERTSELECTOR_H - -#include "pkix_tools.h" - -#ifdef __cplusplus -extern "C" { -#endif - -struct PKIX_CertSelectorStruct { - PKIX_CertSelector_MatchCallback matchCallback; - PKIX_ComCertSelParams *params; - PKIX_PL_Object *context; -}; - -/* see source file for function documentation */ - -PKIX_Error * -pkix_CertSelector_Select( - PKIX_CertSelector *selector, - PKIX_List *before, - PKIX_List **pAfter, - void *plContext); - -PKIX_Error *pkix_CertSelector_RegisterSelf(void *plContext); - -#ifdef __cplusplus -} -#endif - -#endif /* _PKIX_CERTSELECTOR_H */ diff --git a/security/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.c b/security/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.c deleted file mode 100755 index 7f8aa90c9..000000000 --- a/security/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.c +++ /dev/null @@ -1,1221 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the PKIX-C library. - * - * The Initial Developer of the Original Code is - * Sun Microsystems, Inc. - * Portions created by the Initial Developer are - * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sun Microsystems, Inc. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* - * pkix_comcertselparams.c - * - * ComCertSelParams Object Functions - * - */ - -#include "pkix_comcertselparams.h" - -/* --Private-Functions-------------------------------------------- */ - -/* - * FUNCTION: pkix_ComCertSelParams_Destroy - * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h) - */ -static PKIX_Error * -pkix_ComCertSelParams_Destroy( - PKIX_PL_Object *object, - void *plContext) -{ - PKIX_ComCertSelParams *params = NULL; - - PKIX_ENTER(COMCERTSELPARAMS, "pkix_ComCertSelParams_Destroy"); - PKIX_NULLCHECK_ONE(object); - - /* Check that this object is a comCertSelParams object */ - PKIX_CHECK(pkix_CheckType - (object, PKIX_COMCERTSELPARAMS_TYPE, plContext), - PKIX_OBJECTNOTCOMCERTSELPARAMS); - - params = (PKIX_ComCertSelParams *)object; - - PKIX_DECREF(params->subject); - PKIX_DECREF(params->policies); - PKIX_DECREF(params->cert); - PKIX_DECREF(params->nameConstraints); - PKIX_DECREF(params->pathToNames); - PKIX_DECREF(params->subjAltNames); - PKIX_DECREF(params->date); - PKIX_DECREF(params->extKeyUsage); - PKIX_DECREF(params->certValid); - PKIX_DECREF(params->issuer); - PKIX_DECREF(params->serialNumber); - PKIX_DECREF(params->authKeyId); - PKIX_DECREF(params->subjKeyId); - PKIX_DECREF(params->subjPubKey); - PKIX_DECREF(params->subjPKAlgId); - -cleanup: - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: pkix_ComCertSelParams_Duplicate - * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h) - */ -static PKIX_Error * -pkix_ComCertSelParams_Duplicate( - PKIX_PL_Object *object, - PKIX_PL_Object **pNewObject, - void *plContext) -{ - PKIX_ComCertSelParams *params = NULL; - PKIX_ComCertSelParams *paramsDuplicate = NULL; - - PKIX_ENTER(COMCERTSELPARAMS, "pkix_ComCertSelParams_Duplicate"); - PKIX_NULLCHECK_TWO(object, pNewObject); - - PKIX_CHECK(pkix_CheckType - (object, PKIX_COMCERTSELPARAMS_TYPE, plContext), - PKIX_OBJECTNOTCOMCERTSELPARAMS); - - params = (PKIX_ComCertSelParams *)object; - - PKIX_CHECK(PKIX_ComCertSelParams_Create(¶msDuplicate, plContext), - PKIX_COMCERTSELPARAMSCREATEFAILED); - - paramsDuplicate->minPathLength = params->minPathLength; - paramsDuplicate->matchAllSubjAltNames = params->matchAllSubjAltNames; - - PKIX_DUPLICATE(params->subject, ¶msDuplicate->subject, plContext, - PKIX_OBJECTDUPLICATEFAILED); - - PKIX_DUPLICATE(params->policies, ¶msDuplicate->policies, plContext, - PKIX_OBJECTDUPLICATEFAILED); - - if (params->cert){ - PKIX_CHECK(PKIX_PL_Object_Duplicate - ((PKIX_PL_Object *)params->cert, - (PKIX_PL_Object **)¶msDuplicate->cert, - plContext), - PKIX_OBJECTDUPLICATEFAILED); - } - - PKIX_DUPLICATE - (params->nameConstraints, - ¶msDuplicate->nameConstraints, - plContext, - PKIX_OBJECTDUPLICATEFAILED); - - PKIX_DUPLICATE - (params->pathToNames, - ¶msDuplicate->pathToNames, - plContext, - PKIX_OBJECTDUPLICATEFAILED); - - PKIX_DUPLICATE - (params->subjAltNames, - ¶msDuplicate->subjAltNames, - plContext, - PKIX_OBJECTDUPLICATEFAILED); - - if (params->date){ - PKIX_CHECK(PKIX_PL_Object_Duplicate - ((PKIX_PL_Object *)params->date, - (PKIX_PL_Object **)¶msDuplicate->date, - plContext), - PKIX_OBJECTDUPLICATEFAILED); - } - - paramsDuplicate->keyUsage = params->keyUsage; - - PKIX_DUPLICATE(params->certValid, - ¶msDuplicate->certValid, - plContext, - PKIX_OBJECTDUPLICATEFAILED); - - PKIX_DUPLICATE(params->issuer, - ¶msDuplicate->issuer, - plContext, - PKIX_OBJECTDUPLICATEFAILED); - - PKIX_DUPLICATE(params->serialNumber, - ¶msDuplicate->serialNumber, - plContext, - PKIX_OBJECTDUPLICATEFAILED); - - PKIX_DUPLICATE(params->authKeyId, - ¶msDuplicate->authKeyId, - plContext, - PKIX_OBJECTDUPLICATEFAILED); - - PKIX_DUPLICATE(params->subjKeyId, - ¶msDuplicate->subjKeyId, - plContext, - PKIX_OBJECTDUPLICATEFAILED); - - PKIX_DUPLICATE(params->subjPubKey, - ¶msDuplicate->subjPubKey, - plContext, - PKIX_OBJECTDUPLICATEFAILED); - - PKIX_DUPLICATE(params->subjPKAlgId, - ¶msDuplicate->subjPKAlgId, - plContext, - PKIX_OBJECTDUPLICATEFAILED); - - paramsDuplicate->leafCertFlag = params->leafCertFlag; - - *pNewObject = (PKIX_PL_Object *)paramsDuplicate; - -cleanup: - - if (PKIX_ERROR_RECEIVED){ - PKIX_DECREF(paramsDuplicate); - } - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: pkix_ComCertSelParams_RegisterSelf - * DESCRIPTION: - * Registers PKIX_COMCERTSELPARAMS_TYPE and its related functions with - * systemClasses[] - * THREAD SAFETY: - * Not Thread Safe - for performance and complexity reasons - * - * Since this function is only called by PKIX_PL_Initialize, which should - * only be called once, it is acceptable that this function is not - * thread-safe. - */ -PKIX_Error * -pkix_ComCertSelParams_RegisterSelf(void *plContext) -{ - extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES]; - pkix_ClassTable_Entry* entry = &systemClasses[PKIX_COMCERTSELPARAMS_TYPE]; - - PKIX_ENTER(COMCERTSELPARAMS, "pkix_ComCertSelParams_RegisterSelf"); - - entry->description = "ComCertSelParams"; - entry->typeObjectSize = sizeof(PKIX_ComCertSelParams); - entry->destructor = pkix_ComCertSelParams_Destroy; - entry->duplicateFunction = pkix_ComCertSelParams_Duplicate; - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* --Public-Functions--------------------------------------------- */ - - -/* - * FUNCTION: PKIX_ComCertSelParams_Create (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_Create( - PKIX_ComCertSelParams **pParams, - void *plContext) -{ - PKIX_ComCertSelParams *params = NULL; - - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_Create"); - PKIX_NULLCHECK_ONE(pParams); - - PKIX_CHECK(PKIX_PL_Object_Alloc - (PKIX_COMCERTSELPARAMS_TYPE, - sizeof (PKIX_ComCertSelParams), - (PKIX_PL_Object **)¶ms, - plContext), - PKIX_COULDNOTCREATECOMMONCERTSELPARAMSOBJECT); - - /* initialize fields */ - params->version = 0xFFFFFFFF; - params->minPathLength = -1; - params->matchAllSubjAltNames = PKIX_TRUE; - params->subject = NULL; - params->policies = NULL; - params->cert = NULL; - params->nameConstraints = NULL; - params->pathToNames = NULL; - params->subjAltNames = NULL; - params->extKeyUsage = NULL; - params->keyUsage = 0; - params->extKeyUsage = NULL; - params->keyUsage = 0; - params->date = NULL; - params->certValid = NULL; - params->issuer = NULL; - params->serialNumber = NULL; - params->authKeyId = NULL; - params->subjKeyId = NULL; - params->subjPubKey = NULL; - params->subjPKAlgId = NULL; - params->leafCertFlag = PKIX_FALSE; - - *pParams = params; - -cleanup: - - PKIX_RETURN(COMCERTSELPARAMS); - -} - -/* - * FUNCTION: PKIX_ComCertSelParams_GetSubject (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_GetSubject( - PKIX_ComCertSelParams *params, - PKIX_PL_X500Name **pSubject, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetSubject"); - PKIX_NULLCHECK_TWO(params, pSubject); - - PKIX_INCREF(params->subject); - - *pSubject = params->subject; - -cleanup: - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_SetSubject (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_SetSubject( - PKIX_ComCertSelParams *params, - PKIX_PL_X500Name *subject, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetSubject"); - PKIX_NULLCHECK_ONE(params); - - PKIX_DECREF(params->subject); - - PKIX_INCREF(subject); - - params->subject = subject; - - PKIX_CHECK(PKIX_PL_Object_InvalidateCache - ((PKIX_PL_Object *)params, plContext), - PKIX_OBJECTINVALIDATECACHEFAILED); - -cleanup: - - PKIX_RETURN(COMCERTSELPARAMS); -} - - -/* - * FUNCTION: PKIX_ComCertSelParams_GetBasicConstraints - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_GetBasicConstraints( - PKIX_ComCertSelParams *params, - PKIX_Int32 *pMinPathLength, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, - "PKIX_ComCertSelParams_GetBasicConstraints"); - PKIX_NULLCHECK_TWO(params, pMinPathLength); - - *pMinPathLength = params->minPathLength; - - PKIX_RETURN(COMCERTSELPARAMS); -} - - -/* - * FUNCTION: PKIX_ComCertSelParams_SetBasicConstraints - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_SetBasicConstraints( - PKIX_ComCertSelParams *params, - PKIX_Int32 minPathLength, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, - "PKIX_ComCertSelParams_SetBasicConstraints"); - PKIX_NULLCHECK_ONE(params); - - params->minPathLength = minPathLength; - - PKIX_CHECK(PKIX_PL_Object_InvalidateCache - ((PKIX_PL_Object *)params, plContext), - PKIX_OBJECTINVALIDATECACHEFAILED); - -cleanup: - - PKIX_RETURN(COMCERTSELPARAMS); -} - - -/* - * FUNCTION: PKIX_ComCertSelParams_GetPolicy (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_GetPolicy( - PKIX_ComCertSelParams *params, - PKIX_List **pPolicy, /* List of PKIX_PL_OID */ - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetPolicy"); - PKIX_NULLCHECK_TWO(params, pPolicy); - - PKIX_INCREF(params->policies); - *pPolicy = params->policies; - -cleanup: - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_SetPolicy (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_SetPolicy( - PKIX_ComCertSelParams *params, - PKIX_List *policy, /* List of PKIX_PL_OID */ - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetPolicy"); - PKIX_NULLCHECK_ONE(params); - - PKIX_DECREF(params->policies); - PKIX_INCREF(policy); - params->policies = policy; - - PKIX_CHECK(PKIX_PL_Object_InvalidateCache - ((PKIX_PL_Object *)params, plContext), - PKIX_OBJECTINVALIDATECACHEFAILED); -cleanup: - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_GetCertificate - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_GetCertificate( - PKIX_ComCertSelParams *params, - PKIX_PL_Cert **pCert, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetCertificate"); - PKIX_NULLCHECK_TWO(params, pCert); - - PKIX_INCREF(params->cert); - *pCert = params->cert; - -cleanup: - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_SetCertificate - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_SetCertificate( - PKIX_ComCertSelParams *params, - PKIX_PL_Cert *cert, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetCertificate"); - PKIX_NULLCHECK_ONE(params); - - PKIX_DECREF(params->cert); - PKIX_INCREF(cert); - params->cert = cert; - - PKIX_CHECK(PKIX_PL_Object_InvalidateCache - ((PKIX_PL_Object *)params, plContext), - PKIX_OBJECTINVALIDATECACHEFAILED); -cleanup: - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_GetCertificateValid - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_GetCertificateValid( - PKIX_ComCertSelParams *params, - PKIX_PL_Date **pDate, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, - "PKIX_ComCertSelParams_GetCertificateValid"); - - PKIX_NULLCHECK_TWO(params, pDate); - - PKIX_INCREF(params->date); - *pDate = params->date; - -cleanup: - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_SetCertificateValid - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_SetCertificateValid( - PKIX_ComCertSelParams *params, - PKIX_PL_Date *date, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, - "PKIX_ComCertSelParams_SetCertificateValid"); - PKIX_NULLCHECK_ONE(params); - - PKIX_DECREF(params->date); - PKIX_INCREF(date); - params->date = date; - - PKIX_CHECK(PKIX_PL_Object_InvalidateCache - ((PKIX_PL_Object *)params, plContext), - PKIX_OBJECTINVALIDATECACHEFAILED); -cleanup: - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_GetNameConstraints - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_GetNameConstraints( - PKIX_ComCertSelParams *params, - PKIX_PL_CertNameConstraints **pNameConstraints, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, - "PKIX_ComCertSelParams_GetNameConstraints"); - PKIX_NULLCHECK_TWO(params, pNameConstraints); - - PKIX_INCREF(params->nameConstraints); - - *pNameConstraints = params->nameConstraints; - -cleanup: - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_SetNameConstraints - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_SetNameConstraints( - PKIX_ComCertSelParams *params, - PKIX_PL_CertNameConstraints *nameConstraints, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, - "PKIX_ComCertSelParams_SetNameConstraints"); - PKIX_NULLCHECK_ONE(params); - - PKIX_DECREF(params->nameConstraints); - PKIX_INCREF(nameConstraints); - params->nameConstraints = nameConstraints; - - PKIX_CHECK(PKIX_PL_Object_InvalidateCache - ((PKIX_PL_Object *)params, plContext), - PKIX_OBJECTINVALIDATECACHEFAILED); - -cleanup: - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_GetPathToNames - * (see comments in pkix_certsel.h) - */PKIX_Error * -PKIX_ComCertSelParams_GetPathToNames( - PKIX_ComCertSelParams *params, - PKIX_List **pNames, /* list of PKIX_PL_GeneralName */ - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetPathToNames"); - PKIX_NULLCHECK_TWO(params, pNames); - - PKIX_INCREF(params->pathToNames); - - *pNames = params->pathToNames; - -cleanup: - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_SetPathToNames - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_SetPathToNames( - PKIX_ComCertSelParams *params, - PKIX_List *names, /* list of PKIX_PL_GeneralName */ - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetPathToNames"); - PKIX_NULLCHECK_ONE(params); - - PKIX_DECREF(params->pathToNames); - PKIX_INCREF(names); - - params->pathToNames = names; - - PKIX_CHECK(PKIX_PL_Object_InvalidateCache - ((PKIX_PL_Object *)params, plContext), - PKIX_OBJECTINVALIDATECACHEFAILED); - -cleanup: - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_AddPathToName - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_AddPathToName( - PKIX_ComCertSelParams *params, - PKIX_PL_GeneralName *name, - void *plContext) -{ - PKIX_List *pathToNamesList = NULL; - - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_AddPathToName"); - PKIX_NULLCHECK_ONE(params); - - if (name == NULL) { - goto cleanup; - } - - if (params->pathToNames == NULL) { - /* Create a list for name item */ - PKIX_CHECK(PKIX_List_Create(&pathToNamesList, plContext), - PKIX_LISTCREATEFAILED); - - params->pathToNames = pathToNamesList; - } - - PKIX_CHECK(PKIX_List_AppendItem - (params->pathToNames, (PKIX_PL_Object *)name, plContext), - PKIX_LISTAPPENDITEMFAILED); - - PKIX_CHECK(PKIX_PL_Object_InvalidateCache - ((PKIX_PL_Object *)params, plContext), - PKIX_OBJECTINVALIDATECACHEFAILED); - -cleanup: - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_GetSubjAltNames - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_GetSubjAltNames( - PKIX_ComCertSelParams *params, - PKIX_List **pNames, /* list of PKIX_PL_GeneralName */ - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetSubjAltNames"); - PKIX_NULLCHECK_TWO(params, pNames); - - PKIX_INCREF(params->subjAltNames); - - *pNames = params->subjAltNames; - -cleanup: - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_SetSubjAltNames - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_SetSubjAltNames( - PKIX_ComCertSelParams *params, - PKIX_List *names, /* list of PKIX_PL_GeneralName */ - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetSubjAltNames"); - PKIX_NULLCHECK_TWO(params, names); - - PKIX_DECREF(params->subjAltNames); - PKIX_INCREF(names); - - params->subjAltNames = names; - -cleanup: - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_AddSubjAltNames - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_AddSubjAltName( - PKIX_ComCertSelParams *params, - PKIX_PL_GeneralName *name, - void *plContext) -{ - PKIX_List *list = NULL; - - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_AddSubjAltName"); - PKIX_NULLCHECK_TWO(params, name); - - if (params->subjAltNames == NULL) { - PKIX_CHECK(PKIX_List_Create(&list, plContext), - PKIX_LISTCREATEFAILED); - params->subjAltNames = list; - } - - PKIX_CHECK(PKIX_List_AppendItem - (params->subjAltNames, (PKIX_PL_Object *)name, plContext), - PKIX_LISTAPPENDITEMFAILED); - -cleanup: - - PKIX_RETURN(COMCERTSELPARAMS) -} - -/* - * FUNCTION: PKIX_ComCertSelParams_GetMatchAllSubjAltNames - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_GetMatchAllSubjAltNames( - PKIX_ComCertSelParams *params, - PKIX_Boolean *pMatch, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, - "PKIX_ComCertSelParams_GetMatchAllSubjAltNames"); - PKIX_NULLCHECK_TWO(params, pMatch); - - *pMatch = params->matchAllSubjAltNames; - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_SetMatchAllSubjAltNames - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_SetMatchAllSubjAltNames( - PKIX_ComCertSelParams *params, - PKIX_Boolean match, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, - "PKIX_ComCertSelParams_SetMatchAllSubjAltNames"); - PKIX_NULLCHECK_ONE(params); - - params->matchAllSubjAltNames = match; - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_GetExtendedKeyUsage - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_GetExtendedKeyUsage( - PKIX_ComCertSelParams *params, - PKIX_List **pExtKeyUsage, /* list of PKIX_PL_OID */ - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, - "PKIX_ComCertSelParams_GetExtendedKeyUsage"); - PKIX_NULLCHECK_TWO(params, pExtKeyUsage); - - PKIX_INCREF(params->extKeyUsage); - *pExtKeyUsage = params->extKeyUsage; - -cleanup: - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_SetExtendedKeyUsage - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_SetExtendedKeyUsage( - PKIX_ComCertSelParams *params, - PKIX_List *extKeyUsage, /* list of PKIX_PL_OID */ - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, - "PKIX_ComCertSelParams_SetExtendedKeyUsage"); - PKIX_NULLCHECK_ONE(params); - - PKIX_DECREF(params->extKeyUsage); - PKIX_INCREF(extKeyUsage); - - params->extKeyUsage = extKeyUsage; - -cleanup: - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_GetKeyUsage - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_GetKeyUsage( - PKIX_ComCertSelParams *params, - PKIX_UInt32 *pKeyUsage, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, - "PKIX_ComCertSelParams_GetKeyUsage"); - PKIX_NULLCHECK_TWO(params, pKeyUsage); - - *pKeyUsage = params->keyUsage; - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_SetKeyUsage - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_SetKeyUsage( - PKIX_ComCertSelParams *params, - PKIX_UInt32 keyUsage, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, - "PKIX_ComCertSelParams_SetKeyUsage"); - PKIX_NULLCHECK_ONE(params); - - params->keyUsage = keyUsage; - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_GetIssuer - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_GetIssuer( - PKIX_ComCertSelParams *params, - PKIX_PL_X500Name **pIssuer, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetIssuer"); - PKIX_NULLCHECK_TWO(params, pIssuer); - - PKIX_INCREF(params->issuer); - *pIssuer = params->issuer; - -cleanup: - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_SetIssuer - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_SetIssuer( - PKIX_ComCertSelParams *params, - PKIX_PL_X500Name *issuer, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetIssuer"); - PKIX_NULLCHECK_ONE(params); - - PKIX_DECREF(params->issuer); - PKIX_INCREF(issuer); - params->issuer = issuer; - - PKIX_CHECK(PKIX_PL_Object_InvalidateCache - ((PKIX_PL_Object *)params, plContext), - PKIX_OBJECTINVALIDATECACHEFAILED); - -cleanup: - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_GetSerialNumber - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_GetSerialNumber( - PKIX_ComCertSelParams *params, - PKIX_PL_BigInt **pSerialNumber, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetSerialNumber"); - PKIX_NULLCHECK_TWO(params, pSerialNumber); - - PKIX_INCREF(params->serialNumber); - *pSerialNumber = params->serialNumber; - -cleanup: - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_SetSerialNumber - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_SetSerialNumber( - PKIX_ComCertSelParams *params, - PKIX_PL_BigInt *serialNumber, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetSerialNumber"); - PKIX_NULLCHECK_ONE(params); - - PKIX_DECREF(params->serialNumber); - PKIX_INCREF(serialNumber); - params->serialNumber = serialNumber; - - PKIX_CHECK(PKIX_PL_Object_InvalidateCache - ((PKIX_PL_Object *)params, plContext), - PKIX_OBJECTINVALIDATECACHEFAILED); - -cleanup: - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_GetVersion - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_GetVersion( - PKIX_ComCertSelParams *params, - PKIX_UInt32 *pVersion, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetVersion"); - PKIX_NULLCHECK_TWO(params, pVersion); - - *pVersion = params->version; - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_SetVersion - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_SetVersion( - PKIX_ComCertSelParams *params, - PKIX_Int32 version, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetVersion"); - PKIX_NULLCHECK_ONE(params); - - params->version = version; - - PKIX_CHECK(PKIX_PL_Object_InvalidateCache - ((PKIX_PL_Object *)params, plContext), - PKIX_OBJECTINVALIDATECACHEFAILED); - -cleanup: - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_GetSubjKeyIdentifier - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_GetSubjKeyIdentifier( - PKIX_ComCertSelParams *params, - PKIX_PL_ByteArray **pSubjKeyId, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, - "PKIX_ComCertSelParams_GetSubjKeyIdentifier"); - PKIX_NULLCHECK_TWO(params, pSubjKeyId); - - PKIX_INCREF(params->subjKeyId); - - *pSubjKeyId = params->subjKeyId; - -cleanup: - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_SetSubjKeyIdentifier - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_SetSubjKeyIdentifier( - PKIX_ComCertSelParams *params, - PKIX_PL_ByteArray *subjKeyId, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, - "PKIX_ComCertSelParams_SetSubjKeyIdentifier"); - PKIX_NULLCHECK_ONE(params); - - PKIX_DECREF(params->subjKeyId); - PKIX_INCREF(subjKeyId); - - params->subjKeyId = subjKeyId; - - PKIX_CHECK(PKIX_PL_Object_InvalidateCache - ((PKIX_PL_Object *)params, plContext), - PKIX_OBJECTINVALIDATECACHEFAILED); - -cleanup: - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_GetAuthorityKeyIdentifier - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_GetAuthorityKeyIdentifier( - PKIX_ComCertSelParams *params, - PKIX_PL_ByteArray **pAuthKeyId, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, - "PKIX_ComCertSelParams_GetAuthorityKeyIdentifier"); - PKIX_NULLCHECK_TWO(params, pAuthKeyId); - - PKIX_INCREF(params->authKeyId); - - *pAuthKeyId = params->authKeyId; - -cleanup: - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_SetAuthorityKeyIdentifier - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_SetAuthorityKeyIdentifier( - PKIX_ComCertSelParams *params, - PKIX_PL_ByteArray *authKeyId, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, - "PKIX_ComCertSelParams_SetAuthKeyIdentifier"); - PKIX_NULLCHECK_ONE(params); - - PKIX_DECREF(params->authKeyId); - PKIX_INCREF(authKeyId); - - params->authKeyId = authKeyId; - - PKIX_CHECK(PKIX_PL_Object_InvalidateCache - ((PKIX_PL_Object *)params, plContext), - PKIX_OBJECTINVALIDATECACHEFAILED); - -cleanup: - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_GetSubjPubKey - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_GetSubjPubKey( - PKIX_ComCertSelParams *params, - PKIX_PL_PublicKey **pSubjPubKey, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetSubjPubKey"); - PKIX_NULLCHECK_TWO(params, pSubjPubKey); - - PKIX_INCREF(params->subjPubKey); - - *pSubjPubKey = params->subjPubKey; - -cleanup: - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_SetSubjPubKey - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_SetSubjPubKey( - PKIX_ComCertSelParams *params, - PKIX_PL_PublicKey *subjPubKey, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, - "PKIX_ComCertSelParams_SetSubjPubKey"); - PKIX_NULLCHECK_ONE(params); - - PKIX_DECREF(params->subjPubKey); - PKIX_INCREF(subjPubKey); - - params->subjPubKey = subjPubKey; - - PKIX_CHECK(PKIX_PL_Object_InvalidateCache - ((PKIX_PL_Object *)params, plContext), - PKIX_OBJECTINVALIDATECACHEFAILED); - -cleanup: - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_GetSubjPKAlgId - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_GetSubjPKAlgId( - PKIX_ComCertSelParams *params, - PKIX_PL_OID **pAlgId, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetSubjPKAlgId"); - PKIX_NULLCHECK_TWO(params, pAlgId); - - PKIX_INCREF(params->subjPKAlgId); - - *pAlgId = params->subjPKAlgId; - -cleanup: - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_SetSubjPKAlgId - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_SetSubjPKAlgId( - PKIX_ComCertSelParams *params, - PKIX_PL_OID *algId, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetSubjPKAlgId"); - PKIX_NULLCHECK_ONE(params); - - PKIX_DECREF(params->subjPKAlgId); - PKIX_INCREF(algId); - - params->subjPKAlgId = algId; - - PKIX_CHECK(PKIX_PL_Object_InvalidateCache - ((PKIX_PL_Object *)params, plContext), - PKIX_OBJECTINVALIDATECACHEFAILED); - -cleanup: - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_GetLeafCertFlag - * (see comments in pkix_certsel.h) - */ -PKIX_Error* -PKIX_ComCertSelParams_GetLeafCertFlag( - PKIX_ComCertSelParams *params, - PKIX_Boolean *pLeafFlag, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetLeafCertFlag"); - PKIX_NULLCHECK_TWO(params, pLeafFlag); - - *pLeafFlag = params->leafCertFlag; - - PKIX_RETURN(COMCERTSELPARAMS); -} - -/* - * FUNCTION: PKIX_ComCertSelParams_SetLeafCertFlag - * (see comments in pkix_certsel.h) - */ -PKIX_Error * -PKIX_ComCertSelParams_SetLeafCertFlag( - PKIX_ComCertSelParams *params, - PKIX_Boolean leafFlag, - void *plContext) -{ - PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetLeafCertFlag"); - PKIX_NULLCHECK_ONE(params); - - params->leafCertFlag = leafFlag; - - PKIX_CHECK(PKIX_PL_Object_InvalidateCache - ((PKIX_PL_Object *)params, plContext), - PKIX_OBJECTINVALIDATECACHEFAILED); - -cleanup: - - PKIX_RETURN(COMCERTSELPARAMS); -} diff --git a/security/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.h b/security/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.h deleted file mode 100755 index 0c67cb133..000000000 --- a/security/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.h +++ /dev/null @@ -1,90 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the PKIX-C library. - * - * The Initial Developer of the Original Code is - * Sun Microsystems, Inc. - * Portions created by the Initial Developer are - * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved. - * - * Contributor(s): - * Sun Microsystems, Inc. - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* - * pkix_comcertselparams.h - * - * ComCertSelParams Object Type Definition - * - */ - -#ifndef _PKIX_COMCERTSELPARAMS_H -#define _PKIX_COMCERTSELPARAMS_H - -#include "pkix_tools.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * pathToNamesConstraint is Name Constraints generated based on the - * pathToNames. We save a cached copy to save regeneration for each - * check. SubjAltNames also has its cache, since SubjAltNames are - * verified by checker, its cache copy is stored in checkerstate. - */ -struct PKIX_ComCertSelParamsStruct { - PKIX_Int32 version; - PKIX_Int32 minPathLength; - PKIX_Boolean matchAllSubjAltNames; - PKIX_PL_X500Name *subject; - PKIX_List *policies; /* List of PKIX_PL_OID */ - PKIX_PL_Cert *cert; - PKIX_PL_CertNameConstraints *nameConstraints; - PKIX_List *pathToNames; /* List of PKIX_PL_GeneralNames */ - PKIX_List *subjAltNames; /* List of PKIX_PL_GeneralNames */ - PKIX_List *extKeyUsage; /* List of PKIX_PL_OID */ - PKIX_UInt32 keyUsage; - PKIX_PL_Date *date; - PKIX_PL_Date *certValid; - PKIX_PL_X500Name *issuer; - PKIX_PL_BigInt *serialNumber; - PKIX_PL_ByteArray *authKeyId; - PKIX_PL_ByteArray *subjKeyId; - PKIX_PL_PublicKey *subjPubKey; - PKIX_PL_OID *subjPKAlgId; - PKIX_Boolean leafCertFlag; -}; - -/* see source file for function documentation */ - -PKIX_Error *pkix_ComCertSelParams_RegisterSelf(void *plContext); - -#ifdef __cplusplus -} -#endif - -#endif /* _PKIX_COMCERTSELPARAMS_H */ |