summaryrefslogtreecommitdiff
path: root/security/nss/lib/libpkix
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/libpkix')
-rwxr-xr-xsecurity/nss/lib/libpkix/Makefile81
-rwxr-xr-xsecurity/nss/lib/libpkix/config.mk49
-rwxr-xr-xsecurity/nss/lib/libpkix/include/Makefile81
-rwxr-xr-xsecurity/nss/lib/libpkix/include/config.mk48
-rwxr-xr-xsecurity/nss/lib/libpkix/include/manifest.mn65
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix.h334
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_certsel.h1859
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_certstore.h746
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_checker.h427
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_crlsel.h792
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_errorstrings.h1128
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_params.h1759
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_pl_pki.h2695
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_pl_system.h1578
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_results.h458
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_revchecker.h250
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_sample_modules.h451
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkix_util.h974
-rwxr-xr-xsecurity/nss/lib/libpkix/include/pkixt.h518
-rwxr-xr-xsecurity/nss/lib/libpkix/manifest.mn46
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/Makefile81
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/certsel/Makefile81
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/certsel/config.mk48
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/certsel/manifest.mn58
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/certsel/pkix_certselector.c1666
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/certsel/pkix_certselector.h74
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.c1221
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.h90
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/Makefile81
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/config.mk48
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/manifest.mn80
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.c339
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.h75
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/pkix_certchainchecker.c355
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/pkix_certchainchecker.h69
-rw-r--r--security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c470
-rw-r--r--security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.h101
-rw-r--r--security/nss/lib/libpkix/pkix/checker/pkix_ekuchecker.c361
-rw-r--r--security/nss/lib/libpkix/pkix/checker/pkix_ekuchecker.h125
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.c146
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.h63
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.c154
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.h63
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c338
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.h76
-rw-r--r--security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c366
-rw-r--r--security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h100
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/pkix_policychecker.c2795
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/pkix_policychecker.h106
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c502
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h183
-rw-r--r--security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.c99
-rw-r--r--security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h113
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c475
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.h77
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.c549
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.h80
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/config.mk48
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/crlsel/Makefile81
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/crlsel/config.mk48
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/crlsel/manifest.mn58
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.c859
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.h71
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c903
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.h73
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/manifest.mn44
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/params/Makefile81
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/params/config.mk48
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/params/manifest.mn62
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/params/pkix_buildparams.c317
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/params/pkix_buildparams.h65
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/params/pkix_procparams.c1411
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/params/pkix_procparams.h82
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/params/pkix_resourcelimits.c466
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/params/pkix_resourcelimits.h69
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/params/pkix_trustanchor.c554
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/params/pkix_trustanchor.h68
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/params/pkix_valparams.c368
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/params/pkix_valparams.h66
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/results/Makefile81
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/results/config.mk48
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/results/manifest.mn62
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/results/pkix_buildresult.c395
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/results/pkix_buildresult.h73
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/results/pkix_policynode.c1410
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/results/pkix_policynode.h107
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/results/pkix_valresult.c465
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/results/pkix_valresult.h76
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/results/pkix_verifynode.c1215
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/results/pkix_verifynode.h108
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/store/Makefile81
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/store/config.mk48
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/store/manifest.mn56
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/store/pkix_store.c448
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/store/pkix_store.h74
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/top/Makefile81
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/top/config.mk48
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/top/manifest.mn60
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/top/pkix_build.c3790
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/top/pkix_build.h155
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/top/pkix_lifecycle.c243
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/top/pkix_lifecycle.h56
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/top/pkix_validate.c1404
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/top/pkix_validate.h75
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/util/Makefile81
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/util/config.mk48
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/util/manifest.mn63
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/util/pkix_error.c598
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/util/pkix_error.h69
-rw-r--r--security/nss/lib/libpkix/pkix/util/pkix_errpaths.c136
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/util/pkix_list.c1734
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/util/pkix_list.h128
-rw-r--r--security/nss/lib/libpkix/pkix/util/pkix_logger.c1121
-rw-r--r--security/nss/lib/libpkix/pkix/util/pkix_logger.h90
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/util/pkix_tools.c1549
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/util/pkix_tools.h1611
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/Makefile81
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/config.mk48
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/manifest.mn44
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/module/Makefile81
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/module/config.mk48
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/module/manifest.mn81
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c704
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h94
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.c1315
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.h67
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c1180
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.h95
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c1688
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.h172
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c1149
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.h108
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c2526
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.h115
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c794
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.h119
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c819
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.h129
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapt.h348
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaptemplates.c451
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.c350
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.h84
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c1077
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.h64
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c1723
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.h242
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/pki/Makefile82
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/pki/config.mk48
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/pki/manifest.mn89
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.c440
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.h80
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c3656
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.h137
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.c404
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.h83
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicymap.c419
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicymap.h82
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.c398
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.h85
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c1098
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.h81
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c184
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.h81
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.c913
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.h79
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_date.c499
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_date.h88
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_generalname.c906
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_generalname.h82
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c887
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h80
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.c1307
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.h101
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspcertid.c283
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspcertid.h86
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c474
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.h94
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.c1012
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.h135
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.c525
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.h71
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.c755
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.h107
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/Makefile82
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/config.mk48
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/manifest.mn81
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bigint.c431
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bigint.h73
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bytearray.c537
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bytearray.h73
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.c1106
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h188
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_error.c59
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_hashtable.c416
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_hashtable.h62
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c304
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h122
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mem.c201
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mem.h57
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_monitorlock.c169
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_monitorlock.h66
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mutex.c196
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mutex.h66
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c1473
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.h109
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c365
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.h72
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_primhash.c617
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_primhash.h135
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_rwlock.c250
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_rwlock.h68
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_string.c654
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_string.h70
213 files changed, 0 insertions, 89653 deletions
diff --git a/security/nss/lib/libpkix/Makefile b/security/nss/lib/libpkix/Makefile
deleted file mode 100755
index a06b8bed4..000000000
--- a/security/nss/lib/libpkix/Makefile
+++ /dev/null
@@ -1,81 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
diff --git a/security/nss/lib/libpkix/config.mk b/security/nss/lib/libpkix/config.mk
deleted file mode 100755
index 289ac6eea..000000000
--- a/security/nss/lib/libpkix/config.mk
+++ /dev/null
@@ -1,49 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-# DEFINES+=-DPKIX_LISTDEBUG Can be used to turn on debug compilation
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/libpkix/include/Makefile b/security/nss/lib/libpkix/include/Makefile
deleted file mode 100755
index a06b8bed4..000000000
--- a/security/nss/lib/libpkix/include/Makefile
+++ /dev/null
@@ -1,81 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
diff --git a/security/nss/lib/libpkix/include/config.mk b/security/nss/lib/libpkix/include/config.mk
deleted file mode 100755
index 6f3fb7b4b..000000000
--- a/security/nss/lib/libpkix/include/config.mk
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/libpkix/include/manifest.mn b/security/nss/lib/libpkix/include/manifest.mn
deleted file mode 100755
index 57163667c..000000000
--- a/security/nss/lib/libpkix/include/manifest.mn
+++ /dev/null
@@ -1,65 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../../..
-
-EXPORTS = \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- pkix.h \
- pkix_crlsel.h \
- pkix_errorstrings.h \
- pkix_results.h \
- pkixt.h \
- pkix_certsel.h \
- pkix_params.h \
- pkix_revchecker.h \
- pkix_certstore.h \
- pkix_pl_pki.h \
- pkix_sample_modules.h \
- pkix_checker.h \
- pkix_pl_system.h \
- pkix_util.h \
- $(NULL)
-
-MODULE = nss
-
-CSRCS = \
- $(NULL)
-
-REQUIRES = dbm
diff --git a/security/nss/lib/libpkix/include/pkix.h b/security/nss/lib/libpkix/include/pkix.h
deleted file mode 100755
index 71acf2886..000000000
--- a/security/nss/lib/libpkix/include/pkix.h
+++ /dev/null
@@ -1,334 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines the public API for libpkix. These are the top-level
- * functions in the library. They perform the primary operations of this
- * library: building and validating chains of X.509 certificates.
- *
- */
-
-#ifndef _PKIX_H
-#define _PKIX_H
-
-#include "pkixt.h"
-#include "pkix_util.h"
-#include "pkix_results.h"
-#include "pkix_certstore.h"
-#include "pkix_certsel.h"
-#include "pkix_crlsel.h"
-#include "pkix_checker.h"
-#include "pkix_revchecker.h"
-#include "pkix_pl_system.h"
-#include "pkix_pl_pki.h"
-#include "pkix_params.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/*
- * FUNCTION: PKIX_Initialize
- * DESCRIPTION:
- *
- * No PKIX_* types and functions should be used before this function is called
- * and returns successfully. This function should only be called once. If it
- * is called more than once, the behavior is undefined.
- *
- * NSS applications are expected to call NSS_Init, and need not know that
- * NSS will call this function (with "platformInitNeeded" set to PKIX_FALSE).
- * PKIX applications are expected instead to call this function with
- * "platformInitNeeded" set to PKIX_TRUE.
- *
- * This function initializes data structures critical to the operation of
- * libpkix. It also ensures that the API version (major.minor) desired by the
- * caller (the "desiredMajorVersion", "minDesiredMinorVersion", and
- * "maxDesiredMinorVersion") is compatible with the API version supported by
- * the library. As such, the library must support the "desiredMajorVersion"
- * of the API and must support a minor version that falls between
- * "minDesiredMinorVersion" and "maxDesiredMinorVersion", inclusive. If
- * compatibility exists, the function returns NULL and stores the library's
- * actual minor version at "pActualMinorVersion" (which may be greater than
- * "desiredMinorVersion"). If no compatibility exists, the function returns a
- * PKIX_Error pointer. If the caller wishes to specify that the largest
- * minor version available should be used, then maxDesiredMinorVersion should
- * be set to the macro PKIX_MAX_MINOR_VERSION (defined in pkixt.h).
- *
- * PARAMETERS:
- * "platformInitNeeded"
- * Boolean indicating whether the platform layer initialization code
- * has previously been run, or should be called from this function.
- * "desiredMajorVersion"
- * The major version of the libpkix API the application wishes to use.
- * "minDesiredMinorVersion"
- * The minimum minor version of the libpkix API the application wishes
- * to use.
- * "maxDesiredMinorVersion"
- * The maximum minor version of the libpkix API the application wishes
- * to use.
- * "pActualMinorVersion"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "pPlContext"
- * Address at which platform-specific context pointer is stored. Must
- * be non-NULL.
- * THREAD SAFETY:
- * Not Thread Safe
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Initialize Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Initialize(
- PKIX_Boolean platformInitNeeded,
- PKIX_UInt32 desiredMajorVersion,
- PKIX_UInt32 minDesiredMinorVersion,
- PKIX_UInt32 maxDesiredMinorVersion,
- PKIX_UInt32 *pActualMinorVersion,
- void **pPlContext);
-
-/*
- * FUNCTION: PKIX_Shutdown
- * DESCRIPTION:
- *
- * This function deallocates any memory used by libpkix and shuts down any
- * ongoing operations. This function should only be called once. If it is
- * called more than once, the behavior is undefined.
- *
- * No PKIX_* types and functions should be used after this function is called
- * and returns successfully.
- * PARAMETERS:
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Shutdown(void *plContext);
-
-/*
- * FUNCTION: PKIX_ValidateChain
- * DESCRIPTION:
- *
- * This function attempts to validate the CertChain that has been set in the
- * ValidateParams pointed to by "params" using an RFC 3280-compliant
- * algorithm. If successful, this function returns NULL and stores the
- * ValidateResult at "pResult", which holds additional information, such as
- * the policy tree and the target's public key. If unsuccessful, an Error is
- * returned. Note: This function does not currently support non-blocking I/O.
- *
- * If "pVerifyTree" is non-NULL, a chain of VerifyNodes is created which
- * tracks the results of the validation. That is, either each node in the
- * chain has a NULL Error component, or the last node contains an Error
- * which indicates why the validation failed.
- *
- * PARAMETERS:
- * "params"
- * Address of ValidateParams used to validate CertChain. Must be non-NULL.
- * "pResult"
- * Address where object pointer will be stored. Must be non-NULL.
- * "pVerifyTree"
- * Address where a VerifyTree is stored, if non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (See Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Validate Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ValidateChain(
- PKIX_ValidateParams *params,
- PKIX_ValidateResult **pResult,
- PKIX_VerifyNode **pVerifyTree,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ValidateChain_NB
- * DESCRIPTION:
- *
- * This function is the equivalent of PKIX_ValidateChain, except that it
- * supports non-blocking I/O. When called with "pNBIOContext" pointing to NULL
- * it initiates a new chain validation as in PKIX_ValidateChain, ignoring the
- * value in all input variables except "params". If forced to suspend
- * processing by a WOULDBLOCK return from some operation, such as a CertStore
- * request, it stores the platform-dependent I/O context at "pNBIOContext" and
- * stores other intermediate variables at "pCertIndex", "pAnchorIndex",
- * "pCheckerIndex", "pRevChecking", and "pCheckers".
- *
- * When called subsequently with that non-NULL value at "pNBIOContext", it
- * relies on those intermediate values to be untouched, and it resumes chain
- * validation where it left off. Its behavior is undefined if any of the
- * intermediate values was not preserved.
- *
- * PARAMETERS:
- * "params"
- * Address of ValidateParams used to validate CertChain. Must be non-NULL.
- * "pCertIndex"
- * The UInt32 value of the index to the Cert chain, indicating which Cert
- * is currently being processed.
- * "pAnchorIndex"
- * The UInt32 value of the index to the Anchor chain, indicating which
- * Trust Anchor is currently being processed.
- * "pCheckerIndex"
- * The UInt32 value of the index to the List of CertChainCheckers,
- * indicating which Checker is currently processing.
- * "pRevChecking"
- * The Boolean flag indicating whether normal checking or revocation
- * checking is occurring for the Cert indicated by "pCertIndex".
- * "pCheckers"
- * The address of the List of CertChainCheckers. Must be non-NULL.
- * "pNBIOContext"
- * The address of the platform-dependend I/O context. Must be a non-NULL
- * pointer to a NULL value for the call to initiate chain validation.
- * "pResult"
- * Address where ValidateResult object pointer will be stored. Must be
- * non-NULL.
- * "pVerifyTree"
- * Address where a VerifyTree is stored, if non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a VALIDATE Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */PKIX_Error *
-PKIX_ValidateChain_NB(
- PKIX_ValidateParams *params,
- PKIX_UInt32 *pCertIndex,
- PKIX_UInt32 *pAnchorIndex,
- PKIX_UInt32 *pCheckerIndex,
- PKIX_Boolean *pRevChecking,
- PKIX_List **pCheckers,
- void **pNBIOContext,
- PKIX_ValidateResult **pResult,
- PKIX_VerifyNode **pVerifyTree,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_BuildChain
- * DESCRIPTION:
- *
- * If called with a NULL "state", this function attempts to build and validate
- * a CertChain according to the ProcessingParams pointed to by "params", using
- * an RFC 3280-compliant validation algorithm. If successful, this function
- * returns NULL and stores the BuildResult at "pResult", which holds the built
- * CertChain, as well as additional information, such as the policy tree and
- * the target's public key. If unsuccessful, an Error is returned.
- *
- * If the chain building is blocked by a CertStore using non-blocking I/O, this
- * function stores platform-dependent non-blocking I/O context at
- * "pNBIOContext", its state at "pState", and NULL at "pResult". The caller
- * may be able to determine, in a platform-dependent way, when the I/O has
- * completed. In any case, calling the function again with "pState" containing
- * the returned value will allow the chain building to resume.
- *
- * If chain building is completed, either successfully or unsuccessfully, NULL
- * is stored at "pNBIOContext".
- *
- * If "pVerifyTree" is non-NULL, a tree of VerifyNodes is created which
- * tracks the results of the building. That is, each node of the tree either
- * has a NULL Error component, or it is a leaf node and it contains an Error
- * which indicates why the chain building could not proceed on this branch.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams used to build and validate CertChain.
- * Must be non-NULL.
- * "pNBIOContext"
- * Address where platform-dependent information is store if the build
- * is suspended waiting for non-blocking I/O. Must be non-NULL.
- * "pState"
- * Address of BuildChain state. Must be NULL on initial call, and the
- * value previously returned on subsequent calls.
- * "pResult"
- * Address where object pointer will be stored. Must be non-NULL.
- * "pVerifyTree"
- * Address where a VerifyTree is stored, if non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (See Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Build Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_BuildChain(
- PKIX_ProcessingParams *params,
- void **pNBIOContext,
- void **pState,
- PKIX_BuildResult **pResult,
- PKIX_VerifyNode **pVerifyNode,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_H */
diff --git a/security/nss/lib/libpkix/include/pkix_certsel.h b/security/nss/lib/libpkix/include/pkix_certsel.h
deleted file mode 100755
index e4f886240..000000000
--- a/security/nss/lib/libpkix/include/pkix_certsel.h
+++ /dev/null
@@ -1,1859 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines functions associated with the PKIX_CertSelector and the
- * PKIX_ComCertSelParams types.
- *
- */
-
-#ifndef _PKIX_CERTSEL_H
-#define _PKIX_CERTSEL_H
-
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/* PKIX_CertSelector
- *
- * PKIX_CertSelectors provide a standard way for the caller to select
- * certificates based on particular criteria. A CertSelector is typically used
- * by the caller to specify the constraints they wish to impose on the target
- * certificate in a chain. (see pkix_params.h) A CertSelector is also often
- * used to retrieve certificates from a CertStore that match the selector's
- * criteria. (See pkix_certstore.h) For example, the caller may wish to only
- * select those certificates that have a particular Subject Distinguished Name
- * and a particular value for a private certificate extension. The
- * MatchCallback allows the caller to specify the custom matching logic to be
- * used by a CertSelector.
- *
- * By default, the MatchCallback is set to point to the default implementation
- * provided by libpkix, which understands how to process the most common
- * parameters. If the default implementation is used, the caller should set
- * these common parameters using PKIX_CertSelector_SetCommonCertSelectorParams.
- * Any common parameter that is not set is assumed to be disabled, which means
- * the default MatchCallback implementation will select all certificates
- * without regard to that particular disabled parameter. For example, if the
- * SerialNumber parameter is not set, MatchCallback will not filter out any
- * certificate based on its serial number. As such, if no parameters are set,
- * all are disabled and any certificate will match. If a parameter is
- * disabled, its associated PKIX_ComCertSelParams_Get* function returns a
- * default value of NULL, or -1 for PKIX_ComCertSelParams_GetBasicConstraints
- * and PKIX_ComCertSelParams_GetVersion, or 0 for
- * PKIX_ComCertSelParams_GetKeyUsage.
- *
- * If a custom implementation is desired, the default implementation can be
- * overridden by calling PKIX_CertSelector_SetMatchCallback. In this case, the
- * CertSelector can be initialized with a certSelectorContext, which is where
- * the caller can specify the desired parameters the caller wishes to match
- * against. Note that this certSelectorContext must be an Object (although any
- * object type), allowing it to be reference-counted and allowing it to
- * provide the standard Object functions (Equals, Hashcode, ToString, Compare,
- * Duplicate).
- *
- */
-
-/*
- * FUNCTION: PKIX_CertSelector_MatchCallback
- * DESCRIPTION:
- *
- * This callback function determines whether the specified Cert pointed to by
- * "cert" matches the criteria of the CertSelector pointed to by "selector".
- * If the Cert does not matches the CertSelector's criteria, an exception will
- * be thrown.
- *
- * PARAMETERS:
- * "selector"
- * Address of CertSelector whose MatchCallback logic and parameters are
- * to be used. Must be non-NULL.
- * "cert"
- * Address of Cert that is to be matched using "selector".
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_CertSelector_MatchCallback)(
- PKIX_CertSelector *selector,
- PKIX_PL_Cert *cert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertSelector_Create
- * DESCRIPTION:
- *
- * Creates a new CertSelector using the Object pointed to by
- * "certSelectorContext" (if any) and stores it at "pSelector". As noted
- * above, by default, the MatchCallback is set to point to the default
- * implementation provided by libpkix, which understands how to process
- * ComCertSelParams objects. This is overridden if the MatchCallback pointed
- * to by "callback" is not NULL, in which case the parameters are specified
- * using the certSelectorContext.
- *
- * PARAMETERS:
- * "callback"
- * The MatchCallback function to be used.
- * "certSelectorContext"
- * Address of Object representing the CertSelector's context (if any).
- * "pSelector"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertSelector_Create(
- PKIX_CertSelector_MatchCallback callback,
- PKIX_PL_Object *certSelectorContext,
- PKIX_CertSelector **pSelector,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertSelector_GetMatchCallback
- * DESCRIPTION:
- *
- * Retrieves a pointer to "selector's" Match callback function and puts it in
- * "pCallback".
- *
- * PARAMETERS:
- * "selector"
- * The CertSelector whose Match callback is desired. Must be non-NULL.
- * "pCallback"
- * Address where Match callback function pointer will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertSelector_GetMatchCallback(
- PKIX_CertSelector *selector,
- PKIX_CertSelector_MatchCallback *pCallback,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertSelector_GetCertSelectorContext
- * DESCRIPTION:
- *
- * Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
- * of the CertSelector pointed to by "selector" and stores it at
- * "pCertSelectorContext".
- *
- * PARAMETERS:
- * "selector"
- * Address of CertSelector whose context is to be stored.
- * Must be non-NULL.
- * "pCertSelectorContext"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertSelector_GetCertSelectorContext(
- PKIX_CertSelector *selector,
- PKIX_PL_Object **pCertSelectorContext,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertSelector_GetCommonCertSelectorParams
- * DESCRIPTION:
- *
- * Retrieves a pointer to the ComCertSelParams object that represent the
- * common parameters of the CertSelector pointed to by "selector" and stores
- * it at "pCommonCertSelectorParams". If there are no common parameters
- * stored with the CertSelector, this function stores NULL at
- * "pCommonCertSelectorParams".
- *
- * PARAMETERS:
- * "selector"
- * Address of CertSelector whose ComCertSelParams object is to be stored.
- * Must be non-NULL.
- * "pCommonCertSelectorParams"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertSelector_GetCommonCertSelectorParams(
- PKIX_CertSelector *selector,
- PKIX_ComCertSelParams **pCommonCertSelectorParams,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertSelector_SetCommonCertSelectorParams
- * DESCRIPTION:
- *
- * Sets the common parameters for the CertSelector pointed to by "selector"
- * using the ComCertSelParams object pointed to by "commonCertSelectorParams".
- *
- * PARAMETERS:
- * "selector"
- * Address of CertSelector whose common parameters are to be set.
- * Must be non-NULL.
- * "commonCertSelectorParams"
- * Address of ComCertSelParams object representing the common parameters.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "selector"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertSelector_SetCommonCertSelectorParams(
- PKIX_CertSelector *selector,
- PKIX_ComCertSelParams *commonCertSelectorParams,
- void *plContext);
-
-/* PKIX_ComCertSelParams
- *
- * PKIX_ComCertSelParams objects are X.509 parameters commonly used with
- * CertSelectors, especially when enforcing constraints on a target
- * certificate or determining which certificates to retrieve from a CertStore.
- * ComCertSelParams objects are typically used with those CertSelectors that
- * use the default implementation of MatchCallback, which understands how to
- * process ComCertSelParams objects.
- */
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_Create
- * DESCRIPTION:
- *
- * Creates a new ComCertSelParams object and stores it at "pParams".
- *
- * PARAMETERS:
- * "pParams"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_Create(
- PKIX_ComCertSelParams **pParams,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubjAltNames
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of GeneralNames (if any) representing the
- * subject alternative names criterion that is set in the ComCertSelParams
- * object pointed to by "params" and stores it at "pNames". In order to match
- * against this criterion, a certificate must contain all or at least one of
- * the criterion's subject alternative names (depending on the result of
- * PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default behavior
- * requires a certificate to contain all of the criterion's subject
- * alternative names in order to match.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pNames", in which case all certificates are considered to match this
- * criterion.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject alternative names
- * criterion (if any) is to be stored. Must be non-NULL.
- * "pNames"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubjAltNames(
- PKIX_ComCertSelParams *params,
- PKIX_List **pNames, /* list of PKIX_PL_GeneralName */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubjAltNames
- * DESCRIPTION:
- *
- * Sets the subject alternative names criterion of the ComCertSelParams object
- * pointed to by "params" using a List of GeneralNames pointed to by "names".
- * In order to match against this criterion, a certificate must contain all or
- * at least one of the criterion's subject alternative names (depending on the
- * result of PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default
- * behavior requires a certificate to contain all of the criterion's subject
- * alternative names in order to match.
- *
- * If "names" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject alternative
- * names criterion is to be set. Must be non-NULL.
- * "names"
- * Address of List of GeneralNames used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubjAltNames(
- PKIX_ComCertSelParams *params,
- PKIX_List *names, /* list of PKIX_PL_GeneralName */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_AddSubjAltName
- * DESCRIPTION:
- *
- * Adds to the subject alternative names criterion of the ComCertSelParams
- * object pointed to by "params" using the GeneralName pointed to by "name".
- * In order to match against this criterion, a certificate must contain all
- * or at least one of the criterion's subject alternative names (depending on
- * the result of PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default
- * behavior requires a certificate to contain all of the criterion's subject
- * alternative names in order to match.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject alternative names
- * criterion is to be added to. Must be non-NULL.
- * "name"
- * Address of GeneralName to be added.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_AddSubjAltName(
- PKIX_ComCertSelParams *params,
- PKIX_PL_GeneralName *name,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetPathToNames
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of GeneralNames (if any) representing the
- * path to names criterion that is set in the ComCertSelParams object pointed
- * to by "params" and stores it at "pNames". In order to match against this
- * criterion, a certificate must not include name constraints that would
- * prohibit building a path to the criterion's specified names.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pNames", in which case all certificates are considered to match this
- * criterion.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose path to names criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pNames"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetPathToNames(
- PKIX_ComCertSelParams *params,
- PKIX_List **pNames, /* list of PKIX_PL_GeneralName */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetPathToNames
- * DESCRIPTION:
- *
- * Sets the path to names criterion of the ComCertSelParams object pointed to
- * by "params" using a List of GeneralNames pointed to by "names". In order to
- * match against this criterion, a certificate must not include name
- * constraints that would prohibit building a path to the criterion's
- * specified names.
- *
- * If "names" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose path to names criterion
- * is to be set. Must be non-NULL.
- * "names"
- * Address of List of GeneralNames used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetPathToNames(
- PKIX_ComCertSelParams *params,
- PKIX_List *names, /* list of PKIX_PL_GeneralName */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_AddPathToName
- * DESCRIPTION:
- *
- * Adds to the path to names criterion of the ComCertSelParams object pointed
- * to by "params" using the GeneralName pointed to by "pathToName". In order
- * to match against this criterion, a certificate must not include name
- * constraints that would prohibit building a path to the criterion's
- * specified names.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose path to names criterion is to
- * be added to. Must be non-NULL.
- * "pathToName"
- * Address of GeneralName to be added.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_AddPathToName(
- PKIX_ComCertSelParams *params,
- PKIX_PL_GeneralName *pathToName,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetAuthorityKeyIdentifier
- * DESCRIPTION:
- *
- * Retrieves a pointer to the ByteArray (if any) representing the authority
- * key identifier criterion that is set in the ComCertSelParams object
- * pointed to by "params" and stores it at "pAuthKeyId". In order to match
- * against this criterion, a certificate must contain an
- * AuthorityKeyIdentifier extension whose value matches the criterion's
- * authority key identifier value.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pAuthKeyId", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose authority key identifier
- * criterion (if any) is to be stored. Must be non-NULL.
- * "pAuthKeyId"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetAuthorityKeyIdentifier(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray **pAuthKeyId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetAuthorityKeyIdentifier
- * DESCRIPTION:
- *
- * Sets the authority key identifier criterion of the ComCertSelParams object
- * pointed to by "params" to the ByteArray pointed to by "authKeyId". In
- * order to match against this criterion, a certificate must contain an
- * AuthorityKeyIdentifier extension whose value matches the criterion's
- * authority key identifier value.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose authority key identifier
- * criterion is to be set. Must be non-NULL.
- * "authKeyId"
- * Address of ByteArray used to set the criterion
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray *authKeyId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubjKeyIdentifier
- * DESCRIPTION:
- *
- * Retrieves a pointer to the ByteArray (if any) representing the subject key
- * identifier criterion that is set in the ComCertSelParams object pointed to
- * by "params" and stores it at "pSubjKeyId". In order to match against this
- * criterion, a certificate must contain a SubjectKeyIdentifier extension
- * whose value matches the criterion's subject key identifier value.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pSubjKeyId", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject key identifier
- * criterion (if any) is to be stored. Must be non-NULL.
- * "pSubjKeyId"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubjKeyIdentifier(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray **pSubjKeyId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubjKeyIdentifier
- * DESCRIPTION:
- *
- * Sets the subject key identifier criterion of the ComCertSelParams object
- * pointed to by "params" using a ByteArray pointed to by "subjKeyId". In
- * order to match against this criterion, a certificate must contain an
- * SubjectKeyIdentifier extension whose value matches the criterion's subject
- * key identifier value.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject key identifier
- * criterion is to be set. Must be non-NULL.
- * "subjKeyId"
- * Address of ByteArray used to set the criterion
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubjKeyIdentifier(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray *subKeyId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubjPubKey
- * DESCRIPTION:
- *
- * Retrieves a pointer to the PublicKey (if any) representing the subject
- * public key criterion that is set in the ComCertSelParams object pointed to
- * by "params" and stores it at "pPubKey". In order to match against this
- * criterion, a certificate must contain a SubjectPublicKey that matches the
- * criterion's public key.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pPubKey", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject public key criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pPubKey"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubjPubKey(
- PKIX_ComCertSelParams *params,
- PKIX_PL_PublicKey **pPubKey,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubjPubKey
- * DESCRIPTION:
- *
- * Sets the subject public key criterion of the ComCertSelParams object
- * pointed to by "params" using a PublicKey pointed to by "pubKey". In order
- * to match against this criterion, a certificate must contain a
- * SubjectPublicKey that matches the criterion's public key.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject public key
- * criterion is to be set. Must be non-NULL.
- * "pubKey"
- * Address of PublicKey used to set the criterion
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubjPubKey(
- PKIX_ComCertSelParams *params,
- PKIX_PL_PublicKey *pubKey,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubjPKAlgId
- * DESCRIPTION:
- *
- * Retrieves a pointer to the OID (if any) representing the subject public key
- * algorithm identifier criterion that is set in the ComCertSelParams object
- * pointed to by "params" and stores it at "pPubKey". In order to match
- * against this criterion, a certificate must contain a SubjectPublicKey with
- * an algorithm that matches the criterion's algorithm.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pAlgId", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject public key algorithm
- * identifier (if any) is to be stored. Must be non-NULL.
- * "pAlgId"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubjPKAlgId(
- PKIX_ComCertSelParams *params,
- PKIX_PL_OID **pAlgId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubjPKAlgId
- * DESCRIPTION:
- *
- * Sets the subject public key algorithm identifier criterion of the
- * ComCertSelParams object pointed to by "params" using an OID pointed to by
- * "algId". In order to match against this criterion, a certificate must
- * contain a SubjectPublicKey with an algorithm that matches the criterion's
- * algorithm.
- *
- * If "algId" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject public key
- * algorithm identifier criterion is to be set. Must be non-NULL.
- * "algId"
- * Address of OID used to set criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubjPKAlgId(
- PKIX_ComCertSelParams *params,
- PKIX_PL_OID *algId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetBasicConstraints
- * DESCRIPTION:
- *
- * Retrieves a pointer to the minimum path length (if any) representing the
- * basic constraints criterion that is set in the ComCertSelParams object
- * pointed to by "params" and stores it at "pMinPathLength". In order to
- * match against this criterion, there are several possibilities.
- *
- * 1) If the criterion's minimum path length is greater than or equal to zero,
- * a certificate must include a BasicConstraints extension with a pathLen of
- * at least this value.
- *
- * 2) If the criterion's minimum path length is -2, a certificate must be an
- * end-entity certificate.
- *
- * 3) If the criterion's minimum path length is -1, no basic constraints check
- * is done and all certificates are considered to match this criterion.
- *
- * The semantics of other values of the criterion's minimum path length are
- * undefined but may be defined in future versions of the API.
- *
- * If "params" does not have this criterion set, this function stores -1 at
- * "pMinPathLength", in which case all certificates are considered to match
- * this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose basic constraints criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pMinPathLength"
- * Address where PKIX_Int32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetBasicConstraints(
- PKIX_ComCertSelParams *params,
- PKIX_Int32 *pMinPathLength,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetBasicConstraints
- * DESCRIPTION:
- *
- * Sets the basic constraints criterion of the ComCertSelParams object
- * pointed to by "params" using the integer value of "minPathLength". In
- * order to match against this criterion, there are several possibilities.
- *
- * 1) If the criterion's minimum path length is greater than or equal to zero,
- * a certificate must include a BasicConstraints extension with a pathLen of
- * at least this value.
- *
- * 2) If the criterion's minimum path length is -2, a certificate must be an
- * end-entity certificate.
- *
- * 3) If the criterion's minimum path length is -1, no basic constraints check
- * is done and all certificates are considered to match this criterion.
- *
- * The semantics of other values of the criterion's minimum path length are
- * undefined but may be defined in future versions of the API.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose basic constraints
- * criterion is to be set. Must be non-NULL.
- * "minPathLength"
- * Value of PKIX_Int32 used to set the criterion
- * (or -1 to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetBasicConstraints(
- PKIX_ComCertSelParams *params,
- PKIX_Int32 minPathLength,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetCertificate
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Cert (if any) representing the certificate
- * criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pCert". In order to match against this
- * criterion, a certificate must be equal to the criterion's certificate. If
- * this criterion is specified, it is usually not necessary to specify any
- * other criteria, since this criterion requires an exact certificate match.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pCert", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose certificate criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pCert"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetCertificate(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Cert **pCert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetCertificate
- * DESCRIPTION:
- *
- * Sets the certificate criterion of the ComCertSelParams object pointed to by
- * "params" using a Cert pointed to by "cert". In order to match against this
- * criterion, a certificate must be equal to the criterion's certificate.
- * If this criterion is specified, it is usually not necessary to specify
- * any other criteria, since this criterion requires an exact certificate
- * match.
- *
- * If "cert" is NULL, all certificates are considered to match this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose certificate criterion is to be
- * set. Must be non-NULL.
- * "cert"
- * Address of Cert used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetCertificate(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Cert *cert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetCertificateValid
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Date (if any) representing the certificate
- * validity criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pDate". In order to match against this
- * criterion, a certificate's validity period must include the criterion's
- * Date.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pDate", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose certificate validity criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pDate"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetCertificateValid(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Date **pDate,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetCertificateValid
- * DESCRIPTION:
- *
- * Sets the certificate validity criterion of the ComCertSelParams object
- * pointed to by "params" using a Date pointed to by "date". In order to
- * match against this criterion, a certificate's validity period must include
- * the criterion's Date.
- *
- * If "date" is NULL, all certificates are considered to match this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose certificate validity criterion
- * is to be set. Must be non-NULL.
- * "date"
- * Address of Date used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetCertificateValid(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Date *date,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSerialNumber
- * DESCRIPTION:
- *
- * Retrieves a pointer to the BigInt (if any) representing the serial number
- * criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pSerialNumber". In order to match against this
- * criterion, a certificate must have a serial number equal to the
- * criterion's serial number.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pSerialNumber", in which case all certificates are considered to match
- * this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose serial number criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pSerialNumber"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSerialNumber(
- PKIX_ComCertSelParams *params,
- PKIX_PL_BigInt **pSerialNumber,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSerialNumber
- * DESCRIPTION:
- *
- * Sets the serial number criterion of the ComCertSelParams object pointed to
- * by "params" using a BigInt pointed to by "serialNumber". In order to match
- * against this criterion, a certificate must have a serial number equal to
- * the criterion's serial number.
- *
- * If "serialNumber" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose serial number criterion is to
- * be set. Must be non-NULL.
- * "serialNumber"
- * Address of BigInt used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSerialNumber(
- PKIX_ComCertSelParams *params,
- PKIX_PL_BigInt *serialNumber,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetVersion
- * DESCRIPTION:
- *
- * Retrieves a PKIX_UInt32 (if any) representing the version criterion that is
- * set in the ComCertSelParams object pointed to by "params" and stores it at
- * "pVersion". In order to match against this criterion, a certificate's
- * version must be equal to the criterion's version.
- *
- * The version number will either be 0, 1, or 2 (corresponding to
- * v1, v2, or v3, respectively).
- *
- * If "params" does not have this criterion set, this function stores
- * 0xFFFFFFFF at "pVersion", in which case all certificates are considered
- * to match this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose version criterion (if any) is
- * to be stored. Must be non-NULL.
- * "pVersion"
- * Address where PKIX_Int32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetVersion(
- PKIX_ComCertSelParams *params,
- PKIX_UInt32 *pVersion,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetVersion
- * DESCRIPTION:
- *
- * Sets the version criterion of the ComCertSelParams object pointed to by
- * "params" using the integer value of "version". In order to match against
- * this criterion, a certificate's version must be equal to the criterion's
- * version. If the criterion's version is -1, no version check is done and
- * all certificates are considered to match this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose version criterion is to be
- * set. Must be non-NULL.
- * "version"
- * Value of PKIX_Int32 used to set the criterion
- * (or -1 to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetVersion(
- PKIX_ComCertSelParams *params,
- PKIX_Int32 version,
- void *plContext);
-
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetKeyUsage
- * DESCRIPTION:
- *
- * Retrieves a PKIX_UInt32 (if any) representing the key usage criterion that
- * is set in the ComCertSelParams object pointed to by "params" and stores it
- * at "pKeyUsage". In order to match against this criterion, a certificate
- * must allow the criterion's key usage values. Note that a certificate that
- * has no KeyUsage extension implicity allows all key usages. Note also that
- * this functions supports a maximum of 32 key usage bits.
- *
- * If "params" does not have this criterion set, this function stores zero at
- * "pKeyUsage", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose key usage criterion (if any)
- * is to be stored. Must be non-NULL.
- * "pKeyUsage"
- * Address where PKIX_UInt32 will be stored. Must not be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetKeyUsage(
- PKIX_ComCertSelParams *params,
- PKIX_UInt32 *pKeyUsage,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetKeyUsage
- * DESCRIPTION:
- *
- * Sets the key usage criterion of the ComCertSelParams object pointed to by
- * "params" using the integer value of "keyUsage". In order to match against
- * this criterion, a certificate must allow the criterion's key usage values.
- * Note that a certificate that has no KeyUsage extension implicity allows
- * all key usages. Note also that this functions supports a maximum of 32 key
- * usage bits.
- *
- * If the criterion's key usage value is zero, no key usage check is done and
- * all certificates are considered to match this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose key usage criterion is to be
- * set. Must be non-NULL.
- * "keyUsage"
- * Value of PKIX_Int32 used to set the criterion
- * (or zero to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetKeyUsage(
- PKIX_ComCertSelParams *params,
- PKIX_UInt32 keyUsage,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetExtendedKeyUsage
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of OIDs (if any) representing the extended
- * key usage criterion that is set in the ComCertSelParams object pointed to
- * by "params" and stores it at "pExtKeyUsage". In order to match against this
- * criterion, a certificate's ExtendedKeyUsage extension must allow the
- * criterion's extended key usages. Note that a certificate that has no
- * ExtendedKeyUsage extension implicity allows all key purposes.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pExtKeyUsage", in which case all certificates are considered to match
- * this criterion.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose extended key usage criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pExtKeyUsage"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetExtendedKeyUsage(
- PKIX_ComCertSelParams *params,
- PKIX_List **pExtKeyUsage, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetExtendedKeyUsage
- * DESCRIPTION:
- *
- * Sets the extended key usage criterion of the ComCertSelParams object
- * pointed to by "params" using a List of OIDs pointed to by "extKeyUsage".
- * In order to match against this criterion, a certificate's ExtendedKeyUsage
- * extension must allow the criterion's extended key usages. Note that a
- * certificate that has no ExtendedKeyUsage extension implicitly allows all
- * key purposes.
- *
- * If "extKeyUsage" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose extended key usage criterion
- * is to be set. Must be non-NULL.
- * "extKeyUsage"
- * Address of List of OIDs used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetExtendedKeyUsage(
- PKIX_ComCertSelParams *params,
- PKIX_List *extKeyUsage, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetPolicy
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of OIDs (if any) representing the policy
- * criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pPolicy". In order to match against this
- * criterion, a certificate's CertificatePolicies extension must include at
- * least one of the criterion's policies. If "params" has this criterion set,
- * but the List of OIDs is empty, then a certificate's CertificatePolicies
- * extension must include at least some policy.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pPolicy", in which case all certificates are considered to match this
- * criterion.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose policy criterion (if any) is
- * to be stored. Must be non-NULL.
- * "pPolicy"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetPolicy(
- PKIX_ComCertSelParams *params,
- PKIX_List **pPolicy, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetPolicy
- * DESCRIPTION:
- *
- * Sets the policy criterion of the ComCertSelParams object pointed to by
- * "params" using a List of OIDs pointed to by "policy". In order to match
- * against this criterion, a certificate's CertificatePolicies extension must
- * include at least one of the criterion's policies. If "params" has this
- * criterion set, but the List of OIDs is empty, then a certificate's
- * CertificatePolicies extension must include at least some policy.
- *
- * If "policy" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose policy criterion is to be set.
- * Must be non-NULL.
- * "policy"
- * Address of List of OIDs used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetPolicy(
- PKIX_ComCertSelParams *params,
- PKIX_List *policy, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetIssuer
- * DESCRIPTION:
- *
- * Retrieves a pointer to the X500Name (if any) representing the issuer
- * criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pIssuer". In order to match against this
- * criterion, a certificate's IssuerName must match the criterion's issuer
- * name.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pIssuer", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose issuer criterion (if any) is
- * to be stored. Must be non-NULL.
- * "pIssuer"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetIssuer(
- PKIX_ComCertSelParams *params,
- PKIX_PL_X500Name **pIssuer,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetIssuer
- * DESCRIPTION:
- *
- * Sets the issuer criterion of the ComCertSelParams object pointed to by
- * "params" using an X500Name pointed to by "issuer". In order to match
- * against this criterion, a certificate's IssuerName must match the
- * criterion's issuer name.
- *
- * If "issuer" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose issuer criterion is to be set.
- * Must be non-NULL.
- * "issuer"
- * Address of X500Name used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetIssuer(
- PKIX_ComCertSelParams *params,
- PKIX_PL_X500Name *issuer,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubject
- * DESCRIPTION:
- *
- * Retrieves a pointer to the X500Name (if any) representing the subject
- * criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pSubject". In order to match against this
- * criterion, a certificate's SubjectName must match the criterion's subject
- * name.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pSubject", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject criterion (if any) is
- * to be stored. Must be non-NULL.
- * "pSubject"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubject(
- PKIX_ComCertSelParams *params,
- PKIX_PL_X500Name **pSubject,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubject
- * DESCRIPTION:
- *
- * Sets the subject criterion of the ComCertSelParams object pointed to by
- * "params" using an X500Name pointed to by "subject". In order to match
- * against this criterion, a certificate's SubjectName must match the
- * criterion's subject name.
- *
- * If "subject" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject criterion is to be
- * set. Must be non-NULL.
- * "subject"
- * Address of X500Name used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubject(
- PKIX_ComCertSelParams *params,
- PKIX_PL_X500Name *subject,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubjectAsByteArray
- * DESCRIPTION:
- *
- * Retrieves a pointer to the ByteArray (if any) representing the subject
- * criterion that is set in the ComCertSelParams object pointed to by
- * "params" and stores it at "pSubject". In order to match against this
- * criterion, a certificate's SubjectName must match the criterion's subject
- * name.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pSubject", in which case all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject criterion (if any) is
- * to be stored. Must be non-NULL.
- * "pSubject"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubjectAsByteArray(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray **pSubject,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubjectAsByteArray
- * DESCRIPTION:
- *
- * Sets the subject criterion of the ComCertSelParams object pointed to by
- * "params" using a ByteArray pointed to by "subject". In order to match
- * against this criterion, a certificate's SubjectName must match the
- * criterion's subject name.
- *
- * If "subject" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose subject criterion is to be
- * set. Must be non-NULL.
- * "subject"
- * Address of ByteArray used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubjectAsByteArray(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray *subject,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetNameConstraints
- * DESCRIPTION:
- *
- * Retrieves a pointer to the X500Name (if any) representing the name
- * constraints criterion that is set in the ComCertSelParams object pointed
- * to by "params" and stores it at "pConstraints". In order to match against
- * this criterion, a certificate's subject and subject alternative names must
- * be allowed by the criterion's name constraints.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pConstraints", in which case all certificates are considered to match
- * this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose name constraints criterion
- * (if any) is to be stored. Must be non-NULL.
- * "pConstraints"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetNameConstraints(
- PKIX_ComCertSelParams *params,
- PKIX_PL_CertNameConstraints **pConstraints,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetNameConstraints
- * DESCRIPTION:
- *
- * Sets the name constraints criterion of the ComCertSelParams object pointed
- * to by "params" using the CertNameConstraints pointed to by "constraints".
- * In order to match against this criterion, a certificate's subject and
- * subject alternative names must be allowed by the criterion's name
- * constraints.
- *
- * If "constraints" is NULL, all certificates are considered to match this
- * criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose name constraints criterion is
- * to be set. Must be non-NULL.
- * "constraints"
- * Address of CertNameConstraints used to set the criterion
- * (or NULL to disable the criterion).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetNameConstraints(
- PKIX_ComCertSelParams *params,
- PKIX_PL_CertNameConstraints *constraints,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetMatchAllSubjAltNames
- * DESCRIPTION:
- *
- * Checks whether the ComCertSelParams object pointed to by "params" indicate
- * that all subject alternative names are to be matched and stores the Boolean
- * result at "pMatch". This Boolean value determines the behavior of the
- * subject alternative names criterion.
- *
- * In order to match against the subject alternative names criterion, if the
- * Boolean value at "pMatch" is PKIX_TRUE, a certificate must contain all of
- * the criterion's subject alternative names. If the Boolean value at
- * "pMatch" is PKIX_FALSE, a certificate must contain at least one of the
- * criterion's subject alternative names. The default behavior is as if the
- * Boolean value at "pMatch" is PKIX_TRUE.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object used to determine whether all
- * subject alternative names must be matched. Must be non-NULL.
- * "pMatch"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetMatchAllSubjAltNames(
- PKIX_ComCertSelParams *params,
- PKIX_Boolean *pMatch,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetMatchAllSubjAltNames
- * DESCRIPTION:
- *
- * Sets the match flag of the ComCertSelParams object pointed to by "params"
- * using the Boolean value of "match". This Boolean value determines the
- * behavior of the subject alternative names criterion.
- *
- * In order to match against the subject alternative names criterion, if the
- * "match" is PKIX_TRUE, a certificate must contain all of the criterion's
- * subject alternative names. If the "match" is PKIX_FALSE, a certificate
- * must contain at least one of the criterion's subject alternative names.
- * The default behavior is as if "match" is PKIX_TRUE.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose match flag is to be set.
- * Must be non-NULL.
- * "match"
- * Boolean value used to set the match flag.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetMatchAllSubjAltNames(
- PKIX_ComCertSelParams *params,
- PKIX_Boolean match,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetLeafCertFlag
- * DESCRIPTION:
- *
- * Return "leafCert" flag of the ComCertSelParams structure. If set to true,
- * the flag indicates that a selector should filter out all cert that are not
- * qualified to be a leaf cert according to the specified key/ekey usages.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object used to determine whether all
- * subject alternative names must be matched. Must be non-NULL.
- * "pLeafFlag"
- * Address of returned value.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error*
-PKIX_ComCertSelParams_GetLeafCertFlag(
- PKIX_ComCertSelParams *params,
- PKIX_Boolean *pLeafFlag,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetLeafCertFlag
- * DESCRIPTION:
- *
- * Sets a flag that if its value is true, indicates that the selector
- * should only pick certs that qualifies to be leaf for this cert path
- * validation.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams object whose match flag is to be set.
- * Must be non-NULL.
- * "leafFlag"
- * Boolean value used to set the leaf flag.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetLeafCertFlag(
- PKIX_ComCertSelParams *params,
- PKIX_Boolean leafFlag,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_CERTSEL_H */
diff --git a/security/nss/lib/libpkix/include/pkix_certstore.h b/security/nss/lib/libpkix/include/pkix_certstore.h
deleted file mode 100755
index f17845d7d..000000000
--- a/security/nss/lib/libpkix/include/pkix_certstore.h
+++ /dev/null
@@ -1,746 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines functions associated with the PKIX_CertStore type.
- *
- */
-
-#ifndef _PKIX_CERTSTORE_H
-#define _PKIX_CERTSTORE_H
-
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/* PKIX_CertStore
- *
- * A PKIX_CertStore provides a standard way for the caller to retrieve
- * certificates and CRLs from a particular repository (or "store") of
- * certificates and CRLs, including LDAP directories, flat files, local
- * databases, etc. The CertCallback allows custom certificate retrieval logic
- * to be used while the CRLCallback allows custom CRL retrieval logic to be
- * used. Additionally, a CertStore can be initialized with a certStoreContext,
- * which is where the caller can specify configuration data such as the host
- * name of an LDAP server. Note that this certStoreContext must be an
- * Object (although any object type), allowing it to be reference-counted and
- * allowing it to provide the standard Object functions (Equals, Hashcode,
- * ToString, Compare, Duplicate). Please note that each certStoreContext must
- * provide Equals and Hashcode functions in order for the caching (on Cert and
- * CertChain) to work correctly. When providing those two functions, it is not
- * required that all the components of the object be hashed or checked for
- * equality, but merely that the functions distinguish between unique
- * instances of the certStoreContext.
- *
- * Once the caller has created the CertStore object, the caller then specifies
- * these CertStore objects in a ProcessingParams object and passes that object
- * to PKIX_ValidateChain or PKIX_BuildChain, which uses the objects to call the
- * user's callback functions as needed during the validation or building
- * process.
- *
- * The order of CertStores stored (as a list) at ProcessingParams determines
- * the order in which certificates are retrieved. Trusted CertStores should
- * precede non-trusted ones on the list of CertStores so their certificates
- * are evaluated ahead of other certificates selected on the basis of the same
- * selector criteria.
- *
- * The CheckTrustCallback function is used when the CertStore object
- * supports trust status, which means a Cert's trust status can be altered
- * dynamically. When a CertStore object is created, if the
- * CheckTrustCallback is initialized to be non-NULL, this CertStore is
- * defaulted as supporting trust. Then whenever a Cert needs to (re)check its
- * trust status, this callback can be invoked. When a Cert is retrieved by
- * a CertStore supports trust, at its GetCertCallback, the CertStore
- * information should be updated in Cert's data structure so the link between
- * the Cert and CertStore exists.
- *
- */
-
-/*
- * FUNCTION: PKIX_CertStore_CertCallback
- * DESCRIPTION:
- *
- * This callback function retrieves from the CertStore pointed to by "store"
- * all the certificates that match the CertSelector pointed to by "selector".
- * It places these certificates in a List and stores a pointer to the List at
- * "pCerts". If no certificates are found which match the CertSelector's
- * criteria, this function stores an empty List at "pCerts". In either case, if
- * the operation is completed, NULL is stored at "pNBIOContext".
- *
- * A CertStore which uses non-blocking I/O may store platform-dependent
- * information at "pNBIOContext" and NULL at "pCerts" to indicate that I/O is
- * pending. A subsequent call to PKIX_CertStore_CertContinue is required to
- * finish the operation and to obtain the List of Certs.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore from which Certs are to be retrieved.
- * Must be non-NULL.
- * "selector"
- * Address of CertSelector whose criteria must be satisfied.
- * Must be non-NULL.
- * "verifyNode"
- * Parent log node for tracking of filtered out certs.
- * "pNBIOContext"
- * Address at which platform-dependent information is stored if the
- * operation is suspended for non-blocking I/O. Must be non-NULL.
- * "pCerts"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_CertStore_CertCallback)(
- PKIX_CertStore *store,
- PKIX_CertSelector *selector,
- PKIX_VerifyNode *verifyNode,
- void **pNBIOContext,
- PKIX_List **pCerts, /* list of PKIX_PL_Cert */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_CertContinue
- * DESCRIPTION:
- *
- * This function continues the non-blocking operation initiated by an earlier
- * call to the CertCallback function, for the CertStore pointed to by "store".
- * If an earlier call did not terminate with the WOULDBLOCK indication (non-NULL
- * value returned in "pNBIOContext") calling this function will return a fatal
- * error. If the operation is completed the certificates found are placed in a
- * List, a pointer to which is stored at "pCerts". If no certificates are found
- * which match the CertSelector's criteria, this function stores an empty List
- * at "pCerts". In either case, if the operation is completed, NULL is stored
- * at "pNBIOContext".
- *
- * If non-blocking I/O is still pending this function stores platform-dependent
- * information at "pNBIOContext" and NULL at "pCerts". A subsequent call to
- * PKIX_CertStore_CertContinue is required to finish the operation and to
- * obtain the List of Certs.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore from which Certs are to be retrieved.
- * Must be non-NULL.
- * "selector"
- * Address of CertSelector whose criteria must be satisfied.
- * Must be non-NULL.
- * "verifyNode"
- * Parent log node for tracking of filtered out certs.
- * "pNBIOContext"
- * Address at which platform-dependent information is stored if the
- * operation is suspended for non-blocking I/O. Must be non-NULL.
- * "pCerts"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_CertContinue(
- PKIX_CertStore *store,
- PKIX_CertSelector *selector,
- PKIX_VerifyNode *verifyNode,
- void **pNBIOContext,
- PKIX_List **pCerts, /* list of PKIX_PL_Cert */
- void *plContext);
-
-typedef PKIX_Error *
-(*PKIX_CertStore_CertContinueFunction)(
- PKIX_CertStore *store,
- PKIX_CertSelector *selector,
- PKIX_VerifyNode *verifyNode,
- void **pNBIOContext,
- PKIX_List **pCerts, /* list of PKIX_PL_Cert */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_CRLCallback
- * DESCRIPTION:
- *
- * This callback function retrieves from the CertStore pointed to by "store"
- * all the CRLs that match the CRLSelector pointed to by "selector". It
- * places these CRLs in a List and stores a pointer to the List at "pCRLs".
- * If no CRLs are found which match the CRLSelector's criteria, this function
- * stores an empty List at "pCRLs". In either case, if the operation is
- * completed, NULL is stored at "pNBIOContext".
- *
- * A CertStore which uses non-blocking I/O may store platform-dependent
- * information at "pNBIOContext" and NULL at "pCrls" to indicate that I/O is
- * pending. A subsequent call to PKIX_CertStore_CRLContinue is required to
- * finish the operation and to obtain the List of Crls.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore from which CRLs are to be retrieved.
- * Must be non-NULL.
- * "selector"
- * Address of CRLSelector whose criteria must be satisfied.
- * Must be non-NULL.
- * "pCrls"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_CertStore_CRLCallback)(
- PKIX_CertStore *store,
- PKIX_CRLSelector *selector,
- void **pNBIOContext,
- PKIX_List **pCrls, /* list of PKIX_PL_CRL */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_ImportCrlCallback
- * DESCRIPTION:
- *
- * The function imports crl list into a cert store. Stores that
- * have local cache may only have that function defined.
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore from which CRLs are to be retrieved.
- * Must be non-NULL.
- * "issuerName"
- * Name of the issuer that will be used to track bad der crls.
- * "crlList"
- * Address on the importing crl list.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_CertStore_ImportCrlCallback)(
- PKIX_CertStore *store,
- PKIX_PL_X500Name *issuerName,
- PKIX_List *crlList,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_CheckRevokationByCrlCallback
- * DESCRIPTION:
- *
- * The function checks revocation status of a cert with specified
- * issuer, date. It returns revocation status of a cert and
- * a reason code(if any) if a cert was revoked.
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore from which CRLs are to be retrieved.
- * Must be non-NULL.
- * "cert"
- * Certificate which revocation status will be checked.
- * "issuer"
- * Issuer certificate of the "crl".
- * "date"
- * Date of the revocation check.
- * "crlDownloadDone"
- * Indicates, that all needed crl downloads are done by the time of
- * the revocation check.
- * "reasonCode"
- * If cert is revoked, returned reason code for which a cert was revoked.
- * "revStatus"
- * Returned revocation status of the cert. See PKIX_RevocationStatus
- * for more details
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_CertStore_CheckRevokationByCrlCallback)(
- PKIX_CertStore *store,
- PKIX_PL_Cert *cert,
- PKIX_PL_Cert *issuer,
- PKIX_PL_Date *date,
- PKIX_Boolean crlDownloadDone,
- PKIX_UInt32 *reasonCode,
- PKIX_RevocationStatus *revStatus,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_CrlContinue
- * DESCRIPTION:
- *
- * This function continues the non-blocking operation initiated by an earlier
- * call to the CRLCallback function, for the CertStore pointed to by "store".
- * If an earlier call did not terminate with the WOULDBLOCK indication (non-NULL
- * value returned in "pNBIOContext") calling this function will return a fatal
- * error. If the operation is completed the crls found are placed in a List, a
- * pointer to which is stored at "pCrls". If no crls are found which match the
- * CRLSelector's criteria, this function stores an empty List at "pCrls". In
- * either case, if the operation is completed, NULL is stored at "pNBIOContext".
- *
- * If non-blocking I/O is still pending this function stores platform-dependent
- * information at "pNBIOContext" and NULL at "pCrls". A subsequent call to
- * PKIX_CertStore_CrlContinue is required to finish the operation and to
- * obtain the List of Crls.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore from which Crls are to be retrieved.
- * Must be non-NULL.
- * "selector"
- * Address of CRLSelector whose criteria must be satisfied.
- * Must be non-NULL.
- * "pNBIOContext"
- * Address at which platform-dependent information is stored if the
- * operation is suspended for non-blocking I/O. Must be non-NULL.
- * "pCrls"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_CrlContinue(
- PKIX_CertStore *store,
- PKIX_CRLSelector *selector,
- void **pNBIOContext,
- PKIX_List **pCrls, /* list of PKIX_PL_CRL */
- void *plContext);
-
-typedef PKIX_Error *
-(*PKIX_CertStore_CrlContinueFunction)(
- PKIX_CertStore *store,
- PKIX_CRLSelector *selector,
- void **pNBIOContext,
- PKIX_List **pCrls, /* list of PKIX_PL_CRL */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_CheckTrustCallback
- * DESCRIPTION:
- *
- * This callback function rechecks "cert's" trust status from the CertStore
- * pointed to by "store".
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore from which Certs are to be checked.
- * Must be non-NULL.
- * "cert"
- * Address of Cert whose trust status needs to be rechecked.
- * Must be non-NULL.
- * "pTrusted"
- * Address of PKIX_Boolean where the trust status is returned.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_CertStore_CheckTrustCallback)(
- PKIX_CertStore *store,
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pTrusted,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_Create
- * DESCRIPTION:
- *
- * Creates a new CertStore and stores it at "pStore". The new CertStore uses
- * the CertCallback pointed to by "certCallback" and the CRLCallback pointed
- * to by "crlCallback" as its callback functions and uses the Object pointed
- * to by "certStoreContext" as its context . Note that this certStoreContext
- * must be an Object (although any object type), allowing it to be
- * reference-counted and allowing it to provide the standard Object functions
- * (Equals, Hashcode, ToString, Compare, Duplicate). Once created, a
- * CertStore object is immutable, although the underlying repository can
- * change. For example, a CertStore will often be a front-end for a database
- * or directory. The contents of that directory can change after the
- * CertStore object is created, but the CertStore object remains immutable.
- *
- * PARAMETERS:
- * "certCallback"
- * The CertCallback function to be used. Must be non-NULL.
- * "crlCallback"
- * The CRLCallback function to be used. Must be non-NULL.
- * "certContinue"
- * The function to be used to resume a certCallback that returned with a
- * WOULDBLOCK condition. Must be non-NULL if certStore supports non-blocking
- * I/O.
- * "crlContinue"
- * The function to be used to resume a crlCallback that returned with a
- * WOULDBLOCK condition. Must be non-NULL if certStore supports non-blocking
- * I/O.
- * "trustCallback"
- * Address of PKIX_CertStore_CheckTrustCallback which is called to
- * verify the trust status of Certs in this CertStore.
- * "certStoreContext"
- * Address of Object representing the CertStore's context (if any).
- * "cachedFlag"
- * If TRUE indicates data retrieved from CertStore should be cached.
- * "localFlag"
- * Boolean value indicating whether this CertStore is local.
- * "pStore"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_Create(
- PKIX_CertStore_CertCallback certCallback,
- PKIX_CertStore_CRLCallback crlCallback,
- PKIX_CertStore_CertContinueFunction certContinue,
- PKIX_CertStore_CrlContinueFunction crlContinue,
- PKIX_CertStore_CheckTrustCallback trustCallback,
- PKIX_CertStore_ImportCrlCallback importCrlCallback,
- PKIX_CertStore_CheckRevokationByCrlCallback checkRevByCrlCallback,
- PKIX_PL_Object *certStoreContext,
- PKIX_Boolean cachedFlag,
- PKIX_Boolean localFlag,
- PKIX_CertStore **pStore,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_GetCertCallback
- * DESCRIPTION:
- *
- * Retrieves a pointer to "store's" Cert callback function and put it in
- * "pCallback".
- *
- * PARAMETERS:
- * "store"
- * The CertStore whose Cert callback is desired. Must be non-NULL.
- * "pCallback"
- * Address where Cert callback function pointer will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_GetCertCallback(
- PKIX_CertStore *store,
- PKIX_CertStore_CertCallback *pCallback,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_GetCRLCallback
- * DESCRIPTION:
- *
- * Retrieves a pointer to "store's" CRL callback function and put it in
- * "pCallback".
- *
- * PARAMETERS:
- * "store"
- * The CertStore whose CRL callback is desired. Must be non-NULL.
- * "pCallback"
- * Address where CRL callback function pointer will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_GetCRLCallback(
- PKIX_CertStore *store,
- PKIX_CertStore_CRLCallback *pCallback,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_GetImportCrlCallback
- * DESCRIPTION:
- *
- * Retrieves a pointer to "store's" Import CRL callback function and put it in
- * "pCallback".
- *
- * PARAMETERS:
- * "store"
- * The CertStore whose CRL callback is desired. Must be non-NULL.
- * "pCallback"
- * Address where CRL callback function pointer will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_GetImportCrlCallback(
- PKIX_CertStore *store,
- PKIX_CertStore_ImportCrlCallback *pCallback,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_GetCheckRevByCrl
- * DESCRIPTION:
- *
- * Retrieves a pointer to "store's" CRL revocation checker callback function
- * and put it in "pCallback".
- *
- * PARAMETERS:
- * "store"
- * The CertStore whose CRL callback is desired. Must be non-NULL.
- * "pCallback"
- * Address where CRL callback function pointer will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_GetCrlCheckerFn(
- PKIX_CertStore *store,
- PKIX_CertStore_CheckRevokationByCrlCallback *pCallback,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_GetTrustCallback
- * DESCRIPTION:
- *
- * Retrieves the function pointer to the CheckTrust callback function of the
- * CertStore pointed to by "store" and stores it at "pCallback".
- *
- * PARAMETERS:
- * "store"
- * The CertStore whose CheckTrust callback is desired. Must be non-NULL.
- * "pCallback"
- * Address where CheckTrust callback function pointer will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_GetTrustCallback(
- PKIX_CertStore *store,
- PKIX_CertStore_CheckTrustCallback *pCallback,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_GetCertStoreContext
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Object representing the context (if any)
- * of the CertStore pointed to by "store" and stores it at
- * "pCertStoreContext".
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore whose context is to be stored. Must be non-NULL.
- * "pCertStoreContext"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_GetCertStoreContext(
- PKIX_CertStore *store,
- PKIX_PL_Object **pCertStoreContext,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_GetCertStoreCacheFlag
- * DESCRIPTION:
- *
- * Retrieves the Boolean cache flag of the CertStore pointed to by "store" and
- * stores it at "pCachedFlag".
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore whose cache flag is to be stored. Must be non-NULL.
- * "pCacheFlag"
- * Address where the result will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_GetCertStoreCacheFlag(
- PKIX_CertStore *store,
- PKIX_Boolean *pCacheFlag,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertStore_GetLocalFlag
- * DESCRIPTION:
- *
- * Retrieves the Boolean localFlag for the CertStore pointed to by "store" and
- * stores it at "pLocalFlag". The localFlag is TRUE if the CertStore can
- * fulfill a request without performing network I/O.
- *
- * PARAMETERS:
- * "store"
- * The CertStore whose Local flag is desired. Must be non-NULL.
- * "pCallback"
- * Address where the Boolean LocalFlag will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertStore_GetLocalFlag(
- PKIX_CertStore *store,
- PKIX_Boolean *pLocalFlag,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_CERTSTORE_H */
diff --git a/security/nss/lib/libpkix/include/pkix_checker.h b/security/nss/lib/libpkix/include/pkix_checker.h
deleted file mode 100755
index 236112e11..000000000
--- a/security/nss/lib/libpkix/include/pkix_checker.h
+++ /dev/null
@@ -1,427 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines functions associated with the PKIX_CertChainChecker type.
- *
- */
-
-#ifndef _PKIX_CHECKER_H
-#define _PKIX_CHECKER_H
-
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/* PKIX_CertChainChecker
- *
- * PKIX_CertChainCheckers provide a standard way for the caller to insert their
- * own custom checks to validate certificates. This may be useful in many
- * scenarios, including when the caller wishes to validate private certificate
- * extensions. The CheckCallback allows custom certificate processing to take
- * place. Additionally, a CertChainChecker can optionally maintain state
- * between successive calls to the CheckCallback. This certChainCheckerState
- * must be an Object (although any object type), allowing it to be
- * reference-counted and allowing it to provide the standard Object functions
- * (Equals, Hashcode, ToString, Compare, Duplicate). If the caller wishes
- * their CertChainChecker to be used during chain building, their
- * certChainCheckerState object must implement an appropriate Duplicate
- * function. The builder uses this Duplicate function when backtracking.
- *
- * Once the caller has created a CertChainChecker object, the caller then
- * specifies a CertChainChecker object in a ProcessingParams object
- * and passes the ProcessingParams object to PKIX_ValidateChain or
- * PKIX_BuildChain, which uses the objects to call the user's callback
- * functions as needed during the validation or building process.
- *
- * A CertChainChecker may be presented certificates in the "reverse" direction
- * (from trust anchor to target) or in the "forward" direction (from target to
- * trust anchor). All CertChainCheckers must support "reverse checking", while
- * support for "forward checking" is optional, but recommended. If "forward
- * checking" is not supported, building chains may be much less efficient. The
- * PKIX_CertChainChecker_IsForwardCheckingSupported function is used to
- * determine whether forward checking is supported, and the
- * PKIX_CertChainChecker_IsForwardDirectionExpected function is used to
- * determine whether the CertChainChecker has been initialized to expect the
- * certificates to be presented in the "forward" direction.
- */
-
-/*
- * FUNCTION: PKIX_CertChainChecker_CheckCallback
- * DESCRIPTION:
- *
- * This callback function checks whether the specified Cert pointed to by
- * "cert" is valid using "checker's" internal certChainCheckerState (if any)
- * and removes the critical extensions that it processes (if any) from the
- * List of OIDs (possibly empty) pointed to by "unresolvedCriticalExtensions".
- * If the checker finds that the certificate is not valid, an Error pointer is
- * returned.
- *
- * If the checker uses non-blocking I/O, the address of a platform-dependent
- * non-blocking I/O context ("nbioContext") will be stored at "pNBIOContext",
- * which the caller may use, in a platform-dependent way, to wait, poll, or
- * otherwise determine when to try again. If the checker does not use
- * non-blocking I/O, NULL will always be stored at "pNBIOContext". If a non-NULL
- * value was stored, on a subsequent call the checker will attempt to complete
- * the pending I/O and, if successful, NULL will be stored at "pNBIOContext".
- *
- * PARAMETERS:
- * "checker"
- * Address of CertChainChecker whose certChainCheckerState and
- * CheckCallback logic is to be used. Must be non-NULL.
- * "cert"
- * Address of Cert that is to be validated using "checker".
- * Must be non-NULL.
- * "unresolvedCriticalExtensions"
- * Address of List of OIDs that represents the critical certificate
- * extensions that have yet to be resolved. This parameter may be
- * modified during the function call. Must be non-NULL.
- * "pNBIOContext"
- * Address at which is stored a platform-dependent structure indicating
- * whether checking was suspended for non-blocking I/O. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_CertChainChecker_CheckCallback)(
- PKIX_CertChainChecker *checker,
- PKIX_PL_Cert *cert,
- PKIX_List *unresolvedCriticalExtensions, /* list of PKIX_PL_OID */
- void **pNBIOContext,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertChainChecker_Create
- * DESCRIPTION:
- *
- * Creates a new CertChainChecker and stores it at "pChecker". The new
- * CertChainChecker uses the CheckCallback pointed to by "callback" as its
- * callback function. It uses the Object pointed to by "initialState" (if
- * any) as its initial state. As noted above, the initial state Object must
- * provide a custom implementation of PKIX_PL_Object_Duplicate if the
- * CertChainChecker is to be used during certificate chain building.
- *
- * A CertChainChecker may be presented certificates in the "reverse"
- * direction (from trust anchor to target) or in the "forward" direction
- * (from target to trust anchor). All CertChainCheckers must support
- * "reverse checking", while support for "forward checking" is optional. The
- * CertChainChecker is initialized with two Boolean flags that deal with this
- * distinction: "forwardCheckingSupported" and "forwardDirectionExpected".
- * If the "forwardCheckingSupported" Boolean flag is TRUE, it indicates that
- * this CertChainChecker is capable of checking certificates in the "forward"
- * direction (as well as the "reverse" direction, which all CertChainCheckers
- * MUST support). The "forwardDirectionExpected" Boolean flag indicates in
- * which direction the CertChainChecker should expect the certificates to be
- * presented. This is particularly useful for CertChainCheckers that are
- * capable of checking in either the "forward" direction or the "reverse"
- * direction, but have different processing steps depending on the direction.
- *
- * The CertChainChecker also uses the List of OIDs pointed to by "extensions"
- * as the supported certificate extensions. All certificate extensions that
- * the CertChainChecker might possibly recognize and be able to process
- * should be included in the List of supported extensions. If "checker" does
- * not recognize or process any certificate extensions, "extensions" should
- * be set to NULL.
- *
- * PARAMETERS:
- * "callback"
- * The CheckCallback function to be used. Must be non-NULL.
- * "forwardCheckingSupported"
- * A Boolean value indicating whether or not this CertChainChecker is
- * capable of checking certificates in the "forward" direction.
- * "forwardDirectionExpected"
- * A Boolean value indicating whether or not this CertChainChecker should
- * be used to check in the "forward" direction.
- * "extensions"
- * Address of List of OIDs representing the supported extensions.
- * "initialState"
- * Address of Object representing the CertChainChecker's initial state
- * (if any).
- * "pChecker"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertChainChecker_Create(
- PKIX_CertChainChecker_CheckCallback callback,
- PKIX_Boolean forwardCheckingSupported,
- PKIX_Boolean forwardDirectionExpected,
- PKIX_List *extensions, /* list of PKIX_PL_OID */
- PKIX_PL_Object *initialState,
- PKIX_CertChainChecker **pChecker,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertChainChecker_GetCheckCallback
- * DESCRIPTION:
- *
- * Retrieves a pointer to "checker's" Check callback function and puts it in
- * "pCallback".
- *
- * PARAMETERS:
- * "checker"
- * The CertChainChecker whose Check callback is desired. Must be non-NULL.
- * "pCallback"
- * Address where Check callback function pointer will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertChainChecker_GetCheckCallback(
- PKIX_CertChainChecker *checker,
- PKIX_CertChainChecker_CheckCallback *pCallback,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertChainChecker_IsForwardCheckingSupported
- * DESCRIPTION:
- *
- * Checks whether forward checking is supported by the CertChainChecker
- * pointed to by "checker" and stores the Boolean result at
- * "pForwardCheckingSupported".
- *
- * A CertChainChecker may be presented certificates in the "reverse"
- * direction (from trust anchor to target) or in the "forward" direction
- * (from target to trust anchor). All CertChainCheckers must support
- * "reverse checking", while support for "forward checking" is optional. This
- * function is used to determine whether forward checking is supported.
- *
- * PARAMETERS:
- * "checker"
- * The CertChainChecker whose ability to validate certificates in the
- * "forward" direction is to be checked. Must be non-NULL.
- * "pForwardCheckingSupported"
- * Destination of the Boolean result. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertChainChecker_IsForwardCheckingSupported(
- PKIX_CertChainChecker *checker,
- PKIX_Boolean *pForwardCheckingSupported,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertChainChecker_IsForwardDirectionExpected
- * DESCRIPTION:
- *
- * Checks whether the CertChainChecker pointed to by "checker" has been
- * initialized to expect the certificates to be presented in the "forward"
- * direction and stores the Boolean result at "pForwardDirectionExpected".
- *
- * A CertChainChecker may be presented certificates in the "reverse"
- * direction (from trust anchor to target) or in the "forward" direction
- * (from target to trust anchor). All CertChainCheckers must support
- * "reverse checking", while support for "forward checking" is optional. This
- * function is used to determine in which direction the CertChainChecker
- * expects the certificates to be presented.
- *
- * PARAMETERS:
- * "checker"
- * The CertChainChecker that has been initialized to expect certificates
- * in either the "forward" or "reverse" directions. Must be non-NULL.
- * "pForwardDirectionExpected"
- * Destination of the Boolean result. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertChainChecker_IsForwardDirectionExpected(
- PKIX_CertChainChecker *checker,
- PKIX_Boolean *pForwardDirectionExpected,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertChainChecker_GetSupportedExtensions
- * DESCRIPTION:
- *
- * Retrieves a pointer to a List of OIDs (each OID corresponding to a
- * certificate extension supported by the CertChainChecker pointed to by
- * "checker") and stores it at "pExtensions". All certificate extensions that
- * the CertChainChecker might possibly recognize and be able to process
- * should be included in the List of supported extensions. If "checker" does
- * not recognize or process any certificate extensions, this function stores
- * NULL at "pExtensions".
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "checker"
- * Address of CertChainChecker whose supported extension OIDs are to be
- * stored. Must be non-NULL.
- * "pExtensions"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertChainChecker_GetSupportedExtensions(
- PKIX_CertChainChecker *checker,
- PKIX_List **pExtensions, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertChainChecker_GetCertChainCheckerState
- * DESCRIPTION:
- *
- * Retrieves a pointer to a PKIX_PL_Object representing the internal state
- * (if any) of the CertChainChecker pointed to by "checker" and stores it at
- * "pCertChainCheckerState".
- *
- * PARAMETERS:
- * "checker"
- * Address of CertChainChecker whose state is to be stored.
- * Must be non-NULL.
- * "pCertChainCheckerState"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertChainChecker_GetCertChainCheckerState(
- PKIX_CertChainChecker *checker,
- PKIX_PL_Object **pCertChainCheckerState,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CertChainChecker_SetCertChainCheckerState
- * DESCRIPTION:
- *
- * Sets the internal state of the CertChainChecker pointed to by "checker"
- * using the Object pointed to by "certChainCheckerState". If "checker" needs
- * a NULL internal state, "certChainCheckerState" should be set to NULL.
- *
- * PARAMETERS:
- * "checker"
- * Address of CertChainChecker whose state is to be set. Must be non-NULL.
- * "certChainCheckerState"
- * Address of Object representing internal state.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "checker"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CertChainChecker_SetCertChainCheckerState(
- PKIX_CertChainChecker *checker,
- PKIX_PL_Object *certChainCheckerState,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_CHECKER_H */
diff --git a/security/nss/lib/libpkix/include/pkix_crlsel.h b/security/nss/lib/libpkix/include/pkix_crlsel.h
deleted file mode 100755
index 0d00df4d0..000000000
--- a/security/nss/lib/libpkix/include/pkix_crlsel.h
+++ /dev/null
@@ -1,792 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines functions associated with the PKIX_CRLSelector and the
- * PKIX_ComCRLSelParams types.
- *
- */
-
-
-#ifndef _PKIX_CRLSEL_H
-#define _PKIX_CRLSEL_H
-
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/* PKIX_CRLSelector
- *
- * PKIX_CRLSelectors provide a standard way for the caller to select CRLs
- * based on particular criteria. A CRLSelector is typically used by libpkix
- * to retrieve CRLs from a CertStore during certificate chain validation or
- * building. (see pkix_certstore.h) For example, the caller may wish to only
- * select those CRLs that have a particular issuer or a particular value for a
- * private CRL extension. The MatchCallback allows the caller to specify the
- * custom matching logic to be used by a CRLSelector.
-
- * By default, the MatchCallback is set to point to the default implementation
- * provided by libpkix, which understands how to process the most common
- * parameters. If the default implementation is used, the caller should set
- * these common parameters using PKIX_CRLSelector_SetCommonCRLSelectorParams.
- * Any common parameter that is not set is assumed to be disabled, which means
- * the default MatchCallback implementation will select all CRLs without
- * regard to that particular disabled parameter. For example, if the
- * MaxCRLNumber parameter is not set, MatchCallback will not filter out any
- * CRL based on its CRL number. As such, if no parameters are set, all are
- * disabled and any CRL will match. If a parameter is disabled, its associated
- * PKIX_ComCRLSelParams_Get* function returns a default value of NULL.
- *
- * If a custom implementation is desired, the default implementation can be
- * overridden by calling PKIX_CRLSelector_SetMatchCallback. In this case, the
- * CRLSelector can be initialized with a crlSelectorContext, which is where
- * the caller can specify the desired parameters the caller wishes to match
- * against. Note that this crlSelectorContext must be a PKIX_PL_Object,
- * allowing it to be reference-counted and allowing it to provide the standard
- * PKIX_PL_Object functions (Equals, Hashcode, ToString, Compare, Duplicate).
- *
- */
-
-/*
- * FUNCTION: PKIX_CRLSelector_MatchCallback
- * DESCRIPTION:
- *
- * This callback function determines whether the specified CRL pointed to by
- * "crl" matches the criteria of the CRLSelector pointed to by "selector".
- * If the CRL matches the CRLSelector's criteria, PKIX_TRUE is stored at
- * "pMatch". Otherwise PKIX_FALSE is stored at "pMatch".
- *
- * PARAMETERS:
- * "selector"
- * Address of CRLSelector whose MatchCallback logic and parameters are
- * to be used. Must be non-NULL.
- * "crl"
- * Address of CRL that is to be matched using "selector". Must be non-NULL.
- * "pMatch"
- * Address at which Boolean result is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same objects.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_CRLSelector_MatchCallback)(
- PKIX_CRLSelector *selector,
- PKIX_PL_CRL *crl,
- PKIX_Boolean *pMatch,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CRLSelector_Create
- * DESCRIPTION:
- *
- * Creates a new CRLSelector using the Object pointed to by
- * "crlSelectorContext" (if any) and stores it at "pSelector". As noted
- * above, by default, the MatchCallback is set to point to the default
- * implementation provided by libpkix, which understands how to process
- * ComCRLSelParams. This is overridden if the MatchCallback pointed to by
- * "callback" is not NULL, in which case the parameters are specified using
- * the Object pointed to by "crlSelectorContext".
- *
- * PARAMETERS:
- * "issue"
- * crl issuer.
- * "crlDpList"
- * distribution points list
- * "callback"
- * The MatchCallback function to be used.
- * "pSelector"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CRLSelector_Create(
- PKIX_PL_Cert *issuer,
- PKIX_List *crlDpList,
- PKIX_PL_Date *date,
- PKIX_CRLSelector **pSelector,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CRLSelector_GetMatchCallback
- * DESCRIPTION:
- *
- * Retrieves a pointer to "selector's" Match callback function and puts it in
- * "pCallback".
- *
- * PARAMETERS:
- * "selector"
- * The CRLSelector whose Match callback is desired. Must be non-NULL.
- * "pCallback"
- * Address where Match callback function pointer will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CRLSelector_GetMatchCallback(
- PKIX_CRLSelector *selector,
- PKIX_CRLSelector_MatchCallback *pCallback,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext
- * DESCRIPTION:
- *
- * Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
- * of the CRLSelector pointed to by "selector" and stores it at
- * "pCRLSelectorContext".
- *
- * PARAMETERS:
- * "selector"
- * Address of CRLSelector whose context is to be stored. Must be non-NULL.
- * "pCRLSelectorContext"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CRLSelector_GetCRLSelectorContext(
- PKIX_CRLSelector *selector,
- void **pCRLSelectorContext,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams
- * DESCRIPTION:
- *
- * Retrieves a pointer to the ComCRLSelParams object that represent the common
- * parameters of the CRLSelector pointed to by "selector" and stores it at
- * "pCommonCRLSelectorParams". If there are no common parameters stored with
- * the CRLSelector, this function stores NULL at "pCommonCRLSelectorParams".
- *
- * PARAMETERS:
- * "selector"
- * Address of CRLSelector whose ComCRLSelParams are to be stored.
- * Must be non-NULL.
- * "pCommonCRLSelectorParams"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CRLSelector_GetCommonCRLSelectorParams(
- PKIX_CRLSelector *selector,
- PKIX_ComCRLSelParams **pCommonCRLSelectorParams,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams
- * DESCRIPTION:
- *
- * Sets the common parameters for the CRLSelector pointed to by "selector"
- * using the ComCRLSelParams pointed to by "commonCRLSelectorParams".
- *
- * PARAMETERS:
- * "selector"
- * Address of CRLSelector whose common parameters are to be set.
- * Must be non-NULL.
- * "commonCRLSelectorParams"
- * Address of ComCRLSelParams representing the common parameters.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "selector"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_CRLSelector_SetCommonCRLSelectorParams(
- PKIX_CRLSelector *selector,
- PKIX_ComCRLSelParams *commonCRLSelectorParams,
- void *plContext);
-
-/* PKIX_ComCRLSelParams
- *
- * PKIX_ComCRLSelParams are X.509 parameters commonly used with CRLSelectors,
- * especially determining which CRLs to retrieve from a CertStore.
- * PKIX_ComCRLSelParams are typically used with those CRLSelectors that use
- * the default implementation of MatchCallback, which understands how to
- * process ComCRLSelParams.
- */
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_Create
- * DESCRIPTION:
- *
- * Creates a new ComCRLSelParams object and stores it at "pParams".
- *
- * PARAMETERS:
- * "pParams"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_Create(
- PKIX_ComCRLSelParams **pParams,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetIssuerNames
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of X500Names (if any) representing the
- * issuer names criterion that is set in the ComCRLSelParams pointed to by
- * "params" and stores it at "pNames". In order to match against this
- * criterion, a CRL's IssuerName must match at least one of the criterion's
- * issuer names.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pNames", in which case all CRLs are considered to match.
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParams whose issuer names criterion (if any) is to
- * be stored. Must be non-NULL.
- * "pNames"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetIssuerNames(
- PKIX_ComCRLSelParams *params,
- PKIX_List **pNames, /* list of PKIX_PL_X500Name */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetIssuerNames
- * DESCRIPTION:
- *
- * Sets the issuer names criterion of the ComCRLSelParams pointed to by
- * "params" using a List of X500Names pointed to by "names". In order to match
- * against this criterion, a CRL's IssuerName must match at least one of the
- * criterion's issuer names.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParamsParams whose issuer names criterion is to be
- * set. Must be non-NULL.
- * "names"
- * Address of List of X500Names used to set the criterion
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetIssuerNames(
- PKIX_ComCRLSelParams *params,
- PKIX_List *names, /* list of PKIX_PL_X500Name */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_AddIssuerName
- * DESCRIPTION:
- *
- * Adds to the issuer names criterion of the ComCRLSelParams pointed to by
- * "params" using the X500Name pointed to by "name". In order to match
- * against this criterion, a CRL's IssuerName must match at least one of the
- * criterion's issuer names.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParams whose issuer names criterion is to be added
- * to. Must be non-NULL.
- * "name"
- * Address of X500Name to be added.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_AddIssuerName(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_X500Name *name,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetCertificateChecking
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Cert (if any) representing the certificate whose
- * revocation status is being checked. This is not a criterion. It is simply
- * optional information that may help a CertStore find relevant CRLs.
- *
- * If "params" does not have a certificate set, this function stores NULL at
- * "pCert", in which case there is no optional information to provide.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParams whose certificate being checked (if any) is
- * to be stored. Must be non-NULL.
- * "pCert"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetCertificateChecking(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_Cert **pCert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetCertificateChecking
- * DESCRIPTION:
- *
- * Sets the ComCRLSelParams pointed to by "params" with the certificate
- * (pointed to by "cert") whose revocation status is being checked. This is
- * not a criterion. It is simply optional information that may help a
- * CertStore find relevant CRLs.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParams whose certificate being checked is to be
- * set. Must be non-NULL.
- * "cert"
- * Address of Cert whose revocation status is being checked
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetCertificateChecking(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_Cert *cert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetDateAndTime
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Date (if any) representing the dateAndTime
- * criterion that is set in the ComCRLSelParams pointed to by "params" and
- * stores it at "pDate". In order to match against this criterion, a CRL's
- * thisUpdate component must be less than or equal to the criterion's
- * dateAndTime and the CRL's nextUpdate component must be later than the
- * criterion's dateAndTime. There is no match if the CRL does not contain a
- * nextUpdate component.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pDate", in which case all CRLs are considered to match.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParams whose dateAndTime criterion (if any) is to
- * be stored. Must be non-NULL.
- * "pDate"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetDateAndTime(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_Date **pDate,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetDateAndTime
- * DESCRIPTION:
- *
- * Sets the dateAndTime criterion of the ComCRLSelParams pointed to by
- * "params" using a Date pointed to by "date". In order to match against this
- * criterion, a CRL's thisUpdate component must be less than or equal to the
- * criterion's dateAndTime and the CRL's nextUpdate component must be later
- * than the criterion's dateAndTime. There is no match if the CRL does not
- * contain a nextUpdate component.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParamsParams whose dateAndTime criterion is to be
- * set. Must be non-NULL.
- * "date"
- * Address of Date used to set the criterion
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetDateAndTime(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_Date *date,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetNISTPolicyEnabled
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Boolean representing the NIST CRL policy
- * activation flag that is set in the ComCRLSelParams pointed to by "params"
- * and stores it at "enabled". If enabled, a CRL must have nextUpdate field.
- *
- * Default value for this flag is TRUE.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParams whose NIST CRL policy criterion is to
- * be stored. Must be non-NULL.
- * "pEnabled"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetNISTPolicyEnabled(
- PKIX_ComCRLSelParams *params,
- PKIX_Boolean *pEnabled,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetNISTPolicyEnabled
- * DESCRIPTION:
- *
- * Sets the NIST crl policy criterion of the ComCRLSelParams pointed to by
- * "params" using a "enabled" flag. In order to match against this
- * criterion, a CRL's nextUpdate must be available and criterion's
- * dataAndTime must be within thisUpdate and nextUpdate time period.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParamsParams whose NIST CRL policy criterion
- * is to be set. Must be non-NULL.
- * "enabled"
- * Address of Bollean used to set the criterion
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetNISTPolicyEnabled(
- PKIX_ComCRLSelParams *params,
- PKIX_Boolean enabled,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetMaxCRLNumber
- * DESCRIPTION:
- *
- * Retrieves a pointer to the BigInt (if any) representing the maxCRLNumber
- * criterion that is set in the ComCRLSelParams pointed to by "params" and
- * stores it at "pNumber". In order to match against this criterion, a CRL
- * must have a CRL number extension whose value is less than or equal to the
- * criterion's value.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pNumber", in which case all CRLs are considered to match.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParams whose maxCRLNumber criterion (if any) is to
- * be stored. Must be non-NULL.
- * "pNumber"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetMaxCRLNumber(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_BigInt **pNumber,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetMaxCRLNumber
- * DESCRIPTION:
- *
- * Sets the maxCRLNumber criterion of the ComCRLSelParams pointed to by
- * "params" using a BigInt pointed to by "number". In order to match against
- * this criterion, a CRL must have a CRL number extension whose value is less
- * than or equal to the criterion's value.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParamsParams whose maxCRLNumber criterion is to be
- * set. Must be non-NULL.
- * "number"
- * Address of BigInt used to set the criterion
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetMaxCRLNumber(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_BigInt *number,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetMinCRLNumber
- * DESCRIPTION:
- *
- * Retrieves a pointer to the BigInt (if any) representing the minCRLNumber
- * criterion that is set in the ComCRLSelParams pointed to by "params" and
- * stores it at "pNumber". In order to match against this criterion, a CRL
- * must have a CRL number extension whose value is greater than or equal to
- * the criterion's value.
- *
- * If "params" does not have this criterion set, this function stores NULL at
- * "pNumber", in which case all CRLs are considered to match.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParams whose minCRLNumber criterion (if any) is to
- * be stored. Must be non-NULL.
- * "pNumber"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetMinCRLNumber(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_BigInt **pNumber,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetMinCRLNumber
- * DESCRIPTION:
- *
- * Sets the minCRLNumber criterion of the ComCRLSelParams pointed to by
- * "params" using a BigInt pointed to by "number". In order to match against
- * this criterion, a CRL must have a CRL number extension whose value is
- * greater than or equal to the criterion's value.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be
- * set. Must be non-NULL.
- * "number"
- * Address of BigInt used to set the criterion
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetMinCRLNumber(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_BigInt *number,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetCrlDp
- * DESCRIPTION:
- *
- * Sets crldp list that can be used to download a crls.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be
- * set. Must be non-NULL.
- * "crldpList"
- * A list of CRLDPs. Can be an emptry list.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error*
-PKIX_ComCRLSelParams_SetCrlDp(
- PKIX_ComCRLSelParams *params,
- PKIX_List *crldpList,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_CRLSEL_H */
diff --git a/security/nss/lib/libpkix/include/pkix_errorstrings.h b/security/nss/lib/libpkix/include/pkix_errorstrings.h
deleted file mode 100755
index 182f8493a..000000000
--- a/security/nss/lib/libpkix/include/pkix_errorstrings.h
+++ /dev/null
@@ -1,1128 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/*
- * This file is intended to be included after different definitions of
- * PKIX_ERRORENTRY. It is included in pkixt.h to define a number for each error
- * by defining PKIX_ERRORENTRY(x,y) as PKIX_ ## x and then listing thim within
- * an enum. It is included in pkix_error.c to define an array of error strings
- * by defining PKIX_ERRORENTRY(x,y) #y and then listing thim within an array
- * const char * const PKIX_ErrorText[]
- */
-/* ALLOCERROR should always be the first */
-PKIX_ERRORENTRY(ALLOCERROR,Allocation Error,SEC_ERROR_NO_MEMORY),
-PKIX_ERRORENTRY(ADDHEADERFUNCTIONNOTSUPPORTED,AddHeader function not supported,0),
-PKIX_ERRORENTRY(ADDTOVERIFYLOGFAILED,pkix_AddToVerifyLog failed,0),
-PKIX_ERRORENTRY(AIAMGRCREATEFAILED,PKIX_PL_AIAMgr_Create failed,0),
-PKIX_ERRORENTRY(AIAMGRFINDLDAPCLIENTFAILED,pkix_pl_AiaMgr_FindLDAPClient failed,0),
-PKIX_ERRORENTRY(AIAMGRGETAIACERTSFAILED,PKIX_PL_AIAMgr_GetAIACerts failed,SEC_ERROR_UNKNOWN_ISSUER),
-PKIX_ERRORENTRY(AIAMGRGETHTTPCERTSFAILED,pkix_pl_AIAMgr_GetHTTPCerts failed,0),
-PKIX_ERRORENTRY(AIAMGRGETLDAPCERTSFAILED,pkix_pl_AIAMgr_GetLDAPCerts failed,0),
-PKIX_ERRORENTRY(ALGORITHMBYTESLENGTH0,Algorithm bytes length is 0,0),
-PKIX_ERRORENTRY(ALLOCATENEWCERTGENERALNAMEFAILED,Allocate new CERTGeneralName failed,0),
-PKIX_ERRORENTRY(AMBIGUOUSPARENTAGEOFVERIFYNODE,Ambiguous parentage of VerifyNode,0),
-PKIX_ERRORENTRY(ANCHORDIDNOTCHAINTOCERT,Anchor did not chain to Cert,SEC_ERROR_UNKNOWN_ISSUER),
-PKIX_ERRORENTRY(ANCHORDIDNOTPASSCERTSELECTORCRITERIA,Anchor did not pass CertSelector criteria,0),
-PKIX_ERRORENTRY(APPENDLISTFAILED,pkix_pl_AppendList failed,0),
-PKIX_ERRORENTRY(ARGUMENTNOTSTRING,Argument is not a String,0),
-PKIX_ERRORENTRY(ARGUMENTSNOTBIGINTS,Arguments are not BigInts,0),
-PKIX_ERRORENTRY(ARGUMENTSNOTBYTEARRAYS,Arguments are not Byte Arrays,0),
-PKIX_ERRORENTRY(ARGUMENTSNOTDATES,Arguments are not Dates,0),
-PKIX_ERRORENTRY(ARGUMENTSNOTOIDS,Arguments are not OIDs,0),
-PKIX_ERRORENTRY(ATTEMPTTOADDDUPLICATEKEY,Attempt to add duplicate key,0),
-PKIX_ERRORENTRY(ATTEMPTTODECODEANINCOMPLETERESPONSE,Attempt to decode an incomplete response,SEC_ERROR_BAD_DER),
-PKIX_ERRORENTRY(ATTEMPTTODECREFALLOCERROR,Attempt to DecRef Alloc Error,0),
-PKIX_ERRORENTRY(ATTEMPTTOINCREFALLOCERROR,Attempt to IncRef Alloc Error,0),
-PKIX_ERRORENTRY(BADHTTPRESPONSE,Bad Http Response,SEC_ERROR_BAD_HTTP_RESPONSE),
-PKIX_ERRORENTRY(BASICCONSTRAINTSCHECKERINITIALIZEFAILED,pkix_BasicConstraintsChecker_Initialize failed,0),
-PKIX_ERRORENTRY(BASICCONSTRAINTSCHECKERSTATECREATEFAILED,PKIX_BasicConstraintsCheckerState_Create failed,0),
-PKIX_ERRORENTRY(BASICCONSTRAINTSGETCAFLAGFAILED,PKIX_PL_BasicConstraints_GetCAFlag failed,0),
-PKIX_ERRORENTRY(BASICCONSTRAINTSGETPATHLENCONSTRAINTFAILED,PKIX_PL_BasicConstraints_GetPathLenConstraint failed,0),
-PKIX_ERRORENTRY(BASICCONSTRAINTSVALIDATIONFAILEDCA,PKIX_BasicConstraints validation failed: CA Flag not set,SEC_ERROR_CA_CERT_INVALID),
-PKIX_ERRORENTRY(BASICCONSTRAINTSVALIDATIONFAILEDLN,PKIX_BasicConstraints validation failed: maximum length mismatch,SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID),
-PKIX_ERRORENTRY(BIGINTCOMPARATORFAILED,pkix_pl_BigInt_Comparator failed,0),
-PKIX_ERRORENTRY(BIGINTCREATEWITHBYTESFAILED,pkix_pl_BigInt_CreateWithBytes failed,0),
-PKIX_ERRORENTRY(BIGINTEQUALSFAILED,PKIX_PL_BigInt_Equals failed,0),
-PKIX_ERRORENTRY(BIGINTLENGTH0INVALID,BigInt length 0 is invalid,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(BIGINTTOSTRINGFAILED,pkix_pl_BigInt_ToString failed,0),
-PKIX_ERRORENTRY(BIGINTTOSTRINGHELPERFAILED,PKIX_PL_BigInt_ToString_Helper failed,0),
-PKIX_ERRORENTRY(BINDREJECTEDBYSERVER,BIND rejected by server,SEC_ERROR_BAD_LDAP_RESPONSE),
-PKIX_ERRORENTRY(BUILDANDVALIDATECHAINFAILED,Failed to build and validate a chain,0),
-PKIX_ERRORENTRY(BUILDBUILDSELECTORANDPARAMSFAILED,pkix_Build_BuildSelectorAndParams failed,0),
-PKIX_ERRORENTRY(BUILDCOMBINEWITHTRUSTFAILED,pkix_Build_CombineWithTrust failed,0),
-PKIX_ERRORENTRY(BUILDFORWARDDEPTHFIRSTSEARCHFAILED,pkix_BuildForwardDepthFirstSearch failed,0),
-PKIX_ERRORENTRY(BUILDGATHERCERTSFAILED,pkix_Build_GatherCerts failed,0),
-PKIX_ERRORENTRY(BUILDGETRESOURCELIMITSFAILED,pkix_Build_GetResourceLimits failed,0),
-PKIX_ERRORENTRY(BUILDINITIATEBUILDCHAINFAILED,pkix_Build_InitiateBuildChain failed,0),
-PKIX_ERRORENTRY(BUILDRESULTCREATEFAILED,pkix_BuildResult_Create failed,0),
-PKIX_ERRORENTRY(BUILDRESULTGETCERTCHAINFAILED,PKIX_BuildResult_GetCertChain failed,0),
-PKIX_ERRORENTRY(BUILDRESULTGETVALIDATERESULTFAILED,PKIX_BuildResult_GetValidateResult failed,0),
-PKIX_ERRORENTRY(BUILDREVCHECKPREPFAILED,pkix_Build_RevCheckPrep failed,0),
-PKIX_ERRORENTRY(BUILDSORTCANDIDATECERTSFAILED,pkix_Build_SortCandidateCerts failed,0),
-PKIX_ERRORENTRY(BUILDSTATECREATEFAILED,pkix_BuildState_Create failed,0),
-PKIX_ERRORENTRY(BUILDTRYSHORTCUTFAILED,pkix_Build_TryShortcut failed,0),
-PKIX_ERRORENTRY(BUILDUPDATEDATEFAILED,pkix_Build_UpdateDate failed,0),
-PKIX_ERRORENTRY(BUILDVALIDATEENTIRECHAINFAILED,pkix_Build_ValidateEntireChain failed,0),
-PKIX_ERRORENTRY(BUILDVALIDATIONCHECKERSFAILED,pkix_Build_ValidationCheckers failed,0),
-PKIX_ERRORENTRY(BUILDVERIFYCERTIFICATEFAILED,pkix_Build_VerifyCertificate failed,0),
-PKIX_ERRORENTRY(BYTEARRAYCOMPARATORFAILED,pkix_pl_ByteArray_Comparator failed,0),
-PKIX_ERRORENTRY(BYTEARRAYCREATEFAILED,PKIX_PL_ByteArray_Create failed,0),
-PKIX_ERRORENTRY(BYTEARRAYEQUALSFAILED,PKIX_PL_ByteArray_Equals failed,0),
-PKIX_ERRORENTRY(BYTEARRAYGETLENGTHFAILED,PKIX_PL_ByteArray_GetLength failed,0),
-PKIX_ERRORENTRY(BYTEARRAYGETPOINTERFAILED,PKIX_PL_ByteArray_GetPointer failed,0),
-PKIX_ERRORENTRY(BYTEARRAYTOHEXSTRINGFAILED,pkix_pl_ByteArray_ToHexString failed,0),
-PKIX_ERRORENTRY(BYTEARRAYTOSTRINGFAILED,PKIX_PL_ByteArray_ToString failed,0),
-PKIX_ERRORENTRY(CACHECERTADDFAILED,pkix_CacheCert_Add failed,0),
-PKIX_ERRORENTRY(CACHECERTCHAINADDFAILED,pkix_CacheCertChain_Add failed,0),
-PKIX_ERRORENTRY(CACHECERTCHAINLOOKUPFAILED,pkix_CacheCertChain_Lookup failed,0),
-PKIX_ERRORENTRY(CACHECERTCHAINREMOVEFAILED,pkix_CacheCertChain_Remove failed,0),
-PKIX_ERRORENTRY(CACHECRLENTRYADDFAILED,pkix_CacheCrlEntry_Add failed,0),
-PKIX_ERRORENTRY(CACHECRLENTRYLOOKUPFAILED,pkix_CacheCrlEntry_Lookup failed,0),
-PKIX_ERRORENTRY(CALLOCFAILED,PKIX_PL_Calloc failed,0),
-PKIX_ERRORENTRY(CANNOTAQUIRECRLDER,PKIX_PL_CRL_AquireDerCrl failed,0),
-PKIX_ERRORENTRY(CANNOTCONVERTCERTUSAGETOPKIXKEYANDEKUSAGES, Fail to convert certificate usage to pkix KU and EKU,0),
-PKIX_ERRORENTRY(CANNOTOPENCOLLECTIONCERTSTORECONTEXTDIRECTORY,Cannot open CollectionCertStoreContext directory,0),
-PKIX_ERRORENTRY(CANTCREATESTRING,Cannot create PKIX_PL_String,0),
-PKIX_ERRORENTRY(CANTDECODEBINDRESPONSEFROMSERVER,Cannot decode BIND response from server,SEC_ERROR_BAD_LDAP_RESPONSE),
-PKIX_ERRORENTRY(CANTDECODESEARCHRESPONSEFROMSERVER,Cannot decode SEARCH response from server,SEC_ERROR_BAD_LDAP_RESPONSE),
-PKIX_ERRORENTRY(CANTENABLEREVOCATIONWITHOUTCERTSTORE,Cannot enable Revocation without CertStore,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(CANTLOADLIBSMIME,Cannot load smime3 library,0),
-PKIX_ERRORENTRY(CANTREREGISTERSYSTEMTYPE,Cannot reregister system type,0),
-PKIX_ERRORENTRY(CERTARECERTPOLICIESCRITICALFAILED,PKIX_PL_Cert_AreCertPoliciesCritical failed,0),
-PKIX_ERRORENTRY(CERTBASICCONSTRAINTSCREATEFAILED,pkix_pl_CertBasicConstraints_Create failed,0),
-PKIX_ERRORENTRY(CERTBASICCONSTRAINTSTOSTRINGFAILED,PKIX_PL_CertBasicConstraints_ToString failed,0),
-PKIX_ERRORENTRY(CERTCHAINCHECKERCHECKCALLBACKFAILED,PKIX_CertChainChecker_CheckCallback failed,0),
-PKIX_ERRORENTRY(CERTCHAINCHECKERCHECKFAILED,PKIX_CertChainChecker_Check failed,0),
-PKIX_ERRORENTRY(CERTCHAINCHECKERCREATEFAILED,PKIX_CertChainChecker_Create failed,0),
-PKIX_ERRORENTRY(CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED,PKIX_CertChainChecker_GetCertChainCheckerState failed,0),
-PKIX_ERRORENTRY(CERTCHAINCHECKERGETCHECKCALLBACKFAILED,PKIX_CertChainChecker_GetCheckCallback failed,0),
-PKIX_ERRORENTRY(CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED,PKIX_CertChainChecker_GetSupportedExtensions failed,0),
-PKIX_ERRORENTRY(CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED,PKIX_CertChainChecker_IsForwardCheckingSupported failed,0),
-PKIX_ERRORENTRY(CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED,PKIX_CertChainChecker_SetCertChainCheckerState failed,0),
-PKIX_ERRORENTRY(CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION,CertChain fails Certificate Policy validation,SEC_ERROR_POLICY_VALIDATION_FAILED),
-PKIX_ERRORENTRY(CERTCHAINTONSSCHAINFAILED,Fail to convert pkix cert chain to nss cert chain,0),
-PKIX_ERRORENTRY(CERTCHAINTOPKIXCERTLISTFAILED,Failed to convert nss cert chain to pkix cert chain,0),
-PKIX_ERRORENTRY(CERTCHECKCERTTYPEFAILED,Check cert type failed,SEC_ERROR_INADEQUATE_CERT_TYPE),
-PKIX_ERRORENTRY(CERTCHECKCERTVALIDTIMESFAILED,CERT_CheckCertValidTimes failed,SEC_ERROR_EXPIRED_CERTIFICATE),
-PKIX_ERRORENTRY(CERTCHECKCRLFAILED,Fail to get crl cache issued by cert,0),
-PKIX_ERRORENTRY(CERTCHECKEXTENDEDKEYUSAGEFAILED,pkix_pl_Cert_CheckExtendedKeyUsage failed,0),
-PKIX_ERRORENTRY(CERTCHECKKEYUSAGEFAILED,CERT_CheckKeyUsage failed,SEC_ERROR_INADEQUATE_KEY_USAGE),
-PKIX_ERRORENTRY(CERTCHECKNAMECONSTRAINTSFAILED,PKIX_PL_Cert_CheckNameConstraints failed,0),
-PKIX_ERRORENTRY(CERTCHECKVALIDITYFAILED,PKIX_PL_Cert_CheckValidity failed,SEC_ERROR_CERT_NOT_VALID),
-PKIX_ERRORENTRY(CERTCOMPLETECRLDECODEDENTRIESFAILED,CERT_CompleteCRLDecodedEntries failed,0),
-PKIX_ERRORENTRY(CERTCOPYNAMECONSTRAINTFAILED,CERT_CopyNameConstraint failed,0),
-PKIX_ERRORENTRY(CERTCOPYNAMEFAILED,CERT_CopyName failed,0),
-PKIX_ERRORENTRY(CERTCREATEFAILED,PKIX_PL_Cert_Create failed,0),
-PKIX_ERRORENTRY(CERTCREATEGENERALNAMELISTFAILED,CERT_CreateGeneralNameList failed,0),
-PKIX_ERRORENTRY(CERTCREATETOLISTFAILED,pkix_pl_Cert_CreateToList failed,0),
-PKIX_ERRORENTRY(CERTCREATEWITHNSSCERTFAILED,pkix_pl_Cert_CreateWithNSSCert failed,0),
-PKIX_ERRORENTRY(CERTDECODEALTNAMEEXTENSIONFAILED,CERT_DecodeAltNameExtension failed,0),
-PKIX_ERRORENTRY(CERTDECODECERTIFICATEPOLICIESEXTENSIONFAILED,CERT_DecodeCertificatePoliciesExtension failed,0),
-PKIX_ERRORENTRY(CERTDECODEDERCERTIFICATEFAILED,CERT_DecodeDERCertificate failed,0),
-PKIX_ERRORENTRY(CERTDECODEDERCRLFAILED,CERT_DecodeDERCrl failed,0),
-PKIX_ERRORENTRY(CERTDECODEINHIBITANYEXTENSIONFAILED,CERT_DecodeInhibitAnyExtension failed,0),
-PKIX_ERRORENTRY(CERTDECODEINHIBITANYPOLICYFAILED,pkix_pl_Cert_DecodeInhibitAnyPolicy failed,0),
-PKIX_ERRORENTRY(CERTDECODEOIDSEQUENCEFAILED,CERT_DecodeOidSequence failed,0),
-PKIX_ERRORENTRY(CERTDECODEPOLICYCONSTRAINTSEXTENSIONFAILED,CERT_DecodePolicyConstraintsExtension failed,0),
-PKIX_ERRORENTRY(CERTDECODEPOLICYCONSTRAINTSFAILED,pkix_pl_Cert_DecodePolicyConstraints failed,0),
-PKIX_ERRORENTRY(CERTDECODEPOLICYINFOFAILED,pkix_pl_Cert_DecodePolicyInfo failed,0),
-PKIX_ERRORENTRY(CERTDECODEPOLICYMAPPINGFAILED,pkix_pl_Cert_DecodePolicyMapping failed,0),
-PKIX_ERRORENTRY(CERTDECODEPOLICYMAPPINGSEXTENSIONFAILED,CERT_DecodePolicyMappingsExtension failed,0),
-PKIX_ERRORENTRY(CERTEQUALSFAILED,pkix_pl_Cert_Equals failed,0),
-PKIX_ERRORENTRY(CERTFAILEDNAMECONSTRAINTSCHECKING,Cert failed NameConstraints checking,SEC_ERROR_CERT_NOT_IN_NAME_SPACE),
-PKIX_ERRORENTRY(CERTGETALLSUBJECTNAMESFAILED,PKIX_PL_Cert_GetAllSubjectNames failed,0),
-PKIX_ERRORENTRY(CERTGETAUTHORITYINFOACCESSFAILED,PKIX_PL_Cert_GetAuthorityInfoAccess failed,0),
-PKIX_ERRORENTRY(CERTGETAUTHORITYKEYIDENTIFIERFAILED,PKIX_PL_Cert_GetAuthorityKeyIdentifier failed,0),
-PKIX_ERRORENTRY(CERTGETBASICCONSTRAINTFAILED,PKIX_PL_Cert_GetBasicConstraint failed,0),
-PKIX_ERRORENTRY(CERTGETBASICCONSTRAINTSFAILED,PKIX_PL_Cert_GetBasicConstraints failed,0),
-PKIX_ERRORENTRY(CERTGETCACHEFLAGFAILED,PKIX_Cert_GetCacheFlag failed,0),
-PKIX_ERRORENTRY(CERTGETCERTCERTIFICATEFAILED,PKIX_PL_Cert_GetCERTCertificate failed,0),
-PKIX_ERRORENTRY(CERTGETCRITICALEXTENSIONOIDSFAILED,PKIX_PL_Cert_GetCriticalExtensionOIDs failed,0),
-PKIX_ERRORENTRY(CERTGETCRLDPFAILED,Failed to get cert crldp extension, 0),
-PKIX_ERRORENTRY(CERTGETEXTENDEDKEYUSAGEFAILED,PKIX_PL_Cert_GetExtendedKeyUsage failed,0),
-PKIX_ERRORENTRY(CERTGETINHIBITANYPOLICYFAILED,PKIX_PL_Cert_GetInhibitAnyPolicy failed,0),
-PKIX_ERRORENTRY(CERTGETISSUERFAILED,PKIX_PL_Cert_GetIssuer failed,0),
-PKIX_ERRORENTRY(CERTGETNAMECONSTRAINTSFAILED,PKIX_PL_CertGetNameConstraints failed,0),
-PKIX_ERRORENTRY(CERTGETNSSSUBJECTALTNAMESFAILED,pkix_pl_Cert_GetNssSubjectAltNames failed,0),
-PKIX_ERRORENTRY(CERTGETPOLICYINFORMATIONFAILED,PKIX_PL_Cert_GetPolicyInformation failed,0),
-PKIX_ERRORENTRY(CERTGETPOLICYMAPPINGINHIBITEDFAILED,PKIX_PL_Cert_GetPolicyMappingInhibited failed,0),
-PKIX_ERRORENTRY(CERTGETPOLICYMAPPINGSFAILED,PKIX_PL_Cert_GetPolicyMappings failed,0),
-PKIX_ERRORENTRY(CERTGETREQUIREEXPLICITPOLICYFAILED,PKIX_PL_Cert_GetRequireExplicitPolicy failed,0),
-PKIX_ERRORENTRY(CERTGETSERIALNUMBERFAILED,PKIX_PL_Cert_GetSerialNumber failed,0),
-PKIX_ERRORENTRY(CERTGETSUBJALTNAMESFAILED,PKIX_PL_Cert_GetSubjAltNames failed,0),
-PKIX_ERRORENTRY(CERTGETSUBJECTALTNAMESFAILED,PKIX_PL_Cert_GetSubjectAltNames failed,0),
-PKIX_ERRORENTRY(CERTGETSUBJECTFAILED,PKIX_PL_Cert_GetSubject failed,0),
-PKIX_ERRORENTRY(CERTGETSUBJECTINFOACCESSFAILED,PKIX_PL_Cert_GetSubjectInfoAccess failed,0),
-PKIX_ERRORENTRY(CERTGETSUBJECTKEYIDENTIFIERFAILED,PKIX_PL_Cert_GetSubjectKeyIdentifier failed,0),
-PKIX_ERRORENTRY(CERTGETSUBJECTPUBLICKEYALGIDFAILED,PKIX_PL_Cert_GetSubjectPublicKeyAlgId failed,0),
-PKIX_ERRORENTRY(CERTGETSUBJECTPUBLICKEYFAILED,PKIX_PL_Cert_GetSubjectPublicKey failed,0),
-PKIX_ERRORENTRY(CERTGETVALIDITYNOTAFTERFAILED,PKIX_PL_Cert_GetValidityNotAfter failed,0),
-PKIX_ERRORENTRY(CERTGETVERSIONFAILED,PKIX_PL_Cert_GetVersion failed,0),
-PKIX_ERRORENTRY(CERTHASHCODEFAILED,PKIX_PL_Cert_Hashcode failed,0),
-PKIX_ERRORENTRY(CERTIFICATEDOESNTHAVEVALIDCRL,Certificate does not have a valid CRL,SEC_ERROR_CRL_NOT_FOUND),
-PKIX_ERRORENTRY(CERTIFICATEREVOKED,Certificate is revoked,SEC_ERROR_REVOKED_CERTIFICATE),
-PKIX_ERRORENTRY(CERTIMPORTCERTIFICATEFUNCTIONFAILED,CERTImportCertificate function failed,0),
-PKIX_ERRORENTRY(CERTISCERTTRUSTEDFAILED,PKIX_PL_Cert_IsCertTrusted failed,SEC_ERROR_UNTRUSTED_CERT),
-PKIX_ERRORENTRY(CERTISEXTENSIONCRITICALFAILED,pkix_pl_Cert_IsExtensionCritical failed,0),
-PKIX_ERRORENTRY(CERTMERGENAMECONSTRAINTSFAILED,PKIX_PL_Cert_MergeNameConstraints failed,0),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCHECKNAMEINNAMESPACEFAILED,PKIX_PL_CertNameConstraints_CheckNameInNameSpace failed,SEC_ERROR_CERT_NOT_IN_NAME_SPACE),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCHECKNAMESINNAMESPACEFAILED,PKIX_PL_CertNameConstraints_CheckNamesInNameSpace failed,SEC_ERROR_CERT_NOT_IN_NAME_SPACE),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCHECKNAMESPACENSSNAMESFAILED,pkix_pl_CertNameConstraints_CheckNameSpaceNssNames failed,SEC_ERROR_CERT_NOT_IN_NAME_SPACE),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED,pkix_pl_CertNameConstraints_CopyNssNameConstraints failed,0),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCREATEBYMERGEFAILED,pkix_pl_CertNameConstraints_CreateByMerge failed,0),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCREATEFAILED,pkix_pl_CertNameConstraints_Create failed,0),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCREATEHELPERFAILED,pkix_pl_CertNameConstraints_Create_Helper failed,0),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSGETEXCLUDEDFAILED,pkix_pl_CertNameConstraints_GetExcluded failed,0),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSGETPERMITTEDFAILED,pkix_pl_CertNameConstraints_GetPermitted failed,0),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSMERGEFAILED,pkix_pl_CertNameConstraints_Merge failed,0),
-PKIX_ERRORENTRY(CERTNAMECONSTRAINTSTOSTRINGHELPERFAILED,pkix_pl_CertNameConstraints_ToString_Helper failed,0),
-PKIX_ERRORENTRY(CERTNAMETOASCIIFAILED,CERT_NameToAscii failed,0),
-PKIX_ERRORENTRY(CERTNOTALLOWEDTOSIGNCERTIFICATES,Cert not allowed to sign certificates,SEC_ERROR_CA_CERT_INVALID),
-PKIX_ERRORENTRY(CERTPOLICYINFOCREATEFAILED,pkix_pl_CertPolicyInfo_Create failed,0),
-PKIX_ERRORENTRY(CERTPOLICYINFOGETPOLICYIDFAILED,PKIX_PL_CertPolicyInfo_GetPolicyId failed,0),
-PKIX_ERRORENTRY(CERTPOLICYINFOGETPOLQUALIFIERSFAILED,PKIX_PL_CertPolicyInfo_GetPolQualifiers failed,0),
-PKIX_ERRORENTRY(CERTPOLICYMAPCREATEFAILED,pkix_pl_CertPolicyMap_Create failed,0),
-PKIX_ERRORENTRY(CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED,PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy failed,0),
-PKIX_ERRORENTRY(CERTPOLICYMAPGETSUBJECTDOMAINPOLICYFAILED,PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy failed,0),
-PKIX_ERRORENTRY(CERTPOLICYQUALIFIERCREATEFAILED,pkix_pl_CertPolicyQualifier_Create failed,0),
-PKIX_ERRORENTRY(CERTREJECTEDBYREVOCATIONCHECKER,Cert rejected by revocation checker,0),
-PKIX_ERRORENTRY(CERTSELECTORCHECKFAILED,Validation failed: CertSelector check failed,0),
-PKIX_ERRORENTRY(CERTSELECTORCREATEFAILED,PKIX_CertSelector_Create failed,0),
-PKIX_ERRORENTRY(CERTSELECTORFAILED,certSelector failed,0),
-PKIX_ERRORENTRY(CERTSELECTORGETCOMCERTSELPARAMSFAILED,PKIX_CertSelector_GetComCertSelParams failed,0),
-PKIX_ERRORENTRY(CERTSELECTORGETCOMMONCERTSELECTORPARAMFAILED,PKIX_CertSelector_GetCommonCertSelectorParam failed,0),
-PKIX_ERRORENTRY(CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED,PKIX_CertSelector_GetCommonCertSelectorParams failed,0),
-PKIX_ERRORENTRY(CERTSELECTORGETMATCHCALLBACKFAILED,PKIX_CertSelector_GetMatchCallback failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHAUTHKEYIDFAILED,pkix_CertSelector_Match_AuthKeyId failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHBASICCONSTRAINTFAILED,pkix_CertSelector_Match_BasicConstraint failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHCALLBACKFAILED,PKIX_CertSelector_MatchCallback failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHCERTIFICATEVALIDFAILED,pkix_CertSelector_Match_CertificateValid failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHCERTISSUERFAILED,cert does not match issuer name,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHCERTOBJECTFAILED,cert does not match cert object,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHCERTSERIALNUMFAILED,cert does not match serial number,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHCERTSUBJECTFAILED,cert does not match subject name,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHCERTVERSIONFAILED,cert does not match cert version,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHEXTENDEDKEYUSAGEFAILED,pkix_CertSelector_Match_ExtendedKeyUsage failed,SEC_ERROR_INADEQUATE_CERT_TYPE),
-PKIX_ERRORENTRY(CERTSELECTORMATCHFAILED,certSelectorMatch failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHKEYUSAGEFAILED,pkix_CertSelector_Match_KeyUsage failed,SEC_ERROR_INADEQUATE_KEY_USAGE),
-PKIX_ERRORENTRY(CERTSELECTORMATCHNAMECONSTRAINTSFAILED,pkix_CertSelector_Match_NameConstraints failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHPATHTONAMESFAILED,pkix_CertSelector_Match_PathToNames failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHPOLICIESFAILED,pkix_CertSelector_Match_Policies failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHSUBJALTNAMESFAILED,pkix_CertSelector_Match_SubjAltNames failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHSUBJKEYIDFAILED,pkix_CertSelector_Match_SubjKeyId failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHSUBJPKALGIDFAILED,pkix_CertSelector_Match_SubjPKAlgId failed,0),
-PKIX_ERRORENTRY(CERTSELECTORMATCHSUBJPUBKEYFAILED,pkix_CertSelector_Match_SubjPubKey failed,0),
-PKIX_ERRORENTRY(CERTSELECTORSELECTFAILED,pkix_CertSelector_Select failed,0),
-PKIX_ERRORENTRY(CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED,PKIX_CertSelector_SetCommonCertSelectorParams failed,0),
-PKIX_ERRORENTRY(CERTSETASTRUSTANCHORFAILED, PKIX_PL_Cert_SetAsTrustAnchor failed, 0),
-PKIX_ERRORENTRY(CERTSETCACHEFLAGFAILED,PKIX_PL_Cert_SetCacheFlag failed,0),
-PKIX_ERRORENTRY(CERTSETTRUSTCERTSTOREFAILED,PKIX_PL_Cert_SetTrustCertStore failed,0),
-PKIX_ERRORENTRY(CERTSTORECERTCONTINUEFAILED,PKIX_CertStore_CertContinue failed,0),
-PKIX_ERRORENTRY(CERTSTORECERTCONTINUEFUNCTIONFAILED,PKIX_CertStore_CertContinueFunction failed,0),
-PKIX_ERRORENTRY(CERTSTORECREATEFAILED,PKIX_CertStore_Create failed,0),
-PKIX_ERRORENTRY(CERTSTORECRLCONTINUEFAILED,PKIX_CertStore_CrlContinue failed,0),
-PKIX_ERRORENTRY(CERTSTOREEQUALSFAILED,pkix_CertStore_Equals failed,0),
-PKIX_ERRORENTRY(CERTSTORECRLCHECKFAILED,Fail to check cert crl revocation,0),
-PKIX_ERRORENTRY(CERTSTOREGETCHECKREVBYCRLFAILED,Can not get revocation check function,0),
-PKIX_ERRORENTRY(CERTSTOREFAILTOIMPORTCRLLIST,Fail to import crls,0),
-PKIX_ERRORENTRY(CERTSTOREGETCERTCALLBACKFAILED,PKIX_CertStore_GetCertCallback failed,0),
-PKIX_ERRORENTRY(CERTSTOREGETCERTSTORECACHEFLAGFAILED,PKIX_CertStore_GetCertStoreCacheFlag failed,0),
-PKIX_ERRORENTRY(CERTSTOREGETCERTSTORECONTEXTFAILED,PKIX_CertStore_GetCertStoreContext failed,0),
-PKIX_ERRORENTRY(CERTSTOREGETCRLCALLBACKFAILED,PKIX_CertStore_GetCRLCallback failed,0),
-PKIX_ERRORENTRY(CERTSTOREGETLOCALFLAGFAILED,PKIX_CertStore_GetLocalFlag failed,0),
-PKIX_ERRORENTRY(CERTSTOREGETTRUSTCALLBACKFAILED,PKIX_CertStore_GetTrustCallback failed,0),
-PKIX_ERRORENTRY(CERTSTOREHASHCODEFAILED,pkix_CertStore_Hashcode failed,0),
-PKIX_ERRORENTRY(CERTTOSTRINGFAILED,PKIX_PL_Cert_ToString failed,0),
-PKIX_ERRORENTRY(CERTTOSTRINGHELPERFAILED,pkix_pl_Cert_ToString_Helper failed,0),
-PKIX_ERRORENTRY(CERTVERIFYCERTTYPEFAILED,PKIX_PL_Cert_VerifyCertAndKeyType failed,0),
-PKIX_ERRORENTRY(CERTVERIFYKEYUSAGEFAILED,PKIX_PL_Cert_VerifyKeyUsage failed,0),
-PKIX_ERRORENTRY(CERTVERIFYSIGNATUREFAILED,PKIX_PL_Cert_VerifySignature failed,0),
-PKIX_ERRORENTRY(CHAINREJECTEDBYREVOCATIONCHECKER,Chain rejected by Revocation Checker,0),
-PKIX_ERRORENTRY(CHECKCERTAGAINSTANCHORFAILED,pkix_CheckCertAgainstAnchor failed,0),
-PKIX_ERRORENTRY(CHECKCERTFAILED,pkix_CheckCert failed,0),
-PKIX_ERRORENTRY(CHECKCHAINFAILED,pkix_CheckChain failed,0),
-PKIX_ERRORENTRY(CHECKTRUSTCALLBACKFAILED,CheckTrustCallback failed,0),
-PKIX_ERRORENTRY(COLLECTIONCERTSTOREPOPULATECERTFAILED,pkix_pl_CollectionCertStoreContext_PopulateCert failed,0),
-PKIX_ERRORENTRY(COLLECTIONCERTSTOREPOPULATECRLFAILED,pkix_pl_CollectionCertStoreContext_PopulateCrl failed,0),
-PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTCREATECERTFAILED,pkix_pl_CollectionCertStoreContext_CreateCert failed,0),
-PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTCREATECRLFAILED,pkix_pl_CollectionCertStoreContext_CreateCRL failed,0),
-PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTGETSELECTCERTFAILED,pkix_pl_CollectionCertStoreContext_GetSelectCert failed,0),
-PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTGETSELECTCRLFAILED,pkix_pl_CollectionCertStoreContext_GetSelectCRL failed,0),
-PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTPOPULATECERTFAILED,pkix_pl_CollectionCertStoreContext_PopulateCert failed,0),
-PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTPOPULATECRLFAILED,pkix_pl_CollectionCertStoreContext_PopulateCRL failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSCREATEFAILED,PKIX_ComCertSelParams_Create failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETAUTHORITYKEYIDENTIFIERFAILED,PKIX_ComCertSelParams_GetAuthorityKeyIdentifier failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETBASICCONSTRAINTSFAILED,PKIX_ComCertSelParams_GetBasicConstraints failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETCERTIFICATEFAILED,PKIX_ComCertSelParams_GetCertificate failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETCERTIFICATEVALIDFAILED,PKIX_ComCertSelParams_GetCertificateValid failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED,PKIX_ComCertSelParams_GetExtendedKeyUsage failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETISSUERFAILED,PKIX_ComCertSelParams_GetIssuer failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETKEYUSAGEFAILED,PKIX_ComCertSelParams_GetKeyUsage failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETLEAFCERTFLAGFAILED,PKIX_ComCertSelParams_GetLeafCertFlag failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETMATCHALLSUBJALTNAMESFAILED,PKIX_ComCertSelParams_GetMatchAllSubjAltNames failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETNAMECONSTRAINTSFAILED,PKIX_ComCertSelParams_GetNameConstraints failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETPATHTONAMESFAILED,PKIX_ComCertSelParams_GetPathToNames failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETPOLICYFAILED,PKIX_ComCertSelParams_GetPolicy failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETSERIALNUMBERFAILED,PKIX_ComCertSelParams_GetSerialNumber failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETSUBJALTNAMESFAILED,PKIX_ComCertSelParams_GetSubjAltNames failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETSUBJECTFAILED,PKIX_ComCertSelParams_GetSubject failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETSUBJKEYIDENTIFIERFAILED,PKIX_ComCertSelParams_GetSubjKeyIdentifier failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETSUBJPKALGIDFAILED,PKIX_ComCertSelParams_GetSubjPKAlgId failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETSUBJPUBKEYFAILED,PKIX_ComCertSelParams_GetSubjPubKey failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSGETVERSIONFAILED,PKIX_ComCertSelParams_GetVersion failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSSETBASICCONSTRAINTSFAILED,PKIX_ComCertSelParams_SetBasicConstraints failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSSETCERTIFICATEFAILED,PKIX_ComCertSelParams_SetCertificate failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSSETCERTIFICATEVALIDFAILED,PKIX_ComCertSelParams_SetCertificateValid failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSSETEXTKEYUSAGEFAILED,PKIX_ComCertSelParams_SetExtendedKeyUsage failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSSETKEYUSAGEFAILED,PKIX_ComCertSelParams_SetKeyUsage failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSSETLEAFCERTFLAGFAILED,PKIX_ComCertSelParams_SetLeafCertFlag failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSSETNISTPOLICYENABLEDFAILED,PKIX_ComCertSelParams_SetNISTPolicyEnabled failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSSETPATHTONAMESFAILED,PKIX_ComCertSelParams_SetPathToNames failed,0),
-PKIX_ERRORENTRY(COMCERTSELPARAMSSETSUBJECTFAILED,PKIX_ComCertSelParams_SetSubject failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSADDISSUERNAMEFAILED,PKIX_ComCRLSelParams_AddIssuerName failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSCREATEFAILED,PKIX_ComCRLSelParams_Create failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSEQUALSFAILED,pkix_ComCRLSelParams_Equals failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSGETDATEANDTIMEFAILED,PKIX_ComCRLSelParams_GetDateAndTime failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSGETISSUERNAMESFAILED,PKIX_ComCRLSelParams_GetIssuerNames failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSGETMAXCRLNUMBERFAILED,PKIX_ComCRLSelParams_GetMaxCRLNumber failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSGETMINCRLNUMBERFAILED,PKIX_ComCRLSelParams_GetMinCRLNumber failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSGETNISTPOLICYENABLEDFAILED,PKIX_ComCRLSelParams_GetNISTPolicyEnabled failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSSETCERTFAILED,PKIX_ComCRLSelParams_SetCertificateChecking failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSSETDATEANDTIMEFAILED,PKIX_ComCRLSelParams_SetDateAndTime failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSTOSTRINGFAILED,pkix_ComCRLSelParams_ToString failed,0),
-PKIX_ERRORENTRY(COMCRLSELPARAMSTOSTRINGHELPERFAILED,pkix_ComCRLSelParams_ToString_Helper failed,0),
-PKIX_ERRORENTRY(COMPARATORCALLBACKFAILED,comparator callback failed,0),
-PKIX_ERRORENTRY(CONTENTTYPENOTPKCS7MIME,Content type is not application/pkcs7-mime,0),
-PKIX_ERRORENTRY(CONTENTTYPENOTPKIXCRL,Content type is not application/pkix-crl,SEC_ERROR_BAD_HTTP_RESPONSE),
-PKIX_ERRORENTRY(COULDNOTALLOCATEMEMORY,Could not allocate memory,0),
-PKIX_ERRORENTRY(COULDNOTALLOCATENEWSTRINGOBJECT,Could not allocate new string object,0),
-PKIX_ERRORENTRY(COULDNOTAPPENDCHILDTOPARENTSPOLICYNODELIST,Could not append child to parent PolicyNode list,0),
-PKIX_ERRORENTRY(COULDNOTAPPENDCHILDTOPARENTSVERIFYNODELIST,Could not append child to parent VerifyNode list,0),
-PKIX_ERRORENTRY(COULDNOTCREATEAIAMGROBJECT,Could not create AiaMgr object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEBASICCONSTRAINTSSTATEOBJECT,Could not create basic constraints state object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEBUILDPARAMSOBJECT,Could not create build params object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEBUILDRESULTOBJECT,Could not create build result object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECERTBASICCONSTRAINTSOBJECT,Could not create a CertBasicConstraints object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECERTCHAINCHECKEROBJECT,Could not create cert chain checker object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECERTNAMECONSTRAINTSOBJECT,Could not create CertNameConstraints object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECERTPOLICYINFOOBJECT,Could not create a CertPolicyInfo object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECERTPOLICYMAPOBJECT,Could not create a CertPolicyMap object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECERTPOLICYQUALIFIEROBJECT,Could not create a CertPolicyQualifier object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECERTSELECTOROBJECT,Could not create cert selector object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECERTSTOREOBJECT,Could not create CertStore object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECOLLECTIONCERTSTORECONTEXTOBJECT,Could not create CollectionCertStoreContext object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECOMMONCERTSELPARAMSOBJECT,Could not create common certsel params object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECOMMONCRLSELECTORPARAMSOBJECT,Could not create common crl selector params object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECRLENTRYOBJECT,Could not create CRLENTRY object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECRLOBJECT,Could not create CRL object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECRLSELECTOROBJECT,Could not create CRLSelector object,0),
-PKIX_ERRORENTRY(COULDNOTCREATECRLCHECKEROBJECT,Could not create CRLChecker object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEOCSPCHECKEROBJECT,Could not create OcspChecker object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEREVOCATIONMETHODOBJECT,Could not create RevocationMethod object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEDEFAULTREVOCATIONCHECKEROBJECT,Could not create DefaultRevocationChecker object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEEKUCHECKERSTATEOBJECT,Could not create EkuCheckerState object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEFORWARDBUILDERSTATEOBJECT,Could not create forwardBuilder state object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEHASHTABLEOBJECT,Could not create HashTable object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEHTTPDEFAULTCLIENTOBJECT,Could not create HttpDefaultClient object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEINFOACCESSOBJECT,Could not create InfoAccess object,0),
-PKIX_ERRORENTRY(COULDNOTCREATELDAPDEFAULTCLIENTOBJECT,Could not create LdapDefaultClient object,0),
-PKIX_ERRORENTRY(COULDNOTCREATELOCKOBJECT,Could not create lock object,0),
-PKIX_ERRORENTRY(COULDNOTCREATELOGGEROBJECT,Could not create Logger object,0),
-PKIX_ERRORENTRY(COULDNOTCREATENAMECONSTRAINTSCHECKERSTATEOBJECT,Could not create NameConstraintsCheckerState object,0),
-PKIX_ERRORENTRY(COULDNOTCREATENSSDN,Could not create NSS DN,0),
-PKIX_ERRORENTRY(COULDNOTCREATEOBJECT,Could not create object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEOBJECTSTORAGE,Could not create object storage,0),
-PKIX_ERRORENTRY(COULDNOTCREATEPOLICYCHECKERSTATEOBJECT,Could not create policyChecker state object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEPOLICYNODEOBJECT,Could not create a PolicyNode object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEPROCESSINGPARAMSOBJECT,Could not create processing params object,0),
-PKIX_ERRORENTRY(COULDNOTCREATERESOURCELIMITOBJECT,Could not create ResourceLimit object,0),
-PKIX_ERRORENTRY(COULDNOTCREATESIGNATURECHECKERSTATEOBJECT,Could not create SignatureCheckerState object,0),
-PKIX_ERRORENTRY(COULDNOTCREATESOCKETOBJECT,Could not create Socket object,0),
-PKIX_ERRORENTRY(COULDNOTCREATESTRING,Could not create string,0),
-PKIX_ERRORENTRY(COULDNOTCREATETARGETCERTCHECKERSTATEOBJECT,Could not create target cert checker state object,0),
-PKIX_ERRORENTRY(COULDNOTCREATETRUSTANCHOROBJECT,Could not create trust anchor object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEVALIDATEPARAMSOBJECT,Could not create validate params object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEVALIDATERESULTOBJECT,Could not create validate result object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEVERIFYNODEOBJECT,Could not create a VerifyNode object,0),
-PKIX_ERRORENTRY(COULDNOTCREATEX500NAMEOBJECT,Could not create X500Name object,0),
-PKIX_ERRORENTRY(COULDNOTGETFIRSTOBJECTTYPE,Could not get first object type,0),
-PKIX_ERRORENTRY(COULDNOTGETSECONDOBJECTTYPE,Could not get second object type,0),
-PKIX_ERRORENTRY(COULDNOTGETTYPEOFSECONDARGUMENT,Could not get type of second argument,0),
-PKIX_ERRORENTRY(COULDNOTLOOKUPINHASHTABLE,Could not lookup in hashtable,0),
-PKIX_ERRORENTRY(COULDNOTMALLOCNEWKEY,Could not malloc new key,0),
-PKIX_ERRORENTRY(COULDNOTTESTWHETHERKEYSEQUAL,Could not test whether keys are equal,0),
-PKIX_ERRORENTRY(CREATECERTFAILED,CreateCert failed,0),
-PKIX_ERRORENTRY(CREATECRLSELECTORDUPLICATEOBJECTFAILED,Create CRLSelector Duplicate Object failed,0),
-PKIX_ERRORENTRY(CREATEPROCESSINGPARAMSFAILED,Failed to create processing parameters,0),
-PKIX_ERRORENTRY(CRLCHECKERCREATEFAILED,pkix_CRLChecker_Create failed,0),
-PKIX_ERRORENTRY(CRLCHECKERINITIALIZEFAILED,pkix_CRLChecker_Initialize failed,0),
-PKIX_ERRORENTRY(CRLCHECKERNOLOCALCERTSTOREFOUND,No local cert store found, 0),
-PKIX_ERRORENTRY(CRLCHECKERSETSELECTORFAILED,pkix_CRLChecker_SetSelector failed,0),
-PKIX_ERRORENTRY(CRLCREATEFAILED,PKIX_PL_CRL_Create failed,0),
-PKIX_ERRORENTRY(CRLCREATETOLISTFAILED,pkix_pl_CRL_CreateToList failed,0),
-PKIX_ERRORENTRY(CRLCREATEWITHSIGNEDCRLFAILED,pkix_pl_CRL_CreateWithSignedCRL failed,0),
-PKIX_ERRORENTRY(CRLCRITICALEXTENSIONOIDSNOTPROCESSED,CRL Critical Extension OIDs not processed,0),
-PKIX_ERRORENTRY(CRLDPCREATEFAILED, Failed to create CRL DP,0),
-PKIX_ERRORENTRY(CRLENTRYCREATEFAILED,pkix_pl_CRLEntry_Create failed,0),
-PKIX_ERRORENTRY(CRLENTRYCRITICALEXTENSIONWASNOTPROCESSED,CRLEntry Critical Extension was not processed,0),
-PKIX_ERRORENTRY(CRLENTRYEXTENSIONSEQUALSFAILED,PKIX_PL_CRLEntry_Extensions_Equals failed,0),
-PKIX_ERRORENTRY(CRLENTRYEXTENSIONSHASHCODEFAILED,pkix_pl_CRLEntry_Extensions_Hashcode failed,0),
-PKIX_ERRORENTRY(CRLENTRYGETCRITICALEXTENSIONOIDSFAILED,PKIX_PL_CRLEntry_GetCriticalExtensionOIDs failed,0),
-PKIX_ERRORENTRY(CRLENTRYGETCRLENTRYREASONCODEFAILED,PKIX_PL_CRLEntry_GetCRLEntryReasonCode failed,0),
-PKIX_ERRORENTRY(CRLENTRYTOSTRINGHELPERFAILED,pkix_pl_CRLEntry_ToString_Helper failed,0),
-PKIX_ERRORENTRY(CRLGETCRITICALEXTENSIONOIDSFAILED,PKIX_PL_CRL_GetCriticalExtensionOIDs failed,0),
-PKIX_ERRORENTRY(CRLGETCRLENTRIESFAILED,pkix_pl_CRL_GetCRLEntries failed,0),
-PKIX_ERRORENTRY(CRLGETCRLENTRYFORSERIALNUMBERFAILED,PKIX_PL_CRL_GetCRLEntryForSerialNumber failed,0),
-PKIX_ERRORENTRY(CRLGETCRLNUMBERFAILED,PKIX_PL_CRL_GetCRLNumber failed,0),
-PKIX_ERRORENTRY(CRLGETISSUERFAILED,PKIX_PL_CRL_GetIssuer failed,0),
-PKIX_ERRORENTRY(CRLGETPARTITIONEDFLAGFAILED,PKIX_PL_CRL_IsPartitioned failed,0),
-PKIX_ERRORENTRY(CRLGETSIGNATUREALGIDFAILED,pkix_pl_CRL_GetSignatureAlgId failed,0),
-PKIX_ERRORENTRY(CRLGETVERSIONFAILED,pkix_pl_CRL_GetVersion failed,0),
-PKIX_ERRORENTRY(CRLISSUECERTEXPIRED,CRL issue cert has expired,0),
-PKIX_ERRORENTRY(CRLMAXNUMBERRANGEMATCHFAILED,CRL MaxNumber Range Match Failed,0),
-PKIX_ERRORENTRY(CRLSELECTORCREATEFAILED,PKIX_CRLSelector_Create failed,0),
-PKIX_ERRORENTRY(CRLSELECTORFAILED,crlSelector failed,0),
-PKIX_ERRORENTRY(CRLSELECTORGETCOMCERTSELPARAMSFAILED,PKIX_CRLSelector_GetComCertSelParams failed,0),
-PKIX_ERRORENTRY(CRLSELECTORGETMATCHCALLBACKFAILED,PKIX_CRLSelector_GetMatchCallback failed,0),
-PKIX_ERRORENTRY(CRLSELECTORMATCHCALLBACKFAILED,PKIX_CRLSelector_MatchCallback failed,0),
-PKIX_ERRORENTRY(CRLSELECTORMATCHFAILED,crlSelectorMatch failed,0),
-PKIX_ERRORENTRY(CRLSELECTORSELECTFAILED,pkix_CRLSelector_Select failed,0),
-PKIX_ERRORENTRY(CRLSELECTORSETCOMMONCRLSELECTORPARAMSFAILED,PKIX_CRLSelector_SetCommonCRLSelectorParams failed,0),
-PKIX_ERRORENTRY(CRLSELECTORTOSTRINGHELPERFAILED,pkix_CRLSelector_ToString_Helper failed,0),
-PKIX_ERRORENTRY(CRLTOSTRINGHELPERFAILED,pkix_pl_CRL_ToString_Helper failed,0),
-PKIX_ERRORENTRY(CRLVERIFYUPDATETIMEFAILED,pkix_pl_CRL_VerifyUpdateTime failed,0),
-PKIX_ERRORENTRY(DATECREATECURRENTOFFBYSECONDSFAILED,PKIX_PL_Date_Create_CurrentOffBySeconds failed,0),
-PKIX_ERRORENTRY(DATECREATEFROMPRTIMEFAILED,pkix_pl_Date_CreateFromPRTime failed,0),
-PKIX_ERRORENTRY(DATECREATEUTCTIMEFAILED,PKIX_PL_Date_Create_UTCTime failed,0),
-PKIX_ERRORENTRY(DATEDERTIMETOPRTIMEFAILED,Fail to convert encoded time to PRTime,0),
-PKIX_ERRORENTRY(DATEEQUALSFAILED,PKIX_PL_Date_Equals failed,0),
-PKIX_ERRORENTRY(DATEGETPRTIMEFAILED,pkix_pl_Date_GetPRTime failed,0),
-PKIX_ERRORENTRY(DATEHASHCODEFAILED,PKIX_PL_Date_Hashcode failed,0),
-PKIX_ERRORENTRY(DATETOSTRINGFAILED,PKIX_Date_ToString failed,0),
-PKIX_ERRORENTRY(DATETOSTRINGHELPERFAILED,pkix_pl_Date_ToString_Helper failed,0),
-PKIX_ERRORENTRY(DECIPHERONLYKEYUSAGENOTSUPPORTED,decipherOnly key usage not supported,0),
-PKIX_ERRORENTRY(DECODINGCERTNAMECONSTRAINTSFAILED,Decoding Cert NameConstraints failed,0),
-PKIX_ERRORENTRY(DEFAULTREVCHECKERCREATEFAILED,pkix_DefaultRevChecker_Create failed,0),
-PKIX_ERRORENTRY(DEFAULTREVCHECKERINITIALIZEFAILED,pkix_DefaultRevChecker_Initialize failed,0),
-PKIX_ERRORENTRY(DEPTHWOULDEXCEEDRESOURCELIMITS,Depth would exceed Resource Limits,SEC_ERROR_OUT_OF_SEARCH_LIMITS),
-PKIX_ERRORENTRY(DERASCIITOTIMEFAILED,DER_AsciiToTime failed,0),
-PKIX_ERRORENTRY(DERDECODETIMECHOICEFAILED,DER_DecodeTimeChoice failed,0),
-PKIX_ERRORENTRY(DERDECODETIMECHOICEFORLASTUPDATEFAILED,DER_DecodeTimeChoice for lastUpdate failed,0),
-PKIX_ERRORENTRY(DERDECODETIMECHOICEFORNEXTUPDATEFAILED,DER_DecodeTimeChoice for nextUpdate failed,0),
-PKIX_ERRORENTRY(DERENCODETIMECHOICEFAILED,DER_EncodeTimeChoice failed,0),
-PKIX_ERRORENTRY(DERGENERALIZEDDAYTOASCIIFAILED,DER_GeneralizedDayToAscii failed,0),
-PKIX_ERRORENTRY(DERTIMETOUTCTIMEFAILED,DER_TimeToUTCTime failed,0),
-PKIX_ERRORENTRY(DERUTCTIMETOASCIIFAILED,DER_UTCTimeToAscii failed,0),
-PKIX_ERRORENTRY(DESTROYSPKIFAILED,pkix_pl_DestroySPKI failed,0),
-PKIX_ERRORENTRY(DIRECTORYNAMECREATEFAILED,pkix_pl_DirectoryName_Create failed,0),
-PKIX_ERRORENTRY(DUPLICATEIMMUTABLEFAILED,pkix_duplicateImmutable failed,0),
-PKIX_ERRORENTRY(CANNOTSORTIMMUTABLELIST,pkix_List_BubbleSort can not sort immutable list,0),
-PKIX_ERRORENTRY(EKUCHECKERGETREQUIREDEKUFAILED,pkix_pl_EkuChecker_GetRequiredEku failed,0),
-PKIX_ERRORENTRY(EKUCHECKERINITIALIZEFAILED,PKIX_PL_EkuChecker_Initialize failed,0),
-PKIX_ERRORENTRY(EKUCHECKERSTATECREATEFAILED,pkix_pl_EkuCheckerState_Create failed,0),
-PKIX_ERRORENTRY(ENABLEREVOCATIONWITHOUTCERTSTORE,Enable Revocation without CertStore,0),
-PKIX_ERRORENTRY(ERRORALLOCATINGMONITORLOCK,Error Allocating MonitorLock,0),
-PKIX_ERRORENTRY(ERRORALLOCATINGRWLOCK,Error Allocating RWLock,0),
-PKIX_ERRORENTRY(ERRORCREATINGCHILDSTRING,Error creating child string,0),
-PKIX_ERRORENTRY(ERRORCREATINGFORMATSTRING,Error creating format string,0),
-PKIX_ERRORENTRY(ERRORCREATINGINDENTSTRING,Error creating indent string,0),
-PKIX_ERRORENTRY(ERRORCREATINGITEMSTRING,Error creating item string,0),
-PKIX_ERRORENTRY(ERRORCREATINGLISTITEM,Error Creating List Item,0),
-PKIX_ERRORENTRY(ERRORCREATINGSUBTREESTRING,Error creating subtree string,0),
-PKIX_ERRORENTRY(ERRORCREATINGTABLELOCK,Error creating table lock,0),
-PKIX_ERRORENTRY(ERRORFINDINGORPROCESSINGURI,Error finding or processing URI,0),
-PKIX_ERRORENTRY(ERRORGETTINGCAUSESTRING,Error getting cause string,0),
-PKIX_ERRORENTRY(ERRORGETTINGCLASSTABLEENTRY,Error getting class table entry,0),
-PKIX_ERRORENTRY(ERRORGETTINGHASHCODE,Error getting hashcode,0),
-PKIX_ERRORENTRY(ERRORGETTINGSECONDOBJECTTYPE,Error getting second object type,0),
-PKIX_ERRORENTRY(ERRORINBYTEARRAYHASHCODE,Error in PKIX_PL_ByteArray_Hashcode,0),
-PKIX_ERRORENTRY(ERRORINGETTINGDESTRUCTOR,Error in getting destructor,0),
-PKIX_ERRORENTRY(ERRORINHASH,Error in pkix_hash,0),
-PKIX_ERRORENTRY(ERRORINLISTHASHCODE,Error in PKIX_List_Hashcode,0),
-PKIX_ERRORENTRY(ERRORINOBJECTDEFINEDESTROY,Error in object-defined destroy callback,0),
-PKIX_ERRORENTRY(ERRORINOIDHASHCODE,Error in PKIX_PL_OID_Hashcode,0),
-PKIX_ERRORENTRY(ERRORINRECURSIVEEQUALSCALL,Error in recursive equals call,0),
-PKIX_ERRORENTRY(ERRORINSINGLEPOLICYNODETOSTRING,Error in pkix_SinglePolicyNode_ToString,0),
-PKIX_ERRORENTRY(ERRORINSINGLEVERIFYNODETOSTRING,Error in pkix_SingleVerifyNode_ToString,0),
-PKIX_ERRORENTRY(ERRORINSPRINTF,Error in PKIX_PL_Sprintf,0),
-PKIX_ERRORENTRY(ERRORINSTRINGCREATE,Error in PKIX_PL_String_Create,0),
-PKIX_ERRORENTRY(ERRORLOCKINGOBJECT,Error locking object,0),
-PKIX_ERRORENTRY(ERRORTOSTRINGFAILED,PKIX_Error_ToString failed,0),
-PKIX_ERRORENTRY(ERRORTRAVERSINGBUCKET,Error traversing bucket,0),
-PKIX_ERRORENTRY(ERRORUNLOCKINGMUTEX,Error unlocking mutex,0),
-PKIX_ERRORENTRY(ERRORUNLOCKINGOBJECT,Error unlocking object,0),
-PKIX_ERRORENTRY(ESCASCIITOUTF16FAILED,pkix_EscASCII_to_UTF16 failed,0),
-PKIX_ERRORENTRY(EXPIRATIONCHECKERINITIALIZEFAILED,pkix_ExpirationChecker_Initialize failed,0),
-PKIX_ERRORENTRY(EXTENDEDKEYUSAGECHECKINGFAILED,Extended Key Usage Checking failed,SEC_ERROR_INADEQUATE_CERT_TYPE),
-PKIX_ERRORENTRY(EXTENDEDKEYUSAGEUSEROBJECT,Extended Key Usage User Object,0),
-PKIX_ERRORENTRY(EXTRACTPARAMETERSFAILED,pkix_ExtractParameters failed,0),
-PKIX_ERRORENTRY(FAILEDINENCODINGSEARCHREQUEST,failed in encoding searchRequest,SEC_ERROR_FAILED_TO_ENCODE_DATA),
-PKIX_ERRORENTRY(FAILEDTODECODECRL, failed to decode CRL,SEC_ERROR_BAD_DER),
-PKIX_ERRORENTRY(FAILEDTOGETNSSTRUSTANCHORS,Failed to get nss trusted roots,0),
-PKIX_ERRORENTRY(FAILEDTOGETTRUST, failed to get trust from the cert,0),
-PKIX_ERRORENTRY(FAILTOREMOVEDPFROMLIST, failed to remove dp from the list,0),
-PKIX_ERRORENTRY(FAILTOSELECTCERTSFROMANCHORS,failed to select certs from anchors,0),
-PKIX_ERRORENTRY(FAILUREHASHINGCERT,Failure hashing Cert,0),
-PKIX_ERRORENTRY(FAILUREHASHINGERROR,Failure hashing Error,0),
-PKIX_ERRORENTRY(FAILUREHASHINGLISTEXPECTEDPOLICYSET,Failure hashing PKIX_List expectedPolicySet,0),
-PKIX_ERRORENTRY(FAILUREHASHINGLISTQUALIFIERSET,Failure hashing PKIX_List qualifierSet,0),
-PKIX_ERRORENTRY(FAILUREHASHINGOIDVALIDPOLICY,Failure hashing PKIX_PL_OID validPolicy,0),
-PKIX_ERRORENTRY(FANOUTEXCEEDSRESOURCELIMITS,Fanout exceeds Resource Limits,0),
-PKIX_ERRORENTRY(FETCHINGCACHEDCRLFAILED,Fetching Cached CRLfailed,0),
-PKIX_ERRORENTRY(FILLINPROCESSINGPARAMSFAILED,Fail to fill in parameters,0),
-PKIX_ERRORENTRY(FILLINRETURNRESULTSFAILED,Fail to fill in return results,0),
-PKIX_ERRORENTRY(FIRSTARGUMENTNOTANOID,FirstObject is not an OID,0),
-PKIX_ERRORENTRY(FIRSTARGUMENTNOTBYTEARRAY,FirstObject is not a ByteArray,0),
-PKIX_ERRORENTRY(FIRSTARGUMENTNOTCERTBASICCONSTRAINTSOBJECT,First argument is not a CertBasicConstraints Object,0),
-PKIX_ERRORENTRY(FIRSTDOUBLEHEXMUSTNOTBE00,First DoubleHex MUST NOT be 00,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(FIRSTFIELDMUSTBEBETWEEN02,First field must be between 0-2,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(FIRSTOBJARGUMENTNOTANOCSPRESPONSE,FirstObject is not an OcspResponse,0),
-PKIX_ERRORENTRY(FIRSTOBJARGUMENTNOTLDAPREQUEST,FirstObject is not a LdapRequest,0),
-PKIX_ERRORENTRY(FIRSTOBJARGUMENTNOTLDAPRESPONSE,FirstObject is not a LdapResponse,0),
-PKIX_ERRORENTRY(FIRSTOBJARGUMENTNOTOCSPREQUEST,FirstObject is not a OcspRequest,0),
-PKIX_ERRORENTRY(FIRSTOBJECTARGUMENTNOTANX500NAME,FirstObject is not an X500Name,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTANERROROBJECT,FirstObject is not an Error object,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTBIGINT,FirstObject not a BigInt,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTBUILDPARAMS,FirstObject is not a BuildParams,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTBUILDRESULT,FirstObject is not a BuildResult,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTCERT,FirstObject is not a Cert,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTCERTBASICCONSTRAINTS,FirstObject is not a CertBasicConstraints,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTCERTNAMECONSTRAINTS,FirstObject is not a CertNameConstraints,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTCERTPOLICYINFO,FirstObject is not a CertPolicyInfo,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTCERTPOLICYMAP,FirstObject is not a CertPolicyMap,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTCERTPOLICYQUALIFIER,FirstObject is not a CertPolicyQualifier,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTCOMCRLSELPARAMS,FirstObject is not a ComCRLSelParams,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTCRL,FirstObject is not a CRL,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTCRLENTRY,FirstObject is not a CRLEntry,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTCRLSELECTOR,FirstObject is not a CRLSelector,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTDATE,FirstObject is not a Date,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTERROR,FirstObject is not an Error,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTGENERALNAME,FirstObject is not a GeneralName,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTINFOACCESS,FirstObject is not a InfoAccess,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTLIST,FirstObject is not a List,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTLOGGER,FirstObject is not a Logger,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTPOLICYNODE,FirstObject is not a PolicyNode,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTPROCESSINGPARAMS,FirstObject is not a ProcessingParams,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTPUBLICKEY,FirstObject is not a PublicKey,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTRESOURCELIMITS,FirstObject is not a ResourceLimits,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTSTRING,FirstObject is not a String,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTTRUSTANCHOR,FirstObject is not a TrustAnchor,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTVALIDATEPARAMS,FirstObject is not a ValidateParams,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTVALIDATERESULT,FirstObject is not a ValidateResult,0),
-PKIX_ERRORENTRY(FIRSTOBJECTNOTVERIFYNODE,FirstObject is not a VerifyNode,0),
-PKIX_ERRORENTRY(FIRSTPUBKEYTYPENULLKEY,firstPubKeyType is nullKey,0),
-PKIX_ERRORENTRY(FUNCTIONMUSTNOTBEUSED,Function MUST not be used,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(FORWARDBUILDERSTATEDUMPSTATEFAILED,pkix_ForwardBuilderState_DumpState failed,0),
-PKIX_ERRORENTRY(FORWARDBUILDERSTATEISIOPENDINGFAILED,pkix_ForwardBuilderState_IsIOPending failed,0),
-PKIX_ERRORENTRY(FORWARDBUILDSTATECREATEFAILED,pkix_ForwardBuildState_Create failed,0),
-PKIX_ERRORENTRY(FREEFAILED,PKIX_PL_Free failed,0),
-PKIX_ERRORENTRY(GENERALNAMECREATEFAILED,pkix_pl_GeneralName_Create failed,0),
-PKIX_ERRORENTRY(GENERALNAMEGETNSSGENERALNAMEFAILED,pkix_pl_GeneralName_GetNssGeneralName failed,0),
-PKIX_ERRORENTRY(GENERALNAMESTRINGMISSINGDOUBLESLASH,GeneralName string missing double slash,SEC_ERROR_BAD_INFO_ACCESS_LOCATION),
-PKIX_ERRORENTRY(GENERALNAMESTRINGMISSINGLOCATIONTYPE,GeneralName string missing location type,SEC_ERROR_BAD_INFO_ACCESS_LOCATION),
-PKIX_ERRORENTRY(GENERALNAMESTRINGMISSINGSERVERSITE,GeneralName string missing server-site,SEC_ERROR_BAD_INFO_ACCESS_LOCATION),
-PKIX_ERRORENTRY(GENERALNAMETOSTRINGFAILED,pkix_pl_GeneralName_ToString failed,0),
-PKIX_ERRORENTRY(GENERALNAMETOSTRINGHELPERFAILED,pkix_pl_GeneralName_ToString_Helper failed,0),
-PKIX_ERRORENTRY(GENERICCLIENTNOTANLDAPDEFAULTCLIENT,genericClient is not an LdapDefaultClient,0),
-PKIX_ERRORENTRY(GETATTRIBUTESCALLEDFORNONENTRYMESSAGE,GetAttributes called for non-Entry message,SEC_ERROR_BAD_LDAP_RESPONSE),
-PKIX_ERRORENTRY(GETCERTSFAILED,getCerts failed,0),
-PKIX_ERRORENTRY(GETCRITICALEXTENSIONOIDSFAILED,pkix_GetCriticalExtensionOIDs failed,0),
-PKIX_ERRORENTRY(GETCRLSFAILED,getCrls failed,0),
-PKIX_ERRORENTRY(GETOIDTOKENFAILED,pkix_pl_getOIDToken failed,0),
-PKIX_ERRORENTRY(GETPKIXERRORCODEFAILED,Get PKIX error code failed,0),
-PKIX_ERRORENTRY(GETREQCERTIFICATEUSAGESFAILED,Fail to get required certificate usages,0),
-PKIX_ERRORENTRY(GETRESULTCODECALLEDFORNONRESULTMESSAGE,GetResultCode called for non-Result message,SEC_ERROR_BAD_LDAP_RESPONSE),
-PKIX_ERRORENTRY(GETRETCERTIFICATEUSAGESFAILED,Fail to get returned certificate usages,0),
-PKIX_ERRORENTRY(GETTRUSTEDCERTLISTFAILED,Fail to get trusted cert list,0),
-PKIX_ERRORENTRY(HASHFAILED,pkix_hash failed,0),
-PKIX_ERRORENTRY(HASHTABLEADDFAILED,PKIX_PL_HashTable_Add failed,0),
-PKIX_ERRORENTRY(HASHTABLECREATEFAILED,PKIX_PL_HashTable_Create failed,0),
-PKIX_ERRORENTRY(HASHTABLELOOKUPFAILED,PKIX_PL_HashTable_Lookup failed,0),
-PKIX_ERRORENTRY(HASHTABLEREMOVEFAILED,PKIX_PL_HashTable_Remove failed,0),
-PKIX_ERRORENTRY(HELPERBYTES2ASCIIFAILED,pkix_pl_helperBytes2Ascii failed,0),
-PKIX_ERRORENTRY(HELPERBYTES2ASCIINUMTOKENSZERO,pkix_pl_helperBytes2Ascii: numTokens is zero,0),
-PKIX_ERRORENTRY(HTTPCERTSTORECREATEREQUESTSESSIONFAILED,pkix_pl_HttpCertStore_CreateRequestSession failed,0),
-PKIX_ERRORENTRY(HTTPCERTSTORECREATEWITHASCIINAMEFAILED,PKIX_PL_HttpCertStore_CreateWithAsciiName failed,0),
-PKIX_ERRORENTRY(HTTPCERTSTOREDECODECERTPACKAGEFAILED,pkix_pl_HttpCertStore_DecodeCertPackage failed,0),
-PKIX_ERRORENTRY(HTTPCERTSTOREFINDSOCKETCONNECTIONFAILED,pkix_HttpCertStore_FindSocketConnection failed,0),
-PKIX_ERRORENTRY(HTTPCERTSTOREPROCESSCERTRESPONSEFAILED,pkix_pl_HttpCertStore_ProcessCertResponse failed,0),
-PKIX_ERRORENTRY(HTTPCERTSTOREPROCESSCRLRESPONSEFAILED,pkix_pl_HttpCertStore_ProcessCrlResponse failed,0),
-PKIX_ERRORENTRY(HTTPCLIENTCREATESESSIONFAILED,HttpClient->CreateSession failed,0),
-PKIX_ERRORENTRY(HTTPCLIENTININVALIDSTATE,HttpClient in invalid state,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTCONNECTCONTINUEFAILED,pkix_pl_HttpDefaultClient_ConnectContinue failed,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTCREATEFAILED,pkix_pl_HttpDefaultClient_Create failed,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTDISPATCHFAILED,pkix_pl_HttpDefaultClient_Dispatch failed,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTHDRCHECKCOMPLETEFAILED,pkix_pl_HttpDefaultClient_HdrCheckComplete failed,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTINILLEGALSTATE,HttpDefaultClient in illegal state,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTRECVBODYCONTINUEFAILED,pkix_pl_HttpDefaultClient_RecvBodyContinue failed,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTRECVBODYFAILED,pkix_pl_HttpDefaultClient_RecvBody failed,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTRECVHDRCONTINUEFAILED,pkix_pl_HttpDefaultClient_RecvHdrContinue failed,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTRECVHDRFAILED,pkix_pl_HttpDefaultClient_RecvHdr failed,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTSENDCONTINUEFAILED,pkix_pl_HttpDefaultClient_SendContinue failed,0),
-PKIX_ERRORENTRY(HTTPDEFAULTCLIENTSENDFAILED,pkix_pl_HttpDefaultClient_Send failed,0),
-PKIX_ERRORENTRY(HTTPSERVERERROR,HTTP Server Error,0),
-PKIX_ERRORENTRY(ILLEGALCHARACTERINESCAPEDASCII,Illegal character in Escaped ASCII String,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(ILLEGALCHARACTERINOID,Illegal character in OID,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(ILLEGALDOTINOID,Illegal period in OID,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(ILLEGALSURROGATEPAIR,Illegal surrogate pair in EscapedASCII,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(ILLEGALUNICODECHARACTER,Illegal Unicode character in EscapedASCII,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(ILLEGALUSEOFAMP,Illegal use of ampersand character,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(IMPOSSIBLECRITERIONFORCRLQUERY,Impossible criterion for Crl Query,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(INDEXOUTOFBOUNDS,Index out of bounds,SEC_ERROR_LIBPKIX_INTERNAL),
-PKIX_ERRORENTRY(INESCAPEDASCII,in EscapedASCII,0),
-PKIX_ERRORENTRY(INFOACCESSCREATEFAILED,pkix_pl_InfoAccess_Create failed,0),
-PKIX_ERRORENTRY(INFOACCESSCREATELISTFAILED,pkix_pl_InfoAccess_CreateList failed,0),
-PKIX_ERRORENTRY(INFOACCESSGETLOCATIONFAILED,PKIX_PL_InfoAccess_GetLocation failed,0),
-PKIX_ERRORENTRY(INFOACCESSGETLOCATIONTYPEFAILED,PKIX_PL_InfoAccess_GetLocationType failed,0),
-PKIX_ERRORENTRY(INFOACCESSGETMETHODFAILED,PKIX_PL_InfoAccess_GetMethod failed,0),
-PKIX_ERRORENTRY(INFOACCESSPARSELOCATIONFAILED,pkix_pl_InfoAccess_ParseLocation failed,0),
-PKIX_ERRORENTRY(INFOACCESSPARSETOKENSFAILED,pkix_pl_InfoAccess_ParseTokens failed,0),
-PKIX_ERRORENTRY(INITIALIZECHECKERSFAILED,pkix_InitializeCheckers failed,0),
-PKIX_ERRORENTRY(INITIALIZEFAILED,PKIX_PL_Initialize failed,0),
-PKIX_ERRORENTRY(INPUTLISTMUSTBEHEADER,Input List must be header,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(INPUTLISTSMUSTBELISTHEADERS,Input Lists must be list headers,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(INSUFFICIENTCRITERIAFORCERTQUERY,Insufficient criteria for Cert query,0),
-PKIX_ERRORENTRY(INSUFFICIENTCRITERIAFORCRLQUERY,Insufficient criteria for Crl Query,0),
-PKIX_ERRORENTRY(INTRUSTEDCERT,in Trusted Cert,0),
-PKIX_ERRORENTRY(INVALIDCHARACTERINBIGINT,Invalid character in BigInt,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(INVALIDDERENCODINGFOROID,Invalid DER-encoding for OID,0),
-PKIX_ERRORENTRY(INVALIDENCODINGOIDTOKENVALUETOOBIG,Invalid encoding: OID token value too big,0),
-PKIX_ERRORENTRY(INVALIDPOLICYMAPPINGINCLUDESANYPOLICY,Invalid policyMapping includes anyPolicy,SEC_ERROR_INVALID_POLICY_MAPPING),
-PKIX_ERRORENTRY(INVALIDREVOCATIONMETHOD,Invalid revocation method,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(INVALIDSIGNINGCERTINOCSPRESPONSE,Invalid signing Cert in OCSP response,SEC_ERROR_OCSP_INVALID_SIGNING_CERT),
-PKIX_ERRORENTRY(INVALIDSTATUS,INVALID STATUS,0),
-PKIX_ERRORENTRY(INVALIDSTORETYPEFORSETTINGCONFIGDIR,Invalid Store type for Setting ConfigDir,0),
-PKIX_ERRORENTRY(IPADDRBYTES2ASCIIDATALENGTHZERO,pkix_pl_ipAddrBytes2Ascii: data length is zero,0),
-PKIX_ERRORENTRY(IPADDRBYTES2ASCIIFAILED,pkix_pl_ipAddrBytes2Ascii failed,0),
-PKIX_ERRORENTRY(ISCERTSELFISSUEDFAILED,pkix_IsCertSelfIssued failed,0),
-PKIX_ERRORENTRY(ISCERTSELFISSUEFAILED,pkix_IsCertSelfIssue failed,0),
-PKIX_ERRORENTRY(KEYUSAGEKEYCERTSIGNBITNOTON,Validation failed: KeyUsage KeyCertSign bit is not on,SEC_ERROR_CA_CERT_INVALID),
-PKIX_ERRORENTRY(KEYUSAGEKEYCRLSIGNBITNOTON,Validation failed: KeyUsage CRLSign bit is not on,0),
-PKIX_ERRORENTRY(LDAPCERTSTOREBUILDCERTLISTFAILED,pkix_pl_LdapCertStore_BuildCertList failed,0),
-PKIX_ERRORENTRY(LDAPCERTSTOREBUILDCRLLISTFAILED,pkix_pl_LdapCertStore_BuildCrlList failed,0),
-PKIX_ERRORENTRY(LDAPCERTSTOREDECODECROSSCERTPAIRFAILED,pkix_pl_LdapCertStore_DecodeCrossCertPair failed,0),
-PKIX_ERRORENTRY(LDAPCERTSTOREDESTROYAVALISTFAILED,pkix_pl_LdapCertStore_DestroyAVAList failed,0),
-PKIX_ERRORENTRY(LDAPCERTSTOREINILLEGALSTATE,LDAP CertStore in illegal state,0),
-PKIX_ERRORENTRY(LDAPCERTSTOREMAKENAMEAVALISTFAILED,pkix_pl_LdapCertStore_MakeNameAVAList failed,0),
-PKIX_ERRORENTRY(LDAPCLIENTINITIATEREQUESTFAILED,PKIX_PL_LdapClient_InitiateRequest failed,0),
-PKIX_ERRORENTRY(LDAPCLIENTRESUMEREQUESTFAILED,PKIX_PL_LdapClient_ResumeRequest failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTABANDONCONTINUEFAILED,pkix_pl_LdapDefaultClient_AbandonContinue failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTBINDCONTINUEFAILED,pkix_pl_LdapDefaultClient_BindContinue failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTBINDFAILED,pkix_pl_LdapDefaultClient_Bind failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTBINDRESPONSECONTINUEFAILED,pkix_pl_LdapDefaultClient_BindResponseContinue failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTBINDRESPONSEFAILED,pkix_pl_LdapDefaultClient_BindResponse failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTCONNECTCONTINUEFAILED,pkix_pl_LdapDefaultClient_ConnectContinue failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTCREATEBYNAMEFAILED,PKIX_PL_LdapDefaultClient_CreateByName failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTCREATEHELPERFAILED,pkix_pl_LdapDefaultClient_CreateHelper failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTDECODEBINDRESPONSEFAILED,pkix_pl_LdapDefaultClient_DecodeBindResponse failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTDISPATCHFAILED,pkix_pl_LdapDefaultClient_Dispatch failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTINILLEGALSTATE,LDAP DefaultClient in illegal state,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTMAKEABANDONFAILED,pkix_pl_LdapDefaultClient_MakeAbandon failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTMAKEANDFILTERFAILED,pkix_pl_LdapDefaultClient_MakeAndFilter failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTMAKEBINDFAILED,pkix_pl_LdapDefaultClient_MakeBind failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTMAKEUNBINDFAILED,pkix_pl_LdapDefaultClient_MakeUnbind failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTRECVCHECKCOMPLETEFAILED,pkix_pl_LdapDefaultClient_RecvCheckComplete failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTRECVCONTINUEFAILED,pkix_pl_LdapDefaultClient_RecvContinue failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTRECVFAILED,pkix_pl_LdapDefaultClient_Recv failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTRECVINITIALFAILED,pkix_pl_LdapDefaultClient_RecvInitial failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTRECVNONINITIALFAILED,pkix_pl_LdapDefaultClient_RecvNonInitial failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTSENDCONTINUEFAILED,pkix_pl_LdapDefaultClient_SendContinue failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTSENDFAILED,pkix_pl_LdapDefaultClient_Send failed,0),
-PKIX_ERRORENTRY(LDAPDEFAULTCLIENTVERIFYBINDRESPONSEFAILED,pkix_pl_LdapDefaultClient_VerifyBindResponse failed,0),
-PKIX_ERRORENTRY(LDAPREQUESTATTRSTRINGTOBITFAILED,pkix_pl_LdapRequest_AttrStringToBit failed,0),
-PKIX_ERRORENTRY(LDAPREQUESTATTRTYPETOBITFAILED,pkix_pl_LdapRequest_AttrTypeToBit failed,0),
-PKIX_ERRORENTRY(LDAPREQUESTCREATEFAILED,pkix_pl_LdapRequest_Create failed,0),
-PKIX_ERRORENTRY(LDAPREQUESTENCODEATTRSFAILED,pkix_pl_LdapRequest_EncodeAttrs failed,0),
-PKIX_ERRORENTRY(LDAPREQUESTGETENCODEDFAILED,pkix_pl_LdapRequest_GetEncoded failed,0),
-PKIX_ERRORENTRY(LDAPRESPONSEAPPENDFAILED,pkix_pl_LdapResponse_Append failed,0),
-PKIX_ERRORENTRY(LDAPRESPONSECREATEFAILED,pkix_pl_LdapResponseCreate failed,0),
-PKIX_ERRORENTRY(LDAPRESPONSEDECODEFAILED,pkix_pl_LDAPResponse_Decode failed,0),
-PKIX_ERRORENTRY(LDAPRESPONSEGETCAPACITYFAILED,pkix_pl_LdapResponse_GetCapacity failed,0),
-PKIX_ERRORENTRY(LDAPRESPONSEGETMESSAGEFAILED,pkix_pl_LdapResponse_GetMessage failed,0),
-PKIX_ERRORENTRY(LDAPRESPONSEGETMESSAGETYPEFAILED,pkix_pl_LdapResponse_GetMessageType failed,0),
-PKIX_ERRORENTRY(LDAPRESPONSEGETRESULTCODEFAILED,pkix_pl_LdapResponse_GetResultCode failed,0),
-PKIX_ERRORENTRY(LDAPRESPONSEISCOMPLETEFAILED,pkix_pl_LdapResponse_IsComplete failed,0),
-PKIX_ERRORENTRY(LISTAPPENDFAILED,PKIX_List_Append failed,0),
-PKIX_ERRORENTRY(LISTAPPENDITEMFAILED,PKIX_List_AppendItem failed,0),
-PKIX_ERRORENTRY(LISTAPPENDLISTFAILED,pkix_List_AppendList failed,0),
-PKIX_ERRORENTRY(LISTAPPENDUNIQUEFAILED,pkix_List_AppendUnique failed,0),
-PKIX_ERRORENTRY(LISTBUBBLESORTFAILED,pkix_List_BubbleSort failed,0),
-PKIX_ERRORENTRY(LISTCONTAINSFAILED,pkix_List_Contains failed,0),
-PKIX_ERRORENTRY(LISTCREATEFAILED,PKIX_List_Create failed,0),
-PKIX_ERRORENTRY(LISTCREATEINTERNALFAILED,pkix_List_Create_Internal failed,0),
-PKIX_ERRORENTRY(LISTDELETEITEMFAILED,PKIX_List_DeleteItem failed,0),
-PKIX_ERRORENTRY(LISTDUPLICATEFAILED,pkix_List_Duplicate failed,0),
-PKIX_ERRORENTRY(LISTEQUALSFAILED,PKIX_List_Equals failed,0),
-PKIX_ERRORENTRY(LISTGETELEMENTFAILED,pkix_List_GetElement failed,0),
-PKIX_ERRORENTRY(LISTGETITEMFAILED,PKIX_List_GetItem failed,0),
-PKIX_ERRORENTRY(LISTGETLENGTHFAILED,PKIX_List_GetLength failed,0),
-PKIX_ERRORENTRY(LISTHASHCODEFAILED,pkix_List_Hashcode failed,0),
-PKIX_ERRORENTRY(LISTINSERTITEMFAILED,PKIX_List_InsertItem failed,0),
-PKIX_ERRORENTRY(LISTISEMPTYFAILED,PKIX_List_IsEmpty failed,0),
-PKIX_ERRORENTRY(LISTMERGEFAILED,pkix_List_MergeList failed,0),
-PKIX_ERRORENTRY(LISTQUICKSORTFAILED,pkix_List_QuickSort failed,0),
-PKIX_ERRORENTRY(LISTREMOVEFAILED,pkix_List_Remove failed,0),
-PKIX_ERRORENTRY(LISTREMOVEITEMSFAILED,pkix_List_RemoveItems failed,0),
-PKIX_ERRORENTRY(LISTREVERSELISTFAILED,PKIX_List_ReverseList failed,0),
-PKIX_ERRORENTRY(LISTSETIMMUTABLEFAILED,PKIX_List_SetImmutable failed,0),
-PKIX_ERRORENTRY(LISTSETITEMFAILED,PKIX_List_SetItem failed,0),
-PKIX_ERRORENTRY(LISTTOSTRINGFAILED,pkix_List_ToString failed,0),
-PKIX_ERRORENTRY(LISTTOSTRINGHELPERFAILED,pkix_List_ToString Helper failed,0),
-PKIX_ERRORENTRY(LOCATIONSTRINGNOTPROPERLYTERMINATED,Location string not properly terminated,0),
-PKIX_ERRORENTRY(LOCKHASNONZEROREADCOUNT,Lock has non-zero read count,0),
-PKIX_ERRORENTRY(LOCKOBJECTFAILED,pkix_LockObject failed,0),
-PKIX_ERRORENTRY(LOGGERDUPLICATEFAILED,pkix_Logger_Duplicate failed,0),
-PKIX_ERRORENTRY(LOGGINGLEVELEXCEEDSMAXIMUM,Logging Level exceeds Maximum,0),
-PKIX_ERRORENTRY(LOOPDISCOVEREDDUPCERTSNOTALLOWED,Loop discovered: duplicate certificates not allowed,SEC_ERROR_UNTRUSTED_ISSUER),
-PKIX_ERRORENTRY(LOOPOFERRORCAUSEDETECTED,Loop of error causes detected,0),
-PKIX_ERRORENTRY(MAJORVERSIONSDONTMATCH,Major versions do not match,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(MALLOCFAILED,PKIX_PL_Malloc failed,0),
-PKIX_ERRORENTRY(MEMLEAKGENERATEDERROR,Error generated for memory leak testing,SEC_ERROR_NO_MEMORY),
-PKIX_ERRORENTRY(MINORVERSIONNOTBETWEENDESIREDMINANDMAX,Minor version does not fall between desired minimum and maximum,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(MISSINGDSAPARAMETERS,Missing DSA parameters in Trusted Cert,SEC_ERROR_INVALID_KEY),
-PKIX_ERRORENTRY(MONITORLOCKCREATEFAILED,PKIX_PL_MonitorLock_Create failed,0),
-PKIX_ERRORENTRY(MONITORLOCKENTERFAILED,PKIX_PL_MonitorLock_Enter failed,0),
-PKIX_ERRORENTRY(MONITORLOCKEXITFAILED,PKIX_PL_MonitorLock_Exit failed,0),
-PKIX_ERRORENTRY(MUTEXLOCKFAILED,PKIX_PL_Mutex_Lock failed,0),
-PKIX_ERRORENTRY(NAMECHAININGCHECKERINITIALIZEFAILED,pkix_NameChainingChecker_Initialize failed,0),
-PKIX_ERRORENTRY(NAMECHAININGCHECKFAILED,Name Chaining Check failed,SEC_ERROR_UNKNOWN_ISSUER),
-PKIX_ERRORENTRY(NAMECOMPONENTWITHNOEQ,Name Component with no equal sign,SEC_ERROR_BAD_INFO_ACCESS_LOCATION),
-PKIX_ERRORENTRY(NAMECONSTRAINTSCHECKERINITIALIZEFAILED,pkix_NameConstraintsChecker_Initialize failed,0),
-PKIX_ERRORENTRY(NAMECONSTRAINTSCHECKERSTATECREATEFAILED,pkix_NameConstraintsCheckerState_Create failed,0),
-PKIX_ERRORENTRY(NAMETYPENOTSUPPORTED,name type not supported,0),
-PKIX_ERRORENTRY(NOCONTENTTYPEINHTTPRESPONSE,No content type in Http Response,SEC_ERROR_BAD_HTTP_RESPONSE),
-PKIX_ERRORENTRY(NODESMISSINGFROMCHAIN,Nodes missing from chain,0),
-PKIX_ERRORENTRY(NOREGISTEREDHTTPCLIENT,No registered Http Client,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(NORESPONSEDATAINHTTPRESPONSE,No responseData in Http Response,SEC_ERROR_BAD_HTTP_RESPONSE),
-PKIX_ERRORENTRY(NOTARGETCERTSUPPLIED,No target cert supplied,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(NOTCONFORMINGCRLDP,Cert CRL DP does not conform to the rfc, 0),
-PKIX_ERRORENTRY(NOTDERPACKAGE,Not a DER package,0),
-PKIX_ERRORENTRY(NOTENOUGHNAMECOMPONENTSINGENERALNAME,Not enough name components in GeneralName,0),
-PKIX_ERRORENTRY(NSSCERTIFICATEUSAGETOPKIXKUANDEKUFAILED,Failed to convert nss certificate usage to pkix ku and eku data structures,0),
-PKIX_ERRORENTRY(NSSCONTEXTCREATEFAILED,PKIX_PL_NssContext_Create failed,0),
-PKIX_ERRORENTRY(NSSCONTEXTDESTROYFAILED,PKIX_PL_NssContext_Destroy failed,0),
-PKIX_ERRORENTRY(NSSCONTEXTGETCHECKALLUSAGESFAILED, pkix_pl_NssContext_GetCheckAllUsages failed,0),
-PKIX_ERRORENTRY(NSSCONTEXTGETRETURNUSAGESFAILED, pkix_pl_NssContext_GetReturnUsages failed,0),
-PKIX_ERRORENTRY(NSSCONTEXTGETWINCXFAILED,pkix_pl_NssContext_GetWincx failed,0),
-PKIX_ERRORENTRY(NSSCONTEXTSETCERTSIGNCHECKFAILED, pkix_pl_NssContext_SetCertSignatureCheck,0),
-PKIX_ERRORENTRY(NSSCONTEXTSETCERTUSAGEFAILED, pkix_pl_NssContext_SetCertUsage failed,0),
-PKIX_ERRORENTRY(NSSCONTEXTSETCHECKALLUSAGESFAILED, pkix_pl_NssContext_SetCheckAllUsages failed,0),
-PKIX_ERRORENTRY(NSSCONTEXTSETRETURNEDCERTUSAGEFAILED, pkix_pl_NssContext_SetReturnedCertUsage,0),
-PKIX_ERRORENTRY(NSSCONTEXTSETRETURNUSAGESFAILED, pkix_pl_NssContext_SetReturnUsages failed,0),
-PKIX_ERRORENTRY(NSSCONTEXTVALIDATINGRESPONDERCERTFAILED,pkix_pl_NssContext_ValidatingResponderCert failed,0),
-PKIX_ERRORENTRY(NSSTRUSTEDLISTISEMPTY,nss trusted roots list is empty,0),
-PKIX_ERRORENTRY(NULLARGUMENT,Null argument,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(NUMBUCKETSEQUALSZERO,NumBuckets equals zero,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(OBJECTALLOCFAILED,PKIX_PL_Object_Alloc failed,0),
-PKIX_ERRORENTRY(OBJECTARGUMENTNOTPOLICYMAP,object argument is not a PolicyMap,0),
-PKIX_ERRORENTRY(OBJECTCOMPARATORFAILED,PKIX_PL_Object_Comparator failed,0),
-PKIX_ERRORENTRY(OBJECTDEFINED,object-defined ,0),
-PKIX_ERRORENTRY(OBJECTDUPLICATECERTFAILED,PKIX_PL_Object_Duplicate Cert failed,0),
-PKIX_ERRORENTRY(OBJECTDUPLICATECONTEXTFAILED,PKIX_PL_Object_Duplicate Context failed,0),
-PKIX_ERRORENTRY(OBJECTDUPLICATEDATEFAILED,PKIX_PL_Object_Duplicate Date failed,0),
-PKIX_ERRORENTRY(OBJECTDUPLICATEFAILED,PKIX_PL_Object_Duplicate failed,0),
-PKIX_ERRORENTRY(OBJECTDUPLICATEISSUERNAMESFAILED,PKIX_PL_Object_Duplicate IssuerNames failed,0),
-PKIX_ERRORENTRY(OBJECTDUPLICATELISTFAILED,PKIX_PL_Object_Duplicate List failed,0),
-PKIX_ERRORENTRY(OBJECTDUPLICATEMAXCRLNUMBERFAILED,PKIX_PL_Object_Duplicate maxCRLNumber failed,0),
-PKIX_ERRORENTRY(OBJECTDUPLICATEMINCRLNUMBERFAILED,PKIX_PL_Object_Duplicate minCRLNumber failed,0),
-PKIX_ERRORENTRY(OBJECTDUPLICATEPARAMSFAILED,PKIX_PL_Object_Duplicate Params failed,0),
-PKIX_ERRORENTRY(OBJECTEQUALSFAILED,PKIX_PL_Object_Equals failed,0),
-PKIX_ERRORENTRY(OBJECTEQUALSFAILEDONCHILDREN,PKIX_PL_Object_Equals failed on children,0),
-PKIX_ERRORENTRY(OBJECTEQUALSFAILEDONEXPECTEDPOLICYSETS,PKIX_PL_Object_Equals failed on expectedPolicySets,0),
-PKIX_ERRORENTRY(OBJECTGETTYPEFAILED,PKIX_PL_Object_GetType failed,0),
-PKIX_ERRORENTRY(OBJECTHASHCODEFAILED,PKIX_PL_Object_Hashcode failed,0),
-PKIX_ERRORENTRY(OBJECTINVALIDATECACHEFAILED,PKIX_PL_Object_InvalidateCache failed,0),
-PKIX_ERRORENTRY(OBJECTISTYPEREGISTEREDFAILED,PKIX_PL_Object_IsTypeRegistered failed,0),
-PKIX_ERRORENTRY(OBJECTLOCKFAILED,PKIX_PL_Object_Lock failed,0),
-PKIX_ERRORENTRY(OBJECTNOTAIAMGR,Object is not a AIAMgr,0),
-PKIX_ERRORENTRY(OBJECTNOTANEKUCHECKERSTATE,Object is not an EKU Checker State,0),
-PKIX_ERRORENTRY(OBJECTNOTANERROR,Object is not an Error,0),
-PKIX_ERRORENTRY(OBJECTNOTANHTTPCERTSTORECONTEXT,Object is not an HttpCertStoreContext,0),
-PKIX_ERRORENTRY(OBJECTNOTANHTTPDEFAULTCLIENT,Object is not an HttpDefaultClient,0),
-PKIX_ERRORENTRY(OBJECTNOTANINFOACCESS,Object is not an InfoAccess,0),
-PKIX_ERRORENTRY(OBJECTNOTANLDAPDEFAULTCLIENT,Object is not an LdapDefaultClient,0),
-PKIX_ERRORENTRY(OBJECTNOTANOCSPRESPONSE,Object is not an OcspResponse,0),
-PKIX_ERRORENTRY(OBJECTNOTANOID,Object is not an OID,0),
-PKIX_ERRORENTRY(OBJECTNOTANSOCKET,Object is not an Socket,0),
-PKIX_ERRORENTRY(OBJECTNOTANX500NAME,Object is not an X500Name,0),
-PKIX_ERRORENTRY(OBJECTNOTBASICCONSTRAINTSCHECKERSTATE,Object is not a basic constraints checker state,0),
-PKIX_ERRORENTRY(OBJECTNOTBIGINT,Object is not a BigInt,0),
-PKIX_ERRORENTRY(OBJECTNOTBUILDPARAMS,Object is not a BuildParams,0),
-PKIX_ERRORENTRY(OBJECTNOTBUILDRESULT,Object is not a BuildResult,0),
-PKIX_ERRORENTRY(OBJECTNOTBYTEARRAY,Object is not a bytearray,0),
-PKIX_ERRORENTRY(OBJECTNOTCERT,Object is not a Cert,0),
-PKIX_ERRORENTRY(OBJECTNOTCERTBASICCONSTRAINTS,Object is not a CertBasicConstraints,0),
-PKIX_ERRORENTRY(OBJECTNOTCERTCHAINCHECKER,Object is not a cert chain checker,0),
-PKIX_ERRORENTRY(OBJECTNOTCERTNAMECONSTRAINTS,Object is not a CertNameConstraints,0),
-PKIX_ERRORENTRY(OBJECTNOTCERTPOLICYINFO,Object is not a CertPolicyInfo,0),
-PKIX_ERRORENTRY(OBJECTNOTCERTPOLICYMAP,Object is not a CertPolicyMap,0),
-PKIX_ERRORENTRY(OBJECTNOTCERTPOLICYQUALIFIER,Object is not a CertPolicyQualifier,0),
-PKIX_ERRORENTRY(OBJECTNOTCERTSELECTOR,Object is not a cert selector,0),
-PKIX_ERRORENTRY(OBJECTNOTCERTSTORE,Object is not a CertStore,0),
-PKIX_ERRORENTRY(OBJECTNOTCOLLECTIONCERTSTORECONTEXT,Object is not a CollectionCertStoreContext,0),
-PKIX_ERRORENTRY(OBJECTNOTCOMCERTSELPARAMS,Object is not a comCertSelParams,0),
-PKIX_ERRORENTRY(OBJECTNOTCOMCRLSELPARAMS,Object is not a ComCRLSelParams,0),
-PKIX_ERRORENTRY(OBJECTNOTCRL,Object is not a CRL,0),
-PKIX_ERRORENTRY(OBJECTNOTCRLENTRY,Object is not a CRLEntry,0),
-PKIX_ERRORENTRY(OBJECTNOTCRLSELECTOR,Object is not a CRLSelector,0),
-PKIX_ERRORENTRY(OBJECTNOTDATE,Object is not a Date,0),
-PKIX_ERRORENTRY(OBJECTNOTCRLCHECKER,Object is not a CRLChecker,0),
-PKIX_ERRORENTRY(OBJECTNOTDEFAULTREVOCATIONCHECKER,Object is not a DefaultRevocationChecker,0),
-PKIX_ERRORENTRY(OBJECTNOTFORWARDBUILDERSTATE,Object is not a PKIX_ForwardBuilderState,0),
-PKIX_ERRORENTRY(OBJECTNOTGENERALNAME,Object is not a GeneralName,0),
-PKIX_ERRORENTRY(OBJECTNOTHASHTABLE,Object is not a hashtable,0),
-PKIX_ERRORENTRY(OBJECTNOTINFOACCESS,Object is not a InfoAccess,0),
-PKIX_ERRORENTRY(OBJECTNOTLDAPREQUEST,Object is not a LdapRequest,0),
-PKIX_ERRORENTRY(OBJECTNOTLDAPRESPONSE,Object is not a LdapResponse,0),
-PKIX_ERRORENTRY(OBJECTNOTLIST,Object is not a list,0),
-PKIX_ERRORENTRY(OBJECTNOTLOGGER,Object is not a Logger,0),
-PKIX_ERRORENTRY(OBJECTNOTMONITORLOCK,Object is not a MonitorLock,0),
-PKIX_ERRORENTRY(OBJECTNOTMUTEX,Object is not a Mutex,0),
-PKIX_ERRORENTRY(OBJECTNOTNAMECONSTRAINTSCHECKERSTATE,Object is not a name constraints checker state,0),
-PKIX_ERRORENTRY(OBJECTNOTOCSPCERTID,Object is not an OcspCertID,0),
-PKIX_ERRORENTRY(OBJECTNOTOCSPCHECKER,Object is not an OCSPChecker,0),
-PKIX_ERRORENTRY(OBJECTNOTOCSPREQUEST,Object is not an OcspRequest,0),
-PKIX_ERRORENTRY(OBJECTNOTPOLICYCHECKERSTATE,Object is not a PKIX_PolicyCheckerState,0),
-PKIX_ERRORENTRY(OBJECTNOTPOLICYNODE,Object is not a PolicyNode,0),
-PKIX_ERRORENTRY(OBJECTNOTPROCESSINGPARAMS,Object is not a ProcessingParams,0),
-PKIX_ERRORENTRY(OBJECTNOTPUBLICKEY,Object is not a PublicKey,0),
-PKIX_ERRORENTRY(OBJECTNOTRESOURCELIMITS,Object is not a ResourceLimits,0),
-PKIX_ERRORENTRY(OBJECTNOTREVOCATIONCHECKER,Object is not a revocation checker,0),
-PKIX_ERRORENTRY(OBJECTNOTRWLOCK,Object is not a RWLock,0),
-PKIX_ERRORENTRY(OBJECTNOTSIGNATURECHECKERSTATE,Object is not a signature checker state,0),
-PKIX_ERRORENTRY(OBJECTNOTSOCKET,Object is not a Socket,0),
-PKIX_ERRORENTRY(OBJECTNOTSTRING,Object is not a string,0),
-PKIX_ERRORENTRY(OBJECTNOTTARGETCERTCHECKERSTATE,Object is not a target cert checker state,0),
-PKIX_ERRORENTRY(OBJECTNOTTRUSTANCHOR,Object is not a trustAnchor,0),
-PKIX_ERRORENTRY(OBJECTNOTVALIDATEPARAMS,Object is not a ValidateParams,0),
-PKIX_ERRORENTRY(OBJECTNOTVALIDATERESULT,Object is not a ValidateResult,0),
-PKIX_ERRORENTRY(OBJECTNOTVERIFYNODE,Object is not a VerifyNode,0),
-PKIX_ERRORENTRY(OBJECTREGISTERTYPEFAILED,PKIX_PL_Object_RegisterType failed,0),
-PKIX_ERRORENTRY(OBJECTRETRIEVEEQUALSCALLBACKFAILED,pkix_pl_Object_RetrieveEqualsCallback failed,0),
-PKIX_ERRORENTRY(OBJECTSPECIFICFUNCTIONFAILED,object-specific function failed,0),
-PKIX_ERRORENTRY(OBJECTSTILLREFERENCED,Object is still referenced,0),
-PKIX_ERRORENTRY(OBJECTTOSTRINGFAILED,PKIX_PL_Object_ToString failed,0),
-PKIX_ERRORENTRY(OBJECTTYPESDONOTMATCH,Object types do not match,0),
-PKIX_ERRORENTRY(OBJECTWITHNONPOSITIVEREFERENCES,Object with non-positive references,0),
-PKIX_ERRORENTRY(OCSPCERTIDCREATEFAILED,PKIX_PL_OcspCertID_Create failed,0),
-PKIX_ERRORENTRY(OCSPCERTIDGETFRESHCACHESTATUSFAILED,PKIX_PL_OcspCertID_GetFreshCacheStatus returned an error,0),
-PKIX_ERRORENTRY(OCSPCERTIDREMEMBEROCSPFAILUREDFAILED,PKIX_PL_OcspCertID_RememberOCSPProcessingFailure,0),
-PKIX_ERRORENTRY(OCSPCHECKERCREATEFAILED,PKIX_OcspChecker_Create failed,0),
-PKIX_ERRORENTRY(OCSPBADHTTPRESPONSE,Bad Http Response,SEC_ERROR_OCSP_BAD_HTTP_RESPONSE),
-PKIX_ERRORENTRY(OCSPREQUESTCREATEFAILED,PKIX_PL_OcspRequest_Create failed,0),
-PKIX_ERRORENTRY(OCSPREQUESTGETCERTIDFAILED,pkix_pl_OcspRequest_GetCertID failed,0),
-PKIX_ERRORENTRY(OCSPREQUESTGETENCODEDFAILED,pkix_pl_OcspRequest_GetEncoded failed,0),
-PKIX_ERRORENTRY(OCSPREQUESTGETLOCATIONFAILED,pkix_pl_OcspRequest_GetLocation failed,0),
-PKIX_ERRORENTRY(OCSPRESPONSECREATEFAILED,pkix_pl_OcspResponse_Create failed,0),
-PKIX_ERRORENTRY(OCSPRESPONSEDECODEFAILED,pkix_pl_OcspResponse_Decode failed,0),
-PKIX_ERRORENTRY(OCSPRESPONSEGETSTATUSFORCERTFAILED,pkix_pl_OcspResponse_GetStatusForCert failed,0),
-PKIX_ERRORENTRY(OCSPRESPONSEGETSTATUSRETURNEDANERROR,pkix_pl_OcspResponse_GetStatus returned an error,0),
-PKIX_ERRORENTRY(OCSPRESPONSESAYSCERTREVOKED,OCSP response says Cert revoked,SEC_ERROR_REVOKED_CERTIFICATE_OCSP),
-PKIX_ERRORENTRY(OCSPRESPONSEVERIFYSIGNATUREFAILED,pkix_pl_OcspResponse_VerifySignature failed,0),
-PKIX_ERRORENTRY(OCSPSERVERERROR,OCSP Server Error,SEC_ERROR_OCSP_SERVER_ERROR),
-PKIX_ERRORENTRY(OIDBYTES2ASCIIDATALENGTHZERO,pkix_pl_oidBytes2Ascii: data length is zero,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(OIDBYTES2ASCIIFAILED,pkix_pl_oidBytes2Ascii failed,0),
-PKIX_ERRORENTRY(OIDBYTESLENGTH0,Oid bytes length is 0,0),
-PKIX_ERRORENTRY(OIDCOMPARATORFAILED,pkix_pl_OID_Comparator failed,0),
-PKIX_ERRORENTRY(OIDCOMPONENTTOOBIG,Overflow error: OID component > 2^32,0),
-PKIX_ERRORENTRY(OIDCREATEFAILED,PKIX_PL_OID_Create failed,0),
-PKIX_ERRORENTRY(OIDEQUALFAILED,PKIX_PL_OID_Equal failed,0),
-PKIX_ERRORENTRY(OIDEQUALSFAILED,PKIX_PL_OID_Equals failed,0),
-PKIX_ERRORENTRY(OIDGETNEXTTOKENFAILED,pkix_pl_OID_GetNextToken failed,0),
-PKIX_ERRORENTRY(OIDHASHCODEFAILED,PKIX_PL_OID_Hashcode failed,0),
-PKIX_ERRORENTRY(OIDLENGTHTOOSHORT,OID length too short,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(OIDNEEDS2ORMOREFIELDS,OID needs 2 or more fields,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(OIDTOSTRINGFAILED,PKIX_PL_OID_ToString failed,0),
-PKIX_ERRORENTRY(OPERATIONNOTPERMITTEDONIMMUTABLELIST,Operation not permitted on Immutable List,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(OTHERNAMECREATEFAILED,pkix_pl_OtherName_Create failed,0),
-PKIX_ERRORENTRY(OUTOFMEMORY,Out of Memory,0),
-PKIX_ERRORENTRY(PATHLENCONSTRAINTINVALID,Certificate path length constraint is invalid,SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID),
-PKIX_ERRORENTRY(PK11CERTSTORECERTQUERYFAILED,pkix_pl_Pk11CertStore_CertQuery failed,0),
-PKIX_ERRORENTRY(PK11CERTSTORECREATEFAILED,PKIX_PL_Pk11CertStore_Create failed,0),
-PKIX_ERRORENTRY(PK11CERTSTORECRLQUERYFAILED,pkix_pl_Pk11CertStore_CrlQuery failed,0),
-PKIX_ERRORENTRY(PKIXUNKNOWNERROR,PKIX uninitialized error code,0),
-PKIX_ERRORENTRY(POLICYCHECKERCALCULATEINTERSECTIONFAILED,pkix_PolicyChecker_CalculateIntersection failed,0),
-PKIX_ERRORENTRY(POLICYCHECKERCHECKANYFAILED,pkix_PolicyChecker_CheckAny failed,0),
-PKIX_ERRORENTRY(POLICYCHECKERCHECKPOLICYRECURSIVEFAILED,pkix_PolicyChecker_CheckPolicyRecursive failed,0),
-PKIX_ERRORENTRY(POLICYCHECKERERROR,PolicyChecker Error,0),
-PKIX_ERRORENTRY(POLICYCHECKERINITIALIZEFAILED,pkix_PolicyChecker_Initialize failed,0),
-PKIX_ERRORENTRY(POLICYCHECKERMAKEMUTABLECOPYFAILED,pkix_PolicyChecker_MakeMutableCopy failed,0),
-PKIX_ERRORENTRY(POLICYCHECKERMAKESINGLETONFAILED,pkix_PolicyChecker_MakeSingleton failed,0),
-PKIX_ERRORENTRY(POLICYCHECKERMAPCONTAINSFAILED,pkix_PolicyChecker_MapContains failed,0),
-PKIX_ERRORENTRY(POLICYCHECKERMAPGETMAPPEDPOLICIESFAILED,pkix_PolicyChecker_MapGetMappedPolicies failed,0),
-PKIX_ERRORENTRY(POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED,pkix_PolicyChecker_MapGetSubjectDomainPolicies failed,0),
-PKIX_ERRORENTRY(POLICYCHECKERSPAWNFAILED,pkix_PolicyChecker_Spawn failed,0),
-PKIX_ERRORENTRY(POLICYCHECKERSTATECREATEFAILED,PKIX_PolicyCheckerState_Create failed,0),
-PKIX_ERRORENTRY(POLICYNODEADDTOPARENTFAILED,pkix_PolicyNode_AddToParent failed,0),
-PKIX_ERRORENTRY(POLICYNODECREATEFAILED,pkix_PolicyNode_Create failed,0),
-PKIX_ERRORENTRY(POLICYNODEDUPLICATEHELPERFAILED,pkix_PolicyNode_DuplicateHelper failed,0),
-PKIX_ERRORENTRY(POLICYNODEGETCHILDRENMUTABLEFAILED,pkix_PolicyNode_GetChildrenMutable failed,0),
-PKIX_ERRORENTRY(POLICYNODEGETDEPTHFAILED,PKIX_PolicyNode_GetDepth failed,0),
-PKIX_ERRORENTRY(POLICYNODEGETEXPECTEDPOLICIESFAILED,PKIX_PolicyNode_GetExpectedPolicies failed,0),
-PKIX_ERRORENTRY(POLICYNODEGETPARENTFAILED,PKIX_PolicyNode_GetParent failed,0),
-PKIX_ERRORENTRY(POLICYNODEGETPOLICYQUALIFIERSFAILED,PKIX_PolicyNode_GetPolicyQualifiers failed,0),
-PKIX_ERRORENTRY(POLICYNODEGETVALIDPOLICYFAILED,PKIX_PolicyNode_GetValidPolicy failed,0),
-PKIX_ERRORENTRY(POLICYNODEISCRITICALFAILED,PKIX_PolicyNode_IsCritical failed,0),
-PKIX_ERRORENTRY(POLICYNODEPRUNEFAILED,pkix_PolicyNode_Prune failed,0),
-PKIX_ERRORENTRY(POLICYTREETOOIDSFAILED,Failed to convert policy tree to oid,0),
-PKIX_ERRORENTRY(PORTARENAALLOCFAILED,PORT Arena Allocation failed, 0),
-PKIX_ERRORENTRY(PORTUCS2UTF8CONVERSIONFAILED,PORT_UCS2_UTF8Conversion failed.,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(PRACCEPTFAILED,PR_Accept failed,0),
-PKIX_ERRORENTRY(PRBINDFAILED,PR_Bind failed,0),
-PKIX_ERRORENTRY(PRCONNECTCONTINUEFAILED,PR_ConnectContinue failed,0),
-PKIX_ERRORENTRY(PRCONNECTFAILED,PR_Connect failed,0),
-PKIX_ERRORENTRY(PRENUMERATEHOSTENTFAILED,PR_EnumerateHostEnt failed.,0),
-PKIX_ERRORENTRY(PRGETHOSTBYNAMEREJECTSHOSTNAMEARGUMENT,PR_GetHostByName rejects hostname argument.,0),
-PKIX_ERRORENTRY(PRIMHASHTABLEADDFAILED,pkix_pl_PrimHashTable_Add failed,0),
-PKIX_ERRORENTRY(PRIMHASHTABLECREATEFAILED,pkix_pl_PrimHashTable_Create failed,0),
-PKIX_ERRORENTRY(PRIMHASHTABLEDESTROYFAILED,pkix_pl_PrimHashTable_Destroy failed,0),
-PKIX_ERRORENTRY(PRIMHASHTABLEGETBUCKETSIZEFAILED,pkix_pl_PrimHashTable_GetBucketSize failed,0),
-PKIX_ERRORENTRY(PRIMHASHTABLELOOKUPFAILED,pkix_pl_PrimHashTable_Lookup failed,0),
-PKIX_ERRORENTRY(PRIMHASHTABLEREMOVEFAILED,pkix_pl_PrimHashTable_Remove failed,0),
-PKIX_ERRORENTRY(PRLISTENFAILED,PR_Listen failed,0),
-PKIX_ERRORENTRY(PRNEWTCPSOCKETFAILED,PR_NewTCPSocket failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSADDCERTCHAINCHECKERFAILED,PKIX_ProcessingParams_AddCertChainChecker failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSADDCERTSTOREFAILED,PKIX_ProcessingParams_AddCertStore failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSADDREVMETHODFAILED,PKIX_ProcessingParams_AddRevocationMethod failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSCREATEFAILED,PKIX_ProcessingParams_Create failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED,PKIX_ProcessingParams_GetCertChainCheckers failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETCERTSTORESFAILED,PKIX_ProcessingParams_GetCertStores failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETDATEFAILED,PKIX_ProcessingParams_GetDate failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETHINTCERTSFAILED,PKIX_ProcessingParams_GetHintCerts failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETINITIALPOLICIESFAILED,PKIX_ProcessingParams_GetInitialPolicies failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETNISTREVPOLICYENABLEDFAILED,pkix_ProcessingParams_GetNISTRevocationPolicyEnabled failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETPOLICYQUALIFIERSREJECTEDFAILED,PKIX_ProcessingParams_GetPolicyQualifiersRejected failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETRESOURCELIMITSFAILED,PKIX_ProcessingParams_GetResourceLimits failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED,PKIX_ProcessingParams_GetRevocationChecker failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETREVOCATIONENABLEDFAILED,PKIX_ProcessingParams_GetRevocationEnabled failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED,PKIX_ProcessingParams_GetTargetCertConstraints failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSGETTRUSTANCHORSFAILED,PKIX_ProcessingParams_GetTrustAnchors failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSISANYPOLICYINHIBITEDFAILED,PKIX_ProcessingParams_IsAnyPolicyInhibited failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSISEXPLICITPOLICYREQUIREDFAILED,PKIX_ProcessingParams_IsExplicitPolicyRequired failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSISPOLICYMAPPINGINHIBITEDFAILED,PKIX_ProcessingParams_IsPolicyMappingInhibited failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETANYPOLICYINHIBITED,PKIX_ProcessingParams_SetAnyPolicyInhibited failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETCERTSTORESFAILED,PKIX_ProcessingParams_SetCertStores failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETDATEFAILED,PKIX_ProcessingParams_SetDate failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETEXPLICITPOLICYREQUIRED,PKIX_ProcessingParams_SetExplicitPolicyRequired failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETHINTCERTSFAILED,PKIX_ProcessingParams_SetHintCerts failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETINITIALPOLICIESFAILED,PKIX_ProcessingParams_SetInitialPolicies failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETNISTREVOCATIONENABLEDFAILED,PKIX_ProcessingParams_SetNISTRevocationEnabled failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETPOLICYMAPPINGINHIBITED,PKIX_ProcessingParams_SetPolicyMappingInhibited failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETREVOCATIONCHECKERFAILED,PKIX_ProcessingParams_SetRevocationChecker failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETTARGETCERTCONSTRAINTSFAILED,PKIX_ProcessingParams_SetTargetCertConstraints failed,0),
-PKIX_ERRORENTRY(PROCESSINGPARAMSSETQUALIFYTARGETCERTFLAGFAILED,ProcessingParams_SetQualifyTargetCertFlag failed,0),
-PKIX_ERRORENTRY(PRPOLLFAILED,PR_Poll failed,0),
-PKIX_ERRORENTRY(PRPOLLRETBADFILENUM,PR_Poll failed,0),
-PKIX_ERRORENTRY(PRRECVFAILED,PR_Recv failed,0),
-PKIX_ERRORENTRY(PRRECVREPORTSNETWORKCONNECTIONCLOSED,PR_Recv reports network connection is closed,0),
-PKIX_ERRORENTRY(PRSENDFAILED,PR_Send failed,0),
-PKIX_ERRORENTRY(PRSHUTDOWNFAILED,PR_Shutdown failed,0),
-PKIX_ERRORENTRY(PRSMPRINTFFAILED,PR_smprintf failed,0),
-PKIX_ERRORENTRY(PRSNPRINTFFAILED,PR_snprintf failed,0),
-PKIX_ERRORENTRY(PUBKEYTYPENULLKEY,pubKeyType is nullKey,0),
-PKIX_ERRORENTRY(PUBLICKEYMAKEINHERITEDDSAPUBLICKEYFAILED,PKIX_PL_PublicKey_MakeInheritedDSAPublicKey failed,0),
-PKIX_ERRORENTRY(PUBLICKEYNEEDSDSAPARAMETERSFAILED,PKIX_PL_PublicKey_NeedsDSAParameters failed,0),
-PKIX_ERRORENTRY(PUBLICKEYTOSTRINGFAILED,PKIX_PL_PublicKey_ToString failed,0),
-PKIX_ERRORENTRY(PUBLICKEYTOSTRINGHELPERFAILED,pkix_pl_PublicKey_ToString_Helper failed,0),
-PKIX_ERRORENTRY(QUALIFIERSINCRITICALCERTIFICATEPOLICYEXTENSION,Qualifiers in critical Certificate Policy extension,0),
-PKIX_ERRORENTRY(REALLOCFAILED,PKIX_PL_Realloc failed,0),
-PKIX_ERRORENTRY(RECEIVEDCORRUPTEDOBJECTARGUMENT,Received corrupted object argument,0),
-PKIX_ERRORENTRY(REGISTERCERTSTOREFAILED,RegisterCertStores failed,0),
-PKIX_ERRORENTRY(REMOVEDUPUNTRUSTEDCERTSFAILED, pkix_Build_RemoveDupUntrustedCerts failed,0),
-PKIX_ERRORENTRY(REQUESTNOTANHTTPDEFAULTCLIENT,request is not an HttpDefaultClient,0),
-PKIX_ERRORENTRY(RESOURCELIMITSGETMAXDEPTHFAILED,PKIX_ResourceLimits_GetMaxDepth failed,0),
-PKIX_ERRORENTRY(RESOURCELIMITSGETMAXFANOUTFAILED,PKIX_ResourceLimits_GetMaxFanout failed,0),
-PKIX_ERRORENTRY(RESOURCELIMITSGETMAXTIMEFAILED,PKIX_ResourceLimits_GetMaxTime failed,0),
-PKIX_ERRORENTRY(RETRIEVEOUTPUTSFAILED,pkix_RetrieveOutputs failed,0),
-PKIX_ERRORENTRY(REVCHECKCERTFAILED,pkix_RevCheckCert failed,0),
-PKIX_ERRORENTRY(REVCHECKERCHECKFAILED,revCheckerCheck failed,0),
-PKIX_ERRORENTRY(REVOCATIONCHECKERADDMETHODFAILED,Can not add revocation method,0),
-PKIX_ERRORENTRY(REVOCATIONCHECKERCREATEFAILED,PKIX_RevocationChecker_Create failed,0),
-PKIX_ERRORENTRY(REVOCATIONCHECKERGETREVCALLBACKFAILED,PKIX_RevocationChecker_GetRevCallback failed,0),
-PKIX_ERRORENTRY(REVOCATIONCHECKERGETREVCHECKERCONTEXTFAILED,PKIX_RevocationChecker_GetRevCheckerContext failed,0),
-PKIX_ERRORENTRY(REVOCATIONCHECKERWASNOTSET,Revocation chekcer was not set,0),
-PKIX_ERRORENTRY(REVOKEDBYUNKNOWNCRLREASONCODE,Revoked by Unknown CRL ReasonCode,0),
-PKIX_ERRORENTRY(SEARCHRESPONSEPACKETOFUNKNOWNTYPE,SearchResponse packet of unknown type,SEC_ERROR_BAD_LDAP_RESPONSE),
-PKIX_ERRORENTRY(SECASN1ENCODEITEMFAILED,SEC_ASN1EncodeItem failed,SEC_ERROR_FAILED_TO_ENCODE_DATA),
-PKIX_ERRORENTRY(SECERRORUNKNOWNISSUER,Nss legacy err code: build failed. Issuer is unknown.,SEC_ERROR_UNKNOWN_ISSUER),
-PKIX_ERRORENTRY(SECKEYCOPYSUBJECTPUBLICKEYINFOFAILED,SECKEY_CopySubjectPublicKeyInfo failed,0),
-PKIX_ERRORENTRY(SECKEYEXTRACTPUBLICKEYFAILED,SECKEY_ExtractPublicKey failed,0),
-PKIX_ERRORENTRY(SECOIDCOPYALGORITHMIDFAILED,SECOID_CopyAlgorithmID failed,0),
-PKIX_ERRORENTRY(SECOIDFINDOIDTAGDESCRIPTIONFAILED,SECOID_FindOIDTag Description failed,0),
-PKIX_ERRORENTRY(SECONDFIELDMUSTBEBETWEEN039,Second field must be between 0-39,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(SECONDKEYDSAPUBLICKEY,Second key is a DSA public key but has null parameters,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(SECONDKEYNOTDSAPUBLICKEY,Second key is not a DSA public key,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(SECONDPUBKEYTYPENULLKEY,secondPubKeyType is nullKey,0),
-PKIX_ERRORENTRY(SECQUICKDERDECODERFAILED,SEC_QuickDERDecodeItem failed,0),
-PKIX_ERRORENTRY(SECREADPKCS7CERTSFAILED,SEC_ReadPKCS7Certs failed,0),
-PKIX_ERRORENTRY(SELECTORMATCHFAILED,selectorMatch failed,0),
-PKIX_ERRORENTRY(SESSIONNOTANHTTPDEFAULTCLIENT,session is not an HttpDefaultClient,0),
-PKIX_ERRORENTRY(SETPOLICIESFAILED,Fail to set cert validation policies,0),
-PKIX_ERRORENTRY(SHUTDOWNFAILED,PKIX_PL_Shutdown failed,0),
-PKIX_ERRORENTRY(SIGNATURECHECKERINITIALIZEFAILED,pkix_SignatureChecker_Initialize failed,0),
-PKIX_ERRORENTRY(SIGNATURECHECKERSTATECREATEFAILED,pkix_SignatureCheckerState_Create failed,0),
-PKIX_ERRORENTRY(SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY,Signature did not verify with the public key,SEC_ERROR_BAD_SIGNATURE),
-PKIX_ERRORENTRY(SINGLEPOLICYNODEEQUALSFAILED,PKIX_PL_SinglePolicyNode_Equals failed,0),
-PKIX_ERRORENTRY(SINGLEPOLICYNODEHASHCODEFAILED,pkix_SinglePolicyNode_Hashcode failed,0),
-PKIX_ERRORENTRY(SINGLEPOLICYNODETOSTRINGFAILED,pkix_SinglePolicyNode_ToString failed,0),
-PKIX_ERRORENTRY(SINGLEVERIFYNODEEQUALSFAILED,PKIX_PL_SingleVerifyNode_Equals failed,0),
-PKIX_ERRORENTRY(SINGLEVERIFYNODEHASHCODEFAILED,pkix_SingleVerifyNode_Hashcode failed,0),
-PKIX_ERRORENTRY(SOCKETCONNECTCONTINUEFAILED,pkix_pl_Socket_ConnectContinue failed,0),
-PKIX_ERRORENTRY(SOCKETCONNECTFAILED,pkix_pl_Socket_Connect failed,0),
-PKIX_ERRORENTRY(SOCKETCREATEBYHOSTANDPORTFAILED,pkix_pl_Socket_CreateByHostAndPort failed,0),
-PKIX_ERRORENTRY(SOCKETCREATEBYNAMEFAILED,pkix_pl_Socket_CreateByName failed,0),
-PKIX_ERRORENTRY(SOCKETCREATECLIENTFAILED,pkix_pl_Socket_CreateClient failed,0),
-PKIX_ERRORENTRY(SOCKETCREATEFAILED,pkix_pl_Socket_Create failed,0),
-PKIX_ERRORENTRY(SOCKETCREATESERVERFAILED,pkix_pl_Socket_CreateServer failed,0),
-PKIX_ERRORENTRY(SOCKETEQUALSFAILED,PKIX_PL_Socket_Equals failed,0),
-PKIX_ERRORENTRY(SOCKETGETCALLBACKLISTFAILED,pkix_pl_Socket_GetCallbackList failed,0),
-PKIX_ERRORENTRY(SOCKETGETPRFILEDESCFAILED,pkix_pl_Socket_GetPRFileDesc failed,0),
-PKIX_ERRORENTRY(SOCKETHASHCODEFAILED,PKIX_PL_Socket_Hashcode failed,0),
-PKIX_ERRORENTRY(SOCKETPOLLFAILED,pkix_pl_Socket_Poll failed,0),
-PKIX_ERRORENTRY(SOCKETRECVFAILED,pkix_pl_Socket_Recv failed,0),
-PKIX_ERRORENTRY(SOCKETSENDFAILED,pkix_pl_Socket_Send failed,0),
-PKIX_ERRORENTRY(SOCKETSETNONBLOCKINGFAILED,pkix_pl_Socket_SetNonBlocking failed,0),
-PKIX_ERRORENTRY(SOURCESTRINGHASINVALIDLENGTH,Source string has invalid length,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(SPRINTFFAILED,PKIX_PL_Sprintf failed,0),
-PKIX_ERRORENTRY(STRINGCOMPARATORFAILED,pkix_pl_String_Comparator failed,0),
-PKIX_ERRORENTRY(STRINGCREATEFAILED,PKIX_PL_String_Create failed,0),
-PKIX_ERRORENTRY(STRINGEQUALSFAILED,pkix_pl_String_Equals failed,0),
-PKIX_ERRORENTRY(STRINGGETENCODEDFAILED,PKIX_PL_String_GetEncoded failed,0),
-PKIX_ERRORENTRY(STRINGHASHCODEFAILED,pkix_pl_String_Hashcode failed,0),
-PKIX_ERRORENTRY(SUBJALTNAMECHECKFAILED,Validation failed: SubjAltNamecheck failed,0),
-PKIX_ERRORENTRY(TARGETCERTCHECKERINITIALIZEFAILED,pkix_TargetCertChecker_Initialize failed,0),
-PKIX_ERRORENTRY(TARGETCERTCHECKERSTATECREATEFAILED,pkix_TargetCertCheckerState_Create failed,0),
-PKIX_ERRORENTRY(TESTANOTHERERRORMESSAGE, Another Error Message,0),
-PKIX_ERRORENTRY(TESTERRORMESSAGE, Error Message,0),
-PKIX_ERRORENTRY(TESTNOMATCHINGPOLICY, No Matching Policy,0),
-PKIX_ERRORENTRY(TESTNOTANERRORCRLSELECTMISMATCH, Not an error CRL Select mismatch,0),
-PKIX_ERRORENTRY(TESTPOLICYEXTWITHNOPOLICYQUALIFIERS, Policies extension but no Policy Qualifiers,0),
-PKIX_ERRORENTRY(TIMECONSUMEDEXCEEDSRESOURCELIMITS,Time consumed exceeds Resource Limits,SEC_ERROR_OUT_OF_SEARCH_LIMITS),
-PKIX_ERRORENTRY(TOOLITTLEDATAINDERSEQUENCE,Too little data in DER Sequence,0),
-PKIX_ERRORENTRY(TOOMUCHDATAINDERSEQUENCE,Too much data in DER Sequence,0),
-PKIX_ERRORENTRY(TOSTRINGFORTHISGENERALNAMETYPENOTSUPPORTED,ToString for this GeneralName type not supported,0),
-PKIX_ERRORENTRY(TRUNCATEDUNICODEINESCAPEDASCII,Truncated Unicode in EscapedASCII,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(TRUSTANCHORCREATEWITHCERTFAILED,PKIX_TrustAnchor_CreateWithCert failed,0),
-PKIX_ERRORENTRY(TRUSTANCHORGETCANAMEFAILED,PKIX_TrustAnchor_GetCAName failed,0),
-PKIX_ERRORENTRY(TRUSTANCHORGETCAPUBLICKEYFAILED,PKIX_TrustAnchor_GetCAPublicKey failed,0),
-PKIX_ERRORENTRY(TRUSTANCHORGETNAMECONSTRAINTSFAILED,PKIX_TrustAnchor_GetNameConstraints failed,0),
-PKIX_ERRORENTRY(TRUSTANCHORGETTRUSTEDCERTFAILED,PKIX_TrustAnchor_GetTrustedCert failed,0),
-PKIX_ERRORENTRY(TRUSTANCHORTOCERTFAILED,Fail to convert trust anchor to cert,0),
-PKIX_ERRORENTRY(TYPEALREADYREGISTERED,Type is already registered,0),
-PKIX_ERRORENTRY(UNABLETOADDACCEPTABLERESPONSESTOREQUEST,Unable to add acceptableResponses to request,0),
-PKIX_ERRORENTRY(UNABLETOADDCERTTOCERTLIST,Unable to add Cert to CertList,0),
-PKIX_ERRORENTRY(UNABLETOBUILDCHAIN,Unable to build chain,0),
-PKIX_ERRORENTRY(UNABLETOCREATECERTOCSPREQUEST,Unable to create a CertOCSPRequest,0),
-PKIX_ERRORENTRY(UNABLETOCREATECRLSTRING,Unable to create crlString,0),
-PKIX_ERRORENTRY(UNABLETOCREATEGENERALNAMEOFTHISTYPE,Unable to create GeneralName of this type,0),
-PKIX_ERRORENTRY(UNABLETOCREATEISSUER,Unable to create Issuer,0),
-PKIX_ERRORENTRY(UNABLETOCREATELIST,Unable to create list,0),
-PKIX_ERRORENTRY(UNABLETOCREATENEWCERTLIST,Unable to create a new CertList,0),
-PKIX_ERRORENTRY(UNABLETOCREATEPSTRING,Unable to create pString,0),
-PKIX_ERRORENTRY(UNABLETOFINDSTATUSINOCSPRESPONSE,Unable to find status in OCSP response,SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS),
-PKIX_ERRORENTRY(UNABLETOMAKELISTIMMUTABLE,Unable to make list immutable,0),
-PKIX_ERRORENTRY(UNABLETOOPENCERTFILE,Unable to open cert file,0),
-PKIX_ERRORENTRY(UNABLETOOPENCRLFILE,Unable to open crl file,0),
-PKIX_ERRORENTRY(UNABLETOPARSEOCSPRESPONSE,Unable to parse OCSP response,SEC_ERROR_OCSP_MALFORMED_RESPONSE),
-PKIX_ERRORENTRY(UNABLETOREADDERFROMCERTFILE,Unable to read DER from cert file,0),
-PKIX_ERRORENTRY(UNABLETOREADDERFROMCRLFILE,Unable to read DER from crl file,0),
-PKIX_ERRORENTRY(UNABLETOSETSOCKETTONONBLOCKING,Unable to set socket to non-blocking I/O,0),
-PKIX_ERRORENTRY(UNDEFINEDCALLBACK,Undefined callback,0),
-PKIX_ERRORENTRY(UNDEFINEDCLASSTABLEENTRY,Undefined class table entry,0),
-PKIX_ERRORENTRY(UNDEFINEDCOMPARATOR,Undefined Comparator,0),
-PKIX_ERRORENTRY(UNDEFINEDDUPLICATEFUNCTION,Undefined Duplicate function,0),
-PKIX_ERRORENTRY(UNDEFINEDEQUALSCALLBACK,Undefined equals callback,0),
-PKIX_ERRORENTRY(UNEXPECTEDERRORINESTABLISHINGCONNECTION,Unexpected error in establishing connection,0),
-PKIX_ERRORENTRY(UNEXPECTEDRESULTCODEINRESPONSE,Unexpected result code in Response,SEC_ERROR_BAD_LDAP_RESPONSE),
-PKIX_ERRORENTRY(UNKNOWNFORMAT,Unknown format,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(UNKNOWNINFOACCESSTYPE,Unknown InfoAccess type,SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE),
-PKIX_ERRORENTRY(UNKNOWNINFOACCESSMETHOD,Unknown InfoAccess method,SEC_ERROR_BAD_INFO_ACCESS_METHOD),
-PKIX_ERRORENTRY(UNKNOWNOBJECTOID,Unknown object OID,0),
-PKIX_ERRORENTRY(UNKNOWNOBJECTTYPE,Unknown object type,0),
-PKIX_ERRORENTRY(UNKNOWNTYPEARGUMENT,Unknown type argument,0),
-PKIX_ERRORENTRY(UNLOCKOBJECTFAILED,pkix_UnlockObject failed,0),
-PKIX_ERRORENTRY(UNRECOGNIZEDCRITICALEXTENSION,Unrecognized Critical Extension,SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION),
-PKIX_ERRORENTRY(UNRECOGNIZEDCRLENTRYCRITICALEXTENSION,Unrecognized CRLEntry Critical Extension,SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION),
-PKIX_ERRORENTRY(UNRECOGNIZEDPROTOCOLREQUESTED,Unrecognized protocol requested,0),
-PKIX_ERRORENTRY(UNRECOGNIZEDREQUESTMETHOD,Unrecognized request method,0),
-PKIX_ERRORENTRY(UNRECOGNIZEDTIMETYPE,Unrecognized time type,0),
-PKIX_ERRORENTRY(UNSUPPORTEDCRLDPTYPE,CrlDp type is not supported,0),
-PKIX_ERRORENTRY(UNSUPPORTEDVERSIONOFHTTPCLIENT,Unsupported version of Http Client,0),
-PKIX_ERRORENTRY(UNSUPPORTEDCERTUSAGE,Specified certificate usage is unsupported,SEC_ERROR_CERT_USAGES_INVALID),
-PKIX_ERRORENTRY(URLPARSINGFAILED,URL Parsing failed,0),
-PKIX_ERRORENTRY(USERCHECKERCHECKFAILED,userCheckerCheck failed,0),
-PKIX_ERRORENTRY(UTF16ALIGNMENTERROR,UTF16 Alignment Error,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(UTF16HIGHZONEALIGNMENTERROR,UTF16 High Zone Alignment Error,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(UTF16LOWZONEERROR,UTF16 Low Zone Error,SEC_ERROR_INVALID_ARGS),
-PKIX_ERRORENTRY(UTF16TOESCASCIIFAILED,pkix_UTF16_to_EscASCII failed,0),
-PKIX_ERRORENTRY(UTF16TOUTF8FAILED,pkix_UTF16_to_UTF8 failed,0),
-PKIX_ERRORENTRY(UTF8TOUTF16FAILED,pkix_UTF8_to_UTF16 failed,0),
-PKIX_ERRORENTRY(VALIDATEBUILDUSEROIDSFAILED,pkix_Validate_BuildUserOIDs failed,0),
-PKIX_ERRORENTRY(VALIDATECERTCHAINFAILED,Failed to validate cert chain,0),
-PKIX_ERRORENTRY(VALIDATECHAINFAILED,PKIX_ValidateChain failed,0),
-PKIX_ERRORENTRY(VALIDATEPARAMSGETCERTCHAINFAILED,PKIX_ValidateParams_GetCertChain failed,0),
-PKIX_ERRORENTRY(VALIDATEPARAMSGETPROCESSINGPARAMSFAILED,PKIX_ValidateParams_GetProcessingParams failed,0),
-PKIX_ERRORENTRY(VALIDATERESULTCREATEFAILED,pkix_ValidateResult_Create failed,0),
-PKIX_ERRORENTRY(VALIDATERESULTGETPOLICYTREEFAILED,PKIX_ValidateResult_GetPolicyTree failed,0),
-PKIX_ERRORENTRY(VALIDATERESULTGETTRUSTANCHORFAILED,PKIX_ValidateResult_GetTrustAnchor failed,0),
-PKIX_ERRORENTRY(VALIDATIONFAILEDCERTSIGNATURECHECKING,Validation failed: Cert Signature checking,SEC_ERROR_BAD_SIGNATURE),
-PKIX_ERRORENTRY(VALIDATIONFAILEDNULLCERTPOINTER,Validation failed: NULL Cert pointer,0),
-PKIX_ERRORENTRY(VALIDATIONFAILEDPATHTONAMECHECKFAILED,Validation failed: PathToName check failed,SEC_ERROR_CERT_NOT_IN_NAME_SPACE),
-PKIX_ERRORENTRY(VALUEINESCAPEDASCII,value in EscapedASCII,0),
-PKIX_ERRORENTRY(VERIFYNODEADDTOCHAINFAILED,pkix_VerifyNode_AddToChain failed,0),
-PKIX_ERRORENTRY(VERIFYNODEADDTOTREEFAILED,pkix_VerifyNode_AddToTree failed,0),
-PKIX_ERRORENTRY(VERIFYNODECREATEFAILED,pkix_VerifyNode_Create failed,0),
-PKIX_ERRORENTRY(VERIFYNODEDUPLICATEHELPERFAILED,pkix_VerifyNode_DuplicateHelper failed,0),
-PKIX_ERRORENTRY(VERIFYNODEFINDERRORFAILED,pkix_VerifyNode_FindError failed,0),
-PKIX_ERRORENTRY(VERIFYNODESETDEPTHFAILED,pkix_VerifyNode_SetDepth failed,0),
-PKIX_ERRORENTRY(VERIFYNODESETERRORFAILED,pkix_VerifyNode_SetError failed,0),
-PKIX_ERRORENTRY(VERSIONVALUEMUSTBEV1ORV2,Version value must be V1(0) or V2(1),SEC_ERROR_CRL_INVALID),
-PKIX_ERRORENTRY(VERSIONVALUEMUSTBEV1V2ORV3,Version value must be v1(0) v2(1) or v3(2),SEC_ERROR_CERT_VALID),
-PKIX_ERRORENTRY(X500NAMECOMPAREDERBYTESFAILED,pkix_pl_X500Name_CompareDERBytes failed,0),
-PKIX_ERRORENTRY(X500NAMECREATEFAILED,PKIX_PL_X500Name_Create failed,0),
-PKIX_ERRORENTRY(X500NAMECREATEFROMCERTNAMEFAILED,pkix_pl_X500Name_CreateFromCERTName failed,0),
-PKIX_ERRORENTRY(X500NAMECREATEFROMUTF8FAILED,pkix_pl_X500Name_CreateFromUtf8 failed,0),
-PKIX_ERRORENTRY(X500NAMEEQUALSFAILED,PKIX_PL_X500Name_Equals failed,0),
-PKIX_ERRORENTRY(X500NAMEGETCOMMONNAMEFAILED,pkix_pl_X500Name_GetCommonName failed,0),
-PKIX_ERRORENTRY(X500NAMEGETCOUNTRYNAMEFAILED,pkix_pl_X500Name_GetCountryName failed,0),
-PKIX_ERRORENTRY(X500NAMEGETORGNAMEFAILED,pkix_pl_X500Name_GetOrgName failed,0),
-PKIX_ERRORENTRY(X500NAMEGETSECNAMEFAILED,pkix_pl_X500Name_GetSECName failed,0),
-PKIX_ERRORENTRY(X500NAMEHASHCODEFAILED,PKIX_PL_X500Name_Hashcode failed,0),
-PKIX_ERRORENTRY(X500NAMEMATCHFAILED,PKIX_PL_X500Name_Match failed,0),
-PKIX_ERRORENTRY(X500NAMETOSTRINGFAILED,PKIX_PL_X500Name_ToString failed,0),
-PKIX_ERRORENTRY(X500NAMETOSTRINGHELPERFAILED,pkix_pl_X500Name_ToString_Helper failed,0),
-PKIX_ERRORENTRY(ZEROLENGTHBYTEARRAYFORCRLENCODING,Zero-length ByteArray for CRL encoding,0)
diff --git a/security/nss/lib/libpkix/include/pkix_params.h b/security/nss/lib/libpkix/include/pkix_params.h
deleted file mode 100755
index f0aed9225..000000000
--- a/security/nss/lib/libpkix/include/pkix_params.h
+++ /dev/null
@@ -1,1759 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines functions associated with the various parameters used
- * by the top-level functions.
- *
- */
-
-#ifndef _PKIX_PARAMS_H
-#define _PKIX_PARAMS_H
-
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/* PKIX_ProcessingParams
- *
- * PKIX_ProcessingParams are parameters used when validating or building a
- * chain of certificates. Using the parameters, the caller can specify several
- * things, including the various inputs to the PKIX chain validation
- * algorithm (such as trust anchors, initial policies, etc), any customized
- * functionality (such as CertChainCheckers, RevocationCheckers, CertStores),
- * and whether revocation checking should be disabled.
- *
- * Once the caller has created the ProcessingParams object, the caller then
- * passes it to PKIX_ValidateChain or PKIX_BuildChain, which uses it to call
- * the user's callback functions as needed during the validation or building
- * process.
- *
- * If a parameter is not set (or is set to NULL), it will be set to the
- * default value for that parameter. The default value for the Date parameter
- * is NULL, which indicates the current time when the path is validated. The
- * default for the remaining parameters is the least constrained.
- */
-
-/*
- * FUNCTION: PKIX_ProcessingParams_Create
- * DESCRIPTION:
- *
- * Creates a new ProcessingParams object. Trust anchor list is set to
- * newly created empty list of trust. In this case trust anchors will
- * be taken from provided cert store. Pointed to the created
- * ProcessingParams object is stored in "pParams".
- *
- * PARAMETERS:
- * "anchors"
- * Address of List of (non-empty) TrustAnchors to be used.
- * Must be non-NULL.
- * "pParams"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_Create(
- PKIX_ProcessingParams **pParams,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetCertChainCheckers
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of CertChainCheckers (if any) that are set
- * in the ProcessingParams pointed to by "params" and stores it at
- * "pCheckers". Each CertChainChecker represents a custom certificate
- * validation check used by PKIX_ValidateChain or PKIX_BuildChain as needed
- * during the validation or building process. If "params" does not have any
- * CertChainCheckers, this function stores an empty List at "pCheckers".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of CertChainCheckers (if any)
- * are to be stored. Must be non-NULL.
- * "pCheckers"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetCertChainCheckers(
- PKIX_ProcessingParams *params,
- PKIX_List **pCheckers, /* list of PKIX_CertChainChecker */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetCertChainCheckers
- * DESCRIPTION:
- *
- * Sets the ProcessingParams pointed to by "params" with a List of
- * CertChainCheckers pointed to by "checkers". Each CertChainChecker
- * represents a custom certificate validation check used by
- * PKIX_ValidateChain or PKIX_BuildChain as needed during the validation or
- * building process. If "checkers" is NULL, no CertChainCheckers will be used.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of CertChainCheckers is to be
- * set. Must be non-NULL.
- * "checkers"
- * Address of List of CertChainCheckers to be set. If NULL, no
- * CertChainCheckers will be used.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params" and "checkers"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetCertChainCheckers(
- PKIX_ProcessingParams *params,
- PKIX_List *checkers, /* list of PKIX_CertChainChecker */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_AddCertChainChecker
- * DESCRIPTION:
- *
- * Adds the CertChainChecker pointed to by "checker" to the ProcessingParams
- * pointed to by "params". The CertChainChecker represents a custom
- * certificate validation check used by PKIX_ValidateChain or PKIX_BuildChain
- * as needed during the validation or building process.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams to be added to. Must be non-NULL.
- * "checker"
- * Address of CertChainChecker to be added. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_AddCertChainChecker(
- PKIX_ProcessingParams *params,
- PKIX_CertChainChecker *checker,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetRevocationChecker
- * DESCRIPTION:
- *
- * Retrieves a pointer to the RevocationChecker that are set
- * in the ProcessingParams pointed to by "params" and stores it at
- * "pRevChecker". Each RevocationChecker represents a revocation
- * check used by PKIX_ValidateChain or PKIX_BuildChain as needed during the
- * validation or building process. If "params" does not have any
- * RevocationCheckers, this function stores an empty List at "pRevChecker".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of RevocationCheckers
- * is to be stored. Must be non-NULL.
- * "pRevChecker"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetRevocationChecker(
- PKIX_ProcessingParams *params,
- PKIX_RevocationChecker **pChecker,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetRevocationChecker
- * DESCRIPTION:
- *
- * Sets the ProcessingParams pointed to by "params" with a
- * RevocationChecker pointed to by "revChecker". Revocation
- * checker object should be created and assigned to processing
- * parameters before chain build or validation can begin.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of RevocationCheckers is to be
- * set. Must be non-NULL.
- * "revChecker"
- * Address of RevocationChecker to be set. Must be set before chain
- * building or validation.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetRevocationChecker(
- PKIX_ProcessingParams *params,
- PKIX_RevocationChecker *revChecker,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetCertStores
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of CertStores (if any) that are set in the
- * ProcessingParams pointed to by "params" and stores it at "pStores". Each
- * CertStore represents a particular repository from which certificates and
- * CRLs can be retrieved by PKIX_ValidateChain or PKIX_BuildChain as needed
- * during the validation or building process. If "params" does not have any
- * CertStores, this function stores an empty List at "pStores".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of CertStores (if any) are to
- * be stored. Must be non-NULL.
- * "pStores"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetCertStores(
- PKIX_ProcessingParams *params,
- PKIX_List **pStores, /* list of PKIX_CertStore */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetCertStores
- * DESCRIPTION:
- *
- * Sets the ProcessingParams pointed to by "params" with a List of CertStores
- * pointed to by "stores". Each CertStore represents a particular repository
- * from which certificates and CRLs can be retrieved by PKIX_ValidateChain or
- * PKIX_BuildChain as needed during the validation or building process. If
- * "stores" is NULL, no CertStores will be used.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of CertStores is to be set.
- * Must be non-NULL.
- * "stores"
- * Address of List of CertStores to be set. If NULL, no CertStores will
- * be used.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetCertStores(
- PKIX_ProcessingParams *params,
- PKIX_List *stores, /* list of PKIX_CertStore */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_AddCertStore
- * DESCRIPTION:
- *
- * Adds the CertStore pointed to by "store" to the ProcessingParams pointed
- * to by "params". The CertStore represents a particular repository from
- * which certificates and CRLs can be retrieved by PKIX_ValidateChain or
- * PKIX_BuildChain as needed during the validation or building process.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams to be added to. Must be non-NULL.
- * "store"
- * Address of CertStore to be added.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_AddCertStore(
- PKIX_ProcessingParams *params,
- PKIX_CertStore *store,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetDate
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Date (if any) that is set in the
- * ProcessingParams pointed to by "params" and stores it at "pDate". The
- * Date represents the time for which the validation of the certificate chain
- * should be determined. If "params" does not have any Date set, this function
- * stores NULL at "pDate".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose Date (if any) is to be stored.
- * Must be non-NULL.
- * "pDate"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetDate(
- PKIX_ProcessingParams *params,
- PKIX_PL_Date **pDate,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetDate
- * DESCRIPTION:
- *
- * Sets the ProcessingParams pointed to by "params" with a Date pointed to by
- * "date". The Date represents the time for which the validation of the
- * certificate chain should be determined. If "date" is NULL, the current
- * time is used during validation.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose Date is to be set. Must be non-NULL.
- * "date"
- * Address of Date to be set. If NULL, current time is used.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetDate(
- PKIX_ProcessingParams *params,
- PKIX_PL_Date *date,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetInitialPolicies
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of OIDs (if any) that are set in the
- * ProcessingParams pointed to by "params" and stores it at "pInitPolicies".
- * Each OID represents an initial policy identifier, indicating that any
- * one of these policies would be acceptable to the certificate user for
- * the purposes of certification path processing. If "params" does not have
- * any initial policies, this function stores an empty List at
- * "pInitPolicies".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of OIDs (if any) are to be
- * stored. Must be non-NULL.
- * "pInitPolicies"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetInitialPolicies(
- PKIX_ProcessingParams *params,
- PKIX_List **pInitPolicies, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetInitialPolicies
- * DESCRIPTION:
- *
- * Sets the ProcessingParams pointed to by "params" with a List of OIDs
- * pointed to by "initPolicies".
- *
- * Each OID represents an initial policy identifier, indicating that any
- * one of these policies would be acceptable to the certificate user for
- * the purposes of certification path processing. By default, any policy
- * is acceptable (i.e. all policies), so a user that wants to allow any
- * policy as acceptable does not need to call this method. Similarly, if
- * initPolicies is NULL or points to an empty List, all policies are
- * acceptable.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of OIDs is to be set.
- * Must be non-NULL.
- * "initPolicies"
- * Address of List of OIDs to be set. If NULL or if pointing to an empty
- * List, all policies are acceptable.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetInitialPolicies(
- PKIX_ProcessingParams *params,
- PKIX_List *initPolicies, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetPolicyQualifiersRejected
- * DESCRIPTION:
- *
- * Checks whether the ProcessingParams pointed to by "params" indicate that
- * policy qualifiers should be rejected and stores the Boolean result at
- * "pRejected".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams used to determine whether or not policy
- * qualifiers should be rejected. Must be non-NULL.
- * "pRejected"
- * Address where Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetPolicyQualifiersRejected(
- PKIX_ProcessingParams *params,
- PKIX_Boolean *pRejected,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetPolicyQualifiersRejected
- * DESCRIPTION:
- *
- * Specifies in the ProcessingParams pointed to by "params" whether policy
- * qualifiers are rejected using the Boolean value of "rejected".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams to be set. Must be non-NULL.
- * "rejected"
- * Boolean value indicating whether policy qualifiers are to be rejected.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetPolicyQualifiersRejected(
- PKIX_ProcessingParams *params,
- PKIX_Boolean rejected,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetTargetCertConstraints
- * DESCRIPTION:
- *
- * Retrieves a pointer to the CertSelector (if any) that is set in the
- * ProcessingParams pointed to by "params" and stores it at "pConstraints".
- * The CertSelector represents the constraints to be placed on the target
- * certificate. If "params" does not have any CertSelector set, this function
- * stores NULL at "pConstraints".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose CertSelector (if any) is to be
- * stored. Must be non-NULL.
- * "pConstraints"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetTargetCertConstraints(
- PKIX_ProcessingParams *params,
- PKIX_CertSelector **pConstraints,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetTargetCertConstraints
- * DESCRIPTION:
- *
- * Sets the ProcessingParams pointed to by "params" with a CertSelector
- * pointed to by "constraints". The CertSelector represents the constraints
- * to be placed on the target certificate. If "constraints" is NULL, no
- * constraints are defined.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose CertSelector is to be set.
- * Must be non-NULL.
- * "constraints"
- * Address of CertSelector to be set. If NULL, no constraints are defined.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetTargetCertConstraints(
- PKIX_ProcessingParams *params,
- PKIX_CertSelector *constraints,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetTrustAnchors
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of TrustAnchors that are set in
- * the ProcessingParams pointed to by "params" and stores it at "pAnchors".
- * If the function succeeds, the pointer to the List is guaranteed to be
- * non-NULL and the List is guaranteed to be non-empty.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of TrustAnchors are to
- * be stored. Must be non-NULL.
- * "pAnchors"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetTrustAnchors(
- PKIX_ProcessingParams *params,
- PKIX_List **pAnchors, /* list of TrustAnchor */
- void *plContext);
-/*
- * FUNCTION: PKIX_ProcessingParams_SetTrustAnchors
- * DESCRIPTION:
- *
- * Sets user defined set of trust anchors. A certificate will be considered
- * invalid if it does not chain to a trusted anchor from this list.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of TrustAnchors are to
- * be stored. Must be non-NULL.
- * "anchors"
- * Address of the trust anchors list object. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetTrustAnchors(
- PKIX_ProcessingParams *params,
- PKIX_List *pAnchors, /* list of TrustAnchor */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetUseAIAForCertFetching
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Boolean. The boolean value represents
- * the switch value that is used to identify if url in cert AIA extension
- * may be used for cert fetching.
- * If the function succeeds, the pointer to the Boolean is guaranteed to be
- * non-NULL.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams. Must be non-NULL.
- * "pUseAIA"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetUseAIAForCertFetching(
- PKIX_ProcessingParams *params,
- PKIX_Boolean *pUseAIA, /* list of TrustAnchor */
- void *plContext);
-/*
- * FUNCTION: PKIX_ProcessingParams_SetTrustAnchors
- * DESCRIPTION:
- *
- * Sets switch value that defines if url in cert AIA extension
- * may be used for cert fetching.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams.
- * "useAIA"
- * Address of the trust anchors list object. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetUseAIAForCertFetching(
- PKIX_ProcessingParams *params,
- PKIX_Boolean useAIA,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetQualifyTargetCert
- * DESCRIPTION:
- *
- * Sets a boolean value that tells if libpkix needs to check that
- * the target certificate satisfies the conditions set in processing
- * parameters. Includes but not limited to date, ku and eku checks.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of TrustAnchors are to
- * be stored. Must be non-NULL.
- * "qualifyTargetCert"
- * boolean value if set to true will trigger qualification of the
- * target certificate.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetQualifyTargetCert(
- PKIX_ProcessingParams *params,
- PKIX_Boolean qualifyTargetCert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetHintCerts
- * DESCRIPTION:
- *
- * Retrieves a pointer to a List of Certs supplied by the user as a suggested
- * partial CertChain (subject to verification), that are set in the
- * ProcessingParams pointed to by "params", and stores it at "pHintCerts".
- * The List returned may be empty or NULL.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of TrustAnchors are to
- * be stored. Must be non-NULL.
- * "pHintCerts"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetHintCerts(
- PKIX_ProcessingParams *params,
- PKIX_List **pHintCerts,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetHintCerts
- * DESCRIPTION:
- *
- * Stores a pointer to a List of Certs supplied by the user as a suggested
- * partial CertChain (subject to verification), as an element in the
- * ProcessingParams pointed to by "params". The List may be empty or NULL.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose List of HintCerts is to be stored.
- * Must be non-NULL.
- * "hintCerts"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetHintCerts(
- PKIX_ProcessingParams *params,
- PKIX_List *hintCerts,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetResourceLimits
- * DESCRIPTION:
- *
- * Retrieves a pointer to the ResourceLimits (if any) that is set in the
- * ProcessingParams pointed to by "params" and stores it at "pResourceLimits".
- * The ResourceLimits represent the maximum resource usage that the caller
- * desires (such as MaxTime). The ValidateChain or BuildChain call will not
- * exceed these maximum limits. If "params" does not have any ResourceLimits
- * set, this function stores NULL at "pResourceLimits".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose ResourceLimits (if any) are to be
- * stored. Must be non-NULL.
- * "pResourceLimits"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetResourceLimits(
- PKIX_ProcessingParams *params,
- PKIX_ResourceLimits **pResourceLimits,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetResourceLimits
- * DESCRIPTION:
- *
- * Sets the ProcessingParams pointed to by "params" with a ResourceLimits
- * object pointed to by "resourceLimits". The ResourceLimits represent the
- * maximum resource usage that the caller desires (such as MaxTime). The
- * ValidateChain or BuildChain call will not exceed these maximum limits.
- * If "resourceLimits" is NULL, no ResourceLimits are defined.
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams whose ResourceLimits are to be set.
- * Must be non-NULL.
- * "resourceLimits"
- * Address of ResourceLimits to be set. If NULL, no limits are defined.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetResourceLimits(
- PKIX_ProcessingParams *params,
- PKIX_ResourceLimits *resourceLimits,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_IsAnyPolicyInhibited
- * DESCRIPTION:
- *
- * Checks whether the ProcessingParams pointed to by "params" indicate that
- * anyPolicy is inhibited and stores the Boolean result at "pInhibited".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams used to determine whether or not anyPolicy
- * inhibited. Must be non-NULL.
- * "pInhibited"
- * Address where Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_IsAnyPolicyInhibited(
- PKIX_ProcessingParams *params,
- PKIX_Boolean *pInhibited,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetAnyPolicyInhibited
- * DESCRIPTION:
- *
- * Specifies in the ProcessingParams pointed to by "params" whether anyPolicy
- * is inhibited using the Boolean value of "inhibited".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams to be set. Must be non-NULL.
- * "inhibited"
- * Boolean value indicating whether anyPolicy is to be inhibited.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetAnyPolicyInhibited(
- PKIX_ProcessingParams *params,
- PKIX_Boolean inhibited,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_IsExplicitPolicyRequired
- * DESCRIPTION:
- *
- * Checks whether the ProcessingParams pointed to by "params" indicate that
- * explicit policies are required and stores the Boolean result at
- * "pRequired".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams used to determine whether or not explicit
- * policies are required. Must be non-NULL.
- * "pRequired"
- * Address where Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_IsExplicitPolicyRequired(
- PKIX_ProcessingParams *params,
- PKIX_Boolean *pRequired,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetExplicitPolicyRequired
- * DESCRIPTION:
- *
- * Specifies in the ProcessingParams pointed to by "params" whether explicit
- * policies are required using the Boolean value of "required".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams to be set. Must be non-NULL.
- * "required"
- * Boolean value indicating whether explicit policies are to be required.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetExplicitPolicyRequired(
- PKIX_ProcessingParams *params,
- PKIX_Boolean required,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_IsPolicyMappingInhibited
- * DESCRIPTION:
- *
- * Checks whether the ProcessingParams pointed to by "params" indicate that
- * policyMapping is inhibited and stores the Boolean result at "pInhibited".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams used to determine whether or not policy
- * mappings are inhibited. Must be non-NULL.
- * "pInhibited"
- * Address where Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_IsPolicyMappingInhibited(
- PKIX_ProcessingParams *params,
- PKIX_Boolean *pInhibited,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetPolicyMappingInhibited
- * DESCRIPTION:
- *
- * Specifies in the ProcessingParams pointed to by "params" whether policy
- * mapping is inhibited using the Boolean value of "inhibited".
- *
- * PARAMETERS:
- * "params"
- * Address of ProcessingParams to be set. Must be non-NULL.
- * "inhibited"
- * Boolean value indicating whether policy mapping is to be inhibited.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetPolicyMappingInhibited(
- PKIX_ProcessingParams *params,
- PKIX_Boolean inhibited,
- void *plContext);
-
-
-/* PKIX_ValidateParams
- *
- * PKIX_ValidateParams consists of a ProcessingParams object as well as the
- * List of Certs (certChain) that the caller is trying to validate.
- */
-
-/*
- * FUNCTION: PKIX_ValidateParams_Create
- * DESCRIPTION:
- *
- * Creates a new ValidateParams object and stores it at "pParams".
- *
- * PARAMETERS:
- * "procParams"
- * Address of ProcessingParams to be used. Must be non-NULL.
- * "chain"
- * Address of List of Certs (certChain) to be validated. Must be non-NULL.
- * "pParams"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ValidateParams_Create(
- PKIX_ProcessingParams *procParams,
- PKIX_List *chain,
- PKIX_ValidateParams **pParams,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ValidateParams_GetProcessingParams
- * DESCRIPTION:
- *
- * Retrieves a pointer to the ProcessingParams that represent the basic
- * certificate processing parameters used during chain validation and chain
- * building from the ValidateParams pointed to by "valParams" and stores it
- * at "pProcParams". If the function succeeds, the pointer to the
- * ProcessingParams is guaranteed to be non-NULL.
- *
- * PARAMETERS:
- * "valParams"
- * Address of ValidateParams whose ProcessingParams are to be stored.
- * Must be non-NULL.
- * "pProcParams"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ValidateParams_GetProcessingParams(
- PKIX_ValidateParams *valParams,
- PKIX_ProcessingParams **pProcParams,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ValidateParams_GetCertChain
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of Certs (certChain) that is set in the
- * ValidateParams pointed to by "valParams" and stores it at "pChain". If the
- * function succeeds, the pointer to the CertChain is guaranteed to be
- * non-NULL.
- *
- * PARAMETERS:
- * "valParams"
- * Address of ValidateParams whose CertChain is to be stored.
- * Must be non-NULL.
- * "pChain"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ValidateParams_GetCertChain(
- PKIX_ValidateParams *valParams,
- PKIX_List **pChain,
- void *plContext);
-
-/* PKIX_TrustAnchor
- *
- * A PKIX_TrustAnchor represents a trusted entity and can be specified using a
- * self-signed certificate or using the trusted CA's name and public key. In
- * order to limit the trust in the trusted entity, name constraints can also
- * be imposed on the trust anchor.
- */
-
-/*
- * FUNCTION: PKIX_TrustAnchor_CreateWithCert
- * DESCRIPTION:
- *
- * Creates a new TrustAnchor object using the Cert pointed to by "cert" as
- * the trusted certificate and stores it at "pAnchor". Once created, a
- * TrustAnchor is immutable.
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert to use as trusted certificate. Must be non-NULL.
- * "pAnchor"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_TrustAnchor_CreateWithCert(
- PKIX_PL_Cert *cert,
- PKIX_TrustAnchor **pAnchor,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair
- * DESCRIPTION:
- *
- * Creates a new TrustAnchor object using the X500Name pointed to by "name",
- * and the PublicKey pointed to by "pubKey" and stores it at "pAnchor". The
- * CertNameConstraints pointed to by "nameConstraints" (if any) are used to
- * limit the trust placed in this trust anchor. To indicate that name
- * constraints don't apply, set "nameConstraints" to NULL. Once created, a
- * TrustAnchor is immutable.
- *
- * PARAMETERS:
- * "name"
- * Address of X500Name to use as name of trusted CA. Must be non-NULL.
- * "pubKey"
- * Address of PublicKey to use as trusted public key. Must be non-NULL.
- * "nameConstraints"
- * Address of CertNameConstraints to use as initial name constraints.
- * If NULL, no name constraints are applied.
- * "pAnchor"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_TrustAnchor_CreateWithNameKeyPair(
- PKIX_PL_X500Name *name,
- PKIX_PL_PublicKey *pubKey,
- PKIX_PL_CertNameConstraints *nameConstraints,
- PKIX_TrustAnchor **pAnchor,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_TrustAnchor_GetTrustedCert
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Cert that is set in the TrustAnchor pointed to
- * by "anchor" and stores it at "pCert". If "anchor" does not have a Cert
- * set, this function stores NULL at "pCert".
- *
- * PARAMETERS:
- * "anchor"
- * Address of TrustAnchor whose Cert is to be stored. Must be non-NULL.
- * "pChain"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_TrustAnchor_GetTrustedCert(
- PKIX_TrustAnchor *anchor,
- PKIX_PL_Cert **pCert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_TrustAnchor_GetCAName
- * DESCRIPTION:
- *
- * Retrieves a pointer to the CA's X500Name (if any) that is set in the
- * TrustAnchor pointed to by "anchor" and stores it at "pCAName". If "anchor"
- * does not have an X500Name set, this function stores NULL at "pCAName".
- *
- * PARAMETERS:
- * "anchor"
- * Address of TrustAnchor whose CA Name is to be stored. Must be non-NULL.
- * "pCAName"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_TrustAnchor_GetCAName(
- PKIX_TrustAnchor *anchor,
- PKIX_PL_X500Name **pCAName,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_TrustAnchor_GetCAPublicKey
- * DESCRIPTION:
- *
- * Retrieves a pointer to the CA's PublicKey (if any) that is set in the
- * TrustAnchor pointed to by "anchor" and stores it at "pPubKey". If "anchor"
- * does not have a PublicKey set, this function stores NULL at "pPubKey".
- *
- * PARAMETERS:
- * "anchor"
- * Address of TrustAnchor whose CA PublicKey is to be stored.
- * Must be non-NULL.
- * "pPubKey"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_TrustAnchor_GetCAPublicKey(
- PKIX_TrustAnchor *anchor,
- PKIX_PL_PublicKey **pPubKey,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_TrustAnchor_GetNameConstraints
- * DESCRIPTION:
- *
- * Retrieves a pointer to the CertNameConstraints (if any) set in the
- * TrustAnchor pointed to by "anchor" and stores it at "pConstraints". If
- * "anchor" does not have any CertNameConstraints set, this function stores
- * NULL at "pConstraints".
- *
- * PARAMETERS:
- * "anchor"
- * Address of TrustAnchor whose CertNameConstraints are to be stored.
- * Must be non-NULL.
- * "pConstraints"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Params Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_TrustAnchor_GetNameConstraints(
- PKIX_TrustAnchor *anchor,
- PKIX_PL_CertNameConstraints **pNameConstraints,
- void *plContext);
-
-/* PKIX_ResourceLimits
- *
- * A PKIX_ResourceLimits object represents the maximum resource usage that
- * the caller desires. The ValidateChain or BuildChain call
- * will not exceed these maximum limits. For example, the caller may want
- * a timeout value of 1 minute, meaning that if the ValidateChain or
- * BuildChain function is unable to finish in 1 minute, it should abort
- * with an Error.
- */
-
-/*
- * FUNCTION: PKIX_ResourceLimits_Create
- * DESCRIPTION:
- *
- * Creates a new ResourceLimits object and stores it at "pResourceLimits".
- *
- * PARAMETERS:
- * "pResourceLimits"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_Create(
- PKIX_ResourceLimits **pResourceLimits,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_GetMaxTime
- * DESCRIPTION:
- *
- * Retrieves a PKIX_UInt32 (if any) representing the maximum time that is
- * set in the ResourceLimits object pointed to by "resourceLimits" and stores
- * it at "pMaxTime". This maximum time (in seconds) should not be exceeded
- * by the function whose ProcessingParams contain this ResourceLimits object
- * (typically ValidateChain or BuildChain). It essentially functions as a
- * time-out value and is only appropriate if blocking I/O is being used.
- *
- * PARAMETERS:
- * "resourceLimits"
- * Address of ResourceLimits object whose maximum time (in seconds) is
- * to be stored. Must be non-NULL.
- * "pMaxTime"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_GetMaxTime(
- PKIX_ResourceLimits *resourceLimits,
- PKIX_UInt32 *pMaxTime,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_SetMaxTime
- * DESCRIPTION:
- *
- * Sets the maximum time of the ResourceLimits object pointed to by
- * "resourceLimits" using the PKIX_UInt32 value of "maxTime". This
- * maximum time (in seconds) should not be exceeded by the function
- * whose ProcessingParams contain this ResourceLimits object
- * (typically ValidateChain or BuildChain). It essentially functions as a
- * time-out value and is only appropriate if blocking I/O is being used.
- *
- * PARAMETERS:
- * "resourceLimits"
- * Address of ResourceLimits object whose maximum time (in seconds) is
- * to be set. Must be non-NULL.
- * "maxTime"
- * Value of PKIX_UInt32 representing the maximum time (in seconds)
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_SetMaxTime(
- PKIX_ResourceLimits *resourceLimits,
- PKIX_UInt32 maxTime,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_GetMaxFanout
- * DESCRIPTION:
- *
- * Retrieves a PKIX_UInt32 (if any) representing the maximum fanout that is
- * set in the ResourceLimits object pointed to by "resourceLimits" and stores
- * it at "pMaxFanout". This maximum fanout (number of certs) should not be
- * exceeded by the function whose ProcessingParams contain this ResourceLimits
- * object (typically ValidateChain or BuildChain). If the builder encounters
- * more than this maximum number of certificates when searching for the next
- * candidate certificate, it should abort and return an error. This
- * parameter is only relevant for ValidateChain if it needs to internally call
- * BuildChain (e.g. in order to build the chain to a CRL's issuer).
- *
- * PARAMETERS:
- * "resourceLimits"
- * Address of ResourceLimits object whose maximum fanout (number of certs)
- * is to be stored. Must be non-NULL.
- * "pMaxFanout"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_GetMaxFanout(
- PKIX_ResourceLimits *resourceLimits,
- PKIX_UInt32 *pMaxFanout,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_SetMaxFanout
- * DESCRIPTION:
- *
- * Sets the maximum fanout of the ResourceLimits object pointed to by
- * "resourceLimits" using the PKIX_UInt32 value of "maxFanout". This maximum
- * fanout (number of certs) should not be exceeded by the function whose
- * ProcessingParams contain this ResourceLimits object (typically ValidateChain
- * or BuildChain). If the builder encounters more than this maximum number of
- * certificates when searching for the next candidate certificate, it should
- * abort and return an Error. This parameter is only relevant for ValidateChain
- * if it needs to internally call BuildChain (e.g. in order to build the
- * chain to a CRL's issuer).
- *
- * PARAMETERS:
- * "resourceLimits"
- * Address of ResourceLimits object whose maximum fanout (number of certs)
- * is to be set. Must be non-NULL.
- * "maxFanout"
- * Value of PKIX_UInt32 representing the maximum fanout (number of certs)
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_SetMaxFanout(
- PKIX_ResourceLimits *resourceLimits,
- PKIX_UInt32 maxFanout,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_GetMaxDepth
- * DESCRIPTION:
- *
- * Retrieves a PKIX_UInt32 (if any) representing the maximum depth that is
- * set in the ResourceLimits object pointed to by "resourceLimits" and stores
- * it at "pMaxDepth". This maximum depth (number of certs) should not be
- * exceeded by the function whose ProcessingParams contain this ResourceLimits
- * object (typically ValidateChain or BuildChain). If the builder encounters
- * more than this maximum number of certificates when searching for the next
- * candidate certificate, it should abort and return an error. This
- * parameter is only relevant for ValidateChain if it needs to internally call
- * BuildChain (e.g. in order to build the chain to a CRL's issuer).
- *
- * PARAMETERS:
- * "resourceLimits"
- * Address of ResourceLimits object whose maximum depth (number of certs)
- * is to be stored. Must be non-NULL.
- * "pMaxDepth"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_GetMaxDepth(
- PKIX_ResourceLimits *resourceLimits,
- PKIX_UInt32 *pMaxDepth,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_SetMaxDepth
- * DESCRIPTION:
- *
- * Sets the maximum depth of the ResourceLimits object pointed to by
- * "resourceLimits" using the PKIX_UInt32 value of "maxDepth". This maximum
- * depth (number of certs) should not be exceeded by the function whose
- * ProcessingParams contain this ResourceLimits object (typically ValidateChain
- * or BuildChain). If the builder encounters more than this maximum number of
- * certificates when searching for the next candidate certificate, it should
- * abort and return an Error. This parameter is only relevant for ValidateChain
- * if it needs to internally call BuildChain (e.g. in order to build the
- * chain to a CRL's issuer).
- *
- * PARAMETERS:
- * "resourceLimits"
- * Address of ResourceLimits object whose maximum depth (number of certs)
- * is to be set. Must be non-NULL.
- * "maxDepth"
- * Value of PKIX_UInt32 representing the maximum depth (number of certs)
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_SetMaxDepth(
- PKIX_ResourceLimits *resourceLimits,
- PKIX_UInt32 maxDepth,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCerts
- * DESCRIPTION:
- *
- * Retrieves a PKIX_UInt32 (if any) representing the maximum number of traversed
- * certs that is set in the ResourceLimits object pointed to by "resourceLimits"
- * and stores it at "pMaxNumber". This maximum number of traversed certs should
- * not be exceeded by the function whose ProcessingParams contain this ResourceLimits
- * object (typically ValidateChain or BuildChain). If the builder traverses more
- * than this number of certs during the build process, it should abort and
- * return an Error. This parameter is only relevant for ValidateChain if it
- * needs to internally call BuildChain (e.g. in order to build the chain to a
- * CRL's issuer).
- *
- * PARAMETERS:
- * "resourceLimits"
- * Address of ResourceLimits object whose maximum number of traversed certs
- * is to be stored. Must be non-NULL.
- * "pMaxNumber"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_GetMaxNumberOfCerts(
- PKIX_ResourceLimits *resourceLimits,
- PKIX_UInt32 *pMaxNumber,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCerts
- * DESCRIPTION:
- *
- * Sets the maximum number of traversed certs of the ResourceLimits object
- * pointed to by "resourceLimits" using the PKIX_UInt32 value of "maxNumber".
- * This maximum number of traversed certs should not be exceeded by the function
- * whose ProcessingParams contain this ResourceLimits object (typically ValidateChain
- * or BuildChain). If the builder traverses more than this number of certs
- * during the build process, it should abort and return an Error. This parameter
- * is only relevant for ValidateChain if it needs to internally call BuildChain
- * (e.g. in order to build the chain to a CRL's issuer).
- *
- * PARAMETERS:
- * "resourceLimits"
- * Address of ResourceLimits object whose maximum number of traversed certs
- * is to be set. Must be non-NULL.
- * "maxNumber"
- * Value of PKIX_UInt32 representing the maximum number of traversed certs
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_SetMaxNumberOfCerts(
- PKIX_ResourceLimits *resourceLimits,
- PKIX_UInt32 maxNumber,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCRLs
- * DESCRIPTION:
- *
- * Retrieves a PKIX_UInt32 (if any) representing the maximum number of traversed
- * CRLs that is set in the ResourceLimits object pointed to by "resourceLimits"
- * and stores it at "pMaxNumber". This maximum number of traversed CRLs should
- * not be exceeded by the function whose ProcessingParams contain this ResourceLimits
- * object (typically ValidateChain or BuildChain). If the builder traverses more
- * than this number of CRLs during the build process, it should abort and
- * return an Error. This parameter is only relevant for ValidateChain if it
- * needs to internally call BuildChain (e.g. in order to build the chain to a
- * CRL's issuer).
- *
- * PARAMETERS:
- * "resourceLimits"
- * Address of ResourceLimits object whose maximum number of traversed CRLs
- * is to be stored. Must be non-NULL.
- * "pMaxNumber"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_GetMaxNumberOfCRLs(
- PKIX_ResourceLimits *resourceLimits,
- PKIX_UInt32 *pMaxNumber,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCRLs
- * DESCRIPTION:
- *
- * Sets the maximum number of traversed CRLs of the ResourceLimits object
- * pointed to by "resourceLimits" using the PKIX_UInt32 value of "maxNumber".
- * This maximum number of traversed CRLs should not be exceeded by the function
- * whose ProcessingParams contain this ResourceLimits object (typically ValidateChain
- * or BuildChain). If the builder traverses more than this number of CRLs
- * during the build process, it should abort and return an Error. This parameter
- * is only relevant for ValidateChain if it needs to internally call BuildChain
- * (e.g. in order to build the chain to a CRL's issuer).
- *
- * PARAMETERS:
- * "resourceLimits"
- * Address of ResourceLimits object whose maximum number of traversed CRLs
- * is to be set. Must be non-NULL.
- * "maxNumber"
- * Value of PKIX_UInt32 representing the maximum number of traversed CRLs
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "params"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ResourceLimits Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ResourceLimits_SetMaxNumberOfCRLs(
- PKIX_ResourceLimits *resourceLimits,
- PKIX_UInt32 maxNumber,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PARAMS_H */
diff --git a/security/nss/lib/libpkix/include/pkix_pl_pki.h b/security/nss/lib/libpkix/include/pkix_pl_pki.h
deleted file mode 100755
index 32d3a79a4..000000000
--- a/security/nss/lib/libpkix/include/pkix_pl_pki.h
+++ /dev/null
@@ -1,2695 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines several platform independent functions to
- * manipulate certificates and CRLs in a portable manner.
- *
- */
-
-#ifndef _PKIX_PL_PKI_H
-#define _PKIX_PL_PKI_H
-
-#include "pkixt.h"
-#include "seccomon.h"
-#include "certt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/*
- * Cert
- *
- * A Cert represents an X.509 certificate. It can be created using the bytes
- * of a valid ASN.1 DER encoding. Once created, a Cert is immutable. The
- * following functions include accessors (gettors) for the various components
- * of an X.509 certificate. Also included are functions to perform various
- * checks on a certificate, including name constraints, key usage, validity
- * (expiration), and signature verification.
- */
-
-/*
- * FUNCTION: PKIX_PL_Cert_Create
- * DESCRIPTION:
- *
- * Creates a new certificate using the bytes in the ByteArray pointed to by
- * "byteArray" and stores it at "pCert". If the bytes are not a valid ASN.1
- * DER encoding of a certificate, a PKIX_Error pointer is returned. Once
- * created, a Cert is immutable.
- *
- * Certificate ::= SEQUENCE {
- * tbsCertificate TBSCertificate,
- * signatureAlgorithm AlgorithmIdentifier,
- * signatureValue BIT STRING }
- *
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL }
- *
- * TBSCertificate ::= SEQUENCE {
- * version [0] EXPLICIT Version DEFAULT v1,
- * serialNumber CertificateSerialNumber,
- * signature AlgorithmIdentifier,
- * issuer Name,
- * validity Validity,
- * subject Name,
- * subjectPublicKeyInfo SubjectPublicKeyInfo,
- * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
- * -- If present, version MUST be v2 or v3
- * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
- * -- If present, version MUST be v2 or v3
- * extensions [3] EXPLICIT Extensions OPTIONAL
- * -- If present, version MUST be v3
- * }
- *
- * Version ::= INTEGER { v1(0), v2(1), v3(2) }
- *
- * CertificateSerialNumber ::= INTEGER
- *
- * Validity ::= SEQUENCE {
- * notBefore Time,
- * notAfter Time }
- *
- * Time ::= CHOICE {
- * utcTime UTCTime,
- * generalTime GeneralizedTime }
- *
- * UniqueIdentifier ::= BIT STRING
- *
- * SubjectPublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING }
- *
- * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
- *
- * Extension ::= SEQUENCE {
- * extnID OBJECT IDENTIFIER,
- * critical BOOLEAN DEFAULT FALSE,
- * extnValue OCTET STRING }
- *
- * PARAMETERS:
- * "byteArray"
- * Address of ByteArray representing the CERT's DER encoding.
- * Must be non-NULL.
- * "pCert"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_Create(
- PKIX_PL_ByteArray *byteArray,
- PKIX_PL_Cert **pCert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_CreateFromCERTCertificate
- * DESCRIPTION:
- *
- * Creates a new certificate using passed in CERTCertificate object.
- *
- * PARAMETERS:
- * "nssCert"
- * The object that will be used to create new PKIX_PL_Cert.
- * "pCert"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_CreateFromCERTCertificate(
- const CERTCertificate *nssCert,
- PKIX_PL_Cert **pCert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetCERTCertificate
- * DESCRIPTION:
- *
- * Returns underlying CERTCertificate structure. Return CERTCertificate
- * object is duplicated and should be destroyed by caller.
- *
- * PARAMETERS:
- * "cert"
- * Address of PKIX_PL_Cert. Must be non-NULL.
- * "pCert"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetCERTCertificate(
- PKIX_PL_Cert *cert,
- CERTCertificate **pnssCert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetVersion
- * DESCRIPTION:
- *
- * Retrieves the version of the Cert pointed to by "cert" and stores it at
- * "pVersion". The version number will either be 0, 1, or 2 (corresponding to
- * v1, v2, or v3, respectively).
- *
- * Version ::= INTEGER { v1(0), v2(1), v3(2) }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose version is to be stored. Must be non-NULL.
- * "pVersion"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetVersion(
- PKIX_PL_Cert *cert,
- PKIX_UInt32 *pVersion,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSerialNumber
- * DESCRIPTION:
- *
- * Retrieves a pointer to the BigInt that represents the serial number of the
- * Cert pointed to by "cert" and stores it at "pSerialNumber".
- *
- * CertificateSerialNumber ::= INTEGER
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose serial number is to be stored. Must be non-NULL.
- * "pSerial"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSerialNumber(
- PKIX_PL_Cert *cert,
- PKIX_PL_BigInt **pSerial,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetIssuer
- * DESCRIPTION:
- *
- * Retrieves a pointer to the X500Name that represents the issuer DN of the
- * Cert pointed to by "cert" and stores it at "pIssuer".
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose issuer is to be stored. Must be non-NULL.
- * "pIssuer"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetIssuer(
- PKIX_PL_Cert *cert,
- PKIX_PL_X500Name **pIssuer,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSubject
- * DESCRIPTION:
- *
- * Retrieves a pointer to the X500Name that represents the subject DN of the
- * Cert pointed to by "cert" and stores it at "pSubject". If the Cert does not
- * have a subject DN, this function stores NULL at "pSubject".
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose subject is to be stored. Must be non-NULL.
- * "pSubject"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSubject(
- PKIX_PL_Cert *cert,
- PKIX_PL_X500Name **pSubject,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKeyAlgId
- * DESCRIPTION:
- *
- * Retrieves a pointer to the OID that represents the subject public key
- * algorithm of the Cert pointed to by "cert" and stores it at
- * "pSubjKeyAlgId".
- *
- * SubjectPublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING }
- *
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose subject public key algorithm OID is to be stored.
- * Must be non-NULL.
- * "pSubjKeyAlgId"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSubjectPublicKeyAlgId(
- PKIX_PL_Cert *cert,
- PKIX_PL_OID **pSubjKeyAlgId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKey
- * DESCRIPTION:
- *
- * Retrieves a pointer to the PublicKey that represents the subject public key
- * of the Cert pointed to by "cert" and stores it at "pPublicKey".
- *
- * SubjectPublicKeyInfo ::= SEQUENCE {
- * algorithm AlgorithmIdentifier,
- * subjectPublicKey BIT STRING }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose subject public key is to be stored.
- * Must be non-NULL.
- * "pPublicKey"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSubjectPublicKey(
- PKIX_PL_Cert *cert,
- PKIX_PL_PublicKey **pPublicKey,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_PublicKey_NeedsDSAParameters
- * DESCRIPTION:
- *
- * Determines if the PublicKey pointed to by "pubKey" is a DSA Key with null
- * parameters and stores the result at "pNeedsParams".
- *
- * PARAMETERS:
- * "pubKey"
- * Address of the Public Key of interest. Must be non-NULL.
- * "pNeedsParams"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a PublicKey Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_PublicKey_NeedsDSAParameters(
- PKIX_PL_PublicKey *pubKey,
- PKIX_Boolean *pNeedsParams,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_PublicKey_MakeInheritedDSAPublicKey
- * DESCRIPTION:
- *
- * This function is used for DSA key parameter inheritance, which allows a
- * first DSA key with omitted parameters (pointed to by "firstKey") to inherit
- * the PQG parameters of a second DSA key that does have parameters. (pointed
- * to by "secondKey"). Once created, a PublicKey is immutable.
- *
- * Specifically, the algorithm used by the function is:
- *
- * If the first PublicKey is not a DSA public key with omitted parameters,
- * the function stores NULL at "pResultKey". (No Error is returned)
- * Else if the second PublicKey is not a DSA public key with non-NULL,
- * parameters, the function returns an Error.
- * Else
- * the function creates a third PublicKey with a "Y" value from the
- * first PublicKey and the DSA parameters from the second PublicKey,
- * and stores it at "pResultKey".
- *
- * PARAMETERS:
- * "firstKey"
- * Address of a Public Key that needs to inherit DSA parameters.
- * Must be non-NULL.
- * "secondKey"
- * Address of a Public Key that has DSA parameters that will be inherited
- * by "firstKey". Must be non-NULL.
- * "pResultKey"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a PublicKey Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(
- PKIX_PL_PublicKey *firstKey,
- PKIX_PL_PublicKey *secondKey,
- PKIX_PL_PublicKey **pResultKey,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetCriticalExtensionOIDs
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of OIDs (each OID corresponding to a
- * critical extension of the Cert pointed to by "cert") and stores it at
- * "pExtensions". If "cert" does not have any critical extensions, this
- * function stores an empty List at "pExtensions".
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose critical extension OIDs are to be stored.
- * Must be non-NULL.
- * "pExtensions"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetCriticalExtensionOIDs(
- PKIX_PL_Cert *cert,
- PKIX_List **pExtensions, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetAuthorityKeyIdentifier
- * DESCRIPTION:
- *
- * Retrieves a pointer to a ByteArray representing the authority key
- * identifier extension of the Cert pointed to by "cert" and stores it at
- * "pAuthKeyId".
- *
- * Note that this function only retrieves the keyIdentifier component
- * (OCTET STRING) of the AuthorityKeyIdentifier extension, when present.
- *
- * If "cert" does not have an AuthorityKeyIdentifier extension or if the
- * keyIdentifier component of the AuthorityKeyIdentifier extension is not
- * present, this function stores NULL at "pAuthKeyId".
- *
- * AuthorityKeyIdentifier ::= SEQUENCE {
- * keyIdentifier [0] KeyIdentifier OPTIONAL,
- * authorityCertIssuer [1] GeneralNames OPTIONAL,
- * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose authority key identifier is to be stored.
- * Must be non-NULL.
- * "pAuthKeyId"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetAuthorityKeyIdentifier(
- PKIX_PL_Cert *cert,
- PKIX_PL_ByteArray **pAuthKeyId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSubjectKeyIdentifier
- * DESCRIPTION:
- *
- * Retrieves a pointer to a ByteArray representing the subject key identifier
- * extension of the Cert pointed to by "cert" and stores it at "pSubjKeyId".
- * If "cert" does not have a SubjectKeyIdentifier extension, this function
- * stores NULL at "pSubjKeyId".
- *
- * SubjectKeyIdentifier ::= KeyIdentifier
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose subject key identifier is to be stored.
- * Must be non-NULL.
- * "pSubjKeyId"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSubjectKeyIdentifier(
- PKIX_PL_Cert *cert,
- PKIX_PL_ByteArray **pSubjKeyId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSubjectAltNames
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of GeneralNames (each GeneralName
- * representing a subject alternative name found in the subject alternative
- * names extension of the Cert pointed to by "cert") and stores it at
- * "pSubjectAltNames". If "cert" does not have a SubjectAlternativeNames
- * extension, this function stores NULL at "pSubjectAltNames".
- *
- * Note that the List returned by this function is immutable.
- *
- * SubjectAltName ::= GeneralNames
- *
- * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
- *
- * GeneralName ::= CHOICE {
- * otherName [0] OtherName,
- * rfc822Name [1] IA5String,
- * dNSName [2] IA5String,
- * x400Address [3] ORAddress,
- * directoryName [4] Name,
- * ediPartyName [5] EDIPartyName,
- * uniformResourceIdentifier [6] IA5String,
- * iPAddress [7] OCTET STRING,
- * registeredID [8] OBJECT IDENTIFIER }
- *
- * OtherName ::= SEQUENCE {
- * type-id OBJECT IDENTIFIER,
- * value [0] EXPLICIT ANY DEFINED BY type-id }
- *
- * EDIPartyName ::= SEQUENCE {
- * nameAssigner [0] DirectoryString OPTIONAL,
- * partyName [1] DirectoryString }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose subjectAltNames are to be stored.
- * Must be non-NULL.
- * "pSubjectAltNames"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSubjectAltNames(
- PKIX_PL_Cert *cert,
- PKIX_List **pSubjectAltNames, /* list of PKIX_PL_GeneralName */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetAllSubjectNames
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of GeneralNames (each GeneralName
- * representing a subject DN or a subject alternative name found in the
- * subject alternative names extension of the Cert pointed to by "cert") and
- * stores it at "pAllSubjectNames".If the Subject DN of "cert" is empty and
- * it does not have a SubjectAlternativeNames extension, this function stores
- * NULL at "pAllSubjectNames".
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose subject DN and subjectAltNames are to be stored.
- * Must be non-NULL.
- * "pAllSubjectNames"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetAllSubjectNames(
- PKIX_PL_Cert *cert,
- PKIX_List **pAllSubjectNames, /* list of PKIX_PL_GeneralName */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetExtendedKeyUsage
- * DESCRIPTION:
- *
- * Retrieves a pointer to a List of OIDs (each OID corresponding to an
- * extended key usage of the Cert pointed to by "cert") and stores it at
- * "pKeyUsage". If "cert" does not have an extended key usage extension, this
- * function stores a NULL at "pKeyUsage".
- *
- * Note that the List returned by this function is immutable.
- *
- * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
- *
- * KeyPurposeId ::= OBJECT IDENTIFIER
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose extended key usage OIDs are to be stored.
- * Must be non-NULL.
- * "pKeyUsage"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetExtendedKeyUsage(
- PKIX_PL_Cert *cert,
- PKIX_List **pKeyUsage, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetNameConstraints
- * DESCRIPTION:
- *
- * Retrieves a pointer to a CertNameConstraints object representing the name
- * constraints extension of the Cert pointed to by "cert" and stores it at
- * "pNameConstraints".
- *
- * If "cert" does not have a name constraints extension, this function stores
- * NULL at "pNameConstraints".
- *
- * NameConstraints ::= SEQUENCE {
- * permittedSubtrees [0] GeneralSubtrees OPTIONAL,
- * excludedSubtrees [1] GeneralSubtrees OPTIONAL }
- *
- * GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
- *
- * GeneralSubtree ::= SEQUENCE {
- * base GeneralName,
- * minimum [0] BaseDistance DEFAULT 0,
- * maximum [1] BaseDistance OPTIONAL }
- *
- * BaseDistance ::= INTEGER (0..MAX)
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose name constraints extension is to be stored.
- * Must be non-NULL.
- * "pNameConstraints"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetNameConstraints(
- PKIX_PL_Cert *cert,
- PKIX_PL_CertNameConstraints **pNameConstraints,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetBasicConstraints
- * DESCRIPTION:
- *
- * Retrieves a pointer to a CertBasicConstraints object representing the basic
- * constraints extension of the Cert pointed to by "cert" and stores it at
- * "pBasicConstraints".
- *
- * If "cert" does not have a basic constraints extension, this function stores
- * NULL at "pBasicConstraints". Once created, a CertBasicConstraints object
- * is immutable.
- *
- * BasicConstraints ::= SEQUENCE {
- * cA BOOLEAN DEFAULT FALSE,
- * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose basic constraints extension is to be stored.
- * Must be non-NULL.
- * "pBasicConstraints"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetBasicConstraints(
- PKIX_PL_Cert *cert,
- PKIX_PL_CertBasicConstraints **pBasicConstraints,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_BasicConstraints_GetCAFlag
- * DESCRIPTION:
- *
- * Retrieves a pointer to a Boolean value representing the cA Flag component
- * of the CertBasicConstraints object pointed to by "basicConstraints" and
- * stores it at "pResult".
- *
- * BasicConstraints ::= SEQUENCE {
- * cA BOOLEAN DEFAULT FALSE,
- * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
- *
- * PARAMETERS:
- * "basicConstraints"
- * Address of CertBasicConstraints whose cA Flag is to be stored.
- * Must be non-NULL.
- * "pResult"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_BasicConstraints_GetCAFlag(
- PKIX_PL_CertBasicConstraints *basicConstraints,
- PKIX_Boolean *pResult,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_BasicConstraints_GetPathLenConstraint
- * DESCRIPTION:
- *
- * Retrieves a pointer to an integer value representing the pathLenConstraint
- * component of the CertBasicConstraints object pointed to by
- * "basicConstraints" and stores it at "pPathLenConstraint". If the
- * pathLenConstraint component is not present, this function stores -1 at
- * "pPathLenConstraint".
- *
- * PARAMETERS:
- * "basicConstraints"
- * Address of CertBasicConstraints whose pathLen is to be stored.
- * Must be non-NULL.
- * "pPathLenConstraint"
- * Address where PKIX_Int32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_BasicConstraints_GetPathLenConstraint(
- PKIX_PL_CertBasicConstraints *basicConstraints,
- PKIX_Int32 *pPathLenConstraint,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetPolicyInformation
- * DESCRIPTION:
- *
- * Retrieves a pointer to a List of CertPolicyInfos found in the certificate
- * policies extension of the Cert pointed to by "cert" and stores it at
- * "pPolicyInfo". If "cert" does not have a certificate policies extension,
- * this function stores NULL at "pPolicyInfo". Once created, a CertPolicyInfo
- * object is immutable.
- *
- * Note that the List returned by this function is immutable.
- *
- * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
- *
- * PolicyInformation ::= SEQUENCE {
- * policyIdentifier CertPolicyId,
- * policyQualifiers SEQUENCE SIZE (1..MAX) OF
- * PolicyQualifierInfo OPTIONAL }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose CertPolicyInfos are to be stored.
- * Must be non-NULL.
- * "pPolicyInfo"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetPolicyInformation(
- PKIX_PL_Cert *cert,
- PKIX_List **pPolicyInfo, /* list of PKIX_PL_CertPolicyInfo */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CertPolicyInfo_GetPolicyId
- * DESCRIPTION:
- *
- * Retrieves a pointer to an OID representing the policyIdentifier of the
- * CertPolicyInfo pointed to by "policyInfo" and stores it at "pCertPolicyId".
- *
- * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
- *
- * PolicyInformation ::= SEQUENCE {
- * policyIdentifier CertPolicyId,
- * policyQualifiers SEQUENCE SIZE (1..MAX) OF
- * PolicyQualifierInfo OPTIONAL }
- *
- * CertPolicyId ::= OBJECT IDENTIFIER
- *
- * PARAMETERS:
- * "policyInfo"
- * Address of CertPolicyInfo whose policy identifier is to be stored.
- * Must be non-NULL.
- * "pCertPolicyId"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CertPolicyInfo_GetPolicyId(
- PKIX_PL_CertPolicyInfo *policyInfo,
- PKIX_PL_OID **pCertPolicyId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CertPolicyInfo_GetPolQualifiers
- * DESCRIPTION:
- *
- * Retrieves a pointer to a List of the CertPolicyQualifiers representing
- * the policyQualifiers of the CertPolicyInfo pointed to by "policyInfo" and
- * stores it at "pPolicyQualifiers". If "policyInfo" does not have any
- * policyQualifiers, this function stores NULL at "pPolicyQualifiers". Once
- * created, a CertPolicyQualifier is immutable.
- *
- * Note that the List returned by this function is immutable.
- *
- * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
- *
- * PolicyInformation ::= SEQUENCE {
- * policyIdentifier CertPolicyId,
- * policyQualifiers SEQUENCE SIZE (1..MAX) OF
- * PolicyQualifierInfo OPTIONAL }
- *
- * PolicyQualifierInfo ::= SEQUENCE {
- * policyQualifierId PolicyQualifierId,
- * qualifier ANY DEFINED BY policyQualifierId }
- *
- * PARAMETERS:
- * "policyInfo"
- * Address of CertPolicyInfo whose policy qualifiers List is to be stored.
- * Must be non-NULL.
- * "pPolicyQualifiers"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CertPolicyInfo_GetPolQualifiers(
- PKIX_PL_CertPolicyInfo *policyInfo,
- PKIX_List **pPolicyQualifiers, /* list of PKIX_PL_CertPolicyQualifier */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_PolicyQualifier_GetPolicyQualifierId
- * DESCRIPTION:
- *
- * Retrieves a pointer to an OID representing the policyQualifierId of the
- * CertPolicyQualifier pointed to by "policyQualifier" and stores it at
- * "pPolicyQualifierId".
- *
- * PolicyQualifierInfo ::= SEQUENCE {
- * policyQualifierId PolicyQualifierId,
- * qualifier ANY DEFINED BY policyQualifierId }
- *
- * PolicyQualifierId ::=
- * OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
- *
- * PARAMETERS:
- * "policyQualifier"
- * Address of CertPolQualifier whose policyQualifierId is to be stored.
- * Must be non-NULL.
- * "pPolicyQualifierId"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_PolicyQualifier_GetPolicyQualifierId(
- PKIX_PL_CertPolicyQualifier *policyQualifier,
- PKIX_PL_OID **pPolicyQualifierId,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_PolicyQualifier_GetQualifier
- * DESCRIPTION:
- *
- * Retrieves a pointer to a ByteArray representing the qualifier of the
- * CertPolicyQualifier pointed to by "policyQualifier" and stores it at
- * "pQualifier".
- *
- * PolicyQualifierInfo ::= SEQUENCE {
- * policyQualifierId PolicyQualifierId,
- * qualifier ANY DEFINED BY policyQualifierId }
- *
- * PARAMETERS:
- * "policyQualifier"
- * Address of CertPolicyQualifier whose qualifier is to be stored.
- * Must be non-NULL.
- * "pQualifier"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_PolicyQualifier_GetQualifier(
- PKIX_PL_CertPolicyQualifier *policyQualifier,
- PKIX_PL_ByteArray **pQualifier,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetPolicyMappings
- * DESCRIPTION:
- *
- * Retrieves a pointer to a List of CertPolicyMaps found in the policy
- * mappings extension of the Cert pointed to by "cert" and stores it at
- * "pPolicyMappings". If "cert" does not have a policy mappings extension,
- * this function stores NULL at "pPolicyMappings". Once created, a
- * CertPolicyMap is immutable.
- *
- * Note that the List returned by this function is immutable.
- *
- * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
- * issuerDomainPolicy CertPolicyId,
- * subjectDomainPolicy CertPolicyId }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose CertPolicyMaps are to be stored.
- * Must be non-NULL.
- * "pPolicyMappings"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetPolicyMappings(
- PKIX_PL_Cert *cert,
- PKIX_List **pPolicyMappings, /* list of PKIX_PL_CertPolicyMap */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
- * DESCRIPTION:
- *
- * Retrieves a pointer to an OID representing the issuerDomainPolicy of the
- * CertPolicyMap pointed to by "policyMapping" and stores it at
- * "pIssuerDomainPolicy".
- *
- * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
- * issuerDomainPolicy CertPolicyId,
- * subjectDomainPolicy CertPolicyId }
- *
- * PARAMETERS:
- * "policyMapping"
- * Address of CertPolicyMap whose issuerDomainPolicy is to be stored.
- * Must be non-NULL.
- * "pIssuerDomainPolicy"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(
- PKIX_PL_CertPolicyMap *policyMapping,
- PKIX_PL_OID **pIssuerDomainPolicy,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy
- * DESCRIPTION:
- *
- * Retrieves a pointer to an OID representing the subjectDomainPolicy of the
- * CertPolicyMap pointed to by "policyMapping" and stores it at
- * "pSubjectDomainPolicy".
- *
- * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
- * issuerDomainPolicy CertPolicyId,
- * subjectDomainPolicy CertPolicyId }
- *
- * PARAMETERS:
- * "policyMapping"
- * Address of CertPolicyMap whose subjectDomainPolicy is to be stored.
- * Must be non-NULL.
- * "pSubjectDomainPolicy"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy(
- PKIX_PL_CertPolicyMap *policyMapping,
- PKIX_PL_OID **pSubjectDomainPolicy,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetRequireExplicitPolicy
- * DESCRIPTION:
- *
- * Retrieves the requireExplicitPolicy value of the policy constraints
- * extension of the Cert pointed to by "cert" and stores it at "pSkipCerts".
- * If "cert" does not have a policy constraints extension or the
- * requireExplicitPolicy component is not populated, this function stores -1
- * at "pSkipCerts".
- *
- * PolicyConstraints ::= SEQUENCE {
- * requireExplicitPolicy [0] SkipCerts OPTIONAL,
- * inhibitPolicyMapping [1] SkipCerts OPTIONAL }
- *
- * SkipCerts ::= INTEGER (0..MAX)
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose requireExplicitPolicy value is to be stored.
- * Must be non-NULL.
- * "pSkipCerts"
- * Address where PKIX_Int32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetRequireExplicitPolicy(
- PKIX_PL_Cert *cert,
- PKIX_Int32 *pSkipCerts,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetPolicyMappingInhibited
- * DESCRIPTION:
- *
- * Retrieves the inhibitPolicyMapping value of the policy constraints
- * extension of the Cert pointed to by "cert" and stores it at "pSkipCerts".
- * If "cert" does not have a policy constraints extension or the
- * inhibitPolicyMapping component is not populated, this function stores -1
- * at "pSkipCerts".
- *
- * PolicyConstraints ::= SEQUENCE {
- * requireExplicitPolicy [0] SkipCerts OPTIONAL,
- * inhibitPolicyMapping [1] SkipCerts OPTIONAL }
- *
- * SkipCerts ::= INTEGER (0..MAX)
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose requireExplicitPolicy value is to be stored.
- * Must be non-NULL.
- * "pSkipCerts"
- * Address where PKIX_Int32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetPolicyMappingInhibited(
- PKIX_PL_Cert *cert,
- PKIX_Int32 *pSkipCerts,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetInhibitAnyPolicy
- * DESCRIPTION:
- *
- * Retrieves the value of the inhibit any-policy extension of the Cert
- * pointed to by "cert" and stores it at "pSkipCerts". If "cert" does not have
- * an inhibit any-policy extension, this function stores -1 at "pSkipCerts".
- *
- * InhibitAnyPolicy ::= SkipCerts
- *
- * SkipCerts ::= INTEGER (0..MAX)
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose inhibit any-policy extensions value is to be
- * stored. Must be non-NULL.
- * "pSkipCerts"
- * Address where PKIX_Int32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetInhibitAnyPolicy(
- PKIX_PL_Cert *cert,
- PKIX_Int32 *pSkipCerts,
- void *plContext);
-
-/* policy processing functions */
-
-/*
- * FUNCTION: PKIX_PL_Cert_AreCertPoliciesCritical
- * DESCRIPTION:
- *
- * Checks whether the certificate policies extension of the Cert pointed to
- * by "cert" is critical and stores the Boolean result at "pCritical". If
- * "cert" does not have a certificate policies extension, this function
- * stores NULL at "pCritical".
- *
- * XXX what distinguishes NULL from PKIX_FALSE?
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose certificate policies extension's criticality is
- * to be determined. Must be non-NULL.
- * "pCritical"
- * Address where PKIX_Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_AreCertPoliciesCritical(
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pCritical,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_CheckNameConstraints
- * DESCRIPTION:
- *
- * Checks whether the subject distinguished name and subject alternative names
- * of the Cert pointed to by "cert" satisfy the CertNameConstraints pointed
- * to by "nameConstraints". If the CertNameConstraints are not satisfied, a
- * PKIX_Error pointer is returned. If "nameConstraints" is NULL, the function
- * does nothing.
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose subject names are to be checked.
- * Must be non-NULL.
- * "nameConstraints"
- * Address of CertNameConstraints that need to be satisfied.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_CheckNameConstraints(
- PKIX_PL_Cert *cert,
- PKIX_PL_CertNameConstraints *nameConstraints,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_MergeNameConstraints
- * DESCRIPTION:
- *
- * Merges the CertNameConstraints pointed to by "firstNC" and the
- * CertNameConstraints pointed to by "secondNC" and stores the merged
- * CertNameConstraints at "pResultNC". If "secondNC" is NULL, the
- * CertNameConstraints pointed to by "firstNC" is stored at "pResultNC".
- *
- * Once created, a CertNameConstraints object is immutable.
- *
- * PARAMETERS:
- * "firstNC"
- * Address of first CertNameConstraints to be merged. Must be non-NULL.
- * "secondNC"
- * Address of second CertNameConstraints to be merged
- * "pResultNC"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_MergeNameConstraints(
- PKIX_PL_CertNameConstraints *firstNC,
- PKIX_PL_CertNameConstraints *secondNC,
- PKIX_PL_CertNameConstraints **pResultNC,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_VerifyKeyUsage
- * DESCRIPTION:
- *
- * Verifies that the keyUsage bit(s) specified by "keyUsage" appear in the
- * keyUsage extension of the Cert pointed to by "cert". The keyUsage bit
- * values specified in pkixt.h are supported, and can be bitwise or'ed if
- * multiple bit values are to be verified. If the keyUsages do not all appear
- * in the keyUsage extension of "cert", a PKIX_Error pointer is returned.
- *
- * KeyUsage ::= BIT STRING {
- * digitalSignature (0),
- * nonRepudiation (1),
- * keyEncipherment (2),
- * dataEncipherment (3),
- * keyAgreement (4),
- * keyCertSign (5),
- * cRLSign (6),
- * encipherOnly (7),
- * decipherOnly (8) }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose keyUsage bits are to be verified.
- * Must be non-NULL.
- * "keyUsage"
- * Constant representing keyUsage bit(s) that all must appear in keyUsage
- * extension of "cert".
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_VerifyKeyUsage(
- PKIX_PL_Cert *cert,
- PKIX_UInt32 keyUsage,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_VerifyCertAndKeyType
- * DESCRIPTION:
- *
- * Verifies cert and key types against certificate usage that is
- * a part of plContext(pkix_pl_nsscontext) structure. Throws an error
- * if cert or key types does not match.
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose keyUsage bits are to be verified.
- * Must be non-NULL.
- * "isLeafCert"
- * What type of a cert has been verified.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_VerifyCertAndKeyType(
- PKIX_PL_Cert *cert,
- PKIX_Boolean isChainCert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_CheckValidity
- * DESCRIPTION:
- *
- * Checks whether the Cert pointed to by "cert" would be valid at the time
- * represented by the Date pointed to by "date". If "date" is NULL, then this
- * function checks whether the Cert would be valid at the current time. If the
- * Cert would not be valid at the specified Date, a PKIX_Error pointer is
- * returned.
- *
- * Validity ::= SEQUENCE {
- * notBefore Time,
- * notAfter Time }
- *
- * Time ::= CHOICE {
- * utcTime UTCTime,
- * generalTime GeneralizedTime }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose validity is to be checked. Must be non-NULL.
- * "date"
- * Address of Date at which the Cert is being checked for validity.
- * If NULL, the current time is used for the Date.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_CheckValidity(
- PKIX_PL_Cert *cert,
- PKIX_PL_Date *date,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetValidityNotAfter
- * DESCRIPTION:
- *
- * Retrieves a pointer to the Date that represents the notAfter time of the
- * Certificate pointed to by "cert" and stores it at "pDate".
- *
- * Validity ::= SEQUENCE {
- * notBefore Time,
- * notAfter Time }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose validity time is to be retrieved. Must be
- * non-NULL.
- * "date"
- * Address of Date at which the Cert's notAfter time is being retrieved.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetValidityNotAfter(
- PKIX_PL_Cert *cert,
- PKIX_PL_Date **pDate,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_VerifySignature
- * DESCRIPTION:
- *
- * Verifies the signature on the Cert pointed to by "cert" using the
- * PublicKey pointed to by "pubKey". If the signature doesn't verify, an
- * Error pointer is returned.
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose signature is to be verified. Must be non-NULL.
- * "pubKey"
- * Address of a Public Key used to verify the signature. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_VerifySignature(
- PKIX_PL_Cert *cert,
- PKIX_PL_PublicKey *pubKey,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_IsCertTrusted
- * DESCRIPTION:
- *
- * Checks the Cert specified by "cert" to determine, in a manner that depends
- * on the underlying platform, whether it is trusted, and stores the result in
- * "pTrusted". If a certificate is trusted it means that a chain built to that
- * certificate, and satisfying all the usage, policy, validity, and other
- * tests, is a valid chain and the End Entity certificate from which it was
- * built can be trusted.
- *
- * If the Certificate is not intrinsically trustworthy, it still might end up a
- * component in a successful chain.
- *
- * PARAMETERS
- * "cert"
- * Address of Cert whose trustworthiness is to be determined. Must be
- * non-NULL.
- * "trustOnlyUserAnchors"
- * States that we can only trust explicitly defined user trust anchors.
- * "pTrusted"
- * Address where the Boolean value will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CERT Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_IsCertTrusted(
- PKIX_PL_Cert *cert,
- PKIX_Boolean trustOnlyUserAnchors,
- PKIX_Boolean *pTrusted,
- void *plContext);
-
-/* FUNCTION: PKIX_PL_Cert_SetAsTrustAnchor */
-PKIX_Error*
-PKIX_PL_Cert_SetAsTrustAnchor(PKIX_PL_Cert *cert,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetCacheFlag
- * DESCRIPTION:
- *
- * Retrieves the value of the cache flag in "cert" and return it at address
- * pointed by "pCacheFlag". The initila cache flag is determined by the
- * CertStore this "cert" is fetched from. When CertStore is created, user
- * need to specify if the data should be cached.
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose cache flag is fetched. Must be non-NULL.
- * "pCacheFlag"
- * Address where PKIX_Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetCacheFlag(
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pCacheFlag,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_SetCacheFlag
- * DESCRIPTION:
- *
- * Set the value of the cache flag in "cert" base on the boolean value stored
- * at "cacheFlag". This function is meant to be used by CertStore after a
- * Cert is created.
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert where "cacheFlag" is stored. Must be non-NULL.
- * "cacheFlag"
- * PKIX_Boolean flag for cache flag.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_SetCacheFlag(
- PKIX_PL_Cert *cert,
- PKIX_Boolean cacheFlag,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetTrustCertStore
- * DESCRIPTION:
- *
- * Retrieves the value of the CertStore in "cert" and return it at address
- * pointed by "pCertStore".
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose CertStore is fetched. Must be non-NULL.
- * "pTrustCertStore"
- * Address where CertStore will be stored and returned. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetTrustCertStore(
- PKIX_PL_Cert *cert,
- PKIX_CertStore **pTrustCertStore,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Cert_SetTrustCertStore
- * DESCRIPTION:
- *
- * Set the value of the CertStore "certStore" in "cert".
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert where "certStore" will be stored. Must be non-NULL.
- * "trustCertStore"
- * Address where the CertStore is. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_SetTrustCertStore(
- PKIX_PL_Cert *cert,
- PKIX_CertStore *trustCertStore,
- void *plContext);
-
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetAuthorityInfoAccess
- * DESCRIPTION:
- *
- * Retrieves the value(s) of the Authority Information Access in "cert" and
- * returns it in a list at address pointed by "pAuthorityInfoAccess".
- *
- * SubjectInfoAccess ::=
- * SEQUENCE SIZE (1..MAX) of AccessDescription
- * AccessDescription ::= SEQUENCE {
- * accessMethod OBJECT IDENTIFIER,
- * accessLocation GeneralName
- * }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose Authority Information Access is fetched.
- * Must be non-NULL.
- * "pAuthorityInfoAccess"
- * Address where Authority InfoAccess will be stored and returned.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetAuthorityInfoAccess(
- PKIX_PL_Cert *cert,
- PKIX_List **pAiaList, /* of PKIX_PL_InfoAccess */
- void *plContext);
-
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSubjectInfoAccess
- * DESCRIPTION:
- *
- * Retrieves the value(s) of the Subject Information Access in "cert" and
- * returns it in a list at address pointed by "pSubjectInfoAccess".
- *
- * SubjectInfoAccess ::=
- * SEQUENCE SIZE (1..MAX) of AccessDescription
- * AccessDescription ::= SEQUENCE {
- * accessMethod OBJECT IDENTIFIER,
- * accessLocation GeneralName
- * }
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose Subject Information Access is fetched.
- * Must be non-NULL.
- * "pSubjectInfoAccess"
- * Address where Subject InfoAccess will be stored and returned.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSubjectInfoAccess(
- PKIX_PL_Cert *cert,
- PKIX_List **pSiaList, /* of PKIX_PL_InfoAccess */
- void *plContext);
-
-
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetCrlDp
- * DESCRIPTION:
- *
- * Retrieves the value(s) of the CRL Distribution Point Extension and
- * returns it in a list at address pointed by "pDpList".
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose Subject Information Access is fetched.
- * Must be non-NULL.
- * "pDpList"
- * Address where CRL DP will be stored and returned.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Cert_GetCrlDp(PKIX_PL_Cert *cert,
- PKIX_List **pDpList,
- void *plContext);
-
-
-/*
- * InfoAccess
- *
- * To hold Authority Information Access or Subject Information Access
- * retrieved from a Certificate.
- */
-
-#define PKIX_INFOACCESS_OCSP 1
-#define PKIX_INFOACCESS_CA_ISSUERS 2
-#define PKIX_INFOACCESS_TIMESTAMPING 3
-#define PKIX_INFOACCESS_CA_REPOSITORY 5
-
-#define PKIX_INFOACCESS_LOCATION_UNKNOWN 0
-#define PKIX_INFOACCESS_LOCATION_HTTP 1
-#define PKIX_INFOACCESS_LOCATION_LDAP 2
-
-/*
- * FUNCTION: PKIX_PL_InfoAccess_GetMethod
- * DESCRIPTION:
- *
- * Stores the method of the Information Access from "infoAccess" and
- * returns in "pMethod".
- *
- * SubjectInfoAccess ::=
- * AccessDescription ::= SEQUENCE {
- * accessMethod OBJECT IDENTIFIER,
- * accessLocation GeneralName
- * }
- *
- * PARAMETERS:
- * "infoAccess"
- * Address of PKIX_PL_InfoAccess that has the access data.
- * Must be non-NULL.
- * "pMethod"
- * Address where access method will be stored and returned.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_InfoAccess_GetMethod(
- PKIX_PL_InfoAccess *infoAccess,
- PKIX_UInt32 *pMethod,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_InfoAccess_GetLocation
- * DESCRIPTION:
- *
- * Stores the location of the Information Access from "infoAccess" and
- * returns in "pLocation".
- *
- * SubjectInfoAccess ::=
- * AccessDescription ::= SEQUENCE {
- * accessMethod OBJECT IDENTIFIER,
- * accessLocation GeneralName
- * }
- *
- * PARAMETERS:
- * "infoAccess"
- * Address of PKIX_PL_InfoAccess that has the access data.
- * Must be non-NULL.
- * "pLocation"
- * Address where access location will be stored and returned.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_InfoAccess_GetLocation(
- PKIX_PL_InfoAccess *infoAccess,
- PKIX_PL_GeneralName **pLocation,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_InfoAccess_GetLocationType
- * DESCRIPTION:
- *
- * Stores the type of location of the Information Access from "infoAccess" and
- * returns in "pType".
- *
- * SubjectInfoAccess ::=
- * AccessDescription ::= SEQUENCE {
- * accessMethod OBJECT IDENTIFIER,
- * accessLocation GeneralName
- * }
- *
- * PARAMETERS:
- * "infoAccess"
- * Address of PKIX_PL_InfoAccess that has the access data.
- * Must be non-NULL.
- * "pType"
- * Address where access location type will be stored and returned.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_InfoAccess_GetLocationType(
- PKIX_PL_InfoAccess *infoAccess,
- PKIX_UInt32 *pType,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_InfoAccess_GetAIACerts(
- PKIX_PL_InfoAccess *ia,
- void **pNBIOContext,
- void **pHandle,
- PKIX_List **pCerts,
- void *plContext);
-
-/*
- * CRL
- *
- * A CRL represents an X.509 certificate revocation list. It can be created
- * using the bytes of a valid ASN.1 DER encoding. Once created, a CRL is
- * immutable. The following functions include accessors (gettors) for the
- * various components of an X.509 CRL, as well as a function for signature
- * verification.
- */
-
-/*
- * FUNCTION: PKIX_PL_CRL_Create
- * DESCRIPTION:
- *
- * Creates a new CRL using the bytes in the ByteArray pointed to by
- * "byteArray" and stores it at "pCRL". If the bytes are not a valid ASN.1
- * DER encoding of a CRL, a PKIX_Error pointer is returned. Once created, a
- * CRL is immutable.
- *
- * CertificateList ::= SEQUENCE {
- * tbsCertList TBSCertList,
- * signatureAlgorithm AlgorithmIdentifier,
- * signatureValue BIT STRING }
- *
- * TBSCertList ::= SEQUENCE {
- * version Version OPTIONAL,
- * -- if present, MUST be v2
- * signature AlgorithmIdentifier,
- * issuer Name,
- * thisUpdate Time,
- * nextUpdate Time OPTIONAL,
- * revokedCertificates SEQUENCE OF SEQUENCE {
- * userCertificate CertificateSerialNumber,
- * revocationDate Time,
- * crlEntryExtensions Extensions OPTIONAL
- * -- if present, MUST be v2
- * } OPTIONAL,
- * crlExtensions [0] EXPLICIT Extensions OPTIONAL
- * -- if present, MUST be v2
- * }
- *
- * PARAMETERS:
- * "byteArray"
- * Address of ByteArray representing the CRL's DER encoding.
- * Must be non-NULL.
- * "pCRL"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRL_Create(
- PKIX_PL_ByteArray *byteArray,
- PKIX_PL_CRL **pCRL,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CRL_GetIssuer
- * DESCRIPTION:
- *
- * Retrieves a pointer to the X500Name that represents the issuer of the CRL
- * pointed to by "crl" and stores it at "pCRLIssuer".
- *
- * PARAMETERS:
- * "crl"
- * Address of CRL whose issuer is to be stored. Must be non-NULL.
- * "pCRLIssuer"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRL_GetIssuer(
- PKIX_PL_CRL *crl,
- PKIX_PL_X500Name **pCRLIssuer,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CRL_GetCriticalExtensionOIDs
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of OIDs (each OID corresponding to a
- * critical extension of the CRL pointed to by "crl") and stores it at
- * "pExtensions". If "crl" does not have any critical extensions, this
- * function stores an empty List at "pExtensions".
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "crl"
- * Address of CRL whose critical extension OIDs are to be stored.
- * Must be non-NULL.
- * "pExtensions"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRL_GetCriticalExtensionOIDs(
- PKIX_PL_CRL *crl,
- PKIX_List **pExtensions, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CRL_GetCRLEntryForSerialNumber
- * DESCRIPTION:
- *
- * Retrieves a pointer to the CRLEntry (found in the CRL pointed to by "crl")
- * corresponding to the BigInt pointed to by "serialNumber" and stores it at
- * "pCRLEntry". If there is no such CRLEntry, this functions stores NULL at
- * "pCRLEntry". Once created, a CRLEntry is immutable.
- *
- * PARAMETERS:
- * "crl"
- * Address of CRL whose CRL Entries are to be searched. Must be non-NULL.
- * "serialNumber"
- * Address of BigInt representing serial number of certificate whose
- * CRLEntry is to be found. Must be non-NULL.
- * "pCRLEntry"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRL_GetCRLEntryForSerialNumber(
- PKIX_PL_CRL *crl,
- PKIX_PL_BigInt *serialNumber,
- PKIX_PL_CRLEntry **pCRLEntry,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CRL_GetCRLNumber
- * DESCRIPTION:
- * Retrieves the CRL Number from extension. This is non-critical extension.
- *
- * PARAMETERS:
- * "crl"
- * Address of CRL whose version is to be stored. Must be non-NULL.
- * "pCrlNumber"
- * Address where a CRL Number will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRL_GetCRLNumber(
- PKIX_PL_CRL *crl,
- PKIX_PL_BigInt **pCrlNumber,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CRL_VerifyUpdateTime
- * DESCRIPTION:
- *
- * Checks whether the CRL pointed to by "crl" would be valid at the time
- * represented by the Date pointed to by "date" and stores the Boolean result
- * at "pResult". This check is done only when NIST policy is enforced.
- *
- * Time ::= CHOICE {
- * utcTime UTCTime,
- * generalTime GeneralizedTime }
- *
- * PARAMETERS:
- * "crl"
- * Address of CRL whose validity is to be checked. Must be non-NULL.
- * "date"
- * Address of Date at which the CRL is being checked for validity.
- * Must be non-NULL.
- * "pResult"
- * Address of Boolean result. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRL_VerifyUpdateTime(
- PKIX_PL_CRL *crl,
- PKIX_PL_Date *date,
- PKIX_Boolean *pResult,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CRL_VerifySignature
- * DESCRIPTION:
- *
- * Verifies the signature on the CRL pointed to by "crl" using the PublicKey
- * pointed to by "pubKey". If the signature doesn't verify, a PKIX_Error
- * pointer is returned.
- *
- * PARAMETERS:
- * "crl"
- * Address of CRL whose signature is to be verified. Must be non-NULL.
- * "pubKey"
- * Address of a Public Key used to verify the signature. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRL_VerifySignature(
- PKIX_PL_CRL *crl,
- PKIX_PL_PublicKey *pubKey,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CRL_ReleaseDerCrl
- * DESCRIPTION:
- *
- * Relinguish the ownership for the crl der. The operation will succeed if
- * a crl owns the der. If the crl was created from existing crl and does not
- * own the der, then the function will return null.
- *
- * PARAMETERS:
- * "crl"
- * Address of CRL whose signature is to be verified. Must be non-NULL.
- * "derCrl"
- * Pointer to a SECItem that has der crl.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRL_ReleaseDerCrl(PKIX_PL_CRL *crl,
- SECItem **derCrl,
- void *plContext);
-/*
- * FUNCTION: PKIX_PL_CRL_AdoptDerCrl
- * DESCRIPTION:
- *
- * Adopt memory of the der. The secItem that contains der will be
- * freed with destruction of parent pkix crl structure.
- *
- * * PARAMETERS:
- * "crl"
- * Address of CRL whose signature is to be verified. Must be non-NULL.
- * "derCrl"
- * Pointer to a SECItem that has der crl.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRL_AdoptDerCrl(PKIX_PL_CRL *crl,
- SECItem *derCrl,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CRLEntry_GetCRLEntryReasonCode
- * DESCRIPTION:
- *
- * Retrieves the value of the reason code extension of the CRLEntry pointed
- * to by "crlEntry" and stores it at "pReason". If the "crlEntry" has no
- * reason code extension, this function stores -1 at "pReason".
- *
- * CRLReason ::= ENUMERATED {
- * unspecified (0),
- * keyCompromise (1),
- * cACompromise (2),
- * affiliationChanged (3),
- * superseded (4),
- * cessationOfOperation (5),
- * certificateHold (6),
- * removeFromCRL (8),
- * privilegeWithdrawn (9),
- * aACompromise (10) }
- *
- * PARAMETERS:
- * "crlEntry"
- * Address of CRLEntry whose reason code bit values are to be returned
- * at "pReason". Must be non-NULL.
- * "pReason"
- * Address of PKIX_Int32 where reason code is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRLEntry_GetCRLEntryReasonCode(
- PKIX_PL_CRLEntry *crlEntry,
- PKIX_Int32 *pReason,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_CRLEntry_GetCriticalExtensionOIDs
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of OIDs (each OID corresponding to a
- * critical extension of the CRLEntry pointed to by "crlEntry") and stores it
- * at "pExtensions". If "crlEntry" does not have any critical extensions, this
- * function stores an empty List at "pExtensions".
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "crlEntry"
- * Address of CRLEntry whose critical extension OIDs are to be stored.
- * Must be non-NULL.
- * "pExtensions"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CRLEntry_GetCriticalExtensionOIDs(
- PKIX_PL_CRLEntry *crlEntry,
- PKIX_List **pExtensions, /* list of PKIX_PL_OID */
- void *plContext);
-
-#ifdef BUILD_LIBPKIX_TESTS
-/*
- * FUNCTION: PKIX_PL_X500Name_Create
- * DESCRIPTION:
- *
- * Creates a new X500Name using the UTF8 string representation pointed to by
- * "stringRep" and stores it at "pName". Once created, an X500Name is
- * immutable.
- *
- * Name ::= CHOICE {
- * RDNSequence }
- *
- * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
- *
- * RelativeDistinguishedName ::=
- * SET OF AttributeTypeAndValue
- *
- * AttributeTypeAndValue ::= SEQUENCE {
- * type AttributeType,
- * value AttributeValue }
- *
- * AttributeType ::= OBJECT IDENTIFIER
- *
- * AttributeValue ::= ANY DEFINED BY AttributeType
- *
- * DirectoryString ::= CHOICE {
- * teletexString TeletexString (SIZE (1..MAX)),
- * printableString PrintableString (SIZE (1..MAX)),
- * universalString UniversalString (SIZE (1..MAX)),
- * utf8String UTF8String (SIZE (1..MAX)),
- * bmpString BMPString (SIZE (1..MAX)) }
- *
- * PARAMETERS:
- * "stringRep"
- * Address of UTF8 String representation of X500Name. Must be non-NULL.
- * "pName"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an X500Name Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_X500Name_Create (
- PKIX_PL_String *stringRep,
- PKIX_PL_X500Name **pName,
- void *plContext);
-
-#endif /* BUILD_LIBPKIX_TESTS */
-
-/*
- * FUNCTION: PKIX_PL_X500Name_CreateFromCERTName
- * DESCRIPTION:
- *
- * The function creates x500Name using der encoded DN and/or pointer to
- * CERTName. If arument "name" is NULL, but derName is supplied when
- * the function generates nssDN(CERTName type) from der data. If derName
- * is not supplied, CERTName *name will not be used to generate DN DER
- * encoding.
- *
- * PARAMETERS:
- * "derName"
- * Address of DER representation of X500Name. Can be NULL
- * "name"
- * Address of CERTName representation of X500Name. Can be NULL
- * "pName"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an X500Name Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_X500Name_CreateFromCERTName(
- SECItem *derName,
- CERTName *name,
- PKIX_PL_X500Name **pName,
- void *plContext);
-
-
-/*
- * TYPE: PKIX_PL_X500Name_Match
- * DESCRIPTION:
- * Checks whether the X500Name pointed to by "firstX500Name" MATCHES the
- * X500Name pointed to by "secondX500Name" and stores the boolean result at
- * "pResult". Two X500Names MATCH if they meet the conditions specified by
- * RFC 3280 (section 4.1.2.4). Namely:
- *
- * "This specification requires only a subset of the name comparison
- * functionality specified in the X.500 series of specifications.
- * Conforming implementations are REQUIRED to implement the following
- * name comparison rules:
- *
- * (a) attribute values encoded in different types (e.g., PrintableString
- * and BMPString) MAY be assumed to represent different strings;
- *
- * (b) attribute values in types other than PrintableString are case
- * sensitive (this permits matching of attribute values as binary objects)
- *
- * (c) attribute values in PrintableString are not case sensitive
- * (e.g., "Marianne Swanson" is the same as "MARIANNE SWANSON"); and
- *
- * (d) attribute values in PrintableString are compared after removing
- * leading and trailing white space and converting internal substrings of
- * one or more consecutive white space characters to a single space."
- *
- * PARAMETERS:
- * "firstX500Name"
- * Address of first X500Name to compare. Must be non-NULL.
- * "secondX500Name"
- * Address of second X500Name to compare. Must be non-NULL.
- * "pResult"
- * Address of Boolean result. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an X500Name Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_X500Name_Match(
- PKIX_PL_X500Name *firstX500Name,
- PKIX_PL_X500Name *secondX500Name,
- PKIX_Boolean *pResult,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Date_Create_UTCTime
- * DESCRIPTION:
- * Creates a new Date of type UTCTime using the string representation pointed
- * to by "stringRep" and stores it at "pDate". The UTCTime restriction means
- * that the year can only be specified by the least significant two digits
- * (YY). As such, Only the years 1950-2049 can be represented. If "stringRep"
- * is NULL, this function creates a new Date representing the current time
- * and stores it at "pDate". Once created, a Date is immutable.
- *
- * If YY is greater than or equal to 50, the year is interpreted as 19YY.
- * If YY is less than 50, the year is interpreted as 20YY.
- *
- * The string representation of the date must be in the following form:
- * "YYMMDDhhmmssZ" where:
- *
- * YY is the least significant two digits of the year
- * MM is the month (01 to 12)
- * DD is the day (01 to 31)
- * hh is the hour (00 to 23)
- * mm are the minutes (00 to 59)
- * ss are the seconds (00 to 59)
- * Z indicates that local time is GMT
- *
- * PARAMETERS:
- * "stringRep"
- * Address of String representation of Date.
- * If NULL, current time is used.
- * "pDate"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Date Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Date_Create_UTCTime (
- PKIX_PL_String *stringRep,
- PKIX_PL_Date **pDate,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Date_Create_UTCTime
- * DESCRIPTION:
- * Creates a new Date from PRTime data.
- *
- * PARAMETERS:
- * "time"
- * Represented time in PRTime type.
- * "pDate"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Date Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Date_CreateFromPRTime(
- PRTime time,
- PKIX_PL_Date **pDate,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Date_Create_CurrentOffBySeconds
- * DESCRIPTION:
- * Creates a new Date of type UTCTime for current time with seconds off by
- * "secondsOffset" and returns it at "pDate".
- *
- * PARAMETERS:
- * "secondsOffset"
- * A PKIX_Int32 indicates the time offset from current. If "secondsOffset"
- * is negative, the time is in past.
- * "pDate"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Date Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Date_Create_CurrentOffBySeconds(
- PKIX_Int32 secondsOffset,
- PKIX_PL_Date **pDate,
- void *plContext);
-
-#ifdef BUILD_LIBPKIX_TESTS
-/*
- * FUNCTION: PKIX_PL_GeneralName_Create
- * DESCRIPTION:
- *
- * Creates a new GeneralName of type "nameType" using the string
- * representation pointed to by "stringRep" and stores it at "pGName".
- * All of the GeneralName type format values specified in pkixt.h are
- * supported, with the exception of PKIX_OTHER_NAME, PKIX_EDIPARTY_NAME,
- * PKIX_IP_NAME, and PKIX_X400_ADDRESS. A PKIX_ESCASCII string representation
- * should be used for all supported nameTypes, with the exception of
- * registeredID and directoryName. For registeredID, the string representation
- * should be the same as that used by PKIX_PL_OID_Create. For directoryName,
- * the string representation should be the same as that used by
- * PKIX_PL_X500Name_Create. If an unsupported name type is used, an Error is
- * returned. Once created, a GeneralName is immutable.
- *
- * GeneralName ::= CHOICE {
- * otherName [0] OtherName,
- * rfc822Name [1] IA5String,
- * dNSName [2] IA5String,
- * x400Address [3] ORAddress,
- * directoryName [4] Name,
- * ediPartyName [5] EDIPartyName,
- * uniformResourceIdentifier [6] IA5String,
- * iPAddress [7] OCTET STRING,
- * registeredID [8] OBJECT IDENTIFIER }
- *
- *
- * NOTE: This function is allowed to be called only by pkix tests programs.
- *
- * PARAMETERS:
- * "nameType"
- * Type of GeneralName to be created. This must be one of the GeneralName
- * type format values specified in pkixt.h
- * "stringRep"
- * Address of String representation of GeneralName. Must be non-NULL.
- * "pGName"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a GeneralName Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_GeneralName_Create (
- PKIX_UInt32 nameType,
- PKIX_PL_String *stringRep,
- PKIX_PL_GeneralName **pGName,
- void *plContext);
-#endif /* BUILD_LIBPKIX_TESTS */
-
-/*
- * FUNCTION: PKIX_PL_CertNameConstraints_CheckNamesInNameSpace
- * DESCRIPTION:
- *
- * This function checks whether names in "nameList" comply with
- * "nameConstraints". It stores PKIX_TRUE at "pCheckPass" if the names meet the
- * requirement of the NameConstraints, PKIX_FALSE otherwise.
- *
- * PARAMETERS
- * "nameList"
- * List of GeneralNames that are checked for compliance. May be empty
- * or NULL.
- * "nameConstraints"
- * Address of CertNameConstraints that provides lists of permitted
- * and excluded names. Must be non-NULL.
- * "pCheckPass"
- * Address where PKIX_TRUE is returned if the all names in "nameList" are
- * valid. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a NameConstraints Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CertNameConstraints_CheckNamesInNameSpace(
- PKIX_List *nameList, /* List of PKIX_PL_GeneralName */
- PKIX_PL_CertNameConstraints *nameConstraints,
- PKIX_Boolean *pCheckPass,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_AIAMgr_Create
- * DESCRIPTION:
- *
- * This function creates an AIAMgr to handle retrieval of Certs and CRLs
- * from servers given by AIA Certificate extensions. It manages connections
- * and caches. The manager created is stored at "pAIAMgr".
- *
- * PARAMETERS:
- * "pAIAMgr"
- * The address at which the result is stored. Must be non-NULL.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an AIAMgr Error if the function fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_AIAMgr_Create(
- PKIX_PL_AIAMgr **pAIAMgr,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_AIAMgr_GetAIACerts
- * DESCRIPTION:
- *
- * This function uses the AIAMgr pointed to by "aiaMgr" to retrieve the Certs
- * specified by an AIA certificate extension, if any, in the Cert pointed to by
- * "prevCert", storing the results at "pCerts". If the certificate has no such
- * extension, this function stores NULL at "pCerts".
- *
- * If the request is suspended for non-blocking I/O, a platform-dependent
- * context is stored at "pNBIOContext" and NULL is stored at "pCerts". This
- * return is referred to as the WOULDBLOCK state. Note that the caller must
- * check for a non-NULL value at "pNBIOContext", to distinguish this state from
- * the "no such extension" return described in the first paragraph. (The
- * alternative would be to return an empty List, but it seemed wrong to incur
- * the overhead of creating and destroying an empty List for the most common
- * situation.)
- *
- * After a WOULDBLOCK return, the user may continue the operation by calling
- * pkix_AIAMgr_GetAIACerts (possibly more than once, if the function again
- * returns in the WOULDBLOCK state) with the previously-returned non-NULL
- * value of "pNBIOContext". When results are complete, NULL is stored at
- * "pNBIOContext", and the results (which may be NULL) are stored at "pCerts".
- *
- * PARAMETERS:
- * "aiaMgr"
- * The AIAMgr which controls the retrieval of certificates. Must be
- * non-NULL.
- * "prevCert"
- * Address of PKIX_PL_Cert which may provide an AIA or SIA extension. Must
- * be non-NULL.
- * "pNBIOContext"
- * Address at which platform-dependent information is returned if request
- * is suspended for non-blocking I/O. Must be non-NULL.
- * "pCerts"
- * Address at which the returned List is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an AIAMgr Error if the function fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_AIAMgr_GetAIACerts(
- PKIX_PL_AIAMgr *aiaMgr,
- PKIX_PL_Cert *prevCert,
- void **pNBIOContext,
- PKIX_List **pCerts,
- void *plContext);
-
-typedef PKIX_Error *
-(*PKIX_PL_VerifyCallback)(
- PKIX_PL_Object *signedObject,
- PKIX_PL_Cert *signerCert, /* can be unknown */
- PKIX_PL_Date *producedAt,
- PKIX_ProcessingParams *procParams,
- void **pNBIOContext,
- void **pState,
- PKIX_BuildResult **pBuildResult,
- PKIX_VerifyNode **pVerifyTree,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_PKI_H */
diff --git a/security/nss/lib/libpkix/include/pkix_pl_system.h b/security/nss/lib/libpkix/include/pkix_pl_system.h
deleted file mode 100755
index 053942a22..000000000
--- a/security/nss/lib/libpkix/include/pkix_pl_system.h
+++ /dev/null
@@ -1,1578 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines several platform independent functions to make system
- * calls in a portable manner.
- *
- */
-
-#ifndef _PKIX_PL_SYSTEM_H
-#define _PKIX_PL_SYSTEM_H
-
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/*
- * FUNCTION: PKIX_PL_Initialize
- * DESCRIPTION:
- *
- * XXX If this function is really only meant to be used by PKIX_Initialize,
- * why don't we just put it in a private header file rather than the public
- * API. I think it may confuse users.
- *
- * This function should NOT be called by applications. It is only meant to
- * be used internally. The application needs only to call PKIX_Initialize,
- * which in turn will call this function.
- *
- * This function initializes data structures critical to the operation of
- * libpkix. If initialization is not successful, an Error pointer is
- * returned. This function should only be called once. If it is called more
- * than once, the behavior is undefined.
- *
- * No PKIX_* types and functions should be used before this function is
- * called and returns successfully.
- *
- * PARAMETERS:
- * "platformInitNeeded"
- * Boolean indicating whether platform initialization is to be called
- * "useArenas"
- * Boolean indicating whether allocation is to be done using arenas or
- * individual allocation (malloc).
- * "pPlContext"
- * Address at which platform-specific context pointer is stored. Must be
- * non-NULL.
- * THREAD SAFETY:
- * Not Thread Safe
- *
- * This function assumes that no other thread is calling this function while
- * it is executing.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Initialize(
- PKIX_Boolean platformInitNeeded,
- PKIX_Boolean useArenas,
- void **pPlContext);
-
-/*
- * FUNCTION: PKIX_PL_Shutdown
- * DESCRIPTION:
- *
- * XXX If this function is really only meant to be used by PKIX_Shutdown,
- * why don't we just put it in a private header file rather than the public
- * API. I think it may confuse users.
- *
- * This function should NOT be called by applications. It is only meant to
- * be used internally. The application needs only to call PKIX_Shutdown,
- * which in turn will call this function.
- *
- * This function deallocates any memory used by the Portability Layer (PL)
- * component of the libpkix library and shuts down any ongoing operations.
- * This function should only be called once. If it is called more than once,
- * the behavior is undefined.
- *
- * No PKIX_* types and functions should be used after this function is called
- * and returns successfully.
- *
- * PARAMETERS:
- * "platformInitNeeded"
- * Boolean value of whether PKIX initialized NSS: PKIX_TRUE if we
- * called nssInit, PKIX_FALSE otherwise
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe
- *
- * This function makes use of global variables and should only be called once.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Shutdown(void *plContext);
-
-/* standard memory management operations (not reference-counted) */
-
-/*
- * FUNCTION: PKIX_PL_Malloc
- * DESCRIPTION:
- *
- * Allocates a block of "size" bytes. The bytes are not initialized. A
- * pointer to the newly allocated memory will be stored at "pMemory". The
- * memory allocated by PKIX_PL_Malloc() may only be freed by PKIX_PL_Free().
- * If "size" equals zero, this function stores NULL at "pMemory".
- *
- * PARAMETERS:
- * "size"
- * Number of bytes to allocate.
- * "pMemory"
- * Address where newly allocated pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread safety depends on underlying thread safety of platform used by PL.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Malloc(
- PKIX_UInt32 size,
- void **pMemory,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Calloc
- * DESCRIPTION:
- *
- * Allocates memory for an array of "nElem" elements, with each element
- * requiring "elSize" bytes, and with all the bits initialized to zero. A
- * pointer to the newly allocated memory will be stored at "pMemory". The
- * memory allocated by PKIX_PL_Calloc() may only be freed by PKIX_PL_Free().
- * If "nElem" equals zero or "elSize" equals zero, this function stores NULL
- * at "pMemory".
- *
- * PARAMETERS:
- * "nElem"
- * Number of elements needed.
- * "elSize"
- * Number of bytes needed per element.
- * "pMemory"
- * Address where newly allocated pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread safety depends on underlying thread safety of platform used by PL.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Calloc(
- PKIX_UInt32 nElem,
- PKIX_UInt32 elSize,
- void **pMemory,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Realloc
- * DESCRIPTION:
- *
- * Resizes an existing block of memory (pointed to by "ptr") to "size" bytes.
- * Stores a pointer to the resized memory at "pNewPtr". The "ptr" must
- * originate from either PKIX_PL_Malloc(), PKIX_PL_Realloc(), or
- * PKIX_PL_Calloc(). If "ptr" is NULL, this function behaves as if
- * PKIX_PL_Malloc were called. If "ptr" is not NULL and "size" equals zero,
- * the memory pointed to by "ptr" is deallocated and this function stores
- * NULL at "pPtr".
- *
- * PARAMETERS:
- * "ptr"
- * A pointer to an existing block of memory.
- * "size"
- * New size in bytes.
- * "pPtr"
- * Address where newly allocated pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread safety depends on underlying thread safety of platform used by PL.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Realloc(
- void *ptr,
- PKIX_UInt32 size,
- void **pNewPtr,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Free
- * DESCRIPTION:
- *
- * Frees a block of memory pointed to by "ptr". This value must originate with
- * either PKIX_PL_Malloc(), PKIX_PL_Calloc, or PKIX_PL_Realloc(). If "ptr" is
- * NULL, the function has no effect.
- *
- * PARAMETERS:
- * "ptr"
- * A pointer to an existing block of memory.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread safety depends on underlying thread safety of platform used by PL.
- * RETURNS:
- * Returns NULL always.
- */
-PKIX_Error *
-PKIX_PL_Free(
- void *ptr,
- void *plContext);
-
-/* Callback Types
- *
- * The next few typedefs define function pointer types for the standard
- * functions associated with every object type. See the Implementation
- * Guidelines or the comments below for more information.
- */
-
-/*
- * TYPE: PKIX_PL_DestructorCallback
- * DESCRIPTION:
- *
- * This callback function destroys (or DecRef's) any pointers contained in
- * the user data for the Object pointed to by "object" before the Object is
- * destroyed.
- *
- * PARAMETERS:
- * "object"
- * Address of Object to destroy. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts (as long as they're not operating on the same
- * object and nobody else is performing an operation on the object at the
- * same time). Both of these conditions should be guaranteed by the fact that
- * the object's ref count was reduced to 0 in a lock that's still held when
- * this callback is called.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_PL_DestructorCallback)(
- PKIX_PL_Object *object,
- void *plContext);
-
-/*
- * TYPE: PKIX_PL_EqualsCallback
- * DESCRIPTION:
- *
- * This callback function compares the Object pointed to by "firstObject" with
- * the Object pointed to by "secondObject" for equality and stores the result
- * at "pResult" (PKIX_TRUE if equal; PKIX_FALSE if not).
- *
- * PARAMETERS:
- * "firstObject"
- * Address of first object to compare. Must be non-NULL.
- * "secondObject"
- * Address of second object to compare. Must be non-NULL.
- * "pResult"
- * Address where Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same objects.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_PL_EqualsCallback)(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext);
-
-/*
- * TYPE: PKIX_PL_HashcodeCallback
- * DESCRIPTION:
- *
- * This callback function computes the hashcode of the Object pointed to by
- * "object" and stores the result at "pValue".
- *
- * PARAMETERS:
- * "object"
- * Address of Object whose hashcode is desired. Must be non-NULL.
- * "pValue"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_PL_HashcodeCallback)(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pValue,
- void *plContext);
-
-/*
- * TYPE: PKIX_PL_ToStringCallback
- * DESCRIPTION:
- *
- * This callback function converts the Object pointed to by "object" to a
- * string representation and stores the result at "pString".
- *
- * PARAMETERS:
- * "object"
- * Object to get a string representation from. Must be non-NULL.
- * "pString"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_PL_ToStringCallback)(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext);
-
-/*
- * TYPE: PKIX_PL_ComparatorCallback
- * DESCRIPTION:
- *
- * This callback function determines how the Object pointed to by
- * "firstObject" compares to the Object pointed to by "secondObject" and
- * stores the result at "pResult".
- *
- * Result is less than 0 if firstObject < secondObject
- * Result equals 0 if firstObject = secondObject
- * Result is greater than 0 if firstObject > secondObject
- *
- * PARAMETERS:
- * "firstObject"
- * Address of the first Object to compare. Must be non-NULL.
- * "secondObject"
- * Address of the second Object to compare. Must be non-NULL.
- * "pResult"
- * Address where PKIX_Int32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same objects.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_PL_ComparatorCallback)(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Int32 *pResult,
- void *plContext);
-
-/*
- * TYPE: PKIX_PL_DuplicateCallback
- * DESCRIPTION:
- *
- * This callback function creates a copy of the Object pointed to by "object"
- * and stores it at "pNewObject". Changes to the copy will not affect the
- * original and vice versa.
- *
- * Note that if "object" is immutable, the Duplicate callback function simply
- * needs to increment the reference count on "object" and return a reference
- * to "object".
- *
- * PARAMETERS:
- * "object"
- * Address of the object to be copied. Must be non-NULL.
- * "pNewObject"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_PL_DuplicateCallback)(
- PKIX_PL_Object *object,
- PKIX_PL_Object **pNewObject,
- void *plContext);
-
-/* reference-counted objects */
-
-/*
- * FUNCTION: PKIX_PL_Object_Alloc
- * DESCRIPTION:
- *
- * Allocates a new Object of type "type" with "size" bytes and stores the
- * resulting pointer at "pObject". The reference count of the newly
- * allocated object will be initialized to 1. To improve performance, each
- * object maintains a small cache for the results of Hashcode and ToString.
- * Mutable objects should call InvalidateCache whenever changes are made to
- * the object's state (after creation). If an error occurs during allocation,
- * "pObject" will be set to NULL. If "size" equals zero, this function creates
- * an Object with a reference count of 1, and places a pointer to unallocated
- * memory at "pMemory".
- *
- * PARAMETERS:
- * "type"
- * The type code of this object. See pkixt.h for codes. The type code
- * must be previously registered with PKIX_PL_Object_RegisterType().
- * "size"
- * The number of bytes needed for this object.
- * "pMemory"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_Alloc(
- PKIX_TYPENUM type,
- PKIX_UInt32 size,
- PKIX_PL_Object **pObject,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_IsTypeRegistered
- * DESCRIPTION:
- *
- * Checks whether "type" has been registered by a previous call to
- * PKIX_PL_Object_RegisterType() and stores the Boolean result at "pBool".
- * This function will typically only be called by constructors for specific
- * types.
- *
- * PARAMETERS:
- * "type"
- * The type code to check if valid.
- * "pBool"
- * Address where Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_IsTypeRegistered(
- PKIX_UInt32 type,
- PKIX_Boolean *pBool,
- void *plContext);
-
-#ifdef PKIX_USER_OBJECT_TYPE
-/*
- * FUNCTION: PKIX_PL_Object_RegisterType
- * DESCRIPTION:
- *
- * Registers a new Object with type value "type" and associates it with a set
- * of functions ("destructor", "equalsFunction", "hashcodeFunction",
- * "toStringFunction", "comparator", "duplicateFunction"). The new type value
- * is also associated with a string pointed to by "description", which is used
- * by the default ToStringCallback. This function may only be called with a
- * particular "type" value once. If "destructor", "equalsFunction",
- * "hashcodeFunction", or "toStringFunction" are NULL, default functions will
- * be registered. However, if "comparator" and "duplicateFunction" are NULL,
- * no functions will be registered and calls to PKIX_PL_Object_Compare and
- * PKIX_PL_Object_Duplicate will result in an error.
- *
- * PARAMETERS:
- * "type"
- * The type code.
- * "description"
- * The string used by the default ToStringCallback. Default used if NULL.
- * "destructor"
- * The DestructorCallback function to be set. Default used if NULL.
- * "equalsFunction"
- * The EqualsCallback function to be set. Default used if NULL.
- * "hashcodeFunction"
- * The HashcodeCallback function to be set. Default used if NULL.
- * "toStringFunction"
- * The ToStringCallback function to be set. Default used if NULL.
- * "comparator"
- * The ComparatorCallback function to be set. None set if NULL. If no
- * callback function is set in this field, calls to
- * PKIX_PL_Object_Compare() will result in an error.
- * "duplicateFunction"
- * The DuplicateCallback function to be set. None set if NULL. If no
- * callback function is set in this field, calls to
- * PKIX_PL_Object_Duplicate() will result in an error.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Object Error if "type" is already registered.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_RegisterType(
- PKIX_UInt32 type,
- char *description,
- PKIX_PL_DestructorCallback destructor,
- PKIX_PL_EqualsCallback equalsFunction,
- PKIX_PL_HashcodeCallback hashcodeFunction,
- PKIX_PL_ToStringCallback toStringFunction,
- PKIX_PL_ComparatorCallback comparator,
- PKIX_PL_DuplicateCallback duplicateFunction,
- void *plContext);
-
-#endif
-/*
- * FUNCTION: PKIX_PL_Object_InvalidateCache
- * DESCRIPTION:
- *
- * Invalidates the cache of the Object pointed to by "object". The cache
- * contains results of Hashcode and ToString. This function should be used by
- * mutable objects whenever changes are made to the Object's state (after
- * creation).
- *
- * For example, if ToString is called on a mutable Object, the result will be
- * computed, cached, and returned. If the Object's state does not change, a
- * subsequent call to ToString will recognize that the relevant result is
- * cached and will simply return the result (without calling the Object's
- * ToStringCallback to recompute it). However, when the Object's state
- * changes, the cache needs to be invalidated in order to force a subsequent
- * call to ToString to recompute the result.
- *
- * PARAMETERS:
- * "object"
- * Address of Object whose cache is to be invalidated. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- *
- * THREAD SAFETY
- * Thread Safe - Object Type Table is locked during modification.
- *
- * Multiple threads can safely call this function without worrying about
- * conflicts, even if they're operating on the same object.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_InvalidateCache(
- PKIX_PL_Object *object,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_IncRef
- * DESCRIPTION:
- *
- * Increments the reference count of the Object pointed to by "object".
- *
- * PARAMETERS:
- * "object"
- * Address of Object whose reference count is to be incremented.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_IncRef(
- PKIX_PL_Object *object,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_DecRef
- * DESCRIPTION:
- *
- * Decrements the reference count of the Object pointed to by "object". If the
- * resulting reference count is zero, the destructor (if any) registered for
- * the Object's type (by PKIX_PL_RegisterType) will be called and then the
- * Object will be destroyed.
- *
- * PARAMETERS:
- * "object"
- * Address of Object whose reference count is to be decremented.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * If destructor is not called, multiple threads can safely call this function
- * without worrying about conflicts, even if they're operating on the same
- * object. If destructor is called, thread safety depends on the callback
- * defined by PKIX_PL_RegisterType().
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_DecRef(
- PKIX_PL_Object *object,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_Equals
- * DESCRIPTION:
- *
- * Compares the Object pointed to by "firstObject" with the Object pointed to
- * by "secondObject" for equality using the callback function registered for
- * "firstObject"'s type, and stores the Boolean result at "pResult". While
- * typical callbacks will return PKIX_FALSE if the objects are of different
- * types, other callbacks may be capable of comparing objects of different
- * types [which may correctly result in cases where Equals(first, second)
- * differs from Equals(second, first)].
- *
- * PARAMETERS:
- * "firstObject"
- * Address of the first Object to compare. Must be non-NULL.
- * The EqualsCallback for this Object will be called.
- * "secondObject"
- * Address of the second Object to compare. Must be non-NULL.
- * "pResult"
- * Address where Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread safety depends on the callback defined by PKIX_PL_RegisterType().
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Object Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_Hashcode
- * DESCRIPTION:
- *
- * Computes a hashcode of the Object pointed to by "object" using the
- * callback registered for "object"'s type and stores it at "pValue". Two
- * objects which are equal should have the same hashcode. Once a call to
- * Hashcode has been made, the results are cached and subsequent calls to
- * Hashcode will return the cached value. For mutable objects, an
- * InvalidateCache function is provided, which should be called whenever
- * changes are made to the object's state (after creation).
- *
- * PARAMETERS:
- * "object"
- * Address of the Object whose hashcode is desired. Must be non-NULL.
- * The HashcodeCallback for this object will be called.
- * "pValue"
- * Address where PKIX_Int32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Thread safety depends on the callback defined by PKIX_PL_RegisterType().
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Object Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pValue,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_ToString
- * DESCRIPTION:
- *
- * Creates a string representation of the Object pointed to by "object" using
- * the callback registered for "object"'s type and stores it at "pString".
- * Once a call to ToString has been made, the results are cached and
- * subsequent calls to ToString will return the cached value. For mutable
- * objects, an InvalidateCache function is provided, which should be called
- * whenever changes are made to the object's state (after creation).
- *
- * PARAMETERS:
- * "object"
- * Address of Object whose string representation is desired.
- * Must be non-NULL. The ToStringCallback for this object will be called.
- * "pString"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread safety depends on the callback defined by PKIX_PL_RegisterType().
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Object Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_Compare
- * DESCRIPTION:
- *
- * Compares the Object pointed to by "firstObject" and the Object pointed to
- * by "secondObject" using the comparator registered for "firstObject"'s type
- * and stores the result at "pResult". Different types may be compared. This
- * may correctly result in cases where Compare(first, second) is not the
- * opposite of Compare(second, first). The PKIX_Int32 value stored at
- * "pResult" will be:
- * Less than 0 if "firstObject" < "secondObject"
- * Equals to 0 if "firstObject" = "secondObject"
- * Greater than 0 if "firstObject" > "secondObject"
- *
- * PARAMETERS:
- * "firstObject"
- * Address of first Object to compare. Must be non-NULL.
- * The ComparatorCallback for this object will be called.
- * "secondObject"
- * Address of second object to compare. Must be non-NULL.
- * "pResult
- * Address where PKIX_Int32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread safety depends on the comparator defined by PKIX_PL_RegisterType().
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Object Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_Compare(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Int32 *pResult,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_Duplicate
- * DESCRIPTION:
- *
- * Creates a duplicate copy of the Object pointed to by "object" using the
- * callback registered for "object"'s type and stores the copy at
- * "pNewObject". Changes to the new object will not affect the original and
- * vice versa.
- *
- * Note that if "object" is immutable, the Duplicate callback function simply
- * needs to increment the reference count on "object" and return a reference
- * to "object".
- *
- * PARAMETERS:
- * "object"
- * Address of Object to be duplicated. Must be non-NULL.
- * The DuplicateCallback for this Object will be called.
- * "pNewObject"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread safety depends on the callback defined by PKIX_PL_RegisterType().
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Object Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_Duplicate(
- PKIX_PL_Object *object,
- PKIX_PL_Object **pNewObject,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_GetType
- * DESCRIPTION:
- *
- * Retrieves the type code of the Object pointed to by "object" and stores it
- * at "pType". See pkixt.h for type codes.
- *
- * PARAMETERS:
- * "object"
- * Address of Object whose type is desired. Must be non-NULL.
- * "pType"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_GetType(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pType,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_Lock
- * DESCRIPTION:
- *
- * Locks the Mutex associated with the Object pointed to by "object". When an
- * object is created, it is associated with an object-specific Mutex to allow
- * for synchronization when the fields of the object are modified.
- *
- * PARAMETERS:
- * "object"
- * Address of Object whose Mutex is to be locked. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_Lock(
- PKIX_PL_Object *object,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Object_Unlock
- * DESCRIPTION:
- *
- * Unlocks the Mutex associated with the Object pointed to by "object". When
- * an object is created, it is associated with an object-specific Mutex to
- * allow for synchronization when the fields of the object are modified.
- *
- * PARAMETERS:
- * "object"
- * Address of Object whose Mutex is to be unlocked. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Object_Unlock(
- PKIX_PL_Object *object,
- void *plContext);
-
-/* mutexes (locks) */
-
-/*
- * FUNCTION: PKIX_PL_Mutex_Create
- * DESCRIPTION:
- *
- * Creates a new Mutex and stores it at "pNewLock".
- *
- * PARAMETERS:
- * "pNewLock"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Mutex_Create(
- PKIX_PL_Mutex **pNewLock,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Mutex_Lock
- * DESCRIPTION:
- *
- * Locks the Mutex pointed to by "lock". If the Mutex is already locked, this
- * function will block the current thread until the mutex can be locked by
- * this thread.
- *
- * PARAMETERS:
- * "lock"
- * Address of Mutex to lock. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Mutex_Lock(
- PKIX_PL_Mutex *lock,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Mutex_Unlock
- * DESCRIPTION:
- *
- * Unlocks the Mutex pointed to by "lock" if the current thread holds the
- * Mutex.
- *
- * PARAMETERS:
- * "lock"
- * Address of Mutex to unlock. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Mutex_Unlock(
- PKIX_PL_Mutex *lock,
- void *plContext);
-
-/* monitor (locks) */
-
-/*
- * FUNCTION: PKIX_PL_MonitorLock_Create
- * DESCRIPTION:
- *
- * Creates a new PKIX_PL_MonitorLock and stores it at "pNewLock".
- *
- * PARAMETERS:
- * "pNewLock"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_MonitorLock_Create(
- PKIX_PL_MonitorLock **pNewLock,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_MonitorLock_Enter
- * DESCRIPTION:
- *
- * Locks the MonitorLock pointed to by "lock". If the MonitorLock is already
- * locked by other thread, this function will block the current thread. If
- * the "lock" had been locked by current thread, this function will NOT block.
- *
- * PARAMETERS:
- * "lock"
- * Address of MonitorLock to lock. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_MonitorLock_Enter(
- PKIX_PL_MonitorLock *lock,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_MonitorLock_Exit
- * DESCRIPTION:
- *
- * Unlocks the MonitorLock pointed to by "lock" if the lock counter of
- * current thread holds the MonitorLock reach 0, the lock is released.
- *
- * PARAMETERS:
- * "lock"
- * Address of MonitorLock to unlock. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_MonitorLock_Exit(
- PKIX_PL_MonitorLock *lock,
- void *plContext);
-
-/* strings and formatted printing */
-
-/*
- * FUNCTION: PKIX_PL_String_Create
- * DESCRIPTION:
- *
- * Creates a new String using the data pointed to by "pString", the
- * PKIX_UInt32 pointed to by "stringLen", and the PKIX_UInt32 pointed to by
- * "fmtIndicator" and stores it at "pString". If the format is PKIX_ESCASCII
- * the "stringLen" parameter is ignored and the string extends until a zero
- * byte is found. Once created, a String object is immutable.
- *
- * Valid formats are:
- * PKIX_ESCASCII
- * PKIX_ESCASCII_DEBUG
- * PKIX_UTF8
- * PKIX_UTF8_NULL_TERM
- * PKIX_UTF16
- *
- * PARAMETERS:
- * "fmtIndicator"
- * Format that "stringRep" is encoded with. Must be non-NULL.
- * "stringRep"
- * Address of encoded string representation. Must be non-NULL.
- * "stringLen"
- * Length of data stored at stringRep.
- * "pString"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a String Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_String_Create(
- PKIX_UInt32 fmtIndicator,
- const void *stringRep,
- PKIX_UInt32 stringLen,
- PKIX_PL_String **pString,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_Sprintf
- * DESCRIPTION:
- *
- * Creates a formatted string at "pOut" using the given format "fmt" and a
- * variable length list of arguments. The format flags are identical to
- * standard C with the exception that %s expects a PKIX_PL_String*, rather
- * than a char *, and that {%d, %i, %o, %u, %x, %X} expect PKIX_UInt32 or
- * PKIX_Int32 instead of int or unsigned int.
- *
- * PARAMETERS:
- * "pOut"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * "fmt"
- * Address of format string. Must be non-NULL.
- * THREAD SAFETY:
- * Not Thread Safe - Caller must have exclusive access to all arguments.
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a String Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Sprintf(
- PKIX_PL_String **pOut,
- void *plContext,
- const PKIX_PL_String *fmt, ...);
-
-/*
- * FUNCTION: PKIX_PL_GetString
- * DESCRIPTION:
- *
- * Retrieves the String associated with the value of "stringID" (if any) and
- * stores it at "pString". If no such string is associated with "stringID",
- * this function uses "defaultString" to create a String and stores it at
- * "pString".
- *
- * PARAMETERS:
- * "stringID"
- * PKIX_UInt32 valud of string identifier.
- * "defaultString"
- * Address of a PKIX_ESCASCII encoded string representation.
- * Must be non-NULL.
- * "pString"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a String Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_GetString(
- PKIX_UInt32 stringID,
- char *defaultString,
- PKIX_PL_String **pString,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_String_GetEncoded
- * DESCRIPTION:
- *
- * Retrieves the value of the String pointed to by "string" in the encoding
- * specified by "fmtIndicator" and stores the result in "pStringRep" and
- * "pLength", respectively. Note that "pStringRep" is not reference counted
- * and will need to be freed with PKIX_PL_Free().
- *
- * PARAMETERS:
- * "string"
- * Address of String whose encoded value is desired. Must be non-NULL.
- * "fmtIndicator"
- * Format of encoding. Supported formats are:
- * PKIX_ESCASCII, PKIX_ESCASII_DEBUG, PKIX_UTF8, PKIX_UTF8_NULL_TERM, and
- * PKIX_UTF16. XXX Where are these documented?
- * "pStringRep"
- * Address where pointer to encoded value will be stored.
- * Must be non-NULL.
- * "pLength"
- * Address where byte length of encoded value will be stored.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a String Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_String_GetEncoded(
- PKIX_PL_String *string,
- PKIX_UInt32 fmtIndicator,
- void **pStringRep,
- PKIX_UInt32 *pLength,
- void *plContext);
-
-/*
- * Hashtable
- *
- * A hashtable is a very efficient data structure used for mapping keys to
- * values. Any non-null PKIX_PL_Object can be used as a key or as a value,
- * provided that it correctly implements the PKIX_PL_EqualsCallback and the
- * PKIX_PL_HashcodeCallback. A hashtable consists of several buckets, with
- * each bucket capable of holding a linked list of key/value mappings. When
- * adding, retrieving, or deleting a value, the hashcode of the key is used to
- * determine which bucket's linked list is relevant. The corresponding
- * key/value pair is then appended, retrieved, or deleted.
- */
-
-/*
- * FUNCTION: PKIX_PL_HashTable_Create
- * DESCRIPTION:
- *
- * Creates a new Hashtable with an initial capacity of "numBuckets" buckets
- * and "maxEntriesPerBucket" of entries limit for each bucket and stores it
- * at "pResult".
- *
- * PARAMETERS:
- * "numBuckets"
- * The initial number of hash table buckets. Must be non-zero.
- * "maxEntriesPerBucket"
- * The limit of entries per bucket. Zero means no limit.
- * "pResult"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_HashTable_Create(
- PKIX_UInt32 numBuckets,
- PKIX_UInt32 maxEntriesPerBucket,
- PKIX_PL_HashTable **pResult,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_HashTable_Add
- * DESCRIPTION:
- *
- * Adds a key/value mapping using the Objects pointed to by "key" and "value"
- * to the Hashtable pointed to by "ht".
- *
- * Function increments key/value reference counts. Caller is responsible to
- * to decrement(destroy) key/value ref counts(objects).
- *
- * PARAMETERS:
- * "ht"
- * Address of Hashtable to be added to. Must be non-NULL.
- * "key"
- * Address of Object to be associated with "value". Must be non-NULL.
- * "value"
- * Address of Object to be added to Hashtable. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "ht"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Hashtable Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_HashTable_Add(
- PKIX_PL_HashTable *ht,
- PKIX_PL_Object *key,
- PKIX_PL_Object *value,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_HashTable_Remove
- * DESCRIPTION:
- *
- * Removes the Object value whose key is equal to the Object pointed to by
- * "key" from the Hashtable pointed to by "ht". If no such object exists,
- * this function throws an Error.
- *
- * Function frees "value" object. Caller is responsible to free "key"
- * object.
- *
- * PARAMETERS:
- * "ht"
- * Address of Hashtable to remove object from. Must be non-NULL.
- * "key"
- * Address of Object used for lookup. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "ht"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Hashtable Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_HashTable_Remove(
- PKIX_PL_HashTable *ht,
- PKIX_PL_Object *key,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_HashTable_Lookup
- * DESCRIPTION:
- *
- * Retrieves the Object whose key equals the Object pointed to by "key" from
- * the Hashtable associated with "ht" and stores it at "pResult". If no
- * Object is found, this function stores NULL at "pResult".
- *
- * PARAMETERS:
- * "ht"
- * Address of Hashtable to lookup Object from. Must be non-NULL.
- * "key"
- * Address of key Object used for lookup. Must be non-NULL.
- * "pResult"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Hashtable Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_HashTable_Lookup(
- PKIX_PL_HashTable *ht,
- PKIX_PL_Object *key,
- PKIX_PL_Object **pResult,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_ByteArray_Create
- * DESCRIPTION:
- *
- * Creates a new ByteArray using "length" bytes of data pointed to by "array"
- * and stores it at "pByteArray". Once created, a ByteArray is immutable.
- *
- * PARAMETERS:
- * "array"
- * Address of source data.
- * "length"
- * Number of bytes to copy.
- * "pByteArray"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_ByteArray_Create(
- void *array,
- PKIX_UInt32 length,
- PKIX_PL_ByteArray **pByteArray,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_ByteArray_GetPointer
- * DESCRIPTION:
- *
- * Allocates enough memory to hold the contents of the ByteArray pointed to
- * by "byteArray", copies the data from the ByteArray pointed to by
- * "byteArray" into the newly allocated memory, and stores a pointer to the
- * memory at "pArray". Note that "pArray" is not reference counted. It will
- * need to be freed with PKIX_PL_Free().
- *
- * PARAMETERS:
- * "byteArray"
- * Address of ByteArray whose data is desired. Must be non-NULL.
- * "pArray"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_ByteArray_GetPointer(
- PKIX_PL_ByteArray *byteArray,
- void **pArray,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_ByteArray_GetLength
- * DESCRIPTION:
- *
- * Retrieves the length of the ByteArray pointed to by "byteArray" and stores
- * the length at "pLength".
- *
- * PARAMETERS:
- * "byteArray"
- * Address of ByteArray whose length is desired. Must be non-NULL.
- * "pLength"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_ByteArray_GetLength(
- PKIX_PL_ByteArray *byteArray,
- PKIX_UInt32 *pLength,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_OID_Create
- * DESCRIPTION:
- *
- * Creates a new OID using NSS oid tag.
- *
- * PARAMETERS:
- * "idtag"
- * nss oid id tag.
- * "pOID"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an OID Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_OID_Create(
- SECOidTag idtag,
- PKIX_PL_OID **pOID,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_OID_CreateBySECItem
- * DESCRIPTION:
- *
- * Creates a new OID using a DER encoded OID stored as SECItem.
- *
- * PARAMETERS:
- * "derOid"
- * Address of SECItem that holds DER encoded OID.
- * "pOID"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an OID Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_OID_CreateBySECItem(
- SECItem *derOid,
- PKIX_PL_OID **pOID,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_BigInt_Create
- * DESCRIPTION:
- *
- * Creates a new BigInt using the source String pointed to by "stringRep" and
- * stores it at "pBigInt". Valid source Strings consist of an even number of
- * hexadecimal digits, which are always interpreted as a positive number.
- * Once created, a BigInt is immutable.
- *
- * The regexp format is:
- * HexDigit ::= [0-9] | [A-F] | [a-f]
- * DoubleHex ::= HexDigit HexDigit
- * BigIntSrc ::= (DoubleHex)+
- *
- * Note that since we are using DoubleHex, the number of characters in the
- * source MUST be even. Additionally, the first DoubleHex MUST NOT be "00"
- * unless it is the only DoubleHex.
- *
- * Valid : "09"
- * Valid : "00" (special case where first and only DoubleHex is "00")
- * Invalid: "9" (not DoubleHex: odd number of characters)
- * Invalid: "0009" (first DoubleHex is "00")
- *
- * XXX Why does this take a String object while OID_Create takes a char* ?
- * Perhaps because OID_Create is often used with constant strings and
- * this function isn't. That's a good reason, but we should explain it
- * (if it's right)
- * PARAMETERS:
- * "stringRep"
- * Address of String representing a BigInt. Must be non-NULL.
- * "pBigInt"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a BigInt Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_BigInt_Create(
- PKIX_PL_String *stringRep,
- PKIX_PL_BigInt **pBigInt,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-/*
- * FUNCTION: PKIX_PL_GetPLErrorCode
- * DESCRIPTION:
- *
- * Returns error code from PL layer.
- *
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * PL layer error code.
- */
-int
-PKIX_PL_GetPLErrorCode();
-
-#endif /* _LIBPKIX_SYSTEM_H */
diff --git a/security/nss/lib/libpkix/include/pkix_results.h b/security/nss/lib/libpkix/include/pkix_results.h
deleted file mode 100755
index ea9e77883..000000000
--- a/security/nss/lib/libpkix/include/pkix_results.h
+++ /dev/null
@@ -1,458 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines functions associated with the results used
- * by the top-level functions.
- *
- */
-
-#ifndef _PKIX_RESULTS_H
-#define _PKIX_RESULTS_H
-
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-/* PKIX_ValidateResult
- *
- * PKIX_ValidateResult represents the result of a PKIX_ValidateChain call. It
- * consists of the valid policy tree and public key resulting from validation,
- * as well as the trust anchor used for this chain. Once created, a
- * ValidateResult object is immutable.
- */
-
-/*
- * FUNCTION: PKIX_ValidateResult_GetPolicyTree
- * DESCRIPTION:
- *
- * Retrieves the PolicyNode component (representing the valid_policy_tree)
- * from the ValidateResult object pointed to by "result" and stores it at
- * "pPolicyTree".
- *
- * PARAMETERS:
- * "result"
- * Address of ValidateResult whose policy tree is to be stored. Must be
- * non-NULL.
- * "pPolicyTree"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ValidateResult_GetPolicyTree(
- PKIX_ValidateResult *result,
- PKIX_PolicyNode **pPolicyTree,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ValidateResult_GetPublicKey
- * DESCRIPTION:
- *
- * Retrieves the PublicKey component (representing the valid public_key) of
- * the ValidateResult object pointed to by "result" and stores it at
- * "pPublicKey".
- *
- * PARAMETERS:
- * "result"
- * Address of ValidateResult whose public key is to be stored.
- * Must be non-NULL.
- * "pPublicKey"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ValidateResult_GetPublicKey(
- PKIX_ValidateResult *result,
- PKIX_PL_PublicKey **pPublicKey,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_ValidateResult_GetTrustAnchor
- * DESCRIPTION:
- *
- * Retrieves the TrustAnchor component (representing the trust anchor used
- * during chain validation) of the ValidateResult object pointed to by
- * "result" and stores it at "pTrustAnchor".
- *
- * PARAMETERS:
- * "result"
- * Address of ValidateResult whose trust anchor is to be stored.
- * Must be non-NULL.
- * "pTrustAnchor"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_ValidateResult_GetTrustAnchor(
- PKIX_ValidateResult *result,
- PKIX_TrustAnchor **pTrustAnchor,
- void *plContext);
-
-/* PKIX_BuildResult
- *
- * PKIX_BuildResult represents the result of a PKIX_BuildChain call. It
- * consists of a ValidateResult object, as well as the built and validated
- * CertChain. Once created, a BuildResult object is immutable.
- */
-
-/*
- * FUNCTION: PKIX_BuildResult_GetValidateResult
- * DESCRIPTION:
- *
- * Retrieves the ValidateResult component (representing the build's validate
- * result) of the BuildResult object pointed to by "result" and stores it at
- * "pResult".
- *
- * PARAMETERS:
- * "result"
- * Address of BuildResult whose ValidateResult component is to be stored.
- * Must be non-NULL.
- * "pResult"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_BuildResult_GetValidateResult(
- PKIX_BuildResult *result,
- PKIX_ValidateResult **pResult,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_BuildResult_GetCertChain
- * DESCRIPTION:
- *
- * Retrieves the List of Certs (certChain) component (representing the built
- * and validated CertChain) of the BuildResult object pointed to by "result"
- * and stores it at "pChain".
- *
- * PARAMETERS:
- * "result"
- * Address of BuildResult whose CertChain component is to be stored.
- * Must be non-NULL.
- * "pChain"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_BuildResult_GetCertChain(
- PKIX_BuildResult *result,
- PKIX_List **pChain,
- void *plContext);
-
-/* PKIX_PolicyNode
- *
- * PKIX_PolicyNode represents a node in the policy tree returned in
- * ValidateResult. The policy tree is the same length as the validated
- * certificate chain and the nodes are associated with a particular depth
- * (corresponding to a particular certificate in the chain).
- * PKIX_ValidateResult_GetPolicyTree returns the root node of the valid policy
- * tree. Other nodes can be accessed using the getChildren and getParents
- * functions, and individual elements of a node can be accessed with the
- * appropriate gettors. Once created, a PolicyNode is immutable.
- */
-
-/*
- * FUNCTION: PKIX_PolicyNode_GetChildren
- * DESCRIPTION:
- *
- * Retrieves the List of PolicyNodes representing the child nodes of the
- * Policy Node pointed to by "node" and stores it at "pChildren". If "node"
- * has no child nodes, this function stores an empty List at "pChildren".
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "node"
- * Address of PolicyNode whose child nodes are to be stored.
- * Must be non-NULL.
- * "pChildren"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PolicyNode_GetChildren(
- PKIX_PolicyNode *node,
- PKIX_List **pChildren, /* list of PKIX_PolicyNode */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PolicyNode_GetParent
- * DESCRIPTION:
- *
- * Retrieves the PolicyNode representing the parent node of the PolicyNode
- * pointed to by "node" and stores it at "pParent". If "node" has no parent
- * node, this function stores NULL at "pParent".
- *
- * PARAMETERS:
- * "node"
- * Address of PolicyNode whose parent node is to be stored.
- * Must be non-NULL.
- * "pParent"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PolicyNode_GetParent(
- PKIX_PolicyNode *node,
- PKIX_PolicyNode **pParent,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PolicyNode_GetValidPolicy
- * DESCRIPTION:
- *
- * Retrieves the OID representing the valid policy of the PolicyNode pointed
- * to by "node" and stores it at "pValidPolicy".
- *
- * PARAMETERS:
- * "node"
- * Address of PolicyNode whose valid policy is to be stored.
- * Must be non-NULL.
- * "pValidPolicy"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PolicyNode_GetValidPolicy(
- PKIX_PolicyNode *node,
- PKIX_PL_OID **pValidPolicy,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PolicyNode_GetPolicyQualifiers
- * DESCRIPTION:
- *
- * Retrieves the List of CertPolicyQualifiers representing the policy
- * qualifiers associated with the PolicyNode pointed to by "node" and stores
- * it at "pQualifiers". If "node" has no policy qualifiers, this function
- * stores an empty List at "pQualifiers".
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "node"
- * Address of PolicyNode whose policy qualifiers are to be stored.
- * Must be non-NULL.
- * "pQualifiers"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PolicyNode_GetPolicyQualifiers(
- PKIX_PolicyNode *node,
- PKIX_List **pQualifiers, /* list of PKIX_PL_CertPolicyQualifier */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PolicyNode_GetExpectedPolicies
- * DESCRIPTION:
- *
- * Retrieves the List of OIDs representing the expected policies associated
- * with the PolicyNode pointed to by "node" and stores it at "pExpPolicies".
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "node"
- * Address of PolicyNode whose expected policies are to be stored.
- * Must be non-NULL.
- * "pExpPolicies"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PolicyNode_GetExpectedPolicies(
- PKIX_PolicyNode *node,
- PKIX_List **pExpPolicies, /* list of PKIX_PL_OID */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PolicyNode_IsCritical
- * DESCRIPTION:
- *
- * Checks the criticality field of the PolicyNode pointed to by "node" and
- * stores the Boolean result at "pCritical".
- *
- * PARAMETERS:
- * "node"
- * Address of PolicyNode whose criticality field is examined.
- * Must be non-NULL.
- * "pCritical"
- * Address where Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PolicyNode_IsCritical(
- PKIX_PolicyNode *node,
- PKIX_Boolean *pCritical,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PolicyNode_GetDepth
- * DESCRIPTION:
- *
- * Retrieves the depth component of the PolicyNode pointed to by "node" and
- * stores it at "pDepth".
- *
- * PARAMETERS:
- * "node"
- * Address of PolicyNode whose depth component is to be stored.
- * Must be non-NULL.
- * "pDepth"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Result Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PolicyNode_GetDepth(
- PKIX_PolicyNode *node,
- PKIX_UInt32 *pDepth,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_RESULTS_H */
diff --git a/security/nss/lib/libpkix/include/pkix_revchecker.h b/security/nss/lib/libpkix/include/pkix_revchecker.h
deleted file mode 100755
index 261f7859e..000000000
--- a/security/nss/lib/libpkix/include/pkix_revchecker.h
+++ /dev/null
@@ -1,250 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines functions associated with the PKIX_RevocationChecker
- * type.
- *
- */
-
-#ifndef _PKIX_REVCHECKER_H
-#define _PKIX_REVCHECKER_H
-
-#include "pkixt.h"
-#include "pkix_pl_pki.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/* PKIX_RevocationChecker
- *
- * PKIX_RevocationChecker provides a standard way of revocation checking.
- * Caller should configure two set of tests(represented at lists of
- * RevocationMethod objects) to be performed on the leaf and on the rest of
- * the chain certificates.
- *
- * PKIX_RevocationMethods provide a standard way for the caller to insert
- * their own custom revocation checks to verify the revocation status of
- * certificates. This may be useful in many scenarios, including when the
- * caller wishes to use their own revocation checking mechanism instead of (or
- * in addition to) the default revocation checking mechanism provided by
- * libpkix, which uses CRLs and OCSP.
- *
- * Once the caller has created the RevocationMethod object(s), the caller
- * then specifies the RevocationMethod object(s) in a RevocationCheck object
- * and sets it into a ProcessingParams.
- */
-
-/*
- * FUNCTION: PKIX_RevocationChecker_Create
- * DESCRIPTION:
- *
- * Creates revocation checker object with a given flags.
- *
- * PARAMETERS:
- * "revDate"
- * Revocation will be checked at this date. Current date is taken if the
- * parameter is not specified.
- * "leafMethodListFlags"
- * Defines a set of method independent flags that will be used to check
- * revocation of the leaf cert in the chain.
- * "chainMethodListFlags"
- * Defines a set of method independent flags that will be used to check
- * revocation of the remaining certs in the chain.
- * "pChecker"
- * The return address of created checker.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same objects.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a RevocationChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_RevocationChecker_Create(
- PKIX_UInt32 leafMethodListFlags,
- PKIX_UInt32 chainMethodListFlags,
- PKIX_RevocationChecker **pChecker,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_RevocationChecker_CreateAndAddMethod
- * DESCRIPTION:
- *
- * Creates revocation method object with given parameters and adds it
- * to revocation checker method list.
- *
- * PARAMETERS:
- * "revChecker"
- * Address of revocation checker structure.
- * "procParams"
- * Address of ProcessingParams used to initialize the checker.
- * Must be non-NULL.
- * "methodType"
- * Type of the method. Currently only two types are
- * supported: crl and ocsp. (See PKIX_RevocationMethodType enum).
- * "methodFlags"
- * Set of flags for the method.
- * "methodPriority"
- * Method priority. (0 corresponds to a highest priority)
- * "verificationFn"
- * User call back function that will perform validation of fetched
- * revocation information(new crl or ocsp response)
- * "isLeafMethod"
- * Boolean flag that if set to true indicates that the method should
- * should be used for leaf cert revocation test(false for chain set
- * methods).
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same objects.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a RevocationChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_RevocationChecker_CreateAndAddMethod(
- PKIX_RevocationChecker *revChecker,
- PKIX_ProcessingParams *params,
- PKIX_RevocationMethodType methodType,
- PKIX_UInt32 methodFlags,
- PKIX_UInt32 mathodPriority,
- PKIX_PL_VerifyCallback verificationFn,
- PKIX_Boolean isLeafMethod,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_RevocationChecker_Check
- * DESCRIPTION:
- *
- * Verifies revocation status of the certificate. Issuer cert is given to
- * be used in verification of revocation information. Performed verification
- * check depends on configured revocation methods(ocsp, crl. See
- * PKIX_RevocationChecker_CreateAndAddMethod function) and a point of chain
- * building process at which PKIX_RevocationChecker_Check was invoked.
- * For security reasons, the cert status is checked only against cached
- * revocation information during chain building stage(no trust anchor yes has
- * been found). The fresh revocation information fetching is done only at chain
- * verification stage after trust anchor was identified.
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert whose revocation status is to be determined.
- * Must be non-NULL.
- * "issuer"
- * Issuer cert that potentially holds public key that will be used
- * to verify revocation info.
- * "revChecker"
- * Address of revocation checker structure.
- * "procParams"
- * Address of ProcessingParams used to initialize the checker.
- * Must be non-NULL.
- * "chainVerificationState"
- * Need to be set to true, if the check was called during chain verification
- * as an opposite to chain building.
- * "testingLeafCert"
- * Set to true if verifying revocation status of a leaf cert.
- * "revStatus"
- * Address of the returned revocation status of the cert.
- * "pResultCode"
- * Address where revocation status will be stored. Must be non-NULL.
- * "pNBIOContext"
- * Address at which platform-dependent non-blocking I/O context is stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same objects.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a RevocationChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_RevocationChecker_Check(PKIX_PL_Cert *cert,
- PKIX_PL_Cert *issuer,
- PKIX_RevocationChecker *revChecker,
- PKIX_ProcessingParams *procParams,
- PKIX_Boolean chainVerificationState,
- PKIX_Boolean testingLeafCert,
- PKIX_RevocationStatus *revStatus,
- PKIX_UInt32 *pReasonCode,
- void **pNbioContext,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_REVCHECKER_H */
diff --git a/security/nss/lib/libpkix/include/pkix_sample_modules.h b/security/nss/lib/libpkix/include/pkix_sample_modules.h
deleted file mode 100755
index c0c6098ce..000000000
--- a/security/nss/lib/libpkix/include/pkix_sample_modules.h
+++ /dev/null
@@ -1,451 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines functions associated with CertStore types.
- *
- */
-
-
-#ifndef _PKIX_SAMPLEMODULES_H
-#define _PKIX_SAMPLEMODULES_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/* PKIX_PL_CollectionCertStore
- *
- * A PKIX_CollectionCertStore provides an example for showing how to retrieve
- * certificates and CRLs from a repository, such as a directory in the system.
- * It is expected the directory is an absolute directory which contains CRL
- * and Cert data files. CRL files are expected to have the suffix of .crl
- * and Cert files are expected to have the suffix of .crt .
- *
- * Once the caller has created the CollectionCertStoreContext object, the caller
- * then can call pkix_pl_CollectionCertStore_GetCert or
- * pkix_pl_CollectionCertStore_GetCRL to obtain Lists of PKIX_PL_Cert or
- * PKIX_PL_CRL objects, respectively.
- */
-
-/*
- * FUNCTION: PKIX_PL_CollectionCertStore_Create
- * DESCRIPTION:
- *
- * Creates a new CollectionCertStore and returns it at
- * "pColCertStore".
- *
- * PARAMETERS:
- * "storeDir"
- * The absolute path where *.crl files are located.
- * "pColCertStoreContext"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CollectionCertStoreContext Error if the function fails in
- * a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_CollectionCertStore_Create(
- PKIX_PL_String *storeDir,
- PKIX_CertStore **pCertStore,
- void *plContext);
-
-/* PKIX_PL_PK11CertStore
- *
- * A PKIX_PL_PK11CertStore retrieves certificates and CRLs from a PKCS11
- * database. The directory that contains the cert8.db, key3.db, and secmod.db
- * files that comprise a PKCS11 database are specified in NSS initialization.
- *
- * Once the caller has created the Pk11CertStore object, the caller can call
- * pkix_pl_Pk11CertStore_GetCert or pkix_pl_Pk11CertStore_GetCert to obtain
- * a List of PKIX_PL_Certs or PKIX_PL_CRL objects, respectively.
- */
-
-/*
- * FUNCTION: PKIX_PL_Pk11CertStore_Create
- * DESCRIPTION:
- *
- * Creates a new Pk11CertStore and returns it at "pPk11CertStore".
- *
- * PARAMETERS:
- * "pPk11CertStore"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_Pk11CertStore_Create(
- PKIX_CertStore **pPk11CertStore,
- void *plContext);
-
-/* PKIX_PL_LdapCertStore
- *
- * A PKIX_PL_LdapCertStore retrieves certificates and CRLs from an LDAP server
- * over a socket connection. It used the LDAP protocol as described in RFC1777.
- *
- * Once the caller has created the LdapCertStore object, the caller can call
- * pkix_pl_LdapCertStore_GetCert or pkix_pl_LdapCertStore_GetCert to obtain
- * a List of PKIX_PL_Certs or PKIX_PL_CRL objects, respectively.
- */
-
-/*
- * FUNCTION: PKIX_PL_LdapDefaultClient_Create
- * DESCRIPTION:
- *
- * Creates an LdapDefaultClient using the PRNetAddr poined to by "sockaddr",
- * with a timeout value of "timeout", and a BindAPI pointed to by "bindAPI";
- * and stores the address of the default LdapClient at "pClient".
- *
- * At the time of this version, there are unresolved questions about the LDAP
- * protocol. Although RFC1777 describes a BIND and UNBIND message, it is not
- * clear whether they are appropriate to this application. We have tested only
- * using servers that do not expect authentication, and that reject BIND
- * messages. It is not clear what values might be appropriate for the bindname
- * and authentication fields, which are currently implemented as char strings
- * supplied by the caller. (If this changes, the API and possibly the templates
- * will have to change.) Therefore the Client_Create API contains a BindAPI
- * structure, a union, which will have to be revised and extended when this
- * area of the protocol is better understood.
- *
- * PARAMETERS:
- * "sockaddr"
- * Address of the PRNetAddr to be used for the socket connection. Must be
- * non-NULL.
- * "timeout"
- * The PRIntervalTime value to be used as a timeout value in socket calls;
- * a zero value indicates non-blocking I/O is to be used.
- * "bindAPI"
- * The address of a BindAPI to be used if a BIND message is required. If
- * this argument is NULL, no Bind (or Unbind) will be sent.
- * "pClient"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_LdapDefaultClient_Create(
- PRNetAddr *sockaddr,
- PRIntervalTime timeout,
- LDAPBindAPI *bindAPI,
- PKIX_PL_LdapDefaultClient **pClient,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_LdapDefaultClient_CreateByName
- * DESCRIPTION:
- *
- * Creates an LdapDefaultClient using the hostname poined to by "hostname",
- * with a timeout value of "timeout", and a BindAPI pointed to by "bindAPI";
- * and stores the address of the default LdapClient at "pClient".
- *
- * At the time of this version, there are unresolved questions about the LDAP
- * protocol. Although RFC1777 describes a BIND and UNBIND message, it is not
- * clear whether they are appropriate to this application. We have tested only
- * using servers that do not expect authentication, and that reject BIND
- * messages. It is not clear what values might be appropriate for the bindname
- * and authentication fields, which are currently implemented as char strings
- * supplied by the caller. (If this changes, the API and possibly the templates
- * will have to change.) Therefore the Client_Create API contains a BindAPI
- * structure, a union, which will have to be revised and extended when this
- * area of the protocol is better understood.
- *
- * PARAMETERS:
- * "hostname"
- * Address of the hostname to be used for the socket connection. Must be
- * non-NULL.
- * "timeout"
- * The PRIntervalTime value to be used as a timeout value in socket calls;
- * a zero value indicates non-blocking I/O is to be used.
- * "bindAPI"
- * The address of a BindAPI to be used if a BIND message is required. If
- * this argument is NULL, no Bind (or Unbind) will be sent.
- * "pClient"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_LdapDefaultClient_CreateByName(
- char *hostname,
- PRIntervalTime timeout,
- LDAPBindAPI *bindAPI,
- PKIX_PL_LdapDefaultClient **pClient,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_LdapCertStore_Create
- * DESCRIPTION:
- *
- * Creates a new LdapCertStore using the LdapClient pointed to by "client",
- * and stores the address of the CertStore at "pCertStore".
- *
- * PARAMETERS:
- * "client"
- * Address of the LdapClient to be used. Must be non-NULL.
- * "pCertStore"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_LdapCertStore_Create(
- PKIX_PL_LdapClient *client,
- PKIX_CertStore **pCertStore,
- void *plContext);
-
-/* PKIX_PL_NssContext
- *
- * A PKIX_PL_NssContext provides an example showing how the "plContext"
- * argument, that is part of every libpkix function call, can be used.
- * The "plContext" is the Portability Layer Context, which can be used
- * to communicate layer-specific information from the application to the
- * underlying Portability Layer (while bypassing the Portable Code, which
- * blindly passes the plContext on to every function call).
- *
- * In this case, NSS serves as both the application and the Portability Layer.
- * We define an NSS-specific structure, which includes an arena and a number
- * of SECCertificateUsage bit flags encoded as a PKIX_UInt32. A third argument,
- * wincx, is used on Windows platforms for PKCS11 access, and should be set to
- * NULL for other platforms.
- * Before calling any of the libpkix functions, the caller should create the NSS
- * context, by calling PKIX_PL_NssContext_Create, and provide that NSS context
- * as the "plContext" argument in every libpkix function call the caller makes.
- * When the caller is finished using the NSS context (usually just after he
- * calls PKIX_Shutdown), the caller should call PKIX_PL_NssContext_Destroy to
- * free the NSS context structure.
- */
-
-/*
- * FUNCTION: PKIX_PL_NssContext_Create
- * DESCRIPTION:
- *
- * Creates a new NssContext using the certificate usage(s) specified by
- * "certUsage" and stores it at "pNssContext". This function also internally
- * creates an arena and stores it as part of the NssContext structure. Unlike
- * most other libpkix API functions, this function does not take a "plContext"
- * parameter.
- *
- * PARAMETERS:
- * "certUsage"
- * The desired SECCertificateUsage(s).
- * "useNssArena"
- * Boolean flag indicates NSS Arena is used for memory allocation.
- * "wincx"
- * A Windows-dependent pointer for PKCS11 token handling.
- * "pNssContext"
- * Address where object pointer will be stored. Must be non-NULL.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Context Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_NssContext_Create(
- PKIX_UInt32 certificateUsage,
- PKIX_Boolean useNssArena,
- void *wincx,
- void **pNssContext);
-
-/*
- * FUNCTION: PKIX_PL_NssContext_Destroy
- * DESCRIPTION:
- *
- * Frees the structure pointed to by "nssContext" along with any of its
- * associated memory. Unlike most other libpkix API functions, this function
- * does not take a "plContext" parameter.
- *
- * PARAMETERS:
- * "nssContext"
- * Address of NssContext to be destroyed. Must be non-NULL.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Context Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_NssContext_Destroy(
- void *nssContext);
-
-/*
- * FUNCTION: PKIX_PL_NssContext_SetTimeout
- * DESCRIPTION:
- *
- * Sets IO timeout for network operations like OCSP response and cert
- * fetching.
- *
- * PARAMETERS:
- * "nssContext"
- * Address of NssContext to be destroyed. Must be non-NULL.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Context Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_NssContext_SetTimeout(PKIX_UInt32 timeout, PKIX_PL_NssContext *nssContext);
-
-/*
- * FUNCTION: PKIX_PL_NssContext_SetMaxResponseLen
- * DESCRIPTION:
- *
- * Sets maximum responce length allowed during network IO operations.
- *
- * PARAMETERS:
- * "nssContext"
- * Address of NssContext to be destroyed. Must be non-NULL.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Context Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_NssContext_SetMaxResponseLen(PKIX_UInt32 len, PKIX_PL_NssContext *nssContext);
-
-/*
- * FUNCTION: PKIX_PL_NssContext_SetCrlReloadDelay
- * DESCRIPTION:
- *
- * Sets user defined timeout between attempts to load crl using
- * CRLDP.
- *
- * PARAMETERS:
- * "delaySeconds"
- * Reload delay in seconds.
- * "nssContext"
- * Address of NssContext to be destroyed. Must be non-NULL.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Context Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_NssContext_SetCrlReloadDelay(PKIX_UInt32 delaySeconds,
- PKIX_PL_NssContext *nssContext);
-
-/*
- * FUNCTION: PKIX_PL_NssContext_SetBadDerCrlReloadDelay
- * DESCRIPTION:
- *
- * Sets user defined timeout between attempts to load crls
- * that failed to decode.
- *
- * PARAMETERS:
- * "delaySeconds"
- * Reload delay in seconds.
- * "nssContext"
- * Address of NssContext to be destroyed. Must be non-NULL.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Context Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_NssContext_SetBadDerCrlReloadDelay(PKIX_UInt32 delaySeconds,
- PKIX_PL_NssContext *nssContext);
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_SAMPLEMODULES_H */
diff --git a/security/nss/lib/libpkix/include/pkix_util.h b/security/nss/lib/libpkix/include/pkix_util.h
deleted file mode 100755
index 619c9c05d..000000000
--- a/security/nss/lib/libpkix/include/pkix_util.h
+++ /dev/null
@@ -1,974 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * These functions provide support for a number of other functions
- * by creating and manipulating data structures used by those functions.
- *
- */
-
-#ifndef _PKIX_UTIL_H
-#define _PKIX_UTIL_H
-
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* General
- *
- * Please refer to the libpkix Programmer's Guide for detailed information
- * about how to use the libpkix library. Certain key warnings and notices from
- * that document are repeated here for emphasis.
- *
- * All identifiers in this file (and all public identifiers defined in
- * libpkix) begin with "PKIX_". Private identifiers only intended for use
- * within the library begin with "pkix_".
- *
- * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
- *
- * Unless otherwise noted, for all accessor (gettor) functions that return a
- * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
- * shared object. Therefore, the caller should treat this shared object as
- * read-only and should not modify this shared object. When done using the
- * shared object, the caller should release the reference to the object by
- * using the PKIX_PL_Object_DecRef function.
- *
- * While a function is executing, if its arguments (or anything referred to by
- * its arguments) are modified, free'd, or destroyed, the function's behavior
- * is undefined.
- *
- */
-
-/* PKIX_Logger
- *
- * PKIX_Loggers provide a standard way for the caller to insert custom logging
- * facilities. These are used by libpkix to log errors, debug information,
- * status, etc. The LogCallback allows custom logging to take place.
- * Additionally, a Logger can be initialized with a loggerContext, which is
- * where the caller can specify configuration data such as the name of a
- * logfile or database. Note that this loggerContext must be a PKIX_PL_Object,
- * allowing it to be reference-counted and allowing it to provide the standard
- * PKIX_PL_Object functions (Equals, Hashcode, ToString, Compare, Duplicate).
- *
- * Once the caller has created the Logger object(s) (and set the loggerContext
- * (if any) and the Log callback), the caller then registers these Loggers
- * with the system by calling PKIX_SetLoggers or PKIX_AddLogger. All log
- * entries will then be logged using the specified Loggers. If multiple
- * Loggers are specified, every log entry will be logged with each of them.
- *
- * XXX Maybe give some guidance somewhere on how much detail each logging
- * level should have and where component boundaries should be. Maybe in
- * Implementor's Guide or Programmer's Guide.
- */
-
-#define PKIX_LOGGER_LEVEL_TRACE 5
-#define PKIX_LOGGER_LEVEL_DEBUG 4
-#define PKIX_LOGGER_LEVEL_WARNING 3
-#define PKIX_LOGGER_LEVEL_ERROR 2
-#define PKIX_LOGGER_LEVEL_FATALERROR 1
-
-#define PKIX_LOGGER_LEVEL_MAX 5
-
-/*
- * FUNCTION: PKIX_Logger_LogCallback
- * DESCRIPTION:
- *
- * This callback function logs a log entry containing the String pointed to
- * by "message", the integer value of logLevel, and the String pointed to by
- * "logComponent". A log entry can be associated with a particular log
- * level (i.e. level 3) and a particular log component (i.e. "CertStore").
- * For example, someone reading the log may only be interested in very general
- * log entries so they look only for log level 1. Similarly, they may only be
- * interested in log entries pertaining to the CertStore component so they
- * look only for that log component. This function can be used before calling
- * PKIX_Initialize.
- *
- * PARAMETERS:
- * "logger"
- * Address of logger whose LogCallback is to be used. Must be non-NULL.
- * "message"
- * Address of String that is to be logged used "logger". Must be non-NULL.
- * "logLevel"
- * Integer value representing the log level for this entry. The higher the
- * level, the more detail. Must be non-NULL.
- * "logComponent"
- * PKIXERRORNUM value (defined in pkixt.h) designating the log component
- * for this entry.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe
- *
- * Multiple threads must be able to safely call this function without
- * worrying about conflicts, even if they're operating on the same objects.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-typedef PKIX_Error *
-(*PKIX_Logger_LogCallback)(
- PKIX_Logger *logger,
- PKIX_PL_String *message,
- PKIX_UInt32 logLevel,
- PKIX_ERRORCLASS logComponent,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Logger_Create
- * DESCRIPTION:
- *
- * Creates a new Logger using the Object pointed to by "loggerContext"
- * (if any) and stores it at "pLogger". The new Logger uses the LogCallback
- * pointed to by "callback". The Logger's maximum logging level is initially
- * set to a very high level and its logging component is set to NULL (all
- * components).
- *
- * PARAMETERS:
- * "callback"
- * The LogCallback function to be used. Must be non-NULL.
- * "loggerContext"
- * Address of Object representing the Logger's context (if any).
- * "pLogger"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Logger_Create(
- PKIX_Logger_LogCallback callback,
- PKIX_PL_Object *loggerContext,
- PKIX_Logger **pLogger,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Logger_GetLogCallback
- * DESCRIPTION:
- *
- * Retrieves a pointer to "logger's" Log callback function and puts it in
- * "pCallback".
- *
- * PARAMETERS:
- * "logger"
- * Address of Logger whose Log callback is desired. Must be non-NULL.
- * "pCallback"
- * Address where Log callback function pointer will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Logger_GetLogCallback(
- PKIX_Logger *logger,
- PKIX_Logger_LogCallback *pCallback,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Logger_GetLoggerContext
- * DESCRIPTION:
- *
- * Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
- * of the Logger pointed to by "logger" and stores it at "pLoggerContext".
- *
- * PARAMETERS:
- * "logger"
- * Address of Logger whose context is to be stored. Must be non-NULL.
- * "pLoggerContext"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Logger_GetLoggerContext(
- PKIX_Logger *logger,
- PKIX_PL_Object **pLoggerContext,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Logger_GetMaxLoggingLevel
- * DESCRIPTION:
- *
- * Retrieves a pointer to a PKIX_UInt32 representing the maximum logging
- * level of the Logger pointed to by "logger" and stores it at "pLevel". Only
- * log entries whose log level is less than or equal to this maximum logging
- * level will be logged.
- *
- * PARAMETERS:
- * "logger"
- * Address of Logger whose maximum logging level is to be stored.
- * Must be non-NULL.
- * "pLevel"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Logger_GetMaxLoggingLevel(
- PKIX_Logger *logger,
- PKIX_UInt32 *pLevel,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Logger_SetMaxLoggingLevel
- * DESCRIPTION:
- *
- * Sets the maximum logging level of the Logger pointed to by "logger" with
- * the integer value of "level".
- *
- * PARAMETERS:
- * "logger"
- * Address of Logger whose maximum logging level is to be set.
- * Must be non-NULL.
- * "level"
- * Maximum logging level to be set
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "logger"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Logger_SetMaxLoggingLevel(
- PKIX_Logger *logger,
- PKIX_UInt32 level,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Logger_GetLoggingComponent
- * DESCRIPTION:
- *
- * Retrieves a pointer to a String representing the logging component of the
- * Logger pointed to by "logger" and stores it at "pComponent". Only log
- * entries whose log component matches the specified logging component will
- * be logged.
- *
- * PARAMETERS:
- * "logger"
- * Address of Logger whose logging component is to be stored.
- * Must be non-NULL.
- * "pComponent"
- * Address where PKIXERRORNUM will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Logger_GetLoggingComponent(
- PKIX_Logger *logger,
- PKIX_ERRORCLASS *pComponent,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Logger_SetLoggingComponent
- * DESCRIPTION:
- *
- * Sets the logging component of the Logger pointed to by "logger" with the
- * PKIXERRORNUM pointed to by "component". To match a small set of components,
- * create a Logger for each.
- *
- * PARAMETERS:
- * "logger"
- * Address of Logger whose logging component is to be set.
- * Must be non-NULL.
- * "component"
- * PKIXERRORNUM value representing logging component to be set.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "logger"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Logger_SetLoggingComponent(
- PKIX_Logger *logger,
- PKIX_ERRORCLASS component,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_GetLoggers
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of Loggers (if any) being used for logging
- * by libpkix and stores it at "pLoggers". If no loggers are being used, this
- * function stores an empty List at "pLoggers".
- *
- * Note that the List returned by this function is immutable.
- *
- * PARAMETERS:
- * "pLoggers"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_GetLoggers(
- PKIX_List **pLoggers, /* list of PKIX_Logger */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_SetLoggers
- * DESCRIPTION:
- *
- * Sets the Loggers to be used by libpkix to the List of Loggers pointed to
- * by "loggers". If "loggers" is NULL, no Loggers will be used.
- *
- * PARAMETERS:
- * "loggers"
- * Address of List of Loggers to be set. NULL for no Loggers.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_SetLoggers(
- PKIX_List *loggers, /* list of PKIX_Logger */
- void *plContext);
-
-/*
- * FUNCTION: PKIX_AddLogger
- * DESCRIPTION:
- *
- * Adds the Logger pointed to by "logger" to the List of Loggers used by
- * libpkix.
- *
- * PARAMETERS:
- * "logger"
- * Address of Logger to be added. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Logger Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_AddLogger(
- PKIX_Logger *logger,
- void *plContext);
-
-/* Functions pertaining to the PKIX_Error type */
-
-/* Error
- *
- * An Error object is returned by a function upon encountering some error
- * condition. Each Error is associated with an errorCode specified in pkixt.h.
- * The remaining components of an Error are optional. An Error's description
- * specifies a text message describing the Error. An Error's supplementary info
- * specifies additional information that might be useful. Finally, an Error's
- * cause specifies the underlying Error (if any) that resulted in this Error
- * being returned, thereby allowing Errors to be chained so that an entire
- * "error stack trace" can be represented. Once created, an Error is immutable.
- *
- * Note that the Error's supplementary info must be an Object (although any
- * object type), allowing it to be reference-counted and allowing it to
- * provide the standard Object functions (Equals, Hashcode, ToString, Compare,
- * Duplicate).
- *
- * Errors are classified as either being fatal or non-fatal. If a function
- * fails in an unrecoverable way, it returns an Error whose errorCode is
- * PKIX_FATAL_ERROR. If such an error is encountered, the caller should
- * not attempt to recover since something seriously wrong has happened
- * (e.g. corrupted memory, memory finished, etc.). All other errorCodes
- * are considered non-fatal errors and can be handled by the caller as they
- * see fit.
- */
-
-/*
- * FUNCTION: PKIX_Error_Create
- * DESCRIPTION:
- *
- * Creates a new Error using the value of "errorCode", the Error pointed to by
- * "cause" (if any), the Object pointed to by "info" (if any), and the String
- * pointed to by "desc" and stores it at "pError". If any error occurs during
- * error allocation, it will be returned without chaining, since new errors
- * cannot be created. Once created, an Error is immutable.
- *
- * PARAMETERS:
- * "errorCode"
- * Value of error code.
- * "cause"
- * Address of Error representing error's cause.
- * NULL if none or unspecified.
- * "info"
- * Address of Object representing error's supplementary information.
- * NULL if none.
- * "desc"
- * Address of String representing error's description. NULL if none.
- * "pError"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Error_Create(
- PKIX_ERRORCLASS errClass,
- PKIX_Error *cause,
- PKIX_PL_Object *info,
- PKIX_ERRORCODE errCode,
- PKIX_Error **pError,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Error_GetErrorClass
- * DESCRIPTION:
- *
- * Retrieves the error class of the Error pointed to by "error" and
- * stores it at "pClass". Supported error codes are defined in pkixt.h.
- *
- * PARAMETERS:
- * "error"
- * Address of Error whose error code is desired. Must be non-NULL.
- * "pClass"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Error_GetErrorClass(
- PKIX_Error *error,
- PKIX_ERRORCLASS *pClass,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Error_GetErrorCode
- * DESCRIPTION:
- *
- * Retrieves the error code of the Error pointed to by "error" and
- * stores it at "pCode". Supported error codes are defined in pkixt.h.
- *
- * PARAMETERS:
- * "error"
- * Address of Error whose error code is desired. Must be non-NULL.
- * "pCode"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Error_GetErrorCode(
- PKIX_Error *error,
- PKIX_ERRORCODE *pCode,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Error_GetCause
- * DESCRIPTION:
- *
- * Retrieves the cause of the Error pointed to by "error" and stores it at
- * "pCause". If no cause was specified, NULL will be stored at "pCause".
- *
- * PARAMETERS:
- * "error"
- * Address of Error whose cause is desired. Must be non-NULL.
- * "pCause"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Error_GetCause(
- PKIX_Error *error,
- PKIX_Error **pCause,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Error_GetSupplementaryInfo
- * DESCRIPTION:
- *
- * Retrieves the supplementary info of the Error pointed to by "error" and
- * stores it at "pInfo".
- *
- * PARAMETERS:
- * "error"
- * Address of Error whose info is desired. Must be non-NULL.
- * "pInfo"
- * Address where info pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Error_GetSupplementaryInfo(
- PKIX_Error *error,
- PKIX_PL_Object **pInfo,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_Error_GetDescription
- * DESCRIPTION:
- *
- * Retrieves the description of the Error pointed to by "error" and stores it
- * at "pDesc". If no description was specified, NULL will be stored at
- * "pDesc".
- *
- * PARAMETERS:
- * "error"
- * Address of Error whose description is desired. Must be non-NULL.
- * "pDesc"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_Error_GetDescription(
- PKIX_Error *error,
- PKIX_PL_String **pDesc,
- void *plContext);
-
-/* PKIX_List
- *
- * Represents a collection of items. NULL is considered a valid item.
- */
-
-/*
- * FUNCTION: PKIX_List_Create
- * DESCRIPTION:
- *
- * Creates a new List and stores it at "pList". The List is initially empty
- * and holds no items. To initially add items to the List, use
- * PKIX_List_AppendItem
- *
- * PARAMETERS:
- * "pList"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_Create(
- PKIX_List **pList,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_List_SetImmutable
- * DESCRIPTION:
- *
- * Sets the List pointed to by "list" to be immutable. If a caller tries to
- * change a List after it has been marked immutable (i.e. by calling
- * PKIX_List_AppendItem, PKIX_List_InsertItem, PKIX_List_SetItem, or
- * PKIX_List_DeleteItem), an Error is returned.
- *
- * PARAMETERS:
- * "list"
- * Address of List to be marked immutable. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "list"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_SetImmutable(
- PKIX_List *list,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_List_IsImmutable
- * DESCRIPTION:
- *
- * Checks whether the List pointed to by "list" is immutable and stores
- * the Boolean result at "pImmutable". If a caller tries to change a List
- * after it has been marked immutable (i.e. by calling PKIX_List_AppendItem,
- * PKIX_List_InsertItem, PKIX_List_SetItem, or PKIX_List_DeleteItem), an
- * Error is returned.
- *
- * PARAMETERS:
- * "list"
- * Address of List whose immutability is to be determined.
- * Must be non-NULL.
- * "pImmutable"
- * Address where PKIX_Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_IsImmutable(
- PKIX_List *list,
- PKIX_Boolean *pImmutable,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_List_GetLength
- * DESCRIPTION:
- *
- * Retrieves the length of the List pointed to by "list" and stores it at
- * "pLength".
- *
- * PARAMETERS:
- * "list"
- * Address of List whose length is desired. Must be non-NULL.
- * "pLength"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_GetLength(
- PKIX_List *list,
- PKIX_UInt32 *pLength,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_List_IsEmpty
- * DESCRIPTION:
- *
- * Checks whether the List pointed to by "list" is empty and stores
- * the Boolean result at "pEmpty".
- *
- * PARAMETERS:
- * "list"
- * Address of List whose emptiness is to be determined. Must be non-NULL.
- * "pEmpty"
- * Address where PKIX_Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_IsEmpty(
- PKIX_List *list,
- PKIX_Boolean *pEmpty,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_List_AppendItem
- * DESCRIPTION:
- *
- * Appends the Object pointed to by "item" after the last non-NULL item in
- * List pointed to by "list", if any. Note that a List may validly contain
- * NULL items. Appending "c" into the List ("a", NULL, "b", NULL) will result
- * in ("a", NULL, "b", "c").
- *
- * PARAMETERS:
- * "list"
- * Address of List to append to. Must be non-NULL.
- * "item"
- * Address of new item to append.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "list"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_AppendItem(
- PKIX_List *list,
- PKIX_PL_Object *item,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_List_InsertItem
- * DESCRIPTION:
- *
- * Inserts the Object pointed to by "item" into the List pointed to by "list"
- * at the given "index". The index counts from zero and must be less than the
- * List's length. Existing list entries at or after this index will be moved
- * to the next highest index.
- *
- * XXX why not allow equal to length which would be equivalent to AppendItem?
- *
- * PARAMETERS:
- * "list"
- * Address of List to insert into. Must be non-NULL.
- * "index"
- * Position to insert into. Must be less than List's length.
- * "item"
- * Address of new item to append.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "list"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_InsertItem(
- PKIX_List *list,
- PKIX_UInt32 index,
- PKIX_PL_Object *item,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_List_GetItem
- * DESCRIPTION:
- *
- * Copies the "list"'s item at "index" into "pItem". The index counts from
- * zero and must be less than the list's length. Increments the reference
- * count on the returned object, if non-NULL.
- *
- * PARAMETERS:
- * "list"
- * Address of List to get item from. Must be non-NULL.
- * "index"
- * Index of list to get item from. Must be less than List's length.
- * "pItem"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_GetItem(
- PKIX_List *list,
- PKIX_UInt32 index,
- PKIX_PL_Object **pItem,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_List_SetItem
- * DESCRIPTION:
- *
- * Sets the item at "index" of the List pointed to by "list" with the Object
- * pointed to by "item". The index counts from zero and must be less than the
- * List's length. The previous entry at this index will have its reference
- * count decremented and the new entry will have its reference count
- * incremented.
- *
- * PARAMETERS:
- * "list"
- * Address of List to modify. Must be non-NULL.
- * "index"
- * Position in List to set. Must be less than List's length.
- * "item"
- * Address of Object to set at "index".
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "list"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_SetItem(
- PKIX_List *list,
- PKIX_UInt32 index,
- PKIX_PL_Object *item,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_List_DeleteItem
- *
- * Deletes the item at "index" from the List pointed to by "list". The index
- * counts from zero and must be less than the List's length. Note that this
- * function does not destroy the List. It simply decrements the reference
- * count of the item at "index" in the List, deletes that item from the list
- * and moves all subsequent entries to a lower index in the list. If there is
- * only a single element in the List and that element is deleted, then the
- * List will be empty.
- *
- * PARAMETERS:
- * "list"
- * Address of List to delete from. Must be non-NULL.
- * "index"
- * Position in List to delete. Must be less than List's length.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "list"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_DeleteItem(
- PKIX_List *list,
- PKIX_UInt32 index,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_List_ReverseList
- * DESCRIPTION:
- *
- * Creates a new List whose elements are in the reverse order as the elements
- * of the Object pointed to by "list" and stores the copy at "pReversedList".
- * If "list" is empty, the new reversed List will be a copy of "list".
- * Changes to the new object will not affect the original and vice versa.
- *
- * PARAMETERS:
- * "list"
- * Address of List whose elements are to be reversed. Must be non-NULL.
- * "pReversedList"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_List_ReverseList(
- PKIX_List *list,
- PKIX_List **pReversedList,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_UTIL_H */
diff --git a/security/nss/lib/libpkix/include/pkixt.h b/security/nss/lib/libpkix/include/pkixt.h
deleted file mode 100755
index 08a5adbce..000000000
--- a/security/nss/lib/libpkix/include/pkixt.h
+++ /dev/null
@@ -1,518 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- * Red Hat, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * This file defines the types in the libpkix API.
- * XXX Maybe we should specify the API version number in all API header files
- *
- */
-
-#ifndef _PKIXT_H
-#define _PKIXT_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "secerr.h"
-
-/* Types
- *
- * This header file provides typedefs for the abstract types used by libpkix.
- * It also provides several useful macros.
- *
- * Note that all these abstract types are typedef'd as opaque structures. This
- * is intended to discourage the caller from looking at the contents directly,
- * since the format of the contents may change from one version of the library
- * to the next. Instead, callers should only access these types using the
- * functions defined in the public header files.
- *
- * An instance of an abstract type defined in this file is called an "object"
- * here, although C does not have real support for objects.
- *
- * Because C does not typically have automatic garbage collection, the caller
- * is expected to release the reference to any object that they create or that
- * is returned to them by a libpkix function. The caller should do this by
- * using the PKIX_PL_Object_DecRef function. Note that the caller should not
- * release the reference to an object if the object has been passed to a
- * libpkix function and that function has not returned.
- *
- * Please refer to libpkix Programmer's Guide for more details.
- */
-
-/* Version
- *
- * These macros specify the major and minor version of the libpkix API defined
- * by this header file.
- */
-
-#define PKIX_MAJOR_VERSION ((PKIX_UInt32) 0)
-#define PKIX_MINOR_VERSION ((PKIX_UInt32) 3)
-
-/* Maximum minor version
- *
- * This macro is used to specify that the caller wants the largest minor
- * version available.
- */
-
-#define PKIX_MAX_MINOR_VERSION ((PKIX_UInt32) 4000000000)
-
-/* Define Cert Store type for database access */
-#define PKIX_STORE_TYPE_NONE 0
-#define PKIX_STORE_TYPE_PK11 1
-
-/* Portable Code (PC) data types
- *
- * These types are used to perform the primary operations of this library:
- * building and validating chains of X.509 certificates.
- */
-
-typedef struct PKIX_ErrorStruct PKIX_Error;
-typedef struct PKIX_ProcessingParamsStruct PKIX_ProcessingParams;
-typedef struct PKIX_ValidateParamsStruct PKIX_ValidateParams;
-typedef struct PKIX_ValidateResultStruct PKIX_ValidateResult;
-typedef struct PKIX_ResourceLimitsStruct PKIX_ResourceLimits;
-typedef struct PKIX_BuildResultStruct PKIX_BuildResult;
-typedef struct PKIX_CertStoreStruct PKIX_CertStore;
-typedef struct PKIX_CertChainCheckerStruct PKIX_CertChainChecker;
-typedef struct PKIX_RevocationCheckerStruct PKIX_RevocationChecker;
-typedef struct PKIX_CertSelectorStruct PKIX_CertSelector;
-typedef struct PKIX_CRLSelectorStruct PKIX_CRLSelector;
-typedef struct PKIX_ComCertSelParamsStruct PKIX_ComCertSelParams;
-typedef struct PKIX_ComCRLSelParamsStruct PKIX_ComCRLSelParams;
-typedef struct PKIX_TrustAnchorStruct PKIX_TrustAnchor;
-typedef struct PKIX_PolicyNodeStruct PKIX_PolicyNode;
-typedef struct PKIX_LoggerStruct PKIX_Logger;
-typedef struct PKIX_ListStruct PKIX_List;
-typedef struct PKIX_ForwardBuilderStateStruct PKIX_ForwardBuilderState;
-typedef struct PKIX_DefaultRevocationCheckerStruct
- PKIX_DefaultRevocationChecker;
-typedef struct PKIX_VerifyNodeStruct PKIX_VerifyNode;
-
-/* Portability Layer (PL) data types
- *
- * These types are used are used as portable data types that are defined
- * consistently across platforms
- */
-
-typedef struct PKIX_PL_NssContextStruct PKIX_PL_NssContext;
-typedef struct PKIX_PL_ObjectStruct PKIX_PL_Object;
-typedef struct PKIX_PL_ByteArrayStruct PKIX_PL_ByteArray;
-typedef struct PKIX_PL_HashTableStruct PKIX_PL_HashTable;
-typedef struct PKIX_PL_MutexStruct PKIX_PL_Mutex;
-typedef struct PKIX_PL_RWLockStruct PKIX_PL_RWLock;
-typedef struct PKIX_PL_MonitorLockStruct PKIX_PL_MonitorLock;
-typedef struct PKIX_PL_BigIntStruct PKIX_PL_BigInt;
-typedef struct PKIX_PL_StringStruct PKIX_PL_String;
-typedef struct PKIX_PL_OIDStruct PKIX_PL_OID;
-typedef struct PKIX_PL_CertStruct PKIX_PL_Cert;
-typedef struct PKIX_PL_GeneralNameStruct PKIX_PL_GeneralName;
-typedef struct PKIX_PL_X500NameStruct PKIX_PL_X500Name;
-typedef struct PKIX_PL_PublicKeyStruct PKIX_PL_PublicKey;
-typedef struct PKIX_PL_DateStruct PKIX_PL_Date;
-typedef struct PKIX_PL_CertNameConstraintsStruct PKIX_PL_CertNameConstraints;
-typedef struct PKIX_PL_CertBasicConstraintsStruct PKIX_PL_CertBasicConstraints;
-typedef struct PKIX_PL_CertPoliciesStruct PKIX_PL_CertPolicies;
-typedef struct PKIX_PL_CertPolicyInfoStruct PKIX_PL_CertPolicyInfo;
-typedef struct PKIX_PL_CertPolicyQualifierStruct PKIX_PL_CertPolicyQualifier;
-typedef struct PKIX_PL_CertPolicyMapStruct PKIX_PL_CertPolicyMap;
-typedef struct PKIX_PL_CRLStruct PKIX_PL_CRL;
-typedef struct PKIX_PL_CRLEntryStruct PKIX_PL_CRLEntry;
-typedef struct PKIX_PL_CollectionCertStoreStruct PKIX_PL_CollectionCertStore;
-typedef struct PKIX_PL_CollectionCertStoreContext
- PKIX_PL_CollectionCertStoreContext;
-typedef struct PKIX_PL_LdapCertStoreContext PKIX_PL_LdapCertStoreContext;
-typedef struct PKIX_PL_LdapRequestStruct PKIX_PL_LdapRequest;
-typedef struct PKIX_PL_LdapResponseStruct PKIX_PL_LdapResponse;
-typedef struct PKIX_PL_LdapDefaultClientStruct PKIX_PL_LdapDefaultClient;
-typedef struct PKIX_PL_SocketStruct PKIX_PL_Socket;
-typedef struct PKIX_PL_InfoAccessStruct PKIX_PL_InfoAccess;
-typedef struct PKIX_PL_AIAMgrStruct PKIX_PL_AIAMgr;
-typedef struct PKIX_PL_OcspCertIDStruct PKIX_PL_OcspCertID;
-typedef struct PKIX_PL_OcspRequestStruct PKIX_PL_OcspRequest;
-typedef struct PKIX_PL_OcspResponseStruct PKIX_PL_OcspResponse;
-typedef struct PKIX_PL_HttpClientStruct PKIX_PL_HttpClient;
-typedef struct PKIX_PL_HttpDefaultClientStruct PKIX_PL_HttpDefaultClient;
-typedef struct PKIX_PL_HttpCertStoreContextStruct PKIX_PL_HttpCertStoreContext;
-
-/* Primitive types
- *
- * In order to guarantee desired behavior as well as platform-independence, we
- * typedef these types depending on the platform. XXX This needs more work!
- */
-
-/* XXX Try compiling these files (and maybe the whole libpkix-nss) on Win32.
- * We don't know what type is at least 32 bits long. ISO C probably requires
- * at least 32 bits for long. we could default to that and only list platforms
- * where that's not true.
- *
- * #elif
- * #error
- * #endif
- */
-
-/* currently, int is 32 bits on all our supported platforms */
-
-typedef unsigned int PKIX_UInt32;
-typedef int PKIX_Int32;
-
-typedef int PKIX_Boolean;
-
-/* Object Types
- *
- * Every reference-counted PKIX_PL_Object is associated with an integer type.
- */
-#define PKIX_TYPES \
- TYPEMACRO(AIAMGR), \
- TYPEMACRO(BASICCONSTRAINTSCHECKERSTATE), \
- TYPEMACRO(BIGINT), \
- TYPEMACRO(BUILDRESULT), \
- TYPEMACRO(BYTEARRAY), \
- TYPEMACRO(CERT), \
- TYPEMACRO(CERTBASICCONSTRAINTS), \
- TYPEMACRO(CERTCHAINCHECKER), \
- TYPEMACRO(CERTNAMECONSTRAINTS), \
- TYPEMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \
- TYPEMACRO(CERTPOLICYCHECKERSTATE), \
- TYPEMACRO(CERTPOLICYINFO), \
- TYPEMACRO(CERTPOLICYMAP), \
- TYPEMACRO(CERTPOLICYNODE), \
- TYPEMACRO(CERTPOLICYQUALIFIER), \
- TYPEMACRO(CERTSELECTOR), \
- TYPEMACRO(CERTSTORE), \
- TYPEMACRO(COLLECTIONCERTSTORECONTEXT), \
- TYPEMACRO(COMCERTSELPARAMS), \
- TYPEMACRO(COMCRLSELPARAMS), \
- TYPEMACRO(CRL), \
- TYPEMACRO(CRLDP), \
- TYPEMACRO(CRLENTRY), \
- TYPEMACRO(CRLSELECTOR), \
- TYPEMACRO(DATE), \
- TYPEMACRO(CRLCHECKER), \
- TYPEMACRO(EKUCHECKER), \
- TYPEMACRO(ERROR), \
- TYPEMACRO(FORWARDBUILDERSTATE), \
- TYPEMACRO(GENERALNAME), \
- TYPEMACRO(HASHTABLE), \
- TYPEMACRO(HTTPCERTSTORECONTEXT), \
- TYPEMACRO(HTTPDEFAULTCLIENT), \
- TYPEMACRO(INFOACCESS), \
- TYPEMACRO(LDAPDEFAULTCLIENT), \
- TYPEMACRO(LDAPREQUEST), \
- TYPEMACRO(LDAPRESPONSE), \
- TYPEMACRO(LIST), \
- TYPEMACRO(LOGGER), \
- TYPEMACRO(MONITORLOCK), \
- TYPEMACRO(MUTEX), \
- TYPEMACRO(OBJECT), \
- TYPEMACRO(OCSPCERTID), \
- TYPEMACRO(OCSPCHECKER), \
- TYPEMACRO(OCSPREQUEST), \
- TYPEMACRO(OCSPRESPONSE), \
- TYPEMACRO(OID), \
- TYPEMACRO(REVOCATIONCHECKER), \
- TYPEMACRO(PROCESSINGPARAMS), \
- TYPEMACRO(PUBLICKEY), \
- TYPEMACRO(RESOURCELIMITS), \
- TYPEMACRO(RWLOCK), \
- TYPEMACRO(SIGNATURECHECKERSTATE), \
- TYPEMACRO(SOCKET), \
- TYPEMACRO(STRING), \
- TYPEMACRO(TARGETCERTCHECKERSTATE), \
- TYPEMACRO(TRUSTANCHOR), \
- TYPEMACRO(VALIDATEPARAMS), \
- TYPEMACRO(VALIDATERESULT), \
- TYPEMACRO(VERIFYNODE), \
- TYPEMACRO(X500NAME)
-
-#define TYPEMACRO(type) PKIX_ ## type ## _TYPE
-
-typedef enum { /* Now invoke all those TYPEMACROs to assign the numbers */
- PKIX_TYPES,
- PKIX_NUMTYPES /* This gets PKIX_NUMTYPES defined as the total number */
-} PKIX_TYPENUM;
-
-
-#ifdef PKIX_USER_OBJECT_TYPE
-
-/* User Define Object Types
- *
- * User may define their own object types offset from PKIX_USER_OBJECT_TYPE
- */
-#define PKIX_USER_OBJECT_TYPEBASE 1000
-
-#endif /* PKIX_USER_OBJECT_TYPE */
-
-/* Error Codes
- *
- * This list is used to define a set of PKIX_Error exception class numbers.
- * ERRMACRO is redefined to produce a corresponding set of
- * strings in the table "const char *PKIX_ERRORCLASSNAMES[PKIX_NUMERRORCLASSES]" in
- * pkix_error.c. For example, since the fifth ERRMACRO entry is MUTEX, then
- * PKIX_MUTEX_ERROR is defined in pkixt.h as 4, and PKIX_ERRORCLASSNAMES[4] is
- * initialized in pkix_error.c with the value "MUTEX".
- */
-#define PKIX_ERRORCLASSES \
- ERRMACRO(AIAMGR), \
- ERRMACRO(BASICCONSTRAINTSCHECKERSTATE), \
- ERRMACRO(BIGINT), \
- ERRMACRO(BUILD), \
- ERRMACRO(BUILDRESULT), \
- ERRMACRO(BYTEARRAY), \
- ERRMACRO(CERT), \
- ERRMACRO(CERTBASICCONSTRAINTS), \
- ERRMACRO(CERTCHAINCHECKER), \
- ERRMACRO(CERTNAMECONSTRAINTS), \
- ERRMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \
- ERRMACRO(CERTPOLICYCHECKERSTATE), \
- ERRMACRO(CERTPOLICYINFO), \
- ERRMACRO(CERTPOLICYMAP), \
- ERRMACRO(CERTPOLICYNODE), \
- ERRMACRO(CERTPOLICYQUALIFIER), \
- ERRMACRO(CERTSELECTOR), \
- ERRMACRO(CERTSTORE), \
- ERRMACRO(CERTVFYPKIX), \
- ERRMACRO(COLLECTIONCERTSTORECONTEXT), \
- ERRMACRO(COMCERTSELPARAMS), \
- ERRMACRO(COMCRLSELPARAMS), \
- ERRMACRO(CONTEXT), \
- ERRMACRO(CRL), \
- ERRMACRO(CRLDP), \
- ERRMACRO(CRLENTRY), \
- ERRMACRO(CRLSELECTOR), \
- ERRMACRO(CRLCHECKER), \
- ERRMACRO(DATE), \
- ERRMACRO(EKUCHECKER), \
- ERRMACRO(ERROR), \
- ERRMACRO(FATAL), \
- ERRMACRO(FORWARDBUILDERSTATE), \
- ERRMACRO(GENERALNAME), \
- ERRMACRO(HASHTABLE), \
- ERRMACRO(HTTPCERTSTORECONTEXT), \
- ERRMACRO(HTTPDEFAULTCLIENT), \
- ERRMACRO(INFOACCESS), \
- ERRMACRO(LDAPCLIENT), \
- ERRMACRO(LDAPDEFAULTCLIENT), \
- ERRMACRO(LDAPREQUEST), \
- ERRMACRO(LDAPRESPONSE), \
- ERRMACRO(LIFECYCLE), \
- ERRMACRO(LIST), \
- ERRMACRO(LOGGER), \
- ERRMACRO(MEM), \
- ERRMACRO(MONITORLOCK), \
- ERRMACRO(MUTEX), \
- ERRMACRO(OBJECT), \
- ERRMACRO(OCSPCERTID), \
- ERRMACRO(OCSPCHECKER), \
- ERRMACRO(OCSPREQUEST), \
- ERRMACRO(OCSPRESPONSE), \
- ERRMACRO(OID), \
- ERRMACRO(PROCESSINGPARAMS), \
- ERRMACRO(PUBLICKEY), \
- ERRMACRO(RESOURCELIMITS), \
- ERRMACRO(REVOCATIONMETHOD), \
- ERRMACRO(REVOCATIONCHECKER), \
- ERRMACRO(RWLOCK), \
- ERRMACRO(SIGNATURECHECKERSTATE), \
- ERRMACRO(SOCKET), \
- ERRMACRO(STRING), \
- ERRMACRO(TARGETCERTCHECKERSTATE), \
- ERRMACRO(TRUSTANCHOR), \
- ERRMACRO(USERDEFINEDMODULES), \
- ERRMACRO(VALIDATE), \
- ERRMACRO(VALIDATEPARAMS), \
- ERRMACRO(VALIDATERESULT), \
- ERRMACRO(VERIFYNODE), \
- ERRMACRO(X500NAME)
-
-#define ERRMACRO(type) PKIX_ ## type ## _ERROR
-
-typedef enum { /* Now invoke all those ERRMACROs to assign the numbers */
- PKIX_ERRORCLASSES,
- PKIX_NUMERRORCLASSES /* This gets PKIX_NUMERRORCLASSES defined as the total number */
-} PKIX_ERRORCLASS;
-
-/* Now define error strings (for internationalization) */
-
-#define PKIX_ERRORENTRY(name,desc,plerr) PKIX_ ## name
-
-/* Define all the error numbers */
-typedef enum {
-#include "pkix_errorstrings.h"
-} PKIX_ERRORCODE;
-
-extern const char * const PKIX_ErrorText[];
-
-/* String Formats
- *
- * These formats specify supported encoding formats for Strings.
- */
-
-#define PKIX_ESCASCII 0
-#define PKIX_UTF8 1
-#define PKIX_UTF16 2
-#define PKIX_UTF8_NULL_TERM 3
-#define PKIX_ESCASCII_DEBUG 4
-
-/* Name Types
- *
- * These types specify supported formats for GeneralNames.
- */
-
-#define PKIX_OTHER_NAME 1
-#define PKIX_RFC822_NAME 2
-#define PKIX_DNS_NAME 3
-#define PKIX_X400_ADDRESS 4
-#define PKIX_DIRECTORY_NAME 5
-#define PKIX_EDIPARTY_NAME 6
-#define PKIX_URI_NAME 7
-#define PKIX_IP_NAME 8
-#define PKIX_OID_NAME 9
-
-/* Key Usages
- *
- * These types specify supported Key Usages
- */
-
-#define PKIX_DIGITAL_SIGNATURE 0x001
-#define PKIX_NON_REPUDIATION 0x002
-#define PKIX_KEY_ENCIPHERMENT 0x004
-#define PKIX_DATA_ENCIPHERMENT 0x008
-#define PKIX_KEY_AGREEMENT 0x010
-#define PKIX_KEY_CERT_SIGN 0x020
-#define PKIX_CRL_SIGN 0x040
-#define PKIX_ENCIPHER_ONLY 0x080
-#define PKIX_DECIPHER_ONLY 0x100
-
-/* Reason Flags
- *
- * These macros specify supported Reason Flags
- */
-
-#define PKIX_UNUSED 0x001
-#define PKIX_KEY_COMPROMISE 0x002
-#define PKIX_CA_COMPROMISE 0x004
-#define PKIX_AFFILIATION_CHANGED 0x008
-#define PKIX_SUPERSEDED 0x010
-#define PKIX_CESSATION_OF_OPERATION 0x020
-#define PKIX_CERTIFICATE_HOLD 0x040
-#define PKIX_PRIVILEGE_WITHDRAWN 0x080
-#define PKIX_AA_COMPROMISE 0x100
-
-/* Boolean values
- *
- * These macros specify the Boolean values of TRUE and FALSE
- * XXX Is it the case that any non-zero value is actually considered TRUE
- * and this is just a convenient mnemonic macro?
- */
-
-#define PKIX_TRUE ((PKIX_Boolean) 1)
-#define PKIX_FALSE ((PKIX_Boolean) 0)
-
-/*
- * Define constants for basic constraints selector
- * (see comments in pkix_certsel.h)
- */
-
-#define PKIX_CERTSEL_ENDENTITY_MIN_PATHLENGTH (-2)
-#define PKIX_CERTSEL_ALL_MATCH_MIN_PATHLENGTH (-1)
-
-/*
- * PKIX_ALLOC_ERROR is a special error object hard-coded into the pkix_error.o
- * object file. It is thrown if system memory cannot be allocated or may be
- * thrown for other unrecoverable errors. PKIX_ALLOC_ERROR is immutable.
- * IncRef, DecRef and all Settor functions cannot be called.
- * XXX Does anyone actually need to know about this?
- * XXX Why no DecRef? Would be good to handle it the same.
- */
-
-PKIX_Error* PKIX_ALLOC_ERROR(void);
-
-/*
- * In a CertBasicConstraints extension, if the CA flag is set,
- * indicating the certificate refers to a Certification
- * Authority, then the pathLen field indicates how many intermediate
- * certificates (not counting self-signed ones) can exist in a valid
- * chain following this certificate. If the pathLen has the value
- * of this constant, then the length of the chain is unlimited
- */
-#define PKIX_UNLIMITED_PATH_CONSTRAINT ((PKIX_Int32) -1)
-
-/*
- * Define Certificate Extension hard-coded OID's
- */
-#define PKIX_UNKNOWN_OID SEC_OID_UNKNOWN
-#define PKIX_CERTKEYUSAGE_OID SEC_OID_X509_KEY_USAGE
-#define PKIX_CERTSUBJALTNAME_OID SEC_OID_X509_SUBJECT_ALT_NAME
-#define PKIX_BASICCONSTRAINTS_OID SEC_OID_X509_BASIC_CONSTRAINTS
-#define PKIX_CRLREASONCODE_OID SEC_OID_X509_REASON_CODE
-#define PKIX_NAMECONSTRAINTS_OID SEC_OID_X509_NAME_CONSTRAINTS
-#define PKIX_CERTIFICATEPOLICIES_OID SEC_OID_X509_CERTIFICATE_POLICIES
-#define PKIX_CERTIFICATEPOLICIES_ANYPOLICY_OID SEC_OID_X509_ANY_POLICY
-#define PKIX_POLICYMAPPINGS_OID SEC_OID_X509_POLICY_MAPPINGS
-#define PKIX_POLICYCONSTRAINTS_OID SEC_OID_X509_POLICY_CONSTRAINTS
-#define PKIX_EXTENDEDKEYUSAGE_OID SEC_OID_X509_EXT_KEY_USAGE
-#define PKIX_INHIBITANYPOLICY_OID SEC_OID_X509_INHIBIT_ANY_POLICY
-#define PKIX_NSCERTTYPE_OID SEC_OID_NS_CERT_EXT_CERT_TYPE
-#define PKIX_KEY_USAGE_SERVER_AUTH_OID SEC_OID_EXT_KEY_USAGE_SERVER_AUTH
-#define PKIX_KEY_USAGE_CLIENT_AUTH_OID SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH
-#define PKIX_KEY_USAGE_CODE_SIGN_OID SEC_OID_EXT_KEY_USAGE_CODE_SIGN
-#define PKIX_KEY_USAGE_EMAIL_PROTECT_OID SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT
-#define PKIX_KEY_USAGE_TIME_STAMP_OID SEC_OID_EXT_KEY_USAGE_TIME_STAMP
-#define PKIX_KEY_USAGE_OCSP_RESPONDER_OID SEC_OID_OCSP_RESPONDER
-
-
-/* Available revocation method types. */
-typedef enum PKIX_RevocationMethodTypeEnum {
- PKIX_RevocationMethod_CRL = 0,
- PKIX_RevocationMethod_OCSP,
- PKIX_RevocationMethod_MAX,
-} PKIX_RevocationMethodType;
-
-/* A set of statuses revocation checker operates on */
-typedef enum PKIX_RevocationStatusEnum {
- PKIX_RevStatus_NoInfo = 0,
- PKIX_RevStatus_Revoked,
- PKIX_RevStatus_Success,
-} PKIX_RevocationStatus;
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIXT_H */
diff --git a/security/nss/lib/libpkix/manifest.mn b/security/nss/lib/libpkix/manifest.mn
deleted file mode 100755
index 9836689e9..000000000
--- a/security/nss/lib/libpkix/manifest.mn
+++ /dev/null
@@ -1,46 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../..
-DEPTH = ../../..
-
-#
-DIRS = include pkix pkix_pl_nss \
- $(NULL)
-
-# This part of the code, including all sub-dirs, can be optimized for size
-export ALLOW_OPT_CODE_SIZE = 1
diff --git a/security/nss/lib/libpkix/pkix/Makefile b/security/nss/lib/libpkix/pkix/Makefile
deleted file mode 100755
index a06b8bed4..000000000
--- a/security/nss/lib/libpkix/pkix/Makefile
+++ /dev/null
@@ -1,81 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
diff --git a/security/nss/lib/libpkix/pkix/certsel/Makefile b/security/nss/lib/libpkix/pkix/certsel/Makefile
deleted file mode 100755
index a06b8bed4..000000000
--- a/security/nss/lib/libpkix/pkix/certsel/Makefile
+++ /dev/null
@@ -1,81 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
diff --git a/security/nss/lib/libpkix/pkix/certsel/config.mk b/security/nss/lib/libpkix/pkix/certsel/config.mk
deleted file mode 100755
index 6f3fb7b4b..000000000
--- a/security/nss/lib/libpkix/pkix/certsel/config.mk
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/libpkix/pkix/certsel/manifest.mn b/security/nss/lib/libpkix/pkix/certsel/manifest.mn
deleted file mode 100755
index c5d1b4e01..000000000
--- a/security/nss/lib/libpkix/pkix/certsel/manifest.mn
+++ /dev/null
@@ -1,58 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../../../..
-
-EXPORTS = \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- pkix_certselector.h \
- pkix_comcertselparams.h \
- $(NULL)
-
-MODULE = nss
-
-CSRCS = \
- pkix_certselector.c \
- pkix_comcertselparams.c \
- $(NULL)
-
-REQUIRES = dbm
-
-LIBRARY_NAME = pkixcertsel
-
diff --git a/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c b/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c
deleted file mode 100755
index 23eda7ac1..000000000
--- a/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c
+++ /dev/null
@@ -1,1666 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_certselector.c
- *
- * CertSelector Object Functions
- *
- */
-
-#include "pkix_certselector.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_CertSelector_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_CertSelector_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_CertSelector *selector = NULL;
-
- PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- /* Check that this object is a cert selector */
- PKIX_CHECK(pkix_CheckType(object, PKIX_CERTSELECTOR_TYPE, plContext),
- PKIX_OBJECTNOTCERTSELECTOR);
-
- selector = (PKIX_CertSelector *)object;
- PKIX_DECREF(selector->params);
- PKIX_DECREF(selector->context);
-
-cleanup:
-
- PKIX_RETURN(CERTSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CertSelector_Duplicate
- * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_CertSelector_Duplicate(
- PKIX_PL_Object *object,
- PKIX_PL_Object **pNewObject,
- void *plContext)
-{
- PKIX_CertSelector *certSelector = NULL;
- PKIX_CertSelector *certSelectorDuplicate = NULL;
-
- PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Duplicate");
- PKIX_NULLCHECK_TWO(object, pNewObject);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CERTSELECTOR_TYPE, plContext),
- PKIX_OBJECTNOTCERTSELECTOR);
-
- certSelector = (PKIX_CertSelector *)object;
-
- PKIX_CHECK(PKIX_CertSelector_Create
- (certSelector->matchCallback,
- certSelector->context,
- &certSelectorDuplicate,
- plContext),
- PKIX_CERTSELECTORCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_Duplicate
- ((PKIX_PL_Object *)certSelector->params,
- (PKIX_PL_Object **)&certSelectorDuplicate->params,
- plContext),
- PKIX_OBJECTDUPLICATEFAILED);
-
- *pNewObject = (PKIX_PL_Object *)certSelectorDuplicate;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(certSelectorDuplicate);
- }
-
- PKIX_RETURN(CERTSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CertSelector_Match_BasicConstraint
- * DESCRIPTION:
- *
- * Determines whether the Cert pointed to by "cert" matches the basic
- * constraints criterion using the basic constraints field of the
- * ComCertSelParams pointed to by "params". If the basic constraints field is
- * -1, no basic constraints check is done and the Cert is considered to match
- * the basic constraints criterion. If the Cert does not match the basic
- * constraints criterion, an Error pointer is returned.
- *
- * In order to match against this criterion, there are several possibilities.
- *
- * 1) If the criterion's minimum path length is greater than or equal to zero,
- * a certificate must include a BasicConstraints extension with a pathLen of
- * at least this value.
- *
- * 2) If the criterion's minimum path length is -2, a certificate must be an
- * end-entity certificate.
- *
- * 3) If the criterion's minimum path length is -1, no basic constraints check
- * is done and all certificates are considered to match this criterion.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams whose basic constraints field is used.
- * Must be non-NULL.
- * "cert"
- * Address of Cert that is to be matched. Must be non-NULL.
- * "pResult"
- * Address of PKIX_Boolean that returns the match result.
- * "plContext"
- * Platform-specific context pointer.
- * OUTPUT PARAMETERS ON FAILURE:
- * If the function returns a failure,
- * the output parameters of this function are undefined.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_CertSelector_Match_BasicConstraint(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PL_CertBasicConstraints *basicConstraints = NULL;
- PKIX_Boolean caFlag = PKIX_FALSE; /* EE Cert by default */
- PKIX_Int32 pathLength = 0;
- PKIX_Int32 minPathLength = 0;
-
- PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_BasicConstraint");
- PKIX_NULLCHECK_THREE(params, cert, pResult);
- *pResult = PKIX_TRUE;
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetBasicConstraints
- (params, &minPathLength, plContext),
- PKIX_COMCERTSELPARAMSGETBASICCONSTRAINTSFAILED);
-
- /* If the minPathLength is unlimited (-1), no checking */
- if (minPathLength == PKIX_CERTSEL_ALL_MATCH_MIN_PATHLENGTH) {
- goto cleanup;
- }
-
- PKIX_CHECK(PKIX_PL_Cert_GetBasicConstraints
- (cert, &basicConstraints, plContext),
- PKIX_CERTGETBASICCONSTRAINTSFAILED);
-
- if (basicConstraints != NULL) {
- PKIX_CHECK(PKIX_PL_BasicConstraints_GetCAFlag
- (basicConstraints, &caFlag, plContext),
- PKIX_BASICCONSTRAINTSGETCAFLAGFAILED);
-
- PKIX_CHECK(PKIX_PL_BasicConstraints_GetPathLenConstraint
- (basicConstraints, &pathLength, plContext),
- PKIX_BASICCONSTRAINTSGETPATHLENCONSTRAINTFAILED);
- }
-
- /*
- * if minPathLength >= 0, the cert must have a BasicConstraints ext and
- * the pathLength in this cert
- * BasicConstraints needs to be >= minPathLength.
- */
- if (minPathLength >= 0){
- if ((!basicConstraints) || (caFlag == PKIX_FALSE)){
- PKIX_ERROR(PKIX_CERTNOTALLOWEDTOSIGNCERTIFICATES);
- } else if ((pathLength != PKIX_UNLIMITED_PATH_CONSTRAINT) &&
- (pathLength < minPathLength)){
- PKIX_CERTSELECTOR_DEBUG
- ("Basic Constraints path length match failed\n");
- *pResult = PKIX_FALSE;
- PKIX_ERROR(PKIX_PATHLENCONSTRAINTINVALID);
- }
- }
-
- /* if the minPathLength is -2, this cert must be an end-entity cert. */
- if (minPathLength == PKIX_CERTSEL_ENDENTITY_MIN_PATHLENGTH) {
- if (caFlag == PKIX_TRUE) {
- PKIX_CERTSELECTOR_DEBUG
- ("Basic Constraints end-entity match failed\n");
- *pResult = PKIX_FALSE;
- PKIX_ERROR(PKIX_PATHLENCONSTRAINTINVALID);
- }
- }
-
-cleanup:
-
- PKIX_DECREF(basicConstraints);
- PKIX_RETURN(CERTSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CertSelector_Match_Policies
- * DESCRIPTION:
- *
- * Determines whether the Cert pointed to by "cert" matches the policy
- * constraints specified in the ComCertsSelParams given by "params".
- * If "params" specifies a policy constraint of NULL, all certificates
- * match. If "params" specifies an empty list, "cert" must have at least
- * some policy. Otherwise "cert" must include at least one of the
- * policies in the list. See the description of PKIX_CertSelector in
- * pkix_certsel.h for more.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams whose policy criterion (if any) is used.
- * Must be non-NULL.
- * "cert"
- * Address of Cert that is to be matched. Must be non-NULL.
- * "pResult"
- * Address of PKIX_Boolean that returns the match result.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_CertSelector_Match_Policies(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_UInt32 numConstraintPolicies = 0;
- PKIX_UInt32 numCertPolicies = 0;
- PKIX_UInt32 certPolicyIndex = 0;
- PKIX_Boolean result = PKIX_FALSE;
- PKIX_List *constraintPolicies = NULL; /* List of PKIX_PL_OID */
- PKIX_List *certPolicyInfos = NULL; /* List of PKIX_PL_CertPolicyInfo */
- PKIX_PL_CertPolicyInfo *policyInfo = NULL;
- PKIX_PL_OID *polOID = NULL;
-
- PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_Policies");
- PKIX_NULLCHECK_THREE(params, cert, pResult);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetPolicy
- (params, &constraintPolicies, plContext),
- PKIX_COMCERTSELPARAMSGETPOLICYFAILED);
-
- /* If constraintPolicies is NULL, all certificates "match" */
- if (constraintPolicies) {
- PKIX_CHECK(PKIX_PL_Cert_GetPolicyInformation
- (cert, &certPolicyInfos, plContext),
- PKIX_CERTGETPOLICYINFORMATIONFAILED);
-
- /* No hope of a match if cert has no policies */
- if (!certPolicyInfos) {
- PKIX_CERTSELECTOR_DEBUG("Certificate has no policies\n");
- *pResult = PKIX_FALSE;
- PKIX_ERROR(PKIX_CERTSELECTORMATCHPOLICIESFAILED);
- }
-
- PKIX_CHECK(PKIX_List_GetLength
- (constraintPolicies, &numConstraintPolicies, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- if (numConstraintPolicies > 0) {
-
- PKIX_CHECK(PKIX_List_GetLength
- (certPolicyInfos, &numCertPolicies, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (certPolicyIndex = 0;
- ((!result) && (certPolicyIndex < numCertPolicies));
- certPolicyIndex++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (certPolicyInfos,
- certPolicyIndex,
- (PKIX_PL_Object **)&policyInfo,
- plContext),
- PKIX_LISTGETELEMENTFAILED);
- PKIX_CHECK(PKIX_PL_CertPolicyInfo_GetPolicyId
- (policyInfo, &polOID, plContext),
- PKIX_CERTPOLICYINFOGETPOLICYIDFAILED);
-
- PKIX_CHECK(pkix_List_Contains
- (constraintPolicies,
- (PKIX_PL_Object *)polOID,
- &result,
- plContext),
- PKIX_LISTCONTAINSFAILED);
- PKIX_DECREF(policyInfo);
- PKIX_DECREF(polOID);
- }
- if (!result) {
- *pResult = PKIX_FALSE;
- PKIX_ERROR(PKIX_CERTSELECTORMATCHPOLICIESFAILED);
- }
- }
- }
-
-cleanup:
-
- PKIX_DECREF(constraintPolicies);
- PKIX_DECREF(certPolicyInfos);
- PKIX_DECREF(policyInfo);
- PKIX_DECREF(polOID);
-
- PKIX_RETURN(CERTSELECTOR);
-
-}
-
-/*
- * FUNCTION: pkix_CertSelector_Match_CertificateValid
- * DESCRIPTION:
- *
- * Determines whether the Cert pointed to by "cert" matches the certificate
- * validity criterion using the CertificateValid field of the
- * ComCertSelParams pointed to by "params". If the CertificateValid field is
- * NULL, no validity check is done and the Cert is considered to match
- * the CertificateValid criterion. If the CertificateValid field specifies a
- * Date prior to the notBefore field in the Cert, or greater than the notAfter
- * field in the Cert, an Error is returned.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams whose certValid field is used.
- * Must be non-NULL.
- * "cert"
- * Address of Cert that is to be matched. Must be non-NULL.
- * "pResult"
- * Address of PKIX_Boolean that returns the match result.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_CertSelector_Match_CertificateValid(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PL_Date *validityTime = NULL;
-
- PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_CertificateValid");
- PKIX_NULLCHECK_THREE(params, cert, pResult);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetCertificateValid
- (params, &validityTime, plContext),
- PKIX_COMCERTSELPARAMSGETCERTIFICATEVALIDFAILED);
-
- /* If the validityTime is not set, all certificates are acceptable */
- if (validityTime) {
- PKIX_CHECK(PKIX_PL_Cert_CheckValidity
- (cert, validityTime, plContext),
- PKIX_CERTCHECKVALIDITYFAILED);
- }
-
-cleanup:
- if (PKIX_ERROR_RECEIVED) {
- *pResult = PKIX_FALSE;
- }
- PKIX_DECREF(validityTime);
-
- PKIX_RETURN(CERTSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CertSelector_Match_NameConstraints
- * DESCRIPTION:
- *
- * Determines whether the Cert pointed to by "cert" matches the name
- * constraints criterion specified in the ComCertSelParams pointed to by
- * "params". If the name constraints field is NULL, no name constraints check
- * is done and the Cert is considered to match the name constraints criterion.
- * If the Cert does not match the name constraints criterion, an Error pointer
- * is returned.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams whose name constraints field is used.
- * Must be non-NULL.
- * "cert"
- * Address of Cert that is to be matched. Must be non-NULL.
- * "pResult"
- * Address of PKIX_Boolean that returns the match result.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_CertSelector_Match_NameConstraints(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PL_CertNameConstraints *nameConstraints = NULL;
-
- PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_NameConstraints");
- PKIX_NULLCHECK_THREE(params, cert, pResult);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetNameConstraints
- (params, &nameConstraints, plContext),
- PKIX_COMCERTSELPARAMSGETNAMECONSTRAINTSFAILED);
-
- if (nameConstraints != NULL) {
-
- PKIX_CHECK(PKIX_PL_Cert_CheckNameConstraints
- (cert, nameConstraints, plContext),
- PKIX_CERTCHECKNAMECONSTRAINTSFAILED);
- }
-
-cleanup:
- if (PKIX_ERROR_RECEIVED) {
- *pResult = PKIX_FALSE;
- }
-
- PKIX_DECREF(nameConstraints);
- PKIX_RETURN(CERTSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CertSelector_Match_PathToNames
- * DESCRIPTION:
- *
- * Determines whether the names at pathToNames in "params" complies with the
- * NameConstraints pointed to by "cert". If the pathToNames field is NULL
- * or there is no name constraints for this "cert", no checking is done
- * and the Cert is considered to match the name constraints criterion.
- * If the Cert does not match the name constraints criterion, an Error
- * pointer is returned.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams whose PathToNames field is used.
- * Must be non-NULL.
- * "cert"
- * Address of Cert that is to be matched. Must be non-NULL.
- * "pResult"
- * Address of PKIX_Boolean that returns the match result.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_CertSelector_Match_PathToNames(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_List *pathToNamesList = NULL;
- PKIX_Boolean passed = PKIX_FALSE;
- PKIX_PL_CertNameConstraints *nameConstraints = NULL;
-
- PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_PathToNames");
- PKIX_NULLCHECK_THREE(params, cert, pResult);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetPathToNames
- (params, &pathToNamesList, plContext),
- PKIX_COMCERTSELPARAMSGETPATHTONAMESFAILED);
-
- if (pathToNamesList != NULL) {
-
- PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints
- (cert, &nameConstraints, plContext),
- PKIX_CERTGETNAMECONSTRAINTSFAILED);
-
- if (nameConstraints != NULL) {
-
- PKIX_CHECK(PKIX_PL_CertNameConstraints_CheckNamesInNameSpace
- (pathToNamesList, nameConstraints, &passed, plContext),
- PKIX_CERTNAMECONSTRAINTSCHECKNAMESINNAMESPACEFAILED);
-
- if (passed != PKIX_TRUE) {
- *pResult = PKIX_FALSE;
- PKIX_ERROR(PKIX_CERTSELECTORMATCHPATHTONAMESFAILED);
- }
- }
-
- }
-
-cleanup:
-
- PKIX_DECREF(nameConstraints);
- PKIX_DECREF(pathToNamesList);
-
- PKIX_RETURN(CERTSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CertSelector_Match_SubjAltNames
- * DESCRIPTION:
- *
- * Determines whether the names at subjAltNames in "params" match with the
- * SubjAltNames pointed to by "cert". If the subjAltNames field is NULL,
- * no name checking is done and the Cert is considered to match the
- * criterion. If the Cert does not match the criterion, an Error pointer
- * is returned.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams whose SubjAltNames field is used.
- * Must be non-NULL.
- * "cert"
- * Address of Cert that is to be matched. Must be non-NULL.
- * "pResult"
- * Address of PKIX_Boolean that returns the match result.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_CertSelector_Match_SubjAltNames(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_List *subjAltNamesList = NULL;
- PKIX_List *certSubjAltNames = NULL;
- PKIX_PL_GeneralName *name = NULL;
- PKIX_Boolean checkPassed = PKIX_FALSE;
- PKIX_Boolean matchAll = PKIX_TRUE;
- PKIX_UInt32 i, numItems;
- PKIX_UInt32 matchCount = 0;
-
- PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_SubjAltNames");
- PKIX_NULLCHECK_THREE(params, cert, pResult);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetMatchAllSubjAltNames
- (params, &matchAll, plContext),
- PKIX_COMCERTSELPARAMSGETMATCHALLSUBJALTNAMESFAILED);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetSubjAltNames
- (params, &subjAltNamesList, plContext),
- PKIX_COMCERTSELPARAMSGETSUBJALTNAMESFAILED);
-
- if (subjAltNamesList != NULL) {
-
- PKIX_CHECK(PKIX_PL_Cert_GetSubjectAltNames
- (cert, &certSubjAltNames, plContext),
- PKIX_CERTGETSUBJALTNAMESFAILED);
-
- if (certSubjAltNames == NULL) {
- *pResult = PKIX_FALSE;
- PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJALTNAMESFAILED);
- }
-
- PKIX_CHECK(PKIX_List_GetLength
- (subjAltNamesList, &numItems, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (i = 0; i < numItems; i++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (subjAltNamesList,
- i,
- (PKIX_PL_Object **) &name,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_List_Contains
- (certSubjAltNames,
- (PKIX_PL_Object *) name,
- &checkPassed,
- plContext),
- PKIX_LISTCONTAINSFAILED);
-
- PKIX_DECREF(name);
-
- if (checkPassed == PKIX_TRUE) {
-
- if (matchAll == PKIX_FALSE) {
- /* one match is good enough */
- matchCount = numItems;
- break;
- } else {
- /* else continue checking next */
- matchCount++;
- }
-
- }
-
- }
-
- if (matchCount != numItems) {
- *pResult = PKIX_FALSE;
- PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJALTNAMESFAILED);
- }
- }
-
-cleanup:
-
- PKIX_DECREF(name);
- PKIX_DECREF(certSubjAltNames);
- PKIX_DECREF(subjAltNamesList);
-
- PKIX_RETURN(CERTSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CertSelector_Match_ExtendedKeyUsage
- * DESCRIPTION:
- *
- * Determines whether the names at ExtKeyUsage in "params" matches with the
- * ExtKeyUsage pointed to by "cert". If the ExtKeyUsage criterion or
- * ExtKeyUsage in "cert" is NULL, no checking is done and the Cert is
- * considered a match. If the Cert does not match, an Error pointer is
- * returned.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams whose ExtKeyUsage field is used.
- * Must be non-NULL.
- * "cert"
- * Address of Cert that is to be matched. Must be non-NULL.
- * "pResult"
- * Address of PKIX_Boolean that returns the match result.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_CertSelector_Match_ExtendedKeyUsage(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_List *extKeyUsageList = NULL;
- PKIX_List *certExtKeyUsageList = NULL;
- PKIX_PL_OID *ekuOid = NULL;
- PKIX_Boolean isContained = PKIX_FALSE;
- PKIX_UInt32 numItems = 0;
- PKIX_UInt32 i;
-
- PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_ExtendedKeyUsage");
- PKIX_NULLCHECK_THREE(params, cert, pResult);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetExtendedKeyUsage
- (params, &extKeyUsageList, plContext),
- PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED);
-
- if (extKeyUsageList == NULL) {
- goto cleanup;
- }
-
- PKIX_CHECK(PKIX_PL_Cert_GetExtendedKeyUsage
- (cert, &certExtKeyUsageList, plContext),
- PKIX_CERTGETEXTENDEDKEYUSAGEFAILED);
-
- if (certExtKeyUsageList != NULL) {
-
- PKIX_CHECK(PKIX_List_GetLength
- (extKeyUsageList, &numItems, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (i = 0; i < numItems; i++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (extKeyUsageList, i, (PKIX_PL_Object **)&ekuOid, plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_List_Contains
- (certExtKeyUsageList,
- (PKIX_PL_Object *)ekuOid,
- &isContained,
- plContext),
- PKIX_LISTCONTAINSFAILED);
-
- PKIX_DECREF(ekuOid);
-
- if (isContained != PKIX_TRUE) {
- *pResult = PKIX_FALSE;
- PKIX_ERROR(PKIX_CERTSELECTORMATCHEXTENDEDKEYUSAGEFAILED);
- }
- }
- }
-
-cleanup:
-
- PKIX_DECREF(ekuOid);
- PKIX_DECREF(extKeyUsageList);
- PKIX_DECREF(certExtKeyUsageList);
-
- PKIX_RETURN(CERTSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CertSelector_Match_KeyUsage
- * DESCRIPTION:
- *
- * Determines whether the bits at KeyUsage in "params" matches with the
- * KeyUsage pointed to by "cert". If the KeyUsage in params is 0
- * no checking is done and the Cert is considered a match. If the Cert does
- * not match, an Error pointer is returned.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams whose ExtKeyUsage field is used.
- * Must be non-NULL.
- * "cert"
- * Address of Cert that is to be matched. Must be non-NULL.
- * "pResult"
- * Address of PKIX_Boolean that returns the match result.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_CertSelector_Match_KeyUsage(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_UInt32 keyUsage = 0;
-
- PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_KeyUsage");
- PKIX_NULLCHECK_THREE(params, cert, pResult);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetKeyUsage
- (params, &keyUsage, plContext),
- PKIX_COMCERTSELPARAMSGETKEYUSAGEFAILED);
-
- if (keyUsage != 0) {
-
- PKIX_CHECK(PKIX_PL_Cert_VerifyKeyUsage
- (cert, keyUsage, plContext),
- PKIX_CERTVERIFYKEYUSAGEFAILED);
-
- }
-
-cleanup:
- if (PKIX_ERROR_RECEIVED) {
- *pResult = PKIX_FALSE;
- }
-
- PKIX_RETURN(CERTSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CertSelector_Match_SubjKeyId
- * DESCRIPTION:
- *
- * Determines whether the bytes at subjKeyId in "params" matches with the
- * Subject Key Identifier pointed to by "cert". If the subjKeyId in params is
- * set to NULL, no checking is done and the Cert is considered a match. If
- * the Cert does not match, an Error pointer is returned.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams whose subjKeyId field is used.
- * Must be non-NULL.
- * "cert"
- * Address of Cert that is to be matched. Must be non-NULL.
- * "pResult"
- * Address of PKIX_Boolean that returns the match result.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_CertSelector_Match_SubjKeyId(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PL_ByteArray *selSubjKeyId = NULL;
- PKIX_PL_ByteArray *certSubjKeyId = NULL;
- PKIX_Boolean equals = PKIX_FALSE;
-
- PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_SubjKeyId");
- PKIX_NULLCHECK_THREE(params, cert, pResult);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetSubjKeyIdentifier
- (params, &selSubjKeyId, plContext),
- PKIX_COMCERTSELPARAMSGETSUBJKEYIDENTIFIERFAILED);
-
- if (selSubjKeyId != NULL) {
-
- PKIX_CHECK(PKIX_PL_Cert_GetSubjectKeyIdentifier
- (cert, &certSubjKeyId, plContext),
- PKIX_CERTGETSUBJECTKEYIDENTIFIERFAILED);
-
- if (certSubjKeyId == NULL) {
- *pResult = PKIX_FALSE;
- PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJKEYIDFAILED);
- }
-
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)selSubjKeyId,
- (PKIX_PL_Object *)certSubjKeyId,
- &equals,
- plContext),
- PKIX_OBJECTEQUALSFAILED);
-
- if (equals != PKIX_TRUE) {
- *pResult = PKIX_FALSE;
- PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJKEYIDFAILED);
- }
- }
-
-cleanup:
-
- PKIX_DECREF(selSubjKeyId);
- PKIX_DECREF(certSubjKeyId);
-
- PKIX_RETURN(CERTSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CertSelector_Match_AuthKeyId
- * DESCRIPTION:
- *
- * Determines whether the bytes at authKeyId in "params" matches with the
- * Authority Key Identifier pointed to by "cert". If the authKeyId in params
- * is set to NULL, no checking is done and the Cert is considered a match. If
- * the Cert does not match, an Error pointer is returned.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams whose authKeyId field is used.
- * Must be non-NULL.
- * "cert"
- * Address of Cert that is to be matched. Must be non-NULL.
- * "pResult"
- * Address of PKIX_Boolean that returns the match result.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_CertSelector_Match_AuthKeyId(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PL_ByteArray *selAuthKeyId = NULL;
- PKIX_PL_ByteArray *certAuthKeyId = NULL;
- PKIX_Boolean equals = PKIX_FALSE;
-
- PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_AuthKeyId");
- PKIX_NULLCHECK_THREE(params, cert, pResult);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetAuthorityKeyIdentifier
- (params, &selAuthKeyId, plContext),
- PKIX_COMCERTSELPARAMSGETAUTHORITYKEYIDENTIFIERFAILED);
-
- if (selAuthKeyId != NULL) {
-
- PKIX_CHECK(PKIX_PL_Cert_GetAuthorityKeyIdentifier
- (cert, &certAuthKeyId, plContext),
- PKIX_CERTGETAUTHORITYKEYIDENTIFIERFAILED);
-
- if (certAuthKeyId == NULL) {
- *pResult = PKIX_FALSE;
- PKIX_ERROR(PKIX_CERTSELECTORMATCHAUTHKEYIDFAILED);
- }
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)selAuthKeyId,
- (PKIX_PL_Object *)certAuthKeyId,
- &equals,
- plContext),
- PKIX_OBJECTEQUALSFAILED);
-
- if (equals != PKIX_TRUE) {
- *pResult = PKIX_FALSE;
- PKIX_ERROR(PKIX_CERTSELECTORMATCHAUTHKEYIDFAILED);
- }
- }
-
-cleanup:
-
- PKIX_DECREF(selAuthKeyId);
- PKIX_DECREF(certAuthKeyId);
-
- PKIX_RETURN(CERTSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CertSelector_Match_SubjPKAlgId
- * DESCRIPTION:
- *
- * Determines whether the OID at subjPKAlgId in "params" matches with the
- * Subject Public Key Alg Id pointed to by "cert". If the subjPKAlgId in params
- * is set to NULL, no checking is done and the Cert is considered a match. If
- * the Cert does not match, an Error pointer is returned.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams whose subjPKAlgId field is used.
- * Must be non-NULL.
- * "cert"
- * Address of Cert that is to be matched. Must be non-NULL.
- * "pResult"
- * Address of PKIX_Boolean that returns the match result.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_CertSelector_Match_SubjPKAlgId(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PL_OID *selPKAlgId = NULL;
- PKIX_PL_OID *certPKAlgId = NULL;
- PKIX_Boolean equals = PKIX_FALSE;
-
- PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_SubjPKAlgId");
- PKIX_NULLCHECK_THREE(params, cert, pResult);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetSubjPKAlgId
- (params, &selPKAlgId, plContext),
- PKIX_COMCERTSELPARAMSGETSUBJPKALGIDFAILED);
-
- if (selPKAlgId != NULL) {
-
- PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKeyAlgId
- (cert, &certPKAlgId, plContext),
- PKIX_CERTGETSUBJECTPUBLICKEYALGIDFAILED);
-
- if (certPKAlgId != NULL) {
- *pResult = PKIX_FALSE;
- PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJPKALGIDFAILED);
- }
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)selPKAlgId,
- (PKIX_PL_Object *)certPKAlgId,
- &equals,
- plContext),
- PKIX_OBJECTEQUALSFAILED);
-
- if (equals != PKIX_TRUE) {
- *pResult = PKIX_FALSE;
- PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJPKALGIDFAILED);
- }
- }
-
-cleanup:
-
- PKIX_DECREF(selPKAlgId);
- PKIX_DECREF(certPKAlgId);
-
- PKIX_RETURN(CERTSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CertSelector_Match_SubjPubKey
- * DESCRIPTION:
- *
- * Determines whether the key at subjPubKey in "params" matches with the
- * Subject Public Key pointed to by "cert". If the subjPubKey in params
- * is set to NULL, no checking is done and the Cert is considered a match. If
- * the Cert does not match, an Error pointer is returned.
- *
- * PARAMETERS:
- * "params"
- * Address of ComCertSelParams whose subPubKey field is used.
- * Must be non-NULL.
- * "cert"
- * Address of Cert that is to be matched. Must be non-NULL.
- * "pResult"
- * Address of PKIX_Boolean that returns the match result.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_CertSelector_Match_SubjPubKey(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PL_PublicKey *selPK = NULL;
- PKIX_PL_PublicKey *certPK = NULL;
- PKIX_Boolean equals = PKIX_FALSE;
-
- PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_SubjPubKey");
- PKIX_NULLCHECK_THREE(params, cert, pResult);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetSubjPubKey
- (params, &selPK, plContext),
- PKIX_COMCERTSELPARAMSGETSUBJPUBKEYFAILED);
-
- if (selPK != NULL) {
-
- PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKey
- (cert, &certPK, plContext),
- PKIX_CERTGETSUBJECTPUBLICKEYFAILED);
-
- if (certPK == NULL) {
- *pResult = PKIX_FALSE;
- PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJPUBKEYFAILED);
- }
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)selPK,
- (PKIX_PL_Object *)certPK,
- &equals,
- plContext),
- PKIX_OBJECTEQUALSFAILED);
-
- if (equals != PKIX_TRUE) {
- *pResult = PKIX_FALSE;
- PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJPUBKEYFAILED);
- }
- }
-
-cleanup:
-
- PKIX_DECREF(selPK);
- PKIX_DECREF(certPK);
-
- PKIX_RETURN(CERTSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CertSelector_DefaultMatch
- * DESCRIPTION:
- *
- * This default match function determines whether the specified Cert pointed
- * to by "cert" matches the criteria of the CertSelector pointed to by
- * "selector". If the Cert does not match the CertSelector's
- * criteria, an error will be thrown.
- *
- * This default match function understands how to process the most common
- * parameters. Any common parameter that is not set is assumed to be disabled,
- * which means this function will select all certificates without regard to
- * that particular disabled parameter. For example, if the SerialNumber
- * parameter is not set, this function will not filter out any certificate
- * based on its serial number. As such, if no parameters are set, all are
- * disabled and any certificate will match. If a parameter is disabled, its
- * associated PKIX_ComCertSelParams_Get* function returns a default value.
- * That value is -1 for PKIX_ComCertSelParams_GetBasicConstraints and
- * PKIX_ComCertSelParams_GetVersion, 0 for PKIX_ComCertSelParams_GetKeyUsage,
- * and NULL for all other Get functions.
- *
- * PARAMETERS:
- * "selector"
- * Address of CertSelector whose MatchCallback logic and parameters are
- * to be used. Must be non-NULL.
- * "cert"
- * Address of Cert that is to be matched using "selector".
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_CertSelector_DefaultMatch(
- PKIX_CertSelector *selector,
- PKIX_PL_Cert *cert,
- void *plContext)
-{
- PKIX_ComCertSelParams *params = NULL;
- PKIX_PL_X500Name *certSubject = NULL;
- PKIX_PL_X500Name *selSubject = NULL;
- PKIX_PL_X500Name *certIssuer = NULL;
- PKIX_PL_X500Name *selIssuer = NULL;
- PKIX_PL_BigInt *certSerialNumber = NULL;
- PKIX_PL_BigInt *selSerialNumber = NULL;
- PKIX_PL_Cert *selCert = NULL;
- PKIX_PL_Date *selDate = NULL;
- PKIX_UInt32 selVersion = 0xFFFFFFFF;
- PKIX_UInt32 certVersion = 0;
- PKIX_Boolean result = PKIX_TRUE;
- PKIX_Boolean isLeafCert = PKIX_TRUE;
-
-#ifdef PKIX_BUILDDEBUG
- PKIX_PL_String *certString = NULL;
- void *certAscii = NULL;
- PKIX_UInt32 certAsciiLen;
-#endif
-
- PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_DefaultMatch");
- PKIX_NULLCHECK_TWO(selector, cert);
-
- PKIX_INCREF(selector->params);
- params = selector->params;
-
- /* Are we looking for CAs? */
- PKIX_CHECK(PKIX_ComCertSelParams_GetLeafCertFlag
- (params, &isLeafCert, plContext),
- PKIX_COMCERTSELPARAMSGETLEAFCERTFLAGFAILED);
-
- if (params == NULL){
- goto cleanup;
- }
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetVersion
- (params, &selVersion, plContext),
- PKIX_COMCERTSELPARAMSGETVERSIONFAILED);
-
- if (selVersion != 0xFFFFFFFF){
- PKIX_CHECK(PKIX_PL_Cert_GetVersion
- (cert, &certVersion, plContext),
- PKIX_CERTGETVERSIONFAILED);
-
- if (selVersion != certVersion) {
- PKIX_ERROR(PKIX_CERTSELECTORMATCHCERTVERSIONFAILED);
- }
- }
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetSubject
- (params, &selSubject, plContext),
- PKIX_COMCERTSELPARAMSGETSUBJECTFAILED);
-
- if (selSubject){
- PKIX_CHECK(PKIX_PL_Cert_GetSubject
- (cert, &certSubject, plContext),
- PKIX_CERTGETSUBJECTFAILED);
-
- if (certSubject){
- PKIX_CHECK(PKIX_PL_X500Name_Match
- (selSubject, certSubject, &result, plContext),
- PKIX_X500NAMEMATCHFAILED);
-
- if (result == PKIX_FALSE){
- PKIX_ERROR(PKIX_CERTSELECTORMATCHCERTSUBJECTFAILED);
- }
- } else { /* cert has no subject */
- PKIX_ERROR(PKIX_CERTSELECTORMATCHCERTSUBJECTFAILED);
- }
- }
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetIssuer
- (params, &selIssuer, plContext),
- PKIX_COMCERTSELPARAMSGETISSUERFAILED);
-
- if (selIssuer){
- PKIX_CHECK(PKIX_PL_Cert_GetIssuer
- (cert, &certIssuer, plContext),
- PKIX_CERTGETISSUERFAILED);
-
- PKIX_CHECK(PKIX_PL_X500Name_Match
- (selIssuer, certIssuer, &result, plContext),
- PKIX_X500NAMEMATCHFAILED);
-
- if (result == PKIX_FALSE){
- PKIX_ERROR(PKIX_CERTSELECTORMATCHCERTISSUERFAILED);
- }
- }
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetSerialNumber
- (params, &selSerialNumber, plContext),
- PKIX_COMCERTSELPARAMSGETSERIALNUMBERFAILED);
-
- if (selSerialNumber){
- PKIX_CHECK(PKIX_PL_Cert_GetSerialNumber
- (cert, &certSerialNumber, plContext),
- PKIX_CERTGETSERIALNUMBERFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)selSerialNumber,
- (PKIX_PL_Object *)certSerialNumber,
- &result,
- plContext),
- PKIX_OBJECTEQUALSFAILED);
-
- if (result == PKIX_FALSE){
- PKIX_ERROR(PKIX_CERTSELECTORMATCHCERTSERIALNUMFAILED);
- }
- }
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetCertificate
- (params, &selCert, plContext),
- PKIX_COMCERTSELPARAMSGETCERTIFICATEFAILED);
-
- if (selCert){
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *) selCert,
- (PKIX_PL_Object *) cert,
- &result,
- plContext),
- PKIX_OBJECTEQUALSFAILED);
-
- if (result == PKIX_FALSE){
- PKIX_ERROR(PKIX_CERTSELECTORMATCHCERTOBJECTFAILED);
- }
- }
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetCertificateValid
- (params, &selDate, plContext),
- PKIX_COMCERTSELPARAMSGETCERTIFICATEVALIDFAILED);
-
- if (selDate){
- PKIX_CHECK(PKIX_PL_Cert_CheckValidity
- (cert, selDate, plContext),
- PKIX_CERTCHECKVALIDITYFAILED);
- }
-
- PKIX_CHECK(pkix_CertSelector_Match_BasicConstraint
- (params, cert, &result, plContext),
- PKIX_CERTSELECTORMATCHBASICCONSTRAINTFAILED);
-
- PKIX_CHECK(pkix_CertSelector_Match_Policies
- (params, cert, &result, plContext),
- PKIX_CERTSELECTORMATCHPOLICIESFAILED);
-
- PKIX_CHECK(pkix_CertSelector_Match_CertificateValid
- (params, cert, &result, plContext),
- PKIX_CERTSELECTORMATCHCERTIFICATEVALIDFAILED);
-
- PKIX_CHECK(pkix_CertSelector_Match_NameConstraints
- (params, cert, &result, plContext),
- PKIX_CERTSELECTORMATCHNAMECONSTRAINTSFAILED);
-
- PKIX_CHECK(pkix_CertSelector_Match_PathToNames
- (params, cert, &result, plContext),
- PKIX_CERTSELECTORMATCHPATHTONAMESFAILED);
-
- PKIX_CHECK(pkix_CertSelector_Match_SubjAltNames
- (params, cert, &result, plContext),
- PKIX_CERTSELECTORMATCHSUBJALTNAMESFAILED);
-
- /* Check key usage and cert type based on certificate usage. */
- PKIX_CHECK(PKIX_PL_Cert_VerifyCertAndKeyType(cert, !isLeafCert,
- plContext),
- PKIX_CERTVERIFYCERTTYPEFAILED);
-
- /* Next two check are for user supplied additional KU and EKU. */
- PKIX_CHECK(pkix_CertSelector_Match_ExtendedKeyUsage
- (params, cert, &result, plContext),
- PKIX_CERTSELECTORMATCHEXTENDEDKEYUSAGEFAILED);
-
- PKIX_CHECK(pkix_CertSelector_Match_KeyUsage
- (params, cert, &result, plContext),
- PKIX_CERTSELECTORMATCHKEYUSAGEFAILED);
-
- PKIX_CHECK(pkix_CertSelector_Match_SubjKeyId
- (params, cert, &result, plContext),
- PKIX_CERTSELECTORMATCHSUBJKEYIDFAILED);
-
- PKIX_CHECK(pkix_CertSelector_Match_AuthKeyId
- (params, cert, &result, plContext),
- PKIX_CERTSELECTORMATCHAUTHKEYIDFAILED);
-
- PKIX_CHECK(pkix_CertSelector_Match_SubjPKAlgId
- (params, cert, &result, plContext),
- PKIX_CERTSELECTORMATCHSUBJPKALGIDFAILED);
-
- PKIX_CHECK(pkix_CertSelector_Match_SubjPubKey
- (params, cert, &result, plContext),
- PKIX_CERTSELECTORMATCHSUBJPUBKEYFAILED);
-
- /* if we reach here, the cert has successfully matched criteria */
-
-
-#ifdef PKIX_BUILDDEBUG
-
- PKIX_CHECK(pkix_pl_Cert_ToString_Helper
- (cert, PKIX_TRUE, &certString, plContext),
- PKIX_CERTTOSTRINGHELPERFAILED);
-
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (certString,
- PKIX_ESCASCII,
- &certAscii,
- &certAsciiLen,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
-
- PKIX_CERTSELECTOR_DEBUG_ARG("Cert Selected:\n%s\n", certAscii);
-
-#endif
-
-cleanup:
-
-#ifdef PKIX_BUILDDEBUG
- PKIX_DECREF(certString);
- PKIX_FREE(certAscii);
-#endif
-
- PKIX_DECREF(certSubject);
- PKIX_DECREF(selSubject);
- PKIX_DECREF(certIssuer);
- PKIX_DECREF(selIssuer);
- PKIX_DECREF(certSerialNumber);
- PKIX_DECREF(selSerialNumber);
- PKIX_DECREF(selCert);
- PKIX_DECREF(selDate);
- PKIX_DECREF(params);
- PKIX_RETURN(CERTSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CertSelector_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_CERTSELECTOR_TYPE and its related functions with
- * systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_CertSelector_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_RegisterSelf");
-
- entry.description = "CertSelector";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_CertSelector);
- entry.destructor = pkix_CertSelector_Destroy;
- entry.equalsFunction = NULL;
- entry.hashcodeFunction = NULL;
- entry.toStringFunction = NULL;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_CertSelector_Duplicate;
-
- systemClasses[PKIX_CERTSELECTOR_TYPE] = entry;
-
- PKIX_RETURN(CERTSELECTOR);
-}
-
-/* --Public-Functions--------------------------------------------- */
-
-
-/*
- * FUNCTION: PKIX_CertSelector_Create (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_CertSelector_Create(
- PKIX_CertSelector_MatchCallback callback,
- PKIX_PL_Object *certSelectorContext,
- PKIX_CertSelector **pSelector,
- void *plContext)
-{
- PKIX_CertSelector *selector = NULL;
-
- PKIX_ENTER(CERTSELECTOR, "PKIX_CertSelector_Create");
- PKIX_NULLCHECK_ONE(pSelector);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_CERTSELECTOR_TYPE,
- sizeof (PKIX_CertSelector),
- (PKIX_PL_Object **)&selector,
- plContext),
- PKIX_COULDNOTCREATECERTSELECTOROBJECT);
-
- /*
- * if user specified a particular match callback, we use that one.
- * otherwise, we use the default match implementation which
- * understands how to process PKIX_ComCertSelParams
- */
-
- if (callback){
- selector->matchCallback = callback;
- } else {
- selector->matchCallback = pkix_CertSelector_DefaultMatch;
- }
-
- /* initialize other fields */
- selector->params = NULL;
-
- PKIX_INCREF(certSelectorContext);
- selector->context = certSelectorContext;
-
- *pSelector = selector;
-
-cleanup:
-
- PKIX_RETURN(CERTSELECTOR);
-
-}
-
-/*
- * FUNCTION: PKIX_CertSelector_GetMatchCallback
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_CertSelector_GetMatchCallback(
- PKIX_CertSelector *selector,
- PKIX_CertSelector_MatchCallback *pCallback,
- void *plContext)
-{
- PKIX_ENTER(CERTSELECTOR, "PKIX_CertSelector_GetMatchCallback");
- PKIX_NULLCHECK_TWO(selector, pCallback);
-
- *pCallback = selector->matchCallback;
-
- PKIX_RETURN(CERTSELECTOR);
-}
-
-/*
- * FUNCTION: PKIX_CertSelector_GetCertSelectorContext
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_CertSelector_GetCertSelectorContext(
- PKIX_CertSelector *selector,
- PKIX_PL_Object **pCertSelectorContext,
- void *plContext)
-{
- PKIX_ENTER(CERTSELECTOR, "PKIX_CertSelector_GetCertSelectorContext");
- PKIX_NULLCHECK_TWO(selector, pCertSelectorContext);
-
- PKIX_INCREF(selector->context);
-
- *pCertSelectorContext = selector->context;
-
-cleanup:
- PKIX_RETURN(CERTSELECTOR);
-}
-
-/*
- * FUNCTION: PKIX_CertSelector_GetCommonCertSelectorParams
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_CertSelector_GetCommonCertSelectorParams(
- PKIX_CertSelector *selector,
- PKIX_ComCertSelParams **pParams,
- void *plContext)
-{
- PKIX_ENTER(CERTSELECTOR,
- "PKIX_CertSelector_GetCommonCertSelectorParams");
-
- PKIX_NULLCHECK_TWO(selector, pParams);
-
- PKIX_INCREF(selector->params);
- *pParams = selector->params;
-
-cleanup:
- PKIX_RETURN(CERTSELECTOR);
-
-}
-
-/*
- * FUNCTION: PKIX_CertSelector_SetCommonCertSelectorParams
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_CertSelector_SetCommonCertSelectorParams(
- PKIX_CertSelector *selector,
- PKIX_ComCertSelParams *params,
- void *plContext)
-{
- PKIX_ENTER(CERTSELECTOR,
- "PKIX_CertSelector_SetCommonCertSelectorParams");
-
- PKIX_NULLCHECK_ONE(selector);
-
- PKIX_DECREF(selector->params);
- PKIX_INCREF(params);
- selector->params = params;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)selector, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(CERTSELECTOR);
-
-}
-
-/*
- * FUNCTION: pkix_CertSelector_Select
- * DESCRIPTION:
- *
- * This function applies the selector pointed to by "selector" to each Cert,
- * in turn, in the List pointed to by "before", and creates a List containing
- * all the Certs that matched, or passed the selection process, storing that
- * List at "pAfter". If no Certs match, an empty List is stored at "pAfter".
- *
- * The List returned in "pAfter" is immutable.
- *
- * PARAMETERS:
- * "selector"
- * Address of CertSelelector to be applied to the List. Must be non-NULL.
- * "before"
- * Address of List that is to be filtered. Must be non-NULL.
- * "pAfter"
- * Address at which resulting List, possibly empty, is stored. Must be
- * non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_CertSelector_Select(
- PKIX_CertSelector *selector,
- PKIX_List *before,
- PKIX_List **pAfter,
- void *plContext)
-{
- PKIX_UInt32 numBefore = 0;
- PKIX_UInt32 i = 0;
- PKIX_List *filtered = NULL;
- PKIX_PL_Cert *candidate = NULL;
-
- PKIX_ENTER(CERTSELECTOR, "PKIX_CertSelector_Select");
- PKIX_NULLCHECK_THREE(selector, before, pAfter);
-
- PKIX_CHECK(PKIX_List_Create(&filtered, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength(before, &numBefore, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (i = 0; i < numBefore; i++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (before, i, (PKIX_PL_Object **)&candidate, plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK_ONLY_FATAL(selector->matchCallback
- (selector, candidate, plContext),
- PKIX_CERTSELECTORMATCHCALLBACKFAILED);
-
- if (!(PKIX_ERROR_RECEIVED)) {
-
- PKIX_CHECK_ONLY_FATAL(PKIX_List_AppendItem
- (filtered,
- (PKIX_PL_Object *)candidate,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- }
-
- pkixTempErrorReceived = PKIX_FALSE;
- PKIX_DECREF(candidate);
- }
-
- PKIX_CHECK(PKIX_List_SetImmutable(filtered, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- /* Don't throw away the list if one Cert was bad! */
- pkixTempErrorReceived = PKIX_FALSE;
-
- *pAfter = filtered;
- filtered = NULL;
-
-cleanup:
-
- PKIX_DECREF(filtered);
- PKIX_DECREF(candidate);
-
- PKIX_RETURN(CERTSELECTOR);
-
-}
diff --git a/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.h b/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.h
deleted file mode 100755
index 28676b9cd..000000000
--- a/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_certselector.h
- *
- * CertSelector Object Type Definition
- *
- */
-
-#ifndef _PKIX_CERTSELECTOR_H
-#define _PKIX_CERTSELECTOR_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_CertSelectorStruct {
- PKIX_CertSelector_MatchCallback matchCallback;
- PKIX_ComCertSelParams *params;
- PKIX_PL_Object *context;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *
-pkix_CertSelector_Select(
- PKIX_CertSelector *selector,
- PKIX_List *before,
- PKIX_List **pAfter,
- void *plContext);
-
-PKIX_Error *pkix_CertSelector_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_CERTSELECTOR_H */
diff --git a/security/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.c b/security/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.c
deleted file mode 100755
index 7f8aa90c9..000000000
--- a/security/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.c
+++ /dev/null
@@ -1,1221 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_comcertselparams.c
- *
- * ComCertSelParams Object Functions
- *
- */
-
-#include "pkix_comcertselparams.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_ComCertSelParams_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ComCertSelParams_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_ComCertSelParams *params = NULL;
-
- PKIX_ENTER(COMCERTSELPARAMS, "pkix_ComCertSelParams_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- /* Check that this object is a comCertSelParams object */
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_COMCERTSELPARAMS_TYPE, plContext),
- PKIX_OBJECTNOTCOMCERTSELPARAMS);
-
- params = (PKIX_ComCertSelParams *)object;
-
- PKIX_DECREF(params->subject);
- PKIX_DECREF(params->policies);
- PKIX_DECREF(params->cert);
- PKIX_DECREF(params->nameConstraints);
- PKIX_DECREF(params->pathToNames);
- PKIX_DECREF(params->subjAltNames);
- PKIX_DECREF(params->date);
- PKIX_DECREF(params->extKeyUsage);
- PKIX_DECREF(params->certValid);
- PKIX_DECREF(params->issuer);
- PKIX_DECREF(params->serialNumber);
- PKIX_DECREF(params->authKeyId);
- PKIX_DECREF(params->subjKeyId);
- PKIX_DECREF(params->subjPubKey);
- PKIX_DECREF(params->subjPKAlgId);
-
-cleanup:
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: pkix_ComCertSelParams_Duplicate
- * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ComCertSelParams_Duplicate(
- PKIX_PL_Object *object,
- PKIX_PL_Object **pNewObject,
- void *plContext)
-{
- PKIX_ComCertSelParams *params = NULL;
- PKIX_ComCertSelParams *paramsDuplicate = NULL;
-
- PKIX_ENTER(COMCERTSELPARAMS, "pkix_ComCertSelParams_Duplicate");
- PKIX_NULLCHECK_TWO(object, pNewObject);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_COMCERTSELPARAMS_TYPE, plContext),
- PKIX_OBJECTNOTCOMCERTSELPARAMS);
-
- params = (PKIX_ComCertSelParams *)object;
-
- PKIX_CHECK(PKIX_ComCertSelParams_Create(&paramsDuplicate, plContext),
- PKIX_COMCERTSELPARAMSCREATEFAILED);
-
- paramsDuplicate->minPathLength = params->minPathLength;
- paramsDuplicate->matchAllSubjAltNames = params->matchAllSubjAltNames;
-
- PKIX_DUPLICATE(params->subject, &paramsDuplicate->subject, plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- PKIX_DUPLICATE(params->policies, &paramsDuplicate->policies, plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- if (params->cert){
- PKIX_CHECK(PKIX_PL_Object_Duplicate
- ((PKIX_PL_Object *)params->cert,
- (PKIX_PL_Object **)&paramsDuplicate->cert,
- plContext),
- PKIX_OBJECTDUPLICATEFAILED);
- }
-
- PKIX_DUPLICATE
- (params->nameConstraints,
- &paramsDuplicate->nameConstraints,
- plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- PKIX_DUPLICATE
- (params->pathToNames,
- &paramsDuplicate->pathToNames,
- plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- PKIX_DUPLICATE
- (params->subjAltNames,
- &paramsDuplicate->subjAltNames,
- plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- if (params->date){
- PKIX_CHECK(PKIX_PL_Object_Duplicate
- ((PKIX_PL_Object *)params->date,
- (PKIX_PL_Object **)&paramsDuplicate->date,
- plContext),
- PKIX_OBJECTDUPLICATEFAILED);
- }
-
- paramsDuplicate->keyUsage = params->keyUsage;
-
- PKIX_DUPLICATE(params->certValid,
- &paramsDuplicate->certValid,
- plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- PKIX_DUPLICATE(params->issuer,
- &paramsDuplicate->issuer,
- plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- PKIX_DUPLICATE(params->serialNumber,
- &paramsDuplicate->serialNumber,
- plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- PKIX_DUPLICATE(params->authKeyId,
- &paramsDuplicate->authKeyId,
- plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- PKIX_DUPLICATE(params->subjKeyId,
- &paramsDuplicate->subjKeyId,
- plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- PKIX_DUPLICATE(params->subjPubKey,
- &paramsDuplicate->subjPubKey,
- plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- PKIX_DUPLICATE(params->subjPKAlgId,
- &paramsDuplicate->subjPKAlgId,
- plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- paramsDuplicate->leafCertFlag = params->leafCertFlag;
-
- *pNewObject = (PKIX_PL_Object *)paramsDuplicate;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(paramsDuplicate);
- }
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: pkix_ComCertSelParams_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_COMCERTSELPARAMS_TYPE and its related functions with
- * systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_ComCertSelParams_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry* entry = &systemClasses[PKIX_COMCERTSELPARAMS_TYPE];
-
- PKIX_ENTER(COMCERTSELPARAMS, "pkix_ComCertSelParams_RegisterSelf");
-
- entry->description = "ComCertSelParams";
- entry->typeObjectSize = sizeof(PKIX_ComCertSelParams);
- entry->destructor = pkix_ComCertSelParams_Destroy;
- entry->duplicateFunction = pkix_ComCertSelParams_Duplicate;
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/* --Public-Functions--------------------------------------------- */
-
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_Create (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_Create(
- PKIX_ComCertSelParams **pParams,
- void *plContext)
-{
- PKIX_ComCertSelParams *params = NULL;
-
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_Create");
- PKIX_NULLCHECK_ONE(pParams);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_COMCERTSELPARAMS_TYPE,
- sizeof (PKIX_ComCertSelParams),
- (PKIX_PL_Object **)&params,
- plContext),
- PKIX_COULDNOTCREATECOMMONCERTSELPARAMSOBJECT);
-
- /* initialize fields */
- params->version = 0xFFFFFFFF;
- params->minPathLength = -1;
- params->matchAllSubjAltNames = PKIX_TRUE;
- params->subject = NULL;
- params->policies = NULL;
- params->cert = NULL;
- params->nameConstraints = NULL;
- params->pathToNames = NULL;
- params->subjAltNames = NULL;
- params->extKeyUsage = NULL;
- params->keyUsage = 0;
- params->extKeyUsage = NULL;
- params->keyUsage = 0;
- params->date = NULL;
- params->certValid = NULL;
- params->issuer = NULL;
- params->serialNumber = NULL;
- params->authKeyId = NULL;
- params->subjKeyId = NULL;
- params->subjPubKey = NULL;
- params->subjPKAlgId = NULL;
- params->leafCertFlag = PKIX_FALSE;
-
- *pParams = params;
-
-cleanup:
-
- PKIX_RETURN(COMCERTSELPARAMS);
-
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubject (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubject(
- PKIX_ComCertSelParams *params,
- PKIX_PL_X500Name **pSubject,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetSubject");
- PKIX_NULLCHECK_TWO(params, pSubject);
-
- PKIX_INCREF(params->subject);
-
- *pSubject = params->subject;
-
-cleanup:
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubject (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubject(
- PKIX_ComCertSelParams *params,
- PKIX_PL_X500Name *subject,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetSubject");
- PKIX_NULLCHECK_ONE(params);
-
- PKIX_DECREF(params->subject);
-
- PKIX_INCREF(subject);
-
- params->subject = subject;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetBasicConstraints
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetBasicConstraints(
- PKIX_ComCertSelParams *params,
- PKIX_Int32 *pMinPathLength,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS,
- "PKIX_ComCertSelParams_GetBasicConstraints");
- PKIX_NULLCHECK_TWO(params, pMinPathLength);
-
- *pMinPathLength = params->minPathLength;
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetBasicConstraints
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetBasicConstraints(
- PKIX_ComCertSelParams *params,
- PKIX_Int32 minPathLength,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS,
- "PKIX_ComCertSelParams_SetBasicConstraints");
- PKIX_NULLCHECK_ONE(params);
-
- params->minPathLength = minPathLength;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetPolicy (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetPolicy(
- PKIX_ComCertSelParams *params,
- PKIX_List **pPolicy, /* List of PKIX_PL_OID */
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetPolicy");
- PKIX_NULLCHECK_TWO(params, pPolicy);
-
- PKIX_INCREF(params->policies);
- *pPolicy = params->policies;
-
-cleanup:
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetPolicy (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetPolicy(
- PKIX_ComCertSelParams *params,
- PKIX_List *policy, /* List of PKIX_PL_OID */
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetPolicy");
- PKIX_NULLCHECK_ONE(params);
-
- PKIX_DECREF(params->policies);
- PKIX_INCREF(policy);
- params->policies = policy;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-cleanup:
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetCertificate
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetCertificate(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Cert **pCert,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetCertificate");
- PKIX_NULLCHECK_TWO(params, pCert);
-
- PKIX_INCREF(params->cert);
- *pCert = params->cert;
-
-cleanup:
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetCertificate
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetCertificate(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Cert *cert,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetCertificate");
- PKIX_NULLCHECK_ONE(params);
-
- PKIX_DECREF(params->cert);
- PKIX_INCREF(cert);
- params->cert = cert;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-cleanup:
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetCertificateValid
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetCertificateValid(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Date **pDate,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS,
- "PKIX_ComCertSelParams_GetCertificateValid");
-
- PKIX_NULLCHECK_TWO(params, pDate);
-
- PKIX_INCREF(params->date);
- *pDate = params->date;
-
-cleanup:
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetCertificateValid
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetCertificateValid(
- PKIX_ComCertSelParams *params,
- PKIX_PL_Date *date,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS,
- "PKIX_ComCertSelParams_SetCertificateValid");
- PKIX_NULLCHECK_ONE(params);
-
- PKIX_DECREF(params->date);
- PKIX_INCREF(date);
- params->date = date;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-cleanup:
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetNameConstraints
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetNameConstraints(
- PKIX_ComCertSelParams *params,
- PKIX_PL_CertNameConstraints **pNameConstraints,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS,
- "PKIX_ComCertSelParams_GetNameConstraints");
- PKIX_NULLCHECK_TWO(params, pNameConstraints);
-
- PKIX_INCREF(params->nameConstraints);
-
- *pNameConstraints = params->nameConstraints;
-
-cleanup:
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetNameConstraints
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetNameConstraints(
- PKIX_ComCertSelParams *params,
- PKIX_PL_CertNameConstraints *nameConstraints,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS,
- "PKIX_ComCertSelParams_SetNameConstraints");
- PKIX_NULLCHECK_ONE(params);
-
- PKIX_DECREF(params->nameConstraints);
- PKIX_INCREF(nameConstraints);
- params->nameConstraints = nameConstraints;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetPathToNames
- * (see comments in pkix_certsel.h)
- */PKIX_Error *
-PKIX_ComCertSelParams_GetPathToNames(
- PKIX_ComCertSelParams *params,
- PKIX_List **pNames, /* list of PKIX_PL_GeneralName */
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetPathToNames");
- PKIX_NULLCHECK_TWO(params, pNames);
-
- PKIX_INCREF(params->pathToNames);
-
- *pNames = params->pathToNames;
-
-cleanup:
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetPathToNames
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetPathToNames(
- PKIX_ComCertSelParams *params,
- PKIX_List *names, /* list of PKIX_PL_GeneralName */
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetPathToNames");
- PKIX_NULLCHECK_ONE(params);
-
- PKIX_DECREF(params->pathToNames);
- PKIX_INCREF(names);
-
- params->pathToNames = names;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_AddPathToName
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_AddPathToName(
- PKIX_ComCertSelParams *params,
- PKIX_PL_GeneralName *name,
- void *plContext)
-{
- PKIX_List *pathToNamesList = NULL;
-
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_AddPathToName");
- PKIX_NULLCHECK_ONE(params);
-
- if (name == NULL) {
- goto cleanup;
- }
-
- if (params->pathToNames == NULL) {
- /* Create a list for name item */
- PKIX_CHECK(PKIX_List_Create(&pathToNamesList, plContext),
- PKIX_LISTCREATEFAILED);
-
- params->pathToNames = pathToNamesList;
- }
-
- PKIX_CHECK(PKIX_List_AppendItem
- (params->pathToNames, (PKIX_PL_Object *)name, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubjAltNames
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubjAltNames(
- PKIX_ComCertSelParams *params,
- PKIX_List **pNames, /* list of PKIX_PL_GeneralName */
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetSubjAltNames");
- PKIX_NULLCHECK_TWO(params, pNames);
-
- PKIX_INCREF(params->subjAltNames);
-
- *pNames = params->subjAltNames;
-
-cleanup:
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubjAltNames
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubjAltNames(
- PKIX_ComCertSelParams *params,
- PKIX_List *names, /* list of PKIX_PL_GeneralName */
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetSubjAltNames");
- PKIX_NULLCHECK_TWO(params, names);
-
- PKIX_DECREF(params->subjAltNames);
- PKIX_INCREF(names);
-
- params->subjAltNames = names;
-
-cleanup:
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_AddSubjAltNames
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_AddSubjAltName(
- PKIX_ComCertSelParams *params,
- PKIX_PL_GeneralName *name,
- void *plContext)
-{
- PKIX_List *list = NULL;
-
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_AddSubjAltName");
- PKIX_NULLCHECK_TWO(params, name);
-
- if (params->subjAltNames == NULL) {
- PKIX_CHECK(PKIX_List_Create(&list, plContext),
- PKIX_LISTCREATEFAILED);
- params->subjAltNames = list;
- }
-
- PKIX_CHECK(PKIX_List_AppendItem
- (params->subjAltNames, (PKIX_PL_Object *)name, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
-cleanup:
-
- PKIX_RETURN(COMCERTSELPARAMS)
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetMatchAllSubjAltNames
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetMatchAllSubjAltNames(
- PKIX_ComCertSelParams *params,
- PKIX_Boolean *pMatch,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS,
- "PKIX_ComCertSelParams_GetMatchAllSubjAltNames");
- PKIX_NULLCHECK_TWO(params, pMatch);
-
- *pMatch = params->matchAllSubjAltNames;
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetMatchAllSubjAltNames
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetMatchAllSubjAltNames(
- PKIX_ComCertSelParams *params,
- PKIX_Boolean match,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS,
- "PKIX_ComCertSelParams_SetMatchAllSubjAltNames");
- PKIX_NULLCHECK_ONE(params);
-
- params->matchAllSubjAltNames = match;
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetExtendedKeyUsage
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetExtendedKeyUsage(
- PKIX_ComCertSelParams *params,
- PKIX_List **pExtKeyUsage, /* list of PKIX_PL_OID */
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS,
- "PKIX_ComCertSelParams_GetExtendedKeyUsage");
- PKIX_NULLCHECK_TWO(params, pExtKeyUsage);
-
- PKIX_INCREF(params->extKeyUsage);
- *pExtKeyUsage = params->extKeyUsage;
-
-cleanup:
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetExtendedKeyUsage
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetExtendedKeyUsage(
- PKIX_ComCertSelParams *params,
- PKIX_List *extKeyUsage, /* list of PKIX_PL_OID */
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS,
- "PKIX_ComCertSelParams_SetExtendedKeyUsage");
- PKIX_NULLCHECK_ONE(params);
-
- PKIX_DECREF(params->extKeyUsage);
- PKIX_INCREF(extKeyUsage);
-
- params->extKeyUsage = extKeyUsage;
-
-cleanup:
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetKeyUsage
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetKeyUsage(
- PKIX_ComCertSelParams *params,
- PKIX_UInt32 *pKeyUsage,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS,
- "PKIX_ComCertSelParams_GetKeyUsage");
- PKIX_NULLCHECK_TWO(params, pKeyUsage);
-
- *pKeyUsage = params->keyUsage;
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetKeyUsage
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetKeyUsage(
- PKIX_ComCertSelParams *params,
- PKIX_UInt32 keyUsage,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS,
- "PKIX_ComCertSelParams_SetKeyUsage");
- PKIX_NULLCHECK_ONE(params);
-
- params->keyUsage = keyUsage;
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetIssuer
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetIssuer(
- PKIX_ComCertSelParams *params,
- PKIX_PL_X500Name **pIssuer,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetIssuer");
- PKIX_NULLCHECK_TWO(params, pIssuer);
-
- PKIX_INCREF(params->issuer);
- *pIssuer = params->issuer;
-
-cleanup:
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetIssuer
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetIssuer(
- PKIX_ComCertSelParams *params,
- PKIX_PL_X500Name *issuer,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetIssuer");
- PKIX_NULLCHECK_ONE(params);
-
- PKIX_DECREF(params->issuer);
- PKIX_INCREF(issuer);
- params->issuer = issuer;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSerialNumber
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSerialNumber(
- PKIX_ComCertSelParams *params,
- PKIX_PL_BigInt **pSerialNumber,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetSerialNumber");
- PKIX_NULLCHECK_TWO(params, pSerialNumber);
-
- PKIX_INCREF(params->serialNumber);
- *pSerialNumber = params->serialNumber;
-
-cleanup:
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSerialNumber
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSerialNumber(
- PKIX_ComCertSelParams *params,
- PKIX_PL_BigInt *serialNumber,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetSerialNumber");
- PKIX_NULLCHECK_ONE(params);
-
- PKIX_DECREF(params->serialNumber);
- PKIX_INCREF(serialNumber);
- params->serialNumber = serialNumber;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetVersion
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetVersion(
- PKIX_ComCertSelParams *params,
- PKIX_UInt32 *pVersion,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetVersion");
- PKIX_NULLCHECK_TWO(params, pVersion);
-
- *pVersion = params->version;
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetVersion
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetVersion(
- PKIX_ComCertSelParams *params,
- PKIX_Int32 version,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetVersion");
- PKIX_NULLCHECK_ONE(params);
-
- params->version = version;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubjKeyIdentifier
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubjKeyIdentifier(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray **pSubjKeyId,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS,
- "PKIX_ComCertSelParams_GetSubjKeyIdentifier");
- PKIX_NULLCHECK_TWO(params, pSubjKeyId);
-
- PKIX_INCREF(params->subjKeyId);
-
- *pSubjKeyId = params->subjKeyId;
-
-cleanup:
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubjKeyIdentifier
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubjKeyIdentifier(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray *subjKeyId,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS,
- "PKIX_ComCertSelParams_SetSubjKeyIdentifier");
- PKIX_NULLCHECK_ONE(params);
-
- PKIX_DECREF(params->subjKeyId);
- PKIX_INCREF(subjKeyId);
-
- params->subjKeyId = subjKeyId;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetAuthorityKeyIdentifier
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetAuthorityKeyIdentifier(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray **pAuthKeyId,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS,
- "PKIX_ComCertSelParams_GetAuthorityKeyIdentifier");
- PKIX_NULLCHECK_TWO(params, pAuthKeyId);
-
- PKIX_INCREF(params->authKeyId);
-
- *pAuthKeyId = params->authKeyId;
-
-cleanup:
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetAuthorityKeyIdentifier
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(
- PKIX_ComCertSelParams *params,
- PKIX_PL_ByteArray *authKeyId,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS,
- "PKIX_ComCertSelParams_SetAuthKeyIdentifier");
- PKIX_NULLCHECK_ONE(params);
-
- PKIX_DECREF(params->authKeyId);
- PKIX_INCREF(authKeyId);
-
- params->authKeyId = authKeyId;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubjPubKey
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubjPubKey(
- PKIX_ComCertSelParams *params,
- PKIX_PL_PublicKey **pSubjPubKey,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetSubjPubKey");
- PKIX_NULLCHECK_TWO(params, pSubjPubKey);
-
- PKIX_INCREF(params->subjPubKey);
-
- *pSubjPubKey = params->subjPubKey;
-
-cleanup:
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubjPubKey
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubjPubKey(
- PKIX_ComCertSelParams *params,
- PKIX_PL_PublicKey *subjPubKey,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS,
- "PKIX_ComCertSelParams_SetSubjPubKey");
- PKIX_NULLCHECK_ONE(params);
-
- PKIX_DECREF(params->subjPubKey);
- PKIX_INCREF(subjPubKey);
-
- params->subjPubKey = subjPubKey;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetSubjPKAlgId
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_GetSubjPKAlgId(
- PKIX_ComCertSelParams *params,
- PKIX_PL_OID **pAlgId,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetSubjPKAlgId");
- PKIX_NULLCHECK_TWO(params, pAlgId);
-
- PKIX_INCREF(params->subjPKAlgId);
-
- *pAlgId = params->subjPKAlgId;
-
-cleanup:
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetSubjPKAlgId
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetSubjPKAlgId(
- PKIX_ComCertSelParams *params,
- PKIX_PL_OID *algId,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetSubjPKAlgId");
- PKIX_NULLCHECK_ONE(params);
-
- PKIX_DECREF(params->subjPKAlgId);
- PKIX_INCREF(algId);
-
- params->subjPKAlgId = algId;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_GetLeafCertFlag
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error*
-PKIX_ComCertSelParams_GetLeafCertFlag(
- PKIX_ComCertSelParams *params,
- PKIX_Boolean *pLeafFlag,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetLeafCertFlag");
- PKIX_NULLCHECK_TWO(params, pLeafFlag);
-
- *pLeafFlag = params->leafCertFlag;
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCertSelParams_SetLeafCertFlag
- * (see comments in pkix_certsel.h)
- */
-PKIX_Error *
-PKIX_ComCertSelParams_SetLeafCertFlag(
- PKIX_ComCertSelParams *params,
- PKIX_Boolean leafFlag,
- void *plContext)
-{
- PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetLeafCertFlag");
- PKIX_NULLCHECK_ONE(params);
-
- params->leafCertFlag = leafFlag;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(COMCERTSELPARAMS);
-}
diff --git a/security/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.h b/security/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.h
deleted file mode 100755
index 0c67cb133..000000000
--- a/security/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.h
+++ /dev/null
@@ -1,90 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_comcertselparams.h
- *
- * ComCertSelParams Object Type Definition
- *
- */
-
-#ifndef _PKIX_COMCERTSELPARAMS_H
-#define _PKIX_COMCERTSELPARAMS_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * pathToNamesConstraint is Name Constraints generated based on the
- * pathToNames. We save a cached copy to save regeneration for each
- * check. SubjAltNames also has its cache, since SubjAltNames are
- * verified by checker, its cache copy is stored in checkerstate.
- */
-struct PKIX_ComCertSelParamsStruct {
- PKIX_Int32 version;
- PKIX_Int32 minPathLength;
- PKIX_Boolean matchAllSubjAltNames;
- PKIX_PL_X500Name *subject;
- PKIX_List *policies; /* List of PKIX_PL_OID */
- PKIX_PL_Cert *cert;
- PKIX_PL_CertNameConstraints *nameConstraints;
- PKIX_List *pathToNames; /* List of PKIX_PL_GeneralNames */
- PKIX_List *subjAltNames; /* List of PKIX_PL_GeneralNames */
- PKIX_List *extKeyUsage; /* List of PKIX_PL_OID */
- PKIX_UInt32 keyUsage;
- PKIX_PL_Date *date;
- PKIX_PL_Date *certValid;
- PKIX_PL_X500Name *issuer;
- PKIX_PL_BigInt *serialNumber;
- PKIX_PL_ByteArray *authKeyId;
- PKIX_PL_ByteArray *subjKeyId;
- PKIX_PL_PublicKey *subjPubKey;
- PKIX_PL_OID *subjPKAlgId;
- PKIX_Boolean leafCertFlag;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_ComCertSelParams_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_COMCERTSELPARAMS_H */
diff --git a/security/nss/lib/libpkix/pkix/checker/Makefile b/security/nss/lib/libpkix/pkix/checker/Makefile
deleted file mode 100755
index a06b8bed4..000000000
--- a/security/nss/lib/libpkix/pkix/checker/Makefile
+++ /dev/null
@@ -1,81 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
diff --git a/security/nss/lib/libpkix/pkix/checker/config.mk b/security/nss/lib/libpkix/pkix/checker/config.mk
deleted file mode 100755
index 6f3fb7b4b..000000000
--- a/security/nss/lib/libpkix/pkix/checker/config.mk
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/libpkix/pkix/checker/manifest.mn b/security/nss/lib/libpkix/pkix/checker/manifest.mn
deleted file mode 100755
index 6a2702871..000000000
--- a/security/nss/lib/libpkix/pkix/checker/manifest.mn
+++ /dev/null
@@ -1,80 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../../../..
-
-EXPORTS = \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- pkix_basicconstraintschecker.h \
- pkix_certchainchecker.h \
- pkix_crlchecker.h \
- pkix_ekuchecker.h \
- pkix_expirationchecker.h \
- pkix_namechainingchecker.h \
- pkix_nameconstraintschecker.h \
- pkix_ocspchecker.h \
- pkix_policychecker.h \
- pkix_revocationmethod.h \
- pkix_revocationchecker.h \
- pkix_signaturechecker.h \
- pkix_targetcertchecker.h \
- $(NULL)
-
-MODULE = nss
-
-CSRCS = \
- pkix_basicconstraintschecker.c \
- pkix_certchainchecker.c \
- pkix_crlchecker.c \
- pkix_ekuchecker.c \
- pkix_expirationchecker.c \
- pkix_namechainingchecker.c \
- pkix_nameconstraintschecker.c \
- pkix_ocspchecker.c \
- pkix_revocationmethod.c \
- pkix_revocationchecker.c \
- pkix_policychecker.c \
- pkix_signaturechecker.c \
- pkix_targetcertchecker.c \
- $(NULL)
-
-REQUIRES = dbm
-
-LIBRARY_NAME = pkixchecker
-
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.c
deleted file mode 100755
index 809d4be3b..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.c
+++ /dev/null
@@ -1,339 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_basicconstraintschecker.c
- *
- * Functions for basic constraints validation
- *
- */
-
-#include "pkix_basicconstraintschecker.h"
-
-/* --Private-BasicConstraintsCheckerState-Functions------------------------- */
-
-/*
- * FUNCTION: pkix_BasicConstraintsCheckerState_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_BasicConstraintsCheckerState_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- pkix_BasicConstraintsCheckerState *state = NULL;
-
- PKIX_ENTER(BASICCONSTRAINTSCHECKERSTATE,
- "pkix_BasicConstraintsCheckerState_Destroy");
-
- PKIX_NULLCHECK_ONE(object);
-
- /* Check that this object is a basic constraints checker state */
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_BASICCONSTRAINTSCHECKERSTATE_TYPE, plContext),
- PKIX_OBJECTNOTBASICCONSTRAINTSCHECKERSTATE);
-
- state = (pkix_BasicConstraintsCheckerState *)object;
-
- PKIX_DECREF(state->basicConstraintsOID);
-
-cleanup:
-
- PKIX_RETURN(BASICCONSTRAINTSCHECKERSTATE);
-}
-
-/*
- * FUNCTION: pkix_BasicConstraintsCheckerState_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_CERT_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_BasicConstraintsCheckerState_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(BASICCONSTRAINTSCHECKERSTATE,
- "pkix_BasicConstraintsCheckerState_RegisterSelf");
-
- entry.description = "BasicConstraintsCheckerState";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(pkix_BasicConstraintsCheckerState);
- entry.destructor = pkix_BasicConstraintsCheckerState_Destroy;
- entry.equalsFunction = NULL;
- entry.hashcodeFunction = NULL;
- entry.toStringFunction = NULL;
- entry.comparator = NULL;
- entry.duplicateFunction = NULL;
-
- systemClasses[PKIX_BASICCONSTRAINTSCHECKERSTATE_TYPE] = entry;
-
- PKIX_RETURN(BASICCONSTRAINTSCHECKERSTATE);
-}
-
-/*
- * FUNCTION: pkix_BasicConstraintsCheckerState_Create
- * DESCRIPTION:
- *
- * Creates a new BasicConstraintsCheckerState using the number of certs in
- * the chain represented by "certsRemaining" and stores it at "pState".
- *
- * PARAMETERS:
- * "certsRemaining"
- * Number of certificates in the chain.
- * "pState"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a BasicConstraintsCheckerState Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_BasicConstraintsCheckerState_Create(
- PKIX_UInt32 certsRemaining,
- pkix_BasicConstraintsCheckerState **pState,
- void *plContext)
-{
- pkix_BasicConstraintsCheckerState *state = NULL;
-
- PKIX_ENTER(BASICCONSTRAINTSCHECKERSTATE,
- "pkix_BasicConstraintsCheckerState_Create");
-
- PKIX_NULLCHECK_ONE(pState);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_BASICCONSTRAINTSCHECKERSTATE_TYPE,
- sizeof (pkix_BasicConstraintsCheckerState),
- (PKIX_PL_Object **)&state,
- plContext),
- PKIX_COULDNOTCREATEBASICCONSTRAINTSSTATEOBJECT);
-
- /* initialize fields */
- state->certsRemaining = certsRemaining;
- state->maxPathLength = PKIX_UNLIMITED_PATH_CONSTRAINT;
-
- PKIX_CHECK(PKIX_PL_OID_Create
- (PKIX_BASICCONSTRAINTS_OID,
- &state->basicConstraintsOID,
- plContext),
- PKIX_OIDCREATEFAILED);
-
- *pState = state;
- state = NULL;
-
-cleanup:
-
- PKIX_DECREF(state);
-
- PKIX_RETURN(BASICCONSTRAINTSCHECKERSTATE);
-}
-
-/* --Private-BasicConstraintsChecker-Functions------------------------------ */
-
-/*
- * FUNCTION: pkix_BasicConstraintsChecker_Check
- * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
- */
-PKIX_Error *
-pkix_BasicConstraintsChecker_Check(
- PKIX_CertChainChecker *checker,
- PKIX_PL_Cert *cert,
- PKIX_List *unresolvedCriticalExtensions, /* list of PKIX_PL_OID */
- void **pNBIOContext,
- void *plContext)
-{
- PKIX_PL_CertBasicConstraints *basicConstraints = NULL;
- pkix_BasicConstraintsCheckerState *state = NULL;
- PKIX_Boolean caFlag = PKIX_FALSE;
- PKIX_Int32 pathLength = 0;
- PKIX_Int32 maxPathLength_now;
- PKIX_Boolean isSelfIssued = PKIX_FALSE;
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_BasicConstraintsChecker_Check");
- PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
-
- *pNBIOContext = NULL; /* we never block on pending I/O */
-
- PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
- (checker, (PKIX_PL_Object **)&state, plContext),
- PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
-
- state->certsRemaining--;
-
- if (state->certsRemaining != 0) {
-
- PKIX_CHECK(PKIX_PL_Cert_GetBasicConstraints
- (cert, &basicConstraints, plContext),
- PKIX_CERTGETBASICCONSTRAINTSFAILED);
-
- /* get CA Flag and path length */
- if (basicConstraints != NULL) {
- PKIX_CHECK(PKIX_PL_BasicConstraints_GetCAFlag
- (basicConstraints,
- &caFlag,
- plContext),
- PKIX_BASICCONSTRAINTSGETCAFLAGFAILED);
-
- if (caFlag == PKIX_TRUE) {
- PKIX_CHECK
- (PKIX_PL_BasicConstraints_GetPathLenConstraint
- (basicConstraints,
- &pathLength,
- plContext),
- PKIX_BASICCONSTRAINTSGETPATHLENCONSTRAINTFAILED);
- }
-
- }else{
- caFlag = PKIX_FALSE;
- pathLength = PKIX_UNLIMITED_PATH_CONSTRAINT;
- }
-
- PKIX_CHECK(pkix_IsCertSelfIssued
- (cert,
- &isSelfIssued,
- plContext),
- PKIX_ISCERTSELFISSUEDFAILED);
-
- maxPathLength_now = state->maxPathLength;
-
- if (isSelfIssued != PKIX_TRUE) {
-
- /* Not last CA Cert, but maxPathLength is down to zero */
- if (maxPathLength_now == 0) {
- PKIX_ERROR(PKIX_BASICCONSTRAINTSVALIDATIONFAILEDLN);
- }
-
- if (caFlag == PKIX_FALSE) {
- PKIX_ERROR(PKIX_BASICCONSTRAINTSVALIDATIONFAILEDCA);
- }
-
- if (maxPathLength_now > 0) { /* can be unlimited (-1) */
- maxPathLength_now--;
- }
-
- }
-
- if (caFlag == PKIX_TRUE) {
- if (maxPathLength_now == PKIX_UNLIMITED_PATH_CONSTRAINT){
- maxPathLength_now = pathLength;
- } else {
- /* If pathLength is not specified, don't set */
- if (pathLength != PKIX_UNLIMITED_PATH_CONSTRAINT) {
- maxPathLength_now =
- (maxPathLength_now > pathLength)?
- pathLength:maxPathLength_now;
- }
- }
- }
-
- state->maxPathLength = maxPathLength_now;
- }
-
- /* Remove Basic Constraints Extension OID from list */
- if (unresolvedCriticalExtensions != NULL) {
-
- PKIX_CHECK(pkix_List_Remove
- (unresolvedCriticalExtensions,
- (PKIX_PL_Object *) state->basicConstraintsOID,
- plContext),
- PKIX_LISTREMOVEFAILED);
- }
-
-
- PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState
- (checker, (PKIX_PL_Object *)state, plContext),
- PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
-
-
-cleanup:
- PKIX_DECREF(state);
- PKIX_DECREF(basicConstraints);
- PKIX_RETURN(CERTCHAINCHECKER);
-
-}
-
-/*
- * FUNCTION: pkix_BasicConstraintsChecker_Initialize
- * DESCRIPTION:
- * Registers PKIX_CERT_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_BasicConstraintsChecker_Initialize(
- PKIX_UInt32 certsRemaining,
- PKIX_CertChainChecker **pChecker,
- void *plContext)
-{
- pkix_BasicConstraintsCheckerState *state = NULL;
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_BasicConstraintsChecker_Initialize");
- PKIX_NULLCHECK_ONE(pChecker);
-
- PKIX_CHECK(pkix_BasicConstraintsCheckerState_Create
- (certsRemaining, &state, plContext),
- PKIX_BASICCONSTRAINTSCHECKERSTATECREATEFAILED);
-
- PKIX_CHECK(PKIX_CertChainChecker_Create
- (pkix_BasicConstraintsChecker_Check,
- PKIX_FALSE,
- PKIX_FALSE,
- NULL,
- (PKIX_PL_Object *)state,
- pChecker,
- plContext),
- PKIX_CERTCHAINCHECKERCHECKFAILED);
-
-cleanup:
- PKIX_DECREF(state);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.h
deleted file mode 100755
index 0b8049013..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_basicconstraintschecker.h
- *
- * Header file for basic constraints checker.
- *
- */
-
-#ifndef _PKIX_BASICCONSTRAINTSCHECKER_H
-#define _PKIX_BASICCONSTRAINTSCHECKER_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct pkix_BasicConstraintsCheckerStateStruct \
- pkix_BasicConstraintsCheckerState;
-
-struct pkix_BasicConstraintsCheckerStateStruct{
- PKIX_PL_OID *basicConstraintsOID;
- PKIX_Int32 certsRemaining;
- PKIX_Int32 maxPathLength;
-};
-
-PKIX_Error *
-pkix_BasicConstraintsChecker_Initialize(
- PKIX_UInt32 numCerts,
- PKIX_CertChainChecker **pChecker,
- void *plContext);
-
-PKIX_Error *
-pkix_BasicConstraintsCheckerState_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_BASICCONSTRAINTSCHECKER_H */
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_certchainchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_certchainchecker.c
deleted file mode 100755
index 0818a0566..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_certchainchecker.c
+++ /dev/null
@@ -1,355 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_certchainchecker.c
- *
- * CertChainChecker Object Functions
- *
- */
-
-#include "pkix_certchainchecker.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_CertChainChecker_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_CertChainChecker_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_CertChainChecker *checker = NULL;
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_CertChainChecker_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- /* Check that this object is a cert chain checker */
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_CERTCHAINCHECKER_TYPE, plContext),
- PKIX_OBJECTNOTCERTCHAINCHECKER);
-
- checker = (PKIX_CertChainChecker *)object;
-
- PKIX_DECREF(checker->extensions);
- PKIX_DECREF(checker->state);
-
-cleanup:
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-/*
- * FUNCTION: pkix_CertChainChecker_Duplicate
- * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_CertChainChecker_Duplicate(
- PKIX_PL_Object *object,
- PKIX_PL_Object **pNewObject,
- void *plContext)
-{
- PKIX_CertChainChecker *checker = NULL;
- PKIX_CertChainChecker *checkerDuplicate = NULL;
- PKIX_List *extensionsDuplicate = NULL;
- PKIX_PL_Object *stateDuplicate = NULL;
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_CertChainChecker_Duplicate");
- PKIX_NULLCHECK_TWO(object, pNewObject);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_CERTCHAINCHECKER_TYPE, plContext),
- PKIX_OBJECTNOTCERTCHAINCHECKER);
-
- checker = (PKIX_CertChainChecker *)object;
-
- if (checker->extensions){
- PKIX_CHECK(PKIX_PL_Object_Duplicate
- ((PKIX_PL_Object *)checker->extensions,
- (PKIX_PL_Object **)&extensionsDuplicate,
- plContext),
- PKIX_OBJECTDUPLICATEFAILED);
- }
-
- if (checker->state){
- PKIX_CHECK(PKIX_PL_Object_Duplicate
- ((PKIX_PL_Object *)checker->state,
- (PKIX_PL_Object **)&stateDuplicate,
- plContext),
- PKIX_OBJECTDUPLICATEFAILED);
- }
-
- PKIX_CHECK(PKIX_CertChainChecker_Create
- (checker->checkCallback,
- checker->forwardChecking,
- checker->isForwardDirectionExpected,
- extensionsDuplicate,
- stateDuplicate,
- &checkerDuplicate,
- plContext),
- PKIX_CERTCHAINCHECKERCREATEFAILED);
-
- *pNewObject = (PKIX_PL_Object *)checkerDuplicate;
-
-cleanup:
-
- PKIX_DECREF(extensionsDuplicate);
- PKIX_DECREF(stateDuplicate);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-/*
- * FUNCTION: pkix_CertChainChecker_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_CERTCHAINCHECKER_TYPE and its related functions with
- * systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_CertChainChecker_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_CertChainChecker_RegisterSelf");
-
- entry.description = "CertChainChecker";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_CertChainChecker);
- entry.destructor = pkix_CertChainChecker_Destroy;
- entry.equalsFunction = NULL;
- entry.hashcodeFunction = NULL;
- entry.toStringFunction = NULL;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_CertChainChecker_Duplicate;
-
- systemClasses[PKIX_CERTCHAINCHECKER_TYPE] = entry;
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-/* --Public-Functions--------------------------------------------- */
-
-
-/*
- * FUNCTION: PKIX_CertChainChecker_Create (see comments in pkix_checker.h)
- */
-PKIX_Error *
-PKIX_CertChainChecker_Create(
- PKIX_CertChainChecker_CheckCallback callback,
- PKIX_Boolean forwardCheckingSupported,
- PKIX_Boolean isForwardDirectionExpected,
- PKIX_List *list, /* list of PKIX_PL_OID */
- PKIX_PL_Object *initialState,
- PKIX_CertChainChecker **pChecker,
- void *plContext)
-{
- PKIX_CertChainChecker *checker = NULL;
-
- PKIX_ENTER(CERTCHAINCHECKER, "PKIX_CertChainChecker_Create");
- PKIX_NULLCHECK_ONE(pChecker);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_CERTCHAINCHECKER_TYPE,
- sizeof (PKIX_CertChainChecker),
- (PKIX_PL_Object **)&checker,
- plContext),
- PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT);
-
- /* initialize fields */
- checker->checkCallback = callback;
- checker->forwardChecking = forwardCheckingSupported;
- checker->isForwardDirectionExpected = isForwardDirectionExpected;
-
- PKIX_INCREF(list);
- checker->extensions = list;
-
- PKIX_INCREF(initialState);
- checker->state = initialState;
-
- *pChecker = checker;
- checker = NULL;
-cleanup:
-
- PKIX_DECREF(checker);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-
-}
-
-/*
- * FUNCTION: PKIX_CertChainChecker_GetCheckCallback
- * (see comments in pkix_checker.h)
- */
-PKIX_Error *
-PKIX_CertChainChecker_GetCheckCallback(
- PKIX_CertChainChecker *checker,
- PKIX_CertChainChecker_CheckCallback *pCallback,
- void *plContext)
-{
- PKIX_ENTER(CERTCHAINCHECKER, "PKIX_CertChainChecker_GetCheckCallback");
- PKIX_NULLCHECK_TWO(checker, pCallback);
-
- *pCallback = checker->checkCallback;
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-/*
- * FUNCTION: PKIX_CertChainChecker_IsForwardCheckingSupported
- * (see comments in pkix_checker.h)
- */
-PKIX_Error *
-PKIX_CertChainChecker_IsForwardCheckingSupported(
- PKIX_CertChainChecker *checker,
- PKIX_Boolean *pForwardCheckingSupported,
- void *plContext)
-{
- PKIX_ENTER
- (CERTCHAINCHECKER,
- "PKIX_CertChainChecker_IsForwardCheckingSupported");
- PKIX_NULLCHECK_TWO(checker, pForwardCheckingSupported);
-
- *pForwardCheckingSupported = checker->forwardChecking;
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-/*
- * FUNCTION: PKIX_CertChainChecker_IsForwardDirectionExpected
- * (see comments in pkix_checker.h)
- */
-PKIX_Error *
-PKIX_CertChainChecker_IsForwardDirectionExpected(
- PKIX_CertChainChecker *checker,
- PKIX_Boolean *pForwardDirectionExpected,
- void *plContext)
-{
- PKIX_ENTER
- (CERTCHAINCHECKER,
- "PKIX_CertChainChecker_IsForwardDirectionExpected");
- PKIX_NULLCHECK_TWO(checker, pForwardDirectionExpected);
-
- *pForwardDirectionExpected = checker->isForwardDirectionExpected;
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-/*
- * FUNCTION: PKIX_CertChainChecker_GetCertChainCheckerState
- * (see comments in pkix_checker.h)
- */
-PKIX_Error *
-PKIX_CertChainChecker_GetCertChainCheckerState(
- PKIX_CertChainChecker *checker,
- PKIX_PL_Object **pCertChainCheckerState,
- void *plContext)
-{
- PKIX_ENTER(CERTCHAINCHECKER,
- "PKIX_CertChainChecker_GetCertChainCheckerState");
-
- PKIX_NULLCHECK_TWO(checker, pCertChainCheckerState);
-
- PKIX_INCREF(checker->state);
-
- *pCertChainCheckerState = checker->state;
-
-cleanup:
- PKIX_RETURN(CERTCHAINCHECKER);
-
-}
-
-/*
- * FUNCTION: PKIX_CertChainChecker_SetCertChainCheckerState
- * (see comments in pkix_checker.h)
- */
-PKIX_Error *
-PKIX_CertChainChecker_SetCertChainCheckerState(
- PKIX_CertChainChecker *checker,
- PKIX_PL_Object *certChainCheckerState,
- void *plContext)
-{
- PKIX_ENTER(CERTCHAINCHECKER,
- "PKIX_CertChainChecker_SetCertChainCheckerState");
-
- PKIX_NULLCHECK_ONE(checker);
-
- /* DecRef old contents */
- PKIX_DECREF(checker->state);
-
- PKIX_INCREF(certChainCheckerState);
- checker->state = certChainCheckerState;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)checker, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-/*
- * FUNCTION: PKIX_CertChainChecker_GetSupportedExtensions
- * (see comments in pkix_checker.h)
- */
-PKIX_Error *
-PKIX_CertChainChecker_GetSupportedExtensions(
- PKIX_CertChainChecker *checker,
- PKIX_List **pExtensions, /* list of PKIX_PL_OID */
- void *plContext)
-{
- PKIX_ENTER(CERTCHAINCHECKER,
- "PKIX_CertChainChecker_GetSupportedExtensions");
-
- PKIX_NULLCHECK_TWO(checker, pExtensions);
-
- PKIX_INCREF(checker->extensions);
-
- *pExtensions = checker->extensions;
-
-cleanup:
- PKIX_RETURN(CERTCHAINCHECKER);
-
-}
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_certchainchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_certchainchecker.h
deleted file mode 100755
index 445b7452d..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_certchainchecker.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_certchainchecker.h
- *
- * CertChainChecker Object Type Definition
- *
- */
-
-#ifndef _PKIX_CERTCHAINCHECKER_H
-#define _PKIX_CERTCHAINCHECKER_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_CertChainCheckerStruct {
- PKIX_CertChainChecker_CheckCallback checkCallback;
- PKIX_List *extensions;
- PKIX_PL_Object *state;
- PKIX_Boolean forwardChecking;
- PKIX_Boolean isForwardDirectionExpected;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_CertChainChecker_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_CERTCHAINCHECKER_H */
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c
deleted file mode 100644
index cf2fa55f4..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c
+++ /dev/null
@@ -1,470 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_defaultcrlchecker.c
- *
- * Functions for default CRL Checkers
- *
- */
-#include "pkix.h"
-#include "pkix_crlchecker.h"
-#include "pkix_tools.h"
-
-/* --Private-CRLChecker-Data-and-Types------------------------------- */
-
-typedef struct pkix_CrlCheckerStruct {
- /* RevocationMethod is the super class of CrlChecker. */
- pkix_RevocationMethod method;
- PKIX_List *certStores; /* list of CertStore */
- PKIX_PL_VerifyCallback crlVerifyFn;
-} pkix_CrlChecker;
-
-
-/* --Private-CRLChecker-Functions----------------------------------- */
-
-/*
- * FUNCTION: pkix_CrlCheckerstate_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_CrlChecker_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- pkix_CrlChecker *state = NULL;
-
- PKIX_ENTER(CRLCHECKER, "pkix_CrlChecker_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- /* Check that this object is a default CRL checker state */
- PKIX_CHECK(
- pkix_CheckType(object, PKIX_CRLCHECKER_TYPE, plContext),
- PKIX_OBJECTNOTCRLCHECKER);
-
- state = (pkix_CrlChecker *)object;
-
- PKIX_DECREF(state->certStores);
-
-cleanup:
-
- PKIX_RETURN(CRLCHECKER);
-}
-
-/*
- * FUNCTION: pkix_CrlChecker_RegisterSelf
- *
- * DESCRIPTION:
- * Registers PKIX_CRLCHECKER_TYPE and its related functions
- * with systemClasses[]
- *
- * THREAD SAFETY:
- * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_CrlChecker_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry* entry = &systemClasses[PKIX_CRLCHECKER_TYPE];
-
- PKIX_ENTER(CRLCHECKER, "pkix_CrlChecker_RegisterSelf");
-
- entry->description = "CRLChecker";
- entry->typeObjectSize = sizeof(pkix_CrlChecker);
- entry->destructor = pkix_CrlChecker_Destroy;
-
- PKIX_RETURN(CRLCHECKER);
-}
-
-/*
- * FUNCTION: pkix_CrlChecker_Create
- *
- * DESCRIPTION:
- * Allocate and initialize CRLChecker state data.
- *
- * PARAMETERS
- * "certStores"
- * Address of CertStore List to be stored in state. Must be non-NULL.
- * "testDate"
- * Address of PKIX_PL_Date to be checked. May be NULL.
- * "trustedPubKey"
- * Trusted Anchor Public Key for verifying first Cert in the chain.
- * Must be non-NULL.
- * "certsRemaining"
- * Number of certificates remaining in the chain.
- * "nistCRLPolicyEnabled"
- * If enabled, enforce nist crl policy.
- * "pChecker"
- * Address of CRLChecker that is returned. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a DefaultCrlChecker Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error
- */
-PKIX_Error *
-pkix_CrlChecker_Create(PKIX_RevocationMethodType methodType,
- PKIX_UInt32 flags,
- PKIX_UInt32 priority,
- pkix_LocalRevocationCheckFn localRevChecker,
- pkix_ExternalRevocationCheckFn externalRevChecker,
- PKIX_List *certStores,
- PKIX_PL_VerifyCallback crlVerifyFn,
- pkix_RevocationMethod **pChecker,
- void *plContext)
-{
- pkix_CrlChecker *crlChecker = NULL;
-
- PKIX_ENTER(CRLCHECKER, "pkix_CrlChecker_Create");
- PKIX_NULLCHECK_TWO(certStores, pChecker);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_CRLCHECKER_TYPE,
- sizeof (pkix_CrlChecker),
- (PKIX_PL_Object **)&crlChecker,
- plContext),
- PKIX_COULDNOTCREATECRLCHECKEROBJECT);
-
- pkixErrorResult = pkix_RevocationMethod_Init(
- (pkix_RevocationMethod*)crlChecker, methodType, flags, priority,
- localRevChecker, externalRevChecker, plContext);
- if (pkixErrorResult) {
- goto cleanup;
- }
-
- /* Initialize fields */
- PKIX_INCREF(certStores);
- crlChecker->certStores = certStores;
-
- crlChecker->crlVerifyFn = crlVerifyFn;
- *pChecker = (pkix_RevocationMethod*)crlChecker;
- crlChecker = NULL;
-
-cleanup:
- PKIX_DECREF(crlChecker);
-
- PKIX_RETURN(CRLCHECKER);
-}
-
-/* --Private-CRLChecker-Functions------------------------------------ */
-
-/*
- * FUNCTION: pkix_CrlChecker_CheckLocal
- *
- * DESCRIPTION:
- * Check if the Cert has been revoked based the CRLs data. This function
- * maintains the checker state to be current.
- *
- * PARAMETERS
- * "checker"
- * Address of CertChainChecker which has the state data.
- * Must be non-NULL.
- * "cert"
- * Address of Certificate that is to be validated. Must be non-NULL.
- * "unreslvdCrtExts"
- * A List OIDs. Not **yet** used in this checker function.
- * "plContext"
- * Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Not Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error
- */
-PKIX_Error *
-pkix_CrlChecker_CheckLocal(
- PKIX_PL_Cert *cert,
- PKIX_PL_Cert *issuer,
- PKIX_PL_Date *date,
- pkix_RevocationMethod *checkerObject,
- PKIX_ProcessingParams *procParams,
- PKIX_UInt32 methodFlags,
- PKIX_Boolean chainVerificationState,
- PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *pReasonCode,
- void *plContext)
-{
- PKIX_CertStore_CheckRevokationByCrlCallback storeCheckRevocationFn;
- PKIX_CertStore *certStore = NULL;
- pkix_CrlChecker *state = NULL;
- PKIX_UInt32 reasonCode = 0;
- PKIX_UInt32 crlStoreIndex = 0;
- PKIX_UInt32 numCrlStores = 0;
- PKIX_Boolean storeIsLocal = PKIX_FALSE;
- PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_CrlChecker_CheckLocal");
- PKIX_NULLCHECK_FOUR(cert, issuer, checkerObject, checkerObject);
-
- state = (pkix_CrlChecker*)checkerObject;
-
- PKIX_CHECK(
- PKIX_List_GetLength(state->certStores, &numCrlStores, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (;crlStoreIndex < numCrlStores;crlStoreIndex++) {
- PKIX_CHECK(
- PKIX_List_GetItem(state->certStores, crlStoreIndex,
- (PKIX_PL_Object **)&certStore,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(
- PKIX_CertStore_GetLocalFlag(certStore, &storeIsLocal,
- plContext),
- PKIX_CERTSTOREGETLOCALFLAGFAILED);
- if (storeIsLocal) {
- PKIX_CHECK(
- PKIX_CertStore_GetCrlCheckerFn(certStore,
- &storeCheckRevocationFn,
- plContext),
- PKIX_CERTSTOREGETCHECKREVBYCRLFAILED);
-
- if (storeCheckRevocationFn) {
- PKIX_CHECK(
- (*storeCheckRevocationFn)(certStore, cert, issuer,
- /* delay sig check if building
- * a chain by not specifying the time*/
- chainVerificationState ? date : NULL,
- /* crl downloading is not done. */
- PKIX_FALSE,
- &reasonCode, &revStatus, plContext),
- PKIX_CERTSTORECRLCHECKFAILED);
- if (revStatus == PKIX_RevStatus_Revoked) {
- break;
- }
- }
- }
- PKIX_DECREF(certStore);
- } /* while */
-
-cleanup:
- *pRevStatus = revStatus;
- PKIX_DECREF(certStore);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-/*
- * FUNCTION: pkix_CrlChecker_CheckRemote
- *
- * DESCRIPTION:
- * Check if the Cert has been revoked based the CRLs data. This function
- * maintains the checker state to be current.
- *
- * PARAMETERS
- * "checker"
- * Address of CertChainChecker which has the state data.
- * Must be non-NULL.
- * "cert"
- * Address of Certificate that is to be validated. Must be non-NULL.
- * "unreslvdCrtExts"
- * A List OIDs. Not **yet** used in this checker function.
- * "plContext"
- * Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Not Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error
- */
-PKIX_Error *
-pkix_CrlChecker_CheckExternal(
- PKIX_PL_Cert *cert,
- PKIX_PL_Cert *issuer,
- PKIX_PL_Date *date,
- pkix_RevocationMethod *checkerObject,
- PKIX_ProcessingParams *procParams,
- PKIX_UInt32 methodFlags,
- PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *pReasonCode,
- void **pNBIOContext,
- void *plContext)
-{
- PKIX_CertStore_CheckRevokationByCrlCallback storeCheckRevocationFn = NULL;
- PKIX_CertStore_ImportCrlCallback storeImportCrlFn = NULL;
- PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
- PKIX_CertStore *certStore = NULL;
- PKIX_CertStore *localStore = NULL;
- PKIX_CRLSelector *crlSelector = NULL;
- PKIX_PL_X500Name *issuerName = NULL;
- pkix_CrlChecker *state = NULL;
- PKIX_UInt32 reasonCode = 0;
- PKIX_UInt32 crlStoreIndex = 0;
- PKIX_UInt32 numCrlStores = 0;
- PKIX_Boolean storeIsLocal = PKIX_FALSE;
- PKIX_List *crlList = NULL;
- PKIX_List *dpList = NULL;
- void *nbioContext = NULL;
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_CrlChecker_CheckExternal");
- PKIX_NULLCHECK_FOUR(cert, issuer, checkerObject, pNBIOContext);
-
- nbioContext = *pNBIOContext;
- *pNBIOContext = NULL; /* prepare for Error exit */
-
- state = (pkix_CrlChecker*)checkerObject;
-
- PKIX_CHECK(
- PKIX_List_GetLength(state->certStores, &numCrlStores, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- /* Find a cert store that is capable of storing crls */
- for (;crlStoreIndex < numCrlStores;crlStoreIndex++) {
- PKIX_CHECK(
- PKIX_List_GetItem(state->certStores, crlStoreIndex,
- (PKIX_PL_Object **)&certStore,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(
- PKIX_CertStore_GetLocalFlag(certStore, &storeIsLocal,
- plContext),
- PKIX_CERTSTOREGETLOCALFLAGFAILED);
- if (storeIsLocal) {
- PKIX_CHECK(
- PKIX_CertStore_GetImportCrlCallback(certStore,
- &storeImportCrlFn,
- plContext),
- PKIX_CERTSTOREGETCHECKREVBYCRLFAILED);
-
- PKIX_CHECK(
- PKIX_CertStore_GetCrlCheckerFn(certStore,
- &storeCheckRevocationFn,
- plContext),
- PKIX_CERTSTOREGETCHECKREVBYCRLFAILED);
-
- if (storeImportCrlFn && storeCheckRevocationFn) {
- localStore = certStore;
- certStore = NULL;
- break;
- }
- }
- PKIX_DECREF(certStore);
- } /* while */
-
- /* Report unknown status if we can not check crl in one of the
- * local stores. */
- if (!localStore) {
- PKIX_ERROR_FATAL(PKIX_CRLCHECKERNOLOCALCERTSTOREFOUND);
- }
- PKIX_CHECK(
- PKIX_PL_Cert_GetCrlDp(cert, &dpList, plContext),
- PKIX_CERTGETCRLDPFAILED);
- if (!(methodFlags & PKIX_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE) &&
- (!dpList || !dpList->length)) {
- goto cleanup;
- }
- PKIX_CHECK(
- PKIX_PL_Cert_GetIssuer(cert, &issuerName, plContext),
- PKIX_CERTGETISSUERFAILED);
- PKIX_CHECK(
- PKIX_CRLSelector_Create(issuer, dpList, date, &crlSelector, plContext),
- PKIX_CRLCHECKERSETSELECTORFAILED);
- /* Fetch crl and store in a local cert store */
- for (crlStoreIndex = 0;crlStoreIndex < numCrlStores;crlStoreIndex++) {
- PKIX_CertStore_CRLCallback getCrlsFn;
-
- PKIX_CHECK(
- PKIX_List_GetItem(state->certStores, crlStoreIndex,
- (PKIX_PL_Object **)&certStore,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(
- PKIX_CertStore_GetCRLCallback(certStore, &getCrlsFn,
- plContext),
- PKIX_CERTSTOREGETCRLCALLBACKFAILED);
-
- PKIX_CHECK(
- (*getCrlsFn)(certStore, crlSelector, &nbioContext,
- &crlList, plContext),
- PKIX_GETCRLSFAILED);
-
- PKIX_CHECK(
- (*storeImportCrlFn)(localStore, issuerName, crlList, plContext),
- PKIX_CERTSTOREFAILTOIMPORTCRLLIST);
-
- PKIX_CHECK(
- (*storeCheckRevocationFn)(certStore, cert, issuer, date,
- /* done with crl downloading */
- PKIX_TRUE,
- &reasonCode, &revStatus, plContext),
- PKIX_CERTSTORECRLCHECKFAILED);
- if (revStatus != PKIX_RevStatus_NoInfo) {
- break;
- }
- PKIX_DECREF(crlList);
- PKIX_DECREF(certStore);
- } /* while */
-
-cleanup:
- /* Update return flags */
- if (revStatus == PKIX_RevStatus_NoInfo &&
- ((dpList && dpList->length > 0) ||
- (methodFlags & PKIX_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE)) &&
- methodFlags & PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO) {
- revStatus = PKIX_RevStatus_Revoked;
- }
- *pRevStatus = revStatus;
-
- PKIX_DECREF(dpList);
- PKIX_DECREF(crlList);
- PKIX_DECREF(certStore);
- PKIX_DECREF(issuerName);
- PKIX_DECREF(localStore);
- PKIX_DECREF(crlSelector);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.h
deleted file mode 100644
index 6255e946e..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.h
+++ /dev/null
@@ -1,101 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_defaultcrlchecker.h
- *
- * Header file for default CRL function
- *
- */
-
-#ifndef _PKIX_CRLCHECKER_H
-#define _PKIX_CRLCHECKER_H
-
-#include "pkixt.h"
-#include "pkix_revocationmethod.h"
-#include "pkix_crlsel.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* NOTE: nbio logic removed. Will be replaced later. */
-
-PKIX_Error *
-pkix_CrlChecker_CheckLocal(
- PKIX_PL_Cert *cert,
- PKIX_PL_Cert *issuer,
- PKIX_PL_Date *date,
- pkix_RevocationMethod *checkerObject,
- PKIX_ProcessingParams *procParams,
- PKIX_UInt32 methodFlags,
- PKIX_Boolean chainVerificationState,
- PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *reasonCode,
- void *plContext);
-
-PKIX_Error *
-pkix_CrlChecker_CheckExternal(
- PKIX_PL_Cert *cert,
- PKIX_PL_Cert *issuer,
- PKIX_PL_Date *date,
- pkix_RevocationMethod *checkerObject,
- PKIX_ProcessingParams *procParams,
- PKIX_UInt32 methodFlags,
- PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *reasonCode,
- void **pNBIOContext,
- void *plContext);
-
-PKIX_Error *
-pkix_CrlChecker_Create(PKIX_RevocationMethodType methodType,
- PKIX_UInt32 flags,
- PKIX_UInt32 priority,
- pkix_LocalRevocationCheckFn localRevChecker,
- pkix_ExternalRevocationCheckFn externalRevChecker,
- PKIX_List *certStores,
- PKIX_PL_VerifyCallback crlVerifyFn,
- pkix_RevocationMethod **pChecker,
- void *plContext);
-
-PKIX_Error *
-pkix_CrlChecker_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_CRLCHECKER_H */
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_ekuchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_ekuchecker.c
deleted file mode 100644
index 736e76194..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_ekuchecker.c
+++ /dev/null
@@ -1,361 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_ekuchecker.c
- *
- * User Defined ExtenedKeyUsage Function Definitions
- *
- */
-
-#include "pkix_ekuchecker.h"
-
-SECOidTag ekuOidStrings[] = {
- PKIX_KEY_USAGE_SERVER_AUTH_OID,
- PKIX_KEY_USAGE_CLIENT_AUTH_OID,
- PKIX_KEY_USAGE_CODE_SIGN_OID,
- PKIX_KEY_USAGE_EMAIL_PROTECT_OID,
- PKIX_KEY_USAGE_TIME_STAMP_OID,
- PKIX_KEY_USAGE_OCSP_RESPONDER_OID,
- PKIX_UNKNOWN_OID
-};
-
-typedef struct pkix_EkuCheckerStruct {
- PKIX_List *requiredExtKeyUsageOids;
- PKIX_PL_OID *ekuOID;
-} pkix_EkuChecker;
-
-
-/*
- * FUNCTION: pkix_EkuChecker_Destroy
- * (see comments for PKIX_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_EkuChecker_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- pkix_EkuChecker *ekuCheckerState = NULL;
-
- PKIX_ENTER(EKUCHECKER, "pkix_EkuChecker_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_EKUCHECKER_TYPE, plContext),
- PKIX_OBJECTNOTANEKUCHECKERSTATE);
-
- ekuCheckerState = (pkix_EkuChecker *)object;
-
- PKIX_DECREF(ekuCheckerState->ekuOID);
- PKIX_DECREF(ekuCheckerState->requiredExtKeyUsageOids);
-
-cleanup:
-
- PKIX_RETURN(EKUCHECKER);
-}
-
-/*
- * FUNCTION: pkix_EkuChecker_RegisterSelf
- *
- * DESCRIPTION:
- * Registers PKIX_PL_HTTPCERTSTORECONTEXT_TYPE and its related
- * functions with systemClasses[]
- *
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_EkuChecker_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry *entry = &systemClasses[PKIX_EKUCHECKER_TYPE];
-
- PKIX_ENTER(EKUCHECKER, "pkix_EkuChecker_RegisterSelf");
-
- entry->description = "EkuChecker";
- entry->typeObjectSize = sizeof(pkix_EkuChecker);
- entry->destructor = pkix_EkuChecker_Destroy;
-
- PKIX_RETURN(EKUCHECKER);
-}
-
-/*
- * FUNCTION: pkix_EkuChecker_Create
- * DESCRIPTION:
- *
- * Creates a new Extend Key Usage CheckerState using "params" to retrieve
- * application specified EKU for verification and stores it at "pState".
- *
- * PARAMETERS:
- * "params"
- * a PKIX_ProcessingParams links to PKIX_ComCertSelParams where a list of
- * Extended Key Usage OIDs specified by application can be retrieved for
- * verification.
- * "pState"
- * Address where state pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a UserDefinedModules Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_EkuChecker_Create(
- PKIX_ProcessingParams *params,
- pkix_EkuChecker **pState,
- void *plContext)
-{
- pkix_EkuChecker *state = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_ComCertSelParams *comCertSelParams = NULL;
- PKIX_List *requiredOids = NULL;
-
- PKIX_ENTER(EKUCHECKER, "pkix_EkuChecker_Create");
- PKIX_NULLCHECK_TWO(params, pState);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_EKUCHECKER_TYPE,
- sizeof (pkix_EkuChecker),
- (PKIX_PL_Object **)&state,
- plContext),
- PKIX_COULDNOTCREATEEKUCHECKERSTATEOBJECT);
-
-
- PKIX_CHECK(PKIX_ProcessingParams_GetTargetCertConstraints
- (params, &certSelector, plContext),
- PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED);
-
- if (certSelector != NULL) {
-
- /* Get initial EKU OIDs from ComCertSelParams, if set */
- PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParams
- (certSelector, &comCertSelParams, plContext),
- PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED);
-
- if (comCertSelParams != NULL) {
- PKIX_CHECK(PKIX_ComCertSelParams_GetExtendedKeyUsage
- (comCertSelParams, &requiredOids, plContext),
- PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED);
-
- }
- }
-
- PKIX_CHECK(PKIX_PL_OID_Create
- (PKIX_EXTENDEDKEYUSAGE_OID,
- &state->ekuOID,
- plContext),
- PKIX_OIDCREATEFAILED);
-
- state->requiredExtKeyUsageOids = requiredOids;
- requiredOids = NULL;
- *pState = state;
- state = NULL;
-
-cleanup:
-
- PKIX_DECREF(certSelector);
- PKIX_DECREF(comCertSelParams);
- PKIX_DECREF(requiredOids);
- PKIX_DECREF(state);
-
- PKIX_RETURN(EKUCHECKER);
-}
-
-/*
- * FUNCTION: pkix_EkuChecker_Check
- * DESCRIPTION:
- *
- * This function determines the Extended Key Usage OIDs specified by the
- * application is included in the Extended Key Usage OIDs of this "cert".
- *
- * PARAMETERS:
- * "checker"
- * Address of CertChainChecker which has the state data.
- * Must be non-NULL.
- * "cert"
- * Address of Certificate that is to be validated. Must be non-NULL.
- * "unresolvedCriticalExtensions"
- * A List OIDs. The OID for Extended Key Usage is removed.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a UserDefinedModules Error if the function fails in
- * a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_EkuChecker_Check(
- PKIX_CertChainChecker *checker,
- PKIX_PL_Cert *cert,
- PKIX_List *unresolvedCriticalExtensions,
- void **pNBIOContext,
- void *plContext)
-{
- pkix_EkuChecker *state = NULL;
- PKIX_List *requiredExtKeyUsageList = NULL;
- PKIX_List *certExtKeyUsageList = NULL;
- PKIX_PL_OID *ekuOid = NULL;
- PKIX_Boolean isContained = PKIX_FALSE;
- PKIX_UInt32 numItems = 0;
- PKIX_UInt32 i;
- PKIX_Boolean checkResult = PKIX_TRUE;
-
- PKIX_ENTER(EKUCHECKER, "pkix_EkuChecker_Check");
- PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
-
- *pNBIOContext = NULL; /* no non-blocking IO */
-
- PKIX_CHECK(
- PKIX_CertChainChecker_GetCertChainCheckerState
- (checker, (PKIX_PL_Object **)&state, plContext),
- PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
-
- requiredExtKeyUsageList = state->requiredExtKeyUsageOids;
- if (requiredExtKeyUsageList == NULL) {
- goto cleanup;
- }
-
- PKIX_CHECK(
- PKIX_List_GetLength(requiredExtKeyUsageList, &numItems,
- plContext),
- PKIX_LISTGETLENGTHFAILED);
- if (numItems == 0) {
- goto cleanup;
- }
-
- PKIX_CHECK(
- PKIX_PL_Cert_GetExtendedKeyUsage(cert, &certExtKeyUsageList,
- plContext),
- PKIX_CERTGETEXTENDEDKEYUSAGEFAILED);
-
- if (certExtKeyUsageList == NULL) {
- goto cleanup;
- }
-
- for (i = 0; i < numItems; i++) {
-
- PKIX_CHECK(
- PKIX_List_GetItem(requiredExtKeyUsageList, i,
- (PKIX_PL_Object **)&ekuOid, plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(
- pkix_List_Contains(certExtKeyUsageList,
- (PKIX_PL_Object *)ekuOid,
- &isContained,
- plContext),
- PKIX_LISTCONTAINSFAILED);
-
- PKIX_DECREF(ekuOid);
- if (isContained != PKIX_TRUE) {
- checkResult = PKIX_FALSE;
- goto cleanup;
- }
- }
-
-cleanup:
- if (!pkixErrorResult && checkResult == PKIX_FALSE) {
- pkixErrorReceived = PKIX_TRUE;
- pkixErrorCode = PKIX_EXTENDEDKEYUSAGECHECKINGFAILED;
- }
-
- PKIX_DECREF(ekuOid);
- PKIX_DECREF(certExtKeyUsageList);
- PKIX_DECREF(state);
-
- PKIX_RETURN(EKUCHECKER);
-}
-
-/*
- * FUNCTION: pkix_EkuChecker_Initialize
- * (see comments in pkix_sample_modules.h)
- */
-PKIX_Error *
-PKIX_EkuChecker_Create(
- PKIX_ProcessingParams *params,
- PKIX_CertChainChecker **pEkuChecker,
- void *plContext)
-{
- pkix_EkuChecker *state = NULL;
- PKIX_List *critExtOIDsList = NULL;
-
- PKIX_ENTER(EKUCHECKER, "PKIX_EkuChecker_Initialize");
- PKIX_NULLCHECK_ONE(params);
-
- /*
- * This function and functions in this file provide an example of how
- * an application defined checker can be hooked into libpkix.
- */
-
- PKIX_CHECK(pkix_EkuChecker_Create
- (params, &state, plContext),
- PKIX_EKUCHECKERSTATECREATEFAILED);
-
- PKIX_CHECK(PKIX_List_Create(&critExtOIDsList, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (critExtOIDsList,
- (PKIX_PL_Object *)state->ekuOID,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_CertChainChecker_Create
- (pkix_EkuChecker_Check,
- PKIX_TRUE, /* forwardCheckingSupported */
- PKIX_FALSE, /* forwardDirectionExpected */
- critExtOIDsList,
- (PKIX_PL_Object *) state,
- pEkuChecker,
- plContext),
- PKIX_CERTCHAINCHECKERCREATEFAILED);
-cleanup:
-
- PKIX_DECREF(critExtOIDsList);
- PKIX_DECREF(state);
-
- PKIX_RETURN(EKUCHECKER);
-}
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_ekuchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_ekuchecker.h
deleted file mode 100644
index 147640c5a..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_ekuchecker.h
+++ /dev/null
@@ -1,125 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_ekuchecker.h
- *
- * User Defined Object Type Extended Key Usage Definition
- *
- */
-
-#ifndef _PKIX_EKUCHECKER_H
-#define _PKIX_EKUCHECKER_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * FUNCTION: PKIX_PL_EkuChecker_Create
- *
- * DESCRIPTION:
- * Create a CertChainChecker with EkuCheckerState and add it into
- * PKIX_ProcessingParams object.
- *
- * PARAMETERS
- * "params"
- * a PKIX_ProcessingParams links to PKIX_ComCertSelParams where a list of
- * Extended Key Usage OIDs specified by application can be retrieved for
- * verification.
- * "ekuChecker"
- * Address of created ekuchecker.
- * "plContext"
- * Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a UserDefinedModules Error if the function fails in a non-fatal
- * way.
- * Returns a Fatal Error
- */
-PKIX_Error *
-PKIX_EkuChecker_Create(
- PKIX_ProcessingParams *params,
- PKIX_CertChainChecker **ekuChecker,
- void *plContext);
-
-/*
- * FUNCTION: PKIX_PL_EkuChecker_GetRequiredEku
- *
- * DESCRIPTION:
- * This function retrieves application specified ExtenedKeyUsage(s) from
- * ComCertSetparams and converts its OID representations to SECCertUsageEnum.
- * The result is stored and returned in bit mask at "pRequiredExtKeyUsage".
- *
- * PARAMETERS
- * "certSelector"
- * a PKIX_CertSelector links to PKIX_ComCertSelParams where a list of
- * Extended Key Usage OIDs specified by application can be retrieved for
- * verification. Must be non-NULL.
- * "pRequiredExtKeyUsage"
- * Address where the result is returned. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a UserDefinedModules Error if the function fails in a non-fatal
- * way.
- * Returns a Fatal Error
- */
-PKIX_Error *
-pkix_EkuChecker_GetRequiredEku(
- PKIX_CertSelector *certSelector,
- PKIX_UInt32 *pRequiredExtKeyUsage,
- void *plContext);
-
-/* see source file for function documentation */
-PKIX_Error *pkix_EkuChecker_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_EKUCHECKER_H */
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.c
deleted file mode 100755
index 9236f2a80..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.c
+++ /dev/null
@@ -1,146 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_expirationchecker.c
- *
- * Functions for expiration validation
- *
- */
-
-
-#include "pkix_expirationchecker.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_ExpirationChecker_Check
- * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
- */
-PKIX_Error *
-pkix_ExpirationChecker_Check(
- PKIX_CertChainChecker *checker,
- PKIX_PL_Cert *cert,
- PKIX_List *unresolvedCriticalExtensions,
- void **pNBIOContext,
- void *plContext)
-{
- PKIX_PL_Date *testDate = NULL;
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Check");
- PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
-
- *pNBIOContext = NULL; /* we never block on pending I/O */
-
- PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
- (checker, (PKIX_PL_Object **)&testDate, plContext),
- PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
-
- PKIX_CHECK(PKIX_PL_Cert_CheckValidity(cert, testDate, plContext),
- PKIX_CERTCHECKVALIDITYFAILED);
-
-cleanup:
-
- PKIX_DECREF(testDate);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-
-}
-
-/*
- * FUNCTION: pkix_ExpirationChecker_Initialize
- * DESCRIPTION:
- *
- * Creates a new CertChainChecker and stores it at "pChecker", where it will
- * used by pkix_ExpirationChecker_Check to check that the certificate has not
- * expired with respect to the Date pointed to by "testDate." If "testDate"
- * is NULL, then the CertChainChecker will check that a certificate has not
- * expired with respect to the current date and time.
- *
- * PARAMETERS:
- * "testDate"
- * Address of Date representing the point in time at which the cert is to
- * be validated. If "testDate" is NULL, the current date and time is used.
- * "pChecker"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_ExpirationChecker_Initialize(
- PKIX_PL_Date *testDate,
- PKIX_CertChainChecker **pChecker,
- void *plContext)
-{
- PKIX_PL_Date *myDate = NULL;
- PKIX_PL_Date *nowDate = NULL;
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Initialize");
- PKIX_NULLCHECK_ONE(pChecker);
-
- /* if testDate is NULL, we use the current time */
- if (!testDate){
- PKIX_CHECK(PKIX_PL_Date_Create_UTCTime
- (NULL, &nowDate, plContext),
- PKIX_DATECREATEUTCTIMEFAILED);
- myDate = nowDate;
- } else {
- myDate = testDate;
- }
-
- PKIX_CHECK(PKIX_CertChainChecker_Create
- (pkix_ExpirationChecker_Check,
- PKIX_TRUE,
- PKIX_FALSE,
- NULL,
- (PKIX_PL_Object *)myDate,
- pChecker,
- plContext),
- PKIX_CERTCHAINCHECKERCREATEFAILED);
-
-cleanup:
-
- PKIX_DECREF(nowDate);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-
-}
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.h
deleted file mode 100755
index 649fb98e2..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.h
+++ /dev/null
@@ -1,63 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_expirationchecker.h
- *
- * Header file for validate expiration function
- *
- */
-
-#ifndef _PKIX_EXPIRATIONCHECKER_H
-#define _PKIX_EXPIRATIONCHECKER_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-PKIX_Error *
-pkix_ExpirationChecker_Initialize(
- PKIX_PL_Date *testDate,
- PKIX_CertChainChecker **pChecker,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_EXPIRATIONCHECKER_H */
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.c
deleted file mode 100755
index 366d70f57..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_namechainingchecker.c
- *
- * Functions for name chaining validation
- *
- */
-
-
-#include "pkix_namechainingchecker.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_NameChainingChecker_Check
- * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
- */
-PKIX_Error *
-pkix_NameChainingChecker_Check(
- PKIX_CertChainChecker *checker,
- PKIX_PL_Cert *cert,
- PKIX_List *unresolvedCriticalExtensions,
- void **pNBIOContext,
- void *plContext)
-{
- PKIX_PL_X500Name *prevSubject = NULL;
- PKIX_PL_X500Name *currIssuer = NULL;
- PKIX_PL_X500Name *currSubject = NULL;
- PKIX_Boolean result;
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_NameChainingChecker_Check");
- PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
-
- *pNBIOContext = NULL; /* we never block on pending I/O */
-
- PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
- (checker, (PKIX_PL_Object **)&prevSubject, plContext),
- PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
-
- PKIX_CHECK(PKIX_PL_Cert_GetIssuer(cert, &currIssuer, plContext),
- PKIX_CERTGETISSUERFAILED);
-
- if (prevSubject){
- PKIX_CHECK(PKIX_PL_X500Name_Match
- (prevSubject, currIssuer, &result, plContext),
- PKIX_X500NAMEMATCHFAILED);
- if (!result){
- PKIX_ERROR(PKIX_NAMECHAININGCHECKFAILED);
- }
- } else {
- PKIX_ERROR(PKIX_NAMECHAININGCHECKFAILED);
- }
-
- PKIX_CHECK(PKIX_PL_Cert_GetSubject(cert, &currSubject, plContext),
- PKIX_CERTGETSUBJECTFAILED);
-
- PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState
- (checker, (PKIX_PL_Object *)currSubject, plContext),
- PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
-
-cleanup:
-
- PKIX_DECREF(prevSubject);
- PKIX_DECREF(currIssuer);
- PKIX_DECREF(currSubject);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-
-}
-
-/*
- * FUNCTION: pkix_NameChainingChecker_Initialize
- * DESCRIPTION:
- *
- * Creates a new CertChainChecker and stores it at "pChecker", where it will
- * be used by pkix_NameChainingChecker_Check to check that the issuer name
- * of the certificate matches the subject name in the checker's state. The
- * X500Name pointed to by "trustedCAName" is used to initialize the checker's
- * state.
- *
- * PARAMETERS:
- * "trustedCAName"
- * Address of X500Name representing the trusted CA Name used to
- * initialize the state of this checker. Must be non-NULL.
- * "pChecker"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_NameChainingChecker_Initialize(
- PKIX_PL_X500Name *trustedCAName,
- PKIX_CertChainChecker **pChecker,
- void *plContext)
-{
- PKIX_ENTER(CERTCHAINCHECKER, "PKIX_NameChainingChecker_Initialize");
- PKIX_NULLCHECK_TWO(pChecker, trustedCAName);
-
- PKIX_CHECK(PKIX_CertChainChecker_Create
- (pkix_NameChainingChecker_Check,
- PKIX_FALSE,
- PKIX_FALSE,
- NULL,
- (PKIX_PL_Object *)trustedCAName,
- pChecker,
- plContext),
- PKIX_CERTCHAINCHECKERCREATEFAILED);
-
-cleanup:
-
- PKIX_RETURN(CERTCHAINCHECKER);
-
-}
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.h
deleted file mode 100755
index fe45709b5..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.h
+++ /dev/null
@@ -1,63 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_namechainingchecker.h
- *
- * Header file for name chaining checker.
- *
- */
-
-#ifndef _PKIX_NAMECHAININGCHECKER_H
-#define _PKIX_NAMECHAININGCHECKER_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-PKIX_Error *
-pkix_NameChainingChecker_Initialize(
- PKIX_PL_X500Name *trustedCAName,
- PKIX_CertChainChecker **pChecker,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_NAMECHAININGCHECKER_H */
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c
deleted file mode 100755
index 738d82508..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c
+++ /dev/null
@@ -1,338 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_nameconstraintschecker.c
- *
- * Functions for Name Constraints Checkers
- *
- */
-
-#include "pkix_nameconstraintschecker.h"
-
-/* --Private-NameConstraintsCheckerState-Functions---------------------- */
-
-/*
- * FUNCTION: pkix_NameConstraintsCheckerstate_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_NameConstraintsCheckerState_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- pkix_NameConstraintsCheckerState *state = NULL;
-
- PKIX_ENTER(CERTNAMECONSTRAINTSCHECKERSTATE,
- "pkix_NameConstraintsCheckerState_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- /* Check that object type */
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_CERTNAMECONSTRAINTSCHECKERSTATE_TYPE, plContext),
- PKIX_OBJECTNOTNAMECONSTRAINTSCHECKERSTATE);
-
- state = (pkix_NameConstraintsCheckerState *)object;
-
- PKIX_DECREF(state->nameConstraints);
- PKIX_DECREF(state->nameConstraintsOID);
-
-cleanup:
-
- PKIX_RETURN(CERTNAMECONSTRAINTSCHECKERSTATE);
-}
-
-/*
- * FUNCTION: pkix_NameConstraintsCheckerState_RegisterSelf
- *
- * DESCRIPTION:
- * Registers PKIX_CERTNAMECONSTRAINTSCHECKERSTATE_TYPE and its related
- * functions with systemClasses[]
- *
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_NameConstraintsCheckerState_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(CERTNAMECONSTRAINTSCHECKERSTATE,
- "pkix_NameConstraintsCheckerState_RegisterSelf");
-
- entry.description = "NameConstraintsCheckerState";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(pkix_NameConstraintsCheckerState);
- entry.destructor = pkix_NameConstraintsCheckerState_Destroy;
- entry.equalsFunction = NULL;
- entry.hashcodeFunction = NULL;
- entry.toStringFunction = NULL;
- entry.comparator = NULL;
- entry.duplicateFunction = NULL;
-
- systemClasses[PKIX_CERTNAMECONSTRAINTSCHECKERSTATE_TYPE] = entry;
-
- PKIX_RETURN(CERTNAMECONSTRAINTSCHECKERSTATE);
-}
-
-/*
- * FUNCTION: pkix_NameConstraintsCheckerState_Create
- *
- * DESCRIPTION:
- * Allocate and initialize NameConstraintsChecker state data.
- *
- * PARAMETERS
- * "nameConstraints"
- * Address of NameConstraints to be stored in state. May be NULL.
- * "numCerts"
- * Number of certificates in the validation chain. This data is used
- * to identify end-entity.
- * "pCheckerState"
- * Address of NameConstraintsCheckerState that is returned. Must be
- * non-NULL.
- * "plContext" - Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CERTNAMECONSTRAINTSCHECKERSTATE Error if the function fails in
- * a non-fatal way.
- * Returns a Fatal Error
- */
-static PKIX_Error *
-pkix_NameConstraintsCheckerState_Create(
- PKIX_PL_CertNameConstraints *nameConstraints,
- PKIX_UInt32 numCerts,
- pkix_NameConstraintsCheckerState **pCheckerState,
- void *plContext)
-{
- pkix_NameConstraintsCheckerState *state = NULL;
-
- PKIX_ENTER(CERTNAMECONSTRAINTSCHECKERSTATE,
- "pkix_NameConstraintsCheckerState_Create");
- PKIX_NULLCHECK_ONE(pCheckerState);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_CERTNAMECONSTRAINTSCHECKERSTATE_TYPE,
- sizeof (pkix_NameConstraintsCheckerState),
- (PKIX_PL_Object **)&state,
- plContext),
- PKIX_COULDNOTCREATENAMECONSTRAINTSCHECKERSTATEOBJECT);
-
- /* Initialize fields */
-
- PKIX_CHECK(PKIX_PL_OID_Create
- (PKIX_NAMECONSTRAINTS_OID,
- &state->nameConstraintsOID,
- plContext),
- PKIX_OIDCREATEFAILED);
-
- PKIX_INCREF(nameConstraints);
-
- state->nameConstraints = nameConstraints;
- state->certsRemaining = numCerts;
-
- *pCheckerState = state;
- state = NULL;
-
-cleanup:
-
- PKIX_DECREF(state);
-
- PKIX_RETURN(CERTNAMECONSTRAINTSCHECKERSTATE);
-}
-
-/* --Private-NameConstraintsChecker-Functions------------------------- */
-
-/*
- * FUNCTION: pkix_NameConstraintsChecker_Check
- * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
- */
-static PKIX_Error *
-pkix_NameConstraintsChecker_Check(
- PKIX_CertChainChecker *checker,
- PKIX_PL_Cert *cert,
- PKIX_List *unresolvedCriticalExtensions,
- void **pNBIOContext,
- void *plContext)
-{
- pkix_NameConstraintsCheckerState *state = NULL;
- PKIX_PL_CertNameConstraints *nameConstraints = NULL;
- PKIX_PL_CertNameConstraints *mergedNameConstraints = NULL;
- PKIX_Boolean selfIssued = PKIX_FALSE;
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_NameConstraintsChecker_Check");
- PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
-
- *pNBIOContext = NULL; /* we never block on pending I/O */
-
- PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
- (checker, (PKIX_PL_Object **)&state, plContext),
- PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
-
- state->certsRemaining--;
-
- /* Get status of self issued */
- PKIX_CHECK(pkix_IsCertSelfIssued(cert, &selfIssued, plContext),
- PKIX_ISCERTSELFISSUEDFAILED);
-
- /* Check on non self-issued and if so only for last cert */
- if (selfIssued == PKIX_FALSE ||
- (selfIssued == PKIX_TRUE && state->certsRemaining == 0)) {
- PKIX_CHECK(PKIX_PL_Cert_CheckNameConstraints
- (cert, state->nameConstraints, plContext),
- PKIX_CERTCHECKNAMECONSTRAINTSFAILED);
- }
-
- if (state->certsRemaining != 0) {
-
- PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints
- (cert, &nameConstraints, plContext),
- PKIX_CERTGETNAMECONSTRAINTSFAILED);
-
- /* Merge with previous name constraints kept in state */
-
- if (nameConstraints != NULL) {
-
- if (state->nameConstraints == NULL) {
-
- state->nameConstraints = nameConstraints;
-
- } else {
-
- PKIX_CHECK(PKIX_PL_Cert_MergeNameConstraints
- (nameConstraints,
- state->nameConstraints,
- &mergedNameConstraints,
- plContext),
- PKIX_CERTMERGENAMECONSTRAINTSFAILED);
-
- PKIX_DECREF(nameConstraints);
- PKIX_DECREF(state->nameConstraints);
-
- state->nameConstraints = mergedNameConstraints;
- }
-
- /* Remove Name Constraints Extension OID from list */
- if (unresolvedCriticalExtensions != NULL) {
- PKIX_CHECK(pkix_List_Remove
- (unresolvedCriticalExtensions,
- (PKIX_PL_Object *)state->nameConstraintsOID,
- plContext),
- PKIX_LISTREMOVEFAILED);
- }
- }
- }
-
- PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState
- (checker, (PKIX_PL_Object *)state, plContext),
- PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
-
-cleanup:
-
- PKIX_DECREF(state);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-/*
- * FUNCTION: pkix_NameConstraintsChecker_Initialize
- *
- * DESCRIPTION:
- * Create a CertChainChecker with a NameConstraintsCheckerState. The
- * NameConstraintsCheckerState is created with "trustedNC" and "numCerts"
- * as its initial state. The CertChainChecker for the NameConstraints is
- * returned at address of "pChecker".
- *
- * PARAMETERS
- * "trustedNC"
- * The NameConstraints from trusted anchor Cert is stored at "trustedNC"
- * for initialization. May be NULL.
- * "numCerts"
- * Number of certificates in the validation chain. This data is used
- * to identify end-entity.
- * "pChecker"
- * Address of CertChainChecker to bo created and returned.
- * Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CERTCHAINCHECKER Error if the function fails in a non-fatal way.
- * Returns a Fatal Error
- */
-PKIX_Error *
-pkix_NameConstraintsChecker_Initialize(
- PKIX_PL_CertNameConstraints *trustedNC,
- PKIX_UInt32 numCerts,
- PKIX_CertChainChecker **pChecker,
- void *plContext)
-{
- pkix_NameConstraintsCheckerState *state = NULL;
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_NameConstraintsChecker_Initialize");
- PKIX_NULLCHECK_ONE(pChecker);
-
- PKIX_CHECK(pkix_NameConstraintsCheckerState_Create
- (trustedNC, numCerts, &state, plContext),
- PKIX_NAMECONSTRAINTSCHECKERSTATECREATEFAILED);
-
- PKIX_CHECK(PKIX_CertChainChecker_Create
- (pkix_NameConstraintsChecker_Check,
- PKIX_FALSE,
- PKIX_FALSE,
- NULL,
- (PKIX_PL_Object *) state,
- pChecker,
- plContext),
- PKIX_CERTCHAINCHECKERCREATEFAILED);
-
-cleanup:
-
- PKIX_DECREF(state);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.h
deleted file mode 100755
index 66d383bc7..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.h
+++ /dev/null
@@ -1,76 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_nameconstraintschecker.h
- *
- * Header file for validate Name Constraints Checker function
- *
- */
-
-#ifndef _PKIX_NAMECONSTRAINTSCHECKER_H
-#define _PKIX_NAMECONSTRAINTSCHECKER_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct pkix_NameConstraintsCheckerState \
- pkix_NameConstraintsCheckerState;
-
-struct pkix_NameConstraintsCheckerState {
- PKIX_PL_CertNameConstraints *nameConstraints;
- PKIX_PL_OID *nameConstraintsOID;
- PKIX_UInt32 certsRemaining;
-};
-
-PKIX_Error *
-pkix_NameConstraintsChecker_Initialize(
- PKIX_PL_CertNameConstraints *trustedNC,
- PKIX_UInt32 numCerts,
- PKIX_CertChainChecker **pChecker,
- void *plContext);
-
-PKIX_Error *
-pkix_NameConstraintsCheckerState_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_NAMECONSTRAINTSCHECKER_H */
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c
deleted file mode 100644
index e5b488b8a..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c
+++ /dev/null
@@ -1,366 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- * Red Hat, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_ocspchecker.c
- *
- * OcspChecker Object Functions
- *
- */
-
-#include "pkix_ocspchecker.h"
-#include "pkix_pl_ocspcertid.h"
-#include "pkix_error.h"
-
-
-/* --Private-Data-and-Types--------------------------------------- */
-
-typedef struct pkix_OcspCheckerStruct {
- /* RevocationMethod is the super class of OcspChecker. */
- pkix_RevocationMethod method;
- PKIX_PL_VerifyCallback certVerifyFcn;
-} pkix_OcspChecker;
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_OcspChecker_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_OcspChecker_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- return NULL;
-}
-
-/*
- * FUNCTION: pkix_OcspChecker_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_OCSPCHECKER_TYPE and its related functions with
- * systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_OcspChecker_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry* entry = &systemClasses[PKIX_OCSPCHECKER_TYPE];
-
- PKIX_ENTER(OCSPCHECKER, "pkix_OcspChecker_RegisterSelf");
-
- entry->description = "OcspChecker";
- entry->typeObjectSize = sizeof(pkix_OcspChecker);
- entry->destructor = pkix_OcspChecker_Destroy;
-
- PKIX_RETURN(OCSPCHECKER);
-}
-
-
-/*
- * FUNCTION: pkix_OcspChecker_Create
- */
-PKIX_Error *
-pkix_OcspChecker_Create(PKIX_RevocationMethodType methodType,
- PKIX_UInt32 flags,
- PKIX_UInt32 priority,
- pkix_LocalRevocationCheckFn localRevChecker,
- pkix_ExternalRevocationCheckFn externalRevChecker,
- PKIX_PL_VerifyCallback verifyFn,
- pkix_RevocationMethod **pChecker,
- void *plContext)
-{
- pkix_OcspChecker *method = NULL;
-
- PKIX_ENTER(OCSPCHECKER, "pkix_OcspChecker_Create");
- PKIX_NULLCHECK_ONE(pChecker);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_OCSPCHECKER_TYPE,
- sizeof (pkix_OcspChecker),
- (PKIX_PL_Object **)&method,
- plContext),
- PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT);
-
- pkixErrorResult = pkix_RevocationMethod_Init(
- (pkix_RevocationMethod*)method, methodType, flags, priority,
- localRevChecker, externalRevChecker, plContext);
- if (pkixErrorResult) {
- goto cleanup;
- }
- method->certVerifyFcn = (PKIX_PL_VerifyCallback)verifyFn;
-
- *pChecker = (pkix_RevocationMethod*)method;
- method = NULL;
-
-cleanup:
- PKIX_DECREF(method);
-
- PKIX_RETURN(OCSPCHECKER);
-}
-
-/* --Public-Functions--------------------------------------------- */
-
-/*
- * FUNCTION: pkix_OcspChecker_Check (see comments in pkix_checker.h)
- */
-
-/*
- * The OCSPChecker is created in an idle state, and remains in this state until
- * either (a) the default Responder has been set and enabled, and a Check
- * request is received with no responder specified, or (b) a Check request is
- * received with a specified responder. A request message is constructed and
- * given to the HttpClient. If non-blocking I/O is used the client may return
- * with WOULDBLOCK, in which case the OCSPChecker returns the WOULDBLOCK
- * condition to its caller in turn. On a subsequent call the I/O is resumed.
- * When a response is received it is decoded and the results provided to the
- * caller.
- *
- */
-PKIX_Error *
-pkix_OcspChecker_CheckLocal(
- PKIX_PL_Cert *cert,
- PKIX_PL_Cert *issuer,
- PKIX_PL_Date *date,
- pkix_RevocationMethod *checkerObject,
- PKIX_ProcessingParams *procParams,
- PKIX_UInt32 methodFlags,
- PKIX_Boolean chainVerificationState,
- PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *pReasonCode,
- void *plContext)
-{
- PKIX_PL_OcspCertID *cid = NULL;
- PKIX_Boolean hasFreshStatus = PKIX_FALSE;
- PKIX_Boolean statusIsGood = PKIX_FALSE;
- SECErrorCodes resultCode = SEC_ERROR_REVOKED_CERTIFICATE_OCSP;
- PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
-
- PKIX_ENTER(OCSPCHECKER, "pkix_OcspChecker_CheckLocal");
-
- PKIX_CHECK(
- PKIX_PL_OcspCertID_Create(cert, NULL, &cid,
- plContext),
- PKIX_OCSPCERTIDCREATEFAILED);
- if (!cid) {
- goto cleanup;
- }
-
- PKIX_CHECK(
- PKIX_PL_OcspCertID_GetFreshCacheStatus(cid, NULL,
- &hasFreshStatus,
- &statusIsGood,
- &resultCode,
- plContext),
- PKIX_OCSPCERTIDGETFRESHCACHESTATUSFAILED);
- if (hasFreshStatus) {
- if (statusIsGood) {
- revStatus = PKIX_RevStatus_Success;
- resultCode = 0;
- } else {
- revStatus = PKIX_RevStatus_Revoked;
- }
- }
-
-cleanup:
- *pRevStatus = revStatus;
-
- /* ocsp carries only tree statuses: good, bad, and unknown.
- * revStatus is used to pass them. reasonCode is always set
- * to be unknown. */
- *pReasonCode = crlEntryReasonUnspecified;
- PKIX_DECREF(cid);
-
- PKIX_RETURN(OCSPCHECKER);
-}
-
-
-/*
- * The OCSPChecker is created in an idle state, and remains in this state until
- * either (a) the default Responder has been set and enabled, and a Check
- * request is received with no responder specified, or (b) a Check request is
- * received with a specified responder. A request message is constructed and
- * given to the HttpClient. If non-blocking I/O is used the client may return
- * with WOULDBLOCK, in which case the OCSPChecker returns the WOULDBLOCK
- * condition to its caller in turn. On a subsequent call the I/O is resumed.
- * When a response is received it is decoded and the results provided to the
- * caller.
- *
- */
-PKIX_Error *
-pkix_OcspChecker_CheckExternal(
- PKIX_PL_Cert *cert,
- PKIX_PL_Cert *issuer,
- PKIX_PL_Date *date,
- pkix_RevocationMethod *checkerObject,
- PKIX_ProcessingParams *procParams,
- PKIX_UInt32 methodFlags,
- PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *pReasonCode,
- void **pNBIOContext,
- void *plContext)
-{
- SECErrorCodes resultCode = SEC_ERROR_REVOKED_CERTIFICATE_OCSP;
- PKIX_Boolean uriFound = PKIX_FALSE;
- PKIX_Boolean passed = PKIX_TRUE;
- pkix_OcspChecker *checker = NULL;
- PKIX_PL_OcspCertID *cid = NULL;
- PKIX_PL_OcspRequest *request = NULL;
- PKIX_PL_OcspResponse *response = NULL;
- PKIX_PL_Date *validity = NULL;
- PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
- void *nbioContext = NULL;
-
- PKIX_ENTER(OCSPCHECKER, "pkix_OcspChecker_CheckExternal");
-
- PKIX_CHECK(
- pkix_CheckType((PKIX_PL_Object*)checkerObject,
- PKIX_OCSPCHECKER_TYPE, plContext),
- PKIX_OBJECTNOTOCSPCHECKER);
-
- checker = (pkix_OcspChecker *)checkerObject;
-
- PKIX_CHECK(
- PKIX_PL_OcspCertID_Create(cert, NULL, &cid,
- plContext),
- PKIX_OCSPCERTIDCREATEFAILED);
-
- /* create request */
- PKIX_CHECK(
- pkix_pl_OcspRequest_Create(cert, cid, validity, NULL,
- methodFlags, &uriFound, &request,
- plContext),
- PKIX_OCSPREQUESTCREATEFAILED);
-
- if (uriFound == PKIX_FALSE) {
- /* no caching for certs lacking URI */
- resultCode = 0;
- goto cleanup;
- }
-
- /* send request and create a response object */
- PKIX_CHECK(
- pkix_pl_OcspResponse_Create(request, NULL,
- checker->certVerifyFcn,
- &nbioContext,
- &response,
- plContext),
- PKIX_OCSPRESPONSECREATEFAILED);
- if (nbioContext != 0) {
- *pNBIOContext = nbioContext;
- goto cleanup;
- }
-
- PKIX_CHECK(
- pkix_pl_OcspResponse_Decode(response, &passed,
- &resultCode, plContext),
- PKIX_OCSPRESPONSEDECODEFAILED);
- if (passed == PKIX_FALSE) {
- goto cleanup;
- }
-
- PKIX_CHECK(
- pkix_pl_OcspResponse_GetStatus(response, &passed,
- &resultCode, plContext),
- PKIX_OCSPRESPONSEGETSTATUSRETURNEDANERROR);
- if (passed == PKIX_FALSE) {
- goto cleanup;
- }
-
- PKIX_CHECK(
- pkix_pl_OcspResponse_VerifySignature(response, cert,
- procParams, &passed,
- &nbioContext, plContext),
- PKIX_OCSPRESPONSEVERIFYSIGNATUREFAILED);
- if (nbioContext != 0) {
- *pNBIOContext = nbioContext;
- goto cleanup;
- }
- if (passed == PKIX_FALSE) {
- goto cleanup;
- }
-
- PKIX_CHECK(
- pkix_pl_OcspResponse_GetStatusForCert(cid, response,
- &passed, &resultCode,
- plContext),
- PKIX_OCSPRESPONSEGETSTATUSFORCERTFAILED);
- if (passed == PKIX_FALSE) {
- revStatus = PKIX_RevStatus_Revoked;
- } else {
- revStatus = PKIX_RevStatus_Success;
- }
-
-cleanup:
- if (revStatus == PKIX_RevStatus_NoInfo && (uriFound ||
- methodFlags & PKIX_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE) &&
- methodFlags & PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO) {
- revStatus = PKIX_RevStatus_Revoked;
- }
- *pRevStatus = revStatus;
-
- /* ocsp carries only tree statuses: good, bad, and unknown.
- * revStatus is used to pass them. reasonCode is always set
- * to be unknown. */
- *pReasonCode = crlEntryReasonUnspecified;
-
- if (!passed && cid && cid->certID) {
- /* We still own the certID object, which means that
- * it did not get consumed to create a cache entry.
- * Let's make sure there is one.
- */
- PKIX_Error *err;
- err = PKIX_PL_OcspCertID_RememberOCSPProcessingFailure(
- cid, plContext);
- if (err) {
- PKIX_PL_Object_DecRef((PKIX_PL_Object*)err, plContext);
- }
- }
- PKIX_DECREF(cid);
- PKIX_DECREF(request);
- PKIX_DECREF(response);
-
- PKIX_RETURN(OCSPCHECKER);
-}
-
-
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h
deleted file mode 100644
index 89c1a1cc5..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_ocspchecker.h
- *
- * OcspChecker Object Type Definition
- *
- */
-
-#ifndef _PKIX_OCSPCHECKER_H
-#define _PKIX_OCSPCHECKER_H
-
-#include "pkix_tools.h"
-#include "pkix_revocationmethod.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* NOTE: nbio logic removed. Will be replaced later. */
-
-PKIX_Error *
-pkix_OcspChecker_CheckLocal(
- PKIX_PL_Cert *cert,
- PKIX_PL_Cert *issuer,
- PKIX_PL_Date *date,
- pkix_RevocationMethod *checkerObject,
- PKIX_ProcessingParams *procParams,
- PKIX_UInt32 methodFlags,
- PKIX_Boolean chainVerificationState,
- PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *reasonCode,
- void *plContext);
-
-PKIX_Error *
-pkix_OcspChecker_CheckExternal(
- PKIX_PL_Cert *cert,
- PKIX_PL_Cert *issuer,
- PKIX_PL_Date *date,
- pkix_RevocationMethod *checkerObject,
- PKIX_ProcessingParams *procParams,
- PKIX_UInt32 methodFlags,
- PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *reasonCode,
- void **pNBIOContext,
- void *plContext);
-
-PKIX_Error *
-pkix_OcspChecker_Create(PKIX_RevocationMethodType methodType,
- PKIX_UInt32 flags,
- PKIX_UInt32 priority,
- pkix_LocalRevocationCheckFn localRevChecker,
- pkix_ExternalRevocationCheckFn externalRevChecker,
- PKIX_PL_VerifyCallback certVerifyFn,
- pkix_RevocationMethod **pChecker,
- void *plContext);
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_OcspChecker_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_OCSPCHECKER_H */
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_policychecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_policychecker.c
deleted file mode 100755
index 162f4763d..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_policychecker.c
+++ /dev/null
@@ -1,2795 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_policychecker.c
- *
- * Functions for Policy Checker
- *
- */
-#include "pkix_policychecker.h"
-
-/* --Forward declarations----------------------------------------------- */
-
-static PKIX_Error *
-pkix_PolicyChecker_MakeSingleton(
- PKIX_PL_Object *listItem,
- PKIX_Boolean immutability,
- PKIX_List **pList,
- void *plContext);
-
-/* --Private-PolicyCheckerState-Functions---------------------------------- */
-
-/*
- * FUNCTION:pkix_PolicyCheckerState_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_PolicyCheckerState_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PolicyCheckerState *checkerState = NULL;
-
- PKIX_ENTER(CERTPOLICYCHECKERSTATE, "pkix_PolicyCheckerState_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_CERTPOLICYCHECKERSTATE_TYPE, plContext),
- PKIX_OBJECTNOTPOLICYCHECKERSTATE);
-
- checkerState = (PKIX_PolicyCheckerState *)object;
-
- PKIX_DECREF(checkerState->certPoliciesExtension);
- PKIX_DECREF(checkerState->policyMappingsExtension);
- PKIX_DECREF(checkerState->policyConstraintsExtension);
- PKIX_DECREF(checkerState->inhibitAnyPolicyExtension);
- PKIX_DECREF(checkerState->anyPolicyOID);
- PKIX_DECREF(checkerState->validPolicyTree);
- PKIX_DECREF(checkerState->userInitialPolicySet);
- PKIX_DECREF(checkerState->mappedUserInitialPolicySet);
-
- checkerState->policyQualifiersRejected = PKIX_FALSE;
- checkerState->explicitPolicy = 0;
- checkerState->inhibitAnyPolicy = 0;
- checkerState->policyMapping = 0;
- checkerState->numCerts = 0;
- checkerState->certsProcessed = 0;
- checkerState->certPoliciesCritical = PKIX_FALSE;
-
- PKIX_DECREF(checkerState->anyPolicyNodeAtBottom);
- PKIX_DECREF(checkerState->newAnyPolicyNode);
- PKIX_DECREF(checkerState->mappedPolicyOIDs);
-
-cleanup:
-
- PKIX_RETURN(CERTPOLICYCHECKERSTATE);
-}
-
-/*
- * FUNCTION: pkix_PolicyCheckerState_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_PolicyCheckerState_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pCheckerStateString,
- void *plContext)
-{
- PKIX_PolicyCheckerState *state = NULL;
- PKIX_PL_String *resultString = NULL;
- PKIX_PL_String *policiesExtOIDString = NULL;
- PKIX_PL_String *policyMapOIDString = NULL;
- PKIX_PL_String *policyConstrOIDString = NULL;
- PKIX_PL_String *inhAnyPolOIDString = NULL;
- PKIX_PL_String *anyPolicyOIDString = NULL;
- PKIX_PL_String *validPolicyTreeString = NULL;
- PKIX_PL_String *userInitialPolicySetString = NULL;
- PKIX_PL_String *mappedUserPolicySetString = NULL;
- PKIX_PL_String *mappedPolicyOIDsString = NULL;
- PKIX_PL_String *anyAtBottomString = NULL;
- PKIX_PL_String *newAnyPolicyString = NULL;
- PKIX_PL_String *formatString = NULL;
- PKIX_PL_String *trueString = NULL;
- PKIX_PL_String *falseString = NULL;
- PKIX_PL_String *nullString = NULL;
- PKIX_Boolean initialPolicyMappingInhibit = PKIX_FALSE;
- PKIX_Boolean initialExplicitPolicy = PKIX_FALSE;
- PKIX_Boolean initialAnyPolicyInhibit = PKIX_FALSE;
- PKIX_Boolean initialIsAnyPolicy = PKIX_FALSE;
- PKIX_Boolean policyQualifiersRejected = PKIX_FALSE;
- PKIX_Boolean certPoliciesCritical = PKIX_FALSE;
- char *asciiFormat =
- "{\n"
- "\tcertPoliciesExtension: \t%s\n"
- "\tpolicyMappingsExtension: \t%s\n"
- "\tpolicyConstraintsExtension:\t%s\n"
- "\tinhibitAnyPolicyExtension:\t%s\n"
- "\tanyPolicyOID: \t%s\n"
- "\tinitialIsAnyPolicy: \t%s\n"
- "\tvalidPolicyTree: \t%s\n"
- "\tuserInitialPolicySet: \t%s\n"
- "\tmappedUserPolicySet: \t%s\n"
- "\tpolicyQualifiersRejected: \t%s\n"
- "\tinitialPolMappingInhibit: \t%s\n"
- "\tinitialExplicitPolicy: \t%s\n"
- "\tinitialAnyPolicyInhibit: \t%s\n"
- "\texplicitPolicy: \t%d\n"
- "\tinhibitAnyPolicy: \t%d\n"
- "\tpolicyMapping: \t%d\n"
- "\tnumCerts: \t%d\n"
- "\tcertsProcessed: \t%d\n"
- "\tanyPolicyNodeAtBottom: \t%s\n"
- "\tnewAnyPolicyNode: \t%s\n"
- "\tcertPoliciesCritical: \t%s\n"
- "\tmappedPolicyOIDs: \t%s\n"
- "}";
-
- PKIX_ENTER(CERTPOLICYCHECKERSTATE, "pkix_PolicyCheckerState_ToString");
-
- PKIX_NULLCHECK_TWO(object, pCheckerStateString);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_CERTPOLICYCHECKERSTATE_TYPE, plContext),
- PKIX_OBJECTNOTPOLICYCHECKERSTATE);
-
- state = (PKIX_PolicyCheckerState *)object;
- PKIX_NULLCHECK_THREE
- (state->certPoliciesExtension,
- state->policyMappingsExtension,
- state->policyConstraintsExtension);
- PKIX_NULLCHECK_THREE
- (state->inhibitAnyPolicyExtension,
- state->anyPolicyOID,
- state->userInitialPolicySet);
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext),
- PKIX_STRINGCREATEFAILED);
- /*
- * Create TRUE, FALSE, and "NULL" PKIX_PL_Strings. But creating a
- * PKIX_PL_String is complicated enough, it's worth checking, for
- * each, to make sure the string is needed.
- */
- initialPolicyMappingInhibit = state->initialPolicyMappingInhibit;
- initialExplicitPolicy = state->initialExplicitPolicy;
- initialAnyPolicyInhibit = state->initialAnyPolicyInhibit;
- initialIsAnyPolicy = state->initialIsAnyPolicy;
- policyQualifiersRejected = state->policyQualifiersRejected;
- certPoliciesCritical = state->certPoliciesCritical;
-
- if (initialPolicyMappingInhibit || initialExplicitPolicy ||
- initialAnyPolicyInhibit || initialIsAnyPolicy ||
- policyQualifiersRejected || certPoliciesCritical) {
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, "TRUE", 0, &trueString, plContext),
- PKIX_STRINGCREATEFAILED);
- }
- if (!initialPolicyMappingInhibit || !initialExplicitPolicy ||
- !initialAnyPolicyInhibit || !initialIsAnyPolicy ||
- !policyQualifiersRejected || !certPoliciesCritical) {
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, "FALSE", 0, &falseString, plContext),
- PKIX_STRINGCREATEFAILED);
- }
- if (!(state->anyPolicyNodeAtBottom) || !(state->newAnyPolicyNode)) {
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, "(null)", 0, &nullString, plContext),
- PKIX_STRINGCREATEFAILED);
- }
-
- PKIX_TOSTRING
- (state->certPoliciesExtension, &policiesExtOIDString, plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_TOSTRING
- (state->policyMappingsExtension,
- &policyMapOIDString,
- plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_TOSTRING
- (state->policyConstraintsExtension,
- &policyConstrOIDString,
- plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_TOSTRING
- (state->inhibitAnyPolicyExtension,
- &inhAnyPolOIDString,
- plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_TOSTRING(state->anyPolicyOID, &anyPolicyOIDString, plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_TOSTRING(state->validPolicyTree, &validPolicyTreeString, plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_TOSTRING
- (state->userInitialPolicySet,
- &userInitialPolicySetString,
- plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_TOSTRING
- (state->mappedUserInitialPolicySet,
- &mappedUserPolicySetString,
- plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- if (state->anyPolicyNodeAtBottom) {
- PKIX_CHECK(pkix_SinglePolicyNode_ToString
- (state->anyPolicyNodeAtBottom,
- &anyAtBottomString,
- plContext),
- PKIX_SINGLEPOLICYNODETOSTRINGFAILED);
- } else {
- PKIX_INCREF(nullString);
- anyAtBottomString = nullString;
- }
-
- if (state->newAnyPolicyNode) {
- PKIX_CHECK(pkix_SinglePolicyNode_ToString
- (state->newAnyPolicyNode,
- &newAnyPolicyString,
- plContext),
- PKIX_SINGLEPOLICYNODETOSTRINGFAILED);
- } else {
- PKIX_INCREF(nullString);
- newAnyPolicyString = nullString;
- }
-
- PKIX_TOSTRING
- (state->mappedPolicyOIDs,
- &mappedPolicyOIDsString,
- plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&resultString,
- plContext,
- formatString,
- policiesExtOIDString,
- policyMapOIDString,
- policyConstrOIDString,
- inhAnyPolOIDString,
- anyPolicyOIDString,
- initialIsAnyPolicy?trueString:falseString,
- validPolicyTreeString,
- userInitialPolicySetString,
- mappedUserPolicySetString,
- policyQualifiersRejected?trueString:falseString,
- initialPolicyMappingInhibit?trueString:falseString,
- initialExplicitPolicy?trueString:falseString,
- initialAnyPolicyInhibit?trueString:falseString,
- state->explicitPolicy,
- state->inhibitAnyPolicy,
- state->policyMapping,
- state->numCerts,
- state->certsProcessed,
- anyAtBottomString,
- newAnyPolicyString,
- certPoliciesCritical?trueString:falseString,
- mappedPolicyOIDsString),
- PKIX_SPRINTFFAILED);
-
- *pCheckerStateString = resultString;
-
-cleanup:
- PKIX_DECREF(policiesExtOIDString);
- PKIX_DECREF(policyMapOIDString);
- PKIX_DECREF(policyConstrOIDString);
- PKIX_DECREF(inhAnyPolOIDString);
- PKIX_DECREF(anyPolicyOIDString);
- PKIX_DECREF(validPolicyTreeString);
- PKIX_DECREF(userInitialPolicySetString);
- PKIX_DECREF(mappedUserPolicySetString);
- PKIX_DECREF(anyAtBottomString);
- PKIX_DECREF(newAnyPolicyString);
- PKIX_DECREF(mappedPolicyOIDsString);
- PKIX_DECREF(formatString);
- PKIX_DECREF(trueString);
- PKIX_DECREF(falseString);
- PKIX_DECREF(nullString);
-
- PKIX_RETURN(CERTPOLICYCHECKERSTATE);
-}
-
-/*
- * FUNCTION: pkix_PolicyCheckerState_RegisterSelf
- * DESCRIPTION:
- *
- * Registers PKIX_POLICYCHECKERSTATE_TYPE and its related functions
- * with systemClasses[]
- *
- * PARAMETERS:
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_PolicyCheckerState_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER
- (CERTPOLICYCHECKERSTATE,
- "pkix_PolicyCheckerState_RegisterSelf");
-
- entry.description = "PolicyCheckerState";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PolicyCheckerState);
- entry.destructor = pkix_PolicyCheckerState_Destroy;
- entry.equalsFunction = NULL;
- entry.hashcodeFunction = NULL;
- entry.toStringFunction = pkix_PolicyCheckerState_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = NULL;
-
- systemClasses[PKIX_CERTPOLICYCHECKERSTATE_TYPE] = entry;
-
- PKIX_RETURN(CERTPOLICYCHECKERSTATE);
-}
-
-/*
- * FUNCTION:pkix_PolicyCheckerState_Create
- * DESCRIPTION:
- *
- * Creates a PolicyCheckerState Object, using the List pointed to
- * by "initialPolicies" for the user-initial-policy-set, the Boolean value
- * of "policyQualifiersRejected" for the policyQualifiersRejected parameter,
- * the Boolean value of "initialPolicyMappingInhibit" for the
- * inhibitPolicyMappings parameter, the Boolean value of
- * "initialExplicitPolicy" for the initialExplicitPolicy parameter, the
- * Boolean value of "initialAnyPolicyInhibit" for the inhibitAnyPolicy
- * parameter, and the UInt32 value of "numCerts" as the number of
- * certificates in the chain; and stores the Object at "pCheckerState".
- *
- * PARAMETERS:
- * "initialPolicies"
- * Address of List of OIDs comprising the user-initial-policy-set; the List
- * may be empty, but must be non-NULL
- * "policyQualifiersRejected"
- * Boolean value of the policyQualifiersRejected parameter
- * "initialPolicyMappingInhibit"
- * Boolean value of the inhibitPolicyMappings parameter
- * "initialExplicitPolicy"
- * Boolean value of the initialExplicitPolicy parameter
- * "initialAnyPolicyInhibit"
- * Boolean value of the inhibitAnyPolicy parameter
- * "numCerts"
- * Number of certificates in the chain to be validated
- * "pCheckerState"
- * Address where PolicyCheckerState will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a CertPolicyCheckerState Error if the functions fails in a
- * non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-static PKIX_Error *
-pkix_PolicyCheckerState_Create(
- PKIX_List *initialPolicies,
- PKIX_Boolean policyQualifiersRejected,
- PKIX_Boolean initialPolicyMappingInhibit,
- PKIX_Boolean initialExplicitPolicy,
- PKIX_Boolean initialAnyPolicyInhibit,
- PKIX_UInt32 numCerts,
- PKIX_PolicyCheckerState **pCheckerState,
- void *plContext)
-{
- PKIX_PolicyCheckerState *checkerState = NULL;
- PKIX_PolicyNode *policyNode = NULL;
- PKIX_List *anyPolicyList = NULL;
-
- PKIX_ENTER(CERTPOLICYCHECKERSTATE, "pkix_PolicyCheckerState_Create");
- PKIX_NULLCHECK_TWO(initialPolicies, pCheckerState);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_CERTPOLICYCHECKERSTATE_TYPE,
- sizeof (PKIX_PolicyCheckerState),
- (PKIX_PL_Object **)&checkerState,
- plContext),
- PKIX_COULDNOTCREATEPOLICYCHECKERSTATEOBJECT);
-
- /* Create constant PKIX_PL_OIDs: */
-
- PKIX_CHECK(PKIX_PL_OID_Create
- (PKIX_CERTIFICATEPOLICIES_OID,
- &(checkerState->certPoliciesExtension),
- plContext),
- PKIX_OIDCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_OID_Create
- (PKIX_POLICYMAPPINGS_OID,
- &(checkerState->policyMappingsExtension),
- plContext),
- PKIX_OIDCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_OID_Create
- (PKIX_POLICYCONSTRAINTS_OID,
- &(checkerState->policyConstraintsExtension),
- plContext),
- PKIX_OIDCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_OID_Create
- (PKIX_INHIBITANYPOLICY_OID,
- &(checkerState->inhibitAnyPolicyExtension),
- plContext),
- PKIX_OIDCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_OID_Create
- (PKIX_CERTIFICATEPOLICIES_ANYPOLICY_OID,
- &(checkerState->anyPolicyOID),
- plContext),
- PKIX_OIDCREATEFAILED);
-
- /* Create an initial policy set from argument supplied */
- PKIX_INCREF(initialPolicies);
- checkerState->userInitialPolicySet = initialPolicies;
- PKIX_INCREF(initialPolicies);
- checkerState->mappedUserInitialPolicySet = initialPolicies;
-
- PKIX_CHECK(pkix_List_Contains
- (initialPolicies,
- (PKIX_PL_Object *)(checkerState->anyPolicyOID),
- &(checkerState->initialIsAnyPolicy),
- plContext),
- PKIX_LISTCONTAINSFAILED);
-
- checkerState->policyQualifiersRejected =
- policyQualifiersRejected;
- checkerState->initialExplicitPolicy = initialExplicitPolicy;
- checkerState->explicitPolicy =
- (initialExplicitPolicy? 0: numCerts + 1);
- checkerState->initialAnyPolicyInhibit = initialAnyPolicyInhibit;
- checkerState->inhibitAnyPolicy =
- (initialAnyPolicyInhibit? 0: numCerts + 1);
- checkerState->initialPolicyMappingInhibit = initialPolicyMappingInhibit;
- checkerState->policyMapping =
- (initialPolicyMappingInhibit? 0: numCerts + 1);
- ;
- checkerState->numCerts = numCerts;
- checkerState->certsProcessed = 0;
- checkerState->certPoliciesCritical = PKIX_FALSE;
-
- /* Create a valid_policy_tree as in RFC3280 6.1.2(a) */
- PKIX_CHECK(pkix_PolicyChecker_MakeSingleton
- ((PKIX_PL_Object *)(checkerState->anyPolicyOID),
- PKIX_TRUE,
- &anyPolicyList,
- plContext),
- PKIX_POLICYCHECKERMAKESINGLETONFAILED);
-
- PKIX_CHECK(pkix_PolicyNode_Create
- (checkerState->anyPolicyOID, /* validPolicy */
- NULL, /* qualifier set */
- PKIX_FALSE, /* criticality */
- anyPolicyList, /* expectedPolicySet */
- &policyNode,
- plContext),
- PKIX_POLICYNODECREATEFAILED);
- checkerState->validPolicyTree = policyNode;
-
- /*
- * Since the initial validPolicyTree specifies
- * ANY_POLICY, begin with a pointer to the root node.
- */
- PKIX_INCREF(policyNode);
- checkerState->anyPolicyNodeAtBottom = policyNode;
-
- checkerState->newAnyPolicyNode = NULL;
-
- checkerState->mappedPolicyOIDs = NULL;
-
- *pCheckerState = checkerState;
- checkerState = NULL;
-
-cleanup:
-
- PKIX_DECREF(checkerState);
-
- PKIX_DECREF(anyPolicyList);
-
- PKIX_RETURN(CERTPOLICYCHECKERSTATE);
-}
-
-/* --Private-PolicyChecker-Functions--------------------------------------- */
-
-/*
- * FUNCTION: pkix_PolicyChecker_MapContains
- * DESCRIPTION:
- *
- * Checks the List of CertPolicyMaps pointed to by "certPolicyMaps", to
- * determine whether the OID pointed to by "policy" is among the
- * issuerDomainPolicies or subjectDomainPolicies of "certPolicyMaps", and
- * stores the result in "pFound".
- *
- * This function is intended to allow an efficient check that the proscription
- * against anyPolicy being mapped, described in RFC3280 Section 6.1.4(a), is
- * not violated.
- *
- * PARAMETERS:
- * "certPolicyMaps"
- * Address of List of CertPolicyMaps to be searched. May be empty, but
- * must be non-NULL
- * "policy"
- * Address of OID to be checked for. Must be non-NULL
- * "pFound"
- * Address where the result of the search will be stored. Must be non-NULL.
- * "plContext"
- * platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-PKIX_Error *
-pkix_PolicyChecker_MapContains(
- PKIX_List *certPolicyMaps,
- PKIX_PL_OID *policy,
- PKIX_Boolean *pFound,
- void *plContext)
-{
- PKIX_PL_CertPolicyMap *map = NULL;
- PKIX_UInt32 numEntries = 0;
- PKIX_UInt32 index = 0;
- PKIX_Boolean match = PKIX_FALSE;
- PKIX_PL_OID *issuerDomainPolicy = NULL;
- PKIX_PL_OID *subjectDomainPolicy = NULL;
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_MapContains");
- PKIX_NULLCHECK_THREE(certPolicyMaps, policy, pFound);
-
- PKIX_CHECK(PKIX_List_GetLength(certPolicyMaps, &numEntries, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (index = 0; (!match) && (index < numEntries); index++) {
- PKIX_CHECK(PKIX_List_GetItem
- (certPolicyMaps, index, (PKIX_PL_Object **)&map, plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_NULLCHECK_ONE(map);
-
- PKIX_CHECK(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
- (map, &issuerDomainPolicy, plContext),
- PKIX_CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED);
-
- PKIX_EQUALS
- (policy, issuerDomainPolicy, &match, plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- if (!match) {
- PKIX_CHECK(PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy
- (map, &subjectDomainPolicy, plContext),
- PKIX_CERTPOLICYMAPGETSUBJECTDOMAINPOLICYFAILED);
-
- PKIX_EQUALS
- (policy, subjectDomainPolicy, &match, plContext,
- PKIX_OBJECTEQUALSFAILED);
- }
-
- PKIX_DECREF(map);
- PKIX_DECREF(issuerDomainPolicy);
- PKIX_DECREF(subjectDomainPolicy);
- }
-
- *pFound = match;
-
-cleanup:
-
- PKIX_DECREF(map);
- PKIX_DECREF(issuerDomainPolicy);
- PKIX_DECREF(subjectDomainPolicy);
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-/*
- * FUNCTION: pkix_PolicyChecker_MapGetSubjectDomainPolicies
- * DESCRIPTION:
- *
- * Checks the List of CertPolicyMaps pointed to by "certPolicyMaps", to create
- * a list of all SubjectDomainPolicies for which the IssuerDomainPolicy is the
- * policy pointed to by "policy", and stores the result in
- * "pSubjectDomainPolicies".
- *
- * If the List of CertPolicyMaps provided in "certPolicyMaps" is NULL, the
- * resulting List will be NULL. If there are CertPolicyMaps, but none that
- * include "policy" as an IssuerDomainPolicy, the returned List pointer will
- * be NULL. Otherwise, the returned List will contain the SubjectDomainPolicies
- * of all CertPolicyMaps for which "policy" is the IssuerDomainPolicy. If a
- * List is returned it will be immutable.
- *
- * PARAMETERS:
- * "certPolicyMaps"
- * Address of List of CertPolicyMaps to be searched. May be empty or NULL.
- * "policy"
- * Address of OID to be checked for. Must be non-NULL
- * "pSubjectDomainPolicies"
- * Address where the result of the search will be stored. Must be non-NULL.
- * "plContext"
- * platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-PKIX_Error *
-pkix_PolicyChecker_MapGetSubjectDomainPolicies(
- PKIX_List *certPolicyMaps,
- PKIX_PL_OID *policy,
- PKIX_List **pSubjectDomainPolicies,
- void *plContext)
-{
- PKIX_PL_CertPolicyMap *map = NULL;
- PKIX_List *subjectList = NULL;
- PKIX_UInt32 numEntries = 0;
- PKIX_UInt32 index = 0;
- PKIX_Boolean match = PKIX_FALSE;
- PKIX_PL_OID *issuerDomainPolicy = NULL;
- PKIX_PL_OID *subjectDomainPolicy = NULL;
-
- PKIX_ENTER
- (CERTCHAINCHECKER,
- "pkix_PolicyChecker_MapGetSubjectDomainPolicies");
- PKIX_NULLCHECK_TWO(policy, pSubjectDomainPolicies);
-
- if (certPolicyMaps) {
- PKIX_CHECK(PKIX_List_GetLength
- (certPolicyMaps,
- &numEntries,
- plContext),
- PKIX_LISTGETLENGTHFAILED);
- }
-
- for (index = 0; index < numEntries; index++) {
- PKIX_CHECK(PKIX_List_GetItem
- (certPolicyMaps, index, (PKIX_PL_Object **)&map, plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_NULLCHECK_ONE(map);
-
- PKIX_CHECK(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
- (map, &issuerDomainPolicy, plContext),
- PKIX_CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED);
-
- PKIX_EQUALS
- (policy, issuerDomainPolicy, &match, plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- if (match) {
- if (!subjectList) {
- PKIX_CHECK(PKIX_List_Create(&subjectList, plContext),
- PKIX_LISTCREATEFAILED);
- }
-
- PKIX_CHECK(PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy
- (map, &subjectDomainPolicy, plContext),
- PKIX_CERTPOLICYMAPGETSUBJECTDOMAINPOLICYFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (subjectList,
- (PKIX_PL_Object *)subjectDomainPolicy,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- }
-
- PKIX_DECREF(map);
- PKIX_DECREF(issuerDomainPolicy);
- PKIX_DECREF(subjectDomainPolicy);
- }
-
- if (subjectList) {
- PKIX_CHECK(PKIX_List_SetImmutable(subjectList, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
- }
-
- *pSubjectDomainPolicies = subjectList;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED) {
- PKIX_DECREF(subjectList);
- }
-
- PKIX_DECREF(map);
- PKIX_DECREF(issuerDomainPolicy);
- PKIX_DECREF(subjectDomainPolicy);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-/*
- * FUNCTION: pkix_PolicyChecker_MapGetMappedPolicies
- * DESCRIPTION:
- *
- * Checks the List of CertPolicyMaps pointed to by "certPolicyMaps" to create a
- * List of all IssuerDomainPolicies, and stores the result in
- * "pMappedPolicies".
- *
- * The caller may not rely on the IssuerDomainPolicies to be in any particular
- * order. IssuerDomainPolicies that appear in more than one CertPolicyMap will
- * only appear once in "pMappedPolicies". If "certPolicyMaps" is empty the
- * result will be an empty List. The created List is mutable.
- *
- * PARAMETERS:
- * "certPolicyMaps"
- * Address of List of CertPolicyMaps to be searched. May be empty, but
- * must be non-NULL.
- * "pMappedPolicies"
- * Address where the result will be stored. Must be non-NULL.
- * "plContext"
- * platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a CertChainChecker Error if the functions fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-PKIX_Error *
-pkix_PolicyChecker_MapGetMappedPolicies(
- PKIX_List *certPolicyMaps,
- PKIX_List **pMappedPolicies,
- void *plContext)
-{
- PKIX_PL_CertPolicyMap *map = NULL;
- PKIX_List *mappedList = NULL;
- PKIX_UInt32 numEntries = 0;
- PKIX_UInt32 index = 0;
- PKIX_Boolean isContained = PKIX_FALSE;
- PKIX_PL_OID *issuerDomainPolicy = NULL;
-
- PKIX_ENTER
- (CERTCHAINCHECKER, "pkix_PolicyChecker_MapGetMappedPolicies");
- PKIX_NULLCHECK_TWO(certPolicyMaps, pMappedPolicies);
-
- PKIX_CHECK(PKIX_List_Create(&mappedList, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength(certPolicyMaps, &numEntries, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (index = 0; index < numEntries; index++) {
- PKIX_CHECK(PKIX_List_GetItem
- (certPolicyMaps, index, (PKIX_PL_Object **)&map, plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_NULLCHECK_ONE(map);
-
- PKIX_CHECK(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
- (map, &issuerDomainPolicy, plContext),
- PKIX_CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED);
-
- PKIX_CHECK(pkix_List_Contains
- (mappedList,
- (PKIX_PL_Object *)issuerDomainPolicy,
- &isContained,
- plContext),
- PKIX_LISTCONTAINSFAILED);
-
- if (isContained == PKIX_FALSE) {
- PKIX_CHECK(PKIX_List_AppendItem
- (mappedList,
- (PKIX_PL_Object *)issuerDomainPolicy,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- }
-
- PKIX_DECREF(map);
- PKIX_DECREF(issuerDomainPolicy);
- }
-
- *pMappedPolicies = mappedList;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED) {
- PKIX_DECREF(mappedList);
- }
-
- PKIX_DECREF(map);
- PKIX_DECREF(issuerDomainPolicy);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-/*
- * FUNCTION: pkix_PolicyChecker_MakeMutableCopy
- * DESCRIPTION:
- *
- * Creates a mutable copy of the List pointed to by "list", which may or may
- * not be immutable, and stores the address at "pMutableCopy".
- *
- * PARAMETERS:
- * "list"
- * Address of List to be copied. Must be non-NULL.
- * "pMutableCopy"
- * Address where mutable copy will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a CertChainChecker Error if the functions fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-static PKIX_Error *
-pkix_PolicyChecker_MakeMutableCopy(
- PKIX_List *list,
- PKIX_List **pMutableCopy,
- void *plContext)
-{
- PKIX_List *newList = NULL;
- PKIX_UInt32 listLen = 0;
- PKIX_UInt32 listIx = 0;
- PKIX_PL_Object *object;
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_MakeMutableCopy");
- PKIX_NULLCHECK_TWO(list, pMutableCopy);
-
- PKIX_CHECK(PKIX_List_Create(&newList, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength(list, &listLen, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (listIx = 0; listIx < listLen; listIx++) {
-
- PKIX_CHECK(PKIX_List_GetItem(list, listIx, &object, plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem(newList, object, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_DECREF(object);
- }
-
- *pMutableCopy = newList;
- newList = NULL;
-
-cleanup:
- PKIX_DECREF(newList);
- PKIX_DECREF(object);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-/*
- * FUNCTION: pkix_PolicyChecker_MakeSingleton
- * DESCRIPTION:
- *
- * Creates a new List containing the Object pointed to by "listItem", using
- * the Boolean value of "immutability" to determine whether to set the List
- * immutable, and stores the address at "pList".
- *
- * PARAMETERS:
- * "listItem"
- * Address of Object to be inserted into the new List. Must be non-NULL.
- * "immutability"
- * Boolean value indicating whether new List is to be immutable
- * "pList"
- * Address where List will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a CertChainChecker Error if the functions fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-static PKIX_Error *
-pkix_PolicyChecker_MakeSingleton(
- PKIX_PL_Object *listItem,
- PKIX_Boolean immutability,
- PKIX_List **pList,
- void *plContext)
-{
- PKIX_List *newList = NULL;
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_MakeSingleton");
- PKIX_NULLCHECK_TWO(listItem, pList);
-
- PKIX_CHECK(PKIX_List_Create(&newList, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (newList, (PKIX_PL_Object *)listItem, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- if (immutability) {
- PKIX_CHECK(PKIX_List_SetImmutable(newList, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
- }
-
- *pList = newList;
-
-cleanup:
- if (PKIX_ERROR_RECEIVED) {
- PKIX_DECREF(newList);
- }
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-/*
- * FUNCTION: pkix_PolicyChecker_Spawn
- * DESCRIPTION:
- *
- * Creates a new childNode for the parent pointed to by "parent", using
- * the OID pointed to by "policyOID", the List of CertPolicyQualifiers
- * pointed to by "qualifiers", the List of OIDs pointed to by
- * "subjectDomainPolicies", and the PolicyCheckerState pointed to by
- * "state". The new node will be added to "parent".
- *
- * The validPolicy of the new node is set from the OID pointed to by
- * "policyOID". The policy qualifiers for the new node is set from the
- * List of qualifiers pointed to by "qualifiers", and may be NULL or
- * empty if the argument provided was NULL or empty. The criticality is
- * set according to the criticality obtained from the PolicyCheckerState.
- * If "subjectDomainPolicies" is NULL, the expectedPolicySet of the
- * child is set to contain the same policy as the validPolicy. If
- * "subjectDomainPolicies" is not NULL, it is used as the value for
- * the expectedPolicySet.
- *
- * The PolicyCheckerState also contains a constant, anyPolicy, which is
- * compared to "policyOID". If they match, the address of the childNode
- * is saved in the state's newAnyPolicyNode.
- *
- * PARAMETERS:
- * "parent"
- * Address of PolicyNode to which the child will be linked. Must be
- * non-NULL.
- * "policyOID"
- * Address of OID of the new child's validPolicy and also, if
- * subjectDomainPolicies is NULL, of the new child's expectedPolicySet.
- * Must be non-NULL.
- * "qualifiers"
- * Address of List of CertPolicyQualifiers. May be NULL or empty.
- * "subjectDomainPolicies"
- * Address of List of OIDs indicating the policies to which "policy" is
- * mapped. May be empty or NULL.
- * "state"
- * Address of the current PKIX_PolicyCheckerState. Must be non-NULL..
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a CertChainChecker Error if the functions fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-static PKIX_Error *
-pkix_PolicyChecker_Spawn(
- PKIX_PolicyNode *parent,
- PKIX_PL_OID *policyOID,
- PKIX_List *qualifiers, /* CertPolicyQualifiers */
- PKIX_List *subjectDomainPolicies,
- PKIX_PolicyCheckerState *state,
- void *plContext)
-{
- PKIX_List *expectedSet = NULL; /* OIDs */
- PKIX_PolicyNode *childNode = NULL;
- PKIX_Boolean match = PKIX_FALSE;
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_Spawn");
- PKIX_NULLCHECK_THREE(policyOID, parent, state);
-
- if (subjectDomainPolicies) {
-
- PKIX_INCREF(subjectDomainPolicies);
- expectedSet = subjectDomainPolicies;
-
- } else {
- /* Create the child's ExpectedPolicy Set */
- PKIX_CHECK(pkix_PolicyChecker_MakeSingleton
- ((PKIX_PL_Object *)policyOID,
- PKIX_TRUE, /* make expectedPolicySet immutable */
- &expectedSet,
- plContext),
- PKIX_POLICYCHECKERMAKESINGLETONFAILED);
- }
-
- PKIX_CHECK(pkix_PolicyNode_Create
- (policyOID,
- qualifiers,
- state->certPoliciesCritical,
- expectedSet,
- &childNode,
- plContext),
- PKIX_POLICYNODECREATEFAILED);
-
- /*
- * If we had a non-empty mapping, we know the new node could not
- * have been created with a validPolicy of anyPolicy. Otherwise,
- * check whether we just created a new node with anyPolicy, because
- * in that case we want to save the child pointer in newAnyPolicyNode.
- */
- if (!subjectDomainPolicies) {
- PKIX_EQUALS(policyOID, state->anyPolicyOID, &match, plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- if (match) {
- PKIX_DECREF(state->newAnyPolicyNode);
- PKIX_INCREF(childNode);
- state->newAnyPolicyNode = childNode;
- }
- }
-
- PKIX_CHECK(pkix_PolicyNode_AddToParent(parent, childNode, plContext),
- PKIX_POLICYNODEADDTOPARENTFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)state, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
- PKIX_DECREF(childNode);
- PKIX_DECREF(expectedSet);
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-/*
- * FUNCTION: pkix_PolicyChecker_CheckPolicyRecursive
- * DESCRIPTION:
- *
- * Performs policy processing for the policy whose OID is pointed to by
- * "policyOID" and whose List of CertPolicyQualifiers is pointed to by
- * "policyQualifiers", using the List of policy OIDs pointed to by
- * "subjectDomainPolicies" and the PolicyNode pointed to by "currentNode",
- * in accordance with the current PolicyCheckerState pointed to by "state",
- * and setting "pChildNodeCreated" to TRUE if a new childNode is created.
- * Note: "pChildNodeCreated" is not set to FALSE if no childNode is created.
- * The intent of the design is that the caller can set a variable to FALSE
- * initially, prior to a recursive set of calls. At the end, the variable
- * can be tested to see whether *any* of the calls created a child node.
- *
- * If the currentNode is not at the bottom of the tree, this function
- * calls itself recursively for each child of currentNode. At the bottom of
- * the tree, it creates new child nodes as appropriate. This function will
- * never be called with policy = anyPolicy.
- *
- * This function implements the processing described in RFC3280
- * Section 6.1.3(d)(1)(i).
- *
- * PARAMETERS:
- * "policyOID"
- * Address of OID of the policy to be checked for. Must be non-NULL.
- * "policyQualifiers"
- * Address of List of CertPolicyQualifiers of the policy to be checked for.
- * May be empty or NULL.
- * "subjectDomainPolicies"
- * Address of List of OIDs indicating the policies to which "policy" is
- * mapped. May be empty or NULL.
- * "currentNode"
- * Address of PolicyNode whose descendants will be checked, if not at the
- * bottom of the tree; or whose expectedPolicySet will be compared to
- * "policy", if at the bottom. Must be non-NULL.
- * "state"
- * Address of PolicyCheckerState of the current PolicyChecker. Must be
- * non-NULL.
- * "pChildNodeCreated"
- * Address of the Boolean that will be set TRUE if this function
- * creates a child node. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a CertChainChecker Error if the functions fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-static PKIX_Error *
-pkix_PolicyChecker_CheckPolicyRecursive(
- PKIX_PL_OID *policyOID,
- PKIX_List *policyQualifiers,
- PKIX_List *subjectDomainPolicies,
- PKIX_PolicyNode *currentNode,
- PKIX_PolicyCheckerState *state,
- PKIX_Boolean *pChildNodeCreated,
- void *plContext)
-{
- PKIX_UInt32 depth = 0;
- PKIX_UInt32 numChildren = 0;
- PKIX_UInt32 childIx = 0;
- PKIX_Boolean isIncluded = PKIX_FALSE;
- PKIX_List *children = NULL; /* PolicyNodes */
- PKIX_PolicyNode *childNode = NULL;
- PKIX_List *expectedPolicies = NULL; /* OIDs */
-
- PKIX_ENTER
- (CERTCHAINCHECKER,
- "pkix_PolicyChecker_CheckPolicyRecursive");
- PKIX_NULLCHECK_FOUR(policyOID, currentNode, state, pChildNodeCreated);
-
- /* if not at the bottom of the tree */
- PKIX_CHECK(PKIX_PolicyNode_GetDepth
- (currentNode, &depth, plContext),
- PKIX_POLICYNODEGETDEPTHFAILED);
-
- if (depth < (state->certsProcessed)) {
- PKIX_CHECK(pkix_PolicyNode_GetChildrenMutable
- (currentNode, &children, plContext),
- PKIX_POLICYNODEGETCHILDRENMUTABLEFAILED);
-
- if (children) {
- PKIX_CHECK(PKIX_List_GetLength
- (children, &numChildren, plContext),
- PKIX_LISTGETLENGTHFAILED);
- }
-
- for (childIx = 0; childIx < numChildren; childIx++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (children,
- childIx,
- (PKIX_PL_Object **)&childNode,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_PolicyChecker_CheckPolicyRecursive
- (policyOID,
- policyQualifiers,
- subjectDomainPolicies,
- childNode,
- state,
- pChildNodeCreated,
- plContext),
- PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED);
-
- PKIX_DECREF(childNode);
- }
- } else { /* if at the bottom of the tree */
-
- /* Check whether policy is in this node's expectedPolicySet */
- PKIX_CHECK(PKIX_PolicyNode_GetExpectedPolicies
- (currentNode, &expectedPolicies, plContext),
- PKIX_POLICYNODEGETEXPECTEDPOLICIESFAILED);
-
- PKIX_NULLCHECK_ONE(expectedPolicies);
-
- PKIX_CHECK(pkix_List_Contains
- (expectedPolicies,
- (PKIX_PL_Object *)policyOID,
- &isIncluded,
- plContext),
- PKIX_LISTCONTAINSFAILED);
-
- if (isIncluded) {
- PKIX_CHECK(pkix_PolicyChecker_Spawn
- (currentNode,
- policyOID,
- policyQualifiers,
- subjectDomainPolicies,
- state,
- plContext),
- PKIX_POLICYCHECKERSPAWNFAILED);
-
- *pChildNodeCreated = PKIX_TRUE;
- }
- }
-
-cleanup:
-
- PKIX_DECREF(children);
- PKIX_DECREF(childNode);
- PKIX_DECREF(expectedPolicies);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-/*
- * FUNCTION: pkix_PolicyChecker_CheckPolicy
- * DESCRIPTION:
- *
- * Performs the non-recursive portion of the policy processing for the policy
- * whose OID is pointed to by "policyOID" and whose List of
- * CertPolicyQualifiers is pointed to by "policyQualifiers", for the
- * Certificate pointed to by "cert" with the List of CertPolicyMaps pointed
- * to by "maps", in accordance with the current PolicyCheckerState pointed
- * to by "state".
- *
- * This function implements the processing described in RFC3280
- * Section 6.1.3(d)(1)(i).
- *
- * PARAMETERS:
- * "policyOID"
- * Address of OID of the policy to be checked for. Must be non-NULL.
- * "policyQualifiers"
- * Address of List of CertPolicyQualifiers of the policy to be checked for.
- * May be empty or NULL.
- * "cert"
- * Address of the current certificate. Must be non-NULL.
- * "maps"
- * Address of List of CertPolicyMaps for the current certificate
- * "state"
- * Address of PolicyCheckerState of the current PolicyChecker. Must be
- * non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a CertChainChecker Error if the functions fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-static PKIX_Error *
-pkix_PolicyChecker_CheckPolicy(
- PKIX_PL_OID *policyOID,
- PKIX_List *policyQualifiers,
- PKIX_PL_Cert *cert,
- PKIX_List *maps,
- PKIX_PolicyCheckerState *state,
- void *plContext)
-{
- PKIX_Boolean childNodeCreated = PKIX_FALSE;
- PKIX_Boolean okToSpawn = PKIX_FALSE;
- PKIX_Boolean found = PKIX_FALSE;
- PKIX_List *subjectDomainPolicies = NULL;
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_CheckPolicy");
- PKIX_NULLCHECK_THREE(policyOID, cert, state);
-
- /*
- * If this is not the last certificate, get the set of
- * subjectDomainPolicies that "policy" maps to, according to the
- * current cert's policy mapping extension. That set will be NULL
- * if the current cert does not have a policy mapping extension,
- * or if the current policy is not mapped.
- */
- if (state->certsProcessed != (state->numCerts - 1)) {
- PKIX_CHECK(pkix_PolicyChecker_MapGetSubjectDomainPolicies
- (maps, policyOID, &subjectDomainPolicies, plContext),
- PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED);
- }
-
- /*
- * Section 6.1.4(b)(2) tells us that if policyMapping is zero, we
- * will have to delete any nodes created with validPolicies equal to
- * policies that appear as issuerDomainPolicies in a policy mapping
- * extension. Let's avoid creating any such nodes.
- */
- if ((state->policyMapping) == 0) {
- if (subjectDomainPolicies) {
- goto cleanup;
- }
- }
-
- PKIX_CHECK(pkix_PolicyChecker_CheckPolicyRecursive
- (policyOID,
- policyQualifiers,
- subjectDomainPolicies,
- state->validPolicyTree,
- state,
- &childNodeCreated,
- plContext),
- PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED);
-
- if (!childNodeCreated) {
- /*
- * Section 6.1.3(d)(1)(ii)
- * There was no match. If there was a node at
- * depth i-1 with valid policy anyPolicy,
- * generate a node subordinate to that.
- *
- * But that means this created node would be in
- * the valid-policy-node-set, and will be
- * pruned in 6.1.5(g)(iii)(2) unless it is in
- * the user-initial-policy-set or the user-
- * initial-policy-set is {anyPolicy}. So check,
- * and don't create it if it will be pruned.
- */
- if (state->anyPolicyNodeAtBottom) {
- if (state->initialIsAnyPolicy) {
- okToSpawn = PKIX_TRUE;
- } else {
- PKIX_CHECK(pkix_List_Contains
- (state->mappedUserInitialPolicySet,
- (PKIX_PL_Object *)policyOID,
- &okToSpawn,
- plContext),
- PKIX_LISTCONTAINSFAILED);
- }
- if (okToSpawn) {
- PKIX_CHECK(pkix_PolicyChecker_Spawn
- (state->anyPolicyNodeAtBottom,
- policyOID,
- policyQualifiers,
- subjectDomainPolicies,
- state,
- plContext),
- PKIX_POLICYCHECKERSPAWNFAILED);
- childNodeCreated = PKIX_TRUE;
- }
- }
- }
-
- if (childNodeCreated) {
- /*
- * If this policy had qualifiers, and the certificate policies
- * extension was marked critical, and the user cannot deal with
- * policy qualifiers, throw an error.
- */
- if (policyQualifiers &&
- state->certPoliciesCritical &&
- state->policyQualifiersRejected) {
- PKIX_ERROR
- (PKIX_QUALIFIERSINCRITICALCERTIFICATEPOLICYEXTENSION);
- }
- /*
- * If the policy we just propagated was in the list of mapped
- * policies, remove it from the list. That list is used, at the
- * end, to determine policies that have not been propagated.
- */
- if (state->mappedPolicyOIDs) {
- PKIX_CHECK(pkix_List_Contains
- (state->mappedPolicyOIDs,
- (PKIX_PL_Object *)policyOID,
- &found,
- plContext),
- PKIX_LISTCONTAINSFAILED);
- if (found) {
- PKIX_CHECK(pkix_List_Remove
- (state->mappedPolicyOIDs,
- (PKIX_PL_Object *)policyOID,
- plContext),
- PKIX_LISTREMOVEFAILED);
- }
- }
- }
-
-cleanup:
-
- PKIX_DECREF(subjectDomainPolicies);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-/*
- * FUNCTION: pkix_PolicyChecker_CheckAny
- * DESCRIPTION:
- * Performs the creation of PolicyNodes, for the PolicyNode pointed to by
- * "currentNode" and PolicyNodes subordinate to it, using the List of
- * qualifiers pointed to by "qualsOfAny", in accordance with the current
- * certificate's PolicyMaps pointed to by "policyMaps" and the current
- * PolicyCheckerState pointed to by "state".
- *
- * If the currentNode is not just above the bottom of the validPolicyTree, this
- * function calls itself recursively for each child of currentNode. At the
- * level just above the bottom, for each policy in the currentNode's
- * expectedPolicySet not already present in a child node, it creates a new
- * child node. The validPolicy of the child created, and its expectedPolicySet,
- * will be the policy from the currentNode's expectedPolicySet. The policy
- * qualifiers will be the qualifiers from the current certificate's anyPolicy,
- * the "qualsOfAny" parameter. If the currentNode's expectedSet includes
- * anyPolicy, a childNode will be created with a policy of anyPolicy. This is
- * the only way such a node can be created.
- *
- * This function is called only when anyPolicy is one of the current
- * certificate's policies. This function implements the processing described
- * in RFC3280 Section 6.1.3(d)(2).
- *
- * PARAMETERS:
- * "currentNode"
- * Address of PolicyNode whose descendants will be checked, if not at the
- * bottom of the tree; or whose expectedPolicySet will be compared to those
- * in "alreadyPresent", if at the bottom. Must be non-NULL.
- * "qualsOfAny"
- * Address of List of qualifiers of the anyPolicy in the current
- * certificate. May be empty or NULL.
- * "policyMaps"
- * Address of the List of PolicyMaps of the current certificate. May be
- * empty or NULL.
- * "state"
- * Address of the current state of the PKIX_PolicyChecker.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a CertChainChecker Error if the functions fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-static PKIX_Error *
-pkix_PolicyChecker_CheckAny(
- PKIX_PolicyNode *currentNode,
- PKIX_List *qualsOfAny, /* CertPolicyQualifiers */
- PKIX_List *policyMaps, /* CertPolicyMaps */
- PKIX_PolicyCheckerState *state,
- void *plContext)
-{
- PKIX_UInt32 depth = 0;
- PKIX_UInt32 numChildren = 0;
- PKIX_UInt32 childIx = 0;
- PKIX_UInt32 numPolicies = 0;
- PKIX_UInt32 polx = 0;
- PKIX_Boolean isIncluded = PKIX_FALSE;
- PKIX_List *children = NULL; /* PolicyNodes */
- PKIX_PolicyNode *childNode = NULL;
- PKIX_List *expectedPolicies = NULL; /* OIDs */
- PKIX_PL_OID *policyOID = NULL;
- PKIX_PL_OID *childPolicy = NULL;
- PKIX_List *subjectDomainPolicies = NULL; /* OIDs */
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_CheckAny");
- PKIX_NULLCHECK_TWO(currentNode, state);
-
- PKIX_CHECK(PKIX_PolicyNode_GetDepth
- (currentNode, &depth, plContext),
- PKIX_POLICYNODEGETDEPTHFAILED);
-
- PKIX_CHECK(pkix_PolicyNode_GetChildrenMutable
- (currentNode, &children, plContext),
- PKIX_POLICYNODEGETCHILDRENMUTABLEFAILED);
-
- if (children) {
- PKIX_CHECK(PKIX_List_GetLength
- (children, &numChildren, plContext),
- PKIX_LISTGETLENGTHFAILED);
- }
-
- if (depth < (state->certsProcessed)) {
- for (childIx = 0; childIx < numChildren; childIx++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (children,
- childIx,
- (PKIX_PL_Object **)&childNode,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_NULLCHECK_ONE(childNode);
- PKIX_CHECK(pkix_PolicyChecker_CheckAny
- (childNode,
- qualsOfAny,
- policyMaps,
- state,
- plContext),
- PKIX_POLICYCHECKERCHECKANYFAILED);
-
- PKIX_DECREF(childNode);
- }
- } else { /* if at the bottom of the tree */
-
- PKIX_CHECK(PKIX_PolicyNode_GetExpectedPolicies
- (currentNode, &expectedPolicies, plContext),
- PKIX_POLICYNODEGETEXPECTEDPOLICIESFAILED);
-
- /* Expected Policy Set is not allowed to be NULL */
- PKIX_NULLCHECK_ONE(expectedPolicies);
-
- PKIX_CHECK(PKIX_List_GetLength
- (expectedPolicies, &numPolicies, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (polx = 0; polx < numPolicies; polx++) {
- PKIX_CHECK(PKIX_List_GetItem
- (expectedPolicies,
- polx,
- (PKIX_PL_Object **)&policyOID,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_NULLCHECK_ONE(policyOID);
-
- isIncluded = PKIX_FALSE;
-
- for (childIx = 0;
- (!isIncluded && (childIx < numChildren));
- childIx++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (children,
- childIx,
- (PKIX_PL_Object **)&childNode,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_NULLCHECK_ONE(childNode);
-
- PKIX_CHECK(PKIX_PolicyNode_GetValidPolicy
- (childNode, &childPolicy, plContext),
- PKIX_POLICYNODEGETVALIDPOLICYFAILED);
-
- PKIX_NULLCHECK_ONE(childPolicy);
-
- PKIX_EQUALS(policyOID, childPolicy, &isIncluded, plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- PKIX_DECREF(childNode);
- PKIX_DECREF(childPolicy);
- }
-
- if (!isIncluded) {
- if (policyMaps) {
- PKIX_CHECK
- (pkix_PolicyChecker_MapGetSubjectDomainPolicies
- (policyMaps,
- policyOID,
- &subjectDomainPolicies,
- plContext),
- PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED);
- }
- PKIX_CHECK(pkix_PolicyChecker_Spawn
- (currentNode,
- policyOID,
- qualsOfAny,
- subjectDomainPolicies,
- state,
- plContext),
- PKIX_POLICYCHECKERSPAWNFAILED);
- PKIX_DECREF(subjectDomainPolicies);
- }
-
- PKIX_DECREF(policyOID);
- }
- }
-
-cleanup:
-
- PKIX_DECREF(children);
- PKIX_DECREF(childNode);
- PKIX_DECREF(expectedPolicies);
- PKIX_DECREF(policyOID);
- PKIX_DECREF(childPolicy);
- PKIX_DECREF(subjectDomainPolicies);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-
-}
-
-/*
- * FUNCTION: pkix_PolicyChecker_CalculateIntersection
- * DESCRIPTION:
- *
- * Processes the PolicyNode pointed to by "currentNode", and its descendants,
- * using the PolicyCheckerState pointed to by "state", using the List at
- * the address pointed to by "nominees" the OIDs of policies that are in the
- * user-initial-policy-set but are not represented among the nodes at the
- * bottom of the tree, and storing at "pShouldBePruned" the value TRUE if
- * currentNode is childless at the end of this processing, FALSE if it has
- * children or is at the bottom of the tree.
- *
- * When this function is called at the top level, "nominees" should be the List
- * of all policies in the user-initial-policy-set. Policies that are
- * represented in the valid-policy-node-set are removed from this List. As a
- * result when nodes are created according to 6.1.5.(g)(iii)(3)(b), a node will
- * be created for each policy remaining in this List.
- *
- * This function implements the calculation of the intersection of the
- * validPolicyTree with the user-initial-policy-set, as described in
- * RFC 3280 6.1.5(g)(iii).
- *
- * PARAMETERS:
- * "currentNode"
- * Address of PolicyNode whose descendants will be processed as described.
- * Must be non-NULL.
- * "state"
- * Address of the current state of the PKIX_PolicyChecker. Must be non-NULL
- * "nominees"
- * Address of List of the OIDs for which nodes should be created to replace
- * anyPolicy nodes. Must be non-NULL but may be empty.
- * "pShouldBePruned"
- * Address where Boolean return value, set to TRUE if this PolicyNode
- * should be deleted, is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a CertChainChecker Error if the functions fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-static PKIX_Error *
-pkix_PolicyChecker_CalculateIntersection(
- PKIX_PolicyNode *currentNode,
- PKIX_PolicyCheckerState *state,
- PKIX_List *nominees, /* OIDs */
- PKIX_Boolean *pShouldBePruned,
- void *plContext)
-{
- PKIX_Boolean currentPolicyIsAny = PKIX_FALSE;
- PKIX_Boolean parentPolicyIsAny = PKIX_FALSE;
- PKIX_Boolean currentPolicyIsValid = PKIX_FALSE;
- PKIX_Boolean shouldBePruned = PKIX_FALSE;
- PKIX_Boolean priorCriticality = PKIX_FALSE;
- PKIX_UInt32 depth = 0;
- PKIX_UInt32 numChildren = 0;
- PKIX_UInt32 childIndex = 0;
- PKIX_UInt32 numNominees = 0;
- PKIX_UInt32 polIx = 0;
- PKIX_PL_OID *currentPolicy = NULL;
- PKIX_PL_OID *parentPolicy = NULL;
- PKIX_PL_OID *substPolicy = NULL;
- PKIX_PolicyNode *parent = NULL;
- PKIX_PolicyNode *child = NULL;
- PKIX_List *children = NULL; /* PolicyNodes */
- PKIX_List *policyQualifiers = NULL;
-
- PKIX_ENTER
- (CERTCHAINCHECKER,
- "pkix_PolicyChecker_CalculateIntersection");
-
- PKIX_NULLCHECK_FOUR(currentNode, state, nominees, pShouldBePruned);
-
- PKIX_CHECK(PKIX_PolicyNode_GetValidPolicy
- (currentNode, &currentPolicy, plContext),
- PKIX_POLICYNODEGETVALIDPOLICYFAILED);
-
- PKIX_NULLCHECK_TWO(state->anyPolicyOID, currentPolicy);
-
- PKIX_EQUALS
- (state->anyPolicyOID,
- currentPolicy,
- &currentPolicyIsAny,
- plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- PKIX_CHECK(PKIX_PolicyNode_GetParent(currentNode, &parent, plContext),
- PKIX_POLICYNODEGETPARENTFAILED);
-
- if (currentPolicyIsAny == PKIX_FALSE) {
-
- /*
- * If we are at the top of the tree, or if our
- * parent's validPolicy is anyPolicy, we are in
- * the valid policy node set.
- */
- if (parent) {
- PKIX_CHECK(PKIX_PolicyNode_GetValidPolicy
- (parent, &parentPolicy, plContext),
- PKIX_POLICYNODEGETVALIDPOLICYFAILED);
-
- PKIX_NULLCHECK_ONE(parentPolicy);
-
- PKIX_EQUALS
- (state->anyPolicyOID,
- parentPolicy,
- &parentPolicyIsAny,
- plContext,
- PKIX_OBJECTEQUALSFAILED);
- }
-
- /*
- * Section 6.1.5(g)(iii)(2)
- * If this node's policy is not in the user-initial-policy-set,
- * it is not in the intersection. Prune it.
- */
- if (!parent || parentPolicyIsAny) {
- PKIX_CHECK(pkix_List_Contains
- (state->userInitialPolicySet,
- (PKIX_PL_Object *)currentPolicy,
- &currentPolicyIsValid,
- plContext),
- PKIX_LISTCONTAINSFAILED);
- if (!currentPolicyIsValid) {
- *pShouldBePruned = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If this node's policy is in the user-initial-policy-
- * set, it will propagate that policy into the next
- * level of the tree. Remove the policy from the list
- * of policies that an anyPolicy will spawn.
- */
- PKIX_CHECK(pkix_List_Remove
- (nominees,
- (PKIX_PL_Object *)currentPolicy,
- plContext),
- PKIX_LISTREMOVEFAILED);
- }
- }
-
-
- /* Are we at the bottom of the tree? */
-
- PKIX_CHECK(PKIX_PolicyNode_GetDepth
- (currentNode, &depth, plContext),
- PKIX_POLICYNODEGETDEPTHFAILED);
-
- if (depth == (state->numCerts)) {
- /*
- * Section 6.1.5(g)(iii)(3)
- * Replace anyPolicy nodes...
- */
- if (currentPolicyIsAny == PKIX_TRUE) {
-
- /* replace this node */
-
- PKIX_CHECK(PKIX_List_GetLength
- (nominees, &numNominees, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- if (numNominees) {
-
- PKIX_CHECK(PKIX_PolicyNode_GetPolicyQualifiers
- (currentNode,
- &policyQualifiers,
- plContext),
- PKIX_POLICYNODEGETPOLICYQUALIFIERSFAILED);
-
- PKIX_CHECK(PKIX_PolicyNode_IsCritical
- (currentNode, &priorCriticality, plContext),
- PKIX_POLICYNODEISCRITICALFAILED);
- }
-
- PKIX_NULLCHECK_ONE(parent);
-
- for (polIx = 0; polIx < numNominees; polIx++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (nominees,
- polIx,
- (PKIX_PL_Object **)&substPolicy,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_PolicyChecker_Spawn
- (parent,
- substPolicy,
- policyQualifiers,
- NULL,
- state,
- plContext),
- PKIX_POLICYCHECKERSPAWNFAILED);
-
- PKIX_DECREF(substPolicy);
-
- }
- /* remove currentNode from parent */
- *pShouldBePruned = PKIX_TRUE;
- /*
- * We can get away with augmenting the parent's List
- * of children because we started at the end and went
- * toward the beginning. New nodes are added at the end.
- */
- }
- } else {
- /*
- * Section 6.1.5(g)(iii)(4)
- * Prune any childless nodes above the bottom level
- */
- PKIX_CHECK(pkix_PolicyNode_GetChildrenMutable
- (currentNode, &children, plContext),
- PKIX_POLICYNODEGETCHILDRENMUTABLEFAILED);
-
- /* CurrentNode should have been pruned if childless. */
- PKIX_NULLCHECK_ONE(children);
-
- PKIX_CHECK(PKIX_List_GetLength
- (children, &numChildren, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (childIndex = numChildren; childIndex > 0; childIndex--) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (children,
- childIndex - 1,
- (PKIX_PL_Object **)&child,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_PolicyChecker_CalculateIntersection
- (child, state, nominees, &shouldBePruned, plContext),
- PKIX_POLICYCHECKERCALCULATEINTERSECTIONFAILED);
-
- if (PKIX_TRUE == shouldBePruned) {
-
- PKIX_CHECK(PKIX_List_DeleteItem
- (children, childIndex - 1, plContext),
- PKIX_LISTDELETEITEMFAILED);
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)state, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
- }
-
- PKIX_DECREF(child);
- }
-
- PKIX_CHECK(PKIX_List_GetLength
- (children, &numChildren, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- if (numChildren == 0) {
- *pShouldBePruned = PKIX_TRUE;
- }
- }
-cleanup:
- PKIX_DECREF(currentPolicy);
- PKIX_DECREF(parentPolicy);
- PKIX_DECREF(substPolicy);
- PKIX_DECREF(parent);
- PKIX_DECREF(child);
- PKIX_DECREF(children);
- PKIX_DECREF(policyQualifiers);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-
-}
-
-/*
- * FUNCTION: pkix_PolicyChecker_PolicyMapProcessing
- * DESCRIPTION:
- *
- * Performs the processing of Policies in the List of CertPolicyMaps pointed
- * to by "policyMaps", using and updating the PolicyCheckerState pointed to by
- * "state".
- *
- * This function implements the policyMap processing described in RFC3280
- * Section 6.1.4(b)(1), after certificate i has been processed, in preparation
- * for certificate i+1. Section references are to that document.
- *
- * PARAMETERS:
- * "policyMaps"
- * Address of the List of CertPolicyMaps presented by certificate i.
- * Must be non-NULL.
- * "certPoliciesIncludeAny"
- * Boolean value which is PKIX_TRUE if the current certificate asserts
- * anyPolicy, PKIX_FALSE otherwise.
- * "qualsOfAny"
- * Address of List of qualifiers of the anyPolicy in the current
- * certificate. May be empty or NULL.
- * "state"
- * Address of the current state of the PKIX_PolicyChecker.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a CertChainChecker Error if the functions fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-static PKIX_Error *
-pkix_PolicyChecker_PolicyMapProcessing(
- PKIX_List *policyMaps, /* CertPolicyMaps */
- PKIX_Boolean certPoliciesIncludeAny,
- PKIX_List *qualsOfAny,
- PKIX_PolicyCheckerState *state,
- void *plContext)
-{
- PKIX_UInt32 numPolicies = 0;
- PKIX_UInt32 polX = 0;
- PKIX_PL_OID *policyOID = NULL;
- PKIX_List *newMappedPolicies = NULL; /* OIDs */
- PKIX_List *subjectDomainPolicies = NULL; /* OIDs */
-
- PKIX_ENTER
- (CERTCHAINCHECKER,
- "pkix_PolicyChecker_PolicyMapProcessing");
- PKIX_NULLCHECK_THREE(policyMaps, state, state->userInitialPolicySet);
-
- /*
- * For each policy in mappedUserInitialPolicySet, if it is not mapped,
- * append it to new policySet; if it is mapped, append its
- * subjectDomainPolicies to new policySet. When done, this new
- * policySet will replace mappedUserInitialPolicySet.
- */
- PKIX_CHECK(PKIX_List_Create
- (&newMappedPolicies, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength
- (state->mappedUserInitialPolicySet,
- &numPolicies,
- plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (polX = 0; polX < numPolicies; polX++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (state->mappedUserInitialPolicySet,
- polX,
- (PKIX_PL_Object **)&policyOID,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_PolicyChecker_MapGetSubjectDomainPolicies
- (policyMaps,
- policyOID,
- &subjectDomainPolicies,
- plContext),
- PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED);
-
- if (subjectDomainPolicies) {
-
- PKIX_CHECK(pkix_List_AppendUnique
- (newMappedPolicies,
- subjectDomainPolicies,
- plContext),
- PKIX_LISTAPPENDUNIQUEFAILED);
-
- PKIX_DECREF(subjectDomainPolicies);
-
- } else {
- PKIX_CHECK(PKIX_List_AppendItem
- (newMappedPolicies,
- (PKIX_PL_Object *)policyOID,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- }
- PKIX_DECREF(policyOID);
- }
-
- /*
- * For each policy ID-P remaining in mappedPolicyOIDs, it has not been
- * propagated to the bottom of the tree (depth i). If policyMapping
- * is greater than zero and this cert contains anyPolicy and the tree
- * contains an anyPolicy node at depth i-1, then we must create a node
- * with validPolicy ID-P, the policy qualifiers of anyPolicy in
- * this certificate, and expectedPolicySet the subjectDomainPolicies
- * that ID-P maps to. We also then add those subjectDomainPolicies to
- * the list of policies that will be accepted in the next certificate,
- * the mappedUserInitialPolicySet.
- */
-
- if ((state->policyMapping > 0) && (certPoliciesIncludeAny) &&
- (state->anyPolicyNodeAtBottom) && (state->mappedPolicyOIDs)) {
-
- PKIX_CHECK(PKIX_List_GetLength
- (state->mappedPolicyOIDs,
- &numPolicies,
- plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (polX = 0; polX < numPolicies; polX++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (state->mappedPolicyOIDs,
- polX,
- (PKIX_PL_Object **)&policyOID,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_PolicyChecker_MapGetSubjectDomainPolicies
- (policyMaps,
- policyOID,
- &subjectDomainPolicies,
- plContext),
- PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED);
-
- PKIX_CHECK(pkix_PolicyChecker_Spawn
- (state->anyPolicyNodeAtBottom,
- policyOID,
- qualsOfAny,
- subjectDomainPolicies,
- state,
- plContext),
- PKIX_POLICYCHECKERSPAWNFAILED);
-
- PKIX_CHECK(pkix_List_AppendUnique
- (newMappedPolicies,
- subjectDomainPolicies,
- plContext),
- PKIX_LISTAPPENDUNIQUEFAILED);
-
- PKIX_DECREF(subjectDomainPolicies);
- PKIX_DECREF(policyOID);
- }
- }
-
- PKIX_CHECK(PKIX_List_SetImmutable(newMappedPolicies, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- PKIX_DECREF(state->mappedUserInitialPolicySet);
- PKIX_INCREF(newMappedPolicies);
-
- state->mappedUserInitialPolicySet = newMappedPolicies;
-
-cleanup:
-
- PKIX_DECREF(policyOID);
- PKIX_DECREF(newMappedPolicies);
- PKIX_DECREF(subjectDomainPolicies);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-/*
- * FUNCTION: pkix_PolicyChecker_WrapUpProcessing
- * DESCRIPTION:
- *
- * Performs the wrap-up processing for the Cert pointed to by "cert",
- * using and updating the PolicyCheckerState pointed to by "state".
- *
- * This function implements the wrap-up processing described in RFC3280
- * Section 6.1.5, after the final certificate has been processed. Section
- * references in the comments are to that document.
- *
- * PARAMETERS:
- * "cert"
- * Address of the current (presumably the end entity) certificate.
- * Must be non-NULL.
- * "state"
- * Address of the current state of the PKIX_PolicyChecker.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a CertChainChecker Error if the functions fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-static PKIX_Error *
-pkix_PolicyChecker_WrapUpProcessing(
- PKIX_PL_Cert *cert,
- PKIX_PolicyCheckerState *state,
- void *plContext)
-{
- PKIX_Int32 explicitPolicySkipCerts = 0;
- PKIX_Boolean isSelfIssued = PKIX_FALSE;
- PKIX_Boolean shouldBePruned = PKIX_FALSE;
- PKIX_List *nominees = NULL; /* OIDs */
-#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
- PKIX_PL_String *stateString = NULL;
- char *stateAscii = NULL;
- PKIX_UInt32 length;
-#endif
-
- PKIX_ENTER
- (CERTCHAINCHECKER,
- "pkix_PolicyChecker_WrapUpProcessing");
- PKIX_NULLCHECK_THREE(cert, state, state->userInitialPolicySet);
-
-#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)state, &stateString, plContext),
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (stateString,
- PKIX_ESCASCII,
- (void **)&stateAscii,
- &length,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
-
- PKIX_DEBUG_ARG("%s\n", stateAscii);
-
- PKIX_FREE(stateAscii);
- PKIX_DECREF(stateString);
-#endif
-
- /* Section 6.1.5(a) ... */
- PKIX_CHECK(pkix_IsCertSelfIssued
- (cert, &isSelfIssued, plContext),
- PKIX_ISCERTSELFISSUEDFAILED);
-
- if (!isSelfIssued) {
- if (state->explicitPolicy > 0) {
-
- state->explicitPolicy--;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)state, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
- }
- }
-
- /* Section 6.1.5(b) ... */
- PKIX_CHECK(PKIX_PL_Cert_GetRequireExplicitPolicy
- (cert, &explicitPolicySkipCerts, plContext),
- PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED);
-
- if (explicitPolicySkipCerts == 0) {
- state->explicitPolicy = 0;
- }
-
- /* Section 6.1.5(g)(i) ... */
-
- if (!(state->validPolicyTree)) {
- goto cleanup;
- }
-
- /* Section 6.1.5(g)(ii) ... */
-
- if (state->initialIsAnyPolicy) {
- goto cleanup;
- }
-
- /*
- * Section 6.1.5(g)(iii) ...
- * Create a list of policies which could be substituted for anyPolicy.
- * Start with a (mutable) copy of user-initial-policy-set.
- */
- PKIX_CHECK(pkix_PolicyChecker_MakeMutableCopy
- (state->userInitialPolicySet, &nominees, plContext),
- PKIX_POLICYCHECKERMAKEMUTABLECOPYFAILED);
-
- PKIX_CHECK(pkix_PolicyChecker_CalculateIntersection
- (state->validPolicyTree, /* node at top of tree */
- state,
- nominees,
- &shouldBePruned,
- plContext),
- PKIX_POLICYCHECKERCALCULATEINTERSECTIONFAILED);
-
- if (PKIX_TRUE == shouldBePruned) {
- PKIX_DECREF(state->validPolicyTree);
- }
-
- if (state->validPolicyTree) {
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)state->validPolicyTree, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
- }
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)state, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
- if (state->validPolicyTree) {
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)state, &stateString, plContext),
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (stateString,
- PKIX_ESCASCII,
- (void **)&stateAscii,
- &length,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
-
- PKIX_DEBUG_ARG
- ("After CalculateIntersection:\n%s\n", stateAscii);
-
- PKIX_FREE(stateAscii);
- PKIX_DECREF(stateString);
- } else {
- PKIX_DEBUG("validPolicyTree is NULL\n");
- }
-#endif
-
- /* Section 6.1.5(g)(iii)(4) ... */
-
- if (state->validPolicyTree) {
-
- PKIX_CHECK(pkix_PolicyNode_Prune
- (state->validPolicyTree,
- state->numCerts,
- &shouldBePruned,
- plContext),
- PKIX_POLICYNODEPRUNEFAILED);
-
- if (shouldBePruned) {
- PKIX_DECREF(state->validPolicyTree);
- }
- }
-
- if (state->validPolicyTree) {
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)state->validPolicyTree, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
- }
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)state, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)state, &stateString, plContext),
- PKIX_OBJECTTOSTRINGFAILED);
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (stateString,
- PKIX_ESCASCII,
- (void **)&stateAscii,
- &length,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
- PKIX_DEBUG_ARG("%s\n", stateAscii);
-
- PKIX_FREE(stateAscii);
- PKIX_DECREF(stateString);
-#endif
-
-cleanup:
-
- PKIX_DECREF(nominees);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-
-/*
- * FUNCTION: pkix_PolicyChecker_Check
- * (see comments in pkix_checker.h for PKIX_CertChainChecker_CheckCallback)
- *
- * Labels referring to sections, such as "Section 6.1.3(d)", refer to
- * sections of RFC3280, Section 6.1.3 Basic Certificate Processing.
- *
- * If a non-fatal error occurs, it is unlikely that policy processing can
- * continue. But it is still possible that chain validation could succeed if
- * policy processing is non-critical. So if this function receives a non-fatal
- * error from a lower level routine, it aborts policy processing by setting
- * the validPolicyTree to NULL and tries to continue.
- *
- */
-static PKIX_Error *
-pkix_PolicyChecker_Check(
- PKIX_CertChainChecker *checker,
- PKIX_PL_Cert *cert,
- PKIX_List *unresolvedCriticals, /* OIDs */
- void **pNBIOContext,
- void *plContext)
-{
- PKIX_UInt32 numPolicies = 0;
- PKIX_UInt32 polX = 0;
- PKIX_Boolean result = PKIX_FALSE;
- PKIX_Int32 inhibitMappingSkipCerts = 0;
- PKIX_Int32 explicitPolicySkipCerts = 0;
- PKIX_Int32 inhibitAnyPolicySkipCerts = 0;
- PKIX_Boolean shouldBePruned = PKIX_FALSE;
- PKIX_Boolean isSelfIssued = PKIX_FALSE;
- PKIX_Boolean certPoliciesIncludeAny = PKIX_FALSE;
- PKIX_Boolean doAnyPolicyProcessing = PKIX_FALSE;
-
- PKIX_PolicyCheckerState *state = NULL;
- PKIX_List *certPolicyInfos = NULL; /* CertPolicyInfos */
- PKIX_PL_CertPolicyInfo *policy = NULL;
- PKIX_PL_OID *policyOID = NULL;
- PKIX_List *qualsOfAny = NULL; /* CertPolicyQualifiers */
- PKIX_List *policyQualifiers = NULL; /* CertPolicyQualifiers */
- PKIX_List *policyMaps = NULL; /* CertPolicyMaps */
- PKIX_List *mappedPolicies = NULL; /* OIDs */
- PKIX_Error *subroutineErr = NULL;
-#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
- PKIX_PL_String *stateString = NULL;
- char *stateAscii = NULL;
- PKIX_PL_String *certString = NULL;
- char *certAscii = NULL;
- PKIX_UInt32 length;
-#endif
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_Check");
- PKIX_NULLCHECK_FOUR(checker, cert, unresolvedCriticals, pNBIOContext);
-
- *pNBIOContext = NULL; /* we never block on pending I/O */
-
- PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
- (checker, (PKIX_PL_Object **)&state, plContext),
- PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
-
- PKIX_NULLCHECK_TWO(state, state->certPoliciesExtension);
-
-#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)state, &stateString, plContext),
- PKIX_OBJECTTOSTRINGFAILED);
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (stateString,
- PKIX_ESCASCII,
- (void **)&stateAscii,
- &length,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
- PKIX_DEBUG_ARG("On entry %s\n", stateAscii);
- PKIX_FREE(stateAscii);
- PKIX_DECREF(stateString);
-#endif
-
- /*
- * Section 6.1.4(a)
- * If this is not the last certificate, and if
- * policyMapping extension is present, check that no
- * issuerDomainPolicy or subjectDomainPolicy is equal to the
- * special policy anyPolicy.
- */
- if (state->certsProcessed != (state->numCerts - 1)) {
- PKIX_CHECK(PKIX_PL_Cert_GetPolicyMappings
- (cert, &policyMaps, plContext),
- PKIX_CERTGETPOLICYMAPPINGSFAILED);
- }
-
- if (policyMaps) {
-
- PKIX_CHECK(pkix_PolicyChecker_MapContains
- (policyMaps, state->anyPolicyOID, &result, plContext),
- PKIX_POLICYCHECKERMAPCONTAINSFAILED);
-
- if (result) {
- PKIX_ERROR(PKIX_INVALIDPOLICYMAPPINGINCLUDESANYPOLICY);
- }
-
- PKIX_CHECK(pkix_PolicyChecker_MapGetMappedPolicies
- (policyMaps, &mappedPolicies, plContext),
- PKIX_POLICYCHECKERMAPGETMAPPEDPOLICIESFAILED);
-
- PKIX_DECREF(state->mappedPolicyOIDs);
- PKIX_INCREF(mappedPolicies);
- state->mappedPolicyOIDs = mappedPolicies;
- }
-
- /* Section 6.1.3(d) */
- if (state->validPolicyTree) {
-
- PKIX_CHECK(PKIX_PL_Cert_GetPolicyInformation
- (cert, &certPolicyInfos, plContext),
- PKIX_CERTGETPOLICYINFORMATIONFAILED);
-
- if (certPolicyInfos) {
- PKIX_CHECK(PKIX_List_GetLength
- (certPolicyInfos, &numPolicies, plContext),
- PKIX_LISTGETLENGTHFAILED);
- }
-
- if (numPolicies > 0) {
-
- PKIX_CHECK(PKIX_PL_Cert_AreCertPoliciesCritical
- (cert, &(state->certPoliciesCritical), plContext),
- PKIX_CERTARECERTPOLICIESCRITICALFAILED);
-
- /* Section 6.1.3(d)(1) For each policy not equal to anyPolicy */
- for (polX = 0; polX < numPolicies; polX++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (certPolicyInfos,
- polX,
- (PKIX_PL_Object **)&policy,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(PKIX_PL_CertPolicyInfo_GetPolicyId
- (policy, &policyOID, plContext),
- PKIX_CERTPOLICYINFOGETPOLICYIDFAILED);
-
- PKIX_CHECK(PKIX_PL_CertPolicyInfo_GetPolQualifiers
- (policy, &policyQualifiers, plContext),
- PKIX_CERTPOLICYINFOGETPOLQUALIFIERSFAILED);
-
- PKIX_EQUALS
- (state->anyPolicyOID,
- policyOID,
- &result,
- plContext,
- PKIX_OIDEQUALFAILED);
-
- if (result == PKIX_FALSE) {
-
- /* Section 6.1.3(d)(1)(i) */
- subroutineErr = pkix_PolicyChecker_CheckPolicy
- (policyOID,
- policyQualifiers,
- cert,
- policyMaps,
- state,
- plContext);
- if (subroutineErr) {
- goto subrErrorCleanup;
- }
-
- } else {
- /*
- * No descent (yet) for anyPolicy, but we will need
- * the policyQualifiers for anyPolicy in 6.1.3(d)(2)
- */
- PKIX_DECREF(qualsOfAny);
- PKIX_INCREF(policyQualifiers);
- qualsOfAny = policyQualifiers;
- certPoliciesIncludeAny = PKIX_TRUE;
- }
- PKIX_DECREF(policy);
- PKIX_DECREF(policyOID);
- PKIX_DECREF(policyQualifiers);
- }
-
- /* Section 6.1.3(d)(2) */
- if (certPoliciesIncludeAny == PKIX_TRUE) {
- if (state->inhibitAnyPolicy > 0) {
- doAnyPolicyProcessing = PKIX_TRUE;
- } else {
- /* We haven't yet counted the current cert */
- if (((state->certsProcessed) + 1) <
- (state->numCerts)) {
-
- PKIX_CHECK(pkix_IsCertSelfIssued
- (cert,
- &doAnyPolicyProcessing,
- plContext),
- PKIX_ISCERTSELFISSUEDFAILED);
- }
- }
- if (doAnyPolicyProcessing) {
- subroutineErr = pkix_PolicyChecker_CheckAny
- (state->validPolicyTree,
- qualsOfAny,
- policyMaps,
- state,
- plContext);
- if (subroutineErr) {
- goto subrErrorCleanup;
- }
- }
- }
-
- /* Section 6.1.3(d)(3) */
- if (state->validPolicyTree) {
- subroutineErr = pkix_PolicyNode_Prune
- (state->validPolicyTree,
- state->certsProcessed + 1,
- &shouldBePruned,
- plContext);
- if (subroutineErr) {
- goto subrErrorCleanup;
- }
- if (shouldBePruned) {
- PKIX_DECREF(state->validPolicyTree);
- PKIX_DECREF(state->anyPolicyNodeAtBottom);
- }
- }
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)state, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
- } else {
- /* Section 6.1.3(e) */
- PKIX_DECREF(state->validPolicyTree);
- PKIX_DECREF(state->anyPolicyNodeAtBottom);
- PKIX_DECREF(state->newAnyPolicyNode);
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)state, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
- }
- }
-
- /* Section 6.1.3(f) */
- if ((0 == state->explicitPolicy) && (!state->validPolicyTree)) {
- PKIX_ERROR(PKIX_CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION);
- }
-
- /*
- * Remove Policy OIDs from list of unresolved critical
- * extensions, if present.
- */
- PKIX_CHECK(pkix_List_Remove
- (unresolvedCriticals,
- (PKIX_PL_Object *)state->certPoliciesExtension,
- plContext),
- PKIX_LISTREMOVEFAILED);
-
- PKIX_CHECK(pkix_List_Remove
- (unresolvedCriticals,
- (PKIX_PL_Object *)state->policyMappingsExtension,
- plContext),
- PKIX_LISTREMOVEFAILED);
-
- PKIX_CHECK(pkix_List_Remove
- (unresolvedCriticals,
- (PKIX_PL_Object *)state->policyConstraintsExtension,
- plContext),
- PKIX_LISTREMOVEFAILED);
-
- PKIX_CHECK(pkix_List_Remove
- (unresolvedCriticals,
- (PKIX_PL_Object *)state->inhibitAnyPolicyExtension,
- plContext),
- PKIX_LISTREMOVEFAILED);
-
- state->certsProcessed++;
-
- /* If this was not the last certificate, do next-cert preparation */
- if (state->certsProcessed != state->numCerts) {
-
- if (policyMaps) {
- subroutineErr = pkix_PolicyChecker_PolicyMapProcessing
- (policyMaps,
- certPoliciesIncludeAny,
- qualsOfAny,
- state,
- plContext);
- if (subroutineErr) {
- goto subrErrorCleanup;
- }
- }
-
- /* update anyPolicyNodeAtBottom pointer */
- PKIX_DECREF(state->anyPolicyNodeAtBottom);
- state->anyPolicyNodeAtBottom = state->newAnyPolicyNode;
- state->newAnyPolicyNode = NULL;
-
- /* Section 6.1.4(h) */
- PKIX_CHECK(pkix_IsCertSelfIssued
- (cert, &isSelfIssued, plContext),
- PKIX_ISCERTSELFISSUEDFAILED);
-
- if (!isSelfIssued) {
- if (state->explicitPolicy > 0) {
- state->explicitPolicy--;
- }
- if (state->policyMapping > 0) {
- state->policyMapping--;
- }
- if (state->inhibitAnyPolicy > 0) {
- state->inhibitAnyPolicy--;
- }
- }
-
- /* Section 6.1.4(i) */
- PKIX_CHECK(PKIX_PL_Cert_GetRequireExplicitPolicy
- (cert, &explicitPolicySkipCerts, plContext),
- PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED);
-
- if (explicitPolicySkipCerts != -1) {
- if (((PKIX_UInt32)explicitPolicySkipCerts) <
- (state->explicitPolicy)) {
- state->explicitPolicy =
- ((PKIX_UInt32) explicitPolicySkipCerts);
- }
- }
-
- PKIX_CHECK(PKIX_PL_Cert_GetPolicyMappingInhibited
- (cert, &inhibitMappingSkipCerts, plContext),
- PKIX_CERTGETPOLICYMAPPINGINHIBITEDFAILED);
-
- if (inhibitMappingSkipCerts != -1) {
- if (((PKIX_UInt32)inhibitMappingSkipCerts) <
- (state->policyMapping)) {
- state->policyMapping =
- ((PKIX_UInt32)inhibitMappingSkipCerts);
- }
- }
-
- PKIX_CHECK(PKIX_PL_Cert_GetInhibitAnyPolicy
- (cert, &inhibitAnyPolicySkipCerts, plContext),
- PKIX_CERTGETINHIBITANYPOLICYFAILED);
-
- if (inhibitAnyPolicySkipCerts != -1) {
- if (((PKIX_UInt32)inhibitAnyPolicySkipCerts) <
- (state->inhibitAnyPolicy)) {
- state->inhibitAnyPolicy =
- ((PKIX_UInt32)inhibitAnyPolicySkipCerts);
- }
- }
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)state, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
- } else { /* If this was the last certificate, do wrap-up processing */
-
- /* Section 6.1.5 */
- subroutineErr = pkix_PolicyChecker_WrapUpProcessing
- (cert, state, plContext);
- if (subroutineErr) {
- goto subrErrorCleanup;
- }
-
- if ((0 == state->explicitPolicy) && (!state->validPolicyTree)) {
- PKIX_ERROR(PKIX_CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION);
- }
-
- PKIX_DECREF(state->anyPolicyNodeAtBottom);
- PKIX_DECREF(state->newAnyPolicyNode);
- }
-
-
- if (subroutineErr) {
-
-subrErrorCleanup:
- /* We had an error. Was it a fatal error? */
- pkixErrorClass = subroutineErr->errClass;
- if (pkixErrorClass == PKIX_FATAL_ERROR) {
- pkixErrorResult = subroutineErr;
- subroutineErr = NULL;
- goto cleanup;
- }
- /*
- * Abort policy processing, and then determine whether
- * we can continue without policy processing.
- */
- PKIX_DECREF(state->validPolicyTree);
- PKIX_DECREF(state->anyPolicyNodeAtBottom);
- PKIX_DECREF(state->newAnyPolicyNode);
- if (state->explicitPolicy == 0) {
- PKIX_ERROR
- (PKIX_CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION);
- }
- }
-
- /* Checking is complete. Save state for the next certificate. */
- PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState
- (checker, (PKIX_PL_Object *)state, plContext),
- PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
-
-cleanup:
-
-#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
- if (cert) {
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)cert, &certString, plContext),
- PKIX_OBJECTTOSTRINGFAILED);
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (certString,
- PKIX_ESCASCII,
- (void **)&certAscii,
- &length,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
- PKIX_DEBUG_ARG("Cert was %s\n", certAscii);
- PKIX_FREE(certAscii);
- PKIX_DECREF(certString);
- }
- if (state) {
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)state, &stateString, plContext),
- PKIX_OBJECTTOSTRINGFAILED);
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (stateString,
- PKIX_ESCASCII,
- (void **)&stateAscii,
- &length,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
- PKIX_DEBUG_ARG("On exit %s\n", stateAscii);
- PKIX_FREE(stateAscii);
- PKIX_DECREF(stateString);
- }
-#endif
-
- PKIX_DECREF(state);
- PKIX_DECREF(certPolicyInfos);
- PKIX_DECREF(policy);
- PKIX_DECREF(qualsOfAny);
- PKIX_DECREF(policyQualifiers);
- PKIX_DECREF(policyOID);
- PKIX_DECREF(subroutineErr);
- PKIX_DECREF(policyMaps);
- PKIX_DECREF(mappedPolicies);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-/*
- * FUNCTION: pkix_PolicyChecker_Initialize
- * DESCRIPTION:
- *
- * Creates and initializes a PolicyChecker, using the List pointed to
- * by "initialPolicies" for the user-initial-policy-set, the Boolean value
- * of "policyQualifiersRejected" for the policyQualifiersRejected parameter,
- * the Boolean value of "initialPolicyMappingInhibit" for the
- * inhibitPolicyMappings parameter, the Boolean value of
- * "initialExplicitPolicy" for the initialExplicitPolicy parameter, the
- * Boolean value of "initialAnyPolicyInhibit" for the inhibitAnyPolicy
- * parameter, and the UInt32 value of "numCerts" as the number of
- * certificates in the chain; and stores the Checker at "pChecker".
- *
- * PARAMETERS:
- * "initialPolicies"
- * Address of List of OIDs comprising the user-initial-policy-set; the List
- * may be empty or NULL
- * "policyQualifiersRejected"
- * Boolean value of the policyQualifiersRejected parameter
- * "initialPolicyMappingInhibit"
- * Boolean value of the inhibitPolicyMappings parameter
- * "initialExplicitPolicy"
- * Boolean value of the initialExplicitPolicy parameter
- * "initialAnyPolicyInhibit"
- * Boolean value of the inhibitAnyPolicy parameter
- * "numCerts"
- * Number of certificates in the chain to be validated
- * "pChecker"
- * Address to store the created PolicyChecker. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a CertChainChecker Error if the functions fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-PKIX_Error *
-pkix_PolicyChecker_Initialize(
- PKIX_List *initialPolicies,
- PKIX_Boolean policyQualifiersRejected,
- PKIX_Boolean initialPolicyMappingInhibit,
- PKIX_Boolean initialExplicitPolicy,
- PKIX_Boolean initialAnyPolicyInhibit,
- PKIX_UInt32 numCerts,
- PKIX_CertChainChecker **pChecker,
- void *plContext)
-{
- PKIX_PolicyCheckerState *polCheckerState = NULL;
- PKIX_List *policyExtensions = NULL; /* OIDs */
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_Initialize");
- PKIX_NULLCHECK_ONE(pChecker);
-
- PKIX_CHECK(pkix_PolicyCheckerState_Create
- (initialPolicies,
- policyQualifiersRejected,
- initialPolicyMappingInhibit,
- initialExplicitPolicy,
- initialAnyPolicyInhibit,
- numCerts,
- &polCheckerState,
- plContext),
- PKIX_POLICYCHECKERSTATECREATEFAILED);
-
- /* Create the list of extensions that we handle */
- PKIX_CHECK(pkix_PolicyChecker_MakeSingleton
- ((PKIX_PL_Object *)(polCheckerState->certPoliciesExtension),
- PKIX_TRUE,
- &policyExtensions,
- plContext),
- PKIX_POLICYCHECKERMAKESINGLETONFAILED);
-
- PKIX_CHECK(PKIX_CertChainChecker_Create
- (pkix_PolicyChecker_Check,
- PKIX_FALSE, /* forwardCheckingSupported */
- PKIX_FALSE,
- policyExtensions,
- (PKIX_PL_Object *)polCheckerState,
- pChecker,
- plContext),
- PKIX_CERTCHAINCHECKERCREATEFAILED);
-
-cleanup:
- PKIX_DECREF(polCheckerState);
- PKIX_DECREF(policyExtensions);
- PKIX_RETURN(CERTCHAINCHECKER);
-
-}
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_policychecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_policychecker.h
deleted file mode 100755
index 10efa9795..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_policychecker.h
+++ /dev/null
@@ -1,106 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_policychecker.h
- *
- * Header file for policy checker.
- *
- */
-
-#ifndef _PKIX_POLICYCHECKER_H
-#define _PKIX_POLICYCHECKER_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct PKIX_PolicyCheckerStateStruct PKIX_PolicyCheckerState;
-
-struct PKIX_PolicyCheckerStateStruct{
- PKIX_PL_OID *certPoliciesExtension; /* const */
- PKIX_PL_OID *policyMappingsExtension; /* const */
- PKIX_PL_OID *policyConstraintsExtension; /* const */
- PKIX_PL_OID *inhibitAnyPolicyExtension; /* const */
- PKIX_PL_OID *anyPolicyOID; /* const */
- PKIX_Boolean initialIsAnyPolicy; /* const */
- PKIX_PolicyNode *validPolicyTree;
- PKIX_List *userInitialPolicySet; /* immutable */
- PKIX_List *mappedUserInitialPolicySet;
- PKIX_Boolean policyQualifiersRejected;
- PKIX_Boolean initialPolicyMappingInhibit;
- PKIX_Boolean initialExplicitPolicy;
- PKIX_Boolean initialAnyPolicyInhibit;
- PKIX_UInt32 explicitPolicy;
- PKIX_UInt32 inhibitAnyPolicy;
- PKIX_UInt32 policyMapping;
- PKIX_UInt32 numCerts;
- PKIX_UInt32 certsProcessed;
- PKIX_PolicyNode *anyPolicyNodeAtBottom;
- PKIX_PolicyNode *newAnyPolicyNode;
- /*
- * The following variables do not survive from one
- * certificate to the next. They are needed at each
- * level of recursive routines, any by placing them
- * in the state object we can pass fewer arguments.
- */
- PKIX_Boolean certPoliciesCritical;
- PKIX_List *mappedPolicyOIDs;
-};
-
-PKIX_Error *
-pkix_PolicyChecker_Initialize(
- PKIX_List *initialPolicies,
- PKIX_Boolean policyQualifiersRejected,
- PKIX_Boolean initialPolicyMappingInhibit,
- PKIX_Boolean initialExplicitPolicy,
- PKIX_Boolean initialAnyPolicyInhibit,
- PKIX_UInt32 numCerts,
- PKIX_CertChainChecker **pChecker,
- void *plContext);
-
-/* --Private-Functions-------------------------------------------- */
-
-PKIX_Error *
-pkix_PolicyCheckerState_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_POLICYCHECKER_H */
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c
deleted file mode 100755
index 82bbac967..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c
+++ /dev/null
@@ -1,502 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_revocationchecker.c
- *
- * RevocationChecker Object Functions
- *
- */
-
-#include "pkix_revocationchecker.h"
-#include "pkix_tools.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_RevocationChecker_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_RevocationChecker_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_RevocationChecker *checker = NULL;
-
- PKIX_ENTER(REVOCATIONCHECKER, "pkix_RevocationChecker_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- /* Check that this object is a revocation checker */
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_REVOCATIONCHECKER_TYPE, plContext),
- PKIX_OBJECTNOTREVOCATIONCHECKER);
-
- checker = (PKIX_RevocationChecker *)object;
-
- PKIX_DECREF(checker->leafMethodList);
- PKIX_DECREF(checker->chainMethodList);
-
-cleanup:
-
- PKIX_RETURN(REVOCATIONCHECKER);
-}
-
-/*
- * FUNCTION: pkix_RevocationChecker_Duplicate
- * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_RevocationChecker_Duplicate(
- PKIX_PL_Object *object,
- PKIX_PL_Object **pNewObject,
- void *plContext)
-{
- PKIX_RevocationChecker *checker = NULL;
- PKIX_RevocationChecker *checkerDuplicate = NULL;
- PKIX_List *dupLeafList = NULL;
- PKIX_List *dupChainList = NULL;
-
- PKIX_ENTER(REVOCATIONCHECKER, "pkix_RevocationChecker_Duplicate");
- PKIX_NULLCHECK_TWO(object, pNewObject);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_REVOCATIONCHECKER_TYPE, plContext),
- PKIX_OBJECTNOTCERTCHAINCHECKER);
-
- checker = (PKIX_RevocationChecker *)object;
-
- if (checker->leafMethodList){
- PKIX_CHECK(PKIX_PL_Object_Duplicate
- ((PKIX_PL_Object *)checker->leafMethodList,
- (PKIX_PL_Object **)&dupLeafList,
- plContext),
- PKIX_OBJECTDUPLICATEFAILED);
- }
- if (checker->chainMethodList){
- PKIX_CHECK(PKIX_PL_Object_Duplicate
- ((PKIX_PL_Object *)checker->chainMethodList,
- (PKIX_PL_Object **)&dupChainList,
- plContext),
- PKIX_OBJECTDUPLICATEFAILED);
- }
-
- PKIX_CHECK(
- PKIX_RevocationChecker_Create(checker->leafMethodListFlags,
- checker->chainMethodListFlags,
- &checkerDuplicate,
- plContext),
- PKIX_REVOCATIONCHECKERCREATEFAILED);
-
- checkerDuplicate->leafMethodList = dupLeafList;
- checkerDuplicate->chainMethodList = dupChainList;
- dupLeafList = NULL;
- dupChainList = NULL;
-
- *pNewObject = (PKIX_PL_Object *)checkerDuplicate;
-
-cleanup:
- PKIX_DECREF(dupLeafList);
- PKIX_DECREF(dupChainList);
-
- PKIX_RETURN(REVOCATIONCHECKER);
-}
-
-/*
- * FUNCTION: pkix_RevocationChecker_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_REVOCATIONCHECKER_TYPE and its related functions with
- * systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_RevocationChecker_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(REVOCATIONCHECKER, "pkix_RevocationChecker_RegisterSelf");
-
- entry.description = "RevocationChecker";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_RevocationChecker);
- entry.destructor = pkix_RevocationChecker_Destroy;
- entry.equalsFunction = NULL;
- entry.hashcodeFunction = NULL;
- entry.toStringFunction = NULL;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_RevocationChecker_Duplicate;
-
- systemClasses[PKIX_REVOCATIONCHECKER_TYPE] = entry;
-
- PKIX_RETURN(REVOCATIONCHECKER);
-}
-
-/* Sort methods by theirs priorities */
-static PKIX_Error *
-pkix_RevocationChecker_SortComparator(
- PKIX_PL_Object *obj1,
- PKIX_PL_Object *obj2,
- PKIX_Int32 *pResult,
- void *plContext)
-{
- pkix_RevocationMethod *method1 = NULL, *method2 = NULL;
-
- PKIX_ENTER(BUILD, "pkix_RevocationChecker_SortComparator");
-
- method1 = (pkix_RevocationMethod *)obj1;
- method2 = (pkix_RevocationMethod *)obj2;
-
- *pResult = (method1->priority > method2->priority);
-
- PKIX_RETURN(BUILD);
-}
-
-
-/* --Public-Functions--------------------------------------------- */
-
-
-/*
- * FUNCTION: PKIX_RevocationChecker_Create (see comments in pkix_revchecker.h)
- */
-PKIX_Error *
-PKIX_RevocationChecker_Create(
- PKIX_UInt32 leafMethodListFlags,
- PKIX_UInt32 chainMethodListFlags,
- PKIX_RevocationChecker **pChecker,
- void *plContext)
-{
- PKIX_RevocationChecker *checker = NULL;
-
- PKIX_ENTER(REVOCATIONCHECKER, "PKIX_RevocationChecker_Create");
- PKIX_NULLCHECK_ONE(pChecker);
-
- PKIX_CHECK(
- PKIX_PL_Object_Alloc(PKIX_REVOCATIONCHECKER_TYPE,
- sizeof (PKIX_RevocationChecker),
- (PKIX_PL_Object **)&checker,
- plContext),
- PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT);
-
- checker->leafMethodListFlags = leafMethodListFlags;
- checker->chainMethodListFlags = chainMethodListFlags;
- checker->leafMethodList = NULL;
- checker->chainMethodList = NULL;
-
- *pChecker = checker;
- checker = NULL;
-
-cleanup:
- PKIX_DECREF(checker);
-
- PKIX_RETURN(REVOCATIONCHECKER);
-}
-
-/*
- * FUNCTION: PKIX_RevocationChecker_CreateAndAddMethod
- */
-PKIX_Error *
-PKIX_RevocationChecker_CreateAndAddMethod(
- PKIX_RevocationChecker *revChecker,
- PKIX_ProcessingParams *params,
- PKIX_RevocationMethodType methodType,
- PKIX_UInt32 flags,
- PKIX_UInt32 priority,
- PKIX_PL_VerifyCallback verificationFn,
- PKIX_Boolean isLeafMethod,
- void *plContext)
-{
- PKIX_List **methodList = NULL;
- PKIX_List *unsortedList = NULL;
- PKIX_List *certStores = NULL;
- pkix_RevocationMethod *method = NULL;
- pkix_LocalRevocationCheckFn *localRevChecker = NULL;
- pkix_ExternalRevocationCheckFn *externRevChecker = NULL;
- PKIX_UInt32 miFlags;
-
- PKIX_ENTER(REVOCATIONCHECKER, "PKIX_RevocationChecker_CreateAndAddMethod");
- PKIX_NULLCHECK_ONE(revChecker);
-
- /* If the caller has said "Either one is sufficient, then don't let the
- * absence of any one method's info lead to an overall failure.
- */
- miFlags = isLeafMethod ? revChecker->leafMethodListFlags
- : revChecker->chainMethodListFlags;
- if (miFlags & PKIX_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE)
- flags &= ~PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO;
-
- switch (methodType) {
- case PKIX_RevocationMethod_CRL:
- localRevChecker = pkix_CrlChecker_CheckLocal;
- externRevChecker = pkix_CrlChecker_CheckExternal;
- PKIX_CHECK(
- PKIX_ProcessingParams_GetCertStores(params, &certStores,
- plContext),
- PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED);
- PKIX_CHECK(
- pkix_CrlChecker_Create(methodType, flags, priority,
- localRevChecker, externRevChecker,
- certStores, verificationFn,
- &method,
- plContext),
- PKIX_COULDNOTCREATECRLCHECKEROBJECT);
- break;
- case PKIX_RevocationMethod_OCSP:
- localRevChecker = pkix_OcspChecker_CheckLocal;
- externRevChecker = pkix_OcspChecker_CheckExternal;
- PKIX_CHECK(
- pkix_OcspChecker_Create(methodType, flags, priority,
- localRevChecker, externRevChecker,
- verificationFn,
- &method,
- plContext),
- PKIX_COULDNOTCREATEOCSPCHECKEROBJECT);
- break;
- default:
- PKIX_ERROR(PKIX_INVALIDREVOCATIONMETHOD);
- }
-
- if (isLeafMethod) {
- methodList = &revChecker->leafMethodList;
- } else {
- methodList = &revChecker->chainMethodList;
- }
-
- if (*methodList == NULL) {
- PKIX_CHECK(
- PKIX_List_Create(methodList, plContext),
- PKIX_LISTCREATEFAILED);
- }
- unsortedList = *methodList;
- PKIX_CHECK(
- PKIX_List_AppendItem(unsortedList, (PKIX_PL_Object*)method, plContext),
- PKIX_LISTAPPENDITEMFAILED);
- PKIX_CHECK(
- pkix_List_BubbleSort(unsortedList,
- pkix_RevocationChecker_SortComparator,
- methodList, plContext),
- PKIX_LISTBUBBLESORTFAILED);
-
-cleanup:
- PKIX_DECREF(method);
- PKIX_DECREF(unsortedList);
- PKIX_DECREF(certStores);
-
- PKIX_RETURN(REVOCATIONCHECKER);
-}
-
-/*
- * FUNCTION: PKIX_RevocationChecker_Check
- */
-PKIX_Error *
-PKIX_RevocationChecker_Check(
- PKIX_PL_Cert *cert,
- PKIX_PL_Cert *issuer,
- PKIX_RevocationChecker *revChecker,
- PKIX_ProcessingParams *procParams,
- PKIX_Boolean chainVerificationState,
- PKIX_Boolean testingLeafCert,
- PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *pReasonCode,
- void **pNbioContext,
- void *plContext)
-{
- PKIX_RevocationStatus overallStatus = PKIX_RevStatus_NoInfo;
- PKIX_RevocationStatus methodStatus[PKIX_RevocationMethod_MAX];
- PKIX_Boolean onlyUseRemoteMethods = PKIX_FALSE;
- PKIX_UInt32 revFlags = 0;
- PKIX_List *revList = NULL;
- PKIX_PL_Date *date = NULL;
- pkix_RevocationMethod *method = NULL;
- void *nbioContext;
- int tries;
-
- PKIX_ENTER(REVOCATIONCHECKER, "PKIX_RevocationChecker_Check");
- PKIX_NULLCHECK_TWO(revChecker, procParams);
-
- nbioContext = *pNbioContext;
- *pNbioContext = NULL;
-
- if (testingLeafCert) {
- revList = revChecker->leafMethodList;
- revFlags = revChecker->leafMethodListFlags;
- } else {
- revList = revChecker->chainMethodList;
- revFlags = revChecker->chainMethodListFlags;
- }
- if (!revList) {
- /* Return NoInfo status */
- goto cleanup;
- }
-
- PORT_Memset(methodStatus, PKIX_RevStatus_NoInfo,
- sizeof(PKIX_RevocationStatus) * PKIX_RevocationMethod_MAX);
-
- date = procParams->date;
-
- /* Need to have two loops if we testing all local info first:
- * first we are going to test all local(cached) info
- * second, all remote info(fetching) */
- for (tries = 0;tries < 2;tries++) {
- int methodNum = 0;
- for (;methodNum < revList->length;methodNum++) {
- PKIX_UInt32 methodFlags = 0;
-
- PKIX_DECREF(method);
- pkixErrorResult = PKIX_List_GetItem(revList, methodNum,
- (PKIX_PL_Object**)&method,
- plContext);
- if (pkixErrorResult) {
- /* Return error. Should not shappen in normal conditions. */
- goto cleanup;
- }
- methodFlags = method->flags;
- if (!(methodFlags & PKIX_REV_M_TEST_USING_THIS_METHOD)) {
- /* Will not check with this method. Skipping... */
- continue;
- }
- if (!onlyUseRemoteMethods &&
- methodStatus[methodNum] == PKIX_RevStatus_NoInfo) {
- PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
-
- pkixErrorResult =
- (*method->localRevChecker)(cert, issuer, date,
- method, procParams,
- methodFlags,
- chainVerificationState,
- &revStatus,
- pReasonCode, plContext);
- methodStatus[methodNum] = revStatus;
- if (revStatus == PKIX_RevStatus_Revoked) {
- /* if error was generated use it as final error. */
- overallStatus = PKIX_RevStatus_Revoked;
- goto cleanup;
- }
- if (pkixErrorResult) {
- /* Disregard errors. Only returned revStatus matters. */
- PKIX_PL_Object_DecRef((PKIX_PL_Object*)pkixErrorResult,
- plContext);
- pkixErrorResult = NULL;
- }
- }
- if ((!(revFlags & PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST) ||
- onlyUseRemoteMethods) &&
- chainVerificationState &&
- methodStatus[methodNum] == PKIX_RevStatus_NoInfo) {
- if (!(methodFlags & PKIX_REV_M_FORBID_NETWORK_FETCHING)) {
- PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
- pkixErrorResult =
- (*method->externalRevChecker)(cert, issuer, date,
- method,
- procParams, methodFlags,
- &revStatus, pReasonCode,
- &nbioContext, plContext);
- methodStatus[methodNum] = revStatus;
- if (revStatus == PKIX_RevStatus_Revoked) {
- /* if error was generated use it as final error. */
- overallStatus = PKIX_RevStatus_Revoked;
- goto cleanup;
- }
- if (pkixErrorResult) {
- /* Disregard errors. Only returned revStatus matters. */
- PKIX_PL_Object_DecRef((PKIX_PL_Object*)pkixErrorResult,
- plContext);
- pkixErrorResult = NULL;
- }
- } else if (methodFlags &
- PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO) {
- /* Info is not in the local cache. Network fetching is not
- * allowed. If need to fail on missing fresh info for the
- * the method, then we should fail right here.*/
- overallStatus = PKIX_RevStatus_Revoked;
- goto cleanup;
- }
- }
- /* If success and we should not check the next method, then
- * return a success. */
- if (methodStatus[methodNum] == PKIX_RevStatus_Success &&
- !(methodFlags & PKIX_REV_M_CONTINUE_TESTING_ON_FRESH_INFO)) {
- overallStatus = PKIX_RevStatus_Success;
- goto cleanup;
- }
- } /* inner loop */
- if (!onlyUseRemoteMethods &&
- revFlags & PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST &&
- chainVerificationState) {
- onlyUseRemoteMethods = PKIX_TRUE;
- continue;
- }
- break;
- } /* outer loop */
-
- if (overallStatus == PKIX_RevStatus_NoInfo &&
- chainVerificationState) {
- /* The following check makes sence only for chain
- * validation step, sinse we do not fetch info while
- * in the process of finding trusted anchor.
- * For chain building step it is enough to know, that
- * the cert was not directly revoked by any of the
- * methods. */
-
- /* Still have no info. But one of the method could
- * have returned success status(possible if CONTINUE
- * TESTING ON FRESH INFO flag was used).
- * If any of the methods have returned Success status,
- * the overallStatus should be success. */
- int methodNum = 0;
- for (;methodNum < PKIX_RevocationMethod_MAX;methodNum++) {
- if (methodStatus[methodNum] == PKIX_RevStatus_Success) {
- overallStatus = PKIX_RevStatus_Success;
- goto cleanup;
- }
- }
- if (revFlags & PKIX_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE) {
- overallStatus = PKIX_RevStatus_Revoked;
- }
- }
-
-cleanup:
- *pRevStatus = overallStatus;
- PKIX_DECREF(method);
-
- PKIX_RETURN(REVOCATIONCHECKER);
-}
-
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h
deleted file mode 100755
index 5a10e1251..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h
+++ /dev/null
@@ -1,183 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_revocationchecker.h
- *
- * RevocationChecker Object Type Definition
- *
- */
-
-#ifndef _PKIX_REVOCATIONCHECKER_H
-#define _PKIX_REVOCATIONCHECKER_H
-
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* NOTE: nbio logistic removed. Will be replaced later. */
-
-/*
- * All Flags are prefixed by CERT_REV_M_, where _M_ indicates
- * this is a method dependent flag.
- */
-
-/*
- * Whether or not to use a method for revocation testing.
- * If set to "do not test", then all other flags are ignored.
- */
-#define PKIX_REV_M_DO_NOT_TEST_USING_THIS_METHOD 0x00L
-#define PKIX_REV_M_TEST_USING_THIS_METHOD 0x01L
-
-/*
- * Whether or not NSS is allowed to attempt to fetch fresh information
- * from the network.
- * (Although fetching will never happen if fresh information for the
- * method is already locally available.)
- */
-#define PKIX_REV_M_ALLOW_NETWORK_FETCHING 0x00L
-#define PKIX_REV_M_FORBID_NETWORK_FETCHING 0x02L
-
-/*
- * Example for an implicit default source:
- * The globally configured default OCSP responder.
- * IGNORE means:
- * ignore the implicit default source, whether it's configured or not.
- * ALLOW means:
- * if an implicit default source is configured,
- * then it overrides any available or missing source in the cert.
- * if no implicit default source is configured,
- * then we continue to use what's available (or not available)
- * in the certs.
- */
-#define PKIX_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE 0x00L
-#define PKIX_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE 0x04L /* OCSP only */
-
-/*
- * Defines the behavior if no fresh information is available,
- * fetching from the network is allowed, but the source of revocation
- * information is unknown (even after considering implicit sources,
- * if allowed by other flags).
- * SKIPT_TEST means:
- * We ignore that no fresh information is available and
- * skip this test.
- * REQUIRE_INFO means:
- * We still require that fresh information is available.
- * Other flags define what happens on missing fresh info.
- */
-
-#define PKIX_REV_M_SKIP_TEST_ON_MISSING_SOURCE 0x00L
-#define PKIX_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE 0x08L
-
-/*
- * Defines the behavior if we are unable to obtain fresh information.
- * INGORE means:
- * Return "cert status unknown"
- * FAIL means:
- * Return "cert revoked".
- */
-
-#define PKIX_REV_M_IGNORE_MISSING_FRESH_INFO 0x00L
-#define PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO 0x10L
-
-/*
- * What should happen if we were able to find fresh information using
- * this method, and the data indicated the cert is good?
- * STOP_TESTING means:
- * Our success is sufficient, do not continue testing
- * other methods.
- * CONTINUE_TESTING means:
- * We will continue and test the next allowed
- * specified method.
- */
-
-#define PKIX_REV_M_STOP_TESTING_ON_FRESH_INFO 0x00L
-#define PKIX_REV_M_CONTINUE_TESTING_ON_FRESH_INFO 0x20L
-
-/*
- * All Flags are prefixed by PKIX_REV_MI_, where _MI_ indicates
- * this is a method independent flag.
- */
-
-/*
- * This defines the order to checking.
- * EACH_METHOD_SEPARATELY means:
- * Do all tests related to a particular allowed method
- * (both local information and network fetching) in a single step.
- * Only after testing for a particular method is done,
- * then switching to the next method will happen.
- * ALL_LOCAL_INFORMATION_FIRST means:
- * Start by testing the information for all allowed methods
- * which are already locally available. Only after that is done
- * consider to fetch from the network (as allowed by other flags).
- */
-#define PKIX_REV_MI_TEST_EACH_METHOD_SEPARATELY 0x00L
-#define PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST 0x01L
-
-/*
- * Use this flag to specify that it's necessary that fresh information
- * is available for at least one of the allowed methods, but it's
- * irrelevant which of the mechanisms succeeded.
- * NO_OVERALL_INFO_REQUIREMENT means:
- * We strictly follow the requirements for each individual method.
- * REQUIRE_SOME_FRESH_INFO_AVAILABLE means:
- * After the individual tests have been executed, we must have
- * been able to find fresh information using at least one method.
- * If we were unable to find fresh info, it's a failure.
- */
-#define PKIX_REV_MI_NO_OVERALL_INFO_REQUIREMENT 0x00L
-#define PKIX_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE 0x02L
-
-/* Defines check time for the cert, revocation methods lists and
- * flags for leaf and chain certs revocation tests. */
-struct PKIX_RevocationCheckerStruct {
- PKIX_List *leafMethodList;
- PKIX_List *chainMethodList;
- PKIX_UInt32 leafMethodListFlags;
- PKIX_UInt32 chainMethodListFlags;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_RevocationChecker_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_REVOCATIONCHECKER_H */
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.c b/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.c
deleted file mode 100644
index b4c7e5ed3..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_revocationmethod.c
- *
- * RevocationMethod Object Functions
- *
- */
-
-#include "pkix_revocationmethod.h"
-#include "pkix_tools.h"
-
-/* Constructor of revocation method object. Does not create an object,
- * but just initializez PKIX_RevocationMethodStruct fields. Object
- * suppose to be already created. */
-PKIX_Error *
-pkix_RevocationMethod_Init(
- pkix_RevocationMethod *method,
- PKIX_RevocationMethodType methodType,
- PKIX_UInt32 flags,
- PKIX_UInt32 priority,
- pkix_LocalRevocationCheckFn localRevChecker,
- pkix_ExternalRevocationCheckFn externalRevChecker,
- void *plContext)
-{
- PKIX_ENTER(REVOCATIONMETHOD, "PKIX_RevocationMethod_Init");
-
- method->methodType = methodType;
- method->flags = flags;
- method->priority = priority;
- method->localRevChecker = localRevChecker;
- method->externalRevChecker = externalRevChecker;
-
- PKIX_RETURN(REVOCATIONMETHOD);
-}
-
-/* Data duplication data. Not create an object. Only initializes fields
- * in the new object by data from "object". */
-PKIX_Error *
-pkix_RevocationMethod_Duplicate(
- PKIX_PL_Object *object,
- PKIX_PL_Object *newObject,
- void *plContext)
-{
- pkix_RevocationMethod *method = NULL;
-
- PKIX_ENTER(REVOCATIONMETHOD, "pkix_RevocationMethod_Duplicate");
- PKIX_NULLCHECK_TWO(object, newObject);
-
- method = (pkix_RevocationMethod *)object;
-
- PKIX_CHECK(
- pkix_RevocationMethod_Init((pkix_RevocationMethod*)newObject,
- method->methodType,
- method->flags,
- method->priority,
- method->localRevChecker,
- method->externalRevChecker,
- plContext),
- PKIX_COULDNOTCREATEREVOCATIONMETHODOBJECT);
-
-cleanup:
-
- PKIX_RETURN(REVOCATIONMETHOD);
-}
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h b/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h
deleted file mode 100644
index 3ce189459..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h
+++ /dev/null
@@ -1,113 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_revocationmethod.h
- *
- * RevocationMethod Object
- *
- */
-
-#ifndef _PKIX_REVOCATIONMETHOD_H
-#define _PKIX_REVOCATIONMETHOD_H
-
-#include "pkixt.h"
-#include "pkix_revocationchecker.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct pkix_RevocationMethodStruct pkix_RevocationMethod;
-
-/* Local revocation check function prototype definition.
- * Revocation methods capable of checking revocation though local
- * means(cache) should implement this prototype. */
-typedef PKIX_Error *
-pkix_LocalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer,
- PKIX_PL_Date *date,
- pkix_RevocationMethod *checkerObject,
- PKIX_ProcessingParams *procParams,
- PKIX_UInt32 methodFlags,
- PKIX_Boolean chainVerificationState,
- PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *reasonCode,
- void *plContext);
-
-/* External revocation check function prototype definition.
- * Revocation methods that required external communications(crldp
- * ocsp) shoult implement this prototype. */
-typedef PKIX_Error *
-pkix_ExternalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer,
- PKIX_PL_Date *date,
- pkix_RevocationMethod *checkerObject,
- PKIX_ProcessingParams *procParams,
- PKIX_UInt32 methodFlags,
- PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *reasonCode,
- void **pNBIOContext, void *plContext);
-
-/* Revocation method structure assosiates revocation types with
- * a set of flags on the method, a priority of the method, and
- * method local/external checker functions. */
-struct pkix_RevocationMethodStruct {
- PKIX_RevocationMethodType methodType;
- PKIX_UInt32 flags;
- PKIX_UInt32 priority;
- pkix_LocalRevocationCheckFn (*localRevChecker);
- pkix_ExternalRevocationCheckFn (*externalRevChecker);
-};
-
-PKIX_Error *
-pkix_RevocationMethod_Duplicate(PKIX_PL_Object *object,
- PKIX_PL_Object *newObject,
- void *plContext);
-
-PKIX_Error *
-pkix_RevocationMethod_Init(pkix_RevocationMethod *method,
- PKIX_RevocationMethodType methodType,
- PKIX_UInt32 flags,
- PKIX_UInt32 priority,
- pkix_LocalRevocationCheckFn localRevChecker,
- pkix_ExternalRevocationCheckFn externalRevChecker,
- void *plContext);
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_REVOCATIONMETHOD_H */
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c
deleted file mode 100755
index b03ef432c..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c
+++ /dev/null
@@ -1,475 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_signaturechecker.c
- *
- * Functions for signature validation
- *
- */
-
-#include "pkix_signaturechecker.h"
-
-/*
- * FUNCTION: pkix_SignatureCheckerstate_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_SignatureCheckerState_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- pkix_SignatureCheckerState *state = NULL;
-
- PKIX_ENTER(SIGNATURECHECKERSTATE,
- "pkix_SignatureCheckerState_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- /* Check that this object is a signature checker state */
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_SIGNATURECHECKERSTATE_TYPE, plContext),
- PKIX_OBJECTNOTSIGNATURECHECKERSTATE);
-
- state = (pkix_SignatureCheckerState *) object;
-
- state->prevCertCertSign = PKIX_FALSE;
-
- PKIX_DECREF(state->prevPublicKey);
- PKIX_DECREF(state->prevPublicKeyList);
- PKIX_DECREF(state->keyUsageOID);
-
-cleanup:
-
- PKIX_RETURN(SIGNATURECHECKERSTATE);
-}
-
-/*
- * FUNCTION: pkix_SignatureCheckerState_RegisterSelf
- *
- * DESCRIPTION:
- * Registers PKIX_SIGNATURECHECKERSTATE_TYPE and its related functions
- * with systemClasses[]
- *
- * THREAD SAFETY:
- * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_SignatureCheckerState_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(SIGNATURECHECKERSTATE,
- "pkix_SignatureCheckerState_RegisterSelf");
-
- entry.description = "SignatureCheckerState";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(pkix_SignatureCheckerState);
- entry.destructor = pkix_SignatureCheckerState_Destroy;
- entry.equalsFunction = NULL;
- entry.hashcodeFunction = NULL;
- entry.toStringFunction = NULL;
- entry.comparator = NULL;
- entry.duplicateFunction = NULL;
-
- systemClasses[PKIX_SIGNATURECHECKERSTATE_TYPE] = entry;
-
- PKIX_RETURN(SIGNATURECHECKERSTATE);
-}
-
-/*
- * FUNCTION: pkix_SignatureCheckerState_Create
- *
- * DESCRIPTION:
- * Allocate and initialize SignatureChecker state data.
- *
- * PARAMETERS
- * "trustedPubKey"
- * Address of trusted Anchor Public Key for verifying first Cert in the
- * chain. Must be non-NULL.
- * "certsRemaining"
- * Number of certificates remaining in the chain.
- * "pCheckerState"
- * Address where SignatureCheckerState will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a SignatureCheckerState Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_SignatureCheckerState_Create(
- PKIX_PL_PublicKey *trustedPubKey,
- PKIX_UInt32 certsRemaining,
- pkix_SignatureCheckerState **pCheckerState,
- void *plContext)
-{
- pkix_SignatureCheckerState *state = NULL;
- PKIX_PL_OID *keyUsageOID = NULL;
-
- PKIX_ENTER(SIGNATURECHECKERSTATE, "pkix_SignatureCheckerState_Create");
- PKIX_NULLCHECK_TWO(trustedPubKey, pCheckerState);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_SIGNATURECHECKERSTATE_TYPE,
- sizeof (pkix_SignatureCheckerState),
- (PKIX_PL_Object **)&state,
- plContext),
- PKIX_COULDNOTCREATESIGNATURECHECKERSTATEOBJECT);
-
- /* Initialize fields */
-
- state->prevCertCertSign = PKIX_TRUE;
- state->prevPublicKeyList = NULL;
- state->certsRemaining = certsRemaining;
-
- PKIX_INCREF(trustedPubKey);
- state->prevPublicKey = trustedPubKey;
-
- PKIX_CHECK(PKIX_PL_OID_Create
- (PKIX_CERTKEYUSAGE_OID,
- &keyUsageOID,
- plContext),
- PKIX_OIDCREATEFAILED);
-
- state->keyUsageOID = keyUsageOID;
- keyUsageOID = NULL;
-
- *pCheckerState = state;
- state = NULL;
-
-cleanup:
-
- PKIX_DECREF(keyUsageOID);
- PKIX_DECREF(state);
-
- PKIX_RETURN(SIGNATURECHECKERSTATE);
-}
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_SignatureChecker_Check
- * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
- */
-PKIX_Error *
-pkix_SignatureChecker_Check(
- PKIX_CertChainChecker *checker,
- PKIX_PL_Cert *cert,
- PKIX_List *unresolvedCriticalExtensions,
- void **pNBIOContext,
- void *plContext)
-{
- pkix_SignatureCheckerState *state = NULL;
- PKIX_PL_PublicKey *prevPubKey = NULL;
- PKIX_PL_PublicKey *currPubKey = NULL;
- PKIX_PL_PublicKey *newPubKey = NULL;
- PKIX_PL_PublicKey *pKey = NULL;
- PKIX_PL_CertBasicConstraints *basicConstraints = NULL;
- PKIX_Error *checkKeyUsageFail = NULL;
- PKIX_Error *verifyFail = NULL;
- PKIX_Boolean certVerified = PKIX_FALSE;
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_SignatureChecker_Check");
- PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
-
- *pNBIOContext = NULL; /* we never block on pending I/O */
-
- PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
- (checker, (PKIX_PL_Object **)&state, plContext),
- PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
-
- (state->certsRemaining)--;
-
- PKIX_INCREF(state->prevPublicKey);
- prevPubKey = state->prevPublicKey;
-
- /*
- * Previous Cert doesn't have CertSign bit on for signature
- * verification and it is not a self-issued Cert so there is no
- * old key saved. This is considered error.
- */
- if (state->prevCertCertSign == PKIX_FALSE &&
- state->prevPublicKeyList == NULL) {
- PKIX_ERROR(PKIX_KEYUSAGEKEYCERTSIGNBITNOTON);
- }
-
- /* Previous Cert is valid for signature verification, try it first */
- if (state->prevCertCertSign == PKIX_TRUE) {
- verifyFail = PKIX_PL_Cert_VerifySignature
- (cert, prevPubKey, plContext);
- if (verifyFail == NULL) {
- certVerified = PKIX_TRUE;
- } else {
- certVerified = PKIX_FALSE;
- PKIX_DECREF(verifyFail);
- }
- }
-
-#ifdef NIST_TEST_4_5_4_AND_4_5_6
-
- /*
- * Following codes under this compiler flag is implemented for
- * special cases of NIST tests 4.5.4 and 4.5.6. We are not sure
- * we should handle these two tests as what is implemented so the
- * codes are commented out, and the tests fails (for now).
- * For Cert chain validation, our assumption is all the Certs on
- * the chain are using its previous Cert's public key to decode
- * its current key. But for thses two tests, keys are used not
- * in this precedent order, we can either
- * 1) Use what is implemented here: take in what Cert order NIST
- * specified and for continuous self-issued Certs, stacking up
- * their keys and tries all of them in FILO order.
- * But this method breaks the idea of chain key presdency.
- * 2) Use Build Chain facility: we will specify the valid Certs
- * order (means key precedency is kept) and count on Build Chain
- * to get the Certs that can fill for the needed keys. This may have
- * performance impact.
- * 3) Fetch Certs from CertStore: we will specifiy the valid Certs
- * order and use CertSelector on SubjectName to get a list of
- * candidates Certs to fill in for the needed keys.
- * Anyhow, the codes are kept around just in case we want to use
- * solution one...
- */
-
- /* If failed and previous key is self-issued, try its old key(s) */
- if (certVerified == PKIX_FALSE && state->prevPublicKeyList != NULL) {
-
- /* Verify from keys on the list */
- PKIX_CHECK(PKIX_List_GetLength
- (state->prevPublicKeyList, &numKeys, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (i = numKeys - 1; i >= 0; i--) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (state->prevPublicKeyList,
- i,
- (PKIX_PL_Object **) &pKey,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- verifyFail = PKIX_PL_Cert_VerifySignature
- (cert, pKey, plContext);
-
- if (verifyFail == NULL) {
- certVerified = PKIX_TRUE;
- break;
- } else {
- certVerified = PKIX_FALSE;
- PKIX_DECREF(verifyFail);
- }
-
- PKIX_DECREF(pKey);
- }
- }
-#endif
-
- if (certVerified == PKIX_FALSE) {
- PKIX_ERROR(PKIX_VALIDATIONFAILEDCERTSIGNATURECHECKING);
- }
-
-#ifdef NIST_TEST_4_5_4_AND_4_5_6
- /*
- * Check if Cert is self-issued. If so, the old key(s) is saved, in
- * conjunction to the new key, for verifying CERT validity later.
- */
- PKIX_CHECK(pkix_IsCertSelfIssued(cert, &selfIssued, plContext),
- PKIX_ISCERTSELFISSUEFAILED);
-
- /*
- * Check if Cert is self-issued. If so, the public key of the Cert
- * that issues this Cert (old key) can be used together with this
- * current key (new key) for key verification. If there are multiple
- * self-issued certs, keys of those Certs (old keys) can also be used
- * for key verification. Old key(s) is saved in a list (PrevPublickKey-
- * List) and cleared when a Cert is no longer self-issued. PrevPublic-
- * Key keep key of the previous Cert.
- */
- if (selfIssued == PKIX_TRUE) {
-
- /* Make sure previous Cert is valid for signature verification */
- if (state->prevCertCertSign == PKIX_TRUE) {
-
- if (state->prevPublicKeyList == NULL) {
-
- PKIX_CHECK(PKIX_List_Create
- (&state->prevPublicKeyList, plContext),
- PKIX_LISTCREATEFALIED);
-
- }
-
- PKIX_CHECK(PKIX_List_AppendItem
- (state->prevPublicKeyList,
- (PKIX_PL_Object *) state->prevPublicKey,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- }
-
- } else {
- /* Not self-issued Cert any more, clear old key(s) saved */
- PKIX_DECREF(state->prevPublicKeyList);
- }
-#endif
-
- /* Save current key as prevPublicKey */
- PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKey
- (cert, &currPubKey, plContext),
- PKIX_CERTGETSUBJECTPUBLICKEYFAILED);
-
- PKIX_CHECK(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey
- (currPubKey, prevPubKey, &newPubKey, plContext),
- PKIX_PUBLICKEYMAKEINHERITEDDSAPUBLICKEYFAILED);
-
- if (newPubKey == NULL){
- PKIX_INCREF(currPubKey);
- newPubKey = currPubKey;
- }
-
- PKIX_INCREF(newPubKey);
- PKIX_DECREF(state->prevPublicKey);
-
- state->prevPublicKey = newPubKey;
-
- /* Save this Cert key usage CertSign bit */
- if (state->certsRemaining != 0) {
- checkKeyUsageFail = PKIX_PL_Cert_VerifyKeyUsage
- (cert, PKIX_KEY_CERT_SIGN, plContext);
-
- state->prevCertCertSign = (checkKeyUsageFail == NULL)?
- PKIX_TRUE:PKIX_FALSE;
-
- PKIX_DECREF(checkKeyUsageFail);
- }
-
- /* Remove Key Usage Extension OID from list */
- if (unresolvedCriticalExtensions != NULL) {
-
- PKIX_CHECK(pkix_List_Remove
- (unresolvedCriticalExtensions,
- (PKIX_PL_Object *) state->keyUsageOID,
- plContext),
- PKIX_LISTREMOVEFAILED);
- }
-
- PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState
- (checker, (PKIX_PL_Object *)state, plContext),
- PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
-
-cleanup:
-
- PKIX_DECREF(state);
- PKIX_DECREF(pKey);
- PKIX_DECREF(prevPubKey);
- PKIX_DECREF(currPubKey);
- PKIX_DECREF(newPubKey);
- PKIX_DECREF(basicConstraints);
- PKIX_DECREF(verifyFail);
- PKIX_DECREF(checkKeyUsageFail);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-
-}
-
-/*
- * FUNCTION: pkix_SignatureChecker_Initialize
- * DESCRIPTION:
- *
- * Creates a new CertChainChecker and stores it at "pChecker", where it will
- * be used by pkix_SignatureChecker_Check to check that the public key in
- * the checker's state is able to successfully validate the certificate's
- * signature. The PublicKey pointed to by "trustedPubKey" is used to
- * initialize the checker's state.
- *
- * PARAMETERS:
- * "trustedPubKey"
- * Address of PublicKey representing the trusted public key used to
- * initialize the state of this checker. Must be non-NULL.
- * "certsRemaining"
- * Number of certificates remaining in the chain.
- * "pChecker"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_SignatureChecker_Initialize(
- PKIX_PL_PublicKey *trustedPubKey,
- PKIX_UInt32 certsRemaining,
- PKIX_CertChainChecker **pChecker,
- void *plContext)
-{
- pkix_SignatureCheckerState* state = NULL;
- PKIX_ENTER(CERTCHAINCHECKER, "PKIX_SignatureChecker_Initialize");
- PKIX_NULLCHECK_TWO(pChecker, trustedPubKey);
-
- PKIX_CHECK(pkix_SignatureCheckerState_Create
- (trustedPubKey, certsRemaining, &state, plContext),
- PKIX_SIGNATURECHECKERSTATECREATEFAILED);
-
- PKIX_CHECK(PKIX_CertChainChecker_Create
- (pkix_SignatureChecker_Check,
- PKIX_FALSE,
- PKIX_FALSE,
- NULL,
- (PKIX_PL_Object *) state,
- pChecker,
- plContext),
- PKIX_CERTCHAINCHECKERCREATEFAILED);
-
-cleanup:
-
- PKIX_DECREF(state);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-
-}
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.h
deleted file mode 100755
index 7cfc0cecc..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.h
+++ /dev/null
@@ -1,77 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_signaturechecker.h
- *
- * Header file for validate signature function
- *
- */
-
-#ifndef _PKIX_SIGNATURECHECKER_H
-#define _PKIX_SIGNATURECHECKER_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct pkix_SignatureCheckerState pkix_SignatureCheckerState;
-
-struct pkix_SignatureCheckerState {
- PKIX_Boolean prevCertCertSign;
- PKIX_UInt32 certsRemaining;
- PKIX_PL_PublicKey *prevPublicKey; /* Subject PubKey of last cert */
- PKIX_List *prevPublicKeyList; /* of PKIX_PL_PublicKey */
- PKIX_PL_OID *keyUsageOID;
-};
-
-PKIX_Error *
-pkix_SignatureChecker_Initialize(
- PKIX_PL_PublicKey *trustedPubKey,
- PKIX_UInt32 certsRemaining,
- PKIX_CertChainChecker **pChecker,
- void *plContext);
-
-PKIX_Error *
-pkix_SignatureCheckerState_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_SIGNATURECHECKER_H */
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.c
deleted file mode 100755
index ea8745c92..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.c
+++ /dev/null
@@ -1,549 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_targetcertchecker.c
- *
- * Functions for target cert validation
- *
- */
-
-
-#include "pkix_targetcertchecker.h"
-
-/* --Private-TargetCertCheckerState-Functions------------------------------- */
-
-/*
- * FUNCTION: pkix_TargetCertCheckerState_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_TargetCertCheckerState_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- pkix_TargetCertCheckerState *state = NULL;
-
- PKIX_ENTER(TARGETCERTCHECKERSTATE,
- "pkix_TargetCertCheckerState_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- /* Check that this object is a target cert checker state */
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_TARGETCERTCHECKERSTATE_TYPE, plContext),
- PKIX_OBJECTNOTTARGETCERTCHECKERSTATE);
-
- state = (pkix_TargetCertCheckerState *)object;
-
- PKIX_DECREF(state->certSelector);
- PKIX_DECREF(state->extKeyUsageOID);
- PKIX_DECREF(state->subjAltNameOID);
- PKIX_DECREF(state->pathToNameList);
- PKIX_DECREF(state->extKeyUsageList);
- PKIX_DECREF(state->subjAltNameList);
-
-cleanup:
-
- PKIX_RETURN(TARGETCERTCHECKERSTATE);
-}
-
-/*
- * FUNCTION: pkix_TargetCertCheckerState_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_TARGETCERTCHECKERSTATE_TYPE and its related functions with
- * systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_TargetCertCheckerState_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(TARGETCERTCHECKERSTATE,
- "pkix_TargetCertCheckerState_RegisterSelf");
-
- entry.description = "TargetCertCheckerState";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(pkix_TargetCertCheckerState);
- entry.destructor = pkix_TargetCertCheckerState_Destroy;
- entry.equalsFunction = NULL;
- entry.hashcodeFunction = NULL;
- entry.toStringFunction = NULL;
- entry.comparator = NULL;
- entry.duplicateFunction = NULL;
-
- systemClasses[PKIX_TARGETCERTCHECKERSTATE_TYPE] = entry;
-
- PKIX_RETURN(TARGETCERTCHECKERSTATE);
-}
-
-/*
- * FUNCTION: pkix_TargetCertCheckerState_Create
- * DESCRIPTION:
- *
- * Creates a new TargetCertCheckerState using the CertSelector pointed to
- * by "certSelector" and the number of certs represented by "certsRemaining"
- * and stores it at "pState".
- *
- * PARAMETERS:
- * "certSelector"
- * Address of CertSelector representing the criteria against which the
- * final certificate in a chain is to be matched. Must be non-NULL.
- * "certsRemaining"
- * Number of certificates remaining in the chain.
- * "pState"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a TargetCertCheckerState Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_TargetCertCheckerState_Create(
- PKIX_CertSelector *certSelector,
- PKIX_UInt32 certsRemaining,
- pkix_TargetCertCheckerState **pState,
- void *plContext)
-{
- pkix_TargetCertCheckerState *state = NULL;
- PKIX_ComCertSelParams *certSelectorParams = NULL;
- PKIX_List *pathToNameList = NULL;
- PKIX_List *extKeyUsageList = NULL;
- PKIX_List *subjAltNameList = NULL;
- PKIX_PL_OID *extKeyUsageOID = NULL;
- PKIX_PL_OID *subjAltNameOID = NULL;
- PKIX_Boolean subjAltNameMatchAll = PKIX_TRUE;
-
- PKIX_ENTER(TARGETCERTCHECKERSTATE,
- "pkix_TargetCertCheckerState_Create");
- PKIX_NULLCHECK_ONE(pState);
-
- PKIX_CHECK(PKIX_PL_OID_Create
- (PKIX_EXTENDEDKEYUSAGE_OID,
- &extKeyUsageOID,
- plContext),
- PKIX_OIDCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_OID_Create
- (PKIX_CERTSUBJALTNAME_OID,
- &subjAltNameOID,
- plContext),
- PKIX_OIDCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_TARGETCERTCHECKERSTATE_TYPE,
- sizeof (pkix_TargetCertCheckerState),
- (PKIX_PL_Object **)&state,
- plContext),
- PKIX_COULDNOTCREATETARGETCERTCHECKERSTATEOBJECT);
-
- /* initialize fields */
-
- if (certSelector != NULL) {
-
- PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParams
- (certSelector, &certSelectorParams, plContext),
- PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMFAILED);
-
- if (certSelectorParams != NULL) {
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetPathToNames
- (certSelectorParams,
- &pathToNameList,
- plContext),
- PKIX_COMCERTSELPARAMSGETPATHTONAMESFAILED);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetExtendedKeyUsage
- (certSelectorParams,
- &extKeyUsageList,
- plContext),
- PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetSubjAltNames
- (certSelectorParams,
- &subjAltNameList,
- plContext),
- PKIX_COMCERTSELPARAMSGETSUBJALTNAMESFAILED);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetMatchAllSubjAltNames
- (certSelectorParams,
- &subjAltNameMatchAll,
- plContext),
- PKIX_COMCERTSELPARAMSGETSUBJALTNAMESFAILED);
- }
- }
-
- state->certsRemaining = certsRemaining;
- state->subjAltNameMatchAll = subjAltNameMatchAll;
-
- PKIX_INCREF(certSelector);
- state->certSelector = certSelector;
-
- state->pathToNameList = pathToNameList;
- pathToNameList = NULL;
-
- state->extKeyUsageList = extKeyUsageList;
- extKeyUsageList = NULL;
-
- state->subjAltNameList = subjAltNameList;
- subjAltNameList = NULL;
-
- state->extKeyUsageOID = extKeyUsageOID;
- extKeyUsageOID = NULL;
-
- state->subjAltNameOID = subjAltNameOID;
- subjAltNameOID = NULL;
-
- *pState = state;
- state = NULL;
-
-cleanup:
-
- PKIX_DECREF(extKeyUsageOID);
- PKIX_DECREF(subjAltNameOID);
- PKIX_DECREF(pathToNameList);
- PKIX_DECREF(extKeyUsageList);
- PKIX_DECREF(subjAltNameList);
- PKIX_DECREF(state);
-
- PKIX_DECREF(certSelectorParams);
-
- PKIX_RETURN(TARGETCERTCHECKERSTATE);
-
-}
-
-/* --Private-TargetCertChecker-Functions------------------------------- */
-
-/*
- * FUNCTION: pkix_TargetCertChecker_Check
- * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
- */
-PKIX_Error *
-pkix_TargetCertChecker_Check(
- PKIX_CertChainChecker *checker,
- PKIX_PL_Cert *cert,
- PKIX_List *unresolvedCriticalExtensions,
- void **pNBIOContext,
- void *plContext)
-{
- pkix_TargetCertCheckerState *state = NULL;
- PKIX_CertSelector_MatchCallback certSelectorMatch = NULL;
- PKIX_PL_CertNameConstraints *nameConstraints = NULL;
- PKIX_List *certSubjAltNames = NULL;
- PKIX_List *certExtKeyUsageList = NULL;
- PKIX_PL_GeneralName *name = NULL;
- PKIX_PL_X500Name *certSubjectName = NULL;
- PKIX_Boolean checkPassed = PKIX_FALSE;
- PKIX_UInt32 numItems, i;
- PKIX_UInt32 matchCount = 0;
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_TargetCertChecker_Check");
- PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
-
- *pNBIOContext = NULL; /* we never block on pending I/O */
-
- PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
- (checker, (PKIX_PL_Object **)&state, plContext),
- PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
-
- (state->certsRemaining)--;
-
- if (state->pathToNameList != NULL) {
-
- PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints
- (cert, &nameConstraints, plContext),
- PKIX_CERTGETNAMECONSTRAINTSFAILED);
-
- /*
- * XXX We should either make the following call a public one
- * so it is legal to call from the portability layer or we
- * should try to create pathToNameList as CertNameConstraints
- * then call the existing check function.
- */
- PKIX_CHECK(PKIX_PL_CertNameConstraints_CheckNamesInNameSpace
- (state->pathToNameList,
- nameConstraints,
- &checkPassed,
- plContext),
- PKIX_CERTNAMECONSTRAINTSCHECKNAMEINNAMESPACEFAILED);
-
- if (checkPassed != PKIX_TRUE) {
- PKIX_ERROR(PKIX_VALIDATIONFAILEDPATHTONAMECHECKFAILED);
- }
-
- }
-
- PKIX_CHECK(PKIX_PL_Cert_GetSubjectAltNames
- (cert, &certSubjAltNames, plContext),
- PKIX_CERTGETSUBJALTNAMESFAILED);
-
- if (state->subjAltNameList != NULL && certSubjAltNames != NULL) {
-
- PKIX_CHECK(PKIX_List_GetLength
- (state->subjAltNameList, &numItems, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (i = 0; i < numItems; i++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (state->subjAltNameList,
- i,
- (PKIX_PL_Object **) &name,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_List_Contains
- (certSubjAltNames,
- (PKIX_PL_Object *) name,
- &checkPassed,
- plContext),
- PKIX_LISTCONTAINSFAILED);
-
- PKIX_DECREF(name);
-
- if (checkPassed == PKIX_TRUE) {
-
- if (state->subjAltNameMatchAll == PKIX_FALSE) {
- matchCount = numItems;
- break;
- } else {
- /* else continue checking next */
- matchCount++;
- }
-
- }
- }
-
- if (matchCount != numItems) {
- PKIX_ERROR(PKIX_SUBJALTNAMECHECKFAILED);
-
- }
- }
-
- if (state->certsRemaining == 0) {
-
- if (state->certSelector != NULL) {
- PKIX_CHECK(PKIX_CertSelector_GetMatchCallback
- (state->certSelector,
- &certSelectorMatch,
- plContext),
- PKIX_CERTSELECTORGETMATCHCALLBACKFAILED);
-
- PKIX_CHECK(certSelectorMatch
- (state->certSelector,
- cert,
- plContext),
- PKIX_CERTSELECTORMATCHFAILED);
- } else {
- /* Check at least cert/key usages if target cert selector
- * is not set. */
- PKIX_CHECK(PKIX_PL_Cert_VerifyCertAndKeyType(cert,
- PKIX_FALSE /* is chain cert*/,
- plContext),
- PKIX_CERTVERIFYCERTTYPEFAILED);
- }
- /*
- * There are two Extended Key Usage Checkings
- * available :
- * 1) here at the targetcertchecker where we
- * verify the Extended Key Usage OIDs application
- * specifies via ComCertSelParams are included
- * in Cert's Extended Key Usage OID's. Note,
- * this is an OID to OID comparison and only last
- * Cert is checked.
- * 2) at user defined ekuchecker where checking
- * is applied to all Certs on the chain and
- * the NSS Extended Key Usage algorithm is
- * used. In order to invoke this checking, not
- * only does the ComCertSelparams needs to be
- * set, the EKU initialize call is required to
- * activate the checking.
- *
- * XXX We use the same ComCertSelParams Set/Get
- * functions to set the parameters for both cases.
- * We may want to separate them in the future.
- */
-
- PKIX_CHECK(PKIX_PL_Cert_GetExtendedKeyUsage
- (cert, &certExtKeyUsageList, plContext),
- PKIX_CERTGETEXTENDEDKEYUSAGEFAILED);
-
-
- if (state->extKeyUsageList != NULL &&
- certExtKeyUsageList != NULL) {
-
- PKIX_CHECK(PKIX_List_GetLength
- (state->extKeyUsageList, &numItems, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (i = 0; i < numItems; i++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (state->extKeyUsageList,
- i,
- (PKIX_PL_Object **) &name,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_List_Contains
- (certExtKeyUsageList,
- (PKIX_PL_Object *) name,
- &checkPassed,
- plContext),
- PKIX_LISTCONTAINSFAILED);
-
- PKIX_DECREF(name);
-
- if (checkPassed != PKIX_TRUE) {
- PKIX_ERROR
- (PKIX_EXTENDEDKEYUSAGECHECKINGFAILED);
-
- }
- }
- }
- } else {
- /* Check key usage and cert type based on certificate usage. */
- PKIX_CHECK(PKIX_PL_Cert_VerifyCertAndKeyType(cert, PKIX_TRUE,
- plContext),
- PKIX_CERTVERIFYCERTTYPEFAILED);
- }
-
- /* Remove Critical Extension OID from list */
- if (unresolvedCriticalExtensions != NULL) {
-
- PKIX_CHECK(pkix_List_Remove
- (unresolvedCriticalExtensions,
- (PKIX_PL_Object *) state->extKeyUsageOID,
- plContext),
- PKIX_LISTREMOVEFAILED);
-
- PKIX_CHECK(PKIX_PL_Cert_GetSubject
- (cert, &certSubjectName, plContext),
- PKIX_CERTGETSUBJECTFAILED);
-
- if (certSubjAltNames != NULL) {
- PKIX_CHECK(pkix_List_Remove
- (unresolvedCriticalExtensions,
- (PKIX_PL_Object *) state->subjAltNameOID,
- plContext),
- PKIX_LISTREMOVEFAILED);
- }
-
- }
-
-cleanup:
-
- PKIX_DECREF(name);
- PKIX_DECREF(nameConstraints);
- PKIX_DECREF(certSubjAltNames);
- PKIX_DECREF(certExtKeyUsageList);
- PKIX_DECREF(certSubjectName);
- PKIX_DECREF(state);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-
-}
-
-/*
- * FUNCTION: pkix_TargetCertChecker_Initialize
- * DESCRIPTION:
- *
- * Creates a new CertChainChecker and stores it at "pChecker", where it will
- * used by pkix_TargetCertChecker_Check to check that the final certificate
- * of a chain meets the criteria of the CertSelector pointed to by
- * "certSelector". The number of certs remaining in the chain, represented by
- * "certsRemaining" is used to initialize the checker's state.
- *
- * PARAMETERS:
- * "certSelector"
- * Address of CertSelector representing the criteria against which the
- * final certificate in a chain is to be matched. May be NULL.
- * "certsRemaining"
- * Number of certificates remaining in the chain.
- * "pChecker"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertChainChecker Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_TargetCertChecker_Initialize(
- PKIX_CertSelector *certSelector,
- PKIX_UInt32 certsRemaining,
- PKIX_CertChainChecker **pChecker,
- void *plContext)
-{
- pkix_TargetCertCheckerState *state = NULL;
-
- PKIX_ENTER(CERTCHAINCHECKER, "pkix_TargetCertChecker_Initialize");
- PKIX_NULLCHECK_ONE(pChecker);
-
- PKIX_CHECK(pkix_TargetCertCheckerState_Create
- (certSelector, certsRemaining, &state, plContext),
- PKIX_TARGETCERTCHECKERSTATECREATEFAILED);
-
- PKIX_CHECK(PKIX_CertChainChecker_Create
- (pkix_TargetCertChecker_Check,
- PKIX_FALSE,
- PKIX_FALSE,
- NULL,
- (PKIX_PL_Object *)state,
- pChecker,
- plContext),
- PKIX_CERTCHAINCHECKERCREATEFAILED);
-
-cleanup:
-
- PKIX_DECREF(state);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.h
deleted file mode 100755
index 0a888bade..000000000
--- a/security/nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.h
+++ /dev/null
@@ -1,80 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_targetcertchecker.h
- *
- * Header file for validate target cert function
- *
- */
-
-#ifndef _PKIX_TARGETCERTCHECKER_H
-#define _PKIX_TARGETCERTCHECKER_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct pkix_TargetCertCheckerState pkix_TargetCertCheckerState;
-
-struct pkix_TargetCertCheckerState {
- PKIX_CertSelector *certSelector;
- PKIX_List *pathToNameList;
- PKIX_List *extKeyUsageList; /* List of PKIX_PL_OID */
- PKIX_List *subjAltNameList;
- PKIX_Boolean subjAltNameMatchAll;
- PKIX_UInt32 certsRemaining;
- PKIX_PL_OID *extKeyUsageOID;
- PKIX_PL_OID *subjAltNameOID;
-};
-
-PKIX_Error *
-pkix_TargetCertChecker_Initialize(
- PKIX_CertSelector *certSelector,
- PKIX_UInt32 certsRemaining,
- PKIX_CertChainChecker **pChecker,
- void *plContext);
-
-PKIX_Error *
-pkix_TargetCertCheckerState_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_TARGETCERTCHECKER_H */
diff --git a/security/nss/lib/libpkix/pkix/config.mk b/security/nss/lib/libpkix/pkix/config.mk
deleted file mode 100755
index 6f3fb7b4b..000000000
--- a/security/nss/lib/libpkix/pkix/config.mk
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/libpkix/pkix/crlsel/Makefile b/security/nss/lib/libpkix/pkix/crlsel/Makefile
deleted file mode 100755
index a06b8bed4..000000000
--- a/security/nss/lib/libpkix/pkix/crlsel/Makefile
+++ /dev/null
@@ -1,81 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
diff --git a/security/nss/lib/libpkix/pkix/crlsel/config.mk b/security/nss/lib/libpkix/pkix/crlsel/config.mk
deleted file mode 100755
index 6f3fb7b4b..000000000
--- a/security/nss/lib/libpkix/pkix/crlsel/config.mk
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/libpkix/pkix/crlsel/manifest.mn b/security/nss/lib/libpkix/pkix/crlsel/manifest.mn
deleted file mode 100755
index 0679f260d..000000000
--- a/security/nss/lib/libpkix/pkix/crlsel/manifest.mn
+++ /dev/null
@@ -1,58 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../../../..
-
-EXPORTS = \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- pkix_comcrlselparams.h \
- pkix_crlselector.h \
- $(NULL)
-
-MODULE = nss
-
-CSRCS = \
- pkix_crlselector.c \
- pkix_comcrlselparams.c \
- $(NULL)
-
-REQUIRES = dbm
-
-LIBRARY_NAME = pkixcrlsel
-
diff --git a/security/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.c b/security/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.c
deleted file mode 100755
index 117d2a089..000000000
--- a/security/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.c
+++ /dev/null
@@ -1,859 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_comcrlselparams.c
- *
- * ComCRLSelParams Function Definitions
- *
- */
-
-#include "pkix_comcrlselparams.h"
-
-/* --ComCRLSelParams-Private-Functions------------------------------------ */
-
-/*
- * FUNCTION: pkix_ComCrlSelParams_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ComCRLSelParams_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_ComCRLSelParams *params = NULL;
-
- PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_COMCRLSELPARAMS_TYPE, plContext),
- PKIX_OBJECTNOTCOMCRLSELPARAMS);
-
- params = (PKIX_ComCRLSelParams *)object;
-
- PKIX_DECREF(params->issuerNames);
- PKIX_DECREF(params->cert);
- PKIX_DECREF(params->date);
- PKIX_DECREF(params->maxCRLNumber);
- PKIX_DECREF(params->minCRLNumber);
- PKIX_DECREF(params->crldpList);
-
-cleanup:
-
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-/*
- * FUNCTION: pkix_ComCRLSelParams_ToString_Helper
- * DESCRIPTION:
- *
- * Helper function that creates a string representation of ComCRLSelParams
- * pointed to by "crlParams" and stores the result at "pString".
- *
- * PARAMETERS
- * "crlParams"
- * Address of ComCRLSelParams whose string representation is desired.
- * Must be non-NULL.
- * "pString"
- * Address of object pointer's destination. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLEntry Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_ComCRLSelParams_ToString_Helper(
- PKIX_ComCRLSelParams *crlParams,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_String *crlIssuerNamesString = NULL;
- PKIX_PL_String *crlDateString = NULL;
- PKIX_PL_String *crlMaxCRLNumberString = NULL;
- PKIX_PL_String *crlMinCRLNumberString = NULL;
- PKIX_PL_String *crlCertString = NULL;
- PKIX_PL_String *crlParamsString = NULL;
- char *asciiFormat = NULL;
- PKIX_PL_String *formatString = NULL;
-
- PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_ToString_Helper");
- PKIX_NULLCHECK_TWO(crlParams, pString);
-
- asciiFormat =
- "\n\t[\n"
- "\tIssuerNames: %s\n"
- "\tDate: %s\n"
- "\tmaxCRLNumber: %s\n"
- "\tminCRLNumber: %s\n"
- "\tCertificate: %s\n"
- "\t]\n";
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- asciiFormat,
- 0,
- &formatString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- PKIX_TOSTRING
- (crlParams->issuerNames, &crlIssuerNamesString, plContext,
- PKIX_LISTTOSTRINGFAILED);
-
- PKIX_TOSTRING(crlParams->date, &crlDateString, plContext,
- PKIX_DATETOSTRINGFAILED);
-
- PKIX_TOSTRING
- (crlParams->maxCRLNumber, &crlMaxCRLNumberString, plContext,
- PKIX_BIGINTTOSTRINGFAILED);
-
- PKIX_TOSTRING
- (crlParams->minCRLNumber, &crlMinCRLNumberString, plContext,
- PKIX_BIGINTTOSTRINGFAILED);
-
- PKIX_TOSTRING(crlParams->cert, &crlCertString, plContext,
- PKIX_CERTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&crlParamsString,
- plContext,
- formatString,
- crlIssuerNamesString,
- crlDateString,
- crlMaxCRLNumberString,
- crlMinCRLNumberString,
- crlCertString),
- PKIX_SPRINTFFAILED);
-
- *pString = crlParamsString;
-
-cleanup:
-
- PKIX_DECREF(crlIssuerNamesString);
- PKIX_DECREF(crlDateString);
- PKIX_DECREF(crlMaxCRLNumberString);
- PKIX_DECREF(crlMinCRLNumberString);
- PKIX_DECREF(crlCertString);
- PKIX_DECREF(formatString);
-
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-/*
- * FUNCTION: pkix_ComCRLSelParams_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ComCRLSelParams_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_String *crlParamsString = NULL;
- PKIX_ComCRLSelParams *crlParams = NULL;
-
- PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_ToString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_COMCRLSELPARAMS_TYPE, plContext),
- PKIX_OBJECTNOTCOMCRLSELPARAMS);
-
- crlParams = (PKIX_ComCRLSelParams *) object;
-
- PKIX_CHECK(pkix_ComCRLSelParams_ToString_Helper
- (crlParams, &crlParamsString, plContext),
- PKIX_COMCRLSELPARAMSTOSTRINGHELPERFAILED);
-
- *pString = crlParamsString;
-
-cleanup:
-
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-/*
- * FUNCTION: pkix_ComCRLSelParams_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ComCRLSelParams_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_ComCRLSelParams *crlParams = NULL;
- PKIX_UInt32 namesHash = 0;
- PKIX_UInt32 certHash = 0;
- PKIX_UInt32 dateHash = 0;
- PKIX_UInt32 maxCRLNumberHash = 0;
- PKIX_UInt32 minCRLNumberHash = 0;
- PKIX_UInt32 hash = 0;
-
- PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_COMCRLSELPARAMS_TYPE, plContext),
- PKIX_OBJECTNOTCOMCRLSELPARAMS);
-
- crlParams = (PKIX_ComCRLSelParams *)object;
-
- PKIX_HASHCODE(crlParams->issuerNames, &namesHash, plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- PKIX_HASHCODE(crlParams->cert, &certHash, plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- PKIX_HASHCODE(crlParams->date, &dateHash, plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- PKIX_HASHCODE(crlParams->maxCRLNumber, &maxCRLNumberHash, plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- PKIX_HASHCODE(crlParams->minCRLNumber, &minCRLNumberHash, plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
-
- hash = (((namesHash << 3) + certHash) << 3) + dateHash;
- hash = (hash << 3) + maxCRLNumberHash + minCRLNumberHash;
-
- *pHashcode = hash;
-
-cleanup:
-
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-/*
- * FUNCTION: pkix_ComCRLSelParams_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ComCRLSelParams_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_ComCRLSelParams *firstCrlParams = NULL;
- PKIX_ComCRLSelParams *secondCrlParams = NULL;
- PKIX_UInt32 secondType;
- PKIX_Boolean cmpResult = PKIX_FALSE;
-
- PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- /* test that firstObject is a ComCRLSelParams */
- PKIX_CHECK(pkix_CheckType
- (firstObject, PKIX_COMCRLSELPARAMS_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTCOMCRLSELPARAMS);
-
- firstCrlParams = (PKIX_ComCRLSelParams *)firstObject;
- secondCrlParams = (PKIX_ComCRLSelParams *)secondObject;
-
- /*
- * Since we know firstObject is a ComCRLSelParams, if both references
- * are identical, they must be equal
- */
- if (firstCrlParams == secondCrlParams){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If secondComCRLSelParams isn't a ComCRLSelParams, we don't
- * throw an error. We simply return a Boolean result of FALSE
- */
- *pResult = PKIX_FALSE;
- PKIX_CHECK(PKIX_PL_Object_GetType
- ((PKIX_PL_Object *)secondCrlParams, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
-
- if (secondType != PKIX_COMCRLSELPARAMS_TYPE) {
- goto cleanup;
- }
-
- /* Compare Issuer Names */
- PKIX_EQUALS
- (firstCrlParams->issuerNames,
- secondCrlParams->issuerNames,
- &cmpResult,
- plContext,
- PKIX_LISTEQUALSFAILED);
-
- if (cmpResult != PKIX_TRUE) {
- goto cleanup;
- }
-
- /* Compare Date */
- PKIX_EQUALS
- (firstCrlParams->date,
- secondCrlParams->date,
- &cmpResult,
- plContext,
- PKIX_DATEEQUALSFAILED);
-
- if (cmpResult != PKIX_TRUE) {
- goto cleanup;
- }
-
- /* Compare Max CRL Number */
- PKIX_EQUALS
- (firstCrlParams->maxCRLNumber,
- secondCrlParams->maxCRLNumber,
- &cmpResult,
- plContext,
- PKIX_BIGINTEQUALSFAILED);
-
- if (cmpResult != PKIX_TRUE) {
- goto cleanup;
- }
-
- /* Compare Min CRL Number */
- PKIX_EQUALS
- (firstCrlParams->minCRLNumber,
- secondCrlParams->minCRLNumber,
- &cmpResult,
- plContext,
- PKIX_BIGINTEQUALSFAILED);
-
- if (cmpResult != PKIX_TRUE) {
- goto cleanup;
- }
-
- /* Compare Cert */
- PKIX_EQUALS
- (firstCrlParams->cert,
- secondCrlParams->cert,
- &cmpResult,
- plContext,
- PKIX_CERTEQUALSFAILED);
-
- *pResult = cmpResult;
-
-cleanup:
-
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-/*
- * FUNCTION: pkix_ComCRLSelParams_Duplicate
- * (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ComCRLSelParams_Duplicate(
- PKIX_PL_Object *object,
- PKIX_PL_Object **pNewObject,
- void *plContext)
-{
- PKIX_ComCRLSelParams *old;
- PKIX_ComCRLSelParams *new;
-
- PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_Duplicate");
- PKIX_NULLCHECK_TWO(object, pNewObject);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_COMCRLSELPARAMS_TYPE, plContext),
- PKIX_OBJECTNOTCOMCRLSELPARAMS);
-
- old = (PKIX_ComCRLSelParams *)object;
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_COMCRLSELPARAMS_TYPE,
- (PKIX_UInt32)(sizeof (PKIX_ComCRLSelParams)),
- (PKIX_PL_Object **)&new,
- plContext),
- PKIX_OBJECTALLOCFAILED);
-
- PKIX_DUPLICATE(old->cert, &new->cert, plContext,
- PKIX_OBJECTDUPLICATECERTFAILED);
-
- PKIX_DUPLICATE(old->crldpList, &new->crldpList, plContext,
- PKIX_OBJECTDUPLICATECERTFAILED);
-
- PKIX_DUPLICATE(old->issuerNames, &new->issuerNames, plContext,
- PKIX_OBJECTDUPLICATEISSUERNAMESFAILED);
-
- PKIX_DUPLICATE(old->date, &new->date, plContext,
- PKIX_OBJECTDUPLICATEDATEFAILED);
-
- PKIX_DUPLICATE(old->maxCRLNumber, &new->maxCRLNumber, plContext,
- PKIX_OBJECTDUPLICATEMAXCRLNUMBERFAILED);
-
- PKIX_DUPLICATE(old->minCRLNumber, &new->minCRLNumber, plContext,
- PKIX_OBJECTDUPLICATEMINCRLNUMBERFAILED);
-
- *pNewObject = (PKIX_PL_Object *)new;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(new);
- }
-
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-/*
- * FUNCTION: pkix_ComCrlSelParams_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_COMCRLSELPARAMS_TYPE and its related functions with
- * systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_ComCRLSelParams_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_RegisterSelf");
-
- entry.description = "ComCRLSelParams";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_ComCRLSelParams);
- entry.destructor = pkix_ComCRLSelParams_Destroy;
- entry.equalsFunction = pkix_ComCRLSelParams_Equals;
- entry.hashcodeFunction = pkix_ComCRLSelParams_Hashcode;
- entry.toStringFunction = pkix_ComCRLSelParams_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_ComCRLSelParams_Duplicate;
-
- systemClasses[PKIX_COMCRLSELPARAMS_TYPE] = entry;
-
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-/* --ComCRLSelParams-Public-Functions------------------------------------- */
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_Create (see comments in pkix_crlsel.h)
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_Create(
- PKIX_ComCRLSelParams **pParams,
- void *plContext)
-{
- PKIX_ComCRLSelParams *params = NULL;
-
- PKIX_ENTER(COMCRLSELPARAMS, "PKIX_ComCRLSelParams_Create");
- PKIX_NULLCHECK_ONE(pParams);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_COMCRLSELPARAMS_TYPE,
- sizeof (PKIX_ComCRLSelParams),
- (PKIX_PL_Object **)&params,
- plContext),
- PKIX_COULDNOTCREATECOMMONCRLSELECTORPARAMSOBJECT);
-
- /* initialize fields */
- params->issuerNames = NULL;
- params->cert = NULL;
- params->crldpList = NULL;
- params->date = NULL;
- params->nistPolicyEnabled = PKIX_TRUE;
- params->maxCRLNumber = NULL;
- params->minCRLNumber = NULL;
-
- *pParams = params;
-
-cleanup:
-
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetIssuerNames (see comments in pkix_crlsel.h)
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetIssuerNames(
- PKIX_ComCRLSelParams *params,
- PKIX_List **pIssuerNames,
- void *plContext)
-{
- PKIX_ENTER(COMCRLSELPARAMS, "PKIX_ComCRLSelParams_GetIssuerNames");
- PKIX_NULLCHECK_TWO(params, pIssuerNames);
-
- PKIX_INCREF(params->issuerNames);
-
- *pIssuerNames = params->issuerNames;
-
-cleanup:
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetIssuerNames (see comments in pkix_crlsel.h)
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetIssuerNames(
- PKIX_ComCRLSelParams *params,
- PKIX_List *names,
- void *plContext)
-{
- PKIX_ENTER(COMCRLSELPARAMS, "PKIX_ComCRLSelParams_SetIssuerNames");
- PKIX_NULLCHECK_ONE(params); /* allows null for names from spec */
-
- PKIX_DECREF(params->issuerNames);
-
- PKIX_INCREF(names); /* if NULL, allows to reset for no action */
-
- params->issuerNames = names;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_AddIssuerName (see comments in pkix_crlsel.h)
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_AddIssuerName(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_X500Name *name,
- void *plContext)
-{
- PKIX_List *list = NULL;
-
- PKIX_ENTER(COMCRLSELPARAMS, "PKIX_ComCRLSelParams_AddIssuerName");
- PKIX_NULLCHECK_ONE(params);
-
- if (name != NULL) {
-
- if (params->issuerNames == NULL) {
-
- PKIX_CHECK(PKIX_List_Create(&list, plContext),
- PKIX_LISTCREATEFAILED);
- params->issuerNames = list;
- }
-
- PKIX_CHECK(PKIX_List_AppendItem
- (params->issuerNames, (PKIX_PL_Object *)name, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
- }
-
-cleanup:
-
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetCertificateChecking
- * (see comments in pkix_crlsel.h)
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetCertificateChecking(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_Cert **pCert,
- void *plContext)
-{
- PKIX_ENTER(COMCRLSELPARAMS,
- "PKIX_ComCRLSelParams_GetCertificateChecking");
- PKIX_NULLCHECK_TWO(params, pCert);
-
- PKIX_INCREF(params->cert);
-
- *pCert = params->cert;
-
-cleanup:
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetCertificateChecking
- * (see comments in pkix_crlsel.h)
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetCertificateChecking(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_Cert *cert,
- void *plContext)
-{
- PKIX_ENTER(COMCRLSELPARAMS,
- "PKIX_ComCRLSelParams_SetCertificateChecking");
- PKIX_NULLCHECK_ONE(params); /* allows cert to be NULL from spec */
-
- PKIX_DECREF(params->cert);
-
- PKIX_INCREF(cert);
-
- params->cert = cert;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetDateAndTime (see comments in pkix_crlsel.h)
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetDateAndTime(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_Date **pDate,
- void *plContext)
-{
- PKIX_ENTER(COMCRLSELPARAMS,
- "PKIX_ComCRLSelParams_GetDateAndTime");
- PKIX_NULLCHECK_TWO(params, pDate);
-
- PKIX_INCREF(params->date);
-
- *pDate = params->date;
-
-cleanup:
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetDateAndTime (see comments in pkix_crlsel.h)
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetDateAndTime(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_Date *date,
- void *plContext)
-{
- PKIX_ENTER(COMCRLSELPARAMS,
- "PKIX_ComCRLSelParams_SetDateAndTime");
- PKIX_NULLCHECK_ONE(params); /* allows date to be NULL from spec */
-
- PKIX_DECREF (params->date);
-
- PKIX_INCREF(date);
-
- params->date = date;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetDateAndTime (see comments in pkix_crlsel.h)
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetNISTPolicyEnabled(
- PKIX_ComCRLSelParams *params,
- PKIX_Boolean *pEnabled,
- void *plContext)
-{
- PKIX_ENTER(COMCRLSELPARAMS,
- "PKIX_ComCRLSelParams_GetNISTPolicyEnabled");
- PKIX_NULLCHECK_TWO(params, pEnabled);
-
- *pEnabled = params->nistPolicyEnabled;
-
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetDateAndTime (see comments in pkix_crlsel.h)
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetNISTPolicyEnabled(
- PKIX_ComCRLSelParams *params,
- PKIX_Boolean enabled,
- void *plContext)
-{
- PKIX_ENTER(COMCRLSELPARAMS,
- "PKIX_ComCRLSelParams_SetNISTPolicyEnabled");
- PKIX_NULLCHECK_ONE(params); /* allows date to be NULL from spec */
-
- params->nistPolicyEnabled = enabled;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetMaxCRLNumber
- * (see comments in pkix_crlsel.h)
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetMaxCRLNumber(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_BigInt **pMaxCRLNumber,
- void *plContext)
-{
- PKIX_ENTER(COMCRLSELPARAMS,
- "PKIX_ComCRLSelParams_GetMaxCRLNumber");
- PKIX_NULLCHECK_TWO(params, pMaxCRLNumber);
-
- PKIX_INCREF(params->maxCRLNumber);
-
- *pMaxCRLNumber = params->maxCRLNumber;
-
-cleanup:
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetMaxCRLNumber
- * (see comments in pkix_crlsel.h)
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetMaxCRLNumber(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_BigInt *maxCRLNumber,
- void *plContext)
-{
- PKIX_ENTER(COMCRLSELPARAMS,
- "PKIX_ComCRLSelParams_SetMaxCRLNumber");
- PKIX_NULLCHECK_ONE(params); /* maxCRLNumber can be NULL - from spec */
-
- PKIX_DECREF(params->maxCRLNumber);
-
- PKIX_INCREF(maxCRLNumber);
-
- params->maxCRLNumber = maxCRLNumber;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_GetMinCRLNumber
- * (see comments in pkix_crlsel.h)
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_GetMinCRLNumber(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_BigInt **pMinCRLNumber,
- void *plContext)
-{
- PKIX_ENTER(COMCRLSELPARAMS,
- "PKIX_ComCRLSelParams_GetMinCRLNumber");
- PKIX_NULLCHECK_TWO(params, pMinCRLNumber);
-
- PKIX_INCREF(params->minCRLNumber);
-
- *pMinCRLNumber = params->minCRLNumber;
-
-cleanup:
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ComCRLSelParams_SetMinCRLNumber
- * (see comments in pkix_crlsel.h)
- */
-PKIX_Error *
-PKIX_ComCRLSelParams_SetMinCRLNumber(
- PKIX_ComCRLSelParams *params,
- PKIX_PL_BigInt *minCRLNumber,
- void *plContext)
-{
- PKIX_ENTER(COMCRLSELPARAMS,
- "PKIX_ComCRLSelParams_SetMinCRLNumber");
- PKIX_NULLCHECK_ONE(params); /* minCRLNumber can be NULL - from spec */
-
- PKIX_DECREF(params->minCRLNumber);
-
- PKIX_INCREF(minCRLNumber);
-
- params->minCRLNumber = minCRLNumber;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(COMCRLSELPARAMS);
-}
-
-
-PKIX_Error*
-PKIX_ComCRLSelParams_SetCrlDp(
- PKIX_ComCRLSelParams *params,
- PKIX_List *crldpList,
- void *plContext)
-{
- PKIX_ENTER(COMCRLSELPARAMS, "PKIX_ComCRLSelParams_SetCrlDp");
- PKIX_NULLCHECK_ONE(params); /* minCRLNumber can be NULL - from spec */
-
- PKIX_INCREF(crldpList);
- params->crldpList = crldpList;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-cleanup:
-
- PKIX_RETURN(COMCRLSELPARAMS);
-}
diff --git a/security/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.h b/security/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.h
deleted file mode 100755
index a6880949f..000000000
--- a/security/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.h
+++ /dev/null
@@ -1,71 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_comcrlselparams.h
- *
- * ComCrlSelParams Object Type Definition
- *
- */
-
-#ifndef _PKIX_COMCRLSELPARAMS_H
-#define _PKIX_COMCRLSELPARAMS_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_ComCRLSelParamsStruct {
- PKIX_List *issuerNames; /* list of PKIX_PL_X500Name */
- PKIX_PL_Cert *cert; /* certificate being checked */
- PKIX_List *crldpList;
- PKIX_PL_Date *date;
- PKIX_Boolean nistPolicyEnabled;
- PKIX_PL_BigInt *maxCRLNumber;
- PKIX_PL_BigInt *minCRLNumber;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_ComCRLSelParams_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_COMCRLSELPARAMS_H */
diff --git a/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c b/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c
deleted file mode 100755
index 89a2dce53..000000000
--- a/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c
+++ /dev/null
@@ -1,903 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_crlselector.c
- *
- * CRLSelector Function Definitions
- *
- */
-
-#include "pkix_crlselector.h"
-
-/* --CRLSelector Private-Functions-------------------------------------- */
-
-/*
- * FUNCTION: pkix_CRLSelector_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_CRLSelector_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_CRLSelector *selector = NULL;
-
- PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext),
- PKIX_OBJECTNOTCRLSELECTOR);
-
- selector = (PKIX_CRLSelector *)object;
-
- selector->matchCallback = NULL;
-
- PKIX_DECREF(selector->params);
- PKIX_DECREF(selector->context);
-
-cleanup:
-
- PKIX_RETURN(CRLSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CRLSelector_ToString_Helper
- *
- * DESCRIPTION:
- * Helper function that creates a string representation of CRLSelector
- * pointed to by "crlParams" and stores its address in the object pointed to
- * by "pString".
- *
- * PARAMETERS
- * "list"
- * Address of CRLSelector whose string representation is desired.
- * Must be non-NULL.
- * "pString"
- * Address of object pointer's destination. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_CRLSelector_ToString_Helper(
- PKIX_CRLSelector *crlSelector,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_String *crlSelectorString = NULL;
- PKIX_PL_String *formatString = NULL;
- PKIX_PL_String *crlParamsString = NULL;
- PKIX_PL_String *crlContextString = NULL;
- char *asciiFormat = NULL;
-
- PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_ToString_Helper");
- PKIX_NULLCHECK_TWO(crlSelector, pString);
- PKIX_NULLCHECK_ONE(crlSelector->params);
-
- asciiFormat =
- "\n\t[\n"
- "\tMatchCallback: 0x%x\n"
- "\tParams: %s\n"
- "\tContext: %s\n"
- "\t]\n";
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- asciiFormat,
- 0,
- &formatString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- /* Params */
- PKIX_TOSTRING
- ((PKIX_PL_Object *)crlSelector->params,
- &crlParamsString,
- plContext,
- PKIX_COMCRLSELPARAMSTOSTRINGFAILED);
-
- /* Context */
- PKIX_TOSTRING(crlSelector->context, &crlContextString, plContext,
- PKIX_LISTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&crlSelectorString,
- plContext,
- formatString,
- crlSelector->matchCallback,
- crlParamsString,
- crlContextString),
- PKIX_SPRINTFFAILED);
-
- *pString = crlSelectorString;
-
-cleanup:
-
- PKIX_DECREF(crlParamsString);
- PKIX_DECREF(crlContextString);
- PKIX_DECREF(formatString);
-
- PKIX_RETURN(CRLSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CRLSelector_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_CRLSelector_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_String *crlSelectorString = NULL;
- PKIX_CRLSelector *crlSelector = NULL;
-
- PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_ToString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext),
- PKIX_OBJECTNOTCRLSELECTOR);
-
- crlSelector = (PKIX_CRLSelector *) object;
-
- PKIX_CHECK(pkix_CRLSelector_ToString_Helper
- (crlSelector, &crlSelectorString, plContext),
- PKIX_CRLSELECTORTOSTRINGHELPERFAILED);
-
- *pString = crlSelectorString;
-
-cleanup:
-
- PKIX_RETURN(CRLSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CRLSelector_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_CRLSelector_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_UInt32 paramsHash = 0;
- PKIX_UInt32 contextHash = 0;
- PKIX_UInt32 hash = 0;
-
- PKIX_CRLSelector *crlSelector = NULL;
-
- PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext),
- PKIX_OBJECTNOTCRLSELECTOR);
-
- crlSelector = (PKIX_CRLSelector *)object;
-
- PKIX_HASHCODE(crlSelector->params, &paramsHash, plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- PKIX_HASHCODE(crlSelector->context, &contextHash, plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- hash = 31 * ((PKIX_UInt32)crlSelector->matchCallback +
- (contextHash << 3)) + paramsHash;
-
- *pHashcode = hash;
-
-cleanup:
-
- PKIX_RETURN(CRLSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CRLSelector_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_CRLSelector_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_CRLSelector *firstCrlSelector = NULL;
- PKIX_CRLSelector *secondCrlSelector = NULL;
- PKIX_UInt32 secondType;
- PKIX_Boolean cmpResult = PKIX_FALSE;
-
- PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- /* test that firstObject is a CRLSelector */
- PKIX_CHECK(pkix_CheckType
- (firstObject, PKIX_CRLSELECTOR_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTCRLSELECTOR);
-
- firstCrlSelector = (PKIX_CRLSelector *)firstObject;
- secondCrlSelector = (PKIX_CRLSelector *)secondObject;
-
- /*
- * Since we know firstObject is a CRLSelector, if both references are
- * identical, they must be equal
- */
- if (firstCrlSelector == secondCrlSelector){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If secondCRLSelector isn't a CRLSelector, we don't throw an error.
- * We simply return a Boolean result of FALSE
- */
- *pResult = PKIX_FALSE;
- PKIX_CHECK(PKIX_PL_Object_GetType
- ((PKIX_PL_Object *)secondCrlSelector,
- &secondType,
- plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
-
- if (secondType != PKIX_CRLSELECTOR_TYPE) {
- goto cleanup;
- }
-
- /* Compare MatchCallback address */
- cmpResult = (firstCrlSelector->matchCallback ==
- secondCrlSelector->matchCallback);
-
- if (cmpResult == PKIX_FALSE) {
- goto cleanup;
- }
-
- /* Compare Common CRL Selector Params */
- PKIX_EQUALS
- (firstCrlSelector->params,
- secondCrlSelector->params,
- &cmpResult,
- plContext,
- PKIX_COMCRLSELPARAMSEQUALSFAILED);
-
-
- if (cmpResult == PKIX_FALSE) {
- goto cleanup;
- }
-
- /* Compare Context */
- PKIX_EQUALS
- (firstCrlSelector->context,
- secondCrlSelector->context,
- &cmpResult,
- plContext,
- PKIX_COMCRLSELPARAMSEQUALSFAILED);
-
- *pResult = cmpResult;
-
-cleanup:
-
- PKIX_RETURN(CRLSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CRLSelector_Duplicate
- * (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_CRLSelector_Duplicate(
- PKIX_PL_Object *object,
- PKIX_PL_Object **pNewObject,
- void *plContext)
-{
- PKIX_CRLSelector *old;
- PKIX_CRLSelector *new;
-
- PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Duplicate");
- PKIX_NULLCHECK_TWO(object, pNewObject);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_CRLSELECTOR_TYPE, plContext),
- PKIX_OBJECTNOTCRLSELECTOR);
-
- old = (PKIX_CRLSelector *)object;
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_CRLSELECTOR_TYPE,
- (PKIX_UInt32)(sizeof (PKIX_CRLSelector)),
- (PKIX_PL_Object **)&new,
- plContext),
- PKIX_CREATECRLSELECTORDUPLICATEOBJECTFAILED);
-
- new->matchCallback = old->matchCallback;
-
- PKIX_DUPLICATE(old->params, &new->params, plContext,
- PKIX_OBJECTDUPLICATEPARAMSFAILED);
-
- PKIX_DUPLICATE(old->context, &new->context, plContext,
- PKIX_OBJECTDUPLICATECONTEXTFAILED);
-
- *pNewObject = (PKIX_PL_Object *)new;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(new);
- }
-
- PKIX_RETURN(CRLSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CRLSelector_DefaultMatch
- *
- * DESCRIPTION:
- * This function compares the parameter values (Issuer, date, and CRL number)
- * set in the ComCRLSelParams of the CRLSelector pointed to by "selector" with
- * the corresponding values in the CRL pointed to by "crl". When all the
- * criteria set in the parameter values match the values in "crl", PKIX_TRUE is
- * stored at "pMatch". If the CRL does not match the CRLSelector's criteria,
- * PKIX_FALSE is stored at "pMatch".
- *
- * PARAMETERS
- * "selector"
- * Address of CRLSelector which is verified for a match
- * Must be non-NULL.
- * "crl"
- * Address of the CRL object to be verified. Must be non-NULL.
- * "pMatch"
- * Address at which Boolean result is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_CRLSelector_DefaultMatch(
- PKIX_CRLSelector *selector,
- PKIX_PL_CRL *crl,
- PKIX_Boolean *pMatch,
- void *plContext)
-{
- PKIX_ComCRLSelParams *params = NULL;
- PKIX_PL_X500Name *crlIssuerName = NULL;
- PKIX_PL_X500Name *issuerName = NULL;
- PKIX_List *selIssuerNames = NULL;
- PKIX_PL_Date *selDate = NULL;
- PKIX_Boolean result = PKIX_TRUE;
- PKIX_UInt32 numIssuers = 0;
- PKIX_UInt32 i;
- PKIX_PL_BigInt *minCRLNumber = NULL;
- PKIX_PL_BigInt *maxCRLNumber = NULL;
- PKIX_PL_BigInt *crlNumber = NULL;
- PKIX_Boolean nistPolicyEnabled = PKIX_FALSE;
-
- PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_DefaultMatch");
- PKIX_NULLCHECK_TWO(selector, crl);
-
- *pMatch = PKIX_TRUE;
- params = selector->params;
-
- /* No matching parameter provided, just a match */
- if (params == NULL) {
- goto cleanup;
- }
-
- PKIX_CHECK(PKIX_ComCRLSelParams_GetIssuerNames
- (params, &selIssuerNames, plContext),
- PKIX_COMCRLSELPARAMSGETISSUERNAMESFAILED);
-
- /* Check for Issuers */
- if (selIssuerNames != NULL){
-
- result = PKIX_FALSE;
-
- PKIX_CHECK(PKIX_PL_CRL_GetIssuer
- (crl, &crlIssuerName, plContext),
- PKIX_CRLGETISSUERFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength
- (selIssuerNames, &numIssuers, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (i = 0; i < numIssuers; i++){
-
- PKIX_CHECK(PKIX_List_GetItem
- (selIssuerNames,
- i,
- (PKIX_PL_Object **)&issuerName,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(PKIX_PL_X500Name_Match
- (crlIssuerName,
- issuerName,
- &result,
- plContext),
- PKIX_X500NAMEMATCHFAILED);
-
- PKIX_DECREF(issuerName);
-
- if (result == PKIX_TRUE) {
- break;
- }
- }
-
- if (result == PKIX_FALSE) {
- PKIX_CRLSELECTOR_DEBUG("Issuer Match Failed\N");
- *pMatch = PKIX_FALSE;
- goto cleanup;
- }
-
- }
-
- PKIX_CHECK(PKIX_ComCRLSelParams_GetDateAndTime
- (params, &selDate, plContext),
- PKIX_COMCRLSELPARAMSGETDATEANDTIMEFAILED);
-
- /* Check for Date */
- if (selDate != NULL){
-
- PKIX_CHECK(PKIX_ComCRLSelParams_GetNISTPolicyEnabled
- (params, &nistPolicyEnabled, plContext),
- PKIX_COMCRLSELPARAMSGETNISTPOLICYENABLEDFAILED);
-
- /* check crl dates only for if NIST policies enforced */
- if (nistPolicyEnabled) {
- result = PKIX_FALSE;
-
- PKIX_CHECK(PKIX_PL_CRL_VerifyUpdateTime
- (crl, selDate, &result, plContext),
- PKIX_CRLVERIFYUPDATETIMEFAILED);
-
- if (result == PKIX_FALSE) {
- *pMatch = PKIX_FALSE;
- goto cleanup;
- }
- }
-
- }
-
- /* Check for CRL number in range */
- PKIX_CHECK(PKIX_PL_CRL_GetCRLNumber(crl, &crlNumber, plContext),
- PKIX_CRLGETCRLNUMBERFAILED);
-
- if (crlNumber != NULL) {
- result = PKIX_FALSE;
-
- PKIX_CHECK(PKIX_ComCRLSelParams_GetMinCRLNumber
- (params, &minCRLNumber, plContext),
- PKIX_COMCRLSELPARAMSGETMINCRLNUMBERFAILED);
-
- if (minCRLNumber != NULL) {
-
- PKIX_CHECK(PKIX_PL_Object_Compare
- ((PKIX_PL_Object *)minCRLNumber,
- (PKIX_PL_Object *)crlNumber,
- &result,
- plContext),
- PKIX_OBJECTCOMPARATORFAILED);
-
- if (result == 1) {
- PKIX_CRLSELECTOR_DEBUG
- ("CRL MinNumber Range Match Failed\n");
- *pMatch = PKIX_FALSE;
- goto cleanup;
- }
- }
-
- PKIX_CHECK(PKIX_ComCRLSelParams_GetMaxCRLNumber
- (params, &maxCRLNumber, plContext),
- PKIX_COMCRLSELPARAMSGETMAXCRLNUMBERFAILED);
-
- if (maxCRLNumber != NULL) {
-
- PKIX_CHECK(PKIX_PL_Object_Compare
- ((PKIX_PL_Object *)crlNumber,
- (PKIX_PL_Object *)maxCRLNumber,
- &result,
- plContext),
- PKIX_OBJECTCOMPARATORFAILED);
-
- if (result == 1) {
- PKIX_CRLSELECTOR_DEBUG
- (PKIX_CRLMAXNUMBERRANGEMATCHFAILED);
- *pMatch = PKIX_FALSE;
- goto cleanup;
- }
- }
- }
-
-cleanup:
-
- PKIX_DECREF(selIssuerNames);
- PKIX_DECREF(selDate);
- PKIX_DECREF(crlIssuerName);
- PKIX_DECREF(issuerName);
- PKIX_DECREF(crlNumber);
- PKIX_DECREF(minCRLNumber);
- PKIX_DECREF(maxCRLNumber);
-
- PKIX_RETURN(CRLSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CRLSelector_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_CRLSELECTOR_TYPE and its related functions with
- * systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_CRLSelector_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_RegisterSelf");
-
- entry.description = "CRLSelector";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_CRLSelector);
- entry.destructor = pkix_CRLSelector_Destroy;
- entry.equalsFunction = pkix_CRLSelector_Equals;
- entry.hashcodeFunction = pkix_CRLSelector_Hashcode;
- entry.toStringFunction = pkix_CRLSelector_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_CRLSelector_Duplicate;
-
- systemClasses[PKIX_CRLSELECTOR_TYPE] = entry;
-
- PKIX_RETURN(CRLSELECTOR);
-}
-
-/* --CRLSelector-Public-Functions---------------------------------------- */
-PKIX_Error *
-pkix_CRLSelector_Create(
- PKIX_CRLSelector_MatchCallback callback,
- PKIX_PL_Object *crlSelectorContext,
- PKIX_CRLSelector **pSelector,
- void *plContext)
-{
- PKIX_CRLSelector *selector = NULL;
-
- PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_Create");
- PKIX_NULLCHECK_ONE(pSelector);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_CRLSELECTOR_TYPE,
- sizeof (PKIX_CRLSelector),
- (PKIX_PL_Object **)&selector,
- plContext),
- PKIX_COULDNOTCREATECRLSELECTOROBJECT);
-
- /*
- * if user specified a particular match callback, we use that one.
- * otherwise, we use the default match provided.
- */
-
- if (callback != NULL){
- selector->matchCallback = callback;
- } else {
- selector->matchCallback = pkix_CRLSelector_DefaultMatch;
- }
-
- /* initialize other fields */
- selector->params = NULL;
-
- PKIX_INCREF(crlSelectorContext);
- selector->context = crlSelectorContext;
-
- *pSelector = selector;
- selector = NULL;
-
-cleanup:
-
- PKIX_DECREF(selector);
-
- PKIX_RETURN(CRLSELECTOR);
-}
-
-/*
- * FUNCTION: PKIX_CRLSelector_Create (see comments in pkix_crlsel.h)
- */
-PKIX_Error *
-PKIX_CRLSelector_Create(
- PKIX_PL_Cert *issuer,
- PKIX_List *crldpList,
- PKIX_PL_Date *date,
- PKIX_CRLSelector **pCrlSelector,
- void *plContext)
-{
- PKIX_PL_X500Name *issuerName = NULL;
- PKIX_PL_Date *nowDate = NULL;
- PKIX_ComCRLSelParams *comCrlSelParams = NULL;
- PKIX_CRLSelector *crlSelector = NULL;
-
- PKIX_ENTER(CERTCHAINCHECKER, "PKIX_CrlSelector_Create");
- PKIX_NULLCHECK_ONE(issuer);
-
- PKIX_CHECK(
- PKIX_PL_Cert_GetSubject(issuer, &issuerName, plContext),
- PKIX_CERTGETISSUERFAILED);
-
- if (date != NULL) {
- PKIX_INCREF(date);
- nowDate = date;
- } else {
- PKIX_CHECK(
- PKIX_PL_Date_Create_UTCTime(NULL, &nowDate, plContext),
- PKIX_DATECREATEUTCTIMEFAILED);
- }
-
- PKIX_CHECK(
- PKIX_ComCRLSelParams_Create(&comCrlSelParams, plContext),
- PKIX_COMCRLSELPARAMSCREATEFAILED);
-
- PKIX_CHECK(
- PKIX_ComCRLSelParams_AddIssuerName(comCrlSelParams, issuerName,
- plContext),
- PKIX_COMCRLSELPARAMSADDISSUERNAMEFAILED);
-
- PKIX_CHECK(
- PKIX_ComCRLSelParams_SetCrlDp(comCrlSelParams, crldpList,
- plContext),
- PKIX_COMCRLSELPARAMSSETCERTFAILED);
-
- PKIX_CHECK(
- PKIX_ComCRLSelParams_SetDateAndTime(comCrlSelParams, nowDate,
- plContext),
- PKIX_COMCRLSELPARAMSSETDATEANDTIMEFAILED);
-
- PKIX_CHECK(
- pkix_CRLSelector_Create(NULL, NULL, &crlSelector, plContext),
- PKIX_CRLSELECTORCREATEFAILED);
-
- PKIX_CHECK(
- PKIX_CRLSelector_SetCommonCRLSelectorParams(crlSelector,
- comCrlSelParams,
- plContext),
- PKIX_CRLSELECTORSETCOMMONCRLSELECTORPARAMSFAILED);
-
- *pCrlSelector = crlSelector;
- crlSelector = NULL;
-
-cleanup:
-
- PKIX_DECREF(issuerName);
- PKIX_DECREF(nowDate);
- PKIX_DECREF(comCrlSelParams);
- PKIX_DECREF(crlSelector);
-
- PKIX_RETURN(CERTCHAINCHECKER);
-}
-
-/*
- * FUNCTION: PKIX_CRLSelector_GetMatchCallback (see comments in pkix_crlsel.h)
- */
-PKIX_Error *
-PKIX_CRLSelector_GetMatchCallback(
- PKIX_CRLSelector *selector,
- PKIX_CRLSelector_MatchCallback *pCallback,
- void *plContext)
-{
- PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetMatchCallback");
- PKIX_NULLCHECK_TWO(selector, pCallback);
-
- *pCallback = selector->matchCallback;
-
- PKIX_RETURN(CRLSELECTOR);
-}
-
-
-/*
- * FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext
- * (see comments in pkix_crlsel.h)
- */
-PKIX_Error *
-PKIX_CRLSelector_GetCRLSelectorContext(
- PKIX_CRLSelector *selector,
- void **pCrlSelectorContext,
- void *plContext)
-{
- PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetCRLSelectorContext");
- PKIX_NULLCHECK_TWO(selector, pCrlSelectorContext);
-
- PKIX_INCREF(selector->context);
-
- *pCrlSelectorContext = selector->context;
-
-cleanup:
- PKIX_RETURN(CRLSELECTOR);
-}
-
-/*
- * FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams
- * (see comments in pkix_crlsel.h)
- */
-PKIX_Error *
-PKIX_CRLSelector_GetCommonCRLSelectorParams(
- PKIX_CRLSelector *selector,
- PKIX_ComCRLSelParams **pParams,
- void *plContext)
-{
- PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetCommonCRLSelectorParams");
- PKIX_NULLCHECK_TWO(selector, pParams);
-
- PKIX_INCREF(selector->params);
-
- *pParams = selector->params;
-
-cleanup:
- PKIX_RETURN(CRLSELECTOR);
-}
-
-/*
- * FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams
- * (see comments in pkix_crlsel.h)
- */
-PKIX_Error *
-PKIX_CRLSelector_SetCommonCRLSelectorParams(
- PKIX_CRLSelector *selector,
- PKIX_ComCRLSelParams *params,
- void *plContext)
-{
- PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_SetCommonCRLSelectorParams");
- PKIX_NULLCHECK_TWO(selector, params);
-
- PKIX_DECREF(selector->params);
-
- PKIX_INCREF(params);
- selector->params = params;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)selector, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(CRLSELECTOR);
-}
-
-/*
- * FUNCTION: pkix_CRLSelector_Select
- * DESCRIPTION:
- *
- * This function applies the selector pointed to by "selector" to each CRL,
- * in turn, in the List pointed to by "before", and creates a List containing
- * all the CRLs that matched, or passed the selection process, storing that
- * List at "pAfter". If no CRLs match, an empty List is stored at "pAfter".
- *
- * The List returned in "pAfter" is immutable.
- *
- * PARAMETERS:
- * "selector"
- * Address of CRLSelelector to be applied to the List. Must be non-NULL.
- * "before"
- * Address of List that is to be filtered. Must be non-NULL.
- * "pAfter"
- * Address at which resulting List, possibly empty, is stored. Must be
- * non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLSelector Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_CRLSelector_Select(
- PKIX_CRLSelector *selector,
- PKIX_List *before,
- PKIX_List **pAfter,
- void *plContext)
-{
- PKIX_Boolean match = PKIX_FALSE;
- PKIX_UInt32 numBefore = 0;
- PKIX_UInt32 i = 0;
- PKIX_List *filtered = NULL;
- PKIX_PL_CRL *candidate = NULL;
-
- PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_Select");
- PKIX_NULLCHECK_THREE(selector, before, pAfter);
-
- PKIX_CHECK(PKIX_List_Create(&filtered, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength(before, &numBefore, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (i = 0; i < numBefore; i++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (before, i, (PKIX_PL_Object **)&candidate, plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK_ONLY_FATAL(selector->matchCallback
- (selector, candidate, &match, plContext),
- PKIX_CRLSELECTORMATCHCALLBACKFAILED);
-
- if (!(PKIX_ERROR_RECEIVED) && match == PKIX_TRUE) {
-
- PKIX_CHECK_ONLY_FATAL(PKIX_List_AppendItem
- (filtered,
- (PKIX_PL_Object *)candidate,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- }
-
- pkixTempErrorReceived = PKIX_FALSE;
- PKIX_DECREF(candidate);
- }
-
- PKIX_CHECK(PKIX_List_SetImmutable(filtered, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- /* Don't throw away the list if one CRL was bad! */
- pkixTempErrorReceived = PKIX_FALSE;
-
- *pAfter = filtered;
- filtered = NULL;
-
-cleanup:
-
- PKIX_DECREF(filtered);
- PKIX_DECREF(candidate);
-
- PKIX_RETURN(CRLSELECTOR);
-
-}
diff --git a/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.h b/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.h
deleted file mode 100755
index 08e72a45f..000000000
--- a/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_crlselector.h
- *
- * CrlSelector Object Type Definition
- *
- */
-
-#ifndef _PKIX_CRLSELECTOR_H
-#define _PKIX_CRLSELECTOR_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_CRLSelectorStruct {
- PKIX_CRLSelector_MatchCallback matchCallback;
- PKIX_ComCRLSelParams *params;
- PKIX_PL_Object *context;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_CRLSelector_RegisterSelf(void *plContext);
-
-PKIX_Error *
-pkix_CRLSelector_Select(
- PKIX_CRLSelector *selector,
- PKIX_List *before,
- PKIX_List **pAfter,
- void *plContext);
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_CRLSELECTOR_H */
diff --git a/security/nss/lib/libpkix/pkix/manifest.mn b/security/nss/lib/libpkix/pkix/manifest.mn
deleted file mode 100755
index db157350a..000000000
--- a/security/nss/lib/libpkix/pkix/manifest.mn
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../../..
-DEPTH = ../../../..
-
-#
-DIRS = certsel crlsel checker params results store top util \
- $(NULL)
-
diff --git a/security/nss/lib/libpkix/pkix/params/Makefile b/security/nss/lib/libpkix/pkix/params/Makefile
deleted file mode 100755
index a06b8bed4..000000000
--- a/security/nss/lib/libpkix/pkix/params/Makefile
+++ /dev/null
@@ -1,81 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
diff --git a/security/nss/lib/libpkix/pkix/params/config.mk b/security/nss/lib/libpkix/pkix/params/config.mk
deleted file mode 100755
index 6f3fb7b4b..000000000
--- a/security/nss/lib/libpkix/pkix/params/config.mk
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/libpkix/pkix/params/manifest.mn b/security/nss/lib/libpkix/pkix/params/manifest.mn
deleted file mode 100755
index deadc6a1c..000000000
--- a/security/nss/lib/libpkix/pkix/params/manifest.mn
+++ /dev/null
@@ -1,62 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../../../..
-
-EXPORTS = \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- pkix_procparams.h \
- pkix_trustanchor.h \
- pkix_valparams.h \
- pkix_resourcelimits.h \
- $(NULL)
-
-MODULE = nss
-
-CSRCS = \
- pkix_trustanchor.c \
- pkix_procparams.c \
- pkix_valparams.c \
- pkix_resourcelimits.c \
- $(NULL)
-
-REQUIRES = dbm
-
-LIBRARY_NAME = pkixparams
-
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_buildparams.c b/security/nss/lib/libpkix/pkix/params/pkix_buildparams.c
deleted file mode 100755
index cba794c86..000000000
--- a/security/nss/lib/libpkix/pkix/params/pkix_buildparams.c
+++ /dev/null
@@ -1,317 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_buildparams.c
- *
- * Build Params Object Functions
- *
- */
-
-#include "pkix_buildparams.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_BuildParams_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_BuildParams_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_BuildParams *params = NULL;
-
- PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- /* Check that this object is a build params object */
- PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDPARAMS_TYPE, plContext),
- "Object is not a build params object");
-
- params = (PKIX_BuildParams *)object;
-
- PKIX_DECREF(params->procParams);
-
-cleanup:
-
- PKIX_RETURN(BUILDPARAMS);
-}
-
-/*
- * FUNCTION: pkix_BuildParams_Equals
- * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_BuildParams_Equals(
- PKIX_PL_Object *first,
- PKIX_PL_Object *second,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_UInt32 secondType;
- PKIX_Boolean cmpResult;
- PKIX_BuildParams *firstBuildParams = NULL;
- PKIX_BuildParams *secondBuildParams = NULL;
-
- PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_Equals");
- PKIX_NULLCHECK_THREE(first, second, pResult);
-
- PKIX_CHECK(pkix_CheckType(first, PKIX_BUILDPARAMS_TYPE, plContext),
- "First Argument is not a BuildParams object");
-
- PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
-
- *pResult = PKIX_FALSE;
-
- if (secondType != PKIX_BUILDPARAMS_TYPE) goto cleanup;
-
- firstBuildParams = (PKIX_BuildParams *)first;
- secondBuildParams = (PKIX_BuildParams *)second;
-
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)firstBuildParams->procParams,
- (PKIX_PL_Object *)secondBuildParams->procParams,
- &cmpResult,
- plContext),
- PKIX_OBJECTEQUALSFAILED);
-
- if (!cmpResult) goto cleanup;
-
- *pResult = cmpResult;
-
-cleanup:
-
- PKIX_RETURN(BUILDPARAMS);
-}
-
-/*
- * FUNCTION: pkix_BuildParams_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_BuildParams_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_BuildParams *buildParams = NULL;
- PKIX_UInt32 hash = 0;
- PKIX_UInt32 procParamsHash = 0;
-
- PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDPARAMS_TYPE, plContext),
- "Object is not a processingParams object");
-
- buildParams = (PKIX_BuildParams*)object;
-
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *)buildParams->procParams,
- &procParamsHash,
- plContext),
- PKIX_OBJECTHASHCODEFAILED);
-
- hash = 31 * procParamsHash;
-
- *pHashcode = hash;
-
-cleanup:
-
- PKIX_RETURN(BUILDPARAMS);
-}
-
-/*
- * FUNCTION: pkix_BuildParams_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_BuildParams_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_BuildParams *buildParams = NULL;
- char *asciiFormat = NULL;
- PKIX_PL_String *formatString = NULL;
- PKIX_PL_String *buildParamsString = NULL;
-
- PKIX_PL_String *procParamsString = NULL;
-
- PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_ToString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDPARAMS_TYPE, plContext),
- PKIX_OBJECTNOTBUILDPARAMS);
-
- asciiFormat =
- "[\n"
- "\tProcessing Params: \n"
- "\t********BEGIN PROCESSING PARAMS********\n"
- "\t\t%s\n"
- "\t********END PROCESSING PARAMS********\n"
- "]\n";
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- asciiFormat,
- 0,
- &formatString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- buildParams = (PKIX_BuildParams*)object;
-
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)buildParams->procParams,
- &procParamsString,
- plContext),
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&buildParamsString,
- plContext,
- formatString,
- procParamsString),
- PKIX_SPRINTFFAILED);
-
- *pString = buildParamsString;
-
-cleanup:
-
- PKIX_DECREF(formatString);
- PKIX_DECREF(procParamsString);
-
- PKIX_RETURN(BUILDPARAMS);
-}
-
-/*
- * FUNCTION: pkix_BuildParams_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_BUILDPARAMS_TYPE and its related functions with
- * systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_BuildParams_RegisterSelf(void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_RegisterSelf");
-
- entry.description = "BuildParams";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_BuildParams);
- entry.destructor = pkix_BuildParams_Destroy;
- entry.equalsFunction = pkix_BuildParams_Equals;
- entry.hashcodeFunction = pkix_BuildParams_Hashcode;
- entry.toStringFunction = pkix_BuildParams_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = NULL;
-
- systemClasses[PKIX_BUILDPARAMS_TYPE] = entry;
-
- PKIX_RETURN(BUILDPARAMS);
-}
-
-/* --Public-Functions--------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_BuildParams_Create (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_BuildParams_Create(
- PKIX_ProcessingParams *procParams,
- PKIX_BuildParams **pParams,
- void *plContext)
-{
- PKIX_BuildParams *params = NULL;
-
- PKIX_ENTER(BUILDPARAMS, "PKIX_BuildParams_Create");
- PKIX_NULLCHECK_TWO(procParams, pParams);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_BUILDPARAMS_TYPE,
- sizeof (PKIX_BuildParams),
- (PKIX_PL_Object **)&params,
- plContext),
- PKIX_COULDNOTCREATEBUILDPARAMSOBJECT);
-
- /* initialize fields */
- PKIX_INCREF(procParams);
- params->procParams = procParams;
-
- *pParams = params;
- params = NULL;
-
-cleanup:
-
- PKIX_DECREF(params);
-
- PKIX_RETURN(BUILDPARAMS);
-
-}
-
-/*
- * FUNCTION: PKIX_BuildParams_GetProcessingParams
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_BuildParams_GetProcessingParams(
- PKIX_BuildParams *buildParams,
- PKIX_ProcessingParams **pProcParams,
- void *plContext)
-{
- PKIX_ENTER(BUILDPARAMS, "PKIX_BuildParams_GetProcessingParams");
- PKIX_NULLCHECK_TWO(buildParams, pProcParams);
-
- PKIX_INCREF(buildParams->procParams);
-
- *pProcParams = buildParams->procParams;
-
-cleanup:
- PKIX_RETURN(BUILDPARAMS);
-}
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_buildparams.h b/security/nss/lib/libpkix/pkix/params/pkix_buildparams.h
deleted file mode 100755
index 5da2bc149..000000000
--- a/security/nss/lib/libpkix/pkix/params/pkix_buildparams.h
+++ /dev/null
@@ -1,65 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_buildparams.h
- *
- * BuildParams Object Type Definition
- *
- */
-
-#ifndef _PKIX_BUILDPARAMS_H
-#define _PKIX_BUILDPARAMS_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_BuildParamsStruct {
- PKIX_ProcessingParams *procParams; /* Never NULL */
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_BuildParams_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_BUILDPARAMS_H */
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_procparams.c b/security/nss/lib/libpkix/pkix/params/pkix_procparams.c
deleted file mode 100755
index 02033e27a..000000000
--- a/security/nss/lib/libpkix/pkix/params/pkix_procparams.c
+++ /dev/null
@@ -1,1411 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_procparams.c
- *
- * ProcessingParams Object Functions
- *
- */
-
-#include "pkix_procparams.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_ProcessingParams_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ProcessingParams_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_ProcessingParams *params = NULL;
-
- PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- /* Check that this object is a processing params object */
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_PROCESSINGPARAMS_TYPE, plContext),
- PKIX_OBJECTNOTPROCESSINGPARAMS);
-
- params = (PKIX_ProcessingParams *)object;
-
- PKIX_DECREF(params->trustAnchors);
- PKIX_DECREF(params->hintCerts);
- PKIX_DECREF(params->constraints);
- PKIX_DECREF(params->date);
- PKIX_DECREF(params->initialPolicies);
- PKIX_DECREF(params->certChainCheckers);
- PKIX_DECREF(params->revChecker);
- PKIX_DECREF(params->certStores);
- PKIX_DECREF(params->resourceLimits);
-
-cleanup:
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: pkix_ProcessingParams_Equals
- * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ProcessingParams_Equals(
- PKIX_PL_Object *first,
- PKIX_PL_Object *second,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_UInt32 secondType;
- PKIX_Boolean cmpResult;
- PKIX_ProcessingParams *firstProcParams = NULL;
- PKIX_ProcessingParams *secondProcParams = NULL;
-
- PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_Equals");
- PKIX_NULLCHECK_THREE(first, second, pResult);
-
- PKIX_CHECK(pkix_CheckType(first, PKIX_PROCESSINGPARAMS_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTPROCESSINGPARAMS);
-
- PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
-
- *pResult = PKIX_FALSE;
-
- if (secondType != PKIX_PROCESSINGPARAMS_TYPE) goto cleanup;
-
- firstProcParams = (PKIX_ProcessingParams *)first;
- secondProcParams = (PKIX_ProcessingParams *)second;
-
- /* Do the simplest tests first */
- if ((firstProcParams->qualifiersRejected) !=
- (secondProcParams->qualifiersRejected)) {
- goto cleanup;
- }
-
- if (firstProcParams->isCrlRevocationCheckingEnabled !=
- secondProcParams->isCrlRevocationCheckingEnabled) {
- goto cleanup;
- }
- if (firstProcParams->isCrlRevocationCheckingEnabledWithNISTPolicy !=
- secondProcParams->isCrlRevocationCheckingEnabledWithNISTPolicy) {
- goto cleanup;
- }
-
- /* trustAnchors can never be NULL */
-
- PKIX_EQUALS
- (firstProcParams->trustAnchors,
- secondProcParams->trustAnchors,
- &cmpResult,
- plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- if (!cmpResult) goto cleanup;
-
- PKIX_EQUALS
- (firstProcParams->hintCerts,
- secondProcParams->hintCerts,
- &cmpResult,
- plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- if (!cmpResult) goto cleanup;
-
- PKIX_EQUALS
- (firstProcParams->date,
- secondProcParams->date,
- &cmpResult,
- plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- if (!cmpResult) goto cleanup;
-
- PKIX_EQUALS
- (firstProcParams->constraints,
- secondProcParams->constraints,
- &cmpResult,
- plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- if (!cmpResult) goto cleanup;
-
- PKIX_EQUALS
- (firstProcParams->initialPolicies,
- secondProcParams->initialPolicies,
- &cmpResult,
- plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- if (!cmpResult) goto cleanup;
-
- /* There is no Equals function for CertChainCheckers */
-
- PKIX_EQUALS
- ((PKIX_PL_Object *)firstProcParams->certStores,
- (PKIX_PL_Object *)secondProcParams->certStores,
- &cmpResult,
- plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- if (!cmpResult) goto cleanup;
-
- PKIX_EQUALS
- (firstProcParams->resourceLimits,
- secondProcParams->resourceLimits,
- &cmpResult,
- plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- if (cmpResult == PKIX_FALSE) {
- *pResult = PKIX_FALSE;
- goto cleanup;
- }
-
- *pResult = cmpResult;
-
-cleanup:
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: pkix_ProcessingParams_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ProcessingParams_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_ProcessingParams *procParams = NULL;
- PKIX_UInt32 hash = 0;
- PKIX_UInt32 anchorsHash = 0;
- PKIX_UInt32 hintCertsHash = 0;
- PKIX_UInt32 dateHash = 0;
- PKIX_UInt32 constraintsHash = 0;
- PKIX_UInt32 initialHash = 0;
- PKIX_UInt32 rejectedHash = 0;
- PKIX_UInt32 certChainCheckersHash = 0;
- PKIX_UInt32 revCheckerHash = 0;
- PKIX_UInt32 certStoresHash = 0;
- PKIX_UInt32 resourceLimitsHash = 0;
-
- PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_PROCESSINGPARAMS_TYPE, plContext),
- PKIX_OBJECTNOTPROCESSINGPARAMS);
-
- procParams = (PKIX_ProcessingParams*)object;
-
- PKIX_HASHCODE(procParams->trustAnchors, &anchorsHash, plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- PKIX_HASHCODE(procParams->hintCerts, &hintCertsHash, plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- PKIX_HASHCODE(procParams->date, &dateHash, plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- PKIX_HASHCODE(procParams->constraints, &constraintsHash, plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- PKIX_HASHCODE(procParams->initialPolicies, &initialHash, plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- rejectedHash = procParams->qualifiersRejected;
-
- /* There is no Hash function for CertChainCheckers */
-
- PKIX_HASHCODE(procParams->certStores, &certStoresHash, plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- PKIX_HASHCODE(procParams->resourceLimits,
- &resourceLimitsHash,
- plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- hash = (31 * ((31 * anchorsHash) + hintCertsHash + dateHash)) +
- constraintsHash + initialHash + rejectedHash;
-
- hash += ((((certStoresHash + resourceLimitsHash) << 7) +
- certChainCheckersHash + revCheckerHash +
- procParams->isCrlRevocationCheckingEnabled +
- procParams->isCrlRevocationCheckingEnabledWithNISTPolicy) << 7);
-
- *pHashcode = hash;
-
-cleanup:
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: pkix_ProcessingParams_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ProcessingParams_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_ProcessingParams *procParams = NULL;
- char *asciiFormat = NULL;
- PKIX_PL_String *formatString = NULL;
- PKIX_PL_String *procParamsString = NULL;
- PKIX_PL_String *anchorsString = NULL;
- PKIX_PL_String *dateString = NULL;
- PKIX_PL_String *constraintsString = NULL;
- PKIX_PL_String *InitialPoliciesString = NULL;
- PKIX_PL_String *qualsRejectedString = NULL;
- PKIX_List *certStores = NULL;
- PKIX_PL_String *certStoresString = NULL;
- PKIX_PL_String *resourceLimitsString = NULL;
-
- PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_ToString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_PROCESSINGPARAMS_TYPE, plContext),
- PKIX_OBJECTNOTPROCESSINGPARAMS);
-
- asciiFormat =
- "[\n"
- "\tTrust Anchors: \n"
- "\t********BEGIN LIST OF TRUST ANCHORS********\n"
- "\t\t%s\n"
- "\t********END LIST OF TRUST ANCHORS********\n"
- "\tDate: \t\t%s\n"
- "\tTarget Constraints: %s\n"
- "\tInitial Policies: %s\n"
- "\tQualifiers Rejected: %s\n"
- "\tCert Stores: %s\n"
- "\tResource Limits: %s\n"
- "\tCRL Checking Enabled: %d\n"
- "]\n";
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- asciiFormat,
- 0,
- &formatString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- procParams = (PKIX_ProcessingParams*)object;
-
- PKIX_TOSTRING(procParams->trustAnchors, &anchorsString, plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_TOSTRING(procParams->date, &dateString, plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_TOSTRING(procParams->constraints, &constraintsString, plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_TOSTRING
- (procParams->initialPolicies, &InitialPoliciesString, plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- (procParams->qualifiersRejected)?"TRUE":"FALSE",
- 0,
- &qualsRejectedString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- /* There is no ToString function for CertChainCheckers */
-
- PKIX_CHECK(PKIX_ProcessingParams_GetCertStores
- (procParams, &certStores, plContext),
- PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED);
-
- PKIX_TOSTRING(certStores, &certStoresString, plContext,
- PKIX_LISTTOSTRINGFAILED);
-
- PKIX_TOSTRING(procParams->resourceLimits,
- &resourceLimitsString,
- plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&procParamsString,
- plContext,
- formatString,
- anchorsString,
- dateString,
- constraintsString,
- InitialPoliciesString,
- qualsRejectedString,
- certStoresString,
- resourceLimitsString,
- procParams->isCrlRevocationCheckingEnabled,
- procParams->isCrlRevocationCheckingEnabledWithNISTPolicy),
- PKIX_SPRINTFFAILED);
-
- *pString = procParamsString;
-
-cleanup:
-
- PKIX_DECREF(formatString);
- PKIX_DECREF(anchorsString);
- PKIX_DECREF(dateString);
- PKIX_DECREF(constraintsString);
- PKIX_DECREF(InitialPoliciesString);
- PKIX_DECREF(qualsRejectedString);
- PKIX_DECREF(certStores);
- PKIX_DECREF(certStoresString);
- PKIX_DECREF(resourceLimitsString);
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: pkix_ProcessingParams_Duplicate
- * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ProcessingParams_Duplicate(
- PKIX_PL_Object *object,
- PKIX_PL_Object **pNewObject,
- void *plContext)
-{
- PKIX_ProcessingParams *params = NULL;
- PKIX_ProcessingParams *paramsDuplicate = NULL;
-
- PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_Duplicate");
- PKIX_NULLCHECK_TWO(object, pNewObject);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_PROCESSINGPARAMS_TYPE, plContext),
- PKIX_OBJECTNOTPROCESSINGPARAMS);
-
- params = (PKIX_ProcessingParams *)object;
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_PROCESSINGPARAMS_TYPE,
- sizeof (PKIX_ProcessingParams),
- (PKIX_PL_Object **)&paramsDuplicate,
- plContext),
- PKIX_PROCESSINGPARAMSCREATEFAILED);
-
- /* initialize fields */
- PKIX_DUPLICATE
- (params->trustAnchors,
- &(paramsDuplicate->trustAnchors),
- plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- PKIX_DUPLICATE
- (params->hintCerts, &(paramsDuplicate->hintCerts), plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- PKIX_DUPLICATE
- (params->constraints,
- &(paramsDuplicate->constraints),
- plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- PKIX_DUPLICATE
- (params->date, &(paramsDuplicate->date), plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- PKIX_DUPLICATE
- (params->initialPolicies,
- &(paramsDuplicate->initialPolicies),
- plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- paramsDuplicate->initialPolicyMappingInhibit =
- params->initialPolicyMappingInhibit;
- paramsDuplicate->initialAnyPolicyInhibit =
- params->initialAnyPolicyInhibit;
- paramsDuplicate->initialExplicitPolicy = params->initialExplicitPolicy;
- paramsDuplicate->qualifiersRejected = params->qualifiersRejected;
-
- PKIX_DUPLICATE
- (params->certChainCheckers,
- &(paramsDuplicate->certChainCheckers),
- plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- PKIX_DUPLICATE
- (params->revChecker,
- &(paramsDuplicate->revChecker),
- plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- PKIX_DUPLICATE
- (params->certStores, &(paramsDuplicate->certStores), plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- PKIX_DUPLICATE
- (params->resourceLimits,
- &(paramsDuplicate->resourceLimits),
- plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- paramsDuplicate->isCrlRevocationCheckingEnabled =
- params->isCrlRevocationCheckingEnabled;
-
- paramsDuplicate->isCrlRevocationCheckingEnabledWithNISTPolicy =
- params->isCrlRevocationCheckingEnabledWithNISTPolicy;
-
- *pNewObject = (PKIX_PL_Object *)paramsDuplicate;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(paramsDuplicate);
- }
-
- PKIX_RETURN(PROCESSINGPARAMS);
-
-}
-
-/*
- * FUNCTION: pkix_ProcessingParams_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_PROCESSINGPARAMS_TYPE and its related functions with
- * systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_ProcessingParams_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_RegisterSelf");
-
- entry.description = "ProcessingParams";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_ProcessingParams);
- entry.destructor = pkix_ProcessingParams_Destroy;
- entry.equalsFunction = pkix_ProcessingParams_Equals;
- entry.hashcodeFunction = pkix_ProcessingParams_Hashcode;
- entry.toStringFunction = pkix_ProcessingParams_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_ProcessingParams_Duplicate;
-
- systemClasses[PKIX_PROCESSINGPARAMS_TYPE] = entry;
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/* --Public-Functions--------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_ProcessingParams_Create (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_Create(
- PKIX_ProcessingParams **pParams,
- void *plContext)
-{
- PKIX_ProcessingParams *params = NULL;
-
- PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_Create");
- PKIX_NULLCHECK_ONE(pParams);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_PROCESSINGPARAMS_TYPE,
- sizeof (PKIX_ProcessingParams),
- (PKIX_PL_Object **)&params,
- plContext),
- PKIX_COULDNOTCREATEPROCESSINGPARAMSOBJECT);
-
- /* initialize fields */
- PKIX_CHECK(PKIX_List_Create(&params->trustAnchors, plContext),
- PKIX_LISTCREATEFAILED);
- PKIX_CHECK(PKIX_List_SetImmutable(params->trustAnchors, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- PKIX_CHECK(PKIX_PL_Date_Create_UTCTime
- (NULL, &params->date, plContext),
- PKIX_DATECREATEUTCTIMEFAILED);
-
- params->hintCerts = NULL;
- params->constraints = NULL;
- params->initialPolicies = NULL;
- params->initialPolicyMappingInhibit = PKIX_FALSE;
- params->initialAnyPolicyInhibit = PKIX_FALSE;
- params->initialExplicitPolicy = PKIX_FALSE;
- params->qualifiersRejected = PKIX_FALSE;
- params->certChainCheckers = NULL;
- params->revChecker = NULL;
- params->certStores = NULL;
- params->resourceLimits = NULL;
-
- params->isCrlRevocationCheckingEnabled = PKIX_TRUE;
-
- params->isCrlRevocationCheckingEnabledWithNISTPolicy = PKIX_TRUE;
-
- params->useAIAForCertFetching = PKIX_FALSE;
- params->qualifyTargetCert = PKIX_TRUE;
-
- *pParams = params;
- params = NULL;
-
-cleanup:
-
- PKIX_DECREF(params);
-
- PKIX_RETURN(PROCESSINGPARAMS);
-
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetUseAIAForCertFetching
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetUseAIAForCertFetching(
- PKIX_ProcessingParams *params,
- PKIX_Boolean *pUseAIA, /* list of TrustAnchor */
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetUseAIAForCertFetching");
- PKIX_NULLCHECK_TWO(params, pUseAIA);
-
- *pUseAIA = params->useAIAForCertFetching;
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetUseAIAForCertFetching
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetUseAIAForCertFetching(
- PKIX_ProcessingParams *params,
- PKIX_Boolean useAIA,
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetUseAIAForCertFetching");
- PKIX_NULLCHECK_ONE(params);
-
- params->useAIAForCertFetching = useAIA;
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetQualifyTargetCert
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetValidateTargetCert(
- PKIX_ProcessingParams *params,
- PKIX_Boolean *pQualifyTargetCert,
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS,
- "PKIX_ProcessingParams_GetValidateTargetCert");
- PKIX_NULLCHECK_TWO(params, pQualifyTargetCert);
-
- *pQualifyTargetCert = params->qualifyTargetCert;
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetQualifyTargetCert
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetQualifyTargetCert(
- PKIX_ProcessingParams *params,
- PKIX_Boolean qualifyTargetCert,
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS,
- "PKIX_ProcessingParams_SetQualifyTargetCert");
- PKIX_NULLCHECK_ONE(params);
-
- params->qualifyTargetCert = qualifyTargetCert;
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetTrustAnchors
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetTrustAnchors(
- PKIX_ProcessingParams *params,
- PKIX_List *anchors, /* list of TrustAnchor */
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetTrustAnchors");
- PKIX_NULLCHECK_TWO(params, anchors);
-
- PKIX_DECREF(params->trustAnchors);
-
- PKIX_INCREF(anchors);
- params->trustAnchors = anchors;
- PKIX_CHECK(PKIX_List_SetImmutable(params->trustAnchors, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
-cleanup:
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetTrustAnchors
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetTrustAnchors(
- PKIX_ProcessingParams *params,
- PKIX_List **pAnchors, /* list of TrustAnchor */
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetTrustAnchors");
- PKIX_NULLCHECK_TWO(params, pAnchors);
-
- PKIX_INCREF(params->trustAnchors);
-
- *pAnchors = params->trustAnchors;
-
-cleanup:
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetDate (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetDate(
- PKIX_ProcessingParams *params,
- PKIX_PL_Date **pDate,
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetDate");
- PKIX_NULLCHECK_TWO(params, pDate);
-
- PKIX_INCREF(params->date);
- *pDate = params->date;
-
-cleanup:
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetDate (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetDate(
- PKIX_ProcessingParams *params,
- PKIX_PL_Date *date,
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetDate");
- PKIX_NULLCHECK_ONE(params);
-
- PKIX_DECREF(params->date);
-
- PKIX_INCREF(date);
- params->date = date;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED && params) {
- PKIX_DECREF(params->date);
- }
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetTargetCertConstraints
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetTargetCertConstraints(
- PKIX_ProcessingParams *params,
- PKIX_CertSelector **pConstraints,
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS,
- "PKIX_ProcessingParams_GetTargetCertConstraints");
-
- PKIX_NULLCHECK_TWO(params, pConstraints);
-
- PKIX_INCREF(params->constraints);
- *pConstraints = params->constraints;
-
-cleanup:
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetTargetCertConstraints
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetTargetCertConstraints(
- PKIX_ProcessingParams *params,
- PKIX_CertSelector *constraints,
- void *plContext)
-{
-
- PKIX_ENTER(PROCESSINGPARAMS,
- "PKIX_ProcessingParams_SetTargetCertConstraints");
-
- PKIX_NULLCHECK_ONE(params);
-
- PKIX_DECREF(params->constraints);
-
- PKIX_INCREF(constraints);
- params->constraints = constraints;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
- if (PKIX_ERROR_RECEIVED && params) {
- PKIX_DECREF(params->constraints);
- }
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetInitialPolicies
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetInitialPolicies(
- PKIX_ProcessingParams *params,
- PKIX_List **pInitPolicies, /* list of PKIX_PL_OID */
- void *plContext)
-{
-
- PKIX_ENTER(PROCESSINGPARAMS,
- "PKIX_ProcessingParams_GetInitialPolicies");
-
- PKIX_NULLCHECK_TWO(params, pInitPolicies);
-
- if (params->initialPolicies == NULL) {
- PKIX_CHECK(PKIX_List_Create
- (&params->initialPolicies, plContext),
- PKIX_UNABLETOCREATELIST);
- PKIX_CHECK(PKIX_List_SetImmutable
- (params->initialPolicies, plContext),
- PKIX_UNABLETOMAKELISTIMMUTABLE);
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
- }
-
- PKIX_INCREF(params->initialPolicies);
- *pInitPolicies = params->initialPolicies;
-
-cleanup:
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetInitialPolicies
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetInitialPolicies(
- PKIX_ProcessingParams *params,
- PKIX_List *initPolicies, /* list of PKIX_PL_OID */
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS,
- "PKIX_ProcessingParams_SetInitialPolicies");
- PKIX_NULLCHECK_ONE(params);
-
- PKIX_DECREF(params->initialPolicies);
-
- PKIX_INCREF(initPolicies);
- params->initialPolicies = initPolicies;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED && params) {
- PKIX_DECREF(params->initialPolicies);
- }
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetPolicyQualifiersRejected
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetPolicyQualifiersRejected(
- PKIX_ProcessingParams *params,
- PKIX_Boolean *pRejected,
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS,
- "PKIX_ProcessingParams_GetPolicyQualifiersRejected");
-
- PKIX_NULLCHECK_TWO(params, pRejected);
-
- *pRejected = params->qualifiersRejected;
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetPolicyQualifiersRejected
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetPolicyQualifiersRejected(
- PKIX_ProcessingParams *params,
- PKIX_Boolean rejected,
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS,
- "PKIX_ProcessingParams_SetPolicyQualifiersRejected");
-
- PKIX_NULLCHECK_ONE(params);
-
- params->qualifiersRejected = rejected;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetCertChainCheckers
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetCertChainCheckers(
- PKIX_ProcessingParams *params,
- PKIX_List **pCheckers, /* list of PKIX_CertChainChecker */
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS,
- "PKIX_ProcessingParams_GetCertChainCheckers");
- PKIX_NULLCHECK_TWO(params, pCheckers);
-
- PKIX_INCREF(params->certChainCheckers);
- *pCheckers = params->certChainCheckers;
-
-cleanup:
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetCertChainCheckers
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetCertChainCheckers(
- PKIX_ProcessingParams *params,
- PKIX_List *checkers, /* list of PKIX_CertChainChecker */
- void *plContext)
-{
-
- PKIX_ENTER(PROCESSINGPARAMS,
- "PKIX_ProcessingParams_SetCertChainCheckers");
- PKIX_NULLCHECK_ONE(params);
-
- PKIX_DECREF(params->certChainCheckers);
-
- PKIX_INCREF(checkers);
- params->certChainCheckers = checkers;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED && params) {
- PKIX_DECREF(params->certChainCheckers);
- }
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_AddCertChainCheckers
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_AddCertChainChecker(
- PKIX_ProcessingParams *params,
- PKIX_CertChainChecker *checker,
- void *plContext)
-{
- PKIX_List *list = NULL;
-
- PKIX_ENTER(PROCESSINGPARAMS,
- "PKIX_ProcessingParams_AddCertChainChecker");
- PKIX_NULLCHECK_TWO(params, checker);
-
- if (params->certChainCheckers == NULL) {
-
- PKIX_CHECK(PKIX_List_Create(&list, plContext),
- PKIX_LISTCREATEFAILED);
-
- params->certChainCheckers = list;
- }
-
- PKIX_CHECK(PKIX_List_AppendItem
- (params->certChainCheckers, (PKIX_PL_Object *)checker, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
- list = NULL;
-
-cleanup:
-
- if (list && params) {
- PKIX_DECREF(params->certChainCheckers);
- }
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetRevocationChecker
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetRevocationChecker(
- PKIX_ProcessingParams *params,
- PKIX_RevocationChecker **pChecker,
- void *plContext)
-{
-
- PKIX_ENTER
- (PROCESSINGPARAMS, "PKIX_ProcessingParams_GetRevocationCheckers");
- PKIX_NULLCHECK_TWO(params, pChecker);
-
- PKIX_INCREF(params->revChecker);
- *pChecker = params->revChecker;
-
-cleanup:
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetRevocationChecker
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetRevocationChecker(
- PKIX_ProcessingParams *params,
- PKIX_RevocationChecker *checker,
- void *plContext)
-{
-
- PKIX_ENTER(PROCESSINGPARAMS,
- "PKIX_ProcessingParams_InitRevocationChecker");
- PKIX_NULLCHECK_ONE(params);
-
- PKIX_DECREF(params->revChecker);
- PKIX_INCREF(checker);
- params->revChecker = checker;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-cleanup:
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetCertStores
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetCertStores(
- PKIX_ProcessingParams *params,
- PKIX_List **pStores, /* list of PKIX_CertStore */
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetCertStores");
-
- PKIX_NULLCHECK_TWO(params, pStores);
-
- if (!params->certStores){
- PKIX_CHECK(PKIX_List_Create(&params->certStores, plContext),
- PKIX_UNABLETOCREATELIST);
- }
-
- PKIX_INCREF(params->certStores);
- *pStores = params->certStores;
-
-cleanup:
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetCertStores
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetCertStores(
- PKIX_ProcessingParams *params,
- PKIX_List *stores, /* list of PKIX_CertStore */
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetCertStores");
-
- PKIX_NULLCHECK_ONE(params);
-
- PKIX_DECREF(params->certStores);
-
- PKIX_INCREF(stores);
- params->certStores = stores;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED && params) {
- PKIX_DECREF(params->certStores);
- }
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_AddCertStore
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_AddCertStore(
- PKIX_ProcessingParams *params,
- PKIX_CertStore *store,
- void *plContext)
-{
- PKIX_List *certStores = NULL;
-
- PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_AddCertStore");
- PKIX_NULLCHECK_TWO(params, store);
-
- PKIX_CHECK(PKIX_ProcessingParams_GetCertStores
- (params, &certStores, plContext),
- PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (certStores, (PKIX_PL_Object *)store, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_DECREF(certStores);
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetResourceLimits
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetResourceLimits(
- PKIX_ProcessingParams *params,
- PKIX_ResourceLimits *resourceLimits,
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS,
- "PKIX_ProcessingParams_SetResourceLimits");
-
- PKIX_NULLCHECK_TWO(params, resourceLimits);
-
- PKIX_DECREF(params->resourceLimits);
- PKIX_INCREF(resourceLimits);
- params->resourceLimits = resourceLimits;
-
-cleanup:
- if (PKIX_ERROR_RECEIVED && params) {
- PKIX_DECREF(params->resourceLimits);
- }
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetResourceLimits
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetResourceLimits(
- PKIX_ProcessingParams *params,
- PKIX_ResourceLimits **pResourceLimits,
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS,
- "PKIX_ProcessingParams_GetResourceLimits");
-
- PKIX_NULLCHECK_TWO(params, pResourceLimits);
-
- PKIX_INCREF(params->resourceLimits);
- *pResourceLimits = params->resourceLimits;
-
-cleanup:
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_IsAnyPolicyInhibited
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_IsAnyPolicyInhibited(
- PKIX_ProcessingParams *params,
- PKIX_Boolean *pInhibited,
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS,
- "PKIX_ProcessingParams_IsAnyPolicyInhibited");
-
- PKIX_NULLCHECK_TWO(params, pInhibited);
-
- *pInhibited = params->initialAnyPolicyInhibit;
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetAnyPolicyInhibited
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetAnyPolicyInhibited(
- PKIX_ProcessingParams *params,
- PKIX_Boolean inhibited,
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS,
- "PKIX_ProcessingParams_SetAnyPolicyInhibited");
-
- PKIX_NULLCHECK_ONE(params);
-
- params->initialAnyPolicyInhibit = inhibited;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_IsExplicitPolicyRequired
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_IsExplicitPolicyRequired(
- PKIX_ProcessingParams *params,
- PKIX_Boolean *pRequired,
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS,
- "PKIX_ProcessingParams_IsExplicitPolicyRequired");
-
- PKIX_NULLCHECK_TWO(params, pRequired);
-
- *pRequired = params->initialExplicitPolicy;
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetExplicitPolicyRequired
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetExplicitPolicyRequired(
- PKIX_ProcessingParams *params,
- PKIX_Boolean required,
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS,
- "PKIX_ProcessingParams_SetExplicitPolicyRequired");
-
- PKIX_NULLCHECK_ONE(params);
-
- params->initialExplicitPolicy = required;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_IsPolicyMappingInhibited
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_IsPolicyMappingInhibited(
- PKIX_ProcessingParams *params,
- PKIX_Boolean *pInhibited,
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS,
- "PKIX_ProcessingParams_IsPolicyMappingInhibited");
-
- PKIX_NULLCHECK_TWO(params, pInhibited);
-
- *pInhibited = params->initialPolicyMappingInhibit;
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetPolicyMappingInhibited
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetPolicyMappingInhibited(
- PKIX_ProcessingParams *params,
- PKIX_Boolean inhibited,
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS,
- "PKIX_ProcessingParams_SetPolicyMappingInhibited");
-
- PKIX_NULLCHECK_ONE(params);
-
- params->initialPolicyMappingInhibit = inhibited;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)params, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_SetHintCerts
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_SetHintCerts(
- PKIX_ProcessingParams *params,
- PKIX_List *hintCerts,
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetHintCerts");
-
- PKIX_NULLCHECK_ONE(params);
-
- PKIX_DECREF(params->hintCerts);
- PKIX_INCREF(hintCerts);
- params->hintCerts = hintCerts;
-
-cleanup:
- if (PKIX_ERROR_RECEIVED && params) {
- PKIX_DECREF(params->hintCerts);
- }
-
- PKIX_RETURN(PROCESSINGPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ProcessingParams_GetHintCerts
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ProcessingParams_GetHintCerts(
- PKIX_ProcessingParams *params,
- PKIX_List **pHintCerts,
- void *plContext)
-{
- PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetHintCerts");
-
- PKIX_NULLCHECK_TWO(params, pHintCerts);
-
- PKIX_INCREF(params->hintCerts);
- *pHintCerts = params->hintCerts;
-
-cleanup:
- PKIX_RETURN(PROCESSINGPARAMS);
-}
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_procparams.h b/security/nss/lib/libpkix/pkix/params/pkix_procparams.h
deleted file mode 100755
index 5006a7f9a..000000000
--- a/security/nss/lib/libpkix/pkix/params/pkix_procparams.h
+++ /dev/null
@@ -1,82 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_procparams.h
- *
- * ProcessingParams Object Type Definition
- *
- */
-
-#ifndef _PKIX_PROCESSINGPARAMS_H
-#define _PKIX_PROCESSINGPARAMS_H
-
-#include "pkix_tools.h"
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_ProcessingParamsStruct {
- PKIX_List *trustAnchors; /* Never NULL */
- PKIX_List *hintCerts; /* user-supplied partial chain, may be NULL */
- PKIX_CertSelector *constraints;
- PKIX_PL_Date *date;
- PKIX_List *initialPolicies; /* list of PKIX_PL_OID */
- PKIX_Boolean initialPolicyMappingInhibit;
- PKIX_Boolean initialAnyPolicyInhibit;
- PKIX_Boolean initialExplicitPolicy;
- PKIX_Boolean qualifiersRejected;
- PKIX_List *certChainCheckers;
- PKIX_List *certStores;
- PKIX_Boolean isCrlRevocationCheckingEnabled;
- PKIX_Boolean isCrlRevocationCheckingEnabledWithNISTPolicy;
- PKIX_RevocationChecker *revChecker;
- PKIX_ResourceLimits *resourceLimits;
- PKIX_Boolean useAIAForCertFetching;
- PKIX_Boolean qualifyTargetCert;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_ProcessingParams_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PROCESSINGPARAMS_H */
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.c b/security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.c
deleted file mode 100755
index 2a3a14b2b..000000000
--- a/security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.c
+++ /dev/null
@@ -1,466 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_resourcelimits.c
- *
- * Resourcelimits Params Object Functions
- *
- */
-
-#include "pkix_resourcelimits.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_ResourceLimits_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ResourceLimits_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_ResourceLimits *rLimits = NULL;
-
- PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- /* Check that this object is a ResourceLimits object */
- PKIX_CHECK(pkix_CheckType(object, PKIX_RESOURCELIMITS_TYPE, plContext),
- PKIX_OBJECTNOTRESOURCELIMITS);
-
- rLimits = (PKIX_ResourceLimits *)object;
-
- rLimits->maxTime = 0;
- rLimits->maxFanout = 0;
- rLimits->maxDepth = 0;
- rLimits->maxCertsNumber = 0;
- rLimits->maxCrlsNumber = 0;
-
-cleanup:
-
- PKIX_RETURN(RESOURCELIMITS);
-}
-
-/*
- * FUNCTION: pkix_ResourceLimits_Equals
- * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ResourceLimits_Equals(
- PKIX_PL_Object *first,
- PKIX_PL_Object *second,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_UInt32 secondType;
- PKIX_Boolean cmpResult;
- PKIX_ResourceLimits *firstRLimits = NULL;
- PKIX_ResourceLimits *secondRLimits = NULL;
-
- PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_Equals");
- PKIX_NULLCHECK_THREE(first, second, pResult);
-
- PKIX_CHECK(pkix_CheckType(first, PKIX_RESOURCELIMITS_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTRESOURCELIMITS);
-
- PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
-
- *pResult = PKIX_FALSE;
-
- if (secondType != PKIX_RESOURCELIMITS_TYPE) goto cleanup;
-
- firstRLimits = (PKIX_ResourceLimits *)first;
- secondRLimits = (PKIX_ResourceLimits *)second;
-
- cmpResult = (firstRLimits->maxTime == secondRLimits->maxTime) &&
- (firstRLimits->maxFanout == secondRLimits->maxFanout) &&
- (firstRLimits->maxDepth == secondRLimits->maxDepth) &&
- (firstRLimits->maxCertsNumber ==
- secondRLimits->maxCertsNumber) &&
- (firstRLimits->maxCrlsNumber ==
- secondRLimits->maxCrlsNumber);
-
- *pResult = cmpResult;
-
-cleanup:
-
- PKIX_RETURN(RESOURCELIMITS);
-}
-
-/*
- * FUNCTION: pkix_ResourceLimits_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ResourceLimits_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_ResourceLimits *rLimits = NULL;
- PKIX_UInt32 hash = 0;
-
- PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_RESOURCELIMITS_TYPE, plContext),
- PKIX_OBJECTNOTRESOURCELIMITS);
-
- rLimits = (PKIX_ResourceLimits*)object;
-
- hash = 31 * rLimits->maxTime + (rLimits->maxFanout << 1) +
- (rLimits->maxDepth << 2) + (rLimits->maxCertsNumber << 3) +
- rLimits->maxCrlsNumber;
-
- *pHashcode = hash;
-
-cleanup:
-
- PKIX_RETURN(RESOURCELIMITS);
-}
-
-/*
- * FUNCTION: pkix_ResourceLimits_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ResourceLimits_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_ResourceLimits *rLimits = NULL;
- char *asciiFormat = NULL;
- PKIX_PL_String *formatString = NULL;
- PKIX_PL_String *rLimitsString = NULL;
-
- PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_ToString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_RESOURCELIMITS_TYPE, plContext),
- PKIX_OBJECTNOTRESOURCELIMITS);
-
- /* maxCertsNumber and maxCrlsNumber are not supported */
- asciiFormat =
- "[\n"
- "\tMaxTime: \t\t%d\n"
- "\tMaxFanout: \t\t%d\n"
- "\tMaxDepth: \t\t%d\n"
- "]\n";
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- asciiFormat,
- 0,
- &formatString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- rLimits = (PKIX_ResourceLimits*)object;
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&rLimitsString,
- plContext,
- formatString,
- rLimits->maxTime,
- rLimits->maxFanout,
- rLimits->maxDepth),
- PKIX_SPRINTFFAILED);
-
- *pString = rLimitsString;
-
-cleanup:
-
- PKIX_DECREF(formatString);
-
- PKIX_RETURN(RESOURCELIMITS);
-}
-
-/*
- * FUNCTION: pkix_ResourceLimits_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_RESOURCELIMITS_TYPE and its related functions with
- * systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_ResourceLimits_RegisterSelf(void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_RegisterSelf");
-
- entry.description = "ResourceLimits";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_ResourceLimits);
- entry.destructor = pkix_ResourceLimits_Destroy;
- entry.equalsFunction = pkix_ResourceLimits_Equals;
- entry.hashcodeFunction = pkix_ResourceLimits_Hashcode;
- entry.toStringFunction = pkix_ResourceLimits_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = NULL;
-
- systemClasses[PKIX_RESOURCELIMITS_TYPE] = entry;
-
- PKIX_RETURN(RESOURCELIMITS);
-}
-
-/* --Public-Functions--------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_ResourceLimits_Create (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ResourceLimits_Create(
- PKIX_ResourceLimits **pResourceLimits,
- void *plContext)
-{
- PKIX_ResourceLimits *rLimits = NULL;
-
- PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_Create");
- PKIX_NULLCHECK_ONE(pResourceLimits);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_RESOURCELIMITS_TYPE,
- sizeof (PKIX_ResourceLimits),
- (PKIX_PL_Object **)&rLimits,
- plContext),
- PKIX_COULDNOTCREATERESOURCELIMITOBJECT);
-
- /* initialize fields */
- rLimits->maxTime = 0;
- rLimits->maxFanout = 0;
- rLimits->maxDepth = 0;
- rLimits->maxCertsNumber = 0;
- rLimits->maxCrlsNumber = 0;
-
- *pResourceLimits = rLimits;
-
-cleanup:
-
- PKIX_RETURN(RESOURCELIMITS);
-
-}
-
-/*
- * FUNCTION: PKIX_ResourceLimits_GetMaxTime
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ResourceLimits_GetMaxTime(
- PKIX_ResourceLimits *rLimits,
- PKIX_UInt32 *pMaxTime,
- void *plContext)
-{
- PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxTime");
- PKIX_NULLCHECK_TWO(rLimits, pMaxTime);
-
- *pMaxTime = rLimits->maxTime;
-
- PKIX_RETURN(RESOURCELIMITS);
-}
-
-/*
- * FUNCTION: PKIX_ResourceLimits_SetMaxTime
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ResourceLimits_SetMaxTime(
- PKIX_ResourceLimits *rLimits,
- PKIX_UInt32 maxTime,
- void *plContext)
-{
- PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxTime");
- PKIX_NULLCHECK_ONE(rLimits);
-
- rLimits->maxTime = maxTime;
-
- PKIX_RETURN(RESOURCELIMITS);
-}
-
-/*
- * FUNCTION: PKIX_ResourceLimits_GetMaxFanout
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ResourceLimits_GetMaxFanout(
- PKIX_ResourceLimits *rLimits,
- PKIX_UInt32 *pMaxFanout,
- void *plContext)
-{
- PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxFanout");
- PKIX_NULLCHECK_TWO(rLimits, pMaxFanout);
-
- *pMaxFanout = rLimits->maxFanout;
-
- PKIX_RETURN(RESOURCELIMITS);
-}
-
-/*
- * FUNCTION: PKIX_ResourceLimits_SetMaxFanout
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ResourceLimits_SetMaxFanout(
- PKIX_ResourceLimits *rLimits,
- PKIX_UInt32 maxFanout,
- void *plContext)
-{
- PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxFanout");
- PKIX_NULLCHECK_ONE(rLimits);
-
- rLimits->maxFanout = maxFanout;
-
- PKIX_RETURN(RESOURCELIMITS);
-}
-
-/*
- * FUNCTION: PKIX_ResourceLimits_GetMaxDepth
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ResourceLimits_GetMaxDepth(
- PKIX_ResourceLimits *rLimits,
- PKIX_UInt32 *pMaxDepth,
- void *plContext)
-{
- PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxDepth");
- PKIX_NULLCHECK_TWO(rLimits, pMaxDepth);
-
- *pMaxDepth = rLimits->maxDepth;
-
- PKIX_RETURN(RESOURCELIMITS);
-}
-
-/*
- * FUNCTION: PKIX_ResourceLimits_SetMaxDepth
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ResourceLimits_SetMaxDepth(
- PKIX_ResourceLimits *rLimits,
- PKIX_UInt32 maxDepth,
- void *plContext)
-{
- PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxDepth");
- PKIX_NULLCHECK_ONE(rLimits);
-
- rLimits->maxDepth = maxDepth;
-
- PKIX_RETURN(RESOURCELIMITS);
-}
-
-/*
- * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCerts
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ResourceLimits_GetMaxNumberOfCerts(
- PKIX_ResourceLimits *rLimits,
- PKIX_UInt32 *pMaxNumber,
- void *plContext)
-{
- PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxNumberOfCerts");
- PKIX_NULLCHECK_TWO(rLimits, pMaxNumber);
-
- *pMaxNumber = rLimits->maxCertsNumber;
-
- PKIX_RETURN(RESOURCELIMITS);
-}
-
-/*
- * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCerts
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ResourceLimits_SetMaxNumberOfCerts(
- PKIX_ResourceLimits *rLimits,
- PKIX_UInt32 maxNumber,
- void *plContext)
-{
- PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxNumberOfCerts");
- PKIX_NULLCHECK_ONE(rLimits);
-
- rLimits->maxCertsNumber = maxNumber;
-
- PKIX_RETURN(RESOURCELIMITS);
-}
-
-/*
- * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCRLs
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ResourceLimits_GetMaxNumberOfCRLs(
- PKIX_ResourceLimits *rLimits,
- PKIX_UInt32 *pMaxNumber,
- void *plContext)
-{
- PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxNumberOfCRLs");
- PKIX_NULLCHECK_TWO(rLimits, pMaxNumber);
-
- *pMaxNumber = rLimits->maxCrlsNumber;
-
- PKIX_RETURN(RESOURCELIMITS);
-}
-
-/*
- * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCRLs
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ResourceLimits_SetMaxNumberOfCRLs(
- PKIX_ResourceLimits *rLimits,
- PKIX_UInt32 maxNumber,
- void *plContext)
-{
- PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxNumberOfCRLs");
- PKIX_NULLCHECK_ONE(rLimits);
-
- rLimits->maxCrlsNumber = maxNumber;
-
- PKIX_RETURN(RESOURCELIMITS);
-}
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.h b/security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.h
deleted file mode 100755
index 8788f4dff..000000000
--- a/security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_resourcelimits.h
- *
- * ResourceLimits Object Type Definition
- *
- */
-
-#ifndef _PKIX_RESOURCELIMITS_H
-#define _PKIX_RESOURCELIMITS_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_ResourceLimitsStruct {
- PKIX_UInt32 maxTime;
- PKIX_UInt32 maxFanout;
- PKIX_UInt32 maxDepth;
- PKIX_UInt32 maxCertsNumber;
- PKIX_UInt32 maxCrlsNumber;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_ResourceLimits_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_RESOURCELIMITS_H */
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c b/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c
deleted file mode 100755
index b903bb248..000000000
--- a/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c
+++ /dev/null
@@ -1,554 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_trustanchor.c
- *
- * TrustAnchor Object Functions
- *
- */
-
-#include "pkix_trustanchor.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_TrustAnchor_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_TrustAnchor_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_TrustAnchor *anchor = NULL;
-
- PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- /* Check that this object is a trust anchor */
- PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
- PKIX_OBJECTNOTTRUSTANCHOR);
-
- anchor = (PKIX_TrustAnchor *)object;
-
- PKIX_DECREF(anchor->trustedCert);
- PKIX_DECREF(anchor->caName);
- PKIX_DECREF(anchor->caPubKey);
- PKIX_DECREF(anchor->nameConstraints);
-
-cleanup:
-
- PKIX_RETURN(TRUSTANCHOR);
-}
-
-/*
- * FUNCTION: pkix_TrustAnchor_Equals
- * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_TrustAnchor_Equals(
- PKIX_PL_Object *first,
- PKIX_PL_Object *second,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_UInt32 secondType;
- PKIX_Boolean cmpResult;
- PKIX_TrustAnchor *firstAnchor = NULL;
- PKIX_TrustAnchor *secondAnchor = NULL;
- PKIX_PL_Cert *firstCert = NULL;
- PKIX_PL_Cert *secondCert = NULL;
-
- PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Equals");
- PKIX_NULLCHECK_THREE(first, second, pResult);
-
- PKIX_CHECK(pkix_CheckType(first, PKIX_TRUSTANCHOR_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTTRUSTANCHOR);
-
- PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
-
- *pResult = PKIX_FALSE;
-
- if (secondType != PKIX_TRUSTANCHOR_TYPE) goto cleanup;
-
- firstAnchor = (PKIX_TrustAnchor *)first;
- secondAnchor = (PKIX_TrustAnchor *)second;
-
- firstCert = firstAnchor->trustedCert;
- secondCert = secondAnchor->trustedCert;
-
- if ((firstCert && !secondCert) || (!firstCert && secondCert)){
- goto cleanup;
- }
-
- if (firstCert && secondCert){
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)firstCert,
- (PKIX_PL_Object *)secondCert,
- &cmpResult,
- plContext),
- PKIX_OBJECTEQUALSFAILED);
- } else {
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)firstAnchor->caName,
- (PKIX_PL_Object *)secondAnchor->caName,
- &cmpResult,
- plContext),
- PKIX_OBJECTEQUALSFAILED);
-
- if (!cmpResult) goto cleanup;
-
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)firstAnchor->caPubKey,
- (PKIX_PL_Object *)secondAnchor->caPubKey,
- &cmpResult,
- plContext),
- PKIX_OBJECTEQUALSFAILED);
-
- if (!cmpResult) goto cleanup;
-
- PKIX_EQUALS
- (firstAnchor->nameConstraints,
- secondAnchor->nameConstraints,
- &cmpResult,
- plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- if (!cmpResult) goto cleanup;
-
- }
-
- *pResult = cmpResult;
-
-cleanup:
-
- PKIX_RETURN(TRUSTANCHOR);
-}
-
-/*
- * FUNCTION: pkix_TrustAnchor_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_TrustAnchor_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_TrustAnchor *anchor = NULL;
- PKIX_PL_Cert *cert = NULL;
- PKIX_UInt32 hash = 0;
- PKIX_UInt32 certHash = 0;
- PKIX_UInt32 nameHash = 0;
- PKIX_UInt32 pubKeyHash = 0;
- PKIX_UInt32 ncHash = 0;
-
- PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
- PKIX_OBJECTNOTTRUSTANCHOR);
-
- anchor = (PKIX_TrustAnchor*)object;
- cert = anchor->trustedCert;
-
- if (cert){
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *)cert,
- &certHash,
- plContext),
- PKIX_OBJECTHASHCODEFAILED);
-
- hash = certHash;
-
- } else {
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *)anchor->caName,
- &nameHash,
- plContext),
- PKIX_OBJECTHASHCODEFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *)anchor->caPubKey,
- &pubKeyHash,
- plContext),
- PKIX_OBJECTHASHCODEFAILED);
-
- PKIX_HASHCODE(anchor->nameConstraints, &ncHash, plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- hash = 31 * nameHash + pubKeyHash + ncHash;
-
- }
-
- *pHashcode = hash;
-
-cleanup:
-
- PKIX_RETURN(TRUSTANCHOR);
-}
-
-/*
- * FUNCTION: pkix_TrustAnchor_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_TrustAnchor_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_TrustAnchor *anchor = NULL;
- char *asciiFormat = NULL;
- PKIX_PL_String *formatString = NULL;
- PKIX_PL_String *anchorString = NULL;
- PKIX_PL_String *certString = NULL;
- PKIX_PL_String *nameString = NULL;
- PKIX_PL_String *pubKeyString = NULL;
- PKIX_PL_String *nameConstraintsString = NULL;
-
- PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_ToString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
- PKIX_OBJECTNOTTRUSTANCHOR);
-
- anchor = (PKIX_TrustAnchor*)object;
-
- if (anchor->trustedCert){
- asciiFormat =
- "[\n"
- "\tTrusted Cert: %s\n"
- "]\n";
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- asciiFormat,
- 0,
- &formatString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)anchor->trustedCert,
- &certString,
- plContext),
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&anchorString,
- plContext,
- formatString,
- certString),
- PKIX_SPRINTFFAILED);
- } else {
- asciiFormat =
- "[\n"
- "\tTrusted CA Name: %s\n"
- "\tTrusted CA PublicKey: %s\n"
- "\tInitial Name Constraints:%s\n"
- "]\n";
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- asciiFormat,
- 0,
- &formatString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)anchor->caName,
- &nameString,
- plContext),
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)anchor->caPubKey,
- &pubKeyString,
- plContext),
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_TOSTRING
- (anchor->nameConstraints,
- &nameConstraintsString,
- plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&anchorString,
- plContext,
- formatString,
- nameString,
- pubKeyString,
- nameConstraintsString),
- PKIX_SPRINTFFAILED);
- }
-
- *pString = anchorString;
-
-cleanup:
-
- PKIX_DECREF(formatString);
- PKIX_DECREF(certString);
- PKIX_DECREF(nameString);
- PKIX_DECREF(pubKeyString);
- PKIX_DECREF(nameConstraintsString);
-
- PKIX_RETURN(TRUSTANCHOR);
-}
-
-/*
- * FUNCTION: pkix_TrustAnchor_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_TRUSTANCHOR_TYPE and its related functions with
- * systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_TrustAnchor_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_RegisterSelf");
-
- entry.description = "TrustAnchor";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_TrustAnchor);
- entry.destructor = pkix_TrustAnchor_Destroy;
- entry.equalsFunction = pkix_TrustAnchor_Equals;
- entry.hashcodeFunction = pkix_TrustAnchor_Hashcode;
- entry.toStringFunction = pkix_TrustAnchor_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
-
- systemClasses[PKIX_TRUSTANCHOR_TYPE] = entry;
-
- PKIX_RETURN(TRUSTANCHOR);
-}
-
-/* --Public-Functions--------------------------------------------- */
-
-
-/*
- * FUNCTION: PKIX_TrustAnchor_CreateWithCert (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_TrustAnchor_CreateWithCert(
- PKIX_PL_Cert *cert,
- PKIX_TrustAnchor **pAnchor,
- void *plContext)
-{
- PKIX_TrustAnchor *anchor = NULL;
-
- PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithCert");
- PKIX_NULLCHECK_TWO(cert, pAnchor);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_TRUSTANCHOR_TYPE,
- sizeof (PKIX_TrustAnchor),
- (PKIX_PL_Object **)&anchor,
- plContext),
- PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
-
- /* initialize fields */
- PKIX_CHECK(
- PKIX_PL_Cert_SetAsTrustAnchor(cert, plContext),
- PKIX_CERTSETASTRUSTANCHORFAILED);
-
- PKIX_INCREF(cert);
- anchor->trustedCert = cert;
-
- anchor->caName = NULL;
- anchor->caPubKey = NULL;
- anchor->nameConstraints = NULL;
-
- *pAnchor = anchor;
- anchor = NULL;
-
-cleanup:
-
- PKIX_DECREF(anchor);
-
- PKIX_RETURN(TRUSTANCHOR);
-
-}
-
-/*
- * FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_TrustAnchor_CreateWithNameKeyPair(
- PKIX_PL_X500Name *name,
- PKIX_PL_PublicKey *pubKey,
- PKIX_PL_CertNameConstraints *nameConstraints,
- PKIX_TrustAnchor **pAnchor,
- void *plContext)
-{
- PKIX_TrustAnchor *anchor = NULL;
-
- PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithNameKeyPair");
-
-#ifndef BUILD_LIBPKIX_TESTS
- /* Nss creates trust anchors by using PKIX_TrustAnchor_CreateWithCert
- * function as the complete trusted cert structure, and not only cert
- * public key, is required for chain building and validation processes.
- * Restricting this function for been used only in libpkix unit
- * tests. */
- PKIX_ERROR(PKIX_FUNCTIONMUSTNOTBEUSED);
-#endif
-
- PKIX_NULLCHECK_THREE(name, pubKey, pAnchor);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_TRUSTANCHOR_TYPE,
- sizeof (PKIX_TrustAnchor),
- (PKIX_PL_Object **)&anchor,
- plContext),
- PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
-
- /* initialize fields */
- anchor->trustedCert = NULL;
-
- PKIX_INCREF(name);
- anchor->caName = name;
-
- PKIX_INCREF(pubKey);
- anchor->caPubKey = pubKey;
-
- PKIX_INCREF(nameConstraints);
- anchor->nameConstraints = nameConstraints;
-
- *pAnchor = anchor;
- anchor = NULL;
-cleanup:
-
- PKIX_DECREF(anchor);
-
- PKIX_RETURN(TRUSTANCHOR);
-}
-
-/*
- * FUNCTION: PKIX_TrustAnchor_GetTrustedCert (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_TrustAnchor_GetTrustedCert(
- PKIX_TrustAnchor *anchor,
- PKIX_PL_Cert **pCert,
- void *plContext)
-{
- PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetTrustedCert");
- PKIX_NULLCHECK_TWO(anchor, pCert);
-
- PKIX_INCREF(anchor->trustedCert);
-
- *pCert = anchor->trustedCert;
-
-cleanup:
- PKIX_RETURN(TRUSTANCHOR);
-
-}
-
-/*
- * FUNCTION: PKIX_TrustAnchor_GetCAName (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_TrustAnchor_GetCAName(
- PKIX_TrustAnchor *anchor,
- PKIX_PL_X500Name **pCAName,
- void *plContext)
-{
- PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetCAName");
- PKIX_NULLCHECK_TWO(anchor, pCAName);
-
- PKIX_INCREF(anchor->caName);
-
- *pCAName = anchor->caName;
-
-cleanup:
- PKIX_RETURN(TRUSTANCHOR);
-
-}
-
-/*
- * FUNCTION: PKIX_TrustAnchor_GetCAPublicKey (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_TrustAnchor_GetCAPublicKey(
- PKIX_TrustAnchor *anchor,
- PKIX_PL_PublicKey **pPubKey,
- void *plContext)
-{
- PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetCAPublicKey");
- PKIX_NULLCHECK_TWO(anchor, pPubKey);
-
- PKIX_INCREF(anchor->caPubKey);
-
- *pPubKey = anchor->caPubKey;
-
-cleanup:
- PKIX_RETURN(TRUSTANCHOR);
-}
-
-/*
- * FUNCTION: PKIX_TrustAnchor_GetNameConstraints
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_TrustAnchor_GetNameConstraints(
- PKIX_TrustAnchor *anchor,
- PKIX_PL_CertNameConstraints **pNameConstraints,
- void *plContext)
-{
- PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetNameConstraints");
- PKIX_NULLCHECK_TWO(anchor, pNameConstraints);
-
- PKIX_INCREF(anchor->nameConstraints);
-
- *pNameConstraints = anchor->nameConstraints;
-
-cleanup:
- PKIX_RETURN(TRUSTANCHOR);
-}
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.h b/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.h
deleted file mode 100755
index 06ec97d0c..000000000
--- a/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_trustanchor.h
- *
- * TrustAnchor Object Type Definition
- *
- */
-
-#ifndef _PKIX_TRUSTANCHOR_H
-#define _PKIX_TRUSTANCHOR_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_TrustAnchorStruct {
- PKIX_PL_Cert *trustedCert;
- PKIX_PL_X500Name *caName;
- PKIX_PL_PublicKey *caPubKey;
- PKIX_PL_CertNameConstraints *nameConstraints;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_TrustAnchor_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_TRUSTANCHOR_H */
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_valparams.c b/security/nss/lib/libpkix/pkix/params/pkix_valparams.c
deleted file mode 100755
index d45b8b720..000000000
--- a/security/nss/lib/libpkix/pkix/params/pkix_valparams.c
+++ /dev/null
@@ -1,368 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_valparams.c
- *
- * Validate Params Object Functions
- *
- */
-
-#include "pkix_valparams.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_ValidateParams_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ValidateParams_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_ValidateParams *params = NULL;
-
- PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- /* Check that this object is a validate params object */
- PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATEPARAMS_TYPE, plContext),
- PKIX_OBJECTNOTVALIDATEPARAMS);
-
- params = (PKIX_ValidateParams *)object;
-
- PKIX_DECREF(params->procParams);
- PKIX_DECREF(params->chain);
-
-cleanup:
-
- PKIX_RETURN(VALIDATEPARAMS);
-}
-
-/*
- * FUNCTION: pkix_ValidateParams_Equals
- * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ValidateParams_Equals(
- PKIX_PL_Object *first,
- PKIX_PL_Object *second,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_UInt32 secondType;
- PKIX_Boolean cmpResult;
- PKIX_ValidateParams *firstValParams = NULL;
- PKIX_ValidateParams *secondValParams = NULL;
-
- PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_Equals");
- PKIX_NULLCHECK_THREE(first, second, pResult);
-
- PKIX_CHECK(pkix_CheckType(first, PKIX_VALIDATEPARAMS_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTVALIDATEPARAMS);
-
- PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
-
- *pResult = PKIX_FALSE;
-
- if (secondType != PKIX_VALIDATEPARAMS_TYPE) goto cleanup;
-
- firstValParams = (PKIX_ValidateParams *)first;
- secondValParams = (PKIX_ValidateParams *)second;
-
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)firstValParams->procParams,
- (PKIX_PL_Object *)secondValParams->procParams,
- &cmpResult,
- plContext),
- PKIX_OBJECTEQUALSFAILED);
-
- if (!cmpResult) goto cleanup;
-
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)firstValParams->chain,
- (PKIX_PL_Object *)secondValParams->chain,
- &cmpResult,
- plContext),
- PKIX_OBJECTEQUALSFAILED);
-
- if (!cmpResult) goto cleanup;
-
- *pResult = cmpResult;
-
-cleanup:
-
- PKIX_RETURN(VALIDATEPARAMS);
-}
-
-/*
- * FUNCTION: pkix_ValidateParams_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ValidateParams_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_ValidateParams *valParams = NULL;
- PKIX_UInt32 hash = 0;
- PKIX_UInt32 procParamsHash = 0;
- PKIX_UInt32 chainHash = 0;
-
- PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATEPARAMS_TYPE, plContext),
- PKIX_OBJECTNOTVALIDATEPARAMS);
-
- valParams = (PKIX_ValidateParams*)object;
-
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *)valParams->procParams,
- &procParamsHash,
- plContext),
- PKIX_OBJECTHASHCODEFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *)valParams->chain,
- &chainHash,
- plContext),
- PKIX_OBJECTHASHCODEFAILED);
-
- hash = 31 * procParamsHash + chainHash;
-
- *pHashcode = hash;
-
-cleanup:
-
- PKIX_RETURN(VALIDATEPARAMS);
-}
-
-/*
- * FUNCTION: pkix_ValidateParams_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ValidateParams_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_ValidateParams *valParams = NULL;
- char *asciiFormat = NULL;
- PKIX_PL_String *formatString = NULL;
- PKIX_PL_String *valParamsString = NULL;
-
- PKIX_PL_String *procParamsString = NULL;
- PKIX_PL_String *chainString = NULL;
-
- PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_ToString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATEPARAMS_TYPE, plContext),
- PKIX_OBJECTNOTVALIDATEPARAMS);
-
- asciiFormat =
- "[\n"
- "\tProcessing Params: \n"
- "\t********BEGIN PROCESSING PARAMS********\n"
- "\t\t%s\n"
- "\t********END PROCESSING PARAMS********\n"
- "\tChain: \t\t%s\n"
- "]\n";
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- asciiFormat,
- 0,
- &formatString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- valParams = (PKIX_ValidateParams*)object;
-
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)valParams->procParams,
- &procParamsString,
- plContext),
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)valParams->chain,
- &chainString,
- plContext),
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&valParamsString,
- plContext,
- formatString,
- procParamsString,
- chainString),
- PKIX_SPRINTFFAILED);
-
- *pString = valParamsString;
-
-cleanup:
-
- PKIX_DECREF(formatString);
- PKIX_DECREF(procParamsString);
- PKIX_DECREF(chainString);
-
- PKIX_RETURN(VALIDATEPARAMS);
-}
-
-/*
- * FUNCTION: pkix_ValidateParams_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_VALIDATEPARAMS_TYPE and its related functions with
- * systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_ValidateParams_RegisterSelf(void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_RegisterSelf");
-
- entry.description = "ValidateParams";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_ValidateParams);
- entry.destructor = pkix_ValidateParams_Destroy;
- entry.equalsFunction = pkix_ValidateParams_Equals;
- entry.hashcodeFunction = pkix_ValidateParams_Hashcode;
- entry.toStringFunction = pkix_ValidateParams_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = NULL;
-
- systemClasses[PKIX_VALIDATEPARAMS_TYPE] = entry;
-
- PKIX_RETURN(VALIDATEPARAMS);
-}
-
-/* --Public-Functions--------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_ValidateParams_Create (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ValidateParams_Create(
- PKIX_ProcessingParams *procParams,
- PKIX_List *chain,
- PKIX_ValidateParams **pParams,
- void *plContext)
-{
- PKIX_ValidateParams *params = NULL;
-
- PKIX_ENTER(VALIDATEPARAMS, "PKIX_ValidateParams_Create");
- PKIX_NULLCHECK_THREE(procParams, chain, pParams);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_VALIDATEPARAMS_TYPE,
- sizeof (PKIX_ValidateParams),
- (PKIX_PL_Object **)&params,
- plContext),
- PKIX_COULDNOTCREATEVALIDATEPARAMSOBJECT);
-
- /* initialize fields */
- PKIX_INCREF(procParams);
- params->procParams = procParams;
-
- PKIX_INCREF(chain);
- params->chain = chain;
-
- *pParams = params;
- params = NULL;
-
-cleanup:
-
- PKIX_DECREF(params);
-
- PKIX_RETURN(VALIDATEPARAMS);
-
-}
-
-/*
- * FUNCTION: PKIX_ValidateParams_GetProcessingParams
- * (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ValidateParams_GetProcessingParams(
- PKIX_ValidateParams *valParams,
- PKIX_ProcessingParams **pProcParams,
- void *plContext)
-{
- PKIX_ENTER(VALIDATEPARAMS, "PKIX_ValidateParams_GetProcessingParams");
- PKIX_NULLCHECK_TWO(valParams, pProcParams);
-
- PKIX_INCREF(valParams->procParams);
-
- *pProcParams = valParams->procParams;
-
-cleanup:
- PKIX_RETURN(VALIDATEPARAMS);
-}
-
-/*
- * FUNCTION: PKIX_ValidateParams_GetCertChain (see comments in pkix_params.h)
- */
-PKIX_Error *
-PKIX_ValidateParams_GetCertChain(
- PKIX_ValidateParams *valParams,
- PKIX_List **pChain,
- void *plContext)
-{
- PKIX_ENTER(VALIDATEPARAMS, "PKIX_ValidateParams_GetCertChain");
- PKIX_NULLCHECK_TWO(valParams, pChain);
-
- PKIX_INCREF(valParams->chain);
-
- *pChain = valParams->chain;
-
-cleanup:
- PKIX_RETURN(VALIDATEPARAMS);
-}
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_valparams.h b/security/nss/lib/libpkix/pkix/params/pkix_valparams.h
deleted file mode 100755
index 7f908645e..000000000
--- a/security/nss/lib/libpkix/pkix/params/pkix_valparams.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_valparams.h
- *
- * ValidateParams Object Type Definition
- *
- */
-
-#ifndef _PKIX_VALIDATEPARAMS_H
-#define _PKIX_VALIDATEPARAMS_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_ValidateParamsStruct {
- PKIX_ProcessingParams *procParams; /* Never NULL */
- PKIX_List *chain; /* Never NULL */
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_ValidateParams_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_VALIDATEPARAMS_H */
diff --git a/security/nss/lib/libpkix/pkix/results/Makefile b/security/nss/lib/libpkix/pkix/results/Makefile
deleted file mode 100755
index a06b8bed4..000000000
--- a/security/nss/lib/libpkix/pkix/results/Makefile
+++ /dev/null
@@ -1,81 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
diff --git a/security/nss/lib/libpkix/pkix/results/config.mk b/security/nss/lib/libpkix/pkix/results/config.mk
deleted file mode 100755
index 6f3fb7b4b..000000000
--- a/security/nss/lib/libpkix/pkix/results/config.mk
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/libpkix/pkix/results/manifest.mn b/security/nss/lib/libpkix/pkix/results/manifest.mn
deleted file mode 100755
index bcc975800..000000000
--- a/security/nss/lib/libpkix/pkix/results/manifest.mn
+++ /dev/null
@@ -1,62 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../../../..
-
-EXPORTS = \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- pkix_buildresult.h \
- pkix_policynode.h \
- pkix_valresult.h \
- pkix_verifynode.h \
- $(NULL)
-
-MODULE = nss
-
-CSRCS = \
- pkix_buildresult.c \
- pkix_policynode.c \
- pkix_valresult.c \
- pkix_verifynode.c \
- $(NULL)
-
-REQUIRES = dbm
-
-LIBRARY_NAME = pkixresults
-
diff --git a/security/nss/lib/libpkix/pkix/results/pkix_buildresult.c b/security/nss/lib/libpkix/pkix/results/pkix_buildresult.c
deleted file mode 100755
index 95683f16e..000000000
--- a/security/nss/lib/libpkix/pkix/results/pkix_buildresult.c
+++ /dev/null
@@ -1,395 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_buildresult.c
- *
- * BuildResult Object Functions
- *
- */
-
-#include "pkix_buildresult.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_BuildResult_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_BuildResult_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_BuildResult *result = NULL;
-
- PKIX_ENTER(BUILDRESULT, "pkix_BuildResult_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- /* Check that this object is a build result object */
- PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDRESULT_TYPE, plContext),
- PKIX_OBJECTNOTBUILDRESULT);
-
- result = (PKIX_BuildResult *)object;
-
- PKIX_DECREF(result->valResult);
- PKIX_DECREF(result->certChain);
-
-cleanup:
-
- PKIX_RETURN(BUILDRESULT);
-}
-
-/*
- * FUNCTION: pkix_BuildResult_Equals
- * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_BuildResult_Equals(
- PKIX_PL_Object *first,
- PKIX_PL_Object *second,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_UInt32 secondType;
- PKIX_Boolean cmpResult;
- PKIX_BuildResult *firstBuildResult = NULL;
- PKIX_BuildResult *secondBuildResult = NULL;
-
- PKIX_ENTER(BUILDRESULT, "pkix_BuildResult_Equals");
- PKIX_NULLCHECK_THREE(first, second, pResult);
-
- PKIX_CHECK(pkix_CheckType(first, PKIX_BUILDRESULT_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTBUILDRESULT);
-
- PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
-
- *pResult = PKIX_FALSE;
-
- if (secondType != PKIX_BUILDRESULT_TYPE) goto cleanup;
-
- firstBuildResult = (PKIX_BuildResult *)first;
- secondBuildResult = (PKIX_BuildResult *)second;
-
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)firstBuildResult->valResult,
- (PKIX_PL_Object *)secondBuildResult->valResult,
- &cmpResult,
- plContext),
- PKIX_OBJECTEQUALSFAILED);
-
- if (!cmpResult) goto cleanup;
-
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)firstBuildResult->certChain,
- (PKIX_PL_Object *)secondBuildResult->certChain,
- &cmpResult,
- plContext),
- PKIX_OBJECTEQUALSFAILED);
-
- if (!cmpResult) goto cleanup;
-
- /*
- * The remaining case is that both are null,
- * which we consider equality.
- * cmpResult = PKIX_TRUE;
- */
-
- *pResult = cmpResult;
-
-cleanup:
-
- PKIX_RETURN(BUILDRESULT);
-}
-
-/*
- * FUNCTION: pkix_BuildResult_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_BuildResult_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_BuildResult *buildResult = NULL;
- PKIX_UInt32 hash = 0;
- PKIX_UInt32 valResultHash = 0;
- PKIX_UInt32 certChainHash = 0;
-
- PKIX_ENTER(BUILDRESULT, "pkix_BuildResult_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDRESULT_TYPE, plContext),
- PKIX_OBJECTNOTBUILDRESULT);
-
- buildResult = (PKIX_BuildResult*)object;
-
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *)buildResult->valResult,
- &valResultHash,
- plContext),
- PKIX_OBJECTHASHCODEFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *)buildResult->certChain,
- &certChainHash,
- plContext),
- PKIX_OBJECTHASHCODEFAILED);
-
- hash = 31*(31 * valResultHash + certChainHash);
-
- *pHashcode = hash;
-
-cleanup:
-
- PKIX_RETURN(BUILDRESULT);
-}
-
-/*
- * FUNCTION: pkix_BuildResult_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_BuildResult_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_BuildResult *buildResult = NULL;
- PKIX_PL_String *formatString = NULL;
- PKIX_PL_String *buildResultString = NULL;
-
- PKIX_ValidateResult *valResult = NULL;
- PKIX_List *certChain = NULL;
-
- PKIX_PL_String *valResultString = NULL;
- PKIX_PL_String *certChainString = NULL;
-
- char *asciiFormat =
- "[\n"
- "\tValidateResult: \t\t%s"
- "\tCertChain: \t\t%s\n"
- "]\n";
-
- PKIX_ENTER(BUILDRESULT, "pkix_BuildResult_ToString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDRESULT_TYPE, plContext),
- PKIX_OBJECTNOTBUILDRESULT);
-
- buildResult = (PKIX_BuildResult*)object;
-
- valResult = buildResult->valResult;
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext),
- PKIX_STRINGCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)valResult, &valResultString, plContext),
- PKIX_OBJECTTOSTRINGFAILED);
-
- certChain = buildResult->certChain;
-
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)certChain, &certChainString, plContext),
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&buildResultString,
- plContext,
- formatString,
- valResultString,
- certChainString),
- PKIX_SPRINTFFAILED);
-
- *pString = buildResultString;
-
-cleanup:
-
- PKIX_DECREF(formatString);
- PKIX_DECREF(valResultString);
- PKIX_DECREF(certChainString);
-
- PKIX_RETURN(BUILDRESULT);
-}
-
-/*
- * FUNCTION: pkix_BuildResult_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_BUILDRESULT_TYPE and its related functions with
- * systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_BuildResult_RegisterSelf(void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(BUILDRESULT, "pkix_BuildResult_RegisterSelf");
-
- entry.description = "BuildResult";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_BuildResult);
- entry.destructor = pkix_BuildResult_Destroy;
- entry.equalsFunction = pkix_BuildResult_Equals;
- entry.hashcodeFunction = pkix_BuildResult_Hashcode;
- entry.toStringFunction = pkix_BuildResult_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
-
- systemClasses[PKIX_BUILDRESULT_TYPE] = entry;
-
- PKIX_RETURN(BUILDRESULT);
-}
-
-/*
- * FUNCTION: pkix_BuildResult_Create
- * DESCRIPTION:
- *
- * Creates a new BuildResult Object using the ValidateResult pointed to by
- * "valResult" and the List pointed to by "certChain", and stores it at
- * "pResult".
- *
- * PARAMETERS
- * "valResult"
- * Address of ValidateResult component. Must be non-NULL.
- * "certChain
- * Address of List component. Must be non-NULL.
- * "pResult"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_BuildResult_Create(
- PKIX_ValidateResult *valResult,
- PKIX_List *certChain,
- PKIX_BuildResult **pResult,
- void *plContext)
-{
- PKIX_BuildResult *result = NULL;
-
- PKIX_ENTER(BUILDRESULT, "pkix_BuildResult_Create");
- PKIX_NULLCHECK_THREE(valResult, certChain, pResult);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_BUILDRESULT_TYPE,
- sizeof (PKIX_BuildResult),
- (PKIX_PL_Object **)&result,
- plContext),
- PKIX_COULDNOTCREATEBUILDRESULTOBJECT);
-
- /* initialize fields */
-
- PKIX_INCREF(valResult);
- result->valResult = valResult;
-
- PKIX_INCREF(certChain);
- result->certChain = certChain;
-
- PKIX_CHECK(PKIX_List_SetImmutable(result->certChain, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- *pResult = result;
- result = NULL;
-
-cleanup:
-
- PKIX_DECREF(result);
-
- PKIX_RETURN(BUILDRESULT);
-
-}
-
-/* --Public-Functions--------------------------------------------- */
-
-
-/*
- * FUNCTION: PKIX_BuildResult_GetValidateResult
- * (see comments in pkix_result.h)
- */
-PKIX_Error *
-PKIX_BuildResult_GetValidateResult(
- PKIX_BuildResult *result,
- PKIX_ValidateResult **pResult,
- void *plContext)
-{
- PKIX_ENTER(BUILDRESULT, "PKIX_BuildResult_GetValidateResult");
- PKIX_NULLCHECK_TWO(result, pResult);
-
- PKIX_INCREF(result->valResult);
- *pResult = result->valResult;
-
-cleanup:
- PKIX_RETURN(BUILDRESULT);
-}
-
-
-
-/*
- * FUNCTION: PKIX_BuildResult_GetCertChain
- * (see comments in pkix_result.h)
- */
-PKIX_Error *
-PKIX_BuildResult_GetCertChain(
- PKIX_BuildResult *result,
- PKIX_List **pChain,
- void *plContext)
-{
- PKIX_ENTER(BUILDRESULT, "PKIX_BuildResult_GetCertChain");
- PKIX_NULLCHECK_TWO(result, pChain);
-
- PKIX_INCREF(result->certChain);
- *pChain = result->certChain;
-
-cleanup:
- PKIX_RETURN(BUILDRESULT);
-}
diff --git a/security/nss/lib/libpkix/pkix/results/pkix_buildresult.h b/security/nss/lib/libpkix/pkix/results/pkix_buildresult.h
deleted file mode 100755
index f36c8840a..000000000
--- a/security/nss/lib/libpkix/pkix/results/pkix_buildresult.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_buildresult.h
- *
- * BuildResult Object Type Definition
- *
- */
-
-#ifndef _PKIX_BUILDRESULT_H
-#define _PKIX_BUILDRESULT_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_BuildResultStruct {
- PKIX_ValidateResult *valResult;
- PKIX_List *certChain;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *
-pkix_BuildResult_Create(
- PKIX_ValidateResult *valResult,
- PKIX_List *certChain,
- PKIX_BuildResult **pResult,
- void *plContext);
-
-PKIX_Error *pkix_BuildResult_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_BUILDRESULT_H */
diff --git a/security/nss/lib/libpkix/pkix/results/pkix_policynode.c b/security/nss/lib/libpkix/pkix/results/pkix_policynode.c
deleted file mode 100755
index 2a3e647eb..000000000
--- a/security/nss/lib/libpkix/pkix/results/pkix_policynode.c
+++ /dev/null
@@ -1,1410 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_policynode.c
- *
- * Policy Node Object Type Definition
- *
- */
-
-#include "pkix_policynode.h"
-
-/* --Private-PolicyNode-Functions---------------------------------- */
-
-/*
- * FUNCTION: pkix_PolicyNode_GetChildrenMutable
- * DESCRIPTION:
- *
- * Retrieves the List of PolicyNodes representing the child nodes of the
- * Policy Node pointed to by "node" and stores it at "pChildren". If "node"
- * has no List of child nodes, this function stores NULL at "pChildren".
- *
- * Note that the List returned by this function may be mutable. This function
- * differs from the public function PKIX_PolicyNode_GetChildren in that
- * respect. (It also differs in that the public function creates an empty
- * List, if necessary, rather than storing NULL.)
- *
- * During certificate processing, children Lists are created and modified.
- * Once the list is accessed using the public call, the List is set immutable.
- *
- * PARAMETERS:
- * "node"
- * Address of PolicyNode whose child nodes are to be stored.
- * Must be non-NULL.
- * "pChildren"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a PolicyNode Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_PolicyNode_GetChildrenMutable(
- PKIX_PolicyNode *node,
- PKIX_List **pChildren, /* list of PKIX_PolicyNode */
- void *plContext)
-{
-
- PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_GetChildrenMutable");
-
- PKIX_NULLCHECK_TWO(node, pChildren);
-
- PKIX_INCREF(node->children);
-
- *pChildren = node->children;
-
-cleanup:
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-/*
- * FUNCTION: pkix_PolicyNode_Create
- * DESCRIPTION:
- *
- * Creates a new PolicyNode using the OID pointed to by "validPolicy", the List
- * of CertPolicyQualifiers pointed to by "qualifierSet", the criticality
- * indicated by the Boolean value of "criticality", and the List of OIDs
- * pointed to by "expectedPolicySet", and stores the result at "pObject". The
- * criticality should be derived from whether the certificate policy extension
- * was marked as critical in the certificate that led to creation of this
- * PolicyNode. The "qualifierSet" and "expectedPolicySet" Lists are made
- * immutable. The PolicyNode pointers to parent and to children are initialized
- * to NULL, and the depth is set to zero; those values should be set by using
- * the pkix_PolicyNode_AddToParent function.
- *
- * PARAMETERS
- * "validPolicy"
- * Address of OID of the valid policy for the path. Must be non-NULL
- * "qualifierSet"
- * Address of List of CertPolicyQualifiers associated with the validpolicy.
- * May be NULL
- * "criticality"
- * Boolean indicator of whether the criticality should be set in this
- * PolicyNode
- * "expectedPolicySet"
- * Address of List of OIDs that would satisfy this policy in the next
- * certificate. Must be non-NULL
- * "pObject"
- * Address where the PolicyNode pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a PolicyNode Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_PolicyNode_Create(
- PKIX_PL_OID *validPolicy,
- PKIX_List *qualifierSet,
- PKIX_Boolean criticality,
- PKIX_List *expectedPolicySet,
- PKIX_PolicyNode **pObject,
- void *plContext)
-{
- PKIX_PolicyNode *node = NULL;
-
- PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Create");
-
- PKIX_NULLCHECK_THREE(validPolicy, expectedPolicySet, pObject);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_CERTPOLICYNODE_TYPE,
- sizeof (PKIX_PolicyNode),
- (PKIX_PL_Object **)&node,
- plContext),
- PKIX_COULDNOTCREATEPOLICYNODEOBJECT);
-
- PKIX_INCREF(validPolicy);
- node->validPolicy = validPolicy;
-
- PKIX_INCREF(qualifierSet);
- node->qualifierSet = qualifierSet;
- if (qualifierSet) {
- PKIX_CHECK(PKIX_List_SetImmutable(qualifierSet, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
- }
-
- node->criticality = criticality;
-
- PKIX_INCREF(expectedPolicySet);
- node->expectedPolicySet = expectedPolicySet;
- PKIX_CHECK(PKIX_List_SetImmutable(expectedPolicySet, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- node->parent = NULL;
- node->children = NULL;
- node->depth = 0;
-
- *pObject = node;
- node = NULL;
-
-cleanup:
-
- PKIX_DECREF(node);
-
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-/*
- * FUNCTION: pkix_PolicyNode_AddToParent
- * DESCRIPTION:
- *
- * Adds the PolicyNode pointed to by "child" to the List of children of
- * the PolicyNode pointed to by "parentNode". If "parentNode" had a
- * NULL pointer for the List of children, a new List is created containing
- * "child". Otherwise "child" is appended to the existing List. The
- * parent field in "child" is set to "parent", and the depth field is
- * set to one more than the corresponding value in "parent".
- *
- * Depth, in this context, means distance from the root node, which
- * is at depth zero.
- *
- * PARAMETERS:
- * "parentNode"
- * Address of PolicyNode whose List of child PolicyNodes is to be
- * created or appended to. Must be non-NULL.
- * "child"
- * Address of PolicyNode to be added to parentNode's List. Must be
- * non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a PolicyNode Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_PolicyNode_AddToParent(
- PKIX_PolicyNode *parentNode,
- PKIX_PolicyNode *child,
- void *plContext)
-{
- PKIX_List *listOfChildren = NULL;
-
- PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_AddToParent");
-
- PKIX_NULLCHECK_TWO(parentNode, child);
-
- listOfChildren = parentNode->children;
- if (listOfChildren == NULL) {
- PKIX_CHECK(PKIX_List_Create(&listOfChildren, plContext),
- PKIX_LISTCREATEFAILED);
- parentNode->children = listOfChildren;
- }
-
- /*
- * Note: this link is not reference-counted. The link from parent
- * to child is counted (actually, the parent "owns" a List which
- * "owns" children), but the children do not "own" the parent.
- * Otherwise, there would be loops.
- */
- child->parent = parentNode;
-
- child->depth = 1 + (parentNode->depth);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (listOfChildren, (PKIX_PL_Object *)child, plContext),
- PKIX_COULDNOTAPPENDCHILDTOPARENTSPOLICYNODELIST);
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)parentNode, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)child, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-/*
- * FUNCTION: pkix_PolicyNode_Prune
- * DESCRIPTION:
- *
- * Prunes a tree below the PolicyNode whose address is pointed to by "node",
- * using the UInt32 value of "height" as the distance from the leaf level,
- * and storing at "pDelete" the Boolean value of whether this PolicyNode is,
- * after pruning, childless and should be pruned.
- *
- * Any PolicyNode at height 0 is allowed to survive. If the height is greater
- * than zero, pkix_PolicyNode_Prune is called recursively for each child of
- * the current PolicyNode. After this process, a node with no children
- * stores PKIX_TRUE in "pDelete" to indicate that it should be deleted.
- *
- * PARAMETERS:
- * "node"
- * Address of the PolicyNode to be pruned. Must be non-NULL.
- * "height"
- * UInt32 value for the distance from the leaf level
- * "pDelete"
- * Address to store the Boolean return value of PKIX_TRUE if this node
- * should be pruned, or PKIX_FALSE if there remains at least one
- * branch of the required height. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a PolicyNode Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_PolicyNode_Prune(
- PKIX_PolicyNode *node,
- PKIX_UInt32 height,
- PKIX_Boolean *pDelete,
- void *plContext)
-{
- PKIX_Boolean childless = PKIX_FALSE;
- PKIX_Boolean shouldBePruned = PKIX_FALSE;
- PKIX_UInt32 listSize = 0;
- PKIX_UInt32 listIndex = 0;
- PKIX_PolicyNode *candidate = NULL;
-
- PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Prune");
-
- PKIX_NULLCHECK_TWO(node, pDelete);
-
- /* Don't prune at the leaf */
- if (height == 0) {
- goto cleanup;
- }
-
- /* Above the bottom level, childless nodes get pruned */
- if (!(node->children)) {
- childless = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * This node has children. If they are leaf nodes,
- * we know they will live. Otherwise, check them out.
- */
- if (height > 1) {
- PKIX_CHECK(PKIX_List_GetLength
- (node->children, &listSize, plContext),
- PKIX_LISTGETLENGTHFAILED);
- /*
- * By working backwards from the end of the list,
- * we avoid having to worry about possible
- * decreases in the size of the list, as we
- * delete items. The only nuisance is that since the
- * index is UInt32, we can't check for it to reach -1;
- * we have to use the 1-based index, rather than the
- * 0-based index that PKIX_List functions require.
- */
- for (listIndex = listSize; listIndex > 0; listIndex--) {
- PKIX_CHECK(PKIX_List_GetItem
- (node->children,
- (listIndex - 1),
- (PKIX_PL_Object **)&candidate,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_PolicyNode_Prune
- (candidate,
- height - 1,
- &shouldBePruned,
- plContext),
- PKIX_POLICYNODEPRUNEFAILED);
-
- if (shouldBePruned == PKIX_TRUE) {
- PKIX_CHECK(PKIX_List_DeleteItem
- (node->children,
- (listIndex - 1),
- plContext),
- PKIX_LISTDELETEITEMFAILED);
- }
-
- PKIX_DECREF(candidate);
- }
- }
-
- /* Prune if this node has *become* childless */
- PKIX_CHECK(PKIX_List_GetLength
- (node->children, &listSize, plContext),
- PKIX_LISTGETLENGTHFAILED);
- if (listSize == 0) {
- childless = PKIX_TRUE;
- }
-
- /*
- * Even if we did not change this node, or any of its children,
- * maybe a [great-]*grandchild was pruned.
- */
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)node, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
- *pDelete = childless;
-
- PKIX_DECREF(candidate);
-
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-/*
- * FUNCTION: pkix_SinglePolicyNode_ToString
- * DESCRIPTION:
- *
- * Creates a String representation of the attributes of the PolicyNode
- * pointed to by "node", other than its parents or children, and
- * stores the result at "pString".
- *
- * PARAMETERS:
- * "node"
- * Address of PolicyNode to be described by the string. Must be non-NULL.
- * "pString"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if function succeeds
- * Returns a PolicyNode Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in a fatal way
- */
-PKIX_Error *
-pkix_SinglePolicyNode_ToString(
- PKIX_PolicyNode *node,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_String *fmtString = NULL;
- PKIX_PL_String *validString = NULL;
- PKIX_PL_String *qualifierString = NULL;
- PKIX_PL_String *criticalityString = NULL;
- PKIX_PL_String *expectedString = NULL;
- PKIX_PL_String *outString = NULL;
-
- PKIX_ENTER(CERTPOLICYNODE, "pkix_SinglePolicyNode_ToString");
- PKIX_NULLCHECK_TWO(node, pString);
- PKIX_NULLCHECK_TWO(node->validPolicy, node->expectedPolicySet);
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- "{%s,%s,%s,%s,%d}",
- 0,
- &fmtString,
- plContext),
- PKIX_CANTCREATESTRING);
-
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)(node->validPolicy),
- &validString,
- plContext),
- PKIX_OIDTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)(node->expectedPolicySet),
- &expectedString,
- plContext),
- PKIX_LISTTOSTRINGFAILED);
-
- if (node->qualifierSet) {
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)(node->qualifierSet),
- &qualifierString,
- plContext),
- PKIX_LISTTOSTRINGFAILED);
- } else {
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- "{}",
- 0,
- &qualifierString,
- plContext),
- PKIX_CANTCREATESTRING);
- }
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- (node->criticality)?"Critical":"Not Critical",
- 0,
- &criticalityString,
- plContext),
- PKIX_CANTCREATESTRING);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&outString,
- plContext,
- fmtString,
- validString,
- qualifierString,
- criticalityString,
- expectedString,
- node->depth),
- PKIX_SPRINTFFAILED);
-
- *pString = outString;
-
-cleanup:
-
- PKIX_DECREF(fmtString);
- PKIX_DECREF(validString);
- PKIX_DECREF(qualifierString);
- PKIX_DECREF(criticalityString);
- PKIX_DECREF(expectedString);
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-/*
- * FUNCTION: pkix_PolicyNode_ToString_Helper
- * DESCRIPTION:
- *
- * Produces a String representation of a PolicyNode tree below the PolicyNode
- * pointed to by "rootNode", with each line of output prefixed by the String
- * pointed to by "indent", and stores the result at "pTreeString". It is
- * called recursively, with ever-increasing indentation, for successively
- * lower nodes on the tree.
- *
- * PARAMETERS:
- * "rootNode"
- * Address of PolicyNode subtree. Must be non-NULL.
- * "indent"
- * Address of String to be prefixed to each line of output. May be NULL
- * if no indentation is desired
- * "pTreeString"
- * Address where the resulting String will be stored; must be non-NULL
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a PolicyNode Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_PolicyNode_ToString_Helper(
- PKIX_PolicyNode *rootNode,
- PKIX_PL_String *indent,
- PKIX_PL_String **pTreeString,
- void *plContext)
-{
- PKIX_PL_String *nextIndentFormat = NULL;
- PKIX_PL_String *thisNodeFormat = NULL;
- PKIX_PL_String *childrenFormat = NULL;
- PKIX_PL_String *nextIndentString = NULL;
- PKIX_PL_String *resultString = NULL;
- PKIX_PL_String *thisItemString = NULL;
- PKIX_PL_String *childString = NULL;
- PKIX_PolicyNode *childNode = NULL;
- PKIX_UInt32 numberOfChildren = 0;
- PKIX_UInt32 childIndex = 0;
-
- PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_ToString_Helper");
-
- PKIX_NULLCHECK_TWO(rootNode, pTreeString);
-
- /* Create a string for this node */
- PKIX_CHECK(pkix_SinglePolicyNode_ToString
- (rootNode, &thisItemString, plContext),
- PKIX_ERRORINSINGLEPOLICYNODETOSTRING);
-
- if (indent) {
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- "%s%s",
- 0,
- &thisNodeFormat,
- plContext),
- PKIX_ERRORCREATINGFORMATSTRING);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&resultString,
- plContext,
- thisNodeFormat,
- indent,
- thisItemString),
- PKIX_ERRORINSPRINTF);
- } else {
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- "%s",
- 0,
- &thisNodeFormat,
- plContext),
- PKIX_ERRORCREATINGFORMATSTRING);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&resultString,
- plContext,
- thisNodeFormat,
- thisItemString),
- PKIX_ERRORINSPRINTF);
- }
-
- PKIX_DECREF(thisItemString);
- thisItemString = resultString;
-
- /* if no children, we are done */
- if (rootNode->children) {
- PKIX_CHECK(PKIX_List_GetLength
- (rootNode->children, &numberOfChildren, plContext),
- PKIX_LISTGETLENGTHFAILED);
- }
-
- if (numberOfChildren != 0) {
- /*
- * We create a string for each child in turn,
- * concatenating them to thisItemString.
- */
-
- /* Prepare an indent string for each child */
- if (indent) {
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- "%s. ",
- 0,
- &nextIndentFormat,
- plContext),
- PKIX_ERRORCREATINGFORMATSTRING);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&nextIndentString,
- plContext,
- nextIndentFormat,
- indent),
- PKIX_ERRORINSPRINTF);
- } else {
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- ". ",
- 0,
- &nextIndentString,
- plContext),
- PKIX_ERRORCREATINGINDENTSTRING);
- }
-
- /* Prepare the format for concatenation. */
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- "%s\n%s",
- 0,
- &childrenFormat,
- plContext),
- PKIX_ERRORCREATINGFORMATSTRING);
-
- for (childIndex = 0;
- childIndex < numberOfChildren;
- childIndex++) {
- PKIX_CHECK(PKIX_List_GetItem
- (rootNode->children,
- childIndex,
- (PKIX_PL_Object **)&childNode,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_PolicyNode_ToString_Helper
- (childNode,
- nextIndentString,
- &childString,
- plContext),
- PKIX_ERRORCREATINGCHILDSTRING);
-
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&resultString,
- plContext,
- childrenFormat,
- thisItemString,
- childString),
- PKIX_ERRORINSPRINTF);
-
- PKIX_DECREF(childNode);
- PKIX_DECREF(childString);
- PKIX_DECREF(thisItemString);
-
- thisItemString = resultString;
- }
- }
-
- *pTreeString = thisItemString;
-
-cleanup:
- if (PKIX_ERROR_RECEIVED) {
- PKIX_DECREF(thisItemString);
- }
-
- PKIX_DECREF(nextIndentFormat);
- PKIX_DECREF(thisNodeFormat);
- PKIX_DECREF(childrenFormat);
- PKIX_DECREF(nextIndentString);
- PKIX_DECREF(childString);
- PKIX_DECREF(childNode);
-
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-/*
- * FUNCTION: pkix_PolicyNode_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_PolicyNode_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pTreeString,
- void *plContext)
-{
- PKIX_PolicyNode *rootNode = NULL;
- PKIX_PL_String *resultString = NULL;
-
- PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_ToString");
-
- PKIX_NULLCHECK_TWO(object, pTreeString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYNODE_TYPE, plContext),
- PKIX_OBJECTNOTPOLICYNODE);
-
- rootNode = (PKIX_PolicyNode *)object;
-
- PKIX_CHECK(pkix_PolicyNode_ToString_Helper
- (rootNode, NULL, &resultString, plContext),
- PKIX_ERRORCREATINGSUBTREESTRING);
-
- *pTreeString = resultString;
-
-cleanup:
-
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-/*
- * FUNCTION: pkix_PolicyNode_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_PolicyNode_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PolicyNode *node = NULL;
-
- PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Destroy");
-
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYNODE_TYPE, plContext),
- PKIX_OBJECTNOTPOLICYNODE);
-
- node = (PKIX_PolicyNode*)object;
-
- node->criticality = PKIX_FALSE;
- PKIX_DECREF(node->validPolicy);
- PKIX_DECREF(node->qualifierSet);
- PKIX_DECREF(node->expectedPolicySet);
- PKIX_DECREF(node->children);
-
- /*
- * Note: the link to parent is not reference-counted. See comment
- * in pkix_PolicyNode_AddToParent for more details.
- */
- node->parent = NULL;
- node->depth = 0;
-
-cleanup:
-
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-/*
- * FUNCTION: pkix_SinglePolicyNode_Hashcode
- * DESCRIPTION:
- *
- * Computes the hashcode of the attributes of the PolicyNode pointed to by
- * "node", other than its parents and children, and stores the result at
- * "pHashcode".
- *
- * PARAMETERS:
- * "node"
- * Address of PolicyNode to be hashcoded; must be non-NULL
- * "pHashcode"
- * Address where UInt32 result will be stored; must be non-NULL
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if function succeeds
- * Returns a PolicyNode Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in a fatal way
- */
-static PKIX_Error *
-pkix_SinglePolicyNode_Hashcode(
- PKIX_PolicyNode *node,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_UInt32 componentHash = 0;
- PKIX_UInt32 nodeHash = 0;
-
- PKIX_ENTER(CERTPOLICYNODE, "pkix_SinglePolicyNode_Hashcode");
- PKIX_NULLCHECK_TWO(node, pHashcode);
- PKIX_NULLCHECK_TWO(node->validPolicy, node->expectedPolicySet);
-
- PKIX_HASHCODE
- (node->qualifierSet,
- &nodeHash,
- plContext,
- PKIX_FAILUREHASHINGLISTQUALIFIERSET);
-
- if (PKIX_TRUE == (node->criticality)) {
- nodeHash = 31*nodeHash + 0xff;
- } else {
- nodeHash = 31*nodeHash + 0x00;
- }
-
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *)node->validPolicy,
- &componentHash,
- plContext),
- PKIX_FAILUREHASHINGOIDVALIDPOLICY);
-
- nodeHash = 31*nodeHash + componentHash;
-
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *)node->expectedPolicySet,
- &componentHash,
- plContext),
- PKIX_FAILUREHASHINGLISTEXPECTEDPOLICYSET);
-
- nodeHash = 31*nodeHash + componentHash;
-
- *pHashcode = nodeHash;
-
-cleanup:
-
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-/*
- * FUNCTION: pkix_PolicyNode_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_PolicyNode_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_PolicyNode *node = NULL;
- PKIX_UInt32 childrenHash = 0;
- PKIX_UInt32 nodeHash = 0;
-
- PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_CERTPOLICYNODE_TYPE, plContext),
- PKIX_OBJECTNOTPOLICYNODE);
-
- node = (PKIX_PolicyNode *)object;
-
- PKIX_CHECK(pkix_SinglePolicyNode_Hashcode
- (node, &nodeHash, plContext),
- PKIX_SINGLEPOLICYNODEHASHCODEFAILED);
-
- nodeHash = 31*nodeHash + (PKIX_UInt32)(node->parent);
-
- PKIX_HASHCODE
- (node->children,
- &childrenHash,
- plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- nodeHash = 31*nodeHash + childrenHash;
-
- *pHashcode = nodeHash;
-
-cleanup:
-
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-/*
- * FUNCTION: pkix_SinglePolicyNode_Equals
- * DESCRIPTION:
- *
- * Compares for equality the components of the PolicyNode pointed to by
- * "firstPN", other than its parents and children, with those of the
- * PolicyNode pointed to by "secondPN" and stores the result at "pResult"
- * (PKIX_TRUE if equal; PKIX_FALSE if not).
- *
- * PARAMETERS:
- * "firstPN"
- * Address of first of the PolicyNodes to be compared; must be non-NULL
- * "secondPN"
- * Address of second of the PolicyNodes to be compared; must be non-NULL
- * "pResult"
- * Address where Boolean will be stored; must be non-NULL
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if function succeeds
- * Returns a PolicyNode Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in a fatal way
- */
-static PKIX_Error *
-pkix_SinglePolicyNode_Equals(
- PKIX_PolicyNode *firstPN,
- PKIX_PolicyNode *secondPN,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_Boolean compResult = PKIX_FALSE;
-
- PKIX_ENTER(CERTPOLICYNODE, "pkix_SinglePolicyNode_Equals");
- PKIX_NULLCHECK_THREE(firstPN, secondPN, pResult);
-
- /* If both references are identical, they must be equal */
- if (firstPN == secondPN) {
- compResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * It seems we have to do the comparisons. Do
- * the easiest ones first.
- */
- if ((firstPN->criticality) != (secondPN->criticality)) {
- goto cleanup;
- }
- if ((firstPN->depth) != (secondPN->depth)) {
- goto cleanup;
- }
-
- PKIX_EQUALS
- (firstPN->qualifierSet,
- secondPN->qualifierSet,
- &compResult,
- plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- if (compResult == PKIX_FALSE) {
- goto cleanup;
- }
-
- /* These fields must be non-NULL */
- PKIX_NULLCHECK_TWO(firstPN->validPolicy, secondPN->validPolicy);
-
- PKIX_EQUALS
- (firstPN->validPolicy,
- secondPN->validPolicy,
- &compResult,
- plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- if (compResult == PKIX_FALSE) {
- goto cleanup;
- }
-
- /* These fields must be non-NULL */
- PKIX_NULLCHECK_TWO
- (firstPN->expectedPolicySet, secondPN->expectedPolicySet);
-
- PKIX_EQUALS
- (firstPN->expectedPolicySet,
- secondPN->expectedPolicySet,
- &compResult,
- plContext,
- PKIX_OBJECTEQUALSFAILEDONEXPECTEDPOLICYSETS);
-
-cleanup:
-
- *pResult = compResult;
-
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-/*
- * FUNCTION: pkix_PolicyNode_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_PolicyNode_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PolicyNode *firstPN = NULL;
- PKIX_PolicyNode *secondPN = NULL;
- PKIX_UInt32 secondType;
- PKIX_Boolean compResult = PKIX_FALSE;
-
- PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- /* test that firstObject is a PolicyNode */
- PKIX_CHECK(pkix_CheckType
- (firstObject, PKIX_CERTPOLICYNODE_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTPOLICYNODE);
-
- /*
- * Since we know firstObject is a PolicyNode,
- * if both references are identical, they must be equal
- */
- if (firstObject == secondObject){
- compResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If secondObject isn't a PolicyNode, we
- * don't throw an error. We simply return FALSE.
- */
- PKIX_CHECK(PKIX_PL_Object_GetType
- (secondObject, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
-
- if (secondType != PKIX_CERTPOLICYNODE_TYPE) {
- goto cleanup;
- }
-
- /*
- * Oh, well, we have to do the comparisons. Do
- * the easiest ones first.
- */
- firstPN = (PKIX_PolicyNode *)firstObject;
- secondPN = (PKIX_PolicyNode *)secondObject;
-
- /*
- * We don't require the parents to be identical. In the
- * course of traversing the tree, we will have checked the
- * attributes of the parent nodes, and checking the lists
- * of children will determine whether they match.
- */
-
- PKIX_EQUALS
- (firstPN->children,
- secondPN->children,
- &compResult,
- plContext,
- PKIX_OBJECTEQUALSFAILEDONCHILDREN);
-
- if (compResult == PKIX_FALSE) {
- goto cleanup;
- }
-
- PKIX_CHECK(pkix_SinglePolicyNode_Equals
- (firstPN, secondPN, &compResult, plContext),
- PKIX_SINGLEPOLICYNODEEQUALSFAILED);
-
-cleanup:
-
- *pResult = compResult;
-
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-/*
- * FUNCTION: pkix_PolicyNode_DuplicateHelper
- * DESCRIPTION:
- *
- * Duplicates the PolicyNode whose address is pointed to by "original",
- * and stores the result at "pNewNode", if a non-NULL pointer is provided
- * for "pNewNode". In addition, the created PolicyNode is added as a child
- * to "parent", if a non-NULL pointer is provided for "parent". Then this
- * function is called recursively to duplicate each of the children of
- * "original". At the top level this function is called with a null
- * "parent" and a non-NULL "pNewNode". Below the top level "parent" will
- * be non-NULL and "pNewNode" will be NULL.
- *
- * PARAMETERS:
- * "original"
- * Address of PolicyNode to be copied; must be non-NULL
- * "parent"
- * Address of PolicyNode to which the created node is to be added as a
- * child; NULL for the top-level call and non-NULL below the top level
- * "pNewNode"
- * Address to store the node created; should be NULL if "parent" is
- * non-NULL and vice versa
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if function succeeds
- * Returns a PolicyNode Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in a fatal way
- */
-static PKIX_Error *
-pkix_PolicyNode_DuplicateHelper(
- PKIX_PolicyNode *original,
- PKIX_PolicyNode *parent,
- PKIX_PolicyNode **pNewNode,
- void *plContext)
-{
- PKIX_UInt32 numChildren = 0;
- PKIX_UInt32 childIndex = 0;
- PKIX_List *children = NULL; /* List of PKIX_PolicyNode */
- PKIX_PolicyNode *copy = NULL;
- PKIX_PolicyNode *child = NULL;
-
- PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_DuplicateHelper");
-
- PKIX_NULLCHECK_THREE
- (original, original->validPolicy, original->expectedPolicySet);
-
- /*
- * These components are immutable, so copying the pointers
- * is sufficient. The create function increments the reference
- * counts as it stores the pointers into the new object.
- */
- PKIX_CHECK(pkix_PolicyNode_Create
- (original->validPolicy,
- original->qualifierSet,
- original->criticality,
- original->expectedPolicySet,
- &copy,
- plContext),
- PKIX_POLICYNODECREATEFAILED);
-
- if (parent) {
- PKIX_CHECK(pkix_PolicyNode_AddToParent(parent, copy, plContext),
- PKIX_POLICYNODEADDTOPARENTFAILED);
- }
-
- /* Are there any children to duplicate? */
- children = original->children;
-
- if (children) {
- PKIX_CHECK(PKIX_List_GetLength(children, &numChildren, plContext),
- PKIX_LISTGETLENGTHFAILED);
- }
-
- for (childIndex = 0; childIndex < numChildren; childIndex++) {
- PKIX_CHECK(PKIX_List_GetItem
- (children,
- childIndex,
- (PKIX_PL_Object **)&child,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_PolicyNode_DuplicateHelper
- (child, copy, NULL, plContext),
- PKIX_POLICYNODEDUPLICATEHELPERFAILED);
-
- PKIX_DECREF(child);
- }
-
- if (pNewNode) {
- *pNewNode = copy;
- copy = NULL; /* no DecRef if we give our handle away */
- }
-
-cleanup:
- PKIX_DECREF(copy);
- PKIX_DECREF(child);
-
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-/*
- * FUNCTION: pkix_PolicyNode_Duplicate
- * (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_PolicyNode_Duplicate(
- PKIX_PL_Object *object,
- PKIX_PL_Object **pNewObject,
- void *plContext)
-{
- PKIX_PolicyNode *original = NULL;
- PKIX_PolicyNode *copy = NULL;
-
- PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Duplicate");
-
- PKIX_NULLCHECK_TWO(object, pNewObject);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_CERTPOLICYNODE_TYPE, plContext),
- PKIX_OBJECTNOTPOLICYNODE);
-
- original = (PKIX_PolicyNode *)object;
-
- PKIX_CHECK(pkix_PolicyNode_DuplicateHelper
- (original, NULL, &copy, plContext),
- PKIX_POLICYNODEDUPLICATEHELPERFAILED);
-
- *pNewObject = (PKIX_PL_Object *)copy;
-
-cleanup:
-
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-/*
- * FUNCTION: pkix_PolicyNode_RegisterSelf
- * DESCRIPTION:
- *
- * Registers PKIX_CERTPOLICYNODE_TYPE and its related
- * functions with systemClasses[]
- *
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize,
- * which should only be called once, it is acceptable that
- * this function is not thread-safe.
- */
-PKIX_Error *
-pkix_PolicyNode_RegisterSelf(void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_RegisterSelf");
-
- entry.description = "PolicyNode";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PolicyNode);
- entry.destructor = pkix_PolicyNode_Destroy;
- entry.equalsFunction = pkix_PolicyNode_Equals;
- entry.hashcodeFunction = pkix_PolicyNode_Hashcode;
- entry.toStringFunction = pkix_PolicyNode_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_PolicyNode_Duplicate;
-
- systemClasses[PKIX_CERTPOLICYNODE_TYPE] = entry;
-
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-
-/* --Public-PolicyNode-Functions----------------------------------- */
-
-/*
- * FUNCTION: PKIX_PolicyNode_GetChildren
- * (see description of this function in pkix_results.h)
- */
-PKIX_Error *
-PKIX_PolicyNode_GetChildren(
- PKIX_PolicyNode *node,
- PKIX_List **pChildren, /* list of PKIX_PolicyNode */
- void *plContext)
-{
- PKIX_List *children = NULL;
-
- PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetChildren");
-
- PKIX_NULLCHECK_TWO(node, pChildren);
-
- PKIX_INCREF(node->children);
- children = node->children;
-
- if (!children) {
- PKIX_CHECK(PKIX_List_Create(&children, plContext),
- PKIX_LISTCREATEFAILED);
- }
-
- PKIX_CHECK(PKIX_List_SetImmutable(children, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- *pChildren = children;
-
-cleanup:
- if (PKIX_ERROR_RECEIVED) {
- PKIX_DECREF(children);
- }
-
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-/*
- * FUNCTION: PKIX_PolicyNode_GetParent
- * (see description of this function in pkix_results.h)
- */
-PKIX_Error *
-PKIX_PolicyNode_GetParent(
- PKIX_PolicyNode *node,
- PKIX_PolicyNode **pParent,
- void *plContext)
-{
-
- PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetParent");
-
- PKIX_NULLCHECK_TWO(node, pParent);
-
- PKIX_INCREF(node->parent);
- *pParent = node->parent;
-
-cleanup:
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-/*
- * FUNCTION: PKIX_PolicyNode_GetValidPolicy
- * (see description of this function in pkix_results.h)
- */
-PKIX_Error *
-PKIX_PolicyNode_GetValidPolicy(
- PKIX_PolicyNode *node,
- PKIX_PL_OID **pValidPolicy,
- void *plContext)
-{
-
- PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetValidPolicy");
-
- PKIX_NULLCHECK_TWO(node, pValidPolicy);
-
- PKIX_INCREF(node->validPolicy);
- *pValidPolicy = node->validPolicy;
-
-cleanup:
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-/*
- * FUNCTION: PKIX_PolicyNode_GetPolicyQualifiers
- * (see description of this function in pkix_results.h)
- */
-PKIX_Error *
-PKIX_PolicyNode_GetPolicyQualifiers(
- PKIX_PolicyNode *node,
- PKIX_List **pQualifiers, /* list of PKIX_PL_CertPolicyQualifier */
- void *plContext)
-{
- PKIX_List *qualifiers = NULL;
-
- PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetPolicyQualifiers");
-
- PKIX_NULLCHECK_TWO(node, pQualifiers);
-
- PKIX_INCREF(node->qualifierSet);
- qualifiers = node->qualifierSet;
-
- if (!qualifiers) {
- PKIX_CHECK(PKIX_List_Create(&qualifiers, plContext),
- PKIX_LISTCREATEFAILED);
- }
-
- PKIX_CHECK(PKIX_List_SetImmutable(qualifiers, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- *pQualifiers = qualifiers;
-
-cleanup:
-
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-/*
- * FUNCTION: PKIX_PolicyNode_GetExpectedPolicies
- * (see description of this function in pkix_results.h)
- */
-PKIX_Error *
-PKIX_PolicyNode_GetExpectedPolicies(
- PKIX_PolicyNode *node,
- PKIX_List **pExpPolicies, /* list of PKIX_PL_OID */
- void *plContext)
-{
-
- PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetExpectedPolicies");
-
- PKIX_NULLCHECK_TWO(node, pExpPolicies);
-
- PKIX_INCREF(node->expectedPolicySet);
- *pExpPolicies = node->expectedPolicySet;
-
-cleanup:
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-/*
- * FUNCTION: PKIX_PolicyNode_IsCritical
- * (see description of this function in pkix_results.h)
- */
-PKIX_Error *
-PKIX_PolicyNode_IsCritical(
- PKIX_PolicyNode *node,
- PKIX_Boolean *pCritical,
- void *plContext)
-{
-
- PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_IsCritical");
-
- PKIX_NULLCHECK_TWO(node, pCritical);
-
- *pCritical = node->criticality;
-
- PKIX_RETURN(CERTPOLICYNODE);
-}
-
-/*
- * FUNCTION: PKIX_PolicyNode_GetDepth
- * (see description of this function in pkix_results.h)
- */
-PKIX_Error *
-PKIX_PolicyNode_GetDepth(
- PKIX_PolicyNode *node,
- PKIX_UInt32 *pDepth,
- void *plContext)
-{
-
- PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetDepth");
-
- PKIX_NULLCHECK_TWO(node, pDepth);
-
- *pDepth = node->depth;
-
- PKIX_RETURN(CERTPOLICYNODE);
-}
diff --git a/security/nss/lib/libpkix/pkix/results/pkix_policynode.h b/security/nss/lib/libpkix/pkix/results/pkix_policynode.h
deleted file mode 100755
index 240b74b51..000000000
--- a/security/nss/lib/libpkix/pkix/results/pkix_policynode.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_policynode.h
- *
- * PolicyNode Type Definitions
- *
- */
-
-#ifndef _PKIX_POLICYNODE_H
-#define _PKIX_POLICYNODE_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* This structure reflects the contents of a policy node...
- */
-struct PKIX_PolicyNodeStruct {
- PKIX_PL_OID *validPolicy;
- PKIX_List *qualifierSet; /* CertPolicyQualifiers */
- PKIX_Boolean criticality;
- PKIX_List *expectedPolicySet; /* OIDs */
- PKIX_PolicyNode *parent;
- PKIX_List *children; /* PolicyNodes */
- PKIX_UInt32 depth;
-};
-
-PKIX_Error *
-pkix_SinglePolicyNode_ToString(
- PKIX_PolicyNode *node,
- PKIX_PL_String **pString,
- void *plContext);
-
-PKIX_Error *
-pkix_PolicyNode_GetChildrenMutable(
- PKIX_PolicyNode *node,
- PKIX_List **pChildren, /* PolicyNodes */
- void *plContext);
-
-PKIX_Error *
-pkix_PolicyNode_Create(
- PKIX_PL_OID *validPolicy,
- PKIX_List *qualifierSet, /* CertPolicyQualifiers */
- PKIX_Boolean criticality,
- PKIX_List *expectedPolicySet, /* OIDs */
- PKIX_PolicyNode **pObject,
- void *plContext);
-
-PKIX_Error *
-pkix_PolicyNode_AddToParent(
- PKIX_PolicyNode *parentNode,
- PKIX_PolicyNode *child,
- void *plContext);
-
-PKIX_Error *
-pkix_PolicyNode_Prune(
- PKIX_PolicyNode *node,
- PKIX_UInt32 depth,
- PKIX_Boolean *pDelete,
- void *plContext);
-
-PKIX_Error *
-pkix_PolicyNode_RegisterSelf(
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_POLICYNODE_H */
diff --git a/security/nss/lib/libpkix/pkix/results/pkix_valresult.c b/security/nss/lib/libpkix/pkix/results/pkix_valresult.c
deleted file mode 100755
index 4d02c7e5b..000000000
--- a/security/nss/lib/libpkix/pkix/results/pkix_valresult.c
+++ /dev/null
@@ -1,465 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_valresult.c
- *
- * ValidateResult Object Functions
- *
- */
-
-#include "pkix_valresult.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_ValidateResult_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ValidateResult_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_ValidateResult *result = NULL;
-
- PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- /* Check that this object is a validate result object */
- PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATERESULT_TYPE, plContext),
- PKIX_OBJECTNOTVALIDATERESULT);
-
- result = (PKIX_ValidateResult *)object;
-
- PKIX_DECREF(result->anchor);
- PKIX_DECREF(result->pubKey);
- PKIX_DECREF(result->policyTree);
-
-cleanup:
-
- PKIX_RETURN(VALIDATERESULT);
-}
-
-/*
- * FUNCTION: pkix_ValidateResult_Equals
- * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ValidateResult_Equals(
- PKIX_PL_Object *first,
- PKIX_PL_Object *second,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_UInt32 secondType;
- PKIX_Boolean cmpResult;
- PKIX_ValidateResult *firstValResult = NULL;
- PKIX_ValidateResult *secondValResult = NULL;
- PKIX_PolicyNode *firstTree = NULL;
- PKIX_PolicyNode *secondTree = NULL;
-
- PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_Equals");
- PKIX_NULLCHECK_THREE(first, second, pResult);
-
- PKIX_CHECK(pkix_CheckType(first, PKIX_VALIDATERESULT_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTVALIDATERESULT);
-
- PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
-
- *pResult = PKIX_FALSE;
-
- if (secondType != PKIX_VALIDATERESULT_TYPE) goto cleanup;
-
- firstValResult = (PKIX_ValidateResult *)first;
- secondValResult = (PKIX_ValidateResult *)second;
-
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)firstValResult->pubKey,
- (PKIX_PL_Object *)secondValResult->pubKey,
- &cmpResult,
- plContext),
- PKIX_OBJECTEQUALSFAILED);
-
- if (!cmpResult) goto cleanup;
-
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)firstValResult->anchor,
- (PKIX_PL_Object *)secondValResult->anchor,
- &cmpResult,
- plContext),
- PKIX_OBJECTEQUALSFAILED);
-
- if (!cmpResult) goto cleanup;
-
- firstTree = firstValResult->policyTree;
- secondTree = secondValResult->policyTree;
-
- if ((firstTree != NULL) && (secondTree != NULL)) {
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)firstTree,
- (PKIX_PL_Object *)secondTree,
- &cmpResult,
- plContext),
- PKIX_OBJECTEQUALSFAILED);
- } else {
- if (PKIX_EXACTLY_ONE_NULL(firstTree, secondTree)) {
- cmpResult = PKIX_FALSE;
- }
- }
-
- /*
- * The remaining case is that both are null,
- * which we consider equality.
- * cmpResult = PKIX_TRUE;
- */
-
- *pResult = cmpResult;
-
-cleanup:
-
- PKIX_RETURN(VALIDATERESULT);
-}
-
-/*
- * FUNCTION: pkix_ValidateResult_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ValidateResult_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_ValidateResult *valResult = NULL;
- PKIX_UInt32 hash = 0;
- PKIX_UInt32 pubKeyHash = 0;
- PKIX_UInt32 anchorHash = 0;
- PKIX_UInt32 policyTreeHash = 0;
- PKIX_PolicyNode *policyTree = NULL;
-
- PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATERESULT_TYPE, plContext),
- PKIX_OBJECTNOTVALIDATERESULT);
-
- valResult = (PKIX_ValidateResult*)object;
-
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *)valResult->pubKey, &pubKeyHash, plContext),
- PKIX_OBJECTHASHCODEFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *)valResult->anchor, &anchorHash, plContext),
- PKIX_OBJECTHASHCODEFAILED);
-
- policyTree = valResult->policyTree;
- if (policyTree) {
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *)valResult->policyTree,
- &policyTreeHash,
- plContext),
- PKIX_OBJECTHASHCODEFAILED);
- }
-
- hash = 31*(31 * pubKeyHash + anchorHash) + policyTreeHash;
-
- *pHashcode = hash;
-
-cleanup:
-
- PKIX_RETURN(VALIDATERESULT);
-}
-
-/*
- * FUNCTION: pkix_ValidateResult_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ValidateResult_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_ValidateResult *valResult = NULL;
- PKIX_PL_String *formatString = NULL;
- PKIX_PL_String *valResultString = NULL;
-
- PKIX_TrustAnchor *anchor = NULL;
- PKIX_PL_PublicKey *pubKey = NULL;
- PKIX_PolicyNode *policyTree = NULL;
-
- PKIX_PL_String *anchorString = NULL;
- PKIX_PL_String *pubKeyString = NULL;
- PKIX_PL_String *treeString = NULL;
- char *asciiNullString = "(null)";
- char *asciiFormat =
- "[\n"
- "\tTrustAnchor: \t\t%s"
- "\tPubKey: \t\t%s\n"
- "\tPolicyTree: \t\t%s\n"
- "]\n";
-
- PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_ToString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATERESULT_TYPE, plContext),
- PKIX_OBJECTNOTVALIDATERESULT);
-
- valResult = (PKIX_ValidateResult*)object;
-
- anchor = valResult->anchor;
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext),
- PKIX_STRINGCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)anchor, &anchorString, plContext),
- PKIX_OBJECTTOSTRINGFAILED);
-
- pubKey = valResult->pubKey;
-
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)pubKey, &pubKeyString, plContext),
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_ValidateResult_GetPolicyTree
- (valResult, &policyTree, plContext),
- PKIX_VALIDATERESULTGETPOLICYTREEFAILED);
-
- if (policyTree) {
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)policyTree, &treeString, plContext),
- PKIX_OBJECTTOSTRINGFAILED);
- } else {
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- asciiNullString,
- 0,
- &treeString,
- plContext),
- PKIX_STRINGCREATEFAILED);
- }
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&valResultString,
- plContext,
- formatString,
- anchorString,
- pubKeyString,
- treeString),
- PKIX_SPRINTFFAILED);
-
- *pString = valResultString;
-
-cleanup:
-
- PKIX_DECREF(formatString);
- PKIX_DECREF(anchorString);
- PKIX_DECREF(pubKeyString);
- PKIX_DECREF(policyTree);
- PKIX_DECREF(treeString);
-
- PKIX_RETURN(VALIDATERESULT);
-}
-
-/*
- * FUNCTION: pkix_ValidateResult_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_VALIDATERESULT_TYPE and its related functions with
- * systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_ValidateResult_RegisterSelf(void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_RegisterSelf");
-
- entry.description = "ValidateResult";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_ValidateResult);
- entry.destructor = pkix_ValidateResult_Destroy;
- entry.equalsFunction = pkix_ValidateResult_Equals;
- entry.hashcodeFunction = pkix_ValidateResult_Hashcode;
- entry.toStringFunction = pkix_ValidateResult_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
-
- systemClasses[PKIX_VALIDATERESULT_TYPE] = entry;
-
- PKIX_RETURN(VALIDATERESULT);
-}
-
-/*
- * FUNCTION: pkix_ValidateResult_Create
- * DESCRIPTION:
- *
- * Creates a new ValidateResult Object using the PublicKey pointed to by
- * "pubKey", the TrustAnchor pointed to by "anchor", and the PolicyNode
- * pointed to by "policyTree", and stores it at "pResult".
- *
- * PARAMETERS
- * "pubKey"
- * PublicKey of the desired ValidateResult. Must be non-NULL.
- * "anchor"
- * TrustAnchor of the desired Validateresult. Must be non-NULL.
- * "policyTree"
- * PolicyNode of the desired ValidateResult; may be NULL
- * "pResult"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_ValidateResult_Create(
- PKIX_PL_PublicKey *pubKey,
- PKIX_TrustAnchor *anchor,
- PKIX_PolicyNode *policyTree,
- PKIX_ValidateResult **pResult,
- void *plContext)
-{
- PKIX_ValidateResult *result = NULL;
-
- PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_Create");
- PKIX_NULLCHECK_THREE(pubKey, anchor, pResult);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_VALIDATERESULT_TYPE,
- sizeof (PKIX_ValidateResult),
- (PKIX_PL_Object **)&result,
- plContext),
- PKIX_COULDNOTCREATEVALIDATERESULTOBJECT);
-
- /* initialize fields */
-
- PKIX_INCREF(pubKey);
- result->pubKey = pubKey;
-
- PKIX_INCREF(anchor);
- result->anchor = anchor;
-
- PKIX_INCREF(policyTree);
- result->policyTree = policyTree;
-
- *pResult = result;
- result = NULL;
-
-cleanup:
-
- PKIX_DECREF(result);
-
- PKIX_RETURN(VALIDATERESULT);
-
-}
-
-/* --Public-Functions--------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_ValidateResult_GetPublicKey
- * (see comments in pkix_result.h)
- */
-PKIX_Error *
-PKIX_ValidateResult_GetPublicKey(
- PKIX_ValidateResult *result,
- PKIX_PL_PublicKey **pPublicKey,
- void *plContext)
-{
- PKIX_ENTER(VALIDATERESULT, "PKIX_ValidateResult_GetPublicKey");
- PKIX_NULLCHECK_TWO(result, pPublicKey);
-
- PKIX_INCREF(result->pubKey);
- *pPublicKey = result->pubKey;
-
-cleanup:
- PKIX_RETURN(VALIDATERESULT);
-}
-
-/*
- * FUNCTION: PKIX_ValidateResult_GetTrustAnchor
- * (see comments in pkix_result.h)
- */
-PKIX_Error *
-PKIX_ValidateResult_GetTrustAnchor(
- PKIX_ValidateResult *result,
- PKIX_TrustAnchor **pTrustAnchor,
- void *plContext)
-{
- PKIX_ENTER(VALIDATERESULT, "PKIX_ValidateResult_GetTrustAnchor");
- PKIX_NULLCHECK_TWO(result, pTrustAnchor);
-
- PKIX_INCREF(result->anchor);
- *pTrustAnchor = result->anchor;
-
-cleanup:
- PKIX_RETURN(VALIDATERESULT);
-}
-
-/*
- * FUNCTION: PKIX_ValidateResult_GetPolicyTree
- * (see comments in pkix_result.h)
- */
-PKIX_Error *
-PKIX_ValidateResult_GetPolicyTree(
- PKIX_ValidateResult *result,
- PKIX_PolicyNode **pPolicyTree,
- void *plContext)
-{
- PKIX_ENTER(VALIDATERESULT, "PKIX_ValidateResult_GetPolicyTree");
- PKIX_NULLCHECK_TWO(result, pPolicyTree);
-
- PKIX_INCREF(result->policyTree);
- (*pPolicyTree) = result->policyTree;
-
-cleanup:
- PKIX_RETURN(VALIDATERESULT);
-}
diff --git a/security/nss/lib/libpkix/pkix/results/pkix_valresult.h b/security/nss/lib/libpkix/pkix/results/pkix_valresult.h
deleted file mode 100755
index eea4b7887..000000000
--- a/security/nss/lib/libpkix/pkix/results/pkix_valresult.h
+++ /dev/null
@@ -1,76 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_valresult.h
- *
- * ValidateResult Object Type Definition
- *
- */
-
-#ifndef _PKIX_VALIDATERESULT_H
-#define _PKIX_VALIDATERESULT_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_ValidateResultStruct {
- PKIX_PL_PublicKey *pubKey;
- PKIX_TrustAnchor *anchor;
- PKIX_PolicyNode *policyTree;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *
-pkix_ValidateResult_Create(
- PKIX_PL_PublicKey *pubKey,
- PKIX_TrustAnchor *anchor,
- PKIX_PolicyNode *policyTree,
- PKIX_ValidateResult **pResult,
- void *plContext);
-
-PKIX_Error *pkix_ValidateResult_RegisterSelf(void *plContext);
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_VALIDATERESULT_H */
diff --git a/security/nss/lib/libpkix/pkix/results/pkix_verifynode.c b/security/nss/lib/libpkix/pkix/results/pkix_verifynode.c
deleted file mode 100755
index 433030728..000000000
--- a/security/nss/lib/libpkix/pkix/results/pkix_verifynode.c
+++ /dev/null
@@ -1,1215 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_verifynode.c
- *
- * Verify Node Object Type Definition
- *
- */
-
-#include "pkix_verifynode.h"
-
-/* --Private-VerifyNode-Functions---------------------------------- */
-
-/*
- * FUNCTION: pkix_VerifyNode_Create
- * DESCRIPTION:
- *
- * This function creates a VerifyNode using the Cert pointed to by "cert",
- * the depth given by "depth", and the Error pointed to by "error", storing
- * the result at "pObject".
- *
- * PARAMETERS
- * "cert"
- * Address of Cert for the node. Must be non-NULL
- * "depth"
- * UInt32 value of the depth for this node.
- * "error"
- * Address of Error for the node.
- * "pObject"
- * Address where the VerifyNode pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_VerifyNode_Create(
- PKIX_PL_Cert *cert,
- PKIX_UInt32 depth,
- PKIX_Error *error,
- PKIX_VerifyNode **pObject,
- void *plContext)
-{
- PKIX_VerifyNode *node = NULL;
-
- PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_Create");
- PKIX_NULLCHECK_TWO(cert, pObject);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_VERIFYNODE_TYPE,
- sizeof (PKIX_VerifyNode),
- (PKIX_PL_Object **)&node,
- plContext),
- PKIX_COULDNOTCREATEVERIFYNODEOBJECT);
-
- PKIX_INCREF(cert);
- node->verifyCert = cert;
-
- PKIX_INCREF(error);
- node->error = error;
-
- node->depth = depth;
-
- node->children = NULL;
-
- *pObject = node;
- node = NULL;
-
-cleanup:
-
- PKIX_DECREF(node);
-
- PKIX_RETURN(VERIFYNODE);
-}
-
-/*
- * FUNCTION: pkix_VerifyNode_AddToChain
- * DESCRIPTION:
- *
- * Adds the VerifyNode pointed to by "child", at the appropriate depth, to the
- * List of children of the VerifyNode pointed to by "parentNode". The chain of
- * VerifyNodes is traversed until a VerifyNode is found at a depth one less
- * than that specified in "child". An Error is returned if there is no parent
- * at a suitable depth.
- *
- * If "parentNode" has a NULL pointer for the List of children, a new List is
- * created containing "child". Otherwise "child" is appended to the existing
- * List.
- *
- * Depth, in this context, means distance from the root node, which
- * is at depth zero.
- *
- * PARAMETERS:
- * "parentNode"
- * Address of VerifyNode whose List of child VerifyNodes is to be
- * created or appended to. Must be non-NULL.
- * "child"
- * Address of VerifyNode to be added to parentNode's List. Must be
- * non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a VerifyNode Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_VerifyNode_AddToChain(
- PKIX_VerifyNode *parentNode,
- PKIX_VerifyNode *child,
- void *plContext)
-{
- PKIX_VerifyNode *successor = NULL;
- PKIX_List *listOfChildren = NULL;
- PKIX_UInt32 numChildren = 0;
- PKIX_UInt32 parentDepth = 0;
-
- PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_AddToChain");
- PKIX_NULLCHECK_TWO(parentNode, child);
-
- parentDepth = parentNode->depth;
- listOfChildren = parentNode->children;
- if (listOfChildren == NULL) {
-
- if (parentDepth != (child->depth - 1)) {
- PKIX_ERROR(PKIX_NODESMISSINGFROMCHAIN);
- }
-
- PKIX_CHECK(PKIX_List_Create(&listOfChildren, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (listOfChildren, (PKIX_PL_Object *)child, plContext),
- PKIX_COULDNOTAPPENDCHILDTOPARENTSVERIFYNODELIST);
-
- parentNode->children = listOfChildren;
- } else {
- /* get number of children */
- PKIX_CHECK(PKIX_List_GetLength
- (listOfChildren, &numChildren, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- if (numChildren != 1) {
- PKIX_ERROR(PKIX_AMBIGUOUSPARENTAGEOFVERIFYNODE);
- }
-
- /* successor = listOfChildren[0] */
- PKIX_CHECK(PKIX_List_GetItem
- (listOfChildren,
- 0,
- (PKIX_PL_Object **)&successor,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_VerifyNode_AddToChain
- (successor, child, plContext),
- PKIX_VERIFYNODEADDTOCHAINFAILED);
- }
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)parentNode, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
- PKIX_DECREF(successor);
-
- PKIX_RETURN(VERIFYNODE);
-}
-
-/*
- * FUNCTION: pkix_VerifyNode_SetDepth
- * DESCRIPTION:
- *
- * The function sets the depth field of each VerifyNode in the List "children"
- * to the value given by "depth", and recursively sets the depth of any
- * successive generations to the successive values.
- *
- * PARAMETERS:
- * "children"
- * The List of VerifyNodes. Must be non-NULL.
- * "depth"
- * The value of the depth field to be set in members of the List.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_VerifyNode_SetDepth(PKIX_List *children,
- PKIX_UInt32 depth,
- void *plContext)
-{
- PKIX_UInt32 numChildren = 0;
- PKIX_UInt32 chIx = 0;
- PKIX_VerifyNode *child = NULL;
-
- PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_SetDepth");
- PKIX_NULLCHECK_ONE(children);
-
- PKIX_CHECK(PKIX_List_GetLength(children, &numChildren, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (chIx = 0; chIx < numChildren; chIx++) {
- PKIX_CHECK(PKIX_List_GetItem
- (children, chIx, (PKIX_PL_Object **)&child, plContext),
- PKIX_LISTGETITEMFAILED);
-
- child->depth = depth;
-
- if (child->children != NULL) {
- PKIX_CHECK(pkix_VerifyNode_SetDepth
- (child->children, depth + 1, plContext),
- PKIX_VERIFYNODESETDEPTHFAILED);
- }
-
- PKIX_DECREF(child);
- }
-
-cleanup:
-
- PKIX_DECREF(child);
-
- PKIX_RETURN(VERIFYNODE);
-}
-
-/*
- * FUNCTION: pkix_VerifyNode_AddToTree
- * DESCRIPTION:
- *
- * Adds the VerifyNode pointed to by "child" to the List of children of the
- * VerifyNode pointed to by "parentNode". If "parentNode" has a NULL pointer
- * for the List of children, a new List is created containing "child".
- * Otherwise "child" is appended to the existing List. The depth field of
- * "child" is set to one more than the corresponding value in "parent", and
- * if the "child" itself has child nodes, their depth fields are updated
- * accordingly.
- *
- * Depth, in this context, means distance from the root node, which
- * is at depth zero.
- *
- * PARAMETERS:
- * "parentNode"
- * Address of VerifyNode whose List of child VerifyNodes is to be
- * created or appended to. Must be non-NULL.
- * "child"
- * Address of VerifyNode to be added to parentNode's List. Must be
- * non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_VerifyNode_AddToTree(
- PKIX_VerifyNode *parentNode,
- PKIX_VerifyNode *child,
- void *plContext)
-{
- PKIX_List *listOfChildren = NULL;
- PKIX_UInt32 parentDepth = 0;
-
- PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_AddToTree");
- PKIX_NULLCHECK_TWO(parentNode, child);
-
- parentDepth = parentNode->depth;
- listOfChildren = parentNode->children;
- if (listOfChildren == NULL) {
-
- PKIX_CHECK(PKIX_List_Create(&listOfChildren, plContext),
- PKIX_LISTCREATEFAILED);
-
- parentNode->children = listOfChildren;
- }
-
- child->depth = parentDepth + 1;
-
- PKIX_CHECK(PKIX_List_AppendItem
- (parentNode->children, (PKIX_PL_Object *)child, plContext),
- PKIX_COULDNOTAPPENDCHILDTOPARENTSVERIFYNODELIST);
-
- if (child->children != NULL) {
- PKIX_CHECK(pkix_VerifyNode_SetDepth
- (child->children, child->depth + 1, plContext),
- PKIX_VERIFYNODESETDEPTHFAILED);
- }
-
-
-cleanup:
-
- PKIX_RETURN(VERIFYNODE);
-}
-
-/*
- * FUNCTION: pkix_SingleVerifyNode_ToString
- * DESCRIPTION:
- *
- * Creates a String representation of the attributes of the VerifyNode pointed
- * to by "node", other than its children, and stores the result at "pString".
- *
- * PARAMETERS:
- * "node"
- * Address of VerifyNode to be described by the string. Must be non-NULL.
- * "pString"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if function succeeds
- * Returns a VerifyNode Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in a fatal way
- */
-PKIX_Error *
-pkix_SingleVerifyNode_ToString(
- PKIX_VerifyNode *node,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_String *fmtString = NULL;
- PKIX_PL_String *errorString = NULL;
- PKIX_PL_String *outString = NULL;
-
- PKIX_PL_X500Name *issuerName = NULL;
- PKIX_PL_X500Name *subjectName = NULL;
- PKIX_PL_String *issuerString = NULL;
- PKIX_PL_String *subjectString = NULL;
-
- PKIX_ENTER(VERIFYNODE, "pkix_SingleVerifyNode_ToString");
- PKIX_NULLCHECK_THREE(node, pString, node->verifyCert);
-
- PKIX_TOSTRING(node->error, &errorString, plContext,
- PKIX_ERRORTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Cert_GetIssuer
- (node->verifyCert, &issuerName, plContext),
- PKIX_CERTGETISSUERFAILED);
-
- PKIX_TOSTRING(issuerName, &issuerString, plContext,
- PKIX_X500NAMETOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Cert_GetSubject
- (node->verifyCert, &subjectName, plContext),
- PKIX_CERTGETSUBJECTFAILED);
-
- PKIX_TOSTRING(subjectName, &subjectString, plContext,
- PKIX_X500NAMETOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- "CERT[Issuer:%s, Subject:%s], depth=%d, error=%s",
- 0,
- &fmtString,
- plContext),
- PKIX_CANTCREATESTRING);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&outString,
- plContext,
- fmtString,
- issuerString,
- subjectString,
- node->depth,
- errorString),
- PKIX_SPRINTFFAILED);
-
- *pString = outString;
-
-cleanup:
-
- PKIX_DECREF(fmtString);
- PKIX_DECREF(errorString);
- PKIX_DECREF(issuerName);
- PKIX_DECREF(subjectName);
- PKIX_DECREF(issuerString);
- PKIX_DECREF(subjectString);
- PKIX_RETURN(VERIFYNODE);
-}
-
-/*
- * FUNCTION: pkix_VerifyNode_ToString_Helper
- * DESCRIPTION:
- *
- * Produces a String representation of a VerifyNode tree below the VerifyNode
- * pointed to by "rootNode", with each line of output prefixed by the String
- * pointed to by "indent", and stores the result at "pTreeString". It is
- * called recursively, with ever-increasing indentation, for successively
- * lower nodes on the tree.
- *
- * PARAMETERS:
- * "rootNode"
- * Address of VerifyNode subtree. Must be non-NULL.
- * "indent"
- * Address of String to be prefixed to each line of output. May be NULL
- * if no indentation is desired
- * "pTreeString"
- * Address where the resulting String will be stored; must be non-NULL
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a VerifyNode Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_VerifyNode_ToString_Helper(
- PKIX_VerifyNode *rootNode,
- PKIX_PL_String *indent,
- PKIX_PL_String **pTreeString,
- void *plContext)
-{
- PKIX_PL_String *nextIndentFormat = NULL;
- PKIX_PL_String *thisNodeFormat = NULL;
- PKIX_PL_String *childrenFormat = NULL;
- PKIX_PL_String *nextIndentString = NULL;
- PKIX_PL_String *resultString = NULL;
- PKIX_PL_String *thisItemString = NULL;
- PKIX_PL_String *childString = NULL;
- PKIX_VerifyNode *childNode = NULL;
- PKIX_UInt32 numberOfChildren = 0;
- PKIX_UInt32 childIndex = 0;
-
- PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_ToString_Helper");
-
- PKIX_NULLCHECK_TWO(rootNode, pTreeString);
-
- /* Create a string for this node */
- PKIX_CHECK(pkix_SingleVerifyNode_ToString
- (rootNode, &thisItemString, plContext),
- PKIX_ERRORINSINGLEVERIFYNODETOSTRING);
-
- if (indent) {
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- "%s%s",
- 0,
- &thisNodeFormat,
- plContext),
- PKIX_ERRORCREATINGFORMATSTRING);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&resultString,
- plContext,
- thisNodeFormat,
- indent,
- thisItemString),
- PKIX_ERRORINSPRINTF);
- } else {
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- "%s",
- 0,
- &thisNodeFormat,
- plContext),
- PKIX_ERRORCREATINGFORMATSTRING);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&resultString,
- plContext,
- thisNodeFormat,
- thisItemString),
- PKIX_ERRORINSPRINTF);
- }
-
- PKIX_DECREF(thisItemString);
- thisItemString = resultString;
-
- /* if no children, we are done */
- if (rootNode->children) {
- PKIX_CHECK(PKIX_List_GetLength
- (rootNode->children, &numberOfChildren, plContext),
- PKIX_LISTGETLENGTHFAILED);
- }
-
- if (numberOfChildren != 0) {
- /*
- * We create a string for each child in turn,
- * concatenating them to thisItemString.
- */
-
- /* Prepare an indent string for each child */
- if (indent) {
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- "%s. ",
- 0,
- &nextIndentFormat,
- plContext),
- PKIX_ERRORCREATINGFORMATSTRING);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&nextIndentString,
- plContext,
- nextIndentFormat,
- indent),
- PKIX_ERRORINSPRINTF);
- } else {
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- ". ",
- 0,
- &nextIndentString,
- plContext),
- PKIX_ERRORCREATINGINDENTSTRING);
- }
-
- /* Prepare the format for concatenation. */
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- "%s\n%s",
- 0,
- &childrenFormat,
- plContext),
- PKIX_ERRORCREATINGFORMATSTRING);
-
- for (childIndex = 0;
- childIndex < numberOfChildren;
- childIndex++) {
- PKIX_CHECK(PKIX_List_GetItem
- (rootNode->children,
- childIndex,
- (PKIX_PL_Object **)&childNode,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_VerifyNode_ToString_Helper
- (childNode,
- nextIndentString,
- &childString,
- plContext),
- PKIX_ERRORCREATINGCHILDSTRING);
-
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&resultString,
- plContext,
- childrenFormat,
- thisItemString,
- childString),
- PKIX_ERRORINSPRINTF);
-
- PKIX_DECREF(childNode);
- PKIX_DECREF(childString);
- PKIX_DECREF(thisItemString);
-
- thisItemString = resultString;
- }
- }
-
- *pTreeString = thisItemString;
-
-cleanup:
- if (PKIX_ERROR_RECEIVED) {
- PKIX_DECREF(thisItemString);
- }
-
- PKIX_DECREF(nextIndentFormat);
- PKIX_DECREF(thisNodeFormat);
- PKIX_DECREF(childrenFormat);
- PKIX_DECREF(nextIndentString);
- PKIX_DECREF(childString);
- PKIX_DECREF(childNode);
-
- PKIX_RETURN(VERIFYNODE);
-}
-
-/*
- * FUNCTION: pkix_VerifyNode_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_VerifyNode_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pTreeString,
- void *plContext)
-{
- PKIX_VerifyNode *rootNode = NULL;
- PKIX_PL_String *resultString = NULL;
-
- PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_ToString");
-
- PKIX_NULLCHECK_TWO(object, pTreeString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_VERIFYNODE_TYPE, plContext),
- PKIX_OBJECTNOTVERIFYNODE);
-
- rootNode = (PKIX_VerifyNode *)object;
-
- PKIX_CHECK(pkix_VerifyNode_ToString_Helper
- (rootNode, NULL, &resultString, plContext),
- PKIX_ERRORCREATINGSUBTREESTRING);
-
- *pTreeString = resultString;
-
-cleanup:
-
- PKIX_RETURN(VERIFYNODE);
-}
-
-/*
- * FUNCTION: pkix_VerifyNode_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_VerifyNode_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_VerifyNode *node = NULL;
-
- PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_Destroy");
-
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_VERIFYNODE_TYPE, plContext),
- PKIX_OBJECTNOTVERIFYNODE);
-
- node = (PKIX_VerifyNode*)object;
-
- PKIX_DECREF(node->verifyCert);
- PKIX_DECREF(node->children);
- PKIX_DECREF(node->error);
-
- node->depth = 0;
-
-cleanup:
-
- PKIX_RETURN(VERIFYNODE);
-}
-
-/*
- * FUNCTION: pkix_SingleVerifyNode_Hashcode
- * DESCRIPTION:
- *
- * Computes the hashcode of the attributes of the VerifyNode pointed to by
- * "node", other than its parents and children, and stores the result at
- * "pHashcode".
- *
- * PARAMETERS:
- * "node"
- * Address of VerifyNode to be hashcoded; must be non-NULL
- * "pHashcode"
- * Address where UInt32 result will be stored; must be non-NULL
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if function succeeds
- * Returns a VerifyNode Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in a fatal way
- */
-static PKIX_Error *
-pkix_SingleVerifyNode_Hashcode(
- PKIX_VerifyNode *node,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_UInt32 errorHash = 0;
- PKIX_UInt32 nodeHash = 0;
-
- PKIX_ENTER(VERIFYNODE, "pkix_SingleVerifyNode_Hashcode");
- PKIX_NULLCHECK_TWO(node, pHashcode);
-
- PKIX_HASHCODE
- (node->verifyCert,
- &nodeHash,
- plContext,
- PKIX_FAILUREHASHINGCERT);
-
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *)node->error,
- &errorHash,
- plContext),
- PKIX_FAILUREHASHINGERROR);
-
- nodeHash = 31*nodeHash + errorHash;
- *pHashcode = nodeHash;
-
-cleanup:
-
- PKIX_RETURN(VERIFYNODE);
-}
-
-/*
- * FUNCTION: pkix_VerifyNode_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_VerifyNode_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_VerifyNode *node = NULL;
- PKIX_UInt32 childrenHash = 0;
- PKIX_UInt32 nodeHash = 0;
-
- PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_VERIFYNODE_TYPE, plContext),
- PKIX_OBJECTNOTVERIFYNODE);
-
- node = (PKIX_VerifyNode *)object;
-
- PKIX_CHECK(pkix_SingleVerifyNode_Hashcode
- (node, &nodeHash, plContext),
- PKIX_SINGLEVERIFYNODEHASHCODEFAILED);
-
- PKIX_HASHCODE
- (node->children,
- &childrenHash,
- plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- nodeHash = 31*nodeHash + childrenHash;
-
- *pHashcode = nodeHash;
-
-cleanup:
-
- PKIX_RETURN(VERIFYNODE);
-}
-
-/*
- * FUNCTION: pkix_SingleVerifyNode_Equals
- * DESCRIPTION:
- *
- * Compares for equality the components of the VerifyNode pointed to by
- * "firstPN", other than its parents and children, with those of the
- * VerifyNode pointed to by "secondPN" and stores the result at "pResult"
- * (PKIX_TRUE if equal; PKIX_FALSE if not).
- *
- * PARAMETERS:
- * "firstPN"
- * Address of first of the VerifyNodes to be compared; must be non-NULL
- * "secondPN"
- * Address of second of the VerifyNodes to be compared; must be non-NULL
- * "pResult"
- * Address where Boolean will be stored; must be non-NULL
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if function succeeds
- * Returns a VerifyNode Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in a fatal way
- */
-static PKIX_Error *
-pkix_SingleVerifyNode_Equals(
- PKIX_VerifyNode *firstVN,
- PKIX_VerifyNode *secondVN,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_Boolean compResult = PKIX_FALSE;
-
- PKIX_ENTER(VERIFYNODE, "pkix_SingleVerifyNode_Equals");
- PKIX_NULLCHECK_THREE(firstVN, secondVN, pResult);
-
- /* If both references are identical, they must be equal */
- if (firstVN == secondVN) {
- compResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * It seems we have to do the comparisons. Do
- * the easiest ones first.
- */
- if ((firstVN->depth) != (secondVN->depth)) {
- goto cleanup;
- }
-
- /* These fields must be non-NULL */
- PKIX_NULLCHECK_TWO(firstVN->verifyCert, secondVN->verifyCert);
-
- PKIX_EQUALS
- (firstVN->verifyCert,
- secondVN->verifyCert,
- &compResult,
- plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- if (compResult == PKIX_FALSE) {
- goto cleanup;
- }
-
- PKIX_EQUALS
- (firstVN->error,
- secondVN->error,
- &compResult,
- plContext,
- PKIX_OBJECTEQUALSFAILED);
-
-cleanup:
-
- *pResult = compResult;
-
- PKIX_RETURN(VERIFYNODE);
-}
-
-/*
- * FUNCTION: pkix_VerifyNode_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_VerifyNode_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_VerifyNode *firstVN = NULL;
- PKIX_VerifyNode *secondVN = NULL;
- PKIX_UInt32 secondType;
- PKIX_Boolean compResult = PKIX_FALSE;
-
- PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- /* test that firstObject is a VerifyNode */
- PKIX_CHECK(pkix_CheckType
- (firstObject, PKIX_VERIFYNODE_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTVERIFYNODE);
-
- /*
- * Since we know firstObject is a VerifyNode,
- * if both references are identical, they must be equal
- */
- if (firstObject == secondObject){
- compResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If secondObject isn't a VerifyNode, we
- * don't throw an error. We simply return FALSE.
- */
- PKIX_CHECK(PKIX_PL_Object_GetType
- (secondObject, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
-
- if (secondType != PKIX_VERIFYNODE_TYPE) {
- goto cleanup;
- }
-
- /*
- * Oh, well, we have to do the comparisons. Do
- * the easiest ones first.
- */
- firstVN = (PKIX_VerifyNode *)firstObject;
- secondVN = (PKIX_VerifyNode *)secondObject;
-
- PKIX_CHECK(pkix_SingleVerifyNode_Equals
- (firstVN, secondVN, &compResult, plContext),
- PKIX_SINGLEVERIFYNODEEQUALSFAILED);
-
- if (compResult == PKIX_FALSE) {
- goto cleanup;
- }
-
- PKIX_EQUALS
- (firstVN->children,
- secondVN->children,
- &compResult,
- plContext,
- PKIX_OBJECTEQUALSFAILEDONCHILDREN);
-
-cleanup:
-
- *pResult = compResult;
-
- PKIX_RETURN(VERIFYNODE);
-}
-
-/*
- * FUNCTION: pkix_VerifyNode_DuplicateHelper
- * DESCRIPTION:
- *
- * Duplicates the VerifyNode whose address is pointed to by "original",
- * and stores the result at "pNewNode", if a non-NULL pointer is provided
- * for "pNewNode". In addition, the created VerifyNode is added as a child
- * to "parent", if a non-NULL pointer is provided for "parent". Then this
- * function is called recursively to duplicate each of the children of
- * "original". At the top level this function is called with a null
- * "parent" and a non-NULL "pNewNode". Below the top level "parent" will
- * be non-NULL and "pNewNode" will be NULL.
- *
- * PARAMETERS:
- * "original"
- * Address of VerifyNode to be copied; must be non-NULL
- * "parent"
- * Address of VerifyNode to which the created node is to be added as a
- * child; NULL for the top-level call and non-NULL below the top level
- * "pNewNode"
- * Address to store the node created; should be NULL if "parent" is
- * non-NULL and vice versa
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if function succeeds
- * Returns a VerifyNode Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in a fatal way
- */
-static PKIX_Error *
-pkix_VerifyNode_DuplicateHelper(
- PKIX_VerifyNode *original,
- PKIX_VerifyNode *parent,
- PKIX_VerifyNode **pNewNode,
- void *plContext)
-{
- PKIX_UInt32 numChildren = 0;
- PKIX_UInt32 childIndex = 0;
- PKIX_List *children = NULL; /* List of PKIX_VerifyNode */
- PKIX_VerifyNode *copy = NULL;
- PKIX_VerifyNode *child = NULL;
-
- PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_DuplicateHelper");
-
- PKIX_NULLCHECK_TWO
- (original, original->verifyCert);
-
- /*
- * These components are immutable, so copying the pointers
- * is sufficient. The create function increments the reference
- * counts as it stores the pointers into the new object.
- */
- PKIX_CHECK(pkix_VerifyNode_Create
- (original->verifyCert,
- original->depth,
- original->error,
- &copy,
- plContext),
- PKIX_VERIFYNODECREATEFAILED);
-
- /* Are there any children to duplicate? */
- children = original->children;
-
- if (children) {
- PKIX_CHECK(PKIX_List_GetLength(children, &numChildren, plContext),
- PKIX_LISTGETLENGTHFAILED);
- }
-
- for (childIndex = 0; childIndex < numChildren; childIndex++) {
- PKIX_CHECK(PKIX_List_GetItem
- (children,
- childIndex,
- (PKIX_PL_Object **)&child,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_VerifyNode_DuplicateHelper
- (child, copy, NULL, plContext),
- PKIX_VERIFYNODEDUPLICATEHELPERFAILED);
-
- PKIX_DECREF(child);
- }
-
- if (pNewNode) {
- *pNewNode = copy;
- copy = NULL; /* no DecRef if we give our handle away */
- }
-
-cleanup:
- PKIX_DECREF(copy);
- PKIX_DECREF(child);
-
- PKIX_RETURN(VERIFYNODE);
-}
-
-/*
- * FUNCTION: pkix_VerifyNode_Duplicate
- * (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_VerifyNode_Duplicate(
- PKIX_PL_Object *object,
- PKIX_PL_Object **pNewObject,
- void *plContext)
-{
- PKIX_VerifyNode *original = NULL;
- PKIX_VerifyNode *copy = NULL;
-
- PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_Duplicate");
-
- PKIX_NULLCHECK_TWO(object, pNewObject);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_VERIFYNODE_TYPE, plContext),
- PKIX_OBJECTNOTVERIFYNODE);
-
- original = (PKIX_VerifyNode *)object;
-
- PKIX_CHECK(pkix_VerifyNode_DuplicateHelper
- (original, NULL, &copy, plContext),
- PKIX_VERIFYNODEDUPLICATEHELPERFAILED);
-
- *pNewObject = (PKIX_PL_Object *)copy;
-
-cleanup:
-
- PKIX_RETURN(VERIFYNODE);
-}
-
-/*
- * FUNCTION: pkix_VerifyNode_RegisterSelf
- * DESCRIPTION:
- *
- * Registers PKIX_VERIFYNODE_TYPE and its related
- * functions with systemClasses[]
- *
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize,
- * which should only be called once, it is acceptable that
- * this function is not thread-safe.
- */
-PKIX_Error *
-pkix_VerifyNode_RegisterSelf(void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_RegisterSelf");
-
- entry.description = "VerifyNode";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_VerifyNode);
- entry.destructor = pkix_VerifyNode_Destroy;
- entry.equalsFunction = pkix_VerifyNode_Equals;
- entry.hashcodeFunction = pkix_VerifyNode_Hashcode;
- entry.toStringFunction = pkix_VerifyNode_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_VerifyNode_Duplicate;
-
- systemClasses[PKIX_VERIFYNODE_TYPE] = entry;
-
- PKIX_RETURN(VERIFYNODE);
-}
-
-/* --Public-VerifyNode-Functions----------------------------------- */
-
-/*
- * FUNCTION: PKIX_VerifyNode_SetError
- * DESCRIPTION:
- *
- * This function sets the Error field of the VerifyNode pointed to by "node"
- * to contain the Error pointed to by "error".
- *
- * PARAMETERS:
- * "node"
- * The address of the VerifyNode to be modified. Must be non-NULL.
- * "error"
- * The address of the Error to be stored.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_VerifyNode_SetError(
- PKIX_VerifyNode *node,
- PKIX_Error *error,
- void *plContext)
-{
-
- PKIX_ENTER(VERIFYNODE, "PKIX_VerifyNode_SetError");
-
- PKIX_NULLCHECK_TWO(node, error);
-
- PKIX_DECREF(node->error); /* should have been NULL */
- PKIX_INCREF(error);
- node->error = error;
-
-cleanup:
- PKIX_RETURN(VERIFYNODE);
-}
-
-/*
- * FUNCTION: PKIX_VerifyNode_FindError
- * DESCRIPTION:
- *
- * Finds meaningful error in the log. For now, just returns the first
- * error it finds in. In the future the function should be changed to
- * return a top priority error.
- *
- * PARAMETERS:
- * "node"
- * The address of the VerifyNode to be modified. Must be non-NULL.
- * "error"
- * The address of a pointer the error will be returned to.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_VerifyNode_FindError(
- PKIX_VerifyNode *node,
- PKIX_Error **error,
- void *plContext)
-{
- PKIX_VerifyNode *childNode = NULL;
-
- PKIX_ENTER(VERIFYNODE, "PKIX_VerifyNode_FindError");
-
- /* Make sure the return address is initialized with NULL */
- PKIX_DECREF(*error);
-
- if (!node)
- goto cleanup;
-
- /* First, try to get error from lowest level. */
- if (node->children) {
- PKIX_UInt32 length = 0;
- PKIX_UInt32 index = 0;
-
- PKIX_CHECK(
- PKIX_List_GetLength(node->children, &length,
- plContext),
- PKIX_LISTGETLENGTHFAILED);
- for (index = 0;index < length;index++) {
- PKIX_CHECK(
- PKIX_List_GetItem(node->children, index,
- (PKIX_PL_Object**)&childNode, plContext),
- PKIX_LISTGETITEMFAILED);
- if (!childNode)
- continue;
- PKIX_CHECK(
- pkix_VerifyNode_FindError(childNode, error,
- plContext),
- PKIX_VERIFYNODEFINDERRORFAILED);
- PKIX_DECREF(childNode);
- if (*error) {
- goto cleanup;
- }
- }
- }
-
- if (node->error && node->error->plErr) {
- PKIX_INCREF(node->error);
- *error = node->error;
- }
-
-cleanup:
- PKIX_DECREF(childNode);
-
- PKIX_RETURN(VERIFYNODE);
-}
diff --git a/security/nss/lib/libpkix/pkix/results/pkix_verifynode.h b/security/nss/lib/libpkix/pkix/results/pkix_verifynode.h
deleted file mode 100755
index 3621dabc7..000000000
--- a/security/nss/lib/libpkix/pkix/results/pkix_verifynode.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_verifynode.h
- *
- * VerifyNode Type Definitions
- *
- */
-
-#ifndef _PKIX_VERIFYNODE_H
-#define _PKIX_VERIFYNODE_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* This structure reflects the contents of a verify node...
- */
-struct PKIX_VerifyNodeStruct {
- PKIX_PL_Cert *verifyCert;
- PKIX_List *children; /* VerifyNodes */
- PKIX_UInt32 depth;
- PKIX_Error *error;
-};
-
-PKIX_Error *
-pkix_SingleVerifyNode_ToString(
- PKIX_VerifyNode *node,
- PKIX_PL_String **pString,
- void *plContext);
-
-PKIX_Error *
-pkix_VerifyNode_Create(
- PKIX_PL_Cert *verifyCert,
- PKIX_UInt32 depth,
- PKIX_Error *error,
- PKIX_VerifyNode **pObject,
- void *plContext);
-
-PKIX_Error *
-pkix_VerifyNode_AddToChain(
- PKIX_VerifyNode *parentNode,
- PKIX_VerifyNode *child,
- void *plContext);
-
-PKIX_Error *
-pkix_VerifyNode_AddToTree(
- PKIX_VerifyNode *parentNode,
- PKIX_VerifyNode *child,
- void *plContext);
-
-PKIX_Error *
-pkix_VerifyNode_SetError(
- PKIX_VerifyNode *node,
- PKIX_Error *error,
- void *plContext);
-
-PKIX_Error *
-pkix_VerifyNode_RegisterSelf(
- void *plContext);
-
-PKIX_Error *
-pkix_VerifyNode_FindError(
- PKIX_VerifyNode *node,
- PKIX_Error **error,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_VERIFYNODE_H */
diff --git a/security/nss/lib/libpkix/pkix/store/Makefile b/security/nss/lib/libpkix/pkix/store/Makefile
deleted file mode 100755
index a06b8bed4..000000000
--- a/security/nss/lib/libpkix/pkix/store/Makefile
+++ /dev/null
@@ -1,81 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
diff --git a/security/nss/lib/libpkix/pkix/store/config.mk b/security/nss/lib/libpkix/pkix/store/config.mk
deleted file mode 100755
index 6f3fb7b4b..000000000
--- a/security/nss/lib/libpkix/pkix/store/config.mk
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/libpkix/pkix/store/manifest.mn b/security/nss/lib/libpkix/pkix/store/manifest.mn
deleted file mode 100755
index 95101f26c..000000000
--- a/security/nss/lib/libpkix/pkix/store/manifest.mn
+++ /dev/null
@@ -1,56 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../../../..
-
-EXPORTS = \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- pkix_store.h \
- $(NULL)
-
-MODULE = nss
-
-CSRCS = \
- pkix_store.c \
- $(NULL)
-
-REQUIRES = dbm
-
-LIBRARY_NAME = pkixstore
-
diff --git a/security/nss/lib/libpkix/pkix/store/pkix_store.c b/security/nss/lib/libpkix/pkix/store/pkix_store.c
deleted file mode 100755
index b1976ae35..000000000
--- a/security/nss/lib/libpkix/pkix/store/pkix_store.c
+++ /dev/null
@@ -1,448 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_store.c
- *
- * CertStore Function Definitions
- *
- */
-
-#include "pkix_store.h"
-
-/* --CertStore-Private-Functions----------------------------------------- */
-
-/*
- * FUNCTION: pkix_CertStore_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_CertStore_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_CertStore *certStore = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_CertStore_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- /* Check that this object is a CertStore object */
- PKIX_CHECK(pkix_CheckType(object, PKIX_CERTSTORE_TYPE, plContext),
- PKIX_OBJECTNOTCERTSTORE);
-
- certStore = (PKIX_CertStore *)object;
-
- certStore->certCallback = NULL;
- certStore->crlCallback = NULL;
- certStore->certContinue = NULL;
- certStore->crlContinue = NULL;
- certStore->trustCallback = NULL;
-
- PKIX_DECREF(certStore->certStoreContext);
-
-cleanup:
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_CertStore_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_CertStore_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_CertStore *certStore = NULL;
- PKIX_UInt32 tempHash = 0;
-
- PKIX_ENTER(CERTSTORE, "pkix_CertStore_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CERTSTORE_TYPE, plContext),
- PKIX_OBJECTNOTCERTSTORE);
-
- certStore = (PKIX_CertStore *)object;
-
- if (certStore->certStoreContext) {
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *) certStore->certStoreContext,
- &tempHash,
- plContext),
- PKIX_CERTSTOREHASHCODEFAILED);
- }
-
- *pHashcode = (PKIX_UInt32) certStore->certCallback +
- (PKIX_UInt32) certStore->crlCallback +
- (PKIX_UInt32) certStore->certContinue +
- (PKIX_UInt32) certStore->crlContinue +
- (PKIX_UInt32) certStore->trustCallback +
- (tempHash << 7);
-
-cleanup:
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_CertStore_Equals
- * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_CertStore_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Int32 *pResult,
- void *plContext)
-{
- PKIX_CertStore *firstCS = NULL;
- PKIX_CertStore *secondCS = NULL;
- PKIX_Boolean cmpResult = PKIX_FALSE;
-
- PKIX_ENTER(CERTSTORE, "pkix_CertStore_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- PKIX_CHECK(pkix_CheckTypes
- (firstObject, secondObject, PKIX_CERTSTORE_TYPE, plContext),
- PKIX_ARGUMENTSNOTDATES);
-
- firstCS = (PKIX_CertStore *)firstObject;
- secondCS = (PKIX_CertStore *)secondObject;
-
- cmpResult = (firstCS->certCallback == secondCS->certCallback) &&
- (firstCS->crlCallback == secondCS->crlCallback) &&
- (firstCS->certContinue == secondCS->certContinue) &&
- (firstCS->crlContinue == secondCS->crlContinue) &&
- (firstCS->trustCallback == secondCS->trustCallback);
-
- if (cmpResult &&
- (firstCS->certStoreContext != secondCS->certStoreContext)) {
-
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *) firstCS->certStoreContext,
- (PKIX_PL_Object *) secondCS->certStoreContext,
- &cmpResult,
- plContext),
- PKIX_CERTSTOREEQUALSFAILED);
- }
-
- *pResult = cmpResult;
-
-cleanup:
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_CertStore_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_CERTSTORE_TYPE and its related functions with
- * systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_CertStore_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(CERTSTORE, "pkix_CertStore_RegisterSelf");
-
- entry.description = "CertStore";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_CertStore);
- entry.destructor = pkix_CertStore_Destroy;
- entry.equalsFunction = pkix_CertStore_Equals;
- entry.hashcodeFunction = pkix_CertStore_Hashcode;
- entry.toStringFunction = NULL;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
-
- systemClasses[PKIX_CERTSTORE_TYPE] = entry;
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/* --CertStore-Public-Functions------------------------------------------ */
-
-/*
- * FUNCTION: PKIX_CertStore_Create (see comments in pkix_certstore.h)
- */
-PKIX_Error *
-PKIX_CertStore_Create(
- PKIX_CertStore_CertCallback certCallback,
- PKIX_CertStore_CRLCallback crlCallback,
- PKIX_CertStore_CertContinueFunction certContinue,
- PKIX_CertStore_CrlContinueFunction crlContinue,
- PKIX_CertStore_CheckTrustCallback trustCallback,
- PKIX_CertStore_ImportCrlCallback importCrlCallback,
- PKIX_CertStore_CheckRevokationByCrlCallback checkRevByCrlCallback,
- PKIX_PL_Object *certStoreContext,
- PKIX_Boolean cacheFlag,
- PKIX_Boolean localFlag,
- PKIX_CertStore **pStore,
- void *plContext)
-{
- PKIX_CertStore *certStore = NULL;
-
- PKIX_ENTER(CERTSTORE, "PKIX_CertStore_Create");
- PKIX_NULLCHECK_THREE(certCallback, crlCallback, pStore);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_CERTSTORE_TYPE,
- sizeof (PKIX_CertStore),
- (PKIX_PL_Object **)&certStore,
- plContext),
- PKIX_COULDNOTCREATECERTSTOREOBJECT);
-
- certStore->certCallback = certCallback;
- certStore->crlCallback = crlCallback;
- certStore->certContinue = certContinue;
- certStore->crlContinue = crlContinue;
- certStore->trustCallback = trustCallback;
- certStore->importCrlCallback = importCrlCallback;
- certStore->checkRevByCrlCallback = checkRevByCrlCallback;
- certStore->cacheFlag = cacheFlag;
- certStore->localFlag = localFlag;
-
- PKIX_INCREF(certStoreContext);
- certStore->certStoreContext = certStoreContext;
-
- *pStore = certStore;
- certStore = NULL;
-
-cleanup:
-
- PKIX_DECREF(certStore);
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: PKIX_CertStore_GetCertCallback (see comments in pkix_certstore.h)
- */
-PKIX_Error *
-PKIX_CertStore_GetCertCallback(
- PKIX_CertStore *store,
- PKIX_CertStore_CertCallback *pCallback,
- void *plContext)
-{
- PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetCertCallback");
- PKIX_NULLCHECK_TWO(store, pCallback);
-
- *pCallback = store->certCallback;
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: PKIX_CertStore_GetCRLCallback (see comments in pkix_certstore.h)
- */
-PKIX_Error *
-PKIX_CertStore_GetCRLCallback(
- PKIX_CertStore *store,
- PKIX_CertStore_CRLCallback *pCallback,
- void *plContext)
-{
- PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetCRLCallback");
- PKIX_NULLCHECK_TWO(store, pCallback);
-
- *pCallback = store->crlCallback;
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: PKIX_CertStore_CertContinue (see comments in pkix_certstore.h)
- */
-PKIX_Error *
-PKIX_CertStore_CertContinue(
- PKIX_CertStore *store,
- PKIX_CertSelector *selector,
- PKIX_VerifyNode *verifyNode,
- void **pNBIOContext,
- PKIX_List **pCertList,
- void *plContext)
-{
- PKIX_ENTER(CERTSTORE, "PKIX_CertStore_CertContinue");
- PKIX_NULLCHECK_FOUR(store, selector, pNBIOContext, pCertList);
-
- PKIX_CHECK(store->certContinue
- (store, selector, verifyNode,
- pNBIOContext, pCertList, plContext),
- PKIX_CERTSTORECERTCONTINUEFUNCTIONFAILED);
-
-cleanup:
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: PKIX_CertStore_CrlContinue (see comments in pkix_certstore.h)
- */
-PKIX_Error *
-PKIX_CertStore_CrlContinue(
- PKIX_CertStore *store,
- PKIX_CRLSelector *selector,
- void **pNBIOContext,
- PKIX_List **pCrlList,
- void *plContext)
-{
- PKIX_ENTER(CERTSTORE, "PKIX_CertStore_CrlContinue");
- PKIX_NULLCHECK_FOUR(store, selector, pNBIOContext, pCrlList);
-
- PKIX_CHECK(store->crlContinue
- (store, selector, pNBIOContext, pCrlList, plContext),
- PKIX_CERTSTORECRLCONTINUEFAILED);
-
-cleanup:
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: PKIX_CertStore_GetTrustCallback (see comments in pkix_certstore.h)
- */
-PKIX_Error *
-PKIX_CertStore_GetTrustCallback(
- PKIX_CertStore *store,
- PKIX_CertStore_CheckTrustCallback *pCallback,
- void *plContext)
-{
- PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetTrustCallback");
- PKIX_NULLCHECK_TWO(store, pCallback);
-
- *pCallback = store->trustCallback;
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: PKIX_CertStore_GetImportCrlCallback (see comments in pkix_certstore.h)
- */
-PKIX_Error *
-PKIX_CertStore_GetImportCrlCallback(
- PKIX_CertStore *store,
- PKIX_CertStore_ImportCrlCallback *pCallback,
- void *plContext)
-{
- PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetTrustCallback");
- PKIX_NULLCHECK_TWO(store, pCallback);
-
- *pCallback = store->importCrlCallback;
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: PKIX_CertStore_GetCheckRevByCrl (see comments in pkix_certstore.h)
- */
-PKIX_Error *
-PKIX_CertStore_GetCrlCheckerFn(
- PKIX_CertStore *store,
- PKIX_CertStore_CheckRevokationByCrlCallback *pCallback,
- void *plContext)
-{
- PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetTrustCallback");
- PKIX_NULLCHECK_TWO(store, pCallback);
-
- *pCallback = store->checkRevByCrlCallback;
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: PKIX_CertStore_GetCertStoreContext
- * (see comments in pkix_certstore.h)
- */
-PKIX_Error *
-PKIX_CertStore_GetCertStoreContext(
- PKIX_CertStore *store,
- PKIX_PL_Object **pCertStoreContext,
- void *plContext)
-{
- PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetCertStoreContext");
- PKIX_NULLCHECK_TWO(store, pCertStoreContext);
-
- PKIX_INCREF(store->certStoreContext);
- *pCertStoreContext = store->certStoreContext;
-
-cleanup:
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: PKIX_CertStore_GetCertStoreCacheFlag
- * (see comments in pkix_certstore.h)
- */
-PKIX_Error *
-PKIX_CertStore_GetCertStoreCacheFlag(
- PKIX_CertStore *store,
- PKIX_Boolean *pCacheFlag,
- void *plContext)
-{
- PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetCertStoreCacheFlag");
- PKIX_NULLCHECK_TWO(store, pCacheFlag);
-
- *pCacheFlag = store->cacheFlag;
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: PKIX_CertStore_GetLocalFlag
- * (see comments in pkix_certstore.h)
- */
-PKIX_Error *
-PKIX_CertStore_GetLocalFlag(
- PKIX_CertStore *store,
- PKIX_Boolean *pLocalFlag,
- void *plContext)
-{
- PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetLocalFlag");
- PKIX_NULLCHECK_TWO(store, pLocalFlag);
-
- *pLocalFlag = store->localFlag;
-
- PKIX_RETURN(CERTSTORE);
-}
diff --git a/security/nss/lib/libpkix/pkix/store/pkix_store.h b/security/nss/lib/libpkix/pkix/store/pkix_store.h
deleted file mode 100755
index 3cf640a2d..000000000
--- a/security/nss/lib/libpkix/pkix/store/pkix_store.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_store.h
- *
- * CertStore Object Type Definition
- *
- */
-
-#ifndef _PKIX_STORE_H
-#define _PKIX_STORE_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_CertStoreStruct {
- PKIX_CertStore_CertCallback certCallback;
- PKIX_CertStore_CRLCallback crlCallback;
- PKIX_CertStore_CertContinueFunction certContinue;
- PKIX_CertStore_CrlContinueFunction crlContinue;
- PKIX_CertStore_CheckTrustCallback trustCallback;
- PKIX_CertStore_ImportCrlCallback importCrlCallback;
- PKIX_CertStore_CheckRevokationByCrlCallback checkRevByCrlCallback;
- PKIX_PL_Object *certStoreContext;
- PKIX_Boolean cacheFlag;
- PKIX_Boolean localFlag; /* TRUE if CertStore is local */
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_CertStore_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_STORE_H */
diff --git a/security/nss/lib/libpkix/pkix/top/Makefile b/security/nss/lib/libpkix/pkix/top/Makefile
deleted file mode 100755
index a06b8bed4..000000000
--- a/security/nss/lib/libpkix/pkix/top/Makefile
+++ /dev/null
@@ -1,81 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
diff --git a/security/nss/lib/libpkix/pkix/top/config.mk b/security/nss/lib/libpkix/pkix/top/config.mk
deleted file mode 100755
index 6f3fb7b4b..000000000
--- a/security/nss/lib/libpkix/pkix/top/config.mk
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/libpkix/pkix/top/manifest.mn b/security/nss/lib/libpkix/pkix/top/manifest.mn
deleted file mode 100755
index 67efa32fa..000000000
--- a/security/nss/lib/libpkix/pkix/top/manifest.mn
+++ /dev/null
@@ -1,60 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../../../..
-
-EXPORTS = \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- pkix_build.h \
- pkix_lifecycle.h \
- pkix_validate.h \
- $(NULL)
-
-MODULE = nss
-
-CSRCS = \
- pkix_validate.c \
- pkix_lifecycle.c \
- pkix_build.c \
- $(NULL)
-
-REQUIRES = dbm
-
-LIBRARY_NAME = pkixtop
-
diff --git a/security/nss/lib/libpkix/pkix/top/pkix_build.c b/security/nss/lib/libpkix/pkix/top/pkix_build.c
deleted file mode 100755
index a60e61f20..000000000
--- a/security/nss/lib/libpkix/pkix/top/pkix_build.c
+++ /dev/null
@@ -1,3790 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_build.c
- *
- * Top level buildChain function
- *
- */
-
-/* #define PKIX_BUILDDEBUG 1 */
-/* #define PKIX_FORWARDBUILDERSTATEDEBUG 1 */
-
-#include "pkix_build.h"
-
-extern PRLogModuleInfo *pkixLog;
-
-/*
- * List of critical extension OIDs associate with what build chain has
- * checked. Those OIDs need to be removed from the unresolved critical
- * extension OIDs list manually (instead of by checker automatically).
- */
-static SECOidTag buildCheckedCritExtOIDs[] = {
- PKIX_CERTKEYUSAGE_OID,
- PKIX_CERTSUBJALTNAME_OID,
- PKIX_BASICCONSTRAINTS_OID,
- PKIX_NAMECONSTRAINTS_OID,
- PKIX_EXTENDEDKEYUSAGE_OID,
- PKIX_NSCERTTYPE_OID,
- PKIX_UNKNOWN_OID
-};
-
-/* --Private-ForwardBuilderState-Functions---------------------------------- */
-
-/*
- * FUNCTION: pkix_ForwardBuilderState_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ForwardBuilderState_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_ForwardBuilderState *state = NULL;
-
- PKIX_ENTER(FORWARDBUILDERSTATE, "pkix_ForwardBuilderState_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_FORWARDBUILDERSTATE_TYPE, plContext),
- PKIX_OBJECTNOTFORWARDBUILDERSTATE);
-
- state = (PKIX_ForwardBuilderState *)object;
-
- state->status = BUILD_INITIAL;
- state->traversedCACerts = 0;
- state->certStoreIndex = 0;
- state->numCerts = 0;
- state->numAias = 0;
- state->certIndex = 0;
- state->aiaIndex = 0;
- state->certCheckedIndex = 0;
- state->checkerIndex = 0;
- state->hintCertIndex = 0;
- state->numFanout = 0;
- state->numDepth = 0;
- state->reasonCode = 0;
- state->revCheckDelayed = PKIX_FALSE;
- state->canBeCached = PKIX_FALSE;
- state->useOnlyLocal = PKIX_FALSE;
- state->revChecking = PKIX_FALSE;
- state->usingHintCerts = PKIX_FALSE;
- state->certLoopingDetected = PKIX_FALSE;
- PKIX_DECREF(state->validityDate);
- PKIX_DECREF(state->prevCert);
- PKIX_DECREF(state->candidateCert);
- PKIX_DECREF(state->traversedSubjNames);
- PKIX_DECREF(state->trustChain);
- PKIX_DECREF(state->aia);
- PKIX_DECREF(state->candidateCerts);
- PKIX_DECREF(state->reversedCertChain);
- PKIX_DECREF(state->checkedCritExtOIDs);
- PKIX_DECREF(state->checkerChain);
- PKIX_DECREF(state->certSel);
- PKIX_DECREF(state->verifyNode);
- PKIX_DECREF(state->client);
-
- /*
- * If we ever add a child link we have to be careful not to have loops
- * in the Destroy process. But with one-way links we should be okay.
- */
- if (state->parentState == NULL) {
- state->buildConstants.numAnchors = 0;
- state->buildConstants.numCertStores = 0;
- state->buildConstants.numHintCerts = 0;
- state->buildConstants.procParams = 0;
- PKIX_DECREF(state->buildConstants.testDate);
- PKIX_DECREF(state->buildConstants.timeLimit);
- PKIX_DECREF(state->buildConstants.targetCert);
- PKIX_DECREF(state->buildConstants.targetPubKey);
- PKIX_DECREF(state->buildConstants.certStores);
- PKIX_DECREF(state->buildConstants.anchors);
- PKIX_DECREF(state->buildConstants.userCheckers);
- PKIX_DECREF(state->buildConstants.hintCerts);
- PKIX_DECREF(state->buildConstants.revChecker);
- PKIX_DECREF(state->buildConstants.aiaMgr);
- } else {
- PKIX_DECREF(state->parentState);
- }
-
-cleanup:
-
- PKIX_RETURN(FORWARDBUILDERSTATE);
-}
-
-/*
- * FUNCTION: pkix_ForwardBuilderState_Create
- *
- * DESCRIPTION:
- * Allocate and initialize a ForwardBuilderState.
- *
- * PARAMETERS
- * "traversedCACerts"
- * Number of CA certificates traversed.
- * "numFanout"
- * Number of Certs that can be considered at this level (0 = no limit)
- * "numDepth"
- * Number of additional levels that can be searched (0 = no limit)
- * "revCheckDelayed"
- * Boolean value indicating whether rev check is delayed until after
- * entire chain is built.
- * "canBeCached"
- * Boolean value indicating whether all certs on the chain can be cached.
- * "validityDate"
- * Address of Date at which build chain Certs' most restricted validity
- * time is kept. May be NULL.
- * "prevCert"
- * Address of Cert just traversed. Must be non-NULL.
- * "traversedSubjNames"
- * Address of List of GeneralNames that have been traversed.
- * Must be non-NULL.
- * "trustChain"
- * Address of List of certificates traversed. Must be non-NULL.
- * "parentState"
- * Address of previous ForwardBuilder state
- * "pState"
- * Address where ForwardBuilderState will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Build Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_ForwardBuilderState_Create(
- PKIX_Int32 traversedCACerts,
- PKIX_UInt32 numFanout,
- PKIX_UInt32 numDepth,
- PKIX_Boolean revCheckDelayed,
- PKIX_Boolean canBeCached,
- PKIX_PL_Date *validityDate,
- PKIX_PL_Cert *prevCert,
- PKIX_List *traversedSubjNames,
- PKIX_List *trustChain,
- PKIX_ForwardBuilderState *parentState,
- PKIX_ForwardBuilderState **pState,
- void *plContext)
-{
- PKIX_ForwardBuilderState *state = NULL;
-
- PKIX_ENTER(FORWARDBUILDERSTATE, "pkix_ForwardBuilderState_Create");
- PKIX_NULLCHECK_FOUR(prevCert, traversedSubjNames, pState, trustChain);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_FORWARDBUILDERSTATE_TYPE,
- sizeof (PKIX_ForwardBuilderState),
- (PKIX_PL_Object **)&state,
- plContext),
- PKIX_COULDNOTCREATEFORWARDBUILDERSTATEOBJECT);
-
- state->status = BUILD_INITIAL;
- state->traversedCACerts = traversedCACerts;
- state->certStoreIndex = 0;
- state->numCerts = 0;
- state->numAias = 0;
- state->certIndex = 0;
- state->aiaIndex = 0;
- state->certCheckedIndex = 0;
- state->checkerIndex = 0;
- state->hintCertIndex = 0;
- state->numFanout = numFanout;
- state->numDepth = numDepth;
- state->reasonCode = 0;
- state->revChecking = numDepth;
- state->revCheckDelayed = revCheckDelayed;
- state->canBeCached = canBeCached;
- state->useOnlyLocal = PKIX_TRUE;
- state->revChecking = PKIX_FALSE;
- state->usingHintCerts = PKIX_FALSE;
- state->certLoopingDetected = PKIX_FALSE;
-
- PKIX_INCREF(validityDate);
- state->validityDate = validityDate;
-
- PKIX_INCREF(prevCert);
- state->prevCert = prevCert;
-
- state->candidateCert = NULL;
-
- PKIX_INCREF(traversedSubjNames);
- state->traversedSubjNames = traversedSubjNames;
-
- PKIX_INCREF(trustChain);
- state->trustChain = trustChain;
-
- state->aia = NULL;
- state->candidateCerts = NULL;
- state->reversedCertChain = NULL;
- state->checkedCritExtOIDs = NULL;
- state->checkerChain = NULL;
- state->certSel = NULL;
- state->verifyNode = NULL;
- state->client = NULL;
-
- PKIX_INCREF(parentState);
- state->parentState = parentState;
-
- if (parentState != NULL) {
- state->buildConstants.numAnchors =
- parentState->buildConstants.numAnchors;
- state->buildConstants.numCertStores =
- parentState->buildConstants.numCertStores;
- state->buildConstants.numHintCerts =
- parentState->buildConstants.numHintCerts;
- state->buildConstants.maxFanout =
- parentState->buildConstants.maxFanout;
- state->buildConstants.maxDepth =
- parentState->buildConstants.maxDepth;
- state->buildConstants.maxTime =
- parentState->buildConstants.maxTime;
- state->buildConstants.procParams =
- parentState->buildConstants.procParams;
- state->buildConstants.testDate =
- parentState->buildConstants.testDate;
- state->buildConstants.timeLimit =
- parentState->buildConstants.timeLimit;
- state->buildConstants.targetCert =
- parentState->buildConstants.targetCert;
- state->buildConstants.targetPubKey =
- parentState->buildConstants.targetPubKey;
- state->buildConstants.certStores =
- parentState->buildConstants.certStores;
- state->buildConstants.anchors =
- parentState->buildConstants.anchors;
- state->buildConstants.userCheckers =
- parentState->buildConstants.userCheckers;
- state->buildConstants.hintCerts =
- parentState->buildConstants.hintCerts;
- state->buildConstants.revChecker =
- parentState->buildConstants.revChecker;
- state->buildConstants.aiaMgr =
- parentState->buildConstants.aiaMgr;
- }
-
- *pState = state;
- state = NULL;
-cleanup:
-
- PKIX_DECREF(state);
-
- PKIX_RETURN(FORWARDBUILDERSTATE);
-}
-
-/*
- * FUNCTION: pkix_Build_GetResourceLimits
- *
- * DESCRIPTION:
- * Retrieve Resource Limits from ProcessingParams and initialize them in
- * BuildConstants.
- *
- * PARAMETERS
- * "buildConstants"
- * Address of a BuildConstants structure containing objects and values
- * that remain constant throughout the building of a chain. Must be
- * non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Build Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_Build_GetResourceLimits(
- BuildConstants *buildConstants,
- void *plContext)
-{
- PKIX_ResourceLimits *resourceLimits = NULL;
-
- PKIX_ENTER(BUILD, "pkix_Build_GetResourceLimits");
- PKIX_NULLCHECK_ONE(buildConstants);
-
- PKIX_CHECK(PKIX_ProcessingParams_GetResourceLimits
- (buildConstants->procParams, &resourceLimits, plContext),
- PKIX_PROCESSINGPARAMSGETRESOURCELIMITSFAILED);
-
- buildConstants->maxFanout = 0;
- buildConstants->maxDepth = 0;
- buildConstants->maxTime = 0;
-
- if (resourceLimits) {
-
- PKIX_CHECK(PKIX_ResourceLimits_GetMaxFanout
- (resourceLimits, &buildConstants->maxFanout, plContext),
- PKIX_RESOURCELIMITSGETMAXFANOUTFAILED);
-
- PKIX_CHECK(PKIX_ResourceLimits_GetMaxDepth
- (resourceLimits, &buildConstants->maxDepth, plContext),
- PKIX_RESOURCELIMITSGETMAXDEPTHFAILED);
-
- PKIX_CHECK(PKIX_ResourceLimits_GetMaxTime
- (resourceLimits, &buildConstants->maxTime, plContext),
- PKIX_RESOURCELIMITSGETMAXTIMEFAILED);
- }
-
-cleanup:
-
- PKIX_DECREF(resourceLimits);
-
- PKIX_RETURN(BUILD);
-}
-
-/*
- * FUNCTION: pkix_ForwardBuilderState_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_ForwardBuilderState_ToString
- (PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_ForwardBuilderState *state = NULL;
- PKIX_PL_String *formatString = NULL;
- PKIX_PL_String *resultString = NULL;
- PKIX_PL_String *buildStatusString = NULL;
- PKIX_PL_String *validityDateString = NULL;
- PKIX_PL_String *prevCertString = NULL;
- PKIX_PL_String *candidateCertString = NULL;
- PKIX_PL_String *traversedSubjNamesString = NULL;
- PKIX_PL_String *trustChainString = NULL;
- PKIX_PL_String *candidateCertsString = NULL;
- PKIX_PL_String *certSelString = NULL;
- PKIX_PL_String *verifyNodeString = NULL;
- PKIX_PL_String *parentStateString = NULL;
- char *asciiFormat = "\n"
- "\t{buildStatus: \t%s\n"
- "\ttraversedCACerts: \t%d\n"
- "\tcertStoreIndex: \t%d\n"
- "\tnumCerts: \t%d\n"
- "\tnumAias: \t%d\n"
- "\tcertIndex: \t%d\n"
- "\taiaIndex: \t%d\n"
- "\tnumFanout: \t%d\n"
- "\tnumDepth: \t%d\n"
- "\treasonCode: \t%d\n"
- "\trevCheckDelayed: \t%d\n"
- "\tcanBeCached: \t%d\n"
- "\tuseOnlyLocal: \t%d\n"
- "\trevChecking: \t%d\n"
- "\tvalidityDate: \t%s\n"
- "\tprevCert: \t%s\n"
- "\tcandidateCert: \t%s\n"
- "\ttraversedSubjNames: \t%s\n"
- "\ttrustChain: \t%s\n"
- "\tcandidateCerts: \t%s\n"
- "\tcertSel: \t%s\n"
- "\tverifyNode: \t%s\n"
- "\tparentState: \t%s}\n";
- char *asciiStatus = NULL;
-
- PKIX_ENTER(FORWARDBUILDERSTATE, "pkix_ForwardBuilderState_ToString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_FORWARDBUILDERSTATE_TYPE, plContext),
- PKIX_OBJECTNOTFORWARDBUILDERSTATE);
-
- state = (PKIX_ForwardBuilderState *)object;
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext),
- PKIX_STRINGCREATEFAILED);
-
- switch (state->status) {
- case BUILD_SHORTCUTPENDING: asciiStatus = "BUILD_SHORTCUTPENDING";
- break;
- case BUILD_INITIAL: asciiStatus = "BUILD_INITIAL";
- break;
- case BUILD_TRYAIA: asciiStatus = "BUILD_TRYAIA";
- break;
- case BUILD_AIAPENDING: asciiStatus = "BUILD_AIAPENDING";
- break;
- case BUILD_COLLECTINGCERTS: asciiStatus = "BUILD_COLLECTINGCERTS";
- break;
- case BUILD_GATHERPENDING: asciiStatus = "BUILD_GATHERPENDING";
- break;
- case BUILD_CERTVALIDATING: asciiStatus = "BUILD_CERTVALIDATING";
- break;
- case BUILD_ABANDONNODE: asciiStatus = "BUILD_ABANDONNODE";
- break;
- case BUILD_CRLPREP: asciiStatus = "BUILD_CRLPREP";
- break;
- case BUILD_CRL1: asciiStatus = "BUILD_CRL1";
- break;
- case BUILD_DATEPREP: asciiStatus = "BUILD_DATEPREP";
- break;
- case BUILD_CHECKTRUSTED: asciiStatus = "BUILD_CHECKTRUSTED";
- break;
- case BUILD_CHECKTRUSTED2: asciiStatus = "BUILD_CHECKTRUSTED2";
- break;
- case BUILD_ADDTOCHAIN: asciiStatus = "BUILD_ADDTOCHAIN";
- break;
- case BUILD_CRL2: asciiStatus = "BUILD_CRL2";
- break;
- case BUILD_VALCHAIN: asciiStatus = "BUILD_VALCHAIN";
- break;
- case BUILD_VALCHAIN2: asciiStatus = "BUILD_VALCHAIN2";
- break;
- case BUILD_EXTENDCHAIN: asciiStatus = "BUILD_EXTENDCHAIN";
- break;
- case BUILD_GETNEXTCERT: asciiStatus = "BUILD_GETNEXTCERT";
- break;
- default: asciiStatus = "INVALID STATUS";
- break;
- }
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, asciiStatus, 0, &buildStatusString, plContext),
- PKIX_STRINGCREATEFAILED);
-
- PKIX_TOSTRING
- (state->validityDate, &validityDateString, plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_TOSTRING
- (state->prevCert, &prevCertString, plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_TOSTRING
- (state->candidateCert, &candidateCertString, plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_TOSTRING
- (state->traversedSubjNames,
- &traversedSubjNamesString,
- plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_TOSTRING
- (state->trustChain, &trustChainString, plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_TOSTRING
- (state->candidateCerts, &candidateCertsString, plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_TOSTRING
- (state->certSel, &certSelString, plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_TOSTRING
- (state->verifyNode, &verifyNodeString, plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_TOSTRING
- (state->parentState, &parentStateString, plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&resultString,
- plContext,
- formatString,
- buildStatusString,
- (PKIX_Int32)state->traversedCACerts,
- (PKIX_UInt32)state->certStoreIndex,
- (PKIX_UInt32)state->numCerts,
- (PKIX_UInt32)state->numAias,
- (PKIX_UInt32)state->certIndex,
- (PKIX_UInt32)state->aiaIndex,
- (PKIX_UInt32)state->numFanout,
- (PKIX_UInt32)state->numDepth,
- (PKIX_UInt32)state->reasonCode,
- state->revCheckDelayed,
- state->canBeCached,
- state->useOnlyLocal,
- state->revChecking,
- validityDateString,
- prevCertString,
- candidateCertString,
- traversedSubjNamesString,
- trustChainString,
- candidateCertsString,
- certSelString,
- verifyNodeString,
- parentStateString),
- PKIX_SPRINTFFAILED);
-
- *pString = resultString;
-
-cleanup:
- PKIX_DECREF(formatString);
- PKIX_DECREF(buildStatusString);
- PKIX_DECREF(validityDateString);
- PKIX_DECREF(prevCertString);
- PKIX_DECREF(candidateCertString);
- PKIX_DECREF(traversedSubjNamesString);
- PKIX_DECREF(trustChainString);
- PKIX_DECREF(candidateCertsString);
- PKIX_DECREF(certSelString);
- PKIX_DECREF(verifyNodeString);
- PKIX_DECREF(parentStateString);
-
- PKIX_RETURN(FORWARDBUILDERSTATE);
-
-}
-
-/*
- * FUNCTION: pkix_ForwardBuilderState_RegisterSelf
- *
- * DESCRIPTION:
- * Registers PKIX_FORWARDBUILDERSTATE_TYPE and its related functions
- * with systemClasses[]
- *
- * THREAD SAFETY:
- * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_ForwardBuilderState_RegisterSelf(void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(FORWARDBUILDERSTATE,
- "pkix_ForwardBuilderState_RegisterSelf");
-
- entry.description = "ForwardBuilderState";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_ForwardBuilderState);
- entry.destructor = pkix_ForwardBuilderState_Destroy;
- entry.equalsFunction = NULL;
- entry.hashcodeFunction = NULL;
- entry.toStringFunction = pkix_ForwardBuilderState_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = NULL;
-
- systemClasses[PKIX_FORWARDBUILDERSTATE_TYPE] = entry;
-
- PKIX_RETURN(FORWARDBUILDERSTATE);
-}
-
-#if PKIX_FORWARDBUILDERSTATEDEBUG
-/*
- * FUNCTION: pkix_ForwardBuilderState_DumpState
- *
- * DESCRIPTION:
- * This function invokes the ToString function on the argument pointed to
- * by "state".
- * PARAMETERS:
- * "state"
- * The address of the ForwardBuilderState object. Must be non-NULL.
- *
- * THREAD SAFETY:
- * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- */
-PKIX_Error *
-pkix_ForwardBuilderState_DumpState(
- PKIX_ForwardBuilderState *state,
- void *plContext)
-{
- PKIX_PL_String *stateString = NULL;
- char *stateAscii = NULL;
- PKIX_UInt32 length;
-
- PKIX_ENTER(FORWARDBUILDERSTATE,"pkix_ForwardBuilderState_DumpState");
- PKIX_NULLCHECK_ONE(state);
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)state, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)state, &stateString, plContext),
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (stateString,
- PKIX_ESCASCII,
- (void **)&stateAscii,
- &length,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
-
- PKIX_DEBUG_ARG("In Phase 1: state = %s\n", stateAscii);
-
- PKIX_FREE(stateAscii);
- PKIX_DECREF(stateString);
-
-cleanup:
- PKIX_RETURN(FORWARDBUILDERSTATE);
-}
-#endif
-
-/*
- * FUNCTION: pkix_ForwardBuilderState_IsIOPending
- * DESCRIPTION:
- *
- * This function determines whether the state of the ForwardBuilderState
- * pointed to by "state" indicates I/O is in progress, and stores the Boolean
- * result at "pPending".
- *
- * PARAMETERS:
- * "state"
- * The address of the ForwardBuilderState object. Must be non-NULL.
- * "pPending"
- * The address at which the result is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a ForwardBuilderState Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error*
-pkix_ForwardBuilderState_IsIOPending(
- PKIX_ForwardBuilderState *state,
- PKIX_Boolean *pPending,
- void *plContext)
-{
- PKIX_ENTER(FORWARDBUILDERSTATE, "pkix_ForwardBuilderState_IsIOPending");
- PKIX_NULLCHECK_TWO(state, pPending);
-
- if ((state->status == BUILD_GATHERPENDING) ||
- (state->status == BUILD_CRL1) ||
- (state->status == BUILD_CRL2) ||
- (state->status == BUILD_CHECKTRUSTED2) ||
- (state->status == BUILD_VALCHAIN2) ||
- (state->status == BUILD_AIAPENDING)) {
- *pPending = PKIX_TRUE;
- } else {
- *pPending = PKIX_FALSE;
- }
-
- PKIX_RETURN(FORWARDBUILDERSTATE);
-}
-
-/* --Private-BuildChain-Functions------------------------------------------- */
-
-/*
- * FUNCTION: pkix_Build_SortCertComparator
- * DESCRIPTION:
- *
- * This Function takes two Certificates cast in "obj1" and "obj2",
- * compares their validity NotAfter dates and returns the result at
- * "pResult". The comparison key(s) can be expanded by using other
- * data in the Certificate in the future.
- *
- * PARAMETERS:
- * "obj1"
- * Address of the PKIX_PL_Object that is a cast of PKIX_PL_Cert.
- * Must be non-NULL.
- * "obj2"
- * Address of the PKIX_PL_Object that is a cast of PKIX_PL_Cert.
- * Must be non-NULL.
- * "pResult"
- * Address where the comparison result is returned. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Build Error if the function fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_Build_SortCertComparator(
- PKIX_PL_Object *obj1,
- PKIX_PL_Object *obj2,
- PKIX_Int32 *pResult,
- void *plContext)
-{
- PKIX_PL_Date *date1 = NULL;
- PKIX_PL_Date *date2 = NULL;
- PKIX_Boolean result = PKIX_FALSE;
-
- PKIX_ENTER(BUILD, "pkix_Build_SortCertComparator");
- PKIX_NULLCHECK_THREE(obj1, obj2, pResult);
-
- /*
- * For sorting candidate certificates, we use NotAfter date as the
- * sorted key for now (can be expanded if desired in the future).
- *
- * In PKIX_BuildChain, the List of CertStores was reordered so that
- * trusted CertStores are ahead of untrusted CertStores. That sort, or
- * this one, could be taken out if it is determined that it doesn't help
- * performance, or in some way hinders the solution of choosing desired
- * candidates.
- */
-
- PKIX_CHECK(pkix_CheckType(obj1, PKIX_CERT_TYPE, plContext),
- PKIX_OBJECTNOTCERT);
- PKIX_CHECK(pkix_CheckType(obj2, PKIX_CERT_TYPE, plContext),
- PKIX_OBJECTNOTCERT);
-
- PKIX_CHECK(PKIX_PL_Cert_GetValidityNotAfter
- ((PKIX_PL_Cert *)obj1, &date1, plContext),
- PKIX_CERTGETVALIDITYNOTAFTERFAILED);
-
- PKIX_CHECK(PKIX_PL_Cert_GetValidityNotAfter
- ((PKIX_PL_Cert *)obj2, &date2, plContext),
- PKIX_CERTGETVALIDITYNOTAFTERFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_Compare
- ((PKIX_PL_Object *)date1,
- (PKIX_PL_Object *)date2,
- &result,
- plContext),
- PKIX_OBJECTCOMPARATORFAILED);
-
- *pResult = !result;
-
-cleanup:
-
- PKIX_DECREF(date1);
- PKIX_DECREF(date2);
-
- PKIX_RETURN(BUILD);
-}
-
-/* This local error check macro */
-#define ERROR_CHECK(errCode) \
- if (pkixErrorResult) { \
- if (pkixLog) { \
- PR_LOG(pkixLog, PR_LOG_DEBUG, ("====> ERROR_CHECK code %s\n", #errCode)); \
- } \
- pkixTempErrorReceived = PKIX_TRUE; \
- pkixErrorClass = pkixErrorResult->errClass; \
- if (pkixErrorClass == PKIX_FATAL_ERROR) { \
- goto cleanup; \
- } \
- if (verifyNode) { \
- PKIX_DECREF(verifyNode->error); \
- PKIX_INCREF(pkixErrorResult); \
- verifyNode->error = pkixErrorResult; \
- } \
- pkixErrorCode = errCode; \
- goto cleanup; \
- }
-
-/*
- * FUNCTION: pkix_Build_VerifyCertificate
- * DESCRIPTION:
- *
- * Checks whether the previous Cert stored in the ForwardBuilderState pointed
- * to by "state" successfully chains, including signature verification, to the
- * candidate Cert also stored in "state", using the Boolean value in "trusted"
- * to determine whether "candidateCert" is trusted. Using the Boolean value in
- * "revocationChecking" for the existence of revocation checking, it sets
- * "pNeedsCRLChecking" to PKIX_TRUE if the candidate Cert needs to be checked
- * against Certificate Revocation Lists.
- *
- * First it checks whether "candidateCert" has already been traversed by
- * determining whether it is contained in the List of traversed Certs. It
- * checks the candidate Cert with user checkers, if any, in the List pointed to
- * by "userCheckers". It then runs the signature validation. Finally, it
- * determines the appropriate value for "pNeedsCRLChecking".
- *
- * If this Certificate fails verification, and state->verifyNode is non-NULL,
- * this function sets the Error code into the verifyNode.
- *
- * PARAMETERS:
- * "state"
- * Address of ForwardBuilderState to be used. Must be non-NULL.
- * "userCheckers"
- * Address of a List of CertChainCheckers to be used, if present, to
- * validate the candidateCert.
- * "revocationChecking"
- * Boolean indication of whether revocation checking is available, either
- * as a CertChainChecker or a List of RevocationCheckers.
- * "trusted"
- * Boolean value of trust for the candidate Cert
- * "pNeedsCRLChecking"
- * Address where Boolean CRL-checking-needed value is stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Build Error if the function fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_Build_VerifyCertificate(
- PKIX_ForwardBuilderState *state,
- PKIX_List *userCheckers,
- PKIX_Boolean revocationChecking,
- PKIX_Boolean *pTrusted,
- PKIX_Boolean *pNeedsCRLChecking,
- PKIX_VerifyNode *verifyNode,
- void *plContext)
-{
- PKIX_UInt32 numUserCheckers = 0;
- PKIX_UInt32 i = 0;
- PKIX_Boolean loopFound = PKIX_FALSE;
- PKIX_Boolean supportForwardChecking = PKIX_FALSE;
- PKIX_Boolean trusted = PKIX_FALSE;
- PKIX_PL_Cert *candidateCert = NULL;
- PKIX_PL_PublicKey *candidatePubKey = NULL;
- PKIX_CertChainChecker *userChecker = NULL;
- PKIX_CertChainChecker_CheckCallback checkerCheck = NULL;
- PKIX_Boolean trustOnlyUserAnchors = PKIX_FALSE;
- void *nbioContext = NULL;
-
- PKIX_ENTER(BUILD, "pkix_Build_VerifyCertificate");
- PKIX_NULLCHECK_THREE(state, pTrusted, pNeedsCRLChecking);
- PKIX_NULLCHECK_THREE
- (state->candidateCerts, state->prevCert, state->trustChain);
-
- *pNeedsCRLChecking = PKIX_FALSE;
-
- PKIX_INCREF(state->candidateCert);
- candidateCert = state->candidateCert;
-
- /* If user defined trust anchor list is not empty, do not
- * trust any certs except to the ones that are in the list */
- if (state->buildConstants.numAnchors) {
- trustOnlyUserAnchors = PKIX_TRUE;
- }
-
- PKIX_CHECK(
- PKIX_PL_Cert_IsCertTrusted(candidateCert,
- trustOnlyUserAnchors,
- &trusted, plContext),
- PKIX_CERTISCERTTRUSTEDFAILED);
-
- *pTrusted = trusted;
-
- /* check for loops */
- PKIX_CHECK(pkix_List_Contains
- (state->trustChain,
- (PKIX_PL_Object *)candidateCert,
- &loopFound,
- plContext),
- PKIX_LISTCONTAINSFAILED);
-
- if (loopFound) {
- if (verifyNode != NULL) {
- PKIX_Error *verifyError = NULL;
- PKIX_ERROR_CREATE
- (BUILD,
- PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED,
- verifyError);
- PKIX_DECREF(verifyNode->error);
- verifyNode->error = verifyError;
- }
- /* Even if error logged, still need to abort
- * if cert is not trusted. */
- if (!trusted) {
- PKIX_ERROR(PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED);
- }
- state->certLoopingDetected = PKIX_TRUE;
- }
-
- if (userCheckers != NULL) {
-
- PKIX_CHECK(PKIX_List_GetLength
- (userCheckers, &numUserCheckers, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (i = 0; i < numUserCheckers; i++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (userCheckers,
- i,
- (PKIX_PL_Object **) &userChecker,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK
- (PKIX_CertChainChecker_IsForwardCheckingSupported
- (userChecker, &supportForwardChecking, plContext),
- PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED);
-
- if (supportForwardChecking == PKIX_TRUE) {
-
- PKIX_CHECK(PKIX_CertChainChecker_GetCheckCallback
- (userChecker, &checkerCheck, plContext),
- PKIX_CERTCHAINCHECKERGETCHECKCALLBACKFAILED);
-
- pkixErrorResult =
- checkerCheck(userChecker, candidateCert, NULL,
- &nbioContext, plContext);
-
- ERROR_CHECK(PKIX_USERCHECKERCHECKFAILED);
- }
-
- PKIX_DECREF(userChecker);
- }
- }
-
- /* Check that public key of the trusted dsa cert has
- * dsa parameters */
- if (trusted) {
- PKIX_Boolean paramsNeeded = PKIX_FALSE;
- PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKey
- (candidateCert, &candidatePubKey, plContext),
- PKIX_CERTGETSUBJECTPUBLICKEYFAILED);
- PKIX_CHECK(PKIX_PL_PublicKey_NeedsDSAParameters
- (candidatePubKey, &paramsNeeded, plContext),
- PKIX_PUBLICKEYNEEDSDSAPARAMETERSFAILED);
- if (paramsNeeded) {
- PKIX_ERROR(PKIX_MISSINGDSAPARAMETERS);
- }
- }
-
-
- if (revocationChecking) {
- if (!trusted) {
- if (state->revCheckDelayed) {
- goto cleanup;
- } else {
- PKIX_Boolean isSelfIssued = PKIX_FALSE;
- PKIX_CHECK(
- pkix_IsCertSelfIssued(candidateCert, &isSelfIssued,
- plContext),
- PKIX_ISCERTSELFISSUEDFAILED);
- if (isSelfIssued) {
- state->revCheckDelayed = PKIX_TRUE;
- goto cleanup;
- }
- }
- }
- *pNeedsCRLChecking = PKIX_TRUE;
- }
-
-cleanup:
- PKIX_DECREF(candidateCert);
- PKIX_DECREF(candidatePubKey);
- PKIX_DECREF(userChecker);
-
- PKIX_RETURN(BUILD);
-}
-
-/*
- * FUNCTION: pkix_Build_ValidationCheckers
- * DESCRIPTION:
- *
- * Creates a List of Objects to be used in determining whether the List of
- * Certs pointed to by "certChain" successfully validates using the
- * ForwardBuilderState pointed to by "state", and the TrustAnchor pointed to by
- * "anchor". These objects are a reversed Cert Chain, consisting of the certs
- * in "certChain" in reversed order, suitable for presenting to the
- * CertChainCheckers; a List of critical extension OIDS that have already been
- * processed in forward building; a List of CertChainCheckers to be called, and
- * a List of RevocationCheckers to be called. These results are stored in
- * fields of "state".
- *
- * PARAMETERS:
- * "state"
- * Address of ForwardBuilderState to be used. Must be non-NULL.
- * "certChain"
- * Address of List of Certs to be validated. Must be non-NULL.
- * "anchor"
- * Address of TrustAnchor to be used. Must be non-NULL.
- * "addEkuChecker"
- * Boolean flags that tells to add eku checker to the list
- * of checkers. Only needs to be done for existing chain revalidation.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Build Error if the function fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_Build_ValidationCheckers(
- PKIX_ForwardBuilderState *state,
- PKIX_List *certChain,
- PKIX_TrustAnchor *anchor,
- PKIX_Boolean chainRevalidationStage,
- void *plContext)
-{
- PKIX_List *checkers = NULL;
- PKIX_List *initialPolicies = NULL;
- PKIX_List *reversedCertChain = NULL;
- PKIX_List *buildCheckedCritExtOIDsList = NULL;
- PKIX_ProcessingParams *procParams = NULL;
- PKIX_PL_Cert *trustedCert = NULL;
- PKIX_PL_PublicKey *trustedPubKey = NULL;
- PKIX_CertChainChecker *sigChecker = NULL;
- PKIX_CertChainChecker *policyChecker = NULL;
- PKIX_CertChainChecker *userChecker = NULL;
- PKIX_CertChainChecker *checker = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_List *userCheckerExtOIDs = NULL;
- PKIX_PL_OID *oid = NULL;
- PKIX_Boolean supportForwardChecking = PKIX_FALSE;
- PKIX_Boolean policyQualifiersRejected = PKIX_FALSE;
- PKIX_Boolean initialPolicyMappingInhibit = PKIX_FALSE;
- PKIX_Boolean initialAnyPolicyInhibit = PKIX_FALSE;
- PKIX_Boolean initialExplicitPolicy = PKIX_FALSE;
- PKIX_UInt32 numChainCerts;
- PKIX_UInt32 numCertCheckers;
- PKIX_UInt32 i;
-
- PKIX_ENTER(BUILD, "pkix_Build_ValidationCheckers");
- PKIX_NULLCHECK_THREE(state, certChain, anchor);
-
- PKIX_CHECK(PKIX_List_Create(&checkers, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_ReverseList
- (certChain, &reversedCertChain, plContext),
- PKIX_LISTREVERSELISTFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength
- (reversedCertChain, &numChainCerts, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- procParams = state->buildConstants.procParams;
-
- /* Do need to add a number of checker to revalidate
- * a built chain. KU, EKU, CertType and Validity Date
- * get checked by certificate selector during chain
- * construction, but needed to be checked for chain from
- * the cache.*/
- if (chainRevalidationStage) {
- PKIX_CHECK(pkix_ExpirationChecker_Initialize
- (state->buildConstants.testDate, &checker, plContext),
- PKIX_EXPIRATIONCHECKERINITIALIZEFAILED);
- PKIX_CHECK(PKIX_List_AppendItem
- (checkers, (PKIX_PL_Object *)checker, plContext),
- PKIX_LISTAPPENDITEMFAILED);
- PKIX_DECREF(checker);
-
- PKIX_CHECK(PKIX_ProcessingParams_GetTargetCertConstraints
- (procParams, &certSelector, plContext),
- PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED);
-
- PKIX_CHECK(pkix_TargetCertChecker_Initialize
- (certSelector, numChainCerts, &checker, plContext),
- PKIX_EXPIRATIONCHECKERINITIALIZEFAILED);
- PKIX_CHECK(PKIX_List_AppendItem
- (checkers, (PKIX_PL_Object *)checker, plContext),
- PKIX_LISTAPPENDITEMFAILED);
- PKIX_DECREF(checker);
- }
-
- PKIX_CHECK(PKIX_ProcessingParams_GetInitialPolicies
- (procParams, &initialPolicies, plContext),
- PKIX_PROCESSINGPARAMSGETINITIALPOLICIESFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_GetPolicyQualifiersRejected
- (procParams, &policyQualifiersRejected, plContext),
- PKIX_PROCESSINGPARAMSGETPOLICYQUALIFIERSREJECTEDFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_IsPolicyMappingInhibited
- (procParams, &initialPolicyMappingInhibit, plContext),
- PKIX_PROCESSINGPARAMSISPOLICYMAPPINGINHIBITEDFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_IsAnyPolicyInhibited
- (procParams, &initialAnyPolicyInhibit, plContext),
- PKIX_PROCESSINGPARAMSISANYPOLICYINHIBITEDFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_IsExplicitPolicyRequired
- (procParams, &initialExplicitPolicy, plContext),
- PKIX_PROCESSINGPARAMSISEXPLICITPOLICYREQUIREDFAILED);
-
- PKIX_CHECK(pkix_PolicyChecker_Initialize
- (initialPolicies,
- policyQualifiersRejected,
- initialPolicyMappingInhibit,
- initialExplicitPolicy,
- initialAnyPolicyInhibit,
- numChainCerts,
- &policyChecker,
- plContext),
- PKIX_POLICYCHECKERINITIALIZEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (checkers, (PKIX_PL_Object *)policyChecker, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- /*
- * Create an OID list that contains critical extensions processed
- * by BuildChain. These are specified in a static const array.
- */
- PKIX_CHECK(PKIX_List_Create(&buildCheckedCritExtOIDsList, plContext),
- PKIX_LISTCREATEFAILED);
-
- for (i = 0; buildCheckedCritExtOIDs[i] != PKIX_UNKNOWN_OID; i++) {
- PKIX_CHECK(PKIX_PL_OID_Create
- (buildCheckedCritExtOIDs[i], &oid, plContext),
- PKIX_OIDCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (buildCheckedCritExtOIDsList,
- (PKIX_PL_Object *) oid,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_DECREF(oid);
- }
-
- if (state->buildConstants.userCheckers != NULL) {
-
- PKIX_CHECK(PKIX_List_GetLength
- (state->buildConstants.userCheckers,
- &numCertCheckers,
- plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (i = 0; i < numCertCheckers; i++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (state->buildConstants.userCheckers,
- i,
- (PKIX_PL_Object **) &userChecker,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK
- (PKIX_CertChainChecker_IsForwardCheckingSupported
- (userChecker, &supportForwardChecking, plContext),
- PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED);
-
- /*
- * If this userChecker supports forwardChecking then it
- * should have been checked during build chain. Skip
- * checking but need to add checker's extension OIDs
- * to buildCheckedCritExtOIDsList.
- */
- if (supportForwardChecking == PKIX_TRUE) {
-
- PKIX_CHECK
- (PKIX_CertChainChecker_GetSupportedExtensions
- (userChecker, &userCheckerExtOIDs, plContext),
- PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED);
-
- if (userCheckerExtOIDs != NULL) {
- PKIX_CHECK(pkix_List_AppendList
- (buildCheckedCritExtOIDsList,
- userCheckerExtOIDs,
- plContext),
- PKIX_LISTAPPENDLISTFAILED);
- }
-
- } else {
- PKIX_CHECK(PKIX_List_AppendItem
- (checkers,
- (PKIX_PL_Object *)userChecker,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- }
-
- PKIX_DECREF(userCheckerExtOIDs);
- PKIX_DECREF(userChecker);
- }
- }
-
- /* Inabling post chain building signature check on the certs. */
- PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCert
- (anchor, &trustedCert, plContext),
- PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED);
-
- PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKey
- (trustedCert, &trustedPubKey, plContext),
- PKIX_CERTGETSUBJECTPUBLICKEYFAILED);
-
- PKIX_CHECK(pkix_SignatureChecker_Initialize
- (trustedPubKey,
- numChainCerts,
- &sigChecker,
- plContext),
- PKIX_SIGNATURECHECKERINITIALIZEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (checkers,
- (PKIX_PL_Object *)sigChecker,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_DECREF(state->reversedCertChain);
- PKIX_INCREF(reversedCertChain);
- state->reversedCertChain = reversedCertChain;
- PKIX_DECREF(state->checkedCritExtOIDs);
- PKIX_INCREF(buildCheckedCritExtOIDsList);
- state->checkedCritExtOIDs = buildCheckedCritExtOIDsList;
- PKIX_DECREF(state->checkerChain);
- state->checkerChain = checkers;
- checkers = NULL;
- state->certCheckedIndex = 0;
- state->checkerIndex = 0;
- state->revChecking = PKIX_FALSE;
-
-
-cleanup:
-
- PKIX_DECREF(oid);
- PKIX_DECREF(reversedCertChain);
- PKIX_DECREF(buildCheckedCritExtOIDsList);
- PKIX_DECREF(checker);
- PKIX_DECREF(checkers);
- PKIX_DECREF(initialPolicies);
- PKIX_DECREF(trustedCert);
- PKIX_DECREF(trustedPubKey);
- PKIX_DECREF(certSelector);
- PKIX_DECREF(sigChecker);
- PKIX_DECREF(policyChecker);
- PKIX_DECREF(userChecker);
- PKIX_DECREF(userCheckerExtOIDs);
-
- PKIX_RETURN(BUILD);
-}
-
-/*
- * FUNCTION: pkix_Build_ValidateEntireChain
- * DESCRIPTION:
- *
- * Checks whether the current List of Certs successfully validates using the
- * TrustAnchor pointed to by "anchor" and other parameters contained, as was
- * the Cert List, in "state".
- *
- * If a checker using non-blocking I/O returns with a non-NULL non-blocking I/O
- * context (NBIOContext), an indication that I/O is in progress and the
- * checking has not been completed, this function stores that context at
- * "pNBIOContext". Otherwise, it stores NULL at "pNBIOContext".
- *
- * If not awaiting I/O and if successful, a ValidateResult is created
- * containing the Public Key of the target certificate (including DSA parameter
- * inheritance, if any) and the PolicyNode representing the policy tree output
- * by the validation algorithm. If not successful, an Error pointer is
- * returned.
- *
- * PARAMETERS:
- * "state"
- * Address of ForwardBuilderState to be used. Must be non-NULL.
- * "anchor"
- * Address of TrustAnchor to be used. Must be non-NULL.
- * "pNBIOContext"
- * Address at which the NBIOContext is stored indicating whether the
- * validation is complete. Must be non-NULL.
- * "pValResult"
- * Address at which the ValidateResult is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Build Error if the function fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_Build_ValidateEntireChain(
- PKIX_ForwardBuilderState *state,
- PKIX_TrustAnchor *anchor,
- void **pNBIOContext,
- PKIX_ValidateResult **pValResult,
- PKIX_VerifyNode *verifyNode,
- void *plContext)
-{
- PKIX_UInt32 numChainCerts = 0;
- PKIX_PL_PublicKey *subjPubKey = NULL;
- PKIX_PolicyNode *policyTree = NULL;
- PKIX_ValidateResult *valResult = NULL;
- void *nbioContext = NULL;
-
- PKIX_ENTER(BUILD, "pkix_Build_ValidateEntireChain");
- PKIX_NULLCHECK_FOUR(state, anchor, pNBIOContext, pValResult);
-
- *pNBIOContext = NULL; /* prepare for case of error exit */
-
- PKIX_CHECK(PKIX_List_GetLength
- (state->reversedCertChain, &numChainCerts, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- pkixErrorResult =
- pkix_CheckChain(state->reversedCertChain, numChainCerts, anchor,
- state->checkerChain,
- state->buildConstants.revChecker,
- state->checkedCritExtOIDs,
- state->buildConstants.procParams,
- &state->certCheckedIndex, &state->checkerIndex,
- &state->revChecking, &state->reasonCode,
- &nbioContext, &subjPubKey, &policyTree, NULL,
- plContext);
-
- if (nbioContext != NULL) {
- *pNBIOContext = nbioContext;
- goto cleanup;
- }
-
- ERROR_CHECK(PKIX_CHECKCHAINFAILED);
-
- if (state->reasonCode != 0) {
- PKIX_ERROR(PKIX_CHAINREJECTEDBYREVOCATIONCHECKER);
- }
-
- PKIX_CHECK(pkix_ValidateResult_Create
- (subjPubKey, anchor, policyTree, &valResult, plContext),
- PKIX_VALIDATERESULTCREATEFAILED);
-
- *pValResult = valResult;
- valResult = NULL;
-
-cleanup:
- PKIX_DECREF(subjPubKey);
- PKIX_DECREF(policyTree);
- PKIX_DECREF(valResult);
-
- PKIX_RETURN(BUILD);
-}
-
-/*
- * FUNCTION: pkix_Build_SortCandidateCerts
- * DESCRIPTION:
- *
- * This function sorts a List of candidate Certs pointed to by "candidates"
- * using an algorithm that places Certs most likely to produce a successful
- * chain at the front of the list, storing the resulting sorted List at
- * "pSortedCandidates".
- *
- * At present the only sort criterion is that trusted Certs go ahead of
- * untrusted Certs.
- *
- * PARAMETERS:
- * "candidates"
- * Address of List of Candidate Certs to be sorted. Must be non-NULL.
- * "pSortedCandidates"
- * Address at which sorted List is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Build Error if the function fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_Build_SortCandidateCerts(
- PKIX_List *candidates,
- PKIX_List **pSortedCandidates,
- void *plContext)
-{
- PKIX_List *sortedList = NULL;
-
- PKIX_ENTER(BUILD, "pkix_Build_SortCandidateCerts");
- PKIX_NULLCHECK_TWO(candidates, pSortedCandidates);
-
- /*
- * Both bubble and quick sort algorithms are available.
- * For a list of fewer than around 100 items, the bubble sort is more
- * efficient. (This number was determined by experimenting with both
- * algorithms on a Java List.)
- * If the candidate list is very small, using the sort can drag down
- * the performance a little bit.
- */
-
- PKIX_CHECK(pkix_List_BubbleSort
- (candidates,
- pkix_Build_SortCertComparator,
- &sortedList,
- plContext),
- PKIX_LISTBUBBLESORTFAILED);
-
- *pSortedCandidates = sortedList;
-
-cleanup:
-
- PKIX_RETURN(BUILD);
-}
-
-/*
- * FUNCTION: pkix_Build_BuildSelectorAndParams
- * DESCRIPTION:
- *
- * This function creates a CertSelector, initialized with an appropriate
- * ComCertSelParams, using the variables provided in the ForwardBuilderState
- * pointed to by "state". The CertSelector created is stored in the certsel
- * element of "state".
- *
- * PARAMETERS:
- * "state"
- * Address of ForwardBuilderState to be used. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Build Error if the function fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_Build_BuildSelectorAndParams(
- PKIX_ForwardBuilderState *state,
- void *plContext)
-{
- PKIX_ComCertSelParams *certSelParams = NULL;
- PKIX_CertSelector *certSel = NULL;
- PKIX_PL_X500Name *currentIssuer = NULL;
- PKIX_PL_Date *testDate = NULL;
- PKIX_CertSelector *callerCertSelector = NULL;
- PKIX_ComCertSelParams *callerComCertSelParams = NULL;
- PKIX_UInt32 reqKu = 0;
- PKIX_List *reqEkuOids = NULL;
-
- PKIX_ENTER(BUILD, "pkix_Build_BuildSelectorAndParams");
- PKIX_NULLCHECK_THREE(state, state->prevCert, state->traversedSubjNames);
-
- PKIX_CHECK(PKIX_PL_Cert_GetIssuer
- (state->prevCert, &currentIssuer, plContext),
- PKIX_CERTGETISSUERFAILED);
-
- PKIX_CHECK(PKIX_ComCertSelParams_Create(&certSelParams, plContext),
- PKIX_COMCERTSELPARAMSCREATEFAILED);
-
- PKIX_CHECK(PKIX_ComCertSelParams_SetSubject
- (certSelParams, currentIssuer, plContext),
- PKIX_COMCERTSELPARAMSSETSUBJECTFAILED);
-
- PKIX_INCREF(state->buildConstants.testDate);
- testDate = state->buildConstants.testDate;
-
- PKIX_CHECK(PKIX_ComCertSelParams_SetCertificateValid
- (certSelParams, testDate, plContext),
- PKIX_COMCERTSELPARAMSSETCERTIFICATEVALIDFAILED);
-
- PKIX_CHECK(PKIX_ComCertSelParams_SetBasicConstraints
- (certSelParams, state->traversedCACerts, plContext),
- PKIX_COMCERTSELPARAMSSETBASICCONSTRAINTSFAILED);
-
- PKIX_CHECK(PKIX_ComCertSelParams_SetPathToNames
- (certSelParams, state->traversedSubjNames, plContext),
- PKIX_COMCERTSELPARAMSSETPATHTONAMESFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_GetTargetCertConstraints
- (state->buildConstants.procParams,
- &callerCertSelector, plContext),
- PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED);
-
- if (callerCertSelector != NULL) {
-
- /* Get initial EKU OIDs from ComCertSelParams, if set */
- PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParams
- (callerCertSelector, &callerComCertSelParams, plContext),
- PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED);
-
- if (callerComCertSelParams != NULL) {
- PKIX_CHECK(PKIX_ComCertSelParams_GetExtendedKeyUsage
- (callerComCertSelParams, &reqEkuOids, plContext),
- PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetKeyUsage
- (callerComCertSelParams, &reqKu, plContext),
- PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED);
- }
- }
-
- PKIX_CHECK(
- PKIX_ComCertSelParams_SetKeyUsage(certSelParams, reqKu,
- plContext),
- PKIX_COMCERTSELPARAMSSETKEYUSAGEFAILED);
-
- PKIX_CHECK(
- PKIX_ComCertSelParams_SetExtendedKeyUsage(certSelParams,
- reqEkuOids,
- plContext),
- PKIX_COMCERTSELPARAMSSETEXTKEYUSAGEFAILED);
-
- PKIX_CHECK(PKIX_CertSelector_Create
- (NULL, NULL, &state->certSel, plContext),
- PKIX_CERTSELECTORCREATEFAILED);
-
- PKIX_CHECK(PKIX_CertSelector_SetCommonCertSelectorParams
- (state->certSel, certSelParams, plContext),
- PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED);
-
- PKIX_CHECK(PKIX_List_Create(&state->candidateCerts, plContext),
- PKIX_LISTCREATEFAILED);
-
- state->certStoreIndex = 0;
-
-cleanup:
- PKIX_DECREF(certSelParams);
- PKIX_DECREF(certSel);
- PKIX_DECREF(currentIssuer);
- PKIX_DECREF(testDate);
- PKIX_DECREF(reqEkuOids);
- PKIX_DECREF(callerComCertSelParams);
- PKIX_DECREF(callerCertSelector);
-
- PKIX_RETURN(BUILD);
-}
-
-/* Match trust anchor to select params in order to find next cert. */
-static PKIX_Error*
-pkix_Build_SelectCertsFromTrustAnchors(
- PKIX_List *trustAnchorsList,
- PKIX_ComCertSelParams *certSelParams,
- PKIX_List **pMatchList,
- void *plContext)
-{
- int anchorIndex = 0;
- PKIX_TrustAnchor *anchor = NULL;
- PKIX_PL_Cert *trustedCert = NULL;
- PKIX_List *matchList = NULL;
- PKIX_CertSelector *certSel = NULL;
- PKIX_CertSelector_MatchCallback selectorMatchCB = NULL;
-
- PKIX_ENTER(BUILD, "pkix_Build_SelectCertsFromTrustAnchors");
-
- PKIX_CHECK(PKIX_CertSelector_Create
- (NULL, NULL, &certSel, plContext),
- PKIX_CERTSELECTORCREATEFAILED);
- PKIX_CHECK(PKIX_CertSelector_SetCommonCertSelectorParams
- (certSel, certSelParams, plContext),
- PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED);
- PKIX_CHECK(PKIX_CertSelector_GetMatchCallback
- (certSel, &selectorMatchCB, plContext),
- PKIX_CERTSELECTORGETMATCHCALLBACKFAILED);
-
- for (anchorIndex = 0;anchorIndex < trustAnchorsList->length; anchorIndex++) {
- PKIX_CHECK(
- PKIX_List_GetItem(trustAnchorsList,
- anchorIndex,
- (PKIX_PL_Object **)&anchor,
- plContext),
- PKIX_LISTGETITEMFAILED);
- PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCert
- (anchor, &trustedCert, plContext),
- PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED);
- pkixErrorResult =
- (*selectorMatchCB)(certSel, trustedCert, plContext);
- if (!pkixErrorResult) {
- if (!matchList) {
- PKIX_CHECK(PKIX_List_Create(&matchList,
- plContext),
- PKIX_LISTCREATEFAILED);
- }
- PKIX_CHECK(
- PKIX_List_AppendItem(matchList,
- (PKIX_PL_Object*)trustedCert,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- } else {
- PKIX_DECREF(pkixErrorResult);
- }
- PKIX_DECREF(trustedCert);
- PKIX_DECREF(anchor);
- }
-
- *pMatchList = matchList;
- matchList = NULL;
-
-cleanup:
- PKIX_DECREF(matchList);
- PKIX_DECREF(trustedCert);
- PKIX_DECREF(anchor);
- PKIX_DECREF(certSel);
-
- PKIX_RETURN(BUILD);
-}
-
-
-static PKIX_Error*
-pkix_Build_RemoveDupUntrustedCerts(
- PKIX_List *trustedCertList,
- PKIX_List *certsFound,
- void *plContext)
-{
- PKIX_UInt32 trustIndex;
- PKIX_PL_Cert *trustCert = NULL, *cert = NULL;
-
- PKIX_ENTER(BUILD, "pkix_Build_RemoveDupUntrustedCerts");
- if (trustedCertList == NULL || certsFound == NULL) {
- goto cleanup;
- }
- for (trustIndex = 0;trustIndex < trustedCertList->length;
- trustIndex++) {
- PKIX_UInt32 certIndex = 0;
- PKIX_CHECK(
- PKIX_List_GetItem(trustedCertList,
- trustIndex,
- (PKIX_PL_Object **)&trustCert,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- while (certIndex < certsFound->length) {
- PKIX_Boolean result = PKIX_FALSE;
- PKIX_DECREF(cert);
- PKIX_CHECK(
- PKIX_List_GetItem(certsFound, certIndex,
- (PKIX_PL_Object **)&cert,
- plContext),
- PKIX_LISTGETITEMFAILED);
- PKIX_CHECK(
- PKIX_PL_Object_Equals((PKIX_PL_Object *)trustCert,
- (PKIX_PL_Object *)cert,
- &result,
- plContext),
- PKIX_OBJECTEQUALSFAILED);
- if (!result) {
- certIndex += 1;
- continue;
- }
- PKIX_CHECK(
- PKIX_List_DeleteItem(certsFound, certIndex,
- plContext),
- PKIX_LISTDELETEITEMFAILED);
- }
- PKIX_DECREF(trustCert);
- }
-cleanup:
- PKIX_DECREF(cert);
- PKIX_DECREF(trustCert);
-
- PKIX_RETURN(BUILD);
-}
-
-
-/*
- * FUNCTION: pkix_Build_GatherCerts
- * DESCRIPTION:
- *
- * This function traverses the CertStores in the List of CertStores contained
- * in "state", using the certSelector and other parameters contained in
- * "state", to obtain a List of all available Certs that satisfy the criteria.
- * If a CertStore has a cache, "certSelParams" is used both to query the cache
- * and, if an actual CertStore search occurred, to update the cache. (Behavior
- * is undefined if "certSelParams" is different from the parameters that were
- * used to initialize the certSelector in "state".)
- *
- * If a CertStore using non-blocking I/O returns with an indication that I/O is
- * in progress and the checking has not been completed, this function stores
- * platform-dependent information at "pNBIOContext". Otherwise it stores NULL
- * at "pNBIOContext", and state is updated with the results of the search.
- *
- * PARAMETERS:
- * "state"
- * Address of ForwardBuilderState to be used. Must be non-NULL.
- * "certSelParams"
- * Address of ComCertSelParams which were used in creating the current
- * CertSelector, and to be used in querying and updating any caches that
- * may be associated with with the CertStores.
- * "pNBIOContext"
- * Address at which platform-dependent information is returned if request
- * is suspended for non-blocking I/O. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Build Error if the function fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-/* return NULL if wouldblock, empty list if none found, else list of found */
-static PKIX_Error *
-pkix_Build_GatherCerts(
- PKIX_ForwardBuilderState *state,
- PKIX_ComCertSelParams *certSelParams,
- void **pNBIOContext,
- void *plContext)
-{
- PKIX_Boolean certStoreIsCached = PKIX_FALSE;
- PKIX_Boolean certStoreIsLocal = PKIX_FALSE;
- PKIX_Boolean foundInCache = PKIX_FALSE;
- PKIX_CertStore *certStore = NULL;
- PKIX_CertStore_CertCallback getCerts = NULL;
- PKIX_List *certsFound = NULL;
- PKIX_List *trustedCertList = NULL;
- void *nbioContext = NULL;
-
- PKIX_ENTER(BUILD, "pkix_Build_GatherCerts");
- PKIX_NULLCHECK_THREE(state, certSelParams, pNBIOContext);
-
- nbioContext = *pNBIOContext;
- *pNBIOContext = NULL;
-
- PKIX_DECREF(state->candidateCerts);
-
- while (state->certStoreIndex < state->buildConstants.numCertStores) {
-
- /* Get the current CertStore */
- PKIX_CHECK(PKIX_List_GetItem
- (state->buildConstants.certStores,
- state->certStoreIndex,
- (PKIX_PL_Object **)&certStore,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(PKIX_CertStore_GetLocalFlag
- (certStore, &certStoreIsLocal, plContext),
- PKIX_CERTSTOREGETLOCALFLAGFAILED);
-
- if (state->useOnlyLocal == certStoreIsLocal) {
- /* If GATHERPENDING, we've already checked the cache */
- if (state->status == BUILD_GATHERPENDING) {
- certStoreIsCached = PKIX_FALSE;
- foundInCache = PKIX_FALSE;
- } else {
- PKIX_CHECK(PKIX_CertStore_GetCertStoreCacheFlag
- (certStore, &certStoreIsCached, plContext),
- PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED);
-
- if (certStoreIsCached) {
- /*
- * Look for Certs in the cache, using the SubjectName as
- * the key. Then the ComCertSelParams are used to filter
- * for qualified certs. If none are found, then the
- * certStores are queried. When we eventually add items
- * to the cache, we will only add items that passed the
- * ComCertSelParams filter, rather than all Certs which
- * matched the SubjectName.
- */
-
- PKIX_CHECK(pkix_CacheCert_Lookup
- (certStore,
- certSelParams,
- state->buildConstants.testDate,
- &foundInCache,
- &certsFound,
- plContext),
- PKIX_CACHECERTCHAINLOOKUPFAILED);
-
- }
- }
-
- /*
- * XXX need to verify if Cert is trusted, hence may not
- * be worth it to have the Cert Cached or
- * If it is trusted, don't cache, but once there is cached
- * certs, we won't get certs from database any more.
- * can use flag to force not getting certs from cache
- */
- if (!foundInCache) {
-
- if (nbioContext == NULL) {
- PKIX_CHECK(PKIX_CertStore_GetCertCallback
- (certStore, &getCerts, plContext),
- PKIX_CERTSTOREGETCERTCALLBACKFAILED);
-
- PKIX_CHECK(getCerts
- (certStore,
- state->certSel,
- state->verifyNode,
- &nbioContext,
- &certsFound,
- plContext),
- PKIX_GETCERTSFAILED);
- } else {
- PKIX_CHECK(PKIX_CertStore_CertContinue
- (certStore,
- state->certSel,
- state->verifyNode,
- &nbioContext,
- &certsFound,
- plContext),
- PKIX_CERTSTORECERTCONTINUEFAILED);
- }
-
- if (certStoreIsCached && certsFound) {
-
- PKIX_CHECK(pkix_CacheCert_Add
- (certStore,
- certSelParams,
- certsFound,
- plContext),
- PKIX_CACHECERTADDFAILED);
- }
- }
-
- /*
- * getCerts returns an empty list for "NONE FOUND",
- * a NULL list for "would block"
- */
- if (certsFound == NULL) {
- state->status = BUILD_GATHERPENDING;
- *pNBIOContext = nbioContext;
- goto cleanup;
- }
- }
-
- /* Are there any more certStores to query? */
- PKIX_DECREF(certStore);
- ++(state->certStoreIndex);
- }
-
- if (certsFound && certsFound->length > 1) {
- PKIX_List *sorted = NULL;
-
- /* sort Certs to try to optimize search */
- PKIX_CHECK(pkix_Build_SortCandidateCerts
- (certsFound, &sorted, plContext),
- PKIX_BUILDSORTCANDIDATECERTSFAILED);
- PKIX_DECREF(certsFound);
- certsFound = sorted;
- }
-
- PKIX_CHECK(
- pkix_Build_SelectCertsFromTrustAnchors(
- state->buildConstants.anchors,
- certSelParams, &trustedCertList,
- plContext),
- PKIX_FAILTOSELECTCERTSFROMANCHORS);
- PKIX_CHECK(
- pkix_Build_RemoveDupUntrustedCerts(trustedCertList,
- certsFound,
- plContext),
- PKIX_REMOVEDUPUNTRUSTEDCERTSFAILED);
-
- PKIX_CHECK(
- pkix_List_MergeLists(trustedCertList,
- certsFound,
- &state->candidateCerts,
- plContext),
- PKIX_LISTMERGEFAILED);
-
- /* No, return the list we have gathered */
- PKIX_CHECK(PKIX_List_GetLength
- (state->candidateCerts, &state->numCerts, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- state->certIndex = 0;
-
-cleanup:
- PKIX_DECREF(trustedCertList);
- PKIX_DECREF(certStore);
- PKIX_DECREF(certsFound);
-
- PKIX_RETURN(BUILD);
-}
-
-/*
- * FUNCTION: pkix_Build_UpdateDate
- * DESCRIPTION:
- *
- * This function updates the validityDate contained in "state", for the current
- * CertChain contained in "state", to include the validityDate of the
- * candidateCert contained in "state". The validityDate of a chain is the
- * earliest of all the notAfter dates contained in the respective Certificates.
- *
- * PARAMETERS:
- * "state"
- * Address of ForwardBuilderState to be used. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Build Error if the function fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_Build_UpdateDate(
- PKIX_ForwardBuilderState *state,
- void *plContext)
-{
- PKIX_Boolean canBeCached = PKIX_FALSE;
- PKIX_Int32 comparison = 0;
- PKIX_PL_Date *notAfter = NULL;
-
- PKIX_ENTER(BUILD, "pkix_Build_UpdateDate");
- PKIX_NULLCHECK_ONE(state);
-
- PKIX_CHECK(PKIX_PL_Cert_GetCacheFlag
- (state->candidateCert, &canBeCached, plContext),
- PKIX_CERTGETCACHEFLAGFAILED);
-
- state->canBeCached = state->canBeCached && canBeCached;
- if (state->canBeCached == PKIX_TRUE) {
-
- /*
- * So far, all certs can be cached. Update cert
- * chain validity time, which is the earliest of
- * all certs' notAfter times.
- */
- PKIX_CHECK(PKIX_PL_Cert_GetValidityNotAfter
- (state->candidateCert, &notAfter, plContext),
- PKIX_CERTGETVALIDITYNOTAFTERFAILED);
-
- if (state->validityDate == NULL) {
- state->validityDate = notAfter;
- notAfter = NULL;
- } else {
- PKIX_CHECK(PKIX_PL_Object_Compare
- ((PKIX_PL_Object *)state->validityDate,
- (PKIX_PL_Object *)notAfter,
- &comparison,
- plContext),
- PKIX_OBJECTCOMPARATORFAILED);
- if (comparison > 0) {
- PKIX_DECREF(state->validityDate);
- state->validityDate = notAfter;
- notAfter = NULL;
- }
- }
- }
-
-cleanup:
-
- PKIX_DECREF(notAfter);
-
- PKIX_RETURN(BUILD);
-}
-
-/*
- * FUNCTION: pkix_BuildForwardDepthFirstSearch
- * DESCRIPTION:
- *
- * This function performs a depth first search in the "forward" direction (from
- * the target Cert to the trust anchor). A non-NULL targetCert must be stored
- * in the ForwardBuilderState before this function is called. It is not written
- * recursively since execution may be suspended in in any of several places
- * pending completion of non-blocking I/O. This iterative structure makes it
- * much easier to resume where it left off.
- *
- * Since the nature of the search is recursive, the recursion is handled by
- * chaining states. That is, each new step involves creating a new
- * ForwardBuilderState linked to its predecessor. If a step turns out to be
- * fruitless, the state of the predecessor is restored and the next alternative
- * is tried. When a search is successful, values needed from the last state
- * (canBeCached and validityDate) are copied to the state provided by the
- * caller, so that the caller can retrieve those values.
- *
- * There are three return arguments, the NBIOContext, the ValidateResult and
- * the ForwardBuilderState. If NBIOContext is non-NULL, it means the search is
- * suspended until the results of a non-blocking IO become available. The
- * caller may wait for the completion using platform-dependent methods and then
- * call this function again, allowing it to resume the search. If NBIOContext
- * is NULL and the ValidateResult is non-NULL, it means the search has
- * concluded successfully. If the NBIOContext is NULL but the ValidateResult is
- * NULL, it means the search was unsuccessful.
- *
- * This function performs several steps at each node in the constructed chain:
- *
- * 1) It retrieves Certs from the registered CertStores that match the
- * criteria established by the ForwardBuilderState pointed to by "state", such
- * as a subject name matching the issuer name of the previous Cert. If there
- * are no matching Certs, the function returns to the previous, or "parent",
- * state and tries to continue the chain building with another of the Certs
- * obtained from the CertStores as possible issuers for that parent Cert.
- *
- * 2) For each candidate Cert returned by the CertStores, this function checks
- * whether the Cert is valid. If it is trusted, this function checks whether
- * this Cert might serve as a TrustAnchor for a complete chain.
- *
- * 3) It determines whether this Cert, in conjunction with any of the
- * TrustAnchors, might complete a chain. A complete chain, from this or the
- * preceding step, is checked to see whether it is valid as a complete
- * chain, including the checks that cannot be done in the forward direction.
- *
- * 4) If this Cert chains successfully, but is not a complete chain, that is,
- * we have not reached a trusted Cert, a new ForwardBuilderState is created
- * with this Cert as the immediate predecessor, and we continue in step (1),
- * attempting to get Certs from the CertStores with this Certs "issuer" as
- * their subject.
- *
- * 5) If an entire chain validates successfully, then we are done. A
- * ValidateResult is created containing the Public Key of the target
- * certificate (including DSA parameter inheritance, if any) and the
- * PolicyNode representing the policy tree output by the validation algorithm,
- * and stored at pValResult, and the function exits returning NULL.
- *
- * 5) If the entire chain does not validate successfully, the algorithm
- * discards the latest Cert and continues in step 2 with the next candidate
- * Cert, backing up to a parent state when no more possibilities exist at a
- * given level, and returning failure when we try to back up but discover we
- * are at the top level.
- *
- * PARAMETERS:
- * "pNBIOContext"
- * Address at which platform-dependent information is returned if building
- * is suspended for non-blocking I/O. Must be non-NULL.
- * "pState"
- * Address at which input ForwardBuilderState is found, and at which output
- * ForwardBuilderState is stored. Must be non-NULL.
- * "pValResult"
- * Address at which the ValidateResult is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Build Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_BuildForwardDepthFirstSearch(
- void **pNBIOContext,
- PKIX_ForwardBuilderState *state,
- PKIX_ValidateResult **pValResult,
- void *plContext)
-{
- PKIX_Boolean outOfOptions = PKIX_FALSE;
- PKIX_Boolean trusted = PKIX_FALSE;
- PKIX_Boolean isSelfIssued = PKIX_FALSE;
- PKIX_Boolean canBeCached = PKIX_FALSE;
- PKIX_Boolean revocationCheckingExists = PKIX_FALSE;
- PKIX_Boolean needsCRLChecking = PKIX_FALSE;
- PKIX_Boolean ioPending = PKIX_FALSE;
- PKIX_PL_Date *validityDate = NULL;
- PKIX_PL_Date *currTime = NULL;
- PKIX_Int32 childTraversedCACerts = 0;
- PKIX_UInt32 numSubjectNames = 0;
- PKIX_UInt32 numChained = 0;
- PKIX_Int32 cmpTimeResult = 0;
- PKIX_UInt32 i = 0;
- PKIX_UInt32 certsSoFar = 0;
- PKIX_List *childTraversedSubjNames = NULL;
- PKIX_List *subjectNames = NULL;
- PKIX_List *unfilteredCerts = NULL;
- PKIX_List *filteredCerts = NULL;
- PKIX_PL_Object *subjectName = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_ForwardBuilderState *childState = NULL;
- PKIX_ForwardBuilderState *parentState = NULL;
- PKIX_PL_Object *revCheckerState = NULL;
- PKIX_ComCertSelParams *certSelParams = NULL;
- PKIX_TrustAnchor *trustAnchor = NULL;
- PKIX_PL_Cert *trustedCert = NULL;
- PKIX_VerifyNode *verifyNode = NULL;
- PKIX_Error *verifyError = NULL;
- PKIX_Error *finalError = NULL;
- void *nbio = NULL;
-
- PKIX_ENTER(BUILD, "pkix_BuildForwardDepthFirstSearch");
- PKIX_NULLCHECK_THREE(pNBIOContext, state, pValResult);
-
- nbio = *pNBIOContext;
- *pNBIOContext = NULL;
- PKIX_INCREF(state->validityDate);
- validityDate = state->validityDate;
- canBeCached = state->canBeCached;
- PKIX_DECREF(*pValResult);
-
- /*
- * We return if successful; if we fall off the end
- * of this "while" clause our search has failed.
- */
- while (outOfOptions == PKIX_FALSE) {
-
- if (state->buildConstants.maxTime != 0) {
- PKIX_DECREF(currTime);
- PKIX_CHECK(PKIX_PL_Date_Create_UTCTime
- (NULL, &currTime, plContext),
- PKIX_DATECREATEUTCTIMEFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_Compare
- ((PKIX_PL_Object *)state->buildConstants.timeLimit,
- (PKIX_PL_Object *)currTime,
- &cmpTimeResult,
- plContext),
- PKIX_OBJECTCOMPARATORFAILED);
-
- if (cmpTimeResult < 0) {
- if (state->verifyNode != NULL) {
- PKIX_ERROR_CREATE
- (BUILD,
- PKIX_TIMECONSUMEDEXCEEDSRESOURCELIMITS,
- verifyError);
- PKIX_CHECK_FATAL(pkix_VerifyNode_SetError
- (state->verifyNode,
- verifyError,
- plContext),
- PKIX_VERIFYNODESETERRORFAILED);
- PKIX_DECREF(finalError);
- finalError = verifyError;
- verifyError = NULL;
- }
- /* Even if we logged error, we still have to abort */
- PKIX_ERROR(PKIX_TIMECONSUMEDEXCEEDSRESOURCELIMITS);
- }
- }
-
- if (state->status == BUILD_INITIAL) {
-
- PKIX_CHECK(pkix_Build_BuildSelectorAndParams(state, plContext),
- PKIX_BUILDBUILDSELECTORANDPARAMSFAILED);
-
- /*
- * If the caller supplied a partial certChain (hintCerts) try
- * the next one from that List before we go to the certStores.
- */
- if (state->buildConstants.numHintCerts > 0) {
- /* How many Certs does our trust chain have already? */
- PKIX_CHECK(PKIX_List_GetLength
- (state->trustChain, &certsSoFar, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- /* That includes the target Cert. Don't count it. */
- certsSoFar--;
-
- /* Are we still within range of the partial chain? */
- if (certsSoFar >= state->buildConstants.numHintCerts) {
- state->status = BUILD_TRYAIA;
- } else {
- /*
- * If we already have n certs, we want the n+1th
- * (i.e., index = n) from the list of hints.
- */
- PKIX_DECREF(state->candidateCert);
- PKIX_CHECK(PKIX_List_GetItem
- (state->buildConstants.hintCerts,
- certsSoFar,
- (PKIX_PL_Object **)&state->candidateCert,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (state->candidateCerts,
- (PKIX_PL_Object *)state->candidateCert,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- state->numCerts = 1;
- state->usingHintCerts = PKIX_TRUE;
- state->status = BUILD_CERTVALIDATING;
- }
- } else {
- state->status = BUILD_TRYAIA;
- }
-
- }
-
- if (state->status == BUILD_TRYAIA) {
- if (state->useOnlyLocal == PKIX_TRUE) {
- state->status = BUILD_COLLECTINGCERTS;
- } else {
- state->status = BUILD_AIAPENDING;
- }
- }
-
- if (state->status == BUILD_AIAPENDING &&
- state->buildConstants.aiaMgr) {
- pkixErrorResult = PKIX_PL_AIAMgr_GetAIACerts
- (state->buildConstants.aiaMgr,
- state->prevCert,
- &nbio,
- &unfilteredCerts,
- plContext);
-
- if (nbio != NULL) {
- /* IO still pending, resume later */
- *pNBIOContext = nbio;
- goto cleanup;
- }
- state->numCerts = 0;
- if (pkixErrorResult) {
- pkixErrorClass = pkixErrorResult->errClass;
- if (pkixErrorClass == PKIX_FATAL_ERROR) {
- goto fatal;
- }
- PKIX_DECREF(finalError);
- finalError = pkixErrorResult;
- pkixErrorResult = NULL;
- if (state->verifyNode != NULL) {
- /* state->verifyNode is the object that contains a list
- * of verifyNodes. verifyNodes contains cert chain build
- * failures that occured on this level of chian building.
- * Here, creating new verify node
- * to log the failure and adding it to the list. */
- PKIX_CHECK_FATAL(pkix_VerifyNode_Create
- (state->prevCert,
- 0, NULL,
- &verifyNode,
- plContext),
- PKIX_VERIFYNODECREATEFAILED);
- PKIX_CHECK_FATAL(pkix_VerifyNode_SetError
- (verifyNode, finalError, plContext),
- PKIX_VERIFYNODESETERRORFAILED);
- PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTree
- (state->verifyNode,
- verifyNode,
- plContext),
- PKIX_VERIFYNODEADDTOTREEFAILED);
- PKIX_DECREF(verifyNode);
- }
- }
-#ifdef PKIX_BUILDDEBUG
- /* Turn this on to trace the List of Certs, before CertSelect */
- {
- PKIX_PL_String *unString;
- char *unAscii;
- PKIX_UInt32 length;
- PKIX_TOSTRING
- ((PKIX_PL_Object*)unfilteredCerts,
- &unString,
- plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (unString,
- PKIX_ESCASCII,
- (void **)&unAscii,
- &length,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
-
- PKIX_DEBUG_ARG
- ("unfilteredCerts = %s\n", unAscii);
- PKIX_DECREF(unString);
- PKIX_FREE(unAscii);
- }
-#endif
-
- /* Note: Certs winnowed here don't get into VerifyTree. */
- if (unfilteredCerts) {
- PKIX_CHECK(pkix_CertSelector_Select
- (state->certSel,
- unfilteredCerts,
- &filteredCerts,
- plContext),
- PKIX_CERTSELECTORSELECTFAILED);
-
- PKIX_DECREF(unfilteredCerts);
-
- PKIX_CHECK(PKIX_List_GetLength
- (filteredCerts, &(state->numCerts), plContext),
- PKIX_LISTGETLENGTHFAILED);
-
-#ifdef PKIX_BUILDDEBUG
- /* Turn this on to trace the List of Certs, after CertSelect */
- {
- PKIX_PL_String *unString;
- char *unAscii;
- PKIX_UInt32 length;
- PKIX_TOSTRING
- ((PKIX_PL_Object*)filteredCerts,
- &unString,
- plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (unString,
- PKIX_ESCASCII,
- (void **)&unAscii,
- &length,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
-
- PKIX_DEBUG_ARG("filteredCerts = %s\n", unAscii);
- PKIX_DECREF(unString);
- PKIX_FREE(unAscii);
- }
-#endif
-
- PKIX_DECREF(state->candidateCerts);
- state->candidateCerts = filteredCerts;
- state->certIndex = 0;
- filteredCerts = NULL;
- }
-
- /* Are there any Certs to try? */
- if (state->numCerts > 0) {
- state->status = BUILD_CERTVALIDATING;
- } else {
- state->status = BUILD_COLLECTINGCERTS;
- }
- }
-
- PKIX_DECREF(certSelParams);
- PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParams
- (state->certSel, &certSelParams, plContext),
- PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED);
-
- /* **** Querying the CertStores ***** */
- if ((state->status == BUILD_COLLECTINGCERTS) ||
- (state->status == BUILD_GATHERPENDING)) {
-
-#if PKIX_FORWARDBUILDERSTATEDEBUG
- PKIX_CHECK(pkix_ForwardBuilderState_DumpState
- (state, plContext),
- PKIX_FORWARDBUILDERSTATEDUMPSTATEFAILED);
-#endif
-
- PKIX_CHECK(pkix_Build_GatherCerts
- (state, certSelParams, &nbio, plContext),
- PKIX_BUILDGATHERCERTSFAILED);
-
- if (nbio != NULL) {
- /* IO still pending, resume later */
- *pNBIOContext = nbio;
- goto cleanup;
- }
-
- /* Are there any Certs to try? */
- if (state->numCerts > 0) {
- state->status = BUILD_CERTVALIDATING;
- } else {
- state->status = BUILD_ABANDONNODE;
- }
- }
-
- /* ****Phase 2 - Chain building***** */
-
-#if PKIX_FORWARDBUILDERSTATEDEBUG
- PKIX_CHECK(pkix_ForwardBuilderState_DumpState(state, plContext),
- PKIX_FORWARDBUILDERSTATEDUMPSTATEFAILED);
-#endif
-
- if (state->status == BUILD_CERTVALIDATING) {
- revocationCheckingExists =
- (state->buildConstants.revChecker != NULL);
-
- PKIX_DECREF(state->candidateCert);
- PKIX_CHECK(PKIX_List_GetItem
- (state->candidateCerts,
- state->certIndex,
- (PKIX_PL_Object **)&(state->candidateCert),
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- if ((state->verifyNode) != NULL) {
- PKIX_CHECK_FATAL(pkix_VerifyNode_Create
- (state->candidateCert,
- 0,
- NULL,
- &verifyNode,
- plContext),
- PKIX_VERIFYNODECREATEFAILED);
- }
-
- /* If failure, this function sets Error in verifyNode */
- verifyError = pkix_Build_VerifyCertificate
- (state,
- state->buildConstants.userCheckers,
- revocationCheckingExists,
- &trusted,
- &needsCRLChecking,
- verifyNode,
- plContext);
-
- if (verifyError) {
- pkixTempErrorReceived = PKIX_TRUE;
- pkixErrorClass = verifyError->errClass;
- if (pkixErrorClass == PKIX_FATAL_ERROR) {
- pkixErrorResult = verifyError;
- verifyError = NULL;
- goto fatal;
- }
- }
-
- if (PKIX_ERROR_RECEIVED) {
- if (state->verifyNode != NULL) {
- PKIX_CHECK_FATAL(pkix_VerifyNode_SetError
- (verifyNode, verifyError, plContext),
- PKIX_VERIFYNODESETERRORFAILED);
- PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTree
- (state->verifyNode,
- verifyNode,
- plContext),
- PKIX_VERIFYNODEADDTOTREEFAILED);
- PKIX_DECREF(verifyNode);
- }
- pkixTempErrorReceived = PKIX_FALSE;
- PKIX_DECREF(finalError);
- finalError = verifyError;
- verifyError = NULL;
- if (state->certLoopingDetected) {
- PKIX_ERROR
- (PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED);
- }
- state->status = BUILD_GETNEXTCERT;
- } else if (needsCRLChecking) {
- state->status = BUILD_CRLPREP;
- } else {
- state->status = BUILD_DATEPREP;
- }
- }
-
- if (state->status == BUILD_CRLPREP) {
- PKIX_RevocationStatus revStatus;
- PKIX_UInt32 reasonCode;
-
- verifyError =
- PKIX_RevocationChecker_Check(
- state->prevCert, state->candidateCert,
- state->buildConstants.revChecker,
- state->buildConstants.procParams,
- PKIX_FALSE,
- (state->parentState == NULL) ?
- PKIX_TRUE : PKIX_FALSE,
- &revStatus, &reasonCode,
- &nbio, plContext);
- if (nbio != NULL) {
- *pNBIOContext = nbio;
- goto cleanup;
- }
- if (revStatus == PKIX_RevStatus_Revoked || verifyError) {
- if (!verifyError) {
- /* if verifyError is returned then use it as
- * it has a detailed revocation error code.
- * Otherwise create a new error */
- PKIX_ERROR_CREATE(VALIDATE, PKIX_CERTIFICATEREVOKED,
- verifyError);
- }
- if (state->verifyNode != NULL) {
- PKIX_CHECK_FATAL(pkix_VerifyNode_SetError
- (verifyNode, verifyError, plContext),
- PKIX_VERIFYNODESETERRORFAILED);
- PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTree
- (state->verifyNode,
- verifyNode,
- plContext),
- PKIX_VERIFYNODEADDTOTREEFAILED);
- PKIX_DECREF(verifyNode);
- }
- PKIX_DECREF(finalError);
- finalError = verifyError;
- verifyError = NULL;
- if (state->certLoopingDetected) {
- PKIX_ERROR
- (PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED);
- }
- state->status = BUILD_GETNEXTCERT;
- } else {
- state->status = BUILD_DATEPREP;
- }
- }
-
- if (state->status == BUILD_DATEPREP) {
- /* Keep track of whether this chain can be cached */
- PKIX_CHECK(pkix_Build_UpdateDate(state, plContext),
- PKIX_BUILDUPDATEDATEFAILED);
-
- canBeCached = state->canBeCached;
- PKIX_DECREF(validityDate);
- PKIX_INCREF(state->validityDate);
- validityDate = state->validityDate;
- if (trusted == PKIX_TRUE) {
- state->status = BUILD_CHECKTRUSTED;
- } else {
- state->status = BUILD_ADDTOCHAIN;
- }
- }
-
- if (state->status == BUILD_CHECKTRUSTED) {
-
- /*
- * If this cert is trusted, try to validate the entire
- * chain using this certificate as trust anchor.
- */
- PKIX_CHECK(PKIX_TrustAnchor_CreateWithCert
- (state->candidateCert,
- &trustAnchor,
- plContext),
- PKIX_TRUSTANCHORCREATEWITHCERTFAILED);
-
- PKIX_CHECK(pkix_Build_ValidationCheckers
- (state,
- state->trustChain,
- trustAnchor,
- PKIX_FALSE, /* do not add eku checker
- * since eku was already
- * checked */
- plContext),
- PKIX_BUILDVALIDATIONCHECKERSFAILED);
-
- state->status = BUILD_CHECKTRUSTED2;
- }
-
- if (state->status == BUILD_CHECKTRUSTED2) {
- verifyError =
- pkix_Build_ValidateEntireChain(state,
- trustAnchor,
- &nbio, &valResult,
- verifyNode,
- plContext);
- if (nbio != NULL) {
- /* IO still pending, resume later */
- goto cleanup;
- } else {
- /* checking the error for fatal status */
- if (verifyError) {
- pkixTempErrorReceived = PKIX_TRUE;
- pkixErrorClass = verifyError->errClass;
- if (pkixErrorClass == PKIX_FATAL_ERROR) {
- pkixErrorResult = verifyError;
- verifyError = NULL;
- goto fatal;
- }
- }
- if (state->verifyNode != NULL) {
- PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTree
- (state->verifyNode,
- verifyNode,
- plContext),
- PKIX_VERIFYNODEADDTOTREEFAILED);
- PKIX_DECREF(verifyNode);
- }
- if (!PKIX_ERROR_RECEIVED) {
- *pValResult = valResult;
- valResult = NULL;
- /* Change state so IsIOPending is FALSE */
- state->status = BUILD_CHECKTRUSTED;
- goto cleanup;
- }
- PKIX_DECREF(finalError);
- finalError = verifyError;
- verifyError = NULL;
- /* Reset temp error that was set by
- * PKIX_CHECK_ONLY_FATAL and continue */
- pkixTempErrorReceived = PKIX_FALSE;
- PKIX_DECREF(trustAnchor);
- }
-
- /*
- * If chain doesn't validate with a trusted Cert,
- * adding more Certs to it can't help.
- */
- if (state->certLoopingDetected) {
- PKIX_DECREF(verifyError);
- PKIX_ERROR_CREATE(BUILD,
- PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED,
- verifyError);
- PKIX_CHECK_FATAL(
- pkix_VerifyNode_SetError(state->verifyNode,
- verifyError,
- plContext),
- PKIX_VERIFYNODESETERRORFAILED);
- PKIX_DECREF(verifyError);
- }
- state->status = BUILD_GETNEXTCERT;
- }
-
- /*
- * This Cert was not trusted. Add it to our chain, and
- * continue building. If we don't reach a trust anchor,
- * we'll take it off later and continue without it.
- */
- if (state->status == BUILD_ADDTOCHAIN) {
- PKIX_CHECK(PKIX_List_AppendItem
- (state->trustChain,
- (PKIX_PL_Object *)state->candidateCert,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- state->status = BUILD_EXTENDCHAIN;
- }
-
- if (state->status == BUILD_EXTENDCHAIN) {
-
- /* Check whether we are allowed to extend the chain */
- if ((state->buildConstants.maxDepth != 0) &&
- (state->numDepth <= 1)) {
-
- if (state->verifyNode != NULL) {
- PKIX_ERROR_CREATE
- (BUILD,
- PKIX_DEPTHWOULDEXCEEDRESOURCELIMITS,
- verifyError);
- PKIX_CHECK_FATAL(pkix_VerifyNode_SetError
- (verifyNode, verifyError, plContext),
- PKIX_VERIFYNODESETERRORFAILED);
- PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTree
- (state->verifyNode, verifyNode, plContext),
- PKIX_VERIFYNODEADDTOTREEFAILED);
- PKIX_DECREF(verifyNode);
- PKIX_DECREF(finalError);
- finalError = verifyError;
- verifyError = NULL;
- }
- /* Even if error logged, still need to abort */
- PKIX_ERROR(PKIX_DEPTHWOULDEXCEEDRESOURCELIMITS);
- }
-
- PKIX_CHECK(pkix_IsCertSelfIssued
- (state->candidateCert, &isSelfIssued, plContext),
- PKIX_ISCERTSELFISSUEDFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_Duplicate
- ((PKIX_PL_Object *)state->traversedSubjNames,
- (PKIX_PL_Object **)&childTraversedSubjNames,
- plContext),
- PKIX_OBJECTDUPLICATEFAILED);
-
- if (isSelfIssued) {
- childTraversedCACerts = state->traversedCACerts;
- } else {
- childTraversedCACerts = state->traversedCACerts + 1;
-
- PKIX_CHECK(PKIX_PL_Cert_GetAllSubjectNames
- (state->candidateCert,
- &subjectNames,
- plContext),
- PKIX_CERTGETALLSUBJECTNAMESFAILED);
-
- if (subjectNames) {
- PKIX_CHECK(PKIX_List_GetLength
- (subjectNames,
- &numSubjectNames,
- plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- } else {
- numSubjectNames = 0;
- }
-
- for (i = 0; i < numSubjectNames; i++) {
- PKIX_CHECK(PKIX_List_GetItem
- (subjectNames,
- i,
- &subjectName,
- plContext),
- PKIX_LISTGETITEMFAILED);
- PKIX_NULLCHECK_ONE
- (state->traversedSubjNames);
- PKIX_CHECK(PKIX_List_AppendItem
- (state->traversedSubjNames,
- subjectName,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- PKIX_DECREF(subjectName);
- }
- PKIX_DECREF(subjectNames);
- }
-
- PKIX_CHECK(pkix_ForwardBuilderState_Create
- (childTraversedCACerts,
- state->buildConstants.maxFanout,
- state->numDepth - 1,
- state->revCheckDelayed,
- canBeCached,
- validityDate,
- state->candidateCert,
- childTraversedSubjNames,
- state->trustChain,
- state,
- &childState,
- plContext),
- PKIX_FORWARDBUILDSTATECREATEFAILED);
-
- PKIX_DECREF(childTraversedSubjNames);
- PKIX_DECREF(certSelParams);
- childState->verifyNode = verifyNode;
- verifyNode = NULL;
- PKIX_DECREF(state);
- state = childState; /* state->status == BUILD_INITIAL */
- childState = NULL;
- continue; /* with while (!outOfOptions) */
- }
-
- if (state->status == BUILD_GETNEXTCERT) {
- pkixTempErrorReceived = PKIX_FALSE;
- PKIX_DECREF(state->candidateCert);
-
- /*
- * If we were using a Cert from the callier-supplied partial
- * chain, delete it and go to the certStores.
- */
- if (state->usingHintCerts == PKIX_TRUE) {
-
- PKIX_DECREF(state->candidateCerts);
- PKIX_CHECK(PKIX_List_Create
- (&state->candidateCerts, plContext),
- PKIX_LISTCREATEFAILED);
-
- state->numCerts = 0;
- state->usingHintCerts = PKIX_FALSE;
- state->status = BUILD_TRYAIA;
- continue;
-
- } else if (++(state->certIndex) < (state->numCerts)) {
-
- if ((state->buildConstants.maxFanout != 0) &&
- (--(state->numFanout) == 0)) {
-
- if (state->verifyNode != NULL) {
- PKIX_ERROR_CREATE
- (BUILD,
- PKIX_FANOUTEXCEEDSRESOURCELIMITS,
- verifyError);
- PKIX_CHECK_FATAL
- (pkix_VerifyNode_SetError
- (state->verifyNode,
- verifyError,
- plContext),
- PKIX_VERIFYNODESETERRORFAILED);
- PKIX_DECREF(finalError);
- finalError = verifyError;
- verifyError = NULL;
- }
- /* Even if error logged, still need to abort */
- PKIX_ERROR
- (PKIX_FANOUTEXCEEDSRESOURCELIMITS);
- }
- state->status = BUILD_CERTVALIDATING;
- continue;
- }
- }
-
- /*
- * Adding the current cert to the chain didn't help. If our search
- * has been restricted to local certStores, try opening up the
- * search and see whether that helps. Otherwise, back up to the
- * parent cert, and see if there are any more to try.
- */
- if (state->useOnlyLocal == PKIX_TRUE) {
- state->useOnlyLocal = PKIX_FALSE;
- state->certStoreIndex = 0;
- state->numFanout = state->buildConstants.maxFanout;
- state->status = BUILD_TRYAIA;
- } else do {
- if (state->parentState == NULL) {
- /* We are at the top level, and can't back up! */
- outOfOptions = PKIX_TRUE;
- } else {
-
- /*
- * Try the next cert, if any, for this parent.
- * Otherwise keep backing up until we reach a
- * parent with more certs to try.
- */
- PKIX_CHECK(PKIX_List_GetLength
- (state->trustChain, &numChained, plContext),
- PKIX_LISTGETLENGTHFAILED);
- PKIX_CHECK(PKIX_List_DeleteItem
- (state->trustChain, numChained - 1, plContext),
- PKIX_LISTDELETEITEMFAILED);
-
- /* local and aia fetching returned no good certs.
- * Creating a verify node in the parent that tells
- * us this. */
- if (!state->verifyNode) {
- PKIX_CHECK_FATAL(
- pkix_VerifyNode_Create(state->prevCert,
- 0, NULL,
- &state->verifyNode,
- plContext),
- PKIX_VERIFYNODECREATEFAILED);
- }
- /* Updating the log with the error. */
- PKIX_DECREF(verifyError);
- PKIX_ERROR_CREATE(BUILD, PKIX_SECERRORUNKNOWNISSUER,
- verifyError);
- PKIX_CHECK_FATAL(
- pkix_VerifyNode_SetError(state->verifyNode,
- verifyError,
- plContext),
- PKIX_VERIFYNODESETERRORFAILED);
- PKIX_DECREF(verifyError);
-
- PKIX_INCREF(state->parentState);
- parentState = state->parentState;
- PKIX_DECREF(verifyNode);
- verifyNode = state->verifyNode;
- state->verifyNode = NULL;
- PKIX_DECREF(state);
- state = parentState;
- parentState = NULL;
- if (state->verifyNode != NULL && verifyNode) {
- PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTree
- (state->verifyNode,
- verifyNode,
- plContext),
- PKIX_VERIFYNODEADDTOTREEFAILED);
- PKIX_DECREF(verifyNode);
- }
- PKIX_DECREF(validityDate);
- PKIX_INCREF(state->validityDate);
- validityDate = state->validityDate;
- canBeCached = state->canBeCached;
-
- /* Are there any more Certs to try? */
- if (++(state->certIndex) < (state->numCerts)) {
- state->status = BUILD_CERTVALIDATING;
- PKIX_DECREF(state->candidateCert);
- break;
- }
- if (state->useOnlyLocal == PKIX_TRUE) {
- /* Clean up and go for AIA round. */
- state->useOnlyLocal = PKIX_FALSE;
- state->certStoreIndex = 0;
- state->numFanout = state->buildConstants.maxFanout;
- state->status = BUILD_TRYAIA;
- break;
- }
- }
- PKIX_DECREF(state->candidateCert);
- } while (outOfOptions == PKIX_FALSE);
-
- } /* while (outOfOptions == PKIX_FALSE) */
-
-cleanup:
-
- if (pkixErrorClass == PKIX_FATAL_ERROR) {
- goto fatal;
- }
-
- /* verifyNode should be equal to NULL at this point. Assert it.
- * Temporarelly use verifyError to store an error ref to which we
- * have in pkixErrorResult. This is done to prevent error cloberring
- * while using macros below. */
- PORT_Assert(verifyError == NULL);
- verifyError = pkixErrorResult;
-
- /*
- * We were called with an initialState that had no parent. If we are
- * returning with an error or with a result, we must destroy any state
- * that we created (any state with a parent).
- */
-
- PKIX_CHECK_FATAL(pkix_ForwardBuilderState_IsIOPending
- (state, &ioPending, plContext),
- PKIX_FORWARDBUILDERSTATEISIOPENDINGFAILED);
-
- if (ioPending == PKIX_FALSE) {
- while (state->parentState) {
- PKIX_INCREF(state->parentState);
- parentState = state->parentState;
- PKIX_DECREF(verifyNode);
- verifyNode = state->verifyNode;
- state->verifyNode = NULL;
- PKIX_DECREF(state);
- state = parentState;
- parentState = NULL;
- if (state->verifyNode != NULL && verifyNode) {
- PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTree
- (state->verifyNode,
- verifyNode,
- plContext),
- PKIX_VERIFYNODEADDTOTREEFAILED);
- PKIX_DECREF(verifyNode);
- }
- }
- state->canBeCached = canBeCached;
- PKIX_DECREF(state->validityDate);
- state->validityDate = validityDate;
- validityDate = NULL;
- }
- if (!*pValResult && !verifyError) {
- if (!finalError) {
- PKIX_CHECK_FATAL(
- pkix_VerifyNode_FindError(state->verifyNode,
- &finalError,
- plContext),
- PKIX_VERIFYNODEFINDERRORFAILED);
- }
- if (finalError) {
- pkixErrorResult = finalError;
- pkixErrorCode = PKIX_BUILDFORWARDDEPTHFIRSTSEARCHFAILED;
- finalError = NULL;
- goto fatal;
- }
- pkixErrorCode = PKIX_SECERRORUNKNOWNISSUER;
- pkixErrorReceived = PKIX_TRUE;
- PKIX_ERROR_CREATE(BUILD, PKIX_SECERRORUNKNOWNISSUER,
- verifyError);
- PKIX_CHECK_FATAL(
- pkix_VerifyNode_SetError(state->verifyNode, verifyError,
- plContext),
- PKIX_VERIFYNODESETERRORFAILED);
- } else {
- pkixErrorResult = verifyError;
- verifyError = NULL;
- }
-
-fatal:
- if (state->parentState) {
- /* parentState in "state" object should be NULL at this point.
- * If itn't, that means that we got fatal error(we have jumped to
- * "fatal" label) and we should destroy all state except the top one. */
- while (state->parentState) {
- PKIX_Error *error = NULL;
- PKIX_ForwardBuilderState *prntState = state->parentState;
- /* Dumb: need to increment parentState to avoid destruction
- * of "build constants"(they get destroyed when parentState is
- * set to NULL. */
- PKIX_INCREF(prntState);
- error = PKIX_PL_Object_DecRef((PKIX_PL_Object*)state, plContext);
- if (error) {
- PKIX_PL_Object_DecRef((PKIX_PL_Object*)error, plContext);
- }
- /* No need to decref the parent state. It was already done by
- * pkix_ForwardBuilderState_Destroy function. */
- state = prntState;
- }
- }
- PKIX_DECREF(parentState);
- PKIX_DECREF(childState);
- PKIX_DECREF(valResult);
- PKIX_DECREF(verifyError);
- PKIX_DECREF(finalError);
- PKIX_DECREF(verifyNode);
- PKIX_DECREF(childTraversedSubjNames);
- PKIX_DECREF(certSelParams);
- PKIX_DECREF(subjectNames);
- PKIX_DECREF(subjectName);
- PKIX_DECREF(trustAnchor);
- PKIX_DECREF(validityDate);
- PKIX_DECREF(revCheckerState);
- PKIX_DECREF(currTime);
- PKIX_DECREF(filteredCerts);
- PKIX_DECREF(unfilteredCerts);
- PKIX_DECREF(trustedCert);
-
- PKIX_RETURN(BUILD);
-}
-
-/*
- * FUNCTION: pkix_Build_CheckInCache
- * DESCRIPTION:
- *
- * The function tries to locate a chain for a cert in the cert chain cache.
- * If found, the chain goes through revocation chacking and returned back to
- * caller. Chains that fail revocation check get removed from cache.
- *
- * PARAMETERS:
- * "state"
- * Address of ForwardBuilderState to be used. Must be non-NULL.
- * "pBuildResult"
- * Address at which the BuildResult is stored, after a successful build.
- * Must be non-NULL.
- * "pNBIOContext"
- * Address at which the NBIOContext is stored indicating whether the
- * validation is complete. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Build Error if the function fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error*
-pkix_Build_CheckInCache(
- PKIX_ForwardBuilderState *state,
- PKIX_BuildResult **pBuildResult,
- void **pNBIOContext,
- void *plContext)
-{
- PKIX_PL_Cert *targetCert = NULL;
- PKIX_List *anchors = NULL;
- PKIX_PL_Date *testDate = NULL;
- PKIX_BuildResult *buildResult = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_TrustAnchor *matchingAnchor = NULL;
- PKIX_PL_Cert *trustedCert = NULL;
- PKIX_List *certList = NULL;
- PKIX_Boolean cacheHit = PKIX_FALSE;
- PKIX_Boolean trusted = PKIX_FALSE;
- PKIX_Boolean stillValid = PKIX_FALSE;
- void *nbioContext = NULL;
-
- PKIX_ENTER(BUILD, "pkix_Build_CheckInCache");
-
- nbioContext = *pNBIOContext;
- *pNBIOContext = NULL;
-
- targetCert = state->buildConstants.targetCert;
- anchors = state->buildConstants.anchors;
- testDate = state->buildConstants.testDate;
-
- /* Check whether this cert verification has been cached. */
- PKIX_CHECK(pkix_CacheCertChain_Lookup
- (targetCert,
- anchors,
- testDate,
- &cacheHit,
- &buildResult,
- plContext),
- PKIX_CACHECERTCHAINLOOKUPFAILED);
-
- if (!cacheHit) {
- goto cleanup;
- }
-
- /*
- * We found something in cache. Verify that the anchor
- * cert is still trusted,
- */
- PKIX_CHECK(PKIX_BuildResult_GetValidateResult
- (buildResult, &valResult, plContext),
- PKIX_BUILDRESULTGETVALIDATERESULTFAILED);
-
- PKIX_CHECK(PKIX_ValidateResult_GetTrustAnchor
- (valResult, &matchingAnchor, plContext),
- PKIX_VALIDATERESULTGETTRUSTANCHORFAILED);
-
- PKIX_DECREF(valResult);
-
- PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCert
- (matchingAnchor, &trustedCert, plContext),
- PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED);
-
- if (state->buildConstants.anchors &&
- state->buildConstants.anchors->length) {
- /* Check if it is one of the trust anchors */
- PKIX_CHECK(
- pkix_List_Contains(state->buildConstants.anchors,
- (PKIX_PL_Object *)matchingAnchor,
- &trusted,
- plContext),
- PKIX_LISTCONTAINSFAILED);
- } else {
- PKIX_CHECK(PKIX_PL_Cert_IsCertTrusted
- (trustedCert, PKIX_FALSE, &trusted, plContext),
- PKIX_CERTISCERTTRUSTEDFAILED);
- }
-
- if (!trusted) {
- goto cleanup;
- }
- /*
- * Since the key usage may vary for different
- * applications, we need to verify the chain again.
- * Reverification will be improved with a fix for 397805.
- */
- PKIX_CHECK(PKIX_BuildResult_GetCertChain
- (buildResult, &certList, plContext),
- PKIX_BUILDRESULTGETCERTCHAINFAILED);
-
- PKIX_CHECK(pkix_Build_ValidationCheckers
- (state,
- certList,
- matchingAnchor,
- PKIX_TRUE, /* Chain revalidation stage. */
- plContext),
- PKIX_BUILDVALIDATIONCHECKERSFAILED);
-
- PKIX_CHECK_ONLY_FATAL(
- pkix_Build_ValidateEntireChain(state, matchingAnchor,
- &nbioContext, &valResult,
- state->verifyNode, plContext),
- PKIX_BUILDVALIDATEENTIRECHAINFAILED);
-
- if (nbioContext != NULL) {
- /* IO still pending, resume later */
- *pNBIOContext = nbioContext;
- goto cleanup;
- }
- if (!PKIX_ERROR_RECEIVED) {
- /* The result from cache is still valid. But we replace an old*/
- *pBuildResult = buildResult;
- buildResult = NULL;
- stillValid = PKIX_TRUE;
- }
-
-cleanup:
-
- if (!nbioContext && cacheHit && !(trusted && stillValid)) {
- /* The anchor of this chain is no longer trusted or
- * chain cert(s) has been revoked.
- * Invalidate this result in the cache */
- PKIX_CHECK_FATAL(pkix_CacheCertChain_Remove
- (targetCert,
- anchors,
- plContext),
- PKIX_CACHECERTCHAINREMOVEFAILED);
- }
-
-fatal:
- PKIX_DECREF(buildResult);
- PKIX_DECREF(valResult);
- PKIX_DECREF(certList);
- PKIX_DECREF(matchingAnchor);
- PKIX_DECREF(trustedCert);
-
-
- PKIX_RETURN(BUILD);
-}
-
-/*
- * FUNCTION: pkix_Build_InitiateBuildChain
- * DESCRIPTION:
- *
- * This function initiates the search for a BuildChain, using the parameters
- * provided in "procParams" and, if continuing a search that was suspended
- * for I/O, using the ForwardBuilderState pointed to by "state".
- *
- * If a successful chain is built, this function stores the BuildResult at
- * "pBuildResult". Alternatively, if an operation using non-blocking I/O
- * is in progress and the operation has not been completed, this function
- * stores the platform-dependent non-blocking I/O context (nbioContext) at
- * "pNBIOContext", the FowardBuilderState at "pState", and NULL at
- * "pBuildResult". Finally, if chain building was unsuccessful, this function
- * stores NULL at both "pState" and at "pBuildResult".
- *
- * Note: This function is re-entered only for the case of non-blocking I/O
- * in the "short-cut" attempt to build a chain using the target Certificate
- * directly with one of the trustAnchors. For all other cases, resumption
- * after non-blocking I/O is via pkix_Build_ResumeBuildChain.
- *
- * PARAMETERS:
- * "procParams"
- * Address of the ProcessingParams for the search. Must be non-NULL.
- * "pNBIOContext"
- * Address at which the NBIOContext is stored indicating whether the
- * validation is complete. Must be non-NULL.
- * "pState"
- * Address at which the ForwardBuilderState is stored, if the chain
- * building is suspended for waiting I/O; also, the address at which the
- * ForwardBuilderState is provided for resumption of the chain building
- * attempt. Must be non-NULL.
- * "pBuildResult"
- * Address at which the BuildResult is stored, after a successful build.
- * Must be non-NULL.
- * "pVerifyNode"
- * Address at which a VerifyNode chain is returned, if non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Build Error if the function fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_Build_InitiateBuildChain(
- PKIX_ProcessingParams *procParams,
- void **pNBIOContext,
- PKIX_ForwardBuilderState **pState,
- PKIX_BuildResult **pBuildResult,
- PKIX_VerifyNode **pVerifyNode,
- void *plContext)
-{
- PKIX_UInt32 numAnchors = 0;
- PKIX_UInt32 numCertStores = 0;
- PKIX_UInt32 numHintCerts = 0;
- PKIX_UInt32 i = 0;
- PKIX_Boolean isDuplicate = PKIX_FALSE;
- PKIX_PL_Cert *trustedCert = NULL;
- PKIX_CertSelector *targetConstraints = NULL;
- PKIX_ComCertSelParams *targetParams = NULL;
- PKIX_List *anchors = NULL;
- PKIX_List *targetSubjNames = NULL;
- PKIX_PL_Cert *targetCert = NULL;
- PKIX_PL_Object *firstHintCert = NULL;
- PKIX_RevocationChecker *revChecker = NULL;
- PKIX_List *certStores = NULL;
- PKIX_CertStore *certStore = NULL;
- PKIX_List *userCheckers = NULL;
- PKIX_List *hintCerts = NULL;
- PKIX_PL_Date *testDate = NULL;
- PKIX_PL_PublicKey *targetPubKey = NULL;
- void *nbioContext = NULL;
- BuildConstants buildConstants;
-
- PKIX_List *tentativeChain = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_BuildResult *buildResult = NULL;
- PKIX_List *certList = NULL;
- PKIX_TrustAnchor *matchingAnchor = NULL;
- PKIX_ForwardBuilderState *state = NULL;
- PKIX_CertStore_CheckTrustCallback trustCallback = NULL;
- PKIX_CertSelector_MatchCallback selectorCallback = NULL;
- PKIX_PL_AIAMgr *aiaMgr = NULL;
-
- PKIX_ENTER(BUILD, "pkix_Build_InitiateBuildChain");
- PKIX_NULLCHECK_FOUR(procParams, pNBIOContext, pState, pBuildResult);
-
- nbioContext = *pNBIOContext;
- *pNBIOContext = NULL;
-
- state = *pState;
- *pState = NULL; /* no net change in reference count */
-
- if (state == NULL) {
- PKIX_CHECK(PKIX_ProcessingParams_GetDate
- (procParams, &testDate, plContext),
- PKIX_PROCESSINGPARAMSGETDATEFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_GetTrustAnchors
- (procParams, &anchors, plContext),
- PKIX_PROCESSINGPARAMSGETTRUSTANCHORSFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength(anchors, &numAnchors, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- /* retrieve stuff from targetCertConstraints */
- PKIX_CHECK(PKIX_ProcessingParams_GetTargetCertConstraints
- (procParams, &targetConstraints, plContext),
- PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED);
-
- PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParams
- (targetConstraints, &targetParams, plContext),
- PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetCertificate
- (targetParams, &targetCert, plContext),
- PKIX_COMCERTSELPARAMSGETCERTIFICATEFAILED);
-
- PKIX_CHECK(
- PKIX_ComCertSelParams_SetLeafCertFlag(targetParams,
- PKIX_TRUE, plContext),
- PKIX_COMCERTSELPARAMSSETLEAFCERTFLAGFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_GetHintCerts
- (procParams, &hintCerts, plContext),
- PKIX_PROCESSINGPARAMSGETHINTCERTSFAILED);
-
- if (hintCerts != NULL) {
- PKIX_CHECK(PKIX_List_GetLength
- (hintCerts, &numHintCerts, plContext),
- PKIX_LISTGETLENGTHFAILED);
- }
-
- /*
- * Caller must provide either a target Cert
- * (in ComCertSelParams->Certificate) or a partial Cert
- * chain (in ProcParams->HintCerts).
- */
-
- if (targetCert == NULL) {
-
- /* Use first cert of hintCerts as the targetCert */
- if (numHintCerts == 0) {
- PKIX_ERROR(PKIX_NOTARGETCERTSUPPLIED);
- }
-
- PKIX_CHECK(PKIX_List_GetItem
- (hintCerts,
- 0,
- (PKIX_PL_Object **)&targetCert,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(PKIX_List_DeleteItem(hintCerts, 0, plContext),
- PKIX_LISTGETITEMFAILED);
- } else {
-
- /*
- * If the first hintCert is the same as the targetCert,
- * delete it from hintCerts.
- */
- if (numHintCerts != 0) {
- PKIX_CHECK(PKIX_List_GetItem
- (hintCerts, 0, &firstHintCert, plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)targetCert,
- firstHintCert,
- &isDuplicate,
- plContext),
- PKIX_OBJECTEQUALSFAILED);
-
- if (isDuplicate) {
- PKIX_CHECK(PKIX_List_DeleteItem
- (hintCerts, 0, plContext),
- PKIX_LISTGETITEMFAILED);
- }
- PKIX_DECREF(firstHintCert);
- }
-
- }
-
- if (targetCert == NULL) {
- PKIX_ERROR(PKIX_NOTARGETCERTSUPPLIED);
- }
-
- PKIX_CHECK(PKIX_PL_Cert_GetAllSubjectNames
- (targetCert,
- &targetSubjNames,
- plContext),
- PKIX_CERTGETALLSUBJECTNAMESFAILED);
-
- PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKey
- (targetCert, &targetPubKey, plContext),
- PKIX_CERTGETSUBJECTPUBLICKEYFAILED);
-
- PKIX_CHECK(PKIX_List_Create(&tentativeChain, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (tentativeChain, (PKIX_PL_Object *)targetCert, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- if (procParams->qualifyTargetCert) {
- /* EE cert validation */
- /* Sync up the time on the target selector parameter struct. */
- PKIX_CHECK(
- PKIX_ComCertSelParams_SetCertificateValid(targetParams,
- testDate,
- plContext),
- PKIX_COMCERTSELPARAMSSETCERTIFICATEVALIDFAILED);
-
- PKIX_CHECK(PKIX_CertSelector_GetMatchCallback
- (targetConstraints, &selectorCallback, plContext),
- PKIX_CERTSELECTORGETMATCHCALLBACKFAILED);
-
- pkixErrorResult =
- (*selectorCallback)(targetConstraints, targetCert,
- plContext);
- if (pkixErrorResult) {
- pkixErrorClass = pkixErrorResult->errClass;
- if (pkixErrorClass == PKIX_FATAL_ERROR) {
- goto cleanup;
- }
- if (pVerifyNode != NULL) {
- PKIX_Error *tempResult =
- pkix_VerifyNode_Create(targetCert, 0,
- pkixErrorResult,
- pVerifyNode,
- plContext);
- if (tempResult) {
- PKIX_DECREF(pkixErrorResult);
- pkixErrorResult = tempResult;
- pkixErrorCode = PKIX_VERIFYNODECREATEFAILED;
- pkixErrorClass = PKIX_FATAL_ERROR;
- goto cleanup;
- }
- }
- pkixErrorCode = PKIX_CERTCHECKVALIDITYFAILED;
- goto cleanup;
- }
- }
-
- PKIX_CHECK(PKIX_ProcessingParams_GetCertStores
- (procParams, &certStores, plContext),
- PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength
- (certStores, &numCertStores, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- /* Reorder CertStores so trusted are at front of the List */
- if (numCertStores > 1) {
- for (i = numCertStores - 1; i > 0; i--) {
- PKIX_CHECK_ONLY_FATAL(PKIX_List_GetItem
- (certStores,
- i,
- (PKIX_PL_Object **)&certStore,
- plContext),
- PKIX_LISTGETITEMFAILED);
- PKIX_CHECK_ONLY_FATAL(PKIX_CertStore_GetTrustCallback
- (certStore, &trustCallback, plContext),
- PKIX_CERTSTOREGETTRUSTCALLBACKFAILED);
-
- if (trustCallback != NULL) {
- /* Is a trusted Cert, move CertStore to front */
- PKIX_CHECK(PKIX_List_DeleteItem
- (certStores, i, plContext),
- PKIX_LISTDELETEITEMFAILED);
- PKIX_CHECK(PKIX_List_InsertItem
- (certStores,
- 0,
- (PKIX_PL_Object *)certStore,
- plContext),
- PKIX_LISTINSERTITEMFAILED);
-
- }
-
- PKIX_DECREF(certStore);
- }
- }
-
- PKIX_CHECK(PKIX_ProcessingParams_GetCertChainCheckers
- (procParams, &userCheckers, plContext),
- PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_GetRevocationChecker
- (procParams, &revChecker, plContext),
- PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED);
- /* Do not initialize AIA manager if we are not going to fetch
- * cert using aia url. */
- if (procParams->useAIAForCertFetching) {
- PKIX_CHECK(PKIX_PL_AIAMgr_Create(&aiaMgr, plContext),
- PKIX_AIAMGRCREATEFAILED);
- }
-
- /*
- * We initialize all the fields of buildConstants here, in one place,
- * just to help keep track and ensure that we got everything.
- */
-
- buildConstants.numAnchors = numAnchors;
- buildConstants.numCertStores = numCertStores;
- buildConstants.numHintCerts = numHintCerts;
- buildConstants.procParams = procParams;
- buildConstants.testDate = testDate;
- buildConstants.timeLimit = NULL;
- buildConstants.targetCert = targetCert;
- buildConstants.targetPubKey = targetPubKey;
- buildConstants.certStores = certStores;
- buildConstants.anchors = anchors;
- buildConstants.userCheckers = userCheckers;
- buildConstants.hintCerts = hintCerts;
- buildConstants.revChecker = revChecker;
- buildConstants.aiaMgr = aiaMgr;
-
- PKIX_CHECK(pkix_Build_GetResourceLimits(&buildConstants, plContext),
- PKIX_BUILDGETRESOURCELIMITSFAILED);
-
- PKIX_CHECK(pkix_ForwardBuilderState_Create
- (0, /* PKIX_UInt32 traversedCACerts */
- buildConstants.maxFanout,
- buildConstants.maxDepth,
- PKIX_FALSE, /* PKIX_Boolean revCheckDelayed */
- PKIX_TRUE, /* PKIX_Boolean canBeCached */
- NULL, /* PKIX_Date *validityDate */
- targetCert, /* PKIX_PL_Cert *prevCert */
- targetSubjNames, /* PKIX_List *traversedSubjNames */
- tentativeChain, /* PKIX_List *trustChain */
- NULL, /* PKIX_ForwardBuilderState *parent */
- &state, /* PKIX_ForwardBuilderState **pState */
- plContext),
- PKIX_BUILDSTATECREATEFAILED);
-
- state->buildConstants.numAnchors = buildConstants.numAnchors;
- state->buildConstants.numCertStores = buildConstants.numCertStores;
- state->buildConstants.numHintCerts = buildConstants.numHintCerts;
- state->buildConstants.maxFanout = buildConstants.maxFanout;
- state->buildConstants.maxDepth = buildConstants.maxDepth;
- state->buildConstants.maxTime = buildConstants.maxTime;
- state->buildConstants.procParams = buildConstants.procParams;
- PKIX_INCREF(buildConstants.testDate);
- state->buildConstants.testDate = buildConstants.testDate;
- state->buildConstants.timeLimit = buildConstants.timeLimit;
- PKIX_INCREF(buildConstants.targetCert);
- state->buildConstants.targetCert = buildConstants.targetCert;
- PKIX_INCREF(buildConstants.targetPubKey);
- state->buildConstants.targetPubKey =
- buildConstants.targetPubKey;
- PKIX_INCREF(buildConstants.certStores);
- state->buildConstants.certStores = buildConstants.certStores;
- PKIX_INCREF(buildConstants.anchors);
- state->buildConstants.anchors = buildConstants.anchors;
- PKIX_INCREF(buildConstants.userCheckers);
- state->buildConstants.userCheckers =
- buildConstants.userCheckers;
- PKIX_INCREF(buildConstants.hintCerts);
- state->buildConstants.hintCerts = buildConstants.hintCerts;
- PKIX_INCREF(buildConstants.revChecker);
- state->buildConstants.revChecker = buildConstants.revChecker;
- state->buildConstants.aiaMgr = buildConstants.aiaMgr;
- aiaMgr = NULL;
-
- if (buildConstants.maxTime != 0) {
- PKIX_CHECK(PKIX_PL_Date_Create_CurrentOffBySeconds
- (buildConstants.maxTime,
- &state->buildConstants.timeLimit,
- plContext),
- PKIX_DATECREATECURRENTOFFBYSECONDSFAILED);
- }
-
- if (pVerifyNode != NULL) {
- PKIX_Error *tempResult =
- pkix_VerifyNode_Create(targetCert, 0, NULL,
- &(state->verifyNode),
- plContext);
- if (tempResult) {
- pkixErrorResult = tempResult;
- pkixErrorCode = PKIX_VERIFYNODECREATEFAILED;
- pkixErrorClass = PKIX_FATAL_ERROR;
- goto cleanup;
- }
- }
-
- PKIX_CHECK_ONLY_FATAL(
- pkix_Build_CheckInCache(state, &buildResult,
- &nbioContext, plContext),
- PKIX_UNABLETOBUILDCHAIN);
- if (nbioContext) {
- *pNBIOContext = nbioContext;
- *pState = state;
- state = NULL;
- goto cleanup;
- }
- if (buildResult) {
- *pBuildResult = buildResult;
- if (pVerifyNode != NULL) {
- *pVerifyNode = state->verifyNode;
- state->verifyNode = NULL;
- }
- goto cleanup;
- }
- }
-
- /* If we're resuming after non-blocking I/O we need to get SubjNames */
- if (targetSubjNames == NULL) {
- PKIX_CHECK(PKIX_PL_Cert_GetAllSubjectNames
- (state->buildConstants.targetCert,
- &targetSubjNames,
- plContext),
- PKIX_CERTGETALLSUBJECTNAMESFAILED);
- }
-
- state->status = BUILD_INITIAL;
-
- if (!matchingAnchor) {
- pkixErrorResult =
- pkix_BuildForwardDepthFirstSearch(&nbioContext, state,
- &valResult, plContext);
- }
-
- /* non-null nbioContext means the build would block */
- if (pkixErrorResult == NULL && nbioContext != NULL) {
-
- *pNBIOContext = nbioContext;
- *pBuildResult = NULL;
-
- /* no valResult means the build has failed */
- } else {
- if (pVerifyNode != NULL) {
- PKIX_INCREF(state->verifyNode);
- *pVerifyNode = state->verifyNode;
- }
-
- if (valResult == NULL || pkixErrorResult)
- PKIX_ERROR(PKIX_UNABLETOBUILDCHAIN);
- PKIX_CHECK(
- pkix_BuildResult_Create(valResult, state->trustChain,
- &buildResult, plContext),
- PKIX_BUILDRESULTCREATEFAILED);
- *pBuildResult = buildResult;
- }
-
- *pState = state;
- state = NULL;
-
-cleanup:
-
- PKIX_DECREF(targetConstraints);
- PKIX_DECREF(targetParams);
- PKIX_DECREF(anchors);
- PKIX_DECREF(targetSubjNames);
- PKIX_DECREF(targetCert);
- PKIX_DECREF(revChecker);
- PKIX_DECREF(certStores);
- PKIX_DECREF(certStore);
- PKIX_DECREF(userCheckers);
- PKIX_DECREF(hintCerts);
- PKIX_DECREF(firstHintCert);
- PKIX_DECREF(testDate);
- PKIX_DECREF(targetPubKey);
- PKIX_DECREF(tentativeChain);
- PKIX_DECREF(valResult);
- PKIX_DECREF(certList);
- PKIX_DECREF(matchingAnchor);
- PKIX_DECREF(trustedCert);
- PKIX_DECREF(state);
- PKIX_DECREF(aiaMgr);
-
- PKIX_RETURN(BUILD);
-}
-
-/*
- * FUNCTION: pkix_Build_ResumeBuildChain
- * DESCRIPTION:
- *
- * This function continues the search for a BuildChain, using the parameters
- * provided in "procParams" and the ForwardBuilderState pointed to by "state".
- *
- * If a successful chain is built, this function stores the BuildResult at
- * "pBuildResult". Alternatively, if an operation using non-blocking I/O
- * is in progress and the operation has not been completed, this function
- * stores the FowardBuilderState at "pState" and NULL at "pBuildResult".
- * Finally, if chain building was unsuccessful, this function stores NULL
- * at both "pState" and at "pBuildResult".
- *
- * PARAMETERS:
- * "pNBIOContext"
- * Address at which the NBIOContext is stored indicating whether the
- * validation is complete. Must be non-NULL.
- * "pState"
- * Address at which the ForwardBuilderState is provided for resumption of
- * the chain building attempt; also, the address at which the
- * ForwardBuilderStateis stored, if the chain building is suspended for
- * waiting I/O. Must be non-NULL.
- * "pBuildResult"
- * Address at which the BuildResult is stored, after a successful build.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Build Error if the function fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_Build_ResumeBuildChain(
- void **pNBIOContext,
- PKIX_ForwardBuilderState *state,
- PKIX_BuildResult **pBuildResult,
- PKIX_VerifyNode **pVerifyNode,
- void *plContext)
-{
- PKIX_ValidateResult *valResult = NULL;
- PKIX_BuildResult *buildResult = NULL;
- void *nbioContext = NULL;
-
- PKIX_ENTER(BUILD, "pkix_Build_ResumeBuildChain");
- PKIX_NULLCHECK_TWO(state, pBuildResult);
-
- nbioContext = *pNBIOContext;
- *pNBIOContext = NULL;
-
- pkixErrorResult =
- pkix_BuildForwardDepthFirstSearch(&nbioContext, state,
- &valResult, plContext);
-
- /* non-null nbioContext means the build would block */
- if (pkixErrorResult == NULL && nbioContext != NULL) {
-
- *pNBIOContext = nbioContext;
- *pBuildResult = NULL;
-
- /* no valResult means the build has failed */
- } else {
- if (pVerifyNode != NULL) {
- PKIX_INCREF(state->verifyNode);
- *pVerifyNode = state->verifyNode;
- }
-
- if (valResult == NULL || pkixErrorResult)
- PKIX_ERROR(PKIX_UNABLETOBUILDCHAIN);
-
- PKIX_CHECK(
- pkix_BuildResult_Create(valResult, state->trustChain,
- &buildResult, plContext),
- PKIX_BUILDRESULTCREATEFAILED);
- *pBuildResult = buildResult;
- }
-
-cleanup:
-
- PKIX_DECREF(valResult);
-
- PKIX_RETURN(BUILD);
-}
-
-/* --Public-Functions--------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_BuildChain (see comments in pkix.h)
- */
-PKIX_Error *
-PKIX_BuildChain(
- PKIX_ProcessingParams *procParams,
- void **pNBIOContext,
- void **pState,
- PKIX_BuildResult **pBuildResult,
- PKIX_VerifyNode **pVerifyNode,
- void *plContext)
-{
- PKIX_ForwardBuilderState *state = NULL;
- PKIX_BuildResult *buildResult = NULL;
- void *nbioContext = NULL;
-
- PKIX_ENTER(BUILD, "PKIX_BuildChain");
- PKIX_NULLCHECK_FOUR(procParams, pNBIOContext, pState, pBuildResult);
-
- nbioContext = *pNBIOContext;
- *pNBIOContext = NULL;
-
- if (*pState == NULL) {
- PKIX_CHECK(pkix_Build_InitiateBuildChain
- (procParams,
- &nbioContext,
- &state,
- &buildResult,
- pVerifyNode,
- plContext),
- PKIX_BUILDINITIATEBUILDCHAINFAILED);
- } else {
- state = (PKIX_ForwardBuilderState *)(*pState);
- *pState = NULL; /* no net change in reference count */
- if (state->status == BUILD_SHORTCUTPENDING) {
- PKIX_CHECK(pkix_Build_InitiateBuildChain
- (procParams,
- &nbioContext,
- &state,
- &buildResult,
- pVerifyNode,
- plContext),
- PKIX_BUILDINITIATEBUILDCHAINFAILED);
- } else {
- PKIX_CHECK(pkix_Build_ResumeBuildChain
- (&nbioContext,
- state,
- &buildResult,
- pVerifyNode,
- plContext),
- PKIX_BUILDINITIATEBUILDCHAINFAILED);
- }
- }
-
- /* non-null nbioContext means the build would block */
- if (nbioContext != NULL) {
-
- *pNBIOContext = nbioContext;
- *pState = state;
- state = NULL;
- *pBuildResult = NULL;
-
- /* no buildResult means the build has failed */
- } else if (buildResult == NULL) {
- PKIX_ERROR(PKIX_UNABLETOBUILDCHAIN);
- } else {
- /*
- * If we made a successful chain by combining the target Cert
- * with one of the Trust Anchors, we may have never created a
- * validityDate. We treat this situation as
- * canBeCached = PKIX_FALSE.
- */
- if ((state != NULL) &&
- ((state->validityDate) != NULL) &&
- (state->canBeCached)) {
- PKIX_CHECK(pkix_CacheCertChain_Add
- (state->buildConstants.targetCert,
- state->buildConstants.anchors,
- state->validityDate,
- buildResult,
- plContext),
- PKIX_CACHECERTCHAINADDFAILED);
- }
-
- *pState = NULL;
- *pBuildResult = buildResult;
- buildResult = NULL;
- }
-
-cleanup:
- PKIX_DECREF(buildResult);
- PKIX_DECREF(state);
-
- PKIX_RETURN(BUILD);
-}
diff --git a/security/nss/lib/libpkix/pkix/top/pkix_build.h b/security/nss/lib/libpkix/pkix/top/pkix_build.h
deleted file mode 100755
index 2c11fa0c1..000000000
--- a/security/nss/lib/libpkix/pkix/top/pkix_build.h
+++ /dev/null
@@ -1,155 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_build.h
- *
- * Header file for buildChain function
- *
- */
-
-#ifndef _PKIX_BUILD_H
-#define _PKIX_BUILD_H
-#include "pkix_tools.h"
-#include "pkix_pl_ldapt.h"
-#include "pkix_ekuchecker.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef enum {
- BUILD_SHORTCUTPENDING,
- BUILD_INITIAL,
- BUILD_TRYAIA,
- BUILD_AIAPENDING,
- BUILD_COLLECTINGCERTS,
- BUILD_GATHERPENDING,
- BUILD_CERTVALIDATING,
- BUILD_ABANDONNODE,
- BUILD_CRLPREP,
- BUILD_CRL1,
- BUILD_DATEPREP,
- BUILD_CHECKTRUSTED,
- BUILD_CHECKTRUSTED2,
- BUILD_ADDTOCHAIN,
- BUILD_CRL2PREP,
- BUILD_CRL2,
- BUILD_VALCHAIN,
- BUILD_VALCHAIN2,
- BUILD_EXTENDCHAIN,
- BUILD_GETNEXTCERT
-} BuildStatus;
-
-typedef struct BuildConstantsStruct BuildConstants;
-
-/*
- * These fields (the ones that are objects) are not reference-counted
- * in *each* state, but only in the root, the state that has no parent.
- * That saves time in creation and destruction of child states, but is
- * safe enough since they are constants.
- */
-struct BuildConstantsStruct {
- PKIX_UInt32 numAnchors;
- PKIX_UInt32 numCertStores;
- PKIX_UInt32 numHintCerts;
- PKIX_UInt32 maxDepth;
- PKIX_UInt32 maxFanout;
- PKIX_UInt32 maxTime;
- PKIX_ProcessingParams *procParams;
- PKIX_PL_Date *testDate;
- PKIX_PL_Date *timeLimit;
- PKIX_PL_Cert *targetCert;
- PKIX_PL_PublicKey *targetPubKey;
- PKIX_List *certStores;
- PKIX_List *anchors;
- PKIX_List *userCheckers;
- PKIX_List *hintCerts;
- PKIX_RevocationChecker *revChecker;
- PKIX_PL_AIAMgr *aiaMgr;
- PKIX_Boolean useAIAForCertFetching;
-};
-
-struct PKIX_ForwardBuilderStateStruct{
- BuildStatus status;
- PKIX_Int32 traversedCACerts;
- PKIX_UInt32 certStoreIndex;
- PKIX_UInt32 numCerts;
- PKIX_UInt32 numAias;
- PKIX_UInt32 certIndex;
- PKIX_UInt32 aiaIndex;
- PKIX_UInt32 certCheckedIndex;
- PKIX_UInt32 checkerIndex;
- PKIX_UInt32 hintCertIndex;
- PKIX_UInt32 numFanout;
- PKIX_UInt32 numDepth;
- PKIX_UInt32 reasonCode;
- PKIX_Boolean revCheckDelayed;
- PKIX_Boolean canBeCached;
- PKIX_Boolean useOnlyLocal;
- PKIX_Boolean revChecking;
- PKIX_Boolean usingHintCerts;
- PKIX_Boolean certLoopingDetected;
- PKIX_PL_Date *validityDate;
- PKIX_PL_Cert *prevCert;
- PKIX_PL_Cert *candidateCert;
- PKIX_List *traversedSubjNames;
- PKIX_List *trustChain;
- PKIX_List *aia;
- PKIX_List *candidateCerts;
- PKIX_List *reversedCertChain;
- PKIX_List *checkedCritExtOIDs;
- PKIX_List *checkerChain;
- PKIX_CertSelector *certSel;
- PKIX_VerifyNode *verifyNode;
- void *client; /* messageHandler, such as LDAPClient */
- PKIX_ForwardBuilderState *parentState;
- BuildConstants buildConstants;
-};
-
-/* --Private-Functions-------------------------------------------- */
-
-PKIX_Error *
-pkix_ForwardBuilderState_RegisterSelf(void *plContext);
-
-PKIX_Error *
-PKIX_Build_GetNBIOContext(void *state, void **pNBIOContext, void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_BUILD_H */
diff --git a/security/nss/lib/libpkix/pkix/top/pkix_lifecycle.c b/security/nss/lib/libpkix/pkix/top/pkix_lifecycle.c
deleted file mode 100755
index f6e95d910..000000000
--- a/security/nss/lib/libpkix/pkix/top/pkix_lifecycle.c
+++ /dev/null
@@ -1,243 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_lifecycle.c
- *
- * Top level initialize and shutdown functions
- *
- */
-
-#include "pkix_lifecycle.h"
-
-static PKIX_Boolean pkixIsInitialized;
-
-/* Lock used by Logger - is reentrant by the same thread */
-extern PKIX_PL_MonitorLock *pkixLoggerLock;
-
-/*
- * Following pkix_* variables are for debugging purpose. They should be taken
- * out eventually. The purpose is to verify cache tables usage (via debugger).
- */
-int pkix_ccAddCount = 0;
-int pkix_ccLookupCount = 0;
-int pkix_ccRemoveCount = 0;
-int pkix_cAddCount = 0;
-int pkix_cLookupCount = 0;
-int pkix_cRemoveCount = 0;
-int pkix_ceAddCount = 0;
-int pkix_ceLookupCount = 0;
-
-PKIX_PL_HashTable *cachedCrlSigTable = NULL;
-PKIX_PL_HashTable *cachedCertSigTable = NULL;
-PKIX_PL_HashTable *cachedCertChainTable = NULL;
-PKIX_PL_HashTable *cachedCertTable = NULL;
-PKIX_PL_HashTable *cachedCrlEntryTable = NULL;
-PKIX_PL_HashTable *aiaConnectionCache = NULL;
-PKIX_PL_HashTable *httpSocketCache = NULL;
-
-extern PKIX_List *pkixLoggers;
-extern PKIX_List *pkixLoggersErrors;
-extern PKIX_List *pkixLoggersDebugTrace;
-
-/* --Public-Functions--------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_Initialize (see comments in pkix.h)
- */
-PKIX_Error *
-PKIX_Initialize(
- PKIX_Boolean platformInitNeeded,
- PKIX_UInt32 desiredMajorVersion,
- PKIX_UInt32 minDesiredMinorVersion,
- PKIX_UInt32 maxDesiredMinorVersion,
- PKIX_UInt32 *pActualMinorVersion,
- void **pPlContext)
-{
- void *plContext = NULL;
-
- PKIX_ENTER(LIFECYCLE, "PKIX_Initialize");
- PKIX_NULLCHECK_ONE(pPlContext);
-
- /*
- * If we are called a second time other than in the situation handled
- * above, we return a positive status.
- */
- if (pkixIsInitialized){
- /* Already initialized */
- PKIX_RETURN(LIFECYCLE);
- }
-
- PKIX_CHECK(PKIX_PL_Initialize
- (platformInitNeeded, PKIX_FALSE, &plContext),
- PKIX_INITIALIZEFAILED);
-
- *pPlContext = plContext;
-
- if (desiredMajorVersion != PKIX_MAJOR_VERSION){
- PKIX_ERROR(PKIX_MAJORVERSIONSDONTMATCH);
- }
-
- if ((minDesiredMinorVersion > PKIX_MINOR_VERSION) ||
- (maxDesiredMinorVersion < PKIX_MINOR_VERSION)){
- PKIX_ERROR(PKIX_MINORVERSIONNOTBETWEENDESIREDMINANDMAX);
- }
-
- *pActualMinorVersion = PKIX_MINOR_VERSION;
-
- /* Create Cache Tables
- * Do not initialize hash tables for object leak test */
-#if !defined(PKIX_OBJECT_LEAK_TEST)
- PKIX_CHECK(PKIX_PL_HashTable_Create
- (32, 0, &cachedCertSigTable, plContext),
- PKIX_HASHTABLECREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_HashTable_Create
- (32, 0, &cachedCrlSigTable, plContext),
- PKIX_HASHTABLECREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_HashTable_Create
- (32, 10, &cachedCertChainTable, plContext),
- PKIX_HASHTABLECREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_HashTable_Create
- (32, 10, &cachedCertTable, plContext),
- PKIX_HASHTABLECREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_HashTable_Create
- (32, 10, &cachedCrlEntryTable, plContext),
- PKIX_HASHTABLECREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_HashTable_Create
- (5, 5, &aiaConnectionCache, plContext),
- PKIX_HASHTABLECREATEFAILED);
-
-#ifdef PKIX_SOCKETCACHE
- PKIX_CHECK(PKIX_PL_HashTable_Create
- (5, 5, &httpSocketCache, plContext),
- PKIX_HASHTABLECREATEFAILED);
-#endif
- if (pkixLoggerLock == NULL) {
- PKIX_CHECK(PKIX_PL_MonitorLock_Create
- (&pkixLoggerLock, plContext),
- PKIX_MONITORLOCKCREATEFAILED);
- }
-#else
- fnInvTable = PL_NewHashTable(0, pkix_ErrorGen_Hash,
- PL_CompareValues,
- PL_CompareValues, NULL, NULL);
- if (!fnInvTable) {
- PKIX_ERROR(PKIX_HASHTABLECREATEFAILED);
- }
-
- fnStackNameArr = PORT_ZNewArray(char*, MAX_STACK_DEPTH);
- if (!fnStackNameArr) {
- PKIX_ERROR(PKIX_HASHTABLECREATEFAILED);
- }
-
- fnStackInvCountArr = PORT_ZNewArray(PKIX_UInt32, MAX_STACK_DEPTH);
- if (!fnStackInvCountArr) {
- PKIX_ERROR(PKIX_HASHTABLECREATEFAILED);
- }
-#endif /* PKIX_OBJECT_LEAK_TEST */
-
- pkixIsInitialized = PKIX_TRUE;
-
-cleanup:
-
- PKIX_RETURN(LIFECYCLE);
-}
-
-/*
- * FUNCTION: PKIX_Shutdown (see comments in pkix.h)
- */
-PKIX_Error *
-PKIX_Shutdown(void *plContext)
-{
- PKIX_List *savedPkixLoggers = NULL;
- PKIX_List *savedPkixLoggersErrors = NULL;
- PKIX_List *savedPkixLoggersDebugTrace = NULL;
-
- PKIX_ENTER(LIFECYCLE, "PKIX_Shutdown");
-
- if (!pkixIsInitialized){
- /* The library was not initialized */
- PKIX_RETURN(LIFECYCLE);
- }
-
- pkixIsInitialized = PKIX_FALSE;
-
- if (pkixLoggers) {
- savedPkixLoggers = pkixLoggers;
- savedPkixLoggersErrors = pkixLoggersErrors;
- savedPkixLoggersDebugTrace = pkixLoggersDebugTrace;
- pkixLoggers = NULL;
- pkixLoggersErrors = NULL;
- pkixLoggersDebugTrace = NULL;
- PKIX_DECREF(savedPkixLoggers);
- PKIX_DECREF(savedPkixLoggersErrors);
- PKIX_DECREF(savedPkixLoggersDebugTrace);
- }
- PKIX_DECREF(pkixLoggerLock);
-
- /* Destroy Cache Tables */
- PKIX_DECREF(cachedCertSigTable);
- PKIX_DECREF(cachedCrlSigTable);
- PKIX_DECREF(cachedCertChainTable);
- PKIX_DECREF(cachedCertTable);
- PKIX_DECREF(cachedCrlEntryTable);
- PKIX_DECREF(aiaConnectionCache);
- PKIX_DECREF(httpSocketCache);
-
- /* Clean up any temporary errors that happened during shutdown */
- if (pkixErrorList) {
- PKIX_PL_Object_DecRef((PKIX_PL_Object*)pkixErrorList, plContext);
- pkixErrorList = NULL;
- }
-
- PKIX_CHECK(PKIX_PL_Shutdown(plContext),
- PKIX_SHUTDOWNFAILED);
-
-#ifdef PKIX_OBJECT_LEAK_TEST
- PORT_Free(fnStackInvCountArr);
- PORT_Free(fnStackNameArr);
- PL_HashTableDestroy(fnInvTable);
-#endif
-
-cleanup:
-
- PKIX_RETURN(LIFECYCLE);
-}
diff --git a/security/nss/lib/libpkix/pkix/top/pkix_lifecycle.h b/security/nss/lib/libpkix/pkix/top/pkix_lifecycle.h
deleted file mode 100755
index f07ab2a6a..000000000
--- a/security/nss/lib/libpkix/pkix/top/pkix_lifecycle.h
+++ /dev/null
@@ -1,56 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_lifecycle.h
- *
- * Header file for initialize and shutdown functions.
- *
- */
-
-#ifndef _PKIX_LIFECYCLE_H
-#define _PKIX_LIFECYCLE_H
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_LIFECYCLE_H */
diff --git a/security/nss/lib/libpkix/pkix/top/pkix_validate.c b/security/nss/lib/libpkix/pkix/top/pkix_validate.c
deleted file mode 100755
index 1da8bb91d..000000000
--- a/security/nss/lib/libpkix/pkix/top/pkix_validate.c
+++ /dev/null
@@ -1,1404 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_validate.c
- *
- * Top level validateChain function
- *
- */
-
-#include "pkix_validate.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_AddToVerifyLog
- * DESCRIPTION:
- *
- * This function returns immediately if the address for the VerifyNode tree
- * pointed to by "pVerifyTree" is NULL. Otherwise it creates a new VerifyNode
- * from the Cert pointed to by "cert" and the Error pointed to by "error",
- * and inserts it at the depth in the VerifyNode tree determined by "depth". A
- * depth of zero means that this function creates the root node of a new tree.
- *
- * Note: this function does not include the means of choosing among branches
- * of a tree. It is intended for non-branching trees, that is, where each
- * parent node has only a single child node.
- *
- * PARAMETERS:
- * "cert"
- * The address of the Cert to be included in the new VerifyNode. Must be
- * non-NULL.
- * "depth"
- * The UInt32 value of the depth.
- * "error"
- * The address of the Error to be included in the new VerifyNode.
- * "pVerifyTree"
- * The address of the VerifyNode tree into which the created VerifyNode
- * is to be inserted. The node is not created if VerifyTree is NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Validate Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_AddToVerifyLog(
- PKIX_PL_Cert *cert,
- PKIX_UInt32 depth,
- PKIX_Error *error,
- PKIX_VerifyNode **pVerifyTree,
- void *plContext)
-{
-
- PKIX_VerifyNode *verifyNode = NULL;
-
- PKIX_ENTER(VALIDATE, "pkix_AddToVerifyLog");
- PKIX_NULLCHECK_ONE(cert);
-
- if (pVerifyTree) { /* nothing to do if no address given for log */
-
- PKIX_CHECK(pkix_VerifyNode_Create
- (cert, depth, error, &verifyNode, plContext),
- PKIX_VERIFYNODECREATEFAILED);
-
- if (depth == 0) {
- /* We just created the root node */
- *pVerifyTree = verifyNode;
- } else {
- PKIX_CHECK(pkix_VerifyNode_AddToChain
- (*pVerifyTree, verifyNode, plContext),
- PKIX_VERIFYNODEADDTOCHAINFAILED);
- }
- }
-
-cleanup:
-
- PKIX_RETURN(VALIDATE);
-
-}
-
-/*
- * FUNCTION: pkix_CheckCert
- * DESCRIPTION:
- *
- * Checks whether the Cert pointed to by "cert" successfully validates
- * using the List of CertChainCheckers pointed to by "checkers". If the
- * certificate does not validate, an Error pointer is returned.
- *
- * This function should be called initially with the UInt32 pointed to by
- * "pCheckerIndex" containing zero, and the pointer at "pNBIOContext"
- * containing NULL. If a checker does non-blocking I/O, this function will
- * return with the index of that checker stored at "pCheckerIndex" and a
- * platform-dependent non-blocking I/O context stored at "pNBIOContext".
- * A subsequent call to this function with those values intact will allow the
- * checking to resume where it left off. This should be repeated until the
- * function returns with NULL stored at "pNBIOContext".
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert to validate. Must be non-NULL.
- * "checkers"
- * List of CertChainCheckers which must each validate the certificate.
- * Must be non-NULL.
- * "checkedExtOIDs"
- * List of PKIX_PL_OID that has been processed. If called from building
- * chain, it is the list of critical extension OIDs that has been
- * processed prior to validation. May be NULL.
- * "pCheckerIndex"
- * Address at which is stored the the index, within the List "checkers",
- * of a checker whose processing was interrupted by non-blocking I/O.
- * Must be non-NULL.
- * "pNBIOContext"
- * Address at which is stored platform-specific non-blocking I/O context.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Validate Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_CheckCert(
- PKIX_PL_Cert *cert,
- PKIX_List *checkers,
- PKIX_List *checkedExtOIDsList,
- PKIX_UInt32 *pCheckerIndex,
- void **pNBIOContext,
- void *plContext)
-{
- PKIX_CertChainChecker_CheckCallback checkerCheck = NULL;
- PKIX_CertChainChecker *checker = NULL;
- PKIX_List *unresCritExtOIDs = NULL;
- PKIX_UInt32 numCheckers;
- PKIX_UInt32 numUnresCritExtOIDs = 0;
- PKIX_UInt32 checkerIndex = 0;
- void *nbioContext = NULL;
-
- PKIX_ENTER(VALIDATE, "pkix_CheckCert");
- PKIX_NULLCHECK_FOUR(cert, checkers, pCheckerIndex, pNBIOContext);
-
- nbioContext = *pNBIOContext;
- *pNBIOContext = NULL; /* prepare for case of error exit */
-
- PKIX_CHECK(PKIX_PL_Cert_GetCriticalExtensionOIDs
- (cert, &unresCritExtOIDs, plContext),
- PKIX_CERTGETCRITICALEXTENSIONOIDSFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength(checkers, &numCheckers, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (checkerIndex = *pCheckerIndex;
- checkerIndex < numCheckers;
- checkerIndex++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (checkers,
- checkerIndex,
- (PKIX_PL_Object **)&checker,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(PKIX_CertChainChecker_GetCheckCallback
- (checker, &checkerCheck, plContext),
- PKIX_CERTCHAINCHECKERGETCHECKCALLBACKFAILED);
-
- PKIX_CHECK(checkerCheck(checker, cert, unresCritExtOIDs,
- &nbioContext, plContext),
- PKIX_CERTCHAINCHECKERCHECKFAILED);
-
- if (nbioContext != NULL) {
- *pCheckerIndex = checkerIndex;
- *pNBIOContext = nbioContext;
- goto cleanup;
- }
-
- PKIX_DECREF(checker);
- }
-
- if (unresCritExtOIDs){
-
-#ifdef PKIX_VALIDATEDEBUG
- {
- PKIX_PL_String *oidString = NULL;
- PKIX_UInt32 length;
- char *oidAscii = NULL;
- PKIX_TOSTRING(unresCritExtOIDs, &oidString, plContext,
- PKIX_LISTTOSTRINGFAILED);
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (oidString,
- PKIX_ESCASCII,
- (void **) &oidAscii,
- &length,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
- PKIX_VALIDATE_DEBUG_ARG
- ("unrecognized critical extension OIDs:"
- " %s\n", oidAscii);
- PKIX_DECREF(oidString);
- PKIX_PL_Free(oidAscii, plContext);
- }
-#endif
-
- if (checkedExtOIDsList != NULL) {
- /* Take out OID's that had been processed, if any */
- PKIX_CHECK(pkix_List_RemoveItems
- (unresCritExtOIDs,
- checkedExtOIDsList,
- plContext),
- PKIX_LISTREMOVEITEMSFAILED);
- }
-
- PKIX_CHECK(PKIX_List_GetLength
- (unresCritExtOIDs, &numUnresCritExtOIDs, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- if (numUnresCritExtOIDs != 0){
- PKIX_ERROR(PKIX_UNRECOGNIZEDCRITICALEXTENSION);
- }
-
- }
-
-cleanup:
-
- PKIX_DECREF(checker);
- PKIX_DECREF(unresCritExtOIDs);
-
- PKIX_RETURN(VALIDATE);
-
-}
-
-/*
- * FUNCTION: pkix_InitializeCheckers
- * DESCRIPTION:
- *
- * Creates several checkers and initializes them with values derived from the
- * TrustAnchor pointed to by "anchor", the ProcessingParams pointed to by
- * "procParams", and the number of Certs in the Chain, represented by
- * "numCerts". The List of checkers is stored at "pCheckers".
- *
- * PARAMETERS:
- * "anchor"
- * Address of TrustAnchor used to initialize the SignatureChecker and
- * NameChainingChecker. Must be non-NULL.
- * "procParams"
- * Address of ProcessingParams used to initialize the ExpirationChecker
- * and TargetCertChecker. Must be non-NULL.
- * "numCerts"
- * Number of certificates in the CertChain.
- * "pCheckers"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Validate Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_InitializeCheckers(
- PKIX_TrustAnchor *anchor,
- PKIX_ProcessingParams *procParams,
- PKIX_UInt32 numCerts,
- PKIX_List **pCheckers,
- void *plContext)
-{
- PKIX_CertChainChecker *targetCertChecker = NULL;
- PKIX_CertChainChecker *expirationChecker = NULL;
- PKIX_CertChainChecker *nameChainingChecker = NULL;
- PKIX_CertChainChecker *nameConstraintsChecker = NULL;
- PKIX_CertChainChecker *basicConstraintsChecker = NULL;
- PKIX_CertChainChecker *policyChecker = NULL;
- PKIX_CertChainChecker *sigChecker = NULL;
- PKIX_CertChainChecker *defaultCrlChecker = NULL;
- PKIX_CertChainChecker *userChecker = NULL;
- PKIX_PL_X500Name *trustedCAName = NULL;
- PKIX_PL_PublicKey *trustedPubKey = NULL;
- PKIX_List *checkers = NULL;
- PKIX_PL_Date *testDate = NULL;
- PKIX_CertSelector *certSelector = NULL;
- PKIX_PL_Cert *trustedCert = NULL;
- PKIX_PL_CertNameConstraints *trustedNC = NULL;
- PKIX_List *initialPolicies = NULL;
- PKIX_Boolean policyQualifiersRejected = PKIX_FALSE;
- PKIX_Boolean initialPolicyMappingInhibit = PKIX_FALSE;
- PKIX_Boolean initialAnyPolicyInhibit = PKIX_FALSE;
- PKIX_Boolean initialExplicitPolicy = PKIX_FALSE;
- PKIX_List *userCheckersList = NULL;
- PKIX_List *certStores = NULL;
- PKIX_UInt32 numCertCheckers = 0;
- PKIX_UInt32 i;
-
- PKIX_ENTER(VALIDATE, "pkix_InitializeCheckers");
- PKIX_NULLCHECK_THREE(anchor, procParams, pCheckers);
- PKIX_CHECK(PKIX_List_Create(&checkers, plContext),
- PKIX_LISTCREATEFAILED);
-
- /*
- * The TrustAnchor may have been created using CreateWithCert
- * (in which case GetCAPublicKey and GetCAName will return NULL)
- * or may have been created using CreateWithNameKeyPair (in which
- * case GetTrustedCert will return NULL. So we call GetTrustedCert
- * and populate trustedPubKey and trustedCAName accordingly.
- */
-
- PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCert
- (anchor, &trustedCert, plContext),
- PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED);
-
- if (trustedCert){
- PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKey
- (trustedCert, &trustedPubKey, plContext),
- PKIX_CERTGETSUBJECTPUBLICKEYFAILED);
-
- PKIX_CHECK(PKIX_PL_Cert_GetSubject
- (trustedCert, &trustedCAName, plContext),
- PKIX_CERTGETSUBJECTFAILED);
- } else {
- PKIX_CHECK(PKIX_TrustAnchor_GetCAPublicKey
- (anchor, &trustedPubKey, plContext),
- PKIX_TRUSTANCHORGETCAPUBLICKEYFAILED);
-
- PKIX_CHECK(PKIX_TrustAnchor_GetCAName
- (anchor, &trustedCAName, plContext),
- PKIX_TRUSTANCHORGETCANAMEFAILED);
- }
-
- PKIX_NULLCHECK_TWO(trustedPubKey, trustedCAName);
-
- PKIX_CHECK(PKIX_TrustAnchor_GetNameConstraints
- (anchor, &trustedNC, plContext),
- PKIX_TRUSTANCHORGETNAMECONSTRAINTSFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_GetTargetCertConstraints
- (procParams, &certSelector, plContext),
- PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_GetDate
- (procParams, &testDate, plContext),
- PKIX_PROCESSINGPARAMSGETDATEFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_GetInitialPolicies
- (procParams, &initialPolicies, plContext),
- PKIX_PROCESSINGPARAMSGETINITIALPOLICIESFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_GetPolicyQualifiersRejected
- (procParams, &policyQualifiersRejected, plContext),
- PKIX_PROCESSINGPARAMSGETPOLICYQUALIFIERSREJECTEDFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_IsPolicyMappingInhibited
- (procParams, &initialPolicyMappingInhibit, plContext),
- PKIX_PROCESSINGPARAMSISPOLICYMAPPINGINHIBITEDFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_IsAnyPolicyInhibited
- (procParams, &initialAnyPolicyInhibit, plContext),
- PKIX_PROCESSINGPARAMSISANYPOLICYINHIBITEDFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_IsExplicitPolicyRequired
- (procParams, &initialExplicitPolicy, plContext),
- PKIX_PROCESSINGPARAMSISEXPLICITPOLICYREQUIREDFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_GetCertStores
- (procParams, &certStores, plContext),
- PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_GetCertChainCheckers
- (procParams, &userCheckersList, plContext),
- PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED);
-
- /* now, initialize all the checkers */
- PKIX_CHECK(pkix_TargetCertChecker_Initialize
- (certSelector, numCerts, &targetCertChecker, plContext),
- PKIX_TARGETCERTCHECKERINITIALIZEFAILED);
-
- PKIX_CHECK(pkix_ExpirationChecker_Initialize
- (testDate, &expirationChecker, plContext),
- PKIX_EXPIRATIONCHECKERINITIALIZEFAILED);
-
- PKIX_CHECK(pkix_NameChainingChecker_Initialize
- (trustedCAName, &nameChainingChecker, plContext),
- PKIX_NAMECHAININGCHECKERINITIALIZEFAILED);
-
- PKIX_CHECK(pkix_NameConstraintsChecker_Initialize
- (trustedNC, numCerts, &nameConstraintsChecker, plContext),
- PKIX_NAMECONSTRAINTSCHECKERINITIALIZEFAILED);
-
- PKIX_CHECK(pkix_BasicConstraintsChecker_Initialize
- (numCerts, &basicConstraintsChecker, plContext),
- PKIX_BASICCONSTRAINTSCHECKERINITIALIZEFAILED);
-
- PKIX_CHECK(pkix_PolicyChecker_Initialize
- (initialPolicies,
- policyQualifiersRejected,
- initialPolicyMappingInhibit,
- initialExplicitPolicy,
- initialAnyPolicyInhibit,
- numCerts,
- &policyChecker,
- plContext),
- PKIX_POLICYCHECKERINITIALIZEFAILED);
-
- PKIX_CHECK(pkix_SignatureChecker_Initialize
- (trustedPubKey, numCerts, &sigChecker, plContext),
- PKIX_SIGNATURECHECKERINITIALIZEFAILED);
-
- if (userCheckersList != NULL) {
-
- PKIX_CHECK(PKIX_List_GetLength
- (userCheckersList, &numCertCheckers, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (i = 0; i < numCertCheckers; i++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (userCheckersList,
- i,
- (PKIX_PL_Object **) &userChecker,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (checkers,
- (PKIX_PL_Object *)userChecker,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_DECREF(userChecker);
- }
- }
-
- PKIX_CHECK(PKIX_List_AppendItem
- (checkers, (PKIX_PL_Object *)targetCertChecker, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (checkers, (PKIX_PL_Object *)expirationChecker, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (checkers, (PKIX_PL_Object *)nameChainingChecker, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (checkers, (PKIX_PL_Object *)nameConstraintsChecker, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (checkers, (PKIX_PL_Object *)basicConstraintsChecker, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (checkers, (PKIX_PL_Object *)policyChecker, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (checkers, (PKIX_PL_Object *)sigChecker, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- *pCheckers = checkers;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(checkers);
- }
-
- PKIX_DECREF(certSelector);
- PKIX_DECREF(testDate);
- PKIX_DECREF(initialPolicies);
- PKIX_DECREF(targetCertChecker);
- PKIX_DECREF(expirationChecker);
- PKIX_DECREF(nameChainingChecker);
- PKIX_DECREF(nameConstraintsChecker);
- PKIX_DECREF(basicConstraintsChecker);
- PKIX_DECREF(policyChecker);
- PKIX_DECREF(sigChecker);
- PKIX_DECREF(trustedCAName);
- PKIX_DECREF(trustedPubKey);
- PKIX_DECREF(trustedNC);
- PKIX_DECREF(trustedCert);
- PKIX_DECREF(defaultCrlChecker);
- PKIX_DECREF(userCheckersList);
- PKIX_DECREF(certStores);
- PKIX_DECREF(userChecker);
-
- PKIX_RETURN(VALIDATE);
-}
-
-/*
- * FUNCTION: pkix_RetrieveOutputs
- * DESCRIPTION:
- *
- * This function queries the respective states of the List of checkers in
- * "checkers" to to obtain the final public key from the SignatureChecker
- * and the policy tree from the PolicyChecker, storing those values at
- * "pFinalSubjPubKey" and "pPolicyTree", respectively.
- *
- * PARAMETERS:
- * "checkers"
- * Address of List of checkers to be queried. Must be non-NULL.
- * "pFinalSubjPubKey"
- * Address where final public key will be stored. Must be non-NULL.
- * "pPolicyTree"
- * Address where policy tree will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Validate Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_RetrieveOutputs(
- PKIX_List *checkers,
- PKIX_PL_PublicKey **pFinalSubjPubKey,
- PKIX_PolicyNode **pPolicyTree,
- void *plContext)
-{
- PKIX_PL_PublicKey *finalSubjPubKey = NULL;
- PKIX_PolicyNode *validPolicyTree = NULL;
- PKIX_CertChainChecker *checker = NULL;
- PKIX_PL_Object *state = NULL;
- PKIX_UInt32 numCheckers = 0;
- PKIX_UInt32 type;
- PKIX_Int32 j;
-
- PKIX_ENTER(VALIDATE, "pkix_RetrieveOutputs");
-
- PKIX_NULLCHECK_TWO(checkers, pPolicyTree);
-
- /*
- * To optimize the search, we guess that the sigChecker is
- * last in the tree and is preceded by the policyChecker. We
- * search toward the front of the chain. Remember that List
- * items are indexed 0..(numItems - 1).
- */
-
- PKIX_CHECK(PKIX_List_GetLength(checkers, &numCheckers, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (j = numCheckers - 1; j >= 0; j--){
- PKIX_CHECK(PKIX_List_GetItem
- (checkers, j, (PKIX_PL_Object **)&checker, plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
- (checker, &state, plContext),
- PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
-
- /* user defined checker may have no state */
- if (state != NULL) {
-
- PKIX_CHECK(PKIX_PL_Object_GetType(state, &type, plContext),
- PKIX_OBJECTGETTYPEFAILED);
-
- if (type == PKIX_SIGNATURECHECKERSTATE_TYPE){
- /* final pubKey will include any inherited DSA params */
- finalSubjPubKey =
- ((pkix_SignatureCheckerState *)state)->
- prevPublicKey;
- PKIX_INCREF(finalSubjPubKey);
- *pFinalSubjPubKey = finalSubjPubKey;
- }
-
- if (type == PKIX_CERTPOLICYCHECKERSTATE_TYPE) {
- validPolicyTree =
- ((PKIX_PolicyCheckerState *)state)->validPolicyTree;
- break;
- }
- }
-
- PKIX_DECREF(checker);
- PKIX_DECREF(state);
- }
-
- PKIX_INCREF(validPolicyTree);
- *pPolicyTree = validPolicyTree;
-
-cleanup:
-
- PKIX_DECREF(checker);
- PKIX_DECREF(state);
-
- PKIX_RETURN(VALIDATE);
-
-}
-
-/*
- * FUNCTION: pkix_CheckChain
- * DESCRIPTION:
- *
- * Checks whether the List of Certs pointed to by "certs", containing
- * "numCerts" entries, successfully validates using each CertChainChecker in
- * the List pointed to by "checkers" and has not been revoked, according to any
- * of the Revocation Checkers in the List pointed to by "revChecker". Checkers
- * are expected to remove from "removeCheckedExtOIDs" and extensions that they
- * process. Indices to the certChain and the checkerChain are obtained and
- * returned in "pCertCheckedIndex" and "pCheckerIndex", respectively. These
- * should be set to zero prior to the initial call, but may be changed (and
- * must be supplied on subsequent calls) if processing is suspended for non-
- * blocking I/O. Each time a Cert passes from being validated by one of the
- * CertChainCheckers to being checked by a Revocation Checker, the Boolean
- * stored at "pRevChecking" is changed from FALSE to TRUE. If the Cert is
- * rejected by a Revocation Checker, its reason code is returned at
- * "pReasonCode. If the List of Certs successfully validates, the public key i
- * the final certificate is obtained and stored at "pFinalSubjPubKey" and the
- * validPolicyTree, which could be NULL, is stored at pPolicyTree. If the List
- * of Certs fails to validate, an Error pointer is returned.
- *
- * If "pVerifyTree" is non-NULL, a chain of VerifyNodes is created which
- * tracks the results of the validation. That is, either each node in the
- * chain has a NULL Error component, or the last node contains an Error
- * which indicates why the validation failed.
- *
- * The number of Certs in the List, represented by "numCerts", is used to
- * determine which Cert is the final Cert.
- *
- * PARAMETERS:
- * "certs"
- * Address of List of Certs to validate. Must be non-NULL.
- * "numCerts"
- * Number of certificates in the List of certificates.
- * "checkers"
- * List of CertChainCheckers which must each validate the List of
- * certificates. Must be non-NULL.
- * "revChecker"
- * List of RevocationCheckers which must each not reject the List of
- * certificates. May be empty, but must be non-NULL.
- * "removeCheckedExtOIDs"
- * List of PKIX_PL_OID that has been processed. If called from building
- * chain, it is the list of critical extension OIDs that has been
- * processed prior to validation. Extension OIDs that may be processed by
- * user defined checker processes are also in the list. May be NULL.
- * "procParams"
- * Address of ProcessingParams used to initialize various checkers. Must
- * be non-NULL.
- * "pCertCheckedIndex"
- * Address where Int32 index to the Cert chain is obtained and
- * returned. Must be non-NULL.
- * "pCheckerIndex"
- * Address where Int32 index to the CheckerChain is obtained and
- * returned. Must be non-NULL.
- * "pRevChecking"
- * Address where Boolean is obtained and returned, indicating, if FALSE,
- * that CertChainCheckers are being called; or, if TRUE, that RevChecker
- * are being called. Must be non-NULL.
- * "pReasonCode"
- * Address where UInt32 results of revocation checking are stored. Must be
- * non-NULL.
- * "pNBIOContext"
- * Address where platform-dependent context is stored if checking is
- * suspended for non-blocking I/O. Must be non-NULL.
- * "pFinalSubjPubKey"
- * Address where the final public key will be stored. Must be non-NULL.
- * "pPolicyTree"
- * Address where the final validPolicyTree is stored. Must be non-NULL.
- * "pVerifyTree"
- * Address where a VerifyTree is stored, if non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Validate Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_CheckChain(
- PKIX_List *certs,
- PKIX_UInt32 numCerts,
- PKIX_TrustAnchor *anchor,
- PKIX_List *checkers,
- PKIX_RevocationChecker *revChecker,
- PKIX_List *removeCheckedExtOIDs,
- PKIX_ProcessingParams *procParams,
- PKIX_UInt32 *pCertCheckedIndex,
- PKIX_UInt32 *pCheckerIndex,
- PKIX_Boolean *pRevChecking,
- PKIX_UInt32 *pReasonCode,
- void **pNBIOContext,
- PKIX_PL_PublicKey **pFinalSubjPubKey,
- PKIX_PolicyNode **pPolicyTree,
- PKIX_VerifyNode **pVerifyTree,
- void *plContext)
-{
- PKIX_UInt32 j = 0;
- PKIX_Boolean revChecking = PKIX_FALSE;
- PKIX_Error *checkCertError = NULL;
- void *nbioContext = NULL;
- PKIX_PL_Cert *cert = NULL;
- PKIX_PL_Cert *issuer = NULL;
-
- PKIX_ENTER(VALIDATE, "pkix_CheckChain");
- PKIX_NULLCHECK_FOUR(certs, checkers, revChecker, pCertCheckedIndex);
- PKIX_NULLCHECK_FOUR(pCheckerIndex, pRevChecking, pReasonCode, anchor);
- PKIX_NULLCHECK_THREE(pNBIOContext, pFinalSubjPubKey, pPolicyTree);
-
- nbioContext = *pNBIOContext;
- *pNBIOContext = NULL;
- revChecking = *pRevChecking;
-
- PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCert
- (anchor, &cert, plContext),
- PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED);
-
- for (j = *pCertCheckedIndex; j < numCerts; j++) {
-
- PORT_Assert(cert);
- PKIX_DECREF(issuer);
- issuer = cert;
- cert = NULL;
-
- PKIX_CHECK(PKIX_List_GetItem(
- certs, j, (PKIX_PL_Object **)&cert, plContext),
- PKIX_LISTGETITEMFAILED);
-
- /* check if cert pointer is valid */
- PORT_Assert(cert);
- if (cert == NULL) {
- continue;
- }
-
- if (revChecking == PKIX_FALSE) {
-
- PKIX_CHECK(pkix_CheckCert
- (cert,
- checkers,
- removeCheckedExtOIDs,
- pCheckerIndex,
- &nbioContext,
- plContext),
- PKIX_CHECKCERTFAILED);
-
- if (nbioContext != NULL) {
- *pCertCheckedIndex = j;
- *pRevChecking = revChecking;
- *pNBIOContext = nbioContext;
- goto cleanup;
- }
-
- revChecking = PKIX_TRUE;
- *pCheckerIndex = 0;
- }
-
- if (revChecking == PKIX_TRUE) {
- PKIX_RevocationStatus revStatus;
- pkixErrorResult =
- PKIX_RevocationChecker_Check(
- cert, issuer, revChecker,
- procParams, PKIX_TRUE,
- (j == numCerts - 1) ? PKIX_TRUE : PKIX_FALSE,
- &revStatus, pReasonCode,
- &nbioContext, plContext);
- if (nbioContext != NULL) {
- *pCertCheckedIndex = j;
- *pRevChecking = revChecking;
- *pNBIOContext = nbioContext;
- goto cleanup;
- }
- if (revStatus == PKIX_RevStatus_Revoked ||
- pkixErrorResult) {
- if (!pkixErrorResult) {
- /* if pkixErrorResult is returned then
- * use it as it has a detailed revocation
- * error code. Otherwise create a new error */
- PKIX_ERROR_CREATE(VALIDATE,
- PKIX_CERTIFICATEREVOKED,
- pkixErrorResult);
- }
- goto cleanup;
- }
- revChecking = PKIX_FALSE;
- *pCheckerIndex = 0;
- }
-
- PKIX_CHECK(pkix_AddToVerifyLog
- (cert, j, NULL, pVerifyTree, plContext),
- PKIX_ADDTOVERIFYLOGFAILED);
- }
-
- PKIX_CHECK(pkix_RetrieveOutputs
- (checkers, pFinalSubjPubKey, pPolicyTree, plContext),
- PKIX_RETRIEVEOUTPUTSFAILED);
-
- *pNBIOContext = NULL;
-
-cleanup:
- if (PKIX_ERROR_RECEIVED && cert) {
- checkCertError = pkixErrorResult;
-
- PKIX_CHECK_FATAL(
- pkix_AddToVerifyLog(cert, j, checkCertError, pVerifyTree,
- plContext),
- PKIX_ADDTOVERIFYLOGFAILED);
- pkixErrorResult = checkCertError;
- pkixErrorCode = pkixErrorResult->errCode;
- checkCertError = NULL;
- }
-
-fatal:
- PKIX_DECREF(checkCertError);
- PKIX_DECREF(cert);
- PKIX_DECREF(issuer);
-
- PKIX_RETURN(VALIDATE);
-}
-
-/*
- * FUNCTION: pkix_ExtractParameters
- * DESCRIPTION:
- *
- * Extracts several parameters from the ValidateParams object pointed to by
- * "valParams" and stores the CertChain at "pChain", the List of Certs at
- * "pCerts", the number of Certs in the chain at "pNumCerts", the
- * ProcessingParams object at "pProcParams", the List of TrustAnchors at
- * "pAnchors", and the number of TrustAnchors at "pNumAnchors".
- *
- * PARAMETERS:
- * "valParams"
- * Address of ValidateParams from which the parameters are extracted.
- * Must be non-NULL.
- * "pCerts"
- * Address where object pointer for List of Certs will be stored.
- * Must be non-NULL.
- * "pNumCerts"
- * Address where number of Certs will be stored. Must be non-NULL.
- * "pProcParams"
- * Address where object pointer for ProcessingParams will be stored.
- * Must be non-NULL.
- * "pAnchors"
- * Address where object pointer for List of Anchors will be stored.
- * Must be non-NULL.
- * "pNumAnchors"
- * Address where number of Anchors will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Validate Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_ExtractParameters(
- PKIX_ValidateParams *valParams,
- PKIX_List **pCerts,
- PKIX_UInt32 *pNumCerts,
- PKIX_ProcessingParams **pProcParams,
- PKIX_List **pAnchors,
- PKIX_UInt32 *pNumAnchors,
- void *plContext)
-{
- PKIX_ENTER(VALIDATE, "pkix_ExtractParameters");
- PKIX_NULLCHECK_THREE(valParams, pCerts, pNumCerts);
- PKIX_NULLCHECK_THREE(pProcParams, pAnchors, pNumAnchors);
-
- /* extract relevant parameters from chain */
- PKIX_CHECK(PKIX_ValidateParams_GetCertChain
- (valParams, pCerts, plContext),
- PKIX_VALIDATEPARAMSGETCERTCHAINFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength(*pCerts, pNumCerts, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- /* extract relevant parameters from procParams */
- PKIX_CHECK(PKIX_ValidateParams_GetProcessingParams
- (valParams, pProcParams, plContext),
- PKIX_VALIDATEPARAMSGETPROCESSINGPARAMSFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_GetTrustAnchors
- (*pProcParams, pAnchors, plContext),
- PKIX_PROCESSINGPARAMSGETTRUSTANCHORSFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength(*pAnchors, pNumAnchors, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
-cleanup:
-
- PKIX_RETURN(VALIDATE);
-}
-
-/* --Public-Functions--------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_ValidateChain (see comments in pkix.h)
- */
-PKIX_Error *
-PKIX_ValidateChain(
- PKIX_ValidateParams *valParams,
- PKIX_ValidateResult **pResult,
- PKIX_VerifyNode **pVerifyTree,
- void *plContext)
-{
- PKIX_Error *chainFailed = NULL;
-
- PKIX_ProcessingParams *procParams = NULL;
- PKIX_CertChainChecker *userChecker = NULL;
- PKIX_RevocationChecker *revChecker = NULL;
- PKIX_List *certs = NULL;
- PKIX_List *checkers = NULL;
- PKIX_List *anchors = NULL;
- PKIX_List *userCheckers = NULL;
- PKIX_List *userCheckerExtOIDs = NULL;
- PKIX_List *validateCheckedCritExtOIDsList = NULL;
- PKIX_TrustAnchor *anchor = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_PL_PublicKey *finalPubKey = NULL;
- PKIX_PolicyNode *validPolicyTree = NULL;
- PKIX_Boolean supportForwarding = PKIX_FALSE;
- PKIX_Boolean revChecking = PKIX_FALSE;
- PKIX_UInt32 i, numCerts, numAnchors;
- PKIX_UInt32 numUserCheckers = 0;
- PKIX_UInt32 certCheckedIndex = 0;
- PKIX_UInt32 checkerIndex = 0;
- PKIX_UInt32 reasonCode = 0;
- void *nbioContext = NULL;
-
- PKIX_ENTER(VALIDATE, "PKIX_ValidateChain");
- PKIX_NULLCHECK_TWO(valParams, pResult);
-
- /* extract various parameters from valParams */
- PKIX_CHECK(pkix_ExtractParameters
- (valParams,
- &certs,
- &numCerts,
- &procParams,
- &anchors,
- &numAnchors,
- plContext),
- PKIX_EXTRACTPARAMETERSFAILED);
-
- /*
- * setup an extension OID list that user had defined for his checker
- * processing. User checker is not responsible for taking out OIDs
- * from unresolved critical extension list as the libpkix checker
- * is doing. Here we add those user checkers' OIDs to the removal
- * list to be taken out by CheckChain
- */
- PKIX_CHECK(PKIX_ProcessingParams_GetCertChainCheckers
- (procParams, &userCheckers, plContext),
- PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED);
-
- if (userCheckers != NULL) {
-
- PKIX_CHECK(PKIX_List_Create
- (&validateCheckedCritExtOIDsList,
- plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength
- (userCheckers, &numUserCheckers, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (i = 0; i < numUserCheckers; i++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (userCheckers,
- i,
- (PKIX_PL_Object **) &userChecker,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK
- (PKIX_CertChainChecker_IsForwardCheckingSupported
- (userChecker, &supportForwarding, plContext),
- PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED);
-
- if (supportForwarding == PKIX_FALSE) {
-
- PKIX_CHECK
- (PKIX_CertChainChecker_GetSupportedExtensions
- (userChecker, &userCheckerExtOIDs, plContext),
- PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED);
-
- if (userCheckerExtOIDs != NULL) {
- PKIX_CHECK(pkix_List_AppendList
- (validateCheckedCritExtOIDsList,
- userCheckerExtOIDs,
- plContext),
- PKIX_LISTAPPENDLISTFAILED);
- }
- }
-
- PKIX_DECREF(userCheckerExtOIDs);
- PKIX_DECREF(userChecker);
- }
- }
-
- PKIX_CHECK(PKIX_ProcessingParams_GetRevocationChecker
- (procParams, &revChecker, plContext),
- PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED);
-
- /* try to validate the chain with each anchor */
- for (i = 0; i < numAnchors; i++){
-
- /* get trust anchor */
- PKIX_CHECK(PKIX_List_GetItem
- (anchors, i, (PKIX_PL_Object **)&anchor, plContext),
- PKIX_LISTGETITEMFAILED);
-
- /* initialize checkers using information from trust anchor */
- PKIX_CHECK(pkix_InitializeCheckers
- (anchor, procParams, numCerts, &checkers, plContext),
- PKIX_INITIALIZECHECKERSFAILED);
-
- /*
- * Validate the chain using this trust anchor and these
- * checkers. (WARNING: checkers that use non-blocking I/O
- * are not currently supported.)
- */
- certCheckedIndex = 0;
- checkerIndex = 0;
- revChecking = PKIX_FALSE;
- chainFailed = pkix_CheckChain
- (certs,
- numCerts,
- anchor,
- checkers,
- revChecker,
- validateCheckedCritExtOIDsList,
- procParams,
- &certCheckedIndex,
- &checkerIndex,
- &revChecking,
- &reasonCode,
- &nbioContext,
- &finalPubKey,
- &validPolicyTree,
- pVerifyTree,
- plContext);
-
- if (chainFailed || (reasonCode != 0)) {
-
- /* cert chain failed to validate */
-
- PKIX_DECREF(chainFailed);
- PKIX_DECREF(anchor);
- PKIX_DECREF(checkers);
- PKIX_DECREF(validPolicyTree);
-
- /* if last anchor, we fail; else, we try next anchor */
- if (i == (numAnchors - 1)) { /* last anchor */
- PKIX_ERROR(PKIX_VALIDATECHAINFAILED);
- }
-
- } else {
-
- /* cert chain successfully validated! */
- PKIX_CHECK(pkix_ValidateResult_Create
- (finalPubKey,
- anchor,
- validPolicyTree,
- &valResult,
- plContext),
- PKIX_VALIDATERESULTCREATEFAILED);
-
- *pResult = valResult;
-
- /* no need to try any more anchors in the loop */
- goto cleanup;
- }
- }
-
-cleanup:
-
- PKIX_DECREF(finalPubKey);
- PKIX_DECREF(certs);
- PKIX_DECREF(anchors);
- PKIX_DECREF(anchor);
- PKIX_DECREF(checkers);
- PKIX_DECREF(revChecker);
- PKIX_DECREF(validPolicyTree);
- PKIX_DECREF(chainFailed);
- PKIX_DECREF(procParams);
- PKIX_DECREF(userCheckers);
- PKIX_DECREF(validateCheckedCritExtOIDsList);
-
- PKIX_RETURN(VALIDATE);
-}
-
-/*
- * FUNCTION: pkix_Validate_BuildUserOIDs
- * DESCRIPTION:
- *
- * This function creates a List of the OIDs that are processed by the user
- * checkers in the List pointed to by "userCheckers", storing the resulting
- * List at "pUserCritOIDs". If the List of userCheckers is NULL, the output
- * List will be NULL. Otherwise the output List will be non-NULL, but may be
- * empty.
- *
- * PARAMETERS:
- * "userCheckers"
- * The address of the List of userCheckers.
- * "pUserCritOIDs"
- * The address at which the List is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a VALIDATE Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_Validate_BuildUserOIDs(
- PKIX_List *userCheckers,
- PKIX_List **pUserCritOIDs,
- void *plContext)
-{
- PKIX_UInt32 numUserCheckers = 0;
- PKIX_UInt32 i = 0;
- PKIX_List *userCritOIDs = NULL;
- PKIX_List *userCheckerExtOIDs = NULL;
- PKIX_Boolean supportForwarding = PKIX_FALSE;
- PKIX_CertChainChecker *userChecker = NULL;
-
- PKIX_ENTER(VALIDATE, "pkix_Validate_BuildUserOIDs");
- PKIX_NULLCHECK_ONE(pUserCritOIDs);
-
- if (userCheckers != NULL) {
- PKIX_CHECK(PKIX_List_Create(&userCritOIDs, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength
- (userCheckers, &numUserCheckers, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (i = 0; i < numUserCheckers; i++) {
- PKIX_CHECK(PKIX_List_GetItem
- (userCheckers,
- i,
- (PKIX_PL_Object **) &userChecker,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(PKIX_CertChainChecker_IsForwardCheckingSupported
- (userChecker, &supportForwarding, plContext),
- PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED);
-
- if (supportForwarding == PKIX_FALSE) {
-
- PKIX_CHECK(PKIX_CertChainChecker_GetSupportedExtensions
- (userChecker, &userCheckerExtOIDs, plContext),
- PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED);
-
- if (userCheckerExtOIDs != NULL) {
- PKIX_CHECK(pkix_List_AppendList
- (userCritOIDs, userCheckerExtOIDs, plContext),
- PKIX_LISTAPPENDLISTFAILED);
- }
- }
-
- PKIX_DECREF(userCheckerExtOIDs);
- PKIX_DECREF(userChecker);
- }
- }
-
- *pUserCritOIDs = userCritOIDs;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(userCritOIDs);
- }
-
- PKIX_DECREF(userCheckerExtOIDs);
- PKIX_DECREF(userChecker);
-
- PKIX_RETURN(VALIDATE);
-}
-
-/*
- * FUNCTION: PKIX_ValidateChain_nb (see comments in pkix.h)
- */
-PKIX_Error *
-PKIX_ValidateChain_NB(
- PKIX_ValidateParams *valParams,
- PKIX_UInt32 *pCertIndex,
- PKIX_UInt32 *pAnchorIndex,
- PKIX_UInt32 *pCheckerIndex,
- PKIX_Boolean *pRevChecking,
- PKIX_List **pCheckers,
- void **pNBIOContext,
- PKIX_ValidateResult **pResult,
- PKIX_VerifyNode **pVerifyTree,
- void *plContext)
-{
- PKIX_UInt32 numCerts = 0;
- PKIX_UInt32 numAnchors = 0;
- PKIX_UInt32 i = 0;
- PKIX_UInt32 certIndex = 0;
- PKIX_UInt32 anchorIndex = 0;
- PKIX_UInt32 checkerIndex = 0;
- PKIX_UInt32 reasonCode = 0;
- PKIX_Boolean revChecking = PKIX_FALSE;
- PKIX_List *certs = NULL;
- PKIX_List *anchors = NULL;
- PKIX_List *checkers = NULL;
- PKIX_List *userCheckers = NULL;
- PKIX_List *validateCheckedCritExtOIDsList = NULL;
- PKIX_TrustAnchor *anchor = NULL;
- PKIX_ValidateResult *valResult = NULL;
- PKIX_PL_PublicKey *finalPubKey = NULL;
- PKIX_PolicyNode *validPolicyTree = NULL;
- PKIX_ProcessingParams *procParams = NULL;
- PKIX_RevocationChecker *revChecker = NULL;
- PKIX_Error *chainFailed = NULL;
- void *nbioContext = NULL;
-
- PKIX_ENTER(VALIDATE, "PKIX_ValidateChain_NB");
- PKIX_NULLCHECK_FOUR
- (valParams, pCertIndex, pAnchorIndex, pCheckerIndex);
- PKIX_NULLCHECK_FOUR(pRevChecking, pCheckers, pNBIOContext, pResult);
-
- nbioContext = *pNBIOContext;
- *pNBIOContext = NULL;
-
- /* extract various parameters from valParams */
- PKIX_CHECK(pkix_ExtractParameters
- (valParams,
- &certs,
- &numCerts,
- &procParams,
- &anchors,
- &numAnchors,
- plContext),
- PKIX_EXTRACTPARAMETERSFAILED);
-
- /*
- * Create a List of the OIDs that will be processed by the user
- * checkers. User checkers are not responsible for removing OIDs from
- * the List of unresolved critical extensions, as libpkix checkers are.
- * So we add those user checkers' OIDs to the removal list to be taken
- * out by CheckChain.
- */
- PKIX_CHECK(PKIX_ProcessingParams_GetCertChainCheckers
- (procParams, &userCheckers, plContext),
- PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED);
-
- PKIX_CHECK(pkix_Validate_BuildUserOIDs
- (userCheckers, &validateCheckedCritExtOIDsList, plContext),
- PKIX_VALIDATEBUILDUSEROIDSFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_GetRevocationChecker
- (procParams, &revChecker, plContext),
- PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED);
-
- /* Are we resuming after a WOULDBLOCK return, or starting anew ? */
- if (nbioContext != NULL) {
- /* Resuming */
- certIndex = *pCertIndex;
- anchorIndex = *pAnchorIndex;
- checkerIndex = *pCheckerIndex;
- revChecking = *pRevChecking;
- checkers = *pCheckers;
- *pCheckers = NULL;
- }
-
- /* try to validate the chain with each anchor */
- for (i = anchorIndex; i < numAnchors; i++) {
-
- /* get trust anchor */
- PKIX_CHECK(PKIX_List_GetItem
- (anchors, i, (PKIX_PL_Object **)&anchor, plContext),
- PKIX_LISTGETITEMFAILED);
-
- /* initialize checkers using information from trust anchor */
- if (nbioContext == NULL) {
- PKIX_CHECK(pkix_InitializeCheckers
- (anchor,
- procParams,
- numCerts,
- &checkers,
- plContext),
- PKIX_INITIALIZECHECKERSFAILED);
- }
-
- /*
- * Validate the chain using this trust anchor and these
- * checkers.
- */
- chainFailed = pkix_CheckChain
- (certs,
- numCerts,
- anchor,
- checkers,
- revChecker,
- validateCheckedCritExtOIDsList,
- procParams,
- &certIndex,
- &checkerIndex,
- &revChecking,
- &reasonCode,
- &nbioContext,
- &finalPubKey,
- &validPolicyTree,
- pVerifyTree,
- plContext);
-
- if (nbioContext != NULL) {
- *pCertIndex = certIndex;
- *pAnchorIndex = anchorIndex;
- *pCheckerIndex = checkerIndex;
- *pRevChecking = revChecking;
- PKIX_INCREF(checkers);
- *pCheckers = checkers;
- *pNBIOContext = nbioContext;
- goto cleanup;
- }
-
- if (chainFailed || (reasonCode != 0)) {
-
- /* cert chain failed to validate */
-
- PKIX_DECREF(chainFailed);
- PKIX_DECREF(anchor);
- PKIX_DECREF(checkers);
- PKIX_DECREF(validPolicyTree);
-
- /* if last anchor, we fail; else, we try next anchor */
- if (i == (numAnchors - 1)) { /* last anchor */
- PKIX_ERROR(PKIX_VALIDATECHAINFAILED);
- }
-
- } else {
-
- /* cert chain successfully validated! */
- PKIX_CHECK(pkix_ValidateResult_Create
- (finalPubKey,
- anchor,
- validPolicyTree,
- &valResult,
- plContext),
- PKIX_VALIDATERESULTCREATEFAILED);
-
- *pResult = valResult;
-
- /* no need to try any more anchors in the loop */
- goto cleanup;
- }
- }
-
-cleanup:
-
- PKIX_DECREF(finalPubKey);
- PKIX_DECREF(certs);
- PKIX_DECREF(anchors);
- PKIX_DECREF(anchor);
- PKIX_DECREF(checkers);
- PKIX_DECREF(revChecker);
- PKIX_DECREF(validPolicyTree);
- PKIX_DECREF(chainFailed);
- PKIX_DECREF(procParams);
- PKIX_DECREF(userCheckers);
- PKIX_DECREF(validateCheckedCritExtOIDsList);
-
- PKIX_RETURN(VALIDATE);
-}
diff --git a/security/nss/lib/libpkix/pkix/top/pkix_validate.h b/security/nss/lib/libpkix/pkix/top/pkix_validate.h
deleted file mode 100755
index f76e667b4..000000000
--- a/security/nss/lib/libpkix/pkix/top/pkix_validate.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_validate.h
- *
- * Header file for validateChain function
- *
- */
-
-#ifndef _PKIX_VALIDATE_H
-#define _PKIX_VALIDATE_H
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-PKIX_Error *
-pkix_CheckChain(
- PKIX_List *certs,
- PKIX_UInt32 numCerts,
- PKIX_TrustAnchor *anchor,
- PKIX_List *checkers,
- PKIX_RevocationChecker *revChecker,
- PKIX_List *buildCheckedExtOIDs,
- PKIX_ProcessingParams *procParams,
- PKIX_UInt32 *pCertCheckedIndex,
- PKIX_UInt32 *pCheckerIndex,
- PKIX_Boolean *pRevChecking,
- PKIX_UInt32 *pReasonCode,
- void **pNBIOContext,
- PKIX_PL_PublicKey **pFinalSubjPubKey,
- PKIX_PolicyNode **pPolicyTree,
- PKIX_VerifyNode **pVerifyTree,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_VALIDATE_H */
diff --git a/security/nss/lib/libpkix/pkix/util/Makefile b/security/nss/lib/libpkix/pkix/util/Makefile
deleted file mode 100755
index a06b8bed4..000000000
--- a/security/nss/lib/libpkix/pkix/util/Makefile
+++ /dev/null
@@ -1,81 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
diff --git a/security/nss/lib/libpkix/pkix/util/config.mk b/security/nss/lib/libpkix/pkix/util/config.mk
deleted file mode 100755
index 6f3fb7b4b..000000000
--- a/security/nss/lib/libpkix/pkix/util/config.mk
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/libpkix/pkix/util/manifest.mn b/security/nss/lib/libpkix/pkix/util/manifest.mn
deleted file mode 100755
index 8776310b4..000000000
--- a/security/nss/lib/libpkix/pkix/util/manifest.mn
+++ /dev/null
@@ -1,63 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../../../..
-
-EXPORTS = \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- pkix_tools.h \
- pkix_error.h \
- pkix_logger.h \
- pkix_list.h \
- $(NULL)
-
-MODULE = nss
-
-CSRCS = \
- pkix_tools.c \
- pkix_error.c \
- pkix_logger.c \
- pkix_list.c \
- pkix_errpaths.c \
- $(NULL)
-
-REQUIRES = dbm
-
-LIBRARY_NAME = pkixutil
-
diff --git a/security/nss/lib/libpkix/pkix/util/pkix_error.c b/security/nss/lib/libpkix/pkix/util/pkix_error.c
deleted file mode 100755
index 77e399e28..000000000
--- a/security/nss/lib/libpkix/pkix/util/pkix_error.c
+++ /dev/null
@@ -1,598 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_error.c
- *
- * Error Object Functions
- *
- */
-
-#include "pkix_error.h"
-
-#undef PKIX_ERRORENTRY
-
-#define PKIX_ERRORENTRY(name,desc,nsserr) #desc
-
-#if defined PKIX_ERROR_DESCRIPTION
-
-const char * const PKIX_ErrorText[] =
-{
-#include "pkix_errorstrings.h"
-};
-
-#else
-
-#include "prprf.h"
-
-#endif /* PKIX_ERROR_DESCRIPTION */
-
-extern const int PKIX_PLErrorIndex[];
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_Error_Equals
- * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_Error_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_Error *firstError = NULL;
- PKIX_Error *secondError = NULL;
- PKIX_Error *firstCause = NULL;
- PKIX_Error *secondCause = NULL;
- PKIX_PL_Object *firstInfo = NULL;
- PKIX_PL_Object *secondInfo = NULL;
- PKIX_ERRORCLASS firstClass, secondClass;
- PKIX_UInt32 secondType;
- PKIX_Boolean boolResult, unequalFlag;
-
- PKIX_ENTER(ERROR, "pkix_Error_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- unequalFlag = PKIX_FALSE;
-
- /* First just compare pointer values to save time */
- if (firstObject == secondObject) {
- *pResult = PKIX_TRUE;
- goto cleanup;
- } else {
- /* Result will only be set to true if all tests pass */
- *pResult = PKIX_FALSE;
- }
-
- PKIX_CHECK(pkix_CheckType(firstObject, PKIX_ERROR_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTANERROROBJECT);
-
- PKIX_CHECK(PKIX_PL_Object_GetType
- (secondObject, &secondType, plContext),
- PKIX_ERRORGETTINGSECONDOBJECTTYPE);
-
- /* If types differ, then return false. Result is already set */
- if (secondType != PKIX_ERROR_TYPE) goto cleanup;
-
- /* It is safe to cast to PKIX_Error */
- firstError = (PKIX_Error *) firstObject;
- secondError = (PKIX_Error *) secondObject;
-
- /* Compare error codes */
- firstClass = firstError->errClass;
- secondClass = secondError->errClass;
-
- /* If codes differ, return false. Result is already set */
- if (firstClass != secondClass) goto cleanup;
-
- /* Compare causes */
- firstCause = firstError->cause;
- secondCause = secondError->cause;
-
- /* Ensure that either both or none of the causes are NULL */
- if (((firstCause != NULL) && (secondCause == NULL))||
- ((firstCause == NULL) && (secondCause != NULL)))
- unequalFlag = PKIX_TRUE;
-
- if ((firstCause != NULL) && (secondCause != NULL)) {
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object*)firstCause,
- (PKIX_PL_Object*)secondCause,
- &boolResult,
- plContext),
- PKIX_ERRORINRECURSIVEEQUALSCALL);
-
- /* Set the unequalFlag so that we return after dec refing */
- if (boolResult == 0) unequalFlag = PKIX_TRUE;
- }
-
- /* If the cause errors are not equal, return null */
- if (unequalFlag) goto cleanup;
-
- /* Compare info fields */
- firstInfo = firstError->info;
- secondInfo = secondError->info;
-
- if (firstInfo != secondInfo) goto cleanup;
-
- /* Ensure that either both or none of the infos are NULL */
- if (((firstInfo != NULL) && (secondInfo == NULL))||
- ((firstInfo == NULL) && (secondInfo != NULL)))
- unequalFlag = PKIX_TRUE;
-
- if ((firstInfo != NULL) && (secondInfo != NULL)) {
-
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object*)firstInfo,
- (PKIX_PL_Object*)secondInfo,
- &boolResult,
- plContext),
- PKIX_ERRORINRECURSIVEEQUALSCALL);
-
- /* Set the unequalFlag so that we return after dec refing */
- if (boolResult == 0) unequalFlag = PKIX_TRUE;
- }
-
- /* If the infos are not equal, return null */
- if (unequalFlag) goto cleanup;
-
-
- /* Compare descs */
- if (firstError->errCode != secondError->errCode) {
- unequalFlag = PKIX_TRUE;
- }
-
- if (firstError->plErr != secondError->plErr) {
- unequalFlag = PKIX_TRUE;
- }
-
- /* If the unequalFlag was set, return false */
- if (unequalFlag) goto cleanup;
-
- /* Errors are equal in all fields at this point */
- *pResult = PKIX_TRUE;
-
-cleanup:
-
- PKIX_RETURN(ERROR);
-}
-
-/*
- * FUNCTION: pkix_Error_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_Error_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_Error *error = NULL;
-
- PKIX_ENTER(ERROR, "pkix_Error_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_ERROR_TYPE, plContext),
- PKIX_OBJECTNOTANERROR);
-
- error = (PKIX_Error *)object;
-
- PKIX_DECREF(error->cause);
-
- PKIX_DECREF(error->info);
-
-cleanup:
-
- PKIX_RETURN(ERROR);
-}
-
-
-/* XXX This is not thread safe */
-static PKIX_UInt32 pkix_error_cause_depth = 1;
-
-/*
- * FUNCTION: pkix_Error_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_Error_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_Error *error = NULL;
- PKIX_Error *cause = NULL;
- PKIX_PL_String *desc = NULL;
- PKIX_PL_String *formatString = NULL;
- PKIX_PL_String *causeString = NULL;
- PKIX_PL_String *optCauseString = NULL;
- PKIX_PL_String *errorNameString = NULL;
- char *format = NULL;
- PKIX_ERRORCLASS errClass;
-
- PKIX_ENTER(ERROR, "pkix_Error_ToString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_ERROR_TYPE, plContext),
- PKIX_OBJECTNOTANERROR);
-
- error = (PKIX_Error *)object;
-
- /* Get this error's errClass, description and the string of its cause */
- errClass = error->errClass;
-
- /* Get the description string */
- PKIX_Error_GetDescription(error, &desc, plContext);
-
- /* Get the cause */
- cause = error->cause;
-
- /* Get the causes's description string */
- if (cause != NULL) {
- pkix_error_cause_depth++;
-
- /* Get the cause string */
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)cause, &causeString, plContext),
- PKIX_ERRORGETTINGCAUSESTRING);
-
- format = "\n*** Cause (%d): %s";
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- format,
- 0,
- &formatString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- /* Create the optional Cause String */
- PKIX_CHECK(PKIX_PL_Sprintf
- (&optCauseString,
- plContext,
- formatString,
- pkix_error_cause_depth,
- causeString),
- PKIX_SPRINTFFAILED);
-
- PKIX_DECREF(formatString);
-
- pkix_error_cause_depth--;
- }
-
- /* Create the Format String */
- if (optCauseString != NULL) {
- format = "*** %s Error- %s%s";
- } else {
- format = "*** %s Error- %s";
- }
-
- /* Ensure that error errClass is known, otherwise default to Object */
- if (errClass >= PKIX_NUMERRORCLASSES) {
- errClass = 0;
- }
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- (void *)PKIX_ERRORCLASSNAMES[errClass],
- 0,
- &errorNameString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- format,
- 0,
- &formatString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- /* Create the output String */
- PKIX_CHECK(PKIX_PL_Sprintf
- (pString,
- plContext,
- formatString,
- errorNameString,
- desc,
- optCauseString),
- PKIX_SPRINTFFAILED);
-
-cleanup:
-
- PKIX_DECREF(desc);
- PKIX_DECREF(causeString);
- PKIX_DECREF(formatString);
- PKIX_DECREF(optCauseString);
- PKIX_DECREF(errorNameString);
-
- PKIX_RETURN(ERROR);
-}
-
-/*
- * FUNCTION: pkix_Error_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_Error_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pResult,
- void *plContext)
-{
- PKIX_ENTER(ERROR, "pkix_Error_Hashcode");
- PKIX_NULLCHECK_TWO(object, pResult);
-
- /* XXX Unimplemented */
- /* XXX Need to make hashcodes equal when two errors are equal */
- *pResult = (PKIX_UInt32)object;
-
- PKIX_RETURN(ERROR);
-}
-
-/* --Initializers------------------------------------------------- */
-
-/*
- * PKIX_ERRORCLASSNAMES is an array of strings, with each string holding a
- * descriptive name for an error errClass. This is used by the default
- * PKIX_PL_Error_ToString function.
- *
- * Note: PKIX_ERRORCLASSES is defined in pkixt.h as a list of error types.
- * (More precisely, as a list of invocations of ERRMACRO(type).) The
- * macro is expanded in pkixt.h to define error numbers, and here to
- * provide corresponding strings. For example, since the fifth ERRMACRO
- * entry is MUTEX, then PKIX_MUTEX_ERROR is defined in pkixt.h as 4, and
- * PKIX_ERRORCLASSNAMES[4] is initialized here with the value "MUTEX".
- */
-#undef ERRMACRO
-#define ERRMACRO(type) #type
-
-const char *
-PKIX_ERRORCLASSNAMES[PKIX_NUMERRORCLASSES] =
-{
- PKIX_ERRORCLASSES
-};
-
-/*
- * FUNCTION: pkix_Error_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_ERROR_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_Error_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(ERROR, "pkix_Error_RegisterSelf");
-
- entry.description = "Error";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_Error);
- entry.destructor = pkix_Error_Destroy;
- entry.equalsFunction = pkix_Error_Equals;
- entry.hashcodeFunction = pkix_Error_Hashcode;
- entry.toStringFunction = pkix_Error_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
-
- systemClasses[PKIX_ERROR_TYPE] = entry;
-
- PKIX_RETURN(ERROR);
-}
-
-/* --Public-Functions--------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_Error_Create (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_Error_Create(
- PKIX_ERRORCLASS errClass,
- PKIX_Error *cause,
- PKIX_PL_Object *info,
- PKIX_ERRORCODE errCode,
- PKIX_Error **pError,
- void *plContext)
-{
- PKIX_Error *tempCause = NULL;
- PKIX_Error *error = NULL;
-
- PKIX_ENTER(ERROR, "PKIX_Error_Create");
-
- PKIX_NULLCHECK_ONE(pError);
-
- /*
- * when called here, if PKIX_PL_Object_Alloc returns an error,
- * it must be a PKIX_ALLOC_ERROR
- */
- pkixErrorResult = PKIX_PL_Object_Alloc
- (PKIX_ERROR_TYPE,
- ((PKIX_UInt32)(sizeof (PKIX_Error))),
- (PKIX_PL_Object **)&error,
- plContext);
-
- if (pkixErrorResult) return (pkixErrorResult);
-
- error->errClass = errClass;
-
- /* Ensure we don't have a loop. Follow causes until NULL */
- for (tempCause = cause;
- tempCause != NULL;
- tempCause = tempCause->cause) {
- /* If we detect a loop, throw a new error */
- if (tempCause == error) {
- PKIX_ERROR(PKIX_LOOPOFERRORCAUSEDETECTED);
- }
- }
-
- PKIX_INCREF(cause);
- error->cause = cause;
-
- PKIX_INCREF(info);
- error->info = info;
-
- error->errCode = errCode;
-
- error->plErr = PKIX_PLErrorIndex[error->errCode];
-
- *pError = error;
- error = NULL;
-
-cleanup:
- /* PKIX-XXX Fix for leak during error creation */
- PKIX_DECREF(error);
-
- PKIX_RETURN(ERROR);
-}
-
-/*
- * FUNCTION: PKIX_Error_GetErrorClass (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_Error_GetErrorClass(
- PKIX_Error *error,
- PKIX_ERRORCLASS *pClass,
- void *plContext)
-{
- PKIX_ENTER(ERROR, "PKIX_Error_GetErrorClass");
- PKIX_NULLCHECK_TWO(error, pClass);
-
- *pClass = error->errClass;
-
- PKIX_RETURN(ERROR);
-}
-
-/*
- * FUNCTION: PKIX_Error_GetErrorCode (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_Error_GetErrorCode(
- PKIX_Error *error,
- PKIX_ERRORCODE *pCode,
- void *plContext)
-{
- PKIX_ENTER(ERROR, "PKIX_Error_GetErrorCode");
- PKIX_NULLCHECK_TWO(error, pCode);
-
- *pCode = error->errCode;
-
- PKIX_RETURN(ERROR);
-}
-
-/*
- * FUNCTION: PKIX_Error_GetCause (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_Error_GetCause(
- PKIX_Error *error,
- PKIX_Error **pCause,
- void *plContext)
-{
- PKIX_ENTER(ERROR, "PKIX_Error_GetCause");
- PKIX_NULLCHECK_TWO(error, pCause);
-
- if (error->cause != PKIX_ALLOC_ERROR()){
- PKIX_INCREF(error->cause);
- }
-
- *pCause = error->cause;
-
-cleanup:
- PKIX_RETURN(ERROR);
-}
-
-/*
- * FUNCTION: PKIX_Error_GetSupplementaryInfo (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_Error_GetSupplementaryInfo(
- PKIX_Error *error,
- PKIX_PL_Object **pInfo,
- void *plContext)
-{
- PKIX_ENTER(ERROR, "PKIX_Error_GetSupplementaryInfo");
- PKIX_NULLCHECK_TWO(error, pInfo);
-
- PKIX_INCREF(error->info);
-
- *pInfo = error->info;
-
-cleanup:
- PKIX_RETURN(ERROR);
-}
-
-/*
- * FUNCTION: PKIX_Error_GetDescription (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_Error_GetDescription(
- PKIX_Error *error,
- PKIX_PL_String **pDesc,
- void *plContext)
-{
- PKIX_PL_String *descString = NULL;
-#ifndef PKIX_ERROR_DESCRIPTION
- char errorStr[32];
-#endif
-
- PKIX_ENTER(ERROR, "PKIX_Error_GetDescription");
- PKIX_NULLCHECK_TWO(error, pDesc);
-
-#ifndef PKIX_ERROR_DESCRIPTION
- PR_snprintf(errorStr, 32, "Error code: %d", error->errCode);
-#endif
-
- PKIX_PL_String_Create(PKIX_ESCASCII,
-#if defined PKIX_ERROR_DESCRIPTION
- (void *)PKIX_ErrorText[error->errCode],
-#else
- errorStr,
-#endif
- 0,
- &descString,
- plContext);
-
- *pDesc = descString;
-
- PKIX_RETURN(ERROR);
-}
diff --git a/security/nss/lib/libpkix/pkix/util/pkix_error.h b/security/nss/lib/libpkix/pkix/util/pkix_error.h
deleted file mode 100755
index bfda7cf85..000000000
--- a/security/nss/lib/libpkix/pkix/util/pkix_error.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_error.h
- *
- * Error Object Type Definition
- *
- */
-
-#ifndef _PKIX_ERROR_H
-#define _PKIX_ERROR_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_ErrorStruct {
- PKIX_ERRORCODE errCode;
- PKIX_ERRORCLASS errClass; /* was formerly "code" */
- PKIX_UInt32 plErr;
- PKIX_Error *cause;
- PKIX_PL_Object *info;
-};
-
-/* see source file for function documentation */
-
-extern PKIX_Error * pkix_Error_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_ERROR_H */
diff --git a/security/nss/lib/libpkix/pkix/util/pkix_errpaths.c b/security/nss/lib/libpkix/pkix/util/pkix_errpaths.c
deleted file mode 100644
index 56bb759a4..000000000
--- a/security/nss/lib/libpkix/pkix/util/pkix_errpaths.c
+++ /dev/null
@@ -1,136 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_errpaths.c
- *
- * Error Handling Helper Functions
- *
- */
-
-#define PKIX_STDVARS_POINTER
-#include "pkix_error.h"
-
-const PKIX_StdVars zeroStdVars;
-
-PKIX_Error*
-PKIX_DoThrow(PKIX_StdVars * stdVars, PKIX_ERRORCLASS errClass,
- PKIX_ERRORCODE errCode, PKIX_ERRORCLASS overrideClass,
- void *plContext)
-{
- if (!pkixErrorReceived && !pkixErrorResult && pkixErrorList) {
- pkixTempResult = PKIX_List_GetItem(pkixErrorList, 0,
- (PKIX_PL_Object**)&pkixReturnResult,
- plContext);
- } else {
- pkixTempResult = (PKIX_Error*)pkix_Throw(errClass, myFuncName, errCode,
- overrideClass, pkixErrorResult,
- &pkixReturnResult, plContext);
- }
- if (pkixReturnResult) {
- if (pkixErrorResult != PKIX_ALLOC_ERROR()) {
- PKIX_DECREF(pkixErrorResult);
- }
- pkixTempResult = pkixReturnResult;
- } else if (pkixErrorResult) {
- if (pkixTempResult != PKIX_ALLOC_ERROR()) {
- PKIX_DECREF(pkixTempResult);
- }
- pkixTempResult = pkixErrorResult;
- }
- if (pkixErrorList) {
- PKIX_PL_Object_DecRef((PKIX_PL_Object*)pkixErrorList, plContext);
- pkixErrorList = NULL;
- }
- return pkixTempResult;
-}
-
-PKIX_Error *
-PKIX_DoReturn(PKIX_StdVars * stdVars, PKIX_ERRORCLASS errClass,
- PKIX_Boolean doLogger, void *plContext)
-{
- PKIX_OBJECT_UNLOCK(lockedObject);
- if (pkixErrorReceived || pkixErrorResult || pkixErrorList)
- return PKIX_DoThrow(stdVars, errClass, pkixErrorCode, pkixErrorClass,
- plContext);
- /* PKIX_DEBUG_EXIT(type); */
- if (doLogger)
- _PKIX_DEBUG_TRACE(pkixLoggersDebugTrace, "<<<", PKIX_LOGGER_LEVEL_TRACE);
- return NULL;
-}
-
-/* PKIX_DoAddError - creates the list of received error if it does not exist
- * yet and adds newly received error into the list. */
-void
-PKIX_DoAddError(PKIX_StdVars *stdVars, PKIX_Error *error, void * plContext)
-{
- PKIX_List *localList = NULL;
- PKIX_Error *localError = NULL;
- PKIX_Boolean listCreated = PKIX_FALSE;
-
- if (!pkixErrorList) {
- localError = PKIX_List_Create(&localList, plContext);
- if (localError)
- goto cleanup;
- listCreated = PKIX_TRUE;
- } else {
- localList = pkixErrorList;
- }
-
- localError = PKIX_List_AppendItem(localList, (PKIX_PL_Object*)error,
- plContext);
- PORT_Assert (localError == NULL);
- if (localError != NULL) {
- if (listCreated) {
- /* ignore the error code of DecRef function */
- PKIX_PL_Object_DecRef((PKIX_PL_Object*)localList, plContext);
- localList = NULL;
- }
- } else {
- pkixErrorList = localList;
- }
-
-cleanup:
-
- if (localError && localError != PKIX_ALLOC_ERROR()) {
- PKIX_PL_Object_DecRef((PKIX_PL_Object*)localError, plContext);
- }
-
- if (error && error != PKIX_ALLOC_ERROR()) {
- PKIX_PL_Object_DecRef((PKIX_PL_Object*)error, plContext);
- }
-}
-
diff --git a/security/nss/lib/libpkix/pkix/util/pkix_list.c b/security/nss/lib/libpkix/pkix/util/pkix_list.c
deleted file mode 100755
index 52aaf7d62..000000000
--- a/security/nss/lib/libpkix/pkix/util/pkix_list.c
+++ /dev/null
@@ -1,1734 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_list.c
- *
- * List Object Functions
- *
- */
-
-#include "pkix_list.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_List_Create_Internal
- * DESCRIPTION:
- *
- * Creates a new List, using the Boolean value of "isHeader" to determine
- * whether the new List should be a header, and stores it at "pList". The
- * List is initially empty and holds no items. To initially add items to
- * the List, use PKIX_List_AppendItem.
- *
- * PARAMETERS:
- * "isHeader"
- * Boolean value indicating whether new List should be a header.
- * "pList"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_List_Create_Internal(
- PKIX_Boolean isHeader,
- PKIX_List **pList,
- void *plContext)
-{
- PKIX_List *list = NULL;
-
- PKIX_ENTER(LIST, "pkix_List_Create_Internal");
- PKIX_NULLCHECK_ONE(pList);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_LIST_TYPE,
- ((PKIX_UInt32)(sizeof (PKIX_List))),
- (PKIX_PL_Object **)&list, plContext),
- PKIX_ERRORCREATINGLISTITEM);
-
- list->item = NULL;
- list->next = NULL;
- list->immutable = PKIX_FALSE;
- list->length = 0;
- list->isHeader = isHeader;
-
- *pList = list;
-
-cleanup:
-
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: pkix_List_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_List_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_List *list = NULL;
- PKIX_List *nextItem = NULL;
-
- PKIX_ENTER(LIST, "pkix_List_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- /* Check that this object is a list */
- PKIX_CHECK(pkix_CheckType(object, PKIX_LIST_TYPE, plContext),
- PKIX_OBJECTNOTLIST);
-
- list = (PKIX_List *)object;
-
- /* We have a valid list. DecRef its item and recurse on next */
- PKIX_DECREF(list->item);
- while (nextItem = list->next) {
- list->next = nextItem->next;
- nextItem->next = NULL;
- PKIX_DECREF(nextItem);
- }
- list->immutable = PKIX_FALSE;
- list->length = 0;
- list->isHeader = PKIX_FALSE;
-
-cleanup:
-
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: pkix_List_ToString_Helper
- * DESCRIPTION:
- *
- * Helper function that creates a string representation of the List pointed
- * to by "list" and stores its address in the object pointed to by "pString".
- *
- * PARAMETERS
- * "list"
- * Address of List whose string representation is desired.
- * Must be non-NULL.
- * "pString"
- * Address of object pointer's destination. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a List Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_List_ToString_Helper(
- PKIX_List *list,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_String *itemString = NULL;
- PKIX_PL_String *nextString = NULL;
- PKIX_PL_String *format = NULL;
- PKIX_Boolean empty;
-
- PKIX_ENTER(LIST, "pkix_List_ToString_Helper");
- PKIX_NULLCHECK_TWO(list, pString);
-
- /* special case when list is the header */
- if (list->isHeader){
-
- PKIX_CHECK(PKIX_List_IsEmpty(list, &empty, plContext),
- PKIX_LISTISEMPTYFAILED);
-
- if (empty){
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- "EMPTY",
- 0,
- &itemString,
- plContext),
- PKIX_ERRORCREATINGITEMSTRING);
- (*pString) = itemString;
- PKIX_DEBUG_EXIT(LIST);
- return (NULL);
- } else {
- PKIX_CHECK(pkix_List_ToString_Helper
- (list->next, &itemString, plContext),
- PKIX_LISTTOSTRINGHELPERFAILED);
- }
-
- /* Create a string object from the format */
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, "%s", 0, &format, plContext),
- PKIX_STRINGCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (pString, plContext, format, itemString),
- PKIX_SPRINTFFAILED);
- } else {
- /* Get a string for this list's item */
- if (list->item == NULL) {
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- "(null)",
- 0,
- &itemString,
- plContext),
- PKIX_STRINGCREATEFAILED);
- } else {
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object*)list->item,
- &itemString,
- plContext),
- PKIX_OBJECTTOSTRINGFAILED);
- }
- if (list->next == NULL) {
- /* Just return the itemstring */
- (*pString) = itemString;
- PKIX_DEBUG_EXIT(LIST);
- return (NULL);
- }
-
- /* Recursive call to get string for this list's next pointer */
- PKIX_CHECK(pkix_List_ToString_Helper
- (list->next, &nextString, plContext),
- PKIX_LISTTOSTRINGHELPERFAILED);
-
- /* Create a string object from the format */
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- "%s, %s",
- 0,
- &format,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (pString,
- plContext,
- format,
- itemString,
- nextString),
- PKIX_SPRINTFFAILED);
- }
-
-cleanup:
-
- PKIX_DECREF(itemString);
- PKIX_DECREF(nextString);
- PKIX_DECREF(format);
-
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: pkix_List_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_List_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_List *list = NULL;
- PKIX_PL_String *listString = NULL;
- PKIX_PL_String *format = NULL;
-
- PKIX_ENTER(LIST, "pkix_List_ToString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_LIST_TYPE, plContext),
- PKIX_OBJECTNOTLIST);
-
- list = (PKIX_List *)object;
-
- if (!list->isHeader){
- PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
- }
-
- PKIX_CHECK(pkix_List_ToString_Helper(list, &listString, plContext),
- PKIX_LISTTOSTRINGHELPERFAILED);
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, "(%s)", 0, &format, plContext),
- PKIX_STRINGCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf(pString, plContext, format, listString),
- PKIX_SPRINTFFAILED);
-
-cleanup:
-
- PKIX_DECREF(listString);
- PKIX_DECREF(format);
-
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: pkix_List_Equals
- * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_List_Equals(
- PKIX_PL_Object *first,
- PKIX_PL_Object *second,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_UInt32 secondType;
- PKIX_Boolean cmpResult;
- PKIX_List *firstList = NULL;
- PKIX_List *secondList = NULL;
- PKIX_UInt32 firstLength = 0;
- PKIX_UInt32 secondLength = 0;
- PKIX_PL_Object *firstItem = NULL;
- PKIX_PL_Object *secondItem = NULL;
- PKIX_UInt32 i = 0;
-
- PKIX_ENTER(LIST, "pkix_List_Equals");
- PKIX_NULLCHECK_THREE(first, second, pResult);
-
- /* test that first is a List */
- PKIX_CHECK(pkix_CheckType(first, PKIX_LIST_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTLIST);
-
- /*
- * Since we know first is a List, if both references are
- * identical, they must be equal
- */
- if (first == second){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If second isn't a List, we don't throw an error.
- * We simply return a Boolean result of FALSE
- */
- *pResult = PKIX_FALSE;
- PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
- if (secondType != PKIX_LIST_TYPE) goto cleanup;
-
- firstList = (PKIX_List *)first;
- secondList = (PKIX_List *)second;
-
- if ((!firstList->isHeader) && (!secondList->isHeader)){
- PKIX_ERROR(PKIX_INPUTLISTSMUSTBELISTHEADERS);
- }
-
- firstLength = firstList->length;
- secondLength = secondList->length;
-
- cmpResult = PKIX_FALSE;
- if (firstLength == secondLength){
- for (i = 0, cmpResult = PKIX_TRUE;
- ((i < firstLength) && cmpResult);
- i++){
- PKIX_CHECK(PKIX_List_GetItem
- (firstList, i, &firstItem, plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(PKIX_List_GetItem
- (secondList, i, &secondItem, plContext),
- PKIX_LISTGETITEMFAILED);
-
- if ((!firstItem && secondItem) ||
- (firstItem && !secondItem)){
- cmpResult = PKIX_FALSE;
- } else if (!firstItem && !secondItem){
- continue;
- } else {
- PKIX_CHECK(PKIX_PL_Object_Equals
- (firstItem,
- secondItem,
- &cmpResult,
- plContext),
- PKIX_OBJECTEQUALSFAILED);
-
- PKIX_DECREF(firstItem);
- PKIX_DECREF(secondItem);
- }
- }
- }
-
- *pResult = cmpResult;
-
-cleanup:
-
- PKIX_DECREF(firstItem);
- PKIX_DECREF(secondItem);
-
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: pkix_List_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_List_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_List *list = NULL;
- PKIX_PL_Object *element = NULL;
- PKIX_UInt32 hash = 0;
- PKIX_UInt32 tempHash = 0;
- PKIX_UInt32 length, i;
-
- PKIX_ENTER(LIST, "pkix_List_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_LIST_TYPE, plContext),
- PKIX_OBJECTNOTLIST);
-
- list = (PKIX_List *)object;
-
- if (!list->isHeader){
- PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
- }
-
- length = list->length;
-
- for (i = 0; i < length; i++){
- PKIX_CHECK(PKIX_List_GetItem(list, i, &element, plContext),
- PKIX_LISTGETITEMFAILED);
-
- if (!element){
- tempHash = 100;
- } else {
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- (element, &tempHash, plContext),
- PKIX_LISTHASHCODEFAILED);
- }
-
- hash = 31 * hash + tempHash;
-
- PKIX_DECREF(element);
- }
-
- *pHashcode = hash;
-
-cleanup:
-
- PKIX_DECREF(element);
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: pkix_List_Duplicate
- * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_List_Duplicate(
- PKIX_PL_Object *object,
- PKIX_PL_Object **pNewObject,
- void *plContext)
-{
- PKIX_List *list = NULL;
- PKIX_List *listDuplicate = NULL;
-
- PKIX_ENTER(LIST, "pkix_List_Duplicate");
- PKIX_NULLCHECK_TWO(object, pNewObject);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_LIST_TYPE, plContext),
- PKIX_OBJECTNOTLIST);
-
- list = (PKIX_List *)object;
-
- if (list->immutable){
- PKIX_CHECK(pkix_duplicateImmutable
- (object, pNewObject, plContext),
- PKIX_DUPLICATEIMMUTABLEFAILED);
- } else {
-
- PKIX_CHECK(pkix_List_Create_Internal
- (list->isHeader, &listDuplicate, plContext),
- PKIX_LISTCREATEINTERNALFAILED);
-
- listDuplicate->length = list->length;
-
- PKIX_INCREF(list->item);
- listDuplicate->item = list->item;
-
- if (list->next == NULL){
- listDuplicate->next = NULL;
- } else {
- /* Recursively Duplicate list */
- PKIX_CHECK(pkix_List_Duplicate
- ((PKIX_PL_Object *)list->next,
- (PKIX_PL_Object **)&listDuplicate->next,
- plContext),
- PKIX_LISTDUPLICATEFAILED);
- }
-
- *pNewObject = (PKIX_PL_Object *)listDuplicate;
- }
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(listDuplicate);
- }
-
- PKIX_RETURN(LIST);
-}
-
-
-/*
- * FUNCTION: pkix_List_GetElement
- * DESCRIPTION:
- *
- * Copies the "list"'s element at "index" into "element". The input List must
- * be the header of the List (as opposed to being an element of the List). The
- * index counts from zero and must be less than the List's length. This
- * function does NOT increment the reference count of the List element since
- * the returned element's reference will not be stored by the calling
- * function.
- *
- * PARAMETERS:
- * "list"
- * Address of List (must be header) to get element from. Must be non-NULL.
- * "index"
- * Index of list to get element from. Must be less than List's length.
- * "pElement"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_List_GetElement(
- PKIX_List *list,
- PKIX_UInt32 index,
- PKIX_List **pElement,
- void *plContext)
-{
- PKIX_List *iterator = NULL;
- PKIX_UInt32 length;
- PKIX_UInt32 position = 0;
-
- PKIX_ENTER(LIST, "pkix_List_GetElement");
- PKIX_NULLCHECK_TWO(list, pElement);
-
- if (!list->isHeader){
- PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
- }
-
- length = list->length;
-
- if (index >= length) {
- PKIX_ERROR(PKIX_INDEXOUTOFBOUNDS);
- }
-
- for (iterator = list; position++ <= index; iterator = iterator->next)
- ;
-
- (*pElement) = iterator;
-
-cleanup:
-
- PKIX_RETURN(LIST);
-}
-
-
-/*
- * FUNCTION: pkix_List_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_LIST_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_List_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(LIST, "pkix_List_RegisterSelf");
-
- entry.description = "List";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_List);
- entry.destructor = pkix_List_Destroy;
- entry.equalsFunction = pkix_List_Equals;
- entry.hashcodeFunction = pkix_List_Hashcode;
- entry.toStringFunction = pkix_List_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_List_Duplicate;
-
- systemClasses[PKIX_LIST_TYPE] = entry;
-
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: pkix_List_Contains
- * DESCRIPTION:
- *
- * Checks a List pointed to by "list", to determine whether it includes
- * an entry that is equal to the Object pointed to by "object", and stores
- * the result in "pFound".
- *
- * PARAMETERS:
- * "list"
- * List to be searched; may be empty; must be non-NULL
- * "object"
- * Object to be checked for; must be non-NULL
- * "pFound"
- * Address where the result of the search will be stored. Must
- * be non-NULL
- * "plContext"
- * platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-PKIX_Error *
-pkix_List_Contains(
- PKIX_List *list,
- PKIX_PL_Object *object,
- PKIX_Boolean *pFound,
- void *plContext)
-{
- PKIX_PL_Object *current = NULL;
- PKIX_UInt32 numEntries = 0;
- PKIX_UInt32 index = 0;
- PKIX_Boolean match = PKIX_FALSE;
-
- PKIX_ENTER(LIST, "pkix_List_Contains");
- PKIX_NULLCHECK_THREE(list, object, pFound);
-
- PKIX_CHECK(PKIX_List_GetLength(list, &numEntries, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (index = 0; index < numEntries; index++) {
- PKIX_CHECK(PKIX_List_GetItem
- (list, index, &current, plContext),
- PKIX_LISTGETITEMFAILED);
-
- if (current) {
- PKIX_CHECK(PKIX_PL_Object_Equals
- (object, current, &match, plContext),
- PKIX_OBJECTEQUALSFAILED);
-
- PKIX_DECREF(current);
- }
-
- if (match) {
- break;
- }
- }
-
- *pFound = match;
-
-cleanup:
-
- PKIX_DECREF(current);
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: pkix_List_Remove
- * DESCRIPTION:
- *
- * Traverses the List pointed to by "list", to find and delete an entry
- * that is equal to the Object pointed to by "object". If no such entry
- * is found the function does not return an error.
- *
- * PARAMETERS:
- * "list"
- * List to be searched; may be empty; must be non-NULL
- * "object"
- * Object to be checked for and deleted, if found; must be non-NULL
- * "plContext"
- * platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a Validate Error if the functions fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-PKIX_Error *
-pkix_List_Remove(
- PKIX_List *list,
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_Object *current = NULL;
- PKIX_UInt32 numEntries = 0;
- PKIX_UInt32 index = 0;
- PKIX_Boolean match = PKIX_FALSE;
-
- PKIX_ENTER(LIST, "pkix_List_Remove");
- PKIX_NULLCHECK_TWO(list, object);
-
- PKIX_CHECK(PKIX_List_GetLength(list, &numEntries, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (index = 0; index < numEntries; index++) {
- PKIX_CHECK(PKIX_List_GetItem
- (list, index, &current, plContext),
- PKIX_LISTGETITEMFAILED);
-
- if (current) {
- PKIX_CHECK(PKIX_PL_Object_Equals
- (object, current, &match, plContext),
- PKIX_OBJECTEQUALSFAILED);
-
- PKIX_DECREF(current);
- }
-
- if (match) {
- PKIX_CHECK(PKIX_List_DeleteItem
- (list, index, plContext),
- PKIX_LISTDELETEITEMFAILED);
- break;
- }
- }
-
-cleanup:
-
- PKIX_DECREF(current);
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: pkix_List_RemoveItems
- * DESCRIPTION:
- *
- * Traverses the List pointed to by "list", to find and delete an entry
- * that is equal to the Object in the "deleteList". If no such entry
- * is found the function does not return an error.
- *
- * PARAMETERS:
- * "list"
- * Object in "list" is checked for object in "deleteList" and deleted if
- * found; may be empty; must be non-NULL
- * "deleteList"
- * List of objects to be searched ; may be empty; must be non-NULL
- * "plContext"
- * platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a Validate Error if the functions fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-PKIX_Error *
-pkix_List_RemoveItems(
- PKIX_List *list,
- PKIX_List *deleteList,
- void *plContext)
-{
- PKIX_PL_Object *current = NULL;
- PKIX_UInt32 numEntries = 0;
- PKIX_UInt32 index = 0;
-
- PKIX_ENTER(LIST, "pkix_List_RemoveItems");
- PKIX_NULLCHECK_TWO(list, deleteList);
-
- PKIX_CHECK(PKIX_List_GetLength(deleteList, &numEntries, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (index = 0; index < numEntries; index++) {
- PKIX_CHECK(PKIX_List_GetItem
- (deleteList, index, &current, plContext),
- PKIX_LISTGETITEMFAILED);
-
- if (current) {
- PKIX_CHECK(pkix_List_Remove
- (list, current, plContext),
- PKIX_OBJECTEQUALSFAILED);
-
- PKIX_DECREF(current);
- }
- }
-
-cleanup:
-
- PKIX_DECREF(current);
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: pkix_List_MergeLists
- * DESCRIPTION:
- *
- * Creates a new list consisting of the items from "firstList", followed by
- * the items on "secondList", returns the new list at "pMergedList". If
- * both input lists are NULL or empty, the result is an empty list. If an error
- * occurs, the result is NULL.
- *
- * PARAMETERS:
- * "firstList"
- * Address of list to be merged from. May be NULL or empty.
- * "secondList"
- * Address of list to be merged from. May be NULL or empty.
- * "pMergedList"
- * Address where returned object is stored.
- * "plContext"
- * platform-specific context pointer * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a List Error if the functions fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-PKIX_Error *
-pkix_List_MergeLists(
- PKIX_List *firstList,
- PKIX_List *secondList,
- PKIX_List **pMergedList,
- void *plContext)
-{
- PKIX_List *list = NULL;
- PKIX_PL_Object *item = NULL;
- PKIX_UInt32 numItems = 0;
- PKIX_UInt32 i;
-
- PKIX_ENTER(LIST, "pkix_List_MergeLists");
- PKIX_NULLCHECK_ONE(pMergedList);
-
- *pMergedList = NULL;
-
- PKIX_CHECK(PKIX_List_Create(&list, plContext),
- PKIX_LISTCREATEFAILED);
-
- if (firstList != NULL) {
-
- PKIX_CHECK(PKIX_List_GetLength(firstList, &numItems, plContext),
- PKIX_LISTGETLENGTHFAILED);
- }
-
- for (i = 0; i < numItems; i++) {
-
- PKIX_CHECK(PKIX_List_GetItem(firstList, i, &item, plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem(list, item, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_DECREF(item);
- }
-
- numItems = 0;
- if (secondList != NULL) {
-
- PKIX_CHECK(PKIX_List_GetLength
- (secondList,
- &numItems,
- plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- }
-
- for (i = 0; i < numItems; i++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (secondList, i, &item, plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (list, item, plContext), PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_DECREF(item);
- }
-
- *pMergedList = list;
- list = NULL;
-
-cleanup:
- PKIX_DECREF(list);
- PKIX_DECREF(item);
-
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: pkix_List_AppendList
- * DESCRIPTION:
- *
- * Append items on "fromList" to the "toList". Item reference count on
- * "toList" is not incremented, but items appended from "fromList" are
- * incremented.
- *
- * PARAMETERS:
- * "toList"
- * Address of list to be appended to. Must be non-NULL.
- * "fromList"
- * Address of list to be appended from. May be NULL or empty.
- * "plContext"
- * platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a List Error if the functions fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-PKIX_Error *
-pkix_List_AppendList(
- PKIX_List *toList,
- PKIX_List *fromList,
- void *plContext)
-{
- PKIX_PL_Object *item = NULL;
- PKIX_UInt32 numItems = 0;
- PKIX_UInt32 i;
-
- PKIX_ENTER(LIST, "pkix_List_AppendList");
- PKIX_NULLCHECK_ONE(toList);
-
- /* if fromList is NULL or is an empty list, no action */
-
- if (fromList == NULL) {
- goto cleanup;
- }
-
- PKIX_CHECK(PKIX_List_GetLength(fromList, &numItems, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- if (numItems == 0) {
- goto cleanup;
- }
-
- for (i = 0; i < numItems; i++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (fromList, i, &item, plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem(toList, item, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_DECREF(item);
- }
-
-cleanup:
-
- PKIX_DECREF(item);
-
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: pkix_List_AppendUnique
- * DESCRIPTION:
- *
- * Adds each Object in the List pointed to by "fromList" to the List pointed
- * to by "toList", if it is not already a member of that List. In other words,
- * "toList" becomes the union of the two sets.
- *
- * PARAMETERS:
- * "toList"
- * Address of a List of Objects to be augmented by "fromList". Must be
- * non-NULL, but may be empty.
- * "fromList"
- * Address of a List of Objects to be added, if not already present, to
- * "toList". Must be non-NULL, but may be empty.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "toList"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-PKIX_Error *
-pkix_List_AppendUnique(
- PKIX_List *toList,
- PKIX_List *fromList,
- void *plContext)
-{
- PKIX_Boolean isContained = PKIX_FALSE;
- PKIX_UInt32 listLen = 0;
- PKIX_UInt32 listIx = 0;
- PKIX_PL_Object *object = NULL;
-
- PKIX_ENTER(BUILD, "pkix_List_AppendUnique");
- PKIX_NULLCHECK_TWO(fromList, toList);
-
- PKIX_CHECK(PKIX_List_GetLength(fromList, &listLen, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (listIx = 0; listIx < listLen; listIx++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (fromList, listIx, &object, plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_List_Contains
- (toList, object, &isContained, plContext),
- PKIX_LISTCONTAINSFAILED);
-
- if (isContained == PKIX_FALSE) {
- PKIX_CHECK(PKIX_List_AppendItem
- (toList, object, plContext),
- PKIX_LISTAPPENDITEMFAILED);
- }
-
- PKIX_DECREF(object);
- }
-
-cleanup:
-
- PKIX_DECREF(object);
-
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: pkix_List_QuickSort
- * DESCRIPTION:
- *
- * Sorts List of Objects "fromList" using "comparatorCallback"'s result as
- * comasrison key and returns the sorted List at "pSortedList". The sorting
- * algorithm used is quick sort (n*logn).
- *
- * PARAMETERS:
- * "fromList"
- * Address of a List of Objects to be sorted. Must be non-NULL, but may be
- * empty.
- * "comparatorCallback"
- * Address of callback function that will compare two Objects on the List.
- * It should return -1 for less, 0 for equal and 1 for greater. The
- * callback implementation chooses what in Objects to be compared. Must be
- * non-NULL.
- * "pSortedList"
- * Address of a List of Objects that shall be sorted and returned. Must be
- * non-NULL, but may be empty.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "toList"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-PKIX_Error *
-pkix_List_QuickSort(
- PKIX_List *fromList,
- PKIX_List_SortComparatorCallback comparator,
- PKIX_List **pSortedList,
- void *plContext)
-{
- PKIX_List *sortedList = NULL;
- PKIX_List *lessList = NULL;
- PKIX_List *greaterList = NULL;
- PKIX_List *sortedLessList = NULL;
- PKIX_List *sortedGreaterList = NULL;
- PKIX_PL_Object *object = NULL;
- PKIX_PL_Object *cmpObj = NULL;
- PKIX_Int32 cmpResult = 0;
- PKIX_UInt32 size = 0;
- PKIX_UInt32 i;
-
- PKIX_ENTER(BUILD, "pkix_List_QuickSort");
- PKIX_NULLCHECK_THREE(fromList, comparator, pSortedList);
-
- PKIX_CHECK(PKIX_List_GetLength(fromList, &size, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- PKIX_CHECK(PKIX_List_Create(&lessList, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_Create(&greaterList, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_GetItem
- (fromList, 0, &object, plContext),
- PKIX_LISTGETITEMFAILED);
-
- /*
- * Pick the first item on the list as the one to be compared.
- * Separate rest of the itmes into two lists: less-than or greater-
- * than lists. Sort those two lists recursively. Insert sorted
- * less-than list before the picked item and append the greater-
- * than list after the picked item.
- */
- for (i = 1; i < size; i++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (fromList, i, &cmpObj, plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(comparator(object, cmpObj, &cmpResult, plContext),
- PKIX_COMPARATORCALLBACKFAILED);
-
- if (cmpResult >= 0) {
- PKIX_CHECK(PKIX_List_AppendItem
- (lessList, cmpObj, plContext),
- PKIX_LISTAPPENDITEMFAILED);
- } else {
- PKIX_CHECK(PKIX_List_AppendItem
- (greaterList, cmpObj, plContext),
- PKIX_LISTAPPENDITEMFAILED);
- }
- PKIX_DECREF(cmpObj);
- }
-
- PKIX_CHECK(PKIX_List_Create(&sortedList, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength(lessList, &size, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- if (size > 1) {
-
- PKIX_CHECK(pkix_List_QuickSort
- (lessList, comparator, &sortedLessList, plContext),
- PKIX_LISTQUICKSORTFAILED);
-
- PKIX_CHECK(pkix_List_AppendList
- (sortedList, sortedLessList, plContext),
- PKIX_LISTAPPENDLISTFAILED);
- } else {
- PKIX_CHECK(pkix_List_AppendList
- (sortedList, lessList, plContext),
- PKIX_LISTAPPENDLISTFAILED);
- }
-
- PKIX_CHECK(PKIX_List_AppendItem(sortedList, object, plContext),
- PKIX_LISTAPPENDFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength(greaterList, &size, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- if (size > 1) {
-
- PKIX_CHECK(pkix_List_QuickSort
- (greaterList, comparator, &sortedGreaterList, plContext),
- PKIX_LISTQUICKSORTFAILED);
-
- PKIX_CHECK(pkix_List_AppendList
- (sortedList, sortedGreaterList, plContext),
- PKIX_LISTAPPENDLISTFAILED);
- } else {
- PKIX_CHECK(pkix_List_AppendList
- (sortedList, greaterList, plContext),
- PKIX_LISTAPPENDLISTFAILED);
- }
-
- *pSortedList = sortedList;
-
-cleanup:
-
- PKIX_DECREF(cmpObj);
- PKIX_DECREF(object);
- PKIX_DECREF(sortedGreaterList);
- PKIX_DECREF(sortedLessList);
- PKIX_DECREF(greaterList);
- PKIX_DECREF(lessList);
-
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: pkix_List_BubbleSort
- * DESCRIPTION:
- *
- * Sorts List of Objects "fromList" using "comparatorCallback"'s result as
- * comasrison key and returns the sorted List at "pSortedList". The sorting
- * algorithm used is bubble sort (n*n).
- *
- * PARAMETERS:
- * "fromList"
- * Address of a List of Objects to be sorted. Must be non-NULL, but may be
- * empty.
- * "comparatorCallback"
- * Address of callback function that will compare two Objects on the List.
- * It should return -1 for less, 0 for equal and 1 for greater. The
- * callback implementation chooses what in Objects to be compared. Must be
- * non-NULL.
- * "pSortedList"
- * Address of a List of Objects that shall be sorted and returned. Must be
- * non-NULL, but may be empty.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "toList"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-PKIX_Error *
-pkix_List_BubbleSort(
- PKIX_List *fromList,
- PKIX_List_SortComparatorCallback comparator,
- PKIX_List **pSortedList,
- void *plContext)
-{
- PKIX_List *sortedList = NULL;
- PKIX_PL_Object *cmpObj = NULL;
- PKIX_PL_Object *leastObj = NULL;
- PKIX_Int32 cmpResult = 0;
- PKIX_UInt32 size = 0;
- PKIX_UInt32 i, j;
-
- PKIX_ENTER(BUILD, "pkix_List_BubbleSort");
- PKIX_NULLCHECK_THREE(fromList, comparator, pSortedList);
-
- if (fromList->immutable) {
- PKIX_ERROR(PKIX_CANNOTSORTIMMUTABLELIST);
- }
- PKIX_CHECK(pkix_List_Duplicate
- ((PKIX_PL_Object *) fromList,
- (PKIX_PL_Object **) &sortedList,
- plContext),
- PKIX_LISTDUPLICATEFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength(sortedList, &size, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- if (size > 1) {
-
- /*
- * Move from the first of the item on the list, For each iteration,
- * compare and swap the least value to the head of the comparisoning
- * sub-list.
- */
- for (i = 0; i < size - 1; i++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (sortedList, i, &leastObj, plContext),
- PKIX_LISTGETITEMFAILED);
-
- for (j = i + 1; j < size; j++) {
- PKIX_CHECK(PKIX_List_GetItem
- (sortedList, j, &cmpObj, plContext),
- PKIX_LISTGETITEMFAILED);
- PKIX_CHECK(comparator
- (leastObj, cmpObj, &cmpResult, plContext),
- PKIX_COMPARATORCALLBACKFAILED);
- if (cmpResult > 0) {
- PKIX_CHECK(PKIX_List_SetItem
- (sortedList, j, leastObj, plContext),
- PKIX_LISTSETITEMFAILED);
-
- PKIX_DECREF(leastObj);
- leastObj = cmpObj;
- cmpObj = NULL;
- } else {
- PKIX_DECREF(cmpObj);
- }
- }
- PKIX_CHECK(PKIX_List_SetItem
- (sortedList, i, leastObj, plContext),
- PKIX_LISTSETITEMFAILED);
-
- PKIX_DECREF(leastObj);
- }
-
- }
-
- *pSortedList = sortedList;
- sortedList = NULL;
-cleanup:
-
- PKIX_DECREF(sortedList);
- PKIX_DECREF(leastObj);
- PKIX_DECREF(cmpObj);
-
- PKIX_RETURN(LIST);
-}
-
-/* --Public-List-Functions--------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_List_Create (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_List_Create(
- PKIX_List **pList,
- void *plContext)
-{
- PKIX_List *list = NULL;
-
- PKIX_ENTER(LIST, "PKIX_List_Create");
- PKIX_NULLCHECK_ONE(pList);
-
- PKIX_CHECK(pkix_List_Create_Internal(PKIX_TRUE, &list, plContext),
- PKIX_LISTCREATEINTERNALFAILED);
-
- *pList = list;
-
-cleanup:
-
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: PKIX_List_SetImmutable (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_List_SetImmutable(
- PKIX_List *list,
- void *plContext)
-{
- PKIX_ENTER(LIST, "PKIX_List_SetImmutable");
- PKIX_NULLCHECK_ONE(list);
-
- if (!list->isHeader){
- PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
- }
-
- list->immutable = PKIX_TRUE;
-
-cleanup:
-
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: PKIX_List_IsImmutable (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_List_IsImmutable(
- PKIX_List *list,
- PKIX_Boolean *pImmutable,
- void *plContext)
-{
- PKIX_ENTER(LIST, "PKIX_List_IsImmutable");
- PKIX_NULLCHECK_TWO(list, pImmutable);
-
- if (!list->isHeader){
- PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
- }
-
- *pImmutable = list->immutable;
-
-cleanup:
-
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: PKIX_List_GetLength (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_List_GetLength(
- PKIX_List *list,
- PKIX_UInt32 *pLength,
- void *plContext)
-{
- PKIX_ENTER(LIST, "PKIX_List_GetLength");
- PKIX_NULLCHECK_TWO(list, pLength);
-
- if (!list->isHeader){
- PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
- }
-
- *pLength = list->length;
-
-cleanup:
-
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: PKIX_List_IsEmpty (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_List_IsEmpty(
- PKIX_List *list,
- PKIX_Boolean *pEmpty,
- void *plContext)
-{
- PKIX_UInt32 length;
-
- PKIX_ENTER(LIST, "PKIX_List_IsEmpty");
- PKIX_NULLCHECK_TWO(list, pEmpty);
-
- if (!list->isHeader){
- PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
- }
-
- length = list->length;
-
- if (length == 0){
- *pEmpty = PKIX_TRUE;
- } else {
- *pEmpty = PKIX_FALSE;
- }
-
-cleanup:
-
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: PKIX_List_AppendItem (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_List_AppendItem(
- PKIX_List *list,
- PKIX_PL_Object *item,
- void *plContext)
-{
- PKIX_List *lastElement = NULL;
- PKIX_List *newElement = NULL;
- PKIX_UInt32 length, i;
-
- PKIX_ENTER(LIST, "PKIX_List_AppendItem");
- PKIX_NULLCHECK_ONE(list);
-
- if (list->immutable){
- PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
- }
-
- if (!list->isHeader){
- PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
- }
-
- length = list->length;
-
- /* find last element of list and create new element there */
-
- lastElement = list;
- for (i = 0; i < length; i++){
- lastElement = lastElement->next;
- }
-
- PKIX_CHECK(pkix_List_Create_Internal
- (PKIX_FALSE, &newElement, plContext),
- PKIX_LISTCREATEINTERNALFAILED);
-
- PKIX_INCREF(item);
- newElement->item = item;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)list, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
- lastElement->next = newElement;
- newElement = NULL;
- list->length += 1;
-
-cleanup:
-
- PKIX_DECREF(newElement);
-
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: PKIX_List_InsertItem (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_List_InsertItem(
- PKIX_List *list,
- PKIX_UInt32 index,
- PKIX_PL_Object *item,
- void *plContext)
-{
- PKIX_List *element = NULL;
- PKIX_List *newElem = NULL;
-
- PKIX_ENTER(LIST, "PKIX_List_InsertItem");
- PKIX_NULLCHECK_ONE(list);
-
-
- if (list->immutable){
- PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
- }
-
- if (!list->isHeader){
- PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
- }
-
- /* Create a new list object */
- PKIX_CHECK(pkix_List_Create_Internal(PKIX_FALSE, &newElem, plContext),
- PKIX_LISTCREATEINTERNALFAILED);
-
- if (list->length) {
- PKIX_CHECK(pkix_List_GetElement(list, index, &element, plContext),
- PKIX_LISTGETELEMENTFAILED);
- /* Copy the old element's contents into the new element */
- newElem->item = element->item;
- /* Add new item to the list */
- PKIX_INCREF(item);
- element->item = item;
- /* Set the new element's next pointer to the old element's next */
- newElem->next = element->next;
- /* Set the old element's next pointer to the new element */
- element->next = newElem;
- newElem = NULL;
- } else {
- PKIX_INCREF(item);
- newElem->item = item;
- newElem->next = NULL;
- list->next = newElem;
- newElem = NULL;
- }
- list->length++;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)list, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-cleanup:
- PKIX_DECREF(newElem);
-
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: PKIX_List_GetItem (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_List_GetItem(
- PKIX_List *list,
- PKIX_UInt32 index,
- PKIX_PL_Object **pItem,
- void *plContext)
-{
- PKIX_List *element = NULL;
-
- PKIX_ENTER(LIST, "PKIX_List_GetItem");
- PKIX_NULLCHECK_TWO(list, pItem);
-
- if (!list->isHeader){
- PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
- }
-
- PKIX_CHECK(pkix_List_GetElement(list, index, &element, plContext),
- PKIX_LISTGETELEMENTFAILED);
-
- PKIX_INCREF(element->item);
- *pItem = element->item;
-
-cleanup:
-
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: PKIX_List_SetItem (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_List_SetItem(
- PKIX_List *list,
- PKIX_UInt32 index,
- PKIX_PL_Object *item,
- void *plContext)
-{
- PKIX_List *element;
-
- PKIX_ENTER(LIST, "PKIX_List_SetItem");
- PKIX_NULLCHECK_ONE(list);
-
- if (list->immutable){
- PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
- }
-
- if (!list->isHeader){
- PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
- }
-
- PKIX_CHECK(pkix_List_GetElement(list, index, &element, plContext),
- PKIX_LISTGETELEMENTFAILED);
-
- /* DecRef old contents */
- PKIX_DECREF(element->item);
-
- /* Set New Contents */
- PKIX_INCREF(item);
- element->item = item;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)list, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
-
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: PKIX_List_DeleteItem (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_List_DeleteItem(
- PKIX_List *list,
- PKIX_UInt32 index,
- void *plContext)
-{
- PKIX_List *element = NULL;
- PKIX_List *prevElement = NULL;
- PKIX_List *nextElement = NULL;
-
- PKIX_ENTER(LIST, "PKIX_List_DeleteItem");
- PKIX_NULLCHECK_ONE(list);
-
- if (list->immutable){
- PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
- }
-
- if (!list->isHeader){
- PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
- }
-
- PKIX_CHECK(pkix_List_GetElement(list, index, &element, plContext),
- PKIX_LISTGETELEMENTFAILED);
-
- /* DecRef old contents */
- PKIX_DECREF(element->item);
-
- nextElement = element->next;
-
- if (nextElement != NULL) {
- /* If the next element exists, splice it out. */
-
- /* Don't need to change ref counts for targets of next */
- element->item = nextElement->item;
- nextElement->item = NULL;
-
- /* Don't need to change ref counts for targets of next */
- element->next = nextElement->next;
- nextElement->next = NULL;
-
- PKIX_DECREF(nextElement);
-
- } else { /* The element is at the tail of the list */
- if (index != 0) {
- PKIX_CHECK(pkix_List_GetElement
- (list, index-1, &prevElement, plContext),
- PKIX_LISTGETELEMENTFAILED);
- } else if (index == 0){ /* prevElement must be header */
- prevElement = list;
- }
- prevElement->next = NULL;
-
- /* Delete the element */
- PKIX_DECREF(element);
- }
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)list, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
- list->length = list->length - 1;
-
-cleanup:
-
- PKIX_RETURN(LIST);
-}
-
-/*
- * FUNCTION: PKIX_List_ReverseList (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_List_ReverseList(
- PKIX_List *list,
- PKIX_List **pReversedList,
- void *plContext)
-{
- PKIX_List *reversedList = NULL;
- PKIX_PL_Object *item = NULL;
- PKIX_PL_Object *duplicateItem = NULL;
- PKIX_UInt32 length, i;
-
- PKIX_ENTER(LIST, "pkix_List_ReverseList");
- PKIX_NULLCHECK_TWO(list, pReversedList);
-
- if (!list->isHeader){
- PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
- }
-
- length = list->length;
-
- /* Create a new list object */
- PKIX_CHECK(PKIX_List_Create(&reversedList, plContext),
- PKIX_LISTCREATEINTERNALFAILED);
-
- /*
- * Starting with the last item and traversing backwards (from
- * the original list), append each item to the reversed list
- */
-
- for (i = 1; i <= length; i++){
- PKIX_CHECK(PKIX_List_GetItem
- (list, (length - i), &item, plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_Duplicate
- (item, &duplicateItem, plContext),
- PKIX_LISTDUPLICATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (reversedList, duplicateItem, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_DECREF(item);
- PKIX_DECREF(duplicateItem);
- }
-
- *pReversedList = reversedList;
-
-cleanup:
-
- PKIX_DECREF(item);
- PKIX_DECREF(duplicateItem);
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(reversedList);
- }
-
- PKIX_RETURN(LIST);
-}
diff --git a/security/nss/lib/libpkix/pkix/util/pkix_list.h b/security/nss/lib/libpkix/pkix/util/pkix_list.h
deleted file mode 100755
index d283743d1..000000000
--- a/security/nss/lib/libpkix/pkix/util/pkix_list.h
+++ /dev/null
@@ -1,128 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_list.h
- *
- * List Object Type Definition
- *
- */
-
-#ifndef _PKIX_LIST_H
-#define _PKIX_LIST_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef PKIX_Error *
-(*PKIX_List_SortComparatorCallback)(
- PKIX_PL_Object *obj1,
- PKIX_PL_Object *obj2,
- PKIX_Int32 *pResult,
- void *plContext);
-
-struct PKIX_ListStruct {
- PKIX_PL_Object *item;
- PKIX_List *next;
- PKIX_Boolean immutable;
- PKIX_UInt32 length;
- PKIX_Boolean isHeader;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_List_RegisterSelf(void *plContext);
-
-PKIX_Error *
-pkix_List_Contains(
- PKIX_List *list,
- PKIX_PL_Object *object,
- PKIX_Boolean *pFound,
- void *plContext);
-
-PKIX_Error *
-pkix_List_Remove(
- PKIX_List *list,
- PKIX_PL_Object *target,
- void *plContext);
-
-PKIX_Error *
-pkix_List_MergeLists(
- PKIX_List *firstList,
- PKIX_List *secondList,
- PKIX_List **pMergedList,
- void *plContext);
-
-PKIX_Error *
-pkix_List_AppendList(
- PKIX_List *toList,
- PKIX_List *fromList,
- void *plContext);
-
-PKIX_Error *
-pkix_List_AppendUnique(
- PKIX_List *toList,
- PKIX_List *fromList,
- void *plContext);
-
-PKIX_Error *
-pkix_List_RemoveItems(
- PKIX_List *list,
- PKIX_List *deleteList,
- void *plContext);
-
-PKIX_Error *
-pkix_List_QuickSort(
- PKIX_List *fromList,
- PKIX_List_SortComparatorCallback comparator,
- PKIX_List **pSortedList,
- void *plContext);
-
-PKIX_Error *
-pkix_List_BubbleSort(
- PKIX_List *fromList,
- PKIX_List_SortComparatorCallback comparator,
- PKIX_List **pSortedList,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_LIST_H */
diff --git a/security/nss/lib/libpkix/pkix/util/pkix_logger.c b/security/nss/lib/libpkix/pkix/util/pkix_logger.c
deleted file mode 100644
index 6a3a95b3c..000000000
--- a/security/nss/lib/libpkix/pkix/util/pkix_logger.c
+++ /dev/null
@@ -1,1121 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_logger.c
- *
- * Logger Object Functions
- *
- */
-
-#include "pkix_logger.h"
-#ifndef PKIX_ERROR_DESCRIPTION
-#include "prprf.h"
-#endif
-
-/* Global variable to keep PKIX_Logger List */
-PKIX_List *pkixLoggers = NULL;
-
-/*
- * Once the Logger has been set, for any logging related operations, we have
- * to go through the List to find a match, and if found, issue the
- * corresponding callback. The overhead to check for DEBUG and TRACE in each
- * PKIX function entering and exiting is very expensive (400X), and redundant
- * if they are not the interest of the Logger. Therefore, the PKIX_Logger List
- * pkixLoggers is separated into two lists based on its Loggers' trace level.
- *
- * Whenever the pkixLoggers List is updated by PKIX_Logger_AddLogger() or
- * PKIX_Logger_SetLoggers(), we destroy and reconstruct pkixLoggersErrors
- * and pkixLoggersDebugTrace Logger Lists. The ERROR, FATAL_ERROR and
- * WARNING goes to pkixLoggersErrors and the DEBUG and TRACE goes to
- * pkixLoggersDebugTrace.
- *
- * Currently we provide five logging levels and the default setting are by:
- *
- * PKIX_FATAL_ERROR() macro invokes pkix_Logger_Check of FATAL_ERROR level
- * PKIX_ERROR() macro invokes pkix_Logger_Check of ERROR level
- * WARNING is not invoked as default
- * PKIX_DEBUG() macro invokes pkix_Logger_Check of DEBUG level. This needs
- * compilation -DPKIX_<component>DEBUG flag to turn on
- * PKIX_ENTER() and PKIX_RETURN() macros invoke pkix_Logger_Check of TRACE
- * level. TRACE provides duplicate information of DEBUG, but needs no
- * recompilation and cannot choose component. To allow application
- * to use DEBUG level, TRACE is put as last.
- *
- */
-PKIX_List *pkixLoggersErrors = NULL;
-PKIX_List *pkixLoggersDebugTrace = NULL;
-
-/* To ensure atomic update on pkixLoggers lists */
-PKIX_PL_MonitorLock *pkixLoggerLock = NULL;
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_Logger_CheckErrors
- * DESCRIPTION:
- *
- * This function goes through each PKIX_Logger at "pkixLoggersList" and
- * checks if "maxLevel" and "logComponent" satisfies what is specified in the
- * PKIX_Logger. If satisfies, it invokes the callback in PKIX_Logger and
- * passes a PKIX_PL_String that is the concatenation of "message" and
- * "message2" to the application for processing.
- * Since this call is inserted into a handful of PKIX macros, no macros are
- * applied in this function, to avoid infinite recursion.
- * If an error occurs, this call is aborted.
- *
- * PARAMETERS:
- * "pkixLoggersList"
- * A list of PKIX_Loggers to be examined for invoking callback. Must be
- * non-NULL.
- * "message"
- * Address of "message" to be logged. Must be non-NULL.
- * "message2"
- * Address of "message2" to be concatenated and logged. May be NULL.
- * "logComponent"
- * A PKIX_UInt32 that indicates the component the message is from.
- * "maxLevel"
- * A PKIX_UInt32 that represents the level of severity of the message.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a Fatal Error if the function fails in an unrecoverable way
- */
-PKIX_Error *
-pkix_Logger_Check(
- PKIX_List *pkixLoggersList,
- const char *message,
- const char *message2,
- PKIX_ERRORCLASS logComponent,
- PKIX_UInt32 currentLevel,
- void *plContext)
-{
- PKIX_Logger *logger = NULL;
- PKIX_List *savedPkixLoggersErrors = NULL;
- PKIX_List *savedPkixLoggersDebugTrace = NULL;
- PKIX_PL_String *formatString = NULL;
- PKIX_PL_String *messageString = NULL;
- PKIX_PL_String *message2String = NULL;
- PKIX_PL_String *msgString = NULL;
- PKIX_Error *error = NULL;
- PKIX_Boolean needLogging = PKIX_FALSE;
- PKIX_UInt32 i, length;
-
- /*
- * We cannot use any the PKIX_ macros here, since this function is
- * called from some of these macros. It can create infinite recursion.
- */
-
- if ((pkixLoggersList == NULL) || (message == NULL)) {
- return(NULL);
- }
-
- /*
- * Disable all subsequent loggings to avoid recursion. The result is
- * if other thread is calling this function at the same time, there
- * won't be any logging because the pkixLoggersErrors and
- * pkixLoggersDebugTrace are set to null.
- * It would be nice if we provide control per thread (e.g. make
- * plContext threadable) then we can avoid the recursion by setting
- * flag at plContext. Then other thread's logging won't be affected.
- *
- * Also we need to use a reentrant Lock. Although we avoid recursion
- * for TRACE. When there is an ERROR occurs in subsequent call, this
- * function will be called.
- */
-
- error = PKIX_PL_MonitorLock_Enter(pkixLoggerLock, plContext);
- if (error) { return(NULL); }
-
- savedPkixLoggersDebugTrace = pkixLoggersDebugTrace;
- pkixLoggersDebugTrace = NULL;
- savedPkixLoggersErrors = pkixLoggersErrors;
- pkixLoggersErrors = NULL;
-
- /* Convert message and message2 to String */
- error = PKIX_PL_String_Create
- (PKIX_ESCASCII, message, 0, &messageString, plContext);
- if (error) { goto cleanup; }
-
- if (message2) {
- error = PKIX_PL_String_Create
- (PKIX_ESCASCII, message2, 0, &message2String, plContext);
- if (error) { goto cleanup; }
- error = PKIX_PL_String_Create
- (PKIX_ESCASCII, "%s %s", 0, &formatString, plContext);
- if (error) { goto cleanup; }
-
- } else {
- error = PKIX_PL_String_Create
- (PKIX_ESCASCII, "%s", 0, &formatString, plContext);
- if (error) { goto cleanup; }
-
- }
-
- error = PKIX_PL_Sprintf
- (&msgString,
- plContext,
- formatString,
- messageString,
- message2String);
- if (error) { goto cleanup; }
-
- /* Go through the Logger list */
-
- error = PKIX_List_GetLength(pkixLoggersList, &length, plContext);
- if (error) { goto cleanup; }
-
- for (i = 0; i < length; i++) {
-
- error = PKIX_List_GetItem
- (pkixLoggersList,
- i,
- (PKIX_PL_Object **) &logger,
- plContext);
- if (error) { goto cleanup; }
-
- /* Intended logging level less or equal than the max */
- needLogging = (currentLevel <= logger->maxLevel);
-
- if (needLogging && (logger->callback)) {
-
- /*
- * We separate Logger into two lists based on log level
- * but log level is not modified. We need to check here to
- * avoid logging the higher log level (lower value) twice.
- */
- if (pkixLoggersList == pkixLoggersErrors) {
- needLogging = needLogging &&
- (currentLevel <= PKIX_LOGGER_LEVEL_WARNING);
- } else if (pkixLoggersList == pkixLoggersDebugTrace) {
- needLogging = needLogging &&
- (currentLevel > PKIX_LOGGER_LEVEL_WARNING);
- }
-
- if (needLogging) {
- if (logComponent == logger->logComponent) {
- needLogging = PKIX_TRUE;
- } else {
- needLogging = PKIX_FALSE;
- }
- }
-
- if (needLogging) {
- error = logger->callback
- (logger,
- msgString,
- currentLevel,
- logComponent,
- plContext);
- if (error) { goto cleanup; }
- }
- }
-
- error = PKIX_PL_Object_DecRef
- ((PKIX_PL_Object *)logger, plContext);
- logger = NULL;
- if (error) { goto cleanup; }
-
- }
-
-cleanup:
-
- if (formatString) {
- error = PKIX_PL_Object_DecRef
- ((PKIX_PL_Object *)formatString, plContext);
- }
-
- if (messageString) {
- error = PKIX_PL_Object_DecRef
- ((PKIX_PL_Object *)messageString, plContext);
- }
-
- if (message2String) {
- error = PKIX_PL_Object_DecRef
- ((PKIX_PL_Object *)message2String, plContext);
- }
-
- if (msgString) {
- error = PKIX_PL_Object_DecRef
- ((PKIX_PL_Object *)msgString, plContext);
- }
-
- if (logger) {
- error = PKIX_PL_Object_DecRef
- ((PKIX_PL_Object *)logger, plContext);
- }
-
- if (pkixLoggersErrors == NULL && savedPkixLoggersErrors != NULL) {
- pkixLoggersErrors = savedPkixLoggersErrors;
- }
-
- if (pkixLoggersDebugTrace == NULL &&
- savedPkixLoggersDebugTrace != NULL) {
- pkixLoggersDebugTrace = savedPkixLoggersDebugTrace;
- }
-
- error = PKIX_PL_MonitorLock_Exit(pkixLoggerLock, plContext);
- if (error) { return(NULL); }
-
- return(NULL);
-}
-
-PKIX_Error *
-pkix_Logger_CheckWithCode(
- PKIX_List *pkixLoggersList,
- PKIX_UInt32 errorCode,
- const char *message2,
- PKIX_ERRORCLASS logComponent,
- PKIX_UInt32 currentLevel,
- void *plContext)
-{
- char error[32];
- char *errorString = NULL;
-
- PKIX_ENTER(LOGGER, "pkix_Logger_CheckWithCode");
-#if defined PKIX_ERROR_DESCRIPTION
- errorString = PKIX_ErrorText[errorCode];
-#else
- PR_snprintf(error, 32, "Error code: %d", errorCode);
- errorString = error;
-#endif /* PKIX_ERROR_DESCRIPTION */
-
- pkixErrorResult = pkix_Logger_Check(pkixLoggersList, errorString,
- message2, logComponent,
- currentLevel, plContext);
- PKIX_RETURN(LOGGER);
-}
-
-/*
- * FUNCTION: pkix_Logger_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_Logger_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_Logger *logger = NULL;
-
- PKIX_ENTER(LOGGER, "pkix_Logger_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- /* Check that this object is a logger */
- PKIX_CHECK(pkix_CheckType(object, PKIX_LOGGER_TYPE, plContext),
- PKIX_OBJECTNOTLOGGER);
-
- logger = (PKIX_Logger *)object;
-
- /* We have a valid logger. DecRef its item and recurse on next */
-
- logger->callback = NULL;
- PKIX_DECREF(logger->context);
- logger->logComponent = (PKIX_ERRORCLASS)NULL;
-
-cleanup:
-
- PKIX_RETURN(LOGGER);
-}
-
-/*
- * FUNCTION: pkix_Logger_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_Logger_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_Logger *logger = NULL;
- char *asciiFormat = NULL;
- PKIX_PL_String *formatString = NULL;
- PKIX_PL_String *contextString = NULL;
- PKIX_PL_String *componentString = NULL;
- PKIX_PL_String *loggerString = NULL;
-
- PKIX_ENTER(LOGGER, "pkix_Logger_ToString_Helper");
- PKIX_NULLCHECK_TWO(object, pString);
-
- /* Check that this object is a logger */
- PKIX_CHECK(pkix_CheckType(object, PKIX_LOGGER_TYPE, plContext),
- PKIX_OBJECTNOTLOGGER);
-
- logger = (PKIX_Logger *)object;
-
- asciiFormat =
- "[\n"
- "\tLogger: \n"
- "\tContext: %s\n"
- "\tMaximum Level: %d\n"
- "\tComponent Name: %s\n"
- "]\n";
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- asciiFormat,
- 0,
- &formatString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- PKIX_TOSTRING(logger->context, &contextString, plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- (void *)PKIX_ERRORCLASSNAMES[logger->logComponent],
- 0,
- &componentString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&loggerString,
- plContext,
- formatString,
- contextString,
- logger->maxLevel,
- componentString),
- PKIX_SPRINTFFAILED);
-
- *pString = loggerString;
-
-cleanup:
-
- PKIX_DECREF(formatString);
- PKIX_DECREF(contextString);
- PKIX_RETURN(LOGGER);
-}
-
-/*
- * FUNCTION: pkix_Logger_Equals
- * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_Logger_Equals(
- PKIX_PL_Object *first,
- PKIX_PL_Object *second,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_UInt32 secondType;
- PKIX_Boolean cmpResult;
- PKIX_Logger *firstLogger = NULL;
- PKIX_Logger *secondLogger = NULL;
-
- PKIX_ENTER(LOGGER, "pkix_Logger_Equals");
- PKIX_NULLCHECK_THREE(first, second, pResult);
-
- /* test that first is a Logger */
- PKIX_CHECK(pkix_CheckType(first, PKIX_LOGGER_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTLOGGER);
-
- /*
- * Since we know first is a Logger, if both references are
- * identical, they must be equal
- */
- if (first == second){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If second isn't a Logger, we don't throw an error.
- * We simply return a Boolean result of FALSE
- */
- *pResult = PKIX_FALSE;
- PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
- if (secondType != PKIX_LOGGER_TYPE) goto cleanup;
-
- firstLogger = (PKIX_Logger *)first;
- secondLogger = (PKIX_Logger *)second;
-
- cmpResult = PKIX_FALSE;
-
- if (firstLogger->callback != secondLogger->callback) {
- goto cleanup;
- }
-
- if (firstLogger->logComponent != secondLogger->logComponent) {
- goto cleanup;
- }
-
- PKIX_EQUALS
- (firstLogger->context,
- secondLogger->context,
- &cmpResult,
- plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- if (cmpResult == PKIX_FALSE) {
- goto cleanup;
- }
-
- if (firstLogger->maxLevel != secondLogger->maxLevel) {
- goto cleanup;
- }
-
- *pResult = cmpResult;
-
-cleanup:
-
- PKIX_RETURN(LOGGER);
-}
-
-/*
- * FUNCTION: pkix_Logger_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_Logger_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_Logger *logger = NULL;
- PKIX_UInt32 hash = 0;
- PKIX_UInt32 tempHash = 0;
-
- PKIX_ENTER(LOGGER, "pkix_Logger_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_LOGGER_TYPE, plContext),
- PKIX_OBJECTNOTLOGGER);
-
- logger = (PKIX_Logger *)object;
-
- PKIX_HASHCODE(logger->context, &tempHash, plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- hash = (((((PKIX_UInt32) logger->callback + tempHash) << 7) +
- logger->maxLevel) << 7) + (PKIX_UInt32)logger->logComponent;
-
- *pHashcode = hash;
-
-cleanup:
-
- PKIX_RETURN(LOGGER);
-}
-
-
-/*
- * FUNCTION: pkix_Logger_Duplicate
- * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_Logger_Duplicate(
- PKIX_PL_Object *object,
- PKIX_PL_Object **pNewObject,
- void *plContext)
-{
- PKIX_Logger *logger = NULL;
- PKIX_Logger *dupLogger = NULL;
-
- PKIX_ENTER(LOGGER, "pkix_Logger_Duplicate");
- PKIX_NULLCHECK_TWO(object, pNewObject);
-
- PKIX_CHECK(pkix_CheckType
- ((PKIX_PL_Object *)object, PKIX_LOGGER_TYPE, plContext),
- PKIX_OBJECTNOTLOGGER);
-
- logger = (PKIX_Logger *) object;
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_LOGGER_TYPE,
- sizeof (PKIX_Logger),
- (PKIX_PL_Object **)&dupLogger,
- plContext),
- PKIX_COULDNOTCREATELOGGEROBJECT);
-
- dupLogger->callback = logger->callback;
- dupLogger->maxLevel = logger->maxLevel;
-
- PKIX_DUPLICATE
- (logger->context,
- &dupLogger->context,
- plContext,
- PKIX_OBJECTDUPLICATEFAILED);
-
- dupLogger->logComponent = logger->logComponent;
-
- *pNewObject = (PKIX_PL_Object *) dupLogger;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(dupLogger);
- }
-
- PKIX_RETURN(LOGGER);
-}
-
-/*
- * FUNCTION: pkix_Logger_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_LOGGER_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_Logger_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(LOGGER, "pkix_Logger_RegisterSelf");
-
- entry.description = "Logger";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_Logger);
- entry.destructor = pkix_Logger_Destroy;
- entry.equalsFunction = pkix_Logger_Equals;
- entry.hashcodeFunction = pkix_Logger_Hashcode;
- entry.toStringFunction = pkix_Logger_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_Logger_Duplicate;
-
- systemClasses[PKIX_LOGGER_TYPE] = entry;
-
- PKIX_RETURN(LOGGER);
-}
-
-/* --Public-Logger-Functions--------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_Logger_Create (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_Logger_Create(
- PKIX_Logger_LogCallback callback,
- PKIX_PL_Object *loggerContext,
- PKIX_Logger **pLogger,
- void *plContext)
-{
- PKIX_Logger *logger = NULL;
-
- PKIX_ENTER(LOGGER, "PKIX_Logger_Create");
- PKIX_NULLCHECK_ONE(pLogger);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_LOGGER_TYPE,
- sizeof (PKIX_Logger),
- (PKIX_PL_Object **)&logger,
- plContext),
- PKIX_COULDNOTCREATELOGGEROBJECT);
-
- logger->callback = callback;
- logger->maxLevel = 0;
- logger->logComponent = (PKIX_ERRORCLASS)NULL;
-
- PKIX_INCREF(loggerContext);
- logger->context = loggerContext;
-
- *pLogger = logger;
- logger = NULL;
-
-cleanup:
-
- PKIX_DECREF(logger);
-
- PKIX_RETURN(LOGGER);
-}
-
-/*
- * FUNCTION: PKIX_Logger_GetLogCallback (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_Logger_GetLogCallback(
- PKIX_Logger *logger,
- PKIX_Logger_LogCallback *pCallback,
- void *plContext)
-{
- PKIX_ENTER(LOGGER, "PKIX_Logger_GetLogCallback");
- PKIX_NULLCHECK_TWO(logger, pCallback);
-
- *pCallback = logger->callback;
-
- PKIX_RETURN(LOGGER);
-}
-
-/*
- * FUNCTION: PKIX_Logger_GetLoggerContext (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_Logger_GetLoggerContext(
- PKIX_Logger *logger,
- PKIX_PL_Object **pLoggerContext,
- void *plContext)
-{
- PKIX_ENTER(LOGGER, "PKIX_Logger_GetLoggerContex");
- PKIX_NULLCHECK_TWO(logger, pLoggerContext);
-
- PKIX_INCREF(logger->context);
- *pLoggerContext = logger->context;
-
-cleanup:
- PKIX_RETURN(LOGGER);
-}
-
-/*
- * FUNCTION: PKIX_Logger_GetMaxLoggingLevel (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_Logger_GetMaxLoggingLevel(
- PKIX_Logger *logger,
- PKIX_UInt32 *pLevel,
- void *plContext)
-{
- PKIX_ENTER(LOGGER, "PKIX_Logger_GetMaxLoggingLevel");
- PKIX_NULLCHECK_TWO(logger, pLevel);
-
- *pLevel = logger->maxLevel;
-
- PKIX_RETURN(LOGGER);
-}
-
-/*
- * FUNCTION: PKIX_Logger_SetMaxLoggingLevel (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_Logger_SetMaxLoggingLevel(
- PKIX_Logger *logger,
- PKIX_UInt32 level,
- void *plContext)
-{
- PKIX_ENTER(LOGGER, "PKIX_Logger_SetMaxLoggingLevel");
- PKIX_NULLCHECK_ONE(logger);
-
- if (level > PKIX_LOGGER_LEVEL_MAX) {
- PKIX_ERROR(PKIX_LOGGINGLEVELEXCEEDSMAXIMUM);
- } else {
- logger->maxLevel = level;
- }
-
-cleanup:
-
- PKIX_RETURN(LOGGER);
-}
-
-/*
- * FUNCTION: PKIX_Logger_GetLoggingComponent (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_Logger_GetLoggingComponent(
- PKIX_Logger *logger,
- PKIX_ERRORCLASS *pComponent,
- void *plContext)
-{
- PKIX_ENTER(LOGGER, "PKIX_Logger_GetLoggingComponent");
- PKIX_NULLCHECK_TWO(logger, pComponent);
-
- *pComponent = logger->logComponent;
-
- PKIX_RETURN(LOGGER);
-}
-
-/*
- * FUNCTION: PKIX_Logger_SetLoggingComponent (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_Logger_SetLoggingComponent(
- PKIX_Logger *logger,
- PKIX_ERRORCLASS component,
- void *plContext)
-{
- PKIX_ENTER(LOGGER, "PKIX_Logger_SetLoggingComponent");
- PKIX_NULLCHECK_ONE(logger);
-
- logger->logComponent = component;
-
- PKIX_RETURN(LOGGER);
-}
-
-
-/*
- * Following PKIX_GetLoggers(), PKIX_SetLoggers() and PKIX_AddLogger() are
- * documented as not thread-safe. However they are thread-safe now. We need
- * the lock when accessing the logger lists.
- */
-
-/*
- * FUNCTION: PKIX_Logger_GetLoggers (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_GetLoggers(
- PKIX_List **pLoggers, /* list of PKIX_Logger */
- void *plContext)
-{
- PKIX_List *list = NULL;
- PKIX_List *savedPkixLoggersDebugTrace = NULL;
- PKIX_List *savedPkixLoggersErrors = NULL;
- PKIX_Logger *logger = NULL;
- PKIX_Logger *dupLogger = NULL;
- PKIX_UInt32 i, length;
- PKIX_Boolean locked = PKIX_FALSE;
-
- PKIX_ENTER(LOGGER, "PKIX_Logger_GetLoggers");
- PKIX_NULLCHECK_ONE(pLoggers);
-
- PKIX_CHECK(PKIX_PL_MonitorLock_Enter(pkixLoggerLock, plContext),
- PKIX_MONITORLOCKENTERFAILED);
- locked = PKIX_TRUE;
-
- /*
- * Temporarily disable DEBUG/TRACE Logging to avoid possible
- * deadlock:
- * When the Logger List is being accessed, e.g. by PKIX_ENTER or
- * PKIX_DECREF, pkix_Logger_Check may check whether logging
- * is requested, creating a deadlock situation.
- */
- savedPkixLoggersDebugTrace = pkixLoggersDebugTrace;
- pkixLoggersDebugTrace = NULL;
- savedPkixLoggersErrors = pkixLoggersErrors;
- pkixLoggersErrors = NULL;
-
- if (pkixLoggers == NULL) {
- length = 0;
- } else {
- PKIX_CHECK(PKIX_List_GetLength
- (pkixLoggers, &length, plContext),
- PKIX_LISTGETLENGTHFAILED);
- }
-
- /* Create a list and copy the pkixLoggers item to the list */
- PKIX_CHECK(PKIX_List_Create(&list, plContext),
- PKIX_LISTCREATEFAILED);
-
- for (i = 0; i < length; i++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (pkixLoggers,
- i,
- (PKIX_PL_Object **) &logger,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_Logger_Duplicate
- ((PKIX_PL_Object *)logger,
- (PKIX_PL_Object **)&dupLogger,
- plContext),
- PKIX_LOGGERDUPLICATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (list,
- (PKIX_PL_Object *) dupLogger,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_DECREF(logger);
- PKIX_DECREF(dupLogger);
- }
-
- /* Set the list to be immutable */
- PKIX_CHECK(PKIX_List_SetImmutable(list, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- *pLoggers = list;
-
-cleanup:
-
- PKIX_DECREF(logger);
-
- /* Restore logging capability */
- pkixLoggersDebugTrace = savedPkixLoggersDebugTrace;
- pkixLoggersErrors = savedPkixLoggersErrors;
-
- if (locked) {
- PKIX_CHECK(PKIX_PL_MonitorLock_Exit(pkixLoggerLock, plContext),
- PKIX_MONITORLOCKEXITFAILED);
- }
-
- PKIX_RETURN(LOGGER);
-}
-
-/*
- * FUNCTION: PKIX_Logger_SetLoggers (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_SetLoggers(
- PKIX_List *loggers, /* list of PKIX_Logger */
- void *plContext)
-{
- PKIX_List *list = NULL;
- PKIX_List *savedPkixLoggersErrors = NULL;
- PKIX_List *savedPkixLoggersDebugTrace = NULL;
- PKIX_Logger *logger = NULL;
- PKIX_Logger *dupLogger = NULL;
- PKIX_Boolean locked = PKIX_FALSE;
- PKIX_UInt32 i, length;
-
- PKIX_ENTER(LOGGER, "PKIX_SetLoggers");
-
- PKIX_CHECK(PKIX_PL_MonitorLock_Enter(pkixLoggerLock, plContext),
- PKIX_MONITORLOCKENTERFAILED);
- locked = PKIX_TRUE;
-
- /* Disable tracing, etc. to avoid recursion and deadlock */
- savedPkixLoggersDebugTrace = pkixLoggersDebugTrace;
- pkixLoggersDebugTrace = NULL;
- savedPkixLoggersErrors = pkixLoggersErrors;
- pkixLoggersErrors = NULL;
-
- /* discard any prior loggers */
- PKIX_DECREF(pkixLoggers);
- PKIX_DECREF(savedPkixLoggersErrors);
- PKIX_DECREF(savedPkixLoggersDebugTrace);
-
- if (loggers != NULL) {
-
- PKIX_CHECK(PKIX_List_Create(&list, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength(loggers, &length, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (i = 0; i < length; i++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (loggers,
- i,
- (PKIX_PL_Object **) &logger,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_Logger_Duplicate
- ((PKIX_PL_Object *)logger,
- (PKIX_PL_Object **)&dupLogger,
- plContext),
- PKIX_LOGGERDUPLICATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (list,
- (PKIX_PL_Object *) dupLogger,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- /* Make two lists */
-
- /* Put in pkixLoggersErrors in any case*/
-
- if (savedPkixLoggersErrors == NULL) {
-
- PKIX_CHECK(PKIX_List_Create
- (&savedPkixLoggersErrors,
- plContext),
- PKIX_LISTCREATEFAILED);
- }
-
- PKIX_CHECK(PKIX_List_AppendItem
- (savedPkixLoggersErrors,
- (PKIX_PL_Object *) dupLogger,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- if (logger->maxLevel > PKIX_LOGGER_LEVEL_WARNING) {
-
- /* Put in pkixLoggersDebugTrace */
-
- if (savedPkixLoggersDebugTrace == NULL) {
-
- PKIX_CHECK(PKIX_List_Create
- (&savedPkixLoggersDebugTrace,
- plContext),
- PKIX_LISTCREATEFAILED);
- }
-
- PKIX_CHECK(PKIX_List_AppendItem
- (savedPkixLoggersDebugTrace,
- (PKIX_PL_Object *) dupLogger,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- }
- PKIX_DECREF(logger);
- PKIX_DECREF(dupLogger);
-
- }
-
- pkixLoggers = list;
- }
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(list);
- PKIX_DECREF(savedPkixLoggersErrors);
- PKIX_DECREF(savedPkixLoggersDebugTrace);
- pkixLoggers = NULL;
- }
-
- PKIX_DECREF(logger);
-
- /* Reenable logging capability with new lists */
- pkixLoggersErrors = savedPkixLoggersErrors;
- pkixLoggersDebugTrace = savedPkixLoggersDebugTrace;
-
- if (locked) {
- PKIX_CHECK(PKIX_PL_MonitorLock_Exit(pkixLoggerLock, plContext),
- PKIX_MONITORLOCKEXITFAILED);
- }
-
- PKIX_RETURN(LOGGER);
-}
-
-/*
- * FUNCTION: PKIX_Logger_AddLogger (see comments in pkix_util.h)
- */
-PKIX_Error *
-PKIX_AddLogger(
- PKIX_Logger *logger,
- void *plContext)
-{
- PKIX_Logger *dupLogger = NULL;
- PKIX_Logger *addLogger = NULL;
- PKIX_List *savedPkixLoggersErrors = NULL;
- PKIX_List *savedPkixLoggersDebugTrace = NULL;
- PKIX_Boolean locked = PKIX_FALSE;
- PKIX_UInt32 i, length;
-
- PKIX_ENTER(LOGGER, "PKIX_Logger_AddLogger");
- PKIX_NULLCHECK_ONE(logger);
-
- PKIX_CHECK(PKIX_PL_MonitorLock_Enter(pkixLoggerLock, plContext),
- PKIX_MONITORLOCKENTERFAILED);
- locked = PKIX_TRUE;
-
- savedPkixLoggersDebugTrace = pkixLoggersDebugTrace;
- pkixLoggersDebugTrace = NULL;
- savedPkixLoggersErrors = pkixLoggersErrors;
- pkixLoggersErrors = NULL;
-
- PKIX_DECREF(savedPkixLoggersErrors);
- PKIX_DECREF(savedPkixLoggersDebugTrace);
-
- if (pkixLoggers == NULL) {
-
- PKIX_CHECK(PKIX_List_Create(&pkixLoggers, plContext),
- PKIX_LISTCREATEFAILED);
- }
-
- PKIX_CHECK(pkix_Logger_Duplicate
- ((PKIX_PL_Object *)logger,
- (PKIX_PL_Object **)&dupLogger,
- plContext),
- PKIX_LOGGERDUPLICATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (pkixLoggers,
- (PKIX_PL_Object *) dupLogger,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength(pkixLoggers, &length, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- /* Reconstruct pkixLoggersErrors and pkixLoggersDebugTrace */
- for (i = 0; i < length; i++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (pkixLoggers,
- i,
- (PKIX_PL_Object **) &addLogger,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
-
- /* Put in pkixLoggersErrors */
-
- if (savedPkixLoggersErrors == NULL) {
-
- PKIX_CHECK(PKIX_List_Create
- (&savedPkixLoggersErrors,
- plContext),
- PKIX_LISTCREATEFAILED);
- }
-
- PKIX_CHECK(PKIX_List_AppendItem
- (savedPkixLoggersErrors,
- (PKIX_PL_Object *) addLogger,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- if (addLogger->maxLevel > PKIX_LOGGER_LEVEL_WARNING) {
-
- /* Put in pkixLoggersDebugTrace */
-
- if (savedPkixLoggersDebugTrace == NULL) {
-
- PKIX_CHECK(PKIX_List_Create
- (&savedPkixLoggersDebugTrace,
- plContext),
- PKIX_LISTCREATEFAILED);
- }
-
- PKIX_CHECK(PKIX_List_AppendItem
- (savedPkixLoggersDebugTrace,
- (PKIX_PL_Object *) addLogger,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- }
-
- PKIX_DECREF(addLogger);
-
- }
-
-cleanup:
-
- PKIX_DECREF(dupLogger);
- PKIX_DECREF(addLogger);
-
- /* Restore logging capability */
- pkixLoggersErrors = savedPkixLoggersErrors;
- pkixLoggersDebugTrace = savedPkixLoggersDebugTrace;
-
- if (locked) {
- PKIX_CHECK(PKIX_PL_MonitorLock_Exit(pkixLoggerLock, plContext),
- PKIX_MONITORLOCKEXITFAILED);
- }
-
- PKIX_RETURN(LOGGER);
-}
diff --git a/security/nss/lib/libpkix/pkix/util/pkix_logger.h b/security/nss/lib/libpkix/pkix/util/pkix_logger.h
deleted file mode 100644
index 5bad143e7..000000000
--- a/security/nss/lib/libpkix/pkix/util/pkix_logger.h
+++ /dev/null
@@ -1,90 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_logger.h
- *
- * Logger Object Type Definition
- *
- */
-
-#ifndef _PKIX_LOGGER_H
-#define _PKIX_LOGGER_H
-
-#include "pkix_tools.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-extern PKIX_List *pkixLoggers;
-extern PKIX_List *pkixLoggersErrors;
-extern PKIX_List *pkixLoggersDebugTrace;
-
-struct PKIX_LoggerStruct {
- PKIX_Logger_LogCallback callback;
- PKIX_PL_Object *context;
- PKIX_UInt32 maxLevel;
- PKIX_ERRORCLASS logComponent;
-};
-
-PKIX_Error *
-pkix_Logger_Check(
- PKIX_List *pkixLoggersList,
- const char *message,
- const char *message2,
- PKIX_ERRORCLASS logComponent,
- PKIX_UInt32 maxLevel,
- void *plContext);
-
-PKIX_Error *
-pkix_Logger_CheckWithCode(
- PKIX_List *pkixLoggersList,
- PKIX_UInt32 errorCode,
- const char *message2,
- PKIX_ERRORCLASS logComponent,
- PKIX_UInt32 maxLevel,
- void *plContext);
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_Logger_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_LOGGER_H */
diff --git a/security/nss/lib/libpkix/pkix/util/pkix_tools.c b/security/nss/lib/libpkix/pkix/util/pkix_tools.c
deleted file mode 100755
index 5fcdfb1b1..000000000
--- a/security/nss/lib/libpkix/pkix/util/pkix_tools.c
+++ /dev/null
@@ -1,1549 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_tools.c
- *
- * Private Utility Functions
- *
- */
-
-#include "pkix_tools.h"
-
-#define CACHE_ITEM_PERIOD_SECONDS (3600) /* one hour */
-
-/*
- * This cahce period is only for CertCache. A Cert from a trusted CertStore
- * should be checked more frequently for update new arrival, etc.
- */
-#define CACHE_TRUST_ITEM_PERIOD_SECONDS (CACHE_ITEM_PERIOD_SECONDS/10)
-
-extern PKIX_PL_HashTable *cachedCertChainTable;
-extern PKIX_PL_HashTable *cachedCertTable;
-extern PKIX_PL_HashTable *cachedCrlEntryTable;
-
-/* Following variables are used to checked cache hits - can be taken out */
-extern int pkix_ccAddCount;
-extern int pkix_ccLookupCount;
-extern int pkix_ccRemoveCount;
-extern int pkix_cAddCount;
-extern int pkix_cLookupCount;
-extern int pkix_cRemoveCount;
-extern int pkix_ceAddCount;
-extern int pkix_ceLookupCount;
-
-#ifdef PKIX_OBJECT_LEAK_TEST
-/* Following variables are used for object leak test */
-char *nonNullValue = "Non Empty Value";
-PKIX_Boolean noErrorState = PKIX_TRUE;
-PKIX_Boolean runningLeakTest;
-PKIX_Boolean errorGenerated;
-PKIX_UInt32 stackPosition;
-PKIX_UInt32 *fnStackInvCountArr;
-char **fnStackNameArr;
-PLHashTable *fnInvTable;
-PKIX_UInt32 testStartFnStackPosition;
-char *errorFnStackString;
-#endif /* PKIX_OBJECT_LEAK_TEST */
-
-/* --Private-Functions-------------------------------------------- */
-
-#ifdef PKIX_OBJECT_LEAK_TEST
-/*
- * FUNCTION: pkix_ErrorGen_Hash
- * DESCRIPTION:
- *
- * Hash function to be used in object leak test hash table.
- *
- */
-PLHashNumber PR_CALLBACK
-pkix_ErrorGen_Hash (const void *key)
-{
- char *str = NULL;
- PLHashNumber rv = (*(PRUint8*)key) << 5;
- PRUint32 i, counter = 0;
- PRUint8 *rvc = (PRUint8 *)&rv;
-
- while ((str = fnStackNameArr[counter++]) != NULL) {
- PRUint32 len = strlen(str);
- for( i = 0; i < len; i++ ) {
- rvc[ i % sizeof(rv) ] ^= *str;
- str++;
- }
- }
-
- return rv;
-}
-
-#endif /* PKIX_OBJECT_LEAK_TEST */
-
-/*
- * FUNCTION: pkix_IsCertSelfIssued
- * DESCRIPTION:
- *
- * Checks whether the Cert pointed to by "cert" is self-issued and stores the
- * Boolean result at "pSelfIssued". A Cert is considered self-issued if the
- * Cert's issuer matches the Cert's subject. If the subject or issuer is
- * not specified, a PKIX_FALSE is returned.
- *
- * PARAMETERS:
- * "cert"
- * Address of Cert used to determine whether Cert is self-issued.
- * Must be non-NULL.
- * "pSelfIssued"
- * Address where Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_IsCertSelfIssued(
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pSelfIssued,
- void *plContext)
-{
- PKIX_PL_X500Name *subject = NULL;
- PKIX_PL_X500Name *issuer = NULL;
-
- PKIX_ENTER(CERT, "pkix_IsCertSelfIssued");
- PKIX_NULLCHECK_TWO(cert, pSelfIssued);
-
- PKIX_CHECK(PKIX_PL_Cert_GetSubject(cert, &subject, plContext),
- PKIX_CERTGETSUBJECTFAILED);
-
- PKIX_CHECK(PKIX_PL_Cert_GetIssuer(cert, &issuer, plContext),
- PKIX_CERTGETISSUERFAILED);
-
- if (subject == NULL || issuer == NULL) {
- *pSelfIssued = PKIX_FALSE;
- } else {
-
- PKIX_CHECK(PKIX_PL_X500Name_Match
- (subject, issuer, pSelfIssued, plContext),
- PKIX_X500NAMEMATCHFAILED);
- }
-
-cleanup:
- PKIX_DECREF(subject);
- PKIX_DECREF(issuer);
-
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: pkix_Throw
- * DESCRIPTION:
- *
- * Creates an Error using the value of "errorCode", the character array
- * pointed to by "funcName", the character array pointed to by "errorText",
- * and the Error pointed to by "cause" (if any), and stores it at "pError".
- *
- * If "cause" is not NULL and has an errorCode of "PKIX_FATAL_ERROR",
- * then there is no point creating a new Error object. Rather, we simply
- * store "cause" at "pError".
- *
- * PARAMETERS:
- * "errorCode"
- * Value of error code.
- * "funcName"
- * Address of EscASCII array representing name of function throwing error.
- * Must be non-NULL.
- * "errnum"
- * PKIX_ERRMSGNUM of error description for new error.
- * "cause"
- * Address of Error representing error's cause.
- * "pError"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_Throw(
- PKIX_ERRORCLASS errorClass,
- const char *funcName,
- PKIX_ERRORCODE errorCode,
- PKIX_ERRORCLASS overrideClass,
- PKIX_Error *cause,
- PKIX_Error **pError,
- void *plContext)
-{
- PKIX_Error *error = NULL;
-
- PKIX_ENTER(ERROR, "pkix_Throw");
- PKIX_NULLCHECK_TWO(funcName, pError);
-
- *pError = NULL;
-
-#ifdef PKIX_OBJECT_LEAK_TEST
- noErrorState = PKIX_TRUE;
- if (pkixLog) {
-#ifdef PKIX_ERROR_DESCRIPTION
- PR_LOG(pkixLog, 4, ("Error in function \"%s\":\"%s\" with cause \"%s\"\n",
- funcName, PKIX_ErrorText[errorCode],
- (cause ? PKIX_ErrorText[cause->errCode] : "null")));
-#else
- PR_LOG(pkixLog, 4, ("Error in function \"%s\": error code \"%d\"\n",
- funcName, errorCode));
-#endif /* PKIX_ERROR_DESCRIPTION */
- PORT_Assert(strcmp(funcName, "PKIX_PL_Object_DecRef"));
- }
-#endif /* PKIX_OBJECT_LEAK_TEST */
-
- /* if cause has error class of PKIX_FATAL_ERROR, return immediately */
- if (cause) {
- if (cause->errClass == PKIX_FATAL_ERROR){
- PKIX_INCREF(cause);
- *pError = cause;
- goto cleanup;
- }
- }
-
- if (overrideClass == PKIX_FATAL_ERROR){
- errorClass = overrideClass;
- }
-
- pkixTempResult = PKIX_Error_Create(errorClass, cause, NULL,
- errorCode, &error, plContext);
-
- if (!pkixTempResult) {
- /* Setting plErr error code:
- * get it from PORT_GetError if it is a leaf error and
- * default error code does not exist(eq 0) */
- if (!cause && !error->plErr) {
- error->plErr = PKIX_PL_GetPLErrorCode();
- }
- }
-
- *pError = error;
-
-cleanup:
-
- PKIX_DEBUG_EXIT(ERROR);
- pkixErrorClass = 0;
-#ifdef PKIX_OBJECT_LEAK_TEST
- noErrorState = PKIX_FALSE;
-
- if (runningLeakTest && fnStackNameArr) {
- PR_LOG(pkixLog, 5,
- ("%s%*s<- %s(%d) - %s\n", (errorGenerated ? "*" : " "),
- stackPosition, " ", fnStackNameArr[stackPosition],
- stackPosition, myFuncName));
- fnStackNameArr[stackPosition--] = NULL;
- }
-#endif /* PKIX_OBJECT_LEAK_TEST */
- return (pkixTempResult);
-}
-
-/*
- * FUNCTION: pkix_CheckTypes
- * DESCRIPTION:
- *
- * Checks that the types of the Object pointed to by "first" and the Object
- * pointed to by "second" are both equal to the value of "type". If they
- * are not equal, a PKIX_Error is returned.
- *
- * PARAMETERS:
- * "first"
- * Address of first Object. Must be non-NULL.
- * "second"
- * Address of second Object. Must be non-NULL.
- * "type"
- * Value of type to check against.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_CheckTypes(
- PKIX_PL_Object *first,
- PKIX_PL_Object *second,
- PKIX_UInt32 type,
- void *plContext)
-{
- PKIX_UInt32 firstType, secondType;
-
- PKIX_ENTER(OBJECT, "pkix_CheckTypes");
- PKIX_NULLCHECK_TWO(first, second);
-
- PKIX_CHECK(PKIX_PL_Object_GetType(first, &firstType, plContext),
- PKIX_COULDNOTGETFIRSTOBJECTTYPE);
-
- PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
- PKIX_COULDNOTGETSECONDOBJECTTYPE);
-
- if ((firstType != type)||(firstType != secondType)) {
- PKIX_ERROR(PKIX_OBJECTTYPESDONOTMATCH);
- }
-
-cleanup:
-
- PKIX_RETURN(OBJECT);
-}
-
-/*
- * FUNCTION: pkix_CheckType
- * DESCRIPTION:
- *
- * Checks that the type of the Object pointed to by "object" is equal to the
- * value of "type". If it is not equal, a PKIX_Error is returned.
- *
- * PARAMETERS:
- * "object"
- * Address of Object. Must be non-NULL.
- * "type"
- * Value of type to check against.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_CheckType(
- PKIX_PL_Object *object,
- PKIX_UInt32 type,
- void *plContext)
-{
- return (pkix_CheckTypes(object, object, type, plContext));
-}
-
-/*
- * FUNCTION: pkix_hash
- * DESCRIPTION:
- *
- * Computes a hash value for "length" bytes starting at the array of bytes
- * pointed to by "bytes" and stores the result at "pHash".
- *
- * XXX To speed this up, we could probably read 32 bits at a time from
- * bytes (maybe even 64 bits on some platforms)
- *
- * PARAMETERS:
- * "bytes"
- * Address of array of bytes to hash. Must be non-NULL.
- * "length"
- * Number of bytes to hash.
- * "pHash"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_hash(
- const unsigned char *bytes,
- PKIX_UInt32 length,
- PKIX_UInt32 *pHash,
- void *plContext)
-{
- PKIX_UInt32 i;
- PKIX_UInt32 hash;
-
- PKIX_ENTER(OBJECT, "pkix_hash");
- PKIX_NULLCHECK_TWO(bytes, pHash);
-
- hash = 0;
- for (i = 0; i < length; i++) {
- /* hash = 31 * hash + bytes[i]; */
- hash = (hash << 5) - hash + bytes[i];
- }
-
- *pHash = hash;
-
- PKIX_RETURN(OBJECT);
-}
-
-/*
- * FUNCTION: pkix_countArray
- * DESCRIPTION:
- *
- * Counts the number of elements in the null-terminated array of pointers
- * pointed to by "array" and returns the result.
- *
- * PARAMETERS
- * "array"
- * Address of null-terminated array of pointers.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns the number of elements in the array.
- */
-PKIX_UInt32
-pkix_countArray(void **array)
-{
- PKIX_UInt32 count = 0;
-
- if (array) {
- while (*array++) {
- count++;
- }
- }
- return (count);
-}
-
-/*
- * FUNCTION: pkix_duplicateImmutable
- * DESCRIPTION:
- *
- * Convenience callback function used for duplicating immutable objects.
- * Since the objects can not be modified, this function simply increments the
- * reference count on the object, and returns a reference to that object.
- *
- * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
- */
-PKIX_Error *
-pkix_duplicateImmutable(
- PKIX_PL_Object *object,
- PKIX_PL_Object **pNewObject,
- void *plContext)
-{
- PKIX_ENTER(OBJECT, "pkix_duplicateImmutable");
- PKIX_NULLCHECK_TWO(object, pNewObject);
-
- PKIX_INCREF(object);
-
- *pNewObject = object;
-
-cleanup:
- PKIX_RETURN(OBJECT);
-}
-
-/* --String-Encoding-Conversion-Functions------------------------ */
-
-/*
- * FUNCTION: pkix_hex2i
- * DESCRIPTION:
- *
- * Converts hexadecimal character "c" to its integer value and returns result.
- *
- * PARAMETERS
- * "c"
- * Character to convert to a hex value.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * The hexadecimal value of "c". Otherwise -1. (Unsigned 0xFFFFFFFF).
- */
-PKIX_UInt32
-pkix_hex2i(char c)
-{
- if ((c >= '0')&&(c <= '9'))
- return (c-'0');
- else if ((c >= 'a')&&(c <= 'f'))
- return (c-'a'+10);
- else if ((c >= 'A')&&(c <= 'F'))
- return (c-'A'+10);
- else
- return ((PKIX_UInt32)(-1));
-}
-
-/*
- * FUNCTION: pkix_i2hex
- * DESCRIPTION:
- *
- * Converts integer value "digit" to its ASCII hex value
- *
- * PARAMETERS
- * "digit"
- * Value of integer to convert to ASCII hex value. Must be 0-15.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * The ASCII hexadecimal value of "digit".
- */
-char
-pkix_i2hex(char digit)
-{
- if ((digit >= 0)&&(digit <= 9))
- return (digit+'0');
- else if ((digit >= 0xa)&&(digit <= 0xf))
- return (digit - 10 + 'a');
- else
- return (-1);
-}
-
-/*
- * FUNCTION: pkix_isPlaintext
- * DESCRIPTION:
- *
- * Returns whether character "c" is plaintext using EscASCII or EscASCII_Debug
- * depending on the value of "debug".
- *
- * In EscASCII, [01, 7E] except '&' are plaintext.
- * In EscASCII_Debug [20, 7E] except '&' are plaintext.
- *
- * PARAMETERS:
- * "c"
- * Character to check.
- * "debug"
- * Value of debug flag.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * True if "c" is plaintext.
- */
-PKIX_Boolean
-pkix_isPlaintext(unsigned char c, PKIX_Boolean debug) {
- return ((c >= 0x01)&&(c <= 0x7E)&&(c != '&')&&(!debug || (c >= 20)));
-}
-
-/* --Cache-Functions------------------------ */
-
-/*
- * FUNCTION: pkix_CacheCertChain_Lookup
- * DESCRIPTION:
- *
- * Look up CertChain Hash Table for a cached BuildResult based on "targetCert"
- * and "anchors" as the hash keys. If there is no item to match the key,
- * PKIX_FALSE is stored at "pFound". If an item is found, its cache time is
- * compared to "testDate". If expired, the item is removed and PKIX_FALSE is
- * stored at "pFound". Otherwise, PKIX_TRUE is stored at "pFound" and the
- * BuildResult is stored at "pBuildResult".
- * The hashtable is maintained in the following ways:
- * 1) When creating the hashtable, maximum bucket size can be specified (0 for
- * unlimited). If items in a bucket reaches its full size, an new addition
- * will trigger the removal of the old as FIFO sequence.
- * 2) A PKIX_PL_Date created with current time offset by constant
- * CACHE_ITEM_PERIOD_SECONDS is attached to each item in the Hash Table.
- * When an item is retrieved, this date is compared against "testDate" for
- * validity. If comparison indicates this item is expired, the item is
- * removed from the bucket.
- *
- * PARAMETERS:
- * "targetCert"
- * Address of Target Cert as key to retrieve this CertChain. Must be
- * non-NULL.
- * "anchors"
- * Address of PKIX_List of "anchors" is used as key to retrive CertChain.
- * Must be non-NULL.
- * "testDate"
- * Address of PKIX_PL_Date for verifying time validity and cache validity.
- * May be NULL. If testDate is NULL, this cache item will not be out-dated.
- * "pFound"
- * Address of PKIX_Boolean indicating valid data is found.
- * Must be non-NULL.
- * "pBuildResult"
- * Address where BuildResult will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_CacheCertChain_Lookup(
- PKIX_PL_Cert* targetCert,
- PKIX_List* anchors,
- PKIX_PL_Date *testDate,
- PKIX_Boolean *pFound,
- PKIX_BuildResult **pBuildResult,
- void *plContext)
-{
- PKIX_List *cachedValues = NULL;
- PKIX_List *cachedKeys = NULL;
- PKIX_Error *cachedCertChainError = NULL;
- PKIX_PL_Date *cacheValidUntilDate = NULL;
- PKIX_PL_Date *validityDate = NULL;
- PKIX_Int32 cmpValidTimeResult = 0;
- PKIX_Int32 cmpCacheTimeResult = 0;
-
- PKIX_ENTER(BUILD, "pkix_CacheCertChain_Lookup");
-
- PKIX_NULLCHECK_FOUR(targetCert, anchors, pFound, pBuildResult);
-
- *pFound = PKIX_FALSE;
-
- /* use trust anchors and target cert as hash key */
-
- PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys,
- (PKIX_PL_Object *)targetCert,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys,
- (PKIX_PL_Object *)anchors,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- cachedCertChainError = PKIX_PL_HashTable_Lookup
- (cachedCertChainTable,
- (PKIX_PL_Object *) cachedKeys,
- (PKIX_PL_Object **) &cachedValues,
- plContext);
-
- pkix_ccLookupCount++;
-
- /* retrieve data from hashed value list */
-
- if (cachedValues != NULL && cachedCertChainError == NULL) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (cachedValues,
- 0,
- (PKIX_PL_Object **) &cacheValidUntilDate,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- /* check validity time and cache age time */
- PKIX_CHECK(PKIX_List_GetItem
- (cachedValues,
- 1,
- (PKIX_PL_Object **) &validityDate,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- /* if testDate is not set, this cache item is not out-dated */
- if (testDate) {
-
- PKIX_CHECK(PKIX_PL_Object_Compare
- ((PKIX_PL_Object *)testDate,
- (PKIX_PL_Object *)cacheValidUntilDate,
- &cmpCacheTimeResult,
- plContext),
- PKIX_OBJECTCOMPARATORFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_Compare
- ((PKIX_PL_Object *)testDate,
- (PKIX_PL_Object *)validityDate,
- &cmpValidTimeResult,
- plContext),
- PKIX_OBJECTCOMPARATORFAILED);
- }
-
- /* certs' date are all valid and cache item is not old */
- if (cmpValidTimeResult <= 0 && cmpCacheTimeResult <=0) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (cachedValues,
- 2,
- (PKIX_PL_Object **) pBuildResult,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- *pFound = PKIX_TRUE;
-
- } else {
-
- pkix_ccRemoveCount++;
- *pFound = PKIX_FALSE;
-
- /* out-dated item, remove it from cache */
- PKIX_CHECK(PKIX_PL_HashTable_Remove
- (cachedCertChainTable,
- (PKIX_PL_Object *) cachedKeys,
- plContext),
- PKIX_HASHTABLEREMOVEFAILED);
- }
- }
-
-cleanup:
-
- PKIX_DECREF(cachedValues);
- PKIX_DECREF(cachedKeys);
- PKIX_DECREF(cachedCertChainError);
- PKIX_DECREF(cacheValidUntilDate);
- PKIX_DECREF(validityDate);
-
- PKIX_RETURN(BUILD);
-
-}
-
-/*
- * FUNCTION: pkix_CacheCertChain_Remove
- * DESCRIPTION:
- *
- * Remove CertChain Hash Table entry based on "targetCert" and "anchors"
- * as the hash keys. If there is no item to match the key, no action is
- * taken.
- * The hashtable is maintained in the following ways:
- * 1) When creating the hashtable, maximum bucket size can be specified (0 for
- * unlimited). If items in a bucket reaches its full size, an new addition
- * will trigger the removal of the old as FIFO sequence.
- * 2) A PKIX_PL_Date created with current time offset by constant
- * CACHE_ITEM_PERIOD_SECONDS is attached to each item in the Hash Table.
- * When an item is retrieved, this date is compared against "testDate" for
- * validity. If comparison indicates this item is expired, the item is
- * removed from the bucket.
- *
- * PARAMETERS:
- * "targetCert"
- * Address of Target Cert as key to retrieve this CertChain. Must be
- * non-NULL.
- * "anchors"
- * Address of PKIX_List of "anchors" is used as key to retrive CertChain.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_CacheCertChain_Remove(
- PKIX_PL_Cert* targetCert,
- PKIX_List* anchors,
- void *plContext)
-{
- PKIX_List *cachedKeys = NULL;
-
- PKIX_ENTER(BUILD, "pkix_CacheCertChain_Remove");
- PKIX_NULLCHECK_TWO(targetCert, anchors);
-
- /* use trust anchors and target cert as hash key */
-
- PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys,
- (PKIX_PL_Object *)targetCert,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys,
- (PKIX_PL_Object *)anchors,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK_ONLY_FATAL(PKIX_PL_HashTable_Remove
- (cachedCertChainTable,
- (PKIX_PL_Object *) cachedKeys,
- plContext),
- PKIX_HASHTABLEREMOVEFAILED);
-
- pkix_ccRemoveCount++;
-
-cleanup:
-
- PKIX_DECREF(cachedKeys);
-
- PKIX_RETURN(BUILD);
-
-}
-
-/*
- * FUNCTION: pkix_CacheCertChain_Add
- * DESCRIPTION:
- *
- * Add a BuildResult to the CertChain Hash Table for a "buildResult" with
- * "targetCert" and "anchors" as the hash keys.
- * "validityDate" is the most restricted notAfter date of all Certs in
- * this CertChain and is verified when this BuildChain is retrieved.
- * The hashtable is maintained in the following ways:
- * 1) When creating the hashtable, maximum bucket size can be specified (0 for
- * unlimited). If items in a bucket reaches its full size, an new addition
- * will trigger the removal of the old as FIFO sequence.
- * 2) A PKIX_PL_Date created with current time offset by constant
- * CACHE_ITEM_PERIOD_SECONDS is attached to each item in the Hash Table.
- * When an item is retrieved, this date is compared against "testDate" for
- * validity. If comparison indicates this item is expired, the item is
- * removed from the bucket.
- *
- * PARAMETERS:
- * "targetCert"
- * Address of Target Cert as key to retrieve this CertChain. Must be
- * non-NULL.
- * "anchors"
- * Address of PKIX_List of "anchors" is used as key to retrive CertChain.
- * Must be non-NULL.
- * "validityDate"
- * Address of PKIX_PL_Date contains the most restriced notAfter time of
- * all "certs". Must be non-NULL.
- * Address of PKIX_Boolean indicating valid data is found.
- * Must be non-NULL.
- * "buildResult"
- * Address of BuildResult to be cached. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_CacheCertChain_Add(
- PKIX_PL_Cert* targetCert,
- PKIX_List* anchors,
- PKIX_PL_Date *validityDate,
- PKIX_BuildResult *buildResult,
- void *plContext)
-{
- PKIX_List *cachedValues = NULL;
- PKIX_List *cachedKeys = NULL;
- PKIX_Error *cachedCertChainError = NULL;
- PKIX_PL_Date *cacheValidUntilDate = NULL;
-
- PKIX_ENTER(BUILD, "pkix_CacheCertChain_Add");
-
- PKIX_NULLCHECK_FOUR(targetCert, anchors, validityDate, buildResult);
-
- PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys, (PKIX_PL_Object *)targetCert, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys, (PKIX_PL_Object *)anchors, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_List_Create(&cachedValues, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_Date_Create_CurrentOffBySeconds
- (CACHE_ITEM_PERIOD_SECONDS,
- &cacheValidUntilDate,
- plContext),
- PKIX_DATECREATECURRENTOFFBYSECONDSFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedValues,
- (PKIX_PL_Object *)cacheValidUntilDate,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedValues, (PKIX_PL_Object *)validityDate, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedValues, (PKIX_PL_Object *)buildResult, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- cachedCertChainError = PKIX_PL_HashTable_Add
- (cachedCertChainTable,
- (PKIX_PL_Object *) cachedKeys,
- (PKIX_PL_Object *) cachedValues,
- plContext);
-
- pkix_ccAddCount++;
-
- if (cachedCertChainError != NULL) {
- PKIX_DEBUG("PKIX_PL_HashTable_Add for CertChain skipped: "
- "entry existed\n");
- }
-
-cleanup:
-
- PKIX_DECREF(cachedValues);
- PKIX_DECREF(cachedKeys);
- PKIX_DECREF(cachedCertChainError);
- PKIX_DECREF(cacheValidUntilDate);
-
- PKIX_RETURN(BUILD);
-}
-
-/*
- * FUNCTION: pkix_CacheCert_Lookup
- * DESCRIPTION:
- *
- * Look up Cert Hash Table for a cached item based on "store" and Subject in
- * "certSelParams" as the hash keys and returns values Certs in "pCerts".
- * If there isn't an item to match the key, a PKIX_FALSE is returned at
- * "pFound". The item's cache time is verified with "testDate". If out-dated,
- * this item is removed and PKIX_FALSE is returned at "pFound".
- * This hashtable is maintained in the following ways:
- * 1) When creating the hashtable, maximum bucket size can be specified (0 for
- * unlimited). If items in a bucket reaches its full size, an new addition
- * will trigger the removal of the old as FIFO sequence.
- * 2) A PKIX_PL_Date created with current time offset by constant
- * CACHE_ITEM_PERIOD_SECONDS is attached to each item in the Hash Table.
- * If the CertStore this Cert is from is a trusted one, the cache period is
- * shorter so cache can be updated more frequently.
- * When an item is retrieved, this date is compared against "testDate" for
- * validity. If comparison indicates this item is expired, the item is
- * removed from the bucket.
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore as key to retrieve this CertChain. Must be
- * non-NULL.
- * "certSelParams"
- * Address of ComCertSelParams that its subject is used as key to retrieve
- * this CertChain. Must be non-NULL.
- * "testDate"
- * Address of PKIX_PL_Date for verifying time cache validity.
- * Must be non-NULL. If testDate is NULL, this cache item won't be out
- * dated.
- * "pFound"
- * Address of KPKIX_Boolean indicating valid data is found.
- * Must be non-NULL.
- * "pCerts"
- * Address PKIX_List where the CertChain will be stored. Must be no-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_CacheCert_Lookup(
- PKIX_CertStore *store,
- PKIX_ComCertSelParams *certSelParams,
- PKIX_PL_Date *testDate,
- PKIX_Boolean *pFound,
- PKIX_List** pCerts,
- void *plContext)
-{
- PKIX_PL_Cert *cert = NULL;
- PKIX_List *cachedKeys = NULL;
- PKIX_List *cachedValues = NULL;
- PKIX_List *cachedCertList = NULL;
- PKIX_List *selCertList = NULL;
- PKIX_PL_X500Name *subject = NULL;
- PKIX_PL_Date *invalidAfterDate = NULL;
- PKIX_PL_Date *cacheValidUntilDate = NULL;
- PKIX_CertSelector *certSel = NULL;
- PKIX_Error *cachedCertError = NULL;
- PKIX_Error *selectorError = NULL;
- PKIX_CertSelector_MatchCallback selectorMatch = NULL;
- PKIX_Int32 cmpValidTimeResult = PKIX_FALSE;
- PKIX_Int32 cmpCacheTimeResult = 0;
- PKIX_UInt32 numItems = 0;
- PKIX_UInt32 i;
-
- PKIX_ENTER(BUILD, "pkix_CacheCert_Lookup");
- PKIX_NULLCHECK_TWO(store, certSelParams);
- PKIX_NULLCHECK_TWO(pFound, pCerts);
-
- *pFound = PKIX_FALSE;
-
- PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys, (PKIX_PL_Object *)store, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetSubject
- (certSelParams, &subject, plContext),
- PKIX_COMCERTSELPARAMSGETSUBJECTFAILED);
-
- PKIX_NULLCHECK_ONE(subject);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys, (PKIX_PL_Object *)subject, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- cachedCertError = PKIX_PL_HashTable_Lookup
- (cachedCertTable,
- (PKIX_PL_Object *) cachedKeys,
- (PKIX_PL_Object **) &cachedValues,
- plContext);
- pkix_cLookupCount++;
-
- if (cachedValues != NULL && cachedCertError == NULL) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (cachedValues,
- 0,
- (PKIX_PL_Object **) &cacheValidUntilDate,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- if (testDate) {
- PKIX_CHECK(PKIX_PL_Object_Compare
- ((PKIX_PL_Object *)testDate,
- (PKIX_PL_Object *)cacheValidUntilDate,
- &cmpCacheTimeResult,
- plContext),
- PKIX_OBJECTCOMPARATORFAILED);
- }
-
- if (cmpCacheTimeResult <= 0) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (cachedValues,
- 1,
- (PKIX_PL_Object **) &cachedCertList,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- /*
- * Certs put on cache satifies only for Subject,
- * user selector and ComCertSelParams to filter.
- */
- PKIX_CHECK(PKIX_CertSelector_Create
- (NULL, NULL, &certSel, plContext),
- PKIX_CERTSELECTORCREATEFAILED);
-
- PKIX_CHECK(PKIX_CertSelector_SetCommonCertSelectorParams
- (certSel, certSelParams, plContext),
- PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED);
-
- PKIX_CHECK(PKIX_CertSelector_GetMatchCallback
- (certSel, &selectorMatch, plContext),
- PKIX_CERTSELECTORGETMATCHCALLBACKFAILED);
-
- PKIX_CHECK(PKIX_List_Create(&selCertList, plContext),
- PKIX_LISTCREATEFAILED);
-
- /*
- * If any of the Cert on the list is out-dated, invalidate
- * this cache item.
- */
- PKIX_CHECK(PKIX_List_GetLength
- (cachedCertList, &numItems, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (i = 0; i < numItems; i++){
-
- PKIX_CHECK(PKIX_List_GetItem
- (cachedCertList,
- i,
- (PKIX_PL_Object **)&cert,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(PKIX_PL_Cert_GetValidityNotAfter
- (cert, &invalidAfterDate, plContext),
- PKIX_CERTGETVALIDITYNOTAFTERFAILED);
-
- if (testDate) {
- PKIX_CHECK(PKIX_PL_Object_Compare
- ((PKIX_PL_Object *)invalidAfterDate,
- (PKIX_PL_Object *)testDate,
- &cmpValidTimeResult,
- plContext),
- PKIX_OBJECTCOMPARATORFAILED);
- }
-
- if (cmpValidTimeResult < 0) {
-
- pkix_cRemoveCount++;
- *pFound = PKIX_FALSE;
-
- /* one cert is out-dated, remove item from cache */
- PKIX_CHECK(PKIX_PL_HashTable_Remove
- (cachedCertTable,
- (PKIX_PL_Object *) cachedKeys,
- plContext),
- PKIX_HASHTABLEREMOVEFAILED);
- goto cleanup;
- }
-
- selectorError = selectorMatch(certSel, cert, plContext);
- if (!selectorError){
- /* put on the return list */
- PKIX_CHECK(PKIX_List_AppendItem
- (selCertList,
- (PKIX_PL_Object *)cert,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- } else {
- PKIX_DECREF(selectorError);
- }
-
- PKIX_DECREF(cert);
- PKIX_DECREF(invalidAfterDate);
-
- }
-
- if (*pFound) {
- PKIX_INCREF(selCertList);
- *pCerts = selCertList;
- }
-
- } else {
-
- pkix_cRemoveCount++;
- *pFound = PKIX_FALSE;
- /* cache item is out-dated, remove it from cache */
- PKIX_CHECK(PKIX_PL_HashTable_Remove
- (cachedCertTable,
- (PKIX_PL_Object *) cachedKeys,
- plContext),
- PKIX_HASHTABLEREMOVEFAILED);
- }
-
- }
-
-cleanup:
-
- PKIX_DECREF(subject);
- PKIX_DECREF(certSel);
- PKIX_DECREF(cachedKeys);
- PKIX_DECREF(cachedValues);
- PKIX_DECREF(cacheValidUntilDate);
- PKIX_DECREF(cert);
- PKIX_DECREF(cachedCertList);
- PKIX_DECREF(selCertList);
- PKIX_DECREF(invalidAfterDate);
- PKIX_DECREF(cachedCertError);
- PKIX_DECREF(selectorError);
-
- PKIX_RETURN(BUILD);
-}
-
-/*
- * FUNCTION: pkix_CacheCert_Add
- * DESCRIPTION:
- *
- * Add Cert Hash Table for a cached item based on "store" and Subject in
- * "certSelParams" as the hash keys and have "certs" as the key value.
- * This hashtable is maintained in the following ways:
- * 1) When creating the hashtable, maximum bucket size can be specified (0 for
- * unlimited). If items in a bucket reaches its full size, an new addition
- * will trigger the removal of the old as FIFO sequence.
- * 2) A PKIX_PL_Date created with current time offset by constant
- * CACHE_ITEM_PERIOD_SECONDS is attached to each item in the Hash Table.
- * If the CertStore this Cert is from is a trusted one, the cache period is
- * shorter so cache can be updated more frequently.
- * When an item is retrieved, this date is compared against "testDate" for
- * validity. If comparison indicates this item is expired, the item is
- * removed from the bucket.
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore as key to retrieve this CertChain. Must be
- * non-NULL.
- * "certSelParams"
- * Address of ComCertSelParams that its subject is used as key to retrieve
- * this CertChain. Must be non-NULL.
- * "certs"
- * Address PKIX_List of Certs will be stored. Must be no-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_CacheCert_Add(
- PKIX_CertStore *store,
- PKIX_ComCertSelParams *certSelParams,
- PKIX_List* certs,
- void *plContext)
-{
- PKIX_List *cachedKeys = NULL;
- PKIX_List *cachedValues = NULL;
- PKIX_PL_Date *cacheValidUntilDate = NULL;
- PKIX_PL_X500Name *subject = NULL;
- PKIX_Error *cachedCertError = NULL;
- PKIX_CertStore_CheckTrustCallback trustCallback = NULL;
- PKIX_UInt32 cachePeriod = CACHE_ITEM_PERIOD_SECONDS;
- PKIX_UInt32 numCerts = 0;
-
- PKIX_ENTER(BUILD, "pkix_CacheCert_Add");
- PKIX_NULLCHECK_THREE(store, certSelParams, certs);
-
- PKIX_CHECK(PKIX_List_GetLength(certs, &numCerts,
- plContext),
- PKIX_LISTGETLENGTHFAILED);
- if (numCerts == 0) {
- /* Don't want to add an empty list. */
- goto cleanup;
- }
-
- PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys, (PKIX_PL_Object *)store, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetSubject
- (certSelParams, &subject, plContext),
- PKIX_COMCERTSELPARAMSGETSUBJECTFAILED);
-
- PKIX_NULLCHECK_ONE(subject);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys, (PKIX_PL_Object *)subject, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_List_Create(&cachedValues, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_CertStore_GetTrustCallback
- (store, &trustCallback, plContext),
- PKIX_CERTSTOREGETTRUSTCALLBACKFAILED);
-
- if (trustCallback) {
- cachePeriod = CACHE_TRUST_ITEM_PERIOD_SECONDS;
- }
-
- PKIX_CHECK(PKIX_PL_Date_Create_CurrentOffBySeconds
- (cachePeriod, &cacheValidUntilDate, plContext),
- PKIX_DATECREATECURRENTOFFBYSECONDSFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedValues,
- (PKIX_PL_Object *)cacheValidUntilDate,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedValues,
- (PKIX_PL_Object *)certs,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- cachedCertError = PKIX_PL_HashTable_Add
- (cachedCertTable,
- (PKIX_PL_Object *) cachedKeys,
- (PKIX_PL_Object *) cachedValues,
- plContext);
-
- pkix_cAddCount++;
-
- if (cachedCertError != NULL) {
- PKIX_DEBUG("PKIX_PL_HashTable_Add for Certs skipped: "
- "entry existed\n");
- }
-
-cleanup:
-
- PKIX_DECREF(subject);
- PKIX_DECREF(cachedKeys);
- PKIX_DECREF(cachedValues);
- PKIX_DECREF(cacheValidUntilDate);
- PKIX_DECREF(cachedCertError);
-
- PKIX_RETURN(BUILD);
-}
-
-/*
- * FUNCTION: pkix_CacheCrlEntry_Lookup
- * DESCRIPTION:
- *
- * Look up CrlEntry Hash Table for a cached item based on "store",
- * "certIssuer" and "certSerialNumber" as the hash keys and returns values
- * "pCrls". If there isn't an item to match the key, a PKIX_FALSE is
- * returned at "pFound".
- * This hashtable is maintained in the following way:
- * 1) When creating the hashtable, maximum bucket size can be specified (0 for
- * unlimited). If items in a bucket reaches its full size, an new addition
- * will trigger the removal of the old as FIFO sequence.
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore as key to retrieve this CertChain. Must be
- * non-NULL.
- * "certIssuer"
- * Address of X500Name that is used as key to retrieve the CRLEntries.
- * Must be non-NULL.
- * "certSerialNumber"
- * Address of BigInt that is used as key to retrieve the CRLEntries.
- * Must be non-NULL.
- * "pFound"
- * Address of KPKIX_Boolean indicating valid data is found.
- * Must be non-NULL.
- * "pCrls"
- * Address PKIX_List where the CRLEntry will be stored. Must be no-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_CacheCrlEntry_Lookup(
- PKIX_CertStore *store,
- PKIX_PL_X500Name *certIssuer,
- PKIX_PL_BigInt *certSerialNumber,
- PKIX_Boolean *pFound,
- PKIX_List** pCrls,
- void *plContext)
-{
- PKIX_List *cachedKeys = NULL;
- PKIX_List *cachedCrlEntryList = NULL;
- PKIX_Error *cachedCrlEntryError = NULL;
-
- PKIX_ENTER(BUILD, "pkix_CacheCrlEntry_Lookup");
- PKIX_NULLCHECK_THREE(store, certIssuer, certSerialNumber);
- PKIX_NULLCHECK_TWO(pFound, pCrls);
-
- *pFound = PKIX_FALSE;
-
- /* Find CrlEntry(s) by issuer and serial number */
-
- PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys, (PKIX_PL_Object *)store, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys, (PKIX_PL_Object *)certIssuer, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys,
- (PKIX_PL_Object *)certSerialNumber,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- cachedCrlEntryError = PKIX_PL_HashTable_Lookup
- (cachedCrlEntryTable,
- (PKIX_PL_Object *) cachedKeys,
- (PKIX_PL_Object **) &cachedCrlEntryList,
- plContext);
- pkix_ceLookupCount++;
-
- /*
- * We don't need check Date to invalidate this cache item,
- * the item is uniquely defined and won't be reverted. Let
- * the FIFO for cleaning up.
- */
-
- if (cachedCrlEntryList != NULL && cachedCrlEntryError == NULL ) {
-
- PKIX_INCREF(cachedCrlEntryList);
- *pCrls = cachedCrlEntryList;
-
- *pFound = PKIX_TRUE;
-
- } else {
-
- *pFound = PKIX_FALSE;
- }
-
-cleanup:
-
- PKIX_DECREF(cachedKeys);
- PKIX_DECREF(cachedCrlEntryList);
- PKIX_DECREF(cachedCrlEntryError);
-
- PKIX_RETURN(BUILD);
-}
-
-/*
- * FUNCTION: pkix_CacheCrlEntry_Add
- * DESCRIPTION:
- *
- * Look up CrlEntry Hash Table for a cached item based on "store",
- * "certIssuer" and "certSerialNumber" as the hash keys and have "pCrls" as
- * the hash value. If there isn't an item to match the key, a PKIX_FALSE is
- * returned at "pFound".
- * This hashtable is maintained in the following way:
- * 1) When creating the hashtable, maximum bucket size can be specified (0 for
- * unlimited). If items in a bucket reaches its full size, an new addition
- * will trigger the removal of the old as FIFO sequence.
- *
- * PARAMETERS:
- * "store"
- * Address of CertStore as key to retrieve this CertChain. Must be
- * non-NULL.
- * "certIssuer"
- * Address of X500Name that is used as key to retrieve the CRLEntries.
- * Must be non-NULL.
- * "certSerialNumber"
- * Address of BigInt that is used as key to retrieve the CRLEntries.
- * Must be non-NULL.
- * "crls"
- * Address PKIX_List where the CRLEntry is stored. Must be no-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Error Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_CacheCrlEntry_Add(
- PKIX_CertStore *store,
- PKIX_PL_X500Name *certIssuer,
- PKIX_PL_BigInt *certSerialNumber,
- PKIX_List* crls,
- void *plContext)
-{
- PKIX_List *cachedKeys = NULL;
- PKIX_Error *cachedCrlEntryError = NULL;
-
- PKIX_ENTER(BUILD, "pkix_CacheCrlEntry_Add");
- PKIX_NULLCHECK_THREE(store, certIssuer, certSerialNumber);
- PKIX_NULLCHECK_ONE(crls);
-
- /* Add CrlEntry(s) by issuer and serial number */
-
- PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys, (PKIX_PL_Object *)store, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys, (PKIX_PL_Object *)certIssuer, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (cachedKeys,
- (PKIX_PL_Object *)certSerialNumber,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- cachedCrlEntryError = PKIX_PL_HashTable_Add
- (cachedCrlEntryTable,
- (PKIX_PL_Object *) cachedKeys,
- (PKIX_PL_Object *) crls,
- plContext);
- pkix_ceAddCount++;
-
-cleanup:
-
- PKIX_DECREF(cachedKeys);
- PKIX_DECREF(cachedCrlEntryError);
-
- PKIX_RETURN(BUILD);
-}
-
-#ifdef PKIX_OBJECT_LEAK_TEST
-
-/* TEST_START_FN and testStartFnStackPosition define at what state
- * of the stack the object leak testing should begin. The condition
- * in pkix_CheckForGeneratedError works the following way: do leak
- * testing if at position testStartFnStackPosition in stack array
- * (fnStackNameArr) we have called function TEST_START_FN.
- * Note, that stack array get filled only when executing libpkix
- * functions.
- * */
-#define TEST_START_FN "PKIX_BuildChain"
-
-PKIX_Error*
-pkix_CheckForGeneratedError(PKIX_StdVars * stdVars,
- PKIX_ERRORCLASS errClass,
- char * fnName,
- PKIX_Boolean *errSetFlag,
- void * plContext)
-{
- PKIX_Error *genErr = NULL;
- PKIX_UInt32 pos = 0;
- PKIX_UInt32 strLen = 0;
-
- if (fnName) {
- if (fnStackNameArr[testStartFnStackPosition] == NULL ||
- strcmp(fnStackNameArr[testStartFnStackPosition], TEST_START_FN)
- ) {
- /* return with out error if not with in boundary */
- return NULL;
- }
- if (!strcmp(fnName, TEST_START_FN)) {
- *errSetFlag = PKIX_TRUE;
- noErrorState = PKIX_FALSE;
- errorGenerated = PKIX_FALSE;
- }
- }
-
- if (noErrorState || errorGenerated) return NULL;
-
- if (fnName && (
- !strcmp(fnName, "PKIX_PL_Object_DecRef") ||
- !strcmp(fnName, "PKIX_PL_Object_Unlock") ||
- !strcmp(fnName, "pkix_UnlockObject") ||
- !strcmp(fnName, "pkix_Throw") ||
- !strcmp(fnName, "pkix_trace_dump_cert") ||
- !strcmp(fnName, "PKIX_PL_Free"))) {
- /* do not generate error for this functions */
- noErrorState = PKIX_TRUE;
- *errSetFlag = PKIX_TRUE;
- return NULL;
- }
-
- if (PL_HashTableLookup(fnInvTable, &fnStackInvCountArr[stackPosition - 1])) {
- return NULL;
- }
-
- PL_HashTableAdd(fnInvTable, &fnStackInvCountArr[stackPosition - 1], nonNullValue);
- errorGenerated = PKIX_TRUE;
- noErrorState = PKIX_TRUE;
- genErr = PKIX_DoThrow(stdVars, errClass, PKIX_MEMLEAKGENERATEDERROR,
- errClass, plContext);
- while(fnStackNameArr[pos]) {
- strLen += PORT_Strlen(fnStackNameArr[pos++]) + 1;
- }
- strLen += 1; /* end of line. */
- pos = 0;
- errorFnStackString = PORT_ZAlloc(strLen);
- while(fnStackNameArr[pos]) {
- strcat(errorFnStackString, "/");
- strcat(errorFnStackString, fnStackNameArr[pos++]);
- }
- noErrorState = PKIX_FALSE;
-
- return genErr;
-}
-#endif /* PKIX_OBJECT_LEAK_TEST */
diff --git a/security/nss/lib/libpkix/pkix/util/pkix_tools.h b/security/nss/lib/libpkix/pkix/util/pkix_tools.h
deleted file mode 100755
index 7ace5a329..000000000
--- a/security/nss/lib/libpkix/pkix/util/pkix_tools.h
+++ /dev/null
@@ -1,1611 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- * Red Hat, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_tools.h
- *
- * Header for Utility Functions and Macros
- *
- */
-
-#ifndef _PKIX_TOOLS_H
-#define _PKIX_TOOLS_H
-
-#include "pkix.h"
-#include <stddef.h>
-#include <stdio.h>
-#include "secport.h"
-#include "prlong.h"
-
-/* private PKIX system headers */
-#include "pkix_basicconstraintschecker.h"
-#include "pkix_buildresult.h"
-#include "pkix_certchainchecker.h"
-#include "pkix_certselector.h"
-#include "pkix_comcertselparams.h"
-#include "pkix_comcrlselparams.h"
-#include "pkix_crlselector.h"
-#include "pkix_error.h"
-#include "pkix_expirationchecker.h"
-#include "pkix_list.h"
-#include "pkix_logger.h"
-#include "pkix_namechainingchecker.h"
-#include "pkix_nameconstraintschecker.h"
-#include "pkix_policychecker.h"
-#include "pkix_policynode.h"
-#include "pkix_procparams.h"
-#include "pkix_resourcelimits.h"
-#include "pkix_revocationmethod.h"
-#include "pkix_revocationchecker.h"
-#include "pkix_crlchecker.h"
-#include "pkix_ocspchecker.h"
-#include "pkix_signaturechecker.h"
-#include "pkix_store.h"
-#include "pkix_targetcertchecker.h"
-#include "pkix_validate.h"
-#include "pkix_valresult.h"
-#include "pkix_verifynode.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct pkixStdVarsStr {
- const char *aMyFuncName;
- PKIX_Error *aPkixErrorResult;
- PKIX_Error *aPkixTempResult;
- PKIX_Error *aPkixReturnResult;
- PKIX_ERRORCODE aPkixErrorCode;
- PKIX_Boolean aPkixErrorReceived;
- PKIX_Boolean aPkixTempErrorReceived;
- PKIX_ERRORCLASS aPkixErrorClass;
- PKIX_UInt32 aPkixType;
- PKIX_PL_Object *aLockedObject;
- PKIX_List *aPkixErrorList;
-} PKIX_StdVars;
-
-#ifdef PKIX_STDVARS_POINTER
-#define myFuncName stdVars->aMyFuncName
-#define pkixErrorResult stdVars->aPkixErrorResult
-#define pkixTempResult stdVars->aPkixTempResult
-#define pkixReturnResult stdVars->aPkixReturnResult
-#define pkixErrorCode stdVars->aPkixErrorCode
-#define pkixErrorReceived stdVars->aPkixErrorReceived
-#define pkixTempErrorReceived stdVars->aPkixTempErrorReceived
-#define pkixErrorClass stdVars->aPkixErrorClass
-#define pkixType stdVars->aPkixType
-#define lockedObject stdVars->aLockedObject
-#define pkixErrorList stdVars->aPkixErrorList
-#define stdVarsPtr stdVars
-#else
-#define myFuncName stdVars.aMyFuncName
-#define pkixErrorResult stdVars.aPkixErrorResult
-#define pkixTempResult stdVars.aPkixTempResult
-#define pkixReturnResult stdVars.aPkixReturnResult
-#define pkixErrorCode stdVars.aPkixErrorCode
-#define pkixErrorReceived stdVars.aPkixErrorReceived
-#define pkixTempErrorReceived stdVars.aPkixTempErrorReceived
-#define pkixErrorClass stdVars.aPkixErrorClass
-#define pkixType stdVars.aPkixType
-#define lockedObject stdVars.aLockedObject
-#define pkixErrorList stdVars.aPkixErrorList
-#define stdVarsPtr &stdVars
-#endif
-
-extern PKIX_Error * PKIX_DoReturn(PKIX_StdVars * stdVars,
- PKIX_ERRORCLASS errClass,
- PKIX_Boolean doLogger,
- void * plContext);
-
-extern PKIX_Error * PKIX_DoThrow(PKIX_StdVars * stdVars,
- PKIX_ERRORCLASS errClass,
- PKIX_ERRORCODE errCode,
- PKIX_ERRORCLASS overrideClass,
- void * plContext);
-
-extern void PKIX_DoAddError(PKIX_StdVars * stdVars,
- PKIX_Error * error,
- void * plContext);
-
-#ifdef PKIX_OBJECT_LEAK_TEST
-extern PKIX_Error * pkix_CheckForGeneratedError(PKIX_StdVars * stdVars,
- PKIX_ERRORCLASS errClass,
- char * fnName,
- PKIX_Boolean *errorStateSet,
- void * plContext);
-#endif /* PKIX_OBJECT_LEAK_TEST */
-
-extern const PKIX_StdVars zeroStdVars;
-
-extern PRLogModuleInfo *pkixLog;
-
-/*
- * UTILITY MACROS
- * Documentation for these common utility macros can be found in the
- * Implementation Guidelines document (Section 4.3)
- *
- * In general, macros with multiple statements (or a single "if" statement)
- * use the "do {<body>} while (0)" technique in order to convert the multiple
- * statements into one statement, thus avoiding the dangling else problem.
- * For macros which ALWAYS exit with a "return" or "goto", there is no
- * need to use this technique (and it yields compiler warnings of "statement
- * not reached"), so we just use "{<body>}" to group the statements together.
- */
-
-#if !defined (PKIX_OBJECT_LEAK_TEST)
-
-#define PKIX_STD_VARS(funcName) \
- static const char cMyFuncName[] = {funcName}; \
- PKIX_StdVars stdVars = zeroStdVars; \
- myFuncName = cMyFuncName
-
-
-#else /* PKIX_OBJECT_LEAK_TEST */
-
-extern char **fnStackNameArr;
-extern PKIX_UInt32 *fnStackInvCountArr;
-extern PKIX_UInt32 stackPosition;
-extern PKIX_Boolean noErrorState;
-extern PKIX_Boolean errorGenerated;
-extern PKIX_Boolean runningLeakTest;
-extern PLHashTable *fnInvTable;
-extern PKIX_UInt32 testStartFnStackPosition;
-extern char *errorFnStackString;
-
-extern PLHashNumber PR_CALLBACK pkix_ErrorGen_Hash (const void *key);
-
-#define PKIX_STD_VARS(funcName) \
- static const char cMyFuncName[] = {funcName}; \
- PKIX_StdVars stdVars = zeroStdVars; \
- PKIX_Boolean errorSetFlag = PKIX_FALSE; \
- myFuncName = cMyFuncName; \
- if (runningLeakTest) { \
- if (fnStackNameArr) { \
- fnStackInvCountArr[stackPosition] += 1; \
- stackPosition += 1; \
- fnStackInvCountArr[stackPosition] = 0; \
- fnStackNameArr[stackPosition] = (char*)myFuncName; \
- fnStackNameArr[stackPosition + 1] = NULL; \
- PR_LOG(pkixLog, 5, \
- ("%s%*s+> %s(%d) - %s\n", (errorGenerated ? "*" : " "), \
- stackPosition, " ", fnStackNameArr[stackPosition], \
- stackPosition, myFuncName)); \
- } \
- do { \
- pkixErrorResult = pkix_CheckForGeneratedError(&stdVars, PKIX_MEM_ERROR, \
- funcName, &errorSetFlag, \
- plContext); \
- if (pkixErrorResult) { \
- PR_LOG(pkixLog, 5, \
- ("%s%*s<- %s(%d) - %s\n", (errorGenerated ? "*" : " "), \
- stackPosition, " ", fnStackNameArr[stackPosition], \
- stackPosition, myFuncName)); \
- fnStackNameArr[stackPosition--] = NULL; \
- if (errorSetFlag) { \
- noErrorState = (noErrorState) ? PKIX_FALSE : PKIX_TRUE; \
- } \
- return pkixErrorResult; \
- } \
- } while (0); \
- }
-#endif /* PKIX_OBJECT_LEAK_TEST */
-
-#ifdef DEBUG
-#define _PKIX_DEBUG_TRACE(cond, prefix, level) \
- do { \
- if (cond) { \
- pkix_Logger_Check(pkixLoggersDebugTrace, myFuncName, \
- prefix, pkixType, level, plContext); \
- } \
- } while (0)
-#else
-#define _PKIX_DEBUG_TRACE(cond, prefix, level)
-#endif
-
-#define _PKIX_LOG_ERROR(code, level) \
- { \
- if (pkixLoggersErrors) { \
- pkix_Logger_CheckWithCode(pkixLoggersErrors, code, \
- NULL, pkixType, level, plContext); \
- } \
- }
-
-#define PKIX_ENTER(type, funcName) \
- PKIX_STD_VARS(funcName); \
- pkixType = PKIX_ ## type ## _ERROR; \
- PKIX_DEBUG_ENTER(type); \
- _PKIX_DEBUG_TRACE(pkixLoggersDebugTrace, ">>>", PKIX_LOGGER_LEVEL_TRACE);
-
-#define PKIX_ENTER_NO_LOGGER(type, funcName) \
- PKIX_STD_VARS(funcName); \
- pkixType = PKIX_ ## type ## _ERROR; \
- PKIX_DEBUG_ENTER(type);
-
-#define PKIX_DEBUG_ENTER(type) \
- PKIX_ ## type ## _DEBUG_ARG("( Entering %s).\n", myFuncName)
-
-#define PKIX_DEBUG_EXIT(type) \
- PKIX_ ## type ## _DEBUG_ARG("( Exiting %s).\n", myFuncName)
-
-#define PKIX_OBJECT_UNLOCK(obj) \
- do { \
- if (obj && lockedObject == (PKIX_PL_Object *)(obj)){ \
- pkixTempResult = \
- PKIX_PL_Object_Unlock \
- ((PKIX_PL_Object *)(obj), plContext); \
- if (pkixTempResult) { \
- PKIX_DoAddError(stdVarsPtr, pkixTempResult, plContext); \
- pkixTempResult = NULL; \
- } \
- lockedObject = NULL; \
- } else { \
- PORT_Assert(lockedObject == NULL); \
- } \
- } while (0)
-
-#define PKIX_DECREF(obj) \
- do { \
- if (obj){ \
- pkixTempResult = PKIX_PL_Object_DecRef \
- ((PKIX_PL_Object *)(obj), plContext); \
- if (pkixTempResult) { \
- PKIX_DoAddError(stdVarsPtr, pkixTempResult, plContext); \
- pkixTempResult = NULL; \
- } \
- obj = NULL; \
- } \
- } while (0)
-
-#define PKIX_THROW(type, descNum) \
- return PKIX_DoThrow(&stdVars, (PKIX_ ## type ## _ERROR), descNum, \
- pkixErrorClass, plContext);
-
-#ifdef PKIX_OBJECT_LEAK_TEST
-#define PKIX_RETURN(type) \
- if (runningLeakTest && fnStackNameArr) { \
- PR_LOG(pkixLog, 5, \
- ("%s%*s<- %s(%d) - %s\n", (errorGenerated ? "*" : " "), \
- stackPosition, " ", fnStackNameArr[stackPosition], \
- stackPosition, myFuncName)); \
- fnStackNameArr[stackPosition--] = NULL; \
- if (errorSetFlag) noErrorState = (noErrorState) ? PKIX_FALSE : PKIX_TRUE; \
- } \
- return PKIX_DoReturn(&stdVars, (PKIX_ ## type ## _ERROR), PKIX_TRUE, plContext);
-#else
-#define PKIX_RETURN(type) \
- return PKIX_DoReturn(&stdVars, (PKIX_ ## type ## _ERROR), PKIX_TRUE, plContext);
-#endif /* PKIX_OBJECT_LEAK_TEST */
-
-
-#if defined(DEBUG) && !defined(DEBUG_nb95248)
-#define PKIX_RETURN_NO_LOGGER(type) \
- { \
- PKIX_OBJECT_UNLOCK(lockedObject); \
- if ((pkixErrorReceived) || (pkixErrorResult) || pkixErrorList) \
- PKIX_THROW(type, pkixErrorCode); \
- PKIX_DEBUG_EXIT(type); \
- return NULL; \
- }
-#else
-#define PKIX_RETURN_NO_LOGGER(type) \
- return PKIX_DoReturn(&stdVars, (PKIX_ ## type ## _ERROR), PKIX_FALSE, plContext);
-#endif
-
-/* disable to disable ;-) */
-/* #define WANT_TRACE_CHECK_FAILURES */
-
-#ifdef WANT_TRACE_CHECK_FAILURES
-#define TRACE_CHECK_FAILURE(what, errorstring) \
- if (pkixLog) { \
- PR_LOG(pkixLog, PR_LOG_DEBUG, \
- ("====> [%s] failed: %s\n", #what, errorstring)); \
- }
-#else
-#define TRACE_CHECK_FAILURE(what, errorstring)
-#endif
-
-#define PKIX_CHECK(func, descNum) \
- do { \
- pkixErrorResult = (func); \
- if (pkixErrorResult) { \
- TRACE_CHECK_FAILURE((func), PKIX_ErrorText[descNum]) \
- pkixErrorClass = pkixErrorResult->errClass; \
- pkixErrorCode = descNum; \
- goto cleanup; \
- } \
- } while (0)
-
-#define PKIX_CHECK_ONLY_FATAL(func, descNum) \
- do { \
- pkixTempErrorReceived = PKIX_FALSE; \
- pkixErrorResult = (func); \
- if (pkixErrorResult) { \
- TRACE_CHECK_FAILURE((func), PKIX_ErrorText[descNum]) \
- pkixTempErrorReceived = PKIX_TRUE; \
- pkixErrorClass = pkixErrorResult->errClass; \
- if (pkixErrorClass == PKIX_FATAL_ERROR) { \
- goto cleanup; \
- } \
- PKIX_DECREF(pkixErrorResult); \
- } \
- } while (0)
-
-#define PKIX_LOG_ERROR(descNum) \
- _PKIX_LOG_ERROR(descNum, PKIX_LOGGER_LEVEL_ERROR)
-
-#define PKIX_ERROR(descNum) \
- { \
- PKIX_LOG_ERROR(descNum) \
- pkixErrorReceived = PKIX_TRUE; \
- pkixErrorCode = descNum; \
- goto cleanup; \
- }
-
-#define PKIX_ERROR_ALLOC_ERROR() \
- { \
- PKIX_LOG_ERROR(PKIX_ALLOCERROR) \
- pkixErrorReceived = PKIX_TRUE; \
- pkixErrorResult = PKIX_ALLOC_ERROR(); \
- goto cleanup; \
- }
-
-#define PKIX_ERROR_FATAL(descNum) \
- { \
- pkixErrorReceived = PKIX_TRUE; \
- pkixErrorCode = descNum; \
- pkixErrorClass = PKIX_FATAL_ERROR; \
- _PKIX_LOG_ERROR(pkixErrorCode, PKIX_LOGGER_LEVEL_FATALERROR); \
- goto cleanup; \
- }
-
-#define PKIX_CHECK_FATAL(func, descNum) \
- do { \
- pkixErrorResult = (func); \
- if (pkixErrorResult) { \
- TRACE_CHECK_FAILURE((func), PKIX_ErrorText[descNum]) \
- pkixErrorReceived = PKIX_TRUE; \
- pkixErrorCode = descNum; \
- pkixErrorClass = PKIX_FATAL_ERROR; \
- _PKIX_LOG_ERROR(pkixErrorCode, PKIX_LOGGER_LEVEL_FATALERROR); \
- goto fatal; \
- } \
- } while (0)
-
-#define PKIX_NULLCHECK_ONE(a) \
- do { \
- if ((a) == NULL){ \
- pkixErrorReceived = PKIX_TRUE; \
- pkixErrorCode = PKIX_NULLARGUMENT; \
- PKIX_RETURN(FATAL); \
- } \
- } while (0)
-
-#define PKIX_NULLCHECK_TWO(a, b) \
- do { \
- if (((a) == NULL) || ((b) == NULL)){ \
- pkixErrorReceived = PKIX_TRUE; \
- pkixErrorCode = PKIX_NULLARGUMENT; \
- PKIX_RETURN(FATAL); \
- } \
- } while (0)
-
-#define PKIX_NULLCHECK_THREE(a, b, c) \
- do { \
- if (((a) == NULL) || ((b) == NULL) || ((c) == NULL)){ \
- pkixErrorReceived = PKIX_TRUE; \
- pkixErrorCode = PKIX_NULLARGUMENT; \
- PKIX_RETURN(FATAL); \
- } \
- } while (0)
-
-#define PKIX_NULLCHECK_FOUR(a, b, c, d) \
- do { \
- if (((a) == NULL) || ((b) == NULL) || \
- ((c) == NULL) || ((d) == NULL)){ \
- pkixErrorReceived = PKIX_TRUE; \
- pkixErrorCode = PKIX_NULLARGUMENT; \
- PKIX_RETURN(FATAL); \
- } \
- } while (0)
-
-#define PKIX_OBJECT_LOCK(obj) \
- do { \
- if (obj) { \
- pkixTempResult = \
- PKIX_PL_Object_Lock((PKIX_PL_Object*)(obj), plContext); \
- if (pkixTempResult) { \
- PKIX_DoAddError(stdVarsPtr, pkixTempResult, plContext); \
- pkixTempResult = NULL; \
- pkixErrorCode = PKIX_OBJECTLOCKFAILED; \
- goto cleanup; \
- } \
- lockedObject = (PKIX_PL_Object *)(obj); \
- } \
- } while (0)
-
-#define PKIX_ERROR_CREATE(type, descNum, error) \
- { \
- pkixTempResult = (PKIX_Error*)pkix_Throw \
- (PKIX_ ## type ## _ERROR, myFuncName, \
- descNum, PKIX_ ## type ## _ERROR, pkixErrorResult, \
- &error, plContext); \
- if (pkixTempResult) { \
- error = pkixTempResult; \
- pkixTempResult = NULL; \
- } \
- }
-
-
-#define PKIX_ERROR_RECEIVED \
- (pkixErrorReceived || pkixErrorResult || pkixTempErrorReceived || \
- pkixErrorList)
-
-#define PKIX_INCREF(obj) \
- do { \
- if (obj){ \
- pkixTempResult = PKIX_PL_Object_IncRef \
- ((PKIX_PL_Object *)(obj), plContext); \
- if (pkixTempResult) { \
- PKIX_DoAddError(&stdVars, pkixTempResult, plContext); \
- pkixTempResult = NULL; \
- goto cleanup; \
- } \
- } \
- } while (0)
-
-#define PKIX_FREE(obj) \
- do { \
- if (obj) { \
- pkixTempResult = PKIX_PL_Free((obj), plContext); \
- if (pkixTempResult) { \
- PKIX_DoAddError(&stdVars, pkixTempResult, plContext); \
- pkixTempResult = NULL; \
- } \
- obj = NULL; \
- } \
- } while (0)
-
-#define PKIX_EXACTLY_ONE_NULL(a, b) (((a) && !(b)) || ((b) && !(a)))
-
-/* DIGIT MACROS */
-
-#define PKIX_ISDIGIT(c) (((c) >= '0') && ((c) <= '9'))
-
-#define PKIX_ISXDIGIT(c) \
- (PKIX_ISDIGIT(c) || ( (((c)|0x20) >= 'a') && (((c)|0x20) <= 'f') ))
-
-#define PKIX_TOSTRING(a, b, c, d) \
- do { \
- int descNum; \
- if ((a) != NULL) { \
- pkixErrorResult = \
- PKIX_PL_Object_ToString((PKIX_PL_Object *)(a), (b), (c)); \
- descNum = (d); \
- } else { \
- pkixErrorResult = \
- PKIX_PL_String_Create(PKIX_ESCASCII, "(null)", 0, (b), (c)); \
- descNum = PKIX_STRINGCREATEFAILED; \
- } \
- PKIX_CHECK(pkixErrorResult, descNum); \
- } while (0)
-
-#define PKIX_EQUALS(a, b, c, d, e) \
- do { \
- if ((a) != NULL && (b) != NULL) { \
- PKIX_CHECK(PKIX_PL_Object_Equals\
- ((PKIX_PL_Object *)(a), \
- (PKIX_PL_Object*)(b), \
- (c), \
- (d)), \
- (e)); \
- } else if ((a) == NULL && (b) == NULL) { \
- *(c) = PKIX_TRUE; \
- } else { \
- *(c) = PKIX_FALSE; \
- } \
- } while (0)
-
-#define PKIX_HASHCODE(a, b, c, d) \
- do { \
- if ((a) != NULL) { \
- PKIX_CHECK(PKIX_PL_Object_Hashcode\
- ((PKIX_PL_Object *)(a), (b), (c)), (d)); \
- } else { \
- *(b) = 0; \
- } \
- } while (0)
-
-#define PKIX_DUPLICATE(a, b, c, d) \
- do { \
- if ((a) != NULL) { \
- PKIX_CHECK(PKIX_PL_Object_Duplicate\
- ((PKIX_PL_Object *)(a), \
- (PKIX_PL_Object **)(b), \
- (c)), \
- (d)); \
- } else { \
- *(b) = (a); \
- } \
- } while (0)
-
-/*
- * DEBUG MACROS
- *
- * Each type has an associated debug flag, which can
- * be set on the compiler line using "-D<debugflag>". For convenience,
- * "-DPKIX_DEBUGALL" turns on debug for all the components.
- *
- * If a type's debug flag is defined, then its two associated macros
- * are defined: PKIX_type_DEBUG(expr) and PKIX_type_DEBUG_ARG(expr, arg),
- * which call PKIX_DEBUG(expr) and PKIX_DEBUG_ARG(expr, arg) respectively,
- * which, in turn, enable standard and consistently formatted output.
- *
- * If a type's debug flag is not defined, the two associated macros
- * are defined as a NO-OP. As such, any PKIX_type_DEBUG or PKIX_type_DEBUG_ARG
- * macros for an undefined type will be stripped from the code during
- * pre-processing, thereby reducing code size.
- */
-
-#ifdef PKIX_DEBUGALL
-#define PKIX_REFCOUNTDEBUG 1
-#define PKIX_MEMDEBUG 1
-#define PKIX_MUTEXDEBUG 1
-#define PKIX_OBJECTDEBUG 1
-#define PKIX_STRINGDEBUG 1
-#define PKIX_OIDDEBUG 1
-#define PKIX_LISTDEBUG 1
-#define PKIX_ERRORDEBUG 1
-#define PKIX_BYTEARRAYDEBUG 1
-#define PKIX_RWLOCKDEBUG 1
-#define PKIX_BIGINTDEBUG 1
-#define PKIX_HASHTABLEDEBUG 1
-#define PKIX_X500NAMEDEBUG 1
-#define PKIX_GENERALNAMEDEBUG 1
-#define PKIX_PUBLICKEYDEBUG 1
-#define PKIX_CERTDEBUG 1
-#define PKIX_HTTPCLIENTDEBUG 1
-#define PKIX_DATEDEBUG 1
-#define PKIX_TRUSTANCHORDEBUG 1
-#define PKIX_PROCESSINGPARAMSDEBUG 1
-#define PKIX_VALIDATEPARAMSDEBUG 1
-#define PKIX_VALIDATERESULTDEBUG 1
-#define PKIX_VALIDATEDEBUG 1
-#define PKIX_CERTCHAINCHECKERDEBUG 1
-#define PKIX_REVOCATIONCHECKERDEBUG 1
-#define PKIX_CERTSELECTORDEBUG 1
-#define PKIX_COMCERTSELPARAMSDEBUG 1
-#define PKIX_TARGETCERTCHECKERSTATEDEBUG 1
-#define PKIX_INITIALIZEPARAMSDEBUG 1
-#define PKIX_CERTBASICCONSTRAINTSDEBUG 1
-#define PKIX_CERTNAMECONSTRAINTSDEBUG 1
-#define PKIX_CERTNAMECONSTRAINTSCHECKERSTATEDEBUG 1
-#define PKIX_SUBJALTNAMECHECKERSTATEDEBUG 1
-
-#define PKIX_CERTPOLICYQUALIFIERDEBUG 1
-#define PKIX_CERTPOLICYINFODEBUG 1
-#define PKIX_CERTPOLICYNODEDEBUG 1
-#define PKIX_CERTPOLICYCHECKERSTATEDEBUG 1
-#define PKIX_LIFECYCLEDEBUG 1
-#define PKIX_BASICCONSTRAINTSCHECKERSTATEDEBUG 1
-#define PKIX_CRLDEBUG 1
-#define PKIX_CRLENTRYDEBUG 1
-#define PKIX_CRLSELECTORDEBUG 1
-#define PKIX_COMCRLSELPARAMSDEBUG 1
-#define PKIX_CERTSTOREDEBUG 1
-#define PKIX_COLLECTIONCERTSTORECONTEXTDEBUG 1
-#define PKIX_DEFAULTCRLCHECKERSTATEDEBUG 1
-#define PKIX_CERTPOLICYMAPDEBUG 1
-#define PKIX_BUILDDEBUG 1
-#define PKIX_BUILDRESULTDEBUG 1
-#define PKIX_FORWARDBUILDERSTATEDEBUG 1
-#define PKIX_SIGNATURECHECKERSTATEDEBUG 1
-#define PKIX_USERDEFINEDMODULESDEBUG 1
-#define PKIX_CONTEXTDEBUG 1
-#define PKIX_DEFAULTREVOCATIONCHECKERDEBUG 1
-#define PKIX_LDAPREQUESTDEBUG 1
-#define PKIX_LDAPRESPONSEDEBUG 1
-#define PKIX_LDAPCLIENTDEBUG 1
-#define PKIX_LDAPDEFAULTCLIENTDEBUG 1
-#define PKIX_SOCKETDEBUG 1
-#define PKIX_RESOURCELIMITSDEBUG 1
-#define PKIX_LOGGERDEBUG 1
-#define PKIX_MONITORLOCKDEBUG 1
-#define PKIX_INFOACCESSDEBUG 1
-#define PKIX_AIAMGRDEBUG 1
-#define PKIX_OCSPCHECKERDEBUG 1
-#define PKIX_OCSPREQUESTDEBUG 1
-#define PKIX_OCSPRESPONSEDEBUG 1
-#define PKIX_HTTPDEFAULTCLIENTDEBUG 1
-#define PKIX_HTTPCERTSTORECONTEXTDEBUG 1
-#define PKIX_VERIFYNODEDEBUG 1
-#endif
-
-/*
- * XXX Both PKIX_DEBUG and PKIX_DEBUG_ARG currently use printf.
- * This needs to be replaced with Loggers.
- */
-
-#ifdef DEBUG
-#define PKIX_DEBUG(expr) \
- do { \
- _PKIX_DEBUG_TRACE(pkixLoggersErrors, expr, PKIX_LOGGER_LEVEL_DEBUG); \
- (void) fprintf(stderr, "(%s: ", myFuncName); \
- (void) fprintf(stderr, expr); \
- } while (0)
-#else
-#define PKIX_DEBUG(expr)
-#endif
-
-/* Logging doesn't support DEBUG with ARG: cannot convert control and arg */
-#define PKIX_DEBUG_ARG(expr, arg) \
- do { \
- (void) printf("(%s: ", myFuncName); \
- (void) printf(expr, arg); \
- } while (0)
-
-#if PKIX_FATALDEBUG
-#define PKIX_FATAL_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_FATAL_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_FATAL_DEBUG(expr)
-#define PKIX_FATAL_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_REFCOUNTDEBUG
-#define PKIX_REF_COUNT_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_REF_COUNT_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_REF_COUNT_DEBUG(expr)
-#define PKIX_REF_COUNT_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_MEMDEBUG
-#define PKIX_MEM_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_MEM_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_MEM_DEBUG(expr)
-#define PKIX_MEM_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_MUTEXDEBUG
-#define PKIX_MUTEX_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_MUTEX_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_MUTEX_DEBUG(expr)
-#define PKIX_MUTEX_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_OBJECTDEBUG
-#define PKIX_OBJECT_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_OBJECT_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_OBJECT_DEBUG(expr)
-#define PKIX_OBJECT_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_ERRORDEBUG
-#define PKIX_ERROR_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_ERROR_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_ERROR_DEBUG(expr)
-#define PKIX_ERROR_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_STRINGDEBUG
-#define PKIX_STRING_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_STRING_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_STRING_DEBUG(expr)
-#define PKIX_STRING_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_OIDDEBUG
-#define PKIX_OID_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_OID_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_OID_DEBUG(expr)
-#define PKIX_OID_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_LISTDEBUG
-#define PKIX_LIST_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_LIST_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_LIST_DEBUG(expr)
-#define PKIX_LIST_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_RWLOCKDEBUG
-#define PKIX_RWLOCK_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_RWLOCK_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_RWLOCK_DEBUG(expr)
-#define PKIX_RWLOCK_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_BYTEARRAYDEBUG
-#define PKIX_BYTEARRAY_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_BYTEARRAY_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_BYTEARRAY_DEBUG(expr)
-#define PKIX_BYTEARRAY_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_HASHTABLEDEBUG
-#define PKIX_HASHTABLE_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_HASHTABLE_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_HASHTABLE_DEBUG(expr)
-#define PKIX_HASHTABLE_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_X500NAMEDEBUG
-#define PKIX_X500NAME_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_X500NAME_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_X500NAME_DEBUG(expr)
-#define PKIX_X500NAME_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_GENERALNAMEDEBUG
-#define PKIX_GENERALNAME_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_GENERALNAME_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_GENERALNAME_DEBUG(expr)
-#define PKIX_GENERALNAME_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_PUBLICKEYDEBUG
-#define PKIX_PUBLICKEY_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_PUBLICKEY_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_PUBLICKEY_DEBUG(expr)
-#define PKIX_PUBLICKEY_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_CERTDEBUG
-#define PKIX_CERT_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_CERT_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_CERT_DEBUG(expr)
-#define PKIX_CERT_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_CRLDPDEBUG
-#define PKIX_CRLDP_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_CRLDP_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_CRLDP_DEBUG(expr)
-#define PKIX_CRLDP_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_HTTPCLIENTDEBUG
-#define PKIX_HTTPCLIENT_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_HTTPCLIENT_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_HTTPCLIENT_DEBUG(expr)
-#define PKIX_HTTPCLIENT_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_BIGINTDEBUG
-#define PKIX_BIGINT_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_BIGINT_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_BIGINT_DEBUG(expr)
-#define PKIX_BIGINT_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_DATEDEBUG
-#define PKIX_DATE_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_DATE_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_DATE_DEBUG(expr)
-#define PKIX_DATE_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_TRUSTANCHORDEBUG
-#define PKIX_TRUSTANCHOR_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_TRUSTANCHOR_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_TRUSTANCHOR_DEBUG(expr)
-#define PKIX_TRUSTANCHOR_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_PROCESSINGPARAMSDEBUG
-#define PKIX_PROCESSINGPARAMS_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_PROCESSINGPARAMS_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_PROCESSINGPARAMS_DEBUG(expr)
-#define PKIX_PROCESSINGPARAMS_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_VALIDATEPARAMSDEBUG
-#define PKIX_VALIDATEPARAMS_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_VALIDATEPARAMS_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_VALIDATEPARAMS_DEBUG(expr)
-#define PKIX_VALIDATEPARAMS_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_VALIDATERESULTDEBUG
-#define PKIX_VALIDATERESULT_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_VALIDATERESULT_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_VALIDATERESULT_DEBUG(expr)
-#define PKIX_VALIDATERESULT_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_VALIDATEDEBUG
-#define PKIX_VALIDATE_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_VALIDATE_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_VALIDATE_DEBUG(expr)
-#define PKIX_VALIDATE_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_BUILDDEBUG
-#define PKIX_BUILD_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_BUILD_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_BUILD_DEBUG(expr)
-#define PKIX_BUILD_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_CERTCHAINCHECKERDEBUG
-#define PKIX_CERTCHAINCHECKER_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_CERTCHAINCHECKER_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_CERTCHAINCHECKER_DEBUG(expr)
-#define PKIX_CERTCHAINCHECKER_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_REVOCATIONCHECKERDEBUG
-#define PKIX_REVOCATIONCHECKER_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_REVOCATIONCHECKER_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_REVOCATIONCHECKER_DEBUG(expr)
-#define PKIX_REVOCATIONCHECKER_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_REVOCATIONMETHODDEBUG
-#define PKIX_REVOCATIONMETHOD_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_REVOCATIONMETHOD_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_REVOCATIONMETHOD_DEBUG(expr)
-#define PKIX_REVOCATIONMETHOD_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_CERTSELECTORDEBUG
-#define PKIX_CERTSELECTOR_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_CERTSELECTOR_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_CERTSELECTOR_DEBUG(expr)
-#define PKIX_CERTSELECTOR_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_COMCERTSELPARAMSDEBUG
-#define PKIX_COMCERTSELPARAMS_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_COMCERTSELPARAMS_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_COMCERTSELPARAMS_DEBUG(expr)
-#define PKIX_COMCERTSELPARAMS_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_TARGETCERTCHECKERSTATEDEBUG
-#define PKIX_TARGETCERTCHECKERSTATE_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_TARGETCERTCHECKERSTATE_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_TARGETCERTCHECKERSTATE_DEBUG(expr)
-#define PKIX_TARGETCERTCHECKERSTATE_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_BASICCONSTRAINTSCHECKERSTATEDEBUG
-#define PKIX_BASICCONSTRAINTSCHECKERSTATE_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_BASICCONSTRAINTSCHECKERSTATE_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_BASICCONSTRAINTSCHECKERSTATE_DEBUG(expr)
-#define PKIX_BASICCONSTRAINTSCHECKERSTATE_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_INITIALIZEPARAMSDEBUG
-#define PKIX_INITIALIZEPARAMS_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_INITIALIZEPARAMS_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_INITIALIZEPARAMS_DEBUG(expr)
-#define PKIX_INITIALIZEPARAMS_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_CERTBASICCONSTRAINTSDEBUG
-#define PKIX_CERTBASICCONSTRAINTS_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_CERTBASICCONSTRAINTS_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_CERTBASICCONSTRAINTS_DEBUG(expr)
-#define PKIX_CERTBASICCONSTRAINTS_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_CERTNAMECONSTRAINTSDEBUG
-#define PKIX_CERTNAMECONSTRAINTS_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_CERTNAMECONSTRAINTS_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_CERTNAMECONSTRAINTS_DEBUG(expr)
-#define PKIX_CERTNAMECONSTRAINTS_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_CERTNAMECONSTRAINTSCHECKERSTATEDEBUG
-#define PKIX_CERTNAMECONSTRAINTSCHECKERSTATE_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_CERTNAMECONSTRAINTSCHECKERSTATE_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_CERTNAMECONSTRAINTSCHECKERSTATE_DEBUG(expr)
-#define PKIX_CERTNAMECONSTRAINTSCHECKERSTATE_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_SUBJALTNAMECHECKERSTATEDEBUG
-#define PKIX_SUBJALTNAMECHECKERSTATE_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_SUBJALTNAMECHECKERSTATE_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_SUBJALTNAMECHECKERSTATE_DEBUG(expr)
-#define PKIX_SUBJALTNAMECHECKERSTATE_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_CERTPOLICYQUALIFIERDEBUG
-#define PKIX_CERTPOLICYQUALIFIER_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_CERTPOLICYQUALIFIER_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_CERTPOLICYQUALIFIER_DEBUG(expr)
-#define PKIX_CERTPOLICYQUALIFIER_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_CERTPOLICYINFODEBUG
-#define PKIX_CERTPOLICYINFO_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_CERTPOLICYINFO_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_CERTPOLICYINFO_DEBUG(expr)
-#define PKIX_CERTPOLICYINFO_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_CERTPOLICYNODEDEBUG
-#define PKIX_CERTPOLICYNODE_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_CERTPOLICYNODE_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_CERTPOLICYNODE_DEBUG(expr)
-#define PKIX_CERTPOLICYNODE_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
-#define PKIX_CERTPOLICYCHECKERSTATE_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_CERTPOLICYCHECKERSTATE_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_CERTPOLICYCHECKERSTATE_DEBUG(expr)
-#define PKIX_CERTPOLICYCHECKERSTATE_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_LIFECYCLEDEBUG
-#define PKIX_LIFECYCLE_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_LIFECYCLE_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_LIFECYCLE_DEBUG(expr)
-#define PKIX_LIFECYCLE_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_BASICCONSTRAINTSCHECKERSTATEDEBUG
-#define PKIX_BASICCONSTRAINTSCHECKERSTATE_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_BASICCONSTRAINTSCHECKERSTATE_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_BASICCONSTRAINTSCHECKERSTATE_DEBUG(expr)
-#define PKIX_BASICCONSTRAINTSCHECKERSTATE_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_CRLDEBUG
-#define PKIX_CRL_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_CRL_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_CRL_DEBUG(expr)
-#define PKIX_CRL_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_CRLENTRYDEBUG
-#define PKIX_CRLENTRY_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_CRLENTRY_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_CRLENTRY_DEBUG(expr)
-#define PKIX_CRLENTRY_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_CRLSELECTORDEBUG
-#define PKIX_CRLSELECTOR_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_CRLSELECTOR_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_CRLSELECTOR_DEBUG(expr)
-#define PKIX_CRLSELECTOR_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_COMCRLSELPARAMSDEBUG
-#define PKIX_COMCRLSELPARAMS_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_COMCRLSELPARAMS_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_COMCRLSELPARAMS_DEBUG(expr)
-#define PKIX_COMCRLSELPARAMS_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_CERTSTOREDEBUG
-#define PKIX_CERTSTORE_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_CERTSTORE_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_CERTSTORE_DEBUG(expr)
-#define PKIX_CERTSTORE_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_COLLECTIONCERTSTORECONTEXTDEBUG
-#define PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG(expr)
-#define PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_CRLCHECKERDEBUG
-#define PKIX_CRLCHECKER_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_CRLCHECKER_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_CRLCHECKER_DEBUG(expr)
-#define PKIX_CRLCHECKER_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_CERTPOLICYMAPDEBUG
-#define PKIX_CERTPOLICYMAP_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_CERTPOLICYMAP_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_CERTPOLICYMAP_DEBUG(expr)
-#define PKIX_CERTPOLICYMAP_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_BUILDRESULTDEBUG
-#define PKIX_BUILDRESULT_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_BUILDRESULT_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_BUILDRESULT_DEBUG(expr)
-#define PKIX_BUILDRESULT_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_FORWARDBUILDERSTATEDEBUG
-#define PKIX_FORWARDBUILDERSTATE_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_FORWARDBUILDERSTATE_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_FORWARDBUILDERSTATE_DEBUG(expr)
-#define PKIX_FORWARDBUILDERSTATE_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_SIGNATURECHECKERSTATEDEBUG
-#define PKIX_SIGNATURECHECKERSTATE_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_SIGNATURECHECKERSTATE_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_SIGNATURECHECKERSTATE_DEBUG(expr)
-#define PKIX_SIGNATURECHECKERSTATE_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_USERDEFINEDMODULESDEBUG
-#define PKIX_USERDEFINEDMODULES_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_USERDEFINEDMODULES_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_USERDEFINEDMODULES_DEBUG(expr)
-#define PKIX_USERDEFINEDMODULES_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_CONTEXTDEBUG
-#define PKIX_CONTEXT_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_CONTEXT_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_CONTEXT_DEBUG(expr)
-#define PKIX_CONTEXT_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_REVOCATIONCHECKERDEBUG
-#define PKIX_REVOCATIONCHECKER_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_REVOCATIONCHECKER_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_REVOCATIONCHECKER_DEBUG(expr)
-#define PKIX_REVOCATIONCHECKER_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_LDAPREQUESTDEBUG
-#define PKIX_LDAPREQUEST_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_LDAPREQUEST_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_LDAPREQUEST_DEBUG(expr)
-#define PKIX_LDAPREQUEST_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_LDAPRESPONSEDEBUG
-#define PKIX_LDAPRESPONSE_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_LDAPRESPONSE_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_LDAPRESPONSE_DEBUG(expr)
-#define PKIX_LDAPRESPONSE_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_LDAPCLIENTDEBUG
-#define PKIX_LDAPCLIENT_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_LDAPCLIENT_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_LDAPCLIENT_DEBUG(expr)
-#define PKIX_LDAPCLIENT_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_LDAPDEFAULTCLIENTDEBUG
-#define PKIX_LDAPDEFAULTCLIENT_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_LDAPDEFAULTCLIENT_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_LDAPDEFAULTCLIENT_DEBUG(expr)
-#define PKIX_LDAPDEFAULTCLIENT_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_SOCKETDEBUG
-#define PKIX_SOCKET_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_SOCKET_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_SOCKET_DEBUG(expr)
-#define PKIX_SOCKET_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_RESOURCELIMITSDEBUG
-#define PKIX_RESOURCELIMITS_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_RESOURCELIMITS_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_RESOURCELIMITS_DEBUG(expr)
-#define PKIX_RESOURCELIMITS_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_LOGGERDEBUG
-#define PKIX_LOGGER_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_LOGGER_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_LOGGER_DEBUG(expr)
-#define PKIX_LOGGER_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_MONITORLOCKDEBUG
-#define PKIX_MONITORLOCK_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_MONITORLOCK_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_MONITORLOCK_DEBUG(expr)
-#define PKIX_MONITORLOCK_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_INFOACCESSDEBUG
-#define PKIX_INFOACCESS_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_INFOACCESS_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_INFOACCESS_DEBUG(expr)
-#define PKIX_INFOACCESS_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_AIAMGRDEBUG
-#define PKIX_AIAMGR_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_AIAMGR_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_AIAMGR_DEBUG(expr)
-#define PKIX_AIAMGR_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_OCSPCHECKERDEBUG
-#define PKIX_OCSPCHECKER_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_OCSPCHECKER_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_OCSPCHECKER_DEBUG(expr)
-#define PKIX_OCSPCHECKER_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_OCSPCERTIDDEBUG
-#define PKIX_OCSPCERTID_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_OCSPCERTID_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_OCSPCERTID_DEBUG(expr)
-#define PKIX_OCSPCERTID_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_OCSPREQUESTDEBUG
-#define PKIX_OCSPREQUEST_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_OCSPREQUEST_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_OCSPREQUEST_DEBUG(expr)
-#define PKIX_OCSPREQUEST_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_OCSPRESPONSEDEBUG
-#define PKIX_OCSPRESPONSE_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_OCSPRESPONSE_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_OCSPRESPONSE_DEBUG(expr)
-#define PKIX_OCSPRESPONSE_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_HTTPDEFAULTCLIENTDEBUG
-#define PKIX_HTTPDEFAULTCLIENT_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_HTTPDEFAULTCLIENT_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_HTTPDEFAULTCLIENT_DEBUG(expr)
-#define PKIX_HTTPDEFAULTCLIENT_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_HTTPCERTSTORECONTEXTDEBUG
-#define PKIX_HTTPCERTSTORECONTEXT_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_HTTPCERTSTORECONTEXT_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_HTTPCERTSTORECONTEXT_DEBUG(expr)
-#define PKIX_HTTPCERTSTORECONTEXT_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_VERIFYNODEDEBUG
-#define PKIX_VERIFYNODE_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_VERIFYNODE_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_VERIFYNODE_DEBUG(expr)
-#define PKIX_VERIFYNODE_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_EKUCHECKER
-#define PKIX_EKUCHECKER_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_EKUCHECKER_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_EKUCHECKER_DEBUG(expr)
-#define PKIX_EKUCHECKER_DEBUG_ARG(expr, arg)
-#endif
-
-#if PKIX_CERTVFYPKIXDEBUG
-#define PKIX_CERTVFYPKIX_DEBUG(expr) \
- PKIX_DEBUG(expr)
-#define PKIX_CERTVFYPKIX_DEBUG_ARG(expr, arg) \
- PKIX_DEBUG_ARG(expr, arg)
-#else
-#define PKIX_CERTVFYPKIX_DEBUG(expr)
-#define PKIX_CERTVFYPKIX_DEBUG_ARG(expr, arg)
-#endif
-
-/*
- * All object types register themselves with the system using a
- * pkix_ClassTable_Entry, which consists of a set of functions for that
- * type and an ASCII string (char *) which is used by the default
- * ToStringCallback (if necessary). System types register themselves directly
- * when their respective PKIX_"type"_RegisterSelf functions are called.
- * User-defined types can be registered using PKIX_PL_Object_RegisterType.
- * (see comments in pkix_pl_system.h)
- */
-
-typedef struct pkix_ClassTable_EntryStruct pkix_ClassTable_Entry;
-struct pkix_ClassTable_EntryStruct {
- char *description;
- PKIX_Int32 objCounter;
- PKIX_Int32 typeObjectSize;
- PKIX_PL_DestructorCallback destructor;
- PKIX_PL_EqualsCallback equalsFunction;
- PKIX_PL_HashcodeCallback hashcodeFunction;
- PKIX_PL_ToStringCallback toStringFunction;
- PKIX_PL_ComparatorCallback comparator;
- PKIX_PL_DuplicateCallback duplicateFunction;
-};
-
-/*
- * PKIX_ERRORCLASSNAMES is an array of strings, with each string holding a
- * descriptive name for an error code. This is used by the default
- * PKIX_PL_Error_ToString function.
- */
-extern const char *PKIX_ERRORCLASSNAMES[PKIX_NUMERRORCLASSES];
-
-#define MAX_STACK_DEPTH 1000
-
-extern PRLogModuleInfo *pkixLog;
-
-#define PKIX_MAGIC_HEADER LL_INIT(0xFEEDC0FF, 0xEEFACADE)
-#define PKIX_MAGIC_HEADER_DESTROYED LL_INIT(0xBAADF00D, 0xDEADBEEF)
-
-/* see source file for function documentation */
-
-PKIX_Error *
-pkix_IsCertSelfIssued(
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pSelfIssued,
- void *plContext);
-
-PKIX_Error *
-pkix_Throw(
- PKIX_ERRORCLASS errClass,
- const char *funcName,
- PKIX_ERRORCODE errorTextCode,
- PKIX_ERRORCLASS overrideClass,
- PKIX_Error *cause,
- PKIX_Error **pError,
- void *plContext);
-
-PKIX_Error *
-pkix_CheckTypes(
- PKIX_PL_Object *first,
- PKIX_PL_Object *second,
- PKIX_UInt32 type,
- void *plContext);
-
-PKIX_Error *
-pkix_CheckType(
- PKIX_PL_Object *object,
- PKIX_UInt32 type,
- void *plContext);
-
-PKIX_Error *
-pkix_hash(
- const unsigned char *bytes,
- PKIX_UInt32 length,
- PKIX_UInt32 *hash,
- void *plContext);
-
-PKIX_Error *
-pkix_duplicateImmutable(
- PKIX_PL_Object *object,
- PKIX_PL_Object **pNewObject,
- void *plContext);
-
-PKIX_UInt32
-pkix_countArray(void **array);
-
-PKIX_UInt32
-pkix_hex2i(char c);
-
-char
-pkix_i2hex(char c);
-
-PKIX_Boolean
-pkix_isPlaintext(unsigned char c, PKIX_Boolean debug);
-
-PKIX_Error *
-pkix_CacheCertChain_Lookup(
- PKIX_PL_Cert* targetCert,
- PKIX_List* anchors,
- PKIX_PL_Date *testDate,
- PKIX_Boolean *pFound,
- PKIX_BuildResult **pBuildResult,
- void *plContext);
-
-PKIX_Error *
-pkix_CacheCertChain_Remove(
- PKIX_PL_Cert* targetCert,
- PKIX_List* anchors,
- void *plContext);
-
-PKIX_Error *
-pkix_CacheCertChain_Add(
- PKIX_PL_Cert* targetCert,
- PKIX_List* anchors,
- PKIX_PL_Date *validityDate,
- PKIX_BuildResult *buildResult,
- void *plContext);
-
-PKIX_Error *
-pkix_CacheCert_Lookup(
- PKIX_CertStore *store,
- PKIX_ComCertSelParams *certSelParams,
- PKIX_PL_Date *testDate,
- PKIX_Boolean *pFound,
- PKIX_List** pCerts,
- void *plContext);
-
-PKIX_Error *
-pkix_CacheCert_Add(
- PKIX_CertStore *store,
- PKIX_ComCertSelParams *certSelParams,
- PKIX_List* certs,
- void *plContext);
-
-PKIX_Error *
-pkix_CacheCrlEntry_Lookup(
- PKIX_CertStore *store,
- PKIX_PL_X500Name *certIssuer,
- PKIX_PL_BigInt *certSerialNumber,
- PKIX_Boolean *pFound,
- PKIX_List** pCrlEntryList,
- void *plContext);
-
-PKIX_Error *
-pkix_CacheCrlEntry_Add(
- PKIX_CertStore *store,
- PKIX_PL_X500Name *certIssuer,
- PKIX_PL_BigInt *certSerialNumber,
- PKIX_List* crlEntryList,
- void *plContext);
-
-#ifdef PR_LOGGING
-void
-pkix_trace_dump_cert(
- const char *info,
- PKIX_PL_Cert *cert,
- void *plContext);
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_TOOLS_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/Makefile b/security/nss/lib/libpkix/pkix_pl_nss/Makefile
deleted file mode 100755
index a06b8bed4..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/Makefile
+++ /dev/null
@@ -1,81 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/config.mk b/security/nss/lib/libpkix/pkix_pl_nss/config.mk
deleted file mode 100755
index 6f3fb7b4b..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/config.mk
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/manifest.mn b/security/nss/lib/libpkix/pkix_pl_nss/manifest.mn
deleted file mode 100755
index dfc2b3ae4..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/manifest.mn
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../../..
-DEPTH = ../../../..
-
-#
-DIRS = pki system module \
- $(NULL)
-
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/Makefile b/security/nss/lib/libpkix/pkix_pl_nss/module/Makefile
deleted file mode 100755
index a06b8bed4..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/Makefile
+++ /dev/null
@@ -1,81 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/config.mk b/security/nss/lib/libpkix/pkix_pl_nss/module/config.mk
deleted file mode 100755
index 6f3fb7b4b..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/config.mk
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/manifest.mn b/security/nss/lib/libpkix/pkix_pl_nss/module/manifest.mn
deleted file mode 100755
index c757dfe94..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/manifest.mn
+++ /dev/null
@@ -1,81 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../../../..
-
-EXPORTS = \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- pkix_pl_aiamgr.h \
- pkix_pl_colcertstore.h \
- pkix_pl_httpcertstore.h \
- pkix_pl_httpdefaultclient.h \
- pkix_pl_ldapt.h \
- pkix_pl_ldapcertstore.h \
- pkix_pl_ldapresponse.h \
- pkix_pl_ldaprequest.h \
- pkix_pl_ldapdefaultclient.h \
- pkix_pl_nsscontext.h \
- pkix_pl_pk11certstore.h \
- pkix_pl_socket.h \
- $(NULL)
-
-MODULE = nss
-
-DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\"
-
-
-CSRCS = \
- pkix_pl_aiamgr.c \
- pkix_pl_colcertstore.c \
- pkix_pl_httpcertstore.c \
- pkix_pl_httpdefaultclient.c \
- pkix_pl_ldaptemplates.c \
- pkix_pl_ldapcertstore.c \
- pkix_pl_ldapresponse.c \
- pkix_pl_ldaprequest.c \
- pkix_pl_ldapdefaultclient.c \
- pkix_pl_nsscontext.c \
- pkix_pl_pk11certstore.c \
- pkix_pl_socket.c \
- $(NULL)
-
-REQUIRES = dbm
-
-LIBRARY_NAME = pkixmodule
-
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c
deleted file mode 100644
index 4b2fa9189..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c
+++ /dev/null
@@ -1,704 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_aiamgr.c
- *
- * AIAMgr Object Definitions
- *
- */
-
-#include "pkix_pl_aiamgr.h"
-extern PKIX_PL_HashTable *aiaConnectionCache;
-
-/* --Virtual-LdapClient-Functions------------------------------------ */
-
-PKIX_Error *
-PKIX_PL_LdapClient_InitiateRequest(
- PKIX_PL_LdapClient *client,
- LDAPRequestParams *requestParams,
- void **pNBIO,
- PKIX_List **pResponse,
- void *plContext)
-{
- PKIX_ENTER(LDAPCLIENT, "PKIX_PL_LdapClient_InitiateRequest");
- PKIX_NULLCHECK_TWO(client, client->initiateFcn);
-
- PKIX_CHECK(client->initiateFcn
- (client, requestParams, pNBIO, pResponse, plContext),
- PKIX_LDAPCLIENTINITIATEREQUESTFAILED);
-cleanup:
-
- PKIX_RETURN(LDAPCLIENT);
-
-}
-
-PKIX_Error *
-PKIX_PL_LdapClient_ResumeRequest(
- PKIX_PL_LdapClient *client,
- void **pNBIO,
- PKIX_List **pResponse,
- void *plContext)
-{
- PKIX_ENTER(LDAPCLIENT, "PKIX_PL_LdapClient_ResumeRequest");
- PKIX_NULLCHECK_TWO(client, client->resumeFcn);
-
- PKIX_CHECK(client->resumeFcn
- (client, pNBIO, pResponse, plContext),
- PKIX_LDAPCLIENTRESUMEREQUESTFAILED);
-cleanup:
-
- PKIX_RETURN(LDAPCLIENT);
-
-}
-
-/* --Private-AIAMgr-Functions----------------------------------*/
-
-/*
- * FUNCTION: pkix_pl_AIAMgr_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_pki.h)
- */
-static PKIX_Error *
-pkix_pl_AIAMgr_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_AIAMgr *aiaMgr = NULL;
-
- PKIX_ENTER(AIAMGR, "pkix_pl_AIAMgr_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_AIAMGR_TYPE, plContext),
- PKIX_OBJECTNOTAIAMGR);
-
- aiaMgr = (PKIX_PL_AIAMgr *)object;
-
- /* pointer to cert cache */
- /* pointer to crl cache */
- aiaMgr->method = 0;
- aiaMgr->aiaIndex = 0;
- aiaMgr->numAias = 0;
- PKIX_DECREF(aiaMgr->aia);
- PKIX_DECREF(aiaMgr->location);
- PKIX_DECREF(aiaMgr->results);
- PKIX_DECREF(aiaMgr->client.ldapClient);
-
-cleanup:
-
- PKIX_RETURN(AIAMGR);
-}
-
-/*
- * FUNCTION: pkix_pl_AIAMgr_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_AIAMGR_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_AIAMgr_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry *entry = &systemClasses[PKIX_AIAMGR_TYPE];
-
- PKIX_ENTER(AIAMGR, "pkix_pl_AIAMgr_RegisterSelf");
-
- entry->description = "AIAMgr";
- entry->typeObjectSize = sizeof(PKIX_PL_AIAMgr);
- entry->destructor = pkix_pl_AIAMgr_Destroy;
-
- PKIX_RETURN(AIAMGR);
-}
-
-/*
- * FUNCTION: pkix_pl_AiaMgr_FindLDAPClient
- * DESCRIPTION:
- *
- * This function checks the collection of LDAPClient connections held by the
- * AIAMgr pointed to by "aiaMgr" for one matching the domain name given by
- * "domainName". The string may include a port number: e.g., "betty.nist.gov"
- * or "nss.red.iplanet.com:1389". If a match is found, that LDAPClient is
- * stored at "pClient". Otherwise, an LDAPClient is created and added to the
- * collection, and then stored at "pClient".
- *
- * PARAMETERS:
- * "aiaMgr"
- * The AIAMgr whose LDAPClient connected are to be managed. Must be
- * non-NULL.
- * "domainName"
- * Address of a string pointing to a server name. Must be non-NULL.
- * "pClient"
- * Address at which the returned LDAPClient is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an AIAMgr Error if the function fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_AiaMgr_FindLDAPClient(
- PKIX_PL_AIAMgr *aiaMgr,
- char *domainName,
- PKIX_PL_LdapClient **pClient,
- void *plContext)
-{
- PKIX_PL_String *domainString = NULL;
- PKIX_PL_LdapDefaultClient *client = NULL;
-
- PKIX_ENTER(AIAMGR, "pkix_pl_AiaMgr_FindLDAPClient");
- PKIX_NULLCHECK_THREE(aiaMgr, domainName, pClient);
-
- /* create PKIX_PL_String from domain name */
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, domainName, 0, &domainString, plContext),
- PKIX_STRINGCREATEFAILED);
-
- /* Is this domainName already in cache? */
- PKIX_CHECK(PKIX_PL_HashTable_Lookup
- (aiaConnectionCache,
- (PKIX_PL_Object *)domainString,
- (PKIX_PL_Object **)&client,
- plContext),
- PKIX_HASHTABLELOOKUPFAILED);
-
- if (client == NULL) {
-
- /* No, create a connection (and cache it) */
- PKIX_CHECK(PKIX_PL_LdapDefaultClient_CreateByName
- (domainName,
- /* Do not use NBIO until we verify, that
- * it is working. For now use 1 min timeout. */
- PR_SecondsToInterval(
- ((PKIX_PL_NssContext*)plContext)->timeoutSeconds),
- NULL,
- &client,
- plContext),
- PKIX_LDAPDEFAULTCLIENTCREATEBYNAMEFAILED);
-
- PKIX_CHECK(PKIX_PL_HashTable_Add
- (aiaConnectionCache,
- (PKIX_PL_Object *)domainString,
- (PKIX_PL_Object *)client,
- plContext),
- PKIX_HASHTABLEADDFAILED);
-
- }
-
- *pClient = (PKIX_PL_LdapClient *)client;
-
-cleanup:
-
- PKIX_DECREF(domainString);
-
- PKIX_RETURN(AIAMGR);
-}
-
-PKIX_Error *
-pkix_pl_AIAMgr_GetHTTPCerts(
- PKIX_PL_AIAMgr *aiaMgr,
- PKIX_PL_InfoAccess *ia,
- void **pNBIOContext,
- PKIX_List **pCerts,
- void *plContext)
-{
- PKIX_PL_GeneralName *location = NULL;
- PKIX_PL_String *locationString = NULL;
- PKIX_UInt32 len = 0;
- PRUint16 port = 0;
- const SEC_HttpClientFcn *httpClient = NULL;
- const SEC_HttpClientFcnV1 *hcv1 = NULL;
- SECStatus rv = SECFailure;
- SEC_HTTP_SERVER_SESSION serverSession = NULL;
- SEC_HTTP_REQUEST_SESSION requestSession = NULL;
- char *path = NULL;
- char *hostname = NULL;
- char *locationAscii = NULL;
- void *nbio = NULL;
- PRUint16 responseCode = 0;
- const char *responseContentType = NULL;
- const char *responseData = NULL;
-
- PKIX_ENTER(AIAMGR, "pkix_pl_AIAMgr_GetHTTPCerts");
- PKIX_NULLCHECK_FOUR(aiaMgr, ia, pNBIOContext, pCerts);
-
- nbio = *pNBIOContext;
- *pNBIOContext = NULL;
- *pCerts = NULL;
-
- if (nbio == NULL) { /* a new request */
-
- PKIX_CHECK(PKIX_PL_InfoAccess_GetLocation
- (ia, &location, plContext),
- PKIX_INFOACCESSGETLOCATIONFAILED);
-
- /* find or create httpClient = default client */
- httpClient = SEC_GetRegisteredHttpClient();
- aiaMgr->client.hdata.httpClient = httpClient;
-
- if (httpClient->version == 1) {
-
- PKIX_UInt32 timeout =
- ((PKIX_PL_NssContext*)plContext)->timeoutSeconds;
-
- hcv1 = &(httpClient->fcnTable.ftable1);
-
- /* create server session */
- PKIX_TOSTRING(location, &locationString, plContext,
- PKIX_GENERALNAMETOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (locationString,
- PKIX_ESCASCII,
- (void **)&locationAscii,
- &len,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
-
- rv = CERT_ParseURL(locationAscii, &hostname, &port,
- &path);
- if ((rv != SECSuccess) ||
- (hostname == NULL) ||
- (path == NULL)) {
- PKIX_ERROR(PKIX_URLPARSINGFAILED);
- }
-
- rv = (*hcv1->createSessionFcn)(hostname, port,
- &serverSession);
- if (rv != SECSuccess) {
- PKIX_ERROR(PKIX_HTTPCLIENTCREATESESSIONFAILED);
- }
-
- aiaMgr->client.hdata.serverSession = serverSession;
-
- /* create request session */
- rv = (*hcv1->createFcn)(serverSession, "http", path,
- "GET", PR_SecondsToInterval(timeout),
- &requestSession);
- if (rv != SECSuccess) {
- PKIX_ERROR(PKIX_HTTPSERVERERROR);
- }
-
- aiaMgr->client.hdata.requestSession = requestSession;
- } else {
- PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT);
- }
- }
-
- httpClient = aiaMgr->client.hdata.httpClient;
-
- if (httpClient->version == 1) {
- PRUint32 responseDataLen =
- ((PKIX_PL_NssContext*)plContext)->maxResponseLength;
-
- hcv1 = &(httpClient->fcnTable.ftable1);
- requestSession = aiaMgr->client.hdata.requestSession;
-
- /* trySendAndReceive */
- rv = (*hcv1->trySendAndReceiveFcn)(requestSession,
- (PRPollDesc **)&nbio,
- &responseCode,
- (const char **)&responseContentType,
- NULL, /* &responseHeaders */
- (const char **)&responseData,
- &responseDataLen);
-
- if (rv != SECSuccess) {
- PKIX_ERROR(PKIX_HTTPSERVERERROR);
- }
-
- if (nbio != 0) {
- *pNBIOContext = nbio;
- goto cleanup;
- }
-
- PKIX_CHECK(pkix_pl_HttpCertStore_ProcessCertResponse
- (responseCode,
- responseContentType,
- responseData,
- responseDataLen,
- pCerts,
- plContext),
- PKIX_HTTPCERTSTOREPROCESSCERTRESPONSEFAILED);
-
- /* Session and request cleanup in case of success */
- if (aiaMgr->client.hdata.requestSession != NULL) {
- (*hcv1->freeFcn)(aiaMgr->client.hdata.requestSession);
- aiaMgr->client.hdata.requestSession = NULL;
- }
- if (aiaMgr->client.hdata.serverSession != NULL) {
- (*hcv1->freeSessionFcn)(aiaMgr->client.hdata.serverSession);
- aiaMgr->client.hdata.serverSession = NULL;
- }
- aiaMgr->client.hdata.httpClient = 0; /* callback fn */
-
- } else {
- PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT);
- }
-
-cleanup:
- /* Session and request cleanup in case of error. Passing through without cleanup
- * if interrupted by blocked IO. */
- if (PKIX_ERROR_RECEIVED && aiaMgr) {
- if (aiaMgr->client.hdata.requestSession != NULL) {
- (*hcv1->freeFcn)(aiaMgr->client.hdata.requestSession);
- aiaMgr->client.hdata.requestSession = NULL;
- }
- if (aiaMgr->client.hdata.serverSession != NULL) {
- (*hcv1->freeSessionFcn)(aiaMgr->client.hdata.serverSession);
- aiaMgr->client.hdata.serverSession = NULL;
- }
- aiaMgr->client.hdata.httpClient = 0; /* callback fn */
- }
-
- PKIX_DECREF(location);
- PKIX_DECREF(locationString);
-
- if (locationAscii) {
- PORT_Free(locationAscii);
- }
- if (hostname) {
- PORT_Free(hostname);
- }
- if (path) {
- PORT_Free(path);
- }
-
- PKIX_RETURN(AIAMGR);
-}
-
-PKIX_Error *
-pkix_pl_AIAMgr_GetLDAPCerts(
- PKIX_PL_AIAMgr *aiaMgr,
- PKIX_PL_InfoAccess *ia,
- void **pNBIOContext,
- PKIX_List **pCerts,
- void *plContext)
-{
- PKIX_List *result = NULL;
- PKIX_PL_GeneralName *location = NULL;
- PKIX_PL_LdapClient *client = NULL;
- LDAPRequestParams request;
- PRArenaPool *arena = NULL;
- char *domainName = NULL;
- void *nbio = NULL;
-
- PKIX_ENTER(AIAMGR, "pkix_pl_AIAMgr_GetLDAPCerts");
- PKIX_NULLCHECK_FOUR(aiaMgr, ia, pNBIOContext, pCerts);
-
- nbio = *pNBIOContext;
- *pNBIOContext = NULL;
- *pCerts = NULL;
-
- if (nbio == NULL) { /* a new request */
-
- /* Initiate an LDAP request */
-
- request.scope = WHOLE_SUBTREE;
- request.derefAliases = NEVER_DEREF;
- request.sizeLimit = 0;
- request.timeLimit = 0;
-
- PKIX_CHECK(PKIX_PL_InfoAccess_GetLocation
- (ia, &location, plContext),
- PKIX_INFOACCESSGETLOCATIONFAILED);
-
- /*
- * Get a short-lived arena. We'll be done with
- * this space once the request is encoded.
- */
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!arena) {
- PKIX_ERROR_FATAL(PKIX_OUTOFMEMORY);
- }
-
- PKIX_CHECK(pkix_pl_InfoAccess_ParseLocation
- (location, arena, &request, &domainName, plContext),
- PKIX_INFOACCESSPARSELOCATIONFAILED);
-
- PKIX_DECREF(location);
-
- /* Find or create a connection to LDAP server */
- PKIX_CHECK(pkix_pl_AiaMgr_FindLDAPClient
- (aiaMgr, domainName, &client, plContext),
- PKIX_AIAMGRFINDLDAPCLIENTFAILED);
-
- aiaMgr->client.ldapClient = client;
-
- PKIX_CHECK(PKIX_PL_LdapClient_InitiateRequest
- (aiaMgr->client.ldapClient,
- &request,
- &nbio,
- &result,
- plContext),
- PKIX_LDAPCLIENTINITIATEREQUESTFAILED);
-
- PKIX_PL_NSSCALL(AIAMGR, PORT_FreeArena, (arena, PR_FALSE));
-
- } else {
-
- PKIX_CHECK(PKIX_PL_LdapClient_ResumeRequest
- (aiaMgr->client.ldapClient, &nbio, &result, plContext),
- PKIX_LDAPCLIENTRESUMEREQUESTFAILED);
-
- }
-
- if (nbio != NULL) { /* WOULDBLOCK */
- *pNBIOContext = nbio;
- *pCerts = NULL;
- goto cleanup;
- }
-
- PKIX_DECREF(aiaMgr->client.ldapClient);
-
- if (result == NULL) {
- *pCerts = NULL;
- } else {
- PKIX_CHECK(pkix_pl_LdapCertStore_BuildCertList
- (result, pCerts, plContext),
- PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED);
- }
-
- *pNBIOContext = nbio;
-
-cleanup:
-
- if (arena && (PKIX_ERROR_RECEIVED)) {
- PKIX_PL_NSSCALL(AIAMGR, PORT_FreeArena, (arena, PR_FALSE));
- }
-
- if (PKIX_ERROR_RECEIVED) {
- PKIX_DECREF(aiaMgr->client.ldapClient);
- }
-
- PKIX_DECREF(location);
-
- PKIX_RETURN(AIAMGR);
-}
-
-/*
- * FUNCTION: PKIX_PL_AIAMgr_Create
- * DESCRIPTION:
- *
- * This function creates an AIAMgr, storing the result at "pAIAMgr".
- *
- * PARAMETERS:
- * "pAIAMGR"
- * Address at which the returned AIAMgr is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an AIAMgr Error if the function fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_AIAMgr_Create(
- PKIX_PL_AIAMgr **pAIAMgr,
- void *plContext)
-{
- PKIX_PL_AIAMgr *aiaMgr = NULL;
-
- PKIX_ENTER(AIAMGR, "PKIX_PL_AIAMgr_Create");
- PKIX_NULLCHECK_ONE(pAIAMgr);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_AIAMGR_TYPE,
- sizeof(PKIX_PL_AIAMgr),
- (PKIX_PL_Object **)&aiaMgr,
- plContext),
- PKIX_COULDNOTCREATEAIAMGROBJECT);
- /* pointer to cert cache */
- /* pointer to crl cache */
- aiaMgr->method = 0;
- aiaMgr->aiaIndex = 0;
- aiaMgr->numAias = 0;
- aiaMgr->aia = NULL;
- aiaMgr->location = NULL;
- aiaMgr->results = NULL;
- aiaMgr->client.hdata.httpClient = NULL;
- aiaMgr->client.hdata.serverSession = NULL;
- aiaMgr->client.hdata.requestSession = NULL;
-
- *pAIAMgr = aiaMgr;
-
-cleanup:
-
- PKIX_RETURN(AIAMGR);
-}
-
-/* --Public-Functions------------------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_AIAMgr_GetAIACerts (see description in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_AIAMgr_GetAIACerts(
- PKIX_PL_AIAMgr *aiaMgr,
- PKIX_PL_Cert *prevCert,
- void **pNBIOContext,
- PKIX_List **pCerts,
- void *plContext)
-{
- PKIX_UInt32 numAias = 0;
- PKIX_UInt32 aiaIndex = 0;
- PKIX_UInt32 iaType = PKIX_INFOACCESS_LOCATION_UNKNOWN;
- PKIX_List *certs = NULL;
- PKIX_PL_InfoAccess *ia = NULL;
- void *nbio = NULL;
-
- PKIX_ENTER(AIAMGR, "PKIX_PL_AIAMgr_GetAIACerts");
- PKIX_NULLCHECK_FOUR(aiaMgr, prevCert, pNBIOContext, pCerts);
-
- nbio = *pNBIOContext;
- *pCerts = NULL;
- *pNBIOContext = NULL;
-
- if (nbio == NULL) { /* a new request */
-
- /* Does this Cert have an AIA extension? */
- PKIX_CHECK(PKIX_PL_Cert_GetAuthorityInfoAccess
- (prevCert, &aiaMgr->aia, plContext),
- PKIX_CERTGETAUTHORITYINFOACCESSFAILED);
-
- if (aiaMgr->aia != NULL) {
- PKIX_CHECK(PKIX_List_GetLength
- (aiaMgr->aia, &numAias, plContext),
- PKIX_LISTGETLENGTHFAILED);
- }
-
- /* And if so, does it have any entries? */
- if ((aiaMgr->aia == NULL) || (numAias == 0)) {
- *pCerts = NULL;
- goto cleanup;
- }
-
- aiaMgr->aiaIndex = 0;
- aiaMgr->numAias = numAias;
- aiaMgr->results = NULL;
-
- }
-
- for (aiaIndex = aiaMgr->aiaIndex;
- aiaIndex < aiaMgr->numAias;
- aiaIndex ++) {
- PKIX_UInt32 method = 0;
-
- PKIX_CHECK(PKIX_List_GetItem
- (aiaMgr->aia,
- aiaIndex,
- (PKIX_PL_Object **)&ia,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(PKIX_PL_InfoAccess_GetMethod
- (ia, &method, plContext),
- PKIX_INFOACCESSGETMETHODFAILED);
-
- if (method != PKIX_INFOACCESS_CA_ISSUERS &&
- method != PKIX_INFOACCESS_CA_REPOSITORY) {
- PKIX_DECREF(ia);
- continue;
- }
-
- PKIX_CHECK(PKIX_PL_InfoAccess_GetLocationType
- (ia, &iaType, plContext),
- PKIX_INFOACCESSGETLOCATIONTYPEFAILED);
-
- if (iaType == PKIX_INFOACCESS_LOCATION_HTTP) {
- PKIX_CHECK(pkix_pl_AIAMgr_GetHTTPCerts
- (aiaMgr, ia, &nbio, &certs, plContext),
- PKIX_AIAMGRGETHTTPCERTSFAILED);
- } else if (iaType == PKIX_INFOACCESS_LOCATION_LDAP) {
- PKIX_CHECK(pkix_pl_AIAMgr_GetLDAPCerts
- (aiaMgr, ia, &nbio, &certs, plContext),
- PKIX_AIAMGRGETLDAPCERTSFAILED);
- } else {
- /* We only support http and ldap requests. */
- PKIX_ERROR(PKIX_UNKNOWNINFOACCESSTYPE);
- }
-
- if (nbio != NULL) { /* WOULDBLOCK */
- aiaMgr->aiaIndex = aiaIndex;
- *pNBIOContext = nbio;
- *pCerts = NULL;
- goto cleanup;
- }
-
- /*
- * We can't just use and modify the List we received.
- * Because it's cached, it's set immutable.
- */
- if (aiaMgr->results == NULL) {
- PKIX_CHECK(PKIX_List_Create
- (&(aiaMgr->results), plContext),
- PKIX_LISTCREATEFAILED);
- }
- PKIX_CHECK(pkix_List_AppendList
- (aiaMgr->results, certs, plContext),
- PKIX_APPENDLISTFAILED);
- PKIX_DECREF(certs);
-
- PKIX_DECREF(ia);
- }
-
- PKIX_DECREF(aiaMgr->aia);
-
- *pNBIOContext = NULL;
- *pCerts = aiaMgr->results;
- aiaMgr->results = NULL;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED) {
- PKIX_DECREF(aiaMgr->aia);
- PKIX_DECREF(aiaMgr->results);
- PKIX_DECREF(aiaMgr->client.ldapClient);
- }
-
- PKIX_DECREF(certs);
- PKIX_DECREF(ia);
-
- PKIX_RETURN(AIAMGR);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h
deleted file mode 100644
index 4922ea76b..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h
+++ /dev/null
@@ -1,94 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_aiamgr.h
- *
- * AIAMgr Object Definitions
- *
- */
-
-#ifndef _PKIX_PL_AIAMGR_H
-#define _PKIX_PL_AIAMGR_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_AIAMgrStruct {
- /* pointer to cert cache */
- /* pointer to crl cache */
- PKIX_UInt32 method;
- PKIX_UInt32 aiaIndex;
- PKIX_UInt32 numAias;
- PKIX_List *aia;
- PKIX_PL_GeneralName *location;
- PKIX_List *results;
- union {
- PKIX_PL_LdapClient *ldapClient;
- struct {
- const SEC_HttpClientFcn *httpClient;
- SEC_HTTP_SERVER_SESSION serverSession;
- SEC_HTTP_REQUEST_SESSION requestSession;
- char *path;
- } hdata;
- } client;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_pl_AIAMgr_RegisterSelf(void *plContext);
-
-PKIX_Error *PKIX_PL_LdapClient_InitiateRequest(
- PKIX_PL_LdapClient *client,
- LDAPRequestParams *requestParams,
- void **pPollDesc,
- PKIX_List **pResponse,
- void *plContext);
-
-PKIX_Error *PKIX_PL_LdapClient_ResumeRequest(
- PKIX_PL_LdapClient *client,
- void **pPollDesc,
- PKIX_List **pResponse,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_AIAMGR_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.c
deleted file mode 100755
index bf40ea3f8..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.c
+++ /dev/null
@@ -1,1315 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_colcertstore.c
- *
- * CollectionCertStore Function Definitions
- *
- */
-
-#include "pkix_pl_colcertstore.h"
-
-/*
- * This Object is going to be taken out from libpkix SOON. The following
- * function is copied from nss/cmd library, but not supported by NSS as
- * public API. We use it since ColCertStore are read in Cert/Crl from
- * files and need this support.
- */
-
-static SECStatus
-SECU_FileToItem(SECItem *dst, PRFileDesc *src)
-{
- PRFileInfo info;
- PRInt32 numBytes;
- PRStatus prStatus;
-
- prStatus = PR_GetOpenFileInfo(src, &info);
-
- if (prStatus != PR_SUCCESS) {
- PORT_SetError(SEC_ERROR_IO);
- return SECFailure;
- }
-
- /* XXX workaround for 3.1, not all utils zero dst before sending */
- dst->data = 0;
- if (!SECITEM_AllocItem(NULL, dst, info.size))
- goto loser;
-
- numBytes = PR_Read(src, dst->data, info.size);
- if (numBytes != info.size) {
- PORT_SetError(SEC_ERROR_IO);
- goto loser;
- }
-
- return SECSuccess;
-loser:
- SECITEM_FreeItem(dst, PR_FALSE);
- return SECFailure;
-}
-
-static SECStatus
-SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii)
-{
- SECStatus rv;
- if (ascii) {
- /* First convert ascii to binary */
- SECItem filedata;
- char *asc, *body;
-
- /* Read in ascii data */
- rv = SECU_FileToItem(&filedata, inFile);
- asc = (char *)filedata.data;
- if (!asc) {
- fprintf(stderr, "unable to read data from input file\n");
- return SECFailure;
- }
-
- /* check for headers and trailers and remove them */
- if ((body = strstr(asc, "-----BEGIN")) != NULL) {
- char *trailer = NULL;
- asc = body;
- body = PORT_Strchr(body, '\n');
- if (!body)
- body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */
- if (body)
- trailer = strstr(++body, "-----END");
- if (trailer != NULL) {
- *trailer = '\0';
- } else {
- fprintf(stderr, "input has header but no trailer\n");
- PORT_Free(filedata.data);
- return SECFailure;
- }
- } else {
- body = asc;
- }
-
- /* Convert to binary */
- rv = ATOB_ConvertAsciiToItem(der, body);
- if (rv) {
- return SECFailure;
- }
-
- PORT_Free(filedata.data);
- } else {
- /* Read in binary der */
- rv = SECU_FileToItem(der, inFile);
- if (rv) {
- return SECFailure;
- }
- }
- return SECSuccess;
-}
-
-/*
- * FUNCTION: PKIX_PL_CollectionCertStoreContext_Create
- * DESCRIPTION:
- *
- * Creates a new CollectionCertStoreContext using the String pointed to
- * by "storeDir" and stores it at "pColCertStoreContext".
- *
- * PARAMETERS:
- * "storeDir"
- * The absolute path where *.crl and *.crt files are located.
- * "pColCertStoreContext"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CollectionCertStoreContext Error if the function fails in
- * a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CollectionCertStoreContext_Create(
- PKIX_PL_String *storeDir,
- PKIX_PL_CollectionCertStoreContext **pColCertStoreContext,
- void *plContext)
-{
- PKIX_PL_CollectionCertStoreContext *colCertStoreContext = NULL;
-
- PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
- "pkix_pl_CollectionCertStoreContext_Create");
- PKIX_NULLCHECK_TWO(storeDir, pColCertStoreContext);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_COLLECTIONCERTSTORECONTEXT_TYPE,
- sizeof (PKIX_PL_CollectionCertStoreContext),
- (PKIX_PL_Object **)&colCertStoreContext,
- plContext),
- PKIX_COULDNOTCREATECOLLECTIONCERTSTORECONTEXTOBJECT);
-
- PKIX_INCREF(storeDir);
- colCertStoreContext->storeDir = storeDir;
-
- colCertStoreContext->crlList = NULL;
- colCertStoreContext->certList = NULL;
-
- *pColCertStoreContext = colCertStoreContext;
- colCertStoreContext = NULL;
-
-cleanup:
-
- PKIX_DECREF(colCertStoreContext);
-
- PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
-}
-
-/*
- * FUNCTION: pkix_pl_CollectionCertStoreContext_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CollectionCertStoreContext_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_CollectionCertStoreContext *colCertStoreContext = NULL;
-
- PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
- "pkix_pl_CollectionCertStoreContext_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_COLLECTIONCERTSTORECONTEXT_TYPE, plContext),
- PKIX_OBJECTNOTCOLLECTIONCERTSTORECONTEXT);
-
- colCertStoreContext = (PKIX_PL_CollectionCertStoreContext *)object;
-
- PKIX_DECREF(colCertStoreContext->storeDir);
- PKIX_DECREF(colCertStoreContext->crlList);
- PKIX_DECREF(colCertStoreContext->certList);
-
-cleanup:
- PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
-}
-
-/*
- * FUNCTION: pkix_pl_CollectionCertStoreContext_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CollectionCertStoreContext_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_PL_CollectionCertStoreContext *collectionCSContext = NULL;
- PKIX_UInt32 tempHash = 0;
-
- PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
- "pkix_pl_CollectionCertStoreContext_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType
- (object,
- PKIX_COLLECTIONCERTSTORECONTEXT_TYPE,
- plContext),
- PKIX_OBJECTNOTCOLLECTIONCERTSTORECONTEXT);
-
- collectionCSContext = (PKIX_PL_CollectionCertStoreContext *)object;
-
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *) collectionCSContext->storeDir,
- &tempHash,
- plContext),
- PKIX_STRINGHASHCODEFAILED);
-
- *pHashcode = tempHash << 7;
-
- /* should not hash on crlList and certList, values are dynamic */
-
-cleanup:
- PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
-}
-
-/*
- * FUNCTION: pkix_pl_CollectionCertStoreContext_Equals
- * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CollectionCertStoreContext_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Int32 *pResult,
- void *plContext)
-{
- PKIX_PL_CollectionCertStoreContext *firstCCSContext = NULL;
- PKIX_PL_CollectionCertStoreContext *secondCCSContext = NULL;
- PKIX_Boolean cmpResult = 0;
-
- PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
- "pkix_pl_CollectionCertStoreContext_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- PKIX_CHECK(pkix_CheckTypes
- (firstObject,
- secondObject,
- PKIX_COLLECTIONCERTSTORECONTEXT_TYPE,
- plContext),
- PKIX_OBJECTNOTCOLLECTIONCERTSTORECONTEXT);
-
- firstCCSContext = (PKIX_PL_CollectionCertStoreContext *)firstObject;
- secondCCSContext = (PKIX_PL_CollectionCertStoreContext *)secondObject;
-
- if (firstCCSContext->storeDir == secondCCSContext->storeDir) {
-
- cmpResult = PKIX_TRUE;
-
- } else {
-
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *) firstCCSContext->storeDir,
- (PKIX_PL_Object *) secondCCSContext->storeDir,
- &cmpResult,
- plContext),
- PKIX_STRINGEQUALSFAILED);
- }
-
- *pResult = cmpResult;
-
- /* should not check equal on crlList and certList, data are dynamic */
-
-cleanup:
- PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
-}
-
-/*
- * FUNCTION: pkix_pl_CollectionCertStore_CheckTrust
- * DESCRIPTION:
- * This function checks the trust status of this "cert" that was retrieved
- * from the CertStore "store" and returns its trust status at "pTrusted".
- *
- * PARAMETERS:
- * "store"
- * Address of the CertStore. Must be non-NULL.
- * "cert"
- * Address of the Cert. Must be non-NULL.
- * "pTrusted"
- * Address of PKIX_Boolean where the "cert" trust status is returned.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CollectionCertStore_CheckTrust(
- PKIX_CertStore *store,
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pTrusted,
- void *plContext)
-{
- PKIX_ENTER(CERTSTORE, "pkix_pl_CollectionCertStore_CheckTrust");
- PKIX_NULLCHECK_THREE(store, cert, pTrusted);
-
- *pTrusted = PKIX_TRUE;
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_pl_CollectionCertStoreContext_CreateCert
- * DESCRIPTION:
- *
- * Creates Cert using data file path name pointed to by "certFileName" and
- * stores it at "pCert". If the Cert can not be decoded, NULL is stored
- * at "pCert".
- *
- * PARAMETERS
- * "certFileName" - Address of Cert data file path name. Must be non-NULL.
- * "pCert" - Address where object pointer will be stored. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CollectionCertStoreContext Error if the function fails in
- * a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CollectionCertStoreContext_CreateCert(
- const char *certFileName,
- PKIX_PL_Cert **pCert,
- void *plContext)
-{
- PKIX_PL_ByteArray *byteArray = NULL;
- PKIX_PL_Cert *cert = NULL;
- PRFileDesc *inFile = NULL;
- SECItem certDER;
- void *buf = NULL;
- PKIX_UInt32 len;
- SECStatus rv;
-
- PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
- "pkix_pl_CollectionCertStoreContext_CreateCert");
- PKIX_NULLCHECK_TWO(certFileName, pCert);
-
- *pCert = NULL;
- certDER.data = NULL;
-
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG("\t\t Calling PR_Open.\n");
- inFile = PR_Open(certFileName, PR_RDONLY, 0);
-
- if (!inFile){
- PKIX_ERROR(PKIX_UNABLETOOPENCERTFILE);
- } else {
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling SECU_ReadDerFromFile.\n");
- rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE);
- if (!rv){
- buf = (void *)certDER.data;
- len = certDER.len;
-
- PKIX_CHECK(PKIX_PL_ByteArray_Create
- (buf, len, &byteArray, plContext),
- PKIX_BYTEARRAYCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_Cert_Create
- (byteArray, &cert, plContext),
- PKIX_CERTCREATEFAILED);
-
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling SECITEM_FreeItem.\n");
- SECITEM_FreeItem(&certDER, PR_FALSE);
-
- } else {
- PKIX_ERROR(PKIX_UNABLETOREADDERFROMCERTFILE);
- }
- }
-
- *pCert = cert;
-
-cleanup:
- if (inFile){
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling PR_CloseDir.\n");
- PR_Close(inFile);
- }
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling SECITEM_FreeItem).\n");
- SECITEM_FreeItem(&certDER, PR_FALSE);
-
- PKIX_DECREF(cert);
- }
- PKIX_DECREF(byteArray);
- PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
-}
-
-
-/*
- * FUNCTION: pkix_pl_CollectionCertStoreContext_CreateCRL
- * DESCRIPTION:
- *
- * Creates CRL using data file path name pointed to by "crlFileName" and
- * stores it at "pCrl". If the CRL can not be decoded, NULL is stored
- * at "pCrl".
- *
- * PARAMETERS
- * "crlFileName" - Address of CRL data file path name. Must be non-NULL.
- * "pCrl" - Address where object pointer will be stored. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CollectionCertStoreContext Error if the function fails in
- * a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CollectionCertStoreContext_CreateCRL(
- const char *crlFileName,
- PKIX_PL_CRL **pCrl,
- void *plContext)
-{
- PKIX_PL_ByteArray *byteArray = NULL;
- PKIX_PL_CRL *crl = NULL;
- PRFileDesc *inFile = NULL;
- SECItem crlDER;
- void *buf = NULL;
- PKIX_UInt32 len;
- SECStatus rv;
-
- PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
- "pkix_pl_CollectionCertStoreContext_CreateCRL");
- PKIX_NULLCHECK_TWO(crlFileName, pCrl);
-
- *pCrl = NULL;
- crlDER.data = NULL;
-
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG("\t\t Calling PR_Open.\n");
- inFile = PR_Open(crlFileName, PR_RDONLY, 0);
-
- if (!inFile){
- PKIX_ERROR(PKIX_UNABLETOOPENCRLFILE);
- } else {
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling SECU_ReadDerFromFile.\n");
- rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE);
- if (!rv){
- buf = (void *)crlDER.data;
- len = crlDER.len;
-
- PKIX_CHECK(PKIX_PL_ByteArray_Create
- (buf, len, &byteArray, plContext),
- PKIX_BYTEARRAYCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_CRL_Create
- (byteArray, &crl, plContext),
- PKIX_CRLCREATEFAILED);
-
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling SECITEM_FreeItem.\n");
- SECITEM_FreeItem(&crlDER, PR_FALSE);
-
- } else {
- PKIX_ERROR(PKIX_UNABLETOREADDERFROMCRLFILE);
- }
- }
-
- *pCrl = crl;
-
-cleanup:
- if (inFile){
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling PR_CloseDir.\n");
- PR_Close(inFile);
- }
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling SECITEM_FreeItem).\n");
- SECITEM_FreeItem(&crlDER, PR_FALSE);
-
- PKIX_DECREF(crl);
- if (crlDER.data != NULL) {
- SECITEM_FreeItem(&crlDER, PR_FALSE);
- }
- }
-
- PKIX_DECREF(byteArray);
-
- PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
-}
-
-/*
- * FUNCTION: pkix_pl_CollectionCertStoreContext_PopulateCert
- * DESCRIPTION:
- *
- * Create list of Certs from *.crt files at directory specified in dirName,
- * Not recursive to sub-directory. Also assume the directory contents are
- * not changed dynamically.
- *
- * PARAMETERS
- * "colCertStoreContext" - Address of CollectionCertStoreContext
- * where the dirName is specified and where the return
- * Certs are stored as a list. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Not Thread Safe - A lock at top level is required.
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CollectionCertStoreContext Error if the function fails in
- * a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CollectionCertStoreContext_PopulateCert(
- PKIX_PL_CollectionCertStoreContext *colCertStoreContext,
- void *plContext)
-{
- PKIX_List *certList = NULL;
- PKIX_PL_Cert *certItem = NULL;
- char *dirName = NULL;
- char *pathName = NULL;
- PKIX_UInt32 dirNameLen = 0;
- PRErrorCode prError = 0;
- PRDir *dir = NULL;
- PRDirEntry *dirEntry = NULL;
-
- PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
- "pkix_pl_CollectionCertStoreContext_PopulateCert");
- PKIX_NULLCHECK_ONE(colCertStoreContext);
-
- /* convert directory to ascii */
-
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (colCertStoreContext->storeDir,
- PKIX_ESCASCII,
- (void **)&dirName,
- &dirNameLen,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
-
- /* create cert list, if no cert file, should return an empty list */
-
- PKIX_CHECK(PKIX_List_Create(&certList, plContext),
- PKIX_LISTCREATEFAILED);
-
- /* open directory and read in .crt files */
-
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG("\t\t Calling PR_OpenDir.\n");
- dir = PR_OpenDir(dirName);
-
- if (!dir) {
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG_ARG
- ("\t\t Directory Name:%s\n", dirName);
- PKIX_ERROR(PKIX_CANNOTOPENCOLLECTIONCERTSTORECONTEXTDIRECTORY);
- }
-
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG("\t\t Calling PR_ReadDir.\n");
- dirEntry = PR_ReadDir(dir, PR_SKIP_HIDDEN | PR_SKIP_BOTH);
-
- if (!dirEntry) {
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Empty directory.\n");
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling PR_GetError.\n");
- prError = PR_GetError();
- }
-
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG("\t\t Calling PR_SetError.\n");
- PR_SetError(0, 0);
-
- while (dirEntry != NULL && prError == 0) {
- if (PL_strrstr(dirEntry->name, ".crt") ==
- dirEntry->name + PL_strlen(dirEntry->name) - 4) {
-
- PKIX_CHECK_ONLY_FATAL
- (PKIX_PL_Malloc
- (dirNameLen + PL_strlen(dirEntry->name) + 2,
- (void **)&pathName,
- plContext),
- PKIX_MALLOCFAILED);
-
- if ((!PKIX_ERROR_RECEIVED) && (pathName != NULL)){
-
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling PL_strcpy for dirName.\n");
- PL_strcpy(pathName, dirName);
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling PL_strcat for dirName.\n");
- PL_strcat(pathName, "/");
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling PL_strcat for /.\n");
- PL_strcat(pathName, dirEntry->name);
-
- PKIX_CHECK_ONLY_FATAL
- (pkix_pl_CollectionCertStoreContext_CreateCert
- (pathName, &certItem, plContext),
- PKIX_COLLECTIONCERTSTORECONTEXTCREATECERTFAILED);
-
- if (!PKIX_ERROR_RECEIVED){
- PKIX_CHECK_ONLY_FATAL
- (PKIX_List_AppendItem
- (certList,
- (PKIX_PL_Object *)certItem,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- }
- }
-
- PKIX_DECREF(certItem);
- PKIX_FREE(pathName);
- }
-
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling PR_SetError.\n");
- PR_SetError(0, 0);
-
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling PR_ReadDir.\n");
- dirEntry = PR_ReadDir(dir, PR_SKIP_HIDDEN | PR_SKIP_BOTH);
-
- if (!dirEntry) {
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling PR_GetError.\n");
- prError = PR_GetError();
- }
- }
-
- if ((prError != 0) && (prError != PR_NO_MORE_FILES_ERROR)) {
- PKIX_ERROR(PKIX_COLLECTIONCERTSTOREPOPULATECERTFAILED);
- }
-
- PKIX_CHECK(PKIX_List_SetImmutable(certList, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- PKIX_INCREF(certList);
- colCertStoreContext->certList = certList;
-
-cleanup:
- if (dir) {
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling PR_CloseDir.\n");
- PR_CloseDir(dir);
- }
-
- PKIX_FREE(pathName);
- PKIX_FREE(dirName);
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(certList);
- }
-
- PKIX_DECREF(certItem);
- PKIX_DECREF(certList);
-
- PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
-}
-
-/*
- * FUNCTION: pkix_pl_CollectionCertStoreContext_PopulateCRL
- * DESCRIPTION:
- *
- * Create list of CRLs from *.crl files at directory specified in dirName,
- * Not recursive to sub-dirctory. Also assume the directory contents are
- * not changed dynamically.
- *
- * PARAMETERS
- * "colCertStoreContext" - Address of CollectionCertStoreContext
- * where the dirName is specified and where the return
- * CRLs are stored as a list. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Not Thread Safe - A lock at top level is required.
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CollectionCertStoreContext Error if the function fails in
- * a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CollectionCertStoreContext_PopulateCRL(
- PKIX_PL_CollectionCertStoreContext *colCertStoreContext,
- void *plContext)
-{
- PKIX_List *crlList = NULL;
- PKIX_PL_CRL *crlItem = NULL;
- char *dirName = NULL;
- char *pathName = NULL;
- PKIX_UInt32 dirNameLen = 0;
- PRErrorCode prError = 0;
- PRDir *dir = NULL;
- PRDirEntry *dirEntry = NULL;
-
- PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
- "pkix_pl_CollectionCertStoreContext_PopulateCRL");
- PKIX_NULLCHECK_ONE(colCertStoreContext);
-
- /* convert directory to ascii */
-
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (colCertStoreContext->storeDir,
- PKIX_ESCASCII,
- (void **)&dirName,
- &dirNameLen,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
-
- /* create CRL list, if no CRL file, should return an empty list */
-
- PKIX_CHECK(PKIX_List_Create(&crlList, plContext),
- PKIX_LISTCREATEFAILED);
-
- /* open directory and read in .crl files */
-
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG("\t\t Calling PR_OpenDir.\n");
- dir = PR_OpenDir(dirName);
-
- if (!dir) {
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG_ARG
- ("\t\t Directory Name:%s\n", dirName);
- PKIX_ERROR(PKIX_CANNOTOPENCOLLECTIONCERTSTORECONTEXTDIRECTORY);
- }
-
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG("\t\t Calling PR_ReadDir.\n");
- dirEntry = PR_ReadDir(dir, PR_SKIP_HIDDEN | PR_SKIP_BOTH);
-
- if (!dirEntry) {
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Empty directory.\n");
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling PR_GetError.\n");
- prError = PR_GetError();
- }
-
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG("\t\t Calling PR_SetError.\n");
- PR_SetError(0, 0);
-
- while (dirEntry != NULL && prError == 0) {
- if (PL_strrstr(dirEntry->name, ".crl") ==
- dirEntry->name + PL_strlen(dirEntry->name) - 4) {
-
- PKIX_CHECK_ONLY_FATAL
- (PKIX_PL_Malloc
- (dirNameLen + PL_strlen(dirEntry->name) + 2,
- (void **)&pathName,
- plContext),
- PKIX_MALLOCFAILED);
-
- if ((!PKIX_ERROR_RECEIVED) && (pathName != NULL)){
-
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling PL_strcpy for dirName.\n");
- PL_strcpy(pathName, dirName);
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling PL_strcat for dirName.\n");
- PL_strcat(pathName, "/");
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling PL_strcat for /.\n");
- PL_strcat(pathName, dirEntry->name);
-
- PKIX_CHECK_ONLY_FATAL
- (pkix_pl_CollectionCertStoreContext_CreateCRL
- (pathName, &crlItem, plContext),
- PKIX_COLLECTIONCERTSTORECONTEXTCREATECRLFAILED);
-
- if (!PKIX_ERROR_RECEIVED){
- PKIX_CHECK_ONLY_FATAL
- (PKIX_List_AppendItem
- (crlList,
- (PKIX_PL_Object *)crlItem,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- }
- }
-
- PKIX_DECREF(crlItem);
- PKIX_FREE(pathName);
- }
-
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling PR_SetError.\n");
- PR_SetError(0, 0);
-
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling PR_ReadDir.\n");
- dirEntry = PR_ReadDir(dir, PR_SKIP_HIDDEN | PR_SKIP_BOTH);
-
- if (!dirEntry) {
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling PR_GetError.\n");
- prError = PR_GetError();
- }
- }
-
- if ((prError != 0) && (prError != PR_NO_MORE_FILES_ERROR)) {
- PKIX_ERROR(PKIX_COLLECTIONCERTSTORECONTEXTGETSELECTCRLFAILED);
- }
-
- PKIX_CHECK(PKIX_List_SetImmutable(crlList, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- PKIX_INCREF(crlList);
- colCertStoreContext->crlList = crlList;
-
-cleanup:
- if (dir) {
- PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
- ("\t\t Calling PR_CloseDir.\n");
- PR_CloseDir(dir);
- }
-
- PKIX_FREE(pathName);
- PKIX_FREE(dirName);
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(crlList);
- }
-
- PKIX_DECREF(crlItem);
- PKIX_DECREF(crlList);
-
- PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
-}
-
-/*
- * FUNCTION: pkix_pl_CollectionCertStoreContext_GetSelectedCert
- * DESCRIPTION:
- *
- * Finds the Certs that match the criterion of the CertSelector pointed
- * to by "selector" using the List of Certs pointed to by "certList" and
- * stores the matching Certs at "pSelectedCertList".
- *
- * Not recursive to sub-directory.
- *
- * PARAMETERS
- * "certList" - Address of List of Certs to be searched. Must be non-NULL.
- * "colCertStoreContext" - Address of CollectionCertStoreContext
- * where the cached Certs are stored.
- * "selector" - CertSelector for chosing Cert based on Params set
- * "pSelectedCertList" - Certs that qualified by selector.
- * "plContext" - Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Not Thread Safe - A lock at top level is required.
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CollectionCertStoreContext Error if the function fails in
- * a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CollectionCertStoreContext_GetSelectedCert(
- PKIX_List *certList,
- PKIX_CertSelector *selector,
- PKIX_List **pSelectedCertList,
- void *plContext)
-{
- PKIX_List *selectCertList = NULL;
- PKIX_PL_Cert *certItem = NULL;
- PKIX_CertSelector_MatchCallback certSelectorMatch = NULL;
- PKIX_UInt32 numCerts = 0;
- PKIX_UInt32 i = 0;
-
- PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
- "pkix_pl_CollectionCertStoreContext_GetSelectedCert");
- PKIX_NULLCHECK_THREE(certList, selector, pSelectedCertList);
-
- PKIX_CHECK(PKIX_CertSelector_GetMatchCallback
- (selector, &certSelectorMatch, plContext),
- PKIX_CERTSELECTORGETMATCHCALLBACKFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength(certList, &numCerts, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- if (certSelectorMatch) {
-
- PKIX_CHECK(PKIX_List_Create(&selectCertList, plContext),
- PKIX_LISTCREATEFAILED);
-
- for (i = 0; i < numCerts; i++) {
- PKIX_CHECK_ONLY_FATAL
- (PKIX_List_GetItem
- (certList,
- i,
- (PKIX_PL_Object **) &certItem,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- if (!PKIX_ERROR_RECEIVED){
- PKIX_CHECK_ONLY_FATAL
- (certSelectorMatch
- (selector, certItem, plContext),
- PKIX_CERTSELECTORMATCHFAILED);
-
- if (!PKIX_ERROR_RECEIVED){
- PKIX_CHECK_ONLY_FATAL
- (PKIX_List_AppendItem
- (selectCertList,
- (PKIX_PL_Object *)certItem,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- }
- }
-
- PKIX_DECREF(certItem);
- }
-
- } else {
-
- PKIX_INCREF(certList);
-
- selectCertList = certList;
- }
-
- *pSelectedCertList = selectCertList;
-
-cleanup:
- PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
-}
-
-/*
- * FUNCTION: pkix_pl_CollectionCertStoreContext_GetSelectedCRL
- * DESCRIPTION:
- *
- * Finds the CRLs that match the criterion of the CRLSelector pointed
- * to by "selector" using the List of CRLs pointed to by "crlList" and
- * stores the matching CRLs at "pSelectedCrlList".
- *
- * Not recursive to sub-directory.
- *
- * PARAMETERS
- * "crlList" - Address of List of CRLs to be searched. Must be non-NULL
- * "selector" - CRLSelector for chosing CRL based on Params set
- * "pSelectedCrlList" - CRLs that qualified by selector.
- * "plContext" - Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Not Thread Safe - A lock at top level is required.
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CollectionCertStoreContext Error if the function fails in
- * a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CollectionCertStoreContext_GetSelectedCRL(
- PKIX_List *crlList,
- PKIX_CRLSelector *selector,
- PKIX_List **pSelectedCrlList,
- void *plContext)
-{
- PKIX_List *selectCrlList = NULL;
- PKIX_PL_CRL *crlItem = NULL;
- PKIX_CRLSelector_MatchCallback crlSelectorMatch = NULL;
- PKIX_UInt32 numCrls = 0;
- PKIX_UInt32 i = 0;
- PKIX_Boolean match = PKIX_FALSE;
-
- PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
- "pkix_pl_CollectionCertStoreContext_GetSelectedCRL");
- PKIX_NULLCHECK_THREE(crlList, selector, pSelectedCrlList);
-
- PKIX_CHECK(PKIX_CRLSelector_GetMatchCallback
- (selector, &crlSelectorMatch, plContext),
- PKIX_CRLSELECTORGETMATCHCALLBACKFAILED);
-
- PKIX_CHECK(PKIX_List_GetLength(crlList, &numCrls, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- if (crlSelectorMatch) {
-
- PKIX_CHECK(PKIX_List_Create(&selectCrlList, plContext),
- PKIX_LISTCREATEFAILED);
-
- for (i = 0; i < numCrls; i++) {
- PKIX_CHECK_ONLY_FATAL(PKIX_List_GetItem
- (crlList,
- i,
- (PKIX_PL_Object **) &crlItem,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- if (!PKIX_ERROR_RECEIVED){
- PKIX_CHECK_ONLY_FATAL
- (crlSelectorMatch
- (selector, crlItem, &match, plContext),
- PKIX_CRLSELECTORMATCHFAILED);
-
- if (!(PKIX_ERROR_RECEIVED) && match) {
- PKIX_CHECK_ONLY_FATAL
- (PKIX_List_AppendItem
- (selectCrlList,
- (PKIX_PL_Object *)crlItem,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- }
- }
-
- PKIX_DECREF(crlItem);
- }
- } else {
-
- PKIX_INCREF(crlList);
-
- selectCrlList = crlList;
- }
-
- /* Don't throw away the list if one CRL was bad! */
- pkixTempErrorReceived = PKIX_FALSE;
-
- *pSelectedCrlList = selectCrlList;
-
-cleanup:
- PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
-}
-
-/*
- * FUNCTION: pkix_pl_CollectionCertStore_GetCert
- * DESCRIPTION:
- *
- * Retrieve Certs in a list of PKIX_PL_Cert object.
- *
- * PARAMETERS:
- * "colCertStoreContext"
- * The object CertStore is the object passed in by checker call.
- * "crlSelector"
- * CRLSelector specifies criteria for chosing CRL's
- * "pNBIOContext"
- * Address where platform-dependent information is returned for CertStores
- * that use non-blocking I/O. Must be non-NULL.
- * "pCertList"
- * Address where object pointer will be returned. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in
- * a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_CollectionCertStore_GetCert(
- PKIX_CertStore *certStore,
- PKIX_CertSelector *selector,
- PKIX_VerifyNode *verifyNode,
- void **pNBIOContext,
- PKIX_List **pCerts,
- void *plContext)
-{
- PKIX_PL_CollectionCertStoreContext *colCertStoreContext = NULL;
- PKIX_List *selectedCerts = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_CollectionCertStore_GetCert");
- PKIX_NULLCHECK_FOUR(certStore, selector, pNBIOContext, pCerts);
-
- *pNBIOContext = NULL; /* We don't use non-blocking I/O */
-
- PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
- (certStore,
- (PKIX_PL_Object **) &colCertStoreContext,
- plContext),
- PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
-
- if (colCertStoreContext->certList == NULL) {
-
- PKIX_OBJECT_LOCK(colCertStoreContext);
-
- /*
- * Certs in the directory are cached based on the
- * assumption that the directory contents won't be
- * changed dynamically.
- */
- if (colCertStoreContext->certList == NULL){
- PKIX_CHECK(pkix_pl_CollectionCertStoreContext_PopulateCert
- (colCertStoreContext, plContext),
- PKIX_COLLECTIONCERTSTORECONTEXTPOPULATECERTFAILED);
- }
-
- PKIX_OBJECT_UNLOCK(colCertStoreContext);
- }
-
- PKIX_CHECK(pkix_pl_CollectionCertStoreContext_GetSelectedCert
- (colCertStoreContext->certList,
- selector,
- &selectedCerts,
- plContext),
- PKIX_COLLECTIONCERTSTORECONTEXTGETSELECTCERTFAILED);
-
- *pCerts = selectedCerts;
-
-cleanup:
- PKIX_OBJECT_UNLOCK(lockedObject);
- PKIX_DECREF(colCertStoreContext);
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_pl_CollectionCertStore_GetCRL
- * DESCRIPTION:
- *
- * Retrieve CRL's in a list of PKIX_PL_CRL object.
- *
- * PARAMETERS:
- * "colCertStoreContext"
- * The object CertStore is passed in by checker call.
- * "crlSelector"
- * CRLSelector specifies criteria for chosing CRL's
- * "pNBIOContext"
- * Address where platform-dependent information is returned for CertStores
- * that use non-blocking I/O. Must be non-NULL.
- * "pCrlList"
- * Address where object pointer will be returned. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in
- * a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_CollectionCertStore_GetCRL(
- PKIX_CertStore *certStore,
- PKIX_CRLSelector *selector,
- void **pNBIOContext,
- PKIX_List **pCrlList,
- void *plContext)
-{
- PKIX_PL_CollectionCertStoreContext *colCertStoreContext = NULL;
- PKIX_List *selectCrl = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_CollectionCertStore_GetCRL");
- PKIX_NULLCHECK_FOUR(certStore, selector, pNBIOContext, pCrlList);
-
- *pNBIOContext = NULL; /* We don't use non-blocking I/O */
-
- PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
- (certStore,
- (PKIX_PL_Object **) &colCertStoreContext,
- plContext),
- PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
-
- if (colCertStoreContext->crlList == NULL) {
-
- PKIX_OBJECT_LOCK(colCertStoreContext);
-
- /*
- * CRLs in the directory are cached based on the
- * assumption that the directory contents won't be
- * changed dynamically.
- */
- if (colCertStoreContext->crlList == NULL){
- PKIX_CHECK(pkix_pl_CollectionCertStoreContext_PopulateCRL
- (colCertStoreContext, plContext),
- PKIX_COLLECTIONCERTSTORECONTEXTPOPULATECRLFAILED);
- }
-
- PKIX_OBJECT_UNLOCK(colCertStoreContext);
-
- }
-
- PKIX_CHECK(pkix_pl_CollectionCertStoreContext_GetSelectedCRL
- (colCertStoreContext->crlList,
- selector,
- &selectCrl,
- plContext),
- PKIX_COLLECTIONCERTSTORECONTEXTGETSELECTCRLFAILED);
-
- *pCrlList = selectCrl;
-
-cleanup:
- PKIX_OBJECT_UNLOCK(lockedObject);
- PKIX_DECREF(colCertStoreContext);
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_pl_CollectionCertStoreContext_RegisterSelf
- * DESCRIPTION:
- *
- * Registers PKIX_PL_COLLECTIONCERTSTORECONTEXT_TYPE and its related
- * functions with systemClasses[]
- *
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_CollectionCertStoreContext_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
- "pkix_pl_CollectionCertStoreContext_RegisterSelf");
-
- entry.description = "CollectionCertStoreContext";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_CollectionCertStoreContext);
- entry.destructor = pkix_pl_CollectionCertStoreContext_Destroy;
- entry.equalsFunction = pkix_pl_CollectionCertStoreContext_Equals;
- entry.hashcodeFunction = pkix_pl_CollectionCertStoreContext_Hashcode;
- entry.toStringFunction = NULL;
- entry.comparator = NULL;
- entry.duplicateFunction = NULL;
-
- systemClasses[PKIX_COLLECTIONCERTSTORECONTEXT_TYPE] = entry;
-
- PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
-}
-
-/* --Public-CollectionCertStoreContext-Functions--------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_CollectionCertStore_Create
- * (see comments in pkix_samples_modules.h)
- */
-PKIX_Error *
-PKIX_PL_CollectionCertStore_Create(
- PKIX_PL_String *storeDir,
- PKIX_CertStore **pCertStore,
- void *plContext)
-{
- PKIX_PL_CollectionCertStoreContext *colCertStoreContext = NULL;
- PKIX_CertStore *certStore = NULL;
-
- PKIX_ENTER(CERTSTORE, "PKIX_PL_CollectionCertStore_Create");
- PKIX_NULLCHECK_TWO(storeDir, pCertStore);
-
- PKIX_CHECK(pkix_pl_CollectionCertStoreContext_Create
- (storeDir, &colCertStoreContext, plContext),
- PKIX_COULDNOTCREATECOLLECTIONCERTSTORECONTEXTOBJECT);
-
- PKIX_CHECK(PKIX_CertStore_Create
- (pkix_pl_CollectionCertStore_GetCert,
- pkix_pl_CollectionCertStore_GetCRL,
- NULL, /* GetCertContinue */
- NULL, /* GetCRLContinue */
- pkix_pl_CollectionCertStore_CheckTrust,
- NULL, /* can not store crls */
- NULL, /* can not do revocation check */
- (PKIX_PL_Object *)colCertStoreContext,
- PKIX_TRUE, /* cache flag */
- PKIX_TRUE, /* local - no network I/O */
- &certStore,
- plContext),
- PKIX_CERTSTORECREATEFAILED);
-
- PKIX_DECREF(colCertStoreContext);
-
- *pCertStore = certStore;
-
-cleanup:
- PKIX_RETURN(CERTSTORE);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.h b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.h
deleted file mode 100755
index 4e837f752..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_colcertstore.h
- *
- * CollectionCertstore Object Type Definition
- *
- */
-
-#ifndef _PKIX_PL_COLCERTSTORE_H
-#define _PKIX_PL_COLCERTSTORE_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_CollectionCertStoreContext {
- PKIX_PL_String *storeDir;
- PKIX_List *crlList;
- PKIX_List *certList;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_pl_CollectionCertStoreContext_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_COLCERTSTORE_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
deleted file mode 100755
index 69f5f4843..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
+++ /dev/null
@@ -1,1180 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_httpcertstore.c
- *
- * HTTPCertStore Function Definitions
- *
- */
-
-/* We can't decode the length of a message without at least this many bytes */
-
-#include "pkix_pl_httpcertstore.h"
-extern PKIX_PL_HashTable *httpSocketCache;
-SEC_ASN1_MKSUB(CERT_IssuerAndSNTemplate)
-SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
-SEC_ASN1_MKSUB(SEC_SetOfAnyTemplate)
-SEC_ASN1_MKSUB(CERT_SetOfSignedCrlTemplate)
-
-SEC_ASN1_CHOOSER_DECLARE(CERT_IssuerAndSNTemplate)
-SEC_ASN1_CHOOSER_DECLARE(SECOID_AlgorithmIDTemplate)
-/* SEC_ASN1_CHOOSER_DECLARE(SEC_SetOfAnyTemplate)
-SEC_ASN1_CHOOSER_DECLARE(CERT_SetOfSignedCrlTemplate)
-
-const SEC_ASN1Template CERT_IssuerAndSNTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTIssuerAndSN) },
- { SEC_ASN1_SAVE,
- offsetof(CERTIssuerAndSN,derIssuer) },
- { SEC_ASN1_INLINE,
- offsetof(CERTIssuerAndSN,issuer),
- CERT_NameTemplate },
- { SEC_ASN1_INTEGER,
- offsetof(CERTIssuerAndSN,serialNumber) },
- { 0 }
-};
-
-const SEC_ASN1Template SECOID_AlgorithmIDTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SECAlgorithmID) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(SECAlgorithmID,algorithm), },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
- offsetof(SECAlgorithmID,parameters), },
- { 0, }
-}; */
-
-/* --Private-HttpCertStoreContext-Object Functions----------------------- */
-
-/*
- * FUNCTION: pkix_pl_HttpCertStoreContext_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_HttpCertStoreContext_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- const SEC_HttpClientFcnV1 *hcv1 = NULL;
- PKIX_PL_HttpCertStoreContext *context = NULL;
-
- PKIX_ENTER
- (HTTPCERTSTORECONTEXT, "pkix_pl_HttpCertStoreContext_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_HTTPCERTSTORECONTEXT_TYPE, plContext),
- PKIX_OBJECTNOTANHTTPCERTSTORECONTEXT);
-
- context = (PKIX_PL_HttpCertStoreContext *)object;
- hcv1 = (const SEC_HttpClientFcnV1 *)(context->client);
- if (context->requestSession != NULL) {
- (*hcv1->freeFcn)(context->requestSession);
- context->requestSession = NULL;
- }
- if (context->serverSession != NULL) {
- (*hcv1->freeSessionFcn)(context->serverSession);
- context->serverSession = NULL;
- }
- if (context->path != NULL) {
- PORT_Free(context->path);
- context->path = NULL;
- }
-
-cleanup:
-
- PKIX_RETURN(HTTPCERTSTORECONTEXT);
-}
-
-/*
- * FUNCTION: pkix_pl_HttpCertStoreContext_RegisterSelf
- *
- * DESCRIPTION:
- * Registers PKIX_PL_HTTPCERTSTORECONTEXT_TYPE and its related
- * functions with systemClasses[]
- *
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_HttpCertStoreContext_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry *entry = &systemClasses[PKIX_HTTPCERTSTORECONTEXT_TYPE];
-
- PKIX_ENTER(HTTPCERTSTORECONTEXT,
- "pkix_pl_HttpCertStoreContext_RegisterSelf");
-
- entry->description = "HttpCertStoreContext";
- entry->typeObjectSize = sizeof(PKIX_PL_HttpCertStoreContext);
- entry->destructor = pkix_pl_HttpCertStoreContext_Destroy;
-
- PKIX_RETURN(HTTPCERTSTORECONTEXT);
-}
-
-
-/* --Private-Http-CertStore-Database-Functions----------------------- */
-
-typedef struct callbackContextStruct {
- PKIX_List *pkixCertList;
- PKIX_Error *error;
- void *plContext;
-} callbackContext;
-
-
-/*
- * FUNCTION: certCallback
- * DESCRIPTION:
- *
- * This function processes the null-terminated array of SECItems produced by
- * extracting the contents of a signedData message received in response to an
- * HTTP cert query. Its address is supplied as a callback function to
- * CERT_DecodeCertPackage; it is not expected to be called directly.
- *
- * Note that it does not conform to the libpkix API standard of returning
- * a PKIX_Error*. It returns a SECStatus.
- *
- * PARAMETERS:
- * "arg"
- * The address of the callbackContext provided as a void* argument to
- * CERT_DecodeCertPackage. Must be non-NULL.
- * "secitemCerts"
- * The address of the null-terminated array of SECItems. Must be non-NULL.
- * "numcerts"
- * The number of SECItems found in the signedData. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns SECSuccess if the function succeeds.
- * Returns SECFailure if the function fails.
- */
-static SECStatus
-certCallback(void *arg, SECItem **secitemCerts, int numcerts)
-{
- callbackContext *cbContext;
- PKIX_List *pkixCertList = NULL;
- PKIX_Error *error = NULL;
- void *plContext = NULL;
- int itemNum = 0;
-
- if ((arg == NULL) || (secitemCerts == NULL)) {
- return (SECFailure);
- }
-
- cbContext = (callbackContext *)arg;
- plContext = cbContext->plContext;
- pkixCertList = cbContext->pkixCertList;
-
- for (; itemNum < numcerts; itemNum++ ) {
- error = pkix_pl_Cert_CreateToList(secitemCerts[itemNum],
- pkixCertList, plContext);
- if (error != NULL) {
- if (error->errClass == PKIX_FATAL_ERROR) {
- cbContext->error = error;
- return SECFailure;
- }
- /* reuse "error" since we could not destruct the old *
- * value */
- error = PKIX_PL_Object_DecRef((PKIX_PL_Object *)error,
- plContext);
- if (error) {
- /* Treat decref failure as a fatal error.
- * In this case will leak error, but can not do
- * anything about it. */
- error->errClass = PKIX_FATAL_ERROR;
- cbContext->error = error;
- return SECFailure;
- }
- }
- }
-
- return SECSuccess;
-}
-
-
-typedef SECStatus (*pkix_DecodeCertsFunc)(char *certbuf, int certlen,
- CERTImportCertificateFunc f, void *arg);
-
-
-struct pkix_DecodeFuncStr {
- pkix_DecodeCertsFunc func; /* function pointer to the
- * CERT_DecodeCertPackage function */
- PRLibrary *smimeLib; /* Pointer to the smime shared lib*/
- PRCallOnceType once;
-};
-
-static struct pkix_DecodeFuncStr pkix_decodeFunc;
-static const PRCallOnceType pkix_pristine;
-
-#define SMIME_LIB_NAME SHLIB_PREFIX"smime3."SHLIB_SUFFIX
-
-/*
- * load the smime library and look up the SEC_ReadPKCS7Certs function.
- * we do this so we don't have a circular depenency on the smime library,
- * and also so we don't have to load the smime library in applications that
- * don't use it.
- */
-static PRStatus PR_CALLBACK pkix_getDecodeFunction(void)
-{
- pkix_decodeFunc.smimeLib =
- PR_LoadLibrary(SHLIB_PREFIX"smime3."SHLIB_SUFFIX);
- if (pkix_decodeFunc.smimeLib == NULL) {
- return PR_FAILURE;
- }
-
- pkix_decodeFunc.func = (pkix_DecodeCertsFunc) PR_FindFunctionSymbol(
- pkix_decodeFunc.smimeLib, "CERT_DecodeCertPackage");
- if (!pkix_decodeFunc.func) {
- return PR_FAILURE;
- }
- return PR_SUCCESS;
-
-}
-
-/*
- * clears our global state on shutdown.
- */
-void
-pkix_pl_HttpCertStore_Shutdown(void *plContext)
-{
- if (pkix_decodeFunc.smimeLib) {
- PR_UnloadLibrary(pkix_decodeFunc.smimeLib);
- pkix_decodeFunc.smimeLib = NULL;
- }
- /* the function pointer just need to be cleared, not freed */
- pkix_decodeFunc.func = NULL;
- pkix_decodeFunc.once = pkix_pristine;
-}
-
-/*
- * This function is based on CERT_DecodeCertPackage from lib/pkcs7/certread.c
- * read an old style ascii or binary certificate chain
- */
-PKIX_Error *
-pkix_pl_HttpCertStore_DecodeCertPackage
- (const char *certbuf,
- int certlen,
- CERTImportCertificateFunc f,
- void *arg,
- void *plContext)
-{
-
- PRStatus status;
- SECStatus rv;
-
- PKIX_ENTER
- (HTTPCERTSTORECONTEXT,
- "pkix_pl_HttpCertStore_DecodeCertPackage");
- PKIX_NULLCHECK_TWO(certbuf, f);
-
- status = PR_CallOnce(&pkix_decodeFunc.once, pkix_getDecodeFunction);
-
- if (status != PR_SUCCESS) {
- PKIX_ERROR(PKIX_CANTLOADLIBSMIME);
- }
-
- /* paranoia, shouldn't happen if status == PR_SUCCESS); */
- if (!pkix_decodeFunc.func) {
- PKIX_ERROR(PKIX_CANTLOADLIBSMIME);
- }
-
- rv = (*pkix_decodeFunc.func)((char*)certbuf, certlen, f, arg);
-
- if (rv != SECSuccess) {
- PKIX_ERROR (PKIX_SECREADPKCS7CERTSFAILED);
- }
-
-
-cleanup:
-
- PKIX_RETURN(HTTPCERTSTORECONTEXT);
-}
-
-
-/*
- * FUNCTION: pkix_pl_HttpCertStore_ProcessCertResponse
- * DESCRIPTION:
- *
- * This function verifies that the response code pointed to by "responseCode"
- * and the content type pointed to by "responseContentType" are as expected,
- * and then decodes the data pointed to by "responseData", of length
- * "responseDataLen", into a List of Certs, possibly empty, which is returned
- * at "pCertList".
- *
- * PARAMETERS:
- * "responseCode"
- * The value of the HTTP response code.
- * "responseContentType"
- * The address of the Content-type string. Must be non-NULL.
- * "responseData"
- * The address of the message data. Must be non-NULL.
- * "responseDataLen"
- * The length of the message data.
- * "pCertList"
- * The address of the List that is created. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a HttpCertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_HttpCertStore_ProcessCertResponse(
- PRUint16 responseCode,
- const char *responseContentType,
- const char *responseData,
- PRUint32 responseDataLen,
- PKIX_List **pCertList,
- void *plContext)
-{
- callbackContext cbContext;
-
- PKIX_ENTER(HTTPCERTSTORECONTEXT,
- "pkix_pl_HttpCertStore_ProcessCertResponse");
-
- cbContext.error = NULL;
- cbContext.plContext = plContext;
- cbContext.pkixCertList = NULL;
-
- PKIX_NULLCHECK_ONE(pCertList);
-
- if (responseCode != 200) {
- PKIX_ERROR(PKIX_BADHTTPRESPONSE);
- }
-
- /* check that response type is application/pkcs7-mime */
- if (responseContentType == NULL) {
- PKIX_ERROR(PKIX_NOCONTENTTYPEINHTTPRESPONSE);
- }
-
- if (responseData == NULL) {
- PKIX_ERROR(PKIX_NORESPONSEDATAINHTTPRESPONSE);
- }
-
- PKIX_CHECK(
- PKIX_List_Create(&cbContext.pkixCertList, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK_ONLY_FATAL(
- pkix_pl_HttpCertStore_DecodeCertPackage(responseData,
- responseDataLen,
- certCallback,
- &cbContext,
- plContext),
- PKIX_HTTPCERTSTOREDECODECERTPACKAGEFAILED);
- if (cbContext.error) {
- /* Aborting on a fatal error(See certCallback fn) */
- pkixErrorResult = cbContext.error;
- goto cleanup;
- }
-
- *pCertList = cbContext.pkixCertList;
- cbContext.pkixCertList = NULL;
-
-cleanup:
-
- PKIX_DECREF(cbContext.pkixCertList);
-
- PKIX_RETURN(HTTPCERTSTORECONTEXT);
-}
-
-/*
- * FUNCTION: pkix_pl_HttpCertStore_ProcessCrlResponse
- * DESCRIPTION:
- *
- * This function verifies that the response code pointed to by "responseCode"
- * and the content type pointed to by "responseContentType" are as expected,
- * and then decodes the data pointed to by "responseData", of length
- * "responseDataLen", into a List of Crls, possibly empty, which is returned
- * at "pCrlList".
- *
- * PARAMETERS:
- * "responseCode"
- * The value of the HTTP response code.
- * "responseContentType"
- * The address of the Content-type string. Must be non-NULL.
- * "responseData"
- * The address of the message data. Must be non-NULL.
- * "responseDataLen"
- * The length of the message data.
- * "pCrlList"
- * The address of the List that is created. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a HttpCertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_HttpCertStore_ProcessCrlResponse(
- PRUint16 responseCode,
- const char *responseContentType,
- const char *responseData,
- PRUint32 responseDataLen,
- PKIX_List **pCrlList,
- void *plContext)
-{
- SECItem encodedResponse;
- PRInt16 compareVal = 0;
- PKIX_List *crls = NULL;
- SECItem *derCrlCopy = NULL;
- CERTSignedCrl *nssCrl = NULL;
- PKIX_PL_CRL *crl = NULL;
-
- PKIX_ENTER(HTTPCERTSTORECONTEXT,
- "pkix_pl_HttpCertStore_ProcessCrlResponse");
- PKIX_NULLCHECK_ONE(pCrlList);
-
- if (responseCode != 200) {
- PKIX_ERROR(PKIX_BADHTTPRESPONSE);
- }
-
- /* check that response type is application/pkix-crl */
- if (responseContentType == NULL) {
- PKIX_ERROR(PKIX_NOCONTENTTYPEINHTTPRESPONSE);
- }
-
- compareVal = PORT_Strcasecmp(responseContentType,
- "application/pkix-crl");
- if (compareVal != 0) {
- PKIX_ERROR(PKIX_CONTENTTYPENOTPKIXCRL);
- }
- encodedResponse.type = siBuffer;
- encodedResponse.data = (void*)responseData;
- encodedResponse.len = responseDataLen;
-
- derCrlCopy = SECITEM_DupItem(&encodedResponse);
- if (!derCrlCopy) {
- PKIX_ERROR(PKIX_ALLOCERROR);
- }
- /* crl will be based on derCrlCopy, but will not own the der. */
- nssCrl =
- CERT_DecodeDERCrlWithFlags(NULL, derCrlCopy, SEC_CRL_TYPE,
- CRL_DECODE_DONT_COPY_DER |
- CRL_DECODE_SKIP_ENTRIES);
- if (!nssCrl) {
- PKIX_ERROR(PKIX_FAILEDTODECODECRL);
- }
- /* pkix crls own the der. */
- PKIX_CHECK(
- pkix_pl_CRL_CreateWithSignedCRL(nssCrl, derCrlCopy, NULL,
- &crl, plContext),
- PKIX_CRLCREATEWITHSIGNEDCRLFAILED);
- /* Left control over memory pointed by derCrlCopy and
- * nssCrl to pkix crl. */
- derCrlCopy = NULL;
- nssCrl = NULL;
- PKIX_CHECK(PKIX_List_Create(&crls, plContext),
- PKIX_LISTCREATEFAILED);
- PKIX_CHECK(PKIX_List_AppendItem
- (crls, (PKIX_PL_Object *) crl, plContext),
- PKIX_LISTAPPENDITEMFAILED);
- *pCrlList = crls;
- crls = NULL;
-cleanup:
- if (derCrlCopy) {
- SECITEM_FreeItem(derCrlCopy, PR_TRUE);
- }
- if (nssCrl) {
- SEC_DestroyCrl(nssCrl);
- }
- PKIX_DECREF(crl);
- PKIX_DECREF(crls);
-
- PKIX_RETURN(HTTPCERTSTORECONTEXT);
-}
-
-/*
- * FUNCTION: pkix_pl_HttpCertStore_CreateRequestSession
- * DESCRIPTION:
- *
- * This function takes elements from the HttpCertStoreContext pointed to by
- * "context" (path, client, and serverSession) and creates a RequestSession.
- * See the HTTPClient API described in ocspt.h for further details.
- *
- * PARAMETERS:
- * "context"
- * The address of the HttpCertStoreContext. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a HttpCertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_HttpCertStore_CreateRequestSession(
- PKIX_PL_HttpCertStoreContext *context,
- void *plContext)
-{
- const SEC_HttpClientFcnV1 *hcv1 = NULL;
- SECStatus rv = SECFailure;
-
- PKIX_ENTER
- (HTTPCERTSTORECONTEXT,
- "pkix_pl_HttpCertStore_CreateRequestSession");
- PKIX_NULLCHECK_TWO(context, context->serverSession);
-
- if (context->client->version != 1) {
- PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT);
- }
-
- hcv1 = &(context->client->fcnTable.ftable1);
- if (context->requestSession != NULL) {
- (*hcv1->freeFcn)(context->requestSession);
- context->requestSession = 0;
- }
-
- rv = (*hcv1->createFcn)(context->serverSession, "http",
- context->path, "GET",
- PR_SecondsToInterval(
- ((PKIX_PL_NssContext*)plContext)->timeoutSeconds),
- &(context->requestSession));
-
- if (rv != SECSuccess) {
- PKIX_ERROR(PKIX_HTTPSERVERERROR);
- }
-cleanup:
-
- PKIX_RETURN(HTTPCERTSTORECONTEXT);
-
-}
-
-/*
- * FUNCTION: pkix_pl_HttpCertStore_GetCert
- * (see description of PKIX_CertStore_CertCallback in pkix_certstore.h)
- */
-PKIX_Error *
-pkix_pl_HttpCertStore_GetCert(
- PKIX_CertStore *store,
- PKIX_CertSelector *selector,
- PKIX_VerifyNode *verifyNode,
- void **pNBIOContext,
- PKIX_List **pCertList,
- void *plContext)
-{
- const SEC_HttpClientFcnV1 *hcv1 = NULL;
- PKIX_PL_HttpCertStoreContext *context = NULL;
- void *nbioContext = NULL;
- SECStatus rv = SECFailure;
- PRUint16 responseCode = 0;
- const char *responseContentType = NULL;
- const char *responseData = NULL;
- PRUint32 responseDataLen = 0;
- PKIX_List *certList = NULL;
-
- PKIX_ENTER(HTTPCERTSTORECONTEXT, "pkix_pl_HttpCertStore_GetCert");
- PKIX_NULLCHECK_THREE(store, selector, pCertList);
-
- nbioContext = *pNBIOContext;
- *pNBIOContext = NULL;
-
- PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
- (store, (PKIX_PL_Object **)&context, plContext),
- PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
-
- if (context->client->version != 1) {
- PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT);
- }
-
- hcv1 = &(context->client->fcnTable.ftable1);
-
- PKIX_CHECK(pkix_pl_HttpCertStore_CreateRequestSession
- (context, plContext),
- PKIX_HTTPCERTSTORECREATEREQUESTSESSIONFAILED);
-
- responseDataLen =
- ((PKIX_PL_NssContext*)plContext)->maxResponseLength;
-
- rv = (*hcv1->trySendAndReceiveFcn)(context->requestSession,
- (PRPollDesc **)&nbioContext,
- &responseCode,
- (const char **)&responseContentType,
- NULL, /* &responseHeaders */
- (const char **)&responseData,
- &responseDataLen);
- if (rv != SECSuccess) {
- PKIX_ERROR(PKIX_HTTPSERVERERROR);
- }
-
- if (nbioContext != 0) {
- *pNBIOContext = nbioContext;
- goto cleanup;
- }
-
- PKIX_CHECK(pkix_pl_HttpCertStore_ProcessCertResponse
- (responseCode,
- responseContentType,
- responseData,
- responseDataLen,
- &certList,
- plContext),
- PKIX_HTTPCERTSTOREPROCESSCERTRESPONSEFAILED);
-
- *pCertList = certList;
-
-cleanup:
- PKIX_DECREF(context);
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_pl_HttpCertStore_GetCertContinue
- * (see description of PKIX_CertStore_CertCallback in pkix_certstore.h)
- */
-PKIX_Error *
-pkix_pl_HttpCertStore_GetCertContinue(
- PKIX_CertStore *store,
- PKIX_CertSelector *selector,
- PKIX_VerifyNode *verifyNode,
- void **pNBIOContext,
- PKIX_List **pCertList,
- void *plContext)
-{
- const SEC_HttpClientFcnV1 *hcv1 = NULL;
- PKIX_PL_HttpCertStoreContext *context = NULL;
- void *nbioContext = NULL;
- SECStatus rv = SECFailure;
- PRUint16 responseCode = 0;
- const char *responseContentType = NULL;
- const char *responseData = NULL;
- PRUint32 responseDataLen = 0;
- PKIX_List *certList = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_HttpCertStore_GetCertContinue");
- PKIX_NULLCHECK_THREE(store, selector, pCertList);
-
- nbioContext = *pNBIOContext;
- *pNBIOContext = NULL;
-
- PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
- (store, (PKIX_PL_Object **)&context, plContext),
- PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
-
- if (context->client->version != 1) {
- PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT);
- }
-
- hcv1 = &(context->client->fcnTable.ftable1);
- PKIX_NULLCHECK_ONE(context->requestSession);
-
- responseDataLen =
- ((PKIX_PL_NssContext*)plContext)->maxResponseLength;
-
- rv = (*hcv1->trySendAndReceiveFcn)(context->requestSession,
- (PRPollDesc **)&nbioContext,
- &responseCode,
- (const char **)&responseContentType,
- NULL, /* &responseHeaders */
- (const char **)&responseData,
- &responseDataLen);
-
- if (rv != SECSuccess) {
- PKIX_ERROR(PKIX_HTTPSERVERERROR);
- }
-
- if (nbioContext != 0) {
- *pNBIOContext = nbioContext;
- goto cleanup;
- }
-
- PKIX_CHECK(pkix_pl_HttpCertStore_ProcessCertResponse
- (responseCode,
- responseContentType,
- responseData,
- responseDataLen,
- &certList,
- plContext),
- PKIX_HTTPCERTSTOREPROCESSCERTRESPONSEFAILED);
-
- *pCertList = certList;
-
-cleanup:
- PKIX_DECREF(context);
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_pl_HttpCertStore_GetCRL
- * (see description of PKIX_CertStore_CRLCallback in pkix_certstore.h)
- */
-PKIX_Error *
-pkix_pl_HttpCertStore_GetCRL(
- PKIX_CertStore *store,
- PKIX_CRLSelector *selector,
- void **pNBIOContext,
- PKIX_List **pCrlList,
- void *plContext)
-{
-
- const SEC_HttpClientFcnV1 *hcv1 = NULL;
- PKIX_PL_HttpCertStoreContext *context = NULL;
- void *nbioContext = NULL;
- SECStatus rv = SECFailure;
- PRUint16 responseCode = 0;
- const char *responseContentType = NULL;
- const char *responseData = NULL;
- PRUint32 responseDataLen = 0;
- PKIX_List *crlList = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_HttpCertStore_GetCRL");
- PKIX_NULLCHECK_THREE(store, selector, pCrlList);
-
- nbioContext = *pNBIOContext;
- *pNBIOContext = NULL;
-
- PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
- (store, (PKIX_PL_Object **)&context, plContext),
- PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
-
- if (context->client->version != 1) {
- PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT);
- }
-
- hcv1 = &(context->client->fcnTable.ftable1);
- PKIX_CHECK(pkix_pl_HttpCertStore_CreateRequestSession
- (context, plContext),
- PKIX_HTTPCERTSTORECREATEREQUESTSESSIONFAILED);
-
- responseDataLen =
- ((PKIX_PL_NssContext*)plContext)->maxResponseLength;
-
- rv = (*hcv1->trySendAndReceiveFcn)(context->requestSession,
- (PRPollDesc **)&nbioContext,
- &responseCode,
- (const char **)&responseContentType,
- NULL, /* &responseHeaders */
- (const char **)&responseData,
- &responseDataLen);
-
- if (rv != SECSuccess) {
- PKIX_ERROR(PKIX_HTTPSERVERERROR);
- }
-
- if (nbioContext != 0) {
- *pNBIOContext = nbioContext;
- goto cleanup;
- }
-
- PKIX_CHECK(pkix_pl_HttpCertStore_ProcessCrlResponse
- (responseCode,
- responseContentType,
- responseData,
- responseDataLen,
- &crlList,
- plContext),
- PKIX_HTTPCERTSTOREPROCESSCRLRESPONSEFAILED);
-
- *pCrlList = crlList;
-
-cleanup:
- PKIX_DECREF(context);
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_pl_HttpCertStore_GetCRLContinue
- * (see description of PKIX_CertStore_CRLCallback in pkix_certstore.h)
- */
-PKIX_Error *
-pkix_pl_HttpCertStore_GetCRLContinue(
- PKIX_CertStore *store,
- PKIX_CRLSelector *selector,
- void **pNBIOContext,
- PKIX_List **pCrlList,
- void *plContext)
-{
- const SEC_HttpClientFcnV1 *hcv1 = NULL;
- PKIX_PL_HttpCertStoreContext *context = NULL;
- void *nbioContext = NULL;
- SECStatus rv = SECFailure;
- PRUint16 responseCode = 0;
- const char *responseContentType = NULL;
- const char *responseData = NULL;
- PRUint32 responseDataLen = 0;
- PKIX_List *crlList = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_HttpCertStore_GetCRLContinue");
- PKIX_NULLCHECK_FOUR(store, selector, pNBIOContext, pCrlList);
-
- nbioContext = *pNBIOContext;
- *pNBIOContext = NULL;
-
- PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
- (store, (PKIX_PL_Object **)&context, plContext),
- PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
-
- if (context->client->version != 1) {
- PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT);
- }
- hcv1 = &(context->client->fcnTable.ftable1);
-
- PKIX_CHECK(pkix_pl_HttpCertStore_CreateRequestSession
- (context, plContext),
- PKIX_HTTPCERTSTORECREATEREQUESTSESSIONFAILED);
-
- responseDataLen =
- ((PKIX_PL_NssContext*)plContext)->maxResponseLength;
-
- rv = (*hcv1->trySendAndReceiveFcn)(context->requestSession,
- (PRPollDesc **)&nbioContext,
- &responseCode,
- (const char **)&responseContentType,
- NULL, /* &responseHeaders */
- (const char **)&responseData,
- &responseDataLen);
-
- if (rv != SECSuccess) {
- PKIX_ERROR(PKIX_HTTPSERVERERROR);
- }
-
- if (nbioContext != 0) {
- *pNBIOContext = nbioContext;
- goto cleanup;
- }
-
- PKIX_CHECK(pkix_pl_HttpCertStore_ProcessCrlResponse
- (responseCode,
- responseContentType,
- responseData,
- responseDataLen,
- &crlList,
- plContext),
- PKIX_HTTPCERTSTOREPROCESSCRLRESPONSEFAILED);
-
- *pCrlList = crlList;
-
-cleanup:
- PKIX_DECREF(context);
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/* --Public-HttpCertStore-Functions----------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_HttpCertStore_CreateWithAsciiName
- * DESCRIPTION:
- *
- * This function uses the HttpClient pointed to by "client" and the string
- * (hostname:portnum/path, with portnum optional) pointed to by "locationAscii"
- * to create an HttpCertStore connected to the desired location, storing the
- * created CertStore at "pCertStore".
- *
- * PARAMETERS:
- * "client"
- * The address of the HttpClient. Must be non-NULL.
- * "locationAscii"
- * The address of the character string indicating the hostname, port, and
- * path to be queried for Certs or Crls. Must be non-NULL.
- * "pCertStore"
- * The address in which the object is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a HttpCertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_HttpCertStore_CreateWithAsciiName(
- PKIX_PL_HttpClient *client,
- char *locationAscii,
- PKIX_CertStore **pCertStore,
- void *plContext)
-{
- const SEC_HttpClientFcn *clientFcn = NULL;
- const SEC_HttpClientFcnV1 *hcv1 = NULL;
- PKIX_PL_HttpCertStoreContext *httpCertStore = NULL;
- PKIX_CertStore *certStore = NULL;
- char *hostname = NULL;
- char *path = NULL;
- PRUint16 port = 0;
- SECStatus rv = SECFailure;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_HttpCertStore_CreateWithAsciiName");
- PKIX_NULLCHECK_TWO(locationAscii, pCertStore);
-
- if (client == NULL) {
- clientFcn = SEC_GetRegisteredHttpClient();
- if (clientFcn == NULL) {
- PKIX_ERROR(PKIX_NOREGISTEREDHTTPCLIENT);
- }
- } else {
- clientFcn = (const SEC_HttpClientFcn *)client;
- }
-
- if (clientFcn->version != 1) {
- PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT);
- }
-
- /* create a PKIX_PL_HttpCertStore object */
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_HTTPCERTSTORECONTEXT_TYPE,
- sizeof (PKIX_PL_HttpCertStoreContext),
- (PKIX_PL_Object **)&httpCertStore,
- plContext),
- PKIX_COULDNOTCREATEOBJECT);
-
- /* Initialize fields */
- httpCertStore->client = clientFcn; /* not a PKIX object! */
-
- /* parse location -> hostname, port, path */
- rv = CERT_ParseURL(locationAscii, &hostname, &port, &path);
- if (rv == SECFailure || hostname == NULL || path == NULL) {
- PKIX_ERROR(PKIX_URLPARSINGFAILED);
- }
-
- httpCertStore->path = path;
- path = NULL;
-
- hcv1 = &(clientFcn->fcnTable.ftable1);
- rv = (*hcv1->createSessionFcn)(hostname, port,
- &(httpCertStore->serverSession));
- if (rv != SECSuccess) {
- PKIX_ERROR(PKIX_HTTPCLIENTCREATESESSIONFAILED);
- }
-
- httpCertStore->requestSession = NULL;
-
- PKIX_CHECK(PKIX_CertStore_Create
- (pkix_pl_HttpCertStore_GetCert,
- pkix_pl_HttpCertStore_GetCRL,
- pkix_pl_HttpCertStore_GetCertContinue,
- pkix_pl_HttpCertStore_GetCRLContinue,
- NULL, /* don't support trust */
- NULL, /* can not store crls */
- NULL, /* can not do revocation check */
- (PKIX_PL_Object *)httpCertStore,
- PKIX_TRUE, /* cache flag */
- PKIX_FALSE, /* not local */
- &certStore,
- plContext),
- PKIX_CERTSTORECREATEFAILED);
-
- *pCertStore = certStore;
- certStore = NULL;
-
-cleanup:
- PKIX_DECREF(httpCertStore);
- if (hostname) {
- PORT_Free(hostname);
- }
- if (path) {
- PORT_Free(path);
- }
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: PKIX_PL_HttpCertStore_Create
- * (see comments in pkix_samples_modules.h)
- */
-PKIX_Error *
-PKIX_PL_HttpCertStore_Create(
- PKIX_PL_HttpClient *client,
- PKIX_PL_GeneralName *location,
- PKIX_CertStore **pCertStore,
- void *plContext)
-{
- PKIX_PL_String *locationString = NULL;
- char *locationAscii = NULL;
- PKIX_UInt32 len = 0;
-
- PKIX_ENTER(CERTSTORE, "PKIX_PL_HttpCertStore_Create");
- PKIX_NULLCHECK_TWO(location, pCertStore);
-
- PKIX_TOSTRING(location, &locationString, plContext,
- PKIX_GENERALNAMETOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (locationString,
- PKIX_ESCASCII,
- (void **)&locationAscii,
- &len,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
-
- PKIX_CHECK(pkix_pl_HttpCertStore_CreateWithAsciiName
- (client, locationAscii, pCertStore, plContext),
- PKIX_HTTPCERTSTORECREATEWITHASCIINAMEFAILED);
-
-cleanup:
-
- PKIX_DECREF(locationString);
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_HttpCertStore_FindSocketConnection
- * DESCRIPTION:
- *
- PRIntervalTime timeout,
- char *hostname,
- PRUint16 portnum,
- PRErrorCode *pStatus,
- PKIX_PL_Socket **pSocket,
-
- * This function checks for an existing socket, creating a new one if unable
- * to find an existing one, for the host pointed to by "hostname" and the port
- * pointed to by "portnum". If a new socket is created the PRIntervalTime in
- * "timeout" will be used for the timeout value and a creation status is
- * returned at "pStatus". The address of the socket is stored at "pSocket".
- *
- * PARAMETERS:
- * "timeout"
- * The PRIntervalTime of the timeout value.
- * "hostname"
- * The address of the string containing the hostname. Must be non-NULL.
- * "portnum"
- * The port number for the desired socket.
- * "pStatus"
- * The address at which the status is stored. Must be non-NULL.
- * "pSocket"
- * The address at which the socket is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a HttpCertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_HttpCertStore_FindSocketConnection(
- PRIntervalTime timeout,
- char *hostname,
- PRUint16 portnum,
- PRErrorCode *pStatus,
- PKIX_PL_Socket **pSocket,
- void *plContext)
-{
- PKIX_PL_String *formatString = NULL;
- PKIX_PL_String *hostString = NULL;
- PKIX_PL_String *domainString = NULL;
- PKIX_PL_Socket *socket = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_HttpCertStore_FindSocketConnection");
- PKIX_NULLCHECK_THREE(hostname, pStatus, pSocket);
-
- *pStatus = 0;
-
- /* create PKIX_PL_String from hostname and port */
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, "%s:%d", 0, &formatString, plContext),
- PKIX_STRINGCREATEFAILED);
-
-#if 0
-hostname = "variation.red.iplanet.com";
-portnum = 2001;
-#endif
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, hostname, 0, &hostString, plContext),
- PKIX_STRINGCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&domainString, plContext, formatString, hostString, portnum),
- PKIX_STRINGCREATEFAILED);
-
-#ifdef PKIX_SOCKETCACHE
- /* Is this domainName already in cache? */
- PKIX_CHECK(PKIX_PL_HashTable_Lookup
- (httpSocketCache,
- (PKIX_PL_Object *)domainString,
- (PKIX_PL_Object **)&socket,
- plContext),
- PKIX_HASHTABLELOOKUPFAILED);
-#endif
- if (socket == NULL) {
-
- /* No, create a connection (and cache it) */
- PKIX_CHECK(pkix_pl_Socket_CreateByHostAndPort
- (PKIX_FALSE, /* create a client, not a server */
- timeout,
- hostname,
- portnum,
- pStatus,
- &socket,
- plContext),
- PKIX_SOCKETCREATEBYHOSTANDPORTFAILED);
-
-#ifdef PKIX_SOCKETCACHE
- PKIX_CHECK(PKIX_PL_HashTable_Add
- (httpSocketCache,
- (PKIX_PL_Object *)domainString,
- (PKIX_PL_Object *)socket,
- plContext),
- PKIX_HASHTABLEADDFAILED);
-#endif
- }
-
- *pSocket = socket;
- socket = NULL;
-
-cleanup:
-
- PKIX_DECREF(formatString);
- PKIX_DECREF(hostString);
- PKIX_DECREF(domainString);
- PKIX_DECREF(socket);
-
- PKIX_RETURN(CERTSTORE);
-}
-
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.h b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.h
deleted file mode 100644
index 97e45b70c..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.h
+++ /dev/null
@@ -1,95 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_httpcertstore.h
- *
- * HTTPCertstore Object Type Definition
- *
- */
-
-#ifndef _PKIX_PL_HTTPCERTSTORE_H
-#define _PKIX_PL_HTTPCERTSTORE_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_HttpCertStoreContextStruct {
- const SEC_HttpClientFcn *client;
- SEC_HTTP_SERVER_SESSION serverSession;
- SEC_HTTP_REQUEST_SESSION requestSession;
- char *path;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_pl_HttpCertStoreContext_RegisterSelf(void *plContext);
-
-void pkix_pl_HttpCertStore_Shutdown(void *plContext);
-
-PKIX_Error *
-pkix_pl_HttpCertStore_CreateWithAsciiName(
- PKIX_PL_HttpClient *client,
- char *locationAscii,
- PKIX_CertStore **pCertStore,
- void *plContext);
-
-PKIX_Error *
-pkix_HttpCertStore_FindSocketConnection(
- PRIntervalTime timeout,
- char *hostname,
- PRUint16 portnum,
- PRErrorCode *pStatus,
- PKIX_PL_Socket **pSocket,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_HttpCertStore_ProcessCertResponse(
- PRUint16 responseCode,
- const char *responseContentType,
- const char *responseData,
- PRUint32 responseDataLen,
- PKIX_List **pCertList,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_HTTPCERTSTORE_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c
deleted file mode 100644
index 1bd0a5a38..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c
+++ /dev/null
@@ -1,1688 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_httpdefaultclient.c
- *
- * HTTPDefaultClient Function Definitions
- *
- */
-
-#include "pkix_pl_httpdefaultclient.h"
-
-static void *plContext = NULL;
-
-/*
- * The interface specification for an http client requires that it register
- * a function table of type SEC_HttpClientFcn, which is defined as a union
- * of tables, of which only version 1 is defined at present.
- *
- * Note: these functions violate the PKIX calling conventions, in that they
- * return SECStatus rather than PKIX_Error*, and that they do not provide a
- * plContext argument. They are implemented here as calls to PKIX functions,
- * but the plContext value is circularly defined - a true kludge. Its value
- * is saved at the time of the call to pkix_pl_HttpDefaultClient_Create for
- * subsequent use, but since that initial call comes from the
- * pkix_pl_HttpDefaultClient_CreateSessionFcn, it's not really getting saved.
- */
-static SEC_HttpClientFcnV1 vtable = {
- pkix_pl_HttpDefaultClient_CreateSessionFcn,
- pkix_pl_HttpDefaultClient_KeepAliveSessionFcn,
- pkix_pl_HttpDefaultClient_FreeSessionFcn,
- pkix_pl_HttpDefaultClient_RequestCreateFcn,
- pkix_pl_HttpDefaultClient_SetPostDataFcn,
- pkix_pl_HttpDefaultClient_AddHeaderFcn,
- pkix_pl_HttpDefaultClient_TrySendAndReceiveFcn,
- pkix_pl_HttpDefaultClient_CancelFcn,
- pkix_pl_HttpDefaultClient_FreeFcn
-};
-
-static SEC_HttpClientFcn httpClient;
-
-static const char *eohMarker = "\r\n\r\n";
-static const PKIX_UInt32 eohMarkLen = 4; /* strlen(eohMarker) */
-static const char *crlf = "\r\n";
-static const PKIX_UInt32 crlfLen = 2; /* strlen(crlf) */
-static const char *httpprotocol = "HTTP/";
-static const PKIX_UInt32 httpprotocolLen = 5; /* strlen(httpprotocol) */
-
-
-#define HTTP_UNKNOWN_CONTENT_LENGTH -1
-
-/* --Private-HttpDefaultClient-Functions------------------------- */
-
-/*
- * FUNCTION: pkix_pl_HttpDefaultClient_HdrCheckComplete
- * DESCRIPTION:
- *
- * This function determines whether the headers in the current receive buffer
- * in the HttpDefaultClient pointed to by "client" are complete. If so, the
- * input data is checked for status code, content-type and content-length are
- * extracted, and the client is set up to read the body of the response.
- * Otherwise, the client is set up to continue reading header data.
- *
- * PARAMETERS:
- * "client"
- * The address of the HttpDefaultClient object. Must be non-NULL.
- * "bytesRead"
- * The UInt32 number of bytes received in the latest read.
- * "pKeepGoing"
- * The address at which the Boolean state machine flag is stored to
- * indicate whether processing can continue without further input.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a HttpDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_HttpDefaultClient_HdrCheckComplete(
- PKIX_PL_HttpDefaultClient *client,
- PKIX_UInt32 bytesRead,
- PKIX_Boolean *pKeepGoing,
- void *plContext)
-{
- PKIX_UInt32 alreadyScanned = 0;
- PKIX_UInt32 comp = 0;
- PKIX_UInt32 headerLength = 0;
- PKIX_Int32 contentLength = HTTP_UNKNOWN_CONTENT_LENGTH;
- char *eoh = NULL;
- char *statusLineEnd = NULL;
- char *space = NULL;
- char *nextHeader = NULL;
- const char *httpcode = NULL;
- char *thisHeaderEnd = NULL;
- char *value = NULL;
- char *colon = NULL;
- char *copy = NULL;
- char *body = NULL;
-
- PKIX_ENTER
- (HTTPDEFAULTCLIENT,
- "pkix_pl_HttpDefaultClient_HdrCheckComplete");
- PKIX_NULLCHECK_TWO(client, pKeepGoing);
-
- *pKeepGoing = PKIX_FALSE;
-
- /* Does buffer contain end-of-header marker? */
-
- /* Copy number of scanned bytes into a variable. */
- alreadyScanned = client->filledupBytes;
- /*
- * If this is the initial buffer, we have to scan from the beginning.
- * If we scanned, failed to find eohMarker, and read some more, we
- * only have to scan from where we left off.
- */
- if (alreadyScanned > eohMarkLen) {
- /* Back up and restart scanning over a few bytes that were
- * scanned before */
- PKIX_UInt32 searchStartPos = alreadyScanned - eohMarkLen;
- eoh = PL_strnstr(&(client->rcvBuf[searchStartPos]), eohMarker,
- bytesRead + searchStartPos);
- } else {
- /* A search from the beginning of the buffer. */
- eoh = PL_strnstr(client->rcvBuf, eohMarker, bytesRead);
- }
-
- client->filledupBytes += bytesRead;
-
- if (eoh == NULL) { /* did we see end-of-header? */
- /* No. Continue to read header data */
- client->connectStatus = HTTP_RECV_HDR;
- *pKeepGoing = PKIX_TRUE;
- goto cleanup;
- }
-
- /* Yes. Calculate how many bytes in header (not counting eohMarker) */
- headerLength = (eoh - client->rcvBuf);
-
- /* allocate space to copy header (and for the NULL terminator) */
- PKIX_CHECK(PKIX_PL_Malloc(headerLength + 1, (void **)&copy, plContext),
- PKIX_MALLOCFAILED);
-
- /* copy header data before we corrupt it (by storing NULLs) */
- PORT_Memcpy(copy, client->rcvBuf, headerLength);
- /* Store the NULL terminator */
- copy[headerLength] = '\0';
- client->rcvHeaders = copy;
-
- /* Did caller want a pointer to header? */
- if (client->rcv_http_headers != NULL) {
- /* store pointer for caller */
- *(client->rcv_http_headers) = copy;
- }
-
- /* Check that message status is okay. */
- statusLineEnd = PL_strnstr(client->rcvBuf, crlf, client->capacity);
- if (statusLineEnd == NULL) {
- client->connectStatus = HTTP_ERROR;
- PORT_SetError(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
- goto cleanup;
- }
-
- *statusLineEnd = '\0';
-
- space = strchr((const char *)client->rcvBuf, ' ');
- if (space == NULL) {
- client->connectStatus = HTTP_ERROR;
- goto cleanup;
- }
-
- comp = PORT_Strncasecmp((const char *)client->rcvBuf, httpprotocol,
- httpprotocolLen);
- if (comp != 0) {
- client->connectStatus = HTTP_ERROR;
- goto cleanup;
- }
-
- httpcode = space + 1;
- space = strchr(httpcode, ' ');
- if (space == NULL) {
- client->connectStatus = HTTP_ERROR;
- goto cleanup;
- }
- *space = '\0';
-
- client->responseCode = atoi(httpcode);
- if (client->responseCode != 200) {
- client->connectStatus = HTTP_ERROR;
- goto cleanup;
- }
-
- /* Find the content-type and content-length */
- nextHeader = statusLineEnd + crlfLen;
- *eoh = '\0';
- do {
- thisHeaderEnd = NULL;
- value = NULL;
-
- colon = strchr(nextHeader, ':');
- if (colon == NULL) {
- client->connectStatus = HTTP_ERROR;
- goto cleanup;
- }
- *colon = '\0';
- value = colon + 1;
- if (*value != ' ') {
- client->connectStatus = HTTP_ERROR;
- goto cleanup;
- }
- value++;
- thisHeaderEnd = strstr(value, crlf);
- if (thisHeaderEnd != NULL) {
- *thisHeaderEnd = '\0';
- }
- comp = PORT_Strcasecmp(nextHeader, "content-type");
- if (comp == 0) {
- client->rcvContentType = PORT_Strdup(value);
- } else {
- comp = PORT_Strcasecmp(nextHeader, "content-length");
- if (comp == 0) {
- contentLength = atoi(value);
- }
- }
- if (thisHeaderEnd != NULL) {
- nextHeader = thisHeaderEnd + crlfLen;
- } else {
- nextHeader = NULL;
- }
- } while ((nextHeader != NULL) && (nextHeader < (eoh + crlfLen)));
-
- /* Did caller provide a pointer to return content-type? */
- if (client->rcv_http_content_type != NULL) {
- *(client->rcv_http_content_type) = client->rcvContentType;
- }
-
- if (client->rcvContentType == NULL) {
- client->connectStatus = HTTP_ERROR;
- goto cleanup;
- }
-
- /* How many bytes remain in current buffer, beyond the header? */
- headerLength += eohMarkLen;
- client->filledupBytes -= headerLength;
-
- /*
- * The headers have passed validation. Now figure out whether the
- * message is within the caller's size limit (if one was specified).
- */
- switch (contentLength) {
- case 0:
- client->rcv_http_data_len = 0;
- client->connectStatus = HTTP_COMPLETE;
- *pKeepGoing = PKIX_FALSE;
- break;
-
- case HTTP_UNKNOWN_CONTENT_LENGTH:
- /* Unknown contentLength indicator.Will be set by
- * pkix_pl_HttpDefaultClient_RecvBody whey connection get closed */
- client->rcv_http_data_len = HTTP_UNKNOWN_CONTENT_LENGTH;
- contentLength = /* Try to reserve 4K+ buffer */
- client->filledupBytes + HTTP_DATA_BUFSIZE;
- if (client->maxResponseLen > 0 &&
- contentLength > client->maxResponseLen) {
- if (client->filledupBytes < client->maxResponseLen) {
- contentLength = client->maxResponseLen;
- } else {
- client->connectStatus = HTTP_ERROR;
- goto cleanup;
- }
- }
- /* set available number of bytes in the buffer */
- client->capacity = contentLength;
- client->connectStatus = HTTP_RECV_BODY;
- *pKeepGoing = PKIX_TRUE;
- break;
-
- default:
- client->rcv_http_data_len = contentLength;
- if (client->maxResponseLen > 0 &&
- client->maxResponseLen < contentLength) {
- client->connectStatus = HTTP_ERROR;
- goto cleanup;
- }
-
- /*
- * Do we have all of the message body, or do we need to read some more?
- */
- if (client->filledupBytes < contentLength) {
- client->connectStatus = HTTP_RECV_BODY;
- *pKeepGoing = PKIX_TRUE;
- } else {
- client->connectStatus = HTTP_COMPLETE;
- *pKeepGoing = PKIX_FALSE;
- }
- }
-
- if (contentLength > 0) {
- /* allocate a buffer of size contentLength for the content */
- PKIX_CHECK(PKIX_PL_Malloc(contentLength, (void **)&body, plContext),
- PKIX_MALLOCFAILED);
-
- /* copy any remaining bytes in current buffer into new buffer */
- if (client->filledupBytes > 0) {
- PORT_Memcpy(body, &(client->rcvBuf[headerLength]),
- client->filledupBytes);
- }
- }
-
- PKIX_CHECK(PKIX_PL_Free(client->rcvBuf, plContext),
- PKIX_FREEFAILED);
- client->rcvBuf = body;
-
-cleanup:
-
- PKIX_RETURN(HTTPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: PKIX_PL_HttpDefaultClient_Create
- * DESCRIPTION:
- *
- * This function creates a new HttpDefaultClient, and stores the result at
- * "pClient".
- *
- * The HttpClient API does not include a plContext argument in its
- * function calls. Its value at the time of this Create call must be the
- * same as when the client is invoked.
- *
- * PARAMETERS:
- * "host"
- * The name of the server with which we hope to exchange messages. Must
- * be non-NULL.
- * "portnum"
- * The port number to be used for our connection to the server.
- * "pClient"
- * The address at which the created HttpDefaultClient is to be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a HttpDefaultClient Error if the function fails in
- * a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_HttpDefaultClient_Create(
- const char *host,
- PRUint16 portnum,
- PKIX_PL_HttpDefaultClient **pClient,
- void *plContext)
-{
- PKIX_PL_HttpDefaultClient *client = NULL;
-
- PKIX_ENTER(HTTPDEFAULTCLIENT, "PKIX_PL_HttpDefaultClient_Create");
- PKIX_NULLCHECK_TWO(pClient, host);
-
- /* allocate an HttpDefaultClient */
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_HTTPDEFAULTCLIENT_TYPE,
- sizeof (PKIX_PL_HttpDefaultClient),
- (PKIX_PL_Object **)&client,
- plContext),
- PKIX_COULDNOTCREATEHTTPDEFAULTCLIENTOBJECT);
-
- /* Client timeout is overwritten in HttpDefaultClient_RequestCreate
- * function. Default value will be ignored. */
- client->timeout = 0;
- client->connectStatus = HTTP_NOT_CONNECTED;
- client->portnum = portnum;
- client->bytesToWrite = 0;
- client->send_http_data_len = 0;
- client->rcv_http_data_len = 0;
- client->capacity = 0;
- client->filledupBytes = 0;
- client->responseCode = 0;
- client->maxResponseLen = 0;
- client->GETLen = 0;
- client->POSTLen = 0;
- client->pRcv_http_data_len = NULL;
- client->callbackList = NULL;
- client->GETBuf = NULL;
- client->POSTBuf = NULL;
- client->rcvBuf = NULL;
- /* "host" is a parsing result by CERT_GetURL function that adds
- * "end of line" to the value. OK to dup the string. */
- client->host = PORT_Strdup(host);
- if (!client->host) {
- PKIX_ERROR(PKIX_ALLOCERROR);
- }
- client->path = NULL;
- client->rcvContentType = NULL;
- client->rcvHeaders = NULL;
- client->send_http_method = HTTP_POST_METHOD;
- client->send_http_content_type = NULL;
- client->send_http_data = NULL;
- client->rcv_http_response_code = NULL;
- client->rcv_http_content_type = NULL;
- client->rcv_http_headers = NULL;
- client->rcv_http_data = NULL;
- client->socket = NULL;
-
- /*
- * The HttpClient API does not include a plContext argument in its
- * function calls. Save it here.
- */
- client->plContext = plContext;
-
- *pClient = client;
-
-cleanup:
- if (PKIX_ERROR_RECEIVED) {
- PKIX_DECREF(client);
- }
-
- PKIX_RETURN(HTTPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_HttpDefaultClient_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_HttpDefaultClient_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_HttpDefaultClient *client = NULL;
-
- PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_HTTPDEFAULTCLIENT_TYPE, plContext),
- PKIX_OBJECTNOTANHTTPDEFAULTCLIENT);
-
- client = (PKIX_PL_HttpDefaultClient *)object;
-
- if (client->rcvHeaders) {
- PKIX_PL_Free(client->rcvHeaders, plContext);
- client->rcvHeaders = NULL;
- }
- if (client->rcvContentType) {
- PORT_Free(client->rcvContentType);
- client->rcvContentType = NULL;
- }
- if (client->GETBuf != NULL) {
- PR_smprintf_free(client->GETBuf);
- client->GETBuf = NULL;
- }
- if (client->POSTBuf != NULL) {
- PKIX_PL_Free(client->POSTBuf, plContext);
- client->POSTBuf = NULL;
- }
- if (client->rcvBuf != NULL) {
- PKIX_PL_Free(client->rcvBuf, plContext);
- client->rcvBuf = NULL;
- }
- if (client->host) {
- PORT_Free(client->host);
- client->host = NULL;
- }
- if (client->path) {
- PORT_Free(client->path);
- client->path = NULL;
- }
- PKIX_DECREF(client->socket);
-
-cleanup:
-
- PKIX_RETURN(HTTPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_HttpDefaultClient_RegisterSelf
- *
- * DESCRIPTION:
- * Registers PKIX_PL_HTTPDEFAULTCLIENT_TYPE and its related
- * functions with systemClasses[]
- *
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_HttpDefaultClient_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry *entry =
- &systemClasses[PKIX_HTTPDEFAULTCLIENT_TYPE];
-
- PKIX_ENTER(HTTPDEFAULTCLIENT,
- "pkix_pl_HttpDefaultClient_RegisterSelf");
-
- entry->description = "HttpDefaultClient";
- entry->typeObjectSize = sizeof(PKIX_PL_HttpDefaultClient);
- entry->destructor = pkix_pl_HttpDefaultClient_Destroy;
-
- httpClient.version = 1;
- httpClient.fcnTable.ftable1 = vtable;
- (void)SEC_RegisterDefaultHttpClient(&httpClient);
-
- PKIX_RETURN(HTTPDEFAULTCLIENT);
-}
-
-/* --Private-HttpDefaultClient-I/O-Functions---------------------------- */
-/*
- * FUNCTION: pkix_pl_HttpDefaultClient_ConnectContinue
- * DESCRIPTION:
- *
- * This function determines whether a socket Connect initiated earlier for the
- * HttpDefaultClient "client" has completed, and stores in "pKeepGoing" a flag
- * indicating whether processing can continue without further input.
- *
- * PARAMETERS:
- * "client"
- * The address of the HttpDefaultClient object. Must be non-NULL.
- * "pKeepGoing"
- * The address at which the Boolean state machine flag is stored to
- * indicate whether processing can continue without further input.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a HttpDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_HttpDefaultClient_ConnectContinue(
- PKIX_PL_HttpDefaultClient *client,
- PKIX_Boolean *pKeepGoing,
- void *plContext)
-{
- PRErrorCode status;
- PKIX_Boolean keepGoing = PKIX_FALSE;
- PKIX_PL_Socket_Callback *callbackList = NULL;
-
- PKIX_ENTER
- (HTTPDEFAULTCLIENT,
- "pkix_pl_HttpDefaultClient_ConnectContinue");
- PKIX_NULLCHECK_ONE(client);
-
- callbackList = (PKIX_PL_Socket_Callback *)client->callbackList;
-
- PKIX_CHECK(callbackList->connectcontinueCallback
- (client->socket, &status, plContext),
- PKIX_SOCKETCONNECTCONTINUEFAILED);
-
- if (status == 0) {
- client->connectStatus = HTTP_CONNECTED;
- keepGoing = PKIX_TRUE;
- } else if (status != PR_IN_PROGRESS_ERROR) {
- PKIX_ERROR(PKIX_UNEXPECTEDERRORINESTABLISHINGCONNECTION);
- }
-
- *pKeepGoing = keepGoing;
-
-cleanup:
- PKIX_RETURN(HTTPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_HttpDefaultClient_Send
- * DESCRIPTION:
- *
- * This function creates and sends HTTP-protocol headers and, if applicable,
- * data, for the HttpDefaultClient "client", and stores in "pKeepGoing" a flag
- * indicating whether processing can continue without further input, and at
- * "pBytesTransferred" the number of bytes sent.
- *
- * If "pBytesTransferred" is zero, it indicates that non-blocking I/O is in use
- * and that transmission has not completed.
- *
- * PARAMETERS:
- * "client"
- * The address of the HttpDefaultClient object. Must be non-NULL.
- * "pKeepGoing"
- * The address at which the Boolean state machine flag is stored to
- * indicate whether processing can continue without further input.
- * Must be non-NULL.
- * "pBytesTransferred"
- * The address at which the number of bytes sent is stored. Must be
- * non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a HttpDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_HttpDefaultClient_Send(
- PKIX_PL_HttpDefaultClient *client,
- PKIX_Boolean *pKeepGoing,
- PKIX_UInt32 *pBytesTransferred,
- void *plContext)
-{
- PKIX_Int32 bytesWritten = 0;
- PKIX_Int32 lenToWrite = 0;
- PKIX_PL_Socket_Callback *callbackList = NULL;
- char *dataToWrite = NULL;
-
- PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_Send");
- PKIX_NULLCHECK_THREE(client, pKeepGoing, pBytesTransferred);
-
- *pKeepGoing = PKIX_FALSE;
-
- /* Do we have anything waiting to go? */
- if ((client->GETBuf) || (client->POSTBuf)) {
-
- if (client->GETBuf) {
- dataToWrite = client->GETBuf;
- lenToWrite = client->GETLen;
- } else {
- dataToWrite = client->POSTBuf;
- lenToWrite = client->POSTLen;
- }
-
- callbackList = (PKIX_PL_Socket_Callback *)client->callbackList;
-
- PKIX_CHECK(callbackList->sendCallback
- (client->socket,
- dataToWrite,
- lenToWrite,
- &bytesWritten,
- plContext),
- PKIX_SOCKETSENDFAILED);
-
- client->rcvBuf = NULL;
- client->capacity = 0;
- client->filledupBytes = 0;
-
- /*
- * If the send completed we can proceed to try for the
- * response. If the send did not complete we will have
- * to poll for completion later.
- */
- if (bytesWritten >= 0) {
- client->connectStatus = HTTP_RECV_HDR;
- *pKeepGoing = PKIX_TRUE;
- } else {
- client->connectStatus = HTTP_SEND_PENDING;
- *pKeepGoing = PKIX_FALSE;
- }
-
- }
-
- *pBytesTransferred = bytesWritten;
-
-cleanup:
- PKIX_RETURN(HTTPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_HttpDefaultClient_SendContinue
- * DESCRIPTION:
- *
- * This function determines whether the sending of the HTTP message for the
- * HttpDefaultClient "client" has completed, and stores in "pKeepGoing" a
- * flag indicating whether processing can continue without further input, and
- * at "pBytesTransferred" the number of bytes sent.
- *
- * If "pBytesTransferred" is zero, it indicates that non-blocking I/O is in use
- * and that transmission has not completed.
- *
- * PARAMETERS:
- * "client"
- * The address of the HttpDefaultClient object. Must be non-NULL.
- * "pKeepGoing"
- * The address at which the Boolean state machine flag is stored to
- * indicate whether processing can continue without further input.
- * Must be non-NULL.
- * "pBytesTransferred"
- * The address at which the number of bytes sent is stored. Must be
- * non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a HttpDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_HttpDefaultClient_SendContinue(
- PKIX_PL_HttpDefaultClient *client,
- PKIX_Boolean *pKeepGoing,
- PKIX_UInt32 *pBytesTransferred,
- void *plContext)
-{
- PKIX_Int32 bytesWritten = 0;
- PKIX_PL_Socket_Callback *callbackList = NULL;
-
- PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_SendContinue");
- PKIX_NULLCHECK_THREE(client, pKeepGoing, pBytesTransferred);
-
- *pKeepGoing = PKIX_FALSE;
-
- callbackList = (PKIX_PL_Socket_Callback *)client->callbackList;
-
- PKIX_CHECK(callbackList->pollCallback
- (client->socket, &bytesWritten, NULL, plContext),
- PKIX_SOCKETPOLLFAILED);
-
- /*
- * If the send completed we can proceed to try for the
- * response. If the send did not complete we will have
- * continue to poll.
- */
- if (bytesWritten >= 0) {
- client->connectStatus = HTTP_RECV_HDR;
- *pKeepGoing = PKIX_TRUE;
- }
-
- *pBytesTransferred = bytesWritten;
-
-cleanup:
- PKIX_RETURN(HTTPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_HttpDefaultClient_RecvHdr
- * DESCRIPTION:
- *
- * This function receives HTTP headers for the HttpDefaultClient "client", and
- * stores in "pKeepGoing" a flag indicating whether processing can continue
- * without further input.
- *
- * PARAMETERS:
- * "client"
- * The address of the HttpDefaultClient object. Must be non-NULL.
- * "pKeepGoing"
- * The address at which the Boolean state machine flag is stored to
- * indicate whether processing can continue without further input.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a HttpDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_HttpDefaultClient_RecvHdr(
- PKIX_PL_HttpDefaultClient *client,
- PKIX_Boolean *pKeepGoing,
- void *plContext)
-{
- PKIX_UInt32 bytesToRead = 0;
- PKIX_Int32 bytesRead = 0;
- PKIX_PL_Socket_Callback *callbackList = NULL;
-
- PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_RecvHdr");
- PKIX_NULLCHECK_TWO(client, pKeepGoing);
-
- /*
- * rcvbuf, capacity, and filledupBytes were
- * initialized when we wrote the headers. We begin by reading
- * HTTP_HEADER_BUFSIZE bytes, repeatedly increasing the buffersize and
- * reading again if necessary, until we have read the end-of-header
- * marker, "\r\n\r\n", or have reached our maximum.
- */
- client->capacity += HTTP_HEADER_BUFSIZE;
- PKIX_CHECK(PKIX_PL_Realloc
- (client->rcvBuf,
- client->capacity,
- (void **)&(client->rcvBuf),
- plContext),
- PKIX_REALLOCFAILED);
-
- bytesToRead = client->capacity - client->filledupBytes;
-
- callbackList = (PKIX_PL_Socket_Callback *)client->callbackList;
-
- PKIX_CHECK(callbackList->recvCallback
- (client->socket,
- (void *)&(client->rcvBuf[client->filledupBytes]),
- bytesToRead,
- &bytesRead,
- plContext),
- PKIX_SOCKETRECVFAILED);
-
- if (bytesRead > 0) {
- /* client->filledupBytes will be adjusted by
- * pkix_pl_HttpDefaultClient_HdrCheckComplete */
- PKIX_CHECK(
- pkix_pl_HttpDefaultClient_HdrCheckComplete(client, bytesRead,
- pKeepGoing,
- plContext),
- PKIX_HTTPDEFAULTCLIENTHDRCHECKCOMPLETEFAILED);
- } else {
- client->connectStatus = HTTP_RECV_HDR_PENDING;
- *pKeepGoing = PKIX_FALSE;
- }
-
-cleanup:
- PKIX_RETURN(HTTPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_HttpDefaultClient_RecvHdrContinue
- * DESCRIPTION:
- *
- * This function determines whether the receiving of the HTTP headers for the
- * HttpDefaultClient "client" has completed, and stores in "pKeepGoing" a flag
- * indicating whether processing can continue without further input.
- *
- * PARAMETERS:
- * "client"
- * The address of the HttpDefaultClient object. Must be non-NULL.
- * "pKeepGoing"
- * The address at which the Boolean state machine flag is stored to
- * indicate whether processing can continue without further input.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a HttpDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_HttpDefaultClient_RecvHdrContinue(
- PKIX_PL_HttpDefaultClient *client,
- PKIX_Boolean *pKeepGoing,
- void *plContext)
-{
- PKIX_Int32 bytesRead = 0;
- PKIX_PL_Socket_Callback *callbackList = NULL;
-
- PKIX_ENTER
- (HTTPDEFAULTCLIENT,
- "pkix_pl_HttpDefaultClient_RecvHdrContinue");
- PKIX_NULLCHECK_TWO(client, pKeepGoing);
-
- callbackList = (PKIX_PL_Socket_Callback *)client->callbackList;
-
- PKIX_CHECK(callbackList->pollCallback
- (client->socket, NULL, &bytesRead, plContext),
- PKIX_SOCKETPOLLFAILED);
-
- if (bytesRead > 0) {
- client->filledupBytes += bytesRead;
-
- PKIX_CHECK(pkix_pl_HttpDefaultClient_HdrCheckComplete
- (client, bytesRead, pKeepGoing, plContext),
- PKIX_HTTPDEFAULTCLIENTHDRCHECKCOMPLETEFAILED);
-
- } else {
-
- *pKeepGoing = PKIX_FALSE;
-
- }
-
-cleanup:
- PKIX_RETURN(HTTPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_HttpDefaultClient_RecvBody
- * DESCRIPTION:
- *
- * This function processes the contents of the first buffer of a received
- * HTTP-protocol message for the HttpDefaultClient "client", and stores in
- * "pKeepGoing" a flag indicating whether processing can continue without
- * further input.
- *
- * PARAMETERS:
- * "client"
- * The address of the HttpDefaultClient object. Must be non-NULL.
- * "pKeepGoing"
- * The address at which the Boolean state machine flag is stored to
- * indicate whether processing can continue without further input.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a HttpDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_HttpDefaultClient_RecvBody(
- PKIX_PL_HttpDefaultClient *client,
- PKIX_Boolean *pKeepGoing,
- void *plContext)
-{
- PKIX_Int32 bytesRead = 0;
- PKIX_Int32 bytesToRead = 0;
- PKIX_PL_Socket_Callback *callbackList = NULL;
-
- PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_RecvBody");
- PKIX_NULLCHECK_TWO(client, pKeepGoing);
-
- callbackList = (PKIX_PL_Socket_Callback *)client->callbackList;
-
- if (client->rcv_http_data_len != HTTP_UNKNOWN_CONTENT_LENGTH) {
- bytesToRead = client->rcv_http_data_len -
- client->filledupBytes;
- } else {
- /* Reading till the EOF. Context length is not known.*/
- /* Check the buffer capacity: increase and
- * reallocate if it is low. */
- int freeBuffSize = client->capacity - client->filledupBytes;
- if (freeBuffSize < HTTP_MIN_AVAILABLE_BUFFER_SIZE) {
- /* New length will be consist of available(downloaded) bytes,
- * plus remaining capacity, plus new expansion. */
- int currBuffSize = client->capacity;
- /* Try to increase the buffer by 4K */
- int newLength = currBuffSize + HTTP_DATA_BUFSIZE;
- if (client->maxResponseLen > 0 &&
- newLength > client->maxResponseLen) {
- newLength = client->maxResponseLen;
- }
- /* Check if we can grow the buffer and report an error if
- * new size is not larger than the current size of the buffer.*/
- if (newLength <= client->filledupBytes) {
- client->rcv_http_data_len = client->filledupBytes;
- client->connectStatus = HTTP_ERROR;
- *pKeepGoing = PKIX_FALSE;
- goto cleanup;
- }
- if (client->capacity < newLength) {
- client->capacity = newLength;
- PKIX_CHECK(
- PKIX_PL_Realloc(client->rcvBuf, newLength,
- (void**)&client->rcvBuf, plContext),
- PKIX_REALLOCFAILED);
- freeBuffSize = client->capacity -
- client->filledupBytes;
- }
- }
- bytesToRead = freeBuffSize;
- }
-
- /* Use poll callback if waiting on non-blocking IO */
- if (client->connectStatus == HTTP_RECV_BODY_PENDING) {
- PKIX_CHECK(callbackList->pollCallback
- (client->socket, NULL, &bytesRead, plContext),
- PKIX_SOCKETPOLLFAILED);
- } else {
- PKIX_CHECK(callbackList->recvCallback
- (client->socket,
- (void *)&(client->rcvBuf[client->filledupBytes]),
- bytesToRead,
- &bytesRead,
- plContext),
- PKIX_SOCKETRECVFAILED);
- }
-
- /* If bytesRead < 0, an error will be thrown by recvCallback, so
- * need to handle >= 0 cases. */
-
- /* bytesRead == 0 - IO was blocked. */
- if (bytesRead == 0) {
- client->connectStatus = HTTP_RECV_BODY_PENDING;
- *pKeepGoing = PKIX_TRUE;
- goto cleanup;
- }
-
- /* We got something. Did we get it all? */
- client->filledupBytes += bytesRead;
-
- /* continue if not enough bytes read or if complete size of
- * transfer is unknown */
- if (bytesToRead > bytesRead ||
- client->rcv_http_data_len == HTTP_UNKNOWN_CONTENT_LENGTH) {
- *pKeepGoing = PKIX_TRUE;
- goto cleanup;
- }
- client->connectStatus = HTTP_COMPLETE;
- *pKeepGoing = PKIX_FALSE;
-
-cleanup:
- if (pkixErrorResult && pkixErrorResult->errCode ==
- PKIX_PRRECVREPORTSNETWORKCONNECTIONCLOSED) {
- if (client->rcv_http_data_len == HTTP_UNKNOWN_CONTENT_LENGTH) {
- client->rcv_http_data_len = client->filledupBytes;
- client->connectStatus = HTTP_COMPLETE;
- *pKeepGoing = PKIX_FALSE;
- PKIX_DECREF(pkixErrorResult);
- } else {
- client->connectStatus = HTTP_ERROR;
- }
- }
-
- PKIX_RETURN(HTTPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_HttpDefaultClient_Dispatch
- * DESCRIPTION:
- *
- * This function is the state machine dispatcher for the HttpDefaultClient
- * pointed to by "client". Results are returned by changes to various fields
- * in the context.
- *
- * PARAMETERS:
- * "client"
- * The address of the HttpDefaultClient object. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a HttpDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_HttpDefaultClient_Dispatch(
- PKIX_PL_HttpDefaultClient *client,
- void *plContext)
-{
- PKIX_UInt32 bytesTransferred = 0;
- PKIX_Boolean keepGoing = PKIX_TRUE;
-
- PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_Dispatch");
- PKIX_NULLCHECK_ONE(client);
-
- while (keepGoing) {
- switch (client->connectStatus) {
- case HTTP_CONNECT_PENDING:
- PKIX_CHECK(pkix_pl_HttpDefaultClient_ConnectContinue
- (client, &keepGoing, plContext),
- PKIX_HTTPDEFAULTCLIENTCONNECTCONTINUEFAILED);
- break;
- case HTTP_CONNECTED:
- PKIX_CHECK(pkix_pl_HttpDefaultClient_Send
- (client, &keepGoing, &bytesTransferred, plContext),
- PKIX_HTTPDEFAULTCLIENTSENDFAILED);
- break;
- case HTTP_SEND_PENDING:
- PKIX_CHECK(pkix_pl_HttpDefaultClient_SendContinue
- (client, &keepGoing, &bytesTransferred, plContext),
- PKIX_HTTPDEFAULTCLIENTSENDCONTINUEFAILED);
- break;
- case HTTP_RECV_HDR:
- PKIX_CHECK(pkix_pl_HttpDefaultClient_RecvHdr
- (client, &keepGoing, plContext),
- PKIX_HTTPDEFAULTCLIENTRECVHDRFAILED);
- break;
- case HTTP_RECV_HDR_PENDING:
- PKIX_CHECK(pkix_pl_HttpDefaultClient_RecvHdrContinue
- (client, &keepGoing, plContext),
- PKIX_HTTPDEFAULTCLIENTRECVHDRCONTINUEFAILED);
- break;
- case HTTP_RECV_BODY:
- case HTTP_RECV_BODY_PENDING:
- PKIX_CHECK(pkix_pl_HttpDefaultClient_RecvBody
- (client, &keepGoing, plContext),
- PKIX_HTTPDEFAULTCLIENTRECVBODYFAILED);
- break;
- case HTTP_ERROR:
- case HTTP_COMPLETE:
- keepGoing = PKIX_FALSE;
- break;
- case HTTP_NOT_CONNECTED:
- default:
- PKIX_ERROR(PKIX_HTTPDEFAULTCLIENTINILLEGALSTATE);
- }
- }
-
-cleanup:
-
- PKIX_RETURN(HTTPDEFAULTCLIENT);
-}
-
-/*
- * --HttpClient vtable functions
- * See comments in ocspt.h for the function (wrappers) that return SECStatus.
- * The functions that return PKIX_Error* are the libpkix implementations.
- */
-
-PKIX_Error *
-pkix_pl_HttpDefaultClient_CreateSession(
- const char *host,
- PRUint16 portnum,
- SEC_HTTP_SERVER_SESSION *pSession,
- void *plContext)
-{
- PKIX_PL_HttpDefaultClient *client = NULL;
-
- PKIX_ENTER
- (HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_CreateSession");
- PKIX_NULLCHECK_TWO(host, pSession);
-
- PKIX_CHECK(pkix_pl_HttpDefaultClient_Create
- (host, portnum, &client, plContext),
- PKIX_HTTPDEFAULTCLIENTCREATEFAILED);
-
- *pSession = (SEC_HTTP_SERVER_SESSION)client;
-
-cleanup:
-
- PKIX_RETURN(HTTPDEFAULTCLIENT);
-
-}
-
-PKIX_Error *
-pkix_pl_HttpDefaultClient_KeepAliveSession(
- SEC_HTTP_SERVER_SESSION session,
- PRPollDesc **pPollDesc,
- void *plContext)
-{
- PKIX_PL_HttpDefaultClient *client = NULL;
-
- PKIX_ENTER
- (HTTPDEFAULTCLIENT,
- "pkix_pl_HttpDefaultClient_KeepAliveSession");
- PKIX_NULLCHECK_TWO(session, pPollDesc);
-
- PKIX_CHECK(pkix_CheckType
- ((PKIX_PL_Object *)session,
- PKIX_HTTPDEFAULTCLIENT_TYPE,
- plContext),
- PKIX_SESSIONNOTANHTTPDEFAULTCLIENT);
-
- client = (PKIX_PL_HttpDefaultClient *)session;
-
- /* XXX Not implemented */
-
-cleanup:
-
- PKIX_RETURN(HTTPDEFAULTCLIENT);
-
-}
-
-PKIX_Error *
-pkix_pl_HttpDefaultClient_RequestCreate(
- SEC_HTTP_SERVER_SESSION session,
- const char *http_protocol_variant, /* usually "http" */
- const char *path_and_query_string,
- const char *http_request_method,
- const PRIntervalTime timeout,
- SEC_HTTP_REQUEST_SESSION *pRequest,
- void *plContext)
-{
- PKIX_PL_HttpDefaultClient *client = NULL;
- PKIX_PL_Socket *socket = NULL;
- PKIX_PL_Socket_Callback *callbackList = NULL;
- PRFileDesc *fileDesc = NULL;
- PRErrorCode status = 0;
-
- PKIX_ENTER
- (HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_RequestCreate");
- PKIX_NULLCHECK_TWO(session, pRequest);
-
- PKIX_CHECK(pkix_CheckType
- ((PKIX_PL_Object *)session,
- PKIX_HTTPDEFAULTCLIENT_TYPE,
- plContext),
- PKIX_SESSIONNOTANHTTPDEFAULTCLIENT);
-
- client = (PKIX_PL_HttpDefaultClient *)session;
-
- /* We only know how to do http */
- if (PORT_Strncasecmp(http_protocol_variant, "http", 4) != 0) {
- PKIX_ERROR(PKIX_UNRECOGNIZEDPROTOCOLREQUESTED);
- }
-
- if (PORT_Strncasecmp(http_request_method, "POST", 4) == 0) {
- client->send_http_method = HTTP_POST_METHOD;
- } else if (PORT_Strncasecmp(http_request_method, "GET", 3) == 0) {
- client->send_http_method = HTTP_GET_METHOD;
- } else {
- /* We only know how to do POST and GET */
- PKIX_ERROR(PKIX_UNRECOGNIZEDREQUESTMETHOD);
- }
-
- if (path_and_query_string) {
- /* "path_and_query_string" is a parsing result by CERT_GetURL
- * function that adds "end of line" to the value. OK to dup
- * the string. */
- client->path = PORT_Strdup(path_and_query_string);
- if (!client->path) {
- PKIX_ERROR(PKIX_ALLOCERROR);
- }
- }
-
- client->timeout = timeout;
-
-#if 0
- PKIX_CHECK(pkix_HttpCertStore_FindSocketConnection
- (timeout,
- "variation.red.iplanet.com", /* (char *)client->host, */
- 2001, /* client->portnum, */
- &status,
- &socket,
- plContext),
- PKIX_HTTPCERTSTOREFINDSOCKETCONNECTIONFAILED);
-#else
- PKIX_CHECK(pkix_HttpCertStore_FindSocketConnection
- (timeout,
- (char *)client->host,
- client->portnum,
- &status,
- &socket,
- plContext),
- PKIX_HTTPCERTSTOREFINDSOCKETCONNECTIONFAILED);
-#endif
-
- client->socket = socket;
-
- PKIX_CHECK(pkix_pl_Socket_GetCallbackList
- (socket, &callbackList, plContext),
- PKIX_SOCKETGETCALLBACKLISTFAILED);
-
- client->callbackList = (void *)callbackList;
-
- PKIX_CHECK(pkix_pl_Socket_GetPRFileDesc
- (socket, &fileDesc, plContext),
- PKIX_SOCKETGETPRFILEDESCFAILED);
-
- client->pollDesc.fd = fileDesc;
- client->pollDesc.in_flags = 0;
- client->pollDesc.out_flags = 0;
-
- client->send_http_data = NULL;
- client->send_http_data_len = 0;
- client->send_http_content_type = NULL;
-
- client->connectStatus =
- ((status == 0) ? HTTP_CONNECTED : HTTP_CONNECT_PENDING);
-
- /* Request object is the same object as Session object */
- PKIX_INCREF(client);
- *pRequest = client;
-
-cleanup:
-
- PKIX_RETURN(HTTPDEFAULTCLIENT);
-
-}
-
-PKIX_Error *
-pkix_pl_HttpDefaultClient_SetPostData(
- SEC_HTTP_REQUEST_SESSION request,
- const char *http_data,
- const PRUint32 http_data_len,
- const char *http_content_type,
- void *plContext)
-{
- PKIX_PL_HttpDefaultClient *client = NULL;
-
- PKIX_ENTER
- (HTTPDEFAULTCLIENT,
- "pkix_pl_HttpDefaultClient_SetPostData");
- PKIX_NULLCHECK_ONE(request);
-
- PKIX_CHECK(pkix_CheckType
- ((PKIX_PL_Object *)request,
- PKIX_HTTPDEFAULTCLIENT_TYPE,
- plContext),
- PKIX_REQUESTNOTANHTTPDEFAULTCLIENT);
-
- client = (PKIX_PL_HttpDefaultClient *)request;
-
- client->send_http_data = http_data;
- client->send_http_data_len = http_data_len;
- client->send_http_content_type = http_content_type;
-
- /* Caller is allowed to give NULL or empty string for content_type */
- if ((client->send_http_content_type == NULL) ||
- (*(client->send_http_content_type) == '\0')) {
- client->send_http_content_type = "application/ocsp-request";
- }
-
-cleanup:
-
- PKIX_RETURN(HTTPDEFAULTCLIENT);
-
-}
-
-PKIX_Error *
-pkix_pl_HttpDefaultClient_TrySendAndReceive(
- SEC_HTTP_REQUEST_SESSION request,
- PRUint16 *http_response_code,
- const char **http_response_content_type,
- const char **http_response_headers,
- const char **http_response_data,
- PRUint32 *http_response_data_len,
- PRPollDesc **pPollDesc,
- SECStatus *pSECReturn,
- void *plContext)
-{
- PKIX_PL_HttpDefaultClient *client = NULL;
- PKIX_UInt32 postLen = 0;
- PRPollDesc *pollDesc = NULL;
- char *sendbuf = NULL;
-
- PKIX_ENTER
- (HTTPDEFAULTCLIENT,
- "pkix_pl_HttpDefaultClient_TrySendAndReceive");
-
- PKIX_NULLCHECK_ONE(request);
-
- PKIX_CHECK(pkix_CheckType
- ((PKIX_PL_Object *)request,
- PKIX_HTTPDEFAULTCLIENT_TYPE,
- plContext),
- PKIX_REQUESTNOTANHTTPDEFAULTCLIENT);
-
- client = (PKIX_PL_HttpDefaultClient *)request;
-
- if (!pPollDesc && client->timeout == 0) {
- PKIX_ERROR_FATAL(PKIX_NULLARGUMENT);
- }
-
- if (pPollDesc) {
- pollDesc = *pPollDesc;
- }
-
- /* if not continuing from an earlier WOULDBLOCK return... */
- if (pollDesc == NULL) {
-
- if (!((client->connectStatus == HTTP_CONNECTED) ||
- (client->connectStatus == HTTP_CONNECT_PENDING))) {
- PKIX_ERROR(PKIX_HTTPCLIENTININVALIDSTATE);
- }
-
- /* Did caller provide a value for response length? */
- if (http_response_data_len != NULL) {
- client->pRcv_http_data_len = http_response_data_len;
- client->maxResponseLen = *http_response_data_len;
- }
-
- client->rcv_http_response_code = http_response_code;
- client->rcv_http_content_type = http_response_content_type;
- client->rcv_http_headers = http_response_headers;
- client->rcv_http_data = http_response_data;
-
- /* prepare the message */
- if (client->send_http_method == HTTP_POST_METHOD) {
- sendbuf = PR_smprintf
- ("POST %s HTTP/1.0\r\nHost: %s:%d\r\n"
- "Content-Type: %s\r\nContent-Length: %u\r\n\r\n",
- client->path,
- client->host,
- client->portnum,
- client->send_http_content_type,
- client->send_http_data_len);
- postLen = PORT_Strlen(sendbuf);
-
- client->POSTLen = postLen + client->send_http_data_len;
-
- /* allocate postBuffer big enough for header + data */
- PKIX_CHECK(PKIX_PL_Malloc
- (client->POSTLen,
- (void **)&(client->POSTBuf),
- plContext),
- PKIX_MALLOCFAILED);
-
- /* copy header into postBuffer */
- PORT_Memcpy(client->POSTBuf, sendbuf, postLen);
-
- /* append data after header */
- PORT_Memcpy(&client->POSTBuf[postLen],
- client->send_http_data,
- client->send_http_data_len);
-
- /* PR_smprintf_free original header buffer */
- PR_smprintf_free(sendbuf);
- sendbuf = NULL;
-
- } else if (client->send_http_method == HTTP_GET_METHOD) {
- client->GETBuf = PR_smprintf
- ("GET %s HTTP/1.1\r\nHost: %s:%d\r\n\r\n",
- client->path,
- client->host,
- client->portnum);
- client->GETLen = PORT_Strlen(client->GETBuf);
- }
-
- }
-
- /* continue according to state */
- PKIX_CHECK(pkix_pl_HttpDefaultClient_Dispatch(client, plContext),
- PKIX_HTTPDEFAULTCLIENTDISPATCHFAILED);
-
- switch (client->connectStatus) {
- case HTTP_CONNECT_PENDING:
- case HTTP_SEND_PENDING:
- case HTTP_RECV_HDR_PENDING:
- case HTTP_RECV_BODY_PENDING:
- pollDesc = &(client->pollDesc);
- *pSECReturn = SECWouldBlock;
- break;
- case HTTP_ERROR:
- /* Did caller provide a pointer for length? */
- if (client->pRcv_http_data_len != NULL) {
- /* Was error "response too big?" */
- if (client->rcv_http_data_len !=
- HTTP_UNKNOWN_CONTENT_LENGTH &&
- client->maxResponseLen >=
- client->rcv_http_data_len) {
- /* Yes, report needed space */
- *(client->pRcv_http_data_len) =
- client->rcv_http_data_len;
- } else {
- /* No, report problem other than size */
- *(client->pRcv_http_data_len) = 0;
- }
- }
-
- pollDesc = NULL;
- *pSECReturn = SECFailure;
- break;
- case HTTP_COMPLETE:
- *(client->rcv_http_response_code) =
- client->responseCode;
- if (client->pRcv_http_data_len != NULL) {
- *http_response_data_len =
- client->rcv_http_data_len;
- }
- if (client->rcv_http_data != NULL) {
- *(client->rcv_http_data) = client->rcvBuf;
- }
- pollDesc = NULL;
- *pSECReturn = SECSuccess;
- break;
- case HTTP_NOT_CONNECTED:
- case HTTP_CONNECTED:
- case HTTP_RECV_HDR:
- case HTTP_RECV_BODY:
- default:
- pollDesc = NULL;
- *pSECReturn = SECFailure;
- PKIX_ERROR(PKIX_HTTPCLIENTININVALIDSTATE);
- break;
- }
-
- if (pPollDesc) {
- *pPollDesc = pollDesc;
- }
-
-cleanup:
- if (sendbuf) {
- PR_smprintf_free(sendbuf);
- }
-
- PKIX_RETURN(HTTPDEFAULTCLIENT);
-
-}
-
-PKIX_Error *
-pkix_pl_HttpDefaultClient_Cancel(
- SEC_HTTP_REQUEST_SESSION request,
- void *plContext)
-{
- PKIX_PL_HttpDefaultClient *client = NULL;
-
- PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_Cancel");
- PKIX_NULLCHECK_ONE(request);
-
- PKIX_CHECK(pkix_CheckType
- ((PKIX_PL_Object *)request,
- PKIX_HTTPDEFAULTCLIENT_TYPE,
- plContext),
- PKIX_REQUESTNOTANHTTPDEFAULTCLIENT);
-
- client = (PKIX_PL_HttpDefaultClient *)request;
-
- /* XXX Not implemented */
-
-cleanup:
-
- PKIX_RETURN(HTTPDEFAULTCLIENT);
-
-}
-
-SECStatus
-pkix_pl_HttpDefaultClient_CreateSessionFcn(
- const char *host,
- PRUint16 portnum,
- SEC_HTTP_SERVER_SESSION *pSession)
-{
- PKIX_Error *err = pkix_pl_HttpDefaultClient_CreateSession
- (host, portnum, pSession, plContext);
-
- if (err) {
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)err, plContext);
- return SECFailure;
- }
- return SECSuccess;
-}
-
-SECStatus
-pkix_pl_HttpDefaultClient_KeepAliveSessionFcn(
- SEC_HTTP_SERVER_SESSION session,
- PRPollDesc **pPollDesc)
-{
- PKIX_Error *err = pkix_pl_HttpDefaultClient_KeepAliveSession
- (session, pPollDesc, plContext);
-
- if (err) {
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)err, plContext);
- return SECFailure;
- }
- return SECSuccess;
-}
-
-SECStatus
-pkix_pl_HttpDefaultClient_FreeSessionFcn(
- SEC_HTTP_SERVER_SESSION session)
-{
- PKIX_Error *err =
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)(session), plContext);
-
- if (err) {
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)err, plContext);
- return SECFailure;
- }
- return SECSuccess;
-}
-
-SECStatus
-pkix_pl_HttpDefaultClient_RequestCreateFcn(
- SEC_HTTP_SERVER_SESSION session,
- const char *http_protocol_variant, /* usually "http" */
- const char *path_and_query_string,
- const char *http_request_method,
- const PRIntervalTime timeout,
- SEC_HTTP_REQUEST_SESSION *pRequest)
-{
- PKIX_Error *err = pkix_pl_HttpDefaultClient_RequestCreate
- (session,
- http_protocol_variant,
- path_and_query_string,
- http_request_method,
- timeout,
- pRequest,
- plContext);
-
- if (err) {
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)err, plContext);
- return SECFailure;
- }
- return SECSuccess;
-}
-
-SECStatus
-pkix_pl_HttpDefaultClient_SetPostDataFcn(
- SEC_HTTP_REQUEST_SESSION request,
- const char *http_data,
- const PRUint32 http_data_len,
- const char *http_content_type)
-{
- PKIX_Error *err =
- pkix_pl_HttpDefaultClient_SetPostData(request, http_data,
- http_data_len,
- http_content_type,
- plContext);
- if (err) {
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)err, plContext);
- return SECFailure;
- }
- return SECSuccess;
-}
-
-SECStatus
-pkix_pl_HttpDefaultClient_AddHeaderFcn(
- SEC_HTTP_REQUEST_SESSION request,
- const char *http_header_name,
- const char *http_header_value)
-{
- /* Not supported */
- return SECFailure;
-}
-
-SECStatus
-pkix_pl_HttpDefaultClient_TrySendAndReceiveFcn(
- SEC_HTTP_REQUEST_SESSION request,
- PRPollDesc **pPollDesc,
- PRUint16 *http_response_code,
- const char **http_response_content_type,
- const char **http_response_headers,
- const char **http_response_data,
- PRUint32 *http_response_data_len)
-{
- SECStatus rv = SECFailure;
-
- PKIX_Error *err = pkix_pl_HttpDefaultClient_TrySendAndReceive
- (request,
- http_response_code,
- http_response_content_type,
- http_response_headers,
- http_response_data,
- http_response_data_len,
- pPollDesc,
- &rv,
- plContext);
-
- if (err) {
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)err, plContext);
- return rv;
- }
- return SECSuccess;
-}
-
-SECStatus
-pkix_pl_HttpDefaultClient_CancelFcn(
- SEC_HTTP_REQUEST_SESSION request)
-{
- PKIX_Error *err = pkix_pl_HttpDefaultClient_Cancel(request, plContext);
-
- if (err) {
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)err, plContext);
- return SECFailure;
- }
- return SECSuccess;
-}
-
-SECStatus
-pkix_pl_HttpDefaultClient_FreeFcn(
- SEC_HTTP_REQUEST_SESSION request)
-{
- PKIX_Error *err =
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)(request), plContext);
-
- if (err) {
- PKIX_PL_Object_DecRef((PKIX_PL_Object *)err, plContext);
- return SECFailure;
- }
- return SECSuccess;
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.h b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.h
deleted file mode 100644
index 053477987..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.h
+++ /dev/null
@@ -1,172 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_httpdefaultclient.h
- *
- * HTTPDefaultClient Object Type Definition
- *
- */
-
-#ifndef _PKIX_PL_HTTPDEFAULTCLIENT_H
-#define _PKIX_PL_HTTPDEFAULTCLIENT_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define HTTP_DATA_BUFSIZE 4096
-#define HTTP_HEADER_BUFSIZE 1024
-#define HTTP_MIN_AVAILABLE_BUFFER_SIZE 512
-
-typedef enum {
- HTTP_NOT_CONNECTED,
- HTTP_CONNECT_PENDING,
- HTTP_CONNECTED,
- HTTP_SEND_PENDING,
- HTTP_RECV_HDR,
- HTTP_RECV_HDR_PENDING,
- HTTP_RECV_BODY,
- HTTP_RECV_BODY_PENDING,
- HTTP_COMPLETE,
- HTTP_ERROR
-} HttpConnectStatus;
-
-typedef enum {
- HTTP_POST_METHOD,
- HTTP_GET_METHOD
-} HttpMethod;
-
-struct PKIX_PL_HttpDefaultClientStruct {
- HttpConnectStatus connectStatus;
- PRUint16 portnum;
- PRIntervalTime timeout;
- PKIX_UInt32 bytesToWrite;
- PKIX_UInt32 send_http_data_len;
- PKIX_UInt32 rcv_http_data_len;
- PKIX_UInt32 capacity;
- PKIX_UInt32 filledupBytes;
- PKIX_UInt32 responseCode;
- PKIX_UInt32 maxResponseLen;
- PKIX_UInt32 GETLen;
- PKIX_UInt32 POSTLen;
- PRUint32 *pRcv_http_data_len;
- PRPollDesc pollDesc;
- void *callbackList; /* cast this to (PKIX_PL_Socket_Callback *) */
- char *GETBuf;
- char *POSTBuf;
- char *rcvBuf;
- char *host;
- char *path;
- char *rcvContentType;
- void *rcvHeaders;
- HttpMethod send_http_method;
- const char *send_http_content_type;
- const char *send_http_data;
- PRUint16 *rcv_http_response_code;
- const char **rcv_http_content_type;
- const char **rcv_http_headers;
- const char **rcv_http_data;
- PKIX_PL_Socket *socket;
- void *plContext;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_pl_HttpDefaultClient_RegisterSelf(void *plContext);
-
-SECStatus
-pkix_pl_HttpDefaultClient_CreateSessionFcn(
- const char *host,
- PRUint16 portnum,
- SEC_HTTP_SERVER_SESSION *pSession);
-
-SECStatus
-pkix_pl_HttpDefaultClient_KeepAliveSessionFcn(
- SEC_HTTP_SERVER_SESSION session,
- PRPollDesc **pPollDesc);
-
-SECStatus
-pkix_pl_HttpDefaultClient_FreeSessionFcn(
- SEC_HTTP_SERVER_SESSION session);
-
-SECStatus
-pkix_pl_HttpDefaultClient_RequestCreateFcn(
- SEC_HTTP_SERVER_SESSION session,
- const char *http_protocol_variant, /* usually "http" */
- const char *path_and_query_string,
- const char *http_request_method,
- const PRIntervalTime timeout,
- SEC_HTTP_REQUEST_SESSION *pRequest);
-
-SECStatus
-pkix_pl_HttpDefaultClient_SetPostDataFcn(
- SEC_HTTP_REQUEST_SESSION request,
- const char *http_data,
- const PRUint32 http_data_len,
- const char *http_content_type);
-
-SECStatus
-pkix_pl_HttpDefaultClient_AddHeaderFcn(
- SEC_HTTP_REQUEST_SESSION request,
- const char *http_header_name,
- const char *http_header_value);
-
-SECStatus
-pkix_pl_HttpDefaultClient_TrySendAndReceiveFcn(
- SEC_HTTP_REQUEST_SESSION request,
- PRPollDesc **pPollDesc,
- PRUint16 *http_response_code,
- const char **http_response_content_type,
- const char **http_response_headers,
- const char **http_response_data,
- PRUint32 *http_response_data_len);
-
-SECStatus
-pkix_pl_HttpDefaultClient_CancelFcn(
- SEC_HTTP_REQUEST_SESSION request);
-
-SECStatus
-pkix_pl_HttpDefaultClient_FreeFcn(
- SEC_HTTP_REQUEST_SESSION request);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_HTTPDEFAULTCLIENT_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c
deleted file mode 100644
index 8f7863fd1..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c
+++ /dev/null
@@ -1,1149 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_ldapcertstore.c
- *
- * LDAPCertStore Function Definitions
- *
- */
-
-/* We can't decode the length of a message without at least this many bytes */
-#define MINIMUM_MSG_LENGTH 5
-
-#include "pkix_pl_ldapcertstore.h"
-
-/* --Private-Ldap-CertStore-Database-Functions----------------------- */
-
-/*
- * FUNCTION: pkix_pl_LdapCertStore_DecodeCrossCertPair
- * DESCRIPTION:
- *
- * This function decodes a DER-encoded CrossCertPair pointed to by
- * "responseList" and extracts and decodes the Certificates in that pair,
- * adding the resulting Certs, if the decoding was successful, to the List
- * (possibly empty) pointed to by "certList". If none of the objects
- * can be decoded into a Cert, the List is returned unchanged.
- *
- * PARAMETERS:
- * "derCCPItem"
- * The address of the SECItem containing the DER representation of the
- * CrossCertPair. Must be non-NULL.
- * "certList"
- * The address of the List to which the decoded Certs are added. May be
- * empty, but must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_LdapCertStore_DecodeCrossCertPair(
- SECItem *derCCPItem,
- PKIX_List *certList,
- void *plContext)
-{
- LDAPCertPair certPair = {{ siBuffer, NULL, 0 }, { siBuffer, NULL, 0 }};
- SECStatus rv = SECFailure;
-
- PRArenaPool *tempArena = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_DecodeCrossCertPair");
- PKIX_NULLCHECK_TWO(derCCPItem, certList);
-
- tempArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!tempArena) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- rv = SEC_ASN1DecodeItem(tempArena, &certPair, PKIX_PL_LDAPCrossCertPairTemplate,
- derCCPItem);
- if (rv != SECSuccess) {
- goto cleanup;
- }
-
- if (certPair.forward.data != NULL) {
-
- PKIX_CHECK(
- pkix_pl_Cert_CreateToList(&certPair.forward, certList,
- plContext),
- PKIX_CERTCREATETOLISTFAILED);
- }
-
- if (certPair.reverse.data != NULL) {
-
- PKIX_CHECK(
- pkix_pl_Cert_CreateToList(&certPair.reverse, certList,
- plContext),
- PKIX_CERTCREATETOLISTFAILED);
- }
-
-cleanup:
- if (tempArena) {
- PORT_FreeArena(tempArena, PR_FALSE);
- }
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapCertStore_BuildCertList
- * DESCRIPTION:
- *
- * This function takes a List of LdapResponse objects pointed to by
- * "responseList" and extracts and decodes the Certificates in those responses,
- * storing the List of those Certificates at "pCerts". If none of the objects
- * can be decoded into a Cert, the returned List is empty.
- *
- * PARAMETERS:
- * "responseList"
- * The address of the List of LdapResponses. Must be non-NULL.
- * "pCerts"
- * The address at which the result is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_LdapCertStore_BuildCertList(
- PKIX_List *responseList,
- PKIX_List **pCerts,
- void *plContext)
-{
- PKIX_UInt32 numResponses = 0;
- PKIX_UInt32 respIx = 0;
- LdapAttrMask attrBits = 0;
- PKIX_PL_LdapResponse *response = NULL;
- PKIX_List *certList = NULL;
- LDAPMessage *message = NULL;
- LDAPSearchResponseEntry *sre = NULL;
- LDAPSearchResponseAttr **sreAttrArray = NULL;
- LDAPSearchResponseAttr *sreAttr = NULL;
- SECItem *attrType = NULL;
- SECItem **attrVal = NULL;
- SECItem *derCertItem = NULL;
-
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_BuildCertList");
- PKIX_NULLCHECK_TWO(responseList, pCerts);
-
- PKIX_CHECK(PKIX_List_Create(&certList, plContext),
- PKIX_LISTCREATEFAILED);
-
- /* extract certs from response */
- PKIX_CHECK(PKIX_List_GetLength
- (responseList, &numResponses, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (respIx = 0; respIx < numResponses; respIx++) {
- PKIX_CHECK(PKIX_List_GetItem
- (responseList,
- respIx,
- (PKIX_PL_Object **)&response,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_pl_LdapResponse_GetMessage
- (response, &message, plContext),
- PKIX_LDAPRESPONSEGETMESSAGEFAILED);
-
- sre = &(message->protocolOp.op.searchResponseEntryMsg);
- sreAttrArray = sre->attributes;
-
- /* Get next element of null-terminated array */
- sreAttr = *sreAttrArray++;
- while (sreAttr != NULL) {
- attrType = &(sreAttr->attrType);
- PKIX_CHECK(pkix_pl_LdapRequest_AttrTypeToBit
- (attrType, &attrBits, plContext),
- PKIX_LDAPREQUESTATTRTYPETOBITFAILED);
- /* Is this attrVal a Certificate? */
- if (((LDAPATTR_CACERT | LDAPATTR_USERCERT) &
- attrBits) == attrBits) {
- attrVal = sreAttr->val;
- derCertItem = *attrVal++;
- while (derCertItem != 0) {
- /* create a PKIX_PL_Cert from derCert */
- PKIX_CHECK(pkix_pl_Cert_CreateToList
- (derCertItem, certList, plContext),
- PKIX_CERTCREATETOLISTFAILED);
- derCertItem = *attrVal++;
- }
- } else if ((LDAPATTR_CROSSPAIRCERT & attrBits) == attrBits){
- /* Is this attrVal a CrossPairCertificate? */
- attrVal = sreAttr->val;
- derCertItem = *attrVal++;
- while (derCertItem != 0) {
- /* create PKIX_PL_Certs from derCert */
- PKIX_CHECK(pkix_pl_LdapCertStore_DecodeCrossCertPair
- (derCertItem, certList, plContext),
- PKIX_LDAPCERTSTOREDECODECROSSCERTPAIRFAILED);
- derCertItem = *attrVal++;
- }
- }
- sreAttr = *sreAttrArray++;
- }
- PKIX_DECREF(response);
- }
-
- *pCerts = certList;
-
-cleanup:
- if (PKIX_ERROR_RECEIVED) {
- PKIX_DECREF(certList);
- }
-
- PKIX_DECREF(response);
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapCertStore_BuildCrlList
- * DESCRIPTION:
- *
- * This function takes a List of LdapResponse objects pointed to by
- * "responseList" and extracts and decodes the CRLs in those responses, storing
- * the List of those CRLs at "pCrls". If none of the objects can be decoded
- * into a CRL, the returned List is empty.
- *
- * PARAMETERS:
- * "responseList"
- * The address of the List of LdapResponses. Must be non-NULL.
- * "pCrls"
- * The address at which the result is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_LdapCertStore_BuildCrlList(
- PKIX_List *responseList,
- PKIX_List **pCrls,
- void *plContext)
-{
- PKIX_UInt32 numResponses = 0;
- PKIX_UInt32 respIx = 0;
- LdapAttrMask attrBits = 0;
- CERTSignedCrl *nssCrl = NULL;
- PKIX_PL_LdapResponse *response = NULL;
- PKIX_List *crlList = NULL;
- PKIX_PL_CRL *crl = NULL;
- LDAPMessage *message = NULL;
- LDAPSearchResponseEntry *sre = NULL;
- LDAPSearchResponseAttr **sreAttrArray = NULL;
- LDAPSearchResponseAttr *sreAttr = NULL;
- SECItem *attrType = NULL;
- SECItem **attrVal = NULL;
- SECItem *derCrlCopy = NULL;
- SECItem *derCrlItem = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_BuildCrlList");
- PKIX_NULLCHECK_TWO(responseList, pCrls);
-
- PKIX_CHECK(PKIX_List_Create(&crlList, plContext),
- PKIX_LISTCREATEFAILED);
-
- /* extract crls from response */
- PKIX_CHECK(PKIX_List_GetLength
- (responseList, &numResponses, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (respIx = 0; respIx < numResponses; respIx++) {
- PKIX_CHECK(PKIX_List_GetItem
- (responseList,
- respIx,
- (PKIX_PL_Object **)&response,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_pl_LdapResponse_GetMessage
- (response, &message, plContext),
- PKIX_LDAPRESPONSEGETMESSAGEFAILED);
-
- sre = &(message->protocolOp.op.searchResponseEntryMsg);
- sreAttrArray = sre->attributes;
-
- /* Get next element of null-terminated array */
- sreAttr = *sreAttrArray++;
- while (sreAttr != NULL) {
- attrType = &(sreAttr->attrType);
- PKIX_CHECK(pkix_pl_LdapRequest_AttrTypeToBit
- (attrType, &attrBits, plContext),
- PKIX_LDAPREQUESTATTRTYPETOBITFAILED);
- /* Is this attrVal a Revocation List? */
- if (((LDAPATTR_CERTREVLIST | LDAPATTR_AUTHREVLIST) &
- attrBits) == attrBits) {
- attrVal = sreAttr->val;
- derCrlItem = *attrVal++;
- while (derCrlItem != 0) {
- /* create a PKIX_PL_Crl from derCrl */
- derCrlCopy = SECITEM_DupItem(derCrlItem);
- if (!derCrlCopy) {
- PKIX_ERROR(PKIX_ALLOCERROR);
- }
- /* crl will be based on derCrlCopy, but wont
- * own the der. */
- nssCrl =
- CERT_DecodeDERCrlWithFlags(NULL, derCrlCopy,
- SEC_CRL_TYPE,
- CRL_DECODE_DONT_COPY_DER |
- CRL_DECODE_SKIP_ENTRIES);
- if (!nssCrl) {
- SECITEM_FreeItem(derCrlCopy, PKIX_TRUE);
- continue;
- }
- /* pkix crl own the der. */
- PKIX_CHECK(
- pkix_pl_CRL_CreateWithSignedCRL(nssCrl,
- derCrlCopy, NULL, &crl, plContext),
- PKIX_CRLCREATEWITHSIGNEDCRLFAILED);
- /* Left control over memory pointed by derCrlCopy and
- * nssCrl to pkix crl. */
- derCrlCopy = NULL;
- nssCrl = NULL;
- PKIX_CHECK(PKIX_List_AppendItem
- (crlList, (PKIX_PL_Object *) crl, plContext),
- PKIX_LISTAPPENDITEMFAILED);
- PKIX_DECREF(crl);
- derCrlItem = *attrVal++;
- }
- /* Clean up after PKIX_CHECK_ONLY_FATAL */
- pkixTempErrorReceived = PKIX_FALSE;
- }
- sreAttr = *sreAttrArray++;
- }
- PKIX_DECREF(response);
- }
-
- *pCrls = crlList;
- crlList = NULL;
-cleanup:
- if (derCrlCopy) {
- SECITEM_FreeItem(derCrlCopy, PKIX_TRUE);
- }
- if (nssCrl) {
- SEC_DestroyCrl(nssCrl);
- }
- PKIX_DECREF(crl);
- PKIX_DECREF(crlList);
- PKIX_DECREF(response);
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapCertStore_DestroyAVAList
- * DESCRIPTION:
- *
- * This function frees the space allocated for the components of the
- * equalFilters that make up the andFilter pointed to by "filter".
- *
- * PARAMETERS:
- * "requestParams"
- * The address of the andFilter whose components are to be freed. Must be
- * non-NULL.
- * "plContext"
- * Platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapCertStore_DestroyAVAList(
- LDAPNameComponent **nameComponents,
- void *plContext)
-{
- LDAPNameComponent **currentNC = NULL;
- unsigned char *component = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_DestroyAVAList");
- PKIX_NULLCHECK_ONE(nameComponents);
-
- /* Set currentNC to point to first AVA pointer */
- currentNC = nameComponents;
-
- while ((*currentNC) != NULL) {
- component = (*currentNC)->attrValue;
- if (component != NULL) {
- PORT_Free(component);
- }
- currentNC++;
- }
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapCertStore_MakeNameAVAList
- * DESCRIPTION:
- *
- * This function allocates space from the arena pointed to by "arena" to
- * construct a filter that will match components of the X500Name pointed to
- * by "name", and stores the resulting filter at "pFilter".
- *
- * "name" is checked for commonName and organizationName components (cn=,
- * and o=). The component strings are extracted using the family of
- * CERT_Get* functions, and each must be freed with PORT_Free.
- *
- * It is not clear which components should be in a request, so, for now,
- * we stop adding components after we have found one.
- *
- * PARAMETERS:
- * "arena"
- * The address of the PRArenaPool used in creating the filter. Must be
- * non-NULL.
- * "name"
- * The address of the X500Name whose components define the desired
- * matches. Must be non-NULL.
- * "pList"
- * The address at which the result is stored.
- * "plContext"
- * Platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapCertStore_MakeNameAVAList(
- PRArenaPool *arena,
- PKIX_PL_X500Name *subjectName,
- LDAPNameComponent ***pList,
- void *plContext)
-{
- LDAPNameComponent **setOfNameComponents;
- LDAPNameComponent *currentNameComponent = NULL;
- PKIX_UInt32 componentsPresent = 0;
- void *v = NULL;
- unsigned char *component = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_MakeNameAVAList");
- PKIX_NULLCHECK_THREE(arena, subjectName, pList);
-
- /* Increase this if additional components may be extracted */
-#define MAX_NUM_COMPONENTS 3
-
- /* Space for (MAX_NUM_COMPONENTS + 1) pointers to LDAPNameComponents */
- PKIX_PL_NSSCALLRV(CERTSTORE, v, PORT_ArenaZAlloc,
- (arena, (MAX_NUM_COMPONENTS + 1)*sizeof(LDAPNameComponent *)));
- setOfNameComponents = (LDAPNameComponent **)v;
-
- /* Space for MAX_NUM_COMPONENTS LDAPNameComponents */
- PKIX_PL_NSSCALLRV(CERTSTORE, v, PORT_ArenaZNewArray,
- (arena, LDAPNameComponent, MAX_NUM_COMPONENTS));
-
- currentNameComponent = (LDAPNameComponent *)v;
-
- /* Try for commonName */
- PKIX_CHECK(pkix_pl_X500Name_GetCommonName
- (subjectName, &component, plContext),
- PKIX_X500NAMEGETCOMMONNAMEFAILED);
- if (component) {
- setOfNameComponents[componentsPresent] = currentNameComponent;
- currentNameComponent->attrType = (unsigned char *)"cn";
- currentNameComponent->attrValue = component;
- componentsPresent++;
- currentNameComponent++;
- }
-
- /*
- * The LDAP specification says we can send multiple name components
- * in an "AND" filter, but the LDAP Servers don't seem to be able to
- * handle such requests. So we'll quit after the cn component.
- */
-#if 0
- /* Try for orgName */
- PKIX_CHECK(pkix_pl_X500Name_GetOrgName
- (subjectName, &component, plContext),
- PKIX_X500NAMEGETORGNAMEFAILED);
- if (component) {
- setOfNameComponents[componentsPresent] = currentNameComponent;
- currentNameComponent->attrType = (unsigned char *)"o";
- currentNameComponent->attrValue = component;
- componentsPresent++;
- currentNameComponent++;
- }
-
- /* Try for countryName */
- PKIX_CHECK(pkix_pl_X500Name_GetCountryName
- (subjectName, &component, plContext),
- PKIX_X500NAMEGETCOUNTRYNAMEFAILED);
- if (component) {
- setOfNameComponents[componentsPresent] = currentNameComponent;
- currentNameComponent->attrType = (unsigned char *)"c";
- currentNameComponent->attrValue = component;
- componentsPresent++;
- currentNameComponent++;
- }
-#endif
-
- setOfNameComponents[componentsPresent] = NULL;
-
- *pList = setOfNameComponents;
-
-cleanup:
-
- PKIX_RETURN(CERTSTORE);
-
-}
-
-#if 0
-/*
- * FUNCTION: pkix_pl_LdapCertstore_ConvertCertResponses
- * DESCRIPTION:
- *
- * This function processes the List of LDAPResponses pointed to by "responses"
- * into a List of resulting Certs, storing the result at "pCerts". If there
- * are no responses converted successfully, a NULL may be stored.
- *
- * PARAMETERS:
- * "responses"
- * The LDAPResponses whose contents are to be converted. Must be non-NULL.
- * "pCerts"
- * Address at which the returned List is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_LdapCertStore_ConvertCertResponses(
- PKIX_List *responses,
- PKIX_List **pCerts,
- void *plContext)
-{
- PKIX_List *unfiltered = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_ConvertCertResponses");
- PKIX_NULLCHECK_TWO(responses, pCerts);
-
- /*
- * We have a List of LdapResponse objects that have to be
- * turned into Certs.
- */
- PKIX_CHECK(pkix_pl_LdapCertStore_BuildCertList
- (responses, &unfiltered, plContext),
- PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED);
-
- *pCerts = unfiltered;
-
-cleanup:
-
- PKIX_RETURN(CERTSTORE);
-}
-#endif
-
-/*
- * FUNCTION: pkix_pl_LdapCertStore_GetCert
- * (see description of PKIX_CertStore_CertCallback in pkix_certstore.h)
- */
-PKIX_Error *
-pkix_pl_LdapCertStore_GetCert(
- PKIX_CertStore *store,
- PKIX_CertSelector *selector,
- PKIX_VerifyNode *verifyNode,
- void **pNBIOContext,
- PKIX_List **pCertList,
- void *plContext)
-{
- PRArenaPool *requestArena = NULL;
- LDAPRequestParams requestParams;
- void *pollDesc = NULL;
- PKIX_Int32 minPathLen = 0;
- PKIX_Boolean cacheFlag = PKIX_FALSE;
- PKIX_ComCertSelParams *params = NULL;
- PKIX_PL_LdapCertStoreContext *lcs = NULL;
- PKIX_List *responses = NULL;
- PKIX_List *unfilteredCerts = NULL;
- PKIX_List *filteredCerts = NULL;
- PKIX_PL_X500Name *subjectName = 0;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_GetCert");
- PKIX_NULLCHECK_THREE(store, selector, pCertList);
-
- requestParams.baseObject = "c=US";
- requestParams.scope = WHOLE_SUBTREE;
- requestParams.derefAliases = NEVER_DEREF;
- requestParams.sizeLimit = 0;
- requestParams.timeLimit = 0;
-
- /* Prepare elements for request filter */
-
- /*
- * Get a short-lived arena. We'll be done with this space once
- * the request is encoded.
- */
- requestArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!requestArena) {
- PKIX_ERROR_FATAL(PKIX_OUTOFMEMORY);
- }
-
- PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParams
- (selector, &params, plContext),
- PKIX_CERTSELECTORGETCOMCERTSELPARAMSFAILED);
-
- /*
- * If we have the subject name for the desired subject,
- * ask the server for Certs with that subject.
- */
- PKIX_CHECK(PKIX_ComCertSelParams_GetSubject
- (params, &subjectName, plContext),
- PKIX_COMCERTSELPARAMSGETSUBJECTFAILED);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetBasicConstraints
- (params, &minPathLen, plContext),
- PKIX_COMCERTSELPARAMSGETBASICCONSTRAINTSFAILED);
-
- if (subjectName) {
- PKIX_CHECK(pkix_pl_LdapCertStore_MakeNameAVAList
- (requestArena,
- subjectName,
- &(requestParams.nc),
- plContext),
- PKIX_LDAPCERTSTOREMAKENAMEAVALISTFAILED);
-
- if (*requestParams.nc == NULL) {
- /*
- * The subjectName may not include any components
- * that we know how to encode. We do not return
- * an error, because the caller did not necessarily
- * do anything wrong, but we return an empty List.
- */
- PKIX_PL_NSSCALL(CERTSTORE, PORT_FreeArena,
- (requestArena, PR_FALSE));
-
- PKIX_CHECK(PKIX_List_Create(&filteredCerts, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_SetImmutable
- (filteredCerts, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- *pNBIOContext = NULL;
- *pCertList = filteredCerts;
- filteredCerts = NULL;
- goto cleanup;
- }
- } else {
- PKIX_ERROR(PKIX_INSUFFICIENTCRITERIAFORCERTQUERY);
- }
-
- /* Prepare attribute field of request */
-
- requestParams.attributes = 0;
-
- if (minPathLen < 0) {
- requestParams.attributes |= LDAPATTR_USERCERT;
- }
-
- if (minPathLen > -2) {
- requestParams.attributes |=
- LDAPATTR_CACERT | LDAPATTR_CROSSPAIRCERT;
- }
-
- /* All request fields are done */
-
- PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
- (store, (PKIX_PL_Object **)&lcs, plContext),
- PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
-
- PKIX_CHECK(PKIX_PL_LdapClient_InitiateRequest
- ((PKIX_PL_LdapClient *)lcs,
- &requestParams,
- &pollDesc,
- &responses,
- plContext),
- PKIX_LDAPCLIENTINITIATEREQUESTFAILED);
-
- PKIX_CHECK(pkix_pl_LdapCertStore_DestroyAVAList
- (requestParams.nc, plContext),
- PKIX_LDAPCERTSTOREDESTROYAVALISTFAILED);
-
- if (requestArena) {
- PKIX_PL_NSSCALL(CERTSTORE, PORT_FreeArena,
- (requestArena, PR_FALSE));
- requestArena = NULL;
- }
-
- if (pollDesc != NULL) {
- /* client is waiting for non-blocking I/O to complete */
- *pNBIOContext = (void *)pollDesc;
- *pCertList = NULL;
- goto cleanup;
- }
- /* LdapClient has given us a response! */
-
- if (responses) {
- PKIX_CHECK(PKIX_CertStore_GetCertStoreCacheFlag
- (store, &cacheFlag, plContext),
- PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED);
-
- PKIX_CHECK(pkix_pl_LdapCertStore_BuildCertList
- (responses, &unfilteredCerts, plContext),
- PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED);
-
- PKIX_CHECK(pkix_CertSelector_Select
- (selector, unfilteredCerts, &filteredCerts, plContext),
- PKIX_CERTSELECTORSELECTFAILED);
- }
-
- *pNBIOContext = NULL;
- *pCertList = filteredCerts;
- filteredCerts = NULL;
-
-cleanup:
-
- PKIX_DECREF(params);
- PKIX_DECREF(subjectName);
- PKIX_DECREF(responses);
- PKIX_DECREF(unfilteredCerts);
- PKIX_DECREF(filteredCerts);
- PKIX_DECREF(lcs);
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapCertStore_GetCertContinue
- * (see description of PKIX_CertStore_CertCallback in pkix_certstore.h)
- */
-PKIX_Error *
-pkix_pl_LdapCertStore_GetCertContinue(
- PKIX_CertStore *store,
- PKIX_CertSelector *selector,
- PKIX_VerifyNode *verifyNode,
- void **pNBIOContext,
- PKIX_List **pCertList,
- void *plContext)
-{
- PKIX_Boolean cacheFlag = PKIX_FALSE;
- PKIX_PL_LdapCertStoreContext *lcs = NULL;
- void *pollDesc = NULL;
- PKIX_List *responses = NULL;
- PKIX_List *unfilteredCerts = NULL;
- PKIX_List *filteredCerts = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_GetCertContinue");
- PKIX_NULLCHECK_THREE(store, selector, pCertList);
-
- PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
- (store, (PKIX_PL_Object **)&lcs, plContext),
- PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
-
- PKIX_CHECK(PKIX_PL_LdapClient_ResumeRequest
- ((PKIX_PL_LdapClient *)lcs, &pollDesc, &responses, plContext),
- PKIX_LDAPCLIENTRESUMEREQUESTFAILED);
-
- if (pollDesc != NULL) {
- /* client is waiting for non-blocking I/O to complete */
- *pNBIOContext = (void *)pollDesc;
- *pCertList = NULL;
- goto cleanup;
- }
- /* LdapClient has given us a response! */
-
- if (responses) {
- PKIX_CHECK(PKIX_CertStore_GetCertStoreCacheFlag
- (store, &cacheFlag, plContext),
- PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED);
-
- PKIX_CHECK(pkix_pl_LdapCertStore_BuildCertList
- (responses, &unfilteredCerts, plContext),
- PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED);
-
- PKIX_CHECK(pkix_CertSelector_Select
- (selector, unfilteredCerts, &filteredCerts, plContext),
- PKIX_CERTSELECTORSELECTFAILED);
- }
-
- *pNBIOContext = NULL;
- *pCertList = filteredCerts;
-
-cleanup:
-
- PKIX_DECREF(responses);
- PKIX_DECREF(unfilteredCerts);
- PKIX_DECREF(lcs);
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapCertStore_GetCRL
- * (see description of PKIX_CertStore_CRLCallback in pkix_certstore.h)
- */
-PKIX_Error *
-pkix_pl_LdapCertStore_GetCRL(
- PKIX_CertStore *store,
- PKIX_CRLSelector *selector,
- void **pNBIOContext,
- PKIX_List **pCrlList,
- void *plContext)
-{
- LDAPRequestParams requestParams;
- void *pollDesc = NULL;
- PRArenaPool *requestArena = NULL;
- PKIX_UInt32 numNames = 0;
- PKIX_UInt32 thisName = 0;
- PKIX_PL_CRL *candidate = NULL;
- PKIX_List *responses = NULL;
- PKIX_List *issuerNames = NULL;
- PKIX_List *filteredCRLs = NULL;
- PKIX_List *unfilteredCRLs = NULL;
- PKIX_PL_X500Name *issuer = NULL;
- PKIX_PL_LdapCertStoreContext *lcs = NULL;
- PKIX_ComCRLSelParams *params = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_GetCRL");
- PKIX_NULLCHECK_THREE(store, selector, pCrlList);
-
- requestParams.baseObject = "c=US";
- requestParams.scope = WHOLE_SUBTREE;
- requestParams.derefAliases = NEVER_DEREF;
- requestParams.sizeLimit = 0;
- requestParams.timeLimit = 0;
- requestParams.attributes = LDAPATTR_CERTREVLIST | LDAPATTR_AUTHREVLIST;
- /* Prepare elements for request filter */
-
- /* XXX Place CRLDP code here. Handle the case when */
- /* RFC 5280. Paragraph: 4.2.1.13: */
- /* If the distributionPoint field contains a directoryName, the entry */
- /* for that directoryName contains the current CRL for the associated */
- /* reasons and the CRL is issued by the associated cRLIssuer. The CRL */
- /* may be stored in either the certificateRevocationList or */
- /* authorityRevocationList attribute. The CRL is to be obtained by the */
- /* application from whatever directory server is locally configured. */
- /* The protocol the application uses to access the directory (e.g., DAP */
- /* or LDAP) is a local matter. */
-
-
-
- /*
- * Get a short-lived arena. We'll be done with this space once
- * the request is encoded.
- */
- PKIX_PL_NSSCALLRV
- (CERTSTORE, requestArena, PORT_NewArena, (DER_DEFAULT_CHUNKSIZE));
-
- if (!requestArena) {
- PKIX_ERROR_FATAL(PKIX_OUTOFMEMORY);
- }
-
- PKIX_CHECK(PKIX_CRLSelector_GetCommonCRLSelectorParams
- (selector, &params, plContext),
- PKIX_CRLSELECTORGETCOMCERTSELPARAMSFAILED);
-
- PKIX_CHECK(PKIX_ComCRLSelParams_GetIssuerNames
- (params, &issuerNames, plContext),
- PKIX_COMCRLSELPARAMSGETISSUERNAMESFAILED);
-
- /*
- * The specification for PKIX_ComCRLSelParams_GetIssuerNames in
- * pkix_crlsel.h says that if the criterion is not set we get a null
- * pointer. If we get an empty List the criterion is impossible to
- * meet ("must match at least one of the names in the List").
- */
- if (issuerNames) {
-
- PKIX_CHECK(PKIX_List_GetLength
- (issuerNames, &numNames, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- if (numNames > 0) {
- for (thisName = 0; thisName < numNames; thisName++) {
- PKIX_CHECK(PKIX_List_GetItem
- (issuerNames,
- thisName,
- (PKIX_PL_Object **)&issuer,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK
- (pkix_pl_LdapCertStore_MakeNameAVAList
- (requestArena,
- issuer,
- &(requestParams.nc),
- plContext),
- PKIX_LDAPCERTSTOREMAKENAMEAVALISTFAILED);
-
- PKIX_DECREF(issuer);
-
- if (*requestParams.nc == NULL) {
- /*
- * The issuer may not include any
- * components that we know how to
- * encode. We do not return an error,
- * because the caller did not
- * necessarily do anything wrong, but
- * we return an empty List.
- */
- PKIX_PL_NSSCALL
- (CERTSTORE, PORT_FreeArena,
- (requestArena, PR_FALSE));
-
- PKIX_CHECK(PKIX_List_Create
- (&filteredCRLs, plContext),
- PKIX_LISTCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_SetImmutable
- (filteredCRLs, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- *pNBIOContext = NULL;
- *pCrlList = filteredCRLs;
- goto cleanup;
- }
-
- /*
- * LDAP Servers don't seem to be able to handle
- * requests with more than more than one name.
- */
- break;
- }
- } else {
- PKIX_ERROR(PKIX_IMPOSSIBLECRITERIONFORCRLQUERY);
- }
- } else {
- PKIX_ERROR(PKIX_IMPOSSIBLECRITERIONFORCRLQUERY);
- }
-
- /* All request fields are done */
-
- PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
- (store, (PKIX_PL_Object **)&lcs, plContext),
- PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
-
- PKIX_CHECK(PKIX_PL_LdapClient_InitiateRequest
- ((PKIX_PL_LdapClient *)lcs,
- &requestParams,
- &pollDesc,
- &responses,
- plContext),
- PKIX_LDAPCLIENTINITIATEREQUESTFAILED);
-
- PKIX_CHECK(pkix_pl_LdapCertStore_DestroyAVAList
- (requestParams.nc, plContext),
- PKIX_LDAPCERTSTOREDESTROYAVALISTFAILED);
-
- if (requestArena) {
- PKIX_PL_NSSCALL(CERTSTORE, PORT_FreeArena,
- (requestArena, PR_FALSE));
- }
-
- if (pollDesc != NULL) {
- /* client is waiting for non-blocking I/O to complete */
- *pNBIOContext = (void *)pollDesc;
- *pCrlList = NULL;
- goto cleanup;
- }
- /* client has finished! */
-
- if (responses) {
-
- /*
- * We have a List of LdapResponse objects that still have to be
- * turned into Crls.
- */
- PKIX_CHECK(pkix_pl_LdapCertStore_BuildCrlList
- (responses, &unfilteredCRLs, plContext),
- PKIX_LDAPCERTSTOREBUILDCRLLISTFAILED);
-
- PKIX_CHECK(pkix_CRLSelector_Select
- (selector, unfilteredCRLs, &filteredCRLs, plContext),
- PKIX_CRLSELECTORSELECTFAILED);
-
- }
-
- /* Don't throw away the list if one CRL was bad! */
- pkixTempErrorReceived = PKIX_FALSE;
-
- *pNBIOContext = NULL;
- *pCrlList = filteredCRLs;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED) {
- PKIX_DECREF(filteredCRLs);
- }
-
- PKIX_DECREF(params);
- PKIX_DECREF(issuerNames);
- PKIX_DECREF(issuer);
- PKIX_DECREF(candidate);
- PKIX_DECREF(responses);
- PKIX_DECREF(unfilteredCRLs);
- PKIX_DECREF(lcs);
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapCertStore_GetCRLContinue
- * (see description of PKIX_CertStore_CRLCallback in pkix_certstore.h)
- */
-PKIX_Error *
-pkix_pl_LdapCertStore_GetCRLContinue(
- PKIX_CertStore *store,
- PKIX_CRLSelector *selector,
- void **pNBIOContext,
- PKIX_List **pCrlList,
- void *plContext)
-{
- void *nbio = NULL;
- PKIX_PL_CRL *candidate = NULL;
- PKIX_List *responses = NULL;
- PKIX_PL_LdapCertStoreContext *lcs = NULL;
- PKIX_List *filteredCRLs = NULL;
- PKIX_List *unfilteredCRLs = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_GetCRLContinue");
- PKIX_NULLCHECK_FOUR(store, selector, pNBIOContext, pCrlList);
-
- PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
- (store, (PKIX_PL_Object **)&lcs, plContext),
- PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
-
- PKIX_CHECK(PKIX_PL_LdapClient_ResumeRequest
- ((PKIX_PL_LdapClient *)lcs, &nbio, &responses, plContext),
- PKIX_LDAPCLIENTRESUMEREQUESTFAILED);
-
- if (nbio != NULL) {
- /* client is waiting for non-blocking I/O to complete */
- *pNBIOContext = (void *)nbio;
- *pCrlList = NULL;
- goto cleanup;
- }
- /* client has finished! */
-
- if (responses) {
-
- /*
- * We have a List of LdapResponse objects that still have to be
- * turned into Crls.
- */
- PKIX_CHECK(pkix_pl_LdapCertStore_BuildCrlList
- (responses, &unfilteredCRLs, plContext),
- PKIX_LDAPCERTSTOREBUILDCRLLISTFAILED);
-
- PKIX_CHECK(pkix_CRLSelector_Select
- (selector, unfilteredCRLs, &filteredCRLs, plContext),
- PKIX_CRLSELECTORSELECTFAILED);
-
- PKIX_CHECK(PKIX_List_SetImmutable(filteredCRLs, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- }
-
- /* Don't throw away the list if one CRL was bad! */
- pkixTempErrorReceived = PKIX_FALSE;
-
- *pCrlList = filteredCRLs;
-
-cleanup:
- if (PKIX_ERROR_RECEIVED) {
- PKIX_DECREF(filteredCRLs);
- }
-
- PKIX_DECREF(candidate);
- PKIX_DECREF(responses);
- PKIX_DECREF(unfilteredCRLs);
- PKIX_DECREF(lcs);
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/* --Public-LdapCertStore-Functions----------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_LdapCertStore_Create
- * (see comments in pkix_samples_modules.h)
- */
-PKIX_Error *
-PKIX_PL_LdapCertStore_Create(
- PKIX_PL_LdapClient *client,
- PKIX_CertStore **pCertStore,
- void *plContext)
-{
- PKIX_CertStore *certStore = NULL;
-
- PKIX_ENTER(CERTSTORE, "PKIX_PL_LdapCertStore_Create");
- PKIX_NULLCHECK_TWO(client, pCertStore);
-
- PKIX_CHECK(PKIX_CertStore_Create
- (pkix_pl_LdapCertStore_GetCert,
- pkix_pl_LdapCertStore_GetCRL,
- pkix_pl_LdapCertStore_GetCertContinue,
- pkix_pl_LdapCertStore_GetCRLContinue,
- NULL, /* don't support trust */
- NULL, /* can not store crls */
- NULL, /* can not do revocation check */
- (PKIX_PL_Object *)client,
- PKIX_TRUE, /* cache flag */
- PKIX_FALSE, /* not local */
- &certStore,
- plContext),
- PKIX_CERTSTORECREATEFAILED);
-
- *pCertStore = certStore;
-
-cleanup:
-
- PKIX_RETURN(CERTSTORE);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.h b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.h
deleted file mode 100644
index 249c229c9..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_ldapcertstore.h
- *
- * LDAPCertstore Object Type Definition
- *
- */
-
-#ifndef _PKIX_PL_LDAPCERTSTORE_H
-#define _PKIX_PL_LDAPCERTSTORE_H
-
-#include "pkix_pl_ldapt.h"
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * At the time of this version, there are unresolved questions about the LDAP
- * protocol. Although RFC1777 describes a BIND and UNBIND message, it is not
- * clear whether they are appropriate to this application. We have tested only
- * using servers that do not expect authentication, and that reject BIND
- * messages. It is not clear what values might be appropriate for the bindname
- * and authentication fields, which are currently implemented as char strings
- * supplied by the caller. (If this changes, the API and possibly the templates
- * will have to change.) Therefore the CertStore_Create API contains a BindAPI
- * structure, a union, which will have to be revised and extended when this
- * area of the protocol is better understood.
- *
- * It is further assumed that a given LdapCertStore will connect only to a
- * single server, and that the creation of the socket will initiate the
- * CONNECT. Therefore the LdapCertStore handles only the case of continuing
- * the connection, if nonblocking I/O is being used.
- */
-
-typedef enum {
- LDAP_CONNECT_PENDING,
- LDAP_CONNECTED,
- LDAP_BIND_PENDING,
- LDAP_BIND_RESPONSE,
- LDAP_BIND_RESPONSE_PENDING,
- LDAP_BOUND,
- LDAP_SEND_PENDING,
- LDAP_RECV,
- LDAP_RECV_PENDING,
- LDAP_RECV_INITIAL,
- LDAP_RECV_NONINITIAL,
- LDAP_ABANDON_PENDING
-} LDAPConnectStatus;
-
-#define LDAP_CACHEBUCKETS 128
-#define RCVBUFSIZE 512
-
-struct PKIX_PL_LdapCertStoreContext {
- PKIX_PL_LdapClient *client;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_pl_LdapCertStoreContext_RegisterSelf(void *plContext);
-
-PKIX_Error *
-pkix_pl_LdapCertStore_BuildCertList(
- PKIX_List *responseList,
- PKIX_List **pCerts,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_LDAPCERTSTORE_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c
deleted file mode 100644
index 45da0ab3f..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c
+++ /dev/null
@@ -1,2526 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_ldapdefaultclient.c
- *
- * LDAPDefaultClient Function Definitions
- *
- */
-
-/* We can't decode the length of a message without at least this many bytes */
-#define MINIMUM_MSG_LENGTH 5
-
-#include "pkix_pl_ldapdefaultclient.h"
-
-/* --Private-LdapDefaultClient-Message-Building-Functions---------------- */
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_MakeBind
- * DESCRIPTION:
- *
- * This function creates and encodes a Bind message, using the arena pointed
- * to by "arena", the version number contained in "versionData", the
- * LDAPBindAPI pointed to by "bindAPI", and the messageID contained in
- * "msgNum", and stores a pointer to the encoded string at "pBindMsg".
- *
- * See pkix_pl_ldaptemplates.c for the ASN.1 description of a Bind message.
- *
- * This code is not used if the DefaultClient was created with a NULL pointer
- * supplied for the LDAPBindAPI structure. (Bind and Unbind do not seem to be
- * expected for anonymous Search requests.)
- *
- * PARAMETERS:
- * "arena"
- * The address of the PRArenaPool used in encoding the message. Must be
- * non-NULL.
- * "versionData"
- * The Int32 containing the version number to be encoded in the Bind
- * message.
- * "bindAPI"
- * The address of the LDAPBindAPI to be encoded in the Bind message. Must
- * be non-NULL.
- * "msgNum"
- * The Int32 containing the MessageID to be encoded in the Bind message.
- * "pBindMsg"
- * The address at which the encoded Bind message will be stored. Must be
- * non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_MakeBind(
- PRArenaPool *arena,
- PKIX_Int32 versionData,
- LDAPBindAPI *bindAPI,
- PKIX_UInt32 msgNum,
- SECItem **pBindMsg,
- void *plContext)
-{
- LDAPMessage msg;
- char version = '\0';
- SECItem *encoded = NULL;
- PKIX_UInt32 len = 0;
-
- PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_MakeBind");
- PKIX_NULLCHECK_TWO(arena, pBindMsg);
-
- PKIX_PL_NSSCALL(LDAPDEFAULTCLIENT, PORT_Memset,
- (&msg, 0, sizeof (LDAPMessage)));
-
- version = (char)versionData;
-
- msg.messageID.type = siUnsignedInteger;
- msg.messageID.data = (void*)&msgNum;
- msg.messageID.len = sizeof (msgNum);
-
- msg.protocolOp.selector = LDAP_BIND_TYPE;
-
- msg.protocolOp.op.bindMsg.version.type = siUnsignedInteger;
- msg.protocolOp.op.bindMsg.version.data = (void *)&version;
- msg.protocolOp.op.bindMsg.version.len = sizeof (char);
-
- /*
- * XXX At present we only know how to handle anonymous requests (no
- * authentication), and we are guessing how to do simple authentication.
- * This section will need to be revised and extended when other
- * authentication is needed.
- */
- if (bindAPI->selector == SIMPLE_AUTH) {
- msg.protocolOp.op.bindMsg.bindName.type = siAsciiString;
- msg.protocolOp.op.bindMsg.bindName.data =
- (void *)bindAPI->chooser.simple.bindName;
- len = PL_strlen(bindAPI->chooser.simple.bindName);
- msg.protocolOp.op.bindMsg.bindName.len = len;
-
- msg.protocolOp.op.bindMsg.authentication.type = siAsciiString;
- msg.protocolOp.op.bindMsg.authentication.data =
- (void *)bindAPI->chooser.simple.authentication;
- len = PL_strlen(bindAPI->chooser.simple.authentication);
- msg.protocolOp.op.bindMsg.authentication.len = len;
- }
-
- PKIX_PL_NSSCALLRV(LDAPDEFAULTCLIENT, encoded, SEC_ASN1EncodeItem,
- (arena, NULL, (void *)&msg, PKIX_PL_LDAPMessageTemplate));
- if (!encoded) {
- PKIX_ERROR(PKIX_SECASN1ENCODEITEMFAILED);
- }
-
- *pBindMsg = encoded;
-cleanup:
-
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_MakeUnbind
- * DESCRIPTION:
- *
- * This function creates and encodes a Unbind message, using the arena pointed
- * to by "arena" and the messageID contained in "msgNum", and stores a pointer
- * to the encoded string at "pUnbindMsg".
- *
- * See pkix_pl_ldaptemplates.c for the ASN.1 description of an Unbind message.
- *
- * This code is not used if the DefaultClient was created with a NULL pointer
- * supplied for the LDAPBindAPI structure. (Bind and Unbind do not seem to be
- * expected for anonymous Search requests.)
- *
- * PARAMETERS:
- * "arena"
- * The address of the PRArenaPool used in encoding the message. Must be
- * non-NULL.
- * "msgNum"
- * The Int32 containing the MessageID to be encoded in the Unbind message.
- * "pUnbindMsg"
- * The address at which the encoded Unbind message will be stored. Must
- * be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_MakeUnbind(
- PRArenaPool *arena,
- PKIX_UInt32 msgNum,
- SECItem **pUnbindMsg,
- void *plContext)
-{
- LDAPMessage msg;
- SECItem *encoded = NULL;
-
- PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_MakeUnbind");
- PKIX_NULLCHECK_TWO(arena, pUnbindMsg);
-
- PKIX_PL_NSSCALL(LDAPDEFAULTCLIENT, PORT_Memset,
- (&msg, 0, sizeof (LDAPMessage)));
-
- msg.messageID.type = siUnsignedInteger;
- msg.messageID.data = (void*)&msgNum;
- msg.messageID.len = sizeof (msgNum);
-
- msg.protocolOp.selector = LDAP_UNBIND_TYPE;
-
- msg.protocolOp.op.unbindMsg.dummy.type = siBuffer;
- msg.protocolOp.op.unbindMsg.dummy.data = NULL;
- msg.protocolOp.op.unbindMsg.dummy.len = 0;
-
- PKIX_PL_NSSCALLRV(LDAPDEFAULTCLIENT, encoded, SEC_ASN1EncodeItem,
- (arena, NULL, (void *)&msg, PKIX_PL_LDAPMessageTemplate));
- if (!encoded) {
- PKIX_ERROR(PKIX_SECASN1ENCODEITEMFAILED);
- }
-
- *pUnbindMsg = encoded;
-cleanup:
-
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_MakeAbandon
- * DESCRIPTION:
- *
- * This function creates and encodes a Abandon message, using the arena pointed
- * to by "arena" and the messageID contained in "msgNum", and stores a pointer
- * to the encoded string at "pAbandonMsg".
- *
- * See pkix_pl_ldaptemplates.c for the ASN.1 description of an Abandon message.
- *
- * PARAMETERS:
- * "arena"
- * The address of the PRArenaPool used in encoding the message. Must be
- * non-NULL.
- * "msgNum"
- * The Int32 containing the MessageID to be encoded in the Abandon message.
- * "pAbandonMsg"
- * The address at which the encoded Abandon message will be stored. Must
- * be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_MakeAbandon(
- PRArenaPool *arena,
- PKIX_UInt32 msgNum,
- SECItem **pAbandonMsg,
- void *plContext)
-{
- LDAPMessage msg;
- SECItem *encoded = NULL;
-
- PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_MakeAbandon");
- PKIX_NULLCHECK_TWO(arena, pAbandonMsg);
-
- PKIX_PL_NSSCALL(LDAPDEFAULTCLIENT, PORT_Memset,
- (&msg, 0, sizeof (LDAPMessage)));
-
- msg.messageID.type = siUnsignedInteger;
- msg.messageID.data = (void*)&msgNum;
- msg.messageID.len = sizeof (msgNum);
-
- msg.protocolOp.selector = LDAP_ABANDONREQUEST_TYPE;
-
- msg.protocolOp.op.abandonRequestMsg.messageID.type = siBuffer;
- msg.protocolOp.op.abandonRequestMsg.messageID.data = (void*)&msgNum;
- msg.protocolOp.op.abandonRequestMsg.messageID.len = sizeof (msgNum);
-
- PKIX_PL_NSSCALLRV(LDAPDEFAULTCLIENT, encoded, SEC_ASN1EncodeItem,
- (arena, NULL, (void *)&msg, PKIX_PL_LDAPMessageTemplate));
- if (!encoded) {
- PKIX_ERROR(PKIX_SECASN1ENCODEITEMFAILED);
- }
-
- *pAbandonMsg = encoded;
-cleanup:
-
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_DecodeBindResponse
- * DESCRIPTION:
- *
- * This function decodes the encoded data pointed to by "src", using the arena
- * pointed to by "arena", storing the decoded LDAPMessage at "pBindResponse"
- * and the decoding status at "pStatus".
- *
- * PARAMETERS:
- * "arena"
- * The address of the PRArenaPool to be used in decoding the message. Must
- * be non-NULL.
- * "src"
- * The address of the SECItem containing the DER- (or BER-)encoded string.
- * Must be non-NULL.
- * "pBindResponse"
- * The address at which the LDAPMessage is stored, if the decoding is
- * successful (the returned status is SECSuccess). Must be non-NULL.
- * "pStatus"
- * The address at which the decoding status is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_DecodeBindResponse(
- PRArenaPool *arena,
- SECItem *src,
- LDAPMessage *pBindResponse,
- SECStatus *pStatus,
- void *plContext)
-{
- SECStatus rv = SECFailure;
- LDAPMessage response;
-
- PKIX_ENTER
- (LDAPDEFAULTCLIENT,
- "pkix_pl_LdapDefaultClient_DecodeBindResponse");
- PKIX_NULLCHECK_FOUR(arena, src, pBindResponse, pStatus);
-
- PKIX_PL_NSSCALL
- (LDAPDEFAULTCLIENT,
- PORT_Memset,
- (&response, 0, sizeof (LDAPMessage)));
-
- PKIX_PL_NSSCALLRV(LDAPDEFAULTCLIENT, rv, SEC_ASN1DecodeItem,
- (arena, &response, PKIX_PL_LDAPMessageTemplate, src));
-
- if (rv == SECSuccess) {
- *pBindResponse = response;
- }
-
- *pStatus = rv;
-
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_VerifyBindResponse
- * DESCRIPTION:
- *
- * This function verifies that the contents of the message in the rcvbuf of
- * the LdapDefaultClient object pointed to by "client", and whose length is
- * provided by "buflen", is a response to a successful Bind.
- *
- * PARAMETERS:
- * "client"
- * The address of the LdapDefaultClient object. Must be non-NULL.
- * "buflen"
- * The value of the number of bytes in the receive buffer.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_VerifyBindResponse(
- PKIX_PL_LdapDefaultClient *client,
- PKIX_UInt32 bufLen,
- void *plContext)
-{
- SECItem decode = {siBuffer, NULL, 0};
- SECStatus rv = SECFailure;
- LDAPMessage msg;
- LDAPBindResponse *ldapBindResponse = NULL;
-
- PKIX_ENTER
- (LDAPDEFAULTCLIENT,
- "pkix_pl_LdapDefaultClient_VerifyBindResponse");
- PKIX_NULLCHECK_TWO(client, client->rcvBuf);
-
- decode.data = (void *)(client->rcvBuf);
- decode.len = bufLen;
-
- PKIX_CHECK(pkix_pl_LdapDefaultClient_DecodeBindResponse
- (client->arena, &decode, &msg, &rv, plContext),
- PKIX_LDAPDEFAULTCLIENTDECODEBINDRESPONSEFAILED);
-
- if (rv == SECSuccess) {
- ldapBindResponse = &msg.protocolOp.op.bindResponseMsg;
- if (*(ldapBindResponse->resultCode.data) == SUCCESS) {
- client->connectStatus = BOUND;
- } else {
- PKIX_ERROR(PKIX_BINDREJECTEDBYSERVER);
- }
- } else {
- PKIX_ERROR(PKIX_CANTDECODEBINDRESPONSEFROMSERVER);
- }
-
-cleanup:
-
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_RecvCheckComplete
- * DESCRIPTION:
- *
- * This function determines whether the current response in the
- * LdapDefaultClient pointed to by "client" is complete, in the sense that all
- * bytes required to satisfy the message length field in the encoding have been
- * received. If so, the pointer to input data is updated to reflect the number
- * of bytes consumed, provided by "bytesProcessed". The state machine flag
- * pointed to by "pKeepGoing" is updated to indicate whether processing can
- * continue without further input.
- *
- * PARAMETERS:
- * "client"
- * The address of the LdapDefaultClient object. Must be non-NULL.
- * "bytesProcessed"
- * The UInt32 value of the number of bytes consumed from the current
- * buffer.
- * "pKeepGoing"
- * The address at which the Boolean state machine flag is stored to
- * indicate whether processing can continue without further input.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_RecvCheckComplete(
- PKIX_PL_LdapDefaultClient *client,
- PKIX_UInt32 bytesProcessed,
- PKIX_Boolean *pKeepGoing,
- void *plContext)
-{
- PKIX_Boolean complete = PKIX_FALSE;
- SECStatus rv = SECFailure;
- LDAPMessageType messageType = 0;
- LDAPResultCode resultCode = 0;
-
- PKIX_ENTER
- (LDAPDEFAULTCLIENT,
- "pkix_pl_LdapDefaultClient_RecvCheckComplete");
- PKIX_NULLCHECK_TWO(client, pKeepGoing);
-
- PKIX_CHECK(pkix_pl_LdapResponse_IsComplete
- (client->currentResponse, &complete, plContext),
- PKIX_LDAPRESPONSEISCOMPLETEFAILED);
-
- if (complete) {
- PKIX_CHECK(pkix_pl_LdapResponse_Decode
- (client->arena, client->currentResponse, &rv, plContext),
- PKIX_LDAPRESPONSEDECODEFAILED);
-
- if (rv != SECSuccess) {
- PKIX_ERROR(PKIX_CANTDECODESEARCHRESPONSEFROMSERVER);
- }
-
- PKIX_CHECK(pkix_pl_LdapResponse_GetMessageType
- (client->currentResponse, &messageType, plContext),
- PKIX_LDAPRESPONSEGETMESSAGETYPEFAILED);
-
- if (messageType == LDAP_SEARCHRESPONSEENTRY_TYPE) {
-
- if (client->entriesFound == NULL) {
- PKIX_CHECK(PKIX_List_Create
- (&(client->entriesFound), plContext),
- PKIX_LISTCREATEFAILED);
- }
-
- PKIX_CHECK(PKIX_List_AppendItem
- (client->entriesFound,
- (PKIX_PL_Object *)client->currentResponse,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_DECREF(client->currentResponse);
-
- /* current receive buffer empty? */
- if (client->currentBytesAvailable == 0) {
- client->connectStatus = RECV;
- *pKeepGoing = PKIX_TRUE;
- } else {
- client->connectStatus = RECV_INITIAL;
- client->currentInPtr = &((char *)
- (client->currentInPtr))[bytesProcessed];
- *pKeepGoing = PKIX_TRUE;
- }
-
- } else if (messageType == LDAP_SEARCHRESPONSERESULT_TYPE) {
- PKIX_CHECK(pkix_pl_LdapResponse_GetResultCode
- (client->currentResponse,
- &resultCode,
- plContext),
- PKIX_LDAPRESPONSEGETRESULTCODEFAILED);
-
- if ((client->entriesFound == NULL) &&
- ((resultCode == SUCCESS) ||
- (resultCode == NOSUCHOBJECT))) {
- PKIX_CHECK(PKIX_List_Create
- (&(client->entriesFound), plContext),
- PKIX_LISTCREATEFAILED);
- } else if (resultCode == SUCCESS) {
- PKIX_CHECK(PKIX_List_SetImmutable
- (client->entriesFound, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
- PKIX_CHECK(PKIX_PL_HashTable_Add
- (client->cachePtr,
- (PKIX_PL_Object *)client->currentRequest,
- (PKIX_PL_Object *)client->entriesFound,
- plContext),
- PKIX_HASHTABLEADDFAILED);
- } else {
- PKIX_ERROR(PKIX_UNEXPECTEDRESULTCODEINRESPONSE);
- }
-
- client->connectStatus = BOUND;
- *pKeepGoing = PKIX_FALSE;
- PKIX_DECREF(client->currentResponse);
-
- } else {
- PKIX_ERROR(PKIX_SEARCHRESPONSEPACKETOFUNKNOWNTYPE);
- }
- } else {
- client->connectStatus = RECV;
- *pKeepGoing = PKIX_TRUE;
- }
-
-cleanup:
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/* --Private-LdapDefaultClient-Object-Functions------------------------- */
-
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_InitiateRequest(
- PKIX_PL_LdapClient *client,
- LDAPRequestParams *requestParams,
- void **pPollDesc,
- PKIX_List **pResponse,
- void *plContext);
-
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_ResumeRequest(
- PKIX_PL_LdapClient *client,
- void **pPollDesc,
- PKIX_List **pResponse,
- void *plContext);
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_CreateHelper
- * DESCRIPTION:
- *
- * This function creates a new LdapDefaultClient using the Socket pointed to
- * by "socket", the PRIntervalTime pointed to by "timeout", and the
- * LDAPBindAPI pointed to by "bindAPI", and stores the result at "pClient".
- *
- * A value of zero for "timeout" means the LDAPClient will use non-blocking
- * I/O.
- *
- * PARAMETERS:
- * "socket"
- * Address of the Socket to be used for the client. Must be non-NULL.
- * "bindAPI"
- * The address of the LDAPBindAPI containing the Bind information to be
- * encoded in the Bind message.
- * "pClient"
- * The address at which the created LdapDefaultClient is to be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in
- * a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_LdapDefaultClient_CreateHelper(
- PKIX_PL_Socket *socket,
- LDAPBindAPI *bindAPI,
- PKIX_PL_LdapDefaultClient **pClient,
- void *plContext)
-{
- PKIX_PL_HashTable *ht;
- PKIX_PL_LdapDefaultClient *ldapDefaultClient = NULL;
- PKIX_PL_Socket_Callback *callbackList;
- PRFileDesc *fileDesc = NULL;
- PRArenaPool *arena = NULL;
-
- PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_CreateHelper");
- PKIX_NULLCHECK_TWO(socket, pClient);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_LDAPDEFAULTCLIENT_TYPE,
- sizeof (PKIX_PL_LdapDefaultClient),
- (PKIX_PL_Object **)&ldapDefaultClient,
- plContext),
- PKIX_COULDNOTCREATELDAPDEFAULTCLIENTOBJECT);
-
- ldapDefaultClient->vtable.initiateFcn =
- pkix_pl_LdapDefaultClient_InitiateRequest;
- ldapDefaultClient->vtable.resumeFcn =
- pkix_pl_LdapDefaultClient_ResumeRequest;
-
- PKIX_CHECK(pkix_pl_Socket_GetPRFileDesc
- (socket, &fileDesc, plContext),
- PKIX_SOCKETGETPRFILEDESCFAILED);
-
- ldapDefaultClient->pollDesc.fd = fileDesc;
- ldapDefaultClient->pollDesc.in_flags = 0;
- ldapDefaultClient->pollDesc.out_flags = 0;
-
- ldapDefaultClient->bindAPI = bindAPI;
-
- PKIX_CHECK(PKIX_PL_HashTable_Create
- (LDAP_CACHEBUCKETS, 0, &ht, plContext),
- PKIX_HASHTABLECREATEFAILED);
-
- ldapDefaultClient->cachePtr = ht;
-
- PKIX_CHECK(pkix_pl_Socket_GetCallbackList
- (socket, &callbackList, plContext),
- PKIX_SOCKETGETCALLBACKLISTFAILED);
-
- ldapDefaultClient->callbackList = callbackList;
-
- PKIX_INCREF(socket);
- ldapDefaultClient->clientSocket = socket;
-
- ldapDefaultClient->messageID = 0;
-
- ldapDefaultClient->bindAPI = bindAPI;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (!arena) {
- PKIX_ERROR_FATAL(PKIX_OUTOFMEMORY);
- }
- ldapDefaultClient->arena = arena;
-
- ldapDefaultClient->sendBuf = NULL;
- ldapDefaultClient->bytesToWrite = 0;
-
- PKIX_CHECK(PKIX_PL_Malloc
- (RCVBUFSIZE, &ldapDefaultClient->rcvBuf, plContext),
- PKIX_MALLOCFAILED);
- ldapDefaultClient->capacity = RCVBUFSIZE;
-
- ldapDefaultClient->bindMsg = NULL;
- ldapDefaultClient->bindMsgLen = 0;
-
- ldapDefaultClient->entriesFound = NULL;
- ldapDefaultClient->currentRequest = NULL;
- ldapDefaultClient->currentResponse = NULL;
-
- *pClient = ldapDefaultClient;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED) {
- PKIX_DECREF(ldapDefaultClient);
- }
-
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: PKIX_PL_LdapDefaultClient_Create
- * DESCRIPTION:
- *
- * This function creates a new LdapDefaultClient using the PRNetAddr pointed to
- * by "sockaddr", the PRIntervalTime pointed to by "timeout", and the
- * LDAPBindAPI pointed to by "bindAPI", and stores the result at "pClient".
- *
- * A value of zero for "timeout" means the LDAPClient will use non-blocking
- * I/O.
- *
- * PARAMETERS:
- * "sockaddr"
- * Address of the PRNetAddr to be used for the socket connection. Must be
- * non-NULL.
- * "timeout"
- * The PRIntervalTime to be used in I/O requests for this client.
- * "bindAPI"
- * The address of the LDAPBindAPI containing the Bind information to be
- * encoded in the Bind message.
- * "pClient"
- * The address at which the created LdapDefaultClient is to be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in
- * a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_LdapDefaultClient_Create(
- PRNetAddr *sockaddr,
- PRIntervalTime timeout,
- LDAPBindAPI *bindAPI,
- PKIX_PL_LdapDefaultClient **pClient,
- void *plContext)
-{
- PRErrorCode status = 0;
- PKIX_PL_Socket *socket = NULL;
- PKIX_PL_LdapDefaultClient *client = NULL;
-
- PKIX_ENTER(LDAPDEFAULTCLIENT, "PKIX_PL_LdapDefaultClient_Create");
- PKIX_NULLCHECK_TWO(sockaddr, pClient);
-
- PKIX_CHECK(pkix_pl_Socket_Create
- (PKIX_FALSE, timeout, sockaddr, &status, &socket, plContext),
- PKIX_SOCKETCREATEFAILED);
-
- PKIX_CHECK(pkix_pl_LdapDefaultClient_CreateHelper
- (socket, bindAPI, &client, plContext),
- PKIX_LDAPDEFAULTCLIENTCREATEHELPERFAILED);
-
- /* Did Socket_Create say the connection was made? */
- if (status == 0) {
- if (client->bindAPI != NULL) {
- client->connectStatus = CONNECTED;
- } else {
- client->connectStatus = BOUND;
- }
- } else {
- client->connectStatus = CONNECT_PENDING;
- }
-
- *pClient = client;
-
-cleanup:
- if (PKIX_ERROR_RECEIVED) {
- PKIX_DECREF(client);
- }
-
- PKIX_DECREF(socket);
-
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: PKIX_PL_LdapDefaultClient_CreateByName
- * DESCRIPTION:
- *
- * This function creates a new LdapDefaultClient using the hostname pointed to
- * by "hostname", the PRIntervalTime pointed to by "timeout", and the
- * LDAPBindAPI pointed to by "bindAPI", and stores the result at "pClient".
- *
- * A value of zero for "timeout" means the LDAPClient will use non-blocking
- * I/O.
- *
- * PARAMETERS:
- * "hostname"
- * Address of the hostname to be used for the socket connection. Must be
- * non-NULL.
- * "timeout"
- * The PRIntervalTime to be used in I/O requests for this client.
- * "bindAPI"
- * The address of the LDAPBindAPI containing the Bind information to be
- * encoded in the Bind message.
- * "pClient"
- * The address at which the created LdapDefaultClient is to be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in
- * a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_LdapDefaultClient_CreateByName(
- char *hostname,
- PRIntervalTime timeout,
- LDAPBindAPI *bindAPI,
- PKIX_PL_LdapDefaultClient **pClient,
- void *plContext)
-{
- PRErrorCode status = 0;
- PKIX_PL_Socket *socket = NULL;
- PKIX_PL_LdapDefaultClient *client = NULL;
-
- PKIX_ENTER(LDAPDEFAULTCLIENT, "PKIX_PL_LdapDefaultClient_CreateByName");
- PKIX_NULLCHECK_TWO(hostname, pClient);
-
- PKIX_CHECK(pkix_pl_Socket_CreateByName
- (PKIX_FALSE, timeout, hostname, &status, &socket, plContext),
- PKIX_SOCKETCREATEBYNAMEFAILED);
-
- PKIX_CHECK(pkix_pl_LdapDefaultClient_CreateHelper
- (socket, bindAPI, &client, plContext),
- PKIX_LDAPDEFAULTCLIENTCREATEHELPERFAILED);
-
- /* Did Socket_Create say the connection was made? */
- if (status == 0) {
- if (client->bindAPI != NULL) {
- client->connectStatus = CONNECTED;
- } else {
- client->connectStatus = BOUND;
- }
- } else {
- client->connectStatus = CONNECT_PENDING;
- }
-
- *pClient = client;
-
-cleanup:
- if (PKIX_ERROR_RECEIVED) {
- PKIX_DECREF(client);
- }
-
- PKIX_DECREF(socket);
-
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_Int32 bytesWritten = 0;
- PKIX_PL_LdapDefaultClient *client = NULL;
- PKIX_PL_Socket_Callback *callbackList = NULL;
- SECItem *encoded = NULL;
-
- PKIX_ENTER(LDAPDEFAULTCLIENT,
- "pkix_pl_LdapDefaultClient_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_LDAPDEFAULTCLIENT_TYPE, plContext),
- PKIX_OBJECTNOTANLDAPDEFAULTCLIENT);
-
- client = (PKIX_PL_LdapDefaultClient *)object;
-
- switch (client->connectStatus) {
- case CONNECT_PENDING:
- break;
- case CONNECTED:
- case BIND_PENDING:
- case BIND_RESPONSE:
- case BIND_RESPONSE_PENDING:
- case BOUND:
- case SEND_PENDING:
- case RECV:
- case RECV_PENDING:
- case RECV_INITIAL:
- case RECV_NONINITIAL:
- case ABANDON_PENDING:
- if (client->bindAPI != NULL) {
- PKIX_CHECK(pkix_pl_LdapDefaultClient_MakeUnbind
- (client->arena,
- ++(client->messageID),
- &encoded,
- plContext),
- PKIX_LDAPDEFAULTCLIENTMAKEUNBINDFAILED);
-
- callbackList =
- (PKIX_PL_Socket_Callback *)(client->callbackList);
- PKIX_CHECK(callbackList->sendCallback
- (client->clientSocket,
- encoded->data,
- encoded->len,
- &bytesWritten,
- plContext),
- PKIX_SOCKETSENDFAILED);
- }
- break;
- default:
- PKIX_ERROR(PKIX_LDAPDEFAULTCLIENTINILLEGALSTATE);
- }
-
- PKIX_DECREF(client->cachePtr);
- PKIX_DECREF(client->clientSocket);
- PKIX_DECREF(client->entriesFound);
- PKIX_DECREF(client->currentRequest);
- PKIX_DECREF(client->currentResponse);
-
- PKIX_CHECK(PKIX_PL_Free
- (client->rcvBuf, plContext), PKIX_FREEFAILED);
-
- PKIX_PL_NSSCALL
- (LDAPDEFAULTCLIENT,
- PORT_FreeArena,
- (client->arena, PR_FALSE));
-
-cleanup:
-
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_PL_LdapDefaultClient *ldapDefaultClient = NULL;
- PKIX_UInt32 tempHash = 0;
-
- PKIX_ENTER
- (LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_LDAPDEFAULTCLIENT_TYPE, plContext),
- PKIX_OBJECTNOTANLDAPDEFAULTCLIENT);
-
- ldapDefaultClient = (PKIX_PL_LdapDefaultClient *)object;
-
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *)ldapDefaultClient->clientSocket,
- &tempHash,
- plContext),
- PKIX_SOCKETHASHCODEFAILED);
-
- if (ldapDefaultClient->bindAPI != NULL) {
- tempHash = (tempHash << 7) +
- ldapDefaultClient->bindAPI->selector;
- }
-
- *pHashcode = tempHash;
-
-cleanup:
-
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_Equals
- * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Int32 *pResult,
- void *plContext)
-{
- PKIX_PL_LdapDefaultClient *firstClientContext = NULL;
- PKIX_PL_LdapDefaultClient *secondClientContext = NULL;
- PKIX_Int32 compare = 0;
-
- PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- *pResult = PKIX_FALSE;
-
- PKIX_CHECK(pkix_CheckTypes
- (firstObject,
- secondObject,
- PKIX_LDAPDEFAULTCLIENT_TYPE,
- plContext),
- PKIX_OBJECTNOTANLDAPDEFAULTCLIENT);
-
- firstClientContext = (PKIX_PL_LdapDefaultClient *)firstObject;
- secondClientContext = (PKIX_PL_LdapDefaultClient *)secondObject;
-
- if (firstClientContext == secondClientContext) {
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)firstClientContext->clientSocket,
- (PKIX_PL_Object *)secondClientContext->clientSocket,
- &compare,
- plContext),
- PKIX_SOCKETEQUALSFAILED);
-
- if (!compare) {
- goto cleanup;
- }
-
- if (PKIX_EXACTLY_ONE_NULL
- (firstClientContext->bindAPI, secondClientContext->bindAPI)) {
- goto cleanup;
- }
-
- if (firstClientContext->bindAPI) {
- if (firstClientContext->bindAPI->selector !=
- secondClientContext->bindAPI->selector) {
- goto cleanup;
- }
- }
-
- *pResult = PKIX_TRUE;
-
-cleanup:
-
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_RegisterSelf
- *
- * DESCRIPTION:
- * Registers PKIX_PL_LDAPDEFAULTCLIENT_TYPE and its related
- * functions with systemClasses[]
- *
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_LdapDefaultClient_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER
- (LDAPDEFAULTCLIENT,
- "pkix_pl_LdapDefaultClient_RegisterSelf");
-
- entry.description = "LdapDefaultClient";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_LdapDefaultClient);
- entry.destructor = pkix_pl_LdapDefaultClient_Destroy;
- entry.equalsFunction = pkix_pl_LdapDefaultClient_Equals;
- entry.hashcodeFunction = pkix_pl_LdapDefaultClient_Hashcode;
- entry.toStringFunction = NULL;
- entry.comparator = NULL;
- entry.duplicateFunction = NULL;
-
- systemClasses[PKIX_LDAPDEFAULTCLIENT_TYPE] = entry;
-
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_GetPollDesc
- * DESCRIPTION:
- *
- * This function retrieves the PRPollDesc from the LdapDefaultClient
- * pointed to by "context" and stores the address at "pPollDesc".
- *
- * PARAMETERS:
- * "context"
- * The LdapDefaultClient whose PRPollDesc is desired. Must be non-NULL.
- * "pPollDesc"
- * Address where PRPollDesc will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_LdapDefaultClient_GetPollDesc(
- PKIX_PL_LdapDefaultClient *context,
- PRPollDesc **pPollDesc,
- void *plContext)
-{
- PKIX_ENTER
- (LDAPDEFAULTCLIENT,
- "pkix_pl_LdapDefaultClient_GetPollDesc");
- PKIX_NULLCHECK_TWO(context, pPollDesc);
-
- *pPollDesc = &(context->pollDesc);
-
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/* --Private-Ldap-CertStore-I/O-Functions---------------------------- */
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_ConnectContinue
- * DESCRIPTION:
- *
- * This function determines whether a socket Connect initiated earlier for the
- * CertStore embodied in the LdapDefaultClient "client" has completed, and
- * stores in "pKeepGoing" a flag indicating whether processing can continue
- * without further input.
- *
- * PARAMETERS:
- * "client"
- * The address of the LdapDefaultClient object. Must be non-NULL.
- * "pKeepGoing"
- * The address at which the Boolean state machine flag is stored to
- * indicate whether processing can continue without further input.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_ConnectContinue(
- PKIX_PL_LdapDefaultClient *client,
- PKIX_Boolean *pKeepGoing,
- void *plContext)
-{
- PKIX_PL_Socket_Callback *callbackList;
- PRErrorCode status;
- PKIX_Boolean keepGoing = PKIX_FALSE;
-
- PKIX_ENTER
- (LDAPDEFAULTCLIENT,
- "pkix_pl_LdapDefaultClient_ConnectContinue");
- PKIX_NULLCHECK_ONE(client);
-
- callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
-
- PKIX_CHECK(callbackList->connectcontinueCallback
- (client->clientSocket, &status, plContext),
- PKIX_SOCKETCONNECTCONTINUEFAILED);
-
- if (status == 0) {
- if (client->bindAPI != NULL) {
- client->connectStatus = CONNECTED;
- } else {
- client->connectStatus = BOUND;
- }
- keepGoing = PKIX_FALSE;
- } else if (status != PR_IN_PROGRESS_ERROR) {
- PKIX_ERROR(PKIX_UNEXPECTEDERRORINESTABLISHINGCONNECTION);
- }
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)client, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
- *pKeepGoing = keepGoing;
-
-cleanup:
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_Bind
- * DESCRIPTION:
- *
- * This function creates and sends the LDAP-protocol Bind message for the
- * CertStore embodied in the LdapDefaultClient "client", and stores in
- * "pKeepGoing" a flag indicating whether processing can continue without
- * further input.
- *
- * PARAMETERS:
- * "client"
- * The address of the LdapDefaultClient object. Must be non-NULL.
- * "pKeepGoing"
- * The address at which the Boolean state machine flag is stored to
- * indicate whether processing can continue without further input.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_Bind(
- PKIX_PL_LdapDefaultClient *client,
- PKIX_Boolean *pKeepGoing,
- void *plContext)
-{
- SECItem *encoded = NULL;
- PKIX_Int32 bytesWritten = 0;
- PKIX_PL_Socket_Callback *callbackList;
-
- PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_Bind");
- PKIX_NULLCHECK_ONE(client);
-
- /* if we have not yet constructed the BIND message, build it now */
- if (!(client->bindMsg)) {
- PKIX_CHECK(pkix_pl_LdapDefaultClient_MakeBind
- (client->arena,
- 3,
- client->bindAPI,
- client->messageID,
- &encoded,
- plContext),
- PKIX_LDAPDEFAULTCLIENTMAKEBINDFAILED);
- client->bindMsg = encoded->data;
- client->bindMsgLen = encoded->len;
- }
-
- callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
-
- PKIX_CHECK(callbackList->sendCallback
- (client->clientSocket,
- client->bindMsg,
- client->bindMsgLen,
- &bytesWritten,
- plContext),
- PKIX_SOCKETSENDFAILED);
-
- client->lastIO = PR_Now();
-
- if (bytesWritten < 0) {
- client->connectStatus = BIND_PENDING;
- *pKeepGoing = PKIX_FALSE;
- } else {
- client->connectStatus = BIND_RESPONSE;
- *pKeepGoing = PKIX_TRUE;
- }
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)client, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_BindContinue
- * DESCRIPTION:
- *
- * This function determines whether the LDAP-protocol Bind message for the
- * CertStore embodied in the LdapDefaultClient "client" has completed, and
- * stores in "pKeepGoing" a flag indicating whether processing can continue
- * without further input.
- *
- * PARAMETERS:
- * "client"
- * The address of the LdapDefaultClient object. Must be non-NULL.
- * "pKeepGoing"
- * The address at which the Boolean state machine flag is stored to
- * indicate whether processing can continue without further input.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *pkix_pl_LdapDefaultClient_BindContinue(
- PKIX_PL_LdapDefaultClient *client,
- PKIX_Boolean *pKeepGoing,
- void *plContext)
-{
- PKIX_Int32 bytesWritten = 0;
- PKIX_PL_Socket_Callback *callbackList = NULL;
-
- PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_BindContinue");
- PKIX_NULLCHECK_ONE(client);
-
- *pKeepGoing = PKIX_FALSE;
-
- callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
-
- PKIX_CHECK(callbackList->pollCallback
- (client->clientSocket, &bytesWritten, NULL, plContext),
- PKIX_SOCKETPOLLFAILED);
-
- /*
- * If the send completed we can proceed to try for the
- * response. If the send did not complete we will have
- * continue to poll.
- */
- if (bytesWritten >= 0) {
-
- client->connectStatus = BIND_RESPONSE;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)client, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
- *pKeepGoing = PKIX_TRUE;
- }
-
-cleanup:
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_BindResponse
- * DESCRIPTION:
- *
- * This function attempts to read the LDAP-protocol BindResponse message for
- * the CertStore embodied in the LdapDefaultClient "client", and stores in
- * "pKeepGoing" a flag indicating whether processing can continue without
- * further input.
- *
- * If a BindResponse is received with a Result code of 0 (success), we
- * continue with the connection. If a non-zero Result code is received,
- * we throw an Error. Some more sophisticated handling of that condition
- * might be in order in the future.
- *
- * PARAMETERS:
- * "client"
- * The address of the LdapDefaultClient object. Must be non-NULL.
- * "pKeepGoing"
- * The address at which the Boolean state machine flag is stored to
- * indicate whether processing can continue without further input.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_BindResponse(
- PKIX_PL_LdapDefaultClient *client,
- PKIX_Boolean *pKeepGoing,
- void *plContext)
-{
- PKIX_Int32 bytesRead = 0;
- PKIX_PL_Socket_Callback *callbackList = NULL;
-
- PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_BindResponse");
- PKIX_NULLCHECK_TWO(client, client->rcvBuf);
-
- callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
-
- PKIX_CHECK(callbackList->recvCallback
- (client->clientSocket,
- client->rcvBuf,
- client->capacity,
- &bytesRead,
- plContext),
- PKIX_SOCKETRECVFAILED);
-
- client->lastIO = PR_Now();
-
- if (bytesRead > 0) {
- PKIX_CHECK(pkix_pl_LdapDefaultClient_VerifyBindResponse
- (client, bytesRead, plContext),
- PKIX_LDAPDEFAULTCLIENTVERIFYBINDRESPONSEFAILED);
- /*
- * XXX What should we do if failure? At present if
- * VerifyBindResponse throws an Error, we do too.
- */
- client->connectStatus = BOUND;
- } else {
- client->connectStatus = BIND_RESPONSE_PENDING;
- }
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)client, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
- *pKeepGoing = PKIX_TRUE;
-
-cleanup:
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_BindResponseContinue
- * DESCRIPTION:
- *
- * This function determines whether the LDAP-protocol BindResponse message for
- * the CertStore embodied in the LdapDefaultClient "client" has completed, and
- * stores in "pKeepGoing" a flag indicating whether processing can continue
- * without further input.
- *
- * PARAMETERS:
- * "client"
- * The address of the LdapDefaultClient object. Must be non-NULL.
- * "pKeepGoing"
- * The address at which the Boolean state machine flag is stored to
- * indicate whether processing can continue without further input.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_BindResponseContinue(
- PKIX_PL_LdapDefaultClient *client,
- PKIX_Boolean *pKeepGoing,
- void *plContext)
-{
- PKIX_Int32 bytesRead = 0;
- PKIX_PL_Socket_Callback *callbackList = NULL;
-
- PKIX_ENTER
- (LDAPDEFAULTCLIENT,
- "pkix_pl_LdapDefaultClient_BindResponseContinue");
- PKIX_NULLCHECK_ONE(client);
-
- callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
-
- PKIX_CHECK(callbackList->pollCallback
- (client->clientSocket, NULL, &bytesRead, plContext),
- PKIX_SOCKETPOLLFAILED);
-
- if (bytesRead > 0) {
- PKIX_CHECK(pkix_pl_LdapDefaultClient_VerifyBindResponse
- (client, bytesRead, plContext),
- PKIX_LDAPDEFAULTCLIENTVERIFYBINDRESPONSEFAILED);
- client->connectStatus = BOUND;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)client, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
- *pKeepGoing = PKIX_TRUE;
- } else {
- *pKeepGoing = PKIX_FALSE;
- }
-
-cleanup:
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_Send
- * DESCRIPTION:
- *
- * This function creates and sends an LDAP-protocol message for the
- * CertStore embodied in the LdapDefaultClient "client", and stores in
- * "pKeepGoing" a flag indicating whether processing can continue without
- * further input, and at "pBytesTransferred" the number of bytes sent.
- *
- * If "pBytesTransferred" is zero, it indicates that non-blocking I/O is in use
- * and that transmission has not completed.
- *
- * PARAMETERS:
- * "client"
- * The address of the LdapDefaultClient object. Must be non-NULL.
- * "pKeepGoing"
- * The address at which the Boolean state machine flag is stored to
- * indicate whether processing can continue without further input.
- * Must be non-NULL.
- * "pBytesTransferred"
- * The address at which the number of bytes sent is stored. Must be
- * non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_Send(
- PKIX_PL_LdapDefaultClient *client,
- PKIX_Boolean *pKeepGoing,
- PKIX_UInt32 *pBytesTransferred,
- void *plContext)
-{
- PKIX_Int32 bytesWritten = 0;
- PKIX_PL_Socket_Callback *callbackList = NULL;
-
- PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_Send");
- PKIX_NULLCHECK_THREE(client, pKeepGoing, pBytesTransferred);
-
- *pKeepGoing = PKIX_FALSE;
-
- /* Do we have anything waiting to go? */
- if (client->sendBuf) {
- callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
-
- PKIX_CHECK(callbackList->sendCallback
- (client->clientSocket,
- client->sendBuf,
- client->bytesToWrite,
- &bytesWritten,
- plContext),
- PKIX_SOCKETSENDFAILED);
-
- client->lastIO = PR_Now();
-
- /*
- * If the send completed we can proceed to try for the
- * response. If the send did not complete we will have
- * to poll for completion later.
- */
- if (bytesWritten >= 0) {
- client->sendBuf = NULL;
- client->connectStatus = RECV;
- *pKeepGoing = PKIX_TRUE;
-
- } else {
- *pKeepGoing = PKIX_FALSE;
- client->connectStatus = SEND_PENDING;
- }
-
- }
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)client, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
- *pBytesTransferred = bytesWritten;
-
-cleanup:
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_SendContinue
- * DESCRIPTION:
- *
- * This function determines whether the sending of the LDAP-protocol message
- * for the CertStore embodied in the LdapDefaultClient "client" has completed,
- * and stores in "pKeepGoing" a flag indicating whether processing can continue
- * without further input, and at "pBytesTransferred" the number of bytes sent.
- *
- * If "pBytesTransferred" is zero, it indicates that non-blocking I/O is in use
- * and that transmission has not completed.
- *
- * PARAMETERS:
- * "client"
- * The address of the LdapDefaultClient object. Must be non-NULL.
- * "pKeepGoing"
- * The address at which the Boolean state machine flag is stored to
- * indicate whether processing can continue without further input.
- * Must be non-NULL.
- * "pBytesTransferred"
- * The address at which the number of bytes sent is stored. Must be
- * non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_SendContinue(
- PKIX_PL_LdapDefaultClient *client,
- PKIX_Boolean *pKeepGoing,
- PKIX_UInt32 *pBytesTransferred,
- void *plContext)
-{
- PKIX_Int32 bytesWritten = 0;
- PKIX_PL_Socket_Callback *callbackList = NULL;
-
- PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_SendContinue");
- PKIX_NULLCHECK_THREE(client, pKeepGoing, pBytesTransferred);
-
- *pKeepGoing = PKIX_FALSE;
-
- callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
-
- PKIX_CHECK(callbackList->pollCallback
- (client->clientSocket, &bytesWritten, NULL, plContext),
- PKIX_SOCKETPOLLFAILED);
-
- /*
- * If the send completed we can proceed to try for the
- * response. If the send did not complete we will have
- * continue to poll.
- */
- if (bytesWritten >= 0) {
- client->sendBuf = NULL;
- client->connectStatus = RECV;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)client, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
- *pKeepGoing = PKIX_TRUE;
- }
-
- *pBytesTransferred = bytesWritten;
-
-cleanup:
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_Recv
- * DESCRIPTION:
- *
- * This function receives an LDAP-protocol message for the CertStore embodied
- * in the LdapDefaultClient "client", and stores in "pKeepGoing" a flag
- * indicating whether processing can continue without further input.
- *
- * PARAMETERS:
- * "client"
- * The address of the LdapDefaultClient object. Must be non-NULL.
- * "pKeepGoing"
- * The address at which the Boolean state machine flag is stored to
- * indicate whether processing can continue without further input.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_Recv(
- PKIX_PL_LdapDefaultClient *client,
- PKIX_Boolean *pKeepGoing,
- void *plContext)
-{
- PKIX_Int32 bytesRead = 0;
- PKIX_UInt32 bytesToRead = 0;
- PKIX_PL_Socket_Callback *callbackList = NULL;
-
- PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_Recv");
- PKIX_NULLCHECK_THREE(client, pKeepGoing, client->rcvBuf);
-
- callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
-
- /*
- * If we attempt to fill our buffer with every read, we increase
- * the risk of an ugly situation: one or two bytes of a new message
- * left over at the end of processing one message. With such a
- * fragment, we can't decode a byte count and so won't know how much
- * space to allocate for the next LdapResponse. We try to avoid that
- * case by reading just enough to complete the current message, unless
- * there will be at least MINIMUM_MSG_LENGTH bytes left over.
- */
- if (client->currentResponse) {
- PKIX_CHECK(pkix_pl_LdapResponse_GetCapacity
- (client->currentResponse, &bytesToRead, plContext),
- PKIX_LDAPRESPONSEGETCAPACITYFAILED);
- if ((bytesToRead > client->capacity) ||
- ((bytesToRead + MINIMUM_MSG_LENGTH) < client->capacity)) {
- bytesToRead = client->capacity;
- }
- } else {
- bytesToRead = client->capacity;
- }
-
- client->currentBytesAvailable = 0;
-
- PKIX_CHECK(callbackList->recvCallback
- (client->clientSocket,
- (void *)client->rcvBuf,
- bytesToRead,
- &bytesRead,
- plContext),
- PKIX_SOCKETRECVFAILED);
-
- client->currentInPtr = client->rcvBuf;
- client->lastIO = PR_Now();
-
- if (bytesRead > 0) {
- client->currentBytesAvailable = bytesRead;
- client->connectStatus = RECV_INITIAL;
- *pKeepGoing = PKIX_TRUE;
- } else {
- client->connectStatus = RECV_PENDING;
- *pKeepGoing = PKIX_FALSE;
- }
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)client, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
-
-cleanup:
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_RecvContinue
- * DESCRIPTION:
- *
- * This function determines whether the receiving of the LDAP-protocol message
- * for the CertStore embodied in the LdapDefaultClient "client" has completed,
- * and stores in "pKeepGoing" a flag indicating whether processing can continue
- * without further input.
- *
- * PARAMETERS:
- * "client"
- * The address of the LdapDefaultClient object. Must be non-NULL.
- * "pKeepGoing"
- * The address at which the Boolean state machine flag is stored to
- * indicate whether processing can continue without further input.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_RecvContinue(
- PKIX_PL_LdapDefaultClient *client,
- PKIX_Boolean *pKeepGoing,
- void *plContext)
-{
- PKIX_Int32 bytesRead = 0;
- PKIX_PL_Socket_Callback *callbackList = NULL;
-
- PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_RecvContinue");
- PKIX_NULLCHECK_TWO(client, pKeepGoing);
-
- callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
-
- PKIX_CHECK(callbackList->pollCallback
- (client->clientSocket, NULL, &bytesRead, plContext),
- PKIX_SOCKETPOLLFAILED);
-
- if (bytesRead > 0) {
- client->currentBytesAvailable += bytesRead;
- client->connectStatus = RECV_INITIAL;
- *pKeepGoing = PKIX_TRUE;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)client, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
- } else {
- *pKeepGoing = PKIX_FALSE;
- }
-
-cleanup:
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_AbandonContinue
- * DESCRIPTION:
- *
- * This function determines whether the abandon-message request of the
- * LDAP-protocol message for the CertStore embodied in the LdapDefaultClient
- * "client" has completed, and stores in "pKeepGoing" a flag indicating whether
- * processing can continue without further input.
- *
- * PARAMETERS:
- * "client"
- * The address of the LdapDefaultClient object. Must be non-NULL.
- * "pKeepGoing"
- * The address at which the Boolean state machine flag is stored to
- * indicate whether processing can continue without further input.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_AbandonContinue(
- PKIX_PL_LdapDefaultClient *client,
- PKIX_Boolean *pKeepGoing,
- void *plContext)
-{
- PKIX_Int32 bytesWritten = 0;
- PKIX_PL_Socket_Callback *callbackList = NULL;
-
- PKIX_ENTER
- (LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_AbandonContinue");
- PKIX_NULLCHECK_TWO(client, pKeepGoing);
-
- callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
-
- PKIX_CHECK(callbackList->pollCallback
- (client->clientSocket, &bytesWritten, NULL, plContext),
- PKIX_SOCKETPOLLFAILED);
-
- if (bytesWritten > 0) {
- client->connectStatus = BOUND;
- *pKeepGoing = PKIX_TRUE;
-
- PKIX_CHECK(PKIX_PL_Object_InvalidateCache
- ((PKIX_PL_Object *)client, plContext),
- PKIX_OBJECTINVALIDATECACHEFAILED);
- } else {
- *pKeepGoing = PKIX_FALSE;
- }
-
-cleanup:
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_RecvInitial
- * DESCRIPTION:
- *
- * This function processes the contents of the first buffer of a received
- * LDAP-protocol message for the CertStore embodied in the LdapDefaultClient
- * "client", and stores in "pKeepGoing" a flag indicating whether processing can
- * continue without further input.
- *
- * PARAMETERS:
- * "client"
- * The address of the LdapDefaultClient object. Must be non-NULL.
- * "pKeepGoing"
- * The address at which the Boolean state machine flag is stored to
- * indicate whether processing can continue without further input.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_RecvInitial(
- PKIX_PL_LdapDefaultClient *client,
- PKIX_Boolean *pKeepGoing,
- void *plContext)
-{
- unsigned char *msgBuf = NULL;
- unsigned char *to = NULL;
- unsigned char *from = NULL;
- PKIX_UInt32 dataIndex = 0;
- PKIX_UInt32 messageIdLen = 0;
- PKIX_UInt32 messageLength = 0;
- PKIX_UInt32 sizeofLength = 0;
- PKIX_UInt32 bytesProcessed = 0;
- unsigned char messageChar = 0;
- LDAPMessageType messageType = 0;
- PKIX_Int32 bytesRead = 0;
- PKIX_PL_Socket_Callback *callbackList = NULL;
-
- PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_RecvInitial");
- PKIX_NULLCHECK_TWO(client, pKeepGoing);
-
- /*
- * Is there an LDAPResponse in progress? I.e., have we
- * already processed the tag and length at the beginning of
- * the message?
- */
- if (client->currentResponse) {
- client->connectStatus = RECV_NONINITIAL;
- *pKeepGoing = PKIX_TRUE;
- goto cleanup;
- }
- msgBuf = client->currentInPtr;
-
- /* Do we have enough of the message to decode the message length? */
- if (client->currentBytesAvailable < MINIMUM_MSG_LENGTH) {
- /*
- * No! Move these few bytes to the beginning of rcvBuf
- * and hang another read.
- */
-
- to = (unsigned char *)client->rcvBuf;
- from = client->currentInPtr;
- for (dataIndex = 0;
- dataIndex < client->currentBytesAvailable;
- dataIndex++) {
- *to++ = *from++;
- }
- callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
- PKIX_CHECK(callbackList->recvCallback
- (client->clientSocket,
- (void *)to,
- client->capacity - client->currentBytesAvailable,
- &bytesRead,
- plContext),
- PKIX_SOCKETRECVFAILED);
-
- client->currentInPtr = client->rcvBuf;
- client->lastIO = PR_Now();
-
- if (bytesRead <= 0) {
- client->connectStatus = RECV_PENDING;
- *pKeepGoing = PKIX_FALSE;
- goto cleanup;
- } else {
- client->currentBytesAvailable += bytesRead;
- }
- }
-
- /*
- * We have to determine whether the response is an entry, with
- * application-specific tag LDAP_SEARCHRESPONSEENTRY_TYPE, or a
- * resultCode, with application tag LDAP_SEARCHRESPONSERESULT_TYPE.
- * First, we have to figure out where to look for the tag.
- */
-
- /* Is the message length short form (one octet) or long form? */
- if ((msgBuf[1] & 0x80) != 0) {
- sizeofLength = msgBuf[1] & 0x7F;
- for (dataIndex = 0; dataIndex < sizeofLength; dataIndex++) {
- messageLength =
- (messageLength << 8) + msgBuf[dataIndex + 2];
- }
- } else {
- messageLength = msgBuf[1];
- }
-
- /* How many bytes did the messageID require? */
- messageIdLen = msgBuf[dataIndex + 3];
-
- messageChar = msgBuf[dataIndex + messageIdLen + 4];
-
- /* Are we looking at an Entry message or a ResultCode message? */
- if ((SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION |
- LDAP_SEARCHRESPONSEENTRY_TYPE) == messageChar) {
-
- messageType = LDAP_SEARCHRESPONSEENTRY_TYPE;
-
- } else if ((SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION |
- LDAP_SEARCHRESPONSERESULT_TYPE) == messageChar) {
-
- messageType = LDAP_SEARCHRESPONSERESULT_TYPE;
-
- } else {
-
- PKIX_ERROR(PKIX_SEARCHRESPONSEPACKETOFUNKNOWNTYPE);
-
- }
-
- /*
- * messageLength is the length from (tag, length, value).
- * We have to allocate space for the tag and length bits too.
- */
- PKIX_CHECK(pkix_pl_LdapResponse_Create
- (messageType,
- messageLength + dataIndex + 2,
- client->currentBytesAvailable,
- msgBuf,
- &bytesProcessed,
- &(client->currentResponse),
- plContext),
- PKIX_LDAPRESPONSECREATEFAILED);
-
- client->currentBytesAvailable -= bytesProcessed;
-
- PKIX_CHECK(pkix_pl_LdapDefaultClient_RecvCheckComplete
- (client, bytesProcessed, pKeepGoing, plContext),
- PKIX_LDAPDEFAULTCLIENTRECVCHECKCOMPLETEFAILED);
-
-cleanup:
-
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_RecvNonInitial
- * DESCRIPTION:
- *
- * This function processes the contents of buffers, after the first, of a
- * received LDAP-protocol message for the CertStore embodied in the
- * LdapDefaultClient "client", and stores in "pKeepGoing" a flag indicating
- * whether processing can continue without further input.
- *
- * PARAMETERS:
- * "client"
- * The address of the LdapDefaultClient object. Must be non-NULL.
- * "pKeepGoing"
- * The address at which the Boolean state machine flag is stored to
- * indicate whether processing can continue without further input.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_RecvNonInitial(
- PKIX_PL_LdapDefaultClient *client,
- PKIX_Boolean *pKeepGoing,
- void *plContext)
-{
-
- PKIX_UInt32 bytesProcessed = 0;
-
- PKIX_ENTER
- (LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_RecvNonInitial");
- PKIX_NULLCHECK_TWO(client, pKeepGoing);
-
- PKIX_CHECK(pkix_pl_LdapResponse_Append
- (client->currentResponse,
- client->currentBytesAvailable,
- client->currentInPtr,
- &bytesProcessed,
- plContext),
- PKIX_LDAPRESPONSEAPPENDFAILED);
-
- client->currentBytesAvailable -= bytesProcessed;
-
- PKIX_CHECK(pkix_pl_LdapDefaultClient_RecvCheckComplete
- (client, bytesProcessed, pKeepGoing, plContext),
- PKIX_LDAPDEFAULTCLIENTRECVCHECKCOMPLETEFAILED);
-
-cleanup:
-
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_Dispatch
- * DESCRIPTION:
- *
- * This function is the state machine dispatcher for the CertStore embodied in
- * the LdapDefaultClient pointed to by "client". Results are returned by
- * changes to various fields in the context.
- *
- * PARAMETERS:
- * "client"
- * The address of the LdapDefaultClient object. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_Dispatch(
- PKIX_PL_LdapDefaultClient *client,
- void *plContext)
-{
- PKIX_UInt32 bytesTransferred = 0;
- PKIX_Boolean keepGoing = PKIX_TRUE;
-
- PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_Dispatch");
- PKIX_NULLCHECK_ONE(client);
-
- while (keepGoing) {
- switch (client->connectStatus) {
- case CONNECT_PENDING:
- PKIX_CHECK
- (pkix_pl_LdapDefaultClient_ConnectContinue
- (client, &keepGoing, plContext),
- PKIX_LDAPDEFAULTCLIENTCONNECTCONTINUEFAILED);
- break;
- case CONNECTED:
- PKIX_CHECK
- (pkix_pl_LdapDefaultClient_Bind
- (client, &keepGoing, plContext),
- PKIX_LDAPDEFAULTCLIENTBINDFAILED);
- break;
- case BIND_PENDING:
- PKIX_CHECK
- (pkix_pl_LdapDefaultClient_BindContinue
- (client, &keepGoing, plContext),
- PKIX_LDAPDEFAULTCLIENTBINDCONTINUEFAILED);
- break;
- case BIND_RESPONSE:
- PKIX_CHECK
- (pkix_pl_LdapDefaultClient_BindResponse
- (client, &keepGoing, plContext),
- PKIX_LDAPDEFAULTCLIENTBINDRESPONSEFAILED);
- break;
- case BIND_RESPONSE_PENDING:
- PKIX_CHECK
- (pkix_pl_LdapDefaultClient_BindResponseContinue
- (client, &keepGoing, plContext),
- PKIX_LDAPDEFAULTCLIENTBINDRESPONSECONTINUEFAILED);
- break;
- case BOUND:
- PKIX_CHECK
- (pkix_pl_LdapDefaultClient_Send
- (client, &keepGoing, &bytesTransferred, plContext),
- PKIX_LDAPDEFAULTCLIENTSENDFAILED);
- break;
- case SEND_PENDING:
- PKIX_CHECK
- (pkix_pl_LdapDefaultClient_SendContinue
- (client, &keepGoing, &bytesTransferred, plContext),
- PKIX_LDAPDEFAULTCLIENTSENDCONTINUEFAILED);
- break;
- case RECV:
- PKIX_CHECK
- (pkix_pl_LdapDefaultClient_Recv
- (client, &keepGoing, plContext),
- PKIX_LDAPDEFAULTCLIENTRECVFAILED);
- break;
- case RECV_PENDING:
- PKIX_CHECK
- (pkix_pl_LdapDefaultClient_RecvContinue
- (client, &keepGoing, plContext),
- PKIX_LDAPDEFAULTCLIENTRECVCONTINUEFAILED);
- break;
- case RECV_INITIAL:
- PKIX_CHECK
- (pkix_pl_LdapDefaultClient_RecvInitial
- (client, &keepGoing, plContext),
- PKIX_LDAPDEFAULTCLIENTRECVINITIALFAILED);
- break;
- case RECV_NONINITIAL:
- PKIX_CHECK
- (pkix_pl_LdapDefaultClient_RecvNonInitial
- (client, &keepGoing, plContext),
- PKIX_LDAPDEFAULTCLIENTRECVNONINITIALFAILED);
- break;
- case ABANDON_PENDING:
- PKIX_CHECK
- (pkix_pl_LdapDefaultClient_AbandonContinue
- (client, &keepGoing, plContext),
- PKIX_LDAPDEFAULTCLIENTABANDONCONTINUEFAILED);
- break;
- default:
- PKIX_ERROR(PKIX_LDAPCERTSTOREINILLEGALSTATE);
- }
- }
-
-cleanup:
-
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_MakeAndFilter
- * DESCRIPTION:
- *
- * This function allocates space from the arena pointed to by "arena" to
- * construct a filter that will match components of the X500Name pointed to by
- * XXX...
- *
- * PARAMETERS:
- * "arena"
- * The address of the PRArenaPool used in creating the filter. Must be
- * non-NULL.
- * "nameComponent"
- * The address of a NULL-terminated list of LDAPNameComponents
- * Must be non-NULL.
- * "pFilter"
- * The address at which the result is stored.
- * "plContext"
- * Platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_MakeAndFilter(
- PRArenaPool *arena,
- LDAPNameComponent **nameComponents,
- LDAPFilter **pFilter,
- void *plContext)
-{
- LDAPFilter **setOfFilter;
- LDAPFilter *andFilter = NULL;
- LDAPFilter *currentFilter = NULL;
- PKIX_UInt32 componentsPresent = 0;
- void *v = NULL;
- unsigned char *component = NULL;
- LDAPNameComponent **componentP = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_LdapDefaultClient_MakeAndFilter");
- PKIX_NULLCHECK_THREE(arena, nameComponents, pFilter);
-
- /* count how many components we were provided */
- for (componentP = nameComponents, componentsPresent = 0;
- *(componentP++) != NULL;
- componentsPresent++) {}
-
- /* Space for (componentsPresent + 1) pointers to LDAPFilter */
- PKIX_PL_NSSCALLRV(CERTSTORE, v, PORT_ArenaZAlloc,
- (arena, (componentsPresent + 1)*sizeof(LDAPFilter *)));
- setOfFilter = (LDAPFilter **)v;
-
- /* Space for AndFilter and <componentsPresent> EqualFilters */
- PKIX_PL_NSSCALLRV(CERTSTORE, v, PORT_ArenaZNewArray,
- (arena, LDAPFilter, componentsPresent + 1));
- setOfFilter[0] = (LDAPFilter *)v;
-
- /* Claim the first array element for the ANDFilter */
- andFilter = setOfFilter[0];
-
- /* Set ANDFilter to point to the first EqualFilter pointer */
- andFilter->selector = LDAP_ANDFILTER_TYPE;
- andFilter->filter.andFilter.filters = setOfFilter;
-
- currentFilter = andFilter + 1;
-
- for (componentP = nameComponents, componentsPresent = 0;
- *(componentP) != NULL; componentP++) {
- setOfFilter[componentsPresent++] = currentFilter;
- currentFilter->selector = LDAP_EQUALFILTER_TYPE;
- component = (*componentP)->attrType;
- currentFilter->filter.equalFilter.attrType.data = component;
- currentFilter->filter.equalFilter.attrType.len =
- PL_strlen((const char *)component);
- component = (*componentP)->attrValue;
- currentFilter->filter.equalFilter.attrValue.data = component;
- currentFilter->filter.equalFilter.attrValue.len =
- PL_strlen((const char *)component);
- currentFilter++;
- }
-
- setOfFilter[componentsPresent] = NULL;
-
- *pFilter = andFilter;
-
- PKIX_RETURN(CERTSTORE);
-
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_InitiateRequest
- * DESCRIPTION:
- *
- *
- * PARAMETERS:
- * "client"
- * The address of the LdapDefaultClient object. Must be non-NULL.
- * "requestParams"
- * The address of an LdapClientParams object. Must be non-NULL.
- * "pPollDesc"
- * The location where the address of the PRPollDesc is stored, if the
- * client returns with I/O pending.
- * "pResponse"
- * The address where the List of LDAPResponses, or NULL for an
- * unfinished request, is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_InitiateRequest(
- PKIX_PL_LdapClient *genericClient,
- LDAPRequestParams *requestParams,
- void **pPollDesc,
- PKIX_List **pResponse,
- void *plContext)
-{
- PKIX_List *searchResponseList = NULL;
- SECItem *encoded = NULL;
- LDAPFilter *filter = NULL;
- PKIX_PL_LdapDefaultClient *client = 0;
-
- PKIX_ENTER
- (LDAPDEFAULTCLIENT,
- "pkix_pl_LdapDefaultClient_InitiateRequest");
- PKIX_NULLCHECK_FOUR(genericClient, requestParams, pPollDesc, pResponse);
-
- PKIX_CHECK(pkix_CheckType
- ((PKIX_PL_Object *)genericClient,
- PKIX_LDAPDEFAULTCLIENT_TYPE,
- plContext),
- PKIX_GENERICCLIENTNOTANLDAPDEFAULTCLIENT);
-
- client = (PKIX_PL_LdapDefaultClient *)genericClient;
-
- PKIX_CHECK(pkix_pl_LdapDefaultClient_MakeAndFilter
- (client->arena, requestParams->nc, &filter, plContext),
- PKIX_LDAPDEFAULTCLIENTMAKEANDFILTERFAILED);
-
- PKIX_CHECK(pkix_pl_LdapRequest_Create
- (client->arena,
- client->messageID++,
- requestParams->baseObject,
- requestParams->scope,
- requestParams->derefAliases,
- requestParams->sizeLimit,
- requestParams->timeLimit,
- PKIX_FALSE, /* attrs only */
- filter,
- requestParams->attributes,
- &client->currentRequest,
- plContext),
- PKIX_LDAPREQUESTCREATEFAILED);
-
- /* check hashtable for matching request */
- PKIX_CHECK(PKIX_PL_HashTable_Lookup
- (client->cachePtr,
- (PKIX_PL_Object *)(client->currentRequest),
- (PKIX_PL_Object **)&searchResponseList,
- plContext),
- PKIX_HASHTABLELOOKUPFAILED);
-
- if (searchResponseList != NULL) {
- *pPollDesc = NULL;
- *pResponse = searchResponseList;
- PKIX_DECREF(client->currentRequest);
- goto cleanup;
- }
-
- /* It wasn't cached. We'll have to actually send it. */
-
- PKIX_CHECK(pkix_pl_LdapRequest_GetEncoded
- (client->currentRequest, &encoded, plContext),
- PKIX_LDAPREQUESTGETENCODEDFAILED);
-
- client->sendBuf = encoded->data;
- client->bytesToWrite = encoded->len;
-
- PKIX_CHECK(pkix_pl_LdapDefaultClient_Dispatch(client, plContext),
- PKIX_LDAPDEFAULTCLIENTDISPATCHFAILED);
-
- /*
- * It's not enough that we may be done with a particular read.
- * We're still processing the transaction until we've gotten the
- * SearchResponseResult message and returned to the BOUND state.
- * Otherwise we must still have a read pending, and must hold off
- * on returning results.
- */
- if ((client->connectStatus == BOUND) &&
- (client->entriesFound != NULL)) {
- *pPollDesc = NULL;
- *pResponse = client->entriesFound;
- client->entriesFound = NULL;
- PKIX_DECREF(client->currentRequest);
- } else {
- *pPollDesc = &client->pollDesc;
- *pResponse = NULL;
- }
-
-cleanup:
-
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-
-}
-
-/*
- * FUNCTION: pkix_pl_LdapDefaultClient_ResumeRequest
- * DESCRIPTION:
- *
- *
- * PARAMETERS:
- * "client"
- * The address of the LdapDefaultClient object. Must be non-NULL.
- * "pPollDesc"
- * The location where the address of the PRPollDesc is stored, if the
- * client returns with I/O pending.
- * "pResponse"
- * The address where the List of LDAPResponses, or NULL for an
- * unfinished request, is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a LdapDefaultClient Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapDefaultClient_ResumeRequest(
- PKIX_PL_LdapClient *genericClient,
- void **pPollDesc,
- PKIX_List **pResponse,
- void *plContext)
-{
- PKIX_PL_LdapDefaultClient *client = 0;
-
- PKIX_ENTER
- (LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_ResumeRequest");
- PKIX_NULLCHECK_THREE(genericClient, pPollDesc, pResponse);
-
- PKIX_CHECK(pkix_CheckType
- ((PKIX_PL_Object *)genericClient,
- PKIX_LDAPDEFAULTCLIENT_TYPE,
- plContext),
- PKIX_GENERICCLIENTNOTANLDAPDEFAULTCLIENT);
-
- client = (PKIX_PL_LdapDefaultClient *)genericClient;
-
- PKIX_CHECK(pkix_pl_LdapDefaultClient_Dispatch(client, plContext),
- PKIX_LDAPDEFAULTCLIENTDISPATCHFAILED);
-
- /*
- * It's not enough that we may be done with a particular read.
- * We're still processing the transaction until we've gotten the
- * SearchResponseResult message and returned to the BOUND state.
- * Otherwise we must still have a read pending, and must hold off
- * on returning results.
- */
- if ((client->connectStatus == BOUND) &&
- (client->entriesFound != NULL)) {
- *pPollDesc = NULL;
- *pResponse = client->entriesFound;
- client->entriesFound = NULL;
- PKIX_DECREF(client->currentRequest);
- } else {
- *pPollDesc = &client->pollDesc;
- *pResponse = NULL;
- }
-
-cleanup:
-
- PKIX_RETURN(LDAPDEFAULTCLIENT);
-
-}
-
-/* --Public-LdapDefaultClient-Functions----------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_LdapDefaultClient_AbandonRequest
- * DESCRIPTION:
- *
- * This function creates and sends an LDAP-protocol "Abandon" message to the
- * server connected to the LdapDefaultClient pointed to by "client".
- *
- * PARAMETERS:
- * "client"
- * The LdapDefaultClient whose connection is to be abandoned. Must be
- * non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_LdapDefaultClient_AbandonRequest(
- PKIX_PL_LdapDefaultClient *client,
- void *plContext)
-{
- PKIX_Int32 bytesWritten = 0;
- PKIX_PL_Socket_Callback *callbackList = NULL;
- SECItem *encoded = NULL;
-
- PKIX_ENTER(CERTSTORE, "PKIX_PL_LdapDefaultClient_AbandonRequest");
- PKIX_NULLCHECK_ONE(client);
-
- if (client->connectStatus == RECV_PENDING) {
- PKIX_CHECK(pkix_pl_LdapDefaultClient_MakeAbandon
- (client->arena,
- (client->messageID) - 1,
- &encoded,
- plContext),
- PKIX_LDAPDEFAULTCLIENTMAKEABANDONFAILED);
-
- callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
- PKIX_CHECK(callbackList->sendCallback
- (client->clientSocket,
- encoded->data,
- encoded->len,
- &bytesWritten,
- plContext),
- PKIX_SOCKETSENDFAILED);
-
- if (bytesWritten < 0) {
- client->connectStatus = ABANDON_PENDING;
- } else {
- client->connectStatus = BOUND;
- }
- }
-
- PKIX_DECREF(client->entriesFound);
- PKIX_DECREF(client->currentRequest);
- PKIX_DECREF(client->currentResponse);
-
-cleanup:
-
- PKIX_DECREF(client);
-
- PKIX_RETURN(CERTSTORE);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.h b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.h
deleted file mode 100644
index 9bc24188e..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.h
+++ /dev/null
@@ -1,115 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_ldapdefaultclient.h
- *
- * LDAPDefaultClient Object Type Definition
- *
- */
-
-#ifndef _PKIX_PL_LDAPDEFAULTCLIENT_H
-#define _PKIX_PL_LDAPDEFAULTCLIENT_H
-
-#include "pkix_pl_ldapt.h"
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * At the time of this version, there are unresolved questions about the LDAP
- * protocol. Although RFC1777 describes a BIND and UNBIND message, it is not
- * clear whether they are appropriate to this application. We have tested only
- * using servers that do not expect authentication, and that reject BIND
- * messages. It is not clear what values might be appropriate for the bindname
- * and authentication fields, which are currently implemented as char strings
- * supplied by the caller. (If this changes, the API and possibly the templates
- * will have to change.) Therefore the LDAPClient_Create API contains a
- * BindAPI structure, a union, which will have to be revised and extended when
- * this area of the protocol is better understood.
- *
- */
-
-typedef enum {
- CONNECT_PENDING,
- CONNECTED,
- BIND_PENDING,
- BIND_RESPONSE,
- BIND_RESPONSE_PENDING,
- BOUND,
- SEND_PENDING,
- RECV,
- RECV_PENDING,
- RECV_INITIAL,
- RECV_NONINITIAL,
- ABANDON_PENDING
-} LdapClientConnectStatus;
-
-struct PKIX_PL_LdapDefaultClientStruct {
- PKIX_PL_LdapClient vtable;
- LdapClientConnectStatus connectStatus;
- PKIX_UInt32 messageID;
- PKIX_PL_HashTable *cachePtr;
- PKIX_PL_Socket *clientSocket;
- PRPollDesc pollDesc;
- void *callbackList; /* cast this to (PKIX_PL_Socket_Callback *) */
- LDAPBindAPI *bindAPI;
- PRArenaPool *arena;
- PRTime lastIO;
- void *sendBuf;
- PKIX_UInt32 bytesToWrite;
- void *rcvBuf;
- PKIX_UInt32 capacity;
- void *currentInPtr;
- PKIX_UInt32 currentBytesAvailable;
- void *bindMsg;
- PKIX_UInt32 bindMsgLen;
- PKIX_List *entriesFound;
- PKIX_PL_LdapRequest *currentRequest;
- PKIX_PL_LdapResponse *currentResponse;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_pl_LdapDefaultClient_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_LDAPDEFAULTCLIENT_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c
deleted file mode 100644
index b728f3c14..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c
+++ /dev/null
@@ -1,794 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_ldaprequest.c
- *
- */
-
-#include "pkix_pl_ldaprequest.h"
-
-/* --Private-LdapRequest-Functions------------------------------------- */
-
-/* Note: lengths do not include the NULL terminator */
-static const char caAttr[] = "caCertificate;binary";
-static unsigned int caAttrLen = sizeof(caAttr) - 1;
-static const char uAttr[] = "userCertificate;binary";
-static unsigned int uAttrLen = sizeof(uAttr) - 1;
-static const char ccpAttr[] = "crossCertificatePair;binary";
-static unsigned int ccpAttrLen = sizeof(ccpAttr) - 1;
-static const char crlAttr[] = "certificateRevocationList;binary";
-static unsigned int crlAttrLen = sizeof(crlAttr) - 1;
-static const char arlAttr[] = "authorityRevocationList;binary";
-static unsigned int arlAttrLen = sizeof(arlAttr) - 1;
-
-/*
- * XXX If this function were moved into pkix_pl_ldapcertstore.c then all of
- * LdapRequest and LdapResponse could be considered part of the LDAP client.
- * But the constants, above, would have to be copied as well, and they are
- * also needed in pkix_pl_LdapRequest_EncodeAttrs. So there would have to be
- * two copies.
- */
-
-/*
- * FUNCTION: pkix_pl_LdapRequest_AttrTypeToBit
- * DESCRIPTION:
- *
- * This function creates an attribute mask bit corresponding to the SECItem
- * pointed to by "attrType", storing the result at "pAttrBit". The comparison
- * is case-insensitive. If "attrType" does not match any of the known types,
- * zero is stored at "pAttrBit".
- *
- * PARAMETERS
- * "attrType"
- * The address of the SECItem whose string contents are to be compared to
- * the various known attribute types. Must be non-NULL.
- * "pAttrBit"
- * The address where the result is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an LdapRequest Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_LdapRequest_AttrTypeToBit(
- SECItem *attrType,
- LdapAttrMask *pAttrBit,
- void *plContext)
-{
- LdapAttrMask attrBit = 0;
- unsigned int attrLen = 0;
- const char *s = NULL;
-
- PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_AttrTypeToBit");
- PKIX_NULLCHECK_TWO(attrType, pAttrBit);
-
- s = (const char *)attrType->data;
- attrLen = attrType->len;
-
- /*
- * Taking note of the fact that all of the comparand strings are
- * different lengths, we do a slight optimization. If a string
- * length matches but the string does not match, we skip comparing
- * to the other strings. If new strings are added to the comparand
- * list, and any are of equal length, be careful to change the
- * grouping of tests accordingly.
- */
- if (attrLen == caAttrLen) {
- if (PORT_Strncasecmp(caAttr, s, attrLen) == 0) {
- attrBit = LDAPATTR_CACERT;
- }
- } else if (attrLen == uAttrLen) {
- if (PORT_Strncasecmp(uAttr, s, attrLen) == 0) {
- attrBit = LDAPATTR_USERCERT;
- }
- } else if (attrLen == ccpAttrLen) {
- if (PORT_Strncasecmp(ccpAttr, s, attrLen) == 0) {
- attrBit = LDAPATTR_CROSSPAIRCERT;
- }
- } else if (attrLen == crlAttrLen) {
- if (PORT_Strncasecmp(crlAttr, s, attrLen) == 0) {
- attrBit = LDAPATTR_CERTREVLIST;
- }
- } else if (attrLen == arlAttrLen) {
- if (PORT_Strncasecmp(arlAttr, s, attrLen) == 0) {
- attrBit = LDAPATTR_AUTHREVLIST;
- }
- }
-
- *pAttrBit = attrBit;
-
- PKIX_RETURN(LDAPREQUEST);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapRequest_AttrStringToBit
- * DESCRIPTION:
- *
- * This function creates an attribute mask bit corresponding to the null-
- * terminated string pointed to by "attrString", storing the result at
- * "pAttrBit". The comparison is case-insensitive. If "attrString" does not
- * match any of the known types, zero is stored at "pAttrBit".
- *
- * PARAMETERS
- * "attrString"
- * The address of the null-terminated string whose contents are to be compared to
- * the various known attribute types. Must be non-NULL.
- * "pAttrBit"
- * The address where the result is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an LdapRequest Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_LdapRequest_AttrStringToBit(
- char *attrString,
- LdapAttrMask *pAttrBit,
- void *plContext)
-{
- LdapAttrMask attrBit = 0;
- unsigned int attrLen = 0;
-
- PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_AttrStringToBit");
- PKIX_NULLCHECK_TWO(attrString, pAttrBit);
-
- attrLen = PL_strlen(attrString);
-
- /*
- * Taking note of the fact that all of the comparand strings are
- * different lengths, we do a slight optimization. If a string
- * length matches but the string does not match, we skip comparing
- * to the other strings. If new strings are added to the comparand
- * list, and any are of equal length, be careful to change the
- * grouping of tests accordingly.
- */
- if (attrLen == caAttrLen) {
- if (PORT_Strncasecmp(caAttr, attrString, attrLen) == 0) {
- attrBit = LDAPATTR_CACERT;
- }
- } else if (attrLen == uAttrLen) {
- if (PORT_Strncasecmp(uAttr, attrString, attrLen) == 0) {
- attrBit = LDAPATTR_USERCERT;
- }
- } else if (attrLen == ccpAttrLen) {
- if (PORT_Strncasecmp(ccpAttr, attrString, attrLen) == 0) {
- attrBit = LDAPATTR_CROSSPAIRCERT;
- }
- } else if (attrLen == crlAttrLen) {
- if (PORT_Strncasecmp(crlAttr, attrString, attrLen) == 0) {
- attrBit = LDAPATTR_CERTREVLIST;
- }
- } else if (attrLen == arlAttrLen) {
- if (PORT_Strncasecmp(arlAttr, attrString, attrLen) == 0) {
- attrBit = LDAPATTR_AUTHREVLIST;
- }
- }
-
- *pAttrBit = attrBit;
-
- PKIX_RETURN(LDAPREQUEST);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapRequest_EncodeAttrs
- * DESCRIPTION:
- *
- * This function obtains the attribute mask bits from the LdapRequest pointed
- * to by "request", creates the corresponding array of AttributeTypes for the
- * encoding of the SearchRequest message.
- *
- * PARAMETERS
- * "request"
- * The address of the LdapRequest whose attributes are to be encoded. Must
- * be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an LdapRequest Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_LdapRequest_EncodeAttrs(
- PKIX_PL_LdapRequest *request,
- void *plContext)
-{
- SECItem **attrArray = NULL;
- PKIX_UInt32 attrIndex = 0;
- LdapAttrMask attrBits;
-
- PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_EncodeAttrs");
- PKIX_NULLCHECK_ONE(request);
-
- /* construct "attrs" according to bits in request->attrBits */
- attrBits = request->attrBits;
- attrArray = request->attrArray;
- if ((attrBits & LDAPATTR_CACERT) == LDAPATTR_CACERT) {
- attrArray[attrIndex] = &(request->attributes[attrIndex]);
- request->attributes[attrIndex].type = siAsciiString;
- request->attributes[attrIndex].data = (unsigned char *)caAttr;
- request->attributes[attrIndex].len = caAttrLen;
- attrIndex++;
- }
- if ((attrBits & LDAPATTR_USERCERT) == LDAPATTR_USERCERT) {
- attrArray[attrIndex] = &(request->attributes[attrIndex]);
- request->attributes[attrIndex].type = siAsciiString;
- request->attributes[attrIndex].data = (unsigned char *)uAttr;
- request->attributes[attrIndex].len = uAttrLen;
- attrIndex++;
- }
- if ((attrBits & LDAPATTR_CROSSPAIRCERT) == LDAPATTR_CROSSPAIRCERT) {
- attrArray[attrIndex] = &(request->attributes[attrIndex]);
- request->attributes[attrIndex].type = siAsciiString;
- request->attributes[attrIndex].data = (unsigned char *)ccpAttr;
- request->attributes[attrIndex].len = ccpAttrLen;
- attrIndex++;
- }
- if ((attrBits & LDAPATTR_CERTREVLIST) == LDAPATTR_CERTREVLIST) {
- attrArray[attrIndex] = &(request->attributes[attrIndex]);
- request->attributes[attrIndex].type = siAsciiString;
- request->attributes[attrIndex].data = (unsigned char *)crlAttr;
- request->attributes[attrIndex].len = crlAttrLen;
- attrIndex++;
- }
- if ((attrBits & LDAPATTR_AUTHREVLIST) == LDAPATTR_AUTHREVLIST) {
- attrArray[attrIndex] = &(request->attributes[attrIndex]);
- request->attributes[attrIndex].type = siAsciiString;
- request->attributes[attrIndex].data = (unsigned char *)arlAttr;
- request->attributes[attrIndex].len = arlAttrLen;
- attrIndex++;
- }
- attrArray[attrIndex] = (SECItem *)NULL;
-
- PKIX_RETURN(LDAPREQUEST);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapRequest_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_LdapRequest_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_LdapRequest *ldapRq = NULL;
-
- PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_LDAPREQUEST_TYPE, plContext),
- PKIX_OBJECTNOTLDAPREQUEST);
-
- ldapRq = (PKIX_PL_LdapRequest *)object;
-
- /*
- * All dynamic fields in an LDAPRequest are allocated
- * in an arena, and will be freed when the arena is destroyed.
- */
-
-cleanup:
-
- PKIX_RETURN(LDAPREQUEST);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapRequest_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_LdapRequest_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_UInt32 dataLen = 0;
- PKIX_UInt32 dindex = 0;
- PKIX_UInt32 sizeOfLength = 0;
- PKIX_UInt32 idLen = 0;
- const unsigned char *msgBuf = NULL;
- PKIX_PL_LdapRequest *ldapRq = NULL;
-
- PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_LDAPREQUEST_TYPE, plContext),
- PKIX_OBJECTNOTLDAPREQUEST);
-
- ldapRq = (PKIX_PL_LdapRequest *)object;
-
- *pHashcode = 0;
-
- /*
- * Two requests that differ only in msgnum are a match! Therefore,
- * start hashcoding beyond the encoded messageID field.
- */
- if (ldapRq->encoded) {
- msgBuf = (const unsigned char *)ldapRq->encoded->data;
- /* Is message length short form (one octet) or long form? */
- if ((msgBuf[1] & 0x80) != 0) {
- sizeOfLength = msgBuf[1] & 0x7F;
- for (dindex = 0; dindex < sizeOfLength; dindex++) {
- dataLen = (dataLen << 8) + msgBuf[dindex + 2];
- }
- } else {
- dataLen = msgBuf[1];
- }
-
- /* How many bytes for the messageID? (Assume short form) */
- idLen = msgBuf[dindex + 3] + 2;
- dindex += idLen;
- dataLen -= idLen;
- msgBuf = &msgBuf[dindex + 2];
-
- PKIX_CHECK(pkix_hash(msgBuf, dataLen, pHashcode, plContext),
- PKIX_HASHFAILED);
- }
-
-cleanup:
-
- PKIX_RETURN(LDAPREQUEST);
-
-}
-
-/*
- * FUNCTION: pkix_pl_LdapRequest_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_LdapRequest_Equals(
- PKIX_PL_Object *firstObj,
- PKIX_PL_Object *secondObj,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PL_LdapRequest *firstReq = NULL;
- PKIX_PL_LdapRequest *secondReq = NULL;
- PKIX_UInt32 secondType = 0;
- PKIX_UInt32 firstLen = 0;
- const unsigned char *firstData = NULL;
- const unsigned char *secondData = NULL;
- PKIX_UInt32 sizeOfLength = 0;
- PKIX_UInt32 dindex = 0;
- PKIX_UInt32 i = 0;
-
- PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_Equals");
- PKIX_NULLCHECK_THREE(firstObj, secondObj, pResult);
-
- /* test that firstObj is a LdapRequest */
- PKIX_CHECK(pkix_CheckType(firstObj, PKIX_LDAPREQUEST_TYPE, plContext),
- PKIX_FIRSTOBJARGUMENTNOTLDAPREQUEST);
-
- /*
- * Since we know firstObj is a LdapRequest, if both references are
- * identical, they must be equal
- */
- if (firstObj == secondObj){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If secondObj isn't a LdapRequest, we don't throw an error.
- * We simply return a Boolean result of FALSE
- */
- *pResult = PKIX_FALSE;
- PKIX_CHECK(PKIX_PL_Object_GetType
- (secondObj, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
- if (secondType != PKIX_LDAPREQUEST_TYPE) {
- goto cleanup;
- }
-
- firstReq = (PKIX_PL_LdapRequest *)firstObj;
- secondReq = (PKIX_PL_LdapRequest *)secondObj;
-
- /* If either lacks an encoded string, they cannot be compared */
- if (!(firstReq->encoded) || !(secondReq->encoded)) {
- goto cleanup;
- }
-
- if (firstReq->encoded->len != secondReq->encoded->len) {
- goto cleanup;
- }
-
- firstData = (const unsigned char *)firstReq->encoded->data;
- secondData = (const unsigned char *)secondReq->encoded->data;
-
- /*
- * Two requests that differ only in msgnum are equal! Therefore,
- * start the byte comparison beyond the encoded messageID field.
- */
-
- /* Is message length short form (one octet) or long form? */
- if ((firstData[1] & 0x80) != 0) {
- sizeOfLength = firstData[1] & 0x7F;
- for (dindex = 0; dindex < sizeOfLength; dindex++) {
- firstLen = (firstLen << 8) + firstData[dindex + 2];
- }
- } else {
- firstLen = firstData[1];
- }
-
- /* How many bytes for the messageID? (Assume short form) */
- i = firstData[dindex + 3] + 2;
- dindex += i;
- firstLen -= i;
- firstData = &firstData[dindex + 2];
-
- /*
- * In theory, we have to calculate where the second message data
- * begins by checking its length encodings. But if these messages
- * are equal, we can re-use the calculation we already did. If they
- * are not equal, the byte comparisons will surely fail.
- */
-
- secondData = &secondData[dindex + 2];
-
- for (i = 0; i < firstLen; i++) {
- if (firstData[i] != secondData[i]) {
- goto cleanup;
- }
- }
-
- *pResult = PKIX_TRUE;
-
-cleanup:
-
- PKIX_RETURN(LDAPREQUEST);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapRequest_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_LDAPREQUEST_TYPE and its related functions with
- * systemClasses[]
- * PARAMETERS:
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_LdapRequest_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_RegisterSelf");
-
- entry.description = "LdapRequest";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_LdapRequest);
- entry.destructor = pkix_pl_LdapRequest_Destroy;
- entry.equalsFunction = pkix_pl_LdapRequest_Equals;
- entry.hashcodeFunction = pkix_pl_LdapRequest_Hashcode;
- entry.toStringFunction = NULL;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
-
- systemClasses[PKIX_LDAPREQUEST_TYPE] = entry;
-
- PKIX_RETURN(LDAPREQUEST);
-}
-
-/* --Public-Functions------------------------------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_LdapRequest_Create
- * DESCRIPTION:
- *
- * This function creates an LdapRequest using the PRArenaPool pointed to by
- * "arena", a message number whose value is "msgnum", a base object pointed to
- * by "issuerDN", a scope whose value is "scope", a derefAliases flag whose
- * value is "derefAliases", a sizeLimit whose value is "sizeLimit", a timeLimit
- * whose value is "timeLimit", an attrsOnly flag whose value is "attrsOnly", a
- * filter whose value is "filter", and attribute bits whose value is
- * "attrBits"; storing the result at "pRequestMsg".
- *
- * See pkix_pl_ldaptemplates.c (and below) for the ASN.1 representation of
- * message components, and see pkix_pl_ldapt.h for data types.
- *
- * PARAMETERS
- * "arena"
- * The address of the PRArenaPool to be used in the encoding. Must be
- * non-NULL.
- * "msgnum"
- * The UInt32 message number to be used for the messageID component of the
- * LDAP message exchange.
- * "issuerDN"
- * The address of the string to be used for the baseObject component of the
- * LDAP SearchRequest message. Must be non-NULL.
- * "scope"
- * The (enumerated) ScopeType to be used for the scope component of the
- * LDAP SearchRequest message
- * "derefAliases"
- * The (enumerated) DerefType to be used for the derefAliases component of
- * the LDAP SearchRequest message
- * "sizeLimit"
- * The UInt32 value to be used for the sizeLimit component of the LDAP
- * SearchRequest message
- * "timeLimit"
- * The UInt32 value to be used for the timeLimit component of the LDAP
- * SearchRequest message
- * "attrsOnly"
- * The Boolean value to be used for the attrsOnly component of the LDAP
- * SearchRequest message
- * "filter"
- * The filter to be used for the filter component of the LDAP
- * SearchRequest message
- * "attrBits"
- * The LdapAttrMask bits indicating the attributes to be included in the
- * attributes sequence of the LDAP SearchRequest message
- * "pRequestMsg"
- * The address at which the address of the LdapRequest is stored. Must
- * be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an LdapRequest Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-/*
- * SearchRequest ::=
- * [APPLICATION 3] SEQUENCE {
- * baseObject LDAPDN,
- * scope ENUMERATED {
- * baseObject (0),
- * singleLevel (1),
- * wholeSubtree (2)
- * },
- * derefAliases ENUMERATED {
- * neverDerefAliases (0),
- * derefInSearching (1),
- * derefFindingBaseObj (2),
- * alwaysDerefAliases (3)
- * },
- * sizeLimit INTEGER (0 .. MAXINT),
- * -- value of 0 implies no sizeLimit
- * timeLimit INTEGER (0 .. MAXINT),
- * -- value of 0 implies no timeLimit
- * attrsOnly BOOLEAN,
- * -- TRUE, if only attributes (without values)
- * -- to be returned
- * filter Filter,
- * attributes SEQUENCE OF AttributeType
- * }
- *
- * Filter ::=
- * CHOICE {
- * and [0] SET OF Filter,
- * or [1] SET OF Filter,
- * not [2] Filter,
- * equalityMatch [3] AttributeValueAssertion,
- * substrings [4] SubstringFilter,
- * greaterOrEqual [5] AttributeValueAssertion,
- * lessOrEqual [6] AttributeValueAssertion,
- * present [7] AttributeType,
- * approxMatch [8] AttributeValueAssertion
- * }
- *
- * SubstringFilter ::=
- * SEQUENCE {
- * type AttributeType,
- * SEQUENCE OF CHOICE {
- * initial [0] LDAPString,
- * any [1] LDAPString,
- * final [2] LDAPString,
- * }
- * }
- *
- * AttributeValueAssertion ::=
- * SEQUENCE {
- * attributeType AttributeType,
- * attributeValue AttributeValue,
- * }
- *
- * AttributeValue ::= OCTET STRING
- *
- * AttributeType ::= LDAPString
- * -- text name of the attribute, or dotted
- * -- OID representation
- *
- * LDAPDN ::= LDAPString
- *
- * LDAPString ::= OCTET STRING
- *
- */
-PKIX_Error *
-pkix_pl_LdapRequest_Create(
- PRArenaPool *arena,
- PKIX_UInt32 msgnum,
- char *issuerDN,
- ScopeType scope,
- DerefType derefAliases,
- PKIX_UInt32 sizeLimit,
- PKIX_UInt32 timeLimit,
- char attrsOnly,
- LDAPFilter *filter,
- LdapAttrMask attrBits,
- PKIX_PL_LdapRequest **pRequestMsg,
- void *plContext)
-{
- LDAPMessage msg;
- LDAPSearch *search;
- PKIX_PL_LdapRequest *ldapRequest = NULL;
- char scopeTypeAsChar;
- char derefAliasesTypeAsChar;
- SECItem *attrArray[MAX_LDAPATTRS + 1];
-
- PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_Create");
- PKIX_NULLCHECK_THREE(arena, issuerDN, pRequestMsg);
-
- /* create a PKIX_PL_LdapRequest object */
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_LDAPREQUEST_TYPE,
- sizeof (PKIX_PL_LdapRequest),
- (PKIX_PL_Object **)&ldapRequest,
- plContext),
- PKIX_COULDNOTCREATEOBJECT);
-
- ldapRequest->arena = arena;
- ldapRequest->msgnum = msgnum;
- ldapRequest->issuerDN = issuerDN;
- ldapRequest->scope = scope;
- ldapRequest->derefAliases = derefAliases;
- ldapRequest->sizeLimit = sizeLimit;
- ldapRequest->timeLimit = timeLimit;
- ldapRequest->attrsOnly = attrsOnly;
- ldapRequest->filter = filter;
- ldapRequest->attrBits = attrBits;
-
- ldapRequest->attrArray = attrArray;
-
- PKIX_CHECK(pkix_pl_LdapRequest_EncodeAttrs
- (ldapRequest, plContext),
- PKIX_LDAPREQUESTENCODEATTRSFAILED);
-
- PKIX_PL_NSSCALL
- (LDAPREQUEST, PORT_Memset, (&msg, 0, sizeof (LDAPMessage)));
-
- msg.messageID.type = siUnsignedInteger;
- msg.messageID.data = (void*)&msgnum;
- msg.messageID.len = sizeof (msgnum);
-
- msg.protocolOp.selector = LDAP_SEARCH_TYPE;
-
- search = &(msg.protocolOp.op.searchMsg);
-
- search->baseObject.type = siAsciiString;
- search->baseObject.data = (void *)issuerDN;
- search->baseObject.len = PL_strlen(issuerDN);
- scopeTypeAsChar = (char)scope;
- search->scope.type = siUnsignedInteger;
- search->scope.data = (void *)&scopeTypeAsChar;
- search->scope.len = sizeof (scopeTypeAsChar);
- derefAliasesTypeAsChar = (char)derefAliases;
- search->derefAliases.type = siUnsignedInteger;
- search->derefAliases.data =
- (void *)&derefAliasesTypeAsChar;
- search->derefAliases.len =
- sizeof (derefAliasesTypeAsChar);
- search->sizeLimit.type = siUnsignedInteger;
- search->sizeLimit.data = (void *)&sizeLimit;
- search->sizeLimit.len = sizeof (PKIX_UInt32);
- search->timeLimit.type = siUnsignedInteger;
- search->timeLimit.data = (void *)&timeLimit;
- search->timeLimit.len = sizeof (PKIX_UInt32);
- search->attrsOnly.type = siBuffer;
- search->attrsOnly.data = (void *)&attrsOnly;
- search->attrsOnly.len = sizeof (attrsOnly);
-
- PKIX_PL_NSSCALL
- (LDAPREQUEST,
- PORT_Memcpy,
- (&search->filter, filter, sizeof (LDAPFilter)));
-
- search->attributes = attrArray;
-
- PKIX_PL_NSSCALLRV
- (LDAPREQUEST, ldapRequest->encoded, SEC_ASN1EncodeItem,
- (arena, NULL, (void *)&msg, PKIX_PL_LDAPMessageTemplate));
-
- if (!(ldapRequest->encoded)) {
- PKIX_ERROR(PKIX_FAILEDINENCODINGSEARCHREQUEST);
- }
-
- *pRequestMsg = ldapRequest;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED) {
- PKIX_DECREF(ldapRequest);
- }
-
- PKIX_RETURN(LDAPREQUEST);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapRequest_GetEncoded
- * DESCRIPTION:
- *
- * This function obtains the encoded message from the LdapRequest pointed to
- * by "request", storing the result at "pRequestBuf".
- *
- * PARAMETERS
- * "request"
- * The address of the LdapRequest whose encoded message is to be
- * retrieved. Must be non-NULL.
- * "pRequestBuf"
- * The address at which is stored the address of the encoded message. Must
- * be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an LdapRequest Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_LdapRequest_GetEncoded(
- PKIX_PL_LdapRequest *request,
- SECItem **pRequestBuf,
- void *plContext)
-{
- PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_GetEncoded");
- PKIX_NULLCHECK_TWO(request, pRequestBuf);
-
- *pRequestBuf = request->encoded;
-
- PKIX_RETURN(LDAPREQUEST);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.h b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.h
deleted file mode 100644
index 11be6780d..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.h
+++ /dev/null
@@ -1,119 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_ldaprequest.h
- *
- * LdapRequest Object Definitions
- *
- */
-
-#ifndef _PKIX_PL_LDAPREQUEST_H
-#define _PKIX_PL_LDAPREQUEST_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef enum {
- USER_CERT,
- CA_CERT,
- CROSS_CERT,
- CRL,
- ARL,
- DELTA_CRL
-} PKIX_PL_LdapAttr;
-
-struct PKIX_PL_LdapRequestStruct{
- PRArenaPool *arena;
- PKIX_UInt32 msgnum;
- char *issuerDN;
- ScopeType scope;
- DerefType derefAliases;
- PKIX_UInt32 sizeLimit;
- PKIX_UInt32 timeLimit;
- char attrsOnly;
- LDAPFilter *filter;
- LdapAttrMask attrBits;
- SECItem attributes[MAX_LDAPATTRS];
- SECItem **attrArray;
- SECItem *encoded;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *
-pkix_pl_LdapRequest_Create(
- PRArenaPool *arena,
- PKIX_UInt32 msgnum,
- char *issuerDN,
- ScopeType scope,
- DerefType derefAliases,
- PKIX_UInt32 sizeLimit,
- PKIX_UInt32 timeLimit,
- char attrsOnly,
- LDAPFilter *filter,
- LdapAttrMask attrBits,
- PKIX_PL_LdapRequest **pRequestMsg,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_LdapRequest_AttrTypeToBit(
- SECItem *attrType,
- LdapAttrMask *pAttrBit,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_LdapRequest_AttrStringToBit(
- char *attrString,
- LdapAttrMask *pAttrBit,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_LdapRequest_GetEncoded(
- PKIX_PL_LdapRequest *request,
- SECItem **pRequestBuf,
- void *plContext);
-
-PKIX_Error *pkix_pl_LdapRequest_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_LDAPREQUEST_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c
deleted file mode 100644
index a3915b1a4..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c
+++ /dev/null
@@ -1,819 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_ldapresponse.c
- *
- */
-
-#include <fcntl.h>
-#include "pkix_pl_ldapresponse.h"
-
-/* --Private-LdapResponse-Functions------------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_LdapResponse_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_LdapResponse_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_LdapResponse *ldapRsp = NULL;
- LDAPMessage *m = NULL;
- LDAPSearchResponseEntry *entry = NULL;
- LDAPSearchResponseResult *result = NULL;
- LDAPSearchResponseAttr **attributes = NULL;
- LDAPSearchResponseAttr *attr = NULL;
- SECItem **valp = NULL;
- SECItem *val = NULL;
-
- PKIX_ENTER(LDAPRESPONSE, "pkix_pl_LdapResponse_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_LDAPRESPONSE_TYPE, plContext),
- PKIX_OBJECTNOTLDAPRESPONSE);
-
- ldapRsp = (PKIX_PL_LdapResponse *)object;
-
- m = &ldapRsp->decoded;
-
- if (m->messageID.data != NULL) {
- PR_Free(m->messageID.data);
- }
-
- if (m->protocolOp.selector ==
- LDAP_SEARCHRESPONSEENTRY_TYPE) {
- entry = &m->protocolOp.op.searchResponseEntryMsg;
- if (entry->objectName.data != NULL) {
- PR_Free(entry->objectName.data);
- }
- if (entry->attributes != NULL) {
- for (attributes = entry->attributes;
- *attributes != NULL;
- attributes++) {
- attr = *attributes;
- PR_Free(attr->attrType.data);
- for (valp = attr->val; *valp != NULL; valp++) {
- val = *valp;
- if (val->data != NULL) {
- PR_Free(val->data);
- }
- PR_Free(val);
- }
- PR_Free(attr->val);
- PR_Free(attr);
- }
- PR_Free(entry->attributes);
- }
- } else if (m->protocolOp.selector ==
- LDAP_SEARCHRESPONSERESULT_TYPE) {
- result = &m->protocolOp.op.searchResponseResultMsg;
- if (result->resultCode.data != NULL) {
- PR_Free(result->resultCode.data);
- }
- }
-
- PKIX_FREE(ldapRsp->derEncoded.data);
-
-cleanup:
-
- PKIX_RETURN(LDAPRESPONSE);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapResponse_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_LdapResponse_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_UInt32 dataLen = 0;
- PKIX_UInt32 dindex = 0;
- PKIX_UInt32 sizeOfLength = 0;
- PKIX_UInt32 idLen = 0;
- const unsigned char *msgBuf = NULL;
- PKIX_PL_LdapResponse *ldapRsp = NULL;
-
- PKIX_ENTER(LDAPRESPONSE, "pkix_pl_LdapResponse_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_LDAPRESPONSE_TYPE, plContext),
- PKIX_OBJECTNOTLDAPRESPONSE);
-
- ldapRsp = (PKIX_PL_LdapResponse *)object;
-
- *pHashcode = 0;
-
- /*
- * Two responses that differ only in msgnum are a match! Therefore,
- * start hashcoding beyond the encoded messageID field.
- */
- if (ldapRsp->derEncoded.data) {
- msgBuf = (const unsigned char *)ldapRsp->derEncoded.data;
- /* Is message length short form (one octet) or long form? */
- if ((msgBuf[1] & 0x80) != 0) {
- sizeOfLength = msgBuf[1] & 0x7F;
- for (dindex = 0; dindex < sizeOfLength; dindex++) {
- dataLen = (dataLen << 8) + msgBuf[dindex + 2];
- }
- } else {
- dataLen = msgBuf[1];
- }
-
- /* How many bytes for the messageID? (Assume short form) */
- idLen = msgBuf[dindex + 3] + 2;
- dindex += idLen;
- dataLen -= idLen;
- msgBuf = &msgBuf[dindex + 2];
-
- PKIX_CHECK(pkix_hash(msgBuf, dataLen, pHashcode, plContext),
- PKIX_HASHFAILED);
- }
-
-cleanup:
-
- PKIX_RETURN(LDAPRESPONSE);
-
-}
-
-/*
- * FUNCTION: pkix_pl_LdapResponse_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_LdapResponse_Equals(
- PKIX_PL_Object *firstObj,
- PKIX_PL_Object *secondObj,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PL_LdapResponse *rsp1 = NULL;
- PKIX_PL_LdapResponse *rsp2 = NULL;
- PKIX_UInt32 secondType = 0;
- PKIX_UInt32 firstLen = 0;
- const unsigned char *firstData = NULL;
- const unsigned char *secondData = NULL;
- PKIX_UInt32 sizeOfLength = 0;
- PKIX_UInt32 dindex = 0;
- PKIX_UInt32 i = 0;
-
- PKIX_ENTER(LDAPRESPONSE, "pkix_pl_LdapResponse_Equals");
- PKIX_NULLCHECK_THREE(firstObj, secondObj, pResult);
-
- /* test that firstObj is a LdapResponse */
- PKIX_CHECK(pkix_CheckType(firstObj, PKIX_LDAPRESPONSE_TYPE, plContext),
- PKIX_FIRSTOBJARGUMENTNOTLDAPRESPONSE);
-
- /*
- * Since we know firstObj is a LdapResponse, if both references are
- * identical, they must be equal
- */
- if (firstObj == secondObj){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If secondObj isn't a LdapResponse, we don't throw an error.
- * We simply return a Boolean result of FALSE
- */
- *pResult = PKIX_FALSE;
- PKIX_CHECK(PKIX_PL_Object_GetType(secondObj, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
- if (secondType != PKIX_LDAPRESPONSE_TYPE) {
- goto cleanup;
- }
-
- rsp1 = (PKIX_PL_LdapResponse *)firstObj;
- rsp2 = (PKIX_PL_LdapResponse *)secondObj;
-
- /* If either lacks an encoded string, they cannot be compared */
- if (!(rsp1->derEncoded.data) || !(rsp2->derEncoded.data)) {
- goto cleanup;
- }
-
- if (rsp1->derEncoded.len != rsp2->derEncoded.len) {
- goto cleanup;
- }
-
- firstData = (const unsigned char *)rsp1->derEncoded.data;
- secondData = (const unsigned char *)rsp2->derEncoded.data;
-
- /*
- * Two responses that differ only in msgnum are equal! Therefore,
- * start the byte comparison beyond the encoded messageID field.
- */
-
- /* Is message length short form (one octet) or long form? */
- if ((firstData[1] & 0x80) != 0) {
- sizeOfLength = firstData[1] & 0x7F;
- for (dindex = 0; dindex < sizeOfLength; dindex++) {
- firstLen = (firstLen << 8) + firstData[dindex + 2];
- }
- } else {
- firstLen = firstData[1];
- }
-
- /* How many bytes for the messageID? (Assume short form) */
- i = firstData[dindex + 3] + 2;
- dindex += i;
- firstLen -= i;
- firstData = &firstData[dindex + 2];
-
- /*
- * In theory, we have to calculate where the second message data
- * begins by checking its length encodings. But if these messages
- * are equal, we can re-use the calculation we already did. If they
- * are not equal, the byte comparisons will surely fail.
- */
-
- secondData = &secondData[dindex + 2];
-
- for (i = 0; i < firstLen; i++) {
- if (firstData[i] != secondData[i]) {
- goto cleanup;
- }
- }
-
- *pResult = PKIX_TRUE;
-
-cleanup:
-
- PKIX_RETURN(LDAPRESPONSE);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapResponse_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_LDAPRESPONSE_TYPE and its related functions with
- * systemClasses[]
- * PARAMETERS:
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_LdapResponse_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(LDAPRESPONSE, "pkix_pl_LdapResponse_RegisterSelf");
-
- entry.description = "LdapResponse";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_LdapResponse);
- entry.destructor = pkix_pl_LdapResponse_Destroy;
- entry.equalsFunction = pkix_pl_LdapResponse_Equals;
- entry.hashcodeFunction = pkix_pl_LdapResponse_Hashcode;
- entry.toStringFunction = NULL;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
-
- systemClasses[PKIX_LDAPRESPONSE_TYPE] = entry;
-
- PKIX_RETURN(LDAPRESPONSE);
-}
-
-/* --Public-Functions------------------------------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_LdapResponse_Create
- * DESCRIPTION:
- *
- * This function creates an LdapResponse for the LDAPMessageType provided in
- * "responseType" and a buffer capacity provided by "totalLength". It copies
- * into its buffer either "totalLength" or "bytesAvailable" bytes, whichever
- * is less, from the buffer pointed to by "partialData", storing the number of
- * bytes copied at "pBytesConsumed" and storing the address of the LdapResponse
- * at "pLdapResponse".
- *
- * If a message is complete in a single I/O buffer, the LdapResponse will be
- * complete when this function returns. If the message carries over into
- * additional buffers, their contents will be added to the LdapResponse by
- * susequent calls to pkix_pl_LdapResponse_Append.
- *
- * PARAMETERS
- * "responseType"
- * The value of the message type (LDAP_SEARCHRESPONSEENTRY_TYPE or
- * LDAP_SEARCHRESPONSERESULT_TYPE) for the LdapResponse being created
- * "totalLength"
- * The UInt32 value for the total length of the encoded message to be
- * stored in the LdapResponse
- * "bytesAvailable"
- * The UInt32 value for the number of bytes of data available in the
- * current buffer.
- * "partialData"
- * The address from which data is to be copied.
- * "pBytesConsumed"
- * The address at which is stored the UInt32 number of bytes taken from the
- * current buffer. If this number is less than "bytesAvailable", then bytes
- * remain in the buffer for the next LdapResponse. Must be non-NULL.
- * "pLdapResponse"
- * The address where the created LdapResponse is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an LdapResponse Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_LdapResponse_Create(
- LDAPMessageType responseType,
- PKIX_UInt32 totalLength,
- PKIX_UInt32 bytesAvailable,
- void *partialData,
- PKIX_UInt32 *pBytesConsumed,
- PKIX_PL_LdapResponse **pLdapResponse,
- void *plContext)
-{
- PKIX_UInt32 bytesConsumed = 0;
- PKIX_PL_LdapResponse *ldapResponse = NULL;
- void *data = NULL;
-
- PKIX_ENTER(LDAPRESPONSE, "PKIX_PL_LdapResponse_Create");
- PKIX_NULLCHECK_ONE(pLdapResponse);
-
- if (bytesAvailable <= totalLength) {
- bytesConsumed = bytesAvailable;
- } else {
- bytesConsumed = totalLength;
- }
-
- /* create a PKIX_PL_LdapResponse object */
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_LDAPRESPONSE_TYPE,
- sizeof (PKIX_PL_LdapResponse),
- (PKIX_PL_Object **)&ldapResponse,
- plContext),
- PKIX_COULDNOTCREATEOBJECT);
-
- ldapResponse->decoded.protocolOp.selector = responseType;
- ldapResponse->totalLength = totalLength;
- ldapResponse->partialLength = bytesConsumed;
-
- if (totalLength != 0){
- /* Alloc space for array */
- PKIX_NULLCHECK_ONE(partialData);
-
- PKIX_CHECK(PKIX_PL_Malloc
- (totalLength,
- &data,
- plContext),
- PKIX_MALLOCFAILED);
-
- PKIX_PL_NSSCALL
- (LDAPRESPONSE,
- PORT_Memcpy,
- (data, partialData, bytesConsumed));
- }
-
- ldapResponse->derEncoded.type = siBuffer;
- ldapResponse->derEncoded.data = data;
- ldapResponse->derEncoded.len = totalLength;
- *pBytesConsumed = bytesConsumed;
- *pLdapResponse = ldapResponse;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(ldapResponse);
- }
-
- PKIX_RETURN(LDAPRESPONSE);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapResponse_Append
- * DESCRIPTION:
- *
- * This function updates the LdapResponse pointed to by "response" with up to
- * "incrLength" from the buffer pointer to by "incrData", storing the number of
- * bytes copied at "pBytesConsumed".
- *
- * PARAMETERS
- * "response"
- * The address of the LdapResponse being updated. Must be non-zero.
- * "incrLength"
- * The UInt32 value for the number of bytes of data available in the
- * current buffer.
- * "incrData"
- * The address from which data is to be copied.
- * "pBytesConsumed"
- * The address at which is stored the UInt32 number of bytes taken from the
- * current buffer. If this number is less than "incrLength", then bytes
- * remain in the buffer for the next LdapResponse. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an LdapResponse Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_LdapResponse_Append(
- PKIX_PL_LdapResponse *response,
- PKIX_UInt32 incrLength,
- void *incrData,
- PKIX_UInt32 *pBytesConsumed,
- void *plContext)
-{
- PKIX_UInt32 newPartialLength = 0;
- PKIX_UInt32 bytesConsumed = 0;
- void *dest = NULL;
-
- PKIX_ENTER(LDAPRESPONSE, "PKIX_PL_LdapResponse_Append");
- PKIX_NULLCHECK_TWO(response, pBytesConsumed);
-
- if (incrLength > 0) {
-
- /* Calculate how many bytes we have room for. */
- bytesConsumed =
- response->totalLength - response->partialLength;
-
- if (bytesConsumed > incrLength) {
- bytesConsumed = incrLength;
- }
-
- newPartialLength = response->partialLength + bytesConsumed;
-
- PKIX_NULLCHECK_ONE(incrData);
-
- dest = &(((char *)response->derEncoded.data)[
- response->partialLength]);
-
- PKIX_PL_NSSCALL
- (LDAPRESPONSE,
- PORT_Memcpy,
- (dest, incrData, bytesConsumed));
-
- response->partialLength = newPartialLength;
- }
-
- *pBytesConsumed = bytesConsumed;
-
- PKIX_RETURN(LDAPRESPONSE);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapResponse_IsComplete
- * DESCRIPTION:
- *
- * This function determines whether the LdapResponse pointed to by "response"
- * contains all the data called for by the "totalLength" parameter provided
- * when it was created, storing PKIX_TRUE at "pIsComplete" if so, and
- * PKIX_FALSE otherwise.
- *
- * PARAMETERS
- * "response"
- * The address of the LdapResponse being evaluaTED. Must be non-zero.
- * "incrLength"
- * The UInt32 value for the number of bytes of data available in the
- * current buffer.
- * "incrData"
- * The address from which data is to be copied.
- * "pIsComplete"
- * The address at which is stored the Boolean indication of whether the
- * LdapResponse is complete. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an LdapResponse Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_LdapResponse_IsComplete(
- PKIX_PL_LdapResponse *response,
- PKIX_Boolean *pIsComplete,
- void *plContext)
-{
- PKIX_ENTER(LDAPRESPONSE, "PKIX_PL_LdapResponse_IsComplete");
- PKIX_NULLCHECK_TWO(response, pIsComplete);
-
- if (response->totalLength == response->partialLength) {
- *pIsComplete = PKIX_TRUE;
- } else {
- *pIsComplete = PKIX_FALSE;
- }
-
- PKIX_RETURN(LDAPRESPONSE);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapResponse_Decode
- * DESCRIPTION:
- *
- * This function decodes the DER data contained in the LdapResponse pointed to
- * by "response", using the arena pointed to by "arena", and storing at
- * "pStatus" SECSuccess if the decoding was successful and SECFailure
- * otherwise. The decoded message is stored in an element of "response".
- *
- * PARAMETERS
- * "arena"
- * The address of the PRArenaPool to be used in the decoding. Must be
- * non-NULL.
- * "response"
- * The address of the LdapResponse whose DER data is to be decoded. Must
- * be non-NULL.
- * "pStatus"
- * The address at which is stored the status from the decoding, SECSuccess
- * if successful, SECFailure otherwise. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an LdapResponse Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_LdapResponse_Decode(
- PRArenaPool *arena,
- PKIX_PL_LdapResponse *response,
- SECStatus *pStatus,
- void *plContext)
-{
- LDAPMessage *msg;
- SECStatus rv = SECFailure;
-
- PKIX_ENTER(LDAPRESPONSE, "PKIX_PL_LdapResponse_Decode");
- PKIX_NULLCHECK_THREE(arena, response, pStatus);
-
- if (response->totalLength != response->partialLength) {
- PKIX_ERROR(PKIX_ATTEMPTTODECODEANINCOMPLETERESPONSE);
- }
-
- msg = &(response->decoded);
-
- PKIX_PL_NSSCALL
- (LDAPRESPONSE, PORT_Memset, (msg, 0, sizeof (LDAPMessage)));
-
- PKIX_PL_NSSCALLRV(LDAPRESPONSE, rv, SEC_ASN1DecodeItem,
- (NULL, msg, PKIX_PL_LDAPMessageTemplate, &(response->derEncoded)));
-
- *pStatus = rv;
-cleanup:
-
- PKIX_RETURN(LDAPRESPONSE);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapResponse_GetMessage
- * DESCRIPTION:
- *
- * This function obtains the decoded message from the LdapResponse pointed to
- * by "response", storing the result at "pMessage".
- *
- * PARAMETERS
- * "response"
- * The address of the LdapResponse whose decoded message is to be
- * retrieved. Must be non-NULL.
- * "pMessage"
- * The address at which is stored the address of the decoded message. Must
- * be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_LdapResponse_GetMessage(
- PKIX_PL_LdapResponse *response,
- LDAPMessage **pMessage,
- void *plContext)
-{
- PKIX_ENTER(LDAPRESPONSE, "PKIX_PL_LdapResponse_GetMessage");
- PKIX_NULLCHECK_TWO(response, pMessage);
-
- *pMessage = &response->decoded;
-
- PKIX_RETURN(LDAPRESPONSE);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapResponse_GetCapacity
- * DESCRIPTION:
- *
- * This function obtains from the LdapResponse pointed to by "response" the
- * number of bytes remaining to be read, based on the totalLength that was
- * provided to LdapResponse_Create and the data subsequently provided to
- * LdapResponse_Append, storing the result at "pMessage".
- *
- * PARAMETERS
- * "response"
- * The address of the LdapResponse whose remaining capacity is to be
- * retrieved. Must be non-NULL.
- * "pCapacity"
- * The address at which is stored the address of the decoded message. Must
- * be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an LdapResponse Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_LdapResponse_GetCapacity(
- PKIX_PL_LdapResponse *response,
- PKIX_UInt32 *pCapacity,
- void *plContext)
-{
- PKIX_ENTER(LDAPRESPONSE, "PKIX_PL_LdapResponse_GetCapacity");
- PKIX_NULLCHECK_TWO(response, pCapacity);
-
- *pCapacity = response->totalLength - response->partialLength;
-
- PKIX_RETURN(LDAPRESPONSE);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapResponse_GetMessageType
- * DESCRIPTION:
- *
- * This function obtains the message type from the LdapResponse pointed to
- * by "response", storing the result at "pMessageType".
- *
- * PARAMETERS
- * "response"
- * The address of the LdapResponse whose message type is to be
- * retrieved. Must be non-NULL.
- * "pMessageType"
- * The address at which is stored the type of the response message. Must
- * be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_LdapResponse_GetMessageType(
- PKIX_PL_LdapResponse *response,
- LDAPMessageType *pMessageType,
- void *plContext)
-{
- PKIX_ENTER(LDAPRESPONSE, "PKIX_PL_LdapResponse_GetMessageType");
- PKIX_NULLCHECK_TWO(response, pMessageType);
-
- *pMessageType = response->decoded.protocolOp.selector;
-
- PKIX_RETURN(LDAPRESPONSE);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapResponse_GetResultCode
- * DESCRIPTION:
- *
- * This function obtains the result code from the LdapResponse pointed to
- * by "response", storing the result at "pResultCode".
- *
- * PARAMETERS
- * "response"
- * The address of the LdapResponse whose result code is to be
- * retrieved. Must be non-NULL.
- * "pResultCode"
- * The address at which is stored the address of the decoded message. Must
- * be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an LdapResponse Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_LdapResponse_GetResultCode(
- PKIX_PL_LdapResponse *response,
- LDAPResultCode *pResultCode,
- void *plContext)
-{
- LDAPMessageType messageType = 0;
- LDAPSearchResponseResult *resultMsg = NULL;
-
- PKIX_ENTER(LDAPRESPONSE, "PKIX_PL_LdapResponse_GetResultCode");
- PKIX_NULLCHECK_TWO(response, pResultCode);
-
- messageType = response->decoded.protocolOp.selector;
-
- if (messageType != LDAP_SEARCHRESPONSERESULT_TYPE) {
- PKIX_ERROR(PKIX_GETRESULTCODECALLEDFORNONRESULTMESSAGE);
- }
-
- resultMsg = &response->decoded.protocolOp.op.searchResponseResultMsg;
-
- *pResultCode = *(char *)(resultMsg->resultCode.data);
-
-cleanup:
-
- PKIX_RETURN(LDAPRESPONSE);
-}
-
-/*
- * FUNCTION: pkix_pl_LdapResponse_GetAttributes
- * DESCRIPTION:
- *
- * This function obtains the attributes from the LdapResponse pointed to
- * by "response", storing the result at "pAttributes".
- *
- * PARAMETERS
- * "response"
- * The address of the LdapResponse whose decoded message is to be
- * retrieved. Must be non-NULL.
- * "pAttributes"
- * The address at which is stored the attributes of the message. Must be
- * non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an LdapResponse Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_LdapResponse_GetAttributes(
- PKIX_PL_LdapResponse *response,
- LDAPSearchResponseAttr ***pAttributes,
- void *plContext)
-{
- LDAPMessageType messageType = 0;
-
- PKIX_ENTER(LDAPRESPONSE, "PKIX_PL_LdapResponse_GetResultCode");
- PKIX_NULLCHECK_TWO(response, pAttributes);
-
- messageType = response->decoded.protocolOp.selector;
-
- if (messageType != LDAP_SEARCHRESPONSEENTRY_TYPE) {
- PKIX_ERROR(PKIX_GETATTRIBUTESCALLEDFORNONENTRYMESSAGE);
- }
-
- *pAttributes = response->
- decoded.protocolOp.op.searchResponseEntryMsg.attributes;
-
-cleanup:
-
- PKIX_RETURN(LDAPRESPONSE);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.h b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.h
deleted file mode 100644
index 81a837fde..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.h
+++ /dev/null
@@ -1,129 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_ldapresponse.h
- *
- * LdapResponse Object Definitions
- *
- */
-
-#ifndef _PKIX_PL_LDAPRESPONSE_H
-#define _PKIX_PL_LDAPRESPONSE_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_LdapResponseStruct{
- LDAPMessage decoded;
- PKIX_UInt32 partialLength;
- PKIX_UInt32 totalLength;
- SECItem derEncoded;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *
-pkix_pl_LdapResponse_Create(
- LDAPMessageType responseType,
- PKIX_UInt32 totalLength,
- PKIX_UInt32 bytesAvailable,
- void *partialData,
- PKIX_UInt32 *pBytesConsumed,
- PKIX_PL_LdapResponse **pResponse,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_LdapResponse_Append(
- PKIX_PL_LdapResponse *response,
- PKIX_UInt32 partialLength,
- void *partialData,
- PKIX_UInt32 *bytesConsumed,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_LdapResponse_IsComplete(
- PKIX_PL_LdapResponse *response,
- PKIX_Boolean *pIsComplete,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_LdapResponse_Decode(
- PRArenaPool *arena,
- PKIX_PL_LdapResponse *response,
- SECStatus *pStatus,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_LdapResponse_GetMessage(
- PKIX_PL_LdapResponse *response,
- LDAPMessage **pMessage,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_LdapResponse_GetMessageType(
- PKIX_PL_LdapResponse *response,
- LDAPMessageType *pMessageType,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_LdapResponse_GetCapacity(
- PKIX_PL_LdapResponse *response,
- PKIX_UInt32 *pCapacity,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_LdapResponse_GetResultCode(
- PKIX_PL_LdapResponse *response,
- LDAPResultCode *pResultCode,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_LdapResponse_GetAttributes(
- PKIX_PL_LdapResponse *response,
- LDAPSearchResponseAttr ***pAttributes,
- void *plContext);
-
-PKIX_Error *pkix_pl_LdapResponse_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_LDAPRESPONSE_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapt.h b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapt.h
deleted file mode 100644
index 66eda1f4f..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapt.h
+++ /dev/null
@@ -1,348 +0,0 @@
-/*
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifndef _LDAP_H_
-#define _LDAP_H_
-
-#include "certt.h"
-#include "pkixt.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-extern const SEC_ASN1Template PKIX_PL_LDAPCrossCertPairTemplate[];
-SEC_ASN1_CHOOSER_DECLARE(PKIX_PL_LDAPCrossCertPairTemplate)
-extern const SEC_ASN1Template PKIX_PL_LDAPMessageTemplate[];
-SEC_ASN1_CHOOSER_DECLARE(PKIX_PL_LDAPMessageTemplate)
-extern const SEC_ASN1Template LDAPFilterTemplate[];
-SEC_ASN1_CHOOSER_DECLARE(LDAPFilterTemplate)
-
-/* ********************************************************************** */
-
-#define SEC_ASN1_LDAP_STRING SEC_ASN1_OCTET_STRING
-
-#define LDAPATTR_CACERT (1<<0)
-#define LDAPATTR_USERCERT (1<<1)
-#define LDAPATTR_CROSSPAIRCERT (1<<2)
-#define LDAPATTR_CERTREVLIST (1<<3)
-#define LDAPATTR_AUTHREVLIST (1<<4)
-#define MAX_LDAPATTRS 5
-typedef PKIX_UInt32 LdapAttrMask;
-
-typedef enum {
- SIMPLE_AUTH = 0,
- KRBV42LDAP_AUTH = 1,
- KRBV42DSA_AUTH = 2
-} AuthType;
-
-typedef enum {
- BASE_OBJECT = 0,
- SINGLE_LEVEL = 1,
- WHOLE_SUBTREE = 2
-} ScopeType;
-
-typedef enum {
- NEVER_DEREF = 0,
- DEREF_IN_SEARCHING = 1,
- DEREF_FINDING_BASEOBJ = 2,
- ALWAYS_DEREF = 3
-} DerefType;
-
-typedef enum {
- LDAP_INITIALSUBSTRING_TYPE = 0,
- LDAP_ANYSUBSTRING_TYPE = 1,
- LDAP_FINALSUBSTRING_TYPE = 2
-} LDAPSubstringFilterType;
-
-typedef enum {
- LDAP_ANDFILTER_TYPE = 0,
- LDAP_ORFILTER_TYPE = 1,
- LDAP_NOTFILTER_TYPE = 2,
- LDAP_EQUALFILTER_TYPE = 3,
- LDAP_SUBSTRINGFILTER_TYPE = 4,
- LDAP_GREATEROREQUALFILTER_TYPE = 5,
- LDAP_LESSOREQUALFILTER_TYPE = 6,
- LDAP_PRESENTFILTER_TYPE = 7,
- LDAP_APPROXMATCHFILTER_TYPE = 8
-} LDAPFilterType;
-
-typedef enum {
- LDAP_BIND_TYPE = 0,
- LDAP_BINDRESPONSE_TYPE = 1,
- LDAP_UNBIND_TYPE = 2,
- LDAP_SEARCH_TYPE = 3,
- LDAP_SEARCHRESPONSEENTRY_TYPE = 4,
- LDAP_SEARCHRESPONSERESULT_TYPE = 5,
- LDAP_ABANDONREQUEST_TYPE = 16
-} LDAPMessageType;
-
-typedef enum {
- SUCCESS = 0,
- OPERATIONSERROR = 1,
- PROTOCOLERROR = 2,
- TIMELIMITEXCEEDED = 3,
- SIZELIMITEXCEEDED = 4,
- COMPAREFALSE = 5,
- COMPARETRUE = 6,
- AUTHMETHODNOTSUPPORTED = 7,
- STRONGAUTHREQUIRED = 8,
- NOSUCHATTRIBUTE = 16,
- UNDEFINEDATTRIBUTETYPE = 17,
- INAPPROPRIATEMATCHING = 18,
- CONSTRAINTVIOLATION = 19,
- ATTRIBUTEORVALUEEXISTS = 20,
- INVALIDATTRIBUTESYNTAX = 21,
- NOSUCHOBJECT = 32,
- ALIASPROBLEM = 33,
- INVALIDDNSYNTAX = 34,
- ISLEAF = 35,
- ALIASDEREFERENCINGPROBLEM = 36,
- INAPPROPRIATEAUTHENTICATION = 48,
- INVALIDCREDENTIALS = 49,
- INSUFFICIENTACCESSRIGHTS = 50,
- BUSY = 51,
- UNAVAILABLE = 52,
- UNWILLINGTOPERFORM = 53,
- LOOPDETECT = 54,
- NAMINGVIOLATION = 64,
- OBJECTCLASSVIOLATION = 65,
- NOTALLOWEDONNONLEAF = 66,
- NOTALLOWEDONRDN = 67,
- ENTRYALREADYEXISTS = 68,
- OBJECTCLASSMODSPROHIBITED = 69,
- OTHER = 80
-} LDAPResultCode;
-
-typedef struct LDAPLocationStruct LDAPLocation;
-typedef struct LDAPCertPairStruct LDAPCertPair;
-typedef struct LDAPSimpleBindStruct LDAPSimpleBind;
-typedef struct LDAPBindAPIStruct LDAPBindAPI;
-typedef struct LDAPBindStruct LDAPBind;
-typedef struct LDAPResultStruct LDAPBindResponse;
-typedef struct LDAPResultStruct LDAPResult;
-typedef struct LDAPSearchResponseAttrStruct LDAPSearchResponseAttr;
-typedef struct LDAPSearchResponseEntryStruct LDAPSearchResponseEntry;
-typedef struct LDAPResultStruct LDAPSearchResponseResult;
-typedef struct LDAPUnbindStruct LDAPUnbind;
-typedef struct LDAPFilterStruct LDAPFilter;
-typedef struct LDAPAndFilterStruct LDAPAndFilter;
-typedef struct LDAPNotFilterStruct LDAPNotFilter;
-typedef struct LDAPSubstringStruct LDAPSubstring;
-typedef struct LDAPSubstringFilterStruct LDAPSubstringFilter;
-typedef struct LDAPPresentFilterStruct LDAPPresentFilter;
-typedef struct LDAPAttributeValueAssertionStruct LDAPAttributeValueAssertion;
-typedef struct LDAPNameComponentStruct LDAPNameComponent;
-typedef struct LDAPRequestParamsStruct LDAPRequestParams;
-typedef struct LDAPSearchStruct LDAPSearch;
-typedef struct LDAPAbandonRequestStruct LDAPAbandonRequest;
-typedef struct protocolOpStruct LDAPProtocolOp;
-typedef struct LDAPMessageStruct LDAPMessage;
-typedef LDAPAndFilter LDAPOrFilter;
-typedef LDAPAttributeValueAssertion LDAPEqualFilter;
-typedef LDAPAttributeValueAssertion LDAPGreaterOrEqualFilter;
-typedef LDAPAttributeValueAssertion LDAPLessOrEqualFilter;
-typedef LDAPAttributeValueAssertion LDAPApproxMatchFilter;
-
-struct LDAPLocationStruct {
- PRArenaPool *arena;
- void *serverSite;
- void **filterString;
- void **attrBitString;
-};
-
-struct LDAPCertPairStruct {
- SECItem forward;
- SECItem reverse;
-};
-
-struct LDAPSimpleBindStruct {
- char *bindName;
- char *authentication;
-};
-
-struct LDAPBindAPIStruct {
- AuthType selector;
- union {
- LDAPSimpleBind simple;
- } chooser;
-};
-
-struct LDAPBindStruct {
- SECItem version;
- SECItem bindName;
- SECItem authentication;
-};
-
-struct LDAPResultStruct {
- SECItem resultCode;
- SECItem matchedDN;
- SECItem errorMessage;
-};
-
-struct LDAPSearchResponseAttrStruct {
- SECItem attrType;
- SECItem **val;
-};
-
-struct LDAPSearchResponseEntryStruct {
- SECItem objectName;
- LDAPSearchResponseAttr **attributes;
-};
-
-struct LDAPUnbindStruct {
- SECItem dummy;
-};
-
-struct LDAPAndFilterStruct {
- LDAPFilter **filters;
-};
-
-struct LDAPNotFilterStruct {
- LDAPFilter *filter;
-};
-
-struct LDAPSubstringStruct {
- LDAPSubstringFilterType selector;
- SECItem item;
-};
-
-struct LDAPSubstringFilterStruct {
- SECItem attrType;
- LDAPSubstring *strings;
-};
-
-struct LDAPPresentFilterStruct {
- SECItem attrType;
-};
-
-struct LDAPAttributeValueAssertionStruct {
- SECItem attrType;
- SECItem attrValue;
-};
-
-struct LDAPFilterStruct {
- LDAPFilterType selector;
- union {
- LDAPAndFilter andFilter;
- LDAPOrFilter orFilter;
- LDAPNotFilter notFilter;
- LDAPEqualFilter equalFilter;
- LDAPSubstringFilter substringFilter;
- LDAPGreaterOrEqualFilter greaterOrEqualFilter;
- LDAPLessOrEqualFilter lessOrEqualFilter;
- LDAPPresentFilter presentFilter;
- LDAPApproxMatchFilter approxMatchFilter;
- } filter;
-};
-
-struct LDAPNameComponentStruct {
- unsigned char *attrType;
- unsigned char *attrValue;
-};
-
-struct LDAPRequestParamsStruct {
- char *baseObject; /* e.g. "c=US" */
- ScopeType scope;
- DerefType derefAliases;
- PKIX_UInt32 sizeLimit; /* 0 = no limit */
- PRIntervalTime timeLimit; /* 0 = no limit */
- LDAPNameComponent **nc; /* e.g. {{"cn","xxx"},{"o","yyy"},NULL} */
- LdapAttrMask attributes;
-};
-
-struct LDAPSearchStruct {
- SECItem baseObject;
- SECItem scope;
- SECItem derefAliases;
- SECItem sizeLimit;
- SECItem timeLimit;
- SECItem attrsOnly;
- LDAPFilter filter;
- SECItem **attributes;
-};
-
-struct LDAPAbandonRequestStruct {
- SECItem messageID;
-};
-
-struct protocolOpStruct {
- LDAPMessageType selector;
- union {
- LDAPBind bindMsg;
- LDAPBindResponse bindResponseMsg;
- LDAPUnbind unbindMsg;
- LDAPSearch searchMsg;
- LDAPSearchResponseEntry searchResponseEntryMsg;
- LDAPSearchResponseResult searchResponseResultMsg;
- LDAPAbandonRequest abandonRequestMsg;
- } op;
-};
-
-struct LDAPMessageStruct {
- SECItem messageID;
- LDAPProtocolOp protocolOp;
-};
-
-typedef struct PKIX_PL_LdapClientStruct PKIX_PL_LdapClient;
-
-typedef PKIX_Error *
-(*PKIX_PL_LdapClient_InitiateFcn)(
- PKIX_PL_LdapClient *client,
- LDAPRequestParams *requestParams,
- void **pNBIO,
- PKIX_List **pResponse,
- void *plContext);
-
-typedef PKIX_Error *
-(*PKIX_PL_LdapClient_ResumeFcn)(
- PKIX_PL_LdapClient *client,
- void **pNBIO,
- PKIX_List **pResponse,
- void *plContext);
-
-struct PKIX_PL_LdapClientStruct {
- PKIX_PL_LdapClient_InitiateFcn initiateFcn;
- PKIX_PL_LdapClient_ResumeFcn resumeFcn;
-};
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaptemplates.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaptemplates.c
deleted file mode 100644
index abd9fcb51..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaptemplates.c
+++ /dev/null
@@ -1,451 +0,0 @@
-/*
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "pkix_pl_ldapt.h"
-
-SEC_ASN1_MKSUB(SEC_AnyTemplate)
-SEC_ASN1_MKSUB(SEC_NullTemplate)
-SEC_ASN1_MKSUB(SEC_OctetStringTemplate)
-
-/*
- * CertificatePair ::= SEQUENCE {
- * forward [0] Certificate OPTIONAL,
- * reverse [1] Certificate OPTIONAL
- * -- at least one of the pair shall be present --
- * }
- */
-
-const SEC_ASN1Template PKIX_PL_LDAPCrossCertPairTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(LDAPCertPair) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | 0,
- offsetof(LDAPCertPair, forward), SEC_ASN1_SUB(SEC_AnyTemplate) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
- SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | 1,
- offsetof(LDAPCertPair, reverse), SEC_ASN1_SUB(SEC_AnyTemplate) },
- { 0 }
-};
-
-/*
- * BindRequest ::=
- * [APPLICATION 0] SEQUENCE {
- * version INTEGER (1..127),
- * name LDAPDN,
- * authentication CHOICE {
- * simple [0] OCTET STRING,
- * krbv42LDAP [1] OCTET STRING,
- * krbv42DSA [2] OCTET STRING
- * }
- * }
- *
- * LDAPDN ::= LDAPString
- *
- * LDAPString ::= OCTET STRING
- */
-
-#define LDAPStringTemplate SEC_ASN1_SUB(SEC_OctetStringTemplate)
-
-static const SEC_ASN1Template LDAPBindApplTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL },
- { SEC_ASN1_INTEGER, offsetof(LDAPBind, version) },
- { SEC_ASN1_LDAP_STRING, offsetof(LDAPBind, bindName) },
- { SEC_ASN1_LDAP_STRING, offsetof(LDAPBind, authentication) },
- { 0 }
-};
-
-static const SEC_ASN1Template LDAPBindTemplate[] = {
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_BIND_TYPE, 0,
- LDAPBindApplTemplate, sizeof (LDAPBind) }
-};
-
-/*
- * BindResponse ::= [APPLICATION 1] LDAPResult
- *
- * LDAPResult ::=
- * SEQUENCE {
- * resultCode ENUMERATED {
- * success (0),
- * operationsError (1),
- * protocolError (2),
- * timeLimitExceeded (3),
- * sizeLimitExceeded (4),
- * compareFalse (5),
- * compareTrue (6),
- * authMethodNotSupported (7),
- * strongAuthRequired (8),
- * noSuchAttribute (16),
- * undefinedAttributeType (17),
- * inappropriateMatching (18),
- * constraintViolation (19),
- * attributeOrValueExists (20),
- * invalidAttributeSyntax (21),
- * noSuchObject (32),
- * aliasProblem (33),
- * invalidDNSyntax (34),
- * isLeaf (35),
- * aliasDereferencingProblem (36),
- * inappropriateAuthentication (48),
- * invalidCredentials (49),
- * insufficientAccessRights (50),
- * busy (51),
- * unavailable (52),
- * unwillingToPerform (53),
- * loopDetect (54),
- * namingViolation (64),
- * objectClassViolation (65),
- * notAllowedOnNonLeaf (66),
- * notAllowedOnRDN (67),
- * entryAlreadyExists (68),
- * objectClassModsProhibited (69),
- * other (80)
- * },
- * matchedDN LDAPDN,
- * errorMessage LDAPString
- * }
- */
-
-static const SEC_ASN1Template LDAPResultTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL },
- { SEC_ASN1_ENUMERATED, offsetof(LDAPResult, resultCode) },
- { SEC_ASN1_LDAP_STRING, offsetof(LDAPResult, matchedDN) },
- { SEC_ASN1_LDAP_STRING, offsetof(LDAPResult, errorMessage) },
- { 0 }
-};
-
-static const SEC_ASN1Template LDAPBindResponseTemplate[] = {
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_BINDRESPONSE_TYPE, 0,
- LDAPResultTemplate, sizeof (LDAPBindResponse) }
-};
-
-/*
- * UnbindRequest ::= [APPLICATION 2] NULL
- */
-
-static const SEC_ASN1Template LDAPUnbindTemplate[] = {
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | SEC_ASN1_XTRN |
- LDAP_UNBIND_TYPE , 0, SEC_ASN1_SUB(SEC_NullTemplate) }
-};
-
-/*
- * AttributeValueAssertion ::=
- * SEQUENCE {
- * attributeType AttributeType,
- * attributeValue AttributeValue,
- * }
- *
- * AttributeType ::= LDAPString
- * -- text name of the attribute, or dotted
- * -- OID representation
- *
- * AttributeValue ::= OCTET STRING
- */
-
-#define LDAPAttributeTypeTemplate LDAPStringTemplate
-
-/*
- * SubstringFilter ::=
- * SEQUENCE {
- * type AttributeType,
- * SEQUENCE OF CHOICE {
- * initial [0] LDAPString,
- * any [1] LDAPString,
- * final [2] LDAPString,
- * }
- * }
- */
-
-#define LDAPSubstringFilterInitialTemplate LDAPStringTemplate
-#define LDAPSubstringFilterAnyTemplate LDAPStringTemplate
-#define LDAPSubstringFilterFinalTemplate LDAPStringTemplate
-
-static const SEC_ASN1Template LDAPSubstringFilterChoiceTemplate[] = {
- { SEC_ASN1_CHOICE, offsetof(LDAPSubstring, selector), 0,
- sizeof (LDAPFilter) },
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
- offsetof(LDAPSubstring, item),
- LDAPSubstringFilterInitialTemplate,
- LDAP_INITIALSUBSTRING_TYPE },
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
- offsetof(LDAPSubstring, item),
- LDAPSubstringFilterAnyTemplate,
- LDAP_ANYSUBSTRING_TYPE },
- { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
- offsetof(LDAPSubstring, item),
- LDAPSubstringFilterFinalTemplate,
- LDAP_FINALSUBSTRING_TYPE },
- { 0 }
-};
-
-/*
- * Filter ::=
- * CHOICE {
- * and [0] SET OF Filter,
- * or [1] SET OF Filter,
- * not [2] Filter,
- * equalityMatch [3] AttributeValueAssertion,
- * substrings [4] SubstringFilter,
- * greaterOrEqual [5] AttributeValueAssertion,
- * lessOrEqual [6] AttributeValueAssertion,
- * present [7] AttributeType,
- * approxMatch [8] AttributeValueAssertion
- }
- */
-
-static const SEC_ASN1Template LDAPSubstringFilterTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (LDAPSubstringFilter) },
- { SEC_ASN1_LDAP_STRING, offsetof(LDAPSubstringFilter, attrType) },
- { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSubstringFilter, strings),
- LDAPSubstringFilterChoiceTemplate },
- { 0 }
-};
-
-const SEC_ASN1Template LDAPFilterTemplate[]; /* forward reference */
-
-static const SEC_ASN1Template LDAPSetOfFiltersTemplate[] = {
- { SEC_ASN1_SET_OF, 0, LDAPFilterTemplate }
-};
-
-static const SEC_ASN1Template LDAPAVAFilterTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (LDAPAttributeValueAssertion) },
- { SEC_ASN1_LDAP_STRING, offsetof(LDAPAttributeValueAssertion, attrType) },
- { SEC_ASN1_OCTET_STRING, offsetof(LDAPAttributeValueAssertion, attrValue) },
- { 0 }
-};
-
-static const SEC_ASN1Template LDAPPresentFilterTemplate[] = {
- { SEC_ASN1_LDAP_STRING, offsetof(LDAPPresentFilter, attrType) }
-};
-
-#define LDAPEqualFilterTemplate LDAPAVAFilterTemplate
-#define LDAPGreaterOrEqualFilterTemplate LDAPAVAFilterTemplate
-#define LDAPLessOrEqualFilterTemplate LDAPAVAFilterTemplate
-#define LDAPApproxMatchFilterTemplate LDAPAVAFilterTemplate
-
-const SEC_ASN1Template LDAPFilterTemplate[] = {
- { SEC_ASN1_CHOICE, offsetof(LDAPFilter, selector), 0, sizeof(LDAPFilter) },
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
- LDAP_ANDFILTER_TYPE,
- offsetof(LDAPFilter, filter.andFilter.filters),
- LDAPSetOfFiltersTemplate, LDAP_ANDFILTER_TYPE },
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
- LDAP_ORFILTER_TYPE,
- offsetof(LDAPFilter, filter.orFilter.filters),
- LDAPSetOfFiltersTemplate, LDAP_ORFILTER_TYPE },
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
- LDAP_NOTFILTER_TYPE | SEC_ASN1_POINTER,
- offsetof(LDAPFilter, filter.notFilter),
- LDAPFilterTemplate, LDAP_NOTFILTER_TYPE },
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
- LDAP_EQUALFILTER_TYPE,
- offsetof(LDAPFilter, filter.equalFilter),
- LDAPEqualFilterTemplate, LDAP_EQUALFILTER_TYPE },
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
- LDAP_SUBSTRINGFILTER_TYPE, offsetof(LDAPFilter, filter.substringFilter),
- LDAPSubstringFilterTemplate, LDAP_SUBSTRINGFILTER_TYPE },
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
- LDAP_GREATEROREQUALFILTER_TYPE,
- offsetof(LDAPFilter, filter.greaterOrEqualFilter),
- LDAPGreaterOrEqualFilterTemplate, LDAP_GREATEROREQUALFILTER_TYPE },
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
- LDAP_LESSOREQUALFILTER_TYPE,
- offsetof(LDAPFilter, filter.lessOrEqualFilter),
- LDAPLessOrEqualFilterTemplate, LDAP_LESSOREQUALFILTER_TYPE },
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
- LDAP_PRESENTFILTER_TYPE,
- offsetof(LDAPFilter, filter.presentFilter),
- LDAPPresentFilterTemplate, LDAP_PRESENTFILTER_TYPE },
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
- LDAP_APPROXMATCHFILTER_TYPE,
- offsetof(LDAPFilter, filter.approxMatchFilter),
- LDAPApproxMatchFilterTemplate, LDAP_APPROXMATCHFILTER_TYPE },
- { 0 }
-};
-
-/*
- * SearchRequest ::=
- * [APPLICATION 3] SEQUENCE {
- * baseObject LDAPDN,
- * scope ENUMERATED {
- * baseObject (0),
- * singleLevel (1),
- * wholeSubtree (2)
- * },
- * derefAliases ENUMERATED {
- * neverDerefAliases (0),
- * derefInSearching (1),
- * derefFindingBaseObj (2),
- * alwaysDerefAliases (3)
- * },
- * sizeLimit INTEGER (0 .. MAXINT),
- * -- value of 0 implies no sizeLimit
- * timeLimit INTEGER (0 .. MAXINT),
- * -- value of 0 implies no timeLimit
- * attrsOnly BOOLEAN,
- * -- TRUE, if only attributes (without values)
- * -- to be returned
- * filter Filter,
- * attributes SEQUENCE OF AttributeType
- * }
- */
-
-static const SEC_ASN1Template LDAPAttributeTemplate[] = {
- { SEC_ASN1_LDAP_STRING, 0, NULL, sizeof (SECItem) }
-};
-
-static const SEC_ASN1Template LDAPSearchApplTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL },
- { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearch, baseObject) },
- { SEC_ASN1_ENUMERATED, offsetof(LDAPSearch, scope) },
- { SEC_ASN1_ENUMERATED, offsetof(LDAPSearch, derefAliases) },
- { SEC_ASN1_INTEGER, offsetof(LDAPSearch, sizeLimit) },
- { SEC_ASN1_INTEGER, offsetof(LDAPSearch, timeLimit) },
- { SEC_ASN1_BOOLEAN, offsetof(LDAPSearch, attrsOnly) },
- { SEC_ASN1_INLINE, offsetof(LDAPSearch, filter), LDAPFilterTemplate },
- { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSearch, attributes), LDAPAttributeTemplate },
- { 0 }
-};
-
-static const SEC_ASN1Template LDAPSearchTemplate[] = {
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_SEARCH_TYPE, 0,
- LDAPSearchApplTemplate, sizeof (LDAPSearch) }
-};
-
-/*
- * SearchResponse ::=
- * CHOICE {
- * entry [APPLICATION 4] SEQUENCE {
- * objectName LDAPDN,
- * attributes SEQUENCE OF SEQUENCE {
- * AttributeType,
- * SET OF AttributeValue
- * }
- * }
- * resultCode [APPLICATION 5] LDAPResult
- * }
- */
-
-static const SEC_ASN1Template LDAPSearchResponseAttrTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(LDAPSearchResponseAttr) },
- { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearchResponseAttr, attrType) },
- { SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(LDAPSearchResponseAttr, val),
- LDAPStringTemplate },
- { 0 }
-};
-
-static const SEC_ASN1Template LDAPEntryTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL },
- { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearchResponseEntry, objectName) },
- { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSearchResponseEntry, attributes),
- LDAPSearchResponseAttrTemplate },
- { 0 }
-};
-
-static const SEC_ASN1Template LDAPSearchResponseEntryTemplate[] = {
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_SEARCHRESPONSEENTRY_TYPE, 0,
- LDAPEntryTemplate, sizeof (LDAPSearchResponseEntry) }
-};
-
-static const SEC_ASN1Template LDAPSearchResponseResultTemplate[] = {
- { SEC_ASN1_APPLICATION | LDAP_SEARCHRESPONSERESULT_TYPE, 0,
- LDAPResultTemplate, sizeof (LDAPSearchResponseResult) }
-};
-
-/*
- * AbandonRequest ::=
- * [APPLICATION 16] MessageID
- */
-
-static const SEC_ASN1Template LDAPAbandonTemplate[] = {
- { SEC_ASN1_INTEGER, offsetof(LDAPAbandonRequest, messageID) }
-};
-
-static const SEC_ASN1Template LDAPAbandonRequestTemplate[] = {
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_ABANDONREQUEST_TYPE, 0,
- LDAPAbandonTemplate, sizeof (LDAPAbandonRequest) }
-};
-
-/*
- * LDAPMessage ::=
- * SEQUENCE {
- * messageID MessageID,
- * protocolOp CHOICE {
- * bindRequest BindRequest,
- * bindResponse BindResponse,
- * unbindRequest UnbindRequest,
- * searchRequest SearchRequest,
- * searchResponse SearchResponse,
- * abandonRequest AbandonRequest
- * }
- * }
- *
- * (other choices exist, not shown)
- *
- * MessageID ::= INTEGER (0 .. maxInt)
- */
-
-static const SEC_ASN1Template LDAPMessageProtocolOpTemplate[] = {
- { SEC_ASN1_CHOICE, offsetof(LDAPProtocolOp, selector), 0, sizeof (LDAPProtocolOp) },
- { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.bindMsg),
- LDAPBindTemplate, LDAP_BIND_TYPE },
- { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.bindResponseMsg),
- LDAPBindResponseTemplate, LDAP_BINDRESPONSE_TYPE },
- { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.unbindMsg),
- LDAPUnbindTemplate, LDAP_UNBIND_TYPE },
- { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchMsg),
- LDAPSearchTemplate, LDAP_SEARCH_TYPE },
- { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchResponseEntryMsg),
- LDAPSearchResponseEntryTemplate, LDAP_SEARCHRESPONSEENTRY_TYPE },
- { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchResponseResultMsg),
- LDAPSearchResponseResultTemplate, LDAP_SEARCHRESPONSERESULT_TYPE },
- { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.abandonRequestMsg),
- LDAPAbandonRequestTemplate, LDAP_ABANDONREQUEST_TYPE },
- { 0 }
-};
-
-const SEC_ASN1Template PKIX_PL_LDAPMessageTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL },
- { SEC_ASN1_INTEGER, offsetof(LDAPMessage, messageID) },
- { SEC_ASN1_INLINE, offsetof(LDAPMessage, protocolOp),
- LDAPMessageProtocolOpTemplate },
- { 0 }
-};
-
-/* This function simply returns the address of the message template.
- * This is necessary for Windows DLLs.
- */
-SEC_ASN1_CHOOSER_IMPLEMENT(PKIX_PL_LDAPMessageTemplate)
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.c
deleted file mode 100755
index bf22e44eb..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.c
+++ /dev/null
@@ -1,350 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_nsscontext.c
- *
- * NSSContext Function Definitions
- *
- */
-
-
-#include "pkix_pl_nsscontext.h"
-
-#define PKIX_DEFAULT_MAX_RESPONSE_LENGTH 64 * 1024
-#define PKIX_DEFAULT_COMM_TIMEOUT_SECONDS 60
-
-#define PKIX_DEFAULT_CRL_RELOAD_DELAY_SECONDS 6 * 24 * 60 * 60
-#define PKIX_DEFAULT_BAD_CRL_RELOAD_DELAY_SECONDS 60 * 60
-
-/* --Public-NSSContext-Functions--------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_NssContext_Create
- * (see comments in pkix_samples_modules.h)
- */
-PKIX_Error *
-PKIX_PL_NssContext_Create(
- PKIX_UInt32 certificateUsage,
- PKIX_Boolean useNssArena,
- void *wincx,
- void **pNssContext)
-{
- PKIX_PL_NssContext *context = NULL;
- PRArenaPool *arena = NULL;
- void *plContext = NULL;
-
- PKIX_ENTER(CONTEXT, "PKIX_PL_NssContext_Create");
- PKIX_NULLCHECK_ONE(pNssContext);
-
- PKIX_CHECK(PKIX_PL_Malloc
- (sizeof(PKIX_PL_NssContext), (void **)&context, NULL),
- PKIX_MALLOCFAILED);
-
- if (useNssArena == PKIX_TRUE) {
- PKIX_CONTEXT_DEBUG("\t\tCalling PORT_NewArena\n");
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- }
-
- context->arena = arena;
- context->certificateUsage = (SECCertificateUsage)certificateUsage;
- context->wincx = wincx;
- context->timeoutSeconds = PKIX_DEFAULT_COMM_TIMEOUT_SECONDS;
- context->maxResponseLength = PKIX_DEFAULT_MAX_RESPONSE_LENGTH;
- context->crlReloadDelay = PKIX_DEFAULT_CRL_RELOAD_DELAY_SECONDS;
- context->badDerCrlReloadDelay =
- PKIX_DEFAULT_BAD_CRL_RELOAD_DELAY_SECONDS;
- *pNssContext = context;
-
-cleanup:
-
- PKIX_RETURN(CONTEXT);
-}
-
-
-/*
- * FUNCTION: PKIX_PL_NssContext_Destroy
- * (see comments in pkix_samples_modules.h)
- */
-PKIX_Error *
-PKIX_PL_NssContext_Destroy(
- void *nssContext)
-{
- void *plContext = NULL;
- PKIX_PL_NssContext *context = NULL;
-
- PKIX_ENTER(CONTEXT, "PKIX_PL_NssContext_Destroy");
- PKIX_NULLCHECK_ONE(nssContext);
-
- context = (PKIX_PL_NssContext*)nssContext;
-
- if (context->arena != NULL) {
- PKIX_CONTEXT_DEBUG("\t\tCalling PORT_FreeArena\n");
- PORT_FreeArena(context->arena, PKIX_FALSE);
- }
-
- PKIX_PL_Free(nssContext, NULL);
-
- PKIX_RETURN(CONTEXT);
-}
-
-/*
- * FUNCTION: pkix_pl_NssContext_GetCertUsage
- * DESCRIPTION:
- *
- * This function obtains the platform-dependent SECCertificateUsage parameter
- * from the context object pointed to by "nssContext", storing the result at
- * "pCertUsage".
- *
- * PARAMETERS:
- * "nssContext"
- * The address of the context object whose wincx parameter is to be
- * obtained. Must be non-NULL.
- * "pCertUsage"
- * The address where the result is stored. Must be non-NULL.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_NssContext_GetCertUsage(
- PKIX_PL_NssContext *nssContext,
- SECCertificateUsage *pCertUsage)
-{
- void *plContext = NULL;
-
- PKIX_ENTER(CONTEXT, "pkix_pl_NssContext_GetCertUsage");
- PKIX_NULLCHECK_TWO(nssContext, pCertUsage);
-
- *pCertUsage = nssContext->certificateUsage;
-
- PKIX_RETURN(CONTEXT);
-}
-
-/*
- * FUNCTION: pkix_pl_NssContext_SetCertUsage
- * DESCRIPTION:
- *
- * This function sets the platform-dependent SECCertificateUsage parameter in
- * the context object pointed to by "nssContext" to the value provided in
- * "certUsage".
- *
- * PARAMETERS:
- * "certUsage"
- * Platform-dependent value to be stored.
- * "nssContext"
- * The address of the context object whose wincx parameter is to be
- * obtained. Must be non-NULL.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_NssContext_SetCertUsage(
- SECCertificateUsage certUsage,
- PKIX_PL_NssContext *nssContext)
-{
- void *plContext = NULL;
-
- PKIX_ENTER(CONTEXT, "pkix_pl_NssContext_SetCertUsage");
- PKIX_NULLCHECK_ONE(nssContext);
-
- nssContext->certificateUsage = certUsage;
-
- PKIX_RETURN(CONTEXT);
-}
-
-/*
- * FUNCTION: pkix_pl_NssContext_GetWincx
- * DESCRIPTION:
- *
- * This function obtains the platform-dependent wincx parameter from the
- * context object pointed to by "nssContext", storing the result at "pWincx".
- *
- * PARAMETERS:
- * "nssContext"
- * The address of the context object whose wincx parameter is to be
- * obtained. Must be non-NULL.
- * "pWincx"
- * The address where the result is stored. Must be non-NULL.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_NssContext_GetWincx(
- PKIX_PL_NssContext *nssContext,
- void **pWincx)
-{
- void *plContext = NULL;
- PKIX_PL_NssContext *context = NULL;
-
- PKIX_ENTER(CONTEXT, "pkix_pl_NssContext_GetWincx");
- PKIX_NULLCHECK_TWO(nssContext, pWincx);
-
- context = (PKIX_PL_NssContext *)nssContext;
-
- *pWincx = context->wincx;
-
- PKIX_RETURN(CONTEXT);
-}
-
-/*
- * FUNCTION: pkix_pl_NssContext_SetWincx
- * DESCRIPTION:
- *
- * This function sets the platform-dependent wincx parameter in the context
- * object pointed to by "nssContext" to the value provided in "wincx".
- *
- * PARAMETERS:
- * "wincx"
- * Platform-dependent value to be stored.
- * "nssContext"
- * The address of the context object whose wincx parameter is to be
- * obtained. Must be non-NULL.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_NssContext_SetWincx(
- void *wincx,
- PKIX_PL_NssContext *nssContext)
-{
- void *plContext = NULL;
-
- PKIX_ENTER(CONTEXT, "pkix_pl_NssContext_SetWincx");
- PKIX_NULLCHECK_ONE(nssContext);
-
- nssContext->wincx = wincx;
-
- PKIX_RETURN(CONTEXT);
-}
-
-/*
- * FUNCTION: PKIX_PL_NssContext_SetTimeout
- * DESCRIPTION:
- *
- * Sets user defined socket timeout for the validation
- * session. Default is 60 seconds.
- *
- */
-PKIX_Error *
-PKIX_PL_NssContext_SetTimeout(PKIX_UInt32 timeout,
- PKIX_PL_NssContext *nssContext)
-{
- void *plContext = NULL;
-
- PKIX_ENTER(CONTEXT, "PKIX_PL_NssContext_SetTimeout");
- PKIX_NULLCHECK_ONE(nssContext);
-
- nssContext->timeoutSeconds = timeout;
-
- PKIX_RETURN(CONTEXT);
-}
-
-/*
- * FUNCTION: PKIX_PL_NssContext_SetMaxResponseLen
- * DESCRIPTION:
- *
- * Sets user defined maximum transmission length of a message.
- *
- */
-PKIX_Error *
-PKIX_PL_NssContext_SetMaxResponseLen(PKIX_UInt32 len,
- PKIX_PL_NssContext *nssContext)
-{
- void *plContext = NULL;
-
- PKIX_ENTER(CONTEXT, "PKIX_PL_NssContext_SetMaxResponseLen");
- PKIX_NULLCHECK_ONE(nssContext);
-
- nssContext->maxResponseLength = len;
-
- PKIX_RETURN(CONTEXT);
-}
-
-/*
- * FUNCTION: PKIX_PL_NssContext_SetCrlReloadDelay
- * DESCRIPTION:
- *
- * Sets user defined delay between attempts to load crl using
- * CRLDP.
- *
- */
-PKIX_Error *
-PKIX_PL_NssContext_SetCrlReloadDelay(PKIX_UInt32 delay,
- PKIX_PL_NssContext *nssContext)
-{
- void *plContext = NULL;
-
- PKIX_ENTER(CONTEXT, "PKIX_PL_NssContext_SetCrlReloadDelay");
- PKIX_NULLCHECK_ONE(nssContext);
-
- nssContext->crlReloadDelay = delay;
-
- PKIX_RETURN(CONTEXT);
-}
-
-/*
- * FUNCTION: PKIX_PL_NssContext_SetBadDerCrlReloadDelay
- * DESCRIPTION:
- *
- * Sets user defined delay between attempts to load crl that
- * failed to decode.
- *
- */
-PKIX_Error *
-PKIX_PL_NssContext_SetBadDerCrlReloadDelay(PKIX_UInt32 delay,
- PKIX_PL_NssContext *nssContext)
-{
- void *plContext = NULL;
-
- PKIX_ENTER(CONTEXT, "PKIX_PL_NssContext_SetBadDerCrlReloadDelay");
- PKIX_NULLCHECK_ONE(nssContext);
-
- nssContext->badDerCrlReloadDelay = delay;
-
- PKIX_RETURN(CONTEXT);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.h b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.h
deleted file mode 100755
index d57930327..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_nsscontext.h
- *
- * NSSContext Object Type Definition
- *
- */
-
-
-#ifndef _PKIX_PL_NSSCONTEXT_H
-#define _PKIX_PL_NSSCONTEXT_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_NssContextStruct {
- SECCertificateUsage certificateUsage;
- PRArenaPool *arena;
- void *wincx;
- PKIX_UInt32 timeoutSeconds;
- PKIX_UInt32 maxResponseLength;
- PRTime crlReloadDelay;
- PRTime badDerCrlReloadDelay;
-};
-
-PKIX_Error *
-pkix_pl_NssContext_GetCertUsage
- (PKIX_PL_NssContext *nssContext, SECCertificateUsage *pCertUsage);
-
-/* XXX move the setter into the public header. */
-PKIX_Error *
-pkix_pl_NssContext_SetCertUsage
- (SECCertificateUsage certUsage, PKIX_PL_NssContext *nssContext);
-
-PKIX_Error *
-pkix_pl_NssContext_GetWincx(PKIX_PL_NssContext *nssContext, void **pWincx);
-
-/* XXX move the setter into the public header. */
-PKIX_Error *
-pkix_pl_NssContext_SetWincx(void *wincx, PKIX_PL_NssContext *nssContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_NSSCONTEXT_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c
deleted file mode 100755
index af6ed936a..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c
+++ /dev/null
@@ -1,1077 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_pk11certstore.c
- *
- * PKCS11CertStore Function Definitions
- *
- */
-
-#include "pkix_pl_pk11certstore.h"
-
-/* --Private-Pk11CertStore-Functions---------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_Pk11CertStore_CheckTrust
- * DESCRIPTION:
- * This function checks the trust status of this "cert" that was retrieved
- * from the CertStore "store" and returns its trust status at "pTrusted".
- *
- * PARAMETERS:
- * "store"
- * Address of the CertStore. Must be non-NULL.
- * "cert"
- * Address of the Cert. Must be non-NULL.
- * "pTrusted"
- * Address of PKIX_Boolean where the "cert" trust status is returned.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_Pk11CertStore_CheckTrust(
- PKIX_CertStore *store,
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pTrusted,
- void *plContext)
-{
- SECStatus rv = SECFailure;
- PKIX_Boolean trusted = PKIX_FALSE;
- SECCertUsage certUsage = 0;
- SECCertificateUsage certificateUsage;
- unsigned int requiredFlags;
- SECTrustType trustType;
- CERTCertTrust trust;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_CheckTrust");
- PKIX_NULLCHECK_THREE(store, cert, pTrusted);
- PKIX_NULLCHECK_ONE(cert->nssCert);
-
- certificateUsage = ((PKIX_PL_NssContext*)plContext)->certificateUsage;
-
- /* ensure we obtained a single usage bit only */
- PORT_Assert(!(certificateUsage & (certificateUsage - 1)));
-
- /* convert SECertificateUsage (bit mask) to SECCertUsage (enum) */
- while (0 != (certificateUsage = certificateUsage >> 1)) { certUsage++; }
-
- rv = CERT_TrustFlagsForCACertUsage(certUsage, &requiredFlags, &trustType);
- if (rv == SECSuccess) {
- rv = CERT_GetCertTrust(cert->nssCert, &trust);
- }
-
- if (rv == SECSuccess) {
- unsigned int certFlags;
-
- if (certUsage != certUsageAnyCA &&
- certUsage != certUsageStatusResponder) {
- CERTCertificate *nssCert = cert->nssCert;
-
- if (certUsage == certUsageVerifyCA) {
- if (nssCert->nsCertType & NS_CERT_TYPE_EMAIL_CA) {
- trustType = trustEmail;
- } else if (nssCert->nsCertType & NS_CERT_TYPE_SSL_CA) {
- trustType = trustSSL;
- } else {
- trustType = trustObjectSigning;
- }
- }
-
- certFlags = SEC_GET_TRUST_FLAGS((&trust), trustType);
- if ((certFlags & requiredFlags) == requiredFlags) {
- trusted = PKIX_TRUE;
- }
- } else {
- for (trustType = trustSSL; trustType < trustTypeNone;
- trustType++) {
- certFlags =
- SEC_GET_TRUST_FLAGS((&trust), trustType);
- if ((certFlags & requiredFlags) == requiredFlags) {
- trusted = PKIX_TRUE;
- break;
- }
- }
- }
- }
-
- *pTrusted = trusted;
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_pl_Pk11CertStore_CertQuery
- * DESCRIPTION:
- *
- * This function obtains from the database the Certs specified by the
- * ComCertSelParams pointed to by "params" and stores the resulting
- * List at "pSelected". If no matching Certs are found, a NULL pointer
- * will be stored.
- *
- * This function uses a "smart" database query if the Subject has been set
- * in ComCertSelParams. Otherwise, it uses a very inefficient call to
- * retrieve all Certs in the database (and run them through the selector).
- *
- * PARAMETERS:
- * "params"
- * Address of the ComCertSelParams. Must be non-NULL.
- * "pSelected"
- * Address at which List will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_Pk11CertStore_CertQuery(
- PKIX_ComCertSelParams *params,
- PKIX_List **pSelected,
- void *plContext)
-{
- PRBool validOnly = PR_FALSE;
- PRTime prtime = 0;
- PKIX_PL_X500Name *subjectName = NULL;
- PKIX_PL_Date *certValid = NULL;
- PKIX_List *certList = NULL;
- PKIX_PL_Cert *cert = NULL;
- CERTCertList *pk11CertList = NULL;
- CERTCertListNode *node = NULL;
- CERTCertificate *nssCert = NULL;
- CERTCertDBHandle *dbHandle = NULL;
-
- PRArenaPool *arena = NULL;
- SECItem *nameItem = NULL;
- void *wincx = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_CertQuery");
- PKIX_NULLCHECK_TWO(params, pSelected);
-
- /* avoid multiple calls to retrieve a constant */
- PKIX_PL_NSSCALLRV(CERTSTORE, dbHandle, CERT_GetDefaultCertDB, ());
-
- /*
- * Any of the ComCertSelParams may be obtained and used to constrain
- * the database query, to allow the use of a "smart" query. See
- * pkix_certsel.h for a list of the PKIX_ComCertSelParams_Get*
- * calls available. No corresponding "smart" queries exist at present,
- * except for CERT_CreateSubjectCertList based on Subject. When others
- * are added, corresponding code should be added to
- * pkix_pl_Pk11CertStore_CertQuery to use them when appropriate
- * selector parameters have been set.
- */
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetSubject
- (params, &subjectName, plContext),
- PKIX_COMCERTSELPARAMSGETSUBJECTFAILED);
-
- PKIX_CHECK(PKIX_ComCertSelParams_GetCertificateValid
- (params, &certValid, plContext),
- PKIX_COMCERTSELPARAMSGETCERTIFICATEVALIDFAILED);
-
- /* If caller specified a Date, convert it to PRTime */
- if (certValid) {
- PKIX_CHECK(pkix_pl_Date_GetPRTime
- (certValid, &prtime, plContext),
- PKIX_DATEGETPRTIMEFAILED);
- validOnly = PR_TRUE;
- }
-
- /*
- * If we have the subject name for the desired subject,
- * ask the database for Certs with that subject. Otherwise
- * ask the database for all Certs.
- */
- if (subjectName) {
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena) {
-
- PKIX_CHECK(pkix_pl_X500Name_GetDERName
- (subjectName, arena, &nameItem, plContext),
- PKIX_X500NAMEGETSECNAMEFAILED);
-
- if (nameItem) {
-
- PKIX_PL_NSSCALLRV
- (CERTSTORE,
- pk11CertList,
- CERT_CreateSubjectCertList,
- (NULL, dbHandle, nameItem, prtime, validOnly));
- }
- PKIX_PL_NSSCALL
- (CERTSTORE, PORT_FreeArena, (arena, PR_FALSE));
- arena = NULL;
- }
-
- } else {
-
- PKIX_CHECK(pkix_pl_NssContext_GetWincx
- ((PKIX_PL_NssContext *)plContext, &wincx),
- PKIX_NSSCONTEXTGETWINCXFAILED);
-
- PKIX_PL_NSSCALLRV
- (CERTSTORE,
- pk11CertList,
- PK11_ListCerts,
- (PK11CertListAll, wincx));
- }
-
- if (pk11CertList) {
-
- PKIX_CHECK(PKIX_List_Create(&certList, plContext),
- PKIX_LISTCREATEFAILED);
-
- for (node = CERT_LIST_HEAD(pk11CertList);
- !(CERT_LIST_END(node, pk11CertList));
- node = CERT_LIST_NEXT(node)) {
-
- PKIX_PL_NSSCALLRV
- (CERTSTORE,
- nssCert,
- CERT_NewTempCertificate,
- (dbHandle,
- &(node->cert->derCert),
- NULL, /* nickname */
- PR_FALSE,
- PR_TRUE)); /* copyDER */
-
- if (!nssCert) {
- continue; /* just skip bad certs */
- }
-
- PKIX_CHECK_ONLY_FATAL(pkix_pl_Cert_CreateWithNSSCert
- (nssCert, &cert, plContext),
- PKIX_CERTCREATEWITHNSSCERTFAILED);
-
- if (PKIX_ERROR_RECEIVED) {
- CERT_DestroyCertificate(nssCert);
- nssCert = NULL;
- continue; /* just skip bad certs */
- }
-
- PKIX_CHECK_ONLY_FATAL(PKIX_List_AppendItem
- (certList, (PKIX_PL_Object *)cert, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_DECREF(cert);
-
- }
-
- /* Don't throw away the list if one cert was bad! */
- pkixTempErrorReceived = PKIX_FALSE;
- }
-
- *pSelected = certList;
- certList = NULL;
-
-cleanup:
-
- if (pk11CertList) {
- CERT_DestroyCertList(pk11CertList);
- }
- if (arena) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- PKIX_DECREF(subjectName);
- PKIX_DECREF(certValid);
- PKIX_DECREF(cert);
- PKIX_DECREF(certList);
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_pl_Pk11CertStore_ImportCrl
- * DESCRIPTION:
- *
- * PARAMETERS:
- * "params"
- * Address of the ComCRLSelParams. Must be non-NULL.
- * "pSelected"
- * Address at which List will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_Pk11CertStore_ImportCrl(
- PKIX_CertStore *store,
- PKIX_PL_X500Name *issuerName,
- PKIX_List *crlList,
- void *plContext)
-{
- CERTCertDBHandle *certHandle = CERT_GetDefaultCertDB();
- PKIX_PL_CRL *crl = NULL;
- SECItem *derCrl = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_ImportCrl");
- PKIX_NULLCHECK_TWO(store, plContext);
-
- if (!crlList) {
- goto cleanup;
- }
- while (crlList->length > 0) {
- PKIX_CHECK(
- PKIX_List_GetItem(crlList, 0, (PKIX_PL_Object**)&crl,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- /* Delete crl from the list to keep controll of the
- * last reference. crl need to be destroyed right after
- * it released the ownership of the crl der. */
- PKIX_CHECK(
- PKIX_List_DeleteItem(crlList, 0, plContext),
- PKIX_LISTDELETEITEMFAILED);
-
- /* acquire the crlder ownership */
- pkixErrorResult =
- PKIX_PL_CRL_ReleaseDerCrl(crl, &derCrl, plContext);
- PORT_Assert(!pkixErrorResult && derCrl);
- if (pkixErrorResult || !derCrl) {
- /* All pkix delivered crls should be able to
- * release their ders. */
- PKIX_DECREF(pkixErrorResult);
- PKIX_DECREF(crl);
- continue;
- }
- cert_CacheCRLByGeneralName(certHandle, derCrl,
- crl->derGenName);
- /* Do not check the status. If it is a SECFailure,
- * derCrl is already destroyed. */
- derCrl = NULL;
- PKIX_DECREF(crl);
- }
-
-cleanup:
- PKIX_DECREF(crl);
-
- PKIX_RETURN(CERTSTORE);
-}
-
-static PKIX_Error *
-NameCacheHasFetchedCrlInfo(PKIX_PL_Cert *pkixCert,
- PRTime time,
- PKIX_Boolean *pHasFetchedCrlInCache,
- void *plContext)
-{
- /* Returning true result in this case will mean, that case info
- * is currect and should used as is. */
- NamedCRLCache* nameCrlCache = NULL;
- PKIX_Boolean hasFetchedCrlInCache = PKIX_TRUE;
- PKIX_List *dpList = NULL;
- pkix_pl_CrlDp *dp = NULL;
- CERTCertificate *cert;
- PKIX_UInt32 dpIndex = 0;
- SECStatus rv = SECSuccess;
- PRTime reloadDelay = 0, badCrlInvalDelay = 0;
-
- PKIX_ENTER(CERTSTORE, "ChechCacheHasFetchedCrl");
-
- cert = pkixCert->nssCert;
- reloadDelay =
- ((PKIX_PL_NssContext*)plContext)->crlReloadDelay *
- PR_USEC_PER_SEC;
- badCrlInvalDelay =
- ((PKIX_PL_NssContext*)plContext)->badDerCrlReloadDelay *
- PR_USEC_PER_SEC;
- if (!time) {
- time = PR_Now();
- }
- /* If we already download the crl and inserted into the cache, then
- * there is no need to check for fetched crl. We have what we have. */
- PKIX_CHECK(
- PKIX_PL_Cert_GetCrlDp(pkixCert, &dpList, plContext),
- PKIX_CERTGETCRLDPFAILED);
- if (dpList && dpList->length) {
- hasFetchedCrlInCache = PKIX_FALSE;
- rv = cert_AcquireNamedCRLCache(&nameCrlCache);
- if (rv != SECSuccess) {
- PKIX_DECREF(dpList);
- }
- } else {
- /* If no dp then treat it as if we already have
- * a fetched crl. */
- PKIX_DECREF(dpList);
- }
- for (;!hasFetchedCrlInCache &&
- dpList && dpIndex < dpList->length;dpIndex++) {
- SECItem **derDpNames = NULL;
- pkixErrorResult =
- PKIX_List_GetItem(dpList, dpIndex, (PKIX_PL_Object **)&dp,
- plContext);
- if (pkixErrorResult) {
- PKIX_DECREF(pkixErrorResult);
- continue;
- }
- if (dp->nssdp->distPointType == generalName) {
- /* dp can only be created from nssdp. */
- derDpNames = dp->nssdp->derFullName;
- }
- while (derDpNames && *derDpNames != NULL) {
- NamedCRLCacheEntry* cacheEntry = NULL;
- const SECItem *derDpName = *derDpNames++;
- rv = cert_FindCRLByGeneralName(nameCrlCache, derDpName,
- &cacheEntry);
- if (rv == SECSuccess && cacheEntry) {
- if ((cacheEntry->inCRLCache &&
- (cacheEntry->successfulInsertionTime + reloadDelay > time ||
- (cacheEntry->dupe &&
- cacheEntry->lastAttemptTime + reloadDelay > time))) ||
- (cacheEntry->badDER &&
- cacheEntry->lastAttemptTime + badCrlInvalDelay > time)) {
- hasFetchedCrlInCache = PKIX_TRUE;
- break;
- }
- }
- }
- PKIX_DECREF(dp);
- }
-cleanup:
- *pHasFetchedCrlInCache = hasFetchedCrlInCache;
- if (nameCrlCache) {
- cert_ReleaseNamedCRLCache(nameCrlCache);
- }
- PKIX_DECREF(dpList);
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_pl_Pk11CertStore_CheckCrl
- * DESCRIPTION:
- *
- * PARAMETERS:
- * "params"
- * Address of the ComCRLSelParams. Must be non-NULL.
- * "pSelected"
- * Address at which List will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertStore Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_Pk11CertStore_CheckRevByCrl(
- PKIX_CertStore *store,
- PKIX_PL_Cert *pkixCert,
- PKIX_PL_Cert *pkixIssuer,
- PKIX_PL_Date *date,
- PKIX_Boolean crlDownloadDone,
- PKIX_UInt32 *pReasonCode,
- PKIX_RevocationStatus *pStatus,
- void *plContext)
-{
- PKIX_RevocationStatus pkixRevStatus = PKIX_RevStatus_NoInfo;
- CERTRevocationStatus revStatus = certRevocationStatusUnknown;
- PKIX_Boolean hasFetchedCrlInCache = PKIX_TRUE;
- CERTCertificate *cert = NULL, *issuer = NULL;
- SECStatus rv = SECSuccess;
- void *wincx = NULL;
- PRTime time = 0;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_CheckRevByCrl");
- PKIX_NULLCHECK_FOUR(store, pkixCert, pkixIssuer, plContext);
-
- cert = pkixCert->nssCert;
- issuer = pkixIssuer->nssCert;
- if (date) {
- PKIX_CHECK(
- pkix_pl_Date_GetPRTime(date, &time, plContext),
- PKIX_DATEGETPRTIMEFAILED);
- }
- PKIX_CHECK(
- pkix_pl_NssContext_GetWincx((PKIX_PL_NssContext*)plContext,
- &wincx),
- PKIX_NSSCONTEXTGETWINCXFAILED);
- /* No need to check any cDPs, since partitioned crls are not
- * supported. If a ds does not point to partitioned crl, then
- * the crl should be in issuer cache that is unrelated to any
- * dp. Using NULL as a dp pointer to check it.*/
- rv = cert_CheckCertRevocationStatus(cert, issuer, NULL,
- /* Will not validate the signature
- * on the crl if time is not specified.*/
- time, wincx, &revStatus, pReasonCode);
- if (rv == SECFailure) {
- pkixRevStatus = PKIX_RevStatus_Revoked;
- goto cleanup;
- }
- if (crlDownloadDone) {
- if (revStatus == certRevocationStatusRevoked) {
- pkixRevStatus = PKIX_RevStatus_Revoked;
- } else if (revStatus == certRevocationStatusValid) {
- pkixRevStatus = PKIX_RevStatus_Success;
- }
- } else {
- pkixErrorResult =
- NameCacheHasFetchedCrlInfo(pkixCert, time, &hasFetchedCrlInCache,
- plContext);
- if (pkixErrorResult) {
- goto cleanup;
- }
- if (revStatus == certRevocationStatusRevoked &&
- (hasFetchedCrlInCache ||
- *pReasonCode != crlEntryReasoncertificatedHold)) {
- pkixRevStatus = PKIX_RevStatus_Revoked;
- } else if (revStatus == certRevocationStatusValid &&
- hasFetchedCrlInCache) {
- pkixRevStatus = PKIX_RevStatus_Success;
- }
- }
-cleanup:
- *pStatus = pkixRevStatus;
-
- PKIX_RETURN(CERTSTORE);
-}
-
-
-/*
- * FUNCTION: pkix_pl_Pk11CertStore_GetCert
- * (see description of PKIX_CertStore_CertCallback in pkix_certstore.h)
- */
-PKIX_Error *
-pkix_pl_Pk11CertStore_GetCert(
- PKIX_CertStore *store,
- PKIX_CertSelector *selector,
- PKIX_VerifyNode *parentVerifyNode,
- void **pNBIOContext,
- PKIX_List **pCertList,
- void *plContext)
-{
- PKIX_UInt32 i = 0;
- PKIX_UInt32 numFound = 0;
- PKIX_PL_Cert *candidate = NULL;
- PKIX_List *selected = NULL;
- PKIX_List *filtered = NULL;
- PKIX_CertSelector_MatchCallback selectorCallback = NULL;
- PKIX_CertStore_CheckTrustCallback trustCallback = NULL;
- PKIX_ComCertSelParams *params = NULL;
- PKIX_Boolean cacheFlag = PKIX_FALSE;
- PKIX_VerifyNode *verifyNode = NULL;
- PKIX_Error *selectorError = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_GetCert");
- PKIX_NULLCHECK_FOUR(store, selector, pNBIOContext, pCertList);
-
- *pNBIOContext = NULL; /* We don't use non-blocking I/O */
-
- PKIX_CHECK(PKIX_CertSelector_GetMatchCallback
- (selector, &selectorCallback, plContext),
- PKIX_CERTSELECTORGETMATCHCALLBACKFAILED);
-
- PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParams
- (selector, &params, plContext),
- PKIX_CERTSELECTORGETCOMCERTSELPARAMSFAILED);
-
- PKIX_CHECK(pkix_pl_Pk11CertStore_CertQuery
- (params, &selected, plContext),
- PKIX_PK11CERTSTORECERTQUERYFAILED);
-
- if (selected) {
- PKIX_CHECK(PKIX_List_GetLength(selected, &numFound, plContext),
- PKIX_LISTGETLENGTHFAILED);
- }
-
- PKIX_CHECK(PKIX_CertStore_GetCertStoreCacheFlag
- (store, &cacheFlag, plContext),
- PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED);
-
- PKIX_CHECK(PKIX_CertStore_GetTrustCallback
- (store, &trustCallback, plContext),
- PKIX_CERTSTOREGETTRUSTCALLBACKFAILED);
-
- PKIX_CHECK(PKIX_List_Create(&filtered, plContext),
- PKIX_LISTCREATEFAILED);
-
- for (i = 0; i < numFound; i++) {
- PKIX_CHECK_ONLY_FATAL(PKIX_List_GetItem
- (selected,
- i,
- (PKIX_PL_Object **)&candidate,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- if (PKIX_ERROR_RECEIVED) {
- continue; /* just skip bad certs */
- }
-
- selectorError =
- selectorCallback(selector, candidate, plContext);
- if (!selectorError) {
- PKIX_CHECK(PKIX_PL_Cert_SetCacheFlag
- (candidate, cacheFlag, plContext),
- PKIX_CERTSETCACHEFLAGFAILED);
-
- if (trustCallback) {
- PKIX_CHECK(PKIX_PL_Cert_SetTrustCertStore
- (candidate, store, plContext),
- PKIX_CERTSETTRUSTCERTSTOREFAILED);
- }
-
- PKIX_CHECK_ONLY_FATAL(PKIX_List_AppendItem
- (filtered,
- (PKIX_PL_Object *)candidate,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- } else if (parentVerifyNode) {
- PKIX_CHECK_FATAL(
- pkix_VerifyNode_Create(candidate, 0, selectorError,
- &verifyNode, plContext),
- PKIX_VERIFYNODECREATEFAILED);
- PKIX_CHECK_FATAL(
- pkix_VerifyNode_AddToTree(parentVerifyNode,
- verifyNode,
- plContext),
- PKIX_VERIFYNODEADDTOTREEFAILED);
- PKIX_DECREF(verifyNode);
- }
- PKIX_DECREF(selectorError);
- PKIX_DECREF(candidate);
- }
-
- /* Don't throw away the list if one cert was bad! */
- pkixTempErrorReceived = PKIX_FALSE;
-
- *pCertList = filtered;
- filtered = NULL;
-
-cleanup:
-fatal:
- PKIX_DECREF(filtered);
- PKIX_DECREF(candidate);
- PKIX_DECREF(selected);
- PKIX_DECREF(params);
- PKIX_DECREF(verifyNode);
- PKIX_DECREF(selectorError);
-
- PKIX_RETURN(CERTSTORE);
-}
-
-static PKIX_Error *
-RemovePartitionedDpsFromList(PKIX_List *dpList, PKIX_PL_Date *date,
- void *plContext)
-{
- NamedCRLCache* nameCrlCache = NULL;
- pkix_pl_CrlDp *dp = NULL;
- int dpIndex = 0;
- PRTime time;
- PRTime reloadDelay = 0, badCrlInvalDelay = 0;
- SECStatus rv;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_ListRemovePrtDp");
-
- if (!dpList || !dpList->length) {
- PKIX_RETURN(CERTSTORE);
- }
- reloadDelay =
- ((PKIX_PL_NssContext*)plContext)->crlReloadDelay *
- PR_USEC_PER_SEC;
- badCrlInvalDelay =
- ((PKIX_PL_NssContext*)plContext)->badDerCrlReloadDelay *
- PR_USEC_PER_SEC;
- PKIX_CHECK(pkix_pl_Date_GetPRTime(date, &time, plContext),
- PKIX_DATEGETPRTIMEFAILED);
- rv = cert_AcquireNamedCRLCache(&nameCrlCache);
- if (rv == SECFailure) {
- /* Baling out. Wont find out any thing useful. */
- PKIX_RETURN(CERTSTORE);
- }
- while (dpIndex < dpList->length) {
- SECItem **derDpNames = NULL;
- PKIX_Boolean removeDp = PKIX_FALSE;
-
- PKIX_CHECK(
- PKIX_List_GetItem(dpList, dpIndex, (PKIX_PL_Object **)&dp,
- plContext),
- PKIX_LISTGETITEMFAILED);
- if (!dp->isPartitionedByReasonCode) {
- /* See if we know about this dp anything why we should
- * not use it to download a crl. */
- if (dp->nssdp->distPointType == generalName) {
- /* dp can only be created from nssdp. */
- derDpNames = dp->nssdp->derFullName;
- } else {
- removeDp = PKIX_TRUE;
- }
- while (derDpNames && *derDpNames != NULL) {
- NamedCRLCacheEntry* cacheEntry = NULL;
- const SECItem *derDpName = *derDpNames++;
- /* Removing from the list all dps that we know about. */
- rv = cert_FindCRLByGeneralName(nameCrlCache, derDpName,
- &cacheEntry);
- if (rv && cacheEntry) {
- if (cacheEntry->unsupported ||
- (cacheEntry->inCRLCache &&
- (cacheEntry->successfulInsertionTime + reloadDelay > time ||
- (cacheEntry->dupe &&
- cacheEntry->lastAttemptTime + reloadDelay > time))) ||
- (cacheEntry->badDER &&
- cacheEntry->lastAttemptTime + badCrlInvalDelay > time)) {
- removeDp = PKIX_TRUE;
- }
- }
- }
- } else {
- /* Remove dp that point to a partitioned crl . RFC 5280
- * recommends against crl partitioned by reason code.
- * Will skip such crls */
- removeDp = PKIX_TRUE;
- }
- if (removeDp) {
- PKIX_CHECK_ONLY_FATAL(
- pkix_List_Remove(dpList,(PKIX_PL_Object*)dp,
- plContext),
- PKIX_LISTGETITEMFAILED);
- } else {
- dpIndex += 1;
- }
- PKIX_DECREF(dp);
- }
-
-cleanup:
- if (nameCrlCache) {
- cert_ReleaseNamedCRLCache(nameCrlCache);
- }
- PKIX_DECREF(dp);
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_pl_Pk11CertStore_DownloadCrl
- */
-static PKIX_Error *
-DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl,
- const SEC_HttpClientFcnV1 *hcv1, void *plContext)
-{
- char *location = NULL;
- char *hostname = NULL;
- char *path = NULL;
- PRUint16 port;
- SEC_HTTP_SERVER_SESSION pServerSession = NULL;
- SEC_HTTP_REQUEST_SESSION pRequestSession = NULL;
- PRUint16 myHttpResponseCode;
- const char *myHttpResponseData = NULL;
- PRUint32 myHttpResponseDataLen;
- SECItem *uri = NULL;
- SECItem *derCrlCopy = NULL;
- CERTSignedCrl *nssCrl = NULL;
- CERTGeneralName *genName = NULL;
- PKIX_Int32 savedError = -1;
- SECItem **derGenNames = NULL;
- SECItem *derGenName = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_DownloadCrl");
-
- /* Do not support dps others than a one with GeneralName
- * name type. */
- if (dp->distPointType != generalName ||
- !dp->nssdp->derFullName) {
- PKIX_ERROR(PKIX_UNSUPPORTEDCRLDPTYPE);
- }
- genName = dp->name.fullName;
- derGenNames = dp->nssdp->derFullName;
- do {
- derGenName = *derGenNames;
- do {
- if (!derGenName ||
- !genName->name.other.data) {
- /* get to next name if no data. */
- savedError = PKIX_UNSUPPORTEDCRLDPTYPE;
- break;
- }
- uri = &genName->name.other;
- location = (char*)PR_Malloc(1 + uri->len);
- if (!location) {
- savedError = PKIX_ALLOCERROR;
- break;
- }
- PORT_Memcpy(location, uri->data, uri->len);
- location[uri->len] = 0;
- if (CERT_ParseURL(location, &hostname,
- &port, &path) != SECSuccess) {
- PORT_SetError(SEC_ERROR_BAD_INFO_ACCESS_LOCATION);
- savedError = PKIX_URLPARSINGFAILED;
- break;
- }
-
- PORT_Assert(hostname != NULL);
- PORT_Assert(path != NULL);
-
- if ((*hcv1->createSessionFcn)(hostname, port,
- &pServerSession) != SECSuccess) {
- PORT_SetError(SEC_ERROR_BAD_INFO_ACCESS_LOCATION);
- savedError = PKIX_URLPARSINGFAILED;
- break;
- }
-
- if ((*hcv1->createFcn)(pServerSession, "http", path, "GET",
- /* Users with slow connections might not get CRL revocation
- checking for certs that use big CRLs because of the timeout
- We absolutely need code that limits our retry attempts.
- */
- PR_SecondsToInterval(
- ((PKIX_PL_NssContext*)plContext)->timeoutSeconds),
- &pRequestSession) != SECSuccess) {
- savedError = PKIX_HTTPSERVERERROR;
- break;
- }
-
- myHttpResponseDataLen =
- ((PKIX_PL_NssContext*)plContext)->maxResponseLength;
-
- /* We use a non-zero timeout, which means:
- - the client will use blocking I/O
- - TryFcn will not return WOULD_BLOCK nor a poll descriptor
- - it's sufficient to call TryFcn once
- */
- /* we don't want result objects larger than this: */
- if ((*hcv1->trySendAndReceiveFcn)(
- pRequestSession,
- NULL,
- &myHttpResponseCode,
- NULL,
- NULL,
- &myHttpResponseData,
- &myHttpResponseDataLen) != SECSuccess) {
- savedError = PKIX_HTTPSERVERERROR;
- break;
- }
-
- if (myHttpResponseCode != 200) {
- savedError = PKIX_HTTPSERVERERROR;
- break;
- }
- } while(0);
- if (!myHttpResponseData) {
- /* Going to the next one. */
- genName = CERT_GetNextGeneralName(genName);
- derGenNames++;
- }
- /* Staing in the loop through all the names until
- * we have a successful download. */
- } while (!myHttpResponseData && *derGenNames &&
- genName != dp->name.fullName);
- /* Need this name to track the crl source location. */
- PORT_Assert(derGenName);
-
- if (!myHttpResponseData) {
- /* Generating fake bad CRL to keep track of this dp */
- SECItem derCrl = {siBuffer, (void*)"BadCrl", 6 };
-
- derCrlCopy = SECITEM_DupItem(&derCrl);
- if (!derCrlCopy) {
- PKIX_ERROR(PKIX_ALLOCERROR);
- }
- derGenName = *dp->nssdp->derFullName;
- } else {
- SECItem derCrl = { siBuffer,
- (void*)myHttpResponseData,
- myHttpResponseDataLen };
- derCrlCopy = SECITEM_DupItem(&derCrl);
- if (!derCrlCopy) {
- PKIX_ERROR(PKIX_ALLOCERROR);
- }
- /* crl will be based on derCrlCopy, but will not own the der. */
- nssCrl =
- CERT_DecodeDERCrlWithFlags(NULL, derCrlCopy, SEC_CRL_TYPE,
- CRL_DECODE_DONT_COPY_DER |
- CRL_DECODE_SKIP_ENTRIES);
- }
- /* pkix crl owns the der. */
- PKIX_CHECK(
- pkix_pl_CRL_CreateWithSignedCRL(nssCrl, derCrlCopy,
- derGenName,
- crl, plContext),
- PKIX_CRLCREATEWITHSIGNEDCRLFAILED);
- /* pkix crl now own both objects. */
- derCrlCopy = NULL;
- nssCrl = NULL;
-
-cleanup:
- if (derCrlCopy)
- PORT_Free(derCrlCopy);
- if (nssCrl)
- SEC_DestroyCrl(nssCrl);
- if (pRequestSession != NULL)
- (*hcv1->freeFcn)(pRequestSession);
- if (pServerSession != NULL)
- (*hcv1->freeSessionFcn)(pServerSession);
- if (path != NULL)
- PORT_Free(path);
- if (hostname != NULL)
- PORT_Free(hostname);
- if (location) {
- PORT_Free(location);
- }
-
- PKIX_RETURN(CERTSTORE);
-}
-
-/*
- * FUNCTION: pkix_pl_Pk11CertStore_GetCRL
- * (see description of PKIX_CertStore_CRLCallback in pkix_certstore.h)
- */
-static PKIX_Error *
-pkix_pl_Pk11CertStore_GetCRL(
- PKIX_CertStore *store,
- PKIX_CRLSelector *selector,
- void **pNBIOContext,
- PKIX_List **pCrlList,
- void *plContext)
-{
- PKIX_UInt32 dpIndex = 0;
- PKIX_PL_CRL *crl = NULL;
- PKIX_List *crlList = NULL;
- PKIX_List *dpList = NULL;
- pkix_pl_CrlDp *dp = NULL;
- PKIX_PL_Date *date = NULL;
- const SEC_HttpClientFcn *registeredHttpClient = NULL;
-
- PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_GetCRL");
- PKIX_NULLCHECK_THREE(store, pNBIOContext, pCrlList);
- PKIX_NULLCHECK_TWO(selector, selector->params);
-
- registeredHttpClient = SEC_GetRegisteredHttpClient();
- if (!registeredHttpClient || registeredHttpClient->version != 1) {
- goto cleanup;
- }
- dpList = selector->params->crldpList;
- date = selector->params->date;
- PKIX_CHECK(
- RemovePartitionedDpsFromList(dpList, date,
- plContext),
- PKIX_FAILTOREMOVEDPFROMLIST);
- for (;dpIndex < dpList->length;dpIndex++) {
- PKIX_DECREF(dp);
- pkixErrorResult =
- PKIX_List_GetItem(dpList, dpIndex,
- (PKIX_PL_Object **)&dp,
- plContext);
- if (pkixErrorResult) {
- PKIX_DECREF(pkixErrorResult);
- continue;
- }
- pkixErrorResult =
- DownloadCrl(dp, &crl,
- &registeredHttpClient->fcnTable.ftable1,
- plContext);
- if (pkixErrorResult || !crl) {
- /* continue to next dp in case of unsuccesfull
- * download attempt. */
- PKIX_DECREF(pkixErrorResult);
- continue;
- }
- if (!crlList) {
- PKIX_CHECK(PKIX_List_Create(&crlList, plContext),
- PKIX_LISTCREATEFAILED);
- }
- pkixErrorResult =
- PKIX_List_AppendItem(crlList, (PKIX_PL_Object *)crl,
- plContext);
- if (pkixErrorResult) {
- PKIX_DECREF(pkixErrorResult);
- }
- PKIX_DECREF(crl);
- }
- *pCrlList = crlList;
- crlList = NULL;
-
-cleanup:
- PKIX_DECREF(dp);
- PKIX_DECREF(crl);
- PKIX_DECREF(crlList);
-
- PKIX_RETURN(CERTSTORE);
-}
-
-
-/* --Public-Pk11CertStore-Functions----------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_Pk11CertStore_Create
- * (see comments in pkix_samples_modules.h)
- */
-PKIX_Error *
-PKIX_PL_Pk11CertStore_Create(
- PKIX_CertStore **pCertStore,
- void *plContext)
-{
- PKIX_CertStore *certStore = NULL;
-
- PKIX_ENTER(CERTSTORE, "PKIX_PL_Pk11CertStore_Create");
- PKIX_NULLCHECK_ONE(pCertStore);
-
- PKIX_CHECK(PKIX_CertStore_Create
- (pkix_pl_Pk11CertStore_GetCert,
- pkix_pl_Pk11CertStore_GetCRL,
- NULL, /* getCertContinue */
- NULL, /* getCrlContinue */
- pkix_pl_Pk11CertStore_CheckTrust,
- pkix_pl_Pk11CertStore_ImportCrl,
- pkix_pl_Pk11CertStore_CheckRevByCrl,
- NULL,
- PKIX_TRUE, /* cache flag */
- PKIX_TRUE, /* local - no network I/O */
- &certStore,
- plContext),
- PKIX_CERTSTORECREATEFAILED);
-
- *pCertStore = certStore;
-
-cleanup:
-
- PKIX_RETURN(CERTSTORE);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.h b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.h
deleted file mode 100755
index ab9ad89fc..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_pk11certstore.h
- *
- * PK11Certstore Object Type Definition
- *
- */
-
-#ifndef _PKIX_PL_PK11CERTSTORE_H
-#define _PKIX_PL_PK11CERTSTORE_H
-
-#include "pkix_pl_common.h"
-#include "certi.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* see source file for function documentation */
-PKIX_Error *
-PKIX_PL_Pk11CertStore_Create(
- PKIX_CertStore **pCertStore,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_PK11CERTSTORE_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
deleted file mode 100644
index c29e361bf..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
+++ /dev/null
@@ -1,1723 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_socket.c
- *
- * Socket Function Definitions
- *
- */
-
-/*
- * If Socket Tracing is active, messages sent and received will be
- * timestamped and dumped (to stdout) in standard hex-dump format. E.g.,
- *
- * 1116612359156140:
- * 28F0: 48 65 6C 6C 6F 2C 20 77 6F 72 6C 64 21 00 Hello, world!.
- *
- * The timestamp is not formatted to be meaningful except as an increasing
- * value of seconds.microseconds, which is good enough to correlate two
- * sides of a message exchange and to figure durations.
- *
- * Code to perform Socket tracing will be compiled in if PKIX_SOCKETTRACE
- * is defined, but that doesn't mean socket tracing is active. Tracing also
- * requires that the Boolean socketTraceFlag is set to PKIX_TRUE. That is
- * the default value, but it can be overridden by using the debugger to
- * change its value -- allowing tracing to be turned on and off at various
- * breakpoints -- or by setting the environment variable SOCKETTRACE. A
- * value of 1 sets socketTraceFlag to PKIX_TRUE (tracing on), and any other
- * value sets socketTraceFlag to PKIX_FALSE (tracing off). The environment
- * value is checked during system initialization.
- */
-#ifndef BUILD_OPT
-#define PKIX_SOCKETTRACE 1
-#endif
-
-#ifdef PKIX_SOCKETDEBUG
-#define PKIX_SOCKETTRACE 1
-#endif
-
-#include "pkix_pl_socket.h"
-
-/* --Private-Socket-Functions---------------------------------- */
-
-#ifdef PKIX_SOCKETTRACE
-static PKIX_Boolean socketTraceFlag = PKIX_FALSE;
-
-/*
- * FUNCTION: pkix_pl_socket_timestamp
- * DESCRIPTION:
- *
- * This functions prints to stdout the time of day, as obtained from the
- * system function gettimeofday, as seconds.microseconds. Its resolution
- * is whatever the system call provides.
- *
- * PARAMETERS:
- * none
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety definitions in Programmer's Guide)
- * RETURNS:
- * none
- */
-static void pkix_pl_socket_timestamp() {
- PRInt64 prTime;
- prTime = PR_Now();
- printf("%lld:\n", prTime);
-}
-
-/*
- * FUNCTION: pkix_pl_socket_hexDigit
- * DESCRIPTION:
- *
- * This functions prints to stdout the byte "byteVal" as two hex digits.
- *
- * PARAMETERS:
- * "byteVal"
- * The value to be printed.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety definitions in Programmer's Guide)
- * RETURNS:
- * none
- */
-static void pkix_pl_socket_hexDigit(char byteVal) {
- int n = 0;
- char cHi = '\0';
- char cLow = '\0';
- n = ((byteVal >> 4) & 0xf);
- if (n > 9) {
- cHi = (char) ((n - 10) + 'A');
- } else {
- cHi = (char) (n + '0');
- }
- n = byteVal & 0xf;
- if (n > 9) {
- cLow = (char) ((n - 10) + 'A');
- } else {
- cLow = (char) (n + '0');
- }
- (void) printf("%c%c", cHi, cLow);
-}
-
-/*
- * FUNCTION: pkix_pl_socket_linePrefix
- * DESCRIPTION:
- *
- * This functions prints to stdout the address provided by "addr" as four
- * hexadecimal digits followed by a colon and a space.
- *
- * PARAMETERS:
- * "addr"
- * The address to be printed
- * none
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety definitions in Programmer's Guide)
- * RETURNS:
- * none
- */
-static void pkix_pl_socket_linePrefix(PKIX_UInt32 addr) {
- pkix_pl_socket_hexDigit((char)((addr >> 8) & 0xff));
- pkix_pl_socket_hexDigit((char)(addr & 0xff));
- (void) printf(": ");
-}
-
-/*
- * FUNCTION: pkix_pl_socket_traceLine
- * DESCRIPTION:
- *
- * This functions prints to stdout the sixteen bytes beginning at the
- * address pointed to by "ptr". The bytes are printed as sixteen pairs
- * of hexadecimal characters followed by an ascii interpretation, in which
- * characters from 0x20 to 0x7d are shown as their ascii equivalents, and
- * other values are represented as periods.
- *
- * PARAMETERS:
- * "ptr"
- * The address of the first of the bytes to be printed
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety definitions in Programmer's Guide)
- * RETURNS:
- * none
- */
-static void pkix_pl_socket_traceLine(char *ptr) {
- PKIX_UInt32 i = 0;
- pkix_pl_socket_linePrefix((PKIX_UInt32)ptr);
- for (i = 0; i < 16; i++) {
- printf(" ");
- pkix_pl_socket_hexDigit(ptr[i]);
- if (i == 7) {
- printf(" ");
- }
- }
- printf(" ");
- for (i = 0; i < 16; i++) {
- if ((ptr[i] < ' ') || (ptr[i] > '}')) {
- printf(".");
- } else {
- printf("%c", ptr[i]);
- }
- }
- printf("\n");
-}
-
-/*
- * FUNCTION: pkix_pl_socket_tracePartialLine
- * DESCRIPTION:
- *
- * This functions prints to stdout the number of bytes given by "nBytes",
- * beginning at the address pointed to by "ptr". The bytes are printed as
- * pairs of hexadecimal characters followed by an ascii interpretation, in
- * which characters from 0x20 to 0x7d are shown as their ascii equivalents,
- * and other values are represented as periods.
- *
- * PARAMETERS:
- * "ptr"
- * The address of the first of the bytes to be printed
- * "nBytes"
- * The Int32 value giving the number of bytes to be printed. If "nBytes"
- * is greater than sixteen, the results will be unattractive.
- * none
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety definitions in Programmer's Guide)
- * RETURNS:
- * none
- */
-static void pkix_pl_socket_tracePartialLine(char *ptr, PKIX_UInt32 nBytes) {
- PKIX_UInt32 i = 0;
- if (nBytes > 0) {
- pkix_pl_socket_linePrefix((PKIX_UInt32)ptr);
- }
- for (i = 0; i < nBytes; i++) {
- printf(" ");
- pkix_pl_socket_hexDigit(ptr[i]);
- if (i == 7) {
- printf(" ");
- }
- }
- for (i = nBytes; i < 16; i++) {
- printf(" ");
- if (i == 7) {
- printf(" ");
- }
- }
- printf(" ");
- for (i = 0; i < nBytes; i++) {
- if ((ptr[i] < ' ') || (ptr[i] > '}')) {
- printf(".");
- } else {
- printf("%c", ptr[i]);
- }
- }
- printf("\n");
-}
-
-/*
- * FUNCTION: pkix_pl_socket_tracebuff
- * DESCRIPTION:
- *
- * This functions prints to stdout the number of bytes given by "nBytes",
- * beginning with the byte pointed to by "buf". The output is preceded by
- * a timestamp, and each group of sixteen (and a remainder, if any) is
- * preceded by its address. The contents are shown in hexadecimal and as
- * ascii characters. If "nBytes" is zero, the timestamp and starting
- * address are displayed.
- *
- * PARAMETERS:
- * "buf"
- * The starting address of the bytes to be printed
- * "nBytes"
- * The number of bytes to be printed
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety definitions in Programmer's Guide)
- * RETURNS:
- * none
- */
-void pkix_pl_socket_tracebuff(void *buf, PKIX_UInt32 nBytes) {
- PKIX_UInt32 bytesRemaining = nBytes;
- PKIX_UInt32 offset = 0;
- char *bufptr = (char *)buf;
-
- if (socketTraceFlag == PKIX_FALSE) return;
-
- pkix_pl_socket_timestamp();
- /*
- * Special case: if called with length of zero, just do address
- */
- if (nBytes == 0) {
- pkix_pl_socket_linePrefix((PKIX_UInt32)buf);
- printf("\n");
- } else {
- while (bytesRemaining >= 16) {
- pkix_pl_socket_traceLine(&bufptr[offset]);
- bytesRemaining -= 16;
- offset += 16;
- }
- pkix_pl_socket_tracePartialLine
- (&bufptr[offset], bytesRemaining);
- }
-}
-
-#endif
-
-/*
- * FUNCTION: pkix_pl_Socket_SetNonBlocking
- * DESCRIPTION:
- *
- * This functions sets the socket represented by the PRFileDesc "fileDesc"
- * to nonblocking mode.
- *
- * PARAMETERS:
- * "fileDesc"
- * The address of the PRFileDesc whose I/O mode is to be set
- * non-blocking. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety definitions in Programmer's Guide)
- * RETURNS:
- * none
- */
-static PKIX_Error *
-pkix_pl_Socket_SetNonBlocking(
- PRFileDesc *fileDesc,
- void *plContext)
-{
- PRStatus rv = PR_FAILURE;
- PRSocketOptionData sockOptionData;
-
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_SetNonBlocking");
- PKIX_NULLCHECK_ONE(fileDesc);
-
- sockOptionData.option = PR_SockOpt_Nonblocking;
- sockOptionData.value.non_blocking = PR_TRUE;
-
- PKIX_PL_NSSCALLRV(SOCKET, rv, fileDesc->methods->setsocketoption,
- (fileDesc, &sockOptionData));
-
- if (rv != PR_SUCCESS) {
- PKIX_ERROR(PKIX_UNABLETOSETSOCKETTONONBLOCKING);
- }
-cleanup:
-
- PKIX_RETURN(SOCKET);
-}
-
-/*
- * FUNCTION: pkix_pl_Socket_CreateClient
- * DESCRIPTION:
- *
- * This functions creates a client socket for the PKIX_PL_Socket pointed to
- * by "socket". If "socket" was created with a timeout value of zero, the
- * client socket is set to use nonblocking I/O.
- *
- * PARAMETERS:
- * "socket"
- * The address of the Socket for which a client socket is to be
- * created. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety definitions in Programmer's Guide)
- * RETURNS:
- * none
- */
-
-static PKIX_Error *
-pkix_pl_Socket_CreateClient(
- PKIX_PL_Socket *socket,
- void *plContext)
-{
-#ifdef PKIX_SOCKETDEBUG
- PRErrorCode errorcode = 0;
-#endif
- PRFileDesc *mySock = NULL;
-
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_CreateClient");
- PKIX_NULLCHECK_ONE(socket);
-
- PKIX_PL_NSSCALLRV(SOCKET, mySock, PR_NewTCPSocket, ());
- if (!mySock) {
-#ifdef PKIX_SOCKETDEBUG
- errorcode = PR_GetError();
- printf
- ("pkix_pl_Socket_CreateClient: %s\n",
- PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
-#endif
- PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);
- }
-
-#ifdef PKIX_SOCKETDEBUG
- printf("Created socket, PRFileDesc @ %#X\n", mySock);
-#endif
-
- socket->clientSock = mySock;
- socket->status = SOCKET_UNCONNECTED;
- if (socket->timeout == 0) {
- PKIX_CHECK(pkix_pl_Socket_SetNonBlocking(mySock, plContext),
- PKIX_SOCKETSETNONBLOCKINGFAILED);
- }
-
-cleanup:
-
- PKIX_RETURN(SOCKET);
-}
-
-/*
- * FUNCTION: pkix_pl_Socket_CreateServer
- * DESCRIPTION:
- *
- * This functions creates a server socket for the PKIX_PL_Socket pointed to
- * by "socket". If "socket" was created with a timeout value of zero, the
- * server socket is set to use nonblocking I/O.
- *
- * Warning: there seems to be a problem with operating a server socket in
- * non-blocking mode. If the server calls Recv prior to a corresponding
- * Send, the message may be lost.
- *
- * PARAMETERS:
- * "socket"
- * The address of the Socket for which a server socket is to be
- * created. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety definitions in Programmer's Guide)
- * RETURNS:
- * none
- */
-static PKIX_Error *
-pkix_pl_Socket_CreateServer(
- PKIX_PL_Socket *socket,
- void *plContext)
-{
-/* #ifdef PKIX_SOCKETDEBUG */
- PRErrorCode errorcode = 0;
-/* #endif */
- PRStatus rv = PR_FAILURE;
- PRFileDesc *serverSock = NULL;
- PRSocketOptionData sockOptionData;
-
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_CreateServer");
- PKIX_NULLCHECK_ONE(socket);
-
- PKIX_PL_NSSCALLRV(SOCKET, serverSock, PR_NewTCPSocket, ());
- if (!serverSock) {
-#ifdef PKIX_SOCKETDEBUG
- errorcode = PR_GetError();
- printf
- ("pkix_pl_Socket_CreateServer: %s\n",
- PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
-#endif
- PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);
- }
-
- socket->serverSock = serverSock;
-
-#ifdef PKIX_SOCKETDEBUG
- printf("Created socket, PRFileDesc @ %#X\n", serverSock);
-#endif
-
- if (socket->timeout == 0) {
- PKIX_CHECK(pkix_pl_Socket_SetNonBlocking(serverSock, plContext),
- PKIX_SOCKETSETNONBLOCKINGFAILED);
- }
-
- sockOptionData.option = PR_SockOpt_Reuseaddr;
- sockOptionData.value.reuse_addr = PR_TRUE;
-
- PKIX_PL_NSSCALLRV(SOCKET, rv, serverSock->methods->setsocketoption,
- (serverSock, &sockOptionData));
-
- if (rv != PR_SUCCESS) {
- PKIX_ERROR(PKIX_UNABLETOSETSOCKETTONONBLOCKING);
- }
-
- PKIX_PL_NSSCALLRV(SOCKET, rv, PR_Bind, (serverSock, socket->netAddr));
-
- if (rv == PR_FAILURE) {
-/* #ifdef PKIX_SOCKETDEBUG */
- errorcode = PR_GetError();
- printf
- ("pkix_pl_Socket_CreateServer: %s\n",
- PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
-/* #endif */
- PKIX_ERROR(PKIX_PRBINDFAILED);
- }
-
-#ifdef PKIX_SOCKETDEBUG
- printf("Successful bind!\n");
-#endif
-
- socket->status = SOCKET_BOUND;
-
-cleanup:
-
- PKIX_RETURN(SOCKET);
-}
-
-/*
- * FUNCTION: pkix_pl_Socket_Connect
- * DESCRIPTION:
- *
- * This functions performs the connect function for the client socket
- * specified in "socket", storing the status at "pStatus".
- *
- * PARAMETERS:
- * "socket"
- * The address of the Socket for which a connect is to be performed.
- * Must be non-NULL.
- * "pStatus"
- * The address at which the connection status is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety definitions in Programmer's Guide)
- * RETURNS:
- * none
- */
-static PKIX_Error *
-pkix_pl_Socket_Connect(
- PKIX_PL_Socket *socket,
- PRErrorCode *pStatus,
- void *plContext)
-{
- PRStatus rv = PR_FAILURE;
- PRErrorCode errorcode = 0;
-
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_Connect");
- PKIX_NULLCHECK_TWO(socket, socket->clientSock);
-
- PKIX_PL_NSSCALLRV(SOCKET, rv, PR_Connect,
- (socket->clientSock, socket->netAddr, socket->timeout));
-
- if (rv == PR_FAILURE) {
- errorcode = PR_GetError();
- *pStatus = errorcode;
- if (errorcode == PR_IN_PROGRESS_ERROR) {
- socket->status = SOCKET_CONNECTPENDING;
- goto cleanup;
- } else {
-#ifdef PKIX_SOCKETDEBUG
- printf
- ("pkix_pl_Socket_Connect: %s\n",
- PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
-#endif
- PKIX_ERROR(PKIX_PRCONNECTFAILED);
- }
- }
-
-#ifdef PKIX_SOCKETDEBUG
- printf("Successful connect!\n");
-#endif
-
- *pStatus = 0;
- socket->status = SOCKET_CONNECTED;
-
-cleanup:
-
- PKIX_RETURN(SOCKET);
-}
-
-/*
- * FUNCTION: pkix_pl_Socket_ConnectContinue
- * DESCRIPTION:
- *
- * This functions continues the connect function for the client socket
- * specified in "socket", storing the status at "pStatus". It is expected that
- * the non-blocking connect has returned PR_IN_PROGRESS_ERROR.
- *
- * PARAMETERS:
- * "socket"
- * The address of the Socket for which a connect is to be continued.
- * Must be non-NULL.
- * "pStatus"
- * The address at which the connection status is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety definitions in Programmer's Guide)
- * RETURNS:
- * none
- */
-static PKIX_Error *
-pkix_pl_Socket_ConnectContinue(
- PKIX_PL_Socket *socket,
- PRErrorCode *pStatus,
- void *plContext)
-{
- PRStatus rv = PR_FAILURE;
- PRErrorCode errorcode = 0;
- PRPollDesc pollDesc;
- PRInt32 numEvents = 0;
-
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_ConnectContinue");
- PKIX_NULLCHECK_TWO(socket, socket->clientSock);
-
- pollDesc.fd = socket->clientSock;
- pollDesc.in_flags = PR_POLL_WRITE | PR_POLL_EXCEPT;
- pollDesc.out_flags = 0;
- PKIX_PL_NSSCALLRV(SOCKET, numEvents, PR_Poll, (&pollDesc, 1, 0));
- if (numEvents < 0) {
- PKIX_ERROR(PKIX_PRPOLLFAILED);
- }
-
- if (numEvents == 0) {
- *pStatus = PR_IN_PROGRESS_ERROR;
- goto cleanup;
- }
-
- PKIX_PL_NSSCALLRV(SOCKET, rv, PR_ConnectContinue,
- (socket->clientSock, pollDesc.out_flags));
-
- /*
- * PR_ConnectContinue sometimes lies. It returns PR_SUCCESS
- * even though the connection is not yet ready. But its deceit
- * is betrayed by the contents of out_flags!
- */
- if ((rv == PR_SUCCESS) && (pollDesc.out_flags == PR_POLL_ERR)) {
- *pStatus = PR_IN_PROGRESS_ERROR;
- goto cleanup;
- }
-
- if (rv == PR_FAILURE) {
- errorcode = PR_GetError();
- *pStatus = errorcode;
- if (errorcode == PR_IN_PROGRESS_ERROR) {
- goto cleanup;
- } else {
-#ifdef PKIX_SOCKETDEBUG
- printf
- ("pkix_pl_Socket_ConnectContinue: %s\n",
- PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
-#endif
- PKIX_ERROR(PKIX_PRCONNECTCONTINUEFAILED);
- }
- }
-
-#ifdef PKIX_SOCKETDEBUG
- printf("Successful connect!\n");
-#endif
-
- *pStatus = 0;
- socket->status = SOCKET_CONNECTED;
-
-cleanup:
-
- PKIX_RETURN(SOCKET);
-}
-
-/*
- * FUNCTION: pkix_pl_Socket_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_Socket_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_Socket *socket = NULL;
-
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_SOCKET_TYPE, plContext),
- PKIX_OBJECTNOTANSOCKET);
-
- socket = (PKIX_PL_Socket *)object;
-
- if (socket->isServer) {
- if (socket->serverSock) {
- PR_Close(socket->serverSock);
- }
- } else {
- if (socket->clientSock) {
- PR_Close(socket->clientSock);
- }
- }
-
-cleanup:
-
- PKIX_RETURN(SOCKET);
-}
-
-/*
- * FUNCTION: pkix_pl_Socket_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_Socket_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_PL_Socket *socket = NULL;
-
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_SOCKET_TYPE, plContext),
- PKIX_OBJECTNOTSOCKET);
-
- socket = (PKIX_PL_Socket *)object;
-
- *pHashcode = (((socket->timeout << 3) +
- (socket->netAddr->inet.family << 3)) +
- (*((PKIX_UInt32 *)&(socket->netAddr->inet.ip)))) +
- socket->netAddr->inet.port;
-
-cleanup:
-
- PKIX_RETURN(SOCKET);
-}
-
-/*
- * FUNCTION: pkix_pl_Socket_Equals
- * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_Socket_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Int32 *pResult,
- void *plContext)
-{
- PKIX_PL_Socket *firstSocket = NULL;
- PKIX_PL_Socket *secondSocket = NULL;
-
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- *pResult = PKIX_FALSE;
-
- PKIX_CHECK(pkix_CheckTypes
- (firstObject, secondObject, PKIX_SOCKET_TYPE, plContext),
- PKIX_OBJECTNOTSOCKET);
-
- firstSocket = (PKIX_PL_Socket *)firstObject;
- secondSocket = (PKIX_PL_Socket *)secondObject;
-
- if (firstSocket->timeout != secondSocket->timeout) {
- goto cleanup;
- }
-
- if (firstSocket->netAddr == secondSocket->netAddr) {
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- if ((firstSocket->netAddr->inet.family !=
- secondSocket->netAddr->inet.family) ||
- (*((PKIX_UInt32 *)&(firstSocket->netAddr->inet.ip)) !=
- *((PKIX_UInt32 *)&(secondSocket->netAddr->inet.ip))) ||
- (firstSocket->netAddr->inet.port !=
- secondSocket->netAddr->inet.port)) {
-
- goto cleanup;
-
- }
-
- *pResult = PKIX_TRUE;
-
-cleanup:
-
- PKIX_RETURN(SOCKET);
-}
-
-/*
- * FUNCTION: pkix_pl_Socket_RegisterSelf
- *
- * DESCRIPTION:
- * Registers PKIX_PL_SOCKET_TYPE and its related
- * functions with systemClasses[]
- *
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_Socket_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_RegisterSelf");
-
- entry.description = "Socket";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_Socket);
- entry.destructor = pkix_pl_Socket_Destroy;
- entry.equalsFunction = pkix_pl_Socket_Equals;
- entry.hashcodeFunction = pkix_pl_Socket_Hashcode;
- entry.toStringFunction = NULL;
- entry.comparator = NULL;
- entry.duplicateFunction = NULL;
-
- systemClasses[PKIX_SOCKET_TYPE] = entry;
-
-#ifdef PKIX_SOCKETTRACE
- {
- char *val = NULL;
- val = PR_GetEnv("SOCKETTRACE");
- /* Is SOCKETTRACE set in the environment? */
- if ((val != NULL) && (*val != '\0')) {
- socketTraceFlag =
- ((*val == '1')?PKIX_TRUE:PKIX_FALSE);
- }
- }
-#endif
-
- PKIX_RETURN(SOCKET);
-}
-
-/* --Public-Socket-Functions----------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_Socket_Listen
- * DESCRIPTION:
- *
- * This functions establishes a listening queue for the server Socket
- * pointed to by "socket".
- *
- * PARAMETERS:
- * "socket"
- * The address of the server socket for which the queue is to be
- * established. Must be non-NULL.
- * "backlog"
- * The UInt32 value of the length of the queue to be established.
- * "plContext"
- * Platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety definitions in Programmer's Guide)
- * RETURNS:
- * none
- */
-static PKIX_Error *
-pkix_pl_Socket_Listen(
- PKIX_PL_Socket *socket,
- PKIX_UInt32 backlog,
- void *plContext)
-{
-#ifdef PKIX_SOCKETDEBUG
- PRErrorCode errorcode = 0;
-#endif
- PRStatus rv = PR_FAILURE;
-
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_Listen");
- PKIX_NULLCHECK_TWO(socket, socket->serverSock);
-
- PKIX_PL_NSSCALLRV(SOCKET, rv, PR_Listen,
- (socket->serverSock, (PRIntn)backlog));
-
- if (rv == PR_FAILURE) {
-#ifdef PKIX_SOCKETDEBUG
- errorcode = PR_GetError();
- printf
- ("pkix_pl_Socket_Listen: %s\n",
- PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
-#endif
- PKIX_ERROR(PKIX_PRLISTENFAILED);
- }
-
-#ifdef PKIX_SOCKETDEBUG
- printf("Successful listen!\n");
-#endif
-
- socket->status = SOCKET_LISTENING;
-cleanup:
-
- PKIX_RETURN(SOCKET);
-}
-
-/*
- * FUNCTION: pkix_pl_Socket_Shutdown
- * DESCRIPTION:
- *
- * This functions performs the shutdown of any connections controlled by the
- * socket pointed to by "socket".
- *
- * PARAMETERS:
- * "socket"
- * The address of the socket to be shut down. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety definitions in Programmer's Guide)
- * RETURNS:
- * none
- */
-static PKIX_Error *
-pkix_pl_Socket_Shutdown(
- PKIX_PL_Socket *socket,
- void *plContext)
-{
-#ifdef PKIX_SOCKETDEBUG
- PRErrorCode errorcode = 0;
-#endif
- PRStatus rv = PR_FAILURE;
- PRFileDesc *fileDesc = NULL;
-
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_Shutdown");
- PKIX_NULLCHECK_ONE(socket);
-
- fileDesc =
- (socket->isServer)?(socket->serverSock):(socket->clientSock);
-
- PKIX_PL_NSSCALLRV(SOCKET, rv, PR_Shutdown,
- (fileDesc, PR_SHUTDOWN_BOTH));
-
- if (rv == PR_FAILURE) {
-#ifdef PKIX_SOCKETDEBUG
- errorcode = PR_GetError();
- printf
- ("pkix_pl_Socket_Shutdown: %s\n",
- PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
-#endif
- PKIX_ERROR(PKIX_PRSHUTDOWNFAILED);
- }
- socket->status = SOCKET_SHUTDOWN;
-
-cleanup:
-
- PKIX_RETURN(SOCKET);
-}
-
-/*
- * FUNCTION: pkix_pl_Socket_Send
- * DESCRIPTION:
- *
- * This functions sends a message using the socket pointed to by "sendSock",
- * from the buffer pointed to by "buf", of the number of bytes given by
- * "bytesToWrite", storing the number of bytes actually written at
- * "pBytesWritten". If "socket" is in non-blocking mode, the send operation
- * may store -1 at "pBytesWritten" and the write is not complete until a
- * corresponding pkix_pl_Poll call has indicated its completion by returning
- * a non-negative value for bytes written.
- *
- * PARAMETERS:
- * "sendSock"
- * The address of the Socket on which the message is to be sent. Must
- * be non-NULL.
- * "buf"
- * The address of the data to be sent. Must be non-NULL.
- * "bytesToWrite""
- * The UInt32 value indicating the number of bytes to write.
- * "pBytesWritten"
- * The address at which the Int32 value indicating the number of bytes
- * actually written is to be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety definitions in Programmer's Guide)
- * RETURNS:
- * none
- */
-static PKIX_Error *
-pkix_pl_Socket_Send(
- PKIX_PL_Socket *sendSock,
- void *buf,
- PKIX_UInt32 bytesToWrite,
- PKIX_Int32 *pBytesWritten,
- void *plContext)
-{
- PRInt32 bytesWritten = 0;
- PRErrorCode errorcode = 0;
- PRFileDesc *fd = NULL;
-
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_Send");
- PKIX_NULLCHECK_TWO(buf, pBytesWritten);
-
- fd = sendSock->clientSock;
-
- PKIX_PL_NSSCALLRV(SOCKET, bytesWritten, PR_Send,
- (fd, buf, (PRInt32)bytesToWrite, 0, sendSock->timeout));
-
- if (bytesWritten >= 0) {
- if (sendSock->status == SOCKET_SENDRCVPENDING) {
- sendSock->status = SOCKET_RCVPENDING;
- } else {
- sendSock->status = SOCKET_CONNECTED;
- }
-#ifdef PKIX_SOCKETTRACE
- pkix_pl_socket_tracebuff(buf, bytesWritten);
-#endif
- } else {
- errorcode = PR_GetError();
- if (errorcode != PR_WOULD_BLOCK_ERROR) {
-#ifdef PKIX_SOCKETDEBUG
- printf
- ("pkix_pl_Socket_Send: %s\n",
- PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
-#endif
- PKIX_ERROR(PKIX_PRSENDFAILED);
- }
-
- sendSock->writeBuf = buf;
- sendSock->writeBufSize = bytesToWrite;
- if (sendSock->status == SOCKET_RCVPENDING) {
- sendSock->status = SOCKET_SENDRCVPENDING;
- } else {
- sendSock->status = SOCKET_SENDPENDING;
- }
- }
-
- *pBytesWritten = (PKIX_Int32)bytesWritten;
-
-cleanup:
-
- PKIX_RETURN(SOCKET);
-}
-
-/*
- * FUNCTION: pkix_pl_Socket_Recv
- * DESCRIPTION:
- *
- * This functions receives a message on the socket pointed to by "rcvSock",
- * into the buffer pointed to by "buf", of capacity given by "capacity",
- * storing the number of bytes actually received at "pBytesRead". If "socket"
- * is in non-blocking mode, the receive operation may store -1 at
- * "pBytesWritten". In that case the write is not complete until a
- * corresponding pkix_pl_Poll call has indicated its completion by returning
- * a non-negative value for bytes read.
- *
- * PARAMETERS:
- * "rcvSock"
- * The address of the Socket on which the message is to be received.
- * Must be non-NULL.
- * "buf"
- * The address of the buffer into which the message is to be received.
- * Must be non-NULL.
- * "capacity"
- * The UInt32 value of the size of the buffer; that is, the maximum
- * number of bytes that can be received.
- * "pBytesRead"
- * The address at which is stored the Int32 value of the number of bytes
- * actually received.
- * "plContext"
- * Platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety definitions in Programmer's Guide)
- * RETURNS:
- * none
- */
-static PKIX_Error *
-pkix_pl_Socket_Recv(
- PKIX_PL_Socket *rcvSock,
- void *buf,
- PKIX_UInt32 capacity,
- PKIX_Int32 *pBytesRead,
- void *plContext)
-{
- PRErrorCode errorcode = 0;
- PRInt32 bytesRead = 0;
- PRFileDesc *fd = NULL;
-
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_Recv");
- PKIX_NULLCHECK_THREE(rcvSock, buf, pBytesRead);
-
- fd = rcvSock->clientSock;
-
- PKIX_PL_NSSCALLRV(SOCKET, bytesRead, PR_Recv,
- (fd, buf, (PRInt32)capacity, 0, rcvSock->timeout));
-
- if (bytesRead > 0) {
- if (rcvSock->status == SOCKET_SENDRCVPENDING) {
- rcvSock->status = SOCKET_SENDPENDING;
- } else {
- rcvSock->status = SOCKET_CONNECTED;
- }
-#ifdef PKIX_SOCKETTRACE
- pkix_pl_socket_tracebuff(buf, bytesRead);
-#endif
- } else if (bytesRead == 0) {
- PKIX_ERROR(PKIX_PRRECVREPORTSNETWORKCONNECTIONCLOSED);
- } else {
- errorcode = PR_GetError();
- if (errorcode != PR_WOULD_BLOCK_ERROR) {
-#ifdef PKIX_SOCKETDEBUG
- printf
- ("pkix_pl_Socket_Recv: %s\n",
- PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
-#endif
- PKIX_ERROR(PKIX_PRRECVFAILED);
- }
- rcvSock->readBuf = buf;
- rcvSock->readBufSize = capacity;
- if (rcvSock->status == SOCKET_SENDPENDING) {
- rcvSock->status = SOCKET_SENDRCVPENDING;
- } else {
- rcvSock->status = SOCKET_RCVPENDING;
- }
-
- }
-
- *pBytesRead = (PKIX_Int32)bytesRead;
-
-cleanup:
-
- PKIX_RETURN(SOCKET);
-}
-
-/*
- * FUNCTION: pkix_pl_Socket_Poll
- * DESCRIPTION:
- *
- * This functions checks for completion of an earlier Send or Recv on the
- * socket pointed to by "sock", storing in "pBytesWritten" the number of bytes
- * written by a completed Send and in "pBytesRead" the number of bytes
- * received in a completed Recv. A value of -1 returned indicates the
- * operation has still not completed. A NULL pointer may be supplied for
- * "pBytesWritten" to avoid checking for completion of a Send. A NULL pointer
- * may be supplied for "pBytesRead" to avoid checking for completion of a Recv.
- *
- * PARAMETERS:
- * "sock"
- * The address of the socket for which completions are to be checked.
- * "pBytesWritten"
- * The address at which the number of bytes written is to be stored, if
- * a pending Send has completed. If NULL, Sends are not checked.
- * "pBytesRead"
- * The address at which the number of bytes read is to be stored, if
- * a pending Recv has completed. If NULL, Recvs are not checked.
- * "plContext"
- * Platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety definitions in Programmer's Guide)
- * RETURNS:
- * none
- */
-static PKIX_Error *
-pkix_pl_Socket_Poll(
- PKIX_PL_Socket *sock,
- PKIX_Int32 *pBytesWritten,
- PKIX_Int32 *pBytesRead,
- void *plContext)
-{
- PRPollDesc pollDesc;
- PRInt32 numEvents = 0;
- PKIX_Int32 bytesRead = 0;
- PKIX_Int32 bytesWritten = 0;
- PRErrorCode errorcode = 0;
-
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_Poll");
- PKIX_NULLCHECK_ONE(sock);
-
- pollDesc.fd = sock->clientSock;
- pollDesc.in_flags = 0;
- pollDesc.out_flags = 0;
-
- if ((pBytesWritten) &&
- ((sock->status == SOCKET_SENDPENDING) ||
- (sock->status = SOCKET_SENDRCVPENDING))) {
- pollDesc.in_flags = PR_POLL_WRITE;
- }
-
- if ((pBytesRead) &&
- ((sock->status = SOCKET_RCVPENDING) ||
- (sock->status = SOCKET_SENDRCVPENDING))) {
- pollDesc.in_flags |= PR_POLL_READ;
- }
-
- PKIX_PL_NSSCALLRV(SOCKET, numEvents, PR_Poll, (&pollDesc, 1, 0));
-
- if (numEvents < 0) {
- PKIX_ERROR(PKIX_PRPOLLFAILED);
- } else if (numEvents > 0) {
- if (pollDesc.out_flags & PR_POLL_WRITE) {
- PKIX_CHECK(pkix_pl_Socket_Send
- (sock,
- sock->writeBuf,
- sock->writeBufSize,
- &bytesWritten,
- plContext),
- PKIX_SOCKETSENDFAILED);
- *pBytesWritten = (PKIX_Int32)bytesWritten;
- if (bytesWritten >= 0) {
- sock->writeBuf = NULL;
- sock->writeBufSize = 0;
- }
- }
-
- if (pollDesc.out_flags & PR_POLL_READ) {
- PKIX_CHECK(pkix_pl_Socket_Recv
- (sock,
- sock->readBuf,
- sock->readBufSize,
- &bytesRead,
- plContext),
- PKIX_SOCKETRECVFAILED);
- *pBytesRead = (PKIX_Int32)bytesRead;
- if (bytesRead >= 0) {
- sock->readBuf = NULL;
- sock->readBufSize = 0;
- }
- }
- } else if (numEvents == 0) {
- errorcode = PR_GetError();
- if (errorcode != PR_WOULD_BLOCK_ERROR) {
-#ifdef PKIX_SOCKETDEBUG
- printf
- ("pkix_pl_Socket_Poll: %s\n",
- PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
-#endif
- PKIX_ERROR(PKIX_PRPOLLFAILED);
- }
- if (pBytesWritten) {
- *pBytesWritten = 0;
- }
- if (pBytesRead) {
- *pBytesRead = 0;
- }
- }
-
-cleanup:
-
- PKIX_RETURN(SOCKET);
-}
-
-/*
- * FUNCTION: pkix_pl_Socket_Accept
- * DESCRIPTION:
- *
- * This functions accepts a client connection for the server Socket pointed
- * to by "serverSocket", creating a new Socket and storing the result at
- * "pRendezvousSocket". If "serverSocket" is in non-blocking mode, this
- * function will return NULL if there is no client connection to accept.
- * Otherwise this function will block until a connection is available.
- * When a client connection is available the new Socket will have the same
- * blocking/non-blocking property as "serverSocket".
- *
- * PARAMETERS:
- * "serverSocket"
- * The address of the Socket for which a client connection is to be
- * accepted. Must be non-NULL.
- * "pRendezvousSocket"
- * The address at which the created Socket is stored, when a client
- * connection is available, or at which NULL is stored, if no connection
- * is available for a non-blocking "serverSocket". Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety definitions in Programmer's Guide)
- * RETURNS:
- * none
- */
-static PKIX_Error *
-pkix_pl_Socket_Accept(
- PKIX_PL_Socket *serverSocket,
- PKIX_PL_Socket **pRendezvousSocket,
- void *plContext)
-{
- PRErrorCode errorcode = 0;
- PRFileDesc *rendezvousSock = NULL;
- PRNetAddr *clientAddr = NULL;
- PKIX_PL_Socket *newSocket = NULL;
-
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_Accept");
- PKIX_NULLCHECK_TWO(serverSocket, pRendezvousSocket);
-
- PKIX_PL_NSSCALLRV(SOCKET, rendezvousSock, PR_Accept,
- (serverSocket->serverSock, clientAddr, serverSocket->timeout));
-
- if (!rendezvousSock) {
- errorcode = PR_GetError();
- if (errorcode != PR_WOULD_BLOCK_ERROR) {
-#ifdef PKIX_SOCKETDEBUG
- printf
- ("pkix_pl_Socket_Accept: %s\n",
- PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
-#endif
- PKIX_ERROR(PKIX_PRACCEPTFAILED);
- }
- serverSocket->status = SOCKET_ACCEPTPENDING;
- *pRendezvousSocket = NULL;
- goto cleanup;
-
- }
-
-#ifdef PKIX_SOCKETDEBUG
- printf("Successful accept!\n");
-#endif
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_SOCKET_TYPE,
- sizeof (PKIX_PL_Socket),
- (PKIX_PL_Object **)&newSocket,
- plContext),
- PKIX_COULDNOTCREATESOCKETOBJECT);
-
- newSocket->isServer = PKIX_FALSE;
- newSocket->timeout = serverSocket->timeout;
- newSocket->clientSock = rendezvousSock;
- newSocket->serverSock = NULL;
- newSocket->netAddr = NULL;
- newSocket->status = SOCKET_CONNECTED;
- newSocket->callbackList.shutdownCallback = pkix_pl_Socket_Shutdown;
- newSocket->callbackList.listenCallback = pkix_pl_Socket_Listen;
- newSocket->callbackList.acceptCallback = pkix_pl_Socket_Accept;
- newSocket->callbackList.connectcontinueCallback =
- pkix_pl_Socket_ConnectContinue;
- newSocket->callbackList.sendCallback = pkix_pl_Socket_Send;
- newSocket->callbackList.recvCallback = pkix_pl_Socket_Recv;
- newSocket->callbackList.pollCallback = pkix_pl_Socket_Poll;
-
- if (serverSocket->timeout == 0) {
- PKIX_CHECK(pkix_pl_Socket_SetNonBlocking
- (rendezvousSock, plContext),
- PKIX_SOCKETSETNONBLOCKINGFAILED);
- }
-
- *pRendezvousSocket = newSocket;
-
-cleanup:
-
- PKIX_RETURN(SOCKET);
-}
-
-/*
- * FUNCTION: pkix_pl_Socket_Create
- * DESCRIPTION:
- *
- * This function creates a new Socket, setting it to be a server or a client
- * according to the value of "isServer", setting its timeout value from
- * "timeout" and server address from "netAddr", and stores the created Socket
- * at "pSocket".
- *
- * PARAMETERS:
- * "isServer"
- * The Boolean value indicating if PKIX_TRUE, that a server socket (using
- * Bind, Listen, and Accept) is to be created, or if PKIX_FALSE, that a
- * client socket (using Connect) is to be created.
- * "timeout"
- * A PRTimeInterval value to be used for I/O waits for this socket. If
- * zero, non-blocking I/O is to be used.
- * "netAddr"
- * The PRNetAddr to be used for the Bind function, if this is a server
- * socket, or for the Connect, if this is a client socket.
- * "pSocket"
- * The address at which the Socket is to be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Socket Error if the function fails in
- * a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_Socket_Create(
- PKIX_Boolean isServer,
- PRIntervalTime timeout,
- PRNetAddr *netAddr,
- PRErrorCode *status,
- PKIX_PL_Socket **pSocket,
- void *plContext)
-{
- PKIX_PL_Socket *socket = NULL;
-
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_Create");
- PKIX_NULLCHECK_ONE(pSocket);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_SOCKET_TYPE,
- sizeof (PKIX_PL_Socket),
- (PKIX_PL_Object **)&socket,
- plContext),
- PKIX_COULDNOTCREATESOCKETOBJECT);
-
- socket->isServer = isServer;
- socket->timeout = timeout;
- socket->clientSock = NULL;
- socket->serverSock = NULL;
- socket->netAddr = netAddr;
-
- socket->callbackList.listenCallback = pkix_pl_Socket_Listen;
- socket->callbackList.acceptCallback = pkix_pl_Socket_Accept;
- socket->callbackList.connectcontinueCallback =
- pkix_pl_Socket_ConnectContinue;
- socket->callbackList.sendCallback = pkix_pl_Socket_Send;
- socket->callbackList.recvCallback = pkix_pl_Socket_Recv;
- socket->callbackList.pollCallback = pkix_pl_Socket_Poll;
- socket->callbackList.shutdownCallback = pkix_pl_Socket_Shutdown;
-
- if (isServer) {
- PKIX_CHECK(pkix_pl_Socket_CreateServer(socket, plContext),
- PKIX_SOCKETCREATESERVERFAILED);
- *status = 0;
- } else {
- socket->timeout = timeout;
- PKIX_CHECK(pkix_pl_Socket_CreateClient(socket, plContext),
- PKIX_SOCKETCREATECLIENTFAILED);
- PKIX_CHECK(pkix_pl_Socket_Connect(socket, status, plContext),
- PKIX_SOCKETCONNECTFAILED);
- }
-
- *pSocket = socket;
-
-cleanup:
- if (PKIX_ERROR_RECEIVED) {
- PKIX_DECREF(socket);
- }
-
- PKIX_RETURN(SOCKET);
-}
-
-/*
- * FUNCTION: pkix_pl_Socket_CreateByName
- * DESCRIPTION:
- *
- * This function creates a new Socket, setting it to be a server or a client
- * according to the value of "isServer", setting its timeout value from
- * "timeout" and server address and port number from "serverName", and stores
- * the status at "pStatus" and the created Socket at "pSocket".
- *
- * If isServer is PKIX_TRUE, it is attempted to create the socket with an ip
- * address of PR_INADDR_ANY.
- *
- * PARAMETERS:
- * "isServer"
- * The Boolean value indicating if PKIX_TRUE, that a server socket (using
- * Bind, Listen, and Accept) is to be created, or if PKIX_FALSE, that a
- * client socket (using Connect) is to be created.
- * "timeout"
- * A PRTimeInterval value to be used for I/O waits for this socket. If
- * zero, non-blocking I/O is to be used.
- * "serverName"
- * Address of a character string consisting of the server's domain name
- * followed by a colon and a port number for the desired socket.
- * "pStatus"
- * Address at which the PRErrorCode resulting from the create is
- * stored. Must be non-NULL.
- * "pSocket"
- * The address at which the Socket is to be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Socket Error if the function fails in
- * a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_Socket_CreateByName(
- PKIX_Boolean isServer,
- PRIntervalTime timeout,
- char *serverName,
- PRErrorCode *pStatus,
- PKIX_PL_Socket **pSocket,
- void *plContext)
-{
- PRNetAddr netAddr;
- PKIX_PL_Socket *socket = NULL;
- char *sepPtr = NULL;
- PRHostEnt hostent;
- PRIntn hostenum;
- PRStatus prstatus = PR_FAILURE;
- char buf[PR_NETDB_BUF_SIZE];
- PRUint16 portNum = 0;
- char *localCopyName = NULL;
-
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_CreateByName");
- PKIX_NULLCHECK_TWO(serverName, pSocket);
-
- localCopyName = PL_strdup(serverName);
-
- sepPtr = strchr(localCopyName, ':');
- /* First strip off the portnum, if present, from the end of the name */
- if (sepPtr) {
- *sepPtr++ = '\0';
- portNum = (PRUint16)atoi(sepPtr);
- } else {
- portNum = (PRUint16)LDAP_PORT;
- }
-
- prstatus = PR_GetHostByName(localCopyName, buf, sizeof(buf), &hostent);
-
- if ((prstatus != PR_SUCCESS) || (hostent.h_length != 4)) {
- /*
- * The hostname may be a fully-qualified name. Try using just
- * the leftmost component in our lookup.
- */
- sepPtr = strchr(localCopyName, '.');
- if (sepPtr) {
- *sepPtr++ = '\0';
- }
- prstatus = PR_GetHostByName
- (localCopyName, buf, sizeof(buf), &hostent);
-
- if ((prstatus != PR_SUCCESS) || (hostent.h_length != 4)) {
- PKIX_ERROR
- (PKIX_PRGETHOSTBYNAMEREJECTSHOSTNAMEARGUMENT);
- }
- }
-
- netAddr.inet.family = PR_AF_INET;
- netAddr.inet.port = PR_htons(portNum);
-
- if (isServer) {
-
- netAddr.inet.ip = PR_INADDR_ANY;
-
- } else {
-
- hostenum = PR_EnumerateHostEnt(0, &hostent, portNum, &netAddr);
- if (hostenum == -1) {
- PKIX_ERROR(PKIX_PRENUMERATEHOSTENTFAILED);
- }
- }
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_SOCKET_TYPE,
- sizeof (PKIX_PL_Socket),
- (PKIX_PL_Object **)&socket,
- plContext),
- PKIX_COULDNOTCREATESOCKETOBJECT);
-
- socket->isServer = isServer;
- socket->timeout = timeout;
- socket->clientSock = NULL;
- socket->serverSock = NULL;
- socket->netAddr = &netAddr;
-
- socket->callbackList.listenCallback = pkix_pl_Socket_Listen;
- socket->callbackList.acceptCallback = pkix_pl_Socket_Accept;
- socket->callbackList.connectcontinueCallback =
- pkix_pl_Socket_ConnectContinue;
- socket->callbackList.sendCallback = pkix_pl_Socket_Send;
- socket->callbackList.recvCallback = pkix_pl_Socket_Recv;
- socket->callbackList.pollCallback = pkix_pl_Socket_Poll;
- socket->callbackList.shutdownCallback = pkix_pl_Socket_Shutdown;
-
- if (isServer) {
- PKIX_CHECK(pkix_pl_Socket_CreateServer(socket, plContext),
- PKIX_SOCKETCREATESERVERFAILED);
- *pStatus = 0;
- } else {
- PKIX_CHECK(pkix_pl_Socket_CreateClient(socket, plContext),
- PKIX_SOCKETCREATECLIENTFAILED);
- PKIX_CHECK(pkix_pl_Socket_Connect(socket, pStatus, plContext),
- PKIX_SOCKETCONNECTFAILED);
- }
-
- *pSocket = socket;
-
-cleanup:
- PL_strfree(localCopyName);
-
- if (PKIX_ERROR_RECEIVED) {
- PKIX_DECREF(socket);
- }
-
- PKIX_RETURN(SOCKET);
-}
-
-/*
- * FUNCTION: pkix_pl_Socket_CreateByHostAndPort
- * DESCRIPTION:
- *
- * This function creates a new Socket, setting it to be a server or a client
- * according to the value of "isServer", setting its timeout value from
- * "timeout", host from "hostname", and port number from "portNum", and stores
- * the status at "pStatus" and the created Socket at "pSocket".
- *
- * If isServer is PKIX_TRUE, it is attempted to create the socket with an ip
- * address of PR_INADDR_ANY.
- *
- * PARAMETERS:
- * "isServer"
- * The Boolean value indicating if PKIX_TRUE, that a server socket (using
- * Bind, Listen, and Accept) is to be created, or if PKIX_FALSE, that a
- * client socket (using Connect) is to be created.
- * "timeout"
- * A PRTimeInterval value to be used for I/O waits for this socket. If
- * zero, non-blocking I/O is to be used.
- * "hostname"
- * Address of a character string consisting of the server's domain name.
- * "portNum"
- * UInt16 value of the port number for the desired socket.
- * "pStatus"
- * Address at which the PRErrorCode resulting from the create is
- * stored. Must be non-NULL.
- * "pSocket"
- * The address at which the Socket is to be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Socket Error if the function fails in
- * a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_Socket_CreateByHostAndPort(
- PKIX_Boolean isServer,
- PRIntervalTime timeout,
- char *hostname,
- PRUint16 portnum,
- PRErrorCode *pStatus,
- PKIX_PL_Socket **pSocket,
- void *plContext)
-{
- PRNetAddr netAddr;
- PKIX_PL_Socket *socket = NULL;
- char *sepPtr = NULL;
- PRHostEnt hostent;
- PRIntn hostenum;
- PRStatus prstatus = PR_FAILURE;
- char buf[PR_NETDB_BUF_SIZE];
-
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_CreateByHostAndPort");
- PKIX_NULLCHECK_THREE(hostname, pStatus, pSocket);
-
-
- prstatus = PR_GetHostByName(hostname, buf, sizeof(buf), &hostent);
-
- if ((prstatus != PR_SUCCESS) || (hostent.h_length != 4)) {
- /*
- * The hostname may be a fully-qualified name. Try using just
- * the leftmost component in our lookup.
- */
- sepPtr = strchr(hostname, '.');
- if (sepPtr) {
- *sepPtr++ = '\0';
- }
- prstatus = PR_GetHostByName(hostname, buf, sizeof(buf), &hostent);
-
- if ((prstatus != PR_SUCCESS) || (hostent.h_length != 4)) {
- PKIX_ERROR
- (PKIX_PRGETHOSTBYNAMEREJECTSHOSTNAMEARGUMENT);
- }
- }
-
- netAddr.inet.family = PR_AF_INET;
- netAddr.inet.port = PR_htons(portnum);
-
- if (isServer) {
-
- netAddr.inet.ip = PR_INADDR_ANY;
-
- } else {
-
- hostenum = PR_EnumerateHostEnt(0, &hostent, portnum, &netAddr);
- if (hostenum == -1) {
- PKIX_ERROR(PKIX_PRENUMERATEHOSTENTFAILED);
- }
- }
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_SOCKET_TYPE,
- sizeof (PKIX_PL_Socket),
- (PKIX_PL_Object **)&socket,
- plContext),
- PKIX_COULDNOTCREATESOCKETOBJECT);
-
- socket->isServer = isServer;
- socket->timeout = timeout;
- socket->clientSock = NULL;
- socket->serverSock = NULL;
- socket->netAddr = &netAddr;
-
- socket->callbackList.listenCallback = pkix_pl_Socket_Listen;
- socket->callbackList.acceptCallback = pkix_pl_Socket_Accept;
- socket->callbackList.connectcontinueCallback =
- pkix_pl_Socket_ConnectContinue;
- socket->callbackList.sendCallback = pkix_pl_Socket_Send;
- socket->callbackList.recvCallback = pkix_pl_Socket_Recv;
- socket->callbackList.pollCallback = pkix_pl_Socket_Poll;
- socket->callbackList.shutdownCallback = pkix_pl_Socket_Shutdown;
-
- if (isServer) {
- PKIX_CHECK(pkix_pl_Socket_CreateServer(socket, plContext),
- PKIX_SOCKETCREATESERVERFAILED);
- *pStatus = 0;
- } else {
- PKIX_CHECK(pkix_pl_Socket_CreateClient(socket, plContext),
- PKIX_SOCKETCREATECLIENTFAILED);
- PKIX_CHECK(pkix_pl_Socket_Connect(socket, pStatus, plContext),
- PKIX_SOCKETCONNECTFAILED);
- }
-
- *pSocket = socket;
-
-cleanup:
- if (PKIX_ERROR_RECEIVED) {
- PKIX_DECREF(socket);
- }
-
- PKIX_RETURN(SOCKET);
-}
-
-/*
- * FUNCTION: pkix_pl_Socket_GetCallbackList
- */
-PKIX_Error *
-pkix_pl_Socket_GetCallbackList(
- PKIX_PL_Socket *socket,
- PKIX_PL_Socket_Callback **pCallbackList,
- void *plContext)
-{
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_GetCallbackList");
- PKIX_NULLCHECK_TWO(socket, pCallbackList);
-
- *pCallbackList = &(socket->callbackList);
-
- PKIX_RETURN(SOCKET);
-}
-
-/*
- * FUNCTION: pkix_pl_Socket_GetPRFileDesc
- */
-PKIX_Error *
-pkix_pl_Socket_GetPRFileDesc(
- PKIX_PL_Socket *socket,
- PRFileDesc **pDesc,
- void *plContext)
-{
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_GetPRFileDesc");
- PKIX_NULLCHECK_TWO(socket, pDesc);
-
- *pDesc = socket->clientSock;
-
- PKIX_RETURN(SOCKET);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.h b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.h
deleted file mode 100644
index 133c620c3..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.h
+++ /dev/null
@@ -1,242 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_socket.h
- *
- * Socket Object Type Definition
- *
- */
-
-#ifndef _PKIX_PL_SOCKET_H
-#define _PKIX_PL_SOCKET_H
-
-#include <errno.h>
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef enum {
- SOCKET_BOUND,
- SOCKET_LISTENING,
- SOCKET_ACCEPTPENDING,
- SOCKET_UNCONNECTED,
- SOCKET_CONNECTPENDING,
- SOCKET_CONNECTED,
- SOCKET_SENDPENDING,
- SOCKET_RCVPENDING,
- SOCKET_SENDRCVPENDING,
- SOCKET_SHUTDOWN
-} SockStatus;
-
-/* This is the default port number, if none is supplied to CreateByName. */
-#define LDAP_PORT 389
-
-/*
- * These callbacks allow a user to substitute a counterfeit socket in places
- * where a PKIX_PL_Socket is expected. A conforming usage will use the
- * ListenCallback function instead of Listen, AcceptCallback instead of Accept,
- * etc. The counterfeit socket may have special capabilites such as the
- * ability to do proxy authentication, etc.
- */
-
-typedef PKIX_Error *
-(*pkix_pl_Socket_ListenCallback)(
- PKIX_PL_Socket *socket,
- PKIX_UInt32 backlog,
- void *plContext);
-
-typedef PKIX_Error *
-(*pkix_pl_Socket_AcceptCallback)(
- PKIX_PL_Socket *socket,
- PKIX_PL_Socket **pRendezvousSock,
- void *plContext);
-
-typedef PKIX_Error *
-(*pkix_pl_Socket_ConnectContinueCallback)(
- PKIX_PL_Socket *socket,
- PRErrorCode *pStatus,
- void *plContext);
-
-typedef PKIX_Error *
-(*pkix_pl_Socket_SendCallback)(
- PKIX_PL_Socket *sendSock,
- void *buf,
- PKIX_UInt32 bytesToWrite,
- PKIX_Int32 *pBytesWritten,
- void *plContext);
-
-typedef PKIX_Error *
-(*pkix_pl_Socket_RecvCallback)(
- PKIX_PL_Socket *rcvSock,
- void *buf,
- PKIX_UInt32 capacity,
- PKIX_Int32 *pBytesRead,
- void *plContext);
-
-typedef PKIX_Error *
-(*pkix_pl_Socket_PollCallback)(
- PKIX_PL_Socket *sock,
- PKIX_Int32 *pBytesWritten,
- PKIX_Int32 *pBytesRead,
- void *plContext);
-
-typedef PKIX_Error *
-(*pkix_pl_Socket_ShutdownCallback)(
- PKIX_PL_Socket *socket, void *plContext);
-
-typedef struct PKIX_PL_Socket_CallbackStruct {
- pkix_pl_Socket_ListenCallback listenCallback;
- pkix_pl_Socket_AcceptCallback acceptCallback;
- pkix_pl_Socket_ConnectContinueCallback connectcontinueCallback;
- pkix_pl_Socket_SendCallback sendCallback;
- pkix_pl_Socket_RecvCallback recvCallback;
- pkix_pl_Socket_PollCallback pollCallback;
- pkix_pl_Socket_ShutdownCallback shutdownCallback;
-} PKIX_PL_Socket_Callback;
-
-struct PKIX_PL_SocketStruct {
- PKIX_Boolean isServer;
- PRIntervalTime timeout; /* zero for non-blocking I/O */
- SockStatus status;
- PRFileDesc *clientSock;
- PRFileDesc *serverSock;
- void *readBuf;
- void *writeBuf;
- PKIX_UInt32 readBufSize;
- PKIX_UInt32 writeBufSize;
- PRNetAddr *netAddr;
- PKIX_PL_Socket_Callback callbackList;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_pl_Socket_RegisterSelf(void *plContext);
-
-PKIX_Error *
-pkix_pl_Socket_Create(
- PKIX_Boolean isServer,
- PRIntervalTime timeout, /* zero for non-blocking I/O */
- PRNetAddr *netAddr,
- PRErrorCode *status,
- PKIX_PL_Socket **pSocket,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_Socket_CreateByName(
- PKIX_Boolean isServer,
- PRIntervalTime timeout,
- char *serverName,
- PRErrorCode *pStatus,
- PKIX_PL_Socket **pSocket,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_Socket_CreateByHostAndPort(
- PKIX_Boolean isServer,
- PRIntervalTime timeout,
- char *hostname,
- PRUint16 portnum,
- PRErrorCode *pStatus,
- PKIX_PL_Socket **pSocket,
- void *plContext);
-
-/* Do not use these functions directly; use their callback variants instead
- * static PKIX_Error *
- * pkix_pl_Socket_Listen(
- * PKIX_PL_Socket *socket,
- * PKIX_UInt32 backlog,
- * void *plContext);
- *
- * static PKIX_Error *
- * pkix_pl_Socket_Accept(
- * PKIX_PL_Socket *socket,
- * PKIX_PL_Socket **pRendezvousSock,
- * void *plContext);
- *
- * static PKIX_Error *
- * pkix_pl_Socket_ConnectContinue(
- * PKIX_PL_Socket *socket,
- * PRErrorCode *pStatus,
- * void *plContext);
- *
- * static PKIX_Error *
- * pkix_pl_Socket_Send(
- * PKIX_PL_Socket *sendSock,
- * void *buf,
- * PKIX_UInt32 bytesToWrite,
- * PKIX_Int32 *pBytesWritten,
- * void *plContext);
- *
- * static PKIX_Error *
- * pkix_pl_Socket_Recv(
- * PKIX_PL_Socket *rcvSock,
- * void *buf,
- * PKIX_UInt32 capacity,
- * PKIX_Int32 *pBytesRead,
- * void *plContext);
- *
- * static PKIX_Error *
- * pkix_pl_Socket_Poll(
- * PKIX_PL_Socket *sock,
- * PKIX_Int32 *pBytesWritten,
- * PKIX_Int32 *pBytesRead,
- * void *plContext);
- *
- * static PKIX_Error *
- * pkix_pl_Socket_Shutdown(
- * PKIX_PL_Socket *socket, void *plContext);
- */
-
-PKIX_Error *
-pkix_pl_Socket_GetCallbackList(
- PKIX_PL_Socket *socket,
- PKIX_PL_Socket_Callback **pCallbackList,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_Socket_GetPRFileDesc(
- PKIX_PL_Socket *socket,
- PRFileDesc **pDesc,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_SOCKET_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/Makefile b/security/nss/lib/libpkix/pkix_pl_nss/pki/Makefile
deleted file mode 100755
index 42adc1f4a..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/Makefile
+++ /dev/null
@@ -1,82 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
-
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/config.mk b/security/nss/lib/libpkix/pkix_pl_nss/pki/config.mk
deleted file mode 100755
index 6f3fb7b4b..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/config.mk
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/manifest.mn b/security/nss/lib/libpkix/pkix_pl_nss/pki/manifest.mn
deleted file mode 100755
index 322ea85eb..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/manifest.mn
+++ /dev/null
@@ -1,89 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-# Red Hat, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../../../..
-
-EXPORTS = \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- pkix_pl_basicconstraints.h \
- pkix_pl_cert.h \
- pkix_pl_certpolicyinfo.h \
- pkix_pl_certpolicymap.h \
- pkix_pl_certpolicyqualifier.h \
- pkix_pl_crl.h \
- pkix_pl_crldp.h \
- pkix_pl_crlentry.h \
- pkix_pl_date.h \
- pkix_pl_generalname.h \
- pkix_pl_infoaccess.h \
- pkix_pl_nameconstraints.h \
- pkix_pl_ocsprequest.h \
- pkix_pl_ocspresponse.h \
- pkix_pl_publickey.h \
- pkix_pl_x500name.h \
- pkix_pl_ocspcertid.h \
- $(NULL)
-
-MODULE = nss
-
-CSRCS = \
- pkix_pl_basicconstraints.c \
- pkix_pl_cert.c \
- pkix_pl_certpolicyinfo.c \
- pkix_pl_certpolicymap.c \
- pkix_pl_certpolicyqualifier.c \
- pkix_pl_crl.c \
- pkix_pl_crldp.c \
- pkix_pl_crlentry.c \
- pkix_pl_date.c \
- pkix_pl_generalname.c \
- pkix_pl_infoaccess.c \
- pkix_pl_nameconstraints.c \
- pkix_pl_ocsprequest.c \
- pkix_pl_ocspresponse.c \
- pkix_pl_publickey.c \
- pkix_pl_x500name.c \
- pkix_pl_ocspcertid.c \
- $(NULL)
-
-REQUIRES = dbm
-
-LIBRARY_NAME = pkixpki
-
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.c
deleted file mode 100644
index 85ce3fa65..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.c
+++ /dev/null
@@ -1,440 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_basicconstraints.c
- *
- * BasicConstraints Object Functions
- *
- */
-
-#include "pkix_pl_basicconstraints.h"
-
-/*
- * FUNCTION: pkix_pl_CertBasicConstraints_Create
- * DESCRIPTION:
- *
- * Creates a new CertBasicConstraints object whose CA Flag has the value
- * given by the Boolean value of "isCA" and whose path length field has the
- * value given by the "pathLen" argument and stores it at "pObject".
- *
- * PARAMETERS
- * "isCA"
- * Boolean value with the desired value of CA Flag.
- * "pathLen"
- * a PKIX_Int32 with the desired value of path length
- * "pObject"
- * Address of object pointer's destination. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertBasicConstraints Error if the function fails
- * in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_CertBasicConstraints_Create(
- PKIX_Boolean isCA,
- PKIX_Int32 pathLen,
- PKIX_PL_CertBasicConstraints **pObject,
- void *plContext)
-{
- PKIX_PL_CertBasicConstraints *basic = NULL;
-
- PKIX_ENTER(CERTBASICCONSTRAINTS,
- "pkix_pl_CertBasicConstraints_Create");
- PKIX_NULLCHECK_ONE(pObject);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_CERTBASICCONSTRAINTS_TYPE,
- sizeof (PKIX_PL_CertBasicConstraints),
- (PKIX_PL_Object **)&basic,
- plContext),
- PKIX_COULDNOTCREATECERTBASICCONSTRAINTSOBJECT);
-
- basic->isCA = isCA;
-
- /* pathLen has meaning only for CAs, but it's not worth checking */
- basic->pathLen = pathLen;
-
- *pObject = basic;
-
-cleanup:
-
- PKIX_RETURN(CERTBASICCONSTRAINTS);
-}
-
-/*
- * FUNCTION: pkix_pl_CertBasicConstraints_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertBasicConstraints_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_CertBasicConstraints *certB = NULL;
-
- PKIX_ENTER(CERTBASICCONSTRAINTS,
- "pkix_pl_CertBasicConstraints_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext),
- PKIX_OBJECTNOTCERTBASICCONSTRAINTS);
-
- certB = (PKIX_PL_CertBasicConstraints*)object;
-
- certB->isCA = PKIX_FALSE;
- certB->pathLen = 0;
-
-cleanup:
-
- PKIX_RETURN(CERTBASICCONSTRAINTS);
-}
-
-/*
- * FUNCTION: pkix_pl_CertBasicConstraints_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertBasicConstraints_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_String *certBasicConstraintsString = NULL;
- PKIX_PL_CertBasicConstraints *certB = NULL;
- PKIX_Boolean isCA = PKIX_FALSE;
- PKIX_Int32 pathLen = 0;
- PKIX_PL_String *outString = NULL;
- char *fmtString = NULL;
- PKIX_Boolean pathlenArg = PKIX_FALSE;
-
- PKIX_ENTER(CERTBASICCONSTRAINTS,
- "pkix_pl_CertBasicConstraints_toString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext),
- PKIX_FIRSTARGUMENTNOTCERTBASICCONSTRAINTSOBJECT);
-
- certB = (PKIX_PL_CertBasicConstraints *)object;
-
- /*
- * if CA == TRUE
- * if pathLen == CERT_UNLIMITED_PATH_CONSTRAINT
- * print "CA(-1)"
- * else print "CA(nnn)"
- * if CA == FALSE, print "~CA"
- */
-
- isCA = certB->isCA;
-
- if (isCA) {
- pathLen = certB->pathLen;
-
- if (pathLen == CERT_UNLIMITED_PATH_CONSTRAINT) {
- /* print "CA(-1)" */
- fmtString = "CA(-1)";
- pathlenArg = PKIX_FALSE;
- } else {
- /* print "CA(pathLen)" */
- fmtString = "CA(%d)";
- pathlenArg = PKIX_TRUE;
- }
- } else {
- /* print "~CA" */
- fmtString = "~CA";
- pathlenArg = PKIX_FALSE;
- }
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- fmtString,
- 0,
- &certBasicConstraintsString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- if (pathlenArg) {
- PKIX_CHECK(PKIX_PL_Sprintf
- (&outString,
- plContext,
- certBasicConstraintsString,
- pathLen),
- PKIX_SPRINTFFAILED);
- } else {
- PKIX_CHECK(PKIX_PL_Sprintf
- (&outString,
- plContext,
- certBasicConstraintsString),
- PKIX_SPRINTFFAILED);
- }
-
- *pString = outString;
-
-cleanup:
-
- PKIX_DECREF(certBasicConstraintsString);
-
- PKIX_RETURN(CERTBASICCONSTRAINTS);
-}
-
-/*
- * FUNCTION: pkix_pl_CertBasicConstraints_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertBasicConstraints_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_PL_CertBasicConstraints *certB = NULL;
- PKIX_Boolean isCA = PKIX_FALSE;
- PKIX_Int32 pathLen = 0;
- PKIX_Int32 hashInput = 0;
- PKIX_UInt32 cbcHash = 0;
-
- PKIX_ENTER(CERTBASICCONSTRAINTS,
- "pkix_pl_CertBasicConstraints_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext),
- PKIX_OBJECTNOTCERTBASICCONSTRAINTS);
-
- certB = (PKIX_PL_CertBasicConstraints *)object;
-
- /*
- * if CA == TRUE
- * hash(pathLen + 1 - PKIX_UNLIMITED_PATH_CONSTRAINT)
- * if CA == FALSE, hash(0)
- */
-
- isCA = certB->isCA;
-
- if (isCA) {
- pathLen = certB->pathLen;
-
- hashInput = pathLen + 1 - PKIX_UNLIMITED_PATH_CONSTRAINT;
- }
-
- PKIX_CHECK(pkix_hash
- ((const unsigned char *)&hashInput,
- sizeof (hashInput),
- &cbcHash,
- plContext),
- PKIX_HASHFAILED);
-
- *pHashcode = cbcHash;
-
-cleanup:
-
- PKIX_RETURN(CERTBASICCONSTRAINTS);
-}
-
-
-/*
- * FUNCTION: pkix_pl_CertBasicConstraints_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertBasicConstraints_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PL_CertBasicConstraints *firstCBC = NULL;
- PKIX_PL_CertBasicConstraints *secondCBC = NULL;
- PKIX_UInt32 secondType;
- PKIX_Boolean firstIsCA = PKIX_FALSE;
- PKIX_Boolean secondIsCA = PKIX_FALSE;
- PKIX_Int32 firstPathLen = 0;
- PKIX_Int32 secondPathLen = 0;
-
- PKIX_ENTER(CERTBASICCONSTRAINTS,
- "pkix_pl_CertBasicConstraints_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- /* test that firstObject is a CertBasicConstraints */
- PKIX_CHECK(pkix_CheckType
- (firstObject, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTCERTBASICCONSTRAINTS);
-
- /*
- * Since we know firstObject is a CertBasicConstraints,
- * if both references are identical, they must be equal
- */
- if (firstObject == secondObject){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If secondObject isn't a CertBasicConstraints, we
- * don't throw an error. We simply return FALSE.
- */
- PKIX_CHECK(PKIX_PL_Object_GetType
- (secondObject, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
- if (secondType != PKIX_CERTBASICCONSTRAINTS_TYPE) {
- *pResult = PKIX_FALSE;
- goto cleanup;
- }
-
- firstCBC = (PKIX_PL_CertBasicConstraints *)firstObject;
- secondCBC = (PKIX_PL_CertBasicConstraints *)secondObject;
-
- /*
- * Compare the value of the CAFlag components
- */
-
- firstIsCA = firstCBC->isCA;
-
- /*
- * Failure here would be an error, not merely a miscompare,
- * since we know second is a CertBasicConstraints.
- */
- secondIsCA = secondCBC->isCA;
-
- /*
- * If isCA flags differ, the objects are not equal.
- */
- if (secondIsCA != firstIsCA) {
- *pResult = PKIX_FALSE;
- goto cleanup;
- }
-
- /*
- * If isCA was FALSE, the objects are equal, because
- * pathLen is meaningless in that case.
- */
- if (!firstIsCA) {
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- firstPathLen = firstCBC->pathLen;
- secondPathLen = secondCBC->pathLen;
-
- *pResult = (secondPathLen == firstPathLen);
-
-cleanup:
-
- PKIX_RETURN(CERTBASICCONSTRAINTS);
-}
-
-/*
- * FUNCTION: pkix_pl_CertBasicConstraints_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_CERTBASICCONSTRAINTS_TYPE and its related
- * functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize,
- * which should only be called once, it is acceptable that
- * this function is not thread-safe.
- */
-PKIX_Error *
-pkix_pl_CertBasicConstraints_RegisterSelf(void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(CERTBASICCONSTRAINTS,
- "pkix_pl_CertBasicConstraints_RegisterSelf");
-
- entry.description = "CertBasicConstraints";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_CertBasicConstraints);
- entry.destructor = pkix_pl_CertBasicConstraints_Destroy;
- entry.equalsFunction = pkix_pl_CertBasicConstraints_Equals;
- entry.hashcodeFunction = pkix_pl_CertBasicConstraints_Hashcode;
- entry.toStringFunction = pkix_pl_CertBasicConstraints_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
-
- systemClasses[PKIX_CERTBASICCONSTRAINTS_TYPE] = entry;
-
- PKIX_RETURN(CERTBASICCONSTRAINTS);
-}
-
-/* --Public-Functions------------------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_BasicConstraints_GetCAFlag
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_BasicConstraints_GetCAFlag(
- PKIX_PL_CertBasicConstraints *basicConstraints,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_ENTER(CERTBASICCONSTRAINTS,
- "PKIX_PL_BasicConstraintsGetCAFlag");
- PKIX_NULLCHECK_TWO(basicConstraints, pResult);
-
- *pResult = basicConstraints->isCA;
-
- PKIX_RETURN(CERTBASICCONSTRAINTS);
-}
-
-/*
- * FUNCTION: PKIX_PL_BasicConstraints_GetPathLenConstraint
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_BasicConstraints_GetPathLenConstraint(
- PKIX_PL_CertBasicConstraints *basicConstraints,
- PKIX_Int32 *pPathLenConstraint,
- void *plContext)
-{
- PKIX_ENTER(CERTBASICCONSTRAINTS,
- "PKIX_PL_BasicConstraintsGetPathLenConstraint");
- PKIX_NULLCHECK_TWO(basicConstraints, pPathLenConstraint);
-
- *pPathLenConstraint = basicConstraints->pathLen;
-
- PKIX_RETURN(CERTBASICCONSTRAINTS);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.h
deleted file mode 100644
index 359ff76c0..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.h
+++ /dev/null
@@ -1,80 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_basicconstraints.h
- *
- * BasicConstraints Object Definitions
- *
- */
-
-#ifndef _PKIX_PL_BASICCONSTRAINTS_H
-#define _PKIX_PL_BASICCONSTRAINTS_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* This structure reflects the contents of the basic constraints
- * extension as described in Section 4.2.1.10 of RFC 3280.
- * The cA flag indicates whether the public key in this certificate
- * belongs to a certification authority. The pathLen constraint
- * gives the maximum number of non-self-issued intermediate certificates
- * that may follow this certificate in a valid certification path.
- */
-struct PKIX_PL_CertBasicConstraintsStruct {
- PKIX_Boolean isCA;
- PKIX_Int32 pathLen;
-};
-
-PKIX_Error *
-pkix_pl_CertBasicConstraints_Create(
- PKIX_Boolean isCA,
- PKIX_Int32 pathLen,
- PKIX_PL_CertBasicConstraints **object,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_CertBasicConstraints_RegisterSelf(
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_BASICCONSTRAINTS_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
deleted file mode 100644
index f2156acbd..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
+++ /dev/null
@@ -1,3656 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_cert.c
- *
- * Certificate Object Functions
- *
- */
-
-#include "pkix_pl_cert.h"
-
-extern PKIX_PL_HashTable *cachedCertSigTable;
-
-/* --Private-Cert-Functions------------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_Cert_IsExtensionCritical
- * DESCRIPTION:
- *
- * Checks the Cert specified by "cert" to determine whether the extension
- * whose tag is the UInt32 value given by "tag" is marked as a critical
- * extension, and stores the result in "pCritical".
- *
- * Tags are the index into the table "oids" of SECOidData defined in the
- * file secoid.c. Constants, such as SEC_OID_X509_CERTIFICATE_POLICIES, are
- * are defined in secoidt.h for most of the table entries.
- *
- * If the specified tag is invalid (not in the list of tags) or if the
- * extension is not found in the certificate, PKIX_FALSE is stored.
- *
- * PARAMETERS
- * "cert"
- * Address of Cert whose extensions are to be examined. Must be non-NULL.
- * "tag"
- * The UInt32 value of the tag for the extension whose criticality is
- * to be determined
- * "pCritical"
- * Address where the Boolean value will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_Cert_IsExtensionCritical(
- PKIX_PL_Cert *cert,
- PKIX_UInt32 tag,
- PKIX_Boolean *pCritical,
- void *plContext)
-{
- PKIX_Boolean criticality = PKIX_FALSE;
- CERTCertExtension **extensions = NULL;
- SECStatus rv;
-
- PKIX_ENTER(CERT, "pkix_pl_Cert_IsExtensionCritical");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pCritical);
-
- extensions = cert->nssCert->extensions;
- PKIX_NULLCHECK_ONE(extensions);
-
- PKIX_CERT_DEBUG("\t\tCalling CERT_GetExtenCriticality).\n");
- rv = CERT_GetExtenCriticality(extensions, tag, &criticality);
- if (SECSuccess == rv) {
- *pCritical = criticality;
- } else {
- *pCritical = PKIX_FALSE;
- }
-
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: pkix_pl_Cert_DecodePolicyInfo
- * DESCRIPTION:
- *
- * Decodes the contents of the CertificatePolicy extension in the
- * CERTCertificate pointed to by "nssCert", to create a List of
- * CertPolicyInfos, which is stored at the address "pCertPolicyInfos".
- * A CERTCertificate contains the DER representation of the Cert.
- * If this certificate does not have a CertificatePolicy extension,
- * NULL will be stored. If a List is returned, it will be immutable.
- *
- * PARAMETERS
- * "nssCert"
- * Address of the Cert data whose extension is to be examined. Must be
- * non-NULL.
- * "pCertPolicyInfos"
- * Address where the List of CertPolicyInfos will be stored. Must be
- * non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_Cert_DecodePolicyInfo(
- CERTCertificate *nssCert,
- PKIX_List **pCertPolicyInfos,
- void *plContext)
-{
-
- SECStatus rv;
- SECItem encodedCertPolicyInfo;
-
- /* Allocated in the arena; freed in CERT_Destroy... */
- CERTCertificatePolicies *certPol = NULL;
- CERTPolicyInfo **policyInfos = NULL;
-
- /* Holder for the return value */
- PKIX_List *infos = NULL;
-
- PKIX_PL_OID *pkixOID = NULL;
- PKIX_List *qualifiers = NULL;
- PKIX_PL_CertPolicyInfo *certPolicyInfo = NULL;
- PKIX_PL_CertPolicyQualifier *certPolicyQualifier = NULL;
- PKIX_PL_ByteArray *qualifierArray = NULL;
-
- PKIX_ENTER(CERT, "pkix_pl_Cert_DecodePolicyInfo");
- PKIX_NULLCHECK_TWO(nssCert, pCertPolicyInfos);
-
- /* get PolicyInfo as a SECItem */
- PKIX_CERT_DEBUG("\t\tCERT_FindCertExtension).\n");
- rv = CERT_FindCertExtension
- (nssCert,
- SEC_OID_X509_CERTIFICATE_POLICIES,
- &encodedCertPolicyInfo);
- if (SECSuccess != rv) {
- *pCertPolicyInfos = NULL;
- goto cleanup;
- }
-
- /* translate PolicyInfo to CERTCertificatePolicies */
- PKIX_CERT_DEBUG("\t\tCERT_DecodeCertificatePoliciesExtension).\n");
- certPol = CERT_DecodeCertificatePoliciesExtension
- (&encodedCertPolicyInfo);
-
- PORT_Free(encodedCertPolicyInfo.data);
-
- if (NULL == certPol) {
- PKIX_ERROR(PKIX_CERTDECODECERTIFICATEPOLICIESEXTENSIONFAILED);
- }
-
- /*
- * Check whether there are any policyInfos, so we can
- * avoid creating an unnecessary List
- */
- policyInfos = certPol->policyInfos;
- if (!policyInfos) {
- *pCertPolicyInfos = NULL;
- goto cleanup;
- }
-
- /* create a List of CertPolicyInfo Objects */
- PKIX_CHECK(PKIX_List_Create(&infos, plContext),
- PKIX_LISTCREATEFAILED);
-
- /*
- * Traverse the CERTCertificatePolicies structure,
- * building each PKIX_PL_CertPolicyInfo object in turn
- */
- while (*policyInfos != NULL) {
- CERTPolicyInfo *policyInfo = *policyInfos;
- CERTPolicyQualifier **policyQualifiers =
- policyInfo->policyQualifiers;
- if (policyQualifiers) {
- /* create a PKIX_List of PKIX_PL_CertPolicyQualifiers */
- PKIX_CHECK(PKIX_List_Create(&qualifiers, plContext),
- PKIX_LISTCREATEFAILED);
-
- while (*policyQualifiers != NULL) {
- CERTPolicyQualifier *policyQualifier =
- *policyQualifiers;
-
- /* create the qualifier's OID object */
- PKIX_CHECK(PKIX_PL_OID_CreateBySECItem
- (&policyQualifier->qualifierID,
- &pkixOID, plContext),
- PKIX_OIDCREATEFAILED);
-
- /* create qualifier's ByteArray object */
-
- PKIX_CHECK(PKIX_PL_ByteArray_Create
- (policyQualifier->qualifierValue.data,
- policyQualifier->qualifierValue.len,
- &qualifierArray,
- plContext),
- PKIX_BYTEARRAYCREATEFAILED);
-
- /* create a CertPolicyQualifier object */
-
- PKIX_CHECK(pkix_pl_CertPolicyQualifier_Create
- (pkixOID,
- qualifierArray,
- &certPolicyQualifier,
- plContext),
- PKIX_CERTPOLICYQUALIFIERCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (qualifiers,
- (PKIX_PL_Object *)certPolicyQualifier,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_DECREF(pkixOID);
- PKIX_DECREF(qualifierArray);
- PKIX_DECREF(certPolicyQualifier);
-
- policyQualifiers++;
- }
-
- PKIX_CHECK(PKIX_List_SetImmutable
- (qualifiers, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
- }
-
-
- /*
- * Create an OID object pkixOID from policyInfo->policyID.
- * (The CERTPolicyInfo structure has an oid field, but it
- * is of type SECOidTag. This function wants a SECItem.)
- */
- PKIX_CHECK(PKIX_PL_OID_CreateBySECItem
- (&policyInfo->policyID, &pkixOID, plContext),
- PKIX_OIDCREATEFAILED);
-
- /* Create a CertPolicyInfo object */
- PKIX_CHECK(pkix_pl_CertPolicyInfo_Create
- (pkixOID, qualifiers, &certPolicyInfo, plContext),
- PKIX_CERTPOLICYINFOCREATEFAILED);
-
- /* Append the new CertPolicyInfo object to the list */
- PKIX_CHECK(PKIX_List_AppendItem
- (infos, (PKIX_PL_Object *)certPolicyInfo, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_DECREF(pkixOID);
- PKIX_DECREF(qualifiers);
- PKIX_DECREF(certPolicyInfo);
-
- policyInfos++;
- }
-
- /*
- * If there were no policies, we went straight to
- * cleanup, so we don't have to NULLCHECK infos.
- */
- PKIX_CHECK(PKIX_List_SetImmutable(infos, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- *pCertPolicyInfos = infos;
- infos = NULL;
-
-cleanup:
- if (certPol) {
- PKIX_CERT_DEBUG
- ("\t\tCalling CERT_DestroyCertificatePoliciesExtension).\n");
- CERT_DestroyCertificatePoliciesExtension(certPol);
- }
-
- PKIX_DECREF(infos);
- PKIX_DECREF(pkixOID);
- PKIX_DECREF(qualifiers);
- PKIX_DECREF(certPolicyInfo);
- PKIX_DECREF(certPolicyQualifier);
- PKIX_DECREF(qualifierArray);
-
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: pkix_pl_Cert_DecodePolicyMapping
- * DESCRIPTION:
- *
- * Decodes the contents of the PolicyMapping extension of the CERTCertificate
- * pointed to by "nssCert", storing the resulting List of CertPolicyMaps at
- * the address pointed to by "pCertPolicyMaps". If this certificate does not
- * have a PolicyMapping extension, NULL will be stored. If a List is returned,
- * it will be immutable.
- *
- * PARAMETERS
- * "nssCert"
- * Address of the Cert data whose extension is to be examined. Must be
- * non-NULL.
- * "pCertPolicyMaps"
- * Address where the List of CertPolicyMaps will be stored. Must be
- * non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_Cert_DecodePolicyMapping(
- CERTCertificate *nssCert,
- PKIX_List **pCertPolicyMaps,
- void *plContext)
-{
- SECStatus rv;
- SECItem encodedCertPolicyMaps;
-
- /* Allocated in the arena; freed in CERT_Destroy... */
- CERTCertificatePolicyMappings *certPolMaps = NULL;
- CERTPolicyMap **policyMaps = NULL;
-
- /* Holder for the return value */
- PKIX_List *maps = NULL;
-
- PKIX_PL_OID *issuerDomainOID = NULL;
- PKIX_PL_OID *subjectDomainOID = NULL;
- PKIX_PL_CertPolicyMap *certPolicyMap = NULL;
-
- PKIX_ENTER(CERT, "pkix_pl_Cert_DecodePolicyMapping");
- PKIX_NULLCHECK_TWO(nssCert, pCertPolicyMaps);
-
- /* get PolicyMappings as a SECItem */
- PKIX_CERT_DEBUG("\t\tCERT_FindCertExtension).\n");
- rv = CERT_FindCertExtension
- (nssCert, SEC_OID_X509_POLICY_MAPPINGS, &encodedCertPolicyMaps);
- if (SECSuccess != rv) {
- *pCertPolicyMaps = NULL;
- goto cleanup;
- }
-
- /* translate PolicyMaps to CERTCertificatePolicyMappings */
- certPolMaps = CERT_DecodePolicyMappingsExtension
- (&encodedCertPolicyMaps);
-
- PORT_Free(encodedCertPolicyMaps.data);
-
- if (!certPolMaps) {
- PKIX_ERROR(PKIX_CERTDECODEPOLICYMAPPINGSEXTENSIONFAILED);
- }
-
- PKIX_NULLCHECK_ONE(certPolMaps->policyMaps);
-
- policyMaps = certPolMaps->policyMaps;
-
- /* create a List of CertPolicyMap Objects */
- PKIX_CHECK(PKIX_List_Create(&maps, plContext),
- PKIX_LISTCREATEFAILED);
-
- /*
- * Traverse the CERTCertificatePolicyMappings structure,
- * building each CertPolicyMap object in turn
- */
- do {
- CERTPolicyMap *policyMap = *policyMaps;
-
- /* create the OID for the issuer Domain Policy */
- PKIX_CHECK(PKIX_PL_OID_CreateBySECItem
- (&policyMap->issuerDomainPolicy,
- &issuerDomainOID, plContext),
- PKIX_OIDCREATEFAILED);
-
- /* create the OID for the subject Domain Policy */
- PKIX_CHECK(PKIX_PL_OID_CreateBySECItem
- (&policyMap->subjectDomainPolicy,
- &subjectDomainOID, plContext),
- PKIX_OIDCREATEFAILED);
-
- /* create the CertPolicyMap */
-
- PKIX_CHECK(pkix_pl_CertPolicyMap_Create
- (issuerDomainOID,
- subjectDomainOID,
- &certPolicyMap,
- plContext),
- PKIX_CERTPOLICYMAPCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (maps, (PKIX_PL_Object *)certPolicyMap, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_DECREF(issuerDomainOID);
- PKIX_DECREF(subjectDomainOID);
- PKIX_DECREF(certPolicyMap);
-
- policyMaps++;
- } while (*policyMaps != NULL);
-
- PKIX_CHECK(PKIX_List_SetImmutable(maps, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- *pCertPolicyMaps = maps;
- maps = NULL;
-
-cleanup:
- if (certPolMaps) {
- PKIX_CERT_DEBUG
- ("\t\tCalling CERT_DestroyPolicyMappingsExtension).\n");
- CERT_DestroyPolicyMappingsExtension(certPolMaps);
- }
-
- PKIX_DECREF(maps);
- PKIX_DECREF(issuerDomainOID);
- PKIX_DECREF(subjectDomainOID);
- PKIX_DECREF(certPolicyMap);
-
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: pkix_pl_Cert_DecodePolicyConstraints
- * DESCRIPTION:
- *
- * Decodes the contents of the PolicyConstraints extension in the
- * CERTCertificate pointed to by "nssCert", to obtain SkipCerts values
- * which are stored at the addresses "pExplicitPolicySkipCerts" and
- * "pInhibitMappingSkipCerts", respectively. If this certificate does
- * not have an PolicyConstraints extension, or if either of the optional
- * components is not supplied, this function stores a value of -1 for any
- * missing component.
- *
- * PARAMETERS
- * "nssCert"
- * Address of the Cert data whose extension is to be examined. Must be
- * non-NULL.
- * "pExplicitPolicySkipCerts"
- * Address where the SkipCert value for the requireExplicitPolicy
- * component will be stored. Must be non-NULL.
- * "pInhibitMappingSkipCerts"
- * Address where the SkipCert value for the inhibitPolicyMapping
- * component will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_Cert_DecodePolicyConstraints(
- CERTCertificate *nssCert,
- PKIX_Int32 *pExplicitPolicySkipCerts,
- PKIX_Int32 *pInhibitMappingSkipCerts,
- void *plContext)
-{
- CERTCertificatePolicyConstraints policyConstraints;
- SECStatus rv;
- SECItem encodedCertPolicyConstraints;
- PKIX_Int32 explicitPolicySkipCerts = -1;
- PKIX_Int32 inhibitMappingSkipCerts = -1;
-
- PKIX_ENTER(CERT, "pkix_pl_Cert_DecodePolicyConstraints");
- PKIX_NULLCHECK_THREE
- (nssCert, pExplicitPolicySkipCerts, pInhibitMappingSkipCerts);
-
- /* get the two skipCert values as SECItems */
- PKIX_CERT_DEBUG("\t\tCalling CERT_FindCertExtension).\n");
- rv = CERT_FindCertExtension
- (nssCert,
- SEC_OID_X509_POLICY_CONSTRAINTS,
- &encodedCertPolicyConstraints);
-
- if (rv == SECSuccess) {
-
- policyConstraints.explicitPolicySkipCerts.data =
- (unsigned char *)&explicitPolicySkipCerts;
- policyConstraints.inhibitMappingSkipCerts.data =
- (unsigned char *)&inhibitMappingSkipCerts;
-
- /* translate DER to CERTCertificatePolicyConstraints */
- rv = CERT_DecodePolicyConstraintsExtension
- (&policyConstraints, &encodedCertPolicyConstraints);
-
- PORT_Free(encodedCertPolicyConstraints.data);
-
- if (rv != SECSuccess) {
- PKIX_ERROR
- (PKIX_CERTDECODEPOLICYCONSTRAINTSEXTENSIONFAILED);
- }
- }
-
- *pExplicitPolicySkipCerts = explicitPolicySkipCerts;
- *pInhibitMappingSkipCerts = inhibitMappingSkipCerts;
-
-cleanup:
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: pkix_pl_Cert_DecodeInhibitAnyPolicy
- * DESCRIPTION:
- *
- * Decodes the contents of the InhibitAnyPolicy extension in the
- * CERTCertificate pointed to by "nssCert", to obtain a SkipCerts value,
- * which is stored at the address "pSkipCerts". If this certificate does
- * not have an InhibitAnyPolicy extension, -1 will be stored.
- *
- * PARAMETERS
- * "nssCert"
- * Address of the Cert data whose InhibitAnyPolicy extension is to be
- * processed. Must be non-NULL.
- * "pSkipCerts"
- * Address where the SkipCert value from the InhibitAnyPolicy extension
- * will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_Cert_DecodeInhibitAnyPolicy(
- CERTCertificate *nssCert,
- PKIX_Int32 *pSkipCerts,
- void *plContext)
-{
- CERTCertificateInhibitAny inhibitAny;
- SECStatus rv;
- SECItem encodedCertInhibitAny;
- PKIX_Int32 skipCerts = -1;
-
- PKIX_ENTER(CERT, "pkix_pl_Cert_DecodeInhibitAnyPolicy");
- PKIX_NULLCHECK_TWO(nssCert, pSkipCerts);
-
- /* get InhibitAny as a SECItem */
- PKIX_CERT_DEBUG("\t\tCalling CERT_FindCertExtension).\n");
- rv = CERT_FindCertExtension
- (nssCert, SEC_OID_X509_INHIBIT_ANY_POLICY, &encodedCertInhibitAny);
-
- if (rv == SECSuccess) {
- inhibitAny.inhibitAnySkipCerts.data =
- (unsigned char *)&skipCerts;
-
- /* translate DER to CERTCertificateInhibitAny */
- rv = CERT_DecodeInhibitAnyExtension
- (&inhibitAny, &encodedCertInhibitAny);
-
- PORT_Free(encodedCertInhibitAny.data);
-
- if (rv != SECSuccess) {
- PKIX_ERROR(PKIX_CERTDECODEINHIBITANYEXTENSIONFAILED);
- }
- }
-
- *pSkipCerts = skipCerts;
-
-cleanup:
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: pkix_pl_Cert_GetNssSubjectAltNames
- * DESCRIPTION:
- *
- * Retrieves the Subject Alternative Names of the certificate specified by
- * "cert" and stores it at "pNssSubjAltNames". If the Subject Alternative
- * Name extension is not present, NULL is returned at "pNssSubjAltNames".
- * If the Subject Alternative Names has not been previously decoded, it is
- * decoded here with lock on the "cert" unless the flag "hasLock" indicates
- * the lock had been obtained at a higher call level.
- *
- * PARAMETERS
- * "cert"
- * Address of the certificate whose Subject Alternative Names extensions
- * is retrieved. Must be non-NULL.
- * "hasLock"
- * Boolean indicates caller has acquired a lock.
- * Must be non-NULL.
- * "pNssSubjAltNames"
- * Address where the returned Subject Alternative Names will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_Cert_GetNssSubjectAltNames(
- PKIX_PL_Cert *cert,
- PKIX_Boolean hasLock,
- CERTGeneralName **pNssSubjAltNames,
- void *plContext)
-{
- CERTCertificate *nssCert = NULL;
- CERTGeneralName *nssOriginalAltName = NULL;
- PLArenaPool *arena = NULL;
- SECItem altNameExtension = {siBuffer, NULL, 0};
- SECStatus rv = SECFailure;
-
- PKIX_ENTER(CERT, "pkix_pl_Cert_GetNssSubjectAltNames");
- PKIX_NULLCHECK_THREE(cert, pNssSubjAltNames, cert->nssCert);
-
- nssCert = cert->nssCert;
-
- if ((cert->nssSubjAltNames == NULL) && (!cert->subjAltNamesAbsent)){
-
- if (!hasLock) {
- PKIX_OBJECT_LOCK(cert);
- }
-
- if ((cert->nssSubjAltNames == NULL) &&
- (!cert->subjAltNamesAbsent)){
-
- PKIX_PL_NSSCALLRV(CERT, rv, CERT_FindCertExtension,
- (nssCert,
- SEC_OID_X509_SUBJECT_ALT_NAME,
- &altNameExtension));
-
- if (rv != SECSuccess) {
- *pNssSubjAltNames = NULL;
- cert->subjAltNamesAbsent = PKIX_TRUE;
- goto cleanup;
- }
-
- if (cert->arenaNameConstraints == NULL) {
- PKIX_PL_NSSCALLRV(CERT, arena, PORT_NewArena,
- (DER_DEFAULT_CHUNKSIZE));
-
- if (arena == NULL) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
- cert->arenaNameConstraints = arena;
- }
-
- PKIX_PL_NSSCALLRV
- (CERT,
- nssOriginalAltName,
- (CERTGeneralName *) CERT_DecodeAltNameExtension,
- (cert->arenaNameConstraints, &altNameExtension));
-
- PKIX_PL_NSSCALL(CERT, PORT_Free, (altNameExtension.data));
-
- if (nssOriginalAltName == NULL) {
- PKIX_ERROR(PKIX_CERTDECODEALTNAMEEXTENSIONFAILED);
- }
- cert->nssSubjAltNames = nssOriginalAltName;
-
- }
-
- if (!hasLock) {
- PKIX_OBJECT_UNLOCK(cert);
- }
- }
-
- *pNssSubjAltNames = cert->nssSubjAltNames;
-
-cleanup:
- PKIX_OBJECT_UNLOCK(lockedObject);
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: pkix_pl_Cert_CheckExtendKeyUsage
- * DESCRIPTION:
- *
- * For each of the ON bit in "requiredExtendedKeyUsages" that represents its
- * SECCertUsageEnum type, this function checks "cert"'s certType (extended
- * key usage) and key usage with what is required for SECCertUsageEnum type.
- *
- * PARAMETERS
- * "cert"
- * Address of the certificate whose Extended Key Usage extensions
- * is retrieved. Must be non-NULL.
- * "requiredExtendedKeyUsages"
- * An unsigned integer, its bit location is ON based on the required key
- * usage value representing in SECCertUsageEnum.
- * "pPass"
- * Address where the return value, indicating key usage check passed, is
- * stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_Cert_CheckExtendedKeyUsage(
- PKIX_PL_Cert *cert,
- PKIX_UInt32 requiredExtendedKeyUsages,
- PKIX_Boolean *pPass,
- void *plContext)
-{
- PKIX_PL_CertBasicConstraints *basicConstraints = NULL;
- PKIX_UInt32 certType = 0;
- PKIX_UInt32 requiredKeyUsage = 0;
- PKIX_UInt32 requiredCertType = 0;
- PKIX_UInt32 requiredExtendedKeyUsage = 0;
- PKIX_UInt32 i;
- PKIX_Boolean isCA = PKIX_FALSE;
- SECStatus rv = SECFailure;
-
- PKIX_ENTER(CERT, "pkix_pl_Cert_CheckExtendKeyUsage");
- PKIX_NULLCHECK_THREE(cert, pPass, cert->nssCert);
-
- *pPass = PKIX_FALSE;
-
- PKIX_CERT_DEBUG("\t\tCalling cert_GetCertType).\n");
- cert_GetCertType(cert->nssCert);
- certType = cert->nssCert->nsCertType;
-
- PKIX_CHECK(PKIX_PL_Cert_GetBasicConstraints
- (cert,
- &basicConstraints,
- plContext),
- PKIX_CERTGETBASICCONSTRAINTFAILED);
-
- if (basicConstraints != NULL) {
- PKIX_CHECK(PKIX_PL_BasicConstraints_GetCAFlag
- (basicConstraints, &isCA, plContext),
- PKIX_BASICCONSTRAINTSGETCAFLAGFAILED);
- }
-
- i = 0;
- while (requiredExtendedKeyUsages != 0) {
-
- /* Find the bit location of the right-most non-zero bit */
- while (requiredExtendedKeyUsages != 0) {
- if (((1 << i) & requiredExtendedKeyUsages) != 0) {
- requiredExtendedKeyUsage = 1 << i;
- break;
- }
- i++;
- }
- requiredExtendedKeyUsages ^= requiredExtendedKeyUsage;
-
- requiredExtendedKeyUsage = i;
-
- PKIX_PL_NSSCALLRV(CERT, rv, CERT_KeyUsageAndTypeForCertUsage,
- (requiredExtendedKeyUsage,
- isCA,
- &requiredKeyUsage,
- &requiredCertType));
-
- if (!(certType & requiredCertType)) {
- goto cleanup;
- }
-
- PKIX_PL_NSSCALLRV(CERT, rv, CERT_CheckKeyUsage,
- (cert->nssCert, requiredKeyUsage));
- if (rv != SECSuccess) {
- goto cleanup;
- }
- i++;
-
- }
-
- *pPass = PKIX_TRUE;
-
-cleanup:
- PKIX_DECREF(basicConstraints);
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: pkix_pl_Cert_ToString_Helper
- * DESCRIPTION:
- *
- * Helper function that creates a string representation of the Cert pointed
- * to by "cert" and stores it at "pString", where the value of
- * "partialString" determines whether a full or partial representation of
- * the Cert is stored.
- *
- * PARAMETERS
- * "cert"
- * Address of Cert whose string representation is desired.
- * Must be non-NULL.
- * "partialString"
- * Boolean indicating whether a partial Cert representation is desired.
- * "pString"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_Cert_ToString_Helper(
- PKIX_PL_Cert *cert,
- PKIX_Boolean partialString,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_String *certString = NULL;
- char *asciiFormat = NULL;
- PKIX_PL_String *formatString = NULL;
- PKIX_UInt32 certVersion;
- PKIX_PL_BigInt *certSN = NULL;
- PKIX_PL_String *certSNString = NULL;
- PKIX_PL_X500Name *certIssuer = NULL;
- PKIX_PL_String *certIssuerString = NULL;
- PKIX_PL_X500Name *certSubject = NULL;
- PKIX_PL_String *certSubjectString = NULL;
- PKIX_PL_String *notBeforeString = NULL;
- PKIX_PL_String *notAfterString = NULL;
- PKIX_List *subjAltNames = NULL;
- PKIX_PL_String *subjAltNamesString = NULL;
- PKIX_PL_ByteArray *authKeyId = NULL;
- PKIX_PL_String *authKeyIdString = NULL;
- PKIX_PL_ByteArray *subjKeyId = NULL;
- PKIX_PL_String *subjKeyIdString = NULL;
- PKIX_PL_PublicKey *nssPubKey = NULL;
- PKIX_PL_String *nssPubKeyString = NULL;
- PKIX_List *critExtOIDs = NULL;
- PKIX_PL_String *critExtOIDsString = NULL;
- PKIX_List *extKeyUsages = NULL;
- PKIX_PL_String *extKeyUsagesString = NULL;
- PKIX_PL_CertBasicConstraints *basicConstraint = NULL;
- PKIX_PL_String *certBasicConstraintsString = NULL;
- PKIX_List *policyInfo = NULL;
- PKIX_PL_String *certPolicyInfoString = NULL;
- PKIX_List *certPolicyMappings = NULL;
- PKIX_PL_String *certPolicyMappingsString = NULL;
- PKIX_Int32 certExplicitPolicy = 0;
- PKIX_Int32 certInhibitMapping = 0;
- PKIX_Int32 certInhibitAnyPolicy = 0;
- PKIX_PL_CertNameConstraints *nameConstraints = NULL;
- PKIX_PL_String *nameConstraintsString = NULL;
- PKIX_List *authorityInfoAccess = NULL;
- PKIX_PL_String *authorityInfoAccessString = NULL;
- PKIX_List *subjectInfoAccess = NULL;
- PKIX_PL_String *subjectInfoAccessString = NULL;
-
- PKIX_ENTER(CERT, "pkix_pl_Cert_ToString_Helper");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pString);
-
- /*
- * XXX Add to this format as certificate components are developed.
- */
-
- if (partialString){
- asciiFormat =
- "\t[Issuer: %s\n"
- "\t Subject: %s]";
- } else {
- asciiFormat =
- "[\n"
- "\tVersion: v%d\n"
- "\tSerialNumber: %s\n"
- "\tIssuer: %s\n"
- "\tSubject: %s\n"
- "\tValidity: [From: %s\n"
- "\t To: %s]\n"
- "\tSubjectAltNames: %s\n"
- "\tAuthorityKeyId: %s\n"
- "\tSubjectKeyId: %s\n"
- "\tSubjPubKeyAlgId: %s\n"
- "\tCritExtOIDs: %s\n"
- "\tExtKeyUsages: %s\n"
- "\tBasicConstraint: %s\n"
- "\tCertPolicyInfo: %s\n"
- "\tPolicyMappings: %s\n"
- "\tExplicitPolicy: %d\n"
- "\tInhibitMapping: %d\n"
- "\tInhibitAnyPolicy:%d\n"
- "\tNameConstraints: %s\n"
- "\tAuthorityInfoAccess: %s\n"
- "\tSubjectInfoAccess: %s\n"
- "\tCacheFlag: %d\n"
- "]\n";
- }
-
-
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext),
- PKIX_STRINGCREATEFAILED);
-
- /* Issuer */
- PKIX_CHECK(PKIX_PL_Cert_GetIssuer
- (cert, &certIssuer, plContext),
- PKIX_CERTGETISSUERFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)certIssuer, &certIssuerString, plContext),
- PKIX_X500NAMETOSTRINGFAILED);
-
- /* Subject */
- PKIX_CHECK(PKIX_PL_Cert_GetSubject(cert, &certSubject, plContext),
- PKIX_CERTGETSUBJECTFAILED);
-
- PKIX_TOSTRING(certSubject, &certSubjectString, plContext,
- PKIX_X500NAMETOSTRINGFAILED);
-
- if (partialString){
- PKIX_CHECK(PKIX_PL_Sprintf
- (&certString,
- plContext,
- formatString,
- certIssuerString,
- certSubjectString),
- PKIX_SPRINTFFAILED);
-
- *pString = certString;
- goto cleanup;
- }
-
- /* Version */
- PKIX_CHECK(PKIX_PL_Cert_GetVersion(cert, &certVersion, plContext),
- PKIX_CERTGETVERSIONFAILED);
-
- /* SerialNumber */
- PKIX_CHECK(PKIX_PL_Cert_GetSerialNumber(cert, &certSN, plContext),
- PKIX_CERTGETSERIALNUMBERFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)certSN, &certSNString, plContext),
- PKIX_BIGINTTOSTRINGFAILED);
-
- /* Validity: NotBefore */
- PKIX_CHECK(pkix_pl_Date_ToString_Helper
- (&(cert->nssCert->validity.notBefore),
- &notBeforeString,
- plContext),
- PKIX_DATETOSTRINGHELPERFAILED);
-
- /* Validity: NotAfter */
- PKIX_CHECK(pkix_pl_Date_ToString_Helper
- (&(cert->nssCert->validity.notAfter),
- &notAfterString,
- plContext),
- PKIX_DATETOSTRINGHELPERFAILED);
-
- /* SubjectAltNames */
- PKIX_CHECK(PKIX_PL_Cert_GetSubjectAltNames
- (cert, &subjAltNames, plContext),
- PKIX_CERTGETSUBJECTALTNAMESFAILED);
-
- PKIX_TOSTRING(subjAltNames, &subjAltNamesString, plContext,
- PKIX_LISTTOSTRINGFAILED);
-
- /* AuthorityKeyIdentifier */
- PKIX_CHECK(PKIX_PL_Cert_GetAuthorityKeyIdentifier
- (cert, &authKeyId, plContext),
- PKIX_CERTGETAUTHORITYKEYIDENTIFIERFAILED);
-
- PKIX_TOSTRING(authKeyId, &authKeyIdString, plContext,
- PKIX_BYTEARRAYTOSTRINGFAILED);
-
- /* SubjectKeyIdentifier */
- PKIX_CHECK(PKIX_PL_Cert_GetSubjectKeyIdentifier
- (cert, &subjKeyId, plContext),
- PKIX_CERTGETSUBJECTKEYIDENTIFIERFAILED);
-
- PKIX_TOSTRING(subjKeyId, &subjKeyIdString, plContext,
- PKIX_BYTEARRAYTOSTRINGFAILED);
-
- /* SubjectPublicKey */
- PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKey
- (cert, &nssPubKey, plContext),
- PKIX_CERTGETSUBJECTPUBLICKEYFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)nssPubKey, &nssPubKeyString, plContext),
- PKIX_PUBLICKEYTOSTRINGFAILED);
-
- /* CriticalExtensionOIDs */
- PKIX_CHECK(PKIX_PL_Cert_GetCriticalExtensionOIDs
- (cert, &critExtOIDs, plContext),
- PKIX_CERTGETCRITICALEXTENSIONOIDSFAILED);
-
- PKIX_TOSTRING(critExtOIDs, &critExtOIDsString, plContext,
- PKIX_LISTTOSTRINGFAILED);
-
- /* ExtendedKeyUsages */
- PKIX_CHECK(PKIX_PL_Cert_GetExtendedKeyUsage
- (cert, &extKeyUsages, plContext),
- PKIX_CERTGETEXTENDEDKEYUSAGEFAILED);
-
- PKIX_TOSTRING(extKeyUsages, &extKeyUsagesString, plContext,
- PKIX_LISTTOSTRINGFAILED);
-
- /* CertBasicConstraints */
- PKIX_CHECK(PKIX_PL_Cert_GetBasicConstraints
- (cert, &basicConstraint, plContext),
- PKIX_CERTGETBASICCONSTRAINTSFAILED);
-
- PKIX_TOSTRING(basicConstraint, &certBasicConstraintsString, plContext,
- PKIX_CERTBASICCONSTRAINTSTOSTRINGFAILED);
-
- /* CertPolicyInfo */
- PKIX_CHECK(PKIX_PL_Cert_GetPolicyInformation
- (cert, &policyInfo, plContext),
- PKIX_CERTGETPOLICYINFORMATIONFAILED);
-
- PKIX_TOSTRING(policyInfo, &certPolicyInfoString, plContext,
- PKIX_LISTTOSTRINGFAILED);
-
- /* Advanced Policies */
- PKIX_CHECK(PKIX_PL_Cert_GetPolicyMappings
- (cert, &certPolicyMappings, plContext),
- PKIX_CERTGETPOLICYMAPPINGSFAILED);
-
- PKIX_TOSTRING(certPolicyMappings, &certPolicyMappingsString, plContext,
- PKIX_LISTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Cert_GetRequireExplicitPolicy
- (cert, &certExplicitPolicy, plContext),
- PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED);
-
- PKIX_CHECK(PKIX_PL_Cert_GetPolicyMappingInhibited
- (cert, &certInhibitMapping, plContext),
- PKIX_CERTGETPOLICYMAPPINGINHIBITEDFAILED);
-
- PKIX_CHECK(PKIX_PL_Cert_GetInhibitAnyPolicy
- (cert, &certInhibitAnyPolicy, plContext),
- PKIX_CERTGETINHIBITANYPOLICYFAILED);
-
- /* Name Constraints */
- PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints
- (cert, &nameConstraints, plContext),
- PKIX_CERTGETNAMECONSTRAINTSFAILED);
-
- PKIX_TOSTRING(nameConstraints, &nameConstraintsString, plContext,
- PKIX_LISTTOSTRINGFAILED);
-
- /* Authority Information Access */
- PKIX_CHECK(PKIX_PL_Cert_GetAuthorityInfoAccess
- (cert, &authorityInfoAccess, plContext),
- PKIX_CERTGETAUTHORITYINFOACCESSFAILED);
-
- PKIX_TOSTRING(authorityInfoAccess, &authorityInfoAccessString, plContext,
- PKIX_LISTTOSTRINGFAILED);
-
- /* Subject Information Access */
- PKIX_CHECK(PKIX_PL_Cert_GetSubjectInfoAccess
- (cert, &subjectInfoAccess, plContext),
- PKIX_CERTGETSUBJECTINFOACCESSFAILED);
-
- PKIX_TOSTRING(subjectInfoAccess, &subjectInfoAccessString, plContext,
- PKIX_LISTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&certString,
- plContext,
- formatString,
- certVersion + 1,
- certSNString,
- certIssuerString,
- certSubjectString,
- notBeforeString,
- notAfterString,
- subjAltNamesString,
- authKeyIdString,
- subjKeyIdString,
- nssPubKeyString,
- critExtOIDsString,
- extKeyUsagesString,
- certBasicConstraintsString,
- certPolicyInfoString,
- certPolicyMappingsString,
- certExplicitPolicy, /* an Int32, not a String */
- certInhibitMapping, /* an Int32, not a String */
- certInhibitAnyPolicy, /* an Int32, not a String */
- nameConstraintsString,
- authorityInfoAccessString,
- subjectInfoAccessString,
- cert->cacheFlag), /* a boolean */
- PKIX_SPRINTFFAILED);
-
- *pString = certString;
-
-cleanup:
- PKIX_DECREF(certSN);
- PKIX_DECREF(certSNString);
- PKIX_DECREF(certIssuer);
- PKIX_DECREF(certIssuerString);
- PKIX_DECREF(certSubject);
- PKIX_DECREF(certSubjectString);
- PKIX_DECREF(notBeforeString);
- PKIX_DECREF(notAfterString);
- PKIX_DECREF(subjAltNames);
- PKIX_DECREF(subjAltNamesString);
- PKIX_DECREF(authKeyId);
- PKIX_DECREF(authKeyIdString);
- PKIX_DECREF(subjKeyId);
- PKIX_DECREF(subjKeyIdString);
- PKIX_DECREF(nssPubKey);
- PKIX_DECREF(nssPubKeyString);
- PKIX_DECREF(critExtOIDs);
- PKIX_DECREF(critExtOIDsString);
- PKIX_DECREF(extKeyUsages);
- PKIX_DECREF(extKeyUsagesString);
- PKIX_DECREF(basicConstraint);
- PKIX_DECREF(certBasicConstraintsString);
- PKIX_DECREF(policyInfo);
- PKIX_DECREF(certPolicyInfoString);
- PKIX_DECREF(certPolicyMappings);
- PKIX_DECREF(certPolicyMappingsString);
- PKIX_DECREF(nameConstraints);
- PKIX_DECREF(nameConstraintsString);
- PKIX_DECREF(authorityInfoAccess);
- PKIX_DECREF(authorityInfoAccessString);
- PKIX_DECREF(subjectInfoAccess);
- PKIX_DECREF(subjectInfoAccessString);
- PKIX_DECREF(formatString);
-
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: pkix_pl_Cert_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_Cert_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_Cert *cert = NULL;
-
- PKIX_ENTER(CERT, "pkix_pl_Cert_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CERT_TYPE, plContext),
- PKIX_OBJECTNOTCERT);
-
- cert = (PKIX_PL_Cert*)object;
-
- PKIX_DECREF(cert->subject);
- PKIX_DECREF(cert->issuer);
- PKIX_DECREF(cert->subjAltNames);
- PKIX_DECREF(cert->publicKeyAlgId);
- PKIX_DECREF(cert->publicKey);
- PKIX_DECREF(cert->serialNumber);
- PKIX_DECREF(cert->critExtOids);
- PKIX_DECREF(cert->authKeyId);
- PKIX_DECREF(cert->subjKeyId);
- PKIX_DECREF(cert->extKeyUsages);
- PKIX_DECREF(cert->certBasicConstraints);
- PKIX_DECREF(cert->certPolicyInfos);
- PKIX_DECREF(cert->certPolicyMappings);
- PKIX_DECREF(cert->nameConstraints);
- PKIX_DECREF(cert->store);
- PKIX_DECREF(cert->authorityInfoAccess);
- PKIX_DECREF(cert->subjectInfoAccess);
- PKIX_DECREF(cert->crldpList);
-
- if (cert->arenaNameConstraints){
- /* This arena was allocated for SubjectAltNames */
- PKIX_PL_NSSCALL(CERT, PORT_FreeArena,
- (cert->arenaNameConstraints, PR_FALSE));
-
- cert->arenaNameConstraints = NULL;
- cert->nssSubjAltNames = NULL;
- }
-
- CERT_DestroyCertificate(cert->nssCert);
- cert->nssCert = NULL;
-
-cleanup:
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: pkix_pl_Cert_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_Cert_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_String *certString = NULL;
- PKIX_PL_Cert *pkixCert = NULL;
-
- PKIX_ENTER(CERT, "pkix_pl_Cert_toString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CERT_TYPE, plContext),
- PKIX_OBJECTNOTCERT);
-
- pkixCert = (PKIX_PL_Cert *)object;
-
- PKIX_CHECK(pkix_pl_Cert_ToString_Helper
- (pkixCert, PKIX_FALSE, &certString, plContext),
- PKIX_CERTTOSTRINGHELPERFAILED);
-
- *pString = certString;
-
-cleanup:
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: pkix_pl_Cert_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_Cert_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_PL_Cert *pkixCert = NULL;
- CERTCertificate *nssCert = NULL;
- unsigned char *derBytes = NULL;
- PKIX_UInt32 derLength;
- PKIX_UInt32 certHash;
-
- PKIX_ENTER(CERT, "pkix_pl_Cert_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CERT_TYPE, plContext),
- PKIX_OBJECTNOTCERT);
-
- pkixCert = (PKIX_PL_Cert *)object;
-
- nssCert = pkixCert->nssCert;
- derBytes = (nssCert->derCert).data;
- derLength = (nssCert->derCert).len;
-
- PKIX_CHECK(pkix_hash(derBytes, derLength, &certHash, plContext),
- PKIX_HASHFAILED);
-
- *pHashcode = certHash;
-
-cleanup:
- PKIX_RETURN(CERT);
-}
-
-
-/*
- * FUNCTION: pkix_pl_Cert_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_Cert_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- CERTCertificate *firstCert = NULL;
- CERTCertificate *secondCert = NULL;
- PKIX_UInt32 secondType;
- PKIX_Boolean cmpResult;
-
- PKIX_ENTER(CERT, "pkix_pl_Cert_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- /* test that firstObject is a Cert */
- PKIX_CHECK(pkix_CheckType(firstObject, PKIX_CERT_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTCERT);
-
- /*
- * Since we know firstObject is a Cert, if both references are
- * identical, they must be equal
- */
- if (firstObject == secondObject){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If secondObject isn't a Cert, we don't throw an error.
- * We simply return a Boolean result of FALSE
- */
- *pResult = PKIX_FALSE;
- PKIX_CHECK(PKIX_PL_Object_GetType
- (secondObject, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
- if (secondType != PKIX_CERT_TYPE) goto cleanup;
-
- firstCert = ((PKIX_PL_Cert *)firstObject)->nssCert;
- secondCert = ((PKIX_PL_Cert *)secondObject)->nssCert;
-
- PKIX_NULLCHECK_TWO(firstCert, secondCert);
-
- /* CERT_CompareCerts does byte comparison on DER encodings of certs */
- PKIX_CERT_DEBUG("\t\tCalling CERT_CompareCerts).\n");
- cmpResult = CERT_CompareCerts(firstCert, secondCert);
-
- *pResult = cmpResult;
-
-cleanup:
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: pkix_pl_Cert_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_CERT_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_Cert_RegisterSelf(void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(CERT, "pkix_pl_Cert_RegisterSelf");
-
- entry.description = "Cert";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_Cert);
- entry.destructor = pkix_pl_Cert_Destroy;
- entry.equalsFunction = pkix_pl_Cert_Equals;
- entry.hashcodeFunction = pkix_pl_Cert_Hashcode;
- entry.toStringFunction = pkix_pl_Cert_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
-
- systemClasses[PKIX_CERT_TYPE] = entry;
-
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: pkix_pl_Cert_CreateWithNSSCert
- * DESCRIPTION:
- *
- * Creates a new certificate using the CERTCertificate pointed to by "nssCert"
- * and stores it at "pCert". Once created, a Cert is immutable.
- *
- * This function is primarily used as a convenience function for the
- * performance tests that have easy access to a CERTCertificate.
- *
- * PARAMETERS:
- * "nssCert"
- * Address of CERTCertificate representing the NSS certificate.
- * Must be non-NULL.
- * "pCert"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_Cert_CreateWithNSSCert(
- CERTCertificate *nssCert,
- PKIX_PL_Cert **pCert,
- void *plContext)
-{
- PKIX_PL_Cert *cert = NULL;
-
- PKIX_ENTER(CERT, "pkix_pl_Cert_CreateWithNSSCert");
- PKIX_NULLCHECK_TWO(pCert, nssCert);
-
- /* create a PKIX_PL_Cert object */
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_CERT_TYPE,
- sizeof (PKIX_PL_Cert),
- (PKIX_PL_Object **)&cert,
- plContext),
- PKIX_COULDNOTCREATEOBJECT);
-
- /* populate the nssCert field */
- cert->nssCert = nssCert;
-
- /* initialize remaining fields */
- /*
- * Fields ending with Absent are initialized to PKIX_FALSE so that the
- * first time we need the value we will look for it. If we find it is
- * actually absent, the flag will at that time be set to PKIX_TRUE to
- * prevent searching for it later.
- * Fields ending with Processed are those where a value is defined
- * for the Absent case, and a value of zero is possible. When the
- * flag is still true we have to look for the field, set the default
- * value if necessary, and set the Processed flag to PKIX_TRUE.
- */
- cert->subject = NULL;
- cert->issuer = NULL;
- cert->subjAltNames = NULL;
- cert->subjAltNamesAbsent = PKIX_FALSE;
- cert->publicKeyAlgId = NULL;
- cert->publicKey = NULL;
- cert->serialNumber = NULL;
- cert->critExtOids = NULL;
- cert->subjKeyId = NULL;
- cert->subjKeyIdAbsent = PKIX_FALSE;
- cert->authKeyId = NULL;
- cert->authKeyIdAbsent = PKIX_FALSE;
- cert->extKeyUsages = NULL;
- cert->extKeyUsagesAbsent = PKIX_FALSE;
- cert->certBasicConstraints = NULL;
- cert->basicConstraintsAbsent = PKIX_FALSE;
- cert->certPolicyInfos = NULL;
- cert->policyInfoAbsent = PKIX_FALSE;
- cert->policyMappingsAbsent = PKIX_FALSE;
- cert->certPolicyMappings = NULL;
- cert->policyConstraintsProcessed = PKIX_FALSE;
- cert->policyConstraintsExplicitPolicySkipCerts = 0;
- cert->policyConstraintsInhibitMappingSkipCerts = 0;
- cert->inhibitAnyPolicyProcessed = PKIX_FALSE;
- cert->inhibitAnySkipCerts = 0;
- cert->nameConstraints = NULL;
- cert->nameConstraintsAbsent = PKIX_FALSE;
- cert->arenaNameConstraints = NULL;
- cert->nssSubjAltNames = NULL;
- cert->cacheFlag = PKIX_FALSE;
- cert->store = NULL;
- cert->authorityInfoAccess = NULL;
- cert->subjectInfoAccess = NULL;
- cert->isUserTrustAnchor = PKIX_FALSE;
- cert->crldpList = NULL;
-
- *pCert = cert;
-
-cleanup:
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: pkix_pl_Cert_CreateToList
- * DESCRIPTION:
- *
- * Creates a new certificate using the DER-encoding pointed to by "derCertItem"
- * and appends it to the list pointed to by "certList". If Cert creation fails,
- * the function returns with certList unchanged, but any decoding Error is
- * discarded.
- *
- * PARAMETERS:
- * "derCertItem"
- * Address of SECItem containing the DER representation of a certificate.
- * Must be non-NULL.
- * "certList"
- * Address of List to which the Cert will be appended, if successfully
- * created. May be empty, but must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_Cert_CreateToList(
- SECItem *derCertItem,
- PKIX_List *certList,
- void *plContext)
-{
- CERTCertificate *nssCert = NULL;
- PKIX_PL_Cert *cert = NULL;
- CERTCertDBHandle *handle;
-
- PKIX_ENTER(CERT, "pkix_pl_Cert_CreateToList");
- PKIX_NULLCHECK_TWO(derCertItem, certList);
-
- handle = CERT_GetDefaultCertDB();
- nssCert = CERT_NewTempCertificate(handle, derCertItem,
- /* nickname */ NULL,
- /* isPerm */ PR_FALSE,
- /* copyDer */ PR_TRUE);
- if (!nssCert) {
- goto cleanup;
- }
-
- PKIX_CHECK(pkix_pl_Cert_CreateWithNSSCert
- (nssCert, &cert, plContext),
- PKIX_CERTCREATEWITHNSSCERTFAILED);
-
- nssCert = NULL;
-
- PKIX_CHECK(PKIX_List_AppendItem
- (certList, (PKIX_PL_Object *) cert, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
-cleanup:
- if (nssCert) {
- CERT_DestroyCertificate(nssCert);
- }
-
- PKIX_DECREF(cert);
- PKIX_RETURN(CERT);
-}
-
-/* --Public-Functions------------------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_Cert_Create (see comments in pkix_pl_pki.h)
- * XXX We may want to cache the cert after parsing it, so it can be reused
- * XXX Are the NSS/NSPR functions thread safe
- */
-PKIX_Error *
-PKIX_PL_Cert_Create(
- PKIX_PL_ByteArray *byteArray,
- PKIX_PL_Cert **pCert,
- void *plContext)
-{
- CERTCertificate *nssCert = NULL;
- SECItem *derCertItem = NULL;
- void *derBytes = NULL;
- PKIX_UInt32 derLength;
- PKIX_Boolean copyDER;
- PKIX_PL_Cert *cert = NULL;
- CERTCertDBHandle *handle;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_Create");
- PKIX_NULLCHECK_TWO(pCert, byteArray);
-
- PKIX_CHECK(PKIX_PL_ByteArray_GetPointer
- (byteArray, &derBytes, plContext),
- PKIX_BYTEARRAYGETPOINTERFAILED);
-
- PKIX_CHECK(PKIX_PL_ByteArray_GetLength
- (byteArray, &derLength, plContext),
- PKIX_BYTEARRAYGETLENGTHFAILED);
-
- derCertItem = SECITEM_AllocItem(NULL, NULL, derLength);
- if (derCertItem == NULL){
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- (void) PORT_Memcpy(derCertItem->data, derBytes, derLength);
-
- /*
- * setting copyDER to true forces NSS to make its own copy of the DER,
- * allowing us to free our copy without worrying about whether NSS
- * is still using it
- */
- copyDER = PKIX_TRUE;
- handle = CERT_GetDefaultCertDB();
- nssCert = CERT_NewTempCertificate(handle, derCertItem,
- /* nickname */ NULL,
- /* isPerm */ PR_FALSE,
- /* copyDer */ PR_TRUE);
- if (!nssCert){
- PKIX_ERROR(PKIX_CERTDECODEDERCERTIFICATEFAILED);
- }
-
- PKIX_CHECK(pkix_pl_Cert_CreateWithNSSCert
- (nssCert, &cert, plContext),
- PKIX_CERTCREATEWITHNSSCERTFAILED);
-
- *pCert = cert;
-
-cleanup:
- if (derCertItem){
- SECITEM_FreeItem(derCertItem, PKIX_TRUE);
- }
-
- if (nssCert && PKIX_ERROR_RECEIVED){
- PKIX_CERT_DEBUG("\t\tCalling CERT_DestroyCertificate).\n");
- CERT_DestroyCertificate(nssCert);
- nssCert = NULL;
- }
-
- PKIX_FREE(derBytes);
- PKIX_RETURN(CERT);
-}
-
-
-/*
- * FUNCTION: PKIX_PL_Cert_CreateFromCERTCertificate
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_CreateFromCERTCertificate(
- const CERTCertificate *nssCert,
- PKIX_PL_Cert **pCert,
- void *plContext)
-{
- void *buf = NULL;
- PKIX_UInt32 len;
- PKIX_PL_ByteArray *byteArray = NULL;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_CreateWithNssCert");
- PKIX_NULLCHECK_TWO(pCert, nssCert);
-
- buf = (void*)nssCert->derCert.data;
- len = nssCert->derCert.len;
-
- PKIX_CHECK(
- PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext),
- PKIX_BYTEARRAYCREATEFAILED);
-
- PKIX_CHECK(
- PKIX_PL_Cert_Create(byteArray, pCert, plContext),
- PKIX_CERTCREATEWITHNSSCERTFAILED);
-
-#ifdef PKIX_UNDEF
- /* will be tested and used as a patch for bug 391612 */
- nssCert = CERT_DupCertificate(nssInCert);
-
- PKIX_CHECK(pkix_pl_Cert_CreateWithNSSCert
- (nssCert, &cert, plContext),
- PKIX_CERTCREATEWITHNSSCERTFAILED);
-#endif /* PKIX_UNDEF */
-
-cleanup:
-
-#ifdef PKIX_UNDEF
- if (nssCert && PKIX_ERROR_RECEIVED){
- PKIX_CERT_DEBUG("\t\tCalling CERT_DestroyCertificate).\n");
- CERT_DestroyCertificate(nssCert);
- nssCert = NULL;
- }
-#endif /* PKIX_UNDEF */
-
- PKIX_DECREF(byteArray);
- PKIX_RETURN(CERT);
-}
-
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetVersion (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetVersion(
- PKIX_PL_Cert *cert,
- PKIX_UInt32 *pVersion,
- void *plContext)
-{
- CERTCertificate *nssCert = NULL;
- PKIX_UInt32 myVersion = 1;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetVersion");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pVersion);
-
- nssCert = cert->nssCert;
- if (nssCert->version.data) {
- myVersion = *(nssCert->version.data);
- }
-
- if (myVersion > 2){
- PKIX_ERROR(PKIX_VERSIONVALUEMUSTBEV1V2ORV3);
- }
-
- *pVersion = myVersion;
-
-cleanup:
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSerialNumber (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSerialNumber(
- PKIX_PL_Cert *cert,
- PKIX_PL_BigInt **pSerialNumber,
- void *plContext)
-{
- CERTCertificate *nssCert = NULL;
- SECItem serialNumItem;
- PKIX_PL_BigInt *serialNumber = NULL;
- char *bytes = NULL;
- PKIX_UInt32 length;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSerialNumber");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSerialNumber);
-
- if (cert->serialNumber == NULL){
-
- PKIX_OBJECT_LOCK(cert);
-
- if (cert->serialNumber == NULL){
-
- nssCert = cert->nssCert;
- serialNumItem = nssCert->serialNumber;
-
- length = serialNumItem.len;
- bytes = (char *)serialNumItem.data;
-
- PKIX_CHECK(pkix_pl_BigInt_CreateWithBytes
- (bytes, length, &serialNumber, plContext),
- PKIX_BIGINTCREATEWITHBYTESFAILED);
-
- /* save a cached copy in case it is asked for again */
- cert->serialNumber = serialNumber;
- }
-
- PKIX_OBJECT_UNLOCK(cert);
- }
-
- PKIX_INCREF(cert->serialNumber);
- *pSerialNumber = cert->serialNumber;
-
-cleanup:
- PKIX_OBJECT_UNLOCK(lockedObject);
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSubject (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSubject(
- PKIX_PL_Cert *cert,
- PKIX_PL_X500Name **pCertSubject,
- void *plContext)
-{
- PKIX_PL_X500Name *pkixSubject = NULL;
- CERTName *subjName = NULL;
- SECItem *derSubjName = NULL;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubject");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pCertSubject);
-
- /* if we don't have a cached copy from before, we create one */
- if (cert->subject == NULL){
-
- PKIX_OBJECT_LOCK(cert);
-
- if (cert->subject == NULL){
-
- subjName = &cert->nssCert->subject;
- derSubjName = &cert->nssCert->derSubject;
-
- /* if there is no subject name */
- if (derSubjName->data == NULL) {
-
- pkixSubject = NULL;
-
- } else {
- PKIX_CHECK(PKIX_PL_X500Name_CreateFromCERTName
- (derSubjName, subjName, &pkixSubject,
- plContext),
- PKIX_X500NAMECREATEFROMCERTNAMEFAILED);
-
- }
- /* save a cached copy in case it is asked for again */
- cert->subject = pkixSubject;
- }
-
- PKIX_OBJECT_UNLOCK(cert);
- }
-
- PKIX_INCREF(cert->subject);
- *pCertSubject = cert->subject;
-
-cleanup:
- PKIX_OBJECT_UNLOCK(lockedObject);
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetIssuer (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetIssuer(
- PKIX_PL_Cert *cert,
- PKIX_PL_X500Name **pCertIssuer,
- void *plContext)
-{
- PKIX_PL_X500Name *pkixIssuer = NULL;
- SECItem *derIssuerName = NULL;
- CERTName *issuerName = NULL;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetIssuer");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pCertIssuer);
-
- /* if we don't have a cached copy from before, we create one */
- if (cert->issuer == NULL){
-
- PKIX_OBJECT_LOCK(cert);
-
- if (cert->issuer == NULL){
-
- issuerName = &cert->nssCert->issuer;
- derIssuerName = &cert->nssCert->derIssuer;
-
- /* if there is no subject name */
- PKIX_CHECK(PKIX_PL_X500Name_CreateFromCERTName
- (derIssuerName, issuerName,
- &pkixIssuer, plContext),
- PKIX_X500NAMECREATEFROMCERTNAMEFAILED);
-
- /* save a cached copy in case it is asked for again */
- cert->issuer = pkixIssuer;
- }
-
- PKIX_OBJECT_UNLOCK(cert);
- }
-
- PKIX_INCREF(cert->issuer);
- *pCertIssuer = cert->issuer;
-
-cleanup:
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSubjectAltNames (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSubjectAltNames(
- PKIX_PL_Cert *cert,
- PKIX_List **pSubjectAltNames, /* list of PKIX_PL_GeneralName */
- void *plContext)
-{
- PKIX_PL_GeneralName *pkixAltName = NULL;
- PKIX_List *altNamesList = NULL;
-
- CERTGeneralName *nssOriginalAltName = NULL;
- CERTGeneralName *nssTempAltName = NULL;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubjectAltNames");
- PKIX_NULLCHECK_TWO(cert, pSubjectAltNames);
-
- /* if we don't have a cached copy from before, we create one */
- if ((cert->subjAltNames == NULL) && (!cert->subjAltNamesAbsent)){
-
- PKIX_OBJECT_LOCK(cert);
-
- if ((cert->subjAltNames == NULL) &&
- (!cert->subjAltNamesAbsent)){
-
- PKIX_CHECK(pkix_pl_Cert_GetNssSubjectAltNames
- (cert,
- PKIX_TRUE,
- &nssOriginalAltName,
- plContext),
- PKIX_CERTGETNSSSUBJECTALTNAMESFAILED);
-
- if (nssOriginalAltName == NULL) {
- cert->subjAltNamesAbsent = PKIX_TRUE;
- pSubjectAltNames = NULL;
- goto cleanup;
- }
-
- nssTempAltName = nssOriginalAltName;
-
- PKIX_CHECK(PKIX_List_Create(&altNamesList, plContext),
- PKIX_LISTCREATEFAILED);
-
- do {
- PKIX_CHECK(pkix_pl_GeneralName_Create
- (nssTempAltName, &pkixAltName, plContext),
- PKIX_GENERALNAMECREATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (altNamesList,
- (PKIX_PL_Object *)pkixAltName,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_DECREF(pkixAltName);
-
- PKIX_CERT_DEBUG
- ("\t\tCalling CERT_GetNextGeneralName).\n");
- nssTempAltName = CERT_GetNextGeneralName
- (nssTempAltName);
-
- } while (nssTempAltName != nssOriginalAltName);
-
- /* save a cached copy in case it is asked for again */
- cert->subjAltNames = altNamesList;
- PKIX_CHECK(PKIX_List_SetImmutable
- (cert->subjAltNames, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- }
-
- PKIX_OBJECT_UNLOCK(cert);
- }
-
- PKIX_INCREF(cert->subjAltNames);
-
- *pSubjectAltNames = cert->subjAltNames;
-
-cleanup:
- PKIX_DECREF(pkixAltName);
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(altNamesList);
- }
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetAllSubjectNames (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetAllSubjectNames(
- PKIX_PL_Cert *cert,
- PKIX_List **pAllSubjectNames, /* list of PKIX_PL_GeneralName */
- void *plContext)
-{
- CERTGeneralName *nssOriginalSubjectName = NULL;
- CERTGeneralName *nssTempSubjectName = NULL;
- PKIX_List *allSubjectNames = NULL;
- PKIX_PL_GeneralName *pkixSubjectName = NULL;
- PLArenaPool *arena = NULL;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetAllSubjectNames");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pAllSubjectNames);
-
-
- if (cert->nssCert->subjectName == NULL){
- /* if there is no subject DN, just get altnames */
-
- PKIX_CHECK(pkix_pl_Cert_GetNssSubjectAltNames
- (cert,
- PKIX_FALSE, /* hasLock */
- &nssOriginalSubjectName,
- plContext),
- PKIX_CERTGETNSSSUBJECTALTNAMESFAILED);
-
- } else { /* get subject DN and altnames */
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- /* This NSS call returns both Subject and Subject Alt Names */
- PKIX_CERT_DEBUG("\t\tCalling CERT_GetCertificateNames\n");
- nssOriginalSubjectName =
- CERT_GetCertificateNames(cert->nssCert, arena);
- }
-
- if (nssOriginalSubjectName == NULL) {
- pAllSubjectNames = NULL;
- goto cleanup;
- }
-
- nssTempSubjectName = nssOriginalSubjectName;
-
- PKIX_CHECK(PKIX_List_Create(&allSubjectNames, plContext),
- PKIX_LISTCREATEFAILED);
-
- do {
- PKIX_CHECK(pkix_pl_GeneralName_Create
- (nssTempSubjectName, &pkixSubjectName, plContext),
- PKIX_GENERALNAMECREATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (allSubjectNames,
- (PKIX_PL_Object *)pkixSubjectName,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_DECREF(pkixSubjectName);
-
- PKIX_CERT_DEBUG
- ("\t\tCalling CERT_GetNextGeneralName).\n");
- nssTempSubjectName = CERT_GetNextGeneralName
- (nssTempSubjectName);
- } while (nssTempSubjectName != nssOriginalSubjectName);
-
- *pAllSubjectNames = allSubjectNames;
-
-cleanup:
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(allSubjectNames);
- }
-
- if (arena){
- PORT_FreeArena(arena, PR_FALSE);
- }
- PKIX_DECREF(pkixSubjectName);
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKeyAlgId
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSubjectPublicKeyAlgId(
- PKIX_PL_Cert *cert,
- PKIX_PL_OID **pSubjKeyAlgId,
- void *plContext)
-{
- PKIX_PL_OID *pubKeyAlgId = NULL;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubjectPublicKeyAlgId");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSubjKeyAlgId);
-
- /* if we don't have a cached copy from before, we create one */
- if (cert->publicKeyAlgId == NULL){
- PKIX_OBJECT_LOCK(cert);
- if (cert->publicKeyAlgId == NULL){
- CERTCertificate *nssCert = cert->nssCert;
- SECAlgorithmID *algorithm;
- SECItem *algBytes;
-
- algorithm = &nssCert->subjectPublicKeyInfo.algorithm;
- algBytes = &algorithm->algorithm;
- if (!algBytes->data || !algBytes->len) {
- PKIX_ERROR_FATAL(PKIX_ALGORITHMBYTESLENGTH0);
- }
- PKIX_CHECK(PKIX_PL_OID_CreateBySECItem
- (algBytes, &pubKeyAlgId, plContext),
- PKIX_OIDCREATEFAILED);
-
- /* save a cached copy in case it is asked for again */
- cert->publicKeyAlgId = pubKeyAlgId;
- pubKeyAlgId = NULL;
- }
- PKIX_OBJECT_UNLOCK(cert);
- }
-
- PKIX_INCREF(cert->publicKeyAlgId);
- *pSubjKeyAlgId = cert->publicKeyAlgId;
-
-cleanup:
- PKIX_DECREF(pubKeyAlgId);
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKey (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSubjectPublicKey(
- PKIX_PL_Cert *cert,
- PKIX_PL_PublicKey **pPublicKey,
- void *plContext)
-{
- PKIX_PL_PublicKey *pkixPubKey = NULL;
- SECStatus rv;
-
- CERTSubjectPublicKeyInfo *from = NULL;
- CERTSubjectPublicKeyInfo *to = NULL;
- SECItem *fromItem = NULL;
- SECItem *toItem = NULL;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubjectPublicKey");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pPublicKey);
-
- /* if we don't have a cached copy from before, we create one */
- if (cert->publicKey == NULL){
-
- PKIX_OBJECT_LOCK(cert);
-
- if (cert->publicKey == NULL){
-
- /* create a PKIX_PL_PublicKey object */
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_PUBLICKEY_TYPE,
- sizeof (PKIX_PL_PublicKey),
- (PKIX_PL_Object **)&pkixPubKey,
- plContext),
- PKIX_COULDNOTCREATEOBJECT);
-
- /* initialize fields */
- pkixPubKey->nssSPKI = NULL;
-
- /* populate the SPKI field */
- PKIX_CHECK(PKIX_PL_Malloc
- (sizeof (CERTSubjectPublicKeyInfo),
- (void **)&pkixPubKey->nssSPKI,
- plContext),
- PKIX_MALLOCFAILED);
-
- to = pkixPubKey->nssSPKI;
- from = &cert->nssCert->subjectPublicKeyInfo;
-
- PKIX_NULLCHECK_TWO(to, from);
-
- PKIX_CERT_DEBUG
- ("\t\tCalling SECOID_CopyAlgorithmID).\n");
- rv = SECOID_CopyAlgorithmID
- (NULL, &to->algorithm, &from->algorithm);
- if (rv != SECSuccess) {
- PKIX_ERROR(PKIX_SECOIDCOPYALGORITHMIDFAILED);
- }
-
- /*
- * NSS stores the length of subjectPublicKey in bits.
- * Therefore, we use that length converted to bytes
- * using ((length+7)>>3) before calling PORT_Memcpy
- * in order to avoid "read from uninitialized memory"
- * errors.
- */
-
- toItem = &to->subjectPublicKey;
- fromItem = &from->subjectPublicKey;
-
- PKIX_NULLCHECK_TWO(toItem, fromItem);
-
- toItem->type = fromItem->type;
-
- toItem->data =
- (unsigned char*) PORT_ZAlloc(fromItem->len);
- if (!toItem->data){
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- (void) PORT_Memcpy(toItem->data,
- fromItem->data,
- (fromItem->len + 7)>>3);
- toItem->len = fromItem->len;
-
- /* save a cached copy in case it is asked for again */
- cert->publicKey = pkixPubKey;
- }
-
- PKIX_OBJECT_UNLOCK(cert);
- }
-
- PKIX_INCREF(cert->publicKey);
- *pPublicKey = cert->publicKey;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED && pkixPubKey){
- PKIX_DECREF(pkixPubKey);
- cert->publicKey = NULL;
- }
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetCriticalExtensionOIDs
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetCriticalExtensionOIDs(
- PKIX_PL_Cert *cert,
- PKIX_List **pList, /* list of PKIX_PL_OID */
- void *plContext)
-{
- PKIX_List *oidsList = NULL;
- CERTCertExtension **extensions = NULL;
- CERTCertificate *nssCert = NULL;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetCriticalExtensionOIDs");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pList);
-
- /* if we don't have a cached copy from before, we create one */
- if (cert->critExtOids == NULL) {
-
- PKIX_OBJECT_LOCK(cert);
-
- if (cert->critExtOids == NULL) {
-
- nssCert = cert->nssCert;
-
- /*
- * ASN.1 for Extension
- *
- * Extension ::= SEQUENCE {
- * extnID OBJECT IDENTIFIER,
- * critical BOOLEAN DEFAULT FALSE,
- * extnValue OCTET STRING }
- *
- */
-
- extensions = nssCert->extensions;
-
- PKIX_CHECK(pkix_pl_OID_GetCriticalExtensionOIDs
- (extensions, &oidsList, plContext),
- PKIX_GETCRITICALEXTENSIONOIDSFAILED);
-
- /* save a cached copy in case it is asked for again */
- cert->critExtOids = oidsList;
- }
-
- PKIX_OBJECT_UNLOCK(cert);
- }
-
- /* We should return a copy of the List since this list changes */
- PKIX_DUPLICATE(cert->critExtOids, pList, plContext,
- PKIX_OBJECTDUPLICATELISTFAILED);
-
-cleanup:
- PKIX_OBJECT_UNLOCK(lockedObject);
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetAuthorityKeyIdentifier
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetAuthorityKeyIdentifier(
- PKIX_PL_Cert *cert,
- PKIX_PL_ByteArray **pAuthKeyId,
- void *plContext)
-{
- PKIX_PL_ByteArray *authKeyId = NULL;
- CERTCertificate *nssCert = NULL;
- CERTAuthKeyID *authKeyIdExtension = NULL;
- PLArenaPool *arena = NULL;
- SECItem retItem;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetAuthorityKeyIdentifier");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pAuthKeyId);
-
- /* if we don't have a cached copy from before, we create one */
- if ((cert->authKeyId == NULL) && (!cert->authKeyIdAbsent)){
-
- PKIX_OBJECT_LOCK(cert);
-
- if ((cert->authKeyId == NULL) && (!cert->authKeyIdAbsent)){
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- nssCert = cert->nssCert;
-
- authKeyIdExtension =
- CERT_FindAuthKeyIDExten(arena, nssCert);
- if (authKeyIdExtension == NULL){
- cert->authKeyIdAbsent = PKIX_TRUE;
- *pAuthKeyId = NULL;
- goto cleanup;
- }
-
- retItem = authKeyIdExtension->keyID;
-
- if (retItem.len == 0){
- cert->authKeyIdAbsent = PKIX_TRUE;
- *pAuthKeyId = NULL;
- goto cleanup;
- }
-
- PKIX_CHECK(PKIX_PL_ByteArray_Create
- (retItem.data,
- retItem.len,
- &authKeyId,
- plContext),
- PKIX_BYTEARRAYCREATEFAILED);
-
- /* save a cached copy in case it is asked for again */
- cert->authKeyId = authKeyId;
- }
-
- PKIX_OBJECT_UNLOCK(cert);
- }
-
- PKIX_INCREF(cert->authKeyId);
- *pAuthKeyId = cert->authKeyId;
-
-cleanup:
- PKIX_OBJECT_UNLOCK(lockedObject);
- if (arena){
- PORT_FreeArena(arena, PR_FALSE);
- }
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSubjectKeyIdentifier
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSubjectKeyIdentifier(
- PKIX_PL_Cert *cert,
- PKIX_PL_ByteArray **pSubjKeyId,
- void *plContext)
-{
- PKIX_PL_ByteArray *subjKeyId = NULL;
- CERTCertificate *nssCert = NULL;
- SECItem *retItem = NULL;
- SECStatus status;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubjectKeyIdentifier");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSubjKeyId);
-
- /* if we don't have a cached copy from before, we create one */
- if ((cert->subjKeyId == NULL) && (!cert->subjKeyIdAbsent)){
-
- PKIX_OBJECT_LOCK(cert);
-
- if ((cert->subjKeyId == NULL) && (!cert->subjKeyIdAbsent)){
-
- retItem = SECITEM_AllocItem(NULL, NULL, 0);
- if (retItem == NULL){
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- nssCert = cert->nssCert;
-
- status = CERT_FindSubjectKeyIDExtension
- (nssCert, retItem);
- if (status != SECSuccess) {
- cert->subjKeyIdAbsent = PKIX_TRUE;
- *pSubjKeyId = NULL;
- goto cleanup;
- }
-
- PKIX_CHECK(PKIX_PL_ByteArray_Create
- (retItem->data,
- retItem->len,
- &subjKeyId,
- plContext),
- PKIX_BYTEARRAYCREATEFAILED);
-
- /* save a cached copy in case it is asked for again */
- cert->subjKeyId = subjKeyId;
- }
-
- PKIX_OBJECT_UNLOCK(cert);
- }
-
- PKIX_INCREF(cert->subjKeyId);
- *pSubjKeyId = cert->subjKeyId;
-
-cleanup:
- PKIX_OBJECT_UNLOCK(lockedObject);
- if (retItem){
- SECITEM_FreeItem(retItem, PKIX_TRUE);
- }
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetExtendedKeyUsage (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetExtendedKeyUsage(
- PKIX_PL_Cert *cert,
- PKIX_List **pKeyUsage, /* list of PKIX_PL_OID */
- void *plContext)
-{
- CERTOidSequence *extKeyUsage = NULL;
- CERTCertificate *nssCert = NULL;
- PKIX_PL_OID *pkixOID = NULL;
- PKIX_List *oidsList = NULL;
- SECItem **oids = NULL;
- SECItem encodedExtKeyUsage;
- SECStatus rv;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetExtendedKeyUsage");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pKeyUsage);
-
- /* if we don't have a cached copy from before, we create one */
- if ((cert->extKeyUsages == NULL) && (!cert->extKeyUsagesAbsent)){
-
- PKIX_OBJECT_LOCK(cert);
-
- if ((cert->extKeyUsages == NULL) &&
- (!cert->extKeyUsagesAbsent)){
-
- nssCert = cert->nssCert;
-
- rv = CERT_FindCertExtension
- (nssCert, SEC_OID_X509_EXT_KEY_USAGE,
- &encodedExtKeyUsage);
- if (rv != SECSuccess){
- cert->extKeyUsagesAbsent = PKIX_TRUE;
- *pKeyUsage = NULL;
- goto cleanup;
- }
-
- extKeyUsage =
- CERT_DecodeOidSequence(&encodedExtKeyUsage);
- if (extKeyUsage == NULL){
- PKIX_ERROR(PKIX_CERTDECODEOIDSEQUENCEFAILED);
- }
-
- PORT_Free(encodedExtKeyUsage.data);
-
- oids = extKeyUsage->oids;
-
- if (!oids){
- /* no extended key usage extensions found */
- cert->extKeyUsagesAbsent = PKIX_TRUE;
- *pKeyUsage = NULL;
- goto cleanup;
- }
-
- PKIX_CHECK(PKIX_List_Create(&oidsList, plContext),
- PKIX_LISTCREATEFAILED);
-
- while (*oids){
- SECItem *oid = *oids++;
-
- PKIX_CHECK(PKIX_PL_OID_CreateBySECItem
- (oid, &pkixOID, plContext),
- PKIX_OIDCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (oidsList,
- (PKIX_PL_Object *)pkixOID,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- PKIX_DECREF(pkixOID);
- }
-
- /* save a cached copy in case it is asked for again */
- cert->extKeyUsages = oidsList;
- oidsList = NULL;
- }
-
- PKIX_CHECK(PKIX_List_SetImmutable
- (cert->extKeyUsages, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- PKIX_OBJECT_UNLOCK(cert);
- }
-
- PKIX_INCREF(cert->extKeyUsages);
- *pKeyUsage = cert->extKeyUsages;
-
-cleanup:
- PKIX_OBJECT_UNLOCK(lockedObject);
-
- PKIX_DECREF(pkixOID);
- PKIX_DECREF(oidsList);
- CERT_DestroyOidSequence(extKeyUsage);
-
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetBasicConstraints
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetBasicConstraints(
- PKIX_PL_Cert *cert,
- PKIX_PL_CertBasicConstraints **pBasicConstraints,
- void *plContext)
-{
- CERTCertificate *nssCert = NULL;
- CERTBasicConstraints nssBasicConstraint;
- SECStatus rv;
- PKIX_PL_CertBasicConstraints *basic;
- PKIX_Int32 pathLen = 0;
- PKIX_Boolean isCA = PKIX_FALSE;
- enum {
- realBC, synthBC, absentBC
- } constraintSource = absentBC;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetBasicConstraints");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pBasicConstraints);
-
- /* if we don't have a cached copy from before, we create one */
- if ((cert->certBasicConstraints == NULL) &&
- (!cert->basicConstraintsAbsent)) {
-
- PKIX_OBJECT_LOCK(cert);
-
- if ((cert->certBasicConstraints == NULL) &&
- (!cert->basicConstraintsAbsent)) {
-
- nssCert = cert->nssCert;
-
- PKIX_CERT_DEBUG(
- "\t\tCalling Cert_FindBasicConstraintExten\n");
- rv = CERT_FindBasicConstraintExten
- (nssCert, &nssBasicConstraint);
- if (rv == SECSuccess) {
- constraintSource = realBC;
- }
-
- if (constraintSource == absentBC) {
- /* can we deduce it's a CA and create a
- synthetic constraint?
- */
- CERTCertTrust trust;
- rv = CERT_GetCertTrust(nssCert, &trust);
- if (rv == SECSuccess) {
- int anyWantedFlag = CERTDB_TRUSTED_CA | CERTDB_VALID_CA;
- if ((trust.sslFlags & anyWantedFlag)
- || (trust.emailFlags & anyWantedFlag)
- || (trust.objectSigningFlags & anyWantedFlag)) {
-
- constraintSource = synthBC;
- }
- }
- }
-
- if (constraintSource == absentBC) {
- cert->basicConstraintsAbsent = PKIX_TRUE;
- *pBasicConstraints = NULL;
- goto cleanup;
- }
- }
-
- if (constraintSource == synthBC) {
- isCA = PKIX_TRUE;
- pathLen = PKIX_UNLIMITED_PATH_CONSTRAINT;
- } else {
- isCA = (nssBasicConstraint.isCA)?PKIX_TRUE:PKIX_FALSE;
-
- /* The pathLen has meaning only for CAs */
- if (isCA) {
- if (CERT_UNLIMITED_PATH_CONSTRAINT ==
- nssBasicConstraint.pathLenConstraint) {
- pathLen = PKIX_UNLIMITED_PATH_CONSTRAINT;
- } else {
- pathLen = nssBasicConstraint.pathLenConstraint;
- }
- }
- }
-
- PKIX_CHECK(pkix_pl_CertBasicConstraints_Create
- (isCA, pathLen, &basic, plContext),
- PKIX_CERTBASICCONSTRAINTSCREATEFAILED);
-
- /* save a cached copy in case it is asked for again */
- cert->certBasicConstraints = basic;
- }
-
- PKIX_INCREF(cert->certBasicConstraints);
- *pBasicConstraints = cert->certBasicConstraints;
-
-cleanup:
- PKIX_OBJECT_UNLOCK(lockedObject);
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetPolicyInformation
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetPolicyInformation(
- PKIX_PL_Cert *cert,
- PKIX_List **pPolicyInfo,
- void *plContext)
-{
- PKIX_List *policyList = NULL;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetPolicyInformation");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pPolicyInfo);
-
- /* if we don't have a cached copy from before, we create one */
- if ((cert->certPolicyInfos == NULL) &&
- (!cert->policyInfoAbsent)) {
-
- PKIX_OBJECT_LOCK(cert);
-
- if ((cert->certPolicyInfos == NULL) &&
- (!cert->policyInfoAbsent)) {
-
- PKIX_CHECK(pkix_pl_Cert_DecodePolicyInfo
- (cert->nssCert, &policyList, plContext),
- PKIX_CERTDECODEPOLICYINFOFAILED);
-
- if (!policyList) {
- cert->policyInfoAbsent = PKIX_TRUE;
- *pPolicyInfo = NULL;
- goto cleanup;
- }
- }
-
- PKIX_OBJECT_UNLOCK(cert);
-
- /* save a cached copy in case it is asked for again */
- cert->certPolicyInfos = policyList;
- policyList = NULL;
- }
-
- PKIX_INCREF(cert->certPolicyInfos);
- *pPolicyInfo = cert->certPolicyInfos;
-
-cleanup:
- PKIX_OBJECT_UNLOCK(lockedObject);
-
- PKIX_DECREF(policyList);
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetPolicyMappings (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetPolicyMappings(
- PKIX_PL_Cert *cert,
- PKIX_List **pPolicyMappings, /* list of PKIX_PL_CertPolicyMap */
- void *plContext)
-{
- PKIX_List *policyMappings = NULL; /* list of PKIX_PL_CertPolicyMap */
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetPolicyMappings");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pPolicyMappings);
-
- /* if we don't have a cached copy from before, we create one */
- if (!(cert->certPolicyMappings) && !(cert->policyMappingsAbsent)) {
-
- PKIX_OBJECT_LOCK(cert);
-
- if (!(cert->certPolicyMappings) &&
- !(cert->policyMappingsAbsent)) {
-
- PKIX_CHECK(pkix_pl_Cert_DecodePolicyMapping
- (cert->nssCert, &policyMappings, plContext),
- PKIX_CERTDECODEPOLICYMAPPINGFAILED);
-
- if (!policyMappings) {
- cert->policyMappingsAbsent = PKIX_TRUE;
- *pPolicyMappings = NULL;
- goto cleanup;
- }
- }
-
- PKIX_OBJECT_UNLOCK(cert);
-
- /* save a cached copy in case it is asked for again */
- cert->certPolicyMappings = policyMappings;
- policyMappings = NULL;
- }
-
- PKIX_INCREF(cert->certPolicyMappings);
- *pPolicyMappings = cert->certPolicyMappings;
-
-cleanup:
- PKIX_OBJECT_UNLOCK(lockedObject);
-
- PKIX_DECREF(policyMappings);
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetRequireExplicitPolicy
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetRequireExplicitPolicy(
- PKIX_PL_Cert *cert,
- PKIX_Int32 *pSkipCerts,
- void *plContext)
-{
- PKIX_Int32 explicitPolicySkipCerts = 0;
- PKIX_Int32 inhibitMappingSkipCerts = 0;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetRequireExplicitPolicy");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSkipCerts);
-
- if (!(cert->policyConstraintsProcessed)) {
- PKIX_OBJECT_LOCK(cert);
-
- if (!(cert->policyConstraintsProcessed)) {
-
- /*
- * If we can't process it now, we probably will be
- * unable to process it later. Set the default value.
- */
- cert->policyConstraintsProcessed = PKIX_TRUE;
- cert->policyConstraintsExplicitPolicySkipCerts = -1;
- cert->policyConstraintsInhibitMappingSkipCerts = -1;
-
- PKIX_CHECK(pkix_pl_Cert_DecodePolicyConstraints
- (cert->nssCert,
- &explicitPolicySkipCerts,
- &inhibitMappingSkipCerts,
- plContext),
- PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED);
-
- cert->policyConstraintsExplicitPolicySkipCerts =
- explicitPolicySkipCerts;
- cert->policyConstraintsInhibitMappingSkipCerts =
- inhibitMappingSkipCerts;
- }
-
- PKIX_OBJECT_UNLOCK(cert);
- }
-
- *pSkipCerts = cert->policyConstraintsExplicitPolicySkipCerts;
-
-cleanup:
- PKIX_OBJECT_UNLOCK(lockedObject);
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetPolicyMappingInhibited
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetPolicyMappingInhibited(
- PKIX_PL_Cert *cert,
- PKIX_Int32 *pSkipCerts,
- void *plContext)
-{
- PKIX_Int32 explicitPolicySkipCerts = 0;
- PKIX_Int32 inhibitMappingSkipCerts = 0;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetPolicyMappingInhibited");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSkipCerts);
-
- if (!(cert->policyConstraintsProcessed)) {
- PKIX_OBJECT_LOCK(cert);
-
- if (!(cert->policyConstraintsProcessed)) {
-
- /*
- * If we can't process it now, we probably will be
- * unable to process it later. Set the default value.
- */
- cert->policyConstraintsProcessed = PKIX_TRUE;
- cert->policyConstraintsExplicitPolicySkipCerts = -1;
- cert->policyConstraintsInhibitMappingSkipCerts = -1;
-
- PKIX_CHECK(pkix_pl_Cert_DecodePolicyConstraints
- (cert->nssCert,
- &explicitPolicySkipCerts,
- &inhibitMappingSkipCerts,
- plContext),
- PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED);
-
- cert->policyConstraintsExplicitPolicySkipCerts =
- explicitPolicySkipCerts;
- cert->policyConstraintsInhibitMappingSkipCerts =
- inhibitMappingSkipCerts;
- }
-
- PKIX_OBJECT_UNLOCK(cert);
- }
-
- *pSkipCerts = cert->policyConstraintsInhibitMappingSkipCerts;
-
-cleanup:
- PKIX_OBJECT_UNLOCK(lockedObject);
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetInhibitAnyPolicy (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetInhibitAnyPolicy(
- PKIX_PL_Cert *cert,
- PKIX_Int32 *pSkipCerts,
- void *plContext)
-{
- PKIX_Int32 skipCerts = 0;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetInhibitAnyPolicy");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSkipCerts);
-
- if (!(cert->inhibitAnyPolicyProcessed)) {
-
- PKIX_OBJECT_LOCK(cert);
-
- if (!(cert->inhibitAnyPolicyProcessed)) {
-
- /*
- * If we can't process it now, we probably will be
- * unable to process it later. Set the default value.
- */
- cert->inhibitAnyPolicyProcessed = PKIX_TRUE;
- cert->inhibitAnySkipCerts = -1;
-
- PKIX_CHECK(pkix_pl_Cert_DecodeInhibitAnyPolicy
- (cert->nssCert, &skipCerts, plContext),
- PKIX_CERTDECODEINHIBITANYPOLICYFAILED);
-
- cert->inhibitAnySkipCerts = skipCerts;
- }
-
- PKIX_OBJECT_UNLOCK(cert);
- }
-
-cleanup:
- PKIX_OBJECT_UNLOCK(lockedObject);
- *pSkipCerts = cert->inhibitAnySkipCerts;
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_AreCertPoliciesCritical
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_AreCertPoliciesCritical(
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pCritical,
- void *plContext)
-{
- PKIX_Boolean criticality = PKIX_FALSE;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_AreCertPoliciesCritical");
- PKIX_NULLCHECK_TWO(cert, pCritical);
-
- PKIX_CHECK(pkix_pl_Cert_IsExtensionCritical(
- cert,
- SEC_OID_X509_CERTIFICATE_POLICIES,
- &criticality,
- plContext),
- PKIX_CERTISEXTENSIONCRITICALFAILED);
-
- *pCritical = criticality;
-
-cleanup:
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_VerifySignature (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_VerifySignature(
- PKIX_PL_Cert *cert,
- PKIX_PL_PublicKey *pubKey,
- void *plContext)
-{
- CERTCertificate *nssCert = NULL;
- SECKEYPublicKey *nssPubKey = NULL;
- CERTSignedData *tbsCert = NULL;
- PKIX_PL_Cert *cachedCert = NULL;
- PKIX_Error *verifySig = NULL;
- PKIX_Error *cachedSig = NULL;
- SECStatus status;
- PKIX_Boolean certEqual = PKIX_FALSE;
- PKIX_Boolean certInHash = PKIX_FALSE;
- void* wincx = NULL;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_VerifySignature");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pubKey);
-
- verifySig = PKIX_PL_HashTable_Lookup
- (cachedCertSigTable,
- (PKIX_PL_Object *) pubKey,
- (PKIX_PL_Object **) &cachedCert,
- plContext);
-
- if (cachedCert != NULL && verifySig == NULL) {
- /* Cached Signature Table lookup succeed */
- PKIX_EQUALS(cert, cachedCert, &certEqual, plContext,
- PKIX_OBJECTEQUALSFAILED);
- if (certEqual == PKIX_TRUE) {
- goto cleanup;
- }
- /* Different PubKey may hash to same value, skip add */
- certInHash = PKIX_TRUE;
- }
-
- nssCert = cert->nssCert;
- tbsCert = &nssCert->signatureWrap;
-
- PKIX_CERT_DEBUG("\t\tCalling SECKEY_ExtractPublicKey).\n");
- nssPubKey = SECKEY_ExtractPublicKey(pubKey->nssSPKI);
- if (!nssPubKey){
- PKIX_ERROR(PKIX_SECKEYEXTRACTPUBLICKEYFAILED);
- }
-
- PKIX_CERT_DEBUG("\t\tCalling CERT_VerifySignedDataWithPublicKey).\n");
-
- PKIX_CHECK(pkix_pl_NssContext_GetWincx
- ((PKIX_PL_NssContext *)plContext, &wincx),
- PKIX_NSSCONTEXTGETWINCXFAILED);
-
- status = CERT_VerifySignedDataWithPublicKey(tbsCert, nssPubKey, wincx);
-
- if (status != SECSuccess) {
- PKIX_ERROR(PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY);
- }
-
- if (certInHash == PKIX_FALSE) {
- cachedSig = PKIX_PL_HashTable_Add
- (cachedCertSigTable,
- (PKIX_PL_Object *) pubKey,
- (PKIX_PL_Object *) cert,
- plContext);
-
- if (cachedSig != NULL) {
- PKIX_DEBUG("PKIX_PL_HashTable_Add skipped: entry existed\n");
- }
- }
-
-cleanup:
- if (nssPubKey){
- PKIX_CERT_DEBUG("\t\tCalling SECKEY_DestroyPublicKey).\n");
- SECKEY_DestroyPublicKey(nssPubKey);
- }
-
- PKIX_DECREF(cachedCert);
- PKIX_DECREF(verifySig);
- PKIX_DECREF(cachedSig);
-
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_CheckValidity (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_CheckValidity(
- PKIX_PL_Cert *cert,
- PKIX_PL_Date *date,
- void *plContext)
-{
- SECCertTimeValidity val;
- PRTime timeToCheck;
- PKIX_Boolean allowOverride;
- SECCertificateUsage requiredUsages;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_CheckValidity");
- PKIX_NULLCHECK_ONE(cert);
-
- /* if the caller supplies a date, we use it; else, use current time */
- if (date != NULL){
- PKIX_CHECK(pkix_pl_Date_GetPRTime
- (date, &timeToCheck, plContext),
- PKIX_DATEGETPRTIMEFAILED);
- } else {
- timeToCheck = PR_Now();
- }
-
- requiredUsages = ((PKIX_PL_NssContext*)plContext)->certificateUsage;
- allowOverride =
- (PRBool)((requiredUsages & certificateUsageSSLServer) ||
- (requiredUsages & certificateUsageSSLServerWithStepUp));
- val = CERT_CheckCertValidTimes(cert->nssCert, timeToCheck, allowOverride);
- if (val != secCertTimeValid){
- PKIX_ERROR(PKIX_CERTCHECKCERTVALIDTIMESFAILED);
- }
-
-cleanup:
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetValidityNotAfter (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetValidityNotAfter(
- PKIX_PL_Cert *cert,
- PKIX_PL_Date **pDate,
- void *plContext)
-{
- PRTime prtime;
- SECStatus rv = SECFailure;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetValidityNotAfter");
- PKIX_NULLCHECK_TWO(cert, pDate);
-
- PKIX_DATE_DEBUG("\t\tCalling DER_DecodeTimeChoice).\n");
- rv = DER_DecodeTimeChoice(&prtime, &(cert->nssCert->validity.notAfter));
- if (rv != SECSuccess){
- PKIX_ERROR(PKIX_DERDECODETIMECHOICEFAILED);
- }
-
- PKIX_CHECK(pkix_pl_Date_CreateFromPRTime
- (prtime, pDate, plContext),
- PKIX_DATECREATEFROMPRTIMEFAILED);
-
-cleanup:
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_VerifyCertAndKeyType (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_VerifyCertAndKeyType(
- PKIX_PL_Cert *cert,
- PKIX_Boolean isChainCert,
- void *plContext)
-{
- PKIX_PL_CertBasicConstraints *basicConstraints = NULL;
- SECCertificateUsage certificateUsage;
- SECCertUsage certUsage = 0;
- unsigned int requiredKeyUsage;
- unsigned int requiredCertType;
- unsigned int certType;
- SECStatus rv = SECSuccess;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_VerifyCertType");
- PKIX_NULLCHECK_TWO(cert, plContext);
-
- certificateUsage = ((PKIX_PL_NssContext*)plContext)->certificateUsage;
-
- /* ensure we obtained a single usage bit only */
- PORT_Assert(!(certificateUsage & (certificateUsage - 1)));
-
- /* convert SECertificateUsage (bit mask) to SECCertUsage (enum) */
- while (0 != (certificateUsage = certificateUsage >> 1)) { certUsage++; }
-
- /* check key usage and netscape cert type */
- cert_GetCertType(cert->nssCert);
- certType = cert->nssCert->nsCertType;
- if (isChainCert ||
- (certUsage != certUsageVerifyCA && certUsage != certUsageAnyCA)) {
- rv = CERT_KeyUsageAndTypeForCertUsage(certUsage, isChainCert,
- &requiredKeyUsage,
- &requiredCertType);
- if (rv == SECFailure) {
- PKIX_ERROR(PKIX_UNSUPPORTEDCERTUSAGE);
- }
- } else {
- /* use this key usage and cert type for certUsageAnyCA and
- * certUsageVerifyCA. */
- requiredKeyUsage = KU_KEY_CERT_SIGN;
- requiredCertType = NS_CERT_TYPE_CA;
- }
- if (CERT_CheckKeyUsage(cert->nssCert, requiredKeyUsage) != SECSuccess) {
- PKIX_ERROR(PKIX_CERTCHECKKEYUSAGEFAILED);
- }
- if (!(certType & requiredCertType)) {
- PKIX_ERROR(PKIX_CERTCHECKCERTTYPEFAILED);
- }
-cleanup:
- PKIX_DECREF(basicConstraints);
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_VerifyKeyUsage (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_VerifyKeyUsage(
- PKIX_PL_Cert *cert,
- PKIX_UInt32 keyUsage,
- void *plContext)
-{
- CERTCertificate *nssCert = NULL;
- PKIX_UInt32 nssKeyUsage = 0;
- SECStatus status;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_VerifyKeyUsage");
- PKIX_NULLCHECK_TWO(cert, cert->nssCert);
-
- nssCert = cert->nssCert;
-
- /* if cert doesn't have keyUsage extension, all keyUsages are valid */
- if (!nssCert->keyUsagePresent){
- goto cleanup;
- }
-
- if (keyUsage & PKIX_DIGITAL_SIGNATURE){
- nssKeyUsage = nssKeyUsage | KU_DIGITAL_SIGNATURE;
- }
-
- if (keyUsage & PKIX_NON_REPUDIATION){
- nssKeyUsage = nssKeyUsage | KU_NON_REPUDIATION;
- }
-
- if (keyUsage & PKIX_KEY_ENCIPHERMENT){
- nssKeyUsage = nssKeyUsage | KU_KEY_ENCIPHERMENT;
- }
-
- if (keyUsage & PKIX_DATA_ENCIPHERMENT){
- nssKeyUsage = nssKeyUsage | KU_DATA_ENCIPHERMENT;
- }
-
- if (keyUsage & PKIX_KEY_AGREEMENT){
- nssKeyUsage = nssKeyUsage | KU_KEY_AGREEMENT;
- }
-
- if (keyUsage & PKIX_KEY_CERT_SIGN){
- nssKeyUsage = nssKeyUsage | KU_KEY_CERT_SIGN;
- }
-
- if (keyUsage & PKIX_CRL_SIGN){
- nssKeyUsage = nssKeyUsage | KU_CRL_SIGN;
- }
-
- if (keyUsage & PKIX_ENCIPHER_ONLY){
- nssKeyUsage = nssKeyUsage | 0x01;
- }
-
- if (keyUsage & PKIX_DECIPHER_ONLY){
- /* XXX we should support this once it is fixed in NSS */
- PKIX_ERROR(PKIX_DECIPHERONLYKEYUSAGENOTSUPPORTED);
- }
-
- status = CERT_CheckKeyUsage(nssCert, nssKeyUsage);
- if (status != SECSuccess) {
- PKIX_ERROR(PKIX_CERTCHECKKEYUSAGEFAILED);
- }
-
-cleanup:
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetNameConstraints
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetNameConstraints(
- PKIX_PL_Cert *cert,
- PKIX_PL_CertNameConstraints **pNameConstraints,
- void *plContext)
-{
- PKIX_PL_CertNameConstraints *nameConstraints = NULL;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetNameConstraints");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pNameConstraints);
-
- /* if we don't have a cached copy from before, we create one */
- if (cert->nameConstraints == NULL && !cert->nameConstraintsAbsent) {
-
- PKIX_OBJECT_LOCK(cert);
-
- if (cert->nameConstraints == NULL &&
- !cert->nameConstraintsAbsent) {
-
- PKIX_CHECK(pkix_pl_CertNameConstraints_Create
- (cert->nssCert, &nameConstraints, plContext),
- PKIX_CERTNAMECONSTRAINTSCREATEFAILED);
-
- if (nameConstraints == NULL) {
- cert->nameConstraintsAbsent = PKIX_TRUE;
- }
-
- cert->nameConstraints = nameConstraints;
- }
-
- PKIX_OBJECT_UNLOCK(cert);
-
- }
-
- PKIX_INCREF(cert->nameConstraints);
-
- *pNameConstraints = cert->nameConstraints;
-
-cleanup:
- PKIX_OBJECT_UNLOCK(lockedObject);
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_CheckNameConstraints
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_CheckNameConstraints(
- PKIX_PL_Cert *cert,
- PKIX_PL_CertNameConstraints *nameConstraints,
- void *plContext)
-{
- PKIX_Boolean checkPass = PKIX_TRUE;
- CERTGeneralName *nssSubjectNames = NULL;
- PLArenaPool *arena = NULL;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_CheckNameConstraints");
- PKIX_NULLCHECK_ONE(cert);
-
- if (nameConstraints != NULL) {
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- /* This NSS call returns both Subject and Subject Alt Names */
- PKIX_CERT_DEBUG("\t\tCalling CERT_GetCertificateNames\n");
- nssSubjectNames = CERT_GetCertificateNames
- (cert->nssCert, arena);
-
- PKIX_CHECK(pkix_pl_CertNameConstraints_CheckNameSpaceNssNames
- (nssSubjectNames,
- nameConstraints,
- &checkPass,
- plContext),
- PKIX_CERTNAMECONSTRAINTSCHECKNAMESPACENSSNAMESFAILED);
-
- if (checkPass != PKIX_TRUE) {
- PKIX_ERROR(PKIX_CERTFAILEDNAMECONSTRAINTSCHECKING);
- }
- }
-
-cleanup:
- if (arena){
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_MergeNameConstraints
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_MergeNameConstraints(
- PKIX_PL_CertNameConstraints *firstNC,
- PKIX_PL_CertNameConstraints *secondNC,
- PKIX_PL_CertNameConstraints **pResultNC,
- void *plContext)
-{
- PKIX_PL_CertNameConstraints *mergedNC = NULL;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_MergeNameConstraints");
- PKIX_NULLCHECK_TWO(firstNC, pResultNC);
-
- if (secondNC == NULL) {
-
- PKIX_INCREF(firstNC);
- *pResultNC = firstNC;
-
- goto cleanup;
- }
-
- PKIX_CHECK(pkix_pl_CertNameConstraints_Merge
- (firstNC, secondNC, &mergedNC, plContext),
- PKIX_CERTNAMECONSTRAINTSMERGEFAILED);
-
- *pResultNC = mergedNC;
-
-cleanup:
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_IsCertTrusted
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_IsCertTrusted(
- PKIX_PL_Cert *cert,
- PKIX_Boolean trustOnlyUserAnchors,
- PKIX_Boolean *pTrusted,
- void *plContext)
-{
- PKIX_CertStore_CheckTrustCallback trustCallback = NULL;
- SECCertUsage certUsage = 0;
- PKIX_Boolean trusted = PKIX_FALSE;
- SECStatus rv = SECFailure;
- unsigned int requiredFlags;
- SECTrustType trustType;
- CERTCertTrust trust;
- CERTCertificate *nssCert = NULL;
- SECCertificateUsage certificateUsage;
-
- PKIX_ENTER(CERT, "pkix_pl_Cert_IsCertTrusted");
- PKIX_NULLCHECK_TWO(cert, pTrusted);
-
- if (trustOnlyUserAnchors) {
- *pTrusted = cert->isUserTrustAnchor;
- goto cleanup;
- }
-
- /* no key usage information and store is not trusted */
- if (plContext == NULL || cert->store == NULL) {
- *pTrusted = PKIX_FALSE;
- goto cleanup;
- }
-
- if (cert->store) {
- PKIX_CHECK(PKIX_CertStore_GetTrustCallback
- (cert->store, &trustCallback, plContext),
- PKIX_CERTSTOREGETTRUSTCALLBACKFAILED);
-
- PKIX_CHECK_ONLY_FATAL(trustCallback
- (cert->store, cert, &trusted, plContext),
- PKIX_CHECKTRUSTCALLBACKFAILED);
-
- if (PKIX_ERROR_RECEIVED || (trusted == PKIX_FALSE)) {
-
- *pTrusted = PKIX_FALSE;
- goto cleanup;
- }
-
- }
-
- certificateUsage = ((PKIX_PL_NssContext*)plContext)->certificateUsage;
-
- /* ensure we obtained a single usage bit only */
- PORT_Assert(!(certificateUsage & (certificateUsage - 1)));
-
- /* convert SECertificateUsage (bit mask) to SECCertUsage (enum) */
- while (0 != (certificateUsage = certificateUsage >> 1)) { certUsage++; }
-
- rv = CERT_TrustFlagsForCACertUsage(certUsage, &requiredFlags, &trustType);
- if (rv != SECSuccess) {
- *pTrusted = PKIX_FALSE;
- goto cleanup;
- }
-
- nssCert = cert->nssCert;
-
- rv = CERT_GetCertTrust(nssCert, &trust);
- if (rv == SECSuccess) {
- unsigned int certFlags;
- certFlags = SEC_GET_TRUST_FLAGS((&trust), trustType);
- if ((certFlags & requiredFlags) == requiredFlags) {
- trusted = PKIX_TRUE;
- }
- }
-
- *pTrusted = trusted;
-
-cleanup:
- PKIX_RETURN(CERT);
-}
-
-/* FUNCTION: PKIX_PL_Cert_SetAsTrustAnchor */
-PKIX_Error*
-PKIX_PL_Cert_SetAsTrustAnchor(PKIX_PL_Cert *cert,
- void *plContext)
-{
- PKIX_ENTER(CERT, "PKIX_PL_Cert_SetAsTrustAnchor");
- PKIX_NULLCHECK_ONE(cert);
-
- cert->isUserTrustAnchor = PKIX_TRUE;
-
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetCacheFlag (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetCacheFlag(
- PKIX_PL_Cert *cert,
- PKIX_Boolean *pCacheFlag,
- void *plContext)
-{
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetCacheFlag");
- PKIX_NULLCHECK_TWO(cert, pCacheFlag);
-
- *pCacheFlag = cert->cacheFlag;
-
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_SetCacheFlag (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_SetCacheFlag(
- PKIX_PL_Cert *cert,
- PKIX_Boolean cacheFlag,
- void *plContext)
-{
- PKIX_ENTER(CERT, "PKIX_PL_Cert_SetCacheFlag");
- PKIX_NULLCHECK_ONE(cert);
-
- cert->cacheFlag = cacheFlag;
-
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetTrustCertStore (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetTrustCertStore(
- PKIX_PL_Cert *cert,
- PKIX_CertStore **pTrustCertStore,
- void *plContext)
-{
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetTrustCertStore");
- PKIX_NULLCHECK_TWO(cert, pTrustCertStore);
-
- PKIX_INCREF(cert->store);
- *pTrustCertStore = cert->store;
-
-cleanup:
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_SetTrustCertStore (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_SetTrustCertStore(
- PKIX_PL_Cert *cert,
- PKIX_CertStore *trustCertStore,
- void *plContext)
-{
- PKIX_ENTER(CERT, "PKIX_PL_Cert_SetTrustCertStore");
- PKIX_NULLCHECK_TWO(cert, trustCertStore);
-
- PKIX_INCREF(trustCertStore);
- cert->store = trustCertStore;
-
-cleanup:
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetAuthorityInfoAccess
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetAuthorityInfoAccess(
- PKIX_PL_Cert *cert,
- PKIX_List **pAiaList, /* of PKIX_PL_InfoAccess */
- void *plContext)
-{
- PKIX_List *aiaList = NULL; /* of PKIX_PL_InfoAccess */
- SECItem *encodedAIA = NULL;
- CERTAuthInfoAccess **aia = NULL;
- PLArenaPool *arena = NULL;
- SECStatus rv;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetAuthorityInfoAccess");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pAiaList);
-
- /* if we don't have a cached copy from before, we create one */
- if (cert->authorityInfoAccess == NULL) {
-
- PKIX_OBJECT_LOCK(cert);
-
- if (cert->authorityInfoAccess == NULL) {
-
- PKIX_PL_NSSCALLRV(CERT, encodedAIA, SECITEM_AllocItem,
- (NULL, NULL, 0));
-
- if (encodedAIA == NULL) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- PKIX_PL_NSSCALLRV(CERT, rv, CERT_FindCertExtension,
- (cert->nssCert,
- SEC_OID_X509_AUTH_INFO_ACCESS,
- encodedAIA));
-
- if (rv == SECFailure) {
- goto cleanup;
- }
-
- PKIX_PL_NSSCALLRV(CERT, arena, PORT_NewArena,
- (DER_DEFAULT_CHUNKSIZE));
-
- if (arena == NULL) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- PKIX_PL_NSSCALLRV
- (CERT, aia, CERT_DecodeAuthInfoAccessExtension,
- (arena, encodedAIA));
-
- PKIX_CHECK(pkix_pl_InfoAccess_CreateList
- (aia, &aiaList, plContext),
- PKIX_INFOACCESSCREATELISTFAILED);
-
- cert->authorityInfoAccess = aiaList;
- }
-
- PKIX_OBJECT_UNLOCK(cert);
- }
-
- PKIX_INCREF(cert->authorityInfoAccess);
-
- *pAiaList = cert->authorityInfoAccess;
-
-cleanup:
- PKIX_OBJECT_UNLOCK(lockedObject);
- if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- if (encodedAIA != NULL) {
- SECITEM_FreeItem(encodedAIA, PR_TRUE);
- }
-
- PKIX_RETURN(CERT);
-}
-
-/* XXX Following defines belongs to NSS */
-static const unsigned char siaOIDString[] = {0x2b, 0x06, 0x01, 0x05, 0x05,
- 0x07, 0x01, 0x0b};
-#define OI(x) { siDEROID, (unsigned char *)x, sizeof x }
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetSubjectInfoAccess
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetSubjectInfoAccess(
- PKIX_PL_Cert *cert,
- PKIX_List **pSiaList, /* of PKIX_PL_InfoAccess */
- void *plContext)
-{
- PKIX_List *siaList; /* of PKIX_PL_InfoAccess */
- SECItem siaOID = OI(siaOIDString);
- SECItem *encodedSubjInfoAccess = NULL;
- CERTAuthInfoAccess **subjInfoAccess = NULL;
- PLArenaPool *arena = NULL;
- SECStatus rv;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubjectInfoAccess");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSiaList);
-
- /* XXX
- * Codes to deal with SubjectInfoAccess OID should be moved to
- * NSS soon. I implemented them here so we don't touch NSS
- * source tree, from JP's suggestion.
- */
-
- /* if we don't have a cached copy from before, we create one */
- if (cert->subjectInfoAccess == NULL) {
-
- PKIX_OBJECT_LOCK(cert);
-
- if (cert->subjectInfoAccess == NULL) {
-
- encodedSubjInfoAccess = SECITEM_AllocItem(NULL, NULL, 0);
- if (encodedSubjInfoAccess == NULL) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- PKIX_CERT_DEBUG
- ("\t\tCalling CERT_FindCertExtensionByOID).\n");
- rv = CERT_FindCertExtensionByOID
- (cert->nssCert, &siaOID, encodedSubjInfoAccess);
-
- if (rv == SECFailure) {
- goto cleanup;
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- /* XXX
- * Decode Subject Information Access -
- * since its type is the same as Authority Information
- * Access, reuse the call. NSS- change name to avoid
- * confusion.
- */
- PKIX_CERT_DEBUG
- ("\t\tCalling CERT_DecodeAuthInfoAccessExtension).\n");
- subjInfoAccess = CERT_DecodeAuthInfoAccessExtension
- (arena, encodedSubjInfoAccess);
-
- PKIX_CHECK(pkix_pl_InfoAccess_CreateList
- (subjInfoAccess, &siaList, plContext),
- PKIX_INFOACCESSCREATELISTFAILED);
-
- cert->subjectInfoAccess = siaList;
-
- }
-
- PKIX_OBJECT_UNLOCK(cert);
- }
-
- PKIX_INCREF(cert->subjectInfoAccess);
- *pSiaList = cert->subjectInfoAccess;
-
-cleanup:
- PKIX_OBJECT_UNLOCK(lockedObject);
- if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- if (encodedSubjInfoAccess != NULL) {
- SECITEM_FreeItem(encodedSubjInfoAccess, PR_TRUE);
- }
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetCrlDp
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetCrlDp(
- PKIX_PL_Cert *cert,
- PKIX_List **pDpList,
- void *plContext)
-{
- PKIX_UInt32 dpIndex = 0;
- pkix_pl_CrlDp *dp = NULL;
- CERTCrlDistributionPoints *dpoints = NULL;
-
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetCrlDp");
- PKIX_NULLCHECK_THREE(cert, cert->nssCert, pDpList);
-
- /* if we don't have a cached copy from before, we create one */
- if (cert->crldpList == NULL) {
- PKIX_OBJECT_LOCK(cert);
- if (cert->crldpList != NULL) {
- goto cleanup;
- }
- PKIX_CHECK(PKIX_List_Create(&cert->crldpList, plContext),
- PKIX_LISTCREATEFAILED);
- dpoints = CERT_FindCRLDistributionPoints(cert->nssCert);
- if (!dpoints || !dpoints->distPoints) {
- goto cleanup;
- }
- for (;dpoints->distPoints[dpIndex];dpIndex++) {
- PKIX_CHECK(
- pkix_pl_CrlDp_Create(dpoints->distPoints[dpIndex],
- &cert->nssCert->issuer,
- &dp, plContext),
- PKIX_CRLDPCREATEFAILED);
- /* Create crldp list in reverse order in attempt to get
- * to the whole crl first. */
- PKIX_CHECK(
- PKIX_List_InsertItem(cert->crldpList, 0,
- (PKIX_PL_Object*)dp,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- PKIX_DECREF(dp);
- }
- }
-cleanup:
- PKIX_INCREF(cert->crldpList);
- *pDpList = cert->crldpList;
-
- PKIX_OBJECT_UNLOCK(lockedObject);
- PKIX_DECREF(dp);
-
- PKIX_RETURN(CERT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Cert_GetCERTCertificate
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Cert_GetCERTCertificate(
- PKIX_PL_Cert *cert,
- CERTCertificate **pnssCert,
- void *plContext)
-{
- PKIX_ENTER(CERT, "PKIX_PL_Cert_GetNssCert");
- PKIX_NULLCHECK_TWO(cert, pnssCert);
-
- *pnssCert = CERT_DupCertificate(cert->nssCert);
-
- PKIX_RETURN(CERT);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.h
deleted file mode 100644
index a5b8861cc..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.h
+++ /dev/null
@@ -1,137 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_cert.h
- *
- * Certificate Object Definitions
- *
- */
-
-#ifndef _PKIX_PL_CERT_H
-#define _PKIX_PL_CERT_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_CertStruct {
- CERTCertificate *nssCert;
- CERTGeneralName *nssSubjAltNames;
- PLArenaPool *arenaNameConstraints;
- PKIX_PL_X500Name *issuer;
- PKIX_PL_X500Name *subject;
- PKIX_List *subjAltNames;
- PKIX_Boolean subjAltNamesAbsent;
- PKIX_PL_OID *publicKeyAlgId;
- PKIX_PL_PublicKey *publicKey;
- PKIX_PL_BigInt *serialNumber;
- PKIX_List *critExtOids;
- PKIX_PL_ByteArray *subjKeyId;
- PKIX_Boolean subjKeyIdAbsent;
- PKIX_PL_ByteArray *authKeyId;
- PKIX_Boolean authKeyIdAbsent;
- PKIX_List *extKeyUsages;
- PKIX_Boolean extKeyUsagesAbsent;
- PKIX_PL_CertBasicConstraints *certBasicConstraints;
- PKIX_Boolean basicConstraintsAbsent;
- PKIX_List *certPolicyInfos;
- PKIX_Boolean policyInfoAbsent;
- PKIX_Boolean policyMappingsAbsent;
- PKIX_List *certPolicyMappings; /* List of PKIX_PL_CertPolicyMap */
- PKIX_Boolean policyConstraintsProcessed;
- PKIX_Int32 policyConstraintsExplicitPolicySkipCerts;
- PKIX_Int32 policyConstraintsInhibitMappingSkipCerts;
- PKIX_Boolean inhibitAnyPolicyProcessed;
- PKIX_Int32 inhibitAnySkipCerts;
- PKIX_PL_CertNameConstraints *nameConstraints;
- PKIX_Boolean nameConstraintsAbsent;
- PKIX_Boolean cacheFlag;
- PKIX_CertStore *store;
- PKIX_List *authorityInfoAccess; /* list of PKIX_PL_InfoAccess */
- PKIX_List *subjectInfoAccess; /* list of PKIX_PL_InfoAccess */
- PKIX_Boolean isUserTrustAnchor;
- PKIX_List *crldpList; /* list of CRL DPs based on der in nssCert arena.
- * Destruction is needed for pkix object and
- * not for undelying der as it is a part
- * nssCert arena. */
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *
-pkix_pl_Cert_RegisterSelf(void *plContext);
-
-PKIX_Error *
-pkix_pl_Cert_CreateWithNSSCert(
- CERTCertificate *nssCert,
- PKIX_PL_Cert **pCert,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_Cert_CreateToList(
- SECItem *derCertItem,
- PKIX_List *certList,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_Cert_CheckSubjectAltNameConstraints(
- PKIX_PL_Cert *cert,
- PKIX_PL_CertNameConstraints *nameConstraints,
- PKIX_Boolean matchAll,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_Cert_ToString_Helper(
- PKIX_PL_Cert *cert,
- PKIX_Boolean partialString,
- PKIX_PL_String **pString,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_Cert_CheckExtendedKeyUsage(
- PKIX_PL_Cert *cert,
- PKIX_UInt32 requiredExtendedKeyUsages,
- PKIX_Boolean *pPass,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_CERT_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.c
deleted file mode 100644
index 97f5e934e..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.c
+++ /dev/null
@@ -1,404 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_certpolicyinfo.c
- *
- * CertPolicyInfo Type Functions
- *
- */
-
-#include "pkix_pl_certpolicyinfo.h"
-
-/*
- * FUNCTION: pkix_pl_CertPolicyInfo_Create
- * DESCRIPTION:
- *
- * Creates a new CertPolicyInfo Object using the OID pointed to by "oid" and
- * the List of CertPolicyQualifiers pointed to by "qualifiers", and stores it
- * at "pObject". If a non-NULL list is provided, the caller is expected to
- * have already set it to be immutable. The caller may provide an empty List,
- * but a NULL List is preferable so a user does not need to call
- * List_GetLength to get the number of qualifiers.
- *
- * PARAMETERS
- * "oid"
- * OID of the desired PolicyInfo ID; must be non-NULL
- * "qualifiers"
- * List of CertPolicyQualifiers; may be NULL or empty
- * "pObject"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_CertPolicyInfo_Create(
- PKIX_PL_OID *oid,
- PKIX_List *qualifiers,
- PKIX_PL_CertPolicyInfo **pObject,
- void *plContext)
-{
- PKIX_PL_CertPolicyInfo *policyInfo = NULL;
-
- PKIX_ENTER(CERTPOLICYINFO, "pkix_pl_CertPolicyInfo_Create");
-
- PKIX_NULLCHECK_TWO(oid, pObject);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_CERTPOLICYINFO_TYPE,
- sizeof (PKIX_PL_CertPolicyInfo),
- (PKIX_PL_Object **)&policyInfo,
- plContext),
- PKIX_COULDNOTCREATECERTPOLICYINFOOBJECT);
-
- PKIX_INCREF(oid);
- policyInfo->cpID = oid;
-
- PKIX_INCREF(qualifiers);
- policyInfo->policyQualifiers = qualifiers;
-
- *pObject = policyInfo;
- policyInfo = NULL;
-
-cleanup:
- PKIX_DECREF(policyInfo);
-
- PKIX_RETURN(CERTPOLICYINFO);
-}
-
-/*
- * FUNCTION: pkix_pl_CertPolicyInfo_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertPolicyInfo_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_CertPolicyInfo *certPI = NULL;
-
- PKIX_ENTER(CERTPOLICYINFO, "pkix_pl_CertPolicyInfo_Destroy");
-
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYINFO_TYPE, plContext),
- PKIX_OBJECTNOTCERTPOLICYINFO);
-
- certPI = (PKIX_PL_CertPolicyInfo*)object;
-
- PKIX_DECREF(certPI->cpID);
- PKIX_DECREF(certPI->policyQualifiers);
-
-cleanup:
-
- PKIX_RETURN(CERTPOLICYINFO);
-}
-
-/*
- * FUNCTION: pkix_pl_CertPolicyInfo_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertPolicyInfo_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_CertPolicyInfo *certPI = NULL;
- PKIX_PL_String *oidString = NULL;
- PKIX_PL_String *listString = NULL;
- PKIX_PL_String *format = NULL;
- PKIX_PL_String *outString = NULL;
-
- PKIX_ENTER(CERTPOLICYINFO, "pkix_pl_CertPolicyInfo_ToString");
-
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYINFO_TYPE, plContext),
- PKIX_OBJECTNOTCERTPOLICYINFO);
-
- certPI = (PKIX_PL_CertPolicyInfo *)object;
-
- PKIX_NULLCHECK_ONE(certPI->cpID);
-
- PKIX_TOSTRING
- (certPI->cpID,
- &oidString,
- plContext,
- PKIX_OIDTOSTRINGFAILED);
-
- PKIX_TOSTRING
- (certPI->policyQualifiers,
- &listString,
- plContext,
- PKIX_LISTTOSTRINGFAILED);
-
- /* Put them together in the form OID[Qualifiers] */
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, "%s[%s]", 0, &format, plContext),
- PKIX_ERRORINSTRINGCREATE);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&outString, plContext, format, oidString, listString),
- PKIX_ERRORINSPRINTF);
-
- *pString = outString;
-
-cleanup:
-
- PKIX_DECREF(oidString);
- PKIX_DECREF(listString);
- PKIX_DECREF(format);
- PKIX_RETURN(CERTPOLICYINFO);
-}
-
-/*
- * FUNCTION: pkix_pl_CertPolicyInfo_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertPolicyInfo_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_PL_CertPolicyInfo *certPI = NULL;
- PKIX_UInt32 oidHash = 0;
- PKIX_UInt32 listHash = 0;
-
- PKIX_ENTER(CERTPOLICYINFO, "pkix_pl_CertPolicyInfo_Hashcode");
-
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYINFO_TYPE, plContext),
- PKIX_OBJECTNOTCERTPOLICYINFO);
-
- certPI = (PKIX_PL_CertPolicyInfo *)object;
-
- PKIX_NULLCHECK_ONE(certPI->cpID);
-
- PKIX_HASHCODE
- (certPI->cpID,
- &oidHash,
- plContext,
- PKIX_ERRORINOIDHASHCODE);
-
- PKIX_HASHCODE
- (certPI->policyQualifiers,
- &listHash,
- plContext,
- PKIX_ERRORINLISTHASHCODE);
-
- *pHashcode = (31 * oidHash) + listHash;
-
-cleanup:
-
- PKIX_RETURN(CERTPOLICYINFO);
-}
-
-
-/*
- * FUNCTION: pkix_pl_CertPolicyInfo_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertPolicyInfo_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PL_CertPolicyInfo *firstCPI = NULL;
- PKIX_PL_CertPolicyInfo *secondCPI = NULL;
- PKIX_UInt32 secondType = 0;
- PKIX_Boolean compare = PKIX_FALSE;
-
- PKIX_ENTER(CERTPOLICYINFO, "pkix_pl_CertPolicyInfo_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- /* test that firstObject is a CertPolicyInfo */
- PKIX_CHECK(pkix_CheckType
- (firstObject, PKIX_CERTPOLICYINFO_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTCERTPOLICYINFO);
-
- /*
- * Since we know firstObject is a CertPolicyInfo,
- * if both references are identical, they must be equal
- */
- if (firstObject == secondObject){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If secondObject isn't a CertPolicyInfo, we
- * don't throw an error. We simply return FALSE.
- */
- PKIX_CHECK(PKIX_PL_Object_GetType
- (secondObject, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
- if (secondType != PKIX_CERTPOLICYINFO_TYPE) {
- *pResult = PKIX_FALSE;
- goto cleanup;
- }
-
- firstCPI = (PKIX_PL_CertPolicyInfo *)firstObject;
- secondCPI = (PKIX_PL_CertPolicyInfo *)secondObject;
-
- /*
- * Compare the value of the OID components
- */
-
- PKIX_NULLCHECK_TWO(firstCPI->cpID, secondCPI->cpID);
-
- PKIX_EQUALS
- (firstCPI->cpID,
- secondCPI->cpID,
- &compare,
- plContext,
- PKIX_OIDEQUALSFAILED);
-
- /*
- * If the OIDs did not match, we don't need to
- * compare the Lists. If the OIDs did match,
- * the return value is the value of the
- * List comparison.
- */
- if (compare) {
- PKIX_EQUALS
- (firstCPI->policyQualifiers,
- secondCPI->policyQualifiers,
- &compare,
- plContext,
- PKIX_LISTEQUALSFAILED);
- }
-
- *pResult = compare;
-
-cleanup:
-
- PKIX_RETURN(CERTPOLICYINFO);
-}
-
-/*
- * FUNCTION: pkix_pl_CertPolicyInfo_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_CERTPOLICYINFO_TYPE and its related
- * functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize,
- * which should only be called once, it is acceptable that
- * this function is not thread-safe.
- */
-PKIX_Error *
-pkix_pl_CertPolicyInfo_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(CERTPOLICYINFO, "pkix_pl_CertPolicyInfo_RegisterSelf");
-
- entry.description = "CertPolicyInfo";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_CertPolicyInfo);
- entry.destructor = pkix_pl_CertPolicyInfo_Destroy;
- entry.equalsFunction = pkix_pl_CertPolicyInfo_Equals;
- entry.hashcodeFunction = pkix_pl_CertPolicyInfo_Hashcode;
- entry.toStringFunction = pkix_pl_CertPolicyInfo_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
-
- systemClasses[PKIX_CERTPOLICYINFO_TYPE] = entry;
-
- PKIX_RETURN(CERTPOLICYINFO);
-}
-
-/* --Public-CertPolicyInfo-Functions------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_CertPolicyInfo_GetPolicyId
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_CertPolicyInfo_GetPolicyId(
- PKIX_PL_CertPolicyInfo *policyInfo,
- PKIX_PL_OID **pPolicyId,
- void *plContext)
-{
- PKIX_ENTER(CERTPOLICYINFO, "PKIX_PL_CertPolicyInfo_GetPolicyId");
-
- PKIX_NULLCHECK_TWO(policyInfo, pPolicyId);
-
- PKIX_INCREF(policyInfo->cpID);
-
- *pPolicyId = policyInfo->cpID;
-
-cleanup:
- PKIX_RETURN(CERTPOLICYINFO);
-}
-
-/*
- * FUNCTION: PKIX_PL_CertPolicyInfo_GetPolQualifiers
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_CertPolicyInfo_GetPolQualifiers(
- PKIX_PL_CertPolicyInfo *policyInfo,
- PKIX_List **pQuals,
- void *plContext)
-{
- PKIX_ENTER(CERTPOLICYINFO, "PKIX_PL_CertPolicyInfo_GetPolQualifiers");
-
- PKIX_NULLCHECK_TWO(policyInfo, pQuals);
-
- PKIX_INCREF(policyInfo->policyQualifiers);
-
- /*
- * This List is created in PKIX_PL_Cert_DecodePolicyInfo
- * and is set immutable immediately after being created.
- */
- *pQuals = policyInfo->policyQualifiers;
-
-cleanup:
- PKIX_RETURN(CERTPOLICYINFO);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.h
deleted file mode 100644
index 2110514d6..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_certpolicyinfo.h
- *
- * PolicyInfo Type Definitions
- *
- */
-
-#ifndef _PKIX_PL_POLICYINFO_H
-#define _PKIX_PL_POLICYINFO_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * This structure reflects the contents of the policy info extension as
- * described in Section 4.2.1.5 of RFC3280.
- *
- * PolicyInformation ::= SEQUENCE {
- * policyIdentifier CertPolicyId,
- * PolicyQualifiers SEQUENCE SIZE (1..MAX) OF
- * PolicyQualifierInfo OPTIONAL }
- *
- */
-struct PKIX_PL_CertPolicyInfoStruct {
- PKIX_PL_OID *cpID;
- PKIX_List *policyQualifiers; /* LIST of PKIX_PL_CertPolicyQualifier */
-};
-
-PKIX_Error *
-pkix_pl_CertPolicyInfo_Create(
- PKIX_PL_OID *oid,
- PKIX_List *qualifiers,
- PKIX_PL_CertPolicyInfo **pObject,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_CertPolicyInfo_RegisterSelf(
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_POLICYINFO_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicymap.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicymap.c
deleted file mode 100644
index d7705f5a0..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicymap.c
+++ /dev/null
@@ -1,419 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_certpolicymap.c
- *
- * CertPolicyMap Type Functions
- *
- */
-
-#include "pkix_pl_certpolicymap.h"
-
-/*
- * FUNCTION: pkix_pl_CertPolicyMap_Create
- * DESCRIPTION:
- *
- * Creates a new CertPolicyMap Object pairing the OID given by
- * "issuerDomainPolicy" with the OID given by "subjectDomainPolicy", and
- * stores the result at "pCertPolicyMap".
- *
- * PARAMETERS
- * "issuerDomainPolicy"
- * Address of the OID of the IssuerDomainPolicy. Must be non-NULL.
- * "subjectDomainPolicy"
- * Address of the OID of the SubjectDomainPolicy. Must be non-NULL.
- * "pCertPolicyMap"
- * Address where CertPolicyMap pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CertPolicyMap Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_CertPolicyMap_Create(
- PKIX_PL_OID *issuerDomainPolicy,
- PKIX_PL_OID *subjectDomainPolicy,
- PKIX_PL_CertPolicyMap **pCertPolicyMap,
- void *plContext)
-{
- PKIX_PL_CertPolicyMap *policyMap = NULL;
-
- PKIX_ENTER(CERTPOLICYMAP, "pkix_pl_CertPolicyMap_Create");
-
- PKIX_NULLCHECK_THREE
- (issuerDomainPolicy, subjectDomainPolicy, pCertPolicyMap);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_CERTPOLICYMAP_TYPE,
- sizeof (PKIX_PL_CertPolicyMap),
- (PKIX_PL_Object **)&policyMap,
- plContext),
- PKIX_COULDNOTCREATECERTPOLICYMAPOBJECT);
-
- PKIX_INCREF(issuerDomainPolicy);
- policyMap->issuerDomainPolicy = issuerDomainPolicy;
-
- PKIX_INCREF(subjectDomainPolicy);
- policyMap->subjectDomainPolicy = subjectDomainPolicy;
-
- *pCertPolicyMap = policyMap;
- policyMap = NULL;
-
-cleanup:
- PKIX_DECREF(policyMap);
-
- PKIX_RETURN(CERTPOLICYMAP);
-}
-
-/*
- * FUNCTION: pkix_pl_CertPolicyMap_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertPolicyMap_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_CertPolicyMap *certMap = NULL;
-
- PKIX_ENTER(CERTPOLICYMAP, "pkix_pl_CertPolicyMap_Destroy");
-
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYMAP_TYPE, plContext),
- PKIX_OBJECTNOTCERTPOLICYMAP);
-
- certMap = (PKIX_PL_CertPolicyMap*)object;
-
- PKIX_DECREF(certMap->issuerDomainPolicy);
- PKIX_DECREF(certMap->subjectDomainPolicy);
-
-cleanup:
-
- PKIX_RETURN(CERTPOLICYMAP);
-}
-
-/*
- * FUNCTION: pkix_pl_CertPolicyMap_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertPolicyMap_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_CertPolicyMap *certMap = NULL;
- PKIX_PL_String *format = NULL;
- PKIX_PL_String *outString = NULL;
- PKIX_PL_String *issuerString = NULL;
- PKIX_PL_String *subjectString = NULL;
-
- PKIX_ENTER(CERTPOLICYMAP, "pkix_pl_CertPolicyMap_ToString");
-
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYMAP_TYPE, plContext),
- PKIX_OBJECTNOTCERTPOLICYMAP);
-
- certMap = (PKIX_PL_CertPolicyMap *)object;
-
- PKIX_TOSTRING
- (certMap->issuerDomainPolicy,
- &issuerString,
- plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- PKIX_TOSTRING
- (certMap->subjectDomainPolicy,
- &subjectString,
- plContext,
- PKIX_OBJECTTOSTRINGFAILED);
-
- /* Put them together in the form issuerPolicy=>subjectPolicy */
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, "%s=>%s", 0, &format, plContext),
- PKIX_ERRORINSTRINGCREATE);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&outString, plContext, format, issuerString, subjectString),
- PKIX_ERRORINSPRINTF);
-
- *pString = outString;
-
-cleanup:
- PKIX_DECREF(format);
- PKIX_DECREF(issuerString);
- PKIX_DECREF(subjectString);
-
- PKIX_RETURN(CERTPOLICYMAP);
-}
-
-/*
- * FUNCTION: pkix_pl_CertPolicyMap_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertPolicyMap_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_UInt32 issuerHash = 0;
- PKIX_UInt32 subjectHash = 0;
- PKIX_PL_CertPolicyMap *certMap = NULL;
-
- PKIX_ENTER(CERTPOLICYMAP, "pkix_pl_CertPolicyMap_Hashcode");
-
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYMAP_TYPE, plContext),
- PKIX_OBJECTNOTCERTPOLICYMAP);
-
- certMap = (PKIX_PL_CertPolicyMap *)object;
-
- PKIX_HASHCODE
- (certMap->issuerDomainPolicy,
- &issuerHash,
- plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- PKIX_HASHCODE
- (certMap->subjectDomainPolicy,
- &subjectHash,
- plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- *pHashcode = issuerHash*31 + subjectHash;
-
-cleanup:
-
- PKIX_RETURN(CERTPOLICYMAP);
-}
-
-/*
- * FUNCTION: pkix_pl_CertPolicyMap_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertPolicyMap_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PL_CertPolicyMap *firstCertMap = NULL;
- PKIX_PL_CertPolicyMap *secondCertMap = NULL;
- PKIX_UInt32 secondType = 0;
- PKIX_Boolean compare = PKIX_FALSE;
-
- PKIX_ENTER(CERTPOLICYMAP, "pkix_pl_CertPolicyMap_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- /* test that firstObject is a CertPolicyMap */
- PKIX_CHECK(pkix_CheckType
- (firstObject, PKIX_CERTPOLICYMAP_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTCERTPOLICYMAP);
-
- /*
- * Since we know firstObject is a CertPolicyMap,
- * if both references are identical, they must be equal
- */
- if (firstObject == secondObject){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If secondObject isn't a CertPolicyMap, we
- * don't throw an error. We simply return FALSE.
- */
- PKIX_CHECK(PKIX_PL_Object_GetType
- (secondObject, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
- if (secondType != PKIX_CERTPOLICYMAP_TYPE) {
- *pResult = PKIX_FALSE;
- goto cleanup;
- }
-
- firstCertMap = (PKIX_PL_CertPolicyMap *)firstObject;
- secondCertMap = (PKIX_PL_CertPolicyMap *)secondObject;
-
- PKIX_EQUALS
- (firstCertMap->issuerDomainPolicy,
- secondCertMap->issuerDomainPolicy,
- &compare,
- plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- if (compare) {
- PKIX_EQUALS
- (firstCertMap->subjectDomainPolicy,
- secondCertMap->subjectDomainPolicy,
- &compare,
- plContext,
- PKIX_OBJECTEQUALSFAILED);
- }
-
- *pResult = compare;
-
-cleanup:
-
- PKIX_RETURN(CERTPOLICYMAP);
-}
-
-/*
- * FUNCTION: pkix_pl_CertPolicyMap_Duplicate
- * (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertPolicyMap_Duplicate(
- PKIX_PL_Object *object,
- PKIX_PL_Object **pNewObject,
- void *plContext)
-{
- PKIX_PL_CertPolicyMap *original = NULL;
- PKIX_PL_CertPolicyMap *copy = NULL;
-
- PKIX_ENTER(CERTPOLICYMAP, "pkix_pl_CertPolicyMap_Duplicate");
-
- PKIX_NULLCHECK_TWO(object, pNewObject);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_CERTPOLICYMAP_TYPE, plContext),
- PKIX_OBJECTARGUMENTNOTPOLICYMAP);
-
- original = (PKIX_PL_CertPolicyMap *)object;
-
- PKIX_CHECK(pkix_pl_CertPolicyMap_Create
- (original->issuerDomainPolicy,
- original->subjectDomainPolicy,
- &copy,
- plContext),
- PKIX_CERTPOLICYMAPCREATEFAILED);
-
- *pNewObject = (PKIX_PL_Object *)copy;
-
-cleanup:
-
- PKIX_RETURN(CERTPOLICYMAP);
-}
-
-/*
- * FUNCTION: pkix_pl_CertPolicyMap_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_CERTPOLICYMAP_TYPE and its related
- * functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize,
- * which should only be called once, it is acceptable that
- * this function is not thread-safe.
- */
-PKIX_Error *
-pkix_pl_CertPolicyMap_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(CERTPOLICYMAP, "pkix_pl_CertPolicyMap_RegisterSelf");
-
- entry.description = "CertPolicyMap";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_CertPolicyMap);
- entry.destructor = pkix_pl_CertPolicyMap_Destroy;
- entry.equalsFunction = pkix_pl_CertPolicyMap_Equals;
- entry.hashcodeFunction = pkix_pl_CertPolicyMap_Hashcode;
- entry.toStringFunction = pkix_pl_CertPolicyMap_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_pl_CertPolicyMap_Duplicate;
-
- systemClasses[PKIX_CERTPOLICYMAP_TYPE] = entry;
-
- PKIX_RETURN(CERTPOLICYMAP);
-}
-
-/* --Public-CertPolicyMap-Functions------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(
- PKIX_PL_CertPolicyMap *policyMapping,
- PKIX_PL_OID **pIssuerDomainPolicy,
- void *plContext)
-{
- PKIX_ENTER
- (CERTPOLICYMAP, "PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy");
-
- PKIX_NULLCHECK_TWO(policyMapping, pIssuerDomainPolicy);
-
- PKIX_INCREF(policyMapping->issuerDomainPolicy);
- *pIssuerDomainPolicy = policyMapping->issuerDomainPolicy;
-
-cleanup:
- PKIX_RETURN(CERTPOLICYMAP);
-}
-
-/*
- * FUNCTION: PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy(
- PKIX_PL_CertPolicyMap *policyMapping,
- PKIX_PL_OID **pSubjectDomainPolicy,
- void *plContext)
-{
- PKIX_ENTER
- (CERTPOLICYMAP, "PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy");
-
- PKIX_NULLCHECK_TWO(policyMapping, pSubjectDomainPolicy);
-
- PKIX_INCREF(policyMapping->subjectDomainPolicy);
- *pSubjectDomainPolicy = policyMapping->subjectDomainPolicy;
-
-cleanup:
- PKIX_RETURN(CERTPOLICYMAP);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicymap.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicymap.h
deleted file mode 100644
index 9a84089ea..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicymap.h
+++ /dev/null
@@ -1,82 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_certpolicymap.h
- *
- * CertPolicyMap Object Definitions
- *
- */
-
-#ifndef _PKIX_PL_CERTPOLICYMAP_H
-#define _PKIX_PL_CERTPOLICYMAP_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * This structure reflects the contents of the policy mapping extension as
- * described in Section 4.2.1.6 of RFC3280.
- *
- * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
- * issuerDomainPolicy CertPolicyId,
- * subjectDomainPolicy CertPolicyId }
- *
- */
-struct PKIX_PL_CertPolicyMapStruct {
- PKIX_PL_OID *issuerDomainPolicy;
- PKIX_PL_OID *subjectDomainPolicy;
-};
-
-PKIX_Error *
-pkix_pl_CertPolicyMap_Create(
- PKIX_PL_OID *issuerDomainPolicy,
- PKIX_PL_OID *subjectDomainPolicy,
- PKIX_PL_CertPolicyMap **pObject,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_CertPolicyMap_RegisterSelf(
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_CERTPOLICYMAP_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.c
deleted file mode 100644
index a2ebc99aa..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.c
+++ /dev/null
@@ -1,398 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_certpolicyqualifier.c
- *
- * CertPolicyQualifier Type Functions
- *
- */
-
-#include "pkix_pl_certpolicyqualifier.h"
-
-/*
- * FUNCTION: pkix_pl_CertPolicyQualifier_Create
- * DESCRIPTION:
- *
- * Creates a CertPolicyQualifier object with the OID given by "oid"
- * and the ByteArray given by "qualifier", and stores it at "pObject".
- *
- * PARAMETERS
- * "oid"
- * Address of OID of the desired policyQualifierId; must be non-NULL
- * "qualifier"
- * Address of ByteArray with the desired value of the qualifier;
- * must be non-NULL
- * "pObject"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_CertPolicyQualifier_Create(
- PKIX_PL_OID *oid,
- PKIX_PL_ByteArray *qualifier,
- PKIX_PL_CertPolicyQualifier **pObject,
- void *plContext)
-{
- PKIX_PL_CertPolicyQualifier *qual = NULL;
-
- PKIX_ENTER(CERTPOLICYQUALIFIER, "pkix_pl_CertPolicyQualifier_Create");
-
- PKIX_NULLCHECK_THREE(oid, qualifier, pObject);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_CERTPOLICYQUALIFIER_TYPE,
- sizeof (PKIX_PL_CertPolicyQualifier),
- (PKIX_PL_Object **)&qual,
- plContext),
- PKIX_COULDNOTCREATECERTPOLICYQUALIFIEROBJECT);
-
- PKIX_INCREF(oid);
- qual->policyQualifierId = oid;
-
- PKIX_INCREF(qualifier);
- qual->qualifier = qualifier;
-
- *pObject = qual;
- qual = NULL;
-
-cleanup:
- PKIX_DECREF(qual);
-
- PKIX_RETURN(CERTPOLICYQUALIFIER);
-}
-
-/*
- * FUNCTION: pkix_pl_CertPolicyQualifier_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertPolicyQualifier_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_CertPolicyQualifier *certPQ = NULL;
-
- PKIX_ENTER(CERTPOLICYQUALIFIER, "pkix_pl_CertPolicyQualifier_Destroy");
-
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_CERTPOLICYQUALIFIER_TYPE, plContext),
- PKIX_OBJECTNOTCERTPOLICYQUALIFIER);
-
- certPQ = (PKIX_PL_CertPolicyQualifier*)object;
-
- PKIX_DECREF(certPQ->policyQualifierId);
- PKIX_DECREF(certPQ->qualifier);
-
-cleanup:
-
- PKIX_RETURN(CERTPOLICYQUALIFIER);
-}
-
-/*
- * FUNCTION: pkix_pl_CertPolicyQualifier_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertPolicyQualifier_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_CertPolicyQualifier *certPQ = NULL;
- char *asciiFormat = "%s:%s";
- PKIX_PL_String *formatString = NULL;
- PKIX_PL_String *pqIDString = NULL;
- PKIX_PL_String *pqValString = NULL;
- PKIX_PL_String *outString = NULL;
-
- PKIX_ENTER(CERTPOLICYQUALIFIER, "pkix_pl_CertPolicyQualifier_ToString");
-
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_CERTPOLICYQUALIFIER_TYPE, plContext),
- PKIX_OBJECTNOTCERTPOLICYQUALIFIER);
-
- certPQ = (PKIX_PL_CertPolicyQualifier *)object;
-
- /*
- * The policyQualifierId is required. If there is no qualifier,
- * we should have a ByteArray of zero length.
- */
- PKIX_NULLCHECK_TWO(certPQ->policyQualifierId, certPQ->qualifier);
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext),
- PKIX_STRINGCREATEFAILED);
-
- PKIX_TOSTRING(certPQ->policyQualifierId, &pqIDString, plContext,
- PKIX_OIDTOSTRINGFAILED);
-
- PKIX_CHECK(pkix_pl_ByteArray_ToHexString
- (certPQ->qualifier, &pqValString, plContext),
- PKIX_BYTEARRAYTOHEXSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&outString, plContext, formatString, pqIDString, pqValString),
- PKIX_SPRINTFFAILED);
-
- *pString = outString;
-
-cleanup:
-
- PKIX_DECREF(formatString);
- PKIX_DECREF(pqIDString);
- PKIX_DECREF(pqValString);
- PKIX_RETURN(CERTPOLICYQUALIFIER);
-}
-
-/*
- * FUNCTION: pkix_pl_CertPolicyQualifier_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertPolicyQualifier_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_PL_CertPolicyQualifier *certPQ = NULL;
- PKIX_UInt32 cpidHash = 0;
- PKIX_UInt32 cpqHash = 0;
-
- PKIX_ENTER(CERTPOLICYQUALIFIER, "pkix_pl_CertPolicyQualifier_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_CERTPOLICYQUALIFIER_TYPE, plContext),
- PKIX_OBJECTNOTCERTPOLICYQUALIFIER);
-
- certPQ = (PKIX_PL_CertPolicyQualifier *)object;
-
- PKIX_NULLCHECK_TWO(certPQ->policyQualifierId, certPQ->qualifier);
-
- PKIX_HASHCODE(certPQ->policyQualifierId, &cpidHash, plContext,
- PKIX_ERRORINOIDHASHCODE);
-
- PKIX_HASHCODE(certPQ->qualifier, &cpqHash, plContext,
- PKIX_ERRORINBYTEARRAYHASHCODE);
-
- *pHashcode = cpidHash*31 + cpqHash;
-
-cleanup:
-
- PKIX_RETURN(CERTPOLICYQUALIFIER);
-}
-
-
-/*
- * FUNCTION: pkix_pl_CertPolicyQualifier_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertPolicyQualifier_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PL_CertPolicyQualifier *firstCPQ = NULL;
- PKIX_PL_CertPolicyQualifier *secondCPQ = NULL;
- PKIX_UInt32 secondType = 0;
- PKIX_Boolean compare = PKIX_FALSE;
-
- PKIX_ENTER(CERTPOLICYQUALIFIER, "pkix_pl_CertPolicyQualifier_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- /* test that firstObject is a CertPolicyQualifier */
- PKIX_CHECK(pkix_CheckType
- (firstObject, PKIX_CERTPOLICYQUALIFIER_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTCERTPOLICYQUALIFIER);
-
- /*
- * Since we know firstObject is a CertPolicyQualifier,
- * if both references are identical, they must be equal
- */
- if (firstObject == secondObject){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If secondObject isn't a CertPolicyQualifier, we
- * don't throw an error. We simply return FALSE.
- */
- PKIX_CHECK(PKIX_PL_Object_GetType
- (secondObject, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
- if (secondType != PKIX_CERTPOLICYQUALIFIER_TYPE) {
- *pResult = PKIX_FALSE;
- goto cleanup;
- }
-
- firstCPQ = (PKIX_PL_CertPolicyQualifier *)firstObject;
- secondCPQ = (PKIX_PL_CertPolicyQualifier *)secondObject;
-
- /*
- * Compare the value of the OID components
- */
-
- PKIX_NULLCHECK_TWO
- (firstCPQ->policyQualifierId, secondCPQ->policyQualifierId);
-
- PKIX_EQUALS
- (firstCPQ->policyQualifierId,
- secondCPQ->policyQualifierId,
- &compare,
- plContext,
- PKIX_OIDEQUALSFAILED);
-
- /*
- * If the OIDs did not match, we don't need to
- * compare the ByteArrays. If the OIDs did match,
- * the return value is the value of the
- * ByteArray comparison.
- */
- if (compare) {
- PKIX_NULLCHECK_TWO(firstCPQ->qualifier, secondCPQ->qualifier);
-
- PKIX_EQUALS
- (firstCPQ->qualifier,
- secondCPQ->qualifier,
- &compare,
- plContext,
- PKIX_BYTEARRAYEQUALSFAILED);
- }
-
- *pResult = compare;
-
-cleanup:
-
- PKIX_RETURN(CERTPOLICYQUALIFIER);
-}
-
-/*
- * FUNCTION: pkix_pl_CertPolicyQualifier_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_CERTPOLICYQUALIFIER_TYPE and its related
- * functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize,
- * which should only be called once, it is acceptable that
- * this function is not thread-safe.
- */
-PKIX_Error *
-pkix_pl_CertPolicyQualifier_RegisterSelf(void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(CERTPOLICYQUALIFIER,
- "pkix_pl_CertPolicyQualifier_RegisterSelf");
-
- entry.description = "CertPolicyQualifier";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_CertPolicyQualifier);
- entry.destructor = pkix_pl_CertPolicyQualifier_Destroy;
- entry.equalsFunction = pkix_pl_CertPolicyQualifier_Equals;
- entry.hashcodeFunction = pkix_pl_CertPolicyQualifier_Hashcode;
- entry.toStringFunction = pkix_pl_CertPolicyQualifier_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
-
- systemClasses[PKIX_CERTPOLICYQUALIFIER_TYPE] = entry;
-
- PKIX_RETURN(CERTPOLICYQUALIFIER);
-}
-
-/* --Public-CertPolicyQualifier-Functions------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_PolicyQualifier_GetPolicyQualifierId
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_PolicyQualifier_GetPolicyQualifierId(
- PKIX_PL_CertPolicyQualifier *policyQualifierInfo,
- PKIX_PL_OID **pPolicyQualifierId,
- void *plContext)
-{
- PKIX_ENTER(CERTPOLICYQUALIFIER,
- "PKIX_PL_PolicyQualifier_GetPolicyQualifierId");
-
- PKIX_NULLCHECK_TWO(policyQualifierInfo, pPolicyQualifierId);
-
- PKIX_INCREF(policyQualifierInfo->policyQualifierId);
-
- *pPolicyQualifierId = policyQualifierInfo->policyQualifierId;
-
-cleanup:
- PKIX_RETURN(CERTPOLICYQUALIFIER);
-}
-
-/*
- * FUNCTION: PKIX_PL_PolicyQualifier_GetQualifier
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_PolicyQualifier_GetQualifier(
- PKIX_PL_CertPolicyQualifier *policyQualifierInfo,
- PKIX_PL_ByteArray **pQualifier,
- void *plContext)
-{
- PKIX_ENTER(CERTPOLICYQUALIFIER, "PKIX_PL_PolicyQualifier_GetQualifier");
-
- PKIX_NULLCHECK_TWO(policyQualifierInfo, pQualifier);
-
- PKIX_INCREF(policyQualifierInfo->qualifier);
-
- *pQualifier = policyQualifierInfo->qualifier;
-
-cleanup:
- PKIX_RETURN(CERTPOLICYQUALIFIER);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.h
deleted file mode 100644
index 1594568f2..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_certpolicyqualifier.h
- *
- * PolicyQualifier Type Definitions
- *
- */
-
-#ifndef _PKIX_PL_POLICYQUALIFIER_H
-#define _PKIX_PL_POLICYQUALIFIER_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * This structure reflects the contents of the policy qualifier extension as
- * described in Section 4.2.1.5 of RFC3280.
- *
- * PolicyQualifierInfo ::= SEQUENCE {
- * policyQualifierId PolicyQualifierId,
- * qualifier ANY DEFINED BY policyQualifierId }
- *
- * PolicyQualifierId ::=
- * OBJECT IDENTIFIER (id-qt-cps | id-qt-unotice)
- *
- */
-struct PKIX_PL_CertPolicyQualifierStruct {
- PKIX_PL_OID *policyQualifierId;
- PKIX_PL_ByteArray *qualifier;
-};
-
-PKIX_Error *
-pkix_pl_CertPolicyQualifier_Create(
- PKIX_PL_OID *oid,
- PKIX_PL_ByteArray *qualifierArray,
- PKIX_PL_CertPolicyQualifier **pObject,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_CertPolicyQualifier_RegisterSelf(
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_POLICYQUALIFIER_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c
deleted file mode 100644
index 7ffa233a7..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c
+++ /dev/null
@@ -1,1098 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_crl.c
- *
- * CRL Function Definitions
- *
- */
-
-#include "pkix_pl_crl.h"
-#include "certxutl.h"
-
-extern PKIX_PL_HashTable *cachedCrlSigTable;
-
-/* --Private-CRL-Functions------------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_CRL_GetVersion
- * DESCRIPTION:
- *
- * Retrieves the version of the CRL pointed to by "crl" and stores it at
- * "pVersion". The version number will either be 0 or 1 (corresponding to
- * v1 or v2, respectively).
- *
- * Version ::= INTEGER { v1(0), v2(1), v3(2) }
- *
- * PARAMETERS:
- * "crl"
- * Address of CRL whose version is to be stored. Must be non-NULL.
- * "pVersion"
- * Address where a version will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CRL_GetVersion(
- PKIX_PL_CRL *crl,
- PKIX_UInt32 *pVersion,
- void *plContext)
-{
- PKIX_UInt32 myVersion;
-
- PKIX_ENTER(CRL, "pkix_pl_CRL_GetVersion");
- PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pVersion);
-
- PKIX_NULLCHECK_ONE(crl->nssSignedCrl->crl.version.data);
-
- myVersion = *(crl->nssSignedCrl->crl.version.data);
-
- if (myVersion > 1) {
- PKIX_ERROR(PKIX_VERSIONVALUEMUSTBEV1ORV2);
- }
-
- *pVersion = myVersion;
-
-cleanup:
-
- PKIX_RETURN(CRL);
-}
-
-/*
- * FUNCTION: PKIX_PL_CRL_GetCRLNumber (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_CRL_GetCRLNumber(
- PKIX_PL_CRL *crl,
- PKIX_PL_BigInt **pCrlNumber,
- void *plContext)
-{
- PKIX_PL_BigInt *crlNumber = NULL;
- SECItem nssCrlNumber;
- PLArenaPool *arena = NULL;
- SECStatus status;
- PKIX_UInt32 length = 0;
- char *bytes = NULL;
-
- PKIX_ENTER(CRL, "PKIX_PL_CRL_GetCRLNumber");
- PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pCrlNumber);
-
- /* Can call this function only with der been adopted. */
- PORT_Assert(crl->adoptedDerCrl);
-
- if (!crl->crlNumberAbsent && crl->crlNumber == NULL) {
-
- PKIX_OBJECT_LOCK(crl);
-
- if (!crl->crlNumberAbsent && crl->crlNumber == NULL) {
-
- nssCrlNumber.type = 0;
- nssCrlNumber.len = 0;
- nssCrlNumber.data = NULL;
-
- PKIX_CRL_DEBUG("\t\tCalling PORT_NewArena).\n");
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- PKIX_CRL_DEBUG("\t\tCalling CERT_FindCRLNumberExten\n");
- status = CERT_FindCRLNumberExten
- (arena, &crl->nssSignedCrl->crl, &nssCrlNumber);
-
- if (status == SECSuccess) {
- /* Get data in bytes then convert to bigint */
- length = nssCrlNumber.len;
- bytes = (char *)nssCrlNumber.data;
-
- PKIX_CHECK(pkix_pl_BigInt_CreateWithBytes
- (bytes, length, &crlNumber, plContext),
- PKIX_BIGINTCREATEWITHBYTESFAILED);
-
- /* arena release does the job
- PKIX_CRL_DEBUG("\t\tCalling SECITEM_FreeItem\n");
- SECITEM_FreeItem(&nssCrlNumber, PKIX_FALSE);
- */
- crl->crlNumber = crlNumber;
-
- } else {
-
- crl->crlNumberAbsent = PKIX_TRUE;
- }
- }
-
- PKIX_OBJECT_UNLOCK(crl);
-
- }
-
- PKIX_INCREF(crl->crlNumber);
-
- *pCrlNumber = crl->crlNumber;
-
-cleanup:
-
- if (arena){
- PKIX_CRL_DEBUG("\t\tCalling PORT_FreeArena).\n");
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- PKIX_RETURN(CRL);
-}
-
-/*
- * FUNCTION: pkix_pl_CRL_GetSignatureAlgId
- *
- * DESCRIPTION:
- * Retrieves a pointer to the OID that represents the signature algorithm of
- * the CRL pointed to by "crl" and stores it at "pSignatureAlgId".
- *
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL }
- *
- * PARAMETERS:
- * "crl"
- * Address of CRL whose signature algorithm OID is to be stored.
- * Must be non-NULL.
- * "pSignatureAlgId"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CRL_GetSignatureAlgId(
- PKIX_PL_CRL *crl,
- PKIX_PL_OID **pSignatureAlgId,
- void *plContext)
-{
- PKIX_PL_OID *signatureAlgId = NULL;
-
- PKIX_ENTER(CRL, "pkix_pl_CRL_GetSignatureAlgId");
- PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pSignatureAlgId);
-
- /* if we don't have a cached copy from before, we create one */
- if (crl->signatureAlgId == NULL){
- PKIX_OBJECT_LOCK(crl);
- if (crl->signatureAlgId == NULL){
- CERTCrl *nssCrl = &(crl->nssSignedCrl->crl);
- SECAlgorithmID *algorithm = &nssCrl->signatureAlg;
- SECItem *algBytes = &algorithm->algorithm;
-
- if (!algBytes->data || !algBytes->len) {
- PKIX_ERROR(PKIX_OIDBYTESLENGTH0);
- }
- PKIX_CHECK(PKIX_PL_OID_CreateBySECItem
- (algBytes, &signatureAlgId, plContext),
- PKIX_OIDCREATEFAILED);
-
- /* save a cached copy in case it is asked for again */
- crl->signatureAlgId = signatureAlgId;
- signatureAlgId = NULL;
- }
- PKIX_OBJECT_UNLOCK(crl);
- }
- PKIX_INCREF(crl->signatureAlgId);
- *pSignatureAlgId = crl->signatureAlgId;
-cleanup:
- PKIX_DECREF(signatureAlgId);
- PKIX_RETURN(CRL);
-}
-
-/*
- * FUNCTION: pkix_pl_CRL_GetCRLEntries
- * DESCRIPTION:
- *
- * Retrieves a pointer to the List of CRLEntries found in the CRL pointed to
- * by "crl" and stores it at "pCRLEntries". If there are no CRLEntries,
- * this functions stores NULL at "pCRLEntries".
- *
- * PARAMETERS:
- * "crl"
- * Address of CRL whose CRL Entries are to be retrieved. Must be non-NULL.
- * "pCRLEntries"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CRL_GetCRLEntries(
- PKIX_PL_CRL *crl,
- PKIX_List **pCrlEntries,
- void *plContext)
-{
- PKIX_List *entryList = NULL;
- CERTCrl *nssCrl = NULL;
-
- PKIX_ENTER(CRL, "pkix_pl_CRL_GetCRLEntries");
- PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pCrlEntries);
-
- /* if we don't have a cached copy from before, we create one */
- if (crl->crlEntryList == NULL) {
-
- PKIX_OBJECT_LOCK(crl);
-
- if (crl->crlEntryList == NULL){
-
- nssCrl = &(crl->nssSignedCrl->crl);
-
- PKIX_CHECK(pkix_pl_CRLEntry_Create
- (nssCrl->entries, &entryList, plContext),
- PKIX_CRLENTRYCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_SetImmutable
- (entryList, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- crl->crlEntryList = entryList;
- }
-
- PKIX_OBJECT_UNLOCK(crl);
-
- }
-
- PKIX_INCREF(crl->crlEntryList);
-
- *pCrlEntries = crl->crlEntryList;
-
-cleanup:
-
- PKIX_RETURN(CRL);
-}
-
-/*
- * FUNCTION: pkix_pl_CRL_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CRL_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_CRL *crl = NULL;
-
- PKIX_ENTER(CRL, "pkix_pl_CRL_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CRL_TYPE, plContext),
- PKIX_OBJECTNOTCRL);
-
- crl = (PKIX_PL_CRL*)object;
-
- PKIX_CRL_DEBUG("\t\tCalling CERT_DestroyCrl\n");
- if (crl->nssSignedCrl) {
- CERT_DestroyCrl(crl->nssSignedCrl);
- }
- if (crl->adoptedDerCrl) {
- SECITEM_FreeItem(crl->adoptedDerCrl, PR_TRUE);
- }
- crl->nssSignedCrl = NULL;
- crl->adoptedDerCrl = NULL;
- crl->crlNumberAbsent = PKIX_FALSE;
-
- PKIX_DECREF(crl->issuer);
- PKIX_DECREF(crl->signatureAlgId);
- PKIX_DECREF(crl->crlNumber);
- PKIX_DECREF(crl->crlEntryList);
- PKIX_DECREF(crl->critExtOids);
- if (crl->derGenName) {
- SECITEM_FreeItem(crl->derGenName, PR_TRUE);
- }
-
-cleanup:
-
- PKIX_RETURN(CRL);
-}
-
-/*
- * FUNCTION: pkix_pl_CRL_ToString_Helper
- * DESCRIPTION:
- *
- * Helper function that creates a string representation of the CRL pointed
- * to by "crl" and stores it at "pString".
- *
- * PARAMETERS
- * "crl"
- * Address of CRL whose string representation is desired.
- * Must be non-NULL.
- * "pString"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CRL_ToString_Helper(
- PKIX_PL_CRL *crl,
- PKIX_PL_String **pString,
- void *plContext)
-{
- char *asciiFormat = NULL;
- PKIX_UInt32 crlVersion;
- PKIX_PL_X500Name *crlIssuer = NULL;
- PKIX_PL_OID *nssSignatureAlgId = NULL;
- PKIX_PL_BigInt *crlNumber = NULL;
- PKIX_List *crlEntryList = NULL;
- PKIX_List *critExtOIDs = NULL;
- PKIX_PL_String *formatString = NULL;
- PKIX_PL_String *crlIssuerString = NULL;
- PKIX_PL_String *lastUpdateString = NULL;
- PKIX_PL_String *nextUpdateString = NULL;
- PKIX_PL_String *nssSignatureAlgIdString = NULL;
- PKIX_PL_String *crlNumberString = NULL;
- PKIX_PL_String *crlEntryListString = NULL;
- PKIX_PL_String *critExtOIDsString = NULL;
- PKIX_PL_String *crlString = NULL;
-
- PKIX_ENTER(CRL, "pkix_pl_CRL_ToString_Helper");
- PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pString);
-
- asciiFormat =
- "[\n"
- "\tVersion: v%d\n"
- "\tIssuer: %s\n"
- "\tUpdate: [Last: %s\n"
- "\t Next: %s]\n"
- "\tSignatureAlgId: %s\n"
- "\tCRL Number : %s\n"
- "\n"
- "\tEntry List: %s\n"
- "\n"
- "\tCritExtOIDs: %s\n"
- "]\n";
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- asciiFormat,
- 0,
- &formatString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- /* Version */
- PKIX_CHECK(pkix_pl_CRL_GetVersion(crl, &crlVersion, plContext),
- PKIX_CRLGETVERSIONFAILED);
-
- /* Issuer */
- PKIX_CHECK(PKIX_PL_CRL_GetIssuer(crl, &crlIssuer, plContext),
- PKIX_CRLGETISSUERFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)crlIssuer, &crlIssuerString, plContext),
- PKIX_X500NAMETOSTRINGFAILED);
-
- /* This update - No Date object created, use nss data directly */
- PKIX_CHECK(pkix_pl_Date_ToString_Helper
- (&(crl->nssSignedCrl->crl.lastUpdate),
- &lastUpdateString,
- plContext),
- PKIX_DATETOSTRINGHELPERFAILED);
-
- /* Next update - No Date object created, use nss data directly */
- PKIX_CHECK(pkix_pl_Date_ToString_Helper
- (&(crl->nssSignedCrl->crl.nextUpdate),
- &nextUpdateString,
- plContext),
- PKIX_DATETOSTRINGHELPERFAILED);
-
- /* Signature Algorithm Id */
- PKIX_CHECK(pkix_pl_CRL_GetSignatureAlgId
- (crl, &nssSignatureAlgId, plContext),
- PKIX_CRLGETSIGNATUREALGIDFAILED);
-
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)nssSignatureAlgId,
- &nssSignatureAlgIdString,
- plContext),
- PKIX_OIDTOSTRINGFAILED);
-
- /* CRL Number */
- PKIX_CHECK(PKIX_PL_CRL_GetCRLNumber
- (crl, &crlNumber, plContext),
- PKIX_CRLGETCRLNUMBERFAILED);
-
- PKIX_TOSTRING(crlNumber, &crlNumberString, plContext,
- PKIX_BIGINTTOSTRINGFAILED);
-
- /* CRL Entries */
- PKIX_CHECK(pkix_pl_CRL_GetCRLEntries(crl, &crlEntryList, plContext),
- PKIX_CRLGETCRLENTRIESFAILED);
-
- PKIX_TOSTRING(crlEntryList, &crlEntryListString, plContext,
- PKIX_LISTTOSTRINGFAILED);
-
- /* CriticalExtensionOIDs */
- PKIX_CHECK(PKIX_PL_CRL_GetCriticalExtensionOIDs
- (crl, &critExtOIDs, plContext),
- PKIX_CRLGETCRITICALEXTENSIONOIDSFAILED);
-
- PKIX_TOSTRING(critExtOIDs, &critExtOIDsString, plContext,
- PKIX_LISTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&crlString,
- plContext,
- formatString,
- crlVersion + 1,
- crlIssuerString,
- lastUpdateString,
- nextUpdateString,
- nssSignatureAlgIdString,
- crlNumberString,
- crlEntryListString,
- critExtOIDsString),
- PKIX_SPRINTFFAILED);
-
- *pString = crlString;
-
-cleanup:
-
- PKIX_DECREF(crlIssuer);
- PKIX_DECREF(nssSignatureAlgId);
- PKIX_DECREF(crlNumber);
- PKIX_DECREF(crlEntryList);
- PKIX_DECREF(critExtOIDs);
- PKIX_DECREF(crlIssuerString);
- PKIX_DECREF(lastUpdateString);
- PKIX_DECREF(nextUpdateString);
- PKIX_DECREF(nssSignatureAlgIdString);
- PKIX_DECREF(crlNumberString);
- PKIX_DECREF(crlEntryListString);
- PKIX_DECREF(critExtOIDsString);
- PKIX_DECREF(formatString);
-
- PKIX_RETURN(CRL);
-}
-
-/*
- * FUNCTION: pkix_pl_CRL_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CRL_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_String *crlString = NULL;
- PKIX_PL_CRL *crl = NULL;
-
- PKIX_ENTER(CRL, "pkix_pl_CRL_ToString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CRL_TYPE, plContext),
- PKIX_OBJECTNOTCRL);
-
- crl = (PKIX_PL_CRL *) object;
-
- PKIX_CHECK(pkix_pl_CRL_ToString_Helper(crl, &crlString, plContext),
- PKIX_CRLTOSTRINGHELPERFAILED);
-
- *pString = crlString;
-
-cleanup:
-
- PKIX_RETURN(CRL);
-}
-
-/*
- * FUNCTION: pkix_pl_CRL_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CRL_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_PL_CRL *crl = NULL;
- PKIX_UInt32 certHash;
- SECItem *crlDer = NULL;
-
- PKIX_ENTER(CRL, "pkix_pl_CRL_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CRL_TYPE, plContext),
- PKIX_OBJECTNOTCRL);
-
- crl = (PKIX_PL_CRL *)object;
- if (crl->adoptedDerCrl) {
- crlDer = crl->adoptedDerCrl;
- } else if (crl->nssSignedCrl && crl->nssSignedCrl->derCrl) {
- crlDer = crl->nssSignedCrl->derCrl;
- }
-
- if (crlDer->data)
- PKIX_CHECK(pkix_hash(crlDer->data, crlDer->len,
- &certHash, plContext),
- PKIX_ERRORINHASH);
-
- *pHashcode = certHash;
-
-cleanup:
-
- PKIX_RETURN(CRL);
-}
-
-/*
- * FUNCTION: pkix_pl_CRL_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CRL_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PL_CRL *firstCrl = NULL;
- PKIX_PL_CRL *secondCrl = NULL;
- SECItem *crlDerOne = NULL, *crlDerTwo = NULL;
- PKIX_UInt32 secondType;
-
- PKIX_ENTER(CRL, "pkix_pl_CRL_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- /* test that firstObject is a CRL */
- PKIX_CHECK(pkix_CheckType(firstObject, PKIX_CRL_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTCRL);
-
- firstCrl = (PKIX_PL_CRL *)firstObject;
- secondCrl = (PKIX_PL_CRL *)secondObject;
-
- /*
- * Since we know firstObject is a CRL, if both references are
- * identical, they must be equal
- */
- if (firstCrl == secondCrl){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If secondCrl isn't a CRL, we don't throw an error.
- * We simply return a Boolean result of FALSE
- */
- *pResult = PKIX_FALSE;
- PKIX_CHECK(PKIX_PL_Object_GetType
- ((PKIX_PL_Object *)secondCrl, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
- if (secondType != PKIX_CRL_TYPE) goto cleanup;
-
- if (firstCrl->adoptedDerCrl) {
- crlDerOne = firstCrl->adoptedDerCrl;
- } else if (firstCrl->nssSignedCrl && firstCrl->nssSignedCrl->derCrl) {
- crlDerOne = firstCrl->nssSignedCrl->derCrl;
- }
-
- if (secondCrl->adoptedDerCrl) {
- crlDerTwo = secondCrl->adoptedDerCrl;
- } else if (secondCrl->nssSignedCrl && secondCrl->nssSignedCrl->derCrl) {
- crlDerTwo = secondCrl->nssSignedCrl->derCrl;
- }
-
- if (SECITEM_CompareItem(crlDerOne, crlDerTwo) == SECEqual) {
- *pResult = PKIX_TRUE;
- }
-
-cleanup:
-
- PKIX_RETURN(CRL);
-}
-
-/*
- * FUNCTION: pkix_pl_CRL_RegisterSelf
- *
- * DESCRIPTION:
- * Registers PKIX_CRL_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- *
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_CRL_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry *entry = &systemClasses[PKIX_CRL_TYPE];
-
- PKIX_ENTER(CRL, "pkix_pl_CRL_RegisterSelf");
-
- entry->description = "CRL";
- entry->typeObjectSize = sizeof(PKIX_PL_CRL);
- entry->destructor = pkix_pl_CRL_Destroy;
- entry->equalsFunction = pkix_pl_CRL_Equals;
- entry->hashcodeFunction = pkix_pl_CRL_Hashcode;
- entry->toStringFunction = pkix_pl_CRL_ToString;
- entry->duplicateFunction = pkix_duplicateImmutable;
-
- PKIX_RETURN(CRL);
-}
-
-/*
- * FUNCTION: PKIX_PL_CRL_VerifyUpdateTime (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_CRL_VerifyUpdateTime(
- PKIX_PL_CRL *crl,
- PKIX_PL_Date *date,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PRTime timeToCheck;
- PRTime nextUpdate;
- PRTime lastUpdate;
- SECStatus status;
- CERTCrl *nssCrl = NULL;
- SECItem *nextUpdateDer = NULL;
- PKIX_Boolean haveNextUpdate = PR_FALSE;
-
- PKIX_ENTER(CRL, "PKIX_PL_CRL_VerifyUpdateTime");
- PKIX_NULLCHECK_FOUR(crl, crl->nssSignedCrl, date, pResult);
-
- /* Can call this function only with der been adopted. */
- PORT_Assert(crl->adoptedDerCrl);
-
- nssCrl = &(crl->nssSignedCrl->crl);
- timeToCheck = date->nssTime;
-
- /* nextUpdate can be NULL. Checking before using it */
- nextUpdateDer = &nssCrl->nextUpdate;
- if (nextUpdateDer->data && nextUpdateDer->len) {
- haveNextUpdate = PR_TRUE;
- status = DER_DecodeTimeChoice(&nextUpdate, nextUpdateDer);
- if (status != SECSuccess) {
- PKIX_ERROR(PKIX_DERDECODETIMECHOICEFORNEXTUPDATEFAILED);
- }
- }
-
- status = DER_DecodeTimeChoice(&lastUpdate, &(nssCrl->lastUpdate));
- if (status != SECSuccess) {
- PKIX_ERROR(PKIX_DERDECODETIMECHOICEFORLASTUPDATEFAILED);
- }
-
- if (!haveNextUpdate || nextUpdate < timeToCheck) {
- *pResult = PKIX_FALSE;
- goto cleanup;
- }
-
- if (lastUpdate <= timeToCheck) {
- *pResult = PKIX_TRUE;
- } else {
- *pResult = PKIX_FALSE;
- }
-
-cleanup:
-
- PKIX_RETURN(CRL);
-}
-
-/*
- * FUNCTION: pkix_pl_CRL_CreateWithSignedCRL
- * DESCRIPTION:
- *
- * Creates a new CRL using the CERTSignedCrl pointed to by "nssSignedCrl"
- * and stores it at "pCRL". If the decoding of the CERTSignedCrl fails,
- * a PKIX_Error is returned.
- *
- * PARAMETERS:
- * "nssSignedCrl"
- * Address of CERTSignedCrl. Must be non-NULL.
- * "adoptedDerCrl"
- * SECItem ponter that if not NULL is indicating that memory used
- * for der should be adopted by crl that is about to be created.
- * "pCRL"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_CRL_CreateWithSignedCRL(
- CERTSignedCrl *nssSignedCrl,
- SECItem *adoptedDerCrl,
- SECItem *derGenName,
- PKIX_PL_CRL **pCrl,
- void *plContext)
-{
- PKIX_PL_CRL *crl = NULL;
-
- PKIX_ENTER(CRL, "pkix_pl_CRL_CreateWithSignedCRL");
- PKIX_NULLCHECK_ONE(pCrl);
-
- /* create a PKIX_PL_CRL object */
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_CRL_TYPE,
- sizeof (PKIX_PL_CRL),
- (PKIX_PL_Object **)&crl,
- plContext),
- PKIX_COULDNOTCREATECRLOBJECT);
-
- /* populate the nssSignedCrl field */
- crl->nssSignedCrl = nssSignedCrl;
- crl->adoptedDerCrl = adoptedDerCrl;
- crl->issuer = NULL;
- crl->signatureAlgId = NULL;
- crl->crlNumber = NULL;
- crl->crlNumberAbsent = PKIX_FALSE;
- crl->crlEntryList = NULL;
- crl->critExtOids = NULL;
- if (derGenName) {
- crl->derGenName =
- SECITEM_DupItem(derGenName);
- if (!crl->derGenName) {
- PKIX_ERROR(PKIX_ALLOCERROR);
- }
- }
-
- *pCrl = crl;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(crl);
- }
-
- PKIX_RETURN(CRL);
-}
-
-/* --Public-CRL-Functions------------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_CRL_Create (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_CRL_Create(
- PKIX_PL_ByteArray *byteArray,
- PKIX_PL_CRL **pCrl,
- void *plContext)
-{
- CERTSignedCrl *nssSignedCrl = NULL;
- SECItem derItem, *derCrl = NULL;
- PKIX_PL_CRL *crl = NULL;
-
- PKIX_ENTER(CRL, "PKIX_PL_CRL_Create");
- PKIX_NULLCHECK_TWO(byteArray, pCrl);
-
- if (byteArray->length == 0){
- PKIX_ERROR(PKIX_ZEROLENGTHBYTEARRAYFORCRLENCODING);
- }
- derItem.type = siBuffer;
- derItem.data = byteArray->array;
- derItem.len = byteArray->length;
- derCrl = SECITEM_DupItem(&derItem);
- if (!derCrl) {
- PKIX_ERROR(PKIX_ALLOCERROR);
- }
- nssSignedCrl =
- CERT_DecodeDERCrlWithFlags(NULL, derCrl, SEC_CRL_TYPE,
- CRL_DECODE_DONT_COPY_DER |
- CRL_DECODE_SKIP_ENTRIES);
- if (!nssSignedCrl) {
- PKIX_ERROR(PKIX_CERTDECODEDERCRLFAILED);
- }
- PKIX_CHECK(
- pkix_pl_CRL_CreateWithSignedCRL(nssSignedCrl, derCrl, NULL,
- &crl, plContext),
- PKIX_CRLCREATEWITHSIGNEDCRLFAILED);
- nssSignedCrl = NULL;
- derCrl = NULL;
- *pCrl = crl;
-
-cleanup:
- if (derCrl) {
- SECITEM_FreeItem(derCrl, PR_TRUE);
- }
- if (nssSignedCrl) {
- SEC_DestroyCrl(nssSignedCrl);
- }
-
- PKIX_RETURN(CRL);
-}
-
-/*
- * FUNCTION: PKIX_PL_CRL_GetIssuer (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_CRL_GetIssuer(
- PKIX_PL_CRL *crl,
- PKIX_PL_X500Name **pCRLIssuer,
- void *plContext)
-{
- PKIX_PL_String *crlString = NULL;
- PKIX_PL_X500Name *issuer = NULL;
- SECItem *derIssuerName = NULL;
- CERTName *issuerName = NULL;
-
- PKIX_ENTER(CRL, "PKIX_PL_CRL_GetIssuer");
- PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pCRLIssuer);
-
- /* Can call this function only with der been adopted. */
- PORT_Assert(crl->adoptedDerCrl);
-
- /* if we don't have a cached copy from before, we create one */
- if (crl->issuer == NULL){
-
- PKIX_OBJECT_LOCK(crl);
-
- if (crl->issuer == NULL) {
-
- issuerName = &crl->nssSignedCrl->crl.name;
- derIssuerName = &crl->nssSignedCrl->crl.derName;
-
- PKIX_CHECK(
- PKIX_PL_X500Name_CreateFromCERTName(derIssuerName,
- issuerName,
- &issuer,
- plContext),
- PKIX_X500NAMECREATEFROMCERTNAMEFAILED);
-
- /* save a cached copy in case it is asked for again */
- crl->issuer = issuer;
- }
-
- PKIX_OBJECT_UNLOCK(crl);
-
- }
-
- PKIX_INCREF(crl->issuer);
-
- *pCRLIssuer = crl->issuer;
-
-cleanup:
-
- PKIX_DECREF(crlString);
-
- PKIX_RETURN(CRL);
-}
-
-
-/*
- * FUNCTION: PKIX_PL_CRL_GetCriticalExtensionOIDs
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_CRL_GetCriticalExtensionOIDs(
- PKIX_PL_CRL *crl,
- PKIX_List **pExtensions, /* list of PKIX_PL_OID */
- void *plContext)
-{
- PKIX_List *oidsList = NULL;
- CERTCertExtension **extensions = NULL;
- CERTCrl *nssSignedCrl = NULL;
-
- PKIX_ENTER(CRL, "PKIX_PL_CRL_GetCriticalExtensionOIDs");
- PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pExtensions);
-
- /* Can call this function only with der been adopted. */
- PORT_Assert(crl->adoptedDerCrl);
-
- /* if we don't have a cached copy from before, we create one */
- if (crl->critExtOids == NULL) {
-
- PKIX_OBJECT_LOCK(crl);
-
- nssSignedCrl = &(crl->nssSignedCrl->crl);
- extensions = nssSignedCrl->extensions;
-
- if (crl->critExtOids == NULL) {
-
- PKIX_CHECK(pkix_pl_OID_GetCriticalExtensionOIDs
- (extensions, &oidsList, plContext),
- PKIX_GETCRITICALEXTENSIONOIDSFAILED);
-
- crl->critExtOids = oidsList;
- }
-
- PKIX_OBJECT_UNLOCK(crl);
-
- }
-
- /* We should return a copy of the List since this list changes */
- PKIX_DUPLICATE(crl->critExtOids, pExtensions, plContext,
- PKIX_OBJECTDUPLICATELISTFAILED);
-
-cleanup:
-
- PKIX_RETURN(CRL);
-}
-
-/*
- * FUNCTION: PKIX_PL_CRL_VerifySignature (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_CRL_VerifySignature(
- PKIX_PL_CRL *crl,
- PKIX_PL_PublicKey *pubKey,
- void *plContext)
-{
- PKIX_PL_CRL *cachedCrl = NULL;
- PKIX_Error *verifySig = NULL;
- PKIX_Error *cachedSig = NULL;
- PKIX_Boolean crlEqual = PKIX_FALSE;
- PKIX_Boolean crlInHash= PKIX_FALSE;
- CERTSignedCrl *nssSignedCrl = NULL;
- SECKEYPublicKey *nssPubKey = NULL;
- CERTSignedData *tbsCrl = NULL;
- void* wincx = NULL;
- SECStatus status;
-
- PKIX_ENTER(CRL, "PKIX_PL_CRL_VerifySignature");
- PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pubKey);
-
- /* Can call this function only with der been adopted. */
- PORT_Assert(crl->adoptedDerCrl);
-
- verifySig = PKIX_PL_HashTable_Lookup
- (cachedCrlSigTable,
- (PKIX_PL_Object *) pubKey,
- (PKIX_PL_Object **) &cachedCrl,
- plContext);
-
- if (cachedCrl != NULL && verifySig == NULL) {
- /* Cached Signature Table lookup succeed */
- PKIX_EQUALS(crl, cachedCrl, &crlEqual, plContext,
- PKIX_OBJECTEQUALSFAILED);
- if (crlEqual == PKIX_TRUE) {
- goto cleanup;
- }
- /* Different PubKey may hash to same value, skip add */
- crlInHash = PKIX_TRUE;
- }
-
- nssSignedCrl = crl->nssSignedCrl;
- tbsCrl = &nssSignedCrl->signatureWrap;
-
- PKIX_CRL_DEBUG("\t\tCalling SECKEY_ExtractPublicKey\n");
- nssPubKey = SECKEY_ExtractPublicKey(pubKey->nssSPKI);
- if (!nssPubKey){
- PKIX_ERROR(PKIX_SECKEYEXTRACTPUBLICKEYFAILED);
- }
-
- PKIX_CHECK(pkix_pl_NssContext_GetWincx
- ((PKIX_PL_NssContext *)plContext, &wincx),
- PKIX_NSSCONTEXTGETWINCXFAILED);
-
- PKIX_CRL_DEBUG("\t\tCalling CERT_VerifySignedDataWithPublicKey\n");
- status = CERT_VerifySignedDataWithPublicKey(tbsCrl, nssPubKey, wincx);
-
- if (status != SECSuccess) {
- PKIX_ERROR(PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY);
- }
-
- if (crlInHash == PKIX_FALSE) {
- cachedSig = PKIX_PL_HashTable_Add
- (cachedCrlSigTable,
- (PKIX_PL_Object *) pubKey,
- (PKIX_PL_Object *) crl,
- plContext);
-
- if (cachedSig != NULL) {
- PKIX_DEBUG("PKIX_PL_HashTable_Add skipped: entry existed\n");
- }
- }
-
-cleanup:
-
- if (nssPubKey){
- PKIX_CRL_DEBUG("\t\tCalling SECKEY_DestroyPublicKey\n");
- SECKEY_DestroyPublicKey(nssPubKey);
- nssPubKey = NULL;
- }
-
- PKIX_DECREF(cachedCrl);
- PKIX_DECREF(verifySig);
- PKIX_DECREF(cachedSig);
-
- PKIX_RETURN(CRL);
-}
-
-PKIX_Error*
-PKIX_PL_CRL_ReleaseDerCrl(PKIX_PL_CRL *crl,
- SECItem **derCrl,
- void *plContext)
-{
- PKIX_ENTER(CRL, "PKIX_PL_CRL_ReleaseDerCrl");
- *derCrl = crl->adoptedDerCrl;
- crl->adoptedDerCrl = NULL;
-
- PKIX_RETURN(CRL);
-}
-
-PKIX_Error*
-PKIX_PL_CRL_AdoptDerCrl(PKIX_PL_CRL *crl,
- SECItem *derCrl,
- void *plContext)
-{
- PKIX_ENTER(CRL, "PKIX_PL_CRL_AquireDerCrl");
- if (crl->adoptedDerCrl) {
- PKIX_ERROR(PKIX_CANNOTAQUIRECRLDER);
- }
- crl->adoptedDerCrl = derCrl;
-cleanup:
- PKIX_RETURN(CRL);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.h
deleted file mode 100644
index 6d704116e..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_crl.h
- *
- * CRL Object Type Definitions
- *
- */
-
-#ifndef _PKIX_PL_CRL_H
-#define _PKIX_PL_CRL_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_CRLStruct {
- CERTSignedCrl *nssSignedCrl;
- PKIX_PL_X500Name *issuer;
- PKIX_PL_OID *signatureAlgId;
- PKIX_PL_BigInt *crlNumber;
- PKIX_Boolean crlNumberAbsent;
- PKIX_List *crlEntryList; /* list of PKIX_PL_CRLEntry */
- PKIX_List *critExtOids;
- SECItem *adoptedDerCrl;
- SECItem *derGenName; /* der of general name which was used
- * to download the crl. */
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_pl_CRL_RegisterSelf(void *plContext);
-
-PKIX_Error *
-pkix_pl_CRL_CreateWithSignedCRL(CERTSignedCrl *nssSignedCrl,
- SECItem *derCrl,
- SECItem *derGenName,
- PKIX_PL_CRL **pCrl,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_CRL_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c
deleted file mode 100644
index 3e88768a9..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_crldp.c
- *
- * Crl DP Object Functions
- *
- */
-
-#include "pkix_pl_crldp.h"
-
-static PKIX_Error *
-pkix_pl_CrlDp_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- pkix_pl_CrlDp *crldp = NULL;
-
- PKIX_ENTER(CRLCHECKER, "pkix_CrlDp_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- /* Check that this object is a default CRL checker state */
- PKIX_CHECK(
- pkix_CheckType(object, PKIX_CRLDP_TYPE, plContext),
- PKIX_OBJECTNOTCRLCHECKER);
-
- crldp = (pkix_pl_CrlDp *)object;
- if (crldp->distPointType == relativeDistinguishedName) {
- CERT_DestroyName(crldp->name.issuerName);
- crldp->name.issuerName = NULL;
- }
- crldp->nssdp = NULL;
-cleanup:
- PKIX_RETURN(CRLCHECKER);
-}
-
-/*
- * FUNCTION: pkix_pl_CrlDp_RegisterSelf
- *
- * DESCRIPTION:
- * Registers PKIX_CRLDP_TYPE and its related functions
- * with systemClasses[]
- *
- * THREAD SAFETY:
- * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_CrlDp_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry* entry = &systemClasses[PKIX_CRLDP_TYPE];
-
- PKIX_ENTER(CRLCHECKER, "pkix_CrlDp_RegisterSelf");
-
- entry->description = "CrlDistPoint";
- entry->typeObjectSize = sizeof(pkix_pl_CrlDp);
- entry->destructor = pkix_pl_CrlDp_Destroy;
- entry->duplicateFunction = pkix_duplicateImmutable;
-
- PKIX_RETURN(CRLCHECKER);
-}
-
-
-
-PKIX_Error *
-pkix_pl_CrlDp_Create(
- const CRLDistributionPoint *dp,
- const CERTName *certIssuerName,
- pkix_pl_CrlDp **pPkixDP,
- void *plContext)
-{
- PRArenaPool *rdnArena = NULL;
- CERTName *issuerNameCopy = NULL;
- pkix_pl_CrlDp *dpl = NULL;
-
- /* Need to save the following info to update crl cache:
- * - reasons if partitioned(but can not return revocation check
- * success if not all crl are downloaded)
- * - issuer name if different from issuer of the cert
- * - url to upload a crl if needed.
- * */
- PKIX_ENTER(CRLDP, "pkix_pl_CrlDp_Create");
- PKIX_NULLCHECK_ONE(dp);
-
- PKIX_CHECK(
- PKIX_PL_Object_Alloc(PKIX_CRLDP_TYPE,
- sizeof (pkix_pl_CrlDp),
- (PKIX_PL_Object **)&dpl,
- plContext),
- PKIX_COULDNOTCREATEOBJECT);
-
- dpl->nssdp = dp;
- dpl->isPartitionedByReasonCode = PKIX_FALSE;
- if (dp->reasons.data) {
- dpl->isPartitionedByReasonCode = PKIX_TRUE;
- }
- if (dp->distPointType == generalName) {
- dpl->distPointType = generalName;
- dpl->name.fullName = dp->distPoint.fullName;
- } else {
- SECStatus rv;
- const CERTName *issuerName = NULL;
- const CERTRDN *relName = &dp->distPoint.relativeName;
-
- if (dp->crlIssuer) {
- if (dp->crlIssuer->l.next) {
- /* Violate RFC 5280: in this case crlIssuer
- * should have only one name and should be
- * a distinguish name. */
- PKIX_ERROR(PKIX_NOTCONFORMINGCRLDP);
- }
- issuerName = &dp->crlIssuer->name.directoryName;
- } else {
- issuerName = certIssuerName;
- }
- rdnArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (rdnArena) {
- PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
- }
- issuerNameCopy = (CERTName *)PORT_ArenaZNew(rdnArena, CERTName*);
- if (!issuerNameCopy) {
- PKIX_ERROR(PKIX_ALLOCERROR);
- }
- rv = CERT_CopyName(rdnArena, issuerNameCopy, (CERTName*)issuerName);
- if (rv == SECFailure) {
- PKIX_ERROR(PKIX_ALLOCERROR);
- }
- rv = CERT_AddRDN(issuerNameCopy, (CERTRDN*)relName);
- if (rv = SECFailure) {
- PKIX_ERROR(PKIX_ALLOCERROR);
- }
- dpl->distPointType = relativeDistinguishedName;
- dpl->name.issuerName = issuerNameCopy;
- rdnArena = NULL;
- }
- *pPkixDP = dpl;
- dpl = NULL;
-
-cleanup:
- if (rdnArena) {
- PORT_FreeArena(rdnArena, PR_FALSE);
- }
- PKIX_DECREF(dpl);
-
- PKIX_RETURN(CRLDP);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.h
deleted file mode 100644
index 3b0c4ef71..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_crldp.h
- *
- * Crp DP Object Definitions
- *
- */
-#include "pkix_pl_common.h"
-
-#ifndef _PKIX_PL_CRLDP_H
-#define _PKIX_PL_CRLDP_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* CRLDP object can not be used without holding a reference
- * to the pkix certificate they belong to. The memory for dp der
- * object is allocated on nssCert certificate - a member of
- * PKIX_PL_Cert struct. */
-typedef struct pkix_pl_CrlDpStruct {
- /* reference to decoded crldp that allocated on nssCert arena. */
- const CRLDistributionPoint *nssdp;
- DistributionPointTypes distPointType;
- union {
- CERTGeneralName *fullName;
- /* if dp is a relative name, the issuerName is a merged value
- * of crlIssuer and a relative name. Must be destroyed by CrlDp
- * destructor. */
- CERTName *issuerName;
- } name;
- PKIX_Boolean isPartitionedByReasonCode;
-} pkix_pl_CrlDp;
-
-
-PKIX_Error *
-pkix_pl_CrlDp_RegisterSelf(void *plContext);
-
-/* Parses CRLDistributionPoint structure and creaetes
- * pkix_pl_CrlDp object. */
-PKIX_Error *
-pkix_pl_CrlDp_Create(const CRLDistributionPoint *dp,
- const CERTName *certIssuerName,
- pkix_pl_CrlDp **pPkixDP,
- void *plContext);
-#endif /* _PKIX_PL_CRLDP_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.c
deleted file mode 100644
index 3d742a94a..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.c
+++ /dev/null
@@ -1,913 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_crlentry.c
- *
- * CRLENTRY Function Definitions
- *
- */
-
-#include "pkix_pl_crlentry.h"
-
-/* --Private-CRLEntry-Functions------------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_CRLEntry_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CRLEntry_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_CRLEntry *crlEntry = NULL;
-
- PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CRLENTRY_TYPE, plContext),
- PKIX_OBJECTNOTCRLENTRY);
-
- crlEntry = (PKIX_PL_CRLEntry*)object;
-
- /* crlEntry->nssCrlEntry is freed by NSS when freeing CRL */
- crlEntry->userReasonCode = 0;
- crlEntry->userReasonCodeAbsent = PKIX_FALSE;
- crlEntry->nssCrlEntry = NULL;
- PKIX_DECREF(crlEntry->serialNumber);
- PKIX_DECREF(crlEntry->critExtOids);
-
-cleanup:
-
- PKIX_RETURN(CRLENTRY);
-}
-
-/*
- * FUNCTION: pkix_pl_CRLEntry_ToString_Helper
- *
- * DESCRIPTION:
- * Helper function that creates a string representation of the CRLEntry
- * pointed to by "crlEntry" and stores it at "pString".
- *
- * PARAMETERS
- * "crlEntry"
- * Address of CRLEntry whose string representation is desired.
- * Must be non-NULL.
- * "pString"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLEntry Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_CRLEntry_ToString_Helper(
- PKIX_PL_CRLEntry *crlEntry,
- PKIX_PL_String **pString,
- void *plContext)
-{
- char *asciiFormat = NULL;
- PKIX_List *critExtOIDs = NULL;
- PKIX_PL_String *crlEntryString = NULL;
- PKIX_PL_String *formatString = NULL;
- PKIX_PL_String *crlSerialNumberString = NULL;
- PKIX_PL_String *crlRevocationDateString = NULL;
- PKIX_PL_String *critExtOIDsString = NULL;
- PKIX_Int32 reasonCode = 0;
-
- PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_ToString_Helper");
- PKIX_NULLCHECK_FOUR
- (crlEntry,
- crlEntry->serialNumber,
- crlEntry->nssCrlEntry,
- pString);
-
- asciiFormat =
- "\n\t[\n"
- "\tSerialNumber: %s\n"
- "\tReasonCode: %d\n"
- "\tRevocationDate: %s\n"
- "\tCritExtOIDs: %s\n"
- "\t]\n\t";
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- asciiFormat,
- 0,
- &formatString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- /* SerialNumber */
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)crlEntry->serialNumber,
- &crlSerialNumberString,
- plContext),
- PKIX_BIGINTTOSTRINGHELPERFAILED);
-
- /* RevocationDate - No Date object created, use nss data directly */
- PKIX_CHECK(pkix_pl_Date_ToString_Helper
- (&(crlEntry->nssCrlEntry->revocationDate),
- &crlRevocationDateString,
- plContext),
- PKIX_DATETOSTRINGHELPERFAILED);
-
- /* CriticalExtensionOIDs */
- PKIX_CHECK(PKIX_PL_CRLEntry_GetCriticalExtensionOIDs
- (crlEntry, &critExtOIDs, plContext),
- PKIX_CRLENTRYGETCRITICALEXTENSIONOIDSFAILED);
-
- PKIX_TOSTRING(critExtOIDs, &critExtOIDsString, plContext,
- PKIX_LISTTOSTRINGFAILED);
-
- /* Revocation Reason Code */
- PKIX_CHECK(PKIX_PL_CRLEntry_GetCRLEntryReasonCode
- (crlEntry, &reasonCode, plContext),
- PKIX_CRLENTRYGETCRLENTRYREASONCODEFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&crlEntryString,
- plContext,
- formatString,
- crlSerialNumberString,
- reasonCode,
- crlRevocationDateString,
- critExtOIDsString),
- PKIX_SPRINTFFAILED);
-
- *pString = crlEntryString;
-
-cleanup:
-
- PKIX_DECREF(critExtOIDs);
- PKIX_DECREF(crlSerialNumberString);
- PKIX_DECREF(crlRevocationDateString);
- PKIX_DECREF(critExtOIDsString);
- PKIX_DECREF(formatString);
-
- PKIX_RETURN(CRLENTRY);
-}
-
-/*
- * FUNCTION: pkix_pl_CRLEntry_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CRLEntry_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_String *crlEntryString = NULL;
- PKIX_PL_CRLEntry *crlEntry = NULL;
-
- PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_ToString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CRLENTRY_TYPE, plContext),
- PKIX_OBJECTNOTCRLENTRY);
-
- crlEntry = (PKIX_PL_CRLEntry *) object;
-
- PKIX_CHECK(pkix_pl_CRLEntry_ToString_Helper
- (crlEntry, &crlEntryString, plContext),
- PKIX_CRLENTRYTOSTRINGHELPERFAILED);
-
- *pString = crlEntryString;
-
-cleanup:
-
- PKIX_RETURN(CRLENTRY);
-}
-
-/*
- * FUNCTION: pkix_pl_CRLEntry_Extensions_Hashcode
- * DESCRIPTION:
- *
- * For each CRL Entry extension stored at NSS structure CERTCertExtension,
- * get its derbyte data and do the hash.
- *
- * PARAMETERS
- * "extensions"
- * Address of arrray of CERTCertExtension whose hash value is desired.
- * Must be non-NULL.
- * "pHashValue"
- * Address where the final hash value is returned. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditional Thread Safe
- * Though the value of extensions once created is not supposed to change,
- * it may be de-allocated while we are accessing it. But since we are
- * validating the object, it is unlikely we or someone is de-allocating
- * at the moment.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an OID Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CRLEntry_Extensions_Hashcode(
- CERTCertExtension **extensions,
- PKIX_UInt32 *pHashValue,
- void *plContext)
-{
- CERTCertExtension *extension = NULL;
- PRArenaPool *arena = NULL;
- PKIX_UInt32 extHash = 0;
- PKIX_UInt32 hashValue = 0;
- SECItem *derBytes = NULL;
- SECItem *resultSecItem = NULL;
-
- PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Extensions_Hashcode");
- PKIX_NULLCHECK_TWO(extensions, pHashValue);
-
- if (extensions) {
-
- PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_NewArena\n");
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- while (*extensions) {
-
- extension = *extensions++;
-
- PKIX_NULLCHECK_ONE(extension);
-
- PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_ArenaZNew\n");
- derBytes = PORT_ArenaZNew(arena, SECItem);
- if (derBytes == NULL) {
- PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
- }
-
- PKIX_CRLENTRY_DEBUG
- ("\t\tCalling SEC_ASN1EncodeItem\n");
- resultSecItem = SEC_ASN1EncodeItem
- (arena,
- derBytes,
- extension,
- CERT_CertExtensionTemplate);
-
- if (resultSecItem == NULL){
- PKIX_ERROR(PKIX_SECASN1ENCODEITEMFAILED);
- }
-
- PKIX_CHECK(pkix_hash
- (derBytes->data,
- derBytes->len,
- &extHash,
- plContext),
- PKIX_HASHFAILED);
-
- hashValue += (extHash << 7);
-
- }
- }
-
- *pHashValue = hashValue;
-
-cleanup:
-
- if (arena){
- /* Note that freeing the arena also frees derBytes */
- PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_FreeArena\n");
- PORT_FreeArena(arena, PR_FALSE);
- arena = NULL;
- }
- PKIX_RETURN(CRLENTRY);
-}
-
-/*
- * FUNCTION: pkix_pl_CRLEntry_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CRLEntry_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- SECItem *nssDate = NULL;
- PKIX_PL_CRLEntry *crlEntry = NULL;
- PKIX_UInt32 crlEntryHash;
- PKIX_UInt32 hashValue;
- PKIX_Int32 reasonCode = 0;
-
- PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_CRLENTRY_TYPE, plContext),
- PKIX_OBJECTNOTCRLENTRY);
-
- crlEntry = (PKIX_PL_CRLEntry *)object;
-
- PKIX_NULLCHECK_ONE(crlEntry->nssCrlEntry);
- nssDate = &(crlEntry->nssCrlEntry->revocationDate);
-
- PKIX_NULLCHECK_ONE(nssDate->data);
-
- PKIX_CHECK(pkix_hash
- ((const unsigned char *)nssDate->data,
- nssDate->len,
- &crlEntryHash,
- plContext),
- PKIX_ERRORGETTINGHASHCODE);
-
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *)crlEntry->serialNumber,
- &hashValue,
- plContext),
- PKIX_OBJECTHASHCODEFAILED);
-
- crlEntryHash += (hashValue << 7);
-
- hashValue = 0;
-
- if (crlEntry->nssCrlEntry->extensions) {
-
- PKIX_CHECK(pkix_pl_CRLEntry_Extensions_Hashcode
- (crlEntry->nssCrlEntry->extensions, &hashValue, plContext),
- PKIX_CRLENTRYEXTENSIONSHASHCODEFAILED);
- }
-
- crlEntryHash += (hashValue << 7);
-
- PKIX_CHECK(PKIX_PL_CRLEntry_GetCRLEntryReasonCode
- (crlEntry, &reasonCode, plContext),
- PKIX_CRLENTRYGETCRLENTRYREASONCODEFAILED);
-
- crlEntryHash += (reasonCode + 777) << 3;
-
- *pHashcode = crlEntryHash;
-
-cleanup:
-
- PKIX_RETURN(CRLENTRY);
-}
-
-/*
- * FUNCTION: pkix_pl_CRLENTRY_Extensions_Equals
- * DESCRIPTION:
- *
- * Compare each extension's DERbyte data in "firstExtensions" with extension
- * in "secondExtensions" in sequential order and store the result in
- * "pResult".
- *
- * PARAMETERS
- * "firstExtensions"
- * Address of first NSS structure CERTCertExtension to be compared.
- * Must be non-NULL.
- * "secondExtensions"
- * Address of second NSS structure CERTCertExtension to be compared.
- * Must be non-NULL.
- * "pResult"
- * Address where the comparison result is returned. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * Though the value of extensions once created is not supposed to change,
- * it may be de-allocated while we are accessing it. But since we are
- * validating the object, it is unlikely we or someone is de-allocating
- * at the moment.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an OID Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CRLEntry_Extensions_Equals(
- CERTCertExtension **extensions1,
- CERTCertExtension **extensions2,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- CERTCertExtension **firstExtensions;
- CERTCertExtension **secondExtensions;
- CERTCertExtension *firstExtension = NULL;
- CERTCertExtension *secondExtension = NULL;
- PRArenaPool *arena = NULL;
- PKIX_Boolean cmpResult = PKIX_FALSE;
- SECItem *firstDerBytes = NULL;
- SECItem *secondDerBytes = NULL;
- SECItem *firstResultSecItem = NULL;
- SECItem *secondResultSecItem = NULL;
- PKIX_UInt32 firstNumExt = 0;
- PKIX_UInt32 secondNumExt = 0;
- SECComparison secResult;
-
- PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Extensions_Equals");
- PKIX_NULLCHECK_THREE(extensions1, extensions2, pResult);
-
- firstExtensions = extensions1;
- secondExtensions = extensions2;
-
- if (firstExtensions) {
- while (*firstExtensions) {
- firstExtension = *firstExtensions++;
- firstNumExt++;
- }
- }
-
- if (secondExtensions) {
- while (*secondExtensions) {
- secondExtension = *secondExtensions++;
- secondNumExt++;
- }
- }
-
- if (firstNumExt != secondNumExt) {
- *pResult = PKIX_FALSE;
- goto cleanup;
- }
-
- if (firstNumExt == 0 && secondNumExt == 0) {
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /* now have equal number, but non-zero extension items to compare */
-
- firstExtensions = extensions1;
- secondExtensions = extensions2;
-
- cmpResult = PKIX_TRUE;
-
- PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_NewArena\n");
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE*2);
- if (arena == NULL) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- while (firstNumExt--) {
-
- firstExtension = *firstExtensions++;
- secondExtension = *secondExtensions++;
-
- PKIX_NULLCHECK_TWO(firstExtension, secondExtension);
-
- PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_ArenaZNew\n");
- firstDerBytes = PORT_ArenaZNew(arena, SECItem);
- if (firstDerBytes == NULL) {
- PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
- }
-
- PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_ArenaZNew\n");
- secondDerBytes = PORT_ArenaZNew(arena, SECItem);
- if (secondDerBytes == NULL) {
- PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
- }
-
- PKIX_CRLENTRY_DEBUG
- ("\t\tCalling SEC_ASN1EncodeItem\n");
- firstResultSecItem = SEC_ASN1EncodeItem
- (arena,
- firstDerBytes,
- firstExtension,
- CERT_CertExtensionTemplate);
-
- if (firstResultSecItem == NULL){
- PKIX_ERROR(PKIX_SECASN1ENCODEITEMFAILED);
- }
-
- PKIX_CRLENTRY_DEBUG
- ("\t\tCalling SEC_ASN1EncodeItem\n");
- secondResultSecItem = SEC_ASN1EncodeItem
- (arena,
- secondDerBytes,
- secondExtension,
- CERT_CertExtensionTemplate);
-
- if (secondResultSecItem == NULL){
- PKIX_ERROR(PKIX_SECASN1ENCODEITEMFAILED);
- }
-
- PKIX_CRLENTRY_DEBUG("\t\tCalling SECITEM_CompareItem\n");
- secResult = SECITEM_CompareItem
- (firstResultSecItem, secondResultSecItem);
-
- if (secResult != SECEqual) {
- cmpResult = PKIX_FALSE;
- break;
- }
-
- }
-
- *pResult = cmpResult;
-
-cleanup:
-
- if (arena){
- /* Note that freeing the arena also frees derBytes */
- PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_FreeArena\n");
- PORT_FreeArena(arena, PR_FALSE);
- arena = NULL;
- }
-
- PKIX_RETURN(CRLENTRY);
-}
-
-/*
- * FUNCTION: pkix_pl_CRLEntry_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CRLEntry_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PL_CRLEntry *firstCrlEntry = NULL;
- PKIX_PL_CRLEntry *secondCrlEntry = NULL;
- PKIX_UInt32 secondType;
- PKIX_Boolean cmpResult = PKIX_FALSE;
-
- PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- /* test that firstObject is a CRLEntry */
- PKIX_CHECK(pkix_CheckType(firstObject, PKIX_CRLENTRY_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTCRLENTRY);
-
- firstCrlEntry = (PKIX_PL_CRLEntry *)firstObject;
- secondCrlEntry = (PKIX_PL_CRLEntry *)secondObject;
-
- PKIX_NULLCHECK_TWO
- (firstCrlEntry->nssCrlEntry, secondCrlEntry->nssCrlEntry);
-
- /*
- * Since we know firstObject is a CRLEntry, if both references are
- * identical, they must be equal
- */
- if (firstCrlEntry == secondCrlEntry){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If secondCrlEntry isn't a CRL Entry, we don't throw an error.
- * We simply return a Boolean result of FALSE
- */
- *pResult = PKIX_FALSE;
- PKIX_CHECK(PKIX_PL_Object_GetType
- ((PKIX_PL_Object *)secondCrlEntry, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
- if (secondType != PKIX_CRLENTRY_TYPE) goto cleanup;
-
- /* Compare userSerialNumber */
- PKIX_CRLENTRY_DEBUG("\t\tCalling SECITEM_CompareItem\n");
- if (SECITEM_CompareItem(
- &(((PKIX_PL_CRLEntry *)firstCrlEntry)->nssCrlEntry->serialNumber),
- &(((PKIX_PL_CRLEntry *)secondCrlEntry)->nssCrlEntry->serialNumber))
- != SECEqual) {
- *pResult = PKIX_FALSE;
- goto cleanup;
- }
-
- /* Compare revocationDate */
- PKIX_CRLENTRY_DEBUG("\t\tCalling SECITEM_CompareItem\n");
- if (SECITEM_CompareItem
- (&(((PKIX_PL_CRLEntry *)firstCrlEntry)->nssCrlEntry->
- revocationDate),
- &(((PKIX_PL_CRLEntry *)secondCrlEntry)->nssCrlEntry->
- revocationDate))
- != SECEqual) {
- *pResult = PKIX_FALSE;
- goto cleanup;
- }
-
- /* Compare Critical Extension List */
- PKIX_CHECK(pkix_pl_CRLEntry_Extensions_Equals
- (firstCrlEntry->nssCrlEntry->extensions,
- secondCrlEntry->nssCrlEntry->extensions,
- &cmpResult,
- plContext),
- PKIX_CRLENTRYEXTENSIONSEQUALSFAILED);
-
- if (cmpResult != PKIX_TRUE){
- *pResult = PKIX_FALSE;
- goto cleanup;
- }
-
- cmpResult = (firstCrlEntry->userReasonCode ==
- secondCrlEntry->userReasonCode);
-
- *pResult = cmpResult;
-
-cleanup:
-
- PKIX_RETURN(CRLENTRY);
-}
-
-/*
- * FUNCTION: pkix_pl_CRLEntry_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_CRLEntry_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_CRLEntry_RegisterSelf(void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_RegisterSelf");
-
- entry.description = "CRLEntry";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_CRLEntry);
- entry.destructor = pkix_pl_CRLEntry_Destroy;
- entry.equalsFunction = pkix_pl_CRLEntry_Equals;
- entry.hashcodeFunction = pkix_pl_CRLEntry_Hashcode;
- entry.toStringFunction = pkix_pl_CRLEntry_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
-
- systemClasses[PKIX_CRLENTRY_TYPE] = entry;
-
- PKIX_RETURN(CRLENTRY);
-}
-
-/*
- * FUNCTION: pkix_pl_CRLEntry_CreateEntry
- * DESCRIPTION:
- *
- * Creates a new CRLEntry using the CertCrlEntry pointed to by "nssCrlEntry"
- * and stores it at "pCrlEntry". Once created, a CRLEntry is immutable.
- *
- * revokedCertificates SEQUENCE OF SEQUENCE {
- * userCertificate CertificateSerialNumber,
- * revocationDate Time,
- * crlEntryExtensions Extensions OPTIONAL
- * -- if present, MUST be v2
- *
- * PARAMETERS:
- * "nssCrlEntry"
- * Address of CERTCrlEntry representing an NSS CRL entry.
- * Must be non-NULL.
- * "pCrlEntry"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLEntry Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CRLEntry_CreateEntry(
- CERTCrlEntry *nssCrlEntry, /* entry data to be created from */
- PKIX_PL_CRLEntry **pCrlEntry,
- void *plContext)
-{
- PKIX_PL_CRLEntry *crlEntry = NULL;
-
- PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_CreateEntry");
- PKIX_NULLCHECK_TWO(nssCrlEntry, pCrlEntry);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_CRLENTRY_TYPE,
- sizeof (PKIX_PL_CRLEntry),
- (PKIX_PL_Object **)&crlEntry,
- plContext),
- PKIX_COULDNOTCREATECRLENTRYOBJECT);
-
- crlEntry->nssCrlEntry = nssCrlEntry;
- crlEntry->serialNumber = NULL;
- crlEntry->critExtOids = NULL;
- crlEntry->userReasonCode = 0;
- crlEntry->userReasonCodeAbsent = PKIX_FALSE;
-
- *pCrlEntry = crlEntry;
-
-cleanup:
-
- PKIX_RETURN(CRLENTRY);
-}
-
-/*
- * FUNCTION: pkix_pl_CRLEntry_Create
- * DESCRIPTION:
- *
- * Creates a List of CRLEntries using the array of CERTCrlEntries pointed to
- * by "nssCrlEntries" and stores it at "pCrlEntryList". If "nssCrlEntries" is
- * NULL, this function stores an empty List at "pCrlEntryList".
- * }
- * PARAMETERS:
- * "nssCrlEntries"
- * Address of array of CERTCrlEntries representing NSS CRL entries.
- * Can be NULL if CRL has no NSS CRL entries.
- * "pCrlEntryList"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRLEntry Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_CRLEntry_Create(
- CERTCrlEntry **nssCrlEntries, /* head of entry list */
- PKIX_List **pCrlEntryList,
- void *plContext)
-{
- PKIX_List *entryList = NULL;
- PKIX_PL_CRLEntry *crlEntry = NULL;
- CERTCrlEntry **entries = NULL;
- SECItem serialNumberItem;
- PKIX_PL_BigInt *serialNumber;
- char *bytes = NULL;
- PKIX_UInt32 length;
-
- PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Create");
- PKIX_NULLCHECK_ONE(pCrlEntryList);
-
- entries = nssCrlEntries;
-
- PKIX_CHECK(PKIX_List_Create(&entryList, plContext),
- PKIX_LISTCREATEFAILED);
-
- if (entries) {
- while (*entries){
- PKIX_CHECK(pkix_pl_CRLEntry_CreateEntry
- (*entries, &crlEntry, plContext),
- PKIX_COULDNOTCREATECRLENTRYOBJECT);
-
- /* Get Serial Number */
- serialNumberItem = (*entries)->serialNumber;
- length = serialNumberItem.len;
- bytes = (char *)serialNumberItem.data;
-
- PKIX_CHECK(pkix_pl_BigInt_CreateWithBytes
- (bytes, length, &serialNumber, plContext),
- PKIX_BIGINTCREATEWITHBYTESFAILED);
-
- crlEntry->serialNumber = serialNumber;
- crlEntry->nssCrlEntry = *entries;
-
- PKIX_CHECK(PKIX_List_AppendItem
- (entryList, (PKIX_PL_Object *)crlEntry, plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_DECREF(crlEntry);
-
- entries++;
- }
- }
-
- *pCrlEntryList = entryList;
-
-cleanup:
- PKIX_DECREF(crlEntry);
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(entryList);
- }
-
- PKIX_RETURN(CRLENTRY);
-}
-
-/* --Public-CRLENTRY-Functions------------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_CRLEntry_GetCRLEntryReasonCode
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_CRLEntry_GetCRLEntryReasonCode (
- PKIX_PL_CRLEntry *crlEntry,
- PKIX_Int32 *pReason,
- void *plContext)
-{
- SECStatus status;
- CERTCRLEntryReasonCode nssReasonCode;
-
- PKIX_ENTER(CRLENTRY, "PKIX_PL_CRLEntry_GetCRLEntryReasonCode");
- PKIX_NULLCHECK_TWO(crlEntry, pReason);
-
- if (!crlEntry->userReasonCodeAbsent && crlEntry->userReasonCode == 0) {
-
- PKIX_OBJECT_LOCK(crlEntry);
-
- if (!crlEntry->userReasonCodeAbsent &&
- crlEntry->userReasonCode == 0) {
-
- /* reason code has not been cached in */
- PKIX_CRLENTRY_DEBUG("\t\tCERT_FindCRLEntryReasonExten.\n");
- status = CERT_FindCRLEntryReasonExten
- (crlEntry->nssCrlEntry, &nssReasonCode);
-
- if (status == SECSuccess) {
- crlEntry->userReasonCode = (PKIX_Int32) nssReasonCode;
- } else {
- crlEntry->userReasonCodeAbsent = PKIX_TRUE;
- }
- }
-
- PKIX_OBJECT_UNLOCK(crlEntry);
-
- }
-
- *pReason = crlEntry->userReasonCode;
-
-cleanup:
-
- PKIX_RETURN(CRLENTRY);
-}
-
-/*
- * FUNCTION: PKIX_PL_CRLEntry_GetCriticalExtensionOIDs
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_CRLEntry_GetCriticalExtensionOIDs (
- PKIX_PL_CRLEntry *crlEntry,
- PKIX_List **pList, /* list of PKIX_PL_OID */
- void *plContext)
-{
- PKIX_List *oidsList = NULL;
- CERTCertExtension **extensions;
-
- PKIX_ENTER(CRLENTRY, "PKIX_PL_CRLEntry_GetCriticalExtensionOIDs");
- PKIX_NULLCHECK_THREE(crlEntry, crlEntry->nssCrlEntry, pList);
-
- /* if we don't have a cached copy from before, we create one */
- if (crlEntry->critExtOids == NULL) {
-
- PKIX_OBJECT_LOCK(crlEntry);
-
- if (crlEntry->critExtOids == NULL) {
-
- extensions = crlEntry->nssCrlEntry->extensions;
-
- PKIX_CHECK(pkix_pl_OID_GetCriticalExtensionOIDs
- (extensions, &oidsList, plContext),
- PKIX_GETCRITICALEXTENSIONOIDSFAILED);
-
- crlEntry->critExtOids = oidsList;
- }
-
- PKIX_OBJECT_UNLOCK(crlEntry);
-
- }
-
- /* We should return a copy of the List since this list changes */
- PKIX_DUPLICATE(crlEntry->critExtOids, pList, plContext,
- PKIX_OBJECTDUPLICATELISTFAILED);
-
-cleanup:
-
- PKIX_RETURN(CRLENTRY);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.h
deleted file mode 100644
index 7f66acc2a..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_crlentry.h
- *
- * CRL Entry Type Object Definitions
- *
- */
-
-#ifndef _PKIX_PL_CRLENTRY_H
-#define _PKIX_PL_CRLENTRY_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define PKIX_PL_CRL_REASONCODE_NOTSET (-1)
-
-struct PKIX_PL_CRLEntryStruct {
- CERTCrlEntry *nssCrlEntry;
- PKIX_PL_BigInt *serialNumber;
- PKIX_List *critExtOids;
- PKIX_Int32 userReasonCode;
- PKIX_Boolean userReasonCodeAbsent;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_pl_CRLEntry_RegisterSelf(void *plContext);
-
-/* following functions are called by CRL only hence not public */
-
-PKIX_Error *
-pkix_pl_CRLEntry_Create(
- CERTCrlEntry **nssCrlEntry, /* head of entry list */
- PKIX_List **pCrlEntryList,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_CRLENTRY_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_date.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_date.c
deleted file mode 100644
index 2d9a61723..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_date.c
+++ /dev/null
@@ -1,499 +0,0 @@
- /* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_date.c
- *
- * Date Object Definitions
- *
- */
-
-#include "pkix_pl_date.h"
-
-/* --Private-Date-Functions------------------------------------- */
-/*
- * FUNCTION: pkix_pl_Date_GetPRTime
- * DESCRIPTION:
- *
- * Translates into a PRTime the Date embodied by the Date object pointed to
- * by "date", and stores it at "pPRTime".
- *
- * PARAMETERS
- * "date"
- * Address of Date whose PRTime representation is desired. Must be
- * non-NULL.
- * "pPRTime"
- * Address where PRTime value will be stored. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Date Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_Date_GetPRTime(
- PKIX_PL_Date *date,
- PRTime *pPRTime,
- void *plContext)
-{
- PKIX_ENTER(DATE, "PKIX_PL_Date_GetPRTime");
- PKIX_NULLCHECK_TWO(date, pPRTime);
-
- *pPRTime = date->nssTime;
-
- PKIX_RETURN(DATE);
-}
-
-/*
- * FUNCTION: pkix_pl_Date_CreateFromPRTime
- * DESCRIPTION:
- *
- * Creates a new Date from the PRTime whose value is "prtime", and stores the
- * result at "pDate".
- *
- * PARAMETERS
- * "prtime"
- * The PRTime value to be embodied in the new Date object.
- * "pDate"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Date Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_Date_CreateFromPRTime(
- PRTime prtime,
- PKIX_PL_Date **pDate,
- void *plContext)
-{
- PKIX_PL_Date *date = NULL;
-
- PKIX_ENTER(DATE, "PKIX_PL_Date_CreateFromPRTime");
- PKIX_NULLCHECK_ONE(pDate);
-
- /* create a PKIX_PL_Date object */
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_DATE_TYPE,
- sizeof (PKIX_PL_Date),
- (PKIX_PL_Object **)&date,
- plContext),
- PKIX_COULDNOTCREATEOBJECT);
- /* populate the nssTime field */
- date->nssTime = prtime;
- *pDate = date;
-cleanup:
- PKIX_RETURN(DATE);
-}
-
-/*
- * FUNCTION: pkix_pl_Date_ToString_Helper
- * DESCRIPTION:
- *
- * Helper function that creates a string representation of the SECItem pointed
- * to by "nssTime" (which represents a date) and stores it at "pString".
- *
- * PARAMETERS
- * "nssTime"
- * Address of SECItem whose string representation is desired.
- * Must be non-NULL.
- * "pString"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Date Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_Date_ToString_Helper(
- SECItem *nssTime,
- PKIX_PL_String **pString,
- void *plContext)
-{
- char *asciiDate = NULL;
-
- PKIX_ENTER(DATE, "pkix_pl_Date_ToString_Helper");
- PKIX_NULLCHECK_TWO(nssTime, pString);
-
- switch (nssTime->type) {
- case siUTCTime:
- PKIX_PL_NSSCALLRV
- (DATE, asciiDate, DER_UTCDayToAscii, (nssTime));
- if (!asciiDate){
- PKIX_ERROR(PKIX_DERUTCTIMETOASCIIFAILED);
- }
- break;
- case siGeneralizedTime:
- /*
- * we don't currently have any way to create GeneralizedTime.
- * this code is only here so that it will be in place when
- * we do have the capability to create GeneralizedTime.
- */
- PKIX_PL_NSSCALLRV
- (DATE, asciiDate, DER_GeneralizedDayToAscii, (nssTime));
- if (!asciiDate){
- PKIX_ERROR(PKIX_DERGENERALIZEDDAYTOASCIIFAILED);
- }
- break;
- default:
- PKIX_ERROR(PKIX_UNRECOGNIZEDTIMETYPE);
- }
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, asciiDate, 0, pString, plContext),
- PKIX_STRINGCREATEFAILED);
-
-cleanup:
- PR_Free(asciiDate);
-
- PKIX_RETURN(DATE);
-}
-
-
-/*
- * FUNCTION: pkix_pl_Date_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_Date_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_ENTER(DATE, "pkix_pl_Date_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_DATE_TYPE, plContext),
- PKIX_OBJECTNOTDATE);
-cleanup:
- PKIX_RETURN(DATE);
-}
-
-/*
- * FUNCTION: pkix_pl_Date_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_Date_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_Date *date = NULL;
- SECItem nssTime = {siBuffer, NULL, 0};
- SECStatus rv;
-
- PKIX_ENTER(DATE, "pkix_pl_Date_toString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_DATE_TYPE, plContext),
- PKIX_OBJECTNOTDATE);
-
- date = (PKIX_PL_Date *)object;
- rv = DER_EncodeTimeChoice(NULL, &nssTime, date->nssTime);
- if (rv == SECFailure) {
- PKIX_ERROR(PKIX_DERENCODETIMECHOICEFAILED);
- }
- PKIX_CHECK(pkix_pl_Date_ToString_Helper
- (&nssTime, pString, plContext),
- PKIX_DATETOSTRINGHELPERFAILED);
-cleanup:
- if (nssTime.data) {
- SECITEM_FreeItem(&nssTime, PR_FALSE);
- }
-
- PKIX_RETURN(DATE);
-}
-
-/*
- * FUNCTION: pkix_pl_Date_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_Date_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_PL_Date *date = NULL;
- PKIX_UInt32 dateHash;
-
- PKIX_ENTER(DATE, "pkix_pl_Date_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_DATE_TYPE, plContext),
- PKIX_OBJECTNOTDATE);
-
- date = (PKIX_PL_Date *)object;
-
- PKIX_CHECK(pkix_hash
- ((const unsigned char *)&date->nssTime,
- sizeof(date->nssTime),
- &dateHash,
- plContext),
- PKIX_HASHFAILED);
-
- *pHashcode = dateHash;
-
-cleanup:
-
- PKIX_RETURN(DATE);
-
-}
-
-/*
- * FUNCTION: pkix_pl_Date_Comparator
- * (see comments for PKIX_PL_ComparatorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_Date_Comparator(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Int32 *pResult,
- void *plContext)
-{
- PRTime firstTime;
- PRTime secondTime;
- SECComparison cmpResult;
-
- PKIX_ENTER(DATE, "pkix_pl_Date_Comparator");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- PKIX_CHECK(pkix_CheckTypes
- (firstObject, secondObject, PKIX_DATE_TYPE, plContext),
- PKIX_ARGUMENTSNOTDATES);
-
- firstTime = ((PKIX_PL_Date *)firstObject)->nssTime;
- secondTime = ((PKIX_PL_Date *)secondObject)->nssTime;
-
- if (firstTime == secondTime)
- cmpResult = SECEqual;
- else if (firstTime < secondTime)
- cmpResult = SECLessThan;
- else
- cmpResult = SECGreaterThan;
-
- *pResult = cmpResult;
-
-cleanup:
-
- PKIX_RETURN(DATE);
-}
-
-/*
- * FUNCTION: pkix_pl_Date_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_Date_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_ENTER(DATE, "pkix_pl_Date_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- /* test that firstObject is a Date */
- PKIX_CHECK(pkix_CheckType(firstObject, PKIX_DATE_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTDATE);
-
- /*
- * Since we know firstObject is a Date, if both references are
- * identical, they must be equal
- */
- if (firstObject == secondObject){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- *pResult = PKIX_FALSE;
- pkixErrorResult =
- pkix_pl_Date_Comparator(firstObject, secondObject,
- pResult, plContext);
- if (pkixErrorResult) {
- PKIX_DECREF(pkixErrorResult);
- }
-
-cleanup:
-
- PKIX_RETURN(DATE);
-}
-
-/*
- * FUNCTION: pkix_pl_Date_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_DATE_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_Date_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry* entry = &systemClasses[PKIX_DATE_TYPE];
-
- PKIX_ENTER(CRLCHECKER, "pkix_CrlDp_RegisterSelf");
-
- entry->description = "Date";
- entry->typeObjectSize = sizeof(PKIX_PL_Date);
- entry->destructor = pkix_pl_Date_Destroy;
- entry->equalsFunction = pkix_pl_Date_Equals;
- entry->hashcodeFunction = pkix_pl_Date_Hashcode;
- entry->toStringFunction = pkix_pl_Date_ToString;
- entry->comparator = pkix_pl_Date_Comparator;
- entry->duplicateFunction = pkix_duplicateImmutable;
-
- PKIX_RETURN(DATE);
-}
-
-/* --Public-Functions------------------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_Date_Create_UTCTime (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Date_Create_UTCTime(
- PKIX_PL_String *stringRep,
- PKIX_PL_Date **pDate,
- void *plContext)
-{
- PKIX_PL_Date *date = NULL;
- char *asciiString = NULL;
- PKIX_UInt32 escAsciiLength;
- SECStatus rv;
- PRTime time;
-
- PKIX_ENTER(DATE, "PKIX_PL_Date_Create_UTCTime");
- PKIX_NULLCHECK_ONE(pDate);
-
- if (stringRep == NULL){
- PKIX_DATE_DEBUG("\t\tCalling PR_Now).\n");
- time = PR_Now();
- } else {
- /* convert the input PKIX_PL_String to PKIX_ESCASCII */
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (stringRep,
- PKIX_ESCASCII,
- (void **)&asciiString,
- &escAsciiLength,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
-
- PKIX_DATE_DEBUG("\t\tCalling DER_AsciiToTime).\n");
- /* DER_AsciiToTime only supports UTCTime (2-digit years) */
- rv = DER_AsciiToTime(&time, asciiString);
- if (rv != SECSuccess){
- PKIX_ERROR(PKIX_DERASCIITOTIMEFAILED);
- }
- }
-
- /* create a PKIX_PL_Date object */
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_DATE_TYPE,
- sizeof (PKIX_PL_Date),
- (PKIX_PL_Object **)&date,
- plContext),
- PKIX_COULDNOTCREATEOBJECT);
-
- /* populate the nssTime field */
- date->nssTime = time;
- *pDate = date;
-
-cleanup:
- PKIX_FREE(asciiString);
-
- PKIX_RETURN(DATE);
-}
-
-/*
- * FUNCTION: PKIX_PL_Date_Create_CurrentOffBySeconds
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_Date_Create_CurrentOffBySeconds(
- PKIX_Int32 secondsOffset,
- PKIX_PL_Date **pDate,
- void *plContext)
-{
- PKIX_PL_Date *date = NULL;
- PRTime time;
-
- PKIX_ENTER(DATE, "PKIX_PL_Date_Create_CurrentOffBySeconds");
- PKIX_NULLCHECK_ONE(pDate);
-
- time = PR_Now() + PR_SecondsToInterval(secondsOffset);
- /* create a PKIX_PL_Date object */
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_DATE_TYPE,
- sizeof (PKIX_PL_Date),
- (PKIX_PL_Object **)&date,
- plContext),
- PKIX_COULDNOTCREATEOBJECT);
-
- /* populate the nssTime field */
- date->nssTime = time;
- *pDate = date;
-
-cleanup:
- PKIX_RETURN(DATE);
-}
-
-PKIX_Error *
-PKIX_PL_Date_CreateFromPRTime(
- PRTime prtime,
- PKIX_PL_Date **pDate,
- void *plContext)
-{
- PKIX_ENTER(DATE, "PKIX_PL_Date_CreateFromPRTime");
- PKIX_CHECK(
- pkix_pl_Date_CreateFromPRTime(prtime, pDate, plContext),
- PKIX_DATECREATEFROMPRTIMEFAILED);
-
-cleanup:
- PKIX_RETURN(DATE);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_date.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_date.h
deleted file mode 100644
index feb49dcfb..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_date.h
+++ /dev/null
@@ -1,88 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_date.h
- *
- * Date Object Definitions
- *
- */
-
-#ifndef _PKIX_PL_DATE_H
-#define _PKIX_PL_DATE_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_DateStruct{
- PRTime nssTime;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_pl_Date_ToString_Helper(
- SECItem *nssTime,
- PKIX_PL_String **pString,
- void *plContext);
-
-PKIX_Error *pkix_pl_Date_RegisterSelf(void *plContext);
-
-PKIX_Error *
-pkix_pl_Date_GetPRTime(
- PKIX_PL_Date *date,
- PRTime *pPRTime,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_Date_CreateFromPRTime(
- PRTime prtime,
- PKIX_PL_Date **pDate,
- void *plContext);
-
-PKIX_Error *
-PKIX_PL_Date_CreateFromPRTime(
- PRTime prtime,
- PKIX_PL_Date **pDate,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_DATE_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_generalname.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_generalname.c
deleted file mode 100644
index b4f74541e..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_generalname.c
+++ /dev/null
@@ -1,906 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_generalname.c
- *
- * GeneralName Object Definitions
- *
- */
-
-#include "pkix_pl_generalname.h"
-
-/* --Private-GeneralName-Functions------------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_GeneralName_GetNssGeneralName
- * DESCRIPTION:
- *
- * Retrieves the NSS representation of the PKIX_PL_GeneralName pointed by
- * "genName" and stores it at "pNssGenName". The NSS data type CERTGeneralName
- * is stored in this object when the object was created.
- *
- * PARAMETERS:
- * "genName"
- * Address of PKIX_PL_GeneralName. Must be non-NULL.
- * "pNssGenName"
- * Address where CERTGeneralName will be stored. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a GeneralName Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_GeneralName_GetNssGeneralName(
- PKIX_PL_GeneralName *genName,
- CERTGeneralName **pNssGenName,
- void *plContext)
-{
- CERTGeneralName *nssGenName = NULL;
-
- PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_GetNssGeneralName");
- PKIX_NULLCHECK_THREE(genName, pNssGenName, genName->nssGeneralNameList);
-
- nssGenName = genName->nssGeneralNameList->name;
-
- *pNssGenName = nssGenName;
-
- PKIX_RETURN(GENERALNAME);
-}
-
-/*
- * FUNCTION: pkix_pl_OtherName_Create
- * DESCRIPTION:
- *
- * Creates new OtherName which represents the CERTGeneralName pointed to by
- * "nssAltName" and stores it at "pOtherName".
- *
- * PARAMETERS:
- * "nssAltName"
- * Address of CERTGeneralName. Must be non-NULL.
- * "pOtherName"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a GeneralName Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_OtherName_Create(
- CERTGeneralName *nssAltName,
- OtherName **pOtherName,
- void *plContext)
-{
- OtherName *otherName = NULL;
- SECItem secItemName;
- SECItem secItemOID;
- SECStatus rv;
-
- PKIX_ENTER(GENERALNAME, "pkix_pl_OtherName_Create");
- PKIX_NULLCHECK_TWO(nssAltName, pOtherName);
-
- PKIX_CHECK(PKIX_PL_Malloc
- (sizeof (OtherName), (void **)&otherName, plContext),
- PKIX_MALLOCFAILED);
-
- /* make a copy of the name field */
- PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_CopyItem).\n");
- rv = SECITEM_CopyItem
- (NULL, &otherName->name, &nssAltName->name.OthName.name);
- if (rv != SECSuccess) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- /* make a copy of the oid field */
- PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_CopyItem).\n");
- rv = SECITEM_CopyItem
- (NULL, &otherName->oid, &nssAltName->name.OthName.oid);
- if (rv != SECSuccess) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- *pOtherName = otherName;
-
-cleanup:
-
- if (otherName && PKIX_ERROR_RECEIVED){
- secItemName = otherName->name;
- secItemOID = otherName->oid;
-
- PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_FreeItem).\n");
- SECITEM_FreeItem(&secItemName, PR_FALSE);
-
- PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_FreeItem).\n");
- SECITEM_FreeItem(&secItemOID, PR_FALSE);
-
- PKIX_FREE(otherName);
- otherName = NULL;
- }
-
- PKIX_RETURN(GENERALNAME);
-}
-
-/*
- * FUNCTION: pkix_pl_DirectoryName_Create
- * DESCRIPTION:
- *
- * Creates a new X500Name which represents the directoryName component of the
- * CERTGeneralName pointed to by "nssAltName" and stores it at "pX500Name".
- *
- * PARAMETERS:
- * "nssAltName"
- * Address of CERTGeneralName. Must be non-NULL.
- * "pX500Name"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a GeneralName Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_DirectoryName_Create(
- CERTGeneralName *nssAltName,
- PKIX_PL_X500Name **pX500Name,
- void *plContext)
-{
- PKIX_PL_X500Name *pkixDN = NULL;
- CERTName *dirName = NULL;
- PKIX_PL_String *pkixDNString = NULL;
- char *utf8String = NULL;
-
- PKIX_ENTER(GENERALNAME, "pkix_pl_DirectoryName_Create");
- PKIX_NULLCHECK_TWO(nssAltName, pX500Name);
-
- dirName = &nssAltName->name.directoryName;
-
- PKIX_CHECK(PKIX_PL_X500Name_CreateFromCERTName(NULL, dirName,
- &pkixDN, plContext),
- PKIX_X500NAMECREATEFROMCERTNAMEFAILED);
-
- *pX500Name = pkixDN;
-
-cleanup:
-
- PR_Free(utf8String);
- PKIX_DECREF(pkixDNString);
-
- PKIX_RETURN(GENERALNAME);
-}
-
-/*
- * FUNCTION: pkix_pl_GeneralName_Create
- * DESCRIPTION:
- *
- * Creates new GeneralName which represents the CERTGeneralName pointed to by
- * "nssAltName" and stores it at "pGenName".
- *
- * PARAMETERS:
- * "nssAltName"
- * Address of CERTGeneralName. Must be non-NULL.
- * "pGenName"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a GeneralName Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_GeneralName_Create(
- CERTGeneralName *nssAltName,
- PKIX_PL_GeneralName **pGenName,
- void *plContext)
-{
- PKIX_PL_GeneralName *genName = NULL;
- PKIX_PL_X500Name *pkixDN = NULL;
- PKIX_PL_OID *pkixOID = NULL;
- OtherName *otherName = NULL;
- CERTGeneralNameList *nssGenNameList = NULL;
- CERTGeneralNameType nameType;
-
- PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_Create");
- PKIX_NULLCHECK_TWO(nssAltName, pGenName);
-
- /* create a PKIX_PL_GeneralName object */
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_GENERALNAME_TYPE,
- sizeof (PKIX_PL_GeneralName),
- (PKIX_PL_Object **)&genName,
- plContext),
- PKIX_COULDNOTCREATEOBJECT);
-
- nameType = nssAltName->type;
-
- /*
- * We use CERT_CreateGeneralNameList to create just one CERTGeneralName
- * item for memory allocation reason. If we want to just create one
- * item, we have to use the calling path CERT_NewGeneralName, then
- * CERT_CopyOneGeneralName. With this calling path, if we pass
- * the arena argument as NULL, in CERT_CopyOneGeneralName's subsequent
- * call to CERT_CopyName, it assumes arena should be valid, hence
- * segmentation error (not sure this is a NSS bug, certainly it is
- * not consistent). But on the other hand, we don't want to keep an
- * arena record here explicitely for every PKIX_PL_GeneralName.
- * So I concluded it is better to use CERT_CreateGeneralNameList,
- * which keeps an arena pointer in its data structure and also masks
- * out details calls from this libpkix level.
- */
-
- PKIX_GENERALNAME_DEBUG("\t\tCalling CERT_CreateGeneralNameList).\n");
- nssGenNameList = CERT_CreateGeneralNameList(nssAltName);
-
- if (nssGenNameList == NULL) {
- PKIX_ERROR(PKIX_CERTCREATEGENERALNAMELISTFAILED);
- }
-
- genName->nssGeneralNameList = nssGenNameList;
-
- /* initialize fields */
- genName->type = nameType;
- genName->directoryName = NULL;
- genName->OthName = NULL;
- genName->other = NULL;
- genName->oid = NULL;
-
- switch (nameType){
- case certOtherName:
-
- PKIX_CHECK(pkix_pl_OtherName_Create
- (nssAltName, &otherName, plContext),
- PKIX_OTHERNAMECREATEFAILED);
-
- genName->OthName = otherName;
- break;
-
- case certDirectoryName:
-
- PKIX_CHECK(pkix_pl_DirectoryName_Create
- (nssAltName, &pkixDN, plContext),
- PKIX_DIRECTORYNAMECREATEFAILED);
-
- genName->directoryName = pkixDN;
- break;
- case certRegisterID:
- PKIX_CHECK(PKIX_PL_OID_CreateBySECItem(&nssAltName->name.other,
- &pkixOID, plContext),
- PKIX_OIDCREATEFAILED);
-
- genName->oid = pkixOID;
- break;
- case certDNSName:
- case certEDIPartyName:
- case certIPAddress:
- case certRFC822Name:
- case certX400Address:
- case certURI:
- genName->other = SECITEM_DupItem(&nssAltName->name.other);
- if (!genName->other) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
- break;
- default:
- PKIX_ERROR(PKIX_NAMETYPENOTSUPPORTED);
- }
-
- *pGenName = genName;
- genName = NULL;
-
-cleanup:
- PKIX_DECREF(genName);
-
- PKIX_RETURN(GENERALNAME);
-}
-
-/*
- * FUNCTION: pkix_pl_GeneralName_ToString_Helper
- * DESCRIPTION:
- *
- * Helper function that creates a string representation of the GeneralName
- * pointed to by "name" and stores it at "pString" Different mechanisms are
- * used to create the string, depending on the type of the GeneralName.
- *
- * PARAMETERS
- * "name"
- * Address of GeneralName whose string representation is desired.
- * Must be non-NULL.
- * "pString"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a GeneralName Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_GeneralName_ToString_Helper(
- PKIX_PL_GeneralName *name,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_X500Name *pkixDN = NULL;
- PKIX_PL_OID *pkixOID = NULL;
- char *x400AsciiName = NULL;
- char *ediPartyName = NULL;
- char *asciiName = NULL;
-
- PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_ToString_Helper");
- PKIX_NULLCHECK_TWO(name, pString);
-
- switch (name->type) {
- case certRFC822Name:
- case certDNSName:
- case certURI:
- /*
- * Note that we can't use PKIX_ESCASCII here because
- * name->other->data is not guaranteed to be null-terminated.
- */
-
- PKIX_NULLCHECK_ONE(name->other);
-
- PKIX_CHECK(PKIX_PL_String_Create(PKIX_UTF8,
- (name->other)->data,
- (name->other)->len,
- pString,
- plContext),
- PKIX_STRINGCREATEFAILED);
- break;
- case certEDIPartyName:
- /* XXX print out the actual bytes */
- ediPartyName = "EDIPartyName: <DER-encoded value>";
- PKIX_CHECK(PKIX_PL_String_Create(PKIX_ESCASCII,
- ediPartyName,
- 0,
- pString,
- plContext),
- PKIX_STRINGCREATEFAILED);
- break;
- case certX400Address:
- /* XXX print out the actual bytes */
- x400AsciiName = "X400Address: <DER-encoded value>";
- PKIX_CHECK(PKIX_PL_String_Create(PKIX_ESCASCII,
- x400AsciiName,
- 0,
- pString,
- plContext),
- PKIX_STRINGCREATEFAILED);
- break;
- case certIPAddress:
- PKIX_CHECK(pkix_pl_ipAddrBytes2Ascii
- (name->other, &asciiName, plContext),
- PKIX_IPADDRBYTES2ASCIIFAILED);
-
- PKIX_CHECK(PKIX_PL_String_Create(PKIX_ESCASCII,
- asciiName,
- 0,
- pString,
- plContext),
- PKIX_STRINGCREATEFAILED);
- break;
- case certOtherName:
- PKIX_NULLCHECK_ONE(name->OthName);
-
- /* we only print type-id - don't know how to print value */
- /* XXX print out the bytes of the value */
- PKIX_CHECK(pkix_pl_oidBytes2Ascii
- (&name->OthName->oid, &asciiName, plContext),
- PKIX_OIDBYTES2ASCIIFAILED);
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- asciiName,
- 0,
- pString,
- plContext),
- PKIX_STRINGCREATEFAILED);
- break;
- case certRegisterID:
- pkixOID = name->oid;
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)pkixOID, pString, plContext),
- PKIX_OIDTOSTRINGFAILED);
- break;
- case certDirectoryName:
- pkixDN = name->directoryName;
- PKIX_CHECK(PKIX_PL_Object_ToString
- ((PKIX_PL_Object *)pkixDN, pString, plContext),
- PKIX_X500NAMETOSTRINGFAILED);
- break;
- default:
- PKIX_ERROR
- (PKIX_TOSTRINGFORTHISGENERALNAMETYPENOTSUPPORTED);
- }
-
-cleanup:
-
- PKIX_FREE(asciiName);
-
- PKIX_RETURN(GENERALNAME);
-}
-
-/*
- * FUNCTION: pkix_pl_GeneralName_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_GeneralName_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_GeneralName *name = NULL;
- SECItem secItemName;
- SECItem secItemOID;
-
- PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_GENERALNAME_TYPE, plContext),
- PKIX_OBJECTNOTGENERALNAME);
-
- name = (PKIX_PL_GeneralName *)object;
-
- PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_FreeItem).\n");
- SECITEM_FreeItem(name->other, PR_TRUE);
- name->other = NULL;
-
- if (name->OthName){
- secItemName = name->OthName->name;
- secItemOID = name->OthName->oid;
-
- PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_FreeItem).\n");
- SECITEM_FreeItem(&secItemName, PR_FALSE);
-
- PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_FreeItem).\n");
- SECITEM_FreeItem(&secItemOID, PR_FALSE);
-
- PKIX_FREE(name->OthName);
- name->OthName = NULL;
- }
-
- if (name->nssGeneralNameList != NULL) {
- PKIX_GENERALNAME_DEBUG
- ("\t\tCalling CERT_DestroyGeneralNameList).\n");
- CERT_DestroyGeneralNameList(name->nssGeneralNameList);
- }
-
- PKIX_DECREF(name->directoryName);
- PKIX_DECREF(name->oid);
-
-cleanup:
-
- PKIX_RETURN(GENERALNAME);
-}
-
-/*
- * FUNCTION: pkix_pl_GeneralName_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_GeneralName_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_String *nameString = NULL;
- PKIX_PL_GeneralName *name = NULL;
-
- PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_toString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_GENERALNAME_TYPE, plContext),
- PKIX_OBJECTNOTGENERALNAME);
-
- name = (PKIX_PL_GeneralName *)object;
-
- PKIX_CHECK(pkix_pl_GeneralName_ToString_Helper
- (name, &nameString, plContext),
- PKIX_GENERALNAMETOSTRINGHELPERFAILED);
-
- *pString = nameString;
-
-cleanup:
-
-
-
- PKIX_RETURN(GENERALNAME);
-}
-
-/*
- * FUNCTION: pkix_pl_GeneralName_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_GeneralName_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_PL_GeneralName *name = NULL;
- PKIX_UInt32 firstHash, secondHash, nameHash;
-
- PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_GENERALNAME_TYPE, plContext),
- PKIX_OBJECTNOTGENERALNAME);
-
- name = (PKIX_PL_GeneralName *)object;
-
- switch (name->type) {
- case certRFC822Name:
- case certDNSName:
- case certX400Address:
- case certEDIPartyName:
- case certURI:
- case certIPAddress:
- PKIX_NULLCHECK_ONE(name->other);
- PKIX_CHECK(pkix_hash
- ((const unsigned char *)
- name->other->data,
- name->other->len,
- &nameHash,
- plContext),
- PKIX_HASHFAILED);
- break;
- case certRegisterID:
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *)name->oid,
- &nameHash,
- plContext),
- PKIX_OIDHASHCODEFAILED);
- break;
- case certOtherName:
- PKIX_NULLCHECK_ONE(name->OthName);
- PKIX_CHECK(pkix_hash
- ((const unsigned char *)
- name->OthName->oid.data,
- name->OthName->oid.len,
- &firstHash,
- plContext),
- PKIX_HASHFAILED);
-
- PKIX_CHECK(pkix_hash
- ((const unsigned char *)
- name->OthName->name.data,
- name->OthName->name.len,
- &secondHash,
- plContext),
- PKIX_HASHFAILED);
-
- nameHash = firstHash + secondHash;
- break;
- case certDirectoryName:
- PKIX_CHECK(PKIX_PL_Object_Hashcode
- ((PKIX_PL_Object *)
- name->directoryName,
- &nameHash,
- plContext),
- PKIX_X500NAMEHASHCODEFAILED);
- break;
- }
-
- *pHashcode = nameHash;
-
-cleanup:
-
- PKIX_RETURN(GENERALNAME);
-
-}
-
-/*
- * FUNCTION: pkix_pl_GeneralName_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_GeneralName_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PL_GeneralName *firstName = NULL;
- PKIX_PL_GeneralName *secondName = NULL;
- PKIX_UInt32 secondType;
-
- PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- /* test that firstObject is a GeneralName */
- PKIX_CHECK(pkix_CheckType
- (firstObject, PKIX_GENERALNAME_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTGENERALNAME);
-
- /*
- * Since we know firstObject is a GeneralName, if both references are
- * identical, they must be equal
- */
- if (firstObject == secondObject){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If secondObject isn't a GeneralName, we don't throw an error.
- * We simply return a Boolean result of FALSE
- */
- *pResult = PKIX_FALSE;
- PKIX_CHECK(PKIX_PL_Object_GetType
- (secondObject, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
- if (secondType != PKIX_GENERALNAME_TYPE){
- goto cleanup;
- }
-
- firstName = (PKIX_PL_GeneralName *)firstObject;
- secondName = (PKIX_PL_GeneralName *)secondObject;
-
- if (firstName->type != secondName->type){
- goto cleanup;
- }
-
- switch (firstName->type) {
- case certRFC822Name:
- case certDNSName:
- case certX400Address:
- case certEDIPartyName:
- case certURI:
- case certIPAddress:
- PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_CompareItem).\n");
- if (SECITEM_CompareItem(firstName->other,
- secondName->other) != SECEqual) {
- goto cleanup;
- }
- break;
- case certRegisterID:
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)firstName->oid,
- (PKIX_PL_Object *)secondName->oid,
- pResult,
- plContext),
- PKIX_OIDEQUALSFAILED);
- goto cleanup;
- case certOtherName:
- PKIX_NULLCHECK_TWO(firstName->OthName, secondName->OthName);
- PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_CompareItem).\n");
- if (SECITEM_CompareItem(&firstName->OthName->oid,
- &secondName->OthName->oid)
- != SECEqual ||
- SECITEM_CompareItem(&firstName->OthName->name,
- &secondName->OthName->name)
- != SECEqual) {
- goto cleanup;
- }
- break;
- case certDirectoryName:
- PKIX_CHECK(PKIX_PL_Object_Equals
- ((PKIX_PL_Object *)firstName->directoryName,
- (PKIX_PL_Object *)secondName->directoryName,
- pResult,
- plContext),
- PKIX_X500NAMEEQUALSFAILED);
- goto cleanup;
- }
-
- *pResult = PKIX_TRUE;
-
-cleanup:
-
- PKIX_RETURN(GENERALNAME);
-}
-
-/*
- * FUNCTION: pkix_pl_GeneralName_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_GENERALNAME_TYPE and related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_GeneralName_RegisterSelf(void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_RegisterSelf");
-
- entry.description = "GeneralName";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_GeneralName);
- entry.destructor = pkix_pl_GeneralName_Destroy;
- entry.equalsFunction = pkix_pl_GeneralName_Equals;
- entry.hashcodeFunction = pkix_pl_GeneralName_Hashcode;
- entry.toStringFunction = pkix_pl_GeneralName_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
-
- systemClasses[PKIX_GENERALNAME_TYPE] = entry;
-
- PKIX_RETURN(GENERALNAME);
-}
-
-/* --Public-Functions------------------------------------------------------- */
-
-#ifdef BUILD_LIBPKIX_TESTS
-/*
- * FUNCTION: PKIX_PL_GeneralName_Create (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_GeneralName_Create(
- PKIX_UInt32 nameType,
- PKIX_PL_String *stringRep,
- PKIX_PL_GeneralName **pGName,
- void *plContext)
-{
- PKIX_PL_X500Name *pkixDN = NULL;
- PKIX_PL_OID *pkixOID = NULL;
- SECItem *secItem = NULL;
- char *asciiString = NULL;
- PKIX_UInt32 length = 0;
- PKIX_PL_GeneralName *genName = NULL;
- CERTGeneralName *nssGenName = NULL;
- CERTGeneralNameList *nssGenNameList = NULL;
- CERTName *nssCertName = NULL;
- PLArenaPool *arena = NULL;
-
- PKIX_ENTER(GENERALNAME, "PKIX_PL_GeneralName_Create");
- PKIX_NULLCHECK_TWO(pGName, stringRep);
-
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (stringRep,
- PKIX_ESCASCII,
- (void **)&asciiString,
- &length,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
-
- /* Create a temporary CERTGeneralName */
- PKIX_GENERALNAME_DEBUG("\t\tCalling PL_strlen).\n");
- length = PL_strlen(asciiString);
- PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_AllocItem).\n");
- secItem = SECITEM_AllocItem(NULL, NULL, length);
- PKIX_GENERALNAME_DEBUG("\t\tCalling PORT_Memcpy).\n");
- (void) PORT_Memcpy(secItem->data, asciiString, length);
- PKIX_CERT_DEBUG("\t\tCalling PORT_NewArena).\n");
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
- PKIX_GENERALNAME_DEBUG("\t\tCalling CERT_NewGeneralName).\n");
- nssGenName = CERT_NewGeneralName(arena, nameType);
- if (nssGenName == NULL) {
- PKIX_ERROR(PKIX_ALLOCATENEWCERTGENERALNAMEFAILED);
- }
-
- switch (nameType) {
- case certRFC822Name:
- case certDNSName:
- case certURI:
- nssGenName->name.other = *secItem;
- break;
-
- case certDirectoryName:
-
- PKIX_CHECK(PKIX_PL_X500Name_Create
- (stringRep, &pkixDN, plContext),
- PKIX_X500NAMECREATEFAILED);
-
- PKIX_GENERALNAME_DEBUG("\t\tCalling CERT_AsciiToName).\n");
- nssCertName = CERT_AsciiToName(asciiString);
- nssGenName->name.directoryName = *nssCertName;
- break;
-
- case certRegisterID:
- PKIX_CHECK(PKIX_PL_OID_Create
- (asciiString, &pkixOID, plContext),
- PKIX_OIDCREATEFAILED);
- nssGenName->name.other = *secItem;
- break;
- default:
- /* including IPAddress, EDIPartyName, OtherName, X400Address */
- PKIX_ERROR(PKIX_UNABLETOCREATEGENERALNAMEOFTHISTYPE);
- }
-
- /* create a PKIX_PL_GeneralName object */
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_GENERALNAME_TYPE,
- sizeof (PKIX_PL_GeneralName),
- (PKIX_PL_Object **)&genName,
- plContext),
- PKIX_COULDNOTCREATEOBJECT);
-
- /* create a CERTGeneralNameList */
- nssGenName->type = nameType;
- PKIX_GENERALNAME_DEBUG("\t\tCalling CERT_CreateGeneralNameList).\n");
- nssGenNameList = CERT_CreateGeneralNameList(nssGenName);
- if (nssGenNameList == NULL) {
- PKIX_ERROR(PKIX_CERTCREATEGENERALNAMELISTFAILED);
- }
- genName->nssGeneralNameList = nssGenNameList;
-
- /* initialize fields */
- genName->type = nameType;
- genName->directoryName = pkixDN;
- genName->OthName = NULL;
- genName->other = secItem;
- genName->oid = pkixOID;
-
- *pGName = genName;
-cleanup:
-
- PKIX_FREE(asciiString);
-
- if (nssCertName != NULL) {
- PKIX_CERT_DEBUG("\t\tCalling CERT_DestroyName).\n");
- CERT_DestroyName(nssCertName);
- }
-
- if (arena){ /* will free nssGenName */
- PKIX_CERT_DEBUG("\t\tCalling PORT_FreeArena).\n");
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(pkixDN);
- PKIX_DECREF(pkixOID);
-
- PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_FreeItem).\n");
- if (secItem){
- SECITEM_FreeItem(secItem, PR_TRUE);
- secItem = NULL;
- }
- }
-
- PKIX_RETURN(GENERALNAME);
-}
-
-#endif /* BUILD_LIBPKIX_TESTS */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_generalname.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_generalname.h
deleted file mode 100644
index 5d3298f9a..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_generalname.h
+++ /dev/null
@@ -1,82 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_generalname.h
- *
- * GeneralName Object Definitions
- *
- */
-
-#ifndef _PKIX_PL_GENERALNAME_H
-#define _PKIX_PL_GENERALNAME_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_GeneralNameStruct{
- CERTGeneralNameList *nssGeneralNameList;
- CERTGeneralNameType type;
- PKIX_PL_X500Name *directoryName;
- PKIX_PL_OID *oid;
- OtherName *OthName;
- SECItem *other;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *
-pkix_pl_GeneralName_Create(
- CERTGeneralName *nssAltName,
- PKIX_PL_GeneralName **pGenName,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_GeneralName_GetNssGeneralName(
- PKIX_PL_GeneralName *genName,
- CERTGeneralName **pNssGenName,
- void *plContext);
-
-PKIX_Error *pkix_pl_GeneralName_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_GENERALNAME_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c
deleted file mode 100644
index c7a2c1691..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c
+++ /dev/null
@@ -1,887 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_infoaccess.c
- *
- * InfoAccess Object Definitions
- *
- */
-
-#include "pkix_pl_infoaccess.h"
-
-/* --Private-InfoAccess-Functions----------------------------------*/
-
-/*
- * FUNCTION: pkix_pl_InfoAccess_Create
- * DESCRIPTION:
- *
- * This function creates an InfoAccess from the method provided in "method" and
- * the GeneralName provided in "generalName" and stores the result at
- * "pInfoAccess".
- *
- * PARAMETERS
- * "method"
- * The UInt32 value to be stored as the method field of the InfoAccess.
- * "generalName"
- * The GeneralName to be stored as the generalName field of the InfoAccess.
- * Must be non-NULL.
- * "pInfoAccess"
- * Address where the result is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_InfoAccess_Create(
- PKIX_UInt32 method,
- PKIX_PL_GeneralName *generalName,
- PKIX_PL_InfoAccess **pInfoAccess,
- void *plContext)
-{
-
- PKIX_PL_InfoAccess *infoAccess = NULL;
-
- PKIX_ENTER(INFOACCESS, "pkix_pl_InfoAccess_Create");
- PKIX_NULLCHECK_TWO(generalName, pInfoAccess);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_INFOACCESS_TYPE,
- sizeof (PKIX_PL_InfoAccess),
- (PKIX_PL_Object **)&infoAccess,
- plContext),
- PKIX_COULDNOTCREATEINFOACCESSOBJECT);
-
- infoAccess->method = method;
-
- PKIX_INCREF(generalName);
- infoAccess->location = generalName;
-
- *pInfoAccess = infoAccess;
- infoAccess = NULL;
-
-cleanup:
- PKIX_DECREF(infoAccess);
-
- PKIX_RETURN(INFOACCESS);
-}
-
-/*
- * FUNCTION: pkix_pl_InfoAccess_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_pki.h)
- */
-static PKIX_Error *
-pkix_pl_InfoAccess_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_InfoAccess *infoAccess = NULL;
-
- PKIX_ENTER(INFOACCESS, "pkix_pl_InfoAccess_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_INFOACCESS_TYPE, plContext),
- PKIX_OBJECTNOTANINFOACCESS);
-
- infoAccess = (PKIX_PL_InfoAccess *)object;
-
- PKIX_DECREF(infoAccess->location);
-
-cleanup:
-
- PKIX_RETURN(INFOACCESS);
-}
-
-/*
- * FUNCTION: pkix_pl_InfoAccess_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_pki.h)
- */
-static PKIX_Error *
-pkix_pl_InfoAccess_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_InfoAccess *infoAccess;
- PKIX_PL_String *infoAccessString = NULL;
- char *asciiFormat = NULL;
- char *asciiMethod = NULL;
- PKIX_PL_String *formatString = NULL;
- PKIX_PL_String *methodString = NULL;
- PKIX_PL_String *locationString = NULL;
-
- PKIX_ENTER(INFOACCESS, "pkix_pl_InfoAccess_ToString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_INFOACCESS_TYPE, plContext),
- PKIX_OBJECTNOTINFOACCESS);
-
- infoAccess = (PKIX_PL_InfoAccess *)object;
-
- asciiFormat =
- "["
- "method:%s, "
- "location:%s"
- "]";
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- asciiFormat,
- 0,
- &formatString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- switch(infoAccess->method) {
- case PKIX_INFOACCESS_CA_ISSUERS:
- asciiMethod = "caIssuers";
- break;
- case PKIX_INFOACCESS_OCSP:
- asciiMethod = "ocsp";
- break;
- case PKIX_INFOACCESS_TIMESTAMPING:
- asciiMethod = "timestamping";
- break;
- case PKIX_INFOACCESS_CA_REPOSITORY:
- asciiMethod = "caRepository";
- break;
- default:
- asciiMethod = "unknown";
- }
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- asciiMethod,
- 0,
- &methodString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- PKIX_TOSTRING(infoAccess->location, &locationString, plContext,
- PKIX_GENERALNAMETOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&infoAccessString,
- plContext,
- formatString,
- methodString,
- locationString),
- PKIX_SPRINTFFAILED);
-
- *pString = infoAccessString;
-
-cleanup:
-
- PKIX_DECREF(formatString);
- PKIX_DECREF(methodString);
- PKIX_DECREF(locationString);
-
- PKIX_RETURN(INFOACCESS);
-}
-
-/*
- * FUNCTION: pkix_pl_InfoAccess_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_pki.h)
- */
-static PKIX_Error *
-pkix_pl_InfoAccess_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_PL_InfoAccess *infoAccess = NULL;
- PKIX_UInt32 infoAccessHash;
-
- PKIX_ENTER(INFOACCESS, "pkix_pl_InfoAccess_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_INFOACCESS_TYPE, plContext),
- PKIX_OBJECTNOTINFOACCESS);
-
- infoAccess = (PKIX_PL_InfoAccess *)object;
-
- PKIX_HASHCODE(infoAccess->location, &infoAccessHash, plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- infoAccessHash += (infoAccess->method << 7);
-
- *pHashcode = infoAccessHash;
-
-cleanup:
-
- PKIX_RETURN(INFOACCESS);
-
-}
-
-/*
- * FUNCTION: pkix_pl_InfoAccess_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_pki.h)
- */
-static PKIX_Error *
-pkix_pl_InfoAccess_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PL_InfoAccess *firstInfoAccess = NULL;
- PKIX_PL_InfoAccess *secondInfoAccess = NULL;
- PKIX_UInt32 secondType;
- PKIX_Boolean cmpResult;
-
- PKIX_ENTER(INFOACCESS, "pkix_pl_InfoAccess_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- /* test that firstObject is a InfoAccess */
- PKIX_CHECK(pkix_CheckType
- (firstObject, PKIX_INFOACCESS_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTINFOACCESS);
-
- /*
- * Since we know firstObject is a InfoAccess, if both references are
- * identical, they must be equal
- */
- if (firstObject == secondObject){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If secondObject isn't a InfoAccess, we don't throw an error.
- * We simply return a Boolean result of FALSE
- */
- *pResult = PKIX_FALSE;
- PKIX_CHECK(PKIX_PL_Object_GetType
- (secondObject, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
- if (secondType != PKIX_INFOACCESS_TYPE) goto cleanup;
-
- firstInfoAccess = (PKIX_PL_InfoAccess *)firstObject;
- secondInfoAccess = (PKIX_PL_InfoAccess *)secondObject;
-
- *pResult = PKIX_FALSE;
-
- if (firstInfoAccess->method != secondInfoAccess->method) {
- goto cleanup;
- }
-
- PKIX_EQUALS(firstInfoAccess, secondInfoAccess, &cmpResult, plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- *pResult = cmpResult;
-
-cleanup:
-
- PKIX_RETURN(INFOACCESS);
-}
-
-/*
- * FUNCTION: pkix_pl_InfoAccess_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_INFOACCESS_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_InfoAccess_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(INFOACCESS,
- "pkix_pl_InfoAccess_RegisterSelf");
-
- entry.description = "InfoAccess";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_InfoAccess);
- entry.destructor = pkix_pl_InfoAccess_Destroy;
- entry.equalsFunction = pkix_pl_InfoAccess_Equals;
- entry.hashcodeFunction = pkix_pl_InfoAccess_Hashcode;
- entry.toStringFunction = pkix_pl_InfoAccess_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
-
- systemClasses[PKIX_INFOACCESS_TYPE] = entry;
-
- PKIX_RETURN(INFOACCESS);
-}
-
-/*
- * FUNCTION: pkix_pl_InfoAccess_CreateList
- * DESCRIPTION:
- *
- * Based on data in CERTAuthInfoAccess array "nssInfoAccess", this function
- * creates and returns a PKIX_List of PKIX_PL_InfoAccess at "pInfoAccessList".
- *
- * PARAMETERS
- * "nssInfoAccess"
- * The pointer array of CERTAuthInfoAccess that contains access data.
- * May be NULL.
- * "pInfoAccessList"
- * Address where a list of PKIX_PL_InfoAccess is returned.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_InfoAccess_CreateList(
- CERTAuthInfoAccess **nssInfoAccess,
- PKIX_List **pInfoAccessList, /* of PKIX_PL_InfoAccess */
- void *plContext)
-{
- PKIX_List *infoAccessList = NULL;
- PKIX_PL_InfoAccess *infoAccess = NULL;
- PKIX_PL_GeneralName *location = NULL;
- PKIX_UInt32 method;
- int i;
-
- PKIX_ENTER(INFOACCESS, "PKIX_PL_InfoAccess_CreateList");
- PKIX_NULLCHECK_ONE(pInfoAccessList);
-
- PKIX_CHECK(PKIX_List_Create(&infoAccessList, plContext),
- PKIX_LISTCREATEFAILED);
-
- if (nssInfoAccess == NULL) {
- goto cleanup;
- }
-
- for (i = 0; nssInfoAccess[i] != NULL; i++) {
-
- if (nssInfoAccess[i]->location == NULL) {
- continue;
- }
-
- PKIX_CHECK(pkix_pl_GeneralName_Create
- (nssInfoAccess[i]->location, &location, plContext),
- PKIX_GENERALNAMECREATEFAILED);
-
- PKIX_CERT_DEBUG("\t\tCalling SECOID_FindOIDTag).\n");
- method = SECOID_FindOIDTag(&nssInfoAccess[i]->method);
- /* Map NSS access method value into PKIX constant */
- switch(method) {
- case SEC_OID_PKIX_CA_ISSUERS:
- method = PKIX_INFOACCESS_CA_ISSUERS;
- break;
- case SEC_OID_PKIX_OCSP:
- method = PKIX_INFOACCESS_OCSP;
- break;
- case SEC_OID_PKIX_TIMESTAMPING:
- method = PKIX_INFOACCESS_TIMESTAMPING;
- break;
- case SEC_OID_PKIX_CA_REPOSITORY:
- method = PKIX_INFOACCESS_CA_REPOSITORY;
- break;
- default:
- PKIX_ERROR(PKIX_UNKNOWNINFOACCESSMETHOD);
- }
-
- PKIX_CHECK(pkix_pl_InfoAccess_Create
- (method, location, &infoAccess, plContext),
- PKIX_INFOACCESSCREATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (infoAccessList,
- (PKIX_PL_Object *)infoAccess,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- PKIX_DECREF(infoAccess);
- PKIX_DECREF(location);
- }
-
- *pInfoAccessList = infoAccessList;
- infoAccessList = NULL;
-
-cleanup:
-
- PKIX_DECREF(infoAccessList);
- PKIX_DECREF(infoAccess);
- PKIX_DECREF(location);
-
- PKIX_RETURN(INFOACCESS);
-}
-
-/* --Public-Functions------------------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_InfoAccess_GetMethod (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_InfoAccess_GetMethod(
- PKIX_PL_InfoAccess *infoAccess,
- PKIX_UInt32 *pMethod,
- void *plContext)
-{
- PKIX_ENTER(INFOACCESS, "PKIX_PL_InfoAccess_GetMethod");
- PKIX_NULLCHECK_TWO(infoAccess, pMethod);
-
- *pMethod = infoAccess->method;
-
- PKIX_RETURN(INFOACCESS);
-}
-
-/*
- * FUNCTION: PKIX_PL_InfoAccess_GetLocation (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_InfoAccess_GetLocation(
- PKIX_PL_InfoAccess *infoAccess,
- PKIX_PL_GeneralName **pLocation,
- void *plContext)
-{
- PKIX_ENTER(INFOACCESS, "PKIX_PL_InfoAccess_GetLocation");
- PKIX_NULLCHECK_TWO(infoAccess, pLocation);
-
- PKIX_INCREF(infoAccess->location);
-
- *pLocation = infoAccess->location;
-
-cleanup:
- PKIX_RETURN(INFOACCESS);
-}
-
-/*
- * FUNCTION: PKIX_PL_InfoAccess_GetLocationType (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_InfoAccess_GetLocationType(
- PKIX_PL_InfoAccess *infoAccess,
- PKIX_UInt32 *pType,
- void *plContext)
-{
- PKIX_PL_String *locationString = NULL;
- PKIX_UInt32 type = PKIX_INFOACCESS_LOCATION_UNKNOWN;
- PKIX_UInt32 len = 0;
- void *location = NULL;
-
- PKIX_ENTER(INFOACCESS, "PKIX_PL_InfoAccess_GetLocationType");
- PKIX_NULLCHECK_TWO(infoAccess, pType);
-
- if (infoAccess->location != NULL) {
-
- PKIX_TOSTRING(infoAccess->location, &locationString, plContext,
- PKIX_GENERALNAMETOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (locationString, PKIX_ESCASCII, &location, &len, plContext),
- PKIX_STRINGGETENCODEDFAILED);
-
- PKIX_OID_DEBUG("\tCalling PORT_Strcmp).\n");
- if (PORT_Strncmp(location, "ldap:", 5) == 0){
- type = PKIX_INFOACCESS_LOCATION_LDAP;
- } else
- if (PORT_Strncmp(location, "http:", 5) == 0){
- type = PKIX_INFOACCESS_LOCATION_HTTP;
- }
- }
-
- *pType = type;
-
-cleanup:
-
- PKIX_PL_Free(location, plContext);
- PKIX_DECREF(locationString);
-
- PKIX_RETURN(INFOACCESS);
-}
-
-/*
- * FUNCTION: pkix_pl_InfoAccess_ParseTokens
- * DESCRIPTION:
- *
- * This function parses the string beginning at "startPos" into tokens using
- * the separator contained in "separator" and the terminator contained in
- * "terminator", copying the tokens into space allocated from the arena
- * pointed to by "arena". It stores in "tokens" a null-terminated array of
- * pointers to those tokens.
- *
- * PARAMETERS
- * "arena"
- * Address of a PRArenaPool to be used in populating the LDAPLocation.
- * Must be non-NULL.
- * "startPos"
- * The address of char string that contains a subset of ldap location.
- * "tokens"
- * The address of an array of char string for storing returned tokens.
- * Must be non-NULL.
- * "separator"
- * The character that is taken as token separator. Must be non-NULL.
- * "terminator"
- * The character that is taken as parsing terminator. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an InfoAccess Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_InfoAccess_ParseTokens(
- PRArenaPool *arena,
- char **startPos, /* return update */
- char ***tokens,
- char separator,
- char terminator,
- void *plContext)
-{
- PKIX_UInt32 len = 0;
- PKIX_UInt32 numFilters = 0;
- PKIX_Int32 cmpResult = -1;
- char *endPos = NULL;
- char *p = NULL;
- char **filterP = NULL;
-
- PKIX_ENTER(INFOACCESS, "pkix_pl_InfoAccess_ParseTokens");
- PKIX_NULLCHECK_THREE(arena, startPos, tokens);
-
- endPos = *startPos;
-
- /* First pass: parse to <terminator> to count number of components */
- numFilters = 0;
- while (*endPos != terminator && *endPos != '\0') {
- endPos++;
- if (*endPos == separator) {
- numFilters++;
- }
- }
-
- if (*endPos != terminator) {
- PKIX_ERROR(PKIX_LOCATIONSTRINGNOTPROPERLYTERMINATED);
- }
-
- /* Last one doesn't have a "," as separator, although we allow it */
- if (*(endPos-1) != ',') {
- numFilters++;
- }
-
- /*
- * If string is a=xx, b=yy, c=zz, etc., use a=xx for filter,
- * and everything else for the base
- */
- if (numFilters > 2) numFilters = 2;
-
- filterP = PORT_ArenaZNewArray(arena, char*, numFilters+1);
- if (filterP == NULL) {
- PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
- }
-
- /* Second pass: parse to fill in components in token array */
- *tokens = filterP;
- endPos = *startPos;
-
- while (numFilters) {
- if (*endPos == separator || *endPos == terminator) {
- len = endPos - *startPos;
- p = PORT_ArenaZAlloc(arena, len+1);
- if (p == NULL) {
- PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
- }
-
- *filterP = p;
-
- while (len) {
- if (**startPos == '%') {
- /* replace %20 by blank */
- cmpResult = strncmp(*startPos, "%20", 3);
- if (cmpResult == 0) {
- *p = ' ';
- *startPos += 3;
- len -= 3;
- }
- } else {
- *p = **startPos;
- (*startPos)++;
- len--;
- }
- p++;
- }
-
- *p = '\0';
- filterP++;
- numFilters--;
-
- separator = terminator;
-
- if (endPos == '\0') {
- break;
- } else {
- endPos++;
- *startPos = endPos;
- continue;
- }
- }
- endPos++;
- }
-
- *filterP = NULL;
-
-cleanup:
-
- PKIX_RETURN(INFOACCESS);
-}
-
-/*
- * FUNCTION: pkix_pl_InfoAccess_ParseLocation
- * DESCRIPTION:
- *
- * This function parses the GeneralName pointed to by "generalName" into the
- * fields of the LDAPRequestParams pointed to by "request" and a domainName
- * pointed to by "pDomainName", using the PRArenaPool pointed to by "arena" to
- * allocate storage for the request components and for the domainName string.
- *
- * The expected GeneralName string should be in the format described by the
- * following BNF:
- *
- * ldap://<ldap-server-site>/[cn=<cname>][,o=<org>][,c=<country>]?
- * [caCertificate|crossCertificatPair|certificateRevocationList];
- * [binary|<other-type>]
- * [[,caCertificate|crossCertificatPair|certificateRevocationList]
- * [binary|<other-type>]]*
- *
- * PARAMETERS
- * "generalName"
- * Address of the GeneralName whose LDAPLocation is to be parsed. Must be
- * non-NULL.
- * "arena"
- * Address of PRArenaPool to be used for the domainName and for components
- * of the LDAPRequest. Must be non-NULL.
- * "request"
- * Address of the LDAPRequestParams into which request components are
- * stored. Must be non-NULL.
- * *pDomainName"
- * Address at which the domainName is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an InfoAccess Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_InfoAccess_ParseLocation(
- PKIX_PL_GeneralName *generalName,
- PRArenaPool *arena,
- LDAPRequestParams *request,
- char **pDomainName,
- void *plContext)
-{
- PKIX_PL_String *locationString = NULL;
- PKIX_UInt32 len = 0;
- PKIX_UInt32 ncIndex = 0;
- char *domainName = NULL;
- char **avaArray = NULL;
- char **attrArray = NULL;
- char *attr = NULL;
- char *locationAscii = NULL;
- char *startPos = NULL;
- char *endPos = NULL;
- char *avaPtr = NULL;
- LdapAttrMask attrBit = 0;
- LDAPNameComponent **setOfNameComponent = NULL;
- LDAPNameComponent *nameComponent = NULL;
-
- PKIX_ENTER(INFOACCESS, "pkix_pl_InfoAccess_ParseLocation");
- PKIX_NULLCHECK_FOUR(generalName, arena, request, pDomainName);
-
- PKIX_TOSTRING(generalName, &locationString, plContext,
- PKIX_GENERALNAMETOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (locationString,
- PKIX_ESCASCII,
- (void **)&locationAscii,
- &len,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
-
-#if 0
- /* For testing inside the firewall... */
- locationAscii = "ldap://nss.red.iplanet.com:1389/cn=Good%20CA,o="
- "Test%20Certificates,c=US?caCertificate;binary";
-#endif
-
- /* Skip "ldap:" */
- endPos = locationAscii;
- while (*endPos != ':' && *endPos != '\0') {
- endPos++;
- }
- if (*endPos == '\0') {
- PKIX_ERROR(PKIX_GENERALNAMESTRINGMISSINGLOCATIONTYPE);
- }
-
- /* Skip "//" */
- endPos++;
- if (*endPos != '\0' && *(endPos+1) != '0' &&
- *endPos == '/' && *(endPos+1) == '/') {
- endPos += 2;
- } else {
- PKIX_ERROR(PKIX_GENERALNAMESTRINGMISSINGDOUBLESLASH);
- }
-
- /* Get the server-site */
- startPos = endPos;
- while(*endPos != '/' && *(endPos) != '\0') {
- endPos++;
- }
- if (*endPos == '\0') {
- PKIX_ERROR(PKIX_GENERALNAMESTRINGMISSINGSERVERSITE);
- }
-
- len = endPos - startPos;
- endPos++;
-
- domainName = PORT_ArenaZAlloc(arena, len + 1);
- if (!domainName) {
- PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
- }
-
- PORT_Memcpy(domainName, startPos, len);
-
- domainName[len] = '\0';
-
- *pDomainName = domainName;
-
- /*
- * Get a list of AttrValueAssertions (such as
- * "cn=CommonName, o=Organization, c=US" into a null-terminated array
- */
- startPos = endPos;
- PKIX_CHECK(pkix_pl_InfoAccess_ParseTokens
- (arena,
- &startPos,
- (char ***) &avaArray,
- ',',
- '?',
- plContext),
- PKIX_INFOACCESSPARSETOKENSFAILED);
-
- /* Count how many AVAs we have */
- for (len = 0; avaArray[len] != NULL; len++) {}
-
- if (len < 2) {
- PKIX_ERROR(PKIX_NOTENOUGHNAMECOMPONENTSINGENERALNAME);
- }
-
- /* Use last name component for baseObject */
- request->baseObject = avaArray[len - 1];
-
- /* Use only one component for filter. LDAP servers aren't too smart. */
- len = 2; /* Eliminate this when servers get smarter. */
-
- avaArray[len - 1] = NULL;
-
- /* Get room for null-terminated array of (LdapNameComponent *) */
- setOfNameComponent = PORT_ArenaZNewArray(arena, LDAPNameComponent *, len);
- if (setOfNameComponent == NULL) {
- PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
- }
-
- /* Get room for the remaining LdapNameComponents */
- nameComponent = PORT_ArenaZNewArray(arena, LDAPNameComponent, --len);
- if (nameComponent == NULL) {
- PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
- }
-
- /* Convert remaining AVAs to LDAPNameComponents */
- for (ncIndex = 0; ncIndex < len; ncIndex ++) {
- setOfNameComponent[ncIndex] = nameComponent;
- avaPtr = avaArray[ncIndex];
- nameComponent->attrType = (unsigned char *)avaPtr;
- while ((*avaPtr != '=') && (*avaPtr != '\0')) {
- avaPtr++;
- if (avaPtr == '\0') {
- PKIX_ERROR(PKIX_NAMECOMPONENTWITHNOEQ);
- }
- }
- *(avaPtr++) = '\0';
- nameComponent->attrValue = (unsigned char *)avaPtr;
- nameComponent++;
- }
-
- setOfNameComponent[len] = NULL;
- request->nc = setOfNameComponent;
-
- /*
- * Get a list of AttrTypes (such as
- * "caCertificate;binary, crossCertificatePair;binary") into
- * a null-terminated array
- */
-
- PKIX_CHECK(pkix_pl_InfoAccess_ParseTokens
- (arena,
- (char **) &startPos,
- (char ***) &attrArray,
- ',',
- '\0',
- plContext),
- PKIX_INFOACCESSPARSETOKENSFAILED);
-
- /* Convert array of Attr Types into a bit mask */
- request->attributes = 0;
- attr = attrArray[0];
- while (attr != NULL) {
- PKIX_CHECK(pkix_pl_LdapRequest_AttrStringToBit
- (attr, &attrBit, plContext),
- PKIX_LDAPREQUESTATTRSTRINGTOBITFAILED);
- request->attributes |= attrBit;
- attr = *(++attrArray);
- }
-
-cleanup:
-
- PKIX_PL_Free(locationAscii, plContext);
- PKIX_DECREF(locationString);
-
- PKIX_RETURN(INFOACCESS);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h
deleted file mode 100644
index 735446547..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h
+++ /dev/null
@@ -1,80 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_infoaccess.h
- *
- * InfoAccess Object Definitions
- *
- */
-
-#ifndef _PKIX_PL_INFOACCESS_H
-#define _PKIX_PL_INFOACCESS_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_InfoAccessStruct{
- PKIX_UInt32 method;
- PKIX_PL_GeneralName *location;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_pl_InfoAccess_RegisterSelf(void *plContext);
-
-PKIX_Error *
-pkix_pl_InfoAccess_CreateList(
- CERTAuthInfoAccess **authInfoAccess,
- PKIX_List **pAiaList, /* of PKIX_PL_InfoAccess */
- void *plContext);
-
-PKIX_Error *
-pkix_pl_InfoAccess_ParseLocation(
- PKIX_PL_GeneralName *generalName,
- PRArenaPool *arena,
- LDAPRequestParams *request,
- char **pDomainName,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_INFOACCESS_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.c
deleted file mode 100644
index a0127668b..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.c
+++ /dev/null
@@ -1,1307 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_nameconstraints.c
- *
- * Name Constraints Object Functions Definitions
- *
- */
-
-#include "pkix_pl_nameconstraints.h"
-
-
-/* --Private-NameConstraints-Functions----------------------------- */
-
-/*
- * FUNCTION: pkix_pl_CertNameConstraints_GetPermitted
- * DESCRIPTION:
- *
- * This function retrieve name constraints permitted list from NSS
- * data in "nameConstraints" and returns a PKIX_PL_GeneralName list
- * in "pPermittedList".
- *
- * PARAMETERS
- * "nameConstraints"
- * Address of CertNameConstraints which has a pointer to
- * CERTNameConstraints data. Must be non-NULL.
- * "pPermittedList"
- * Address where returned permitted name list is stored. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a NameConstraints Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CertNameConstraints_GetPermitted(
- PKIX_PL_CertNameConstraints *nameConstraints,
- PKIX_List **pPermittedList,
- void *plContext)
-{
- CERTNameConstraints *nssNameConstraints = NULL;
- CERTNameConstraints **nssNameConstraintsList = NULL;
- CERTNameConstraint *nssPermitted = NULL;
- CERTNameConstraint *firstPermitted = NULL;
- PKIX_List *permittedList = NULL;
- PKIX_PL_GeneralName *name = NULL;
- PKIX_UInt32 numItems = 0;
- PKIX_UInt32 i;
-
- PKIX_ENTER(CERTNAMECONSTRAINTS,
- "pkix_pl_CertNameConstraints_GetPermitted");
- PKIX_NULLCHECK_TWO(nameConstraints, pPermittedList);
-
- /*
- * nssNameConstraints is an array of CERTNameConstraints
- * pointers where CERTNameConstraints keep its permitted and excluded
- * lists as pointer array of CERTNameConstraint.
- */
-
- if (nameConstraints->permittedList == NULL) {
-
- PKIX_OBJECT_LOCK(nameConstraints);
-
- if (nameConstraints->permittedList == NULL) {
-
- PKIX_CHECK(PKIX_List_Create(&permittedList, plContext),
- PKIX_LISTCREATEFAILED);
-
- numItems = nameConstraints->numNssNameConstraints;
- nssNameConstraintsList =
- nameConstraints->nssNameConstraintsList;
-
- for (i = 0; i < numItems; i++) {
-
- PKIX_NULLCHECK_ONE(nssNameConstraintsList);
- nssNameConstraints = *(nssNameConstraintsList + i);
- PKIX_NULLCHECK_ONE(nssNameConstraints);
-
- if (nssNameConstraints->permited != NULL) {
-
- nssPermitted = nssNameConstraints->permited;
- firstPermitted = nssPermitted;
-
- do {
-
- PKIX_CHECK(pkix_pl_GeneralName_Create
- (&nssPermitted->name, &name, plContext),
- PKIX_GENERALNAMECREATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (permittedList,
- (PKIX_PL_Object *)name,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_DECREF(name);
-
- PKIX_CERTNAMECONSTRAINTS_DEBUG
- ("\t\tCalling CERT_GetNextNameConstraint\n");
- nssPermitted = CERT_GetNextNameConstraint
- (nssPermitted);
-
- } while (nssPermitted != firstPermitted);
-
- }
- }
-
- PKIX_CHECK(PKIX_List_SetImmutable(permittedList, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- nameConstraints->permittedList = permittedList;
-
- }
-
- PKIX_OBJECT_UNLOCK(nameConstraints);
-
- }
-
- PKIX_INCREF(nameConstraints->permittedList);
-
- *pPermittedList = nameConstraints->permittedList;
-
-cleanup:
-
- PKIX_RETURN(CERTNAMECONSTRAINTS);
-}
-
-/*
- * FUNCTION: pkix_pl_CertNameConstraints_GetExcluded
- * DESCRIPTION:
- *
- * This function retrieve name constraints excluded list from NSS
- * data in "nameConstraints" and returns a PKIX_PL_GeneralName list
- * in "pExcludedList".
- *
- * PARAMETERS
- * "nameConstraints"
- * Address of CertNameConstraints which has a pointer to NSS data.
- * Must be non-NULL.
- * "pPermittedList"
- * Address where returned excluded name list is stored. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a NameConstraints Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CertNameConstraints_GetExcluded(
- PKIX_PL_CertNameConstraints *nameConstraints,
- PKIX_List **pExcludedList,
- void *plContext)
-{
- CERTNameConstraints *nssNameConstraints = NULL;
- CERTNameConstraints **nssNameConstraintsList = NULL;
- CERTNameConstraint *nssExcluded = NULL;
- CERTNameConstraint *firstExcluded = NULL;
- PKIX_List *excludedList = NULL;
- PKIX_PL_GeneralName *name = NULL;
- PKIX_UInt32 numItems = 0;
- PKIX_UInt32 i;
-
- PKIX_ENTER(CERTNAMECONSTRAINTS,
- "pkix_pl_CertNameConstraints_GetExcluded");
- PKIX_NULLCHECK_TWO(nameConstraints, pExcludedList);
-
- if (nameConstraints->excludedList == NULL) {
-
- PKIX_OBJECT_LOCK(nameConstraints);
-
- if (nameConstraints->excludedList == NULL) {
-
- PKIX_CHECK(PKIX_List_Create(&excludedList, plContext),
- PKIX_LISTCREATEFAILED);
-
- numItems = nameConstraints->numNssNameConstraints;
- nssNameConstraintsList =
- nameConstraints->nssNameConstraintsList;
-
- for (i = 0; i < numItems; i++) {
-
- PKIX_NULLCHECK_ONE(nssNameConstraintsList);
- nssNameConstraints = *(nssNameConstraintsList + i);
- PKIX_NULLCHECK_ONE(nssNameConstraints);
-
- if (nssNameConstraints->excluded != NULL) {
-
- nssExcluded = nssNameConstraints->excluded;
- firstExcluded = nssExcluded;
-
- do {
-
- PKIX_CHECK(pkix_pl_GeneralName_Create
- (&nssExcluded->name, &name, plContext),
- PKIX_GENERALNAMECREATEFAILED);
-
- PKIX_CHECK(PKIX_List_AppendItem
- (excludedList,
- (PKIX_PL_Object *)name,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
-
- PKIX_DECREF(name);
-
- PKIX_CERTNAMECONSTRAINTS_DEBUG
- ("\t\tCalling CERT_GetNextNameConstraint\n");
- nssExcluded = CERT_GetNextNameConstraint
- (nssExcluded);
-
- } while (nssExcluded != firstExcluded);
-
- }
-
- }
- PKIX_CHECK(PKIX_List_SetImmutable(excludedList, plContext),
- PKIX_LISTSETIMMUTABLEFAILED);
-
- nameConstraints->excludedList = excludedList;
-
- }
-
- PKIX_OBJECT_UNLOCK(nameConstraints);
- }
-
- PKIX_INCREF(nameConstraints->excludedList);
-
- *pExcludedList = nameConstraints->excludedList;
-
-cleanup:
-
- PKIX_RETURN(CERTNAMECONSTRAINTS);
-}
-
-/*
- * FUNCTION: pkix_pl_CertNameConstraints_CheckNameSpaceNssNames
- * DESCRIPTION:
- *
- * This function checks if CERTGeneral names in "nssSubjectNames" complies
- * with the permitted and excluded names in "nameConstraints". It returns
- * PKIX_TRUE in "pCheckPass", if the Names satify the name space of the
- * permitted list and if the Names are not in the excluded list. Otherwise,
- * it returns PKIX_FALSE.
- *
- * PARAMETERS
- * "nssSubjectNames"
- * List of CERTGeneralName that nameConstraints verification is based on.
- * "nameConstraints"
- * Address of CertNameConstraints that provides lists of permitted
- * and excluded names. Must be non-NULL.
- * "pCheckPass"
- * Address where PKIX_TRUE is returned if the all names in "nameList" are
- * valid.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a NameConstraints Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_CertNameConstraints_CheckNameSpaceNssNames(
- CERTGeneralName *nssSubjectNames,
- PKIX_PL_CertNameConstraints *nameConstraints,
- PKIX_Boolean *pCheckPass,
- void *plContext)
-{
- CERTNameConstraints **nssNameConstraintsList = NULL;
- CERTNameConstraints *nssNameConstraints = NULL;
- CERTGeneralName *nssMatchName = NULL;
- PRArenaPool *arena = NULL;
- PKIX_UInt32 numItems = 0;
- PKIX_UInt32 i;
- SECStatus status = SECSuccess;
-
- PKIX_ENTER(CERTNAMECONSTRAINTS,
- "pkix_pl_CertNameConstraints_CheckNameSpaceNssNames");
- PKIX_NULLCHECK_THREE(nssSubjectNames, nameConstraints, pCheckPass);
-
- *pCheckPass = PKIX_TRUE;
-
- PKIX_CERTNAMECONSTRAINTS_DEBUG("\t\tCalling PORT_NewArena\n");
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- nssMatchName = nssSubjectNames;
- nssNameConstraintsList = nameConstraints->nssNameConstraintsList;
-
- /*
- * CERTNameConstraint items in each permitted or excluded list
- * is verified as OR condition. That means, if one item matched,
- * then the checking on the remaining items on the list is skipped.
- * (see NSS cert_CompareNameWithConstraints(...)).
- * Items on PKIX_PL_NameConstraint's nssNameConstraints are verified
- * as AND condition. PKIX_PL_NameConstraint keeps an array of pointers
- * of CERTNameConstraints resulting from merging multiple
- * PKIX_PL_NameConstraints. Since each CERTNameConstraint are created
- * for different entity, a union condition of these entities then is
- * performed.
- */
-
- do {
-
- numItems = nameConstraints->numNssNameConstraints;
-
- for (i = 0; i < numItems; i++) {
-
- PKIX_NULLCHECK_ONE(nssNameConstraintsList);
- nssNameConstraints = *(nssNameConstraintsList + i);
- PKIX_NULLCHECK_ONE(nssNameConstraints);
-
- PKIX_CERTNAMECONSTRAINTS_DEBUG
- ("\t\tCalling CERT_CheckNameSpace\n");
- status = CERT_CheckNameSpace
- (arena, nssNameConstraints, nssMatchName);
- if (status != SECSuccess) {
- break;
- }
-
- }
-
- if (status != SECSuccess) {
- break;
- }
-
- PKIX_CERTNAMECONSTRAINTS_DEBUG
- ("\t\tCalling CERT_GetNextGeneralName\n");
- nssMatchName = CERT_GetNextGeneralName(nssMatchName);
-
- } while (nssMatchName != nssSubjectNames);
-
- if (status == SECFailure) {
-
- *pCheckPass = PKIX_FALSE;
- }
-
-cleanup:
-
- if (arena){
- PKIX_CERTNAMECONSTRAINTS_DEBUG
- ("\t\tCalling PORT_FreeArena).\n");
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- PKIX_RETURN(CERTNAMECONSTRAINTS);
-}
-
-/*
- * FUNCTION: pkix_pl_NameConstraints_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertNameConstraints_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_CertNameConstraints *nameConstraints = NULL;
-
- PKIX_ENTER(CERTNAMECONSTRAINTS, "pkix_pl_CertNameConstraints_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_CERTNAMECONSTRAINTS_TYPE, plContext),
- PKIX_OBJECTNOTCERTNAMECONSTRAINTS);
-
- nameConstraints = (PKIX_PL_CertNameConstraints *)object;
-
- PKIX_CHECK(PKIX_PL_Free
- (nameConstraints->nssNameConstraintsList, plContext),
- PKIX_FREEFAILED);
-
- if (nameConstraints->arena){
- PKIX_CERTNAMECONSTRAINTS_DEBUG
- ("\t\tCalling PORT_FreeArena).\n");
- PORT_FreeArena(nameConstraints->arena, PR_FALSE);
- nameConstraints->arena = NULL;
- }
-
- PKIX_DECREF(nameConstraints->permittedList);
- PKIX_DECREF(nameConstraints->excludedList);
-
-cleanup:
-
- PKIX_RETURN(CERTNAMECONSTRAINTS);
-}
-
-/*
- * FUNCTION: pkix_pl_CertNameConstraints_ToString_Helper
- * DESCRIPTION:
- *
- * Helper function that creates a string representation of the object
- * NameConstraints and stores it at "pString".
- *
- * PARAMETERS
- * "nameConstraints"
- * Address of CertNameConstraints whose string representation is
- * desired. Must be non-NULL.
- * "pString"
- * Address where string object pointer will be stored. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a NameConstraints Error if the function fails in a
- * non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CertNameConstraints_ToString_Helper(
- PKIX_PL_CertNameConstraints *nameConstraints,
- PKIX_PL_String **pString,
- void *plContext)
-{
- char *asciiFormat = NULL;
- PKIX_PL_String *formatString = NULL;
- PKIX_List *permittedList = NULL;
- PKIX_List *excludedList = NULL;
- PKIX_PL_String *permittedListString = NULL;
- PKIX_PL_String *excludedListString = NULL;
- PKIX_PL_String *nameConstraintsString = NULL;
-
- PKIX_ENTER(CERTNAMECONSTRAINTS,
- "pkix_pl_CertNameConstraints_ToString_Helper");
- PKIX_NULLCHECK_TWO(nameConstraints, pString);
-
- asciiFormat =
- "[\n"
- "\t\tPermitted Name: %s\n"
- "\t\tExcluded Name: %s\n"
- "\t]\n";
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- asciiFormat,
- 0,
- &formatString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- PKIX_CHECK(pkix_pl_CertNameConstraints_GetPermitted
- (nameConstraints, &permittedList, plContext),
- PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED);
-
- PKIX_TOSTRING(permittedList, &permittedListString, plContext,
- PKIX_LISTTOSTRINGFAILED);
-
- PKIX_CHECK(pkix_pl_CertNameConstraints_GetExcluded
- (nameConstraints, &excludedList, plContext),
- PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED);
-
- PKIX_TOSTRING(excludedList, &excludedListString, plContext,
- PKIX_LISTTOSTRINGFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (&nameConstraintsString,
- plContext,
- formatString,
- permittedListString,
- excludedListString),
- PKIX_SPRINTFFAILED);
-
- *pString = nameConstraintsString;
-
-cleanup:
-
- PKIX_DECREF(formatString);
- PKIX_DECREF(permittedList);
- PKIX_DECREF(excludedList);
- PKIX_DECREF(permittedListString);
- PKIX_DECREF(excludedListString);
-
- PKIX_RETURN(CERTNAMECONSTRAINTS);
-}
-
-/*
- * FUNCTION: pkix_pl_CertNameConstraints_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertNameConstraints_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_String *nameConstraintsString = NULL;
- PKIX_PL_CertNameConstraints *nameConstraints = NULL;
-
- PKIX_ENTER(CERTNAMECONSTRAINTS, "pkix_pl_CertNameConstraints_ToString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(
- object, PKIX_CERTNAMECONSTRAINTS_TYPE, plContext),
- PKIX_OBJECTNOTCERTNAMECONSTRAINTS);
-
- nameConstraints = (PKIX_PL_CertNameConstraints *)object;
-
- PKIX_CHECK(pkix_pl_CertNameConstraints_ToString_Helper
- (nameConstraints, &nameConstraintsString, plContext),
- PKIX_CERTNAMECONSTRAINTSTOSTRINGHELPERFAILED);
-
- *pString = nameConstraintsString;
-
-cleanup:
-
- PKIX_RETURN(CERTNAMECONSTRAINTS);
-}
-
-/*
- * FUNCTION: pkix_pl_CertNameConstraints_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertNameConstraints_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_PL_CertNameConstraints *nameConstraints = NULL;
- PKIX_List *permittedList = NULL;
- PKIX_List *excludedList = NULL;
- PKIX_UInt32 permitHash = 0;
- PKIX_UInt32 excludeHash = 0;
-
- PKIX_ENTER(CERTNAMECONSTRAINTS, "pkix_pl_CertNameConstraints_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType
- (object, PKIX_CERTNAMECONSTRAINTS_TYPE, plContext),
- PKIX_OBJECTNOTCERTNAMECONSTRAINTS);
-
- nameConstraints = (PKIX_PL_CertNameConstraints *)object;
-
- PKIX_CHECK(pkix_pl_CertNameConstraints_GetPermitted
- (nameConstraints, &permittedList, plContext),
- PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED);
-
- PKIX_HASHCODE(permittedList, &permitHash, plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- PKIX_CHECK(pkix_pl_CertNameConstraints_GetExcluded
- (nameConstraints, &excludedList, plContext),
- PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED);
-
- PKIX_HASHCODE(excludedList, &excludeHash, plContext,
- PKIX_OBJECTHASHCODEFAILED);
-
- *pHashcode = (((permitHash << 7) + excludeHash) << 7) +
- nameConstraints->numNssNameConstraints;
-
-cleanup:
-
- PKIX_DECREF(permittedList);
- PKIX_DECREF(excludedList);
- PKIX_RETURN(CERTNAMECONSTRAINTS);
-}
-
-/*
- * FUNCTION: pkix_pl_CertNameConstraints_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_CertNameConstraints_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PL_CertNameConstraints *firstNC = NULL;
- PKIX_PL_CertNameConstraints *secondNC = NULL;
- PKIX_List *firstPermittedList = NULL;
- PKIX_List *secondPermittedList = NULL;
- PKIX_List *firstExcludedList = NULL;
- PKIX_List *secondExcludedList = NULL;
- PKIX_UInt32 secondType;
- PKIX_Boolean cmpResult = PKIX_FALSE;
-
- PKIX_ENTER(CERTNAMECONSTRAINTS, "pkix_pl_CertNameConstraints_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- /* test that firstObject is a CertNameConstraints */
- PKIX_CHECK(pkix_CheckType
- (firstObject, PKIX_CERTNAMECONSTRAINTS_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTCERTNAMECONSTRAINTS);
-
- firstNC = (PKIX_PL_CertNameConstraints *)firstObject;
- secondNC = (PKIX_PL_CertNameConstraints *)secondObject;
-
- /*
- * Since we know firstObject is a CertNameConstraints, if both
- * references are identical, they must be equal
- */
- if (firstNC == secondNC){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If secondNC isn't a CertNameConstraints, we don't throw an error.
- * We simply return a Boolean result of FALSE
- */
- *pResult = PKIX_FALSE;
-
- PKIX_CHECK(PKIX_PL_Object_GetType
- ((PKIX_PL_Object *)secondNC, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
-
- if (secondType != PKIX_CERTNAMECONSTRAINTS_TYPE) {
- goto cleanup;
- }
-
- PKIX_CHECK(pkix_pl_CertNameConstraints_GetPermitted
- (firstNC, &firstPermittedList, plContext),
- PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED);
-
- PKIX_CHECK(pkix_pl_CertNameConstraints_GetPermitted
- (secondNC, &secondPermittedList, plContext),
- PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED);
-
- PKIX_EQUALS
- (firstPermittedList, secondPermittedList, &cmpResult, plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- if (cmpResult != PKIX_TRUE) {
- goto cleanup;
- }
-
- PKIX_CHECK(pkix_pl_CertNameConstraints_GetExcluded
- (firstNC, &firstExcludedList, plContext),
- PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED);
-
- PKIX_CHECK(pkix_pl_CertNameConstraints_GetExcluded
- (secondNC, &secondExcludedList, plContext),
- PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED);
-
- PKIX_EQUALS
- (firstExcludedList, secondExcludedList, &cmpResult, plContext,
- PKIX_OBJECTEQUALSFAILED);
-
- if (cmpResult != PKIX_TRUE) {
- goto cleanup;
- }
-
- /*
- * numNssNameConstraints is not checked because it is basically a
- * merge count, it cannot determine the data equality.
- */
-
- *pResult = PKIX_TRUE;
-
-cleanup:
-
- PKIX_DECREF(firstPermittedList);
- PKIX_DECREF(secondPermittedList);
- PKIX_DECREF(firstExcludedList);
- PKIX_DECREF(secondExcludedList);
-
- PKIX_RETURN(CERTNAMECONSTRAINTS);
-}
-
-/*
- * FUNCTION: pkix_pl_CertNameConstraints_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_CERTNAMECONSTRAINTS_TYPE and its related functions with
- * systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_CertNameConstraints_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(CERTNAMECONSTRAINTS,
- "pkix_pl_CertNameConstraints_RegisterSelf");
-
- entry.description = "CertNameConstraints";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_CertNameConstraints);
- entry.destructor = pkix_pl_CertNameConstraints_Destroy;
- entry.equalsFunction = pkix_pl_CertNameConstraints_Equals;
- entry.hashcodeFunction = pkix_pl_CertNameConstraints_Hashcode;
- entry.toStringFunction = pkix_pl_CertNameConstraints_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
-
- systemClasses[PKIX_CERTNAMECONSTRAINTS_TYPE] = entry;
-
- PKIX_RETURN(CERTNAMECONSTRAINTS);
-}
-
-/*
- * FUNCTION: pkix_pl_CertNameConstraints_Create_Helper
- *
- * DESCRIPTION:
- * This function retrieves name constraints in "nssNameConstraints",
- * converts and stores the result in a PKIX_PL_CertNameConstraints object.
- *
- * PARAMETERS
- * "nssNameConstraints"
- * Address of CERTNameConstraints that contains this object's data.
- * Must be non-NULL.
- * "pNameConstraints"
- * Address where object pointer will be stored. Must be non-NULL.
- * A NULL value will be returned if there is no Name Constraints extension.
- * "plContext" - Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a NameConstraints Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CertNameConstraints_Create_Helper(
- CERTNameConstraints *nssNameConstraints,
- PKIX_PL_CertNameConstraints **pNameConstraints,
- void *plContext)
-{
- PKIX_PL_CertNameConstraints *nameConstraints = NULL;
- CERTNameConstraints **nssNameConstraintPtr = NULL;
-
- PKIX_ENTER(CERTNAMECONSTRAINTS,
- "pkix_pl_CertNameConstraints_Create_Helper");
- PKIX_NULLCHECK_TWO(nssNameConstraints, pNameConstraints);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_CERTNAMECONSTRAINTS_TYPE,
- sizeof (PKIX_PL_CertNameConstraints),
- (PKIX_PL_Object **)&nameConstraints,
- plContext),
- PKIX_COULDNOTCREATECERTNAMECONSTRAINTSOBJECT);
-
- PKIX_CHECK(PKIX_PL_Malloc
- (sizeof (CERTNameConstraint *),
- (void *)&nssNameConstraintPtr,
- plContext),
- PKIX_MALLOCFAILED);
-
- nameConstraints->numNssNameConstraints = 1;
- nameConstraints->nssNameConstraintsList = nssNameConstraintPtr;
- *nssNameConstraintPtr = nssNameConstraints;
-
- nameConstraints->permittedList = NULL;
- nameConstraints->excludedList = NULL;
- nameConstraints->arena = NULL;
-
- *pNameConstraints = nameConstraints;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(nameConstraints);
- }
-
- PKIX_RETURN(CERTNAMECONSTRAINTS);
-}
-
-/*
- * FUNCTION: pkix_pl_CertNameConstraints_Create
- *
- * DESCRIPTION:
- * function that allocates and initialize the object CertNameConstraints.
- *
- * PARAMETERS
- * "nssCert"
- * Address of CERT that contains this object's data.
- * Must be non-NULL.
- * "pNameConstraints"
- * Address where object pointer will be stored. Must be non-NULL.
- * A NULL value will be returned if there is no Name Constraints extension.
- * "plContext" - Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a NameConstraints Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_CertNameConstraints_Create(
- CERTCertificate *nssCert,
- PKIX_PL_CertNameConstraints **pNameConstraints,
- void *plContext)
-{
- PKIX_PL_CertNameConstraints *nameConstraints = NULL;
- CERTNameConstraints *nssNameConstraints = NULL;
- PLArenaPool *arena = NULL;
- SECStatus status;
-
- PKIX_ENTER(CERTNAMECONSTRAINTS, "pkix_pl_CertNameConstraints_Create");
- PKIX_NULLCHECK_THREE(nssCert, pNameConstraints, nssCert->arena);
-
- PKIX_CERTNAMECONSTRAINTS_DEBUG("\t\tCalling PORT_NewArena).\n");
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- PKIX_CERTNAMECONSTRAINTS_DEBUG
- ("\t\tCalling CERT_FindNameConstraintsExten\n");
- status = CERT_FindNameConstraintsExten
- (arena, nssCert, &nssNameConstraints);
-
- if (status != SECSuccess) {
- PKIX_ERROR(PKIX_DECODINGCERTNAMECONSTRAINTSFAILED);
- }
-
- if (nssNameConstraints == NULL) {
- *pNameConstraints = NULL;
- if (arena){
- PKIX_CERTNAMECONSTRAINTS_DEBUG
- ("\t\tCalling PORT_FreeArena).\n");
- PORT_FreeArena(arena, PR_FALSE);
- }
- goto cleanup;
- }
-
- PKIX_CHECK(pkix_pl_CertNameConstraints_Create_Helper
- (nssNameConstraints, &nameConstraints, plContext),
- PKIX_CERTNAMECONSTRAINTSCREATEHELPERFAILED);
-
- nameConstraints->arena = arena;
-
- *pNameConstraints = nameConstraints;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- if (arena){
- PKIX_CERTNAMECONSTRAINTS_DEBUG
- ("\t\tCalling PORT_FreeArena).\n");
- PORT_FreeArena(arena, PR_FALSE);
- }
- }
-
- PKIX_RETURN(CERTNAMECONSTRAINTS);
-}
-
-/*
- * FUNCTION: pkix_pl_CertNameConstraints_CreateByMerge
- *
- * DESCRIPTION:
- *
- * This function allocates and creates a PKIX_PL_NameConstraint object
- * for merging. It also allocates CERTNameConstraints data space for the
- * merged NSS NameConstraints data.
- *
- * PARAMETERS
- * "pNameConstraints"
- * Address where object pointer will be stored and returned.
- * Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a NameConstraints Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CertNameConstraints_CreateByMerge(
- PKIX_PL_CertNameConstraints **pNameConstraints,
- void *plContext)
-{
- PKIX_PL_CertNameConstraints *nameConstraints = NULL;
- CERTNameConstraints *nssNameConstraints = NULL;
- PLArenaPool *arena = NULL;
-
- PKIX_ENTER(CERTNAMECONSTRAINTS,
- "pkix_pl_CertNameConstraints_CreateByMerge");
- PKIX_NULLCHECK_ONE(pNameConstraints);
-
- PKIX_CERTNAMECONSTRAINTS_DEBUG("\t\tCalling PORT_NewArena).\n");
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- PKIX_CERTNAMECONSTRAINTS_DEBUG("\t\tCalling PORT_ArenaZNew).\n");
- nssNameConstraints = PORT_ArenaZNew(arena, CERTNameConstraints);
- if (nssNameConstraints == NULL) {
- PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
- }
-
- nssNameConstraints->permited = NULL;
- nssNameConstraints->excluded = NULL;
- nssNameConstraints->DERPermited = NULL;
- nssNameConstraints->DERExcluded = NULL;
-
- PKIX_CHECK(pkix_pl_CertNameConstraints_Create_Helper
- (nssNameConstraints, &nameConstraints, plContext),
- PKIX_CERTNAMECONSTRAINTSCREATEHELPERFAILED);
-
- nameConstraints->arena = arena;
-
- *pNameConstraints = nameConstraints;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- if (arena){
- PKIX_CERTNAMECONSTRAINTS_DEBUG
- ("\t\tCalling PORT_FreeArena).\n");
- PORT_FreeArena(arena, PR_FALSE);
- }
- }
-
- PKIX_RETURN(CERTNAMECONSTRAINTS);
-}
-
-/*
- * FUNCTION: pkix_pl_CertNameConstraints_CopyNssNameConstraints
- *
- * DESCRIPTION:
- *
- * This function allocates and copies data to a NSS CERTNameConstraints from
- * the NameConstraints given by "srcNC" and stores the result at "pDestNC". It
- * copies items on both the permitted and excluded lists, but not the
- * DERPermited and DERExcluded.
- *
- * PARAMETERS
- * "arena"
- * Memory pool where object data is allocated from. Must be non-NULL.
- * "srcNC"
- * Address of the NameConstraints to copy from. Must be non-NULL.
- * "pDestNC"
- * Address where new copied object is stored and returned.
- * Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a NameConstraints Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_CertNameConstraints_CopyNssNameConstraints(
- PLArenaPool *arena,
- CERTNameConstraints *srcNC,
- CERTNameConstraints **pDestNC,
- void *plContext)
-{
- CERTNameConstraints *nssNameConstraints = NULL;
- CERTNameConstraint *nssNameConstraintHead = NULL;
- CERTNameConstraint *nssCurrent = NULL;
- CERTNameConstraint *nssCopyTo = NULL;
- CERTNameConstraint *nssCopyFrom = NULL;
-
- PKIX_ENTER(CERTNAMECONSTRAINTS,
- "pkix_pl_CertNameConstraints_CopyNssNameConstraints");
- PKIX_NULLCHECK_THREE(arena, srcNC, pDestNC);
-
- PKIX_CERTNAMECONSTRAINTS_DEBUG("\t\tCalling PORT_ArenaZNew).\n");
- nssNameConstraints = PORT_ArenaZNew(arena, CERTNameConstraints);
- if (nssNameConstraints == NULL) {
- PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
- }
-
- if (srcNC->permited) {
-
- nssCopyFrom = srcNC->permited;
-
- do {
-
- nssCopyTo = NULL;
- PKIX_CERTNAMECONSTRAINTS_DEBUG
- ("\t\tCalling CERT_CopyNameConstraint).\n");
- nssCopyTo = CERT_CopyNameConstraint
- (arena, nssCopyTo, nssCopyFrom);
- if (nssCopyTo == NULL) {
- PKIX_ERROR(PKIX_CERTCOPYNAMECONSTRAINTFAILED);
- }
- if (nssCurrent == NULL) {
- nssCurrent = nssNameConstraintHead = nssCopyTo;
- } else {
- PKIX_CERTNAMECONSTRAINTS_DEBUG
- ("\t\tCalling CERT_AddNameConstraint).\n");
- nssCurrent = CERT_AddNameConstraint
- (nssCurrent, nssCopyTo);
- }
-
- PKIX_CERTNAMECONSTRAINTS_DEBUG
- ("\t\tCalling CERT_GetNextNameConstrain).\n");
- nssCopyFrom = CERT_GetNextNameConstraint(nssCopyFrom);
-
- } while (nssCopyFrom != srcNC->permited);
-
- nssNameConstraints->permited = nssNameConstraintHead;
- }
-
- if (srcNC->excluded) {
-
- nssCurrent = NULL;
- nssCopyFrom = srcNC->excluded;
-
- do {
-
- /*
- * Cannot use CERT_DupGeneralNameList, which just increments
- * refcount. We need our own copy since arena is for each
- * PKIX_PL_NameConstraints. Perhaps contribute this code
- * as CERT_CopyGeneralNameList (in the future).
- */
- nssCopyTo = NULL;
- PKIX_CERTNAMECONSTRAINTS_DEBUG
- ("\t\tCalling CERT_CopyNameConstraint).\n");
- nssCopyTo = CERT_CopyNameConstraint
- (arena, nssCopyTo, nssCopyFrom);
- if (nssCopyTo == NULL) {
- PKIX_ERROR(PKIX_CERTCOPYNAMECONSTRAINTFAILED);
- }
- if (nssCurrent == NULL) {
- nssCurrent = nssNameConstraintHead = nssCopyTo;
- } else {
- PKIX_CERTNAMECONSTRAINTS_DEBUG
- ("\t\tCalling CERT_AddNameConstraint).\n");
- nssCurrent = CERT_AddNameConstraint
- (nssCurrent, nssCopyTo);
- }
-
- PKIX_CERTNAMECONSTRAINTS_DEBUG
- ("\t\tCalling CERT_GetNextNameConstrain).\n");
- nssCopyFrom = CERT_GetNextNameConstraint(nssCopyFrom);
-
- } while (nssCopyFrom != srcNC->excluded);
-
- nssNameConstraints->excluded = nssNameConstraintHead;
- }
-
- *pDestNC = nssNameConstraints;
-
-cleanup:
-
- PKIX_RETURN(CERTNAMECONSTRAINTS);
-}
-
-/*
- * FUNCTION: pkix_pl_CertNameConstraints_Merge
- *
- * DESCRIPTION:
- *
- * This function merges two NameConstraints pointed to by "firstNC" and
- * "secondNC" and stores the result in "pMergedNC".
- *
- * PARAMETERS
- * "firstNC"
- * Address of the first NameConstraints to be merged. Must be non-NULL.
- * "secondNC"
- * Address of the second NameConstraints to be merged. Must be non-NULL.
- * "pMergedNC"
- * Address where the merge result is stored and returned. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a NameConstraints Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_CertNameConstraints_Merge(
- PKIX_PL_CertNameConstraints *firstNC,
- PKIX_PL_CertNameConstraints *secondNC,
- PKIX_PL_CertNameConstraints **pMergedNC,
- void *plContext)
-{
- PKIX_PL_CertNameConstraints *nameConstraints = NULL;
- CERTNameConstraints **nssNCto = NULL;
- CERTNameConstraints **nssNCfrom = NULL;
- CERTNameConstraints *nssNameConstraints = NULL;
- PKIX_UInt32 numNssItems = 0;
- PKIX_UInt32 i;
-
- PKIX_ENTER(CERTNAMECONSTRAINTS, "pkix_pl_CertNameConstraints_Merge");
- PKIX_NULLCHECK_THREE(firstNC, secondNC, pMergedNC);
-
- PKIX_CHECK(pkix_pl_CertNameConstraints_CreateByMerge
- (&nameConstraints, plContext),
- PKIX_CERTNAMECONSTRAINTSCREATEBYMERGEFAILED);
-
- /* Merge NSSCertConstraint lists */
-
- numNssItems = firstNC->numNssNameConstraints +
- secondNC->numNssNameConstraints;
-
- /* Free the default space (only one entry) allocated by create */
- PKIX_CHECK(PKIX_PL_Free
- (nameConstraints->nssNameConstraintsList, plContext),
- PKIX_FREEFAILED);
-
- /* Reallocate the size we need */
- PKIX_CHECK(PKIX_PL_Malloc
- (numNssItems * sizeof (CERTNameConstraint *),
- (void *)&nssNCto,
- plContext),
- PKIX_MALLOCFAILED);
-
- nameConstraints->nssNameConstraintsList = nssNCto;
-
- nssNCfrom = firstNC->nssNameConstraintsList;
-
- for (i = 0; i < firstNC->numNssNameConstraints; i++) {
-
- PKIX_CHECK(pkix_pl_CertNameConstraints_CopyNssNameConstraints
- (nameConstraints->arena,
- *nssNCfrom,
- &nssNameConstraints,
- plContext),
- PKIX_CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED);
-
- *nssNCto = nssNameConstraints;
-
- nssNCto++;
- nssNCfrom++;
- }
-
- nssNCfrom = secondNC->nssNameConstraintsList;
-
- for (i = 0; i < secondNC->numNssNameConstraints; i++) {
-
- PKIX_CHECK(pkix_pl_CertNameConstraints_CopyNssNameConstraints
- (nameConstraints->arena,
- *nssNCfrom,
- &nssNameConstraints,
- plContext),
- PKIX_CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED);
-
- *nssNCto = nssNameConstraints;
-
- nssNCto++;
- nssNCfrom++;
- }
-
- nameConstraints->numNssNameConstraints = numNssItems;
- nameConstraints->permittedList = NULL;
- nameConstraints->excludedList = NULL;
-
- *pMergedNC = nameConstraints;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(nameConstraints);
- }
-
- PKIX_RETURN(CERTNAMECONSTRAINTS);
-}
-
-/* --Public-NameConstraints-Functions-------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_CertNameConstraints_CheckNamesInNameSpace
- * (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_CertNameConstraints_CheckNamesInNameSpace(
- PKIX_List *nameList, /* List of PKIX_PL_GeneralName */
- PKIX_PL_CertNameConstraints *nameConstraints,
- PKIX_Boolean *pCheckPass,
- void *plContext)
-{
- CERTNameConstraints **nssNameConstraintsList = NULL;
- CERTNameConstraints *nssNameConstraints = NULL;
- CERTGeneralName *nssMatchName = NULL;
- PRArenaPool *arena = NULL;
- PKIX_PL_GeneralName *name = NULL;
- PKIX_UInt32 numNameItems = 0;
- PKIX_UInt32 numNCItems = 0;
- PKIX_UInt32 i, j;
- SECStatus status = SECSuccess;
-
- PKIX_ENTER(CERTNAMECONSTRAINTS,
- "PKIX_PL_CertNameConstraints_CheckNamesInNameSpace");
- PKIX_NULLCHECK_TWO(nameConstraints, pCheckPass);
-
- *pCheckPass = PKIX_TRUE;
-
- if (nameList != NULL) {
-
- PKIX_CERTNAMECONSTRAINTS_DEBUG("\t\tCalling PORT_NewArena\n");
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- nssNameConstraintsList =
- nameConstraints->nssNameConstraintsList;
- PKIX_NULLCHECK_ONE(nssNameConstraintsList);
- numNCItems = nameConstraints->numNssNameConstraints;
-
- PKIX_CHECK(PKIX_List_GetLength
- (nameList, &numNameItems, plContext),
- PKIX_LISTGETLENGTHFAILED);
-
- for (i = 0; i < numNameItems; i++) {
-
- PKIX_CHECK(PKIX_List_GetItem
- (nameList,
- i,
- (PKIX_PL_Object **) &name,
- plContext),
- PKIX_LISTGETITEMFAILED);
-
- PKIX_CHECK(pkix_pl_GeneralName_GetNssGeneralName
- (name, &nssMatchName, plContext),
- PKIX_GENERALNAMEGETNSSGENERALNAMEFAILED);
-
- PKIX_DECREF(name);
-
- for (j = 0; j < numNCItems; j++) {
-
- nssNameConstraints = *(nssNameConstraintsList + j);
- PKIX_NULLCHECK_ONE(nssNameConstraints);
-
- PKIX_CERTNAMECONSTRAINTS_DEBUG
- ("\t\tCalling CERT_CheckNameSpace\n");
- status = CERT_CheckNameSpace
- (arena, nssNameConstraints, nssMatchName);
- if (status != SECSuccess) {
- break;
- }
-
- }
-
- if (status != SECSuccess) {
- break;
- }
-
- }
- }
-
- if (status == SECFailure) {
- *pCheckPass = PKIX_FALSE;
- }
-
-cleanup:
-
- if (arena){
- PKIX_CERTNAMECONSTRAINTS_DEBUG
- ("\t\tCalling PORT_FreeArena).\n");
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- PKIX_RETURN(CERTNAMECONSTRAINTS);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.h
deleted file mode 100644
index 92e4a3d25..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.h
+++ /dev/null
@@ -1,101 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_nameconstraints.h
- *
- * Name Constraints Object Definitions
- *
- */
-
-#ifndef _PKIX_PL_NAMECONSTRAINTS_H
-#define _PKIX_PL_NAMECONSTRAINTS_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_CertNameConstraintsStruct {
- PLArenaPool *arena;
- CERTNameConstraints **nssNameConstraintsList;
- PKIX_UInt32 numNssNameConstraints;
- PKIX_List *permittedList; /* list of PKIX_PL_GeneralName */
- PKIX_List *excludedList; /* list of PKIX_PL_GeneralName */
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_pl_CertNameConstraints_RegisterSelf(void *plContext);
-
-PKIX_Error *pkix_pl_CertNameConstraints_Create(
- CERTCertificate *nssCert,
- PKIX_PL_CertNameConstraints **pNameConstraints,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_CertNameConstraints_CreateWithNames(
- PKIX_List *names, /* List of PKIX_PL_GeneralName */
- PKIX_PL_CertNameConstraints **pNameConstraints,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_CertNameConstraints_CheckNameSpaceNssNames(
- CERTGeneralName *nssSubjectNames,
- PKIX_PL_CertNameConstraints *nameConstraints,
- PKIX_Boolean *pCheckPass,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_CertNameConstraints_CheckNameSpacePkixNames(
- PKIX_List *nameList,
- PKIX_PL_CertNameConstraints *nameConstraints,
- PKIX_Boolean *pCheckPass,
- void *plContext);
-
-
-PKIX_Error *pkix_pl_CertNameConstraints_Merge(
- PKIX_PL_CertNameConstraints *firstNC,
- PKIX_PL_CertNameConstraints *secondNC,
- PKIX_PL_CertNameConstraints **pMergedNC,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_NAMECONSTRAINTS_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspcertid.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspcertid.c
deleted file mode 100644
index 452d0a240..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspcertid.c
+++ /dev/null
@@ -1,283 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Red Hat, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Red Hat, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_ocspcertid.c
- *
- * Certificate ID Object for OCSP
- *
- */
-
-#include "pkix_pl_ocspcertid.h"
-
-/* --Private-Cert-Functions------------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_OcspCertID_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_OcspCertID_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_OcspCertID *certID = NULL;
-
- PKIX_ENTER(OCSPCERTID, "pkix_pl_OcspCertID_Destroy");
-
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_OCSPCERTID_TYPE, plContext),
- PKIX_OBJECTNOTOCSPCERTID);
-
- certID = (PKIX_PL_OcspCertID *)object;
-
- if (certID->certID) {
- CERT_DestroyOCSPCertID(certID->certID);
- }
-
-cleanup:
-
- PKIX_RETURN(OCSPCERTID);
-}
-
-/*
- * FUNCTION: pkix_pl_OcspCertID_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_PUBLICKEY_TYPE and its related functions
- * with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_OcspCertID_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(OCSPCERTID, "pkix_pl_OcspCertID_RegisterSelf");
-
- entry.description = "OcspCertID";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_OcspCertID);
- entry.destructor = pkix_pl_OcspCertID_Destroy;
- entry.equalsFunction = NULL;
- entry.hashcodeFunction = NULL;
- entry.toStringFunction = NULL;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
- systemClasses[PKIX_OCSPCERTID_TYPE] = entry;
-
- PKIX_RETURN(OCSPCERTID);
-}
-
-/* --Public-Functions------------------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_OcspCertID_Create
- * DESCRIPTION:
- *
- * This function creates an OcspCertID for a given certificate,
- * to be used with OCSP transactions.
- *
- * If a Date is provided in "validity" it may be used in the search for the
- * issuer of "cert" but has no effect on the request itself.
- *
- * PARAMETERS:
- * "cert"
- * Address of the Cert for which an OcspCertID is to be created. Must be
- * non-NULL.
- * "validity"
- * Address of the Date for which the Cert's validity is to be determined.
- * May be NULL.
- * "object"
- * Address at which the result is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an OcspCertID Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_OcspCertID_Create(
- PKIX_PL_Cert *cert,
- PKIX_PL_Date *validity,
- PKIX_PL_OcspCertID **object,
- void *plContext)
-{
- PKIX_PL_OcspCertID *cid = NULL;
- int64 time = 0;
-
- PKIX_ENTER(DATE, "PKIX_PL_OcspCertID_Create");
- PKIX_NULLCHECK_TWO(cert, object);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_OCSPCERTID_TYPE,
- sizeof (PKIX_PL_OcspCertID),
- (PKIX_PL_Object **)&cid,
- plContext),
- PKIX_COULDNOTCREATEOBJECT);
-
- if (validity != NULL) {
- PKIX_CHECK(pkix_pl_Date_GetPRTime(validity, &time, plContext),
- PKIX_DATEGETPRTIMEFAILED);
- } else {
- time = PR_Now();
- }
-
- cid->certID = CERT_CreateOCSPCertID(cert->nssCert, time);
- if (!cid->certID) {
- PKIX_ERROR(PKIX_COULDNOTCREATEOBJECT);
- }
-
- *object = cid;
- cid = NULL;
-cleanup:
- PKIX_DECREF(cid);
- PKIX_RETURN(OCSPCERTID);
-}
-
-/*
- * FUNCTION: PKIX_PL_OcspCertID_GetFreshCacheStatus
- * DESCRIPTION:
- *
- * This function may return cached OCSP results for the provided
- * certificate, but only if stored information is still considered to be
- * fresh.
- *
- * PARAMETERS
- * "cid"
- * A certificate ID as used by OCSP
- * "validity"
- * Optional date parameter to request validity for a specifc time.
- * "hasFreshStatus"
- * Output parameter, if the function successed to find fresh cached
- * information, this will be set to true. Must be non-NULL.
- * "statusIsGood"
- * The good/bad result stored in the cache. Must be non-NULL.
- * "missingResponseError"
- * If OCSP status is "bad", this variable may indicate the exact
- * reason why the previous OCSP request had failed.
- * "plContext"
- * Platform-specific context pointer.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an OcspCertID Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_OcspCertID_GetFreshCacheStatus(
- PKIX_PL_OcspCertID *cid,
- PKIX_PL_Date *validity,
- PKIX_Boolean *hasFreshStatus,
- PKIX_Boolean *statusIsGood,
- SECErrorCodes *missingResponseError,
- void *plContext)
-{
- int64 time = 0;
- SECStatus rv;
- SECStatus rvOcsp;
-
- PKIX_ENTER(DATE, "PKIX_PL_OcspCertID_GetFreshCacheStatus");
- PKIX_NULLCHECK_THREE(cid, hasFreshStatus, statusIsGood);
-
- if (validity != NULL) {
- PKIX_CHECK(pkix_pl_Date_GetPRTime(validity, &time, plContext),
- PKIX_DATEGETPRTIMEFAILED);
- } else {
- time = PR_Now();
- }
-
- rv = ocsp_GetCachedOCSPResponseStatusIfFresh(
- cid->certID, time, PR_TRUE, /*ignoreGlobalOcspFailureSetting*/
- &rvOcsp, missingResponseError);
-
- *hasFreshStatus = (rv == SECSuccess);
- if (*hasFreshStatus) {
- *statusIsGood = (rvOcsp == SECSuccess);
- }
-cleanup:
- PKIX_RETURN(OCSPCERTID);
-}
-
-/*
- * FUNCTION: PKIX_PL_OcspCertID_RememberOCSPProcessingFailure
- * DESCRIPTION:
- *
- * Information about the current failure associated to the given certID
- * will be remembered in the cache, potentially allowing future calls
- * to prevent repetitive OCSP requests.
- * After this function got called, it may no longer be safe to
- * use the provided cid parameter, because ownership might have been
- * transfered to the cache. This status will be recorded inside the
- * cid object.
- *
- * PARAMETERS
- * "cid"
- * The certificate ID associated to a failed OCSP processing.
- * "plContext"
- * Platform-specific context pointer.
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an OcspCertID Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-PKIX_PL_OcspCertID_RememberOCSPProcessingFailure(
- PKIX_PL_OcspCertID *cid,
- void *plContext)
-{
- PRBool certIDWasConsumed = PR_FALSE;
-
- PKIX_ENTER(DATE, "PKIX_PL_OcspCertID_RememberOCSPProcessingFailure");
- PKIX_NULLCHECK_TWO(cid, cid->certID);
-
- cert_RememberOCSPProcessingFailure(cid->certID, &certIDWasConsumed);
-
- if (certIDWasConsumed) {
- cid->certID = NULL;
- }
-
- PKIX_RETURN(OCSPCERTID);
-}
-
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspcertid.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspcertid.h
deleted file mode 100644
index d36b19493..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspcertid.h
+++ /dev/null
@@ -1,86 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Red Hat, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2008 Red Hat, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Red Hat, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_ocspcertid.h
- *
- * Public Key Object Definitions
- *
- */
-
-#ifndef _PKIX_PL_OCSPCERTID_H
-#define _PKIX_PL_OCSPCERTID_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_OcspCertIDStruct {
- CERTOCSPCertID *certID;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_pl_OcspCertID_RegisterSelf(void *plContext);
-
-PKIX_Error *
-PKIX_PL_OcspCertID_Create(
- PKIX_PL_Cert *cert,
- PKIX_PL_Date *validity,
- PKIX_PL_OcspCertID **object,
- void *plContext);
-
-PKIX_Error *
-PKIX_PL_OcspCertID_GetFreshCacheStatus(
- PKIX_PL_OcspCertID *cid,
- PKIX_PL_Date *validity,
- PKIX_Boolean *hasFreshStatus,
- PKIX_Boolean *statusIsGood,
- SECErrorCodes *missingResponseError,
- void *plContext);
-
-PKIX_Error *
-PKIX_PL_OcspCertID_RememberOCSPProcessingFailure(
- PKIX_PL_OcspCertID *cid,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_OCSPCERTID_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c
deleted file mode 100644
index 6cab3fe70..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c
+++ /dev/null
@@ -1,474 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_ocsprequest.c
- *
- */
-
-#include "pkix_pl_ocsprequest.h"
-
-/* --Private-OcspRequest-Functions------------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_OcspRequest_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_OcspRequest_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_OcspRequest *ocspReq = NULL;
-
- PKIX_ENTER(OCSPREQUEST, "pkix_pl_OcspRequest_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_OCSPREQUEST_TYPE, plContext),
- PKIX_OBJECTNOTOCSPREQUEST);
-
- ocspReq = (PKIX_PL_OcspRequest *)object;
-
- if (ocspReq->decoded != NULL) {
- CERT_DestroyOCSPRequest(ocspReq->decoded);
- }
-
- if (ocspReq->encoded != NULL) {
- SECITEM_FreeItem(ocspReq->encoded, PR_TRUE);
- }
-
- if (ocspReq->location != NULL) {
- PORT_Free(ocspReq->location);
- }
-
- PKIX_DECREF(ocspReq->cert);
- PKIX_DECREF(ocspReq->validity);
- PKIX_DECREF(ocspReq->signerCert);
-
-cleanup:
-
- PKIX_RETURN(OCSPREQUEST);
-}
-
-/*
- * FUNCTION: pkix_pl_OcspRequest_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_OcspRequest_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_UInt32 certHash = 0;
- PKIX_UInt32 dateHash = 0;
- PKIX_UInt32 extensionHash = 0;
- PKIX_UInt32 signerHash = 0;
- PKIX_PL_OcspRequest *ocspRq = NULL;
-
- PKIX_ENTER(OCSPREQUEST, "pkix_pl_OcspRequest_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_OCSPREQUEST_TYPE, plContext),
- PKIX_OBJECTNOTOCSPREQUEST);
-
- ocspRq = (PKIX_PL_OcspRequest *)object;
-
- *pHashcode = 0;
-
- PKIX_HASHCODE(ocspRq->cert, &certHash, plContext,
- PKIX_CERTHASHCODEFAILED);
-
- PKIX_HASHCODE(ocspRq->validity, &dateHash, plContext,
- PKIX_DATEHASHCODEFAILED);
-
- if (ocspRq->addServiceLocator == PKIX_TRUE) {
- extensionHash = 0xff;
- }
-
- PKIX_HASHCODE(ocspRq->signerCert, &signerHash, plContext,
- PKIX_CERTHASHCODEFAILED);
-
- *pHashcode = (((((extensionHash << 8) || certHash) << 8) ||
- dateHash) << 8) || signerHash;
-
-cleanup:
-
- PKIX_RETURN(OCSPREQUEST);
-
-}
-
-/*
- * FUNCTION: pkix_pl_OcspRequest_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_OcspRequest_Equals(
- PKIX_PL_Object *firstObj,
- PKIX_PL_Object *secondObj,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_Boolean match = PKIX_FALSE;
- PKIX_UInt32 secondType = 0;
- PKIX_PL_OcspRequest *firstReq = NULL;
- PKIX_PL_OcspRequest *secondReq = NULL;
-
- PKIX_ENTER(OCSPREQUEST, "pkix_pl_OcspRequest_Equals");
- PKIX_NULLCHECK_THREE(firstObj, secondObj, pResult);
-
- /* test that firstObj is a OcspRequest */
- PKIX_CHECK(pkix_CheckType(firstObj, PKIX_OCSPREQUEST_TYPE, plContext),
- PKIX_FIRSTOBJARGUMENTNOTOCSPREQUEST);
-
- /*
- * Since we know firstObj is a OcspRequest, if both references are
- * identical, they must be equal
- */
- if (firstObj == secondObj){
- match = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If secondObj isn't a OcspRequest, we don't throw an error.
- * We simply return a Boolean result of FALSE
- */
- PKIX_CHECK(PKIX_PL_Object_GetType
- (secondObj, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
- if (secondType != PKIX_OCSPREQUEST_TYPE) {
- goto cleanup;
- }
-
- firstReq = (PKIX_PL_OcspRequest *)firstObj;
- secondReq = (PKIX_PL_OcspRequest *)secondObj;
-
- if (firstReq->addServiceLocator != secondReq->addServiceLocator) {
- goto cleanup;
- }
-
- PKIX_EQUALS(firstReq->cert, secondReq->cert, &match, plContext,
- PKIX_CERTEQUALSFAILED);
-
- if (match == PKIX_FALSE) {
- goto cleanup;
- }
-
- PKIX_EQUALS(firstReq->validity, secondReq->validity, &match, plContext,
- PKIX_DATEEQUALSFAILED);
-
- if (match == PKIX_FALSE) {
- goto cleanup;
- }
-
- PKIX_EQUALS
- (firstReq->signerCert, secondReq->signerCert, &match, plContext,
- PKIX_CERTEQUALSFAILED);
-
-cleanup:
-
- *pResult = match;
-
- PKIX_RETURN(OCSPREQUEST);
-}
-
-/*
- * FUNCTION: pkix_pl_OcspRequest_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_OCSPREQUEST_TYPE and its related functions with
- * systemClasses[]
- * PARAMETERS:
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_OcspRequest_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(OCSPREQUEST, "pkix_pl_OcspRequest_RegisterSelf");
-
- entry.description = "OcspRequest";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_OcspRequest);
- entry.destructor = pkix_pl_OcspRequest_Destroy;
- entry.equalsFunction = pkix_pl_OcspRequest_Equals;
- entry.hashcodeFunction = pkix_pl_OcspRequest_Hashcode;
- entry.toStringFunction = NULL;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
-
- systemClasses[PKIX_OCSPREQUEST_TYPE] = entry;
-
- PKIX_RETURN(OCSPREQUEST);
-}
-
-/* --Public-Functions------------------------------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_OcspRequest_Create
- * DESCRIPTION:
- *
- * This function creates an OcspRequest to be used in validating the Cert
- * pointed to by "cert" and storing the result at "pRequest". If a URI
- * is found for an OCSP responder, PKIX_TRUE is stored at "pURIFound". If no
- * URI is found, PKIX_FALSE is stored.
- *
- * If a Date is provided in "validity" it may be used in the search for the
- * issuer of "cert" but has no effect on the request itself. If
- * "addServiceLocator" is TRUE, the AddServiceLocator extension will be
- * included in the Request. If "signerCert" is provided it will be used to sign
- * the Request. (Note: this signed request feature is not currently supported.)
- *
- * PARAMETERS:
- * "cert"
- * Address of the Cert for which an OcspRequest is to be created. Must be
- * non-NULL.
- * "validity"
- * Address of the Date for which the Cert's validity is to be determined.
- * May be NULL.
- * "signerCert"
- * Address of the Cert to be used, if present, in signing the request.
- * May be NULL.
- * "pRequest"
- * Address at which the result is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an OcspRequest Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_OcspRequest_Create(
- PKIX_PL_Cert *cert,
- PKIX_PL_OcspCertID *cid,
- PKIX_PL_Date *validity,
- PKIX_PL_Cert *signerCert,
- PKIX_UInt32 methodFlags,
- PKIX_Boolean *pURIFound,
- PKIX_PL_OcspRequest **pRequest,
- void *plContext)
-{
- PKIX_PL_OcspRequest *ocspRequest = NULL;
-
- CERTCertDBHandle *handle = NULL;
- SECStatus rv = SECFailure;
- SECItem *encoding = NULL;
- CERTOCSPRequest *certRequest = NULL;
- int64 time = 0;
- PRBool addServiceLocatorExtension = PR_FALSE;
- CERTCertificate *nssCert = NULL;
- CERTCertificate *nssSignerCert = NULL;
- char *location = NULL;
- PRErrorCode locError = 0;
- PKIX_Boolean canUseDefaultSource = PKIX_FALSE;
-
- PKIX_ENTER(OCSPREQUEST, "pkix_pl_OcspRequest_Create");
- PKIX_NULLCHECK_TWO(cert, pRequest);
-
- /* create a PKIX_PL_OcspRequest object */
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_OCSPREQUEST_TYPE,
- sizeof (PKIX_PL_OcspRequest),
- (PKIX_PL_Object **)&ocspRequest,
- plContext),
- PKIX_COULDNOTCREATEOBJECT);
-
- PKIX_INCREF(cert);
- ocspRequest->cert = cert;
-
- PKIX_INCREF(validity);
- ocspRequest->validity = validity;
-
- PKIX_INCREF(signerCert);
- ocspRequest->signerCert = signerCert;
-
- ocspRequest->decoded = NULL;
- ocspRequest->encoded = NULL;
-
- ocspRequest->location = NULL;
-
- nssCert = cert->nssCert;
-
- /*
- * Does this Cert have an Authority Information Access extension with
- * the URI of an OCSP responder?
- */
- handle = CERT_GetDefaultCertDB();
-
- if (!(methodFlags & PKIX_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE)) {
- canUseDefaultSource = PKIX_TRUE;
- }
- location = ocsp_GetResponderLocation(handle, nssCert,
- canUseDefaultSource,
- &addServiceLocatorExtension);
- if (location == NULL) {
- locError = PORT_GetError();
- if (locError == SEC_ERROR_EXTENSION_NOT_FOUND ||
- locError == SEC_ERROR_CERT_BAD_ACCESS_LOCATION) {
- PORT_SetError(0);
- *pURIFound = PKIX_FALSE;
- goto cleanup;
- }
- PKIX_ERROR(PKIX_ERRORFINDINGORPROCESSINGURI);
- }
-
- ocspRequest->location = location;
- *pURIFound = PKIX_TRUE;
-
- if (signerCert != NULL) {
- nssSignerCert = signerCert->nssCert;
- }
-
- if (validity != NULL) {
- PKIX_CHECK(pkix_pl_Date_GetPRTime(validity, &time, plContext),
- PKIX_DATEGETPRTIMEFAILED);
- } else {
- time = PR_Now();
- }
-
- certRequest = cert_CreateSingleCertOCSPRequest(
- cid->certID, cert->nssCert, time,
- addServiceLocatorExtension, nssSignerCert);
-
- ocspRequest->decoded = certRequest;
-
- if (certRequest == NULL) {
- PKIX_ERROR(PKIX_UNABLETOCREATECERTOCSPREQUEST);
- }
-
- rv = CERT_AddOCSPAcceptableResponses(
- certRequest, SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
-
- if (rv == SECFailure) {
- PKIX_ERROR(PKIX_UNABLETOADDACCEPTABLERESPONSESTOREQUEST);
- }
-
- encoding = CERT_EncodeOCSPRequest(NULL, certRequest, NULL);
-
- ocspRequest->encoded = encoding;
-
- *pRequest = ocspRequest;
- ocspRequest = NULL;
-
-cleanup:
- PKIX_DECREF(ocspRequest);
-
- PKIX_RETURN(OCSPREQUEST);
-}
-
-/*
- * FUNCTION: pkix_pl_OcspRequest_GetEncoded
- * DESCRIPTION:
- *
- * This function obtains the encoded message from the OcspRequest pointed to
- * by "request", storing the result at "pRequest".
- *
- * PARAMETERS
- * "request"
- * The address of the OcspRequest whose encoded message is to be
- * retrieved. Must be non-NULL.
- * "pRequest"
- * The address at which is stored the address of the encoded message. Must
- * be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_OcspRequest_GetEncoded(
- PKIX_PL_OcspRequest *request,
- SECItem **pRequest,
- void *plContext)
-{
- PKIX_ENTER(OCSPREQUEST, "pkix_pl_OcspRequest_GetEncoded");
- PKIX_NULLCHECK_TWO(request, pRequest);
-
- *pRequest = request->encoded;
-
- PKIX_RETURN(OCSPREQUEST);
-}
-
-/*
- * FUNCTION: pkix_pl_OcspRequest_GetLocation
- * DESCRIPTION:
- *
- * This function obtains the location from the OcspRequest pointed to
- * by "request", storing the result at "pLocation".
- *
- * PARAMETERS
- * "request"
- * The address of the OcspRequest whose encoded message is to be
- * retrieved. Must be non-NULL.
- * "pLocation"
- * The address at which is stored the address of the location. Must
- * be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_OcspRequest_GetLocation(
- PKIX_PL_OcspRequest *request,
- char **pLocation,
- void *plContext)
-{
- PKIX_ENTER(OCSPREQUEST, "pkix_pl_OcspRequest_GetLocation");
- PKIX_NULLCHECK_TWO(request, pLocation);
-
- *pLocation = request->location;
-
- PKIX_RETURN(OCSPREQUEST);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.h
deleted file mode 100644
index c23c599de..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.h
+++ /dev/null
@@ -1,94 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_ocsprequest.h
- *
- * OcspRequest Object Definitions
- *
- */
-
-#ifndef _PKIX_PL_OCSPREQUEST_H
-#define _PKIX_PL_OCSPREQUEST_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_OcspRequestStruct{
- PKIX_PL_Cert *cert;
- PKIX_PL_Date *validity;
- PKIX_Boolean addServiceLocator;
- PKIX_PL_Cert *signerCert;
- CERTOCSPRequest *decoded;
- SECItem *encoded;
- char *location;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *
-pkix_pl_OcspRequest_Create(
- PKIX_PL_Cert *cert,
- PKIX_PL_OcspCertID *cid,
- PKIX_PL_Date *validity,
- PKIX_PL_Cert *signerCert,
- PKIX_UInt32 methodFlags,
- PKIX_Boolean *pURIFound,
- PKIX_PL_OcspRequest **pRequest,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_OcspRequest_GetEncoded(
- PKIX_PL_OcspRequest *request,
- SECItem **pRequest,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_OcspRequest_GetLocation(
- PKIX_PL_OcspRequest *request,
- char **pLocation,
- void *plContext);
-
-PKIX_Error *pkix_pl_OcspRequest_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_OCSPREQUEST_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.c
deleted file mode 100644
index 86ad8a498..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.c
+++ /dev/null
@@ -1,1012 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_ocspresponse.c
- *
- */
-
-#include "pkix_pl_ocspresponse.h"
-
-/* ----Public functions------------------------------------- */
-/*
- * This is the libpkix replacement for CERT_VerifyOCSPResponseSignature.
- * It is used if it has been set as the verifyFcn member of ocspChecker.
- */
-PKIX_Error *
-PKIX_PL_OcspResponse_UseBuildChain(
- PKIX_PL_Cert *signerCert,
- PKIX_PL_Date *producedAt,
- PKIX_ProcessingParams *procParams,
- void **pNBIOContext,
- void **pState,
- PKIX_BuildResult **pBuildResult,
- PKIX_VerifyNode **pVerifyTree,
- void *plContext)
-{
- PKIX_ProcessingParams *caProcParams = NULL;
- PKIX_PL_Date *date = NULL;
- PKIX_ComCertSelParams *certSelParams = NULL;
- PKIX_CertSelector *certSelector = NULL;
- void *nbioContext = NULL;
- PKIX_Error *buildError = NULL;
-
- PKIX_ENTER(OCSPRESPONSE, "pkix_OcspResponse_UseBuildChain");
- PKIX_NULLCHECK_THREE(signerCert, producedAt, procParams);
- PKIX_NULLCHECK_THREE(pNBIOContext, pState, pBuildResult);
-
- nbioContext = *pNBIOContext;
- *pNBIOContext = NULL;
-
- /* Are we resuming after a WOULDBLOCK return, or starting anew ? */
- if (nbioContext == NULL) {
- /* Starting anew */
- PKIX_CHECK(PKIX_PL_Object_Duplicate
- ((PKIX_PL_Object *)procParams,
- (PKIX_PL_Object **)&caProcParams,
- plContext),
- PKIX_OBJECTDUPLICATEFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_SetDate(procParams, date, plContext),
- PKIX_PROCESSINGPARAMSSETDATEFAILED);
-
- /* create CertSelector with target certificate in params */
-
- PKIX_CHECK(PKIX_CertSelector_Create
- (NULL, NULL, &certSelector, plContext),
- PKIX_CERTSELECTORCREATEFAILED);
-
- PKIX_CHECK(PKIX_ComCertSelParams_Create
- (&certSelParams, plContext),
- PKIX_COMCERTSELPARAMSCREATEFAILED);
-
- PKIX_CHECK(PKIX_ComCertSelParams_SetCertificate
- (certSelParams, signerCert, plContext),
- PKIX_COMCERTSELPARAMSSETCERTIFICATEFAILED);
-
- PKIX_CHECK(PKIX_CertSelector_SetCommonCertSelectorParams
- (certSelector, certSelParams, plContext),
- PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED);
-
- PKIX_CHECK(PKIX_ProcessingParams_SetTargetCertConstraints
- (caProcParams, certSelector, plContext),
- PKIX_PROCESSINGPARAMSSETTARGETCERTCONSTRAINTSFAILED);
- }
-
- buildError = PKIX_BuildChain
- (caProcParams,
- &nbioContext,
- pState,
- pBuildResult,
- pVerifyTree,
- plContext);
-
- /* non-null nbioContext means the build would block */
- if (nbioContext != NULL) {
-
- *pNBIOContext = nbioContext;
-
- /* no buildResult means the build has failed */
- } else if (buildError) {
- pkixErrorResult = buildError;
- buildError = NULL;
- } else {
- PKIX_DECREF(*pState);
- }
-
-cleanup:
-
- PKIX_DECREF(caProcParams);
- PKIX_DECREF(date);
- PKIX_DECREF(certSelParams);
- PKIX_DECREF(certSelector);
-
- PKIX_RETURN(OCSPRESPONSE);
-}
-
-/* --Private-OcspResponse-Functions------------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_OcspResponse_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_OcspResponse_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_OcspResponse *ocspRsp = NULL;
- const SEC_HttpClientFcn *httpClient = NULL;
- const SEC_HttpClientFcnV1 *hcv1 = NULL;
-
- PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_OCSPRESPONSE_TYPE, plContext),
- PKIX_OBJECTNOTANOCSPRESPONSE);
-
- ocspRsp = (PKIX_PL_OcspResponse *)object;
-
- if (ocspRsp->nssOCSPResponse != NULL) {
- CERT_DestroyOCSPResponse(ocspRsp->nssOCSPResponse);
- ocspRsp->nssOCSPResponse = NULL;
- }
-
- if (ocspRsp->signerCert != NULL) {
- CERT_DestroyCertificate(ocspRsp->signerCert);
- ocspRsp->signerCert = NULL;
- }
-
- httpClient = (const SEC_HttpClientFcn *)(ocspRsp->httpClient);
-
- if (httpClient && (httpClient->version == 1)) {
-
- hcv1 = &(httpClient->fcnTable.ftable1);
-
- if (ocspRsp->sessionRequest != NULL) {
- (*hcv1->freeFcn)(ocspRsp->sessionRequest);
- ocspRsp->sessionRequest = NULL;
- }
-
- if (ocspRsp->serverSession != NULL) {
- (*hcv1->freeSessionFcn)(ocspRsp->serverSession);
- ocspRsp->serverSession = NULL;
- }
- }
-
- if (ocspRsp->arena != NULL) {
- PORT_FreeArena(ocspRsp->arena, PR_FALSE);
- ocspRsp->arena = NULL;
- }
-
- PKIX_DECREF(ocspRsp->producedAtDate);
- PKIX_DECREF(ocspRsp->pkixSignerCert);
- PKIX_DECREF(ocspRsp->request);
-
-cleanup:
-
- PKIX_RETURN(OCSPRESPONSE);
-}
-
-/*
- * FUNCTION: pkix_pl_OcspResponse_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_OcspResponse_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_PL_OcspResponse *ocspRsp = NULL;
-
- PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_OCSPRESPONSE_TYPE, plContext),
- PKIX_OBJECTNOTANOCSPRESPONSE);
-
- ocspRsp = (PKIX_PL_OcspResponse *)object;
-
- if (ocspRsp->encodedResponse->data == NULL) {
- *pHashcode = 0;
- } else {
- PKIX_CHECK(pkix_hash
- (ocspRsp->encodedResponse->data,
- ocspRsp->encodedResponse->len,
- pHashcode,
- plContext),
- PKIX_HASHFAILED);
- }
-
-cleanup:
-
- PKIX_RETURN(OCSPRESPONSE);
-}
-
-/*
- * FUNCTION: pkix_pl_OcspResponse_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_OcspResponse_Equals(
- PKIX_PL_Object *firstObj,
- PKIX_PL_Object *secondObj,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_UInt32 secondType = 0;
- PKIX_UInt32 firstLen = 0;
- PKIX_UInt32 i = 0;
- PKIX_PL_OcspResponse *rsp1 = NULL;
- PKIX_PL_OcspResponse *rsp2 = NULL;
- const unsigned char *firstData = NULL;
- const unsigned char *secondData = NULL;
-
- PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_Equals");
- PKIX_NULLCHECK_THREE(firstObj, secondObj, pResult);
-
- /* test that firstObj is a OcspResponse */
- PKIX_CHECK(pkix_CheckType(firstObj, PKIX_OCSPRESPONSE_TYPE, plContext),
- PKIX_FIRSTOBJARGUMENTNOTANOCSPRESPONSE);
-
- /*
- * Since we know firstObj is a OcspResponse, if both references are
- * identical, they must be equal
- */
- if (firstObj == secondObj){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If secondObj isn't a OcspResponse, we don't throw an error.
- * We simply return a Boolean result of FALSE
- */
- *pResult = PKIX_FALSE;
- PKIX_CHECK(PKIX_PL_Object_GetType(secondObj, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
- if (secondType != PKIX_OCSPRESPONSE_TYPE) {
- goto cleanup;
- }
-
- rsp1 = (PKIX_PL_OcspResponse *)firstObj;
- rsp2 = (PKIX_PL_OcspResponse *)secondObj;
-
- /* If either lacks an encoded string, they cannot be compared */
- firstData = (const unsigned char *)rsp1->encodedResponse->data;
- secondData = (const unsigned char *)rsp2->encodedResponse->data;
- if ((firstData == NULL) || (secondData == NULL)) {
- goto cleanup;
- }
-
- firstLen = rsp1->encodedResponse->len;
-
- if (firstLen != rsp2->encodedResponse->len) {
- goto cleanup;
- }
-
- for (i = 0; i < firstLen; i++) {
- if (*firstData++ != *secondData++) {
- goto cleanup;
- }
- }
-
- *pResult = PKIX_TRUE;
-
-cleanup:
-
- PKIX_RETURN(OCSPRESPONSE);
-}
-
-/*
- * FUNCTION: pkix_pl_OcspResponse_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_OCSPRESPONSE_TYPE and its related functions with
- * systemClasses[]
- * PARAMETERS:
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_OcspResponse_RegisterSelf(void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry *entry = &systemClasses[PKIX_OCSPRESPONSE_TYPE];
-
- PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_RegisterSelf");
-
- entry->description = "OcspResponse";
- entry->typeObjectSize = sizeof(PKIX_PL_OcspResponse);
- entry->destructor = pkix_pl_OcspResponse_Destroy;
- entry->equalsFunction = pkix_pl_OcspResponse_Equals;
- entry->hashcodeFunction = pkix_pl_OcspResponse_Hashcode;
- entry->duplicateFunction = pkix_duplicateImmutable;
-
- PKIX_RETURN(OCSPRESPONSE);
-}
-
-/* --Public-Functions------------------------------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_OcspResponse_Create
- * DESCRIPTION:
- *
- * This function transmits the OcspRequest pointed to by "request" and obtains
- * an OcspResponse, which it stores at "pOcspResponse". If the HTTPClient
- * supports non-blocking I/O this function may store a non-NULL value at
- * "pNBIOContext" (the WOULDBLOCK condition). In that case the caller should
- * make a subsequent call with the same value in "pNBIOContext" and
- * "pOcspResponse" to resume the operation. Additional WOULDBLOCK returns may
- * occur; the caller should persist until a return occurs with NULL stored at
- * "pNBIOContext".
- *
- * If a SEC_HttpClientFcn "responder" is supplied, it is used as the client
- * to which the OCSP query is sent. If none is supplied, the default responder
- * is used.
- *
- * If an OcspResponse_VerifyCallback "verifyFcn" is supplied, it is used to
- * verify the Cert received from the responder as the signer. If none is
- * supplied, the default verification function is used.
- *
- * The contents of "request" are ignored on calls subsequent to a WOULDBLOCK
- * return, and the caller is permitted to supply NULL.
- *
- * PARAMETERS
- * "request"
- * Address of the OcspRequest for which a response is desired.
- * "responder"
- * Address, if non-NULL, of the SEC_HttpClientFcn to be sent the OCSP
- * query.
- * "verifyFcn"
- * Address, if non-NULL, of the OcspResponse_VerifyCallback function to be
- * used to verify the Cert of the OCSP responder.
- * "pNBIOContext"
- * Address at which platform-dependent information is stored for handling
- * of non-blocking I/O. Must be non-NULL.
- * "pOcspResponse"
- * The address where the created OcspResponse is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an OcspResponse Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_OcspResponse_Create(
- PKIX_PL_OcspRequest *request,
- void *responder,
- PKIX_PL_VerifyCallback verifyFcn,
- void **pNBIOContext,
- PKIX_PL_OcspResponse **pResponse,
- void *plContext)
-{
- void *nbioContext = NULL;
- PKIX_PL_OcspResponse *ocspResponse = NULL;
- const SEC_HttpClientFcn *httpClient = NULL;
- const SEC_HttpClientFcnV1 *hcv1 = NULL;
- SECStatus rv = SECFailure;
- char *location = NULL;
- char *hostname = NULL;
- char *path = NULL;
- char *responseContentType = NULL;
- PRUint16 port = 0;
- SEC_HTTP_SERVER_SESSION serverSession = NULL;
- SEC_HTTP_REQUEST_SESSION sessionRequest = NULL;
- SECItem *encodedRequest = NULL;
- PRUint16 responseCode = 0;
- char *responseData = NULL;
-
- PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_Create");
- PKIX_NULLCHECK_TWO(pNBIOContext, pResponse);
-
- nbioContext = *pNBIOContext;
- *pNBIOContext = NULL;
-
- if (nbioContext != NULL) {
-
- ocspResponse = *pResponse;
- PKIX_NULLCHECK_ONE(ocspResponse);
-
- httpClient = ocspResponse->httpClient;
- serverSession = ocspResponse->serverSession;
- sessionRequest = ocspResponse->sessionRequest;
- PKIX_NULLCHECK_THREE(httpClient, serverSession, sessionRequest);
-
- } else {
- PKIX_UInt32 timeout =
- ((PKIX_PL_NssContext*)plContext)->timeoutSeconds;
-
- PKIX_NULLCHECK_ONE(request);
-
- PKIX_CHECK(pkix_pl_OcspRequest_GetEncoded
- (request, &encodedRequest, plContext),
- PKIX_OCSPREQUESTGETENCODEDFAILED);
-
- /* prepare initial message to HTTPClient */
-
- /* Is there a default responder and is it enabled? */
- if (responder) {
- httpClient = (const SEC_HttpClientFcn *)responder;
- } else {
- httpClient = SEC_GetRegisteredHttpClient();
- }
-
- if (httpClient && (httpClient->version == 1)) {
-
- hcv1 = &(httpClient->fcnTable.ftable1);
-
- PKIX_CHECK(pkix_pl_OcspRequest_GetLocation
- (request, &location, plContext),
- PKIX_OCSPREQUESTGETLOCATIONFAILED);
-
- /* parse location -> hostname, port, path */
- rv = CERT_ParseURL(location, &hostname, &port, &path);
- if (rv == SECFailure || hostname == NULL || path == NULL) {
- PKIX_ERROR(PKIX_URLPARSINGFAILED);
- }
-
- rv = (*hcv1->createSessionFcn)(hostname, port,
- &serverSession);
- if (rv != SECSuccess) {
- PKIX_ERROR(PKIX_OCSPSERVERERROR);
- }
-
- rv = (*hcv1->createFcn)(serverSession, "http", path,
- "POST",
- PR_SecondsToInterval(timeout),
- &sessionRequest);
- if (rv != SECSuccess) {
- PKIX_ERROR(PKIX_OCSPSERVERERROR);
- }
-
- rv = (*hcv1->setPostDataFcn)(sessionRequest,
- (char *)encodedRequest->data,
- encodedRequest->len,
- "application/ocsp-request");
- if (rv != SECSuccess) {
- PKIX_ERROR(PKIX_OCSPSERVERERROR);
- }
-
- /* create a PKIX_PL_OcspResponse object */
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_OCSPRESPONSE_TYPE,
- sizeof (PKIX_PL_OcspResponse),
- (PKIX_PL_Object **)&ocspResponse,
- plContext),
- PKIX_COULDNOTCREATEOBJECT);
-
- PKIX_INCREF(request);
- ocspResponse->request = request;
- ocspResponse->httpClient = httpClient;
- ocspResponse->serverSession = serverSession;
- serverSession = NULL;
- ocspResponse->sessionRequest = sessionRequest;
- sessionRequest = NULL;
- ocspResponse->verifyFcn = verifyFcn;
- ocspResponse->handle = CERT_GetDefaultCertDB();
- ocspResponse->encodedResponse = NULL;
- ocspResponse->arena = NULL;
- ocspResponse->producedAt = 0;
- ocspResponse->producedAtDate = NULL;
- ocspResponse->pkixSignerCert = NULL;
- ocspResponse->nssOCSPResponse = NULL;
- ocspResponse->signerCert = NULL;
- }
- }
-
- /* begin or resume IO to HTTPClient */
- if (httpClient && (httpClient->version == 1)) {
- PRUint32 responseDataLen =
- ((PKIX_PL_NssContext*)plContext)->maxResponseLength;
-
- hcv1 = &(httpClient->fcnTable.ftable1);
-
- rv = (*hcv1->trySendAndReceiveFcn)(ocspResponse->sessionRequest,
- (PRPollDesc **)&nbioContext,
- &responseCode,
- (const char **)&responseContentType,
- NULL, /* responseHeaders */
- (const char **)&responseData,
- &responseDataLen);
-
- if (rv != SECSuccess) {
- PKIX_ERROR(PKIX_OCSPSERVERERROR);
- }
- /* responseContentType is a pointer to the null-terminated
- * string returned by httpclient. Memory allocated for context
- * type will be freed with freeing of the HttpClient struct. */
- if (PORT_Strcasecmp(responseContentType,
- "application/ocsp-response")) {
- PKIX_ERROR(PKIX_OCSPSERVERERROR);
- }
- if (nbioContext != NULL) {
- *pNBIOContext = nbioContext;
- goto cleanup;
- }
- if (responseCode != 200) {
- PKIX_ERROR(PKIX_OCSPBADHTTPRESPONSE);
- }
- ocspResponse->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (ocspResponse->arena == NULL) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
- ocspResponse->encodedResponse = SECITEM_AllocItem
- (ocspResponse->arena, NULL, responseDataLen);
- if (ocspResponse->encodedResponse == NULL) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
- PORT_Memcpy(ocspResponse->encodedResponse->data,
- responseData, responseDataLen);
- }
- *pResponse = ocspResponse;
- ocspResponse = NULL;
-
-cleanup:
-
- if (path != NULL) {
- PORT_Free(path);
- }
- if (hostname != NULL) {
- PORT_Free(hostname);
- }
- if (ocspResponse) {
- PKIX_DECREF(ocspResponse);
- }
- if (serverSession) {
- hcv1->freeSessionFcn(serverSession);
- }
- if (sessionRequest) {
- hcv1->freeFcn(sessionRequest);
- }
-
- PKIX_RETURN(OCSPRESPONSE);
-}
-
-/*
- * FUNCTION: pkix_pl_OcspResponse_Decode
- * DESCRIPTION:
- *
- * This function decodes the DER data contained in the OcspResponse pointed to
- * by "response", storing PKIX_TRUE at "pPassed" if the decoding was
- * successful, and PKIX_FALSE otherwise.
- *
- * PARAMETERS
- * "response"
- * The address of the OcspResponse whose DER data is to be decoded. Must
- * be non-NULL.
- * "pPassed"
- * Address at which the Boolean result is stored. Must be non-NULL.
- * "pReturnCode"
- * Address at which the SECErrorCodes result is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an OcspResponse Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-
-PKIX_Error *
-pkix_pl_OcspResponse_Decode(
- PKIX_PL_OcspResponse *response,
- PKIX_Boolean *pPassed,
- SECErrorCodes *pReturnCode,
- void *plContext)
-{
-
- PKIX_ENTER(OCSPRESPONSE, "PKIX_PL_OcspResponse_Decode");
- PKIX_NULLCHECK_TWO(response, response->encodedResponse);
-
- response->nssOCSPResponse =
- CERT_DecodeOCSPResponse(response->encodedResponse);
-
- if (response->nssOCSPResponse != NULL) {
- *pPassed = PKIX_TRUE;
- *pReturnCode = 0;
- } else {
- *pPassed = PKIX_FALSE;
- *pReturnCode = PORT_GetError();
- }
-
- PKIX_RETURN(OCSPRESPONSE);
-}
-
-/*
- * FUNCTION: pkix_pl_OcspResponse_GetStatus
- * DESCRIPTION:
- *
- * This function checks the response status of the OcspResponse pointed to
- * by "response", storing PKIX_TRUE at "pPassed" if the responder understood
- * the request and considered it valid, and PKIX_FALSE otherwise.
- *
- * PARAMETERS
- * "response"
- * The address of the OcspResponse whose status is to be retrieved. Must
- * be non-NULL.
- * "pPassed"
- * Address at which the Boolean result is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an OcspResponse Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-
-PKIX_Error *
-pkix_pl_OcspResponse_GetStatus(
- PKIX_PL_OcspResponse *response,
- PKIX_Boolean *pPassed,
- SECErrorCodes *pReturnCode,
- void *plContext)
-{
- SECStatus rv = SECFailure;
-
- PKIX_ENTER(OCSPRESPONSE, "PKIX_PL_OcspResponse_GetStatus");
- PKIX_NULLCHECK_FOUR(response, response->nssOCSPResponse, pPassed, pReturnCode);
-
- rv = CERT_GetOCSPResponseStatus(response->nssOCSPResponse);
-
- if (rv == SECSuccess) {
- *pPassed = PKIX_TRUE;
- *pReturnCode = 0;
- } else {
- *pPassed = PKIX_FALSE;
- *pReturnCode = PORT_GetError();
- }
-
- PKIX_RETURN(OCSPRESPONSE);
-}
-
-
-static PKIX_Error*
-pkix_pl_OcspResponse_VerifyResponse(
- PKIX_PL_OcspResponse *response,
- PKIX_ProcessingParams *procParams,
- SECCertUsage certUsage,
- void **state,
- PKIX_BuildResult **buildResult,
- void **pNBIOContext,
- void *plContext)
-{
- SECStatus rv = SECFailure;
-
- PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_VerifyResponse");
-
- if (response->verifyFcn != NULL) {
- void *lplContext = NULL;
-
- PKIX_CHECK(
- PKIX_PL_NssContext_Create(((SECCertificateUsage)1) << certUsage,
- PKIX_FALSE, NULL, &lplContext),
- PKIX_NSSCONTEXTCREATEFAILED);
-
- PKIX_CHECK(
- (response->verifyFcn)((PKIX_PL_Object*)response->pkixSignerCert,
- NULL, response->producedAtDate,
- procParams, pNBIOContext,
- state, buildResult,
- NULL, lplContext),
- PKIX_CERTVERIFYKEYUSAGEFAILED);
- rv = SECSuccess;
- } else {
- rv = CERT_VerifyCert(response->handle, response->signerCert, PKIX_TRUE,
- certUsage, response->producedAt, NULL, NULL);
- if (rv != SECSuccess) {
- PKIX_ERROR(PKIX_CERTVERIFYKEYUSAGEFAILED);
- }
- }
-
-cleanup:
- if (rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_OCSP_INVALID_SIGNING_CERT);
- }
-
- PKIX_RETURN(OCSPRESPONSE);
-}
-
-/*
- * FUNCTION: pkix_pl_OcspResponse_VerifySignature
- * DESCRIPTION:
- *
- * This function verifies the ocspResponse signature field in the OcspResponse
- * pointed to by "response", storing PKIX_TRUE at "pPassed" if verification
- * is successful and PKIX_FALSE otherwise. If verification is unsuccessful an
- * error code (an enumeration of type SECErrorCodes) is stored at *pReturnCode.
- *
- * PARAMETERS
- * "response"
- * The address of the OcspResponse whose signature field is to be
- * retrieved. Must be non-NULL.
- * "cert"
- * The address of the Cert for which the OCSP query was made. Must be
- * non-NULL.
- * "procParams"
- * Address of ProcessingParams used to initialize the ExpirationChecker
- * and TargetCertChecker. Must be non-NULL.
- * "pPassed"
- * Address at which the Boolean result is stored. Must be non-NULL.
- * "pNBIOContext"
- * Address at which the NBIOContext is stored indicating whether the
- * checking is complete. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an OcspResponse Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_OcspResponse_VerifySignature(
- PKIX_PL_OcspResponse *response,
- PKIX_PL_Cert *cert,
- PKIX_ProcessingParams *procParams,
- PKIX_Boolean *pPassed,
- void **pNBIOContext,
- void *plContext)
-{
- SECStatus rv = SECFailure;
- CERTOCSPResponse *nssOCSPResponse = NULL;
- CERTCertificate *issuerCert = NULL;
- PKIX_BuildResult *buildResult = NULL;
- void *nbio = NULL;
- void *state = NULL;
-
- ocspSignature *signature = NULL;
- ocspResponseData *tbsData = NULL;
- SECItem *tbsResponseDataDER = NULL;
-
-
- PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_VerifySignature");
- PKIX_NULLCHECK_FOUR(response, cert, pPassed, pNBIOContext);
-
- nbio = *pNBIOContext;
- *pNBIOContext = NULL;
-
- nssOCSPResponse = response->nssOCSPResponse;
- if (nssOCSPResponse == NULL) {
- PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
- goto cleanup;
- }
-
- tbsData =
- ocsp_GetResponseData(nssOCSPResponse, &tbsResponseDataDER);
-
- signature = ocsp_GetResponseSignature(nssOCSPResponse);
-
-
- /* Are we resuming after a WOULDBLOCK response? */
- if (nbio == NULL) {
- /* No, this is a new query */
-
- issuerCert = CERT_FindCertIssuer(cert->nssCert, PR_Now(),
- certUsageAnyCA);
-
- /*
- * If this signature has already gone through verification,
- * just return the cached result.
- */
- if (signature->wasChecked) {
- if (signature->status == SECSuccess) {
- response->signerCert =
- CERT_DupCertificate(signature->cert);
- } else {
- PORT_SetError(signature->failureReason);
- goto cleanup;
- }
- }
-
- response->signerCert =
- ocsp_GetSignerCertificate(response->handle, tbsData,
- signature, issuerCert);
-
- if (response->signerCert == NULL) {
- PORT_SetError(SEC_ERROR_UNKNOWN_SIGNER);
- goto cleanup;
- }
-
- PKIX_CHECK(
- PKIX_PL_Cert_CreateFromCERTCertificate(response->signerCert,
- &(response->pkixSignerCert),
- plContext),
- PKIX_CERTCREATEWITHNSSCERTFAILED);
-
- /*
- * We could mark this true at the top of this function, or
- * always below at "finish", but if the problem was just that
- * we could not find the signer's cert, leave that as if the
- * signature hasn't been checked. Maybe a subsequent call will
- * have better luck.
- */
- signature->wasChecked = PR_TRUE;
-
- /*
- * We are about to verify the signer certificate; we need to
- * specify *when* that certificate must be valid -- for our
- * purposes we expect it to be valid when the response was
- * signed. The value of "producedAt" is the signing time.
- */
- rv = DER_GeneralizedTimeToTime(&response->producedAt,
- &tbsData->producedAt);
- if (rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
- goto cleanup;
- }
-
- /*
- * We need producedAtDate and pkixSignerCert if we are calling a
- * user-supplied verification function. Let's put their
- * creation before the code that gets repeated when
- * non-blocking I/O is used.
- */
-
- PKIX_CHECK(
- pkix_pl_Date_CreateFromPRTime((PRTime)response->producedAt,
- &(response->producedAtDate),
- plContext),
- PKIX_DATECREATEFROMPRTIMEFAILED);
-
- }
-
- /*
- * Just because we have a cert does not mean it is any good; check
- * it for validity, trust and usage. Use the caller-supplied
- * verification function, if one was supplied.
- */
- if (ocsp_CertIsOCSPDefaultResponder(response->handle,
- response->signerCert)) {
- rv = SECSuccess;
- } else {
- SECCertUsage certUsage;
- if (CERT_IsCACert(response->signerCert, NULL)) {
- certUsage = certUsageAnyCA;
- } else {
- certUsage = certUsageStatusResponder;
- }
- PKIX_CHECK_ONLY_FATAL(
- pkix_pl_OcspResponse_VerifyResponse(response, procParams,
- certUsage, &state,
- &buildResult, &nbio,
- plContext),
- PKIX_CERTVERIFYKEYUSAGEFAILED);
- if (pkixTempErrorReceived) {
- rv = SECFailure;
- goto cleanup;
- }
- if (nbio != NULL) {
- *pNBIOContext = nbio;
- goto cleanup;
- }
- }
-
- rv = ocsp_VerifyResponseSignature(response->signerCert, signature,
- tbsResponseDataDER, NULL);
-
-cleanup:
- if (rv == SECSuccess) {
- *pPassed = PKIX_TRUE;
- } else {
- *pPassed = PKIX_FALSE;
- }
-
- if (signature) {
- if (signature->wasChecked) {
- signature->status = rv;
- }
-
- if (rv != SECSuccess) {
- signature->failureReason = PORT_GetError();
- if (response->signerCert != NULL) {
- CERT_DestroyCertificate(response->signerCert);
- response->signerCert = NULL;
- }
- } else {
- /* Save signer's certificate in signature. */
- signature->cert = CERT_DupCertificate(response->signerCert);
- }
- }
-
- if (issuerCert)
- CERT_DestroyCertificate(issuerCert);
-
- PKIX_RETURN(OCSPRESPONSE);
-}
-
-/*
- * FUNCTION: pkix_pl_OcspResponse_GetStatusForCert
- * DESCRIPTION:
- *
- * This function checks the revocation status of the Cert for which the
- * OcspResponse was obtained, storing PKIX_TRUE at "pPassed" if the Cert has
- * not been revoked and PKIX_FALSE otherwise.
- *
- * PARAMETERS
- * "response"
- * The address of the OcspResponse whose certificate status is to be
- * retrieved. Must be non-NULL.
- * "pPassed"
- * Address at which the Boolean result is stored. Must be non-NULL.
- * "pReturnCode"
- * Address at which the SECErrorCodes result is stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an OcspResponse Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_OcspResponse_GetStatusForCert(
- PKIX_PL_OcspCertID *cid,
- PKIX_PL_OcspResponse *response,
- PKIX_Boolean *pPassed,
- SECErrorCodes *pReturnCode,
- void *plContext)
-{
- SECStatus rv = SECFailure;
- SECStatus rvCache;
- PRBool certIDWasConsumed = PR_FALSE;
-
- PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_GetStatusForCert");
- PKIX_NULLCHECK_THREE(response, pPassed, pReturnCode);
-
- /*
- * It is an error to call this function except following a successful
- * return from pkix_pl_OcspResponse_VerifySignature, which would have
- * set response->signerCert.
- */
- PKIX_NULLCHECK_TWO(response->signerCert, response->request);
- PKIX_NULLCHECK_TWO(cid, cid->certID);
-
- rv = cert_ProcessOCSPResponse(response->handle,
- response->nssOCSPResponse,
- cid->certID,
- response->signerCert,
- PR_Now(),
- &certIDWasConsumed,
- &rvCache);
- if (certIDWasConsumed) {
- cid->certID = NULL;
- }
-
- if (rv == SECSuccess) {
- *pPassed = PKIX_TRUE;
- *pReturnCode = 0;
- } else {
- *pPassed = PKIX_FALSE;
- *pReturnCode = PORT_GetError();
- }
-
- PKIX_RETURN(OCSPRESPONSE);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.h
deleted file mode 100644
index 1cac08e36..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.h
+++ /dev/null
@@ -1,135 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_ocspresponse.h
- *
- * OcspResponse Object Definitions
- *
- */
-
-#ifndef _PKIX_PL_OCSPRESPONSE_H
-#define _PKIX_PL_OCSPRESPONSE_H
-
-#include "pkix_pl_common.h"
-#include "pkix_pl_ocspcertid.h"
-#include "hasht.h"
-#include "cryptohi.h"
-#include "ocspti.h"
-#include "ocspi.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define MAX_OCSP_RESPONSE_LEN (64*1024)
-
-struct PKIX_PL_OcspResponseStruct{
- PRArenaPool *arena;
- const PKIX_PL_OcspRequest *request;
- const SEC_HttpClientFcn *httpClient;
- SEC_HTTP_SERVER_SESSION serverSession;
- SEC_HTTP_REQUEST_SESSION sessionRequest;
- PKIX_PL_VerifyCallback verifyFcn;
- SECItem *encodedResponse;
- CERTCertDBHandle *handle;
- int64 producedAt;
- PKIX_PL_Date *producedAtDate;
- PKIX_PL_Cert *pkixSignerCert;
- CERTOCSPResponse *nssOCSPResponse;
- CERTCertificate *signerCert;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_pl_OcspResponse_RegisterSelf(void *plContext);
-
-PKIX_Error *
-pkix_pl_OcspResponse_Create(
- PKIX_PL_OcspRequest *request,
- void *responder,
- PKIX_PL_VerifyCallback verifyFcn,
- void **pNBIOContext,
- PKIX_PL_OcspResponse **pResponse,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_OcspResponse_Decode(
- PKIX_PL_OcspResponse *response,
- PKIX_Boolean *passed,
- SECErrorCodes *pReturnCode,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_OcspResponse_GetStatus(
- PKIX_PL_OcspResponse *response,
- PKIX_Boolean *passed,
- SECErrorCodes *pReturnCode,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_OcspResponse_VerifySignature(
- PKIX_PL_OcspResponse *response,
- PKIX_PL_Cert *cert,
- PKIX_ProcessingParams *procParams,
- PKIX_Boolean *pPassed,
- void **pNBIOContext,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_OcspResponse_GetStatusForCert(
- PKIX_PL_OcspCertID *cid,
- PKIX_PL_OcspResponse *response,
- PKIX_Boolean *pPassed,
- SECErrorCodes *pReturnCode,
- void *plContext);
-
-PKIX_Error *
-PKIX_PL_OcspResponse_UseBuildChain(
- PKIX_PL_Cert *signerCert,
- PKIX_PL_Date *producedAt,
- PKIX_ProcessingParams *procParams,
- void **pNBIOContext,
- void **pState,
- PKIX_BuildResult **pBuildResult,
- PKIX_VerifyNode **pVerifyTree,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_OCSPRESPONSE_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.c
deleted file mode 100644
index 68cf098ab..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.c
+++ /dev/null
@@ -1,525 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_publickey.c
- *
- * Certificate Object Functions
- *
- */
-
-#include "pkix_pl_publickey.h"
-
-/* --Private-Cert-Functions------------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_PublicKey_ToString_Helper
- * DESCRIPTION:
- *
- * Helper function that creates a string representation of the PublicKey
- * pointed to by "pkixPubKey" and stores it at "pString".
- *
- * PARAMETERS
- * "pkixPubKey"
- * Address of PublicKey whose string representation is desired.
- * Must be non-NULL.
- * "pString"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a PublicKey Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_PublicKey_ToString_Helper(
- PKIX_PL_PublicKey *pkixPubKey,
- PKIX_PL_String **pString,
- void *plContext)
-{
- SECAlgorithmID algorithm;
- SECOidTag pubKeyTag;
- char *asciiOID = NULL;
- PKIX_Boolean freeAsciiOID = PKIX_FALSE;
- SECItem oidBytes;
-
- PKIX_ENTER(PUBLICKEY, "pkix_pl_PublicKey_ToString_Helper");
- PKIX_NULLCHECK_THREE(pkixPubKey, pkixPubKey->nssSPKI, pString);
-
- /*
- * XXX for now, we print out public key algorithm's
- * description - add params and bytes later
- */
-
- /*
- * If the algorithm OID is known to NSS,
- * we print out the ASCII description that is
- * registered with NSS. Otherwise, if unknown,
- * we print out the OID numbers (eg. "1.2.840.3")
- */
-
- algorithm = pkixPubKey->nssSPKI->algorithm;
-
- PKIX_PUBLICKEY_DEBUG("\t\tCalling SECOID_GetAlgorithmTag).\n");
- pubKeyTag = SECOID_GetAlgorithmTag(&algorithm);
- if (pubKeyTag != SEC_OID_UNKNOWN){
- PKIX_PUBLICKEY_DEBUG
- ("\t\tCalling SECOID_FindOIDTagDescription).\n");
- asciiOID = (char *)SECOID_FindOIDTagDescription(pubKeyTag);
- if (!asciiOID){
- PKIX_ERROR(PKIX_SECOIDFINDOIDTAGDESCRIPTIONFAILED);
- }
- } else { /* pubKeyTag == SEC_OID_UNKNOWN */
- oidBytes = algorithm.algorithm;
- PKIX_CHECK(pkix_pl_oidBytes2Ascii
- (&oidBytes, &asciiOID, plContext),
- PKIX_OIDBYTES2ASCIIFAILED);
- freeAsciiOID = PKIX_TRUE;
- }
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, (void *)asciiOID, 0, pString, plContext),
- PKIX_UNABLETOCREATEPSTRING);
-
-cleanup:
-
- /*
- * we only free asciiOID if it was malloc'ed by pkix_pl_oidBytes2Ascii
- */
- if (freeAsciiOID){
- PKIX_FREE(asciiOID);
- }
-
- PKIX_RETURN(PUBLICKEY);
-}
-
-/*
- * FUNCTION: pkix_pl_DestroySPKI
- * DESCRIPTION:
- * Frees all memory associated with the CERTSubjectPublicKeyInfo pointed to
- * by "nssSPKI".
- * PARAMETERS
- * "nssSPKI"
- * Address of CERTSubjectPublicKeyInfo. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Object Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_DestroySPKI(
- CERTSubjectPublicKeyInfo *nssSPKI,
- void *plContext)
-{
- PKIX_ENTER(PUBLICKEY, "pkix_pl_DestroySPKI");
-
- PKIX_NULLCHECK_ONE(nssSPKI);
-
- PKIX_PUBLICKEY_DEBUG("\t\tCalling SECOID_DestroyAlgorithmID).\n");
- SECOID_DestroyAlgorithmID(&nssSPKI->algorithm, PKIX_FALSE);
-
- PKIX_PUBLICKEY_DEBUG("\t\tCalling SECITEM_FreeItem).\n");
- SECITEM_FreeItem(&nssSPKI->subjectPublicKey, PKIX_FALSE);
-
- PKIX_RETURN(PUBLICKEY);
-}
-
-/*
- * FUNCTION: pkix_pl_PublicKey_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_PublicKey_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_PublicKey *pubKey = NULL;
-
- PKIX_ENTER(PUBLICKEY, "pkix_pl_PublicKey_Destroy");
-
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_PUBLICKEY_TYPE, plContext),
- PKIX_OBJECTNOTPUBLICKEY);
-
- pubKey = (PKIX_PL_PublicKey *)object;
-
- if (pubKey->nssSPKI) {
-
- PKIX_CHECK(pkix_pl_DestroySPKI(pubKey->nssSPKI, plContext),
- PKIX_DESTROYSPKIFAILED);
-
- PKIX_FREE(pubKey->nssSPKI);
- }
-
-cleanup:
-
- PKIX_RETURN(PUBLICKEY);
-}
-
-/*
- * FUNCTION: pkix_pl_PublicKey_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_PublicKey_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_PublicKey *pkixPubKey = NULL;
- PKIX_PL_String *pubKeyString = NULL;
-
- PKIX_ENTER(PUBLICKEY, "pkix_pl_PublicKey_toString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_PUBLICKEY_TYPE, plContext),
- PKIX_OBJECTNOTPUBLICKEY);
-
- pkixPubKey = (PKIX_PL_PublicKey *)object;
-
- PKIX_CHECK(pkix_pl_PublicKey_ToString_Helper
- (pkixPubKey, &pubKeyString, plContext),
- PKIX_PUBLICKEYTOSTRINGHELPERFAILED);
-
- *pString = pubKeyString;
-
-cleanup:
-
- PKIX_RETURN(PUBLICKEY);
-}
-
-/*
- * FUNCTION: pkix_pl_PublicKey_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_PublicKey_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_PL_PublicKey *pkixPubKey = NULL;
- SECItem algOID;
- SECItem algParams;
- SECItem nssPubKey;
- PKIX_UInt32 algOIDHash;
- PKIX_UInt32 algParamsHash;
- PKIX_UInt32 pubKeyHash;
- PKIX_UInt32 fullHash;
-
- PKIX_ENTER(PUBLICKEY, "pkix_pl_PublicKey_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_PUBLICKEY_TYPE, plContext),
- PKIX_OBJECTNOTPUBLICKEY);
-
- pkixPubKey = (PKIX_PL_PublicKey *)object;
-
- PKIX_NULLCHECK_ONE(pkixPubKey->nssSPKI);
-
- algOID = pkixPubKey->nssSPKI->algorithm.algorithm;
- algParams = pkixPubKey->nssSPKI->algorithm.parameters;
- nssPubKey = pkixPubKey->nssSPKI->subjectPublicKey;
-
- PKIX_CHECK(pkix_hash
- (algOID.data, algOID.len, &algOIDHash, plContext),
- PKIX_HASHFAILED);
-
- PKIX_CHECK(pkix_hash
- (algParams.data, algParams.len, &algParamsHash, plContext),
- PKIX_HASHFAILED);
-
- PKIX_CHECK(pkix_hash
- (nssPubKey.data, nssPubKey.len, &pubKeyHash, plContext),
- PKIX_HASHFAILED);
-
- fullHash = algOIDHash + algParamsHash + pubKeyHash;
-
- *pHashcode = pubKeyHash;
-
-cleanup:
-
- PKIX_RETURN(PUBLICKEY);
-}
-
-
-/*
- * FUNCTION: pkix_pl_PublicKey_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_PublicKey_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PL_PublicKey *firstPKIXPubKey = NULL;
- PKIX_PL_PublicKey *secondPKIXPubKey = NULL;
- CERTSubjectPublicKeyInfo *firstSPKI = NULL;
- CERTSubjectPublicKeyInfo *secondSPKI = NULL;
- SECComparison cmpResult;
- PKIX_UInt32 secondType;
-
- PKIX_ENTER(PUBLICKEY, "pkix_pl_PublicKey_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- /* test that firstObject is a PublicKey */
- PKIX_CHECK(pkix_CheckType(firstObject, PKIX_PUBLICKEY_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTPUBLICKEY);
-
- /*
- * Since we know firstObject is a PublicKey, if both references are
- * identical, they must be equal
- */
- if (firstObject == secondObject){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If secondObject isn't a PublicKey, we don't throw an error.
- * We simply return a Boolean result of FALSE
- */
- *pResult = PKIX_FALSE;
- PKIX_CHECK(PKIX_PL_Object_GetType
- (secondObject, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
- if (secondType != PKIX_PUBLICKEY_TYPE) goto cleanup;
-
- firstPKIXPubKey = ((PKIX_PL_PublicKey *)firstObject);
- secondPKIXPubKey = (PKIX_PL_PublicKey *)secondObject;
-
- firstSPKI = firstPKIXPubKey->nssSPKI;
- secondSPKI = secondPKIXPubKey->nssSPKI;
-
- PKIX_NULLCHECK_TWO(firstSPKI, secondSPKI);
-
- PKIX_PL_NSSCALLRV(PUBLICKEY, cmpResult, SECOID_CompareAlgorithmID,
- (&firstSPKI->algorithm, &secondSPKI->algorithm));
-
- if (cmpResult == SECEqual){
- PKIX_PUBLICKEY_DEBUG("\t\tCalling SECITEM_CompareItem).\n");
- cmpResult = SECITEM_CompareItem
- (&firstSPKI->subjectPublicKey,
- &secondSPKI->subjectPublicKey);
- }
-
- *pResult = (cmpResult == SECEqual)?PKIX_TRUE:PKIX_FALSE;
-
-cleanup:
-
- PKIX_RETURN(PUBLICKEY);
-}
-
-/*
- * FUNCTION: pkix_pl_PublicKey_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_PUBLICKEY_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_PublicKey_RegisterSelf(void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(PUBLICKEY, "pkix_pl_PublicKey_RegisterSelf");
-
- entry.description = "PublicKey";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_PublicKey);
- entry.destructor = pkix_pl_PublicKey_Destroy;
- entry.equalsFunction = pkix_pl_PublicKey_Equals;
- entry.hashcodeFunction = pkix_pl_PublicKey_Hashcode;
- entry.toStringFunction = pkix_pl_PublicKey_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
- systemClasses[PKIX_PUBLICKEY_TYPE] = entry;
-
- PKIX_RETURN(PUBLICKEY);
-}
-
-/* --Public-Functions------------------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_PublicKey_NeedsDSAParameters
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_PublicKey_NeedsDSAParameters(
- PKIX_PL_PublicKey *pubKey,
- PKIX_Boolean *pNeedsParams,
- void *plContext)
-{
- CERTSubjectPublicKeyInfo *nssSPKI = NULL;
- KeyType pubKeyType;
- PKIX_Boolean needsParams = PKIX_FALSE;
-
- PKIX_ENTER(PUBLICKEY, "PKIX_PL_PublicKey_NeedsDSAParameters");
- PKIX_NULLCHECK_TWO(pubKey, pNeedsParams);
-
- nssSPKI = pubKey->nssSPKI;
-
- PKIX_PUBLICKEY_DEBUG("\t\tCalling CERT_GetCertKeyType).\n");
- pubKeyType = CERT_GetCertKeyType(nssSPKI);
- if (!pubKeyType){
- PKIX_ERROR(PKIX_PUBKEYTYPENULLKEY);
- }
-
- if ((pubKeyType == dsaKey) &&
- (nssSPKI->algorithm.parameters.len == 0)){
- needsParams = PKIX_TRUE;
- }
-
- *pNeedsParams = needsParams;
-
-cleanup:
-
- PKIX_RETURN(PUBLICKEY);
-}
-
-/*
- * FUNCTION: PKIX_PL_PublicKey_MakeInheritedDSAPublicKey
- * (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(
- PKIX_PL_PublicKey *firstKey,
- PKIX_PL_PublicKey *secondKey,
- PKIX_PL_PublicKey **pResultKey,
- void *plContext)
-{
- CERTSubjectPublicKeyInfo *firstSPKI = NULL;
- CERTSubjectPublicKeyInfo *secondSPKI = NULL;
- CERTSubjectPublicKeyInfo *thirdSPKI = NULL;
- PKIX_PL_PublicKey *resultKey = NULL;
- KeyType firstPubKeyType;
- KeyType secondPubKeyType;
- SECStatus rv;
-
- PKIX_ENTER(PUBLICKEY, "PKIX_PL_PublicKey_MakeInheritedDSAPublicKey");
- PKIX_NULLCHECK_THREE(firstKey, secondKey, pResultKey);
- PKIX_NULLCHECK_TWO(firstKey->nssSPKI, secondKey->nssSPKI);
-
- firstSPKI = firstKey->nssSPKI;
- secondSPKI = secondKey->nssSPKI;
-
- PKIX_PUBLICKEY_DEBUG("\t\tCalling CERT_GetCertKeyType).\n");
- firstPubKeyType = CERT_GetCertKeyType(firstSPKI);
- if (!firstPubKeyType){
- PKIX_ERROR(PKIX_FIRSTPUBKEYTYPENULLKEY);
- }
-
- PKIX_PUBLICKEY_DEBUG("\t\tCalling CERT_GetCertKeyType).\n");
- secondPubKeyType = CERT_GetCertKeyType(secondSPKI);
- if (!secondPubKeyType){
- PKIX_ERROR(PKIX_SECONDPUBKEYTYPENULLKEY);
- }
-
- if ((firstPubKeyType == dsaKey) &&
- (firstSPKI->algorithm.parameters.len == 0)){
- if (secondPubKeyType != dsaKey) {
- PKIX_ERROR(PKIX_SECONDKEYNOTDSAPUBLICKEY);
- } else if (secondSPKI->algorithm.parameters.len == 0) {
- PKIX_ERROR
- (PKIX_SECONDKEYDSAPUBLICKEY);
- } else {
- PKIX_CHECK(PKIX_PL_Calloc
- (1,
- sizeof (CERTSubjectPublicKeyInfo),
- (void **)&thirdSPKI,
- plContext),
- PKIX_CALLOCFAILED);
-
- PKIX_PUBLICKEY_DEBUG
- ("\t\tCalling"
- "SECKEY_CopySubjectPublicKeyInfo).\n");
- rv = SECKEY_CopySubjectPublicKeyInfo
- (NULL, thirdSPKI, firstSPKI);
- if (rv != SECSuccess) {
- PKIX_ERROR
- (PKIX_SECKEYCOPYSUBJECTPUBLICKEYINFOFAILED);
- }
-
- PKIX_PUBLICKEY_DEBUG
- ("\t\tCalling SECITEM_CopyItem).\n");
- rv = SECITEM_CopyItem(NULL,
- &thirdSPKI->algorithm.parameters,
- &secondSPKI->algorithm.parameters);
-
- if (rv != SECSuccess) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- /* create a PKIX_PL_PublicKey object */
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_PUBLICKEY_TYPE,
- sizeof (PKIX_PL_PublicKey),
- (PKIX_PL_Object **)&resultKey,
- plContext),
- PKIX_COULDNOTCREATEOBJECT);
-
- /* populate the SPKI field */
- resultKey->nssSPKI = thirdSPKI;
- *pResultKey = resultKey;
- }
- } else {
- *pResultKey = NULL;
- }
-
-cleanup:
-
- if (thirdSPKI && PKIX_ERROR_RECEIVED){
- PKIX_CHECK(pkix_pl_DestroySPKI(thirdSPKI, plContext),
- PKIX_DESTROYSPKIFAILED);
- PKIX_FREE(thirdSPKI);
- }
-
- PKIX_RETURN(PUBLICKEY);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.h
deleted file mode 100644
index 8ce303ab4..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.h
+++ /dev/null
@@ -1,71 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_publickey.h
- *
- * Public Key Object Definitions
- *
- */
-
-#ifndef _PKIX_PL_PUBLICKEY_H
-#define _PKIX_PL_PUBLICKEY_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_PublicKeyStruct {
- CERTSubjectPublicKeyInfo *nssSPKI;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_pl_PublicKey_RegisterSelf(void *plContext);
-
-PKIX_Error *
-PKIX_PL_PublicKey_NeedsDSAParameters(
- PKIX_PL_PublicKey *pubKey,
- PKIX_Boolean *pNeedsParams,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_PUBLICKEY_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.c
deleted file mode 100644
index 7fb006e02..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.c
+++ /dev/null
@@ -1,755 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_x500name.c
- *
- * X500Name Object Functions
- *
- */
-
-#include "pkix_pl_x500name.h"
-
-/* --Private-X500Name-Functions------------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_X500Name_ToString_Helper
- * DESCRIPTION:
- *
- * Helper function that creates a string representation of the X500Name
- * pointed to by "name" and stores it at "pString".
- *
- * PARAMETERS
- * "name"
- * Address of X500Name whose string representation is desired.
- * Must be non-NULL.
- * "pString"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a X500Name Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_X500Name_ToString_Helper(
- PKIX_PL_X500Name *name,
- PKIX_PL_String **pString,
- void *plContext)
-{
- CERTName *nssDN = NULL;
- char *utf8String = NULL;
- PKIX_UInt32 utf8Length;
-
- PKIX_ENTER(X500NAME, "pkix_pl_X500Name_ToString_Helper");
- PKIX_NULLCHECK_TWO(name, pString);
- nssDN = &name->nssDN;
-
- /* this should really be called CERT_NameToUTF8 */
- utf8String = CERT_NameToAsciiInvertible(nssDN, CERT_N2A_INVERTIBLE);
- if (!utf8String){
- PKIX_ERROR(PKIX_CERTNAMETOASCIIFAILED);
- }
-
- PKIX_X500NAME_DEBUG("\t\tCalling PL_strlen).\n");
- utf8Length = PL_strlen(utf8String);
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_UTF8, utf8String, utf8Length, pString, plContext),
- PKIX_STRINGCREATEFAILED);
-
-cleanup:
-
- PR_Free(utf8String);
-
- PKIX_RETURN(X500NAME);
-}
-
-/*
- * FUNCTION: pkix_pl_X500Name_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_X500Name_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_X500Name *name = NULL;
-
- PKIX_ENTER(X500NAME, "pkix_pl_X500Name_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_X500NAME_TYPE, plContext),
- PKIX_OBJECTNOTANX500NAME);
-
- name = (PKIX_PL_X500Name *)object;
-
- /* PORT_FreeArena will destroy arena, and, allocated on it, CERTName
- * and SECItem */
- if (name->arena) {
- PORT_FreeArena(name->arena, PR_FALSE);
- name->arena = NULL;
- }
-
-cleanup:
-
- PKIX_RETURN(X500NAME);
-}
-
-/*
- * FUNCTION: pkix_pl_X500Name_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_X500Name_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_X500Name *name = NULL;
- char *string = NULL;
- PKIX_UInt32 strLength = 0;
-
- PKIX_ENTER(X500NAME, "pkix_pl_X500Name_toString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_X500NAME_TYPE, plContext),
- PKIX_OBJECTNOTANX500NAME);
-
- name = (PKIX_PL_X500Name *)object;
- string = CERT_NameToAscii(&name->nssDN);
- if (!string){
- PKIX_ERROR(PKIX_CERTNAMETOASCIIFAILED);
- }
- strLength = PL_strlen(string);
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, string, strLength, pString, plContext),
- PKIX_STRINGCREATEFAILED);
-
-cleanup:
-
- PKIX_RETURN(X500NAME);
-}
-
-/*
- * FUNCTION: pkix_pl_X500Name_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_X500Name_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_PL_X500Name *name = NULL;
- SECItem *derBytes = NULL;
- PKIX_UInt32 nameHash;
-
- PKIX_ENTER(X500NAME, "pkix_pl_X500Name_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_X500NAME_TYPE, plContext),
- PKIX_OBJECTNOTANX500NAME);
-
- name = (PKIX_PL_X500Name *)object;
-
- /* we hash over the bytes in the DER encoding */
-
- derBytes = &name->derName;
-
- PKIX_CHECK(pkix_hash
- (derBytes->data, derBytes->len, &nameHash, plContext),
- PKIX_HASHFAILED);
-
- *pHashcode = nameHash;
-
-cleanup:
-
- PKIX_RETURN(X500NAME);
-}
-
-
-/*
- * FUNCTION: pkix_pl_X500Name_Equals
- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_X500Name_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_UInt32 secondType;
-
- PKIX_ENTER(X500NAME, "pkix_pl_X500Name_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- /* test that firstObject is an X500Name */
- PKIX_CHECK(pkix_CheckType(firstObject, PKIX_X500NAME_TYPE, plContext),
- PKIX_FIRSTOBJECTARGUMENTNOTANX500NAME);
-
- /*
- * Since we know firstObject is an X500Name, if both references are
- * identical, they must be equal
- */
- if (firstObject == secondObject){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- /*
- * If secondObject isn't an X500Name, we don't throw an error.
- * We simply return a Boolean result of FALSE
- */
- *pResult = PKIX_FALSE;
- PKIX_CHECK(PKIX_PL_Object_GetType
- (secondObject, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
- if (secondType != PKIX_X500NAME_TYPE) goto cleanup;
-
- PKIX_CHECK(
- PKIX_PL_X500Name_Match((PKIX_PL_X500Name *)firstObject,
- (PKIX_PL_X500Name *)secondObject,
- pResult, plContext),
- PKIX_X500NAMEMATCHFAILED);
-
-cleanup:
-
- PKIX_RETURN(X500NAME);
-}
-
-/*
- * FUNCTION: pkix_pl_X500Name_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_X500NAME_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_X500Name_RegisterSelf(void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(X500NAME, "pkix_pl_X500Name_RegisterSelf");
-
- entry.description = "X500Name";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_X500Name);
- entry.destructor = pkix_pl_X500Name_Destroy;
- entry.equalsFunction = pkix_pl_X500Name_Equals;
- entry.hashcodeFunction = pkix_pl_X500Name_Hashcode;
- entry.toStringFunction = pkix_pl_X500Name_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
-
- systemClasses[PKIX_X500NAME_TYPE] = entry;
-
- PKIX_RETURN(X500NAME);
-}
-
-#ifdef BUILD_LIBPKIX_TESTS
-/*
- * FUNCTION: pkix_pl_X500Name_CreateFromUtf8
- *
- * DESCRIPTION:
- * Creates an X500Name object from the RFC1485 string representation pointed
- * to by "stringRep", and stores the result at "pName". If the string cannot
- * be successfully converted, a non-fatal error is returned.
- *
- * NOTE: ifdefed BUILD_LIBPKIX_TESTS function: this function is allowed to be
- * called only by pkix tests programs.
- *
- * PARAMETERS:
- * "stringRep"
- * Address of the RFC1485 string to be converted. Must be non-NULL.
- * "pName"
- * Address where the X500Name result will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an X500NAME Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_X500Name_CreateFromUtf8(
- char *stringRep,
- PKIX_PL_X500Name **pName,
- void *plContext)
-{
- PKIX_PL_X500Name *x500Name = NULL;
- PRArenaPool *arena = NULL;
- CERTName *nssDN = NULL;
- SECItem *resultSecItem = NULL;
-
- PKIX_ENTER(X500NAME, "pkix_pl_X500Name_CreateFromUtf8");
- PKIX_NULLCHECK_TWO(pName, stringRep);
-
- nssDN = CERT_AsciiToName(stringRep);
- if (nssDN == NULL) {
- PKIX_ERROR(PKIX_COULDNOTCREATENSSDN);
- }
-
- arena = nssDN->arena;
-
- /* create a PKIX_PL_X500Name object */
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_X500NAME_TYPE,
- sizeof (PKIX_PL_X500Name),
- (PKIX_PL_Object **)&x500Name,
- plContext),
- PKIX_COULDNOTCREATEX500NAMEOBJECT);
-
- /* populate the nssDN field */
- x500Name->arena = arena;
- x500Name->nssDN.arena = arena;
- x500Name->nssDN.rdns = nssDN->rdns;
-
- resultSecItem =
- SEC_ASN1EncodeItem(arena, &x500Name->derName, nssDN,
- CERT_NameTemplate);
-
- if (resultSecItem == NULL){
- PKIX_ERROR(PKIX_SECASN1ENCODEITEMFAILED);
- }
-
- *pName = x500Name;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- if (x500Name) {
- PKIX_PL_Object_DecRef((PKIX_PL_Object*)x500Name,
- plContext);
- } else if (nssDN) {
- CERT_DestroyName(nssDN);
- }
- }
-
- PKIX_RETURN(X500NAME);
-}
-#endif /* BUILD_LIBPKIX_TESTS */
-
-/*
- * FUNCTION: pkix_pl_X500Name_GetCERTName
- *
- * DESCRIPTION:
- *
- * Returns the pointer to CERTName member of X500Name structure.
- *
- * Returned pointed should not be freed.2
- *
- * PARAMETERS:
- * "xname"
- * Address of X500Name whose OrganizationName is to be extracted. Must be
- * non-NULL.
- * "pCERTName"
- * Address where result will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_X500Name_GetCERTName(
- PKIX_PL_X500Name *xname,
- CERTName **pCERTName,
- void *plContext)
-{
- PKIX_ENTER(X500NAME, "pkix_pl_X500Name_GetCERTName");
- PKIX_NULLCHECK_TWO(xname, pCERTName);
-
- *pCERTName = &xname->nssDN;
-
- PKIX_RETURN(X500NAME);
-}
-
-/* --Public-Functions------------------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_X500Name_CreateFromCERTName (see comments in pkix_pl_pki.h)
- */
-
-PKIX_Error *
-PKIX_PL_X500Name_CreateFromCERTName(
- SECItem *derName,
- CERTName *name,
- PKIX_PL_X500Name **pName,
- void *plContext)
-{
- PRArenaPool *arena = NULL;
- SECStatus rv = SECFailure;
- PKIX_PL_X500Name *x500Name = NULL;
-
- PKIX_ENTER(X500NAME, "PKIX_PL_X500Name_CreateFromCERTName");
- PKIX_NULLCHECK_ONE(pName);
- if (derName == NULL && name == NULL) {
- PKIX_ERROR(PKIX_NULLARGUMENT);
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_X500NAME_TYPE,
- sizeof (PKIX_PL_X500Name),
- (PKIX_PL_Object **)&x500Name,
- plContext),
- PKIX_COULDNOTCREATEX500NAMEOBJECT);
-
- x500Name->arena = arena;
- x500Name->nssDN.arena = NULL;
-
- if (derName != NULL) {
- rv = SECITEM_CopyItem(arena, &x500Name->derName, derName);
- if (rv == SECFailure) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
- }
-
- if (name != NULL) {
- rv = CERT_CopyName(arena, &x500Name->nssDN, name);
- if (rv == SECFailure) {
- PKIX_ERROR(PKIX_CERTCOPYNAMEFAILED);
- }
- } else {
- rv = SEC_QuickDERDecodeItem(arena, &x500Name->nssDN,
- CERT_NameTemplate,
- &x500Name->derName);
- if (rv == SECFailure) {
- PKIX_ERROR(PKIX_SECQUICKDERDECODERFAILED);
- }
- }
-
- *pName = x500Name;
-
-cleanup:
- if (PKIX_ERROR_RECEIVED) {
- if (x500Name) {
- PKIX_PL_Object_DecRef((PKIX_PL_Object*)x500Name,
- plContext);
- } else if (arena) {
- PORT_FreeArena(arena, PR_FALSE);
- }
- }
-
- PKIX_RETURN(X500NAME);
-}
-
-#ifdef BUILD_LIBPKIX_TESTS
-/*
- * FUNCTION: PKIX_PL_X500Name_Create (see comments in pkix_pl_pki.h)
- *
- * NOTE: ifdefed BUILD_LIBPKIX_TESTS function: this function is allowed
- * to be called only by pkix tests programs.
- */
-PKIX_Error *
-PKIX_PL_X500Name_Create(
- PKIX_PL_String *stringRep,
- PKIX_PL_X500Name **pName,
- void *plContext)
-{
- char *utf8String = NULL;
- PKIX_UInt32 utf8Length = 0;
-
- PKIX_ENTER(X500NAME, "PKIX_PL_X500Name_Create");
- PKIX_NULLCHECK_TWO(pName, stringRep);
-
- /*
- * convert the input PKIX_PL_String to PKIX_UTF8_NULL_TERM.
- * we need to use this format specifier because
- * CERT_AsciiToName expects a NULL-terminated UTF8 string.
- * Since UTF8 allow NUL characters in the middle of the
- * string, this is buggy. However, as a workaround, using
- * PKIX_UTF8_NULL_TERM gives us a NULL-terminated UTF8 string.
- */
-
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (stringRep,
- PKIX_UTF8_NULL_TERM,
- (void **)&utf8String,
- &utf8Length,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
-
- PKIX_CHECK(
- pkix_pl_X500Name_CreateFromUtf8(utf8String,
- pName, plContext),
- PKIX_X500NAMECREATEFROMUTF8FAILED);
-
-cleanup:
- PKIX_FREE(utf8String);
-
- PKIX_RETURN(X500NAME);
-}
-#endif /* BUILD_LIBPKIX_TESTS */
-
-/*
- * FUNCTION: PKIX_PL_X500Name_Match (see comments in pkix_pl_pki.h)
- */
-PKIX_Error *
-PKIX_PL_X500Name_Match(
- PKIX_PL_X500Name *firstX500Name,
- PKIX_PL_X500Name *secondX500Name,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- SECItem *firstDerName = NULL;
- SECItem *secondDerName = NULL;
- SECComparison cmpResult;
-
- PKIX_ENTER(X500NAME, "PKIX_PL_X500Name_Match");
- PKIX_NULLCHECK_THREE(firstX500Name, secondX500Name, pResult);
-
- if (firstX500Name == secondX500Name){
- *pResult = PKIX_TRUE;
- goto cleanup;
- }
-
- firstDerName = &firstX500Name->derName;
- secondDerName = &secondX500Name->derName;
-
- PKIX_NULLCHECK_TWO(firstDerName->data, secondDerName->data);
-
- cmpResult = SECITEM_CompareItem(firstDerName, secondDerName);
- if (cmpResult != SECEqual) {
- cmpResult = CERT_CompareName(&firstX500Name->nssDN,
- &secondX500Name->nssDN);
- }
-
- *pResult = (cmpResult == SECEqual);
-
-cleanup:
-
- PKIX_RETURN(X500NAME);
-}
-
-/*
- * FUNCTION: pkix_pl_X500Name_GetSECName
- *
- * DESCRIPTION:
- * Returns a copy of CERTName DER representation allocated on passed in arena.
- * If allocation on arena can not be done, NULL is stored at "pSECName".
- *
- * PARAMETERS:
- * "xname"
- * Address of X500Name whose CERTName flag is to be encoded. Must be
- * non-NULL.
- * "arena"
- * Address of the PRArenaPool to be used in the encoding, and in which
- * "pSECName" will be allocated. Must be non-NULL.
- * "pSECName"
- * Address where result will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_X500Name_GetDERName(
- PKIX_PL_X500Name *xname,
- PRArenaPool *arena,
- SECItem **pDERName,
- void *plContext)
-{
- SECItem *derName = NULL;
-
- PKIX_ENTER(X500NAME, "pkix_pl_X500Name_GetDERName");
-
- PKIX_NULLCHECK_THREE(xname, arena, pDERName);
-
- /* Return NULL is X500Name was not created from DER */
- if (xname->derName.data == NULL) {
- *pDERName = NULL;
- goto cleanup;
- }
-
- derName = SECITEM_ArenaDupItem(arena, &xname->derName);
- if (derName == NULL) {
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- *pDERName = derName;
-cleanup:
-
- PKIX_RETURN(X500NAME);
-}
-
-/*
- * FUNCTION: pkix_pl_X500Name_GetCommonName
- *
- * DESCRIPTION:
- * Extracts the CommonName component of the X500Name object pointed to by
- * "xname", and stores the result at "pCommonName". If the CommonName cannot
- * be successfully extracted, NULL is stored at "pCommonName".
- *
- * The returned string must be freed with PORT_Free.
- *
- * PARAMETERS:
- * "xname"
- * Address of X500Name whose CommonName is to be extracted. Must be
- * non-NULL.
- * "pCommonName"
- * Address where result will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_X500Name_GetCommonName(
- PKIX_PL_X500Name *xname,
- unsigned char **pCommonName,
- void *plContext)
-{
- PKIX_ENTER(X500NAME, "pkix_pl_X500Name_GetCommonName");
- PKIX_NULLCHECK_TWO(xname, pCommonName);
-
- *pCommonName = (unsigned char *)CERT_GetCommonName(&xname->nssDN);
-
- PKIX_RETURN(X500NAME);
-}
-
-/*
- * FUNCTION: pkix_pl_X500Name_GetCountryName
- *
- * DESCRIPTION:
- * Extracts the CountryName component of the X500Name object pointed to by
- * "xname", and stores the result at "pCountryName". If the CountryName cannot
- * be successfully extracted, NULL is stored at "pCountryName".
- *
- * The returned string must be freed with PORT_Free.
- *
- * PARAMETERS:
- * "xname"
- * Address of X500Name whose CountryName is to be extracted. Must be
- * non-NULL.
- * "pCountryName"
- * Address where result will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_X500Name_GetCountryName(
- PKIX_PL_X500Name *xname,
- unsigned char **pCountryName,
- void *plContext)
-{
- PKIX_ENTER(X500NAME, "pkix_pl_X500Name_GetCountryName");
- PKIX_NULLCHECK_TWO(xname, pCountryName);
-
- *pCountryName = (unsigned char*)CERT_GetCountryName(&xname->nssDN);
-
- PKIX_RETURN(X500NAME);
-}
-
-/*
- * FUNCTION: pkix_pl_X500Name_GetOrgName
- *
- * DESCRIPTION:
- * Extracts the OrganizationName component of the X500Name object pointed to by
- * "xname", and stores the result at "pOrgName". If the OrganizationName cannot
- * be successfully extracted, NULL is stored at "pOrgName".
- *
- * The returned string must be freed with PORT_Free.
- *
- * PARAMETERS:
- * "xname"
- * Address of X500Name whose OrganizationName is to be extracted. Must be
- * non-NULL.
- * "pOrgName"
- * Address where result will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- *
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- *
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_X500Name_GetOrgName(
- PKIX_PL_X500Name *xname,
- unsigned char **pOrgName,
- void *plContext)
-{
- PKIX_ENTER(X500NAME, "pkix_pl_X500Name_GetOrgName");
- PKIX_NULLCHECK_TWO(xname, pOrgName);
-
- *pOrgName = (unsigned char*)CERT_GetOrgName(&xname->nssDN);
-
- PKIX_RETURN(X500NAME);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.h b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.h
deleted file mode 100644
index 73e25e611..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_x500name.h
- *
- * X500Name Object Type Definitions
- *
- */
-
-#ifndef _PKIX_PL_X500NAME_H
-#define _PKIX_PL_X500NAME_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-struct PKIX_PL_X500NameStruct{
- PRArenaPool *arena; /* X500Name arena. Shared arena with nssDN
- * and derName */
- CERTName nssDN;
- SECItem derName; /* adding DER encoded CERTName to the structure
- * to avoid unnecessary name encoding when pass
- * der name to cert finder */
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *pkix_pl_X500Name_RegisterSelf(void *plContext);
-
-PKIX_Error *pkix_pl_X500Name_GetDERName(
- PKIX_PL_X500Name *xname,
- PRArenaPool *arena,
- SECItem **pSECName,
- void *plContext);
-
-#ifdef BUILD_LIBPKIX_TESTS
-PKIX_Error * pkix_pl_X500Name_CreateFromUtf8(
- char *stringRep,
- PKIX_PL_X500Name **pName,
- void *plContext);
-#endif /* BUILD_LIBPKIX_TESTS */
-
-PKIX_Error *pkix_pl_X500Name_GetCommonName(
- PKIX_PL_X500Name *xname,
- unsigned char **pCommonName,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_X500Name_GetCountryName(
- PKIX_PL_X500Name *xname,
- unsigned char **pCountryName,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_X500Name_GetOrgName(
- PKIX_PL_X500Name *xname,
- unsigned char **pOrgName,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_X500Name_GetCERTName(
- PKIX_PL_X500Name *xname,
- CERTName **pCERTName,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_X500NAME_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/Makefile b/security/nss/lib/libpkix/pkix_pl_nss/system/Makefile
deleted file mode 100755
index 42adc1f4a..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/Makefile
+++ /dev/null
@@ -1,82 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
-
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/config.mk b/security/nss/lib/libpkix/pkix_pl_nss/system/config.mk
deleted file mode 100755
index 6f3fb7b4b..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/config.mk
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/manifest.mn b/security/nss/lib/libpkix/pkix_pl_nss/system/manifest.mn
deleted file mode 100755
index bcf03ee37..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/manifest.mn
+++ /dev/null
@@ -1,81 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the PKIX-C library.
-#
-# The Initial Developer of the Original Code is
-# Sun Microsystems, Inc.
-# Portions created by the Initial Developer are
-# Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-# Sun Microsystems, Inc.
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../../../..
-
-EXPORTS = \
- $(NULL)
-
-PRIVATE_EXPORTS = \
- pkix_pl_common.h \
- pkix_pl_mem.h \
- pkix_pl_object.h \
- pkix_pl_string.h \
- pkix_pl_primhash.h \
- pkix_pl_bigint.h \
- pkix_pl_mutex.h \
- pkix_pl_bytearray.h \
- pkix_pl_lifecycle.h \
- pkix_pl_oid.h \
- pkix_pl_hashtable.h \
- pkix_pl_rwlock.h \
- pkix_pl_monitorlock.h \
- $(NULL)
-
-MODULE = nss
-
-CSRCS = \
- pkix_pl_bigint.c \
- pkix_pl_bytearray.c \
- pkix_pl_common.c \
- pkix_pl_error.c \
- pkix_pl_hashtable.c \
- pkix_pl_lifecycle.c \
- pkix_pl_mem.c \
- pkix_pl_monitorlock.c \
- pkix_pl_mutex.c \
- pkix_pl_object.c \
- pkix_pl_oid.c \
- pkix_pl_primhash.c \
- pkix_pl_rwlock.c \
- pkix_pl_string.c \
- $(NULL)
-
-REQUIRES = dbm
-
-LIBRARY_NAME = pkixsystem
-
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bigint.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bigint.c
deleted file mode 100755
index 7a5bdee37..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bigint.c
+++ /dev/null
@@ -1,431 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_bigint.c
- *
- * BigInt Object Functions
- *
- */
-
-#include "pkix_pl_bigint.h"
-
-/* --Private-Big-Int-Functions------------------------------------ */
-
-/*
- * FUNCTION: pkix_pl_BigInt_Comparator
- * (see comments for PKIX_PL_ComparatorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_BigInt_Comparator(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Int32 *pResult,
- void *plContext)
-{
- PKIX_PL_BigInt *firstBigInt = NULL;
- PKIX_PL_BigInt *secondBigInt = NULL;
- char *firstPtr = NULL;
- char *secondPtr = NULL;
- PKIX_UInt32 firstLen, secondLen;
-
- PKIX_ENTER(BIGINT, "pkix_pl_BigInt_Comparator");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- PKIX_CHECK(pkix_CheckTypes
- (firstObject, secondObject, PKIX_BIGINT_TYPE, plContext),
- PKIX_ARGUMENTSNOTBIGINTS);
-
- /* It's safe to cast */
- firstBigInt = (PKIX_PL_BigInt*)firstObject;
- secondBigInt = (PKIX_PL_BigInt*)secondObject;
-
- *pResult = 0;
- firstPtr = firstBigInt->dataRep;
- secondPtr = secondBigInt->dataRep;
- firstLen = firstBigInt->length;
- secondLen = secondBigInt->length;
-
- if (firstLen < secondLen) {
- *pResult = -1;
- } else if (firstLen > secondLen) {
- *pResult = 1;
- } else if (firstLen == secondLen) {
- PKIX_BIGINT_DEBUG("\t\tCalling PORT_Memcmp).\n");
- *pResult = PORT_Memcmp(firstPtr, secondPtr, firstLen);
- }
-
-cleanup:
-
- PKIX_RETURN(BIGINT);
-}
-
-/*
- * FUNCTION: pkix_pl_BigInt_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_BigInt_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_BigInt *bigInt = NULL;
-
- PKIX_ENTER(BIGINT, "pkix_pl_BigInt_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_BIGINT_TYPE, plContext),
- PKIX_OBJECTNOTBIGINT);
-
- bigInt = (PKIX_PL_BigInt*)object;
-
- PKIX_FREE(bigInt->dataRep);
- bigInt->dataRep = NULL;
- bigInt->length = 0;
-
-cleanup:
-
- PKIX_RETURN(BIGINT);
-}
-
-
-/*
- * FUNCTION: pkix_pl_BigInt_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_BigInt_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_BigInt *bigInt = NULL;
- char *outputText = NULL;
- PKIX_UInt32 i, j, lengthChars;
-
- PKIX_ENTER(BIGINT, "pkix_pl_BigInt_ToString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_BIGINT_TYPE, plContext),
- PKIX_OBJECTNOTBIGINT);
-
- bigInt = (PKIX_PL_BigInt*)object;
-
- /* number of chars = 2 * (number of bytes) + null terminator */
- lengthChars = (bigInt->length * 2) + 1;
-
- PKIX_CHECK(PKIX_PL_Malloc
- (lengthChars, (void **)&outputText, plContext),
- PKIX_MALLOCFAILED);
-
- for (i = 0, j = 0; i < bigInt->length; i += 1, j += 2){
- outputText[j] = pkix_i2hex
- ((char) ((*(bigInt->dataRep+i) & 0xf0) >> 4));
- outputText[j+1] = pkix_i2hex
- ((char) (*(bigInt->dataRep+i) & 0x0f));
- }
-
- outputText[lengthChars-1] = '\0';
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- outputText,
- 0,
- pString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
-cleanup:
-
- PKIX_FREE(outputText);
-
- PKIX_RETURN(BIGINT);
-}
-
-
-/*
- * FUNCTION: pkix_pl_BigInt_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_BigInt_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_PL_BigInt *bigInt = NULL;
-
- PKIX_ENTER(BIGINT, "pkix_pl_BigInt_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_BIGINT_TYPE, plContext),
- PKIX_OBJECTNOTBIGINT);
-
- bigInt = (PKIX_PL_BigInt*)object;
-
- PKIX_CHECK(pkix_hash
- ((void *)bigInt->dataRep,
- bigInt->length,
- pHashcode,
- plContext),
- PKIX_HASHFAILED);
-
-cleanup:
-
- PKIX_RETURN(BIGINT);
-}
-
-/*
- * FUNCTION: pkix_pl_BigInt_Equals
- * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_BigInt_Equals(
- PKIX_PL_Object *first,
- PKIX_PL_Object *second,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_UInt32 secondType;
- PKIX_Int32 cmpResult = 0;
-
- PKIX_ENTER(BIGINT, "pkix_pl_BigInt_Equals");
- PKIX_NULLCHECK_THREE(first, second, pResult);
-
- PKIX_CHECK(pkix_CheckType(first, PKIX_BIGINT_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTBIGINT);
-
- PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
-
- *pResult = PKIX_FALSE;
-
- if (secondType != PKIX_BIGINT_TYPE) goto cleanup;
-
- PKIX_CHECK(pkix_pl_BigInt_Comparator
- (first, second, &cmpResult, plContext),
- PKIX_BIGINTCOMPARATORFAILED);
-
- *pResult = (cmpResult == 0);
-
-cleanup:
-
- PKIX_RETURN(BIGINT);
-}
-
-/*
- * FUNCTION: pkix_pl_BigInt_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_BIGINT_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_BigInt_RegisterSelf(void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(BIGINT, "pkix_pl_BigInt_RegisterSelf");
-
- entry.description = "BigInt";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_BigInt);
- entry.destructor = pkix_pl_BigInt_Destroy;
- entry.equalsFunction = pkix_pl_BigInt_Equals;
- entry.hashcodeFunction = pkix_pl_BigInt_Hashcode;
- entry.toStringFunction = pkix_pl_BigInt_ToString;
- entry.comparator = pkix_pl_BigInt_Comparator;
- entry.duplicateFunction = pkix_duplicateImmutable;
-
- systemClasses[PKIX_BIGINT_TYPE] = entry;
-
- PKIX_RETURN(BIGINT);
-}
-
-/*
- * FUNCTION: pkix_pl_BigInt_CreateWithBytes
- * DESCRIPTION:
- *
- * Creates a new BigInt of size "length" representing the array of bytes
- * pointed to by "bytes" and stores it at "pBigInt". The caller should make
- * sure that the first byte is not 0x00 (unless it is the the only byte).
- * This function does not do that checking.
- *
- * Once created, a PKIX_PL_BigInt object is immutable.
- *
- * PARAMETERS:
- * "bytes"
- * Address of array of bytes. Must be non-NULL.
- * "length"
- * Length of the array. Must be non-zero.
- * "pBigInt"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext" - Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_BigInt_CreateWithBytes(
- char *bytes,
- PKIX_UInt32 length,
- PKIX_PL_BigInt **pBigInt,
- void *plContext)
-{
- PKIX_PL_BigInt *bigInt = NULL;
-
- PKIX_ENTER(BIGINT, "pkix_pl_BigInt_CreateWithBytes");
- PKIX_NULLCHECK_TWO(pBigInt, bytes);
-
- if (length == 0) {
- PKIX_ERROR(PKIX_BIGINTLENGTH0INVALID)
- }
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_BIGINT_TYPE,
- sizeof (PKIX_PL_BigInt),
- (PKIX_PL_Object **)&bigInt,
- plContext),
- PKIX_COULDNOTCREATEOBJECT);
-
- PKIX_CHECK(PKIX_PL_Malloc
- (length, (void **)&(bigInt->dataRep), plContext),
- PKIX_MALLOCFAILED);
-
- PKIX_BIGINT_DEBUG("\t\tCalling PORT_Memcpy).\n");
- (void) PORT_Memcpy(bigInt->dataRep, bytes, length);
-
- bigInt->length = length;
-
- *pBigInt = bigInt;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(bigInt);
- }
-
- PKIX_RETURN(BIGINT);
-}
-
-/* --Public-Functions------------------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_BigInt_Create (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_BigInt_Create(
- PKIX_PL_String *stringRep,
- PKIX_PL_BigInt **pBigInt,
- void *plContext)
-{
- PKIX_PL_BigInt *bigInt = NULL;
- char *asciiString = NULL;
- PKIX_UInt32 lengthBytes;
- PKIX_UInt32 lengthString;
- PKIX_UInt32 i;
- char currChar;
-
- PKIX_ENTER(BIGINT, "PKIX_PL_BigInt_Create");
- PKIX_NULLCHECK_TWO(pBigInt, stringRep);
-
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (stringRep,
- PKIX_ESCASCII,
- (void **)&asciiString,
- &lengthString,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
-
- if ((lengthString == 0) || ((lengthString % 2) != 0)){
- PKIX_ERROR(PKIX_SOURCESTRINGHASINVALIDLENGTH);
- }
-
- if (lengthString != 2){
- if ((asciiString[0] == '0') && (asciiString[1] == '0')){
- PKIX_ERROR(PKIX_FIRSTDOUBLEHEXMUSTNOTBE00);
- }
- }
-
- for (i = 0; i < lengthString; i++) {
- currChar = asciiString[i];
- if (!PKIX_ISXDIGIT(currChar)){
- PKIX_ERROR(PKIX_INVALIDCHARACTERINBIGINT);
- }
- }
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_BIGINT_TYPE,
- sizeof (PKIX_PL_BigInt),
- (PKIX_PL_Object **)&bigInt,
- plContext),
- PKIX_COULDNOTCREATEOBJECT);
-
- /* number of bytes = 0.5 * (number of chars) */
- lengthBytes = lengthString/2;
-
- PKIX_CHECK(PKIX_PL_Malloc
- (lengthBytes, (void **)&(bigInt->dataRep), plContext),
- PKIX_MALLOCFAILED);
-
- for (i = 0; i < lengthString; i += 2){
- (bigInt->dataRep)[i/2] =
- (pkix_hex2i(asciiString[i])<<4) |
- pkix_hex2i(asciiString[i+1]);
- }
-
- bigInt->length = lengthBytes;
-
- *pBigInt = bigInt;
-
-cleanup:
-
- PKIX_FREE(asciiString);
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(bigInt);
- }
-
- PKIX_RETURN(BIGINT);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bigint.h b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bigint.h
deleted file mode 100755
index c921af49a..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bigint.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_bigint.h
- *
- * Bigint Object Definitions
- *
- */
-
-#ifndef _PKIX_PL_BIGINT_H
-#define _PKIX_PL_BIGINT_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_BigIntStruct {
- char *dataRep;
- PKIX_UInt32 length;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *
-pkix_pl_BigInt_CreateWithBytes(
- char *bytes,
- PKIX_UInt32 length,
- PKIX_PL_BigInt **pBigInt,
- void *plContext);
-
-PKIX_Error *pkix_pl_BigInt_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_BIGINT_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bytearray.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bytearray.c
deleted file mode 100755
index 8e9f423e2..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bytearray.c
+++ /dev/null
@@ -1,537 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_bytearray.c
- *
- * ByteArray Object Functions
- *
- */
-
-#include "pkix_pl_bytearray.h"
-
-/* --Private-ByteArray-Functions------------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_ByteArray_ToHexString
- * DESCRIPTION:
- *
- * Creates a hex-String representation of the ByteArray pointed to by "array"
- * and stores the result at "pString". The hex-String consists of hex-digit
- * pairs separated by spaces, and the entire string enclosed within square
- * brackets, e.g. [43 61 6E 20 79 6F 75 20 72 65 61 64 20 74 68 69 73 3F].
- * A zero-length ByteArray is represented as [].
- * PARAMETERS
- * "array"
- * ByteArray to be represented by the hex-String; must be non-NULL
- * "pString"
- * Address where String will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Cert Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_ByteArray_ToHexString(
- PKIX_PL_ByteArray *array,
- PKIX_PL_String **pString,
- void *plContext)
-{
- char *tempText = NULL;
- char *stringText = NULL; /* "[XX XX XX ...]" */
- PKIX_UInt32 i, outputLen, bufferSize;
-
- PKIX_ENTER(BYTEARRAY, "pkix_pl_ByteArray_ToHexString");
- PKIX_NULLCHECK_TWO(array, pString);
-
- if ((array->length) == 0) {
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, "[]", 0, pString, plContext),
- PKIX_COULDNOTCREATESTRING);
- } else {
- /*
- * Allocate space for format string
- * '[' + "XX" + (n-1)*" XX" + ']' + '\0'
- */
- bufferSize = 2 + (3*(array->length));
-
- PKIX_CHECK(PKIX_PL_Malloc
- (bufferSize, (void **)&stringText, plContext),
- PKIX_COULDNOTALLOCATEMEMORY);
-
- stringText[0] = 0;
- outputLen = 0;
-
- PKIX_BYTEARRAY_DEBUG("\tCalling PR_smprintf).\n");
- tempText = PR_smprintf
- ("[%02X", (0x0FF&((char *)(array->array))[0]));
- PKIX_BYTEARRAY_DEBUG("\tCalling PL_strlen).\n");
- outputLen += PL_strlen(tempText);
-
- PKIX_BYTEARRAY_DEBUG("\tCalling PL_strcat).\n");
- stringText = PL_strcat(stringText, tempText);
-
- PKIX_BYTEARRAY_DEBUG("\tCalling PR_smprintf_free).\n");
- PR_smprintf_free(tempText);
-
- for (i = 1; i < array->length; i++) {
- PKIX_BYTEARRAY_DEBUG("\tCalling PR_smprintf).\n");
- tempText = PR_smprintf
- (" %02X", (0x0FF&((char *)(array->array))[i]));
-
- if (tempText == NULL){
- PKIX_ERROR(PKIX_PRSMPRINTFFAILED);
- }
-
- PKIX_BYTEARRAY_DEBUG("\tCalling PL_strlen).\n");
- outputLen += PL_strlen(tempText);
-
- PKIX_BYTEARRAY_DEBUG("\tCalling PL_strcat).\n");
- stringText = PL_strcat(stringText, tempText);
-
- PKIX_BYTEARRAY_DEBUG("\tCalling PR_smprintf_free).\n");
- PR_smprintf_free(tempText);
- tempText = NULL;
- }
-
- stringText[outputLen++] = ']';
- stringText[outputLen] = 0;
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- stringText,
- 0,
- pString,
- plContext),
- PKIX_COULDNOTCREATESTRING);
- }
-
-cleanup:
-
- PKIX_FREE(stringText);
- PKIX_RETURN(BYTEARRAY);
-}
-
-/*
- * FUNCTION: pkix_pl_ByteArray_Comparator
- * (see comments for PKIX_PL_ComparatorCallback in pkix_pl_system.h)
- *
- * NOTE:
- * It is not clear that this definition of comparing byte arrays makes
- * sense. It does allow you to tell whether two blocks of memory are
- * identical, so we only use it for the Equals function (i.e. we don't
- * register it as a Compare function for ByteArray).
- */
-static PKIX_Error *
-pkix_pl_ByteArray_Comparator(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Int32 *pResult,
- void *plContext)
-{
- PKIX_PL_ByteArray *firstByteArray = NULL;
- PKIX_PL_ByteArray *secondByteArray = NULL;
- unsigned char *firstData = NULL;
- unsigned char *secondData = NULL;
- PKIX_UInt32 i;
-
- PKIX_ENTER(BYTEARRAY, "pkix_pl_ByteArray_Comparator");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- PKIX_CHECK(pkix_CheckTypes
- (firstObject, secondObject, PKIX_BYTEARRAY_TYPE, plContext),
- PKIX_ARGUMENTSNOTBYTEARRAYS);
-
- /* It's safe to cast */
- firstByteArray = (PKIX_PL_ByteArray *)firstObject;
- secondByteArray = (PKIX_PL_ByteArray *)secondObject;
-
- *pResult = 0;
- firstData = (unsigned char *)firstByteArray->array;
- secondData = (unsigned char *)secondByteArray->array;
-
- if (firstByteArray->length < secondByteArray->length) {
- *pResult = -1;
- } else if (firstByteArray->length > secondByteArray->length) {
- *pResult = 1;
- } else if (firstByteArray->length == secondByteArray->length) {
- /* Check if both array contents are identical */
- for (i = 0;
- (i < firstByteArray->length) && (*pResult == 0);
- i++) {
- if (firstData[i] < secondData[i]) {
- *pResult = -1;
- } else if (firstData[i] > secondData[i]) {
- *pResult = 1;
- }
- }
- }
-
-cleanup:
-
- PKIX_RETURN(BYTEARRAY);
-}
-
-/*
- * FUNCTION: pkix_pl_ByteArray_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_ByteArray_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_ByteArray *array = NULL;
- char *tempText = NULL;
- char *stringText = NULL; /* "[OOO, OOO, ... OOO]" */
- PKIX_UInt32 i, outputLen, bufferSize;
-
- PKIX_ENTER(BYTEARRAY, "pkix_pl_ByteArray_ToString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_BYTEARRAY_TYPE, plContext),
- PKIX_OBJECTNOTBYTEARRAY);
-
- array = (PKIX_PL_ByteArray *)object;
-
- if ((array->length) == 0) {
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, "[]", 0, pString, plContext),
- PKIX_COULDNOTCREATESTRING);
- } else {
- /* Allocate space for "XXX, ". */
- bufferSize = 2+5*array->length;
-
- /* Allocate space for format string */
- PKIX_CHECK(PKIX_PL_Malloc
- (bufferSize, (void **)&stringText, plContext),
- PKIX_MALLOCFAILED);
-
- stringText[0] = 0;
- outputLen = 0;
-
- PKIX_BYTEARRAY_DEBUG("\tCalling PR_smprintf).\n");
- tempText =
- PR_smprintf
- ("[%03u", (0x0FF&((char *)(array->array))[0]));
- PKIX_BYTEARRAY_DEBUG("\tCalling PL_strlen).\n");
- outputLen += PL_strlen(tempText);
-
- PKIX_BYTEARRAY_DEBUG("\tCalling PL_strcat).\n");
- stringText = PL_strcat(stringText, tempText);
-
- PKIX_BYTEARRAY_DEBUG("\tCalling PR_smprintf_free).\n");
- PR_smprintf_free(tempText);
-
- for (i = 1; i < array->length; i++) {
- PKIX_BYTEARRAY_DEBUG("\tCalling PR_smprintf).\n");
- tempText = PR_smprintf
- (", %03u",
- (0x0FF&((char *)(array->array))[i]));
-
- if (tempText == NULL){
- PKIX_ERROR(PKIX_PRSMPRINTFFAILED);
- }
-
- PKIX_BYTEARRAY_DEBUG("\tCalling PL_strlen).\n");
- outputLen += PL_strlen(tempText);
-
- PKIX_BYTEARRAY_DEBUG("\tCalling PL_strcat).\n");
- stringText = PL_strcat(stringText, tempText);
-
- PKIX_BYTEARRAY_DEBUG("\tCalling PR_smprintf_free).\n");
- PR_smprintf_free(tempText);
- tempText = NULL;
- }
-
- stringText[outputLen++] = ']';
- stringText[outputLen] = 0;
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, stringText, 0, pString, plContext),
- PKIX_STRINGCREATEFAILED);
-
- }
-
-cleanup:
-
- PKIX_FREE(stringText);
- PKIX_RETURN(BYTEARRAY);
-}
-
-/*
- * FUNCTION: pkix_pl_ByteArray_Equals
- * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_ByteArray_Equals(
- PKIX_PL_Object *first,
- PKIX_PL_Object *second,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_UInt32 secondType;
- PKIX_Int32 cmpResult = 0;
-
- PKIX_ENTER(BYTEARRAY, "pkix_pl_ByteArray_Equals");
- PKIX_NULLCHECK_THREE(first, second, pResult);
-
- /* Sanity check: Test that "first" is a ByteArray */
- PKIX_CHECK(pkix_CheckType(first, PKIX_BYTEARRAY_TYPE, plContext),
- PKIX_FIRSTARGUMENTNOTBYTEARRAY);
-
- PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
-
- /* If types differ, then we will return false */
- *pResult = PKIX_FALSE;
-
- /* Second type may not be a BA */
- if (secondType != PKIX_BYTEARRAY_TYPE) goto cleanup;
-
- /* It's safe to cast here */
- PKIX_CHECK(pkix_pl_ByteArray_Comparator
- (first, second, &cmpResult, plContext),
- PKIX_BYTEARRAYCOMPARATORFAILED);
-
- /* ByteArrays are equal iff Comparator Result is 0 */
- *pResult = (cmpResult == 0);
-
-cleanup:
-
- PKIX_RETURN(BYTEARRAY);
-}
-
-/*
- * FUNCTION: pkix_pl_ByteArray_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_ByteArray_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_ByteArray *array = NULL;
-
- PKIX_ENTER(BYTEARRAY, "pkix_pl_ByteArray_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_BYTEARRAY_TYPE, plContext),
- PKIX_OBJECTNOTBYTEARRAY);
-
- array = (PKIX_PL_ByteArray*)object;
-
- PKIX_FREE(array->array);
- array->array = NULL;
- array->length = 0;
-
-cleanup:
-
- PKIX_RETURN(BYTEARRAY);
-}
-
-/*
- * FUNCTION: pkix_pl_ByteArray_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_ByteArray_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_PL_ByteArray *array = NULL;
-
- PKIX_ENTER(BYTEARRAY, "pkix_pl_ByteArray_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_BYTEARRAY_TYPE, plContext),
- PKIX_OBJECTNOTBYTEARRAY);
-
- array = (PKIX_PL_ByteArray*)object;
-
- PKIX_CHECK(pkix_hash
- ((const unsigned char *)array->array,
- array->length,
- pHashcode,
- plContext),
- PKIX_HASHFAILED);
-
-cleanup:
-
- PKIX_RETURN(BYTEARRAY);
-}
-
-/*
- * FUNCTION: pkix_pl_ByteArray_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_BYTEARRAY_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_ByteArray_RegisterSelf(void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(BYTEARRAY, "pkix_pl_ByteArray_RegisterSelf");
-
- entry.description = "ByteArray";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_ByteArray);
- entry.destructor = pkix_pl_ByteArray_Destroy;
- entry.equalsFunction = pkix_pl_ByteArray_Equals;
- entry.hashcodeFunction = pkix_pl_ByteArray_Hashcode;
- entry.toStringFunction = pkix_pl_ByteArray_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
-
- systemClasses[PKIX_BYTEARRAY_TYPE] = entry;
-
- PKIX_RETURN(BYTEARRAY);
-}
-
-/* --Public-Functions------------------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_ByteArray_Create (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_ByteArray_Create(
- void *array,
- PKIX_UInt32 length,
- PKIX_PL_ByteArray **pByteArray,
- void *plContext)
-{
- PKIX_PL_ByteArray *byteArray = NULL;
-
- PKIX_ENTER(BYTEARRAY, "PKIX_PL_ByteArray_Create");
- PKIX_NULLCHECK_ONE(pByteArray);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_BYTEARRAY_TYPE,
- sizeof (PKIX_PL_ByteArray),
- (PKIX_PL_Object **)&byteArray,
- plContext),
- PKIX_COULDNOTCREATEOBJECTSTORAGE);
-
- byteArray->length = length;
- byteArray->array = NULL;
-
- if (length != 0){
- /* Alloc space for array */
- PKIX_NULLCHECK_ONE(array);
-
- PKIX_CHECK(PKIX_PL_Malloc
- (length, (void**)&(byteArray->array), plContext),
- PKIX_MALLOCFAILED);
-
- PKIX_BYTEARRAY_DEBUG("\tCalling PORT_Memcpy).\n");
- (void) PORT_Memcpy(byteArray->array, array, length);
- }
-
- *pByteArray = byteArray;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(byteArray);
- }
-
- PKIX_RETURN(BYTEARRAY);
-}
-
-/*
- * FUNCTION: PKIX_PL_ByteArray_GetPointer (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_ByteArray_GetPointer(
- PKIX_PL_ByteArray *byteArray,
- void **pArray,
- void *plContext)
-{
- void *bytes = NULL;
- PKIX_ENTER(BYTEARRAY, "PKIX_PL_ByteArray_GetPointer");
- PKIX_NULLCHECK_TWO(byteArray, pArray);
-
- if (byteArray->length != 0){
- PKIX_CHECK(PKIX_PL_Malloc
- (byteArray->length, &bytes, plContext),
- PKIX_MALLOCFAILED);
-
- PKIX_BYTEARRAY_DEBUG("\tCalling PORT_Memcpy).\n");
- (void) PORT_Memcpy
- (bytes, byteArray->array, byteArray->length);
- }
-
- *pArray = bytes;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_FREE(bytes);
- }
-
- PKIX_RETURN(BYTEARRAY);
-}
-
-/*
- * FUNCTION: PKIX_PL_ByteArray_GetLength (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_ByteArray_GetLength(
- PKIX_PL_ByteArray *byteArray,
- PKIX_UInt32 *pLength,
- void *plContext)
-{
- PKIX_ENTER(BYTEARRAY, "PKIX_PL_ByteArray_GetLength");
- PKIX_NULLCHECK_TWO(byteArray, pLength);
-
- *pLength = byteArray->length;
-
- PKIX_RETURN(BYTEARRAY);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bytearray.h b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bytearray.h
deleted file mode 100755
index b1f017c7e..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bytearray.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_bytearray.h
- *
- * ByteArray Object Definitions
- *
- */
-
-#ifndef _PKIX_PL_BYTEARRAY_H
-#define _PKIX_PL_BYTEARRAY_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_ByteArrayStruct {
- void *array;
- PKIX_UInt32 length;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *
-pkix_pl_ByteArray_ToHexString(
- PKIX_PL_ByteArray *array,
- PKIX_PL_String **pString,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_ByteArray_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_BYTEARRAY_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.c
deleted file mode 100755
index 1b54fa38c..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.c
+++ /dev/null
@@ -1,1106 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_common.c
- *
- * Common utility functions used by various PKIX_PL functions
- *
- */
-
-#include "pkix_pl_common.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_LockObject
- * DESCRIPTION:
- *
- * Locks the object pointed to by "object".
- *
- * PARAMETERS:
- * "object"
- * Address of object. Must be non-NULL
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_LockObject(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_Object *objectHeader;
-
- PKIX_ENTER(OBJECT, "pkix_LockObject");
- PKIX_NULLCHECK_ONE(object);
-
- if (object == (PKIX_PL_Object *)PKIX_ALLOC_ERROR()) {
- goto cleanup;
- }
-
- PKIX_OBJECT_DEBUG("\tShifting object pointer).\n");
- /* The header is sizeof(PKIX_PL_Object) before the object pointer */
-
- objectHeader = object-1;
-
- PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
- PR_Lock(objectHeader->lock);
-
-cleanup:
-
- PKIX_RETURN(OBJECT);
-}
-
-/*
- * FUNCTION: pkix_UnlockObject
- * DESCRIPTION:
- *
- * Unlocks the object pointed to by "object".
- *
- * PARAMETERS:
- * "object"
- * Address of Object. Must be non-NULL
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_UnlockObject(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_Object *objectHeader;
- PRStatus result;
-
- PKIX_ENTER(OBJECT, "pkix_UnlockObject");
- PKIX_NULLCHECK_ONE(object);
-
- if (object == (PKIX_PL_Object *)PKIX_ALLOC_ERROR()) {
- goto cleanup;
- }
-
- PKIX_OBJECT_DEBUG("\tShifting object pointer).\n");
- /* The header is sizeof(PKIX_PL_Object) before the object pointer */
-
- objectHeader = object-1;
-
- PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
- result = PR_Unlock(objectHeader->lock);
-
- if (result == PR_FAILURE) {
- PKIX_OBJECT_DEBUG("\tPR_Unlock failed.).\n");
- PKIX_ERROR_FATAL(PKIX_ERRORUNLOCKINGOBJECT);
- }
-
-cleanup:
-
- PKIX_RETURN(OBJECT);
-}
-
-/*
- * FUNCTION: pkix_pl_UInt32_Overflows
- * DESCRIPTION:
- *
- * Returns a PKIX_Boolean indicating whether the unsigned integer
- * represented by "string" is too large to fit in 32-bits (i.e.
- * whether it overflows). With the exception of the string "0",
- * all other strings are stripped of any leading zeros. It is assumed
- * that every character in "string" is from the set {'0' - '9'}.
- *
- * PARAMETERS
- * "string"
- * Address of array of bytes representing PKIX_UInt32 that's being tested
- * for 32-bit overflow
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * PKIX_TRUE if PKIX_UInt32 represented by "string" overflows;
- * PKIX_FALSE otherwise
- */
-PKIX_Boolean
-pkix_pl_UInt32_Overflows(char *string){
- char *firstNonZero = NULL;
- PKIX_UInt32 length, i;
- char *MAX_UINT32_STRING = "4294967295";
-
- PKIX_DEBUG_ENTER(OID);
-
- PKIX_OID_DEBUG("\tCalling PL_strlen).\n");
- length = PL_strlen(string);
-
- if (length < MAX_DIGITS_32){
- return (PKIX_FALSE);
- }
-
- firstNonZero = string;
- for (i = 0; i < length; i++){
- if (*string == '0'){
- firstNonZero++;
- }
- }
-
- PKIX_OID_DEBUG("\tCalling PL_strlen).\n");
- length = PL_strlen(firstNonZero);
-
- if (length > MAX_DIGITS_32){
- return (PKIX_TRUE);
- }
-
- PKIX_OID_DEBUG("\tCalling PL_strlen).\n");
- if (length == MAX_DIGITS_32){
- PKIX_OID_DEBUG("\tCalling PORT_Strcmp).\n");
- if (PORT_Strcmp(firstNonZero, MAX_UINT32_STRING) > 0){
- return (PKIX_TRUE);
- }
- }
-
- return (PKIX_FALSE);
-}
-
-/*
- * FUNCTION: pkix_pl_getOIDToken
- * DESCRIPTION:
- *
- * Takes the array of DER-encoded bytes pointed to by "derBytes"
- * (representing an OID) and the value of "index" representing the index into
- * the array, and decodes the bytes until an integer token is retrieved. If
- * successful, this function stores the integer component at "pToken" and
- * stores the index representing the next byte in the array at "pIndex"
- * (following the last byte that was used in the decoding). This new output
- * index can be used in subsequent calls as an input index, allowing each
- * token of the OID to be retrieved consecutively. Note that there is a
- * special case for the first byte, in that it encodes two separate integer
- * tokens. For example, the byte {2a} represents the integer tokens {1,2}.
- * This special case is not handled here and must be handled by the caller.
- *
- * PARAMETERS
- * "derBytes"
- * Address of array of bytes representing a DER-encoded OID.
- * Must be non-NULL.
- * "index"
- * Index into the array that this function will begin decoding at.
- * "pToken"
- * Destination for decoded OID token. Must be non-NULL.
- * "pIndex"
- * Destination for index of next byte following last byte used.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Object Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_getOIDToken(
- char *derBytes,
- PKIX_UInt32 index,
- PKIX_UInt32 *pToken,
- PKIX_UInt32 *pIndex,
- void *plContext)
-{
- PKIX_UInt32 retval, i, tmp;
-
- PKIX_ENTER(OID, "pkix_pl_getOIDToken");
- PKIX_NULLCHECK_THREE(derBytes, pToken, pIndex);
-
- /*
- * We should only need to parse a maximum of four bytes, because
- * RFC 3280 "mandates support for OIDs which have arc elements
- * with values that are less than 2^28, that is, they MUST be between
- * 0 and 268,435,455, inclusive. This allows each arc element to be
- * represented within a single 32 bit word."
- */
-
- for (i = 0, retval = 0; i < 4; i++) {
- retval <<= 7;
- tmp = derBytes[index];
- index++;
- retval |= (tmp & 0x07f);
- if ((tmp & 0x080) == 0){
- *pToken = retval;
- *pIndex = index;
- goto cleanup;
- }
- }
-
- PKIX_ERROR(PKIX_INVALIDENCODINGOIDTOKENVALUETOOBIG);
-
-cleanup:
-
- PKIX_RETURN(OID);
-
-}
-
-/*
- * FUNCTION: pkix_pl_helperBytes2Ascii
- * DESCRIPTION:
- *
- * Converts an array of integers pointed to by "tokens" with a length of
- * "numTokens", to an ASCII string consisting of those integers with dots in
- * between them and stores the result at "pAscii". The ASCII representation is
- * guaranteed to end with a NUL character. This is particularly useful for
- * OID's and IP Addresses.
- *
- * The return value "pAscii" is not reference-counted and will need to
- * be freed with PKIX_PL_Free.
- *
- * PARAMETERS
- * "tokens"
- * Address of array of integers. Must be non-NULL.
- * "numTokens"
- * Length of array of integers. Must be non-zero.
- * "pAscii"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Object Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_helperBytes2Ascii(
- PKIX_UInt32 *tokens,
- PKIX_UInt32 numTokens,
- char **pAscii,
- void *plContext)
-{
- char *tempString = NULL;
- char *outputString = NULL;
- char *format = "%d";
- PKIX_UInt32 i = 0;
- PKIX_UInt32 outputLen = 0;
- PKIX_Int32 error;
-
- PKIX_ENTER(OBJECT, "pkix_pl_helperBytes2Ascii");
- PKIX_NULLCHECK_TWO(tokens, pAscii);
-
- if (numTokens == 0) {
- PKIX_ERROR_FATAL(PKIX_HELPERBYTES2ASCIINUMTOKENSZERO);
- }
-
- /*
- * tempString will hold the string representation of a PKIX_UInt32 type
- * The maximum value that can be held by an unsigned 32-bit integer
- * is (2^32 - 1) = 4294967295 (which is ten digits long)
- * Since tempString will hold the string representation of a
- * PKIX_UInt32, we allocate 11 bytes for it (1 byte for '\0')
- */
-
- PKIX_CHECK(PKIX_PL_Malloc
- (MAX_DIGITS_32 + 1, (void **)&tempString, plContext),
- PKIX_MALLOCFAILED);
-
- for (i = 0; i < numTokens; i++){
- PKIX_OBJECT_DEBUG("\tCalling PR_snprintf).\n");
- error = PR_snprintf(tempString,
- MAX_DIGITS_32 + 1,
- format,
- tokens[i]);
- if (error == -1){
- PKIX_ERROR(PKIX_PRSNPRINTFFAILED);
- }
-
- PKIX_OBJECT_DEBUG("\tCalling PL_strlen).\n");
- outputLen += PL_strlen(tempString);
-
- /* Include a dot to separate each number */
- outputLen++;
- }
-
- /* Allocate space for the destination string */
- PKIX_CHECK(PKIX_PL_Malloc
- (outputLen, (void **)&outputString, plContext),
- PKIX_MALLOCFAILED);
-
- *outputString = '\0';
-
- /* Concatenate all strings together */
- for (i = 0; i < numTokens; i++){
-
- PKIX_OBJECT_DEBUG("\tCalling PR_snprintf).\n");
- error = PR_snprintf(tempString,
- MAX_DIGITS_32 + 1,
- format,
- tokens[i]);
- if (error == -1){
- PKIX_ERROR(PKIX_PRSNPRINTFFAILED);
- }
-
- PKIX_OBJECT_DEBUG("\tCalling PL_strcat).\n");
- (void) PL_strcat(outputString, tempString);
-
- /* we don't want to put a "." at the very end */
- if (i < (numTokens - 1)){
- PKIX_OBJECT_DEBUG("\tCalling PL_strcat).\n");
- (void) PL_strcat(outputString, ".");
- }
- }
-
- /* Ensure output string ends with terminating null */
- outputString[outputLen-1] = '\0';
-
- *pAscii = outputString;
- outputString = NULL;
-
-cleanup:
-
- PKIX_FREE(outputString);
- PKIX_FREE(tempString);
-
- PKIX_RETURN(OBJECT);
-
-}
-
-/*
- * FUNCTION: pkix_pl_ipAddrBytes2Ascii
- * DESCRIPTION:
- *
- * Converts the DER encoding of an IPAddress pointed to by "secItem" to an
- * ASCII representation and stores the result at "pAscii". The ASCII
- * representation is guaranteed to end with a NUL character. The input
- * SECItem must contain non-NULL data and must have a positive length.
- *
- * The return value "pAscii" is not reference-counted and will need to
- * be freed with PKIX_PL_Free.
- * XXX this function assumes that IPv4 addresses are being used
- * XXX what about IPv6? can NSS tell the difference
- *
- * PARAMETERS
- * "secItem"
- * Address of SECItem which contains bytes and length of DER encoding.
- * Must be non-NULL.
- * "pAscii"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Object Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_ipAddrBytes2Ascii(
- SECItem *secItem,
- char **pAscii,
- void *plContext)
-{
- char *data = NULL;
- PKIX_UInt32 *tokens = NULL;
- PKIX_UInt32 numTokens = 0;
- PKIX_UInt32 i = 0;
- char *asciiString = NULL;
-
- PKIX_ENTER(OBJECT, "pkix_pl_ipAddrBytes2Ascii");
- PKIX_NULLCHECK_THREE(secItem, pAscii, secItem->data);
-
- if (secItem->len == 0) {
- PKIX_ERROR_FATAL(PKIX_IPADDRBYTES2ASCIIDATALENGTHZERO);
- }
-
- data = (char *)(secItem->data);
- numTokens = secItem->len;
-
- /* allocate space for array of integers */
- PKIX_CHECK(PKIX_PL_Malloc
- (numTokens * sizeof (PKIX_UInt32),
- (void **)&tokens,
- plContext),
- PKIX_MALLOCFAILED);
-
- /* populate array of integers */
- for (i = 0; i < numTokens; i++){
- tokens[i] = data[i];
- }
-
- /* convert array of integers to ASCII */
- PKIX_CHECK(pkix_pl_helperBytes2Ascii
- (tokens, numTokens, &asciiString, plContext),
- PKIX_HELPERBYTES2ASCIIFAILED);
-
- *pAscii = asciiString;
-
-cleanup:
-
- PKIX_FREE(tokens);
-
- PKIX_RETURN(OBJECT);
-}
-
-
-/*
- * FUNCTION: pkix_pl_oidBytes2Ascii
- * DESCRIPTION:
- *
- * Converts the DER encoding of an OID pointed to by "secItem" to an ASCII
- * representation and stores it at "pAscii". The ASCII representation is
- * guaranteed to end with a NUL character. The input SECItem must contain
- * non-NULL data and must have a positive length.
- *
- * Example: the six bytes {2a 86 48 86 f7 0d} represent the
- * four integer tokens {1, 2, 840, 113549}, which we will convert
- * into ASCII yielding "1.2.840.113549"
- *
- * The return value "pAscii" is not reference-counted and will need to
- * be freed with PKIX_PL_Free.
- *
- * PARAMETERS
- * "secItem"
- * Address of SECItem which contains bytes and length of DER encoding.
- * Must be non-NULL.
- * "pAscii"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an OID Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_oidBytes2Ascii(
- SECItem *secItem,
- char **pAscii,
- void *plContext)
-{
- char *data = NULL;
- PKIX_UInt32 *tokens = NULL;
- PKIX_UInt32 token = 0;
- PKIX_UInt32 numBytes = 0;
- PKIX_UInt32 numTokens = 0;
- PKIX_UInt32 i = 0, x = 0, y = 0;
- PKIX_UInt32 index = 0;
- char *asciiString = NULL;
-
- PKIX_ENTER(OID, "pkix_pl_oidBytes2Ascii");
- PKIX_NULLCHECK_THREE(secItem, pAscii, secItem->data);
-
- if (secItem->len == 0) {
- PKIX_ERROR_FATAL(PKIX_OIDBYTES2ASCIIDATALENGTHZERO);
- }
-
- data = (char *)(secItem->data);
- numBytes = secItem->len;
- numTokens = 0;
-
- /* calculate how many integer tokens are represented by the bytes. */
- for (i = 0; i < numBytes; i++){
- if ((data[i] & 0x080) == 0){
- numTokens++;
- }
- }
-
- /* if we are unable to retrieve any tokens at all, we throw an error */
- if (numTokens == 0){
- PKIX_ERROR(PKIX_INVALIDDERENCODINGFOROID);
- }
-
- /* add one more token b/c the first byte always contains two tokens */
- numTokens++;
-
- /* allocate space for array of integers */
- PKIX_CHECK(PKIX_PL_Malloc
- (numTokens * sizeof (PKIX_UInt32),
- (void **)&tokens,
- plContext),
- PKIX_MALLOCFAILED);
-
- /* populate array of integers */
- for (i = 0; i < numTokens; i++){
-
- /* retrieve integer token */
- PKIX_CHECK(pkix_pl_getOIDToken
- (data, index, &token, &index, plContext),
- PKIX_GETOIDTOKENFAILED);
-
- if (i == 0){
-
- /*
- * special case: the first DER-encoded byte represents
- * two tokens. We take advantage of fact that first
- * token must be 0, 1, or 2; and second token must be
- * between {0, 39} inclusive if first token is 0 or 1.
- */
-
- if (token < 40)
- x = 0;
- else if (token < 80)
- x = 1;
- else
- x = 2;
- y = token - (x * 40);
-
- tokens[0] = x;
- tokens[1] = y;
- i++;
- } else {
- tokens[i] = token;
- }
- }
-
- /* convert array of integers to ASCII */
- PKIX_CHECK(pkix_pl_helperBytes2Ascii
- (tokens, numTokens, &asciiString, plContext),
- PKIX_HELPERBYTES2ASCIIFAILED);
-
- *pAscii = asciiString;
-
-cleanup:
-
- PKIX_FREE(tokens);
- PKIX_RETURN(OID);
-
-}
-
-/*
- * FUNCTION: pkix_UTF16_to_EscASCII
- * DESCRIPTION:
- *
- * Converts array of bytes pointed to by "utf16String" with length of
- * "utf16Length" (which must be even) into a freshly allocated Escaped ASCII
- * string and stores a pointer to that string at "pDest" and stores the
- * string's length at "pLength". The Escaped ASCII string's length does not
- * include the final NUL character. The caller is responsible for freeing
- * "pDest" using PKIX_PL_Free. If "debug" is set, uses EscASCII_Debug
- * encoding.
- *
- * PARAMETERS:
- * "utf16String"
- * Address of array of bytes representing data source. Must be non-NULL.
- * "utf16Length"
- * Length of data source. Must be even.
- * "debug"
- * Boolean value indicating whether debug mode is desired.
- * "pDest"
- * Address where data will be stored. Must be non-NULL.
- * "pLength"
- * Address where data length will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a String Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_UTF16_to_EscASCII(
- const void *utf16String,
- PKIX_UInt32 utf16Length,
- PKIX_Boolean debug,
- char **pDest,
- PKIX_UInt32 *pLength,
- void *plContext)
-{
- char *destPtr = NULL;
- PKIX_UInt32 i, charLen;
- PKIX_UInt32 x = 0, y = 0, z = 0;
- unsigned char *utf16Char = (unsigned char *)utf16String;
-
- PKIX_ENTER(STRING, "pkix_UTF16_to_EscASCII");
- PKIX_NULLCHECK_THREE(utf16String, pDest, pLength);
-
- /* Assume every pair of bytes becomes &#xNNNN; */
- charLen = 4*utf16Length;
-
- /* utf16Lenght must be even */
- if ((utf16Length % 2) != 0){
- PKIX_ERROR(PKIX_UTF16ALIGNMENTERROR);
- }
-
- /* Count how many bytes we need */
- for (i = 0; i < utf16Length; i += 2) {
- if ((utf16Char[i] == 0x00)&&
- pkix_isPlaintext(utf16Char[i+1], debug)) {
- if (utf16Char[i+1] == '&') {
- /* Need to convert this to &amp; */
- charLen -= 3;
- } else {
- /* We can fit this into one char */
- charLen -= 7;
- }
- } else if ((utf16Char[i] >= 0xD8) && (utf16Char[i] <= 0xDB)) {
- if ((i+3) >= utf16Length) {
- PKIX_ERROR(PKIX_UTF16HIGHZONEALIGNMENTERROR);
- } else if ((utf16Char[i+2] >= 0xDC)&&
- (utf16Char[i+2] <= 0xDF)) {
- /* Quartet of bytes will become &#xNNNNNNNN; */
- charLen -= 4;
- /* Quartet of bytes will produce 12 chars */
- i += 2;
- } else {
- /* Second pair should be DC00-DFFF */
- PKIX_ERROR(PKIX_UTF16LOWZONEERROR);
- }
- }
- }
-
- *pLength = charLen;
-
- /* Ensure this string is null terminated */
- charLen++;
-
- /* Allocate space for character array */
- PKIX_CHECK(PKIX_PL_Malloc(charLen, (void **)pDest, plContext),
- PKIX_MALLOCFAILED);
-
- destPtr = *pDest;
- for (i = 0; i < utf16Length; i += 2) {
- if ((utf16Char[i] == 0x00)&&
- pkix_isPlaintext(utf16Char[i+1], debug)) {
- /* Write a single character */
- *destPtr++ = utf16Char[i+1];
- } else if ((utf16Char[i+1] == '&') && (utf16Char[i] == 0x00)){
- *destPtr++ = '&';
- *destPtr++ = 'a';
- *destPtr++ = 'm';
- *destPtr++ = 'p';
- *destPtr++ = ';';
- } else if ((utf16Char[i] >= 0xD8)&&
- (utf16Char[i] <= 0xDB)&&
- (utf16Char[i+2] >= 0xDC)&&
- (utf16Char[i+2] <= 0xDF)) {
- /*
- * Special UTF pairs are of the form:
- * x = D800..DBFF; y = DC00..DFFF;
- * The result is of the form:
- * ((x - D800) * 400 + (y - DC00)) + 0001 0000
- */
- x = 0x0FFFF & ((utf16Char[i]<<8) | utf16Char[i+1]);
- y = 0x0FFFF & ((utf16Char[i+2]<<8) | utf16Char[i+3]);
- z = ((x - 0xD800) * 0x400 + (y - 0xDC00)) + 0x00010000;
-
- /* Sprintf &#xNNNNNNNN; */
- PKIX_STRING_DEBUG("\tCalling PR_snprintf).\n");
- if (PR_snprintf(destPtr, 13, "&#x%08X;", z) ==
- (PKIX_UInt32)(-1)) {
- PKIX_ERROR(PKIX_PRSNPRINTFFAILED);
- }
- i += 2;
- destPtr += 12;
- } else {
- /* Sprintf &#xNNNN; */
- PKIX_STRING_DEBUG("\tCalling PR_snprintf).\n");
- if (PR_snprintf
- (destPtr,
- 9,
- "&#x%02X%02X;",
- utf16Char[i],
- utf16Char[i+1]) ==
- (PKIX_UInt32)(-1)) {
- PKIX_ERROR(PKIX_PRSNPRINTFFAILED);
- }
- destPtr += 8;
- }
- }
- *destPtr = '\0';
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_FREE(*pDest);
- }
-
- PKIX_RETURN(STRING);
-}
-
-/*
- * FUNCTION: pkix_EscASCII_to_UTF16
- * DESCRIPTION:
- *
- * Converts array of bytes pointed to by "escAsciiString" with length of
- * "escAsciiLength" into a freshly allocated UTF-16 string and stores a
- * pointer to that string at "pDest" and stores the string's length at
- * "pLength". The caller is responsible for freeing "pDest" using
- * PKIX_PL_Free. If "debug" is set, uses EscASCII_Debug encoding.
- *
- * PARAMETERS:
- * "escAsciiString"
- * Address of array of bytes representing data source. Must be non-NULL.
- * "escAsciiLength"
- * Length of data source. Must be even.
- * "debug"
- * Boolean value indicating whether debug mode is desired.
- * "pDest"
- * Address where data will be stored. Must be non-NULL.
- * "pLength"
- * Address where data length will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a String Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_EscASCII_to_UTF16(
- const char *escAsciiString,
- PKIX_UInt32 escAsciiLen,
- PKIX_Boolean debug,
- void **pDest,
- PKIX_UInt32 *pLength,
- void *plContext)
-{
- PKIX_UInt32 newLen, i, j, charSize;
- PKIX_UInt32 x = 0, y = 0, z = 0;
- unsigned char *destPtr = NULL;
- unsigned char testChar, testChar2;
- unsigned char *stringData = (unsigned char *)escAsciiString;
-
- PKIX_ENTER(STRING, "pkix_EscASCII_to_UTF16");
- PKIX_NULLCHECK_THREE(escAsciiString, pDest, pLength);
-
- if (escAsciiLen == 0) {
- PKIX_CHECK(PKIX_PL_Malloc(escAsciiLen, pDest, plContext),
- PKIX_MALLOCFAILED);
- goto cleanup;
- }
-
- /* Assume each unicode character takes two bytes */
- newLen = escAsciiLen*2;
-
- /* Count up number of unicode encoded characters */
- for (i = 0; i < escAsciiLen; i++) {
- if (!pkix_isPlaintext(stringData[i], debug)&&
- (stringData[i] != '&')) {
- PKIX_ERROR(PKIX_ILLEGALCHARACTERINESCAPEDASCII);
- } else if (PL_strstr(escAsciiString+i, "&amp;") ==
- escAsciiString+i) {
- /* Convert EscAscii "&amp;" to two bytes */
- newLen -= 8;
- i += 4;
- } else if ((PL_strstr(escAsciiString+i, "&#x") ==
- escAsciiString+i)||
- (PL_strstr(escAsciiString+i, "&#X") ==
- escAsciiString+i)) {
- if (((i+7) <= escAsciiLen)&&
- (escAsciiString[i+7] == ';')) {
- /* Convert &#xNNNN; to two bytes */
- newLen -= 14;
- i += 7;
- } else if (((i+11) <= escAsciiLen)&&
- (escAsciiString[i+11] == ';')) {
- /* Convert &#xNNNNNNNN; to four bytes */
- newLen -= 20;
- i += 11;
- } else {
- PKIX_ERROR(PKIX_ILLEGALUSEOFAMP);
- }
- }
- }
-
- PKIX_CHECK(PKIX_PL_Malloc(newLen, pDest, plContext),
- PKIX_MALLOCFAILED);
-
- /* Copy into newly allocated space */
- destPtr = (unsigned char *)*pDest;
-
- i = 0;
- while (i < escAsciiLen) {
- /* Copy each byte until you hit a &amp; */
- if (pkix_isPlaintext(escAsciiString[i], debug)) {
- *destPtr++ = 0x00;
- *destPtr++ = escAsciiString[i++];
- } else if (PL_strstr(escAsciiString+i, "&amp;") ==
- escAsciiString+i) {
- /* Convert EscAscii "&amp;" to two bytes */
- *destPtr++ = 0x00;
- *destPtr++ = '&';
- i += 5;
- } else if (((PL_strstr(escAsciiString+i, "&#x") ==
- escAsciiString+i)||
- (PL_strstr(escAsciiString+i, "&#X") ==
- escAsciiString+i))&&
- ((i+7) <= escAsciiLen)) {
-
- /* We're either looking at &#xNNNN; or &#xNNNNNNNN; */
- charSize = (escAsciiString[i+7] == ';')?4:8;
-
- /* Skip past the &#x */
- i += 3;
-
- /* Make sure there is a terminating semi-colon */
- if (((i+charSize) > escAsciiLen)||
- (escAsciiString[i+charSize] != ';')) {
- PKIX_ERROR(PKIX_TRUNCATEDUNICODEINESCAPEDASCII);
- }
-
- for (j = 0; j < charSize; j++) {
- if (!PKIX_ISXDIGIT
- (escAsciiString[i+j])) {
- PKIX_ERROR(PKIX_ILLEGALUNICODECHARACTER);
- } else if (charSize == 8) {
- x |= (pkix_hex2i
- (escAsciiString[i+j]))
- <<(4*(7-j));
- }
- }
-
- testChar =
- (pkix_hex2i(escAsciiString[i])<<4)|
- pkix_hex2i(escAsciiString[i+1]);
- testChar2 =
- (pkix_hex2i(escAsciiString[i+2])<<4)|
- pkix_hex2i(escAsciiString[i+3]);
-
- if (charSize == 4) {
- if ((testChar >= 0xD8)&&
- (testChar <= 0xDF)) {
- PKIX_ERROR(PKIX_ILLEGALSURROGATEPAIR);
- } else if ((testChar == 0x00)&&
- pkix_isPlaintext(testChar2, debug)) {
- PKIX_ERROR(
- PKIX_ILLEGALCHARACTERINESCAPEDASCII);
- }
- *destPtr++ = testChar;
- *destPtr++ = testChar2;
- } else if (charSize == 8) {
- /* First two chars must be 0001-0010 */
- if (!((testChar == 0x00)&&
- ((testChar2 >= 0x01)&&
- (testChar2 <= 0x10)))) {
- PKIX_ERROR(
- PKIX_ILLEGALCHARACTERINESCAPEDASCII);
- }
- /*
- * Unicode Strings of the form:
- * x = 0001 0000..0010 FFFF
- * Encoded as pairs of UTF-16 where
- * y = ((x - 0001 0000) / 400) + D800
- * z = ((x - 0001 0000) % 400) + DC00
- */
- x -= 0x00010000;
- y = (x/0x400)+ 0xD800;
- z = (x%0x400)+ 0xDC00;
-
- /* Copy four bytes */
- *destPtr++ = (y&0xFF00)>>8;
- *destPtr++ = (y&0x00FF);
- *destPtr++ = (z&0xFF00)>>8;
- *destPtr++ = (z&0x00FF);
- }
- /* Move past the Hex digits and the semi-colon */
- i += charSize+1;
- } else {
- /* Do not allow any other non-plaintext character */
- PKIX_ERROR(PKIX_ILLEGALCHARACTERINESCAPEDASCII);
- }
- }
-
- *pLength = newLen;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_FREE(*pDest);
- }
-
- PKIX_RETURN(STRING);
-}
-
-/*
- * FUNCTION: pkix_UTF16_to_UTF8
- * DESCRIPTION:
- *
- * Converts array of bytes pointed to by "utf16String" with length of
- * "utf16Length" into a freshly allocated UTF-8 string and stores a pointer
- * to that string at "pDest" and stores the string's length at "pLength" (not
- * counting the null terminator, if requested. The caller is responsible for
- * freeing "pDest" using PKIX_PL_Free.
- *
- * PARAMETERS:
- * "utf16String"
- * Address of array of bytes representing data source. Must be non-NULL.
- * "utf16Length"
- * Length of data source. Must be even.
- * "null-term"
- * Boolean value indicating whether output should be null-terminated.
- * "pDest"
- * Address where data will be stored. Must be non-NULL.
- * "pLength"
- * Address where data length will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a String Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_UTF16_to_UTF8(
- const void *utf16String,
- PKIX_UInt32 utf16Length,
- PKIX_Boolean null_term,
- void **pDest,
- PKIX_UInt32 *pLength,
- void *plContext)
-{
- PKIX_Boolean result;
- PKIX_UInt32 reallocLen;
- char *endPtr = NULL;
-
- PKIX_ENTER(STRING, "pkix_UTF16_to_UTF8");
- PKIX_NULLCHECK_THREE(utf16String, pDest, pLength);
-
- /* XXX How big can a UTF8 string be compared to a UTF16? */
- PKIX_CHECK(PKIX_PL_Calloc(1, utf16Length*2, pDest, plContext),
- PKIX_CALLOCFAILED);
-
- PKIX_STRING_DEBUG("\tCalling PORT_UCS2_UTF8Conversion).\n");
- result = PORT_UCS2_UTF8Conversion
- (PKIX_FALSE, /* False = From UCS2 */
- (unsigned char *)utf16String,
- utf16Length,
- (unsigned char *)*pDest,
- utf16Length*2, /* Max Size */
- pLength);
- if (result == PR_FALSE){
- PKIX_ERROR(PKIX_PORTUCS2UTF8CONVERSIONFAILED);
- }
-
- reallocLen = *pLength;
-
- if (null_term){
- reallocLen++;
- }
-
- PKIX_CHECK(PKIX_PL_Realloc(*pDest, reallocLen, pDest, plContext),
- PKIX_REALLOCFAILED);
-
- if (null_term){
- endPtr = (char*)*pDest + reallocLen - 1;
- *endPtr = '\0';
- }
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_FREE(*pDest);
- }
-
- PKIX_RETURN(STRING);
-}
-
-/*
- * FUNCTION: pkix_UTF8_to_UTF16
- * DESCRIPTION:
- *
- * Converts array of bytes pointed to by "utf8String" with length of
- * "utf8Length" into a freshly allocated UTF-16 string and stores a pointer
- * to that string at "pDest" and stores the string's length at "pLength". The
- * caller is responsible for freeing "pDest" using PKIX_PL_Free.
- *
- * PARAMETERS:
- * "utf8String"
- * Address of array of bytes representing data source. Must be non-NULL.
- * "utf8Length"
- * Length of data source. Must be even.
- * "pDest"
- * Address where data will be stored. Must be non-NULL.
- * "pLength"
- * Address where data length will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a String Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_UTF8_to_UTF16(
- const void *utf8String,
- PKIX_UInt32 utf8Length,
- void **pDest,
- PKIX_UInt32 *pLength,
- void *plContext)
-{
- PKIX_Boolean result;
-
- PKIX_ENTER(STRING, "pkix_UTF8_to_UTF16");
- PKIX_NULLCHECK_THREE(utf8String, pDest, pLength);
-
- /* XXX How big can a UTF8 string be compared to a UTF16? */
- PKIX_CHECK(PKIX_PL_Calloc(1, utf8Length*2, pDest, plContext),
- PKIX_MALLOCFAILED);
-
- PKIX_STRING_DEBUG("\tCalling PORT_UCS2_UTF8Conversion).\n");
- result = PORT_UCS2_UTF8Conversion
- (PKIX_TRUE, /* True = From UTF8 */
- (unsigned char *)utf8String,
- utf8Length,
- (unsigned char *)*pDest,
- utf8Length*2, /* Max Size */
- pLength);
- if (result == PR_FALSE){
- PKIX_ERROR(PKIX_PORTUCS2UTF8CONVERSIONFAILED);
- }
-
- PKIX_CHECK(PKIX_PL_Realloc(*pDest, *pLength, pDest, plContext),
- PKIX_REALLOCFAILED);
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_FREE(*pDest);
- }
-
- PKIX_RETURN(STRING);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h
deleted file mode 100755
index fe9c86fdf..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h
+++ /dev/null
@@ -1,188 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_common.h
- *
- * Common central header file included by all PL source files
- *
- */
-
-#ifndef _PKIX_PL_COMMON_H
-#define _PKIX_PL_COMMON_H
-
-/* PKIX HEADERS */
-#include "pkix_tools.h"
-
-/* NSS headers */
-#include "nss.h"
-#include "secport.h"
-#include "secasn1.h"
-#include "secerr.h"
-#include "base64.h"
-#include "cert.h"
-#include "certdb.h"
-#include "genname.h"
-#include "xconst.h"
-#include "keyhi.h"
-#include "ocsp.h"
-#include "ocspt.h"
-#include "pk11pub.h"
-#include "pkcs11.h"
-#include "pkcs11t.h"
-#include "prio.h"
-
-/* NSPR headers */
-#include "nspr.h"
-
-/* private PKIX_PL_NSS system headers */
-#include "pkix_pl_object.h"
-#include "pkix_pl_string.h"
-#include "pkix_pl_ldapt.h"
-#include "pkix_pl_aiamgr.h"
-#include "pkix_pl_bigint.h"
-#include "pkix_pl_oid.h"
-#include "pkix_pl_x500name.h"
-#include "pkix_pl_generalname.h"
-#include "pkix_pl_publickey.h"
-#include "pkix_pl_bytearray.h"
-#include "pkix_pl_date.h"
-#include "pkix_pl_primhash.h"
-#include "pkix_pl_basicconstraints.h"
-#include "pkix_pl_bytearray.h"
-#include "pkix_pl_cert.h"
-#include "pkix_pl_certpolicyinfo.h"
-#include "pkix_pl_certpolicymap.h"
-#include "pkix_pl_certpolicyqualifier.h"
-#include "pkix_pl_crldp.h"
-#include "pkix_pl_crl.h"
-#include "pkix_pl_crlentry.h"
-#include "pkix_pl_nameconstraints.h"
-#include "pkix_pl_ocsprequest.h"
-#include "pkix_pl_ocspresponse.h"
-#include "pkix_pl_pk11certstore.h"
-#include "pkix_pl_socket.h"
-#include "pkix_pl_ldapcertstore.h"
-#include "pkix_pl_ldaprequest.h"
-#include "pkix_pl_ldapresponse.h"
-#include "pkix_pl_nsscontext.h"
-#include "pkix_pl_httpcertstore.h"
-#include "pkix_pl_httpdefaultclient.h"
-#include "pkix_pl_infoaccess.h"
-#include "pkix_sample_modules.h"
-
-#define MAX_DIGITS_32 (PKIX_UInt32) 10
-
-#define PKIX_PL_NSSCALL(type, func, args) \
- PKIX_ ## type ## _DEBUG_ARG("( Calling %s).\n", #func); \
- (func args)
-
-#define PKIX_PL_NSSCALLRV(type, lvalue, func, args) \
- PKIX_ ## type ## _DEBUG_ARG("( Calling %s).\n", #func); \
- lvalue = (func args)
-
-/* see source file for function documentation */
-
-PKIX_Error *
-pkix_LockObject(
- PKIX_PL_Object *object,
- void *plContext);
-
-PKIX_Error *
-pkix_UnlockObject(
- PKIX_PL_Object *object,
- void *plContext);
-
-PKIX_Boolean
-pkix_pl_UInt32_Overflows(char *string);
-
-PKIX_Error *
-pkix_pl_helperBytes2Ascii(
- PKIX_UInt32 *tokens,
- PKIX_UInt32 numTokens,
- char **pAscii,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_ipAddrBytes2Ascii(
- SECItem *secItem,
- char **pAscii,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_oidBytes2Ascii(
- SECItem *secItem,
- char **pAscii,
- void *plContext);
-
-/* --String-Encoding-Conversion-Functions------------------------ */
-
-PKIX_Error *
-pkix_UTF16_to_EscASCII(
- const void *utf16String,
- PKIX_UInt32 utf16Length,
- PKIX_Boolean debug,
- char **pDest,
- PKIX_UInt32 *pLength,
- void *plContext);
-
-PKIX_Error *
-pkix_EscASCII_to_UTF16(
- const char *escAsciiString,
- PKIX_UInt32 escAsciiLen,
- PKIX_Boolean debug,
- void **pDest,
- PKIX_UInt32 *pLength,
- void *plContext);
-
-PKIX_Error *
-pkix_UTF16_to_UTF8(
- const void *utf16String,
- PKIX_UInt32 utf16Length,
- PKIX_Boolean null_Term,
- void **pDest,
- PKIX_UInt32 *pLength,
- void *plContext);
-
-PKIX_Error *
-pkix_UTF8_to_UTF16(
- const void *utf8Source,
- PKIX_UInt32 utf8Length,
- void **pDest,
- PKIX_UInt32 *pLength,
- void *plContext);
-
-#endif /* _PKIX_PL_COMMON_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_error.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_error.c
deleted file mode 100644
index 30eae99a4..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_error.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_error.c
- *
- * PL error functions
- *
- */
-
-#include "pkix_pl_common.h"
-
-#undef PKIX_ERRORENTRY
-
-#define PKIX_ERRORENTRY(name,desc,plerr) plerr
-
-const SECErrorCodes PKIX_PLErrorIndex[] =
-{
-#include "pkix_errorstrings.h"
-};
-
-int
-PKIX_PL_GetPLErrorCode()
-{
- return PORT_GetError();
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_hashtable.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_hashtable.c
deleted file mode 100755
index a93f86a84..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_hashtable.c
+++ /dev/null
@@ -1,416 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_hashtable.c
- *
- * Hashtable Object Functions
- *
- */
-
-#include "pkix_pl_hashtable.h"
-
-/* --Private-Structure-------------------------------------------- */
-
-struct PKIX_PL_HashTableStruct {
- pkix_pl_PrimHashTable *primHash;
- PKIX_PL_Mutex *tableLock;
- PKIX_UInt32 maxEntriesPerBucket;
-};
-
-/* --Private-Functions-------------------------------------------- */
-
-#define PKIX_MUTEX_UNLOCK(mutex) \
- do { \
- if (mutex && lockedMutex == (PKIX_PL_Mutex *)(mutex)) { \
- pkixTempResult = \
- PKIX_PL_Mutex_Unlock((mutex), plContext); \
- PORT_Assert(pkixTempResult == NULL); \
- if (pkixTempResult) { \
- PKIX_DoAddError(&stdVars, pkixTempResult, plContext); \
- pkixTempResult = NULL; \
- } \
- lockedMutex = NULL; \
- } else { \
- PORT_Assert(lockedMutex == NULL); \
- }\
- } while (0)
-
-
-#define PKIX_MUTEX_LOCK(mutex) \
- do { \
- if (mutex){ \
- PORT_Assert(lockedMutex == NULL); \
- PKIX_CHECK(PKIX_PL_Mutex_Lock((mutex), plContext), \
- PKIX_MUTEXLOCKFAILED); \
- lockedMutex = (mutex); \
- } \
- } while (0)
-
-/*
- * FUNCTION: pkix_pl_HashTable_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_HashTable_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_HashTable *ht = NULL;
- pkix_pl_HT_Elem *item = NULL;
- PKIX_UInt32 i;
-
- PKIX_ENTER(HASHTABLE, "pkix_pl_HashTable_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_HASHTABLE_TYPE, plContext),
- PKIX_OBJECTNOTHASHTABLE);
-
- ht = (PKIX_PL_HashTable*) object;
-
- /* DecRef every object in the primitive hash table */
- for (i = 0; i < ht->primHash->size; i++) {
- for (item = ht->primHash->buckets[i];
- item != NULL;
- item = item->next) {
- PKIX_DECREF(item->key);
- PKIX_DECREF(item->value);
- }
- }
-
- PKIX_CHECK(pkix_pl_PrimHashTable_Destroy(ht->primHash, plContext),
- PKIX_PRIMHASHTABLEDESTROYFAILED);
-
- PKIX_DECREF(ht->tableLock);
-
-cleanup:
-
- PKIX_RETURN(HASHTABLE);
-}
-
-/*
- * FUNCTION: pkix_pl_HashTable_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_HASHTABLE_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_HashTable_RegisterSelf(
- void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(HASHTABLE, "pkix_pl_HashTable_RegisterSelf");
-
- entry.description = "HashTable";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_HashTable);
- entry.destructor = pkix_pl_HashTable_Destroy;
- entry.equalsFunction = NULL;
- entry.hashcodeFunction = NULL;
- entry.toStringFunction = NULL;
- entry.comparator = NULL;
- entry.duplicateFunction = NULL;
-
- systemClasses[PKIX_HASHTABLE_TYPE] = entry;
-
- PKIX_RETURN(HASHTABLE);
-}
-
-/* --Public-Functions------------------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_HashTable_Create (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_HashTable_Create(
- PKIX_UInt32 numBuckets,
- PKIX_UInt32 maxEntriesPerBucket,
- PKIX_PL_HashTable **pResult,
- void *plContext)
-{
- PKIX_PL_HashTable *hashTable = NULL;
-
- PKIX_ENTER(HASHTABLE, "PKIX_PL_HashTable_Create");
- PKIX_NULLCHECK_ONE(pResult);
-
- if (numBuckets == 0) {
- PKIX_ERROR(PKIX_NUMBUCKETSEQUALSZERO);
- }
-
- /* Allocate a new hashtable */
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_HASHTABLE_TYPE,
- sizeof (PKIX_PL_HashTable),
- (PKIX_PL_Object **)&hashTable,
- plContext),
- PKIX_COULDNOTCREATEHASHTABLEOBJECT);
-
- /* Create the underlying primitive hash table type */
- PKIX_CHECK(pkix_pl_PrimHashTable_Create
- (numBuckets, &hashTable->primHash, plContext),
- PKIX_PRIMHASHTABLECREATEFAILED);
-
- /* Create a lock for this table */
- PKIX_CHECK(PKIX_PL_Mutex_Create(&hashTable->tableLock, plContext),
- PKIX_ERRORCREATINGTABLELOCK);
-
- hashTable->maxEntriesPerBucket = maxEntriesPerBucket;
-
- *pResult = hashTable;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(hashTable);
- }
-
- PKIX_RETURN(HASHTABLE);
-}
-
-/*
- * FUNCTION: PKIX_PL_HashTable_Add (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_HashTable_Add(
- PKIX_PL_HashTable *ht,
- PKIX_PL_Object *key,
- PKIX_PL_Object *value,
- void *plContext)
-{
- PKIX_PL_Mutex *lockedMutex = NULL;
- PKIX_PL_Object *deletedKey = NULL;
- PKIX_PL_Object *deletedValue = NULL;
- PKIX_UInt32 hashCode;
- PKIX_PL_EqualsCallback keyComp;
- PKIX_UInt32 bucketSize = 0;
-
- PKIX_ENTER(HASHTABLE, "PKIX_PL_HashTable_Add");
-
-#if !defined(PKIX_OBJECT_LEAK_TEST)
- PKIX_NULLCHECK_THREE(ht, key, value);
-#else
- PKIX_NULLCHECK_TWO(key, value);
-
- if (ht == NULL) {
- PKIX_RETURN(HASHTABLE);
- }
-#endif
- /* Insert into primitive hashtable */
-
- PKIX_CHECK(PKIX_PL_Object_Hashcode(key, &hashCode, plContext),
- PKIX_OBJECTHASHCODEFAILED);
-
- PKIX_CHECK(pkix_pl_Object_RetrieveEqualsCallback
- (key, &keyComp, plContext),
- PKIX_OBJECTRETRIEVEEQUALSCALLBACKFAILED);
-
- PKIX_MUTEX_LOCK(ht->tableLock);
-
- PKIX_CHECK(pkix_pl_PrimHashTable_GetBucketSize
- (ht->primHash,
- hashCode,
- &bucketSize,
- plContext),
- PKIX_PRIMHASHTABLEGETBUCKETSIZEFAILED);
-
- if (ht->maxEntriesPerBucket != 0 &&
- bucketSize >= ht->maxEntriesPerBucket) {
- /* drop the last one in the bucket */
- PKIX_CHECK(pkix_pl_PrimHashTable_RemoveFIFO
- (ht->primHash,
- hashCode,
- (void **) &deletedKey,
- (void **) &deletedValue,
- plContext),
- PKIX_PRIMHASHTABLEGETBUCKETSIZEFAILED);
- PKIX_DECREF(deletedKey);
- PKIX_DECREF(deletedValue);
- }
-
- PKIX_CHECK(pkix_pl_PrimHashTable_Add
- (ht->primHash,
- (void *)key,
- (void *)value,
- hashCode,
- keyComp,
- plContext),
- PKIX_PRIMHASHTABLEADDFAILED);
-
- PKIX_INCREF(key);
- PKIX_INCREF(value);
- PKIX_MUTEX_UNLOCK(ht->tableLock);
-
- /*
- * we don't call PKIX_PL_InvalidateCache here b/c we have
- * not implemented toString or hashcode for this Object
- */
-
-cleanup:
-
- PKIX_MUTEX_UNLOCK(ht->tableLock);
-
- PKIX_RETURN(HASHTABLE);
-}
-
-/*
- * FUNCTION: PKIX_PL_HashTable_Remove (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_HashTable_Remove(
- PKIX_PL_HashTable *ht,
- PKIX_PL_Object *key,
- void *plContext)
-{
- PKIX_PL_Mutex *lockedMutex = NULL;
- PKIX_PL_Object *origKey = NULL;
- PKIX_PL_Object *value = NULL;
- PKIX_UInt32 hashCode;
- PKIX_PL_EqualsCallback keyComp;
-
- PKIX_ENTER(HASHTABLE, "PKIX_PL_HashTable_Remove");
-
-#if !defined(PKIX_OBJECT_LEAK_TEST)
- PKIX_NULLCHECK_TWO(ht, key);
-#else
- PKIX_NULLCHECK_ONE(key);
-
- if (ht == NULL) {
- PKIX_RETURN(HASHTABLE);
- }
-#endif
-
- PKIX_CHECK(PKIX_PL_Object_Hashcode(key, &hashCode, plContext),
- PKIX_OBJECTHASHCODEFAILED);
-
- PKIX_CHECK(pkix_pl_Object_RetrieveEqualsCallback
- (key, &keyComp, plContext),
- PKIX_OBJECTRETRIEVEEQUALSCALLBACKFAILED);
-
- PKIX_MUTEX_LOCK(ht->tableLock);
-
- /* Remove from primitive hashtable */
- PKIX_CHECK(pkix_pl_PrimHashTable_Remove
- (ht->primHash,
- (void *)key,
- hashCode,
- keyComp,
- (void **)&origKey,
- (void **)&value,
- plContext),
- PKIX_PRIMHASHTABLEREMOVEFAILED);
-
- PKIX_MUTEX_UNLOCK(ht->tableLock);
-
- PKIX_DECREF(origKey);
- PKIX_DECREF(value);
-
- /*
- * we don't call PKIX_PL_InvalidateCache here b/c we have
- * not implemented toString or hashcode for this Object
- */
-
-cleanup:
-
- PKIX_MUTEX_UNLOCK(ht->tableLock);
-
- PKIX_RETURN(HASHTABLE);
-}
-
-/*
- * FUNCTION: PKIX_PL_HashTable_Lookup (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_HashTable_Lookup(
- PKIX_PL_HashTable *ht,
- PKIX_PL_Object *key,
- PKIX_PL_Object **pResult,
- void *plContext)
-{
- PKIX_PL_Mutex *lockedMutex = NULL;
- PKIX_UInt32 hashCode;
- PKIX_PL_EqualsCallback keyComp;
- PKIX_PL_Object *result = NULL;
-
- PKIX_ENTER(HASHTABLE, "PKIX_PL_HashTable_Lookup");
-
-#if !defined(PKIX_OBJECT_LEAK_TEST)
- PKIX_NULLCHECK_THREE(ht, key, pResult);
-#else
- PKIX_NULLCHECK_TWO(key, pResult);
-
- if (ht == NULL) {
- PKIX_RETURN(HASHTABLE);
- }
-#endif
-
- PKIX_CHECK(PKIX_PL_Object_Hashcode(key, &hashCode, plContext),
- PKIX_OBJECTHASHCODEFAILED);
-
- PKIX_CHECK(pkix_pl_Object_RetrieveEqualsCallback
- (key, &keyComp, plContext),
- PKIX_OBJECTRETRIEVEEQUALSCALLBACKFAILED);
-
- PKIX_MUTEX_LOCK(ht->tableLock);
-
- /* Lookup in primitive hashtable */
- PKIX_CHECK(pkix_pl_PrimHashTable_Lookup
- (ht->primHash,
- (void *)key,
- hashCode,
- keyComp,
- (void **)&result,
- plContext),
- PKIX_PRIMHASHTABLELOOKUPFAILED);
-
- PKIX_INCREF(result);
- PKIX_MUTEX_UNLOCK(ht->tableLock);
-
- *pResult = result;
-
-cleanup:
-
- PKIX_MUTEX_UNLOCK(ht->tableLock);
-
- PKIX_RETURN(HASHTABLE);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_hashtable.h b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_hashtable.h
deleted file mode 100755
index 17ee05e44..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_hashtable.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_hashtable.h
- *
- * Hashtable Object Definition
- *
- */
-
-#ifndef _PKIX_PL_HASHTABLE_H
-#define _PKIX_PL_HASHTABLE_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* see source file for function documentation */
-
-PKIX_Error *
-pkix_pl_HashTable_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_HASHTABLE_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
deleted file mode 100755
index fbfe2053d..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
+++ /dev/null
@@ -1,304 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_lifecycle.c
- *
- * Lifecycle Functions for the PKIX PL library.
- *
- */
-
-#include "pkix_pl_lifecycle.h"
-
-PKIX_Boolean pkix_pl_initialized = PKIX_FALSE;
-pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
-PRLock *classTableLock;
-PRLogModuleInfo *pkixLog = NULL;
-
-/*
- * PKIX_ALLOC_ERROR is a special error object hard-coded into the
- * pkix_error.o object file. It is thrown if system memory cannot be
- * allocated. PKIX_ALLOC_ERROR is immutable.
- * IncRef, DecRef, and Settor functions cannot be called.
- */
-
-/* Keep this structure definition here for its is used only once here */
-struct PKIX_Alloc_Error_ObjectStruct {
- PKIX_PL_Object header;
- PKIX_Error error;
-};
-typedef struct PKIX_Alloc_Error_ObjectStruct PKIX_Alloc_Error_Object;
-
-static const PKIX_Alloc_Error_Object pkix_Alloc_Error_Data = {
- {
- PKIX_MAGIC_HEADER, /* PRUint64 magicHeader */
- (PKIX_UInt32)PKIX_ERROR_TYPE, /* PKIX_UInt32 type */
- (PKIX_UInt32)1, /* PKIX_UInt32 references */
- /* Warning! Cannot Ref Count with NULL lock */
- (void *)0, /* PRLock *lock */
- (PKIX_PL_String *)0, /* PKIX_PL_String *stringRep */
- (PKIX_UInt32)0, /* PKIX_UInt32 hashcode */
- (PKIX_Boolean)PKIX_FALSE, /* PKIX_Boolean hashcodeCached */
- }, {
- (PKIX_ERRORCODE)0, /* PKIX_ERRORCODE errCode; */
- (PKIX_ERRORCLASS)PKIX_FATAL_ERROR,/* PKIX_ERRORCLASS errClass */
- (PKIX_UInt32)SEC_ERROR_LIBPKIX_INTERNAL, /* default PL Error Code */
- (PKIX_Error *)0, /* PKIX_Error *cause */
- (PKIX_PL_Object *)0, /* PKIX_PL_Object *info */
- }
-};
-
-PKIX_Error* PKIX_ALLOC_ERROR(void)
-{
- return (PKIX_Error *)&pkix_Alloc_Error_Data.error;
-}
-
-#ifdef PKIX_OBJECT_LEAK_TEST
-SECStatus
-pkix_pl_lifecycle_ObjectTableUpdate(int *objCountTable)
-{
- int typeCounter = 0;
-
- for (; typeCounter < PKIX_NUMTYPES; typeCounter++) {
- pkix_ClassTable_Entry *entry = &systemClasses[typeCounter];
-
- objCountTable[typeCounter] = entry->objCounter;
- }
-
- return SECSuccess;
-}
-#endif /* PKIX_OBJECT_LEAK_TEST */
-
-
-PKIX_UInt32
-pkix_pl_lifecycle_ObjectLeakCheck(int *initObjCountTable)
-{
- int typeCounter = 0;
- PKIX_UInt32 numObjects = 0;
- char classNameBuff[128];
- char *className = NULL;
-
- for (; typeCounter < PKIX_NUMTYPES; typeCounter++) {
- pkix_ClassTable_Entry *entry = &systemClasses[typeCounter];
- PKIX_UInt32 objCountDiff = entry->objCounter;
-
- if (initObjCountTable) {
- PKIX_UInt32 initialCount = initObjCountTable[typeCounter];
- objCountDiff = (entry->objCounter > initialCount) ?
- entry->objCounter - initialCount : 0;
- }
-
- numObjects += objCountDiff;
-
- if (!pkixLog || !objCountDiff) {
- continue;
- }
- className = entry->description;
- if (!className) {
- className = classNameBuff;
- PR_snprintf(className, 128, "Unknown(ref %d)",
- entry->objCounter);
- }
-
- PR_LOG(pkixLog, 1, ("Class %s leaked %d objects of "
- "size %d bytes, total = %d bytes\n", className,
- objCountDiff, entry->typeObjectSize,
- objCountDiff * entry->typeObjectSize));
- }
-
- return numObjects;
-}
-
-/*
- * PKIX_PL_Initialize (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Initialize(
- PKIX_Boolean platformInitNeeded,
- PKIX_Boolean useArenas,
- void **pPlContext)
-{
- void *plContext = NULL;
-
- PKIX_ENTER(OBJECT, "PKIX_PL_Initialize");
-
- /*
- * This function can only be called once. If it has already been
- * called, we return a positive status.
- */
- if (pkix_pl_initialized) {
- PKIX_RETURN(OBJECT);
- }
-
- classTableLock = PR_NewLock();
- if (classTableLock == NULL) {
- return PKIX_ALLOC_ERROR();
- }
-
- if (PR_GetEnv("NSS_STRICT_SHUTDOWN")) {
- pkixLog = PR_NewLogModule("pkix");
- }
- /*
- * Register Object, it is the base object of all other objects.
- */
- pkix_pl_Object_RegisterSelf(plContext);
-
- /*
- * Register Error and String, since they will be needed if
- * there is a problem in registering any other type.
- */
- pkix_Error_RegisterSelf(plContext);
- pkix_pl_String_RegisterSelf(plContext);
-
-
- /*
- * We register all other system types
- * (They don't need to be in order, but it's
- * easier to keep track of what types are registered
- * if we register them in the same order as their
- * numbers, defined in pkixt.h.
- */
- pkix_pl_BigInt_RegisterSelf(plContext); /* 1-10 */
- pkix_pl_ByteArray_RegisterSelf(plContext);
- pkix_pl_HashTable_RegisterSelf(plContext);
- pkix_List_RegisterSelf(plContext);
- pkix_Logger_RegisterSelf(plContext);
- pkix_pl_Mutex_RegisterSelf(plContext);
- pkix_pl_OID_RegisterSelf(plContext);
- pkix_pl_RWLock_RegisterSelf(plContext);
-
- pkix_pl_CertBasicConstraints_RegisterSelf(plContext); /* 11-20 */
- pkix_pl_Cert_RegisterSelf(plContext);
- pkix_pl_CRL_RegisterSelf(plContext);
- pkix_pl_CRLEntry_RegisterSelf(plContext);
- pkix_pl_Date_RegisterSelf(plContext);
- pkix_pl_GeneralName_RegisterSelf(plContext);
- pkix_pl_CertNameConstraints_RegisterSelf(plContext);
- pkix_pl_PublicKey_RegisterSelf(plContext);
- pkix_TrustAnchor_RegisterSelf(plContext);
-
- pkix_pl_X500Name_RegisterSelf(plContext); /* 21-30 */
- pkix_pl_HttpCertStoreContext_RegisterSelf(plContext);
- pkix_BuildResult_RegisterSelf(plContext);
- pkix_ProcessingParams_RegisterSelf(plContext);
- pkix_ValidateParams_RegisterSelf(plContext);
- pkix_ValidateResult_RegisterSelf(plContext);
- pkix_CertStore_RegisterSelf(plContext);
- pkix_CertChainChecker_RegisterSelf(plContext);
- pkix_RevocationChecker_RegisterSelf(plContext);
- pkix_CertSelector_RegisterSelf(plContext);
-
- pkix_ComCertSelParams_RegisterSelf(plContext); /* 31-40 */
- pkix_CRLSelector_RegisterSelf(plContext);
- pkix_ComCRLSelParams_RegisterSelf(plContext);
- pkix_pl_CertPolicyInfo_RegisterSelf(plContext);
- pkix_pl_CertPolicyQualifier_RegisterSelf(plContext);
- pkix_pl_CertPolicyMap_RegisterSelf(plContext);
- pkix_PolicyNode_RegisterSelf(plContext);
- pkix_TargetCertCheckerState_RegisterSelf(plContext);
- pkix_BasicConstraintsCheckerState_RegisterSelf(plContext);
- pkix_PolicyCheckerState_RegisterSelf(plContext);
-
- pkix_pl_CollectionCertStoreContext_RegisterSelf(plContext); /* 41-50 */
- pkix_CrlChecker_RegisterSelf(plContext);
- pkix_ForwardBuilderState_RegisterSelf(plContext);
- pkix_SignatureCheckerState_RegisterSelf(plContext);
- pkix_NameConstraintsCheckerState_RegisterSelf(plContext);
- pkix_pl_LdapRequest_RegisterSelf(plContext);
- pkix_pl_LdapResponse_RegisterSelf(plContext);
- pkix_pl_LdapDefaultClient_RegisterSelf(plContext);
- pkix_pl_Socket_RegisterSelf(plContext);
-
- pkix_ResourceLimits_RegisterSelf(plContext); /* 51-59 */
- pkix_pl_MonitorLock_RegisterSelf(plContext);
- pkix_pl_InfoAccess_RegisterSelf(plContext);
- pkix_pl_AIAMgr_RegisterSelf(plContext);
- pkix_OcspChecker_RegisterSelf(plContext);
- pkix_pl_OcspCertID_RegisterSelf(plContext);
- pkix_pl_OcspRequest_RegisterSelf(plContext);
- pkix_pl_OcspResponse_RegisterSelf(plContext);
- pkix_pl_HttpDefaultClient_RegisterSelf(plContext);
- pkix_VerifyNode_RegisterSelf(plContext);
- pkix_EkuChecker_RegisterSelf(plContext);
- pkix_pl_CrlDp_RegisterSelf(plContext);
-
- if (pPlContext) {
- PKIX_CHECK(PKIX_PL_NssContext_Create
- (0, useArenas, NULL, &plContext),
- PKIX_NSSCONTEXTCREATEFAILED);
-
- *pPlContext = plContext;
- }
-
- pkix_pl_initialized = PKIX_TRUE;
-
-cleanup:
-
- PKIX_RETURN(OBJECT);
-}
-
-/*
- * PKIX_PL_Shutdown (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Shutdown(void *plContext)
-{
- PKIX_UInt32 numLeakedObjects = 0;
-
- PKIX_ENTER(OBJECT, "PKIX_PL_Shutdown");
-
- if (!pkix_pl_initialized) {
- /* The library was not initilized */
- PKIX_RETURN(OBJECT);
- }
-
- PR_DestroyLock(classTableLock);
-
- pkix_pl_HttpCertStore_Shutdown(plContext);
-
- numLeakedObjects = pkix_pl_lifecycle_ObjectLeakCheck(NULL);
- if (PR_GetEnv("NSS_STRICT_SHUTDOWN")) {
- PORT_Assert(numLeakedObjects == 0);
- }
-
- if (plContext != NULL) {
- PKIX_PL_NssContext_Destroy(plContext);
- }
-
- pkix_pl_initialized = PKIX_FALSE;
-
- PKIX_RETURN(OBJECT);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h
deleted file mode 100755
index 42c60704c..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h
+++ /dev/null
@@ -1,122 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_lifecycle.h
- *
- * Lifecycle Definitions
- *
- */
-
-#ifndef _PKIX_PL_LIFECYCLE_H
-#define _PKIX_PL_LIFECYCLE_H
-
-#include "pkix_pl_common.h"
-#include "pkix_pl_oid.h"
-#include "pkix_pl_aiamgr.h"
-#include "pkix_pl_bigint.h"
-#include "pkix_pl_bytearray.h"
-#include "pkix_pl_hashtable.h"
-#include "pkix_pl_mutex.h"
-#include "pkix_pl_rwlock.h"
-#include "pkix_pl_monitorlock.h"
-#include "pkix_pl_string.h"
-#include "pkix_pl_cert.h"
-#include "pkix_pl_x500name.h"
-#include "pkix_pl_generalname.h"
-#include "pkix_pl_publickey.h"
-#include "pkix_pl_date.h"
-#include "pkix_pl_basicconstraints.h"
-#include "pkix_pl_certpolicyinfo.h"
-#include "pkix_pl_certpolicymap.h"
-#include "pkix_pl_certpolicyqualifier.h"
-#include "pkix_pl_crlentry.h"
-#include "pkix_pl_crl.h"
-#include "pkix_pl_colcertstore.h"
-#include "pkix_pl_ldapcertstore.h"
-#include "pkix_pl_ldapdefaultclient.h"
-#include "pkix_pl_ldaprequest.h"
-#include "pkix_pl_ldapresponse.h"
-#include "pkix_pl_socket.h"
-#include "pkix_pl_infoaccess.h"
-#include "pkix_store.h"
-#include "pkix_error.h"
-#include "pkix_logger.h"
-#include "pkix_list.h"
-#include "pkix_trustanchor.h"
-#include "pkix_procparams.h"
-#include "pkix_valparams.h"
-#include "pkix_valresult.h"
-#include "pkix_verifynode.h"
-#include "pkix_resourcelimits.h"
-#include "pkix_certchainchecker.h"
-#include "pkix_revocationchecker.h"
-#include "pkix_certselector.h"
-#include "pkix_comcertselparams.h"
-#include "pkix_crlselector.h"
-#include "pkix_comcrlselparams.h"
-#include "pkix_targetcertchecker.h"
-#include "pkix_basicconstraintschecker.h"
-#include "pkix_policynode.h"
-#include "pkix_policychecker.h"
-#include "pkix_crlchecker.h"
-#include "pkix_signaturechecker.h"
-#include "pkix_buildresult.h"
-#include "pkix_build.h"
-#include "pkix_pl_nameconstraints.h"
-#include "pkix_nameconstraintschecker.h"
-#include "pkix_ocspchecker.h"
-#include "pkix_pl_ocspcertid.h"
-#include "pkix_pl_ocsprequest.h"
-#include "pkix_pl_ocspresponse.h"
-#include "pkix_pl_httpdefaultclient.h"
-#include "pkix_pl_httpcertstore.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_InitializeParamsStruct {
- PKIX_List *loggers;
- PKIX_UInt32 majorVersion;
- PKIX_UInt32 minorVersion;
-};
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_LIFECYCLE_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mem.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mem.c
deleted file mode 100755
index 90873fc62..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mem.c
+++ /dev/null
@@ -1,201 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_mem.c
- *
- * Memory Management Functions
- *
- */
-
-#include "pkix_pl_mem.h"
-
-/*
- * FUNCTION: PKIX_PL_Malloc (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Malloc(
- PKIX_UInt32 size,
- void **pMemory,
- void *plContext)
-{
- PKIX_PL_NssContext *nssContext = NULL;
- void *result = NULL;
-
- PKIX_ENTER(MEM, "PKIX_PL_Malloc");
- PKIX_NULLCHECK_ONE(pMemory);
-
- if (size == 0){
- *pMemory = NULL;
- } else {
-
- nssContext = (PKIX_PL_NssContext *)plContext;
-
- if (nssContext != NULL && nssContext->arena != NULL) {
- PKIX_MEM_DEBUG("\tCalling PORT_ArenaAlloc.\n");
- *pMemory = PORT_ArenaAlloc(nssContext->arena, size);
- } else {
- PKIX_MEM_DEBUG("\tCalling PR_Malloc.\n");
- result = (void *) PR_Malloc(size);
-
- if (result == NULL) {
- PKIX_MEM_DEBUG("Fatal Error Occurred: "
- "PR_Malloc failed.\n");
- PKIX_ERROR_ALLOC_ERROR();
- } else {
- *pMemory = result;
- }
- }
- }
-
-cleanup:
- PKIX_RETURN(MEM);
-}
-
-/*
- * FUNCTION: PKIX_PL_Calloc (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Calloc(
- PKIX_UInt32 nElem,
- PKIX_UInt32 elSize,
- void **pMemory,
- void *plContext)
-{
- PKIX_PL_NssContext *nssContext = NULL;
- void *result = NULL;
-
- PKIX_ENTER(MEM, "PKIX_PL_Calloc");
- PKIX_NULLCHECK_ONE(pMemory);
-
- if ((nElem == 0) || (elSize == 0)){
- *pMemory = NULL;
- } else {
-
- nssContext = (PKIX_PL_NssContext *)plContext;
-
- if (nssContext != NULL && nssContext->arena != NULL) {
- PKIX_MEM_DEBUG("\tCalling PORT_ArenaAlloc.\n");
- *pMemory = PORT_ArenaAlloc(nssContext->arena, elSize);
- } else {
- PKIX_MEM_DEBUG("\tCalling PR_Calloc.\n");
- result = (void *) PR_Calloc(nElem, elSize);
-
- if (result == NULL) {
- PKIX_MEM_DEBUG("Fatal Error Occurred: "
- "PR_Calloc failed.\n");
- PKIX_ERROR_ALLOC_ERROR();
- } else {
- *pMemory = result;
- }
- }
- }
-
-cleanup:
-
- PKIX_RETURN(MEM);
-}
-
-/*
- * FUNCTION: PKIX_PL_Realloc (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Realloc(
- void *ptr,
- PKIX_UInt32 size,
- void **pMemory,
- void *plContext)
-{
- PKIX_PL_NssContext *nssContext = NULL;
- void *result = NULL;
-
- PKIX_ENTER(MEM, "PKIX_PL_Realloc");
- PKIX_NULLCHECK_ONE(pMemory);
-
- nssContext = (PKIX_PL_NssContext *)plContext;
-
- if (nssContext != NULL && nssContext->arena != NULL) {
- PKIX_MEM_DEBUG("\tCalling PORT_ArenaAlloc.\n");
- result = PORT_ArenaAlloc(nssContext->arena, size);
-
- if (result){
- PKIX_MEM_DEBUG("\tCalling PORT_Memcpy.\n");
- PORT_Memcpy(result, ptr, size);
- }
- *pMemory = result;
- } else {
- PKIX_MEM_DEBUG("\tCalling PR_Realloc.\n");
- result = (void *) PR_Realloc(ptr, size);
-
- if (result == NULL) {
- if (size == 0){
- *pMemory = NULL;
- } else {
- PKIX_MEM_DEBUG
- ("Fatal Error Occurred: "
- "PR_Realloc failed.\n");
- PKIX_ERROR_ALLOC_ERROR();
- }
- } else {
- *pMemory = result;
- }
- }
-
-cleanup:
-
- PKIX_RETURN(MEM);
-}
-
-/*
- * FUNCTION: PKIX_PL_Free (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Free(
- void *ptr,
- /* ARGSUSED */ void *plContext)
-{
- PKIX_PL_NssContext *context = NULL;
-
- PKIX_ENTER(MEM, "PKIX_PL_Free");
-
- context = (PKIX_PL_NssContext *) plContext;
- if (context == NULL || context->arena == NULL) {
- PKIX_MEM_DEBUG("\tCalling PR_Free.\n");
- (void) PR_Free(ptr);
- }
-
- PKIX_RETURN(MEM);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mem.h b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mem.h
deleted file mode 100755
index 497f1277e..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mem.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_mem.h
- *
- * Memory Management Definitions
- *
- */
-
-#ifndef _PKIX_PL_MEM_H
-#define _PKIX_PL_MEM_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_MEM_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_monitorlock.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_monitorlock.c
deleted file mode 100755
index b5699e106..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_monitorlock.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_monitorlock.c
- *
- * Read/Write Lock Functions
- *
- */
-
-#include "pkix_pl_monitorlock.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-static PKIX_Error *
-pkix_pl_MonitorLock_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_MonitorLock* monitorLock = NULL;
-
- PKIX_ENTER(MONITORLOCK, "pkix_pl_MonitorLock_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_MONITORLOCK_TYPE, plContext),
- PKIX_OBJECTNOTMONITORLOCK);
-
- monitorLock = (PKIX_PL_MonitorLock*) object;
-
- PKIX_MONITORLOCK_DEBUG("Calling PR_DestroyMonitor)\n");
- PR_DestroyMonitor(monitorLock->lock);
- monitorLock->lock = NULL;
-
-cleanup:
-
- PKIX_RETURN(MONITORLOCK);
-}
-
-/*
- * FUNCTION: pkix_pl_MonitorLock_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_MONITORLOCK_TYPE and its related functions with
- * systemClasses[].
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_MonitorLock_RegisterSelf(
- void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(MONITORLOCK, "pkix_pl_MonitorLock_RegisterSelf");
-
- entry.description = "MonitorLock";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_MonitorLock);
- entry.destructor = pkix_pl_MonitorLock_Destroy;
- entry.equalsFunction = NULL;
- entry.hashcodeFunction = NULL;
- entry.toStringFunction = NULL;
- entry.comparator = NULL;
- entry.duplicateFunction = NULL;
-
- systemClasses[PKIX_MONITORLOCK_TYPE] = entry;
-
- PKIX_RETURN(MONITORLOCK);
-}
-
-/* --Public-Functions--------------------------------------------- */
-
-PKIX_Error *
-PKIX_PL_MonitorLock_Create(
- PKIX_PL_MonitorLock **pNewLock,
- void *plContext)
-{
- PKIX_PL_MonitorLock *monitorLock = NULL;
-
- PKIX_ENTER(MONITORLOCK, "PKIX_PL_MonitorLock_Create");
- PKIX_NULLCHECK_ONE(pNewLock);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_MONITORLOCK_TYPE,
- sizeof (PKIX_PL_MonitorLock),
- (PKIX_PL_Object **)&monitorLock,
- plContext),
- PKIX_ERRORALLOCATINGMONITORLOCK);
-
- PKIX_MONITORLOCK_DEBUG("\tCalling PR_NewMonitor)\n");
- monitorLock->lock = PR_NewMonitor();
-
- if (monitorLock->lock == NULL) {
- PKIX_DECREF(monitorLock);
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- *pNewLock = monitorLock;
-
-cleanup:
-
- PKIX_RETURN(MONITORLOCK);
-}
-
-PKIX_Error *
-PKIX_PL_MonitorLock_Enter(
- PKIX_PL_MonitorLock *monitorLock,
- void *plContext)
-{
- PKIX_ENTER_NO_LOGGER(MONITORLOCK, "PKIX_PL_MonitorLock_Enter");
- PKIX_NULLCHECK_ONE(monitorLock);
-
- PKIX_MONITORLOCK_DEBUG("\tCalling PR_EnterMonitor)\n");
- (void) PR_EnterMonitor(monitorLock->lock);
-
- PKIX_RETURN_NO_LOGGER(MONITORLOCK);
-}
-
-PKIX_Error *
-PKIX_PL_MonitorLock_Exit(
- PKIX_PL_MonitorLock *monitorLock,
- void *plContext)
-{
- PKIX_ENTER_NO_LOGGER(MONITORLOCK, "PKIX_PL_MonitorLock_Exit");
- PKIX_NULLCHECK_ONE(monitorLock);
-
- PKIX_MONITORLOCK_DEBUG("\tCalling PR_ExitMonitor)\n");
- PR_ExitMonitor(monitorLock->lock);
-
- PKIX_RETURN_NO_LOGGER(MONITORLOCK);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_monitorlock.h b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_monitorlock.h
deleted file mode 100755
index 951ad7d1d..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_monitorlock.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_monitorlock.h
- *
- * Read/Write Lock Definition
- *
- */
-
-#ifndef _PKIX_PL_MONITORLOCK_H
-#define _PKIX_PL_MONITORLOCK_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_MonitorLockStruct {
- PRMonitor* lock;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *
-pkix_pl_MonitorLock_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_MONITORLOCK_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mutex.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mutex.c
deleted file mode 100755
index 1d3d9d94d..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mutex.c
+++ /dev/null
@@ -1,196 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_mutex.c
- *
- * Mutual Exclusion (Lock) Object Functions
- *
- */
-
-#include "pkix_pl_mutex.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_Mutex_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_Mutex_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_Mutex *mutex = NULL;
-
- PKIX_ENTER(MUTEX, "pkix_pl_Mutex_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- /* Sanity check: Test that "object" is a mutex */
- PKIX_CHECK(pkix_CheckType(object, PKIX_MUTEX_TYPE, plContext),
- PKIX_OBJECTNOTMUTEX);
-
- mutex = (PKIX_PL_Mutex*) object;
-
- PKIX_MUTEX_DEBUG("\tCalling PR_DestroyLock).\n");
- PR_DestroyLock(mutex->lock);
- mutex->lock = NULL;
-
-cleanup:
-
- PKIX_RETURN(MUTEX);
-}
-
-/*
- * FUNCTION: pkix_pl_Mutex_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_MUTEX_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_Mutex_RegisterSelf(
- /* ARGSUSED */ void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(MUTEX, "pkix_pl_Mutex_RegisterSelf");
-
- entry.description = "Mutex";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_Mutex);
- entry.destructor = pkix_pl_Mutex_Destroy;
- entry.equalsFunction = NULL;
- entry.hashcodeFunction = NULL;
- entry.toStringFunction = NULL;
- entry.comparator = NULL;
- entry.duplicateFunction = NULL;
-
- systemClasses[PKIX_MUTEX_TYPE] = entry;
-
- PKIX_RETURN(MUTEX);
-}
-
-/* --Public-Functions--------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_Mutex_Create (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Mutex_Create(
- PKIX_PL_Mutex **pNewLock,
- void *plContext)
-{
- PKIX_PL_Mutex *mutex = NULL;
-
- PKIX_ENTER(MUTEX, "PKIX_PL_Mutex_Create");
- PKIX_NULLCHECK_ONE(pNewLock);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_MUTEX_TYPE,
- sizeof (PKIX_PL_Mutex),
- (PKIX_PL_Object **)&mutex,
- plContext),
- PKIX_COULDNOTCREATELOCKOBJECT);
-
- PKIX_MUTEX_DEBUG("\tCalling PR_NewLock).\n");
- mutex->lock = PR_NewLock();
-
- /* If an error occured in NSPR, report it here */
- if (mutex->lock == NULL) {
- PKIX_DECREF(mutex);
- PKIX_ERROR_ALLOC_ERROR();
- }
-
- *pNewLock = mutex;
-
-cleanup:
-
- PKIX_RETURN(MUTEX);
-}
-
-/*
- * FUNCTION: PKIX_PL_Mutex_Lock (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Mutex_Lock(
- PKIX_PL_Mutex *mutex,
- void *plContext)
-{
- PKIX_ENTER(MUTEX, "PKIX_PL_Mutex_Lock");
- PKIX_NULLCHECK_ONE(mutex);
-
- PKIX_MUTEX_DEBUG("\tCalling PR_Lock).\n");
- PR_Lock(mutex->lock);
-
- PKIX_MUTEX_DEBUG_ARG("(Thread %u just acquired the lock)\n",
- (PKIX_UInt32)PR_GetCurrentThread());
-
- PKIX_RETURN(MUTEX);
-}
-
-/*
- * FUNCTION: PKIX_PL_Mutex_Unlock (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Mutex_Unlock(
- PKIX_PL_Mutex *mutex,
- void *plContext)
-{
- PRStatus result;
-
- PKIX_ENTER(MUTEX, "PKIX_PL_Mutex_Unlock");
- PKIX_NULLCHECK_ONE(mutex);
-
- PKIX_MUTEX_DEBUG("\tCalling PR_Unlock).\n");
- result = PR_Unlock(mutex->lock);
-
- PKIX_MUTEX_DEBUG_ARG("(Thread %u just released the lock)\n",
- (PKIX_UInt32)PR_GetCurrentThread());
-
- if (result == PR_FAILURE) {
- PKIX_ERROR_FATAL(PKIX_ERRORUNLOCKINGMUTEX);
- }
-
-cleanup:
- PKIX_RETURN(MUTEX);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mutex.h b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mutex.h
deleted file mode 100755
index 8c83021bb..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mutex.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_mutex.h
- *
- * Mutual Exclusion (Lock) Object Type Definition
- *
- */
-
-#ifndef _PKIX_PL_MUTEX_H
-#define _PKIX_PL_MUTEX_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_MutexStruct {
- PRLock* lock;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *
-pkix_pl_Mutex_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_MUTEX_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c
deleted file mode 100755
index 846977b37..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c
+++ /dev/null
@@ -1,1473 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_object.c
- *
- * Object Construction, Destruction and Callback Functions
- *
- */
-
-#include "pkix_pl_object.h"
-
-#ifdef PKIX_USER_OBJECT_TYPE
-/* --Class-Table-Initializers------------------------------------ */
-
-/*
- * Create storage space for 20 Class Table buckets.
- * These are only for user-defined types. System types are registered
- * separately by PKIX_PL_Initialize.
- */
-
-static pkix_pl_HT_Elem*
-pkix_Raw_ClassTable_Buckets[] = {
- NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
-};
-
-/*
- * Allocate static memory for a ClassTable.
- * XXX This assumes the bucket pointer will fit into a PKIX_UInt32
- */
-static pkix_pl_PrimHashTable pkix_Raw_ClassTable = {
- (void *)pkix_Raw_ClassTable_Buckets, /* Buckets */
- 20 /* Number of Buckets */
-};
-static pkix_pl_PrimHashTable * classTable = &pkix_Raw_ClassTable;
-#endif /* PKIX_USER_OBJECT_TYPE */
-
-/* --Private-Functions-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_Object_GetHeader
- * DESCRIPTION:
- *
- * Shifts Object pointed to by "object" by the sizeof(PKIX_PL_Object) and
- * stores the value at "pObjectHeader".
- *
- * PARAMETERS:
- * "object"
- * Address of Object to shift. Must be non-NULL.
- * "pObjectHeader"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_Object_GetHeader(
- PKIX_PL_Object *object,
- PKIX_PL_Object **pObjectHeader,
- void *plContext)
-{
- PKIX_PL_Object *header = NULL;
- PKIX_UInt32 objType;
-
- PKIX_ENTER(OBJECT, "pkix_pl_Object_GetHeader");
- PKIX_NULLCHECK_TWO(object, pObjectHeader);
-
- PKIX_OBJECT_DEBUG("\tShifting object pointer).\n");
-
- /* The header is sizeof(PKIX_PL_Object) before the object pointer */
- header = (PKIX_PL_Object *)((char *)object - sizeof(PKIX_PL_Object));
-
- objType = header->type;
-
- if (objType >= PKIX_NUMTYPES) { /* if this is a user-defined type */
-#ifdef PKIX_USER_OBJECT_TYPE
- pkix_ClassTable_Entry *ctEntry = NULL;
-
- PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
- PR_Lock(classTableLock);
-
- PKIX_CHECK(pkix_pl_PrimHashTable_Lookup
- (classTable,
- (void *)&objType,
- objType,
- NULL,
- (void **)&ctEntry,
- plContext),
- PKIX_ERRORGETTINGCLASSTABLEENTRY);
-
- PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
- PR_Unlock(classTableLock);
-
- if (ctEntry == NULL) {
- PKIX_ERROR_FATAL(PKIX_UNKNOWNOBJECTTYPE);
- }
-#else
- PORT_Assert(objType < PKIX_NUMTYPES);
- pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
- pkixErrorClass = PKIX_FATAL_ERROR;
- goto cleanup;
-#endif /* PKIX_USER_OBJECT_TYPE */
- }
-
-#ifdef PKIX_OBJECT_LEAK_TEST
- PORT_Assert(header && header->magicHeader == PKIX_MAGIC_HEADER);
-#endif /* PKIX_OBJECT_LEAK_TEST */
-
- if ((header == NULL)||
- (header->magicHeader != PKIX_MAGIC_HEADER)) {
- PKIX_ERROR_ALLOC_ERROR();
- }
-
- *pObjectHeader = header;
-
-cleanup:
-
- PKIX_RETURN(OBJECT);
-}
-
-/*
- * FUNCTION: pkix_Destroy_Object
- * DESCRIPTION:
- *
- * Destroys and deallocates Object pointed to by "object". The caller is
- * assumed to hold the Object's lock, which is acquired in
- * PKIX_PL_Object_DecRef().
- *
- * PARAMETERS:
- * "object"
- * Address of Object to destroy. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_Object_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_Object *objectHeader = NULL;
-
- PKIX_ENTER(OBJECT, "pkix_pl_Object_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
-#ifdef PKIX_OBJECT_LEAK_TEST
- PKIX_CHECK_FATAL(pkix_pl_Object_GetHeader(object, &objectHeader, plContext),
- PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
-#else
- PKIX_CHECK(pkix_pl_Object_GetHeader(object, &objectHeader, plContext),
- PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
-#endif /* PKIX_OBJECT_LEAK_TEST */
-
- /* Attempt to delete an object still being used */
- if (objectHeader->references != 0) {
- PKIX_ERROR_FATAL(PKIX_OBJECTSTILLREFERENCED);
- }
-
- PKIX_DECREF(objectHeader->stringRep);
-
- /* Destroy this object's lock */
- PKIX_OBJECT_DEBUG("\tCalling PR_DestroyLock).\n");
- PR_DestroyLock(objectHeader->lock);
- objectHeader->lock = NULL;
- object = NULL;
-
- objectHeader->magicHeader = PKIX_MAGIC_HEADER_DESTROYED;
-
-#ifdef PKIX_OBJECT_LEAK_TEST
- memset(objectHeader, 0xbf, systemClasses[PKIX_OBJECT_TYPE].typeObjectSize);
-#endif
-
- PKIX_FREE(objectHeader);
-
-cleanup:
-#ifdef PKIX_OBJECT_LEAK_TEST
-fatal:
-#endif
-
- PKIX_RETURN(OBJECT);
-}
-
-/* --Default-Callbacks-------------------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_Object_Equals_Default
- * DESCRIPTION:
- *
- * Default Object_Equals callback: Compares the address of the Object pointed
- * to by "firstObject" with the address of the Object pointed to by
- * "secondObject" and stores the Boolean result at "pResult".
- *
- * PARAMETERS:
- * "firstObject"
- * Address of first Object to compare. Must be non-NULL.
- * "secondObject"
- * Address of second Object to compare. Must be non-NULL.
- * "pResult"
- * Address where Boolean result will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_Object_Equals_Default(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_ENTER(OBJECT, "pkix_pl_Object_Equals_Default");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- /* Just compare pointer values */
- *pResult = (firstObject == secondObject)?PKIX_TRUE:PKIX_FALSE;
-
- PKIX_RETURN(OBJECT);
-}
-
-/*
- * FUNCTION: pkix_pl_Object_ToString_Default
- * DESCRIPTION:
- *
- * Default Object_ToString callback: Creates a string consisting of the
- * typename and address of the Object pointed to by "object" and stores
- * the result at "pString". The format for the string is
- * "TypeName@Address: <address>", where the default typename is "Object".
- *
- * PARAMETERS:
- * "object"
- * Address of Object to convert to a string. Must be non-NULL.
- * "pString"
- * Address where object pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Object Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_Object_ToString_Default(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_String *formatString = NULL;
- PKIX_PL_String *descString = NULL;
- char *format = "%s@Address: %x";
- char *description = NULL;
- PKIX_UInt32 objType;
-
- PKIX_ENTER(OBJECT, "pkix_pl_Object_ToString_Default");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(PKIX_PL_Object_GetType(object, &objType, plContext),
- PKIX_OBJECTGETTYPEFAILED);
-
- if (objType >= PKIX_NUMTYPES){
-#ifdef PKIX_USER_OBJECT_TYPE
- pkix_ClassTable_Entry *ctEntry = NULL;
-
- PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
- PR_Lock(classTableLock);
- pkixErrorResult = pkix_pl_PrimHashTable_Lookup
- (classTable,
- (void *)&objType,
- objType,
- NULL,
- (void **)&ctEntry,
- plContext);
- PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
- PR_Unlock(classTableLock);
- if (pkixErrorResult){
- PKIX_ERROR_FATAL(PKIX_ERRORGETTINGCLASSTABLEENTRY);
- }
-
- if (ctEntry == NULL){
- PKIX_ERROR_FATAL(PKIX_UNDEFINEDCLASSTABLEENTRY);
- } else {
- description = ctEntry->description;
- if (description == NULL) {
- description = "User Type Object";
- }
- }
-#else
- PORT_Assert (0);
- pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
- pkixErrorClass = PKIX_FATAL_ERROR;
- goto cleanup;
-#endif /* PKIX_USER_OBJECT_TYPE */
- } else {
- description = systemClasses[objType].description;
- }
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- (void *)format,
- 0,
- &formatString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII,
- (void *)description,
- 0,
- &descString,
- plContext),
- PKIX_STRINGCREATEFAILED);
-
- PKIX_CHECK(PKIX_PL_Sprintf
- (pString,
- plContext,
- formatString,
- descString,
- object),
- PKIX_SPRINTFFAILED);
-
-cleanup:
-
- PKIX_DECREF(formatString);
- PKIX_DECREF(descString);
-
- PKIX_RETURN(OBJECT);
-}
-
-/*
- * FUNCTION: pkix_pl_Object_Hashcode_Default
- * DESCRIPTION:
- *
- * Default Object_Hashcode callback. Creates the a hashcode value using the
- * address of the Object pointed to by "object" and stores the result at
- * "pValue".
- *
- * XXX This isn't great since addresses are not uniformly distributed.
- *
- * PARAMETERS:
- * "object"
- * Address of Object to compute hashcode for. Must be non-NULL.
- * "pValue"
- * Address where PKIX_UInt32 will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_Object_Hashcode_Default(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pValue,
- void *plContext)
-{
- PKIX_ENTER(OBJECT, "pkix_pl_Object_Hashcode_Default");
- PKIX_NULLCHECK_TWO(object, pValue);
-
- *pValue = (PKIX_UInt32)object;
-
- PKIX_RETURN(OBJECT);
-}
-
-/*
- * FUNCTION: pkix_pl_Object_RetrieveEqualsCallback
- * DESCRIPTION:
- *
- * Retrieves Equals callback function of Object pointed to by "object and
- * stores it at "pEqualsCallback". If the object's type is one of the system
- * types, its callback function is retrieved from the systemClasses array;
- * otherwise, its callback function is retrieve from the classTable hash
- * table where user-defined types are stored.
- *
- * PARAMETERS:
- * "object"
- * Address of Object whose equals callback is desired. Must be non-NULL.
- * "pEqualsCallback"
- * Address where EqualsCallback function pointer will be stored.
- * Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns an Object Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_Object_RetrieveEqualsCallback(
- PKIX_PL_Object *object,
- PKIX_PL_EqualsCallback *pEqualsCallback,
- void *plContext)
-{
- PKIX_PL_Object *objectHeader = NULL;
- PKIX_PL_EqualsCallback func = NULL;
- pkix_ClassTable_Entry entry;
- PKIX_UInt32 objType;
-
- PKIX_ENTER(OBJECT, "pkix_pl_Object_RetrieveEqualsCallback");
- PKIX_NULLCHECK_TWO(object, pEqualsCallback);
-
- PKIX_CHECK(pkix_pl_Object_GetHeader
- (object, &objectHeader, plContext),
- PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
-
- objType = objectHeader->type;
-
- if (objType >= PKIX_NUMTYPES){
-#ifdef PKIX_USER_OBJECT_TYPE
- pkix_ClassTable_Entry *ctEntry = NULL;
-
- PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
- PR_Lock(classTableLock);
- pkixErrorResult = pkix_pl_PrimHashTable_Lookup
- (classTable,
- (void *)&objType,
- objType,
- NULL,
- (void **)&ctEntry,
- plContext);
- PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
- PR_Unlock(classTableLock);
- if (pkixErrorResult){
- PKIX_ERROR(PKIX_ERRORGETTINGCLASSTABLEENTRY);
- }
-
- if ((ctEntry == NULL) || (ctEntry->equalsFunction == NULL)) {
- PKIX_ERROR(PKIX_UNDEFINEDEQUALSCALLBACK);
- } else {
- *pEqualsCallback = ctEntry->equalsFunction;
- }
-#else
- PORT_Assert (0);
- pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
- pkixErrorClass = PKIX_FATAL_ERROR;
- goto cleanup;
-#endif /* PKIX_USER_OBJECT_TYPE */
- } else {
- entry = systemClasses[objType];
- func = entry.equalsFunction;
- if (func == NULL){
- func = pkix_pl_Object_Equals_Default;
- }
- *pEqualsCallback = func;
- }
-
-cleanup:
-
- PKIX_RETURN(OBJECT);
-}
-
-/*
- * FUNCTION: pkix_pl_Object_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_OBJECT_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- *
- * PKIX_PL_Object should have all function pointes to be to NULL: they
- * work as proxy function to a real objects.
- *
- */
-PKIX_Error *
-pkix_pl_Object_RegisterSelf(void *plContext)
-{
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(ERROR, "pkix_pl_Object_RegisterSelf");
-
- entry.description = "Object";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_Object);
- entry.destructor = NULL;
- entry.equalsFunction = NULL;
- entry.hashcodeFunction = NULL;
- entry.toStringFunction = NULL;
- entry.comparator = NULL;
- entry.duplicateFunction = NULL;
-
- systemClasses[PKIX_OBJECT_TYPE] = entry;
-
- PKIX_RETURN(ERROR);
-}
-
-/* --Public-Functions------------------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_Object_Alloc (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Object_Alloc(
- PKIX_TYPENUM objType,
- PKIX_UInt32 size,
- PKIX_PL_Object **pObject,
- void *plContext)
-{
- PKIX_PL_Object *object = NULL;
- pkix_ClassTable_Entry *ctEntry = NULL;
-
- PKIX_ENTER(OBJECT, "PKIX_PL_Object_Alloc");
- PKIX_NULLCHECK_ONE(pObject);
-
- /*
- * We need to ensure that user-defined types have been registered.
- * All system types have already been registered by PKIX_PL_Initialize.
- */
-
- if (objType >= PKIX_NUMTYPES) { /* i.e. if this is a user-defined type */
-#ifdef PKIX_USER_OBJECT_TYPE
- PKIX_Boolean typeRegistered;
- PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
- PR_Lock(classTableLock);
- pkixErrorResult = pkix_pl_PrimHashTable_Lookup
- (classTable,
- (void *)&objType,
- objType,
- NULL,
- (void **)&ctEntry,
- plContext);
- PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
- PR_Unlock(classTableLock);
- if (pkixErrorResult){
- PKIX_ERROR_FATAL(PKIX_COULDNOTLOOKUPINHASHTABLE);
- }
-
- typeRegistered = (ctEntry != NULL);
-
- if (!typeRegistered) {
- PKIX_ERROR_FATAL(PKIX_UNKNOWNTYPEARGUMENT);
- }
-#else
- PORT_Assert (0);
- pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
- pkixErrorClass = PKIX_FATAL_ERROR;
- goto cleanup;
-#endif /* PKIX_USER_OBJECT_TYPE */
- } else {
- ctEntry = &systemClasses[objType];
- }
-
- PORT_Assert(size == ctEntry->typeObjectSize);
-
- /* Allocate space for the object header and the requested size */
-#ifdef PKIX_OBJECT_LEAK_TEST
- PKIX_CHECK(PKIX_PL_Calloc
- (1,
- ((PKIX_UInt32)sizeof (PKIX_PL_Object))+size,
- (void **)&object,
- plContext),
- PKIX_MALLOCFAILED);
-#else
- PKIX_CHECK(PKIX_PL_Malloc
- (((PKIX_UInt32)sizeof (PKIX_PL_Object))+size,
- (void **)&object,
- plContext),
- PKIX_MALLOCFAILED);
-#endif /* PKIX_OBJECT_LEAK_TEST */
-
- /* Initialize all object fields */
- object->magicHeader = PKIX_MAGIC_HEADER;
- object->type = objType;
- object->references = 1; /* Default to a single reference */
- object->stringRep = NULL;
- object->hashcode = 0;
- object->hashcodeCached = 0;
-
- /* Cannot use PKIX_PL_Mutex because it depends on Object */
- /* Using NSPR Locks instead */
- PKIX_OBJECT_DEBUG("\tCalling PR_NewLock).\n");
- object->lock = PR_NewLock();
- if (object->lock == NULL) {
- PKIX_ERROR_ALLOC_ERROR();
- }
-
- PKIX_OBJECT_DEBUG("\tShifting object pointer).\n");
-
-
- /* Return a pointer to the user data. Need to offset by object size */
- *pObject = object + 1;
- object = NULL;
-
- /* Atomically increment object counter */
- PR_AtomicIncrement(&ctEntry->objCounter);
-
-cleanup:
-
- PKIX_FREE(object);
-
- PKIX_RETURN(OBJECT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Object_IsTypeRegistered (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Object_IsTypeRegistered(
- PKIX_UInt32 objType,
- PKIX_Boolean *pBool,
- void *plContext)
-{
-#ifdef PKIX_USER_OBJECT_TYPE
- pkix_ClassTable_Entry *ctEntry = NULL;
-#endif
-
- PKIX_ENTER(OBJECT, "PKIX_PL_Object_IsTypeRegistered");
- PKIX_NULLCHECK_ONE(pBool);
-
- /* first, we handle the system types */
- if (objType < PKIX_NUMTYPES) {
- *pBool = PKIX_TRUE;
- goto cleanup;
- }
-
-#ifndef PKIX_USER_OBJECT_TYPE
- PORT_Assert (0);
- pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
- pkixErrorClass = PKIX_FATAL_ERROR;
-#else
- PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
- PR_Lock(classTableLock);
- pkixErrorResult = pkix_pl_PrimHashTable_Lookup
- (classTable,
- (void *)&objType,
- objType,
- NULL,
- (void **)&ctEntry,
- plContext);
- PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
- PR_Unlock(classTableLock);
-
- if (pkixErrorResult){
- PKIX_ERROR_FATAL(PKIX_COULDNOTLOOKUPINHASHTABLE);
- }
-
- *pBool = (ctEntry != NULL);
-#endif /* PKIX_USER_OBJECT_TYPE */
-
-cleanup:
-
- PKIX_RETURN(OBJECT);
-}
-
-#ifdef PKIX_USER_OBJECT_TYPE
-/*
- * FUNCTION: PKIX_PL_Object_RegisterType (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Object_RegisterType(
- PKIX_UInt32 objType,
- char *description,
- PKIX_PL_DestructorCallback destructor,
- PKIX_PL_EqualsCallback equalsFunction,
- PKIX_PL_HashcodeCallback hashcodeFunction,
- PKIX_PL_ToStringCallback toStringFunction,
- PKIX_PL_ComparatorCallback comparator,
- PKIX_PL_DuplicateCallback duplicateFunction,
- void *plContext)
-{
- pkix_ClassTable_Entry *ctEntry = NULL;
- pkix_pl_Integer *key = NULL;
-
- PKIX_ENTER(OBJECT, "PKIX_PL_Object_RegisterType");
-
- /*
- * System types are registered on startup by PKIX_PL_Initialize.
- * These can not be overwritten.
- */
-
- if (objType < PKIX_NUMTYPES) { /* if this is a system type */
- PKIX_ERROR(PKIX_CANTREREGISTERSYSTEMTYPE);
- }
-
- PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
- PR_Lock(classTableLock);
- PKIX_CHECK(pkix_pl_PrimHashTable_Lookup
- (classTable,
- (void *)&objType,
- objType,
- NULL,
- (void **)&ctEntry,
- plContext),
- PKIX_PRIMHASHTABLELOOKUPFAILED);
-
- /* If the type is already registered, throw an error */
- if (ctEntry) {
- PKIX_ERROR(PKIX_TYPEALREADYREGISTERED);
- }
-
- PKIX_CHECK(PKIX_PL_Malloc
- (((PKIX_UInt32)sizeof (pkix_ClassTable_Entry)),
- (void **)&ctEntry,
- plContext),
- PKIX_MALLOCFAILED);
-
- /* Set Default Values if none specified */
-
- if (description == NULL){
- description = "Object";
- }
-
- if (equalsFunction == NULL) {
- equalsFunction = pkix_pl_Object_Equals_Default;
- }
-
- if (toStringFunction == NULL) {
- toStringFunction = pkix_pl_Object_ToString_Default;
- }
-
- if (hashcodeFunction == NULL) {
- hashcodeFunction = pkix_pl_Object_Hashcode_Default;
- }
-
- ctEntry->destructor = destructor;
- ctEntry->equalsFunction = equalsFunction;
- ctEntry->toStringFunction = toStringFunction;
- ctEntry->hashcodeFunction = hashcodeFunction;
- ctEntry->comparator = comparator;
- ctEntry->duplicateFunction = duplicateFunction;
- ctEntry->description = description;
-
- PKIX_CHECK(PKIX_PL_Malloc
- (((PKIX_UInt32)sizeof (pkix_pl_Integer)),
- (void **)&key,
- plContext),
- PKIX_COULDNOTMALLOCNEWKEY);
-
- key->ht_int = objType;
-
- PKIX_CHECK(pkix_pl_PrimHashTable_Add
- (classTable,
- (void *)key,
- (void *)ctEntry,
- objType,
- NULL,
- plContext),
- PKIX_PRIMHASHTABLEADDFAILED);
-
-cleanup:
- PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
- PR_Unlock(classTableLock);
-
- PKIX_RETURN(OBJECT);
-}
-#endif /* PKIX_USER_OBJECT_TYPE */
-
-/*
- * FUNCTION: PKIX_PL_Object_IncRef (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Object_IncRef(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_Object *objectHeader = NULL;
- PKIX_PL_NssContext *context = NULL;
- PKIX_Int32 refCount = 0;
-
- PKIX_ENTER(OBJECT, "PKIX_PL_Object_IncRef");
- PKIX_NULLCHECK_ONE(object);
-
- if (plContext){
- /*
- * PKIX_PL_NssContext is not a complete PKIX Type, it doesn't
- * have a header therefore we cannot verify its type before
- * casting.
- */
- context = (PKIX_PL_NssContext *) plContext;
- if (context->arena != NULL) {
- goto cleanup;
- }
- }
-
- if (object == (PKIX_PL_Object*)PKIX_ALLOC_ERROR()) {
- goto cleanup;
- }
-
- /* Shift pointer from user data to object header */
- PKIX_CHECK(pkix_pl_Object_GetHeader(object, &objectHeader, plContext),
- PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
-
- /* This object should never have zero references */
- refCount = PR_AtomicIncrement(&objectHeader->references);
-
- if (refCount <= 1) {
- PKIX_THROW(FATAL, PKIX_OBJECTWITHNONPOSITIVEREFERENCES);
- }
-
-cleanup:
-
- PKIX_RETURN(OBJECT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Object_DecRef (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Object_DecRef(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_Int32 refCount = 0;
- PKIX_PL_Object *objectHeader = NULL;
- PKIX_PL_NssContext *context = NULL;
-
- PKIX_ENTER(OBJECT, "PKIX_PL_Object_DecRef");
- PKIX_NULLCHECK_ONE(object);
-
- if (plContext){
- /*
- * PKIX_PL_NssContext is not a complete PKIX Type, it doesn't
- * have a header therefore we cannot verify its type before
- * casting.
- */
- context = (PKIX_PL_NssContext *) plContext;
- if (context->arena != NULL) {
- goto cleanup;
- }
- }
-
- if (object == (PKIX_PL_Object*)PKIX_ALLOC_ERROR()) {
- goto cleanup;
- }
-
- /* Shift pointer from user data to object header */
- PKIX_CHECK(pkix_pl_Object_GetHeader(object, &objectHeader, plContext),
- PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
-
- refCount = PR_AtomicDecrement(&objectHeader->references);
-
- if (refCount == 0) {
- PKIX_PL_DestructorCallback destructor = NULL;
- pkix_ClassTable_Entry *ctEntry = NULL;
- PKIX_UInt32 objType = objectHeader->type;
-
- /* first, special handling for system types */
- if (objType >= PKIX_NUMTYPES){
-#ifdef PKIX_USER_OBJECT_TYPE
- PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
- PR_Lock(classTableLock);
- pkixErrorResult = pkix_pl_PrimHashTable_Lookup
- (classTable,
- (void *)&objType,
- objType,
- NULL,
- (void **)&ctEntry,
- plContext);
- PKIX_OBJECT_DEBUG
- ("\tCalling PR_Unlock).\n");
- PR_Unlock(classTableLock);
- if (pkixErrorResult){
- PKIX_ERROR_FATAL
- (PKIX_ERRORINGETTINGDESTRUCTOR);
- }
-
- if (ctEntry != NULL){
- destructor = ctEntry->destructor;
- }
-#else
- PORT_Assert (0);
- pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
- pkixErrorClass = PKIX_FATAL_ERROR;
- goto cleanup;
-#endif /* PKIX_USER_OBJECT_TYPE */
- } else {
- ctEntry = &systemClasses[objType];
- destructor = ctEntry->destructor;
- }
-
- if (destructor != NULL){
- /* Call destructor on user data if necessary */
- pkixErrorResult = destructor(object, plContext);
- if (pkixErrorResult) {
- pkixErrorClass = PKIX_FATAL_ERROR;
- PKIX_DoAddError(stdVarsPtr, pkixErrorResult, plContext);
- pkixErrorResult = NULL;
- }
- }
-
- /* Atomically decrement object counter */
- PR_AtomicDecrement(&ctEntry->objCounter);
-
- /* pkix_pl_Object_Destroy assumes the lock is held */
- /* It will call unlock and destroy the object */
- pkixErrorResult = pkix_pl_Object_Destroy(object, plContext);
- goto cleanup;
- }
-
- if (refCount < 0) {
- PKIX_ERROR_ALLOC_ERROR();
- }
-
-cleanup:
-
- PKIX_RETURN(OBJECT);
-}
-
-
-
-/*
- * FUNCTION: PKIX_PL_Object_Equals (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Object_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_PL_Object *firstObjectHeader = NULL;
- PKIX_PL_Object *secondObjectHeader = NULL;
- PKIX_PL_EqualsCallback func = NULL;
- pkix_ClassTable_Entry entry;
- PKIX_UInt32 objType;
-
- PKIX_ENTER(OBJECT, "PKIX_PL_Object_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- PKIX_CHECK(pkix_pl_Object_GetHeader
- (firstObject, &firstObjectHeader, plContext),
- PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
-
- PKIX_CHECK(pkix_pl_Object_GetHeader
- (secondObject, &secondObjectHeader, plContext),
- PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
-
- /* if hashcodes are cached but not equal, objects can't be equal */
- if (firstObjectHeader->hashcodeCached &&
- secondObjectHeader->hashcodeCached){
- if (firstObjectHeader->hashcode !=
- secondObjectHeader->hashcode){
- *pResult = PKIX_FALSE;
- goto cleanup;
- }
- }
-
- objType = firstObjectHeader->type;
-
- if (objType >= PKIX_NUMTYPES) {
-#ifdef PKIX_USER_OBJECT_TYPE
- pkix_ClassTable_Entry *ctEntry = NULL;
- PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
- PR_Lock(classTableLock);
- pkixErrorResult = pkix_pl_PrimHashTable_Lookup
- (classTable,
- (void *)&firstObjectHeader->type,
- firstObjectHeader->type,
- NULL,
- (void **)&ctEntry,
- plContext);
- PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
- PR_Unlock(classTableLock);
-
- if (pkixErrorResult){
- PKIX_ERROR_FATAL(PKIX_ERRORGETTINGCLASSTABLEENTRY);
- }
-
- if ((ctEntry == NULL) || (ctEntry->equalsFunction == NULL)) {
- PKIX_ERROR_FATAL(PKIX_UNDEFINEDCALLBACK);
- } else {
- func = ctEntry->equalsFunction;
- }
-#else
- PORT_Assert (0);
- pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
- pkixErrorClass = PKIX_FATAL_ERROR;
- goto cleanup;
-#endif /* PKIX_USER_OBJECT_TYPE */
- } else {
- entry = systemClasses[objType];
- func = entry.equalsFunction;
- if (func == NULL){
- func = pkix_pl_Object_Equals_Default;
- }
- }
-
- PKIX_CHECK(func(firstObject, secondObject, pResult, plContext),
- PKIX_OBJECTSPECIFICFUNCTIONFAILED);
-
-cleanup:
-
- PKIX_RETURN(OBJECT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Object_Duplicate (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Object_Duplicate(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object **pNewObject,
- void *plContext)
-{
- PKIX_PL_Object *firstObjectHeader = NULL;
- PKIX_PL_DuplicateCallback func = NULL;
- pkix_ClassTable_Entry entry;
- PKIX_UInt32 objType;
-
- PKIX_ENTER(OBJECT, "PKIX_PL_Object_Duplicate");
- PKIX_NULLCHECK_TWO(firstObject, pNewObject);
-
- PKIX_CHECK(pkix_pl_Object_GetHeader
- (firstObject, &firstObjectHeader, plContext),
- PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
-
- objType = firstObjectHeader->type;
-
- if (objType >= PKIX_NUMTYPES) {
-#ifdef PKIX_USER_OBJECT_TYPE
- pkix_ClassTable_Entry *ctEntry = NULL;
-
- PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
- PR_Lock(classTableLock);
- pkixErrorResult = pkix_pl_PrimHashTable_Lookup
- (classTable,
- (void *)&objType,
- objType,
- NULL,
- (void **)&ctEntry,
- plContext);
- PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
- PR_Unlock(classTableLock);
-
- if (pkixErrorResult){
- PKIX_ERROR_FATAL(PKIX_ERRORGETTINGCLASSTABLEENTRY);
- }
-
- if ((ctEntry == NULL) || (ctEntry->duplicateFunction == NULL)) {
- PKIX_ERROR_FATAL(PKIX_UNDEFINEDCALLBACK);
- } else {
- func = ctEntry->duplicateFunction;
- }
-#else
- PORT_Assert (0);
- pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
- pkixErrorClass = PKIX_FATAL_ERROR;
- goto cleanup;
-#endif /* PKIX_USER_OBJECT_TYPE */
- } else {
- entry = systemClasses[objType];
- func = entry.duplicateFunction;
- if (!func){
- PKIX_ERROR_FATAL(PKIX_UNDEFINEDDUPLICATEFUNCTION);
- }
- }
-
- PKIX_CHECK(func(firstObject, pNewObject, plContext),
- PKIX_OBJECTSPECIFICFUNCTIONFAILED);
-
-cleanup:
-
- PKIX_RETURN(OBJECT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Object_Hashcode (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Object_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pValue,
- void *plContext)
-{
- PKIX_PL_Object *objectHeader = NULL;
- PKIX_PL_HashcodeCallback func = NULL;
- pkix_ClassTable_Entry entry;
- PKIX_UInt32 objectHash;
-
- PKIX_ENTER(OBJECT, "PKIX_PL_Object_Hashcode");
- PKIX_NULLCHECK_TWO(object, pValue);
-
- /* Shift pointer from user data to object header */
- PKIX_CHECK(pkix_pl_Object_GetHeader(object, &objectHeader, plContext),
- PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
-
- /* if we don't have a cached copy from before, we create one */
- if (!objectHeader->hashcodeCached){
-
- PKIX_UInt32 objType = objectHeader->type;
-
- /* first, special handling for system types */
- if (objType >= PKIX_NUMTYPES){
-#ifdef PKIX_USER_OBJECT_TYPE
- pkix_ClassTable_Entry *ctEntry = NULL;
-
- PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
- PR_Lock(classTableLock);
- pkixErrorResult = pkix_pl_PrimHashTable_Lookup
- (classTable,
- (void *)&objType,
- objType,
- NULL,
- (void **)&ctEntry,
- plContext);
- PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
- PR_Unlock(classTableLock);
-
- if (pkixErrorResult){
- PKIX_ERROR_FATAL
- (PKIX_ERRORGETTINGCLASSTABLEENTRY);
- }
-
- if ((ctEntry == NULL) ||
- (ctEntry->hashcodeFunction == NULL)) {
- PKIX_ERROR_FATAL(PKIX_UNDEFINEDCALLBACK);
- }
-
- func = ctEntry->hashcodeFunction;
-#else
- PORT_Assert (0);
- pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
- pkixErrorClass = PKIX_FATAL_ERROR;
- goto cleanup;
-#endif /* PKIX_USER_OBJECT_TYPE */
- } else {
- entry = systemClasses[objType];
- func = entry.hashcodeFunction;
- if (func == NULL){
- func = pkix_pl_Object_Hashcode_Default;
- }
- }
-
- PKIX_CHECK(func(object, &objectHash, plContext),
- PKIX_OBJECTSPECIFICFUNCTIONFAILED);
-
- if (!objectHeader->hashcodeCached){
-
- PKIX_CHECK(pkix_LockObject(object, plContext),
- PKIX_ERRORLOCKINGOBJECT);
-
- if (!objectHeader->hashcodeCached){
- /* save cached copy in case we need it again */
- objectHeader->hashcode = objectHash;
- objectHeader->hashcodeCached = PKIX_TRUE;
- }
-
- PKIX_CHECK(pkix_UnlockObject(object, plContext),
- PKIX_ERRORUNLOCKINGOBJECT);
- }
- }
-
- *pValue = objectHeader->hashcode;
-
-cleanup:
-
- PKIX_RETURN(OBJECT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Object_ToString (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Object_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_Object *objectHeader = NULL;
- PKIX_PL_ToStringCallback func = NULL;
- pkix_ClassTable_Entry entry;
- PKIX_PL_String *objectString = NULL;
-
- PKIX_ENTER(OBJECT, "PKIX_PL_Object_ToString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- /* Shift pointer from user data to object header */
- PKIX_CHECK(pkix_pl_Object_GetHeader(object, &objectHeader, plContext),
- PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
-
- /* if we don't have a cached copy from before, we create one */
- if (!objectHeader->stringRep){
-
- PKIX_UInt32 objType = objectHeader->type;
-
- if (objType >= PKIX_NUMTYPES){
-#ifdef PKIX_USER_OBJECT_TYPE
- pkix_ClassTable_Entry *ctEntry = NULL;
-
- PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
- PR_Lock(classTableLock);
- pkixErrorResult = pkix_pl_PrimHashTable_Lookup
- (classTable,
- (void *)&objType,
- objType,
- NULL,
- (void **)&ctEntry,
- plContext);
- PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
- PR_Unlock(classTableLock);
- if (pkixErrorResult){
- PKIX_ERROR_FATAL
- (PKIX_ERRORGETTINGCLASSTABLEENTRY);
- }
-
- if ((ctEntry == NULL) ||
- (ctEntry->toStringFunction == NULL)) {
- PKIX_ERROR_FATAL(PKIX_UNDEFINEDCALLBACK);
- }
-
- func = ctEntry->toStringFunction;
-#else
- PORT_Assert (0);
- pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
- pkixErrorClass = PKIX_FATAL_ERROR;
- goto cleanup;
-#endif /* PKIX_USER_OBJECT_TYPE */
- } else {
- entry = systemClasses[objType];
- func = entry.toStringFunction;
- if (func == NULL){
- func = pkix_pl_Object_ToString_Default;
- }
- }
-
- PKIX_CHECK(func(object, &objectString, plContext),
- PKIX_OBJECTSPECIFICFUNCTIONFAILED);
-
- if (!objectHeader->stringRep){
-
- PKIX_CHECK(pkix_LockObject(object, plContext),
- PKIX_ERRORLOCKINGOBJECT);
-
- if (!objectHeader->stringRep){
- /* save a cached copy */
- objectHeader->stringRep = objectString;
- objectString = NULL;
- }
-
- PKIX_CHECK(pkix_UnlockObject(object, plContext),
- PKIX_ERRORUNLOCKINGOBJECT);
- }
- }
-
-
- *pString = objectHeader->stringRep;
- objectHeader->stringRep = NULL;
-
-cleanup:
- if (objectHeader) {
- PKIX_DECREF(objectHeader->stringRep);
- }
- PKIX_DECREF(objectString);
-
- PKIX_RETURN(OBJECT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Object_InvalidateCache (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Object_InvalidateCache(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_Object *objectHeader = NULL;
-
- PKIX_ENTER(OBJECT, "PKIX_PL_Object_InvalidateCache");
- PKIX_NULLCHECK_ONE(object);
-
- /* Shift pointer from user data to object header */
- PKIX_CHECK(pkix_pl_Object_GetHeader(object, &objectHeader, plContext),
- PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
-
- PKIX_CHECK(pkix_LockObject(object, plContext),
- PKIX_ERRORLOCKINGOBJECT);
-
- /* invalidate hashcode */
- objectHeader->hashcode = 0;
- objectHeader->hashcodeCached = PKIX_FALSE;
-
- PKIX_DECREF(objectHeader->stringRep);
-
- PKIX_CHECK(pkix_UnlockObject(object, plContext),
- PKIX_ERRORUNLOCKINGOBJECT);
-
-cleanup:
-
- PKIX_RETURN(OBJECT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Object_Compare (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Object_Compare(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Int32 *pResult,
- void *plContext)
-{
- PKIX_PL_Object *firstObjectHeader = NULL;
- PKIX_PL_Object *secondObjectHeader = NULL;
- PKIX_PL_ComparatorCallback func = NULL;
- pkix_ClassTable_Entry entry;
- PKIX_UInt32 objType;
-
- PKIX_ENTER(OBJECT, "PKIX_PL_Object_Compare");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- /* Shift pointer from user data to object header */
- PKIX_CHECK(pkix_pl_Object_GetHeader
- (firstObject, &firstObjectHeader, plContext),
- PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
-
- /* Shift pointer from user data to object header */
- PKIX_CHECK(pkix_pl_Object_GetHeader
- (secondObject, &secondObjectHeader, plContext),
- PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
-
- objType = firstObjectHeader->type;
-
- if (objType >= PKIX_NUMTYPES){
-#ifdef PKIX_USER_OBJECT_TYPE
- pkix_ClassTable_Entry *ctEntry = NULL;
-
- PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
- PR_Lock(classTableLock);
- pkixErrorResult = pkix_pl_PrimHashTable_Lookup
- (classTable,
- (void *)&objType,
- objType,
- NULL,
- (void **)&ctEntry,
- plContext);
- PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
- PR_Unlock(classTableLock);
- if (pkixErrorResult){
- PKIX_ERROR_FATAL(PKIX_ERRORGETTINGCLASSTABLEENTRY);
- }
-
- if ((ctEntry == NULL) || (ctEntry->comparator == NULL)) {
- PKIX_ERROR_FATAL(PKIX_UNDEFINEDCOMPARATOR);
- }
-
- func = ctEntry->comparator;
-#else
- PORT_Assert (0);
- pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
- pkixErrorClass = PKIX_FATAL_ERROR;
- goto cleanup;
-#endif /* PKIX_USER_OBJECT_TYPE */
- } else {
- /* special handling for system types */
- entry = systemClasses[objType];
- func = entry.comparator;
- if (!func){
- PKIX_ERROR(PKIX_UNDEFINEDCOMPARATOR);
- }
- }
-
- PKIX_CHECK(func(firstObject, secondObject, pResult, plContext),
- PKIX_OBJECTSPECIFICFUNCTIONFAILED);
-
-cleanup:
-
- PKIX_RETURN(OBJECT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Object_Lock (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Object_Lock(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_ENTER(OBJECT, "PKIX_PL_Object_Lock");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_LockObject(object, plContext),
- PKIX_LOCKOBJECTFAILED);
-
-cleanup:
-
- PKIX_RETURN(OBJECT);
-}
-
-/*
- * FUNCTION: PKIX_PL_Object_Unlock (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Object_Unlock(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_ENTER(OBJECT, "PKIX_PL_Object_Unlock");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_UnlockObject(object, plContext),
- PKIX_UNLOCKOBJECTFAILED);
-
-cleanup:
-
- PKIX_RETURN(OBJECT);
-}
-
-
-/*
- * FUNCTION: PKIX_PL_Object_GetType (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Object_GetType(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pType,
- void *plContext)
-{
- PKIX_PL_Object *objectHeader = NULL;
-
- PKIX_ENTER(OBJECT, "PKIX_PL_Object_GetType");
- PKIX_NULLCHECK_TWO(object, pType);
-
- /* Shift pointer from user data to object header */
- PKIX_CHECK(pkix_pl_Object_GetHeader(object, &objectHeader, plContext),
- PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
-
- *pType = objectHeader->type;
-
-cleanup:
-
- PKIX_RETURN(OBJECT);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.h b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.h
deleted file mode 100755
index b683fec87..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.h
+++ /dev/null
@@ -1,109 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_object.h
- *
- * Object Construction, Destruction and Callback Definitions
- *
- */
-
-#ifndef _PKIX_PL_OBJECT_H
-#define _PKIX_PL_OBJECT_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Object Implementation Notes:
- *
- * Allocating a new object creates an object header and a block of
- * uninitialized user data. A pointer to this uninitialized data is
- * returned to the user. The structure looks as follows:
- *
- * +--------------------+
- * | MAGIC HEADER |
- * | (object header) |
- * +--------------------+
- * | user data | -- pointer returned from PKIX_PL_Object_Alloc
- * +--------------------+
- *
- * Object operations receive a pointer to raw user data as an argument.
- * The macro HEADER(object) returns a pointer to the object header.
- * An assertion then verifies that the first field is the MAGIC_HEADER.
- */
-
-/* PKIX_PL_Object Structure Definition */
-struct PKIX_PL_ObjectStruct {
- PRUint64 magicHeader;
- PKIX_UInt32 type;
- PKIX_Int32 references;
- PRLock *lock;
- PKIX_PL_String *stringRep;
- PKIX_UInt32 hashcode;
- PKIX_Boolean hashcodeCached;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *
-pkix_pl_Object_RetrieveEqualsCallback(
- PKIX_PL_Object *object,
- PKIX_PL_EqualsCallback *equalsCallback,
- void *plContext);
-
-extern PKIX_Boolean initializing;
-extern PKIX_Boolean initialized;
-
-#ifdef PKIX_USER_OBJECT_TYPE
-
-extern PRLock *classTableLock;
-
-#endif
-
-extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
-
-PKIX_Error *
-pkix_pl_Object_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_OBJECT_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
deleted file mode 100755
index 69c8a9f87..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
+++ /dev/null
@@ -1,365 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_oid.c
- *
- * OID Object Functions
- *
- */
-
-#include "pkix_pl_oid.h"
-
-/* --Private-OID-Functions---------------------------------------- */
-
- /*
- * FUNCTION: pkix_pl_OID_Comparator
- * (see comments for PKIX_PL_ComparatorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_OID_Comparator(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Int32 *pRes,
- void *plContext)
-{
- PKIX_PL_OID *firstOID = NULL;
- PKIX_PL_OID *secondOID = NULL;
-
- PKIX_ENTER(OID, "pkix_pl_OID_Comparator");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pRes);
-
- PKIX_CHECK(pkix_CheckTypes
- (firstObject, secondObject, PKIX_OID_TYPE, plContext),
- PKIX_ARGUMENTSNOTOIDS);
-
- firstOID = (PKIX_PL_OID*)firstObject;
- secondOID = (PKIX_PL_OID*)secondObject;
-
- *pRes = (PKIX_Int32)SECITEM_CompareItem(&firstOID->derOid,
- &secondOID->derOid);
-cleanup:
- PKIX_RETURN(OID);
-}
-
-/*
- * FUNCTION: pkix_pl_OID_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_OID_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_OID *oid = NULL;
-
- PKIX_ENTER(OID, "pkix_pl_OID_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_OID_TYPE, plContext),
- PKIX_OBJECTNOTANOID);
- oid = (PKIX_PL_OID*)object;
- SECITEM_FreeItem(&oid->derOid, PR_FALSE);
-
-cleanup:
- PKIX_RETURN(OID);
-}
-
-/*
- * FUNCTION: pkix_pl_OID_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_OID_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_PL_OID *oid = NULL;
-
- PKIX_ENTER(OID, "pkix_pl_OID_HashCode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_OID_TYPE, plContext),
- PKIX_OBJECTNOTANOID);
-
- oid = (PKIX_PL_OID *)object;
-
- PKIX_CHECK(pkix_hash
- ((unsigned char *)oid->derOid.data,
- oid->derOid.len * sizeof (char),
- pHashcode,
- plContext),
- PKIX_HASHFAILED);
-cleanup:
-
- PKIX_RETURN(OID);
-}
-
-/*
- * FUNCTION: pkix_pl_OID_Equals
- * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_OID_Equals(
- PKIX_PL_Object *first,
- PKIX_PL_Object *second,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_UInt32 secondType;
- SECComparison cmpResult;
-
- PKIX_ENTER(OID, "pkix_pl_OID_Equals");
- PKIX_NULLCHECK_THREE(first, second, pResult);
-
- PKIX_CHECK(pkix_CheckType(first, PKIX_OID_TYPE, plContext),
- PKIX_FIRSTARGUMENTNOTANOID);
-
- PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
-
- *pResult = PKIX_FALSE;
-
- /*
- * Do a quick check that the second object is an OID.
- * If so, check that their lengths are equal.
- */
- if (secondType != PKIX_OID_TYPE) {
- goto cleanup;
- }
-
- PKIX_CHECK(pkix_pl_OID_Comparator
- (first, second, &cmpResult, plContext),
- PKIX_OIDCOMPARATORFAILED);
-
- *pResult = (cmpResult == SECEqual);
-cleanup:
-
- PKIX_RETURN(OID);
-}
-
-/*
- * FUNCTION: pkix_pl_OID_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- * Use this function only for printing OIDs and not to make any
- * critical security decision.
- */
-static PKIX_Error *
-pkix_pl_OID_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_OID *oid = NULL;
- char *oidString = NULL;
-
- PKIX_ENTER(OID, "pkix_pl_OID_toString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_OID_TYPE, plContext),
- PKIX_OBJECTNOTANOID);
- oid = (PKIX_PL_OID*)object;
- oidString = CERT_GetOidString(&oid->derOid);
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, oidString , 0, pString, plContext),
- PKIX_STRINGCREATEFAILED);
-cleanup:
- PR_smprintf_free(oidString);
-
- PKIX_RETURN(OID);
-}
-
-/*
- * FUNCTION: pkix_pl_OID_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_OID_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_OID_RegisterSelf(
- void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry *entry = &systemClasses[PKIX_OID_TYPE];
-
- PKIX_ENTER(OID, "pkix_pl_OID_RegisterSelf");
-
- entry->description = "OID";
- entry->typeObjectSize = sizeof(PKIX_PL_OID);
- entry->destructor = pkix_pl_OID_Destroy;
- entry->equalsFunction = pkix_pl_OID_Equals;
- entry->hashcodeFunction = pkix_pl_OID_Hashcode;
- entry->toStringFunction = pkix_pl_OID_ToString;
- entry->comparator = pkix_pl_OID_Comparator;
- entry->duplicateFunction = pkix_duplicateImmutable;
-
- PKIX_RETURN(OID);
-}
-
-/*
- * FUNCTION: pkix_pl_OID_GetCriticalExtensionOIDs
- * DESCRIPTION:
- *
- * Converts the extensions in "extensions" array that are critical to
- * PKIX_PL_OID and returns the result as a PKIX_List in "pPidList".
- * If there is no critical extension, an empty list is returned.
- *
- * PARAMETERS
- * "extension"
- * an array of extension pointers. May be NULL.
- * "pOidsList"
- * Address where the list of OIDs is returned. Must be non-NULL.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a CRL Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_OID_GetCriticalExtensionOIDs(
- CERTCertExtension **extensions,
- PKIX_List **pOidsList,
- void *plContext)
-{
- PKIX_List *oidsList = NULL;
- PKIX_PL_OID *pkixOID = NULL;
-
- PKIX_ENTER(OID, "pkix_pl_OID_GetCriticalExtensionOIDs");
- PKIX_NULLCHECK_ONE(pOidsList);
-
- PKIX_CHECK(PKIX_List_Create(&oidsList, plContext),
- PKIX_LISTCREATEFAILED);
-
- if (extensions) {
- while (*extensions) {
- CERTCertExtension *extension = NULL;
- SECItem *critical = NULL;
- SECItem *oid = NULL;
-
- extension = *extensions++;
- /* extension is critical ? */
- critical = &extension->critical;
- if (critical->len == 0 || critical->data[0] == 0) {
- continue;
- }
- oid = &extension->id;
- PKIX_CHECK(
- PKIX_PL_OID_CreateBySECItem(oid, &pkixOID, plContext),
- PKIX_OIDCREATEFAILED);
- PKIX_CHECK(
- PKIX_List_AppendItem(oidsList, (PKIX_PL_Object *)pkixOID,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- PKIX_DECREF(pkixOID);
- }
- }
-
- *pOidsList = oidsList;
- oidsList = NULL;
-
-cleanup:
- PKIX_DECREF(oidsList);
- PKIX_DECREF(pkixOID);
- PKIX_RETURN(OID);
-}
-
-/* --Public-Functions------------------------------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_OID_CreateBySECItem (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_OID_CreateBySECItem(
- SECItem *derOid,
- PKIX_PL_OID **pOID,
- void *plContext)
-{
- PKIX_PL_OID *oid = NULL;
- SECStatus rv;
-
- PKIX_ENTER(OID, "PKIX_PL_OID_CreateBySECItem");
- PKIX_NULLCHECK_TWO(pOID, derOid);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_OID_TYPE,
- sizeof (PKIX_PL_OID),
- (PKIX_PL_Object **)&oid,
- plContext),
- PKIX_COULDNOTCREATEOBJECT);
- rv = SECITEM_CopyItem(NULL, &oid->derOid, derOid);
- if (rv != SECFailure) {
- *pOID = oid;
- oid = NULL;
- }
-
-cleanup:
- PKIX_DECREF(oid);
-
- PKIX_RETURN(OID);
-}
-
-/*
- * FUNCTION: PKIX_PL_OID_Create (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_OID_Create(
- SECOidTag idtag,
- PKIX_PL_OID **pOID,
- void *plContext)
-{
- SECOidData *oidData = NULL;
-
- PKIX_ENTER(OID, "PKIX_PL_OID_Create");
- PKIX_NULLCHECK_ONE(pOID);
-
- oidData = SECOID_FindOIDByTag((SECOidTag)idtag);
- if (!oidData) {
- PKIX_ERROR(PKIX_SECOIDFINDOIDTAGDESCRIPTIONFAILED);
- }
-
- pkixErrorResult =
- PKIX_PL_OID_CreateBySECItem(&oidData->oid, pOID, plContext);
-cleanup:
- PKIX_RETURN(OID);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.h b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.h
deleted file mode 100755
index 2660ae8b2..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_oid.h
- *
- * OID Object Definitions
- *
- */
-
-#ifndef _PKIX_PL_OID_H
-#define _PKIX_PL_OID_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_OIDStruct {
- SECItem derOid;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *
-pkix_pl_OID_RegisterSelf(void *plContext);
-
-PKIX_Error *
-pkix_pl_OID_GetCriticalExtensionOIDs(
- CERTCertExtension **extensions,
- PKIX_List **pOidsList,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_OID_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_primhash.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_primhash.c
deleted file mode 100755
index 4386c81af..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_primhash.c
+++ /dev/null
@@ -1,617 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_primhash.c
- *
- * Primitive (non-object) Hashtable Functions
- *
- */
-
-#include "pkix_pl_primhash.h"
-
-/* --Private-Functions---------------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_KeyComparator_Default
- * DESCRIPTION:
- *
- * Compares the integer pointed to by "firstKey" with the integer pointed to
- * by "secondKey" for equality and stores the Boolean result at "pResult".
- * This default key comparator assumes each key is a PKIX_UInt32, and it
- * simply tests them for equality.
- *
- * PARAMETERS:
- * "firstKey"
- * Address of the first integer key to compare. Must be non-NULL.
- * The EqualsCallback for this Object will be called.
- * "secondKey"
- * Address of the second integer key to compare. Must be non-NULL.
- * "pResult"
- * Address where Boolean will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-static PKIX_Error *
-pkix_pl_KeyComparator_Default(
- PKIX_UInt32 *firstKey,
- PKIX_UInt32 *secondKey,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- /* Assume both keys are pointers to PKIX_UInt32 */
- PKIX_UInt32 firstInt, secondInt;
-
- PKIX_ENTER(HASHTABLE, "pkix_pl_KeyComparator_Default");
- PKIX_NULLCHECK_THREE(firstKey, secondKey, pResult);
-
- firstInt = *firstKey;
- secondInt = *secondKey;
-
- *pResult = (firstInt == secondInt)?PKIX_TRUE:PKIX_FALSE;
-
- PKIX_RETURN(HASHTABLE);
-}
-
-
-/*
- * FUNCTION: pkix_pl_PrimHashTable_Create
- * DESCRIPTION:
- *
- * Creates a new PrimHashtable object with a number of buckets equal to
- * "numBuckets" and stores the result at "pResult".
- *
- * PARAMETERS:
- * "numBuckets"
- * The number of hash table buckets. Must be non-zero.
- * "pResult"
- * Address where PrimHashTable pointer will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_PrimHashTable_Create(
- PKIX_UInt32 numBuckets,
- pkix_pl_PrimHashTable **pResult,
- void *plContext)
-{
- pkix_pl_PrimHashTable *primHashTable = NULL;
- PKIX_UInt32 i;
-
- PKIX_ENTER(HASHTABLE, "pkix_pl_PrimHashTable_Create");
- PKIX_NULLCHECK_ONE(pResult);
-
- if (numBuckets == 0) {
- PKIX_ERROR(PKIX_NUMBUCKETSEQUALSZERO);
- }
-
- /* Allocate a new hashtable */
- PKIX_CHECK(PKIX_PL_Malloc
- (sizeof (pkix_pl_PrimHashTable),
- (void **)&primHashTable,
- plContext),
- PKIX_MALLOCFAILED);
-
- primHashTable->size = numBuckets;
-
- /* Allocate space for the buckets */
- PKIX_CHECK(PKIX_PL_Malloc
- (numBuckets * sizeof (pkix_pl_HT_Elem*),
- (void **)&primHashTable->buckets,
- plContext),
- PKIX_MALLOCFAILED);
-
- for (i = 0; i < numBuckets; i++) {
- primHashTable->buckets[i] = NULL;
- }
-
- *pResult = primHashTable;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_FREE(primHashTable);
- }
-
- PKIX_RETURN(HASHTABLE);
-}
-
-/*
- * FUNCTION: pkix_pl_PrimHashTable_Add
- * DESCRIPTION:
- *
- * Adds the value pointed to by "value" to the PrimHashTable pointed to by
- * "ht" using the key pointed to by "key" and the hashCode value equal to
- * "hashCode", using the function pointed to by "keyComp" to compare keys.
- * Assumes the key is either a PKIX_UInt32 or a PKIX_PL_Object. If the value
- * already exists in the hashtable, this function returns a non-fatal error.
- *
- * PARAMETERS:
- * "ht"
- * Address of PrimHashtable to insert into. Must be non-NULL.
- * "key"
- * Address of key. Typically a PKIX_UInt32 or PKIX_PL_Object.
- * Must be non-NULL.
- * "value"
- * Address of Object to be added to PrimHashtable. Must be non-NULL.
- * "hashCode"
- * Hashcode value of the key.
- * "keyComp"
- * Address of function used to determine if two keys are equal.
- * If NULL, pkix_pl_KeyComparator_Default is used.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "ht"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a HashTable Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_PrimHashTable_Add(
- pkix_pl_PrimHashTable *ht,
- void *key,
- void *value,
- PKIX_UInt32 hashCode,
- PKIX_PL_EqualsCallback keyComp,
- void *plContext)
-{
- pkix_pl_HT_Elem **elemPtr = NULL;
- pkix_pl_HT_Elem *element = NULL;
- PKIX_Boolean compResult = PKIX_FALSE;
-
- PKIX_ENTER(HASHTABLE, "pkix_pl_PrimHashTable_Add");
- PKIX_NULLCHECK_THREE(ht, key, value);
-
- for (elemPtr = &((ht->buckets)[hashCode%ht->size]), element = *elemPtr;
- element != NULL; elemPtr = &(element->next), element = *elemPtr) {
-
- if (element->hashCode != hashCode){
- /* no possibility of a match */
- continue;
- }
-
- if (keyComp == NULL){
- PKIX_CHECK(pkix_pl_KeyComparator_Default
- ((PKIX_UInt32 *)key,
- (PKIX_UInt32 *)(element->key),
- &compResult,
- plContext),
- PKIX_COULDNOTTESTWHETHERKEYSEQUAL);
- } else {
- PKIX_CHECK(keyComp
- ((PKIX_PL_Object *)key,
- (PKIX_PL_Object *)(element->key),
- &compResult,
- plContext),
- PKIX_COULDNOTTESTWHETHERKEYSEQUAL);
- }
-
- if ((element->hashCode == hashCode) &&
- (compResult == PKIX_TRUE)){
- /* Same key already exists in the table */
- PKIX_ERROR(PKIX_ATTEMPTTOADDDUPLICATEKEY);
- }
- }
-
- /* Next Element should be NULL at this point */
- if (element != NULL) {
- PKIX_ERROR(PKIX_ERRORTRAVERSINGBUCKET);
- }
-
- /* Create a new HT_Elem */
- PKIX_CHECK(PKIX_PL_Malloc
- (sizeof (pkix_pl_HT_Elem), (void **)elemPtr, plContext),
- PKIX_MALLOCFAILED);
-
- element = *elemPtr;
-
- element->key = key;
- element->value = value;
- element->hashCode = hashCode;
- element->next = NULL;
-
-cleanup:
-
- PKIX_RETURN(HASHTABLE);
-}
-
-/*
- * FUNCTION: pkix_pl_PrimHashTable_Remove
- * DESCRIPTION:
- *
- * Removes any objects with the key pointed to by "key" and hashCode value
- * equal to "hashCode" from the PrimHashtable pointed to by "ht", using the
- * function pointed to by "keyComp" to compare keys, and stores the object's
- * value at "pResult". Assumes "key" is a PKIX_UInt32 or a PKIX_PL_Object.
- * This function sets "pResult" to NULL if the key is not in the hashtable.
- *
- * PARAMETERS:
- * "ht"
- * Address of PrimHashtable to remove object. Must be non-NULL.
- * "key"
- * Address of key for lookup. Typically a PKIX_UInt32 or PKIX_PL_Object.
- * Must be non-NULL.
- * "value"
- * Address of Object to be added to PrimHashtable. Must be non-NULL.
- * "hashCode"
- * Hashcode value of the key.
- * "keyComp"
- * Address of function used to determine if two keys are equal.
- * If NULL, pkix_pl_KeyComparator_Default is used.
- * "pResult"
- * Address where value will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "ht"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a HashTable Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_PrimHashTable_Remove(
- pkix_pl_PrimHashTable *ht,
- void *key,
- PKIX_UInt32 hashCode,
- PKIX_PL_EqualsCallback keyComp,
- void **pKey,
- void **pValue,
- void *plContext)
-{
- pkix_pl_HT_Elem *element = NULL;
- pkix_pl_HT_Elem *prior = NULL;
- PKIX_Boolean compResult;
-
- PKIX_ENTER(HASHTABLE, "pkix_pl_PrimHashTable_Remove");
- PKIX_NULLCHECK_FOUR(ht, key, pKey, pValue);
-
- *pKey = NULL;
- *pValue = NULL;
-
- for (element = ht->buckets[hashCode%ht->size], prior = element;
- (element != NULL);
- prior = element, element = element->next) {
-
- if (element->hashCode != hashCode){
- /* no possibility of a match */
- continue;
- }
-
- if (keyComp == NULL){
- PKIX_CHECK(pkix_pl_KeyComparator_Default
- ((PKIX_UInt32 *)key,
- (PKIX_UInt32 *)(element->key),
- &compResult,
- plContext),
- PKIX_COULDNOTTESTWHETHERKEYSEQUAL);
- } else {
- PKIX_CHECK(keyComp
- ((PKIX_PL_Object *)key,
- (PKIX_PL_Object *)(element->key),
- &compResult,
- plContext),
- PKIX_COULDNOTTESTWHETHERKEYSEQUAL);
- }
-
- if ((element->hashCode == hashCode) &&
- (compResult == PKIX_TRUE)){
- if (element != prior) {
- prior->next = element->next;
- } else {
- ht->buckets[hashCode%ht->size] = element->next;
- }
- *pKey = element->key;
- *pValue = element->value;
- element->key = NULL;
- element->value = NULL;
- element->next = NULL;
- PKIX_FREE(element);
- goto cleanup;
- }
- }
-
-cleanup:
-
- PKIX_RETURN(HASHTABLE);
-}
-
-
-/*
- * FUNCTION: pkix_pl_HashTableLookup
- * DESCRIPTION:
- *
- * Looks up object using the key pointed to by "key" and hashCode value
- * equal to "hashCode" from the PrimHashtable pointed to by "ht", using the
- * function pointed to by "keyComp" to compare keys, and stores the object's
- * value at "pResult". Assumes "key" is a PKIX_UInt32 or a PKIX_PL_Object.
- * This function sets "pResult" to NULL if the key is not in the hashtable.
- *
- * PARAMETERS:
- * "ht"
- * Address of PrimHashtable to lookup object from. Must be non-NULL.
- * "key"
- * Address of key for lookup. Typically a PKIX_UInt32 or PKIX_PL_Object.
- * Must be non-NULL.
- * "keyComp"
- * Address of function used to determine if two keys are equal.
- * If NULL, pkix_pl_KeyComparator_Default is used.
- * "hashCode"
- * Hashcode value of the key.
- * "pResult"
- * Address where value will be stored. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Conditionally Thread Safe
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_PrimHashTable_Lookup(
- pkix_pl_PrimHashTable *ht,
- void *key,
- PKIX_UInt32 hashCode,
- PKIX_PL_EqualsCallback keyComp,
- void **pResult,
- void *plContext)
-{
- pkix_pl_HT_Elem *element = NULL;
- PKIX_Boolean compResult = PKIX_FALSE;
-
- PKIX_ENTER(HASHTABLE, "pkix_pl_PrimHashTable_Lookup");
- PKIX_NULLCHECK_THREE(ht, key, pResult);
-
- *pResult = NULL;
-
- for (element = (ht->buckets)[hashCode%ht->size];
- (element != NULL) && (*pResult == NULL);
- element = element->next) {
-
- if (element->hashCode != hashCode){
- /* no possibility of a match */
- continue;
- }
-
- if (keyComp == NULL){
- PKIX_CHECK(pkix_pl_KeyComparator_Default
- ((PKIX_UInt32 *)key,
- (PKIX_UInt32 *)(element->key),
- &compResult,
- plContext),
- PKIX_COULDNOTTESTWHETHERKEYSEQUAL);
- } else {
- pkixErrorResult =
- keyComp((PKIX_PL_Object *)key,
- (PKIX_PL_Object *)(element->key),
- &compResult,
- plContext);
- if (pkixErrorResult) {
- pkixErrorClass = PKIX_FATAL_ERROR;
- pkixErrorCode = PKIX_COULDNOTTESTWHETHERKEYSEQUAL;
- goto cleanup;
- }
- }
-
- if ((element->hashCode == hashCode) &&
- (compResult == PKIX_TRUE)){
- *pResult = element->value;
- goto cleanup;
- }
- }
-
- /* if we've reached here, specified key doesn't exist in hashtable */
- *pResult = NULL;
-
-cleanup:
-
- PKIX_RETURN(HASHTABLE);
-}
-
-/*
- * FUNCTION: pkix_pl_PrimHashTable_Destroy
- *
- * Destroys PrimHashTable pointed to by "ht".
- *
- * PARAMETERS:
- * "ht"
- * Address of PrimHashtable to free. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "ht"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS
- * Returns NULL if the function succeeds.
- * Returns a HashTable Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_PrimHashTable_Destroy(
- pkix_pl_PrimHashTable *ht,
- void *plContext)
-{
- pkix_pl_HT_Elem *element = NULL;
- pkix_pl_HT_Elem *temp = NULL;
- PKIX_UInt32 i;
-
- PKIX_ENTER(HASHTABLE, "pkix_pl_PrimHashTable_Destroy");
- PKIX_NULLCHECK_ONE(ht);
-
- /* Free each element (list) */
- for (i = 0; i < ht->size; i++) {
- for (element = ht->buckets[i];
- element != NULL;
- element = temp) {
- temp = element->next;
- element->value = NULL;
- element->key = NULL;
- element->hashCode = 0;
- element->next = NULL;
- PKIX_FREE(element);
- }
- }
-
- /* Free the pointer to the list array */
- PKIX_FREE(ht->buckets);
- ht->size = 0;
-
- /* Free the table itself */
- PKIX_FREE(ht);
-
- PKIX_RETURN(HASHTABLE);
-}
-
-/*
- * FUNCTION: pkix_pl_PrimHashTable_GetBucketSize
- * DESCRIPTION:
- *
- * Retruns number of entries in the bucket the "hashCode" is designated in
- * the hashtable "ht" in the address "pBucketSize".
- *
- * PARAMETERS:
- * "ht"
- * Address of PrimHashtable to get entries count. Must be non-NULL.
- * "hashCode"
- * Hashcode value of the key.
- * "pBucketSize"
- * Address that an PKIX_UInt32 is returned for number of entries in the
- * bucket associated with the hashCode. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "ht"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a HashTable Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_PrimHashTable_GetBucketSize(
- pkix_pl_PrimHashTable *ht,
- PKIX_UInt32 hashCode,
- PKIX_UInt32 *pBucketSize,
- void *plContext)
-{
- pkix_pl_HT_Elem **elemPtr = NULL;
- pkix_pl_HT_Elem *element = NULL;
- PKIX_UInt32 bucketSize = 0;
-
- PKIX_ENTER(HASHTABLE, "pkix_pl_PrimHashTable_GetBucketSize");
- PKIX_NULLCHECK_TWO(ht, pBucketSize);
-
- for (elemPtr = &((ht->buckets)[hashCode%ht->size]), element = *elemPtr;
- element != NULL; elemPtr = &(element->next), element = *elemPtr) {
- bucketSize++;
- }
-
- *pBucketSize = bucketSize;
-
- PKIX_RETURN(HASHTABLE);
-}
-
-/*
- * FUNCTION: pkix_pl_PrimHashTable_RemoveFIFO
- * DESCRIPTION:
- *
- * Remove the first entry in the bucket the "hashCode" is designated in
- * the hashtable "ht". Since new entry is added at end of the link list
- * the first one is the oldest (FI) therefore removed first (FO).
- *
- * PARAMETERS:
- * "ht"
- * Address of PrimHashtable to get entries count. Must be non-NULL.
- * "hashCode"
- * Hashcode value of the key.
- * "pKey"
- * Address of key of the entry deleted. Must be non-NULL.
- * "pValue"
- * Address of Value of the entry deleted. Must be non-NULL.
- * "plContext"
- * Platform-specific context pointer.
- * THREAD SAFETY:
- * Not Thread Safe - assumes exclusive access to "ht"
- * (see Thread Safety Definitions in Programmer's Guide)
- * RETURNS:
- * Returns NULL if the function succeeds.
- * Returns a HashTable Error if the function fails in a non-fatal way.
- * Returns a Fatal Error if the function fails in an unrecoverable way.
- */
-PKIX_Error *
-pkix_pl_PrimHashTable_RemoveFIFO(
- pkix_pl_PrimHashTable *ht,
- PKIX_UInt32 hashCode,
- void **pKey,
- void **pValue,
- void *plContext)
-{
- pkix_pl_HT_Elem *element = NULL;
-
- PKIX_ENTER(HASHTABLE, "pkix_pl_PrimHashTable_Remove");
- PKIX_NULLCHECK_THREE(ht, pKey, pValue);
-
- element = (ht->buckets)[hashCode%ht->size];
-
- if (element != NULL) {
-
- *pKey = element->key;
- *pValue = element->value;
- ht->buckets[hashCode%ht->size] = element->next;
- element->key = NULL;
- element->value = NULL;
- element->next = NULL;
- PKIX_FREE(element);
- }
-
- PKIX_RETURN(HASHTABLE);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_primhash.h b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_primhash.h
deleted file mode 100755
index 5fdf258ac..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_primhash.h
+++ /dev/null
@@ -1,135 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_primhash.h
- *
- * Primitive Hashtable Definition
- *
- */
-
-#ifndef _PKIX_PL_PRIMHASH_H
-#define _PKIX_PL_PRIMHASH_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct pkix_pl_HT_Elem pkix_pl_HT_Elem;
-
-typedef struct pkix_pl_PrimHashTable pkix_pl_PrimHashTable;
-
-typedef struct pkix_pl_Integer pkix_pl_Integer;
-
-struct pkix_pl_Integer{
- PKIX_UInt32 ht_int;
-};
-
-struct pkix_pl_HT_Elem {
- void *key;
- void *value;
- PKIX_UInt32 hashCode;
- pkix_pl_HT_Elem *next;
-};
-
-struct pkix_pl_PrimHashTable {
- pkix_pl_HT_Elem **buckets;
- PKIX_UInt32 size;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *
-pkix_pl_PrimHashTable_Create(
- PKIX_UInt32 numBuckets,
- pkix_pl_PrimHashTable **pResult,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_PrimHashTable_Add(
- pkix_pl_PrimHashTable *ht,
- void *key,
- void *value,
- PKIX_UInt32 hashCode,
- PKIX_PL_EqualsCallback keyComp,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_PrimHashTable_Remove(
- pkix_pl_PrimHashTable *ht,
- void *key,
- PKIX_UInt32 hashCode,
- PKIX_PL_EqualsCallback keyComp,
- void **pKey,
- void **pValue,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_PrimHashTable_Lookup(
- pkix_pl_PrimHashTable *ht,
- void *key,
- PKIX_UInt32 hashCode,
- PKIX_PL_EqualsCallback keyComp,
- void **pResult,
- void *plContext);
-
-PKIX_Error*
-pkix_pl_PrimHashTable_Destroy(
- pkix_pl_PrimHashTable *ht,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_PrimHashTable_GetBucketSize(
- pkix_pl_PrimHashTable *ht,
- PKIX_UInt32 hashCode,
- PKIX_UInt32 *pBucketSize,
- void *plContext);
-
-PKIX_Error *
-pkix_pl_PrimHashTable_RemoveFIFO(
- pkix_pl_PrimHashTable *ht,
- PKIX_UInt32 hashCode,
- void **pKey,
- void **pValue,
- void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_PRIMHASH_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_rwlock.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_rwlock.c
deleted file mode 100755
index cedbddaed..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_rwlock.c
+++ /dev/null
@@ -1,250 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_rwlock.c
- *
- * Read/Write Lock Functions
- *
- */
-
-#include "pkix_pl_rwlock.h"
-
-/* --Private-Functions-------------------------------------------- */
-
-static PKIX_Error *
-pkix_pl_RWLock_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_RWLock* rwlock = NULL;
-
- PKIX_ENTER(RWLOCK, "pkix_pl_RWLock_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_RWLOCK_TYPE, plContext),
- PKIX_OBJECTNOTRWLOCK);
-
- rwlock = (PKIX_PL_RWLock*) object;
-
- PKIX_RWLOCK_DEBUG("Calling PR_DestroyRWLock)\n");
- PR_DestroyRWLock(rwlock->lock);
- rwlock->lock = NULL;
-
-cleanup:
-
- PKIX_RETURN(RWLOCK);
-}
-
-/*
- * FUNCTION: pkix_pl_RWLock_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_RWLOCK_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_RWLock_RegisterSelf(
- void *plContext)
-{
-
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(RWLOCK, "pkix_pl_RWLock_RegisterSelf");
-
- entry.description = "RWLock";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_RWLock);
- entry.destructor = pkix_pl_RWLock_Destroy;
- entry.equalsFunction = NULL;
- entry.hashcodeFunction = NULL;
- entry.toStringFunction = NULL;
- entry.comparator = NULL;
- entry.duplicateFunction = NULL;
-
- systemClasses[PKIX_RWLOCK_TYPE] = entry;
-
- PKIX_RETURN(RWLOCK);
-}
-
-/* --Public-Functions--------------------------------------------- */
-
-PKIX_Error *
-PKIX_PL_RWLock_Create(
- PKIX_PL_RWLock **pNewLock,
- void *plContext)
-{
- PKIX_PL_RWLock *rwLock = NULL;
-
- PKIX_ENTER(RWLOCK, "PKIX_PL_RWLock_Create");
- PKIX_NULLCHECK_ONE(pNewLock);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_RWLOCK_TYPE,
- sizeof (PKIX_PL_RWLock),
- (PKIX_PL_Object **)&rwLock,
- plContext),
- PKIX_ERRORALLOCATINGRWLOCK);
-
- PKIX_RWLOCK_DEBUG("\tCalling PR_NewRWLock)\n");
- rwLock->lock = PR_NewRWLock(PR_RWLOCK_RANK_NONE, "PKIX RWLock");
-
- if (rwLock->lock == NULL) {
- PKIX_DECREF(rwLock);
- PKIX_ERROR(PKIX_OUTOFMEMORY);
- }
-
- rwLock->readCount = 0;
- rwLock->writeLocked = PKIX_FALSE;
-
- *pNewLock = rwLock;
-
-cleanup:
-
- PKIX_RETURN(RWLOCK);
-}
-
-PKIX_Error *
-PKIX_PL_AcquireReaderLock(
- PKIX_PL_RWLock *lock,
- void *plContext)
-{
- PKIX_ENTER(RWLOCK, "PKIX_PL_AcquireReaderLock");
- PKIX_NULLCHECK_ONE(lock);
-
- PKIX_RWLOCK_DEBUG("\tCalling PR_RWLock_Rlock)\n");
- (void) PR_RWLock_Rlock(lock->lock);
-
- lock->readCount++;
-
- PKIX_RETURN(RWLOCK);
-}
-
-PKIX_Error *
-PKIX_PL_ReleaseReaderLock(
- PKIX_PL_RWLock *lock,
- void *plContext)
-{
- PKIX_ENTER(RWLOCK, "PKIX_PL_ReleaseReaderLock");
- PKIX_NULLCHECK_ONE(lock);
-
- PKIX_RWLOCK_DEBUG("\tCalling PR_RWLock_Unlock)\n");
- (void) PR_RWLock_Unlock(lock->lock);
-
- lock->readCount--;
-
- PKIX_RETURN(RWLOCK);
-}
-
-PKIX_Error *
-PKIX_PL_IsReaderLockHeld(
- PKIX_PL_RWLock *lock,
- PKIX_Boolean *pIsHeld,
- void *plContext)
-{
- PKIX_ENTER(RWLOCK, "PKIX_PL_IsReaderLockHeld");
- PKIX_NULLCHECK_TWO(lock, pIsHeld);
-
- *pIsHeld = (lock->readCount > 0)?PKIX_TRUE:PKIX_FALSE;
-
- PKIX_RETURN(RWLOCK);
-}
-
-PKIX_Error *
-PKIX_PL_AcquireWriterLock(
- PKIX_PL_RWLock *lock,
- void *plContext)
-{
- PKIX_ENTER(RWLOCK, "PKIX_PL_AcquireWriterLock");
- PKIX_NULLCHECK_ONE(lock);
-
- PKIX_RWLOCK_DEBUG("\tCalling PR_RWLock_Wlock\n");
- (void) PR_RWLock_Wlock(lock->lock);
-
- if (lock->readCount > 0) {
- PKIX_ERROR(PKIX_LOCKHASNONZEROREADCOUNT);
- }
-
- /* We should never acquire a write lock if the lock is held */
- lock->writeLocked = PKIX_TRUE;
-
-cleanup:
-
- PKIX_RETURN(RWLOCK);
-}
-
-PKIX_Error *
-PKIX_PL_ReleaseWriterLock(
- PKIX_PL_RWLock *lock,
- void *plContext)
-{
- PKIX_ENTER(RWLOCK, "PKIX_PL_ReleaseWriterLock");
- PKIX_NULLCHECK_ONE(lock);
-
- if (lock->readCount > 0) {
- PKIX_ERROR(PKIX_LOCKHASNONZEROREADCOUNT);
- }
-
- PKIX_RWLOCK_DEBUG("\tCalling PR_RWLock_Unlock)\n");
- (void) PR_RWLock_Unlock(lock->lock);
-
- /* XXX Need to think about thread safety here */
- /* There should be a single lock holder */
- lock->writeLocked = PKIX_FALSE;
-
-cleanup:
-
- PKIX_RETURN(RWLOCK);
-}
-
-PKIX_Error *
-PKIX_PL_IsWriterLockHeld(
- PKIX_PL_RWLock *lock,
- PKIX_Boolean *pIsHeld,
- void *plContext)
-{
- PKIX_ENTER(RWLOCK, "PKIX_PL_IsWriterLockHeld");
- PKIX_NULLCHECK_TWO(lock, pIsHeld);
-
- *pIsHeld = lock->writeLocked;
-
- PKIX_RETURN(RWLOCK);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_rwlock.h b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_rwlock.h
deleted file mode 100755
index 1f9d7261f..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_rwlock.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_rwlock.h
- *
- * Read/Write Lock Definition
- *
- */
-
-#ifndef _PKIX_PL_RWLOCK_H
-#define _PKIX_PL_RWLOCK_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_RWLockStruct {
- PRRWLock* lock;
- PKIX_UInt32 readCount;
- PKIX_Boolean writeLocked;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *
-pkix_pl_RWLock_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_RWLOCK_H */
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_string.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_string.c
deleted file mode 100755
index 0c129d9d7..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_string.c
+++ /dev/null
@@ -1,654 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_string.c
- *
- * String Object Functions
- *
- */
-
-#include "pkix_pl_string.h"
-
-/* --Private-String-Functions------------------------------------- */
-
-/*
- * FUNCTION: pkix_pl_String_Comparator
- * (see comments for PKIX_PL_ComparatorCallback in pkix_pl_system.h)
- *
- * NOTE:
- * This function is a utility function called by pkix_pl_String_Equals().
- * It is not officially registered as a comparator.
- */
-static PKIX_Error *
-pkix_pl_String_Comparator(
- PKIX_PL_String *firstString,
- PKIX_PL_String *secondString,
- PKIX_Int32 *pResult,
- void *plContext)
-{
- PKIX_UInt32 i;
- PKIX_Int32 result;
- unsigned char *p1 = NULL;
- unsigned char *p2 = NULL;
-
- PKIX_ENTER(STRING, "pkix_pl_String_Comparator");
- PKIX_NULLCHECK_THREE(firstString, secondString, pResult);
-
- result = 0;
-
- p1 = (unsigned char*) firstString->utf16String;
- p2 = (unsigned char*) secondString->utf16String;
-
- /* Compare characters until you find a difference */
- for (i = 0; ((i < firstString->utf16Length) &&
- (i < secondString->utf16Length) &&
- result == 0); i++, p1++, p2++) {
- if (*p1 < *p2){
- result = -1;
- } else if (*p1 > *p2){
- result = 1;
- }
- }
-
- /* If two arrays are identical so far, the longer one is greater */
- if (result == 0) {
- if (firstString->utf16Length < secondString->utf16Length) {
- result = -1;
- } else if (firstString->utf16Length >
- secondString->utf16Length) {
- result = 1;
- }
- }
-
- *pResult = result;
-
- PKIX_RETURN(STRING);
-}
-
-/*
- * FUNCTION: pkix_pl_String_Destroy
- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_String_Destroy(
- PKIX_PL_Object *object,
- void *plContext)
-{
- PKIX_PL_String *string = NULL;
-
- PKIX_ENTER(STRING, "pkix_pl_String_Destroy");
- PKIX_NULLCHECK_ONE(object);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_STRING_TYPE, plContext),
- PKIX_ARGUMENTNOTSTRING);
-
- string = (PKIX_PL_String*)object;
-
- /* XXX For debugging Destroy EscASCII String */
- if (string->escAsciiString != NULL) {
- PKIX_FREE(string->escAsciiString);
- string->escAsciiString = NULL;
- string->escAsciiLength = 0;
- }
-
- /* Destroy UTF16 String */
- if (string->utf16String != NULL) {
- PKIX_FREE(string->utf16String);
- string->utf16String = NULL;
- string->utf16Length = 0;
- }
-
-cleanup:
-
- PKIX_RETURN(STRING);
-}
-
-/*
- * FUNCTION: pkix_pl_String_ToString
- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_String_ToString(
- PKIX_PL_Object *object,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_String *string = NULL;
- char *ascii = NULL;
- PKIX_UInt32 length;
-
- PKIX_ENTER(STRING, "pkix_pl_String_ToString");
- PKIX_NULLCHECK_TWO(object, pString);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_STRING_TYPE, plContext),
- PKIX_ARGUMENTNOTSTRING);
-
- string = (PKIX_PL_String*)object;
-
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- (string, PKIX_ESCASCII, (void **)&ascii, &length, plContext),
- PKIX_STRINGGETENCODEDFAILED);
-
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, ascii, 0, pString, plContext),
- PKIX_STRINGCREATEFAILED);
-
- goto cleanup;
-
-cleanup:
-
- PKIX_FREE(ascii);
-
- PKIX_RETURN(STRING);
-}
-
-/*
- * FUNCTION: pkix_pl_String_Equals
- * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_String_Equals(
- PKIX_PL_Object *firstObject,
- PKIX_PL_Object *secondObject,
- PKIX_Boolean *pResult,
- void *plContext)
-{
- PKIX_UInt32 secondType;
- PKIX_Int32 cmpResult = 0;
-
- PKIX_ENTER(STRING, "pkix_pl_String_Equals");
- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
-
- /* Sanity check: Test that "firstObject" is a Strings */
- PKIX_CHECK(pkix_CheckType(firstObject, PKIX_STRING_TYPE, plContext),
- PKIX_FIRSTOBJECTNOTSTRING);
-
- /* "SecondObject" doesn't have to be a string */
- PKIX_CHECK(PKIX_PL_Object_GetType
- (secondObject, &secondType, plContext),
- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
-
- /* If types differ, then we will return false */
- *pResult = PKIX_FALSE;
-
- if (secondType != PKIX_STRING_TYPE) goto cleanup;
-
- /* It's safe to cast here */
- PKIX_CHECK(pkix_pl_String_Comparator
- ((PKIX_PL_String*)firstObject,
- (PKIX_PL_String*)secondObject,
- &cmpResult,
- plContext),
- PKIX_STRINGCOMPARATORFAILED);
-
- /* Strings are equal iff Comparator Result is 0 */
- *pResult = (cmpResult == 0);
-
-cleanup:
-
- PKIX_RETURN(STRING);
-}
-
-/*
- * FUNCTION: pkix_pl_String_Hashcode
- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
- */
-static PKIX_Error *
-pkix_pl_String_Hashcode(
- PKIX_PL_Object *object,
- PKIX_UInt32 *pHashcode,
- void *plContext)
-{
- PKIX_PL_String *string = NULL;
-
- PKIX_ENTER(STRING, "pkix_pl_String_Hashcode");
- PKIX_NULLCHECK_TWO(object, pHashcode);
-
- PKIX_CHECK(pkix_CheckType(object, PKIX_STRING_TYPE, plContext),
- PKIX_OBJECTNOTSTRING);
-
- string = (PKIX_PL_String*)object;
-
- PKIX_CHECK(pkix_hash
- ((const unsigned char *)string->utf16String,
- string->utf16Length,
- pHashcode,
- plContext),
- PKIX_HASHFAILED);
-
-cleanup:
-
- PKIX_RETURN(STRING);
-}
-
-/*
- * FUNCTION: pkix_pl_String_RegisterSelf
- * DESCRIPTION:
- * Registers PKIX_STRING_TYPE and its related functions with systemClasses[]
- * THREAD SAFETY:
- * Not Thread Safe - for performance and complexity reasons
- *
- * Since this function is only called by PKIX_PL_Initialize, which should
- * only be called once, it is acceptable that this function is not
- * thread-safe.
- */
-PKIX_Error *
-pkix_pl_String_RegisterSelf(
- void *plContext)
-{
- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
- pkix_ClassTable_Entry entry;
-
- PKIX_ENTER(STRING, "pkix_pl_String_RegisterSelf");
-
- entry.description = "String";
- entry.objCounter = 0;
- entry.typeObjectSize = sizeof(PKIX_PL_String);
- entry.destructor = pkix_pl_String_Destroy;
- entry.equalsFunction = pkix_pl_String_Equals;
- entry.hashcodeFunction = pkix_pl_String_Hashcode;
- entry.toStringFunction = pkix_pl_String_ToString;
- entry.comparator = NULL;
- entry.duplicateFunction = pkix_duplicateImmutable;
-
- systemClasses[PKIX_STRING_TYPE] = entry;
-
- PKIX_RETURN(STRING);
-}
-
-
-/* --Public-String-Functions----------------------------------------- */
-
-/*
- * FUNCTION: PKIX_PL_String_Create (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_String_Create(
- PKIX_UInt32 fmtIndicator,
- const void *stringRep,
- PKIX_UInt32 stringLen,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_PL_String *string = NULL;
- unsigned char *utf16Char = NULL;
- PKIX_UInt32 i;
-
- PKIX_ENTER(STRING, "PKIX_PL_String_Create");
- PKIX_NULLCHECK_TWO(pString, stringRep);
-
- PKIX_CHECK(PKIX_PL_Object_Alloc
- (PKIX_STRING_TYPE,
- sizeof (PKIX_PL_String),
- (PKIX_PL_Object **)&string,
- plContext),
- PKIX_COULDNOTALLOCATENEWSTRINGOBJECT);
-
- string->utf16String = NULL;
- string->utf16Length = 0;
-
- /* XXX For Debugging */
- string->escAsciiString = NULL;
- string->escAsciiLength = 0;
-
- switch (fmtIndicator) {
- case PKIX_ESCASCII: case PKIX_ESCASCII_DEBUG:
- PKIX_STRING_DEBUG("\tCalling PL_strlen).\n");
- string->escAsciiLength = PL_strlen(stringRep);
-
- /* XXX Cache for Debugging */
- PKIX_CHECK(PKIX_PL_Malloc
- ((string->escAsciiLength)+1,
- (void **)&string->escAsciiString,
- plContext),
- PKIX_MALLOCFAILED);
-
- (void) PORT_Memcpy
- (string->escAsciiString,
- (void *)((char *)stringRep),
- (string->escAsciiLength)+1);
-
- /* Convert the EscASCII string to UTF16 */
- PKIX_CHECK(pkix_EscASCII_to_UTF16
- (string->escAsciiString,
- string->escAsciiLength,
- (fmtIndicator == PKIX_ESCASCII_DEBUG),
- &string->utf16String,
- &string->utf16Length,
- plContext),
- PKIX_ESCASCIITOUTF16FAILED);
- break;
- case PKIX_UTF8:
- /* Convert the UTF8 string to UTF16 */
- PKIX_CHECK(pkix_UTF8_to_UTF16
- (stringRep,
- stringLen,
- &string->utf16String,
- &string->utf16Length,
- plContext),
- PKIX_UTF8TOUTF16FAILED);
- break;
- case PKIX_UTF16:
- /* UTF16 Strings must be even in length */
- if (stringLen%2 == 1) {
- PKIX_DECREF(string);
- PKIX_ERROR(PKIX_UTF16ALIGNMENTERROR);
- }
-
- utf16Char = (unsigned char *)stringRep;
-
- /* Make sure this is a valid UTF-16 String */
- for (i = 0; \
- (i < stringLen) && (pkixErrorResult == NULL); \
- i += 2) {
- /* Check that surrogate pairs are valid */
- if ((utf16Char[i] >= 0xD8)&&
- (utf16Char[i] <= 0xDB)) {
- if ((i+2) >= stringLen) {
- PKIX_ERROR(PKIX_UTF16HIGHZONEALIGNMENTERROR);
- /* Second pair should be DC00-DFFF */
- } else if (!((utf16Char[i+2] >= 0xDC)&&
- (utf16Char[i+2] <= 0xDF))) {
- PKIX_ERROR(PKIX_UTF16LOWZONEERROR);
- } else {
- /* Surrogate quartet is valid. */
- i += 2;
- }
- }
- }
-
- /* Create UTF16 String */
- string->utf16Length = stringLen;
-
- /* Alloc space for string */
- PKIX_CHECK(PKIX_PL_Malloc
- (stringLen, &string->utf16String, plContext),
- PKIX_MALLOCFAILED);
-
- PKIX_STRING_DEBUG("\tCalling PORT_Memcpy).\n");
- (void) PORT_Memcpy
- (string->utf16String, stringRep, stringLen);
- break;
-
- default:
- PKIX_ERROR(PKIX_UNKNOWNFORMAT);
- }
-
- *pString = string;
-
-cleanup:
-
- if (PKIX_ERROR_RECEIVED){
- PKIX_DECREF(string);
- }
-
- PKIX_RETURN(STRING);
-}
-
-/*
- * FUNCTION: PKIX_PL_Sprintf (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_Sprintf(
- PKIX_PL_String **pOut,
- void *plContext,
- const PKIX_PL_String *fmt,
- ...)
-{
- PKIX_PL_String *tempString = NULL;
- PKIX_UInt32 tempUInt = 0;
- void *pArg = NULL;
- char *asciiText = NULL;
- char *asciiFormat = NULL;
- char *convertedAsciiFormat = NULL;
- char *convertedAsciiFormatBase = NULL;
- va_list args;
- PKIX_UInt32 length, i, j, dummyLen;
-
- PKIX_ENTER(STRING, "PKIX_PL_Sprintf");
- PKIX_NULLCHECK_TWO(pOut, fmt);
-
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- ((PKIX_PL_String *)fmt,
- PKIX_ESCASCII,
- (void **)&asciiFormat,
- &length,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
-
- PKIX_STRING_DEBUG("\tCalling PR_Malloc).\n");
- convertedAsciiFormat = PR_Malloc(length + 1);
- if (convertedAsciiFormat == NULL)
- PKIX_ERROR_ALLOC_ERROR();
-
- convertedAsciiFormatBase = convertedAsciiFormat;
-
- PKIX_STRING_DEBUG("\tCalling va_start).\n");
- va_start(args, fmt);
-
- i = 0;
- j = 0;
- while (i < length) {
- if ((asciiFormat[i] == '%')&&((i+1) < length)) {
- switch (asciiFormat[i+1]) {
- case 's':
- convertedAsciiFormat[j++] = asciiFormat[i++];
- convertedAsciiFormat[j++] = asciiFormat[i++];
- convertedAsciiFormat[j] = '\0';
-
- tempString = va_arg(args, PKIX_PL_String *);
- if (tempString != NULL) {
- PKIX_CHECK(PKIX_PL_String_GetEncoded
- ((PKIX_PL_String*)
- tempString,
- PKIX_ESCASCII,
- &pArg,
- &dummyLen,
- plContext),
- PKIX_STRINGGETENCODEDFAILED);
- } else {
- /* there may be a NULL in var_args */
- pArg = NULL;
- }
- if (asciiText != NULL) {
- asciiText = PR_sprintf_append(asciiText,
- (const char *)convertedAsciiFormat,
- pArg);
- } else {
- asciiText = PR_smprintf
- ((const char *)convertedAsciiFormat,
- pArg);
- }
- if (pArg != NULL) {
- PKIX_PL_Free(pArg, plContext);
- pArg = NULL;
- }
- convertedAsciiFormat += j;
- j = 0;
- break;
- case 'd':
- case 'i':
- case 'o':
- case 'u':
- case 'x':
- case 'X':
- convertedAsciiFormat[j++] = asciiFormat[i++];
- convertedAsciiFormat[j++] = asciiFormat[i++];
- convertedAsciiFormat[j] = '\0';
-
- tempUInt = va_arg(args, PKIX_UInt32);
- if (asciiText != NULL) {
- asciiText = PR_sprintf_append(asciiText,
- (const char *)convertedAsciiFormat,
- tempUInt);
- } else {
- asciiText = PR_smprintf
- ((const char *)convertedAsciiFormat,
- tempUInt);
- }
- convertedAsciiFormat += j;
- j = 0;
- break;
- default:
- convertedAsciiFormat[j++] = asciiFormat[i++];
- convertedAsciiFormat[j++] = asciiFormat[i++];
- break;
- }
- } else {
- convertedAsciiFormat[j++] = asciiFormat[i++];
- }
- }
-
- /* for constant string value at end of fmt */
- if (j > 0) {
- convertedAsciiFormat[j] = '\0';
- if (asciiText != NULL) {
- asciiText = PR_sprintf_append(asciiText,
- (const char *)convertedAsciiFormat);
- } else {
- asciiText = PR_smprintf((const char *)convertedAsciiFormat);
- }
- }
-
- va_end(args);
-
- /* Copy temporary char * into a string object */
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, (void *)asciiText, 0, pOut, plContext),
- PKIX_STRINGCREATEFAILED);
-
-cleanup:
-
- PKIX_FREE(asciiFormat);
-
- if (convertedAsciiFormatBase){
- PR_Free(convertedAsciiFormatBase);
- }
-
- if (asciiText){
- PKIX_STRING_DEBUG("\tCalling PR_smprintf_free).\n");
- PR_smprintf_free(asciiText);
- }
-
- PKIX_RETURN(STRING);
-}
-
-/*
- * FUNCTION: PKIX_PL_GetString (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_GetString(
- /* ARGSUSED */ PKIX_UInt32 stringID,
- char *defaultString,
- PKIX_PL_String **pString,
- void *plContext)
-{
- PKIX_ENTER(STRING, "PKIX_PL_GetString");
- PKIX_NULLCHECK_TWO(pString, defaultString);
-
- /* XXX Optimization - use stringID for caching */
- PKIX_CHECK(PKIX_PL_String_Create
- (PKIX_ESCASCII, defaultString, 0, pString, plContext),
- PKIX_STRINGCREATEFAILED);
-
-cleanup:
-
- PKIX_RETURN(STRING);
-}
-
-/*
- * FUNCTION: PKIX_PL_String_GetEncoded (see comments in pkix_pl_system.h)
- */
-PKIX_Error *
-PKIX_PL_String_GetEncoded(
- PKIX_PL_String *string,
- PKIX_UInt32 fmtIndicator,
- void **pStringRep,
- PKIX_UInt32 *pLength,
- void *plContext)
-{
- PKIX_ENTER(STRING, "PKIX_PL_String_GetEncoded");
- PKIX_NULLCHECK_THREE(string, pStringRep, pLength);
-
- switch (fmtIndicator) {
- case PKIX_ESCASCII: case PKIX_ESCASCII_DEBUG:
- PKIX_CHECK(pkix_UTF16_to_EscASCII
- (string->utf16String,
- string->utf16Length,
- (fmtIndicator == PKIX_ESCASCII_DEBUG),
- (char **)pStringRep,
- pLength,
- plContext),
- PKIX_UTF16TOESCASCIIFAILED);
- break;
- case PKIX_UTF8:
- PKIX_CHECK(pkix_UTF16_to_UTF8
- (string->utf16String,
- string->utf16Length,
- PKIX_FALSE,
- pStringRep,
- pLength,
- plContext),
- PKIX_UTF16TOUTF8FAILED);
- break;
- case PKIX_UTF8_NULL_TERM:
- PKIX_CHECK(pkix_UTF16_to_UTF8
- (string->utf16String,
- string->utf16Length,
- PKIX_TRUE,
- pStringRep,
- pLength,
- plContext),
- PKIX_UTF16TOUTF8FAILED);
- break;
- case PKIX_UTF16:
- *pLength = string->utf16Length;
-
- PKIX_CHECK(PKIX_PL_Malloc(*pLength, pStringRep, plContext),
- PKIX_MALLOCFAILED);
-
- PKIX_STRING_DEBUG("\tCalling PORT_Memcpy).\n");
- (void) PORT_Memcpy(*pStringRep, string->utf16String, *pLength);
- break;
- default:
- PKIX_ERROR(PKIX_UNKNOWNFORMAT);
- }
-
-cleanup:
-
- PKIX_RETURN(STRING);
-}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_string.h b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_string.h
deleted file mode 100755
index d5d784bd3..000000000
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_string.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the PKIX-C library.
- *
- * The Initial Developer of the Original Code is
- * Sun Microsystems, Inc.
- * Portions created by the Initial Developer are
- * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- * Sun Microsystems, Inc.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
- * pkix_pl_string.h
- *
- * String Object Definitions
- *
- */
-
-#ifndef _PKIX_PL_STRING_H
-#define _PKIX_PL_STRING_H
-
-#include "pkix_pl_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct PKIX_PL_StringStruct {
- void* utf16String;
- PKIX_UInt32 utf16Length;
- /* XXX For Debugging */
- char* escAsciiString;
- PKIX_UInt32 escAsciiLength;
-};
-
-/* see source file for function documentation */
-
-PKIX_Error *
-pkix_pl_String_RegisterSelf(void *plContext);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKIX_PL_STRING_H */
View Lorry Controller Status