From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- security/nss/lib/libpkix/pkix/params/Makefile | 46 + security/nss/lib/libpkix/pkix/params/exports.gyp | 28 + security/nss/lib/libpkix/pkix/params/manifest.mn | 24 + security/nss/lib/libpkix/pkix/params/params.gyp | 26 + .../nss/lib/libpkix/pkix/params/pkix_procparams.c | 1417 ++++++++++++++++++++ .../nss/lib/libpkix/pkix/params/pkix_procparams.h | 50 + .../lib/libpkix/pkix/params/pkix_resourcelimits.c | 433 ++++++ .../lib/libpkix/pkix/params/pkix_resourcelimits.h | 36 + .../nss/lib/libpkix/pkix/params/pkix_trustanchor.c | 525 ++++++++ .../nss/lib/libpkix/pkix/params/pkix_trustanchor.h | 35 + .../nss/lib/libpkix/pkix/params/pkix_valparams.c | 335 +++++ .../nss/lib/libpkix/pkix/params/pkix_valparams.h | 33 + 12 files changed, 2988 insertions(+) create mode 100644 security/nss/lib/libpkix/pkix/params/Makefile create mode 100644 security/nss/lib/libpkix/pkix/params/exports.gyp create mode 100644 security/nss/lib/libpkix/pkix/params/manifest.mn create mode 100644 security/nss/lib/libpkix/pkix/params/params.gyp create mode 100644 security/nss/lib/libpkix/pkix/params/pkix_procparams.c create mode 100644 security/nss/lib/libpkix/pkix/params/pkix_procparams.h create mode 100644 security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.c create mode 100644 security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.h create mode 100644 security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c create mode 100644 security/nss/lib/libpkix/pkix/params/pkix_trustanchor.h create mode 100644 security/nss/lib/libpkix/pkix/params/pkix_valparams.c create mode 100644 security/nss/lib/libpkix/pkix/params/pkix_valparams.h (limited to 'security/nss/lib/libpkix/pkix/params') diff --git a/security/nss/lib/libpkix/pkix/params/Makefile b/security/nss/lib/libpkix/pkix/params/Makefile new file mode 100644 index 0000000000..d714361be7 --- /dev/null +++ b/security/nss/lib/libpkix/pkix/params/Makefile @@ -0,0 +1,46 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + + diff --git a/security/nss/lib/libpkix/pkix/params/exports.gyp b/security/nss/lib/libpkix/pkix/params/exports.gyp new file mode 100644 index 0000000000..921f2ceae3 --- /dev/null +++ b/security/nss/lib/libpkix/pkix/params/exports.gyp @@ -0,0 +1,28 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'includes': [ + '../../../../coreconf/config.gypi' + ], + 'targets': [ + { + 'target_name': 'lib_libpkix_pkix_params_exports', + 'type': 'none', + 'copies': [ + { + 'files': [ + 'pkix_procparams.h', + 'pkix_resourcelimits.h', + 'pkix_trustanchor.h', + 'pkix_valparams.h' + ], + 'destination': '<(nss_private_dist_dir)/<(module)' + } + ] + } + ], + 'variables': { + 'module': 'nss' + } +} diff --git a/security/nss/lib/libpkix/pkix/params/manifest.mn b/security/nss/lib/libpkix/pkix/params/manifest.mn new file mode 100644 index 0000000000..2a77bf0eea --- /dev/null +++ b/security/nss/lib/libpkix/pkix/params/manifest.mn @@ -0,0 +1,24 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +CORE_DEPTH = ../../../.. + +PRIVATE_EXPORTS = \ + pkix_procparams.h \ + pkix_trustanchor.h \ + pkix_valparams.h \ + pkix_resourcelimits.h \ + $(NULL) + +MODULE = nss + +CSRCS = \ + pkix_trustanchor.c \ + pkix_procparams.c \ + pkix_valparams.c \ + pkix_resourcelimits.c \ + $(NULL) + +LIBRARY_NAME = pkixparams +SHARED_LIBRARY = $(NULL) diff --git a/security/nss/lib/libpkix/pkix/params/params.gyp b/security/nss/lib/libpkix/pkix/params/params.gyp new file mode 100644 index 0000000000..a1463c4c7c --- /dev/null +++ b/security/nss/lib/libpkix/pkix/params/params.gyp @@ -0,0 +1,26 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'includes': [ + '../../../../coreconf/config.gypi' + ], + 'targets': [ + { + 'target_name': 'pkixparams', + 'type': 'static_library', + 'sources': [ + 'pkix_procparams.c', + 'pkix_resourcelimits.c', + 'pkix_trustanchor.c', + 'pkix_valparams.c' + ], + 'dependencies': [ + '<(DEPTH)/exports.gyp:nss_exports' + ] + } + ], + 'variables': { + 'module': 'nss' + } +} \ No newline at end of file diff --git a/security/nss/lib/libpkix/pkix/params/pkix_procparams.c b/security/nss/lib/libpkix/pkix/params/pkix_procparams.c new file mode 100644 index 0000000000..260b0074c7 --- /dev/null +++ b/security/nss/lib/libpkix/pkix/params/pkix_procparams.c @@ -0,0 +1,1417 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * pkix_procparams.c + * + * ProcessingParams Object Functions + * + */ + +#include "pkix_procparams.h" + +/* --Private-Functions-------------------------------------------- */ + +/* + * FUNCTION: pkix_ProcessingParams_Destroy + * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_ProcessingParams_Destroy( + PKIX_PL_Object *object, + void *plContext) +{ + PKIX_ProcessingParams *params = NULL; + + PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_Destroy"); + PKIX_NULLCHECK_ONE(object); + + /* Check that this object is a processing params object */ + PKIX_CHECK(pkix_CheckType + (object, PKIX_PROCESSINGPARAMS_TYPE, plContext), + PKIX_OBJECTNOTPROCESSINGPARAMS); + + params = (PKIX_ProcessingParams *)object; + + PKIX_DECREF(params->trustAnchors); + PKIX_DECREF(params->hintCerts); + PKIX_DECREF(params->constraints); + PKIX_DECREF(params->date); + PKIX_DECREF(params->initialPolicies); + PKIX_DECREF(params->certChainCheckers); + PKIX_DECREF(params->revChecker); + PKIX_DECREF(params->certStores); + PKIX_DECREF(params->resourceLimits); + +cleanup: + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: pkix_ProcessingParams_Equals + * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_ProcessingParams_Equals( + PKIX_PL_Object *first, + PKIX_PL_Object *second, + PKIX_Boolean *pResult, + void *plContext) +{ + PKIX_UInt32 secondType; + PKIX_Boolean cmpResult; + PKIX_ProcessingParams *firstProcParams = NULL; + PKIX_ProcessingParams *secondProcParams = NULL; + + PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_Equals"); + PKIX_NULLCHECK_THREE(first, second, pResult); + + PKIX_CHECK(pkix_CheckType(first, PKIX_PROCESSINGPARAMS_TYPE, plContext), + PKIX_FIRSTOBJECTNOTPROCESSINGPARAMS); + + PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext), + PKIX_COULDNOTGETTYPEOFSECONDARGUMENT); + + *pResult = PKIX_FALSE; + + if (secondType != PKIX_PROCESSINGPARAMS_TYPE) goto cleanup; + + firstProcParams = (PKIX_ProcessingParams *)first; + secondProcParams = (PKIX_ProcessingParams *)second; + + /* Do the simplest tests first */ + if ((firstProcParams->qualifiersRejected) != + (secondProcParams->qualifiersRejected)) { + goto cleanup; + } + + if (firstProcParams->isCrlRevocationCheckingEnabled != + secondProcParams->isCrlRevocationCheckingEnabled) { + goto cleanup; + } + if (firstProcParams->isCrlRevocationCheckingEnabledWithNISTPolicy != + secondProcParams->isCrlRevocationCheckingEnabledWithNISTPolicy) { + goto cleanup; + } + + /* trustAnchors can never be NULL */ + + PKIX_EQUALS + (firstProcParams->trustAnchors, + secondProcParams->trustAnchors, + &cmpResult, + plContext, + PKIX_OBJECTEQUALSFAILED); + + if (!cmpResult) goto cleanup; + + PKIX_EQUALS + (firstProcParams->hintCerts, + secondProcParams->hintCerts, + &cmpResult, + plContext, + PKIX_OBJECTEQUALSFAILED); + + if (!cmpResult) goto cleanup; + + PKIX_EQUALS + (firstProcParams->date, + secondProcParams->date, + &cmpResult, + plContext, + PKIX_OBJECTEQUALSFAILED); + + if (!cmpResult) goto cleanup; + + PKIX_EQUALS + (firstProcParams->constraints, + secondProcParams->constraints, + &cmpResult, + plContext, + PKIX_OBJECTEQUALSFAILED); + + if (!cmpResult) goto cleanup; + + PKIX_EQUALS + (firstProcParams->initialPolicies, + secondProcParams->initialPolicies, + &cmpResult, + plContext, + PKIX_OBJECTEQUALSFAILED); + + if (!cmpResult) goto cleanup; + + /* There is no Equals function for CertChainCheckers */ + + PKIX_EQUALS + ((PKIX_PL_Object *)firstProcParams->certStores, + (PKIX_PL_Object *)secondProcParams->certStores, + &cmpResult, + plContext, + PKIX_OBJECTEQUALSFAILED); + + if (!cmpResult) goto cleanup; + + PKIX_EQUALS + (firstProcParams->resourceLimits, + secondProcParams->resourceLimits, + &cmpResult, + plContext, + PKIX_OBJECTEQUALSFAILED); + + if (cmpResult == PKIX_FALSE) { + *pResult = PKIX_FALSE; + goto cleanup; + } + + *pResult = cmpResult; + +cleanup: + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: pkix_ProcessingParams_Hashcode + * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_ProcessingParams_Hashcode( + PKIX_PL_Object *object, + PKIX_UInt32 *pHashcode, + void *plContext) +{ + PKIX_ProcessingParams *procParams = NULL; + PKIX_UInt32 hash = 0; + PKIX_UInt32 anchorsHash = 0; + PKIX_UInt32 hintCertsHash = 0; + PKIX_UInt32 dateHash = 0; + PKIX_UInt32 constraintsHash = 0; + PKIX_UInt32 initialHash = 0; + PKIX_UInt32 rejectedHash = 0; + PKIX_UInt32 certChainCheckersHash = 0; + PKIX_UInt32 revCheckerHash = 0; + PKIX_UInt32 certStoresHash = 0; + PKIX_UInt32 resourceLimitsHash = 0; + + PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_Hashcode"); + PKIX_NULLCHECK_TWO(object, pHashcode); + + PKIX_CHECK(pkix_CheckType + (object, PKIX_PROCESSINGPARAMS_TYPE, plContext), + PKIX_OBJECTNOTPROCESSINGPARAMS); + + procParams = (PKIX_ProcessingParams*)object; + + PKIX_HASHCODE(procParams->trustAnchors, &anchorsHash, plContext, + PKIX_OBJECTHASHCODEFAILED); + + PKIX_HASHCODE(procParams->hintCerts, &hintCertsHash, plContext, + PKIX_OBJECTHASHCODEFAILED); + + PKIX_HASHCODE(procParams->date, &dateHash, plContext, + PKIX_OBJECTHASHCODEFAILED); + + PKIX_HASHCODE(procParams->constraints, &constraintsHash, plContext, + PKIX_OBJECTHASHCODEFAILED); + + PKIX_HASHCODE(procParams->initialPolicies, &initialHash, plContext, + PKIX_OBJECTHASHCODEFAILED); + + rejectedHash = procParams->qualifiersRejected; + + /* There is no Hash function for CertChainCheckers */ + + PKIX_HASHCODE(procParams->certStores, &certStoresHash, plContext, + PKIX_OBJECTHASHCODEFAILED); + + PKIX_HASHCODE(procParams->resourceLimits, + &resourceLimitsHash, + plContext, + PKIX_OBJECTHASHCODEFAILED); + + hash = (31 * ((31 * anchorsHash) + hintCertsHash + dateHash)) + + constraintsHash + initialHash + rejectedHash; + + hash += ((((certStoresHash + resourceLimitsHash) << 7) + + certChainCheckersHash + revCheckerHash + + procParams->isCrlRevocationCheckingEnabled + + procParams->isCrlRevocationCheckingEnabledWithNISTPolicy) << 7); + + *pHashcode = hash; + +cleanup: + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: pkix_ProcessingParams_ToString + * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_ProcessingParams_ToString( + PKIX_PL_Object *object, + PKIX_PL_String **pString, + void *plContext) +{ + PKIX_ProcessingParams *procParams = NULL; + char *asciiFormat = NULL; + PKIX_PL_String *formatString = NULL; + PKIX_PL_String *procParamsString = NULL; + PKIX_PL_String *anchorsString = NULL; + PKIX_PL_String *dateString = NULL; + PKIX_PL_String *constraintsString = NULL; + PKIX_PL_String *InitialPoliciesString = NULL; + PKIX_PL_String *qualsRejectedString = NULL; + PKIX_List *certStores = NULL; + PKIX_PL_String *certStoresString = NULL; + PKIX_PL_String *resourceLimitsString = NULL; + + PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_ToString"); + PKIX_NULLCHECK_TWO(object, pString); + + PKIX_CHECK(pkix_CheckType + (object, PKIX_PROCESSINGPARAMS_TYPE, plContext), + PKIX_OBJECTNOTPROCESSINGPARAMS); + + asciiFormat = + "[\n" + "\tTrust Anchors: \n" + "\t********BEGIN LIST OF TRUST ANCHORS********\n" + "\t\t%s\n" + "\t********END LIST OF TRUST ANCHORS********\n" + "\tDate: \t\t%s\n" + "\tTarget Constraints: %s\n" + "\tInitial Policies: %s\n" + "\tQualifiers Rejected: %s\n" + "\tCert Stores: %s\n" + "\tResource Limits: %s\n" + "\tCRL Checking Enabled: %d\n" + "]\n"; + + PKIX_CHECK(PKIX_PL_String_Create + (PKIX_ESCASCII, + asciiFormat, + 0, + &formatString, + plContext), + PKIX_STRINGCREATEFAILED); + + procParams = (PKIX_ProcessingParams*)object; + + PKIX_TOSTRING(procParams->trustAnchors, &anchorsString, plContext, + PKIX_OBJECTTOSTRINGFAILED); + + PKIX_TOSTRING(procParams->date, &dateString, plContext, + PKIX_OBJECTTOSTRINGFAILED); + + PKIX_TOSTRING(procParams->constraints, &constraintsString, plContext, + PKIX_OBJECTTOSTRINGFAILED); + + PKIX_TOSTRING + (procParams->initialPolicies, &InitialPoliciesString, plContext, + PKIX_OBJECTTOSTRINGFAILED); + + PKIX_CHECK(PKIX_PL_String_Create + (PKIX_ESCASCII, + (procParams->qualifiersRejected)?"TRUE":"FALSE", + 0, + &qualsRejectedString, + plContext), + PKIX_STRINGCREATEFAILED); + + /* There is no ToString function for CertChainCheckers */ + + PKIX_CHECK(PKIX_ProcessingParams_GetCertStores + (procParams, &certStores, plContext), + PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED); + + PKIX_TOSTRING(certStores, &certStoresString, plContext, + PKIX_LISTTOSTRINGFAILED); + + PKIX_TOSTRING(procParams->resourceLimits, + &resourceLimitsString, + plContext, + PKIX_OBJECTTOSTRINGFAILED); + + PKIX_CHECK(PKIX_PL_Sprintf + (&procParamsString, + plContext, + formatString, + anchorsString, + dateString, + constraintsString, + InitialPoliciesString, + qualsRejectedString, + certStoresString, + resourceLimitsString, + procParams->isCrlRevocationCheckingEnabled, + procParams->isCrlRevocationCheckingEnabledWithNISTPolicy), + PKIX_SPRINTFFAILED); + + *pString = procParamsString; + +cleanup: + + PKIX_DECREF(formatString); + PKIX_DECREF(anchorsString); + PKIX_DECREF(dateString); + PKIX_DECREF(constraintsString); + PKIX_DECREF(InitialPoliciesString); + PKIX_DECREF(qualsRejectedString); + PKIX_DECREF(certStores); + PKIX_DECREF(certStoresString); + PKIX_DECREF(resourceLimitsString); + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: pkix_ProcessingParams_Duplicate + * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_ProcessingParams_Duplicate( + PKIX_PL_Object *object, + PKIX_PL_Object **pNewObject, + void *plContext) +{ + PKIX_ProcessingParams *params = NULL; + PKIX_ProcessingParams *paramsDuplicate = NULL; + + PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_Duplicate"); + PKIX_NULLCHECK_TWO(object, pNewObject); + + PKIX_CHECK(pkix_CheckType + (object, PKIX_PROCESSINGPARAMS_TYPE, plContext), + PKIX_OBJECTNOTPROCESSINGPARAMS); + + params = (PKIX_ProcessingParams *)object; + + PKIX_CHECK(PKIX_PL_Object_Alloc + (PKIX_PROCESSINGPARAMS_TYPE, + sizeof (PKIX_ProcessingParams), + (PKIX_PL_Object **)¶msDuplicate, + plContext), + PKIX_PROCESSINGPARAMSCREATEFAILED); + + /* initialize fields */ + PKIX_DUPLICATE + (params->trustAnchors, + &(paramsDuplicate->trustAnchors), + plContext, + PKIX_OBJECTDUPLICATEFAILED); + + PKIX_DUPLICATE + (params->hintCerts, &(paramsDuplicate->hintCerts), plContext, + PKIX_OBJECTDUPLICATEFAILED); + + PKIX_DUPLICATE + (params->constraints, + &(paramsDuplicate->constraints), + plContext, + PKIX_OBJECTDUPLICATEFAILED); + + PKIX_DUPLICATE + (params->date, &(paramsDuplicate->date), plContext, + PKIX_OBJECTDUPLICATEFAILED); + + PKIX_DUPLICATE + (params->initialPolicies, + &(paramsDuplicate->initialPolicies), + plContext, + PKIX_OBJECTDUPLICATEFAILED); + + paramsDuplicate->initialPolicyMappingInhibit = + params->initialPolicyMappingInhibit; + paramsDuplicate->initialAnyPolicyInhibit = + params->initialAnyPolicyInhibit; + paramsDuplicate->initialExplicitPolicy = params->initialExplicitPolicy; + paramsDuplicate->qualifiersRejected = params->qualifiersRejected; + + PKIX_DUPLICATE + (params->certChainCheckers, + &(paramsDuplicate->certChainCheckers), + plContext, + PKIX_OBJECTDUPLICATEFAILED); + + PKIX_DUPLICATE + (params->revChecker, + &(paramsDuplicate->revChecker), + plContext, + PKIX_OBJECTDUPLICATEFAILED); + + PKIX_DUPLICATE + (params->certStores, &(paramsDuplicate->certStores), plContext, + PKIX_OBJECTDUPLICATEFAILED); + + PKIX_DUPLICATE + (params->resourceLimits, + &(paramsDuplicate->resourceLimits), + plContext, + PKIX_OBJECTDUPLICATEFAILED); + + paramsDuplicate->isCrlRevocationCheckingEnabled = + params->isCrlRevocationCheckingEnabled; + + paramsDuplicate->isCrlRevocationCheckingEnabledWithNISTPolicy = + params->isCrlRevocationCheckingEnabledWithNISTPolicy; + + *pNewObject = (PKIX_PL_Object *)paramsDuplicate; + +cleanup: + + if (PKIX_ERROR_RECEIVED){ + PKIX_DECREF(paramsDuplicate); + } + + PKIX_RETURN(PROCESSINGPARAMS); + +} + +/* + * FUNCTION: pkix_ProcessingParams_RegisterSelf + * DESCRIPTION: + * Registers PKIX_PROCESSINGPARAMS_TYPE and its related functions with + * systemClasses[] + * THREAD SAFETY: + * Not Thread Safe - for performance and complexity reasons + * + * Since this function is only called by PKIX_PL_Initialize, which should + * only be called once, it is acceptable that this function is not + * thread-safe. + */ +PKIX_Error * +pkix_ProcessingParams_RegisterSelf(void *plContext) +{ + extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES]; + pkix_ClassTable_Entry entry; + + PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_RegisterSelf"); + + entry.description = "ProcessingParams"; + entry.objCounter = 0; + entry.typeObjectSize = sizeof(PKIX_ProcessingParams); + entry.destructor = pkix_ProcessingParams_Destroy; + entry.equalsFunction = pkix_ProcessingParams_Equals; + entry.hashcodeFunction = pkix_ProcessingParams_Hashcode; + entry.toStringFunction = pkix_ProcessingParams_ToString; + entry.comparator = NULL; + entry.duplicateFunction = pkix_ProcessingParams_Duplicate; + + systemClasses[PKIX_PROCESSINGPARAMS_TYPE] = entry; + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* --Public-Functions--------------------------------------------- */ + +/* + * FUNCTION: PKIX_ProcessingParams_Create (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_Create( + PKIX_ProcessingParams **pParams, + void *plContext) +{ + PKIX_ProcessingParams *params = NULL; + + PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_Create"); + PKIX_NULLCHECK_ONE(pParams); + + PKIX_CHECK(PKIX_PL_Object_Alloc + (PKIX_PROCESSINGPARAMS_TYPE, + sizeof (PKIX_ProcessingParams), + (PKIX_PL_Object **)¶ms, + plContext), + PKIX_COULDNOTCREATEPROCESSINGPARAMSOBJECT); + + /* initialize fields */ + PKIX_CHECK(PKIX_List_Create(¶ms->trustAnchors, plContext), + PKIX_LISTCREATEFAILED); + PKIX_CHECK(PKIX_List_SetImmutable(params->trustAnchors, plContext), + PKIX_LISTSETIMMUTABLEFAILED); + + PKIX_CHECK(PKIX_PL_Date_Create_UTCTime + (NULL, ¶ms->date, plContext), + PKIX_DATECREATEUTCTIMEFAILED); + + params->hintCerts = NULL; + params->constraints = NULL; + params->initialPolicies = NULL; + params->initialPolicyMappingInhibit = PKIX_FALSE; + params->initialAnyPolicyInhibit = PKIX_FALSE; + params->initialExplicitPolicy = PKIX_FALSE; + params->qualifiersRejected = PKIX_FALSE; + params->certChainCheckers = NULL; + params->revChecker = NULL; + params->certStores = NULL; + params->resourceLimits = NULL; + + params->isCrlRevocationCheckingEnabled = PKIX_TRUE; + + params->isCrlRevocationCheckingEnabledWithNISTPolicy = PKIX_TRUE; + + params->useAIAForCertFetching = PKIX_FALSE; + params->qualifyTargetCert = PKIX_TRUE; + params->useOnlyTrustAnchors = PKIX_TRUE; + + *pParams = params; + params = NULL; + +cleanup: + + PKIX_DECREF(params); + + PKIX_RETURN(PROCESSINGPARAMS); + +} + +/* + * FUNCTION: PKIX_ProcessingParams_GetUseAIAForCertFetching + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_GetUseAIAForCertFetching( + PKIX_ProcessingParams *params, + PKIX_Boolean *pUseAIA, /* list of TrustAnchor */ + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetUseAIAForCertFetching"); + PKIX_NULLCHECK_TWO(params, pUseAIA); + + *pUseAIA = params->useAIAForCertFetching; + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_SetUseAIAForCertFetching + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_SetUseAIAForCertFetching( + PKIX_ProcessingParams *params, + PKIX_Boolean useAIA, + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetUseAIAForCertFetching"); + PKIX_NULLCHECK_ONE(params); + + params->useAIAForCertFetching = useAIA; + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_GetQualifyTargetCert + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_GetValidateTargetCert( + PKIX_ProcessingParams *params, + PKIX_Boolean *pQualifyTargetCert, + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_GetValidateTargetCert"); + PKIX_NULLCHECK_TWO(params, pQualifyTargetCert); + + *pQualifyTargetCert = params->qualifyTargetCert; + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_SetQualifyTargetCert + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_SetQualifyTargetCert( + PKIX_ProcessingParams *params, + PKIX_Boolean qualifyTargetCert, + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_SetQualifyTargetCert"); + PKIX_NULLCHECK_ONE(params); + + params->qualifyTargetCert = qualifyTargetCert; + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_SetTrustAnchors + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_SetTrustAnchors( + PKIX_ProcessingParams *params, + PKIX_List *anchors, /* list of TrustAnchor */ + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetTrustAnchors"); + PKIX_NULLCHECK_TWO(params, anchors); + + PKIX_DECREF(params->trustAnchors); + + PKIX_INCREF(anchors); + params->trustAnchors = anchors; + PKIX_CHECK(PKIX_List_SetImmutable(params->trustAnchors, plContext), + PKIX_LISTSETIMMUTABLEFAILED); + +cleanup: + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_GetTrustAnchors + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_GetTrustAnchors( + PKIX_ProcessingParams *params, + PKIX_List **pAnchors, /* list of TrustAnchor */ + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetTrustAnchors"); + PKIX_NULLCHECK_TWO(params, pAnchors); + + PKIX_INCREF(params->trustAnchors); + + *pAnchors = params->trustAnchors; + +cleanup: + PKIX_RETURN(PROCESSINGPARAMS); +} + +/** + * FUNCTION: PKIX_ProcessingParams_SetUseOnlyTrustAnchors + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_GetUseOnlyTrustAnchors( + PKIX_ProcessingParams *params, + PKIX_Boolean *pUseOnlyTrustAnchors, + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_SetUseTrustAnchorsOnly"); + PKIX_NULLCHECK_TWO(params, pUseOnlyTrustAnchors); + + *pUseOnlyTrustAnchors = params->useOnlyTrustAnchors; + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/** + * FUNCTION: PKIX_ProcessingParams_SetUseOnlyTrustAnchors + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_SetUseOnlyTrustAnchors( + PKIX_ProcessingParams *params, + PKIX_Boolean useOnlyTrustAnchors, + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_SetUseTrustAnchorsOnly"); + PKIX_NULLCHECK_ONE(params); + + params->useOnlyTrustAnchors = useOnlyTrustAnchors; + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_GetDate (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_GetDate( + PKIX_ProcessingParams *params, + PKIX_PL_Date **pDate, + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetDate"); + PKIX_NULLCHECK_TWO(params, pDate); + + PKIX_INCREF(params->date); + *pDate = params->date; + +cleanup: + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_SetDate (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_SetDate( + PKIX_ProcessingParams *params, + PKIX_PL_Date *date, + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetDate"); + PKIX_NULLCHECK_ONE(params); + + PKIX_DECREF(params->date); + + PKIX_INCREF(date); + params->date = date; + + PKIX_CHECK(PKIX_PL_Object_InvalidateCache + ((PKIX_PL_Object *)params, plContext), + PKIX_OBJECTINVALIDATECACHEFAILED); + +cleanup: + + if (PKIX_ERROR_RECEIVED && params) { + PKIX_DECREF(params->date); + } + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_GetTargetCertConstraints + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_GetTargetCertConstraints( + PKIX_ProcessingParams *params, + PKIX_CertSelector **pConstraints, + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_GetTargetCertConstraints"); + + PKIX_NULLCHECK_TWO(params, pConstraints); + + PKIX_INCREF(params->constraints); + *pConstraints = params->constraints; + +cleanup: + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_SetTargetCertConstraints + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_SetTargetCertConstraints( + PKIX_ProcessingParams *params, + PKIX_CertSelector *constraints, + void *plContext) +{ + + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_SetTargetCertConstraints"); + + PKIX_NULLCHECK_ONE(params); + + PKIX_DECREF(params->constraints); + + PKIX_INCREF(constraints); + params->constraints = constraints; + + PKIX_CHECK(PKIX_PL_Object_InvalidateCache + ((PKIX_PL_Object *)params, plContext), + PKIX_OBJECTINVALIDATECACHEFAILED); + +cleanup: + if (PKIX_ERROR_RECEIVED && params) { + PKIX_DECREF(params->constraints); + } + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_GetInitialPolicies + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_GetInitialPolicies( + PKIX_ProcessingParams *params, + PKIX_List **pInitPolicies, /* list of PKIX_PL_OID */ + void *plContext) +{ + + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_GetInitialPolicies"); + + PKIX_NULLCHECK_TWO(params, pInitPolicies); + + if (params->initialPolicies == NULL) { + PKIX_CHECK(PKIX_List_Create + (¶ms->initialPolicies, plContext), + PKIX_UNABLETOCREATELIST); + PKIX_CHECK(PKIX_List_SetImmutable + (params->initialPolicies, plContext), + PKIX_UNABLETOMAKELISTIMMUTABLE); + PKIX_CHECK(PKIX_PL_Object_InvalidateCache + ((PKIX_PL_Object *)params, plContext), + PKIX_OBJECTINVALIDATECACHEFAILED); + } + + PKIX_INCREF(params->initialPolicies); + *pInitPolicies = params->initialPolicies; + +cleanup: + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_SetInitialPolicies + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_SetInitialPolicies( + PKIX_ProcessingParams *params, + PKIX_List *initPolicies, /* list of PKIX_PL_OID */ + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_SetInitialPolicies"); + PKIX_NULLCHECK_ONE(params); + + PKIX_DECREF(params->initialPolicies); + + PKIX_INCREF(initPolicies); + params->initialPolicies = initPolicies; + + PKIX_CHECK(PKIX_PL_Object_InvalidateCache + ((PKIX_PL_Object *)params, plContext), + PKIX_OBJECTINVALIDATECACHEFAILED); + +cleanup: + + if (PKIX_ERROR_RECEIVED && params) { + PKIX_DECREF(params->initialPolicies); + } + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_GetPolicyQualifiersRejected + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_GetPolicyQualifiersRejected( + PKIX_ProcessingParams *params, + PKIX_Boolean *pRejected, + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_GetPolicyQualifiersRejected"); + + PKIX_NULLCHECK_TWO(params, pRejected); + + *pRejected = params->qualifiersRejected; + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_SetPolicyQualifiersRejected + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_SetPolicyQualifiersRejected( + PKIX_ProcessingParams *params, + PKIX_Boolean rejected, + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_SetPolicyQualifiersRejected"); + + PKIX_NULLCHECK_ONE(params); + + params->qualifiersRejected = rejected; + + PKIX_CHECK(PKIX_PL_Object_InvalidateCache + ((PKIX_PL_Object *)params, plContext), + PKIX_OBJECTINVALIDATECACHEFAILED); + +cleanup: + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_GetCertChainCheckers + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_GetCertChainCheckers( + PKIX_ProcessingParams *params, + PKIX_List **pCheckers, /* list of PKIX_CertChainChecker */ + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_GetCertChainCheckers"); + PKIX_NULLCHECK_TWO(params, pCheckers); + + PKIX_INCREF(params->certChainCheckers); + *pCheckers = params->certChainCheckers; + +cleanup: + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_SetCertChainCheckers + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_SetCertChainCheckers( + PKIX_ProcessingParams *params, + PKIX_List *checkers, /* list of PKIX_CertChainChecker */ + void *plContext) +{ + + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_SetCertChainCheckers"); + PKIX_NULLCHECK_ONE(params); + + PKIX_DECREF(params->certChainCheckers); + + PKIX_INCREF(checkers); + params->certChainCheckers = checkers; + + PKIX_CHECK(PKIX_PL_Object_InvalidateCache + ((PKIX_PL_Object *)params, plContext), + PKIX_OBJECTINVALIDATECACHEFAILED); + +cleanup: + + if (PKIX_ERROR_RECEIVED && params) { + PKIX_DECREF(params->certChainCheckers); + } + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_AddCertChainCheckers + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_AddCertChainChecker( + PKIX_ProcessingParams *params, + PKIX_CertChainChecker *checker, + void *plContext) +{ + PKIX_List *list = NULL; + + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_AddCertChainChecker"); + PKIX_NULLCHECK_TWO(params, checker); + + if (params->certChainCheckers == NULL) { + + PKIX_CHECK(PKIX_List_Create(&list, plContext), + PKIX_LISTCREATEFAILED); + + params->certChainCheckers = list; + } + + PKIX_CHECK(PKIX_List_AppendItem + (params->certChainCheckers, (PKIX_PL_Object *)checker, plContext), + PKIX_LISTAPPENDITEMFAILED); + + PKIX_CHECK(PKIX_PL_Object_InvalidateCache + ((PKIX_PL_Object *)params, plContext), + PKIX_OBJECTINVALIDATECACHEFAILED); + + list = NULL; + +cleanup: + + if (list && params) { + PKIX_DECREF(params->certChainCheckers); + } + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_GetRevocationChecker + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_GetRevocationChecker( + PKIX_ProcessingParams *params, + PKIX_RevocationChecker **pChecker, + void *plContext) +{ + + PKIX_ENTER + (PROCESSINGPARAMS, "PKIX_ProcessingParams_GetRevocationCheckers"); + PKIX_NULLCHECK_TWO(params, pChecker); + + PKIX_INCREF(params->revChecker); + *pChecker = params->revChecker; + +cleanup: + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_SetRevocationChecker + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_SetRevocationChecker( + PKIX_ProcessingParams *params, + PKIX_RevocationChecker *checker, + void *plContext) +{ + + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_InitRevocationChecker"); + PKIX_NULLCHECK_ONE(params); + + PKIX_DECREF(params->revChecker); + PKIX_INCREF(checker); + params->revChecker = checker; + + PKIX_CHECK(PKIX_PL_Object_InvalidateCache + ((PKIX_PL_Object *)params, plContext), + PKIX_OBJECTINVALIDATECACHEFAILED); +cleanup: + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_GetCertStores + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_GetCertStores( + PKIX_ProcessingParams *params, + PKIX_List **pStores, /* list of PKIX_CertStore */ + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetCertStores"); + + PKIX_NULLCHECK_TWO(params, pStores); + + if (!params->certStores){ + PKIX_CHECK(PKIX_List_Create(¶ms->certStores, plContext), + PKIX_UNABLETOCREATELIST); + } + + PKIX_INCREF(params->certStores); + *pStores = params->certStores; + +cleanup: + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_SetCertStores + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_SetCertStores( + PKIX_ProcessingParams *params, + PKIX_List *stores, /* list of PKIX_CertStore */ + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetCertStores"); + + PKIX_NULLCHECK_ONE(params); + + PKIX_DECREF(params->certStores); + + PKIX_INCREF(stores); + params->certStores = stores; + + PKIX_CHECK(PKIX_PL_Object_InvalidateCache + ((PKIX_PL_Object *)params, plContext), + PKIX_OBJECTINVALIDATECACHEFAILED); + +cleanup: + + if (PKIX_ERROR_RECEIVED && params) { + PKIX_DECREF(params->certStores); + } + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_AddCertStore + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_AddCertStore( + PKIX_ProcessingParams *params, + PKIX_CertStore *store, + void *plContext) +{ + PKIX_List *certStores = NULL; + + PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_AddCertStore"); + PKIX_NULLCHECK_TWO(params, store); + + PKIX_CHECK(PKIX_ProcessingParams_GetCertStores + (params, &certStores, plContext), + PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED); + + PKIX_CHECK(PKIX_List_AppendItem + (certStores, (PKIX_PL_Object *)store, plContext), + PKIX_LISTAPPENDITEMFAILED); + + PKIX_CHECK(PKIX_PL_Object_InvalidateCache + ((PKIX_PL_Object *)params, plContext), + PKIX_OBJECTINVALIDATECACHEFAILED); + +cleanup: + + PKIX_DECREF(certStores); + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_SetResourceLimits + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_SetResourceLimits( + PKIX_ProcessingParams *params, + PKIX_ResourceLimits *resourceLimits, + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_SetResourceLimits"); + + PKIX_NULLCHECK_TWO(params, resourceLimits); + + PKIX_DECREF(params->resourceLimits); + PKIX_INCREF(resourceLimits); + params->resourceLimits = resourceLimits; + +cleanup: + if (PKIX_ERROR_RECEIVED && params) { + PKIX_DECREF(params->resourceLimits); + } + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_GetResourceLimits + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_GetResourceLimits( + PKIX_ProcessingParams *params, + PKIX_ResourceLimits **pResourceLimits, + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_GetResourceLimits"); + + PKIX_NULLCHECK_TWO(params, pResourceLimits); + + PKIX_INCREF(params->resourceLimits); + *pResourceLimits = params->resourceLimits; + +cleanup: + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_IsAnyPolicyInhibited + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_IsAnyPolicyInhibited( + PKIX_ProcessingParams *params, + PKIX_Boolean *pInhibited, + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_IsAnyPolicyInhibited"); + + PKIX_NULLCHECK_TWO(params, pInhibited); + + *pInhibited = params->initialAnyPolicyInhibit; + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_SetAnyPolicyInhibited + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_SetAnyPolicyInhibited( + PKIX_ProcessingParams *params, + PKIX_Boolean inhibited, + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_SetAnyPolicyInhibited"); + + PKIX_NULLCHECK_ONE(params); + + params->initialAnyPolicyInhibit = inhibited; + + PKIX_CHECK(PKIX_PL_Object_InvalidateCache + ((PKIX_PL_Object *)params, plContext), + PKIX_OBJECTINVALIDATECACHEFAILED); + +cleanup: + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_IsExplicitPolicyRequired + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_IsExplicitPolicyRequired( + PKIX_ProcessingParams *params, + PKIX_Boolean *pRequired, + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_IsExplicitPolicyRequired"); + + PKIX_NULLCHECK_TWO(params, pRequired); + + *pRequired = params->initialExplicitPolicy; + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_SetExplicitPolicyRequired + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_SetExplicitPolicyRequired( + PKIX_ProcessingParams *params, + PKIX_Boolean required, + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_SetExplicitPolicyRequired"); + + PKIX_NULLCHECK_ONE(params); + + params->initialExplicitPolicy = required; + + PKIX_CHECK(PKIX_PL_Object_InvalidateCache + ((PKIX_PL_Object *)params, plContext), + PKIX_OBJECTINVALIDATECACHEFAILED); + +cleanup: + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_IsPolicyMappingInhibited + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_IsPolicyMappingInhibited( + PKIX_ProcessingParams *params, + PKIX_Boolean *pInhibited, + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_IsPolicyMappingInhibited"); + + PKIX_NULLCHECK_TWO(params, pInhibited); + + *pInhibited = params->initialPolicyMappingInhibit; + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_SetPolicyMappingInhibited + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_SetPolicyMappingInhibited( + PKIX_ProcessingParams *params, + PKIX_Boolean inhibited, + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, + "PKIX_ProcessingParams_SetPolicyMappingInhibited"); + + PKIX_NULLCHECK_ONE(params); + + params->initialPolicyMappingInhibit = inhibited; + + PKIX_CHECK(PKIX_PL_Object_InvalidateCache + ((PKIX_PL_Object *)params, plContext), + PKIX_OBJECTINVALIDATECACHEFAILED); + +cleanup: + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_SetHintCerts + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_SetHintCerts( + PKIX_ProcessingParams *params, + PKIX_List *hintCerts, + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetHintCerts"); + + PKIX_NULLCHECK_ONE(params); + + PKIX_DECREF(params->hintCerts); + PKIX_INCREF(hintCerts); + params->hintCerts = hintCerts; + +cleanup: + if (PKIX_ERROR_RECEIVED && params) { + PKIX_DECREF(params->hintCerts); + } + + PKIX_RETURN(PROCESSINGPARAMS); +} + +/* + * FUNCTION: PKIX_ProcessingParams_GetHintCerts + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ProcessingParams_GetHintCerts( + PKIX_ProcessingParams *params, + PKIX_List **pHintCerts, + void *plContext) +{ + PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetHintCerts"); + + PKIX_NULLCHECK_TWO(params, pHintCerts); + + PKIX_INCREF(params->hintCerts); + *pHintCerts = params->hintCerts; + +cleanup: + PKIX_RETURN(PROCESSINGPARAMS); +} diff --git a/security/nss/lib/libpkix/pkix/params/pkix_procparams.h b/security/nss/lib/libpkix/pkix/params/pkix_procparams.h new file mode 100644 index 0000000000..599f5d4988 --- /dev/null +++ b/security/nss/lib/libpkix/pkix/params/pkix_procparams.h @@ -0,0 +1,50 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * pkix_procparams.h + * + * ProcessingParams Object Type Definition + * + */ + +#ifndef _PKIX_PROCESSINGPARAMS_H +#define _PKIX_PROCESSINGPARAMS_H + +#include "pkix_tools.h" + + +#ifdef __cplusplus +extern "C" { +#endif + +struct PKIX_ProcessingParamsStruct { + PKIX_List *trustAnchors; /* Never NULL */ + PKIX_List *hintCerts; /* user-supplied partial chain, may be NULL */ + PKIX_CertSelector *constraints; + PKIX_PL_Date *date; + PKIX_List *initialPolicies; /* list of PKIX_PL_OID */ + PKIX_Boolean initialPolicyMappingInhibit; + PKIX_Boolean initialAnyPolicyInhibit; + PKIX_Boolean initialExplicitPolicy; + PKIX_Boolean qualifiersRejected; + PKIX_List *certChainCheckers; + PKIX_List *certStores; + PKIX_Boolean isCrlRevocationCheckingEnabled; + PKIX_Boolean isCrlRevocationCheckingEnabledWithNISTPolicy; + PKIX_RevocationChecker *revChecker; + PKIX_ResourceLimits *resourceLimits; + PKIX_Boolean useAIAForCertFetching; + PKIX_Boolean qualifyTargetCert; + PKIX_Boolean useOnlyTrustAnchors; +}; + +/* see source file for function documentation */ + +PKIX_Error *pkix_ProcessingParams_RegisterSelf(void *plContext); + +#ifdef __cplusplus +} +#endif + +#endif /* _PKIX_PROCESSINGPARAMS_H */ diff --git a/security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.c b/security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.c new file mode 100644 index 0000000000..de93e9d771 --- /dev/null +++ b/security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.c @@ -0,0 +1,433 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * pkix_resourcelimits.c + * + * Resourcelimits Params Object Functions + * + */ + +#include "pkix_resourcelimits.h" + +/* --Private-Functions-------------------------------------------- */ + +/* + * FUNCTION: pkix_ResourceLimits_Destroy + * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_ResourceLimits_Destroy( + PKIX_PL_Object *object, + void *plContext) +{ + PKIX_ResourceLimits *rLimits = NULL; + + PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_Destroy"); + PKIX_NULLCHECK_ONE(object); + + /* Check that this object is a ResourceLimits object */ + PKIX_CHECK(pkix_CheckType(object, PKIX_RESOURCELIMITS_TYPE, plContext), + PKIX_OBJECTNOTRESOURCELIMITS); + + rLimits = (PKIX_ResourceLimits *)object; + + rLimits->maxTime = 0; + rLimits->maxFanout = 0; + rLimits->maxDepth = 0; + rLimits->maxCertsNumber = 0; + rLimits->maxCrlsNumber = 0; + +cleanup: + + PKIX_RETURN(RESOURCELIMITS); +} + +/* + * FUNCTION: pkix_ResourceLimits_Equals + * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_ResourceLimits_Equals( + PKIX_PL_Object *first, + PKIX_PL_Object *second, + PKIX_Boolean *pResult, + void *plContext) +{ + PKIX_UInt32 secondType; + PKIX_Boolean cmpResult; + PKIX_ResourceLimits *firstRLimits = NULL; + PKIX_ResourceLimits *secondRLimits = NULL; + + PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_Equals"); + PKIX_NULLCHECK_THREE(first, second, pResult); + + PKIX_CHECK(pkix_CheckType(first, PKIX_RESOURCELIMITS_TYPE, plContext), + PKIX_FIRSTOBJECTNOTRESOURCELIMITS); + + PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext), + PKIX_COULDNOTGETTYPEOFSECONDARGUMENT); + + *pResult = PKIX_FALSE; + + if (secondType != PKIX_RESOURCELIMITS_TYPE) goto cleanup; + + firstRLimits = (PKIX_ResourceLimits *)first; + secondRLimits = (PKIX_ResourceLimits *)second; + + cmpResult = (firstRLimits->maxTime == secondRLimits->maxTime) && + (firstRLimits->maxFanout == secondRLimits->maxFanout) && + (firstRLimits->maxDepth == secondRLimits->maxDepth) && + (firstRLimits->maxCertsNumber == + secondRLimits->maxCertsNumber) && + (firstRLimits->maxCrlsNumber == + secondRLimits->maxCrlsNumber); + + *pResult = cmpResult; + +cleanup: + + PKIX_RETURN(RESOURCELIMITS); +} + +/* + * FUNCTION: pkix_ResourceLimits_Hashcode + * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_ResourceLimits_Hashcode( + PKIX_PL_Object *object, + PKIX_UInt32 *pHashcode, + void *plContext) +{ + PKIX_ResourceLimits *rLimits = NULL; + PKIX_UInt32 hash = 0; + + PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_Hashcode"); + PKIX_NULLCHECK_TWO(object, pHashcode); + + PKIX_CHECK(pkix_CheckType(object, PKIX_RESOURCELIMITS_TYPE, plContext), + PKIX_OBJECTNOTRESOURCELIMITS); + + rLimits = (PKIX_ResourceLimits*)object; + + hash = 31 * rLimits->maxTime + (rLimits->maxFanout << 1) + + (rLimits->maxDepth << 2) + (rLimits->maxCertsNumber << 3) + + rLimits->maxCrlsNumber; + + *pHashcode = hash; + +cleanup: + + PKIX_RETURN(RESOURCELIMITS); +} + +/* + * FUNCTION: pkix_ResourceLimits_ToString + * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_ResourceLimits_ToString( + PKIX_PL_Object *object, + PKIX_PL_String **pString, + void *plContext) +{ + PKIX_ResourceLimits *rLimits = NULL; + char *asciiFormat = NULL; + PKIX_PL_String *formatString = NULL; + PKIX_PL_String *rLimitsString = NULL; + + PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_ToString"); + PKIX_NULLCHECK_TWO(object, pString); + + PKIX_CHECK(pkix_CheckType(object, PKIX_RESOURCELIMITS_TYPE, plContext), + PKIX_OBJECTNOTRESOURCELIMITS); + + /* maxCertsNumber and maxCrlsNumber are not supported */ + asciiFormat = + "[\n" + "\tMaxTime: \t\t%d\n" + "\tMaxFanout: \t\t%d\n" + "\tMaxDepth: \t\t%d\n" + "]\n"; + + PKIX_CHECK(PKIX_PL_String_Create + (PKIX_ESCASCII, + asciiFormat, + 0, + &formatString, + plContext), + PKIX_STRINGCREATEFAILED); + + rLimits = (PKIX_ResourceLimits*)object; + + PKIX_CHECK(PKIX_PL_Sprintf + (&rLimitsString, + plContext, + formatString, + rLimits->maxTime, + rLimits->maxFanout, + rLimits->maxDepth), + PKIX_SPRINTFFAILED); + + *pString = rLimitsString; + +cleanup: + + PKIX_DECREF(formatString); + + PKIX_RETURN(RESOURCELIMITS); +} + +/* + * FUNCTION: pkix_ResourceLimits_RegisterSelf + * DESCRIPTION: + * Registers PKIX_RESOURCELIMITS_TYPE and its related functions with + * systemClasses[] + * THREAD SAFETY: + * Not Thread Safe - for performance and complexity reasons + * + * Since this function is only called by PKIX_PL_Initialize, which should + * only be called once, it is acceptable that this function is not + * thread-safe. + */ +PKIX_Error * +pkix_ResourceLimits_RegisterSelf(void *plContext) +{ + + extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES]; + pkix_ClassTable_Entry entry; + + PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_RegisterSelf"); + + entry.description = "ResourceLimits"; + entry.objCounter = 0; + entry.typeObjectSize = sizeof(PKIX_ResourceLimits); + entry.destructor = pkix_ResourceLimits_Destroy; + entry.equalsFunction = pkix_ResourceLimits_Equals; + entry.hashcodeFunction = pkix_ResourceLimits_Hashcode; + entry.toStringFunction = pkix_ResourceLimits_ToString; + entry.comparator = NULL; + entry.duplicateFunction = NULL; + + systemClasses[PKIX_RESOURCELIMITS_TYPE] = entry; + + PKIX_RETURN(RESOURCELIMITS); +} + +/* --Public-Functions--------------------------------------------- */ + +/* + * FUNCTION: PKIX_ResourceLimits_Create (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ResourceLimits_Create( + PKIX_ResourceLimits **pResourceLimits, + void *plContext) +{ + PKIX_ResourceLimits *rLimits = NULL; + + PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_Create"); + PKIX_NULLCHECK_ONE(pResourceLimits); + + PKIX_CHECK(PKIX_PL_Object_Alloc + (PKIX_RESOURCELIMITS_TYPE, + sizeof (PKIX_ResourceLimits), + (PKIX_PL_Object **)&rLimits, + plContext), + PKIX_COULDNOTCREATERESOURCELIMITOBJECT); + + /* initialize fields */ + rLimits->maxTime = 0; + rLimits->maxFanout = 0; + rLimits->maxDepth = 0; + rLimits->maxCertsNumber = 0; + rLimits->maxCrlsNumber = 0; + + *pResourceLimits = rLimits; + +cleanup: + + PKIX_RETURN(RESOURCELIMITS); + +} + +/* + * FUNCTION: PKIX_ResourceLimits_GetMaxTime + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ResourceLimits_GetMaxTime( + PKIX_ResourceLimits *rLimits, + PKIX_UInt32 *pMaxTime, + void *plContext) +{ + PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxTime"); + PKIX_NULLCHECK_TWO(rLimits, pMaxTime); + + *pMaxTime = rLimits->maxTime; + + PKIX_RETURN(RESOURCELIMITS); +} + +/* + * FUNCTION: PKIX_ResourceLimits_SetMaxTime + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ResourceLimits_SetMaxTime( + PKIX_ResourceLimits *rLimits, + PKIX_UInt32 maxTime, + void *plContext) +{ + PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxTime"); + PKIX_NULLCHECK_ONE(rLimits); + + rLimits->maxTime = maxTime; + + PKIX_RETURN(RESOURCELIMITS); +} + +/* + * FUNCTION: PKIX_ResourceLimits_GetMaxFanout + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ResourceLimits_GetMaxFanout( + PKIX_ResourceLimits *rLimits, + PKIX_UInt32 *pMaxFanout, + void *plContext) +{ + PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxFanout"); + PKIX_NULLCHECK_TWO(rLimits, pMaxFanout); + + *pMaxFanout = rLimits->maxFanout; + + PKIX_RETURN(RESOURCELIMITS); +} + +/* + * FUNCTION: PKIX_ResourceLimits_SetMaxFanout + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ResourceLimits_SetMaxFanout( + PKIX_ResourceLimits *rLimits, + PKIX_UInt32 maxFanout, + void *plContext) +{ + PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxFanout"); + PKIX_NULLCHECK_ONE(rLimits); + + rLimits->maxFanout = maxFanout; + + PKIX_RETURN(RESOURCELIMITS); +} + +/* + * FUNCTION: PKIX_ResourceLimits_GetMaxDepth + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ResourceLimits_GetMaxDepth( + PKIX_ResourceLimits *rLimits, + PKIX_UInt32 *pMaxDepth, + void *plContext) +{ + PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxDepth"); + PKIX_NULLCHECK_TWO(rLimits, pMaxDepth); + + *pMaxDepth = rLimits->maxDepth; + + PKIX_RETURN(RESOURCELIMITS); +} + +/* + * FUNCTION: PKIX_ResourceLimits_SetMaxDepth + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ResourceLimits_SetMaxDepth( + PKIX_ResourceLimits *rLimits, + PKIX_UInt32 maxDepth, + void *plContext) +{ + PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxDepth"); + PKIX_NULLCHECK_ONE(rLimits); + + rLimits->maxDepth = maxDepth; + + PKIX_RETURN(RESOURCELIMITS); +} + +/* + * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCerts + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ResourceLimits_GetMaxNumberOfCerts( + PKIX_ResourceLimits *rLimits, + PKIX_UInt32 *pMaxNumber, + void *plContext) +{ + PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxNumberOfCerts"); + PKIX_NULLCHECK_TWO(rLimits, pMaxNumber); + + *pMaxNumber = rLimits->maxCertsNumber; + + PKIX_RETURN(RESOURCELIMITS); +} + +/* + * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCerts + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ResourceLimits_SetMaxNumberOfCerts( + PKIX_ResourceLimits *rLimits, + PKIX_UInt32 maxNumber, + void *plContext) +{ + PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxNumberOfCerts"); + PKIX_NULLCHECK_ONE(rLimits); + + rLimits->maxCertsNumber = maxNumber; + + PKIX_RETURN(RESOURCELIMITS); +} + +/* + * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCRLs + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ResourceLimits_GetMaxNumberOfCRLs( + PKIX_ResourceLimits *rLimits, + PKIX_UInt32 *pMaxNumber, + void *plContext) +{ + PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxNumberOfCRLs"); + PKIX_NULLCHECK_TWO(rLimits, pMaxNumber); + + *pMaxNumber = rLimits->maxCrlsNumber; + + PKIX_RETURN(RESOURCELIMITS); +} + +/* + * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCRLs + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ResourceLimits_SetMaxNumberOfCRLs( + PKIX_ResourceLimits *rLimits, + PKIX_UInt32 maxNumber, + void *plContext) +{ + PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxNumberOfCRLs"); + PKIX_NULLCHECK_ONE(rLimits); + + rLimits->maxCrlsNumber = maxNumber; + + PKIX_RETURN(RESOURCELIMITS); +} diff --git a/security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.h b/security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.h new file mode 100644 index 0000000000..c4f582ce6f --- /dev/null +++ b/security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.h @@ -0,0 +1,36 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * pkix_resourcelimits.h + * + * ResourceLimits Object Type Definition + * + */ + +#ifndef _PKIX_RESOURCELIMITS_H +#define _PKIX_RESOURCELIMITS_H + +#include "pkix_tools.h" + +#ifdef __cplusplus +extern "C" { +#endif + +struct PKIX_ResourceLimitsStruct { + PKIX_UInt32 maxTime; + PKIX_UInt32 maxFanout; + PKIX_UInt32 maxDepth; + PKIX_UInt32 maxCertsNumber; + PKIX_UInt32 maxCrlsNumber; +}; + +/* see source file for function documentation */ + +PKIX_Error *pkix_ResourceLimits_RegisterSelf(void *plContext); + +#ifdef __cplusplus +} +#endif + +#endif /* _PKIX_RESOURCELIMITS_H */ diff --git a/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c b/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c new file mode 100644 index 0000000000..ced16d2902 --- /dev/null +++ b/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c @@ -0,0 +1,525 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * pkix_trustanchor.c + * + * TrustAnchor Object Functions + * + */ + +#include "pkix_trustanchor.h" + +/* --Private-Functions-------------------------------------------- */ + +/* + * FUNCTION: pkix_TrustAnchor_Destroy + * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_TrustAnchor_Destroy( + PKIX_PL_Object *object, + void *plContext) +{ + PKIX_TrustAnchor *anchor = NULL; + + PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Destroy"); + PKIX_NULLCHECK_ONE(object); + + /* Check that this object is a trust anchor */ + PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext), + PKIX_OBJECTNOTTRUSTANCHOR); + + anchor = (PKIX_TrustAnchor *)object; + + PKIX_DECREF(anchor->trustedCert); + PKIX_DECREF(anchor->caName); + PKIX_DECREF(anchor->caPubKey); + PKIX_DECREF(anchor->nameConstraints); + +cleanup: + + PKIX_RETURN(TRUSTANCHOR); +} + +/* + * FUNCTION: pkix_TrustAnchor_Equals + * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_TrustAnchor_Equals( + PKIX_PL_Object *first, + PKIX_PL_Object *second, + PKIX_Boolean *pResult, + void *plContext) +{ + PKIX_UInt32 secondType; + PKIX_Boolean cmpResult; + PKIX_TrustAnchor *firstAnchor = NULL; + PKIX_TrustAnchor *secondAnchor = NULL; + PKIX_PL_Cert *firstCert = NULL; + PKIX_PL_Cert *secondCert = NULL; + + PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Equals"); + PKIX_NULLCHECK_THREE(first, second, pResult); + + PKIX_CHECK(pkix_CheckType(first, PKIX_TRUSTANCHOR_TYPE, plContext), + PKIX_FIRSTOBJECTNOTTRUSTANCHOR); + + PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext), + PKIX_COULDNOTGETTYPEOFSECONDARGUMENT); + + *pResult = PKIX_FALSE; + + if (secondType != PKIX_TRUSTANCHOR_TYPE) goto cleanup; + + firstAnchor = (PKIX_TrustAnchor *)first; + secondAnchor = (PKIX_TrustAnchor *)second; + + firstCert = firstAnchor->trustedCert; + secondCert = secondAnchor->trustedCert; + + if ((firstCert && !secondCert) || (!firstCert && secondCert)){ + goto cleanup; + } + + if (firstCert && secondCert){ + PKIX_CHECK(PKIX_PL_Object_Equals + ((PKIX_PL_Object *)firstCert, + (PKIX_PL_Object *)secondCert, + &cmpResult, + plContext), + PKIX_OBJECTEQUALSFAILED); + } else { + PKIX_CHECK(PKIX_PL_Object_Equals + ((PKIX_PL_Object *)firstAnchor->caName, + (PKIX_PL_Object *)secondAnchor->caName, + &cmpResult, + plContext), + PKIX_OBJECTEQUALSFAILED); + + if (!cmpResult) goto cleanup; + + PKIX_CHECK(PKIX_PL_Object_Equals + ((PKIX_PL_Object *)firstAnchor->caPubKey, + (PKIX_PL_Object *)secondAnchor->caPubKey, + &cmpResult, + plContext), + PKIX_OBJECTEQUALSFAILED); + + if (!cmpResult) goto cleanup; + + PKIX_EQUALS + (firstAnchor->nameConstraints, + secondAnchor->nameConstraints, + &cmpResult, + plContext, + PKIX_OBJECTEQUALSFAILED); + + if (!cmpResult) goto cleanup; + + } + + *pResult = cmpResult; + +cleanup: + + PKIX_RETURN(TRUSTANCHOR); +} + +/* + * FUNCTION: pkix_TrustAnchor_Hashcode + * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_TrustAnchor_Hashcode( + PKIX_PL_Object *object, + PKIX_UInt32 *pHashcode, + void *plContext) +{ + PKIX_TrustAnchor *anchor = NULL; + PKIX_PL_Cert *cert = NULL; + PKIX_UInt32 hash = 0; + PKIX_UInt32 certHash = 0; + PKIX_UInt32 nameHash = 0; + PKIX_UInt32 pubKeyHash = 0; + PKIX_UInt32 ncHash = 0; + + PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Hashcode"); + PKIX_NULLCHECK_TWO(object, pHashcode); + + PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext), + PKIX_OBJECTNOTTRUSTANCHOR); + + anchor = (PKIX_TrustAnchor*)object; + cert = anchor->trustedCert; + + if (cert){ + PKIX_CHECK(PKIX_PL_Object_Hashcode + ((PKIX_PL_Object *)cert, + &certHash, + plContext), + PKIX_OBJECTHASHCODEFAILED); + + hash = certHash; + + } else { + PKIX_CHECK(PKIX_PL_Object_Hashcode + ((PKIX_PL_Object *)anchor->caName, + &nameHash, + plContext), + PKIX_OBJECTHASHCODEFAILED); + + PKIX_CHECK(PKIX_PL_Object_Hashcode + ((PKIX_PL_Object *)anchor->caPubKey, + &pubKeyHash, + plContext), + PKIX_OBJECTHASHCODEFAILED); + + PKIX_HASHCODE(anchor->nameConstraints, &ncHash, plContext, + PKIX_OBJECTHASHCODEFAILED); + + hash = 31 * nameHash + pubKeyHash + ncHash; + + } + + *pHashcode = hash; + +cleanup: + + PKIX_RETURN(TRUSTANCHOR); +} + +/* + * FUNCTION: pkix_TrustAnchor_ToString + * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_TrustAnchor_ToString( + PKIX_PL_Object *object, + PKIX_PL_String **pString, + void *plContext) +{ + PKIX_TrustAnchor *anchor = NULL; + char *asciiFormat = NULL; + PKIX_PL_String *formatString = NULL; + PKIX_PL_String *anchorString = NULL; + PKIX_PL_String *certString = NULL; + PKIX_PL_String *nameString = NULL; + PKIX_PL_String *pubKeyString = NULL; + PKIX_PL_String *nameConstraintsString = NULL; + + PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_ToString"); + PKIX_NULLCHECK_TWO(object, pString); + + PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext), + PKIX_OBJECTNOTTRUSTANCHOR); + + anchor = (PKIX_TrustAnchor*)object; + + if (anchor->trustedCert){ + asciiFormat = + "[\n" + "\tTrusted Cert: %s\n" + "]\n"; + + PKIX_CHECK(PKIX_PL_String_Create + (PKIX_ESCASCII, + asciiFormat, + 0, + &formatString, + plContext), + PKIX_STRINGCREATEFAILED); + + PKIX_CHECK(PKIX_PL_Object_ToString + ((PKIX_PL_Object *)anchor->trustedCert, + &certString, + plContext), + PKIX_OBJECTTOSTRINGFAILED); + + PKIX_CHECK(PKIX_PL_Sprintf + (&anchorString, + plContext, + formatString, + certString), + PKIX_SPRINTFFAILED); + } else { + asciiFormat = + "[\n" + "\tTrusted CA Name: %s\n" + "\tTrusted CA PublicKey: %s\n" + "\tInitial Name Constraints:%s\n" + "]\n"; + + PKIX_CHECK(PKIX_PL_String_Create + (PKIX_ESCASCII, + asciiFormat, + 0, + &formatString, + plContext), + PKIX_STRINGCREATEFAILED); + + PKIX_CHECK(PKIX_PL_Object_ToString + ((PKIX_PL_Object *)anchor->caName, + &nameString, + plContext), + PKIX_OBJECTTOSTRINGFAILED); + + PKIX_CHECK(PKIX_PL_Object_ToString + ((PKIX_PL_Object *)anchor->caPubKey, + &pubKeyString, + plContext), + PKIX_OBJECTTOSTRINGFAILED); + + PKIX_TOSTRING + (anchor->nameConstraints, + &nameConstraintsString, + plContext, + PKIX_OBJECTTOSTRINGFAILED); + + PKIX_CHECK(PKIX_PL_Sprintf + (&anchorString, + plContext, + formatString, + nameString, + pubKeyString, + nameConstraintsString), + PKIX_SPRINTFFAILED); + } + + *pString = anchorString; + +cleanup: + + PKIX_DECREF(formatString); + PKIX_DECREF(certString); + PKIX_DECREF(nameString); + PKIX_DECREF(pubKeyString); + PKIX_DECREF(nameConstraintsString); + + PKIX_RETURN(TRUSTANCHOR); +} + +/* + * FUNCTION: pkix_TrustAnchor_RegisterSelf + * DESCRIPTION: + * Registers PKIX_TRUSTANCHOR_TYPE and its related functions with + * systemClasses[] + * THREAD SAFETY: + * Not Thread Safe - for performance and complexity reasons + * + * Since this function is only called by PKIX_PL_Initialize, which should + * only be called once, it is acceptable that this function is not + * thread-safe. + */ +PKIX_Error * +pkix_TrustAnchor_RegisterSelf(void *plContext) +{ + extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES]; + pkix_ClassTable_Entry entry; + + PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_RegisterSelf"); + + entry.description = "TrustAnchor"; + entry.objCounter = 0; + entry.typeObjectSize = sizeof(PKIX_TrustAnchor); + entry.destructor = pkix_TrustAnchor_Destroy; + entry.equalsFunction = pkix_TrustAnchor_Equals; + entry.hashcodeFunction = pkix_TrustAnchor_Hashcode; + entry.toStringFunction = pkix_TrustAnchor_ToString; + entry.comparator = NULL; + entry.duplicateFunction = pkix_duplicateImmutable; + + systemClasses[PKIX_TRUSTANCHOR_TYPE] = entry; + + PKIX_RETURN(TRUSTANCHOR); +} + +/* --Public-Functions--------------------------------------------- */ + + +/* + * FUNCTION: PKIX_TrustAnchor_CreateWithCert (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_TrustAnchor_CreateWithCert( + PKIX_PL_Cert *cert, + PKIX_TrustAnchor **pAnchor, + void *plContext) +{ + PKIX_TrustAnchor *anchor = NULL; + + PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithCert"); + PKIX_NULLCHECK_TWO(cert, pAnchor); + + PKIX_CHECK(PKIX_PL_Object_Alloc + (PKIX_TRUSTANCHOR_TYPE, + sizeof (PKIX_TrustAnchor), + (PKIX_PL_Object **)&anchor, + plContext), + PKIX_COULDNOTCREATETRUSTANCHOROBJECT); + + /* initialize fields */ + PKIX_CHECK( + PKIX_PL_Cert_SetAsTrustAnchor(cert, plContext), + PKIX_CERTSETASTRUSTANCHORFAILED); + + PKIX_INCREF(cert); + anchor->trustedCert = cert; + + anchor->caName = NULL; + anchor->caPubKey = NULL; + + PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints + (anchor->trustedCert, &anchor->nameConstraints, plContext), + PKIX_CERTGETNAMECONSTRAINTSFAILED); + + + *pAnchor = anchor; + anchor = NULL; + +cleanup: + + PKIX_DECREF(anchor); + + PKIX_RETURN(TRUSTANCHOR); + +} + +/* + * FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_TrustAnchor_CreateWithNameKeyPair( + PKIX_PL_X500Name *name, + PKIX_PL_PublicKey *pubKey, + PKIX_PL_CertNameConstraints *nameConstraints, + PKIX_TrustAnchor **pAnchor, + void *plContext) +{ + PKIX_TrustAnchor *anchor = NULL; + + PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithNameKeyPair"); + +#ifndef BUILD_LIBPKIX_TESTS + /* Nss creates trust anchors by using PKIX_TrustAnchor_CreateWithCert + * function as the complete trusted cert structure, and not only cert + * public key, is required for chain building and validation processes. + * Restricting this function for been used only in libpkix unit + * tests. */ + PKIX_ERROR(PKIX_FUNCTIONMUSTNOTBEUSED); +#endif + + PKIX_NULLCHECK_THREE(name, pubKey, pAnchor); + + PKIX_CHECK(PKIX_PL_Object_Alloc + (PKIX_TRUSTANCHOR_TYPE, + sizeof (PKIX_TrustAnchor), + (PKIX_PL_Object **)&anchor, + plContext), + PKIX_COULDNOTCREATETRUSTANCHOROBJECT); + + /* initialize fields */ + anchor->trustedCert = NULL; + + PKIX_INCREF(name); + anchor->caName = name; + + PKIX_INCREF(pubKey); + anchor->caPubKey = pubKey; + + PKIX_INCREF(nameConstraints); + anchor->nameConstraints = nameConstraints; + + *pAnchor = anchor; + anchor = NULL; +cleanup: + + PKIX_DECREF(anchor); + + PKIX_RETURN(TRUSTANCHOR); +} + +/* + * FUNCTION: PKIX_TrustAnchor_GetTrustedCert (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_TrustAnchor_GetTrustedCert( + PKIX_TrustAnchor *anchor, + PKIX_PL_Cert **pCert, + void *plContext) +{ + PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetTrustedCert"); + PKIX_NULLCHECK_TWO(anchor, pCert); + + PKIX_INCREF(anchor->trustedCert); + + *pCert = anchor->trustedCert; + +cleanup: + PKIX_RETURN(TRUSTANCHOR); + +} + +/* + * FUNCTION: PKIX_TrustAnchor_GetCAName (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_TrustAnchor_GetCAName( + PKIX_TrustAnchor *anchor, + PKIX_PL_X500Name **pCAName, + void *plContext) +{ + PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetCAName"); + PKIX_NULLCHECK_TWO(anchor, pCAName); + + PKIX_INCREF(anchor->caName); + + *pCAName = anchor->caName; + +cleanup: + PKIX_RETURN(TRUSTANCHOR); + +} + +/* + * FUNCTION: PKIX_TrustAnchor_GetCAPublicKey (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_TrustAnchor_GetCAPublicKey( + PKIX_TrustAnchor *anchor, + PKIX_PL_PublicKey **pPubKey, + void *plContext) +{ + PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetCAPublicKey"); + PKIX_NULLCHECK_TWO(anchor, pPubKey); + + PKIX_INCREF(anchor->caPubKey); + + *pPubKey = anchor->caPubKey; + +cleanup: + PKIX_RETURN(TRUSTANCHOR); +} + +/* + * FUNCTION: PKIX_TrustAnchor_GetNameConstraints + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_TrustAnchor_GetNameConstraints( + PKIX_TrustAnchor *anchor, + PKIX_PL_CertNameConstraints **pNameConstraints, + void *plContext) +{ + PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetNameConstraints"); + PKIX_NULLCHECK_TWO(anchor, pNameConstraints); + + PKIX_INCREF(anchor->nameConstraints); + + *pNameConstraints = anchor->nameConstraints; + +cleanup: + PKIX_RETURN(TRUSTANCHOR); +} diff --git a/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.h b/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.h new file mode 100644 index 0000000000..e3ceb7fd33 --- /dev/null +++ b/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.h @@ -0,0 +1,35 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * pkix_trustanchor.h + * + * TrustAnchor Object Type Definition + * + */ + +#ifndef _PKIX_TRUSTANCHOR_H +#define _PKIX_TRUSTANCHOR_H + +#include "pkix_tools.h" + +#ifdef __cplusplus +extern "C" { +#endif + +struct PKIX_TrustAnchorStruct { + PKIX_PL_Cert *trustedCert; + PKIX_PL_X500Name *caName; + PKIX_PL_PublicKey *caPubKey; + PKIX_PL_CertNameConstraints *nameConstraints; +}; + +/* see source file for function documentation */ + +PKIX_Error *pkix_TrustAnchor_RegisterSelf(void *plContext); + +#ifdef __cplusplus +} +#endif + +#endif /* _PKIX_TRUSTANCHOR_H */ diff --git a/security/nss/lib/libpkix/pkix/params/pkix_valparams.c b/security/nss/lib/libpkix/pkix/params/pkix_valparams.c new file mode 100644 index 0000000000..83c3d2b08f --- /dev/null +++ b/security/nss/lib/libpkix/pkix/params/pkix_valparams.c @@ -0,0 +1,335 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * pkix_valparams.c + * + * Validate Params Object Functions + * + */ + +#include "pkix_valparams.h" + +/* --Private-Functions-------------------------------------------- */ + +/* + * FUNCTION: pkix_ValidateParams_Destroy + * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_ValidateParams_Destroy( + PKIX_PL_Object *object, + void *plContext) +{ + PKIX_ValidateParams *params = NULL; + + PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_Destroy"); + PKIX_NULLCHECK_ONE(object); + + /* Check that this object is a validate params object */ + PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATEPARAMS_TYPE, plContext), + PKIX_OBJECTNOTVALIDATEPARAMS); + + params = (PKIX_ValidateParams *)object; + + PKIX_DECREF(params->procParams); + PKIX_DECREF(params->chain); + +cleanup: + + PKIX_RETURN(VALIDATEPARAMS); +} + +/* + * FUNCTION: pkix_ValidateParams_Equals + * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_ValidateParams_Equals( + PKIX_PL_Object *first, + PKIX_PL_Object *second, + PKIX_Boolean *pResult, + void *plContext) +{ + PKIX_UInt32 secondType; + PKIX_Boolean cmpResult; + PKIX_ValidateParams *firstValParams = NULL; + PKIX_ValidateParams *secondValParams = NULL; + + PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_Equals"); + PKIX_NULLCHECK_THREE(first, second, pResult); + + PKIX_CHECK(pkix_CheckType(first, PKIX_VALIDATEPARAMS_TYPE, plContext), + PKIX_FIRSTOBJECTNOTVALIDATEPARAMS); + + PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext), + PKIX_COULDNOTGETTYPEOFSECONDARGUMENT); + + *pResult = PKIX_FALSE; + + if (secondType != PKIX_VALIDATEPARAMS_TYPE) goto cleanup; + + firstValParams = (PKIX_ValidateParams *)first; + secondValParams = (PKIX_ValidateParams *)second; + + PKIX_CHECK(PKIX_PL_Object_Equals + ((PKIX_PL_Object *)firstValParams->procParams, + (PKIX_PL_Object *)secondValParams->procParams, + &cmpResult, + plContext), + PKIX_OBJECTEQUALSFAILED); + + if (!cmpResult) goto cleanup; + + PKIX_CHECK(PKIX_PL_Object_Equals + ((PKIX_PL_Object *)firstValParams->chain, + (PKIX_PL_Object *)secondValParams->chain, + &cmpResult, + plContext), + PKIX_OBJECTEQUALSFAILED); + + if (!cmpResult) goto cleanup; + + *pResult = cmpResult; + +cleanup: + + PKIX_RETURN(VALIDATEPARAMS); +} + +/* + * FUNCTION: pkix_ValidateParams_Hashcode + * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_ValidateParams_Hashcode( + PKIX_PL_Object *object, + PKIX_UInt32 *pHashcode, + void *plContext) +{ + PKIX_ValidateParams *valParams = NULL; + PKIX_UInt32 hash = 0; + PKIX_UInt32 procParamsHash = 0; + PKIX_UInt32 chainHash = 0; + + PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_Hashcode"); + PKIX_NULLCHECK_TWO(object, pHashcode); + + PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATEPARAMS_TYPE, plContext), + PKIX_OBJECTNOTVALIDATEPARAMS); + + valParams = (PKIX_ValidateParams*)object; + + PKIX_CHECK(PKIX_PL_Object_Hashcode + ((PKIX_PL_Object *)valParams->procParams, + &procParamsHash, + plContext), + PKIX_OBJECTHASHCODEFAILED); + + PKIX_CHECK(PKIX_PL_Object_Hashcode + ((PKIX_PL_Object *)valParams->chain, + &chainHash, + plContext), + PKIX_OBJECTHASHCODEFAILED); + + hash = 31 * procParamsHash + chainHash; + + *pHashcode = hash; + +cleanup: + + PKIX_RETURN(VALIDATEPARAMS); +} + +/* + * FUNCTION: pkix_ValidateParams_ToString + * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h) + */ +static PKIX_Error * +pkix_ValidateParams_ToString( + PKIX_PL_Object *object, + PKIX_PL_String **pString, + void *plContext) +{ + PKIX_ValidateParams *valParams = NULL; + char *asciiFormat = NULL; + PKIX_PL_String *formatString = NULL; + PKIX_PL_String *valParamsString = NULL; + + PKIX_PL_String *procParamsString = NULL; + PKIX_PL_String *chainString = NULL; + + PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_ToString"); + PKIX_NULLCHECK_TWO(object, pString); + + PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATEPARAMS_TYPE, plContext), + PKIX_OBJECTNOTVALIDATEPARAMS); + + asciiFormat = + "[\n" + "\tProcessing Params: \n" + "\t********BEGIN PROCESSING PARAMS********\n" + "\t\t%s\n" + "\t********END PROCESSING PARAMS********\n" + "\tChain: \t\t%s\n" + "]\n"; + + PKIX_CHECK(PKIX_PL_String_Create + (PKIX_ESCASCII, + asciiFormat, + 0, + &formatString, + plContext), + PKIX_STRINGCREATEFAILED); + + valParams = (PKIX_ValidateParams*)object; + + PKIX_CHECK(PKIX_PL_Object_ToString + ((PKIX_PL_Object*)valParams->procParams, + &procParamsString, + plContext), + PKIX_OBJECTTOSTRINGFAILED); + + PKIX_CHECK(PKIX_PL_Object_ToString + ((PKIX_PL_Object *)valParams->chain, + &chainString, + plContext), + PKIX_OBJECTTOSTRINGFAILED); + + PKIX_CHECK(PKIX_PL_Sprintf + (&valParamsString, + plContext, + formatString, + procParamsString, + chainString), + PKIX_SPRINTFFAILED); + + *pString = valParamsString; + +cleanup: + + PKIX_DECREF(formatString); + PKIX_DECREF(procParamsString); + PKIX_DECREF(chainString); + + PKIX_RETURN(VALIDATEPARAMS); +} + +/* + * FUNCTION: pkix_ValidateParams_RegisterSelf + * DESCRIPTION: + * Registers PKIX_VALIDATEPARAMS_TYPE and its related functions with + * systemClasses[] + * THREAD SAFETY: + * Not Thread Safe - for performance and complexity reasons + * + * Since this function is only called by PKIX_PL_Initialize, which should + * only be called once, it is acceptable that this function is not + * thread-safe. + */ +PKIX_Error * +pkix_ValidateParams_RegisterSelf(void *plContext) +{ + + extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES]; + pkix_ClassTable_Entry entry; + + PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_RegisterSelf"); + + entry.description = "ValidateParams"; + entry.objCounter = 0; + entry.typeObjectSize = sizeof(PKIX_ValidateParams); + entry.destructor = pkix_ValidateParams_Destroy; + entry.equalsFunction = pkix_ValidateParams_Equals; + entry.hashcodeFunction = pkix_ValidateParams_Hashcode; + entry.toStringFunction = pkix_ValidateParams_ToString; + entry.comparator = NULL; + entry.duplicateFunction = NULL; + + systemClasses[PKIX_VALIDATEPARAMS_TYPE] = entry; + + PKIX_RETURN(VALIDATEPARAMS); +} + +/* --Public-Functions--------------------------------------------- */ + +/* + * FUNCTION: PKIX_ValidateParams_Create (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ValidateParams_Create( + PKIX_ProcessingParams *procParams, + PKIX_List *chain, + PKIX_ValidateParams **pParams, + void *plContext) +{ + PKIX_ValidateParams *params = NULL; + + PKIX_ENTER(VALIDATEPARAMS, "PKIX_ValidateParams_Create"); + PKIX_NULLCHECK_THREE(procParams, chain, pParams); + + PKIX_CHECK(PKIX_PL_Object_Alloc + (PKIX_VALIDATEPARAMS_TYPE, + sizeof (PKIX_ValidateParams), + (PKIX_PL_Object **)¶ms, + plContext), + PKIX_COULDNOTCREATEVALIDATEPARAMSOBJECT); + + /* initialize fields */ + PKIX_INCREF(procParams); + params->procParams = procParams; + + PKIX_INCREF(chain); + params->chain = chain; + + *pParams = params; + params = NULL; + +cleanup: + + PKIX_DECREF(params); + + PKIX_RETURN(VALIDATEPARAMS); + +} + +/* + * FUNCTION: PKIX_ValidateParams_GetProcessingParams + * (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ValidateParams_GetProcessingParams( + PKIX_ValidateParams *valParams, + PKIX_ProcessingParams **pProcParams, + void *plContext) +{ + PKIX_ENTER(VALIDATEPARAMS, "PKIX_ValidateParams_GetProcessingParams"); + PKIX_NULLCHECK_TWO(valParams, pProcParams); + + PKIX_INCREF(valParams->procParams); + + *pProcParams = valParams->procParams; + +cleanup: + PKIX_RETURN(VALIDATEPARAMS); +} + +/* + * FUNCTION: PKIX_ValidateParams_GetCertChain (see comments in pkix_params.h) + */ +PKIX_Error * +PKIX_ValidateParams_GetCertChain( + PKIX_ValidateParams *valParams, + PKIX_List **pChain, + void *plContext) +{ + PKIX_ENTER(VALIDATEPARAMS, "PKIX_ValidateParams_GetCertChain"); + PKIX_NULLCHECK_TWO(valParams, pChain); + + PKIX_INCREF(valParams->chain); + + *pChain = valParams->chain; + +cleanup: + PKIX_RETURN(VALIDATEPARAMS); +} diff --git a/security/nss/lib/libpkix/pkix/params/pkix_valparams.h b/security/nss/lib/libpkix/pkix/params/pkix_valparams.h new file mode 100644 index 0000000000..93b754f712 --- /dev/null +++ b/security/nss/lib/libpkix/pkix/params/pkix_valparams.h @@ -0,0 +1,33 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* + * pkix_valparams.h + * + * ValidateParams Object Type Definition + * + */ + +#ifndef _PKIX_VALIDATEPARAMS_H +#define _PKIX_VALIDATEPARAMS_H + +#include "pkix_tools.h" + +#ifdef __cplusplus +extern "C" { +#endif + +struct PKIX_ValidateParamsStruct { + PKIX_ProcessingParams *procParams; /* Never NULL */ + PKIX_List *chain; /* Never NULL */ +}; + +/* see source file for function documentation */ + +PKIX_Error *pkix_ValidateParams_RegisterSelf(void *plContext); + +#ifdef __cplusplus +} +#endif + +#endif /* _PKIX_VALIDATEPARAMS_H */ -- cgit v1.2.3