summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/libpkix/pkix/crlsel
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /security/nss/lib/libpkix/pkix/crlsel
parentInitial commit. (diff)
downloadfirefox-esr-upstream.tar.xz
firefox-esr-upstream.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/lib/libpkix/pkix/crlsel')
-rw-r--r--security/nss/lib/libpkix/pkix/crlsel/Makefile46
-rw-r--r--security/nss/lib/libpkix/pkix/crlsel/crlsel.gyp24
-rw-r--r--security/nss/lib/libpkix/pkix/crlsel/exports.gyp26
-rw-r--r--security/nss/lib/libpkix/pkix/crlsel/manifest.mn20
-rw-r--r--security/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.c826
-rw-r--r--security/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.h38
-rw-r--r--security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c870
-rw-r--r--security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.h40
8 files changed, 1890 insertions, 0 deletions
diff --git a/security/nss/lib/libpkix/pkix/crlsel/Makefile b/security/nss/lib/libpkix/pkix/crlsel/Makefile
new file mode 100644
index 0000000000..d714361be7
--- /dev/null
+++ b/security/nss/lib/libpkix/pkix/crlsel/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY). #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL) #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL). #
+#######################################################################
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL) #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL). #
+#######################################################################
+
+
diff --git a/security/nss/lib/libpkix/pkix/crlsel/crlsel.gyp b/security/nss/lib/libpkix/pkix/crlsel/crlsel.gyp
new file mode 100644
index 0000000000..894569ef6c
--- /dev/null
+++ b/security/nss/lib/libpkix/pkix/crlsel/crlsel.gyp
@@ -0,0 +1,24 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+ 'includes': [
+ '../../../../coreconf/config.gypi'
+ ],
+ 'targets': [
+ {
+ 'target_name': 'pkixcrlsel',
+ 'type': 'static_library',
+ 'sources': [
+ 'pkix_comcrlselparams.c',
+ 'pkix_crlselector.c'
+ ],
+ 'dependencies': [
+ '<(DEPTH)/exports.gyp:nss_exports'
+ ]
+ }
+ ],
+ 'variables': {
+ 'module': 'nss'
+ }
+} \ No newline at end of file
diff --git a/security/nss/lib/libpkix/pkix/crlsel/exports.gyp b/security/nss/lib/libpkix/pkix/crlsel/exports.gyp
new file mode 100644
index 0000000000..a7001ffed7
--- /dev/null
+++ b/security/nss/lib/libpkix/pkix/crlsel/exports.gyp
@@ -0,0 +1,26 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+ 'includes': [
+ '../../../../coreconf/config.gypi'
+ ],
+ 'targets': [
+ {
+ 'target_name': 'lib_libpkix_pkix_crlsel_exports',
+ 'type': 'none',
+ 'copies': [
+ {
+ 'files': [
+ 'pkix_comcrlselparams.h',
+ 'pkix_crlselector.h'
+ ],
+ 'destination': '<(nss_private_dist_dir)/<(module)'
+ }
+ ]
+ }
+ ],
+ 'variables': {
+ 'module': 'nss'
+ }
+}
diff --git a/security/nss/lib/libpkix/pkix/crlsel/manifest.mn b/security/nss/lib/libpkix/pkix/crlsel/manifest.mn
new file mode 100644
index 0000000000..fe84a2d62f
--- /dev/null
+++ b/security/nss/lib/libpkix/pkix/crlsel/manifest.mn
@@ -0,0 +1,20 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../../../..
+
+PRIVATE_EXPORTS = \
+ pkix_comcrlselparams.h \
+ pkix_crlselector.h \
+ $(NULL)
+
+MODULE = nss
+
+CSRCS = \
+ pkix_crlselector.c \
+ pkix_comcrlselparams.c \
+ $(NULL)
+
+LIBRARY_NAME = pkixcrlsel
+SHARED_LIBRARY = $(NULL)
diff --git a/security/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.c b/security/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.c
new file mode 100644
index 0000000000..90380c5b2b
--- /dev/null
+++ b/security/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.c
@@ -0,0 +1,826 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_comcrlselparams.c
+ *
+ * ComCRLSelParams Function Definitions
+ *
+ */
+
+#include "pkix_comcrlselparams.h"
+
+/* --ComCRLSelParams-Private-Functions------------------------------------ */
+
+/*
+ * FUNCTION: pkix_ComCrlSelParams_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ComCRLSelParams_Destroy(
+ PKIX_PL_Object *object,
+ void *plContext)
+{
+ PKIX_ComCRLSelParams *params = NULL;
+
+ PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_Destroy");
+ PKIX_NULLCHECK_ONE(object);
+
+ PKIX_CHECK(pkix_CheckType
+ (object, PKIX_COMCRLSELPARAMS_TYPE, plContext),
+ PKIX_OBJECTNOTCOMCRLSELPARAMS);
+
+ params = (PKIX_ComCRLSelParams *)object;
+
+ PKIX_DECREF(params->issuerNames);
+ PKIX_DECREF(params->cert);
+ PKIX_DECREF(params->date);
+ PKIX_DECREF(params->maxCRLNumber);
+ PKIX_DECREF(params->minCRLNumber);
+ PKIX_DECREF(params->crldpList);
+
+cleanup:
+
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ComCRLSelParams_ToString_Helper
+ * DESCRIPTION:
+ *
+ * Helper function that creates a string representation of ComCRLSelParams
+ * pointed to by "crlParams" and stores the result at "pString".
+ *
+ * PARAMETERS
+ * "crlParams"
+ * Address of ComCRLSelParams whose string representation is desired.
+ * Must be non-NULL.
+ * "pString"
+ * Address of object pointer's destination. Must be non-NULL.
+ * "plContext" - Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ * Conditionally Thread Safe
+ * (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLEntry Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_ComCRLSelParams_ToString_Helper(
+ PKIX_ComCRLSelParams *crlParams,
+ PKIX_PL_String **pString,
+ void *plContext)
+{
+ PKIX_PL_String *crlIssuerNamesString = NULL;
+ PKIX_PL_String *crlDateString = NULL;
+ PKIX_PL_String *crlMaxCRLNumberString = NULL;
+ PKIX_PL_String *crlMinCRLNumberString = NULL;
+ PKIX_PL_String *crlCertString = NULL;
+ PKIX_PL_String *crlParamsString = NULL;
+ char *asciiFormat = NULL;
+ PKIX_PL_String *formatString = NULL;
+
+ PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_ToString_Helper");
+ PKIX_NULLCHECK_TWO(crlParams, pString);
+
+ asciiFormat =
+ "\n\t[\n"
+ "\tIssuerNames: %s\n"
+ "\tDate: %s\n"
+ "\tmaxCRLNumber: %s\n"
+ "\tminCRLNumber: %s\n"
+ "\tCertificate: %s\n"
+ "\t]\n";
+
+ PKIX_CHECK(PKIX_PL_String_Create
+ (PKIX_ESCASCII,
+ asciiFormat,
+ 0,
+ &formatString,
+ plContext),
+ PKIX_STRINGCREATEFAILED);
+
+ PKIX_TOSTRING
+ (crlParams->issuerNames, &crlIssuerNamesString, plContext,
+ PKIX_LISTTOSTRINGFAILED);
+
+ PKIX_TOSTRING(crlParams->date, &crlDateString, plContext,
+ PKIX_DATETOSTRINGFAILED);
+
+ PKIX_TOSTRING
+ (crlParams->maxCRLNumber, &crlMaxCRLNumberString, plContext,
+ PKIX_BIGINTTOSTRINGFAILED);
+
+ PKIX_TOSTRING
+ (crlParams->minCRLNumber, &crlMinCRLNumberString, plContext,
+ PKIX_BIGINTTOSTRINGFAILED);
+
+ PKIX_TOSTRING(crlParams->cert, &crlCertString, plContext,
+ PKIX_CERTTOSTRINGFAILED);
+
+ PKIX_CHECK(PKIX_PL_Sprintf
+ (&crlParamsString,
+ plContext,
+ formatString,
+ crlIssuerNamesString,
+ crlDateString,
+ crlMaxCRLNumberString,
+ crlMinCRLNumberString,
+ crlCertString),
+ PKIX_SPRINTFFAILED);
+
+ *pString = crlParamsString;
+
+cleanup:
+
+ PKIX_DECREF(crlIssuerNamesString);
+ PKIX_DECREF(crlDateString);
+ PKIX_DECREF(crlMaxCRLNumberString);
+ PKIX_DECREF(crlMinCRLNumberString);
+ PKIX_DECREF(crlCertString);
+ PKIX_DECREF(formatString);
+
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ComCRLSelParams_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ComCRLSelParams_ToString(
+ PKIX_PL_Object *object,
+ PKIX_PL_String **pString,
+ void *plContext)
+{
+ PKIX_PL_String *crlParamsString = NULL;
+ PKIX_ComCRLSelParams *crlParams = NULL;
+
+ PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_ToString");
+ PKIX_NULLCHECK_TWO(object, pString);
+
+ PKIX_CHECK(pkix_CheckType(object, PKIX_COMCRLSELPARAMS_TYPE, plContext),
+ PKIX_OBJECTNOTCOMCRLSELPARAMS);
+
+ crlParams = (PKIX_ComCRLSelParams *) object;
+
+ PKIX_CHECK(pkix_ComCRLSelParams_ToString_Helper
+ (crlParams, &crlParamsString, plContext),
+ PKIX_COMCRLSELPARAMSTOSTRINGHELPERFAILED);
+
+ *pString = crlParamsString;
+
+cleanup:
+
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ComCRLSelParams_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ComCRLSelParams_Hashcode(
+ PKIX_PL_Object *object,
+ PKIX_UInt32 *pHashcode,
+ void *plContext)
+{
+ PKIX_ComCRLSelParams *crlParams = NULL;
+ PKIX_UInt32 namesHash = 0;
+ PKIX_UInt32 certHash = 0;
+ PKIX_UInt32 dateHash = 0;
+ PKIX_UInt32 maxCRLNumberHash = 0;
+ PKIX_UInt32 minCRLNumberHash = 0;
+ PKIX_UInt32 hash = 0;
+
+ PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_Hashcode");
+ PKIX_NULLCHECK_TWO(object, pHashcode);
+
+ PKIX_CHECK(pkix_CheckType(object, PKIX_COMCRLSELPARAMS_TYPE, plContext),
+ PKIX_OBJECTNOTCOMCRLSELPARAMS);
+
+ crlParams = (PKIX_ComCRLSelParams *)object;
+
+ PKIX_HASHCODE(crlParams->issuerNames, &namesHash, plContext,
+ PKIX_OBJECTHASHCODEFAILED);
+
+ PKIX_HASHCODE(crlParams->cert, &certHash, plContext,
+ PKIX_OBJECTHASHCODEFAILED);
+
+ PKIX_HASHCODE(crlParams->date, &dateHash, plContext,
+ PKIX_OBJECTHASHCODEFAILED);
+
+ PKIX_HASHCODE(crlParams->maxCRLNumber, &maxCRLNumberHash, plContext,
+ PKIX_OBJECTHASHCODEFAILED);
+
+ PKIX_HASHCODE(crlParams->minCRLNumber, &minCRLNumberHash, plContext,
+ PKIX_OBJECTHASHCODEFAILED);
+
+
+ hash = (((namesHash << 3) + certHash) << 3) + dateHash;
+ hash = (hash << 3) + maxCRLNumberHash + minCRLNumberHash;
+
+ *pHashcode = hash;
+
+cleanup:
+
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ComCRLSelParams_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ComCRLSelParams_Equals(
+ PKIX_PL_Object *firstObject,
+ PKIX_PL_Object *secondObject,
+ PKIX_Boolean *pResult,
+ void *plContext)
+{
+ PKIX_ComCRLSelParams *firstCrlParams = NULL;
+ PKIX_ComCRLSelParams *secondCrlParams = NULL;
+ PKIX_UInt32 secondType;
+ PKIX_Boolean cmpResult = PKIX_FALSE;
+
+ PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_Equals");
+ PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+ /* test that firstObject is a ComCRLSelParams */
+ PKIX_CHECK(pkix_CheckType
+ (firstObject, PKIX_COMCRLSELPARAMS_TYPE, plContext),
+ PKIX_FIRSTOBJECTNOTCOMCRLSELPARAMS);
+
+ firstCrlParams = (PKIX_ComCRLSelParams *)firstObject;
+ secondCrlParams = (PKIX_ComCRLSelParams *)secondObject;
+
+ /*
+ * Since we know firstObject is a ComCRLSelParams, if both references
+ * are identical, they must be equal
+ */
+ if (firstCrlParams == secondCrlParams){
+ *pResult = PKIX_TRUE;
+ goto cleanup;
+ }
+
+ /*
+ * If secondComCRLSelParams isn't a ComCRLSelParams, we don't
+ * throw an error. We simply return a Boolean result of FALSE
+ */
+ *pResult = PKIX_FALSE;
+ PKIX_CHECK(PKIX_PL_Object_GetType
+ ((PKIX_PL_Object *)secondCrlParams, &secondType, plContext),
+ PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+
+ if (secondType != PKIX_COMCRLSELPARAMS_TYPE) {
+ goto cleanup;
+ }
+
+ /* Compare Issuer Names */
+ PKIX_EQUALS
+ (firstCrlParams->issuerNames,
+ secondCrlParams->issuerNames,
+ &cmpResult,
+ plContext,
+ PKIX_LISTEQUALSFAILED);
+
+ if (cmpResult != PKIX_TRUE) {
+ goto cleanup;
+ }
+
+ /* Compare Date */
+ PKIX_EQUALS
+ (firstCrlParams->date,
+ secondCrlParams->date,
+ &cmpResult,
+ plContext,
+ PKIX_DATEEQUALSFAILED);
+
+ if (cmpResult != PKIX_TRUE) {
+ goto cleanup;
+ }
+
+ /* Compare Max CRL Number */
+ PKIX_EQUALS
+ (firstCrlParams->maxCRLNumber,
+ secondCrlParams->maxCRLNumber,
+ &cmpResult,
+ plContext,
+ PKIX_BIGINTEQUALSFAILED);
+
+ if (cmpResult != PKIX_TRUE) {
+ goto cleanup;
+ }
+
+ /* Compare Min CRL Number */
+ PKIX_EQUALS
+ (firstCrlParams->minCRLNumber,
+ secondCrlParams->minCRLNumber,
+ &cmpResult,
+ plContext,
+ PKIX_BIGINTEQUALSFAILED);
+
+ if (cmpResult != PKIX_TRUE) {
+ goto cleanup;
+ }
+
+ /* Compare Cert */
+ PKIX_EQUALS
+ (firstCrlParams->cert,
+ secondCrlParams->cert,
+ &cmpResult,
+ plContext,
+ PKIX_CERTEQUALSFAILED);
+
+ *pResult = cmpResult;
+
+cleanup:
+
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ComCRLSelParams_Duplicate
+ * (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ComCRLSelParams_Duplicate(
+ PKIX_PL_Object *object,
+ PKIX_PL_Object **pNewObject,
+ void *plContext)
+{
+ PKIX_ComCRLSelParams *old;
+ PKIX_ComCRLSelParams *new = NULL;
+
+ PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_Duplicate");
+ PKIX_NULLCHECK_TWO(object, pNewObject);
+
+ PKIX_CHECK(pkix_CheckType(object, PKIX_COMCRLSELPARAMS_TYPE, plContext),
+ PKIX_OBJECTNOTCOMCRLSELPARAMS);
+
+ old = (PKIX_ComCRLSelParams *)object;
+
+ PKIX_CHECK(PKIX_PL_Object_Alloc
+ (PKIX_COMCRLSELPARAMS_TYPE,
+ (PKIX_UInt32)(sizeof (PKIX_ComCRLSelParams)),
+ (PKIX_PL_Object **)&new,
+ plContext),
+ PKIX_OBJECTALLOCFAILED);
+
+ PKIX_DUPLICATE(old->cert, &new->cert, plContext,
+ PKIX_OBJECTDUPLICATECERTFAILED);
+
+ PKIX_DUPLICATE(old->crldpList, &new->crldpList, plContext,
+ PKIX_OBJECTDUPLICATECERTFAILED);
+
+ PKIX_DUPLICATE(old->issuerNames, &new->issuerNames, plContext,
+ PKIX_OBJECTDUPLICATEISSUERNAMESFAILED);
+
+ PKIX_DUPLICATE(old->date, &new->date, plContext,
+ PKIX_OBJECTDUPLICATEDATEFAILED);
+
+ PKIX_DUPLICATE(old->maxCRLNumber, &new->maxCRLNumber, plContext,
+ PKIX_OBJECTDUPLICATEMAXCRLNUMBERFAILED);
+
+ PKIX_DUPLICATE(old->minCRLNumber, &new->minCRLNumber, plContext,
+ PKIX_OBJECTDUPLICATEMINCRLNUMBERFAILED);
+
+ *pNewObject = (PKIX_PL_Object *)new;
+
+cleanup:
+
+ if (PKIX_ERROR_RECEIVED){
+ PKIX_DECREF(new);
+ }
+
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ComCrlSelParams_RegisterSelf
+ * DESCRIPTION:
+ * Registers PKIX_COMCRLSELPARAMS_TYPE and its related functions with
+ * systemClasses[]
+ * THREAD SAFETY:
+ * Not Thread Safe - for performance and complexity reasons
+ *
+ * Since this function is only called by PKIX_PL_Initialize, which should
+ * only be called once, it is acceptable that this function is not
+ * thread-safe.
+ */
+PKIX_Error *
+pkix_ComCRLSelParams_RegisterSelf(void *plContext)
+{
+ extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+ pkix_ClassTable_Entry entry;
+
+ PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_RegisterSelf");
+
+ entry.description = "ComCRLSelParams";
+ entry.objCounter = 0;
+ entry.typeObjectSize = sizeof(PKIX_ComCRLSelParams);
+ entry.destructor = pkix_ComCRLSelParams_Destroy;
+ entry.equalsFunction = pkix_ComCRLSelParams_Equals;
+ entry.hashcodeFunction = pkix_ComCRLSelParams_Hashcode;
+ entry.toStringFunction = pkix_ComCRLSelParams_ToString;
+ entry.comparator = NULL;
+ entry.duplicateFunction = pkix_ComCRLSelParams_Duplicate;
+
+ systemClasses[PKIX_COMCRLSELPARAMS_TYPE] = entry;
+
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/* --ComCRLSelParams-Public-Functions------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_Create (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_Create(
+ PKIX_ComCRLSelParams **pParams,
+ void *plContext)
+{
+ PKIX_ComCRLSelParams *params = NULL;
+
+ PKIX_ENTER(COMCRLSELPARAMS, "PKIX_ComCRLSelParams_Create");
+ PKIX_NULLCHECK_ONE(pParams);
+
+ PKIX_CHECK(PKIX_PL_Object_Alloc
+ (PKIX_COMCRLSELPARAMS_TYPE,
+ sizeof (PKIX_ComCRLSelParams),
+ (PKIX_PL_Object **)&params,
+ plContext),
+ PKIX_COULDNOTCREATECOMMONCRLSELECTORPARAMSOBJECT);
+
+ /* initialize fields */
+ params->issuerNames = NULL;
+ params->cert = NULL;
+ params->crldpList = NULL;
+ params->date = NULL;
+ params->nistPolicyEnabled = PKIX_TRUE;
+ params->maxCRLNumber = NULL;
+ params->minCRLNumber = NULL;
+
+ *pParams = params;
+
+cleanup:
+
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetIssuerNames (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetIssuerNames(
+ PKIX_ComCRLSelParams *params,
+ PKIX_List **pIssuerNames,
+ void *plContext)
+{
+ PKIX_ENTER(COMCRLSELPARAMS, "PKIX_ComCRLSelParams_GetIssuerNames");
+ PKIX_NULLCHECK_TWO(params, pIssuerNames);
+
+ PKIX_INCREF(params->issuerNames);
+
+ *pIssuerNames = params->issuerNames;
+
+cleanup:
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetIssuerNames (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetIssuerNames(
+ PKIX_ComCRLSelParams *params,
+ PKIX_List *names,
+ void *plContext)
+{
+ PKIX_ENTER(COMCRLSELPARAMS, "PKIX_ComCRLSelParams_SetIssuerNames");
+ PKIX_NULLCHECK_ONE(params); /* allows null for names from spec */
+
+ PKIX_DECREF(params->issuerNames);
+
+ PKIX_INCREF(names); /* if NULL, allows to reset for no action */
+
+ params->issuerNames = names;
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_AddIssuerName (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_AddIssuerName(
+ PKIX_ComCRLSelParams *params,
+ PKIX_PL_X500Name *name,
+ void *plContext)
+{
+ PKIX_List *list = NULL;
+
+ PKIX_ENTER(COMCRLSELPARAMS, "PKIX_ComCRLSelParams_AddIssuerName");
+ PKIX_NULLCHECK_ONE(params);
+
+ if (name != NULL) {
+
+ if (params->issuerNames == NULL) {
+
+ PKIX_CHECK(PKIX_List_Create(&list, plContext),
+ PKIX_LISTCREATEFAILED);
+ params->issuerNames = list;
+ }
+
+ PKIX_CHECK(PKIX_List_AppendItem
+ (params->issuerNames, (PKIX_PL_Object *)name, plContext),
+ PKIX_LISTAPPENDITEMFAILED);
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+
+ }
+
+cleanup:
+
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetCertificateChecking
+ * (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetCertificateChecking(
+ PKIX_ComCRLSelParams *params,
+ PKIX_PL_Cert **pCert,
+ void *plContext)
+{
+ PKIX_ENTER(COMCRLSELPARAMS,
+ "PKIX_ComCRLSelParams_GetCertificateChecking");
+ PKIX_NULLCHECK_TWO(params, pCert);
+
+ PKIX_INCREF(params->cert);
+
+ *pCert = params->cert;
+
+cleanup:
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetCertificateChecking
+ * (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetCertificateChecking(
+ PKIX_ComCRLSelParams *params,
+ PKIX_PL_Cert *cert,
+ void *plContext)
+{
+ PKIX_ENTER(COMCRLSELPARAMS,
+ "PKIX_ComCRLSelParams_SetCertificateChecking");
+ PKIX_NULLCHECK_ONE(params); /* allows cert to be NULL from spec */
+
+ PKIX_DECREF(params->cert);
+
+ PKIX_INCREF(cert);
+
+ params->cert = cert;
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetDateAndTime (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetDateAndTime(
+ PKIX_ComCRLSelParams *params,
+ PKIX_PL_Date **pDate,
+ void *plContext)
+{
+ PKIX_ENTER(COMCRLSELPARAMS,
+ "PKIX_ComCRLSelParams_GetDateAndTime");
+ PKIX_NULLCHECK_TWO(params, pDate);
+
+ PKIX_INCREF(params->date);
+
+ *pDate = params->date;
+
+cleanup:
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetDateAndTime (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetDateAndTime(
+ PKIX_ComCRLSelParams *params,
+ PKIX_PL_Date *date,
+ void *plContext)
+{
+ PKIX_ENTER(COMCRLSELPARAMS,
+ "PKIX_ComCRLSelParams_SetDateAndTime");
+ PKIX_NULLCHECK_ONE(params); /* allows date to be NULL from spec */
+
+ PKIX_DECREF (params->date);
+
+ PKIX_INCREF(date);
+
+ params->date = date;
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetDateAndTime (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetNISTPolicyEnabled(
+ PKIX_ComCRLSelParams *params,
+ PKIX_Boolean *pEnabled,
+ void *plContext)
+{
+ PKIX_ENTER(COMCRLSELPARAMS,
+ "PKIX_ComCRLSelParams_GetNISTPolicyEnabled");
+ PKIX_NULLCHECK_TWO(params, pEnabled);
+
+ *pEnabled = params->nistPolicyEnabled;
+
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetDateAndTime (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetNISTPolicyEnabled(
+ PKIX_ComCRLSelParams *params,
+ PKIX_Boolean enabled,
+ void *plContext)
+{
+ PKIX_ENTER(COMCRLSELPARAMS,
+ "PKIX_ComCRLSelParams_SetNISTPolicyEnabled");
+ PKIX_NULLCHECK_ONE(params); /* allows date to be NULL from spec */
+
+ params->nistPolicyEnabled = enabled;
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetMaxCRLNumber
+ * (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetMaxCRLNumber(
+ PKIX_ComCRLSelParams *params,
+ PKIX_PL_BigInt **pMaxCRLNumber,
+ void *plContext)
+{
+ PKIX_ENTER(COMCRLSELPARAMS,
+ "PKIX_ComCRLSelParams_GetMaxCRLNumber");
+ PKIX_NULLCHECK_TWO(params, pMaxCRLNumber);
+
+ PKIX_INCREF(params->maxCRLNumber);
+
+ *pMaxCRLNumber = params->maxCRLNumber;
+
+cleanup:
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetMaxCRLNumber
+ * (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetMaxCRLNumber(
+ PKIX_ComCRLSelParams *params,
+ PKIX_PL_BigInt *maxCRLNumber,
+ void *plContext)
+{
+ PKIX_ENTER(COMCRLSELPARAMS,
+ "PKIX_ComCRLSelParams_SetMaxCRLNumber");
+ PKIX_NULLCHECK_ONE(params); /* maxCRLNumber can be NULL - from spec */
+
+ PKIX_DECREF(params->maxCRLNumber);
+
+ PKIX_INCREF(maxCRLNumber);
+
+ params->maxCRLNumber = maxCRLNumber;
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetMinCRLNumber
+ * (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetMinCRLNumber(
+ PKIX_ComCRLSelParams *params,
+ PKIX_PL_BigInt **pMinCRLNumber,
+ void *plContext)
+{
+ PKIX_ENTER(COMCRLSELPARAMS,
+ "PKIX_ComCRLSelParams_GetMinCRLNumber");
+ PKIX_NULLCHECK_TWO(params, pMinCRLNumber);
+
+ PKIX_INCREF(params->minCRLNumber);
+
+ *pMinCRLNumber = params->minCRLNumber;
+
+cleanup:
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetMinCRLNumber
+ * (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetMinCRLNumber(
+ PKIX_ComCRLSelParams *params,
+ PKIX_PL_BigInt *minCRLNumber,
+ void *plContext)
+{
+ PKIX_ENTER(COMCRLSELPARAMS,
+ "PKIX_ComCRLSelParams_SetMinCRLNumber");
+ PKIX_NULLCHECK_ONE(params); /* minCRLNumber can be NULL - from spec */
+
+ PKIX_DECREF(params->minCRLNumber);
+
+ PKIX_INCREF(minCRLNumber);
+
+ params->minCRLNumber = minCRLNumber;
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+
+PKIX_Error*
+PKIX_ComCRLSelParams_SetCrlDp(
+ PKIX_ComCRLSelParams *params,
+ PKIX_List *crldpList,
+ void *plContext)
+{
+ PKIX_ENTER(COMCRLSELPARAMS, "PKIX_ComCRLSelParams_SetCrlDp");
+ PKIX_NULLCHECK_ONE(params); /* minCRLNumber can be NULL - from spec */
+
+ PKIX_INCREF(crldpList);
+ params->crldpList = crldpList;
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+cleanup:
+
+ PKIX_RETURN(COMCRLSELPARAMS);
+}
diff --git a/security/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.h b/security/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.h
new file mode 100644
index 0000000000..08351375d9
--- /dev/null
+++ b/security/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.h
@@ -0,0 +1,38 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_comcrlselparams.h
+ *
+ * ComCrlSelParams Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_COMCRLSELPARAMS_H
+#define _PKIX_COMCRLSELPARAMS_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_ComCRLSelParamsStruct {
+ PKIX_List *issuerNames; /* list of PKIX_PL_X500Name */
+ PKIX_PL_Cert *cert; /* certificate being checked */
+ PKIX_List *crldpList;
+ PKIX_PL_Date *date;
+ PKIX_Boolean nistPolicyEnabled;
+ PKIX_PL_BigInt *maxCRLNumber;
+ PKIX_PL_BigInt *minCRLNumber;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_ComCRLSelParams_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_COMCRLSELPARAMS_H */
diff --git a/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c b/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c
new file mode 100644
index 0000000000..e9a9c03dfd
--- /dev/null
+++ b/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c
@@ -0,0 +1,870 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_crlselector.c
+ *
+ * CRLSelector Function Definitions
+ *
+ */
+
+#include "pkix_crlselector.h"
+
+/* --CRLSelector Private-Functions-------------------------------------- */
+
+/*
+ * FUNCTION: pkix_CRLSelector_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_CRLSelector_Destroy(
+ PKIX_PL_Object *object,
+ void *plContext)
+{
+ PKIX_CRLSelector *selector = NULL;
+
+ PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Destroy");
+ PKIX_NULLCHECK_ONE(object);
+
+ PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext),
+ PKIX_OBJECTNOTCRLSELECTOR);
+
+ selector = (PKIX_CRLSelector *)object;
+
+ selector->matchCallback = NULL;
+
+ PKIX_DECREF(selector->params);
+ PKIX_DECREF(selector->context);
+
+cleanup:
+
+ PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CRLSelector_ToString_Helper
+ *
+ * DESCRIPTION:
+ * Helper function that creates a string representation of CRLSelector
+ * pointed to by "crlParams" and stores its address in the object pointed to
+ * by "pString".
+ *
+ * PARAMETERS
+ * "list"
+ * Address of CRLSelector whose string representation is desired.
+ * Must be non-NULL.
+ * "pString"
+ * Address of object pointer's destination. Must be non-NULL.
+ * "plContext" - Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ * Conditionally Thread Safe
+ * (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_CRLSelector_ToString_Helper(
+ PKIX_CRLSelector *crlSelector,
+ PKIX_PL_String **pString,
+ void *plContext)
+{
+ PKIX_PL_String *crlSelectorString = NULL;
+ PKIX_PL_String *formatString = NULL;
+ PKIX_PL_String *crlParamsString = NULL;
+ PKIX_PL_String *crlContextString = NULL;
+ char *asciiFormat = NULL;
+
+ PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_ToString_Helper");
+ PKIX_NULLCHECK_TWO(crlSelector, pString);
+ PKIX_NULLCHECK_ONE(crlSelector->params);
+
+ asciiFormat =
+ "\n\t[\n"
+ "\tMatchCallback: 0x%x\n"
+ "\tParams: %s\n"
+ "\tContext: %s\n"
+ "\t]\n";
+
+ PKIX_CHECK(PKIX_PL_String_Create
+ (PKIX_ESCASCII,
+ asciiFormat,
+ 0,
+ &formatString,
+ plContext),
+ PKIX_STRINGCREATEFAILED);
+
+ /* Params */
+ PKIX_TOSTRING
+ ((PKIX_PL_Object *)crlSelector->params,
+ &crlParamsString,
+ plContext,
+ PKIX_COMCRLSELPARAMSTOSTRINGFAILED);
+
+ /* Context */
+ PKIX_TOSTRING(crlSelector->context, &crlContextString, plContext,
+ PKIX_LISTTOSTRINGFAILED);
+
+ PKIX_CHECK(PKIX_PL_Sprintf
+ (&crlSelectorString,
+ plContext,
+ formatString,
+ crlSelector->matchCallback,
+ crlParamsString,
+ crlContextString),
+ PKIX_SPRINTFFAILED);
+
+ *pString = crlSelectorString;
+
+cleanup:
+
+ PKIX_DECREF(crlParamsString);
+ PKIX_DECREF(crlContextString);
+ PKIX_DECREF(formatString);
+
+ PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CRLSelector_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_CRLSelector_ToString(
+ PKIX_PL_Object *object,
+ PKIX_PL_String **pString,
+ void *plContext)
+{
+ PKIX_PL_String *crlSelectorString = NULL;
+ PKIX_CRLSelector *crlSelector = NULL;
+
+ PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_ToString");
+ PKIX_NULLCHECK_TWO(object, pString);
+
+ PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext),
+ PKIX_OBJECTNOTCRLSELECTOR);
+
+ crlSelector = (PKIX_CRLSelector *) object;
+
+ PKIX_CHECK(pkix_CRLSelector_ToString_Helper
+ (crlSelector, &crlSelectorString, plContext),
+ PKIX_CRLSELECTORTOSTRINGHELPERFAILED);
+
+ *pString = crlSelectorString;
+
+cleanup:
+
+ PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CRLSelector_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_CRLSelector_Hashcode(
+ PKIX_PL_Object *object,
+ PKIX_UInt32 *pHashcode,
+ void *plContext)
+{
+ PKIX_UInt32 paramsHash = 0;
+ PKIX_UInt32 contextHash = 0;
+ PKIX_UInt32 hash = 0;
+
+ PKIX_CRLSelector *crlSelector = NULL;
+
+ PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Hashcode");
+ PKIX_NULLCHECK_TWO(object, pHashcode);
+
+ PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext),
+ PKIX_OBJECTNOTCRLSELECTOR);
+
+ crlSelector = (PKIX_CRLSelector *)object;
+
+ PKIX_HASHCODE(crlSelector->params, &paramsHash, plContext,
+ PKIX_OBJECTHASHCODEFAILED);
+
+ PKIX_HASHCODE(crlSelector->context, &contextHash, plContext,
+ PKIX_OBJECTHASHCODEFAILED);
+
+ hash = 31 * ((PKIX_UInt32)((char *)crlSelector->matchCallback - (char *)NULL) +
+ (contextHash << 3)) + paramsHash;
+
+ *pHashcode = hash;
+
+cleanup:
+
+ PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CRLSelector_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_CRLSelector_Equals(
+ PKIX_PL_Object *firstObject,
+ PKIX_PL_Object *secondObject,
+ PKIX_Boolean *pResult,
+ void *plContext)
+{
+ PKIX_CRLSelector *firstCrlSelector = NULL;
+ PKIX_CRLSelector *secondCrlSelector = NULL;
+ PKIX_UInt32 secondType;
+ PKIX_Boolean cmpResult = PKIX_FALSE;
+
+ PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Equals");
+ PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+ /* test that firstObject is a CRLSelector */
+ PKIX_CHECK(pkix_CheckType
+ (firstObject, PKIX_CRLSELECTOR_TYPE, plContext),
+ PKIX_FIRSTOBJECTNOTCRLSELECTOR);
+
+ firstCrlSelector = (PKIX_CRLSelector *)firstObject;
+ secondCrlSelector = (PKIX_CRLSelector *)secondObject;
+
+ /*
+ * Since we know firstObject is a CRLSelector, if both references are
+ * identical, they must be equal
+ */
+ if (firstCrlSelector == secondCrlSelector){
+ *pResult = PKIX_TRUE;
+ goto cleanup;
+ }
+
+ /*
+ * If secondCRLSelector isn't a CRLSelector, we don't throw an error.
+ * We simply return a Boolean result of FALSE
+ */
+ *pResult = PKIX_FALSE;
+ PKIX_CHECK(PKIX_PL_Object_GetType
+ ((PKIX_PL_Object *)secondCrlSelector,
+ &secondType,
+ plContext),
+ PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+
+ if (secondType != PKIX_CRLSELECTOR_TYPE) {
+ goto cleanup;
+ }
+
+ /* Compare MatchCallback address */
+ cmpResult = (firstCrlSelector->matchCallback ==
+ secondCrlSelector->matchCallback);
+
+ if (cmpResult == PKIX_FALSE) {
+ goto cleanup;
+ }
+
+ /* Compare Common CRL Selector Params */
+ PKIX_EQUALS
+ (firstCrlSelector->params,
+ secondCrlSelector->params,
+ &cmpResult,
+ plContext,
+ PKIX_COMCRLSELPARAMSEQUALSFAILED);
+
+
+ if (cmpResult == PKIX_FALSE) {
+ goto cleanup;
+ }
+
+ /* Compare Context */
+ PKIX_EQUALS
+ (firstCrlSelector->context,
+ secondCrlSelector->context,
+ &cmpResult,
+ plContext,
+ PKIX_COMCRLSELPARAMSEQUALSFAILED);
+
+ *pResult = cmpResult;
+
+cleanup:
+
+ PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CRLSelector_Duplicate
+ * (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_CRLSelector_Duplicate(
+ PKIX_PL_Object *object,
+ PKIX_PL_Object **pNewObject,
+ void *plContext)
+{
+ PKIX_CRLSelector *old;
+ PKIX_CRLSelector *new = NULL;
+
+ PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Duplicate");
+ PKIX_NULLCHECK_TWO(object, pNewObject);
+
+ PKIX_CHECK(pkix_CheckType
+ (object, PKIX_CRLSELECTOR_TYPE, plContext),
+ PKIX_OBJECTNOTCRLSELECTOR);
+
+ old = (PKIX_CRLSelector *)object;
+
+ PKIX_CHECK(PKIX_PL_Object_Alloc
+ (PKIX_CRLSELECTOR_TYPE,
+ (PKIX_UInt32)(sizeof (PKIX_CRLSelector)),
+ (PKIX_PL_Object **)&new,
+ plContext),
+ PKIX_CREATECRLSELECTORDUPLICATEOBJECTFAILED);
+
+ new->matchCallback = old->matchCallback;
+
+ PKIX_DUPLICATE(old->params, &new->params, plContext,
+ PKIX_OBJECTDUPLICATEPARAMSFAILED);
+
+ PKIX_DUPLICATE(old->context, &new->context, plContext,
+ PKIX_OBJECTDUPLICATECONTEXTFAILED);
+
+ *pNewObject = (PKIX_PL_Object *)new;
+
+cleanup:
+
+ if (PKIX_ERROR_RECEIVED){
+ PKIX_DECREF(new);
+ }
+
+ PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CRLSelector_DefaultMatch
+ *
+ * DESCRIPTION:
+ * This function compares the parameter values (Issuer, date, and CRL number)
+ * set in the ComCRLSelParams of the CRLSelector pointed to by "selector" with
+ * the corresponding values in the CRL pointed to by "crl". When all the
+ * criteria set in the parameter values match the values in "crl", PKIX_TRUE is
+ * stored at "pMatch". If the CRL does not match the CRLSelector's criteria,
+ * PKIX_FALSE is stored at "pMatch".
+ *
+ * PARAMETERS
+ * "selector"
+ * Address of CRLSelector which is verified for a match
+ * Must be non-NULL.
+ * "crl"
+ * Address of the CRL object to be verified. Must be non-NULL.
+ * "pMatch"
+ * Address at which Boolean result is stored. Must be non-NULL.
+ * "plContext"
+ * Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ * Conditionally Thread Safe
+ * (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_CRLSelector_DefaultMatch(
+ PKIX_CRLSelector *selector,
+ PKIX_PL_CRL *crl,
+ PKIX_Boolean *pMatch,
+ void *plContext)
+{
+ PKIX_ComCRLSelParams *params = NULL;
+ PKIX_PL_X500Name *crlIssuerName = NULL;
+ PKIX_PL_X500Name *issuerName = NULL;
+ PKIX_List *selIssuerNames = NULL;
+ PKIX_PL_Date *selDate = NULL;
+ PKIX_Boolean result = PKIX_TRUE;
+ PKIX_UInt32 numIssuers = 0;
+ PKIX_UInt32 i;
+ PKIX_PL_BigInt *minCRLNumber = NULL;
+ PKIX_PL_BigInt *maxCRLNumber = NULL;
+ PKIX_PL_BigInt *crlNumber = NULL;
+ PKIX_Boolean nistPolicyEnabled = PKIX_FALSE;
+
+ PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_DefaultMatch");
+ PKIX_NULLCHECK_TWO(selector, crl);
+
+ *pMatch = PKIX_TRUE;
+ params = selector->params;
+
+ /* No matching parameter provided, just a match */
+ if (params == NULL) {
+ goto cleanup;
+ }
+
+ PKIX_CHECK(PKIX_ComCRLSelParams_GetIssuerNames
+ (params, &selIssuerNames, plContext),
+ PKIX_COMCRLSELPARAMSGETISSUERNAMESFAILED);
+
+ /* Check for Issuers */
+ if (selIssuerNames != NULL){
+
+ result = PKIX_FALSE;
+
+ PKIX_CHECK(PKIX_PL_CRL_GetIssuer
+ (crl, &crlIssuerName, plContext),
+ PKIX_CRLGETISSUERFAILED);
+
+ PKIX_CHECK(PKIX_List_GetLength
+ (selIssuerNames, &numIssuers, plContext),
+ PKIX_LISTGETLENGTHFAILED);
+
+ for (i = 0; i < numIssuers; i++){
+
+ PKIX_CHECK(PKIX_List_GetItem
+ (selIssuerNames,
+ i,
+ (PKIX_PL_Object **)&issuerName,
+ plContext),
+ PKIX_LISTGETITEMFAILED);
+
+ PKIX_CHECK(PKIX_PL_X500Name_Match
+ (crlIssuerName,
+ issuerName,
+ &result,
+ plContext),
+ PKIX_X500NAMEMATCHFAILED);
+
+ PKIX_DECREF(issuerName);
+
+ if (result == PKIX_TRUE) {
+ break;
+ }
+ }
+
+ if (result == PKIX_FALSE) {
+ PKIX_CRLSELECTOR_DEBUG("Issuer Match Failed\N");
+ *pMatch = PKIX_FALSE;
+ goto cleanup;
+ }
+
+ }
+
+ PKIX_CHECK(PKIX_ComCRLSelParams_GetDateAndTime
+ (params, &selDate, plContext),
+ PKIX_COMCRLSELPARAMSGETDATEANDTIMEFAILED);
+
+ /* Check for Date */
+ if (selDate != NULL){
+
+ PKIX_CHECK(PKIX_ComCRLSelParams_GetNISTPolicyEnabled
+ (params, &nistPolicyEnabled, plContext),
+ PKIX_COMCRLSELPARAMSGETNISTPOLICYENABLEDFAILED);
+
+ /* check crl dates only for if NIST policies enforced */
+ if (nistPolicyEnabled) {
+ result = PKIX_FALSE;
+
+ PKIX_CHECK(PKIX_PL_CRL_VerifyUpdateTime
+ (crl, selDate, &result, plContext),
+ PKIX_CRLVERIFYUPDATETIMEFAILED);
+
+ if (result == PKIX_FALSE) {
+ *pMatch = PKIX_FALSE;
+ goto cleanup;
+ }
+ }
+
+ }
+
+ /* Check for CRL number in range */
+ PKIX_CHECK(PKIX_PL_CRL_GetCRLNumber(crl, &crlNumber, plContext),
+ PKIX_CRLGETCRLNUMBERFAILED);
+
+ if (crlNumber != NULL) {
+ result = PKIX_FALSE;
+
+ PKIX_CHECK(PKIX_ComCRLSelParams_GetMinCRLNumber
+ (params, &minCRLNumber, plContext),
+ PKIX_COMCRLSELPARAMSGETMINCRLNUMBERFAILED);
+
+ if (minCRLNumber != NULL) {
+
+ PKIX_CHECK(PKIX_PL_Object_Compare
+ ((PKIX_PL_Object *)minCRLNumber,
+ (PKIX_PL_Object *)crlNumber,
+ &result,
+ plContext),
+ PKIX_OBJECTCOMPARATORFAILED);
+
+ if (result == 1) {
+ PKIX_CRLSELECTOR_DEBUG
+ ("CRL MinNumber Range Match Failed\n");
+ *pMatch = PKIX_FALSE;
+ goto cleanup;
+ }
+ }
+
+ PKIX_CHECK(PKIX_ComCRLSelParams_GetMaxCRLNumber
+ (params, &maxCRLNumber, plContext),
+ PKIX_COMCRLSELPARAMSGETMAXCRLNUMBERFAILED);
+
+ if (maxCRLNumber != NULL) {
+
+ PKIX_CHECK(PKIX_PL_Object_Compare
+ ((PKIX_PL_Object *)crlNumber,
+ (PKIX_PL_Object *)maxCRLNumber,
+ &result,
+ plContext),
+ PKIX_OBJECTCOMPARATORFAILED);
+
+ if (result == 1) {
+ PKIX_CRLSELECTOR_DEBUG
+ (PKIX_CRLMAXNUMBERRANGEMATCHFAILED);
+ *pMatch = PKIX_FALSE;
+ goto cleanup;
+ }
+ }
+ }
+
+cleanup:
+
+ PKIX_DECREF(selIssuerNames);
+ PKIX_DECREF(selDate);
+ PKIX_DECREF(crlIssuerName);
+ PKIX_DECREF(issuerName);
+ PKIX_DECREF(crlNumber);
+ PKIX_DECREF(minCRLNumber);
+ PKIX_DECREF(maxCRLNumber);
+
+ PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CRLSelector_RegisterSelf
+ * DESCRIPTION:
+ * Registers PKIX_CRLSELECTOR_TYPE and its related functions with
+ * systemClasses[]
+ * THREAD SAFETY:
+ * Not Thread Safe - for performance and complexity reasons
+ *
+ * Since this function is only called by PKIX_PL_Initialize, which should
+ * only be called once, it is acceptable that this function is not
+ * thread-safe.
+ */
+PKIX_Error *
+pkix_CRLSelector_RegisterSelf(void *plContext)
+{
+ extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+ pkix_ClassTable_Entry entry;
+
+ PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_RegisterSelf");
+
+ entry.description = "CRLSelector";
+ entry.objCounter = 0;
+ entry.typeObjectSize = sizeof(PKIX_CRLSelector);
+ entry.destructor = pkix_CRLSelector_Destroy;
+ entry.equalsFunction = pkix_CRLSelector_Equals;
+ entry.hashcodeFunction = pkix_CRLSelector_Hashcode;
+ entry.toStringFunction = pkix_CRLSelector_ToString;
+ entry.comparator = NULL;
+ entry.duplicateFunction = pkix_CRLSelector_Duplicate;
+
+ systemClasses[PKIX_CRLSELECTOR_TYPE] = entry;
+
+ PKIX_RETURN(CRLSELECTOR);
+}
+
+/* --CRLSelector-Public-Functions---------------------------------------- */
+PKIX_Error *
+pkix_CRLSelector_Create(
+ PKIX_CRLSelector_MatchCallback callback,
+ PKIX_PL_Object *crlSelectorContext,
+ PKIX_CRLSelector **pSelector,
+ void *plContext)
+{
+ PKIX_CRLSelector *selector = NULL;
+
+ PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_Create");
+ PKIX_NULLCHECK_ONE(pSelector);
+
+ PKIX_CHECK(PKIX_PL_Object_Alloc
+ (PKIX_CRLSELECTOR_TYPE,
+ sizeof (PKIX_CRLSelector),
+ (PKIX_PL_Object **)&selector,
+ plContext),
+ PKIX_COULDNOTCREATECRLSELECTOROBJECT);
+
+ /*
+ * if user specified a particular match callback, we use that one.
+ * otherwise, we use the default match provided.
+ */
+
+ if (callback != NULL){
+ selector->matchCallback = callback;
+ } else {
+ selector->matchCallback = pkix_CRLSelector_DefaultMatch;
+ }
+
+ /* initialize other fields */
+ selector->params = NULL;
+
+ PKIX_INCREF(crlSelectorContext);
+ selector->context = crlSelectorContext;
+
+ *pSelector = selector;
+ selector = NULL;
+
+cleanup:
+
+ PKIX_DECREF(selector);
+
+ PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: PKIX_CRLSelector_Create (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_CRLSelector_Create(
+ PKIX_PL_Cert *issuer,
+ PKIX_List *crldpList,
+ PKIX_PL_Date *date,
+ PKIX_CRLSelector **pCrlSelector,
+ void *plContext)
+{
+ PKIX_PL_X500Name *issuerName = NULL;
+ PKIX_PL_Date *nowDate = NULL;
+ PKIX_ComCRLSelParams *comCrlSelParams = NULL;
+ PKIX_CRLSelector *crlSelector = NULL;
+
+ PKIX_ENTER(CERTCHAINCHECKER, "PKIX_CrlSelector_Create");
+ PKIX_NULLCHECK_ONE(issuer);
+
+ PKIX_CHECK(
+ PKIX_PL_Cert_GetSubject(issuer, &issuerName, plContext),
+ PKIX_CERTGETISSUERFAILED);
+
+ if (date != NULL) {
+ PKIX_INCREF(date);
+ nowDate = date;
+ } else {
+ PKIX_CHECK(
+ PKIX_PL_Date_Create_UTCTime(NULL, &nowDate, plContext),
+ PKIX_DATECREATEUTCTIMEFAILED);
+ }
+
+ PKIX_CHECK(
+ PKIX_ComCRLSelParams_Create(&comCrlSelParams, plContext),
+ PKIX_COMCRLSELPARAMSCREATEFAILED);
+
+ PKIX_CHECK(
+ PKIX_ComCRLSelParams_AddIssuerName(comCrlSelParams, issuerName,
+ plContext),
+ PKIX_COMCRLSELPARAMSADDISSUERNAMEFAILED);
+
+ PKIX_CHECK(
+ PKIX_ComCRLSelParams_SetCrlDp(comCrlSelParams, crldpList,
+ plContext),
+ PKIX_COMCRLSELPARAMSSETCERTFAILED);
+
+ PKIX_CHECK(
+ PKIX_ComCRLSelParams_SetDateAndTime(comCrlSelParams, nowDate,
+ plContext),
+ PKIX_COMCRLSELPARAMSSETDATEANDTIMEFAILED);
+
+ PKIX_CHECK(
+ pkix_CRLSelector_Create(NULL, NULL, &crlSelector, plContext),
+ PKIX_CRLSELECTORCREATEFAILED);
+
+ PKIX_CHECK(
+ PKIX_CRLSelector_SetCommonCRLSelectorParams(crlSelector,
+ comCrlSelParams,
+ plContext),
+ PKIX_CRLSELECTORSETCOMMONCRLSELECTORPARAMSFAILED);
+
+ *pCrlSelector = crlSelector;
+ crlSelector = NULL;
+
+cleanup:
+
+ PKIX_DECREF(issuerName);
+ PKIX_DECREF(nowDate);
+ PKIX_DECREF(comCrlSelParams);
+ PKIX_DECREF(crlSelector);
+
+ PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/*
+ * FUNCTION: PKIX_CRLSelector_GetMatchCallback (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_CRLSelector_GetMatchCallback(
+ PKIX_CRLSelector *selector,
+ PKIX_CRLSelector_MatchCallback *pCallback,
+ void *plContext)
+{
+ PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetMatchCallback");
+ PKIX_NULLCHECK_TWO(selector, pCallback);
+
+ *pCallback = selector->matchCallback;
+
+ PKIX_RETURN(CRLSELECTOR);
+}
+
+
+/*
+ * FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext
+ * (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_CRLSelector_GetCRLSelectorContext(
+ PKIX_CRLSelector *selector,
+ void **pCrlSelectorContext,
+ void *plContext)
+{
+ PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetCRLSelectorContext");
+ PKIX_NULLCHECK_TWO(selector, pCrlSelectorContext);
+
+ PKIX_INCREF(selector->context);
+
+ *pCrlSelectorContext = selector->context;
+
+cleanup:
+ PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams
+ * (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_CRLSelector_GetCommonCRLSelectorParams(
+ PKIX_CRLSelector *selector,
+ PKIX_ComCRLSelParams **pParams,
+ void *plContext)
+{
+ PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetCommonCRLSelectorParams");
+ PKIX_NULLCHECK_TWO(selector, pParams);
+
+ PKIX_INCREF(selector->params);
+
+ *pParams = selector->params;
+
+cleanup:
+ PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams
+ * (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_CRLSelector_SetCommonCRLSelectorParams(
+ PKIX_CRLSelector *selector,
+ PKIX_ComCRLSelParams *params,
+ void *plContext)
+{
+ PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_SetCommonCRLSelectorParams");
+ PKIX_NULLCHECK_TWO(selector, params);
+
+ PKIX_DECREF(selector->params);
+
+ PKIX_INCREF(params);
+ selector->params = params;
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)selector, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+ PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CRLSelector_Select
+ * DESCRIPTION:
+ *
+ * This function applies the selector pointed to by "selector" to each CRL,
+ * in turn, in the List pointed to by "before", and creates a List containing
+ * all the CRLs that matched, or passed the selection process, storing that
+ * List at "pAfter". If no CRLs match, an empty List is stored at "pAfter".
+ *
+ * The List returned in "pAfter" is immutable.
+ *
+ * PARAMETERS:
+ * "selector"
+ * Address of CRLSelelector to be applied to the List. Must be non-NULL.
+ * "before"
+ * Address of List that is to be filtered. Must be non-NULL.
+ * "pAfter"
+ * Address at which resulting List, possibly empty, is stored. Must be
+ * non-NULL.
+ * "plContext"
+ * Platform-specific context pointer.
+ * THREAD SAFETY:
+ * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ * Returns NULL if the function succeeds.
+ * Returns a CRLSelector Error if the function fails in a non-fatal way.
+ * Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_CRLSelector_Select(
+ PKIX_CRLSelector *selector,
+ PKIX_List *before,
+ PKIX_List **pAfter,
+ void *plContext)
+{
+ PKIX_Boolean match = PKIX_FALSE;
+ PKIX_UInt32 numBefore = 0;
+ PKIX_UInt32 i = 0;
+ PKIX_List *filtered = NULL;
+ PKIX_PL_CRL *candidate = NULL;
+
+ PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_Select");
+ PKIX_NULLCHECK_THREE(selector, before, pAfter);
+
+ PKIX_CHECK(PKIX_List_Create(&filtered, plContext),
+ PKIX_LISTCREATEFAILED);
+
+ PKIX_CHECK(PKIX_List_GetLength(before, &numBefore, plContext),
+ PKIX_LISTGETLENGTHFAILED);
+
+ for (i = 0; i < numBefore; i++) {
+
+ PKIX_CHECK(PKIX_List_GetItem
+ (before, i, (PKIX_PL_Object **)&candidate, plContext),
+ PKIX_LISTGETITEMFAILED);
+
+ PKIX_CHECK_ONLY_FATAL(selector->matchCallback
+ (selector, candidate, &match, plContext),
+ PKIX_CRLSELECTORMATCHCALLBACKFAILED);
+
+ if (!(PKIX_ERROR_RECEIVED) && match == PKIX_TRUE) {
+
+ PKIX_CHECK_ONLY_FATAL(PKIX_List_AppendItem
+ (filtered,
+ (PKIX_PL_Object *)candidate,
+ plContext),
+ PKIX_LISTAPPENDITEMFAILED);
+ }
+
+ pkixTempErrorReceived = PKIX_FALSE;
+ PKIX_DECREF(candidate);
+ }
+
+ PKIX_CHECK(PKIX_List_SetImmutable(filtered, plContext),
+ PKIX_LISTSETIMMUTABLEFAILED);
+
+ /* Don't throw away the list if one CRL was bad! */
+ pkixTempErrorReceived = PKIX_FALSE;
+
+ *pAfter = filtered;
+ filtered = NULL;
+
+cleanup:
+
+ PKIX_DECREF(filtered);
+ PKIX_DECREF(candidate);
+
+ PKIX_RETURN(CRLSELECTOR);
+
+}
diff --git a/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.h b/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.h
new file mode 100644
index 0000000000..4f44cc7683
--- /dev/null
+++ b/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.h
@@ -0,0 +1,40 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_crlselector.h
+ *
+ * CrlSelector Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_CRLSELECTOR_H
+#define _PKIX_CRLSELECTOR_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_CRLSelectorStruct {
+ PKIX_CRLSelector_MatchCallback matchCallback;
+ PKIX_ComCRLSelParams *params;
+ PKIX_PL_Object *context;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_CRLSelector_RegisterSelf(void *plContext);
+
+PKIX_Error *
+pkix_CRLSelector_Select(
+ PKIX_CRLSelector *selector,
+ PKIX_List *before,
+ PKIX_List **pAfter,
+ void *plContext);
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_CRLSELECTOR_H */