summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/libpkix/pkix/params
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /security/nss/lib/libpkix/pkix/params
parentInitial commit. (diff)
downloadfirefox-esr-upstream.tar.xz
firefox-esr-upstream.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/lib/libpkix/pkix/params')
-rw-r--r--security/nss/lib/libpkix/pkix/params/Makefile46
-rw-r--r--security/nss/lib/libpkix/pkix/params/exports.gyp28
-rw-r--r--security/nss/lib/libpkix/pkix/params/manifest.mn24
-rw-r--r--security/nss/lib/libpkix/pkix/params/params.gyp26
-rw-r--r--security/nss/lib/libpkix/pkix/params/pkix_procparams.c1417
-rw-r--r--security/nss/lib/libpkix/pkix/params/pkix_procparams.h50
-rw-r--r--security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.c433
-rw-r--r--security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.h36
-rw-r--r--security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c525
-rw-r--r--security/nss/lib/libpkix/pkix/params/pkix_trustanchor.h35
-rw-r--r--security/nss/lib/libpkix/pkix/params/pkix_valparams.c335
-rw-r--r--security/nss/lib/libpkix/pkix/params/pkix_valparams.h33
12 files changed, 2988 insertions, 0 deletions
diff --git a/security/nss/lib/libpkix/pkix/params/Makefile b/security/nss/lib/libpkix/pkix/params/Makefile
new file mode 100644
index 0000000000..d714361be7
--- /dev/null
+++ b/security/nss/lib/libpkix/pkix/params/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY). #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL) #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL). #
+#######################################################################
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL) #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL). #
+#######################################################################
+
+
diff --git a/security/nss/lib/libpkix/pkix/params/exports.gyp b/security/nss/lib/libpkix/pkix/params/exports.gyp
new file mode 100644
index 0000000000..921f2ceae3
--- /dev/null
+++ b/security/nss/lib/libpkix/pkix/params/exports.gyp
@@ -0,0 +1,28 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+ 'includes': [
+ '../../../../coreconf/config.gypi'
+ ],
+ 'targets': [
+ {
+ 'target_name': 'lib_libpkix_pkix_params_exports',
+ 'type': 'none',
+ 'copies': [
+ {
+ 'files': [
+ 'pkix_procparams.h',
+ 'pkix_resourcelimits.h',
+ 'pkix_trustanchor.h',
+ 'pkix_valparams.h'
+ ],
+ 'destination': '<(nss_private_dist_dir)/<(module)'
+ }
+ ]
+ }
+ ],
+ 'variables': {
+ 'module': 'nss'
+ }
+}
diff --git a/security/nss/lib/libpkix/pkix/params/manifest.mn b/security/nss/lib/libpkix/pkix/params/manifest.mn
new file mode 100644
index 0000000000..2a77bf0eea
--- /dev/null
+++ b/security/nss/lib/libpkix/pkix/params/manifest.mn
@@ -0,0 +1,24 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../../../..
+
+PRIVATE_EXPORTS = \
+ pkix_procparams.h \
+ pkix_trustanchor.h \
+ pkix_valparams.h \
+ pkix_resourcelimits.h \
+ $(NULL)
+
+MODULE = nss
+
+CSRCS = \
+ pkix_trustanchor.c \
+ pkix_procparams.c \
+ pkix_valparams.c \
+ pkix_resourcelimits.c \
+ $(NULL)
+
+LIBRARY_NAME = pkixparams
+SHARED_LIBRARY = $(NULL)
diff --git a/security/nss/lib/libpkix/pkix/params/params.gyp b/security/nss/lib/libpkix/pkix/params/params.gyp
new file mode 100644
index 0000000000..a1463c4c7c
--- /dev/null
+++ b/security/nss/lib/libpkix/pkix/params/params.gyp
@@ -0,0 +1,26 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+ 'includes': [
+ '../../../../coreconf/config.gypi'
+ ],
+ 'targets': [
+ {
+ 'target_name': 'pkixparams',
+ 'type': 'static_library',
+ 'sources': [
+ 'pkix_procparams.c',
+ 'pkix_resourcelimits.c',
+ 'pkix_trustanchor.c',
+ 'pkix_valparams.c'
+ ],
+ 'dependencies': [
+ '<(DEPTH)/exports.gyp:nss_exports'
+ ]
+ }
+ ],
+ 'variables': {
+ 'module': 'nss'
+ }
+} \ No newline at end of file
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_procparams.c b/security/nss/lib/libpkix/pkix/params/pkix_procparams.c
new file mode 100644
index 0000000000..260b0074c7
--- /dev/null
+++ b/security/nss/lib/libpkix/pkix/params/pkix_procparams.c
@@ -0,0 +1,1417 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_procparams.c
+ *
+ * ProcessingParams Object Functions
+ *
+ */
+
+#include "pkix_procparams.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_ProcessingParams_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ProcessingParams_Destroy(
+ PKIX_PL_Object *object,
+ void *plContext)
+{
+ PKIX_ProcessingParams *params = NULL;
+
+ PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_Destroy");
+ PKIX_NULLCHECK_ONE(object);
+
+ /* Check that this object is a processing params object */
+ PKIX_CHECK(pkix_CheckType
+ (object, PKIX_PROCESSINGPARAMS_TYPE, plContext),
+ PKIX_OBJECTNOTPROCESSINGPARAMS);
+
+ params = (PKIX_ProcessingParams *)object;
+
+ PKIX_DECREF(params->trustAnchors);
+ PKIX_DECREF(params->hintCerts);
+ PKIX_DECREF(params->constraints);
+ PKIX_DECREF(params->date);
+ PKIX_DECREF(params->initialPolicies);
+ PKIX_DECREF(params->certChainCheckers);
+ PKIX_DECREF(params->revChecker);
+ PKIX_DECREF(params->certStores);
+ PKIX_DECREF(params->resourceLimits);
+
+cleanup:
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ProcessingParams_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ProcessingParams_Equals(
+ PKIX_PL_Object *first,
+ PKIX_PL_Object *second,
+ PKIX_Boolean *pResult,
+ void *plContext)
+{
+ PKIX_UInt32 secondType;
+ PKIX_Boolean cmpResult;
+ PKIX_ProcessingParams *firstProcParams = NULL;
+ PKIX_ProcessingParams *secondProcParams = NULL;
+
+ PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_Equals");
+ PKIX_NULLCHECK_THREE(first, second, pResult);
+
+ PKIX_CHECK(pkix_CheckType(first, PKIX_PROCESSINGPARAMS_TYPE, plContext),
+ PKIX_FIRSTOBJECTNOTPROCESSINGPARAMS);
+
+ PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
+ PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+
+ *pResult = PKIX_FALSE;
+
+ if (secondType != PKIX_PROCESSINGPARAMS_TYPE) goto cleanup;
+
+ firstProcParams = (PKIX_ProcessingParams *)first;
+ secondProcParams = (PKIX_ProcessingParams *)second;
+
+ /* Do the simplest tests first */
+ if ((firstProcParams->qualifiersRejected) !=
+ (secondProcParams->qualifiersRejected)) {
+ goto cleanup;
+ }
+
+ if (firstProcParams->isCrlRevocationCheckingEnabled !=
+ secondProcParams->isCrlRevocationCheckingEnabled) {
+ goto cleanup;
+ }
+ if (firstProcParams->isCrlRevocationCheckingEnabledWithNISTPolicy !=
+ secondProcParams->isCrlRevocationCheckingEnabledWithNISTPolicy) {
+ goto cleanup;
+ }
+
+ /* trustAnchors can never be NULL */
+
+ PKIX_EQUALS
+ (firstProcParams->trustAnchors,
+ secondProcParams->trustAnchors,
+ &cmpResult,
+ plContext,
+ PKIX_OBJECTEQUALSFAILED);
+
+ if (!cmpResult) goto cleanup;
+
+ PKIX_EQUALS
+ (firstProcParams->hintCerts,
+ secondProcParams->hintCerts,
+ &cmpResult,
+ plContext,
+ PKIX_OBJECTEQUALSFAILED);
+
+ if (!cmpResult) goto cleanup;
+
+ PKIX_EQUALS
+ (firstProcParams->date,
+ secondProcParams->date,
+ &cmpResult,
+ plContext,
+ PKIX_OBJECTEQUALSFAILED);
+
+ if (!cmpResult) goto cleanup;
+
+ PKIX_EQUALS
+ (firstProcParams->constraints,
+ secondProcParams->constraints,
+ &cmpResult,
+ plContext,
+ PKIX_OBJECTEQUALSFAILED);
+
+ if (!cmpResult) goto cleanup;
+
+ PKIX_EQUALS
+ (firstProcParams->initialPolicies,
+ secondProcParams->initialPolicies,
+ &cmpResult,
+ plContext,
+ PKIX_OBJECTEQUALSFAILED);
+
+ if (!cmpResult) goto cleanup;
+
+ /* There is no Equals function for CertChainCheckers */
+
+ PKIX_EQUALS
+ ((PKIX_PL_Object *)firstProcParams->certStores,
+ (PKIX_PL_Object *)secondProcParams->certStores,
+ &cmpResult,
+ plContext,
+ PKIX_OBJECTEQUALSFAILED);
+
+ if (!cmpResult) goto cleanup;
+
+ PKIX_EQUALS
+ (firstProcParams->resourceLimits,
+ secondProcParams->resourceLimits,
+ &cmpResult,
+ plContext,
+ PKIX_OBJECTEQUALSFAILED);
+
+ if (cmpResult == PKIX_FALSE) {
+ *pResult = PKIX_FALSE;
+ goto cleanup;
+ }
+
+ *pResult = cmpResult;
+
+cleanup:
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ProcessingParams_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ProcessingParams_Hashcode(
+ PKIX_PL_Object *object,
+ PKIX_UInt32 *pHashcode,
+ void *plContext)
+{
+ PKIX_ProcessingParams *procParams = NULL;
+ PKIX_UInt32 hash = 0;
+ PKIX_UInt32 anchorsHash = 0;
+ PKIX_UInt32 hintCertsHash = 0;
+ PKIX_UInt32 dateHash = 0;
+ PKIX_UInt32 constraintsHash = 0;
+ PKIX_UInt32 initialHash = 0;
+ PKIX_UInt32 rejectedHash = 0;
+ PKIX_UInt32 certChainCheckersHash = 0;
+ PKIX_UInt32 revCheckerHash = 0;
+ PKIX_UInt32 certStoresHash = 0;
+ PKIX_UInt32 resourceLimitsHash = 0;
+
+ PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_Hashcode");
+ PKIX_NULLCHECK_TWO(object, pHashcode);
+
+ PKIX_CHECK(pkix_CheckType
+ (object, PKIX_PROCESSINGPARAMS_TYPE, plContext),
+ PKIX_OBJECTNOTPROCESSINGPARAMS);
+
+ procParams = (PKIX_ProcessingParams*)object;
+
+ PKIX_HASHCODE(procParams->trustAnchors, &anchorsHash, plContext,
+ PKIX_OBJECTHASHCODEFAILED);
+
+ PKIX_HASHCODE(procParams->hintCerts, &hintCertsHash, plContext,
+ PKIX_OBJECTHASHCODEFAILED);
+
+ PKIX_HASHCODE(procParams->date, &dateHash, plContext,
+ PKIX_OBJECTHASHCODEFAILED);
+
+ PKIX_HASHCODE(procParams->constraints, &constraintsHash, plContext,
+ PKIX_OBJECTHASHCODEFAILED);
+
+ PKIX_HASHCODE(procParams->initialPolicies, &initialHash, plContext,
+ PKIX_OBJECTHASHCODEFAILED);
+
+ rejectedHash = procParams->qualifiersRejected;
+
+ /* There is no Hash function for CertChainCheckers */
+
+ PKIX_HASHCODE(procParams->certStores, &certStoresHash, plContext,
+ PKIX_OBJECTHASHCODEFAILED);
+
+ PKIX_HASHCODE(procParams->resourceLimits,
+ &resourceLimitsHash,
+ plContext,
+ PKIX_OBJECTHASHCODEFAILED);
+
+ hash = (31 * ((31 * anchorsHash) + hintCertsHash + dateHash)) +
+ constraintsHash + initialHash + rejectedHash;
+
+ hash += ((((certStoresHash + resourceLimitsHash) << 7) +
+ certChainCheckersHash + revCheckerHash +
+ procParams->isCrlRevocationCheckingEnabled +
+ procParams->isCrlRevocationCheckingEnabledWithNISTPolicy) << 7);
+
+ *pHashcode = hash;
+
+cleanup:
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ProcessingParams_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ProcessingParams_ToString(
+ PKIX_PL_Object *object,
+ PKIX_PL_String **pString,
+ void *plContext)
+{
+ PKIX_ProcessingParams *procParams = NULL;
+ char *asciiFormat = NULL;
+ PKIX_PL_String *formatString = NULL;
+ PKIX_PL_String *procParamsString = NULL;
+ PKIX_PL_String *anchorsString = NULL;
+ PKIX_PL_String *dateString = NULL;
+ PKIX_PL_String *constraintsString = NULL;
+ PKIX_PL_String *InitialPoliciesString = NULL;
+ PKIX_PL_String *qualsRejectedString = NULL;
+ PKIX_List *certStores = NULL;
+ PKIX_PL_String *certStoresString = NULL;
+ PKIX_PL_String *resourceLimitsString = NULL;
+
+ PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_ToString");
+ PKIX_NULLCHECK_TWO(object, pString);
+
+ PKIX_CHECK(pkix_CheckType
+ (object, PKIX_PROCESSINGPARAMS_TYPE, plContext),
+ PKIX_OBJECTNOTPROCESSINGPARAMS);
+
+ asciiFormat =
+ "[\n"
+ "\tTrust Anchors: \n"
+ "\t********BEGIN LIST OF TRUST ANCHORS********\n"
+ "\t\t%s\n"
+ "\t********END LIST OF TRUST ANCHORS********\n"
+ "\tDate: \t\t%s\n"
+ "\tTarget Constraints: %s\n"
+ "\tInitial Policies: %s\n"
+ "\tQualifiers Rejected: %s\n"
+ "\tCert Stores: %s\n"
+ "\tResource Limits: %s\n"
+ "\tCRL Checking Enabled: %d\n"
+ "]\n";
+
+ PKIX_CHECK(PKIX_PL_String_Create
+ (PKIX_ESCASCII,
+ asciiFormat,
+ 0,
+ &formatString,
+ plContext),
+ PKIX_STRINGCREATEFAILED);
+
+ procParams = (PKIX_ProcessingParams*)object;
+
+ PKIX_TOSTRING(procParams->trustAnchors, &anchorsString, plContext,
+ PKIX_OBJECTTOSTRINGFAILED);
+
+ PKIX_TOSTRING(procParams->date, &dateString, plContext,
+ PKIX_OBJECTTOSTRINGFAILED);
+
+ PKIX_TOSTRING(procParams->constraints, &constraintsString, plContext,
+ PKIX_OBJECTTOSTRINGFAILED);
+
+ PKIX_TOSTRING
+ (procParams->initialPolicies, &InitialPoliciesString, plContext,
+ PKIX_OBJECTTOSTRINGFAILED);
+
+ PKIX_CHECK(PKIX_PL_String_Create
+ (PKIX_ESCASCII,
+ (procParams->qualifiersRejected)?"TRUE":"FALSE",
+ 0,
+ &qualsRejectedString,
+ plContext),
+ PKIX_STRINGCREATEFAILED);
+
+ /* There is no ToString function for CertChainCheckers */
+
+ PKIX_CHECK(PKIX_ProcessingParams_GetCertStores
+ (procParams, &certStores, plContext),
+ PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED);
+
+ PKIX_TOSTRING(certStores, &certStoresString, plContext,
+ PKIX_LISTTOSTRINGFAILED);
+
+ PKIX_TOSTRING(procParams->resourceLimits,
+ &resourceLimitsString,
+ plContext,
+ PKIX_OBJECTTOSTRINGFAILED);
+
+ PKIX_CHECK(PKIX_PL_Sprintf
+ (&procParamsString,
+ plContext,
+ formatString,
+ anchorsString,
+ dateString,
+ constraintsString,
+ InitialPoliciesString,
+ qualsRejectedString,
+ certStoresString,
+ resourceLimitsString,
+ procParams->isCrlRevocationCheckingEnabled,
+ procParams->isCrlRevocationCheckingEnabledWithNISTPolicy),
+ PKIX_SPRINTFFAILED);
+
+ *pString = procParamsString;
+
+cleanup:
+
+ PKIX_DECREF(formatString);
+ PKIX_DECREF(anchorsString);
+ PKIX_DECREF(dateString);
+ PKIX_DECREF(constraintsString);
+ PKIX_DECREF(InitialPoliciesString);
+ PKIX_DECREF(qualsRejectedString);
+ PKIX_DECREF(certStores);
+ PKIX_DECREF(certStoresString);
+ PKIX_DECREF(resourceLimitsString);
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ProcessingParams_Duplicate
+ * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ProcessingParams_Duplicate(
+ PKIX_PL_Object *object,
+ PKIX_PL_Object **pNewObject,
+ void *plContext)
+{
+ PKIX_ProcessingParams *params = NULL;
+ PKIX_ProcessingParams *paramsDuplicate = NULL;
+
+ PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_Duplicate");
+ PKIX_NULLCHECK_TWO(object, pNewObject);
+
+ PKIX_CHECK(pkix_CheckType
+ (object, PKIX_PROCESSINGPARAMS_TYPE, plContext),
+ PKIX_OBJECTNOTPROCESSINGPARAMS);
+
+ params = (PKIX_ProcessingParams *)object;
+
+ PKIX_CHECK(PKIX_PL_Object_Alloc
+ (PKIX_PROCESSINGPARAMS_TYPE,
+ sizeof (PKIX_ProcessingParams),
+ (PKIX_PL_Object **)&paramsDuplicate,
+ plContext),
+ PKIX_PROCESSINGPARAMSCREATEFAILED);
+
+ /* initialize fields */
+ PKIX_DUPLICATE
+ (params->trustAnchors,
+ &(paramsDuplicate->trustAnchors),
+ plContext,
+ PKIX_OBJECTDUPLICATEFAILED);
+
+ PKIX_DUPLICATE
+ (params->hintCerts, &(paramsDuplicate->hintCerts), plContext,
+ PKIX_OBJECTDUPLICATEFAILED);
+
+ PKIX_DUPLICATE
+ (params->constraints,
+ &(paramsDuplicate->constraints),
+ plContext,
+ PKIX_OBJECTDUPLICATEFAILED);
+
+ PKIX_DUPLICATE
+ (params->date, &(paramsDuplicate->date), plContext,
+ PKIX_OBJECTDUPLICATEFAILED);
+
+ PKIX_DUPLICATE
+ (params->initialPolicies,
+ &(paramsDuplicate->initialPolicies),
+ plContext,
+ PKIX_OBJECTDUPLICATEFAILED);
+
+ paramsDuplicate->initialPolicyMappingInhibit =
+ params->initialPolicyMappingInhibit;
+ paramsDuplicate->initialAnyPolicyInhibit =
+ params->initialAnyPolicyInhibit;
+ paramsDuplicate->initialExplicitPolicy = params->initialExplicitPolicy;
+ paramsDuplicate->qualifiersRejected = params->qualifiersRejected;
+
+ PKIX_DUPLICATE
+ (params->certChainCheckers,
+ &(paramsDuplicate->certChainCheckers),
+ plContext,
+ PKIX_OBJECTDUPLICATEFAILED);
+
+ PKIX_DUPLICATE
+ (params->revChecker,
+ &(paramsDuplicate->revChecker),
+ plContext,
+ PKIX_OBJECTDUPLICATEFAILED);
+
+ PKIX_DUPLICATE
+ (params->certStores, &(paramsDuplicate->certStores), plContext,
+ PKIX_OBJECTDUPLICATEFAILED);
+
+ PKIX_DUPLICATE
+ (params->resourceLimits,
+ &(paramsDuplicate->resourceLimits),
+ plContext,
+ PKIX_OBJECTDUPLICATEFAILED);
+
+ paramsDuplicate->isCrlRevocationCheckingEnabled =
+ params->isCrlRevocationCheckingEnabled;
+
+ paramsDuplicate->isCrlRevocationCheckingEnabledWithNISTPolicy =
+ params->isCrlRevocationCheckingEnabledWithNISTPolicy;
+
+ *pNewObject = (PKIX_PL_Object *)paramsDuplicate;
+
+cleanup:
+
+ if (PKIX_ERROR_RECEIVED){
+ PKIX_DECREF(paramsDuplicate);
+ }
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+
+}
+
+/*
+ * FUNCTION: pkix_ProcessingParams_RegisterSelf
+ * DESCRIPTION:
+ * Registers PKIX_PROCESSINGPARAMS_TYPE and its related functions with
+ * systemClasses[]
+ * THREAD SAFETY:
+ * Not Thread Safe - for performance and complexity reasons
+ *
+ * Since this function is only called by PKIX_PL_Initialize, which should
+ * only be called once, it is acceptable that this function is not
+ * thread-safe.
+ */
+PKIX_Error *
+pkix_ProcessingParams_RegisterSelf(void *plContext)
+{
+ extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+ pkix_ClassTable_Entry entry;
+
+ PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_RegisterSelf");
+
+ entry.description = "ProcessingParams";
+ entry.objCounter = 0;
+ entry.typeObjectSize = sizeof(PKIX_ProcessingParams);
+ entry.destructor = pkix_ProcessingParams_Destroy;
+ entry.equalsFunction = pkix_ProcessingParams_Equals;
+ entry.hashcodeFunction = pkix_ProcessingParams_Hashcode;
+ entry.toStringFunction = pkix_ProcessingParams_ToString;
+ entry.comparator = NULL;
+ entry.duplicateFunction = pkix_ProcessingParams_Duplicate;
+
+ systemClasses[PKIX_PROCESSINGPARAMS_TYPE] = entry;
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/* --Public-Functions--------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_Create (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_Create(
+ PKIX_ProcessingParams **pParams,
+ void *plContext)
+{
+ PKIX_ProcessingParams *params = NULL;
+
+ PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_Create");
+ PKIX_NULLCHECK_ONE(pParams);
+
+ PKIX_CHECK(PKIX_PL_Object_Alloc
+ (PKIX_PROCESSINGPARAMS_TYPE,
+ sizeof (PKIX_ProcessingParams),
+ (PKIX_PL_Object **)&params,
+ plContext),
+ PKIX_COULDNOTCREATEPROCESSINGPARAMSOBJECT);
+
+ /* initialize fields */
+ PKIX_CHECK(PKIX_List_Create(&params->trustAnchors, plContext),
+ PKIX_LISTCREATEFAILED);
+ PKIX_CHECK(PKIX_List_SetImmutable(params->trustAnchors, plContext),
+ PKIX_LISTSETIMMUTABLEFAILED);
+
+ PKIX_CHECK(PKIX_PL_Date_Create_UTCTime
+ (NULL, &params->date, plContext),
+ PKIX_DATECREATEUTCTIMEFAILED);
+
+ params->hintCerts = NULL;
+ params->constraints = NULL;
+ params->initialPolicies = NULL;
+ params->initialPolicyMappingInhibit = PKIX_FALSE;
+ params->initialAnyPolicyInhibit = PKIX_FALSE;
+ params->initialExplicitPolicy = PKIX_FALSE;
+ params->qualifiersRejected = PKIX_FALSE;
+ params->certChainCheckers = NULL;
+ params->revChecker = NULL;
+ params->certStores = NULL;
+ params->resourceLimits = NULL;
+
+ params->isCrlRevocationCheckingEnabled = PKIX_TRUE;
+
+ params->isCrlRevocationCheckingEnabledWithNISTPolicy = PKIX_TRUE;
+
+ params->useAIAForCertFetching = PKIX_FALSE;
+ params->qualifyTargetCert = PKIX_TRUE;
+ params->useOnlyTrustAnchors = PKIX_TRUE;
+
+ *pParams = params;
+ params = NULL;
+
+cleanup:
+
+ PKIX_DECREF(params);
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetUseAIAForCertFetching
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetUseAIAForCertFetching(
+ PKIX_ProcessingParams *params,
+ PKIX_Boolean *pUseAIA, /* list of TrustAnchor */
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetUseAIAForCertFetching");
+ PKIX_NULLCHECK_TWO(params, pUseAIA);
+
+ *pUseAIA = params->useAIAForCertFetching;
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetUseAIAForCertFetching
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetUseAIAForCertFetching(
+ PKIX_ProcessingParams *params,
+ PKIX_Boolean useAIA,
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetUseAIAForCertFetching");
+ PKIX_NULLCHECK_ONE(params);
+
+ params->useAIAForCertFetching = useAIA;
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetQualifyTargetCert
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetValidateTargetCert(
+ PKIX_ProcessingParams *params,
+ PKIX_Boolean *pQualifyTargetCert,
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_GetValidateTargetCert");
+ PKIX_NULLCHECK_TWO(params, pQualifyTargetCert);
+
+ *pQualifyTargetCert = params->qualifyTargetCert;
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetQualifyTargetCert
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetQualifyTargetCert(
+ PKIX_ProcessingParams *params,
+ PKIX_Boolean qualifyTargetCert,
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_SetQualifyTargetCert");
+ PKIX_NULLCHECK_ONE(params);
+
+ params->qualifyTargetCert = qualifyTargetCert;
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetTrustAnchors
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetTrustAnchors(
+ PKIX_ProcessingParams *params,
+ PKIX_List *anchors, /* list of TrustAnchor */
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetTrustAnchors");
+ PKIX_NULLCHECK_TWO(params, anchors);
+
+ PKIX_DECREF(params->trustAnchors);
+
+ PKIX_INCREF(anchors);
+ params->trustAnchors = anchors;
+ PKIX_CHECK(PKIX_List_SetImmutable(params->trustAnchors, plContext),
+ PKIX_LISTSETIMMUTABLEFAILED);
+
+cleanup:
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetTrustAnchors
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetTrustAnchors(
+ PKIX_ProcessingParams *params,
+ PKIX_List **pAnchors, /* list of TrustAnchor */
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetTrustAnchors");
+ PKIX_NULLCHECK_TWO(params, pAnchors);
+
+ PKIX_INCREF(params->trustAnchors);
+
+ *pAnchors = params->trustAnchors;
+
+cleanup:
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/**
+ * FUNCTION: PKIX_ProcessingParams_SetUseOnlyTrustAnchors
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetUseOnlyTrustAnchors(
+ PKIX_ProcessingParams *params,
+ PKIX_Boolean *pUseOnlyTrustAnchors,
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_SetUseTrustAnchorsOnly");
+ PKIX_NULLCHECK_TWO(params, pUseOnlyTrustAnchors);
+
+ *pUseOnlyTrustAnchors = params->useOnlyTrustAnchors;
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/**
+ * FUNCTION: PKIX_ProcessingParams_SetUseOnlyTrustAnchors
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetUseOnlyTrustAnchors(
+ PKIX_ProcessingParams *params,
+ PKIX_Boolean useOnlyTrustAnchors,
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_SetUseTrustAnchorsOnly");
+ PKIX_NULLCHECK_ONE(params);
+
+ params->useOnlyTrustAnchors = useOnlyTrustAnchors;
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetDate (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetDate(
+ PKIX_ProcessingParams *params,
+ PKIX_PL_Date **pDate,
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetDate");
+ PKIX_NULLCHECK_TWO(params, pDate);
+
+ PKIX_INCREF(params->date);
+ *pDate = params->date;
+
+cleanup:
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetDate (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetDate(
+ PKIX_ProcessingParams *params,
+ PKIX_PL_Date *date,
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetDate");
+ PKIX_NULLCHECK_ONE(params);
+
+ PKIX_DECREF(params->date);
+
+ PKIX_INCREF(date);
+ params->date = date;
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+ if (PKIX_ERROR_RECEIVED && params) {
+ PKIX_DECREF(params->date);
+ }
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetTargetCertConstraints
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetTargetCertConstraints(
+ PKIX_ProcessingParams *params,
+ PKIX_CertSelector **pConstraints,
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_GetTargetCertConstraints");
+
+ PKIX_NULLCHECK_TWO(params, pConstraints);
+
+ PKIX_INCREF(params->constraints);
+ *pConstraints = params->constraints;
+
+cleanup:
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetTargetCertConstraints
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetTargetCertConstraints(
+ PKIX_ProcessingParams *params,
+ PKIX_CertSelector *constraints,
+ void *plContext)
+{
+
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_SetTargetCertConstraints");
+
+ PKIX_NULLCHECK_ONE(params);
+
+ PKIX_DECREF(params->constraints);
+
+ PKIX_INCREF(constraints);
+ params->constraints = constraints;
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+ if (PKIX_ERROR_RECEIVED && params) {
+ PKIX_DECREF(params->constraints);
+ }
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetInitialPolicies
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetInitialPolicies(
+ PKIX_ProcessingParams *params,
+ PKIX_List **pInitPolicies, /* list of PKIX_PL_OID */
+ void *plContext)
+{
+
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_GetInitialPolicies");
+
+ PKIX_NULLCHECK_TWO(params, pInitPolicies);
+
+ if (params->initialPolicies == NULL) {
+ PKIX_CHECK(PKIX_List_Create
+ (&params->initialPolicies, plContext),
+ PKIX_UNABLETOCREATELIST);
+ PKIX_CHECK(PKIX_List_SetImmutable
+ (params->initialPolicies, plContext),
+ PKIX_UNABLETOMAKELISTIMMUTABLE);
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+ }
+
+ PKIX_INCREF(params->initialPolicies);
+ *pInitPolicies = params->initialPolicies;
+
+cleanup:
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetInitialPolicies
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetInitialPolicies(
+ PKIX_ProcessingParams *params,
+ PKIX_List *initPolicies, /* list of PKIX_PL_OID */
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_SetInitialPolicies");
+ PKIX_NULLCHECK_ONE(params);
+
+ PKIX_DECREF(params->initialPolicies);
+
+ PKIX_INCREF(initPolicies);
+ params->initialPolicies = initPolicies;
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+ if (PKIX_ERROR_RECEIVED && params) {
+ PKIX_DECREF(params->initialPolicies);
+ }
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetPolicyQualifiersRejected
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetPolicyQualifiersRejected(
+ PKIX_ProcessingParams *params,
+ PKIX_Boolean *pRejected,
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_GetPolicyQualifiersRejected");
+
+ PKIX_NULLCHECK_TWO(params, pRejected);
+
+ *pRejected = params->qualifiersRejected;
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetPolicyQualifiersRejected
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetPolicyQualifiersRejected(
+ PKIX_ProcessingParams *params,
+ PKIX_Boolean rejected,
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_SetPolicyQualifiersRejected");
+
+ PKIX_NULLCHECK_ONE(params);
+
+ params->qualifiersRejected = rejected;
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetCertChainCheckers
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetCertChainCheckers(
+ PKIX_ProcessingParams *params,
+ PKIX_List **pCheckers, /* list of PKIX_CertChainChecker */
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_GetCertChainCheckers");
+ PKIX_NULLCHECK_TWO(params, pCheckers);
+
+ PKIX_INCREF(params->certChainCheckers);
+ *pCheckers = params->certChainCheckers;
+
+cleanup:
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetCertChainCheckers
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetCertChainCheckers(
+ PKIX_ProcessingParams *params,
+ PKIX_List *checkers, /* list of PKIX_CertChainChecker */
+ void *plContext)
+{
+
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_SetCertChainCheckers");
+ PKIX_NULLCHECK_ONE(params);
+
+ PKIX_DECREF(params->certChainCheckers);
+
+ PKIX_INCREF(checkers);
+ params->certChainCheckers = checkers;
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+ if (PKIX_ERROR_RECEIVED && params) {
+ PKIX_DECREF(params->certChainCheckers);
+ }
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_AddCertChainCheckers
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_AddCertChainChecker(
+ PKIX_ProcessingParams *params,
+ PKIX_CertChainChecker *checker,
+ void *plContext)
+{
+ PKIX_List *list = NULL;
+
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_AddCertChainChecker");
+ PKIX_NULLCHECK_TWO(params, checker);
+
+ if (params->certChainCheckers == NULL) {
+
+ PKIX_CHECK(PKIX_List_Create(&list, plContext),
+ PKIX_LISTCREATEFAILED);
+
+ params->certChainCheckers = list;
+ }
+
+ PKIX_CHECK(PKIX_List_AppendItem
+ (params->certChainCheckers, (PKIX_PL_Object *)checker, plContext),
+ PKIX_LISTAPPENDITEMFAILED);
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+
+ list = NULL;
+
+cleanup:
+
+ if (list && params) {
+ PKIX_DECREF(params->certChainCheckers);
+ }
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetRevocationChecker
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetRevocationChecker(
+ PKIX_ProcessingParams *params,
+ PKIX_RevocationChecker **pChecker,
+ void *plContext)
+{
+
+ PKIX_ENTER
+ (PROCESSINGPARAMS, "PKIX_ProcessingParams_GetRevocationCheckers");
+ PKIX_NULLCHECK_TWO(params, pChecker);
+
+ PKIX_INCREF(params->revChecker);
+ *pChecker = params->revChecker;
+
+cleanup:
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetRevocationChecker
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetRevocationChecker(
+ PKIX_ProcessingParams *params,
+ PKIX_RevocationChecker *checker,
+ void *plContext)
+{
+
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_InitRevocationChecker");
+ PKIX_NULLCHECK_ONE(params);
+
+ PKIX_DECREF(params->revChecker);
+ PKIX_INCREF(checker);
+ params->revChecker = checker;
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+cleanup:
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetCertStores
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetCertStores(
+ PKIX_ProcessingParams *params,
+ PKIX_List **pStores, /* list of PKIX_CertStore */
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetCertStores");
+
+ PKIX_NULLCHECK_TWO(params, pStores);
+
+ if (!params->certStores){
+ PKIX_CHECK(PKIX_List_Create(&params->certStores, plContext),
+ PKIX_UNABLETOCREATELIST);
+ }
+
+ PKIX_INCREF(params->certStores);
+ *pStores = params->certStores;
+
+cleanup:
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetCertStores
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetCertStores(
+ PKIX_ProcessingParams *params,
+ PKIX_List *stores, /* list of PKIX_CertStore */
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetCertStores");
+
+ PKIX_NULLCHECK_ONE(params);
+
+ PKIX_DECREF(params->certStores);
+
+ PKIX_INCREF(stores);
+ params->certStores = stores;
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+ if (PKIX_ERROR_RECEIVED && params) {
+ PKIX_DECREF(params->certStores);
+ }
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_AddCertStore
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_AddCertStore(
+ PKIX_ProcessingParams *params,
+ PKIX_CertStore *store,
+ void *plContext)
+{
+ PKIX_List *certStores = NULL;
+
+ PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_AddCertStore");
+ PKIX_NULLCHECK_TWO(params, store);
+
+ PKIX_CHECK(PKIX_ProcessingParams_GetCertStores
+ (params, &certStores, plContext),
+ PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED);
+
+ PKIX_CHECK(PKIX_List_AppendItem
+ (certStores, (PKIX_PL_Object *)store, plContext),
+ PKIX_LISTAPPENDITEMFAILED);
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+ PKIX_DECREF(certStores);
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetResourceLimits
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetResourceLimits(
+ PKIX_ProcessingParams *params,
+ PKIX_ResourceLimits *resourceLimits,
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_SetResourceLimits");
+
+ PKIX_NULLCHECK_TWO(params, resourceLimits);
+
+ PKIX_DECREF(params->resourceLimits);
+ PKIX_INCREF(resourceLimits);
+ params->resourceLimits = resourceLimits;
+
+cleanup:
+ if (PKIX_ERROR_RECEIVED && params) {
+ PKIX_DECREF(params->resourceLimits);
+ }
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetResourceLimits
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetResourceLimits(
+ PKIX_ProcessingParams *params,
+ PKIX_ResourceLimits **pResourceLimits,
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_GetResourceLimits");
+
+ PKIX_NULLCHECK_TWO(params, pResourceLimits);
+
+ PKIX_INCREF(params->resourceLimits);
+ *pResourceLimits = params->resourceLimits;
+
+cleanup:
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_IsAnyPolicyInhibited
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_IsAnyPolicyInhibited(
+ PKIX_ProcessingParams *params,
+ PKIX_Boolean *pInhibited,
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_IsAnyPolicyInhibited");
+
+ PKIX_NULLCHECK_TWO(params, pInhibited);
+
+ *pInhibited = params->initialAnyPolicyInhibit;
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetAnyPolicyInhibited
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetAnyPolicyInhibited(
+ PKIX_ProcessingParams *params,
+ PKIX_Boolean inhibited,
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_SetAnyPolicyInhibited");
+
+ PKIX_NULLCHECK_ONE(params);
+
+ params->initialAnyPolicyInhibit = inhibited;
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_IsExplicitPolicyRequired
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_IsExplicitPolicyRequired(
+ PKIX_ProcessingParams *params,
+ PKIX_Boolean *pRequired,
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_IsExplicitPolicyRequired");
+
+ PKIX_NULLCHECK_TWO(params, pRequired);
+
+ *pRequired = params->initialExplicitPolicy;
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetExplicitPolicyRequired
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetExplicitPolicyRequired(
+ PKIX_ProcessingParams *params,
+ PKIX_Boolean required,
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_SetExplicitPolicyRequired");
+
+ PKIX_NULLCHECK_ONE(params);
+
+ params->initialExplicitPolicy = required;
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_IsPolicyMappingInhibited
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_IsPolicyMappingInhibited(
+ PKIX_ProcessingParams *params,
+ PKIX_Boolean *pInhibited,
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_IsPolicyMappingInhibited");
+
+ PKIX_NULLCHECK_TWO(params, pInhibited);
+
+ *pInhibited = params->initialPolicyMappingInhibit;
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetPolicyMappingInhibited
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetPolicyMappingInhibited(
+ PKIX_ProcessingParams *params,
+ PKIX_Boolean inhibited,
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS,
+ "PKIX_ProcessingParams_SetPolicyMappingInhibited");
+
+ PKIX_NULLCHECK_ONE(params);
+
+ params->initialPolicyMappingInhibit = inhibited;
+
+ PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+ ((PKIX_PL_Object *)params, plContext),
+ PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetHintCerts
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetHintCerts(
+ PKIX_ProcessingParams *params,
+ PKIX_List *hintCerts,
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetHintCerts");
+
+ PKIX_NULLCHECK_ONE(params);
+
+ PKIX_DECREF(params->hintCerts);
+ PKIX_INCREF(hintCerts);
+ params->hintCerts = hintCerts;
+
+cleanup:
+ if (PKIX_ERROR_RECEIVED && params) {
+ PKIX_DECREF(params->hintCerts);
+ }
+
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetHintCerts
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetHintCerts(
+ PKIX_ProcessingParams *params,
+ PKIX_List **pHintCerts,
+ void *plContext)
+{
+ PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetHintCerts");
+
+ PKIX_NULLCHECK_TWO(params, pHintCerts);
+
+ PKIX_INCREF(params->hintCerts);
+ *pHintCerts = params->hintCerts;
+
+cleanup:
+ PKIX_RETURN(PROCESSINGPARAMS);
+}
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_procparams.h b/security/nss/lib/libpkix/pkix/params/pkix_procparams.h
new file mode 100644
index 0000000000..599f5d4988
--- /dev/null
+++ b/security/nss/lib/libpkix/pkix/params/pkix_procparams.h
@@ -0,0 +1,50 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_procparams.h
+ *
+ * ProcessingParams Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_PROCESSINGPARAMS_H
+#define _PKIX_PROCESSINGPARAMS_H
+
+#include "pkix_tools.h"
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_ProcessingParamsStruct {
+ PKIX_List *trustAnchors; /* Never NULL */
+ PKIX_List *hintCerts; /* user-supplied partial chain, may be NULL */
+ PKIX_CertSelector *constraints;
+ PKIX_PL_Date *date;
+ PKIX_List *initialPolicies; /* list of PKIX_PL_OID */
+ PKIX_Boolean initialPolicyMappingInhibit;
+ PKIX_Boolean initialAnyPolicyInhibit;
+ PKIX_Boolean initialExplicitPolicy;
+ PKIX_Boolean qualifiersRejected;
+ PKIX_List *certChainCheckers;
+ PKIX_List *certStores;
+ PKIX_Boolean isCrlRevocationCheckingEnabled;
+ PKIX_Boolean isCrlRevocationCheckingEnabledWithNISTPolicy;
+ PKIX_RevocationChecker *revChecker;
+ PKIX_ResourceLimits *resourceLimits;
+ PKIX_Boolean useAIAForCertFetching;
+ PKIX_Boolean qualifyTargetCert;
+ PKIX_Boolean useOnlyTrustAnchors;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_ProcessingParams_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PROCESSINGPARAMS_H */
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.c b/security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.c
new file mode 100644
index 0000000000..de93e9d771
--- /dev/null
+++ b/security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.c
@@ -0,0 +1,433 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_resourcelimits.c
+ *
+ * Resourcelimits Params Object Functions
+ *
+ */
+
+#include "pkix_resourcelimits.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_ResourceLimits_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ResourceLimits_Destroy(
+ PKIX_PL_Object *object,
+ void *plContext)
+{
+ PKIX_ResourceLimits *rLimits = NULL;
+
+ PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_Destroy");
+ PKIX_NULLCHECK_ONE(object);
+
+ /* Check that this object is a ResourceLimits object */
+ PKIX_CHECK(pkix_CheckType(object, PKIX_RESOURCELIMITS_TYPE, plContext),
+ PKIX_OBJECTNOTRESOURCELIMITS);
+
+ rLimits = (PKIX_ResourceLimits *)object;
+
+ rLimits->maxTime = 0;
+ rLimits->maxFanout = 0;
+ rLimits->maxDepth = 0;
+ rLimits->maxCertsNumber = 0;
+ rLimits->maxCrlsNumber = 0;
+
+cleanup:
+
+ PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: pkix_ResourceLimits_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ResourceLimits_Equals(
+ PKIX_PL_Object *first,
+ PKIX_PL_Object *second,
+ PKIX_Boolean *pResult,
+ void *plContext)
+{
+ PKIX_UInt32 secondType;
+ PKIX_Boolean cmpResult;
+ PKIX_ResourceLimits *firstRLimits = NULL;
+ PKIX_ResourceLimits *secondRLimits = NULL;
+
+ PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_Equals");
+ PKIX_NULLCHECK_THREE(first, second, pResult);
+
+ PKIX_CHECK(pkix_CheckType(first, PKIX_RESOURCELIMITS_TYPE, plContext),
+ PKIX_FIRSTOBJECTNOTRESOURCELIMITS);
+
+ PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
+ PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+
+ *pResult = PKIX_FALSE;
+
+ if (secondType != PKIX_RESOURCELIMITS_TYPE) goto cleanup;
+
+ firstRLimits = (PKIX_ResourceLimits *)first;
+ secondRLimits = (PKIX_ResourceLimits *)second;
+
+ cmpResult = (firstRLimits->maxTime == secondRLimits->maxTime) &&
+ (firstRLimits->maxFanout == secondRLimits->maxFanout) &&
+ (firstRLimits->maxDepth == secondRLimits->maxDepth) &&
+ (firstRLimits->maxCertsNumber ==
+ secondRLimits->maxCertsNumber) &&
+ (firstRLimits->maxCrlsNumber ==
+ secondRLimits->maxCrlsNumber);
+
+ *pResult = cmpResult;
+
+cleanup:
+
+ PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: pkix_ResourceLimits_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ResourceLimits_Hashcode(
+ PKIX_PL_Object *object,
+ PKIX_UInt32 *pHashcode,
+ void *plContext)
+{
+ PKIX_ResourceLimits *rLimits = NULL;
+ PKIX_UInt32 hash = 0;
+
+ PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_Hashcode");
+ PKIX_NULLCHECK_TWO(object, pHashcode);
+
+ PKIX_CHECK(pkix_CheckType(object, PKIX_RESOURCELIMITS_TYPE, plContext),
+ PKIX_OBJECTNOTRESOURCELIMITS);
+
+ rLimits = (PKIX_ResourceLimits*)object;
+
+ hash = 31 * rLimits->maxTime + (rLimits->maxFanout << 1) +
+ (rLimits->maxDepth << 2) + (rLimits->maxCertsNumber << 3) +
+ rLimits->maxCrlsNumber;
+
+ *pHashcode = hash;
+
+cleanup:
+
+ PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: pkix_ResourceLimits_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ResourceLimits_ToString(
+ PKIX_PL_Object *object,
+ PKIX_PL_String **pString,
+ void *plContext)
+{
+ PKIX_ResourceLimits *rLimits = NULL;
+ char *asciiFormat = NULL;
+ PKIX_PL_String *formatString = NULL;
+ PKIX_PL_String *rLimitsString = NULL;
+
+ PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_ToString");
+ PKIX_NULLCHECK_TWO(object, pString);
+
+ PKIX_CHECK(pkix_CheckType(object, PKIX_RESOURCELIMITS_TYPE, plContext),
+ PKIX_OBJECTNOTRESOURCELIMITS);
+
+ /* maxCertsNumber and maxCrlsNumber are not supported */
+ asciiFormat =
+ "[\n"
+ "\tMaxTime: \t\t%d\n"
+ "\tMaxFanout: \t\t%d\n"
+ "\tMaxDepth: \t\t%d\n"
+ "]\n";
+
+ PKIX_CHECK(PKIX_PL_String_Create
+ (PKIX_ESCASCII,
+ asciiFormat,
+ 0,
+ &formatString,
+ plContext),
+ PKIX_STRINGCREATEFAILED);
+
+ rLimits = (PKIX_ResourceLimits*)object;
+
+ PKIX_CHECK(PKIX_PL_Sprintf
+ (&rLimitsString,
+ plContext,
+ formatString,
+ rLimits->maxTime,
+ rLimits->maxFanout,
+ rLimits->maxDepth),
+ PKIX_SPRINTFFAILED);
+
+ *pString = rLimitsString;
+
+cleanup:
+
+ PKIX_DECREF(formatString);
+
+ PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: pkix_ResourceLimits_RegisterSelf
+ * DESCRIPTION:
+ * Registers PKIX_RESOURCELIMITS_TYPE and its related functions with
+ * systemClasses[]
+ * THREAD SAFETY:
+ * Not Thread Safe - for performance and complexity reasons
+ *
+ * Since this function is only called by PKIX_PL_Initialize, which should
+ * only be called once, it is acceptable that this function is not
+ * thread-safe.
+ */
+PKIX_Error *
+pkix_ResourceLimits_RegisterSelf(void *plContext)
+{
+
+ extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+ pkix_ClassTable_Entry entry;
+
+ PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_RegisterSelf");
+
+ entry.description = "ResourceLimits";
+ entry.objCounter = 0;
+ entry.typeObjectSize = sizeof(PKIX_ResourceLimits);
+ entry.destructor = pkix_ResourceLimits_Destroy;
+ entry.equalsFunction = pkix_ResourceLimits_Equals;
+ entry.hashcodeFunction = pkix_ResourceLimits_Hashcode;
+ entry.toStringFunction = pkix_ResourceLimits_ToString;
+ entry.comparator = NULL;
+ entry.duplicateFunction = NULL;
+
+ systemClasses[PKIX_RESOURCELIMITS_TYPE] = entry;
+
+ PKIX_RETURN(RESOURCELIMITS);
+}
+
+/* --Public-Functions--------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_Create (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_Create(
+ PKIX_ResourceLimits **pResourceLimits,
+ void *plContext)
+{
+ PKIX_ResourceLimits *rLimits = NULL;
+
+ PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_Create");
+ PKIX_NULLCHECK_ONE(pResourceLimits);
+
+ PKIX_CHECK(PKIX_PL_Object_Alloc
+ (PKIX_RESOURCELIMITS_TYPE,
+ sizeof (PKIX_ResourceLimits),
+ (PKIX_PL_Object **)&rLimits,
+ plContext),
+ PKIX_COULDNOTCREATERESOURCELIMITOBJECT);
+
+ /* initialize fields */
+ rLimits->maxTime = 0;
+ rLimits->maxFanout = 0;
+ rLimits->maxDepth = 0;
+ rLimits->maxCertsNumber = 0;
+ rLimits->maxCrlsNumber = 0;
+
+ *pResourceLimits = rLimits;
+
+cleanup:
+
+ PKIX_RETURN(RESOURCELIMITS);
+
+}
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_GetMaxTime
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_GetMaxTime(
+ PKIX_ResourceLimits *rLimits,
+ PKIX_UInt32 *pMaxTime,
+ void *plContext)
+{
+ PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxTime");
+ PKIX_NULLCHECK_TWO(rLimits, pMaxTime);
+
+ *pMaxTime = rLimits->maxTime;
+
+ PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_SetMaxTime
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_SetMaxTime(
+ PKIX_ResourceLimits *rLimits,
+ PKIX_UInt32 maxTime,
+ void *plContext)
+{
+ PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxTime");
+ PKIX_NULLCHECK_ONE(rLimits);
+
+ rLimits->maxTime = maxTime;
+
+ PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_GetMaxFanout
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_GetMaxFanout(
+ PKIX_ResourceLimits *rLimits,
+ PKIX_UInt32 *pMaxFanout,
+ void *plContext)
+{
+ PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxFanout");
+ PKIX_NULLCHECK_TWO(rLimits, pMaxFanout);
+
+ *pMaxFanout = rLimits->maxFanout;
+
+ PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_SetMaxFanout
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_SetMaxFanout(
+ PKIX_ResourceLimits *rLimits,
+ PKIX_UInt32 maxFanout,
+ void *plContext)
+{
+ PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxFanout");
+ PKIX_NULLCHECK_ONE(rLimits);
+
+ rLimits->maxFanout = maxFanout;
+
+ PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_GetMaxDepth
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_GetMaxDepth(
+ PKIX_ResourceLimits *rLimits,
+ PKIX_UInt32 *pMaxDepth,
+ void *plContext)
+{
+ PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxDepth");
+ PKIX_NULLCHECK_TWO(rLimits, pMaxDepth);
+
+ *pMaxDepth = rLimits->maxDepth;
+
+ PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_SetMaxDepth
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_SetMaxDepth(
+ PKIX_ResourceLimits *rLimits,
+ PKIX_UInt32 maxDepth,
+ void *plContext)
+{
+ PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxDepth");
+ PKIX_NULLCHECK_ONE(rLimits);
+
+ rLimits->maxDepth = maxDepth;
+
+ PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCerts
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_GetMaxNumberOfCerts(
+ PKIX_ResourceLimits *rLimits,
+ PKIX_UInt32 *pMaxNumber,
+ void *plContext)
+{
+ PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxNumberOfCerts");
+ PKIX_NULLCHECK_TWO(rLimits, pMaxNumber);
+
+ *pMaxNumber = rLimits->maxCertsNumber;
+
+ PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCerts
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_SetMaxNumberOfCerts(
+ PKIX_ResourceLimits *rLimits,
+ PKIX_UInt32 maxNumber,
+ void *plContext)
+{
+ PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxNumberOfCerts");
+ PKIX_NULLCHECK_ONE(rLimits);
+
+ rLimits->maxCertsNumber = maxNumber;
+
+ PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCRLs
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_GetMaxNumberOfCRLs(
+ PKIX_ResourceLimits *rLimits,
+ PKIX_UInt32 *pMaxNumber,
+ void *plContext)
+{
+ PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxNumberOfCRLs");
+ PKIX_NULLCHECK_TWO(rLimits, pMaxNumber);
+
+ *pMaxNumber = rLimits->maxCrlsNumber;
+
+ PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCRLs
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_SetMaxNumberOfCRLs(
+ PKIX_ResourceLimits *rLimits,
+ PKIX_UInt32 maxNumber,
+ void *plContext)
+{
+ PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxNumberOfCRLs");
+ PKIX_NULLCHECK_ONE(rLimits);
+
+ rLimits->maxCrlsNumber = maxNumber;
+
+ PKIX_RETURN(RESOURCELIMITS);
+}
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.h b/security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.h
new file mode 100644
index 0000000000..c4f582ce6f
--- /dev/null
+++ b/security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.h
@@ -0,0 +1,36 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_resourcelimits.h
+ *
+ * ResourceLimits Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_RESOURCELIMITS_H
+#define _PKIX_RESOURCELIMITS_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_ResourceLimitsStruct {
+ PKIX_UInt32 maxTime;
+ PKIX_UInt32 maxFanout;
+ PKIX_UInt32 maxDepth;
+ PKIX_UInt32 maxCertsNumber;
+ PKIX_UInt32 maxCrlsNumber;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_ResourceLimits_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_RESOURCELIMITS_H */
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c b/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c
new file mode 100644
index 0000000000..ced16d2902
--- /dev/null
+++ b/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c
@@ -0,0 +1,525 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_trustanchor.c
+ *
+ * TrustAnchor Object Functions
+ *
+ */
+
+#include "pkix_trustanchor.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_TrustAnchor_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_TrustAnchor_Destroy(
+ PKIX_PL_Object *object,
+ void *plContext)
+{
+ PKIX_TrustAnchor *anchor = NULL;
+
+ PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Destroy");
+ PKIX_NULLCHECK_ONE(object);
+
+ /* Check that this object is a trust anchor */
+ PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
+ PKIX_OBJECTNOTTRUSTANCHOR);
+
+ anchor = (PKIX_TrustAnchor *)object;
+
+ PKIX_DECREF(anchor->trustedCert);
+ PKIX_DECREF(anchor->caName);
+ PKIX_DECREF(anchor->caPubKey);
+ PKIX_DECREF(anchor->nameConstraints);
+
+cleanup:
+
+ PKIX_RETURN(TRUSTANCHOR);
+}
+
+/*
+ * FUNCTION: pkix_TrustAnchor_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_TrustAnchor_Equals(
+ PKIX_PL_Object *first,
+ PKIX_PL_Object *second,
+ PKIX_Boolean *pResult,
+ void *plContext)
+{
+ PKIX_UInt32 secondType;
+ PKIX_Boolean cmpResult;
+ PKIX_TrustAnchor *firstAnchor = NULL;
+ PKIX_TrustAnchor *secondAnchor = NULL;
+ PKIX_PL_Cert *firstCert = NULL;
+ PKIX_PL_Cert *secondCert = NULL;
+
+ PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Equals");
+ PKIX_NULLCHECK_THREE(first, second, pResult);
+
+ PKIX_CHECK(pkix_CheckType(first, PKIX_TRUSTANCHOR_TYPE, plContext),
+ PKIX_FIRSTOBJECTNOTTRUSTANCHOR);
+
+ PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
+ PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+
+ *pResult = PKIX_FALSE;
+
+ if (secondType != PKIX_TRUSTANCHOR_TYPE) goto cleanup;
+
+ firstAnchor = (PKIX_TrustAnchor *)first;
+ secondAnchor = (PKIX_TrustAnchor *)second;
+
+ firstCert = firstAnchor->trustedCert;
+ secondCert = secondAnchor->trustedCert;
+
+ if ((firstCert && !secondCert) || (!firstCert && secondCert)){
+ goto cleanup;
+ }
+
+ if (firstCert && secondCert){
+ PKIX_CHECK(PKIX_PL_Object_Equals
+ ((PKIX_PL_Object *)firstCert,
+ (PKIX_PL_Object *)secondCert,
+ &cmpResult,
+ plContext),
+ PKIX_OBJECTEQUALSFAILED);
+ } else {
+ PKIX_CHECK(PKIX_PL_Object_Equals
+ ((PKIX_PL_Object *)firstAnchor->caName,
+ (PKIX_PL_Object *)secondAnchor->caName,
+ &cmpResult,
+ plContext),
+ PKIX_OBJECTEQUALSFAILED);
+
+ if (!cmpResult) goto cleanup;
+
+ PKIX_CHECK(PKIX_PL_Object_Equals
+ ((PKIX_PL_Object *)firstAnchor->caPubKey,
+ (PKIX_PL_Object *)secondAnchor->caPubKey,
+ &cmpResult,
+ plContext),
+ PKIX_OBJECTEQUALSFAILED);
+
+ if (!cmpResult) goto cleanup;
+
+ PKIX_EQUALS
+ (firstAnchor->nameConstraints,
+ secondAnchor->nameConstraints,
+ &cmpResult,
+ plContext,
+ PKIX_OBJECTEQUALSFAILED);
+
+ if (!cmpResult) goto cleanup;
+
+ }
+
+ *pResult = cmpResult;
+
+cleanup:
+
+ PKIX_RETURN(TRUSTANCHOR);
+}
+
+/*
+ * FUNCTION: pkix_TrustAnchor_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_TrustAnchor_Hashcode(
+ PKIX_PL_Object *object,
+ PKIX_UInt32 *pHashcode,
+ void *plContext)
+{
+ PKIX_TrustAnchor *anchor = NULL;
+ PKIX_PL_Cert *cert = NULL;
+ PKIX_UInt32 hash = 0;
+ PKIX_UInt32 certHash = 0;
+ PKIX_UInt32 nameHash = 0;
+ PKIX_UInt32 pubKeyHash = 0;
+ PKIX_UInt32 ncHash = 0;
+
+ PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Hashcode");
+ PKIX_NULLCHECK_TWO(object, pHashcode);
+
+ PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
+ PKIX_OBJECTNOTTRUSTANCHOR);
+
+ anchor = (PKIX_TrustAnchor*)object;
+ cert = anchor->trustedCert;
+
+ if (cert){
+ PKIX_CHECK(PKIX_PL_Object_Hashcode
+ ((PKIX_PL_Object *)cert,
+ &certHash,
+ plContext),
+ PKIX_OBJECTHASHCODEFAILED);
+
+ hash = certHash;
+
+ } else {
+ PKIX_CHECK(PKIX_PL_Object_Hashcode
+ ((PKIX_PL_Object *)anchor->caName,
+ &nameHash,
+ plContext),
+ PKIX_OBJECTHASHCODEFAILED);
+
+ PKIX_CHECK(PKIX_PL_Object_Hashcode
+ ((PKIX_PL_Object *)anchor->caPubKey,
+ &pubKeyHash,
+ plContext),
+ PKIX_OBJECTHASHCODEFAILED);
+
+ PKIX_HASHCODE(anchor->nameConstraints, &ncHash, plContext,
+ PKIX_OBJECTHASHCODEFAILED);
+
+ hash = 31 * nameHash + pubKeyHash + ncHash;
+
+ }
+
+ *pHashcode = hash;
+
+cleanup:
+
+ PKIX_RETURN(TRUSTANCHOR);
+}
+
+/*
+ * FUNCTION: pkix_TrustAnchor_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_TrustAnchor_ToString(
+ PKIX_PL_Object *object,
+ PKIX_PL_String **pString,
+ void *plContext)
+{
+ PKIX_TrustAnchor *anchor = NULL;
+ char *asciiFormat = NULL;
+ PKIX_PL_String *formatString = NULL;
+ PKIX_PL_String *anchorString = NULL;
+ PKIX_PL_String *certString = NULL;
+ PKIX_PL_String *nameString = NULL;
+ PKIX_PL_String *pubKeyString = NULL;
+ PKIX_PL_String *nameConstraintsString = NULL;
+
+ PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_ToString");
+ PKIX_NULLCHECK_TWO(object, pString);
+
+ PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
+ PKIX_OBJECTNOTTRUSTANCHOR);
+
+ anchor = (PKIX_TrustAnchor*)object;
+
+ if (anchor->trustedCert){
+ asciiFormat =
+ "[\n"
+ "\tTrusted Cert: %s\n"
+ "]\n";
+
+ PKIX_CHECK(PKIX_PL_String_Create
+ (PKIX_ESCASCII,
+ asciiFormat,
+ 0,
+ &formatString,
+ plContext),
+ PKIX_STRINGCREATEFAILED);
+
+ PKIX_CHECK(PKIX_PL_Object_ToString
+ ((PKIX_PL_Object *)anchor->trustedCert,
+ &certString,
+ plContext),
+ PKIX_OBJECTTOSTRINGFAILED);
+
+ PKIX_CHECK(PKIX_PL_Sprintf
+ (&anchorString,
+ plContext,
+ formatString,
+ certString),
+ PKIX_SPRINTFFAILED);
+ } else {
+ asciiFormat =
+ "[\n"
+ "\tTrusted CA Name: %s\n"
+ "\tTrusted CA PublicKey: %s\n"
+ "\tInitial Name Constraints:%s\n"
+ "]\n";
+
+ PKIX_CHECK(PKIX_PL_String_Create
+ (PKIX_ESCASCII,
+ asciiFormat,
+ 0,
+ &formatString,
+ plContext),
+ PKIX_STRINGCREATEFAILED);
+
+ PKIX_CHECK(PKIX_PL_Object_ToString
+ ((PKIX_PL_Object *)anchor->caName,
+ &nameString,
+ plContext),
+ PKIX_OBJECTTOSTRINGFAILED);
+
+ PKIX_CHECK(PKIX_PL_Object_ToString
+ ((PKIX_PL_Object *)anchor->caPubKey,
+ &pubKeyString,
+ plContext),
+ PKIX_OBJECTTOSTRINGFAILED);
+
+ PKIX_TOSTRING
+ (anchor->nameConstraints,
+ &nameConstraintsString,
+ plContext,
+ PKIX_OBJECTTOSTRINGFAILED);
+
+ PKIX_CHECK(PKIX_PL_Sprintf
+ (&anchorString,
+ plContext,
+ formatString,
+ nameString,
+ pubKeyString,
+ nameConstraintsString),
+ PKIX_SPRINTFFAILED);
+ }
+
+ *pString = anchorString;
+
+cleanup:
+
+ PKIX_DECREF(formatString);
+ PKIX_DECREF(certString);
+ PKIX_DECREF(nameString);
+ PKIX_DECREF(pubKeyString);
+ PKIX_DECREF(nameConstraintsString);
+
+ PKIX_RETURN(TRUSTANCHOR);
+}
+
+/*
+ * FUNCTION: pkix_TrustAnchor_RegisterSelf
+ * DESCRIPTION:
+ * Registers PKIX_TRUSTANCHOR_TYPE and its related functions with
+ * systemClasses[]
+ * THREAD SAFETY:
+ * Not Thread Safe - for performance and complexity reasons
+ *
+ * Since this function is only called by PKIX_PL_Initialize, which should
+ * only be called once, it is acceptable that this function is not
+ * thread-safe.
+ */
+PKIX_Error *
+pkix_TrustAnchor_RegisterSelf(void *plContext)
+{
+ extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+ pkix_ClassTable_Entry entry;
+
+ PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_RegisterSelf");
+
+ entry.description = "TrustAnchor";
+ entry.objCounter = 0;
+ entry.typeObjectSize = sizeof(PKIX_TrustAnchor);
+ entry.destructor = pkix_TrustAnchor_Destroy;
+ entry.equalsFunction = pkix_TrustAnchor_Equals;
+ entry.hashcodeFunction = pkix_TrustAnchor_Hashcode;
+ entry.toStringFunction = pkix_TrustAnchor_ToString;
+ entry.comparator = NULL;
+ entry.duplicateFunction = pkix_duplicateImmutable;
+
+ systemClasses[PKIX_TRUSTANCHOR_TYPE] = entry;
+
+ PKIX_RETURN(TRUSTANCHOR);
+}
+
+/* --Public-Functions--------------------------------------------- */
+
+
+/*
+ * FUNCTION: PKIX_TrustAnchor_CreateWithCert (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_TrustAnchor_CreateWithCert(
+ PKIX_PL_Cert *cert,
+ PKIX_TrustAnchor **pAnchor,
+ void *plContext)
+{
+ PKIX_TrustAnchor *anchor = NULL;
+
+ PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithCert");
+ PKIX_NULLCHECK_TWO(cert, pAnchor);
+
+ PKIX_CHECK(PKIX_PL_Object_Alloc
+ (PKIX_TRUSTANCHOR_TYPE,
+ sizeof (PKIX_TrustAnchor),
+ (PKIX_PL_Object **)&anchor,
+ plContext),
+ PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
+
+ /* initialize fields */
+ PKIX_CHECK(
+ PKIX_PL_Cert_SetAsTrustAnchor(cert, plContext),
+ PKIX_CERTSETASTRUSTANCHORFAILED);
+
+ PKIX_INCREF(cert);
+ anchor->trustedCert = cert;
+
+ anchor->caName = NULL;
+ anchor->caPubKey = NULL;
+
+ PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints
+ (anchor->trustedCert, &anchor->nameConstraints, plContext),
+ PKIX_CERTGETNAMECONSTRAINTSFAILED);
+
+
+ *pAnchor = anchor;
+ anchor = NULL;
+
+cleanup:
+
+ PKIX_DECREF(anchor);
+
+ PKIX_RETURN(TRUSTANCHOR);
+
+}
+
+/*
+ * FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_TrustAnchor_CreateWithNameKeyPair(
+ PKIX_PL_X500Name *name,
+ PKIX_PL_PublicKey *pubKey,
+ PKIX_PL_CertNameConstraints *nameConstraints,
+ PKIX_TrustAnchor **pAnchor,
+ void *plContext)
+{
+ PKIX_TrustAnchor *anchor = NULL;
+
+ PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithNameKeyPair");
+
+#ifndef BUILD_LIBPKIX_TESTS
+ /* Nss creates trust anchors by using PKIX_TrustAnchor_CreateWithCert
+ * function as the complete trusted cert structure, and not only cert
+ * public key, is required for chain building and validation processes.
+ * Restricting this function for been used only in libpkix unit
+ * tests. */
+ PKIX_ERROR(PKIX_FUNCTIONMUSTNOTBEUSED);
+#endif
+
+ PKIX_NULLCHECK_THREE(name, pubKey, pAnchor);
+
+ PKIX_CHECK(PKIX_PL_Object_Alloc
+ (PKIX_TRUSTANCHOR_TYPE,
+ sizeof (PKIX_TrustAnchor),
+ (PKIX_PL_Object **)&anchor,
+ plContext),
+ PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
+
+ /* initialize fields */
+ anchor->trustedCert = NULL;
+
+ PKIX_INCREF(name);
+ anchor->caName = name;
+
+ PKIX_INCREF(pubKey);
+ anchor->caPubKey = pubKey;
+
+ PKIX_INCREF(nameConstraints);
+ anchor->nameConstraints = nameConstraints;
+
+ *pAnchor = anchor;
+ anchor = NULL;
+cleanup:
+
+ PKIX_DECREF(anchor);
+
+ PKIX_RETURN(TRUSTANCHOR);
+}
+
+/*
+ * FUNCTION: PKIX_TrustAnchor_GetTrustedCert (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_TrustAnchor_GetTrustedCert(
+ PKIX_TrustAnchor *anchor,
+ PKIX_PL_Cert **pCert,
+ void *plContext)
+{
+ PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetTrustedCert");
+ PKIX_NULLCHECK_TWO(anchor, pCert);
+
+ PKIX_INCREF(anchor->trustedCert);
+
+ *pCert = anchor->trustedCert;
+
+cleanup:
+ PKIX_RETURN(TRUSTANCHOR);
+
+}
+
+/*
+ * FUNCTION: PKIX_TrustAnchor_GetCAName (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_TrustAnchor_GetCAName(
+ PKIX_TrustAnchor *anchor,
+ PKIX_PL_X500Name **pCAName,
+ void *plContext)
+{
+ PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetCAName");
+ PKIX_NULLCHECK_TWO(anchor, pCAName);
+
+ PKIX_INCREF(anchor->caName);
+
+ *pCAName = anchor->caName;
+
+cleanup:
+ PKIX_RETURN(TRUSTANCHOR);
+
+}
+
+/*
+ * FUNCTION: PKIX_TrustAnchor_GetCAPublicKey (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_TrustAnchor_GetCAPublicKey(
+ PKIX_TrustAnchor *anchor,
+ PKIX_PL_PublicKey **pPubKey,
+ void *plContext)
+{
+ PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetCAPublicKey");
+ PKIX_NULLCHECK_TWO(anchor, pPubKey);
+
+ PKIX_INCREF(anchor->caPubKey);
+
+ *pPubKey = anchor->caPubKey;
+
+cleanup:
+ PKIX_RETURN(TRUSTANCHOR);
+}
+
+/*
+ * FUNCTION: PKIX_TrustAnchor_GetNameConstraints
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_TrustAnchor_GetNameConstraints(
+ PKIX_TrustAnchor *anchor,
+ PKIX_PL_CertNameConstraints **pNameConstraints,
+ void *plContext)
+{
+ PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetNameConstraints");
+ PKIX_NULLCHECK_TWO(anchor, pNameConstraints);
+
+ PKIX_INCREF(anchor->nameConstraints);
+
+ *pNameConstraints = anchor->nameConstraints;
+
+cleanup:
+ PKIX_RETURN(TRUSTANCHOR);
+}
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.h b/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.h
new file mode 100644
index 0000000000..e3ceb7fd33
--- /dev/null
+++ b/security/nss/lib/libpkix/pkix/params/pkix_trustanchor.h
@@ -0,0 +1,35 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_trustanchor.h
+ *
+ * TrustAnchor Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_TRUSTANCHOR_H
+#define _PKIX_TRUSTANCHOR_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_TrustAnchorStruct {
+ PKIX_PL_Cert *trustedCert;
+ PKIX_PL_X500Name *caName;
+ PKIX_PL_PublicKey *caPubKey;
+ PKIX_PL_CertNameConstraints *nameConstraints;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_TrustAnchor_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_TRUSTANCHOR_H */
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_valparams.c b/security/nss/lib/libpkix/pkix/params/pkix_valparams.c
new file mode 100644
index 0000000000..83c3d2b08f
--- /dev/null
+++ b/security/nss/lib/libpkix/pkix/params/pkix_valparams.c
@@ -0,0 +1,335 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_valparams.c
+ *
+ * Validate Params Object Functions
+ *
+ */
+
+#include "pkix_valparams.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_ValidateParams_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ValidateParams_Destroy(
+ PKIX_PL_Object *object,
+ void *plContext)
+{
+ PKIX_ValidateParams *params = NULL;
+
+ PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_Destroy");
+ PKIX_NULLCHECK_ONE(object);
+
+ /* Check that this object is a validate params object */
+ PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATEPARAMS_TYPE, plContext),
+ PKIX_OBJECTNOTVALIDATEPARAMS);
+
+ params = (PKIX_ValidateParams *)object;
+
+ PKIX_DECREF(params->procParams);
+ PKIX_DECREF(params->chain);
+
+cleanup:
+
+ PKIX_RETURN(VALIDATEPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ValidateParams_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ValidateParams_Equals(
+ PKIX_PL_Object *first,
+ PKIX_PL_Object *second,
+ PKIX_Boolean *pResult,
+ void *plContext)
+{
+ PKIX_UInt32 secondType;
+ PKIX_Boolean cmpResult;
+ PKIX_ValidateParams *firstValParams = NULL;
+ PKIX_ValidateParams *secondValParams = NULL;
+
+ PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_Equals");
+ PKIX_NULLCHECK_THREE(first, second, pResult);
+
+ PKIX_CHECK(pkix_CheckType(first, PKIX_VALIDATEPARAMS_TYPE, plContext),
+ PKIX_FIRSTOBJECTNOTVALIDATEPARAMS);
+
+ PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
+ PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+
+ *pResult = PKIX_FALSE;
+
+ if (secondType != PKIX_VALIDATEPARAMS_TYPE) goto cleanup;
+
+ firstValParams = (PKIX_ValidateParams *)first;
+ secondValParams = (PKIX_ValidateParams *)second;
+
+ PKIX_CHECK(PKIX_PL_Object_Equals
+ ((PKIX_PL_Object *)firstValParams->procParams,
+ (PKIX_PL_Object *)secondValParams->procParams,
+ &cmpResult,
+ plContext),
+ PKIX_OBJECTEQUALSFAILED);
+
+ if (!cmpResult) goto cleanup;
+
+ PKIX_CHECK(PKIX_PL_Object_Equals
+ ((PKIX_PL_Object *)firstValParams->chain,
+ (PKIX_PL_Object *)secondValParams->chain,
+ &cmpResult,
+ plContext),
+ PKIX_OBJECTEQUALSFAILED);
+
+ if (!cmpResult) goto cleanup;
+
+ *pResult = cmpResult;
+
+cleanup:
+
+ PKIX_RETURN(VALIDATEPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ValidateParams_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ValidateParams_Hashcode(
+ PKIX_PL_Object *object,
+ PKIX_UInt32 *pHashcode,
+ void *plContext)
+{
+ PKIX_ValidateParams *valParams = NULL;
+ PKIX_UInt32 hash = 0;
+ PKIX_UInt32 procParamsHash = 0;
+ PKIX_UInt32 chainHash = 0;
+
+ PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_Hashcode");
+ PKIX_NULLCHECK_TWO(object, pHashcode);
+
+ PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATEPARAMS_TYPE, plContext),
+ PKIX_OBJECTNOTVALIDATEPARAMS);
+
+ valParams = (PKIX_ValidateParams*)object;
+
+ PKIX_CHECK(PKIX_PL_Object_Hashcode
+ ((PKIX_PL_Object *)valParams->procParams,
+ &procParamsHash,
+ plContext),
+ PKIX_OBJECTHASHCODEFAILED);
+
+ PKIX_CHECK(PKIX_PL_Object_Hashcode
+ ((PKIX_PL_Object *)valParams->chain,
+ &chainHash,
+ plContext),
+ PKIX_OBJECTHASHCODEFAILED);
+
+ hash = 31 * procParamsHash + chainHash;
+
+ *pHashcode = hash;
+
+cleanup:
+
+ PKIX_RETURN(VALIDATEPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ValidateParams_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ValidateParams_ToString(
+ PKIX_PL_Object *object,
+ PKIX_PL_String **pString,
+ void *plContext)
+{
+ PKIX_ValidateParams *valParams = NULL;
+ char *asciiFormat = NULL;
+ PKIX_PL_String *formatString = NULL;
+ PKIX_PL_String *valParamsString = NULL;
+
+ PKIX_PL_String *procParamsString = NULL;
+ PKIX_PL_String *chainString = NULL;
+
+ PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_ToString");
+ PKIX_NULLCHECK_TWO(object, pString);
+
+ PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATEPARAMS_TYPE, plContext),
+ PKIX_OBJECTNOTVALIDATEPARAMS);
+
+ asciiFormat =
+ "[\n"
+ "\tProcessing Params: \n"
+ "\t********BEGIN PROCESSING PARAMS********\n"
+ "\t\t%s\n"
+ "\t********END PROCESSING PARAMS********\n"
+ "\tChain: \t\t%s\n"
+ "]\n";
+
+ PKIX_CHECK(PKIX_PL_String_Create
+ (PKIX_ESCASCII,
+ asciiFormat,
+ 0,
+ &formatString,
+ plContext),
+ PKIX_STRINGCREATEFAILED);
+
+ valParams = (PKIX_ValidateParams*)object;
+
+ PKIX_CHECK(PKIX_PL_Object_ToString
+ ((PKIX_PL_Object*)valParams->procParams,
+ &procParamsString,
+ plContext),
+ PKIX_OBJECTTOSTRINGFAILED);
+
+ PKIX_CHECK(PKIX_PL_Object_ToString
+ ((PKIX_PL_Object *)valParams->chain,
+ &chainString,
+ plContext),
+ PKIX_OBJECTTOSTRINGFAILED);
+
+ PKIX_CHECK(PKIX_PL_Sprintf
+ (&valParamsString,
+ plContext,
+ formatString,
+ procParamsString,
+ chainString),
+ PKIX_SPRINTFFAILED);
+
+ *pString = valParamsString;
+
+cleanup:
+
+ PKIX_DECREF(formatString);
+ PKIX_DECREF(procParamsString);
+ PKIX_DECREF(chainString);
+
+ PKIX_RETURN(VALIDATEPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ValidateParams_RegisterSelf
+ * DESCRIPTION:
+ * Registers PKIX_VALIDATEPARAMS_TYPE and its related functions with
+ * systemClasses[]
+ * THREAD SAFETY:
+ * Not Thread Safe - for performance and complexity reasons
+ *
+ * Since this function is only called by PKIX_PL_Initialize, which should
+ * only be called once, it is acceptable that this function is not
+ * thread-safe.
+ */
+PKIX_Error *
+pkix_ValidateParams_RegisterSelf(void *plContext)
+{
+
+ extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+ pkix_ClassTable_Entry entry;
+
+ PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_RegisterSelf");
+
+ entry.description = "ValidateParams";
+ entry.objCounter = 0;
+ entry.typeObjectSize = sizeof(PKIX_ValidateParams);
+ entry.destructor = pkix_ValidateParams_Destroy;
+ entry.equalsFunction = pkix_ValidateParams_Equals;
+ entry.hashcodeFunction = pkix_ValidateParams_Hashcode;
+ entry.toStringFunction = pkix_ValidateParams_ToString;
+ entry.comparator = NULL;
+ entry.duplicateFunction = NULL;
+
+ systemClasses[PKIX_VALIDATEPARAMS_TYPE] = entry;
+
+ PKIX_RETURN(VALIDATEPARAMS);
+}
+
+/* --Public-Functions--------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_ValidateParams_Create (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ValidateParams_Create(
+ PKIX_ProcessingParams *procParams,
+ PKIX_List *chain,
+ PKIX_ValidateParams **pParams,
+ void *plContext)
+{
+ PKIX_ValidateParams *params = NULL;
+
+ PKIX_ENTER(VALIDATEPARAMS, "PKIX_ValidateParams_Create");
+ PKIX_NULLCHECK_THREE(procParams, chain, pParams);
+
+ PKIX_CHECK(PKIX_PL_Object_Alloc
+ (PKIX_VALIDATEPARAMS_TYPE,
+ sizeof (PKIX_ValidateParams),
+ (PKIX_PL_Object **)&params,
+ plContext),
+ PKIX_COULDNOTCREATEVALIDATEPARAMSOBJECT);
+
+ /* initialize fields */
+ PKIX_INCREF(procParams);
+ params->procParams = procParams;
+
+ PKIX_INCREF(chain);
+ params->chain = chain;
+
+ *pParams = params;
+ params = NULL;
+
+cleanup:
+
+ PKIX_DECREF(params);
+
+ PKIX_RETURN(VALIDATEPARAMS);
+
+}
+
+/*
+ * FUNCTION: PKIX_ValidateParams_GetProcessingParams
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ValidateParams_GetProcessingParams(
+ PKIX_ValidateParams *valParams,
+ PKIX_ProcessingParams **pProcParams,
+ void *plContext)
+{
+ PKIX_ENTER(VALIDATEPARAMS, "PKIX_ValidateParams_GetProcessingParams");
+ PKIX_NULLCHECK_TWO(valParams, pProcParams);
+
+ PKIX_INCREF(valParams->procParams);
+
+ *pProcParams = valParams->procParams;
+
+cleanup:
+ PKIX_RETURN(VALIDATEPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ValidateParams_GetCertChain (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ValidateParams_GetCertChain(
+ PKIX_ValidateParams *valParams,
+ PKIX_List **pChain,
+ void *plContext)
+{
+ PKIX_ENTER(VALIDATEPARAMS, "PKIX_ValidateParams_GetCertChain");
+ PKIX_NULLCHECK_TWO(valParams, pChain);
+
+ PKIX_INCREF(valParams->chain);
+
+ *pChain = valParams->chain;
+
+cleanup:
+ PKIX_RETURN(VALIDATEPARAMS);
+}
diff --git a/security/nss/lib/libpkix/pkix/params/pkix_valparams.h b/security/nss/lib/libpkix/pkix/params/pkix_valparams.h
new file mode 100644
index 0000000000..93b754f712
--- /dev/null
+++ b/security/nss/lib/libpkix/pkix/params/pkix_valparams.h
@@ -0,0 +1,33 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_valparams.h
+ *
+ * ValidateParams Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_VALIDATEPARAMS_H
+#define _PKIX_VALIDATEPARAMS_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_ValidateParamsStruct {
+ PKIX_ProcessingParams *procParams; /* Never NULL */
+ PKIX_List *chain; /* Never NULL */
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_ValidateParams_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_VALIDATEPARAMS_H */