mozilla/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c - Issue 14249009: Change the NSS and NSPR source tree to the new directory structure to be

Unified Diff: mozilla/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c

Issue 14249009: Change the NSS and NSPR source tree to the new directory structure to be (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/

Patch Set: Created 7 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « mozilla/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.h ('k') | mozilla/security/nss/lib/libpkix/pkix/params/pkix_procparams.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: mozilla/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c

===================================================================

--- mozilla/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c (revision 191424)

+++ mozilla/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c (working copy)

@@ -1,870 +0,0 @@

-/* This Source Code Form is subject to the terms of the Mozilla Public

- * License, v. 2.0. If a copy of the MPL was not distributed with this

- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

-/*

- * pkix_crlselector.c

- *

- * CRLSelector Function Definitions

- *

- */

-#include "pkix_crlselector.h"

-/* --CRLSelector Private-Functions-------------------------------------- */

-/*

- * FUNCTION: pkix_CRLSelector_Destroy

- * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)

- */

-static PKIX_Error *

-pkix_CRLSelector_Destroy(

- PKIX_PL_Object *object,

- void *plContext)

- PKIX_CRLSelector *selector = NULL;

- PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Destroy");

- PKIX_NULLCHECK_ONE(object);

- PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext),

- PKIX_OBJECTNOTCRLSELECTOR);

- selector = (PKIX_CRLSelector *)object;

- selector->matchCallback = NULL;

- PKIX_DECREF(selector->params);

- PKIX_DECREF(selector->context);

-cleanup:

- PKIX_RETURN(CRLSELECTOR);

-/*

- * FUNCTION: pkix_CRLSelector_ToString_Helper

- *

- * DESCRIPTION:

- * Helper function that creates a string representation of CRLSelector

- * pointed to by "crlParams" and stores its address in the object pointed to

- * by "pString".

- *

- * PARAMETERS

- * "list"

- * Address of CRLSelector whose string representation is desired.

- * Must be non-NULL.

- * "pString"

- * Address of object pointer's destination. Must be non-NULL.

- * "plContext" - Platform-specific context pointer.

- *

- * THREAD SAFETY:

- * Conditionally Thread Safe

- * (see Thread Safety Definitions in Programmer's Guide)

- *

- * RETURNS:

- * Returns NULL if the function succeeds.

- * Returns a CRLSelector Error if the function fails in a non-fatal way.

- * Returns a Fatal Error if the function fails in an unrecoverable way.

- */

-static PKIX_Error *

-pkix_CRLSelector_ToString_Helper(

- PKIX_CRLSelector *crlSelector,

- PKIX_PL_String **pString,

- void *plContext)

- PKIX_PL_String *crlSelectorString = NULL;

- PKIX_PL_String *formatString = NULL;

- PKIX_PL_String *crlParamsString = NULL;

- PKIX_PL_String *crlContextString = NULL;

- char *asciiFormat = NULL;

- PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_ToString_Helper");

- PKIX_NULLCHECK_TWO(crlSelector, pString);

- PKIX_NULLCHECK_ONE(crlSelector->params);

- asciiFormat =

- "\n\t[\n"

- "\tMatchCallback: 0x%x\n"

- "\tParams: %s\n"

- "\tContext: %s\n"

- "\t]\n";

- PKIX_CHECK(PKIX_PL_String_Create

- (PKIX_ESCASCII,

- asciiFormat,

- 0,

- &formatString,

- plContext),

- PKIX_STRINGCREATEFAILED);

- /* Params */

- PKIX_TOSTRING

- ((PKIX_PL_Object *)crlSelector->params,

- &crlParamsString,

- plContext,

- PKIX_COMCRLSELPARAMSTOSTRINGFAILED);

- /* Context */

- PKIX_TOSTRING(crlSelector->context, &crlContextString, plContext,

- PKIX_LISTTOSTRINGFAILED);

- PKIX_CHECK(PKIX_PL_Sprintf

- (&crlSelectorString,

- plContext,

- formatString,

- crlSelector->matchCallback,

- crlParamsString,

- crlContextString),

- PKIX_SPRINTFFAILED);

- *pString = crlSelectorString;

-cleanup:

- PKIX_DECREF(crlParamsString);

- PKIX_DECREF(crlContextString);

- PKIX_DECREF(formatString);

- PKIX_RETURN(CRLSELECTOR);

-/*

- * FUNCTION: pkix_CRLSelector_ToString

- * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)

- */

-static PKIX_Error *

-pkix_CRLSelector_ToString(

- PKIX_PL_Object *object,

- PKIX_PL_String **pString,

- void *plContext)

- PKIX_PL_String *crlSelectorString = NULL;

- PKIX_CRLSelector *crlSelector = NULL;

- PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_ToString");

- PKIX_NULLCHECK_TWO(object, pString);

- PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext),

- PKIX_OBJECTNOTCRLSELECTOR);

- crlSelector = (PKIX_CRLSelector *) object;

- PKIX_CHECK(pkix_CRLSelector_ToString_Helper

- (crlSelector, &crlSelectorString, plContext),

- PKIX_CRLSELECTORTOSTRINGHELPERFAILED);

- *pString = crlSelectorString;

-cleanup:

- PKIX_RETURN(CRLSELECTOR);

-/*

- * FUNCTION: pkix_CRLSelector_Hashcode

- * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)

- */

-static PKIX_Error *

-pkix_CRLSelector_Hashcode(

- PKIX_PL_Object *object,

- PKIX_UInt32 *pHashcode,

- void *plContext)

- PKIX_UInt32 paramsHash = 0;

- PKIX_UInt32 contextHash = 0;

- PKIX_UInt32 hash = 0;

- PKIX_CRLSelector *crlSelector = NULL;

- PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Hashcode");

- PKIX_NULLCHECK_TWO(object, pHashcode);

- PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext),

- PKIX_OBJECTNOTCRLSELECTOR);

- crlSelector = (PKIX_CRLSelector *)object;

- PKIX_HASHCODE(crlSelector->params, &paramsHash, plContext,

- PKIX_OBJECTHASHCODEFAILED);

- PKIX_HASHCODE(crlSelector->context, &contextHash, plContext,

- PKIX_OBJECTHASHCODEFAILED);

- hash = 31 * ((PKIX_UInt32)crlSelector->matchCallback +

- (contextHash << 3)) + paramsHash;

- *pHashcode = hash;

-cleanup:

- PKIX_RETURN(CRLSELECTOR);

-/*

- * FUNCTION: pkix_CRLSelector_Equals

- * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)

- */

-static PKIX_Error *

-pkix_CRLSelector_Equals(

- PKIX_PL_Object *firstObject,

- PKIX_PL_Object *secondObject,

- PKIX_Boolean *pResult,

- void *plContext)

- PKIX_CRLSelector *firstCrlSelector = NULL;

- PKIX_CRLSelector *secondCrlSelector = NULL;

- PKIX_UInt32 secondType;

- PKIX_Boolean cmpResult = PKIX_FALSE;

- PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Equals");

- PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);

- /* test that firstObject is a CRLSelector */

- PKIX_CHECK(pkix_CheckType

- (firstObject, PKIX_CRLSELECTOR_TYPE, plContext),

- PKIX_FIRSTOBJECTNOTCRLSELECTOR);

- firstCrlSelector = (PKIX_CRLSelector *)firstObject;

- secondCrlSelector = (PKIX_CRLSelector *)secondObject;

- /*

- * Since we know firstObject is a CRLSelector, if both references are

- * identical, they must be equal

- */

- if (firstCrlSelector == secondCrlSelector){

- *pResult = PKIX_TRUE;

- goto cleanup;

- }

- /*

- * If secondCRLSelector isn't a CRLSelector, we don't throw an error.

- * We simply return a Boolean result of FALSE

- */

- *pResult = PKIX_FALSE;

- PKIX_CHECK(PKIX_PL_Object_GetType

- ((PKIX_PL_Object *)secondCrlSelector,

- &secondType,

- plContext),

- PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);

- if (secondType != PKIX_CRLSELECTOR_TYPE) {

- goto cleanup;

- }

- /* Compare MatchCallback address */

- cmpResult = (firstCrlSelector->matchCallback ==

- secondCrlSelector->matchCallback);

- if (cmpResult == PKIX_FALSE) {

- goto cleanup;

- }

- /* Compare Common CRL Selector Params */

- PKIX_EQUALS

- (firstCrlSelector->params,

- secondCrlSelector->params,

- &cmpResult,

- plContext,

- PKIX_COMCRLSELPARAMSEQUALSFAILED);

- if (cmpResult == PKIX_FALSE) {

- goto cleanup;

- }

- /* Compare Context */

- PKIX_EQUALS

- (firstCrlSelector->context,

- secondCrlSelector->context,

- &cmpResult,

- plContext,

- PKIX_COMCRLSELPARAMSEQUALSFAILED);

- *pResult = cmpResult;

-cleanup:

- PKIX_RETURN(CRLSELECTOR);

-/*

- * FUNCTION: pkix_CRLSelector_Duplicate

- * (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h)

- */

-static PKIX_Error *

-pkix_CRLSelector_Duplicate(

- PKIX_PL_Object *object,

- PKIX_PL_Object **pNewObject,

- void *plContext)

- PKIX_CRLSelector *old;

- PKIX_CRLSelector *new = NULL;

- PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Duplicate");

- PKIX_NULLCHECK_TWO(object, pNewObject);

- PKIX_CHECK(pkix_CheckType

- (object, PKIX_CRLSELECTOR_TYPE, plContext),

- PKIX_OBJECTNOTCRLSELECTOR);

- old = (PKIX_CRLSelector *)object;

- PKIX_CHECK(PKIX_PL_Object_Alloc

- (PKIX_CRLSELECTOR_TYPE,

- (PKIX_UInt32)(sizeof (PKIX_CRLSelector)),

- (PKIX_PL_Object **)&new,

- plContext),

- PKIX_CREATECRLSELECTORDUPLICATEOBJECTFAILED);

- new->matchCallback = old->matchCallback;

- PKIX_DUPLICATE(old->params, &new->params, plContext,

- PKIX_OBJECTDUPLICATEPARAMSFAILED);

- PKIX_DUPLICATE(old->context, &new->context, plContext,

- PKIX_OBJECTDUPLICATECONTEXTFAILED);

- *pNewObject = (PKIX_PL_Object *)new;

-cleanup:

- if (PKIX_ERROR_RECEIVED){

- PKIX_DECREF(new);

- }

- PKIX_RETURN(CRLSELECTOR);

-/*

- * FUNCTION: pkix_CRLSelector_DefaultMatch

- *

- * DESCRIPTION:

- * This function compares the parameter values (Issuer, date, and CRL number)

- * set in the ComCRLSelParams of the CRLSelector pointed to by "selector" with

- * the corresponding values in the CRL pointed to by "crl". When all the

- * criteria set in the parameter values match the values in "crl", PKIX_TRUE is

- * stored at "pMatch". If the CRL does not match the CRLSelector's criteria,

- * PKIX_FALSE is stored at "pMatch".

- *

- * PARAMETERS

- * "selector"

- * Address of CRLSelector which is verified for a match

- * Must be non-NULL.

- * "crl"

- * Address of the CRL object to be verified. Must be non-NULL.

- * "pMatch"

- * Address at which Boolean result is stored. Must be non-NULL.

- * "plContext"

- * Platform-specific context pointer.

- *

- * THREAD SAFETY:

- * Conditionally Thread Safe

- * (see Thread Safety Definitions in Programmer's Guide)

- *

- * RETURNS:

- * Returns NULL if the function succeeds.

- * Returns a CRLSelector Error if the function fails in a non-fatal way.

- * Returns a Fatal Error if the function fails in an unrecoverable way.

- */

-static PKIX_Error *

-pkix_CRLSelector_DefaultMatch(

- PKIX_CRLSelector *selector,

- PKIX_PL_CRL *crl,

- PKIX_Boolean *pMatch,

- void *plContext)

- PKIX_ComCRLSelParams *params = NULL;

- PKIX_PL_X500Name *crlIssuerName = NULL;

- PKIX_PL_X500Name *issuerName = NULL;

- PKIX_List *selIssuerNames = NULL;

- PKIX_PL_Date *selDate = NULL;

- PKIX_Boolean result = PKIX_TRUE;

- PKIX_UInt32 numIssuers = 0;

- PKIX_UInt32 i;

- PKIX_PL_BigInt *minCRLNumber = NULL;

- PKIX_PL_BigInt *maxCRLNumber = NULL;

- PKIX_PL_BigInt *crlNumber = NULL;

- PKIX_Boolean nistPolicyEnabled = PKIX_FALSE;

- PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_DefaultMatch");

- PKIX_NULLCHECK_TWO(selector, crl);

- *pMatch = PKIX_TRUE;

- params = selector->params;

- /* No matching parameter provided, just a match */

- if (params == NULL) {

- goto cleanup;

- }

- PKIX_CHECK(PKIX_ComCRLSelParams_GetIssuerNames

- (params, &selIssuerNames, plContext),

- PKIX_COMCRLSELPARAMSGETISSUERNAMESFAILED);

- /* Check for Issuers */

- if (selIssuerNames != NULL){

- result = PKIX_FALSE;

- PKIX_CHECK(PKIX_PL_CRL_GetIssuer

- (crl, &crlIssuerName, plContext),

- PKIX_CRLGETISSUERFAILED);

- PKIX_CHECK(PKIX_List_GetLength

- (selIssuerNames, &numIssuers, plContext),

- PKIX_LISTGETLENGTHFAILED);

- for (i = 0; i < numIssuers; i++){

- PKIX_CHECK(PKIX_List_GetItem

- (selIssuerNames,

- i,

- (PKIX_PL_Object **)&issuerName,

- plContext),

- PKIX_LISTGETITEMFAILED);

- PKIX_CHECK(PKIX_PL_X500Name_Match

- (crlIssuerName,

- issuerName,

- &result,

- plContext),

- PKIX_X500NAMEMATCHFAILED);

- PKIX_DECREF(issuerName);

- if (result == PKIX_TRUE) {

- break;

- }

- if (result == PKIX_FALSE) {

- PKIX_CRLSELECTOR_DEBUG("Issuer Match Failed\N");

- *pMatch = PKIX_FALSE;

- goto cleanup;

- }

- PKIX_CHECK(PKIX_ComCRLSelParams_GetDateAndTime

- (params, &selDate, plContext),

- PKIX_COMCRLSELPARAMSGETDATEANDTIMEFAILED);

- /* Check for Date */

- if (selDate != NULL){

- PKIX_CHECK(PKIX_ComCRLSelParams_GetNISTPolicyEnabled

- (params, &nistPolicyEnabled, plContext),

- PKIX_COMCRLSELPARAMSGETNISTPOLICYENABLEDFAILED);

- /* check crl dates only for if NIST policies enforced */

- if (nistPolicyEnabled) {

- result = PKIX_FALSE;

- PKIX_CHECK(PKIX_PL_CRL_VerifyUpdateTime

- (crl, selDate, &result, plContext),

- PKIX_CRLVERIFYUPDATETIMEFAILED);

- if (result == PKIX_FALSE) {

- *pMatch = PKIX_FALSE;

- goto cleanup;

- }

- /* Check for CRL number in range */

- PKIX_CHECK(PKIX_PL_CRL_GetCRLNumber(crl, &crlNumber, plContext),

- PKIX_CRLGETCRLNUMBERFAILED);

- if (crlNumber != NULL) {

- result = PKIX_FALSE;

- PKIX_CHECK(PKIX_ComCRLSelParams_GetMinCRLNumber

- (params, &minCRLNumber, plContext),

- PKIX_COMCRLSELPARAMSGETMINCRLNUMBERFAILED);

- if (minCRLNumber != NULL) {

- PKIX_CHECK(PKIX_PL_Object_Compare

- ((PKIX_PL_Object *)minCRLNumber,

- (PKIX_PL_Object *)crlNumber,

- &result,

- plContext),

- PKIX_OBJECTCOMPARATORFAILED);

- if (result == 1) {

- PKIX_CRLSELECTOR_DEBUG

- ("CRL MinNumber Range Match Failed\n");

- *pMatch = PKIX_FALSE;

- goto cleanup;

- }

- PKIX_CHECK(PKIX_ComCRLSelParams_GetMaxCRLNumber

- (params, &maxCRLNumber, plContext),

- PKIX_COMCRLSELPARAMSGETMAXCRLNUMBERFAILED);

- if (maxCRLNumber != NULL) {

- PKIX_CHECK(PKIX_PL_Object_Compare

- ((PKIX_PL_Object *)crlNumber,

- (PKIX_PL_Object *)maxCRLNumber,

- &result,

- plContext),

- PKIX_OBJECTCOMPARATORFAILED);

- if (result == 1) {

- PKIX_CRLSELECTOR_DEBUG

- (PKIX_CRLMAXNUMBERRANGEMATCHFAILED);

- *pMatch = PKIX_FALSE;

- goto cleanup;

- }

-cleanup:

- PKIX_DECREF(selIssuerNames);

- PKIX_DECREF(selDate);

- PKIX_DECREF(crlIssuerName);

- PKIX_DECREF(issuerName);

- PKIX_DECREF(crlNumber);

- PKIX_DECREF(minCRLNumber);

- PKIX_DECREF(maxCRLNumber);

- PKIX_RETURN(CRLSELECTOR);

-/*

- * FUNCTION: pkix_CRLSelector_RegisterSelf

- * DESCRIPTION:

- * Registers PKIX_CRLSELECTOR_TYPE and its related functions with

- * systemClasses[]

- * THREAD SAFETY:

- * Not Thread Safe - for performance and complexity reasons

- *

- * Since this function is only called by PKIX_PL_Initialize, which should

- * only be called once, it is acceptable that this function is not

- * thread-safe.

- */

-PKIX_Error *

-pkix_CRLSelector_RegisterSelf(void *plContext)

- extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];

- pkix_ClassTable_Entry entry;

- PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_RegisterSelf");

- entry.description = "CRLSelector";

- entry.objCounter = 0;

- entry.typeObjectSize = sizeof(PKIX_CRLSelector);

- entry.destructor = pkix_CRLSelector_Destroy;

- entry.equalsFunction = pkix_CRLSelector_Equals;

- entry.hashcodeFunction = pkix_CRLSelector_Hashcode;

- entry.toStringFunction = pkix_CRLSelector_ToString;

- entry.comparator = NULL;

- entry.duplicateFunction = pkix_CRLSelector_Duplicate;

- systemClasses[PKIX_CRLSELECTOR_TYPE] = entry;

- PKIX_RETURN(CRLSELECTOR);

-/* --CRLSelector-Public-Functions---------------------------------------- */

-PKIX_Error *

-pkix_CRLSelector_Create(

- PKIX_CRLSelector_MatchCallback callback,

- PKIX_PL_Object *crlSelectorContext,

- PKIX_CRLSelector **pSelector,

- void *plContext)

- PKIX_CRLSelector *selector = NULL;

- PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_Create");

- PKIX_NULLCHECK_ONE(pSelector);

- PKIX_CHECK(PKIX_PL_Object_Alloc

- (PKIX_CRLSELECTOR_TYPE,

- sizeof (PKIX_CRLSelector),

- (PKIX_PL_Object **)&selector,

- plContext),

- PKIX_COULDNOTCREATECRLSELECTOROBJECT);

- /*

- * if user specified a particular match callback, we use that one.

- * otherwise, we use the default match provided.

- */

- if (callback != NULL){

- selector->matchCallback = callback;

- } else {

- selector->matchCallback = pkix_CRLSelector_DefaultMatch;

- }

- /* initialize other fields */

- selector->params = NULL;

- PKIX_INCREF(crlSelectorContext);

- selector->context = crlSelectorContext;

- *pSelector = selector;

- selector = NULL;

-cleanup:

- PKIX_DECREF(selector);

- PKIX_RETURN(CRLSELECTOR);

-/*

- * FUNCTION: PKIX_CRLSelector_Create (see comments in pkix_crlsel.h)

- */

-PKIX_Error *

-PKIX_CRLSelector_Create(

- PKIX_PL_Cert *issuer,

- PKIX_List *crldpList,

- PKIX_PL_Date *date,

- PKIX_CRLSelector **pCrlSelector,

- void *plContext)

- PKIX_PL_X500Name *issuerName = NULL;

- PKIX_PL_Date *nowDate = NULL;

- PKIX_ComCRLSelParams *comCrlSelParams = NULL;

- PKIX_CRLSelector *crlSelector = NULL;

- PKIX_ENTER(CERTCHAINCHECKER, "PKIX_CrlSelector_Create");

- PKIX_NULLCHECK_ONE(issuer);

- PKIX_CHECK(

- PKIX_PL_Cert_GetSubject(issuer, &issuerName, plContext),

- PKIX_CERTGETISSUERFAILED);

- if (date != NULL) {

- PKIX_INCREF(date);

- nowDate = date;

- } else {

- PKIX_CHECK(

- PKIX_PL_Date_Create_UTCTime(NULL, &nowDate, plContext),

- PKIX_DATECREATEUTCTIMEFAILED);

- }

- PKIX_CHECK(

- PKIX_ComCRLSelParams_Create(&comCrlSelParams, plContext),

- PKIX_COMCRLSELPARAMSCREATEFAILED);

- PKIX_CHECK(

- PKIX_ComCRLSelParams_AddIssuerName(comCrlSelParams, issuerName,

- plContext),

- PKIX_COMCRLSELPARAMSADDISSUERNAMEFAILED);

- PKIX_CHECK(

- PKIX_ComCRLSelParams_SetCrlDp(comCrlSelParams, crldpList,

- plContext),

- PKIX_COMCRLSELPARAMSSETCERTFAILED);

- PKIX_CHECK(

- PKIX_ComCRLSelParams_SetDateAndTime(comCrlSelParams, nowDate,

- plContext),

- PKIX_COMCRLSELPARAMSSETDATEANDTIMEFAILED);

- PKIX_CHECK(

- pkix_CRLSelector_Create(NULL, NULL, &crlSelector, plContext),

- PKIX_CRLSELECTORCREATEFAILED);

- PKIX_CHECK(

- PKIX_CRLSelector_SetCommonCRLSelectorParams(crlSelector,

- comCrlSelParams,

- plContext),

- PKIX_CRLSELECTORSETCOMMONCRLSELECTORPARAMSFAILED);

- *pCrlSelector = crlSelector;

- crlSelector = NULL;

-cleanup:

- PKIX_DECREF(issuerName);

- PKIX_DECREF(nowDate);

- PKIX_DECREF(comCrlSelParams);

- PKIX_DECREF(crlSelector);

- PKIX_RETURN(CERTCHAINCHECKER);

-/*

- * FUNCTION: PKIX_CRLSelector_GetMatchCallback (see comments in pkix_crlsel.h)

- */

-PKIX_Error *

-PKIX_CRLSelector_GetMatchCallback(

- PKIX_CRLSelector *selector,

- PKIX_CRLSelector_MatchCallback *pCallback,

- void *plContext)

- PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetMatchCallback");

- PKIX_NULLCHECK_TWO(selector, pCallback);

- *pCallback = selector->matchCallback;

- PKIX_RETURN(CRLSELECTOR);

-/*

- * FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext

- * (see comments in pkix_crlsel.h)

- */

-PKIX_Error *

-PKIX_CRLSelector_GetCRLSelectorContext(

- PKIX_CRLSelector *selector,

- void **pCrlSelectorContext,

- void *plContext)

- PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetCRLSelectorContext");

- PKIX_NULLCHECK_TWO(selector, pCrlSelectorContext);

- PKIX_INCREF(selector->context);

- *pCrlSelectorContext = selector->context;

-cleanup:

- PKIX_RETURN(CRLSELECTOR);

-/*

- * FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams

- * (see comments in pkix_crlsel.h)

- */

-PKIX_Error *

-PKIX_CRLSelector_GetCommonCRLSelectorParams(

- PKIX_CRLSelector *selector,

- PKIX_ComCRLSelParams **pParams,

- void *plContext)

- PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetCommonCRLSelectorParams");

- PKIX_NULLCHECK_TWO(selector, pParams);

- PKIX_INCREF(selector->params);

- *pParams = selector->params;

-cleanup:

- PKIX_RETURN(CRLSELECTOR);

-/*

- * FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams

- * (see comments in pkix_crlsel.h)

- */

-PKIX_Error *

-PKIX_CRLSelector_SetCommonCRLSelectorParams(

- PKIX_CRLSelector *selector,

- PKIX_ComCRLSelParams *params,

- void *plContext)

- PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_SetCommonCRLSelectorParams");

- PKIX_NULLCHECK_TWO(selector, params);

- PKIX_DECREF(selector->params);

- PKIX_INCREF(params);

- selector->params = params;

- PKIX_CHECK(PKIX_PL_Object_InvalidateCache

- ((PKIX_PL_Object *)selector, plContext),

- PKIX_OBJECTINVALIDATECACHEFAILED);

-cleanup:

- PKIX_RETURN(CRLSELECTOR);

-/*

- * FUNCTION: pkix_CRLSelector_Select

- * DESCRIPTION:

- *

- * This function applies the selector pointed to by "selector" to each CRL,

- * in turn, in the List pointed to by "before", and creates a List containing

- * all the CRLs that matched, or passed the selection process, storing that

- * List at "pAfter". If no CRLs match, an empty List is stored at "pAfter".

- *

- * The List returned in "pAfter" is immutable.

- *

- * PARAMETERS:

- * "selector"

- * Address of CRLSelelector to be applied to the List. Must be non-NULL.

- * "before"

- * Address of List that is to be filtered. Must be non-NULL.

- * "pAfter"

- * Address at which resulting List, possibly empty, is stored. Must be

- * non-NULL.

- * "plContext"

- * Platform-specific context pointer.

- * THREAD SAFETY:

- * Thread Safe (see Thread Safety Definitions in Programmer's Guide)

- * RETURNS:

- * Returns NULL if the function succeeds.

- * Returns a CRLSelector Error if the function fails in a non-fatal way.

- * Returns a Fatal Error if the function fails in an unrecoverable way.

- */

-PKIX_Error *

-pkix_CRLSelector_Select(

- PKIX_CRLSelector *selector,

- PKIX_List *before,

- PKIX_List **pAfter,

- void *plContext)

- PKIX_Boolean match = PKIX_FALSE;

- PKIX_UInt32 numBefore = 0;

- PKIX_UInt32 i = 0;

- PKIX_List *filtered = NULL;

- PKIX_PL_CRL *candidate = NULL;

- PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_Select");

- PKIX_NULLCHECK_THREE(selector, before, pAfter);

- PKIX_CHECK(PKIX_List_Create(&filtered, plContext),

- PKIX_LISTCREATEFAILED);

- PKIX_CHECK(PKIX_List_GetLength(before, &numBefore, plContext),

- PKIX_LISTGETLENGTHFAILED);

- for (i = 0; i < numBefore; i++) {

- PKIX_CHECK(PKIX_List_GetItem

- (before, i, (PKIX_PL_Object **)&candidate, plContext),

- PKIX_LISTGETITEMFAILED);

- PKIX_CHECK_ONLY_FATAL(selector->matchCallback

- (selector, candidate, &match, plContext),

- PKIX_CRLSELECTORMATCHCALLBACKFAILED);

- if (!(PKIX_ERROR_RECEIVED) && match == PKIX_TRUE) {

- PKIX_CHECK_ONLY_FATAL(PKIX_List_AppendItem

- (filtered,

- (PKIX_PL_Object *)candidate,

- plContext),

- PKIX_LISTAPPENDITEMFAILED);

- }

- pkixTempErrorReceived = PKIX_FALSE;

- PKIX_DECREF(candidate);

- }

- PKIX_CHECK(PKIX_List_SetImmutable(filtered, plContext),

- PKIX_LISTSETIMMUTABLEFAILED);

- /* Don't throw away the list if one CRL was bad! */

- pkixTempErrorReceived = PKIX_FALSE;

- *pAfter = filtered;

- filtered = NULL;

-cleanup:

- PKIX_DECREF(filtered);

- PKIX_DECREF(candidate);

- PKIX_RETURN(CRLSELECTOR);