| Index: mozilla/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.c
|
| ===================================================================
|
| --- mozilla/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.c (revision 191424)
|
| +++ mozilla/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.c (working copy)
|
| @@ -1,880 +0,0 @@
|
| -/* This Source Code Form is subject to the terms of the Mozilla Public
|
| - * License, v. 2.0. If a copy of the MPL was not distributed with this
|
| - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
| -/*
|
| - * pkix_pl_crlentry.c
|
| - *
|
| - * CRLENTRY Function Definitions
|
| - *
|
| - */
|
| -
|
| -#include "pkix_pl_crlentry.h"
|
| -
|
| -/* --Private-CRLEntry-Functions------------------------------------- */
|
| -
|
| -/*
|
| - * FUNCTION: pkix_pl_CRLEntry_Destroy
|
| - * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
|
| - */
|
| -static PKIX_Error *
|
| -pkix_pl_CRLEntry_Destroy(
|
| - PKIX_PL_Object *object,
|
| - void *plContext)
|
| -{
|
| - PKIX_PL_CRLEntry *crlEntry = NULL;
|
| -
|
| - PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Destroy");
|
| - PKIX_NULLCHECK_ONE(object);
|
| -
|
| - PKIX_CHECK(pkix_CheckType(object, PKIX_CRLENTRY_TYPE, plContext),
|
| - PKIX_OBJECTNOTCRLENTRY);
|
| -
|
| - crlEntry = (PKIX_PL_CRLEntry*)object;
|
| -
|
| - /* crlEntry->nssCrlEntry is freed by NSS when freeing CRL */
|
| - crlEntry->userReasonCode = 0;
|
| - crlEntry->userReasonCodeAbsent = PKIX_FALSE;
|
| - crlEntry->nssCrlEntry = NULL;
|
| - PKIX_DECREF(crlEntry->serialNumber);
|
| - PKIX_DECREF(crlEntry->critExtOids);
|
| -
|
| -cleanup:
|
| -
|
| - PKIX_RETURN(CRLENTRY);
|
| -}
|
| -
|
| -/*
|
| - * FUNCTION: pkix_pl_CRLEntry_ToString_Helper
|
| - *
|
| - * DESCRIPTION:
|
| - * Helper function that creates a string representation of the CRLEntry
|
| - * pointed to by "crlEntry" and stores it at "pString".
|
| - *
|
| - * PARAMETERS
|
| - * "crlEntry"
|
| - * Address of CRLEntry whose string representation is desired.
|
| - * Must be non-NULL.
|
| - * "pString"
|
| - * Address where object pointer will be stored. Must be non-NULL.
|
| - * "plContext"
|
| - * Platform-specific context pointer.
|
| - * THREAD SAFETY:
|
| - * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
| - * RETURNS:
|
| - * Returns NULL if the function succeeds.
|
| - * Returns a CRLEntry Error if the function fails in a non-fatal way.
|
| - * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| - */
|
| -PKIX_Error *
|
| -pkix_pl_CRLEntry_ToString_Helper(
|
| - PKIX_PL_CRLEntry *crlEntry,
|
| - PKIX_PL_String **pString,
|
| - void *plContext)
|
| -{
|
| - char *asciiFormat = NULL;
|
| - PKIX_List *critExtOIDs = NULL;
|
| - PKIX_PL_String *crlEntryString = NULL;
|
| - PKIX_PL_String *formatString = NULL;
|
| - PKIX_PL_String *crlSerialNumberString = NULL;
|
| - PKIX_PL_String *crlRevocationDateString = NULL;
|
| - PKIX_PL_String *critExtOIDsString = NULL;
|
| - PKIX_Int32 reasonCode = 0;
|
| -
|
| - PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_ToString_Helper");
|
| - PKIX_NULLCHECK_FOUR
|
| - (crlEntry,
|
| - crlEntry->serialNumber,
|
| - crlEntry->nssCrlEntry,
|
| - pString);
|
| -
|
| - asciiFormat =
|
| - "\n\t[\n"
|
| - "\tSerialNumber: %s\n"
|
| - "\tReasonCode: %d\n"
|
| - "\tRevocationDate: %s\n"
|
| - "\tCritExtOIDs: %s\n"
|
| - "\t]\n\t";
|
| -
|
| - PKIX_CHECK(PKIX_PL_String_Create
|
| - (PKIX_ESCASCII,
|
| - asciiFormat,
|
| - 0,
|
| - &formatString,
|
| - plContext),
|
| - PKIX_STRINGCREATEFAILED);
|
| -
|
| - /* SerialNumber */
|
| - PKIX_CHECK(PKIX_PL_Object_ToString
|
| - ((PKIX_PL_Object *)crlEntry->serialNumber,
|
| - &crlSerialNumberString,
|
| - plContext),
|
| - PKIX_BIGINTTOSTRINGHELPERFAILED);
|
| -
|
| - /* RevocationDate - No Date object created, use nss data directly */
|
| - PKIX_CHECK(pkix_pl_Date_ToString_Helper
|
| - (&(crlEntry->nssCrlEntry->revocationDate),
|
| - &crlRevocationDateString,
|
| - plContext),
|
| - PKIX_DATETOSTRINGHELPERFAILED);
|
| -
|
| - /* CriticalExtensionOIDs */
|
| - PKIX_CHECK(PKIX_PL_CRLEntry_GetCriticalExtensionOIDs
|
| - (crlEntry, &critExtOIDs, plContext),
|
| - PKIX_CRLENTRYGETCRITICALEXTENSIONOIDSFAILED);
|
| -
|
| - PKIX_TOSTRING(critExtOIDs, &critExtOIDsString, plContext,
|
| - PKIX_LISTTOSTRINGFAILED);
|
| -
|
| - /* Revocation Reason Code */
|
| - PKIX_CHECK(PKIX_PL_CRLEntry_GetCRLEntryReasonCode
|
| - (crlEntry, &reasonCode, plContext),
|
| - PKIX_CRLENTRYGETCRLENTRYREASONCODEFAILED);
|
| -
|
| - PKIX_CHECK(PKIX_PL_Sprintf
|
| - (&crlEntryString,
|
| - plContext,
|
| - formatString,
|
| - crlSerialNumberString,
|
| - reasonCode,
|
| - crlRevocationDateString,
|
| - critExtOIDsString),
|
| - PKIX_SPRINTFFAILED);
|
| -
|
| - *pString = crlEntryString;
|
| -
|
| -cleanup:
|
| -
|
| - PKIX_DECREF(critExtOIDs);
|
| - PKIX_DECREF(crlSerialNumberString);
|
| - PKIX_DECREF(crlRevocationDateString);
|
| - PKIX_DECREF(critExtOIDsString);
|
| - PKIX_DECREF(formatString);
|
| -
|
| - PKIX_RETURN(CRLENTRY);
|
| -}
|
| -
|
| -/*
|
| - * FUNCTION: pkix_pl_CRLEntry_ToString
|
| - * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
|
| - */
|
| -static PKIX_Error *
|
| -pkix_pl_CRLEntry_ToString(
|
| - PKIX_PL_Object *object,
|
| - PKIX_PL_String **pString,
|
| - void *plContext)
|
| -{
|
| - PKIX_PL_String *crlEntryString = NULL;
|
| - PKIX_PL_CRLEntry *crlEntry = NULL;
|
| -
|
| - PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_ToString");
|
| - PKIX_NULLCHECK_TWO(object, pString);
|
| -
|
| - PKIX_CHECK(pkix_CheckType(object, PKIX_CRLENTRY_TYPE, plContext),
|
| - PKIX_OBJECTNOTCRLENTRY);
|
| -
|
| - crlEntry = (PKIX_PL_CRLEntry *) object;
|
| -
|
| - PKIX_CHECK(pkix_pl_CRLEntry_ToString_Helper
|
| - (crlEntry, &crlEntryString, plContext),
|
| - PKIX_CRLENTRYTOSTRINGHELPERFAILED);
|
| -
|
| - *pString = crlEntryString;
|
| -
|
| -cleanup:
|
| -
|
| - PKIX_RETURN(CRLENTRY);
|
| -}
|
| -
|
| -/*
|
| - * FUNCTION: pkix_pl_CRLEntry_Extensions_Hashcode
|
| - * DESCRIPTION:
|
| - *
|
| - * For each CRL Entry extension stored at NSS structure CERTCertExtension,
|
| - * get its derbyte data and do the hash.
|
| - *
|
| - * PARAMETERS
|
| - * "extensions"
|
| - * Address of arrray of CERTCertExtension whose hash value is desired.
|
| - * Must be non-NULL.
|
| - * "pHashValue"
|
| - * Address where the final hash value is returned. Must be non-NULL.
|
| - * "plContext"
|
| - * Platform-specific context pointer.
|
| - * THREAD SAFETY:
|
| - * Conditional Thread Safe
|
| - * Though the value of extensions once created is not supposed to change,
|
| - * it may be de-allocated while we are accessing it. But since we are
|
| - * validating the object, it is unlikely we or someone is de-allocating
|
| - * at the moment.
|
| - * RETURNS:
|
| - * Returns NULL if the function succeeds.
|
| - * Returns an OID Error if the function fails in a non-fatal way.
|
| - * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| - */
|
| -static PKIX_Error *
|
| -pkix_pl_CRLEntry_Extensions_Hashcode(
|
| - CERTCertExtension **extensions,
|
| - PKIX_UInt32 *pHashValue,
|
| - void *plContext)
|
| -{
|
| - CERTCertExtension *extension = NULL;
|
| - PRArenaPool *arena = NULL;
|
| - PKIX_UInt32 extHash = 0;
|
| - PKIX_UInt32 hashValue = 0;
|
| - SECItem *derBytes = NULL;
|
| - SECItem *resultSecItem = NULL;
|
| -
|
| - PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Extensions_Hashcode");
|
| - PKIX_NULLCHECK_TWO(extensions, pHashValue);
|
| -
|
| - if (extensions) {
|
| -
|
| - PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_NewArena\n");
|
| - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
| - if (arena == NULL) {
|
| - PKIX_ERROR(PKIX_OUTOFMEMORY);
|
| - }
|
| -
|
| - while (*extensions) {
|
| -
|
| - extension = *extensions++;
|
| -
|
| - PKIX_NULLCHECK_ONE(extension);
|
| -
|
| - PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_ArenaZNew\n");
|
| - derBytes = PORT_ArenaZNew(arena, SECItem);
|
| - if (derBytes == NULL) {
|
| - PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
|
| - }
|
| -
|
| - PKIX_CRLENTRY_DEBUG
|
| - ("\t\tCalling SEC_ASN1EncodeItem\n");
|
| - resultSecItem = SEC_ASN1EncodeItem
|
| - (arena,
|
| - derBytes,
|
| - extension,
|
| - CERT_CertExtensionTemplate);
|
| -
|
| - if (resultSecItem == NULL){
|
| - PKIX_ERROR(PKIX_SECASN1ENCODEITEMFAILED);
|
| - }
|
| -
|
| - PKIX_CHECK(pkix_hash
|
| - (derBytes->data,
|
| - derBytes->len,
|
| - &extHash,
|
| - plContext),
|
| - PKIX_HASHFAILED);
|
| -
|
| - hashValue += (extHash << 7);
|
| -
|
| - }
|
| - }
|
| -
|
| - *pHashValue = hashValue;
|
| -
|
| -cleanup:
|
| -
|
| - if (arena){
|
| - /* Note that freeing the arena also frees derBytes */
|
| - PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_FreeArena\n");
|
| - PORT_FreeArena(arena, PR_FALSE);
|
| - arena = NULL;
|
| - }
|
| - PKIX_RETURN(CRLENTRY);
|
| -}
|
| -
|
| -/*
|
| - * FUNCTION: pkix_pl_CRLEntry_Hashcode
|
| - * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
|
| - */
|
| -static PKIX_Error *
|
| -pkix_pl_CRLEntry_Hashcode(
|
| - PKIX_PL_Object *object,
|
| - PKIX_UInt32 *pHashcode,
|
| - void *plContext)
|
| -{
|
| - SECItem *nssDate = NULL;
|
| - PKIX_PL_CRLEntry *crlEntry = NULL;
|
| - PKIX_UInt32 crlEntryHash;
|
| - PKIX_UInt32 hashValue;
|
| - PKIX_Int32 reasonCode = 0;
|
| -
|
| - PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Hashcode");
|
| - PKIX_NULLCHECK_TWO(object, pHashcode);
|
| -
|
| - PKIX_CHECK(pkix_CheckType(object, PKIX_CRLENTRY_TYPE, plContext),
|
| - PKIX_OBJECTNOTCRLENTRY);
|
| -
|
| - crlEntry = (PKIX_PL_CRLEntry *)object;
|
| -
|
| - PKIX_NULLCHECK_ONE(crlEntry->nssCrlEntry);
|
| - nssDate = &(crlEntry->nssCrlEntry->revocationDate);
|
| -
|
| - PKIX_NULLCHECK_ONE(nssDate->data);
|
| -
|
| - PKIX_CHECK(pkix_hash
|
| - ((const unsigned char *)nssDate->data,
|
| - nssDate->len,
|
| - &crlEntryHash,
|
| - plContext),
|
| - PKIX_ERRORGETTINGHASHCODE);
|
| -
|
| - PKIX_CHECK(PKIX_PL_Object_Hashcode
|
| - ((PKIX_PL_Object *)crlEntry->serialNumber,
|
| - &hashValue,
|
| - plContext),
|
| - PKIX_OBJECTHASHCODEFAILED);
|
| -
|
| - crlEntryHash += (hashValue << 7);
|
| -
|
| - hashValue = 0;
|
| -
|
| - if (crlEntry->nssCrlEntry->extensions) {
|
| -
|
| - PKIX_CHECK(pkix_pl_CRLEntry_Extensions_Hashcode
|
| - (crlEntry->nssCrlEntry->extensions, &hashValue, plContext),
|
| - PKIX_CRLENTRYEXTENSIONSHASHCODEFAILED);
|
| - }
|
| -
|
| - crlEntryHash += (hashValue << 7);
|
| -
|
| - PKIX_CHECK(PKIX_PL_CRLEntry_GetCRLEntryReasonCode
|
| - (crlEntry, &reasonCode, plContext),
|
| - PKIX_CRLENTRYGETCRLENTRYREASONCODEFAILED);
|
| -
|
| - crlEntryHash += (reasonCode + 777) << 3;
|
| -
|
| - *pHashcode = crlEntryHash;
|
| -
|
| -cleanup:
|
| -
|
| - PKIX_RETURN(CRLENTRY);
|
| -}
|
| -
|
| -/*
|
| - * FUNCTION: pkix_pl_CRLENTRY_Extensions_Equals
|
| - * DESCRIPTION:
|
| - *
|
| - * Compare each extension's DERbyte data in "firstExtensions" with extension
|
| - * in "secondExtensions" in sequential order and store the result in
|
| - * "pResult".
|
| - *
|
| - * PARAMETERS
|
| - * "firstExtensions"
|
| - * Address of first NSS structure CERTCertExtension to be compared.
|
| - * Must be non-NULL.
|
| - * "secondExtensions"
|
| - * Address of second NSS structure CERTCertExtension to be compared.
|
| - * Must be non-NULL.
|
| - * "pResult"
|
| - * Address where the comparison result is returned. Must be non-NULL.
|
| - * "plContext"
|
| - * Platform-specific context pointer.
|
| - * THREAD SAFETY:
|
| - * Conditionally Thread Safe
|
| - * Though the value of extensions once created is not supposed to change,
|
| - * it may be de-allocated while we are accessing it. But since we are
|
| - * validating the object, it is unlikely we or someone is de-allocating
|
| - * at the moment.
|
| - * RETURNS:
|
| - * Returns NULL if the function succeeds.
|
| - * Returns an OID Error if the function fails in a non-fatal way.
|
| - * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| - */
|
| -static PKIX_Error *
|
| -pkix_pl_CRLEntry_Extensions_Equals(
|
| - CERTCertExtension **extensions1,
|
| - CERTCertExtension **extensions2,
|
| - PKIX_Boolean *pResult,
|
| - void *plContext)
|
| -{
|
| - CERTCertExtension **firstExtensions;
|
| - CERTCertExtension **secondExtensions;
|
| - CERTCertExtension *firstExtension = NULL;
|
| - CERTCertExtension *secondExtension = NULL;
|
| - PRArenaPool *arena = NULL;
|
| - PKIX_Boolean cmpResult = PKIX_FALSE;
|
| - SECItem *firstDerBytes = NULL;
|
| - SECItem *secondDerBytes = NULL;
|
| - SECItem *firstResultSecItem = NULL;
|
| - SECItem *secondResultSecItem = NULL;
|
| - PKIX_UInt32 firstNumExt = 0;
|
| - PKIX_UInt32 secondNumExt = 0;
|
| - SECComparison secResult;
|
| -
|
| - PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Extensions_Equals");
|
| - PKIX_NULLCHECK_THREE(extensions1, extensions2, pResult);
|
| -
|
| - firstExtensions = extensions1;
|
| - secondExtensions = extensions2;
|
| -
|
| - if (firstExtensions) {
|
| - while (*firstExtensions) {
|
| - firstExtension = *firstExtensions++;
|
| - firstNumExt++;
|
| - }
|
| - }
|
| -
|
| - if (secondExtensions) {
|
| - while (*secondExtensions) {
|
| - secondExtension = *secondExtensions++;
|
| - secondNumExt++;
|
| - }
|
| - }
|
| -
|
| - if (firstNumExt != secondNumExt) {
|
| - *pResult = PKIX_FALSE;
|
| - goto cleanup;
|
| - }
|
| -
|
| - if (firstNumExt == 0 && secondNumExt == 0) {
|
| - *pResult = PKIX_TRUE;
|
| - goto cleanup;
|
| - }
|
| -
|
| - /* now have equal number, but non-zero extension items to compare */
|
| -
|
| - firstExtensions = extensions1;
|
| - secondExtensions = extensions2;
|
| -
|
| - cmpResult = PKIX_TRUE;
|
| -
|
| - PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_NewArena\n");
|
| - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE*2);
|
| - if (arena == NULL) {
|
| - PKIX_ERROR(PKIX_OUTOFMEMORY);
|
| - }
|
| -
|
| - while (firstNumExt--) {
|
| -
|
| - firstExtension = *firstExtensions++;
|
| - secondExtension = *secondExtensions++;
|
| -
|
| - PKIX_NULLCHECK_TWO(firstExtension, secondExtension);
|
| -
|
| - PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_ArenaZNew\n");
|
| - firstDerBytes = PORT_ArenaZNew(arena, SECItem);
|
| - if (firstDerBytes == NULL) {
|
| - PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
|
| - }
|
| -
|
| - PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_ArenaZNew\n");
|
| - secondDerBytes = PORT_ArenaZNew(arena, SECItem);
|
| - if (secondDerBytes == NULL) {
|
| - PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
|
| - }
|
| -
|
| - PKIX_CRLENTRY_DEBUG
|
| - ("\t\tCalling SEC_ASN1EncodeItem\n");
|
| - firstResultSecItem = SEC_ASN1EncodeItem
|
| - (arena,
|
| - firstDerBytes,
|
| - firstExtension,
|
| - CERT_CertExtensionTemplate);
|
| -
|
| - if (firstResultSecItem == NULL){
|
| - PKIX_ERROR(PKIX_SECASN1ENCODEITEMFAILED);
|
| - }
|
| -
|
| - PKIX_CRLENTRY_DEBUG
|
| - ("\t\tCalling SEC_ASN1EncodeItem\n");
|
| - secondResultSecItem = SEC_ASN1EncodeItem
|
| - (arena,
|
| - secondDerBytes,
|
| - secondExtension,
|
| - CERT_CertExtensionTemplate);
|
| -
|
| - if (secondResultSecItem == NULL){
|
| - PKIX_ERROR(PKIX_SECASN1ENCODEITEMFAILED);
|
| - }
|
| -
|
| - PKIX_CRLENTRY_DEBUG("\t\tCalling SECITEM_CompareItem\n");
|
| - secResult = SECITEM_CompareItem
|
| - (firstResultSecItem, secondResultSecItem);
|
| -
|
| - if (secResult != SECEqual) {
|
| - cmpResult = PKIX_FALSE;
|
| - break;
|
| - }
|
| -
|
| - }
|
| -
|
| - *pResult = cmpResult;
|
| -
|
| -cleanup:
|
| -
|
| - if (arena){
|
| - /* Note that freeing the arena also frees derBytes */
|
| - PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_FreeArena\n");
|
| - PORT_FreeArena(arena, PR_FALSE);
|
| - arena = NULL;
|
| - }
|
| -
|
| - PKIX_RETURN(CRLENTRY);
|
| -}
|
| -
|
| -/*
|
| - * FUNCTION: pkix_pl_CRLEntry_Equals
|
| - * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
|
| - */
|
| -static PKIX_Error *
|
| -pkix_pl_CRLEntry_Equals(
|
| - PKIX_PL_Object *firstObject,
|
| - PKIX_PL_Object *secondObject,
|
| - PKIX_Boolean *pResult,
|
| - void *plContext)
|
| -{
|
| - PKIX_PL_CRLEntry *firstCrlEntry = NULL;
|
| - PKIX_PL_CRLEntry *secondCrlEntry = NULL;
|
| - PKIX_UInt32 secondType;
|
| - PKIX_Boolean cmpResult = PKIX_FALSE;
|
| -
|
| - PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Equals");
|
| - PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
|
| -
|
| - /* test that firstObject is a CRLEntry */
|
| - PKIX_CHECK(pkix_CheckType(firstObject, PKIX_CRLENTRY_TYPE, plContext),
|
| - PKIX_FIRSTOBJECTNOTCRLENTRY);
|
| -
|
| - firstCrlEntry = (PKIX_PL_CRLEntry *)firstObject;
|
| - secondCrlEntry = (PKIX_PL_CRLEntry *)secondObject;
|
| -
|
| - PKIX_NULLCHECK_TWO
|
| - (firstCrlEntry->nssCrlEntry, secondCrlEntry->nssCrlEntry);
|
| -
|
| - /*
|
| - * Since we know firstObject is a CRLEntry, if both references are
|
| - * identical, they must be equal
|
| - */
|
| - if (firstCrlEntry == secondCrlEntry){
|
| - *pResult = PKIX_TRUE;
|
| - goto cleanup;
|
| - }
|
| -
|
| - /*
|
| - * If secondCrlEntry isn't a CRL Entry, we don't throw an error.
|
| - * We simply return a Boolean result of FALSE
|
| - */
|
| - *pResult = PKIX_FALSE;
|
| - PKIX_CHECK(PKIX_PL_Object_GetType
|
| - ((PKIX_PL_Object *)secondCrlEntry, &secondType, plContext),
|
| - PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
|
| - if (secondType != PKIX_CRLENTRY_TYPE) goto cleanup;
|
| -
|
| - /* Compare userSerialNumber */
|
| - PKIX_CRLENTRY_DEBUG("\t\tCalling SECITEM_CompareItem\n");
|
| - if (SECITEM_CompareItem(
|
| - &(((PKIX_PL_CRLEntry *)firstCrlEntry)->nssCrlEntry->serialNumber),
|
| - &(((PKIX_PL_CRLEntry *)secondCrlEntry)->nssCrlEntry->serialNumber))
|
| - != SECEqual) {
|
| - *pResult = PKIX_FALSE;
|
| - goto cleanup;
|
| - }
|
| -
|
| - /* Compare revocationDate */
|
| - PKIX_CRLENTRY_DEBUG("\t\tCalling SECITEM_CompareItem\n");
|
| - if (SECITEM_CompareItem
|
| - (&(((PKIX_PL_CRLEntry *)firstCrlEntry)->nssCrlEntry->
|
| - revocationDate),
|
| - &(((PKIX_PL_CRLEntry *)secondCrlEntry)->nssCrlEntry->
|
| - revocationDate))
|
| - != SECEqual) {
|
| - *pResult = PKIX_FALSE;
|
| - goto cleanup;
|
| - }
|
| -
|
| - /* Compare Critical Extension List */
|
| - PKIX_CHECK(pkix_pl_CRLEntry_Extensions_Equals
|
| - (firstCrlEntry->nssCrlEntry->extensions,
|
| - secondCrlEntry->nssCrlEntry->extensions,
|
| - &cmpResult,
|
| - plContext),
|
| - PKIX_CRLENTRYEXTENSIONSEQUALSFAILED);
|
| -
|
| - if (cmpResult != PKIX_TRUE){
|
| - *pResult = PKIX_FALSE;
|
| - goto cleanup;
|
| - }
|
| -
|
| - cmpResult = (firstCrlEntry->userReasonCode ==
|
| - secondCrlEntry->userReasonCode);
|
| -
|
| - *pResult = cmpResult;
|
| -
|
| -cleanup:
|
| -
|
| - PKIX_RETURN(CRLENTRY);
|
| -}
|
| -
|
| -/*
|
| - * FUNCTION: pkix_pl_CRLEntry_RegisterSelf
|
| - * DESCRIPTION:
|
| - * Registers PKIX_CRLEntry_TYPE and its related functions with systemClasses[]
|
| - * THREAD SAFETY:
|
| - * Not Thread Safe - for performance and complexity reasons
|
| - *
|
| - * Since this function is only called by PKIX_PL_Initialize, which should
|
| - * only be called once, it is acceptable that this function is not
|
| - * thread-safe.
|
| - */
|
| -PKIX_Error *
|
| -pkix_pl_CRLEntry_RegisterSelf(void *plContext)
|
| -{
|
| -
|
| - extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
|
| - pkix_ClassTable_Entry entry;
|
| -
|
| - PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_RegisterSelf");
|
| -
|
| - entry.description = "CRLEntry";
|
| - entry.objCounter = 0;
|
| - entry.typeObjectSize = sizeof(PKIX_PL_CRLEntry);
|
| - entry.destructor = pkix_pl_CRLEntry_Destroy;
|
| - entry.equalsFunction = pkix_pl_CRLEntry_Equals;
|
| - entry.hashcodeFunction = pkix_pl_CRLEntry_Hashcode;
|
| - entry.toStringFunction = pkix_pl_CRLEntry_ToString;
|
| - entry.comparator = NULL;
|
| - entry.duplicateFunction = pkix_duplicateImmutable;
|
| -
|
| - systemClasses[PKIX_CRLENTRY_TYPE] = entry;
|
| -
|
| - PKIX_RETURN(CRLENTRY);
|
| -}
|
| -
|
| -/*
|
| - * FUNCTION: pkix_pl_CRLEntry_CreateEntry
|
| - * DESCRIPTION:
|
| - *
|
| - * Creates a new CRLEntry using the CertCrlEntry pointed to by "nssCrlEntry"
|
| - * and stores it at "pCrlEntry". Once created, a CRLEntry is immutable.
|
| - *
|
| - * revokedCertificates SEQUENCE OF SEQUENCE {
|
| - * userCertificate CertificateSerialNumber,
|
| - * revocationDate Time,
|
| - * crlEntryExtensions Extensions OPTIONAL
|
| - * -- if present, MUST be v2
|
| - *
|
| - * PARAMETERS:
|
| - * "nssCrlEntry"
|
| - * Address of CERTCrlEntry representing an NSS CRL entry.
|
| - * Must be non-NULL.
|
| - * "pCrlEntry"
|
| - * Address where object pointer will be stored. Must be non-NULL.
|
| - * "plContext"
|
| - * Platform-specific context pointer.
|
| - * THREAD SAFETY:
|
| - * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
| - * RETURNS:
|
| - * Returns NULL if the function succeeds.
|
| - * Returns a CRLEntry Error if the function fails in a non-fatal way.
|
| - * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| - */
|
| -static PKIX_Error *
|
| -pkix_pl_CRLEntry_CreateEntry(
|
| - CERTCrlEntry *nssCrlEntry, /* entry data to be created from */
|
| - PKIX_PL_CRLEntry **pCrlEntry,
|
| - void *plContext)
|
| -{
|
| - PKIX_PL_CRLEntry *crlEntry = NULL;
|
| -
|
| - PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_CreateEntry");
|
| - PKIX_NULLCHECK_TWO(nssCrlEntry, pCrlEntry);
|
| -
|
| - PKIX_CHECK(PKIX_PL_Object_Alloc
|
| - (PKIX_CRLENTRY_TYPE,
|
| - sizeof (PKIX_PL_CRLEntry),
|
| - (PKIX_PL_Object **)&crlEntry,
|
| - plContext),
|
| - PKIX_COULDNOTCREATECRLENTRYOBJECT);
|
| -
|
| - crlEntry->nssCrlEntry = nssCrlEntry;
|
| - crlEntry->serialNumber = NULL;
|
| - crlEntry->critExtOids = NULL;
|
| - crlEntry->userReasonCode = 0;
|
| - crlEntry->userReasonCodeAbsent = PKIX_FALSE;
|
| -
|
| - *pCrlEntry = crlEntry;
|
| -
|
| -cleanup:
|
| -
|
| - PKIX_RETURN(CRLENTRY);
|
| -}
|
| -
|
| -/*
|
| - * FUNCTION: pkix_pl_CRLEntry_Create
|
| - * DESCRIPTION:
|
| - *
|
| - * Creates a List of CRLEntries using the array of CERTCrlEntries pointed to
|
| - * by "nssCrlEntries" and stores it at "pCrlEntryList". If "nssCrlEntries" is
|
| - * NULL, this function stores an empty List at "pCrlEntryList".
|
| - * }
|
| - * PARAMETERS:
|
| - * "nssCrlEntries"
|
| - * Address of array of CERTCrlEntries representing NSS CRL entries.
|
| - * Can be NULL if CRL has no NSS CRL entries.
|
| - * "pCrlEntryList"
|
| - * Address where object pointer will be stored. Must be non-NULL.
|
| - * "plContext"
|
| - * Platform-specific context pointer.
|
| - * THREAD SAFETY:
|
| - * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
| - * RETURNS:
|
| - * Returns NULL if the function succeeds.
|
| - * Returns a CRLEntry Error if the function fails in a non-fatal way.
|
| - * Returns a Fatal Error if the function fails in an unrecoverable way.
|
| - */
|
| -PKIX_Error *
|
| -pkix_pl_CRLEntry_Create(
|
| - CERTCrlEntry **nssCrlEntries, /* head of entry list */
|
| - PKIX_List **pCrlEntryList,
|
| - void *plContext)
|
| -{
|
| - PKIX_List *entryList = NULL;
|
| - PKIX_PL_CRLEntry *crlEntry = NULL;
|
| - CERTCrlEntry **entries = NULL;
|
| - SECItem serialNumberItem;
|
| - PKIX_PL_BigInt *serialNumber;
|
| - char *bytes = NULL;
|
| - PKIX_UInt32 length;
|
| -
|
| - PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Create");
|
| - PKIX_NULLCHECK_ONE(pCrlEntryList);
|
| -
|
| - entries = nssCrlEntries;
|
| -
|
| - PKIX_CHECK(PKIX_List_Create(&entryList, plContext),
|
| - PKIX_LISTCREATEFAILED);
|
| -
|
| - if (entries) {
|
| - while (*entries){
|
| - PKIX_CHECK(pkix_pl_CRLEntry_CreateEntry
|
| - (*entries, &crlEntry, plContext),
|
| - PKIX_COULDNOTCREATECRLENTRYOBJECT);
|
| -
|
| - /* Get Serial Number */
|
| - serialNumberItem = (*entries)->serialNumber;
|
| - length = serialNumberItem.len;
|
| - bytes = (char *)serialNumberItem.data;
|
| -
|
| - PKIX_CHECK(pkix_pl_BigInt_CreateWithBytes
|
| - (bytes, length, &serialNumber, plContext),
|
| - PKIX_BIGINTCREATEWITHBYTESFAILED);
|
| -
|
| - crlEntry->serialNumber = serialNumber;
|
| - crlEntry->nssCrlEntry = *entries;
|
| -
|
| - PKIX_CHECK(PKIX_List_AppendItem
|
| - (entryList, (PKIX_PL_Object *)crlEntry, plContext),
|
| - PKIX_LISTAPPENDITEMFAILED);
|
| -
|
| - PKIX_DECREF(crlEntry);
|
| -
|
| - entries++;
|
| - }
|
| - }
|
| -
|
| - *pCrlEntryList = entryList;
|
| -
|
| -cleanup:
|
| - PKIX_DECREF(crlEntry);
|
| -
|
| - if (PKIX_ERROR_RECEIVED){
|
| - PKIX_DECREF(entryList);
|
| - }
|
| -
|
| - PKIX_RETURN(CRLENTRY);
|
| -}
|
| -
|
| -/* --Public-CRLENTRY-Functions------------------------------------- */
|
| -
|
| -/*
|
| - * FUNCTION: PKIX_PL_CRLEntry_GetCRLEntryReasonCode
|
| - * (see comments in pkix_pl_pki.h)
|
| - */
|
| -PKIX_Error *
|
| -PKIX_PL_CRLEntry_GetCRLEntryReasonCode (
|
| - PKIX_PL_CRLEntry *crlEntry,
|
| - PKIX_Int32 *pReason,
|
| - void *plContext)
|
| -{
|
| - SECStatus status;
|
| - CERTCRLEntryReasonCode nssReasonCode;
|
| -
|
| - PKIX_ENTER(CRLENTRY, "PKIX_PL_CRLEntry_GetCRLEntryReasonCode");
|
| - PKIX_NULLCHECK_TWO(crlEntry, pReason);
|
| -
|
| - if (!crlEntry->userReasonCodeAbsent && crlEntry->userReasonCode == 0) {
|
| -
|
| - PKIX_OBJECT_LOCK(crlEntry);
|
| -
|
| - if (!crlEntry->userReasonCodeAbsent &&
|
| - crlEntry->userReasonCode == 0) {
|
| -
|
| - /* reason code has not been cached in */
|
| - PKIX_CRLENTRY_DEBUG("\t\tCERT_FindCRLEntryReasonExten.\n");
|
| - status = CERT_FindCRLEntryReasonExten
|
| - (crlEntry->nssCrlEntry, &nssReasonCode);
|
| -
|
| - if (status == SECSuccess) {
|
| - crlEntry->userReasonCode = (PKIX_Int32) nssReasonCode;
|
| - } else {
|
| - crlEntry->userReasonCodeAbsent = PKIX_TRUE;
|
| - }
|
| - }
|
| -
|
| - PKIX_OBJECT_UNLOCK(crlEntry);
|
| -
|
| - }
|
| -
|
| - *pReason = crlEntry->userReasonCode;
|
| -
|
| -cleanup:
|
| -
|
| - PKIX_RETURN(CRLENTRY);
|
| -}
|
| -
|
| -/*
|
| - * FUNCTION: PKIX_PL_CRLEntry_GetCriticalExtensionOIDs
|
| - * (see comments in pkix_pl_pki.h)
|
| - */
|
| -PKIX_Error *
|
| -PKIX_PL_CRLEntry_GetCriticalExtensionOIDs (
|
| - PKIX_PL_CRLEntry *crlEntry,
|
| - PKIX_List **pList, /* list of PKIX_PL_OID */
|
| - void *plContext)
|
| -{
|
| - PKIX_List *oidsList = NULL;
|
| - CERTCertExtension **extensions;
|
| -
|
| - PKIX_ENTER(CRLENTRY, "PKIX_PL_CRLEntry_GetCriticalExtensionOIDs");
|
| - PKIX_NULLCHECK_THREE(crlEntry, crlEntry->nssCrlEntry, pList);
|
| -
|
| - /* if we don't have a cached copy from before, we create one */
|
| - if (crlEntry->critExtOids == NULL) {
|
| -
|
| - PKIX_OBJECT_LOCK(crlEntry);
|
| -
|
| - if (crlEntry->critExtOids == NULL) {
|
| -
|
| - extensions = crlEntry->nssCrlEntry->extensions;
|
| -
|
| - PKIX_CHECK(pkix_pl_OID_GetCriticalExtensionOIDs
|
| - (extensions, &oidsList, plContext),
|
| - PKIX_GETCRITICALEXTENSIONOIDSFAILED);
|
| -
|
| - crlEntry->critExtOids = oidsList;
|
| - }
|
| -
|
| - PKIX_OBJECT_UNLOCK(crlEntry);
|
| -
|
| - }
|
| -
|
| - /* We should return a copy of the List since this list changes */
|
| - PKIX_DUPLICATE(crlEntry->critExtOids, pList, plContext,
|
| - PKIX_OBJECTDUPLICATELISTFAILED);
|
| -
|
| -cleanup:
|
| -
|
| - PKIX_RETURN(CRLENTRY);
|
| -}
|
|
|
Chromium Code Reviews
Issue 14249009:
Change the NSS and NSPR source tree to the new directory structure to be (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/