OLD | NEW |
| (Empty) |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
4 /* | |
5 * pkix_pl_crldp.c | |
6 * | |
7 * Crl DP Object Functions | |
8 * | |
9 */ | |
10 | |
11 #include "pkix_pl_crldp.h" | |
12 | |
13 static PKIX_Error * | |
14 pkix_pl_CrlDp_Destroy( | |
15 PKIX_PL_Object *object, | |
16 void *plContext) | |
17 { | |
18 pkix_pl_CrlDp *crldp = NULL; | |
19 | |
20 PKIX_ENTER(CRLCHECKER, "pkix_CrlDp_Destroy"); | |
21 PKIX_NULLCHECK_ONE(object); | |
22 | |
23 /* Check that this object is a default CRL checker state */ | |
24 PKIX_CHECK( | |
25 pkix_CheckType(object, PKIX_CRLDP_TYPE, plContext), | |
26 PKIX_OBJECTNOTCRLCHECKER); | |
27 | |
28 crldp = (pkix_pl_CrlDp *)object; | |
29 if (crldp->distPointType == relativeDistinguishedName) { | |
30 CERT_DestroyName(crldp->name.issuerName); | |
31 crldp->name.issuerName = NULL; | |
32 } | |
33 crldp->nssdp = NULL; | |
34 cleanup: | |
35 PKIX_RETURN(CRLCHECKER); | |
36 } | |
37 | |
38 /* | |
39 * FUNCTION: pkix_pl_CrlDp_RegisterSelf | |
40 * | |
41 * DESCRIPTION: | |
42 * Registers PKIX_CRLDP_TYPE and its related functions | |
43 * with systemClasses[] | |
44 * | |
45 * THREAD SAFETY: | |
46 * Not Thread Safe (see Thread Safety Definitions in Programmer's Guide) | |
47 * | |
48 * Since this function is only called by PKIX_PL_Initialize, which should | |
49 * only be called once, it is acceptable that this function is not | |
50 * thread-safe. | |
51 */ | |
52 PKIX_Error * | |
53 pkix_pl_CrlDp_RegisterSelf(void *plContext) | |
54 { | |
55 extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES]; | |
56 pkix_ClassTable_Entry* entry = &systemClasses[PKIX_CRLDP_TYPE]; | |
57 | |
58 PKIX_ENTER(CRLCHECKER, "pkix_CrlDp_RegisterSelf"); | |
59 | |
60 entry->description = "CrlDistPoint"; | |
61 entry->typeObjectSize = sizeof(pkix_pl_CrlDp); | |
62 entry->destructor = pkix_pl_CrlDp_Destroy; | |
63 entry->duplicateFunction = pkix_duplicateImmutable; | |
64 | |
65 PKIX_RETURN(CRLCHECKER); | |
66 } | |
67 | |
68 | |
69 | |
70 PKIX_Error * | |
71 pkix_pl_CrlDp_Create( | |
72 const CRLDistributionPoint *dp, | |
73 const CERTName *certIssuerName, | |
74 pkix_pl_CrlDp **pPkixDP, | |
75 void *plContext) | |
76 { | |
77 PLArenaPool *rdnArena = NULL; | |
78 CERTName *issuerNameCopy = NULL; | |
79 pkix_pl_CrlDp *dpl = NULL; | |
80 | |
81 /* Need to save the following info to update crl cache: | |
82 * - reasons if partitioned(but can not return revocation check | |
83 * success if not all crl are downloaded) | |
84 * - issuer name if different from issuer of the cert | |
85 * - url to upload a crl if needed. | |
86 * */ | |
87 PKIX_ENTER(CRLDP, "pkix_pl_CrlDp_Create"); | |
88 PKIX_NULLCHECK_ONE(dp); | |
89 | |
90 PKIX_CHECK( | |
91 PKIX_PL_Object_Alloc(PKIX_CRLDP_TYPE, | |
92 sizeof (pkix_pl_CrlDp), | |
93 (PKIX_PL_Object **)&dpl, | |
94 plContext), | |
95 PKIX_COULDNOTCREATEOBJECT); | |
96 | |
97 dpl->nssdp = dp; | |
98 dpl->isPartitionedByReasonCode = PKIX_FALSE; | |
99 if (dp->reasons.data) { | |
100 dpl->isPartitionedByReasonCode = PKIX_TRUE; | |
101 } | |
102 if (dp->distPointType == generalName) { | |
103 dpl->distPointType = generalName; | |
104 dpl->name.fullName = dp->distPoint.fullName; | |
105 } else { | |
106 SECStatus rv; | |
107 const CERTName *issuerName = NULL; | |
108 const CERTRDN *relName = &dp->distPoint.relativeName; | |
109 | |
110 if (dp->crlIssuer) { | |
111 if (dp->crlIssuer->l.next) { | |
112 /* Violate RFC 5280: in this case crlIssuer | |
113 * should have only one name and should be | |
114 * a distinguish name. */ | |
115 PKIX_ERROR(PKIX_NOTCONFORMINGCRLDP); | |
116 } | |
117 issuerName = &dp->crlIssuer->name.directoryName; | |
118 } else { | |
119 issuerName = certIssuerName; | |
120 } | |
121 rdnArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | |
122 if (!rdnArena) { | |
123 PKIX_ERROR(PKIX_PORTARENAALLOCFAILED); | |
124 } | |
125 issuerNameCopy = (CERTName *)PORT_ArenaZNew(rdnArena, CERTName); | |
126 if (!issuerNameCopy) { | |
127 PKIX_ERROR(PKIX_ALLOCERROR); | |
128 } | |
129 rv = CERT_CopyName(rdnArena, issuerNameCopy, (CERTName*)issuerName); | |
130 if (rv == SECFailure) { | |
131 PKIX_ERROR(PKIX_ALLOCERROR); | |
132 } | |
133 rv = CERT_AddRDN(issuerNameCopy, (CERTRDN*)relName); | |
134 if (rv == SECFailure) { | |
135 PKIX_ERROR(PKIX_ALLOCERROR); | |
136 } | |
137 dpl->distPointType = relativeDistinguishedName; | |
138 dpl->name.issuerName = issuerNameCopy; | |
139 rdnArena = NULL; | |
140 } | |
141 *pPkixDP = dpl; | |
142 dpl = NULL; | |
143 | |
144 cleanup: | |
145 if (rdnArena) { | |
146 PORT_FreeArena(rdnArena, PR_FALSE); | |
147 } | |
148 PKIX_DECREF(dpl); | |
149 | |
150 PKIX_RETURN(CRLDP); | |
151 } | |
OLD | NEW |