The Tor Browser: comparison security/nss/lib/libpkix/pkix/params/pkix

--1:000000000000
+:75ba90d53c3a
+/* This Source Code Form is subject to the terms of the Mozilla Public
+* License, v. 2.0. If a copy of the MPL was not distributed with this
+* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+* pkix_trustanchor.c
+*
+* TrustAnchor Object Functions
+*
+*/
+#include "pkix_trustanchor.h"
+/* --Private-Functions-------------------------------------------- */
+/*
+* FUNCTION: pkix_TrustAnchor_Destroy
+* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+*/
+static PKIX_Error *
+pkix_TrustAnchor_Destroy(
+PKIX_PL_Object *object,
+void *plContext)
+{
+PKIX_TrustAnchor *anchor = NULL;
+PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Destroy");
+PKIX_NULLCHECK_ONE(object);
+/* Check that this object is a trust anchor */
+PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
+PKIX_OBJECTNOTTRUSTANCHOR);
+anchor = (PKIX_TrustAnchor *)object;
+PKIX_DECREF(anchor->trustedCert);
+PKIX_DECREF(anchor->caName);
+PKIX_DECREF(anchor->caPubKey);
+PKIX_DECREF(anchor->nameConstraints);
+cleanup:
+PKIX_RETURN(TRUSTANCHOR);
+}
+/*
+* FUNCTION: pkix_TrustAnchor_Equals
+* (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+*/
+static PKIX_Error *
+pkix_TrustAnchor_Equals(
+PKIX_PL_Object *first,
+PKIX_PL_Object *second,
+PKIX_Boolean *pResult,
+void *plContext)
+{
+PKIX_UInt32 secondType;
+PKIX_Boolean cmpResult;
+PKIX_TrustAnchor *firstAnchor = NULL;
+PKIX_TrustAnchor *secondAnchor = NULL;
+PKIX_PL_Cert *firstCert = NULL;
+PKIX_PL_Cert *secondCert = NULL;
+PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Equals");
+PKIX_NULLCHECK_THREE(first, second, pResult);
+PKIX_CHECK(pkix_CheckType(first, PKIX_TRUSTANCHOR_TYPE, plContext),
+PKIX_FIRSTOBJECTNOTTRUSTANCHOR);
+PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
+PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+*pResult = PKIX_FALSE;
+if (secondType != PKIX_TRUSTANCHOR_TYPE) goto cleanup;
+firstAnchor = (PKIX_TrustAnchor *)first;
+secondAnchor = (PKIX_TrustAnchor *)second;
+firstCert = firstAnchor->trustedCert;
+secondCert = secondAnchor->trustedCert;
+if ((firstCert && !secondCert) || (!firstCert && secondCert)){
+goto cleanup;
+}
+if (firstCert && secondCert){
+PKIX_CHECK(PKIX_PL_Object_Equals
+((PKIX_PL_Object *)firstCert,
+(PKIX_PL_Object *)secondCert,
+&cmpResult,
+plContext),
+PKIX_OBJECTEQUALSFAILED);
+} else {
+PKIX_CHECK(PKIX_PL_Object_Equals
+((PKIX_PL_Object *)firstAnchor->caName,
+(PKIX_PL_Object *)secondAnchor->caName,
+&cmpResult,
+plContext),
+PKIX_OBJECTEQUALSFAILED);
+if (!cmpResult) goto cleanup;
+PKIX_CHECK(PKIX_PL_Object_Equals
+((PKIX_PL_Object *)firstAnchor->caPubKey,
+(PKIX_PL_Object *)secondAnchor->caPubKey,
+&cmpResult,
+plContext),
+PKIX_OBJECTEQUALSFAILED);
+if (!cmpResult) goto cleanup;
+PKIX_EQUALS
+(firstAnchor->nameConstraints,
+secondAnchor->nameConstraints,
+&cmpResult,
+plContext,
+PKIX_OBJECTEQUALSFAILED);
+if (!cmpResult) goto cleanup;
+}
+*pResult = cmpResult;
+cleanup:
+PKIX_RETURN(TRUSTANCHOR);
+}
+/*
+* FUNCTION: pkix_TrustAnchor_Hashcode
+* (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+*/
+static PKIX_Error *
+pkix_TrustAnchor_Hashcode(
+PKIX_PL_Object *object,
+PKIX_UInt32 *pHashcode,
+void *plContext)
+{
+PKIX_TrustAnchor *anchor = NULL;
+PKIX_PL_Cert *cert = NULL;
+PKIX_UInt32 hash = 0;
+PKIX_UInt32 certHash = 0;
+PKIX_UInt32 nameHash = 0;
+PKIX_UInt32 pubKeyHash = 0;
+PKIX_UInt32 ncHash = 0;
+PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Hashcode");
+PKIX_NULLCHECK_TWO(object, pHashcode);
+PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
+PKIX_OBJECTNOTTRUSTANCHOR);
+anchor = (PKIX_TrustAnchor*)object;
+cert = anchor->trustedCert;
+if (cert){
+PKIX_CHECK(PKIX_PL_Object_Hashcode
+((PKIX_PL_Object *)cert,
+&certHash,
+plContext),
+PKIX_OBJECTHASHCODEFAILED);
+hash = certHash;
+} else {
+PKIX_CHECK(PKIX_PL_Object_Hashcode
+((PKIX_PL_Object *)anchor->caName,
+&nameHash,
+plContext),
+PKIX_OBJECTHASHCODEFAILED);
+PKIX_CHECK(PKIX_PL_Object_Hashcode
+((PKIX_PL_Object *)anchor->caPubKey,
+&pubKeyHash,
+plContext),
+PKIX_OBJECTHASHCODEFAILED);
+PKIX_HASHCODE(anchor->nameConstraints, &ncHash, plContext,
+PKIX_OBJECTHASHCODEFAILED);
+hash = 31 * nameHash + pubKeyHash + ncHash;
+}
+*pHashcode = hash;
+cleanup:
+PKIX_RETURN(TRUSTANCHOR);
+}
+/*
+* FUNCTION: pkix_TrustAnchor_ToString
+* (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+*/
+static PKIX_Error *
+pkix_TrustAnchor_ToString(
+PKIX_PL_Object *object,
+PKIX_PL_String **pString,
+void *plContext)
+{
+PKIX_TrustAnchor *anchor = NULL;
+char *asciiFormat = NULL;
+PKIX_PL_String *formatString = NULL;
+PKIX_PL_String *anchorString = NULL;
+PKIX_PL_String *certString = NULL;
+PKIX_PL_String *nameString = NULL;
+PKIX_PL_String *pubKeyString = NULL;
+PKIX_PL_String *nameConstraintsString = NULL;
+PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_ToString");
+PKIX_NULLCHECK_TWO(object, pString);
+PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
+PKIX_OBJECTNOTTRUSTANCHOR);
+anchor = (PKIX_TrustAnchor*)object;
+if (anchor->trustedCert){
+asciiFormat =
+"[\n"
+"\tTrusted Cert:	%s\n"
+"]\n";
+PKIX_CHECK(PKIX_PL_String_Create
+(PKIX_ESCASCII,
+asciiFormat,
+0,
+&formatString,
+plContext),
+PKIX_STRINGCREATEFAILED);
+PKIX_CHECK(PKIX_PL_Object_ToString
+((PKIX_PL_Object *)anchor->trustedCert,
+&certString,
+plContext),
+PKIX_OBJECTTOSTRINGFAILED);
+PKIX_CHECK(PKIX_PL_Sprintf
+(&anchorString,
+plContext,
+formatString,
+certString),
+PKIX_SPRINTFFAILED);
+} else {
+asciiFormat =
+"[\n"
+"\tTrusted CA Name:         %s\n"
+"\tTrusted CA PublicKey:    %s\n"
+"\tInitial Name Constraints:%s\n"
+"]\n";
+PKIX_CHECK(PKIX_PL_String_Create
+(PKIX_ESCASCII,
+asciiFormat,
+0,
+&formatString,
+plContext),
+PKIX_STRINGCREATEFAILED);
+PKIX_CHECK(PKIX_PL_Object_ToString
+((PKIX_PL_Object *)anchor->caName,
+&nameString,
+plContext),
+PKIX_OBJECTTOSTRINGFAILED);
+PKIX_CHECK(PKIX_PL_Object_ToString
+((PKIX_PL_Object *)anchor->caPubKey,
+&pubKeyString,
+plContext),
+PKIX_OBJECTTOSTRINGFAILED);
+PKIX_TOSTRING
+(anchor->nameConstraints,
+&nameConstraintsString,
+plContext,
+PKIX_OBJECTTOSTRINGFAILED);
+PKIX_CHECK(PKIX_PL_Sprintf
+(&anchorString,
+plContext,
+formatString,
+nameString,
+pubKeyString,
+nameConstraintsString),
+PKIX_SPRINTFFAILED);
+}
+*pString = anchorString;
+cleanup:
+PKIX_DECREF(formatString);
+PKIX_DECREF(certString);
+PKIX_DECREF(nameString);
+PKIX_DECREF(pubKeyString);
+PKIX_DECREF(nameConstraintsString);
+PKIX_RETURN(TRUSTANCHOR);
+}
+/*
+* FUNCTION: pkix_TrustAnchor_RegisterSelf
+* DESCRIPTION:
+*  Registers PKIX_TRUSTANCHOR_TYPE and its related functions with
+*  systemClasses[]
+* THREAD SAFETY:
+*  Not Thread Safe - for performance and complexity reasons
+*
+*  Since this function is only called by PKIX_PL_Initialize, which should
+*  only be called once, it is acceptable that this function is not
+*  thread-safe.
+*/
+PKIX_Error *
+pkix_TrustAnchor_RegisterSelf(void *plContext)
+{
+extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+pkix_ClassTable_Entry entry;
+PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_RegisterSelf");
+entry.description = "TrustAnchor";
+entry.objCounter = 0;
+entry.typeObjectSize = sizeof(PKIX_TrustAnchor);
+entry.destructor = pkix_TrustAnchor_Destroy;
+entry.equalsFunction = pkix_TrustAnchor_Equals;
+entry.hashcodeFunction = pkix_TrustAnchor_Hashcode;
+entry.toStringFunction = pkix_TrustAnchor_ToString;
+entry.comparator = NULL;
+entry.duplicateFunction = pkix_duplicateImmutable;
+systemClasses[PKIX_TRUSTANCHOR_TYPE] = entry;
+PKIX_RETURN(TRUSTANCHOR);
+}
+/* --Public-Functions--------------------------------------------- */
+/*
+* FUNCTION: PKIX_TrustAnchor_CreateWithCert (see comments in pkix_params.h)
+*/
+PKIX_Error *
+PKIX_TrustAnchor_CreateWithCert(
+PKIX_PL_Cert *cert,
+PKIX_TrustAnchor **pAnchor,
+void *plContext)
+{
+PKIX_TrustAnchor *anchor = NULL;
+PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithCert");
+PKIX_NULLCHECK_TWO(cert, pAnchor);
+PKIX_CHECK(PKIX_PL_Object_Alloc
+(PKIX_TRUSTANCHOR_TYPE,
+sizeof (PKIX_TrustAnchor),
+(PKIX_PL_Object **)&anchor,
+plContext),
+PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
+/* initialize fields */
+PKIX_CHECK(
+PKIX_PL_Cert_SetAsTrustAnchor(cert, plContext),
+PKIX_CERTSETASTRUSTANCHORFAILED);
+PKIX_INCREF(cert);
+anchor->trustedCert = cert;
+anchor->caName = NULL;
+anchor->caPubKey = NULL;
+PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints
+(anchor->trustedCert, &anchor->nameConstraints, plContext),
+PKIX_CERTGETNAMECONSTRAINTSFAILED);
+*pAnchor = anchor;
+anchor = NULL;
+cleanup:
+PKIX_DECREF(anchor);
+PKIX_RETURN(TRUSTANCHOR);
+}
+/*
+* FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair
+*      (see comments in pkix_params.h)
+*/
+PKIX_Error *
+PKIX_TrustAnchor_CreateWithNameKeyPair(
+PKIX_PL_X500Name *name,
+PKIX_PL_PublicKey *pubKey,
+PKIX_PL_CertNameConstraints *nameConstraints,
+PKIX_TrustAnchor **pAnchor,
+void *plContext)
+{
+PKIX_TrustAnchor *anchor = NULL;
+PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithNameKeyPair");
+#ifndef BUILD_LIBPKIX_TESTS
+/* Nss creates trust anchors by using PKIX_TrustAnchor_CreateWithCert
+* function as the complete trusted cert structure, and not only cert
+* public key, is required for chain building and validation processes.
+* Restricting this function for been used only in libpkix unit
+* tests. */
+PKIX_ERROR(PKIX_FUNCTIONMUSTNOTBEUSED);
+#endif
+PKIX_NULLCHECK_THREE(name, pubKey, pAnchor);
+PKIX_CHECK(PKIX_PL_Object_Alloc
+(PKIX_TRUSTANCHOR_TYPE,
+sizeof (PKIX_TrustAnchor),
+(PKIX_PL_Object **)&anchor,
+plContext),
+PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
+/* initialize fields */
+anchor->trustedCert = NULL;
+PKIX_INCREF(name);
+anchor->caName = name;
+PKIX_INCREF(pubKey);
+anchor->caPubKey = pubKey;
+PKIX_INCREF(nameConstraints);
+anchor->nameConstraints = nameConstraints;
+*pAnchor = anchor;
+anchor = NULL;
+cleanup:
+PKIX_DECREF(anchor);
+PKIX_RETURN(TRUSTANCHOR);
+}
+/*
+* FUNCTION: PKIX_TrustAnchor_GetTrustedCert (see comments in pkix_params.h)
+*/
+PKIX_Error *
+PKIX_TrustAnchor_GetTrustedCert(
+PKIX_TrustAnchor *anchor,
+PKIX_PL_Cert **pCert,
+void *plContext)
+{
+PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetTrustedCert");
+PKIX_NULLCHECK_TWO(anchor, pCert);
+PKIX_INCREF(anchor->trustedCert);
+*pCert = anchor->trustedCert;
+cleanup:
+PKIX_RETURN(TRUSTANCHOR);
+}
+/*
+* FUNCTION: PKIX_TrustAnchor_GetCAName (see comments in pkix_params.h)
+*/
+PKIX_Error *
+PKIX_TrustAnchor_GetCAName(
+PKIX_TrustAnchor *anchor,
+PKIX_PL_X500Name **pCAName,
+void *plContext)
+{
+PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetCAName");
+PKIX_NULLCHECK_TWO(anchor, pCAName);
+PKIX_INCREF(anchor->caName);
+*pCAName = anchor->caName;
+cleanup:
+PKIX_RETURN(TRUSTANCHOR);
+}
+/*
+* FUNCTION: PKIX_TrustAnchor_GetCAPublicKey (see comments in pkix_params.h)
+*/
+PKIX_Error *
+PKIX_TrustAnchor_GetCAPublicKey(
+PKIX_TrustAnchor *anchor,
+PKIX_PL_PublicKey **pPubKey,
+void *plContext)
+{
+PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetCAPublicKey");
+PKIX_NULLCHECK_TWO(anchor, pPubKey);
+PKIX_INCREF(anchor->caPubKey);
+*pPubKey = anchor->caPubKey;
+cleanup:
+PKIX_RETURN(TRUSTANCHOR);
+}
+/*
+* FUNCTION: PKIX_TrustAnchor_GetNameConstraints
+*      (see comments in pkix_params.h)
+*/
+PKIX_Error *
+PKIX_TrustAnchor_GetNameConstraints(
+PKIX_TrustAnchor *anchor,
+PKIX_PL_CertNameConstraints **pNameConstraints,
+void *plContext)
+{
+PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetNameConstraints");
+PKIX_NULLCHECK_TWO(anchor, pNameConstraints);
+PKIX_INCREF(anchor->nameConstraints);
+*pNameConstraints = anchor->nameConstraints;
+cleanup:
+PKIX_RETURN(TRUSTANCHOR);
+}

The Tor Browser / file comparison

comparison: security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c

security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c