1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/libpkix/pkix/checker/pkix_certchainchecker.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,322 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +/*
1.8 + * pkix_certchainchecker.c
1.9 + *
1.10 + * CertChainChecker Object Functions
1.11 + *
1.12 + */
1.13 +
1.14 +#include "pkix_certchainchecker.h"
1.15 +
1.16 +/* --Private-Functions-------------------------------------------- */
1.17 +
1.18 +/*
1.19 + * FUNCTION: pkix_CertChainChecker_Destroy
1.20 + * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
1.21 + */
1.22 +static PKIX_Error *
1.23 +pkix_CertChainChecker_Destroy(
1.24 + PKIX_PL_Object *object,
1.25 + void *plContext)
1.26 +{
1.27 + PKIX_CertChainChecker *checker = NULL;
1.28 +
1.29 + PKIX_ENTER(CERTCHAINCHECKER, "pkix_CertChainChecker_Destroy");
1.30 + PKIX_NULLCHECK_ONE(object);
1.31 +
1.32 + /* Check that this object is a cert chain checker */
1.33 + PKIX_CHECK(pkix_CheckType
1.34 + (object, PKIX_CERTCHAINCHECKER_TYPE, plContext),
1.35 + PKIX_OBJECTNOTCERTCHAINCHECKER);
1.36 +
1.37 + checker = (PKIX_CertChainChecker *)object;
1.38 +
1.39 + PKIX_DECREF(checker->extensions);
1.40 + PKIX_DECREF(checker->state);
1.41 +
1.42 +cleanup:
1.43 +
1.44 + PKIX_RETURN(CERTCHAINCHECKER);
1.45 +}
1.46 +
1.47 +/*
1.48 + * FUNCTION: pkix_CertChainChecker_Duplicate
1.49 + * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
1.50 + */
1.51 +static PKIX_Error *
1.52 +pkix_CertChainChecker_Duplicate(
1.53 + PKIX_PL_Object *object,
1.54 + PKIX_PL_Object **pNewObject,
1.55 + void *plContext)
1.56 +{
1.57 + PKIX_CertChainChecker *checker = NULL;
1.58 + PKIX_CertChainChecker *checkerDuplicate = NULL;
1.59 + PKIX_List *extensionsDuplicate = NULL;
1.60 + PKIX_PL_Object *stateDuplicate = NULL;
1.61 +
1.62 + PKIX_ENTER(CERTCHAINCHECKER, "pkix_CertChainChecker_Duplicate");
1.63 + PKIX_NULLCHECK_TWO(object, pNewObject);
1.64 +
1.65 + PKIX_CHECK(pkix_CheckType
1.66 + (object, PKIX_CERTCHAINCHECKER_TYPE, plContext),
1.67 + PKIX_OBJECTNOTCERTCHAINCHECKER);
1.68 +
1.69 + checker = (PKIX_CertChainChecker *)object;
1.70 +
1.71 + if (checker->extensions){
1.72 + PKIX_CHECK(PKIX_PL_Object_Duplicate
1.73 + ((PKIX_PL_Object *)checker->extensions,
1.74 + (PKIX_PL_Object **)&extensionsDuplicate,
1.75 + plContext),
1.76 + PKIX_OBJECTDUPLICATEFAILED);
1.77 + }
1.78 +
1.79 + if (checker->state){
1.80 + PKIX_CHECK(PKIX_PL_Object_Duplicate
1.81 + ((PKIX_PL_Object *)checker->state,
1.82 + (PKIX_PL_Object **)&stateDuplicate,
1.83 + plContext),
1.84 + PKIX_OBJECTDUPLICATEFAILED);
1.85 + }
1.86 +
1.87 + PKIX_CHECK(PKIX_CertChainChecker_Create
1.88 + (checker->checkCallback,
1.89 + checker->forwardChecking,
1.90 + checker->isForwardDirectionExpected,
1.91 + extensionsDuplicate,
1.92 + stateDuplicate,
1.93 + &checkerDuplicate,
1.94 + plContext),
1.95 + PKIX_CERTCHAINCHECKERCREATEFAILED);
1.96 +
1.97 + *pNewObject = (PKIX_PL_Object *)checkerDuplicate;
1.98 +
1.99 +cleanup:
1.100 +
1.101 + PKIX_DECREF(extensionsDuplicate);
1.102 + PKIX_DECREF(stateDuplicate);
1.103 +
1.104 + PKIX_RETURN(CERTCHAINCHECKER);
1.105 +}
1.106 +
1.107 +/*
1.108 + * FUNCTION: pkix_CertChainChecker_RegisterSelf
1.109 + * DESCRIPTION:
1.110 + * Registers PKIX_CERTCHAINCHECKER_TYPE and its related functions with
1.111 + * systemClasses[]
1.112 + * THREAD SAFETY:
1.113 + * Not Thread Safe - for performance and complexity reasons
1.114 + *
1.115 + * Since this function is only called by PKIX_PL_Initialize, which should
1.116 + * only be called once, it is acceptable that this function is not
1.117 + * thread-safe.
1.118 + */
1.119 +PKIX_Error *
1.120 +pkix_CertChainChecker_RegisterSelf(void *plContext)
1.121 +{
1.122 + extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
1.123 + pkix_ClassTable_Entry entry;
1.124 +
1.125 + PKIX_ENTER(CERTCHAINCHECKER, "pkix_CertChainChecker_RegisterSelf");
1.126 +
1.127 + entry.description = "CertChainChecker";
1.128 + entry.objCounter = 0;
1.129 + entry.typeObjectSize = sizeof(PKIX_CertChainChecker);
1.130 + entry.destructor = pkix_CertChainChecker_Destroy;
1.131 + entry.equalsFunction = NULL;
1.132 + entry.hashcodeFunction = NULL;
1.133 + entry.toStringFunction = NULL;
1.134 + entry.comparator = NULL;
1.135 + entry.duplicateFunction = pkix_CertChainChecker_Duplicate;
1.136 +
1.137 + systemClasses[PKIX_CERTCHAINCHECKER_TYPE] = entry;
1.138 +
1.139 + PKIX_RETURN(CERTCHAINCHECKER);
1.140 +}
1.141 +
1.142 +/* --Public-Functions--------------------------------------------- */
1.143 +
1.144 +
1.145 +/*
1.146 + * FUNCTION: PKIX_CertChainChecker_Create (see comments in pkix_checker.h)
1.147 + */
1.148 +PKIX_Error *
1.149 +PKIX_CertChainChecker_Create(
1.150 + PKIX_CertChainChecker_CheckCallback callback,
1.151 + PKIX_Boolean forwardCheckingSupported,
1.152 + PKIX_Boolean isForwardDirectionExpected,
1.153 + PKIX_List *list, /* list of PKIX_PL_OID */
1.154 + PKIX_PL_Object *initialState,
1.155 + PKIX_CertChainChecker **pChecker,
1.156 + void *plContext)
1.157 +{
1.158 + PKIX_CertChainChecker *checker = NULL;
1.159 +
1.160 + PKIX_ENTER(CERTCHAINCHECKER, "PKIX_CertChainChecker_Create");
1.161 + PKIX_NULLCHECK_ONE(pChecker);
1.162 +
1.163 + PKIX_CHECK(PKIX_PL_Object_Alloc
1.164 + (PKIX_CERTCHAINCHECKER_TYPE,
1.165 + sizeof (PKIX_CertChainChecker),
1.166 + (PKIX_PL_Object **)&checker,
1.167 + plContext),
1.168 + PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT);
1.169 +
1.170 + /* initialize fields */
1.171 + checker->checkCallback = callback;
1.172 + checker->forwardChecking = forwardCheckingSupported;
1.173 + checker->isForwardDirectionExpected = isForwardDirectionExpected;
1.174 +
1.175 + PKIX_INCREF(list);
1.176 + checker->extensions = list;
1.177 +
1.178 + PKIX_INCREF(initialState);
1.179 + checker->state = initialState;
1.180 +
1.181 + *pChecker = checker;
1.182 + checker = NULL;
1.183 +cleanup:
1.184 +
1.185 + PKIX_DECREF(checker);
1.186 +
1.187 + PKIX_RETURN(CERTCHAINCHECKER);
1.188 +
1.189 +}
1.190 +
1.191 +/*
1.192 + * FUNCTION: PKIX_CertChainChecker_GetCheckCallback
1.193 + * (see comments in pkix_checker.h)
1.194 + */
1.195 +PKIX_Error *
1.196 +PKIX_CertChainChecker_GetCheckCallback(
1.197 + PKIX_CertChainChecker *checker,
1.198 + PKIX_CertChainChecker_CheckCallback *pCallback,
1.199 + void *plContext)
1.200 +{
1.201 + PKIX_ENTER(CERTCHAINCHECKER, "PKIX_CertChainChecker_GetCheckCallback");
1.202 + PKIX_NULLCHECK_TWO(checker, pCallback);
1.203 +
1.204 + *pCallback = checker->checkCallback;
1.205 +
1.206 + PKIX_RETURN(CERTCHAINCHECKER);
1.207 +}
1.208 +
1.209 +/*
1.210 + * FUNCTION: PKIX_CertChainChecker_IsForwardCheckingSupported
1.211 + * (see comments in pkix_checker.h)
1.212 + */
1.213 +PKIX_Error *
1.214 +PKIX_CertChainChecker_IsForwardCheckingSupported(
1.215 + PKIX_CertChainChecker *checker,
1.216 + PKIX_Boolean *pForwardCheckingSupported,
1.217 + void *plContext)
1.218 +{
1.219 + PKIX_ENTER
1.220 + (CERTCHAINCHECKER,
1.221 + "PKIX_CertChainChecker_IsForwardCheckingSupported");
1.222 + PKIX_NULLCHECK_TWO(checker, pForwardCheckingSupported);
1.223 +
1.224 + *pForwardCheckingSupported = checker->forwardChecking;
1.225 +
1.226 + PKIX_RETURN(CERTCHAINCHECKER);
1.227 +}
1.228 +
1.229 +/*
1.230 + * FUNCTION: PKIX_CertChainChecker_IsForwardDirectionExpected
1.231 + * (see comments in pkix_checker.h)
1.232 + */
1.233 +PKIX_Error *
1.234 +PKIX_CertChainChecker_IsForwardDirectionExpected(
1.235 + PKIX_CertChainChecker *checker,
1.236 + PKIX_Boolean *pForwardDirectionExpected,
1.237 + void *plContext)
1.238 +{
1.239 + PKIX_ENTER
1.240 + (CERTCHAINCHECKER,
1.241 + "PKIX_CertChainChecker_IsForwardDirectionExpected");
1.242 + PKIX_NULLCHECK_TWO(checker, pForwardDirectionExpected);
1.243 +
1.244 + *pForwardDirectionExpected = checker->isForwardDirectionExpected;
1.245 +
1.246 + PKIX_RETURN(CERTCHAINCHECKER);
1.247 +}
1.248 +
1.249 +/*
1.250 + * FUNCTION: PKIX_CertChainChecker_GetCertChainCheckerState
1.251 + * (see comments in pkix_checker.h)
1.252 + */
1.253 +PKIX_Error *
1.254 +PKIX_CertChainChecker_GetCertChainCheckerState(
1.255 + PKIX_CertChainChecker *checker,
1.256 + PKIX_PL_Object **pCertChainCheckerState,
1.257 + void *plContext)
1.258 +{
1.259 + PKIX_ENTER(CERTCHAINCHECKER,
1.260 + "PKIX_CertChainChecker_GetCertChainCheckerState");
1.261 +
1.262 + PKIX_NULLCHECK_TWO(checker, pCertChainCheckerState);
1.263 +
1.264 + PKIX_INCREF(checker->state);
1.265 +
1.266 + *pCertChainCheckerState = checker->state;
1.267 +
1.268 +cleanup:
1.269 + PKIX_RETURN(CERTCHAINCHECKER);
1.270 +
1.271 +}
1.272 +
1.273 +/*
1.274 + * FUNCTION: PKIX_CertChainChecker_SetCertChainCheckerState
1.275 + * (see comments in pkix_checker.h)
1.276 + */
1.277 +PKIX_Error *
1.278 +PKIX_CertChainChecker_SetCertChainCheckerState(
1.279 + PKIX_CertChainChecker *checker,
1.280 + PKIX_PL_Object *certChainCheckerState,
1.281 + void *plContext)
1.282 +{
1.283 + PKIX_ENTER(CERTCHAINCHECKER,
1.284 + "PKIX_CertChainChecker_SetCertChainCheckerState");
1.285 +
1.286 + PKIX_NULLCHECK_ONE(checker);
1.287 +
1.288 + /* DecRef old contents */
1.289 + PKIX_DECREF(checker->state);
1.290 +
1.291 + PKIX_INCREF(certChainCheckerState);
1.292 + checker->state = certChainCheckerState;
1.293 +
1.294 + PKIX_CHECK(PKIX_PL_Object_InvalidateCache
1.295 + ((PKIX_PL_Object *)checker, plContext),
1.296 + PKIX_OBJECTINVALIDATECACHEFAILED);
1.297 +
1.298 +cleanup:
1.299 +
1.300 + PKIX_RETURN(CERTCHAINCHECKER);
1.301 +}
1.302 +
1.303 +/*
1.304 + * FUNCTION: PKIX_CertChainChecker_GetSupportedExtensions
1.305 + * (see comments in pkix_checker.h)
1.306 + */
1.307 +PKIX_Error *
1.308 +PKIX_CertChainChecker_GetSupportedExtensions(
1.309 + PKIX_CertChainChecker *checker,
1.310 + PKIX_List **pExtensions, /* list of PKIX_PL_OID */
1.311 + void *plContext)
1.312 +{
1.313 + PKIX_ENTER(CERTCHAINCHECKER,
1.314 + "PKIX_CertChainChecker_GetSupportedExtensions");
1.315 +
1.316 + PKIX_NULLCHECK_TWO(checker, pExtensions);
1.317 +
1.318 + PKIX_INCREF(checker->extensions);
1.319 +
1.320 + *pExtensions = checker->extensions;
1.321 +
1.322 +cleanup:
1.323 + PKIX_RETURN(CERTCHAINCHECKER);
1.324 +
1.325 +}
