security/nss/lib/libpkix/pkix/checker/pkix_certchainchecker.c@b8a032363ba2
security/nss/lib/libpkix/pkix/checker/pkix_certchainchecker.c
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rwxr-xr-x
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 /*
5 * pkix_certchainchecker.c
6 *
7 * CertChainChecker Object Functions
8 *
9 */
11 #include "pkix_certchainchecker.h"
13 /* --Private-Functions-------------------------------------------- */
15 /*
16 * FUNCTION: pkix_CertChainChecker_Destroy
17 * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
18 */
19 static PKIX_Error *
20 pkix_CertChainChecker_Destroy(
21 PKIX_PL_Object *object,
22 void *plContext)
23 {
24 PKIX_CertChainChecker *checker = NULL;
26 PKIX_ENTER(CERTCHAINCHECKER, "pkix_CertChainChecker_Destroy");
27 PKIX_NULLCHECK_ONE(object);
29 /* Check that this object is a cert chain checker */
30 PKIX_CHECK(pkix_CheckType
31 (object, PKIX_CERTCHAINCHECKER_TYPE, plContext),
32 PKIX_OBJECTNOTCERTCHAINCHECKER);
34 checker = (PKIX_CertChainChecker *)object;
36 PKIX_DECREF(checker->extensions);
37 PKIX_DECREF(checker->state);
39 cleanup:
41 PKIX_RETURN(CERTCHAINCHECKER);
42 }
44 /*
45 * FUNCTION: pkix_CertChainChecker_Duplicate
46 * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
47 */
48 static PKIX_Error *
49 pkix_CertChainChecker_Duplicate(
50 PKIX_PL_Object *object,
51 PKIX_PL_Object **pNewObject,
52 void *plContext)
53 {
54 PKIX_CertChainChecker *checker = NULL;
55 PKIX_CertChainChecker *checkerDuplicate = NULL;
56 PKIX_List *extensionsDuplicate = NULL;
57 PKIX_PL_Object *stateDuplicate = NULL;
59 PKIX_ENTER(CERTCHAINCHECKER, "pkix_CertChainChecker_Duplicate");
60 PKIX_NULLCHECK_TWO(object, pNewObject);
62 PKIX_CHECK(pkix_CheckType
63 (object, PKIX_CERTCHAINCHECKER_TYPE, plContext),
64 PKIX_OBJECTNOTCERTCHAINCHECKER);
66 checker = (PKIX_CertChainChecker *)object;
68 if (checker->extensions){
69 PKIX_CHECK(PKIX_PL_Object_Duplicate
70 ((PKIX_PL_Object *)checker->extensions,
71 (PKIX_PL_Object **)&extensionsDuplicate,
72 plContext),
73 PKIX_OBJECTDUPLICATEFAILED);
74 }
76 if (checker->state){
77 PKIX_CHECK(PKIX_PL_Object_Duplicate
78 ((PKIX_PL_Object *)checker->state,
79 (PKIX_PL_Object **)&stateDuplicate,
80 plContext),
81 PKIX_OBJECTDUPLICATEFAILED);
82 }
84 PKIX_CHECK(PKIX_CertChainChecker_Create
85 (checker->checkCallback,
86 checker->forwardChecking,
87 checker->isForwardDirectionExpected,
88 extensionsDuplicate,
89 stateDuplicate,
90 &checkerDuplicate,
91 plContext),
92 PKIX_CERTCHAINCHECKERCREATEFAILED);
94 *pNewObject = (PKIX_PL_Object *)checkerDuplicate;
96 cleanup:
98 PKIX_DECREF(extensionsDuplicate);
99 PKIX_DECREF(stateDuplicate);
101 PKIX_RETURN(CERTCHAINCHECKER);
102 }
104 /*
105 * FUNCTION: pkix_CertChainChecker_RegisterSelf
106 * DESCRIPTION:
107 * Registers PKIX_CERTCHAINCHECKER_TYPE and its related functions with
108 * systemClasses[]
109 * THREAD SAFETY:
110 * Not Thread Safe - for performance and complexity reasons
111 *
112 * Since this function is only called by PKIX_PL_Initialize, which should
113 * only be called once, it is acceptable that this function is not
114 * thread-safe.
115 */
116 PKIX_Error *
117 pkix_CertChainChecker_RegisterSelf(void *plContext)
118 {
119 extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
120 pkix_ClassTable_Entry entry;
122 PKIX_ENTER(CERTCHAINCHECKER, "pkix_CertChainChecker_RegisterSelf");
124 entry.description = "CertChainChecker";
125 entry.objCounter = 0;
126 entry.typeObjectSize = sizeof(PKIX_CertChainChecker);
127 entry.destructor = pkix_CertChainChecker_Destroy;
128 entry.equalsFunction = NULL;
129 entry.hashcodeFunction = NULL;
130 entry.toStringFunction = NULL;
131 entry.comparator = NULL;
132 entry.duplicateFunction = pkix_CertChainChecker_Duplicate;
134 systemClasses[PKIX_CERTCHAINCHECKER_TYPE] = entry;
136 PKIX_RETURN(CERTCHAINCHECKER);
137 }
139 /* --Public-Functions--------------------------------------------- */
142 /*
143 * FUNCTION: PKIX_CertChainChecker_Create (see comments in pkix_checker.h)
144 */
145 PKIX_Error *
146 PKIX_CertChainChecker_Create(
147 PKIX_CertChainChecker_CheckCallback callback,
148 PKIX_Boolean forwardCheckingSupported,
149 PKIX_Boolean isForwardDirectionExpected,
150 PKIX_List *list, /* list of PKIX_PL_OID */
151 PKIX_PL_Object *initialState,
152 PKIX_CertChainChecker **pChecker,
153 void *plContext)
154 {
155 PKIX_CertChainChecker *checker = NULL;
157 PKIX_ENTER(CERTCHAINCHECKER, "PKIX_CertChainChecker_Create");
158 PKIX_NULLCHECK_ONE(pChecker);
160 PKIX_CHECK(PKIX_PL_Object_Alloc
161 (PKIX_CERTCHAINCHECKER_TYPE,
162 sizeof (PKIX_CertChainChecker),
163 (PKIX_PL_Object **)&checker,
164 plContext),
165 PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT);
167 /* initialize fields */
168 checker->checkCallback = callback;
169 checker->forwardChecking = forwardCheckingSupported;
170 checker->isForwardDirectionExpected = isForwardDirectionExpected;
172 PKIX_INCREF(list);
173 checker->extensions = list;
175 PKIX_INCREF(initialState);
176 checker->state = initialState;
178 *pChecker = checker;
179 checker = NULL;
180 cleanup:
182 PKIX_DECREF(checker);
184 PKIX_RETURN(CERTCHAINCHECKER);
186 }
188 /*
189 * FUNCTION: PKIX_CertChainChecker_GetCheckCallback
190 * (see comments in pkix_checker.h)
191 */
192 PKIX_Error *
193 PKIX_CertChainChecker_GetCheckCallback(
194 PKIX_CertChainChecker *checker,
195 PKIX_CertChainChecker_CheckCallback *pCallback,
196 void *plContext)
197 {
198 PKIX_ENTER(CERTCHAINCHECKER, "PKIX_CertChainChecker_GetCheckCallback");
199 PKIX_NULLCHECK_TWO(checker, pCallback);
201 *pCallback = checker->checkCallback;
203 PKIX_RETURN(CERTCHAINCHECKER);
204 }
206 /*
207 * FUNCTION: PKIX_CertChainChecker_IsForwardCheckingSupported
208 * (see comments in pkix_checker.h)
209 */
210 PKIX_Error *
211 PKIX_CertChainChecker_IsForwardCheckingSupported(
212 PKIX_CertChainChecker *checker,
213 PKIX_Boolean *pForwardCheckingSupported,
214 void *plContext)
215 {
216 PKIX_ENTER
217 (CERTCHAINCHECKER,
218 "PKIX_CertChainChecker_IsForwardCheckingSupported");
219 PKIX_NULLCHECK_TWO(checker, pForwardCheckingSupported);
221 *pForwardCheckingSupported = checker->forwardChecking;
223 PKIX_RETURN(CERTCHAINCHECKER);
224 }
226 /*
227 * FUNCTION: PKIX_CertChainChecker_IsForwardDirectionExpected
228 * (see comments in pkix_checker.h)
229 */
230 PKIX_Error *
231 PKIX_CertChainChecker_IsForwardDirectionExpected(
232 PKIX_CertChainChecker *checker,
233 PKIX_Boolean *pForwardDirectionExpected,
234 void *plContext)
235 {
236 PKIX_ENTER
237 (CERTCHAINCHECKER,
238 "PKIX_CertChainChecker_IsForwardDirectionExpected");
239 PKIX_NULLCHECK_TWO(checker, pForwardDirectionExpected);
241 *pForwardDirectionExpected = checker->isForwardDirectionExpected;
243 PKIX_RETURN(CERTCHAINCHECKER);
244 }
246 /*
247 * FUNCTION: PKIX_CertChainChecker_GetCertChainCheckerState
248 * (see comments in pkix_checker.h)
249 */
250 PKIX_Error *
251 PKIX_CertChainChecker_GetCertChainCheckerState(
252 PKIX_CertChainChecker *checker,
253 PKIX_PL_Object **pCertChainCheckerState,
254 void *plContext)
255 {
256 PKIX_ENTER(CERTCHAINCHECKER,
257 "PKIX_CertChainChecker_GetCertChainCheckerState");
259 PKIX_NULLCHECK_TWO(checker, pCertChainCheckerState);
261 PKIX_INCREF(checker->state);
263 *pCertChainCheckerState = checker->state;
265 cleanup:
266 PKIX_RETURN(CERTCHAINCHECKER);
268 }
270 /*
271 * FUNCTION: PKIX_CertChainChecker_SetCertChainCheckerState
272 * (see comments in pkix_checker.h)
273 */
274 PKIX_Error *
275 PKIX_CertChainChecker_SetCertChainCheckerState(
276 PKIX_CertChainChecker *checker,
277 PKIX_PL_Object *certChainCheckerState,
278 void *plContext)
279 {
280 PKIX_ENTER(CERTCHAINCHECKER,
281 "PKIX_CertChainChecker_SetCertChainCheckerState");
283 PKIX_NULLCHECK_ONE(checker);
285 /* DecRef old contents */
286 PKIX_DECREF(checker->state);
288 PKIX_INCREF(certChainCheckerState);
289 checker->state = certChainCheckerState;
291 PKIX_CHECK(PKIX_PL_Object_InvalidateCache
292 ((PKIX_PL_Object *)checker, plContext),
293 PKIX_OBJECTINVALIDATECACHEFAILED);
295 cleanup:
297 PKIX_RETURN(CERTCHAINCHECKER);
298 }
300 /*
301 * FUNCTION: PKIX_CertChainChecker_GetSupportedExtensions
302 * (see comments in pkix_checker.h)
303 */
304 PKIX_Error *
305 PKIX_CertChainChecker_GetSupportedExtensions(
306 PKIX_CertChainChecker *checker,
307 PKIX_List **pExtensions, /* list of PKIX_PL_OID */
308 void *plContext)
309 {
310 PKIX_ENTER(CERTCHAINCHECKER,
311 "PKIX_CertChainChecker_GetSupportedExtensions");
313 PKIX_NULLCHECK_TWO(checker, pExtensions);
315 PKIX_INCREF(checker->extensions);
317 *pExtensions = checker->extensions;
319 cleanup:
320 PKIX_RETURN(CERTCHAINCHECKER);
322 }
