mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
404 lines
13 KiB
C
404 lines
13 KiB
C
/* ***** BEGIN LICENSE BLOCK *****
|
|
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
|
*
|
|
* The contents of this file are subject to the Mozilla Public License Version
|
|
* 1.1 (the "License"); you may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
* http://www.mozilla.org/MPL/
|
|
*
|
|
* Software distributed under the License is distributed on an "AS IS" basis,
|
|
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
* for the specific language governing rights and limitations under the
|
|
* License.
|
|
*
|
|
* The Original Code is the PKIX-C library.
|
|
*
|
|
* The Initial Developer of the Original Code is
|
|
* Sun Microsystems, Inc.
|
|
* Portions created by the Initial Developer are
|
|
* Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
|
|
*
|
|
* Contributor(s):
|
|
* Sun Microsystems, Inc.
|
|
*
|
|
* Alternatively, the contents of this file may be used under the terms of
|
|
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
|
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
|
* in which case the provisions of the GPL or the LGPL are applicable instead
|
|
* of those above. If you wish to allow use of your version of this file only
|
|
* under the terms of either the GPL or the LGPL, and not to allow others to
|
|
* use your version of this file under the terms of the MPL, indicate your
|
|
* decision by deleting the provisions above and replace them with the notice
|
|
* and other provisions required by the GPL or the LGPL. If you do not delete
|
|
* the provisions above, a recipient may use your version of this file under
|
|
* the terms of any one of the MPL, the GPL or the LGPL.
|
|
*
|
|
* ***** END LICENSE BLOCK ***** */
|
|
/*
|
|
* pkix_defaultrevchecker.c
|
|
*
|
|
* Functions for default Revocation Checker
|
|
*
|
|
*/
|
|
|
|
#include "pkix_defaultrevchecker.h"
|
|
|
|
/* --Private-DefaultRevChecker-Functions------------------------------- */
|
|
|
|
/*
|
|
* FUNCTION: pkix_DefaultRevChecker_Destroy
|
|
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
|
|
*/
|
|
static PKIX_Error *
|
|
pkix_DefaultRevChecker_Destroy(
|
|
PKIX_PL_Object *object,
|
|
void *plContext)
|
|
{
|
|
PKIX_DefaultRevocationChecker *revChecker = NULL;
|
|
|
|
PKIX_ENTER(DEFAULTREVOCATIONCHECKER,
|
|
"pkix_DefaultRevChecker_Destroy");
|
|
PKIX_NULLCHECK_ONE(object);
|
|
|
|
/* Check that this object is a DefaultRevocationChecker */
|
|
PKIX_CHECK(pkix_CheckType
|
|
(object, PKIX_DEFAULTREVOCATIONCHECKER_TYPE, plContext),
|
|
PKIX_OBJECTNOTDEFAULTREVOCATIONCHECKER);
|
|
|
|
revChecker = (PKIX_DefaultRevocationChecker *)object;
|
|
|
|
PKIX_DECREF(revChecker->certChainChecker);
|
|
PKIX_DECREF(revChecker->certStores);
|
|
PKIX_DECREF(revChecker->testDate);
|
|
PKIX_DECREF(revChecker->trustedPubKey);
|
|
|
|
cleanup:
|
|
|
|
PKIX_RETURN(DEFAULTREVOCATIONCHECKER);
|
|
}
|
|
|
|
/*
|
|
* FUNCTION: pkix_DefaultRevocationChecker_RegisterSelf
|
|
*
|
|
* DESCRIPTION:
|
|
* Registers PKIX_DEFAULTREVOCATIONCHECKER_TYPE and its related functions
|
|
* with systemClasses[]
|
|
*
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
*
|
|
* Since this function is only called by PKIX_PL_Initialize, which should
|
|
* only be called once, it is acceptable that this function is not
|
|
* thread-safe.
|
|
*/
|
|
PKIX_Error *
|
|
pkix_DefaultRevocationChecker_RegisterSelf(void *plContext)
|
|
{
|
|
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
|
|
pkix_ClassTable_Entry entry;
|
|
|
|
PKIX_ENTER(DEFAULTREVOCATIONCHECKER,
|
|
"pkix_DefaultRevocationChecker_RegisterSelf");
|
|
|
|
entry.description = "DefaultRevocationChecker";
|
|
entry.objCounter = 0;
|
|
entry.typeObjectSize = sizeof(PKIX_DefaultRevocationChecker);
|
|
entry.destructor = pkix_DefaultRevChecker_Destroy;
|
|
entry.equalsFunction = NULL;
|
|
entry.hashcodeFunction = NULL;
|
|
entry.toStringFunction = NULL;
|
|
entry.comparator = NULL;
|
|
entry.duplicateFunction = NULL;
|
|
|
|
systemClasses[PKIX_DEFAULTREVOCATIONCHECKER_TYPE] = entry;
|
|
|
|
PKIX_RETURN(DEFAULTREVOCATIONCHECKER);
|
|
}
|
|
|
|
/*
|
|
* FUNCTION: pkix_DefaultRevChecker_Create
|
|
*
|
|
* DESCRIPTION:
|
|
* This function uses the List of certStores given by "certStores", the Date
|
|
* given by "testDate", the PublicKey given by "trustedPubKey", and the number
|
|
* of certs remaining in the chain given by "certsRemaining" to create a
|
|
* DefaultRevocationChecker, which is stored at "pRevChecker".
|
|
*
|
|
* PARAMETERS
|
|
* "certStores"
|
|
* Address of CertStore List to be stored in state. Must be non-NULL.
|
|
* "testDate"
|
|
* Address of PKIX_PL_Date to be checked. May be NULL.
|
|
* "trustedPubKey"
|
|
* Address of Public Key of Trust Anchor. Must be non-NULL.
|
|
* "certsRemaining"
|
|
* Number of certificates remaining in the chain.
|
|
* "pRevChecker"
|
|
* Address of DefaultRevocationChecker that is returned. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
*
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
*
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a DefaultRevocationChecker Error if the function fails in a
|
|
* non-fatal way.
|
|
* Returns a Fatal Error
|
|
*/
|
|
static PKIX_Error *
|
|
pkix_DefaultRevChecker_Create(
|
|
PKIX_List *certStores,
|
|
PKIX_PL_Date *testDate,
|
|
PKIX_PL_PublicKey *trustedPubKey,
|
|
PKIX_UInt32 certsRemaining,
|
|
PKIX_DefaultRevocationChecker **pRevChecker,
|
|
void *plContext)
|
|
{
|
|
PKIX_DefaultRevocationChecker *revChecker = NULL;
|
|
|
|
PKIX_ENTER(DEFAULTREVOCATIONCHECKER, "pkix_DefaultRevChecker_Create");
|
|
PKIX_NULLCHECK_THREE(certStores, trustedPubKey, pRevChecker);
|
|
|
|
PKIX_CHECK(PKIX_PL_Object_Alloc
|
|
(PKIX_DEFAULTREVOCATIONCHECKER_TYPE,
|
|
sizeof (PKIX_DefaultRevocationChecker),
|
|
(PKIX_PL_Object **)&revChecker,
|
|
plContext),
|
|
PKIX_COULDNOTCREATEDEFAULTREVOCATIONCHECKEROBJECT);
|
|
|
|
/* Initialize fields */
|
|
|
|
revChecker->certChainChecker = NULL;
|
|
revChecker->check = NULL;
|
|
|
|
PKIX_INCREF(certStores);
|
|
revChecker->certStores = certStores;
|
|
|
|
PKIX_INCREF(testDate);
|
|
revChecker->testDate = testDate;
|
|
|
|
PKIX_INCREF(trustedPubKey);
|
|
revChecker->trustedPubKey = trustedPubKey;
|
|
|
|
revChecker->certsRemaining = certsRemaining;
|
|
|
|
*pRevChecker = revChecker;
|
|
revChecker = NULL;
|
|
|
|
cleanup:
|
|
|
|
PKIX_DECREF(revChecker);
|
|
|
|
PKIX_RETURN(DEFAULTREVOCATIONCHECKER);
|
|
}
|
|
|
|
/* --Private-DefaultRevChecker-Functions------------------------------------ */
|
|
|
|
/*
|
|
* FUNCTION: pkix_DefaultRevChecker_Check
|
|
*
|
|
* DESCRIPTION:
|
|
* Check if the Cert has been revoked based on the CRLs data. This function
|
|
* maintains the checker state to be current.
|
|
*
|
|
* PARAMETERS
|
|
* "checkerContext"
|
|
* Address of RevocationCheckerContext which has the state data.
|
|
* Must be non-NULL.
|
|
* "cert"
|
|
* Address of Certificate that is to be validated. Must be non-NULL.
|
|
* "procParams"
|
|
* Address of ProcessingParams used to initialize the ExpirationChecker
|
|
* and TargetCertChecker. Must be non-NULL.
|
|
* "pNBIOContext"
|
|
* Address at which platform-dependent non-blocking I/O context is stored.
|
|
* Must be non-NULL.
|
|
* "pResultCode"
|
|
* Address where revocation status will be stored. Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
*
|
|
* THREAD SAFETY:
|
|
* Not Thread Safe
|
|
* (see Thread Safety Definitions in Programmer's Guide)
|
|
*
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a RevocationChecker Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error
|
|
*/
|
|
static PKIX_Error *
|
|
pkix_DefaultRevChecker_Check(
|
|
PKIX_PL_Object *checkerContext,
|
|
PKIX_PL_Cert *cert,
|
|
PKIX_ProcessingParams *procParams,
|
|
void **pNBIOContext,
|
|
PKIX_UInt32 *pReasonCode,
|
|
void *plContext)
|
|
{
|
|
PKIX_DefaultRevocationChecker *defaultRevChecker = NULL;
|
|
PKIX_CertChainChecker *crlChecker = NULL;
|
|
PKIX_PL_Object *crlCheckerState = NULL;
|
|
PKIX_CertChainChecker_CheckCallback check = NULL;
|
|
void *nbioContext = NULL;
|
|
|
|
PKIX_ENTER(REVOCATIONCHECKER, "pkix_DefaultRevChecker_Check");
|
|
PKIX_NULLCHECK_FOUR(checkerContext, cert, pNBIOContext, pReasonCode);
|
|
|
|
/* Check that this object is a DefaultRevocationChecker */
|
|
PKIX_CHECK(pkix_CheckType
|
|
((PKIX_PL_Object *)checkerContext,
|
|
PKIX_DEFAULTREVOCATIONCHECKER_TYPE,
|
|
plContext),
|
|
PKIX_OBJECTNOTDEFAULTREVOCATIONCHECKER);
|
|
|
|
defaultRevChecker = (PKIX_DefaultRevocationChecker *)checkerContext;
|
|
|
|
nbioContext = *pNBIOContext;
|
|
*pNBIOContext = 0;
|
|
*pReasonCode = 0;
|
|
|
|
/*
|
|
* If we haven't yet created a defaultCrlChecker to do the actual work,
|
|
* create one now.
|
|
*/
|
|
if (defaultRevChecker->certChainChecker == NULL) {
|
|
PKIX_Boolean nistCRLPolicyEnabled = PR_TRUE;
|
|
if (procParams) {
|
|
PKIX_CHECK(
|
|
pkix_ProcessingParams_GetNISTRevocationPolicyEnabled
|
|
(procParams, &nistCRLPolicyEnabled, plContext),
|
|
PKIX_PROCESSINGPARAMSGETNISTREVPOLICYENABLEDFAILED);
|
|
}
|
|
|
|
PKIX_CHECK(pkix_DefaultCRLChecker_Initialize
|
|
(defaultRevChecker->certStores,
|
|
defaultRevChecker->testDate,
|
|
defaultRevChecker->trustedPubKey,
|
|
defaultRevChecker->certsRemaining,
|
|
nistCRLPolicyEnabled,
|
|
&crlChecker,
|
|
plContext),
|
|
PKIX_DEFAULTCRLCHECKERINITIALIZEFAILED);
|
|
|
|
PKIX_CHECK(PKIX_CertChainChecker_GetCheckCallback
|
|
(crlChecker, &check, plContext),
|
|
PKIX_CERTCHAINCHECKERGETCHECKCALLBACKFAILED);
|
|
|
|
defaultRevChecker->certChainChecker = crlChecker;
|
|
defaultRevChecker->check = check;
|
|
}
|
|
|
|
/*
|
|
* The defaultCRLChecker, which we are using, wants a CRLSelector
|
|
* (in its state) to select the Issuer of the target Cert.
|
|
*/
|
|
PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
|
|
(defaultRevChecker->certChainChecker,
|
|
&crlCheckerState,
|
|
plContext),
|
|
PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
|
|
|
|
PKIX_CHECK(pkix_CheckType
|
|
(crlCheckerState, PKIX_DEFAULTCRLCHECKERSTATE_TYPE, plContext),
|
|
PKIX_OBJECTNOTDEFAULTCRLCHECKERSTATE);
|
|
|
|
/* Set up CRLSelector */
|
|
PKIX_CHECK(pkix_DefaultCRLChecker_Check_SetSelector
|
|
(cert,
|
|
(pkix_DefaultCRLCheckerState *)crlCheckerState,
|
|
plContext),
|
|
PKIX_DEFAULTCRLCHECKERCHECKSETSELECTORFAILED);
|
|
|
|
PKIX_CHECK
|
|
(PKIX_CertChainChecker_SetCertChainCheckerState
|
|
(defaultRevChecker->certChainChecker,
|
|
crlCheckerState,
|
|
plContext),
|
|
PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
|
|
|
|
PKIX_CHECK(defaultRevChecker->check
|
|
(defaultRevChecker->certChainChecker,
|
|
cert,
|
|
NULL,
|
|
&nbioContext,
|
|
plContext),
|
|
PKIX_CERTCHAINCHECKERCHECKCALLBACKFAILED);
|
|
|
|
*pNBIOContext = nbioContext;
|
|
|
|
cleanup:
|
|
|
|
PKIX_DECREF(crlCheckerState);
|
|
|
|
PKIX_RETURN(REVOCATIONCHECKER);
|
|
}
|
|
|
|
/*
|
|
* FUNCTION: pkix_DefaultRevChecker_Initialize
|
|
*
|
|
* DESCRIPTION:
|
|
* Create a CertChainChecker with DefaultRevChecker.
|
|
*
|
|
* PARAMETERS
|
|
* "certStores"
|
|
* Address of CertStore List to be stored in state. Must be non-NULL.
|
|
* "testDate"
|
|
* Address of PKIX_PL_Date to be checked. May be NULL.
|
|
* "trustedPubKey"
|
|
* Address of Public Key of Trust Anchor. Must be non-NULL.
|
|
* "certsRemaining"
|
|
* Number of certificates remaining in the chain.
|
|
* "pChecker"
|
|
* Address where object pointer will be stored. Must be non-NULL.
|
|
* Must be non-NULL.
|
|
* "plContext"
|
|
* Platform-specific context pointer.
|
|
*
|
|
* THREAD SAFETY:
|
|
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
|
|
*
|
|
* RETURNS:
|
|
* Returns NULL if the function succeeds.
|
|
* Returns a CertChainChecker Error if the function fails in a non-fatal way.
|
|
* Returns a Fatal Error
|
|
*/
|
|
PKIX_Error *
|
|
pkix_DefaultRevChecker_Initialize(
|
|
PKIX_List *certStores,
|
|
PKIX_PL_Date *testDate,
|
|
PKIX_PL_PublicKey *trustedPubKey,
|
|
PKIX_UInt32 certsRemaining,
|
|
PKIX_RevocationChecker **pChecker,
|
|
void *plContext)
|
|
{
|
|
PKIX_DefaultRevocationChecker *revChecker = NULL;
|
|
|
|
PKIX_ENTER(REVOCATIONCHECKER, "pkix_DefaultRevChecker_Initialize");
|
|
PKIX_NULLCHECK_TWO(certStores, pChecker);
|
|
|
|
PKIX_CHECK(pkix_DefaultRevChecker_Create
|
|
(certStores,
|
|
testDate,
|
|
trustedPubKey,
|
|
certsRemaining,
|
|
&revChecker,
|
|
plContext),
|
|
PKIX_DEFAULTREVCHECKERCREATEFAILED);
|
|
|
|
PKIX_CHECK(PKIX_RevocationChecker_Create
|
|
(pkix_DefaultRevChecker_Check,
|
|
(PKIX_PL_Object *)revChecker,
|
|
pChecker,
|
|
plContext),
|
|
PKIX_REVOCATIONCHECKERCREATEFAILED);
|
|
|
|
cleanup:
|
|
|
|
PKIX_DECREF(revChecker);
|
|
|
|
PKIX_RETURN(REVOCATIONCHECKER);
|
|
}
|