wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity
1f24532149
gecko/security/nss/lib/libpkix/pkix/checker/pkix_defaultrevchecker.c
Kai Engert 1f24532149 Backout 6c571dc80a99, bug 473837
2009-01-16 20:15:28 +01:00

404 lines
13 KiB
C
Raw Blame History

/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the PKIX-C library.
*
* The Initial Developer of the Original Code is
* Sun Microsystems, Inc.
* Portions created by the Initial Developer are
* Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems, Inc.
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_defaultrevchecker.c
*
* Functions for default Revocation Checker
*
*/
#include "pkix_defaultrevchecker.h"
/* --Private-DefaultRevChecker-Functions------------------------------- */
/*
* FUNCTION: pkix_DefaultRevChecker_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_DefaultRevChecker_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
PKIX_DefaultRevocationChecker *revChecker = NULL;
PKIX_ENTER(DEFAULTREVOCATIONCHECKER,
"pkix_DefaultRevChecker_Destroy");
PKIX_NULLCHECK_ONE(object);
/* Check that this object is a DefaultRevocationChecker */
PKIX_CHECK(pkix_CheckType
(object, PKIX_DEFAULTREVOCATIONCHECKER_TYPE, plContext),
PKIX_OBJECTNOTDEFAULTREVOCATIONCHECKER);
revChecker = (PKIX_DefaultRevocationChecker *)object;
PKIX_DECREF(revChecker->certChainChecker);
PKIX_DECREF(revChecker->certStores);
PKIX_DECREF(revChecker->testDate);
PKIX_DECREF(revChecker->trustedPubKey);
cleanup:
PKIX_RETURN(DEFAULTREVOCATIONCHECKER);
}
/*
* FUNCTION: pkix_DefaultRevocationChecker_RegisterSelf
*
* DESCRIPTION:
* Registers PKIX_DEFAULTREVOCATIONCHECKER_TYPE and its related functions
* with systemClasses[]
*
* THREAD SAFETY:
* Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
*
* Since this function is only called by PKIX_PL_Initialize, which should
* only be called once, it is acceptable that this function is not
* thread-safe.
*/
PKIX_Error *
pkix_DefaultRevocationChecker_RegisterSelf(void *plContext)
{
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
pkix_ClassTable_Entry entry;
PKIX_ENTER(DEFAULTREVOCATIONCHECKER,
"pkix_DefaultRevocationChecker_RegisterSelf");
entry.description = "DefaultRevocationChecker";
entry.objCounter = 0;
entry.typeObjectSize = sizeof(PKIX_DefaultRevocationChecker);
entry.destructor = pkix_DefaultRevChecker_Destroy;
entry.equalsFunction = NULL;
entry.hashcodeFunction = NULL;
entry.toStringFunction = NULL;
entry.comparator = NULL;
entry.duplicateFunction = NULL;
systemClasses[PKIX_DEFAULTREVOCATIONCHECKER_TYPE] = entry;
PKIX_RETURN(DEFAULTREVOCATIONCHECKER);
}
/*
* FUNCTION: pkix_DefaultRevChecker_Create
*
* DESCRIPTION:
* This function uses the List of certStores given by "certStores", the Date
* given by "testDate", the PublicKey given by "trustedPubKey", and the number
* of certs remaining in the chain given by "certsRemaining" to create a
* DefaultRevocationChecker, which is stored at "pRevChecker".
*
* PARAMETERS
* "certStores"
* Address of CertStore List to be stored in state. Must be non-NULL.
* "testDate"
* Address of PKIX_PL_Date to be checked. May be NULL.
* "trustedPubKey"
* Address of Public Key of Trust Anchor. Must be non-NULL.
* "certsRemaining"
* Number of certificates remaining in the chain.
* "pRevChecker"
* Address of DefaultRevocationChecker that is returned. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
*
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
*
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a DefaultRevocationChecker Error if the function fails in a
* non-fatal way.
* Returns a Fatal Error
*/
static PKIX_Error *
pkix_DefaultRevChecker_Create(
PKIX_List *certStores,
PKIX_PL_Date *testDate,
PKIX_PL_PublicKey *trustedPubKey,
PKIX_UInt32 certsRemaining,
PKIX_DefaultRevocationChecker **pRevChecker,
void *plContext)
{
PKIX_DefaultRevocationChecker *revChecker = NULL;
PKIX_ENTER(DEFAULTREVOCATIONCHECKER, "pkix_DefaultRevChecker_Create");
PKIX_NULLCHECK_THREE(certStores, trustedPubKey, pRevChecker);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_DEFAULTREVOCATIONCHECKER_TYPE,
sizeof (PKIX_DefaultRevocationChecker),
(PKIX_PL_Object **)&revChecker,
plContext),
PKIX_COULDNOTCREATEDEFAULTREVOCATIONCHECKEROBJECT);
/* Initialize fields */
revChecker->certChainChecker = NULL;
revChecker->check = NULL;
PKIX_INCREF(certStores);
revChecker->certStores = certStores;
PKIX_INCREF(testDate);
revChecker->testDate = testDate;
PKIX_INCREF(trustedPubKey);
revChecker->trustedPubKey = trustedPubKey;
revChecker->certsRemaining = certsRemaining;
*pRevChecker = revChecker;
revChecker = NULL;
cleanup:
PKIX_DECREF(revChecker);
PKIX_RETURN(DEFAULTREVOCATIONCHECKER);
}
/* --Private-DefaultRevChecker-Functions------------------------------------ */
/*
* FUNCTION: pkix_DefaultRevChecker_Check
*
* DESCRIPTION:
* Check if the Cert has been revoked based on the CRLs data. This function
* maintains the checker state to be current.
*
* PARAMETERS
* "checkerContext"
* Address of RevocationCheckerContext which has the state data.
* Must be non-NULL.
* "cert"
* Address of Certificate that is to be validated. Must be non-NULL.
* "procParams"
* Address of ProcessingParams used to initialize the ExpirationChecker
* and TargetCertChecker. Must be non-NULL.
* "pNBIOContext"
* Address at which platform-dependent non-blocking I/O context is stored.
* Must be non-NULL.
* "pResultCode"
* Address where revocation status will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
*
* THREAD SAFETY:
* Not Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
*
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a RevocationChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error
*/
static PKIX_Error *
pkix_DefaultRevChecker_Check(
PKIX_PL_Object *checkerContext,
PKIX_PL_Cert *cert,
PKIX_ProcessingParams *procParams,
void **pNBIOContext,
PKIX_UInt32 *pReasonCode,
void *plContext)
{
PKIX_DefaultRevocationChecker *defaultRevChecker = NULL;
PKIX_CertChainChecker *crlChecker = NULL;
PKIX_PL_Object *crlCheckerState = NULL;
PKIX_CertChainChecker_CheckCallback check = NULL;
void *nbioContext = NULL;
PKIX_ENTER(REVOCATIONCHECKER, "pkix_DefaultRevChecker_Check");
PKIX_NULLCHECK_FOUR(checkerContext, cert, pNBIOContext, pReasonCode);
/* Check that this object is a DefaultRevocationChecker */
PKIX_CHECK(pkix_CheckType
((PKIX_PL_Object *)checkerContext,
PKIX_DEFAULTREVOCATIONCHECKER_TYPE,
plContext),
PKIX_OBJECTNOTDEFAULTREVOCATIONCHECKER);
defaultRevChecker = (PKIX_DefaultRevocationChecker *)checkerContext;
nbioContext = *pNBIOContext;
*pNBIOContext = 0;
*pReasonCode = 0;
/*
* If we haven't yet created a defaultCrlChecker to do the actual work,
* create one now.
*/
if (defaultRevChecker->certChainChecker == NULL) {
PKIX_Boolean nistCRLPolicyEnabled = PR_TRUE;
if (procParams) {
PKIX_CHECK(
pkix_ProcessingParams_GetNISTRevocationPolicyEnabled
(procParams, &nistCRLPolicyEnabled, plContext),
PKIX_PROCESSINGPARAMSGETNISTREVPOLICYENABLEDFAILED);
}
PKIX_CHECK(pkix_DefaultCRLChecker_Initialize
(defaultRevChecker->certStores,
defaultRevChecker->testDate,
defaultRevChecker->trustedPubKey,
defaultRevChecker->certsRemaining,
nistCRLPolicyEnabled,
&crlChecker,
plContext),
PKIX_DEFAULTCRLCHECKERINITIALIZEFAILED);
PKIX_CHECK(PKIX_CertChainChecker_GetCheckCallback
(crlChecker, &check, plContext),
PKIX_CERTCHAINCHECKERGETCHECKCALLBACKFAILED);
defaultRevChecker->certChainChecker = crlChecker;
defaultRevChecker->check = check;
}
/*
* The defaultCRLChecker, which we are using, wants a CRLSelector
* (in its state) to select the Issuer of the target Cert.
*/
PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
(defaultRevChecker->certChainChecker,
&crlCheckerState,
plContext),
PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
PKIX_CHECK(pkix_CheckType
(crlCheckerState, PKIX_DEFAULTCRLCHECKERSTATE_TYPE, plContext),
PKIX_OBJECTNOTDEFAULTCRLCHECKERSTATE);
/* Set up CRLSelector */
PKIX_CHECK(pkix_DefaultCRLChecker_Check_SetSelector
(cert,
(pkix_DefaultCRLCheckerState *)crlCheckerState,
plContext),
PKIX_DEFAULTCRLCHECKERCHECKSETSELECTORFAILED);
PKIX_CHECK
(PKIX_CertChainChecker_SetCertChainCheckerState
(defaultRevChecker->certChainChecker,
crlCheckerState,
plContext),
PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
PKIX_CHECK(defaultRevChecker->check
(defaultRevChecker->certChainChecker,
cert,
NULL,
&nbioContext,
plContext),
PKIX_CERTCHAINCHECKERCHECKCALLBACKFAILED);
*pNBIOContext = nbioContext;
cleanup:
PKIX_DECREF(crlCheckerState);
PKIX_RETURN(REVOCATIONCHECKER);
}
/*
* FUNCTION: pkix_DefaultRevChecker_Initialize
*
* DESCRIPTION:
* Create a CertChainChecker with DefaultRevChecker.
*
* PARAMETERS
* "certStores"
* Address of CertStore List to be stored in state. Must be non-NULL.
* "testDate"
* Address of PKIX_PL_Date to be checked. May be NULL.
* "trustedPubKey"
* Address of Public Key of Trust Anchor. Must be non-NULL.
* "certsRemaining"
* Number of certificates remaining in the chain.
* "pChecker"
* Address where object pointer will be stored. Must be non-NULL.
* Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
*
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
*
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertChainChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error
*/
PKIX_Error *
pkix_DefaultRevChecker_Initialize(
PKIX_List *certStores,
PKIX_PL_Date *testDate,
PKIX_PL_PublicKey *trustedPubKey,
PKIX_UInt32 certsRemaining,
PKIX_RevocationChecker **pChecker,
void *plContext)
{
PKIX_DefaultRevocationChecker *revChecker = NULL;
PKIX_ENTER(REVOCATIONCHECKER, "pkix_DefaultRevChecker_Initialize");
PKIX_NULLCHECK_TWO(certStores, pChecker);
PKIX_CHECK(pkix_DefaultRevChecker_Create
(certStores,
testDate,
trustedPubKey,
certsRemaining,
&revChecker,
plContext),
PKIX_DEFAULTREVCHECKERCREATEFAILED);
PKIX_CHECK(PKIX_RevocationChecker_Create
(pkix_DefaultRevChecker_Check,
(PKIX_PL_Object *)revChecker,
pChecker,
plContext),
PKIX_REVOCATIONCHECKERCREATEFAILED);
cleanup:
PKIX_DECREF(revChecker);
PKIX_RETURN(REVOCATIONCHECKER);
}
Reference in New Issue View Git Blame Copy Permalink