mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bugzilla Bug 358785: merged the mozilla/security/nss/lib/libpkix from the 

NSS_LIBPKIX_BRANCH onto the NSS trunk.  Approved by rrelyea and nelsonb.
This commit is contained in:
wtchang%redhat.com 2006-12-09 00:27:38 +00:00
Родитель 0555a931af
Коммит 9f7d451f99
207 изменённых файлов: 89717 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

80
security/nss/lib/libpkix/Makefile Executable file
Просмотреть файл

@ -0,0 +1,80 @@
#! gmake
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include config.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
export:: private_export

48
security/nss/lib/libpkix/config.mk Executable file
Просмотреть файл

@ -0,0 +1,48 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#
# Override TARGETS variable so that only static libraries
# are specifed as dependencies within rules.mk.
#
# DEFINES+=-DPKIX_LISTDEBUG Can be used to turn on debug compilation
TARGETS = $(LIBRARY)
SHARED_LIBRARY =
IMPORT_LIBRARY =
PROGRAM =

80
security/nss/lib/libpkix/include/Makefile Executable file
Просмотреть файл

@ -0,0 +1,80 @@
#! gmake
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include config.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
export:: private_export

47
security/nss/lib/libpkix/include/config.mk Executable file
Просмотреть файл

@ -0,0 +1,47 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#
# Override TARGETS variable so that only static libraries
# are specifed as dependencies within rules.mk.
#
TARGETS = $(LIBRARY)
SHARED_LIBRARY =
IMPORT_LIBRARY =
PROGRAM =

64
security/nss/lib/libpkix/include/manifest.mn Executable file
Просмотреть файл

@ -0,0 +1,64 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CORE_DEPTH = ../../../..
EXPORTS = \
pkix.h \
pkix_crlsel.h \
pkix_errorstrings.h \
pkix_results.h \
pkixt.h \
pkix_certsel.h \
pkix_params.h \
pkix_revchecker.h \
pkix_certstore.h \
pkix_pl_pki.h \
pkix_sample_modules.h \
pkix_checker.h \
pkix_pl_system.h \
pkix_util.h \
$(NULL)
PRIVATE_EXPORTS = \
$(NULL)
MODULE = nss
CSRCS = \
$(NULL)
REQUIRES = dbm

366
security/nss/lib/libpkix/include/pkix.h Executable file
Просмотреть файл

@ -0,0 +1,366 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* This file defines the public API for libpkix. These are the top-level
* functions in the library. They perform the primary operations of this
* library: building and validating chains of X.509 certificates.
*
*/
#ifndef _PKIX_H
#define _PKIX_H
#include "pkixt.h"
#include "pkix_util.h"
#include "pkix_params.h"
#include "pkix_results.h"
#include "pkix_certstore.h"
#include "pkix_certsel.h"
#include "pkix_crlsel.h"
#include "pkix_checker.h"
#include "pkix_revchecker.h"
#include "pkix_pl_system.h"
#include "pkix_pl_pki.h"
#ifdef __cplusplus
extern "C" {
#endif
/* General
*
* Please refer to the libpkix Programmer's Guide for detailed information
* about how to use the libpkix library. Certain key warnings and notices from
* that document are repeated here for emphasis.
*
* All identifiers in this file (and all public identifiers defined in
* libpkix) begin with "PKIX_". Private identifiers only intended for use
* within the library begin with "pkix_".
*
* A function returns NULL upon success, and a PKIX_Error pointer upon failure.
*
* Unless otherwise noted, for all accessor (gettor) functions that return a
* PKIX_PL_Object pointer, callers should assume that this pointer refers to a
* shared object. Therefore, the caller should treat this shared object as
* read-only and should not modify this shared object. When done using the
* shared object, the caller should release the reference to the object by
* using the PKIX_PL_Object_DecRef function.
*
* While a function is executing, if its arguments (or anything referred to by
* its arguments) are modified, free'd, or destroyed, the function's behavior
* is undefined.
*
*/
/*
* FUNCTION: PKIX_Initialize
* DESCRIPTION:
*
* No PKIX_* types and functions should be used before this function is called
* and returns successfully. This function should only be called once. If it
* is called more than once, the behavior is undefined.
*
* NSS applications are expected to call NSS_Init, and need not know that
* NSS will call this function (with "platformInitNeeded" set to PKIX_FALSE).
* PKIX applications are expected instead to call this function with
* "platformInitNeeded" set to PKIX_TRUE.
*
* This function initializes data structures critical to the operation of
* libpkix. It also ensures that the API version (major.minor) desired by the
* caller (the "desiredMajorVersion", "minDesiredMinorVersion", and
* "maxDesiredMinorVersion") is compatible with the API version supported by
* the library. As such, the library must support the "desiredMajorVersion"
* of the API and must support a minor version that falls between
* "minDesiredMinorVersion" and "maxDesiredMinorVersion", inclusive. If
* compatibility exists, the function returns NULL and stores the library's
* actual minor version at "pActualMinorVersion" (which may be greater than
* "desiredMinorVersion"). If no compatibility exists, the function returns a
* PKIX_Error pointer. If the caller wishes to specify that the largest
* minor version available should be used, then maxDesiredMinorVersion should
* be set to the macro PKIX_MAX_MINOR_VERSION (defined in pkixt.h).
*
* PARAMETERS:
* "platformInitNeeded"
* Boolean indicating whether the platform layer initialization code
* has previously been run, or should be called from this function.
* "useArenas"
* Boolean indicating whether allocation is to be done using arenas or
* individual allocation (malloc).
* "desiredMajorVersion"
* The major version of the libpkix API the application wishes to use.
* "minDesiredMinorVersion"
* The minimum minor version of the libpkix API the application wishes
* to use.
* "maxDesiredMinorVersion"
* The maximum minor version of the libpkix API the application wishes
* to use.
* "pActualMinorVersion"
* Address where PKIX_UInt32 will be stored. Must be non-NULL.
* "pPlContext"
* Address at which platform-specific context pointer is stored. Must
* be non-NULL.
* THREAD SAFETY:
* Not Thread Safe
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an Initialize Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_Initialize(
PKIX_Boolean platformInitNeeded,
PKIX_Boolean useArenas,
PKIX_UInt32 desiredMajorVersion,
PKIX_UInt32 minDesiredMinorVersion,
PKIX_UInt32 maxDesiredMinorVersion,
PKIX_UInt32 *pActualMinorVersion,
void **pPlContext);
/*
* FUNCTION: PKIX_Shutdown
* DESCRIPTION:
*
* This function deallocates any memory used by libpkix and shuts down any
* ongoing operations. This function should only be called once. If it is
* called more than once, the behavior is undefined.
*
* No PKIX_* types and functions should be used after this function is called
* and returns successfully.
* PARAMETERS:
* "plContext" - Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_Shutdown(void *plContext);
/*
* FUNCTION: PKIX_Initialize_SetConfigDir
* DESCRIPTION:
*
* This function initializes the configuration directory for "storeType" to
* the ascii value of "configDirString".
*
* PARAMETERS:
* "storeType"
* Type of the Cert Store location for initialization.
* "configDir"
* Address of char where the Cert Store location is retrieved.
* Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an Initialize Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_Initialize_SetConfigDir(
PKIX_UInt32 storeType,
char *configDir,
void *plContext);
/*
* FUNCTION: PKIX_ValidateChain
* DESCRIPTION:
*
* This function attempts to validate the CertChain that has been set in the
* ValidateParams pointed to by "params" using an RFC 3280-compliant
* algorithm. If successful, this function returns NULL and stores the
* ValidateResult at "pResult", which holds additional information, such as
* the policy tree and the target's public key. If unsuccessful, an Error is
* returned. Note: This function does not currently support non-blocking I/O.
*
* If "pVerifyTree" is non-NULL, a chain of VerifyNodes is created which
* tracks the results of the validation. That is, either each node in the
* chain has a NULL Error component, or the last node contains an Error
* which indicates why the validation failed.
*
* PARAMETERS:
* "params"
* Address of ValidateParams used to validate CertChain. Must be non-NULL.
* "pResult"
* Address where object pointer will be stored. Must be non-NULL.
* "pVerifyTree"
* Address where a VerifyTree is stored, if non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (See Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Validate Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_ValidateChain(
PKIX_ValidateParams *params,
PKIX_ValidateResult **pResult,
PKIX_VerifyNode **pVerifyTree,
void *plContext);
/*
* FUNCTION: PKIX_ValidateChain_NB
* DESCRIPTION:
*
* This function is the equivalent of PKIX_ValidateChain, except that it
* supports non-blocking I/O. When called with "pNBIOContext" pointing to NULL
* it initiates a new chain validation as in PKIX_ValidateChain, ignoring the
* value in all input variables except "params". If forced to suspend
* processing by a WOULDBLOCK return from some operation, such as a CertStore
* request, it stores the platform-dependent I/O context at "pNBIOContext" and
* stores other intermediate variables at "pCertIndex", "pAnchorIndex",
* "pCheckerIndex", "pRevChecking", and "pCheckers".
*
* When called subsequently with that non-NULL value at "pNBIOContext", it
* relies on those intermediate values to be untouched, and it resumes chain
* validation where it left off. Its behavior is undefined if any of the
* intermediate values was not preserved.
*
* PARAMETERS:
* "params"
* Address of ValidateParams used to validate CertChain. Must be non-NULL.
* "pCertIndex"
* The UInt32 value of the index to the Cert chain, indicating which Cert
* is currently being processed.
* "pAnchorIndex"
* The UInt32 value of the index to the Anchor chain, indicating which
* Trust Anchor is currently being processed.
* "pCheckerIndex"
* The UInt32 value of the index to the List of CertChainCheckers,
* indicating which Checker is currently processing.
* "pRevChecking"
* The Boolean flag indicating whether normal checking or revocation
* checking is occurring for the Cert indicated by "pCertIndex".
* "pCheckers"
* The address of the List of CertChainCheckers. Must be non-NULL.
* "pNBIOContext"
* The address of the platform-dependend I/O context. Must be a non-NULL
* pointer to a NULL value for the call to initiate chain validation.
* "pResult"
* Address where ValidateResult object pointer will be stored. Must be
* non-NULL.
* "pVerifyTree"
* Address where a VerifyTree is stored, if non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a VALIDATE Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/PKIX_Error *
PKIX_ValidateChain_NB(
PKIX_ValidateParams *params,
PKIX_UInt32 *pCertIndex,
PKIX_UInt32 *pAnchorIndex,
PKIX_UInt32 *pCheckerIndex,
PKIX_Boolean *pRevChecking,
PKIX_List **pCheckers,
void **pNBIOContext,
PKIX_ValidateResult **pResult,
PKIX_VerifyNode **pVerifyTree,
void *plContext);
/*
* FUNCTION: PKIX_BuildChain
* DESCRIPTION:
*
* If called with a NULL "state", this function attempts to build and validate
* a CertChain according to the ProcessingParams pointed to by "params", using
* an RFC 3280-compliant validation algorithm. If successful, this function
* returns NULL and stores the BuildResult at "pResult", which holds the built
* CertChain, as well as additional information, such as the policy tree and
* the target's public key. If unsuccessful, an Error is returned.
*
* If the chain building is blocked by a CertStore using non-blocking I/O, this
* function stores platform-dependent non-blocking I/O context at
* "pNBIOContext", its state at "pState", and NULL at "pResult". The caller
* may be able to determine, in a platform-dependent way, when the I/O has
* completed. In any case, calling the function again with "pState" containing
* the returned value will allow the chain building to resume.
*
* If chain building is completed, either successfully or unsuccessfully, NULL
* is stored at "pNBIOContext".
*
* If "pVerifyTree" is non-NULL, a tree of VerifyNodes is created which
* tracks the results of the building. That is, each node of the tree either
* has a NULL Error component, or it is a leaf node and it contains an Error
* which indicates why the chain building could not proceed on this branch.
*
* PARAMETERS:
* "params"
* Address of ProcessingParams used to build and validate CertChain.
* Must be non-NULL.
* "pNBIOContext"
* Address where platform-dependent information is store if the build
* is suspended waiting for non-blocking I/O. Must be non-NULL.
* "pState"
* Address of BuildChain state. Must be NULL on initial call, and the
* value previously returned on subsequent calls.
* "pResult"
* Address where object pointer will be stored. Must be non-NULL.
* "pVerifyTree"
* Address where a VerifyTree is stored, if non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (See Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Build Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_BuildChain(
PKIX_ProcessingParams *params,
void **pNBIOContext,
void **pState,
PKIX_BuildResult **pResult,
PKIX_VerifyNode **pVerifyNode,
void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_H */

1803
security/nss/lib/libpkix/include/pkix_certsel.h Executable file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

601
security/nss/lib/libpkix/include/pkix_certstore.h Executable file
Просмотреть файл

@ -0,0 +1,601 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* This file defines functions associated with the PKIX_CertStore type.
*
*/
#ifndef _PKIX_CERTSTORE_H
#define _PKIX_CERTSTORE_H
#include "pkixt.h"
#ifdef __cplusplus
extern "C" {
#endif
/* General
*
* Please refer to the libpkix Programmer's Guide for detailed information
* about how to use the libpkix library. Certain key warnings and notices from
* that document are repeated here for emphasis.
*
* All identifiers in this file (and all public identifiers defined in
* libpkix) begin with "PKIX_". Private identifiers only intended for use
* within the library begin with "pkix_".
*
* A function returns NULL upon success, and a PKIX_Error pointer upon failure.
*
* Unless otherwise noted, for all accessor (gettor) functions that return a
* PKIX_PL_Object pointer, callers should assume that this pointer refers to a
* shared object. Therefore, the caller should treat this shared object as
* read-only and should not modify this shared object. When done using the
* shared object, the caller should release the reference to the object by
* using the PKIX_PL_Object_DecRef function.
*
* While a function is executing, if its arguments (or anything referred to by
* its arguments) are modified, free'd, or destroyed, the function's behavior
* is undefined.
*
*/
/* PKIX_CertStore
*
* A PKIX_CertStore provides a standard way for the caller to retrieve
* certificates and CRLs from a particular repository (or "store") of
* certificates and CRLs, including LDAP directories, flat files, local
* databases, etc. The CertCallback allows custom certificate retrieval logic
* to be used while the CRLCallback allows custom CRL retrieval logic to be
* used. Additionally, a CertStore can be initialized with a certStoreContext,
* which is where the caller can specify configuration data such as the host
* name of an LDAP server. Note that this certStoreContext must be an
* Object (although any object type), allowing it to be reference-counted and
* allowing it to provide the standard Object functions (Equals, Hashcode,
* ToString, Compare, Duplicate). Please note that each certStoreContext must
* provide Equals and Hashcode functions in order for the caching (on Cert and
* CertChain) to work correctly. When providing those two functions, it is not
* required that all the components of the object be hashed or checked for
* equality, but merely that the functions distinguish between unique
* instances of the certStoreContext.
*
* Once the caller has created the CertStore object, the caller then specifies
* these CertStore objects in a ProcessingParams object and passes that object
* to PKIX_ValidateChain or PKIX_BuildChain, which uses the objects to call the
* user's callback functions as needed during the validation or building
* process.
*
* The order of CertStores stored (as a list) at ProcessingParams determines
* the order in which certificates are retrieved. Trusted CertStores should
* precede non-trusted ones on the list of CertStores so their certificates
* are evaluated ahead of other certificates selected on the basis of the same
* selector criteria.
*
* The CheckTrustCallback function is used when the CertStore object
* supports trust status, which means a Cert's trust status can be altered
* dynamically. When a CertStore object is created, if the
* CheckTrustCallback is initialized to be non-NULL, this CertStore is
* defaulted as supporting trust. Then whenever a Cert needs to (re)check its
* trust status, this callback can be invoked. When a Cert is retrieved by
* a CertStore supports trust, at its GetCertCallback, the CertStore
* information should be updated in Cert's data structure so the link between
* the Cert and CertStore exists.
*
*/
/*
* FUNCTION: PKIX_CertStore_CertCallback
* DESCRIPTION:
*
* This callback function retrieves from the CertStore pointed to by "store"
* all the certificates that match the CertSelector pointed to by "selector".
* It places these certificates in a List and stores a pointer to the List at
* "pCerts". If no certificates are found which match the CertSelector's
* criteria, this function stores an empty List at "pCerts". In either case, if
* the operation is completed, NULL is stored at "pNBIOContext".
*
* A CertStore which uses non-blocking I/O may store platform-dependent
* information at "pNBIOContext" and NULL at "pCerts" to indicate that I/O is
* pending. A subsequent call to PKIX_CertStore_CertContinue is required to
* finish the operation and to obtain the List of Certs.
*
* Note that the List returned by this function is immutable.
*
* PARAMETERS:
* "store"
* Address of CertStore from which Certs are to be retrieved.
* Must be non-NULL.
* "selector"
* Address of CertSelector whose criteria must be satisfied.
* Must be non-NULL.
* "pNBIOContext"
* Address at which platform-dependent information is stored if the
* operation is suspended for non-blocking I/O. Must be non-NULL.
* "pCerts"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe
*
* Multiple threads must be able to safely call this function without
* worrying about conflicts, even if they're operating on the same object.
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertStore Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
typedef PKIX_Error *
(*PKIX_CertStore_CertCallback)(
PKIX_CertStore *store,
PKIX_CertSelector *selector,
void **pNBIOContext,
PKIX_List **pCerts, /* list of PKIX_PL_Cert */
void *plContext);
/*
* FUNCTION: PKIX_CertStore_CertContinue
* DESCRIPTION:
*
* This function continues the non-blocking operation initiated by an earlier
* call to the CertCallback function, for the CertStore pointed to by "store".
* If an earlier call did not terminate with the WOULDBLOCK indication (non-NULL
* value returned in "pNBIOContext") calling this function will return a fatal
* error. If the operation is completed the certificates found are placed in a
* List, a pointer to which is stored at "pCerts". If no certificates are found
* which match the CertSelector's criteria, this function stores an empty List
* at "pCerts". In either case, if the operation is completed, NULL is stored
* at "pNBIOContext".
*
* If non-blocking I/O is still pending this function stores platform-dependent
* information at "pNBIOContext" and NULL at "pCerts". A subsequent call to
* PKIX_CertStore_CertContinue is required to finish the operation and to
* obtain the List of Certs.
*
* Note that the List returned by this function is immutable.
*
* PARAMETERS:
* "store"
* Address of CertStore from which Certs are to be retrieved.
* Must be non-NULL.
* "selector"
* Address of CertSelector whose criteria must be satisfied.
* Must be non-NULL.
* "pNBIOContext"
* Address at which platform-dependent information is stored if the
* operation is suspended for non-blocking I/O. Must be non-NULL.
* "pCerts"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe
*
* Multiple threads must be able to safely call this function without
* worrying about conflicts, even if they're operating on the same object.
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertStore Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CertStore_CertContinue(
PKIX_CertStore *store,
PKIX_CertSelector *selector,
void **pNBIOContext,
PKIX_List **pCerts, /* list of PKIX_PL_Cert */
void *plContext);
typedef PKIX_Error *
(*PKIX_CertStore_CertContinueFunction)(
PKIX_CertStore *store,
PKIX_CertSelector *selector,
void **pNBIOContext,
PKIX_List **pCerts, /* list of PKIX_PL_Cert */
void *plContext);
/*
* FUNCTION: PKIX_CertStore_CRLCallback
* DESCRIPTION:
*
* This callback function retrieves from the CertStore pointed to by "store"
* all the CRLs that match the CRLSelector pointed to by "selector". It
* places these CRLs in a List and stores a pointer to the List at "pCRLs".
* If no CRLs are found which match the CRLSelector's criteria, this function
* stores an empty List at "pCRLs". In either case, if the operation is
* completed, NULL is stored at "pNBIOContext".
*
* A CertStore which uses non-blocking I/O may store platform-dependent
* information at "pNBIOContext" and NULL at "pCrls" to indicate that I/O is
* pending. A subsequent call to PKIX_CertStore_CRLContinue is required to
* finish the operation and to obtain the List of Crls.
*
* Note that the List returned by this function is immutable.
*
* PARAMETERS:
* "store"
* Address of CertStore from which CRLs are to be retrieved.
* Must be non-NULL.
* "selector"
* Address of CRLSelector whose criteria must be satisfied.
* Must be non-NULL.
* "pCrls"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe
*
* Multiple threads must be able to safely call this function without
* worrying about conflicts, even if they're operating on the same object.
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertStore Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
typedef PKIX_Error *
(*PKIX_CertStore_CRLCallback)(
PKIX_CertStore *store,
PKIX_CRLSelector *selector,
void **pNBIOContext,
PKIX_List **pCrls, /* list of PKIX_PL_CRL */
void *plContext);
/*
* FUNCTION: PKIX_CertStore_CrlContinue
* DESCRIPTION:
*
* This function continues the non-blocking operation initiated by an earlier
* call to the CRLCallback function, for the CertStore pointed to by "store".
* If an earlier call did not terminate with the WOULDBLOCK indication (non-NULL
* value returned in "pNBIOContext") calling this function will return a fatal
* error. If the operation is completed the crls found are placed in a List, a
* pointer to which is stored at "pCrls". If no crls are found which match the
* CRLSelector's criteria, this function stores an empty List at "pCrls". In
* either case, if the operation is completed, NULL is stored at "pNBIOContext".
*
* If non-blocking I/O is still pending this function stores platform-dependent
* information at "pNBIOContext" and NULL at "pCrls". A subsequent call to
* PKIX_CertStore_CrlContinue is required to finish the operation and to
* obtain the List of Crls.
*
* Note that the List returned by this function is immutable.
*
* PARAMETERS:
* "store"
* Address of CertStore from which Crls are to be retrieved.
* Must be non-NULL.
* "selector"
* Address of CRLSelector whose criteria must be satisfied.
* Must be non-NULL.
* "pNBIOContext"
* Address at which platform-dependent information is stored if the
* operation is suspended for non-blocking I/O. Must be non-NULL.
* "pCrls"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe
*
* Multiple threads must be able to safely call this function without
* worrying about conflicts, even if they're operating on the same object.
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertStore Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CertStore_CrlContinue(
PKIX_CertStore *store,
PKIX_CRLSelector *selector,
void **pNBIOContext,
PKIX_List **pCrls, /* list of PKIX_PL_CRL */
void *plContext);
typedef PKIX_Error *
(*PKIX_CertStore_CrlContinueFunction)(
PKIX_CertStore *store,
PKIX_CRLSelector *selector,
void **pNBIOContext,
PKIX_List **pCrls, /* list of PKIX_PL_CRL */
void *plContext);
/*
* FUNCTION: PKIX_CertStore_CheckTrustCallback
* DESCRIPTION:
*
* This callback function rechecks "cert's" trust status from the CertStore
* pointed to by "store".
*
* PARAMETERS:
* "store"
* Address of CertStore from which Certs are to be checked.
* Must be non-NULL.
* "cert"
* Address of Cert whose trust status needs to be rechecked.
* Must be non-NULL.
* "pTrusted"
* Address of PKIX_Boolean where the trust status is returned.
* Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe
*
* Multiple threads must be able to safely call this function without
* worrying about conflicts, even if they're operating on the same object.
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertStore Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
typedef PKIX_Error *
(*PKIX_CertStore_CheckTrustCallback)(
PKIX_CertStore *store,
PKIX_PL_Cert *cert,
PKIX_Boolean *pTrusted,
void *plContext);
/*
* FUNCTION: PKIX_CertStore_Create
* DESCRIPTION:
*
* Creates a new CertStore and stores it at "pStore". The new CertStore uses
* the CertCallback pointed to by "certCallback" and the CRLCallback pointed
* to by "crlCallback" as its callback functions and uses the Object pointed
* to by "certStoreContext" as its context . Note that this certStoreContext
* must be an Object (although any object type), allowing it to be
* reference-counted and allowing it to provide the standard Object functions
* (Equals, Hashcode, ToString, Compare, Duplicate). Once created, a
* CertStore object is immutable, although the underlying repository can
* change. For example, a CertStore will often be a front-end for a database
* or directory. The contents of that directory can change after the
* CertStore object is created, but the CertStore object remains immutable.
*
* PARAMETERS:
* "certCallback"
* The CertCallback function to be used. Must be non-NULL.
* "crlCallback"
* The CRLCallback function to be used. Must be non-NULL.
* "certContinue"
* The function to be used to resume a certCallback that returned with a
* WOULDBLOCK condition. Must be non-NULL if certStore supports non-blocking
* I/O.
* "crlContinue"
* The function to be used to resume a crlCallback that returned with a
* WOULDBLOCK condition. Must be non-NULL if certStore supports non-blocking
* I/O.
* "trustCallback"
* Address of PKIX_CertStore_CheckTrustCallback which is called to
* verify the trust status of Certs in this CertStore.
* "certStoreContext"
* Address of Object representing the CertStore's context (if any).
* "cachedFlag"
* If TRUE indicates data retrieved from CertStore should be cached.
* "localFlag"
* Boolean value indicating whether this CertStore is local.
* "pStore"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertStore Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CertStore_Create(
PKIX_CertStore_CertCallback certCallback,
PKIX_CertStore_CRLCallback crlCallback,
PKIX_CertStore_CertContinueFunction certContinue,
PKIX_CertStore_CrlContinueFunction crlContinue,
PKIX_CertStore_CheckTrustCallback trustCallback,
PKIX_PL_Object *certStoreContext,
PKIX_Boolean cachedFlag,
PKIX_Boolean localFlag,
PKIX_CertStore **pStore,
void *plContext);
/*
* FUNCTION: PKIX_CertStore_GetCertCallback
* DESCRIPTION:
*
* Retrieves a pointer to "store's" Cert callback function and put it in
* "pCallback".
*
* PARAMETERS:
* "store"
* The CertStore whose Cert callback is desired. Must be non-NULL.
* "pCallback"
* Address where Cert callback function pointer will be stored.
* Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CertStore_GetCertCallback(
PKIX_CertStore *store,
PKIX_CertStore_CertCallback *pCallback,
void *plContext);
/*
* FUNCTION: PKIX_CertStore_GetCRLCallback
* DESCRIPTION:
*
* Retrieves a pointer to "store's" CRL callback function and put it in
* "pCallback".
*
* PARAMETERS:
* "store"
* The CertStore whose CRL callback is desired. Must be non-NULL.
* "pCallback"
* Address where CRL callback function pointer will be stored.
* Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CertStore_GetCRLCallback(
PKIX_CertStore *store,
PKIX_CertStore_CRLCallback *pCallback,
void *plContext);
/*
* FUNCTION: PKIX_CertStore_GetTrustCallback
* DESCRIPTION:
*
* Retrieves the function pointer to the CheckTrust callback function of the
* CertStore pointed to by "store" and stores it at "pCallback".
*
* PARAMETERS:
* "store"
* The CertStore whose CheckTrust callback is desired. Must be non-NULL.
* "pCallback"
* Address where CheckTrust callback function pointer will be stored.
* Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CertStore_GetTrustCallback(
PKIX_CertStore *store,
PKIX_CertStore_CheckTrustCallback *pCallback,
void *plContext);
/*
* FUNCTION: PKIX_CertStore_GetCertStoreContext
* DESCRIPTION:
*
* Retrieves a pointer to the Object representing the context (if any)
* of the CertStore pointed to by "store" and stores it at
* "pCertStoreContext".
*
* PARAMETERS:
* "store"
* Address of CertStore whose context is to be stored. Must be non-NULL.
* "pCertStoreContext"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CertStore_GetCertStoreContext(
PKIX_CertStore *store,
PKIX_PL_Object **pCertStoreContext,
void *plContext);
/*
* FUNCTION: PKIX_CertStore_GetCertStoreCacheFlag
* DESCRIPTION:
*
* Retrieves the Boolean cache flag of the CertStore pointed to by "store" and
* stores it at "pCachedFlag".
*
* PARAMETERS:
* "store"
* Address of CertStore whose cache flag is to be stored. Must be non-NULL.
* "pCacheFlag"
* Address where the result will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CertStore_GetCertStoreCacheFlag(
PKIX_CertStore *store,
PKIX_Boolean *pCacheFlag,
void *plContext);
/*
* FUNCTION: PKIX_CertStore_GetLocalFlag
* DESCRIPTION:
*
* Retrieves the Boolean localFlag for the CertStore pointed to by "store" and
* stores it at "pLocalFlag". The localFlag is TRUE if the CertStore can
* fulfill a request without performing network I/O.
*
* PARAMETERS:
* "store"
* The CertStore whose Local flag is desired. Must be non-NULL.
* "pCallback"
* Address where the Boolean LocalFlag will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CertStore_GetLocalFlag(
PKIX_CertStore *store,
PKIX_Boolean *pLocalFlag,
void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_CERTSTORE_H */

427
security/nss/lib/libpkix/include/pkix_checker.h Executable file
Просмотреть файл

@ -0,0 +1,427 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* This file defines functions associated with the PKIX_CertChainChecker type.
*
*/
#ifndef _PKIX_CHECKER_H
#define _PKIX_CHECKER_H
#include "pkixt.h"
#ifdef __cplusplus
extern "C" {
#endif
/* General
*
* Please refer to the libpkix Programmer's Guide for detailed information
* about how to use the libpkix library. Certain key warnings and notices from
* that document are repeated here for emphasis.
*
* All identifiers in this file (and all public identifiers defined in
* libpkix) begin with "PKIX_". Private identifiers only intended for use
* within the library begin with "pkix_".
*
* A function returns NULL upon success, and a PKIX_Error pointer upon failure.
*
* Unless otherwise noted, for all accessor (gettor) functions that return a
* PKIX_PL_Object pointer, callers should assume that this pointer refers to a
* shared object. Therefore, the caller should treat this shared object as
* read-only and should not modify this shared object. When done using the
* shared object, the caller should release the reference to the object by
* using the PKIX_PL_Object_DecRef function.
*
* While a function is executing, if its arguments (or anything referred to by
* its arguments) are modified, free'd, or destroyed, the function's behavior
* is undefined.
*
*/
/* PKIX_CertChainChecker
*
* PKIX_CertChainCheckers provide a standard way for the caller to insert their
* own custom checks to validate certificates. This may be useful in many
* scenarios, including when the caller wishes to validate private certificate
* extensions. The CheckCallback allows custom certificate processing to take
* place. Additionally, a CertChainChecker can optionally maintain state
* between successive calls to the CheckCallback. This certChainCheckerState
* must be an Object (although any object type), allowing it to be
* reference-counted and allowing it to provide the standard Object functions
* (Equals, Hashcode, ToString, Compare, Duplicate). If the caller wishes
* their CertChainChecker to be used during chain building, their
* certChainCheckerState object must implement an appropriate Duplicate
* function. The builder uses this Duplicate function when backtracking.
*
* Once the caller has created a CertChainChecker object, the caller then
* specifies a CertChainChecker object in a ProcessingParams object
* and passes the ProcessingParams object to PKIX_ValidateChain or
* PKIX_BuildChain, which uses the objects to call the user's callback
* functions as needed during the validation or building process.
*
* A CertChainChecker may be presented certificates in the "reverse" direction
* (from trust anchor to target) or in the "forward" direction (from target to
* trust anchor). All CertChainCheckers must support "reverse checking", while
* support for "forward checking" is optional, but recommended. If "forward
* checking" is not supported, building chains may be much less efficient. The
* PKIX_CertChainChecker_IsForwardCheckingSupported function is used to
* determine whether forward checking is supported, and the
* PKIX_CertChainChecker_IsForwardDirectionExpected function is used to
* determine whether the CertChainChecker has been initialized to expect the
* certificates to be presented in the "forward" direction.
*/
/*
* FUNCTION: PKIX_CertChainChecker_CheckCallback
* DESCRIPTION:
*
* This callback function checks whether the specified Cert pointed to by
* "cert" is valid using "checker's" internal certChainCheckerState (if any)
* and removes the critical extensions that it processes (if any) from the
* List of OIDs (possibly empty) pointed to by "unresolvedCriticalExtensions".
* If the checker finds that the certificate is not valid, an Error pointer is
* returned.
*
* If the checker uses non-blocking I/O, the address of a platform-dependent
* non-blocking I/O context ("nbioContext") will be stored at "pNBIOContext",
* which the caller may use, in a platform-dependent way, to wait, poll, or
* otherwise determine when to try again. If the checker does not use
* non-blocking I/O, NULL will always be stored at "pNBIOContext". If a non-NULL
* value was stored, on a subsequent call the checker will attempt to complete
* the pending I/O and, if successful, NULL will be stored at "pNBIOContext".
*
* PARAMETERS:
* "checker"
* Address of CertChainChecker whose certChainCheckerState and
* CheckCallback logic is to be used. Must be non-NULL.
* "cert"
* Address of Cert that is to be validated using "checker".
* Must be non-NULL.
* "unresolvedCriticalExtensions"
* Address of List of OIDs that represents the critical certificate
* extensions that have yet to be resolved. This parameter may be
* modified during the function call. Must be non-NULL.
* "pNBIOContext"
* Address at which is stored a platform-dependent structure indicating
* whether checking was suspended for non-blocking I/O. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe
*
* Multiple threads must be able to safely call this function without
* worrying about conflicts, even if they're operating on the same object.
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertChainChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
typedef PKIX_Error *
(*PKIX_CertChainChecker_CheckCallback)(
PKIX_CertChainChecker *checker,
PKIX_PL_Cert *cert,
PKIX_List *unresolvedCriticalExtensions, /* list of PKIX_PL_OID */
void **pNBIOContext,
void *plContext);
/*
* FUNCTION: PKIX_CertChainChecker_Create
* DESCRIPTION:
*
* Creates a new CertChainChecker and stores it at "pChecker". The new
* CertChainChecker uses the CheckCallback pointed to by "callback" as its
* callback function. It uses the Object pointed to by "initialState" (if
* any) as its initial state. As noted above, the initial state Object must
* provide a custom implementation of PKIX_PL_Object_Duplicate if the
* CertChainChecker is to be used during certificate chain building.
*
* A CertChainChecker may be presented certificates in the "reverse"
* direction (from trust anchor to target) or in the "forward" direction
* (from target to trust anchor). All CertChainCheckers must support
* "reverse checking", while support for "forward checking" is optional. The
* CertChainChecker is initialized with two Boolean flags that deal with this
* distinction: "forwardCheckingSupported" and "forwardDirectionExpected".
* If the "forwardCheckingSupported" Boolean flag is TRUE, it indicates that
* this CertChainChecker is capable of checking certificates in the "forward"
* direction (as well as the "reverse" direction, which all CertChainCheckers
* MUST support). The "forwardDirectionExpected" Boolean flag indicates in
* which direction the CertChainChecker should expect the certificates to be
* presented. This is particularly useful for CertChainCheckers that are
* capable of checking in either the "forward" direction or the "reverse"
* direction, but have different processing steps depending on the direction.
*
* The CertChainChecker also uses the List of OIDs pointed to by "extensions"
* as the supported certificate extensions. All certificate extensions that
* the CertChainChecker might possibly recognize and be able to process
* should be included in the List of supported extensions. If "checker" does
* not recognize or process any certificate extensions, "extensions" should
* be set to NULL.
*
* PARAMETERS:
* "callback"
* The CheckCallback function to be used. Must be non-NULL.
* "forwardCheckingSupported"
* A Boolean value indicating whether or not this CertChainChecker is
* capable of checking certificates in the "forward" direction.
* "forwardDirectionExpected"
* A Boolean value indicating whether or not this CertChainChecker should
* be used to check in the "forward" direction.
* "extensions"
* Address of List of OIDs representing the supported extensions.
* "initialState"
* Address of Object representing the CertChainChecker's initial state
* (if any).
* "pChecker"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertChainChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CertChainChecker_Create(
PKIX_CertChainChecker_CheckCallback callback,
PKIX_Boolean forwardCheckingSupported,
PKIX_Boolean forwardDirectionExpected,
PKIX_List *extensions, /* list of PKIX_PL_OID */
PKIX_PL_Object *initialState,
PKIX_CertChainChecker **pChecker,
void *plContext);
/*
* FUNCTION: PKIX_CertChainChecker_GetCheckCallback
* DESCRIPTION:
*
* Retrieves a pointer to "checker's" Check callback function and puts it in
* "pCallback".
*
* PARAMETERS:
* "checker"
* The CertChainChecker whose Check callback is desired. Must be non-NULL.
* "pCallback"
* Address where Check callback function pointer will be stored.
* Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertChainChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CertChainChecker_GetCheckCallback(
PKIX_CertChainChecker *checker,
PKIX_CertChainChecker_CheckCallback *pCallback,
void *plContext);
/*
* FUNCTION: PKIX_CertChainChecker_IsForwardCheckingSupported
* DESCRIPTION:
*
* Checks whether forward checking is supported by the CertChainChecker
* pointed to by "checker" and stores the Boolean result at
* "pForwardCheckingSupported".
*
* A CertChainChecker may be presented certificates in the "reverse"
* direction (from trust anchor to target) or in the "forward" direction
* (from target to trust anchor). All CertChainCheckers must support
* "reverse checking", while support for "forward checking" is optional. This
* function is used to determine whether forward checking is supported.
*
* PARAMETERS:
* "checker"
* The CertChainChecker whose ability to validate certificates in the
* "forward" direction is to be checked. Must be non-NULL.
* "pForwardCheckingSupported"
* Destination of the Boolean result. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertChainChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CertChainChecker_IsForwardCheckingSupported(
PKIX_CertChainChecker *checker,
PKIX_Boolean *pForwardCheckingSupported,
void *plContext);
/*
* FUNCTION: PKIX_CertChainChecker_IsForwardDirectionExpected
* DESCRIPTION:
*
* Checks whether the CertChainChecker pointed to by "checker" has been
* initialized to expect the certificates to be presented in the "forward"
* direction and stores the Boolean result at "pForwardDirectionExpected".
*
* A CertChainChecker may be presented certificates in the "reverse"
* direction (from trust anchor to target) or in the "forward" direction
* (from target to trust anchor). All CertChainCheckers must support
* "reverse checking", while support for "forward checking" is optional. This
* function is used to determine in which direction the CertChainChecker
* expects the certificates to be presented.
*
* PARAMETERS:
* "checker"
* The CertChainChecker that has been initialized to expect certificates
* in either the "forward" or "reverse" directions. Must be non-NULL.
* "pForwardDirectionExpected"
* Destination of the Boolean result. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertChainChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CertChainChecker_IsForwardDirectionExpected(
PKIX_CertChainChecker *checker,
PKIX_Boolean *pForwardDirectionExpected,
void *plContext);
/*
* FUNCTION: PKIX_CertChainChecker_GetSupportedExtensions
* DESCRIPTION:
*
* Retrieves a pointer to a List of OIDs (each OID corresponding to a
* certificate extension supported by the CertChainChecker pointed to by
* "checker") and stores it at "pExtensions". All certificate extensions that
* the CertChainChecker might possibly recognize and be able to process
* should be included in the List of supported extensions. If "checker" does
* not recognize or process any certificate extensions, this function stores
* NULL at "pExtensions".
*
* Note that the List returned by this function is immutable.
*
* PARAMETERS:
* "checker"
* Address of CertChainChecker whose supported extension OIDs are to be
* stored. Must be non-NULL.
* "pExtensions"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertChainChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CertChainChecker_GetSupportedExtensions(
PKIX_CertChainChecker *checker,
PKIX_List **pExtensions, /* list of PKIX_PL_OID */
void *plContext);
/*
* FUNCTION: PKIX_CertChainChecker_GetCertChainCheckerState
* DESCRIPTION:
*
* Retrieves a pointer to a PKIX_PL_Object representing the internal state
* (if any) of the CertChainChecker pointed to by "checker" and stores it at
* "pCertChainCheckerState".
*
* PARAMETERS:
* "checker"
* Address of CertChainChecker whose state is to be stored.
* Must be non-NULL.
* "pCertChainCheckerState"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertChainChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CertChainChecker_GetCertChainCheckerState(
PKIX_CertChainChecker *checker,
PKIX_PL_Object **pCertChainCheckerState,
void *plContext);
/*
* FUNCTION: PKIX_CertChainChecker_SetCertChainCheckerState
* DESCRIPTION:
*
* Sets the internal state of the CertChainChecker pointed to by "checker"
* using the Object pointed to by "certChainCheckerState". If "checker" needs
* a NULL internal state, "certChainCheckerState" should be set to NULL.
*
* PARAMETERS:
* "checker"
* Address of CertChainChecker whose state is to be set. Must be non-NULL.
* "certChainCheckerState"
* Address of Object representing internal state.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe - assumes exclusive access to "checker"
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertChainChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CertChainChecker_SetCertChainCheckerState(
PKIX_CertChainChecker *checker,
PKIX_PL_Object *certChainCheckerState,
void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_CHECKER_H */

698
security/nss/lib/libpkix/include/pkix_crlsel.h Executable file
Просмотреть файл

@ -0,0 +1,698 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* This file defines functions associated with the PKIX_CRLSelector and the
* PKIX_ComCRLSelParams types.
*
*/
#ifndef _PKIX_CRLSEL_H
#define _PKIX_CRLSEL_H
#include "pkixt.h"
#ifdef __cplusplus
extern "C" {
#endif
/* General
*
* Please refer to the libpkix Programmer's Guide for detailed information
* about how to use the libpkix library. Certain key warnings and notices from
* that document are repeated here for emphasis.
*
* All identifiers in this file (and all public identifiers defined in
* libpkix) begin with "PKIX_". Private identifiers only intended for use
* within the library begin with "pkix_".
*
* A function returns NULL upon success, and a PKIX_Error pointer upon failure.
*
* Unless otherwise noted, for all accessor (gettor) functions that return a
* PKIX_PL_Object pointer, callers should assume that this pointer refers to a
* shared object. Therefore, the caller should treat this shared object as
* read-only and should not modify this shared object. When done using the
* shared object, the caller should release the reference to the object by
* using the PKIX_PL_Object_DecRef function.
*
* While a function is executing, if its arguments (or anything referred to by
* its arguments) are modified, free'd, or destroyed, the function's behavior
* is undefined.
*
*/
/* PKIX_CRLSelector
*
* PKIX_CRLSelectors provide a standard way for the caller to select CRLs
* based on particular criteria. A CRLSelector is typically used by libpkix
* to retrieve CRLs from a CertStore during certificate chain validation or
* building. (see pkix_certstore.h) For example, the caller may wish to only
* select those CRLs that have a particular issuer or a particular value for a
* private CRL extension. The MatchCallback allows the caller to specify the
* custom matching logic to be used by a CRLSelector.
* By default, the MatchCallback is set to point to the default implementation
* provided by libpkix, which understands how to process the most common
* parameters. If the default implementation is used, the caller should set
* these common parameters using PKIX_CRLSelector_SetCommonCRLSelectorParams.
* Any common parameter that is not set is assumed to be disabled, which means
* the default MatchCallback implementation will select all CRLs without
* regard to that particular disabled parameter. For example, if the
* MaxCRLNumber parameter is not set, MatchCallback will not filter out any
* CRL based on its CRL number. As such, if no parameters are set, all are
* disabled and any CRL will match. If a parameter is disabled, its associated
* PKIX_ComCRLSelParams_Get* function returns a default value of NULL.
*
* If a custom implementation is desired, the default implementation can be
* overridden by calling PKIX_CRLSelector_SetMatchCallback. In this case, the
* CRLSelector can be initialized with a crlSelectorContext, which is where
* the caller can specify the desired parameters the caller wishes to match
* against. Note that this crlSelectorContext must be a PKIX_PL_Object,
* allowing it to be reference-counted and allowing it to provide the standard
* PKIX_PL_Object functions (Equals, Hashcode, ToString, Compare, Duplicate).
*
*/
/*
* FUNCTION: PKIX_CRLSelector_MatchCallback
* DESCRIPTION:
*
* This callback function determines whether the specified CRL pointed to by
* "crl" matches the criteria of the CRLSelector pointed to by "selector".
* If the CRL matches the CRLSelector's criteria, PKIX_TRUE is stored at
* "pMatch". Otherwise PKIX_FALSE is stored at "pMatch".
*
* PARAMETERS:
* "selector"
* Address of CRLSelector whose MatchCallback logic and parameters are
* to be used. Must be non-NULL.
* "crl"
* Address of CRL that is to be matched using "selector". Must be non-NULL.
* "pMatch"
* Address at which Boolean result is stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe
*
* Multiple threads must be able to safely call this function without
* worrying about conflicts, even if they're operating on the same objects.
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
typedef PKIX_Error *
(*PKIX_CRLSelector_MatchCallback)(
PKIX_CRLSelector *selector,
PKIX_PL_CRL *crl,
PKIX_Boolean *pMatch,
void *plContext);
/*
* FUNCTION: PKIX_CRLSelector_Create
* DESCRIPTION:
*
* Creates a new CRLSelector using the Object pointed to by
* "crlSelectorContext" (if any) and stores it at "pSelector". As noted
* above, by default, the MatchCallback is set to point to the default
* implementation provided by libpkix, which understands how to process
* ComCRLSelParams. This is overridden if the MatchCallback pointed to by
* "callback" is not NULL, in which case the parameters are specified using
* the Object pointed to by "crlSelectorContext".
*
* PARAMETERS:
* "callback"
* The MatchCallback function to be used.
* "crlSelectorContext"
* Address of Object representing the CRLSelector's context (if any).
* "pSelector"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CRLSelector_Create(
PKIX_CRLSelector_MatchCallback callback,
PKIX_PL_Object *crlSelectorContext,
PKIX_CRLSelector **pSelector,
void *plContext);
/*
* FUNCTION: PKIX_CRLSelector_GetMatchCallback
* DESCRIPTION:
*
* Retrieves a pointer to "selector's" Match callback function and puts it in
* "pCallback".
*
* PARAMETERS:
* "selector"
* The CRLSelector whose Match callback is desired. Must be non-NULL.
* "pCallback"
* Address where Match callback function pointer will be stored.
* Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CRLSelector_GetMatchCallback(
PKIX_CRLSelector *selector,
PKIX_CRLSelector_MatchCallback *pCallback,
void *plContext);
/*
* FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext
* DESCRIPTION:
*
* Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
* of the CRLSelector pointed to by "selector" and stores it at
* "pCRLSelectorContext".
*
* PARAMETERS:
* "selector"
* Address of CRLSelector whose context is to be stored. Must be non-NULL.
* "pCRLSelectorContext"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CRLSelector_GetCRLSelectorContext(
PKIX_CRLSelector *selector,
void **pCRLSelectorContext,
void *plContext);
/*
* FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams
* DESCRIPTION:
*
* Retrieves a pointer to the ComCRLSelParams object that represent the common
* parameters of the CRLSelector pointed to by "selector" and stores it at
* "pCommonCRLSelectorParams". If there are no common parameters stored with
* the CRLSelector, this function stores NULL at "pCommonCRLSelectorParams".
*
* PARAMETERS:
* "selector"
* Address of CRLSelector whose ComCRLSelParams are to be stored.
* Must be non-NULL.
* "pCommonCRLSelectorParams"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CRLSelector_GetCommonCRLSelectorParams(
PKIX_CRLSelector *selector,
PKIX_ComCRLSelParams **pCommonCRLSelectorParams,
void *plContext);
/*
* FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams
* DESCRIPTION:
*
* Sets the common parameters for the CRLSelector pointed to by "selector"
* using the ComCRLSelParams pointed to by "commonCRLSelectorParams".
*
* PARAMETERS:
* "selector"
* Address of CRLSelector whose common parameters are to be set.
* Must be non-NULL.
* "commonCRLSelectorParams"
* Address of ComCRLSelParams representing the common parameters.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe - assumes exclusive access to "selector"
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_CRLSelector_SetCommonCRLSelectorParams(
PKIX_CRLSelector *selector,
PKIX_ComCRLSelParams *commonCRLSelectorParams,
void *plContext);
/* PKIX_ComCRLSelParams
*
* PKIX_ComCRLSelParams are X.509 parameters commonly used with CRLSelectors,
* especially determining which CRLs to retrieve from a CertStore.
* PKIX_ComCRLSelParams are typically used with those CRLSelectors that use
* the default implementation of MatchCallback, which understands how to
* process ComCRLSelParams.
*/
/*
* FUNCTION: PKIX_ComCRLSelParams_Create
* DESCRIPTION:
*
* Creates a new ComCRLSelParams object and stores it at "pParams".
*
* PARAMETERS:
* "pParams"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_ComCRLSelParams_Create(
PKIX_ComCRLSelParams **pParams,
void *plContext);
/*
* FUNCTION: PKIX_ComCRLSelParams_GetIssuerNames
* DESCRIPTION:
*
* Retrieves a pointer to the List of X500Names (if any) representing the
* issuer names criterion that is set in the ComCRLSelParams pointed to by
* "params" and stores it at "pNames". In order to match against this
* criterion, a CRL's IssuerName must match at least one of the criterion's
* issuer names.
*
* If "params" does not have this criterion set, this function stores NULL at
* "pNames", in which case all CRLs are considered to match.
*
* Note that the List returned by this function is immutable.
*
* PARAMETERS:
* "params"
* Address of ComCRLSelParams whose issuer names criterion (if any) is to
* be stored. Must be non-NULL.
* "pNames"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_ComCRLSelParams_GetIssuerNames(
PKIX_ComCRLSelParams *params,
PKIX_List **pNames, /* list of PKIX_PL_X500Name */
void *plContext);
/*
* FUNCTION: PKIX_ComCRLSelParams_SetIssuerNames
* DESCRIPTION:
*
* Sets the issuer names criterion of the ComCRLSelParams pointed to by
* "params" using a List of X500Names pointed to by "names". In order to match
* against this criterion, a CRL's IssuerName must match at least one of the
* criterion's issuer names.
*
* PARAMETERS:
* "params"
* Address of ComCRLSelParamsParams whose issuer names criterion is to be
* set. Must be non-NULL.
* "names"
* Address of List of X500Names used to set the criterion
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe - assumes exclusive access to "params"
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_ComCRLSelParams_SetIssuerNames(
PKIX_ComCRLSelParams *params,
PKIX_List *names, /* list of PKIX_PL_X500Name */
void *plContext);
/*
* FUNCTION: PKIX_ComCRLSelParams_AddIssuerName
* DESCRIPTION:
*
* Adds to the issuer names criterion of the ComCRLSelParams pointed to by
* "params" using the X500Name pointed to by "name". In order to match
* against this criterion, a CRL's IssuerName must match at least one of the
* criterion's issuer names.
*
* PARAMETERS:
* "params"
* Address of ComCRLSelParams whose issuer names criterion is to be added
* to. Must be non-NULL.
* "name"
* Address of X500Name to be added.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe - assumes exclusive access to "params"
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_ComCRLSelParams_AddIssuerName(
PKIX_ComCRLSelParams *params,
PKIX_PL_X500Name *name,
void *plContext);
/*
* FUNCTION: PKIX_ComCRLSelParams_GetCertificateChecking
* DESCRIPTION:
*
* Retrieves a pointer to the Cert (if any) representing the certificate whose
* revocation status is being checked. This is not a criterion. It is simply
* optional information that may help a CertStore find relevant CRLs.
*
* If "params" does not have a certificate set, this function stores NULL at
* "pCert", in which case there is no optional information to provide.
*
* PARAMETERS:
* "params"
* Address of ComCRLSelParams whose certificate being checked (if any) is
* to be stored. Must be non-NULL.
* "pCert"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_ComCRLSelParams_GetCertificateChecking(
PKIX_ComCRLSelParams *params,
PKIX_PL_Cert **pCert,
void *plContext);
/*
* FUNCTION: PKIX_ComCRLSelParams_SetCertificateChecking
* DESCRIPTION:
*
* Sets the ComCRLSelParams pointed to by "params" with the certificate
* (pointed to by "cert") whose revocation status is being checked. This is
* not a criterion. It is simply optional information that may help a
* CertStore find relevant CRLs.
*
* PARAMETERS:
* "params"
* Address of ComCRLSelParams whose certificate being checked is to be
* set. Must be non-NULL.
* "cert"
* Address of Cert whose revocation status is being checked
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe - assumes exclusive access to "params"
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_ComCRLSelParams_SetCertificateChecking(
PKIX_ComCRLSelParams *params,
PKIX_PL_Cert *cert,
void *plContext);
/*
* FUNCTION: PKIX_ComCRLSelParams_GetDateAndTime
* DESCRIPTION:
*
* Retrieves a pointer to the Date (if any) representing the dateAndTime
* criterion that is set in the ComCRLSelParams pointed to by "params" and
* stores it at "pDate". In order to match against this criterion, a CRL's
* thisUpdate component must be less than or equal to the criterion's
* dateAndTime and the CRL's nextUpdate component must be later than the
* criterion's dateAndTime. There is no match if the CRL does not contain a
* nextUpdate component.
*
* If "params" does not have this criterion set, this function stores NULL at
* "pDate", in which case all CRLs are considered to match.
*
* PARAMETERS:
* "params"
* Address of ComCRLSelParams whose dateAndTime criterion (if any) is to
* be stored. Must be non-NULL.
* "pDate"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_ComCRLSelParams_GetDateAndTime(
PKIX_ComCRLSelParams *params,
PKIX_PL_Date **pDate,
void *plContext);
/*
* FUNCTION: PKIX_ComCRLSelParams_SetDateAndTime
* DESCRIPTION:
*
* Sets the dateAndTime criterion of the ComCRLSelParams pointed to by
* "params" using a Date pointed to by "date". In order to match against this
* criterion, a CRL's thisUpdate component must be less than or equal to the
* criterion's dateAndTime and the CRL's nextUpdate component must be later
* than the criterion's dateAndTime. There is no match if the CRL does not
* contain a nextUpdate component.
*
* PARAMETERS:
* "params"
* Address of ComCRLSelParamsParams whose dateAndTime criterion is to be
* set. Must be non-NULL.
* "date"
* Address of Date used to set the criterion
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe - assumes exclusive access to "params"
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_ComCRLSelParams_SetDateAndTime(
PKIX_ComCRLSelParams *params,
PKIX_PL_Date *date,
void *plContext);
/*
* FUNCTION: PKIX_ComCRLSelParams_GetMaxCRLNumber
* DESCRIPTION:
*
* Retrieves a pointer to the BigInt (if any) representing the maxCRLNumber
* criterion that is set in the ComCRLSelParams pointed to by "params" and
* stores it at "pNumber". In order to match against this criterion, a CRL
* must have a CRL number extension whose value is less than or equal to the
* criterion's value.
*
* If "params" does not have this criterion set, this function stores NULL at
* "pNumber", in which case all CRLs are considered to match.
*
* PARAMETERS:
* "params"
* Address of ComCRLSelParams whose maxCRLNumber criterion (if any) is to
* be stored. Must be non-NULL.
* "pNumber"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_ComCRLSelParams_GetMaxCRLNumber(
PKIX_ComCRLSelParams *params,
PKIX_PL_BigInt **pNumber,
void *plContext);
/*
* FUNCTION: PKIX_ComCRLSelParams_SetMaxCRLNumber
* DESCRIPTION:
*
* Sets the maxCRLNumber criterion of the ComCRLSelParams pointed to by
* "params" using a BigInt pointed to by "number". In order to match against
* this criterion, a CRL must have a CRL number extension whose value is less
* than or equal to the criterion's value.
*
* PARAMETERS:
* "params"
* Address of ComCRLSelParamsParams whose maxCRLNumber criterion is to be
* set. Must be non-NULL.
* "number"
* Address of BigInt used to set the criterion
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe - assumes exclusive access to "params"
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_ComCRLSelParams_SetMaxCRLNumber(
PKIX_ComCRLSelParams *params,
PKIX_PL_BigInt *number,
void *plContext);
/*
* FUNCTION: PKIX_ComCRLSelParams_GetMinCRLNumber
* DESCRIPTION:
*
* Retrieves a pointer to the BigInt (if any) representing the minCRLNumber
* criterion that is set in the ComCRLSelParams pointed to by "params" and
* stores it at "pNumber". In order to match against this criterion, a CRL
* must have a CRL number extension whose value is greater than or equal to
* the criterion's value.
*
* If "params" does not have this criterion set, this function stores NULL at
* "pNumber", in which case all CRLs are considered to match.
*
* PARAMETERS:
* "params"
* Address of ComCRLSelParams whose minCRLNumber criterion (if any) is to
* be stored. Must be non-NULL.
* "pNumber"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_ComCRLSelParams_GetMinCRLNumber(
PKIX_ComCRLSelParams *params,
PKIX_PL_BigInt **pNumber,
void *plContext);
/*
* FUNCTION: PKIX_ComCRLSelParams_SetMinCRLNumber
* DESCRIPTION:
*
* Sets the minCRLNumber criterion of the ComCRLSelParams pointed to by
* "params" using a BigInt pointed to by "number". In order to match against
* this criterion, a CRL must have a CRL number extension whose value is
* greater than or equal to the criterion's value.
*
* PARAMETERS:
* "params"
* Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be
* set. Must be non-NULL.
* "number"
* Address of BigInt used to set the criterion
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe - assumes exclusive access to "params"
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_ComCRLSelParams_SetMinCRLNumber(
PKIX_ComCRLSelParams *params,
PKIX_PL_BigInt *number,
void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_CRLSEL_H */

1041
security/nss/lib/libpkix/include/pkix_errorstrings.h Executable file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

1750
security/nss/lib/libpkix/include/pkix_params.h Executable file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

2504
security/nss/lib/libpkix/include/pkix_pl_pki.h Executable file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

1570
security/nss/lib/libpkix/include/pkix_pl_system.h Executable file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

458
security/nss/lib/libpkix/include/pkix_results.h Executable file
Просмотреть файл

@ -0,0 +1,458 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* This file defines functions associated with the results used
* by the top-level functions.
*
*/
#ifndef _PKIX_RESULTS_H
#define _PKIX_RESULTS_H
#include "pkixt.h"
#ifdef __cplusplus
extern "C" {
#endif
/* General
*
* Please refer to the libpkix Programmer's Guide for detailed information
* about how to use the libpkix library. Certain key warnings and notices from
* that document are repeated here for emphasis.
*
* All identifiers in this file (and all public identifiers defined in
* libpkix) begin with "PKIX_". Private identifiers only intended for use
* within the library begin with "pkix_".
*
* A function returns NULL upon success, and a PKIX_Error pointer upon failure.
*
* Unless otherwise noted, for all accessor (gettor) functions that return a
* PKIX_PL_Object pointer, callers should assume that this pointer refers to a
* shared object. Therefore, the caller should treat this shared object as
* read-only and should not modify this shared object. When done using the
* shared object, the caller should release the reference to the object by
* using the PKIX_PL_Object_DecRef function.
*
* While a function is executing, if its arguments (or anything referred to by
* its arguments) are modified, free'd, or destroyed, the function's behavior
* is undefined.
*
*/
/* PKIX_ValidateResult
*
* PKIX_ValidateResult represents the result of a PKIX_ValidateChain call. It
* consists of the valid policy tree and public key resulting from validation,
* as well as the trust anchor used for this chain. Once created, a
* ValidateResult object is immutable.
*/
/*
* FUNCTION: PKIX_ValidateResult_GetPolicyTree
* DESCRIPTION:
*
* Retrieves the PolicyNode component (representing the valid_policy_tree)
* from the ValidateResult object pointed to by "result" and stores it at
* "pPolicyTree".
*
* PARAMETERS:
* "result"
* Address of ValidateResult whose policy tree is to be stored. Must be
* non-NULL.
* "pPolicyTree"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Result Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_ValidateResult_GetPolicyTree(
PKIX_ValidateResult *result,
PKIX_PolicyNode **pPolicyTree,
void *plContext);
/*
* FUNCTION: PKIX_ValidateResult_GetPublicKey
* DESCRIPTION:
*
* Retrieves the PublicKey component (representing the valid public_key) of
* the ValidateResult object pointed to by "result" and stores it at
* "pPublicKey".
*
* PARAMETERS:
* "result"
* Address of ValidateResult whose public key is to be stored.
* Must be non-NULL.
* "pPublicKey"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Result Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_ValidateResult_GetPublicKey(
PKIX_ValidateResult *result,
PKIX_PL_PublicKey **pPublicKey,
void *plContext);
/*
* FUNCTION: PKIX_ValidateResult_GetTrustAnchor
* DESCRIPTION:
*
* Retrieves the TrustAnchor component (representing the trust anchor used
* during chain validation) of the ValidateResult object pointed to by
* "result" and stores it at "pTrustAnchor".
*
* PARAMETERS:
* "result"
* Address of ValidateResult whose trust anchor is to be stored.
* Must be non-NULL.
* "pTrustAnchor"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Result Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_ValidateResult_GetTrustAnchor(
PKIX_ValidateResult *result,
PKIX_TrustAnchor **pTrustAnchor,
void *plContext);
/* PKIX_BuildResult
*
* PKIX_BuildResult represents the result of a PKIX_BuildChain call. It
* consists of a ValidateResult object, as well as the built and validated
* CertChain. Once created, a BuildResult object is immutable.
*/
/*
* FUNCTION: PKIX_BuildResult_GetValidateResult
* DESCRIPTION:
*
* Retrieves the ValidateResult component (representing the build's validate
* result) of the BuildResult object pointed to by "result" and stores it at
* "pResult".
*
* PARAMETERS:
* "result"
* Address of BuildResult whose ValidateResult component is to be stored.
* Must be non-NULL.
* "pResult"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Result Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_BuildResult_GetValidateResult(
PKIX_BuildResult *result,
PKIX_ValidateResult **pResult,
void *plContext);
/*
* FUNCTION: PKIX_BuildResult_GetCertChain
* DESCRIPTION:
*
* Retrieves the List of Certs (certChain) component (representing the built
* and validated CertChain) of the BuildResult object pointed to by "result"
* and stores it at "pChain".
*
* PARAMETERS:
* "result"
* Address of BuildResult whose CertChain component is to be stored.
* Must be non-NULL.
* "pChain"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Result Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_BuildResult_GetCertChain(
PKIX_BuildResult *result,
PKIX_List **pChain,
void *plContext);
/* PKIX_PolicyNode
*
* PKIX_PolicyNode represents a node in the policy tree returned in
* ValidateResult. The policy tree is the same length as the validated
* certificate chain and the nodes are associated with a particular depth
* (corresponding to a particular certificate in the chain).
* PKIX_ValidateResult_GetPolicyTree returns the root node of the valid policy
* tree. Other nodes can be accessed using the getChildren and getParents
* functions, and individual elements of a node can be accessed with the
* appropriate gettors. Once created, a PolicyNode is immutable.
*/
/*
* FUNCTION: PKIX_PolicyNode_GetChildren
* DESCRIPTION:
*
* Retrieves the List of PolicyNodes representing the child nodes of the
* Policy Node pointed to by "node" and stores it at "pChildren". If "node"
* has no child nodes, this function stores an empty List at "pChildren".
*
* Note that the List returned by this function is immutable.
*
* PARAMETERS:
* "node"
* Address of PolicyNode whose child nodes are to be stored.
* Must be non-NULL.
* "pChildren"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Result Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_PolicyNode_GetChildren(
PKIX_PolicyNode *node,
PKIX_List **pChildren, /* list of PKIX_PolicyNode */
void *plContext);
/*
* FUNCTION: PKIX_PolicyNode_GetParent
* DESCRIPTION:
*
* Retrieves the PolicyNode representing the parent node of the PolicyNode
* pointed to by "node" and stores it at "pParent". If "node" has no parent
* node, this function stores NULL at "pParent".
*
* PARAMETERS:
* "node"
* Address of PolicyNode whose parent node is to be stored.
* Must be non-NULL.
* "pParent"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Result Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_PolicyNode_GetParent(
PKIX_PolicyNode *node,
PKIX_PolicyNode **pParent,
void *plContext);
/*
* FUNCTION: PKIX_PolicyNode_GetValidPolicy
* DESCRIPTION:
*
* Retrieves the OID representing the valid policy of the PolicyNode pointed
* to by "node" and stores it at "pValidPolicy".
*
* PARAMETERS:
* "node"
* Address of PolicyNode whose valid policy is to be stored.
* Must be non-NULL.
* "pValidPolicy"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Result Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_PolicyNode_GetValidPolicy(
PKIX_PolicyNode *node,
PKIX_PL_OID **pValidPolicy,
void *plContext);
/*
* FUNCTION: PKIX_PolicyNode_GetPolicyQualifiers
* DESCRIPTION:
*
* Retrieves the List of CertPolicyQualifiers representing the policy
* qualifiers associated with the PolicyNode pointed to by "node" and stores
* it at "pQualifiers". If "node" has no policy qualifiers, this function
* stores an empty List at "pQualifiers".
*
* Note that the List returned by this function is immutable.
*
* PARAMETERS:
* "node"
* Address of PolicyNode whose policy qualifiers are to be stored.
* Must be non-NULL.
* "pQualifiers"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Result Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_PolicyNode_GetPolicyQualifiers(
PKIX_PolicyNode *node,
PKIX_List **pQualifiers, /* list of PKIX_PL_CertPolicyQualifier */
void *plContext);
/*
* FUNCTION: PKIX_PolicyNode_GetExpectedPolicies
* DESCRIPTION:
*
* Retrieves the List of OIDs representing the expected policies associated
* with the PolicyNode pointed to by "node" and stores it at "pExpPolicies".
*
* Note that the List returned by this function is immutable.
*
* PARAMETERS:
* "node"
* Address of PolicyNode whose expected policies are to be stored.
* Must be non-NULL.
* "pExpPolicies"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Result Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_PolicyNode_GetExpectedPolicies(
PKIX_PolicyNode *node,
PKIX_List **pExpPolicies, /* list of PKIX_PL_OID */
void *plContext);
/*
* FUNCTION: PKIX_PolicyNode_IsCritical
* DESCRIPTION:
*
* Checks the criticality field of the PolicyNode pointed to by "node" and
* stores the Boolean result at "pCritical".
*
* PARAMETERS:
* "node"
* Address of PolicyNode whose criticality field is examined.
* Must be non-NULL.
* "pCritical"
* Address where Boolean will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Result Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_PolicyNode_IsCritical(
PKIX_PolicyNode *node,
PKIX_Boolean *pCritical,
void *plContext);
/*
* FUNCTION: PKIX_PolicyNode_GetDepth
* DESCRIPTION:
*
* Retrieves the depth component of the PolicyNode pointed to by "node" and
* stores it at "pDepth".
*
* PARAMETERS:
* "node"
* Address of PolicyNode whose depth component is to be stored.
* Must be non-NULL.
* "pDepth"
* Address where PKIX_UInt32 will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Result Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_PolicyNode_GetDepth(
PKIX_PolicyNode *node,
PKIX_UInt32 *pDepth,
void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_RESULTS_H */

268
security/nss/lib/libpkix/include/pkix_revchecker.h Executable file
Просмотреть файл

@ -0,0 +1,268 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* This file defines functions associated with the PKIX_RevocationChecker
* type.
*
*/
#ifndef _PKIX_REVCHECKER_H
#define _PKIX_REVCHECKER_H
#include "pkixt.h"
#ifdef __cplusplus
extern "C" {
#endif
/* General
*
* Please refer to the libpkix Programmer's Guide for detailed information
* about how to use the libpkix library. Certain key warnings and notices from
* that document are repeated here for emphasis.
*
* All identifiers in this file (and all public identifiers defined in
* libpkix) begin with "PKIX_". Private identifiers only intended for use
* within the library begin with "pkix_".
*
* A function returns NULL upon success, and a PKIX_Error pointer upon failure.
*
* Unless otherwise noted, for all accessor (gettor) functions that return a
* PKIX_PL_Object pointer, callers should assume that this pointer refers to a
* shared object. Therefore, the caller should treat this shared object as
* read-only and should not modify this shared object. When done using the
* shared object, the caller should release the reference to the object by
* using the PKIX_PL_Object_DecRef function.
*
* While a function is executing, if its arguments (or anything referred to by
* its arguments) are modified, free'd, or destroyed, the function's behavior
* is undefined.
*
*/
/* PKIX_RevocationChecker
*
* PKIX_RevocationCheckers provide a standard way for the caller to insert
* their own custom revocation checks to verify the revocation status of
* certificates. This may be useful in many scenarios, including when the
* caller wishes to use their own revocation checking mechanism instead of (or
* in addition to) the default revocation checking mechanism provided by
* libpkix, which uses CRLs. The RevCallback allows custom revocation checking
* to take place. Additionally, the RevocationChecker can be initialized with
* a revCheckerContext, which is where the caller can specify configuration
* data such as the IP address of a revocation server. Note that this
* revCheckerContext must be a PKIX_PL_Object, allowing it to be
* reference-counted and allowing it to provide the standard PKIX_PL_Object
* functions (Equals, Hashcode, ToString, Compare, Duplicate).
*
* Once the caller has created the RevocationChecker object(s), the caller
* then specifies the RevocationChecker object(s) in a ProcessingParams object
* and passes that object to PKIX_ValidateChain or PKIX_BuildChain, which uses
* the objects to call the user's callback functions as needed during the
* validation or building process.
*
* Note that if multiple revocation checkers are added, the order is
* important, in that each revocation checker will be called sequentially
* until the revocation status can be determined or all the revocation checkers
* have been called. Also note that the default CRL revocation checker will
* always be called last after all the custom revocation checkers have been
* called. This default CRL revocation checking can be disabled by calling
* PKIX_ProcessingParams_SetRevocationEnabled with a Boolean parameter of
* PKIX_FALSE. This will ONLY disable the CRL revocation checker, not the
* custom RevocationCheckers specified by the caller.
*
* For example, assume the caller specifies an OCSP RevocationChecker in the
* ProcessingParams object. Let's look at two scenarios:
*
* 1) SetRevocationEnabled(PKIX_FALSE)
*
* The OCSP RevocationChecker will be used. If it is unable to determine
* whether the certificate has been revoked (perhaps the network is down),
* the revocation check fails safe and the certificate is rejected
* (assumed to be revoked).
*
* 2) SetRevocationEnabled(PKIX_TRUE)
* [This doesn't need to be called, since this is the default behavior]
*
* The OCSP RevocationChecker will be used first. If it is unable to
* determine whether the certificate has been revoked (perhaps the network
* is down), the default CRL revocation checker is used next. If it is
* also unable to determine whether the certificate has been revoked, the
* revocation check fails safe. Note that this is a useful scenario where
* the CRL check is only done if the OCSP check is unable to take place.
*/
/*
* FUNCTION: PKIX_RevocationChecker_RevCallback
* DESCRIPTION:
*
* This callback function determines the revocation status of the specified
* Cert pointed to by "cert" and stores it at "pResultCode". If a checker
* initiates non-blocking I/O, it stores a platform-dependent non-blocking
* I/O context at "pNBIOContext". A subsequent call with that same value on
* input allows the operation to continue. On completion, with no non-blocking
* I/O pending, NULL is stored at "pNBIOContext".
*
* PARAMETERS:
* "revCheckerContext"
* Address of RevocationCheckerContext for the RevocationChecker whose
* RevCallback logic is to be used. Must be non-NULL.
* "cert"
* Address of Cert whose revocation status is to be determined.
* Must be non-NULL.
* "procParams"
* Address of ProcessingParams used to initialize the checker.
* Must be non-NULL.
* "pNBIOContext"
* Address at which platform-dependent non-blocking I/O context is stored.
* Must be non-NULL.
* "pResultCode"
* Address where revocation status will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe
*
* Multiple threads must be able to safely call this function without
* worrying about conflicts, even if they're operating on the same objects.
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a RevocationChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
typedef PKIX_Error *
(*PKIX_RevocationChecker_RevCallback)(
PKIX_PL_Object *revCheckerContext,
PKIX_PL_Cert *cert,
PKIX_ProcessingParams *procParams,
void **pNBIOContext,
PKIX_UInt32 *pResultCode,
void *plContext);
/*
* FUNCTION: PKIX_RevocationChecker_Create
* DESCRIPTION:
*
* Creates a new RevocationChecker using the Object pointed to by
* "revCheckerContext" (if any) and stores it at "pRevChecker". The new
* RevocationChecker uses the RevCallback pointed to by "callback". Once
* created, a RevocationChecker is immutable.
* PARAMETERS:
* "callback"
* The RevCallback function to be used. Must be non-NULL.
* "revCheckerContext"
* Address of Object representing the RevocationChecker's context.
* "pRevChecker"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see THREAD SAFETY DEFINITIONS at top of file)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a RevocationChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_RevocationChecker_Create(
PKIX_RevocationChecker_RevCallback callback,
PKIX_PL_Object *revCheckerContext,
PKIX_RevocationChecker **pRevChecker,
void *plContext);
/*
* FUNCTION: PKIX_RevocationChecker_GetRevCallback
* DESCRIPTION:
*
* Retrieves a pointer to "revChecker's" Rev callback function and puts it in
* "pCallback".
*
* PARAMETERS:
* "revChecker"
* The RevocationChecker whose Rev callback is desired. Must be non-NULL.
* "pCallback"
* Address where Rev callback function pointer will be stored.
* Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see THREAD SAFETY DEFINITIONS at top of file)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a RevocationChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_RevocationChecker_GetRevCallback(
PKIX_RevocationChecker *revChecker,
PKIX_RevocationChecker_RevCallback *pCallback,
void *plContext);
/*
* FUNCTION: PKIX_RevocationChecker_GetRevCheckerContext
* DESCRIPTION:
*
* Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
* of the RevocationChecker pointed to by "revChecker" and stores it at
* "pRevCheckerContext".
*
* PARAMETERS:
* "revChecker"
* Address of RevocationChecker whose context is to be stored.
* Must be non-NULL.
* "pRevCheckerContext"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see THREAD SAFETY DEFINITIONS at top of file)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a RevocationChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_RevocationChecker_GetRevCheckerContext(
PKIX_RevocationChecker *revChecker,
PKIX_PL_Object **pRevCheckerContext,
void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_REVCHECKER_H */

428
security/nss/lib/libpkix/include/pkix_sample_modules.h Executable file
Просмотреть файл

@ -0,0 +1,428 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* This file defines functions associated with CertStore types.
*
*/
#ifndef _PKIX_SAMPLEMODULES_H
#define _PKIX_SAMPLEMODULES_H
#include "pkix_pl_common.h"
#ifdef __cplusplus
extern "C" {
#endif
/* General
*
* Please refer to the libpkix Programmer's Guide for detailed information
* about how to use the libpkix library. Certain key warnings and notices from
* that document are repeated here for emphasis.
*
* All identifiers in this file (and all public identifiers defined in
* libpkix) begin with "PKIX_". Private identifiers only intended for use
* within the library begin with "pkix_".
*
* A function returns NULL upon success, and a PKIX_Error pointer upon failure.
*
* Unless otherwise noted, for all accessor (gettor) functions that return a
* PKIX_PL_Object pointer, callers should assume that this pointer refers to a
* shared object. Therefore, the caller should treat this shared object as
* read-only and should not modify this shared object. When done using the
* shared object, the caller should release the reference to the object by
* using the PKIX_PL_Object_DecRef function.
*
* While a function is executing, if its arguments (or anything referred to by
* its arguments) are modified, free'd, or destroyed, the function's behavior
* is undefined.
*
*/
/* PKIX_PL_CollectionCertStore
*
* A PKIX_CollectionCertStore provides an example for showing how to retrieve
* certificates and CRLs from a repository, such as a directory in the system.
* It is expected the directory is an absolute directory which contains CRL
* and Cert data files. CRL files are expected to have the suffix of .crl
* and Cert files are expected to have the suffix of .crt .
*
* Once the caller has created the CollectionCertStoreContext object, the caller
* then can call pkix_pl_CollectionCertStore_GetCert or
* pkix_pl_CollectionCertStore_GetCRL to obtain Lists of PKIX_PL_Cert or
* PKIX_PL_CRL objects, respectively.
*/
/*
* FUNCTION: PKIX_PL_CollectionCertStore_Create
* DESCRIPTION:
*
* Creates a new CollectionCertStore and returns it at
* "pColCertStore".
*
* PARAMETERS:
* "storeDir"
* The absolute path where *.crl files are located.
* "pColCertStoreContext"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CollectionCertStoreContext Error if the function fails in
* a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_PL_CollectionCertStore_Create(
PKIX_PL_String *storeDir,
PKIX_CertStore **pCertStore,
void *plContext);
/* PKIX_PL_PK11CertStore
*
* A PKIX_PL_PK11CertStore retrieves certificates and CRLs from a PKCS11
* database. The directory that contains the cert8.db, key3.db, and secmod.db
* files that comprise a PKCS11 database are specified in NSS initialization.
*
* Once the caller has created the Pk11CertStore object, the caller can call
* pkix_pl_Pk11CertStore_GetCert or pkix_pl_Pk11CertStore_GetCert to obtain
* a List of PKIX_PL_Certs or PKIX_PL_CRL objects, respectively.
*/
/*
* FUNCTION: PKIX_PL_Pk11CertStore_Create
* DESCRIPTION:
*
* Creates a new Pk11CertStore and returns it at "pPk11CertStore".
*
* PARAMETERS:
* "pPk11CertStore"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertStore Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_PL_Pk11CertStore_Create(
PKIX_CertStore **pPk11CertStore,
void *plContext);
/* PKIX_PL_LdapCertStore
*
* A PKIX_PL_LdapCertStore retrieves certificates and CRLs from an LDAP server
* over a socket connection. It used the LDAP protocol as described in RFC1777.
*
* Once the caller has created the LdapCertStore object, the caller can call
* pkix_pl_LdapCertStore_GetCert or pkix_pl_LdapCertStore_GetCert to obtain
* a List of PKIX_PL_Certs or PKIX_PL_CRL objects, respectively.
*/
/*
* FUNCTION: PKIX_PL_LdapDefaultClient_Create
* DESCRIPTION:
*
* Creates an LdapDefaultClient using the PRNetAddr poined to by "sockaddr",
* with a timeout value of "timeout", and a BindAPI pointed to by "bindAPI";
* and stores the address of the default LdapClient at "pClient".
*
* At the time of this version, there are unresolved questions about the LDAP
* protocol. Although RFC1777 describes a BIND and UNBIND message, it is not
* clear whether they are appropriate to this application. We have tested only
* using servers that do not expect authentication, and that reject BIND
* messages. It is not clear what values might be appropriate for the bindname
* and authentication fields, which are currently implemented as char strings
* supplied by the caller. (If this changes, the API and possibly the templates
* will have to change.) Therefore the Client_Create API contains a BindAPI
* structure, a union, which will have to be revised and extended when this
* area of the protocol is better understood.
*
* PARAMETERS:
* "sockaddr"
* Address of the PRNetAddr to be used for the socket connection. Must be
* non-NULL.
* "timeout"
* The PRIntervalTime value to be used as a timeout value in socket calls;
* a zero value indicates non-blocking I/O is to be used.
* "bindAPI"
* The address of a BindAPI to be used if a BIND message is required. If
* this argument is NULL, no Bind (or Unbind) will be sent.
* "pClient"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertStore Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_PL_LdapDefaultClient_Create(
PRNetAddr *sockaddr,
PRIntervalTime timeout,
LDAPBindAPI *bindAPI,
PKIX_PL_LdapDefaultClient **pClient,
void *plContext);
/*
* FUNCTION: PKIX_PL_LdapDefaultClient_CreateByName
* DESCRIPTION:
*
* Creates an LdapDefaultClient using the hostname poined to by "hostname",
* with a timeout value of "timeout", and a BindAPI pointed to by "bindAPI";
* and stores the address of the default LdapClient at "pClient".
*
* At the time of this version, there are unresolved questions about the LDAP
* protocol. Although RFC1777 describes a BIND and UNBIND message, it is not
* clear whether they are appropriate to this application. We have tested only
* using servers that do not expect authentication, and that reject BIND
* messages. It is not clear what values might be appropriate for the bindname
* and authentication fields, which are currently implemented as char strings
* supplied by the caller. (If this changes, the API and possibly the templates
* will have to change.) Therefore the Client_Create API contains a BindAPI
* structure, a union, which will have to be revised and extended when this
* area of the protocol is better understood.
*
* PARAMETERS:
* "hostname"
* Address of the hostname to be used for the socket connection. Must be
* non-NULL.
* "timeout"
* The PRIntervalTime value to be used as a timeout value in socket calls;
* a zero value indicates non-blocking I/O is to be used.
* "bindAPI"
* The address of a BindAPI to be used if a BIND message is required. If
* this argument is NULL, no Bind (or Unbind) will be sent.
* "pClient"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertStore Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_PL_LdapDefaultClient_CreateByName(
char *hostname,
PRIntervalTime timeout,
LDAPBindAPI *bindAPI,
PKIX_PL_LdapDefaultClient **pClient,
void *plContext);
/*
* FUNCTION: PKIX_PL_LdapCertStore_Create
* DESCRIPTION:
*
* Creates a new LdapCertStore using the LdapClient pointed to by "client",
* and stores the address of the CertStore at "pCertStore".
*
* PARAMETERS:
* "client"
* Address of the LdapClient to be used. Must be non-NULL.
* "pCertStore"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertStore Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_PL_LdapCertStore_Create(
PKIX_PL_LdapClient *client,
PKIX_CertStore **pCertStore,
void *plContext);
/*
* FUNCTION: PKIX_PL_EkuChecker_Initialize
*
* DESCRIPTION:
* Create a CertChainChecker with EkuCheckerState.
*
* PARAMETERS
* "params"
* a PKIX_ProcessingParams links to PKIX_ComCertSelParams where a list of
* Extended Key Usage OIDs specified by application can be retrieved for
* verification.
* "plContext"
* Platform-specific context pointer.
*
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
*
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a UserDefinedModules Error if the function fails in a non-fatal
* way.
* Returns a Fatal Error
*/
PKIX_Error *
PKIX_PL_EkuChecker_Initialize(
PKIX_ProcessingParams *params,
void *plContext);
/*
* FUNCTION: PKIX_PL_EkuChecker_GetRequiredEku
*
* DESCRIPTION:
* This function retrieves application specified ExtenedKeyUsage(s) from
* ComCertSetparams and converts its OID representations to SECCertUsageEnum.
* The result is stored and returned in bit mask at "pRequiredExtKeyUsage".
*
* PARAMETERS
* "certSelector"
* a PKIX_CertSelector links to PKIX_ComCertSelParams where a list of
* Extended Key Usage OIDs specified by application can be retrieved for
* verification. Must be non-NULL.
* "pRequiredExtKeyUsage"
* Address where the result is returned. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
*
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
*
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a UserDefinedModules Error if the function fails in a non-fatal
* way.
* Returns a Fatal Error
*/
PKIX_Error *
pkix_pl_EkuChecker_GetRequiredEku(
PKIX_CertSelector *certSelector,
PKIX_UInt32 *pRequiredExtKeyUsage,
void *plContext);
/* PKIX_PL_NssContext
*
* A PKIX_PL_NssContext provides an example showing how the "plContext"
* argument, that is part of every libpkix function call, can be used.
* The "plContext" is the Portability Layer Context, which can be used
* to communicate layer-specific information from the application to the
* underlying Portability Layer (while bypassing the Portable Code, which
* blindly passes the plContext on to every function call).
*
* In this case, NSS serves as both the application and the Portability Layer.
* We define an NSS-specific structure, which includes an arena and a number
* of SECCertificateUsage bit flags encoded as a PKIX_UInt32. A third argument,
* wincx, is used on Windows platforms for PKCS11 access, and should be set to
* NULL for other platforms.
* Before calling any of the libpkix functions, the caller should create the NSS
* context, by calling PKIX_PL_NssContext_Create, and provide that NSS context
* as the "plContext" argument in every libpkix function call the caller makes.
* When the caller is finished using the NSS context (usually just after he
* calls PKIX_Shutdown), the caller should call PKIX_PL_NssContext_Destroy to
* free the NSS context structure.
*/
/*
* FUNCTION: PKIX_PL_NssContext_Create
* DESCRIPTION:
*
* Creates a new NssContext using the certificate usage(s) specified by
* "certUsage" and stores it at "pNssContext". This function also internally
* creates an arena and stores it as part of the NssContext structure. Unlike
* most other libpkix API functions, this function does not take a "plContext"
* parameter.
*
* PARAMETERS:
* "certUsage"
* The desired SECCertificateUsage(s).
* "useNssArena"
* Boolean flag indicates NSS Arena is used for memory allocation.
* "wincx"
* A Windows-dependent pointer for PKCS11 token handling.
* "pNssContext"
* Address where object pointer will be stored. Must be non-NULL.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Context Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_PL_NssContext_Create(
PKIX_UInt32 certificateUsage,
PKIX_Boolean useNssArena,
void *wincx,
void **pNssContext);
/*
* FUNCTION: PKIX_PL_NssContext_Destroy
* DESCRIPTION:
*
* Frees the structure pointed to by "nssContext" along with any of its
* associated memory. Unlike most other libpkix API functions, this function
* does not take a "plContext" parameter.
*
* PARAMETERS:
* "nssContext"
* Address of NssContext to be destroyed. Must be non-NULL.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Context Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_PL_NssContext_Destroy(
void *nssContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_SAMPLEMODULES_H */

947
security/nss/lib/libpkix/include/pkix_util.h Executable file
Просмотреть файл

@ -0,0 +1,947 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* These functions provide support for a number of other functions
* by creating and manipulating data structures used by those functions.
*
*/
#ifndef _PKIX_UTIL_H
#define _PKIX_UTIL_H
#include "pkixt.h"
#ifdef __cplusplus
extern "C" {
#endif
/* General
*
* Please refer to the libpkix Programmer's Guide for detailed information
* about how to use the libpkix library. Certain key warnings and notices from
* that document are repeated here for emphasis.
*
* All identifiers in this file (and all public identifiers defined in
* libpkix) begin with "PKIX_". Private identifiers only intended for use
* within the library begin with "pkix_".
*
* A function returns NULL upon success, and a PKIX_Error pointer upon failure.
*
* Unless otherwise noted, for all accessor (gettor) functions that return a
* PKIX_PL_Object pointer, callers should assume that this pointer refers to a
* shared object. Therefore, the caller should treat this shared object as
* read-only and should not modify this shared object. When done using the
* shared object, the caller should release the reference to the object by
* using the PKIX_PL_Object_DecRef function.
*
* While a function is executing, if its arguments (or anything referred to by
* its arguments) are modified, free'd, or destroyed, the function's behavior
* is undefined.
*
*/
/* PKIX_Logger
*
* PKIX_Loggers provide a standard way for the caller to insert custom logging
* facilities. These are used by libpkix to log errors, debug information,
* status, etc. The LogCallback allows custom logging to take place.
* Additionally, a Logger can be initialized with a loggerContext, which is
* where the caller can specify configuration data such as the name of a
* logfile or database. Note that this loggerContext must be a PKIX_PL_Object,
* allowing it to be reference-counted and allowing it to provide the standard
* PKIX_PL_Object functions (Equals, Hashcode, ToString, Compare, Duplicate).
*
* Once the caller has created the Logger object(s) (and set the loggerContext
* (if any) and the Log callback), the caller then registers these Loggers
* with the system by calling PKIX_SetLoggers or PKIX_AddLogger. All log
* entries will then be logged using the specified Loggers. If multiple
* Loggers are specified, every log entry will be logged with each of them.
*
* XXX Maybe give some guidance somewhere on how much detail each logging
* level should have and where component boundaries should be. Maybe in
* Implementor's Guide or Programmer's Guide.
*/
#define PKIX_LOGGER_LEVEL_TRACE 5
#define PKIX_LOGGER_LEVEL_DEBUG 4
#define PKIX_LOGGER_LEVEL_WARNING 3
#define PKIX_LOGGER_LEVEL_ERROR 2
#define PKIX_LOGGER_LEVEL_FATALERROR 1
#define PKIX_LOGGER_LEVEL_MAX 5
/*
* FUNCTION: PKIX_Logger_LogCallback
* DESCRIPTION:
*
* This callback function logs a log entry containing the String pointed to
* by "message", the integer value of logLevel, and the String pointed to by
* "logComponent". A log entry can be associated with a particular log
* level (i.e. level 3) and a particular log component (i.e. "CertStore").
* For example, someone reading the log may only be interested in very general
* log entries so they look only for log level 1. Similarly, they may only be
* interested in log entries pertaining to the CertStore component so they
* look only for that log component. This function can be used before calling
* PKIX_Initialize.
*
* PARAMETERS:
* "logger"
* Address of logger whose LogCallback is to be used. Must be non-NULL.
* "message"
* Address of String that is to be logged used "logger". Must be non-NULL.
* "logLevel"
* Integer value representing the log level for this entry. The higher the
* level, the more detail. Must be non-NULL.
* "logComponent"
* PKIXERRORNUM value (defined in pkixt.h) designating the log component
* for this entry.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe
*
* Multiple threads must be able to safely call this function without
* worrying about conflicts, even if they're operating on the same objects.
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Logger Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
typedef PKIX_Error *
(*PKIX_Logger_LogCallback)(
PKIX_Logger *logger,
PKIX_PL_String *message,
PKIX_UInt32 logLevel,
PKIX_ERRORNUM logComponent,
void *plContext);
/*
* FUNCTION: PKIX_Logger_Create
* DESCRIPTION:
*
* Creates a new Logger using the Object pointed to by "loggerContext"
* (if any) and stores it at "pLogger". The new Logger uses the LogCallback
* pointed to by "callback". The Logger's maximum logging level is initially
* set to a very high level and its logging component is set to NULL (all
* components).
*
* PARAMETERS:
* "callback"
* The LogCallback function to be used. Must be non-NULL.
* "loggerContext"
* Address of Object representing the Logger's context (if any).
* "pLogger"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Logger Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_Logger_Create(
PKIX_Logger_LogCallback callback,
PKIX_PL_Object *loggerContext,
PKIX_Logger **pLogger,
void *plContext);
/*
* FUNCTION: PKIX_Logger_GetLogCallback
* DESCRIPTION:
*
* Retrieves a pointer to "logger's" Log callback function and puts it in
* "pCallback".
*
* PARAMETERS:
* "logger"
* Address of Logger whose Log callback is desired. Must be non-NULL.
* "pCallback"
* Address where Log callback function pointer will be stored.
* Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Logger Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_Logger_GetLogCallback(
PKIX_Logger *logger,
PKIX_Logger_LogCallback *pCallback,
void *plContext);
/*
* FUNCTION: PKIX_Logger_GetLoggerContext
* DESCRIPTION:
*
* Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
* of the Logger pointed to by "logger" and stores it at "pLoggerContext".
*
* PARAMETERS:
* "logger"
* Address of Logger whose context is to be stored. Must be non-NULL.
* "pLoggerContext"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Logger Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_Logger_GetLoggerContext(
PKIX_Logger *logger,
PKIX_PL_Object **pLoggerContext,
void *plContext);
/*
* FUNCTION: PKIX_Logger_GetMaxLoggingLevel
* DESCRIPTION:
*
* Retrieves a pointer to a PKIX_UInt32 representing the maximum logging
* level of the Logger pointed to by "logger" and stores it at "pLevel". Only
* log entries whose log level is less than or equal to this maximum logging
* level will be logged.
*
* PARAMETERS:
* "logger"
* Address of Logger whose maximum logging level is to be stored.
* Must be non-NULL.
* "pLevel"
* Address where PKIX_UInt32 will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Logger Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_Logger_GetMaxLoggingLevel(
PKIX_Logger *logger,
PKIX_UInt32 *pLevel,
void *plContext);
/*
* FUNCTION: PKIX_Logger_SetMaxLoggingLevel
* DESCRIPTION:
*
* Sets the maximum logging level of the Logger pointed to by "logger" with
* the integer value of "level".
*
* PARAMETERS:
* "logger"
* Address of Logger whose maximum logging level is to be set.
* Must be non-NULL.
* "level"
* Maximum logging level to be set
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe - assumes exclusive access to "logger"
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Logger Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_Logger_SetMaxLoggingLevel(
PKIX_Logger *logger,
PKIX_UInt32 level,
void *plContext);
/*
* FUNCTION: PKIX_Logger_GetLoggingComponent
* DESCRIPTION:
*
* Retrieves a pointer to a String representing the logging component of the
* Logger pointed to by "logger" and stores it at "pComponent". Only log
* entries whose log component matches the specified logging component will
* be logged.
*
* PARAMETERS:
* "logger"
* Address of Logger whose logging component is to be stored.
* Must be non-NULL.
* "pComponent"
* Address where PKIXERRORNUM will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Logger Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_Logger_GetLoggingComponent(
PKIX_Logger *logger,
PKIX_ERRORNUM *pComponent,
void *plContext);
/*
* FUNCTION: PKIX_Logger_SetLoggingComponent
* DESCRIPTION:
*
* Sets the logging component of the Logger pointed to by "logger" with the
* PKIXERRORNUM pointed to by "component". To match a small set of components,
* create a Logger for each.
*
* PARAMETERS:
* "logger"
* Address of Logger whose logging component is to be set.
* Must be non-NULL.
* "component"
* PKIXERRORNUM value representing logging component to be set.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe - assumes exclusive access to "logger"
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Logger Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_Logger_SetLoggingComponent(
PKIX_Logger *logger,
PKIX_ERRORNUM component,
void *plContext);
/*
* FUNCTION: PKIX_GetLoggers
* DESCRIPTION:
*
* Retrieves a pointer to the List of Loggers (if any) being used for logging
* by libpkix and stores it at "pLoggers". If no loggers are being used, this
* function stores an empty List at "pLoggers".
*
* Note that the List returned by this function is immutable.
*
* PARAMETERS:
* "pLoggers"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Logger Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_GetLoggers(
PKIX_List **pLoggers, /* list of PKIX_Logger */
void *plContext);
/*
* FUNCTION: PKIX_SetLoggers
* DESCRIPTION:
*
* Sets the Loggers to be used by libpkix to the List of Loggers pointed to
* by "loggers". If "loggers" is NULL, no Loggers will be used.
*
* PARAMETERS:
* "loggers"
* Address of List of Loggers to be set. NULL for no Loggers.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Logger Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_SetLoggers(
PKIX_List *loggers, /* list of PKIX_Logger */
void *plContext);
/*
* FUNCTION: PKIX_AddLogger
* DESCRIPTION:
*
* Adds the Logger pointed to by "logger" to the List of Loggers used by
* libpkix.
*
* PARAMETERS:
* "logger"
* Address of Logger to be added. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Logger Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_AddLogger(
PKIX_Logger *logger,
void *plContext);
/* Functions pertaining to the PKIX_Error type */
/* Error
*
* An Error object is returned by a function upon encountering some error
* condition. Each Error is associated with an errorCode specified in pkixt.h.
* The remaining components of an Error are optional. An Error's description
* specifies a text message describing the Error. An Error's supplementary info
* specifies additional information that might be useful. Finally, an Error's
* cause specifies the underlying Error (if any) that resulted in this Error
* being returned, thereby allowing Errors to be chained so that an entire
* "error stack trace" can be represented. Once created, an Error is immutable.
*
* Note that the Error's supplementary info must be an Object (although any
* object type), allowing it to be reference-counted and allowing it to
* provide the standard Object functions (Equals, Hashcode, ToString, Compare,
* Duplicate).
*
* Errors are classified as either being fatal or non-fatal. If a function
* fails in an unrecoverable way, it returns an Error whose errorCode is
* PKIX_FATAL_ERROR. If such an error is encountered, the caller should
* not attempt to recover since something seriously wrong has happened
* (e.g. corrupted memory, memory finished, etc.). All other errorCodes
* are considered non-fatal errors and can be handled by the caller as they
* see fit.
*/
/*
* FUNCTION: PKIX_Error_Create
* DESCRIPTION:
*
* Creates a new Error using the value of "errorCode", the Error pointed to by
* "cause" (if any), the Object pointed to by "info" (if any), and the String
* pointed to by "desc" and stores it at "pError". If any error occurs during
* error allocation, it will be returned without chaining, since new errors
* cannot be created. Once created, an Error is immutable.
*
* PARAMETERS:
* "errorCode"
* Value of error code.
* "cause"
* Address of Error representing error's cause.
* NULL if none or unspecified.
* "info"
* Address of Object representing error's supplementary information.
* NULL if none.
* "desc"
* Address of String representing error's description. NULL if none.
* "pError"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an Error Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_Error_Create(
PKIX_UInt32 errorCode,
PKIX_Error *cause,
PKIX_PL_Object *info,
PKIX_PL_String *desc,
PKIX_Error **pError,
void *plContext);
/*
* FUNCTION: PKIX_Error_GetErrorCode
* DESCRIPTION:
*
* Retrieves the error code of the Error pointed to by "error" and stores it
* at "pCode". Supported error codes are defined in pkixt.h.
*
* PARAMETERS:
* "error"
* Address of Error whose error code is desired. Must be non-NULL.
* "pCode"
* Address where PKIX_UInt32 will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an Error Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_Error_GetErrorCode(
PKIX_Error *error,
PKIX_UInt32 *pCode,
void *plContext);
/*
* FUNCTION: PKIX_Error_GetCause
* DESCRIPTION:
*
* Retrieves the cause of the Error pointed to by "error" and stores it at
* "pCause". If no cause was specified, NULL will be stored at "pCause".
*
* PARAMETERS:
* "error"
* Address of Error whose cause is desired. Must be non-NULL.
* "pCause"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an Error Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_Error_GetCause(
PKIX_Error *error,
PKIX_Error **pCause,
void *plContext);
/*
* FUNCTION: PKIX_Error_GetSupplementaryInfo
* DESCRIPTION:
*
* Retrieves the supplementary info of the Error pointed to by "error" and
* stores it at "pInfo".
*
* PARAMETERS:
* "error"
* Address of Error whose info is desired. Must be non-NULL.
* "pInfo"
* Address where info pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an Error Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_Error_GetSupplementaryInfo(
PKIX_Error *error,
PKIX_PL_Object **pInfo,
void *plContext);
/*
* FUNCTION: PKIX_Error_GetDescription
* DESCRIPTION:
*
* Retrieves the description of the Error pointed to by "error" and stores it
* at "pDesc". If no description was specified, NULL will be stored at
* "pDesc".
*
* PARAMETERS:
* "error"
* Address of Error whose description is desired. Must be non-NULL.
* "pDesc"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an Error Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_Error_GetDescription(
PKIX_Error *error,
PKIX_PL_String **pDesc,
void *plContext);
/* PKIX_List
*
* Represents a collection of items. NULL is considered a valid item.
*/
/*
* FUNCTION: PKIX_List_Create
* DESCRIPTION:
*
* Creates a new List and stores it at "pList". The List is initially empty
* and holds no items. To initially add items to the List, use
* PKIX_List_AppendItem
*
* PARAMETERS:
* "pList"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_List_Create(
PKIX_List **pList,
void *plContext);
/*
* FUNCTION: PKIX_List_SetImmutable
* DESCRIPTION:
*
* Sets the List pointed to by "list" to be immutable. If a caller tries to
* change a List after it has been marked immutable (i.e. by calling
* PKIX_List_AppendItem, PKIX_List_InsertItem, PKIX_List_SetItem, or
* PKIX_List_DeleteItem), an Error is returned.
*
* PARAMETERS:
* "list"
* Address of List to be marked immutable. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe - assumes exclusive access to "list"
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_List_SetImmutable(
PKIX_List *list,
void *plContext);
/*
* FUNCTION: PKIX_List_IsImmutable
* DESCRIPTION:
*
* Checks whether the List pointed to by "list" is immutable and stores
* the Boolean result at "pImmutable". If a caller tries to change a List
* after it has been marked immutable (i.e. by calling PKIX_List_AppendItem,
* PKIX_List_InsertItem, PKIX_List_SetItem, or PKIX_List_DeleteItem), an
* Error is returned.
*
* PARAMETERS:
* "list"
* Address of List whose immutability is to be determined.
* Must be non-NULL.
* "pImmutable"
* Address where PKIX_Boolean will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_List_IsImmutable(
PKIX_List *list,
PKIX_Boolean *pImmutable,
void *plContext);
/*
* FUNCTION: PKIX_List_GetLength
* DESCRIPTION:
*
* Retrieves the length of the List pointed to by "list" and stores it at
* "pLength".
*
* PARAMETERS:
* "list"
* Address of List whose length is desired. Must be non-NULL.
* "pLength"
* Address where PKIX_UInt32 will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_List_GetLength(
PKIX_List *list,
PKIX_UInt32 *pLength,
void *plContext);
/*
* FUNCTION: PKIX_List_IsEmpty
* DESCRIPTION:
*
* Checks whether the List pointed to by "list" is empty and stores
* the Boolean result at "pEmpty".
*
* PARAMETERS:
* "list"
* Address of List whose emptiness is to be determined. Must be non-NULL.
* "pEmpty"
* Address where PKIX_Boolean will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_List_IsEmpty(
PKIX_List *list,
PKIX_Boolean *pEmpty,
void *plContext);
/*
* FUNCTION: PKIX_List_AppendItem
* DESCRIPTION:
*
* Appends the Object pointed to by "item" after the last non-NULL item in
* List pointed to by "list", if any. Note that a List may validly contain
* NULL items. Appending "c" into the List ("a", NULL, "b", NULL) will result
* in ("a", NULL, "b", "c").
*
* PARAMETERS:
* "list"
* Address of List to append to. Must be non-NULL.
* "item"
* Address of new item to append.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe - assumes exclusive access to "list"
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_List_AppendItem(
PKIX_List *list,
PKIX_PL_Object *item,
void *plContext);
/*
* FUNCTION: PKIX_List_InsertItem
* DESCRIPTION:
*
* Inserts the Object pointed to by "item" into the List pointed to by "list"
* at the given "index". The index counts from zero and must be less than the
* List's length. Existing list entries at or after this index will be moved
* to the next highest index.
*
* XXX why not allow equal to length which would be equivalent to AppendItem?
*
* PARAMETERS:
* "list"
* Address of List to insert into. Must be non-NULL.
* "index"
* Position to insert into. Must be less than List's length.
* "item"
* Address of new item to append.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe - assumes exclusive access to "list"
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_List_InsertItem(
PKIX_List *list,
PKIX_UInt32 index,
PKIX_PL_Object *item,
void *plContext);
/*
* FUNCTION: PKIX_List_GetItem
* DESCRIPTION:
*
* Copies the "list"'s item at "index" into "pItem". The index counts from
* zero and must be less than the list's length. Increments the reference
* count on the returned object, if non-NULL.
*
* PARAMETERS:
* "list"
* Address of List to get item from. Must be non-NULL.
* "index"
* Index of list to get item from. Must be less than List's length.
* "pItem"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_List_GetItem(
PKIX_List *list,
PKIX_UInt32 index,
PKIX_PL_Object **pItem,
void *plContext);
/*
* FUNCTION: PKIX_List_SetItem
* DESCRIPTION:
*
* Sets the item at "index" of the List pointed to by "list" with the Object
* pointed to by "item". The index counts from zero and must be less than the
* List's length. The previous entry at this index will have its reference
* count decremented and the new entry will have its reference count
* incremented.
*
* PARAMETERS:
* "list"
* Address of List to modify. Must be non-NULL.
* "index"
* Position in List to set. Must be less than List's length.
* "item"
* Address of Object to set at "index".
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe - assumes exclusive access to "list"
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_List_SetItem(
PKIX_List *list,
PKIX_UInt32 index,
PKIX_PL_Object *item,
void *plContext);
/*
* FUNCTION: PKIX_List_DeleteItem
*
* Deletes the item at "index" from the List pointed to by "list". The index
* counts from zero and must be less than the List's length. Note that this
* function does not destroy the List. It simply decrements the reference
* count of the item at "index" in the List, deletes that item from the list
* and moves all subsequent entries to a lower index in the list. If there is
* only a single element in the List and that element is deleted, then the
* List will be empty.
*
* PARAMETERS:
* "list"
* Address of List to delete from. Must be non-NULL.
* "index"
* Position in List to delete. Must be less than List's length.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Not Thread Safe - assumes exclusive access to "list"
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_List_DeleteItem(
PKIX_List *list,
PKIX_UInt32 index,
void *plContext);
/*
* FUNCTION: PKIX_List_ReverseList
* DESCRIPTION:
*
* Creates a new List whose elements are in the reverse order as the elements
* of the Object pointed to by "list" and stores the copy at "pReversedList".
* If "list" is empty, the new reversed List will be a copy of "list".
* Changes to the new object will not affect the original and vice versa.
*
* PARAMETERS:
* "list"
* Address of List whose elements are to be reversed. Must be non-NULL.
* "pReversedList"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
PKIX_List_ReverseList(
PKIX_List *list,
PKIX_List **pReversedList,
void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_UTIL_H */

485
security/nss/lib/libpkix/include/pkixt.h Executable file
Просмотреть файл

@ -0,0 +1,485 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* This file defines the types in the libpkix API.
* XXX Maybe we should specify the API version number in all API header files
*
*/
#ifndef _PKIXT_H
#define _PKIXT_H
#ifdef __cplusplus
extern "C" {
#endif
#include "secerr.h"
/* Types
*
* This header file provides typedefs for the abstract types used by libpkix.
* It also provides several useful macros.
*
* Note that all these abstract types are typedef'd as opaque structures. This
* is intended to discourage the caller from looking at the contents directly,
* since the format of the contents may change from one version of the library
* to the next. Instead, callers should only access these types using the
* functions defined in the public header files.
*
* An instance of an abstract type defined in this file is called an "object"
* here, although C does not have real support for objects.
*
* Because C does not typically have automatic garbage collection, the caller
* is expected to release the reference to any object that they create or that
* is returned to them by a libpkix function. The caller should do this by
* using the PKIX_PL_Object_DecRef function. Note that the caller should not
* release the reference to an object if the object has been passed to a
* libpkix function and that function has not returned.
*
* Please refer to libpkix Programmer's Guide for more details.
*/
/* Version
*
* These macros specify the major and minor version of the libpkix API defined
* by this header file.
*/
#define PKIX_MAJOR_VERSION ((PKIX_UInt32) 0)
#define PKIX_MINOR_VERSION ((PKIX_UInt32) 3)
/* Maximum minor version
*
* This macro is used to specify that the caller wants the largest minor
* version available.
*/
#define PKIX_MAX_MINOR_VERSION ((PKIX_UInt32) 4000000000)
/* Define Cert Store type for database access */
#define PKIX_STORE_TYPE_NONE 0
#define PKIX_STORE_TYPE_PK11 1
/* Portable Code (PC) data types
*
* These types are used to perform the primary operations of this library:
* building and validating chains of X.509 certificates.
*/
typedef struct PKIX_ErrorStruct PKIX_Error;
typedef struct PKIX_ProcessingParamsStruct PKIX_ProcessingParams;
typedef struct PKIX_ValidateParamsStruct PKIX_ValidateParams;
typedef struct PKIX_ValidateResultStruct PKIX_ValidateResult;
typedef struct PKIX_ResourceLimitsStruct PKIX_ResourceLimits;
typedef struct PKIX_BuildResultStruct PKIX_BuildResult;
typedef struct PKIX_CertStoreStruct PKIX_CertStore;
typedef struct PKIX_CertChainCheckerStruct PKIX_CertChainChecker;
typedef struct PKIX_RevocationCheckerStruct PKIX_RevocationChecker;
typedef struct PKIX_CertSelectorStruct PKIX_CertSelector;
typedef struct PKIX_CRLSelectorStruct PKIX_CRLSelector;
typedef struct PKIX_ComCertSelParamsStruct PKIX_ComCertSelParams;
typedef struct PKIX_ComCRLSelParamsStruct PKIX_ComCRLSelParams;
typedef struct PKIX_TrustAnchorStruct PKIX_TrustAnchor;
typedef struct PKIX_PolicyNodeStruct PKIX_PolicyNode;
typedef struct PKIX_LoggerStruct PKIX_Logger;
typedef struct PKIX_ListStruct PKIX_List;
typedef struct PKIX_ForwardBuilderStateStruct PKIX_ForwardBuilderState;
typedef struct PKIX_DefaultRevocationCheckerStruct
PKIX_DefaultRevocationChecker;
typedef struct PKIX_OcspCheckerStruct PKIX_OcspChecker;
typedef struct PKIX_VerifyNodeStruct PKIX_VerifyNode;
/* Portability Layer (PL) data types
*
* These types are used are used as portable data types that are defined
* consistently across platforms
*/
typedef struct PKIX_PL_ObjectStruct PKIX_PL_Object;
typedef struct PKIX_PL_ByteArrayStruct PKIX_PL_ByteArray;
typedef struct PKIX_PL_HashTableStruct PKIX_PL_HashTable;
typedef struct PKIX_PL_MutexStruct PKIX_PL_Mutex;
typedef struct PKIX_PL_RWLockStruct PKIX_PL_RWLock;
typedef struct PKIX_PL_MonitorLockStruct PKIX_PL_MonitorLock;
typedef struct PKIX_PL_BigIntStruct PKIX_PL_BigInt;
typedef struct PKIX_PL_StringStruct PKIX_PL_String;
typedef struct PKIX_PL_OIDStruct PKIX_PL_OID;
typedef struct PKIX_PL_CertStruct PKIX_PL_Cert;
typedef struct PKIX_PL_GeneralNameStruct PKIX_PL_GeneralName;
typedef struct PKIX_PL_X500NameStruct PKIX_PL_X500Name;
typedef struct PKIX_PL_PublicKeyStruct PKIX_PL_PublicKey;
typedef struct PKIX_PL_DateStruct PKIX_PL_Date;
typedef struct PKIX_PL_CertNameConstraintsStruct PKIX_PL_CertNameConstraints;
typedef struct PKIX_PL_CertBasicConstraintsStruct PKIX_PL_CertBasicConstraints;
typedef struct PKIX_PL_CertPoliciesStruct PKIX_PL_CertPolicies;
typedef struct PKIX_PL_CertPolicyInfoStruct PKIX_PL_CertPolicyInfo;
typedef struct PKIX_PL_CertPolicyQualifierStruct PKIX_PL_CertPolicyQualifier;
typedef struct PKIX_PL_CertPolicyMapStruct PKIX_PL_CertPolicyMap;
typedef struct PKIX_PL_CRLStruct PKIX_PL_CRL;
typedef struct PKIX_PL_CRLEntryStruct PKIX_PL_CRLEntry;
typedef struct PKIX_PL_CollectionCertStoreStruct PKIX_PL_CollectionCertStore;
typedef struct PKIX_PL_CollectionCertStoreContext
PKIX_PL_CollectionCertStoreContext;
typedef struct PKIX_PL_LdapCertStoreContext PKIX_PL_LdapCertStoreContext;
typedef struct PKIX_PL_LdapRequestStruct PKIX_PL_LdapRequest;
typedef struct PKIX_PL_LdapResponseStruct PKIX_PL_LdapResponse;
typedef struct PKIX_PL_LdapDefaultClientStruct PKIX_PL_LdapDefaultClient;
typedef struct PKIX_PL_SocketStruct PKIX_PL_Socket;
typedef struct PKIX_PL_InfoAccessStruct PKIX_PL_InfoAccess;
typedef struct PKIX_PL_AIAMgrStruct PKIX_PL_AIAMgr;
typedef struct PKIX_PL_OcspRequestStruct PKIX_PL_OcspRequest;
typedef struct PKIX_PL_OcspResponseStruct PKIX_PL_OcspResponse;
typedef struct PKIX_PL_HttpClientStruct PKIX_PL_HttpClient;
typedef struct PKIX_PL_HttpDefaultClientStruct PKIX_PL_HttpDefaultClient;
typedef struct PKIX_PL_HttpCertStoreContextStruct PKIX_PL_HttpCertStoreContext;
/* Primitive types
*
* In order to guarantee desired behavior as well as platform-independence, we
* typedef these types depending on the platform. XXX This needs more work!
*/
/* XXX Try compiling these files (and maybe the whole libpkix-nss) on Win32.
* We don't know what type is at least 32 bits long. ISO C probably requires
* at least 32 bits for long. we could default to that and only list platforms
* where that's not true.
*
* #elif
* #error
* #endif
*/
/* currently, int is 32 bits on all our supported platforms */
typedef unsigned int PKIX_UInt32;
typedef int PKIX_Int32;
typedef int PKIX_Boolean;
/* Object Types
*
* Every reference-counted PKIX_PL_Object is associated with an integer type.
*/
#define PKIX_TYPES \
TYPEMACRO(OBJECT), \
TYPEMACRO(BIGINT), \
TYPEMACRO(BYTEARRAY), \
TYPEMACRO(ERROR), \
TYPEMACRO(HASHTABLE), \
TYPEMACRO(LIST), \
TYPEMACRO(LOGGER), \
TYPEMACRO(MUTEX), \
TYPEMACRO(OID), \
TYPEMACRO(RWLOCK), \
TYPEMACRO(STRING), \
TYPEMACRO(CERTBASICCONSTRAINTS), \
TYPEMACRO(CERT), \
TYPEMACRO(HTTPCLIENT), \
TYPEMACRO(CRL), \
TYPEMACRO(CRLENTRY), \
TYPEMACRO(DATE), \
TYPEMACRO(GENERALNAME), \
TYPEMACRO(CERTNAMECONSTRAINTS), \
TYPEMACRO(PUBLICKEY), \
TYPEMACRO(TRUSTANCHOR), \
TYPEMACRO(X500NAME), \
TYPEMACRO(HTTPCERTSTORECONTEXT), \
TYPEMACRO(BUILDRESULT), \
TYPEMACRO(PROCESSINGPARAMS), \
TYPEMACRO(VALIDATEPARAMS), \
TYPEMACRO(VALIDATERESULT), \
TYPEMACRO(CERTSTORE), \
TYPEMACRO(CERTCHAINCHECKER), \
TYPEMACRO(REVOCATIONCHECKER), \
TYPEMACRO(CERTSELECTOR), \
TYPEMACRO(COMCERTSELPARAMS), \
TYPEMACRO(CRLSELECTOR), \
TYPEMACRO(COMCRLSELPARAMS), \
TYPEMACRO(CERTPOLICYINFO), \
TYPEMACRO(CERTPOLICYQUALIFIER), \
TYPEMACRO(CERTPOLICYMAP), \
TYPEMACRO(CERTPOLICYNODE), \
TYPEMACRO(TARGETCERTCHECKERSTATE), \
TYPEMACRO(BASICCONSTRAINTSCHECKERSTATE), \
TYPEMACRO(CERTPOLICYCHECKERSTATE), \
TYPEMACRO(COLLECTIONCERTSTORECONTEXT), \
TYPEMACRO(DEFAULTCRLCHECKERSTATE), \
TYPEMACRO(FORWARDBUILDERSTATE), \
TYPEMACRO(SIGNATURECHECKERSTATE), \
TYPEMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \
TYPEMACRO(DEFAULTREVOCATIONCHECKER), \
TYPEMACRO(LDAPREQUEST), \
TYPEMACRO(LDAPRESPONSE), \
TYPEMACRO(LDAPDEFAULTCLIENT), \
TYPEMACRO(SOCKET), \
TYPEMACRO(RESOURCELIMITS), \
TYPEMACRO(MONITORLOCK), \
TYPEMACRO(INFOACCESS), \
TYPEMACRO(AIAMGR), \
TYPEMACRO(OCSPCHECKER), \
TYPEMACRO(OCSPREQUEST), \
TYPEMACRO(OCSPRESPONSE), \
TYPEMACRO(HTTPDEFAULTCLIENT), \
TYPEMACRO(VERIFYNODE)
#define TYPEMACRO(type) PKIX_ ## type ## _TYPE
typedef enum { /* Now invoke all those TYPEMACROs to assign the numbers */
PKIX_TYPES,
PKIX_NUMTYPES /* This gets PKIX_NUMTYPES defined as the total number */
} PKIX_TYPENUM;
/* User Define Object Types
*
* User may define their own object types offset from PKIX_USER_OBJECT_TYPE
*/
#define PKIX_USER_OBJECT_TYPEBASE 1000
/* Error Codes
*
* This list is used to define a set of PKIX_Errors, each associated with an
* integer error code. ERRMACRO is redefined to produce a corresponding set of
* strings in the table "const char *PKIX_ERRORNAMES[PKIX_NUMERRORS]" in
* pkix_error.c. For example, since the fifth ERRMACRO entry is MUTEX, then
* PKIX_MUTEX_ERROR is defined in pkixt.h as 4, and PKIX_ERRORNAMES[4] is
* initialized in pkix_error.c with the value "MUTEX".
*/
#define PKIX_ERRORS \
ERRMACRO(OBJECT), \
ERRMACRO(FATAL), \
ERRMACRO(MEM), \
ERRMACRO(ERROR), \
ERRMACRO(MUTEX), \
ERRMACRO(RWLOCK), \
ERRMACRO(STRING), \
ERRMACRO(OID), \
ERRMACRO(LIST), \
ERRMACRO(BYTEARRAY), \
ERRMACRO(BIGINT), \
ERRMACRO(HASHTABLE), \
ERRMACRO(CERT), \
ERRMACRO(X500NAME), \
ERRMACRO(GENERALNAME), \
ERRMACRO(PUBLICKEY), \
ERRMACRO(DATE), \
ERRMACRO(TRUSTANCHOR), \
ERRMACRO(PROCESSINGPARAMS), \
ERRMACRO(HTTPCLIENT), \
ERRMACRO(VALIDATEPARAMS), \
ERRMACRO(VALIDATE), \
ERRMACRO(VALIDATERESULT), \
ERRMACRO(CERTCHAINCHECKER), \
ERRMACRO(CERTSELECTOR), \
ERRMACRO(COMCERTSELPARAMS), \
ERRMACRO(TARGETCERTCHECKERSTATE), \
ERRMACRO(CERTBASICCONSTRAINTS), \
ERRMACRO(CERTPOLICYQUALIFIER), \
ERRMACRO(CERTPOLICYINFO), \
ERRMACRO(CERTPOLICYNODE), \
ERRMACRO(CERTPOLICYCHECKERSTATE), \
ERRMACRO(LIFECYCLE), \
ERRMACRO(BASICCONSTRAINTSCHECKERSTATE), \
ERRMACRO(COMCRLSELPARAMS), \
ERRMACRO(CERTSTORE), \
ERRMACRO(COLLECTIONCERTSTORECONTEXT), \
ERRMACRO(DEFAULTCRLCHECKERSTATE), \
ERRMACRO(CRL), \
ERRMACRO(CRLENTRY), \
ERRMACRO(CRLSELECTOR), \
ERRMACRO(CERTPOLICYMAP), \
ERRMACRO(BUILD), \
ERRMACRO(BUILDRESULT), \
ERRMACRO(HTTPCERTSTORECONTEXT), \
ERRMACRO(FORWARDBUILDERSTATE), \
ERRMACRO(SIGNATURECHECKERSTATE), \
ERRMACRO(CERTNAMECONSTRAINTS), \
ERRMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \
ERRMACRO(REVOCATIONCHECKER), \
ERRMACRO(USERDEFINEDMODULES), \
ERRMACRO(CONTEXT), \
ERRMACRO(DEFAULTREVOCATIONCHECKER), \
ERRMACRO(LDAPREQUEST), \
ERRMACRO(LDAPRESPONSE), \
ERRMACRO(LDAPCLIENT), \
ERRMACRO(LDAPDEFAULTCLIENT), \
ERRMACRO(SOCKET), \
ERRMACRO(RESOURCELIMITS), \
ERRMACRO(LOGGER), \
ERRMACRO(MONITORLOCK), \
ERRMACRO(INFOACCESS), \
ERRMACRO(AIAMGR), \
ERRMACRO(OCSPCHECKER), \
ERRMACRO(OCSPREQUEST), \
ERRMACRO(OCSPRESPONSE), \
ERRMACRO(HTTPDEFAULTCLIENT), \
ERRMACRO(VERIFYNODE)
#define ERRMACRO(type) PKIX_ ## type ## _ERROR
typedef enum { /* Now invoke all those ERRMACROs to assign the numbers */
PKIX_ERRORS,
PKIX_NUMERRORS /* This gets PKIX_NUMERRORS defined as the total number */
} PKIX_ERRORNUM;
/* Now define error strings (for internationalization) */
#define PKIX_ERRORENTRY(name,desc) PKIX_ ## name
/* Define all the error numbers */
typedef enum {
#include "pkix_errorstrings.h"
} PKIX_ERRSTRINGNUM;
extern char *PKIX_ErrorText[];
/* String Formats
*
* These formats specify supported encoding formats for Strings.
*/
#define PKIX_ESCASCII 0
#define PKIX_UTF8 1
#define PKIX_UTF16 2
#define PKIX_UTF8_NULL_TERM 3
#define PKIX_ESCASCII_DEBUG 4
/* Name Types
*
* These types specify supported formats for GeneralNames.
*/
#define PKIX_OTHER_NAME 1
#define PKIX_RFC822_NAME 2
#define PKIX_DNS_NAME 3
#define PKIX_X400_ADDRESS 4
#define PKIX_DIRECTORY_NAME 5
#define PKIX_EDIPARTY_NAME 6
#define PKIX_URI_NAME 7
#define PKIX_IP_NAME 8
#define PKIX_OID_NAME 9
/* Key Usages
*
* These types specify supported Key Usages
*/
#define PKIX_DIGITAL_SIGNATURE 0x001
#define PKIX_NON_REPUDIATION 0x002
#define PKIX_KEY_ENCIPHERMENT 0x004
#define PKIX_DATA_ENCIPHERMENT 0x008
#define PKIX_KEY_AGREEMENT 0x010
#define PKIX_KEY_CERT_SIGN 0x020
#define PKIX_CRL_SIGN 0x040
#define PKIX_ENCIPHER_ONLY 0x080
#define PKIX_DECIPHER_ONLY 0x100
/* Reason Flags
*
* These macros specify supported Reason Flags
*/
#define PKIX_UNUSED 0x001
#define PKIX_KEY_COMPROMISE 0x002
#define PKIX_CA_COMPROMISE 0x004
#define PKIX_AFFILIATION_CHANGED 0x008
#define PKIX_SUPERSEDED 0x010
#define PKIX_CESSATION_OF_OPERATION 0x020
#define PKIX_CERTIFICATE_HOLD 0x040
#define PKIX_PRIVILEGE_WITHDRAWN 0x080
#define PKIX_AA_COMPROMISE 0x100
/* Boolean values
*
* These macros specify the Boolean values of TRUE and FALSE
* XXX Is it the case that any non-zero value is actually considered TRUE
* and this is just a convenient mnemonic macro?
*/
#define PKIX_TRUE ((PKIX_Boolean) 1)
#define PKIX_FALSE ((PKIX_Boolean) 0)
/*
* Define constants for basic constraints selector
* (see comments in pkix_certsel.h)
*/
#define PKIX_CERTSEL_ENDENTITY_MIN_PATHLENGTH (-2)
#define PKIX_CERTSEL_ALL_MATCH_MIN_PATHLENGTH (-1)
/*
* PKIX_ALLOC_ERROR is a special error object hard-coded into the pkix_error.o
* object file. It is thrown if system memory cannot be allocated or may be
* thrown for other unrecoverable errors. PKIX_ALLOC_ERROR is immutable.
* IncRef, DecRef and all Settor functions cannot be called.
* XXX Does anyone actually need to know about this?
* XXX Why no DecRef? Would be good to handle it the same.
*/
PKIX_Error* PKIX_ALLOC_ERROR(void);
/*
* In a CertBasicConstraints extension, if the CA flag is set,
* indicating the certificate refers to a Certification
* Authority, then the pathLen field indicates how many intermediate
* certificates (not counting self-signed ones) can exist in a valid
* chain following this certificate. If the pathLen has the value
* of this constant, then the length of the chain is unlimited
*/
#define PKIX_UNLIMITED_PATH_CONSTRAINT ((PKIX_Int32) -1)
/*
* Define Certificate Extension hard-coded OID's
*/
#define PKIX_CERTKEYUSAGE_OID "2.5.29.15"
#define PKIX_CERTSUBJALTNAME_OID "2.5.29.17"
#define PKIX_BASICCONSTRAINTS_OID "2.5.29.19"
#define PKIX_CRLREASONCODE_OID "2.5.29.21"
#define PKIX_NAMECONSTRAINTS_OID "2.5.29.30"
#define PKIX_CERTIFICATEPOLICIES_OID "2.5.29.32"
#define PKIX_CERTIFICATEPOLICIES_ANYPOLICY_OID "2.5.29.32.0"
#define PKIX_POLICYMAPPINGS_OID "2.5.29.33"
#define PKIX_POLICYCONSTRAINTS_OID "2.5.29.36"
#define PKIX_EXTENDEDKEYUSAGE_OID "2.5.29.37"
#define PKIX_INHIBITANYPOLICY_OID "2.5.29.54"
#ifdef __cplusplus
}
#endif
#endif /* _PKIXT_H */

43
security/nss/lib/libpkix/manifest.mn Executable file
Просмотреть файл

@ -0,0 +1,43 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CORE_DEPTH = ../../..
DEPTH = ../../..
#
DIRS = include pkix pkix_pl_nss \
$(NULL)

80
security/nss/lib/libpkix/pkix/Makefile Executable file
Просмотреть файл

@ -0,0 +1,80 @@
#! gmake
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include config.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
export:: private_export

80
security/nss/lib/libpkix/pkix/certsel/Makefile Executable file
Просмотреть файл

@ -0,0 +1,80 @@
#! gmake
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include config.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
export:: private_export

47
security/nss/lib/libpkix/pkix/certsel/config.mk Executable file
Просмотреть файл

@ -0,0 +1,47 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#
# Override TARGETS variable so that only static libraries
# are specifed as dependencies within rules.mk.
#
TARGETS = $(LIBRARY)
SHARED_LIBRARY =
IMPORT_LIBRARY =
PROGRAM =

59
security/nss/lib/libpkix/pkix/certsel/manifest.mn Executable file
Просмотреть файл

@ -0,0 +1,59 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CORE_DEPTH = ../../../../..
EXPORTS = \
pkix_certselector.h \
pkix_comcertselparams.h \
$(NULL)
PRIVATE_EXPORTS = \
pkix_certselector.h \
pkix_comcertselparams.h \
$(NULL)
MODULE = nss
CSRCS = \
pkix_certselector.c \
pkix_comcertselparams.c \
$(NULL)
REQUIRES = dbm
LIBRARY_NAME = certsel

1771
security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c Executable file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

74
security/nss/lib/libpkix/pkix/certsel/pkix_certselector.h Executable file
Просмотреть файл

@ -0,0 +1,74 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_certselector.h
*
* CertSelector Object Type Definition
*
*/
#ifndef _PKIX_CERTSELECTOR_H
#define _PKIX_CERTSELECTOR_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
struct PKIX_CertSelectorStruct {
PKIX_CertSelector_MatchCallback matchCallback;
PKIX_ComCertSelParams *params;
PKIX_PL_Object *context;
};
/* see source file for function documentation */
PKIX_Error *
pkix_CertSelector_Select(
PKIX_CertSelector *selector,
PKIX_List *before,
PKIX_List **pAfter,
void *plContext);
PKIX_Error *pkix_CertSelector_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_CERTSELECTOR_H */

1165
security/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.c Executable file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

89
security/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.h Executable file
Просмотреть файл

@ -0,0 +1,89 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_comcertselparams.h
*
* ComCertSelParams Object Type Definition
*
*/
#ifndef _PKIX_COMCERTSELPARAMS_H
#define _PKIX_COMCERTSELPARAMS_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
/*
* pathToNamesConstraint is Name Constraints generated based on the
* pathToNames. We save a cached copy to save regeneration for each
* check. SubjAltNames also has its cache, since SubjAltNames are
* verified by checker, its cache copy is stored in checkerstate.
*/
struct PKIX_ComCertSelParamsStruct {
PKIX_Int32 version;
PKIX_Int32 minPathLength;
PKIX_Boolean matchAllSubjAltNames;
PKIX_PL_X500Name *subject;
PKIX_List *policies; /* List of PKIX_PL_OID */
PKIX_PL_Cert *cert;
PKIX_PL_CertNameConstraints *nameConstraints;
PKIX_List *pathToNames; /* List of PKIX_PL_GeneralNames */
PKIX_List *subjAltNames; /* List of PKIX_PL_GeneralNames */
PKIX_List *extKeyUsage; /* List of PKIX_PL_OID */
PKIX_UInt32 keyUsage;
PKIX_PL_Date *date;
PKIX_PL_Date *certValid;
PKIX_PL_X500Name *issuer;
PKIX_PL_BigInt *serialNumber;
PKIX_PL_ByteArray *authKeyId;
PKIX_PL_ByteArray *subjKeyId;
PKIX_PL_PublicKey *subjPubKey;
PKIX_PL_OID *subjPKAlgId;
};
/* see source file for function documentation */
PKIX_Error *pkix_ComCertSelParams_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_COMCERTSELPARAMS_H */

80
security/nss/lib/libpkix/pkix/checker/Makefile Executable file
Просмотреть файл

@ -0,0 +1,80 @@
#! gmake
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include config.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
export:: private_export

47
security/nss/lib/libpkix/pkix/checker/config.mk Executable file
Просмотреть файл

@ -0,0 +1,47 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#
# Override TARGETS variable so that only static libraries
# are specifed as dependencies within rules.mk.
#
TARGETS = $(LIBRARY)
SHARED_LIBRARY =
IMPORT_LIBRARY =
PROGRAM =

61
security/nss/lib/libpkix/pkix/checker/manifest.mn Executable file
Просмотреть файл

@ -0,0 +1,61 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CORE_DEPTH = ../../../../..
EXPORTS = \
$(NULL)
PRIVATE_EXPORTS = \
pkix_certchainchecker.h \
pkix_defaultrevchecker.h \
pkix_ocspchecker.h \
pkix_revocationchecker.h \
$(NULL)
MODULE = nss
CSRCS = \
pkix_certchainchecker.c \
pkix_defaultrevchecker.c \
pkix_ocspchecker.c \
pkix_revocationchecker.c \
$(NULL)
REQUIRES = dbm
LIBRARY_NAME = checker

349
security/nss/lib/libpkix/pkix/checker/pkix_certchainchecker.c Executable file
Просмотреть файл

@ -0,0 +1,349 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_certchainchecker.c
*
* CertChainChecker Object Functions
*
*/
#include "pkix_certchainchecker.h"
/* --Private-Functions-------------------------------------------- */
/*
* FUNCTION: pkix_CertChainChecker_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_CertChainChecker_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
PKIX_CertChainChecker *checker = NULL;
PKIX_ENTER(CERTCHAINCHECKER, "pkix_CertChainChecker_Destroy");
PKIX_NULLCHECK_ONE(object);
/* Check that this object is a cert chain checker */
PKIX_CHECK(pkix_CheckType
(object, PKIX_CERTCHAINCHECKER_TYPE, plContext),
PKIX_OBJECTNOTCERTCHAINCHECKER);
checker = (PKIX_CertChainChecker *)object;
PKIX_DECREF(checker->extensions);
PKIX_DECREF(checker->state);
cleanup:
PKIX_RETURN(CERTCHAINCHECKER);
}
/*
* FUNCTION: pkix_CertChainChecker_Duplicate
* (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_CertChainChecker_Duplicate(
PKIX_PL_Object *object,
PKIX_PL_Object **pNewObject,
void *plContext)
{
PKIX_CertChainChecker *checker = NULL;
PKIX_CertChainChecker *checkerDuplicate = NULL;
PKIX_List *extensionsDuplicate = NULL;
PKIX_PL_Object *stateDuplicate = NULL;
PKIX_ENTER(CERTCHAINCHECKER, "pkix_CertChainChecker_Duplicate");
PKIX_NULLCHECK_TWO(object, pNewObject);
PKIX_CHECK(pkix_CheckType
(object, PKIX_CERTCHAINCHECKER_TYPE, plContext),
PKIX_OBJECTNOTCERTCHAINCHECKER);
checker = (PKIX_CertChainChecker *)object;
if (checker->extensions){
PKIX_CHECK(PKIX_PL_Object_Duplicate
((PKIX_PL_Object *)checker->extensions,
(PKIX_PL_Object **)&extensionsDuplicate,
plContext),
PKIX_OBJECTDUPLICATEFAILED);
}
if (checker->state){
PKIX_CHECK(PKIX_PL_Object_Duplicate
((PKIX_PL_Object *)checker->state,
(PKIX_PL_Object **)&stateDuplicate,
plContext),
PKIX_OBJECTDUPLICATEFAILED);
}
PKIX_CHECK(PKIX_CertChainChecker_Create
(checker->checkCallback,
checker->forwardChecking,
checker->isForwardDirectionExpected,
extensionsDuplicate,
stateDuplicate,
&checkerDuplicate,
plContext),
PKIX_CERTCHAINCHECKERCREATEFAILED);
*pNewObject = (PKIX_PL_Object *)checkerDuplicate;
cleanup:
PKIX_DECREF(extensionsDuplicate);
PKIX_DECREF(stateDuplicate);
PKIX_RETURN(CERTCHAINCHECKER);
}
/*
* FUNCTION: pkix_CertChainChecker_RegisterSelf
* DESCRIPTION:
* Registers PKIX_CERTCHAINCHECKER_TYPE and its related functions with
* systemClasses[]
* THREAD SAFETY:
* Not Thread Safe - for performance and complexity reasons
*
* Since this function is only called by PKIX_PL_Initialize, which should
* only be called once, it is acceptable that this function is not
* thread-safe.
*/
PKIX_Error *
pkix_CertChainChecker_RegisterSelf(void *plContext)
{
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
pkix_ClassTable_Entry entry;
PKIX_ENTER(CERTCHAINCHECKER, "pkix_CertChainChecker_RegisterSelf");
entry.description = "CertChainChecker";
entry.destructor = pkix_CertChainChecker_Destroy;
entry.equalsFunction = NULL;
entry.hashcodeFunction = NULL;
entry.toStringFunction = NULL;
entry.comparator = NULL;
entry.duplicateFunction = pkix_CertChainChecker_Duplicate;
systemClasses[PKIX_CERTCHAINCHECKER_TYPE] = entry;
PKIX_RETURN(CERTCHAINCHECKER);
}
/* --Public-Functions--------------------------------------------- */
/*
* FUNCTION: PKIX_CertChainChecker_Create (see comments in pkix_checker.h)
*/
PKIX_Error *
PKIX_CertChainChecker_Create(
PKIX_CertChainChecker_CheckCallback callback,
PKIX_Boolean forwardCheckingSupported,
PKIX_Boolean isForwardDirectionExpected,
PKIX_List *list, /* list of PKIX_PL_OID */
PKIX_PL_Object *initialState,
PKIX_CertChainChecker **pChecker,
void *plContext)
{
PKIX_CertChainChecker *checker = NULL;
PKIX_ENTER(CERTCHAINCHECKER, "PKIX_CertChainChecker_Create");
PKIX_NULLCHECK_ONE(pChecker);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CERTCHAINCHECKER_TYPE,
sizeof (PKIX_CertChainChecker),
(PKIX_PL_Object **)&checker,
plContext),
PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT);
/* initialize fields */
checker->checkCallback = callback;
checker->forwardChecking = forwardCheckingSupported;
checker->isForwardDirectionExpected = isForwardDirectionExpected;
PKIX_INCREF(list);
checker->extensions = list;
PKIX_INCREF(initialState);
checker->state = initialState;
*pChecker = checker;
cleanup:
PKIX_RETURN(CERTCHAINCHECKER);
}
/*
* FUNCTION: PKIX_CertChainChecker_GetCheckCallback
* (see comments in pkix_checker.h)
*/
PKIX_Error *
PKIX_CertChainChecker_GetCheckCallback(
PKIX_CertChainChecker *checker,
PKIX_CertChainChecker_CheckCallback *pCallback,
void *plContext)
{
PKIX_ENTER(CERTCHAINCHECKER, "PKIX_CertChainChecker_GetCheckCallback");
PKIX_NULLCHECK_TWO(checker, pCallback);
*pCallback = checker->checkCallback;
PKIX_RETURN(CERTCHAINCHECKER);
}
/*
* FUNCTION: PKIX_CertChainChecker_IsForwardCheckingSupported
* (see comments in pkix_checker.h)
*/
PKIX_Error *
PKIX_CertChainChecker_IsForwardCheckingSupported(
PKIX_CertChainChecker *checker,
PKIX_Boolean *pForwardCheckingSupported,
void *plContext)
{
PKIX_ENTER
(CERTCHAINCHECKER,
"PKIX_CertChainChecker_IsForwardCheckingSupported");
PKIX_NULLCHECK_TWO(checker, pForwardCheckingSupported);
*pForwardCheckingSupported = checker->forwardChecking;
PKIX_RETURN(CERTCHAINCHECKER);
}
/*
* FUNCTION: PKIX_CertChainChecker_IsForwardDirectionExpected
* (see comments in pkix_checker.h)
*/
PKIX_Error *
PKIX_CertChainChecker_IsForwardDirectionExpected(
PKIX_CertChainChecker *checker,
PKIX_Boolean *pForwardDirectionExpected,
void *plContext)
{
PKIX_ENTER
(CERTCHAINCHECKER,
"PKIX_CertChainChecker_IsForwardDirectionExpected");
PKIX_NULLCHECK_TWO(checker, pForwardDirectionExpected);
*pForwardDirectionExpected = checker->isForwardDirectionExpected;
PKIX_RETURN(CERTCHAINCHECKER);
}
/*
* FUNCTION: PKIX_CertChainChecker_GetCertChainCheckerState
* (see comments in pkix_checker.h)
*/
PKIX_Error *
PKIX_CertChainChecker_GetCertChainCheckerState(
PKIX_CertChainChecker *checker,
PKIX_PL_Object **pCertChainCheckerState,
void *plContext)
{
PKIX_ENTER(CERTCHAINCHECKER,
"PKIX_CertChainChecker_GetCertChainCheckerState");
PKIX_NULLCHECK_TWO(checker, pCertChainCheckerState);
PKIX_INCREF(checker->state);
*pCertChainCheckerState = checker->state;
PKIX_RETURN(CERTCHAINCHECKER);
}
/*
* FUNCTION: PKIX_CertChainChecker_SetCertChainCheckerState
* (see comments in pkix_checker.h)
*/
PKIX_Error *
PKIX_CertChainChecker_SetCertChainCheckerState(
PKIX_CertChainChecker *checker,
PKIX_PL_Object *certChainCheckerState,
void *plContext)
{
PKIX_ENTER(CERTCHAINCHECKER,
"PKIX_CertChainChecker_SetCertChainCheckerState");
PKIX_NULLCHECK_ONE(checker);
/* DecRef old contents */
PKIX_DECREF(checker->state);
PKIX_INCREF(certChainCheckerState);
checker->state = certChainCheckerState;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)checker, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(CERTCHAINCHECKER);
}
/*
* FUNCTION: PKIX_CertChainChecker_GetSupportedExtensions
* (see comments in pkix_checker.h)
*/
PKIX_Error *
PKIX_CertChainChecker_GetSupportedExtensions(
PKIX_CertChainChecker *checker,
PKIX_List **pExtensions, /* list of PKIX_PL_OID */
void *plContext)
{
PKIX_ENTER(CERTCHAINCHECKER,
"PKIX_CertChainChecker_GetSupportedExtensions");
PKIX_NULLCHECK_TWO(checker, pExtensions);
PKIX_INCREF(checker->extensions);
*pExtensions = checker->extensions;
PKIX_RETURN(CERTCHAINCHECKER);
}

69
security/nss/lib/libpkix/pkix/checker/pkix_certchainchecker.h Executable file
Просмотреть файл

@ -0,0 +1,69 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_certchainchecker.h
*
* CertChainChecker Object Type Definition
*
*/
#ifndef _PKIX_CERTCHAINCHECKER_H
#define _PKIX_CERTCHAINCHECKER_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
struct PKIX_CertChainCheckerStruct {
PKIX_CertChainChecker_CheckCallback checkCallback;
PKIX_List *extensions;
PKIX_PL_Object *state;
PKIX_Boolean forwardChecking;
PKIX_Boolean isForwardDirectionExpected;
};
/* see source file for function documentation */
PKIX_Error *pkix_CertChainChecker_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_CERTCHAINCHECKER_H */

389
security/nss/lib/libpkix/pkix/checker/pkix_defaultrevchecker.c Normal file
Просмотреть файл

@ -0,0 +1,389 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_defaultrevchecker.c
*
* Functions for default Revocation Checker
*
*/
#include "pkix_defaultrevchecker.h"
/* --Private-DefaultRevChecker-Functions------------------------------- */
/*
* FUNCTION: pkix_DefaultRevChecker_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_DefaultRevChecker_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
PKIX_DefaultRevocationChecker *revChecker = NULL;
PKIX_ENTER(DEFAULTREVOCATIONCHECKER,
"pkix_DefaultRevChecker_Destroy");
PKIX_NULLCHECK_ONE(object);
/* Check that this object is a DefaultRevocationChecker */
PKIX_CHECK(pkix_CheckType
(object, PKIX_DEFAULTREVOCATIONCHECKER_TYPE, plContext),
PKIX_OBJECTNOTDEFAULTREVOCATIONCHECKER);
revChecker = (PKIX_DefaultRevocationChecker *)object;
PKIX_DECREF(revChecker->certChainChecker);
PKIX_DECREF(revChecker->certStores);
PKIX_DECREF(revChecker->testDate);
PKIX_DECREF(revChecker->trustedPubKey);
cleanup:
PKIX_RETURN(DEFAULTREVOCATIONCHECKER);
}
/*
* FUNCTION: pkix_DefaultRevocationChecker_RegisterSelf
*
* DESCRIPTION:
* Registers PKIX_DEFAULTREVOCATIONCHECKER_TYPE and its related functions
* with systemClasses[]
*
* THREAD SAFETY:
* Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
*
* Since this function is only called by PKIX_PL_Initialize, which should
* only be called once, it is acceptable that this function is not
* thread-safe.
*/
PKIX_Error *
pkix_DefaultRevocationChecker_RegisterSelf(void *plContext)
{
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
pkix_ClassTable_Entry entry;
PKIX_ENTER(DEFAULTREVOCATIONCHECKER,
"pkix_DefaultRevocationChecker_RegisterSelf");
entry.description = "DefaultRevocationChecker";
entry.destructor = pkix_DefaultRevChecker_Destroy;
entry.equalsFunction = NULL;
entry.hashcodeFunction = NULL;
entry.toStringFunction = NULL;
entry.comparator = NULL;
entry.duplicateFunction = NULL;
systemClasses[PKIX_DEFAULTREVOCATIONCHECKER_TYPE] = entry;
PKIX_RETURN(DEFAULTREVOCATIONCHECKER);
}
/*
* FUNCTION: pkix_DefaultRevChecker_Create
*
* DESCRIPTION:
* This function uses the List of certStores given by "certStores", the Date
* given by "testDate", the PublicKey given by "trustedPubKey", and the number
* of certs remaining in the chain given by "certsRemaining" to create a
* DefaultRevocationChecker, which is stored at "pRevChecker".
*
* PARAMETERS
* "certStores"
* Address of CertStore List to be stored in state. Must be non-NULL.
* "testDate"
* Address of PKIX_PL_Date to be checked. May be NULL.
* "trustedPubKey"
* Address of Public Key of Trust Anchor. Must be non-NULL.
* "certsRemaining"
* Number of certificates remaining in the chain.
* "pRevChecker"
* Address of DefaultRevocationChecker that is returned. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
*
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
*
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a DefaultRevocationChecker Error if the function fails in a
* non-fatal way.
* Returns a Fatal Error
*/
static PKIX_Error *
pkix_DefaultRevChecker_Create(
PKIX_List *certStores,
PKIX_PL_Date *testDate,
PKIX_PL_PublicKey *trustedPubKey,
PKIX_UInt32 certsRemaining,
PKIX_DefaultRevocationChecker **pRevChecker,
void *plContext)
{
PKIX_DefaultRevocationChecker *revChecker = NULL;
PKIX_ENTER(DEFAULTREVOCATIONCHECKER, "pkix_DefaultRevChecker_Create");
PKIX_NULLCHECK_THREE(certStores, trustedPubKey, pRevChecker);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_DEFAULTREVOCATIONCHECKER_TYPE,
sizeof (PKIX_DefaultRevocationChecker),
(PKIX_PL_Object **)&revChecker,
plContext),
PKIX_COULDNOTCREATEDEFAULTREVOCATIONCHECKEROBJECT);
/* Initialize fields */
revChecker->certChainChecker = NULL;
revChecker->check = NULL;
PKIX_INCREF(certStores);
revChecker->certStores = certStores;
PKIX_INCREF(testDate);
revChecker->testDate = testDate;
PKIX_INCREF(trustedPubKey);
revChecker->trustedPubKey = trustedPubKey;
revChecker->certsRemaining = certsRemaining;
*pRevChecker = revChecker;
cleanup:
PKIX_RETURN(DEFAULTREVOCATIONCHECKER);
}
/* --Private-DefaultRevChecker-Functions------------------------------------ */
/*
* FUNCTION: pkix_DefaultRevChecker_Check
*
* DESCRIPTION:
* Check if the Cert has been revoked based on the CRLs data. This function
* maintains the checker state to be current.
*
* PARAMETERS
* "checkerContext"
* Address of RevocationCheckerContext which has the state data.
* Must be non-NULL.
* "cert"
* Address of Certificate that is to be validated. Must be non-NULL.
* "procParams"
* Address of ProcessingParams used to initialize the ExpirationChecker
* and TargetCertChecker. Must be non-NULL.
* "pNBIOContext"
* Address at which platform-dependent non-blocking I/O context is stored.
* Must be non-NULL.
* "pResultCode"
* Address where revocation status will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
*
* THREAD SAFETY:
* Not Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
*
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a RevocationChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error
*/
static PKIX_Error *
pkix_DefaultRevChecker_Check(
PKIX_PL_Object *checkerContext,
PKIX_PL_Cert *cert,
PKIX_ProcessingParams *procParams,
void **pNBIOContext,
PKIX_UInt32 *pReasonCode,
void *plContext)
{
PKIX_DefaultRevocationChecker *defaultRevChecker = NULL;
PKIX_CertChainChecker *crlChecker = NULL;
PKIX_PL_Object *crlCheckerState = NULL;
PKIX_CertChainChecker_CheckCallback check = NULL;
void *nbioContext = NULL;
PKIX_ENTER(REVOCATIONCHECKER, "pkix_DefaultRevChecker_Check");
PKIX_NULLCHECK_FOUR(checkerContext, cert, pNBIOContext, pReasonCode);
/* Check that this object is a DefaultRevocationChecker */
PKIX_CHECK(pkix_CheckType
((PKIX_PL_Object *)checkerContext,
PKIX_DEFAULTREVOCATIONCHECKER_TYPE,
plContext),
PKIX_OBJECTNOTDEFAULTREVOCATIONCHECKER);
defaultRevChecker = (PKIX_DefaultRevocationChecker *)checkerContext;
nbioContext = *pNBIOContext;
*pNBIOContext = 0;
*pReasonCode = 0;
/*
* If we haven't yet created a defaultCrlChecker to do the actual work,
* create one now.
*/
if (defaultRevChecker->certChainChecker == NULL) {
PKIX_CHECK(pkix_DefaultCRLChecker_Initialize
(defaultRevChecker->certStores,
defaultRevChecker->testDate,
defaultRevChecker->trustedPubKey,
defaultRevChecker->certsRemaining,
&crlChecker,
plContext),
PKIX_DEFAULTCRLCHECKERINITIALIZEFAILED);
PKIX_CHECK(PKIX_CertChainChecker_GetCheckCallback
(crlChecker, &check, plContext),
PKIX_CERTCHAINCHECKERGETCHECKCALLBACKFAILED);
defaultRevChecker->certChainChecker = crlChecker;
defaultRevChecker->check = check;
}
/*
* The defaultCRLChecker, which we are using, wants a CRLSelector
* (in its state) to select the Issuer of the target Cert.
*/
PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
(defaultRevChecker->certChainChecker,
&crlCheckerState,
plContext),
PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
PKIX_CHECK(pkix_CheckType
(crlCheckerState, PKIX_DEFAULTCRLCHECKERSTATE_TYPE, plContext),
PKIX_OBJECTNOTDEFAULTCRLCHECKERSTATE);
/* Set up CRLSelector */
PKIX_CHECK(pkix_DefaultCRLChecker_Check_SetSelector
(cert,
(pkix_DefaultCRLCheckerState *)crlCheckerState,
plContext),
PKIX_DEFAULTCRLCHECKERCHECKSETSELECTORFAILED);
PKIX_CHECK
(PKIX_CertChainChecker_SetCertChainCheckerState
(defaultRevChecker->certChainChecker,
crlCheckerState,
plContext),
PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
PKIX_CHECK(defaultRevChecker->check
(defaultRevChecker->certChainChecker,
cert,
NULL,
&nbioContext,
plContext),
PKIX_CERTCHAINCHECKERCHECKCALLBACKFAILED);
*pNBIOContext = nbioContext;
cleanup:
PKIX_DECREF(crlCheckerState);
PKIX_RETURN(REVOCATIONCHECKER);
}
/*
* FUNCTION: pkix_DefaultRevChecker_Initialize
*
* DESCRIPTION:
* Create a CertChainChecker with DefaultRevChecker.
*
* PARAMETERS
* "certStores"
* Address of CertStore List to be stored in state. Must be non-NULL.
* "testDate"
* Address of PKIX_PL_Date to be checked. May be NULL.
* "trustedPubKey"
* Address of Public Key of Trust Anchor. Must be non-NULL.
* "certsRemaining"
* Number of certificates remaining in the chain.
* "pChecker"
* Address where object pointer will be stored. Must be non-NULL.
* Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
*
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
*
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertChainChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error
*/
PKIX_Error *
pkix_DefaultRevChecker_Initialize(
PKIX_List *certStores,
PKIX_PL_Date *testDate,
PKIX_PL_PublicKey *trustedPubKey,
PKIX_UInt32 certsRemaining,
PKIX_RevocationChecker **pChecker,
void *plContext)
{
PKIX_DefaultRevocationChecker *revChecker = NULL;
PKIX_ENTER(REVOCATIONCHECKER, "pkix_DefaultRevChecker_Initialize");
PKIX_NULLCHECK_TWO(certStores, pChecker);
PKIX_CHECK(pkix_DefaultRevChecker_Create
(certStores,
testDate,
trustedPubKey,
certsRemaining,
&revChecker,
plContext),
PKIX_DEFAULTREVCHECKERCREATEFAILED);
PKIX_CHECK(PKIX_RevocationChecker_Create
(pkix_DefaultRevChecker_Check,
(PKIX_PL_Object *)revChecker,
pChecker,
plContext),
PKIX_REVOCATIONCHECKERCREATEFAILED);
cleanup:
PKIX_DECREF(revChecker);
PKIX_RETURN(REVOCATIONCHECKER);
}

78
security/nss/lib/libpkix/pkix/checker/pkix_defaultrevchecker.h Normal file
Просмотреть файл

@ -0,0 +1,78 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_defaultrevchecker.h
*
* Header file for default revocation checker
*
*/
#ifndef _PKIX_DEFAULTREVCHECKER_H
#define _PKIX_DEFAULTREVCHECKER_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
struct PKIX_DefaultRevocationCheckerStruct {
PKIX_CertChainChecker *certChainChecker;
PKIX_CertChainChecker_CheckCallback check;
PKIX_List *certStores;
PKIX_PL_Date *testDate;
PKIX_PL_PublicKey *trustedPubKey;
PKIX_UInt32 certsRemaining;
};
PKIX_Error *
pkix_DefaultRevChecker_Initialize(
PKIX_List *certStores,
PKIX_PL_Date *testDate,
PKIX_PL_PublicKey *trustedPubKey,
PKIX_UInt32 certsRemaining,
PKIX_RevocationChecker **pRevChecker,
void *plContext);
PKIX_Error *
pkix_DefaultRevocationChecker_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_DEFAULTREVCHECKER_H */

388
security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c Normal file
Просмотреть файл

@ -0,0 +1,388 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_ocspchecker.c
*
* OcspChecker Object Functions
*
*/
#include "pkix_ocspchecker.h"
/* --Private-Functions-------------------------------------------- */
/*
* FUNCTION: pkix_OcspChecker_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_OcspChecker_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
PKIX_OcspChecker *checker = NULL;
PKIX_ENTER(OCSPCHECKER, "pkix_OcspChecker_Destroy");
PKIX_NULLCHECK_ONE(object);
/* Check that this object is a ocsp checker */
PKIX_CHECK(pkix_CheckType
(object, PKIX_OCSPCHECKER_TYPE, plContext),
PKIX_OBJECTNOTOCSPCHECKER);
checker = (PKIX_OcspChecker *)object;
PKIX_DECREF(checker->response);
PKIX_DECREF(checker->validityTime);
PKIX_DECREF(checker->cert);
/* These are not yet ref-counted objects */
/* PKIX_DECREF(checker->passwordInfo); */
/* PKIX_DECREF(checker->responder); */
/* PKIX_DECREF(checker->nbioContext); */
cleanup:
PKIX_RETURN(OCSPCHECKER);
}
/*
* FUNCTION: pkix_OcspChecker_RegisterSelf
* DESCRIPTION:
* Registers PKIX_OCSPCHECKER_TYPE and its related functions with
* systemClasses[]
* THREAD SAFETY:
* Not Thread Safe - for performance and complexity reasons
*
* Since this function is only called by PKIX_PL_Initialize, which should
* only be called once, it is acceptable that this function is not
* thread-safe.
*/
PKIX_Error *
pkix_OcspChecker_RegisterSelf(void *plContext)
{
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
pkix_ClassTable_Entry entry;
PKIX_ENTER(OCSPCHECKER, "pkix_OcspChecker_RegisterSelf");
entry.description = "OcspChecker";
entry.destructor = pkix_OcspChecker_Destroy;
entry.equalsFunction = NULL;
entry.hashcodeFunction = NULL;
entry.toStringFunction = NULL;
entry.comparator = NULL;
entry.duplicateFunction = NULL;
systemClasses[PKIX_OCSPCHECKER_TYPE] = entry;
PKIX_RETURN(OCSPCHECKER);
}
/* --Public-Functions--------------------------------------------- */
/*
* FUNCTION: pkix_OcspChecker_Check (see comments in pkix_checker.h)
*/
/*
* The OCSPChecker is created in an idle state, and remains in this state until
* either (a) the default Responder has been set and enabled, and a Check
* request is received with no responder specified, or (b) a Check request is
* received with a specified responder. A request message is constructed and
* given to the HttpClient. If non-blocking I/O is used the client may return
* with WOULDBLOCK, in which case the OCSPChecker returns the WOULDBLOCK
* condition to its caller in turn. On a subsequent call the I/O is resumed.
* When a response is received it is decoded and the results provided to the
* caller.
*
*/
static PKIX_Error *
pkix_OcspChecker_Check(
PKIX_PL_Object *checkerObject,
PKIX_PL_Cert *cert,
PKIX_ProcessingParams *procParams,
void **pNBIOContext,
PKIX_UInt32 *pResultCode,
void *plContext)
{
SECErrorCodes resultCode = 0;
PKIX_Boolean uriFound = PKIX_FALSE;
PKIX_Boolean passed = PKIX_FALSE;
PKIX_OcspChecker *checker = NULL;
PKIX_PL_OcspRequest *request = NULL;
void *nbioContext = NULL;
PKIX_ENTER(OCSPCHECKER, "pkix_OcspChecker_Check");
PKIX_NULLCHECK_FOUR(checkerObject, cert, pNBIOContext, pResultCode);
PKIX_CHECK(pkix_CheckType
(checkerObject, PKIX_OCSPCHECKER_TYPE, plContext),
PKIX_OBJECTNOTOCSPCHECKER);
checker = (PKIX_OcspChecker *)checkerObject;
nbioContext = *pNBIOContext;
*pNBIOContext = 0;
/* assert(checker->nbioContext == nbioContext) */
if (nbioContext == 0) {
/* We are initiating a check, not resuming previous I/O. */
PKIX_INCREF(cert);
checker->cert = cert;
/* create request */
PKIX_CHECK(pkix_pl_OcspRequest_Create
(cert,
NULL, /* PKIX_PL_Date *validity */
PKIX_FALSE, /* PKIX_Boolean addServiceLocator */
NULL, /* PKIX_PL_Cert *signerCert */
&uriFound,
&request,
plContext),
PKIX_OCSPREQUESTCREATEFAILED);
/* No uri to check is considered passing! */
if (uriFound == PKIX_FALSE) {
passed = PKIX_TRUE;
resultCode = 0;
goto cleanup;
}
}
/* Do we already have a response object? */
if ((checker->response) == NULL) {
/* send request and create a response object */
PKIX_CHECK(pkix_pl_OcspResponse_Create
(request,
checker->responder,
checker->verifyFcn,
&nbioContext,
&(checker->response),
plContext),
PKIX_OCSPRESPONSECREATEFAILED);
if (nbioContext != 0) {
*pNBIOContext = nbioContext;
goto cleanup;
}
PKIX_CHECK(pkix_pl_OcspResponse_Decode
((checker->response), &passed, &resultCode, plContext),
PKIX_OCSPRESPONSEDECODEFAILED);
if (passed == PKIX_FALSE) {
goto cleanup;
}
PKIX_CHECK(pkix_pl_OcspResponse_GetStatus
((checker->response), &passed, &resultCode, plContext),
PKIX_OCSPRESPONSEGETSTATUSRETURNEDANERROR);
if (passed == PKIX_FALSE) {
goto cleanup;
}
}
PKIX_CHECK(pkix_pl_OcspResponse_VerifySignature
((checker->response),
cert,
procParams,
&passed,
&resultCode,
&nbioContext,
plContext),
PKIX_OCSPRESPONSEVERIFYSIGNATUREFAILED);
if (nbioContext != 0) {
*pNBIOContext = nbioContext;
goto cleanup;
}
if (passed == PKIX_FALSE) {
goto cleanup;
}
PKIX_CHECK(pkix_pl_OcspResponse_GetStatusForCert
((checker->response), &passed, &resultCode, plContext),
PKIX_OCSPRESPONSEGETSTATUSFORCERTFAILED);
cleanup:
*pResultCode = (PKIX_UInt32)resultCode;
PKIX_DECREF(request);
PKIX_DECREF(checker->response);
PKIX_RETURN(OCSPCHECKER);
}
/*
* FUNCTION: pkix_OcspChecker_Create
*/
PKIX_Error *
pkix_OcspChecker_Create(
PKIX_PL_Date *validityTime,
void *passwordInfo,
void *responder,
PKIX_OcspChecker **pChecker,
void *plContext)
{
PKIX_OcspChecker *checkerObject = NULL;
PKIX_RevocationChecker *revChecker = NULL;
PKIX_ENTER(OCSPCHECKER, "pkix_OcspChecker_Create");
PKIX_NULLCHECK_ONE(pChecker);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_OCSPCHECKER_TYPE,
sizeof (PKIX_OcspChecker),
(PKIX_PL_Object **)&checkerObject,
plContext),
PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT);
/* initialize fields */
checkerObject->response = NULL;
PKIX_INCREF(validityTime);
checkerObject->validityTime = validityTime;
checkerObject->clientIsDefault = PKIX_FALSE;
checkerObject->verifyFcn = NULL;
checkerObject->cert = NULL;
/* These void*'s will need INCREFs if they become PKIX_PL_Objects */
checkerObject->passwordInfo = passwordInfo;
checkerObject->responder = responder;
checkerObject->nbioContext = NULL;
*pChecker = checkerObject;
cleanup:
PKIX_RETURN(OCSPCHECKER);
}
/*
* FUNCTION: PKIX_OcspChecker_SetPasswordInfo
* (see comments in pkix_checker.h)
*/
PKIX_Error *
PKIX_OcspChecker_SetPasswordInfo(
PKIX_OcspChecker *checker,
void *passwordInfo,
void *plContext)
{
PKIX_ENTER(OCSPCHECKER, "PKIX_OcspChecker_SetPasswordInfo");
PKIX_NULLCHECK_ONE(checker);
checker->passwordInfo = passwordInfo;
PKIX_RETURN(OCSPCHECKER);
}
/*
* FUNCTION: PKIX_OcspChecker_SetOCSPResponder
* (see comments in pkix_checker.h)
*/
PKIX_Error *
PKIX_OcspChecker_SetOCSPResponder(
PKIX_OcspChecker *checker,
void *ocspResponder,
void *plContext)
{
PKIX_ENTER(OCSPCHECKER, "PKIX_OcspChecker_SetOCSPResponder");
PKIX_NULLCHECK_ONE(checker);
checker->responder = ocspResponder;
PKIX_RETURN(OCSPCHECKER);
}
/*
* FUNCTION: PKIX_OcspChecker_SetVerifyFcn
* (see comments in pkix_checker.h)
*/
PKIX_Error *
PKIX_OcspChecker_SetVerifyFcn(
PKIX_OcspChecker *checker,
PKIX_PL_OcspResponse_VerifyCallback verifyFcn,
void *plContext)
{
PKIX_ENTER(OCSPCHECKER, "PKIX_OcspChecker_SetVerifyFcn");
PKIX_NULLCHECK_ONE(checker);
checker->verifyFcn = verifyFcn;
PKIX_RETURN(OCSPCHECKER);
}
PKIX_Error *
PKIX_OcspChecker_Initialize(
PKIX_PL_Date *validityTime,
void *passwordInfo,
void *responder,
PKIX_RevocationChecker **pChecker,
void *plContext)
{
PKIX_OcspChecker *oChecker = NULL;
PKIX_ENTER(OCSPCHECKER, "PKIX_OcspChecker_Initialize");
PKIX_NULLCHECK_ONE(pChecker);
PKIX_CHECK(pkix_OcspChecker_Create
(validityTime, passwordInfo, responder, &oChecker, plContext),
PKIX_OCSPCHECKERCREATEFAILED);
PKIX_CHECK(PKIX_RevocationChecker_Create
(pkix_OcspChecker_Check,
(PKIX_PL_Object *)oChecker,
pChecker,
plContext),
PKIX_REVOCATIONCHECKERCREATEFAILED);
cleanup:
PKIX_DECREF(oChecker);
PKIX_RETURN(OCSPCHECKER);
}

98
security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h Normal file
Просмотреть файл

@ -0,0 +1,98 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_ocspchecker.h
*
* OcspChecker Object Type Definition
*
*/
#ifndef _PKIX_OCSPCHECKER_H
#define _PKIX_OCSPCHECKER_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
struct PKIX_OcspCheckerStruct {
PKIX_PL_OcspResponse *response;
PKIX_PL_Date *validityTime;
PKIX_Boolean clientIsDefault;
void *passwordInfo;
void *responder;
PKIX_PL_OcspResponse_VerifyCallback verifyFcn;
void *nbioContext;
PKIX_PL_Cert *cert;
};
/* see source file for function documentation */
PKIX_Error *pkix_OcspChecker_RegisterSelf(void *plContext);
PKIX_Error *
PKIX_OcspChecker_SetPasswordInfo(
PKIX_OcspChecker *checker,
void *passwordInfo,
void *plContext);
PKIX_Error *
PKIX_OcspChecker_SetOCSPResponder(
PKIX_OcspChecker *checker,
void *ocspResponder,
void *plContext);
PKIX_Error *
PKIX_OcspChecker_SetVerifyFcn(
PKIX_OcspChecker *checker,
PKIX_PL_OcspResponse_VerifyCallback verifyFcn,
void *plContext);
PKIX_Error *
PKIX_OcspChecker_Initialize(
PKIX_PL_Date *validityTime,
void *passwordInfo,
void *responder,
PKIX_RevocationChecker **pChecker,
void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_OCSPCHECKER_H */

235
security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c Executable file
Просмотреть файл

@ -0,0 +1,235 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_revocationchecker.c
*
* RevocationChecker Object Functions
*
*/
#include "pkix_revocationchecker.h"
/* --Private-Functions-------------------------------------------- */
/*
* FUNCTION: pkix_RevocationChecker_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_RevocationChecker_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
PKIX_RevocationChecker *checker = NULL;
PKIX_ENTER(REVOCATIONCHECKER, "pkix_RevocationChecker_Destroy");
PKIX_NULLCHECK_ONE(object);
/* Check that this object is a revocation checker */
PKIX_CHECK(pkix_CheckType
(object, PKIX_REVOCATIONCHECKER_TYPE, plContext),
PKIX_OBJECTNOTREVOCATIONCHECKER);
checker = (PKIX_RevocationChecker *)object;
PKIX_DECREF(checker->revCheckerContext);
cleanup:
PKIX_RETURN(REVOCATIONCHECKER);
}
/*
* FUNCTION: pkix_RevocationChecker_Duplicate
* (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_RevocationChecker_Duplicate(
PKIX_PL_Object *object,
PKIX_PL_Object **pNewObject,
void *plContext)
{
PKIX_RevocationChecker *checker = NULL;
PKIX_RevocationChecker *checkerDuplicate = NULL;
PKIX_PL_Object *contextDuplicate = NULL;
PKIX_ENTER(REVOCATIONCHECKER, "pkix_RevocationChecker_Duplicate");
PKIX_NULLCHECK_TWO(object, pNewObject);
PKIX_CHECK(pkix_CheckType
(object, PKIX_REVOCATIONCHECKER_TYPE, plContext),
PKIX_OBJECTNOTCERTCHAINCHECKER);
checker = (PKIX_RevocationChecker *)object;
if (checker->revCheckerContext){
PKIX_CHECK(PKIX_PL_Object_Duplicate
((PKIX_PL_Object *)checker->revCheckerContext,
(PKIX_PL_Object **)&contextDuplicate,
plContext),
PKIX_OBJECTDUPLICATEFAILED);
}
PKIX_CHECK(PKIX_RevocationChecker_Create
(checker->checkCallback,
contextDuplicate,
&checkerDuplicate,
plContext),
PKIX_REVOCATIONCHECKERCREATEFAILED);
*pNewObject = (PKIX_PL_Object *)checkerDuplicate;
cleanup:
PKIX_DECREF(contextDuplicate);
PKIX_RETURN(REVOCATIONCHECKER);
}
/*
* FUNCTION: pkix_RevocationChecker_RegisterSelf
* DESCRIPTION:
* Registers PKIX_REVOCATIONCHECKER_TYPE and its related functions with
* systemClasses[]
* THREAD SAFETY:
* Not Thread Safe - for performance and complexity reasons
*
* Since this function is only called by PKIX_PL_Initialize, which should
* only be called once, it is acceptable that this function is not
* thread-safe.
*/
PKIX_Error *
pkix_RevocationChecker_RegisterSelf(void *plContext)
{
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
pkix_ClassTable_Entry entry;
PKIX_ENTER(REVOCATIONCHECKER, "pkix_RevocationChecker_RegisterSelf");
entry.description = "RevocationChecker";
entry.destructor = pkix_RevocationChecker_Destroy;
entry.equalsFunction = NULL;
entry.hashcodeFunction = NULL;
entry.toStringFunction = NULL;
entry.comparator = NULL;
entry.duplicateFunction = pkix_RevocationChecker_Duplicate;
systemClasses[PKIX_REVOCATIONCHECKER_TYPE] = entry;
PKIX_RETURN(REVOCATIONCHECKER);
}
/* --Public-Functions--------------------------------------------- */
/*
* FUNCTION: PKIX_RevocationChecker_Create (see comments in pkix_checker.h)
*/
PKIX_Error *
PKIX_RevocationChecker_Create(
PKIX_RevocationChecker_RevCallback callback,
PKIX_PL_Object *revCheckerContext,
PKIX_RevocationChecker **pChecker,
void *plContext)
{
PKIX_RevocationChecker *checker = NULL;
PKIX_ENTER(REVOCATIONCHECKER, "PKIX_RevocationChecker_Create");
PKIX_NULLCHECK_ONE(pChecker);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_REVOCATIONCHECKER_TYPE,
sizeof (PKIX_RevocationChecker),
(PKIX_PL_Object **)&checker,
plContext),
PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT);
/* initialize fields */
checker->checkCallback = callback;
PKIX_INCREF(revCheckerContext);
checker->revCheckerContext = revCheckerContext;
*pChecker = checker;
cleanup:
PKIX_RETURN(REVOCATIONCHECKER);
}
/*
* FUNCTION: PKIX_RevocationChecker_GetCheckCallback
* (see comments in pkix_checker.h)
*/
PKIX_Error *
PKIX_RevocationChecker_GetRevCallback(
PKIX_RevocationChecker *checker,
PKIX_RevocationChecker_RevCallback *pCallback,
void *plContext)
{
PKIX_ENTER
(REVOCATIONCHECKER, "PKIX_RevocationChecker_GetRevCallback");
PKIX_NULLCHECK_TWO(checker, pCallback);
*pCallback = checker->checkCallback;
PKIX_RETURN(REVOCATIONCHECKER);
}
/*
* FUNCTION: PKIX_RevocationChecker_GetRevCheckerContext
* (see comments in pkix_checker.h)
*/
PKIX_Error *
PKIX_RevocationChecker_GetRevCheckerContext(
PKIX_RevocationChecker *checker,
PKIX_PL_Object **pRevCheckerContext,
void *plContext)
{
PKIX_ENTER(REVOCATIONCHECKER,
"PKIX_RevocationChecker_GetRevCheckerContext");
PKIX_NULLCHECK_TWO(checker, pRevCheckerContext);
PKIX_INCREF(checker->revCheckerContext);
*pRevCheckerContext = checker->revCheckerContext;
PKIX_RETURN(REVOCATIONCHECKER);
}

66
security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h Executable file
Просмотреть файл

@ -0,0 +1,66 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_revocationchecker.h
*
* RevocationChecker Object Type Definition
*
*/
#ifndef _PKIX_REVOCATIONCHECKER_H
#define _PKIX_REVOCATIONCHECKER_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
struct PKIX_RevocationCheckerStruct {
PKIX_RevocationChecker_RevCallback checkCallback;
PKIX_PL_Object *revCheckerContext;
};
/* see source file for function documentation */
PKIX_Error *pkix_RevocationChecker_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_REVOCATIONCHECKER_H */

47
security/nss/lib/libpkix/pkix/config.mk Executable file
Просмотреть файл

@ -0,0 +1,47 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#
# Override TARGETS variable so that only static libraries
# are specifed as dependencies within rules.mk.
#
TARGETS = $(LIBRARY)
SHARED_LIBRARY =
IMPORT_LIBRARY =
PROGRAM =

80
security/nss/lib/libpkix/pkix/crlsel/Makefile Executable file
Просмотреть файл

@ -0,0 +1,80 @@
#! gmake
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include config.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
export:: private_export

47
security/nss/lib/libpkix/pkix/crlsel/config.mk Executable file
Просмотреть файл

@ -0,0 +1,47 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#
# Override TARGETS variable so that only static libraries
# are specifed as dependencies within rules.mk.
#
TARGETS = $(LIBRARY)
SHARED_LIBRARY =
IMPORT_LIBRARY =
PROGRAM =

57
security/nss/lib/libpkix/pkix/crlsel/manifest.mn Executable file
Просмотреть файл

@ -0,0 +1,57 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CORE_DEPTH = ../../../../..
EXPORTS = \
$(NULL)
PRIVATE_EXPORTS = \
pkix_comcrlselparams.h \
pkix_crlselector.h \
$(NULL)
MODULE = nss
CSRCS = \
pkix_crlselector.c \
pkix_comcrlselparams.c \
$(NULL)
REQUIRES = dbm
LIBRARY_NAME = crlsel

784
security/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.c Executable file
Просмотреть файл

@ -0,0 +1,784 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_comcrlselparams.c
*
* ComCRLSelParams Function Definitions
*
*/
#include "pkix_comcrlselparams.h"
/* --ComCRLSelParams-Private-Functions------------------------------------ */
/*
* FUNCTION: pkix_ComCrlSelParams_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ComCRLSelParams_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
PKIX_ComCRLSelParams *params = NULL;
PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_Destroy");
PKIX_NULLCHECK_ONE(object);
PKIX_CHECK(pkix_CheckType
(object, PKIX_COMCRLSELPARAMS_TYPE, plContext),
PKIX_OBJECTNOTCOMCRLSELPARAMS);
params = (PKIX_ComCRLSelParams *)object;
PKIX_DECREF(params->issuerNames);
PKIX_DECREF(params->cert);
PKIX_DECREF(params->date);
PKIX_DECREF(params->maxCRLNumber);
PKIX_DECREF(params->minCRLNumber);
cleanup:
PKIX_RETURN(COMCRLSELPARAMS);
}
/*
* FUNCTION: pkix_ComCRLSelParams_ToString_Helper
* DESCRIPTION:
*
* Helper function that creates a string representation of ComCRLSelParams
* pointed to by "crlParams" and stores the result at "pString".
*
* PARAMETERS
* "crlParams"
* Address of ComCRLSelParams whose string representation is desired.
* Must be non-NULL.
* "pString"
* Address of object pointer's destination. Must be non-NULL.
* "plContext" - Platform-specific context pointer.
*
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
*
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLEntry Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_ComCRLSelParams_ToString_Helper(
PKIX_ComCRLSelParams *crlParams,
PKIX_PL_String **pString,
void *plContext)
{
PKIX_PL_String *crlIssuerNamesString = NULL;
PKIX_PL_String *crlDateString = NULL;
PKIX_PL_String *crlMaxCRLNumberString = NULL;
PKIX_PL_String *crlMinCRLNumberString = NULL;
PKIX_PL_String *crlCertString = NULL;
PKIX_PL_String *crlParamsString = NULL;
char *asciiFormat = NULL;
PKIX_PL_String *formatString = NULL;
PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_ToString_Helper");
PKIX_NULLCHECK_TWO(crlParams, pString);
asciiFormat =
"\n\t[\n"
"\tIssuerNames: %s\n"
"\tDate: %s\n"
"\tmaxCRLNumber: %s\n"
"\tminCRLNumber: %s\n"
"\tCertificate: %s\n"
"\t]\n";
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
asciiFormat,
0,
&formatString,
plContext),
PKIX_STRINGCREATEFAILED);
PKIX_TOSTRING
(crlParams->issuerNames, &crlIssuerNamesString, plContext,
PKIX_LISTTOSTRINGFAILED);
PKIX_TOSTRING(crlParams->date, &crlDateString, plContext,
PKIX_DATETOSTRINGFAILED);
PKIX_TOSTRING
(crlParams->maxCRLNumber, &crlMaxCRLNumberString, plContext,
PKIX_BIGINTTOSTRINGFAILED);
PKIX_TOSTRING
(crlParams->minCRLNumber, &crlMinCRLNumberString, plContext,
PKIX_BIGINTTOSTRINGFAILED);
PKIX_TOSTRING(crlParams->cert, &crlCertString, plContext,
PKIX_CERTTOSTRINGFAILED);
PKIX_CHECK(PKIX_PL_Sprintf
(&crlParamsString,
plContext,
formatString,
crlIssuerNamesString,
crlDateString,
crlMaxCRLNumberString,
crlMinCRLNumberString,
crlCertString),
PKIX_SPRINTFFAILED);
*pString = crlParamsString;
cleanup:
PKIX_DECREF(crlIssuerNamesString);
PKIX_DECREF(crlDateString);
PKIX_DECREF(crlMaxCRLNumberString);
PKIX_DECREF(crlMinCRLNumberString);
PKIX_DECREF(crlCertString);
PKIX_DECREF(formatString);
PKIX_RETURN(COMCRLSELPARAMS);
}
/*
* FUNCTION: pkix_ComCRLSelParams_ToString
* (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ComCRLSelParams_ToString(
PKIX_PL_Object *object,
PKIX_PL_String **pString,
void *plContext)
{
PKIX_PL_String *crlParamsString = NULL;
PKIX_ComCRLSelParams *crlParams = NULL;
PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_ToString");
PKIX_NULLCHECK_TWO(object, pString);
PKIX_CHECK(pkix_CheckType(object, PKIX_COMCRLSELPARAMS_TYPE, plContext),
PKIX_OBJECTNOTCOMCRLSELPARAMS);
crlParams = (PKIX_ComCRLSelParams *) object;
PKIX_CHECK(pkix_ComCRLSelParams_ToString_Helper
(crlParams, &crlParamsString, plContext),
PKIX_COMCRLSELPARAMSTOSTRINGHELPERFAILED);
*pString = crlParamsString;
cleanup:
PKIX_RETURN(COMCRLSELPARAMS);
}
/*
* FUNCTION: pkix_ComCRLSelParams_Hashcode
* (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ComCRLSelParams_Hashcode(
PKIX_PL_Object *object,
PKIX_UInt32 *pHashcode,
void *plContext)
{
PKIX_ComCRLSelParams *crlParams = NULL;
PKIX_UInt32 namesHash = 0;
PKIX_UInt32 certHash = 0;
PKIX_UInt32 dateHash = 0;
PKIX_UInt32 maxCRLNumberHash = 0;
PKIX_UInt32 minCRLNumberHash = 0;
PKIX_UInt32 hash = 0;
PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_Hashcode");
PKIX_NULLCHECK_TWO(object, pHashcode);
PKIX_CHECK(pkix_CheckType(object, PKIX_COMCRLSELPARAMS_TYPE, plContext),
PKIX_OBJECTNOTCOMCRLSELPARAMS);
crlParams = (PKIX_ComCRLSelParams *)object;
PKIX_HASHCODE(crlParams->issuerNames, &namesHash, plContext,
PKIX_OBJECTHASHCODEFAILED);
PKIX_HASHCODE(crlParams->cert, &certHash, plContext,
PKIX_OBJECTHASHCODEFAILED);
PKIX_HASHCODE(crlParams->date, &dateHash, plContext,
PKIX_OBJECTHASHCODEFAILED);
PKIX_HASHCODE(crlParams->maxCRLNumber, &maxCRLNumberHash, plContext,
PKIX_OBJECTHASHCODEFAILED);
PKIX_HASHCODE(crlParams->minCRLNumber, &minCRLNumberHash, plContext,
PKIX_OBJECTHASHCODEFAILED);
hash = (((namesHash << 3) + certHash) << 3) + dateHash;
hash = (hash << 3) + maxCRLNumberHash + minCRLNumberHash;
*pHashcode = hash;
cleanup:
PKIX_RETURN(COMCRLSELPARAMS);
}
/*
* FUNCTION: pkix_ComCRLSelParams_Equals
* (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ComCRLSelParams_Equals(
PKIX_PL_Object *firstObject,
PKIX_PL_Object *secondObject,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_ComCRLSelParams *firstCrlParams = NULL;
PKIX_ComCRLSelParams *secondCrlParams = NULL;
PKIX_UInt32 secondType;
PKIX_Boolean cmpResult = PKIX_FALSE;
PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_Equals");
PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
/* test that firstObject is a ComCRLSelParams */
PKIX_CHECK(pkix_CheckType
(firstObject, PKIX_COMCRLSELPARAMS_TYPE, plContext),
PKIX_FIRSTOBJECTNOTCOMCRLSELPARAMS);
firstCrlParams = (PKIX_ComCRLSelParams *)firstObject;
secondCrlParams = (PKIX_ComCRLSelParams *)secondObject;
/*
* Since we know firstObject is a ComCRLSelParams, if both references
* are identical, they must be equal
*/
if (firstCrlParams == secondCrlParams){
*pResult = PKIX_TRUE;
goto cleanup;
}
/*
* If secondComCRLSelParams isn't a ComCRLSelParams, we don't
* throw an error. We simply return a Boolean result of FALSE
*/
*pResult = PKIX_FALSE;
PKIX_CHECK(PKIX_PL_Object_GetType
((PKIX_PL_Object *)secondCrlParams, &secondType, plContext),
PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
if (secondType != PKIX_COMCRLSELPARAMS_TYPE) {
goto cleanup;
}
/* Compare Issuer Names */
PKIX_EQUALS
(firstCrlParams->issuerNames,
secondCrlParams->issuerNames,
&cmpResult,
plContext,
PKIX_LISTEQUALSFAILED);
if (cmpResult != PKIX_TRUE) {
goto cleanup;
}
/* Compare Date */
PKIX_EQUALS
(firstCrlParams->date,
secondCrlParams->date,
&cmpResult,
plContext,
PKIX_DATEEQUALSFAILED);
if (cmpResult != PKIX_TRUE) {
goto cleanup;
}
/* Compare Max CRL Number */
PKIX_EQUALS
(firstCrlParams->maxCRLNumber,
secondCrlParams->maxCRLNumber,
&cmpResult,
plContext,
PKIX_BIGINTEQUALSFAILED);
if (cmpResult != PKIX_TRUE) {
goto cleanup;
}
/* Compare Min CRL Number */
PKIX_EQUALS
(firstCrlParams->minCRLNumber,
secondCrlParams->minCRLNumber,
&cmpResult,
plContext,
PKIX_BIGINTEQUALSFAILED);
if (cmpResult != PKIX_TRUE) {
goto cleanup;
}
/* Compare Cert */
PKIX_EQUALS
(firstCrlParams->cert,
secondCrlParams->cert,
&cmpResult,
plContext,
PKIX_CERTEQUALSFAILED);
*pResult = cmpResult;
cleanup:
PKIX_RETURN(COMCRLSELPARAMS);
}
/*
* FUNCTION: pkix_ComCRLSelParams_Duplicate
* (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ComCRLSelParams_Duplicate(
PKIX_PL_Object *object,
PKIX_PL_Object **pNewObject,
void *plContext)
{
PKIX_ComCRLSelParams *old;
PKIX_ComCRLSelParams *new;
PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_Duplicate");
PKIX_NULLCHECK_TWO(object, pNewObject);
PKIX_CHECK(pkix_CheckType(object, PKIX_COMCRLSELPARAMS_TYPE, plContext),
PKIX_OBJECTNOTCOMCRLSELPARAMS);
old = (PKIX_ComCRLSelParams *)object;
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_COMCRLSELPARAMS_TYPE,
(PKIX_UInt32)(sizeof (PKIX_ComCRLSelParams)),
(PKIX_PL_Object **)&new,
plContext),
PKIX_OBJECTALLOCFAILED);
PKIX_DUPLICATE(old->cert, &new->cert, plContext,
PKIX_OBJECTDUPLICATECERTFAILED);
PKIX_DUPLICATE(old->issuerNames, &new->issuerNames, plContext,
PKIX_OBJECTDUPLICATEISSUERNAMESFAILED);
PKIX_DUPLICATE(old->date, &new->date, plContext,
PKIX_OBJECTDUPLICATEDATEFAILED);
PKIX_DUPLICATE(old->maxCRLNumber, &new->maxCRLNumber, plContext,
PKIX_OBJECTDUPLICATEMAXCRLNUMBERFAILED);
PKIX_DUPLICATE(old->minCRLNumber, &new->minCRLNumber, plContext,
PKIX_OBJECTDUPLICATEMINCRLNUMBERFAILED);
*pNewObject = (PKIX_PL_Object *)new;
cleanup:
if (PKIX_ERROR_RECEIVED){
PKIX_DECREF(new);
}
PKIX_RETURN(COMCRLSELPARAMS);
}
/*
* FUNCTION: pkix_ComCrlSelParams_RegisterSelf
* DESCRIPTION:
* Registers PKIX_COMCRLSELPARAMS_TYPE and its related functions with
* systemClasses[]
* THREAD SAFETY:
* Not Thread Safe - for performance and complexity reasons
*
* Since this function is only called by PKIX_PL_Initialize, which should
* only be called once, it is acceptable that this function is not
* thread-safe.
*/
PKIX_Error *
pkix_ComCRLSelParams_RegisterSelf(void *plContext)
{
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
pkix_ClassTable_Entry entry;
PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_RegisterSelf");
entry.description = "ComCRLSelParams";
entry.destructor = pkix_ComCRLSelParams_Destroy;
entry.equalsFunction = pkix_ComCRLSelParams_Equals;
entry.hashcodeFunction = pkix_ComCRLSelParams_Hashcode;
entry.toStringFunction = pkix_ComCRLSelParams_ToString;
entry.comparator = NULL;
entry.duplicateFunction = pkix_ComCRLSelParams_Duplicate;
systemClasses[PKIX_COMCRLSELPARAMS_TYPE] = entry;
PKIX_RETURN(COMCRLSELPARAMS);
}
/* --ComCRLSelParams-Public-Functions------------------------------------- */
/*
* FUNCTION: PKIX_ComCRLSelParams_Create (see comments in pkix_crlsel.h)
*/
PKIX_Error *
PKIX_ComCRLSelParams_Create(
PKIX_ComCRLSelParams **pParams,
void *plContext)
{
PKIX_ComCRLSelParams *params = NULL;
PKIX_ENTER(COMCRLSELPARAMS, "PKIX_ComCRLSelParams_Create");
PKIX_NULLCHECK_ONE(pParams);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_COMCRLSELPARAMS_TYPE,
sizeof (PKIX_ComCRLSelParams),
(PKIX_PL_Object **)&params,
plContext),
PKIX_COULDNOTCREATECOMMONCRLSELECTORPARAMSOBJECT);
/* initialize fields */
params->issuerNames = NULL;
params->cert = NULL;
params->date = NULL;
params->maxCRLNumber = NULL;
params->minCRLNumber = NULL;
*pParams = params;
cleanup:
PKIX_RETURN(COMCRLSELPARAMS);
}
/*
* FUNCTION: PKIX_ComCRLSelParams_GetIssuerNames (see comments in pkix_crlsel.h)
*/
PKIX_Error *
PKIX_ComCRLSelParams_GetIssuerNames(
PKIX_ComCRLSelParams *params,
PKIX_List **pIssuerNames,
void *plContext)
{
PKIX_ENTER(COMCRLSELPARAMS, "PKIX_ComCRLSelParams_GetIssuerNames");
PKIX_NULLCHECK_TWO(params, pIssuerNames);
PKIX_INCREF(params->issuerNames);
*pIssuerNames = params->issuerNames;
PKIX_RETURN(COMCRLSELPARAMS);
}
/*
* FUNCTION: PKIX_ComCRLSelParams_SetIssuerNames (see comments in pkix_crlsel.h)
*/
PKIX_Error *
PKIX_ComCRLSelParams_SetIssuerNames(
PKIX_ComCRLSelParams *params,
PKIX_List *names,
void *plContext)
{
PKIX_ENTER(COMCRLSELPARAMS, "PKIX_ComCRLSelParams_SetIssuerNames");
PKIX_NULLCHECK_ONE(params); /* allows null for names from spec */
PKIX_DECREF(params->issuerNames);
PKIX_INCREF(names); /* if NULL, allows to reset for no action */
params->issuerNames = names;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(COMCRLSELPARAMS);
}
/*
* FUNCTION: PKIX_ComCRLSelParams_AddIssuerName (see comments in pkix_crlsel.h)
*/
PKIX_Error *
PKIX_ComCRLSelParams_AddIssuerName(
PKIX_ComCRLSelParams *params,
PKIX_PL_X500Name *name,
void *plContext)
{
PKIX_List *list = NULL;
PKIX_ENTER(COMCRLSELPARAMS, "PKIX_ComCRLSelParams_AddIssuerName");
PKIX_NULLCHECK_ONE(params);
if (name != NULL) {
if (params->issuerNames == NULL) {
PKIX_CHECK(PKIX_List_Create(&list, plContext),
PKIX_LISTCREATEFAILED);
params->issuerNames = list;
}
PKIX_CHECK(PKIX_List_AppendItem
(params->issuerNames, (PKIX_PL_Object *)name, plContext),
PKIX_LISTAPPENDITEMFAILED);
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
}
cleanup:
PKIX_RETURN(COMCRLSELPARAMS);
}
/*
* FUNCTION: PKIX_ComCRLSelParams_GetCertificateChecking
* (see comments in pkix_crlsel.h)
*/
PKIX_Error *
PKIX_ComCRLSelParams_GetCertificateChecking(
PKIX_ComCRLSelParams *params,
PKIX_PL_Cert **pCert,
void *plContext)
{
PKIX_ENTER(COMCRLSELPARAMS,
"PKIX_ComCRLSelParams_GetCertificateChecking");
PKIX_NULLCHECK_TWO(params, pCert);
PKIX_INCREF(params->cert);
*pCert = params->cert;
PKIX_RETURN(COMCRLSELPARAMS);
}
/*
* FUNCTION: PKIX_ComCRLSelParams_SetCertificateChecking
* (see comments in pkix_crlsel.h)
*/
PKIX_Error *
PKIX_ComCRLSelParams_SetCertificateChecking(
PKIX_ComCRLSelParams *params,
PKIX_PL_Cert *cert,
void *plContext)
{
PKIX_ENTER(COMCRLSELPARAMS,
"PKIX_ComCRLSelParams_SetCertificateChecking");
PKIX_NULLCHECK_ONE(params); /* allows cert to be NULL from spec */
PKIX_DECREF(params->cert);
PKIX_INCREF(cert);
params->cert = cert;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(COMCRLSELPARAMS);
}
/*
* FUNCTION: PKIX_ComCRLSelParams_GetDateAndTime (see comments in pkix_crlsel.h)
*/
PKIX_Error *
PKIX_ComCRLSelParams_GetDateAndTime(
PKIX_ComCRLSelParams *params,
PKIX_PL_Date **pDate,
void *plContext)
{
PKIX_ENTER(COMCRLSELPARAMS,
"PKIX_ComCRLSelParams_GetDateAndTime");
PKIX_NULLCHECK_TWO(params, pDate);
PKIX_INCREF(params->date);
*pDate = params->date;
PKIX_RETURN(COMCRLSELPARAMS);
}
/*
* FUNCTION: PKIX_ComCRLSelParams_SetDateAndTime (see comments in pkix_crlsel.h)
*/
PKIX_Error *
PKIX_ComCRLSelParams_SetDateAndTime(
PKIX_ComCRLSelParams *params,
PKIX_PL_Date *date,
void *plContext)
{
PKIX_ENTER(COMCRLSELPARAMS,
"PKIX_ComCRLSelParams_SetDateAndTime");
PKIX_NULLCHECK_ONE(params); /* allows date to be NULL from spec */
PKIX_DECREF (params->date);
PKIX_INCREF(date);
params->date = date;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(COMCRLSELPARAMS);
}
/*
* FUNCTION: PKIX_ComCRLSelParams_GetMaxCRLNumber
* (see comments in pkix_crlsel.h)
*/
PKIX_Error *
PKIX_ComCRLSelParams_GetMaxCRLNumber(
PKIX_ComCRLSelParams *params,
PKIX_PL_BigInt **pMaxCRLNumber,
void *plContext)
{
PKIX_ENTER(COMCRLSELPARAMS,
"PKIX_ComCRLSelParams_GetMaxCRLNumber");
PKIX_NULLCHECK_TWO(params, pMaxCRLNumber);
PKIX_INCREF(params->maxCRLNumber);
*pMaxCRLNumber = params->maxCRLNumber;
PKIX_RETURN(COMCRLSELPARAMS);
}
/*
* FUNCTION: PKIX_ComCRLSelParams_SetMaxCRLNumber
* (see comments in pkix_crlsel.h)
*/
PKIX_Error *
PKIX_ComCRLSelParams_SetMaxCRLNumber(
PKIX_ComCRLSelParams *params,
PKIX_PL_BigInt *maxCRLNumber,
void *plContext)
{
PKIX_ENTER(COMCRLSELPARAMS,
"PKIX_ComCRLSelParams_SetMaxCRLNumber");
PKIX_NULLCHECK_ONE(params); /* maxCRLNumber can be NULL - from spec */
PKIX_DECREF(params->maxCRLNumber);
PKIX_INCREF(maxCRLNumber);
params->maxCRLNumber = maxCRLNumber;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(COMCRLSELPARAMS);
}
/*
* FUNCTION: PKIX_ComCRLSelParams_GetMinCRLNumber
* (see comments in pkix_crlsel.h)
*/
PKIX_Error *
PKIX_ComCRLSelParams_GetMinCRLNumber(
PKIX_ComCRLSelParams *params,
PKIX_PL_BigInt **pMinCRLNumber,
void *plContext)
{
PKIX_ENTER(COMCRLSELPARAMS,
"PKIX_ComCRLSelParams_GetMinCRLNumber");
PKIX_NULLCHECK_TWO(params, pMinCRLNumber);
PKIX_INCREF(params->minCRLNumber);
*pMinCRLNumber = params->minCRLNumber;
PKIX_RETURN(COMCRLSELPARAMS);
}
/*
* FUNCTION: PKIX_ComCRLSelParams_SetMinCRLNumber
* (see comments in pkix_crlsel.h)
*/
PKIX_Error *
PKIX_ComCRLSelParams_SetMinCRLNumber(
PKIX_ComCRLSelParams *params,
PKIX_PL_BigInt *minCRLNumber,
void *plContext)
{
PKIX_ENTER(COMCRLSELPARAMS,
"PKIX_ComCRLSelParams_SetMinCRLNumber");
PKIX_NULLCHECK_ONE(params); /* minCRLNumber can be NULL - from spec */
PKIX_DECREF(params->minCRLNumber);
PKIX_INCREF(minCRLNumber);
params->minCRLNumber = minCRLNumber;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)params, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(COMCRLSELPARAMS);
}

69
security/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.h Executable file
Просмотреть файл

@ -0,0 +1,69 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_comcrlselparams.h
*
* ComCrlSelParams Object Type Definition
*
*/
#ifndef _PKIX_COMCRLSELPARAMS_H
#define _PKIX_COMCRLSELPARAMS_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
struct PKIX_ComCRLSelParamsStruct {
PKIX_List *issuerNames; /* list of PKIX_PL_X500Name */
PKIX_PL_Cert *cert; /* certificate being checked */
PKIX_PL_Date *date;
PKIX_PL_BigInt *maxCRLNumber;
PKIX_PL_BigInt *minCRLNumber;
};
/* see source file for function documentation */
PKIX_Error *pkix_ComCRLSelParams_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_COMCRLSELPARAMS_H */

821
security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c Executable file
Просмотреть файл

@ -0,0 +1,821 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_crlselector.c
*
* CRLSelector Function Definitions
*
*/
#include "pkix_crlselector.h"
/* --CRLSelector Private-Functions-------------------------------------- */
/*
* FUNCTION: pkix_CRLSelector_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_CRLSelector_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
PKIX_CRLSelector *selector = NULL;
PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Destroy");
PKIX_NULLCHECK_ONE(object);
PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext),
PKIX_OBJECTNOTCRLSELECTOR);
selector = (PKIX_CRLSelector *)object;
selector->matchCallback = NULL;
PKIX_DECREF(selector->params);
PKIX_DECREF(selector->context);
cleanup:
PKIX_RETURN(CRLSELECTOR);
}
/*
* FUNCTION: pkix_CRLSelector_ToString_Helper
*
* DESCRIPTION:
* Helper function that creates a string representation of CRLSelector
* pointed to by "crlParams" and stores its address in the object pointed to
* by "pString".
*
* PARAMETERS
* "list"
* Address of CRLSelector whose string representation is desired.
* Must be non-NULL.
* "pString"
* Address of object pointer's destination. Must be non-NULL.
* "plContext" - Platform-specific context pointer.
*
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
*
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_CRLSelector_ToString_Helper(
PKIX_CRLSelector *crlSelector,
PKIX_PL_String **pString,
void *plContext)
{
PKIX_PL_String *crlSelectorString = NULL;
PKIX_PL_String *formatString = NULL;
PKIX_PL_String *crlParamsString = NULL;
PKIX_PL_String *crlContextString = NULL;
char *asciiFormat = NULL;
PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_ToString_Helper");
PKIX_NULLCHECK_TWO(crlSelector, pString);
PKIX_NULLCHECK_ONE(crlSelector->params);
asciiFormat =
"\n\t[\n"
"\tMatchCallback: 0x%x\n"
"\tParams: %s\n"
"\tContext: %s\n"
"\t]\n";
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
asciiFormat,
0,
&formatString,
plContext),
PKIX_STRINGCREATEFAILED);
/* Params */
PKIX_TOSTRING
((PKIX_PL_Object *)crlSelector->params,
&crlParamsString,
plContext,
PKIX_COMCRLSELPARAMSTOSTRINGFAILED);
/* Context */
PKIX_TOSTRING(crlSelector->context, &crlContextString, plContext,
PKIX_LISTTOSTRINGFAILED);
PKIX_CHECK(PKIX_PL_Sprintf
(&crlSelectorString,
plContext,
formatString,
crlSelector->matchCallback,
crlParamsString,
crlContextString),
PKIX_SPRINTFFAILED);
*pString = crlSelectorString;
cleanup:
PKIX_DECREF(crlParamsString);
PKIX_DECREF(crlContextString);
PKIX_DECREF(formatString);
PKIX_RETURN(CRLSELECTOR);
}
/*
* FUNCTION: pkix_CRLSelector_ToString
* (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_CRLSelector_ToString(
PKIX_PL_Object *object,
PKIX_PL_String **pString,
void *plContext)
{
PKIX_PL_String *crlSelectorString = NULL;
PKIX_CRLSelector *crlSelector = NULL;
PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_ToString");
PKIX_NULLCHECK_TWO(object, pString);
PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext),
PKIX_OBJECTNOTCRLSELECTOR);
crlSelector = (PKIX_CRLSelector *) object;
PKIX_CHECK(pkix_CRLSelector_ToString_Helper
(crlSelector, &crlSelectorString, plContext),
PKIX_CRLSELECTORTOSTRINGHELPERFAILED);
*pString = crlSelectorString;
cleanup:
PKIX_RETURN(CRLSELECTOR);
}
/*
* FUNCTION: pkix_CRLSelector_Hashcode
* (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_CRLSelector_Hashcode(
PKIX_PL_Object *object,
PKIX_UInt32 *pHashcode,
void *plContext)
{
PKIX_UInt32 paramsHash = 0;
PKIX_UInt32 contextHash = 0;
PKIX_UInt32 hash = 0;
PKIX_CRLSelector *crlSelector = NULL;
PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Hashcode");
PKIX_NULLCHECK_TWO(object, pHashcode);
PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext),
PKIX_OBJECTNOTCRLSELECTOR);
crlSelector = (PKIX_CRLSelector *)object;
PKIX_HASHCODE(crlSelector->params, &paramsHash, plContext,
PKIX_OBJECTHASHCODEFAILED);
PKIX_HASHCODE(crlSelector->context, &contextHash, plContext,
PKIX_OBJECTHASHCODEFAILED);
hash = 31 * ((PKIX_UInt32)crlSelector->matchCallback +
(contextHash << 3)) + paramsHash;
*pHashcode = hash;
cleanup:
PKIX_RETURN(CRLSELECTOR);
}
/*
* FUNCTION: pkix_CRLSelector_Equals
* (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_CRLSelector_Equals(
PKIX_PL_Object *firstObject,
PKIX_PL_Object *secondObject,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_CRLSelector *firstCrlSelector = NULL;
PKIX_CRLSelector *secondCrlSelector = NULL;
PKIX_UInt32 secondType;
PKIX_Boolean cmpResult = PKIX_FALSE;
PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Equals");
PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
/* test that firstObject is a CRLSelector */
PKIX_CHECK(pkix_CheckType
(firstObject, PKIX_CRLSELECTOR_TYPE, plContext),
PKIX_FIRSTOBJECTNOTCRLSELECTOR);
firstCrlSelector = (PKIX_CRLSelector *)firstObject;
secondCrlSelector = (PKIX_CRLSelector *)secondObject;
/*
* Since we know firstObject is a CRLSelector, if both references are
* identical, they must be equal
*/
if (firstCrlSelector == secondCrlSelector){
*pResult = PKIX_TRUE;
goto cleanup;
}
/*
* If secondCRLSelector isn't a CRLSelector, we don't throw an error.
* We simply return a Boolean result of FALSE
*/
*pResult = PKIX_FALSE;
PKIX_CHECK(PKIX_PL_Object_GetType
((PKIX_PL_Object *)secondCrlSelector,
&secondType,
plContext),
PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
if (secondType != PKIX_CRLSELECTOR_TYPE) {
goto cleanup;
}
/* Compare MatchCallback address */
cmpResult = (firstCrlSelector->matchCallback ==
secondCrlSelector->matchCallback);
if (cmpResult == PKIX_FALSE) {
goto cleanup;
}
/* Compare Common CRL Selector Params */
PKIX_EQUALS
(firstCrlSelector->params,
secondCrlSelector->params,
&cmpResult,
plContext,
PKIX_COMCRLSELPARAMSEQUALSFAILED);
if (cmpResult == PKIX_FALSE) {
goto cleanup;
}
/* Compare Context */
PKIX_EQUALS
(firstCrlSelector->context,
secondCrlSelector->context,
&cmpResult,
plContext,
PKIX_COMCRLSELPARAMSEQUALSFAILED);
*pResult = cmpResult;
cleanup:
PKIX_RETURN(CRLSELECTOR);
}
/*
* FUNCTION: pkix_CRLSelector_Duplicate
* (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_CRLSelector_Duplicate(
PKIX_PL_Object *object,
PKIX_PL_Object **pNewObject,
void *plContext)
{
PKIX_CRLSelector *old;
PKIX_CRLSelector *new;
PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Duplicate");
PKIX_NULLCHECK_TWO(object, pNewObject);
PKIX_CHECK(pkix_CheckType
(object, PKIX_CRLSELECTOR_TYPE, plContext),
PKIX_OBJECTNOTCRLSELECTOR);
old = (PKIX_CRLSelector *)object;
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CRLSELECTOR_TYPE,
(PKIX_UInt32)(sizeof (PKIX_CRLSelector)),
(PKIX_PL_Object **)&new,
plContext),
PKIX_CREATECRLSELECTORDUPLICATEOBJECTFAILED);
new->matchCallback = old->matchCallback;
PKIX_DUPLICATE(old->params, &new->params, plContext,
PKIX_OBJECTDUPLICATEPARAMSFAILED);
PKIX_DUPLICATE(old->context, &new->context, plContext,
PKIX_OBJECTDUPLICATECONTEXTFAILED);
*pNewObject = (PKIX_PL_Object *)new;
cleanup:
if (PKIX_ERROR_RECEIVED){
PKIX_DECREF(new);
}
PKIX_RETURN(CRLSELECTOR);
}
/*
* FUNCTION: pkix_CRLSelector_DefaultMatch
*
* DESCRIPTION:
* This function compares the parameter values (Issuer, date, and CRL number)
* set in the ComCRLSelParams of the CRLSelector pointed to by "selector" with
* the corresponding values in the CRL pointed to by "crl". When all the
* criteria set in the parameter values match the values in "crl", PKIX_TRUE is
* stored at "pMatch". If the CRL does not match the CRLSelector's criteria,
* PKIX_FALSE is stored at "pMatch".
*
* PARAMETERS
* "selector"
* Address of CRLSelector which is verified for a match
* Must be non-NULL.
* "crl"
* Address of the CRL object to be verified. Must be non-NULL.
* "pMatch"
* Address at which Boolean result is stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
*
* THREAD SAFETY:
* Conditionally Thread Safe
* (see Thread Safety Definitions in Programmer's Guide)
*
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_CRLSelector_DefaultMatch(
PKIX_CRLSelector *selector,
PKIX_PL_CRL *crl,
PKIX_Boolean *pMatch,
void *plContext)
{
PKIX_ComCRLSelParams *params = NULL;
PKIX_PL_X500Name *crlIssuerName = NULL;
PKIX_PL_X500Name *issuerName = NULL;
PKIX_List *selIssuerNames = NULL;
PKIX_PL_Date *selDate = NULL;
PKIX_Boolean result = PKIX_TRUE;
PKIX_UInt32 numIssuers = 0;
PKIX_UInt32 i;
PKIX_PL_BigInt *minCRLNumber = NULL;
PKIX_PL_BigInt *maxCRLNumber = NULL;
PKIX_PL_BigInt *crlNumber = NULL;
PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_DefaultMatch");
PKIX_NULLCHECK_TWO(selector, crl);
*pMatch = PKIX_TRUE;
params = selector->params;
/* No matching parameter provided, just a match */
if (params == NULL) {
goto cleanup;
}
PKIX_CHECK(PKIX_ComCRLSelParams_GetIssuerNames
(params, &selIssuerNames, plContext),
PKIX_COMCRLSELPARAMSGETISSUERNAMESFAILED);
/* Check for Issuers */
if (selIssuerNames != NULL){
result = PKIX_FALSE;
PKIX_CHECK(PKIX_PL_CRL_GetIssuer
(crl, &crlIssuerName, plContext),
PKIX_CRLGETISSUERFAILED);
PKIX_CHECK(PKIX_List_GetLength
(selIssuerNames, &numIssuers, plContext),
PKIX_LISTGETLENGTHFAILED);
for (i = 0; i < numIssuers; i++){
PKIX_CHECK(PKIX_List_GetItem
(selIssuerNames,
i,
(PKIX_PL_Object **)&issuerName,
plContext),
PKIX_LISTGETITEMFAILED);
PKIX_CHECK(PKIX_PL_X500Name_Match
(crlIssuerName,
issuerName,
&result,
plContext),
PKIX_X500NAMEMATCHFAILED);
PKIX_DECREF(issuerName);
if (result == PKIX_TRUE) {
break;
}
}
if (result == PKIX_FALSE) {
PKIX_CRLSELECTOR_DEBUG("Issuer Match Failed\N");
*pMatch = PKIX_FALSE;
goto cleanup;
}
}
PKIX_CHECK(PKIX_ComCRLSelParams_GetDateAndTime
(params, &selDate, plContext),
PKIX_COMCRLSELPARAMSGETDATEANDTIMEFAILED);
/* Check for Date */
if (selDate != NULL){
result = PKIX_FALSE;
PKIX_CHECK(PKIX_PL_CRL_VerifyUpdateTime
(crl, selDate, &result, plContext),
PKIX_CRLVERIFYUPDATETIMEFAILED);
if (result == PKIX_FALSE) {
PKIX_CRLSELECTOR_DEBUG("DateAndTime match Failed\n");
*pMatch = PKIX_FALSE;
goto cleanup;
}
}
/* Check for CRL number in range */
PKIX_CHECK(PKIX_PL_CRL_GetCRLNumber(crl, &crlNumber, plContext),
PKIX_CRLGETCRLNUMBERFAILED);
if (crlNumber != NULL) {
result = PKIX_FALSE;
PKIX_CHECK(PKIX_ComCRLSelParams_GetMinCRLNumber
(params, &minCRLNumber, plContext),
PKIX_COMCRLSELPARAMSGETMINCRLNUMBERFAILED);
if (minCRLNumber != NULL) {
PKIX_CHECK(PKIX_PL_Object_Compare
((PKIX_PL_Object *)minCRLNumber,
(PKIX_PL_Object *)crlNumber,
&result,
plContext),
PKIX_OBJECTCOMPARATORFAILED);
if (result == 1) {
PKIX_CRLSELECTOR_DEBUG
("CRL MinNumber Range Match Failed\n");
*pMatch = PKIX_FALSE;
goto cleanup;
}
}
PKIX_CHECK(PKIX_ComCRLSelParams_GetMaxCRLNumber
(params, &maxCRLNumber, plContext),
PKIX_COMCRLSELPARAMSGETMAXCRLNUMBERFAILED);
if (maxCRLNumber != NULL) {
PKIX_CHECK(PKIX_PL_Object_Compare
((PKIX_PL_Object *)crlNumber,
(PKIX_PL_Object *)maxCRLNumber,
&result,
plContext),
PKIX_OBJECTCOMPARATORFAILED);
if (result == 1) {
PKIX_CRLSELECTOR_DEBUG
(PKIX_CRLMAXNUMBERRANGEMATCHFAILED);
*pMatch = PKIX_FALSE;
goto cleanup;
}
}
}
cleanup:
PKIX_DECREF(selIssuerNames);
PKIX_DECREF(selDate);
PKIX_DECREF(crlIssuerName);
PKIX_DECREF(issuerName);
PKIX_DECREF(crlNumber);
PKIX_DECREF(minCRLNumber);
PKIX_DECREF(maxCRLNumber);
PKIX_RETURN(CRLSELECTOR);
}
/*
* FUNCTION: pkix_CRLSelector_RegisterSelf
* DESCRIPTION:
* Registers PKIX_CRLSELECTOR_TYPE and its related functions with
* systemClasses[]
* THREAD SAFETY:
* Not Thread Safe - for performance and complexity reasons
*
* Since this function is only called by PKIX_PL_Initialize, which should
* only be called once, it is acceptable that this function is not
* thread-safe.
*/
PKIX_Error *
pkix_CRLSelector_RegisterSelf(void *plContext)
{
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
pkix_ClassTable_Entry entry;
PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_RegisterSelf");
entry.description = "CRLSelector";
entry.destructor = pkix_CRLSelector_Destroy;
entry.equalsFunction = pkix_CRLSelector_Equals;
entry.hashcodeFunction = pkix_CRLSelector_Hashcode;
entry.toStringFunction = pkix_CRLSelector_ToString;
entry.comparator = NULL;
entry.duplicateFunction = pkix_CRLSelector_Duplicate;
systemClasses[PKIX_CRLSELECTOR_TYPE] = entry;
PKIX_RETURN(CRLSELECTOR);
}
/* --CRLSelector-Public-Functions---------------------------------------- */
/*
* FUNCTION: PKIX_CRLSelector_Create (see comments in pkix_crlsel.h)
*/
PKIX_Error *
PKIX_CRLSelector_Create(
PKIX_CRLSelector_MatchCallback callback,
PKIX_PL_Object *crlSelectorContext,
PKIX_CRLSelector **pSelector,
void *plContext)
{
PKIX_CRLSelector *selector = NULL;
PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_Create");
PKIX_NULLCHECK_ONE(pSelector);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CRLSELECTOR_TYPE,
sizeof (PKIX_CRLSelector),
(PKIX_PL_Object **)&selector,
plContext),
PKIX_COULDNOTCREATECRLSELECTOROBJECT);
/*
* if user specified a particular match callback, we use that one.
* otherwise, we use the default match provided.
*/
if (callback != NULL){
selector->matchCallback = callback;
} else {
selector->matchCallback = pkix_CRLSelector_DefaultMatch;
}
/* initialize other fields */
selector->params = NULL;
PKIX_INCREF(crlSelectorContext);
selector->context = crlSelectorContext;
*pSelector = selector;
cleanup:
if (PKIX_ERROR_RECEIVED){
PKIX_DECREF(selector);
}
PKIX_RETURN(CRLSELECTOR);
}
/*
* FUNCTION: PKIX_CRLSelector_GetMatchCallback (see comments in pkix_crlsel.h)
*/
PKIX_Error *
PKIX_CRLSelector_GetMatchCallback(
PKIX_CRLSelector *selector,
PKIX_CRLSelector_MatchCallback *pCallback,
void *plContext)
{
PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetMatchCallback");
PKIX_NULLCHECK_TWO(selector, pCallback);
*pCallback = selector->matchCallback;
PKIX_RETURN(CRLSELECTOR);
}
/*
* FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext
* (see comments in pkix_crlsel.h)
*/
PKIX_Error *
PKIX_CRLSelector_GetCRLSelectorContext(
PKIX_CRLSelector *selector,
void **pCrlSelectorContext,
void *plContext)
{
PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetCRLSelectorContext");
PKIX_NULLCHECK_TWO(selector, pCrlSelectorContext);
PKIX_INCREF(selector->context);
*pCrlSelectorContext = selector->context;
PKIX_RETURN(CRLSELECTOR);
}
/*
* FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams
* (see comments in pkix_crlsel.h)
*/
PKIX_Error *
PKIX_CRLSelector_GetCommonCRLSelectorParams(
PKIX_CRLSelector *selector,
PKIX_ComCRLSelParams **pParams,
void *plContext)
{
PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetCommonCRLSelectorParams");
PKIX_NULLCHECK_TWO(selector, pParams);
PKIX_INCREF(selector->params);
*pParams = selector->params;
PKIX_RETURN(CRLSELECTOR);
}
/*
* FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams
* (see comments in pkix_crlsel.h)
*/
PKIX_Error *
PKIX_CRLSelector_SetCommonCRLSelectorParams(
PKIX_CRLSelector *selector,
PKIX_ComCRLSelParams *params,
void *plContext)
{
PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_SetCommonCRLSelectorParams");
PKIX_NULLCHECK_TWO(selector, params);
PKIX_DECREF(selector->params);
PKIX_INCREF(params);
selector->params = params;
PKIX_CHECK(PKIX_PL_Object_InvalidateCache
((PKIX_PL_Object *)selector, plContext),
PKIX_OBJECTINVALIDATECACHEFAILED);
cleanup:
PKIX_RETURN(CRLSELECTOR);
}
/*
* FUNCTION: pkix_CRLSelector_Select
* DESCRIPTION:
*
* This function applies the selector pointed to by "selector" to each CRL,
* in turn, in the List pointed to by "before", and creates a List containing
* all the CRLs that matched, or passed the selection process, storing that
* List at "pAfter". If no CRLs match, an empty List is stored at "pAfter".
*
* The List returned in "pAfter" is immutable.
*
* PARAMETERS:
* "selector"
* Address of CRLSelelector to be applied to the List. Must be non-NULL.
* "before"
* Address of List that is to be filtered. Must be non-NULL.
* "pAfter"
* Address at which resulting List, possibly empty, is stored. Must be
* non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CRLSelector Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_CRLSelector_Select(
PKIX_CRLSelector *selector,
PKIX_List *before,
PKIX_List **pAfter,
void *plContext)
{
PKIX_Boolean match = PKIX_FALSE;
PKIX_UInt32 numBefore = 0;
PKIX_UInt32 i = 0;
PKIX_List *filtered = NULL;
PKIX_PL_CRL *candidate = NULL;
PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_Select");
PKIX_NULLCHECK_THREE(selector, before, pAfter);
PKIX_CHECK(PKIX_List_Create(&filtered, plContext),
PKIX_LISTCREATEFAILED);
PKIX_CHECK(PKIX_List_GetLength(before, &numBefore, plContext),
PKIX_LISTGETLENGTHFAILED);
for (i = 0; i < numBefore; i++) {
PKIX_CHECK(PKIX_List_GetItem
(before, i, (PKIX_PL_Object **)&candidate, plContext),
PKIX_LISTGETITEMFAILED);
PKIX_CHECK_ONLY_FATAL(selector->matchCallback
(selector, candidate, &match, plContext),
PKIX_CRLSELECTORMATCHCALLBACKFAILED);
if ((!(PKIX_ERROR_RECEIVED)) && (match == PKIX_TRUE)) {
PKIX_CHECK_ONLY_FATAL(PKIX_List_AppendItem
(filtered,
(PKIX_PL_Object *)candidate,
plContext),
PKIX_LISTAPPENDITEMFAILED);
}
pkixTempErrorReceived = PKIX_FALSE;
PKIX_DECREF(candidate);
}
PKIX_CHECK(PKIX_List_SetImmutable(filtered, plContext),
PKIX_LISTSETIMMUTABLEFAILED);
/* Don't throw away the list if one CRL was bad! */
pkixTempErrorReceived = PKIX_FALSE;
*pAfter = filtered;
cleanup:
PKIX_DECREF(candidate);
PKIX_RETURN(CRLSELECTOR);
}

74
security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.h Executable file
Просмотреть файл

@ -0,0 +1,74 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_crlselector.h
*
* CrlSelector Object Type Definition
*
*/
#ifndef _PKIX_CRLSELECTOR_H
#define _PKIX_CRLSELECTOR_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
struct PKIX_CRLSelectorStruct {
PKIX_CRLSelector_MatchCallback matchCallback;
PKIX_ComCRLSelParams *params;
PKIX_PL_Object *context;
};
/* see source file for function documentation */
PKIX_Error *pkix_CRLSelector_RegisterSelf(void *plContext);
PKIX_Error *
pkix_CRLSelector_Select(
PKIX_CRLSelector *selector,
PKIX_List *before,
PKIX_List **pAfter,
void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_CRLSELECTOR_H */

43
security/nss/lib/libpkix/pkix/manifest.mn Executable file
Просмотреть файл

@ -0,0 +1,43 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CORE_DEPTH = ../../../..
DEPTH = ../../../..
#
DIRS = certsel crlsel checker params results store top util \
$(NULL)

80
security/nss/lib/libpkix/pkix/params/Makefile Executable file
Просмотреть файл

@ -0,0 +1,80 @@
#! gmake
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include config.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
export:: private_export

47
security/nss/lib/libpkix/pkix/params/config.mk Executable file
Просмотреть файл

@ -0,0 +1,47 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#
# Override TARGETS variable so that only static libraries
# are specifed as dependencies within rules.mk.
#
TARGETS = $(LIBRARY)
SHARED_LIBRARY =
IMPORT_LIBRARY =
PROGRAM =

61
security/nss/lib/libpkix/pkix/params/manifest.mn Executable file
Просмотреть файл

@ -0,0 +1,61 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CORE_DEPTH = ../../../../..
EXPORTS = \
$(NULL)
PRIVATE_EXPORTS = \
pkix_procparams.h \
pkix_trustanchor.h \
pkix_valparams.h \
pkix_resourcelimits.h \
$(NULL)
MODULE = nss
CSRCS = \
pkix_trustanchor.c \
pkix_procparams.c \
pkix_valparams.c \
pkix_resourcelimits.c \
$(NULL)
REQUIRES = dbm
LIBRARY_NAME = params

311
security/nss/lib/libpkix/pkix/params/pkix_buildparams.c Executable file
Просмотреть файл

@ -0,0 +1,311 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_buildparams.c
*
* Build Params Object Functions
*
*/
#include "pkix_buildparams.h"
/* --Private-Functions-------------------------------------------- */
/*
* FUNCTION: pkix_BuildParams_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_BuildParams_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
PKIX_BuildParams *params = NULL;
PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_Destroy");
PKIX_NULLCHECK_ONE(object);
/* Check that this object is a build params object */
PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDPARAMS_TYPE, plContext),
"Object is not a build params object");
params = (PKIX_BuildParams *)object;
PKIX_DECREF(params->procParams);
cleanup:
PKIX_RETURN(BUILDPARAMS);
}
/*
* FUNCTION: pkix_BuildParams_Equals
* (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_BuildParams_Equals(
PKIX_PL_Object *first,
PKIX_PL_Object *second,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_UInt32 secondType;
PKIX_Boolean cmpResult;
PKIX_BuildParams *firstBuildParams = NULL;
PKIX_BuildParams *secondBuildParams = NULL;
PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_Equals");
PKIX_NULLCHECK_THREE(first, second, pResult);
PKIX_CHECK(pkix_CheckType(first, PKIX_BUILDPARAMS_TYPE, plContext),
"First Argument is not a BuildParams object");
PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
*pResult = PKIX_FALSE;
if (secondType != PKIX_BUILDPARAMS_TYPE) goto cleanup;
firstBuildParams = (PKIX_BuildParams *)first;
secondBuildParams = (PKIX_BuildParams *)second;
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstBuildParams->procParams,
(PKIX_PL_Object *)secondBuildParams->procParams,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
if (!cmpResult) goto cleanup;
*pResult = cmpResult;
cleanup:
PKIX_RETURN(BUILDPARAMS);
}
/*
* FUNCTION: pkix_BuildParams_Hashcode
* (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_BuildParams_Hashcode(
PKIX_PL_Object *object,
PKIX_UInt32 *pHashcode,
void *plContext)
{
PKIX_BuildParams *buildParams = NULL;
PKIX_UInt32 hash = 0;
PKIX_UInt32 procParamsHash = 0;
PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_Hashcode");
PKIX_NULLCHECK_TWO(object, pHashcode);
PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDPARAMS_TYPE, plContext),
"Object is not a processingParams object");
buildParams = (PKIX_BuildParams*)object;
PKIX_CHECK(PKIX_PL_Object_Hashcode
((PKIX_PL_Object *)buildParams->procParams,
&procParamsHash,
plContext),
PKIX_OBJECTHASHCODEFAILED);
hash = 31 * procParamsHash;
*pHashcode = hash;
cleanup:
PKIX_RETURN(BUILDPARAMS);
}
/*
* FUNCTION: pkix_BuildParams_ToString
* (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_BuildParams_ToString(
PKIX_PL_Object *object,
PKIX_PL_String **pString,
void *plContext)
{
PKIX_BuildParams *buildParams = NULL;
char *asciiFormat = NULL;
PKIX_PL_String *formatString = NULL;
PKIX_PL_String *buildParamsString = NULL;
PKIX_PL_String *procParamsString = NULL;
PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_ToString");
PKIX_NULLCHECK_TWO(object, pString);
PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDPARAMS_TYPE, plContext),
PKIX_OBJECTNOTBUILDPARAMS);
asciiFormat =
"[\n"
"\tProcessing Params: \n"
"\t********BEGIN PROCESSING PARAMS********\n"
"\t\t%s\n"
"\t********END PROCESSING PARAMS********\n"
"]\n";
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
asciiFormat,
0,
&formatString,
plContext),
PKIX_STRINGCREATEFAILED);
buildParams = (PKIX_BuildParams*)object;
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object*)buildParams->procParams,
&procParamsString,
plContext),
PKIX_OBJECTTOSTRINGFAILED);
PKIX_CHECK(PKIX_PL_Sprintf
(&buildParamsString,
plContext,
formatString,
procParamsString),
PKIX_SPRINTFFAILED);
*pString = buildParamsString;
cleanup:
PKIX_DECREF(formatString);
PKIX_DECREF(procParamsString);
PKIX_RETURN(BUILDPARAMS);
}
/*
* FUNCTION: pkix_BuildParams_RegisterSelf
* DESCRIPTION:
* Registers PKIX_BUILDPARAMS_TYPE and its related functions with
* systemClasses[]
* THREAD SAFETY:
* Not Thread Safe - for performance and complexity reasons
*
* Since this function is only called by PKIX_PL_Initialize, which should
* only be called once, it is acceptable that this function is not
* thread-safe.
*/
PKIX_Error *
pkix_BuildParams_RegisterSelf(void *plContext)
{
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
pkix_ClassTable_Entry entry;
PKIX_ENTER(BUILDPARAMS, "pkix_BuildParams_RegisterSelf");
entry.description = "BuildParams";
entry.destructor = pkix_BuildParams_Destroy;
entry.equalsFunction = pkix_BuildParams_Equals;
entry.hashcodeFunction = pkix_BuildParams_Hashcode;
entry.toStringFunction = pkix_BuildParams_ToString;
entry.comparator = NULL;
entry.duplicateFunction = NULL;
systemClasses[PKIX_BUILDPARAMS_TYPE] = entry;
PKIX_RETURN(BUILDPARAMS);
}
/* --Public-Functions--------------------------------------------- */
/*
* FUNCTION: PKIX_BuildParams_Create (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_BuildParams_Create(
PKIX_ProcessingParams *procParams,
PKIX_BuildParams **pParams,
void *plContext)
{
PKIX_BuildParams *params = NULL;
PKIX_ENTER(BUILDPARAMS, "PKIX_BuildParams_Create");
PKIX_NULLCHECK_TWO(procParams, pParams);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_BUILDPARAMS_TYPE,
sizeof (PKIX_BuildParams),
(PKIX_PL_Object **)&params,
plContext),
PKIX_COULDNOTCREATEBUILDPARAMSOBJECT);
/* initialize fields */
PKIX_INCREF(procParams);
params->procParams = procParams;
*pParams = params;
cleanup:
PKIX_RETURN(BUILDPARAMS);
}
/*
* FUNCTION: PKIX_BuildParams_GetProcessingParams
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_BuildParams_GetProcessingParams(
PKIX_BuildParams *buildParams,
PKIX_ProcessingParams **pProcParams,
void *plContext)
{
PKIX_ENTER(BUILDPARAMS, "PKIX_BuildParams_GetProcessingParams");
PKIX_NULLCHECK_TWO(buildParams, pProcParams);
PKIX_INCREF(buildParams->procParams);
*pProcParams = buildParams->procParams;
PKIX_RETURN(BUILDPARAMS);
}

65
security/nss/lib/libpkix/pkix/params/pkix_buildparams.h Executable file
Просмотреть файл

@ -0,0 +1,65 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_buildparams.h
*
* BuildParams Object Type Definition
*
*/
#ifndef _PKIX_BUILDPARAMS_H
#define _PKIX_BUILDPARAMS_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
struct PKIX_BuildParamsStruct {
PKIX_ProcessingParams *procParams; /* Never NULL */
};
/* see source file for function documentation */
PKIX_Error *pkix_BuildParams_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_BUILDPARAMS_H */

1419
security/nss/lib/libpkix/pkix/params/pkix_procparams.c Executable file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

85
security/nss/lib/libpkix/pkix/params/pkix_procparams.h Executable file
Просмотреть файл

@ -0,0 +1,85 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_procparams.h
*
* ProcessingParams Object Type Definition
*
*/
#ifndef _PKIX_PROCESSINGPARAMS_H
#define _PKIX_PROCESSINGPARAMS_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
struct PKIX_ProcessingParamsStruct {
PKIX_List *trustAnchors; /* Never NULL */
PKIX_List *hintCerts; /* user-supplied partial chain, may be NULL */
PKIX_CertSelector *constraints;
PKIX_PL_Date *date;
PKIX_List *initialPolicies; /* list of PKIX_PL_OID */
PKIX_Boolean initialPolicyMappingInhibit;
PKIX_Boolean initialAnyPolicyInhibit;
PKIX_Boolean initialExplicitPolicy;
PKIX_Boolean qualifiersRejected;
PKIX_List *certChainCheckers;
PKIX_List *revCheckers;
PKIX_List *certStores;
PKIX_Boolean isCrlRevocationCheckingEnabled;
PKIX_ResourceLimits *resourceLimits;
};
/* see source file for function documentation */
PKIX_Error *pkix_ProcessingParams_RegisterSelf(void *plContext);
PKIX_Error *
pkix_ProcessingParams_GetRevocationEnabled(
PKIX_ProcessingParams *params,
PKIX_Boolean *pEnabled,
void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_PROCESSINGPARAMS_H */

464
security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.c Executable file
Просмотреть файл

@ -0,0 +1,464 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_resourcelimits.c
*
* Resourcelimits Params Object Functions
*
*/
#include "pkix_resourcelimits.h"
/* --Private-Functions-------------------------------------------- */
/*
* FUNCTION: pkix_ResourceLimits_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ResourceLimits_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
PKIX_ResourceLimits *rLimits = NULL;
PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_Destroy");
PKIX_NULLCHECK_ONE(object);
/* Check that this object is a ResourceLimits object */
PKIX_CHECK(pkix_CheckType(object, PKIX_RESOURCELIMITS_TYPE, plContext),
PKIX_OBJECTNOTRESOURCELIMITS);
rLimits = (PKIX_ResourceLimits *)object;
rLimits->maxTime = 0;
rLimits->maxFanout = 0;
rLimits->maxDepth = 0;
rLimits->maxCertsNumber = 0;
rLimits->maxCrlsNumber = 0;
cleanup:
PKIX_RETURN(RESOURCELIMITS);
}
/*
* FUNCTION: pkix_ResourceLimits_Equals
* (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ResourceLimits_Equals(
PKIX_PL_Object *first,
PKIX_PL_Object *second,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_UInt32 secondType;
PKIX_Boolean cmpResult;
PKIX_ResourceLimits *firstRLimits = NULL;
PKIX_ResourceLimits *secondRLimits = NULL;
PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_Equals");
PKIX_NULLCHECK_THREE(first, second, pResult);
PKIX_CHECK(pkix_CheckType(first, PKIX_RESOURCELIMITS_TYPE, plContext),
PKIX_FIRSTOBJECTNOTRESOURCELIMITS);
PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
*pResult = PKIX_FALSE;
if (secondType != PKIX_RESOURCELIMITS_TYPE) goto cleanup;
firstRLimits = (PKIX_ResourceLimits *)first;
secondRLimits = (PKIX_ResourceLimits *)second;
cmpResult = (firstRLimits->maxTime == secondRLimits->maxTime) &&
(firstRLimits->maxFanout == secondRLimits->maxFanout) &&
(firstRLimits->maxDepth == secondRLimits->maxDepth) &&
(firstRLimits->maxCertsNumber ==
secondRLimits->maxCertsNumber) &&
(firstRLimits->maxCrlsNumber ==
secondRLimits->maxCrlsNumber);
*pResult = cmpResult;
cleanup:
PKIX_RETURN(RESOURCELIMITS);
}
/*
* FUNCTION: pkix_ResourceLimits_Hashcode
* (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ResourceLimits_Hashcode(
PKIX_PL_Object *object,
PKIX_UInt32 *pHashcode,
void *plContext)
{
PKIX_ResourceLimits *rLimits = NULL;
PKIX_UInt32 hash = 0;
PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_Hashcode");
PKIX_NULLCHECK_TWO(object, pHashcode);
PKIX_CHECK(pkix_CheckType(object, PKIX_RESOURCELIMITS_TYPE, plContext),
PKIX_OBJECTNOTRESOURCELIMITS);
rLimits = (PKIX_ResourceLimits*)object;
hash = 31 * rLimits->maxTime + (rLimits->maxFanout << 1) +
(rLimits->maxDepth << 2) + (rLimits->maxCertsNumber << 3) +
rLimits->maxCrlsNumber;
*pHashcode = hash;
cleanup:
PKIX_RETURN(RESOURCELIMITS);
}
/*
* FUNCTION: pkix_ResourceLimits_ToString
* (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ResourceLimits_ToString(
PKIX_PL_Object *object,
PKIX_PL_String **pString,
void *plContext)
{
PKIX_ResourceLimits *rLimits = NULL;
char *asciiFormat = NULL;
PKIX_PL_String *formatString = NULL;
PKIX_PL_String *rLimitsString = NULL;
PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_ToString");
PKIX_NULLCHECK_TWO(object, pString);
PKIX_CHECK(pkix_CheckType(object, PKIX_RESOURCELIMITS_TYPE, plContext),
PKIX_OBJECTNOTRESOURCELIMITS);
/* maxCertsNumber and maxCrlsNumber are not supported */
asciiFormat =
"[\n"
"\tMaxTime: \t\t%d\n"
"\tMaxFanout: \t\t%d\n"
"\tMaxDepth: \t\t%d\n"
"]\n";
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
asciiFormat,
0,
&formatString,
plContext),
PKIX_STRINGCREATEFAILED);
rLimits = (PKIX_ResourceLimits*)object;
PKIX_CHECK(PKIX_PL_Sprintf
(&rLimitsString,
plContext,
formatString,
rLimits->maxTime,
rLimits->maxFanout,
rLimits->maxDepth),
PKIX_SPRINTFFAILED);
*pString = rLimitsString;
cleanup:
PKIX_DECREF(formatString);
PKIX_RETURN(RESOURCELIMITS);
}
/*
* FUNCTION: pkix_ResourceLimits_RegisterSelf
* DESCRIPTION:
* Registers PKIX_RESOURCELIMITS_TYPE and its related functions with
* systemClasses[]
* THREAD SAFETY:
* Not Thread Safe - for performance and complexity reasons
*
* Since this function is only called by PKIX_PL_Initialize, which should
* only be called once, it is acceptable that this function is not
* thread-safe.
*/
PKIX_Error *
pkix_ResourceLimits_RegisterSelf(void *plContext)
{
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
pkix_ClassTable_Entry entry;
PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_RegisterSelf");
entry.description = "ResourceLimits";
entry.destructor = pkix_ResourceLimits_Destroy;
entry.equalsFunction = pkix_ResourceLimits_Equals;
entry.hashcodeFunction = pkix_ResourceLimits_Hashcode;
entry.toStringFunction = pkix_ResourceLimits_ToString;
entry.comparator = NULL;
entry.duplicateFunction = NULL;
systemClasses[PKIX_RESOURCELIMITS_TYPE] = entry;
PKIX_RETURN(RESOURCELIMITS);
}
/* --Public-Functions--------------------------------------------- */
/*
* FUNCTION: PKIX_ResourceLimits_Create (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ResourceLimits_Create(
PKIX_ResourceLimits **pResourceLimits,
void *plContext)
{
PKIX_ResourceLimits *rLimits = NULL;
PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_Create");
PKIX_NULLCHECK_ONE(pResourceLimits);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_RESOURCELIMITS_TYPE,
sizeof (PKIX_ResourceLimits),
(PKIX_PL_Object **)&rLimits,
plContext),
PKIX_COULDNOTCREATERESOURCELIMITOBJECT);
/* initialize fields */
rLimits->maxTime = 0;
rLimits->maxFanout = 0;
rLimits->maxDepth = 0;
rLimits->maxCertsNumber = 0;
rLimits->maxCrlsNumber = 0;
*pResourceLimits = rLimits;
cleanup:
PKIX_RETURN(RESOURCELIMITS);
}
/*
* FUNCTION: PKIX_ResourceLimits_GetMaxTime
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ResourceLimits_GetMaxTime(
PKIX_ResourceLimits *rLimits,
PKIX_UInt32 *pMaxTime,
void *plContext)
{
PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxTime");
PKIX_NULLCHECK_TWO(rLimits, pMaxTime);
*pMaxTime = rLimits->maxTime;
PKIX_RETURN(RESOURCELIMITS);
}
/*
* FUNCTION: PKIX_ResourceLimits_SetMaxTime
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ResourceLimits_SetMaxTime(
PKIX_ResourceLimits *rLimits,
PKIX_UInt32 maxTime,
void *plContext)
{
PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxTime");
PKIX_NULLCHECK_ONE(rLimits);
rLimits->maxTime = maxTime;
PKIX_RETURN(RESOURCELIMITS);
}
/*
* FUNCTION: PKIX_ResourceLimits_GetMaxFanout
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ResourceLimits_GetMaxFanout(
PKIX_ResourceLimits *rLimits,
PKIX_UInt32 *pMaxFanout,
void *plContext)
{
PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxFanout");
PKIX_NULLCHECK_TWO(rLimits, pMaxFanout);
*pMaxFanout = rLimits->maxFanout;
PKIX_RETURN(RESOURCELIMITS);
}
/*
* FUNCTION: PKIX_ResourceLimits_SetMaxFanout
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ResourceLimits_SetMaxFanout(
PKIX_ResourceLimits *rLimits,
PKIX_UInt32 maxFanout,
void *plContext)
{
PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxFanout");
PKIX_NULLCHECK_ONE(rLimits);
rLimits->maxFanout = maxFanout;
PKIX_RETURN(RESOURCELIMITS);
}
/*
* FUNCTION: PKIX_ResourceLimits_GetMaxDepth
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ResourceLimits_GetMaxDepth(
PKIX_ResourceLimits *rLimits,
PKIX_UInt32 *pMaxDepth,
void *plContext)
{
PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxDepth");
PKIX_NULLCHECK_TWO(rLimits, pMaxDepth);
*pMaxDepth = rLimits->maxDepth;
PKIX_RETURN(RESOURCELIMITS);
}
/*
* FUNCTION: PKIX_ResourceLimits_SetMaxDepth
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ResourceLimits_SetMaxDepth(
PKIX_ResourceLimits *rLimits,
PKIX_UInt32 maxDepth,
void *plContext)
{
PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxDepth");
PKIX_NULLCHECK_ONE(rLimits);
rLimits->maxDepth = maxDepth;
PKIX_RETURN(RESOURCELIMITS);
}
/*
* FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCerts
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ResourceLimits_GetMaxNumberOfCerts(
PKIX_ResourceLimits *rLimits,
PKIX_UInt32 *pMaxNumber,
void *plContext)
{
PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxNumberOfCerts");
PKIX_NULLCHECK_TWO(rLimits, pMaxNumber);
*pMaxNumber = rLimits->maxCertsNumber;
PKIX_RETURN(RESOURCELIMITS);
}
/*
* FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCerts
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ResourceLimits_SetMaxNumberOfCerts(
PKIX_ResourceLimits *rLimits,
PKIX_UInt32 maxNumber,
void *plContext)
{
PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxNumberOfCerts");
PKIX_NULLCHECK_ONE(rLimits);
rLimits->maxCertsNumber = maxNumber;
PKIX_RETURN(RESOURCELIMITS);
}
/*
* FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCRLs
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ResourceLimits_GetMaxNumberOfCRLs(
PKIX_ResourceLimits *rLimits,
PKIX_UInt32 *pMaxNumber,
void *plContext)
{
PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxNumberOfCRLs");
PKIX_NULLCHECK_TWO(rLimits, pMaxNumber);
*pMaxNumber = rLimits->maxCrlsNumber;
PKIX_RETURN(RESOURCELIMITS);
}
/*
* FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCRLs
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ResourceLimits_SetMaxNumberOfCRLs(
PKIX_ResourceLimits *rLimits,
PKIX_UInt32 maxNumber,
void *plContext)
{
PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxNumberOfCRLs");
PKIX_NULLCHECK_ONE(rLimits);
rLimits->maxCrlsNumber = maxNumber;
PKIX_RETURN(RESOURCELIMITS);
}

69
security/nss/lib/libpkix/pkix/params/pkix_resourcelimits.h Executable file
Просмотреть файл

@ -0,0 +1,69 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_resourcelimits.h
*
* ResourceLimits Object Type Definition
*
*/
#ifndef _PKIX_RESOURCELIMITS_H
#define _PKIX_RESOURCELIMITS_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
struct PKIX_ResourceLimitsStruct {
PKIX_UInt32 maxTime;
PKIX_UInt32 maxFanout;
PKIX_UInt32 maxDepth;
PKIX_UInt32 maxCertsNumber;
PKIX_UInt32 maxCrlsNumber;
};
/* see source file for function documentation */
PKIX_Error *pkix_ResourceLimits_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_RESOURCELIMITS_H */

529
security/nss/lib/libpkix/pkix/params/pkix_trustanchor.c Executable file
Просмотреть файл

@ -0,0 +1,529 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_trustanchor.c
*
* TrustAnchor Object Functions
*
*/
#include "pkix_trustanchor.h"
/* --Private-Functions-------------------------------------------- */
/*
* FUNCTION: pkix_TrustAnchor_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_TrustAnchor_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
PKIX_TrustAnchor *anchor = NULL;
PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Destroy");
PKIX_NULLCHECK_ONE(object);
/* Check that this object is a trust anchor */
PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
PKIX_OBJECTNOTTRUSTANCHOR);
anchor = (PKIX_TrustAnchor *)object;
PKIX_DECREF(anchor->trustedCert);
PKIX_DECREF(anchor->caName);
PKIX_DECREF(anchor->caPubKey);
PKIX_DECREF(anchor->nameConstraints);
cleanup:
PKIX_RETURN(TRUSTANCHOR);
}
/*
* FUNCTION: pkix_TrustAnchor_Equals
* (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_TrustAnchor_Equals(
PKIX_PL_Object *first,
PKIX_PL_Object *second,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_UInt32 secondType;
PKIX_Boolean cmpResult;
PKIX_TrustAnchor *firstAnchor = NULL;
PKIX_TrustAnchor *secondAnchor = NULL;
PKIX_PL_Cert *firstCert = NULL;
PKIX_PL_Cert *secondCert = NULL;
PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Equals");
PKIX_NULLCHECK_THREE(first, second, pResult);
PKIX_CHECK(pkix_CheckType(first, PKIX_TRUSTANCHOR_TYPE, plContext),
PKIX_FIRSTOBJECTNOTTRUSTANCHOR);
PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
*pResult = PKIX_FALSE;
if (secondType != PKIX_TRUSTANCHOR_TYPE) goto cleanup;
firstAnchor = (PKIX_TrustAnchor *)first;
secondAnchor = (PKIX_TrustAnchor *)second;
firstCert = firstAnchor->trustedCert;
secondCert = secondAnchor->trustedCert;
if ((firstCert && !secondCert) || (!firstCert && secondCert)){
goto cleanup;
}
if (firstCert && secondCert){
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstCert,
(PKIX_PL_Object *)secondCert,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
} else {
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstAnchor->caName,
(PKIX_PL_Object *)secondAnchor->caName,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
if (!cmpResult) goto cleanup;
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstAnchor->caPubKey,
(PKIX_PL_Object *)secondAnchor->caPubKey,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
if (!cmpResult) goto cleanup;
PKIX_EQUALS
(firstAnchor->nameConstraints,
secondAnchor->nameConstraints,
&cmpResult,
plContext,
PKIX_OBJECTEQUALSFAILED);
if (!cmpResult) goto cleanup;
}
*pResult = cmpResult;
cleanup:
PKIX_RETURN(TRUSTANCHOR);
}
/*
* FUNCTION: pkix_TrustAnchor_Hashcode
* (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_TrustAnchor_Hashcode(
PKIX_PL_Object *object,
PKIX_UInt32 *pHashcode,
void *plContext)
{
PKIX_TrustAnchor *anchor = NULL;
PKIX_PL_Cert *cert = NULL;
PKIX_UInt32 hash = 0;
PKIX_UInt32 certHash = 0;
PKIX_UInt32 nameHash = 0;
PKIX_UInt32 pubKeyHash = 0;
PKIX_UInt32 ncHash = 0;
PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Hashcode");
PKIX_NULLCHECK_TWO(object, pHashcode);
PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
PKIX_OBJECTNOTTRUSTANCHOR);
anchor = (PKIX_TrustAnchor*)object;
cert = anchor->trustedCert;
if (cert){
PKIX_CHECK(PKIX_PL_Object_Hashcode
((PKIX_PL_Object *)cert,
&certHash,
plContext),
PKIX_OBJECTHASHCODEFAILED);
hash = certHash;
} else {
PKIX_CHECK(PKIX_PL_Object_Hashcode
((PKIX_PL_Object *)anchor->caName,
&nameHash,
plContext),
PKIX_OBJECTHASHCODEFAILED);
PKIX_CHECK(PKIX_PL_Object_Hashcode
((PKIX_PL_Object *)anchor->caPubKey,
&pubKeyHash,
plContext),
PKIX_OBJECTHASHCODEFAILED);
PKIX_HASHCODE(anchor->nameConstraints, &ncHash, plContext,
PKIX_OBJECTHASHCODEFAILED);
hash = 31 * nameHash + pubKeyHash + ncHash;
}
*pHashcode = hash;
cleanup:
PKIX_RETURN(TRUSTANCHOR);
}
/*
* FUNCTION: pkix_TrustAnchor_ToString
* (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_TrustAnchor_ToString(
PKIX_PL_Object *object,
PKIX_PL_String **pString,
void *plContext)
{
PKIX_TrustAnchor *anchor = NULL;
char *asciiFormat = NULL;
PKIX_PL_String *formatString = NULL;
PKIX_PL_String *anchorString = NULL;
PKIX_PL_String *certString = NULL;
PKIX_PL_String *nameString = NULL;
PKIX_PL_String *pubKeyString = NULL;
PKIX_PL_String *nameConstraintsString = NULL;
PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_ToString");
PKIX_NULLCHECK_TWO(object, pString);
PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
PKIX_OBJECTNOTTRUSTANCHOR);
anchor = (PKIX_TrustAnchor*)object;
if (anchor->trustedCert){
asciiFormat =
"[\n"
"\tTrusted Cert: %s\n"
"]\n";
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
asciiFormat,
0,
&formatString,
plContext),
PKIX_STRINGCREATEFAILED);
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)anchor->trustedCert,
&certString,
plContext),
PKIX_OBJECTTOSTRINGFAILED);
PKIX_CHECK(PKIX_PL_Sprintf
(&anchorString,
plContext,
formatString,
certString),
PKIX_SPRINTFFAILED);
} else {
asciiFormat =
"[\n"
"\tTrusted CA Name: %s\n"
"\tTrusted CA PublicKey: %s\n"
"\tInitial Name Constraints:%s\n"
"]\n";
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
asciiFormat,
0,
&formatString,
plContext),
PKIX_STRINGCREATEFAILED);
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)anchor->caName,
&nameString,
plContext),
PKIX_OBJECTTOSTRINGFAILED);
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)anchor->caPubKey,
&pubKeyString,
plContext),
PKIX_OBJECTTOSTRINGFAILED);
PKIX_TOSTRING
(anchor->nameConstraints,
&nameConstraintsString,
plContext,
PKIX_OBJECTTOSTRINGFAILED);
PKIX_CHECK(PKIX_PL_Sprintf
(&anchorString,
plContext,
formatString,
nameString,
pubKeyString,
nameConstraintsString),
PKIX_SPRINTFFAILED);
}
*pString = anchorString;
cleanup:
PKIX_DECREF(formatString);
PKIX_DECREF(certString);
PKIX_DECREF(nameString);
PKIX_DECREF(pubKeyString);
PKIX_DECREF(nameConstraintsString);
PKIX_RETURN(TRUSTANCHOR);
}
/*
* FUNCTION: pkix_TrustAnchor_RegisterSelf
* DESCRIPTION:
* Registers PKIX_TRUSTANCHOR_TYPE and its related functions with
* systemClasses[]
* THREAD SAFETY:
* Not Thread Safe - for performance and complexity reasons
*
* Since this function is only called by PKIX_PL_Initialize, which should
* only be called once, it is acceptable that this function is not
* thread-safe.
*/
PKIX_Error *
pkix_TrustAnchor_RegisterSelf(void *plContext)
{
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
pkix_ClassTable_Entry entry;
PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_RegisterSelf");
entry.description = "TrustAnchor";
entry.destructor = pkix_TrustAnchor_Destroy;
entry.equalsFunction = pkix_TrustAnchor_Equals;
entry.hashcodeFunction = pkix_TrustAnchor_Hashcode;
entry.toStringFunction = pkix_TrustAnchor_ToString;
entry.comparator = NULL;
entry.duplicateFunction = pkix_duplicateImmutable;
systemClasses[PKIX_TRUSTANCHOR_TYPE] = entry;
PKIX_RETURN(TRUSTANCHOR);
}
/* --Public-Functions--------------------------------------------- */
/*
* FUNCTION: PKIX_TrustAnchor_CreateWithCert (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_TrustAnchor_CreateWithCert(
PKIX_PL_Cert *cert,
PKIX_TrustAnchor **pAnchor,
void *plContext)
{
PKIX_TrustAnchor *anchor = NULL;
PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithCert");
PKIX_NULLCHECK_TWO(cert, pAnchor);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_TRUSTANCHOR_TYPE,
sizeof (PKIX_TrustAnchor),
(PKIX_PL_Object **)&anchor,
plContext),
PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
/* initialize fields */
PKIX_INCREF(cert);
anchor->trustedCert = cert;
anchor->caName = NULL;
anchor->caPubKey = NULL;
anchor->nameConstraints = NULL;
*pAnchor = anchor;
cleanup:
PKIX_RETURN(TRUSTANCHOR);
}
/*
* FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_TrustAnchor_CreateWithNameKeyPair(
PKIX_PL_X500Name *name,
PKIX_PL_PublicKey *pubKey,
PKIX_PL_CertNameConstraints *nameConstraints,
PKIX_TrustAnchor **pAnchor,
void *plContext)
{
PKIX_TrustAnchor *anchor = NULL;
PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithNameKeyPair");
PKIX_NULLCHECK_THREE(name, pubKey, pAnchor);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_TRUSTANCHOR_TYPE,
sizeof (PKIX_TrustAnchor),
(PKIX_PL_Object **)&anchor,
plContext),
PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
/* initialize fields */
anchor->trustedCert = NULL;
PKIX_INCREF(name);
anchor->caName = name;
PKIX_INCREF(pubKey);
anchor->caPubKey = pubKey;
PKIX_INCREF(nameConstraints);
anchor->nameConstraints = nameConstraints;
*pAnchor = anchor;
cleanup:
PKIX_RETURN(TRUSTANCHOR);
}
/*
* FUNCTION: PKIX_TrustAnchor_GetTrustedCert (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_TrustAnchor_GetTrustedCert(
PKIX_TrustAnchor *anchor,
PKIX_PL_Cert **pCert,
void *plContext)
{
PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetTrustedCert");
PKIX_NULLCHECK_TWO(anchor, pCert);
PKIX_INCREF(anchor->trustedCert);
*pCert = anchor->trustedCert;
PKIX_RETURN(TRUSTANCHOR);
}
/*
* FUNCTION: PKIX_TrustAnchor_GetCAName (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_TrustAnchor_GetCAName(
PKIX_TrustAnchor *anchor,
PKIX_PL_X500Name **pCAName,
void *plContext)
{
PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetCAName");
PKIX_NULLCHECK_TWO(anchor, pCAName);
PKIX_INCREF(anchor->caName);
*pCAName = anchor->caName;
PKIX_RETURN(TRUSTANCHOR);
}
/*
* FUNCTION: PKIX_TrustAnchor_GetCAPublicKey (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_TrustAnchor_GetCAPublicKey(
PKIX_TrustAnchor *anchor,
PKIX_PL_PublicKey **pPubKey,
void *plContext)
{
PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetCAPublicKey");
PKIX_NULLCHECK_TWO(anchor, pPubKey);
PKIX_INCREF(anchor->caPubKey);
*pPubKey = anchor->caPubKey;
PKIX_RETURN(TRUSTANCHOR);
}
/*
* FUNCTION: PKIX_TrustAnchor_GetNameConstraints
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_TrustAnchor_GetNameConstraints(
PKIX_TrustAnchor *anchor,
PKIX_PL_CertNameConstraints **pNameConstraints,
void *plContext)
{
PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetNameConstraints");
PKIX_NULLCHECK_TWO(anchor, pNameConstraints);
PKIX_INCREF(anchor->nameConstraints);
*pNameConstraints = anchor->nameConstraints;
PKIX_RETURN(TRUSTANCHOR);
}

68
security/nss/lib/libpkix/pkix/params/pkix_trustanchor.h Executable file
Просмотреть файл

@ -0,0 +1,68 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_trustanchor.h
*
* TrustAnchor Object Type Definition
*
*/
#ifndef _PKIX_TRUSTANCHOR_H
#define _PKIX_TRUSTANCHOR_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
struct PKIX_TrustAnchorStruct {
PKIX_PL_Cert *trustedCert;
PKIX_PL_X500Name *caName;
PKIX_PL_PublicKey *caPubKey;
PKIX_PL_CertNameConstraints *nameConstraints;
};
/* see source file for function documentation */
PKIX_Error *pkix_TrustAnchor_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_TRUSTANCHOR_H */

361
security/nss/lib/libpkix/pkix/params/pkix_valparams.c Executable file
Просмотреть файл

@ -0,0 +1,361 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_valparams.c
*
* Validate Params Object Functions
*
*/
#include "pkix_valparams.h"
/* --Private-Functions-------------------------------------------- */
/*
* FUNCTION: pkix_ValidateParams_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ValidateParams_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
PKIX_ValidateParams *params = NULL;
PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_Destroy");
PKIX_NULLCHECK_ONE(object);
/* Check that this object is a validate params object */
PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATEPARAMS_TYPE, plContext),
PKIX_OBJECTNOTVALIDATEPARAMS);
params = (PKIX_ValidateParams *)object;
PKIX_DECREF(params->procParams);
PKIX_DECREF(params->chain);
cleanup:
PKIX_RETURN(VALIDATEPARAMS);
}
/*
* FUNCTION: pkix_ValidateParams_Equals
* (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ValidateParams_Equals(
PKIX_PL_Object *first,
PKIX_PL_Object *second,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_UInt32 secondType;
PKIX_Boolean cmpResult;
PKIX_ValidateParams *firstValParams = NULL;
PKIX_ValidateParams *secondValParams = NULL;
PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_Equals");
PKIX_NULLCHECK_THREE(first, second, pResult);
PKIX_CHECK(pkix_CheckType(first, PKIX_VALIDATEPARAMS_TYPE, plContext),
PKIX_FIRSTOBJECTNOTVALIDATEPARAMS);
PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
*pResult = PKIX_FALSE;
if (secondType != PKIX_VALIDATEPARAMS_TYPE) goto cleanup;
firstValParams = (PKIX_ValidateParams *)first;
secondValParams = (PKIX_ValidateParams *)second;
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstValParams->procParams,
(PKIX_PL_Object *)secondValParams->procParams,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
if (!cmpResult) goto cleanup;
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstValParams->chain,
(PKIX_PL_Object *)secondValParams->chain,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
if (!cmpResult) goto cleanup;
*pResult = cmpResult;
cleanup:
PKIX_RETURN(VALIDATEPARAMS);
}
/*
* FUNCTION: pkix_ValidateParams_Hashcode
* (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ValidateParams_Hashcode(
PKIX_PL_Object *object,
PKIX_UInt32 *pHashcode,
void *plContext)
{
PKIX_ValidateParams *valParams = NULL;
PKIX_UInt32 hash = 0;
PKIX_UInt32 procParamsHash = 0;
PKIX_UInt32 chainHash = 0;
PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_Hashcode");
PKIX_NULLCHECK_TWO(object, pHashcode);
PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATEPARAMS_TYPE, plContext),
PKIX_OBJECTNOTVALIDATEPARAMS);
valParams = (PKIX_ValidateParams*)object;
PKIX_CHECK(PKIX_PL_Object_Hashcode
((PKIX_PL_Object *)valParams->procParams,
&procParamsHash,
plContext),
PKIX_OBJECTHASHCODEFAILED);
PKIX_CHECK(PKIX_PL_Object_Hashcode
((PKIX_PL_Object *)valParams->chain,
&chainHash,
plContext),
PKIX_OBJECTHASHCODEFAILED);
hash = 31 * procParamsHash + chainHash;
*pHashcode = hash;
cleanup:
PKIX_RETURN(VALIDATEPARAMS);
}
/*
* FUNCTION: pkix_ValidateParams_ToString
* (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ValidateParams_ToString(
PKIX_PL_Object *object,
PKIX_PL_String **pString,
void *plContext)
{
PKIX_ValidateParams *valParams = NULL;
char *asciiFormat = NULL;
PKIX_PL_String *formatString = NULL;
PKIX_PL_String *valParamsString = NULL;
PKIX_PL_String *procParamsString = NULL;
PKIX_PL_String *chainString = NULL;
PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_ToString");
PKIX_NULLCHECK_TWO(object, pString);
PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATEPARAMS_TYPE, plContext),
PKIX_OBJECTNOTVALIDATEPARAMS);
asciiFormat =
"[\n"
"\tProcessing Params: \n"
"\t********BEGIN PROCESSING PARAMS********\n"
"\t\t%s\n"
"\t********END PROCESSING PARAMS********\n"
"\tChain: \t\t%s\n"
"]\n";
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
asciiFormat,
0,
&formatString,
plContext),
PKIX_STRINGCREATEFAILED);
valParams = (PKIX_ValidateParams*)object;
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object*)valParams->procParams,
&procParamsString,
plContext),
PKIX_OBJECTTOSTRINGFAILED);
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)valParams->chain,
&chainString,
plContext),
PKIX_OBJECTTOSTRINGFAILED);
PKIX_CHECK(PKIX_PL_Sprintf
(&valParamsString,
plContext,
formatString,
procParamsString,
chainString),
PKIX_SPRINTFFAILED);
*pString = valParamsString;
cleanup:
PKIX_DECREF(formatString);
PKIX_DECREF(procParamsString);
PKIX_DECREF(chainString);
PKIX_RETURN(VALIDATEPARAMS);
}
/*
* FUNCTION: pkix_ValidateParams_RegisterSelf
* DESCRIPTION:
* Registers PKIX_VALIDATEPARAMS_TYPE and its related functions with
* systemClasses[]
* THREAD SAFETY:
* Not Thread Safe - for performance and complexity reasons
*
* Since this function is only called by PKIX_PL_Initialize, which should
* only be called once, it is acceptable that this function is not
* thread-safe.
*/
PKIX_Error *
pkix_ValidateParams_RegisterSelf(void *plContext)
{
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
pkix_ClassTable_Entry entry;
PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_RegisterSelf");
entry.description = "ValidateParams";
entry.destructor = pkix_ValidateParams_Destroy;
entry.equalsFunction = pkix_ValidateParams_Equals;
entry.hashcodeFunction = pkix_ValidateParams_Hashcode;
entry.toStringFunction = pkix_ValidateParams_ToString;
entry.comparator = NULL;
entry.duplicateFunction = NULL;
systemClasses[PKIX_VALIDATEPARAMS_TYPE] = entry;
PKIX_RETURN(VALIDATEPARAMS);
}
/* --Public-Functions--------------------------------------------- */
/*
* FUNCTION: PKIX_ValidateParams_Create (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ValidateParams_Create(
PKIX_ProcessingParams *procParams,
PKIX_List *chain,
PKIX_ValidateParams **pParams,
void *plContext)
{
PKIX_ValidateParams *params = NULL;
PKIX_ENTER(VALIDATEPARAMS, "PKIX_ValidateParams_Create");
PKIX_NULLCHECK_THREE(procParams, chain, pParams);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_VALIDATEPARAMS_TYPE,
sizeof (PKIX_ValidateParams),
(PKIX_PL_Object **)&params,
plContext),
PKIX_COULDNOTCREATEVALIDATEPARAMSOBJECT);
/* initialize fields */
PKIX_INCREF(procParams);
params->procParams = procParams;
PKIX_INCREF(chain);
params->chain = chain;
*pParams = params;
cleanup:
PKIX_RETURN(VALIDATEPARAMS);
}
/*
* FUNCTION: PKIX_ValidateParams_GetProcessingParams
* (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ValidateParams_GetProcessingParams(
PKIX_ValidateParams *valParams,
PKIX_ProcessingParams **pProcParams,
void *plContext)
{
PKIX_ENTER(VALIDATEPARAMS, "PKIX_ValidateParams_GetProcessingParams");
PKIX_NULLCHECK_TWO(valParams, pProcParams);
PKIX_INCREF(valParams->procParams);
*pProcParams = valParams->procParams;
PKIX_RETURN(VALIDATEPARAMS);
}
/*
* FUNCTION: PKIX_ValidateParams_GetCertChain (see comments in pkix_params.h)
*/
PKIX_Error *
PKIX_ValidateParams_GetCertChain(
PKIX_ValidateParams *valParams,
PKIX_List **pChain,
void *plContext)
{
PKIX_ENTER(VALIDATEPARAMS, "PKIX_ValidateParams_GetCertChain");
PKIX_NULLCHECK_TWO(valParams, pChain);
PKIX_INCREF(valParams->chain);
*pChain = valParams->chain;
PKIX_RETURN(VALIDATEPARAMS);
}

66
security/nss/lib/libpkix/pkix/params/pkix_valparams.h Executable file
Просмотреть файл

@ -0,0 +1,66 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_valparams.h
*
* ValidateParams Object Type Definition
*
*/
#ifndef _PKIX_VALIDATEPARAMS_H
#define _PKIX_VALIDATEPARAMS_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
struct PKIX_ValidateParamsStruct {
PKIX_ProcessingParams *procParams; /* Never NULL */
PKIX_List *chain; /* Never NULL */
};
/* see source file for function documentation */
PKIX_Error *pkix_ValidateParams_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_VALIDATEPARAMS_H */

80
security/nss/lib/libpkix/pkix/results/Makefile Executable file
Просмотреть файл

@ -0,0 +1,80 @@
#! gmake
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include config.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
export:: private_export

47
security/nss/lib/libpkix/pkix/results/config.mk Executable file
Просмотреть файл

@ -0,0 +1,47 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#
# Override TARGETS variable so that only static libraries
# are specifed as dependencies within rules.mk.
#
TARGETS = $(LIBRARY)
SHARED_LIBRARY =
IMPORT_LIBRARY =
PROGRAM =

61
security/nss/lib/libpkix/pkix/results/manifest.mn Executable file
Просмотреть файл

@ -0,0 +1,61 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CORE_DEPTH = ../../../../..
EXPORTS = \
$(NULL)
PRIVATE_EXPORTS = \
pkix_buildresult.h \
pkix_policynode.h \
pkix_valresult.h \
pkix_verifynode.h \
$(NULL)
MODULE = nss
CSRCS = \
pkix_buildresult.c \
pkix_policynode.c \
pkix_valresult.c \
pkix_verifynode.c \
$(NULL)
REQUIRES = dbm
LIBRARY_NAME = results

388
security/nss/lib/libpkix/pkix/results/pkix_buildresult.c Executable file
Просмотреть файл

@ -0,0 +1,388 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_buildresult.c
*
* BuildResult Object Functions
*
*/
#include "pkix_buildresult.h"
/* --Private-Functions-------------------------------------------- */
/*
* FUNCTION: pkix_BuildResult_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_BuildResult_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
PKIX_BuildResult *result = NULL;
PKIX_ENTER(BUILDRESULT, "pkix_BuildResult_Destroy");
PKIX_NULLCHECK_ONE(object);
/* Check that this object is a build result object */
PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDRESULT_TYPE, plContext),
PKIX_OBJECTNOTBUILDRESULT);
result = (PKIX_BuildResult *)object;
PKIX_DECREF(result->valResult);
PKIX_DECREF(result->certChain);
cleanup:
PKIX_RETURN(BUILDRESULT);
}
/*
* FUNCTION: pkix_BuildResult_Equals
* (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_BuildResult_Equals(
PKIX_PL_Object *first,
PKIX_PL_Object *second,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_UInt32 secondType;
PKIX_Boolean cmpResult;
PKIX_BuildResult *firstBuildResult = NULL;
PKIX_BuildResult *secondBuildResult = NULL;
PKIX_ENTER(BUILDRESULT, "pkix_BuildResult_Equals");
PKIX_NULLCHECK_THREE(first, second, pResult);
PKIX_CHECK(pkix_CheckType(first, PKIX_BUILDRESULT_TYPE, plContext),
PKIX_FIRSTOBJECTNOTBUILDRESULT);
PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
*pResult = PKIX_FALSE;
if (secondType != PKIX_BUILDRESULT_TYPE) goto cleanup;
firstBuildResult = (PKIX_BuildResult *)first;
secondBuildResult = (PKIX_BuildResult *)second;
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstBuildResult->valResult,
(PKIX_PL_Object *)secondBuildResult->valResult,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
if (!cmpResult) goto cleanup;
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstBuildResult->certChain,
(PKIX_PL_Object *)secondBuildResult->certChain,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
if (!cmpResult) goto cleanup;
/*
* The remaining case is that both are null,
* which we consider equality.
* cmpResult = PKIX_TRUE;
*/
*pResult = cmpResult;
cleanup:
PKIX_RETURN(BUILDRESULT);
}
/*
* FUNCTION: pkix_BuildResult_Hashcode
* (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_BuildResult_Hashcode(
PKIX_PL_Object *object,
PKIX_UInt32 *pHashcode,
void *plContext)
{
PKIX_BuildResult *buildResult = NULL;
PKIX_UInt32 hash = 0;
PKIX_UInt32 valResultHash = 0;
PKIX_UInt32 certChainHash = 0;
PKIX_ENTER(BUILDRESULT, "pkix_BuildResult_Hashcode");
PKIX_NULLCHECK_TWO(object, pHashcode);
PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDRESULT_TYPE, plContext),
PKIX_OBJECTNOTBUILDRESULT);
buildResult = (PKIX_BuildResult*)object;
PKIX_CHECK(PKIX_PL_Object_Hashcode
((PKIX_PL_Object *)buildResult->valResult,
&valResultHash,
plContext),
PKIX_OBJECTHASHCODEFAILED);
PKIX_CHECK(PKIX_PL_Object_Hashcode
((PKIX_PL_Object *)buildResult->certChain,
&certChainHash,
plContext),
PKIX_OBJECTHASHCODEFAILED);
hash = 31*(31 * valResultHash + certChainHash);
*pHashcode = hash;
cleanup:
PKIX_RETURN(BUILDRESULT);
}
/*
* FUNCTION: pkix_BuildResult_ToString
* (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_BuildResult_ToString(
PKIX_PL_Object *object,
PKIX_PL_String **pString,
void *plContext)
{
PKIX_BuildResult *buildResult = NULL;
PKIX_PL_String *formatString = NULL;
PKIX_PL_String *buildResultString = NULL;
PKIX_ValidateResult *valResult = NULL;
PKIX_List *certChain = NULL;
PKIX_PL_String *valResultString = NULL;
PKIX_PL_String *certChainString = NULL;
char *asciiFormat =
"[\n"
"\tValidateResult: \t\t%s"
"\tCertChain: \t\t%s\n"
"]\n";
PKIX_ENTER(BUILDRESULT, "pkix_BuildResult_ToString");
PKIX_NULLCHECK_TWO(object, pString);
PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDRESULT_TYPE, plContext),
PKIX_OBJECTNOTBUILDRESULT);
buildResult = (PKIX_BuildResult*)object;
valResult = buildResult->valResult;
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext),
PKIX_STRINGCREATEFAILED);
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)valResult, &valResultString, plContext),
PKIX_OBJECTTOSTRINGFAILED);
certChain = buildResult->certChain;
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)certChain, &certChainString, plContext),
PKIX_OBJECTTOSTRINGFAILED);
PKIX_CHECK(PKIX_PL_Sprintf
(&buildResultString,
plContext,
formatString,
valResultString,
certChainString),
PKIX_SPRINTFFAILED);
*pString = buildResultString;
cleanup:
PKIX_DECREF(formatString);
PKIX_DECREF(valResultString);
PKIX_DECREF(certChainString);
PKIX_RETURN(BUILDRESULT);
}
/*
* FUNCTION: pkix_BuildResult_RegisterSelf
* DESCRIPTION:
* Registers PKIX_BUILDRESULT_TYPE and its related functions with
* systemClasses[]
* THREAD SAFETY:
* Not Thread Safe - for performance and complexity reasons
*
* Since this function is only called by PKIX_PL_Initialize, which should
* only be called once, it is acceptable that this function is not
* thread-safe.
*/
PKIX_Error *
pkix_BuildResult_RegisterSelf(void *plContext)
{
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
pkix_ClassTable_Entry entry;
PKIX_ENTER(BUILDRESULT, "pkix_BuildResult_RegisterSelf");
entry.description = "BuildResult";
entry.destructor = pkix_BuildResult_Destroy;
entry.equalsFunction = pkix_BuildResult_Equals;
entry.hashcodeFunction = pkix_BuildResult_Hashcode;
entry.toStringFunction = pkix_BuildResult_ToString;
entry.comparator = NULL;
entry.duplicateFunction = pkix_duplicateImmutable;
systemClasses[PKIX_BUILDRESULT_TYPE] = entry;
PKIX_RETURN(BUILDRESULT);
}
/*
* FUNCTION: pkix_BuildResult_Create
* DESCRIPTION:
*
* Creates a new BuildResult Object using the ValidateResult pointed to by
* "valResult" and the List pointed to by "certChain", and stores it at
* "pResult".
*
* PARAMETERS
* "valResult"
* Address of ValidateResult component. Must be non-NULL.
* "certChain
* Address of List component. Must be non-NULL.
* "pResult"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_BuildResult_Create(
PKIX_ValidateResult *valResult,
PKIX_List *certChain,
PKIX_BuildResult **pResult,
void *plContext)
{
PKIX_BuildResult *result = NULL;
PKIX_ENTER(BUILDRESULT, "pkix_BuildResult_Create");
PKIX_NULLCHECK_THREE(valResult, certChain, pResult);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_BUILDRESULT_TYPE,
sizeof (PKIX_BuildResult),
(PKIX_PL_Object **)&result,
plContext),
PKIX_COULDNOTCREATEBUILDRESULTOBJECT);
/* initialize fields */
PKIX_INCREF(valResult);
result->valResult = valResult;
PKIX_INCREF(certChain);
result->certChain = certChain;
PKIX_CHECK(PKIX_List_SetImmutable(result->certChain, plContext),
PKIX_LISTSETIMMUTABLEFAILED);
*pResult = result;
cleanup:
PKIX_RETURN(BUILDRESULT);
}
/* --Public-Functions--------------------------------------------- */
/*
* FUNCTION: PKIX_BuildResult_GetValidateResult
* (see comments in pkix_result.h)
*/
PKIX_Error *
PKIX_BuildResult_GetValidateResult(
PKIX_BuildResult *result,
PKIX_ValidateResult **pResult,
void *plContext)
{
PKIX_ENTER(BUILDRESULT, "PKIX_BuildResult_GetValidateResult");
PKIX_NULLCHECK_TWO(result, pResult);
PKIX_INCREF(result->valResult);
*pResult = result->valResult;
PKIX_RETURN(BUILDRESULT);
}
/*
* FUNCTION: PKIX_BuildResult_GetCertChain
* (see comments in pkix_result.h)
*/
PKIX_Error *
PKIX_BuildResult_GetCertChain(
PKIX_BuildResult *result,
PKIX_List **pChain,
void *plContext)
{
PKIX_ENTER(BUILDRESULT, "PKIX_BuildResult_GetCertChain");
PKIX_NULLCHECK_TWO(result, pChain);
PKIX_INCREF(result->certChain);
*pChain = result->certChain;
PKIX_RETURN(BUILDRESULT);
}

73
security/nss/lib/libpkix/pkix/results/pkix_buildresult.h Executable file
Просмотреть файл

@ -0,0 +1,73 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_buildresult.h
*
* BuildResult Object Type Definition
*
*/
#ifndef _PKIX_BUILDRESULT_H
#define _PKIX_BUILDRESULT_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
struct PKIX_BuildResultStruct {
PKIX_ValidateResult *valResult;
PKIX_List *certChain;
};
/* see source file for function documentation */
PKIX_Error *
pkix_BuildResult_Create(
PKIX_ValidateResult *valResult,
PKIX_List *certChain,
PKIX_BuildResult **pResult,
void *plContext);
PKIX_Error *pkix_BuildResult_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_BUILDRESULT_H */

1404
security/nss/lib/libpkix/pkix/results/pkix_policynode.c Executable file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

107
security/nss/lib/libpkix/pkix/results/pkix_policynode.h Executable file
Просмотреть файл

@ -0,0 +1,107 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_policynode.h
*
* PolicyNode Type Definitions
*
*/
#ifndef _PKIX_POLICYNODE_H
#define _PKIX_POLICYNODE_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
/* This structure reflects the contents of a policy node...
*/
struct PKIX_PolicyNodeStruct {
PKIX_PL_OID *validPolicy;
PKIX_List *qualifierSet; /* CertPolicyQualifiers */
PKIX_Boolean criticality;
PKIX_List *expectedPolicySet; /* OIDs */
PKIX_PolicyNode *parent;
PKIX_List *children; /* PolicyNodes */
PKIX_UInt32 depth;
};
PKIX_Error *
pkix_SinglePolicyNode_ToString(
PKIX_PolicyNode *node,
PKIX_PL_String **pString,
void *plContext);
PKIX_Error *
pkix_PolicyNode_GetChildrenMutable(
PKIX_PolicyNode *node,
PKIX_List **pChildren, /* PolicyNodes */
void *plContext);
PKIX_Error *
pkix_PolicyNode_Create(
PKIX_PL_OID *validPolicy,
PKIX_List *qualifierSet, /* CertPolicyQualifiers */
PKIX_Boolean criticality,
PKIX_List *expectedPolicySet, /* OIDs */
PKIX_PolicyNode **pObject,
void *plContext);
PKIX_Error *
pkix_PolicyNode_AddToParent(
PKIX_PolicyNode *parentNode,
PKIX_PolicyNode *child,
void *plContext);
PKIX_Error *
pkix_PolicyNode_Prune(
PKIX_PolicyNode *node,
PKIX_UInt32 depth,
PKIX_Boolean *pDelete,
void *plContext);
PKIX_Error *
pkix_PolicyNode_RegisterSelf(
void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_POLICYNODE_H */

457
security/nss/lib/libpkix/pkix/results/pkix_valresult.c Executable file
Просмотреть файл

@ -0,0 +1,457 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_valresult.c
*
* ValidateResult Object Functions
*
*/
#include "pkix_valresult.h"
/* --Private-Functions-------------------------------------------- */
/*
* FUNCTION: pkix_ValidateResult_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ValidateResult_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
PKIX_ValidateResult *result = NULL;
PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_Destroy");
PKIX_NULLCHECK_ONE(object);
/* Check that this object is a validate result object */
PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATERESULT_TYPE, plContext),
PKIX_OBJECTNOTVALIDATERESULT);
result = (PKIX_ValidateResult *)object;
PKIX_DECREF(result->anchor);
PKIX_DECREF(result->pubKey);
PKIX_DECREF(result->policyTree);
cleanup:
PKIX_RETURN(VALIDATERESULT);
}
/*
* FUNCTION: pkix_ValidateResult_Equals
* (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ValidateResult_Equals(
PKIX_PL_Object *first,
PKIX_PL_Object *second,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_UInt32 secondType;
PKIX_Boolean cmpResult;
PKIX_ValidateResult *firstValResult = NULL;
PKIX_ValidateResult *secondValResult = NULL;
PKIX_PolicyNode *firstTree = NULL;
PKIX_PolicyNode *secondTree = NULL;
PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_Equals");
PKIX_NULLCHECK_THREE(first, second, pResult);
PKIX_CHECK(pkix_CheckType(first, PKIX_VALIDATERESULT_TYPE, plContext),
PKIX_FIRSTOBJECTNOTVALIDATERESULT);
PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
*pResult = PKIX_FALSE;
if (secondType != PKIX_VALIDATERESULT_TYPE) goto cleanup;
firstValResult = (PKIX_ValidateResult *)first;
secondValResult = (PKIX_ValidateResult *)second;
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstValResult->pubKey,
(PKIX_PL_Object *)secondValResult->pubKey,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
if (!cmpResult) goto cleanup;
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstValResult->anchor,
(PKIX_PL_Object *)secondValResult->anchor,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
if (!cmpResult) goto cleanup;
firstTree = firstValResult->policyTree;
secondTree = secondValResult->policyTree;
if ((firstTree != NULL) && (secondTree != NULL)) {
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *)firstTree,
(PKIX_PL_Object *)secondTree,
&cmpResult,
plContext),
PKIX_OBJECTEQUALSFAILED);
} else {
if (PKIX_EXACTLY_ONE_NULL(firstTree, secondTree)) {
cmpResult = PKIX_FALSE;
}
}
/*
* The remaining case is that both are null,
* which we consider equality.
* cmpResult = PKIX_TRUE;
*/
*pResult = cmpResult;
cleanup:
PKIX_RETURN(VALIDATERESULT);
}
/*
* FUNCTION: pkix_ValidateResult_Hashcode
* (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ValidateResult_Hashcode(
PKIX_PL_Object *object,
PKIX_UInt32 *pHashcode,
void *plContext)
{
PKIX_ValidateResult *valResult = NULL;
PKIX_UInt32 hash = 0;
PKIX_UInt32 pubKeyHash = 0;
PKIX_UInt32 anchorHash = 0;
PKIX_UInt32 policyTreeHash = 0;
PKIX_PolicyNode *policyTree = NULL;
PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_Hashcode");
PKIX_NULLCHECK_TWO(object, pHashcode);
PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATERESULT_TYPE, plContext),
PKIX_OBJECTNOTVALIDATERESULT);
valResult = (PKIX_ValidateResult*)object;
PKIX_CHECK(PKIX_PL_Object_Hashcode
((PKIX_PL_Object *)valResult->pubKey, &pubKeyHash, plContext),
PKIX_OBJECTHASHCODEFAILED);
PKIX_CHECK(PKIX_PL_Object_Hashcode
((PKIX_PL_Object *)valResult->anchor, &anchorHash, plContext),
PKIX_OBJECTHASHCODEFAILED);
policyTree = valResult->policyTree;
if (policyTree) {
PKIX_CHECK(PKIX_PL_Object_Hashcode
((PKIX_PL_Object *)valResult->policyTree,
&policyTreeHash,
plContext),
PKIX_OBJECTHASHCODEFAILED);
}
hash = 31*(31 * pubKeyHash + anchorHash) + policyTreeHash;
*pHashcode = hash;
cleanup:
PKIX_RETURN(VALIDATERESULT);
}
/*
* FUNCTION: pkix_ValidateResult_ToString
* (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_ValidateResult_ToString(
PKIX_PL_Object *object,
PKIX_PL_String **pString,
void *plContext)
{
PKIX_ValidateResult *valResult = NULL;
PKIX_PL_String *formatString = NULL;
PKIX_PL_String *valResultString = NULL;
PKIX_TrustAnchor *anchor = NULL;
PKIX_PL_PublicKey *pubKey = NULL;
PKIX_PolicyNode *policyTree = NULL;
PKIX_PL_String *anchorString = NULL;
PKIX_PL_String *pubKeyString = NULL;
PKIX_PL_String *treeString = NULL;
char *asciiNullString = "(null)";
char *asciiFormat =
"[\n"
"\tTrustAnchor: \t\t%s"
"\tPubKey: \t\t%s\n"
"\tPolicyTree: \t\t%s\n"
"]\n";
PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_ToString");
PKIX_NULLCHECK_TWO(object, pString);
PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATERESULT_TYPE, plContext),
PKIX_OBJECTNOTVALIDATERESULT);
valResult = (PKIX_ValidateResult*)object;
anchor = valResult->anchor;
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext),
PKIX_STRINGCREATEFAILED);
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)anchor, &anchorString, plContext),
PKIX_OBJECTTOSTRINGFAILED);
pubKey = valResult->pubKey;
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)pubKey, &pubKeyString, plContext),
PKIX_OBJECTTOSTRINGFAILED);
PKIX_CHECK(PKIX_ValidateResult_GetPolicyTree
(valResult, &policyTree, plContext),
PKIX_VALIDATERESULTGETPOLICYTREEFAILED);
if (policyTree) {
PKIX_CHECK(PKIX_PL_Object_ToString
((PKIX_PL_Object *)policyTree, &treeString, plContext),
PKIX_OBJECTTOSTRINGFAILED);
} else {
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII,
asciiNullString,
0,
&treeString,
plContext),
PKIX_STRINGCREATEFAILED);
}
PKIX_CHECK(PKIX_PL_Sprintf
(&valResultString,
plContext,
formatString,
anchorString,
pubKeyString,
treeString),
PKIX_SPRINTFFAILED);
*pString = valResultString;
cleanup:
PKIX_DECREF(formatString);
PKIX_DECREF(anchorString);
PKIX_DECREF(pubKeyString);
PKIX_DECREF(policyTree);
PKIX_DECREF(treeString);
PKIX_RETURN(VALIDATERESULT);
}
/*
* FUNCTION: pkix_ValidateResult_RegisterSelf
* DESCRIPTION:
* Registers PKIX_VALIDATERESULT_TYPE and its related functions with
* systemClasses[]
* THREAD SAFETY:
* Not Thread Safe - for performance and complexity reasons
*
* Since this function is only called by PKIX_PL_Initialize, which should
* only be called once, it is acceptable that this function is not
* thread-safe.
*/
PKIX_Error *
pkix_ValidateResult_RegisterSelf(void *plContext)
{
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
pkix_ClassTable_Entry entry;
PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_RegisterSelf");
entry.description = "ValidateResult";
entry.destructor = pkix_ValidateResult_Destroy;
entry.equalsFunction = pkix_ValidateResult_Equals;
entry.hashcodeFunction = pkix_ValidateResult_Hashcode;
entry.toStringFunction = pkix_ValidateResult_ToString;
entry.comparator = NULL;
entry.duplicateFunction = pkix_duplicateImmutable;
systemClasses[PKIX_VALIDATERESULT_TYPE] = entry;
PKIX_RETURN(VALIDATERESULT);
}
/*
* FUNCTION: pkix_ValidateResult_Create
* DESCRIPTION:
*
* Creates a new ValidateResult Object using the PublicKey pointed to by
* "pubKey", the TrustAnchor pointed to by "anchor", and the PolicyNode
* pointed to by "policyTree", and stores it at "pResult".
*
* PARAMETERS
* "pubKey"
* PublicKey of the desired ValidateResult. Must be non-NULL.
* "anchor"
* TrustAnchor of the desired Validateresult. Must be non-NULL.
* "policyTree"
* PolicyNode of the desired ValidateResult; may be NULL
* "pResult"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_ValidateResult_Create(
PKIX_PL_PublicKey *pubKey,
PKIX_TrustAnchor *anchor,
PKIX_PolicyNode *policyTree,
PKIX_ValidateResult **pResult,
void *plContext)
{
PKIX_ValidateResult *result = NULL;
PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_Create");
PKIX_NULLCHECK_THREE(pubKey, anchor, pResult);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_VALIDATERESULT_TYPE,
sizeof (PKIX_ValidateResult),
(PKIX_PL_Object **)&result,
plContext),
PKIX_COULDNOTCREATEVALIDATERESULTOBJECT);
/* initialize fields */
PKIX_INCREF(pubKey);
result->pubKey = pubKey;
PKIX_INCREF(anchor);
result->anchor = anchor;
PKIX_INCREF(policyTree);
result->policyTree = policyTree;
*pResult = result;
cleanup:
PKIX_RETURN(VALIDATERESULT);
}
/* --Public-Functions--------------------------------------------- */
/*
* FUNCTION: PKIX_ValidateResult_GetPublicKey
* (see comments in pkix_result.h)
*/
PKIX_Error *
PKIX_ValidateResult_GetPublicKey(
PKIX_ValidateResult *result,
PKIX_PL_PublicKey **pPublicKey,
void *plContext)
{
PKIX_ENTER(VALIDATERESULT, "PKIX_ValidateResult_GetPublicKey");
PKIX_NULLCHECK_TWO(result, pPublicKey);
PKIX_INCREF(result->pubKey);
*pPublicKey = result->pubKey;
PKIX_RETURN(VALIDATERESULT);
}
/*
* FUNCTION: PKIX_ValidateResult_GetTrustAnchor
* (see comments in pkix_result.h)
*/
PKIX_Error *
PKIX_ValidateResult_GetTrustAnchor(
PKIX_ValidateResult *result,
PKIX_TrustAnchor **pTrustAnchor,
void *plContext)
{
PKIX_ENTER(VALIDATERESULT, "PKIX_ValidateResult_GetTrustAnchor");
PKIX_NULLCHECK_TWO(result, pTrustAnchor);
PKIX_INCREF(result->anchor);
*pTrustAnchor = result->anchor;
PKIX_RETURN(VALIDATERESULT);
}
/*
* FUNCTION: PKIX_ValidateResult_GetPolicyTree
* (see comments in pkix_result.h)
*/
PKIX_Error *
PKIX_ValidateResult_GetPolicyTree(
PKIX_ValidateResult *result,
PKIX_PolicyNode **pPolicyTree,
void *plContext)
{
PKIX_ENTER(VALIDATERESULT, "PKIX_ValidateResult_GetPolicyTree");
PKIX_NULLCHECK_TWO(result, pPolicyTree);
PKIX_INCREF(result->policyTree);
(*pPolicyTree) = result->policyTree;
PKIX_RETURN(VALIDATERESULT);
}

76
security/nss/lib/libpkix/pkix/results/pkix_valresult.h Executable file
Просмотреть файл

@ -0,0 +1,76 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_valresult.h
*
* ValidateResult Object Type Definition
*
*/
#ifndef _PKIX_VALIDATERESULT_H
#define _PKIX_VALIDATERESULT_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
struct PKIX_ValidateResultStruct {
PKIX_PL_PublicKey *pubKey;
PKIX_TrustAnchor *anchor;
PKIX_PolicyNode *policyTree;
};
/* see source file for function documentation */
PKIX_Error *
pkix_ValidateResult_Create(
PKIX_PL_PublicKey *pubKey,
PKIX_TrustAnchor *anchor,
PKIX_PolicyNode *policyTree,
PKIX_ValidateResult **pResult,
void *plContext);
PKIX_Error *pkix_ValidateResult_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_VALIDATERESULT_H */

1136
security/nss/lib/libpkix/pkix/results/pkix_verifynode.c Executable file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

102
security/nss/lib/libpkix/pkix/results/pkix_verifynode.h Executable file
Просмотреть файл

@ -0,0 +1,102 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_verifynode.h
*
* VerifyNode Type Definitions
*
*/
#ifndef _PKIX_VERIFYNODE_H
#define _PKIX_VERIFYNODE_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
/* This structure reflects the contents of a verify node...
*/
struct PKIX_VerifyNodeStruct {
PKIX_PL_Cert *verifyCert;
PKIX_List *children; /* VerifyNodes */
PKIX_UInt32 depth;
PKIX_Error *error;
};
PKIX_Error *
pkix_SingleVerifyNode_ToString(
PKIX_VerifyNode *node,
PKIX_PL_String **pString,
void *plContext);
PKIX_Error *
pkix_VerifyNode_Create(
PKIX_PL_Cert *verifyCert,
PKIX_UInt32 depth,
PKIX_Error *error,
PKIX_VerifyNode **pObject,
void *plContext);
PKIX_Error *
pkix_VerifyNode_AddToChain(
PKIX_VerifyNode *parentNode,
PKIX_VerifyNode *child,
void *plContext);
PKIX_Error *
pkix_VerifyNode_AddToTree(
PKIX_VerifyNode *parentNode,
PKIX_VerifyNode *child,
void *plContext);
PKIX_Error *
pkix_VerifyNode_SetError(
PKIX_VerifyNode *node,
PKIX_Error *error,
void *plContext);
PKIX_Error *
pkix_VerifyNode_RegisterSelf(
void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_VERIFYNODE_H */

80
security/nss/lib/libpkix/pkix/store/Makefile Executable file
Просмотреть файл

@ -0,0 +1,80 @@
#! gmake
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include config.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
export:: private_export

47
security/nss/lib/libpkix/pkix/store/config.mk Executable file
Просмотреть файл

@ -0,0 +1,47 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#
# Override TARGETS variable so that only static libraries
# are specifed as dependencies within rules.mk.
#
TARGETS = $(LIBRARY)
SHARED_LIBRARY =
IMPORT_LIBRARY =
PROGRAM =

55
security/nss/lib/libpkix/pkix/store/manifest.mn Executable file
Просмотреть файл

@ -0,0 +1,55 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CORE_DEPTH = ../../../../..
EXPORTS = \
$(NULL)
PRIVATE_EXPORTS = \
pkix_store.h \
$(NULL)
MODULE = nss
CSRCS = \
pkix_store.c \
$(NULL)
REQUIRES = dbm
LIBRARY_NAME = store

402
security/nss/lib/libpkix/pkix/store/pkix_store.c Executable file
Просмотреть файл

@ -0,0 +1,402 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_store.c
*
* CertStore Function Definitions
*
*/
#include "pkix_store.h"
/* --CertStore-Private-Functions----------------------------------------- */
/*
* FUNCTION: pkix_CertStore_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_CertStore_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
PKIX_CertStore *certStore = NULL;
PKIX_ENTER(CERTSTORE, "pkix_CertStore_Destroy");
PKIX_NULLCHECK_ONE(object);
/* Check that this object is a CertStore object */
PKIX_CHECK(pkix_CheckType(object, PKIX_CERTSTORE_TYPE, plContext),
PKIX_OBJECTNOTCERTSTORE);
certStore = (PKIX_CertStore *)object;
certStore->certCallback = NULL;
certStore->crlCallback = NULL;
certStore->certContinue = NULL;
certStore->crlContinue = NULL;
certStore->trustCallback = NULL;
PKIX_DECREF(certStore->certStoreContext);
cleanup:
PKIX_RETURN(CERTSTORE);
}
/*
* FUNCTION: pkix_CertStore_Hashcode
* (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_CertStore_Hashcode(
PKIX_PL_Object *object,
PKIX_UInt32 *pHashcode,
void *plContext)
{
PKIX_CertStore *certStore = NULL;
PKIX_UInt32 tempHash = 0;
PKIX_ENTER(CERTSTORE, "pkix_CertStore_Hashcode");
PKIX_NULLCHECK_TWO(object, pHashcode);
PKIX_CHECK(pkix_CheckType(object, PKIX_CERTSTORE_TYPE, plContext),
PKIX_OBJECTNOTCERTSTORE);
certStore = (PKIX_CertStore *)object;
if (certStore->certStoreContext) {
PKIX_CHECK(PKIX_PL_Object_Hashcode
((PKIX_PL_Object *) certStore->certStoreContext,
&tempHash,
plContext),
PKIX_CERTSTOREHASHCODEFAILED);
}
*pHashcode = (PKIX_UInt32) certStore->certCallback +
(PKIX_UInt32) certStore->crlCallback +
(PKIX_UInt32) certStore->certContinue +
(PKIX_UInt32) certStore->crlContinue +
(PKIX_UInt32) certStore->trustCallback +
(tempHash << 7);
cleanup:
PKIX_RETURN(CERTSTORE);
}
/*
* FUNCTION: pkix_CertStore_Equals
* (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_CertStore_Equals(
PKIX_PL_Object *firstObject,
PKIX_PL_Object *secondObject,
PKIX_Int32 *pResult,
void *plContext)
{
PKIX_CertStore *firstCS = NULL;
PKIX_CertStore *secondCS = NULL;
PKIX_Boolean cmpResult = PKIX_FALSE;
PKIX_ENTER(CERTSTORE, "pkix_CertStore_Equals");
PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
PKIX_CHECK(pkix_CheckTypes
(firstObject, secondObject, PKIX_CERTSTORE_TYPE, plContext),
PKIX_ARGUMENTSNOTDATES);
firstCS = (PKIX_CertStore *)firstObject;
secondCS = (PKIX_CertStore *)secondObject;
cmpResult = (firstCS->certCallback == secondCS->certCallback) &&
(firstCS->crlCallback == secondCS->crlCallback) &&
(firstCS->certContinue == secondCS->certContinue) &&
(firstCS->crlContinue == secondCS->crlContinue) &&
(firstCS->trustCallback == secondCS->trustCallback);
if (cmpResult &&
(firstCS->certStoreContext != secondCS->certStoreContext)) {
PKIX_CHECK(PKIX_PL_Object_Equals
((PKIX_PL_Object *) firstCS->certStoreContext,
(PKIX_PL_Object *) secondCS->certStoreContext,
&cmpResult,
plContext),
PKIX_CERTSTOREEQUALSFAILED);
}
*pResult = cmpResult;
cleanup:
PKIX_RETURN(CERTSTORE);
}
/*
* FUNCTION: pkix_CertStore_RegisterSelf
* DESCRIPTION:
* Registers PKIX_CERTSTORE_TYPE and its related functions with
* systemClasses[]
* THREAD SAFETY:
* Not Thread Safe - for performance and complexity reasons
*
* Since this function is only called by PKIX_PL_Initialize, which should
* only be called once, it is acceptable that this function is not
* thread-safe.
*/
PKIX_Error *
pkix_CertStore_RegisterSelf(void *plContext)
{
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
pkix_ClassTable_Entry entry;
PKIX_ENTER(CERTSTORE, "pkix_CertStore_RegisterSelf");
entry.description = "CertStore";
entry.destructor = pkix_CertStore_Destroy;
entry.equalsFunction = pkix_CertStore_Equals;
entry.hashcodeFunction = pkix_CertStore_Hashcode;
entry.toStringFunction = NULL;
entry.comparator = NULL;
entry.duplicateFunction = pkix_duplicateImmutable;
systemClasses[PKIX_CERTSTORE_TYPE] = entry;
PKIX_RETURN(CERTSTORE);
}
/* --CertStore-Public-Functions------------------------------------------ */
/*
* FUNCTION: PKIX_CertStore_Create (see comments in pkix_certstore.h)
*/
PKIX_Error *
PKIX_CertStore_Create(
PKIX_CertStore_CertCallback certCallback,
PKIX_CertStore_CRLCallback crlCallback,
PKIX_CertStore_CertContinueFunction certContinue,
PKIX_CertStore_CrlContinueFunction crlContinue,
PKIX_CertStore_CheckTrustCallback trustCallback,
PKIX_PL_Object *certStoreContext,
PKIX_Boolean cacheFlag,
PKIX_Boolean localFlag,
PKIX_CertStore **pStore,
void *plContext)
{
PKIX_CertStore *certStore = NULL;
PKIX_ENTER(CERTSTORE, "PKIX_CertStore_Create");
PKIX_NULLCHECK_THREE(certCallback, crlCallback, pStore);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CERTSTORE_TYPE,
sizeof (PKIX_CertStore),
(PKIX_PL_Object **)&certStore,
plContext),
PKIX_COULDNOTCREATECERTSTOREOBJECT);
certStore->certCallback = certCallback;
certStore->crlCallback = crlCallback;
certStore->certContinue = certContinue;
certStore->crlContinue = crlContinue;
certStore->trustCallback = trustCallback;
certStore->cacheFlag = cacheFlag;
certStore->localFlag = localFlag;
PKIX_INCREF(certStoreContext);
certStore->certStoreContext = certStoreContext;
*pStore = certStore;
cleanup:
PKIX_RETURN(CERTSTORE);
}
/*
* FUNCTION: PKIX_CertStore_GetCertCallback (see comments in pkix_certstore.h)
*/
PKIX_Error *
PKIX_CertStore_GetCertCallback(
PKIX_CertStore *store,
PKIX_CertStore_CertCallback *pCallback,
void *plContext)
{
PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetCertCallback");
PKIX_NULLCHECK_TWO(store, pCallback);
*pCallback = store->certCallback;
PKIX_RETURN(CERTSTORE);
}
/*
* FUNCTION: PKIX_CertStore_GetCRLCallback (see comments in pkix_certstore.h)
*/
PKIX_Error *
PKIX_CertStore_GetCRLCallback(
PKIX_CertStore *store,
PKIX_CertStore_CRLCallback *pCallback,
void *plContext)
{
PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetCRLCallback");
PKIX_NULLCHECK_TWO(store, pCallback);
*pCallback = store->crlCallback;
PKIX_RETURN(CERTSTORE);
}
/*
* FUNCTION: PKIX_CertStore_CertContinue (see comments in pkix_certstore.h)
*/
PKIX_Error *
PKIX_CertStore_CertContinue(
PKIX_CertStore *store,
PKIX_CertSelector *selector,
void **pNBIOContext,
PKIX_List **pCertList,
void *plContext)
{
PKIX_ENTER(CERTSTORE, "PKIX_CertStore_CertContinue");
PKIX_NULLCHECK_FOUR(store, selector, pNBIOContext, pCertList);
PKIX_CHECK(store->certContinue
(store, selector, pNBIOContext, pCertList, plContext),
PKIX_CERTSTORECERTCONTINUEFUNCTIONFAILED);
cleanup:
PKIX_RETURN(CERTSTORE);
}
/*
* FUNCTION: PKIX_CertStore_CrlContinue (see comments in pkix_certstore.h)
*/
PKIX_Error *
PKIX_CertStore_CrlContinue(
PKIX_CertStore *store,
PKIX_CRLSelector *selector,
void **pNBIOContext,
PKIX_List **pCrlList,
void *plContext)
{
PKIX_ENTER(CERTSTORE, "PKIX_CertStore_CrlContinue");
PKIX_NULLCHECK_FOUR(store, selector, pNBIOContext, pCrlList);
PKIX_CHECK(store->crlContinue
(store, selector, pNBIOContext, pCrlList, plContext),
PKIX_CERTSTORECRLCONTINUEFAILED);
cleanup:
PKIX_RETURN(CERTSTORE);
}
/*
* FUNCTION: PKIX_CertStore_GetTrustCallback (see comments in pkix_certstore.h)
*/
PKIX_Error *
PKIX_CertStore_GetTrustCallback(
PKIX_CertStore *store,
PKIX_CertStore_CheckTrustCallback *pCallback,
void *plContext)
{
PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetTrustCallback");
PKIX_NULLCHECK_TWO(store, pCallback);
*pCallback = store->trustCallback;
PKIX_RETURN(CERTSTORE);
}
/*
* FUNCTION: PKIX_CertStore_GetCertStoreContext
* (see comments in pkix_certstore.h)
*/
PKIX_Error *
PKIX_CertStore_GetCertStoreContext(
PKIX_CertStore *store,
PKIX_PL_Object **pCertStoreContext,
void *plContext)
{
PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetCertStoreContext");
PKIX_NULLCHECK_TWO(store, pCertStoreContext);
PKIX_INCREF(store->certStoreContext);
*pCertStoreContext = store->certStoreContext;
PKIX_RETURN(CERTSTORE);
}
/*
* FUNCTION: PKIX_CertStore_GetCertStoreCacheFlag
* (see comments in pkix_certstore.h)
*/
PKIX_Error *
PKIX_CertStore_GetCertStoreCacheFlag(
PKIX_CertStore *store,
PKIX_Boolean *pCacheFlag,
void *plContext)
{
PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetCertStoreCacheFlag");
PKIX_NULLCHECK_TWO(store, pCacheFlag);
*pCacheFlag = store->cacheFlag;
PKIX_RETURN(CERTSTORE);
}
/*
* FUNCTION: PKIX_CertStore_GetLocalFlag
* (see comments in pkix_certstore.h)
*/
PKIX_Error *
PKIX_CertStore_GetLocalFlag(
PKIX_CertStore *store,
PKIX_Boolean *pLocalFlag,
void *plContext)
{
PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetLocalFlag");
PKIX_NULLCHECK_TWO(store, pLocalFlag);
*pLocalFlag = store->localFlag;
PKIX_RETURN(CERTSTORE);
}

72
security/nss/lib/libpkix/pkix/store/pkix_store.h Executable file
Просмотреть файл

@ -0,0 +1,72 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_store.h
*
* CertStore Object Type Definition
*
*/
#ifndef _PKIX_STORE_H
#define _PKIX_STORE_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
struct PKIX_CertStoreStruct {
PKIX_CertStore_CertCallback certCallback;
PKIX_CertStore_CRLCallback crlCallback;
PKIX_CertStore_CertContinueFunction certContinue;
PKIX_CertStore_CrlContinueFunction crlContinue;
PKIX_CertStore_CheckTrustCallback trustCallback;
PKIX_PL_Object *certStoreContext;
PKIX_Boolean cacheFlag;
PKIX_Boolean localFlag; /* TRUE if CertStore is local */
};
/* see source file for function documentation */
PKIX_Error *pkix_CertStore_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_STORE_H */

80
security/nss/lib/libpkix/pkix/top/Makefile Executable file
Просмотреть файл

@ -0,0 +1,80 @@
#! gmake
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include config.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
export:: private_export

47
security/nss/lib/libpkix/pkix/top/config.mk Executable file
Просмотреть файл

@ -0,0 +1,47 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#
# Override TARGETS variable so that only static libraries
# are specifed as dependencies within rules.mk.
#
TARGETS = $(LIBRARY)
SHARED_LIBRARY =
IMPORT_LIBRARY =
PROGRAM =

75
security/nss/lib/libpkix/pkix/top/manifest.mn Executable file
Просмотреть файл

@ -0,0 +1,75 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CORE_DEPTH = ../../../../..
EXPORTS = \
$(NULL)
PRIVATE_EXPORTS = \
pkix_basicconstraintschecker.h \
pkix_nameconstraintschecker.h \
pkix_build.h \
pkix_policychecker.h \
pkix_defaultcrlchecker.h \
pkix_signaturechecker.h \
pkix_expirationchecker.h \
pkix_targetcertchecker.h \
pkix_lifecycle.h \
pkix_validate.h \
pkix_namechainingchecker.h \
$(NULL)
MODULE = nss
CSRCS = \
pkix_signaturechecker.c \
pkix_expirationchecker.c \
pkix_namechainingchecker.c \
pkix_basicconstraintschecker.c \
pkix_policychecker.c \
pkix_validate.c \
pkix_targetcertchecker.c \
pkix_defaultcrlchecker.c \
pkix_nameconstraintschecker.c \
pkix_lifecycle.c \
pkix_build.c \
$(NULL)
REQUIRES = dbm
LIBRARY_NAME = top

338
security/nss/lib/libpkix/pkix/top/pkix_basicconstraintschecker.c Executable file
Просмотреть файл

@ -0,0 +1,338 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_basicconstraintschecker.c
*
* Functions for basic constraints validation
*
*/
#include "pkix_basicconstraintschecker.h"
/* --Private-BasicConstraintsCheckerState-Functions------------------------- */
/*
* FUNCTION: pkix_BasicConstraintsCheckerState_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_BasicConstraintsCheckerState_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
pkix_BasicConstraintsCheckerState *state = NULL;
PKIX_ENTER(BASICCONSTRAINTSCHECKERSTATE,
"pkix_BasicConstraintsCheckerState_Destroy");
PKIX_NULLCHECK_ONE(object);
/* Check that this object is a basic constraints checker state */
PKIX_CHECK(pkix_CheckType
(object, PKIX_BASICCONSTRAINTSCHECKERSTATE_TYPE, plContext),
PKIX_OBJECTNOTBASICCONSTRAINTSCHECKERSTATE);
state = (pkix_BasicConstraintsCheckerState *)object;
PKIX_DECREF(state->basicConstraintsOID);
cleanup:
PKIX_RETURN(BASICCONSTRAINTSCHECKERSTATE);
}
/*
* FUNCTION: pkix_BasicConstraintsCheckerState_RegisterSelf
* DESCRIPTION:
* Registers PKIX_CERT_TYPE and its related functions with systemClasses[]
* THREAD SAFETY:
* Not Thread Safe - for performance and complexity reasons
*
* Since this function is only called by PKIX_PL_Initialize, which should
* only be called once, it is acceptable that this function is not
* thread-safe.
*/
PKIX_Error *
pkix_BasicConstraintsCheckerState_RegisterSelf(void *plContext)
{
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
pkix_ClassTable_Entry entry;
PKIX_ENTER(BASICCONSTRAINTSCHECKERSTATE,
"pkix_BasicConstraintsCheckerState_RegisterSelf");
entry.description = "BasicConstraintsCheckerState";
entry.destructor = pkix_BasicConstraintsCheckerState_Destroy;
entry.equalsFunction = NULL;
entry.hashcodeFunction = NULL;
entry.toStringFunction = NULL;
entry.comparator = NULL;
entry.duplicateFunction = NULL;
systemClasses[PKIX_BASICCONSTRAINTSCHECKERSTATE_TYPE] = entry;
PKIX_RETURN(BASICCONSTRAINTSCHECKERSTATE);
}
/*
* FUNCTION: pkix_BasicConstraintsCheckerState_Create
* DESCRIPTION:
*
* Creates a new BasicConstraintsCheckerState using the number of certs in
* the chain represented by "certsRemaining" and stores it at "pState".
*
* PARAMETERS:
* "certsRemaining"
* Number of certificates in the chain.
* "pState"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a BasicConstraintsCheckerState Error if the function fails in a
* non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_BasicConstraintsCheckerState_Create(
PKIX_UInt32 certsRemaining,
pkix_BasicConstraintsCheckerState **pState,
void *plContext)
{
pkix_BasicConstraintsCheckerState *state = NULL;
PKIX_ENTER(BASICCONSTRAINTSCHECKERSTATE,
"pkix_BasicConstraintsCheckerState_Create");
PKIX_NULLCHECK_ONE(pState);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_BASICCONSTRAINTSCHECKERSTATE_TYPE,
sizeof (pkix_BasicConstraintsCheckerState),
(PKIX_PL_Object **)&state,
plContext),
PKIX_COULDNOTCREATEBASICCONSTRAINTSSTATEOBJECT);
/* initialize fields */
state->certsRemaining = certsRemaining;
state->maxPathLength = PKIX_UNLIMITED_PATH_CONSTRAINT;
PKIX_CHECK(PKIX_PL_OID_Create
(PKIX_BASICCONSTRAINTS_OID,
&state->basicConstraintsOID,
plContext),
PKIX_OIDCREATEFAILED);
*pState = state;
cleanup:
if (PKIX_ERROR_RECEIVED) {
PKIX_DECREF(state);
}
PKIX_RETURN(BASICCONSTRAINTSCHECKERSTATE);
}
/* --Private-BasicConstraintsChecker-Functions------------------------------ */
/*
* FUNCTION: pkix_BasicConstraintsChecker_Check
* (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
*/
PKIX_Error *
pkix_BasicConstraintsChecker_Check(
PKIX_CertChainChecker *checker,
PKIX_PL_Cert *cert,
PKIX_List *unresolvedCriticalExtensions, /* list of PKIX_PL_OID */
void **pNBIOContext,
void *plContext)
{
PKIX_PL_CertBasicConstraints *basicConstraints = NULL;
pkix_BasicConstraintsCheckerState *state = NULL;
PKIX_Boolean caFlag = PKIX_FALSE;
PKIX_Int32 pathLength = 0;
PKIX_Int32 maxPathLength_now;
PKIX_Boolean isSelfIssued = PKIX_FALSE;
PKIX_ENTER(CERTCHAINCHECKER, "pkix_BasicConstraintsChecker_Check");
PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
*pNBIOContext = NULL; /* we never block on pending I/O */
PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
(checker, (PKIX_PL_Object **)&state, plContext),
PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
state->certsRemaining--;
if (state->certsRemaining != 0) {
PKIX_CHECK(PKIX_PL_Cert_GetBasicConstraints
(cert, &basicConstraints, plContext),
PKIX_CERTGETBASICCONSTRAINTSFAILED);
/* get CA Flag and path length */
if (basicConstraints != NULL) {
PKIX_CHECK(PKIX_PL_BasicConstraints_GetCAFlag
(basicConstraints,
&caFlag,
plContext),
PKIX_BASICCONSTRAINTSGETCAFLAGFAILED);
if (caFlag == PKIX_TRUE) {
PKIX_CHECK
(PKIX_PL_BasicConstraints_GetPathLenConstraint
(basicConstraints,
&pathLength,
plContext),
PKIX_BASICCONSTRAINTSGETPATHLENCONSTRAINTFAILED);
}
}else{
caFlag = PKIX_FALSE;
pathLength = PKIX_UNLIMITED_PATH_CONSTRAINT;
}
PKIX_CHECK(pkix_IsCertSelfIssued
(cert,
&isSelfIssued,
plContext),
PKIX_ISCERTSELFISSUEDFAILED);
maxPathLength_now = state->maxPathLength;
if (isSelfIssued != PKIX_TRUE) {
/* Not last CA Cert, but maxPathLength is down to zero */
if (maxPathLength_now == 0) {
PKIX_ERROR(PKIX_BASICCONSTRAINTSVALIDATIONFAILEDLN);
}
if (caFlag == PKIX_FALSE) {
PKIX_ERROR(PKIX_BASICCONSTRAINTSVALIDATIONFAILEDCA);
}
if (maxPathLength_now > 0) { /* can be unlimited (-1) */
maxPathLength_now--;
}
}
if (caFlag == PKIX_TRUE) {
if (maxPathLength_now == PKIX_UNLIMITED_PATH_CONSTRAINT){
maxPathLength_now = pathLength;
} else {
/* If pathLength is not specified, don't set */
if (pathLength != PKIX_UNLIMITED_PATH_CONSTRAINT) {
maxPathLength_now =
(maxPathLength_now > pathLength)?
pathLength:maxPathLength_now;
}
}
}
state->maxPathLength = maxPathLength_now;
}
/* Remove Basic Constraints Extension OID from list */
if (unresolvedCriticalExtensions != NULL) {
PKIX_CHECK(pkix_List_Remove
(unresolvedCriticalExtensions,
(PKIX_PL_Object *) state->basicConstraintsOID,
plContext),
PKIX_LISTREMOVEFAILED);
}
PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState
(checker, (PKIX_PL_Object *)state, plContext),
PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
cleanup:
PKIX_DECREF(state);
PKIX_DECREF(basicConstraints);
PKIX_RETURN(CERTCHAINCHECKER);
}
/*
* FUNCTION: pkix_BasicConstraintsChecker_Initialize
* DESCRIPTION:
* Registers PKIX_CERT_TYPE and its related functions with systemClasses[]
* THREAD SAFETY:
* Not Thread Safe - for performance and complexity reasons
*
* Since this function is only called by PKIX_PL_Initialize, which should
* only be called once, it is acceptable that this function is not
* thread-safe.
*/
PKIX_Error *
pkix_BasicConstraintsChecker_Initialize(
PKIX_UInt32 certsRemaining,
PKIX_CertChainChecker **pChecker,
void *plContext)
{
pkix_BasicConstraintsCheckerState *state = NULL;
PKIX_ENTER(CERTCHAINCHECKER, "pkix_BasicConstraintsChecker_Initialize");
PKIX_NULLCHECK_ONE(pChecker);
PKIX_CHECK(pkix_BasicConstraintsCheckerState_Create
(certsRemaining, &state, plContext),
PKIX_BASICCONSTRAINTSCHECKERSTATECREATEFAILED);
PKIX_CHECK(PKIX_CertChainChecker_Create
(pkix_BasicConstraintsChecker_Check,
PKIX_FALSE,
PKIX_FALSE,
NULL,
(PKIX_PL_Object *)state,
pChecker,
plContext),
PKIX_CERTCHAINCHECKERCHECKFAILED);
cleanup:
PKIX_DECREF(state);
PKIX_RETURN(CERTCHAINCHECKER);
}

75
security/nss/lib/libpkix/pkix/top/pkix_basicconstraintschecker.h Executable file
Просмотреть файл

@ -0,0 +1,75 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_basicconstraintschecker.h
*
* Header file for basic constraints checker.
*
*/
#ifndef _PKIX_BASICCONSTRAINTSCHECKER_H
#define _PKIX_BASICCONSTRAINTSCHECKER_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef struct pkix_BasicConstraintsCheckerStateStruct \
pkix_BasicConstraintsCheckerState;
struct pkix_BasicConstraintsCheckerStateStruct{
PKIX_PL_OID *basicConstraintsOID;
PKIX_Int32 certsRemaining;
PKIX_Int32 maxPathLength;
};
PKIX_Error *
pkix_BasicConstraintsChecker_Initialize(
PKIX_UInt32 numCerts,
PKIX_CertChainChecker **pChecker,
void *plContext);
PKIX_Error *
pkix_BasicConstraintsCheckerState_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_BASICCONSTRAINTSCHECKER_H */

4327
security/nss/lib/libpkix/pkix/top/pkix_build.c Executable file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

157
security/nss/lib/libpkix/pkix/top/pkix_build.h Executable file
Просмотреть файл

@ -0,0 +1,157 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_build.h
*
* Header file for buildChain function
*
*/
#ifndef _PKIX_BUILD_H
#define _PKIX_BUILD_H
#include "pkix_tools.h"
#include "pkix_pl_ldapt.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef enum {
BUILD_SHORTCUTPENDING,
BUILD_INITIAL,
BUILD_TRYAIA,
BUILD_AIAPENDING,
BUILD_COLLECTINGCERTS,
BUILD_GATHERPENDING,
BUILD_CERTVALIDATING,
BUILD_ABANDONNODE,
BUILD_CRLPREP,
BUILD_CRL1,
BUILD_DATEPREP,
BUILD_CHECKTRUSTED,
BUILD_CHECKTRUSTED2,
BUILD_ADDTOCHAIN,
BUILD_CHECKWITHANCHORS,
BUILD_CRL2PREP,
BUILD_CRL2,
BUILD_VALCHAIN,
BUILD_VALCHAIN2,
BUILD_EXTENDCHAIN,
BUILD_GETNEXTCERT
} BuildStatus;
typedef struct BuildConstantsStruct BuildConstants;
/*
* These fields (the ones that are objects) are not reference-counted
* in *each* state, but only in the root, the state that has no parent.
* That saves time in creation and destruction of child states, but is
* safe enough since they are constants.
*/
struct BuildConstantsStruct {
PKIX_UInt32 numAnchors;
PKIX_UInt32 numCertStores;
PKIX_UInt32 numHintCerts;
PKIX_UInt32 maxDepth;
PKIX_UInt32 maxFanout;
PKIX_UInt32 maxTime;
PKIX_ProcessingParams *procParams;
PKIX_PL_Date *testDate;
PKIX_PL_Date *timeLimit;
PKIX_PL_Cert *targetCert;
PKIX_PL_PublicKey *targetPubKey;
PKIX_List *certStores;
PKIX_List *anchors;
PKIX_List *userCheckers;
PKIX_List *hintCerts;
PKIX_CertChainChecker *crlChecker;
PKIX_PL_AIAMgr *aiaMgr;
};
struct PKIX_ForwardBuilderStateStruct{
BuildStatus status;
PKIX_Int32 traversedCACerts;
PKIX_UInt32 certStoreIndex;
PKIX_UInt32 numCerts;
PKIX_UInt32 numAias;
PKIX_UInt32 certIndex;
PKIX_UInt32 aiaIndex;
PKIX_UInt32 anchorIndex;
PKIX_UInt32 certCheckedIndex;
PKIX_UInt32 checkerIndex;
PKIX_UInt32 hintCertIndex;
PKIX_UInt32 numFanout;
PKIX_UInt32 numDepth;
PKIX_UInt32 reasonCode;
PKIX_Boolean dsaParamsNeeded;
PKIX_Boolean revCheckDelayed;
PKIX_Boolean canBeCached;
PKIX_Boolean useOnlyLocal;
PKIX_Boolean alreadyTriedAIA;
PKIX_Boolean revChecking;
PKIX_Boolean usingHintCerts;
PKIX_PL_Date *validityDate;
PKIX_PL_Cert *prevCert;
PKIX_PL_Cert *candidateCert;
PKIX_List *traversedSubjNames;
PKIX_List *trustChain;
PKIX_List *aia;
PKIX_List *candidateCerts;
PKIX_List *reversedCertChain;
PKIX_List *checkedCritExtOIDs;
PKIX_List *checkerChain;
PKIX_List *revCheckers;
PKIX_CertSelector *certSel;
PKIX_VerifyNode *verifyNode;
void *client; /* messageHandler, such as LDAPClient */
PKIX_ForwardBuilderState *parentState;
BuildConstants buildConstants;
};
/* --Private-Functions-------------------------------------------- */
PKIX_Error *
pkix_ForwardBuilderState_RegisterSelf(void *plContext);
PKIX_Error *
PKIX_Build_GetNBIOContext(void *state, void **pNBIOContext, void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_BUILD_H */

1182
security/nss/lib/libpkix/pkix/top/pkix_defaultcrlchecker.c Executable file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

106
security/nss/lib/libpkix/pkix/top/pkix_defaultcrlchecker.h Executable file
Просмотреть файл

@ -0,0 +1,106 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_defaultcrlchecker.h
*
* Header file for default CRL function
*
*/
#ifndef _PKIX_DEFAULTCRLCHECKER_H
#define _PKIX_DEFAULTCRLCHECKER_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef struct pkix_DefaultCRLCheckerState pkix_DefaultCRLCheckerState;
struct pkix_DefaultCRLCheckerState {
PKIX_List *certStores; /* list of CertStore */
PKIX_PL_Date *testDate;
PKIX_Boolean certHasValidCrl;
PKIX_Boolean prevCertCrlSign;
PKIX_PL_PublicKey *prevPublicKey; /* Subject PubKey of last cert */
PKIX_List *prevPublicKeyList; /* of PKIX_PL_PublicKey */
PKIX_UInt32 reasonCodeMask;
PKIX_UInt32 certsRemaining;
PKIX_PL_OID *crlReasonCodeOID;
PKIX_PL_X500Name *certIssuer;
PKIX_PL_BigInt *certSerialNumber;
PKIX_CRLSelector *crlSelector;
PKIX_UInt32 crlStoreIndex;
PKIX_UInt32 numCrlStores;
};
PKIX_Error *
pkix_DefaultCRLChecker_Initialize(
PKIX_List *certStores,
PKIX_PL_Date *testDate,
PKIX_PL_PublicKey *trustedPubKey,
PKIX_UInt32 certsRemaining,
PKIX_CertChainChecker **pChecker,
void *plContext);
PKIX_Error *
pkix_DefaultCRLChecker_Check_Helper(
PKIX_CertChainChecker *checker,
PKIX_PL_Cert *cert,
PKIX_PL_PublicKey *prevPublicKey,
pkix_DefaultCRLCheckerState *state,
PKIX_List *unresolvedCriticalExtensions,
PKIX_Boolean useOnlyLocal,
void **pNBIOContext,
void *plContext);
PKIX_Error *
pkix_DefaultCRLChecker_Check_SetSelector(
PKIX_PL_Cert *cert,
pkix_DefaultCRLCheckerState *state,
void *plContext);
PKIX_Error *
pkix_DefaultCRLCheckerState_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_DEFAULTCRLCHECKER_H */

146
security/nss/lib/libpkix/pkix/top/pkix_expirationchecker.c Executable file
Просмотреть файл

@ -0,0 +1,146 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_expirationchecker.c
*
* Functions for expiration validation
*
*/
#include "pkix_expirationchecker.h"
/* --Private-Functions-------------------------------------------- */
/*
* FUNCTION: pkix_ExpirationChecker_Check
* (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
*/
PKIX_Error *
pkix_ExpirationChecker_Check(
PKIX_CertChainChecker *checker,
PKIX_PL_Cert *cert,
PKIX_List *unresolvedCriticalExtensions,
void **pNBIOContext,
void *plContext)
{
PKIX_PL_Date *testDate = NULL;
PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Check");
PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
*pNBIOContext = NULL; /* we never block on pending I/O */
PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
(checker, (PKIX_PL_Object **)&testDate, plContext),
PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
PKIX_CHECK(PKIX_PL_Cert_CheckValidity(cert, testDate, plContext),
PKIX_CERTCHECKVALIDITYFAILED);
cleanup:
PKIX_DECREF(testDate);
PKIX_RETURN(CERTCHAINCHECKER);
}
/*
* FUNCTION: pkix_ExpirationChecker_Initialize
* DESCRIPTION:
*
* Creates a new CertChainChecker and stores it at "pChecker", where it will
* used by pkix_ExpirationChecker_Check to check that the certificate has not
* expired with respect to the Date pointed to by "testDate." If "testDate"
* is NULL, then the CertChainChecker will check that a certificate has not
* expired with respect to the current date and time.
*
* PARAMETERS:
* "testDate"
* Address of Date representing the point in time at which the cert is to
* be validated. If "testDate" is NULL, the current date and time is used.
* "pChecker"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertChainChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_ExpirationChecker_Initialize(
PKIX_PL_Date *testDate,
PKIX_CertChainChecker **pChecker,
void *plContext)
{
PKIX_PL_Date *myDate = NULL;
PKIX_PL_Date *nowDate = NULL;
PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Initialize");
PKIX_NULLCHECK_ONE(pChecker);
/* if testDate is NULL, we use the current time */
if (!testDate){
PKIX_CHECK(PKIX_PL_Date_Create_UTCTime
(NULL, &nowDate, plContext),
PKIX_DATECREATEUTCTIMEFAILED);
myDate = nowDate;
} else {
myDate = testDate;
}
PKIX_CHECK(PKIX_CertChainChecker_Create
(pkix_ExpirationChecker_Check,
PKIX_TRUE,
PKIX_FALSE,
NULL,
(PKIX_PL_Object *)myDate,
pChecker,
plContext),
PKIX_CERTCHAINCHECKERCREATEFAILED);
cleanup:
PKIX_DECREF(nowDate);
PKIX_RETURN(CERTCHAINCHECKER);
}

63
security/nss/lib/libpkix/pkix/top/pkix_expirationchecker.h Executable file
Просмотреть файл

@ -0,0 +1,63 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_expirationchecker.h
*
* Header file for validate expiration function
*
*/
#ifndef _PKIX_EXPIRATIONCHECKER_H
#define _PKIX_EXPIRATIONCHECKER_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
PKIX_Error *
pkix_ExpirationChecker_Initialize(
PKIX_PL_Date *testDate,
PKIX_CertChainChecker **pChecker,
void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_EXPIRATIONCHECKER_H */

262
security/nss/lib/libpkix/pkix/top/pkix_lifecycle.c Executable file
Просмотреть файл

@ -0,0 +1,262 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_lifecycle.c
*
* Top level initialize and shutdown functions
*
*/
#include "pkix_lifecycle.h"
static PKIX_Boolean pkixIsInitialized = PKIX_FALSE;
static PKIX_Boolean pkixPlatformInit = PKIX_FALSE;
static PKIX_Boolean pkixInitInProgress = PKIX_FALSE;
char *pkix_PK11ConfigDir = NULL;
/* Lock used by Logger - is reentrant by the same thread */
extern PKIX_PL_MonitorLock *pkixLoggerLock;
/*
* Following pkix_* variables are for debugging purpose. They should be taken
* out eventually. The purpose is to verify cache tables usage (via debugger).
*/
int pkix_ccAddCount = 0;
int pkix_ccLookupCount = 0;
int pkix_ccRemoveCount = 0;
int pkix_cAddCount = 0;
int pkix_cLookupCount = 0;
int pkix_cRemoveCount = 0;
int pkix_ceAddCount = 0;
int pkix_ceLookupCount = 0;
PKIX_PL_HashTable *cachedCrlSigTable = NULL;
PKIX_PL_HashTable *cachedCertSigTable = NULL;
PKIX_PL_HashTable *cachedCertChainTable = NULL;
PKIX_PL_HashTable *cachedCertTable = NULL;
PKIX_PL_HashTable *cachedCrlEntryTable = NULL;
PKIX_PL_HashTable *aiaConnectionCache = NULL;
PKIX_PL_HashTable *httpSocketCache = NULL;
extern PKIX_List *pkixLoggers;
extern PKIX_List *pkixLoggersErrors;
extern PKIX_List *pkixLoggersDebugTrace;
/* --Public-Functions--------------------------------------------- */
/*
* FUNCTION: PKIX_Initialize (see comments in pkix.h)
*/
PKIX_Error *
PKIX_Initialize(
PKIX_Boolean platformInitNeeded,
PKIX_Boolean useArenas,
PKIX_UInt32 desiredMajorVersion,
PKIX_UInt32 minDesiredMinorVersion,
PKIX_UInt32 maxDesiredMinorVersion,
PKIX_UInt32 *pActualMinorVersion,
void **pPlContext)
{
void *plContext = NULL;
PKIX_ENTER(LIFECYCLE, "PKIX_Initialize");
/*
* This function can only be called once, except for a special-situation
* recursive call. If platformInitNeeded is TRUE, this function
* initializes the platform support layer, such as NSS. But that
* layer expects to initialize us! So we return immediately if we
* recognize that we are in this nested call situation.
*/
if (pkixInitInProgress && (platformInitNeeded == PKIX_FALSE)) {
goto cleanup;
}
/*
* If we are called a second time other than in the situation handled
* above, we return a statically allocated error. Our technique works
* most of the time, but may not work if multiple threads call this
* function simultaneously. However, the function's documentation
* makes it clear that this is prohibited, so it's not our
* responsibility.
*/
if (pkixIsInitialized){
return (PKIX_ALLOC_ERROR());
}
pkixInitInProgress = PKIX_TRUE;
pkixPlatformInit = platformInitNeeded; /* remember this for shutdown */
PKIX_CHECK(PKIX_PL_Initialize
(platformInitNeeded, useArenas, &plContext),
PKIX_INITIALIZEFAILED);
*pPlContext = plContext;
if (desiredMajorVersion != PKIX_MAJOR_VERSION){
PKIX_ERROR(PKIX_MAJORVERSIONSDONTMATCH);
}
if ((minDesiredMinorVersion > PKIX_MINOR_VERSION) ||
(maxDesiredMinorVersion < PKIX_MINOR_VERSION)){
PKIX_ERROR(PKIX_MINORVERSIONNOTBETWEENDESIREDMINANDMAX);
}
*pActualMinorVersion = PKIX_MINOR_VERSION;
pkixInitInProgress = PKIX_FALSE;
pkixIsInitialized = PKIX_TRUE;
pkix_PK11ConfigDir = NULL;
/* Create Cache Tables */
PKIX_CHECK(PKIX_PL_HashTable_Create
(32, 0, &cachedCertSigTable, plContext),
PKIX_HASHTABLECREATEFAILED);
PKIX_CHECK(PKIX_PL_HashTable_Create
(32, 0, &cachedCrlSigTable, plContext),
PKIX_HASHTABLECREATEFAILED);
PKIX_CHECK(PKIX_PL_HashTable_Create
(32, 10, &cachedCertChainTable, plContext),
PKIX_HASHTABLECREATEFAILED);
PKIX_CHECK(PKIX_PL_HashTable_Create
(32, 10, &cachedCertTable, plContext),
PKIX_HASHTABLECREATEFAILED);
PKIX_CHECK(PKIX_PL_HashTable_Create
(32, 10, &cachedCrlEntryTable, plContext),
PKIX_HASHTABLECREATEFAILED);
PKIX_CHECK(PKIX_PL_HashTable_Create
(5, 5, &aiaConnectionCache, plContext),
PKIX_HASHTABLECREATEFAILED);
PKIX_CHECK(PKIX_PL_HashTable_Create
(5, 5, &httpSocketCache, plContext),
PKIX_HASHTABLECREATEFAILED);
if (pkixLoggerLock == NULL) {
PKIX_CHECK(PKIX_PL_MonitorLock_Create
(&pkixLoggerLock, plContext),
PKIX_MONITORLOCKCREATEFAILED);
}
cleanup:
PKIX_RETURN(LIFECYCLE);
}
/*
* FUNCTION: PKIX_Initialize_SetConfigDir (see comments in pkix.h)
*/
PKIX_Error *
PKIX_Initialize_SetConfigDir(
PKIX_UInt32 storeType,
char *configDir,
void *plContext)
{
PKIX_ENTER(LIFECYCLE, "PKIX_Initialize_SetConfigDir");
PKIX_NULLCHECK_ONE(configDir);
switch(storeType) {
case PKIX_STORE_TYPE_PK11:
pkix_PK11ConfigDir = configDir;
break;
default:
PKIX_ERROR(PKIX_INVALIDSTORETYPEFORSETTINGCONFIGDIR);
break;
}
cleanup:
PKIX_RETURN(LIFECYCLE);
}
/*
* FUNCTION: PKIX_Shutdown (see comments in pkix.h)
*/
PKIX_Error *
PKIX_Shutdown(void *plContext)
{
PKIX_List *savedPkixLoggers = NULL;
PKIX_List *savedPkixLoggersErrors = NULL;
PKIX_List *savedPkixLoggersDebugTrace = NULL;
PKIX_ENTER(LIFECYCLE, "PKIX_Shutdown");
if (!pkixIsInitialized){
return (PKIX_ALLOC_ERROR());
}
if (pkixLoggers) {
savedPkixLoggers = pkixLoggers;
savedPkixLoggersErrors = pkixLoggersErrors;
savedPkixLoggersDebugTrace = pkixLoggersDebugTrace;
pkixLoggers = NULL;
pkixLoggersErrors = NULL;
pkixLoggersDebugTrace = NULL;
PKIX_DECREF(savedPkixLoggers);
PKIX_DECREF(savedPkixLoggersErrors);
PKIX_DECREF(savedPkixLoggersDebugTrace);
}
PKIX_DECREF(pkixLoggerLock);
/* Destroy Cache Tables */
PKIX_DECREF(cachedCertSigTable);
PKIX_DECREF(cachedCrlSigTable);
PKIX_DECREF(cachedCertChainTable);
PKIX_DECREF(cachedCertTable);
PKIX_DECREF(cachedCrlEntryTable);
PKIX_DECREF(aiaConnectionCache);
PKIX_DECREF(httpSocketCache);
PKIX_CHECK(PKIX_PL_Shutdown(pkixPlatformInit, plContext),
PKIX_SHUTDOWNFAILED);
pkixIsInitialized = PKIX_FALSE;
cleanup:
PKIX_RETURN(LIFECYCLE);
}

56
security/nss/lib/libpkix/pkix/top/pkix_lifecycle.h Executable file
Просмотреть файл

@ -0,0 +1,56 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_lifecycle.h
*
* Header file for initialize and shutdown functions.
*
*/
#ifndef _PKIX_LIFECYCLE_H
#define _PKIX_LIFECYCLE_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_LIFECYCLE_H */

154
security/nss/lib/libpkix/pkix/top/pkix_namechainingchecker.c Executable file
Просмотреть файл

@ -0,0 +1,154 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_namechainingchecker.c
*
* Functions for name chaining validation
*
*/
#include "pkix_namechainingchecker.h"
/* --Private-Functions-------------------------------------------- */
/*
* FUNCTION: pkix_NameChainingChecker_Check
* (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
*/
PKIX_Error *
pkix_NameChainingChecker_Check(
PKIX_CertChainChecker *checker,
PKIX_PL_Cert *cert,
PKIX_List *unresolvedCriticalExtensions,
void **pNBIOContext,
void *plContext)
{
PKIX_PL_X500Name *prevSubject = NULL;
PKIX_PL_X500Name *currIssuer = NULL;
PKIX_PL_X500Name *currSubject = NULL;
PKIX_Boolean result;
PKIX_ENTER(CERTCHAINCHECKER, "pkix_NameChainingChecker_Check");
PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
*pNBIOContext = NULL; /* we never block on pending I/O */
PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
(checker, (PKIX_PL_Object **)&prevSubject, plContext),
PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
PKIX_CHECK(PKIX_PL_Cert_GetIssuer(cert, &currIssuer, plContext),
PKIX_CERTGETISSUERFAILED);
if (prevSubject){
PKIX_CHECK(PKIX_PL_X500Name_Match
(prevSubject, currIssuer, &result, plContext),
PKIX_X500NAMEMATCHFAILED);
if (!result){
PKIX_ERROR(PKIX_NAMECHAININGCHECKFAILED);
}
} else {
PKIX_ERROR(PKIX_NAMECHAININGCHECKFAILED);
}
PKIX_CHECK(PKIX_PL_Cert_GetSubject(cert, &currSubject, plContext),
PKIX_CERTGETSUBJECTFAILED);
PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState
(checker, (PKIX_PL_Object *)currSubject, plContext),
PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
cleanup:
PKIX_DECREF(prevSubject);
PKIX_DECREF(currIssuer);
PKIX_DECREF(currSubject);
PKIX_RETURN(CERTCHAINCHECKER);
}
/*
* FUNCTION: pkix_NameChainingChecker_Initialize
* DESCRIPTION:
*
* Creates a new CertChainChecker and stores it at "pChecker", where it will
* be used by pkix_NameChainingChecker_Check to check that the issuer name
* of the certificate matches the subject name in the checker's state. The
* X500Name pointed to by "trustedCAName" is used to initialize the checker's
* state.
*
* PARAMETERS:
* "trustedCAName"
* Address of X500Name representing the trusted CA Name used to
* initialize the state of this checker. Must be non-NULL.
* "pChecker"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertChainChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_NameChainingChecker_Initialize(
PKIX_PL_X500Name *trustedCAName,
PKIX_CertChainChecker **pChecker,
void *plContext)
{
PKIX_ENTER(CERTCHAINCHECKER, "PKIX_NameChainingChecker_Initialize");
PKIX_NULLCHECK_TWO(pChecker, trustedCAName);
PKIX_CHECK(PKIX_CertChainChecker_Create
(pkix_NameChainingChecker_Check,
PKIX_FALSE,
PKIX_FALSE,
NULL,
(PKIX_PL_Object *)trustedCAName,
pChecker,
plContext),
PKIX_CERTCHAINCHECKERCREATEFAILED);
cleanup:
PKIX_RETURN(CERTCHAINCHECKER);
}

63
security/nss/lib/libpkix/pkix/top/pkix_namechainingchecker.h Executable file
Просмотреть файл

@ -0,0 +1,63 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_namechainingchecker.h
*
* Header file for name chaining checker.
*
*/
#ifndef _PKIX_NAMECHAININGCHECKER_H
#define _PKIX_NAMECHAININGCHECKER_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
PKIX_Error *
pkix_NameChainingChecker_Initialize(
PKIX_PL_X500Name *trustedCAName,
PKIX_CertChainChecker **pChecker,
void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_NAMECHAININGCHECKER_H */

333
security/nss/lib/libpkix/pkix/top/pkix_nameconstraintschecker.c Executable file
Просмотреть файл

@ -0,0 +1,333 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_nameconstraintschecker.c
*
* Functions for Name Constraints Checkers
*
*/
#include "pkix_nameconstraintschecker.h"
/* --Private-NameConstraintsCheckerState-Functions---------------------- */
/*
* FUNCTION: pkix_NameConstraintsCheckerstate_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_NameConstraintsCheckerState_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
pkix_NameConstraintsCheckerState *state = NULL;
PKIX_ENTER(CERTNAMECONSTRAINTSCHECKERSTATE,
"pkix_NameConstraintsCheckerState_Destroy");
PKIX_NULLCHECK_ONE(object);
/* Check that object type */
PKIX_CHECK(pkix_CheckType
(object, PKIX_CERTNAMECONSTRAINTSCHECKERSTATE_TYPE, plContext),
PKIX_OBJECTNOTNAMECONSTRAINTSCHECKERSTATE);
state = (pkix_NameConstraintsCheckerState *)object;
PKIX_DECREF(state->nameConstraints);
PKIX_DECREF(state->nameConstraintsOID);
cleanup:
PKIX_RETURN(CERTNAMECONSTRAINTSCHECKERSTATE);
}
/*
* FUNCTION: pkix_NameConstraintsCheckerState_RegisterSelf
*
* DESCRIPTION:
* Registers PKIX_CERTNAMECONSTRAINTSCHECKERSTATE_TYPE and its related
* functions with systemClasses[]
*
* THREAD SAFETY:
* Not Thread Safe - for performance and complexity reasons
*
* Since this function is only called by PKIX_PL_Initialize, which should
* only be called once, it is acceptable that this function is not
* thread-safe.
*/
PKIX_Error *
pkix_NameConstraintsCheckerState_RegisterSelf(void *plContext)
{
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
pkix_ClassTable_Entry entry;
PKIX_ENTER(CERTNAMECONSTRAINTSCHECKERSTATE,
"pkix_NameConstraintsCheckerState_RegisterSelf");
entry.description = "NameConstraintsCheckerState";
entry.destructor = pkix_NameConstraintsCheckerState_Destroy;
entry.equalsFunction = NULL;
entry.hashcodeFunction = NULL;
entry.toStringFunction = NULL;
entry.comparator = NULL;
entry.duplicateFunction = NULL;
systemClasses[PKIX_CERTNAMECONSTRAINTSCHECKERSTATE_TYPE] = entry;
PKIX_RETURN(CERTNAMECONSTRAINTSCHECKERSTATE);
}
/*
* FUNCTION: pkix_NameConstraintsCheckerState_Create
*
* DESCRIPTION:
* Allocate and initialize NameConstraintsChecker state data.
*
* PARAMETERS
* "nameConstraints"
* Address of NameConstraints to be stored in state. May be NULL.
* "numCerts"
* Number of certificates in the validation chain. This data is used
* to identify end-entity.
* "pCheckerState"
* Address of NameConstraintsCheckerState that is returned. Must be
* non-NULL.
* "plContext" - Platform-specific context pointer.
*
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
*
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CERTNAMECONSTRAINTSCHECKERSTATE Error if the function fails in
* a non-fatal way.
* Returns a Fatal Error
*/
static PKIX_Error *
pkix_NameConstraintsCheckerState_Create(
PKIX_PL_CertNameConstraints *nameConstraints,
PKIX_UInt32 numCerts,
pkix_NameConstraintsCheckerState **pCheckerState,
void *plContext)
{
pkix_NameConstraintsCheckerState *state = NULL;
PKIX_ENTER(CERTNAMECONSTRAINTSCHECKERSTATE,
"pkix_NameConstraintsCheckerState_Create");
PKIX_NULLCHECK_ONE(pCheckerState);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_CERTNAMECONSTRAINTSCHECKERSTATE_TYPE,
sizeof (pkix_NameConstraintsCheckerState),
(PKIX_PL_Object **)&state,
plContext),
PKIX_COULDNOTCREATENAMECONSTRAINTSCHECKERSTATEOBJECT);
/* Initialize fields */
PKIX_CHECK(PKIX_PL_OID_Create
(PKIX_NAMECONSTRAINTS_OID,
&state->nameConstraintsOID,
plContext),
PKIX_OIDCREATEFAILED);
PKIX_INCREF(nameConstraints);
state->nameConstraints = nameConstraints;
state->certsRemaining = numCerts;
*pCheckerState = state;
cleanup:
PKIX_RETURN(CERTNAMECONSTRAINTSCHECKERSTATE);
}
/* --Private-NameConstraintsChecker-Functions------------------------- */
/*
* FUNCTION: pkix_NameConstraintsChecker_Check
* (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
*/
static PKIX_Error *
pkix_NameConstraintsChecker_Check(
PKIX_CertChainChecker *checker,
PKIX_PL_Cert *cert,
PKIX_List *unresolvedCriticalExtensions,
void **pNBIOContext,
void *plContext)
{
pkix_NameConstraintsCheckerState *state = NULL;
PKIX_PL_CertNameConstraints *nameConstraints = NULL;
PKIX_PL_CertNameConstraints *mergedNameConstraints = NULL;
PKIX_Boolean selfIssued = PKIX_FALSE;
PKIX_ENTER(CERTCHAINCHECKER, "pkix_NameConstraintsChecker_Check");
PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
*pNBIOContext = NULL; /* we never block on pending I/O */
PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
(checker, (PKIX_PL_Object **)&state, plContext),
PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
state->certsRemaining--;
/* Get status of self issued */
PKIX_CHECK(pkix_IsCertSelfIssued(cert, &selfIssued, plContext),
PKIX_ISCERTSELFISSUEDFAILED);
/* Check on non self-issued and if so only for last cert */
if (selfIssued == PKIX_FALSE ||
(selfIssued == PKIX_TRUE && state->certsRemaining == 0)) {
PKIX_CHECK(PKIX_PL_Cert_CheckNameConstraints
(cert, state->nameConstraints, plContext),
PKIX_CERTCHECKNAMECONSTRAINTSFAILED);
}
if (state->certsRemaining != 0) {
PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints
(cert, &nameConstraints, plContext),
PKIX_CERTGETNAMECONSTRAINTSFAILED);
/* Merge with previous name constraints kept in state */
if (nameConstraints != NULL) {
if (state->nameConstraints == NULL) {
state->nameConstraints = nameConstraints;
} else {
PKIX_CHECK(PKIX_PL_Cert_MergeNameConstraints
(nameConstraints,
state->nameConstraints,
&mergedNameConstraints,
plContext),
PKIX_CERTMERGENAMECONSTRAINTSFAILED);
PKIX_DECREF(nameConstraints);
PKIX_DECREF(state->nameConstraints);
state->nameConstraints = mergedNameConstraints;
}
/* Remove Name Constraints Extension OID from list */
if (unresolvedCriticalExtensions != NULL) {
PKIX_CHECK(pkix_List_Remove
(unresolvedCriticalExtensions,
(PKIX_PL_Object *)state->nameConstraintsOID,
plContext),
PKIX_LISTREMOVEFAILED);
}
}
}
PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState
(checker, (PKIX_PL_Object *)state, plContext),
PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
cleanup:
PKIX_DECREF(state);
PKIX_RETURN(CERTCHAINCHECKER);
}
/*
* FUNCTION: pkix_NameConstraintsChecker_Initialize
*
* DESCRIPTION:
* Create a CertChainChecker with a NameConstraintsCheckerState. The
* NameConstraintsCheckerState is created with "trustedNC" and "numCerts"
* as its initial state. The CertChainChecker for the NameConstraints is
* returned at address of "pChecker".
*
* PARAMETERS
* "trustedNC"
* The NameConstraints from trusted anchor Cert is stored at "trustedNC"
* for initialization. May be NULL.
* "numCerts"
* Number of certificates in the validation chain. This data is used
* to identify end-entity.
* "pChecker"
* Address of CertChainChecker to bo created and returned.
* Must be non-NULL.
* "plContext" - Platform-specific context pointer.
*
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
*
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CERTCHAINCHECKER Error if the function fails in a non-fatal way.
* Returns a Fatal Error
*/
PKIX_Error *
pkix_NameConstraintsChecker_Initialize(
PKIX_PL_CertNameConstraints *trustedNC,
PKIX_UInt32 numCerts,
PKIX_CertChainChecker **pChecker,
void *plContext)
{
pkix_NameConstraintsCheckerState *state = NULL;
PKIX_ENTER(CERTCHAINCHECKER, "pkix_NameConstraintsChecker_Initialize");
PKIX_NULLCHECK_ONE(pChecker);
PKIX_CHECK(pkix_NameConstraintsCheckerState_Create
(trustedNC, numCerts, &state, plContext),
PKIX_NAMECONSTRAINTSCHECKERSTATECREATEFAILED);
PKIX_CHECK(PKIX_CertChainChecker_Create
(pkix_NameConstraintsChecker_Check,
PKIX_FALSE,
PKIX_FALSE,
NULL,
(PKIX_PL_Object *) state,
pChecker,
plContext),
PKIX_CERTCHAINCHECKERCREATEFAILED);
cleanup:
PKIX_DECREF(state);
PKIX_RETURN(CERTCHAINCHECKER);
}

76
security/nss/lib/libpkix/pkix/top/pkix_nameconstraintschecker.h Executable file
Просмотреть файл

@ -0,0 +1,76 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_nameconstraintschecker.h
*
* Header file for validate Name Constraints Checker function
*
*/
#ifndef _PKIX_NAMECONSTRAINTSCHECKER_H
#define _PKIX_NAMECONSTRAINTSCHECKER_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef struct pkix_NameConstraintsCheckerState \
pkix_NameConstraintsCheckerState;
struct pkix_NameConstraintsCheckerState {
PKIX_PL_CertNameConstraints *nameConstraints;
PKIX_PL_OID *nameConstraintsOID;
PKIX_UInt32 certsRemaining;
};
PKIX_Error *
pkix_NameConstraintsChecker_Initialize(
PKIX_PL_CertNameConstraints *trustedNC,
PKIX_UInt32 numCerts,
PKIX_CertChainChecker **pChecker,
void *plContext);
PKIX_Error *
pkix_NameConstraintsCheckerState_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_NAMECONSTRAINTSCHECKER_H */

2795
security/nss/lib/libpkix/pkix/top/pkix_policychecker.c Executable file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

106
security/nss/lib/libpkix/pkix/top/pkix_policychecker.h Executable file
Просмотреть файл

@ -0,0 +1,106 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_policychecker.h
*
* Header file for policy checker.
*
*/
#ifndef _PKIX_POLICYCHECKER_H
#define _PKIX_POLICYCHECKER_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef struct PKIX_PolicyCheckerStateStruct PKIX_PolicyCheckerState;
struct PKIX_PolicyCheckerStateStruct{
PKIX_PL_OID *certPoliciesExtension; /* const */
PKIX_PL_OID *policyMappingsExtension; /* const */
PKIX_PL_OID *policyConstraintsExtension; /* const */
PKIX_PL_OID *inhibitAnyPolicyExtension; /* const */
PKIX_PL_OID *anyPolicyOID; /* const */
PKIX_Boolean initialIsAnyPolicy; /* const */
PKIX_PolicyNode *validPolicyTree;
PKIX_List *userInitialPolicySet; /* immutable */
PKIX_List *mappedUserInitialPolicySet;
PKIX_Boolean policyQualifiersRejected;
PKIX_Boolean initialPolicyMappingInhibit;
PKIX_Boolean initialExplicitPolicy;
PKIX_Boolean initialAnyPolicyInhibit;
PKIX_UInt32 explicitPolicy;
PKIX_UInt32 inhibitAnyPolicy;
PKIX_UInt32 policyMapping;
PKIX_UInt32 numCerts;
PKIX_UInt32 certsProcessed;
PKIX_PolicyNode *anyPolicyNodeAtBottom;
PKIX_PolicyNode *newAnyPolicyNode;
/*
* The following variables do not survive from one
* certificate to the next. They are needed at each
* level of recursive routines, any by placing them
* in the state object we can pass fewer arguments.
*/
PKIX_Boolean certPoliciesCritical;
PKIX_List *mappedPolicyOIDs;
};
PKIX_Error *
pkix_PolicyChecker_Initialize(
PKIX_List *initialPolicies,
PKIX_Boolean policyQualifiersRejected,
PKIX_Boolean initialPolicyMappingInhibit,
PKIX_Boolean initialExplicitPolicy,
PKIX_Boolean initialAnyPolicyInhibit,
PKIX_UInt32 numCerts,
PKIX_CertChainChecker **pChecker,
void *plContext);
/* --Private-Functions-------------------------------------------- */
PKIX_Error *
pkix_PolicyCheckerState_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_POLICYCHECKER_H */

472
security/nss/lib/libpkix/pkix/top/pkix_signaturechecker.c Executable file
Просмотреть файл

@ -0,0 +1,472 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_signaturechecker.c
*
* Functions for signature validation
*
*/
#include "pkix_signaturechecker.h"
/*
* FUNCTION: pkix_SignatureCheckerstate_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_SignatureCheckerState_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
pkix_SignatureCheckerState *state = NULL;
PKIX_ENTER(SIGNATURECHECKERSTATE,
"pkix_SignatureCheckerState_Destroy");
PKIX_NULLCHECK_ONE(object);
/* Check that this object is a signature checker state */
PKIX_CHECK(pkix_CheckType
(object, PKIX_SIGNATURECHECKERSTATE_TYPE, plContext),
PKIX_OBJECTNOTSIGNATURECHECKERSTATE);
state = (pkix_SignatureCheckerState *) object;
state->prevCertCertSign = PKIX_FALSE;
PKIX_DECREF(state->prevPublicKey);
PKIX_DECREF(state->prevPublicKeyList);
PKIX_DECREF(state->keyUsageOID);
cleanup:
PKIX_RETURN(SIGNATURECHECKERSTATE);
}
/*
* FUNCTION: pkix_SignatureCheckerState_RegisterSelf
*
* DESCRIPTION:
* Registers PKIX_SIGNATURECHECKERSTATE_TYPE and its related functions
* with systemClasses[]
*
* THREAD SAFETY:
* Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
*
* Since this function is only called by PKIX_PL_Initialize, which should
* only be called once, it is acceptable that this function is not
* thread-safe.
*/
PKIX_Error *
pkix_SignatureCheckerState_RegisterSelf(void *plContext)
{
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
pkix_ClassTable_Entry entry;
PKIX_ENTER(SIGNATURECHECKERSTATE,
"pkix_SignatureCheckerState_RegisterSelf");
entry.description = "SignatureCheckerState";
entry.destructor = pkix_SignatureCheckerState_Destroy;
entry.equalsFunction = NULL;
entry.hashcodeFunction = NULL;
entry.toStringFunction = NULL;
entry.comparator = NULL;
entry.duplicateFunction = NULL;
systemClasses[PKIX_SIGNATURECHECKERSTATE_TYPE] = entry;
PKIX_RETURN(SIGNATURECHECKERSTATE);
}
/*
* FUNCTION: pkix_SignatureCheckerState_Create
*
* DESCRIPTION:
* Allocate and initialize SignatureChecker state data.
*
* PARAMETERS
* "trustedPubKey"
* Address of trusted Anchor Public Key for verifying first Cert in the
* chain. Must be non-NULL.
* "certsRemaining"
* Number of certificates remaining in the chain.
* "pCheckerState"
* Address where SignatureCheckerState will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
*
* THREAD SAFETY:
* Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
*
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a SignatureCheckerState Error if the function fails in a
* non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_SignatureCheckerState_Create(
PKIX_PL_PublicKey *trustedPubKey,
PKIX_UInt32 certsRemaining,
pkix_SignatureCheckerState **pCheckerState,
void *plContext)
{
pkix_SignatureCheckerState *state = NULL;
PKIX_PL_OID *keyUsageOID = NULL;
PKIX_ENTER(SIGNATURECHECKERSTATE, "pkix_SignatureCheckerState_Create");
PKIX_NULLCHECK_TWO(trustedPubKey, pCheckerState);
PKIX_CHECK(PKIX_PL_OID_Create
(PKIX_CERTKEYUSAGE_OID,
&keyUsageOID,
plContext),
PKIX_OIDCREATEFAILED);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_SIGNATURECHECKERSTATE_TYPE,
sizeof (pkix_SignatureCheckerState),
(PKIX_PL_Object **)&state,
plContext),
PKIX_COULDNOTCREATESIGNATURECHECKERSTATEOBJECT);
/* Initialize fields */
state->prevCertCertSign = PKIX_TRUE;
state->prevPublicKeyList = NULL;
PKIX_INCREF(trustedPubKey);
state->certsRemaining = certsRemaining;
state->prevPublicKey = trustedPubKey;
state->keyUsageOID = keyUsageOID;
*pCheckerState = state;
cleanup:
if (PKIX_ERROR_RECEIVED){
PKIX_DECREF(keyUsageOID);
}
PKIX_RETURN(SIGNATURECHECKERSTATE);
}
/* --Private-Functions-------------------------------------------- */
/*
* FUNCTION: pkix_SignatureChecker_Check
* (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
*/
PKIX_Error *
pkix_SignatureChecker_Check(
PKIX_CertChainChecker *checker,
PKIX_PL_Cert *cert,
PKIX_List *unresolvedCriticalExtensions,
void **pNBIOContext,
void *plContext)
{
pkix_SignatureCheckerState *state = NULL;
PKIX_PL_PublicKey *prevPubKey = NULL;
PKIX_PL_PublicKey *currPubKey = NULL;
PKIX_PL_PublicKey *newPubKey = NULL;
PKIX_PL_PublicKey *pKey = NULL;
PKIX_PL_CertBasicConstraints *basicConstraints = NULL;
PKIX_Error *checkKeyUsageFail = NULL;
PKIX_Error *verifyFail = NULL;
PKIX_Boolean certVerified = PKIX_FALSE;
PKIX_ENTER(CERTCHAINCHECKER, "pkix_SignatureChecker_Check");
PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
*pNBIOContext = NULL; /* we never block on pending I/O */
PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
(checker, (PKIX_PL_Object **)&state, plContext),
PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
(state->certsRemaining)--;
PKIX_INCREF(state->prevPublicKey);
prevPubKey = state->prevPublicKey;
/*
* Previous Cert doesn't have CertSign bit on for signature
* verification and it is not a self-issued Cert so there is no
* old key saved. This is considered error.
*/
if (state->prevCertCertSign == PKIX_FALSE &&
state->prevPublicKeyList == NULL) {
PKIX_ERROR(PKIX_KEYUSAGEKEYCERTSIGNBITNOTON);
}
/* Previous Cert is valid for signature verification, try it first */
if (state->prevCertCertSign == PKIX_TRUE) {
verifyFail = PKIX_PL_Cert_VerifySignature
(cert, prevPubKey, plContext);
if (verifyFail == NULL) {
certVerified = PKIX_TRUE;
} else {
certVerified = PKIX_FALSE;
PKIX_DECREF(verifyFail);
}
}
#ifdef NIST_TEST_4_5_4_AND_4_5_6
/*
* Following codes under this compiler flag is implemented for
* special cases of NIST tests 4.5.4 and 4.5.6. We are not sure
* we should handle these two tests as what is implemented so the
* codes are commented out, and the tests fails (for now).
* For Cert chain validation, our assumption is all the Certs on
* the chain are using its previous Cert's public key to decode
* its current key. But for thses two tests, keys are used not
* in this precedent order, we can either
* 1) Use what is implemented here: take in what Cert order NIST
* specified and for continuous self-issued Certs, stacking up
* their keys and tries all of them in FILO order.
* But this method breaks the idea of chain key presdency.
* 2) Use Build Chain facility: we will specify the valid Certs
* order (means key precedency is kept) and count on Build Chain
* to get the Certs that can fill for the needed keys. This may have
* performance impact.
* 3) Fetch Certs from CertStore: we will specifiy the valid Certs
* order and use CertSelector on SubjectName to get a list of
* candidates Certs to fill in for the needed keys.
* Anyhow, the codes are kept around just in case we want to use
* solution one...
*/
/* If failed and previous key is self-issued, try its old key(s) */
if (certVerified == PKIX_FALSE && state->prevPublicKeyList != NULL) {
/* Verify from keys on the list */
PKIX_CHECK(PKIX_List_GetLength
(state->prevPublicKeyList, &numKeys, plContext),
PKIX_LISTGETLENGTHFAILED);
for (i = numKeys - 1; i >= 0; i--) {
PKIX_CHECK(PKIX_List_GetItem
(state->prevPublicKeyList,
i,
(PKIX_PL_Object **) &pKey,
plContext),
PKIX_LISTGETITEMFAILED);
verifyFail = PKIX_PL_Cert_VerifySignature
(cert, pKey, plContext);
if (verifyFail == NULL) {
certVerified = PKIX_TRUE;
break;
} else {
certVerified = PKIX_FALSE;
PKIX_DECREF(verifyFail);
}
PKIX_DECREF(pKey);
}
}
#endif
if (certVerified == PKIX_FALSE) {
PKIX_ERROR(PKIX_VALIDATIONFAILEDCERTSIGNATURECHECKING);
}
#ifdef NIST_TEST_4_5_4_AND_4_5_6
/*
* Check if Cert is self-issued. If so, the old key(s) is saved, in
* conjunction to the new key, for verifying CERT validity later.
*/
PKIX_CHECK(pkix_IsCertSelfIssued(cert, &selfIssued, plContext),
PKIX_ISCERTSELFISSUEFAILED);
/*
* Check if Cert is self-issued. If so, the public key of the Cert
* that issues this Cert (old key) can be used together with this
* current key (new key) for key verification. If there are multiple
* self-issued certs, keys of those Certs (old keys) can also be used
* for key verification. Old key(s) is saved in a list (PrevPublickKey-
* List) and cleared when a Cert is no longer self-issued. PrevPublic-
* Key keep key of the previous Cert.
*/
if (selfIssued == PKIX_TRUE) {
/* Make sure previous Cert is valid for signature verification */
if (state->prevCertCertSign == PKIX_TRUE) {
if (state->prevPublicKeyList == NULL) {
PKIX_CHECK(PKIX_List_Create
(&state->prevPublicKeyList, plContext),
PKIX_LISTCREATEFALIED);
}
PKIX_CHECK(PKIX_List_AppendItem
(state->prevPublicKeyList,
(PKIX_PL_Object *) state->prevPublicKey,
plContext),
PKIX_LISTAPPENDITEMFAILED);
}
} else {
/* Not self-issued Cert any more, clear old key(s) saved */
PKIX_DECREF(state->prevPublicKeyList);
}
#endif
/* Save current key as prevPublicKey */
PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKey
(cert, &currPubKey, plContext),
PKIX_CERTGETSUBJECTPUBLICKEYFAILED);
PKIX_CHECK(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey
(currPubKey, prevPubKey, &newPubKey, plContext),
PKIX_PUBLICKEYMAKEINHERITEDDSAPUBLICKEYFAILED);
if (newPubKey == NULL){
PKIX_INCREF(currPubKey);
newPubKey = currPubKey;
}
PKIX_INCREF(newPubKey);
PKIX_DECREF(state->prevPublicKey);
state->prevPublicKey = newPubKey;
/* Save this Cert key usage CertSign bit */
if (state->certsRemaining != 0) {
checkKeyUsageFail = PKIX_PL_Cert_VerifyKeyUsage
(cert, PKIX_KEY_CERT_SIGN, plContext);
state->prevCertCertSign = (checkKeyUsageFail == NULL)?
PKIX_TRUE:PKIX_FALSE;
PKIX_DECREF(checkKeyUsageFail);
}
/* Remove Key Usage Extension OID from list */
if (unresolvedCriticalExtensions != NULL) {
PKIX_CHECK(pkix_List_Remove
(unresolvedCriticalExtensions,
(PKIX_PL_Object *) state->keyUsageOID,
plContext),
PKIX_LISTREMOVEFAILED);
}
PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState
(checker, (PKIX_PL_Object *)state, plContext),
PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
cleanup:
PKIX_DECREF(state);
PKIX_DECREF(pKey);
PKIX_DECREF(prevPubKey);
PKIX_DECREF(currPubKey);
PKIX_DECREF(newPubKey);
PKIX_DECREF(basicConstraints);
PKIX_DECREF(verifyFail);
PKIX_DECREF(checkKeyUsageFail);
PKIX_RETURN(CERTCHAINCHECKER);
}
/*
* FUNCTION: pkix_SignatureChecker_Initialize
* DESCRIPTION:
*
* Creates a new CertChainChecker and stores it at "pChecker", where it will
* be used by pkix_SignatureChecker_Check to check that the public key in
* the checker's state is able to successfully validate the certificate's
* signature. The PublicKey pointed to by "trustedPubKey" is used to
* initialize the checker's state.
*
* PARAMETERS:
* "trustedPubKey"
* Address of PublicKey representing the trusted public key used to
* initialize the state of this checker. Must be non-NULL.
* "certsRemaining"
* Number of certificates remaining in the chain.
* "pChecker"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertChainChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_SignatureChecker_Initialize(
PKIX_PL_PublicKey *trustedPubKey,
PKIX_UInt32 certsRemaining,
PKIX_CertChainChecker **pChecker,
void *plContext)
{
pkix_SignatureCheckerState* state = NULL;
PKIX_ENTER(CERTCHAINCHECKER, "PKIX_SignatureChecker_Initialize");
PKIX_NULLCHECK_TWO(pChecker, trustedPubKey);
PKIX_CHECK(pkix_SignatureCheckerState_Create
(trustedPubKey, certsRemaining, &state, plContext),
PKIX_SIGNATURECHECKERSTATECREATEFAILED);
PKIX_CHECK(PKIX_CertChainChecker_Create
(pkix_SignatureChecker_Check,
PKIX_FALSE,
PKIX_FALSE,
NULL,
(PKIX_PL_Object *) state,
pChecker,
plContext),
PKIX_CERTCHAINCHECKERCREATEFAILED);
cleanup:
PKIX_DECREF(state);
PKIX_RETURN(CERTCHAINCHECKER);
}

77
security/nss/lib/libpkix/pkix/top/pkix_signaturechecker.h Executable file
Просмотреть файл

@ -0,0 +1,77 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_signaturechecker.h
*
* Header file for validate signature function
*
*/
#ifndef _PKIX_SIGNATURECHECKER_H
#define _PKIX_SIGNATURECHECKER_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef struct pkix_SignatureCheckerState pkix_SignatureCheckerState;
struct pkix_SignatureCheckerState {
PKIX_Boolean prevCertCertSign;
PKIX_UInt32 certsRemaining;
PKIX_PL_PublicKey *prevPublicKey; /* Subject PubKey of last cert */
PKIX_List *prevPublicKeyList; /* of PKIX_PL_PublicKey */
PKIX_PL_OID *keyUsageOID;
};
PKIX_Error *
pkix_SignatureChecker_Initialize(
PKIX_PL_PublicKey *trustedPubKey,
PKIX_UInt32 certsRemaining,
PKIX_CertChainChecker **pChecker,
void *plContext);
PKIX_Error *
pkix_SignatureCheckerState_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_SIGNATURECHECKER_H */

534
security/nss/lib/libpkix/pkix/top/pkix_targetcertchecker.c Executable file
Просмотреть файл

@ -0,0 +1,534 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_targetcertchecker.c
*
* Functions for target cert validation
*
*/
#include "pkix_targetcertchecker.h"
/* --Private-TargetCertCheckerState-Functions------------------------------- */
/*
* FUNCTION: pkix_TargetCertCheckerState_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_TargetCertCheckerState_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
pkix_TargetCertCheckerState *state = NULL;
PKIX_ENTER(TARGETCERTCHECKERSTATE,
"pkix_TargetCertCheckerState_Destroy");
PKIX_NULLCHECK_ONE(object);
/* Check that this object is a target cert checker state */
PKIX_CHECK(pkix_CheckType
(object, PKIX_TARGETCERTCHECKERSTATE_TYPE, plContext),
PKIX_OBJECTNOTTARGETCERTCHECKERSTATE);
state = (pkix_TargetCertCheckerState *)object;
PKIX_DECREF(state->certSelector);
PKIX_DECREF(state->extKeyUsageOID);
PKIX_DECREF(state->subjAltNameOID);
PKIX_DECREF(state->pathToNameList);
PKIX_DECREF(state->extKeyUsageList);
PKIX_DECREF(state->subjAltNameList);
cleanup:
PKIX_RETURN(TARGETCERTCHECKERSTATE);
}
/*
* FUNCTION: pkix_TargetCertCheckerState_RegisterSelf
* DESCRIPTION:
* Registers PKIX_TARGETCERTCHECKERSTATE_TYPE and its related functions with
* systemClasses[]
* THREAD SAFETY:
* Not Thread Safe - for performance and complexity reasons
*
* Since this function is only called by PKIX_PL_Initialize, which should
* only be called once, it is acceptable that this function is not
* thread-safe.
*/
PKIX_Error *
pkix_TargetCertCheckerState_RegisterSelf(void *plContext)
{
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
pkix_ClassTable_Entry entry;
PKIX_ENTER(TARGETCERTCHECKERSTATE,
"pkix_TargetCertCheckerState_RegisterSelf");
entry.description = "TargetCertCheckerState";
entry.destructor = pkix_TargetCertCheckerState_Destroy;
entry.equalsFunction = NULL;
entry.hashcodeFunction = NULL;
entry.toStringFunction = NULL;
entry.comparator = NULL;
entry.duplicateFunction = NULL;
systemClasses[PKIX_TARGETCERTCHECKERSTATE_TYPE] = entry;
PKIX_RETURN(TARGETCERTCHECKERSTATE);
}
/*
* FUNCTION: pkix_TargetCertCheckerState_Create
* DESCRIPTION:
*
* Creates a new TargetCertCheckerState using the CertSelector pointed to
* by "certSelector" and the number of certs represented by "certsRemaining"
* and stores it at "pState".
*
* PARAMETERS:
* "certSelector"
* Address of CertSelector representing the criteria against which the
* final certificate in a chain is to be matched. Must be non-NULL.
* "certsRemaining"
* Number of certificates remaining in the chain.
* "pState"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a TargetCertCheckerState Error if the function fails in a
* non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_TargetCertCheckerState_Create(
PKIX_CertSelector *certSelector,
PKIX_UInt32 certsRemaining,
pkix_TargetCertCheckerState **pState,
void *plContext)
{
pkix_TargetCertCheckerState *state = NULL;
PKIX_ComCertSelParams *certSelectorParams = NULL;
PKIX_List *pathToNameList = NULL;
PKIX_List *extKeyUsageList = NULL;
PKIX_List *subjAltNameList = NULL;
PKIX_PL_OID *extKeyUsageOID = NULL;
PKIX_PL_OID *subjAltNameOID = NULL;
PKIX_Boolean subjAltNameMatchAll = PKIX_TRUE;
PKIX_ENTER(TARGETCERTCHECKERSTATE,
"pkix_TargetCertCheckerState_Create");
PKIX_NULLCHECK_ONE(pState);
PKIX_CHECK(PKIX_PL_OID_Create
(PKIX_EXTENDEDKEYUSAGE_OID,
&extKeyUsageOID,
plContext),
PKIX_OIDCREATEFAILED);
PKIX_CHECK(PKIX_PL_OID_Create
(PKIX_CERTSUBJALTNAME_OID,
&subjAltNameOID,
plContext),
PKIX_OIDCREATEFAILED);
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_TARGETCERTCHECKERSTATE_TYPE,
sizeof (pkix_TargetCertCheckerState),
(PKIX_PL_Object **)&state,
plContext),
PKIX_COULDNOTCREATETARGETCERTCHECKERSTATEOBJECT);
/* initialize fields */
if (certSelector != NULL) {
PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParams
(certSelector, &certSelectorParams, plContext),
PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMFAILED);
if (certSelectorParams != NULL) {
PKIX_CHECK(PKIX_ComCertSelParams_GetPathToNames
(certSelectorParams,
&pathToNameList,
plContext),
PKIX_COMCERTSELPARAMSGETPATHTONAMESFAILED);
PKIX_CHECK(PKIX_ComCertSelParams_GetExtendedKeyUsage
(certSelectorParams,
&extKeyUsageList,
plContext),
PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED);
PKIX_CHECK(PKIX_ComCertSelParams_GetSubjAltNames
(certSelectorParams,
&subjAltNameList,
plContext),
PKIX_COMCERTSELPARAMSGETSUBJALTNAMESFAILED);
PKIX_CHECK(PKIX_ComCertSelParams_GetMatchAllSubjAltNames
(certSelectorParams,
&subjAltNameMatchAll,
plContext),
PKIX_COMCERTSELPARAMSGETSUBJALTNAMESFAILED);
}
}
PKIX_INCREF(certSelector);
state->certSelector = certSelector;
state->pathToNameList = pathToNameList;
state->extKeyUsageList = extKeyUsageList;
state->subjAltNameList = subjAltNameList;
state->subjAltNameMatchAll = subjAltNameMatchAll;
state->certsRemaining = certsRemaining;
state->extKeyUsageOID = extKeyUsageOID;
state->subjAltNameOID = subjAltNameOID;
*pState = state;
cleanup:
if (PKIX_ERROR_RECEIVED){
PKIX_DECREF(extKeyUsageOID);
PKIX_DECREF(subjAltNameOID);
PKIX_DECREF(pathToNameList);
PKIX_DECREF(extKeyUsageList);
PKIX_DECREF(subjAltNameList);
PKIX_DECREF(state);
}
PKIX_DECREF(certSelectorParams);
PKIX_RETURN(TARGETCERTCHECKERSTATE);
}
/* --Private-TargetCertChecker-Functions------------------------------- */
/*
* FUNCTION: pkix_TargetCertChecker_Check
* (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
*/
PKIX_Error *
pkix_TargetCertChecker_Check(
PKIX_CertChainChecker *checker,
PKIX_PL_Cert *cert,
PKIX_List *unresolvedCriticalExtensions,
void **pNBIOContext,
void *plContext)
{
pkix_TargetCertCheckerState *state = NULL;
PKIX_CertSelector_MatchCallback certSelectorMatch = NULL;
PKIX_PL_CertNameConstraints *nameConstraints = NULL;
PKIX_List *certSubjAltNames = NULL;
PKIX_List *certExtKeyUsageList = NULL;
PKIX_PL_GeneralName *name = NULL;
PKIX_PL_X500Name *certSubjectName = NULL;
PKIX_Boolean checkPassed = PKIX_FALSE;
PKIX_UInt32 numItems, i;
PKIX_UInt32 matchCount = 0;
PKIX_ENTER(CERTCHAINCHECKER, "pkix_TargetCertChecker_Check");
PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
*pNBIOContext = NULL; /* we never block on pending I/O */
PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
(checker, (PKIX_PL_Object **)&state, plContext),
PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
(state->certsRemaining)--;
if (state->pathToNameList != NULL) {
PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints
(cert, &nameConstraints, plContext),
PKIX_CERTGETNAMECONSTRAINTSFAILED);
/*
* XXX We should either make the following call a public one
* so it is legal to call from the portability layer or we
* should try to create pathToNameList as CertNameConstraints
* then call the existing check function.
*/
PKIX_CHECK(PKIX_PL_CertNameConstraints_CheckNamesInNameSpace
(state->pathToNameList,
nameConstraints,
&checkPassed,
plContext),
PKIX_CERTNAMECONSTRAINTSCHECKNAMEINNAMESPACEFAILED);
if (checkPassed != PKIX_TRUE) {
PKIX_ERROR(PKIX_VALIDATIONFAILEDPATHTONAMECHECKFAILED);
}
}
PKIX_CHECK(PKIX_PL_Cert_GetSubjectAltNames
(cert, &certSubjAltNames, plContext),
PKIX_CERTGETSUBJALTNAMESFAILED);
if (state->subjAltNameList != NULL && certSubjAltNames != NULL) {
PKIX_CHECK(PKIX_List_GetLength
(state->subjAltNameList, &numItems, plContext),
PKIX_LISTGETLENGTHFAILED);
for (i = 0; i < numItems; i++) {
PKIX_CHECK(PKIX_List_GetItem
(state->subjAltNameList,
i,
(PKIX_PL_Object **) &name,
plContext),
PKIX_LISTGETITEMFAILED);
PKIX_CHECK(pkix_List_Contains
(certSubjAltNames,
(PKIX_PL_Object *) name,
&checkPassed,
plContext),
PKIX_LISTCONTAINSFAILED);
PKIX_DECREF(name);
if (checkPassed == PKIX_TRUE) {
if (state->subjAltNameMatchAll == PKIX_FALSE) {
matchCount = numItems;
break;
} else {
/* else continue checking next */
matchCount++;
}
}
}
if (matchCount != numItems) {
PKIX_ERROR(PKIX_SUBJALTNAMECHECKFAILED);
}
}
if (state->certsRemaining == 0) {
if (state->certSelector != NULL) {
PKIX_CHECK(PKIX_CertSelector_GetMatchCallback
(state->certSelector,
&certSelectorMatch,
plContext),
PKIX_CERTSELECTORGETMATCHCALLBACKFAILED);
PKIX_CHECK(certSelectorMatch
(state->certSelector,
cert,
&checkPassed,
plContext),
PKIX_CERTSELECTORMATCHFAILED);
if (checkPassed != PKIX_TRUE){
PKIX_ERROR(PKIX_CERTSELECTORCHECKFAILED);
}
/*
* There are two Extended Key Usage Checkings
* available :
* 1) here at the targetcertchecker where we
* verify the Extended Key Usage OIDs application
* specifies via ComCertSelParams are included
* in Cert's Extended Key Usage OID's. Note,
* this is an OID to OID comparison and only last
* Cert is checked.
* 2) at user defined ekuchecker where checking
* is applied to all Certs on the chain and
* the NSS Extended Key Usage algorithm is
* used. In order to invoke this checking, not
* only does the ComCertSelparams needs to be
* set, the EKU initialize call is required to
* activate the checking.
*
* XXX We use the same ComCertSelParams Set/Get
* functions to set the parameters for both cases.
* We may want to separate them in the future.
*/
PKIX_CHECK(PKIX_PL_Cert_GetExtendedKeyUsage
(cert, &certExtKeyUsageList, plContext),
PKIX_CERTGETEXTENDEDKEYUSAGEFAILED);
if (state->extKeyUsageList != NULL &&
certExtKeyUsageList != NULL) {
PKIX_CHECK(PKIX_List_GetLength
(state->extKeyUsageList, &numItems, plContext),
PKIX_LISTGETLENGTHFAILED);
for (i = 0; i < numItems; i++) {
PKIX_CHECK(PKIX_List_GetItem
(state->extKeyUsageList,
i,
(PKIX_PL_Object **) &name,
plContext),
PKIX_LISTGETITEMFAILED);
PKIX_CHECK(pkix_List_Contains
(certExtKeyUsageList,
(PKIX_PL_Object *) name,
&checkPassed,
plContext),
PKIX_LISTCONTAINSFAILED);
PKIX_DECREF(name);
if (checkPassed != PKIX_TRUE) {
PKIX_ERROR
(PKIX_EXTENDEDKEYUSAGECHECKINGFAILED);
}
}
}
}
}
/* Remove Critical Extension OID from list */
if (unresolvedCriticalExtensions != NULL) {
PKIX_CHECK(pkix_List_Remove
(unresolvedCriticalExtensions,
(PKIX_PL_Object *) state->extKeyUsageOID,
plContext),
PKIX_LISTREMOVEFAILED);
PKIX_CHECK(PKIX_PL_Cert_GetSubject
(cert, &certSubjectName, plContext),
PKIX_CERTGETSUBJECTFAILED);
if (certSubjAltNames != NULL) {
PKIX_CHECK(pkix_List_Remove
(unresolvedCriticalExtensions,
(PKIX_PL_Object *) state->subjAltNameOID,
plContext),
PKIX_LISTREMOVEFAILED);
}
}
cleanup:
PKIX_DECREF(nameConstraints);
PKIX_DECREF(certSubjAltNames);
PKIX_DECREF(certExtKeyUsageList);
PKIX_DECREF(certSubjectName);
PKIX_DECREF(state);
PKIX_RETURN(CERTCHAINCHECKER);
}
/*
* FUNCTION: pkix_TargetCertChecker_Initialize
* DESCRIPTION:
*
* Creates a new CertChainChecker and stores it at "pChecker", where it will
* used by pkix_TargetCertChecker_Check to check that the final certificate
* of a chain meets the criteria of the CertSelector pointed to by
* "certSelector". The number of certs remaining in the chain, represented by
* "certsRemaining" is used to initialize the checker's state.
*
* PARAMETERS:
* "certSelector"
* Address of CertSelector representing the criteria against which the
* final certificate in a chain is to be matched. May be NULL.
* "certsRemaining"
* Number of certificates remaining in the chain.
* "pChecker"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a CertChainChecker Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
PKIX_Error *
pkix_TargetCertChecker_Initialize(
PKIX_CertSelector *certSelector,
PKIX_UInt32 certsRemaining,
PKIX_CertChainChecker **pChecker,
void *plContext)
{
pkix_TargetCertCheckerState *state = NULL;
PKIX_ENTER(CERTCHAINCHECKER, "pkix_TargetCertChecker_Initialize");
PKIX_NULLCHECK_ONE(pChecker);
PKIX_CHECK(pkix_TargetCertCheckerState_Create
(certSelector, certsRemaining, &state, plContext),
PKIX_TARGETCERTCHECKERSTATECREATEFAILED);
PKIX_CHECK(PKIX_CertChainChecker_Create
(pkix_TargetCertChecker_Check,
PKIX_FALSE,
PKIX_FALSE,
NULL,
(PKIX_PL_Object *)state,
pChecker,
plContext),
PKIX_CERTCHAINCHECKERCREATEFAILED);
cleanup:
PKIX_DECREF(state);
PKIX_RETURN(CERTCHAINCHECKER);
}

80
security/nss/lib/libpkix/pkix/top/pkix_targetcertchecker.h Executable file
Просмотреть файл

@ -0,0 +1,80 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_targetcertchecker.h
*
* Header file for validate target cert function
*
*/
#ifndef _PKIX_TARGETCERTCHECKER_H
#define _PKIX_TARGETCERTCHECKER_H
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef struct pkix_TargetCertCheckerState pkix_TargetCertCheckerState;
struct pkix_TargetCertCheckerState {
PKIX_CertSelector *certSelector;
PKIX_List *pathToNameList;
PKIX_List *extKeyUsageList; /* List of PKIX_PL_OID */
PKIX_List *subjAltNameList;
PKIX_Boolean subjAltNameMatchAll;
PKIX_UInt32 certsRemaining;
PKIX_PL_OID *extKeyUsageOID;
PKIX_PL_OID *subjAltNameOID;
};
PKIX_Error *
pkix_TargetCertChecker_Initialize(
PKIX_CertSelector *certSelector,
PKIX_UInt32 certsRemaining,
PKIX_CertChainChecker **pChecker,
void *plContext);
PKIX_Error *
pkix_TargetCertCheckerState_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_TARGETCERTCHECKER_H */

Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше