File: | s/cmd/crlutil/crlgen.c |
Warning: | line 701, column 33 Dereference of null pointer |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* This Source Code Form is subject to the terms of the Mozilla Public | ||||
2 | * License, v. 2.0. If a copy of the MPL was not distributed with this | ||||
3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | ||||
4 | |||||
5 | /* | ||||
6 | ** crlgen.c | ||||
7 | ** | ||||
8 | ** utility for managing certificates revocation lists generation | ||||
9 | ** | ||||
10 | */ | ||||
11 | |||||
12 | #include <stdio.h> | ||||
13 | #include <math.h> | ||||
14 | |||||
15 | #include "nspr.h" | ||||
16 | #include "plgetopt.h" | ||||
17 | #include "nss.h" | ||||
18 | #include "secutil.h" | ||||
19 | #include "cert.h" | ||||
20 | #include "certi.h" | ||||
21 | #include "certdb.h" | ||||
22 | #include "pk11func.h" | ||||
23 | #include "crlgen.h" | ||||
24 | |||||
25 | /* Destroys extHandle and data. data was create on heap. | ||||
26 | * extHandle creaded by CERT_StartCRLEntryExtensions. entry | ||||
27 | * was allocated on arena.*/ | ||||
28 | static void | ||||
29 | destroyEntryData(CRLGENEntryData *data) | ||||
30 | { | ||||
31 | if (!data) | ||||
32 | return; | ||||
33 | PORT_Assert(data->entry)((data->entry)?((void)0):PR_Assert("data->entry","crlgen.c" ,33)); | ||||
34 | if (data->extHandle) | ||||
35 | CERT_FinishExtensions(data->extHandle); | ||||
36 | PORT_FreePORT_Free_Util(data); | ||||
37 | } | ||||
38 | |||||
39 | /* Prints error messages along with line number */ | ||||
40 | void | ||||
41 | crlgen_PrintError(int line, char *msg, ...) | ||||
42 | { | ||||
43 | va_list args; | ||||
44 | |||||
45 | va_start(args, msg)__builtin_va_start(args, msg); | ||||
46 | |||||
47 | fprintf(stderrstderr, "crlgen: (line: %d) ", line); | ||||
48 | vfprintf(stderrstderr, msg, args); | ||||
49 | |||||
50 | va_end(args)__builtin_va_end(args); | ||||
51 | } | ||||
52 | /* Finds CRLGENEntryData in hashtable according PRUint64 value | ||||
53 | * - certId : cert serial number*/ | ||||
54 | static CRLGENEntryData * | ||||
55 | crlgen_FindEntry(CRLGENGeneratorData *crlGenData, SECItem *certId) | ||||
56 | { | ||||
57 | if (!crlGenData->entryDataHashTable || !certId
| ||||
58 | return NULL((void*)0); | ||||
59 | return (CRLGENEntryData *) | ||||
60 | PL_HashTableLookup(crlGenData->entryDataHashTable, | ||||
61 | certId); | ||||
62 | } | ||||
63 | |||||
64 | /* Removes CRLGENEntryData from hashtable according to certId | ||||
65 | * - certId : cert serial number*/ | ||||
66 | static SECStatus | ||||
67 | crlgen_RmEntry(CRLGENGeneratorData *crlGenData, SECItem *certId) | ||||
68 | { | ||||
69 | CRLGENEntryData *data = NULL((void*)0); | ||||
70 | SECStatus rv = SECSuccess; | ||||
71 | |||||
72 | if (!crlGenData->entryDataHashTable) { | ||||
73 | return SECSuccess; | ||||
74 | } | ||||
75 | |||||
76 | data = crlgen_FindEntry(crlGenData, certId); | ||||
77 | if (!data) { | ||||
78 | return SECSuccess; | ||||
79 | } | ||||
80 | |||||
81 | if (!PL_HashTableRemove(crlGenData->entryDataHashTable, certId)) { | ||||
82 | rv = SECFailure; | ||||
83 | } | ||||
84 | |||||
85 | destroyEntryData(data); | ||||
86 | return rv; | ||||
87 | } | ||||
88 | |||||
89 | /* Stores CRLGENEntryData in hashtable according to certId | ||||
90 | * - certId : cert serial number*/ | ||||
91 | static CRLGENEntryData * | ||||
92 | crlgen_PlaceAnEntry(CRLGENGeneratorData *crlGenData, | ||||
93 | CERTCrlEntry *entry, SECItem *certId) | ||||
94 | { | ||||
95 | CRLGENEntryData *newData = NULL((void*)0); | ||||
96 | |||||
97 | PORT_Assert(crlGenData && crlGenData->entryDataHashTable &&((crlGenData && crlGenData->entryDataHashTable && entry)?((void)0):PR_Assert("crlGenData && crlGenData->entryDataHashTable && entry" ,"crlgen.c",98)) | ||||
98 | entry)((crlGenData && crlGenData->entryDataHashTable && entry)?((void)0):PR_Assert("crlGenData && crlGenData->entryDataHashTable && entry" ,"crlgen.c",98)); | ||||
99 | if (!crlGenData || !crlGenData->entryDataHashTable || !entry) { | ||||
100 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
101 | return NULL((void*)0); | ||||
102 | } | ||||
103 | |||||
104 | newData = PORT_ZNew(CRLGENEntryData)(CRLGENEntryData *)PORT_ZAlloc_Util(sizeof(CRLGENEntryData)); | ||||
105 | if (!newData) { | ||||
106 | return NULL((void*)0); | ||||
107 | } | ||||
108 | newData->entry = entry; | ||||
109 | newData->certId = certId; | ||||
110 | if (!PL_HashTableAdd(crlGenData->entryDataHashTable, | ||||
111 | newData->certId, newData)) { | ||||
112 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
113 | "Can not add entryData structure\n"); | ||||
114 | return NULL((void*)0); | ||||
115 | } | ||||
116 | return newData; | ||||
117 | } | ||||
118 | |||||
119 | /* Use this structure to keep pointer when commiting entries extensions */ | ||||
120 | struct commitData { | ||||
121 | int pos; | ||||
122 | CERTCrlEntry **entries; | ||||
123 | }; | ||||
124 | |||||
125 | /* HT PL_HashTableEnumerateEntries callback. Sorts hashtable entries of the | ||||
126 | * table he. Returns value through arg parameter*/ | ||||
127 | static PRIntn PR_CALLBACK | ||||
128 | crlgen_CommitEntryData(PLHashEntry *he, PRIntn i, void *arg) | ||||
129 | { | ||||
130 | CRLGENEntryData *data = NULL((void*)0); | ||||
131 | |||||
132 | PORT_Assert(he)((he)?((void)0):PR_Assert("he","crlgen.c",132)); | ||||
133 | if (!he) { | ||||
134 | return HT_ENUMERATE_NEXT0; | ||||
135 | } | ||||
136 | data = (CRLGENEntryData *)he->value; | ||||
137 | |||||
138 | PORT_Assert(data)((data)?((void)0):PR_Assert("data","crlgen.c",138)); | ||||
139 | PORT_Assert(arg)((arg)?((void)0):PR_Assert("arg","crlgen.c",139)); | ||||
140 | |||||
141 | if (data) { | ||||
142 | struct commitData *dt = (struct commitData *)arg; | ||||
143 | dt->entries[dt->pos++] = data->entry; | ||||
144 | destroyEntryData(data); | ||||
145 | } | ||||
146 | return HT_ENUMERATE_NEXT0; | ||||
147 | } | ||||
148 | |||||
149 | /* Copy char * datainto allocated in arena SECItem */ | ||||
150 | static SECStatus | ||||
151 | crlgen_SetString(PLArenaPool *arena, const char *dataIn, SECItem *value) | ||||
152 | { | ||||
153 | SECItem item; | ||||
154 | |||||
155 | PORT_Assert(arena && dataIn)((arena && dataIn)?((void)0):PR_Assert("arena && dataIn" ,"crlgen.c",155)); | ||||
156 | if (!arena || !dataIn) { | ||||
157 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
158 | return SECFailure; | ||||
159 | } | ||||
160 | |||||
161 | item.data = (void *)dataIn; | ||||
162 | item.len = PORT_Strlen(dataIn)strlen(dataIn); | ||||
163 | |||||
164 | return SECITEM_CopyItemSECITEM_CopyItem_Util(arena, value, &item); | ||||
165 | } | ||||
166 | |||||
167 | /* Creates CERTGeneralName from parsed data for the Authority Key Extension */ | ||||
168 | static CERTGeneralName * | ||||
169 | crlgen_GetGeneralName(PLArenaPool *arena, CRLGENGeneratorData *crlGenData, | ||||
170 | const char *data) | ||||
171 | { | ||||
172 | CERTGeneralName *namesList = NULL((void*)0); | ||||
173 | CERTGeneralName *current; | ||||
174 | CERTGeneralName *tail = NULL((void*)0); | ||||
175 | SECStatus rv = SECSuccess; | ||||
176 | const char *nextChunk = NULL((void*)0); | ||||
177 | const char *currData = NULL((void*)0); | ||||
178 | int intValue; | ||||
179 | char buffer[512]; | ||||
180 | void *mark; | ||||
181 | |||||
182 | if (!data) | ||||
183 | return NULL((void*)0); | ||||
184 | PORT_Assert(arena)((arena)?((void)0):PR_Assert("arena","crlgen.c",184)); | ||||
185 | if (!arena) { | ||||
186 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
187 | return NULL((void*)0); | ||||
188 | } | ||||
189 | |||||
190 | mark = PORT_ArenaMarkPORT_ArenaMark_Util(arena); | ||||
191 | |||||
192 | nextChunk = data; | ||||
193 | currData = data; | ||||
194 | do { | ||||
195 | int nameLen = 0; | ||||
196 | char name[128]; | ||||
197 | const char *sepPrt = NULL((void*)0); | ||||
198 | nextChunk = PORT_Strchrstrchr(currData, '|'); | ||||
199 | if (!nextChunk) | ||||
200 | nextChunk = data + strlen(data); | ||||
201 | sepPrt = PORT_Strchrstrchr(currData, ':'); | ||||
202 | if (sepPrt == NULL((void*)0) || sepPrt >= nextChunk) { | ||||
203 | *buffer = '\0'; | ||||
204 | sepPrt = nextChunk; | ||||
205 | } else { | ||||
206 | PORT_Memcpymemcpy(buffer, sepPrt + 1, | ||||
207 | (nextChunk - sepPrt - 1)); | ||||
208 | buffer[nextChunk - sepPrt - 1] = '\0'; | ||||
209 | } | ||||
210 | nameLen = PR_MIN(sepPrt - currData, sizeof(name) - 1)((sepPrt - currData)<(sizeof(name) - 1)?(sepPrt - currData ):(sizeof(name) - 1)); | ||||
211 | PORT_Memcpymemcpy(name, currData, nameLen); | ||||
212 | name[nameLen] = '\0'; | ||||
213 | currData = nextChunk + 1; | ||||
214 | |||||
215 | if (!PORT_Strcmpstrcmp(name, "otherName")) | ||||
216 | intValue = certOtherName; | ||||
217 | else if (!PORT_Strcmpstrcmp(name, "rfc822Name")) | ||||
218 | intValue = certRFC822Name; | ||||
219 | else if (!PORT_Strcmpstrcmp(name, "dnsName")) | ||||
220 | intValue = certDNSName; | ||||
221 | else if (!PORT_Strcmpstrcmp(name, "x400Address")) | ||||
222 | intValue = certX400Address; | ||||
223 | else if (!PORT_Strcmpstrcmp(name, "directoryName")) | ||||
224 | intValue = certDirectoryName; | ||||
225 | else if (!PORT_Strcmpstrcmp(name, "ediPartyName")) | ||||
226 | intValue = certEDIPartyName; | ||||
227 | else if (!PORT_Strcmpstrcmp(name, "URI")) | ||||
228 | intValue = certURI; | ||||
229 | else if (!PORT_Strcmpstrcmp(name, "ipAddress")) | ||||
230 | intValue = certIPAddress; | ||||
231 | else if (!PORT_Strcmpstrcmp(name, "registerID")) | ||||
232 | intValue = certRegisterID; | ||||
233 | else | ||||
234 | intValue = -1; | ||||
235 | |||||
236 | if (intValue >= certOtherName && intValue <= certRegisterID) { | ||||
237 | if (namesList == NULL((void*)0)) { | ||||
238 | namesList = current = tail = PORT_ArenaZNew(arena,(CERTGeneralName *)PORT_ArenaZAlloc_Util(arena, sizeof(CERTGeneralName )) | ||||
239 | CERTGeneralName)(CERTGeneralName *)PORT_ArenaZAlloc_Util(arena, sizeof(CERTGeneralName )); | ||||
240 | } else { | ||||
241 | current = PORT_ArenaZNew(arena, CERTGeneralName)(CERTGeneralName *)PORT_ArenaZAlloc_Util(arena, sizeof(CERTGeneralName )); | ||||
242 | } | ||||
243 | if (current == NULL((void*)0)) { | ||||
244 | rv = SECFailure; | ||||
245 | break; | ||||
246 | } | ||||
247 | } else { | ||||
248 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
249 | break; | ||||
250 | } | ||||
251 | current->type = intValue; | ||||
252 | switch (current->type) { | ||||
253 | case certURI: | ||||
254 | case certDNSName: | ||||
255 | case certRFC822Name: | ||||
256 | current->name.other.data = PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, strlen(buffer)); | ||||
257 | if (current->name.other.data == NULL((void*)0)) { | ||||
258 | rv = SECFailure; | ||||
259 | break; | ||||
260 | } | ||||
261 | PORT_Memcpymemcpy(current->name.other.data, buffer, | ||||
262 | current->name.other.len = strlen(buffer)); | ||||
263 | break; | ||||
264 | |||||
265 | case certEDIPartyName: | ||||
266 | case certIPAddress: | ||||
267 | case certOtherName: | ||||
268 | case certRegisterID: | ||||
269 | case certX400Address: { | ||||
270 | |||||
271 | current->name.other.data = PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, strlen(buffer) + 2); | ||||
272 | if (current->name.other.data == NULL((void*)0)) { | ||||
273 | rv = SECFailure; | ||||
274 | break; | ||||
275 | } | ||||
276 | |||||
277 | PORT_Memcpymemcpy(current->name.other.data + 2, buffer, strlen(buffer)); | ||||
278 | /* This may not be accurate for all cases.For now, use this tag type */ | ||||
279 | current->name.other.data[0] = (char)(((current->type - 1) & 0x1f) | 0x80); | ||||
280 | current->name.other.data[1] = (char)strlen(buffer); | ||||
281 | current->name.other.len = strlen(buffer) + 2; | ||||
282 | break; | ||||
283 | } | ||||
284 | |||||
285 | case certDirectoryName: { | ||||
286 | CERTName *directoryName = NULL((void*)0); | ||||
287 | |||||
288 | directoryName = CERT_AsciiToName(buffer); | ||||
289 | if (!directoryName) { | ||||
290 | rv = SECFailure; | ||||
291 | break; | ||||
292 | } | ||||
293 | |||||
294 | rv = CERT_CopyName(arena, ¤t->name.directoryName, directoryName); | ||||
295 | CERT_DestroyName(directoryName); | ||||
296 | |||||
297 | break; | ||||
298 | } | ||||
299 | } | ||||
300 | if (rv != SECSuccess) | ||||
301 | break; | ||||
302 | current->l.next = &(namesList->l); | ||||
303 | current->l.prev = &(tail->l); | ||||
304 | tail->l.next = &(current->l); | ||||
305 | tail = current; | ||||
306 | |||||
307 | } while (nextChunk != data + strlen(data)); | ||||
308 | |||||
309 | if (rv != SECSuccess) { | ||||
310 | PORT_ArenaReleasePORT_ArenaRelease_Util(arena, mark); | ||||
311 | namesList = NULL((void*)0); | ||||
312 | } | ||||
313 | return (namesList); | ||||
314 | } | ||||
315 | |||||
316 | /* Creates CERTGeneralName from parsed data for the Authority Key Extension */ | ||||
317 | static CERTGeneralName * | ||||
318 | crlgen_DistinguishedName(PLArenaPool *arena, CRLGENGeneratorData *crlGenData, | ||||
319 | const char *data) | ||||
320 | { | ||||
321 | CERTName *directoryName = NULL((void*)0); | ||||
322 | CERTGeneralName *current; | ||||
323 | SECStatus rv = SECFailure; | ||||
324 | void *mark; | ||||
325 | |||||
326 | if (!data) | ||||
327 | return NULL((void*)0); | ||||
328 | PORT_Assert(arena)((arena)?((void)0):PR_Assert("arena","crlgen.c",328)); | ||||
329 | if (!arena) { | ||||
330 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
331 | return NULL((void*)0); | ||||
332 | } | ||||
333 | |||||
334 | mark = PORT_ArenaMarkPORT_ArenaMark_Util(arena); | ||||
335 | |||||
336 | current = PORT_ArenaZNew(arena, CERTGeneralName)(CERTGeneralName *)PORT_ArenaZAlloc_Util(arena, sizeof(CERTGeneralName )); | ||||
337 | if (current == NULL((void*)0)) { | ||||
338 | goto loser; | ||||
339 | } | ||||
340 | current->type = certDirectoryName; | ||||
341 | current->l.next = ¤t->l; | ||||
342 | current->l.prev = ¤t->l; | ||||
343 | |||||
344 | directoryName = CERT_AsciiToName((char *)data); | ||||
345 | if (!directoryName) { | ||||
346 | goto loser; | ||||
347 | } | ||||
348 | |||||
349 | rv = CERT_CopyName(arena, ¤t->name.directoryName, directoryName); | ||||
350 | CERT_DestroyName(directoryName); | ||||
351 | |||||
352 | loser: | ||||
353 | if (rv != SECSuccess) { | ||||
354 | PORT_SetErrorPORT_SetError_Util(rv); | ||||
355 | PORT_ArenaReleasePORT_ArenaRelease_Util(arena, mark); | ||||
356 | current = NULL((void*)0); | ||||
357 | } | ||||
358 | return (current); | ||||
359 | } | ||||
360 | |||||
361 | /* Adding Authority Key ID extension to extension handle. */ | ||||
362 | static SECStatus | ||||
363 | crlgen_AddAuthKeyID(CRLGENGeneratorData *crlGenData, | ||||
364 | const char **dataArr) | ||||
365 | { | ||||
366 | void *extHandle = NULL((void*)0); | ||||
367 | CERTAuthKeyID *authKeyID = NULL((void*)0); | ||||
368 | PLArenaPool *arena = NULL((void*)0); | ||||
369 | SECStatus rv = SECSuccess; | ||||
370 | |||||
371 | PORT_Assert(dataArr && crlGenData)((dataArr && crlGenData)?((void)0):PR_Assert("dataArr && crlGenData" ,"crlgen.c",371)); | ||||
372 | if (!crlGenData || !dataArr) { | ||||
373 | return SECFailure; | ||||
374 | } | ||||
375 | |||||
376 | extHandle = crlGenData->crlExtHandle; | ||||
377 | |||||
378 | if (!dataArr[0] || !dataArr[1] || !dataArr[2]) { | ||||
379 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
380 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
381 | "insufficient number of parameters.\n"); | ||||
382 | return SECFailure; | ||||
383 | } | ||||
384 | |||||
385 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); | ||||
386 | if (!arena) { | ||||
387 | return SECFailure; | ||||
388 | } | ||||
389 | |||||
390 | authKeyID = PORT_ArenaZNew(arena, CERTAuthKeyID)(CERTAuthKeyID *)PORT_ArenaZAlloc_Util(arena, sizeof(CERTAuthKeyID )); | ||||
391 | if (authKeyID == NULL((void*)0)) { | ||||
392 | rv = SECFailure; | ||||
393 | goto loser; | ||||
394 | } | ||||
395 | |||||
396 | if (dataArr[3] == NULL((void*)0)) { | ||||
397 | rv = crlgen_SetString(arena, dataArr[2], &authKeyID->keyID); | ||||
398 | if (rv != SECSuccess) | ||||
399 | goto loser; | ||||
400 | } else { | ||||
401 | rv = crlgen_SetString(arena, dataArr[3], | ||||
402 | &authKeyID->authCertSerialNumber); | ||||
403 | if (rv != SECSuccess) | ||||
404 | goto loser; | ||||
405 | |||||
406 | authKeyID->authCertIssuer = | ||||
407 | crlgen_DistinguishedName(arena, crlGenData, dataArr[2]); | ||||
408 | if (authKeyID->authCertIssuer == NULL((void*)0) && SECFailure == PORT_GetErrorPORT_GetError_Util()) { | ||||
409 | crlgen_PrintError(crlGenData->parsedLineNum, "syntax error.\n"); | ||||
410 | rv = SECFailure; | ||||
411 | goto loser; | ||||
412 | } | ||||
413 | } | ||||
414 | |||||
415 | rv = | ||||
416 | SECU_EncodeAndAddExtensionValue(arena, extHandle, authKeyID, | ||||
417 | (*dataArr[1] == '1') ? PR_TRUE1 : PR_FALSE0, | ||||
418 | SEC_OID_X509_AUTH_KEY_ID, | ||||
419 | (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeAuthKeyID); | ||||
420 | loser: | ||||
421 | if (arena) | ||||
422 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); | ||||
423 | return rv; | ||||
424 | } | ||||
425 | |||||
426 | /* Creates and add Subject Alternative Names extension */ | ||||
427 | static SECStatus | ||||
428 | crlgen_AddIssuerAltNames(CRLGENGeneratorData *crlGenData, | ||||
429 | const char **dataArr) | ||||
430 | { | ||||
431 | CERTGeneralName *nameList = NULL((void*)0); | ||||
432 | PLArenaPool *arena = NULL((void*)0); | ||||
433 | void *extHandle = NULL((void*)0); | ||||
434 | SECStatus rv = SECSuccess; | ||||
435 | |||||
436 | PORT_Assert(dataArr && crlGenData)((dataArr && crlGenData)?((void)0):PR_Assert("dataArr && crlGenData" ,"crlgen.c",436)); | ||||
437 | if (!crlGenData || !dataArr) { | ||||
438 | return SECFailure; | ||||
439 | } | ||||
440 | |||||
441 | if (!dataArr || !dataArr[0] || !dataArr[1] || !dataArr[2]) { | ||||
442 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
443 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
444 | "insufficient number of arguments.\n"); | ||||
445 | return SECFailure; | ||||
446 | } | ||||
447 | |||||
448 | PORT_Assert(dataArr && crlGenData)((dataArr && crlGenData)?((void)0):PR_Assert("dataArr && crlGenData" ,"crlgen.c",448)); | ||||
449 | if (!crlGenData || !dataArr) { | ||||
450 | return SECFailure; | ||||
451 | } | ||||
452 | |||||
453 | extHandle = crlGenData->crlExtHandle; | ||||
454 | |||||
455 | if (!dataArr[0] || !dataArr[1] || !dataArr[2]) { | ||||
456 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
457 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
458 | "insufficient number of parameters.\n"); | ||||
459 | return SECFailure; | ||||
460 | } | ||||
461 | |||||
462 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); | ||||
463 | if (!arena) { | ||||
464 | return SECFailure; | ||||
465 | } | ||||
466 | |||||
467 | nameList = crlgen_GetGeneralName(arena, crlGenData, dataArr[2]); | ||||
468 | if (nameList == NULL((void*)0)) { | ||||
469 | crlgen_PrintError(crlGenData->parsedLineNum, "syntax error.\n"); | ||||
470 | rv = SECFailure; | ||||
471 | goto loser; | ||||
472 | } | ||||
473 | |||||
474 | rv = | ||||
475 | SECU_EncodeAndAddExtensionValue(arena, extHandle, nameList, | ||||
476 | (*dataArr[1] == '1') ? PR_TRUE1 : PR_FALSE0, | ||||
477 | SEC_OID_X509_ISSUER_ALT_NAME, | ||||
478 | (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeAltNameExtension); | ||||
479 | loser: | ||||
480 | if (arena) | ||||
481 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); | ||||
482 | return rv; | ||||
483 | } | ||||
484 | |||||
485 | /* Creates and adds CRLNumber extension to extension handle. | ||||
486 | * Since, this is CRL extension, extension handle is the one | ||||
487 | * related to CRL extensions */ | ||||
488 | static SECStatus | ||||
489 | crlgen_AddCrlNumber(CRLGENGeneratorData *crlGenData, const char **dataArr) | ||||
490 | { | ||||
491 | PLArenaPool *arena = NULL((void*)0); | ||||
492 | SECItem encodedItem; | ||||
493 | void *dummy; | ||||
494 | SECStatus rv = SECFailure; | ||||
495 | int code = 0; | ||||
496 | |||||
497 | PORT_Assert(dataArr && crlGenData)((dataArr && crlGenData)?((void)0):PR_Assert("dataArr && crlGenData" ,"crlgen.c",497)); | ||||
498 | if (!crlGenData || !dataArr) { | ||||
499 | goto loser; | ||||
500 | } | ||||
501 | |||||
502 | if (!dataArr[0] || !dataArr[1] || !dataArr[2]) { | ||||
503 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
504 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
505 | "insufficient number of arguments.\n"); | ||||
506 | goto loser; | ||||
507 | } | ||||
508 | |||||
509 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); | ||||
510 | if (arena == NULL((void*)0)) { | ||||
511 | goto loser; | ||||
512 | } | ||||
513 | |||||
514 | code = atoi(dataArr[2]); | ||||
515 | if (code == 0 && *dataArr[2] != '0') { | ||||
516 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
517 | goto loser; | ||||
518 | } | ||||
519 | |||||
520 | dummy = SEC_ASN1EncodeIntegerSEC_ASN1EncodeInteger_Util(arena, &encodedItem, code); | ||||
521 | if (!dummy) { | ||||
522 | rv = SECFailure; | ||||
523 | goto loser; | ||||
524 | } | ||||
525 | |||||
526 | rv = CERT_AddExtension(crlGenData->crlExtHandle, SEC_OID_X509_CRL_NUMBER, | ||||
527 | &encodedItem, | ||||
528 | (*dataArr[1] == '1') ? PR_TRUE1 : PR_FALSE0, | ||||
529 | PR_TRUE1); | ||||
530 | |||||
531 | loser: | ||||
532 | if (arena) | ||||
533 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); | ||||
534 | return rv; | ||||
535 | } | ||||
536 | |||||
537 | /* Creates Cert Revocation Reason code extension. Encodes it and | ||||
538 | * returns as SECItem structure */ | ||||
539 | static SECItem * | ||||
540 | crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr, | ||||
541 | int *extCode) | ||||
542 | { | ||||
543 | SECItem *encodedItem; | ||||
544 | void *dummy; | ||||
545 | void *mark = NULL((void*)0); | ||||
546 | int code = 0; | ||||
547 | |||||
548 | PORT_Assert(arena && dataArr)((arena && dataArr)?((void)0):PR_Assert("arena && dataArr" ,"crlgen.c",548)); | ||||
549 | if (!arena || !dataArr) { | ||||
550 | goto loser; | ||||
551 | } | ||||
552 | |||||
553 | mark = PORT_ArenaMarkPORT_ArenaMark_Util(arena); | ||||
554 | |||||
555 | encodedItem = PORT_ArenaZNew(arena, SECItem)(SECItem *)PORT_ArenaZAlloc_Util(arena, sizeof(SECItem)); | ||||
556 | if (encodedItem == NULL((void*)0)) { | ||||
557 | goto loser; | ||||
558 | } | ||||
559 | |||||
560 | if (dataArr[2] == NULL((void*)0)) { | ||||
561 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
562 | goto loser; | ||||
563 | } | ||||
564 | |||||
565 | code = atoi(dataArr[2]); | ||||
566 | /* aACompromise(10) is the last possible of the values | ||||
567 | * for the Reason Core Extension */ | ||||
568 | if ((code == 0 && *dataArr[2] != '0') || code > 10) { | ||||
569 | |||||
570 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
571 | goto loser; | ||||
572 | } | ||||
573 | |||||
574 | dummy = SEC_ASN1EncodeIntegerSEC_ASN1EncodeInteger_Util(arena, encodedItem, code); | ||||
575 | if (!dummy) { | ||||
576 | goto loser; | ||||
577 | } | ||||
578 | |||||
579 | *extCode = SEC_OID_X509_REASON_CODE; | ||||
580 | return encodedItem; | ||||
581 | |||||
582 | loser: | ||||
583 | if (mark) { | ||||
584 | PORT_ArenaReleasePORT_ArenaRelease_Util(arena, mark); | ||||
585 | } | ||||
586 | return NULL((void*)0); | ||||
587 | } | ||||
588 | |||||
589 | /* Creates Cert Invalidity Date extension. Encodes it and | ||||
590 | * returns as SECItem structure */ | ||||
591 | static SECItem * | ||||
592 | crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr, | ||||
593 | int *extCode) | ||||
594 | { | ||||
595 | SECItem *encodedItem; | ||||
596 | int length = 0; | ||||
597 | void *mark = NULL((void*)0); | ||||
598 | |||||
599 | PORT_Assert(arena && dataArr)((arena && dataArr)?((void)0):PR_Assert("arena && dataArr" ,"crlgen.c",599)); | ||||
600 | if (!arena || !dataArr) { | ||||
601 | goto loser; | ||||
602 | } | ||||
603 | |||||
604 | mark = PORT_ArenaMarkPORT_ArenaMark_Util(arena); | ||||
605 | |||||
606 | encodedItem = PORT_ArenaZNew(arena, SECItem)(SECItem *)PORT_ArenaZAlloc_Util(arena, sizeof(SECItem)); | ||||
607 | if (encodedItem == NULL((void*)0)) { | ||||
608 | goto loser; | ||||
609 | } | ||||
610 | |||||
611 | length = PORT_Strlen(dataArr[2])strlen(dataArr[2]); | ||||
612 | |||||
613 | encodedItem->type = siGeneralizedTime; | ||||
614 | encodedItem->data = PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, length); | ||||
615 | if (!encodedItem->data) { | ||||
616 | goto loser; | ||||
617 | } | ||||
618 | |||||
619 | PORT_Memcpymemcpy(encodedItem->data, dataArr[2], (encodedItem->len = length) * sizeof(char)); | ||||
620 | |||||
621 | *extCode = SEC_OID_X509_INVALID_DATE; | ||||
622 | return encodedItem; | ||||
623 | |||||
624 | loser: | ||||
625 | if (mark) { | ||||
626 | PORT_ArenaReleasePORT_ArenaRelease_Util(arena, mark); | ||||
627 | } | ||||
628 | return NULL((void*)0); | ||||
629 | } | ||||
630 | |||||
631 | /* Creates(by calling extCreator function) and adds extension to a set | ||||
632 | * of already added certs. Uses values of rangeFrom and rangeTo from | ||||
633 | * CRLGENCrlGenCtl structure for identifying the inclusive set of certs */ | ||||
634 | static SECStatus | ||||
635 | crlgen_AddEntryExtension(CRLGENGeneratorData *crlGenData, | ||||
636 | const char **dataArr, char *extName, | ||||
637 | SECItem *(*extCreator)(PLArenaPool *arena, | ||||
638 | const char **dataArr, | ||||
639 | int *extCode)) | ||||
640 | { | ||||
641 | PRUint64 i = 0; | ||||
642 | SECStatus rv = SECFailure; | ||||
643 | int extCode = 0; | ||||
644 | PRUint64 lastRange; | ||||
645 | SECItem *ext = NULL((void*)0); | ||||
646 | PLArenaPool *arena = NULL((void*)0); | ||||
647 | |||||
648 | PORT_Assert(crlGenData && dataArr)((crlGenData && dataArr)?((void)0):PR_Assert("crlGenData && dataArr" ,"crlgen.c",648)); | ||||
649 | if (!crlGenData
| ||||
650 | goto loser; | ||||
651 | } | ||||
652 | |||||
653 | if (!dataArr[0] || !dataArr[1]) { | ||||
654 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
655 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
656 | "insufficient number of arguments.\n"); | ||||
657 | } | ||||
658 | |||||
659 | lastRange = crlGenData->rangeTo - crlGenData->rangeFrom + 1; | ||||
660 | |||||
661 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); | ||||
662 | if (arena == NULL((void*)0)) { | ||||
663 | goto loser; | ||||
664 | } | ||||
665 | |||||
666 | ext = extCreator(arena, dataArr, &extCode); | ||||
667 | if (ext
| ||||
668 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
669 | "got error while creating extension: %s\n", | ||||
670 | extName); | ||||
671 | goto loser; | ||||
672 | } | ||||
673 | |||||
674 | for (i = 0; i < lastRange; i++) { | ||||
675 | CRLGENEntryData *extData = NULL((void*)0); | ||||
676 | void *extHandle = NULL((void*)0); | ||||
677 | SECItem *certIdItem = | ||||
678 | SEC_ASN1EncodeIntegerSEC_ASN1EncodeInteger_Util(arena, NULL((void*)0), | ||||
679 | crlGenData->rangeFrom + i); | ||||
680 | if (!certIdItem) { | ||||
681 | rv = SECFailure; | ||||
682 | goto loser; | ||||
683 | } | ||||
684 | |||||
685 | extData = crlgen_FindEntry(crlGenData, certIdItem); | ||||
686 | if (!extData) { | ||||
687 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
688 | "can not add extension: crl entry " | ||||
689 | "(serial number: %d) is not in the list yet.\n", | ||||
690 | crlGenData->rangeFrom + i); | ||||
691 | continue; | ||||
692 | } | ||||
693 | |||||
694 | extHandle = extData->extHandle; | ||||
695 | if (extHandle == NULL((void*)0)) { | ||||
696 | extHandle = extData->extHandle = | ||||
697 | CERT_StartCRLEntryExtensions(&crlGenData->signCrl->crl, | ||||
698 | (CERTCrlEntry *)extData->entry); | ||||
699 | } | ||||
700 | rv = CERT_AddExtension(extHandle, extCode, ext, | ||||
701 | (*dataArr[1] == '1') ? PR_TRUE1 : PR_FALSE0, | ||||
| |||||
702 | PR_TRUE1); | ||||
703 | if (rv == SECFailure) { | ||||
704 | goto loser; | ||||
705 | } | ||||
706 | } | ||||
707 | |||||
708 | loser: | ||||
709 | if (arena) | ||||
710 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); | ||||
711 | return rv; | ||||
712 | } | ||||
713 | |||||
714 | /* Commits all added entries and their's extensions into CRL. */ | ||||
715 | SECStatus | ||||
716 | CRLGEN_CommitExtensionsAndEntries(CRLGENGeneratorData *crlGenData) | ||||
717 | { | ||||
718 | int size = 0; | ||||
719 | CERTCrl *crl; | ||||
720 | PLArenaPool *arena; | ||||
721 | SECStatus rv = SECSuccess; | ||||
722 | void *mark; | ||||
723 | |||||
724 | PORT_Assert(crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena)((crlGenData && crlGenData->signCrl && crlGenData ->signCrl->arena)?((void)0):PR_Assert("crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena" ,"crlgen.c",724)); | ||||
725 | if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) { | ||||
726 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
727 | return SECFailure; | ||||
728 | } | ||||
729 | |||||
730 | arena = crlGenData->signCrl->arena; | ||||
731 | crl = &crlGenData->signCrl->crl; | ||||
732 | |||||
733 | mark = PORT_ArenaMarkPORT_ArenaMark_Util(arena); | ||||
734 | |||||
735 | if (crlGenData->crlExtHandle) | ||||
736 | CERT_FinishExtensions(crlGenData->crlExtHandle); | ||||
737 | |||||
738 | size = crlGenData->entryDataHashTable->nentries; | ||||
739 | crl->entries = NULL((void*)0); | ||||
740 | if (size) { | ||||
741 | crl->entries = PORT_ArenaZNewArray(arena, CERTCrlEntry *, size + 1)(CERTCrlEntry * *)PORT_ArenaZAlloc_Util(arena, sizeof(CERTCrlEntry *) * (size + 1)); | ||||
742 | if (!crl->entries) { | ||||
743 | rv = SECFailure; | ||||
744 | } else { | ||||
745 | struct commitData dt; | ||||
746 | dt.entries = crl->entries; | ||||
747 | dt.pos = 0; | ||||
748 | PL_HashTableEnumerateEntries(crlGenData->entryDataHashTable, | ||||
749 | &crlgen_CommitEntryData, &dt); | ||||
750 | /* Last should be NULL */ | ||||
751 | crl->entries[size] = NULL((void*)0); | ||||
752 | } | ||||
753 | } | ||||
754 | |||||
755 | if (rv != SECSuccess) | ||||
756 | PORT_ArenaReleasePORT_ArenaRelease_Util(arena, mark); | ||||
757 | return rv; | ||||
758 | } | ||||
759 | |||||
760 | /* Initializes extHandle with data from extensions array */ | ||||
761 | static SECStatus | ||||
762 | crlgen_InitExtensionHandle(void *extHandle, | ||||
763 | CERTCertExtension **extensions) | ||||
764 | { | ||||
765 | CERTCertExtension *extension = NULL((void*)0); | ||||
766 | |||||
767 | if (!extensions) | ||||
768 | return SECSuccess; | ||||
769 | |||||
770 | PORT_Assert(extHandle != NULL)((extHandle != ((void*)0))?((void)0):PR_Assert("extHandle != NULL" ,"crlgen.c",770)); | ||||
771 | if (!extHandle) { | ||||
772 | return SECFailure; | ||||
773 | } | ||||
774 | |||||
775 | extension = *extensions; | ||||
776 | while (extension) { | ||||
777 | SECOidTag oidTag = SECOID_FindOIDTagSECOID_FindOIDTag_Util(&extension->id); | ||||
778 | /* shell we skip unknown extensions? */ | ||||
779 | CERT_AddExtension(extHandle, oidTag, &extension->value, | ||||
780 | (extension->critical.len != 0) ? PR_TRUE1 : PR_FALSE0, | ||||
781 | PR_FALSE0); | ||||
782 | extension = *(++extensions); | ||||
783 | } | ||||
784 | return SECSuccess; | ||||
785 | } | ||||
786 | |||||
787 | /* Used for initialization of extension handles for crl and certs | ||||
788 | * extensions from existing CRL data then modifying existing CRL.*/ | ||||
789 | SECStatus | ||||
790 | CRLGEN_ExtHandleInit(CRLGENGeneratorData *crlGenData) | ||||
791 | { | ||||
792 | CERTCrl *crl = NULL((void*)0); | ||||
793 | PRUint64 maxSN = 0; | ||||
794 | |||||
795 | PORT_Assert(crlGenData && crlGenData->signCrl &&((crlGenData && crlGenData->signCrl && crlGenData ->entryDataHashTable)?((void)0):PR_Assert("crlGenData && crlGenData->signCrl && crlGenData->entryDataHashTable" ,"crlgen.c",796)) | ||||
796 | crlGenData->entryDataHashTable)((crlGenData && crlGenData->signCrl && crlGenData ->entryDataHashTable)?((void)0):PR_Assert("crlGenData && crlGenData->signCrl && crlGenData->entryDataHashTable" ,"crlgen.c",796)); | ||||
797 | if (!crlGenData || !crlGenData->signCrl || | ||||
798 | !crlGenData->entryDataHashTable) { | ||||
799 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
800 | return SECFailure; | ||||
801 | } | ||||
802 | |||||
803 | crl = &crlGenData->signCrl->crl; | ||||
804 | crlGenData->crlExtHandle = CERT_StartCRLExtensions(crl); | ||||
805 | crlgen_InitExtensionHandle(crlGenData->crlExtHandle, | ||||
806 | crl->extensions); | ||||
807 | crl->extensions = NULL((void*)0); | ||||
808 | |||||
809 | if (crl->entries) { | ||||
810 | CERTCrlEntry **entry = crl->entries; | ||||
811 | while (*entry) { | ||||
812 | PRUint64 sn = DER_GetIntegerDER_GetInteger_Util(&(*entry)->serialNumber); | ||||
813 | CRLGENEntryData *extData = | ||||
814 | crlgen_PlaceAnEntry(crlGenData, *entry, &(*entry)->serialNumber); | ||||
815 | if ((*entry)->extensions) { | ||||
816 | extData->extHandle = | ||||
817 | CERT_StartCRLEntryExtensions(&crlGenData->signCrl->crl, | ||||
818 | (CERTCrlEntry *)extData->entry); | ||||
819 | if (crlgen_InitExtensionHandle(extData->extHandle, | ||||
820 | (*entry)->extensions) == SECFailure) | ||||
821 | return SECFailure; | ||||
822 | } | ||||
823 | (*entry)->extensions = NULL((void*)0); | ||||
824 | entry++; | ||||
825 | maxSN = PR_MAX(maxSN, sn)((maxSN)>(sn)?(maxSN):(sn)); | ||||
826 | } | ||||
827 | } | ||||
828 | |||||
829 | crlGenData->rangeFrom = crlGenData->rangeTo = maxSN + 1; | ||||
830 | return SECSuccess; | ||||
831 | } | ||||
832 | |||||
833 | /***************************************************************************** | ||||
834 | * Parser trigger functions start here | ||||
835 | */ | ||||
836 | |||||
837 | /* Sets new internal range value for add/rm certs.*/ | ||||
838 | static SECStatus | ||||
839 | crlgen_SetNewRangeField(CRLGENGeneratorData *crlGenData, char *value) | ||||
840 | { | ||||
841 | long rangeFrom = 0, rangeTo = 0; | ||||
842 | char *dashPos = NULL((void*)0); | ||||
843 | |||||
844 | PORT_Assert(crlGenData)((crlGenData)?((void)0):PR_Assert("crlGenData","crlgen.c",844 )); | ||||
845 | if (!crlGenData) { | ||||
846 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
847 | return SECFailure; | ||||
848 | } | ||||
849 | |||||
850 | if (value == NULL((void*)0)) { | ||||
851 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
852 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
853 | "insufficient number of arguments.\n"); | ||||
854 | return SECFailure; | ||||
855 | } | ||||
856 | |||||
857 | if ((dashPos = strchr(value, '-')) != NULL((void*)0)) { | ||||
858 | char *rangeToS, *rangeFromS = value; | ||||
859 | *dashPos = '\0'; | ||||
860 | rangeFrom = atoi(rangeFromS); | ||||
861 | *dashPos = '-'; | ||||
862 | |||||
863 | rangeToS = (char *)(dashPos + 1); | ||||
864 | rangeTo = atol(rangeToS); | ||||
865 | } else { | ||||
866 | rangeFrom = atol(value); | ||||
867 | rangeTo = rangeFrom; | ||||
868 | } | ||||
869 | |||||
870 | if (rangeFrom < 1 || rangeTo < rangeFrom) { | ||||
871 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
872 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
873 | "bad cert id range: %s.\n", value); | ||||
874 | return SECFailure; | ||||
875 | } | ||||
876 | |||||
877 | crlGenData->rangeFrom = rangeFrom; | ||||
878 | crlGenData->rangeTo = rangeTo; | ||||
879 | |||||
880 | return SECSuccess; | ||||
881 | } | ||||
882 | |||||
883 | /* Changes issuer subject field in CRL. By default this data is taken from | ||||
884 | * issuer cert subject field.Not yet implemented */ | ||||
885 | static SECStatus | ||||
886 | crlgen_SetIssuerField(CRLGENGeneratorData *crlGenData, char *value) | ||||
887 | { | ||||
888 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
889 | "Can not change CRL issuer field.\n"); | ||||
890 | return SECFailure; | ||||
891 | } | ||||
892 | |||||
893 | /* Encode and sets CRL thisUpdate and nextUpdate time fields*/ | ||||
894 | static SECStatus | ||||
895 | crlgen_SetTimeField(CRLGENGeneratorData *crlGenData, char *value, | ||||
896 | PRBool setThisUpdate) | ||||
897 | { | ||||
898 | CERTSignedCrl *signCrl; | ||||
899 | PLArenaPool *arena; | ||||
900 | CERTCrl *crl; | ||||
901 | int length = 0; | ||||
902 | SECItem *timeDest = NULL((void*)0); | ||||
903 | |||||
904 | PORT_Assert(crlGenData && crlGenData->signCrl &&((crlGenData && crlGenData->signCrl && crlGenData ->signCrl->arena)?((void)0):PR_Assert("crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena" ,"crlgen.c",905)) | ||||
905 | crlGenData->signCrl->arena)((crlGenData && crlGenData->signCrl && crlGenData ->signCrl->arena)?((void)0):PR_Assert("crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena" ,"crlgen.c",905)); | ||||
906 | if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) { | ||||
907 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
908 | return SECFailure; | ||||
909 | } | ||||
910 | |||||
911 | signCrl = crlGenData->signCrl; | ||||
912 | arena = signCrl->arena; | ||||
913 | crl = &signCrl->crl; | ||||
914 | |||||
915 | if (value == NULL((void*)0)) { | ||||
916 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
917 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
918 | "insufficient number of arguments.\n"); | ||||
919 | return SECFailure; | ||||
920 | } | ||||
921 | length = PORT_Strlen(value)strlen(value); | ||||
922 | |||||
923 | if (setThisUpdate == PR_TRUE1) { | ||||
924 | timeDest = &crl->lastUpdate; | ||||
925 | } else { | ||||
926 | timeDest = &crl->nextUpdate; | ||||
927 | } | ||||
928 | |||||
929 | timeDest->type = siGeneralizedTime; | ||||
930 | timeDest->data = PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, length); | ||||
931 | if (!timeDest->data) { | ||||
932 | return SECFailure; | ||||
933 | } | ||||
934 | PORT_Memcpymemcpy(timeDest->data, value, length); | ||||
935 | timeDest->len = length; | ||||
936 | |||||
937 | return SECSuccess; | ||||
938 | } | ||||
939 | |||||
940 | /* Adds new extension into CRL or added cert handles */ | ||||
941 | static SECStatus | ||||
942 | crlgen_AddExtension(CRLGENGeneratorData *crlGenData, const char **extData) | ||||
943 | { | ||||
944 | PORT_Assert(crlGenData && crlGenData->crlExtHandle)((crlGenData && crlGenData->crlExtHandle)?((void)0 ):PR_Assert("crlGenData && crlGenData->crlExtHandle" ,"crlgen.c",944)); | ||||
945 | if (!crlGenData
| ||||
946 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
947 | return SECFailure; | ||||
948 | } | ||||
949 | |||||
950 | if (extData == NULL((void*)0) || *extData == NULL((void*)0)) { | ||||
951 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
952 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
953 | "insufficient number of arguments.\n"); | ||||
954 | return SECFailure; | ||||
955 | } | ||||
956 | if (!PORT_Strcmpstrcmp(*extData, "authKeyId")) | ||||
957 | return crlgen_AddAuthKeyID(crlGenData, extData); | ||||
958 | else if (!PORT_Strcmpstrcmp(*extData, "issuerAltNames")) | ||||
959 | return crlgen_AddIssuerAltNames(crlGenData, extData); | ||||
960 | else if (!PORT_Strcmpstrcmp(*extData, "crlNumber")) | ||||
961 | return crlgen_AddCrlNumber(crlGenData, extData); | ||||
962 | else if (!PORT_Strcmpstrcmp(*extData, "reasonCode")) | ||||
963 | return crlgen_AddEntryExtension(crlGenData, extData, "reasonCode", | ||||
964 | crlgen_CreateReasonCode); | ||||
965 | else if (!PORT_Strcmpstrcmp(*extData, "invalidityDate")) | ||||
966 | return crlgen_AddEntryExtension(crlGenData, extData, "invalidityDate", | ||||
967 | crlgen_CreateInvalidityDate); | ||||
968 | else { | ||||
969 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
970 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
971 | "insufficient number of arguments.\n"); | ||||
972 | return SECFailure; | ||||
973 | } | ||||
974 | } | ||||
975 | |||||
976 | /* Created CRLGENEntryData for cert with serial number certId and | ||||
977 | * adds it to entryDataHashTable. certId can be a single cert serial | ||||
978 | * number or an inclusive rage of certs */ | ||||
979 | static SECStatus | ||||
980 | crlgen_AddCert(CRLGENGeneratorData *crlGenData, | ||||
981 | char *certId, char *revocationDate) | ||||
982 | { | ||||
983 | CERTSignedCrl *signCrl; | ||||
984 | SECItem *certIdItem; | ||||
985 | PLArenaPool *arena; | ||||
986 | PRUint64 rangeFrom = 0, rangeTo = 0, i = 0; | ||||
987 | int timeValLength = -1; | ||||
988 | SECStatus rv = SECFailure; | ||||
989 | void *mark; | ||||
990 | |||||
991 | PORT_Assert(crlGenData && crlGenData->signCrl &&((crlGenData && crlGenData->signCrl && crlGenData ->signCrl->arena)?((void)0):PR_Assert("crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena" ,"crlgen.c",992)) | ||||
992 | crlGenData->signCrl->arena)((crlGenData && crlGenData->signCrl && crlGenData ->signCrl->arena)?((void)0):PR_Assert("crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena" ,"crlgen.c",992)); | ||||
993 | if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) { | ||||
994 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
995 | return SECFailure; | ||||
996 | } | ||||
997 | |||||
998 | signCrl = crlGenData->signCrl; | ||||
999 | arena = signCrl->arena; | ||||
1000 | |||||
1001 | if (!certId || !revocationDate) { | ||||
1002 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
1003 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
1004 | "insufficient number of arguments.\n"); | ||||
1005 | return SECFailure; | ||||
1006 | } | ||||
1007 | |||||
1008 | timeValLength = strlen(revocationDate); | ||||
1009 | |||||
1010 | if (crlgen_SetNewRangeField(crlGenData, certId) == SECFailure && | ||||
1011 | certId) { | ||||
1012 | return SECFailure; | ||||
1013 | } | ||||
1014 | rangeFrom = crlGenData->rangeFrom; | ||||
1015 | rangeTo = crlGenData->rangeTo; | ||||
1016 | |||||
1017 | for (i = 0; i < rangeTo - rangeFrom + 1; i++) { | ||||
1018 | CERTCrlEntry *entry; | ||||
1019 | mark = PORT_ArenaMarkPORT_ArenaMark_Util(arena); | ||||
1020 | entry = PORT_ArenaZNew(arena, CERTCrlEntry)(CERTCrlEntry *)PORT_ArenaZAlloc_Util(arena, sizeof(CERTCrlEntry )); | ||||
1021 | if (entry == NULL((void*)0)) { | ||||
1022 | goto loser; | ||||
1023 | } | ||||
1024 | |||||
1025 | certIdItem = SEC_ASN1EncodeIntegerSEC_ASN1EncodeInteger_Util(arena, &entry->serialNumber, | ||||
1026 | rangeFrom + i); | ||||
1027 | if (!certIdItem) { | ||||
1028 | goto loser; | ||||
1029 | } | ||||
1030 | |||||
1031 | if (crlgen_FindEntry(crlGenData, certIdItem)) { | ||||
1032 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
1033 | "entry already exists. Use \"range\" " | ||||
1034 | "and \"rmcert\" before adding a new one with the " | ||||
1035 | "same serial number %ld\n", | ||||
1036 | rangeFrom + i); | ||||
1037 | goto loser; | ||||
1038 | } | ||||
1039 | |||||
1040 | entry->serialNumber.type = siBuffer; | ||||
1041 | |||||
1042 | entry->revocationDate.type = siGeneralizedTime; | ||||
1043 | |||||
1044 | entry->revocationDate.data = | ||||
1045 | PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, timeValLength); | ||||
1046 | if (entry->revocationDate.data == NULL((void*)0)) { | ||||
1047 | goto loser; | ||||
1048 | } | ||||
1049 | |||||
1050 | PORT_Memcpymemcpy(entry->revocationDate.data, revocationDate, | ||||
1051 | timeValLength * sizeof(char)); | ||||
1052 | entry->revocationDate.len = timeValLength; | ||||
1053 | |||||
1054 | entry->extensions = NULL((void*)0); | ||||
1055 | if (!crlgen_PlaceAnEntry(crlGenData, entry, certIdItem)) { | ||||
1056 | goto loser; | ||||
1057 | } | ||||
1058 | mark = NULL((void*)0); | ||||
1059 | } | ||||
1060 | |||||
1061 | rv = SECSuccess; | ||||
1062 | loser: | ||||
1063 | if (mark) { | ||||
1064 | PORT_ArenaReleasePORT_ArenaRelease_Util(arena, mark); | ||||
1065 | } | ||||
1066 | return rv; | ||||
1067 | } | ||||
1068 | |||||
1069 | /* Removes certs from entryDataHashTable which have certId serial number. | ||||
1070 | * certId can have value of a range of certs */ | ||||
1071 | static SECStatus | ||||
1072 | crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId) | ||||
1073 | { | ||||
1074 | PRUint64 i = 0; | ||||
1075 | |||||
1076 | PORT_Assert(crlGenData && certId)((crlGenData && certId)?((void)0):PR_Assert("crlGenData && certId" ,"crlgen.c",1076)); | ||||
1077 | if (!crlGenData || !certId) { | ||||
1078 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
1079 | return SECFailure; | ||||
1080 | } | ||||
1081 | |||||
1082 | if (crlgen_SetNewRangeField(crlGenData, certId) == SECFailure && | ||||
1083 | certId) { | ||||
1084 | return SECFailure; | ||||
1085 | } | ||||
1086 | |||||
1087 | for (i = 0; i < crlGenData->rangeTo - crlGenData->rangeFrom + 1; i++) { | ||||
1088 | SECItem *certIdItem = SEC_ASN1EncodeIntegerSEC_ASN1EncodeInteger_Util(NULL((void*)0), NULL((void*)0), | ||||
1089 | crlGenData->rangeFrom + i); | ||||
1090 | if (certIdItem) { | ||||
1091 | CRLGENEntryData *extData = | ||||
1092 | crlgen_FindEntry(crlGenData, certIdItem); | ||||
1093 | if (!extData) { | ||||
1094 | printf("Cert with id %s is not in the list\n", certId); | ||||
1095 | } else { | ||||
1096 | crlgen_RmEntry(crlGenData, certIdItem); | ||||
1097 | } | ||||
1098 | SECITEM_FreeItemSECITEM_FreeItem_Util(certIdItem, PR_TRUE1); | ||||
1099 | } | ||||
1100 | } | ||||
1101 | |||||
1102 | return SECSuccess; | ||||
1103 | } | ||||
1104 | |||||
1105 | /************************************************************************* | ||||
1106 | * Lex Parser Helper functions are used to store parsed information | ||||
1107 | * in context related structures. Context(or state) is identified base on | ||||
1108 | * a type of a instruction parser currently is going through. New context | ||||
1109 | * is identified by first token in a line. It can be addcert context, | ||||
1110 | * addext context, etc. */ | ||||
1111 | |||||
1112 | /* Updates CRL field depending on current context */ | ||||
1113 | static SECStatus | ||||
1114 | crlgen_updateCrlFn_field(CRLGENGeneratorData *crlGenData, void *str) | ||||
1115 | { | ||||
1116 | CRLGENCrlField *fieldStr = (CRLGENCrlField *)str; | ||||
1117 | |||||
1118 | PORT_Assert(crlGenData)((crlGenData)?((void)0):PR_Assert("crlGenData","crlgen.c",1118 )); | ||||
1119 | if (!crlGenData) { | ||||
1120 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
1121 | return SECFailure; | ||||
1122 | } | ||||
1123 | |||||
1124 | switch (crlGenData->contextId) { | ||||
1125 | case CRLGEN_ISSUER_CONTEXT1: | ||||
1126 | crlgen_SetIssuerField(crlGenData, fieldStr->value); | ||||
1127 | break; | ||||
1128 | case CRLGEN_UPDATE_CONTEXT2: | ||||
1129 | return crlgen_SetTimeField(crlGenData, fieldStr->value, PR_TRUE1); | ||||
1130 | break; | ||||
1131 | case CRLGEN_NEXT_UPDATE_CONTEXT3: | ||||
1132 | return crlgen_SetTimeField(crlGenData, fieldStr->value, PR_FALSE0); | ||||
1133 | break; | ||||
1134 | case CRLGEN_CHANGE_RANGE_CONTEXT7: | ||||
1135 | return crlgen_SetNewRangeField(crlGenData, fieldStr->value); | ||||
1136 | break; | ||||
1137 | default: | ||||
1138 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
1139 | "syntax error (unknow token type: %d)\n", | ||||
1140 | crlGenData->contextId); | ||||
1141 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
1142 | return SECFailure; | ||||
1143 | } | ||||
1144 | return SECSuccess; | ||||
1145 | } | ||||
1146 | |||||
1147 | /* Sets parsed data for CRL field update into temporary structure */ | ||||
1148 | static SECStatus | ||||
1149 | crlgen_setNextDataFn_field(CRLGENGeneratorData *crlGenData, void *str, | ||||
1150 | void *data, unsigned short dtype) | ||||
1151 | { | ||||
1152 | CRLGENCrlField *fieldStr = (CRLGENCrlField *)str; | ||||
1153 | |||||
1154 | PORT_Assert(crlGenData)((crlGenData)?((void)0):PR_Assert("crlGenData","crlgen.c",1154 )); | ||||
1155 | if (!crlGenData) { | ||||
1156 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
1157 | return SECFailure; | ||||
1158 | } | ||||
1159 | |||||
1160 | switch (crlGenData->contextId) { | ||||
1161 | case CRLGEN_CHANGE_RANGE_CONTEXT7: | ||||
1162 | if (dtype != CRLGEN_TYPE_DIGIT2 && dtype != CRLGEN_TYPE_DIGIT_RANGE3) { | ||||
1163 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
1164 | "range value should have " | ||||
1165 | "numeric or numeric range values.\n"); | ||||
1166 | return SECFailure; | ||||
1167 | } | ||||
1168 | break; | ||||
1169 | case CRLGEN_NEXT_UPDATE_CONTEXT3: | ||||
1170 | case CRLGEN_UPDATE_CONTEXT2: | ||||
1171 | if (dtype != CRLGEN_TYPE_ZDATE1) { | ||||
1172 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
1173 | "bad formated date. Should be " | ||||
1174 | "YYYYMMDDHHMMSSZ.\n"); | ||||
1175 | return SECFailure; | ||||
1176 | } | ||||
1177 | break; | ||||
1178 | default: | ||||
1179 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
1180 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
1181 | "syntax error (unknow token type: %d).\n", | ||||
1182 | crlGenData->contextId, data); | ||||
1183 | return SECFailure; | ||||
1184 | } | ||||
1185 | fieldStr->value = PORT_StrdupPORT_Strdup_Util(data); | ||||
1186 | if (!fieldStr->value) { | ||||
1187 | return SECFailure; | ||||
1188 | } | ||||
1189 | return SECSuccess; | ||||
1190 | } | ||||
1191 | |||||
1192 | /* Triggers cert entries update depending on current context */ | ||||
1193 | static SECStatus | ||||
1194 | crlgen_updateCrlFn_cert(CRLGENGeneratorData *crlGenData, void *str) | ||||
1195 | { | ||||
1196 | CRLGENCertEntry *certStr = (CRLGENCertEntry *)str; | ||||
1197 | |||||
1198 | PORT_Assert(crlGenData)((crlGenData)?((void)0):PR_Assert("crlGenData","crlgen.c",1198 )); | ||||
1199 | if (!crlGenData) { | ||||
1200 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
1201 | return SECFailure; | ||||
1202 | } | ||||
1203 | |||||
1204 | switch (crlGenData->contextId) { | ||||
1205 | case CRLGEN_ADD_CERT_CONTEXT6: | ||||
1206 | return crlgen_AddCert(crlGenData, certStr->certId, | ||||
1207 | certStr->revocationTime); | ||||
1208 | case CRLGEN_RM_CERT_CONTEXT8: | ||||
1209 | return crlgen_RmCert(crlGenData, certStr->certId); | ||||
1210 | default: | ||||
1211 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
1212 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
1213 | "syntax error (unknow token type: %d).\n", | ||||
1214 | crlGenData->contextId); | ||||
1215 | return SECFailure; | ||||
1216 | } | ||||
1217 | } | ||||
1218 | |||||
1219 | /* Sets parsed data for CRL entries update into temporary structure */ | ||||
1220 | static SECStatus | ||||
1221 | crlgen_setNextDataFn_cert(CRLGENGeneratorData *crlGenData, void *str, | ||||
1222 | void *data, unsigned short dtype) | ||||
1223 | { | ||||
1224 | CRLGENCertEntry *certStr = (CRLGENCertEntry *)str; | ||||
1225 | |||||
1226 | PORT_Assert(crlGenData)((crlGenData)?((void)0):PR_Assert("crlGenData","crlgen.c",1226 )); | ||||
1227 | if (!crlGenData) { | ||||
1228 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
1229 | return SECFailure; | ||||
1230 | } | ||||
1231 | |||||
1232 | switch (dtype) { | ||||
1233 | case CRLGEN_TYPE_DIGIT2: | ||||
1234 | case CRLGEN_TYPE_DIGIT_RANGE3: | ||||
1235 | certStr->certId = PORT_StrdupPORT_Strdup_Util(data); | ||||
1236 | if (!certStr->certId) { | ||||
1237 | return SECFailure; | ||||
1238 | } | ||||
1239 | break; | ||||
1240 | case CRLGEN_TYPE_DATE0: | ||||
1241 | case CRLGEN_TYPE_ZDATE1: | ||||
1242 | certStr->revocationTime = PORT_StrdupPORT_Strdup_Util(data); | ||||
1243 | if (!certStr->revocationTime) { | ||||
1244 | return SECFailure; | ||||
1245 | } | ||||
1246 | break; | ||||
1247 | default: | ||||
1248 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
1249 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
1250 | "syntax error (unknow token type: %d).\n", | ||||
1251 | crlGenData->contextId); | ||||
1252 | return SECFailure; | ||||
1253 | } | ||||
1254 | return SECSuccess; | ||||
1255 | } | ||||
1256 | |||||
1257 | /* Triggers cert entries/crl extension update */ | ||||
1258 | static SECStatus | ||||
1259 | crlgen_updateCrlFn_extension(CRLGENGeneratorData *crlGenData, void *str) | ||||
1260 | { | ||||
1261 | CRLGENExtensionEntry *extStr = (CRLGENExtensionEntry *)str; | ||||
1262 | |||||
1263 | return crlgen_AddExtension(crlGenData, (const char **)extStr->extData); | ||||
| |||||
1264 | } | ||||
1265 | |||||
1266 | /* Defines maximum number of fields extension may have */ | ||||
1267 | #define MAX_EXT_DATA_LENGTH10 10 | ||||
1268 | |||||
1269 | /* Sets parsed extension data for CRL entries/CRL extensions update | ||||
1270 | * into temporary structure */ | ||||
1271 | static SECStatus | ||||
1272 | crlgen_setNextDataFn_extension(CRLGENGeneratorData *crlGenData, void *str, | ||||
1273 | void *data, unsigned short dtype) | ||||
1274 | { | ||||
1275 | CRLGENExtensionEntry *extStr = (CRLGENExtensionEntry *)str; | ||||
1276 | |||||
1277 | PORT_Assert(crlGenData)((crlGenData)?((void)0):PR_Assert("crlGenData","crlgen.c",1277 )); | ||||
1278 | if (!crlGenData) { | ||||
1279 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
1280 | return SECFailure; | ||||
1281 | } | ||||
1282 | |||||
1283 | if (extStr->extData == NULL((void*)0)) { | ||||
1284 | extStr->extData = PORT_ZNewArray(char *, MAX_EXT_DATA_LENGTH)(char * *)PORT_ZAlloc_Util(sizeof(char *) * (10)); | ||||
1285 | if (!extStr->extData) { | ||||
1286 | return SECFailure; | ||||
1287 | } | ||||
1288 | } | ||||
1289 | if (extStr->nextUpdatedData >= MAX_EXT_DATA_LENGTH10) { | ||||
1290 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
1291 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
1292 | "number of fields in extension " | ||||
1293 | "exceeded maximum allowed data length: %d.\n", | ||||
1294 | MAX_EXT_DATA_LENGTH10); | ||||
1295 | return SECFailure; | ||||
1296 | } | ||||
1297 | extStr->extData[extStr->nextUpdatedData] = PORT_StrdupPORT_Strdup_Util(data); | ||||
1298 | if (!extStr->extData[extStr->nextUpdatedData]) { | ||||
1299 | return SECFailure; | ||||
1300 | } | ||||
1301 | extStr->nextUpdatedData += 1; | ||||
1302 | |||||
1303 | return SECSuccess; | ||||
1304 | } | ||||
1305 | |||||
1306 | /**************************************************************************************** | ||||
1307 | * Top level functions are triggered directly by parser. | ||||
1308 | */ | ||||
1309 | |||||
1310 | /* | ||||
1311 | * crl generation script parser recreates a temporary data staructure | ||||
1312 | * for each line it is going through. This function cleans temp structure. | ||||
1313 | */ | ||||
1314 | void | ||||
1315 | crlgen_destroyTempData(CRLGENGeneratorData *crlGenData) | ||||
1316 | { | ||||
1317 | if (crlGenData->contextId != CRLGEN_UNKNOWN_CONTEXT0) { | ||||
1318 | switch (crlGenData->contextId) { | ||||
1319 | case CRLGEN_ISSUER_CONTEXT1: | ||||
1320 | case CRLGEN_UPDATE_CONTEXT2: | ||||
1321 | case CRLGEN_NEXT_UPDATE_CONTEXT3: | ||||
1322 | case CRLGEN_CHANGE_RANGE_CONTEXT7: | ||||
1323 | if (crlGenData->crlField->value) | ||||
1324 | PORT_FreePORT_Free_Util(crlGenData->crlField->value); | ||||
1325 | PORT_FreePORT_Free_Util(crlGenData->crlField); | ||||
1326 | break; | ||||
1327 | case CRLGEN_ADD_CERT_CONTEXT6: | ||||
1328 | case CRLGEN_RM_CERT_CONTEXT8: | ||||
1329 | if (crlGenData->certEntry->certId) | ||||
1330 | PORT_FreePORT_Free_Util(crlGenData->certEntry->certId); | ||||
1331 | if (crlGenData->certEntry->revocationTime) | ||||
1332 | PORT_FreePORT_Free_Util(crlGenData->certEntry->revocationTime); | ||||
1333 | PORT_FreePORT_Free_Util(crlGenData->certEntry); | ||||
1334 | break; | ||||
1335 | case CRLGEN_ADD_EXTENSION_CONTEXT4: | ||||
1336 | if (crlGenData->extensionEntry->extData) { | ||||
1337 | int i = 0; | ||||
1338 | for (; i < crlGenData->extensionEntry->nextUpdatedData; i++) | ||||
1339 | PORT_FreePORT_Free_Util(*(crlGenData->extensionEntry->extData + i)); | ||||
1340 | PORT_FreePORT_Free_Util(crlGenData->extensionEntry->extData); | ||||
1341 | } | ||||
1342 | PORT_FreePORT_Free_Util(crlGenData->extensionEntry); | ||||
1343 | break; | ||||
1344 | } | ||||
1345 | crlGenData->contextId = CRLGEN_UNKNOWN_CONTEXT0; | ||||
1346 | } | ||||
1347 | } | ||||
1348 | |||||
1349 | SECStatus | ||||
1350 | crlgen_updateCrl(CRLGENGeneratorData *crlGenData) | ||||
1351 | { | ||||
1352 | SECStatus rv = SECSuccess; | ||||
1353 | |||||
1354 | PORT_Assert(crlGenData)((crlGenData)?((void)0):PR_Assert("crlGenData","crlgen.c",1354 )); | ||||
1355 | if (!crlGenData) { | ||||
1356 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
1357 | return SECFailure; | ||||
1358 | } | ||||
1359 | |||||
1360 | switch (crlGenData->contextId) { | ||||
1361 | case CRLGEN_ISSUER_CONTEXT1: | ||||
1362 | case CRLGEN_UPDATE_CONTEXT2: | ||||
1363 | case CRLGEN_NEXT_UPDATE_CONTEXT3: | ||||
1364 | case CRLGEN_CHANGE_RANGE_CONTEXT7: | ||||
1365 | rv = crlGenData->crlField->updateCrlFn(crlGenData, crlGenData->crlField); | ||||
1366 | break; | ||||
1367 | case CRLGEN_RM_CERT_CONTEXT8: | ||||
1368 | case CRLGEN_ADD_CERT_CONTEXT6: | ||||
1369 | rv = crlGenData->certEntry->updateCrlFn(crlGenData, crlGenData->certEntry); | ||||
1370 | break; | ||||
1371 | case CRLGEN_ADD_EXTENSION_CONTEXT4: | ||||
1372 | rv = crlGenData->extensionEntry->updateCrlFn(crlGenData, crlGenData->extensionEntry); | ||||
1373 | break; | ||||
1374 | case CRLGEN_UNKNOWN_CONTEXT0: | ||||
1375 | break; | ||||
1376 | default: | ||||
1377 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
1378 | "unknown lang context type code: %d.\n", | ||||
1379 | crlGenData->contextId); | ||||
1380 | PORT_Assert(0)((0)?((void)0):PR_Assert("0","crlgen.c",1380)); | ||||
1381 | return SECFailure; | ||||
1382 | } | ||||
1383 | /* Clrean structures after crl update */ | ||||
1384 | crlgen_destroyTempData(crlGenData); | ||||
1385 | |||||
1386 | crlGenData->parsedLineNum += 1; | ||||
1387 | |||||
1388 | return rv; | ||||
1389 | } | ||||
1390 | |||||
1391 | SECStatus | ||||
1392 | crlgen_setNextData(CRLGENGeneratorData *crlGenData, void *data, | ||||
1393 | unsigned short dtype) | ||||
1394 | { | ||||
1395 | SECStatus rv = SECSuccess; | ||||
1396 | |||||
1397 | PORT_Assert(crlGenData)((crlGenData)?((void)0):PR_Assert("crlGenData","crlgen.c",1397 )); | ||||
1398 | if (!crlGenData) { | ||||
1399 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
1400 | return SECFailure; | ||||
1401 | } | ||||
1402 | |||||
1403 | switch (crlGenData->contextId) { | ||||
1404 | case CRLGEN_ISSUER_CONTEXT1: | ||||
1405 | case CRLGEN_UPDATE_CONTEXT2: | ||||
1406 | case CRLGEN_NEXT_UPDATE_CONTEXT3: | ||||
1407 | case CRLGEN_CHANGE_RANGE_CONTEXT7: | ||||
1408 | rv = crlGenData->crlField->setNextDataFn(crlGenData, crlGenData->crlField, | ||||
1409 | data, dtype); | ||||
1410 | break; | ||||
1411 | case CRLGEN_ADD_CERT_CONTEXT6: | ||||
1412 | case CRLGEN_RM_CERT_CONTEXT8: | ||||
1413 | rv = crlGenData->certEntry->setNextDataFn(crlGenData, crlGenData->certEntry, | ||||
1414 | data, dtype); | ||||
1415 | break; | ||||
1416 | case CRLGEN_ADD_EXTENSION_CONTEXT4: | ||||
1417 | rv = | ||||
1418 | crlGenData->extensionEntry->setNextDataFn(crlGenData, crlGenData->extensionEntry, data, dtype); | ||||
1419 | break; | ||||
1420 | case CRLGEN_UNKNOWN_CONTEXT0: | ||||
1421 | break; | ||||
1422 | default: | ||||
1423 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
1424 | "unknown context type: %d.\n", | ||||
1425 | crlGenData->contextId); | ||||
1426 | PORT_Assert(0)((0)?((void)0):PR_Assert("0","crlgen.c",1426)); | ||||
1427 | return SECFailure; | ||||
1428 | } | ||||
1429 | return rv; | ||||
1430 | } | ||||
1431 | |||||
1432 | SECStatus | ||||
1433 | crlgen_createNewLangStruct(CRLGENGeneratorData *crlGenData, | ||||
1434 | unsigned structType) | ||||
1435 | { | ||||
1436 | PORT_Assert(crlGenData &&((crlGenData && crlGenData->contextId == 0)?((void )0):PR_Assert("crlGenData && crlGenData->contextId == CRLGEN_UNKNOWN_CONTEXT" ,"crlgen.c",1437)) | ||||
1437 | crlGenData->contextId == CRLGEN_UNKNOWN_CONTEXT)((crlGenData && crlGenData->contextId == 0)?((void )0):PR_Assert("crlGenData && crlGenData->contextId == CRLGEN_UNKNOWN_CONTEXT" ,"crlgen.c",1437)); | ||||
1438 | if (!crlGenData || | ||||
1439 | crlGenData->contextId != CRLGEN_UNKNOWN_CONTEXT0) { | ||||
1440 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
1441 | return SECFailure; | ||||
1442 | } | ||||
1443 | |||||
1444 | switch (structType) { | ||||
1445 | case CRLGEN_ISSUER_CONTEXT1: | ||||
1446 | case CRLGEN_UPDATE_CONTEXT2: | ||||
1447 | case CRLGEN_NEXT_UPDATE_CONTEXT3: | ||||
1448 | case CRLGEN_CHANGE_RANGE_CONTEXT7: | ||||
1449 | crlGenData->crlField = PORT_New(CRLGENCrlField)(CRLGENCrlField *)PORT_Alloc_Util(sizeof(CRLGENCrlField)); | ||||
1450 | if (!crlGenData->crlField) { | ||||
1451 | return SECFailure; | ||||
1452 | } | ||||
1453 | crlGenData->contextId = structType; | ||||
1454 | crlGenData->crlField->value = NULL((void*)0); | ||||
1455 | crlGenData->crlField->updateCrlFn = &crlgen_updateCrlFn_field; | ||||
1456 | crlGenData->crlField->setNextDataFn = &crlgen_setNextDataFn_field; | ||||
1457 | break; | ||||
1458 | case CRLGEN_RM_CERT_CONTEXT8: | ||||
1459 | case CRLGEN_ADD_CERT_CONTEXT6: | ||||
1460 | crlGenData->certEntry = PORT_New(CRLGENCertEntry)(CRLGENCertEntry *)PORT_Alloc_Util(sizeof(CRLGENCertEntry)); | ||||
1461 | if (!crlGenData->certEntry) { | ||||
1462 | return SECFailure; | ||||
1463 | } | ||||
1464 | crlGenData->contextId = structType; | ||||
1465 | crlGenData->certEntry->certId = 0; | ||||
1466 | crlGenData->certEntry->revocationTime = NULL((void*)0); | ||||
1467 | crlGenData->certEntry->updateCrlFn = &crlgen_updateCrlFn_cert; | ||||
1468 | crlGenData->certEntry->setNextDataFn = &crlgen_setNextDataFn_cert; | ||||
1469 | break; | ||||
1470 | case CRLGEN_ADD_EXTENSION_CONTEXT4: | ||||
1471 | crlGenData->extensionEntry = PORT_New(CRLGENExtensionEntry)(CRLGENExtensionEntry *)PORT_Alloc_Util(sizeof(CRLGENExtensionEntry )); | ||||
1472 | if (!crlGenData->extensionEntry) { | ||||
1473 | return SECFailure; | ||||
1474 | } | ||||
1475 | crlGenData->contextId = structType; | ||||
1476 | crlGenData->extensionEntry->extData = NULL((void*)0); | ||||
1477 | crlGenData->extensionEntry->nextUpdatedData = 0; | ||||
1478 | crlGenData->extensionEntry->updateCrlFn = | ||||
1479 | &crlgen_updateCrlFn_extension; | ||||
1480 | crlGenData->extensionEntry->setNextDataFn = | ||||
1481 | &crlgen_setNextDataFn_extension; | ||||
1482 | break; | ||||
1483 | case CRLGEN_UNKNOWN_CONTEXT0: | ||||
1484 | break; | ||||
1485 | default: | ||||
1486 | crlgen_PrintError(crlGenData->parsedLineNum, | ||||
1487 | "unknown context type: %d.\n", structType); | ||||
1488 | PORT_Assert(0)((0)?((void)0):PR_Assert("0","crlgen.c",1488)); | ||||
1489 | return SECFailure; | ||||
1490 | } | ||||
1491 | return SECSuccess; | ||||
1492 | } | ||||
1493 | |||||
1494 | /* Parser initialization function */ | ||||
1495 | CRLGENGeneratorData * | ||||
1496 | CRLGEN_InitCrlGeneration(CERTSignedCrl *signCrl, PRFileDesc *src) | ||||
1497 | { | ||||
1498 | CRLGENGeneratorData *crlGenData = NULL((void*)0); | ||||
1499 | |||||
1500 | PORT_Assert(signCrl && src)((signCrl && src)?((void)0):PR_Assert("signCrl && src" ,"crlgen.c",1500)); | ||||
1501 | if (!signCrl || !src) { | ||||
1502 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); | ||||
1503 | return NULL((void*)0); | ||||
1504 | } | ||||
1505 | |||||
1506 | crlGenData = PORT_ZNew(CRLGENGeneratorData)(CRLGENGeneratorData *)PORT_ZAlloc_Util(sizeof(CRLGENGeneratorData )); | ||||
1507 | if (!crlGenData) { | ||||
1508 | return NULL((void*)0); | ||||
1509 | } | ||||
1510 | |||||
1511 | crlGenData->entryDataHashTable = | ||||
1512 | PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare, | ||||
1513 | PL_CompareValues, NULL((void*)0), NULL((void*)0)); | ||||
1514 | if (!crlGenData->entryDataHashTable) { | ||||
1515 | PORT_FreePORT_Free_Util(crlGenData); | ||||
1516 | return NULL((void*)0); | ||||
1517 | } | ||||
1518 | |||||
1519 | crlGenData->src = src; | ||||
1520 | crlGenData->parsedLineNum = 1; | ||||
1521 | crlGenData->contextId = CRLGEN_UNKNOWN_CONTEXT0; | ||||
1522 | crlGenData->signCrl = signCrl; | ||||
1523 | crlGenData->rangeFrom = 0; | ||||
1524 | crlGenData->rangeTo = 0; | ||||
1525 | crlGenData->crlExtHandle = NULL((void*)0); | ||||
1526 | |||||
1527 | PORT_SetErrorPORT_SetError_Util(0); | ||||
1528 | |||||
1529 | return crlGenData; | ||||
1530 | } | ||||
1531 | |||||
1532 | void | ||||
1533 | CRLGEN_FinalizeCrlGeneration(CRLGENGeneratorData *crlGenData) | ||||
1534 | { | ||||
1535 | if (!crlGenData) | ||||
1536 | return; | ||||
1537 | if (crlGenData->src) | ||||
1538 | PR_Close(crlGenData->src); | ||||
1539 | PL_HashTableDestroy(crlGenData->entryDataHashTable); | ||||
1540 | PORT_FreePORT_Free_Util(crlGenData); | ||||
1541 | } |