File: | s/cmd/crlutil/crlgen.c |
Warning: | line 192, column 5 Value stored to 'nextChunk' is never read |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | |
5 | /* |
6 | ** crlgen.c |
7 | ** |
8 | ** utility for managing certificates revocation lists generation |
9 | ** |
10 | */ |
11 | |
12 | #include <stdio.h> |
13 | #include <math.h> |
14 | |
15 | #include "nspr.h" |
16 | #include "plgetopt.h" |
17 | #include "nss.h" |
18 | #include "secutil.h" |
19 | #include "cert.h" |
20 | #include "certi.h" |
21 | #include "certdb.h" |
22 | #include "pk11func.h" |
23 | #include "crlgen.h" |
24 | |
25 | /* Destroys extHandle and data. data was create on heap. |
26 | * extHandle creaded by CERT_StartCRLEntryExtensions. entry |
27 | * was allocated on arena.*/ |
28 | static void |
29 | destroyEntryData(CRLGENEntryData *data) |
30 | { |
31 | if (!data) |
32 | return; |
33 | PORT_Assert(data->entry)((data->entry)?((void)0):PR_Assert("data->entry","crlgen.c" ,33)); |
34 | if (data->extHandle) |
35 | CERT_FinishExtensions(data->extHandle); |
36 | PORT_FreePORT_Free_Util(data); |
37 | } |
38 | |
39 | /* Prints error messages along with line number */ |
40 | void |
41 | crlgen_PrintError(int line, char *msg, ...) |
42 | { |
43 | va_list args; |
44 | |
45 | va_start(args, msg)__builtin_va_start(args, msg); |
46 | |
47 | fprintf(stderrstderr, "crlgen: (line: %d) ", line); |
48 | vfprintf(stderrstderr, msg, args); |
49 | |
50 | va_end(args)__builtin_va_end(args); |
51 | } |
52 | /* Finds CRLGENEntryData in hashtable according PRUint64 value |
53 | * - certId : cert serial number*/ |
54 | static CRLGENEntryData * |
55 | crlgen_FindEntry(CRLGENGeneratorData *crlGenData, SECItem *certId) |
56 | { |
57 | if (!crlGenData->entryDataHashTable || !certId) |
58 | return NULL((void*)0); |
59 | return (CRLGENEntryData *) |
60 | PL_HashTableLookup(crlGenData->entryDataHashTable, |
61 | certId); |
62 | } |
63 | |
64 | /* Removes CRLGENEntryData from hashtable according to certId |
65 | * - certId : cert serial number*/ |
66 | static SECStatus |
67 | crlgen_RmEntry(CRLGENGeneratorData *crlGenData, SECItem *certId) |
68 | { |
69 | CRLGENEntryData *data = NULL((void*)0); |
70 | SECStatus rv = SECSuccess; |
71 | |
72 | if (!crlGenData->entryDataHashTable) { |
73 | return SECSuccess; |
74 | } |
75 | |
76 | data = crlgen_FindEntry(crlGenData, certId); |
77 | if (!data) { |
78 | return SECSuccess; |
79 | } |
80 | |
81 | if (!PL_HashTableRemove(crlGenData->entryDataHashTable, certId)) { |
82 | rv = SECFailure; |
83 | } |
84 | |
85 | destroyEntryData(data); |
86 | return rv; |
87 | } |
88 | |
89 | /* Stores CRLGENEntryData in hashtable according to certId |
90 | * - certId : cert serial number*/ |
91 | static CRLGENEntryData * |
92 | crlgen_PlaceAnEntry(CRLGENGeneratorData *crlGenData, |
93 | CERTCrlEntry *entry, SECItem *certId) |
94 | { |
95 | CRLGENEntryData *newData = NULL((void*)0); |
96 | |
97 | PORT_Assert(crlGenData && crlGenData->entryDataHashTable &&((crlGenData && crlGenData->entryDataHashTable && entry)?((void)0):PR_Assert("crlGenData && crlGenData->entryDataHashTable && entry" ,"crlgen.c",98)) |
98 | entry)((crlGenData && crlGenData->entryDataHashTable && entry)?((void)0):PR_Assert("crlGenData && crlGenData->entryDataHashTable && entry" ,"crlgen.c",98)); |
99 | if (!crlGenData || !crlGenData->entryDataHashTable || !entry) { |
100 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
101 | return NULL((void*)0); |
102 | } |
103 | |
104 | newData = PORT_ZNew(CRLGENEntryData)(CRLGENEntryData *)PORT_ZAlloc_Util(sizeof(CRLGENEntryData)); |
105 | if (!newData) { |
106 | return NULL((void*)0); |
107 | } |
108 | newData->entry = entry; |
109 | newData->certId = certId; |
110 | if (!PL_HashTableAdd(crlGenData->entryDataHashTable, |
111 | newData->certId, newData)) { |
112 | crlgen_PrintError(crlGenData->parsedLineNum, |
113 | "Can not add entryData structure\n"); |
114 | return NULL((void*)0); |
115 | } |
116 | return newData; |
117 | } |
118 | |
119 | /* Use this structure to keep pointer when commiting entries extensions */ |
120 | struct commitData { |
121 | int pos; |
122 | CERTCrlEntry **entries; |
123 | }; |
124 | |
125 | /* HT PL_HashTableEnumerateEntries callback. Sorts hashtable entries of the |
126 | * table he. Returns value through arg parameter*/ |
127 | static PRIntn PR_CALLBACK |
128 | crlgen_CommitEntryData(PLHashEntry *he, PRIntn i, void *arg) |
129 | { |
130 | CRLGENEntryData *data = NULL((void*)0); |
131 | |
132 | PORT_Assert(he)((he)?((void)0):PR_Assert("he","crlgen.c",132)); |
133 | if (!he) { |
134 | return HT_ENUMERATE_NEXT0; |
135 | } |
136 | data = (CRLGENEntryData *)he->value; |
137 | |
138 | PORT_Assert(data)((data)?((void)0):PR_Assert("data","crlgen.c",138)); |
139 | PORT_Assert(arg)((arg)?((void)0):PR_Assert("arg","crlgen.c",139)); |
140 | |
141 | if (data) { |
142 | struct commitData *dt = (struct commitData *)arg; |
143 | dt->entries[dt->pos++] = data->entry; |
144 | destroyEntryData(data); |
145 | } |
146 | return HT_ENUMERATE_NEXT0; |
147 | } |
148 | |
149 | /* Copy char * datainto allocated in arena SECItem */ |
150 | static SECStatus |
151 | crlgen_SetString(PLArenaPool *arena, const char *dataIn, SECItem *value) |
152 | { |
153 | SECItem item; |
154 | |
155 | PORT_Assert(arena && dataIn)((arena && dataIn)?((void)0):PR_Assert("arena && dataIn" ,"crlgen.c",155)); |
156 | if (!arena || !dataIn) { |
157 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
158 | return SECFailure; |
159 | } |
160 | |
161 | item.data = (void *)dataIn; |
162 | item.len = PORT_Strlen(dataIn)strlen(dataIn); |
163 | |
164 | return SECITEM_CopyItemSECITEM_CopyItem_Util(arena, value, &item); |
165 | } |
166 | |
167 | /* Creates CERTGeneralName from parsed data for the Authority Key Extension */ |
168 | static CERTGeneralName * |
169 | crlgen_GetGeneralName(PLArenaPool *arena, CRLGENGeneratorData *crlGenData, |
170 | const char *data) |
171 | { |
172 | CERTGeneralName *namesList = NULL((void*)0); |
173 | CERTGeneralName *current; |
174 | CERTGeneralName *tail = NULL((void*)0); |
175 | SECStatus rv = SECSuccess; |
176 | const char *nextChunk = NULL((void*)0); |
177 | const char *currData = NULL((void*)0); |
178 | int intValue; |
179 | char buffer[512]; |
180 | void *mark; |
181 | |
182 | if (!data) |
183 | return NULL((void*)0); |
184 | PORT_Assert(arena)((arena)?((void)0):PR_Assert("arena","crlgen.c",184)); |
185 | if (!arena) { |
186 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
187 | return NULL((void*)0); |
188 | } |
189 | |
190 | mark = PORT_ArenaMarkPORT_ArenaMark_Util(arena); |
191 | |
192 | nextChunk = data; |
Value stored to 'nextChunk' is never read | |
193 | currData = data; |
194 | do { |
195 | int nameLen = 0; |
196 | char name[128]; |
197 | const char *sepPrt = NULL((void*)0); |
198 | nextChunk = PORT_Strchrstrchr(currData, '|'); |
199 | if (!nextChunk) |
200 | nextChunk = data + strlen(data); |
201 | sepPrt = PORT_Strchrstrchr(currData, ':'); |
202 | if (sepPrt == NULL((void*)0) || sepPrt >= nextChunk) { |
203 | *buffer = '\0'; |
204 | sepPrt = nextChunk; |
205 | } else { |
206 | PORT_Memcpymemcpy(buffer, sepPrt + 1, |
207 | (nextChunk - sepPrt - 1)); |
208 | buffer[nextChunk - sepPrt - 1] = '\0'; |
209 | } |
210 | nameLen = PR_MIN(sepPrt - currData, sizeof(name) - 1)((sepPrt - currData)<(sizeof(name) - 1)?(sepPrt - currData ):(sizeof(name) - 1)); |
211 | PORT_Memcpymemcpy(name, currData, nameLen); |
212 | name[nameLen] = '\0'; |
213 | currData = nextChunk + 1; |
214 | |
215 | if (!PORT_Strcmpstrcmp(name, "otherName")) |
216 | intValue = certOtherName; |
217 | else if (!PORT_Strcmpstrcmp(name, "rfc822Name")) |
218 | intValue = certRFC822Name; |
219 | else if (!PORT_Strcmpstrcmp(name, "dnsName")) |
220 | intValue = certDNSName; |
221 | else if (!PORT_Strcmpstrcmp(name, "x400Address")) |
222 | intValue = certX400Address; |
223 | else if (!PORT_Strcmpstrcmp(name, "directoryName")) |
224 | intValue = certDirectoryName; |
225 | else if (!PORT_Strcmpstrcmp(name, "ediPartyName")) |
226 | intValue = certEDIPartyName; |
227 | else if (!PORT_Strcmpstrcmp(name, "URI")) |
228 | intValue = certURI; |
229 | else if (!PORT_Strcmpstrcmp(name, "ipAddress")) |
230 | intValue = certIPAddress; |
231 | else if (!PORT_Strcmpstrcmp(name, "registerID")) |
232 | intValue = certRegisterID; |
233 | else |
234 | intValue = -1; |
235 | |
236 | if (intValue >= certOtherName && intValue <= certRegisterID) { |
237 | if (namesList == NULL((void*)0)) { |
238 | namesList = current = tail = PORT_ArenaZNew(arena,(CERTGeneralName *)PORT_ArenaZAlloc_Util(arena, sizeof(CERTGeneralName )) |
239 | CERTGeneralName)(CERTGeneralName *)PORT_ArenaZAlloc_Util(arena, sizeof(CERTGeneralName )); |
240 | } else { |
241 | current = PORT_ArenaZNew(arena, CERTGeneralName)(CERTGeneralName *)PORT_ArenaZAlloc_Util(arena, sizeof(CERTGeneralName )); |
242 | } |
243 | if (current == NULL((void*)0)) { |
244 | rv = SECFailure; |
245 | break; |
246 | } |
247 | } else { |
248 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
249 | break; |
250 | } |
251 | current->type = intValue; |
252 | switch (current->type) { |
253 | case certURI: |
254 | case certDNSName: |
255 | case certRFC822Name: |
256 | current->name.other.data = PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, strlen(buffer)); |
257 | if (current->name.other.data == NULL((void*)0)) { |
258 | rv = SECFailure; |
259 | break; |
260 | } |
261 | PORT_Memcpymemcpy(current->name.other.data, buffer, |
262 | current->name.other.len = strlen(buffer)); |
263 | break; |
264 | |
265 | case certEDIPartyName: |
266 | case certIPAddress: |
267 | case certOtherName: |
268 | case certRegisterID: |
269 | case certX400Address: { |
270 | |
271 | current->name.other.data = PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, strlen(buffer) + 2); |
272 | if (current->name.other.data == NULL((void*)0)) { |
273 | rv = SECFailure; |
274 | break; |
275 | } |
276 | |
277 | PORT_Memcpymemcpy(current->name.other.data + 2, buffer, strlen(buffer)); |
278 | /* This may not be accurate for all cases.For now, use this tag type */ |
279 | current->name.other.data[0] = (char)(((current->type - 1) & 0x1f) | 0x80); |
280 | current->name.other.data[1] = (char)strlen(buffer); |
281 | current->name.other.len = strlen(buffer) + 2; |
282 | break; |
283 | } |
284 | |
285 | case certDirectoryName: { |
286 | CERTName *directoryName = NULL((void*)0); |
287 | |
288 | directoryName = CERT_AsciiToName(buffer); |
289 | if (!directoryName) { |
290 | rv = SECFailure; |
291 | break; |
292 | } |
293 | |
294 | rv = CERT_CopyName(arena, ¤t->name.directoryName, directoryName); |
295 | CERT_DestroyName(directoryName); |
296 | |
297 | break; |
298 | } |
299 | } |
300 | if (rv != SECSuccess) |
301 | break; |
302 | current->l.next = &(namesList->l); |
303 | current->l.prev = &(tail->l); |
304 | tail->l.next = &(current->l); |
305 | tail = current; |
306 | |
307 | } while (nextChunk != data + strlen(data)); |
308 | |
309 | if (rv != SECSuccess) { |
310 | PORT_ArenaReleasePORT_ArenaRelease_Util(arena, mark); |
311 | namesList = NULL((void*)0); |
312 | } |
313 | return (namesList); |
314 | } |
315 | |
316 | /* Creates CERTGeneralName from parsed data for the Authority Key Extension */ |
317 | static CERTGeneralName * |
318 | crlgen_DistinguishedName(PLArenaPool *arena, CRLGENGeneratorData *crlGenData, |
319 | const char *data) |
320 | { |
321 | CERTName *directoryName = NULL((void*)0); |
322 | CERTGeneralName *current; |
323 | SECStatus rv = SECFailure; |
324 | void *mark; |
325 | |
326 | if (!data) |
327 | return NULL((void*)0); |
328 | PORT_Assert(arena)((arena)?((void)0):PR_Assert("arena","crlgen.c",328)); |
329 | if (!arena) { |
330 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
331 | return NULL((void*)0); |
332 | } |
333 | |
334 | mark = PORT_ArenaMarkPORT_ArenaMark_Util(arena); |
335 | |
336 | current = PORT_ArenaZNew(arena, CERTGeneralName)(CERTGeneralName *)PORT_ArenaZAlloc_Util(arena, sizeof(CERTGeneralName )); |
337 | if (current == NULL((void*)0)) { |
338 | goto loser; |
339 | } |
340 | current->type = certDirectoryName; |
341 | current->l.next = ¤t->l; |
342 | current->l.prev = ¤t->l; |
343 | |
344 | directoryName = CERT_AsciiToName((char *)data); |
345 | if (!directoryName) { |
346 | goto loser; |
347 | } |
348 | |
349 | rv = CERT_CopyName(arena, ¤t->name.directoryName, directoryName); |
350 | CERT_DestroyName(directoryName); |
351 | |
352 | loser: |
353 | if (rv != SECSuccess) { |
354 | PORT_SetErrorPORT_SetError_Util(rv); |
355 | PORT_ArenaReleasePORT_ArenaRelease_Util(arena, mark); |
356 | current = NULL((void*)0); |
357 | } |
358 | return (current); |
359 | } |
360 | |
361 | /* Adding Authority Key ID extension to extension handle. */ |
362 | static SECStatus |
363 | crlgen_AddAuthKeyID(CRLGENGeneratorData *crlGenData, |
364 | const char **dataArr) |
365 | { |
366 | void *extHandle = NULL((void*)0); |
367 | CERTAuthKeyID *authKeyID = NULL((void*)0); |
368 | PLArenaPool *arena = NULL((void*)0); |
369 | SECStatus rv = SECSuccess; |
370 | |
371 | PORT_Assert(dataArr && crlGenData)((dataArr && crlGenData)?((void)0):PR_Assert("dataArr && crlGenData" ,"crlgen.c",371)); |
372 | if (!crlGenData || !dataArr) { |
373 | return SECFailure; |
374 | } |
375 | |
376 | extHandle = crlGenData->crlExtHandle; |
377 | |
378 | if (!dataArr[0] || !dataArr[1] || !dataArr[2]) { |
379 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
380 | crlgen_PrintError(crlGenData->parsedLineNum, |
381 | "insufficient number of parameters.\n"); |
382 | return SECFailure; |
383 | } |
384 | |
385 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
386 | if (!arena) { |
387 | return SECFailure; |
388 | } |
389 | |
390 | authKeyID = PORT_ArenaZNew(arena, CERTAuthKeyID)(CERTAuthKeyID *)PORT_ArenaZAlloc_Util(arena, sizeof(CERTAuthKeyID )); |
391 | if (authKeyID == NULL((void*)0)) { |
392 | rv = SECFailure; |
393 | goto loser; |
394 | } |
395 | |
396 | if (dataArr[3] == NULL((void*)0)) { |
397 | rv = crlgen_SetString(arena, dataArr[2], &authKeyID->keyID); |
398 | if (rv != SECSuccess) |
399 | goto loser; |
400 | } else { |
401 | rv = crlgen_SetString(arena, dataArr[3], |
402 | &authKeyID->authCertSerialNumber); |
403 | if (rv != SECSuccess) |
404 | goto loser; |
405 | |
406 | authKeyID->authCertIssuer = |
407 | crlgen_DistinguishedName(arena, crlGenData, dataArr[2]); |
408 | if (authKeyID->authCertIssuer == NULL((void*)0) && SECFailure == PORT_GetErrorPORT_GetError_Util()) { |
409 | crlgen_PrintError(crlGenData->parsedLineNum, "syntax error.\n"); |
410 | rv = SECFailure; |
411 | goto loser; |
412 | } |
413 | } |
414 | |
415 | rv = |
416 | SECU_EncodeAndAddExtensionValue(arena, extHandle, authKeyID, |
417 | (*dataArr[1] == '1') ? PR_TRUE1 : PR_FALSE0, |
418 | SEC_OID_X509_AUTH_KEY_ID, |
419 | (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeAuthKeyID); |
420 | loser: |
421 | if (arena) |
422 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
423 | return rv; |
424 | } |
425 | |
426 | /* Creates and add Subject Alternative Names extension */ |
427 | static SECStatus |
428 | crlgen_AddIssuerAltNames(CRLGENGeneratorData *crlGenData, |
429 | const char **dataArr) |
430 | { |
431 | CERTGeneralName *nameList = NULL((void*)0); |
432 | PLArenaPool *arena = NULL((void*)0); |
433 | void *extHandle = NULL((void*)0); |
434 | SECStatus rv = SECSuccess; |
435 | |
436 | PORT_Assert(dataArr && crlGenData)((dataArr && crlGenData)?((void)0):PR_Assert("dataArr && crlGenData" ,"crlgen.c",436)); |
437 | if (!crlGenData || !dataArr) { |
438 | return SECFailure; |
439 | } |
440 | |
441 | if (!dataArr || !dataArr[0] || !dataArr[1] || !dataArr[2]) { |
442 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
443 | crlgen_PrintError(crlGenData->parsedLineNum, |
444 | "insufficient number of arguments.\n"); |
445 | return SECFailure; |
446 | } |
447 | |
448 | PORT_Assert(dataArr && crlGenData)((dataArr && crlGenData)?((void)0):PR_Assert("dataArr && crlGenData" ,"crlgen.c",448)); |
449 | if (!crlGenData || !dataArr) { |
450 | return SECFailure; |
451 | } |
452 | |
453 | extHandle = crlGenData->crlExtHandle; |
454 | |
455 | if (!dataArr[0] || !dataArr[1] || !dataArr[2]) { |
456 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
457 | crlgen_PrintError(crlGenData->parsedLineNum, |
458 | "insufficient number of parameters.\n"); |
459 | return SECFailure; |
460 | } |
461 | |
462 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
463 | if (!arena) { |
464 | return SECFailure; |
465 | } |
466 | |
467 | nameList = crlgen_GetGeneralName(arena, crlGenData, dataArr[2]); |
468 | if (nameList == NULL((void*)0)) { |
469 | crlgen_PrintError(crlGenData->parsedLineNum, "syntax error.\n"); |
470 | rv = SECFailure; |
471 | goto loser; |
472 | } |
473 | |
474 | rv = |
475 | SECU_EncodeAndAddExtensionValue(arena, extHandle, nameList, |
476 | (*dataArr[1] == '1') ? PR_TRUE1 : PR_FALSE0, |
477 | SEC_OID_X509_ISSUER_ALT_NAME, |
478 | (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeAltNameExtension); |
479 | loser: |
480 | if (arena) |
481 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
482 | return rv; |
483 | } |
484 | |
485 | /* Creates and adds CRLNumber extension to extension handle. |
486 | * Since, this is CRL extension, extension handle is the one |
487 | * related to CRL extensions */ |
488 | static SECStatus |
489 | crlgen_AddCrlNumber(CRLGENGeneratorData *crlGenData, const char **dataArr) |
490 | { |
491 | PLArenaPool *arena = NULL((void*)0); |
492 | SECItem encodedItem; |
493 | void *dummy; |
494 | SECStatus rv = SECFailure; |
495 | int code = 0; |
496 | |
497 | PORT_Assert(dataArr && crlGenData)((dataArr && crlGenData)?((void)0):PR_Assert("dataArr && crlGenData" ,"crlgen.c",497)); |
498 | if (!crlGenData || !dataArr) { |
499 | goto loser; |
500 | } |
501 | |
502 | if (!dataArr[0] || !dataArr[1] || !dataArr[2]) { |
503 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
504 | crlgen_PrintError(crlGenData->parsedLineNum, |
505 | "insufficient number of arguments.\n"); |
506 | goto loser; |
507 | } |
508 | |
509 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
510 | if (arena == NULL((void*)0)) { |
511 | goto loser; |
512 | } |
513 | |
514 | code = atoi(dataArr[2]); |
515 | if (code == 0 && *dataArr[2] != '0') { |
516 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
517 | goto loser; |
518 | } |
519 | |
520 | dummy = SEC_ASN1EncodeIntegerSEC_ASN1EncodeInteger_Util(arena, &encodedItem, code); |
521 | if (!dummy) { |
522 | rv = SECFailure; |
523 | goto loser; |
524 | } |
525 | |
526 | rv = CERT_AddExtension(crlGenData->crlExtHandle, SEC_OID_X509_CRL_NUMBER, |
527 | &encodedItem, |
528 | (*dataArr[1] == '1') ? PR_TRUE1 : PR_FALSE0, |
529 | PR_TRUE1); |
530 | |
531 | loser: |
532 | if (arena) |
533 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
534 | return rv; |
535 | } |
536 | |
537 | /* Creates Cert Revocation Reason code extension. Encodes it and |
538 | * returns as SECItem structure */ |
539 | static SECItem * |
540 | crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr, |
541 | int *extCode) |
542 | { |
543 | SECItem *encodedItem; |
544 | void *dummy; |
545 | void *mark = NULL((void*)0); |
546 | int code = 0; |
547 | |
548 | PORT_Assert(arena && dataArr)((arena && dataArr)?((void)0):PR_Assert("arena && dataArr" ,"crlgen.c",548)); |
549 | if (!arena || !dataArr) { |
550 | goto loser; |
551 | } |
552 | |
553 | mark = PORT_ArenaMarkPORT_ArenaMark_Util(arena); |
554 | |
555 | encodedItem = PORT_ArenaZNew(arena, SECItem)(SECItem *)PORT_ArenaZAlloc_Util(arena, sizeof(SECItem)); |
556 | if (encodedItem == NULL((void*)0)) { |
557 | goto loser; |
558 | } |
559 | |
560 | if (dataArr[2] == NULL((void*)0)) { |
561 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
562 | goto loser; |
563 | } |
564 | |
565 | code = atoi(dataArr[2]); |
566 | /* aACompromise(10) is the last possible of the values |
567 | * for the Reason Core Extension */ |
568 | if ((code == 0 && *dataArr[2] != '0') || code > 10) { |
569 | |
570 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
571 | goto loser; |
572 | } |
573 | |
574 | dummy = SEC_ASN1EncodeIntegerSEC_ASN1EncodeInteger_Util(arena, encodedItem, code); |
575 | if (!dummy) { |
576 | goto loser; |
577 | } |
578 | |
579 | *extCode = SEC_OID_X509_REASON_CODE; |
580 | return encodedItem; |
581 | |
582 | loser: |
583 | if (mark) { |
584 | PORT_ArenaReleasePORT_ArenaRelease_Util(arena, mark); |
585 | } |
586 | return NULL((void*)0); |
587 | } |
588 | |
589 | /* Creates Cert Invalidity Date extension. Encodes it and |
590 | * returns as SECItem structure */ |
591 | static SECItem * |
592 | crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr, |
593 | int *extCode) |
594 | { |
595 | SECItem *encodedItem; |
596 | int length = 0; |
597 | void *mark = NULL((void*)0); |
598 | |
599 | PORT_Assert(arena && dataArr)((arena && dataArr)?((void)0):PR_Assert("arena && dataArr" ,"crlgen.c",599)); |
600 | if (!arena || !dataArr) { |
601 | goto loser; |
602 | } |
603 | |
604 | mark = PORT_ArenaMarkPORT_ArenaMark_Util(arena); |
605 | |
606 | encodedItem = PORT_ArenaZNew(arena, SECItem)(SECItem *)PORT_ArenaZAlloc_Util(arena, sizeof(SECItem)); |
607 | if (encodedItem == NULL((void*)0)) { |
608 | goto loser; |
609 | } |
610 | |
611 | length = PORT_Strlen(dataArr[2])strlen(dataArr[2]); |
612 | |
613 | encodedItem->type = siGeneralizedTime; |
614 | encodedItem->data = PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, length); |
615 | if (!encodedItem->data) { |
616 | goto loser; |
617 | } |
618 | |
619 | PORT_Memcpymemcpy(encodedItem->data, dataArr[2], (encodedItem->len = length) * sizeof(char)); |
620 | |
621 | *extCode = SEC_OID_X509_INVALID_DATE; |
622 | return encodedItem; |
623 | |
624 | loser: |
625 | if (mark) { |
626 | PORT_ArenaReleasePORT_ArenaRelease_Util(arena, mark); |
627 | } |
628 | return NULL((void*)0); |
629 | } |
630 | |
631 | /* Creates(by calling extCreator function) and adds extension to a set |
632 | * of already added certs. Uses values of rangeFrom and rangeTo from |
633 | * CRLGENCrlGenCtl structure for identifying the inclusive set of certs */ |
634 | static SECStatus |
635 | crlgen_AddEntryExtension(CRLGENGeneratorData *crlGenData, |
636 | const char **dataArr, char *extName, |
637 | SECItem *(*extCreator)(PLArenaPool *arena, |
638 | const char **dataArr, |
639 | int *extCode)) |
640 | { |
641 | PRUint64 i = 0; |
642 | SECStatus rv = SECFailure; |
643 | int extCode = 0; |
644 | PRUint64 lastRange; |
645 | SECItem *ext = NULL((void*)0); |
646 | PLArenaPool *arena = NULL((void*)0); |
647 | |
648 | PORT_Assert(crlGenData && dataArr)((crlGenData && dataArr)?((void)0):PR_Assert("crlGenData && dataArr" ,"crlgen.c",648)); |
649 | if (!crlGenData || !dataArr) { |
650 | goto loser; |
651 | } |
652 | |
653 | if (!dataArr[0] || !dataArr[1]) { |
654 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
655 | crlgen_PrintError(crlGenData->parsedLineNum, |
656 | "insufficient number of arguments.\n"); |
657 | } |
658 | |
659 | lastRange = crlGenData->rangeTo - crlGenData->rangeFrom + 1; |
660 | |
661 | arena = PORT_NewArenaPORT_NewArena_Util(DER_DEFAULT_CHUNKSIZE(2048)); |
662 | if (arena == NULL((void*)0)) { |
663 | goto loser; |
664 | } |
665 | |
666 | ext = extCreator(arena, dataArr, &extCode); |
667 | if (ext == NULL((void*)0)) { |
668 | crlgen_PrintError(crlGenData->parsedLineNum, |
669 | "got error while creating extension: %s\n", |
670 | extName); |
671 | goto loser; |
672 | } |
673 | |
674 | for (i = 0; i < lastRange; i++) { |
675 | CRLGENEntryData *extData = NULL((void*)0); |
676 | void *extHandle = NULL((void*)0); |
677 | SECItem *certIdItem = |
678 | SEC_ASN1EncodeIntegerSEC_ASN1EncodeInteger_Util(arena, NULL((void*)0), |
679 | crlGenData->rangeFrom + i); |
680 | if (!certIdItem) { |
681 | rv = SECFailure; |
682 | goto loser; |
683 | } |
684 | |
685 | extData = crlgen_FindEntry(crlGenData, certIdItem); |
686 | if (!extData) { |
687 | crlgen_PrintError(crlGenData->parsedLineNum, |
688 | "can not add extension: crl entry " |
689 | "(serial number: %d) is not in the list yet.\n", |
690 | crlGenData->rangeFrom + i); |
691 | continue; |
692 | } |
693 | |
694 | extHandle = extData->extHandle; |
695 | if (extHandle == NULL((void*)0)) { |
696 | extHandle = extData->extHandle = |
697 | CERT_StartCRLEntryExtensions(&crlGenData->signCrl->crl, |
698 | (CERTCrlEntry *)extData->entry); |
699 | } |
700 | rv = CERT_AddExtension(extHandle, extCode, ext, |
701 | (*dataArr[1] == '1') ? PR_TRUE1 : PR_FALSE0, |
702 | PR_TRUE1); |
703 | if (rv == SECFailure) { |
704 | goto loser; |
705 | } |
706 | } |
707 | |
708 | loser: |
709 | if (arena) |
710 | PORT_FreeArenaPORT_FreeArena_Util(arena, PR_FALSE0); |
711 | return rv; |
712 | } |
713 | |
714 | /* Commits all added entries and their's extensions into CRL. */ |
715 | SECStatus |
716 | CRLGEN_CommitExtensionsAndEntries(CRLGENGeneratorData *crlGenData) |
717 | { |
718 | int size = 0; |
719 | CERTCrl *crl; |
720 | PLArenaPool *arena; |
721 | SECStatus rv = SECSuccess; |
722 | void *mark; |
723 | |
724 | PORT_Assert(crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena)((crlGenData && crlGenData->signCrl && crlGenData ->signCrl->arena)?((void)0):PR_Assert("crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena" ,"crlgen.c",724)); |
725 | if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) { |
726 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
727 | return SECFailure; |
728 | } |
729 | |
730 | arena = crlGenData->signCrl->arena; |
731 | crl = &crlGenData->signCrl->crl; |
732 | |
733 | mark = PORT_ArenaMarkPORT_ArenaMark_Util(arena); |
734 | |
735 | if (crlGenData->crlExtHandle) |
736 | CERT_FinishExtensions(crlGenData->crlExtHandle); |
737 | |
738 | size = crlGenData->entryDataHashTable->nentries; |
739 | crl->entries = NULL((void*)0); |
740 | if (size) { |
741 | crl->entries = PORT_ArenaZNewArray(arena, CERTCrlEntry *, size + 1)(CERTCrlEntry * *)PORT_ArenaZAlloc_Util(arena, sizeof(CERTCrlEntry *) * (size + 1)); |
742 | if (!crl->entries) { |
743 | rv = SECFailure; |
744 | } else { |
745 | struct commitData dt; |
746 | dt.entries = crl->entries; |
747 | dt.pos = 0; |
748 | PL_HashTableEnumerateEntries(crlGenData->entryDataHashTable, |
749 | &crlgen_CommitEntryData, &dt); |
750 | /* Last should be NULL */ |
751 | crl->entries[size] = NULL((void*)0); |
752 | } |
753 | } |
754 | |
755 | if (rv != SECSuccess) |
756 | PORT_ArenaReleasePORT_ArenaRelease_Util(arena, mark); |
757 | return rv; |
758 | } |
759 | |
760 | /* Initializes extHandle with data from extensions array */ |
761 | static SECStatus |
762 | crlgen_InitExtensionHandle(void *extHandle, |
763 | CERTCertExtension **extensions) |
764 | { |
765 | CERTCertExtension *extension = NULL((void*)0); |
766 | |
767 | if (!extensions) |
768 | return SECSuccess; |
769 | |
770 | PORT_Assert(extHandle != NULL)((extHandle != ((void*)0))?((void)0):PR_Assert("extHandle != NULL" ,"crlgen.c",770)); |
771 | if (!extHandle) { |
772 | return SECFailure; |
773 | } |
774 | |
775 | extension = *extensions; |
776 | while (extension) { |
777 | SECOidTag oidTag = SECOID_FindOIDTagSECOID_FindOIDTag_Util(&extension->id); |
778 | /* shell we skip unknown extensions? */ |
779 | CERT_AddExtension(extHandle, oidTag, &extension->value, |
780 | (extension->critical.len != 0) ? PR_TRUE1 : PR_FALSE0, |
781 | PR_FALSE0); |
782 | extension = *(++extensions); |
783 | } |
784 | return SECSuccess; |
785 | } |
786 | |
787 | /* Used for initialization of extension handles for crl and certs |
788 | * extensions from existing CRL data then modifying existing CRL.*/ |
789 | SECStatus |
790 | CRLGEN_ExtHandleInit(CRLGENGeneratorData *crlGenData) |
791 | { |
792 | CERTCrl *crl = NULL((void*)0); |
793 | PRUint64 maxSN = 0; |
794 | |
795 | PORT_Assert(crlGenData && crlGenData->signCrl &&((crlGenData && crlGenData->signCrl && crlGenData ->entryDataHashTable)?((void)0):PR_Assert("crlGenData && crlGenData->signCrl && crlGenData->entryDataHashTable" ,"crlgen.c",796)) |
796 | crlGenData->entryDataHashTable)((crlGenData && crlGenData->signCrl && crlGenData ->entryDataHashTable)?((void)0):PR_Assert("crlGenData && crlGenData->signCrl && crlGenData->entryDataHashTable" ,"crlgen.c",796)); |
797 | if (!crlGenData || !crlGenData->signCrl || |
798 | !crlGenData->entryDataHashTable) { |
799 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
800 | return SECFailure; |
801 | } |
802 | |
803 | crl = &crlGenData->signCrl->crl; |
804 | crlGenData->crlExtHandle = CERT_StartCRLExtensions(crl); |
805 | crlgen_InitExtensionHandle(crlGenData->crlExtHandle, |
806 | crl->extensions); |
807 | crl->extensions = NULL((void*)0); |
808 | |
809 | if (crl->entries) { |
810 | CERTCrlEntry **entry = crl->entries; |
811 | while (*entry) { |
812 | PRUint64 sn = DER_GetIntegerDER_GetInteger_Util(&(*entry)->serialNumber); |
813 | CRLGENEntryData *extData = |
814 | crlgen_PlaceAnEntry(crlGenData, *entry, &(*entry)->serialNumber); |
815 | if ((*entry)->extensions) { |
816 | extData->extHandle = |
817 | CERT_StartCRLEntryExtensions(&crlGenData->signCrl->crl, |
818 | (CERTCrlEntry *)extData->entry); |
819 | if (crlgen_InitExtensionHandle(extData->extHandle, |
820 | (*entry)->extensions) == SECFailure) |
821 | return SECFailure; |
822 | } |
823 | (*entry)->extensions = NULL((void*)0); |
824 | entry++; |
825 | maxSN = PR_MAX(maxSN, sn)((maxSN)>(sn)?(maxSN):(sn)); |
826 | } |
827 | } |
828 | |
829 | crlGenData->rangeFrom = crlGenData->rangeTo = maxSN + 1; |
830 | return SECSuccess; |
831 | } |
832 | |
833 | /***************************************************************************** |
834 | * Parser trigger functions start here |
835 | */ |
836 | |
837 | /* Sets new internal range value for add/rm certs.*/ |
838 | static SECStatus |
839 | crlgen_SetNewRangeField(CRLGENGeneratorData *crlGenData, char *value) |
840 | { |
841 | long rangeFrom = 0, rangeTo = 0; |
842 | char *dashPos = NULL((void*)0); |
843 | |
844 | PORT_Assert(crlGenData)((crlGenData)?((void)0):PR_Assert("crlGenData","crlgen.c",844 )); |
845 | if (!crlGenData) { |
846 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
847 | return SECFailure; |
848 | } |
849 | |
850 | if (value == NULL((void*)0)) { |
851 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
852 | crlgen_PrintError(crlGenData->parsedLineNum, |
853 | "insufficient number of arguments.\n"); |
854 | return SECFailure; |
855 | } |
856 | |
857 | if ((dashPos = strchr(value, '-')) != NULL((void*)0)) { |
858 | char *rangeToS, *rangeFromS = value; |
859 | *dashPos = '\0'; |
860 | rangeFrom = atoi(rangeFromS); |
861 | *dashPos = '-'; |
862 | |
863 | rangeToS = (char *)(dashPos + 1); |
864 | rangeTo = atol(rangeToS); |
865 | } else { |
866 | rangeFrom = atol(value); |
867 | rangeTo = rangeFrom; |
868 | } |
869 | |
870 | if (rangeFrom < 1 || rangeTo < rangeFrom) { |
871 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
872 | crlgen_PrintError(crlGenData->parsedLineNum, |
873 | "bad cert id range: %s.\n", value); |
874 | return SECFailure; |
875 | } |
876 | |
877 | crlGenData->rangeFrom = rangeFrom; |
878 | crlGenData->rangeTo = rangeTo; |
879 | |
880 | return SECSuccess; |
881 | } |
882 | |
883 | /* Changes issuer subject field in CRL. By default this data is taken from |
884 | * issuer cert subject field.Not yet implemented */ |
885 | static SECStatus |
886 | crlgen_SetIssuerField(CRLGENGeneratorData *crlGenData, char *value) |
887 | { |
888 | crlgen_PrintError(crlGenData->parsedLineNum, |
889 | "Can not change CRL issuer field.\n"); |
890 | return SECFailure; |
891 | } |
892 | |
893 | /* Encode and sets CRL thisUpdate and nextUpdate time fields*/ |
894 | static SECStatus |
895 | crlgen_SetTimeField(CRLGENGeneratorData *crlGenData, char *value, |
896 | PRBool setThisUpdate) |
897 | { |
898 | CERTSignedCrl *signCrl; |
899 | PLArenaPool *arena; |
900 | CERTCrl *crl; |
901 | int length = 0; |
902 | SECItem *timeDest = NULL((void*)0); |
903 | |
904 | PORT_Assert(crlGenData && crlGenData->signCrl &&((crlGenData && crlGenData->signCrl && crlGenData ->signCrl->arena)?((void)0):PR_Assert("crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena" ,"crlgen.c",905)) |
905 | crlGenData->signCrl->arena)((crlGenData && crlGenData->signCrl && crlGenData ->signCrl->arena)?((void)0):PR_Assert("crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena" ,"crlgen.c",905)); |
906 | if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) { |
907 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
908 | return SECFailure; |
909 | } |
910 | |
911 | signCrl = crlGenData->signCrl; |
912 | arena = signCrl->arena; |
913 | crl = &signCrl->crl; |
914 | |
915 | if (value == NULL((void*)0)) { |
916 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
917 | crlgen_PrintError(crlGenData->parsedLineNum, |
918 | "insufficient number of arguments.\n"); |
919 | return SECFailure; |
920 | } |
921 | length = PORT_Strlen(value)strlen(value); |
922 | |
923 | if (setThisUpdate == PR_TRUE1) { |
924 | timeDest = &crl->lastUpdate; |
925 | } else { |
926 | timeDest = &crl->nextUpdate; |
927 | } |
928 | |
929 | timeDest->type = siGeneralizedTime; |
930 | timeDest->data = PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, length); |
931 | if (!timeDest->data) { |
932 | return SECFailure; |
933 | } |
934 | PORT_Memcpymemcpy(timeDest->data, value, length); |
935 | timeDest->len = length; |
936 | |
937 | return SECSuccess; |
938 | } |
939 | |
940 | /* Adds new extension into CRL or added cert handles */ |
941 | static SECStatus |
942 | crlgen_AddExtension(CRLGENGeneratorData *crlGenData, const char **extData) |
943 | { |
944 | PORT_Assert(crlGenData && crlGenData->crlExtHandle)((crlGenData && crlGenData->crlExtHandle)?((void)0 ):PR_Assert("crlGenData && crlGenData->crlExtHandle" ,"crlgen.c",944)); |
945 | if (!crlGenData || !crlGenData->crlExtHandle) { |
946 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
947 | return SECFailure; |
948 | } |
949 | |
950 | if (extData == NULL((void*)0) || *extData == NULL((void*)0)) { |
951 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
952 | crlgen_PrintError(crlGenData->parsedLineNum, |
953 | "insufficient number of arguments.\n"); |
954 | return SECFailure; |
955 | } |
956 | if (!PORT_Strcmpstrcmp(*extData, "authKeyId")) |
957 | return crlgen_AddAuthKeyID(crlGenData, extData); |
958 | else if (!PORT_Strcmpstrcmp(*extData, "issuerAltNames")) |
959 | return crlgen_AddIssuerAltNames(crlGenData, extData); |
960 | else if (!PORT_Strcmpstrcmp(*extData, "crlNumber")) |
961 | return crlgen_AddCrlNumber(crlGenData, extData); |
962 | else if (!PORT_Strcmpstrcmp(*extData, "reasonCode")) |
963 | return crlgen_AddEntryExtension(crlGenData, extData, "reasonCode", |
964 | crlgen_CreateReasonCode); |
965 | else if (!PORT_Strcmpstrcmp(*extData, "invalidityDate")) |
966 | return crlgen_AddEntryExtension(crlGenData, extData, "invalidityDate", |
967 | crlgen_CreateInvalidityDate); |
968 | else { |
969 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
970 | crlgen_PrintError(crlGenData->parsedLineNum, |
971 | "insufficient number of arguments.\n"); |
972 | return SECFailure; |
973 | } |
974 | } |
975 | |
976 | /* Created CRLGENEntryData for cert with serial number certId and |
977 | * adds it to entryDataHashTable. certId can be a single cert serial |
978 | * number or an inclusive rage of certs */ |
979 | static SECStatus |
980 | crlgen_AddCert(CRLGENGeneratorData *crlGenData, |
981 | char *certId, char *revocationDate) |
982 | { |
983 | CERTSignedCrl *signCrl; |
984 | SECItem *certIdItem; |
985 | PLArenaPool *arena; |
986 | PRUint64 rangeFrom = 0, rangeTo = 0, i = 0; |
987 | int timeValLength = -1; |
988 | SECStatus rv = SECFailure; |
989 | void *mark; |
990 | |
991 | PORT_Assert(crlGenData && crlGenData->signCrl &&((crlGenData && crlGenData->signCrl && crlGenData ->signCrl->arena)?((void)0):PR_Assert("crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena" ,"crlgen.c",992)) |
992 | crlGenData->signCrl->arena)((crlGenData && crlGenData->signCrl && crlGenData ->signCrl->arena)?((void)0):PR_Assert("crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena" ,"crlgen.c",992)); |
993 | if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) { |
994 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
995 | return SECFailure; |
996 | } |
997 | |
998 | signCrl = crlGenData->signCrl; |
999 | arena = signCrl->arena; |
1000 | |
1001 | if (!certId || !revocationDate) { |
1002 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1003 | crlgen_PrintError(crlGenData->parsedLineNum, |
1004 | "insufficient number of arguments.\n"); |
1005 | return SECFailure; |
1006 | } |
1007 | |
1008 | timeValLength = strlen(revocationDate); |
1009 | |
1010 | if (crlgen_SetNewRangeField(crlGenData, certId) == SECFailure && |
1011 | certId) { |
1012 | return SECFailure; |
1013 | } |
1014 | rangeFrom = crlGenData->rangeFrom; |
1015 | rangeTo = crlGenData->rangeTo; |
1016 | |
1017 | for (i = 0; i < rangeTo - rangeFrom + 1; i++) { |
1018 | CERTCrlEntry *entry; |
1019 | mark = PORT_ArenaMarkPORT_ArenaMark_Util(arena); |
1020 | entry = PORT_ArenaZNew(arena, CERTCrlEntry)(CERTCrlEntry *)PORT_ArenaZAlloc_Util(arena, sizeof(CERTCrlEntry )); |
1021 | if (entry == NULL((void*)0)) { |
1022 | goto loser; |
1023 | } |
1024 | |
1025 | certIdItem = SEC_ASN1EncodeIntegerSEC_ASN1EncodeInteger_Util(arena, &entry->serialNumber, |
1026 | rangeFrom + i); |
1027 | if (!certIdItem) { |
1028 | goto loser; |
1029 | } |
1030 | |
1031 | if (crlgen_FindEntry(crlGenData, certIdItem)) { |
1032 | crlgen_PrintError(crlGenData->parsedLineNum, |
1033 | "entry already exists. Use \"range\" " |
1034 | "and \"rmcert\" before adding a new one with the " |
1035 | "same serial number %ld\n", |
1036 | rangeFrom + i); |
1037 | goto loser; |
1038 | } |
1039 | |
1040 | entry->serialNumber.type = siBuffer; |
1041 | |
1042 | entry->revocationDate.type = siGeneralizedTime; |
1043 | |
1044 | entry->revocationDate.data = |
1045 | PORT_ArenaAllocPORT_ArenaAlloc_Util(arena, timeValLength); |
1046 | if (entry->revocationDate.data == NULL((void*)0)) { |
1047 | goto loser; |
1048 | } |
1049 | |
1050 | PORT_Memcpymemcpy(entry->revocationDate.data, revocationDate, |
1051 | timeValLength * sizeof(char)); |
1052 | entry->revocationDate.len = timeValLength; |
1053 | |
1054 | entry->extensions = NULL((void*)0); |
1055 | if (!crlgen_PlaceAnEntry(crlGenData, entry, certIdItem)) { |
1056 | goto loser; |
1057 | } |
1058 | mark = NULL((void*)0); |
1059 | } |
1060 | |
1061 | rv = SECSuccess; |
1062 | loser: |
1063 | if (mark) { |
1064 | PORT_ArenaReleasePORT_ArenaRelease_Util(arena, mark); |
1065 | } |
1066 | return rv; |
1067 | } |
1068 | |
1069 | /* Removes certs from entryDataHashTable which have certId serial number. |
1070 | * certId can have value of a range of certs */ |
1071 | static SECStatus |
1072 | crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId) |
1073 | { |
1074 | PRUint64 i = 0; |
1075 | |
1076 | PORT_Assert(crlGenData && certId)((crlGenData && certId)?((void)0):PR_Assert("crlGenData && certId" ,"crlgen.c",1076)); |
1077 | if (!crlGenData || !certId) { |
1078 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1079 | return SECFailure; |
1080 | } |
1081 | |
1082 | if (crlgen_SetNewRangeField(crlGenData, certId) == SECFailure && |
1083 | certId) { |
1084 | return SECFailure; |
1085 | } |
1086 | |
1087 | for (i = 0; i < crlGenData->rangeTo - crlGenData->rangeFrom + 1; i++) { |
1088 | SECItem *certIdItem = SEC_ASN1EncodeIntegerSEC_ASN1EncodeInteger_Util(NULL((void*)0), NULL((void*)0), |
1089 | crlGenData->rangeFrom + i); |
1090 | if (certIdItem) { |
1091 | CRLGENEntryData *extData = |
1092 | crlgen_FindEntry(crlGenData, certIdItem); |
1093 | if (!extData) { |
1094 | printf("Cert with id %s is not in the list\n", certId); |
1095 | } else { |
1096 | crlgen_RmEntry(crlGenData, certIdItem); |
1097 | } |
1098 | SECITEM_FreeItemSECITEM_FreeItem_Util(certIdItem, PR_TRUE1); |
1099 | } |
1100 | } |
1101 | |
1102 | return SECSuccess; |
1103 | } |
1104 | |
1105 | /************************************************************************* |
1106 | * Lex Parser Helper functions are used to store parsed information |
1107 | * in context related structures. Context(or state) is identified base on |
1108 | * a type of a instruction parser currently is going through. New context |
1109 | * is identified by first token in a line. It can be addcert context, |
1110 | * addext context, etc. */ |
1111 | |
1112 | /* Updates CRL field depending on current context */ |
1113 | static SECStatus |
1114 | crlgen_updateCrlFn_field(CRLGENGeneratorData *crlGenData, void *str) |
1115 | { |
1116 | CRLGENCrlField *fieldStr = (CRLGENCrlField *)str; |
1117 | |
1118 | PORT_Assert(crlGenData)((crlGenData)?((void)0):PR_Assert("crlGenData","crlgen.c",1118 )); |
1119 | if (!crlGenData) { |
1120 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1121 | return SECFailure; |
1122 | } |
1123 | |
1124 | switch (crlGenData->contextId) { |
1125 | case CRLGEN_ISSUER_CONTEXT1: |
1126 | crlgen_SetIssuerField(crlGenData, fieldStr->value); |
1127 | break; |
1128 | case CRLGEN_UPDATE_CONTEXT2: |
1129 | return crlgen_SetTimeField(crlGenData, fieldStr->value, PR_TRUE1); |
1130 | break; |
1131 | case CRLGEN_NEXT_UPDATE_CONTEXT3: |
1132 | return crlgen_SetTimeField(crlGenData, fieldStr->value, PR_FALSE0); |
1133 | break; |
1134 | case CRLGEN_CHANGE_RANGE_CONTEXT7: |
1135 | return crlgen_SetNewRangeField(crlGenData, fieldStr->value); |
1136 | break; |
1137 | default: |
1138 | crlgen_PrintError(crlGenData->parsedLineNum, |
1139 | "syntax error (unknow token type: %d)\n", |
1140 | crlGenData->contextId); |
1141 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1142 | return SECFailure; |
1143 | } |
1144 | return SECSuccess; |
1145 | } |
1146 | |
1147 | /* Sets parsed data for CRL field update into temporary structure */ |
1148 | static SECStatus |
1149 | crlgen_setNextDataFn_field(CRLGENGeneratorData *crlGenData, void *str, |
1150 | void *data, unsigned short dtype) |
1151 | { |
1152 | CRLGENCrlField *fieldStr = (CRLGENCrlField *)str; |
1153 | |
1154 | PORT_Assert(crlGenData)((crlGenData)?((void)0):PR_Assert("crlGenData","crlgen.c",1154 )); |
1155 | if (!crlGenData) { |
1156 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1157 | return SECFailure; |
1158 | } |
1159 | |
1160 | switch (crlGenData->contextId) { |
1161 | case CRLGEN_CHANGE_RANGE_CONTEXT7: |
1162 | if (dtype != CRLGEN_TYPE_DIGIT2 && dtype != CRLGEN_TYPE_DIGIT_RANGE3) { |
1163 | crlgen_PrintError(crlGenData->parsedLineNum, |
1164 | "range value should have " |
1165 | "numeric or numeric range values.\n"); |
1166 | return SECFailure; |
1167 | } |
1168 | break; |
1169 | case CRLGEN_NEXT_UPDATE_CONTEXT3: |
1170 | case CRLGEN_UPDATE_CONTEXT2: |
1171 | if (dtype != CRLGEN_TYPE_ZDATE1) { |
1172 | crlgen_PrintError(crlGenData->parsedLineNum, |
1173 | "bad formated date. Should be " |
1174 | "YYYYMMDDHHMMSSZ.\n"); |
1175 | return SECFailure; |
1176 | } |
1177 | break; |
1178 | default: |
1179 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1180 | crlgen_PrintError(crlGenData->parsedLineNum, |
1181 | "syntax error (unknow token type: %d).\n", |
1182 | crlGenData->contextId, data); |
1183 | return SECFailure; |
1184 | } |
1185 | fieldStr->value = PORT_StrdupPORT_Strdup_Util(data); |
1186 | if (!fieldStr->value) { |
1187 | return SECFailure; |
1188 | } |
1189 | return SECSuccess; |
1190 | } |
1191 | |
1192 | /* Triggers cert entries update depending on current context */ |
1193 | static SECStatus |
1194 | crlgen_updateCrlFn_cert(CRLGENGeneratorData *crlGenData, void *str) |
1195 | { |
1196 | CRLGENCertEntry *certStr = (CRLGENCertEntry *)str; |
1197 | |
1198 | PORT_Assert(crlGenData)((crlGenData)?((void)0):PR_Assert("crlGenData","crlgen.c",1198 )); |
1199 | if (!crlGenData) { |
1200 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1201 | return SECFailure; |
1202 | } |
1203 | |
1204 | switch (crlGenData->contextId) { |
1205 | case CRLGEN_ADD_CERT_CONTEXT6: |
1206 | return crlgen_AddCert(crlGenData, certStr->certId, |
1207 | certStr->revocationTime); |
1208 | case CRLGEN_RM_CERT_CONTEXT8: |
1209 | return crlgen_RmCert(crlGenData, certStr->certId); |
1210 | default: |
1211 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1212 | crlgen_PrintError(crlGenData->parsedLineNum, |
1213 | "syntax error (unknow token type: %d).\n", |
1214 | crlGenData->contextId); |
1215 | return SECFailure; |
1216 | } |
1217 | } |
1218 | |
1219 | /* Sets parsed data for CRL entries update into temporary structure */ |
1220 | static SECStatus |
1221 | crlgen_setNextDataFn_cert(CRLGENGeneratorData *crlGenData, void *str, |
1222 | void *data, unsigned short dtype) |
1223 | { |
1224 | CRLGENCertEntry *certStr = (CRLGENCertEntry *)str; |
1225 | |
1226 | PORT_Assert(crlGenData)((crlGenData)?((void)0):PR_Assert("crlGenData","crlgen.c",1226 )); |
1227 | if (!crlGenData) { |
1228 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1229 | return SECFailure; |
1230 | } |
1231 | |
1232 | switch (dtype) { |
1233 | case CRLGEN_TYPE_DIGIT2: |
1234 | case CRLGEN_TYPE_DIGIT_RANGE3: |
1235 | certStr->certId = PORT_StrdupPORT_Strdup_Util(data); |
1236 | if (!certStr->certId) { |
1237 | return SECFailure; |
1238 | } |
1239 | break; |
1240 | case CRLGEN_TYPE_DATE0: |
1241 | case CRLGEN_TYPE_ZDATE1: |
1242 | certStr->revocationTime = PORT_StrdupPORT_Strdup_Util(data); |
1243 | if (!certStr->revocationTime) { |
1244 | return SECFailure; |
1245 | } |
1246 | break; |
1247 | default: |
1248 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1249 | crlgen_PrintError(crlGenData->parsedLineNum, |
1250 | "syntax error (unknow token type: %d).\n", |
1251 | crlGenData->contextId); |
1252 | return SECFailure; |
1253 | } |
1254 | return SECSuccess; |
1255 | } |
1256 | |
1257 | /* Triggers cert entries/crl extension update */ |
1258 | static SECStatus |
1259 | crlgen_updateCrlFn_extension(CRLGENGeneratorData *crlGenData, void *str) |
1260 | { |
1261 | CRLGENExtensionEntry *extStr = (CRLGENExtensionEntry *)str; |
1262 | |
1263 | return crlgen_AddExtension(crlGenData, (const char **)extStr->extData); |
1264 | } |
1265 | |
1266 | /* Defines maximum number of fields extension may have */ |
1267 | #define MAX_EXT_DATA_LENGTH10 10 |
1268 | |
1269 | /* Sets parsed extension data for CRL entries/CRL extensions update |
1270 | * into temporary structure */ |
1271 | static SECStatus |
1272 | crlgen_setNextDataFn_extension(CRLGENGeneratorData *crlGenData, void *str, |
1273 | void *data, unsigned short dtype) |
1274 | { |
1275 | CRLGENExtensionEntry *extStr = (CRLGENExtensionEntry *)str; |
1276 | |
1277 | PORT_Assert(crlGenData)((crlGenData)?((void)0):PR_Assert("crlGenData","crlgen.c",1277 )); |
1278 | if (!crlGenData) { |
1279 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1280 | return SECFailure; |
1281 | } |
1282 | |
1283 | if (extStr->extData == NULL((void*)0)) { |
1284 | extStr->extData = PORT_ZNewArray(char *, MAX_EXT_DATA_LENGTH)(char * *)PORT_ZAlloc_Util(sizeof(char *) * (10)); |
1285 | if (!extStr->extData) { |
1286 | return SECFailure; |
1287 | } |
1288 | } |
1289 | if (extStr->nextUpdatedData >= MAX_EXT_DATA_LENGTH10) { |
1290 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1291 | crlgen_PrintError(crlGenData->parsedLineNum, |
1292 | "number of fields in extension " |
1293 | "exceeded maximum allowed data length: %d.\n", |
1294 | MAX_EXT_DATA_LENGTH10); |
1295 | return SECFailure; |
1296 | } |
1297 | extStr->extData[extStr->nextUpdatedData] = PORT_StrdupPORT_Strdup_Util(data); |
1298 | if (!extStr->extData[extStr->nextUpdatedData]) { |
1299 | return SECFailure; |
1300 | } |
1301 | extStr->nextUpdatedData += 1; |
1302 | |
1303 | return SECSuccess; |
1304 | } |
1305 | |
1306 | /**************************************************************************************** |
1307 | * Top level functions are triggered directly by parser. |
1308 | */ |
1309 | |
1310 | /* |
1311 | * crl generation script parser recreates a temporary data staructure |
1312 | * for each line it is going through. This function cleans temp structure. |
1313 | */ |
1314 | void |
1315 | crlgen_destroyTempData(CRLGENGeneratorData *crlGenData) |
1316 | { |
1317 | if (crlGenData->contextId != CRLGEN_UNKNOWN_CONTEXT0) { |
1318 | switch (crlGenData->contextId) { |
1319 | case CRLGEN_ISSUER_CONTEXT1: |
1320 | case CRLGEN_UPDATE_CONTEXT2: |
1321 | case CRLGEN_NEXT_UPDATE_CONTEXT3: |
1322 | case CRLGEN_CHANGE_RANGE_CONTEXT7: |
1323 | if (crlGenData->crlField->value) |
1324 | PORT_FreePORT_Free_Util(crlGenData->crlField->value); |
1325 | PORT_FreePORT_Free_Util(crlGenData->crlField); |
1326 | break; |
1327 | case CRLGEN_ADD_CERT_CONTEXT6: |
1328 | case CRLGEN_RM_CERT_CONTEXT8: |
1329 | if (crlGenData->certEntry->certId) |
1330 | PORT_FreePORT_Free_Util(crlGenData->certEntry->certId); |
1331 | if (crlGenData->certEntry->revocationTime) |
1332 | PORT_FreePORT_Free_Util(crlGenData->certEntry->revocationTime); |
1333 | PORT_FreePORT_Free_Util(crlGenData->certEntry); |
1334 | break; |
1335 | case CRLGEN_ADD_EXTENSION_CONTEXT4: |
1336 | if (crlGenData->extensionEntry->extData) { |
1337 | int i = 0; |
1338 | for (; i < crlGenData->extensionEntry->nextUpdatedData; i++) |
1339 | PORT_FreePORT_Free_Util(*(crlGenData->extensionEntry->extData + i)); |
1340 | PORT_FreePORT_Free_Util(crlGenData->extensionEntry->extData); |
1341 | } |
1342 | PORT_FreePORT_Free_Util(crlGenData->extensionEntry); |
1343 | break; |
1344 | } |
1345 | crlGenData->contextId = CRLGEN_UNKNOWN_CONTEXT0; |
1346 | } |
1347 | } |
1348 | |
1349 | SECStatus |
1350 | crlgen_updateCrl(CRLGENGeneratorData *crlGenData) |
1351 | { |
1352 | SECStatus rv = SECSuccess; |
1353 | |
1354 | PORT_Assert(crlGenData)((crlGenData)?((void)0):PR_Assert("crlGenData","crlgen.c",1354 )); |
1355 | if (!crlGenData) { |
1356 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1357 | return SECFailure; |
1358 | } |
1359 | |
1360 | switch (crlGenData->contextId) { |
1361 | case CRLGEN_ISSUER_CONTEXT1: |
1362 | case CRLGEN_UPDATE_CONTEXT2: |
1363 | case CRLGEN_NEXT_UPDATE_CONTEXT3: |
1364 | case CRLGEN_CHANGE_RANGE_CONTEXT7: |
1365 | rv = crlGenData->crlField->updateCrlFn(crlGenData, crlGenData->crlField); |
1366 | break; |
1367 | case CRLGEN_RM_CERT_CONTEXT8: |
1368 | case CRLGEN_ADD_CERT_CONTEXT6: |
1369 | rv = crlGenData->certEntry->updateCrlFn(crlGenData, crlGenData->certEntry); |
1370 | break; |
1371 | case CRLGEN_ADD_EXTENSION_CONTEXT4: |
1372 | rv = crlGenData->extensionEntry->updateCrlFn(crlGenData, crlGenData->extensionEntry); |
1373 | break; |
1374 | case CRLGEN_UNKNOWN_CONTEXT0: |
1375 | break; |
1376 | default: |
1377 | crlgen_PrintError(crlGenData->parsedLineNum, |
1378 | "unknown lang context type code: %d.\n", |
1379 | crlGenData->contextId); |
1380 | PORT_Assert(0)((0)?((void)0):PR_Assert("0","crlgen.c",1380)); |
1381 | return SECFailure; |
1382 | } |
1383 | /* Clrean structures after crl update */ |
1384 | crlgen_destroyTempData(crlGenData); |
1385 | |
1386 | crlGenData->parsedLineNum += 1; |
1387 | |
1388 | return rv; |
1389 | } |
1390 | |
1391 | SECStatus |
1392 | crlgen_setNextData(CRLGENGeneratorData *crlGenData, void *data, |
1393 | unsigned short dtype) |
1394 | { |
1395 | SECStatus rv = SECSuccess; |
1396 | |
1397 | PORT_Assert(crlGenData)((crlGenData)?((void)0):PR_Assert("crlGenData","crlgen.c",1397 )); |
1398 | if (!crlGenData) { |
1399 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1400 | return SECFailure; |
1401 | } |
1402 | |
1403 | switch (crlGenData->contextId) { |
1404 | case CRLGEN_ISSUER_CONTEXT1: |
1405 | case CRLGEN_UPDATE_CONTEXT2: |
1406 | case CRLGEN_NEXT_UPDATE_CONTEXT3: |
1407 | case CRLGEN_CHANGE_RANGE_CONTEXT7: |
1408 | rv = crlGenData->crlField->setNextDataFn(crlGenData, crlGenData->crlField, |
1409 | data, dtype); |
1410 | break; |
1411 | case CRLGEN_ADD_CERT_CONTEXT6: |
1412 | case CRLGEN_RM_CERT_CONTEXT8: |
1413 | rv = crlGenData->certEntry->setNextDataFn(crlGenData, crlGenData->certEntry, |
1414 | data, dtype); |
1415 | break; |
1416 | case CRLGEN_ADD_EXTENSION_CONTEXT4: |
1417 | rv = |
1418 | crlGenData->extensionEntry->setNextDataFn(crlGenData, crlGenData->extensionEntry, data, dtype); |
1419 | break; |
1420 | case CRLGEN_UNKNOWN_CONTEXT0: |
1421 | break; |
1422 | default: |
1423 | crlgen_PrintError(crlGenData->parsedLineNum, |
1424 | "unknown context type: %d.\n", |
1425 | crlGenData->contextId); |
1426 | PORT_Assert(0)((0)?((void)0):PR_Assert("0","crlgen.c",1426)); |
1427 | return SECFailure; |
1428 | } |
1429 | return rv; |
1430 | } |
1431 | |
1432 | SECStatus |
1433 | crlgen_createNewLangStruct(CRLGENGeneratorData *crlGenData, |
1434 | unsigned structType) |
1435 | { |
1436 | PORT_Assert(crlGenData &&((crlGenData && crlGenData->contextId == 0)?((void )0):PR_Assert("crlGenData && crlGenData->contextId == CRLGEN_UNKNOWN_CONTEXT" ,"crlgen.c",1437)) |
1437 | crlGenData->contextId == CRLGEN_UNKNOWN_CONTEXT)((crlGenData && crlGenData->contextId == 0)?((void )0):PR_Assert("crlGenData && crlGenData->contextId == CRLGEN_UNKNOWN_CONTEXT" ,"crlgen.c",1437)); |
1438 | if (!crlGenData || |
1439 | crlGenData->contextId != CRLGEN_UNKNOWN_CONTEXT0) { |
1440 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1441 | return SECFailure; |
1442 | } |
1443 | |
1444 | switch (structType) { |
1445 | case CRLGEN_ISSUER_CONTEXT1: |
1446 | case CRLGEN_UPDATE_CONTEXT2: |
1447 | case CRLGEN_NEXT_UPDATE_CONTEXT3: |
1448 | case CRLGEN_CHANGE_RANGE_CONTEXT7: |
1449 | crlGenData->crlField = PORT_New(CRLGENCrlField)(CRLGENCrlField *)PORT_Alloc_Util(sizeof(CRLGENCrlField)); |
1450 | if (!crlGenData->crlField) { |
1451 | return SECFailure; |
1452 | } |
1453 | crlGenData->contextId = structType; |
1454 | crlGenData->crlField->value = NULL((void*)0); |
1455 | crlGenData->crlField->updateCrlFn = &crlgen_updateCrlFn_field; |
1456 | crlGenData->crlField->setNextDataFn = &crlgen_setNextDataFn_field; |
1457 | break; |
1458 | case CRLGEN_RM_CERT_CONTEXT8: |
1459 | case CRLGEN_ADD_CERT_CONTEXT6: |
1460 | crlGenData->certEntry = PORT_New(CRLGENCertEntry)(CRLGENCertEntry *)PORT_Alloc_Util(sizeof(CRLGENCertEntry)); |
1461 | if (!crlGenData->certEntry) { |
1462 | return SECFailure; |
1463 | } |
1464 | crlGenData->contextId = structType; |
1465 | crlGenData->certEntry->certId = 0; |
1466 | crlGenData->certEntry->revocationTime = NULL((void*)0); |
1467 | crlGenData->certEntry->updateCrlFn = &crlgen_updateCrlFn_cert; |
1468 | crlGenData->certEntry->setNextDataFn = &crlgen_setNextDataFn_cert; |
1469 | break; |
1470 | case CRLGEN_ADD_EXTENSION_CONTEXT4: |
1471 | crlGenData->extensionEntry = PORT_New(CRLGENExtensionEntry)(CRLGENExtensionEntry *)PORT_Alloc_Util(sizeof(CRLGENExtensionEntry )); |
1472 | if (!crlGenData->extensionEntry) { |
1473 | return SECFailure; |
1474 | } |
1475 | crlGenData->contextId = structType; |
1476 | crlGenData->extensionEntry->extData = NULL((void*)0); |
1477 | crlGenData->extensionEntry->nextUpdatedData = 0; |
1478 | crlGenData->extensionEntry->updateCrlFn = |
1479 | &crlgen_updateCrlFn_extension; |
1480 | crlGenData->extensionEntry->setNextDataFn = |
1481 | &crlgen_setNextDataFn_extension; |
1482 | break; |
1483 | case CRLGEN_UNKNOWN_CONTEXT0: |
1484 | break; |
1485 | default: |
1486 | crlgen_PrintError(crlGenData->parsedLineNum, |
1487 | "unknown context type: %d.\n", structType); |
1488 | PORT_Assert(0)((0)?((void)0):PR_Assert("0","crlgen.c",1488)); |
1489 | return SECFailure; |
1490 | } |
1491 | return SECSuccess; |
1492 | } |
1493 | |
1494 | /* Parser initialization function */ |
1495 | CRLGENGeneratorData * |
1496 | CRLGEN_InitCrlGeneration(CERTSignedCrl *signCrl, PRFileDesc *src) |
1497 | { |
1498 | CRLGENGeneratorData *crlGenData = NULL((void*)0); |
1499 | |
1500 | PORT_Assert(signCrl && src)((signCrl && src)?((void)0):PR_Assert("signCrl && src" ,"crlgen.c",1500)); |
1501 | if (!signCrl || !src) { |
1502 | PORT_SetErrorPORT_SetError_Util(SEC_ERROR_INVALID_ARGS); |
1503 | return NULL((void*)0); |
1504 | } |
1505 | |
1506 | crlGenData = PORT_ZNew(CRLGENGeneratorData)(CRLGENGeneratorData *)PORT_ZAlloc_Util(sizeof(CRLGENGeneratorData )); |
1507 | if (!crlGenData) { |
1508 | return NULL((void*)0); |
1509 | } |
1510 | |
1511 | crlGenData->entryDataHashTable = |
1512 | PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare, |
1513 | PL_CompareValues, NULL((void*)0), NULL((void*)0)); |
1514 | if (!crlGenData->entryDataHashTable) { |
1515 | PORT_FreePORT_Free_Util(crlGenData); |
1516 | return NULL((void*)0); |
1517 | } |
1518 | |
1519 | crlGenData->src = src; |
1520 | crlGenData->parsedLineNum = 1; |
1521 | crlGenData->contextId = CRLGEN_UNKNOWN_CONTEXT0; |
1522 | crlGenData->signCrl = signCrl; |
1523 | crlGenData->rangeFrom = 0; |
1524 | crlGenData->rangeTo = 0; |
1525 | crlGenData->crlExtHandle = NULL((void*)0); |
1526 | |
1527 | PORT_SetErrorPORT_SetError_Util(0); |
1528 | |
1529 | return crlGenData; |
1530 | } |
1531 | |
1532 | void |
1533 | CRLGEN_FinalizeCrlGeneration(CRLGENGeneratorData *crlGenData) |
1534 | { |
1535 | if (!crlGenData) |
1536 | return; |
1537 | if (crlGenData->src) |
1538 | PR_Close(crlGenData->src); |
1539 | PL_HashTableDestroy(crlGenData->entryDataHashTable); |
1540 | PORT_FreePORT_Free_Util(crlGenData); |
1541 | } |